Re: Safely Upgrading Packages

To: Michael B Allen <mba2000@ioplex.com>
Cc: debian-user@lists.debian.org
Subject: Re: Safely Upgrading Packages
From: Simon Kitching <simon@ecnetwork.co.nz>
Date: Mon, 26 Jul 2004 19:01:04 +1200
Message-id: <[🔎] 1090825263.1990.226.camel@pcsimon>
In-reply-to: <[🔎] 20040726024313.1467b66d.mba2000@ioplex.com>
References: <[🔎] 20040726024313.1467b66d.mba2000@ioplex.com>

On Mon, 2004-07-26 at 18:43, Michael B Allen wrote:
> I've been running Debian on the net for a while. I thought it's time to look
> at keeping packages up to date. But when I run apt-get update:
> 
> # apt-get upgrade
> Reading Package Lists... Done
> Building Dependency Tree... Done
> The following packages have been kept back
>   apache apache-common autoconf debconf debianutils e2fsprogs file fileutils
> libgd2-noxpm mailman mysql-client
>   mysql-server php4 php4-mysql php4-pear shellutils textutils 
> 40 packages upgraded, 0 newly installed, 0 to remove and 17  not upgraded.
> Need to get 12.0MB of archives. After unpacking 2192kB will be used.
> Do you want to continue? [Y/n] n
> Abort.
> 
> Why are packages being "kept back". These are precisely the packages I want
> to update.

Because the new versions of those packages have new dependencies, and
you don't have the new dependencies installed.

That's the difference between "upgrade" and "dist-upgrade"; upgrade
never installs new packages, for security reasons. But dist-upgrade will
install any new stuff you need to satisfy upgrades of existing packages.

In this example, the latest version of apache requires libmagic. You
don't have a version of libmagic installed, so the apache version has to
"be kept back".

Try "apt-cache showpkg apache", and check out the dependencies line.

> If I try one package:
> 
> # apt-get install apache
> Reading Package Lists... Done
> Building Dependency Tree... Done
> The following extra packages will be installed:
>   apache-common file libdb4.1 libmagic1 libtool 
> The following NEW packages will be installed:
>   libdb4.1 libmagic1 
> 4 packages upgraded, 2 newly installed, 0 to remove and 53  not upgraded.
> Need to get 2268kB of archives. After unpacking 1954kB will be used.
> Do you want to continue? [Y/n] n
> Abort.
> 
> Why does it all of the sudden want to install libmagic1 when I don't have
> that currently installed at all?

Because the package file for the latest version of apache declares that
it *requires* libmagic installed in order to work.

Apt-get install works effectively like "apt-get dist-upgrade", in that
it is happy to install new stuff if the target package needs it.

> 
> Is there a "apt-get update packages just enough so I don't get hacked"
> command? :-)

It's "apt-get upgrade".

For all debian packages, "security fix" upgrades never add dependencies.
So they always install fine with "apt-get upgrade".

But feature releases can add new dependencies, and if they do then
"apt-get upgrade" will report "cannot install; package held back",
because adding new packages is not something you want to do
automatically on a stable, secure system.

This is described in the apt manual.

NB: I'm not a debian guru. Any corrections welcome.

Cheers,

Simon

Reply to:

Follow-Ups:
- Re: Safely Upgrading Packages
  - From: "John Fleming" <john@wa9als.com>
- Re: Safely Upgrading Packages
  - From: "Michael B Allen" <mba2000@ioplex.com>

References:
- Safely Upgrading Packages
  - From: Michael B Allen <mba2000@ioplex.com>

Prev by Date: Re: Urgent :Dual boot Debian+Mandrake with lilo
Next by Date: Re: Urgent :Dual boot Debian+Mandrake with lilo
Previous by thread: Re: Safely Upgrading Packages
Next by thread: Re: Safely Upgrading Packages
Index(es):
- Date
- Thread