Update issues with unattended-upgrades after upgrading from Debian 11 to 12 with Cloudpanel 2.4.2 #236

New Issue

MrUnknownDE · 2026-04-05T20:26:06+02:00

MrUnknownDE commented

2026-04-05 20:26:06 +02:00

Originally created by @WPSpeedExpert on 5/28/2024

CloudPanel version(s) affected

2.4.2

Description

After upgrading from Debian 11 to 12 I received emails from unattended-upgrades about packages kept back:

Packages with upgradable origin but kept back:
 Debian stable:
  libnginx-mod-http-geoip libnginx-mod-mail libnginx-mod-stream
  libnginx-mod-http-image-filter php-common
  libnginx-mod-http-subs-filter nginx nginx-common
  libnginx-mod-http-upstream-fair proftpd-mod-wrap proftpd-core
  libnginx-mod-http-xslt-filter libnginx-mod-http-auth-pam nginx-full
  proftpd-doc proftpd-mod-crypto libnginx-mod-http-dav-ext
  libnginx-mod-http-echo proftpd-basic

When checking for kept-back packages there were no kept-back packages:

dpkg --get-selections | grep hold

apt-mark showhold

After investigation, it appeared the following files have references to bullseye:
/etc/apt/sources.list.d/packages.cloudpanel.io.list
/etc/apt/sources.list.d/percona-mysql.list

I also noticed that when performing regular updates it will use the bullseye packages:
Unpacking cloudpanel (2.4.2-4+clp-bullseye) over (2.4.2-3+clp-bullseye) ...
Setting up cloudpanel (2.4.2-4+clp-bullseye) ...

I am not sure what the impact is of this issue.

How to reproduce

1: Update from Debian 11 to 12 with CLoudpanel 2.4.2 and unattended-upgrades

Run unattended-upgrades:

unattended-upgrades

If configured with email notification you will get an email:
[package on hold] unattended-upgrades result...

When checking for kept-back packages there were no kept-back packages:

dpkg --get-selections | grep hold

apt-mark showhold

Check the following files for references to bulseye:
/etc/apt/sources.list.d/packages.cloudpanel.io.list
/etc/apt/sources.list.d/percona-mysql.list

Possible Solution

make a copy of the files:

cp /etc/apt/sources.list.d/packages.cloudpanel.io.list /etc/apt/sources.list.d/packages.cloudpanel.io.list.bak

cp /etc/apt/sources.list.d/percona-mysql.list /etc/apt/sources.list.d/percona-mysql.list.bak

replace the content of the files using the cat command:

cat > "/etc/apt/sources.list.d/packages.cloudpanel.io.list" << EOL
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm main
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm main-dev
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm nginx
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm nginx-dev
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-7.1
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-7.2
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-7.3
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-7.4
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.0
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.1
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.2
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.3
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.4
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm proftpd
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm varnish-7
EOL

cat > "/etc/apt/sources.list.d/percona-mysql.list" << EOL
deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm percona-server-server-8.0
EOL

Remove all files from: /var/lib/apt/lists/

rm -rf /var/lib/apt/lists/*

Update and autoclean:

apt update -y && sudo apt upgrade -y && sudo apt dist-upgrade -y && sudo apt autoremove -y && sudo apt autoclean -y

Force all packages to update:

apt-get dist-upgrade

If you get a Percona-server-server interaction screen, choose the default recommended settings: Use strong password encryption (RECOMMENDED)

Run unattended-upgrades:

unattended-upgrades

You will receive an email about packages held back; manually update those packages will result in the notification that the packages are already the newest version:

root@backup:/etc/apt# sudo apt-get --with-new-pkgs upgrade libnginx-mod-http-auth-pam libnginx-mod-http-upstream-fair libnginx-mod-http-dav-ext libnginx-mod-http-subs-filter
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
libnginx-mod-http-auth-pam is already the newest version (1.26.0-6+clp-bookworm).
libnginx-mod-http-upstream-fair is already the newest version (1.26.0-6+clp-bookworm).
libnginx-mod-http-dav-ext is already the newest version (1.26.0-6+clp-bookworm).
libnginx-mod-http-subs-filter is already the newest version (1.26.0-6+clp-bookworm).
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

I don't know how to solve the unattended-upgrade notices regarding held-back package leftovers. I am still investigating if I should purge or remove the package according to the command () it will remove more packages and install 1 new package. Re-installing the packages did not solve the issue.

root@backup:/etc/apt# apt-get purge libnginx-mod-http-auth-pam libnginx-mod-http-upstream-fair libnginx-mod-http-dav-ext libnginx-mod-http-subs-filter
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  geoip-database libgeoip1 libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-ngx-brotli libnginx-mod-stream
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  nginx-light
Suggested packages:
  nginx-doc
The following packages will be REMOVED:
  libnginx-mod-http-auth-pam* libnginx-mod-http-dav-ext* libnginx-mod-http-subs-filter* libnginx-mod-http-upstream-fair* nginx-full*
The following NEW packages will be installed:
  nginx-light
0 upgraded, 1 newly installed, 5 to remove and 0 not upgraded.
Need to get 516 kB of archives.
After this operation, 534 kB disk space will be freed.
Do you want to continue? [Y/n]

Additional Context

No response

*Originally created by @WPSpeedExpert on 5/28/2024* ### CloudPanel version(s) affected 2.4.2 ### Description After upgrading from Debian 11 to 12 I received emails from unattended-upgrades about packages kept back: ``` Packages with upgradable origin but kept back: Debian stable: libnginx-mod-http-geoip libnginx-mod-mail libnginx-mod-stream libnginx-mod-http-image-filter php-common libnginx-mod-http-subs-filter nginx nginx-common libnginx-mod-http-upstream-fair proftpd-mod-wrap proftpd-core libnginx-mod-http-xslt-filter libnginx-mod-http-auth-pam nginx-full proftpd-doc proftpd-mod-crypto libnginx-mod-http-dav-ext libnginx-mod-http-echo proftpd-basic ``` When checking for kept-back packages there were no kept-back packages: # dpkg --get-selections | grep hold # apt-mark showhold After investigation, it appeared the following files have references to bullseye: /etc/apt/sources.list.d/packages.cloudpanel.io.list /etc/apt/sources.list.d/percona-mysql.list I also noticed that when performing regular updates it will use the bullseye packages: Unpacking cloudpanel (2.4.2-4+clp-bullseye) over (2.4.2-3+clp-bullseye) ... Setting up cloudpanel (2.4.2-4+clp-bullseye) ... I am not sure what the impact is of this issue. ### How to reproduce 1: Update from Debian 11 to 12 with CLoudpanel 2.4.2 and unattended-upgrades 2. Run unattended-upgrades: # unattended-upgrades If configured with email notification you will get an email: [package on hold] unattended-upgrades result... 3. When checking for kept-back packages there were no kept-back packages: # dpkg --get-selections | grep hold # apt-mark showhold 4. Check the following files for references to bulseye: /etc/apt/sources.list.d/packages.cloudpanel.io.list /etc/apt/sources.list.d/percona-mysql.list ### Possible Solution 1. make a copy of the files: # cp /etc/apt/sources.list.d/packages.cloudpanel.io.list /etc/apt/sources.list.d/packages.cloudpanel.io.list.bak # cp /etc/apt/sources.list.d/percona-mysql.list /etc/apt/sources.list.d/percona-mysql.list.bak 2. replace the content of the files using the cat command: ``` cat > "/etc/apt/sources.list.d/packages.cloudpanel.io.list" << EOL deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm main deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm main-dev deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm nginx deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm nginx-dev deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-7.1 deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-7.2 deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-7.3 deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-7.4 deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.0 deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.1 deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.2 deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.3 deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.4 deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm proftpd deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm varnish-7 EOL ``` ``` cat > "/etc/apt/sources.list.d/percona-mysql.list" << EOL deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm percona-server-server-8.0 EOL ``` 3. Remove all files from: /var/lib/apt/lists/ # rm -rf /var/lib/apt/lists/* 4. Update and autoclean: # apt update -y && sudo apt upgrade -y && sudo apt dist-upgrade -y && sudo apt autoremove -y && sudo apt autoclean -y 5. Force all packages to update: # apt-get dist-upgrade If you get a Percona-server-server interaction screen, choose the default recommended settings: Use strong password encryption (RECOMMENDED) 6. Run unattended-upgrades: # unattended-upgrades 7. You will receive an email about packages held back; manually update those packages will result in the notification that the packages are already the newest version: ``` root@backup:/etc/apt# sudo apt-get --with-new-pkgs upgrade libnginx-mod-http-auth-pam libnginx-mod-http-upstream-fair libnginx-mod-http-dav-ext libnginx-mod-http-subs-filter Reading package lists... Done Building dependency tree... Done Reading state information... Done libnginx-mod-http-auth-pam is already the newest version (1.26.0-6+clp-bookworm). libnginx-mod-http-upstream-fair is already the newest version (1.26.0-6+clp-bookworm). libnginx-mod-http-dav-ext is already the newest version (1.26.0-6+clp-bookworm). libnginx-mod-http-subs-filter is already the newest version (1.26.0-6+clp-bookworm). Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. ``` 8. I don't know how to solve the unattended-upgrade notices regarding held-back package leftovers. I am still investigating if I should purge or remove the package according to the command () it will remove more packages and install 1 new package. Re-installing the packages did not solve the issue. ``` root@backup:/etc/apt# apt-get purge libnginx-mod-http-auth-pam libnginx-mod-http-upstream-fair libnginx-mod-http-dav-ext libnginx-mod-http-subs-filter Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: geoip-database libgeoip1 libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-ngx-brotli libnginx-mod-stream Use 'apt autoremove' to remove them. The following additional packages will be installed: nginx-light Suggested packages: nginx-doc The following packages will be REMOVED: libnginx-mod-http-auth-pam* libnginx-mod-http-dav-ext* libnginx-mod-http-subs-filter* libnginx-mod-http-upstream-fair* nginx-full* The following NEW packages will be installed: nginx-light 0 upgraded, 1 newly installed, 5 to remove and 0 not upgraded. Need to get 516 kB of archives. After this operation, 534 kB disk space will be freed. Do you want to continue? [Y/n] ``` ### Additional Context _No response_

MrUnknownDE closed this issue

2026-04-05 20:26:06 +02:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/cloudpanel-ce#236