Update issues with unattended-upgrades after upgrading from Debian 11 to 12 with Cloudpanel 2.4.2

[WPSpeedExpert]

CloudPanel version(s) affected

2.4.2

Description

After upgrading from Debian 11 to 12 I received emails from unattended-upgrades about packages kept back:

Packages with upgradable origin but kept back:
 Debian stable:
  libnginx-mod-http-geoip libnginx-mod-mail libnginx-mod-stream
  libnginx-mod-http-image-filter php-common
  libnginx-mod-http-subs-filter nginx nginx-common
  libnginx-mod-http-upstream-fair proftpd-mod-wrap proftpd-core
  libnginx-mod-http-xslt-filter libnginx-mod-http-auth-pam nginx-full
  proftpd-doc proftpd-mod-crypto libnginx-mod-http-dav-ext
  libnginx-mod-http-echo proftpd-basic

When checking for kept-back packages there were no kept-back packages:

dpkg --get-selections | grep hold

apt-mark showhold

After investigation, it appeared the following files have references to bullseye: /etc/apt/sources.list.d/packages.cloudpanel.io.list /etc/apt/sources.list.d/percona-mysql.list

I also noticed that when performing regular updates it will use the bullseye packages: Unpacking cloudpanel (2.4.2-4+clp-bullseye) over (2.4.2-3+clp-bullseye) ... Setting up cloudpanel (2.4.2-4+clp-bullseye) ...

I am not sure what the impact is of this issue.

How to reproduce

1: Update from Debian 11 to 12 with CLoudpanel 2.4.2 and unattended-upgrades

2. Run unattended-upgrades:

   unattended-upgrades

If configured with email notification you will get an email: [package on hold] unattended-upgrades result...

3. When checking for kept-back packages there were no kept-back packages:

   dpkg --get-selections | grep hold

   apt-mark showhold

4. Check the following files for references to bulseye: /etc/apt/sources.list.d/packages.cloudpanel.io.list /etc/apt/sources.list.d/percona-mysql.list

Possible Solution

1. make a copy of the files:

   cp /etc/apt/sources.list.d/packages.cloudpanel.io.list /etc/apt/sources.list.d/packages.cloudpanel.io.list.bak

   cp /etc/apt/sources.list.d/percona-mysql.list /etc/apt/sources.list.d/percona-mysql.list.bak

2. replace the content of the files using the cat command:

   cat > "/etc/apt/sources.list.d/packages.cloudpanel.io.list" << EOL
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm main
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm main-dev
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm nginx
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm nginx-dev
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-7.1
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-7.2
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-7.3
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-7.4
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.0
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.1
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.2
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.3
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm php-8.4
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm proftpd
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm varnish-7
   EOL

   cat > "/etc/apt/sources.list.d/percona-mysql.list" << EOL
   deb https://d17k9fuiwb52nc.cloudfront.net/ bookworm percona-server-server-8.0
   EOL

3. Remove all files from: /var/lib/apt/lists/

   rm -rf /var/lib/apt/lists/*

4. Update and autoclean:

   apt update -y && sudo apt upgrade -y && sudo apt dist-upgrade -y && sudo apt autoremove -y && sudo apt autoclean -y

5. Force all packages to update:

   apt-get dist-upgrade

If you get a Percona-server-server interaction screen, choose the default recommended settings: Use strong password encryption (RECOMMENDED)

6. Run unattended-upgrades:

   unattended-upgrades

7. You will receive an email about packages held back; manually update those packages will result in the notification that the packages are already the newest version:

root@backup:/etc/apt# sudo apt-get --with-new-pkgs upgrade libnginx-mod-http-auth-pam libnginx-mod-http-upstream-fair libnginx-mod-http-dav-ext libnginx-mod-http-subs-filter
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
libnginx-mod-http-auth-pam is already the newest version (1.26.0-6+clp-bookworm).
libnginx-mod-http-upstream-fair is already the newest version (1.26.0-6+clp-bookworm).
libnginx-mod-http-dav-ext is already the newest version (1.26.0-6+clp-bookworm).
libnginx-mod-http-subs-filter is already the newest version (1.26.0-6+clp-bookworm).
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

8. I don't know how to solve the unattended-upgrade notices regarding held-back package leftovers. I am still investigating if I should purge or remove the package according to the command () it will remove more packages and install 1 new package. Re-installing the packages did not solve the issue.

root@backup:/etc/apt# apt-get purge libnginx-mod-http-auth-pam libnginx-mod-http-upstream-fair libnginx-mod-http-dav-ext libnginx-mod-http-subs-filter
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  geoip-database libgeoip1 libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-ngx-brotli libnginx-mod-stream
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  nginx-light
Suggested packages:
  nginx-doc
The following packages will be REMOVED:
  libnginx-mod-http-auth-pam* libnginx-mod-http-dav-ext* libnginx-mod-http-subs-filter* libnginx-mod-http-upstream-fair* nginx-full*
The following NEW packages will be installed:
  nginx-light
0 upgraded, 1 newly installed, 5 to remove and 0 not upgraded.
Need to get 516 kB of archives.
After this operation, 534 kB disk space will be freed.
Do you want to continue? [Y/n]

Additional Context

No response

[cloudpanel-io]

We do not recommend upgrading Debian 11 to Debian 12.

It's cleaner to set up a new Debian 12 server and migrate all sites over.