Packages with security updates kept back

Glad I could help.

Quote from votdev

Thanks for your investigation.

The issue will be fixed in next version, see https://github.com/openmediava…42c957a7f0efae4bbee7931ed.

Just to be sure: Is this the intended behavior? This now pins all releases from a "bookworm" repository with the highest priority:

$ LANG=C apt-cache policy onedrive 
onedrive:
  Installed: (none)
  Candidate: 2.4.23-1
  Version table:
     2.4.25-1+deb12u1 500
        500 http://packages.openmediavault.org/public sandworm/main amd64 Packages
        500 https://openmediavault.github.io/packages sandworm/main amd64 Packages
     2.4.23-1 990
        990 http://deb.debian.org/debian bookworm/main amd64 Packages

The docker repository contains bookworm as well:

$ LANG=C apt-cache policy | grep -i "docker"
 990 https://download.docker.com/linux/debian bookworm/stable amd64 Packages
     release o=Docker,a=bookworm,l=Docker CE,c=stable,b=amd64
     origin download.docker.com

Installing newer (than the official Debian package) software releases from third-party repos is now only possible when explicitly requested (e.g. via apt install -t sandworm onedrive – not sure if this works for all sources).

Quote from votdev

No, this behaviour is not intended. I think this needs to be fixed.

Maybe just add an if condition, that only adds the new setting if a default release is already set? E.g. if cat /etc/apt/apt.conf.d/* | grep "APT::Default-Release" or cat /etc/apt/apt.conf | grep "APT::Default-Release" have an output?

Or to specifically only address the issue from this topic maybe even only add the setting if APT::Default-Release "bookworm" or APT::Default-Release "stable" have been set on the system?

I'm not a dev: Getting rid of the setting completely is probably more difficult? (Also someone might use this on purpose...)

Quote from votdev

The regression will be fixed in the next version, see https://github.com/openmediava…cc99b5c04ec0e11d6a87d91a2

This will break the behaviour of OMV, so i decided that this line will be removed from /etc/apt/apt.conf.

I also read about a discussion on Debian that this setting should be deprecated. You can easily achive the same with repo pinning.

That was fast! It's probably the cleanest solution this way. Thank you for all your efforts!

Quote from votdev

The regression will be fixed in the next version, see https://github.com/openmediava…cc99b5c04ec0e11d6a87d91a2

This will break the behaviour of OMV, so i decided that this line will be removed from /etc/apt/apt.conf.

I also read about a discussion on Debian that this setting should be deprecated. You can easily achive the same with repo pinning.

I just did the update from 7.4.1-2 to 7.4.1-3 and /etc/apt/apt.conf.d/99openmediavault-default-release is still there. It wasn't removed.

Does this mean it only applies to versions below 7.4.1? https://github.com/openmediava…nmediavault.postinst#L538

Quote from votdev

WTF, had to do another round of emergency release because the SaltState crashed in some situations. See https://github.com/openmediava…cdcb2e8f67c9e6a2aee512393. This crappy feature ruined last night and this afternoon for me.

Sorry to hear that. Looks good now on my system!

Thank you for what you are doing! It's really appreciated!