Package: unattended-upgrades
Followup-For: Bug #886415

Dear Maintainer,

I encounter the same issue.

Running "unattended-upgrades --debug --apt-debug" I see the following
reasoning for the non-upgrade:

  Checking: linux-image-amd64 ([<Origin component:'main' archive:'stable' 
origin:'Debian' label:'Debian' site:'ftp.de.debian.org' isTrusted:True>, 
<Origin component:'main' archive:'stable' origin:'Debian' 
label:'Debian-Security' site:'security.debian.org' isTrusted:True>])
    Installing linux-image-4.9.0-6-amd64 as Depends of linux-image-amd64
      Installing firmware-linux-free as Recommends of linux-image-4.9.0-6-amd64
      Installing irqbalance as Recommends of linux-image-4.9.0-6-amd64
        Installing libnuma1 as Depends of irqbalance
  pkg 'firmware-linux-free' not in allowed origin
  sanity check failed

The following logic seems to apply:
* linux-image-4.9.0-6-amd64 recommends "firmware-linux-free"
  (the same applies for previous versions of the linux-image-... package)
* "firmware-linux-free" is not installed on the host
  (the kernel package was probably installed with "--no-install-recommends")
* the above sanity check tests if the upgradable package (linux-image)
  can be installed with default settings. Since this would pull in
  packages (via Recommends) from a non-allowed origin, the package is not
  eligible for an upgrade.

Thus currently unattended-upgrades silently omits any package, that was
not installed together with all its Recommends.
The issue can be worked around by changing the default for "Recommends"
somewhere below /etc/apt/apt.conf.d/:

  APT::Install-Recommends "0";

Of course, this would change all future apt operations, which may not be
what the administrator wants.

Thus unattended-upgrades currently works only, if one of the following
two sets of requirements is met:
A) the "Recommends" of all packages are installed
B) "APT::Install-Recommends" is disabled (system-wide)

Or did I forget another approach?

I could imagine, that "unattended-upgrades" should instead disable
"APT::Install-Recommends" for the sanity checks, since it is not
supposed to install additional packages (even with the proper Origin),
anyway. I do not know, whether this is feasible.

Thank you for your time!

Cheers,
Lars

Reply via email to