elementary OS

Security updates are not recognized as security-critical and not auto-installed [$50]

Bug #1404049 reported by Sergey "Shnatsel" Davidoff on 2014-12-18

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	elementary OS	Fix Released	High	Cody Garver	elementary OS freya-0.3.0 "(aka Freya RC1)"

Bug Description

elementary OS Freya does not recognize security updates as security-critical and therefore never auto-installs them though unattended-upgrades, even if the relevant options are selected in software-properties-gtk.
This seems to be different from the issue we had in Luna, which would detect the updates but not install them.

Testcase:
$ /usr/lib/update-notifier/apt-check --human-readable
320 packages can be updated.
0 updates are security updates.

Related branches

lp:~elementary-os/elementaryos/os-patch-update-notifier-trusty

lp:~elementary-os/elementaryos/os-patch-unattended-upgrades-trusty

Revision history for this message

Levi Voorintholt (piratelv) wrote on 2015-01-10:

The /usr/lib/update-notifier/apt-check script has an array of repositories that are for security updates. It's using the distro codename returned from the command 'lsb_release -c -s' thus it is using freya instead of trusty.
This makes the script look for a repository named 'freya-security' to be marked as security updates.

I've verified that changing the repository name to 'trusty-security' in the array makes the script show available security updates on 2 freya installs.

Revision history for this message

Danielle Foré (danrabbit) wrote on 2015-02-09:

https://www.bountysource.com/issues/7165055-security-updates-are-not-recognized-as-security-critical-and-not-auto-installed

summary:

Security updates are not recognized as security-critical and not auto-
- installed
+ installed [$50]

Cody Garver (codygarver) on 2015-02-09

Changed in elementaryos:
assignee:	nobody → Cody Garver (codygarver)
status:	Triaged → In Progress

Revision history for this message

Cody Garver (codygarver) wrote on 2015-02-23:

Attached is a branch in which I attempt to fix this bug by replacing "lsb_release -cs" with "echo trusty". I will not activate the recipe until someone confirms this work and is an appropriate solution.

Revision history for this message

Cody Garver (codygarver) wrote on 2015-02-25:

Our patched lsb provides a --upstream flag, so I have adjusted the code to use that and requested a build.

Revision history for this message

Cody Garver (codygarver) wrote on 2015-02-28:

Tested on an old iso with only the new package updated. Before upgrading update-notifier it reported 0 security updates out of 222. After upgrade it reported 64 out of 222.

Changed in elementaryos:
status:	In Progress → Fix Committed

Danielle Foré (danrabbit) on 2015-04-30

Changed in elementaryos:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.