[Bug 2079810] Re: unattended-upgrades doesn't respect repo pin-priority

Julian Andres Klode 2079810 at bugs.launchpad.net
Fri Sep 6 10:26:49 UTC 2024 

This is the expected behavior, it will pick the highest version (well
highest priority version) from any allowed repository. You have not
disallowed installing the Ubuntu one, and you also did not allow it to
install the Mozilla one.

You have two options

1) Pin the Ubuntu version down instead:

Instead of

Package: *
Pin: origin packages.mozilla.org
Pin-Priority: 1000

please use

Package: firefox
Pin: release o=Ubuntu*
Pin-Priority: -1

or similar.

2) Add the Mozilla repository to the unattended-upgrades allow list.

 Unattended-Upgrade::Allowed-Origins

3) Add firefox to Unattended-Upgrade::Package-Blacklist


You may also be able to pin the installed version to 1000

Package: firefox
Pin: release now
Pin-Priority: 1000

This should cause it to not consider the Ubuntu versions as allowed
upgrades.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/2079810

Title:
  unattended-upgrades doesn't respect repo pin-priority

Status in unattended-upgrades package in Ubuntu:
  Won't Fix

Bug description:
  On a 24.04.1, I'm using the Mozilla repository for Firefox, with a higher pin-priority than the standard one.
  While `apt full-upgrade` does the right thing and updates firefox from the repo, it seems `unattended-upgrades` is not respecting it, so it brings back the package from the official repo, which in turns installs the snap.

  This is my config, and logs from the operations:

  
  /etc/apt/sources.list.d/mozilla.sources:

  Enabled: yes
  Types: deb
  URIs: https://packages.mozilla.org/apt
  Suites: mozilla
  Components: main
  Architectures: amd64
  Signed-By: /etc/apt/keyrings/mozilla.asc

  
  /etc/apt/preferences.d/mozilla:

  Package: *
  Pin: origin packages.mozilla.org
  Pin-Priority: 1000

  
  /var/log/apt/history.log:

  Start-Date: 2024-09-06  09:08:32
  Commandline: /usr/bin/unattended-upgrade
  Upgrade: firefox:amd64 (129.0.2~build1, 1:1snap1-0ubuntu5)
  End-Date: 2024-09-06  09:09:22

  
  /var/log/unattended-upgrades/unattended-upgrades.log:

  2024-09-06 09:08:29,087 INFO Starting unattended upgrades script
  2024-09-06 09:08:29,088 INFO Allowed origins are: o=Ubuntu,a=noble, o=Ubuntu,a=noble-security, o=UbuntuESMApps,a=noble-apps-security, o=UbuntuESM,a=noble-infra-security
  2024-09-06 09:08:29,088 INFO Initial blacklist: 
  2024-09-06 09:08:29,088 INFO Initial whitelist (not strict): 
  2024-09-06 09:08:31,616 INFO Packages that will be upgraded: firefox libssl-dev libssl3t64 openssl vim vim-common vim-runtime vim-tiny xxd
  2024-09-06 09:08:31,616 INFO Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
  2024-09-06 09:09:36,788 INFO All upgrades installed
  2024-09-06 09:09:39,004 INFO Packages that were successfully auto-removed: libgdk-pixbuf-xlib-2.0-0 libgdk-pixbuf2.0-0
  2024-09-06 09:09:39,004 INFO Packages that are kept back: 


  /var/log/unattended-upgrades/unattended-upgrades-dpkg.log:

  Log started: 2024-09-06  09:08:31
  Preconfiguring packages ...
  Preconfiguring packages ...
  (Reading database ... ^M(Reading database ... 5%^M(Reading database ... 10%^M(Reading database ... 15%^M(Reading database ... 20%^M(Reading database ... 25%^M(Reading database ... 30
  %^M(Reading database ... 35%^M(Reading database ... 40%^M(Reading database ... 45%^M(Reading database ... 50%^M(Reading database ... 55%^M(Reading database ... 60%^M(Reading database
   ... 65%^M(Reading database ... 70%^M(Reading database ... 75%^M(Reading database ... 80%^M(Reading database ... 85%^M(Reading database ... 90%^M(Reading database ... 95%^M(Reading d
  atabase ... 100%^M(Reading database ... 215287 files and directories currently installed.)
  Preparing to unpack .../firefox_1%3a1snap1-0ubuntu5_amd64.deb ...
  => Installing the firefox snap
  ==> Checking connectivity with the snap store
  ==> Installing the firefox snap
  Warning: /snap/bin was not found in your $PATH. If you've not restarted
           your session since you installed snapd, try doing that. Please see
           https://forum.snapcraft.io/t/9469 for more details.

  firefox 130.0-2 from Mozillaâś“ installed
  => Snap installation complete
  Unpacking firefox (1:1snap1-0ubuntu5) over (129.0.2~build1) ...
  Setting up firefox (1:1snap1-0ubuntu5) ...
  Processing triggers for desktop-file-utils (0.27-2build1) ...
  Processing triggers for hicolor-icon-theme (0.17-2) ...
  Processing triggers for gnome-menus (3.36.0-1.1ubuntu3) ...
  Log ended: 2024-09-06  09:09:23


  $ apt policy firefox
  firefox:
    Installed: 130.0~build2
    Candidate: 130.0~build2
    Version table:
       1:1snap1-0ubuntu5 500
          500 http://es.archive.ubuntu.com/ubuntu noble/main amd64 Packages
   *** 130.0~build2 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
          100 /var/lib/dpkg/status
       129.0.2~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       129.0.1~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       129.0~build2 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       128.0.3~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       128.0.2~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       128.0~build2 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       127.0.2~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       127.0.1~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       127.0~build2 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       126.0.1~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       126.0~build2 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       125.0.3~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       125.0.2~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       125.0.1~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       124.0.2~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       124.0.1~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       124.0~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       123.0.1~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       123.0~build3 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       122.0.1~build1 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages
       122.0~build2 1000
         1000 https://packages.mozilla.org/apt mozilla/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/2079810/+subscriptions

More information about the foundations-bugs mailing list