Bug#1117973: gnome-software: removes packages during upgrades

Jeremy Bicha jeremy at bicha.net
Tue Nov 4 12:41:45 GMT 2025 

Control: severity -1 normal

I'm downgrading the severity since my initial thinking is that this is
somewhat of a feature request and also a description of unexpected
behavior but not necessarily wrong behavior from how gnome-software is
designed to work. Also, Debian appears to be changing the autoremoval
rules which makes RC level bugs have far-reaching effects.

On Mon, Oct 13, 2025 at 2:17 AM Raphaël Halimi <raphael.halimi at gmail.com> wrote:
> The problem was that this package has a versioned dependency against
> Firefox ESR. We do this in order to control when our users will switch
> to a new ESR version. I was confident that this would hold Firefox ESR
> upgrades until we decided to allow them, since `unattended-upgrades` is
> not supposed to remove packages, but it seems that GNOME Software
> doesn't care about that: to install the new version of `firefox-esr`
> (presented as a security update, OK, but still), it carelessly removed
> my package (and one of its reverse dependencies), as shown in the logs:

Maybe apt-mark hold would have worked?

> Note: of course our users don't have administrator rights on their
> machines and normally can't install packages by themselves with tools
> like APT or GNOME software. This was an automatic upgrade seemingly
> initiated by GNOME Software and handled by PackageKit, the user just
> accepted what the UI suggested.

If you don't want your users installing apps, it makes sense to me for
you to remove gnome-software like you did. Maybe you need to also lock
down PackageKit with a PolicyKit rule.

> In the meantime I created an equiv package to remove `gnome-software`
> from all machines (since anyway users are not allowed to install
> packages with it), and let `unattended-upgrades` manage upgrades. Maybe
> `gnome-software` should not be a hard dependency of `gnome-core`, but
> merely a recommends.

gnome-core is generally just mirroring the package choices of GNOME upstream.

There have been some requests over the years to create a more minimal
GNOME metapackage for Debian, but it hasn't been done yet. You can
follow https://bugs.debian.org/1089002 for this request.

Thank you,
Jeremy Bícha

More information about the pkg-gnome-maintainers mailing list