"1 not upgraded" leading to Dependency hell -- unexpected! ;-)

[fbachofner]

For the first time in years (eons, it seems) I have an unresolvable (by my efforts so far) dependency hell stemming from (I believe) a package which is failing to update. [ The actual experienced problem is expressed at the bottom, the likely source of the problem (the background) is at the top . . .]

Background:

My daughter's machine is on LM 20.1 with apparently everything up to date (including newest 5.8.0-53 kernel released today)

However, sudo apt-get upgrade reports:

Code: Select all

Reading package lists... Done
Building dependency tree       
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

No matter what I do, I can neither identify nor deal with the "not upgraded" package. I have tried all the regular "rules" and common advice to include:

Code: Select all

sudo apt autoremove
sudo apt-get clean
sudo apt-get install -f
sudo dpkg --configure -a
sudo apt-get --with-new-pkgs upgrade
sudo apt full-upgrade

and even . . .

sudo apt-get dist-upgrade

My fundamental troubleshooting issue is that I can not get a warning like

Code: Select all

The following packages have been kept back:

and I can not in any way (known to me) find a list of what program is causing the hangup.
apt-mark showhold returns nothing
dpkg --audit returns nothing
apt list --upgradable returns nothing (actually "Listing... Done")

a current /var/log/apt/term.log looks like this

Code: Select all

Log started: 2021-05-11  14:21:11
Log ended: 2021-05-11  14:21:11

following some "new" ideas I thought maybe some package is pinned to the "wrong" priority, however all files at /etc/apt//preferences.d are identical to another (virtually identical) system which exhibits no issue with apt-get upgrade.

Ultimately, I might not care about this minor warning . . . as the system is functioning and seems perfectly stable.

The REAL issue, however:

My daughter needs to take some Assessment Tests this week which requires a "secure browser" provided by a contractor to the State of California (see info here: https://ca.portal.cambiumast.com/ )

This browser fails to install as it hangs up with:

Code: Select all

The following packages have unmet dependencies:
 libgtk2.0-dev : Depends: libglib2.0-dev (>= 2.27.3) but it is not going to be installed
                 Depends: libgdk-pixbuf2.0-dev (>= 2.21.0) but it is not going to be installed
                 Depends: libpango1.0-dev (>= 1.20) but it is not going to be installed
                 Depends: libatk1.0-dev (>= 1.29.2) but it is not going to be installed
                 Depends: libcairo2-dev (>= 1.6.4-6.1) but it is not going to be installed
                 Recommends: debhelper but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

This is the first place I ever saw the system apparently holds broken packages.

If I attempt to install the listed dependencies, I get sucked into an ever deepening cascade of unmet dependencies.

Any and all constructive input is welcomed! I am many hours into this and am contemplating just reinstalling the system which would clear out any cruft from multiple version upgrades, but I suppose the challenge is a bit interesting!

[Larry78723]

It installed fine on my LM20.1 Cinnamon without needing to do anything further.

[Flemur]

This browser fails to install as it hangs up with:
Code: Select all
The following packages have unmet dependencies:

What are you doing to "install" that creates the "unmet dependencies" message?

Is that from running ./install-icon.sh ? Because that script just:
"# Installs shortcut to the browser on the desktop"
and there isn't any other installer - you just run the extracted file.

FWIW, I had to extract the stuff and run ./install-icon.sh in /root/Desktop, then copy the stuff to $HOME/Desktop to run it:

Code: Select all

/home/username/Desktop/CASecureBrowser/CASecureBrowser.sh

and it started up full-screen (Mint 20.1). No additional packages were installed.

Edit: as a regular user just extract the CASecureBrowser...tar.bz2 file somewhere and run CASecureBrowser.sh; the install-icon.sh is not needed and is also a pain because you have to do it as root and then run the program somewhere else as a regular user (it won't run as root, or run as regular user in the root directory). So don't bother with install-icon.sh ...

[Pierre]

you can try using sudo apt-get update in Terminal.

& then use the sudo apt-get upgrade after that.

https://www.poftut.com/apt-get-update-u ... firencies/
is an discussion on this Topic.

[fbachofner]

you can try using sudo apt-get update in Terminal.

& then use the sudo apt-get upgrade after that.

Thanks Pierre, but I have already done that!

However, sudo apt-get upgrade reports:
. . .

[Flemur]

1 not upgraded.

You might have a package locked (set to not update) - you can check that with synaptic (probably also apt/etc though I don't know how).

Also, I could run that browser by just extracting the files; can you do that?

[fbachofner]

Hi @Flemur:

What are you doing to "install" that creates the "unmet dependencies" message?

Is that from running ./install-icon.sh ? Because that script just:
"# Installs shortcut to the browser on the desktop"

Yes, I am running install-icon.sh as indicated in the instructions.

The way I read the source code of install-icon.sh, it indicates a LOT more is going on than installing a shortcut.

There is a section

Code: Select all

  # install pico2wave on Debian systems
  sudo apt-get -y install libttspico0 libttspico-utils libttspico-data;
  # install picospeaker
  sudo install -D -m755 picospeaker /usr/bin/picospeaker;

  rl=libreadline6; 

  uver=`lsb_release -r | cut -f2 | cut -f1 -d"."`;

  if [ "$uver" == "18" ]; then
    rl=libreadline7; 
  fi

  if [ "${ARCH}" = "x86_64" ]; then
    sudo apt-get -y install sox libasound2 libasound2-plugins libdbus-glib-1-2 net-tools $rl libgtk2.0;
  else
    sudo apt-get -y install sox libstdc++6 libasound2 libasound2-plugins libdbus-glib-1-2 net-tools $rl libgtk2.0;

which indicates a number of programs (at least 9) are being installed by / within the above-quoted section. These seem to match up pretty well with the dependencies hell I am in.

For example: libgtk2.0-dev

[fbachofner]

Hi @Flemur:

You might have a package locked (set to not update) - you can check that with synaptic (probably also apt/etc though I don't know how).

It is not immediately apparent to see what might be locked. I will mess around with Synaptic a bit -- this seems like a good idea.

Also, I could run that browser by just extracting the files; can you do that?

Another good idea.

YES, I can run the program.

However, without installing all the dependencies I am fairly certain that various features would not work. From my kids (who already took some of the test) it sounds like text to speech is used fairly heavily. There are apparently many other "advanced" features too (video integration, graphics, fonts, etc.) which probably also require the various dependencies for which the installer calls.

[Pierre]

since that didn't work out,
can you now try using Package Manager aka synaptic,
- Edit - Fix Broken Packages
then click on the Apply icon at the Top of the screen
( it should now be Not greyed out )
to see if anything extra is downloaded & then Installed.

- - post back, what happened, if anything - -

[spamegg]

Show us the output of inxi -r

[Flemur]

However, without installing all the dependencies I am fairly certain that various features would not work. From my kids (who already took some of the test) it sounds like text to speech is used fairly heavily. There are apparently many other "advanced" features too (video integration, graphics, fonts, etc.) which probably also require the various dependencies for which the installer calls.

I ran that installer as root (yeah, I know) and AFAIK it didn't install anything, certainly not the pico* thing (which was marked for Debian). I already have the audio packages, you probably do, too.

Also I just "Locked version" of some package in synaptic and it didn't show up as "not going to install) during an update/upgrade...but the package was at the current version, so not a good test.

Edit: apparently "locking" a package in synaptic doesn't lock it outside or synaptic, e.g. using apt.

But since it's showing up when you run apt, these methods might show you which package it is:
https://askubuntu.com/questions/18654/h ... ic-package

[fbachofner]

Show us the output of inxi -r

Great idea. Thanks!

Code: Select all

$ inxi -r
Repos:     No active apt repos in: /etc/apt/sources.list
           Active apt repos in: /etc/apt/sources.list.d/libreoffice-ppa-focal.list
           1: deb http://ppa.launchpad.net/libreoffice/ppa/ubuntu focal main
           Active apt repos in: /etc/apt/sources.list.d/official-package-repositories.list
           1: deb http://mirrors.kernel.org/linuxmint-packages ulyssa main upstream import backport
           2: deb http://mirror.us-sc.kamatera.com/ubuntu focal main restricted universe multiverse
           3: deb http://mirror.us-sc.kamatera.com/ubuntu focal-updates main restricted universe multiverse
           4: deb http://mirror.us-sc.kamatera.com/ubuntu focal-backports main restricted universe multiverse
           5: deb http://security.ubuntu.com/ubuntu/ focal-security main restricted universe multiverse
           6: deb http://archive.canonical.com/ubuntu/ focal partner
           Active apt repos in: /etc/apt/sources.list.d/skypeforlinux.list
           1: deb [arch=amd64] https://repo.skype.com/deb stable main

Fortunately or unfortunately, these repos are exactly the same as another computer where the softwre installed without issue!


EDIT:
I should mention I have tried changing software sources (a number of times) to see whether that would have any impact. It didn't, unfortunately.

[fbachofner]

Hi @Pierre:

can you now try using Package Manager aka synaptic,
- Edit - Fix Broken Packages
then click on the Apply icon at the Top of the screen
( it should now be Not greyed out )
to see if anything extra is downloaded & then Installed.

I just did this (again, after various other updates over the last couple days) and Synaptic is still unaware of any broken packages. Please see attached screenshot.


[Image will be intentionally deleted on June 13, 2021]

[fbachofner]

Hi @Flemur:

I ran that installer as root (yeah, I know) and AFAIK it didn't install anything, certainly not the pico* thing (which was marked for Debian). I already have the audio packages, you probably do, too.

Yes, I have some of the packages installed already. I didn't pay attention to picotts (text to speech) being marked for Debian. I installed it successfully and as a result we may try using an uninstalled version of secure browser tomorrow during a testing session (living on the edge! )

Also I just "Locked version" of some package in synaptic and it didn't show up as "not going to install) during an update/upgrade...but the package was at the current version, so not a good test.

Edit: apparently "locking" a package in synaptic doesn't lock it outside or synaptic, e.g. using apt.

This may be very useful information in the future, but does not seem to apply here.

But since it's showing up when you run apt, these methods might show you which package it is:
https://askubuntu.com/questions/18654/h ... ic-package

I had previously tried

Code: Select all

dpkg --get-selections | grep "\<hold$"

which returns no results

I also just tried

Code: Select all

sudo apt-mark showhold

which also returns no results

I'll keep working through that interesting help document a bit later this evening. Thanks.

[fbachofner]

I'll keep working through that interesting help document a bit later this evening.

When I checked dpkg --get-selections, something interesting had flashed by, so I

"dpkg --get-selections | grep deinstall"

which resulted in

Code: Select all

libqmi-glib1:amd64			deinstall
libreoffice-style-tango			deinstall
linux-image-5.8.0-49-generic		deinstall
linux-modules-5.8.0-49-generic		deinstall
linux-modules-extra-5.8.0-49-generic	deinstall

I find this interesting as these are already removed from the system.

At any rate, this does not seem to have any impact on my "1 not upgraded" challenge.

I am now stuck without any additional ideas to resolve . . . and am looking at reinstalling the system to see whether I can get rid of the warning and successfully install the "required" software.

I'll hold off another day or so in the hopes that someone has an idea to resolve this situation.

Thanks in advance!