[Pkg-nagios-devel] Bug#827757: Bug#827757: apt-get upgrade doesn't want to upgrade packages in need of an upgrade
Alexander Wirt
formorer at debian.org
Mon Jun 20 21:35:41 UTC 2016
On Mon, 20 Jun 2016, David Kalnischkies wrote:
> Control: reassign -1 monitoring-plugins-basic
>
> On Mon, Jun 20, 2016 at 04:52:37PM +0200, Christoph Anton Mitterer wrote:
> > apt however, doesn't upgade:
> > # apt-get upgrade
>
> "apt-get upgrade" is documented to not install new (or remove) packages.
> It is strictly upgrading only. New packages can introduce new interfaces
> and especially new (potentially internet-facing) deamons and are hence
> not "safe" – at least not as safe as just upgrading is which is
> frequently done unattended (by a program or on "autopilot" by a human).
>
> aptitude doesn't have this restricting. "apt upgrade" hasn't either btw.
> Even "apt-get upgrade" can be told to lift this restriction with
> "--with-new-pkgs".
>
> So, not a bug in apt(-get) – it is a feature! ;)
>
>
> > I'd guess that the check_apt Icinga/Nagios check uses apt-get upgrade
> > to look for upgradable packages, because it returns:
> > # /usr/lib/nagios/plugins/check_apt
> > APT OK: 0 packages available for upgrade (0 critical updates). |available_upgrades=0;;;0 critical_updates=0;;;0
> >
> > Which is bad of course, and the security problem here.
>
> I guess the nagios check shouldn't use 'apt-get upgrade', but that
> depends on what it is supposed to show (aka what its users expect) and
> what it actually uses (based on "critical updates" I guess it is using
> its own code, perhaps a binding…) but both I don't know hence
> reassigning.
I don't think so. The plugin is expected to run on all distributions having
apt-get, apt is fairly new.
Alex
More information about the Pkg-nagios-devel
mailing list