Debian Backports and Virtualmin

I was experimenting with adding a couple of backports today, and having the backports repository in my sources.list caused Virtualmin to notify about all possible upgrades, even though the pinning scheme of backports dictates than only packages that are specifically given priority are to be upgraded.

Shouldn’t Virtualmin respect apt-get pinning? Is there a way to make it do so?

It kind of makes either backports or the Virtualmin upgrader useless, unless one wants to install all backports possible, which is not recommended, and probably shouldn’t be encouraged.

Howdy Mark,

Virtualmin should respect it, if apt-get respects it. Virtualmin just uses apt-get to figure out what is available for updates. Is there some incantation we have to feed to apt to make it respect pinning?

I’ve never been able to figure out pinning–I tried to use it early on in development on the installer for Debian, and I never got it to work right, so I’m a bit suspicious of the whole thing. :wink:

Well, I’m no pro at the whole pinning game. But the way its laid out on the Debian backports page, its pretty simple. By default, all backports are pinned with zero priority, so nothing will be installed. The idea being that you put stanzas like:

Package: mutt
Pin: release a=etch-backports
Pin-Priority: 999

in /etc/apt/preferences, if you want to prioritize a particular package from backports. Or you have the option of installing it straight, and newer versions will not be installed automatically.

Now, the deal seems to be that pinning is a second control layer on top of the regular apt hierarchy, and what happens is that if a particular package is higher in version, but lower in pin priority, it gets "held back". So, apt sees it as superceeding, but prevents itself from installing it. Therefore, when you do an apt-get install, you see a pile of every backport you could install, all held back.

Apparently, the interface that Virtualmin uses to apt ignores the held-back state, or so it seems. Maybe there is a flag that needs to be set? Of course, this could be complicated, as sometimes I have had packages get into a "held back" state for seemingly no good reason, and one would want Virtualmin to ignore that condition.

Hard to say. I’m just reporting the situation. The way out of this seems to be to enable backports in sources.list, install the ones you want, then disable backports again. Which isn’t great, because then you get no updates. Hmm.

What do you think?

Hi Mark,

At the moment, Virtualmin does it’s own version comparisons rather than asking APT for what updates are available, and so doesn’t know about pinning. This is definately a bug though, which I will need to look into.

Just out of interest, which packages are you pinning back?

Just the usual suspects, spamassassin and clamav, to get most recent filters.

I plan to use Debian volatile anyway, so its not an immediate concern. spamassassin hasn’t quite made it into volatile yet, so I have to pin the backport for now.

I just had to enable backports again to solve some kernel issues, and it looks like this behavior is still present, so I’m bumping this thread.

Any chance of webmin/virtualmin’s package system respecting pinning? Shouldn’t it be easier to have the module simply query apt rather than doing its own package organizing?


In addition, I just noticed that Webmin’s “Software Packages” module displays the correct behavior, which is to let apt do the figuring of which packages are upgradeable. Shouldn’t it be relatively easy to re-use that code in some way for Virtualmin’s package management?

The next release of Virtualmin’s ‘Package Updates’ module will take APT pinning into account. It was a little more complex to implement than the ‘Software Packages’ module, as that doesn’t display available updates - it just runs apt-get to install whatever you ask.

i’m running virtualmin pro 3.60 on debian 4.0, and i still have the problem of all backports “kept-back” packages showing up, and i even got an email saying those are “security” updates although they are not.
if i would not have read carefully, or set virtualmin to update automatically, i would probably have my server full of backported packages…
is there any solution to this? i think virtualmin should just take those packages into account that would appear in an apt-get (dist-)upgrade…