apt-get vs. package/version

mkl

4/20/24, 3:54 PM

I have this output of cat /etc/apt/sources.list :

cat /etc/apt/sources.list
deb      http://archive.ubuntu.com/ubuntu jammy main universe multiverse restricted
deb-src  http://archive.ubuntu.com/ubuntu jammy main universe multiverse restricted
deb      http://archive.ubuntu.com/ubuntu jammy-security main universe multiverse restricted
deb-src  http://archive.ubuntu.com/ubuntu jammy-security main universe multiverse restricted
deb      http://archive.ubuntu.com/ubuntu jammy-updates main universe multiverse restricted
deb-src  http://archive.ubuntu.com/ubuntu jammy-updates main universe multiverse restricted
deb      http://archive.ubuntu.com/ubuntu jammy-proposed main universe multiverse restricted
deb-src  http://archive.ubuntu.com/ubuntu jammy-proposed main universe multiverse restricted
deb      http://archive.ubuntu.com/ubuntu jammy-backports main universe multiverse restricted
deb-src  http://archive.ubuntu.com/ubuntu jammy-backports main universe multiverse restricted

If I do this :

sudo apt-get --option 'Dir::Cache="/tmp/nothingthere"' --print-uris install --reinstall qemu-system-gui/jammy-proposed 2>&1 | grep http | grep qemu-system-x86
'http://archive.ubuntu.com/ubuntu/pool/main/q/qemu/qemu-system-x86_6.2%2bdfsg-2ubuntu6.8_amd64.deb' qemu-system-x86_1%3a6.2+dfsg-2ubuntu6.8_amd64.deb 10086894 MD5Sum:cec14bb2b5e45450b98c2b4708817fe9

But using jammy-updates in the place of jammy-proposed I do not get the 6.7 : https://packages.ubuntu.com/search?keywords=qemu-system-gui

Is this a bug ? If it is not, is there a simple way to get the "updates" one without changing the sources.list?

The aim is to know the files from "distribution"-"stream" to provide lists to make decision choices compare to CVE vs. bugs vs. tests vs. delivery risks for our products.

1 + 2

apt

software-sources

22.04

guiverc

4/20/24, 4:11 PM

I don't understand what you are asking; I do see `qemu-system-gui | 1:6.2+dfsg-2ubuntu6.6 | jammy-security | amd64, arm64, armhf, ppc64el, riscv64, s390x` , `qemu-system-gui | 1:6.2+dfsg-2ubuntu6.7 | jammy-updates | amd64, arm64, armhf, ppc64el, riscv64, s390x` , `qemu-system-gui | 1:6.2+dfsg-2ubuntu6.8 | jammy-proposed | amd64, arm64, armhf, ppc64el, riscv64, s390x` available - but again not what you're asking (ie. security, updates & proposed have different versions, which isn't unusual as per https://help.ubuntu.com/community/Repositories/

user535733

4/20/24, 6:27 PM

It seems like you want to know which package versions are patched against which CVEs, and which repositories those patched versions are located in. Is that on the right track?

Score:0

Ubuntu

mkl

4/24/24, 8:50 AM

Sorry but using | grep package-name was hidding us the fact that some dependecies were not met and so apt does not output us no path to no file.

We find other means to accomplish what we wanted to, with a loop on top of changing progressively the sources.list in this order :
"distrib"
"distrib"-security
"distrib"-updates
"distrib"-proposed.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: apt-get vs. package/version

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.