On Mon, 2004-07-26 at 18:43, Michael B Allen wrote: > I've been running Debian on the net for a while. I thought it's time to look > at keeping packages up to date. But when I run apt-get update: > > # apt-get upgrade > Reading Package Lists... Done > Building Dependency Tree... Done > The following packages have been kept back > apache apache-common autoconf debconf debianutils e2fsprogs file fileutils > libgd2-noxpm mailman mysql-client > mysql-server php4 php4-mysql php4-pear shellutils textutils > 40 packages upgraded, 0 newly installed, 0 to remove and 17 not upgraded. > Need to get 12.0MB of archives. After unpacking 2192kB will be used. > Do you want to continue? [Y/n] n > Abort. > > Why are packages being "kept back". These are precisely the packages I want > to update.
Because the new versions of those packages have new dependencies, and you don't have the new dependencies installed. That's the difference between "upgrade" and "dist-upgrade"; upgrade never installs new packages, for security reasons. But dist-upgrade will install any new stuff you need to satisfy upgrades of existing packages. In this example, the latest version of apache requires libmagic. You don't have a version of libmagic installed, so the apache version has to "be kept back". Try "apt-cache showpkg apache", and check out the dependencies line. > If I try one package: > > # apt-get install apache > Reading Package Lists... Done > Building Dependency Tree... Done > The following extra packages will be installed: > apache-common file libdb4.1 libmagic1 libtool > The following NEW packages will be installed: > libdb4.1 libmagic1 > 4 packages upgraded, 2 newly installed, 0 to remove and 53 not upgraded. > Need to get 2268kB of archives. After unpacking 1954kB will be used. > Do you want to continue? [Y/n] n > Abort. > > Why does it all of the sudden want to install libmagic1 when I don't have > that currently installed at all? Because the package file for the latest version of apache declares that it *requires* libmagic installed in order to work. Apt-get install works effectively like "apt-get dist-upgrade", in that it is happy to install new stuff if the target package needs it. > > Is there a "apt-get update packages just enough so I don't get hacked" > command? :-) It's "apt-get upgrade". For all debian packages, "security fix" upgrades never add dependencies. So they always install fine with "apt-get upgrade". But feature releases can add new dependencies, and if they do then "apt-get upgrade" will report "cannot install; package held back", because adding new packages is not something you want to do automatically on a stable, secure system. This is described in the apt manual. NB: I'm not a debian guru. Any corrections welcome. Cheers, Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
