Project

General

Profile

Actions
Copy link

Bug #38471

open

Incorrect APT Pinning Priority for Debian Backports in Katello Repositories

Added by jerome lepez 5 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Repositories
Target version:
Katello Next
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Katello 3.16.1
Red Hat JIRA:

Description

When syncing and publishing Debian Backports repositories via Katello, the generated APT metadata assigns a default priority of 500 to the backports repository. This behavior differs from Debian’s native configuration, where backports are assigned a priority of 100 to prevent unintended upgrades.

Steps to Reproduce:

Create a content view in Katello for Debian 11.
Add the official bullseye-backports repository as a custom repository.
Publish and promote the content view.
On a subscribed client, run apt-cache policy.
Expected Behavior:

Backports should have a priority of 100, consistent with Debian’s default behavior, to avoid automatic installation of backports packages unless explicitly requested.
Actual Behavior:

Backports are assigned a priority of 500, making them equally preferred as stable packages.

Example output from apt-cache policy:

Package files:
100 /var/lib/dpkg/status
release a=now
500 katello://katello.example.org/pulp/content/M3M/test/CV_DEBIAN_11/custom/Debian_11/Debian_11_Backports bullseye-backports/main all Packages
release o=Debian Backports,a=bullseye-backports,n=bullseye-backports,l=Debian Backports,c=main,b=all
origin katello.example.org
500 katello://katello.example.org/pulp/content/M3M/test/CV_DEBIAN_11/custom/Debian_11/Debian_11_Backports bullseye-backports/main amd64 Packages
release o=Debian Backports,a=bullseye-backports,n=bullseye-backports,l=Debian Backports,c=main,b=amd64
origin katello.example.org
500 katello://katello.example.org/pulp/content/M3M/test/CV_DEBIAN_11/custom/Package_deb/antivirus-cortex katello/upload amd64 Packages
release o=Pulp 3,a=katello,n=katello,c=upload,b=amd64
origin katello.example.org
500 https://packages.sury.org/php bullseye/main amd64 Packages
release o=deb.sury.org,a=bullseye,n=bullseye,c=main,b=amd64
origin packages.sury.org
Impact:

This can lead to unintended installation of packages from backports, potentially introducing instability or unsupported packages in production environments.

Suggested Fix:

Katello should allow setting custom APT priorities per repository, or automatically assign a priority of 100 to repositories identified as Debian Backports.

No data to display

Actions
Copy link

Also available in: Atom PDF