Resolving Package Update Discrepancies in Ubuntu 10.04 LTS: Why apt-get Shows Different Counts Than MOTD


2 views

When working with Ubuntu 10.04 LTS servers, you might encounter this puzzling situation:

$ sudo apt-get update
$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
  linux-generic-pae linux-headers-generic-pae linux-image-generic-pae
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.

Yet the message of the day (MOTD) shows:

42 packages can be updated.
18 updates are security updates.

The discrepancy occurs because different components use different methods to check for updates:

  • MOTD uses /usr/lib/update-notifier/update-motd-updates-available which checks all repositories
  • apt-get follows more conservative dependency resolution rules

For the "kept back" kernel packages, try:

sudo apt-get --with-new-pkgs upgrade

For a complete system upgrade including dependencies:

sudo apt-get dist-upgrade

To specifically handle security updates (recommended for servers):

sudo unattended-upgrade --dry-run
sudo unattended-upgrade

Create /etc/apt/apt.conf.d/20auto-upgrades with:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

Then enable the service:

sudo systemctl enable --now unattended-upgrades

To manually check all available updates (like MOTD does):

sudo apt update
/usr/lib/update-notifier/apt-check --human-readable

For security updates specifically:

sudo apt-get upgrade -s | grep -i security

When working with Ubuntu 10.04 LTS Server, you might encounter this puzzling situation:

42 packages can be updated.
18 updates are security updates.

Yet when running standard update commands:

sudo apt-get update
sudo apt-get upgrade

The output shows:

0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.

The discrepancy occurs because two different mechanisms are checking for updates:

  • MOTD (Message of the Day): Runs /usr/lib/update-notifier/update-motd which uses update-notifier-common to check all available updates
  • APT-GET: Follows more conservative upgrade rules by default

The MOTD update checker shows all available updates in the repositories, while apt-get upgrade by default will:

  • Skip packages that would remove installed packages
  • Skip packages that require new dependencies
  • Handle held-back packages differently

Case 1: Kernel Updates Being Held Back

If you see kernel-related packages held back (common in Ubuntu 10.04):

sudo apt-get install --only-upgrade linux-generic-pae linux-headers-generic-pae linux-image-generic-pae

Case 2: Full System Upgrade

To match what MOTD reports:

sudo apt-get dist-upgrade

Or more safely:

sudo apt-get install $(apt-get -s upgrade | awk '/^Inst/ {print $2}')

To inspect exactly which packages are available for upgrade:

apt-get -s upgrade | grep "^Inst"

For a security-focused update approach:

sudo apt-get update && sudo apt-get upgrade --only-upgrade $(apt-get -s upgrade | awk '/^Inst/ {print $2}' | grep -i security)

For production servers, consider setting up unattended upgrades for security patches:

sudo apt-get install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades

Edit /etc/apt/apt.conf.d/50unattended-upgrades to customize:

Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}-security";
    "${distro_id}:${distro_codename}-updates";
};