Package: libexpat1 Version: 2.7.1-1 Severity: serious Control: affects -1 python3-cryptography
Hi, While testing upgrades from bookworm to trixie, I ran into the following issue, that affects upgrades for the following packages: arctica-greeter-remote-logon barbican-tempest-plugin changeme cinder-tempest-plugin cloudkitty-tempest-plugin designate-tempest-plugin firejail-profiles firejail firetools glance-tempest-plugin horizon-tempest-plugin ironic-tempest-plugin jeepyb keystone-tempest-plugin lightdm-remote-session-x2go magnum-tempest-plugin manila-tempest-plugin mistral-tempest-plugin placement-common pyhoca-cli python3-placement python3-tempest python3-tempestconf python3-x2go refstack-client remmina-plugin-x2go ros-perception ros-viz senlin-tempest-plugin telemetry-tempest-plugin tempest vorta watcher-tempest-plugin zaqar-tempest-plugin In a bookworm chroot, I do: apt-get update && apt-get -y install pyhoca-cli && sed -i s/bookworm/trixie/ /etc/apt/sources.list && apt-get update && apt-get -y upgrade (that is, install pyhoca-cli, then apt-get upgrade to trixie) The situation in the chroot is then the following: # dpkg -l |grep -e libc6 -e libexpat1 -e python3-cryptography ii libc6:amd64 2.36-9+deb12u10 amd64 GNU C Library: Shared libraries ii libexpat1:amd64 2.5.0-1+deb12u1 amd64 XML parsing C library - runtime library ii python3-cryptography 38.0.4-3+deb12u1 amd64 Python library exposing cryptographic recipes and primitives (Python 3) now, if I apt-get dist-upgrade, one possible ordering results in: Preconfiguring packages ... (Reading database ... 14370 files and directories currently installed.) Preparing to unpack .../00-openssl_3.5.0-2_amd64.deb ... Unpacking openssl (3.5.0-2) over (3.0.16-1~deb12u1) ... Selecting previously unselected package libpython3.13-minimal:amd64. Preparing to unpack .../01-libpython3.13-minimal_3.13.3-2_amd64.deb ... Unpacking libpython3.13-minimal:amd64 (3.13.3-2) ... Preparing to unpack .../02-libexpat1_2.7.1-1_amd64.deb ... Unpacking libexpat1:amd64 (2.7.1-1) over (2.5.0-1+deb12u1) ... Preparing to unpack .../03-python3-cryptography_43.0.0-3_amd64.deb ... + set -e + command -v py3clean + py3clean -p python3-cryptography:amd64 /usr/bin/python3: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not found (required by /lib/x86_64-linux-gnu/libexpat.so.1) dpkg: warning: old python3-cryptography package pre-removal script subprocess returned error exit status 1 dpkg: trying script from the new package instead ... /usr/bin/python3: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not found (required by /lib/x86_64-linux-gnu/libexpat.so.1) dpkg: error processing archive /tmp/apt-dpkg-install-4LX8Uy/03-python3-cryptography_43.0.0-3_amd64.deb (--unpack): new python3-cryptography package pre-removal script subprocess returned error exit status 1 + set -e + command -v py3compile + py3compile -p python3-cryptography:amd64 /usr/bin/python3: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not found (required by /lib/x86_64-linux-gnu/libexpat.so.1) dpkg: error while cleaning up: installed python3-cryptography package post-installation script subprocess returned error exit status 1 I believe that this happens if the following ordering is picked by apt: - unpack libexpat1/trixie - unpack python3-cryptography/trixie - unpack libc6/trixie if another package causes libc6 to be unpacked earlier, of course the issue doesn't happen. I had trouble reproducing the issue in a larger environment because of this. Also, this doesn't happen if apt is upgraded before 'apt-get upgrade', because upgrading apt would pull a newer libc6. But I see that the releae notes no longer recommend upgrading apt prior to running 'apt-get upgrade' I'm obviously fine with the severity being downgraded to non-RC. Also I'm not sure of my analysis above, so please take it with a grain of salt. Lucas
