root@uu-sru-bb:~# unattended-upgrade --verbose Initial blacklisted packages: Initial whitelisted packages: Starting unattended upgrades script Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic Packages that will be upgraded: file libidn2-0 libmagic-mgc libmagic1 libxslt1.1 python3-apport python3-problem-report Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log (Reading database ... 28655 files and directories currently installed.) Preparing to unpack .../libidn2-0_2.0.4-1.1ubuntu0.2_amd64.deb ... Unpacking libidn2-0:amd64 (2.0.4-1.1ubuntu0.2) over (2.0.4-1.1build2) ... Setting up libidn2-0:amd64 (2.0.4-1.1ubuntu0.2) ... Processing triggers for libc-bin (2.27-3ubuntu1) ... Log ended: 2019-11-01 17:09:03
Log started: 2019-11-01 17:09:04 (Reading database ... 28655 files and directories currently installed.) Preparing to unpack .../libxslt1.1_1.1.29-5ubuntu0.2_amd64.deb ... Unpacking libxslt1.1:amd64 (1.1.29-5ubuntu0.2) over (1.1.29-5ubuntu0.1) ... Setting up libxslt1.1:amd64 (1.1.29-5ubuntu0.2) ... Processing triggers for libc-bin (2.27-3ubuntu1) ... Log ended: 2019-11-01 17:09:07 Log started: 2019-11-01 17:09:08 (Reading database ... 28655 files and directories currently installed.) Preparing to unpack .../python3-apport_2.20.9-0ubuntu7.8_all.deb ... Unpacking python3-apport (2.20.9-0ubuntu7.8) over (2.20.9-0ubuntu7.7) ... Setting up python3-apport (2.20.9-0ubuntu7.8) ... Log ended: 2019-11-01 17:09:12 Log started: 2019-11-01 17:09:12 (Reading database ... 28655 files and directories currently installed.) Preparing to unpack .../python3-problem-report_2.20.9-0ubuntu7.8_all.deb ... Unpacking python3-problem-report (2.20.9-0ubuntu7.8) over (2.20.9-0ubuntu7.7) ... Setting up python3-problem-report (2.20.9-0ubuntu7.8) ... Log ended: 2019-11-01 17:09:15 Log started: 2019-11-01 17:09:15 (Reading database ... 28655 files and directories currently installed.) Preparing to unpack .../file_1%3a5.32-2ubuntu0.3_amd64.deb ... Unpacking file (1:5.32-2ubuntu0.3) over (1:5.32-2ubuntu0.2) ... Preparing to unpack .../libmagic1_1%3a5.32-2ubuntu0.3_amd64.deb ... Unpacking libmagic1:amd64 (1:5.32-2ubuntu0.3) over (1:5.32-2ubuntu0.2) ... Preparing to unpack .../libmagic-mgc_1%3a5.32-2ubuntu0.3_amd64.deb ... Unpacking libmagic-mgc (1:5.32-2ubuntu0.3) over (1:5.32-2ubuntu0.2) ... Setting up libmagic-mgc (1:5.32-2ubuntu0.3) ... Setting up libmagic1:amd64 (1:5.32-2ubuntu0.3) ... Setting up file (1:5.32-2ubuntu0.3) ... Processing triggers for man-db (2.8.3-2ubuntu0.1) ... Processing triggers for libc-bin (2.27-3ubuntu1) ... All upgrades installed root@uu-sru-bb:~# update-motd Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 5.0.0-32-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Fri Nov 1 17:28:59 UTC 2019 System load: 1.65 Processes: 24 Usage of /home: unknown Users logged in: 0 Memory usage: 0% IP address for eth0: 10.84.73.22 Swap usage: 48% 0 packages can be updated. 0 updates are security updates. 1 updates could not be installed automatically. For more details, see /var/log/unattended-upgrades/unattended-upgrades.log root@uu-sru-bb:~# dpkg -l unattended-upgrades | cat Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-===================-===================-============-=========================================== ii unattended-upgrades 1.1ubuntu1.18.04.12 all automatic installation of security upgrades ** Description changed: [Impact] - * MOTD does not go into details about upgradable packages being security fixes or just normal updates. - * Users should be made aware if some of the security updates could not have been applied. - * The fix is adding a snipped to MOTD where the number of packages kept back by unattended-upgrades is shown. + * MOTD does not go into details about upgradable packages being security fixes or just normal updates. + * Users should be made aware if some of the security updates could not have been applied. + * The fix is adding a snipped to MOTD where the number of packages kept back by unattended-upgrades is shown. [Test Case] - * The debian/tests/upgrade-all-security is extended to check if the number of kept back packages are shown in MOTD and a new test is added (test/test_motd.py) to check if the list of kept back packages are saved properly. - * To test the fix manually: - 1. Mark a package upgradable from the -security pocket as held, then run unattended-upgrades. - 2. Observe MOTD messate showing the number of packages being kept back. + * The debian/tests/upgrade-all-security is extended to check if the number of kept back packages are shown in MOTD and a new test is added (test/test_motd.py) to check if the list of kept back packages are saved properly. + * To test the fix manually: + 1. Mark a package upgradable from the -security pocket as held, then run unattended-upgrades. + 2. Observe MOTD messate showing the number of packages being kept back. [Regression Potential] - * Unattended-upgrades may crash when saving kept packages and always + * Unattended-upgrades may crash when saving kept packages and always return with failure. MOTD may hang or print error while printing the packages kept back by u-u. + + * It is not a regression, but the log referenced in MOTD does not + always contain explanation why each package was kept back, unless + debugging is enabled. One case where packages are not mentioned in the + log is when the packages are held using 'apt-mark hold' command. [Original Bug Text] Currently we have the following pieces as part of the default UX on Ubuntu 18.04 and later: 1) unattended-upgrades automatically installs security updates daily by default 2) the motd reports the number of available updates, including security updates. A user who knows about 1) also knows that a non-zero number of pending security updates listed in 2) is nothing to worry about. However, unattended-upgrades will also cleverly detect when a security update cannot safely be installed non-interactively due to conffile changes on the system. In this case, unattended-upgrades should also inform the user via the motd that these updates are not being installed. Otherwise, there's nothing to tell the user that the non-zero count of available security updates in motd is a *problem*. Suggested wording: N security updates will not be automatically installed due to local changes. See /var/log/foo for details. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1823070 Title: unattended-upgrades should tell the user (via motd) when security updates are held back To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1823070/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
