1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1109510: strongswan: fails to dist-upgrade from bookworm to trixie

    From Lucas Nussbaum@21:1/5 to All on Sat Jul 19 12:00:01 2025
    Package: strongswan
    Version: 6.0.1-5
    Severity: serious

    Hi,

    The following fails:
    - In bookworm, install strongswan
    - dist-upgrade to trixie
    I would expect strongswan to be upgraded, but it is not. It remains at the bookworm version.
    'apt install'ing manually in trixie works fine.

    There might be some missing Replaces/Provides somewhere to hint apt at upgrading the package.

    MWE:
    PKG=strongswan; mmdebstrap --chrooted-customize-hook="set -x ; apt -y install $PKG && sed -e s/bookworm/trixie/ -i /etc/apt/sources.list && apt update && apt dist-upgrade -y -o Debug::pkgProblemResolver=true && apt -y install $PKG" bookworm /dev/null

    Relevant part:
    Investigating (0) strongswan-charon:amd64 < 5.9.8-5+deb12u1 -> 6.0.1-5 @ii umU Ib >
    Broken strongswan-charon:amd64 Conflicts on charon-systemd:amd64 < none -> 6.0.1-5 @un uN Ib >
    Considering charon-systemd:amd64 -1 as a solution to strongswan-charon:amd64 1
    Added charon-systemd:amd64 to the remove list
    Fixing strongswan-charon:amd64 via keep of charon-systemd:amd64
    Investigating (0) libgdbm-compat4t64:amd64 < none -> 1.24-2 @un uN Ib >
    Broken libgdbm-compat4t64:amd64 Breaks on libgdbm-compat4:amd64 < 1.23-3 @ii mK > (< 1.24-2)
    Considering libgdbm-compat4:amd64 -2 as a solution to libgdbm-compat4t64:amd64 1
    Added libgdbm-compat4:amd64 to the remove list
    Fixing libgdbm-compat4t64:amd64 via remove of libgdbm-compat4:amd64 Investigating (0) strongswan:amd64 < 5.9.8-5+deb12u1 -> 6.0.1-5 @ii umU Ib > Broken strongswan:amd64 Depends on charon-systemd:amd64 < none | 6.0.1-5 @un uH >
    Considering charon-systemd:amd64 -1 as a solution to strongswan:amd64 0
    Holding Back strongswan:amd64 rather than change charon-systemd:amd64
    Try to Re-Instate (1) strongswan:amd64

    [...]

    + apt -y install strongswan
    The following packages were automatically installed and are no longer required:
    libapt-pkg6.0 libargon2-1 libgnutls30 libtasn1-6 libunistring2 strongswan-starter
    Use 'apt autoremove' to remove them.

    Upgrading:
    strongswan

    Installing dependencies:
    charon-systemd strongswan-swanctl

    REMOVING:
    strongswan-charon

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Yves-Alexis Perez@21:1/5 to Lucas Nussbaum on Sat Jul 19 18:40:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    On Sat, 2025-07-19 at 11:51 +0200, Lucas Nussbaum wrote:
    The following fails:
    - In bookworm, install strongswan
    - dist-upgrade to trixie
    I would expect strongswan to be upgraded, but it is not. It remains at the bookworm version.
    'apt install'ing manually in trixie works fine.

    There might be some missing Replaces/Provides somewhere to hint apt at upgrading the package.

    MWE:
    PKG=strongswan; mmdebstrap --chrooted-customize-hook="set -x ; apt -y
    install $PKG  && sed -e s/bookworm/trixie/ -i /etc/apt/sources.list && apt update && apt dist-upgrade -y -o Debug::pkgProblemResolver=true && apt -y install $PKG" bookworm /dev/null

    Hi Lucas, thanks for the report but I'm not too sure what happens here.
    There's indeed a change in the metapackage dependencies for Bookworm and I had the impression everything was working.

    I noticed you used dist-upgrade and not full upgrade. Does that change anything? I'll try to reproduce using the above command line but if you
    already have a working setup it might be faster for you.

    Regards,
    - --
    Yves-Alexis
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmh7yC0ACgkQ3rYcyPpX RFuR5gf/doF95JoBVUMn97QDIINueNSoPpdFryFPCOFfuuYYI3uyNGy57LaGdtlb OhssWpzvVBoYHZg+WsQmVVD9RD3KXS/jHF3WT7+CrqCzbCAxkIN3hYHDk+MNOLD1 a2zqTdWggKoGzOtmZmW921BZEV+972bHOkGhMkNl9q5WWRWMaywZoNAfaLLMZxVC CPYpecTlm8g+ITqOzrZqIeJj1Lo33/5k8Zd66BbyTKA0+4RUGr8BkuYX9DvAKKJg SVsHurE+1obt5nN4IYNA8uc/MG79AVKJKDxsb69IsvUMg2wfjvJoEu0IsZVs13a0 GqPIm+szbqDgd9sLNPPR5UWmKxW6IA==
    =st41
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Sun Jul 20 12:30:01 2025
    Processing control commands:

    tag -1 help
    Bug #1109510 [strongswan] strongswan: fails to dist-upgrade from bookworm to trixie
    Added tag(s) help.

    --
    1109510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109510
    Debian Bug Tracking System
    Contact [email protected] with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Yves-Alexis Perez@21:1/5 to Lucas Nussbaum on Sun Jul 20 12:30:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    control: tag -1 help

    On Sat, 2025-07-19 at 20:25 +0200, Lucas Nussbaum wrote:
    MWE:
    PKG=strongswan; mmdebstrap --chrooted-customize-hook="set -x ; apt -y install $PKG  && sed -e s/bookworm/trixie/ -i /etc/apt/sources.list && apt
    update && apt dist-upgrade -y -o Debug::pkgProblemResolver=true && apt - y
    install $PKG" bookworm /dev/null

    Hi Lucas, thanks for the report but I'm not too sure what happens here. There's indeed a change in the metapackage dependencies for Bookworm and I had
    the impression everything was working.

    I noticed you used dist-upgrade and not full upgrade. Does that change anything? I'll try to reproduce using the above command line but if you already have a working setup it might be faster for you.

    Hi Yves-Alexis,

    No, it's the same with full-upgrade.

    Hey Lucas,

    I tried using my pbuilder chroot and it seems that I'm able to reproduce, but I'm honestly not sure how to fix that. I don't know enough about apt solver to really understand the debug output.

    The strongswan metapackage was indeed updated between Bookworm and Trixie.

    In bookworm strongswan pulls strongswan-charon and strongswan-starter
    In trixie strongswan pulls charon-systemd and strongswan-swanctl

    That's expected and it's especially ok for new installs.

    For existing ones it'll likely need administrator action (to port the configuration) and they're warned by a NEWS.Debian entry (and I think it might deserve a release note entry as well).

    I guess it could be argued that manually upgrading the strongswan metapackage would be best so the administrator wouldn't be too surprised by the change,
    but maybe that's suboptimal for unattended upgrades?

    In any case, help would be appreciated on how to interpret apt output and how to make it accept the removal of strongswan-charon for upgrading the
    strongswan metapackage.

    Maybe I need to add Replaces: strongswan-charon to the charon-systemd package but I'm not sure it really express the situation.

    Regards,
    - --
    Yves-Alexis
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmh8w/4ACgkQ3rYcyPpX RFu+tgf/Ukb1vV/KaoiyEs3e69lW5meAr7n7DetVdG/tLDgAVZfBlTTna+nJswAR 4Fe/pBI4E/zJ6MSNUSbAWykn36MF5BqTMlMr9OJI25VDOPO7ZtGe+rL4re8NyQXD VE6uoeJ8CGGl/2Qpo1FSD3c5Iuf391e6AjwcCrWrznXNnLQciXT529oR8ZvgAm6P Yq4ilNZprsYgBUV2ICgjmo1DwH+CNSp99YKwnKOmRMTRTP1lmeGhc2PGrWkwHEkH 7Lla9qTgpIxuKZgksgTN+k/s+3DQOCJB03LRK5k0ZFZsdgH2xFk4GQl+TPT7incT eg91eTS5yLoxv5DUxDLDLQe6K0Du+Q==
    =v8sK
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Yves-Alexis Perez@21:1/5 to Jochen Sprickerhof on Mon Jul 21 18:40:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    On Mon, 2025-07-21 at 18:12 +0200, Jochen Sprickerhof wrote:
    I have no idea why apt doesn't want to 'change charon-systemd:amd64'.

    The problem is that bookworm apt prefers keeping strongswan-charon
    installed over other solutions. This is described in:

    https://wiki.debian.org/RenamingPackages

    So strongswan-charon would need to become a transitional dummy package
    that depend on charon-systemd and the maintainer scripts should take
    care of transitioning the configuration files. The Conflicts: can also
    be dropped then.

    Feel free to ask if you need more explanation.

    Hi Jochen, thanks but it's not a case of renaming packages.

    Both strongswan-charon and charon-systemd exist in Bookworm and Trixie. Both are working and can be installed if the users choses so. They fill the same role (they include an IKE daemon for setting up IPsec tunnels) but
    differently.

    strongswan-charon is the "historical" (legacy) charon daemon, which is beeing phased out in favor of charon-systemd. That's why we updated the dependency
    for the strongswan metapackage. We recommend people to migrate to the new daemon, and for new install that'll be the case. For old installations one could actually wonder if we should actually migrate, but in any case we would still want to actually upgrade the packages.

    So I'm not sure how to express that in apt relationships.

    Regards,
    - --
    Yves-Alexis
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmh+a+wACgkQ3rYcyPpX RFuTwQgAzP+lKMPhqwnu8i/ebDDC2uXLV8Kkunk42r3mj1EHGLLclpSPm2IXO+tC oPV6DXXCwEIteR8nE/+vgxuVsq/+dMlJ1oAYbL9WPB3nivyBkESzMNlf4L2xyTZy NHM073WHw7qIFC+BiUDH6xzWDVw9JAzssDr5lfsVmYTjTuNhOelziz99SsQzo0sU Dbr979a+Vt5jZEOGOCvxxYCxsnsoBtxMgyiYCpWozy87FKv3WT1XWKSCxGA3zJ4I ErD0GWDf5ryg7mIkKM5rolsaaA2AeG5lFIqdUmWGVKfJ6x/n8FAKdj5MtDz6MIj2 PyAh4w23ihOzy9or44olpu/tV0UmEQ==
    =Rriw
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Tue Jul 22 19:50:01 2025
    This is a multi-part message in MIME format...

    Your message dated Tue, 22 Jul 2025 16:34:40 +0000
    with message-id <[email protected]>
    and subject line Bug#1109510: fixed in strongswan 6.0.1-6
    has caused the Debian Bug report #1109510,
    regarding strongswan: fails to dist-upgrade from bookworm to trixie
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected]
    immediately.)


    --
    1109510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109510
    Debian Bug Tracking System
    Contact [email protected] with problems

    Received: (at submit) by bugs.debian.org; 19 Jul 2025 09:51:52 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-116.2 required=4.0 tests=BAYES_00,
    BODY_INCLUDES_PACKAGE,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,
    DKIM_VALID_AU,DKIM_VALID_EF,FROMDEVELOPER,HAS_PACKAGE,SPF_HELO_NONE,
    SPF_NONE,UNPARSEABLE_RELAY,USER_IN_DKIM_WELCOMELIST autolearn=ham
    autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 8; hammy, 150; neutral, 65; spammy, 0.
    spammytokens: hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin,
    0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311,
    0.000-+--H*RT:311, 0.000-+--H*RT:108
    Return-path: <[email protected]>
    Received: from stravinsky.debian.org ([2001:41b8:202:deb::311:10