Debian package dependencies are broken

[logopk]

Hi @airween,

I'm trying to install modsecurity3 latest for nginx from sid.

Apparently there is a minor fix in 3.0.12 leading to a version 3.0.12-1.1 .
However this fix has been added only to libmodsecurity3-dev and not libmodsecurity3.

So I get an error on installing

 > [linux/amd64 stage-0  9/35] RUN set -x && apt-get update                 && apt-get -t sid install -y --no-install-recommends                                libmodsecurity-dev=3.0.12-1.1                                libmodsecurity3=3.0.12-1:
6.700 Reading state information...
6.939 Some packages could not be installed. This may mean that you have
6.939 requested an impossible situation or if you are using the unstable
6.939 distribution that some required packages have not yet been created
6.939 or been moved out of Incoming.
6.939 The following information may help to resolve the situation:
6.939 
6.940 The following packages have unmet dependencies:
7.205  libmodsecurity3t64 : Breaks: libmodsecurity3 (< 3.0.12-1.1)
7.211 E: Unable to correct problems, you have held broken packages.
------

IIRC 3.0.12-1.1 was available for some time, but has been removed. Could that be?

For the time being I have removed libmodsecurity-dev and changed my Dockerfile to work around this.

Can you please have a look?

Peter

[logopk]

https://tracker.debian.org/pkg/modsecurity

https://tracker.debian.org/news/1507893/accepted-modsecurity-3012-11-source-into-unstable/

[airween]

Hi @logopk,

thanks for reporting.

I'm trying to install modsecurity3 latest for nginx from sid.

Apparently there is a minor fix in 3.0.12 leading to a version 3.0.12-1.1 .

The reason of minor fix is this (through this ticket).

However this fix has been added only to libmodsecurity3-dev and not libmodsecurity3.

I haven't had time to review the new concept (renaming libraries to t64 suffixed packages), but it seems that the development packages keep their own names, and runtime packages has renamed with t64 suffixed package names.

See this page.

So I get an error on installing

 > [linux/amd64 stage-0  9/35] RUN set -x && apt-get update                 && apt-get -t sid install -y --no-install-recommends                                libmodsecurity-dev=3.0.12-1.1                                libmodsecurity3=3.0.12-1:
6.700 Reading state information...
6.939 Some packages could not be installed. This may mean that you have
6.939 requested an impossible situation or if you are using the unstable
6.939 distribution that some required packages have not yet been created
6.939 or been moved out of Incoming.
6.939 The following information may help to resolve the situation:
6.939 
6.940 The following packages have unmet dependencies:
7.205  libmodsecurity3t64 : Breaks: libmodsecurity3 (< 3.0.12-1.1)
7.211 E: Unable to correct problems, you have held broken packages.
------

IIRC 3.0.12-1.1 was available for some time, but has been removed. Could that be?

with this version the package name is libmodsecurity3t64, not libmodsecurity3. You should try:

...RUN set -x && apt-get update                 && apt-get -t sid install -y --no-install-recommends                                libmodsecurity-dev=3.0.12-1.1                                libmodsecurity3t64=3.0.12-1.1

Could you try this?

[logopk]

geee - this is ugly, but your suggestion works. (needed some more fixes for libgeoip1(t64)).

Thank You for your help. As always lightning fast!

[airween]

Thanks, it's good to see that your problem has solved.

Please close the issue if you don't have any questions.

[logopk]

Hello @airween,

this is getting bigger by the day.

Currently I'm facing a similar issue with apache2 and libapache2-mod-security2 from sid on armhf.
The true problem is that I'm using the same Dockerfile for docker buildx to build my image for arm64,amd64 and armhf.

After some restructuring arm64 and amd64 build ok, but armhf for my pi 3b+ fails:

 > [stage-1 12/70] RUN set -x  && apt-get -t sid install -o APT::Immediate-Configure=false -y --no-install-recommends -o Debug::pkgProblemResolver=true -o Debug::Acquire::http=true                                libapache2-mod-security2=2.9.7-1+b1:
8.041 or been moved out of Incoming.
8.041 The following information may help to resolve the situation:
8.041 
8.041 The following packages have unmet dependencies:
8.466  libdb5.3t64 : Breaks: libdb5.3 (< 5.3.28+dfsg2-5) but 5.3.28+dfsg2-1 is to be installed
8.466  libgdbm6t64 : Breaks: libgdbm6 (< 1.23-5.1) but 1.23-5+b1 is to be installed
8.466  libgnutls30t64 : Breaks: libgnutls30 (< 3.8.3-1.1) but 3.8.3-1 is to be installed
8.467  libhogweed6t64 : Breaks: libhogweed6 (< 3.9.1-2.2) but 3.8.1-2 is to be installed
8.467  libnettle8t64 : Breaks: libnettle8 (< 3.9.1-2.2) but 3.9.1-2+b1 is to be installed
8.474 E: Unable to correct problems, you have held broken packages.

I have no idea where these dependencies come from and how I can fix them.

Do you have an idea?

Thanks.

[airween]

Hi @logopk,

ahm, thank for letting know this.

Unfortunately I'm almost sure this is a Debian issue - one or more packages are broken, because of the t64 migration.

Could you open a bug on Debian tracker? That would be a huge help me - thanks!

[airween]

Before you open a ticket, could you upgrade/replace the mentioned packages above?

Eg. libdb5.3 -> libdb5.3t64? Seems like packages are available, eg: libdb

[logopk]

@airween

Could you open a bug on Debian tracker? That would be a huge help me - thanks!

Never done this, but I will try. Is this only working via email?

Before you open a ticket, could you upgrade/replace the mentioned packages above?

Eg. libdb5.3 -> libdb5.3t64? Seems like packages are available, eg: libdb

I have added this to the install, but that did not fix it, or change the output...

 > [stage-1 12/70] RUN set -x  && apt-get -t sid install -o APT::Immediate-Configure=false -y --no-install-recommends -o Debug::pkgProblemResolver=true -o Debug::Acquire::http=true                                libdb5.3t64                                libapache2-mod-security2=2.9.7-1+b1:
7.986 or been moved out of Incoming.
7.986 The following information may help to resolve the situation:
7.986 
7.986 The following packages have unmet dependencies:
8.390  libdb5.3t64 : Breaks: libdb5.3 (< 5.3.28+dfsg2-5) but 5.3.28+dfsg2-1 is to be installed
8.391  libgdbm6t64 : Breaks: libgdbm6 (< 1.23-5.1) but 1.23-5+b1 is to be installed
8.391  libgnutls30t64 : Breaks: libgnutls30 (< 3.8.3-1.1) but 3.8.3-1 is to be installed
8.391  libhogweed6t64 : Breaks: libhogweed6 (< 3.9.1-2.2) but 3.8.1-2 is to be installed
8.392  libnettle8t64 : Breaks: libnettle8 (< 3.9.1-2.2) but 3.9.1-2+b1 is to be installed
8.400 E: Unable to correct problems, you have held broken packages.
------

What does libdb5.3 (< 5.3.28+dfsg2-5) but 5.3.28+dfsg2-1 is to be installed mean? Who is setting this requirement? Ah: armhf has only 5.3.28+dfsg2-1 in the repo?

[logopk]

Bugreport was sent :-)

[logopk]

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066191