Don't allow udebs to satisfy dependencies of regular debs

I was just bitten by this problem in Kali where the ISO was not
containing the expected packages because tools/sort_deps was accepting
"xserver-xorg-input-libinput-udeb" as a solution to
"xserver-xorg-input-all | xserver-xorg-input-driver" and the
udeb was among the package already selected for inclusion on the
ISO.

With this change, tools/sort_deps will look for udeb to solve
udeb dependencies and it will look for non-udeb to solve non-udeb
dependencies.

FTR, here's the sort_deps.log extract proving my assertion:

    xserver-xorg Dep: (OR xserver-xorg-input-all xorgxrdp xserver-xorg-input-aiptek xserver-xorg-input-elographics xserver-xorg-input-evdev xserver-xorg-input-evdev-udeb xserver-xorg-input-joystick xserver-xorg-input-kbd xserver-xorg-input-libinput xserver-xorg-input-libinput-udeb xserver-xorg-input-mouse xserver-xorg-input-mtrack xserver-xorg-input-multitouch xserver-xorg-input-mutouch xserver-xorg-input-synaptics xserver-xorg-input-void xserver-xorg-input-wacom xserver-xorg-input-xwiimote ) soft_depend 1
    xserver-xorg-input-all not included in a useful version, check_backports 0
    xorgxrdp not included in a useful version, check_backports 0
    xserver-xorg-input-aiptek not included in a useful version, check_backports 0
    xserver-xorg-input-elographics not included in a useful version, check_backports 0
    xserver-xorg-input-evdev not included in a useful version, check_backports 0
    xserver-xorg-input-evdev-udeb not included in a useful version, check_backports 0
    xserver-xorg-input-joystick not included in a useful version, check_backports 0
    xserver-xorg-input-kbd not included in a useful version, check_backports 0
    xserver-xorg-input-libinput not included in a useful version, check_backports 0
      xserver-xorg-input-libinput-udeb is included already, acceptable version 0.29.0-1

debian/changelog

@@ -1,3 +1,10 @@
+debian-cd (3.1.29) UNRELEASED; urgency=medium
+
+  * Fix tools/sort_deps to not accept udeb as solutions to dependencies of
+    regular deb (and vice-versa).
+
+ -- Raphaël Hertzog <raphael@offensive-security.com>  Thu, 13 Feb 2020 15:07:42 +0100
+
 debian-cd (3.1.28) unstable; urgency=medium
 
   [ Steve McIntyre ]

tools/sort_deps

@@ -648,13 +648,20 @@ sub check_versions {
 sub dep_pkg_included {
 	my $p = shift;
 	my $check_backports = shift;
+	my $need_udeb = shift;
 	my %d = %$p;
 	my $pn = $d{"Package"};
 
 	if ($included{$pn}) {
 		if (check_versions($d{"Version"}, $d{"CmpOp"}, $packages{$pn}{"Version"})) {
-			msg(1, "      $pn is included already, acceptable version " . $packages{$pn}{"Version"} . "\n");
-			return 1;
+			if ($packages{$pn}{"IsUdeb"} == $need_udeb) {
+				msg(1, "      $pn is included already, acceptable version " . $packages{$pn}{"Version"} . "\n");
+				return 1;
+			} else {
+				my $explanation = "it's a udeb instead of regular deb";
+				$explanation = "it's a deb instead of an udeb" if $need_udeb;
+				msg(1, "      $pn is included already, but $explanation\n");
+			}
 		} else {
 			msg(1, "      $pn is included already, but invalid version " . $packages{$pn}{"Version"} . "\n");
 		}
@@ -665,8 +672,14 @@ sub dep_pkg_included {
 	    msg(1, "    Checking $pn too:\n");
 	    if ($included{$pn}) {
 		if (check_versions($d{"Version"}, $d{"CmpOp"}, $packages{$pn}{"Version"})) {
-		    msg(1, "      $pn is included already, acceptable version " . $packages{$pn}{"Version"} . "\n");
-		    return 1;
+		    if ($packages{$pn}{"IsUdeb"} == $need_udeb) {
+			msg(1, "      $pn is included already, acceptable version " . $packages{$pn}{"Version"} . "\n");
+			return 1;
+		    } else {
+			my $explanation = "it's a udeb instead of regular deb";
+			$explanation = "it's a deb instead of an udeb" if $need_udeb;
+			msg(1, "      $pn is included already, but $explanation\n");
+		    }
 		} else {
 		    msg(1, "      $pn is included already, but invalid version " . $packages{$pn}{"Version"} . "\n");
 		}
@@ -742,15 +755,16 @@ sub fix_backport_depends {
 sub dep_satisfied {
     my $p = shift;
     my $check_backports = shift;
+    my $need_udeb = shift;
     
     if ("ARRAY" eq ref $p) {
 	foreach (@{$p}) {
-	    if (dep_pkg_included($_, $check_backports)) {
+	    if (dep_pkg_included($_, $check_backports, $need_udeb)) {
 		return 1;
 	    }
 	}
     } elsif ("HASH" eq ref $p) {
-	return dep_pkg_included($p, $check_backports);
+	return dep_pkg_included($p, $check_backports, $need_udeb);
     } else {
     }
     return 0;
@@ -1008,6 +1022,8 @@ sub add_missing {
 		die "add_missing passed a non-hash";
 	}
 
+	my $need_udeb = $packages{$pkgin{"Package"}}{"IsUdeb"};
+
 	push(@{$parents}, $pkgin{"Package"});
 	#msg(3, "   add_missing: parents atm @{$parents}\n");
 	# Check all dependencies 
@@ -1034,7 +1050,7 @@ sub add_missing {
 		msg(3, "    $pkgname Dep: $textout soft_depend $soft_depend\n");
 
 		# Bail out early if we can!
-		if (dep_satisfied ($thisdep, $check_backports)) {
+		if (dep_satisfied ($thisdep, $check_backports, $need_udeb)) {
 			next;
 		}
 
@@ -1057,7 +1073,7 @@ sub add_missing {
 				}
                                
 				# Already installed?
-				if (dep_satisfied($pkg, $check_backports)) {
+				if (dep_satisfied($pkg, $check_backports, $need_udeb)) {
 					msg(3, "    OR relationship already installed: " . dump_depend($pkg) . "\n");
 					$or_ok = 1;
 					last;
@@ -1147,7 +1163,7 @@ sub add_missing {
 					last;
 				}
 			}
-			if (dep_satisfied(\%t, $check_backports)) {
+			if (dep_satisfied(\%t, $check_backports, $need_udeb)) {
 				msg(1, "    $pt already included\n");
 				next; # Already included, don't worry
 			}