[SOLVED] PVE Upgrade 8 to 9 - Conflicting values set for option Signed-By

R

RainerM

Member
May 12, 2024
19
3
8
Hi all,
I wanted to upgrade PVE 8.4.19 to PVE 9.
I'm running a no-subscription version.

Before I started the upgrade I made sure all updates were installed.

According to
HTML: 
https://pve.proxmox.com/wiki/Upgrade_from_8_to_9

I performed the below steps:
On the console, I checked the kernel: 6.8.12-29-pve and I checked PVE: pve-manager/8.4.19

pve8to9 --full came back without any ERRORS or WARNINGS.
SInce I don't use ceph, I skipped all steps mentioned in the upgrade procedures.

For security I ran
Bash: 
apt update
apt dist-upgrade
pveversion
again from console.
All went fine.

I stopped all VM and CM running.

I modified the sources to trixie by
# Update Debian Base Repositories to Trixie
# Update all Debian and Proxmox VE repository entries to Trixie.
Bash: 
sed -i 's/bookworm/trixie/g' /etc/apt/sources.list
sed -i 's/bookworm/trixie/g' /etc/apt/sources.list.d/pve-enterprise.list

I added the Proxmox VE 9 Repository using the no-subscription versions and deleted the sources.list.
Bash: 
cat > /etc/apt/sources.list.d/proxmox.sources << EOF
Types: deb
URIs: http://download.proxmox.com/debian/pve
Suites: trixie
Components: pve-no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
EOF

rm /etc/apt/sources.list

Same for the ceph repository
Bash: 
cat > /etc/apt/sources.list.d/ceph.sources << EOF
Types: deb
URIs: http://download.proxmox.com/debian/ceph-squid
Suites: trixie
Components: no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
EOF

When I then tried to apt update the server I alwasy get
Bash: 
[B]E: Conflicting values set for option Signed-By regarding source http://download.proxmox.com/debian/pve/ trixie: /usr/share/keyrings/proxmox-archive-keyring.gpg !=
E: The list of sources could not be read.[/B]
Both, ProxMox repository and cep have the same gpg file assigned.

and pve8to9 commes back with
Bash: 
 pve8to9
= CHECKING VERSION INFORMATION FOR PVE PACKAGES =

Checking for package updates..
PASS: all packages up-to-date

Checking proxmox-ve package version..
[B]Conflicting values set for option Signed-By regarding source http://download.proxmox.com/debian/pve/ trixie: /usr/share/keyrings/proxmox-archive-keyring.gpg !=
The list of sources could not be read.
FAIL: unable to retrieve package version information- unable to initialize AptPkg::Cache

FAIL: proxmox-ve package not found![/B]

= CHECKING CLUSTER HEALTH/SETTINGS =

SKIP: standalone node.

= CHECKING HYPER-CONVERGED CEPH STATUS =

SKIP: no hyper-converged ceph setup detected!

= CHECKING CONFIGURED STORAGES =

PASS: storage 'local' enabled and active.
PASS: storage 'local-lvm' enabled and active.
INFO: Checking storage content type configuration..
PASS: no storage content problems found
PASS: no storage re-uses a directory for multiple content types.
INFO: Check for usage of native GlusterFS storage plugin...
PASS: No GlusterFS storage found.
INFO: Checking whether all external RBD storages have the 'keyring' option configured
SKIP: No RBD storage configured.

= VIRTUAL GUEST CHECKS =

INFO: Checking for running guests..
WARN: 2 running guest(s) detected - consider migrating or stopping them.
INFO: Checking if LXCFS is running with FUSE3 library, if already upgraded..
SKIP: not yet upgraded, no need to check the FUSE library version LXCFS uses
INFO: Checking for VirtIO devices that would change their MTU...
PASS: All guest config descriptions fit in the new limit of 8 KiB
INFO: Checking container configs for deprecated lxc.cgroup entries
PASS: No legacy 'lxc.cgroup' keys found.
INFO: Checking VM configurations for outdated machine versions
PASS: All VM machine versions are recent enough

= MISCELLANEOUS CHECKS =

INFO: Checking common daemon services..
PASS: systemd unit 'pveproxy.service' is in state 'active'
PASS: systemd unit 'pvedaemon.service' is in state 'active'
PASS: systemd unit 'pvescheduler.service' is in state 'active'
PASS: systemd unit 'pvestatd.service' is in state 'active'
INFO: Checking for supported & active NTP service..
PASS: Detected active time synchronisation unit 'chrony.service'
INFO: Checking if the local node's hostname 'svProx1' is resolvable..
INFO: Checking if resolved IP is configured on local node..
PASS: Resolved node IP '172.16.1.16' configured and active on single interface.
INFO: Check node certificate's RSA key size
PASS: Certificate 'pve-root-ca.pem' passed Debian Busters (and newer) security level for TLS connections (4096 >= 2048 RSA)
PASS: Certificate 'pve-ssl.pem' passed Debian Busters (and newer) security level for TLS connections (2048 >= 2048 RSA)
INFO: Checking backup retention settings..
PASS: no backup retention problems found.
INFO: checking CIFS credential location..
PASS: no CIFS credentials at outdated location found.
INFO: Checking permission system changes..
INFO: Checking custom role IDs
PASS: no custom roles defined
INFO: Checking node and guest description/note length..
PASS: All node config descriptions fit in the new limit of 64 KiB
INFO: Checking if the suite for the Debian security repository is correct..
PASS: found no suite mismatch
INFO: Checking for existence of NVIDIA vGPU Manager..
PASS: No NVIDIA vGPU Service found.
INFO: Checking bootloader configuration...
SKIP: System booted in legacy-mode - no need for additional packages
INFO: Check for dkms modules...
SKIP: could not get dkms status
INFO: Check for legacy 'filter' or 'group' sections in /etc/pve/notifications.cfg...
PASS: No legacy 'filter' or 'group' sections found!
INFO: Check for legacy 'notification-policy' or 'notification-target' options in /etc/pve/jobs.cfg...
PASS: No legacy 'notification-policy' or 'notification-target' options found!
INFO: Check for LVM autoactivation settings on LVM and LVM-thin storages...
NOTICE: storage 'local-lvm' has guest volumes with autoactivation enabled
NOTICE: Starting with PVE 9, autoactivation will be disabled for new LVM/LVM-thin guest volumes. This system has some volumes that still have autoactivation enabled. All volumes with autoactivations reside on local storage, where this normally does not cause any issues.
You can run the following command to disable autoactivation for existing LVM/LVM-thin guest volumes:

        /usr/share/pve-manager/migrations/pve-lvm-disable-autoactivation

INFO: Checking lvm config for thin_check_options...
PASS: Check for correct thin_check_options passed
INFO: Check space requirements for RRD migration...
PASS: Enough free disk space for increased RRD metric granularity requirements, which is roughly 6.31 MiB.
INFO: Checking for IPAM DB files that have not yet been migrated.
PASS: No legacy IPAM DB found.
PASS: No legacy MAC DB found.
INFO: Checking if the legacy sysctl file '/etc/sysctl.conf' needs to be migrated to new '/etc/sysctl.d/' path.
PASS: Legacy file '/etc/sysctl.conf' exists but does not contain any settings.
INFO: Checking if matching CPU microcode package is installed.
[B]Conflicting values set for option Signed-By regarding source http://download.proxmox.com/debian/pve/ trixie: /usr/share/keyrings/proxmox-archive-keyring.gpg !=
The list of sources could not be read.
FAIL: unable to retrieve package version information- unable to initialize AptPkg::Cache[/B]

WARN: The matching CPU microcode package 'intel-microcode' could not be found! Consider installing it to receive the latest security and bug fixes for your CPU.
        Ensure you enable the 'non-free-firmware' component in the apt sources and run:
        apt install intel-microcode
SKIP: NOTE: Expensive checks, like CT cgroupv2 compat, not performed without '--full' parameter

= SUMMARY =

TOTAL:    44
PASSED:   30
SKIPPED:  7
WARNINGS: 2
FAILURES: 3

ATTENTION: Please check the output for detailed information!
Try to solve the problems one at a time and then run this checklist tool again.

Even
Bash: 
bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/microcode.sh)"
# Install 'deb13u1_amd64.deb' Microcode
and then reboot did not solve the problem or change the pve8to9 output.
pve8to9 still displays the warning about the microcode.

On the Internet I did't find a solution.
Problem is persistant even after ProxMox reboot.

Any idea how to solve the problem ?

Thanks
Rainer
 
Hi @RainerM

thanks for posting in the forum!

I am wondering why you removed the original sources.list with this command
rm /etc/apt/sources.list
This is not part of the upgrade procedure and is most likely the cause of your problems, since you removed all Debian package repos with this.

Please provide the output of the following commands
Code: 
cat /etc/apt/sources.list
cat /etc/apt/sources.list.d/*

Yours sincerely
Jonas
 
  • Like
Reactions: Johannes S
Hi Jonas
maybe that was/is (one) of the reasons for my problem.
I must admit, I think I read somewhere I could remove it or mayby I was just a lot of steps ahead or plainly confused.
Anyhow, my bad.

BTW, I do have a similar pve 8.4.19 server and could use its files.
I showed its content below the horizontal line.

On the server with the problem, '/etc/apt/sources.list' is deleted.
and '/etc/apt/sources.list.d/*' shows:
Bash: 
cat /etc/apt/sources.list.d/*

Types: deb
URIs: http://download.proxmox.com/debian/ceph-squid
Suites: trixie
Components: no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
Types: deb
URIs: http://download.proxmox.com/debian/pve
Suites: trixie
Components: pve-no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
# deb https://enterprise.proxmox.com/debian/pve trixie pve-enterprise
 deb http://download.proxmox.com/debian/pve trixie pve-no-subscription


On my similar server '/etc/apt/sources.list' shows:
Bash: 
cat /etc/apt/sources.list
deb http://ftp.de.debian.org/debian bookworm main contrib

deb http://ftp.de.debian.org/debian bookworm-updates main contrib

# security updates
deb http://security.debian.org bookworm-security main contrib

Bash: 
cat /etc/apt/sources.list.d/*

cat /etc/apt/sources.list.d/*
# deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise
# deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise
deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription

Rainer
 
Ok that makes sense.
Please remove all files in the sources.list.d directory and run the following:
Code: 
cat > /etc/apt/sources.list.d/proxmox.sources << EOF
Types: deb
URIs: http://download.proxmox.com/debian/pve
Suites: trixie
Components: pve-no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
EOF

cat > /etc/apt/sources.list.d/ceph.sources << EOF
Types: deb
URIs: http://download.proxmox.com/debian/ceph-squid
Suites: trixie
Components: no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
EOF

cat > /etc/apt/sources.list.d/debian.sources << EOF
Types: deb                                                                                                                                                 
URIs: http://deb.debian.org/debian/                                                                                                                                 
Suites: trixie trixie-updates                                                                                                                                       
Components: main contrib non-free-firmware                                                                                                                         
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg                                                                                                           
                                                                                                                                                                    
Types: deb                                                                                                                                                 
URIs: http://security.debian.org/debian-security/                                                                                                                   
Suites: trixie-security                                                                                                                                             
Components: main contrib non-free-firmware                                                                                                                         
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
EOF

Then run apt clean && apt update

This should configure the proper Proxmox and Debian sources.
 
Addendum:
To elaborate on the underlying problem for the Conflicting values set for option Signed-By error: There are currently both formats for the Proxmox repository present in the sources.list.d directory, with the old format missing the Signed-By parameter.
 
I removed all files from '/etc/apt/sources.list.d/*' and ran your scripts.

I stopped all CM and VM machines on ProxMox, then ran
apt clean and apt update.

Now pve8to9 only shows the many files to be upgrated.
Even the MicroCode warning does not exist anymore.

I will now run
apt dist-upgrade
 
  • Like
Reactions: j.theisen
So far
Bash: 
apt update
apt dist-upgrade
apt autoremove
# ==> reboot

Bash: 
uname -r
7.0.6-2-pve

pveversion
pve-manager/8.4.19/

Worked, but I'm still on 8.14.19.

I have about 110 files which are held back from Updating.
Bash: 
apt list --upgradeable
Listing... Done
apparmor/stable 4.1.1-pmx1 amd64 [upgradable from: 3.0.8-3]
bind9-dnsutils/stable-security 1:9.20.23-1~deb13u1 amd64 [upgradable from: 1:9.18.49-1~deb12u1]
bind9-host/stable-security 1:9.20.23-1~deb13u1 amd64 [upgradable from: 1:9.18.49-1~deb12u1]
bind9-libs/stable-security 1:9.20.23-1~deb13u1 amd64 [upgradable from: 1:9.18.49-1~deb12u1]
ceph-common/stable 19.2.3-pve4 amd64 [upgradable from: 17.2.7-pve3]
ceph-fuse/stable 19.2.3-pve4 amd64 [upgradable from: 17.2.7-pve3]
corosync/stable 3.1.10-pve2 amd64 [upgradable from: 3.1.10-pve2~bpo12+1]
dmeventd/stable 2:1.02.205-2+pmx1 amd64 [upgradable from: 2:1.02.185-2]
dmsetup/stable 2:1.02.205-2+pmx1 amd64 [upgradable from: 2:1.02.185-2]
gnutls-bin/stable-security 3.8.9-3+deb13u4 amd64 [upgradable from: 3.7.9-2+deb12u7]
grub-common/stable 2.12-9+pmx2 amd64 [upgradable from: 2.06-13+pmx7]
grub-efi-amd64-bin/stable 2.12-9+pmx2 amd64 [upgradable from: 2.06-13+pmx7]
grub-efi-amd64-signed/stable 1+2.12+9+pmx2 amd64 [upgradable from: 1+2.06+13+pmx7]
grub-pc-bin/stable 2.12-9+pmx2 amd64 [upgradable from: 2.06-13+pmx7]
grub-pc/stable 2.12-9+pmx2 amd64 [upgradable from: 2.06-13+pmx7]
grub2-common/stable 2.12-9+pmx2 amd64 [upgradable from: 2.06-13+pmx7]
inetutils-telnet/stable-security 2:2.6-3+deb13u3 amd64 [upgradable from: 2:2.4-2+deb12u3]
libapparmor1/stable 4.1.1-pmx1 amd64 [upgradable from: 3.0.8-3]
libcephfs2/stable 19.2.3-pve4 amd64 [upgradable from: 17.2.7-pve3]
libcrypt-openssl-rsa-perl/stable 0.35-1.1 amd64 [upgradable from: 0.33-3+b1]
libdevmapper-event1.02.1/stable 2:1.02.205-2+pmx1 amd64 [upgradable from: 2:1.02.185-2]
libdevmapper1.02.1/stable 2:1.02.205-2+pmx1 amd64 [upgradable from: 2:1.02.185-2]
libgcrypt20/stable-security 1.11.0-7+deb13u1 amd64 [upgradable from: 1.10.1-3+deb12u1]
libgssapi-krb5-2/stable-security 1.21.3-5+deb13u1 amd64 [upgradable from: 1.20.1-2+deb12u5]
libgstreamer-plugins-base1.0-0/stable-security 1.26.2-1+deb13u1 amd64 [upgradable from: 1.22.0-3+deb12u6]
libjson-xs-perl/stable-security 4.040-1~deb13u1 amd64 [upgradable from: 4.040-1~deb12u1]
libk5crypto3/stable-security 1.21.3-5+deb13u1 amd64 [upgradable from: 1.20.1-2+deb12u5]
libkrb5-3/stable-security 1.21.3-5+deb13u1 amd64 [upgradable from: 1.20.1-2+deb12u5]
libkrb5support0/stable-security 1.21.3-5+deb13u1 amd64 [upgradable from: 1.20.1-2+deb12u5]
libldb2/stable-security 2:2.11.0+samba4.22.8+dfsg-0+deb13u2 amd64 [upgradable from: 2:2.6.2+samba4.17.12+dfsg-0+deb12u4]
liblvm2cmd2.03/stable 2.03.31-2+pmx1 amd64 [upgradable from: 2.03.16-2]
libnss-systemd/stable 257.13-1~deb13u1 amd64 [upgradable from: 252.39-1~deb12u2]
libnvpair3linux/stable 2.4.2-pve1 amd64 [upgradable from: 2.2.9-pve1]
libpam-systemd/stable 257.13-1~deb13u1 amd64 [upgradable from: 252.39-1~deb12u2]
libproxmox-backup-qemu0/stable 2.0.2 amd64 [upgradable from: 1.5.2]
libproxmox-rs-perl/stable 0.4.1 all [upgradable from: 0.3.5]
libpve-access-control/stable 9.1.1 all [upgradable from: 8.2.3]
libpve-http-server-perl/stable 6.0.5 all [upgradable from: 5.2.2]
libpve-network-api-perl/stable 1.6.6 all [upgradable from: 0.11.3]
libpve-network-perl/stable 1.6.6 all [upgradable from: 0.11.3]
libpve-rs-perl/stable 0.15.3 amd64 [upgradable from: 0.9.4]
libpve-u2f-server-perl/stable 1.2.1 amd64 [upgradable from: 1.2.0]
librabbitmq4/stable-security 0.15.0-1+deb13u1 amd64 [upgradable from: 0.11.0-1+deb12u1]
librados2-perl/stable 1.5.0 amd64 [upgradable from: 1.4.1]
librados2/stable 19.2.3-pve4 amd64 [upgradable from: 17.2.7-pve3]
libradosstriper1/stable 19.2.3-pve4 amd64 [upgradable from: 17.2.7-pve3]
librbd1/stable 19.2.3-pve4 amd64 [upgradable from: 17.2.7-pve3]
librgw2/stable 19.2.3-pve4 amd64 [upgradable from: 17.2.7-pve3]
librrds-perl/stable 1.7.2-4.2+pve4 amd64 [upgradable from: 1.7.2-4+b8]
libsystemd-shared/stable 257.13-1~deb13u1 amd64 [upgradable from: 252.39-1~deb12u2]
libsystemd0/stable 257.13-1~deb13u1 amd64 [upgradable from: 252.39-1~deb12u2]
libtalloc2/stable-security 2:2.4.3+samba4.22.8+dfsg-0+deb13u2 amd64 [upgradable from: 2.4.0-f2]
libtpms0/stable 0.9.7+pve2 amd64 [upgradable from: 0.9.7+pve1]
libudev1/stable 257.13-1~deb13u1 amd64 [upgradable from: 252.39-1~deb12u2]
libunbound8/stable-security 1.22.0-2+deb13u3 amd64 [upgradable from: 1.17.1-2+deb12u4]
libuutil3linux/stable 2.4.2-pve1 amd64 [upgradable from: 2.2.9-pve1]
libwbclient0/stable-security 2:4.22.8+dfsg-0+deb13u2 amd64 [upgradable from: 2:4.17.12+dfsg-0+deb12u4]
libxml-parser-perl/stable-security 2.47-2~deb13u1 amd64 [upgradable from: 2.46-4+deb12u1]
libxml2/stable-security 2.12.7+dfsg+really2.9.14-2.1+deb13u1 amd64 [upgradable from: 2.9.14+dfsg-1.3~deb12u5]
libxslt1.1/stable-security 1.1.35-1.2+deb13u2 amd64 [upgradable from: 1.1.35-1+deb12u4]
lvm2/stable 2.03.31-2+pmx1 amd64 [upgradable from: 2.03.16-2]
lxc-pve/stable 7.0.0-2 amd64 [upgradable from: 6.0.0-2]
lxcfs/stable 7.0.0-pve1 amd64 [upgradable from: 6.0.0-pve2]
openssh-client/stable-security 1:10.0p1-7+deb13u2 amd64 [upgradable from: 1:9.2p1-2+deb12u10]
openssh-server/stable-security 1:10.0p1-7+deb13u2 amd64 [upgradable from: 1:9.2p1-2+deb12u10]
openssh-sftp-server/stable-security 1:10.0p1-7+deb13u2 amd64 [upgradable from: 1:9.2p1-2+deb12u10]
openssl/stable-security 3.5.6-1~deb13u2 amd64 [upgradable from: 3.0.20-1~deb12u2]
proxmox-backup-client/stable 4.2.1-1 amd64 [upgradable from: 3.4.7-1]
proxmox-backup-file-restore/stable 4.2.1-1 amd64 [upgradable from: 3.4.7-1]
proxmox-firewall/stable 1.2.3 amd64 [upgradable from: 0.7.1]
proxmox-mail-forward/stable 1.0.3 amd64 [upgradable from: 0.3.3]
proxmox-mini-journalreader/stable 1.6 amd64 [upgradable from: 1.5]
proxmox-offline-mirror-helper/stable 0.7.4 amd64 [upgradable from: 0.6.8]
proxmox-termproxy/stable 2.1.0 amd64 [upgradable from: 1.1.1]
proxmox-ve/stable 9.2.0 all [upgradable from: 8.4.0]
proxmox-websocket-tunnel/stable 1.0.0 amd64 [upgradable from: 0.2.0-1]
pve-cluster/stable 9.1.6 amd64 [upgradable from: 8.1.3]
pve-container/stable 6.1.10 all [upgradable from: 5.3.5]
pve-esxi-import-tools/stable 1.0.1 amd64 [upgradable from: 0.7.4]
pve-firewall/stable 6.0.4 amd64 [upgradable from: 5.1.2]
pve-ha-manager/stable 5.2.4 amd64 [upgradable from: 4.0.7]
pve-lxc-syscalld/stable 2.0.2 amd64 [upgradable from: 1.3.0]
pve-manager/stable 9.2.3 all [upgradable from: 8.4.19]
pve-qemu-kvm/stable 11.0.0-4 amd64 [upgradable from: 9.2.0-7]
python3-ceph-argparse/stable 19.2.3-pve4 all [upgradable from: 17.2.7-pve3]
python3-ceph-common/stable 19.2.3-pve4 all [upgradable from: 17.2.7-pve3]
python3-cephfs/stable 19.2.3-pve4 amd64 [upgradable from: 17.2.7-pve3]
python3-rados/stable 19.2.3-pve4 amd64 [upgradable from: 17.2.7-pve3]
python3-rbd/stable 19.2.3-pve4 amd64 [upgradable from: 17.2.7-pve3]
python3-rgw/stable 19.2.3-pve4 amd64 [upgradable from: 17.2.7-pve3]
qemu-server/stable 9.1.16 amd64 [upgradable from: 8.4.8]
rrdcached/stable 1.7.2-4.2+pve4 amd64 [upgradable from: 1.7.2-4+b8]
rsync/stable-security 3.4.1+ds1-5+deb13u3 amd64 [upgradable from: 3.2.7-1+deb12u5]
samba-common/stable-security 2:4.22.8+dfsg-0+deb13u2 all [upgradable from: 2:4.17.12+dfsg-0+deb12u4]
samba-libs/stable-security 2:4.22.8+dfsg-0+deb13u2 amd64 [upgradable from: 2:4.17.12+dfsg-0+deb12u4]
smartmontools/stable 7.5-pve2 amd64 [upgradable from: 7.3-pve1]
smbclient/stable-security 2:4.22.8+dfsg-0+deb13u2 amd64 [upgradable from: 2:4.17.12+dfsg-0+deb12u4]
spiceterm/stable 3.4.2 amd64 [upgradable from: 3.3.1]
ssh/stable-security 1:10.0p1-7+deb13u2 all [upgradable from: 1:9.2p1-2+deb12u10]
swtpm-libs/stable 0.8.0+pve3 amd64 [upgradable from: 0.8.0+pve1]
swtpm-tools/stable 0.8.0+pve3 amd64 [upgradable from: 0.8.0+pve1]
swtpm/stable 0.8.0+pve3 amd64 [upgradable from: 0.8.0+pve1]
systemd-sysv/stable 257.13-1~deb13u1 amd64 [upgradable from: 252.39-1~deb12u2]
systemd/stable 257.13-1~deb13u1 amd64 [upgradable from: 252.39-1~deb12u2]
udev/stable 257.13-1~deb13u1 amd64 [upgradable from: 252.39-1~deb12u2]
vncterm/stable 1.9.2 amd64 [upgradable from: 1.8.2]
xsltproc/stable-security 1.1.35-1.2+deb13u2 amd64 [upgradable from: 1.1.35-1+deb12u4]
zfs-initramfs/stable 2.4.2-pve1 all [upgradable from: 2.2.9-pve1]
zfs-zed/stable 2.4.2-pve1 amd64 [upgradable from: 2.2.9-pve1]
zfsutils-linux/stable 2.4.2-pve1 amd64 [upgradable from: 2.2.9-pve1]

And a new
Bash: 
apt update
apt upgrade
apt dist-upgrade

Bash: 
apt policy
Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 http://download.proxmox.com/debian/pve trixie/pve-no-subscription amd64 Packages
     release o=Proxmox,a=stable,n=trixie,l=Proxmox Debian Repository,c=pve-no-subscription,b=amd64
     origin download.proxmox.com
 500 http://security.debian.org/debian-security trixie-security/non-free-firmware amd64 Packages
     release v=13,o=Debian,a=stable-security,n=trixie-security,l=Debian-Security,c=non-free-firmware,b=amd64
     origin security.debian.org
 500 http://security.debian.org/debian-security trixie-security/main amd64 Packages
     release v=13,o=Debian,a=stable-security,n=trixie-security,l=Debian-Security,c=main,b=amd64
     origin security.debian.org
 500 http://download.proxmox.com/debian/ceph-squid trixie/no-subscription amd64 Packages
     release o=Proxmox,a=stable,n=trixie,l=Proxmox Ceph 19 Squid Debian Repository,c=no-subscription,b=amd64
     origin download.proxmox.com
Pinned packages:
All show the same.
Upgradeable, but held back.
All tell the files are held back from upgrade.

Any idea ?
 
And after dist-upgrade
pve8to9 now shows one warning:
Bash: 
pve8to9
= CHECKING VERSION INFORMATION FOR PVE PACKAGES =

Checking for package updates..
WARN: updates for the following packages are available:
  librados2, libssl3t64, dmeventd, udev, ceph-fuse, bind9-host, libgssapi-krb5-2, openssh-client, libssl3t64, libpve-rs-perl, libssl3t64, corosync, libknet1t64, libnozzle1t64, rrdcached, librrd8t64, zfs-zed, libzfs7linux, libldb2, libtevent0t64, proxmox-websocket-tunnel, libssl3t64, libpam-systemd, zfs-initramfs, ssh, pve-qemu-kvm, libgnutls30t64, libnvpair3linux, xsltproc, proxmox-mail-forward, libssl3t64, python3-ceph-common, librbd1, libssl3t64, pve-ha-manager, grub-pc-bin, lxcfs, swtpm-libs, libssl3t64, pve-lxc-syscalld, apparmor, libproxmox-backup-qemu0, libssl3t64, swtpm-tools, libgnutls30t64, libssl3t64, librgw2, libssl3t64, libuutil3linux, librrds-perl, librrd8t64, ceph-common, libssl3t64, liblvm2cmd2.03, libsystemd0, libnss-systemd, libapparmor1, libwbclient0, vncterm, libgnutls30t64, openssh-server, libssl3t64, libkrb5support0, swtpm, libxml2, pve-cluster, librrd8t64, systemd, libssl3t64, libproxmox-rs-perl, libudev1, libcrypt-openssl-rsa-perl, libssl3t64, proxmox-ve, lxc-pve, proxmox-backup-file-restore, libssl3t64, python3-cephfs, lvm2, pve-esxi-import-tools, libssl3t64, libcephfs2, libkrb5-3, libssl3t64, qemu-server, libpve-access-control, pve-container, libgcrypt20, inetutils-telnet, bind9-dnsutils, proxmox-offline-mirror-helper, libssl3t64, libk5crypto3, grub-efi-amd64-signed, dmsetup, libtpms0, libssl3t64, gnutls-bin, libgnutls-dane0t64, libgnutls30t64, rsync, libssl3t64, libxslt1.1, libunbound8, libssl3t64, libradosstriper1, proxmox-backup-client, libssl3t64, libdevmapper-event1.02.1, libpve-network-api-perl, grub-efi-amd64-bin, grub-efi-amd64-unsigned, grub2-common, proxmox-mini-journalreader, smartmontools, python3-rbd, python3-rgw, smbclient, libgnutls30t64, libsmbclient0, libtevent0t64, libpve-http-server-perl, proxmox-firewall, libssl3t64, pve-manager, proxmox-enterprise-support-keyring, pve-yew-mobile-gui, openssh-sftp-server, libpve-network-perl, grub-common, bind9-libs, libssl3t64, samba-libs, libgnutls30t64, libtevent0t64, libsystemd-shared, libssl3t64, librabbitmq4, libssl3t64, librados2-perl, systemd-sysv, samba-common, pve-firewall, libjson-xs-perl, libxml-parser-perl, libgstreamer-plugins-base1.0-0, python3-ceph-argparse, libtalloc2, grub-pc, libpve-u2f-server-perl, libdevmapper1.02.1, spiceterm, zfsutils-linux, libssl3t64, libzfs7linux, libzpool7linux, openssl, libssl3t64, proxmox-termproxy, python3-rados

Checking proxmox-ve package version..
PASS: proxmox-ve package has version >= 8.4-0

Checking running kernel version..
WARN: unexpected running and installed kernel '7.0.6-2-pve'.

= CHECKING CLUSTER HEALTH/SETTINGS =

SKIP: standalone node.
.
.
.

I must admit I had hoped apt would upgrade the kernel and pve at the same time
 
That's odd.
RainerM said:
I must admit I had hoped apt would upgrade the kernel and pve at the same time
Click to expand...
That is the intended behavior yes.

Please run the following command and post the output:
apt install -s proxmox-ve

This will simulate a manual install / upgrade of the proxmox-ve package, which should tell us what package is holding back the upgrade.
 
Bash: 
apt install -s proxmox-ve
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 pve-manager : Depends: libproxmox-rs-perl (>= 0.4~) but 0.3.5 is to be installed
               Depends: libpve-access-control (>= 9.1.1~) but 8.2.3 is to be installed
               Depends: libpve-http-server-perl (>= 6.0.3) but 5.2.2 is to be installed
               Depends: libpve-network-api-perl (>= 1.6.0) but 0.11.3 is to be installed
               Depends: libpve-network-perl (>= 1.6.5) but 0.11.3 is to be installed
               Depends: libpve-rs-perl (>= 0.15.3) but 0.9.4 is to be installed
               Depends: proxmox-termproxy (>= 2.1.0~) but 1.1.1 is to be installed
               Depends: pve-cluster (>= 9.0.1) but 8.1.3 is to be installed
               Depends: pve-container (>= 6.1.6) but 5.3.5 is to be installed
               Depends: pve-ha-manager (>= 5.2.3) but 4.0.7 is to be installed
               Depends: sqv but it is not installable
               Depends: vncterm (>= 1.9.2~) but 1.8.2 is to be installed
               Recommends: skopeo but it is not installable
 qemu-server : Depends: conntrack but it is not installable
               Depends: libclass-methodmaker-perl but it is not installable
               Depends: libpve-access-control (>= 9.0.7~) but 8.2.3 is to be installed
               Depends: libpve-rs-perl (>= 0.14.0) but 0.9.4 is to be installed
               Depends: proxmox-termproxy (>= 2.1.0) but 1.1.1 is to be installed
               Depends: pve-firewall (>= 6.0.3) but 5.1.2 is to be installed
               Depends: pve-ha-manager (>= 5.0.3) but 4.0.7 is to be installed
               Depends: libc6 (>= 2.38) but 2.36-9+deb12u14 is to be installed
               Depends: libglib2.0-0t64 (>= 2.12.0) but it is not installable
E: Unable to correct problems, you have held broken packages.
 
Sorry this is my bad. I missed in your apt policy output, that the deb.debian.org sources are missing.
Please check again the file /etc/apt/sources.list.d/debian.sources and make sure that the following entries are present:

Code: 
Types: deb deb-src
URIs: http://deb.debian.org/debian/
Suites: trixie trixie-updates
Components: main contrib non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb deb-src
URIs: http://security.debian.org/debian-security/
Suites: trixie-security
Components: main contrib non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

EDIT: Please also note the added deb-src in the Types section of both repositories.
 
Last edited:
After
Bash: 
apt update
apt upgrade
and
Bash: 
apt dist-upgrade

the server is now on
Bash: 
uname -r
7.0.6-2-pve

pveversion
pve-manager/9.2.3/d0fde103346cf89a (running kernel: 7.0.6-2-pve)
which seems perfect.

But again running
Bash: 
apt update

Hit:1 http://download.proxmox.com/debian/ceph-squid trixie InRelease
Hit:2 http://security.debian.org/debian-security trixie-security InRelease
Hit:3 http://download.proxmox.com/debian/pve trixie InRelease
Hit:4 http://deb.debian.org/debian trixie InRelease
Hit:5 http://deb.debian.org/debian trixie-updates InRelease
Err:6 https://enterprise.proxmox.com/debian/pve trixie InRelease
  401  Unauthorized [IP: 45.84.67.184 443]
Error: Failed to fetch https://enterprise.proxmox.com/debian/pve/dists/trixie/InRelease  401  Unauthorized [IP: 45.84.67.184 443]
Error: The repository 'https://enterprise.proxmox.com/debian/pve trixie InRelease' is not signed.
Notice: Updating from such a repository can't be done securely, and is therefore disabled by default.
Notice: See apt-secure(8) manpage for repository creation and user configuration details.
root@svProx1:~# apt upgrade
Summary:
  Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0
root@svProx1:~# apt dist-upgrade
Summary:
  Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0
root@svProx1:~#
showed the above Error.

In pve-enterprise.sources I found the enterprise version selected
Bash: 
/etc/apt/sources.list.d/pve-enterprise.sources

Types: deb
URIs: https://enterprise.proxmox.com/debian/pve
Suites: trixie
Components: pve-enterprise
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg

and swapped it against the no subscription version
Bash: 
Types: deb
URIs: http://download.proxmox.com/debian/pve
Suites: trixie
Components: pve-no-subscription
Signed-By: /usr/share/keyrings/proxmox-archive-keyring.gpg
and ran an update again.

Now I get
Bash: 
apt-update
Hit:1 http://deb.debian.org/debian trixie InRelease
Hit:2 http://download.proxmox.com/debian/ceph-squid trixie InRelease
Hit:3 http://security.debian.org/debian-security trixie-security InRelease
Hit:4 http://deb.debian.org/debian trixie-updates InRelease
Hit:5 http://download.proxmox.com/debian/pve trixie InRelease
All packages are up to date.
Warning: Target Packages (pve-no-subscription/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/proxmox.sources:1 and /etc/apt/sources.list.d/pve-enterprise.sources:1
Warning: Target Packages (pve-no-subscription/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/proxmox.sources:1 and /etc/apt/sources.list.d/pve-enterprise.sources:1
Warning: Target Translations (pve-no-subscription/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list.d/proxmox.sources:1 and /etc/apt/sources.list.d/pve-enterprise.sources:1
Warning: Target Translations (pve-no-subscription/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/proxmox.sources:1 and /etc/apt/sources.list.d/pve-enterprise.sources:1
Warning: Target Packages (pve-no-subscription/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/proxmox.sources:1 and /etc/apt/sources.list.d/pve-enterprise.sources:1
Warning: Target Packages (pve-no-subscription/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/proxmox.sources:1 and /etc/apt/sources.list.d/pve-enterprise.sources:1
Warning: Target Translations (pve-no-subscription/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list.d/proxmox.sources:1 and /etc/apt/sources.list.d/pve-enterprise.sources:1
Warning: Target Translations (pve-no-subscription/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/proxmox.sources:1 and /etc/apt/sources.list.d/pve-enterprise.sources:1
the above output.

Would it perhaps make sense to
apt clean
apt update
the server again ?

What is the correct way, since I don't have a enterprise subscription ?
Anything else what needs to be done ?
 
Perfect, glad the upgrade finally worked.

Yes this is expected behavior after a major pve-manager update.
You can safely remove the pve-enterprise.sources file.

After that apt update should return no errors.
 
I deleted pve-enterprise.sources.

The server kernel and pve is updated.

Now
Bash: 
apt update
apt upgrade
# and
apt dist-upgrade
works perfectly

Thank you very much for your support
 
Bash: 
# man apt-get | grep -A3 -- "--update"
       -U, --update
           Run the update command before the specified command. This is supported for commands installing, removing, or upgrading packages such as install, remove, safe-upgrade, full-upgrade. This can be useful to ensure a command always installs the latest versions,
           or, in combination with the --snapshot option to make sure the snapshot is present when install is being run.
apt supports many options that apt-get does but doesn't always document them.
 
Last edited:
  • Like
Reactions: Onslow
Thank you very much for letting me know.
I wasn’t aware of that.

I won’t be using apt upgrade anymore.

(BTW: Because of these limitations, I usually only use the graphical interface.)
 
You must log in or register to reply here.
Top Bottom
Back