unattended-upgrade doesn't upgrade packages pinned to version
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unattended-upgrades (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
We wish to keep puppet and puppet-common pinned to the 2.7 versions. We achive this with the following /etc/apt/
Package: puppet puppet-common
Pin: version 2.7*
Pin-Priority: 501
This has the desired effect:
puppet:
Installed: 2.7.21-1puppetlabs1
Candidate: 2.7.23-1puppetlabs1
Package pin: 2.7.23-1puppetlabs1
Version table:
3.
500 http://
3.
500 http://
3.
500 http://
3.
500 http://
3.
500 http://
3.
500 http://
3.
500 http://
3.
500 http://
3.
500 http://
3.
500 http://
3.
500 http://
3.
500 http://
2.
500 http://
2.
500 http://
*** 2.7.21-1puppetlabs1 501
500 http://
100 /var/lib/
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
2.
500 http://
Yet unattended-upgrade doesn't install 2.7.23-
# unattended-upgrade --debug --dry-run
Initial blacklisted packages:
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,
adjusting candidate version from <Version: package:'puppet' version:
adjusting candidate version from <Version: package:
Checking: puppet (["<Origin component:'main' archive:'precise' origin:'Puppetlabs' label:'Puppetlabs' site:'apt.
pkg 'libjson-ruby' not in allowed origin
sanity check failed
adjusting candidate version from <Version: package:'puppet' version:
adjusting candidate version from <Version: package:
Checking: puppet-common (["<Origin component:'main' archive:'precise' origin:'Puppetlabs' label:'Puppetlabs' site:'apt.
pkg 'libjson-ruby' not in allowed origin
sanity check failed
adjusting candidate version from <Version: package:'puppet' version:
adjusting candidate version from <Version: package:
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
blacklist: []
Packages that are auto removed: ''
InstCount=0 DelCount=0 BrokenCout=0
Option --dry-run given, *not* performing real actions
Packages that are upgraded:
#
When I comment line 70 (self.adjust_
# lsb_release -rd
Description: Ubuntu 12.04.3 LTS
Release: 12.04
# apt-cache policy unattended-upgrades
unattended-
Installed: 0.76ubuntu1
Candidate: 0.76ubuntu1
Version table:
*** 0.76ubuntu1 0
500 http://
100 /var/lib/
0.76 0
500 http://
This bug was fixed in the package unattended-upgrades - 1.18
---------------
unattended-upgrades (1.18) experimental; urgency=medium
[ louib ]
* Update blacklist translations
* Fix syntax in template conf files
[ Balint Reczey ] tests/common- functions: Use backported python-apt from a PPA on Eoan between- snapshots test. all-security in sid because buster can't be tested pgradesCache desCache whitelist. Upgrade: :Allow- downgrade since now pinning is honored and
* Keep mypy 0.761 happy
* test: Create empty dirs to save kept packages list to them
* Log explanation about kept back packages (LP: #1850964)
(Closes: #945837, #903875)
* Use GitHub Actions for CI instead of Travis.
Run tests in Ubuntu Focal release because older releases don't have the
needed python-apt version.
* debian/
* debian/tests: Skip upgrade-
Python-apt's version is sid is too low for unattended-upgrades to work.
* Use apt_pkg.Hashes instead of deprecated apt_pkg.md5sum()
* autopkgtest: Skip upgrate-
* Make allowed_origins, blacklist and whitelist attributes of
UnattendedU
* Make strict_whitelist attribute of UnattendedUpgra
* Apply pinning to disable not allowed origins and honor blacklist/
This makes candidate adjustments obsolete, since apt's resolver would pick
candidates only from allowed origins by itself unless local pinning
configuration overrides that.
* Rely fully on pinning to disable allowed origins and stop adjusting
candidates.
* Drop Unattended-
downgrades are allowed for package versions with priority >= 1000.
(Closes: #905877, #919046, #768087, #946491) (LP: #1251228, #1434115)
* Don't ignore allowed origin when the package's priority is < 100.
This used to be the way of honoring the priority, but now this special case
prevents the package from showing up as a package kept back.
* Assume frontend locking to be supported.
Python3-apt (>= 1.9.6~) is required which supports the frontend locking API
-- Balint Reczey <email address hidden> Tue, 25 Feb 2020 19:28:13 +0100