aptitude can't find a solution where apt-get can (no complicated packages)

The Problem happens only, when there are packages which need to be kept back, when there are only upgrades, aptitude suggests the same solution as apt-get and it works.

this a a regression from lucid, where

$ cat /etc/cron-apt/action.d/5-install
autoclean -y
dist-upgrade --safe-resolver -y -o APT:Get:Show-Upgraded=true

worked even for installing new packages via our own meta-packages.

did 'sudo apt-get update && sudo apt-get upgrade' worked ?

apt-get upgrade works, but we want to use aptitude with safe-resolver.

just using apt-get would mean, if some dependencies are broken, apt-get might remove important packages, so we need to fix it manually. so we want to use aptitude with safe-resolver (see the config wre're using with lucid in my post above) to avoid stuff like "sshd gets uninstalled, because the meta-package which kept it installed was broken".

so the commandline cron-apt should use, should be something like
aptitude dist-upgrade --safe-resolver -y -o APT:Get:Show-Upgraded=true

or maybe
aptitude -o Acquire::http::Dl-Limit=2000 dist-upgrade --safe-resolver --allow-new-installs --allow-new-upgrades -y -o APT:Get:Show-Upgraded=true

But nothing using only apt-get.

can you give the output of:

lsb_release -a; uname -a; file `which dist-upgrade`

Thanks

i think you meant "file $(which aptitude)", so i modified your commandline accordingly, as there is no dist-upgrade binary, dist-upgrade is a command for the aptitude binary.

$ lsb_release -a; uname -a; file `which aptitude`
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04 LTS
Release: 12.04
Codename: precise
Linux dipl-013 3.2.0-24-generic #39-Ubuntu SMP Mon May 21 16:52:17 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
/usr/bin/aptitude: symbolic link to `/etc/alternatives/aptitude'

and to answer the next questions:
$ file /etc/alternatives/aptitude
/etc/alternatives/aptitude: symbolic link to `/usr/bin/aptitude-curses'

$ apt-cache policy aptitude
aptitude:
  Installed: 0.6.6-1ubuntu1
  Candidate: 0.6.6-1ubuntu1
  Version table:
 *** 0.6.6-1ubuntu1 0
        500 http://archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
        100 /var/lib/dpkg/status

> just using apt-get would mean, if some dependencies are broken, apt-get might remove
> important packages, so we need to fix it manually. so we want to use aptitude with safe-
> resolver (see the config wre're using with lucid in my post above) to avoid stuff like "sshd gets
> uninstalled, because the meta-package which kept it installed was broken".

Are you saying that before you run dist-upgrade some packages have broken dependencies?

The man page for apt-get says that upgrade (as opposed to dist-upgrade) will never remove a currently installed package.

Also, if you are running 'aptitude dist-upgrade --safe-resolver' this is very similar to 'aptitude safe-upgrade', which tries to be just like 'apt-get upgrade'.

We're using own meta-packages and cron-apt to distribute configurations and new packages to our workstations.
The worst case is, some meta-package has broken dependencies (possible only on some of the workstations) and does bad things like uninstalling itself, which leads to stuff like that dependencies pulled by this meta-packages will be removed on the next run of cron-apt

Worst-Case: In the first night the package depending on sshd is uninstalled because of a conflict and in the next night sshd is uninstalled by the autoremove command.

with lucid, we use "aptitude dist-upgrade --safe-upgrade", which allows aptitude to install new packages needed as dependency, but stops with an error in case the package itself is broken (and does not remove the package itself).

- "apt-get upgrade" will not install new dependencies (which is against the point of having a meta-package)
- "apt-get dist-upgrade" will remove broken packages, maybe leading to a system where the configuration packages are not installed any longer, preventing us from distributing a fixed package.

desired behaviour:
- install updates like "upgrade"
- install new dependencies like "dist-upgrade"
- in case of error, do nothing, stop with an errorcode (cron-apt will mail the error)

of course, normally a package SHOULD NOT break, but in case it breaks anyway, the behaviour of the cron-apt commandline should be safe in a way, we can put a fixed .deb on the mirror and it will be installed on the next run. This is not provided, when the package is uninstalled in case of errors.

so to emphasise on this point:
The difference between "aptitude upgrade" and "aptitude dist-upgrade --safe-resolver" is, that new dependencies will get installed, when needed. Thats why we're using "dist-upgrade --safe-resolver" instead of "upgrade" for doing a safe-upgrade.

Firstly, note that the problem resolver in aptitude has many issues. It is rather complex and there are no active developers experienced with working on it.

You can run aptitude with "--log-file=resolver.log --log-resolver" to capture debugging output. This may help you understand why it has not found, or rejected, a solution that you prefer. A third party is likely to also need the output of aptitude-create-state-bundle. Investigate these logs only in consultation with the user's manual.

Since you are using metapackages to handle your upgrades, a simpler solution could be something like:

apt-get install -y $metapackages && apt-get upgrade -y

where determining the set of metapackages installed on or relevant to each machine is an exercise I leave up to you.

I faced this issue two years ago and there is no solution available for it you can see my https://corwebdigital.com/services/ website that is effected from it.