Debugging ubuntu security updates
-
Just my debuggin notes
Recently, I noticed that on my home machine, security updates are not getting applied. Atleast the motd says it's not being applied:
207 updates can be applied immediately. 100 of these updates are standard security updates. To see these additional updates run: apt list --upgradableFor example, the
opensslpackage is not updated.# apt policy openssl openssl: Installed: 3.0.2-0ubuntu1.7 Candidate: 3.0.2-0ubuntu1.8 Version table: 3.0.2-0ubuntu1.8 500 500 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages *** 3.0.2-0ubuntu1.7 100 100 /var/lib/dpkg/status 3.0.2-0ubuntu1 500 500 http://de.archive.ubuntu.com/ubuntu jammy/main amd64 PackagesStrangely:
# unattended-upgrade -d -v System is on battery power, stoppingThis is Intel NUC. Looks some detection goes wrong. But https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1773033 is fixed
-
This is workaround:
# cat > /etc/apt/apt.conf.d/51unattended-upgrades-on-battery Unattended-Upgrade::OnlyOnACPower "false";Then,
unattended-upgrade -d -vworks./var/log/unattended-upgrades/unattended-upgrades-dpkg.loghas the info on what gets installed. -
So, in another machine (DigitalOcean) which has 22.04.2 LTS :
128 updates can be applied immediately. 78 of these updates are standard security updates. To see these additional updates run: apt list --upgradableHowever:
$ apt list --upgradable | grep security <empty>Looks like I have to debug this motd script -
/etc/update-motd.d/90-updates-available -
The
/etc/update-motd.d/90-updates-availablerelies on/var/lib/update-notifier/updates-availablewhich is created by/usr/lib/update-notifier/apt-check. But...# /usr/lib/update-notifier/apt-check E: Unknown Error: '<class 'KeyError'>' ("The cache has no package named 'python3-magic:amd64'")Looks like some python3 package is missing! So
apt install python3-magicand thenapt updatemakes it "work".Now, on login, I see:
32 updates can be applied immediately. To see these additional updates run: apt list --upgradable -
tl;dr - If you have the above problem
apt install python3-magic. Then, runapt update. On another server,unattended-upgradespackage was missing as well (!) Not sure how because Cloudron installs it at install time. So, install it and rununattended-upgrade -d.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login