If you use third party APT sources you might end up with unmaintained packages after removing the external source or performing a dist-upgrade. The reason for this is how external sources overwrite official package versions.
apt-forktracer
Show archive.org snapshot
helps you to identify such packages:
APT will not warn you when newer versions of official packages (point releases, security updates) will appear in the stable release. This means you may miss some important change.
Example output
This is the output of apt-forktracer | sort after upgrading to Ubuntu 20.04:
haproxy (2.4.19-1ppa1~focal) [LP-PPA-vbernat-haproxy-2.4: 2.4.19-1ppa1~focal] [Ubuntu: 2.0.29-0ubuntu1 2.0.13-2ubuntu0.5 2.0.13-2]
libreadline7 (7.0-3)
libsodium23 (1.0.18-1+ubuntu18.04.1+deb.sury.org+1) [Ubuntu: 1.0.18-1]
libssl1.1 (1.1.1j-1+ubuntu18.04.1+deb.sury.org+3) [Ubuntu: 1.1.1f-1ubuntu2.16 1.1.1f-1ubuntu2.16 1.1.1f-1ubuntu2]
openssl (1.1.1j-1+ubuntu18.04.1+deb.sury.org+3) [Ubuntu: 1.1.1f-1ubuntu2.16 1.1.1f-1ubuntu2.16 1.1.1f-1ubuntu2]
php7.4-cli (1:7.4.32-1+ubuntu20.04.1+deb.sury.org+2) [LP-PPA-ondrej-php: 1:7.4.32-1+ubuntu20.04.1+deb.sury.org+2] [Ubuntu: 7.4.3-4ubuntu2.13 7.4.3-4ubuntu2.12 7.4.3-4ubuntu1]
postgresql-client (15+244.pgdg20.04+1) [apt.postgresql.org: 15+244.pgdg20.04+1] [Ubuntu: 12+214ubuntu0.1 12+214ubuntu0.1 12+214]
postgresql-client-15 (15.0-1.pgdg20.04+1) [apt.postgresql.org: 15.0-1.pgdg20.04+1]
puppet-agent (7.20.0-1focal) [Puppetlabs: 7.20.0-1focal 7.19.0-1focal 7.18.0-1focal 7.17.0-1focal 7.16.0-1focal 7.15.0-1focal 7.14.0-1focal 7.13.1-1focal 7.12.1-1focal 7.12.0-1focal 7.11.0-1focal 7.10.0-1focal 7.9.0-1focal 7.8.0-1focal 7.7.0-1focal 7.6.1-1focal 7.5.0-1focal 7.4.1-1focal 7.4.0-1focal 7.3.0-1focal 7.1.0-1focal 7.0.0-1focal]
Lets see how to handle the results:
| Package | Installed version | Desired version | Reason |
|---|---|---|---|
| haproxy | 2.4.19-1ppa1~focal | 2.4.19-1ppa1~focal | We want the newer version from the PPA. |
| libreadline7 | 7.0-3 | n/a | No sources for this package. We want to get rid of it. |
| libsodium23 | 1.0.18-1+ubuntu18.04.1+deb.sury.org+1 | 1.0.18-1 | We want to switch to the official Ubuntu package. This package was intended for Ubuntu 18.04. |
| libssl1.1 | 1.1.1j-1+ubuntu18.04.1+deb.sury.org+3 | 1.1.1f-1ubuntu2.16 | We want to switch to the official Ubuntu package. The newer version was only required on Ubuntu 18.04. |
| openssl | 1.1.1j-1+ubuntu18.04.1+deb.sury.org+3 | 1.1.1f-1ubuntu2.16 | We want to switch to the official Ubuntu package. The newer version was only required on Ubuntu 18.04. |
| php7.4-cli | 7.4.32-1+ubuntu20.04.1+deb.sury.org+2 | 7.4.32-1+ubuntu20.04.1+deb.sury.org+2 | We want the newer version from the PPA. |
| postgresql-client | 15+244.pgdg20.04+1 | 15+244.pgdg20.04+1 | We want the newer version from the PPA. |
| postgresql-client-15 | 15.0-1.pgdg20.04+1 | 15.0-1.pgdg20.04+1 | We want the use this version because Ubuntu does not offer this package. |
| puppet-agent | 7.20.0-1focal | 7.20.0-1focal | We're using the latest version of the PPA. |
As you see we would end up with soon to be outdated openssl and libssl packages from an external PPA for an old Ubuntu release.
Why is a package picked?
Run apt policy $PACKAGE to find out why a package is picked. Maybe it is pinned on purpose.
Example fixes
To fix the packages from above we need to:
# Switch to the official Ubuntu sources
# APT will tell you that this is a downgrade
sudo apt install libsodium23=1.0.18-1 libssl1.1=1.1.1f-1ubuntu2.16 openssl=1.1.1f-1ubuntu2.16
# Remove the unavailable package
sudo apt purge libreadline7
