Ubuntu

security updates not installed daily as configured

Reported by Paddy Launch on 2010-03-26
362
This bug affects 20 people
Affects Status Importance Assigned to Milestone
update-manager (Ubuntu)
High
Unassigned

Bug Description

Binary package hint: update-manager

I have Update Manager set to "check for updates Daily" and "install security updates without confirmation". Currently, I am not receiving any notification of updates, even though when I start the Update Manager manually, I can see that there are many updates each day.

Steps to reproduce:
------------
1. Install Ubuntu 10.04.
2. Log in to the new Ubuntu installation for the first time.
3. In "Software Sources" > "Updates", choose "Check for updates: Daily" and "Install security updates without confirmation".
4. Set the system clock forward one day.
5. Wait for ten minutes.

What should happen: Update Manager opens, displaying only non-security updates.
------------
What actually happens: Nothing. Upon opening update-manager manually, one can see that there are indeed updates available (including Security Updates).

This was tested using a fresh installation of Ubuntu on Virtualbox.

ProblemType: Bug
Architecture: amd64
Date: Tue Jun 8 22:43:18 2010
DistroRelease: Ubuntu 10.04
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
Package: update-manager 1:0.134.7
PackageArchitecture: all
ProcEnviron:
 LANG=en_GB.utf8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2
SourcePackage: update-manager
Tags: lucid
Uname: Linux 2.6.32-21-generic x86_64

Paddy Launch (paddylaunch) wrote :
Franco Bianconi (fbianconi) wrote :

it affects me too, altough I have selected download all in background option, but still not showing the icon when updates are aviable. I'm on amd64 too.

Elfy (elfy) wrote :

I see this behaviour as well.

It downloads in the background but does not show when they are available to update.

An apt-get update results in update-manager showing but now instead of going to the notification area as it did previously when closed with updates unapplied it just closes.

Mark Kirkwood (mark-kirkwood) wrote :

I also am not seeing the update manager pop up after a post Karmic upgrade that (otherwise) went very smoothly. Arch is amd64. Update manager is set to check daily. If I run it from the menu I see the updates ok (and can install 'em).

Mark Kirkwood (mark-kirkwood) wrote :

I think I have a workaround for this. I noticed that:

gconf:/apps/update-notifier/regular_auto_launch_interval = 7

and amended this to 1. Now update manager pops up every day. This is probably inelegant (i.e bash update manager with a hammer kind of), but at least I'm seeing updates!

Bruno Girin (brunogirin) wrote :

Confirmed on 10.04 x86.

Steps to reproduce:
1. Login
2. Open Update Manager (System -> Administration -> Update Manager)
3. Update Manager shows a list of packages that can be updated.

Actual behaviour:
In step 1, no application notification icon appears in the top panel, whether there are available updates or not.

Expected behaviour:
In step 1, an application notification icon should appear in the top panel when updates are available. Clicking that icon should open Update Manager (as it used to do in Karmic).

Changed in update-manager (Ubuntu):
status: New → Confirmed
Elie M. (elie-md) wrote :

yup I can confirm this happening to me also

ceg (ceg) wrote :

10.04

Opening update-manager manually showed it hasn't run since 25 days!!! (Contrary to the setting to check for updates daily, and the computer is used several times each day.)

And after manually checking for updates: Contrary to the setting to install security updates automatically, no security updates have been installed at all! (They still showed in the list of available updates.)

ceg (ceg) on 2010-06-02
summary: - Update manager not showing notification of daily updates
+ security updates not installed daily as configured
ceg (ceg) wrote :

The impotance is serious. (please adjust)

Have confirmed this behavior on another machine.

Security updates are available but don't get installed automatically as the configuration option claims, nor are updates signaled to the user.

This also happens on the default settings on a fresh install. The default configuration is to notify the user of updates whenever they are available. It does not do that.

Matthew Paul Thomas (mpt) wrote :

This bug is serious if it's valid, but it's not yet clear that it is valid. What would help most next is for someone to do the work of writing precise steps to reproduce the problem, starting from a pristine installation of 10.04 (or a pristine installation of 9.10 upgraded to 10.04). Currently these steps are missing from this report and from both its duplicates.

Since 9.04, Ubuntu has not tried to use the notification area to advertise updates; it opens the updates window directly. So Bruno Girin's steps are incorrect, and so is the reference to "tray notifications" in the current description.

Changed in update-manager (Ubuntu):
importance: Undecided → High
status: Confirmed → Incomplete

For me this problems happens on a fresh install on two different machines (one Acer Aspire laptop, one AMD 64 3000+ desktop) with no changes to any settings. My steps to reproduce it are: 1. Install Ubuntu. 2. A week later (and after several restarts) open up update-manager manually and see that it has missed half a dozen security bugs.

Others here are reporting the same problem with a slightly different setup (sounds like the only change is to "Download all updates in the background").

ceg (ceg) wrote :

There doesn't seem anything special to be necessary to reproduce.

Maybe it's the usage pattern. The computers are usually not running for more then 2-3 hours at at time, then shut down until next boot.

Konstantin does not get any out of the box notifications of security updates.
Original reporter's and my reports have auto installation of security updates enabled, and those don't work either.

In both cases running update-manger manually (after some time that brought new security updates passed) shows a list with security update that have accumulated, but they did not properly trigger automatic notification/installation.

Changed in update-manager (Ubuntu):
status: Incomplete → Confirmed

I'm the original reporter, and as far as I'm aware I am actually
getting security updates correctly auto installed - but I'm still not
getting any notification of new non-security updates (without manually
starting Update Manager).

I would be prepared to set aside some time for more investigation, but
I think I would need more specific instructions that "give steps
to reproduce from a fresh install", because we're talking about the
lack of something appearing in response to no input from the user
(rather than the more usual "something incorrect happening in response
to specific input").

Finally, I don't even really know what is *supposed* to happen when
updates arrive, as I have never seen it working in its current form
(my previous Ubuntu version was Intrepid) - all I know is that I've
ticked a checkbox and it doesn't seem to be doing what it says it
will! :)

Matthew Paul Thomas (mpt) wrote :

I recognize it is difficult to confirm bugs relating to update checking, because (1) they're dependent on updates from a repository you don't control, (2) the steps often involve waiting for days, and (3) we've never had a specification for exactly how they should behave. It would be super-awesome if someone could write a test harness to solve #1 and #2, with a dummy updates repository that you can configure to advertise a particular kind of update at a particular time, combined with temporarily setting your computer's clock forward to test whatever the next step is. Meanwhile, solving #3 is my responsibility, and I've started writing a specification <https://wiki.ubuntu.com/SoftwareUpdateHandling>, but it needs a lot of detail yet.

Paddy, thanks for clarifying your problem. Do you know for sure that security updates are being auto-installed on your computer? If they are, then the bugs ceg and Konstantin are seeing are both different from yours and should be reported separately.

Here's a test case to start off with:
------------
1. Install Ubuntu 10.04.
2. Log in to the new Ubuntu installation for the first time.
3. In "Software Sources" > "Updates", choose "Check for updates: Daily" and "Install security updates without confirmation".
4. Set the system clock forward one day.
5. Wait for ten minutes.

What should happen: Update Manager opens, displaying only non-security updates.
------------
If that's not what actually happens, please replace the current description with this, plus a line for what actually happens. Then this report will be ready for an engineer.

Paddy Launch (paddylaunch) wrote :

Hi, I've done as you suggested above.

I did several fresh installs of Ubuntu on Virtualbox - however, slightly different behaviour was exhibited on different occasions. On the very first installation I performed, the Update Manager opened immediately after the installation had completed and suggested some Security Updates. I closed the Update Manager without installing the updates. I then followed the procedure you outlined above. After 10 minutes, nothing had happened. I left the virtual machine running over night, and came back the next day to find that (a) the Security Updates had apparently installed themselves (the power button was showing "Reboot required") and (b) upon manually starting Update Manager, no security updates were visible, but there were many non-security updates which I had not been notified about.

description: updated
description: updated
Changed in update-manager (Ubuntu):
status: Confirmed → Triaged
Michael Vogt (mvo) wrote :

The problem is that the installation of the security updates resets the "7 days" counter for normal updates. Currently the code is not able to distinguish between unattended-upgrades installs and manual installs (they go into the same log file).

ceg (ceg) wrote :

Michel, I don't understand how that could explain why some users are not notified with the "download all in background" option.

The boxes that show pending security updates when manually opening update-manager even though "install security updates without confirmation" has been configured actually do not seem to update the package lists at all (last update x days ago). This are karmic installs, one upgraded to lucid.

I can confirm the lucid behavior of no update notification with auto security updates enabled on a fresh install.

ceg (ceg) wrote :

Micheal of course, sorry.

> I can confirm the lucid behavior of no update notification with auto security updates enabled on a fresh install.

That looks like a separate issue, though.

Matthew Paul Thomas (mpt) wrote :

"The problem is that the installation of the security updates resets the '7 days' counter for normal updates"

Specification updated. <https://wiki.ubuntu.com/SoftwareUpdateHandling?action=diff&rev2=16&rev1=15>

Matthew Paul Thomas (mpt) wrote :

Michael and I have now refined the test case to make it easier to run:
1. Install Ubuntu.
2. Log in to the new Ubuntu installation for the first time.
3. In “Software Sources” > “Updates”, choose “Check for updates: Daily” and “Install security updates without confirmation”.
4. At a terminal, run sudo /etc/cron.daily to trigger the background installation of security updates.
5. Once cron.daily has exited, run killall update-notifier && NO_FAKE_STAT=1 faketime -f +1d update-notifier to test the update-notifier behavior. Update Manager should open, displaying only non-security updates.

If this works, but the steps in the current description still do not, then I guess the problem is with step 4: /etc/cron.daily isn't being run, or the updates are failing when being run from cron.

Yang (yaaang) wrote :

Matthew, I think the problem is that it will be hard for your users to reproduce this bug. It's not even clear that this can be deterministically reproduced. For instance, I just installed Ubuntu onto a VM to try reproducing it, using the same USB stick that I used to install to my desktop (which exhibits the bug), and everything works fine there.

Alternatively, instead of trying to reproduce the problem, perhaps you can suggest things users can inspect on a system which already exhibits this issue. For example, is there some logging that we should consult/enable to debug this? Please advise - this does appear to be a legitimate security issue.

papukaija (papukaija) on 2010-07-06
security vulnerability: no → yes
Andrew P. (japoth) wrote :

I performed a fresh install of Ubuntu 10.04.1 LTS on an AMD Athlon (32-bit) system around the end of November 2010 and selected an update-check interval of every two days, but in the Configuration Editor /apps/update-notifier shows a setting of regular_auto_launch_interval = 7. Since the system was set up it has NEVER displayed an icon in the Indicator Applet on the Gnome panel, although it seems to launch the Update Manager every seven (7) days. If there are critical security updates, I don't see them until the Update Manager is launched, whether automatically or manually. When Update Manager is launched, its button appears in the bottom panel, but a corresponding alert icon never appears in the top panel.

There is clearly a disconnect between update interval settings made in the Update Manager and those reflected in the Configuration Editor.

This was never a problem in my previous Ubuntu 8.10 installation.

Changed in update-manager (Ubuntu):
status: Triaged → Fix Released
Matthew Paul Thomas (mpt) wrote :

(Undoing unexplained change by non-subscriber.)

Changed in update-manager (Ubuntu):
status: Fix Released → Triaged
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers