Does not consider all versions in Packages files

I've created a reproducer (attached, also at https://pastebin.ubuntu.com/p/H6dTzGBTGp/). This is a small Flask app which wraps archive.ubuntu.com, and modifies the focal main Packages file to include the e2fsprogs and libext2fs2 packages currently in focal-updates (as well as rewriting other metadata as required). It can be run like this (assuming it's written to repro.py):

FLASK_APP=repro.py flask run

Once it's running, the reported debootstrap error can be reproduced by attempting to bootstrap from this "mirror" (without GPG verification: that obviously won't work!):

debootstrap --keep-debootstrap-dir --variant minbase --no-check-gpg focal bootstrap http://127.0.0.1:5000/ubuntu/

You should see this fail with:

W: Failure trying to run: chroot "/root/bootstrap" dpkg --force-overwrite --force-confold --skip-same-version --install

This command should have a package name appended to it. debootstrap has installed the older version of libext2fs2 into the chroot (because it failed to find the newer one), but it has written `/var/lib/dpkg/available` such that `dpkg --predep-package` does detect the newer version and returns "libext2fs2" as a package that needs installing to satisfy Pre-Depends. debootstrap filters out any already-installed packages from that list, and that's why we don't have any package name appended here.

Fixing the determination logic in pkgdetails_field so that debootstrap installs the most recent packages initially fixes this problem: the Pre-Depends on the newer package is satisfied, so `dpkg --predep-package` doesn't return it.

I've written the attached patch to debootstrap which addresses this issue, by modifying pkgdetails_field to examine all stanzas in the Packages file instead of exiting early. (Also at https://pastebin.ubuntu.com/p/6jmkGqKrjX/, though the whitespace is funky for some reason.)

The attachment "lp1990856.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

I've now written an autopkgtest using a modified version of my above reproducer (so that it doesn't require hardcoded stanzas for existing packages): https://pastebin.ubuntu.com/p/fqHR348szF/

Putting all those pieces together with changelog entries, here's a full debdiff.

Thanks for writing a patch and test case. This bug is not Ubuntu specific. We prefer to get the bug fixed via Debian to keep the delta small. Can you forward your fix to Debian as Debian bug and/or merge request on https://salsa.debian.org/installer-team/debootstrap/-/merge_requests?

This bug was fixed in the package debootstrap - 1.0.128+nmu2ubuntu1

---------------
debootstrap (1.0.128+nmu2ubuntu1) lunar; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Symlink lunar -> gutsy. Welcome to the Lunar Lobster!
    - Fix EXTRACTOR_OVERRIDE: parameter not set (LP: #1971951)
    - Fix failures with "set -u"

debootstrap (1.0.128+nmu2) unstable; urgency=low

  * Non-maintainer upload.

  [ Matthias Klumpp ]
  * Update PureOS bootstrap script

  [ Luca Boccassi ]
  * autopkgtest: fix running on !amd64
  * autopkgtest: run on 'testing' instead of 'bookworm'

debootstrap (1.0.128+nmu1) unstable; urgency=low

  * Non-maintainer upload.
  * autopkgtest: add /usr/sbin to PATH

debootstrap (1.0.128) unstable; urgency=low

  [ Samuel Thibault ]
  * Make gbp tag produce the right tag format

  [ Carsten Schoenert ]
  * Add (PureOS) byzantium as a symlink to amber
  * Add (PureOS) crimson as a symlink to amber

  [ Daniel Watkins ]
  * Support Packages files which are not ordered alphabetically by Package field
    (LP: #1990856)

  [ Dimitri John Ledkov ]
  * d/tests/unsorted-packages-files: cleanup temp files and daemon

  [ Tianon Gravi ]
  * Apply "EXCLUDE_DEPENDENCY" during "resolve_deps"

debootstrap (1.0.127+nmu1) unstable; urgency=medium

  * Non-maintainer upload.

  [ Ansgar ]
  * debootstrap: optionally exclude specific dependencies
  * debian-common: exclude usrmerge when installing usr-is-merged

  [ Samuel Thibault ]
  * Enable usrmerge on hurd-i386 too.

 -- Łukasz 'sil2100' Zemczak <email address hidden> Wed, 07 Dec 2022 10:09:03 +0100

Hi Dan W, thanks for the patches.

I have uploaded these.

A few thoughts that weren't blocking the upload:
* it feels strange to upload these when the debootstrap tests have been broken for as long as I cared to look for, but these patches doesn't make that situation worse.
* I don't love the "sleep 2" in the test, but it seems to be working fine on devel so I'll move on. I would suggest though, if you feel like iterating, changing that to either poll the flask app for startup with a timeout, or just make the sleep longer, and make it loudly complain about the fact that the timeout was hit.
* since you've started these patches, the sponsors process has been restarted and the sponsor queue is now empty, that should be a good mechanism to get someone to take a look at future proposals. https://discourse.ubuntu.com/t/ubuntu-patch-pilots/37705 has details

Hello Dan, or anyone else affected,

Accepted debootstrap into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/debootstrap/1.0.126+nmu1ubuntu0.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Dan, or anyone else affected,

Accepted debootstrap into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/debootstrap/1.0.118ubuntu1.12 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted debootstrap (1.0.118ubuntu1.12) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

debuerreotype/0.10-1 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#debootstrap

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted debootstrap (1.0.126+nmu1ubuntu0.6) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

debuerreotype/0.14-1 (ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#debootstrap

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

The fix for this bug has been awaiting testing feedback in the -proposed repository for focal for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

o/

I have verified the newly added test passed correctly on jammy, I'm currently still trying to find test results on focal. I've retried the test there as it's no longer in the autopkgtest db.

I have retried docker.io-app on focal which reported a regression too, and that cleared up.

The debuerreotype regressions are genuine but harmless: Ultimately packages are now extracted in a different order, causing the timestamp of shared directories to differ. We cannot fix the test cases in debuerreotype because they rely on comparing against a tarball on a remote server, so I'd just say skip that.

Hello Dan, or anyone else affected,

Accepted debootstrap into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/debootstrap/1.0.126+nmu1ubuntu0.7 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted debootstrap (1.0.126+nmu1ubuntu0.6) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

debuerreotype/0.14-1 (ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#debootstrap

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted debootstrap (1.0.126+nmu1ubuntu0.7) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

debuerreotype/0.14-1 (ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#debootstrap

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Thank you SRU bot. I'll mark the bug as verified for jammy.

As explained before, the regression in debuerreotype is expected, the change in extraction order (which is now more deterministic) is causing a timestamp skew in the result vs what was calculated as expected back then, and the reference tarball is operated by a third party, and we do not use debuerreotype, so we should just ignore the regression.

This bug was fixed in the package debootstrap - 1.0.126+nmu1ubuntu0.7

---------------
debootstrap (1.0.126+nmu1ubuntu0.7) jammy; urgency=medium

  * Disable usrmerge code on noble+ as they ship symlinks in base-files,
    and the code is incompatible (and no longer needed) (LP: #2054925)

debootstrap (1.0.126+nmu1ubuntu0.6) jammy; urgency=medium

  * Support Packages files which are not ordered alphabetically by Package
    field, by backporting upstream commit
    86ca8bcc736ceba53ad4a7d9b10b4c2ab65d739d (LP: #1990856)

 -- Julian Andres Klode <email address hidden> Mon, 26 Feb 2024 10:41:03 +0100

The verification of the Stable Release Update for debootstrap has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Hello Dan, or anyone else affected,

Accepted debootstrap into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/debootstrap/1.0.118ubuntu1.13 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted debootstrap (1.0.118ubuntu1.13) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

debuerreotype/0.10-1 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#debootstrap

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!