Ubuntu
gnome-software package

gnome-software tries to install snap updates in the background, causing unprompted polkit authentication for authorisation to install packages

Bug #1862158 reported by Alex Murray
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gnome-software (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Every morning about ~30mins after powering on my focal machine I get (unprompted) a gnome-shell policykit authorisation popup saying 'authentication is required to install software' - I haven't yet actually authorised it since I wasn't sure what was causing it, however I notice that if I cancel the authorisation then I see a bunch of notifications from gnome-software about updates having been successfully installed (even though I presume it hasn't been since I never authorised it).

Is gnome-software fighting snapd to refresh snaps?

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: gnome-software 3.35.2-0ubuntu1
ProcVersionSignature: Ubuntu 5.4.0-12.15-generic 5.4.8
Uname: Linux 5.4.0-12-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu16
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Thu Feb 6 21:37:29 2020
InstallationDate: Installed on 2019-11-18 (79 days ago)
InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Release amd64 (20191017)
InstalledPlugins:
 gnome-software-plugin-flatpak N/A
 gnome-software-plugin-snap 3.35.2-0ubuntu1
SourcePackage: gnome-software
UpgradeStatus: Upgraded to focal on 2020-01-22 (15 days ago)

Revision history for this message
Alex Murray (alexmurray) wrote :
Revision history for this message
Alex Murray (alexmurray) wrote :
Revision history for this message
Alex Murray (alexmurray) wrote :

Attached log output for gnome-software (if there is a better way to obtain this or more complete logs for gnome-software please let me know).

Revision history for this message
Andrew Hayzen (ahayzen) wrote :

I believe this issue is because we now show pending snap updates in gnome-software (useful when one has manually set the refresh timer), which causes them to be categorised as "updatable live". gnome-software then has an update monitor that automatically tries to apply any updatable live apps (which causes the polkit dialogs and updates complete notifications) - but we don't want this as snapd does this.

I have an untested patch here https://gitlab.gnome.org/ahayzen/gnome-software/commit/0597be6f317a38aa64ac86280d7b05a1aa242a70 which I believe should disable snap app updates from the update monitor.

If it looks good let me know and I can proposed it against gnome-software master :-)

Revision history for this message
Alex Murray (alexmurray) wrote :

Happened again this morning - see attached for some screenshots which demonstrate the various elements.

Revision history for this message
Alex Murray (alexmurray) wrote :

Happened again this morning - see attached for some screenshots which demonstrate the various elements.

Revision history for this message
Alex Murray (alexmurray) wrote :

Also note after choosing 'Cancel' for the authentication, it notifies to say updates were successfully installed which is very odd :/

Revision history for this message
Alex Murray (alexmurray) wrote :

Thanks for the patch - I've rebuilt gnome-software with it here https://launchpad.net/~alexmurray/+archive/ubuntu/lp1862158 and will let you know how that behaves.

Revision history for this message
James Henstridge (jamesh) wrote :

Is there some way gnome-software can inform the plugin that it is performing a non-interactive operation?

If so, then the plugin could use snapd_client_set_allow_interaction() to suppress any potential pokit dialogs from the operation. It wouldn't allow the operation to succeed, but it also wouldn't leave the user with an authentication dialog open when they unlock their screen.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnome-software (Ubuntu):
status: New → Confirmed
Robert Ancell (robert-ancell)
Changed in gnome-software (Ubuntu):
importance: Undecided → High
Revision history for this message
Robert Ancell (robert-ancell) wrote :

Andrew - that patch seems reasonable with the existing code, as the daemon does the auto-updates, so no client should be performing it. This should probably be done with a quirk, so the update monitor doesn't need to special case Snaps (or the firmware as it currently does). But that is better discussed on an upstream MR.

James - G-S doesn't currently have a mechanism to say why each operation is being performed, but I imagine we could add one. In this case it doesn't make sense as G-S shouldn't try and auto update.

Revision history for this message
Robert Ancell (robert-ancell) wrote :

I've proposed an MR here:
https://gitlab.gnome.org/GNOME/gnome-software/merge_requests/420/

Robert Ancell (robert-ancell)
Changed in gnome-software (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnome-software - 3.35.2-0ubuntu2

---------------
gnome-software (3.35.2-0ubuntu2) focal; urgency=medium

  * d/p/0029-Fix-CSS-colors-to-work-correctly-with-Yaru-Adwaita.patch:
    - Use theme exported colors (LP: #1862056)
  * d/p/0001-GsApp-Add-a-new-do-not-auto-update-quirk.patch:
  * d/p/0002-fwupd-Use-new-GS_APP_QUIRK_DO_NOT_AUTO_UPDATE.patch:
  * d/p/0003-snap-Stop-snaps-from-being-automatically-updated.patch:
    - Stop snaps being automatically updated (LP: #1862158)

 -- Robert Ancell <email address hidden> Tue, 11 Feb 2020 12:07:52 +1300

Changed in gnome-software (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.