为什么使用“apt update”时未安装 Debian 安全更新? (需要用“-t stable-security”强制)

tag-icon tag-icon debian apt security
为什么使用“apt update”时未安装 Debian 安全更新? (需要用“-t stable-security”强制)

apt upgrade使用或等命令时不会安装 Debian 安全更新apt dist-upgrade。我也尝试过用apt-get代替apt.

apt upgrade -t stable-security但是,像或 这样的命令apt install nodejs -t stable-security将安装安全更新(例如https://www.debian.org/security/2022/dsa-5170)。

你知道为什么吗?这个问题发生在我的 Debian 稳定版笔记本电脑上,但我还有一台 Debian 稳定版服务器 (VPS),没有这个问题。我检查了/etc/apt/sources.list两个安装上的文件是否相同,并且没有/etc/apt/preferences文件。

以下是未注释的行/etc/apt/sources.list(基于https://wiki.debian.org/SourcesList#Example_sources.list):

deb http://deb.debian.org/debian stable main
deb-src http://deb.debian.org/debian stable main

deb http://deb.debian.org/debian-security/ stable-security main
deb-src http://deb.debian.org/debian-security/ stable-security main

deb http://deb.debian.org/debian stable-updates main
deb-src http://deb.debian.org/debian stable-updates main

deb http://deb.debian.org/debian bullseye-backports main
deb-src http://deb.debian.org/debian bullseye-backports main

为了回答评论中的问题,以下是输出apt policy

Package files:
 100 /var/lib/dpkg/status
     release a=now
 100 http://deb.debian.org/debian bullseye-backports/main i386 Packages
     release o=Debian Backports,a=bullseye-backports,n=bullseye-backports,l=Debian Backports,c=main,b=i386
     origin deb.debian.org
 100 http://deb.debian.org/debian bullseye-backports/main amd64 Packages
     release o=Debian Backports,a=bullseye-backports,n=bullseye-backports,l=Debian Backports,c=main,b=amd64
     origin deb.debian.org
 500 http://deb.debian.org/debian stable-updates/main i386 Packages
     release v=11-updates,o=Debian,a=stable-updates,n=bullseye-updates,l=Debian,c=main,b=i386
     origin deb.debian.org
 500 http://deb.debian.org/debian stable-updates/main amd64 Packages
     release v=11-updates,o=Debian,a=stable-updates,n=bullseye-updates,l=Debian,c=main,b=amd64
     origin deb.debian.org
 500 http://deb.debian.org/debian-security stable-security/main i386 Packages
     release v=11,o=Debian,a=stable-security,n=bullseye-security,l=Debian-Security,c=main,b=i386
     origin deb.debian.org
 500 http://deb.debian.org/debian-security stable-security/main amd64 Packages
     release v=11,o=Debian,a=stable-security,n=bullseye-security,l=Debian-Security,c=main,b=amd64
     origin deb.debian.org
 990 http://deb.debian.org/debian stable/main i386 Packages
     release v=11.5,o=Debian,a=stable,n=bullseye,l=Debian,c=main,b=i386
     origin deb.debian.org
 990 http://deb.debian.org/debian stable/main amd64 Packages
     release v=11.5,o=Debian,a=stable,n=bullseye,l=Debian,c=main,b=amd64
     origin deb.debian.org
Pinned packages:

请注意,之前我也有过https://download.virtualbox.org/virtualbox/debian显示在那里,但我在搜索问题时对其进行了评论(再次尝试时并/etc/apt/sources.list没有解决问题)。apt updateapt upgrade

我们可以看到 的固定优先级stable高于stable-security,这似乎是问题所在,您知道为什么吗?

答案1

优先级990对应默认发布;很可能,有一个配置条目说

APT::Default-Release "stable";

或同等学历。

如果你删除它,一切都会自行解决。

或者,作为Debian 11 发行说明中提到,您可以保留“APT::Default-Release”设置,只要将其更改为

APT::Default-Release "/^bullseye(|-security|-updates)$/";

对于大多数有用的场景Default-Release,我发现固定更合适。

相关内容