Package: gnome-software
Version: 48.3-2
Severity: critical
Dear developer,
I'm not sure if this bug should filed against GNOME Software or
PackageKit, but IIUC since the latter is only an interface which dumbly
does what other software ask it to do, I think the real culprit here is
GNOME Software (which "prepared" the atomic operation), despite what the
logs say.i If you think otherwise, please reassign to packagekit 1.3.1-1.
Some time ago one, of my users complained that he couldn't browse the
web anymore, and found that the proxy settings in Firefox were gone.
After I looked into it, I found that Firefox lost its whole
`policies.json` file, which is provided by a home-made package (and
configures the proxy settings).
The problem was that this package has a versioned dependency against
Firefox ESR. We do this in order to control when our users will switch
to a new ESR version. I was confident that this would hold Firefox ESR
upgrades until we decided to allow them, since `unattended-upgrades` is
not supposed to remove packages, but it seems that GNOME Software
doesn't care about that: to install the new version of `firefox-esr`
(presented as a security update, OK, but still), it carelessly removed
my package (and one of its reverse dependencies), as shown in the logs:
-----%<-----
Start-Date: 2025-09-19 15:42:12
Commandline: packagekit role='update-packages'
Upgrade: firefox-esr-l10n-fr:amd64 (128.14.0esr-1~deb13u1,
140.3.0esr-1~deb13u1), firefox-esr:amd64 (128.14.0esr-1~deb13u1,
140.3.0esr-1~deb13u1)
Remove: mycompany-desktop:amd64 (0.5), mycompany-firefox-esr:amd64 (0.6)
End-Date: 2025-09-19 15:42:46
----->%-----
And it did it again with Thunderbird some days later:
-----%<-----
Start-Date: 2025-09-30 15:09:54
Commandline: packagekit role='update-packages'
Upgrade: thunderbird:amd64 (1:128.14.0esr-1~deb13u1,
1:140.3.0esr-1~deb13u1), thunderbird-l10n-fr:amd64
(1:128.14.0esr-1~deb13u1, 1:140.3.0esr-1~deb13u1)
Remove: mycompany-thunderbird:amd64 (0.12)
End-Date: 2025-09-30 15:09:57
----->%-----
The user doesn't remember much; he told me that he thinks he received a
GNOME notification saying that an update was available, and clicked on
it. He doesn't remember if the upgrade was done while the system was
running or if GNOME asked to reboot the machine and the upgrade was done
offline, but IMHO this is irrelevant: a simple package upgrade should
not remove packages.
Note: of course our users don't have administrator rights on their
machines and normally can't install packages by themselves with tools
like APT or GNOME software. This was an automatic upgrade seemingly
initiated by GNOME Software and handled by PackageKit, the user just
accepted what the UI suggested.
In the meantime I created an equiv package to remove `gnome-software`
from all machines (since anyway users are not allowed to install
packages with it), and let `unattended-upgrades` manage upgrades. Maybe
`gnome-software` should not be a hard dependency of `gnome-core`, but
merely a recommends.
Regards,
--
Raphaël Halimi
