Jeremy Davis's picture

Hi Timmy. I was under the impression that this issue was fixed in our v17.1 release? And on face value, it does appear to be.

Please excuse this stream of consciousnesses post. I figured I'd take you along on my investigations... So here we go, starting at the start:

To test I just launched the v17.1 LXC container (on my Proxmox v7.x host) and initially I thought that I couldn't reproduce the issue you're reporting?

root@JED-TEST-mediaserver ~# apt update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Hit:2 http://security.debian.org bullseye-security InRelease                           
Hit:3 https://repo.jellyfin.org/debian bullseye InRelease                              
Ign:4 http://archive.turnkeylinux.org/debian bullseye-security InRelease
Ign:5 http://archive.turnkeylinux.org/debian bullseye InRelease
Hit:6 http://archive.turnkeylinux.org/debian bullseye-security Release
Hit:8 http://archive.turnkeylinux.org/debian bullseye Release
Reading package lists... Done                             
Building dependency tree... Done
Reading state information... Done
63 packages can be upgraded. Run 'apt list --upgradable' to see them.
root@JED-TEST-mediaserver ~# apt policy jellyfin
jellyfin:
  Installed: 10.8.4-1
  Candidate: 10.8.10-1
  Version table:
     10.8.10-1 500
         10 https://repo.jellyfin.org/debian bullseye/main amd64 Packages
 *** 10.8.4-1 100
        100 /var/lib/dpkg/status
root@JED-TEST-mediaserver ~# apt install jellyfin
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be upgraded:
  jellyfin
1 upgraded, 0 newly installed, 0 to remove and 62 not upgraded.
Need to get 2260 B of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 https://syd1.mirror.jellyfin.org/debian bullseye/main amd64 jellyfin all 10.8.10-1 [2260 B]
Fetched 2260 B in 1s (1655 B/s)
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 41191 files and directories currently installed.)
Preparing to unpack .../jellyfin_10.8.10-1_all.deb ...
Unpacking jellyfin (10.8.10-1) over (10.8.4-1) ...
Setting up jellyfin (10.8.10-1) ...
Enumerating objects: 1611, done.
Counting objects: 100% (1611/1611), done.
Delta compression using up to 2 threads
Compressing objects: 100% (998/998), done.
Writing objects: 100% (1611/1611), done.
Total 1611 (delta 94), reused 1611 (delta 94), pack-reused 0

However, digging a little deeper I remembered that there are actually a couple of other Jellyfin packages!:

root@JED-TEST-mediaserver ~# apt list jellyfin*
Listing... Done
jellyfin-ffmpeg5/now 5.1.1-1-bullseye amd64 [installed,local]
jellyfin-ffmpeg6/unknown 6.0-3-bullseye amd64
jellyfin-ffmpeg/unknown 4.4.1-4-bullseye amd64
jellyfin-server/now 10.8.4-1 amd64 [installed,local]
jellyfin-web/now 10.8.4-1 all [installed,local]
jellyfin/unknown,now 10.8.10-1 all [installed]

The 'local' in those packages (i.e. jellyfin-ffmpeg5, jellyfin-server & jellyfin-web) made me wonder what might be going on? So I checked:

root@JED-TEST-mediaserver ~# apt policy jellyfin-web
jellyfin-web:
  Installed: 10.8.4-1
  Candidate: 10.8.4-1
  Version table:
     10.8.10-1 10
         10 https://repo.jellyfin.org/debian bullseye/main amd64 Packages
 *** 10.8.4-1 100
        100 /var/lib/dpkg/status

Hmm, there's a newer version, but it's not going to be installed because it's pin value is only '10' (the currently installed version is '100' so packages need to be '100' or higher to be auto installed by 'apt upgrade'). That sounds like an issue with pinning! Let's check:

root@JED-TEST-mediaserver ~# cat /etc/apt/preferences.d/jellyfin.pref 
Package: *
Pin: origin "repo.jellyfin.org"
Pin-Priority: 10

Package: jellyfin
Pin: origin "repo.jellyfin.org"
Pin-Priority: 500

Ah ha! I can see the issue already! All 'Package's (i.e. '*') from the Jellyfin repo are pinned '10' (as an intended security measure - so only specific packages can be installed from this repo). Then the specific packages to allow are listed. In this case, only the jellyfin package itself is pinned '500'. We could manually list each individual package, but because of Jellyfin's package naming convention (thanks Jellyfin devs!) a better way is to set the 'Package' name to 'jellyfin*'. That will allow 'jellyfin' and all 'jellyfin-...' packages to be installable by default (so upgradeable via 'apt upgrade'). That doesn't undermine the security value of the pinning (e.g. you couldn't install a kernel package from the jellyfin repo), but also means that any new jellyfin-whatever packages will remain installable.

Here is a one liner to fix it - then run 'apt update':

sed -i '\|^Package: jellyfin$|s|$|*|' /etc/apt/preferences.d/jellyfin.pref
apt update

After doing that, the upgrades are now visible. E.g. jellyfin-web will now upgrade to 10.8.10-1:

jellyfin-web:
  Installed: 10.8.4-1
  Candidate: 10.8.10-1
  Version table:
     10.8.10-1 500
         10 https://repo.jellyfin.org/debian bullseye/main amd64 Packages
 *** 10.8.4-1 100
        100 /var/lib/dpkg/status

Or to see all available jellyfin* upgrades in a more compact way:

root@JED-TEST-mediaserver ~# apt list --upgradable jellyfin*
Listing... Done
jellyfin-ffmpeg5/unknown 5.1.3-2-bullseye amd64 [upgradable from: 5.1.1-1-bullseye]
jellyfin-server/unknown 10.8.10-1 amd64 [upgradable from: 10.8.4-1]
jellyfin-web/unknown 10.8.10-1 all [upgradable from: 10.8.4-1]

TBH it's a bit embarrassing as I suspect that this bug was a factor in the original issue and it's a pity that I've only just realised what was going on now. Anyway, at least we've worked it out now. Thanks again for reporting.

PS I've opened a new issue and noted the fix there too. I've also opened a pull request with the fix. We've shifted attention to v18.x now, so I'm not sure when a fixed appliance will be released, but hopefully v18.0 release is not too far away.