Why does "apt upgrade" show available upgrades if "unattended upgrades" is enabled?

For my nextcloudpi installation I have enabled ā€œunattended upgradesā€. However, when I manually run ā€œapt upgradeā€, quite a few packages are listed. So should I ignore this or is something wrong with the ā€œunattended upgradesā€ functionality?

The following NEW packages will be installed:
  busybox initramfs-tools initramfs-tools-core klibc-utils libfl2 libklibc linux-base
The following packages will be upgraded:
  apache2 apache2-bin apache2-data apache2-utils apt apt-utils base-files bind9-host binutils
  binutils-arm-linux-gnueabihf binutils-common ca-certificates curl dbus distro-info-data dnsutils
  e2fsprogs freetype2-doc fuse git git-man iputils-ping libapt-inst2.0 libapt-pkg5.0 libbind9-161
  libbinutils libbrotli1 libcom-err2 libcups2 libcurl3-gnutls libcurl4 libdbi-perl libdbus-1-3
  libdns-export1104 libdns1104 libext2fs2 libfreetype6 libfreetype6-dev libfribidi0 libfuse2
  libglib2.0-0 libglib2.0-data libgnutls30 libgssapi-krb5-2 libicu63 libidn2-0 libirs161
  libisc-export1100 libisc1100 libisccc161 libisccfg163 libjpeg62-turbo libjson-c3 libk5crypto3
  libkrb5-3 libkrb5support0 libldap-2.4-2 libldap-common liblwres161 libncurses6 libncursesw5
  libncursesw6 libopenmpt0 libpam-systemd libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0
  libpython3.7 libpython3.7-minimal libpython3.7-stdlib libsasl2-2 libsasl2-modules-db
  libsqlite3-0 libss2 libssh-gcrypt-4 libsystemd0 libtiff5 libtinfo5 libtinfo6 libudev1 libx11-6
  libx11-data libx11-xcb1 libxml2 libxmuu1 libzmq5 mariadb-client-10.3 mariadb-client-core-10.3
  mariadb-common mariadb-server mariadb-server-10.3 mariadb-server-core-10.3 ncurses-base
  ncurses-bin ncurses-term nfs-common nfs-kernel-server openssh-client openssh-server
  openssh-sftp-server php7.3 postfix python-apt python-apt-common python3-apt python3.7
  python3.7-minimal raspi-config redis-server redis-tools rpcbind ssh sudo systemd systemd-sysv
  tzdata udev wpasupplicant

you may check the config. maybe only security upgrades are enabled.

https://wiki.debian.org/UnattendedUpgrades

Thanks for the feedback. To me the config looks fine:

/etc/apt/apt.conf.d/50unattended-upgrades

        Unattended-Upgrade::Origins-Pattern {
                // Codename based matching:
                // This will follow the migration of a release through different
                // archives (e.g. from testing to stable and later oldstable).
                // Software will be the latest available for the named release,
                // but the Debian release itself will not be automatically upgraded.
        //      "origin=Debian,codename=${distro_codename}-updates";
        //      "origin=Debian,codename=${distro_codename}-proposed-updates";
                "origin=Debian,codename=${distro_codename},label=Debian";
                "origin=Debian,codename=${distro_codename},label=Debian-Security";

/etc/apt/apt.conf.d/20ncp-upgrades
        APT::Periodic::Update-Package-Lists "1";
        APT::Periodic::Unattended-Upgrade "1";
        APT::Periodic::MaxAge "14";
        APT::Periodic::AutocleanInterval "7";
        Unattended-Upgrade::Automatic-Reboot "true";
        Unattended-Upgrade::Automatic-Reboot-Time "04:00";
        Unattended-Upgrade::Origins-Pattern {
        o=Debian,n=buster;
        o=deb.sury.org,n=buster;
        o="Raspberry Pi Foundation",n=buster;
        }
        Dpkg::Options {
           "--force-confdef";
           "--force-confold";
        };

        // Enable the update/upgrade script, disabled by Armbian in 02-armbian-periodic
        APT::Periodic::Enable "1";

In the logs I find:

2020-12-29 06:38:46,419 INFO Initial blacklist :
2020-12-29 06:38:46,420 INFO Initial whitelist:
2020-12-29 06:38:46,420 INFO Starting unattended upgrades script
2020-12-29 06:38:46,420 INFO Allowed origins are: o=Debian,n=buster, o=deb.sury.org,n=buster, o=Raspberry Pi Foundation,n=buster, origin=Debian,codename=buster,lab$
2020-12-29 06:38:49,461 WARNING package raspi-config upgradable but fails to be marked for upgrade ()
2020-12-29 06:38:50,294 INFO Packages that will be upgraded :
2020-12-29 07:50:15,601 INFO Initial blacklist :
2020-12-29 07:50:15,602 INFO Initial whitelist:
2020-12-29 07:50:15,603 INFO Starting unattended upgrades script
2020-12-29 07:50:15,603 INFO Allowed origins are: o=Debian,n=buster, o=deb.sury.org,n=buster, o=Raspberry Pi Foundation,n=buster, origin=Debian,codename=buster,lab$
2020-12-29 07:50:18,605 WARNING package raspi-config upgradable but fails to be marked for upgrade ()

Maybe I have to re-phrase my question. Do I have to run
sudo apt dist-upgrade
manuelly every now and then for a NextcloudPi installation?

No should never have to run dist-upgrade untill ncp devs move ncp to the next stable Debian.

Ok, so why does the normal ā€œapt upgradeā€ show packages to upgrade but ā€œunattended-upgradesā€ does not find/install them?

This will be fixed with NCP 0.34.1

1 Like