Merge ~paelzer/ubuntu-archive-tools:identify-removals-from-rebuilds into ubuntu-archive-tools:main

The --help output is meant to be rather complete and self-explanatory, but please let me know if you'd need/want to change something.

$ ./identify-removals-from-rebuilds.py --help
usage: identify-removals-from-rebuilds.py [-h] -s SERIES -c CSV_FILE [--min-arch-fails N] [--no-filtering] [--skip check-id [check-id ...]] [--verbose]

Identify removal candidates based on archive rebuild results.

This helper reads the csv files co-created together with html based archive
rebuild reports by
  https://git.launchpad.net/~ubuntu-test-rebuild/lp-ftbfs-report/tree/source/build_status.py.

For each package in that list it checks a set of constraints that help to
decide if a package is maybe better off to be removed from the archive instead
of spending lots of effort to fix the FTBFS.

This is meant to be a countermeasure of too many FTBFS that are leftover in an
active release and helps Archive Admins to identify candidates on which they
can then consider a removal.

options:
  -h, --help show this help message and exit
  -s SERIES, --series SERIES
                        Name of the series to check dependencies against.
  -c CSV_FILE, --csv CSV_FILE
                        Path to CVS file as generated for archive rebuilds.
  --min-arch-fails N Check not_min_arch_fail will ignore cases which have less architectures failing than this value. For example, set this to 5 to only show cases which fail on 5 or
                        more (Default: 1).
  --no-filtering By default the list is filtered by each check usually making the output small and readable as well as execution fast. By setting this option there will be no
                        filtering, instead the report will include all FTBFS and the result of each check will be reported per package (Warning: this will be slow).
  --skip check-id [check-id ...]
                        Skip the checks passed to this argument. Potential values listed below as "Known checks" (default: none).
  --verbose Report for per package that was excluded from the final report, why it was excluded and provides info about internal errors. (default: False)

Known checks:
  - enough_failing_arches => Did enough architectures fail to be a problem?
  - inacceptable_state => Is the fail state really inacceptable?
  - no_dependencies => Does nothing depend on this packages binaries?
  - no_build_dependencies => Does nothing build-depend on this package?
  - is_not_seeded => Is this package not seeded in Ubuntu?

It has options to skip particular checks if you want to have a different (than the check-all default) look at those lists.

Example usage against a public archive rebuild report (you can pass it path or URL to csv or html file, in the example I point to the html report which users usually look at manually):

$ ./identify-removals-from-rebuilds.py --series jammy --csv https://people.canonical.com/~ginggs/ftbfs-report/test-rebuild-20211217-jammy-jammy.html
Reading CSV file https://people.canonical.com/~ginggs/ftbfs-report/test-rebuild-20211217-jammy-jammy.html ...
Info: got an html file path, using: https://people.canonical.com/~ginggs/ftbfs-report/test-rebuild-20211217-jammy-jammy.csv instead
Info: http[s]::// path, fetching https://people.canonical.com/~ginggs/ftbfs-report/test-rebuild-20211217-jammy-jammy.csv
1893 cases found
Check "enough_failing_arches": Did enough architectures fail to be a problem?
Check done, 1893 cases left
Check "inacceptable_state": Is the fail state really inacceptable?
Check done, 1851 cases left
Check "no_dependencies": Does nothing depend on this packages binaries?
Check done, 0 cases left
No cases left, exiting ...

As you can see after applying the checks that we have discussed in Prague there is nothing left for a removal :-/
But I hope that this might not always be true (otherwise creating this was rather useless) especially if such rebuild reports are more recently done or of a more recent release (in both cases not that many cases are fixed already).

There is also a (slow) non-filtering mode in which you'll get a tabular view of all checked attributes. Here an example of that as well (I'm sure launchpad will slay the layout, but it looks fine in a console):

$ ./identify-removals-from-rebuilds.py --series jammy --csv /home/paelzer/work/lp-ftbfs-report/lp-ftbfs-report/test-rebuild-20211217-jammy-jammy-short.csv --no-filter
Reading CSV file /home/paelzer/work/lp-ftbfs-report/lp-ftbfs-report/test-rebuild-20211217-jammy-jammy-short.csv ...
14 cases found
Check "enough_failing_arches": Did enough architectures fail to be a problem?
Check "inacceptable_state": Is the fail state really inacceptable?
Check "no_dependencies": Does nothing depend on this packages binaries?
Check "no_build_dependencies": Does nothing build-depend on this package?
Check "is_not_seeded": Is this package not seeded in Ubuntu?
14 (100.0%)

## Final report ##
Found 14 relevant cases
Captions:
Fail = Did enough architectures fail to be a problem?
AccS = Is the fail state really inacceptable?
Dep = Does nothing depend on this packages binaries?
Bdep = Does nothing build-depend on this package?
Seed = Is this package not seeded in Ubuntu?

| Source Package | State | Failing Architectures | Fail | AccS | Dep | Bdep | Seed |
| grubzfs-testsuite | Failed to upload | riscv64 armhf | 2 | Yes | No | No | No |
| zsys | Always FTBFS | riscv64 armhf | 2 | No | Yes | Yes | No |
| zsys | Always DepWait | s390x | 1 | No | Yes | Yes | No |
| cross-toolchain-base | Always FTBFS | amd64 | 1 | No | Yes | Yes | No |
| icu | Always FTBFS | amd64 arm64 armhf ppc64el s390x | 5 | No | Yes | Yes | Yes |
| pyicu | Always FTBFS | arm64 armhf ppc64el s390x amd64 | 5 | No | Yes | Yes | Yes |
| glibc | Always FTBFS | armhf s390x | 2 | No | Yes | Yes | Yes |
| strace | Always FTBFS | arm64 armhf ppc64el amd64 s390x | 5 | No | Yes | Yes | Yes |
| servicelog | Always FTBFS | ppc64el | 1 | No | Yes | No | No |
| ppc64-diag | Always FTBFS | ppc64el | 1 | No | Yes | No | No |
| libreoffice | Always FTBFS | arm64 | 1 | No | Yes | Yes | Yes |
| mir | Always FTBFS | riscv64 armhf arm64 s390x ppc64el amd64 | 6 | No | No | No | Yes |
| squid | Always FTBFS | riscv64 armhf arm64 s390x ppc64el amd64 | 6 | No | Yes | No | No |
| libstatgrab | Always FTBFS | armhf arm64 s390x riscv64 amd64 ppc64el i386 | 7 | No | Yes | Yes | Yes |

Since it is a new file there will be no conflict no matter how long this MP is stale.
But I'd like to hear if this does fulfill what we discussed, therefore a 2023 ping for a review.

Hi and happy 2023,
There was no feedback yet and it might have fallen out of your inboxes "most-recent" cache.

But the recent Lunar Test rebuild is a great opportunity to bring this up again.
I've run the tool against [1] and found candidates to consider.

This test rebuild has just started and it does not mean we should lightly remove all those.
But this is a great chance to think about what other checks we might want to have following those already implemented (if any)?

Nice list pointing to some questionable cases like [2] for example.

The one thing that comes to my mind is that it might be useful to also point to the package on LP (like [2] in addition to the build log) and report the version. But I'll wait what you others think before spending more time, maybe it isn't as useful as we initially thought?

[1]: https://people.canonical.com/~ginggs/ftbfs-report/test-rebuild-20221215-lunar-normal-lunar.html
[2]: https://launchpad.net/ubuntu/+source/audio-convert

https://paste.ubuntu.com/p/7Xj3bJkDqW/

The list still is long, hence I'm waiting for suggestions what to further filter on.

Test run of the script, the very first package listed for me is:

| linux-starfive-5.17 | Failed to build | riscv64 |

which is an Ubuntu-specific package and shouldn't be removed because it FTBFS.

I thought when we discussed this in Prague, one of the criteria for packages going on this list was that it had been removed from Debian testing. Am I misremembering? I definitely don't see that as one of the checks in the implementation. (Checking for the package being present in Debian unstable but absent from Debian testing is also a check that can be done against downloaded Sources files without a lot of separate API calls, so I would expect it to significantly speed up the runtime.)

OTOH, although the first 4 packages reported are Ubuntu-specific packages that should not be removed, the fifth one is a FTBFS Ubuntu-specific package that *should* be pushed towards
removal: bot-sentry had one upload to Ubuntu in 2008, no uploads since. No idea how it's flown under the radar as being FTBFS. However, because it's Ubuntu-specific, I think we have a duty to file bugs in Launchpad first and give a maintainer an opportunity to respond rather than simply removing it as we would for a leaf package synced from Debian that has been removed from testing. Perhaps the output should be partitioned into two categories, for Debian vs Ubuntu removal candidates?

Another category of information that is important for deciding what to do with the package, and takes effort to manually chase down - if the publishing history says the package was originally synced from Debian, but is no longer in testing or unstable, it should definitely be removed - such packages can be removed using process-removals, but were probably missed at the time of the Debian removal because they still had Ubuntu-specific reverse-dependencies.

So looking at the first 10 packages in the report, I have:
- 4 Ubuntu-specific source packages that should not be removed because of a build failure because they are maintained
- 2 Ubuntu-specific package that are candidates for removal, but did not yet have any bugs filed (bot-sentry, add-apt-key)
- 2 Ubuntu-specific packages that had a bug report filed in LP since {2013,2016} about being totally useless, which I've therefore removed directly (foo-plugins, add-apt-key)
- 3 packages that are present in Debian testing and unstable and should therefore be out of scope for this report as they are not low-hanging fruit (glosstex, hotspot, acl2)

That's not a great hit rate at present and I think we need to improve it quite a bit before I would want to spend much more time on the output. Perhaps improved as per some of the above comments, perhaps you have other ideas.

In any case, I would like to see some improvements here before merging.

> I thought when we discussed this in Prague, one of the criteria for packages going on this list was that it had been removed from Debian testing. Am I misremembering?

It might have been mentioned, but it wasn't on the notes we have been taking.
I agree that this check will be quite useful and will consider adding it.

> Perhaps the output should be partitioned into two categories, for Debian vs Ubuntu removal candidates?

I'd not partition it, but add "ubuntu-only" a non filtering check, which would then appear as an extra column. That fits more nicely to the test and report architecture and should be sufficient to allow looking at those two categories separately. It also allows a user to change that

> Another category of information that is important for deciding what to do with the package, and takes effort to manually chase down - if the publishing history says the package was originally synced from Debian, but is no longer in testing or unstable, it should definitely be removed

Yep, that is another good suggestion for a check - again most likely a reported field instead of a filtering one.

> That's not a great hit rate at present and I think we need to improve it quite a bit before I would want to spend much more time on the output.
...
> In any case, I would like to see some improvements here before merging.

No problem, hence I was asking for opinions after I completed what my notes from Prague listed.

I'll also add the ideas I had which mostly help to navigate the result (report version, link to launchpad overview and tracker) to ease follow on activity.

I think another non filtering check could be to probe if the package version was untouched since the last release, if so it is more likely to be old cruft that is unmaintained.
I think we could report the oldest release "since when it is on that version".
I need to check how slow such a check would be, in the past I was quite happy with local madison-lite - but that is quite some setup effort.

Changes:
- check where a package exists to help decision making
- add links to Ubuntu and Debian overview pages to the output
- check and report since when a package was not touched
- some table style polishing
- speed up the is-seeded check

Example of the new output:
https://paste.ubuntu.com/p/643K6dgjgF/

I think this is ready for another look

From my look at the latest list it is really showing quite a lot good candidates.
Plenty of the case Steve described as "removed from testing but still in Ubuntu" and given that we report the last update we see many are from many years ago.

The set of Ubuntu-only packages also seems good for cleanup, either filing bugs or pinging the owning team. Or consider removing stuff that was important and ubuntu-only long ago, but not anymore.

I'm happy to learn more exclusion arguments if others look at the list and find another systematic reason to not be in this list we would consider for cleanup. If there are no such arguments, we might consider merging it as it then seems to be as helpful as it can be.

halting my review for the moment because downloading the Debian Sources.gz for me is so unreliable I'm not able to iterate.

> halting my review for the moment because downloading the Debian Sources.gz for me is so unreliable I'm not able to iterate.

Interesting, I didn't face any such when working on it yesterday and in December.
Is it anything we can fix on our side, or just some kind of overload-at-server or bad-connection?
... trying myself ...
Hmm, yeah this is indeed, ... umm, "rather slow" today.

For the sake of helping to overcome this problem in general I have reworked the downloading code:
1. It now uses retry mechanisms of python3-tenacity for any kind of flaky issue
2. Allow to specify alternative archive URLs

The former works without anything needing to be done by the user.
The latter has the usual "give me a prefix" options.
The following worked really well for me today: `--archive-ubuntu http://de.archive.ubuntu.com/ubuntu --archive-ubuntu-ports http://mirror.kumi.systems/ubuntu-ports`
If you have a local archive mirror on your disk anyway you can even use: `--archive-ubuntu /var/apt-mirror/ubuntu --archive-ubuntu-ports /var/apt-mirror/ubuntu` which saves you the download time.

While looking at it I've found that it also has grown complex enough to use proper logging, which I added as well.

Please let me know, if you faced something else I (actually the code) could help with.

On Fri, Jan 13, 2023 at 08:27:38AM -0000, Christian Ehrhardt  wrote:
> > halting my review for the moment because downloading the Debian Sources.gz for me is so unreliable I'm not able to iterate.

> Interesting, I didn't face any such when working on it yesterday and in
> December. Is it anything we can fix on our side, or just some kind of
> overload-at-server or bad-connection?
> ... trying myself ...
> Hmm, yeah this is indeed, ... umm, "rather slow" today.

I know there were some Canonical networking issues happening yesterday, so
perhaps it's related. It seems better this morning.

Thanks for your further suggestions and your experience on how the list could be further trimmed.

Just FYI on the delay, since I implement this mostly in breaks in between meetings this takes a while to complete.

So far I've fixed the few trivial changes you asked for and added the filtering of cases which did not have a binary built on the architectures that are now reported as failing.
It shrunk the list from 245 -> 229 cases.
This is fine, but you said "I find the list is dominated by packages that build on amd64 but ftbfs on one or more of our ports" which sounds like there should be more. If you, by any chance, have a list of cases left from your tests that were in this category please let me know so that I could cross check them.

I hope I'm able to find some time to look at the caching you asked for before marking it ready for review again.

> "wrong semantics of counting number of failed archs instead of number of successful archs."

I'm not sure I agree with that being the wrong semantic.
In general I'd assume one is generally interested as soon as at least "one fails" which is the default. OTOH it is clear that a package only is in the list to begin with if at least one fail happened. So in the default config I admit that all will pass (only takes about 20 µs which should be no problem; otherwise I'd change it to only run if someone has specified --min-arch-fails > 1).

But the actual use-case is, if some day one wants to look for those cases that are not one-offs and for that wants to look for those failing on more than one architecture. For that one might bump up --min-arch-fails.

Remember that comparison to "former succeeding builds" is done in other stages.
They are later as they need to reach out more and thereby are slower.

This is not what this check is about, therefore counting "successful builds" instead would be odd here as there might be packages which only try to build on 3, others on all, others on just one. If the filter here would be "at least that many successful builds" what would it really check then and what would be the default number of such builds to make them not being reported?

> I would suggest we add cache handling for these ...

In regard to the caching I have added it, but did not (yet) modified any other tool so that we can first agree on the structure of the cache. For now I have gone with a flat structure in the cache directory based on what they fetch - that is rather readable in code and works fine.

Potential further changes (not sure how far we want/need to go):
- Put all caching function in a file shared between the scripts using it (since we usually run from git I'm not keen on making it a full lib in lib path, but more like a local relative include)
- Modify other users of caching to use this shared code as well (currently find-proposed-cluster and retry-autopkgtest-regressions do have their own copy)
- Modify other consumers of Package/Source data to use the cache
- Change the flat structure to a directory tree structure that matches where it fetches from, but then it would come awfully close to be a full apt-mirror which I'd not like

All of these might be overkill - and I've held them back until I hear your preference on those and the basic cache structure to begin with.

FYI: I've started to illustrate how this could be used as lib inside the UAT repo.
I've some ideas to make it more useful in general, please allow me another day or two to push these new commits once completed.

On Wed, Feb 08, 2023 at 08:52:58AM -0000, Christian Ehrhardt  wrote:
> > "wrong semantics of counting number of failed archs instead of number of successful archs."

> I'm not sure I agree with that being the wrong semantic.
> In general I'd assume one is generally interested as soon as at least "one fails" which is the default. OTOH it is clear that a package only is in the list to begin with if at least one fail happened. So in the default config I admit that all will pass (only takes about 20 µs which should be no problem; otherwise I'd change it to only run if someone has specified --min-arch-fails > 1).

> But the actual use-case is, if some day one wants to look for those cases that are not one-offs and for that wants to look for those failing on more than one architecture. For that one might bump up --min-arch-fails.

> Remember that comparison to "former succeeding builds" is done in other stages.
> They are later as they need to reach out more and thereby are slower.

> This is not what this check is about, therefore counting "successful
> builds" instead would be odd here as there might be packages which only
> try to build on 3, others on all, others on just one. If the filter here
> would be "at least that many successful builds" what would it really check
> then and what would be the default number of such builds to make them not
> being reported?

My earlier comment, buried in the code comments on an earlier revision:

"From my POV, a package is an obvious candidate for source removal and should
be on this report only if it fails to build for all architectures for which
it is tried. This is different than having a fixed number of architectures
it fails on, because some packages limit the architectures they try to build
on, or build only Architecture: all packages, so the necessary number of
packages it fails on could be 1.

Packages that FTBFS on only a subset of architectures for which they
previously built are not good candidates for archive admins to do source
removal on. We should prefer either binary removal or fixing the build -
and deciding which of these is the correct approach requires developer time,
so I don't think they should be on this report."

This is what I mean by counting successful builds.

> - Put all caching function in a file shared between the scripts using it
> (since we usually run from git I'm not keen on making it a full lib in
> lib path, but more like a local relative include)

> - Modify other users of caching to use this shared code as well (currently
> find-proposed-cluster and retry-autopkgtest-regressions do have their
> own copy)

These are good ideas I think, but probably not as part of this particular
MP?

> - Change the flat structure to a directory tree structure that matches
> where it fetches from, but then it would come awfully close to be a full
> apt-mirror which I'd not like

I'm not keen on this one

> This is what I mean by counting successful builds.

Thanks for explaining!
Since we already have this scenario handled via the "nobinaries" check I think there is no need to change/add things in that regard.

> > - Put all caching function in a file shared between the scripts using it
> > (since we usually run from git I'm not keen on making it a full lib in
> > lib path, but more like a local relative include)
>
> > - Modify other users of caching to use this shared code as well (currently
> > find-proposed-cluster and retry-autopkgtest-regressions do have their
> > own copy)
>
> These are good ideas I think, but probably not as part of this particular
> MP?

Ok, I'll not modify the other users/scripts when landing this MP.
But I'd at least make it easy to be re-used and show how it could be used.
Therefore I've moved it into an includable source to be the first example.

By chance Utkarsh was visiting me last weekend and already had a problem/task which would be able to re-use it :-)

> > - Change the flat structure to a directory tree structure that matches
> > where it fetches from, but then it would come awfully close to be a full
> > apt-mirror which I'd not like
>
> I'm not keen on this one

Good, then it is already two of us :-)

I now pushed the latest changes, let me know if you think we can land it this way or if more is needed.

By now some of the existing caching was already refactored to be in utils.py
See https://git.launchpad.net/ubuntu-archive-tools/commit/?id=c60760abfefd92838557cf05a413f03ea4af407f

I'll need to revamp my MR to extend and use that, back to WIP until I found the time for that.

This is looking pretty good now in terms of behavior. I've reviewed 60 packages so far from the list of recommendations; of these:
- 57 have been removed
- 2 are appropriate for the script to recommend, but I have not removed them
- 1, c-evo-dh, looks wrong to me to be included in the list because it has not failed to build on any of the archs for which binaries are currently published, it only failed on armhf, riscv64, and s390x which the script correctly reports.

Reminder from MM chat:

[01:11] <vorlon> [05e] one thing that could be a nice improvement would be if it included a link to file a removal bug with a standard template
[01:11] <vorlon> [05f] à la https://bugs.launchpad.net/ubuntu/+source/opendrim-lmp-os/+bug/2015155

It appears the issues with the quality of the recommendations have been resolved. I've been removing dozens of ftbfs packages from lunar over the past two weeks using identity-removals-from-rebuilds as input.

I have some quibbles with the UX of the output and I know Christian still wants to do some code refactoring, but from my perspective this is ready to land and be more widely consumed by archive admins.

Reminder for a debug session:
[16:56] <vorlon> cpaelzer: so a rerun of identify-removals-from-rebuilds is now reporting candidates that it wasn't reporting yesterday, by almost double... hmm. (example: chibi-scheme)
[16:57] <vorlon> cpaelzer: and chibi-scheme shouldn't be a candidate, the only build failure is an arch for which it's not built in lunar... dunno what's failed there when this check worked previously
[17:09] <cpaelzer> I didn't change any code yet
[17:09] <cpaelzer> since it checks various conditions, like versions in Debian/Ubuntu and such maybe any of that changed and makes it a candidate now
[17:10] <cpaelzer> I could download the ftbfs report, reduce it to just chibi-scheme and then via cmdline we can bump up the loglevel to understand more in detail why it is shown now

This change in behavior was root-caused to a change in the contents of the report, so not a regression in the tool.

More reminders for improvement from chat:
... or they are `superseded` failures on the ftbfs report and should not be candidates

TODO: check if we can detect and filter out the superseded cases