Ubuntu Server 18 LTS here, with unattended-upgrades installed, and security repo enabled. It is working, as confirmed by tail /var/log/unattended-upgrades/unattended-upgrades.log.
Running sudo unattended-upgrade -v manually returns the same as the most recent log entry:
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic
No packages found that can be upgraded unattended and no pending auto-removals
Running sudo apt-get upgrade -s | grep -i security returns nothing.
But /usr/lib/update-notifier/apt-check --human-readable (which powers the message of the day) returns:
167 packages can be updated.
1 update is a security update.
What is broken?
Update. Today the apt-check count had increased to "4" pending security updates. Subsequently, running unattended-upgrade -v found and installed 3 packages. As expected, apt-check now returned "1" pending security update. What is the missing package, and above all why is unattended-upgrades not installing it?
New update. Resorted to this hacky solution of forking a security-only security.sources.list and then doing sudo apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list. Result: a bunch of packages were upgraded and apt-check now, at last, shows "0" pending security upgrades. Still no idea what the supposedly crucial package was, or how to avoid this situation in future. Sigh.
Yet another update. Still an issue in LTS 20:
$ sudo apt update
// OK
$ /usr/lib/update-notifier/apt-check --human-readable
254 updates can be applied immediately.
38 of these updates are standard security updates.
$ sudo unattended-upgrade -vvv
// some stale kernels autoremoved
No packages found that can be upgraded unattended and no pending auto-removals
$ /usr/lib/update-notifier/apt-check --human-readable
254 updates can be applied immediately.
38 of these updates are standard security updates.
Naturally the previous hacky solution got overwritten at some point and I don't feel like putting it back. Result: more missing "security updates" than ever, on a standard LTS. All this is not very reassuring, frankly.
0 Answers