Automatic security upgrades are always enabled

Bug #1585771 reported by youshotwhointhatwhatnow on 2016-05-25
28
This bug affects 6 people
Affects Status Importance Assigned to Milestone
pkgsel (Ubuntu)
High
Mathieu Trudel-Lapierre
Xenial
High
Mathieu Trudel-Lapierre

Bug Description

After installing 16.04 server and selecting the option "no automatic upgrades" the system will still be configured to automatically perform security upgrades.

$ cat /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

$ head -n 8 /etc/apt/apt.conf.d/50unattended-upgrades
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
 "${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};

Robie Basak (racb) on 2016-05-25
Changed in debian-installer (Ubuntu):
importance: Undecided → High
tags: added: server-next
Changed in debian-installer (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)

That's really unattended-upgrades; not d-i itself.

affects: debian-installer (Ubuntu) → unattended-upgrades (Ubuntu)

Except the prompt you *do* get from pkgsel, which is a d-i bit. pkgsel ought to seed unattended-upgrades with the right config.

Changed in pkgsel (Ubuntu):
importance: Undecided → High
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
Changed in unattended-upgrades (Ubuntu Xenial):
importance: Undecided → High
Changed in pkgsel (Ubuntu Xenial):
importance: Undecided → High
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
Changed in unattended-upgrades (Ubuntu Xenial):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pkgsel - 0.43ubuntu2

---------------
pkgsel (0.43ubuntu2) yakkety; urgency=medium

  * debian/postinst: get our "No automatic updates" policy selection to really
    seed unattended-upgrades with automatic upgrades disabled. (LP: #1585771)

 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 14 Jun 2016 17:43:53 +0300

Changed in pkgsel (Ubuntu):
status: New → Fix Released

Hello youshotwhointhatwhatnow, or anyone else affected,

Accepted pkgsel into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/pkgsel/0.43ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in pkgsel (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed
Ryan Harper (raharper) wrote :

Tested:

a37843379dd7061c2c1dc87ed215a284 *xenial-server-amd64.iso

And selected "No Automatic updates" when prompted.

After install there is no longer a /etc/apt/apt.conf.d/20auto-upgrades file present.

ubuntu@ubuntu:~$ cat /etc/apt/apt.conf.d/20auto-upgrades
cat: /etc/apt/apt.conf.d/20auto-upgrades: No such file or directory

ubuntu@ubuntu:~$ head -n 8 /etc/apt/apt.conf.d/50unattended-upgrades
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
 "${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};

$ grep -nr "APT::Periodic::Unattended-Upgrade.*1.*" /etc/apt/apt.conf.d/*
ubuntu@ubuntu:~$

Ubuntu QA Website (ubuntuqa) wrote :

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
http://iso.qa.ubuntu.com/qatracker/reports/bugs/1585771

tags: added: iso-testing
Adam Conrad (adconrad) on 2016-07-21
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pkgsel - 0.43ubuntu1.1

---------------
pkgsel (0.43ubuntu1.1) xenial; urgency=medium

  * debian/postinst: get our "No automatic updates" policy selection to really
    seed unattended-upgrades with automatic upgrades disabled. (LP: #1585771)

 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 14 Jun 2016 17:43:53 +0300

Changed in pkgsel (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for pkgsel has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Robie Basak (racb) on 2016-08-16
tags: removed: server-next
no longer affects: unattended-upgrades (Ubuntu)
no longer affects: unattended-upgrades (Ubuntu Xenial)
Changed in pkgsel (Ubuntu Xenial):
assignee: Mathieu Trudel-Lapierre (cyphermox) → ANDREW MICHAEL CHALK (andrewmichaelchalk)
Changed in pkgsel (Ubuntu Xenial):
assignee: ANDREW MICHAEL CHALK (andrewmichaelchalk) → Mathieu Trudel-Lapierre (cyphermox)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers