Confusion about apt priorities?

Tom H tomh0665 at gmail.com
Tue Apr 14 16:07:16 UTC 2015 

On Tue, Apr 14, 2015 at 9:56 AM, RafaƂ Radecki <radecki.rafal at gmail.com> wrote:
>
> I try to configure apt priorities. I am using ubuntu 12.04. Overall:
>
> 1) my repositories are:
>
> 2) I have one file with priorities:
>
> cat /etc/apt/preferences.d/precise-security
> Package: *
> Pin: release a=precise-security
> Pin-Priority: 900
>
> 3) I checked that for repositories precise-updates and precise-security
> "Packages.gz" files contain info about linux-virtual package which I am
> using for testing priorities
>
> a)
> http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/dists/precise-updates/main/binary-amd64/Packages.gz
>
> Package: linux-virtual
> Version: 3.2.0.80.94
>
> b)
> http://security.ubuntu.com/ubuntu/dists/precise-security/main/binary-amd64/Packages.gz
>
> Package: linux-virtual
> Version: 3.2.0.80.94
>
> So overall I should be able to download linux-virtual from both repos.
>
> 4) apt-cache policy linux-virtual
> linux-virtual:
>   Installed: 3.2.0.76.90
>   Candidate: 3.2.0.80.94
>   Version table:
>      3.2.0.80.94 0
>         500 http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/
> precise-updates/main amd64 Packages
>         900 http://security.ubuntu.com/ubuntu/ precise-security/main amd64
> Packages
>  *** 3.2.0.76.90 0
>         100 /var/lib/dpkg/status
>      3.2.0.23.25 0
>         500 http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ precise/main
> amd64 Packages
>
> 5) But when I run:
>
> apt-get -s install linux-virtual -qq
> Inst linux-image-3.2.0-80-virtual (3.2.0-80.116 Ubuntu:12.04/precise-updates
> [amd64])
> Inst linux-headers-3.2.0-80 (3.2.0-80.116 Ubuntu:12.04/precise-updates
> [all])
> Inst linux-headers-3.2.0-80-virtual (3.2.0-80.116
> Ubuntu:12.04/precise-updates [amd64])
> Inst linux-virtual [3.2.0.76.90] (3.2.0.80.94 Ubuntu:12.04/precise-updates
> [amd64]) []
> Inst linux-image-virtual [3.2.0.76.90] (3.2.0.80.94
> Ubuntu:12.04/precise-updates [amd64]) []
> Inst linux-headers-virtual [3.2.0.76.90] (3.2.0.80.94
> Ubuntu:12.04/precise-updates [amd64])
> Conf linux-image-3.2.0-80-virtual (3.2.0-80.116 Ubuntu:12.04/precise-updates
> [amd64])
> Conf linux-headers-3.2.0-80 (3.2.0-80.116 Ubuntu:12.04/precise-updates
> [all])
> Conf linux-headers-3.2.0-80-virtual (3.2.0-80.116
> Ubuntu:12.04/precise-updates [amd64])
> Conf linux-image-virtual (3.2.0.80.94 Ubuntu:12.04/precise-updates [amd64])
> Conf linux-headers-virtual (3.2.0.80.94 Ubuntu:12.04/precise-updates
> [amd64])
> Conf linux-virtual (3.2.0.80.94 Ubuntu:12.04/precise-updates [amd64])
>
> I only get results from precise-updates repo and not (as I wanted when
> setting 900 priority for precise-security) from precise-security repo.
> I need this to check if in precise-security there are any kernel updates
> available to be able to tell if I really need to update the kernel because
> of security issues. Other kernel updates are not in scope of this.

Possible options:

1) Set the vivid-security priority to 990.

2) Set 'APT::Default-Release "precise-security";' (rather weird!) in
"/etc/apt/apt.conf.d/".

(AFAIK, neither of the above two will prevent non-vivid-security
packages from being installed, which seems to be what you want.)

3) Move the vivid-security archive setup to
"/etc/apt/apt.conf.d/precise-security.conf" and run "apt-get -o
Dir::Etc::sourcelist=/etc/apt/sources.list.d/precise-security.conf
update|upgrade|dist-upgrade".

4) Disable whatever triggers the unattended-upgrades security upgrades
and then run unattended-upgrades manually.

More information about the ubuntu-users mailing list