Package: apt Version: 1.6~rc1 Severity: normal Tags: patch Steps to reproduce:
* Configure base-files for an Ubuntu derivative * Don't add your Ubuntu derivative to apt's vendor/ (in my case this was done to minimize the number of packages with delta, so that we can pull in apt security updates more easily) * Build apt on a filesystem with non-deterministic readdir() order Expected result: * The first loop in getcurrent(), looking for an exact match, doesn't find our derivative * The second loop in getcurrent(), looking for an ancestor that's neither Debian nor Ubuntu, doesn't find an ancestor for our derivative * The fallback test for Ubuntu returns "ubuntu" * My apt depends on ubuntu-archive-keyring Actual result: * The first loop behaves as expected * The second loop behaves as expected * In my case, the fallback test for Ubuntu returns "tanglu" * My apt depends on tanglu-archive-keyring, which isn't in my derivative This can fail for two reasons: * find(1) doesn't guarantee to list distros in alphabetical order; * in future there might be a distro that sorts later than ubuntu, although right now there is no such distro I actually found this bug in Ubuntu 18.04's apt 1.6.8, but this script seems to be identical in 1.8.0, so I'm reporting it as present in their newest common ancestor. Proposed patches: https://salsa.debian.org/apt-team/apt/merge_requests/55 or attached. Regards, smcv
