Debian unattended-upgrades does not upgrade all packages
I have installed the Debian unattended-upgrades package. It upgrades most, but not all packages. If I execute apt-get upgrade
after it has run, a few more packages will be installed.
Here's my /etc/apt/sources.list
:
deb http://ftp.de.debian.org/debian/ squeeze main non-free
deb-src http://ftp.de.debian.org/debian/ squeeze main non-free
deb http://security.debian.org/ squeeze/updates main non-free
deb-src http://security.debian.org/ squeeze/updates main non-free
# squeeze-updates, previously known as 'volatile'
deb http://ftp.de.debian.org/debian/ squeeze-updates main non-free
deb-src http://ftp.de.debian.org/debian/ squeeze-updates main non-free
# squeeze backports
deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free
# LTS
deb http://http.debian.net/debian/ squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian/ squeeze-lts main contrib non-free
And here's my /etc/apt/apt.conf.d/50unattended-upgrades
file. My guess is that the problem might be in the first few lines which are supposed to match my sources.list entries:
// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
"${distro_id} stable";
"${distro_id} ${distro_codename}-security";
"${distro_id} ${distro_codename}/updates";
"${distro_id} ${distro_codename}-updates";
"${distro_id} ${distro_codename}-backports";
"${distro_id} ${distro_codename}-lts";
};
// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};
Here's an excerpt of the log file:
2014-11-19 22:37:15,159 INFO Initial blacklisted packages:
2014-11-19 22:37:15,160 INFO Starting unattended upgrades script
2014-11-19 22:37:15,160 INFO Allowed origins are: ["('Debian', 'stable')", "('Debian', 'squeeze-security')", "('Debian', 'squeeze/updates')", "('Debian', 'squeeze-updates')", "('Debian', 'squeeze-backports')", "('Debian', 'squeeze-lts')"]
2014-11-19 22:37:54,146 INFO Packages that are upgraded: apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common apt apt-utils bash bind9-host dnsutils file gnupg gpgv host libbind9-60 libc-bin libc6 libdns69 libgnutls26 libgssapi-krb5-2 libisc62 libisccc60 libisccfg62 libk5crypto3 libkrb5-3 libkrb5support0 liblwres60 libmagic1 libmysqlclient16 libpq5 libssl0.9.8 libtasn1-3 libxml2 linux-base linux-image-2.6.32-5-amd64 locales mysql-client mysql-client-5.1 mysql-common openssl postgresql postgresql-8.4 postgresql-client postgresql-client-8.4 procmail python2.6 python2.6-minimal rsyslog tzdata wget
2014-11-19 22:37:54,147 INFO Writing dpkg log to '/var/log/unattended-upgrades/unattended-upgrades-dpkg_2014-11-19_22:37:54.147207.log'
2014-11-19 22:39:33,921 INFO All upgrades installed
Finally, here are the packages that are not installed. This line is executed right after the unattended-upgrades package ran.
# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
python-reportbug
The following packages will be upgraded:
base-files dpkg exim4 exim4-base exim4-config exim4-daemon-light libdbi-perl libxfont1 openssh-client openssh-server ssh
11 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Need to get 0 B/6,839 kB of archives.
After this operation, 45.1 kB disk space will be freed.
Do you want to continue [Y/n]?
Please advise how to fix the config files so that also these packages get updated.
After reading the source code I figured it out. Debian Squeeze is now named "oldstable". Here is the relevant section for Debian Squeeze:
// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
"${distro_id} oldstable";
"${distro_id} ${distro_codename}-security";
"${distro_id} ${distro_codename}-lts";
"${distro_id} ${distro_codename}-updates";
"${distro_id} ${distro_codename}-backports";
};
While I'm at it, here is the configuration file for Debian Wheezy:
// Automatically upgrade packages from these origin patterns
Unattended-Upgrade::Origins-Pattern {
// Archive or Suite based matching:
// Note that this will silently match a different release after
// migration to the specified archive (e.g. testing becomes the
// new stable).
"o=Debian,a=stable";
"o=Debian,a=stable-updates";
"o=Debian,a=stable-backports";
// "origin=Debian,archive=stable,label=Debian-Security";
// "origin=Debian,archive=oldstable,label=Debian-Security";
};