Your message dated Thu, 22 Jan 2026 04:43:19 +0100
with message-id <aXGc1wfHUpXe4Qb1@vis>
and subject line Re: Bug#1126114: sbuild: Option to prefer/force
--extra-package versions during build-dep resolution
has caused the Debian Bug report #1126114,
regarding sbuild: Option to prefer/force --extra-package versions during
build-dep resolution
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126114: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126114
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sbuild
X-Debbugs-Cc: [email protected]
Version: 0.91.4
Severity: wishlist
Hi,
In Salsa CI we now have a reverse-dependency (rdep) job that rebuilds
rdeps of
a target package, for instance this wireshark example:
https://salsa.debian.org/debian/wireshark/-/pipelines/953817
When the target is built for experimental, the rdep jobs enable
experimental
and use buildd-like aspcud criteria for build-dependency resolution.
The intent of the rdep job is to take reverse-dependencies from the
archive and
rebuild them against the freshly built target binaries injected via
--extra-package, to catch regressions before the target hits the
archive.
In that setup, I noticed that versions provided via --extra-package are
not
always preferred during version selection. Even when the injected .deb
is
newer, the resolver may still select the in-archive (unstable) version
for the
same package name.
Concrete example:
unstable: libwireshark-data (all) 4.4.9-1
injected .deb:
libwireshark-data_4.6.0-0exp1+salsaci+20251010+299_all.deb
In the Salsa CI rdep job, the build installed 4.4.9-1 from unstable
instead of
the injected 4.6.0-0exp1+salsaci+...
This undermines the purpose of the rdep test. We expect the build to
exercise
the locally injected experimental binaries, but it can silently end up
using
the unstable versions instead.
Command line (representative):
sbuild --arch-all --dist=unstable \
--extra-repository='deb-src http://deb.debian.org/debian unstable
main' \
--extra-repository='deb http://deb.debian.org/debian experimental
main' \
--extra-repository='deb-src http://deb.debian.org/debian experimental
main' \
--build-dep-resolver=aspcud \
--aspcud-criteria='-count(down),-count(changed,APT-Release:=/experimental/),-removed,-changed,-new'
\
<rdep>_<ver> \
--extra-package=/path/to/libwireshark-data_4.6.0-0exp1+salsaci+..._all.deb
\
...
For full command/logs see:
https://salsa.debian.org/debian/wireshark/-/jobs/8424754#L260
Wishlist / feature request:
It would be useful if sbuild had an opt-in option to prefer (or force)
the
exact versions provided via --extra-package during build-dependency
resolution.
Note: this should not introduce new dependencies by itself, it should
only
influence version choice when that package is already pulled into the
build-dep
closure.
Something like:
--prefer-extra-packages or --pin-extra-packages
Cheers,
Aquila Macedo
--- End Message ---
--- Begin Message ---
Hi Aquila,
* [email protected] <[email protected]> [2026-01-21 21:40]:
In Salsa CI we now have a reverse-dependency (rdep) job that rebuilds
rdeps of
a target package, for instance this wireshark example:
https://salsa.debian.org/debian/wireshark/-/pipelines/953817
When the target is built for experimental, the rdep jobs enable
experimental
and use buildd-like aspcud criteria for build-dependency resolution.
The intent of the rdep job is to take reverse-dependencies from the
archive and
rebuild them against the freshly built target binaries injected via
--extra-package, to catch regressions before the target hits the
archive.
In that setup, I noticed that versions provided via --extra-package are
not
always preferred during version selection. Even when the injected .deb
is
newer, the resolver may still select the in-archive (unstable) version
for the
same package name.
Concrete example:
unstable: libwireshark-data (all) 4.4.9-1
injected .deb:
libwireshark-data_4.6.0-0exp1+salsaci+20251010+299_all.deb
In the Salsa CI rdep job, the build installed 4.4.9-1 from unstable
instead of
the injected 4.6.0-0exp1+salsaci+...
This undermines the purpose of the rdep test. We expect the build to
exercise
the locally injected experimental binaries, but it can silently end up
using
the unstable versions instead.
Command line (representative):
sbuild --arch-all --dist=unstable \
--extra-repository='deb-src http://deb.debian.org/debian unstable
main' \
--extra-repository='deb http://deb.debian.org/debian experimental
main' \
--extra-repository='deb-src http://deb.debian.org/debian experimental
main' \
--build-dep-resolver=aspcud \
--aspcud-criteria='-count(down),-count(changed,APT-Release:=/experimental/),-removed,-changed,-new'
\
<rdep>_<ver> \
--extra-package=/path/to/libwireshark-data_4.6.0-0exp1+salsaci+..._all.deb
\
...
For full command/logs see:
https://salsa.debian.org/debian/wireshark/-/jobs/8424754#L260
Wishlist / feature request:
It would be useful if sbuild had an opt-in option to prefer (or force)
the
exact versions provided via --extra-package during build-dependency
resolution.
Note: this should not introduce new dependencies by itself, it should
only
influence version choice when that package is already pulled into the
build-dep
closure.
Something like:
--prefer-extra-packages or --pin-extra-packages
Try sbuild --add-depends=dependency
Cheers Jochen
signature.asc
Description: PGP signature
--- End Message ---
