On 2023-02-02, Arnaud Rebillout wrote: > Looking at tools/mirror/reprepro [1], I see that this script runs > 'reprepro update' in a loop, until reprepro_retries (default: 20) is > reached. > > However, it's a bit strange that, if ever reprepro_retries is reached, > the code doesn't error out with a message such as "There are still > dependencies missing after $i attempts!". Instead, the script silently > keeps going, and exits with zero, as if there was no problem. > > I'd suggest to either: > - error out when reprepro_retries is reached, as suggested above. > - if it's not considered an error, at least print a message to say that > reprepro_retries was reached, and clarify that it's not a problem.
There were definitely cases of packages that had alternate dependencies that will never be satisfyable (e.g. from contrib or non-free when building only from main, or even ubuntu), so failing to resolve all dependencies is not technically an error. But sure, issuing a warning that reprepro_retries was reached and suggesting to bump the value if later steps fail due to missing dependencies seems reasonable... The mirroring here is definitely a best-effort shotgun approach, grabbing all the dependencies/recommends of any package you actually expressed interest in (by putting in a .packages or .downloads file in one of the profiles), and *trying* to pull in anything mentioned in any Depends or Recommends or Provides field, recursively... and comparing the previous run to the current run if anything changed. If it does not pull in enough, I think debian-cd still fails... maybe... I guess... hope? :) In some cases, adding more packages to one of the .downloads files is the appropriate workaround. > This is not a theoretical situation. I looked at the logs from the Kali > Linux daily builds, and for some builds it took 20 attempts, so it seems > likely that for some builds it would have taken more attempts. Sounds like the default should at least be bumped to a larger value, then. That has been the value since at least 2006, picked by finding the right value at the time for the biggest profile I ever tested and doubling it... there have been quite a few packages added to Debian since then, so it is no surprise that it would need to be updated! Feel free to propose a higher value grounded in a current real world use-case, and double it. :) An entirely different approach would be calling out to something that actually properly resolves dependencies... but the current approach, though crude, works for the most part, and keeps the dependencies quite minimal. > I can submit a patch if needed, Thanks for looking into it! Help is definitely appreciated! I have not really looked at simple-cdd much since the previous release, and simple-cdd surely needs some help now that we are into the early phases of a freeze cycle! live well, vagrant
signature.asc
Description: PGP signature
