Package: unattended-upgrades Version: 2.9.1 Severity: normal X-Debbugs-Cc: [email protected]
Dear Maintainer, It seems in some circumstances, unattended-upgrades upgrades linux-image-amd64 from backports when it's not supposed to. I don't fully understand what's happening, but it seems that the contents of Origins-Pattern is the cause of some weird behaviour. For several days, unattended-upgrades would send me the following mail output: --8<-- Expected output, with no backports upgrades --8<-- Unattended upgrade result: No packages found that can be upgraded unattended and no pending auto-removals Warning: A reboot is required to complete this upgrade, or a previous one. Packages with upgradable origin but kept back: Debian Backports bullseye-backports: libcurl3-gnutls curl linux-image-amd64 libcurl4 Unattended-upgrades log: Enabled logging to syslog via daemon facility Checking if system is running on battery is skipped. Please install powermgmt-base package to check power status and skip installing updates when the system is running on battery. Starting unattended upgrades script Allowed origins are: origin=Debian,codename=bullseye,label=Debian-Security, origin=Debian,codename=bullseye, origin=Debian,codename=bullseye-updates, origin=Debian Backports,codename=bullseye-backports,label=Debian Backports, origin=kernelcare.com,codename=stable, origin=Zabbix,codename=bullseye,label=zabbix Initial blacklist: Initial whitelist (not strict): No packages found that can be upgraded unattended and no pending auto-removals Package curl is kept back because a related package is kept back or due to local apt_preferences(5). Package libcurl3-gnutls is kept back because a related package is kept back or due to local apt_preferences(5). Package libcurl4 is kept back because a related package is kept back or due to local apt_preferences(5). Package linux-image-amd64 is kept back because a related package is kept back or due to local apt_preferences(5). --8<-- Expected output, with no backports upgrades --8<-- And then one day, I got this: --8<-- Unexpected output, with backports upgrade of linux-image-amd64 --8<-- Unattended upgrade result: All upgrades installed Warning: A reboot is required to complete this upgrade, or a previous one. Packages that were upgraded: linux-image-amd64 Packages with upgradable origin but kept back: Debian Backports bullseye-backports: libcurl4 libcurl3-gnutls curl Package installation log: Log started: 2022-08-12 08:11:21 apt-listchanges: Reading changelogs... apt-listchanges: Reading changelogs... Selecting previously unselected package linux-image-5.18.0-0.bpo.1-amd64. Preparing to unpack .../linux-image-5.18.0-0.bpo.1-amd64_5.18.2-1~bpo11+1_amd64.deb ... Unpacking linux-image-5.18.0-0.bpo.1-amd64 (5.18.2-1~bpo11+1) ... Preparing to unpack .../linux-image-amd64_5.18.2-1~bpo11+1_amd64.deb ... Unpacking linux-image-amd64 (5.18.2-1~bpo11+1) over (5.10.127-2) ... Setting up linux-image-5.18.0-0.bpo.1-amd64 (5.18.2-1~bpo11+1) ... I: /vmlinuz.old is now a symlink to boot/vmlinuz-5.10.0-16-amd64 I: /initrd.img.old is now a symlink to boot/initrd.img-5.10.0-16-amd64 I: /vmlinuz is now a symlink to boot/vmlinuz-5.18.0-0.bpo.1-amd64 I: /initrd.img is now a symlink to boot/initrd.img-5.18.0-0.bpo.1-amd64 /etc/kernel/postinst.d/initramfs-tools: update-initramfs: Generating /boot/initrd.img-5.18.0-0.bpo.1-amd64 /etc/kernel/postinst.d/zz-update-grub: Generating grub configuration file ... Found linux image: /boot/vmlinuz-5.18.0-0.bpo.1-amd64 Found initrd image: /boot/initrd.img-5.18.0-0.bpo.1-amd64 Found linux image: /boot/vmlinuz-5.10.0-16-amd64 Found initrd image: /boot/initrd.img-5.10.0-16-amd64 Found linux image: /boot/vmlinuz-5.10.0-11-amd64 Found initrd image: /boot/initrd.img-5.10.0-11-amd64 done Setting up linux-image-amd64 (5.18.2-1~bpo11+1) ... Pending kernel upgrade! Running kernel version: 5.10.0-11-amd64 Diagnostics: The currently running kernel version is not the expected kernel version 5.18.0-0.bpo.1-amd64. Restarting the system to load the new kernel will not be handled automatically, so you should consider rebooting. [Return] Services to be restarted: Service restarts being deferred: /etc/needrestart/restart.d/dbus.service systemctl restart [email protected] systemctl restart [email protected] systemctl restart systemd-logind.service systemctl restart unattended-upgrades.service No containers need to be restarted. No user sessions are running outdated binaries. Log ended: 2022-08-12 08:12:05 Unattended-upgrades log: Enabled logging to syslog via daemon facility Checking if system is running on battery is skipped. Please install powermgmt-base package to check power status and skip installing updates when the system is running on battery. Starting unattended upgrades script Allowed origins are: origin=Debian,codename=bullseye,label=Debian-Security, origin=Debian,codename=bullseye, origin=Debian,codename=bullseye-updates, origin=Debian Backports,codename=bullseye-backports,label=Debian Backports, origin=kernelcare.com,codename=stable, origin=Zabbix,codename=bullseye,label=zabbix Initial blacklist: Initial whitelist (not strict): Packages that will be upgraded: linux-image-amd64 Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log All upgrades installed Package curl is kept back because a related package is kept back or due to local apt_preferences(5). Package libcurl3-gnutls is kept back because a related package is kept back or due to local apt_preferences(5). Package libcurl4 is kept back because a related package is kept back or due to local apt_preferences(5). --8<-- Unexpected output, with backports upgrade of linux-image-amd64 --8<-- At some point, unattended-upgrades decided that a kernel from backports was a candidate for installation. No other changes were done to this server or its package management config in this period, so I can't figure out what caused it. I have however managed to reproduce a situation where linux-image-amd64 would be, and would not be, installed by unattended-upgrades. See the two scenarios below. Scenario 1 - Will install linux-image-amd64 from backports, but not security updates, because of codename="" in security origin: # cat /etc/apt/apt.conf.d/50unattended-upgrades // // This file is managed by Ansible - do not edit! // Unattended-Upgrade::Origins-Pattern { "origin=Debian,codename=${distro_codename},label=Debian-Security"; "origin=Debian,codename=${distro_codename}"; "origin=Debian,codename=${distro_codename}-updates"; "origin=Debian Backports,codename=${distro_codename}-backports,label=Debian Backports"; "origin=kernelcare.com,codename=stable"; "origin=Zabbix,codename=${distro_codename},label=zabbix"; }; Unattended-Upgrade::Package-Blacklist { }; Unattended-Upgrade::Mail "<redacted>"; Unattended-Upgrade::MailReport "on-change"; Unattended-Upgrade::Automatic-Reboot "false"; Unattended-Upgrade::SyslogEnable "true"; Unattended-Upgrade::SyslogFacility "daemon"; # apt list --upgradeable Listing... Done libgnutls-dane0/stable-security 3.7.1-5+deb11u2 amd64 [upgradable from: 3.7.1-5+deb11u1] libgnutls30/stable-security 3.7.1-5+deb11u2 amd64 [upgradable from: 3.7.1-5+deb11u1] libldb2/stable-security 2:2.2.3-2~deb11u2 amd64 [upgradable from: 2:2.2.3-2~deb11u1] libsmbclient/stable-security 2:4.13.13+dfsg-1~deb11u5 amd64 [upgradable from: 2:4.13.13+dfsg-1~deb11u4] libtirpc-common/stable-security 1.3.1-1+deb11u1 all [upgradable from: 1.3.1-1] libtirpc3/stable-security 1.3.1-1+deb11u1 amd64 [upgradable from: 1.3.1-1] libwbclient0/stable-security 2:4.13.13+dfsg-1~deb11u5 amd64 [upgradable from: 2:4.13.13+dfsg-1~deb11u4] python3-ldb/stable-security 2:2.2.3-2~deb11u2 amd64 [upgradable from: 2:2.2.3-2~deb11u1] samba-libs/stable-security 2:4.13.13+dfsg-1~deb11u5 amd64 [upgradable from: 2:4.13.13+dfsg-1~deb11u4] unzip/stable-security 6.0-26+deb11u1 amd64 [upgradable from: 6.0-26] # unattended-upgrade -d --dry-run --verbose Enabled logging to syslog via daemon facility Checking if system is running on battery is skipped. Please install powermgmt-base package to check power status and skip installing updates when the system is running on battery. Starting unattended upgrades script Allowed origins are: origin=Debian,codename=bullseye,label=Debian-Security, origin=Debian,codename=bullseye, origin=Debian,codename=bullseye-updates, origin=Debian Backports,codename=bullseye-backports,label=Debian Backports, origin=kernelcare.com,codename=stable, origin=Zabbix,codename=bullseye,label=zabbix Initial blacklist: Initial whitelist (not strict): Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_i18n_Translation-en' a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=439 ID:11> with -32768 pin Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_binary-amd64_Packages' a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=673 ID:10> with -32768 pin Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en' a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=790119 ID:9> with -32768 pin Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages' a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=1161429 ID:8> with -32768 pin Applying pinning: PkgFilePin(id=11, priority=-32768) Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_i18n_Translation-en' a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=439 ID:11> Applying pinning: PkgFilePin(id=10, priority=-32768) Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_binary-amd64_Packages' a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=673 ID:10> Applying pinning: PkgFilePin(id=9, priority=-32768) Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en' a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=790119 ID:9> Applying pinning: PkgFilePin(id=8, priority=-32768) Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages' a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=1161429 ID:8> Using (^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$) regexp to find kernel packages Using (^linux-.*-5\.10\.0\-11\-amd64$|^linux-.*-5\.10\.0\-11$|^kfreebsd-.*-5\.10\.0\-11\-amd64$|^kfreebsd-.*-5\.10\.0\-11$|^gnumach-.*-5\.10\.0\-11\-amd64$|^gnumach-.*-5\.10\.0\-11$|^.*-modules-5\.10\.0\-11\-amd64$|^.*-modules-5\.10\.0\-11$|^.*-kernel-5\.10\.0\-11\-amd64$|^.*-kernel-5\.10\.0\-11$|^linux-.*-5\.10\.0\-11\-amd64$|^linux-.*-5\.10\.0\-11$|^kfreebsd-.*-5\.10\.0\-11\-amd64$|^kfreebsd-.*-5\.10\.0\-11$|^gnumach-.*-5\.10\.0\-11\-amd64$|^gnumach-.*-5\.10\.0\-11$|^.*-modules-5\.10\.0\-11\-amd64$|^.*-modules-5\.10\.0\-11$|^.*-kernel-5\.10\.0\-11\-amd64$|^.*-kernel-5\.10\.0\-11$) regexp to find running kernel packages Checking: libgnutls-dane0 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) adjusting candidate version: libgnutls-dane0=3.7.1-5+deb11u1 Checking: libgnutls30 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) adjusting candidate version: libgnutls30=3.7.1-5+deb11u1 Checking: libldb2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) sanity check failed for: {'libldb2=2:2.2.3-2~deb11u2', 'python3-ldb=2:2.2.3-2~deb11u2'} : pkg libldb2 is not in an allowed origin falling back to adjusting libldb2's dependencies MarkUpgrade() called on a non-upgradeable pkg: 'libldb2' sanity check failed for: set() : no package is selected to be upgraded or installed Checking: linux-image-amd64 ([<Origin component:'main' archive:'bullseye-backports' origin:'Debian Backports' label:'Debian Backports' site:'deb.debian.org' isTrusted:True>]) pkgs that look like they should be upgraded: linux-image-amd64 Fetched 0 B in 0s (0 B/s) fetch.run() result: 0 <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 69485956 DestFile:'/var/cache/apt/archives/linux-image-5.18.0-0.bpo.1-amd64_5.18.2-1~bpo11+1_amd64.deb' DescURI: 'http://deb.debian.org/debian/pool/main/l/linux-signed-amd64/linux-image-5.18.0-0.bpo.1-amd64_5.18.2-1%7ebpo11%2b1_amd64.deb' ID:0 ErrorText: ''> check_conffile_prompt(/var/cache/apt/archives/linux-image-5.18.0-0.bpo.1-amd64_5.18.2-1~bpo11+1_amd64.deb) No conffiles in deb /var/cache/apt/archives/linux-image-5.18.0-0.bpo.1-amd64_5.18.2-1~bpo11+1_amd64.deb (There is no member named 'conffiles') <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 1500 DestFile:'/var/cache/apt/archives/linux-image-amd64_5.18.2-1~bpo11+1_amd64.deb' DescURI: 'http://deb.debian.org/debian/pool/main/l/linux-signed-amd64/linux-image-amd64_5.18.2-1%7ebpo11%2b1_amd64.deb' ID:0 ErrorText: ''> check_conffile_prompt(/var/cache/apt/archives/linux-image-amd64_5.18.2-1~bpo11+1_amd64.deb) found pkg: linux-image-amd64 No conffiles in deb /var/cache/apt/archives/linux-image-amd64_5.18.2-1~bpo11+1_amd64.deb (There is no member named 'conffiles') Packages blacklist due to conffile prompts: [] Option --dry-run given, *not* performing real actions Packages that will be upgraded: linux-image-amd64 Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log applying set ['linux-image-amd64', 'linux-image-5.18.0-0.bpo.1-amd64'] apt-listchanges: Reading changelogs... apt-listchanges: Reading changelogs... /usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure --force-remove-protected /var/cache/apt/archives/linux-image-5.18.0-0.bpo.1-amd64_5.18.2-1~bpo11+1_amd64.deb /var/cache/apt/archives/linux-image-amd64_5.18.2-1~bpo11+1_amd64.deb /usr/bin/dpkg --status-fd 10 --configure --pending Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_i18n_Translation-en' a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=439 ID:11> with -32768 pin Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_binary-amd64_Packages' a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=673 ID:10> with -32768 pin Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en' a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=790119 ID:9> with -32768 pin Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages' a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=1161429 ID:8> with -32768 pin Applying pinning: PkgFilePin(id=11, priority=-32768) Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_i18n_Translation-en' a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=439 ID:11> Applying pinning: PkgFilePin(id=10, priority=-32768) Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_non-free_binary-amd64_Packages' a=stable-security,c=non-free,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=673 ID:10> Applying pinning: PkgFilePin(id=9, priority=-32768) Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en' a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=790119 ID:9> Applying pinning: PkgFilePin(id=8, priority=-32768) Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages' a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=1161429 ID:8> left to upgrade set() All upgrades installed InstCount=0 DelCount=0 BrokenCount=0 The list of kept packages can't be calculated in dry-run mode. Scenario 2 - I've removed codename="" in the security origin, so now it wants to install security updates, but not the backports linux-image-amd64: # cat /etc/apt/apt.conf.d/50unattended-upgrades // // This file is managed by Ansible - do not edit! // Unattended-Upgrade::Origins-Pattern { "origin=Debian,label=Debian-Security"; "origin=Debian,codename=${distro_codename}"; "origin=Debian,codename=${distro_codename}-updates"; "origin=Debian Backports,codename=${distro_codename}-backports,label=Debian Backports"; "origin=kernelcare.com,codename=stable"; "origin=Zabbix,codename=${distro_codename},label=zabbix"; }; Unattended-Upgrade::Package-Blacklist { }; Unattended-Upgrade::Mail "<redacted>"; Unattended-Upgrade::MailReport "on-change"; Unattended-Upgrade::Automatic-Reboot "false"; Unattended-Upgrade::SyslogEnable "true"; Unattended-Upgrade::SyslogFacility "daemon"; # apt list --upgradeable Listing... Done libgnutls-dane0/stable-security 3.7.1-5+deb11u2 amd64 [upgradable from: 3.7.1-5+deb11u1] libgnutls30/stable-security 3.7.1-5+deb11u2 amd64 [upgradable from: 3.7.1-5+deb11u1] libldb2/stable-security 2:2.2.3-2~deb11u2 amd64 [upgradable from: 2:2.2.3-2~deb11u1] libsmbclient/stable-security 2:4.13.13+dfsg-1~deb11u5 amd64 [upgradable from: 2:4.13.13+dfsg-1~deb11u4] libtirpc-common/stable-security 1.3.1-1+deb11u1 all [upgradable from: 1.3.1-1] libtirpc3/stable-security 1.3.1-1+deb11u1 amd64 [upgradable from: 1.3.1-1] libwbclient0/stable-security 2:4.13.13+dfsg-1~deb11u5 amd64 [upgradable from: 2:4.13.13+dfsg-1~deb11u4] python3-ldb/stable-security 2:2.2.3-2~deb11u2 amd64 [upgradable from: 2:2.2.3-2~deb11u1] samba-libs/stable-security 2:4.13.13+dfsg-1~deb11u5 amd64 [upgradable from: 2:4.13.13+dfsg-1~deb11u4] unzip/stable-security 6.0-26+deb11u1 amd64 [upgradable from: 6.0-26] # unattended-upgrade -d --dry-run --verbose Enabled logging to syslog via daemon facility Checking if system is running on battery is skipped. Please install powermgmt-base package to check power status and skip installing updates when the system is running on battery. Starting unattended upgrades script Allowed origins are: origin=Debian,label=Debian-Security, origin=Debian,codename=bullseye, origin=Debian,codename=bullseye-updates, origin=Debian Backports,codename=bullseye-backports,label=Debian Backports, origin=kernelcare.com,codename=stable, origin=Zabbix,codename=bullseye,label=zabbix Initial blacklist: Initial whitelist (not strict): Using (^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$) regexp to find kernel packages Using (^linux-.*-5\.10\.0\-11\-amd64$|^linux-.*-5\.10\.0\-11$|^kfreebsd-.*-5\.10\.0\-11\-amd64$|^kfreebsd-.*-5\.10\.0\-11$|^gnumach-.*-5\.10\.0\-11\-amd64$|^gnumach-.*-5\.10\.0\-11$|^.*-modules-5\.10\.0\-11\-amd64$|^.*-modules-5\.10\.0\-11$|^.*-kernel-5\.10\.0\-11\-amd64$|^.*-kernel-5\.10\.0\-11$|^linux-.*-5\.10\.0\-11\-amd64$|^linux-.*-5\.10\.0\-11$|^kfreebsd-.*-5\.10\.0\-11\-amd64$|^kfreebsd-.*-5\.10\.0\-11$|^gnumach-.*-5\.10\.0\-11\-amd64$|^gnumach-.*-5\.10\.0\-11$|^.*-modules-5\.10\.0\-11\-amd64$|^.*-modules-5\.10\.0\-11$|^.*-kernel-5\.10\.0\-11\-amd64$|^.*-kernel-5\.10\.0\-11$) regexp to find running kernel packages Checking: libgnutls-dane0 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) Checking: libgnutls30 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) Checking: libldb2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) Checking: libsmbclient ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) Checking: libtirpc-common ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) Checking: libtirpc3 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) Checking: libwbclient0 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) Checking: python3-ldb ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) Checking: samba-libs ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) Checking: unzip ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) pkgs that look like they should be upgraded: libgnutls-dane0 libgnutls30 libldb2 libsmbclient libtirpc-common libtirpc3 libwbclient0 python3-ldb samba-libs unzip Fetched 0 B in 0s (0 B/s) fetch.run() result: 0 <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 394684 DestFile:'/var/cache/apt/archives/libgnutls-dane0_3.7.1-5+deb11u2_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/g/gnutls28/libgnutls-dane0_3.7.1-5%2bdeb11u2_amd64.deb' ID:0 ErrorText: ''> check_conffile_prompt(/var/cache/apt/archives/libgnutls-dane0_3.7.1-5+deb11u2_amd64.deb) found pkg: libgnutls-dane0 No conffiles in deb /var/cache/apt/archives/libgnutls-dane0_3.7.1-5+deb11u2_amd64.deb (There is no member named 'conffiles') <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 1340576 DestFile:'/var/cache/apt/archives/libgnutls30_3.7.1-5+deb11u2_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/g/gnutls28/libgnutls30_3.7.1-5%2bdeb11u2_amd64.deb' ID:0 ErrorText: ''> check_conffile_prompt(/var/cache/apt/archives/libgnutls30_3.7.1-5+deb11u2_amd64.deb) found pkg: libgnutls30 No conffiles in deb /var/cache/apt/archives/libgnutls30_3.7.1-5+deb11u2_amd64.deb (There is no member named 'conffiles') <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 169832 DestFile:'/var/cache/apt/archives/libsmbclient_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/s/samba/libsmbclient_4.13.13%2bdfsg-1%7edeb11u5_amd64.deb' ID:0 ErrorText: ''> check_conffile_prompt(/var/cache/apt/archives/libsmbclient_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb) found pkg: libsmbclient No conffiles in deb /var/cache/apt/archives/libsmbclient_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb (There is no member named 'conffiles') <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 46400 DestFile:'/var/cache/apt/archives/python3-ldb_2%3a2.2.3-2~deb11u2_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/l/ldb/python3-ldb_2.2.3-2%7edeb11u2_amd64.deb' ID:0 ErrorText: ''> check_conffile_prompt(/var/cache/apt/archives/python3-ldb_2%3a2.2.3-2~deb11u2_amd64.deb) found pkg: python3-ldb No conffiles in deb /var/cache/apt/archives/python3-ldb_2%3a2.2.3-2~deb11u2_amd64.deb (There is no member named 'conffiles') <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 147888 DestFile:'/var/cache/apt/archives/libldb2_2%3a2.2.3-2~deb11u2_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/l/ldb/libldb2_2.2.3-2%7edeb11u2_amd64.deb' ID:0 ErrorText: ''> check_conffile_prompt(/var/cache/apt/archives/libldb2_2%3a2.2.3-2~deb11u2_amd64.deb) found pkg: libldb2 No conffiles in deb /var/cache/apt/archives/libldb2_2%3a2.2.3-2~deb11u2_amd64.deb (There is no member named 'conffiles') <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 5774020 DestFile:'/var/cache/apt/archives/samba-libs_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/s/samba/samba-libs_4.13.13%2bdfsg-1%7edeb11u5_amd64.deb' ID:0 ErrorText: ''> check_conffile_prompt(/var/cache/apt/archives/samba-libs_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb) found pkg: samba-libs No conffiles in deb /var/cache/apt/archives/samba-libs_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb (There is no member named 'conffiles') <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 313124 DestFile:'/var/cache/apt/archives/libwbclient0_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/s/samba/libwbclient0_4.13.13%2bdfsg-1%7edeb11u5_amd64.deb' ID:0 ErrorText: ''> check_conffile_prompt(/var/cache/apt/archives/libwbclient0_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb) found pkg: libwbclient0 No conffiles in deb /var/cache/apt/archives/libwbclient0_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb (There is no member named 'conffiles') <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 13464 DestFile:'/var/cache/apt/archives/libtirpc-common_1.3.1-1+deb11u1_all.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/libt/libtirpc/libtirpc-common_1.3.1-1%2bdeb11u1_all.deb' ID:0 ErrorText: ''> check_conffile_prompt(/var/cache/apt/archives/libtirpc-common_1.3.1-1+deb11u1_all.deb) found pkg: libtirpc-common conffile line: /etc/netconfig ca8db53e3af4d735335c2607d21c7195 current md5: ca8db53e3af4d735335c2607d21c7195 <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 84072 DestFile:'/var/cache/apt/archives/libtirpc3_1.3.1-1+deb11u1_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/libt/libtirpc/libtirpc3_1.3.1-1%2bdeb11u1_amd64.deb' ID:0 ErrorText: ''> check_conffile_prompt(/var/cache/apt/archives/libtirpc3_1.3.1-1+deb11u1_amd64.deb) found pkg: libtirpc3 No conffiles in deb /var/cache/apt/archives/libtirpc3_1.3.1-1+deb11u1_amd64.deb (There is no member named 'conffiles') <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 171660 DestFile:'/var/cache/apt/archives/unzip_6.0-26+deb11u1_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/u/unzip/unzip_6.0-26%2bdeb11u1_amd64.deb' ID:0 ErrorText: ''> check_conffile_prompt(/var/cache/apt/archives/unzip_6.0-26+deb11u1_amd64.deb) found pkg: unzip No conffiles in deb /var/cache/apt/archives/unzip_6.0-26+deb11u1_amd64.deb (There is no member named 'conffiles') Packages blacklist due to conffile prompts: [] Option --dry-run given, *not* performing real actions Packages that will be upgraded: libgnutls-dane0 libgnutls30 libldb2 libsmbclient libtirpc-common libtirpc3 libwbclient0 python3-ldb samba-libs unzip Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log applying set ['libtirpc-common'] apt-listchanges: Reading changelogs... apt-listchanges: Reading changelogs... /usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure --force-remove-protected /var/cache/apt/archives/libtirpc-common_1.3.1-1+deb11u1_all.deb /usr/bin/dpkg --status-fd 10 --no-triggers --configure libtirpc-common:all /usr/bin/dpkg --status-fd 10 --configure --pending left to upgrade {'python3-ldb', 'libsmbclient', 'libgnutls30', 'libwbclient0', 'samba-libs', 'unzip', 'libldb2', 'libgnutls-dane0', 'libtirpc3'} applying set ['libldb2', 'python3-ldb'] apt-listchanges: Reading changelogs... apt-listchanges: Reading changelogs... /usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure --force-remove-protected /var/cache/apt/archives/python3-ldb_2%3a2.2.3-2~deb11u2_amd64.deb /var/cache/apt/archives/libldb2_2%3a2.2.3-2~deb11u2_amd64.deb /usr/bin/dpkg --status-fd 10 --configure --pending left to upgrade {'samba-libs', 'libgnutls30', 'libwbclient0', 'unzip', 'libsmbclient', 'libgnutls-dane0', 'libtirpc3'} applying set ['libldb2', 'libwbclient0', 'libsmbclient', 'python3-ldb', 'samba-libs'] apt-listchanges: Reading changelogs... apt-listchanges: Reading changelogs... /usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure --force-remove-protected /var/cache/apt/archives/libsmbclient_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb /var/cache/apt/archives/python3-ldb_2%3a2.2.3-2~deb11u2_amd64.deb /var/cache/apt/archives/libldb2_2%3a2.2.3-2~deb11u2_amd64.deb /var/cache/apt/archives/samba-libs_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb /var/cache/apt/archives/libwbclient0_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb /usr/bin/dpkg --status-fd 10 --configure --pending left to upgrade {'libgnutls-dane0', 'unzip', 'libtirpc3', 'libgnutls30'} applying set ['libgnutls30', 'libgnutls-dane0'] apt-listchanges: Reading changelogs... apt-listchanges: Reading changelogs... /usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure --force-remove-protected /var/cache/apt/archives/libgnutls-dane0_3.7.1-5+deb11u2_amd64.deb /var/cache/apt/archives/libgnutls30_3.7.1-5+deb11u2_amd64.deb /usr/bin/dpkg --status-fd 10 --no-triggers --configure libgnutls30:amd64 /usr/bin/dpkg --status-fd 10 --configure --pending left to upgrade {'unzip', 'libtirpc3'} applying set ['unzip'] apt-listchanges: Reading changelogs... apt-listchanges: Reading changelogs... /usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure --force-remove-protected /var/cache/apt/archives/unzip_6.0-26+deb11u1_amd64.deb /usr/bin/dpkg --status-fd 10 --configure --pending left to upgrade {'libtirpc3'} applying set ['libtirpc-common', 'libtirpc3'] apt-listchanges: Reading changelogs... apt-listchanges: Reading changelogs... /usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure --force-remove-protected /var/cache/apt/archives/libtirpc-common_1.3.1-1+deb11u1_all.deb /usr/bin/dpkg --status-fd 10 --no-triggers --configure libtirpc-common:all /usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure --force-remove-protected /var/cache/apt/archives/libtirpc3_1.3.1-1+deb11u1_amd64.deb /usr/bin/dpkg --status-fd 10 --no-triggers --configure libtirpc3:amd64 /usr/bin/dpkg --status-fd 10 --configure --pending left to upgrade set() All upgrades installed InstCount=0 DelCount=0 BrokenCount=0 The list of kept packages can't be calculated in dry-run mode. I can also add the general apt policy, and the policy for linux-image-amd64: # apt policy Package files: 100 /var/lib/dpkg/status release a=now 500 http://repo.zabbix.com/zabbix/6.0/debian bullseye/main amd64 Packages release o=Zabbix,n=bullseye,l=zabbix,c=main,b=amd64 origin repo.zabbix.com 500 https://repo.cloudlinux.com/kernelcare-debian/11 stable/main amd64 Packages release o=kernelcare.com,n=stable,l=kernelcare,c=main,b=amd64 origin repo.cloudlinux.com 100 http://deb.debian.org/debian bullseye-backports/main amd64 Packages release o=Debian Backports,a=bullseye-backports,n=bullseye-backports,l=Debian Backports,c=main,b=amd64 origin deb.debian.org 500 http://security.debian.org/debian-security bullseye-security/non-free amd64 Packages release v=11,o=Debian,a=stable-security,n=bullseye-security,l=Debian-Security,c=non-free,b=amd64 origin security.debian.org 500 http://security.debian.org/debian-security bullseye-security/main amd64 Packages release v=11,o=Debian,a=stable-security,n=bullseye-security,l=Debian-Security,c=main,b=amd64 origin security.debian.org 500 http://deb.debian.org/debian bullseye-updates/main amd64 Packages release v=11-updates,o=Debian,a=stable-updates,n=bullseye-updates,l=Debian,c=main,b=amd64 origin deb.debian.org 500 http://deb.debian.org/debian bullseye/non-free amd64 Packages release v=11.4,o=Debian,a=stable,n=bullseye,l=Debian,c=non-free,b=amd64 origin deb.debian.org 500 http://deb.debian.org/debian bullseye/contrib amd64 Packages release v=11.4,o=Debian,a=stable,n=bullseye,l=Debian,c=contrib,b=amd64 origin deb.debian.org 500 http://deb.debian.org/debian bullseye/main amd64 Packages release v=11.4,o=Debian,a=stable,n=bullseye,l=Debian,c=main,b=amd64 origin deb.debian.org Pinned packages: zabbix-sender -> 1:6.0.7-1+debian11 with priority 1001 zabbix-proxy-sqlite3 -> 1:6.0.7-1+debian11 with priority 1001 zabbix-sql-scripts -> 1:6.0.7-1+debian11 with priority 1001 zabbix-java-gateway -> 1:6.0.7-1+debian11 with priority 1001 zabbix-server-pgsql -> 1:6.0.7-1+debian11 with priority 1001 zabbix-release -> 1:6.0-3+debian11 with priority 1001 zabbix-proxy-pgsql -> 1:6.0.7-1+debian11 with priority 1001 zabbix-apache-conf -> 1:6.0.7-1+debian11 with priority 1001 zabbix-server-mysql -> 1:6.0.7-1+debian11 with priority 1001 zabbix-js -> 1:6.0.7-1+debian11 with priority 1001 zabbix-agent -> 1:6.0.7-1+debian11 with priority 1001 zabbix-proxy-mysql -> 1:6.0.7-1+debian11 with priority 1001 zabbix-proxy-sqlite3-dbgsym -> 1:6.0.7-1+debian11 with priority 1001 zabbix-agent-dbgsym -> 1:6.0.7-1+debian11 with priority 1001 zabbix-sender-dbgsym -> 1:6.0.7-1+debian11 with priority 1001 zabbix-server-mysql-dbgsym -> 1:6.0.7-1+debian11 with priority 1001 zabbix-server-pgsql-dbgsym -> 1:6.0.7-1+debian11 with priority 1001 zabbix-get -> 1:6.0.7-1+debian11 with priority 1001 zabbix-agent2-dbgsym -> 1:6.0.7-1+debian11 with priority 1001 zabbix-agent2 -> 1:6.0.7-1+debian11 with priority 1001 zabbix-proxy-mysql-dbgsym -> 1:6.0.7-1+debian11 with priority 1001 zabbix-proxy-pgsql-dbgsym -> 1:6.0.7-1+debian11 with priority 1001 zabbix-web-service -> 1:6.0.7-1+debian11 with priority 1001 zabbix-nginx-conf -> 1:6.0.7-1+debian11 with priority 1001 zabbix-get-dbgsym -> 1:6.0.7-1+debian11 with priority 1001 zabbix-js-dbgsym -> 1:6.0.7-1+debian11 with priority 1001 zabbix-frontend-php -> 1:6.0.7-1+debian11 with priority 1001 # apt policy linux-image-amd64 linux-image-amd64: Installed: 5.10.136-1 Candidate: 5.10.136-1 Version table: 5.18.2-1~bpo11+1 100 100 http://deb.debian.org/debian bullseye-backports/main amd64 Packages *** 5.10.136-1 500 500 http://security.debian.org/debian-security bullseye-security/main amd64 Packages 100 /var/lib/dpkg/status 5.10.127-1 500 500 http://deb.debian.org/debian bullseye/main amd64 Packages I'm happy to supply more information if needed, or any correction if this is in fact not a bug, and some silly mistake I've made somewhere. -- System Information: Debian Release: 11.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-11-amd64 (SMP w/1 CPU thread) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages unattended-upgrades depends on: ii debconf [debconf-2.0] 1.5.77 ii lsb-base 11.1.0 ii lsb-release 11.1.0 ii python3 3.9.2-3 ii python3-apt 2.2.1 ii python3-dbus 1.2.16-5 ii python3-distro-info 1.0 ii ucf 3.0043 ii xz-utils 5.2.5-2.1~deb11u1 Versions of packages unattended-upgrades recommends: ii cron [cron-daemon] 3.0pl1-137 ii systemd-sysv 247.3-7 Versions of packages unattended-upgrades suggests: ii bsd-mailx 8.1.2-0.20180807cvs-2 ii exim4-daemon-light [mail-transport-agent] 4.94.2-7 ii needrestart 3.5-4+deb11u2 pn powermgmt-base <none> ii python3-gi 3.38.0-2 -- debconf information: * unattended-upgrades/enable_auto_updates: true
