Content Error or Suggest an Edit
Notice a grammatical error or technical inaccuracy? Let us know; we will give you credit!
Introduction
The following was asked and I thought I’d post a response.
I have multiple servers running on a specific hosting platform, and I’ve noticed that Redis and MariaDB never update automatically. Even when I try to manually force updates using
apt-get --with-new-pkgs upgrade, these two packages remain unchanged.The only way I can get them to update is by reinstalling them with
apt install mariadb-serverandapt install redis-server.I’ve left them in the “kept back” state for months to see if it was a timing issue with the repositories, but they never updated on any of my servers.
Could this hosting provider use a customized installation of Redis/MariaDB? Or could there be another reason why only these two packages, out of everything installed, won’t update automatically?
Would appreciate any insights!
So both packages are from non-ubuntu mirrors. And both packages have the latest version available and are not pinned. I don’t know why you weren’t getting them before, but here’s a quick break down of how updates work on Ubuntu and how GridPane has them configured.
1 – Ubuntu Unattended Updates
Unattended Upgrades is a package unattended-upgrades in Ubuntu that automatically installs security updates and other package updates without user intervention. It has a ton of options, even allowing you to schedule system reboots.
2 – Unattended Upgrade Package Origins
Here is an example from GridPane’s Unattended Updates configuration for allowed origins. It effectively allows which packages to be auto updated.
❯ cat 50unattended-upgrades
// Automatically upgrade packages from these (origin:archive) pairs
//
// Note that in Ubuntu security updates may pull in new dependencies
// from non-security sources (e.g. chromium). By allowing the release
// pocket these get automatically pulled in.
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
// Extended Security Maintenance; doesn't necessarily exist for
// every release and this system may not have it installed, but if
// available, the policy for updates is such that unattended-upgrades
// should also install from here by default.
"${distro_id}ESM:${distro_codename}";
"LP-PPA-ondrej-php:jammy";
//maxmind-server-repo-placeholder
//mysql-repo-placeholder
//gridpane-repo-placeholder
//-repo-placeholder
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};
You can see that the following origins are allowed.
- Packages from the initial release can be updated if updated.
"${distro_id}:${distro_codename}"; - Security only packages
"${distro_id}:${distro_codename}-security"; - ESM is the, extended security maintenance packages.
"${distro_id}ESM:${distro_codename}"; - The only odd one out is the
LP-PPA-ondrej-php:jammywhich is how GridPane installs PHP. It’s a PPA."LP-PPA-ondrej-php:jammy";
You can also see that there is a number of commented out, specifically -updates
Ubuntu on release freezes package versions at release to ensure stability and compatibility, especially for LTS versions. Instead of upgrading to newer versions, Ubuntu backports security fixes via the security repository and bug fixes/improvements via the updates repository. This prevents breaking changes while keeping the system secure and reliable. 
3 – Ubuntu Components
Ubuntu organizes its package repositories into components based on software licensing, maintenance, and security policies.
| Component Name | Included Software | Security Updates? | Maintained By? |
|---|---|---|---|
| main | Officially supported FOSS packages |  Yes | Ubuntu team |
| restricted | Proprietary drivers/software | Yes | Ubuntu team |
| universe | Community-maintained software |  No (unless backported) | Community |
| multiverse | Legally/ethically restricted software | No | Community |
| security | Security updates for main/restricted | Yes | Ubuntu security team |
| updates | General bug fixes, feature updates | Yes | Ubuntu maintainers |
| backports | Newer software versions for older Ubuntu | No | Community |
| proposed | Testing/staging packages before release | No | Ubuntu developers |
4 – PPA (Personal Package Archive)
A PPA (Personal Package Archive) is a third-party Ubuntu repository on Launchpad.net that lets users install and update software not in the official repos. The ondrej-php PPA is maintained by Ondřej Surý, a Debian developer who has been packaging PHP for Debian since PHP 5.
5 – Ubuntu Package Version Updates
Take a look at the redis-server package for Ubuntu. redis package : Ubuntu
As you can see from this table. You get a different minor version of Redis, not major when updating Ubuntu OS.
| Ubuntu Version | Redis Package Version | Repository (Component) |
|---|---|---|
| 25.04 Plucky Puffin | 5:7.0.15-3 | release (universe) |
| 24.10 Oracular Oriole | 5:7.0.15-1build2 | release (universe) |
| 24.04 Noble Numbat | 5:7.0.15-1build2 | release (universe) |
| 22.04 Jammy Jellyfish | 5:6.0.16-1ubuntu1 | release (universe) |
| 20.04 Focal Fossa | 5:5.0.7-2ubuntu0.1 | security, updates (universe) |
| 5:5.0.7-2 | release (universe) | |
| 18.04 Bionic Beaver | 5:4.0.9-1ubuntu0.2 | security, updates (universe) |
| 5:4.0.9-1 | release (universe) |
Software versions follow MAJOR.MINOR.PATCH format. Major updates may break compatibility (e.g., Redis 6 → 7), minor adds features but stays compatible (e.g., 7.0 → 7.1), and patch fixes bugs/security issues (e.g., 7.0.15 → 7.0.16). Ubuntu packages may include extra build numbers for security or repository-specific updates.
6 – Why you’re not getting updates
As for why you’re not getting the latest version of Redis or MariaDB, they’re not using default Ubuntu sources. They’re using Digital Ocean for MariaDB and Redis.io for Redis, this ensures you get a specific or higher version of each that Ubuntu 22 doesn’t ship with.
They’re both configured with the component “main”, but they’re not configured for automatic updates due as they’re not default Ubuntu repositories. The would need to be configured as an allowed origin, similar to how Ondrej is setup "LP-PPA-ondrej-php:jammy";.
Here is a percona server that hasn’t gotten an update. You can see that there is a new version. However, it’s not applied.
percona-server-server:
Installed: 8.0.30-22-1.focal
Candidate: 8.0.40-31-1.focal
Version table:
8.0.40-31-1.focal 500
500 http://repo.percona.com/ps-80/apt focal/main amd64 Packages
8.0.39-30-1.focal 500
500 http://repo.percona.com/ps-80/apt focal/main amd64 Packages
8.0.37-29-1.focal 500
500 http://repo.percona.com/ps-80/apt focal/main amd64 Packages
8.0.36-28-1.focal 500
500 http://repo.percona.com/ps-80/apt focal/main amd64 Packages
8.0.35-27-1.focal 500
500 http://repo.percona.com/ps-80/apt focal/main amd64 Packages
*** 8.0.30-22-1.focal 100
100 /var/lib/dpkg/status
I’m not 100% sure if there is a security update within the Percona repository at the time of this writing, you would have to look at the changelogs. Since there is no configured -security component you’re stuck with main. So you should be updating this package anytime there is a new version. Same goes with mariadb and redis.
However, I don’t know the logic or if there is dynamic configuration changes to allow specific packages or versions to be updated at specific times on GridPane. That’s a question for GridPane.
6 – Updating unattended updates config to update MariadDB and Redis
I will post this shortly.
Jordan Trask
With 20 years of experience in technology spanning Linux, Data Center Infrastructure, and related services and applications, Jordan consults with small, medium, and large organizations tackling technology problems and needs. With 10 years of experience in WordPress, he’s created Managing WP as a means of dumping his brain on the web.
Jordan operates LMT Solutions providing Technology Consulting Services and We Power WP for WordPress Care Plans and Support.