Page MenuHomePureOS Tracker

Confirm whether "Software & Upgrades" portion of GNOME Software can control unattended-upgrades settings
Incomplete, NormalPublic

Description

If unattended-upgrades are set as the default in PureOS, can a user change that using the GNOME Software GUI? There's some indication that this is not possible. This makes it very confusing for a user who may not have access to a terminal and is trying to change default unattended-upgrades settings.

Event Timeline

joao.azevedo added a subscriber: mak.Dec 7 2020, 12:52

@mak ping! This is the issue ticket about unattended upgrades

mak changed the task status from Open to Incomplete.Dec 7 2020, 13:01

Why? We want the users to stay secure by default, and disabling automatic upgrades is the opposite of that. So I think disabling updates is a huge disservice and definitely not beginner-friendly. Users who want to disable autoupdates can always do that via the respective GUI (software-properties-gtk).

I agree with Matthias here - having updates on by default brings security fixes quickly and is something that many folks now have come to expect. Much better to request that users opt out of secure default settings. This comports with Todd's stated policy of "smart defaults".

jeremiah.foster triaged this task as Normal priority.Dec 10 2020, 11:02
jeremiah.foster renamed this task from Remove unattended upgrades from PureOS default base packages to Confirm whether "Software & Upgrades" portion of GNOME Software can control unattended-upgrades settings.Wed, Dec 23, 10:05
jeremiah.foster updated the task description. (Show Details)
jeremiah.foster added projects: Restricted Project, Restricted Project.
jeremiah.foster added a comment.EditedWed, Dec 30, 17:10

It appears that one *cannot* shut off updates with GNOME Software despite the settings that would imply that this is possible. What needs to be address is apt-daily-upgrade.timer. systemctl status apt-daily-upgrade.timer says;

โ— apt-daily-upgrade.timer - Daily apt upgrade and clean activities
     Loaded: loaded (/lib/systemd/system/apt-daily-upgrade.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Fri 2020-12-11 10:07:48 EST; 2 weeks 5 days ago
    Trigger: Thu 2020-12-31 06:28:21 EST; 10h left
   Triggers: โ— apt-daily-upgrade.service

This can be disabled which ought to turn off automatic updates. Stop the timer and disable this way;

sudo systemctl stop apt-daily-upgrade.timer
sudo systemctl disable apt-daily-upgrade.timer
mak added a comment.Wed, Dec 30, 19:11

No, disabling the timers is completely the wrong approach. The service belonging to the timer unit has built-in logic to do only what it was configured to do + some cleanup work that we always want to have done.
All you need to do to disable upgrades is to disable them in GNOME Software as well as in software-sources-gtk which is available in GNOME Software's burger-menu as well.
See the attached picture:

That will do the job. We could probably fold some of this setting into PackageKit, but then users who don't want to use PackageKit will complain, or users who don't know that PackageKit is there but edit all settings manually will complain the PK is changing settings. I actually wanted to consolidate things more in the past, but there was some resistance and I didn't consider this a fight that was worth it.
Simon McVittie explained this in a bit more detail in a somewhat related bug report recently: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977158#30

But, tl;dr: Don't mess with the timers, change settings in GNOME Software and software properties, *or* run sudo dpkg-reconfigure unattended-upgrades and change selections, *or* alternatively edit /etc/apt/apt.conf.d/20auto-upgrades manually and tweak things to whatever works for the user.

The user writes back saying that they disabled GNOME Software and was unable to stop automatic upgrades. There is no effect of the GNOME Software settings observed. I think the next step on my side is to run strace on GNOME Software and settings to see what is happening (or not happening).

User writes;

the issue is the "Software & Updates > Updates > Automatically check for updates: Never" configuration is not preventing the system from automatically checking for updates every day.

The Original Poster is stating that their use case is customers at sea who have expensive connection charges which require they disable unnecessary network communication.

mak added a comment.Mon, Jan 4, 16:28

the issue is the "Software & Updates > Updates > Automatically check for updates: Never" configuration is not preventing the system from automatically checking for updates every day.

they have to do that *and* disable updates in GNOME: "GNOME Software" > "Burger Menu" > "Update Preferences" > Toggle Automatic Updates
(as shown in the image I posted above)

In T978#17857, @mak wrote:

the issue is the "Software & Updates > Updates > Automatically check for updates: Never" configuration is not preventing the system from automatically checking for updates every day.

they have to do that *and* disable updates in GNOME: "GNOME Software" > "Burger Menu" > "Update Preferences" > Toggle Automatic Updates
(as shown in the image I posted above)

User claims this is in fact how they have done it;

mak added a comment.Tue, Jan 5, 08:28

Then this should have worked - they should verify that /etc/apt/apt.conf.d/20auto-upgrades exists and has the correct values.