Ubuntu
pkgsel package

option to deactivate automatic updates leads people to believe that security updates will be disabled too

Bug #1591427 reported by Chris B on 2016-06-11

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	pkgsel (Ubuntu)	Fix Released	Medium	Unassigned

Bug Description

Confirmed in 16.04 LTS and Yakkety Daily.

How to reproduce:
User Ubuntu Server ISO and at the very last question of the installer, answer "no automatic updates."

Then, after the reboot, check /etc/apt/apt.conf.d/50unattended-upgrades and you will find:

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};

Since by default the first one is enabled, it will install automatic updates despite having selected "no" during installer.

ProblemType: Bug
DistroRelease: Ubuntu 16.10
Package: debian-installer (not installed)
ProcVersionSignature: Ubuntu 4.4.0-23.41-generic 4.4.10
Uname: Linux 4.4.0-23-generic x86_64
ApportVersion: 2.20.1-0ubuntu4
Architecture: amd64
Date: Fri Jun 10 19:14:21 2016
InstallationDate: Installed on 2016-06-11 (0 days ago)
InstallationMedia: Ubuntu-Server 16.10 "Yakkety Yak" - Alpha amd64 (20160610)
Lsusb:
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: VMware, Inc. VMware Virtual Platform
MemoryUsage:
total used free shared buff/cache available
Mem: 4028940 156064 3690500 5928 182376 3693048
Swap: 4192252 0 4192252
ProcEnviron:
TERM=linux
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-23-generic root=UUID=eb6a3dc1-0e2a-4ad0-bb88-a5be4bdb7013 ro
SourcePackage: debian-installer
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 07/02/2015
dmi.bios.vendor: Phoenix Technologies LTD
dmi.bios.version: 6.00
dmi.board.name: 440BX Desktop Reference Platform
dmi.board.vendor: Intel Corporation
dmi.board.version: None
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 1
dmi.chassis.vendor: No Enclosure
dmi.chassis.version: N/A
dmi.modalias: dmi:bvnPhoenixTechnologiesLTD:bvr6.00:bd07/02/2015:svnVMware,Inc.:pnVMwareVirtualPlatform:pvrNone:rvnIntelCorporation:rn440BXDesktopReferencePlatform:rvrNone:cvnNoEnclosure:ct1:cvrN/A:
dmi.product.name: VMware Virtual Platform
dmi.product.version: None
dmi.sys.vendor: VMware, Inc.

Tags:

Revision history for this message

Chris B (b-christopher-92) wrote on 2016-06-11:

CurrentDmesg.txt Edit (116.2 KiB, text/plain; charset="utf-8")
DIPartman.gz Edit (4.1 KiB, application/x-gzip)
DISyslog.gz Edit (51.4 KiB, application/x-gzip)
DiskUsage.txt Edit (526 bytes, text/plain; charset="utf-8")
JournalErrors.txt Edit (3.6 KiB, text/plain; charset="utf-8")
Lspci.txt Edit (101.1 KiB, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (3.6 KiB, text/plain; charset="utf-8")
ProcInterrupts.txt Edit (5.3 KiB, text/plain; charset="utf-8")
ProcModules.txt Edit (4.3 KiB, text/plain; charset="utf-8")
UdevDb.txt Edit (324.8 KiB, text/plain; charset="utf-8")

Revision history for this message

Chris B (b-christopher-92) wrote on 2016-06-11:

Related to https://bugs.launchpad.net/ubuntu/+source/debian-installer/+bug/1591400

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-07-06:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in debian-installer (Ubuntu):
status:	New → Confirmed

Brian Murray (brian-murray) on 2016-07-22

tags:	added: rls-y-incoming
Changed in debian-installer (Ubuntu):
importance:	Undecided → High

Revision history for this message

Mathieu Trudel-Lapierre (cyphermox) wrote on 2016-09-15:

That file is the default anyway, from unattended-upgrades. It took me a bit of time to find again where this is being done in the installer (it's in pkgsel), but I remembered fixing it a few months ago.

From the look of things, if all is well, in yakkety the unattended upgrades should be disabled anyway: you should see that in "/etc/apt/apt.conf.d/20auto-upgrades", it reads:
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Unattended-Upgrade "0";

Despite whatever the configuration might be in /etc/apt/apt.conf.d/50unattended-upgrades. As such, automatic upgrades should not be happening.

The change isn't yet in xenial, so I'm updating this bug to reflect the state of things at the moment and the fact that yakkety should be checked again carefully to make sure the config is as intended.

affects:	debian-installer (Ubuntu) → pkgsel (Ubuntu)
Changed in pkgsel (Ubuntu):
assignee:	nobody → Mathieu Trudel-Lapierre (cyphermox)
status:	Confirmed → Triaged

AMIT KUSHWAHA (amitkushwaha) on 2018-08-17

Changed in pkgsel (Ubuntu):
status:	Triaged → Incomplete
status:	Incomplete → New

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-08-17:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in pkgsel (Ubuntu):
status:	New → Confirmed

Revision history for this message

Brian Murray (brian-murray) wrote on 2018-11-26:

-security is still in Allowed-Origins when installing the daily server CD image for Ubuntu 18.04.

Brian Murray (brian-murray) on 2018-11-29

Changed in pkgsel (Ubuntu):
importance:	High → Medium

Revision history for this message

Brian Murray (brian-murray) wrote on 2018-11-29:

It's been suggested that it'd be better if the option was better described because we don't actually want the user to have an option that disables automatic security updates. The default should be for users to have a secure system.

summary:	- Installer gives user option to deactivate automatic updates, yet - automatic upgrade of security packages are on by default + option to deactivate automatic updates leads people to believe that + security updates will be disabled too
Changed in pkgsel (Ubuntu):
assignee:	Mathieu Trudel-Lapierre (cyphermox) → nobody

Revision history for this message

Balint Reczey (rbalint) wrote on 2018-11-29:

Since the fix for LP: #1577215 u-u does not change to origin list based on debconf answers, but it still changes if u-u is enabled by setting APT::Periodic::Unattended-Upgrade to 0 or 1 in apt.conf.d/ .

The debconf template name is: unattended-upgrades/enable_auto_updates .
Probably the installer does not set it properly.

Revision history for this message

Chris B (b-christopher-92) wrote on 2018-11-29:

@Brian

Yes, I think your suggestion is better than to disable updates. If a user still wants to disable them they can do so manually, but it is important that the setup does not imply this.

Brian Murray (brian-murray) on 2019-09-19

tags:

removed: rls-y-incoming

Revision history for this message

Mathieu Trudel-Lapierre (cyphermox) wrote on 2019-09-19:

#10

This has been fixed for a while; APT::Periodic::Unattended-Upgrade is set to 0 if you pick No automatic updates; this is how we want things to be. In the installer, the other option is to "install security updates automatically".

Changed in pkgsel (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntupkgsel package

option to deactivate automatic updates leads people to believe that security updates will be disabled too

Bug Description

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
pkgsel package