unattended-upgrades werden nicht installiert (bullseye)

[Exxter]

Hallo,

ich habe auf vielen VM's unattended-upgrades eingerichtet nach: https://wiki.debian.org/UnattendedUpgrades

Auf einer VM werden aber keine Updates installiert:

Code: Alles auswählen

root@forms:~$ unattended-upgrade -d
Skript für automatische Systemaktualisierung wird gestartet
Erlaubte Ursprünge sind: origin=Debian,codename=bullseye-updates, origin=Debian,codename=bullseye-proposed-updates, origin=Debian,codename=bullseye,label=Debian, origin=Debian,codename=bullseye,label=Debian-Security
Anfangsnegativliste:
Initial whitelist (not strict):
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_stable-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=201795 ID:11> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_stable-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=287601 ID:10> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=201795 ID:1> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=287601 ID:0> with -32768 pin
Applying pinning: PkgFilePin(id=11, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_stable-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=201795 ID:11>
Applying pinning: PkgFilePin(id=10, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_stable-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=287601 ID:10>
Applying pinning: PkgFilePin(id=1, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=201795 ID:1>
Applying pinning: PkgFilePin(id=0, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=287601 ID:0>
Using (^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$) regexp to find kernel packages
Using (^linux-.*-5\.10\.0\-9\-amd64$|^linux-.*-5\.10\.0\-9$|^kfreebsd-.*-5\.10\.0\-9\-amd64$|^kfreebsd-.*-5\.10\.0\-9$|^gnumach-.*-5\.10\.0\-9\-amd64$|^gnumach-.*-5\.10\.0\-9$|^.*-modules-5\.10\.0\-9\-amd64$|^.*-modules-5\.10\.0\-9$|^.*-kernel-5\.10\.0\-9\-amd64$|^.*-kernel-5\.10\.0\-9$|^linux-.*-5\.10\.0\-9\-amd64$|^linux-.*-5\.10\.0\-9$|^kfreebsd-.*-5\.10\.0\-9\-amd64$|^kfreebsd-.*-5\.10\.0\-9$|^gnumach-.*-5\.10\.0\-9\-amd64$|^gnumach-.*-5\.10\.0\-9$|^.*-modules-5\.10\.0\-9\-amd64$|^.*-modules-5\.10\.0\-9$|^.*-kernel-5\.10\.0\-9\-amd64$|^.*-kernel-5\.10\.0\-9$) regexp to find running kernel packages
Checking: apache2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2=2.4.48-3.1+deb11u1
Checking: apache2-bin ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2-bin=2.4.48-3.1+deb11u1
Checking: apache2-data ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2-data=2.4.48-3.1+deb11u1
Checking: apache2-utils ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2-utils=2.4.48-3.1+deb11u1
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
Packages blacklist due to conffile prompts: []
Es wurden keine Pakete gefunden, von denen eine automatische Systemaktualisierung durchgeführt werden kann und kein ausstehendes automatisches Entfernen.
Package apache2 has a higher version available, checking if it is from an allowed origin and is not pinned down.
Package apache2-bin has a higher version available, checking if it is from an allowed origin and is not pinned down.
Package apache2-data has a higher version available, checking if it is from an allowed origin and is not pinned down.
Package apache2-utils has a higher version available, checking if it is from an allowed origin and is not pinned down.
Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2021-10-15 07:18:54
root@forms:~$

/etc/apt/apt.conf.d/20auto-upgrades

Code: Alles auswählen

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

Code: Alles auswählen

root@forms:~$ grep "^[^//]" /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Origins-Pattern {
        // Codename based matching:
        // This will follow the migration of a release through different
        // archives (e.g. from testing to stable and later oldstable).
        // Software will be the latest available for the named release,
        // but the Debian release itself will not be automatically upgraded.
        "origin=Debian,codename=${distro_codename}-updates";
        //"origin=Debian,codename=${distro_codename}-proposed-updates";
        "origin=Debian,codename=${distro_codename},label=Debian";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
        // Archive or Suite based matching:
        // Note that this will silently match a different release after
        // migration to the specified archive (e.g. testing becomes the
        // new stable).
};
Unattended-Upgrade::Package-Blacklist {
    // The following matches all packages starting with linux-
    // Use $ to explicitely define the end of a package name. Without
    // the $, "libc6" would match all of them.
    // Special characters need escaping
    // The following matches packages like xen-system-amd64, xen-utils-4.1,
    // xenstore-utils and libxenstore3.0
    // For more information about Python regular expressions, see
    // https://docs.python.org/3/howto/regex.html
};
Unattended-Upgrade::Mail "root";
Unattended-Upgrade::MailOnlyOnError "false";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "03:00";
root@forms:~$ 

und die gute alte ...

Code: Alles auswählen

root@forms:~$ grep "^[^#;]" /etc/apt/sources.list
deb http://security.debian.org/debian-security bullseye-security main
deb http://deb.debian.org/debian stable main contrib non-free
deb http://deb.debian.org/debian-security stable-security main contrib non-free
root@forms:~$

Code: Alles auswählen

root@forms:~$ systemctl status unattended-upgrades
● unattended-upgrades.service - Unattended Upgrades Shutdown
     Loaded: loaded (/lib/systemd/system/unattended-upgrades.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2021-10-14 06:07:47 CEST; 1 day 1h ago
       Docs: man:unattended-upgrade(8)
   Main PID: 2468242 (unattended-upgr)
      Tasks: 2 (limit: 2337)
     Memory: 8.6M
        CPU: 67ms
     CGroup: /system.slice/unattended-upgrades.service
             └─2468242 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal

Okt 14 06:07:47 forms.example.org systemd[1]: Started Unattended Upgrades Shutdown.
root@forms:~$

Jemand eine Idee, was hier faul ist?

[JTH]

Da ist alles korrekt, unattended-upgrade verhält sich so, wie du es konfiguriert hast.

In /etc/apt/apt.conf.d/50unattended-upgrades sind die Updates für Quellen passend zum Codename des Debian-Releases erlaubt (buster, bullseye, …):

Code: Alles auswählen

Erlaubte Ursprünge sind: origin=Debian,codename=bullseye-updates, origin=Debian,codename=bullseye-proposed-updates, origin=Debian,codename=bullseye,label=Debian, origin=Debian,codename=bullseye,label=Debian-Security

In der sources.list hast du die Quellen aber über die Suite (stable, testing, unstable) gesetzt:

Code: Alles auswählen

deb http://deb.debian.org/debian stable main contrib non-free

Das ist für unattended-upgrade nicht das gleiche, damit werden die neueren Versionen nicht installiert. Eine der beiden Stellen musst du anpassen. (Ist es nicht nach einer frischen Installation so, dass an beiden Stellen der Codename verwendet würde?!)

Ich nehme an die /etc/apt/apt.conf.d/50unattended-upgrades ist standardmäßig da auf den Releasenamen festgelegt, damit unattended-upgrade kein automatisches Dist-Upgrade zum nächsten Release machen kann. Dafür muss man dann manuell in der sources.list den Codename ersetzen.

[Exxter]

OK, habe jetzt die sources.list geändert:

Code: Alles auswählen

deb http://security.debian.org/debian-security bullseye-security main
deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian-security bullseye-security main contrib non-free

Sehe ich jetzt mit unattended-upgrade -d ob es klappen würde? Ansonsten müsste ich bis morgen warten um zu schauen obs klappt.

[JTH]

Sehe ich jetzt mit unattended-upgrade -d ob es klappen würde?

Ja, dafür ist es doch da. Du führst das Upgrade damit allerdings auch direkt aus. Wenn du nur simulieren willst, --dry-run anhängen.

[Exxter]

Ich hab es jetzt mal übers WE stehen lassen, aber die Pakete apache2 apache2-bin apache2-data apache2-utils wurden immer noch nicht installiert. Ich hatte die sources.list auf den Debian-Release-Name umgestellt:

Code: Alles auswählen

deb http://security.debian.org/debian-security bullseye-security main
deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian-security bullseye-security main contrib non-free

Auch unattended-upgrade -d sieht nicht viel anders aus:

Code: Alles auswählen

root@forms:~$ unattended-upgrade -d
Skript für automatische Systemaktualisierung wird gestartet
Erlaubte Ursprünge sind: origin=Debian,codename=bullseye-updates, origin=Debian,codename=bullseye,label=Debian, origin=Debian,codename=bullseye,label=Debian-Security
Anfangsnegativliste:
Initial whitelist (not strict):
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=335679 ID:11> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=474282 ID:10> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=335679 ID:1> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=474282 ID:0> with -32768 pin
Applying pinning: PkgFilePin(id=11, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=335679 ID:11>
Applying pinning: PkgFilePin(id=10, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=474282 ID:10>
Applying pinning: PkgFilePin(id=1, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=335679 ID:1>
Applying pinning: PkgFilePin(id=0, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=474282 ID:0>
Using (^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$) regexp to find kernel packages
Using (^linux-.*-5\.10\.0\-9\-amd64$|^linux-.*-5\.10\.0\-9$|^kfreebsd-.*-5\.10\.0\-9\-amd64$|^kfreebsd-.*-5\.10\.0\-9$|^gnumach-.*-5\.10\.0\-9\-amd64$|^gnumach-.*-5\.10\.0\-9$|^.*-modules-5\.10\.0\-9\-amd64$|^.*-modules-5\.10\.0\-9$|^.*-kernel-5\.10\.0\-9\-amd64$|^.*-kernel-5\.10\.0\-9$|^linux-.*-5\.10\.0\-9\-amd64$|^linux-.*-5\.10\.0\-9$|^kfreebsd-.*-5\.10\.0\-9\-amd64$|^kfreebsd-.*-5\.10\.0\-9$|^gnumach-.*-5\.10\.0\-9\-amd64$|^gnumach-.*-5\.10\.0\-9$|^.*-modules-5\.10\.0\-9\-amd64$|^.*-modules-5\.10\.0\-9$|^.*-kernel-5\.10\.0\-9\-amd64$|^.*-kernel-5\.10\.0\-9$) regexp to find running kernel packages
Checking: apache2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2=2.4.48-3.1+deb11u1
Checking: apache2-bin ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2-bin=2.4.48-3.1+deb11u1
Checking: apache2-data ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2-data=2.4.48-3.1+deb11u1
Checking: apache2-utils ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2-utils=2.4.48-3.1+deb11u1
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
Packages blacklist due to conffile prompts: []
Es wurden keine Pakete gefunden, von denen eine automatische Systemaktualisierung durchgeführt werden kann und kein ausstehendes automatisches Entfernen.
Package apache2 has a higher version available, checking if it is from an allowed origin and is not pinned down.
Package apache2-bin has a higher version available, checking if it is from an allowed origin and is not pinned down.
Package apache2-data has a higher version available, checking if it is from an allowed origin and is not pinned down.
Package apache2-utils has a higher version available, checking if it is from an allowed origin and is not pinned down.
Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2021-10-18 10:40:01
root@forms:~$

Was habe ich falsch gemacht?

[Tintom]

Hast du vorher Pinning gemacht? Will heißen: Existieren Dateien im Verzeichnis /etc/apt/preferences.d/
oder existiert eine Datei namens /etc/apt/preferences?

[Exxter]

/etc/apt/preferences.d/ ist leer, eine /etc/apt/preferences existiert nicht. Nein, Pinning habe ich nicht genutzt.

[willy4711]

Vielleicht mal:

Code: Alles auswählen

apt-mark showhold

bzw:

Code: Alles auswählen

apt-mark showmanual

Ich weiß nicht, wie sich unattended-upgrades sich in solchen Fällen verhält, da ich es nicht benutze.
Führt das Teil nur Sicherheitsaktualisierungen durch, wie in der Beschreibung ausgeführt, oder auch "normale" Upgrades

[Exxter]

apt-mark showhold zeigt nichts, aber ...

Code: Alles auswählen

root@forms:~$ apt-mark showmanual
adduser
apache2
apt
apt-file
apt-listchanges
apt-transport-https
apt-utils
aptitude
atop
base-files
base-passwd
bash
bash-completion
bind9-host
bsd-mailx
bsdextrautils
bsdutils
busybox
bzip2
ccze
certbot
check-mk-agent
console-setup
coreutils
cpio
cron
curl
dash
dbus
debconf
debconf-i18n
debian-archive-keyring
debian-faq
debian-goodies
debianutils
diffutils
discover
dmidecode
dmsetup
doc-debian
dos2unix
dpkg
e2fsprogs
eject
fdisk
findutils
gcc-8-base
gdbm-l10n
gettext-base
git
gpgv
grep
groff-base
grub-common
grub-pc
gzip
hdparm
hostname
htop
iftop
ifupdown
init
init-system-helpers
initramfs-tools
installation-report
iproute2
iptables
iputils-ping
isc-dhcp-client
isc-dhcp-common
keyboard-configuration
kmod
krb5-locales
laptop-detect
less
libacl1
libapparmor1
libapt-inst2.0
libapt-pkg5.0
libargon2-1
libattr1
libaudit-common
libaudit1
libblkid1
libbsd0
libbz2-1.0
libc-bin
libc6
libcap-ng0
libcap2
libcap2-bin
libcom-err2
libcryptsetup12
libdb5.3
libdebconfclient0
libdevmapper1.02.1
libdns-export1104
libelf1
libestr0
libext2fs2
libfastjson4
libfdisk1
libffi6
libgcc1
libgcrypt20
libgmp10
libgnutls30
libgpg-error0
libhogweed4
libidn11
libidn2-0
libip4tc0
libip6tc0
libiptc0
libisc-export1100
libjson-c3
libkmod2
liblocale-gettext-perl
liblockfile-bin
liblognorm5
liblz4-1
liblzma5
libmnl0
libmount1
libncurses6
libncursesw6
libnetfilter-conntrack3
libnettle6
libnewt0.52
libnfnetlink0
libnftnl11
libnss-systemd
libp11-kit0
libpam-modules
libpam-modules-bin
libpam-runtime
libpam-systemd
libpam0g
libpcre3
libpopt0
libprocps7
libseccomp2
libselinux1
libsemanage-common
libsemanage1
libsepol1
libslang2
libsmartcols1
libss2
libssl1.1
libstdc++6
libsystemd0
libtasn1-6
libtext-charwidth-perl
libtext-iconv-perl
libtext-wrapi18n-perl
libtinfo6
libudev1
libunistring2
libuuid1
libxtables12
libzstd1
linux-image-amd64
locales
locate
login
logrotate
lsb-base
lsof
lvm2
mail-expire
man-db
manpages
mawk
mount
mutt
nano
ncal
ncurses-base
ncurses-bin
ncurses-term
neomutt
net-tools
netbase
netcat-traditional
nmap
openssh-client
p7zip-full
passwd
pciutils
perl
perl-base
perl-modules-5.28
php
postfix
procps
python-certbot-apache
python2.7
python3-pip
python3-reportbug
qemu-guest-agent
readline-common
reportbug
rsync
rsyslog
screen
sed
sensible-utils
sudo
systemd
systemd-sysv
sysvinit-utils
tar
task-german
task-ssh-server
tasksel
tasksel-data
telnet
traceroute
tzdata
ucf
udev
unattended-upgrades
usbutils
util-linux
vim
vim-common
vim-tiny
wamerican
wget
whiptail
whois
xxd
zip
zlib1g

Heißt das, diese Pakete werden nur manuell aktualisiert?

[willy4711]

Testen:

Code: Alles auswählen

apt-mark auto apache2

Heißt das, diese Pakete werden nur manuell aktualisiert?

Ich weiß es nicht.

[MSfree]

...
Heißt das, diese Pakete werden nur manuell aktualisiert?

Nein.

Code: Alles auswählen

apt-mark --help

sagt, daß showmanual alle Pakete anzeigt, die manuell installiert wurden, also die, die man mit apt-get install <Paketname> installiert hat. Auch manuell ausgewählte Pakete, die man über alternative Programme wie synaptic, apt oder aptitude isntalliert hat, fallen in diese Kategorie. Ferner auch das, was man aus tasksel ausgewählt hat.

Im Grunde spielt es aber keine Rolle, ob Pakete manuell oder automatisch (also über die Abhängigkeiten) installiert wurden, die unattended-upgrades funktionieren mit allen Pakten, die nicht auf "hold" stehen.
Du solltest wirklich mal

Code: Alles auswählen

unattended-upgrade -d  --dry-run

aufrufen, um der Fehlerursache auf die Spur zu kommen.

[Exxter]

Du solltest wirklich mal

Code: Alles auswählen

unattended-upgrade -d  --dry-run

aufrufen, um der Fehlerursache auf die Spur zu kommen.

OK:

Code: Alles auswählen

root@forms:~$ unattended-upgrade -d --dry-run
Skript für automatische Systemaktualisierung wird gestartet
Erlaubte Ursprünge sind: origin=Debian,codename=bullseye-updates, origin=Debian,codename=bullseye,label=Debian, origin=Debian,codename=bullseye,label=Debian-Security
Anfangsnegativliste:
Initial whitelist (not strict):
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=335679 ID:11> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=474282 ID:10> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=335679 ID:1> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=474282 ID:0> with -32768 pin
Applying pinning: PkgFilePin(id=11, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=335679 ID:11>
Applying pinning: PkgFilePin(id=10, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=474282 ID:10>
Applying pinning: PkgFilePin(id=1, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=335679 ID:1>
Applying pinning: PkgFilePin(id=0, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=474282 ID:0>
Using (^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$) regexp to find kernel packages
Using (^linux-.*-5\.10\.0\-9\-amd64$|^linux-.*-5\.10\.0\-9$|^kfreebsd-.*-5\.10\.0\-9\-amd64$|^kfreebsd-.*-5\.10\.0\-9$|^gnumach-.*-5\.10\.0\-9\-amd64$|^gnumach-.*-5\.10\.0\-9$|^.*-modules-5\.10\.0\-9\-amd64$|^.*-modules-5\.10\.0\-9$|^.*-kernel-5\.10\.0\-9\-amd64$|^.*-kernel-5\.10\.0\-9$|^linux-.*-5\.10\.0\-9\-amd64$|^linux-.*-5\.10\.0\-9$|^kfreebsd-.*-5\.10\.0\-9\-amd64$|^kfreebsd-.*-5\.10\.0\-9$|^gnumach-.*-5\.10\.0\-9\-amd64$|^gnumach-.*-5\.10\.0\-9$|^.*-modules-5\.10\.0\-9\-amd64$|^.*-modules-5\.10\.0\-9$|^.*-kernel-5\.10\.0\-9\-amd64$|^.*-kernel-5\.10\.0\-9$) regexp to find running kernel packages
Checking: apache2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2=2.4.48-3.1+deb11u1
Checking: apache2-bin ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2-bin=2.4.48-3.1+deb11u1
Checking: apache2-data ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2-data=2.4.48-3.1+deb11u1
Checking: apache2-utils ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2-utils=2.4.48-3.1+deb11u1
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
Packages blacklist due to conffile prompts: []
Es wurden keine Pakete gefunden, von denen eine automatische Systemaktualisierung durchgeführt werden kann und kein ausstehendes automatisches Entfernen.
The list of kept packages can't be calculated in dry-run mode.
root@forms:~$

Sagt mir nicht viel

Vielleicht noch nützlich: Die VM wurde als Debian Buster 10.5 installiert und später auf Bullseye aktualisiert.

[MSfree]

In einem anderen Thread wurde berichtet, daß zuerst ein

Code: Alles auswählen

apt-get update

ausgeführt werden mußte, damit die unattendeds funktionieren.

Danach prüfe bitte nochmal mit

Code: Alles auswählen

unattended-upgrade -d  --dry-run

[Exxter]

OK:

Code: Alles auswählen

root@forms:~$ apt-get update
OK:1 http://deb.debian.org/debian bullseye InRelease
OK:2 http://security.debian.org/debian-security bullseye-security InRelease
OK:3 http://deb.debian.org/debian-security bullseye-security InRelease
Paketlisten werden gelesen… Fertig
root@forms:~$ unattended-upgrade -d --dry-run
Skript für automatische Systemaktualisierung wird gestartet
Erlaubte Ursprünge sind: origin=Debian,codename=bullseye-updates, origin=Debian,codename=bullseye,label=Debian, origin=Debian,codename=bullseye,label=Debian-Security
Anfangsnegativliste:
Initial whitelist (not strict):
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=335679 ID:11> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=474282 ID:10> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=335679 ID:1> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=474282 ID:0> with -32768 pin
Applying pinning: PkgFilePin(id=11, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=335679 ID:11>
Applying pinning: PkgFilePin(id=10, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=474282 ID:10>
Applying pinning: PkgFilePin(id=1, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='' site='security.debian.org' IndexType='Debian Translation Index' Size=335679 ID:1>
Applying pinning: PkgFilePin(id=0, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=11,o=Debian,l=Debian-Security arch='amd64' site='security.debian.org' IndexType='Debian Package Index' Size=474282 ID:0>
Using (^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$) regexp to find kernel packages
Using (^linux-.*-5\.10\.0\-9\-amd64$|^linux-.*-5\.10\.0\-9$|^kfreebsd-.*-5\.10\.0\-9\-amd64$|^kfreebsd-.*-5\.10\.0\-9$|^gnumach-.*-5\.10\.0\-9\-amd64$|^gnumach-.*-5\.10\.0\-9$|^.*-modules-5\.10\.0\-9\-amd64$|^.*-modules-5\.10\.0\-9$|^.*-kernel-5\.10\.0\-9\-amd64$|^.*-kernel-5\.10\.0\-9$|^linux-.*-5\.10\.0\-9\-amd64$|^linux-.*-5\.10\.0\-9$|^kfreebsd-.*-5\.10\.0\-9\-amd64$|^kfreebsd-.*-5\.10\.0\-9$|^gnumach-.*-5\.10\.0\-9\-amd64$|^gnumach-.*-5\.10\.0\-9$|^.*-modules-5\.10\.0\-9\-amd64$|^.*-modules-5\.10\.0\-9$|^.*-kernel-5\.10\.0\-9\-amd64$|^.*-kernel-5\.10\.0\-9$) regexp to find running kernel packages
Checking: apache2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2=2.4.48-3.1+deb11u1
Checking: apache2-bin ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2-bin=2.4.48-3.1+deb11u1
Checking: apache2-data ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2-data=2.4.48-3.1+deb11u1
Checking: apache2-utils ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>, <Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: apache2-utils=2.4.48-3.1+deb11u1
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
Packages blacklist due to conffile prompts: []
Es wurden keine Pakete gefunden, von denen eine automatische Systemaktualisierung durchgeführt werden kann und kein ausstehendes automatisches Entfernen.
The list of kept packages can't be calculated in dry-run mode.
root@forms:~$

Ich nutze normal nur aptitude oder apt, hätte eine Ursache sein können.

[willy4711]

Code: Alles auswählen

root@forms:~$ apt-get update
OK:1 http://deb.debian.org/debian bullseye InRelease
OK:2 http://security.debian.org/debian-security bullseye-security InRelease
OK:3 http://deb.debian.org/debian-security bullseye-security InRelease
Paketlisten werden gelesen… Fertig

da fehlt zum Schluss entweder:

Code: Alles auswählen

Abhängigkeitsbaum wird aufgebaut… Fertig
Statusinformationen werden eingelesen… Fertig
Alle Pakete sind aktuell.

bzw.
Da sollte doch angezeigt werden, dass soundsoviel updates zu Verfügung stehen, die man sich mit

Code: Alles auswählen

 apt list upgradeble

anzeigen lassen kann ??? Also hier apache*

[MSfree]

Code: Alles auswählen

root@forms:~$ apt-get update
OK:1 http://deb.debian.org/debian bullseye InRelease
OK:2 http://security.debian.org/debian-security bullseye-security InRelease
OK:3 http://deb.debian.org/debian-security bullseye-security InRelease
Paketlisten werden gelesen… Fertig

da fehlt zum Schluss entweder:

Code: Alles auswählen

Abhängigkeitsbaum wird aufgebaut… Fertig
Statusinformationen werden eingelesen… Fertig
Alle Pakete sind aktuell.

Nein, apt-get update macht, ausser neue Paketlisten zu laden, gar nichts. Es kommt auch keine Ausgabe, welche Dateien zu aktualisieren wären. Das kommt erst mit

Code: Alles auswählen

apt-get dist-upgrade -s

Kann es sein, daß du das mit apt (ohne -get) verwechselst?

[willy4711]

root@forms:~$ grep "^[^//]" /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Origins-Pattern {
// Codename based matching:
// This will follow the migration of a release through different
// archives (e.g. from testing to stable and later oldstable).
// Software will be the latest available for the named release,
// but the Debian release itself will not be automatically upgraded.
"origin=Debian,codename=${distro_codename}-updates";
//"origin=Debian,codename=${distro_codename}-proposed-updates";
"origin=Debian,codename=${distro_codename},label=Debian";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
// Archive or Suite based matching:
// Note that this will silently match a different release after
// migration to the specified archive (e.g. testing becomes the
// new stable).
};

Hab mich mal belesen (hoffe ich)
https://github.com/mvo5/unattended-upgrades sagt:

Only packages from this origin:archive pair will be installed. You can see all available origin:archive pairs by running apt-cache policy and checking the "o=" and "a=" fields. Variable substitution is supported for ${distro_id} that contains the output of lsb_release -i and ${distro_codename} that contains the output of lsb_release -c.

Mal ein Abschnitt aus apt-cache policy:

Code: Alles auswählen

500 http://deb.debian.org/debian bullseye/main amd64 Packages
     release v=11.1,o=Debian,a=stable,n=bullseye,l=Debian,c=main,b=amd64
     origin deb.debian.org

Wenn ich das richtig verstehe, müsste die Variable "codename=${distro_codename}"
so ausgefüllt sein: codename=${stable}

Aber - wie gesagt nur einen Vermutung, da ich das nicht benutze.

[willy4711]

Nein, apt-get update macht, ausser neue Paketlisten zu laden, gar nichts. Es kommt auch keine Ausgabe,

Sorry, habe apt- get schon ewig nicht mehr benutzt. mit apt update sieht das halt anders aus

Code: Alles auswählen

# apt update
OK:1 http://deb.debian.org/debian testing InRelease
OK:2 http://security.debian.org/debian-security testing-security InRelease         
Ign:3 http://repo.vivaldi.com/stable/deb stable InRelease                          
OK:4 http://repo.vivaldi.com/stable/deb stable Release                             
OK:5 https://apt.enpass.io stable InRelease                                        
OK:6 https://download.virtualbox.org/virtualbox/debian bullseye InRelease          
OK:7 https://www.deb-multimedia.org testing InRelease                     
OK:8 http://dist.jriver.com/beta/mediacenter buster InRelease
Paketlisten werden gelesen… Fertig
Abhängigkeitsbaum wird aufgebaut… Fertig
Statusinformationen werden eingelesen… Fertig
Alle Pakete sind aktuell.

Kann es sein, daß du das mit apt (ohne -get) verwechselst?

Ja - aber das da verschiedenen Ausgaben kommen ist wirklich befremdlich

[Exxter]

Ich habe jetzt kurzerhand mal

apt remove unattended-upgrades --purge ; apt install unattended-upgrades

gemacht, jetzt funktioniert es. Ich vermute willy hat recht, die config von Buster zu Bullseye hatte ich nicht neu schreiben lassen:



Allerdings habe ich das auf den anderen VM's auch nicht gemacht, wieso es dann gerade bei der nicht klappte kA.

Auf jeden Fall herzlichen Dank euch für alle Hilfe.