Bug #26855: Security updates not applied on Debian 12, but campaign ends without error - Rudder - Issue Tracker

Actions

#1

Updated by Nicolas CHARLES 3 months ago

We are missing information there
Could you also share the output of the apt command, the list of packages to upgrade according to Rudder, and the system-update log file for this specific campaign ? Thank you

Actions

Copy link

#2

Updated by François ARMAND 3 months ago

Assignee set to Michel BOUISSOU

Actions

Copy link Download all files

#3

Updated by Michel BOUISSOU about 2 months ago

File Rudder_available_updates_250624a.png Rudder_available_updates_250624a.png added
File Rudder_campaign_results_250624a.png Rudder_campaign_results_250624a.png added

A new occurrence today :

- A Debian 12 node had 3 security updates avaiable, that were not installed.

- List of upgradable packages according to Rudder : See screenshot.
- Security updates campaigns was performed and didn't update any package. See screenshot.

Campaign run output :

The hook directory /var/rudder/system-update/hooks.d/pre-upgrade does not exist, skipping

Get:1 file:/var/cache/openmediavault/archives  InRelease
Ign: 1 file:/var/cache/openmediavault/archives  InRelease
File not found - /var/cache/openmediavault/archives/InRelease (2: No such file or directory)
Get:2 file:/var/cache/openmediavault/archives  Release
Ign: 2 file:/var/cache/openmediavault/archives  Release
File not found - /var/cache/openmediavault/archives/Release (2: No such file or directory)
Get:3 file:/var/cache/openmediavault/archives  Packages
Ign: 3 file:/var/cache/openmediavault/archives  Packages
Method gave a blank filename
Get:4 file:/var/cache/openmediavault/archives  Translation-en
Ign: 4 file:/var/cache/openmediavault/archives  Translation-en
File not found - /var/cache/openmediavault/archives/en.xz (2: No such file or directory)
Get:5 file:/var/cache/openmediavault/archives  Translation-fr
Ign: 5 file:/var/cache/openmediavault/archives  Translation-fr
File not found - /var/cache/openmediavault/archives/fr.xz (2: No such file or directory)
Get:3 file:/var/cache/openmediavault/archives  Packages
Ign: 3 file:/var/cache/openmediavault/archives  Packages
Method gave a blank filename
Get:4 file:/var/cache/openmediavault/archives  Translation-en
Ign: 4 file:/var/cache/openmediavault/archives  Translation-en
File not found - /var/cache/openmediavault/archives/en.bz2 (2: No such file or directory)
Get:5 file:/var/cache/openmediavault/archives  Translation-fr
Ign: 5 file:/var/cache/openmediavault/archives  Translation-fr
File not found - /var/cache/openmediavault/archives/fr.bz2 (2: No such file or directory)
Get:3 file:/var/cache/openmediavault/archives  Packages
Ign: 3 file:/var/cache/openmediavault/archives  Packages
Method gave a blank filename
Get:4 file:/var/cache/openmediavault/archives  Translation-en
Ign: 4 file:/var/cache/openmediavault/archives  Translation-en
File not found - /var/cache/openmediavault/archives/en.lzma (2: No such file or directory)
Get:5 file:/var/cache/openmediavault/archives  Translation-fr
Ign: 5 file:/var/cache/openmediavault/archives  Translation-fr
File not found - /var/cache/openmediavault/archives/fr.lzma (2: No such file or directory)
Get:3 file:/var/cache/openmediavault/archives  Packages
Ign: 3 file:/var/cache/openmediavault/archives  Packages
Method gave a blank filename
Get:4 file:/var/cache/openmediavault/archives  Translation-en
Ign: 4 file:/var/cache/openmediavault/archives  Translation-en
File not found - /var/cache/openmediavault/archives/en.gz (2: No such file or directory)
Get:5 file:/var/cache/openmediavault/archives  Translation-fr
Ign: 5 file:/var/cache/openmediavault/archives  Translation-fr
File not found - /var/cache/openmediavault/archives/fr.gz (2: No such file or directory)
Get:3 file:/var/cache/openmediavault/archives  Packages
Ign: 3 file:/var/cache/openmediavault/archives  Packages
Method gave a blank filename
Get:4 file:/var/cache/openmediavault/archives  Translation-en
Ign: 4 file:/var/cache/openmediavault/archives  Translation-en
File not found - /var/cache/openmediavault/archives/en.lz4 (2: No such file or directory)
Get:5 file:/var/cache/openmediavault/archives  Translation-fr
Ign: 5 file:/var/cache/openmediavault/archives  Translation-fr
File not found - /var/cache/openmediavault/archives/fr.lz4 (2: No such file or directory)
Get:3 file:/var/cache/openmediavault/archives  Packages
Ign: 3 file:/var/cache/openmediavault/archives  Packages
Method gave a blank filename
Get:4 file:/var/cache/openmediavault/archives  Translation-en
Ign: 4 file:/var/cache/openmediavault/archives  Translation-en
File not found - /var/cache/openmediavault/archives/en.zst (2: No such file or directory)
Get:5 file:/var/cache/openmediavault/archives  Translation-fr
Ign: 5 file:/var/cache/openmediavault/archives  Translation-fr
File not found - /var/cache/openmediavault/archives/fr.zst (2: No such file or directory)
Get:3 file:/var/cache/openmediavault/archives  Packages
Get:4 file:/var/cache/openmediavault/archives  Translation-en
Ign: 4 file:/var/cache/openmediavault/archives  Translation-en
File not found - /var/cache/openmediavault/archives/en (2: No such file or directory)
Get:5 file:/var/cache/openmediavault/archives  Translation-fr
Ign: 5 file:/var/cache/openmediavault/archives  Translation-fr
File not found - /var/cache/openmediavault/archives/fr (2: No such file or directory)
Hit:6 http://security.debian.org/debian-security bookworm-security InRelease
Hit:7 http://deb.debian.org/debian bookworm InRelease
Hit:8 http://deb.debian.org/debian-security bookworm-security InRelease
Hit:9 http://deb.debian.org/debian bookworm-updates InRelease
Hit:10 http://deb.debian.org/debian bookworm-backports InRelease
Hit:11 http://packages.openmediavault.org/public sandworm InRelease
Hit:12 https://openmediavault-plugin-developers.github.io/packages/debian sandworm InRelease
Hit:13 https://openmediavault.github.io/packages sandworm InRelease
Hit:14 http://httpredir.debian.org/debian bookworm-backports InRelease
Hit:15 https://download.docker.com/linux/debian bookworm InRelease
Hit:16 http://download.opensuse.org/repositories/filesystems:/snapper/Debian_12  InRelease
Hit:17 https://ftp.recompile.se/pub/mandos/debian bookworm-backports InRelease
Hit:18 https://download.rudder.io/apt/8.3 bookworm InReleaseNothing to fetch.
Nothing to fetch.
pmstatus:dpkg-exec:0.0000:Running dpkg

The hook directory /var/rudder/system-update/hooks.d/pre-reboot does not exist, skipping
NEEDRESTART-VER: 3.6
NEEDRESTART-KCUR: 6.12.12+bpo-amd64
NEEDRESTART-KEXP: 6.12.12+bpo-amd64
NEEDRESTART-KSTA: 1
NEEDRESTART-UCSTA: 2
NEEDRESTART-UCCUR: 0x0020
NEEDRESTART-UCEXP: 0x0021
NEEDRESTART-SVC: wsdd.service

The hook directory /var/rudder/system-update/hooks.d/post-upgrade does not exist, skipping

Apt outputs :

root in 🌐 nasgul in /var/log/rudder as 🧙 
❯ apt list --upgradable
En train de lister... Fait
gir1.2-gdkpixbuf-2.0/stable-security,stable-security 2.42.10+dfsg-1+deb12u2 amd64 [pouvant être mis à jour depuis : 2.42.10+dfsg-1+deb12u1]
libgdk-pixbuf-2.0-0/stable-security,stable-security 2.42.10+dfsg-1+deb12u2 amd64 [pouvant être mis à jour depuis : 2.42.10+dfsg-1+deb12u1]
libgdk-pixbuf2.0-common/stable-security,stable-security 2.42.10+dfsg-1+deb12u2 all [pouvant être mis à jour depuis : 2.42.10+dfsg-1+deb12u1]

root in 🌐 nasgul in /var/log/rudder as 🧙 
❯ apt-cache policy gir1.2-gdkpixbuf-2.0
gir1.2-gdkpixbuf-2.0:
  Installé : 2.42.10+dfsg-1+deb12u1
  Candidat : 2.42.10+dfsg-1+deb12u2
 Table de version :
     2.42.10+dfsg-1+deb12u2 500
        500 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages
        500 http://security.debian.org/debian-security bookworm-security/main amd64 Packages
 *** 2.42.10+dfsg-1+deb12u1 500
        500 http://deb.debian.org/debian bookworm/main amd64 Packages
        100 /var/lib/dpkg/status

root in 🌐 nasgul in /var/log/rudder as 🧙 
❯ apt-cache policy libgdk-pixbuf-2.0-0
libgdk-pixbuf-2.0-0:
  Installé : 2.42.10+dfsg-1+deb12u1
  Candidat : 2.42.10+dfsg-1+deb12u2
 Table de version :
     2.42.10+dfsg-1+deb12u2 500
        500 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages
        500 http://security.debian.org/debian-security bookworm-security/main amd64 Packages
 *** 2.42.10+dfsg-1+deb12u1 500
        500 http://deb.debian.org/debian bookworm/main amd64 Packages
        100 /var/lib/dpkg/status

root in 🌐 nasgul in /var/log/rudder as 🧙 
❯ apt-cache policy libgdk-pixbuf2.0-common
libgdk-pixbuf2.0-common:
  Installé : 2.42.10+dfsg-1+deb12u1
  Candidat : 2.42.10+dfsg-1+deb12u2
 Table de version :
     2.42.10+dfsg-1+deb12u2 500
        500 http://deb.debian.org/debian-security bookworm-security/main amd64 Packages
        500 http://security.debian.org/debian-security bookworm-security/main amd64 Packages
 *** 2.42.10+dfsg-1+deb12u1 500
        500 http://deb.debian.org/debian bookworm/main amd64 Packages
        100 /var/lib/dpkg/status

Actions

Copy link

#4

Updated by Michel BOUISSOU about 2 months ago

Campaign log on the node :

❯ sqlite3 rudder-module-system-updates.sqlite
SQLite version 3.40.1 2022-12-28 14:03:47
Enter ".help" for usage hints.
sqlite> select * from update_events where event_id= '12de17ef-a299-461b-94af-4b58b460c575';
49|12de17ef-a299-461b-94af-4b58b460c575|All servers daily security updates #55|completed|2025-06-24T00:09:54+00:00|2025-06-24T00:11:46.168460367+00:00|2025-06-24T00:12:01.905319908+00:00|{"software-updated":[],"status":"success","output":"\nThe hook directory /var/rudder/system-update/hooks.d/pre-upgrade does not exist, skipping\n\rGet:1 file:/var/cache/openmediavault/archives  InRelease\rIgn: 1 file:/var/cache/openmediavault/archives  InRelease\rFile not found - /var/cache/openmediavault/archives/InRelease (2: No such file or directory)\rGet:2 file:/var/cache/openmediavault/archives  Release\rIgn: 2 file:/var/cache/openmediavault/archives  Release\rFile not found - /var/cache/openmediavault/archives/Release (2: No such file or directory)\rGet:3 file:/var/cache/openmediavault/archives  Packages\rIgn: 3 file:/var/cache/openmediavault/archives  Packages\rMethod gave a blank filename\rGet:4 file:/var/cache/openmediavault/archives  Translation-en\rIgn: 4 file:/var/cache/openmediavault/archives  Translation-en\rFile not found - /var/cache/openmediavault/archives/en.xz (2: No such file or directory)\rGet:5 file:/var/cache/openmediavault/archives  Translation-fr\rIgn: 5 file:/var/cache/openmediavault/archives  Translation-fr\rFile not found - /var/cache/openmediavault/archives/fr.xz (2: No such file or directory)\rGet:3 file:/var/cache/openmediavault/archives  Packages\rIgn: 3 file:/var/cache/openmediavault/archives  Packages\rMethod gave a blank filename\rGet:4 file:/var/cache/openmediavault/archives  Translation-en\rIgn: 4 file:/var/cache/openmediavault/archives  Translation-en\rFile not found - /var/cache/openmediavault/archives/en.bz2 (2: No such file or directory)\rGet:5 file:/var/cache/openmediavault/archives  Translation-fr\rIgn: 5 file:/var/cache/openmediavault/archives  Translation-fr\rFile not found - /var/cache/openmediavault/archives/fr.bz2 (2: No such file or directory)\rGet:3 file:/var/cache/openmediavault/archives  Packages\rIgn: 3 file:/var/cache/openmediavault/archives  Packages\rMethod gave a blank filename\rGet:4 file:/var/cache/openmediavault/archives  Translation-en\rIgn: 4 file:/var/cache/openmediavault/archives  Translation-en\rFile not found - /var/cache/openmediavault/archives/en.lzma (2: No such file or directory)\rGet:5 file:/var/cache/openmediavault/archives  Translation-fr\rIgn: 5 file:/var/cache/openmediavault/archives  Translation-fr\rFile not found - /var/cache/openmediavault/archives/fr.lzma (2: No such file or directory)\rGet:3 file:/var/cache/openmediavault/archives  Packages\rIgn: 3 file:/var/cache/openmediavault/archives  Packages\rMethod gave a blank filename\rGet:4 file:/var/cache/openmediavault/archives  Translation-en\rIgn: 4 file:/var/cache/openmediavault/archives  Translation-en\rFile not found - /var/cache/openmediavault/archives/en.gz (2: No such file or directory)\rGet:5 file:/var/cache/openmediavault/archives  Translation-fr\rIgn: 5 file:/var/cache/openmediavault/archives  Translation-fr\rFile not found - /var/cache/openmediavault/archives/fr.gz (2: No such file or directory)\rGet:3 file:/var/cache/openmediavault/archives  Packages\rIgn: 3 file:/var/cache/openmediavault/archives  Packages\rMethod gave a blank filename\rGet:4 file:/var/cache/openmediavault/archives  Translation-en\rIgn: 4 file:/var/cache/openmediavault/archives  Translation-en\rFile not found - /var/cache/openmediavault/archives/en.lz4 (2: No such file or directory)\rGet:5 file:/var/cache/openmediavault/archives  Translation-fr\rIgn: 5 file:/var/cache/openmediavault/archives  Translation-fr\rFile not found - /var/cache/openmediavault/archives/fr.lz4 (2: No such file or directory)\rGet:3 file:/var/cache/openmediavault/archives  Packages\rIgn: 3 file:/var/cache/openmediavault/archives  Packages\rMethod gave a blank filename\rGet:4 file:/var/cache/openmediavault/archives  Translation-en\rIgn: 4 file:/var/cache/openmediavault/archives  Translation-en\rFile not found - /var/cache/openmediavault/archives/en.zst (2: No such file or directory)\rGet:5 file:/var/cache/openmediavault/archives  Translation-fr\rIgn: 5 file:/var/cache/openmediavault/archives  Translation-fr\rFile not found - /var/cache/openmediavault/archives/fr.zst (2: No such file or directory)\rGet:3 file:/var/cache/openmediavault/archives  Packages\rGet:4 file:/var/cache/openmediavault/archives  Translation-en\rIgn: 4 file:/var/cache/openmediavault/archives  Translation-en\rFile not found - /var/cache/openmediavault/archives/en (2: No such file or directory)\rGet:5 file:/var/cache/openmediavault/archives  Translation-fr\rIgn: 5 file:/var/cache/openmediavault/archives  Translation-fr\rFile not found - /var/cache/openmediavault/archives/fr (2: No such file or directory)\rHit:6 http://security.debian.org/debian-security bookworm-security InRelease\rHit:7 http://deb.debian.org/debian bookworm InRelease\rHit:8 http://deb.debian.org/debian-security bookworm-security InRelease\rHit:9 http://deb.debian.org/debian bookworm-updates InRelease\rHit:10 http://deb.debian.org/debian bookworm-backports InRelease\rHit:11 http://packages.openmediavault.org/public sandworm InRelease\rHit:12 https://openmediavault-plugin-developers.github.io/packages/debian sandworm InRelease\rHit:13 https://openmediavault.github.io/packages sandworm InRelease\rHit:14 http://httpredir.debian.org/debian bookworm-backports InRelease\rHit:15 https://download.docker.com/linux/debian bookworm InRelease\rHit:16 http://download.opensuse.org/repositories/filesystems:/snapper/Debian_12  InRelease\rHit:17 https://ftp.recompile.se/pub/mandos/debian bookworm-backports InRelease\rHit:18 https://download.rudder.io/apt/8.3 bookworm InReleaseNothing to fetch.\nNothing to fetch.\npmstatus:dpkg-exec:0.0000:Running dpkg\n\nThe hook directory /var/rudder/system-update/hooks.d/pre-reboot does not exist, skipping\nNEEDRESTART-VER: 3.6\nNEEDRESTART-KCUR: 6.12.12+bpo-amd64\nNEEDRESTART-KEXP: 6.12.12+bpo-amd64\nNEEDRESTART-KSTA: 1\nNEEDRESTART-UCSTA: 2\nNEEDRESTART-UCCUR: 0x0020\nNEEDRESTART-UCEXP: 0x0021\nNEEDRESTART-SVC: wsdd.service\n\n\n\nThe hook directory /var/rudder/system-update/hooks.d/post-upgrade does not exist, skipping"}|
sqlite>

Actions

Copy link

#5

Updated by Michel BOUISSOU about 2 months ago

Unattended-upgrade would upgrade those packages :

root in 🌐 nasgul in / as 🧙 took 16s 
❯ unattended-upgrade --dry-run
Démarrage du script de mise à niveau automatique
Les origines permises sont : origin=Debian,codename=bookworm,label=Debian-Security, origin=Debian,codename=bookworm-security,label=Debian-Security, origin=Debian,codename=bookworm,label=Debian-Security, origin=Debian,codename=bookworm-security,label=Debian-Security
Initial blacklist: 
Initial whitelist (not strict): 
Option --dry-run given, *not* performing real actions
Paquets mis à niveau : gir1.2-gdkpixbuf-2.0 libgdk-pixbuf-2.0-0 libgdk-pixbuf2.0-common
Écriture du journal de dpkg dans /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
apt-listchanges : Lecture des fichiers de modifications (« changelog »)...
apt-listchanges : Lecture des fichiers de modifications (« changelog »)...
/usr/bin/dpkg --status-fd 10 --no-triggers --unpack --auto-deconfigure /var/cache/apt/archives/libgdk-pixbuf2.0-common_2.42.10+dfsg-1+deb12u2_all.deb /var/cache/apt/archives/libgdk-pixbuf-2.0-0_2.42.10+dfsg-1+deb12u2_amd64.deb /var/cache/apt/archives/gir1.2-gdkpixbuf-2.0_2.42.10+dfsg-1+deb12u2_amd64.deb 
/usr/bin/dpkg --status-fd 10 --configure --pending 
Configuration en cours d'utilisation.
Instantané interdit.
Configuration en cours d'utilisation.
Toutes les mises à niveau ont été installées
The list of kept packages can't be calculated in dry-run mode.

Actions

Copy link

#6

Updated by Alexis Mousset about 2 months ago

Assignee changed from Michel BOUISSOU to Alexis Mousset

Actions

Copy link

#7

Updated by Alexis Mousset about 2 months ago

There is a problem with the selection of the package to install. It could be a source filter problem, or a version selection problem at first sight.

Actions

Copy link

#8

Updated by Alexis Mousset about 2 months ago · Edited

These packages are not seen as security upgrades by the module.

# unattended-upgrade --dry-run -d
Starting unattended upgrades script
Allowed origins are: origin=Debian,archive=stable,label=Debian-Security, origin=Debian,archive=oldstable,label=Debian-Security
Initial blacklist:
Initial whitelist (not strict):
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/repository.rudder.io_apt_8.3_dists_bookworm_main_binary-amd64_Packages'  a=bookworm,c=main,v=,o=Rudder,l=Rudder arch='amd64' site='repository.rudder.io' IndexType='Debian Package Index' Size=5558 ID:13> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm-updates_main_i18n_Translation-en'  a=stable-updates,c=main,v=12-updates,o=Debian,l=Debian arch='' site='ftp.fr.debian.org' IndexType='Debian Translation Index' Size=961 ID:12> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm-updates_main_binary-amd64_Packages'  a=stable-updates,c=main,v=12-updates,o=Debian,l=Debian arch='amd64' site='ftp.fr.debian.org' IndexType='Debian Package Index' Size=1232 ID:11> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bookworm-security_contrib_i18n_Translation-en'  a=stable-security,c=contrib,v=12,o=Debian,l=Debian-Security arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=1150 ID:10> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bookworm-security_contrib_binary-amd64_Packages'  a=stable-security,c=contrib,v=12,o=Debian,l=Debian-Security arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=1979 ID:9> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bookworm-security_main_i18n_Translation-en'  a=stable-security,c=main,v=12,o=Debian,l=Debian-Security arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=1088053 ID:8> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bookworm-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=12,o=Debian,l=Debian-Security arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=1756635 ID:7> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_non-free_i18n_Translation-en'  a=stable,c=non-free,v=12.11,o=Debian,l=Debian arch='' site='ftp.fr.debian.org' IndexType='Debian Translation Index' Size=424682 ID:6> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_non-free_binary-amd64_Packages'  a=stable,c=non-free,v=12.11,o=Debian,l=Debian arch='amd64' site='ftp.fr.debian.org' IndexType='Debian Package Index' Size=621838 ID:5> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_contrib_i18n_Translation-en'  a=stable,c=contrib,v=12.11,o=Debian,l=Debian arch='' site='ftp.fr.debian.org' IndexType='Debian Translation Index' Size=186212 ID:4> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_contrib_binary-amd64_Packages'  a=stable,c=contrib,v=12.11,o=Debian,l=Debian arch='amd64' site='ftp.fr.debian.org' IndexType='Debian Package Index' Size=231016 ID:3> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_main_i18n_Translation-fr'  a=stable,c=main,v=12.11,o=Debian,l=Debian arch='' site='ftp.fr.debian.org' IndexType='Debian Translation Index' Size=13260065 ID:2> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_main_i18n_Translation-en'  a=stable,c=main,v=12.11,o=Debian,l=Debian arch='' site='ftp.fr.debian.org' IndexType='Debian Translation Index' Size=32711761 ID:1> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_main_binary-amd64_Packages'  a=stable,c=main,v=12.11,o=Debian,l=Debian arch='amd64' site='ftp.fr.debian.org' IndexType='Debian Package Index' Size=50057470 ID:0> with -32768 pin
Applying pinning: PkgFilePin(id=13, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/repository.rudder.io_apt_8.3_dists_bookworm_main_binary-amd64_Packages'  a=bookworm,c=main,v=,o=Rudder,l=Rudder arch='amd64' site='repository.rudder.io' IndexType='Debian Package Index' Size=5558 ID:13>
Applying pinning: PkgFilePin(id=12, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm-updates_main_i18n_Translation-en'  a=stable-updates,c=main,v=12-updates,o=Debian,l=Debian arch='' site='ftp.fr.debian.org' IndexType='Debian Translation Index' Size=961 ID:12>
Applying pinning: PkgFilePin(id=11, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm-updates_main_binary-amd64_Packages'  a=stable-updates,c=main,v=12-updates,o=Debian,l=Debian arch='amd64' site='ftp.fr.debian.org' IndexType='Debian Package Index' Size=1232 ID:11>
Applying pinning: PkgFilePin(id=10, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bookworm-security_contrib_i18n_Translation-en'  a=stable-security,c=contrib,v=12,o=Debian,l=Debian-Security arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=1150 ID:10>
Applying pinning: PkgFilePin(id=9, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bookworm-security_contrib_binary-amd64_Packages'  a=stable-security,c=contrib,v=12,o=Debian,l=Debian-Security arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=1979 ID:9>
Applying pinning: PkgFilePin(id=8, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bookworm-security_main_i18n_Translation-en'  a=stable-security,c=main,v=12,o=Debian,l=Debian-Security arch='' site='deb.debian.org' IndexType='Debian Translation Index' Size=1088053 ID:8>
Applying pinning: PkgFilePin(id=7, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/deb.debian.org_debian-security_dists_bookworm-security_main_binary-amd64_Packages'  a=stable-security,c=main,v=12,o=Debian,l=Debian-Security arch='amd64' site='deb.debian.org' IndexType='Debian Package Index' Size=1756635 ID:7>
Applying pinning: PkgFilePin(id=6, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_non-free_i18n_Translation-en'  a=stable,c=non-free,v=12.11,o=Debian,l=Debian arch='' site='ftp.fr.debian.org' IndexType='Debian Translation Index' Size=424682 ID:6>
Applying pinning: PkgFilePin(id=5, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_non-free_binary-amd64_Packages'  a=stable,c=non-free,v=12.11,o=Debian,l=Debian arch='amd64' site='ftp.fr.debian.org' IndexType='Debian Package Index' Size=621838 ID:5>
Applying pinning: PkgFilePin(id=4, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_contrib_i18n_Translation-en'  a=stable,c=contrib,v=12.11,o=Debian,l=Debian arch='' site='ftp.fr.debian.org' IndexType='Debian Translation Index' Size=186212 ID:4>
Applying pinning: PkgFilePin(id=3, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_contrib_binary-amd64_Packages'  a=stable,c=contrib,v=12.11,o=Debian,l=Debian arch='amd64' site='ftp.fr.debian.org' IndexType='Debian Package Index' Size=231016 ID:3>
Applying pinning: PkgFilePin(id=2, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_main_i18n_Translation-fr'  a=stable,c=main,v=12.11,o=Debian,l=Debian arch='' site='ftp.fr.debian.org' IndexType='Debian Translation Index' Size=13260065 ID:2>
Applying pinning: PkgFilePin(id=1, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_main_i18n_Translation-en'  a=stable,c=main,v=12.11,o=Debian,l=Debian arch='' site='ftp.fr.debian.org' IndexType='Debian Translation Index' Size=32711761 ID:1>
Applying pinning: PkgFilePin(id=0, priority=-32768)
Applying pin -32768 to package_file: <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/ftp.fr.debian.org_debian_dists_bookworm_main_binary-amd64_Packages'  a=stable,c=main,v=12.11,o=Debian,l=Debian arch='amd64' site='ftp.fr.debian.org' IndexType='Debian Package Index' Size=50057470 ID:0>
Using (^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^linux-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^kfreebsd-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^gnumach-.*-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-modules-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$|^.*-kernel-[1-9][0-9]*\.[0-9]+\.[0-9]+-[0-9]+(-.+)?$) regexp to find kernel packages
Using (^linux-.*-6\.1\.0\-31\-amd64$|^linux-.*-6\.1\.0\-31$|^kfreebsd-.*-6\.1\.0\-31\-amd64$|^kfreebsd-.*-6\.1\.0\-31$|^gnumach-.*-6\.1\.0\-31\-amd64$|^gnumach-.*-6\.1\.0\-31$|^.*-modules-6\.1\.0\-31\-amd64$|^.*-modules-6\.1\.0\-31$|^.*-kernel-6\.1\.0\-31\-amd64$|^.*-kernel-6\.1\.0\-31$|^linux-.*-6\.1\.0\-31\-amd64$|^linux-.*-6\.1\.0\-31$|^kfreebsd-.*-6\.1\.0\-31\-amd64$|^kfreebsd-.*-6\.1\.0\-31$|^gnumach-.*-6\.1\.0\-31\-amd64$|^gnumach-.*-6\.1\.0\-31$|^.*-modules-6\.1\.0\-31\-amd64$|^.*-modules-6\.1\.0\-31$|^.*-kernel-6\.1\.0\-31\-amd64$|^.*-kernel-6\.1\.0\-31$) regexp to find running kernel packages
Checking: ca-certificates ([<Origin component:'main' archive:'stable-updates' origin:'Debian' label:'Debian' site:'ftp.fr.debian.org' isTrusted:True>])
adjusting candidate version: ca-certificates=20230311
Checking: libavif15 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libavif15=0.11.1-1
Checking: libblockdev-crypto2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libblockdev-crypto2=2.28-2
Checking: libblockdev-fs2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libblockdev-fs2=2.28-2
Checking: libblockdev-loop2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libblockdev-loop2=2.28-2
Checking: libblockdev-part-err2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libblockdev-part-err2=2.28-2
Checking: libblockdev-part2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libblockdev-part2=2.28-2
Checking: libblockdev-swap2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libblockdev-swap2=2.28-2
Checking: libblockdev-utils2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libblockdev-utils2=2.28-2
Checking: libblockdev2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libblockdev2=2.28-2
Checking: libfile-find-rule-perl ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libfile-find-rule-perl=0.34-3
Checking: libgdk-pixbuf-2.0-0 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libgdk-pixbuf-2.0-0=2.42.10+dfsg-1+deb12u1
Checking: libgdk-pixbuf2.0-bin ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libgdk-pixbuf2.0-bin=2.42.10+dfsg-1+deb12u1
Checking: libgdk-pixbuf2.0-common ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libgdk-pixbuf2.0-common=2.42.10+dfsg-1+deb12u1
Checking: libnss-systemd ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libnss-systemd=252.36-1~deb12u1
Checking: libpam-systemd ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libpam-systemd=252.36-1~deb12u1
Checking: libsystemd-shared ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libsystemd-shared=252.36-1~deb12u1
Checking: libsystemd0 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libsystemd0=252.36-1~deb12u1
Checking: libudev1 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libudev1=252.36-1~deb12u1
Checking: libudisks2-0 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libudisks2-0=2.9.4-4
Checking: libvpx7 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: libvpx7=1.12.0-1+deb12u3
Checking: linux-image-amd64 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: linux-image-amd64=6.1.137-1
Checking: linux-libc-dev ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: linux-libc-dev=6.1.137-1
Checking: net-tools ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: net-tools=2.10-0.1
Checking: systemd ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: systemd=252.36-1~deb12u1
Checking: systemd-sysv ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: systemd-sysv=252.36-1~deb12u1
Checking: systemd-timesyncd ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: systemd-timesyncd=252.36-1~deb12u1
Checking: udev ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: udev=252.36-1~deb12u1
Checking: udisks2 ([<Origin component:'main' archive:'stable-security' origin:'Debian' label:'Debian-Security' site:'deb.debian.org' isTrusted:True>])
adjusting candidate version: udisks2=2.9.4-4
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
Packages blacklist due to conffile prompts: []
Removing unused kernel packages: linux-image-5.10.0-34-amd64
marking linux-image-5.10.0-34-amd64 for removal
Packages that were successfully auto-removed:
Packages that are kept back:
No packages found that can be upgraded unattended and no pending auto-removals
The list of kept packages can't be calculated in dry-run mode.

Actions

Copy link

#9

Updated by François ARMAND about 1 month ago

Priority changed from To review to 1 (highest)

Actions

Copy link

#10

Updated by Alexis Mousset about 1 month ago

Status changed from New to In progress

Actions

Copy link

#11

Updated by Alexis Mousset 12 days ago

Project changed from 92 to Rudder
Category set to Module - system-updates
Target version changed from 8.3 to 8.3.4

Actions

Copy link

#12

Updated by Alexis Mousset 10 days ago

Status changed from In progress to Pending technical review
Pull Request set to https://github.com/Normation/rudder/pull/6546

PR https://github.com/Normation/rudder/pull/6546

Actions

Copy link

#13

Updated by Alexis Mousset 10 days ago

Assignee changed from Alexis Mousset to Michel BOUISSOU

Actions

Copy link

#14

Updated by Alexis Mousset 10 days ago

Status changed from Pending technical review to Pending release

Applied in changeset rudder|8ed876fb4291b1375e229b9468a8fcffa52aa5b6.

nasgul_has_security_updates_250502a.png (24 KB) nasgul_has_security_updates_250502a.png	nasgul server needs security updates	Michel BOUISSOU, 2025-05-02 10:12
security_updates_campaign_250502b.png (80.8 KB) security_updates_campaign_250502b.png	Security update campaign	Michel BOUISSOU, 2025-05-02 10:13
security_updates_results_250502c.png (51.9 KB) security_updates_results_250502c.png	Security update results, 1	Michel BOUISSOU, 2025-05-02 10:13
security_updates_results_250502d.png (51.7 KB) security_updates_results_250502d.png	Security update results, 2	Michel BOUISSOU, 2025-05-02 10:13
Rudder_available_updates_250624a.png (101 KB) Rudder_available_updates_250624a.png	Available updates	Michel BOUISSOU, 2025-06-24 09:27
Rudder_campaign_results_250624a.png (58.1 KB) Rudder_campaign_results_250624a.png	Campaign results : none updated	Michel BOUISSOU, 2025-06-24 09:27

Project

General

Profile

Rudder

Custom queries

Bug #26855

Security updates not applied on Debian 12, but campaign ends without error

Updated by Nicolas CHARLES 3 months ago

Updated by François ARMAND 3 months ago

Updated by Michel BOUISSOU about 2 months ago

Updated by Michel BOUISSOU about 2 months ago

Updated by Michel BOUISSOU about 2 months ago

Updated by Alexis Mousset about 2 months ago

Updated by Alexis Mousset about 2 months ago

Updated by Alexis Mousset about 2 months ago · Edited

Updated by François ARMAND about 1 month ago

Updated by Alexis Mousset about 1 month ago

Updated by Alexis Mousset 12 days ago

Updated by Alexis Mousset 10 days ago

Updated by Alexis Mousset 10 days ago

Updated by Alexis Mousset 10 days ago