Bug#1108934: libexpat1: missing Pre-Depends on libc6 (>= 2.38) causes e
From
Lucas Nussbaum@21:1/5 to
All on Tue Jul 8 11:50:01 2025
Package: libexpat1
Version: 2.7.1-1
Severity: serious
Control: affects -1 python3-cryptography
Hi,
While testing upgrades from bookworm to trixie, I ran into the following
issue, that affects upgrades for the following packages:
arctica-greeter-remote-logon barbican-tempest-plugin changeme cinder-tempest-plugin cloudkitty-tempest-plugin designate-tempest-plugin firejail-profiles firejail firetools glance-tempest-plugin horizon-tempest-plugin ironic-tempest-plugin jeepyb
keystone-tempest-plugin lightdm-remote-session-x2go
magnum-tempest-plugin manila-tempest-plugin mistral-tempest-plugin placement-common pyhoca-cli python3-placement python3-tempest python3-tempestconf python3-x2go refstack-client remmina-plugin-x2go ros-perception ros-viz senlin-tempest-plugin telemetry-tempest-plugin
tempest vorta watcher-tempest-plugin zaqar-tempest-plugin
In a bookworm chroot, I do:
apt-get update && apt-get -y install pyhoca-cli && sed -i s/bookworm/trixie/ /etc/apt/sources.list && apt-get update && apt-get -y upgrade
(that is, install pyhoca-cli, then apt-get upgrade to trixie)
The situation in the chroot is then the following:
# dpkg -l |grep -e libc6 -e libexpat1 -e python3-cryptography
ii libc6:amd64 2.36-9+deb12u10 amd64 GNU C Library: Shared libraries
ii libexpat1:amd64 2.5.0-1+deb12u1 amd64 XML parsing C library - runtime library
ii python3-cryptography 38.0.4-3+deb12u1 amd64 Python library exposing cryptographic recipes and primitives (Python 3)
now, if I apt-get dist-upgrade, one possible ordering results in:
Preconfiguring packages ...
(Reading database ... 14370 files and directories currently installed.) Preparing to unpack .../00-openssl_3.5.0-2_amd64.deb ...
Unpacking openssl (3.5.0-2) over (3.0.16-1~deb12u1) ...
Selecting previously unselected package libpython3.13-minimal:amd64.
Preparing to unpack .../01-libpython3.13-minimal_3.13.3-2_amd64.deb ... Unpacking libpython3.13-minimal:amd64 (3.13.3-2) ...
Preparing to unpack .../02-libexpat1_2.7.1-1_amd64.deb ...
Unpacking libexpat1:amd64 (2.7.1-1) over (2.5.0-1+deb12u1) ...
Preparing to unpack .../03-python3-cryptography_43.0.0-3_amd64.deb ...
+ set -e
+ command -v py3clean
+ py3clean -p python3-cryptography:amd64
/usr/bin/python3: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not found (required by /lib/x86_64-linux-gnu/libexpat.so.1)
dpkg: warning: old python3-cryptography package pre-removal script subprocess returned error exit status 1
dpkg: trying script from the new package instead ...
/usr/bin/python3: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not found (required by /lib/x86_64-linux-gnu/libexpat.so.1)
dpkg: error processing archive /tmp/apt-dpkg-install-4LX8Uy/03-python3-cryptography_43.0.0-3_amd64.deb (--unpack):
new python3-cryptography package pre-removal script subprocess returned error exit status 1
+ set -e
+ command -v py3compile
+ py3compile -p python3-cryptography:amd64
/usr/bin/python3: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not found (required by /lib/x86_64-linux-gnu/libexpat.so.1)
dpkg: error while cleaning up:
installed python3-cryptography package post-installation script subprocess returned error exit status 1
I believe that this happens if the following ordering is picked by apt:
- unpack libexpat1/trixie
- unpack python3-cryptography/trixie
- unpack libc6/trixie
if another package causes libc6 to be unpacked earlier, of course the
issue doesn't happen. I had trouble reproducing the issue in a larger environment because of this.
Also, this doesn't happen if apt is upgraded before 'apt-get upgrade',
because upgrading apt would pull a newer libc6. But I see that the
releae notes no longer recommend upgrading apt prior to running 'apt-get upgrade'
I'm obviously fine with the severity being downgraded to non-RC.
Also I'm not sure of my analysis above, so please take it with a grain
of salt.
Lucas
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)