Bug 1338054 - Fedora 24 keepassx has a lower version number it wants to upgrade a higher version package from Fedora 23
Summary: Fedora 24 keepassx has a lower version number it wants to upgrade a higher ve...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: keepassx
Version: 24
Hardware: All
OS: All
unspecified
urgent
Target Milestone: ---
Assignee: Aurelien Bompard
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: RejectedBlocker AcceptedFreezeException
: 1328804 1336147 1343056 1343064 (view as bug list)
Depends On:
Blocks: F24FinalFreezeException
TreeView+ depends on / blocked
 
Reported: 2016-05-21 06:41 UTC by Artem S. Tashkinov
Modified: 2016-06-25 11:45 UTC (History)
20 users (show)

Fixed In Version: keepassx-2.0.2-2.fc24 keepassx-2.0.2-1.fc24 keepassx-2.0.2-3.fc24 keepassx-2.0.2-3.fc23
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-06-16 13:38:03 UTC


Attachments (Terms of Use)

Description Artem S. Tashkinov 2016-05-21 06:41:01 UTC
Please fix this ASAP, because keepassx 2.0.0 create databases which cannot be read by keepassx 0.4.4 which is an upgrade (WTF?!) in Fedora 24.

# dnf update

Last metadata expiration check: 0:09:03 ago on Sat May 21 11:29:05 2016.
--> Starting dependency resolution
---> Package keepassx.x86_64 2.0.0-1.fc23 will be upgraded
---> Package keepassx.x86_64 1:0.4.4-1.fc24 will be an upgrade
--> Finished dependency resolution
Dependencies resolved.
================================================================================
 Package          Arch           Version                   Repository      Size
================================================================================
Upgrading:
 keepassx         x86_64         1:0.4.4-1.fc24            fedora         797 k

Transaction Summary
================================================================================
Upgrade  1 Package

Total download size: 797 k
Is this ok [y/N]: 

Consider this a show stopper bug for Fedora 24. I wonder how on Earth such bugs slip in.

Comment 1 Geoffrey Marr 2016-05-23 18:14:18 UTC
Discussed during the 2016-05-23 blocker review meeting: [1]

This bug has been classified as a RejectedBlocker and an AcceptedFreezeException as it is not in the release-blocking package sets in the blocker criteria, however there is a benefit to pushing this stable between the freeze date and 0-day update-push-day. See [2] for more info.

[1] https://meetbot-raw.fedoraproject.org/fedora-blocker-review/2016-05-23/f24-blocker-review.2016-05-23-16.00.txt

[2] https://fedorahosted.org/fesco/ticket/1569

Comment 2 Jan Synacek 2016-06-09 05:40:59 UTC
keepassx 2 on F23 (and F24 for a while) was a big mistake. The bug should be to downgrade keepassx to 0.4.4 on F23 instead.

Comment 3 Artem S. Tashkinov 2016-06-09 05:51:27 UTC
(In reply to Jan Synacek from comment #2)

What about all those Fedora 23 users who cannot downgrade because KeePassX 2.0 has a DB which is incompatible with version 0.4.4? Not to mention that this DB cannot be exported and imported.

In short what you're saying is that we're all f*cked without explaining what's wrong with a newer version.

Comment 4 Jonathan Wakely 2016-06-09 08:31:56 UTC
(In reply to Artem S. Tashkinov from comment #3)
> What about all those Fedora 23 users who cannot downgrade because KeePassX
> 2.0 has a DB which is incompatible with version 0.4.4? Not to mention that
> this DB cannot be exported and imported.

Apparently the import into 2.0.0 creates a backup of the v1 DB file, which could still be used.

Also there is a fatal bug in 2.0.0 that is fixed in 2.0.1, so using 2.0.0 in F24 seems foolish. See https://www.keepassx.org/dev/issues/392

Comment 5 Artem S. Tashkinov 2016-06-09 09:13:29 UTC
(In reply to Jonathan Wakely from comment #4)

It's foolish to force a new untested buggy version on Fedora users and then ... blame them for using it. It reeks of humiliation, arrogance and schadenfreude.

Update keepassx to 2.0.2 (v2.0.1 is also buggy) in both Fedora 23 and 24 and stop f*cking around.

Comment 6 Fedora Blocker Bugs Application 2016-06-09 16:32:32 UTC
Proposed as a Freeze Exception for 24-final by Fedora user amluto using the blocker tracking app because:

 Without a fix for bug 1338054, KeePassX databases created on an up-to-date Fedora 23 system cannot be read on Fedora 24.

I propose that the following updates be allowed as freeze exceptions:

FEDORA-2016-78dd6d9bb7 - keepassx-2.0.2-1.fc24 (update keepassx on f24 so it is new enough to read databases created by f23's version)

FEDORA-2016-f1da178e94 - keepassx0-0.4.4-3.fc24 (allow users who want to stay on the 0.x series to do so)

Neither of these should have any effect on anything release-critical and therefore shouldn't impose any significant testing burden beyond simply testing the updates themselves.

Comment 7 Andy Lutomirski 2016-06-09 16:38:40 UTC
Shouldn't keepassx.fc24 provide /usr/bin/keepassx, though?  A symlink or an alternative would work.  IMO a symlink is more straightforward, since all the 2.0.0 users on fc23 expect it to live at /usr/bin/keepassx.

Comment 8 Gwyn Ciesla 2016-06-09 17:49:17 UTC
See:
https://bugzilla.redhat.com/show_bug.cgi?id=1340269

keepassx is going to 2.0.2 with a keepassx2 binary, and keepassx0 will provide keepassx at 0.4.4.

Comment 9 Fedora Update System 2016-06-09 17:50:13 UTC
keepassx0-0.4.4-3.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f1da178e94

Comment 10 Fedora Update System 2016-06-09 17:50:25 UTC
keepassx-2.0.2-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-78dd6d9bb7

Comment 11 Andy Lutomirski 2016-06-10 00:52:56 UTC
(In reply to Jon Ciesla from comment #8)
> See:
> https://bugzilla.redhat.com/show_bug.cgi?id=1340269
> 
> keepassx is going to 2.0.2 with a keepassx2 binary, and keepassx0 will
> provide keepassx at 0.4.4.

This isn't correct.

keepassx2, as you submitted it, provides a '/usr/bin/keepassx2' binary.  keepassx0, as you submitted it, provides a '/usr/bin/keepassx0' binary.  Nothing provides /usr/bin/keepassx.

For keepassx0, see: http://koji.fedoraproject.org/koji/rpminfo?rpmID=7760707

If the fc23 mistake hadn't happened, then I think that having keepassx2 mean v2 and keepassx mean v0 would make sense.  But the mistake did happen, and I think that keepassx should run keepassx2.

Comment 12 Michael J Gruber 2016-06-10 14:38:43 UTC
Please don't mess up the keepassx landscape in Fedora any further.

Updating keepassx to the "2 series" in F23 was a violation of packaging guidelines but happened. So, "/usr/bin/keepassx" being the series 2 binary is a matter of fact in the latest released Fedora.

Doing anything in F24 to revert that just adds more nuisances for keepassx users. Whoever didn't follow the move to series 2 has an "excludes" in their dnf config since then. Whoever made the move would be screwed by a F24 keepassx that is not what the F23 keepassx is, or newer.

Comment 13 Gwyn Ciesla 2016-06-10 14:53:12 UTC
To clarify, I'm doing what FESCO opted for.  This will be the result:

keepassx - 2.0.2 in Fedora(keepassx2), 0.4.4 in EPEL(keepassx).
keepassx0 - 0.x in Fedora(keepassx), not in EPEL.
keepassx2 - not in Fedora, 2.0.2 in EPEL(keepassx2).

We have Obsoletes in place that anyone with 0.4.4 should stay there.

Comment 14 Michael J Gruber 2016-06-10 20:14:09 UTC
So F24 keepassx upgrades F23 keepassx (both 2 series) but provides the binary under a different name???

Comment 15 Gwyn Ciesla 2016-06-10 21:49:03 UTC
Yes.  They needed to be parallel installable, and the buildsystems don't make that elegant.

Comment 16 Andy Lutomirski 2016-06-10 21:52:41 UTC
(In reply to Jon Ciesla from comment #15)
> Yes.  They needed to be parallel installable, and the buildsystems don't
> make that elegant.

A simple "ln -s keepassx2 %{_bindir}/keepassx" should do the trick, no?

Comment 17 Kevin Fenzi 2016-06-12 19:32:43 UTC
So, the question is what version should have the /usr/bin/keepassx name (if any). 

Right now, it's nothing, which seems... odd. Either the old one should keep that name (but then people won't be migrated until keepassx0 is dropped) or keepassx2 should have it (and people will migrate to the new one).

Comment 18 Michael J Gruber 2016-06-12 20:22:08 UTC
Well, the migration has happended on F23 already. Do we want to revert that? I hope not. /usr/bin/keepassx is the 2 series version there (keepassx the package name).

Comment 19 Amit Shah 2016-06-13 03:54:47 UTC
*** Bug 1336147 has been marked as a duplicate of this bug. ***

Comment 20 Amit Shah 2016-06-13 03:55:08 UTC
*** Bug 1343056 has been marked as a duplicate of this bug. ***

Comment 21 Amit Shah 2016-06-13 03:55:27 UTC
*** Bug 1328804 has been marked as a duplicate of this bug. ***

Comment 22 Amit Shah 2016-06-13 03:57:29 UTC
*** Bug 1343064 has been marked as a duplicate of this bug. ***

Comment 23 Fedora Update System 2016-06-13 14:21:41 UTC
keepassx-2.0.2-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-1431671b34

Comment 24 Fedora Update System 2016-06-13 14:21:51 UTC
keepassx-2.0.2-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-645a4b89a9

Comment 25 Fedora Update System 2016-06-13 15:57:15 UTC
keepassx-2.0.2-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-645a4b89a9

Comment 26 Fedora Update System 2016-06-13 22:25:40 UTC
keepassx-2.0.2-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1431671b34

Comment 27 Adam Williamson 2016-06-13 23:26:10 UTC
The updates together seem to achieve the desired result.

Comment 28 Jonathan Wakely 2016-06-14 09:12:34 UTC
Both keepassx-2.0.2-2.fc23 and keepassx0-0.4.4-3.fc23 have identical %description text, including:

 KeePassX uses a database format
 that is compatible with KeePass Password Safe for MS Windows.

but no mention that the database format is not compatible between the two. That seems like useful info to put in the %description, maybe something like:

 KeePassX uses a database format
 that is compatible with KeePass Password Safe v2 for MS Windows.

 KeePassX 0.4.x uses a database format
 that is compatible with KeePass Password Safe v1 for MS Windows.

c.f. https://www.keepassx.org/faq/#q_2
c.f. http://keepass.info/help/v2/version.html

Comment 29 Gwyn Ciesla 2016-06-14 14:07:03 UTC
Good catch, thanks!

Comment 30 Fedora Update System 2016-06-14 15:02:28 UTC
keepassx0-0.4.4-4.fc23 keepassx-2.0.2-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-df0dfd42ce

Comment 31 Fedora Update System 2016-06-14 15:02:39 UTC
keepassx0-0.4.4-4.fc24 keepassx-2.0.2-3.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e6587e16d

Comment 32 Fedora Update System 2016-06-15 16:56:57 UTC
keepassx-2.0.2-3.fc24, keepassx0-0.4.4-4.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-3e6587e16d

Comment 33 Fedora Update System 2016-06-15 17:27:43 UTC
keepassx-2.0.2-3.fc23, keepassx0-0.4.4-4.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-df0dfd42ce

Comment 34 Fedora Update System 2016-06-16 13:37:20 UTC
keepassx-2.0.2-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 35 Fedora Update System 2016-06-16 13:40:58 UTC
keepassx0-0.4.4-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 36 Fedora Update System 2016-06-18 18:35:39 UTC
keepassx-2.0.2-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 37 Fedora Update System 2016-06-22 23:54:33 UTC
keepassx-2.0.2-3.fc24, keepassx0-0.4.4-4.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 38 Fedora Update System 2016-06-23 04:53:28 UTC
keepassx-2.0.2-3.fc23, keepassx0-0.4.4-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.