When checking for missing security updates I noticed that the servermon package list for copper showed an inconsistent status for xdelta:
Installed Version: ----
Available Version: 1.1.3-9.1
I incorrectly blamed servermon, but Alex pointed out that this is already wrong on the puppet fact level:
<package name="xdelta" new_version="1.1.3-9.1" origin="Debian" source_name="xdelta" />
After some poking we tracked down the problem to /usr/local/bin/apt2xml's handling of package updates which introduce new binary packages. This happens due to the simulation of a dist-upgrade by apt2xml instead of a regular upgrade.
On e.g. copper there's two packages which are held back (since their installation would install new binary packages): linux-meta and openstack-pkg-tools;
the latter is the package which would pull in xdelta.
Ways of handling this:
- Filter it at the apt2xml level (if a package does not have an available version, don't add it to the list at all)
- Inform at the servermon level the user of that edge case via a tooltip as proposed in https://github.com/servermon/servermon/issues/157
Moritz prefers the former with the following justification:
I think apt2xml should rather filter out the "available" version if the "installed" version is non-existant, because a) at the moment the package isn't installed yet and thus no update is required b) at the moment an update of openstack-pkg-tools is made, apt would automatically pull in the latest version of xdelta anyway