On Fri, Mar 8, 2013 at 6:50 AM, Michael Vogt <m...@debian.org> wrote:
> On Thu, Mar 07, 2013 at 04:43:03PM +0100, g0to wrote: > > Package: unattended-upgrades > > Version: 0.79.4 > > Severity: grave > > Tags: security > > Justification: renders package unusable > > Thanks for your bugreport. > > > after trying to make it run by myself and googling and make a few > questions here[1] and there[2], I've decided to contact you to report what > seems to be a lack of functionality of the package. > > > > Following the instructions in > "/usr/share/doc/unattended-upgrades/README", after installing the package, > I enabled it > > > > sudo dpkg-reconfigure -plow unattended-upgrades > > > > uncommented the proper lines in > "/etc/apt/apt.conf.d/50unattended-upgrades" (below) and waited for it to > unattendedly keeps my system update. But that didn't happen. > > After checking the logs in "/var/log/unattended-upgrades/" and > "/var/log/apt/history.log" for several days, no activity was recorded there. > > I also tried running it in the "--dry-run" way and it "dry worked" with > no errors. > > > > I've tagged the bug like a security issue because someone could trust > the security updates of their system after installing and enabling the > package and don't check if it's working after a long, and potentially > insecure, time. > > > > Thank you for your time and for your job maintaining the package. > > The way you enabled it should work so I would need some additional > information from you to figure out what is going on. Could you please > send me the output of: > $ apt-config dump|grep Periodic > APT::Periodic ""; APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1"; > > and then the debug output that: > $ sudo unattended-upgrade --debug --dry-run > /tmp/un.output 2&>1 > This will generate a file /tmp/un.output that I need too. > I think that you had a typo at the end of your line. This is the output of running $ sudo unattended-upgrade --debug --dry-run > /tmp/un.output 2>&1 Initial blacklisted packages: Starting unattended upgrades script Allowed origins are: ['o=Debian,n=wheezy', 'o=Debian,n=wheezy-updates', 'o=Debian,n=wheezy-proposed-updates', 'o=Debian,n=wheezy,l=Debian-Security'] pkgs that look like they should be upgraded: Fetched 0 B in 0s (0 B/s) fetch.run() result: 0 blacklist: [] Packages that are auto removed: '' InstCount=0 DelCount=0 BrokenCout=0 No packages found that can be upgraded unattended > and finally the file: > /var/log/unattended-upgrades/unattended-upgrades.log > Note that this file didn't exist until I ran the line above (the --dry-run). Here's its content: 2013-03-08 11:48:08,316 INFO Initial blacklisted packages: 2013-03-08 11:48:08,322 INFO Starting unattended upgrades script 2013-03-08 11:48:08,328 INFO Allowed origins are: ['o=Debian,n=wheezy', 'o=Debian,n=wheezy-updates', 'o=Debian,n=wheezy-proposed-updates', 'o=Debian,n=wheezy,l=Debian-Security'] 2013-03-08 11:49:15,411 DEBUG pkgs that look like they should be upgraded: 2013-03-08 11:49:15,488 DEBUG fetch.run() result: 0 2013-03-08 11:49:15,490 DEBUG blacklist: [] 2013-03-08 11:49:35,734 INFO Packages that are auto removed: '' 2013-03-08 11:49:35,736 DEBUG InstCount=0 DelCount=0 BrokenCout=0 2013-03-08 11:49:35,741 INFO No packages found that can be upgraded unattended > > That hopefully gives me enough information to figure out what is going > on. I suspect for some reason the script is not run in your cron which > is strange. It hooks into /etc/cron.daily/apt, you can also run: > $ sudo sh -x /etc/cron.daily/apt > + test -r /var/lib/apt/extended_states + cd /var/backups + cmp -s apt.extended_states.0 /var/lib/apt/extended_states + which apt-config + AutoAptEnable=1 + apt-config shell AutoAptEnable APT::Periodic::Enable + eval + [ 1 -eq 0 ] + VERBOSE=0 + apt-config shell VERBOSE APT::Periodic::Verbose + eval + debug_echo verbose level 0 + [ 0 -ge 1 ] + [ 0 -le 2 ] + XSTDOUT=>/dev/null + XSTDERR=2>/dev/null + XAPTOPT=-qq + XUUPOPT= + [ 0 -ge 3 ] + check_power + which on_ac_power + return 0 + which apt-get + eval apt-get check -f -qq 2>/dev/null + apt-get check -f -qq + date +%s + now=1362740095 + UpdateInterval=0 + apt-config shell UpdateInterval APT::Periodic::Update-Package-Lists + eval UpdateInterval='1' + UpdateInterval=1 + DownloadUpgradeableInterval=0 + apt-config shell DownloadUpgradeableInterval APT::Periodic::Download-Upgradeable-Packages + eval + UnattendedUpgradeInterval=0 + apt-config shell UnattendedUpgradeInterval APT::Periodic::Unattended-Upgrade + eval UnattendedUpgradeInterval='1' + UnattendedUpgradeInterval=1 + AutocleanInterval=0 + apt-config shell AutocleanInterval APT::Periodic::AutocleanInterval + eval + BackupArchiveInterval=0 + apt-config shell BackupArchiveInterval APT::Periodic::BackupArchiveInterval + eval + Debdelta=1 + apt-config shell Debdelta APT::Periodic::Download-Upgradeable-Packages-Debdelta + eval + [ 1 -eq 0 ] + do_cache_backup 0 + BackupArchiveInterval=0 + [ 0 -eq 0 ] + return + random_sleep + RandomSleep=1800 + apt-config shell RandomSleep APT::Periodic::RandomSleep + eval + [ 1800 -eq 0 ] + [ -z ] + dd if=/dev/urandom count=1 + cut -c1-5 + cksum + RANDOM=21086 + TIME=1286 + debug_echo sleeping for 1286 seconds + [ 0 -ge 1 ] + sleep 1286 + check_power + which on_ac_power + return 0 + [ -r /etc/default/locale ] + . /etc/default/locale + LANG=en_US.UTF-8 + export LANG LANGUAGE LC_MESSAGES LC_ALL + UPDATED=0 + UPDATE_STAMP=/var/lib/apt/periodic/update-stamp + check_stamp /var/lib/apt/periodic/update-stamp 1 + stamp=/var/lib/apt/periodic/update-stamp + interval=1 + [ 1 -eq 0 ] + [ ! -f /var/lib/apt/periodic/update-stamp ] + stamp_file=/var/lib/apt/periodic/update-stamp + date -r /var/lib/apt/periodic/update-stamp --iso-8601 + date --date=2013-03-07 +%s + stamp=1362610800 + [ 0 != 0 ] + date --iso-8601 + date --date=2013-03-08 +%s + now=1362697200 + [ 0 != 0 ] + delta=86400 + interval=86400 + debug_echo check_stamp: interval=86400, now=1362697200, stamp=1362610800, delta=86400 (sec) + [ 0 -ge 1 ] + [ 1362610800 -gt 1362783600 ] + [ 86400 -ge 86400 ] + return 0 + eval apt-get -qq -y update 2>/dev/null + apt-get -qq -y update + debug_echo download updated metadata (success). + [ 0 -ge 1 ] + which dbus-send + pidof dbus-daemon + dbus-send --system / app.apt.dbus.updated boolean:true + debug_echo send dbus signal (success) + [ 0 -ge 1 ] + update_stamp /var/lib/apt/periodic/update-stamp + stamp=/var/lib/apt/periodic/update-stamp + touch /var/lib/apt/periodic/update-stamp + UPDATED=1 + DOWNLOAD_UPGRADEABLE_STAMP=/var/lib/apt/periodic/download-upgradeable-stamp + [ 1 -eq 1 ] + check_stamp /var/lib/apt/periodic/download-upgradeable-stamp 0 + stamp=/var/lib/apt/periodic/download-upgradeable-stamp + interval=0 + [ 0 -eq 0 ] + debug_echo check_stamp: interval=0 + [ 0 -ge 1 ] + return 1 + debug_echo download upgradable (not run) + [ 0 -ge 1 ] + UPGRADE_STAMP=/var/lib/apt/periodic/upgrade-stamp + which unattended-upgrade + check_stamp /var/lib/apt/periodic/upgrade-stamp 1 + stamp=/var/lib/apt/periodic/upgrade-stamp + interval=1 + [ 1 -eq 0 ] + [ ! -f /var/lib/apt/periodic/upgrade-stamp ] + stamp_file=/var/lib/apt/periodic/upgrade-stamp + date -r /var/lib/apt/periodic/upgrade-stamp --iso-8601 + date --date=2013-03-07 +%s + stamp=1362610800 + [ 0 != 0 ] + date --iso-8601 + date --date=2013-03-08 +%s + now=1362697200 + [ 0 != 0 ] + delta=86400 + interval=86400 + debug_echo check_stamp: interval=86400, now=1362697200, stamp=1362610800, delta=86400 (sec) + [ 0 -ge 1 ] + [ 1362610800 -gt 1362783600 ] + [ 86400 -ge 86400 ] + return 0 + unattended-upgrade + update_stamp /var/lib/apt/periodic/upgrade-stamp + stamp=/var/lib/apt/periodic/upgrade-stamp + touch /var/lib/apt/periodic/upgrade-stamp + debug_echo unattended-upgrade (success) + [ 0 -ge 1 ] + AUTOCLEAN_STAMP=/var/lib/apt/periodic/autoclean-stamp + check_stamp /var/lib/apt/periodic/autoclean-stamp 0 + stamp=/var/lib/apt/periodic/autoclean-stamp + interval=0 + [ 0 -eq 0 ] + debug_echo check_stamp: interval=0 + [ 0 -ge 1 ] + return 1 + debug_echo autoclean (not run) + [ 0 -ge 1 ] + check_size_constraints + MaxAge=0 + apt-config shell MaxAge APT::Archives::MaxAge + eval + apt-config shell MaxAge APT::Periodic::MaxAge + eval + MinAge=2 + apt-config shell MinAge APT::Archives::MinAge + eval + apt-config shell MinAge APT::Periodic::MinAge + eval + MaxSize=0 + apt-config shell MaxSize APT::Archives::MaxSize + eval + apt-config shell MaxSize APT::Periodic::MaxSize + eval + Cache=/var/cache/apt/archives/ + apt-config shell Cache Dir::Cache::archives/d + eval Cache='/var/cache/apt/archives/' + Cache=/var/cache/apt/archives/ + [ -z /var/cache/apt/archives/ ] + [ ! 0 -eq 0 ] + [ ! 0 -eq 0 ] + debug_echo skip aging since MaxAge is 0 + [ 0 -ge 1 ] + [ ! 0 -eq 0 ] > and add the output to this report as well. Note that this code has a > sleep (to distribute load better) in it, so the command will take some > minutes to complete. > > For the record, I forgot to mention that the system on which I'm having the issue use to be switched off during the night (sometimes even during whole days). Maybe this could be a problem for some cron jobs, but anacron is also running to back up the situation. Here is the crontab and the anacrontab content, maybe it might help. $ cat /etc/crontab # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file # and files in /etc/cron.d. These files also have username fields, # that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 21 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) 47 21 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly ) 52 21 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly ) */2 * * * * root if test -e /home/g0to/Dropbash/shutdown; then rm /home/g0to/Dropbash/shutdown; shutdown -h now; fi; # $ cat /etc/anacrontab # /etc/anacrontab: configuration file for anacron # See anacron(8) and anacrontab(5) for details. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin HOME=/root LOGNAME=root # These replace cron's entries 1 5 cron.daily run-parts --report /etc/cron.daily 7 10 cron.weekly run-parts --report /etc/cron.weekly @monthly 15 cron.monthly run-parts --report /etc/cron.monthly Hope this helps. Thanks, g0to > Cheers, > Michael > > > > Cheers, > > g0to > > > > [1] > > > http://serverfault.com/questions/483751/unattended-upgrades-doesnt-upgrade-or-does-nothing-at-all > > [2] http://lists.debian.org/debian-user/2013/03/msg00394.html > > > > > > -- System Information: > > Debian Release: 7.0 > > Architecture: armhf (armv6l) > > > > Kernel: Linux 3.6.11+ (PREEMPT) > > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > > Shell: /bin/sh linked to /bin/dash > > > > Versions of packages unattended-upgrades depends on: > > ii apt 0.9.7.7+rpi1 > > ii apt-utils 0.9.7.7+rpi1 > > ii debconf [debconf-2.0] 1.5.49 > > ii lsb-base 4.1+Debian8+rpi1 > > ii lsb-release 4.1+Debian8+rpi1 > > ii python 2.7.3-4 > > ii python-apt 0.8.8.1 > > ii ucf 3.0025+nmu3 > > ii xz-utils 5.1.1alpha+20120614-2 > > > > unattended-upgrades recommends no packages. > > > > Versions of packages unattended-upgrades suggests: > > pn bsd-mailx <none> > > pn mail-transport-agent <none> > > > > -- Configuration Files: > > /etc/apt/apt.conf.d/50unattended-upgrades changed: > > // Automatically upgrade packages from these origin patterns > > Unattended-Upgrade::Origins-Pattern { > > // Codename based matching: > > // This will follow the migration of a release through different > > // archives (e.g. from testing to stable and later oldstable). > > "o=Debian,n=wheezy"; > > "o=Debian,n=wheezy-updates"; > > "o=Debian,n=wheezy-proposed-updates"; > > "o=Debian,n=wheezy,l=Debian-Security"; > > // Archive or Suite based matching: > > // Note that this will silently match a different release after > > // migration to the specified archive (e.g. testing becomes the > > // new stable). > > // "o=Debian,a=stable"; > > // "o=Debian,a=stable-updates"; > > // "o=Debian,a=proposed-updates"; > > // "origin=Debian,archive=stable,label=Debian-Security"; > > }; > > // List of packages to not update > > Unattended-Upgrade::Package-Blacklist { > > // "vim"; > > // "libc6"; > > // "libc6-dev"; > > // "libc6-i686"; > > }; > > // This option allows you to control if on a unclean dpkg exit > > // unattended-upgrades will automatically run > > // dpkg --force-confold --configure -a > > // The default is true, to ensure updates keep getting installed > > //Unattended-Upgrade::AutoFixInterruptedDpkg "false"; > > // Split the upgrade into the smallest possible chunks so that > > // they can be interrupted with SIGUSR1. This makes the upgrade > > // a bit slower but it has the benefit that shutdown while a upgrade > > // is running is possible (with a small delay) > > //Unattended-Upgrade::MinimalSteps "true"; > > // Install all unattended-upgrades when the machine is shuting down > > // instead of doing it in the background while the machine is running > > // This will (obviously) make shutdown slower > > //Unattended-Upgrade::InstallOnShutdown "true"; > > // Send email to this address for problems or packages upgrades > > // If empty or unset then no email is sent, make sure that you > > // have a working mail setup on your system. A package that provides > > // 'mailx' must be installed. E.g. "u...@example.com" > > //Unattended-Upgrade::Mail "root" > > // Set this value to "true" to get emails only on errors. Default > > // is to always send a mail if Unattended-Upgrade::Mail is set > > //Unattended-Upgrade::MailOnlyOnError "true"; > > // Do automatic removal of new unused dependencies after the upgrade > > // (equivalent to apt-get autoremove) > > Unattended-Upgrade::Remove-Unused-Dependencies "true"; > > // Automatically reboot *WITHOUT CONFIRMATION* if a > > // the file /var/run/reboot-required is found after the upgrade > > Unattended-Upgrade::Automatic-Reboot "true"; > > // Use apt bandwidth limit feature, this example limits the download > > // speed to 70kb/sec > > //Acquire::http::Dl-Limit "70"; > > > > > > -- debconf information: > > * unattended-upgrades/enable_auto_updates: true >
