0

I recently ran apt-get update on a server, and the output suggested it was installing a bunch of new packages. What could be the reason for this? Should I be worried?

Reading package lists...
Building dependency tree...
Reading state information...
Reading extended state information...
Initializing package states...
Reading task descriptions...
Building tag database...
Resolving dependencies...
The following NEW packages will be installed:
  adwaita-icon-theme{a} at-spi2-core{a} colord{a} colord-data{a} 
  gconf-gsettings-backend{a} glib-networking{a} glib-networking-common{a} 
  glib-networking-services{a} gsettings-desktop-schemas{a} 
  libatk-bridge2.0-0{a} libatspi2.0-0{a} libcairo-gobject2{a} libcolord2{a} 
  libcolorhug2{a} libcroco3{a} libexif12{a} libfile-copy-recursive-perl{a} 
  libgphoto2-6{a} libgphoto2-l10n{a} libgphoto2-port10{a} libgtk-3-0{a} 
  libgtk-3-bin{a} libgtk-3-common{a} libgudev-1.0-0{a} libgusb2{a} 
  libieee1284-3{a} libjson-glib-1.0-0{a} libjson-glib-1.0-common{a} 
  libpam-systemd{a} libpolkit-agent-1-0{a} libpolkit-backend-1-0{a} 
  libpolkit-gobject-1-0{a} libproxy1{a} librest-0.7-0{a} librsvg2-2{a} 
  librsvg2-common{a} libsane{a} libsane-common{a} libsane-extras{a} 
  libsane-extras-common{a} libsoup-gnome2.4-1{a} libsoup2.4-1{a} 
  libv4l-0{a} libv4lconvert0{a} libwayland-client0{a} libwayland-cursor0{a} 
  libxkbcommon0{a} policykit-1{a} sane-utils{a} update-inetd{a} 
The following packages will be upgraded:
  curl libcurl3 libcurl3-gnutls libicu52 libvorbis0a libvorbisenc2 
  libvorbisfile3 openjdk-8-jre openjdk-8-jre-headless openssl tzdata 
11 packages upgraded, 50 newly installed, 0 to remove and 0 not upgraded.
...

The command was run using an ansible module, so the exact incantation is unclear, but I wouldn't expect this to ever happen

grahamrhay
  • 131
  • 3
  • the ansible docs suggest it may have called ```aptitude safe-upgrade``` rather than ```apt-get upgrade``` – grahamrhay Apr 10 '18 at 16:16
  • 1
    That doesn't look right. Most of those packages relate to GUI components, which generally should not be present on a server. And I can't think of anything in the upgraded packages which would pull them in as a dependency. – Michael Hampton Apr 10 '18 at 16:29
  • I haven't been able to find a repeatable case, but I had the ansible apt module seriously break a system once. Something about the package cache update (`update_cache`) had partly failed for the stable+main source. The upgrade which was just supposed to be security updates, pulled in a bunch of crap from backports and a 3rd party repo. – Zoredache Apr 10 '18 at 17:24

1 Answers1

5

Seems like the upgrade to the openjdk-8-jre package might be the culprit - it seems to depend on libgtk-3-0, which then depends on all those others.

I guess someone added a dependency, thanks Java.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251