1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1109510: strongswan: fails to dist-upgrade from bookworm to trixie

    From Lucas Nussbaum@21:1/5 to Yves-Alexis Perez on Sat Jul 19 20:30:01 2025
    On 19/07/25 at 18:30 +0200, Yves-Alexis Perez wrote:
    On Sat, 2025-07-19 at 11:51 +0200, Lucas Nussbaum wrote:
    The following fails:
    - In bookworm, install strongswan
    - dist-upgrade to trixie
    I would expect strongswan to be upgraded, but it is not. It remains at the bookworm version.
    'apt install'ing manually in trixie works fine.

    There might be some missing Replaces/Provides somewhere to hint apt at upgrading the package.

    MWE:
    PKG=strongswan; mmdebstrap --chrooted-customize-hook="set -x ; apt -y install $PKG� && sed -e s/bookworm/trixie/ -i /etc/apt/sources.list && apt update && apt dist-upgrade -y -o Debug::pkgProblemResolver=true && apt -y install $PKG" bookworm /dev/null

    Hi Lucas, thanks for the report but I'm not too sure what happens here. There's indeed a change in the metapackage dependencies for Bookworm and I had
    the impression everything was working.

    I noticed you used dist-upgrade and not full upgrade. Does that change anything? I'll try to reproduce using the above command line but if you already have a working setup it might be faster for you.

    Hi Yves-Alexis,

    No, it's the same with full-upgrade.

    Lucas

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Yves-Alexis Perez@21:1/5 to Yves-Alexis Perez on Sun Jul 20 16:40:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    On Sun, 2025-07-20 at 12:25 +0200, Yves-Alexis Perez wrote:
    In any case, help would be appreciated on how to interpret apt output and
    how
    to make it accept the removal of strongswan-charon for upgrading the strongswan metapackage.

    Maybe I need to add Replaces: strongswan-charon to the charon-systemd
    package
    but I'm not sure it really express the situation.

    I'm still not sure it's the right solution but I tried to add:

    Package: charon-systemd
    [...]
    Replaces: strongswan-charon (<< 6.0.1-1~)

    But I still get the same during the upgrade:

    Investigating (0) strongswan:amd64 < 5.9.8-5+deb12u1 -> 6.0.1-6 @ii umU Ib > Broken strongswan:amd64 Depends on charon-systemd:amd64 < none | 6.0.1-6 @un
    uH >
    Considering charon-systemd:amd64 -1 as a solution to strongswan:amd64 0
    Holding Back strongswan:amd64 rather than change charon-systemd:amd64
    Try to Re-Instate (1) strongswan:amd64

    I have no idea why apt doesn't want to 'change charon-systemd:amd64'.

    Regards,
    - --
    Yves-Alexis
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmh8/UQACgkQ3rYcyPpX RFshbwf8CXCTAJg5Vv1ubcZswDF5AtZ7Yt4qfaScZ34PQ/4PvgJSWsvDu7nfuaQU yV0gBqaYUNUbzOSBLFI20JGT1rl9xrddtbZep3DE/Y4QVQRlwbEwXAtyy1Z9e1O4 ZpEce4iYM/lZvIQ2/W2cQnT5vdxjD3YtfxQfkWoF2dZsXDwbwWGrndg6tWexpbnv eNthF0WYCChkloVF6ZFwDMGQcAINrNtJT8lcnlo0YCl1/b6DkzuJsI998lvQ3Bcf eoQF90U2kiTd+tp+PKwkbVGQLzjmEKHKoyJP91eiAn8KRYTDj9wV2b/VsRsXWJQe i4h7QmXtZQIbV1HkqEunpI8fGmHM6Q==
    =Ehh8
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jochen Sprickerhof@21:1/5 to All on Mon Jul 21 18:20:01 2025
    Hi Yves-Alexis,

    * Yves-Alexis Perez <[email protected]> [2025-07-20 16:29]:
    I'm still not sure it's the right solution but I tried to add:

    Package: charon-systemd
    [...]
    Replaces: strongswan-charon (<< 6.0.1-1~)

    But I still get the same during the upgrade:

    Investigating (0) strongswan:amd64 < 5.9.8-5+deb12u1 -> 6.0.1-6 @ii umU Ib > >Broken strongswan:amd64 Depends on charon-systemd:amd64 < none | 6.0.1-6 @un >uH >
    Considering charon-systemd:amd64 -1 as a solution to strongswan:amd64 0
    Holding Back strongswan:amd64 rather than change charon-systemd:amd64
    Try to Re-Instate (1) strongswan:amd64

    I have no idea why apt doesn't want to 'change charon-systemd:amd64'.

    The problem is that bookworm apt prefers keeping strongswan-charon
    installed over other solutions. This is described in:

    https://wiki.debian.org/RenamingPackages

    So strongswan-charon would need to become a transitional dummy package
    that depend on charon-systemd and the maintainer scripts should take
    care of transitioning the configuration files. The Conflicts: can also
    be dropped then.

    Feel free to ask if you need more explanation.

    Cheers Jochen

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmh+ZtEACgkQW//cwljm lDOmjA/+Kga215zgrrmdwjzqLKqExJrTlrW3izv9NY51FkuA4IuinJ/4NSQ9KzVX UEjhywOZjLGJ/YIyLrP0GApcp7hpeUDmBz6LS7yy5o0PS4vl0sNli/p0e0QBTwJ2 YP3Bv8BEPbOtDAGRsrfHnRLiJC5RLImK2EpwHzyBpQvptdfLIHTmUGIVtJlgHUZv CV09x50t2iskdJFl0UJDRQ1ycm5TkU7aqwT7AMQ3V95ulWDyeY2o4W9X/TCjvpAh 9EyWFoWOG2+9h+ff1y8EigvvEMTZ44MhMMsKB7QiE0zKDiTrh9NUidBKMSwb8H5y nSkUvYayOSQXJh/vJpMR45CxQyxbWzbbGyj9CxX8xUCY/iebxjDMLLJMkjxW1mik Hatv94qtnAqlCVVblCVserUdKYbToz/yEFadpfDHZD+74QSym6JRpk7TQWPqNls9 YG3t9cFEPIqKW8X+mLvNR3koWAA6MiWjbcbnefANYt40gXcoRdgxDCQmH41CYWL6 qjt/xpOJ++OTI5w7eRWmmFIF0c3rN2qTfIE53it3lesfoU6E8t/dQjk/VrmKK3FZ IBPkPpbvsbCaHwFT7ukj8VYw4MWDwtUpA/KvLhACvhkPtKwZvLS8825vL5r9OWex 7UAABzPMYOVh/2DUM/eGuKe6nwx2iLxkPMvJevGjNQLyT4AOXcc=
    =MQyw
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Yves-Alexis Perez@21:1/5 to Jochen Sprickerhof on Mon Jul 21 18:50:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    On Mon, 2025-07-21 at 18:40 +0200, Jochen Sprickerhof wrote:
    strongswan-charon is the "historical" (legacy) charon daemon, which is beeing
    phased out in favor of charon-systemd. That's why we updated the
    dependency
    for the strongswan metapackage. We recommend people to migrate to the new daemon, and for new install that'll be the case. For old installations one could actually wonder if we should actually migrate, but in any case we would
    still want to actually upgrade the packages.

    Why would people not upgrade?
    I think a new Debian release is a good reason to migrate.

    Yes indeed, we just don't want to force that on them. They can still keep strongswan-charon (and strongswan-starter) along with their current configuration, and migrate on their own term.

    So I'm not sure how to express that in apt relationships.

    If both should be in trixie I would say:

    Package: strongswan
    Depends: charon-systemd | strongswan-charon, strongswan-swanctl

    Ah, good point, that might work, let's try that. I'll report back here.

    Regards,
    - --
    Yves-Alexis
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmh+bfcACgkQ3rYcyPpX RFvlNwf/fxRNWlBYMonBMKtNivxgxqPKruU/wsMH9OF3WcyIqBLdBRjQ2xsx4haB aEBMHTY5u5jknAoq/9B740ZLztxacg3BoFm93uz7Vv8vU39yDAv6qyG63Wnt9X5p ip4PyG/zhmjJhRAvuHKs1sh+FoHevMpspbUn2TaCrVFFJYVsBykPLSyt2oI3JQ7P GVtJChFMNydnS0Y9c44xy2VdOwenNYYnH4onurdopYyTjdBv/WKySY3dpdqnSsHs bR6uxBM2bmMbB1AoWlK2F1yukvmvo/uKN0FGRdmSCinfief+G6RR42dhKJqNbd/s h6u11/xYDm1yeGm4EEKn+Gk7eYZU7A==
    =RHxU
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)