The officially official Devuan Forum!

You are not logged in.

#1 Re: Installation » Security Updates for Beowulf not installed automatically » 2020-03-04 17:26:53

igs
LeePen wrote:

Hi,
Is the Default-release setting actually required? You only appear to have beowulf sources.

Some of my running systems have a Debian/Devuan history back to Debian Potato. I'm using private repositories e.g. for self-built backports and over the time it is often necessary to include other repositories. E.g. my more than 10 year old Zope 2.13 installation still running under Beowulf requires the 'python-virtualenv' package from Debian Wheezy.

In the 'apt policy' output above I've cut out the unrelated repositories. Sorry.

So I always use 'Default-release' on all of my systems and up to now that never was a problem.

#2 Re: Installation » Security Updates for Beowulf not installed automatically » 2020-03-04 08:19:03

igs

So I've found a workaround by creating

/etc/apt/preferences.d/security.pref

with the following content:

Package: *
Pin: release n=beowulf-security
Pin-Priority: 990

But from my point of view this is a workaround and not a fix. Adding the security repository in the 'sources.list' file should be enough and instantly enable installing security fixes.

I'm sure the problem is located in the 'Release' file of the repository.

Is there a place where I can open an issue for that? 'reportbug' seems not to work for that as the problem here is not package related but repository related.

#3 Re: Installation » Security Updates for Beowulf not installed automatically » 2020-03-03 23:09:22

igs

thanks, but that does not help.

The 'apt policy' command helps a little bit forward:
Devuan:

# apt policy
Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 http://deb.devuan.org/merged beowulf-security/main amd64 Packages
     release v=3.0.0,o=Devuan,a=testing-security,n=beowulf-security,l=Devuan-Security,c=main,b=amd64
     origin deb.devuan.org
 500 http://deb.devuan.org/merged beowulf-updates/main amd64 Packages
     release v=3.0.0,o=Devuan,a=testing-updates,n=beowulf-updates,l=Devuan,c=main,b=amd64
     origin deb.devuan.org
 990 http://deb.devuan.org/merged beowulf/main amd64 Packages
     release v=3.0,o=Devuan,a=testing,n=beowulf,l=Devuan,c=main,b=amd64
     origin deb.devuan.org
Pinned packages:
     systemd-sysv -> 44-11+deb7u4 with priority -1

Debian:

# apt policy
Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 http://ftp2.de.debian.org/debian buster-updates/main i386 Packages
     release o=Debian,a=stable-updates,n=buster-updates,l=Debian,c=main,b=i386
     origin ftp2.de.debian.org
 500 http://ftp2.de.debian.org/debian buster-updates/main amd64 Packages
     release o=Debian,a=stable-updates,n=buster-updates,l=Debian,c=main,b=amd64
     origin ftp2.de.debian.org
 990 http://security.debian.org/debian-security buster/updates/main i386 Packages
     release v=10,o=Debian,a=stable,n=buster,l=Debian-Security,c=main,b=i386
     origin security.debian.org
 990 http://security.debian.org/debian-security buster/updates/main amd64 Packages
     release v=10,o=Debian,a=stable,n=buster,l=Debian-Security,c=main,b=amd64
     origin security.debian.org
 990 http://ftp2.de.debian.org/debian buster/main i386 Packages
     release v=10.3,o=Debian,a=stable,n=buster,l=Debian,c=main,b=i386
     origin ftp2.de.debian.org
 990 http://ftp2.de.debian.org/debian buster/main amd64 Packages
     release v=10.3,o=Debian,a=stable,n=buster,l=Debian,c=main,b=amd64
     origin ftp2.de.debian.org
Pinned packages:

As it can be seen, Debian sets the 'a=' and 'n=' to the same value for security and the main repo while Devuan sets different values.

So the question is: Is there a good reason to do that or it is a bug?

#4 Installation » Security Updates for Beowulf not installed automatically » 2020-03-03 22:28:43

igs
Replies: 8

I've set default release to 'beowulf' in /etc/apt/apt.conf.d/Default-release

So Beowulf packages get apt priority 990. So far correct.

Also I like to get security updates. So I have the following line in my sources.list file:

deb http://auto.mirror.devuan.org/merged beowulf-security main

Unfortunately security updates become not installed automatically as these packages get priority 500. Sample:

# apt policy php7.3
php7.3:
  Installed: 7.3.14-1~deb10u1
  Candidate: 7.3.14-1~deb10u1
  Version table:
 *** 7.3.14-1~deb10u1 500
        500 http://auto.mirror.devuan.org/merged beowulf-security/main amd64 Packages
        100 /var/lib/dpkg/status
     7.3.11-1~deb10u1 990
        990 http://auto.mirror.devuan.org/merged beowulf/main amd64 Packages

(The package was upgraded manually)

Due to I still have a Buster server running (sorry) I see that in Debian the security updates get priority 990 too when Default-release is set to 'buster'. So security updates become installed automatically.

# apt policy php7.3
php7.3:
  Installed: (none)
  Candidate: 7.3.14-1~deb10u1
  Version table:
     7.3.14-1~deb10u1 990
        990 http://security.debian.org/debian-security buster/updates/main amd64 Packages
        990 http://security.debian.org/debian-security buster/updates/main i386 Packages
     7.3.11-1~deb10u1 990
        990 http://ftp2.de.debian.org/debian buster/main amd64 Packages
        990 http://ftp2.de.debian.org/debian buster/main i386 Packages

Is this intended or a bug or do I something wrong?

Is there an easy workaround by pinning?

Thanks

Board footer

Forum Software