Sorry, this is long because I've already spent lots of time failing to
resolve this before coming here...
I'll start with a quick summary, then follow with the condensed detail...
=== Summary
tldr; apt-get behaves differently when invoked from the cli(bash)
compared to from cron-apt...
from bash, it works as desired:
# /usr/bin/apt-get -o quiet=1 dist-upgrade --download-only --assume-yes
--option APT::Get::Show-Upgraded=true --target-release
'/^bookworm(|-security|-updates|-backports)$/'
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following packages were automatically installed and are no longer
required:
<snip>
Use 'apt autoremove' to remove them.
The following packages will be REMOVED:
<snip>
The following NEW packages will be installed:
<snip>
The following packages will be upgraded:
<snip>
167 upgraded, 49 newly installed, 3 to remove and 0 not upgraded.
<= The desired information
Need to get 0 B/571 MB of archives.
After this operation, 977 MB of additional disk space will be used.
Download complete and in download only mode
but, from cron-apt, it errors on the value of --target-release:
CRON-APT ACTION: 4-backports
CRON-APT LINE: /usr/bin/apt-get -o quiet=1 dist-upgrade --download-only
--assume-yes --option APT::Get::Show-Upgraded=true --target-release
'/^bookworm(|-security|-updates|-backports)$/'
Reading package lists...
E: The value ''/^bookworm(|-security|-updates|-backports)$/'' is invalid
for APT::Default-Release as such a release is not available in the sources
... Q: how do I debug **why** apt-get is behaving differently? I
assume(is it?) it's something to do with the apt configuration, but how
can I see that config? -o 'Debug::pkgInitialize=true' or -o
'Debug::pkgInitConfig=true' don't emit anything. (As a test, apt-get -o
Debug::Acquire::http=true update does produce http debug on stdout.)
A: ?
==== Detail
I use cron-apt to tell me when updated packages are available to be
installed.
I've tried to extend it by adding a fourth action to show me what
updates are available from bookworm-backports too.
Now, if I just use --target-release bookworm-backports, then apt-get
works from cron apt, but the output is wrong - it wants to downgrade a
load of packages, e.g.
# /usr/bin/apt-get -o quiet=1 dist-upgrade --download-only --assume-yes
--option APT::Get::Show-Upgraded=true --target-release bookworm-backports
Reading package lists...
Building dependency tree...
Reading state information...
Calculating upgrade...
The following packages were automatically installed and are no longer
required:
<snip>
Use 'apt autoremove' to remove them.
The following packages will be REMOVED:
<snip>
The following NEW packages will be installed:
<snip>
The following packages have been kept back:
<snip>
The following packages will be upgraded:
<snip>
The following packages will be DOWNGRADED:
<snip>
106 upgraded, 19 newly installed, 167 downgraded, 11 to remove and 2 not
upgraded. <== 167 downgraded !?!? :-o
E: Packages were downgraded and -y was used without --allow-downgrades.
It's doing this because of how '--target-release bookworm-backports'
messes with the source priorities ...
# apt-cache policy --target-release bookworm-backports | grep main |
grep amd64
50 http://deb.debian.org/debian testing/main amd64 Packages
release o=Debian,a=testing,n=forky,l=Debian,c=main,b=amd64
500 http://deb.debian.org/debian-debug
bookworm-proposed-updates-debug/main amd64 Packages
release
v=12-updates,o=Debian,a=oldstable-proposed-updates-debug,n=bookworm-proposed-updates-debug,l=Debian
debug,c=main,b=amd64
500 http://deb.debian.org/debian-debug bookworm-debug/main amd64 Packages
release
v=12.13,o=Debian,a=oldstable-debug,n=bookworm-debug,l=Debian
debug,c=main,b=amd64
990 http://deb.debian.org/debian bookworm-backports/main amd64 Packages
release o=Debian
Backports,a=oldstable-backports,n=bookworm-backports,l=Debian
Backports,c=main,b=amd64
1000 https://security.debian.org/debian-security bookworm-security/main
amd64 Packages
release
v=12,o=Debian,a=oldstable-security,n=bookworm-security,l=Debian-Security,c=main,b=amd64
500 https://deb.debian.org/debian bookworm-updates/main amd64 Packages
release
v=12-updates,o=Debian,a=oldstable-updates,n=bookworm-updates,l=Debian,c=main,b=amd64
500 http://deb.debian.org/debian bookworm/main amd64 Packages
release
v=12.13,o=Debian,a=oldstable,n=bookworm,l=Debian,c=main,b=amd64
... so it puts bookworm-backports at 990, compared to bookworm/main and
bookworm-updates at 500 and bookworm-security at 1000.
This results in it wanting to downgrade all the packages where the
version in bookworm-security (at priority 1000) is behind bookworm/main
or bookworm-updates (at priority 500), e.g. apache2...
# apt-cache policy --target-release bookworm-backports apache2
apache2:
Installed: 2.4.66-1~deb12u1
Candidate: 2.4.62-1~deb12u2
Version table:
2.4.66-2+b1 50
50 http://deb.debian.org/debian testing/main amd64 Packages
*** 2.4.66-1~deb12u1 500
500 http://deb.debian.org/debian bookworm/main amd64 Packages
100 /var/lib/dpkg/status
2.4.62-1~deb12u2 1000
1000 https://security.debian.org/debian-security
bookworm-security/main amd64 Packages
... so it wants to downgrade apache2 from 2.4.66 to 2.4.62 which is in
bookworm-security, because that's at a higher priority (1000) than the
installed version (100/500).
To get the right behaviour, it's necessary to use the
regex '/^bookworm(|-security|-updates|-backports)$/' so that all four
sources become equal at 990...
# apt-cache policy --target-release
'/^bookworm(|-security|-updates|-backports)$/' | grep main | grep amd64
50 http://deb.debian.org/debian testing/main amd64 Packages
release o=Debian,a=testing,n=forky,l=Debian,c=main,b=amd64
500 http://deb.debian.org/debian-debug
bookworm-proposed-updates-debug/main amd64 Packages
release
v=12-updates,o=Debian,a=oldstable-proposed-updates-debug,n=bookworm-proposed-updates-debug,l=Debian
debug,c=main,b=amd64
500 http://deb.debian.org/debian-debug bookworm-debug/main amd64 Packages
release
v=12.13,o=Debian,a=oldstable-debug,n=bookworm-debug,l=Debian
debug,c=main,b=amd64
990 http://deb.debian.org/debian bookworm-backports/main amd64 Packages
release o=Debian
Backports,a=oldstable-backports,n=bookworm-backports,l=Debian
Backports,c=main,b=amd64
990 https://security.debian.org/debian-security bookworm-security/main
amd64 Packages
release
v=12,o=Debian,a=oldstable-security,n=bookworm-security,l=Debian-Security,c=main,b=amd64
990 https://deb.debian.org/debian bookworm-updates/main amd64 Packages
release
v=12-updates,o=Debian,a=oldstable-updates,n=bookworm-updates,l=Debian,c=main,b=amd64
990 http://deb.debian.org/debian bookworm/main amd64 Packages
release
v=12.13,o=Debian,a=oldstable,n=bookworm,l=Debian,c=main,b=amd64
... and so apt then correctly resolves on the version number alone.
That regex works when running apt-get from bash, but gives the error
when running it from cron-apt (see the summary at the top).
I haven't been able to work out why it's doing that.
I assume it's something to do with the configuration of apt-get that's
different between the two environments?
I can't figure out what it might be (nothing jumps out from
/usr/share/doc/apt/examples/configure-index).
I can't get debug working to see what the config actually is. It looks
as though Debug::pkgInitConfig=true or Debug::pkgInitialize=true ("This
one will dump the configuration space") should show me the config, but
adding these with -o or --option doesn't produce any debug output.
I'm expecting to see debug output on stdout/stderr, coz that's what
happens for 'apt-get -o Debug::Acquire::http=true update' - http debug
*is* seen on stdout/stderr.
'apt-get -o Debug::pkgInitialize=true update' just produces the regular
output, same as plain 'apt-get update'.
Thanks,
Alan Dennis
