Hi

Are debug symbols on powerpc for the recent dovecot security advisory
missing, or am I doing something wrong?

/Simon

root@pippi:~# apt-get install dovecot-imapd-dbgsym
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
dovecot-imapd-dbgsym : Depends: dovecot-imapd (= 1:2.3.13+dfsg1-2+deb11u1) but 1:2.3.13+dfsg1-2 is to be installed
E: Unable to correct problems, you have held broken packages.
root@pippi:~#

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCYwMPsxQcc2ltb25Aam9z ZWZzc29uLm9yZwAKCRBRcisI/kdFoixIAQDtd6kS4WZ3ZbUSW4nR2iJM11XtNj1q VnIBCTmqh3B87QD/WzwnE8tGyor//WtN3EXbTK9o4zcO4I5ZUDPXnGiM6gI=GFVg
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 2022-08-22 at 07:10 +0200, Simon Josefsson wrote:

Are debug symbols on powerpc for the recent dovecot security advisory missing, or am I doing something wrong?

...

 dovecot-imapd-dbgsym : Depends: dovecot-imapd (= 1:2.3.13+dfsg1-2+deb11u1) but 1:2.3.13+dfsg1-2 is to be installed

As far as I know powerpc isn't supported for Debian stable nor the
Debian security updates archive. Also the +deb11u1 version of the
package isn't in the Debian security updates archive, only the main
Debian archive in the stable-proposed-updates suite.

What do your apt sources look like?

What is the architecture of your system? Run dpkg --print-architecture

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmMERbkACgkQMRa6Xp/6 aaMdHw//aQeUR230uq7jqv/lhr4qAr5Iu0OZytwlj8P1cobZ/og1YUO/NCxuE2Pa sfmCl2w3+NiEXuF+oWFSh5iiSQa9eIOJnDXee8Ic/cpRt9SgPYhvaZiY+lxI9iZX oGYUiARZd8OVZeeojlIW1IVILptY/azs8cXDvD48U5bhubQPT6d2A0JUNUHfGZVU 1Cnqs8E9vvnG5cBahNOA71HwST7EhWl1mERxHriYlUEuzkaCour7CfyR3dePLTmE 7qzx3Eci+4DU3oKhEWlbEYc+L7qwmoPpr07yAaShyxLoA57ZxhGJweq4R079cloH 2MFSTAWoOgvZOxysWP/TiOWT6om5Fr6qS+kve+6Nno50oxLHdsL/grzPJHOxSn3K 4s4AYg/rZyIgZPgfumHGt/dXOXncr/hKJGSuNcTFcOXm14WQtDMkon0wXZ6ZSRbq 5j07yqDmJQ1zK/h6nzq/rfQoeshy+7SmiZ+z+BfjXnpgcDdNW3IY14/AXqAmOPxR P7vVCv2QfUZJN2/KNx/hmwAxKj3EJc4OB3e+bGQN2TyzyBONS6M0YjjiPDbLloj6 CedkNiaFr2Mh2Jg9IWaCnenpvILB/8XYY9MPx0zUXGpgX0ysybhW03g5oL79lbUH IUEDfsWlFzyKKTOkPlzBHWNuSoF3tI+elgDxuYtb0bV9nIhi6+o=
=pOv7
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Paul Wise <pabs@debian.org> writes:

On Mon, 2022-08-22 at 07:10 +0200, Simon Josefsson wrote:

Are debug symbols on powerpc for the recent dovecot security advisory
missing, or am I doing something wrong?

...

 dovecot-imapd-dbgsym : Depends: dovecot-imapd (= 1:2.3.13+dfsg1-2+deb11u1) but 1:2.3.13+dfsg1-2 is to be installed

As far as I know powerpc isn't supported for Debian stable nor the
Debian security updates archive.

Interesting -- where can I read about that? The release notes says that ppc64el is an officially supported architecture for Debian 11:

https://www.debian.org/releases/bullseye/ppc64el/release-notes/ch-whats-new.en.html#idm120

I don't see any warning about ppc64el being a non-supported architecture
when downloading official installer images, nor when download
cloud-images:

https://cloud.debian.org/images/cloud/

Also the +deb11u1 version of the package isn't in the Debian security
updates archive, only the main Debian archive in the
stable-proposed-updates suite.

Ah, right, my mistake.

What do your apt sources look like?

This is what the cloud-image installed for me:

root@pippi:~# cat /etc/apt/sources.list
deb http://deb.debian.org/debian bullseye main
deb-src http://deb.debian.org/debian bullseye main
deb http://security.debian.org/debian-security bullseye-security main
deb-src http://security.debian.org/debian-security bullseye-security main
deb http://deb.debian.org/debian bullseye-updates main
deb-src http://deb.debian.org/debian bullseye-updates main
deb http://deb.debian.org/debian bullseye-backports main
deb-src http://deb.debian.org/debian bullseye-backports main
root@pippi:~#

This is a local customization:

root@pippi:~# cat /etc/apt/sources.list.d/debug.list
deb http://deb.debian.org/debian-debug/ bullseye-debug main
deb http://deb.debian.org/debian-debug/ bullseye-proposed-updates-debug main root@pippi:~#

Thanks, you helped me find the problem -- after removing the bullseye-proposed-updates-debug line all packages installed fine. I
guess somehow apt preferred the version from b-p-u-d compared to what's
in b-d and failed.

The reason I used the above lines came from the wiki:

https://wiki.debian.org/AutomaticDebugPackages

It says I should use proposed-updates-debug to get debug symbols for
stable security updates, which is something I want.

Isn't the problem that somehow the package from
bullseye-proposed-updates-debug was prefered over the one from
bullseye-debug? For security updates you want that, for updates to
stable you don't want that. Maybe there should be a
bullseye-updates-debug distribution?

What is the architecture of your system? Run dpkg --print-architecture

ppc64el

/Simon

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCYwSJ4RQcc2ltb25Aam9z ZWZzc29uLm9yZwAKCRBRcisI/kdFohWLAP0e7MIK+llHoYdejeELEjyguP+EfFqC 4A1GlNU3QTtHLwD9EfWgJchakLTQMNtsW+L4iG0HqyFe/hnOzvQ19TQoeAs=DYq9
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Paul Wise <pabs@debian.org> writes:

On Tue, 2022-08-23 at 10:03 +0200, Simon Josefsson wrote:

Paul Wise <pabs@debian.org> writes:

On Mon, 2022-08-22 at 07:10 +0200, Simon Josefsson wrote:

As far as I know powerpc isn't supported for Debian stable nor the
Debian security updates archive.

Interesting -- where can I read about that?  The release notes says that
ppc64el is an officially supported architecture for Debian 11:

Your initial mail mentioned powerpc, which is the older 32-bit port,
while you are using the newer ppc64el port, which is supported.

Right.

Isn't the problem that somehow the package from
bullseye-proposed-updates-debug was prefered over the one from
bullseye-debug?  For security updates you want that, for updates to
stable you don't want that.  Maybe there should be a
bullseye-updates-debug distribution?

That is the correct analysis yeah. The wiki page you linked has a bug
about adding a dbgsym archive for the debian-security archive, but
there hasn't been any work done on it at all yet, so I doubt the issue
will be fixed any time soon. For now I suggest either dropping the
b-p-u-d from your apt sources or pinning them to low priority and only
ever installing them manually. You could also add the non-debug suite bullseye-proposed-updates to your apt sources, but then you would get additional low-priority updates ahead of the point releases.

https://bugs.debian.org/894081 https://wiki.debian.org/AptConfiguration#apt_preferences_.28APT_pinning.29

Good pointers, thank you! Yes, it seems I re-discovered that bug
report, sorry for the noise.

/Simon

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIkEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCYwSctRQcc2ltb25Aam9z ZWZzc29uLm9yZwAKCRBRcisI/kdFos6oAQDHCpSZMbMkMORsc0hnlQCc9oehU+qe xCQExuY4mP0ndwDzBt4sfGbU1HkmTYtMQzdOqhYwzPJP+J4evzQmNtlbBw=É+M
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 2022-08-23 at 10:03 +0200, Simon Josefsson wrote:

Paul Wise <pabs@debian.org> writes:

On Mon, 2022-08-22 at 07:10 +0200, Simon Josefsson wrote:

As far as I know powerpc isn't supported for Debian stable nor the
Debian security updates archive.

Interesting -- where can I read about that?  The release notes says that ppc64el is an officially supported architecture for Debian 11:

Your initial mail mentioned powerpc, which is the older 32-bit port,
while you are using the newer ppc64el port, which is supported.

Isn't the problem that somehow the package from bullseye-proposed-updates-debug was prefered over the one from bullseye-debug?  For security updates you want that, for updates to
stable you don't want that.  Maybe there should be a
bullseye-updates-debug distribution?

That is the correct analysis yeah. The wiki page you linked has a bug
about adding a dbgsym archive for the debian-security archive, but
there hasn't been any work done on it at all yet, so I doubt the issue
will be fixed any time soon. For now I suggest either dropping the
b-p-u-d from your apt sources or pinning them to low priority and only
ever installing them manually. You could also add the non-debug suite bullseye-proposed-updates to your apt sources, but then you would get additional low-priority updates ahead of the point releases.

https://bugs.debian.org/894081 https://wiki.debian.org/AptConfiguration#apt_preferences_.28APT_pinning.29

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmMEmg0ACgkQMRa6Xp/6 aaOtJhAAjAFG0SK/HM3zPGL7v6nWwd6K/A56YockC37HZ91Pjbi41mmKIEEsygdx z4bg3JDS9zvBCB407ffeNWng/n0nPmaTNsKnXOQB+ANjUJds6OtsO6bZL0yyQ/yp SvtAwgLob/wd3uvjXSoNV/Ie2MObVysnL81tmrWmhD8WKiS2uzUBf1EIfyN03XV7 v7FqU62SQZ+9hWqPtbXeWwQ8Nq29Rk4VqKeCh0hNa2Ix03TbWKc+Pz92E4tw+ut1 Eh164WU0N6agWKOzSasOn0E7aqtsjEYY4+ctVdf0FDwRAzxoxEkzjoE/ldT9YCiZ JUOVOdZiyJ4AE6Cr/1fTMaKQyokFp6XBUPiad4zwVcdbEPcsvapSRYrX9vGCOq03 NwXR2FmyJTNak+dhBHU0JVJxEepnpyKJx+MC9M+7wozt2oT8Rhvlrz+OQe+neHpl bSiiHHS07qAZSX3FNa//bTPldYdQEJVfUzG6KS64t0b2XetbL5+WfN2vcGUG1yyq xXwa7r9FGeQIgXjIF+S4akCpf55rr4E6t43ZU3Zwe2rgosv8/BOWpqlHwqv0u6Qj 3QOUdqNndCq5Vx5HLmisZ71vnqY+T/7GJClqESX6/0uRq7UUqhc+MjynpTOC4G/B aajHC3Ir1KazwCWMIq2cf8Q7PhQcNMS56aRbaOc37GFSt5FgMeY=
=52Ui
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Aug 23, 2022 at 4:04 AM Simon Josefsson <simon@josefsson.org> wrote:

Paul Wise <pabs@debian.org> writes:

On Mon, 2022-08-22 at 07:10 +0200, Simon Josefsson wrote:

Are debug symbols on powerpc for the recent dovecot security advisory
missing, or am I doing something wrong?

...

dovecot-imapd-dbgsym : Depends: dovecot-imapd (= 1:2.3.13+dfsg1-2+deb11u1) but 1:2.3.13+dfsg1-2 is to be installed

As far as I know powerpc isn't supported for Debian stable nor the
Debian security updates archive.

Interesting -- where can I read about that? The release notes says that ppc64el is an officially supported architecture for Debian 11:

https://www.debian.org/releases/bullseye/ppc64el/release-notes/ch-whats-new.en.html#idm120

ppc64el is listed as an official port at https://www.debian.org/ports/
. But that page has never been quite accurate .

For example, amd64 and arm64 are listed as official ports but they are
not a port per se. You use http://ftp.debian.org/debian and debian-archive-keyring. You do not use something port-ified, like http://ftp.ports.debian.org/debian-ports and
debian-ports-archive-keyring.gpg .

Jeff

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)