Re: Safely Upgrading Packages
On Mon, 2004-07-26 at 18:43, Michael B Allen wrote:
> I've been running Debian on the net for a while. I thought it's time to look
> at keeping packages up to date. But when I run apt-get update:
>
> # apt-get upgrade
> Reading Package Lists... Done
> Building Dependency Tree... Done
> The following packages have been kept back
> apache apache-common autoconf debconf debianutils e2fsprogs file fileutils
> libgd2-noxpm mailman mysql-client
> mysql-server php4 php4-mysql php4-pear shellutils textutils
> 40 packages upgraded, 0 newly installed, 0 to remove and 17 not upgraded.
> Need to get 12.0MB of archives. After unpacking 2192kB will be used.
> Do you want to continue? [Y/n] n
> Abort.
>
> Why are packages being "kept back". These are precisely the packages I want
> to update.
Because the new versions of those packages have new dependencies, and
you don't have the new dependencies installed.
That's the difference between "upgrade" and "dist-upgrade"; upgrade
never installs new packages, for security reasons. But dist-upgrade will
install any new stuff you need to satisfy upgrades of existing packages.
In this example, the latest version of apache requires libmagic. You
don't have a version of libmagic installed, so the apache version has to
"be kept back".
Try "apt-cache showpkg apache", and check out the dependencies line.
> If I try one package:
>
> # apt-get install apache
> Reading Package Lists... Done
> Building Dependency Tree... Done
> The following extra packages will be installed:
> apache-common file libdb4.1 libmagic1 libtool
> The following NEW packages will be installed:
> libdb4.1 libmagic1
> 4 packages upgraded, 2 newly installed, 0 to remove and 53 not upgraded.
> Need to get 2268kB of archives. After unpacking 1954kB will be used.
> Do you want to continue? [Y/n] n
> Abort.
>
> Why does it all of the sudden want to install libmagic1 when I don't have
> that currently installed at all?
Because the package file for the latest version of apache declares that
it *requires* libmagic installed in order to work.
Apt-get install works effectively like "apt-get dist-upgrade", in that
it is happy to install new stuff if the target package needs it.
>
> Is there a "apt-get update packages just enough so I don't get hacked"
> command? :-)
It's "apt-get upgrade".
For all debian packages, "security fix" upgrades never add dependencies.
So they always install fine with "apt-get upgrade".
But feature releases can add new dependencies, and if they do then
"apt-get upgrade" will report "cannot install; package held back",
because adding new packages is not something you want to do
automatically on a stable, secure system.
This is described in the apt manual.
NB: I'm not a debian guru. Any corrections welcome.
Cheers,
Simon
Reply to: