Ubuntu
unattended-upgrades package

unattended-upgrade doesn't upgrade packages pinned to version

Bug #1251228 reported by Rick van den Hof on 2013-11-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	unattended-upgrades (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

We wish to keep puppet and puppet-common pinned to the 2.7 versions. We achive this with the following /etc/apt/preferences.d/00-puppet.pref:

Package: puppet puppet-common
Pin: version 2.7*
Pin-Priority: 501

This has the desired effect:

puppet:
  Installed: 2.7.21-1puppetlabs1
  Candidate: 2.7.23-1puppetlabs1
  Package pin: 2.7.23-1puppetlabs1
  Version table:
     3.3.2-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     3.3.1-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     3.3.0-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     3.2.4-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     3.2.3-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     3.2.2-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     3.2.1-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     3.1.1-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     3.1.0-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     3.0.2-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     3.0.1-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     3.0.0-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.7.23-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.7.22-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
*** 2.7.21-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
        100 /var/lib/dpkg/status
     2.7.20-2puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.7.20-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.7.19-1puppetlabs2 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.7.19-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.7.18-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.7.17-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.7.16-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.7.14-2puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.7.14-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.7.13-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.7.12-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.7.11-1ubuntu2.5 501
        500 http://archive.ubuntu.totaal.net/ubuntu/ precise-updates/main amd64 Packages
     2.7.11-1ubuntu2.4 501
        500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
     2.7.11-1ubuntu2 501
        500 http://archive.ubuntu.totaal.net/ubuntu/ precise/main amd64 Packages
     2.7.11-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.6.18-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages
     2.6.14-1puppetlabs1 501
        500 http://apt.puppetlabs.com/ precise/main amd64 Packages

Yet unattended-upgrade doesn't install 2.7.23-1puppetlabs1, it attempts to install 3.3.2-1puppetlabs1 (I have modified the logging.debug() to include the 'from' version):

# unattended-upgrade --debug --dry-run
Initial blacklisted packages:
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,a=precise-security', 'o=Ubuntu,a=precise-updates', 'o=Puppetlabs,a=precise']
adjusting candidate version from <Version: package:'puppet' version:'2.7.23-1puppetlabs1'> to '<Version: package:'puppet' version:'3.3.2-1puppetlabs1'>'
adjusting candidate version from <Version: package:'puppet-common' version:'2.7.23-1puppetlabs1'> to '<Version: package:'puppet-common' version:'3.3.2-1puppetlabs1'>'
Checking: puppet (["<Origin component:'main' archive:'precise' origin:'Puppetlabs' label:'Puppetlabs' site:'apt.puppetlabs.com' isTrusted:True>"])
pkg 'libjson-ruby' not in allowed origin
sanity check failed
adjusting candidate version from <Version: package:'puppet' version:'2.7.23-1puppetlabs1'> to '<Version: package:'puppet' version:'3.3.2-1puppetlabs1'>'
adjusting candidate version from <Version: package:'puppet-common' version:'2.7.23-1puppetlabs1'> to '<Version: package:'puppet-common' version:'3.3.2-1puppetlabs1'>'
Checking: puppet-common (["<Origin component:'main' archive:'precise' origin:'Puppetlabs' label:'Puppetlabs' site:'apt.puppetlabs.com' isTrusted:True>"])
pkg 'libjson-ruby' not in allowed origin
sanity check failed
adjusting candidate version from <Version: package:'puppet' version:'2.7.23-1puppetlabs1'> to '<Version: package:'puppet' version:'3.3.2-1puppetlabs1'>'
adjusting candidate version from <Version: package:'puppet-common' version:'2.7.23-1puppetlabs1'> to '<Version: package:'puppet-common' version:'3.3.2-1puppetlabs1'>'
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
blacklist: []
Packages that are auto removed: ''
InstCount=0 DelCount=0 BrokenCout=0
Option --dry-run given, *not* performing real actions
Packages that are upgraded:
#

When I comment line 70 (self.adjust_candidate_versions()) it will upgrade to the right package, but I don't know what other stuff this breaks.

# lsb_release -rd
Description: Ubuntu 12.04.3 LTS
Release: 12.04

# apt-cache policy unattended-upgrades
unattended-upgrades:
  Installed: 0.76ubuntu1
  Candidate: 0.76ubuntu1
  Version table:
*** 0.76ubuntu1 0
        500 http://archive.ubuntu.totaal.net/ubuntu/ precise-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     0.76 0
        500 http://archive.ubuntu.totaal.net/ubuntu/ precise/main amd64 Packages

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-02-26:

This bug was fixed in the package unattended-upgrades - 1.18

---------------
unattended-upgrades (1.18) experimental; urgency=medium

  [ louib ]
  * Update blacklist translations
  * Fix syntax in template conf files

  [ Balint Reczey ]
  * Keep mypy 0.761 happy
  * test: Create empty dirs to save kept packages list to them
  * Log explanation about kept back packages (LP: #1850964)
    (Closes: #945837, #903875)
  * Use GitHub Actions for CI instead of Travis.
    Run tests in Ubuntu Focal release because older releases don't have the
    needed python-apt version.
  * debian/tests/common-functions: Use backported python-apt from a PPA on Eoan
  * debian/tests: Skip upgrade-between-snapshots test.
    Python-apt's version is sid is too low for unattended-upgrades to work.
  * Use apt_pkg.Hashes instead of deprecated apt_pkg.md5sum()
  * autopkgtest: Skip upgrate-all-security in sid because buster can't be tested
  * Make allowed_origins, blacklist and whitelist attributes of
    UnattendedUpgradesCache
  * Make strict_whitelist attribute of UnattendedUpgradesCache
  * Apply pinning to disable not allowed origins and honor blacklist/whitelist.
    This makes candidate adjustments obsolete, since apt's resolver would pick
    candidates only from allowed origins by itself unless local pinning
    configuration overrides that.
  * Rely fully on pinning to disable allowed origins and stop adjusting
    candidates.
  * Drop Unattended-Upgrade::Allow-downgrade since now pinning is honored and
    downgrades are allowed for package versions with priority >= 1000.
    (Closes: #905877, #919046, #768087, #946491) (LP: #1251228, #1434115)
  * Don't ignore allowed origin when the package's priority is < 100.
    This used to be the way of honoring the priority, but now this special case
    prevents the package from showing up as a package kept back.
  * Assume frontend locking to be supported.
    Python3-apt (>= 1.9.6~) is required which supports the frontend locking API

-- Balint Reczey <email address hidden> Tue, 25 Feb 2020 19:28:13 +0100

This bug was fixed in the package unattended-upgrades - 1.18

---------------
unattended-upgrades (1.18) experimental; urgency=medium

[ louib ]
  * Update blacklist translations
  * Fix syntax in template conf files

-- Balint Reczey <rbalint@ubuntu.com>  Tue, 25 Feb 2020 19:28:13 +0100

Changed in unattended-upgrades (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuunattended-upgrades package

unattended-upgrade doesn't upgrade packages pinned to version

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
unattended-upgrades package