Is -Syy safe? [SOLVED]

doru001 · 2013-05-11 14:01:06

In relation to https://wiki.archlinux.org/index.php/Ta … troduction, I've been directed here to post this little question:

Consider the following sequence of events:

mirror_2 is synchronized with mirror_1
mirror_1 is updated
user synchronizes his system with mirror_1
user changes to mirror_2 (or just mirror_1 breaks down and mirror_2 is next in mirrors list)
user issues -Syyu

Now the system can be broken, because the user inadvertently updated to an older version and pacman and the update scripts are not designed to cope with this, as far as I know. Moreover, the system might become disfunctional days later, at reboot. Please tell me if I am right on this. If I am, then -Syy might be unsafe at any time and on any mirror. Of course, there is a small probability for this scenario to happen in practice.

Last edited by doru001 (2013-07-01 16:04:13)

karol · 2013-05-11 14:03:23

'pacman -Syy' redownloads the package databases, so where's the danger? It will download them from the first functional server. When you run 'pacman -Su' later (or better, simply 'pacman -Syyu' at once), you will update to a consistent state, nothing should break.

doru001 wrote:

user synchronizes his system with mirror_1

You mean 'pacman -Sy' - you shouldn't do it. Run 'pacman -Syu' or 'checkupdates'.

Last edited by karol (2013-05-11 14:05:40)

doru001 · 2013-05-11 14:07:19

karol wrote:

'pacman -Syy' redownloads the package databases, so where's the danger? It will download them from the first functional server. When you run 'pacman -su', you will update to a consistent state, nothing should break.
doru001 wrote:
user synchronizes his system with mirror_1
You mean 'pacman -Sy' - you shouldn't do it. Run 'pacman -Syu' or 'checkupdates'.

I suppose that -Syy will force the download of old packages lists from mirror_2 to replace the new packages lists from mirror_1. Does it not?

Last edited by doru001 (2013-05-11 14:16:25)

karol · 2013-05-11 14:15:31

Yes, that's right.
It's not a huge deal if you get slightly older packages - you can use e.g 'reflector' to pick the recently synced mirrors if you want to get the absolutely latest packages.

doru001 · 2013-05-11 14:17:55

karol wrote:

Yes, that's right.
It's not a huge deal if you get slightly older packages - you can use e.g 'reflector' to pick the recently synced mirrors if you want to get the absolutely latest packages.

But the install scripts of older packages do not know how to deal with newer packages. Do they?

Trilby · 2013-05-11 14:28:39

Let try to make an explicit example to explore the idea. Imagine packages A and B. A depends on specific versions of B, and for simplicity, lets assume the version numbers run in parallel: v0.9 of A requires v0.9 of B, 1.0 requires 1.0, etc.

If v0.9 of both packages have been around for a while and are on all mirrors, and you are synced to mirror 1, and mirror 2 also syncs to mirror one. Then v1.0 of each package moves into a stable repo and mirror one gets these packages. You sync to mirror one and time 1. Suddenly mirror 1 goes offline, and mirror 2 hasn't synced yet.

The state now:
your database: Av1.0, Bv1.0
mirror 1: Av1.0, Bv1.0 (but not online)
mirror 2: Av0.9, Bv0.9

Now you switch to mirror 2, and pacman -Syyu. I don't actually know if pacman would skip A and B as the local version is newer than the mirror, or if it would "downgrade" to v0.9 of each[1]. In either case, however, you'd have a stable result: either 1.0 and 1.0, or 0.9 and 0.9.

The only way there would be a problem was if you already had done a partial upgrade from mirror 1 before it went down - say for example you did `pacman -Sy B`. But at that point your system would be "broken" regardless of whether or not you had to change mirrors.

To sum up: if you do partial upgrades, breakage should be expected, regardless of what state your mirrors are in. If you don't do partial updates, then this wouldn't be an issue.

[1] = based on results from aur packages, when I run `pacman -U <pkgfile>` pacman installs the package regardless of the version number. If the new one is older than the current one, it simply gives a warning and continues. So I suspect in the above example pacman would warn about the downgrade of A and B to v0.9. But the example follows just the same.

Last edited by Trilby (2013-05-11 14:32:28)

karol · 2013-05-11 14:30:04

What install scripts? I'm not following.
pacman downloads compressed archives, unpacks them and copies the files to the right places while removing files that belonged to the old version of the packages.
It then runs install scripts of the new packages.

Last edited by karol (2013-05-11 14:30:24)

Raynman · 2013-05-11 14:37:52

I suppose install scripts could be a problem if there is some major change and the install script for the new version (1.0 in Trilby's example) runs some command to convert files (db or something) into a new format. If using the old mirror results in a downgrade, version 0.9 would not be able to read the new file format, and the install script for 0.9 is not designed to handle this case.

But this is very unlikely. I'm not even sure such 'dangerous' conversions would be done in install scripts; maybe it would just print a message and leave it to the user, who would then be aware of potential problems when he agrees to the downgrade later.

Trilby wrote:

I don't actually know if pacman would skip A and B as the local version is newer than the mirror, or if it would "downgrade" to v0.9 of each.

I'm pretty sure that you will get a warning in either case, so you can answer 'no' when asked if you want to continue, and sort out your mirrors first.

Allan · 2013-05-11 14:38:37

You would need to use "-Suu" to downgrade packages.

Trilby · 2013-05-11 14:39:51

install scripts don't (shouldn't) try to convert any files that already exist in the filesystem. They install new ones.

Raynman · 2013-05-11 14:44:32

Trilby wrote:

install scripts don't (shouldn't) try to convert any files that already exist in the filesystem. They install new ones.

Yes, but in theory it's possible. I'm just trying to understand if that's what doru001 is worrying about.

Xyne · 2013-05-11 16:05:17

Raynman wrote:

Yes, but in theory it's possible.

In theory, a malicious package could wipe every disk on the system during installation. If bad things happen because a package is doing something that it should not do then that is a packager errror.

As for the original question, "-Syy" without "-u" is not supported.

At first I was going to say that if you always run "-Syyu" or "-Syyuu" then the system should remain consistent even when switching to older mirrors, but that's probably not true. Sometimes manual intervention is required, and there are likely situations in which the downgrade cannot satisfy all dependencies (e.g. if unofficial packages depend on the latest version of some offiicial package or if new packages have appeared in the official repos).

That really shouldn't be an issue though because mirrors should not lag by more than an hour or two. You should not use desynchronized mirrors and there are tools to help you avoid this (e.g. Reflector).

doru001 · 2013-05-20 09:34:17

Sorry for my late answer. Suppose that the latest upgrade installed netctl and removed netcfg. When I issue -Syyu again and unknowingly I fall back to an older archive which still offers netcfg, what will happen? Can this let my system with no internet connection after the next reboot? The example is not good, because both netcfg and netctl are available in the repository, it is just a scenario.

I am trying to asses my usual behaviour risks. Indeed, the chance for this to happen is small, but still I would like to know. For example, you talk about some warning message. Is this the usual message listing a large number of packages and asking me whether I accept the install? In this case probably the change from netctl back to netcfg would go unnoticed by me. On the other hand a specific message like: what are you doing, are you sure you want to uninstall netctl?! would get my attention.

You also mention Reflector, which warns against desynchronized mirrors. I am not sure that I should complicate my existence with it, what situations demanded its use?

Thank you all for your answers.

jasonwryan · 2013-05-20 09:52:41

Enable VerbosePkgLists in your conf and scan the list of upgrades prior to proceeding.

doru001 wrote:

On the other hand a specific message like: what are you doing, are you sure you want to uninstall netctl?! would get my attention.

Pacman isn't setup to second guess you and treat you like an infant.
If you aren't paying attention, things can go wrong. So, you can either pay attention or learn from your mistakes. In any event, none of it is life-threatnening...

fsckd · 2013-05-20 13:15:57

doru001 wrote:

You also mention Reflector, which warns against desynchronized mirrors. I am not sure that I should complicate my existence with it, what situations demanded its use?

The situation you describe in the opening post of this thread.

doru001 · 2013-05-27 08:23:03

Very well, as a result of this discussion I decided to use only one repository in /etc/pacman.d/mirrorlist and to issue pacman -Syu instead of pacman -Syyu when I update the system.

Awebb · 2013-05-27 08:34:55

Using Syu instead of Syyu is a good idea, because the incremental nature of Syu serves the purpose of saving bandwidth, not only on your side, but on the server as well.

Arch Linux

#1 2013-05-11 14:01:06

Is -Syy safe? [SOLVED]

#2 2013-05-11 14:03:23

Re: Is -Syy safe? [SOLVED]

#3 2013-05-11 14:07:19

Re: Is -Syy safe? [SOLVED]

#4 2013-05-11 14:15:31

Re: Is -Syy safe? [SOLVED]

#5 2013-05-11 14:17:55

Re: Is -Syy safe? [SOLVED]

#6 2013-05-11 14:28:39

Re: Is -Syy safe? [SOLVED]

#7 2013-05-11 14:30:04

Re: Is -Syy safe? [SOLVED]

#8 2013-05-11 14:37:52

Re: Is -Syy safe? [SOLVED]

#9 2013-05-11 14:38:37

Re: Is -Syy safe? [SOLVED]

#10 2013-05-11 14:39:51

Re: Is -Syy safe? [SOLVED]

#11 2013-05-11 14:44:32

Re: Is -Syy safe? [SOLVED]

#12 2013-05-11 16:05:17

Re: Is -Syy safe? [SOLVED]

#13 2013-05-20 09:34:17

Re: Is -Syy safe? [SOLVED]

#14 2013-05-20 09:52:41

Re: Is -Syy safe? [SOLVED]

#15 2013-05-20 13:15:57

Re: Is -Syy safe? [SOLVED]

#16 2013-05-27 08:23:03

Re: Is -Syy safe? [SOLVED]

#17 2013-05-27 08:34:55

Re: Is -Syy safe? [SOLVED]

Board footer