Ubuntu security updates break unattended-upgrade

What I mean by the title of this post is that sometimes ubuntu folks push security updates to $release-updates repository. I’m told this is so that they propagate faster across all the mirrors. So, when that happens, to APT they look as coming from $release-updates repository ONLY.

Which means unattended-upgrade is fooled into thinking there are no security updates available and so it never installs them automatically despite all the configuration instructing it to do so.

Good thing my little software updates report script can show these security updates regardless, that’s how I know about this.

The trick to dealing with this quirk is as simple as to have a separate APT sources list file for security repositories. You then need to pass this file as an argument to apt commands with the help of the -o flag.

sudo sh -c 'grep ^deb /etc/apt/sources.list |grep securi >> /etc/apt/sources.security.repos.only.list'

apt-get -s dist-upgrade -o Dir::Etc::SourceList=/etc/apt/sources.security.repos.only.list

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s