I needed to install a version of sendmail from testing a while back to
test it. On friday, I ran 'apt upgrade' which looked like it was
going to uninstall and then reinstall the sendmail packages. I let it
run, when it was done, only some of the sendmail packages had
re-installed. Basically, I shot myself in the foot with the
dependencies. In the end, this was not a good idea.

I really do not want to reinstall the entire box, there's a lot of
config that has gone into this over the years. What I'd like to do is
just get back to stable bookworm packages.

Before the update, these are the packages that were installed from
testing:

$ apt-show-versions | grep testing
libmilter1.0.1:amd64/testing 8.18.1-3 uptodate
libsasl2-2:amd64/testing 2.1.28+dfsg1-4+b1 upgradeable to 2.1.28+dfsg1-6 libsasl2-modules:amd64/testing 2.1.28+dfsg1-4+b1 upgradeable to 2.1.28+dfsg1-6 libsasl2-modules-db:amd64/testing 2.1.28+dfsg1-4+b1 upgradeable to 2.1.28+dfsg1-6
sasl2-bin:amd64/testing 2.1.28+dfsg1-4+b1 upgradeable to 2.1.28+dfsg1-6 sendmail:all/testing 8.18.1-3 uptodate
sendmail-base:all/testing 8.18.1-1 upgradeable to 8.18.1-3 sendmail-bin:amd64/testing 8.18.1-1 upgradeable to 8.18.1-3 sendmail-cf:all/testing 8.18.1-1 upgradeable to 8.18.1-3 sensible-mda:amd64/testing 8.18.1-3 uptodate

After a day of frantically trying to get things working again, I found
I had some package that depended on some t64 version of some library.
In the end, I think it was sasl2-bin. I ended up installing sasl2-bin
from testing, then sendmail started working again. This is what I
ended up with installed from testing:

$ apt-show-versions | grep testing
db-util:all/testing 5.3.3 uptodate
db5.3-util:amd64/testing 5.3.28+dfsg2-7 uptodate
libc-bin:amd64/testing 2.38-11 uptodate
libc-dev-bin:amd64/testing 2.38-11 uptodate
libc-devtools:amd64/testing 2.38-11 uptodate
libc-l10n:all/testing 2.38-11 uptodate
libc6:amd64/testing 2.38-11 uptodate
libc6-dev:amd64/testing 2.38-11 uptodate
libdb5.3t64:amd64/testing 5.3.28+dfsg2-7 uptodate
libmilter1.0.1:amd64/testing 8.18.1-3 uptodate
libsasl2-2:amd64/testing 2.1.28+dfsg1-6 uptodate
libsasl2-modules:amd64/testing 2.1.28+dfsg1-6 uptodate libsasl2-modules-db:amd64/testing 2.1.28+dfsg1-6 uptodate libssl3t64:amd64/testing 3.2.1-3 uptodate
libzstd1:amd64/testing 1.5.5+dfsg2-2 uptodate
locales:all/testing 2.38-11 uptodate
openssh-client:amd64/testing 1:9.7p1-5 uptodate
openssh-server:amd64/testing 1:9.7p1-5 uptodate openssh-sftp-server:amd64/testing 1:9.7p1-5 uptodate
openssl:amd64/testing 3.2.1-3 uptodate
sasl2-bin:amd64/testing 2.1.28+dfsg1-6 uptodate
sendmail:all/testing 8.18.1-3 uptodate
sendmail-base:all/testing 8.18.1-3 uptodate
sendmail-bin:amd64/testing 8.18.1-3 uptodate
sendmail-cf:all/testing 8.18.1-3 uptodate
sensible-mda:amd64/testing 8.18.1-3 uptodate
zstd:amd64/testing 1.5.5+dfsg2-2 uptodate

I did not manually install most of that. Only sasl2-bin and sendmail
from testing.

What's the best way to get back to running just the bookworm stable
packages? I tried what I thought was the obvious way to fix this by
running:

# apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin libc-devtools libc-l10n libc6 libc6-dev libdb5.3t64 libmilter1.0.1 libsasl2-2 libsasl2-modules libsasl2-modules-db libssl3t64 libzstd1 locales openssh-client openssh-server openssh-sftp-
server openssl sasl2-bin sendmail sendmail-base sendmail-bin sendmail-cf sensible-mda zstd
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
db-util is already the newest version (5.3.3).
db5.3-util is already the newest version (5.3.28+dfsg2-7).
libc-bin is already the newest version (2.38-11).
libc-dev-bin is already the newest version (2.38-11).
libc-devtools is already the newest version (2.38-11).
libc-l10n is already the newest version (2.38-11).
libc6 is already the newest version (2.38-11).
libc6-dev is already the newest version (2.38-11).
libdb5.3t64 is already the newest version (5.3.28+dfsg2-7).
libmilter1.0.1 is already the newest version (8.18.1-3).
libsasl2-2 is already the newest version (2.1.28+dfsg1-6).
libsasl2-modules is already the newest version (2.1.28+dfsg1-6). libsasl2-modules-db is already the newest version (2.1.28+dfsg1-6).
libssl3t64 is already the newest version (3.2.1-3).
libzstd1 is already the newest version (1.5.5+dfsg2-2).
locales is already the newest version (2.38-11).
openssh-client is already the newest version (1:9.7p1-5).
openssh-server is already the newest version (1:9.7p1-5).
openssh-sftp-server is already the newest version (1:9.7p1-5).
openssl is already the newest version (3.2.1-3).
sasl2-bin is already the newest version (2.1.28+dfsg1-6).
sendmail is already the newest version (8.18.1-3).
sendmail-base is already the newest version (8.18.1-3).
sendmail-bin is already the newest version (8.18.1-3).
sendmail-cf is already the newest version (8.18.1-3).
sensible-mda is already the newest version (8.18.1-3).
zstd is already the newest version (1.5.5+dfsg2-2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.


Yes, I am guilty of creating this mess, let's not dwell on that.

Michael Grant

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEDXVee01gWrPIdWPRwgRAue7sYQMFAmZUkSMACgkQwgRAue7s YQOVeg//UMX/Yl0dJluQwDmc7cTFYhPgtMRrIeGuJ+J0tXQP4CThpKNHjetCu3pj uUsjqem7SrWX7+NJ+zEyRIbKN2V0VNqLkim2GpBMndy1vi7dSfyv6Rcfxik1J1Zb 3trnyoi1XBK5XGApF+FTgUppMcZzXcAQ79s6SQnFZhOoPtQmiUKXzxrFb0QdTPmi CzE7/nMFaENSsUK9vU584oKmAG5bllqUuTpc/UmHjR/KeyMJ2Lad/uDQRAXGNwJO xN4ppbZHwDkWYJDH73uOJTnWyR4N5s5P/e+TYEe5GUjMKkREmyddbvrmdV7ybMMu OZHOjlFFyUwREI5R62crE32xTr5Ww1JXfFjnuqjPD8OCu6vBeaFvbLDLfG4S0vbV la6+t1aLx/a/Bgnb+wE2Fr5jfdl0ihWQXCk3Ft+Shz9zbhjBaQ7wCTOLwW2val+0 BIgn9QEsSmyf/Jq485L7vzvqx6n3uFRrlak7wyc8X7RqTvMwzxQy44FozChc40IR xbqGtlWr8VeGCnPTKAu/YmximBQrXJ6MYwPMbYOjdqlkwgSH7T3rc9OupS9FReAl 2W7pBfITHyAG/ty8G4JXY59Y0aoQz41FWD4ydspo2h8yOnrvNlsJiGmUWPJtKErg J5vakH/1FnpjS7AV/p7VpOANZZA1khXLkMbWFLM5z3hj1ncRQ4o=
=bHPY
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, May 27, 2024 at 09:56:54AM -0400, Michael Grant wrote:

I needed to install a version of sendmail from testing a while back to
test it.

Your subject header says "bookworm stable". You don't install binary
packages from testing on a stable system. You use backports instead.

https://backports.debian.org/Instructions/

There is already a bookworm backported version of sendmail available:

https://packages.debian.org/search?keywords=sendmail&searchon=names&section=all&suite=bookworm-backports

If that one isn't new enough, then you may need to build your own backport package. This is usually either trivially easy ("type these commands")
or utterly impossible, depending on which dependencies have changed
since bookworm. There's no in-between.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, May 27, 2024 at 10:28:37AM -0400, Michael Grant wrote:

On Mon, May 27, 2024 at 10:19:48AM -0400, Greg Wooledge wrote:

On Mon, May 27, 2024 at 09:56:54AM -0400, Michael Grant wrote:

I needed to install a version of sendmail from testing a while back to test it.

Your subject header says "bookworm stable". You don't install binary packages from testing on a stable system. You use backports instead.

ugh no, wait, I may be using the wrong terminology. I'm not wanting
to install special packages and definitely don't need to build my own.

What I want to do is get the system back to just using the packages
from stable rather than testing. Only those few packages before
things get worse in the next update. There's not many.

Downgrading essential libraries (libc6 and friends) that were brought
in when you tainted your stable system with testing packages is going
to be risky.

Definitely make a backup before you do ANYTHING.

Once that's done, you can try purging the non-essential testing packages,
and then downgrading the essential ones. If at any point the system
becomes utterly broken, reinstall stable, and then restore your backup.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon 27 May 2024 at 09:56:54 (-0400), Michael Grant wrote:

What's the best way to get back to running just the bookworm stable
packages? I tried what I thought was the obvious way to fix this by
running:

# apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin libc-devtools libc-l10n libc6 libc6-dev libdb5.3t64 libmilter1.0.1 libsasl2-2 libsasl2-modules libsasl2-modules-db libssl3t64 libzstd1 locales openssh-client openssh-server openssh-sftp-

server openssl sasl2-bin sendmail sendmail-base sendmail-bin sendmail-cf sensible-mda zstd

As Greg wrote: backups come first.

But in the above, you need reinstall, either as a command, or
as an option --reinstall.

Cheers,
David.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I needed to install a version of sendmail from testing a while back to
test it.

Downgrading Debian packages is not well supported, by and large.
So installing `testing` packages into a `stable` install is manageable
(tho it itself can bring trouble) but going back to `stable` afterwards
tends to be a lot more complicated.

Transitions like the t64 transition going on right now in `testing` make
it yet more troublesome.

I recommend the use of snapshots when you want to try such a thing with
the intention of "going back" later.

# apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin

I can never remember exactly what `-t` really does, but I suspect you'll
need things like

apt install libc-bin/bookworm

to state more explicitly what you want.
Maybe you can do something like

apt install $(apt-show-versions | sed -n 's|/testing.*|/stable|p')


- Stefan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Doing "apt-get upgrade" will only upgrade all installed packages, but no new ones (even, if they are needed).

Better is to do an "apt-get full-upgrade", which will install the whole system from stable to testing. However, this might also uninstall some wanted packages, thus often it is calles the "intelligent" upgrade. Intelligent does not mean, the upgrade is intelligent, but the one doing this upgrade (mostly the person, who is root) should be intelligent.

Downgrading is not an easy way, but managable. But it is a lot of intelligent work.

How can you do this? This is, how I am figured out (best way for me!)

First, remove the entry from stable off your sources.list.

Then start aptitude and update the list.

Next manually search all packages you want to downgrade to the needed
versions. The last apt-get or aptitude log should help.


Mark all installed versions to "remove" (magenta coluur) and needed versions
to "install" (green colour).

Now, dive manually into all dependencies (these are marked with the red coulour) and do the same as above (mark the installed version first "remove" then the correct as "install").

Important: Check that ALL dependencies are correct and no libs or anything
else is set with red colour.

This process must be done very, very correct!

After this press "g" (which is for "install now") and if everything was set correct, all packages are now downgraded.

Note: If you have missed something, you have to restart again!

From my experiences this doing so is still faster, than to setup a new system.

Hope this helps.

Good luck!

Best

Hans

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hans, thanks for that but I am a bit confused following your
instructions. Did you mean to I should remove the lines for 'stable'
from sources.list? Or remove the lines for 'testing'? I am trying to
get the packages to go back to stable.

I am more familiar with apt than aptitude.

I managed to do part of what Greg recommended. I removed sendmail and sasl2-bin and reinstalled them from stable. That seemed to work fine,
I have fewer testing pkgs installed now:

$ apt-show-versions | g testing
db-util:all/testing 5.3.3 uptodate
db5.3-util:amd64/testing 5.3.28+dfsg2-7 uptodate
libc-bin:amd64/testing 2.38-11 uptodate
libc-dev-bin:amd64/testing 2.38-11 uptodate
libc-devtools:amd64/testing 2.38-11 uptodate
libc-l10n:all/testing 2.38-11 uptodate
libc6:amd64/testing 2.38-11 uptodate
libc6-dev:amd64/testing 2.38-11 uptodate
libdb5.3t64:amd64/testing 5.3.28+dfsg2-7 uptodate
libmilter1.0.1:amd64/testing 8.18.1-3 uptodate
libsasl2-2:amd64/testing 2.1.28+dfsg1-6 uptodate
libsasl2-modules:amd64/testing 2.1.28+dfsg1-6 uptodate libsasl2-modules-db:amd64/testing 2.1.28+dfsg1-6 uptodate libssl3t64:amd64/testing 3.2.1-3 uptodate
libzstd1:amd64/testing 1.5.5+dfsg2-2 uptodate
locales:all/testing 2.38-11 uptodate
openssh-client:amd64/testing 1:9.7p1-5 uptodate
openssh-server:amd64/testing 1:9.7p1-5 uptodate openssh-sftp-server:amd64/testing 1:9.7p1-5 uptodate
openssl:amd64/testing 3.2.1-3 uptodate
zstd:amd64/testing 1.5.5+dfsg2-2 uptodate

so I thought I'd try the same process with db5.3, but removing db5.3
wants to remove a slew of packages:

# apt reinstall -s libdb5.3/bookworm
...
Selected version '5.3.28+dfsg2-1' (Debian:12.5/stable [amd64]) for 'libdb5.3' The following packages were automatically installed and are no longer required:
acl apache2-data apache2-utils augeas-lenses avahi-daemon clamav-base colord-data git-man gnupg-l10n gnupg-utils gpg-wks-server guile-3.0-libs ipp-usb libapr1 libaprutil1
libaprutil1-dbd-sqlite3 libaugeas0 libavahi-core7 libcolorhug2 libdaemon0 libexif12 libgphoto2-l10n libgphoto2-port12 libgudev-1.0-0 libgusb2 libhashkit2 libieee1284-3 libldap-common
liblua5.3-0 libnspr4 libnss-mdns libnss3 libopendbx1 libopendbx1-sqlite3 libopendkim11 libpoppler-glib8 libpoppler126 libpython2-stdlib libpython3.11 librbl1 librtmp1 libsane-common
libsnmp-base libsnmp40 libssh2-1 libvbr2 mailutils-common python2 python2-minimal python3-augeas sane-airscan update-inetd usb.ids
Use 'apt autoremove' to remove them

Is there some way to get apt to reinstall a package such that it does
not think it has to uninstall things which depend on it because it's
being immediatly reinstalled?

And for those of you telling me to have a backup, I do. I have booted
a snapshot from about a week ago. However, to make that the live one
and dump this one, it's not so easy but possible. That snapshot has
only sendmail from testing. Hard to know what is more work, going down
this route or making the other instance live. I'm starting to think
about abandoning this and reconfiguring the backup instance.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEDXVee01gWrPIdWPRwgRAue7sYQMFAmZUs4oACgkQwgRAue7s YQPPXhAA4kpuaT2IAuwikpH0EDlLkWfnUFvdHb4daN5t2cTk+AMqa+6UQmFnyOof TH/lssxIRanTE3qvyOgccpmBFDEMRB71HyV9a1bgTCSEa6Y2anRQ4k6i0pSFRtqz fksLdryKvFOxmi0UYgSbeHnhUpZi1iDRnrH/ULk+OQX+QxOSWWJrM/btumMNEFkH nXLCqZco4JE5pm0QcNKdPnXEeTKyW/08VHUSUKte5/h2nnXJuuOUSHfgu/4+d9NO rRUgmL+RSonwCdyGays0FxvCowo5BbrQ3jk8eSoz7QNcgU+Wr+Fb6XqPQmwhXIHg UbhPcXdGehE9xDO0WH4o+bkFmi457whE09R55loy5WhyZvx86lW1OY68CkkylC9K ADUxoEmakx1GCnE70xqf9pk93xQ6RW81CP8kWtt3ZthfFQBvSBYUS7NjBdS1G2kG 0fk8j3JtgweauilqxU/Osk2mnf5UqoLbM6ZRjXkynB/2JydR1Of7weqbcOuelbgT Dvxi9XbmCyLhsdYxJbjkXBJWnB6gbDGDx0z6tW4oOQxTKQMb4eIvhfV5NjOQ5wLe 07X9YtUyXwHlzQjBgo8j3XOs3QoVuNTq/1VCILJkw5qVEw+OBx704blwIRNzUgYN uC76kAknE4JNW/ZzSfGqrZEkFTHuJKRRoOzEbmqW95LLf/REEPk=
=Fkih
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Stefan Monnier wrote:

# apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin

I can never remember exactly what `-t` really does, but I suspect you'll
need things like

apt install libc-bin/bookworm

To install a single backported (or other release) package,
apt-get install packagename/releasename

and to install a backported package plus dependencies which
are also from that specific release, use
apt-get -t releasename packagename

-dsr-

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

# apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin

I can never remember exactly what `-t` really does, but I suspect you'll
need things like

apt install libc-bin/bookworm

To install a single backported (or other release) package,
apt-get install packagename/releasename

and to install a backported package plus dependencies which
are also from that specific release, use
apt-get -t releasename packagename

But that's not the whole story of what `-t` does since the above does
not explain why his attempt to use `-t` to downgrade some packages
resulted in `apt` saying "<blabla> is already the newest version".


Stefan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon 27 May 2024 at 12:23:41 (-0400), Michael Grant wrote:

[ … ]
so I thought I'd try the same process with db5.3, but removing db5.3
wants to remove a slew of packages:

# apt reinstall -s libdb5.3/bookworm
...
Selected version '5.3.28+dfsg2-1' (Debian:12.5/stable [amd64]) for 'libdb5.3' The following packages were automatically installed and are no longer required:
acl apache2-data apache2-utils augeas-lenses avahi-daemon clamav-base colord-data git-man gnupg-l10n gnupg-utils gpg-wks-server guile-3.0-libs ipp-usb libapr1 libaprutil1
libaprutil1-dbd-sqlite3 libaugeas0 libavahi-core7 libcolorhug2 libdaemon0 libexif12 libgphoto2-l10n libgphoto2-port12 libgudev-1.0-0 libgusb2 libhashkit2 libieee1284-3 libldap-common
liblua5.3-0 libnspr4 libnss-mdns libnss3 libopendbx1 libopendbx1-sqlite3 libopendkim11 libpoppler-glib8 libpoppler126 libpython2-stdlib libpython3.11 librbl1 librtmp1 libsane-common
libsnmp-base libsnmp40 libssh2-1 libvbr2 mailutils-common python2 python2-minimal python3-augeas sane-airscan update-inetd usb.ids
Use 'apt autoremove' to remove them

So what did it say after that?

Is there some way to get apt to reinstall a package such that it does
not think it has to uninstall things which depend on it because it's
being immediatly reinstalled?

That is the idea behind reinstall, though downgrading is always
a test of its ability to succeed.

Cheers,
David.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon 27 May 2024 at 14:02:47 (-0400), Stefan Monnier wrote:

# apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin

I can never remember exactly what `-t` really does, but I suspect you'll >> need things like

apt install libc-bin/bookworm

To install a single backported (or other release) package,
apt-get install packagename/releasename

and to install a backported package plus dependencies which
are also from that specific release, use
apt-get -t releasename packagename

But that's not the whole story of what `-t` does since the above does
not explain why his attempt to use `-t` to downgrade some packages
resulted in `apt` saying "<blabla> is already the newest version".

Neither syntax will specify a newer version for plain "install"
to install or upgrade.

Cheers,
David.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 5/27/24 20:02, Stefan Monnier wrote:

# apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin

I can never remember exactly what `-t` really does, but I suspect you'll >>> need things like

apt install libc-bin/bookworm

To install a single backported (or other release) package,
apt-get install packagename/releasename

and to install a backported package plus dependencies which
are also from that specific release, use
apt-get -t releasename packagename

But that's not the whole story of what `-t` does since the above does
not explain why his attempt to use `-t` to downgrade some packages
resulted in `apt` saying "<blabla> is already the newest version".

Sometimes '-t' works for me, and does what I expect, and sometimes
it doesn't. So I generelly use now the explicit version:

apt install libc-bin=2.36-9+deb12u7

Detlef

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 27 May 2024 12:23 -0400, from [email protected] (Michael Grant):

so I thought I'd try the same process with db5.3, but removing db5.3
wants to remove a slew of packages:

# apt reinstall -s libdb5.3/bookworm
...
Selected version '5.3.28+dfsg2-1' (Debian:12.5/stable [amd64]) for 'libdb5.3' The following packages were automatically installed and are no longer required:
acl apache2-data apache2-utils augeas-lenses avahi-daemon clamav-base colord-data git-man gnupg-l10n gnupg-utils gpg-wks-server guile-3.0-libs ipp-usb libapr1 libaprutil1
libaprutil1-dbd-sqlite3 libaugeas0 libavahi-core7 libcolorhug2 libdaemon0 libexif12 libgphoto2-l10n libgphoto2-port12 libgudev-1.0-0 libgusb2 libhashkit2 libieee1284-3 libldap-common
liblua5.3-0 libnspr4 libnss-mdns libnss3 libopendbx1 libopendbx1-sqlite3 libopendkim11 libpoppler-glib8 libpoppler126 libpython2-stdlib libpython3.11 librbl1 librtmp1 libsane-common
libsnmp-base libsnmp40 libssh2-1 libvbr2 mailutils-common python2 python2-minimal python3-augeas sane-airscan update-inetd usb.ids
Use 'apt autoremove' to remove them

"removing db5.3 wants to remove a slew of packages"

No, that's very likely not what apt is telling you. Rather, it's
telling you that the _current_ state of the system is that those
packages were automatically installed (very likely pulled in as
dependencies for other packages) and with the packages _currently_
installed, they are no longer needed as dependencies of anything.
Therefore, apt concludes that they would be safe to remove. I'd say
that that's a dubious conclusion, though; certainly blindly
uninstalling something like libnss3 or libpython* seems unlikely to be
a good idea.

You can confirm this with a bare for example: apt-get --simulate autoremove

I'd also suggest using -V/--verbose-versions/APT::Get::Show-Versions
while you're trying to sort this out, as which specific versions of
each package is involved may very well be very relevant information.

--
Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon 27 May 2024 at 21:46:24 (+0200), Detlef Vollmann wrote:

On 5/27/24 20:02, Stefan Monnier wrote:

# apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin

I can never remember exactly what `-t` really does, but I suspect you'll
need things like

apt install libc-bin/bookworm

To install a single backported (or other release) package,
apt-get install packagename/releasename

and to install a backported package plus dependencies which
are also from that specific release, use
apt-get -t releasename packagename

But that's not the whole story of what `-t` does since the above does
not explain why his attempt to use `-t` to downgrade some packages
resulted in `apt` saying "<blabla> is already the newest version".

Sometimes '-t' works for me, and does what I expect, and sometimes
it doesn't.

And, of course, what would interest the list is what it says
when it doesn't work.

So I generelly use now the explicit version:

apt install libc-bin=2.36-9+deb12u7

Cheers,
David.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, May 27, 2024 at 02:02:47PM -0400, Stefan Monnier wrote:

# apt install -t=bookworm db-util db5.3-util libc-bin libc-dev-bin

I can never remember exactly what `-t` really does, but I suspect you'll >> need things like

apt install libc-bin/bookworm

To install a single backported (or other release) package,
apt-get install packagename/releasename

and to install a backported package plus dependencies which
are also from that specific release, use
apt-get -t releasename packagename

But that's not the whole story of what `-t` does since the above does
not explain why his attempt to use `-t` to downgrade some packages
resulted in `apt` saying "<blabla> is already the newest version".

ISTR that "apt-get install <package>=<version>" will unconditionally
install <version> of <package>, if necessary pulling in dependencies.

But I've never tried it :-)

Cheers
--
t

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZlVcxAAKCRAFyCz1etHa Rpm+AJ0UQf+sIplvRlK1lcCVpQ6PEIVx8ACfYtqplU85nx0ndMOwmIgLQ83RzBk=
=nBOP
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, May 28, 2024 at 06:10:11AM -0400, Michael Grant wrote:

The following packages will be REMOVED:
[...] libdb5.3t64 [...]

You've *clearly* still got testing packages installed.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, May 27, 2024 at 12:59:34PM -0500, David Wright wrote:

So what did it say after that?

Sorry, here's the entire output of one of the tries:

[bottom /etc/mail #1168] apt install libdb5.3/bookworm db5.3-util/bookworm db-util/bookworm
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Selected version '5.3.28+dfsg2-1' (Debian:12.5/stable [amd64]) for 'libdb5.3' Selected version '5.3.28+dfsg2-1' (Debian:12.5/stable [amd64]) for 'db5.3-util' Selected version '5.3.2' (Debian:12.5/stable [all]) for 'db-util'
The following packages were automatically installed and are no longer required:
acl apache2-data apache2-utils augeas-lenses avahi-daemon clamav-base colord-data git-man gnupg-l10n gnupg-utils gpg-wks-server guile-3.0-libs ipp-usb libapr1 libaprutil1
libaprutil1-dbd-sqlite3 libaugeas0 libavahi-core7 libcolorhug2 libdaemon0 libexif12 libgphoto2-l10n libgphoto2-port12 libgudev-1.0-0 libgusb2 libhashkit2 libieee1284-3 libldap-common
liblua5.3-0 libnspr4 libnss-mdns libnss3 libopendbx1 libopendbx1-sqlite3 libopendkim11 libpoppler-glib8 libpoppler126 libpython2-stdlib libpython3.11 librbl1 librtmp1 libsane-common
libsnmp-base libsnmp40 libssh2-1 libvbr2 mailutils-common python2 python2-minimal python3-augeas sane-airscan update-inetd usb.ids
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
php8.2-fpm
Suggested packages:
php-pear
The following packages will be REMOVED:
apache2 apache2-bin clamav clamav-daemon clamav-freshclam clamav-milter clamav-unofficial-sigs clamdscan colord curl dirmngr git gnupg gnupg2 gpg-wks-client libapache2-mod-php8.2
libapache2-mod-ruid2 libaprutil1-ldap libclamav11 libcurl3-gnutls libcurl4 libdb5.3t64 libgphoto2-6 libldap-2.5-0 libmailutils9 libmemcached11 libpq5 libsane1 libsasl2-2
libsasl2-modules-db mailutils mongo-tools opendkim opendkim-tools python-apt python3-certbot-apache python3-debianbts python3-pycurl python3-pysimplesoap python3-reportbug reportbug
sane-utils sasl2-bin sendmail sendmail-bin sensible-mda
The following NEW packages will be installed:
libdb5.3 php8.2-fpm
The following packages will be DOWNGRADED:
db-util db5.3-util
0 upgraded, 2 newly installed, 2 downgraded, 46 to remove and 0 not upgraded. Need to get 1,743 kB/2,507 kB of archives.
After this operation, 234 MB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.

Is there some way to get apt to reinstall a package such that it does
not think it has to uninstall things which depend on it because it's
being immediatly reinstalled?

That is the idea behind reinstall, though downgrading is always
a test of its ability to succeed.

What it says it's going to do is actually remove those 46 packages and
not reinstall them. I believe it! Clearly apt is unwinding the
dependencies. It seems like it's not taking into account the
downgraded libdb5.3 is a valid dependency for all the things it's
about to uninstall so it doesn't need to uninstall those things. I
thought it should do that, but for some reason, it's not doing that
for me.


-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEDXVee01gWrPIdWPRwgRAue7sYQMFAmZVrYEACgkQwgRAue7s YQNmXA//XDwG2MvqC4JtIne0eOmCguLHe32XX70Eek602bW5rOsSp4jQuiVOWFkc m3J4HesmxcPrH2McBzcYg1cOfNpsEiQQzIMcyts/xEnt91Y8A0fPRlOzWtpB2nAE Qn4B+Rd75WaGNAKDz5FR9Rj7j1bLLMAK4StkkDyIi1U9p9r7oif3GhPlrrtpfVam faa/Y+Y+OfQ3lDEZ7GLMz9yV4ru0pXIJICmZJ0HgK97HJOPnl+toALDPlqm1gnFN sc9t2SeoeW0064b6ZiIjFrujjK5/Dxq8SZX2CDsMU0Z4q+Qk5Q4RXKlYE6zewrIJ QtaS24b/CEM+NsizbjlO7xSvg/nJzVZRjRO3q1PjRZuEw6bnjbvNmoEXKYpS1DUe XwSflcjccMzO7PKjC8PbUxKbsueIXcu+ZQzs5P3IwCRzppNrSSoH5gDUmIf8Vmwk hx92c867+NyCZby6U7QFu6Zbb2ozf62aIW/Yb0Zk6OCDZWomumQ7uwfFWRd5WFAV tW2fQ0leIJw8RQ6Fo5CGX0+n0Yl9XDeW7EU/KI4xovn424eqWFh2dT7HrwE8KpLM s8xqDcreogvD1DIQUMQTpFSpEgM0ofemncF37GA/YIcALurRiOeUzbZ7kcdnWlgg NOfMakwS4k/Ob+q9UG5dj5fiFb5eWLR5ZmElNnB5aDSLjiMNTIE=
=/6mm
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, May 28, 2024 at 07:09:16AM -0400, Michael Grant wrote:

On Tue, May 28, 2024 at 06:59:50AM -0400, Greg Wooledge wrote:

On Tue, May 28, 2024 at 06:10:11AM -0400, Michael Grant wrote:

The following packages will be REMOVED:
[...] libdb5.3t64 [...]

You've *clearly* still got testing packages installed.

YES. As I originally said, I created this mess by installing sendmail
from testing. And then, a month or so later, I did an
apt-get upgrade (to do updates, not a full upgrade) which pulled in
some more things from testing. I'm trying to get back to all being
from stable.

So, which part are you confused about? Did you think there was some
easy way to FIX a frankendebian? Are you confused because you keep
thinking "there must be some single apt command that will do all the
work for me"?

There's not. You get to do all the work by hand.

You will most likely need to remove the testing versions of these packages (apache2, git and so on) and then install the bookworm versions afterward.

The things to watch out for are config files (hence your backup), and
any crazy dependency situations. In the ideal case, you'll simply be
able to remove all the packages that aren't libs, then downgrade the
libs, then reinstall the packages. And make sure you have sensible
config files. If you get stuck, there's always the big hammer
(dpkg --force-depends and so on).

If/when it breaks, you get to reinstall from scratch.

This is why we tell people DO NOT MIX BINARY PACKAGES FROM MULTIPLE
RELEASES.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

[email protected] wrote:

On Mon, May 27, 2024 at 02:02:47PM -0400, Stefan Monnier wrote:

ISTR that "apt-get install <package>=<version>" will unconditionally
install <version> of <package>, if necessary pulling in dependencies.

But I've never tried it :-)

That pulls in dependencies but does not install packages that
would otherwise be forbidden by the priority system.

E.g.: if you have foobar 1.5 in stable and foobar 2.1 in
backports, and they each depend on libfoobar of the same version
number, then

apt-get install foobar=2.1

will fail saying that it requires libfoobar 2.1 but version 1.5
is to be installed.

You can then solve that by saying

apt-get install foobar=2.1 libfoobar=2.1

but many interesting packages will have a web of dependencies,
and sometimes following them will get you to a place it is hard
to escape.

The backports repository is generally safe (or safe-ish) because
the packages in it are meant to work in a mostly-stable system.

Other repos are less accomodating.

-dsr-

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 28 May 2024, Michael Grant wrote:

On Mon, May 27, 2024 at 12:59:34PM -0500, David Wright wrote:

So what did it say after that?

Sorry, here's the entire output of one of the tries:

[bottom /etc/mail #1168] apt install libdb5.3/bookworm db5.3-util/bookworm db-util/bookworm
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Selected version '5.3.28+dfsg2-1' (Debian:12.5/stable [amd64]) for 'libdb5.3' Selected version '5.3.28+dfsg2-1' (Debian:12.5/stable [amd64]) for 'db5.3-util'
Selected version '5.3.2' (Debian:12.5/stable [all]) for 'db-util'
The following packages were automatically installed and are no longer required:
acl apache2-data apache2-utils augeas-lenses avahi-daemon clamav-base colord-data git-man gnupg-l10n gnupg-utils gpg-wks-server guile-3.0-libs ipp-usb libapr1 libaprutil1
libaprutil1-dbd-sqlite3 libaugeas0 libavahi-core7 libcolorhug2 libdaemon0 libexif12 libgphoto2-l10n libgphoto2-port12 libgudev-1.0-0 libgusb2 libhashkit2 libieee1284-3 libldap-common
liblua5.3-0 libnspr4 libnss-mdns libnss3 libopendbx1 libopendbx1-sqlite3 libopendkim11 libpoppler-glib8 libpoppler126 libpython2-stdlib libpython3.11 librbl1 librtmp1 libsane-common
libsnmp-base libsnmp40 libssh2-1 libvbr2 mailutils-common python2 python2-minimal python3-augeas sane-airscan update-inetd usb.ids
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
php8.2-fpm
Suggested packages:
php-pear
The following packages will be REMOVED:
apache2 apache2-bin clamav clamav-daemon clamav-freshclam clamav-milter clamav-unofficial-sigs clamdscan colord curl dirmngr git gnupg gnupg2 gpg-wks-client libapache2-mod-php8.2
libapache2-mod-ruid2 libaprutil1-ldap libclamav11 libcurl3-gnutls libcurl4 libdb5.3t64 libgphoto2-6 libldap-2.5-0 libmailutils9 libmemcached11 libpq5 libsane1 libsasl2-2
libsasl2-modules-db mailutils mongo-tools opendkim opendkim-tools python-apt python3-certbot-apache python3-debianbts python3-pycurl python3-pysimplesoap python3-reportbug reportbug
sane-utils sasl2-bin sendmail sendmail-bin sensible-mda
The following NEW packages will be installed:
libdb5.3 php8.2-fpm
The following packages will be DOWNGRADED:
db-util db5.3-util
0 upgraded, 2 newly installed, 2 downgraded, 46 to remove and 0 not upgraded. Need to get 1,743 kB/2,507 kB of archives.
After this operation, 234 MB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.

Is there some way to get apt to reinstall a package such that it does
not think it has to uninstall things which depend on it because it's
being immediatly reinstalled?

That is the idea behind reinstall, though downgrading is always
a test of its ability to succeed.

What it says it's going to do is actually remove those 46 packages and
not reinstall them. I believe it! Clearly apt is unwinding the dependencies. It seems like it's not taking into account the
downgraded libdb5.3 is a valid dependency for all the things it's
about to uninstall so it doesn't need to uninstall those things. I
thought it should do that, but for some reason, it's not doing that
for me.

i ran into exactly this same situation
apt and apt-get wanted to remove a passel of packages
i tried aptitude and it removed only the package i wanted
the system still works fine
just my experience

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

So, which part are you confused about? Did you think there was some
easy way to FIX a frankendebian? Are you confused because you keep
thinking "there must be some single apt command that will do all the
work for me"?

There's not. You get to do all the work by hand.

I am trying to do it by hand. There's not many packages to deal
with at this point, doing this by hand looks like 10 or so packages.

You will most likely need to remove the testing versions of these packages (apache2, git and so on) and then install the bookworm versions afterward.

Those dependent packages (most if not all) are not from testing.
apache2, perl, they are all installed from bookworm or
bookworm-security.

That db5.3 from testing is uninstalled and reinstalling from stable is
causing these other packages from stable to be uninstalled. I find
that confusing.

But what about libc6? That one really worries me.

# apt remove -s libc6
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
....a few pages of dependicies...

The things to watch out for are config files (hence your backup), and
any crazy dependency situations. In the ideal case, you'll simply be
able to remove all the packages that aren't libs, then downgrade the
libs, then reinstall the packages. And make sure you have sensible
config files. If you get stuck, there's always the big hammer
(dpkg --force-depends and so on).

If/when it breaks, you get to reinstall from scratch.

I have a running second week old version of the same vm. I'm rapidly
moving to abandon this and just swapping the instances around.

This is why we tell people DO NOT MIX BINARY PACKAGES FROM MULTIPLE
RELEASES.

Yup. But this whole experience does make me wonder if there are
situations where it is safe. For instance, if the thing you're
installing from a different release does not cause an update anything
from the current release to a new release. It feels like apt might be
able to suss that out and if so, pop an "Are you sure??? (y/N)" in the terminal.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEDXVee01gWrPIdWPRwgRAue7sYQMFAmZV2C4ACgkQwgRAue7s YQPw6A/+L4BNyt8SL4NZ7pJvJwmW5s/d7iP1YhAvUK1XIgU9k6kZ3YYkdPmJndR7 42J8gpBqVZF/i5SldEO7mQeyHo7jv9xkmJkFJ2j07A2vL+UArYh4/YrCvNfwqRee daGG4CjG2wLDtJd9mIJ/Kvf8PC3hWAWRzy+ItBnTeWtf2j1g/LYVw29lj09cLytg /APgHspVjLPsrNd+ScAMIVnR3TPQaqhVa6T4W/f3fhb/8y51XkFi3cgmzyNVsC6c zayELyn5GXJXMwi20kBdZ399rkLmsjCbwWJQrP+kcLsK2Ld8UvpjXs3yXkG706jS qSKOSFlFV0GazpHYmVlWzajDTpCF0yfI/hUnkPldjUPbsCq4Ja8jaLxIFU7kCE1z kqOUNxs5BNafadpL+pWTBEFgO/McYukVFUfaIKVVht+Z9U/nRqYeRDAWpNhVOTFT E/JhSS5+ShlAkk+9iTmZCN4fOSlLc2Tm6SE/roBsgSLg3nYoAjTRyS75+PLq0ZF8 sym+uWxjiIBWUHaTv3fCZ9vM/t2R0Hzz7mQJQY31a/uCx+FQzaVsyRcEm8a3wrDo LIuReFbC/Ayh7HslbjYCVHmNmhpIGrTNkU7e0afI7Ga9pahYKTkHaIaismCFhnu7 k4hpFb5FZa6IBtpRiUqn0tRihvZqycyfjYDCnFbWt4vV7rAmMPg=
=9IXm
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, May 28, 2024 at 09:12:18AM -0400, Michael Grant wrote:

You will most likely need to remove the testing versions of these packages (apache2, git and so on) and then install the bookworm versions afterward.

Those dependent packages (most if not all) are not from testing.
apache2, perl, they are all installed from bookworm or
bookworm-security.

I am skeptical of this.

That db5.3 from testing is uninstalled and reinstalling from stable is causing these other packages from stable to be uninstalled. I find
that confusing.

Let's say that you're right. You actually *did* download and downgrade
these packages (and just didn't show us the details for some reason), but
the packaging system is unhappy about what you're telling it to do,
and it gets overly aggressive and wants to remove some things that you
feel could remain in place.

You could just *let it remove them*, and then reinstall them. If you've already downloaded and downgraded them to bookworm versions, then you
probably still have the .deb files, so it wouldn't even require another download.

But what about libc6? That one really worries me.

As it should!

# apt remove -s libc6

DO NOT do this.

Downgrade it. DO NOT remove it and then hope to reinstall it later.
Removing libc6 will break everything.

You seem to be flailing, so let me spell this out as explicitly as
possible. When I say "downgrade a library package", I mean:

1) Download the .deb file for the bookworm(-security) version of the
library package.

2) Run "dpkg -i libc6_whatever.deb".

3) When you inevitably get dependency conflicts, download the additional
library packages that need to be downgraded at the same time, and add
them to the list.

4) dpkg -i libc6_whatever.deb libwhomever.deb ....

5) Repeat until it works.

6) Helpful post-mess cleanup commands include "dpkg --configure -a" and
"apt-get -f install". (Yes, that last one has install with no package
names.)

Apt is NOT built for downgrading. If you happen to get any positive
results from an apt command that involves downgrading, you can consider
that a pleasant surprise. Usually you need to invoke dpkg directly.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

# apt remove -s libc6

DO NOT do this.

Downgrade it. DO NOT remove it and then hope to reinstall it later.
Removing libc6 will break everything.

You seem to be flailing, so let me spell this out as explicitly as
possible. When I say "downgrade a library package", I mean:

1) Download the .deb file for the bookworm(-security) version of the
library package.

2) Run "dpkg -i libc6_whatever.deb".

3) When you inevitably get dependency conflicts, download the additional
library packages that need to be downgraded at the same time, and add
them to the list.

4) dpkg -i libc6_whatever.deb libwhomever.deb ....

5) Repeat until it works.

6) Helpful post-mess cleanup commands include "dpkg --configure -a" and
"apt-get -f install". (Yes, that last one has install with no package
names.)

Apt is NOT built for downgrading. If you happen to get any positive
results from an apt command that involves downgrading, you can consider
that a pleasant surprise. Usually you need to invoke dpkg directly.

Ah I see, I did not realise that's what you meant by downgrading it,
thanks.

So once I've done this dpkg -i to install a package, I can do that
without removing the old one first?

And, once I've hammered a package into place with dpkg, in the future,
will apt take it into account as a dependency of things already
installed even though apt itself didn't install or rather downgrade
the package itself? The fact that I am dpkg installing it over a
package that apt itself installed, perhaps this keeps apt happy?

Thanks for your help. I use apt all the time to do upgrades but
rarely do I ever need to get into weeds with it. It's a bit of a
black box to me.



-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEDXVee01gWrPIdWPRwgRAue7sYQMFAmZWDaUACgkQwgRAue7s YQNunhAAwJSUKyTV2op31fd2W2FDBvYbARRZExiwnQaifTYTuS7CeuMSiOvdYc+q 8vCfSOelLgXA4vYTgUg7EQnJzfRffKkIMqrW9tTRMzx2O0oxZ3c5Yv9Lz6vlXPE4 F+N5n3cI6ikv5946kQdpajsueTj9OScEzHhAsJD5CGXaM13hmv1obaLKq0hXwLe3 b4cRA92Rr1YjaYZHx4b5FzUmLdzdJv+ejTYBPxhiRMQbp323NghqfWaoGOvrBb3p LxwKLK29QMnUnm0rR613dA5Ju9i1NqcfEgw1Mynk9ww/x94vZ5S/m1Lhbk/fvMUB cPQSZbAB84T7E8v2M4lPNPmVRGcNyd4PIq0JN3h3la+uqc2ZGZmN7pTPbcyBAkJ8 tHIB4F9eqIZ1yyTnooGAyKULMrWfJEYzh7XdzP7L26mE0KflCHy3tMn09qdsrxHW jXjuQavQStGRSIqNwTy/1T2Ht8/rBUfAQxd4CSHRanQEuEjI/hhzU5iDBPYdz9T4 SsSAwGP2A8/fKozqIszl9qDZw9Z6T4rkqvvF4Ogs12qqvXdXxepPQm46RLaxKjRT x63zg+6x7KWLx2BU5l30rZZqsqVmB8kfQwpcTow9qha4H0nnQ8d3D3SO2Rqn0Niz yllsi6kML15ObJ02VA7j0tzmg3le3sUiUIGGqATqD0vABa/8LwY=
=Fvqo
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, May 28, 2024 at 01:00:24PM -0400, Michael Grant wrote:

So once I've done this dpkg -i to install a package, I can do that
without removing the old one first?

Yes, dpkg will upgrade or downgrade the existing package.

And, once I've hammered a package into place with dpkg, in the future,
will apt take it into account as a dependency of things already
installed even though apt itself didn't install or rather downgrade
the package itself?

Yes. Dpkg is the lower level tool. Apt is the higher level tool.
The set of installed packages is tracked by dpkg (it's in the file /var/lib/dpkg/status which you can read if you like). Apt calls dpkg
to do all of the installing, removing, etc. Apt just calculates the
dependency tree and downloads the .deb files for dpkg to use.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Max, your list looks very similiar to what I'm seeing.

I seem to have suceeded in removing all of the testing packages from
my backup instance, now, just need to flip the ips around and see if
the ship still floats.

The culprits that seemed to be causing the massive dependencies were
libsasl2-2 and libsasl2-modules-db. Though not libsasl2-modules which
i also have installed.

Using apt to try and remove the first 2 were causing this:

The following packages will be REMOVED:
apache2 apache2-bin clamav clamav-daemon clamav-freshclam clamav-milter clamav-unofficial-sigs clamdscan colord curl dirmngr git gnupg gnupg2 gpg-wks-client
libapache2-mod-php8.2 libapache2-mod-ruid2 libaprutil1-ldap libclamav11 libcurl3-gnutls libcurl4 libgphoto2-6 libldap-2.5-0 libmailutils9 libmemcached11 libpq5 libsane1
libsasl2-2 mailutils mongo-tools opendkim opendkim-tools python-apt python3-certbot-apache python3-debianbts python3-pycurl python3-pysimplesoap python3-reportbug reportbug
sane-utils sendmail sendmail-bin sensible-mda

I sucked down those 3 packages and downgraded them via 'dpkg -i' and
was able to uninstall and reinstall sendmail by apt and now, no more
packages from testing.

Whew, I won't do that again. But it's good to know how these things work!

Thanks all for your help.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEDXVee01gWrPIdWPRwgRAue7sYQMFAmZWGbcACgkQwgRAue7s YQN4KhAAgX6TUv54p1m1kJj1hOyS7PfeAZAjM+I9MtbRwq8/XI5svYdHBUG878Cn XUG7TF65w12o6PkZRx0W/Avpma3dVR9LShZpDhFnKY/WM/jTnWPuSKMiKpQKQBKA LUIodkzlabkE/pmq7Yi7BoG7owcnZFi4HspgJ8rm/hYnjHrP6Q1aCY+Fl8qKDHih vMczpNF14i84oy9mxrT0TAoCpnIRSqC+hjQFVZnmEzco7xj7OwJZWvX2nUSmf/PF ALguutI+dxZTSlngKf0rgN5nkNwb0WhqsGgesQ+9F4v73eMxxB20F0X8+pMDGq92 NaWWPIGAp3xEESWUKzvk5rLIcM8AE+hke7HDJzyrIGRbHpYSp3j8JZlR7U7miLdk FnRkovv5+6OzFWz77+HADIwkHTykauqQfZ1V183MVf4WXhnqvA4YcsVbWgeymbfo emprNTkrIdl88NQ+LuP53TVAN5hnbkfb2vbhuyw4eOZxEQProqwnPwdyAmW3OVsg tMtTZXfSuhTFuszmxB+v3WroTLQuBomorj3nPAWH4sG9V6R/FjQIXJJmNNMtwyeg aH2e7v+j3u/PX3lfy4v6kgrP+R00rmtAqw89OEZrH0WqAMO5/7Dgum3YycHnJJIl YQ/E4uBici5muEP+4PW9W9WFfSL3OO7TMqgKV7YgO9O/VEaVHu0=
=qO+B
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)