Your message dated Sat, 21 Sep 2024 12:34:38 +0000
with message-id <e1srzju-005ovd...@fasolo.debian.org>
and subject line Bug#1082357: fixed in fuse3 3.14.0-10
has caused the Debian Bug report #1082357,
regarding fuse3: should likely Conflicts fuse (DEP17)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1082357: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082357
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: fuse3
Version: 3.14.0-9
Severity: serious
Justification: dpkg unpack error
Tags: patch
User: helm...@debian.org
Usertags: dep17p3
Control: affects -1 + fuse
Hi Laszlo,
dumat now reports an ineffective diversion for /usr/bin/fusermount and
/usr/sbin/mount.fuse. In the end, this partially is a corner case in the
analysis an partially a loop hole in the fuse3 package metadata. Let me
explain.
In bookworm, fuse3 used to Breaks + Replaces fuse. The sid package no
longer Replaces: fuse. I think this is wrong, because bookworm's fuse
and sid's fuse3 both contain /etc/fuse.conf and
/usr/share/initramfs-tools/hooks/fuse. Once spotting the problem, it
isn't actually difficult to produce a practical failure:
mmdebstrap bookworm /dev/null http://deb.debian.org/debian --variant=apt
--include=fuse --customize-hook='sed -i -e s/bookworm/sid/
"$1/etc/apt/sources.list"' --chrooted-customize-hook="apt update && apt-get
download fuse3 && dpkg --auto-deconfigure --unpack fuse3_*.deb"
| dpkg: considering deconfiguration of fuse, which would be broken by
installation of fuse3 ...
| dpkg: yes, will deconfigure fuse (broken by fuse3)
| (Reading database ... 6744 files and directories currently installed.)
| Preparing to unpack fuse3_3.14.0-9_amd64.deb ...
| De-configuring fuse (2.9.9-6+b1), to allow installation of fuse3 (3.14.0-9)
...
| Adding 'diversion of /bin/fusermount to /bin/fusermount.usr-is-merged by
fuse3'
| Adding 'diversion of /sbin/mount.fuse to /sbin/mount.fuse.usr-is-merged by
fuse3'
| Unpacking fuse3 (3.14.0-9) ...
| dpkg: error processing archive fuse3_3.14.0-9_amd64.deb (--unpack):
| trying to overwrite '/etc/fuse.conf', which is also in package fuse
2.9.9-6+b1
| Errors were encountered while processing:
| fuse3_3.14.0-9_amd64.deb
So at a bare minimum, fuse3 must declare Replaces for fuse.
However, we are also dealing with this /usr-move mess. Neither Breaks
nor Replaces prevents fuse from being unpacked while fuse3 is unpacked.
If doing so, dpkg would not notice that wring to /bin/fusermount
clobbers /usr/bin/fusermount. Since we remove the diversions in
postinst, they don't actually prevent such an overwrite. For these
reasons, I think that we should upgrade from Replaces to Conflicts and
thus prevent such a concurrent unpack as is done in a number of other
/usr-move mitigations. Doing so also happens to silence dumat.
And with this long detour goes the one-line patch.
Helmut
diff --minimal -Nru fuse3-3.14.0/debian/changelog fuse3-3.14.0/debian/changelog
--- fuse3-3.14.0/debian/changelog 2024-09-15 08:00:33.000000000 +0200
+++ fuse3-3.14.0/debian/changelog 2024-09-20 11:55:04.000000000 +0200
@@ -1,3 +1,11 @@
+fuse3 (3.14.0-9.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Upgrade Breaks for fuse to Conflicts to prevent accidental file loss.
+ (DEP17, closes: #-1)
+
+ -- Helmut Grohne <hel...@subdivi.de> Fri, 20 Sep 2024 11:55:04 +0200
+
fuse3 (3.14.0-9) unstable; urgency=medium
* Fix FTBFS due to the fuse transitional package.
diff --minimal -Nru fuse3-3.14.0/debian/control fuse3-3.14.0/debian/control
--- fuse3-3.14.0/debian/control 2024-09-13 19:31:58.000000000 +0200
+++ fuse3-3.14.0/debian/control 2024-09-20 11:54:19.000000000 +0200
@@ -24,7 +24,7 @@
mount (>= 2.19.1),
sed (>= 4)
Provides: fuse (= ${source:Version})
-Breaks: fuse (<< ${source:Version})
+Conflicts: fuse (<< ${source:Version})
Description: Filesystem in Userspace (3.x version)
Filesystem in Userspace (FUSE) is a simple interface for userspace programs to
export a virtual filesystem to the Linux kernel. It also aims to provide a
--- End Message ---
--- Begin Message ---
Source: fuse3
Source-Version: 3.14.0-10
Done: Laszlo Boszormenyi (GCS) <g...@debian.org>
We believe that the bug you reported is fixed in the latest version of
fuse3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1082...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated fuse3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 21 Sep 2024 14:06:04 +0200
Source: fuse3
Architecture: source
Version: 3.14.0-10
Distribution: unstable
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org>
Closes: 1082357
Changes:
fuse3 (3.14.0-10) unstable; urgency=medium
.
[ Helmut Grohne <hel...@subdivi.de> ]
* Upgrade Breaks for fuse to Conflicts to prevent accidental file loss
(DEP17, closes: #1082357).
Checksums-Sha1:
d25df23614efdf9b2f4f85b51dcb6ee77dcb9128 2435 fuse3_3.14.0-10.dsc
596f44078797a6f547e8cf9c623e453dcc817717 18420 fuse3_3.14.0-10.debian.tar.xz
Checksums-Sha256:
1770da11f220960c6b5b2c14b0d913037e9c59c8d71b0186a85220939ed525ad 2435
fuse3_3.14.0-10.dsc
f2ee3af4841c456b1e5936aeedd343c028963dac386eb9a0b78c97d45719fc74 18420
fuse3_3.14.0-10.debian.tar.xz
Files:
33fe014115b012332d1d402bcb8edf49 2435 utils optional fuse3_3.14.0-10.dsc
7317d233e2473cbc282f8a9a70b6729c 18420 utils optional
fuse3_3.14.0-10.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmbuuX8ACgkQ3OMQ54ZM
yL+DLhAAtcbCT5HWx1rrwhIDPyRsCyVuqX7M+bOQBz1rmP5dlgMXMSJt7Dbffgi6
ox66Q5M5KYbwLbB6HPFWwIFtAwQaoeLD/6HNDjGk1CZkJKlnBT9dz6mhaYOKM8Nx
3zxrWZa6b8SzPQ2U2SoFzDHH3MEpxZe9ehxXxKUq8ZLWR6UNA+zZzntOK4Aip6Ft
GxOAqo/vc3zbyFxQUp/WeeBuEx8xo3pWUYopZdCZoV5AmsHR2+v4JtLpJuk07dBr
lBKQfOrUYWnQ8C7ImUkFeGSaOH5p5pn3rt8xoR1kkT5VxD9wme79qvdPCKPL7QaD
t4X1kj+Zsm0NZvmgj7eC7fimNzDjXwZNyLs/8FpqPVbE+JkPSIHMzmt6geqvY5Kc
CWnI+nZIS3GPxvfdeABqYMihOwGQfv0PwJTD+eFaCuxF4pRib6PWnpz+v/z4lvLX
chanvVyDlrCZ4/9Ef3896rvhtQWXglpZlC4vlCpgkN7eIguBMrjbVL7SLrm/wjzQ
YAUF53109okjX6qeq2jLJ9LmP3PN1pei3N7DXjJ3EAMsn3dxh1BhcLXpXaPZQev5
B5c8N8FqO805keqB4T99MTpv5brvxY5N54NJYq5MZ6UDucMab7PSH6lAD0XK/cGR
kYem3lKlN3Ml6N560CAKjhaH3LPMqARgWWyeOH5a0R4/Lrp54Q8=
=mQ1B
-----END PGP SIGNATURE-----
pgpp4FxYl7Ibm.pgp
Description: PGP signature
--- End Message ---
