--- title: "Ubuntu dist-upgrade Quarantines Third-Party Repos" domain: troubleshooting category: ubuntu tags: [ubuntu, apt, dist-upgrade, repositories, tailscale, digitalocean] status: published created: 2026-04-28 updated: 2026-04-28 --- # Ubuntu dist-upgrade Quarantines Third-Party Repos ## Problem When running `do-release-upgrade` (e.g., Jammy 22.04 to Noble 24.04), Ubuntu renames all third-party `.list` files in `/etc/apt/sources.list.d/` to `.list.distUpgrade`. This silently disables every third-party repo — packages from those repos stop receiving updates with no warning. The upgrade process does this intentionally because it can't guarantee third-party repos will have packages for the new release. Some repos get re-added as `.sources` files during the upgrade, but many don't. ## Symptoms - `apt list --upgradable` shows nothing for packages you know have updates (e.g., Tailscale stuck on an old version) - `apt list --installed` shows packages as `[installed,local]` instead of `[installed]` — the "local" tag means apt has no repo to check for updates - `.distUpgrade` files accumulate in `/etc/apt/sources.list.d/` indefinitely ## Diagnosis Check for quarantined repos: ```bash ls /etc/apt/sources.list.d/*.distUpgrade ``` For each file, check whether a replacement `.list` or `.sources` file already exists: ```bash ls /etc/apt/sources.list.d/*.list /etc/apt/sources.list.d/*.sources ``` ## Fix ### Distro-agnostic repos (e.g., DigitalOcean agents) If the repo URL doesn't reference a distro codename (jammy/noble), just rename: ```bash mv /etc/apt/sources.list.d/digitalocean-agent.list.distUpgrade \ /etc/apt/sources.list.d/digitalocean-agent.list ``` ### Distro-specific repos (e.g., Tailscale, ondrej-php) The quarantined file references the old distro (jammy). Re-run the upstream install script to get a correct entry for the new release: ```bash # Tailscale curl -fsSL https://tailscale.com/install.sh | sh # Or manually: update the codename sed 's/jammy/noble/' /etc/apt/sources.list.d/tailscale.list.distUpgrade \ > /etc/apt/sources.list.d/tailscale.list apt update && apt upgrade tailscale ``` ### Already replaced by .sources If the upgrade process already created a `.sources` replacement (common for ubuntu-esm-apps, ondrej-php), the `.distUpgrade` file is just clutter — delete it: ```bash rm /etc/apt/sources.list.d/ondrej-ubuntu-php-jammy.list.distUpgrade ``` ### After all fixes ```bash apt update apt list --upgradable # should now show pending updates apt upgrade ``` ## Real-World Example: MajorsHouse Fleet (2026-04-28) Five Ubuntu 24.04 servers were dist-upgraded from Jammy in October 2024. The `.distUpgrade` quarantine was discovered 6 months later when Tailscale's website wouldn't load (Pi-hole was blocking subdomains, but the investigation revealed teelia was stuck on Tailscale 1.76.0 — 20 versions behind — because the repo was disabled). | Host | Quarantined files | Impact | |------|------------------|--------| | dcaprod | 8 | Tailscale, DO agents, MySQL, ondrej-php, ESM, vector | | teelia | 4 | Tailscale (stuck on 1.76.0), DO agents, certbot bionic PPA | | majorlinux | 8 | Tailscale, DO agents, MySQL, ondrej-php, ESM, apt-fast | | majortoot | 11 | Tailscale, DO agents, nodesource, PostgreSQL, vector, zabbix, ESM | | tttpod | 0 | Clean — was likely rebuilt rather than upgraded | All files were audited, stale ones deleted, distro-agnostic repos renamed, and distro-specific repos re-added via upstream install scripts. DO agents upgraded from 3.16.11 to 3.18.12, teelia's Tailscale jumped from 1.76.0 to 1.96.4. ## Prevention - **Post-upgrade audit:** After any `do-release-upgrade`, immediately run `ls /etc/apt/sources.list.d/*.distUpgrade` and resolve each file. - **Prefer `.sources` format:** When adding new third-party repos, use the DEB822 `.sources` format — it's what Ubuntu itself uses on Noble and is handled more gracefully during upgrades. - **Ansible playbook:** Consider a post-upgrade play that checks for `.distUpgrade` files and alerts or auto-fixes distro-agnostic repos.