Dr. Alex Sheppard wrote:Hi, Unattended upgrades ended up removing some of the packages it was was going to upgrade ... bind9 being one of them and thereby breaking DNS on a client's network. Is this a bug in unattended upgrades, or a bug in apt or dpkg? Here is an extract from my unattended-upgrades.log to illustrate. FTR: I'm struggling to think how bind9 could have been installed as a dependency for something else on the machine in question. I am pretty sure I would have installed it manually which gives extra surprise to it being autoremoved.unattended-upgrades should not be allowed to autoremove. Doing so always ends up with surprises, unless you have pre-tested everything and keep your own apt repo a day or two behind Debian's. Unattended-Upgrade::Remove-Unused-Dependencies "false"; Unattended-Upgrade::Remove-New-Unused-Dependencies "false"; However, Unattended-Upgrade::Remove-Unused-Kernel-Packages is usually safe, unless you have very specific reasons to keep multiple old kernels around. -dsr-
Thanks Dan, I've updated my config accordingly to avoid this
happening in future :-)
It's not so urgent for me now, but I still get the feeling there is a bug to report.
My config had the normal "like apt-get autoremove" disabled as
per default
"""
// Do automatic removal of unused packages after the upgrade
// (equivalent to apt-get autoremove)
// Unattended-Upgrade::Remove-Unused-Dependencies "false";
"""
Whereas removing newly unused packages was enabled - also as per
the default
"""
// Do automatic removal of newly unused dependencies after the
upgrade
// Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
"""
My issue arose not from doing "the equivalent to apt-get autoremove" but by whatever "Remove-New-Unused-Dependencies" does. Does anybody know how the logic of this works / what commands are run to achieve this?
The way I see it there is a bug in either:
a) The logic in unattended-upgrades of how it goes about
fulfilling "Remove-New-Unused-Dependencies"
or
b) An underlying command that is called to fulfill the "Remove-New-Unused-Dependencies" operation
or
c) Uninstalling a package that it just upgraded seems like a mistake that ought to be catchable, but if there is just no way to do the "Remove-New-Unused-Dependencies" operation without risk of something important getting installed, the bug is that this is enabled by default.
So, unless anyone can explain otherwise, I think there is a bug
to report against unattended-upgrades.