[NCP] Some packages are not updated

ℹ️ Support
, , , ,
1

Hello there,

im running NCP on a Raspberry Pi 4 B.

Nextcloud version: 27.1.6
NCP: 1.53.1
Operating system and version: Debian GNU/Linux 11 (bullseye) (NCP-Image)
Apache or nginx version: Apache/2.4.56 (Debian)
PHP version: 8.1.27

I used to update my system as recommended in “Staying up to date”.

I have found out that not all system packages are kept up to date.

Auto unattended-upgrades is enabled.

When I run an apt list --upgradable I get:

bluez-firmware/oldstable,oldstable 1.2-4+rpt11 all [upgradable from: 1.2-4+rpt8]
bluez/oldstable 5.55-3.1+rpt2+deb11u1 arm64 [upgradable from: 5.55-3.1+rpt1]
console-setup-linux/oldstable,oldstable 1.205+rpt1 all [upgradable from: 1.205]
console-setup/oldstable,oldstable 1.205+rpt1 all [upgradable from: 1.205]
dhcpcd5/oldstable 1:8.1.2-1+rpt9 arm64 [upgradable from: 1:8.1.2-1+rpt5]
firmware-atheros/oldstable,oldstable 1:20230210-5~bpo11+1+rpt2 all [upgradable from: 1:20210315-3+rpt5]
firmware-brcm80211/oldstable,oldstable 1:20230210-5~bpo11+1+rpt2 all [upgradable from: 1:20210315-3+rpt5]
firmware-libertas/oldstable,oldstable 1:20230210-5~bpo11+1+rpt2 all [upgradable from: 1:20210315-3+rpt5]
firmware-misc-nonfree/oldstable,oldstable 1:20230210-5~bpo11+1+rpt2 all [upgradable from: 1:20210315-3+rpt5]
firmware-realtek/oldstable,oldstable 1:20230210-5~bpo11+1+rpt2 all [upgradable from: 1:20210315-3+rpt5]
keyboard-configuration/oldstable,oldstable 1.205+rpt1 all [upgradable from: 1.205]
libc-bin/oldstable 2.31-13+rpt2+rpi1+deb11u7 arm64 [upgradable from: 2.31-13+rpt2+rpi1+deb11u2]
libc-dev-bin/oldstable 2.31-13+rpt2+rpi1+deb11u7 arm64 [upgradable from: 2.31-13+rpt2+rpi1+deb11u3]
libc-devtools/oldstable 2.31-13+rpt2+rpi1+deb11u7 arm64 [upgradable from: 2.31-13+rpt2+rpi1+deb11u2]
libc-l10n/oldstable,oldstable 2.31-13+rpt2+rpi1+deb11u7 all [upgradable from: 2.31-13+rpt2+rpi1+deb11u2]
libc6-dbg/oldstable 2.31-13+rpt2+rpi1+deb11u7 arm64 [upgradable from: 2.31-13+rpt2+rpi1+deb11u3]
libc6-dev/oldstable 2.31-13+rpt2+rpi1+deb11u7 arm64 [upgradable from: 2.31-13+rpt2+rpi1+deb11u3]
libc6/oldstable 2.31-13+rpt2+rpi1+deb11u7 arm64 [upgradable from: 2.31-13+rpt2+rpi1+deb11u3]
libcamera-apps-lite/oldstable 1.2.1-1 arm64 [upgradable from: 0~git20220105+b9a6923-1]
libcamera0/oldstable 0~git20230720+bde9b04f-1 arm64 [upgradable from: 0~git20220106+44d59841-2]
libmpdec3/bullseye 2.5.1-2+0~20240210.5+debian11~1.gbp216c03 arm64 [upgradable from: 2.5.1-1]
libpam-chksshpwd/oldstable 1.4.0-9+deb11u1+rpt2 arm64 [upgradable from: 1.4.0-7+rpt1]
libpam-modules-bin/oldstable 1.4.0-9+deb11u1+rpt2 arm64 [upgradable from: 1.4.0-9+deb11u1]
libpam-modules/oldstable 1.4.0-9+deb11u1+rpt2 arm64 [upgradable from: 1.4.0-9+deb11u1]
libpam-runtime/oldstable,oldstable 1.4.0-9+deb11u1+rpt2 all [upgradable from: 1.4.0-9+deb11u1]
libpam0g/oldstable 1.4.0-9+deb11u1+rpt2 arm64 [upgradable from: 1.4.0-9+deb11u1]
libpcre3/bullseye 2:8.45-1+0~20230620.10+debian11~1.gbp8792c4 arm64 [upgradable from: 2:8.39-13]
libraspberrypi-bin/oldstable 1:2+git20230322~143557+9d5250f-1 arm64 [upgradable from: 1:2+git20211125~155417+14b90ff-3]
libraspberrypi-dev/oldstable 1:2+git20230322~143557+9d5250f-1 arm64 [upgradable from: 1:2+git20211125~155417+14b90ff-3]
libraspberrypi-doc/oldstable,oldstable 1:2+git20230322~143557+9d5250f-1 all [upgradable from: 1:2+git20211125~155417+14b90ff-3]
libraspberrypi0/oldstable 1:2+git20230322~143557+9d5250f-1 arm64 [upgradable from: 1:2+git20211125~155417+14b90ff-3]
libssl1.1/oldstable 1.1.1w-0+deb11u1+rpt1 arm64 [upgradable from: 1.1.1w-0+deb11u1]
libxml2/bullseye 2.9.14+dfsg-0.1+0~20230421.14+debian11~1.gbpf14485 arm64 [upgradable from: 2.9.10+dfsg-6.7+deb11u4]
linux-libc-dev/oldstable 1:1.20230405-1 arm64 [upgradable from: 1:1.20220120-1]
locales/oldstable,oldstable 2.31-13+rpt2+rpi1+deb11u7 all [upgradable from: 2.31-13+rpt2+rpi1+deb11u2]
openssl/oldstable 1.1.1w-0+deb11u1+rpt1 arm64 [upgradable from: 1.1.1w-0+deb11u1]
php-common/bullseye,bullseye 2:94+0~20240205.51+debian11~1.gbp6faa2e all [upgradable from: 2:93+0~20231125.47+debian11~1.gbpc7171d]
php8.1/bullseye,bullseye 8.1.27-1+0~20231221.58+debian11~1.gbp3895b2 all [upgradable from: 8.1.26-1+0~20231124.57+debian11~1.gbpf408b8]
pi-bluetooth/oldstable,oldstable 0.1.19 all [upgradable from: 0.1.18]
raspberrypi-bootloader/oldstable 1:1.20230405-1 arm64 [upgradable from: 1:1.20220120-1]
raspberrypi-kernel/oldstable 1:1.20230405-1 arm64 [upgradable from: 1:1.20220120-1]
raspberrypi-net-mods/oldstable,oldstable 1.3.4 all [upgradable from: 1.3.3]
raspberrypi-sys-mods/oldstable 20230510~bullseye arm64 [upgradable from: 20220110+1]
raspi-config/oldstable,oldstable 20231012~bullseye all [upgradable from: 20220112]
raspinfo/oldstable,oldstable 20230123-1 all [upgradable from: 20190624-1]
rpi-eeprom/oldstable 16.1-1 arm64 [upgradable from: 13.5-1]

Most of them are patch updates. I think this is not a problem and maybe they will be updated through ncp soon.
But the following are very old. It seems that they do not get automatic updates. My original installation is from November 2022.

raspberrypi-bootloader/oldstable 1:1.20230405-1 arm64 [upgradable from: 1:1.20220120-1]
raspberrypi-kernel/oldstable 1:1.20230405-1 arm64 [upgradable from: 1:1.20220120-1]
raspberrypi-net-mods/oldstable,oldstable 1.3.4 all [upgradable from: 1.3.3]
raspberrypi-sys-mods/oldstable 20230510~bullseye arm64 [upgradable from: 20220110+1]
raspi-config/oldstable,oldstable 20231012~bullseye all [upgradable from: 20220112]
raspinfo/oldstable,oldstable 20230123-1 all [upgradable from: 20190624-1]
rpi-eeprom/oldstable 16.1-1 arm64 [upgradable from: 13.5-1]

So I have a few questions. Is this behaviour intentional? And if so, why?
Otherwise, can I upgrade the last very outdated packages without any problems?

Many thanks in advance.

Best regards
cebe

2

I checked: /etc/apt/apt.conf.d/50unattended-upgrades and only these three lines are uncommented:

"origin=Debian,codename=${distro_codename},label=Debian";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";

So I think the behaviour of not upgrading raspberrypi packages for example is technically correct.

But my question is still, can I upgrade them manually?

Best regards
cebe

3

You can, but I’d advise against it, as our main Dev has configured this, you could mess things up if you manually override these settings.

On my system, same versions as yours but as a VM in Proxmox, I also have some packages that are excluded from unattended upgrades. But as long as my NC is up and running I simply ignore them.

4

Thank you for your reply.

Yes, a stable running system is the most important for me.

But I can imagine that, for example, the kernel, bootloader or firmware will bring improved utilisation of the hardware (in my case the raspberry). Possibly also security fixes.
Maybe I’ll download the latest image and see which versions are available today. If they are different, it should be possible to upgrade to them without any problems.