paru -c doesn't remove some packages that are "real orphans" (paru -Qdt)

[Artemigos]

Affected Version

paru -V

paru v2.0.4 - libalpm v15.0.0

Description

Have you checked previous issues?
yes

Output

paru -Qdt

bridge-utils 1.7.1-2
lib32-attr 2.5.2-1
lib32-gtk3 1:3.24.48-1
libxcrypt-compat 4.4.38-1

paru -c

checking dependencies...

Packages (1) bridge-utils-1.7.1-2

Total Removed Size:  0.03 MiB

:: Do you want to remove these packages? [Y/n]

I investigated the libxcrypt-compat package:

paru -Qi libxcrypt-compat

Name            : libxcrypt-compat
Version         : 4.4.38-1
Description     : Modern library for one-way hashing of passwords - legacy API functions
Architecture    : x86_64
URL             : https://github.com/besser82/libxcrypt/
Licenses        : LGPL
Groups          : None
Provides        : libcrypt.so=1-64
Depends On      : libxcrypt
Optional Deps   : None
Required By     : None
Optional For    : None
Conflicts With  : None
Replaces        : None
Installed Size  : 174.02 KiB
Packager        : Christian Hesse <[email protected]>
Build Date      : Tue 14 Jan 2025 04:23:12 PM CET
Install Date    : Thu 16 Jan 2025 10:30:17 PM CET
Install Reason  : Installed as a dependency for another package
Install Script  : Yes
Validated By    : Signature

It's not required or optional for anything, but provides libcrypt.so=1-64. Using pyalpm I extracted installed packages that depend on libcrypt.so in any version:

alpm.Package("openssh-9.9p1-2-x86_64") libcrypt.so=2-64
alpm.Package("pam-1.7.0-2-x86_64") libcrypt.so=2-64
alpm.Package("perl-5.40.1-1-x86_64") libcrypt.so=2-64
alpm.Package("shadow-4.16.0-1-x86_64") libcrypt.so=2-64
alpm.Package("systemd-257.3-1-x86_64") libcrypt.so=2-64
alpm.Package("util-linux-2.40.4-1-x86_64") libcrypt.so=2-64

All of them depend on version 2-64 which isn't what the package provides. This suggests that version isn't taken into account for cleanup logic. After digging through the code I found this:

paru/src/util.rs

Line 174 in 55efaab

pub fn unneeded_pkgs(config: &Config, keep_make: bool, keep_optional: bool) -> Vec<&str> {

The code ignores provider version which seems to be taken into account when finding "real orphans".

Just to be sure I checked if anything provides the correct version on my system:

alpm.Package("libxcrypt-4.4.38-1-x86_64") libcrypt.so=2-64
alpm.Package("libxcrypt-compat-4.4.38-1-x86_64") libcrypt.so=1-64

Yep, another package provides that version. My conclusion - when looking for packages to remove during paru -c, provider versions need to be checked against dependency version requirements.

[SergeyKasmy]

I'd like to contribute to the project. Is it fine if I take this issue?