Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A main branch build causes stable installs to upgrade #11

Open
jinnatar opened this issue Oct 19, 2024 · 2 comments
Open

A main branch build causes stable installs to upgrade #11

jinnatar opened this issue Oct 19, 2024 · 2 comments

Comments

@jinnatar
Copy link
Collaborator 

apt list --upgradable | grep 1.3.3-202410170008+0c6ea6e                                                                               

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

kanidm-unixd/bookworm 1.3.3-202410170008+0c6ea6e arm64 [upgradable from: 1.3.3-202410170008+0c6ea6e]
kanidm/bookworm 1.3.3-202410170008+0c6ea6e arm64 [upgradable from: 1.3.3-202410170008+0c6ea6e]
libpam-kanidm/bookworm 1.3.3-202410170008+0c6ea6e arm64 [upgradable from: 1.3.3-202410170008+0c6ea6e]

i.e. because the action was run, even though the source was identical and the version is identical, this is still detected by APT as an "update". I kinda feared this might be the case. Best working theory is that it's due to changed hashes, but that needs investigation.

%> apt show -a kanidm-unixd         
Package: kanidm-unixd
Version: 1.3.3-202410170008+0c6ea6e
Priority: optional
Section: network
Maintainer: James Hodgkinson <[email protected]>
Installed-Size: 23,1 MB
Depends: libc6, libpam-kanidm, libnss-kanidm, tpm-udev, libssl3 | libssl3t64
Homepage: https://github.com/kanidm/kanidm/
Vcs-Browser: https://github.com/kanidm/kanidm/
Vcs-Git: https://github.com/kanidm/kanidm/
Download-Size: 4.027 kB
APT-Sources: https://kanidm.github.io/kanidm_ppa bookworm/stable arm64 Packages
Description: Kanidm Unix Integration Clients

Package: kanidm-unixd
Version: 1.3.3-202410170008+0c6ea6e
Status: install ok installed
Priority: optional
Section: network
Maintainer: James Hodgkinson <[email protected]>
Installed-Size: 23,1 MB
Depends: libpam-kanidm, tpm-udev, libnss-kanidm, libssl3 | libssl3t64, libc6
Homepage: https://github.com/kanidm/kanidm/
Vcs-Browser: https://github.com/kanidm/kanidm/
Vcs-Git: https://github.com/kanidm/kanidm/
Download-Size: unknown
APT-Manual-Installed: yes
APT-Sources: /var/lib/dpkg/status
Description: Kanidm Unix Integration Clients

Diff:

d2
< Status: install ok installed
8c7
< Depends: libpam-kanidm, tpm-udev, libnss-kanidm, libssl3 | libssl3t64, libc6
---
> Depends: libc6, libpam-kanidm, libnss-kanidm, tpm-udev, libssl3 | libssl3t64
12,14c11,12
< Download-Size: unknown
< APT-Manual-Installed: yes
< APT-Sources: /var/lib/dpkg/status
---
> Download-Size: 4.027 kB
> APT-Sources: https://kanidm.github.io/kanidm_ppa bookworm/stable arm64 Packages

apt-cache:

%> apt-cache policy kanidm-unixd
kanidm-unixd:
  Installed: 1.3.3-202410170008+0c6ea6e
  Candidate: 1.3.3-202410170008+0c6ea6e
  Version table:
     1.3.3-202410170008+0c6ea6e 500
        500 https://kanidm.github.io/kanidm_ppa bookworm/stable arm64 Packages
 *** 1.3.3-202410170008+0c6ea6e 100
        100 /var/lib/dpkg/status
@yaleman
Copy link
Member

yaleman commented Oct 19, 2024

The "depends" list isn't stable? 😱 That'd be enough to completely change the resulting file hash.

@jinnatar
Copy link
Collaborator Author

Best guess is that they get sorted for installed packages and it's not a hash issue? I really hope that's it, and the sorting rules are just weird.

Trying to get the hash to match gets us to repeatable builds territory and that sounds like a nightmare.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yaleman @jinnatar