Conversation
|
|
||
| Package: salt-* | ||
| Pin: version 3007.* | ||
| Pin-Priority: -10 |
There was a problem hiding this comment.
3007.* already has a lower priority, I believe this was due to unattended-upgrades ignoring pinning. my best guess is that the 3007 release that was picked up came through a security channel and pinning was bypasses.
There was a problem hiding this comment.
There was a problem hiding this comment.
I figured it had lower priority but i was interpreting the man page of https://manpages.ubuntu.com/manpages/focal/man5/apt_preferences.5.html
P < 0
prevents the version from being installed
to mean that it will actually go beyond priority and just outright block/say no to installing any 3007.* thing
There was a problem hiding this comment.
came through a security channel and pinning was bypasses.
is there any way to prevent that 😅
There was a problem hiding this comment.
maybe apt-mark hold but then we'd have to manually update :\
There was a problem hiding this comment.
https://askubuntu.com/questions/1515902/how-to-get-unattended-upgrade-to-obey-apt-pinned-packages Seems to indicate this is known behavior/bug in unattended upgrades and offers a solution
2 participants
Description
I feel like the pinning is "working" because
apt install salt-minionproperly set the version down back to 3006.*I propose adding a negative pin prio for 3007.* (on top of our existing pin priorty) for now to make sure it just fails if it tries
Closes