Mozillateam-Firefox Silently Replaced by Snap-Firefox in Spite of Lower Priority

(this is a rewrite of the original question as suggested in the comments)

I’m running Ubuntu 22.04 and am using firefox from the mozillateam ppa. My setup has ppa-firefox at priority 1001 (as suggested here) and my snap-firefox at priority 500 (default). Today, unattended-upgrades silently replaced my ppa-firefox with snap-firefox and I have trouble figuring out why.

I managed to reinstall my ppa-firefox with a simple apt-get remove firefox; apt-get install firefox so I suspect the priorities are working, but unattended-upgrade somehow didn’t respect them. The question is why?

Here’s my ppa-firefox app-pin:

$ cat /etc/apt/preferences.d/mozilla-firefox
Package: *
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 1001

Here’s my current apt-cache policy after reinstalling firefox:

# apt-cache policy firefox
  Installed: 120.0+build1-0ubuntu0.22.04.1~mt1
  Candidate: 120.0+build1-0ubuntu0.22.04.1~mt1
  Version table:
     1:1snap1-0ubuntu2 500
        500 jammy/main amd64 Packages
 *** 120.0+build1-0ubuntu0.22.04.1~mt1 1001
       1001 jammy/main amd64 Packages
        100 /var/lib/dpkg/status

The unattended-upgrades-log admits it:

$ grep 'Unpacking firefox' /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
Unpacking firefox (1:1snap1-0ubuntu2) over (119.0.1+build1-0ubuntu0.22.04.1~mt1)

(See also here, and here)

EDIT: I have since given priority -1 to both snap and snap-firefox, as suggested in comments and answers to the questions above. So, I suppose this is fixed, but the question why unattended-upgrades replaced my ppa-firefox in spite of its higher priority (1001 > 500) remains open.

Asked By: igel


The entry for pinning is not enough, you need to de-prioritize the DEB package from the sources as well.

The following steps should work:

  • uninstall the Firefox installed via the PPA (if still present).
  • disable the PPA
  • uninstall the Firefox from the sources:
    • sudo apt remove firefox
    • sudo snap remove firefox
  • create a file like mozillateam under /etc/apt/preferences.d
  • add the following content to the file:
Package: * 
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 100

Package: firefox*
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 1001

Package: firefox*
Pin: release o=Ubuntu
Pin-Priority: -1
  • add the Mozilla PPA again
  • sudo apt update
  • install the Firefox – should be pulled from PPA now
Answered By: noisefloor

The unattended-upgrades-tool is configured by default to upgrade packages only from the distribution’s repositories. You can take a look at the configuration file /etc/apt/apt.conf.d/50unattended-upgrades.

The unattended-upgrades-tool does not know about packages from third party repositories unless you add them to the configuration file or add an extra configuration file which includes them.

Example for firefox:

echo 'Unattended-Upgrade::Allowed-Origins:: "LP-PPA-mozillateam:${distro_codename}";' | sudo tee /etc/apt/apt.conf.d/51unattended-upgrades-firefox

If you don’t add the repository to the configuration, the pinning you mention is worthless since the unattended-upgrades-tool does not know about the package and also don’t know about its pinning.

That’s why your firefox-package from the ppa got upgraded to the transitional firefox package from the ditibution repository which then pulls in the snap and all necessary dependencies like snapd. It’s only a question of version numbers in this case.


Answered By: mook765