Ubuntu
unattended-upgrades package

  1. Bug #1690980
  2. Comment #19

Comment 19 for bug 1690980

Revision history for this message
ethan.hsieh (ethan.hsieh) wrote : Re: No pop-up window to warn users that system should not reboot or shutdown while installing security updates

In xenial and yakkety, unattended-upgrade can finish security updates after applying workaround 1&2.

workaround 3: If users reboot/shutdown by UI, there will be a pop-up window which asks users for root password.
If users reboot/shutdown by command (sudo reboot), unattended-upgrade will be killed and cannot finish security updates.

Workaround 1:
/lib/systemd/system/apt-daily.service
[Service]
Type=oneshot
ExecStart=/usr/lib/apt/apt.systemd.daily
+KillMode=none
+TimeoutStopSec=0

Wordaround 2:
/lib/systemd/system/apt-daily.service
[Unit]
Description=Daily apt activities
Documentation=man:apt(8)
+DefaultDependencies=no
+Before=shutdown.target

Workaround 3:
/lib/systemd/system/apt-daily.service
[Service]
Type=oneshot
-ExecStart=/usr/lib/apt/apt.systemd.daily
+ExecStart=/bin/systemd-inhibit --what=shutdown --mode=block /usr/lib/apt/apt.systemd.daily

---
the code flow of unattended-upgrades:
(1) -> apt_pkg.get_lock() -> do_install() -> (2)

If users reboot/shutdown system in (1), unattended-upgrades-shutdown will break from monitoring loop and then there will no message to tell user that security update is ongoing.