Home / ubuntu / Questions / 1392023
Accepted
Sqerstet
Asked: 2022-02-10 11:57:35 +0800 CST

What will make unattended-upgrades run reliably on a laptop?

  • 772

I have been struggling with in various forms, year after year. See here and here. Either I am configuring something wrong (unlikely), or I am using my computer in a bizarre way (I don't see it).

My computer is a laptop:

  1. Before, I turned it off at night - as a result the unattended-upgrade could often not connect to the internet when it wanted to. Result: my computer was left un-upgraded and insecure for months on end.
  2. These days I mostly stay logged in, but the hotspot connection is unavailable at night. So now, the unattended-upgrade runs but finds nothing to update, apparently because apt update has not been able to run successfully. Result: my computer is left un-upgraded and insecure for months on end.

How can I ensure the systemd timer for apt update does not go weeks and months between runs?

Typical output of /var/log/unattended-upgrades/unattended-upgrades.log

2022-02-09 06:30:27,331 INFO Starting unattended upgrades script
2022-02-09 06:30:27,334 INFO Allowed origins are: o=Ubuntu,a=focal, o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, o=UbuntuESM,a=focal-infra-security, o=UbuntuESM,a=focal-security
2022-02-09 06:30:27,335 INFO Initial blacklist: 
2022-02-09 06:30:27,336 INFO Initial whitelist (not strict): 
2022-02-09 06:30:40,279 INFO No packages found that can be upgraded unattended and no pending auto-removals

sudo systemctl status apt-daily:

* apt-daily.service - Daily apt download activities
     Loaded: loaded (/lib/systemd/system/apt-daily.service; static; vendor preset: enabled)
     Active: inactive (dead)
TriggeredBy: * apt-daily.timer
  Condition: start condition failed at Wed 2022-02-09 20:42:17 EET; 4h 17min ago
             └─ ConditionACPower=true was not met
       Docs: man:apt(8)

Feb 09 20:42:17 tbox systemd[1]: Condition check resulted in Daily apt download activities being skippe>
lines 1-9/9 (END)

sudo systemctl list-timers apt-daily:

NEXT                        LEFT     LAST                        PASSED       UNIT            ACTIVATES>
Thu 2022-02-10 16:15:14 EET 15h left Wed 2022-02-09 20:42:17 EET 4h 22min ago apt-daily.timer apt-daily>

1 timers listed.
Pass --all to see loaded but inactive timers, too.
lines 1-5/5 (END)

NB: there was a reboot a few hours ago. Not plugged in but was connected to network.

FINAL CONCLUSION. Going with version of the accepted solution below, shifting the apt-daily.timer to a time when the internet connection is more likely to be available. Thanks for those who helped. The end.

apt

1 Answers

  1. Best Answer

    Checking a stock Ubuntu Server 20.04 install, it looks like unattended-upgrade runs are triggered by apt-daily-upgrade.timer. This triggers daily at 6am with a random delay up to an hour.

    root@ubuntu:~# systemctl cat apt-daily-upgrade.timer
# /lib/systemd/system/apt-daily-upgrade.timer
[Unit]
Description=Daily apt upgrade and clean activities
After=apt-daily.timer

[Timer]
OnCalendar=*-*-* 6:00
RandomizedDelaySec=60m
Persistent=true

[Install]
WantedBy=timers.target

    A potentially simple solution is to override the OnCalendar setting so the timer triggers at a time more likely to be online. For example

    mkdir /etc/systemd/system/apt-daily-upgrade.timer.d
cat <<EOF >/etc/systemd/system/apt-daily-upgrade.timer.d/override.conf
[Timer]
OnCalendar=
OnCalendar=*-*-* 12:00
EOF
systemctl daemon-reload

    This will trigger the timer at noon instead. unattended-upgrade should only run once per day by default. That is because of the setting for APT::Periodic::Unattended-Upgrade. Cherry picking a comment from /usr/lib/apt/apt.systemd.daily

    #  APT::Periodic::Unattended-Upgrade "0";
#  - Run the "unattended-upgrade" security upgrade script
#    every n-days (0=disabled)

    The stock configuration value for this is 1 day.

    root@ubuntu:~# apt-config dump APT::Periodic::Unattended-Upgrade
APT::Periodic::Unattended-Upgrade "1";

    You can configure the timer to more frequently than once per day by adding apt configuration. The commented link of https://unix.stackexchange.com/a/541426/147262 has several suggestions. Here is a simple example of adding apt configuration

    cat <<EOF > /etc/apt/apt.conf.d/90myuu
> APT::Periodic::Unattended-Upgrade "always";
> EOF

    If you override the apt-daily-upgrade.timer then you might want to make the same override for apt-daily.timer. This also has a corresponding apt configuration value APT::Periodic::Update-Package-Lists.

    EDIT I've changed the suggestion from running hourly to running once per day at a time more likely to be online. I realized that the default setting of running once per day was not affected by whether or not unattended-upgrade actually had any packages to update. Therefore, unattended-upgrade could still continue to only run when not online.

    comments

    Are there any potential downsides to overclocking the daily timer like that?

    The upgrades run overnight by default to avoid interfering with user activity. You will no longer have that convenience.

    ConditionACPower=true was not met. You can change that setting

    You should change this setting using an override file, not by modifying the package installed service file

    mkdir /etc/systemd/system/apt-daily-upgrade.service.d
cat <<EOF > /etc/systemd/system/apt-daily-upgrade.service.d/override.conf
[Unit]
ConditionACPower=false
EOF
systemctl daemon-reload

    What would be the reason for, or downsides to, overriding apt-daily.timer too?

    apt-daily.timer triggers apt commands to update package information and to download available updates. If these commands continue to run when the network is not available then unattended-upgrade may not update anything because it may not know updates are available.

    • 1