[Bug 2033646] Re: unattended-upgrade ignores apt-pinning to not-allowed origins

Tue, 23 Jul 2024 01:55:33 -0700 

@juliank

I think you missed the point of this bug report and its grave status for
"unattended-upgrades".

This bug happens even when there is *no* "intermediate" update available in the 
Ubuntu repository (allowed-origin).
When there is an *UPDATE AVAILABLE IN AN EXTERNAL REPOSITORY* 
(not-allowed-origin),
"unattended-upgrades" installs the package from the Ubuntu repository, which 
hasn't even changed (!)

Example:
    ubuntu: 1:1.0
    now:    0:123.0
    ppa:    0:123.0 (apt-pinned to 1000)
Update available *IN THE EXTERNAL REPOSITORY*:
    ubuntu: 1:1.0
    now:    0:123.0
    ppa:    0:124.0 (apt-pinned to 1000)
"unattended-upgrades" stupidly installs 1:1.0 (WTF?!):
    ubuntu: 1:1.0
    now:    1:1.0
    ppa:    0:124.0 (apt-pinned to 1000)
And then a manual "apt-get upgrade" (properly) installs 0:124.0:
    ubuntu: 1:1.0
    now:    0:124.0
    ppa:    0:124.0 (apt-pinned to 1000)

> but the "workaround" is the right solution for this issue.

(workaround = pinning Ubuntu repository to 1/-1 for all external packages)
Wrong.
You may add the entire Debian repository (which will be not-allowed-origin),
and now you have to pin every package (and dependency!) installed from Debian 
*by name*
in order for "unattended-upgrades" not to mess with them.
This "solution" would be ridiculous.

> particularly odd case

No odd case here: there was *no* update available in the Ubuntu repository in 
this case.
It's "unattended-upgrades" behavior that is odd and completely broken.

> it's very hard to implement

This doesn't justify keeping a grave bug in "unattended-upgrades"
behavior.

And it shouldn't be that hard:
1. Get the list of packages+version+origin that can be updated no matter of the 
allowed-origin state, no messing with apt-pinning.
2. Upgrade only the packages from this list that have origins that are allowed.

To sum up: "unattended-upgrades" completely breaks APT pinning (meant
mostly for external repositories) and selects completely wrong versions
for installation candidates. Period.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2033646

Title:
  unattended-upgrade ignores apt-pinning to not-allowed origins

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/2033646/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to