Bug#1034077: debian-security-support: Lots of noise about DEBIAN_VERSION 12 being invalid when upgrading bullseye→bookworm

[Stuart Prescott]

Following up the conversation in #d-release...

Looking at some released versions of /usr/bin/check-support-status:

- buster (10.13, 1:10+2022.08.23) has DEB_NEXT_VER_ID=11

- bullseye (11.6, 1:11+2022.08.23) has DEB_NEXT_VER_ID=11=11

- bookworm (to be 12.0, 1:12+2023.03.17) has DEB_NEXT_VER_ID=12

Looking at older releases (prior to the change in versioning scheme) is
a bit harder; the value of DEB_NEXT_VER_ID also seems to increment
several times during the life of a release, which perhaps muddies the
analysis. Backporting the entire package and incrementing that number
during the life of the release would also be why this has not been seen
in the past, I guess.

Based on the comment "# Version ID for next Debian stable", my
assumption is that this should be the version number of the release that
follows the stable release in which d-s-s is found. That is to say, the
comment and code makes it look like DEB_NEXT_VER_ID=12 would have been
right for bullseye and DEB_NEXT_VER_ID=13 would be right for bookworm.

Incrementing to DEB_NEXT_VER_ID=12 in the next bullseye point release
seems reasonable to me; also incrementing in bookworm to
DEB_NEXT_VER_ID=13 would be logical.

Rather than having base-files predepend on d-s-s, I suspect apt could be
convinced to upgrade them in the right order by having base-files
conflict (or perhaps break?) the 1:11+2022.08.23 version of d-s-s, with
a fixed version in bullseye or the upgraded version in bookworm both
being OK.

I haven't looked at the code paths to check if this warning is 'only'
cosmetic or if it also causes d-s-s to stop working.

regards
Stuart



--
Stuart Prescott http://www.nanonanonano.net/ stu...@nanonanonano.net
Debian Developer http://www.debian.org/ stu...@debian.org
GPG fingerprint 90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7

[Holger Levsen]

Hi Stuart,

On Sun, Apr 09, 2023 at 12:45:13AM +1000, Stuart Prescott wrote:
> Following up the conversation in #d-release...

thank you for that!

> Looking at some released versions of /usr/bin/check-support-status:
> - buster (10.13, 1:10+2022.08.23) has DEB_NEXT_VER_ID=11
> - bullseye (11.6, 1:11+2022.08.23) has DEB_NEXT_VER_ID=11=11
> - bookworm (to be 12.0, 1:12+2023.03.17) has DEB_NEXT_VER_ID=12

nods

> Looking at older releases (prior to the change in versioning scheme) is a
> bit harder; the value of DEB_NEXT_VER_ID also seems to increment several
> times during the life of a release, which perhaps muddies the analysis.
> Backporting the entire package and incrementing that number during the life
> of the release would also be why this has not been seen in the past, I
> guess.

TBH I think this is because the debian-security-support package was
somewhat neglected for many years.

> Based on the comment "# Version ID for next Debian stable", my assumption is
> that this should be the version number of the release that follows the
> stable release in which d-s-s is found. That is to say, the comment and code
> makes it look like DEB_NEXT_VER_ID=12 would have been right for bullseye and
> DEB_NEXT_VER_ID=13 would be right for bookworm.

right, that makes sense.

> Incrementing to DEB_NEXT_VER_ID=12 in the next bullseye point release seems
> reasonable to me; also incrementing in bookworm to DEB_NEXT_VER_ID=13 would
> be logical.

I'll ponder about this is a bit more before doing such uploads. Like for
2 or 48h or so. Please do ping me if I forget.

> Rather than having base-files predepend on d-s-s, I suspect apt could be
> convinced to upgrade them in the right order by having base-files conflict
> (or perhaps break?) the 1:11+2022.08.23 version of d-s-s, with a fixed
> version in bullseye or the upgraded version in bookworm both being OK.

would you suggest to do this instead of in in addtion of increasing
DEB_NEXT_VER_ID to 12 for bullseye and to 13 for bookworm?

> I haven't looked at the code paths to check if this warning is 'only'
> cosmetic or if it also causes d-s-s to stop working.

nods.

thanks!


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

Friendly reminder, that we are all closer to being climate refugees than
billionaires.

[Holger Levsen]

Hi,

I forgot to mention one thing: this will be better in future, because
since 3 weeks debian/README.source contains this:

# ToDo list for a new Debian release

At the beginning of each new Debian release cycle, these steps need to be done:

- create a new git branch for the old release
- increase the epoch in debian/changelog
- create security-support-ended.debX based on the previous release
- debian/rules: increase NEXT_VERSION_ID
- check-support-status.in:
- increase DEB_NEXT_VER_ID
- increase DEB_LOWEST_VER_ID and drop security-support-ended.debY
- update links with release codenames in security-support-limited



Which I obviously plan to append with the result of this bug. :)

--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

Homelessness exists not because the housing systemn is not working, but because
this is the way it works. - Peter Marcuse.

[Holger Levsen]

Hi,

On Fri, Apr 14, 2023 at 11:16:16AM +0000, Holger Levsen wrote:
> > Incrementing to DEB_NEXT_VER_ID=12 in the next bullseye point release seems
> > reasonable to me; also incrementing in bookworm to DEB_NEXT_VER_ID=13 would
> > be logical.
> I'll ponder about this is a bit more before doing such uploads. Like for
> 2 or 48h or so. Please do ping me if I forget.

hmpf, I indeed forgot to fix this for the last bullseye point release :/

And if also just done another bullseye2bookworm upgrade and saw this bug
many times myself :/

Setting up libpam-modules:amd64 (1.5.2-6) ...
Installing new version of config file /etc/security/limits.conf ...
Installing new version of config file /etc/security/sepermit.conf ...
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
(Reading database ... 82537 files and directories currently installed.)
Preparing to unpack .../libpam-runtime_1.5.2-6_all.deb ...
Unpacking libpam-runtime (1.5.2-6) over (1.4.0-9+deb11u1) ...
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
Setting up libpam-runtime (1.5.2-6) ...
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
(Reading database ... 82537 files and directories currently installed.)
Preparing to unpack .../libcryptsetup12_2%3a2.6.1-4~deb12u1_amd64.deb ...
Unpacking libcryptsetup12:amd64 (2:2.6.1-4~deb12u1) over (2:2.3.7-1+deb11u1) ...
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
Setting up libdevmapper1.02.1:amd64 (2:1.02.185-2) ...
Setting up libcryptsetup12:amd64 (2:2.6.1-4~deb12u1) ...
Setting up dmsetup (2:1.02.185-2) ...
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
Selecting previously unselected package libsystemd-shared:amd64.
(Reading database ... 82537 files and directories currently installed.)
Preparing to unpack .../libsystemd-shared_252.6-1_amd64.deb ...
Unpacking libsystemd-shared:amd64 (252.6-1) ...
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
Setting up libapparmor1:amd64 (3.0.8-3) ...
Setting up libkmod2:amd64 (30+20221128-1) ...
Setting up libsystemd-shared:amd64 (252.6-1) ...
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
(Reading database ... 82545 files and directories currently installed.)
Preparing to unpack .../libsystemd0_252.6-1_amd64.deb ...
Unpacking libsystemd0:amd64 (252.6-1) over (247.3-7+deb11u2) ...
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
: Warning: unknown DEBIAN_VERSION 12. Valid values are from 9 to 11, inclusive.
Setting up libsystemd0:amd64 (252.6-1) ...
Setting up libfdisk1:amd64 (2.38.1-5+b1) ...

hmpf.

--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

We live in a world where teenagers get more and more desperate trying to
convince adults to behave like grown ups.