Ubuntu security updates break unattended-upgrade

What I mean by the title of this post is that sometimes ubuntu folks push security updates to $release-updates repository. I’m told this is so that they propagate faster across all the mirrors. So, when that happens, to APT they look as coming from $release-updates repository ONLY.

Which means unattended-upgrade is fooled into thinking there are no security updates available and so it never installs them automatically despite all the configuration instructing it to do so.

Good thing my little software updates report script can show these security updates regardless, that’s how I know about this.

The trick to dealing with this quirk is as simple as to have a separate APT sources list file for security repositories. You then need to pass this file as an argument to apt commands with the help of the -o flag.

sudo sh -c 'grep ^deb /etc/apt/sources.list |grep securi >> /etc/apt/sources.security.repos.only.list'

apt-get -s dist-upgrade -o Dir::Etc::SourceList=/etc/apt/sources.security.repos.only.list

yaourt Proxy Settings

In Arch Linux, getting yaourt that is being run as normal user (which is a requirement of the program) to work with proxy was a bit of a challenge.

On my system I have proxy settings setup this way:

/etc/profile.d/proxy.sh
http_proxy=http://proxy.corp.com:8080/
ftp_proxy=http://proxy.corp.com:8080/
all_proxy=socks://proxy.corp.com:8080/
https_proxy=http://proxy.corp.com:8080/
no_proxy=localhost,127.0.0.0/8

export http_proxy;
export ftp_proxy;
export all_proxy;
export https_proxy;
export no_proxy;

When run as normal user yaourt relies on sudo to call pacman to perform package management in the system. The trouble is that when sudo is invoked by yaourt it doesn’t keep your *_proxy variables. The solution is to tell sudo to explicitly keep those variables whenever it’s invoked.

Continue reading