Upgrading PVE Tries to Remove proxmox-ve package

[Dan15]

It won't check/resolve dependency problems. It will upgrade stuff and then you are stuck with incompatible versions. Only apt dist-upgrade and apt full-upgrade are safe.

full-upgrade/dist-upgrade is usually more dangerous than upgrade. The only difference between upgrade and full-upgrade is that full-upgrade will remove packages that are no longer compatible if it means that more packages can be upgraded, whereas upgrade will hold back the incompatible packages and any required dependencies. Both have their use cases.

Upgrade **does** check dependencies and will refuse to upgrade if they're not fulfillable. The dependency resolution is identical across both - the only difference is holding back old packages vs deleting them.

You generally shouldn't use dist-upgrade day-to-day, since it's safer to keep an old version of a package than delete it. It's mainly for major version upgrades.

With either one, you need to read the output carefully. Don't blindly upgrade. Never versions of apt (only available in Debian testing until the next major version is out) clean up the output to make it easier to read.

 

[Spaneta]

A little feedback from my side ...

- Workaround with hold package seems OK but kept back 6 packages currently.
- Solution with manual wget + dpkg seems OK and no more updates are visible or held back.
- Third solution to add the test repo is OK _IF_ you pay attention to it containing qemu version 9 so either you install latest "proxmox-backup-client" (and related "proxmox-backup-file-restore") and disable the test repo or you hold "pve-qemu-kvm" for the time the test repo is enabled and you do the update + dist-upgrade, wich I did this way and seems also OK.

EDIT: readability + typos

EDIT2: the 3 nodes are in the same cluster - each with different workaround - and live migrate VM's (stored on NFS share) seems alright between them.

 

[STLJonny]

Some of you are saying, "don't run 'apt upgrade'". Some are saying, "don't run 'apt dist-upgrade'"". Some are saying, "don't run 'apt full-upgrade'".

Which is it? Cause if I run a 'apt dist-upgrade', it shows it will remove some crucial packages on my system.

P.S. I don't have the current issue, but was just checking to see what needed updating, saw what seemed like critical packages saying they would be removed and came here & stumbled across this thread.

root@pve:~# apt dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
  proxmox-firewall proxmox-kernel-6.5.13-1-pve-signed
Use 'apt autoremove' to remove them.
The following packages will be REMOVED:
  proxmox-ve pve-manager
The following NEW packages will be installed:
  proxmox-kernel-6.8.8-1-pve-signed
The following packages have been kept back:
  pve-container
The following packages will be upgraded:
  libnvpair3linux libpve-cluster-api-perl libpve-cluster-perl libpve-guest-common-perl libpve-notify-perl
  libpve-rs-perl libpve-storage-perl libuutil3linux libzfs4linux libzpool5linux proxmox-kernel-6.8 pve-cluster
  pve-esxi-import-tools pve-firmware pve-ha-manager shim-signed shim-signed-common spl zfs-initramfs zfs-zed
  zfsutils-linux
21 upgraded, 1 newly installed, 2 to remove and 1 not upgraded.
Need to get 244 MB of archives.
After this operation, 579 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.
root@pve:~#

 

[DJB-WSM]

Some of you are saying, "don't run 'apt upgrade'". Some are saying, "don't run 'apt dist-upgrade'"". Some are saying, "don't run 'apt full-upgrade'".

Which is it? Cause if I run a 'apt dist-upgrade', it shows it will remove some crucial packages on my system.

P.S. I don't have the current issue, but was just checking to see what needed updating, saw what seemed like critical packages saying they would be removed and came here & stumbled across this thread.

root@pve:~# apt dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
  proxmox-firewall proxmox-kernel-6.5.13-1-pve-signed
Use 'apt autoremove' to remove them.
The following packages will be REMOVED:
  proxmox-ve pve-manager
The following NEW packages will be installed:
  proxmox-kernel-6.8.8-1-pve-signed
The following packages have been kept back:
  pve-container
The following packages will be upgraded:
  libnvpair3linux libpve-cluster-api-perl libpve-cluster-perl libpve-guest-common-perl libpve-notify-perl
  libpve-rs-perl libpve-storage-perl libuutil3linux libzfs4linux libzpool5linux proxmox-kernel-6.8 pve-cluster
  pve-esxi-import-tools pve-firmware pve-ha-manager shim-signed shim-signed-common spl zfs-initramfs zfs-zed
  zfsutils-linux
21 upgraded, 1 newly installed, 2 to remove and 1 not upgraded.
Need to get 244 MB of archives.
After this operation, 579 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.
root@pve:~#

Dont do anything yet!!! Wait for the Proxmox team to resolve and then you can just do apt update & upgrade

 

[STLJonny]

Dont do anything yet!!! Wait for the Proxmox team to resolve and then you can just do apt update & upgrade

I don't think you understand my comment. I wasn't doing anything yet. But everyone above is giving conflicting info. I saw/read what apt was wanting to do and didn't proceed because I'm a tad bit smarter to not just blindly do things.

Back to the original comment. What is the "usual" approved command? is it 'apt upgrade', 'apt dist-upgrade', 'apt full-upgrade' or none of the above? Which is the preferred method per the developers and which is the one (of those 3) to avoid.

 

[Spaneta]

My 2 cents about the upgrade / dist-upgrade / full-upgrade debate here ...

- If you do upgrade through the UI you will see that the command in the window is a dist-upgrade, so if you want to do things like the Proxmox team configured it by default in WebUI but via SSH then you "dist-upgrade"
- From the "man apt-get" for "upgrade" (partial) :

under no circumstances are currently installed packages removed, or packages not already installed retrieved and installed

- If you read "man apt" you will see "full-upgrade" is described as ... but is not present in "man apt-get" :

full-upgrade performs the function of upgrade but will remove currently installed packages if this is needed to upgrade the system as a whole

- For "dist-upgrade" this is the reverse : absent in "man apt" and described in "man apt-get" as (partial) :

... will attempt to upgrade the most important packages at the expense of less important ones if necessary. The dist-upgrade command may therefore remove some packages

Because commands "apt" and "apt-get" are front-ends to package management and are (mostly) equivalent I guess that dist-upgrade and full-upgrade (from an apt-related view) are synonyms (but maybe not from a dpkg stand-point).

EDIT: readability + typos

 

[laurensb]

Because commands "apt" and "apt-get" are front-ends to package management and are (mostly) equivalent I guess that dist-upgrade and full-upgrade (from an apt-related view) are synonyms (but maybe not from a dpkg stand-point).

Correct. For compatibility, apt dist-upgrade also works. To update Proxmox apt-get dist-upgrade (or apt full-upgrade) must be used: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#system_software_updates

And I would advise all to just wait with upgrading for now. Removing proxmox-ve obviously is a mistake and devs will fix that soon. What would so important to update right now using all kinds of weird workarounds? Nothing critical there that can't wait a few days.

 

[Spaneta]

Correct. For compatibility, apt dist-upgrade also works. To update Proxmox apt-get dist-upgrade (or apt full-upgrade) must be used: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#system_software_updates

And I would advise all to just wait with upgrading for now. Removing proxmox-ve obviously is a mistake and devs will fix that soon. What would so important to update right now using all kinds of weird workarounds? Nothing critical there that can't wait a few days.

I think you are right, and workarounds discussed here should be used only on test servers to help / provide feedback to the Proxmox team.
Although I didn't check if some updated packages are concerned by some recent CVE's, I guess things will get sorted soon by the PVE team.

 

[Dunuin]

You generally shouldn't use dist-upgrade day-to-day, since it's safer to keep an old version of a package than delete it. It's mainly for major version upgrades.

"apt dist-upgrade" is exactly what the webUI does when you click on the "Upgrade" button. So the recommended/tested way to upgrade PVE.

With either one, you need to read the output carefully. Don't blindly upgrade. Never versions of apt (only available in Debian testing until the next major version is out) clean up the output to make it easier to read.

Fully agree. Better to wait and ask before blindly doing stuff like running that "touch '/please-remove-proxmox-ve" and similar. I also always skip the "-y" flag and unattended-upgrade package on the PVE hosts.

 

[Dunuin]

Dont do anything yet!!!

Correct.

Wait for the Proxmox team to resolve and then you can just do apt update & upgrade

"apt update && apt dist-upgrade"

Back to the original comment. What is the "usual" approved command? is it 'apt upgrade', 'apt dist-upgrade', 'apt full-upgrade' or none of the above? Which is the preferred method per the developers and which is the one (of those 3) to avoid.

"apt dist-upgrade". See the manual: https://pve.proxmox.com/wiki/System_Software_Updates

System Software Updates​

Proxmox provides updates on a regular basis for all repositories. To install updates use the web-based GUI or the following CLI commands:
# apt-get update
# apt-get dist-upgrade

 

[Spaneta]

For those caring about CVE's ...

The package "libarchive13" from the Debian repo is linked to a CVE, from the changelog :

libarchive (3.6.2-1+deb12u1) bookworm-security; urgency=high

  [ Peter Pentchev ]
  * Add the robust-error-reporting upstream patch. Closes: #1068047

  [ Salvatore Bonaccorso ]
  * fix: OOB in rar e8 filter (CVE-2024-26256) (Closes: #1072107)
  * fix: OOB in rar delta filter
  * fix: OOB in rar audio filter

 -- Salvatore Bonaccorso <carnil@debian.org>  Sun, 02 Jun 2024 16:38:00 +0200

I did an upgrade of this single package on 1 of my node and nothing wrong was seen currently ...

So this seems a prudent mild-solution between doing nothing and wait PVE team and the other upgrade-workarounds discussed before.

EDIT: dumb me noted that 2 of my nodes where not up to date with this package version from ... 2 weeks ! Error on my side for this package it seems ...

 

[lopiuh]

Love you all for talking instantly about the dependency error that hit me as well during install tests.

I used the package state to test unattended upgrades and I can share that it does not delete the package but held updates back. so more the upgrade than the dist-upgrade approach, which is fine!

Yours lopiuh, waiting for a fix tomorrow :->

 

[whytf]

this is why you dont push to production before end of the shift

 

[UK SPEED]

Hi
Any help how can I fix this issue?

34 upgraded, 1 newly installed, 2 to remove and 1 not upgraded.
Need to get 0 B/284 MB of archives.
After this operation, 579 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
W: (pve-apt-hook) !! WARNING !!
W: (pve-apt-hook) You are attempting to remove the meta-package 'proxmox-ve'!
W: (pve-apt-hook)
W: (pve-apt-hook) If you really want to permanently remove 'proxmox-ve' from your system, run the following command
W: (pve-apt-hook) touch '/please-remove-proxmox-ve'
W: (pve-apt-hook) run apt purge proxmox-ve to remove the meta-package
W: (pve-apt-hook) and repeat your apt invocation.
W: (pve-apt-hook)
W: (pve-apt-hook) If you are unsure why 'proxmox-ve' would be removed, please verify
W: (pve-apt-hook) - your APT repository settings
W: (pve-apt-hook) - that you are using 'apt full-upgrade' to upgrade your system
E: Sub-process /usr/share/proxmox-ve/pve-apt-hook returned an error code (1)
E: Failure running script /usr/share/proxmox-ve/pve-apt-hook
root@cc:~#

 

[nywst]

same issue here.
lol

 

[mark.hayes0338]

Hi
Any help how can I fix this issue?

34 upgraded, 1 newly installed, 2 to remove and 1 not upgraded.
Need to get 0 B/284 MB of archives.
After this operation, 579 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
W: (pve-apt-hook) !! WARNING !!
W: (pve-apt-hook) You are attempting to remove the meta-package 'proxmox-ve'!
W: (pve-apt-hook)
W: (pve-apt-hook) If you really want to permanently remove 'proxmox-ve' from your system, run the following command
W: (pve-apt-hook) touch '/please-remove-proxmox-ve'
W: (pve-apt-hook) run apt purge proxmox-ve to remove the meta-package
W: (pve-apt-hook) and repeat your apt invocation.
W: (pve-apt-hook)
W: (pve-apt-hook) If you are unsure why 'proxmox-ve' would be removed, please verify
W: (pve-apt-hook) - your APT repository settings
W: (pve-apt-hook) - that you are using 'apt full-upgrade' to upgrade your system
E: Sub-process /usr/share/proxmox-ve/pve-apt-hook returned an error code (1)
E: Failure running script /usr/share/proxmox-ve/pve-apt-hook
root@cc:~#

If you read through this thread and there are multiple solutions given.

 

[WesC]

FYIs I've just discovered that after following the 'wget proxmox-backup-client and dpkg -i' solution to resume a full-upgrade/dist-upgrade, /run/network is no longer created during boot up due to other upgraded packages, causing ifreload -a to fail, in turn causing OVS networking to be broken on reboot. Hopefully something specific to my OVS config and not affecting anyone else. I can't see any relevant package in the update list so it might be coincidence, but something to keep an eye out for.

Edit: somehow something disabled the 'networking' systemd unit during the upgrade. Enabling it again resolved this issue

 

[Jefferson Davila]

Estou com o mesmo problema.
Tenho um cluster com dois nós e ao executar o comando app full-upgrade ele me apresenta o alerta:

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
6 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
  libpve-cluster-api-perl libpve-cluster-perl libpve-notify-perl libpve-rs-perl pve-container pve-manager
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following package was automatically installed and is no longer required:
  proxmox-firewall
Use 'apt autoremove' to remove it.
The following packages will be REMOVED:
  proxmox-ve pve-manager
The following packages have been kept back:
  pve-container
The following packages will be upgraded:
  libpve-cluster-api-perl libpve-cluster-perl libpve-notify-perl libpve-rs-perl
4 upgraded, 0 newly installed, 2 to remove and 1 not upgraded.
Need to get 0 B/2,430 kB of archives.
After this operation, 2,862 kB disk space will be freed.
Do you want to continue? [Y/n]
W: (pve-apt-hook) !! WARNING !!
W: (pve-apt-hook) You are attempting to remove the meta-package 'proxmox-ve'!
W: (pve-apt-hook)
W: (pve-apt-hook) If you really want to permanently remove 'proxmox-ve' from your system, run the following command
W: (pve-apt-hook)     touch '/please-remove-proxmox-ve'
W: (pve-apt-hook) run apt purge proxmox-ve to remove the meta-package
W: (pve-apt-hook) and repeat your apt invocation.
W: (pve-apt-hook)
W: (pve-apt-hook) If you are unsure why 'proxmox-ve' would be removed, please verify
W: (pve-apt-hook)     - your APT repository settings
W: (pve-apt-hook)     - that you are using 'apt full-upgrade' to upgrade your system
E: Sub-process /usr/share/proxmox-ve/pve-apt-hook returned an error code (1)
E: Failure running script /usr/share/proxmox-ve/pve-apt-hook

Alguém acredita que a Proxmox irá resolver este problema?

 

[Dan15]

Some of you are saying, "don't run 'apt upgrade'". Some are saying, "don't run 'apt dist-upgrade'"". Some are saying, "don't run 'apt full-upgrade'".

full-upgrade and dist-upgrade are the same (dist-upgrade is a legacy name for it). It used to be called dist-upgrade because it was originally designed for upgrading to a new distribution of Debian (eg to go from Debian 11 to 12).

The only difference between upgrade and full-upgrade is that full-upgrade will delete packages if an incompatibility is found, if deleting that package means that more packages can be upgraded. Upgrade won't ever delete a package.

Best practice is to first run upgrade, then run full-upgrade, and pay more attention to the output of full-upgrade since it's more likely to break stuff. This is the documented process for major Debian version upgrades for example (https://wiki.debian.org/DebianUpgrade).

Because commands "apt" and "apt-get" are front-ends to package management and are (mostly) equivalent

apt-get is now mostly designed for use in scripts as its output format is stable, so scripts can parse it. That also means it's output format will never improve, for example to make it more readable.

apt is a newer frontend designed for use by humans. Its output format can change between versions, so it should not be used in scripts that parse the output.

Both are frontends on top of dpkg. aptitude is another frontend with a different dependency resolution algorithm.

 

[tjh]

Edit: somehow something disabled the 'networking' systemd unit during the upgrade. Enabling it again resolved this issue

Interesting. I just apt-get update && apt-get dist-ugprade my Proxmox 7.2 install and on reboot had exactly the same issue.