Bug#1008682: Security: updates & upgrades too delayed

Wed, 30 Mar 2022 08:51:15 -0700 

Package: unattended-upgrades
Version: 2.8
Severity: normal
X-Debbugs-Cc: bugrepo...@pouzenc.fr

Dear Maintainer,

Unattended-upgrade installs security upgrades with too much (random) delay, more
than 24h after DSA and mirror availability.
On a pool of about twenty debian 11 VM, the majority ends with 2 day of lagg on 
published DSA.

I expect things like in pre-systemd debian : all upgrades applied before
the start of the current working day.

I believe it's mostly an apt problem with /usr/lib/apt/apt.systemd.daily.
I've reported this as #1008679 on src:apt.

I create a BR against unattended-upgrades because it set in 
/etc/apt/apt.conf.d/20auto-upgrades :
APT::Periodic::Update-Package-Lists "1";

Witch is mostly bad with the default (apt) /lib/systemd/system/apt-daily.timer :
OnCalendar=*-*-* 6,18:00 (twice a day)

"1" random skip apt update for 36h in worst cases I believe. Extra delay
is added with apt-daily-upgrade.timer.

APT::Periodic::Update-Package-Lists "always"; may be an other value to consider 
(or not).

Code using APT::Periodic::Update-Package-Lists is currently very complicated. 
(in debian 11 at least).

/etc/apt/apt.conf.d/20auto-upgrades does not provide comments for helping 
admins about tuning that.
Be cautious: the comment in /usr/lib/apt/apt.systemd.daily about 
Update-Package-Lists
seems wrong and misleading for me.

I have detailed everything I can in #1008679.

Cheers,
Ludovic Pouzenc

-- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-12-amd64 (SMP w/2 CPU threads)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages unattended-upgrades depends on:
ii  debconf [debconf-2.0]  1.5.77
ii  lsb-base               11.1.0
ii  lsb-release            11.1.0
ii  python3                3.9.2-3
ii  python3-apt            2.2.1
ii  python3-dbus           1.2.16-5
ii  python3-distro-info    1.0
ii  ucf                    3.0043
ii  xz-utils               5.2.5-2

Versions of packages unattended-upgrades recommends:
ii  anacron             2.3-30
ii  cron [cron-daemon]  3.0pl1-137
ii  systemd-sysv        247.3-6

Versions of packages unattended-upgrades suggests:
pn  bsd-mailx                           <none>
pn  default-mta | mail-transport-agent  <none>
pn  needrestart                         <none>
pn  powermgmt-base                      <none>
ii  python3-gi                          3.38.0-2

-- debconf information:
  unattended-upgrades/enable_auto_updates: true

Reply via email to