Bug 205350

Summary: ports-mgmt/pkg doesn't respect locked packages and upgrades them anyway
Product: Ports & Packages Reporter: ben
Component: Individual Port(s)Assignee: Brad Davis <brd>
Status: Closed FIXED    
Severity: Affects Many People CC: adam, ben, brd
Priority: --- Flags: bugzilla: maintainer-feedback? (pkg)
Version: Latest   
Hardware: Any   
OS: Any   

Description ben 2015-12-16 00:30:51 UTC 
if certain packages are locked, 'pkg upgrade' in one breath tells us it won't touch them because they are locked, but then actually goes and updates them anyhow.
Comment 1 Adam Bernstein 2016-01-06 21:56:15 UTC 
I want to add snippets of a session transcript here as supporting material. 

Summary:

1. curl starts out locked (because we build it from ports with custom options)
2. pkg sees that it's locked and says it won't touch it, and does not list it in the "Packages to be UPGRADED" section
3. pkg downloads and installs the update anyway, unlocking the package in the process
4. curl is indeed updated, and now unlocked

That is clearly inconsistent/buggy behavior. It happens with various packages, not just curl, quite reliably ever since one of the version updates of pkg itself - and I'm sorry we can't say which, but maybe 2-3 months ago.

Transcript follows:

# pkg lock -l
Currently locked packages:
alpine-2.20_1
curl-7.44.0
drush-6.5.0
pdflib-7.0.5_4
pear-1.9.4_3
pecl-pdflib-3.0.4
pecl-ssh2-0.12
portmaster-3.17.7
pwauth-2.3.11
wget-1.16.3

# pkg upgrade
Updating FreeBSD repository catalogue...
[SNIP]
Checking for upgrades (127 candidates): 100%
Processing candidates (127 candidates): 42%

curl-7.44.0 is locked and may not be modified
Processing candidates (127 candidates): 100%
The following 114 package(s) will be affected (of 0 checked):

Installed packages LOCKED:
Package curl-7.44.0 is locked and may not be upgraded to version 7.46.0_1

[SNIP]

Installed packages to be UPGRADED:

[SNIP]
emacs-nox11: 24.5_1,3 -> 24.5_2,3
db5: 5.3.28_2 -> 5.3.28_3
cmake-modules: 3.3.1 -> 3.4.1
cmake: 3.3.1 -> 3.4.1
ca_root_nss: 3.20 -> 3.20.1
bash: 4.3.42 -> 4.3.42_1
[SNIP]

Proceed with this action? [y/N]: y

[SNIP]
[private1.electricembers.net] Fetching curl-7.46.0_1.txz: 3% 50 KiB 51.2kB/[private1.electricembers.net] Fetching curl-7.46.0_1.txz: 100% 1 MiB 1.5MB/s 00:01
[private1.electricembers.net] [49/115] Upgrading curl from 7.44.0 to 7.46.0_1...
[private1.electricembers.net] [49/115] Extracting curl-7.46.0_1: 100%
[SNIP]

# pkg info | grep curl
curl-7.46.0_1 Non-interactive tool to get files from FTP, GOPHER, HTTP(S) servers

# pkg lock -l
Currently locked packages:
alpine-2.20_1
drush-6.5.0
pdflib-7.0.5_4
pear-1.9.4_3
pecl-pdflib-3.0.4
pecl-ssh2-0.12
portmaster-3.17.7
pwauth-2.3.11
wget-1.16.3
Comment 2 Brad Davis freebsd_committer freebsd_triage 2016-03-25 14:34:43 UTC 
This should be fixed in the next release.

See: https://github.com/freebsd/pkg/issues/1344