Ubuntu security updates break unattended-upgrade

What I mean by the title of this post is that sometimes ubuntu folks push security updates to $release-updates repository. I’m told this is so that they propagate faster across all the mirrors. So, when that happens, to APT they look as coming from $release-updates repository ONLY.

Which means unattended-upgrade is fooled into thinking there are no security updates available and so it never installs them automatically despite all the configuration instructing it to do so.

Good thing my little software updates report script can show these security updates regardless, that’s how I know about this.

The trick to dealing with this quirk is as simple as to have a separate APT sources list file for security repositories. You then need to pass this file as an argument to apt commands with the help of the -o flag.

sudo sh -c 'grep ^deb /etc/apt/sources.list |grep securi >> /etc/apt/sources.security.repos.only.list'

apt-get -s dist-upgrade -o Dir::Etc::SourceList=/etc/apt/sources.security.repos.only.list

Suddenly /dev/null became a regular file

I was doing a routine task – preparing a new CentOS server – today and ran into quite obscure problem.

I was at the point where I needed to configure VPN link but OpenVPN wouldn’t let me daemonize itself. It complained in the logs basically saying that the problem was this:

openvpn[4738]: daemon() failed: No such device (errno=19)

That’s weird. After an hour of troubleshooting this issue on the server I took it to #openvpn@irc.freenode.net where dazo, the channel operator, pointed out that some people previously had have a similarly looking problem, and that if /dev/null was involved it might be a similar or exactly that kind of problem.

I checked /dev/null with stat utility and it was indeed just a regular file. WHOA. This is a production server that doesn’t see software updates, tested and works for the most part as a clock. Utterly inexplicable at this point to me but I don’t have time to research this right now. I just wanted to make a post about it to remember to look into this later, because this is quite interesting and doesn’t happen very often. In fact, I’ve been working with Linux for at least 5 years now, and I’ve never seen anything of the sort. Not even my more than I am experienced colleagues.

Continue reading