How do I permanently disable unattended downloads of software/security updates?

[Stella Ashburne]

My OS is Debian 10.9 and has the kernel version:

Linux localhost 5.10.0-0.bpo.5-amd64 #1 SMP Debian 5.10.24-1~bpo10+1 (2021-03-29) x86_64 GNU/Linux

1. I have already configured the OS not to download software updates automatically by using the widget "Software & Updates". Click the URL below to see a screenshot of the Software Updates:

https://ibb.co/bs7pF9q

2. I deleted the file 50unattended-upgrades located in /etc/apt/apt.conf.d/

In spite of the above two actions, Debian 10.9 still downloads software and security updates for me automatically in the background. Could someone help me with a fix that really works?

Thanks.

Marcello

[Kenneth Parker]

One step I have taken is "apt-get purge unattended-upgrades". 

That said, I regularly update and upgrade my systems. 

Thanks.

Marcello

Good luck! 

Kenneth Parker 

[Charles Curley]

On Tue, 25 May 2021 19:25:01 +0200
Stella Ashburne <rew...@gmx.com> wrote:

> 2. I deleted the file 50unattended-upgrades located
> in /etc/apt/apt.conf.d/
>
> In spite of the above two actions, Debian 10.9 still downloads
> software and security updates for me automatically in the background.
> Could someone help me with a fix that really works?

Well, you could run:

apt purge unattended-upgrades

Somewhat less drastic:

systemctl [stop|disable] unattended-upgrades

(Both, of course, as root.)

--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

[Stella Ashburne]

Thanks Kenneth for your reply.

Your suggestion that I "apt-get purge unattended-upgrades" is intended to be a one-off operation or must I perform it each time I log into my OS?
 
And yes, I manually perform "sudo apt update" and "sudo apt upgrade" about twice a day.

Marcello
 
 

Sent: Wednesday, May 26, 2021 at 3:05 AM
From: "Kenneth Parker" <sea7...@gmail.com>
To: "Debian Users" <debia...@lists.debian.org>
Subject: Re: How do I permanently disable unattended downloads of software/security updates?

 

On Tue, May 25, 2021, 1:25 PM Stella Ashburne <rew...@gmx.com[mailto:rew...@gmx.com]> wrote:My OS is Debian 10.9 and has the kernel version:

Linux localhost 5.10.0-0.bpo.5-amd64 #1 SMP Debian 5.10.24-1~bpo10+1 (2021-03-29) x86_64 GNU/Linux

1. I have already configured the OS not to download software updates automatically by using the widget "Software & Updates". Click the URL below to see a screenshot of the Software Updates:

https://ibb.co/bs7pF9q[https://ibb.co/bs7pF9q]

[Stella Ashburne]

Thanks Charles for your reply.

Your suggestion "apt purge unattended-upgrades" implies that my deletion/removal of the file 50unattended-upgrades is insufficient. Is that correct?

I shall feedback to you if your suggestion works.

By the way, is there a method to suppression notification of new software and/or security updates? (I assume that if I can receive notifications of software/security updates, it means that my OS is communicating with Debian servers in the background, without my knowledge. I don't like that.)

Marcello



> Sent: Wednesday, May 26, 2021 at 3:14 AM
> From: "Charles Curley" <charle...@charlescurley.com>

> To: "Debian Users" <debia...@lists.debian.org>
> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

[Greg Wooledge]

On Tue, May 25, 2021 at 10:48:06PM +0200, Stella Ashburne wrote:
> Thanks Kenneth for your reply.
>
> Your suggestion that I "apt-get purge unattended-upgrades" is intended to be a one-off operation or must I perform it each time I log into my OS?
>  
> And yes, I manually perform "sudo apt update" and "sudo apt upgrade" about twice a day.

Anything you do with apt-get, apt or dpkg (or any other package management
tool) is permanent.

The only things in this realm that *aren't* permanent are stopping or
starting a service, e.g. "systemctl stop foobar". Those operations do
not affect the state of the system at the next boot. (For that, you
would use enable, disable, mask, or unmask, all of which are permanent.)

[Stella Ashburne]

Thanks for your reply.

No, I haven't tried clearing the apt cache and shall let you know if my OS downloads software/security updates in the background.

By the way, is there a method to suppression notification of new software and/or security updates? (I assume that if I can receive notifications of software/security updates, it means that my OS is communicating with Debian servers in the background, without my knowledge. I don't like that.)

> Sent: Wednesday, May 26, 2021 at 1:29 AM
> From: "Polyna-Maude Racicot-Summerside" <deb...@polynamaude.com>
> To: "Stella Ashburne" <rew...@gmx.com>

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> Have you tried clearing the apt cache (/var/cache/apt/archives/)
> and see if you really get download or if it's just notification ?

> --
> Polyna-Maude R.-Summerside
> -Be smart, Be wise, Support opensource development
>
>

[Stella Ashburne]

Hi Greg

By the way, is there a method to suppression notification of new software and/or security updates? (I assume that if I can receive notifications of software/security updates, it means that my OS is communicating with Debian servers in the background, without my knowledge. I don't like that.)

> Sent: Wednesday, May 26, 2021 at 4:51 AM
> From: "Greg Wooledge" <gr...@wooledge.org>
> To: debia...@lists.debian.org

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

[Charles Curley]

On Tue, 25 May 2021 22:54:59 +0200
Stella Ashburne <rew...@gmx.com> wrote:

> Your suggestion "apt purge unattended-upgrades" implies that my
> deletion/removal of the file 50unattended-upgrades is insufficient.
> Is that correct?

I guess so. I guess that absent 50unattended-upgrades the program runs
on its defaults.

>
> I shall feedback to you if your suggestion works.
>
> By the way, is there a method to suppression notification of new
> software and/or security updates? (I assume that if I can receive
> notifications of software/security updates, it means that my OS is
> communicating with Debian servers in the background, without my
> knowledge. I don't like that.)

See if purging unattended-upgrades does that for you. However, I use
it, and the only notices I get are emails from that program, which
requires edits in 50unattended-upgrades. So I don't know where those
notices are coming from.

[Keith Bainbridge]

On Tue, 25 May 2021 22:48:06 +0200 Stella Ashburne <rew...@gmx.com>
wrote:

>>And yes, I manually perform "sudo apt update" and "sudo apt upgrade"
>>about twice a day.

Good Morning Stella

If you are upgrading this often, why not get the bulk of the packages
downloaded ready to install? I do that much via cron.

Or did the original question imply that the background operation is
also installing the new packages? That I would want stopped, and is
probably why I have not investigated auto upgrades.

Maybe I'm missing something else.



All the best

Keith Bainbridge

keith.bain...@gmail.com
0447 667 468

[Stella Ashburne]

Thanks for your reply, Keith.

I'm sorry if my original question is ambiguous.

Here's what I wish to happen:

1. My OS stops downloading software and security updates silently in the background. It's called automatic downloads, am I right? I wish it to stop.
2. Debian stops giving me notifications that there are software updates available for download.

I have removed/deleted 50unattended-upgrades. It's obvious that such an action hasn't achieved its goals; hence my original post.



> Sent: Wednesday, May 26, 2021 at 7:24 AM
> From: "Keith Bainbridge" <keithrb...@gmail.com>
> To: "Stella Ashburne" <rew...@gmx.com>
> Cc: "Kenneth Parker" <sea7...@gmail.com>, "Debian Users" <debia...@lists.debian.org>

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>
>

[Jeremy Ardley]

On 26/5/21 9:38 am, Stella Ashburne wrote:
> Thanks for your reply, Keith.
>
> I'm sorry if my original question is ambiguous.
>
> Here's what I wish to happen:
>
> 1. My OS stops downloading software and security updates silently in the background. It's called automatic downloads, am I right? I wish it to stop.
> 2. Debian stops giving me notifications that there are software updates
available for download.
>
> I have removed/deleted 50unattended-upgrades. It's obvious that such an
action hasn't achieved its goals; hence my original post.
>
>

In my system using the GUI I have System/Control Centre If I open that I
see 'Software and Updates'

On the updates tab I have none of the option boxes ticked.

The system pops up warnings on the GUI but no automatic download and
install

--
Jeremy

[Stella Ashburne]

I had already done that long before I posted my original question in this mailing list.


> Sent: Wednesday, May 26, 2021 at 9:50 AM
> From: "Jeremy Ardley" <jer...@ardley.org>
> To: debia...@lists.debian.org

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>
>

[Keith Bainbridge]

On Wed, 26 May 2021 03:38:36 +0200, Stella Ashburne <rew...@gmx.com>
typed

1. My OS stops downloading software and security updates silently in
the background. It's called automatic downloads, am I right? I wish it
to stop.

2. Debian stops giving me notifications that there are
software updates available for download.

G'day Stella

I am not familiar with the app you are using. I use synaptic
occasionally when I'm not sure of a package name that I want to install.


I wonder if the line

when there are security updates display immediately

is confusing the settings?



And, no, I don't know why claws hasn't marked the quoted text properly.

Suggestion?



All the best

--

Keith Bainbridge

keithrb...@gmail.com

[l0f...@tuta.io]

Hi,

Can you type the following commands in a terminal and give us the results please (use `sudo` if necessary)?

ls -al /etc/apt/apt.conf.d/
dpkg -l | grep -i unattended-upgrades
cat /lib/systemd/system/apt-daily.timer
cat /etc/systemd/system/apt-daily.timer.d/override.conf

Best regards,
l0f4r0

[Stella Ashburne]

> Sent: Wednesday, May 26, 2021 at 8:23 PM
> From: l0f...@tuta.io
> To: "Debian User" <debia...@lists.debian.org>

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

Hi

Thanks for your reply and offer of help.

Before I provide you the answers, please note that I had removed/deleted the package called 50unattended-upgrades in /etc/apt/apt.conf.d/ before my original post in this mailing list.

Secondly, according to a reply that I received prior to your response, I issued the command

sudo systemctl diaable unattended-upgrades

Please find below the results of what you had asked me to do:

ls -al /etc/apt/apt.conf.d/

total 56
drwxr-xr-x 2 root root 4096 Apr 23 04:45 .
drwxr-xr-x 7 root root 4096 Apr 23 04:45 ..
-rw-r--r-- 1 root root 49 Sep 8 2020 00aptitude
-rw-r--r-- 1 root root 82 Sep 8 2020 00CDMountPoint
-rw-r--r-- 1 root root 40 Sep 8 2020 00trustcdrom
-rw-r--r-- 1 root root 1018 May 12 2020 01autoremove
-r--r--r-- 1 root root 3636 Apr 17 15:17 01autoremove-kernels
-rw-r--r-- 1 root root 89 Apr 10 07:12 10periodic
-rw-r--r-- 1 root root 202 Mar 17 2019 20listchanges
-rw-r--r-- 1 root root 1040 Mar 2 2019 20packagekit
-rw-r--r-- 1 root root 2592 Jan 26 2019 50appstream
-rw-r--r-- 1 root root 435 Jan 26 2019 60icons
-rw-r--r-- 1 root root 182 Feb 26 2019 70debconf
-rw-r--r-- 1 root root 32 Apr 17 15:17 99synaptic

dpkg -l | grep -i unattended-upgrades

ii unattended-upgrades 1.11.2 all automatic installation of security upgrades



cat /lib/systemd/system/apt-daily.timer

[Unit]
Description=Daily apt download activities

[Timer]
OnCalendar=*-*-* 6,18:00
RandomizedDelaySec=12h
Persistent=true

[Install]
WantedBy=timers.target



cat /etc/systemd/system/apt-daily.timer.d/override.conf

cat: /etc/systemd/system/apt-daily.timer.d/override.conf: No such file or directory

[l0f...@tuta.io]

Hi,

27 mai 2021, 08:48 de rew...@gmx.com:

> Before I provide you the answers, please note that I had removed/deleted the package called 50unattended-upgrades in /etc/apt/apt.conf.d/ before my original post in this mailing list.
>

What you call "package" is actually a simple file right?

> Secondly, according to a reply that I received prior to your response, I issued the command
>
> sudo systemctl diaable unattended-upgrades
>

OK, that will prevent the service from starting at next reboot.
But the service is still currently running right? Please type in a terminal:

systemctl status unattended-upgrades

> ls -al /etc/apt/apt.conf.d/
>
> total 56
> drwxr-xr-x 2 root root 4096 Apr 23 04:45 .
> drwxr-xr-x 7 root root 4096 Apr 23 04:45 ..
> -rw-r--r-- 1 root root 49 Sep 8 2020 00aptitude
> -rw-r--r-- 1 root root 82 Sep 8 2020 00CDMountPoint
> -rw-r--r-- 1 root root 40 Sep 8 2020 00trustcdrom
> -rw-r--r-- 1 root root 1018 May 12 2020 01autoremove
> -r--r--r-- 1 root root 3636 Apr 17 15:17 01autoremove-kernels
> -rw-r--r-- 1 root root 89 Apr 10 07:12 10periodic
> -rw-r--r-- 1 root root 202 Mar 17 2019 20listchanges
> -rw-r--r-- 1 root root 1040 Mar 2 2019 20packagekit
> -rw-r--r-- 1 root root 2592 Jan 26 2019 50appstream
> -rw-r--r-- 1 root root 435 Jan 26 2019 60icons
> -rw-r--r-- 1 root root 182 Feb 26 2019 70debconf
> -rw-r--r-- 1 root root 32 Apr 17 15:17 99synaptic
>

Can you provide us with the following command results?

cat /etc/apt/apt.conf.d/10periodic
cat /etc/apt/apt.conf.d/00aptitude

> dpkg -l | grep -i unattended-upgrades
>

> ii unattended-upgrades 1.11.2 all automatic installation of security upgrades
>

It seems unattended-upgrades is still installed.

You confirm that you never ran something like the following?

sudo apt remove unattended-upgrades
sudo apt purge unattended-upgrades

What give you the next commands please?

apt-config dump | grep -i unatt
apt-config dump | grep -i APT::Periodic

NB: Have you rebooted and observed the same behavior since your posts?
Best regards,
l0f4r0

[Stella Ashburne]

Hi

> Sent: Friday, May 28, 2021 at 4:09 AM
> From: l0f...@tuta.io
> To: "Debian User" <debia...@lists.debian.org>

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> What you call "package" is actually a simple file right?

Yes, it is a file that contains a lot of programming code or what you would call scripting language. The default path is /etc/apt/apt.conf.d/. I guess every one who installs Debian 10.9 should have it too, yourself included.

> But the service is still currently running right?

I don't know how to answer your question because my knowledge of computing and Linux is basic/elementary.

> systemctl status unattended-upgrades

Below is the result:

unattended-upgrades.service - Unattended Upgrades Shutdown
Loaded: loaded (/lib/systemd/system/unattended-upgrades.service; disabled; ve
Active: inactive (dead)
Docs: man:unattended-upgrade(8)

> Can you provide us with the following command results?
>
> cat /etc/apt/apt.conf.d/10periodic

Below is the result of cat /etc/apt/apt.conf.d/10periodic

APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::Unattended-Upgrade "0";


> cat /etc/apt/apt.conf.d/00aptitude

Below is the result of cat /etc/apt/apt.conf.d/00aptitude

Aptitude::Get-Root-Command "sudo:/usr/bin/sudo";

> You confirm that you never ran something like the following?
>
> sudo apt remove unattended-upgrades
> sudo apt purge unattended-upgrades

Yes, I confirm that I have never issued the following one of two commands, viz.:

sudo apt remove unattended-upgrades
sudo apt purge unattended-upgrades

The reason is that I find it too drastic a step. I chose to disable by doing sudo systemctl disable unattended-upgrades. I did delete the package called 50unattended-upgrades (as mentioned in my original post.)

> What give you the next commands please?
>
> apt-config dump | grep -i unatt

Below is the result of apt-config dump | grep -i unatt

APT::Periodic::Unattended-Upgrade "0";

> apt-config dump | grep -i APT::Periodic

Below is the result of apt-config dump | grep -i APT::Periodic

APT::Periodic "";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::Unattended-Upgrade "0";

> NB: Have you rebooted and observed the same behavior since your posts?

After rebooting, I have no opportunity to observe the same behavior since my posts because there are no software/security updates that are relevant to my Debian system at the time of writing this email. Based on my past experience, Debian only downloads software/security updates for my kernel and the installed packages. The installed packages on my system are minimal. I'll have to wait patiently for the next software/security updates for my installed packages.

Thank you for your time and help. I really appreciate it.

Best regards.

[l0f...@tuta.io]

Hi,

OK, here is my understanding of your situation.

unattended-upgrades is not installed by default, so you installed that package at some point because you were interested in applying upgrades automatically.

Now, you are not interested anymore. So you have chosen to delete the configuration file /etc/apt/apt.conf.d/50unattended-upgrades and disabled the systemd service unattended-upgrades.

Next, you have rebooted and indeed the service and configuration file have not been loaded (see service status 'inactive' and  'APT::Periodic::Unattended-Upgrade "0"').

I think you won't update/upgrade automatically anymore (by the way you say you haven't noticed this behavior so far), but time will confirm.

See below some remarks.


28 mai 2021, 02:44 de rew...@gmx.com:

>> What you call "package" is actually a simple file right?
>>

> Yes, it is a file that contains a lot of programming code or what you would call scripting language. The default path is /etc/apt/apt.conf.d/. I guess every one who installs Debian 10.9 should have it too, yourself included.
>

No I don't have it, it's installed with the optional package "unattended-upgrades".

Strictly speaking, /etc/apt/apt.conf.d/50unattended-upgrades is a file, not a package.
A package is a combination of files provided for your Debian distribution.
I just wanted to make sure you didn't talk about removing the "unattended-upgrades" package.

By the way, I think you should not have deleted that file. That's somewhat dirty.

If you want to make a pause with a package, just stop it and disable it (or tweak the configuration file so there is no real action processed).

If you are sure not to use some optional package, then remove or even purge it.

>> But the service is still currently running right?
>>

> I don't know how to answer your question because my knowledge of computing and Linux is basic/elementary.
>

OK, actually you can know it thanks to the command just below

>> systemctl status unattended-upgrades
>>
> Below is the result:
>
> unattended-upgrades.service - Unattended Upgrades Shutdown
> Loaded: loaded (/lib/systemd/system/unattended-upgrades.service; disabled; ve
> Active: inactive (dead)
> Docs: man:unattended-upgrade(8)
>

OK, the service is not running.

>> Can you provide us with the following command results?
>>
>> cat /etc/apt/apt.conf.d/10periodic
>>

> Below is the result of cat /etc/apt/apt.conf.d/10periodic
>
> APT::Periodic::Download-Upgradeable-Packages "0";
> APT::Periodic::Unattended-Upgrade "0";
>

0 means "No" here.

>> cat /etc/apt/apt.conf.d/00aptitude
>>
> Below is the result of cat /etc/apt/apt.conf.d/00aptitude
>
> Aptitude::Get-Root-Command "sudo:/usr/bin/sudo";
>

>> You confirm that you never ran something like the following?
>>
>> sudo apt remove unattended-upgrades
>> sudo apt purge unattended-upgrades
>>

> Yes, I confirm that I have never issued the following one of two commands, viz.:
>

> sudo apt remove unattended-upgrades
> sudo apt purge unattended-upgrades
>

> The reason is that I find it too drastic a step. I chose to disable by doing sudo systemctl disable unattended-upgrades. I did delete the package called 50unattended-upgrades (as mentioned in my original post.)
>

Understood but see my above remark.

>> What give you the next commands please?
>>
>> apt-config dump | grep -i unatt
>>

> Below is the result of apt-config dump | grep -i unatt
>
> APT::Periodic::Unattended-Upgrade "0";

>
>> apt-config dump | grep -i APT::Periodic
>>

> Below is the result of apt-config dump | grep -i APT::Periodic
>
> APT::Periodic "";
> APT::Periodic::Download-Upgradeable-Packages "0";
> APT::Periodic::Unattended-Upgrade "0";
>

Good for you ("0" again).

>> NB: Have you rebooted and observed the same behavior since your posts?
>>

> After rebooting, I have no opportunity to observe the same behavior since my posts because there are no software/security updates that are relevant to my Debian system at the time of writing this email. Based on my past experience, Debian only downloads software/security updates for my kernel and the installed packages. The installed packages on my system are minimal. I'll have to wait patiently for the next software/security updates for my installed packages.
>

Ok, let's wait and see then.
You can remove the package "unattended-upgrades" if you want via `sudo apt remove` or `sudo apt purge`.


Best regards,
l0f4r0

[l0f...@tuta.io]

28 mai 2021, 13:43 de l0f...@tuta.io:

> I think you won't update/upgrade automatically anymore (by the way you say you haven't noticed this behavior so far), but time will confirm.
>

Correction: I meant if you still have updates/upgrades, then it shouldn't be because of package unattended-upgrades. So you would have to dig somewhere else...

l0f4r0

[Greg Wooledge]

On Fri, May 28, 2021 at 01:43:59PM +0200, l0f...@tuta.io wrote:
> OK, here is my understanding of your situation.
>
> unattended-upgrades is not installed by default, so you installed that package at some point because you were interested in applying upgrades automatically.

More likely, it was brought in as a recommendation by some desktop
environment. One may use "aptitude why unattended-upgrades" to find
out why it was installed, or more properly, why it's not being marked
for autoremoval at the current moment.

> If you are sure not to use some optional package, then remove or even purge it.

Agreed. This is the preferred approach most of the time.

However, if the package is marked as a *dependency* of some desktop
environment, rather than simply a recommendation, then purging the
undesired package may also try to remove the desktop environment
metapackage. And some people panic when that happens, because they
don't understand that a metapackage is not critically important.

(And then it gets even more complicated when you consider autoremove,
because removing the placeholder metapackage may free up various other
pieces of the desktop environment -- ones that actually *do* something --
to be marked for autoremoval. And that's not desired.)

(Personally I solve all of that by disabling autoremoval. But that's
just me, and most people seem to like it.)

[Stella Ashburne]

Hello,

> Sent: Friday, May 28, 2021 at 7:43 PM
> From: l0f...@tuta.io
> To: "Debian User" <debia...@lists.debian.org>

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>
>

> unattended-upgrades is not installed by default, so you installed that package at some point because you were interested in applying upgrades automatically.

I'm sorry but your understanding is incorrect. I'm sure I've never installed it at any point in the course of using Debisn. I remember very clearly that when I first installed Debian on my machine, I did specify that I didn't want automatic upgrades.

> Now, you are not interested anymore. So you have chosen to delete the configuration file /etc/apt/apt.conf.d/50unattended-upgrades and disabled the systemd service unattended-upgrades.

I've never wanted upgrades/updates to be automatic.

> No I don't have it, it's installed with the optional package "unattended-upgrades".

I'm very certain that I didn't install the package "unattended-upgrades". My knowledge of computing and Debian is elementary so much so that I'd never install packages that seem weird or alien to me.

>
> Strictly speaking, /etc/apt/apt.conf.d/50unattended-upgrades is a file, not a package.
> A package is a combination of files provided for your Debian distribution.
> I just wanted to make sure you didn't talk about removing the "unattended-upgrades" package.

Thanks for your explanation.

>
> By the way, I think you should not have deleted that file. That's somewhat dirty.

I still have that file because I'd moved it to my removable backup drive. Should I restore it? What do you think?

> If you want to make a pause with a package, just stop it and disable it (or tweak the configuration file so there is no real action processed).

Just so you know, my knowledge of Debian and computing is basic/elementary (meaning, I don't know how to tweak configuration files...).

>
> If you are sure not to use some optional package, then remove or even purge it.

You suggest that I purge the optional package "unattended-upgrades".... What happens if that package is a dependency of some other packages? What commands can I type to show that the package "unattended=upgrades" is or isn't a dependency of some other packages?

Thanks for your help and time. I really appreciate it.

Best regards.

[Stella Ashburne]

Hello,

Thanks for your help and time. I really appreciate it.

> Sent: Friday, May 28, 2021 at 8:06 PM
> From: "Greg Wooledge" <gr...@wooledge.org>
> To: debia...@lists.debian.org

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> More likely, it was brought in as a recommendation by some desktop
> environment. One may use "aptitude why unattended-upgrades" to find
> out why it was installed, or more properly, why it's not being marked
> for autoremoval at the current moment.

I'm very certain that I didn't install it manually. In fact, during installation of Debian, I specifically chose the option to not upgrade/update software automatically.

The package "unattended-upgrades" might have been installed automatically because I installed a minimal Gnome desktop environment (I quite like using Gnome.)

Question: Instead of using "aptitude why unattended-upgrades" command, can I use "apt why unattended-upgrades"? I was told many years ago that the command "aptitude" was deprecated.

> However, if the package is marked as a *dependency* of some desktop
> environment, rather than simply a recommendation, then purging the
> undesired package may also try to remove the desktop environment
> metapackage. And some people panic when that happens, because they
> don't understand that a metapackage is not critically important.

Question: What command can I type in a terminal to find out if the package "unattended-upgrades" is a *dependency* of some other packages?

Yeah, I do panic when any metapackage of my Gnome desktop environment is removed. Why? My knowledge of computing and Debian is elementary.

Question: What do you mean by "a metapackage is not critically important"? Would you like to elaborate please?

>
> (And then it gets even more complicated when you consider autoremove,
> because removing the placeholder metapackage may free up various other
> pieces of the desktop environment -- ones that actually *do* something --
> to be marked for autoremoval. And that's not desired.)

Thanks for your explanation.

>
> (Personally I solve all of that by disabling autoremoval. But that's
> just me, and most people seem to like it.)

I wish to improve my knowledge of computing. How do I disable autoremove? What is the command to be typed in a terminal?

[Greg Wooledge]

On Fri, May 28, 2021 at 08:40:23PM +0200, Stella Ashburne wrote:
> Question: Instead of using "aptitude why unattended-upgrades" command, can I use "apt why unattended-upgrades"?

Well, try it and see.

> I was told many years ago that the command "aptitude" was deprecated.

You were lied to. aptitude does *many* things that no other tool does.

> Question: What do you mean by "a metapackage is not critically important"? Would you like to elaborate please?

Take a look at "apt show gnome", for example.

On bullseye, on my platform, the package "gnome" (which is a metapackage)
has an Installed-Size of 35.8 kB. It doesn't contain any software. All
it really contains are Depends: and Recommends: and Suggests: lines. If
you install this package, it will bring in a whole bunch of new packages
(unless you already installed GNOME, in which case it may do nothing).

Once all of those packages are installed, you can go ahead and remove
the package named "gnome". It doesn't do anything. It's just a metapackage.

> I wish to improve my knowledge of computing. How do I disable autoremove? What is the command to be typed in a terminal?

Well... OK, I'll tell you how I did it. It's easily reversible, so it
won't hurt you.

I did it by creating the file /etc/apt/apt.conf.d/99local with the
following content (one line):

APT::NeverAutoRemove ".";

What this configuration file does is define a regular expression that
matches every package, and then tells apt never to autoremove any package
that matches that regular expression.

If you want to go back to normal, simply remove that file.

[Stella Ashburne]

Hi

Thanks for your help and time. I really appreciate it.

> Sent: Friday, May 28, 2021 at 8:05 PM
> From: l0f...@tuta.io
> To: "Debian User" <debia...@lists.debian.org>

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> Correction: I meant if you still have updates/upgrades, then it shouldn't be because of package unattended-upgrades. So you would have to dig somewhere else...

Oh my God, are you telling me that we are not done with this "whatever thing you may call it"? I thought I could close this matter......lol

Based on your vast experience of using Linux in general and Debian in particular, can you think of any other packages or files that could download software and security updates silently in the background?

Best regards.

[Stella Ashburne]

Hello,

Thanks for your help and time. I really appreciate it.

> Sent: Saturday, May 29, 2021 at 2:51 AM

> From: "Greg Wooledge" <gr...@wooledge.org>
> To: debia...@lists.debian.org
> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> > Question: What do you mean by "a metapackage is not critically important"? Would you like to elaborate please?
>
> Take a look at "apt show gnome", for example.
>
> On bullseye, on my platform, the package "gnome" (which is a metapackage)
> has an Installed-Size of 35.8 kB. It doesn't contain any software. All
> it really contains are Depends: and Recommends: and Suggests: lines. If
> you install this package, it will bring in a whole bunch of new packages
> (unless you already installed GNOME, in which case it may do nothing).
>
> Once all of those packages are installed, you can go ahead and remove
> the package named "gnome". It doesn't do anything. It's just a metapackage.

Thank you for explaining why a metapackage is not critically important. I'm a bit wiser now :)

> Well... OK, I'll tell you how I did it. It's easily reversible, so it
> won't hurt you.
>
> I did it by creating the file /etc/apt/apt.conf.d/99local with the
> following content (one line):
>
> APT::NeverAutoRemove ".";
>
> What this configuration file does is define a regular expression that
> matches every package, and then tells apt never to autoremove any package
> that matches that regular expression.
>
> If you want to go back to normal, simply remove that file.

Thank you very much for your example.

Best wishes.

[Andrei POPESCU]

On Vi, 28 mai 21, 02:44:30, Stella Ashburne wrote:
>
> The reason is that I find it too drastic a step. I chose to disable by
> doing sudo systemctl disable unattended-upgrades. I did delete the
> package called 50unattended-upgrades (as mentioned in my original
> post.)

Installing packages on Debian is so easy that in most cases purging a
package is a very safe method to disable a specific functionality.

Removing files belonging to a package is typically frowned upon, as this
can under specific circumstances be like pulling the rug from underneath
a package (or worse, APT/dpkg).

In the case of configuration files (basically everything that is under
/etc and a few other places) it can cause unexpected or even unsafe
behaviour as the software might revert to built-in defaults that could
be wrong for your system.

Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser

[Andrei POPESCU]

On Vi, 28 mai 21, 20:40:23, Stella Ashburne wrote:
>
> Question: Instead of using "aptitude why unattended-upgrades" command,
> can I use "apt why unattended-upgrades"? I was told many years ago
> that the command "aptitude" was deprecated.

aptitude was deprecated for some very specific uses only (in particular
dist-upgrades), not because it couldn't do them, but because APT found
better solutions. It also didn't help that development of aptitude was
stopped for a while.

aptitude is currently still irreplaceable for some uses.

In this particular case, apt doesn't have a 'why' command, hence the
suggestion to use aptitude instead.

> Question: What command can I type in a terminal to find out if the
> package "unattended-upgrades" is a *dependency* of some other
> packages?

These should do it.

apt rdepends unattended-upgrades

Read as "the reverse depends of", though it will also include other
package relationships.


aptitude search '?depends(unattended-upgrades)'

Read as "packages that depend on". This is interpreted literally, i.e.
it won't show any other package relationship (like Recommends).

> I wish to improve my knowledge of computing. How do I disable
> autoremove? What is the command to be typed in a terminal?

APT (the software package) doesn't autoremove packages, though it might
suggest you to do that when you use the 'apt' command.

aptitude in its default configuration will do so on every occasion, so
you might want to avoid using it for package installs, removals, etc.

[l0f...@tuta.io]

Hi,

29 mai 2021, 09:06 de andreim...@gmail.com:

>> Question: What command can I type in a terminal to find out if the
>> package "unattended-upgrades" is a *dependency* of some other
>> packages?
>>
> These should do it.
>
> apt rdepends unattended-upgrades
>
> Read as "the reverse depends of", though it will also include other
> package relationships.
>
> aptitude search '?depends(unattended-upgrades)'
>
> Read as "packages that depend on". This is interpreted literally, i.e.
> it won't show any other package relationship (like Recommends).
>

I didn't know about `apt rdepends` thanks.
It appears the result is more explicit than `apt-cache rdepends`, that's a good point (easy to grep).

What is less good is that it's very easy to forget this behavior difference with time (like many things).
There are so many commands and possibilities around APT, it can be confusing sometimes...

NB: You can still filter `apt-cache rdepends` results with some other switches like `--no-pre-depends`,  `--no-recommends`,  `--no-suggests`,  `--no-conflicts`,  `--no-breaks`, `--no-replaces` and `--no-enhances`.

29 mai 2021, 01:32 de rew...@gmx.com:

> Oh my God, are you telling me that we are not done with this "whatever thing you may call it"? I thought I could close this matter......lol
>

> Based on your vast experience of using Linux in general and Debian in particular, can you think of any other packages or files that could download software and security updates silently in the background?
>
"Vast experience"? I think you are probably flattering me lol
As said Socrates: "I know that I do not know.". It happens everyday for me ;p

Back to your question, here are other suggestions I can think about:
* cron-apt
* apticron (its goal is only to send notifications by emails but it certainly triggers `apt update` to do that. So maybe this update triggers some other things from your side as well, like widgets...)
* widgets/applets for your favorite desktop environment (I can't help you, I don't use any...)

NB: If not explicitely mentioned by a debian-user poster, most of the time (s)he is a subscriber of this mailing-list. At least I am, so you can omit my email address in each of your answers (I'm currently receiving all your emails twice) ;)

Best regards,
l0f4r0

[Greg Wooledge]

On Sat, May 29, 2021 at 09:49:06AM +0300, Andrei POPESCU wrote:
> In the case of configuration files (basically everything that is under
> /etc and a few other places) it can cause unexpected or even unsafe
> behaviour as the software might revert to built-in defaults that could
> be wrong for your system.

Also worth noting: if you remove a conffile and then think "Oops, I
didn't mean to do that, let me reinstall the package to get it back",
you will be surprised. The conffile will not be replaced. Your action
of deleting the conffile while retaining the package is explicitly
noted by the package manager, and respected as a conscious choice.

If you want to replace a deleted conffile, you may either *purge* the
package and then reinstall it, or use the --force-confmiss flag to dpkg.

On Sat, May 29, 2021 at 10:06:09AM +0300, Andrei POPESCU wrote:
> APT (the software package) doesn't autoremove packages, though it might
> suggest you to do that when you use the 'apt' command.
>
> aptitude in its default configuration will do so on every occasion, so
> you might want to avoid using it for package installs, removals, etc.

tasksel will also perform an autoremove for you without asking you.
It was after this happened to me that I investigated how to disable
apt's autoremove feature.

See also <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868892>.

[Stella Ashburne]

Hello Andrei

Thank you for your advice and time. I really appreciate it.

> Sent: Saturday, May 29, 2021 at 2:49 PM
> From: "Andrei POPESCU" <andreim...@gmail.com>
> To: debia...@lists.debian.org

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> Removing files belonging to a package is typically frowned upon, as this
> can under specific circumstances be like pulling the rug from underneath
> a package (or worse, APT/dpkg).

Oops. I removed/deleted the file 50unattended-upgrades located in /etc/apt/apt.conf.d/

>
> In the case of configuration files (basically everything that is under
> /etc and a few other places) it can cause unexpected or even unsafe
> behaviour as the software might revert to built-in defaults that could
> be wrong for your system.

I suppose 50unattended-upgrades is a configuration file?

Best regards.

[Andrei POPESCU]

Yes. You also disabled the background service, so it should be fine.

[Stella Ashburne]

Hi Greg,

> Sent: Saturday, May 29, 2021 at 8:58 PM
> From: "Greg Wooledge" <gr...@wooledge.org>

> To: debia...@lists.debian.org
> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> tasksel will also perform an autoremove for you without asking you.
> It was after this happened to me that I investigated how to disable
> apt's autoremove feature.
>

Thanks for your observation about tasksel and autoremove.

About the only time that I encountered tasksel was during the installation of Debian.

Since you mentioned tasksel in your reply, how do you invoke tasksel? Do you just type tasksel in a terminal?

[Stella Ashburne]

Hi Andrei

> Sent: Saturday, May 29, 2021 at 3:06 PM
> From: "Andrei POPESCU" <andreim...@gmail.com>

> To: debia...@lists.debian.org
> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> aptitude was deprecated for some very specific uses only (in particular
> dist-upgrades), not because it couldn't do them, but because APT found
> better solutions. It also didn't help that development of aptitude was
> stopped for a while.

Yeah, I remember somewhat clearly that someone in www.reddit.com/r/debian advised me to use "sudo apt upgrade" instead of aptitude because with the former, I can see the green-colored progress bar during the installation of packages.

>
> In this particular case, apt doesn't have a 'why' command, hence the
> suggestion to use aptitude instead.
>

Thanks for your advice and time. I really appreciate it.

Best regards.

[to...@tuxteam.de]

On Sun, May 30, 2021 at 12:45:13PM +0200, Stella Ashburne wrote:

[...]

> Thanks for your observation about tasksel and autoremove.
>
> About the only time that I encountered tasksel was during the installation of Debian.
>
> Since you mentioned tasksel in your reply, how do you invoke tasksel? Do you just type tasksel in a terminal?

Not Greg here, but... yes, you can do that. And there's even a man
page :)

Cheers
- t

[Stella Ashburne]

Hi

Thanks for your help and time. I really appreciate it.

> Sent: Saturday, May 29, 2021 at 5:29 PM
> From: l0f...@tuta.io
> To: "Debian User" <debia...@lists.debian.org>

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> NB: You can still filter `apt-cache rdepends` results with some other switches like `--no-pre-depends`,  `--no-recommends`,  `--no-suggests`,  `--no-conflicts`,  `--no-breaks`, `--no-replaces` and `--no-enhances`.

Thanks for the above tip.

Can I do something like the following using your above filters?

sudo apt rdepends <package-name> --no-recommends
sudo apt rdepends <package-name> --no-suggests

>
> As said Socrates: "I know that I do not know.". It happens everyday for me ;p
>

I think you're being modest. You know so much more than me.

> Back to your question, here are other suggestions I can think about:
> * cron-apt
> * apticron (its goal is only to send notifications by emails but it certainly triggers `apt update` to do that. So maybe this update triggers some other things from your side as well, like widgets...)
> * widgets/applets for your favorite desktop environment (I can't help you, I don't use any...)

My knowledge of computing, Linux and Debian is elementary and hence I won't know how to set up a cron-apt or use apticron.

Question: Is it a prerequisite (pre-condition) that to set up a cron job to download updates at a fixed time every day, the OS must have the installed package "unattended-upgrades"?

>
> NB: If not explicitely mentioned by a debian-user poster, most of the time (s)he is a subscriber of this mailing-list. At least I am, so you can omit my email address in each of your answers (I'm currently receiving all your emails twice) ;)
>

I apologize if I have caused inconvenience to you and shall remember to remove your email address when I reply to yours.

Best regards.

[Stella Ashburne]

Hi

> Sent: Sunday, May 30, 2021 at 7:00 PM
> From: to...@tuxteam.de
> To: "Stella Ashburne" <rew...@gmx.com>
> Cc: "Greg Wooledge" <gr...@wooledge.org>, debia...@lists.debian.org

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> Not Greg here, but... yes, you can do that. And there's even a man
> page :)

Thanks for your reply.

Best wishes.

[Greg Wooledge]

On Sun, May 30, 2021 at 01:08:18PM +0200, Stella Ashburne wrote:
> Question: Is it a prerequisite (pre-condition) that to set up a cron job to download updates at a fixed time every day, the OS must have the installed package "unattended-upgrades"?

Nope. You can write your own cron job to do it.

The thing is, the simple and obvious way to do it via cron is slightly
dangerous. When cron runs apt-get or apt or whatever you choose, *you*
have no ability to interact with it. If a package comes with a
NEWS.Debian.gz file that it wants to display to you to warn you about
some new incompatible change, or if it wants to ask you whether it should
replace a conffile that has been altered, or *any* kind of question,
it can't.

So, the simple and obvious workaround for that, when writing a cron job
to do this, would be to use apt-get's "-y" flag.

This may not do what you want in all situations.

On the other hand, your question is interesting, in that it says "download
updates", not "install updates". If you really do mean "download the
packages and let them sit in /var/cache but don't install them", then
there's no danger. You can write a cron job to do that, no problem at
all.

Of course, then the question becomes one of your workflow. Are you going
to look in /var/cache/apt/archives/ yourself once a day, to see whether
there's a new file there? Are you going to set up your cron job to email
you whenever a package is downloaded? Are you simply going to run
"apt-get -u upgrade" or some equivalent once a day? There are lots of
possibilities here. You just have to decide what you want, and then
implement it.

[Charles Curley]

On Sun, 30 May 2021 13:08:18 +0200
Stella Ashburne <rew...@gmx.com> wrote:

> My knowledge of computing, Linux and Debian is elementary and hence I
> won't know how to set up a cron-apt or use apticron.
>
> Question: Is it a prerequisite (pre-condition) that to set up a cron
> job to download updates at a fixed time every day, the OS must have
> the installed package "unattended-upgrades"?

No, unattended upgrades is not a requirement.

I used the following cron job for years until recently. I started using
something like it when I was on dial-up and wanted to speed up the
upgrade process by having the new packages already on my computers.
Over the past year or so I have phased in unattended-upgrades.

5 3 * * * root /usr/bin/apt-get update > /dev/null && /usr/bin/apt-get -dy dist-upgrade > /dev/null

(That is all one line. I expect your mail reader will wrap it horribly.
When you copy and paste it, straighten it out into all one line.)

I suggest that, as root, you put it in its own unique file
in /etc/cron.d. That way it will survive updates to other files.

A brief explanation of what it does:

At 03:05 every morning, as root, run apt-get update to update
apt-get's cache. If that's successful (the &&), run apt-get dist-upgrade
for downloads only (-d) and assume a "yes" answer to all questions
(-y). In both cases, discard the standard output by sending it to the
null device.

--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

[Dan Ritter]

Stella Ashburne wrote:
>
> Question: Is it a prerequisite (pre-condition) that to set up a cron job to download updates at a fixed time every day, the OS must have the installed package "unattended-upgrades"?
>

No.

apt install apticron

will get you a customizable cron job that will:

- update the package lists daily
- optionally download but not install updated packages
- send you mail about updated packages (at an address of your
choice)

-dsr-

[Stella Ashburne]

Hi

> Sent: Friday, May 28, 2021 at 8:05 PM
> From: l0f...@tuta.io
> To: "Debian User" <debia...@lists.debian.org>

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> 28 mai 2021, 13:43 de l0f...@tuta.io:
>
> > I think you won't update/upgrade automatically anymore (by the way you say you haven't noticed this behavior so far), but time will confirm.

Time has indeed confirmed my worst fears. Today June 1, 2021 in fact...

> Correction: I meant if you still have updates/upgrades, then it shouldn't be because of package unattended-upgrades. So you would have to dig somewhere else...
>

Automatic downloads of software/security downloads took place today, June 1, 2021.

Please click the link to the screenshot: https://ibb.co/5xP7r5t

Please see below for the details:

username@localhost:~$ sudo apt update
[sudo] password for username:
Hit:1 http://security.debian.org/debian-security buster/updates InRelease
Hit:2 http://security.debian.org buster/updates InRelease
Hit:3 https://deb.debian.org/debian buster InRelease
Hit:4 https://deb.debian.org/debian buster-updates InRelease
Hit:5 https://deb.debian.org/debian buster-backports InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
4 packages can be upgraded. Run 'apt list --upgradable' to see them.

username@localhost:~$ sudo apt list --upgradable
Listing... Done
gir1.2-javascriptcoregtk-4.0/stable,stable 2.32.1-1~deb10u1 amd64 [upgradable from: 2.30.6-1~deb10u1]
gir1.2-webkit2-4.0/stable,stable 2.32.1-1~deb10u1 amd64 [upgradable from: 2.30.6-1~deb10u1]
libjavascriptcoregtk-4.0-18/stable,stable 2.32.1-1~deb10u1 amd64 [upgradable from: 2.30.6-1~deb10u1]
libwebkit2gtk-4.0-37/stable,stable 2.32.1-1~deb10u1 amd64 [upgradable from: 2.30.6-1~deb10u1]
username@localhost:~$

username@localhost:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
xdg-desktop-portal xdg-desktop-portal-gtk
The following packages will be upgraded:
gir1.2-javascriptcoregtk-4.0 gir1.2-webkit2-4.0 libjavascriptcoregtk-4.0-18
libwebkit2gtk-4.0-37
4 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/20.2 MB of archives.
After this operation, 5,118 kB of additional disk space will be used.
Do you want to continue? [Y/n]

If you guys notice, 20.2MB of updates have been automatically downloaded in the background (without my manual intervention).

I appreciate your help in this matter.

Best wishes.

[Joe]

So who typed the 'sudo apt update' and 'sudo apt upgrade'?

Those are one pair of commands (there are others) to *manually* first
download the list of upgradeable packages and then to download and
install the packages themselves.

If it was you who typed them, what did you expect them to do? If it
wasn't you who typed them, find out who/what did so.

--
Joe

[Reco]

Hi.

The devil is in the details, as they say.
"sudo apt upgrade" shows that it does not need to download anything,
because:

> > username@localhost:~$ sudo apt upgrade

...

> > Need to get 0 B/20.2 MB of archives.

I'm curious what will be shown in this configuration by:

apt-config dump | grep Periodic

Reco

[Stella Ashburne]

Hi

> Sent: Tuesday, June 01, 2021 at 9:26 PM
> From: "Joe" <j...@jretrading.com>
> To: debia...@lists.debian.org

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

First of all, id you surf using the link to the screenshot? Here's the URL again: https://ibb.co/5xP7r5t

The screenshot shows that my OS surreptitiously downloads the software/security updates without my manual intervention. This is not what I want and is the subject of my original post.

[Stella Ashburne]

Hi

> Sent: Tuesday, June 01, 2021 at 9:39 PM
> From: "Reco" <recov...@enotuniq.net>
> To: debia...@lists.debian.org

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

As you can see from the screenshot, my OS has surreptitiously downloaded software/security updates without my manual intervention. This behavior is not what I like and it's the subject of my original post.

>
> The devil is in the details, as they say.
> "sudo apt upgrade" shows that it does not need to download anything,
> because:
>
> > > username@localhost:~$ sudo apt upgrade
> ...
> > > Need to get 0 B/20.2 MB of archives.
>

Exactly. The notification about software updates being available was the first thing that popped up on my OS (see screenshot: https://ibb.co/5xP7r5t). This was confirmed by the message "Need to get 0 B/20.2 MB of archives".

> I'm curious what will be shown in this configuration by:
>
> apt-config dump | grep Periodic
>

One kind person has already asked me for the output of

apt-config dump | grep -i APT::Periodic

Below is the output of the above command:

APT::Periodic "";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::Unattended-Upgrade "0";

[Dan Ritter]

Stella Ashburne wrote:
> As you can see from the screenshot, my OS has surreptitiously downloaded software/security updates without my manual intervention. This behavior is not what I like and it's the subject of my original post.
>
> >
> > The devil is in the details, as they say.
> > "sudo apt upgrade" shows that it does not need to download anything,
> > because:
> >
> > > > username@localhost:~$ sudo apt upgrade
> > ...
> > > > Need to get 0 B/20.2 MB of archives.
> >
> Exactly. The notification about software updates being available was the first thing that popped up on my OS (see screenshot: https://ibb.co/5xP7r5t). This was confirmed by the message "Need to get 0 B/20.2 MB of archives".
>
> > I'm curious what will be shown in this configuration by:
> >
> > apt-config dump | grep Periodic
> >
> One kind person has already asked me for the output of
>
> apt-config dump | grep -i APT::Periodic
>
> Below is the output of the above command:
>
> APT::Periodic "";
> APT::Periodic::Download-Upgradeable-Packages "0";
> APT::Periodic::Unattended-Upgrade "0";

This really looks like something being done by your desktop
system rather than at the OS level.

Fire up dconf-editor, look at org.gnome.software, and see if
"download-updates" is checked. If so, uncheck it.

-dsr-

[Reco]

Hi.

On Tue, Jun 01, 2021 at 07:27:22PM +0200, Stella Ashburne wrote:
> > I'm curious what will be shown in this configuration by:
> >
> > apt-config dump | grep Periodic
> >
> One kind person has already asked me for the output of

My bad. I haven't followed this thread closely until now.

> apt-config dump | grep -i APT::Periodic
>
> Below is the output of the above command:
>
> APT::Periodic "";
> APT::Periodic::Download-Upgradeable-Packages "0";
> APT::Periodic::Unattended-Upgrade "0";

Ok, that complicates things slightly.
Is there anything that can be attributed to this behaviour at
/var/log/apt/history.log* ? Could be anything, you'll need to evaluate
Start-Date attribute.

Of course, it's unlikely there will be anything, so it's time for an
old magic trick - auditd.
Install auditd package.
Invoke:

auditctl -w /usr/bin/apt -p rx
auditctl -w /usr/bin/apt-get -p rx

Wait for the next occurence of the problem, to speed things up - invoke
"apt clean".
To know exact time someone invoked apt without your knowledge - invoke
"ausearch -f /usr/bin/apt -i".

Once you know an exact time the problem happens - it should be trivial
to search, say, journald entries for anything related.

In short, dear listers, auditd. Have it, use it. Thing solves issues,
and does it in non-intrusive way.


Oh, and another question. Do you happen to have packagekit to be
installed? This Fine Piece™ of RedHat middleware (have to keep the
archives list PG-13 compliant, you see ;) is known to perform
questionable tricks like this.

Reco

[Joe]

Can we establish right now that this is neither expected nor default
behaviour from Debian?

Something has been done to be 'helpful' by some entity, and I'd agree
the DE is likely to be to blame, if unattended-upgrades has been ruled
out. I still find it difficult to believe that someone would recreate
the functionality of u-u by other means, but there are a lot of strange
people in Linux...

A default installation of Debian, without a heavyweight DE, will *not*
do this. Not one of the many Debian installations I have ever run has
ever resulted in this happening, but then I haven't installed either
Gnome or KDE since Gnome 3 arrived.

A possible line of approach: you have a list of the recent downloads.
It is possible that one of the history.log files under /var/log/apt may
be helpful in identifying the time and date of download. The file
/etc/crontab and the files under /etc/cron.d contain timed
instructions. It may be possible to identify the culprit from time and
date correlations.

I do use /etc/crontab myself to run simulated upgrades on my servers
without downloading anything, but sending an email to me if there are
any upgrades available. It will be obvious if you have any cron script
that is doing this kind of thing.

--
Joe

[l0f...@tuta.io]

Hi Stella,

>> NB: You can still filter `apt-cache rdepends` results with some other switches like `--no-pre-depends`,  `--no-recommends`,  `--no-suggests`,  `--no-conflicts`,  `--no-breaks`, `--no-replaces` and `--no-enhances`.
>>
>
> Thanks for the above tip.
>
> Can I do something like the following using your above filters?
>
> sudo apt rdepends <package-name> --no-recommends
> sudo apt rdepends <package-name> --no-suggests
>

Yes, sure but try it by yourself and you'll see it works (with `apt rdepends` or even `apt-cache rdepends`)
NB: You do not need `sudo` here.

Can you provide us with the output of the following commands?

crontab -l
sudo crontab -l
cat /etc/crontab
ls -l /etc/cron.*
dpkg -l | grep -i apt

>> NB: If not explicitely mentioned by a debian-user poster, most of the time (s)he is a subscriber of this mailing-list. At least I am, so you can omit my email address in each of your answers (I'm currently receiving all your emails twice) ;)
>>
>
> I apologize if I have caused inconvenience to you and shall remember to remove your email address when I reply to yours.
>

No worries...

Best regards,
l0f4r0

[Stella Ashburne]

Hi

Thanks for your help and time. I really appreciate it.

> Sent: Wednesday, June 02, 2021 at 3:01 PM

> From: l0f...@tuta.io
> To: "Debian User" <debia...@lists.debian.org>
> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> NB: You do not need `sudo` here.
>

Noted.

> Can you provide us with the output of the following commands?
>

Output of crontab -l

No crontab for username


Output of sudo crontab -l

No crontab for root


Output of cat /etc/crontab

# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#


Output of ls -l /etc/cron.*

/etc/cron.d:
total 4
-rw-r--r-- 1 root root 285 May 19 2019 anacron

/etc/cron.daily:
total 32
-rwxr-xr-x 1 root root 311 May 19 2019 0anacron
-rwxr-xr-x 1 root root 1478 May 12 2020 apt-compat
-rwxr-xr-x 1 root root 355 Dec 29 2017 bsdmainutils
-rwxr-xr-x 1 root root 384 Dec 31 2018 cracklib-runtime
-rwxr-xr-x 1 root root 1187 Apr 19 2019 dpkg
-rwxr-xr-x 1 root root 377 Aug 28 2018 logrotate
-rwxr-xr-x 1 root root 1123 Feb 10 2019 man-db
-rwxr-xr-x 1 root root 249 Sep 27 2017 passwd

/etc/cron.hourly:
total 0

/etc/cron.monthly:
total 4
-rwxr-xr-x 1 root root 313 May 19 2019 0anacron

/etc/cron.weekly:
total 8
-rwxr-xr-x 1 root root 312 May 19 2019 0anacron
-rwxr-xr-x 1 root root 813 Feb 10 2019 man-db


Output of dpkg -l | grep -i apt

ii apt 1.8.2.3 amd64 commandline package manager
ii apt-config-icons 0.12.5-1 all APT configuration snippet to enable icon downloads
ii apt-listchanges 3.19 all package change history notification tool
ii apt-utils 1.8.2.3 amd64 package management related utility programs
ii laptop-detect 0.16 all system chassis type checker
ii libapt-inst2.0:amd64 1.8.2.3 amd64 deb package format runtime library
ii libapt-pkg5.0:amd64 1.8.2.3 amd64 package management runtime library
ii libatk-adaptor:amd64 2.30.0-5 amd64 AT-SPI 2 toolkit bridge
ii libmjpegutils-2.1-0 1:2.1.0+debian-5 amd64 MJPEG capture/editing/replay and MPEG encoding toolset (library)
ii libmpeg2encpp-2.1-0 1:2.1.0+debian-5 amd64 MJPEG capture/editing/replay and MPEG encoding toolset (library)
ii libmplex2-2.1-0 1:2.1.0+debian-5 amd64 MJPEG capture/editing/replay and MPEG encoding toolset (library)
ii libopencore-amrnb0:amd64 0.1.3-2.1+b2 amd64 Adaptive Multi Rate speech codec - shared library
ii libopencore-amrwb0:amd64 0.1.3-2.1+b2 amd64 Adaptive Multi-Rate - Wideband speech codec - shared library
ii libpcap0.8:amd64 1.8.1-6 amd64 system interface for user-level packet capture
ii python-apt-common 1.8.4.3 all Python interface to libapt-pkg (locales)
ii python3-apt 1.8.4.3 amd64 Python 3 interface to libapt-pkg
ii synaptic 0.84.6 amd64 Graphical package manager
ii task-laptop 3.53 all laptop

[l0f...@tuta.io]

2 juin 2021, 13:03 de rew...@gmx.com:

Nothing shocking here...

What about the following commands?

cat /etc/anacrontab
systemctl list-timers

Best regards,
l0f4r0

[Stella Ashburne]

Hi

Thanks for your help and time. I really appreciate it.

> Sent: Wednesday, June 02, 2021 at 7:49 PM

> From: l0f...@tuta.io
> To: "Debian User" <debia...@lists.debian.org>
> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> What about the following commands?
>
> cat /etc/anacrontab
> systemctl list-timers
>

Output of cat /etc/anacrontab

# /etc/anacrontab: configuration file for anacron

# See anacron(8) and anacrontab(5) for details.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

HOME=/root
LOGNAME=root

# These replace cron's entries
1 5 cron.daily run-parts --report /etc/cron.daily
7 10 cron.weekly run-parts --report /etc/cron.weekly
@monthly 15 cron.monthly run-parts --report /etc/cron.monthly


Output of systemctl list-timers


NEXT LEFT LAST PASSED
Wed 2021-06-02 16:24:55 GMT 4min 34s left n/a n/a
Thu 2021-06-03 00:00:00 GMT 7h left Wed 2021-06-02 16:10:36 GMT 9min ago
Thu 2021-06-03 00:00:00 GMT 7h left Wed 2021-06-02 16:10:36 GMT 9min ago
Thu 2021-06-03 00:39:22 GMT 8h left Wed 2021-06-02 16:10:36 GMT 9min ago
Thu 2021-06-03 06:40:44 GMT 14h left Wed 2021-06-02 07:43:04 GMT 8h ago
Thu 2021-06-03 07:30:43 GMT 15h left Thu 2021-06-03 00:10:06 GMT 7h left

6 timers listed.
Pass --all to see loaded but inactive timers, too.

[Reco]

Hi.

On Wed, Jun 02, 2021 at 06:27:45PM +0200, Stella Ashburne wrote:
> Output of systemctl list-timers
>
>
> NEXT LEFT LAST PASSED
> Wed 2021-06-02 16:24:55 GMT 4min 34s left n/a n/a
> Thu 2021-06-03 00:00:00 GMT 7h left Wed 2021-06-02 16:10:36 GMT 9min ago
> Thu 2021-06-03 00:00:00 GMT 7h left Wed 2021-06-02 16:10:36 GMT 9min ago
> Thu 2021-06-03 00:39:22 GMT 8h left Wed 2021-06-02 16:10:36 GMT 9min ago
> Thu 2021-06-03 06:40:44 GMT 14h left Wed 2021-06-02 07:43:04 GMT 8h ago
> Thu 2021-06-03 07:30:43 GMT 15h left Thu 2021-06-03 00:10:06 GMT 7h left
>
> 6 timers listed.
> Pass --all to see loaded but inactive timers, too.

The most important parts of "systemctl list-timers" (your problem
considered) are UNIT and ACTIVATES columns, and your result lacks them
for some reason.

Reco

[Greg Wooledge]

The designers of systemctl made some odd choices. They drop you into a
weird interactive mode by default, and expect you to be willing and able
to scroll around to see the fields of this report. Worst of all is that
you may not even *know* that you're supposed to do this.

If you run "systemctl list-timers" in a terminal, you may (or may not)
notice a few things:

1) You're placed in a pager, even if the output has many fewer lines than
your terminal does. How can you tell you're in a pager? There's a
prompt at the bottom of the screen. You may recognize it if you've
had enough experience with reading man pages.

2) There are two tremendously wide date/time fields visible, with redundant
day-of-week and timezone fields, but not the actually *important*
information like what's going to happen at that time.

3) There are some reverse-video > signs on the right hand side of the report.

What you're expected to do is use the Right and Left arrow keys on your
keyboard (assuming they're correctly mapped in your terminal emulator's
terminfo entries) to scroll back and forth to see the other fields. Which
you're supposed to guess exist.

If for some reason you would simply like to see all of the information on
the screen at once, the way a Unix user would *expect* a command like this
to work, you need to redirect or pipe systemctl's output so that it isn't
going to a terminal.

systemctl list-timers | cat

Of course, this is still ugly as sin, because the designers of systemctl
don't understand that terminals are 80 characters wide, always and forever.
They just dump a bunch of longer-than-140-character lines and let them
wrap as they will. Well, at least the information is there, even if it's
hard to read.

Those wide timestamps are just ridiculous, aren't they? And why isn't
the unit name (the most important thing) shown first? Or even *at all*
by default?

Anyway, I suspect that the OP might find some useful information from
this command:

systemctl list-timers | grep apt

[Linux-Fan]

Greg Wooledge writes:

> On Wed, Jun 02, 2021 at 07:33:32PM +0300, Reco wrote:
> > Hi.
> >
> > On Wed, Jun 02, 2021 at 06:27:45PM +0200, Stella Ashburne wrote:
> > > Output of systemctl list-timers

[...]

> > > 6 timers listed.
> > > Pass --all to see loaded but inactive timers, too.
> >
> > The most important parts of "systemctl list-timers" (your problem
> > considered) are UNIT and ACTIVATES columns, and your result lacks them
> > for some reason.
>
> The designers of systemctl made some odd choices. They drop you into a
> weird interactive mode by default, and expect you to be willing and able
> to scroll around to see the fields of this report. Worst of all is that
> you may not even *know* that you're supposed to do this.

[...]

> to work, you need to redirect or pipe systemctl's output so that it isn't
> going to a terminal.
>
> systemctl list-timers | cat
>
> Of course, this is still ugly as sin, because the designers of systemctl
> don't understand that terminals are 80 characters wide, always and forever.
> They just dump a bunch of longer-than-140-character lines and let them
> wrap as they will. Well, at least the information is there, even if it's
> hard to read.

I have added the following aliases to all my systems:

alias systemctl='systemctl -l --no-pager'
alias journalctl='journalctl --no-pager'

But of course, I like that `cat` trick for systems which I do not own.
Much easier than remembering that it was `--no-pager` :)

[...]

> Anyway, I suspect that the OP might find some useful information from
> this command:
>
> systemctl list-timers | grep apt

As far as I can tell, these ultimately lead to
/usr/lib/apt/apt.systemd.daily which in turn claims to honor
`APT::Periodic::Enable "1";` from /etc/apt/apt.conf.d.

Still it is worth checking the logs from the systemd timers, e.g.:

journalctl --no-pager -u apt-daily-upgrade.service
journalctl --no-pager -u apt-daily.service

It is also possible that there might be systemd user timers?

systemctl --user --no-pager -l list-timers

Here, the outputs are as follows:

~~~
# journalctl -u apt-daily-upgrade.service
-- Logs begin at Wed 2021-06-02 12:24:45 CEST, end at Wed 2021-06-02
20:47:39 CEST. --
Jun 02 12:24:55 masysma-18 systemd[1]: Starting Daily apt upgrade and clean
activities...
Jun 02 12:24:56 masysma-18 systemd[1]: apt-daily-upgrade.service: Succeeded.
Jun 02 12:24:56 masysma-18 systemd[1]: Started Daily apt upgrade and clean
activities.

# journalctl -u apt-daily.service
-- Logs begin at Wed 2021-06-02 12:24:45 CEST, end at Wed 2021-06-02
20:54:02 CEST. --
Jun 02 12:24:55 masysma-18 systemd[1]: Starting Daily apt download
activities...
Jun 02 12:24:55 masysma-18 systemd[1]: apt-daily.service: Succeeded.
Jun 02 12:24:55 masysma-18 systemd[1]: Started Daily apt download activities.

$ systemctl --user --no-pager -l list-timers
0 timers listed.

Pass --all to see loaded but inactive timers, too.

~~~

I do not believe to have observed the automatic download behaviour the OP
sees despite the timers obviously being active and the script running. From
the timings (between start and completion of the `apt.systemd.daily`) it
seems to not do anything out of the box.

I am leaning towards the "DE explanation" -- that the upgrades are not
caused by APT's own mechanisms but rather triggered by some DE through
opaque means not visible in cron or systemd timers. I am not sure how I
would go about identifying the cause there, except for checking the GUI
configuration that all related options are turned off?

HTH
Linux-Fan

öö

[Greg Wooledge]

On Wed, Jun 02, 2021 at 09:03:23PM +0200, Linux-Fan wrote:
> alias systemctl='systemctl -l --no-pager'
> alias journalctl='journalctl --no-pager'

Hmm, that's handy because it preserves the underline/boldface terminal
markup, unlike the |cat trick.

> > systemctl list-timers | grep apt
>
> As far as I can tell, these ultimately lead to
> /usr/lib/apt/apt.systemd.daily which in turn claims to honor
> `APT::Periodic::Enable "1";` from /etc/apt/apt.conf.d.

I've just spent a few minutes reading /usr/lib/apt/apt.systemd.daily ...
it's not pretty.[1]

First thing I noticed is that in the absence of APT::Periodic::Enable
it *assumes* 1 (yes). It does this by setting a variable to 1, and then
running the following command:

apt-config shell AutoAptEnable APT::Periodic::Enable

capturing the output, eval-ing it (without quotes!), and then checking
whether that shell variable's value is still 1. On my system, where
there is no APT::Periodic::Enable in any part of apt's config, the
output of that apt-config command is empty. So the eval does nothing,
and the variable remains set to 1 (yes).

The next thing I noticed is that apt-daily-upgrade.service runs the same
script with "install" as its argument. The section of the script that
this triggers is basically a giant wrapper around unattended-upgrade.
If unattended-upgrade is not found in PATH (using a *terrible* check),
pretty much nothing happens. Of course, it doesn't bother logging that
unless it's running in debug mode.

> # journalctl -u apt-daily-upgrade.service
> -- Logs begin at Wed 2021-06-02 12:24:45 CEST, end at Wed 2021-06-02
> 20:47:39 CEST. --
> Jun 02 12:24:55 masysma-18 systemd[1]: Starting Daily apt upgrade and clean
> activities...
> Jun 02 12:24:56 masysma-18 systemd[1]: apt-daily-upgrade.service: Succeeded.
> Jun 02 12:24:56 masysma-18 systemd[1]: Started Daily apt upgrade and clean
> activities.

Mine is similar, albeit much longer. Note that on my system,
unattended-upgrade is not installed.

[1] Here's one example:

if which unattended-upgrade >/dev/null 2>&1 && env LC_ALL=C.UTF-8 unattended-upgrade --help | grep -q download-only && check_stamp $DOWNLOAD_UPGRADEABLE_STAMP $UnattendedUpgradeInterval; then

[Tom Browder]

On Tue, May 25, 2021 at 12:25 Stella Ashburne <rew...@gmx.com> wrote:

My OS is Debian 10.9 and has the kernel version:

How did you get the installation originally? Was it from a fresh install of Buster or an upgrade from 9 or older version?

-Tom

[l0f...@tuta.io]

Stella,

Cannot remember if you have Gnome installed but you should have a look at https://unix.stackexchange.com/a/594287, especially ALL the associated comments (click on "Show 7 more comments").
HTH
l0f4r0

[Stella Ashburne]

Hi Tom

Thanks for your help and time. I really appreciate it.
 
 

Sent: Thursday, June 03, 2021 at 3:53 AM
From: "Tom Browder" <tom.b...@gmail.com>
To: "Stella Ashburne" <rew...@gmx.com>
Cc: debia...@lists.debian.org

Subject: Re: How do I permanently disable unattended downloads of software/security updates?

 

How did you get the installation originally? Was it from a fresh install of Buster or an upgrade from 9 or older version?
 
-Tom

It was a fresh installation. I never do upgrades from Debian Stretch (a.k.a. version 9) and always choose Expert Install (without GUI).

On a different topic, I noticed that you composed your email with HTML formatting. I didn't know it is allowed by Debian User Mailing List. I remember a few years ago, if one were to send an email to said mailing list, the former would never be published. At that time, all emails must be in plain text format. When did said mailing list accept emails that are HTML formatted?

[Stella Ashburne]

Hi Reco

Thanks for your help and time. I really appreciate it.

> Sent: Thursday, June 03, 2021 at 12:33 AM
> From: "Reco" <recov...@enotuniq.net>
> To: debia...@lists.debian.org

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> The most important parts of "systemctl list-timers" (your problem
> considered) are UNIT and ACTIVATES columns, and your result lacks them
> for some reason.
>

What does "your result lacks them for some reason" mean? Could you elaborate it please?

Stella

[Greg Wooledge]

On Thu, Jun 03, 2021 at 03:54:01AM +0200, Stella Ashburne wrote:
> > From: "Reco" <recov...@enotuniq.net>

> > The most important parts of "systemctl list-timers" (your problem
> > considered) are UNIT and ACTIVATES columns, and your result lacks them
> > for some reason.
> >
> What does "your result lacks them for some reason" mean? Could you elaborate it please?

Lacks means "does not have".

Your output did not show the UNIT or ACTIVATES columns. For the reasons
I explained in my response.

I gave some alternatives that will reveal more information. Replies to
my reply elaborated further still.

[Stella Ashburne]

Hi,

Thanks for your help and effort. I really appreciate it.

> Sent: Thursday, June 03, 2021 at 4:02 AM
> From: l0f...@tuta.io
> To: "Debian User" <debia...@lists.debian.org>

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> Cannot remember if you have Gnome installed but you should have a look at https://unix.stackexchange.com/a/594287, especially ALL the associated comments (click on "Show 7 more comments").

After I have done a fresh minimal install of Debian, I installed the following packages:

xorg gnome-core gnome-tweak-tool synaptic gedit gdebi file-roller

As you can see from the above, I did not install the full Gnome desktop environment.

The link that you gave me leads to the post in which the description of the problem is similar to my issue. It contains helpful information and I have taken action based on what the contributors had written. I have disabled PackageKit. I have not purged gnome-software as advised by the contributor in said post. Why? I am afraid that purging gnome-software may cause my operating system to become unusable.

I shall keep you informed if after disabling PackageKit, automatic downloads of software/security updates still take place.

[Stella Ashburne]

Hi

Thanks for your help and time. I really appreciate it.

> Sent: Thursday, June 03, 2021 at 3:03 AM
> From: "Linux-Fan" <Ma_S...@web.de>
> To: debia...@lists.debian.org

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> > Anyway, I suspect that the OP might find some useful information from
> > this command:
> >
> > systemctl list-timers | grep apt

Below is the output of systemctl list-timers | grep apt

Thu 2021-06-03 20:29:30 GMT 9h left Thu 2021-06-03 09:18:00 GMT 1h 17min ago apt-daily.timer apt-daily.service
Fri 2021-06-04 06:51:16 GMT 20h left Thu 2021-06-03 09:18:00 GMT 1h 17min ago apt-daily-upgrade.timer apt-daily-upgrade.service

>
> I am leaning towards the "DE explanation" -- that the upgrades are not
> caused by APT's own mechanisms but rather triggered by some DE through
> opaque means not visible in cron or systemd timers. I am not sure how I
> would go about identifying the cause there, except for checking the GUI
> configuration that all related options are turned off?
>

One of the posters provided me a link to the post in Unix StackExchange: https://unix.stackexchange.com/a/594287 and I have followed the instructions to disable PackageKit.

By the way, when I did a fresh minimal install of Debian Buster without installing the full Gnome DE about two years ago, I also installed the following packages: xorg gnome-core gnome-tweak-tool synaptic gedit gdebi file-roller

[Tom Browder]

On Wed, Jun 2, 2021 at 20:48 Stella Ashburne <rew...@gmx.com> wrote:
...

> On a different topic, I noticed that you composed your email with HTML formatting. I didn't know
> it is allowed by Debian User Mailing List.

Unfortunately I mostly use email from my iPad (gmail app) and I
haven't found a way to get plain text on it like one can from a real
computer. Sometimes I go to my Linux laptop and force plain text, but
normally I try to strip out what I can.

This time i'm replying from my laptop so it **should** be plain text.

Best,

-Tom

[Greg Wooledge]

On Thu, Jun 03, 2021 at 03:18:31PM -0500, Tom Browder wrote:
> This time i'm replying from my laptop so it **should** be plain text.

It is.

[Stella Ashburne]

Hi Tom

> Sent: Friday, June 04, 2021 at 4:18 AM

> From: "Tom Browder" <tom.b...@gmail.com>
> To: "Stella Ashburne" <rew...@gmx.com>

> Cc: "debian-user mailing list" <debia...@lists.debian.org>

> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>
>

> Unfortunately I mostly use email from my iPad (gmail app) and I
> haven't found a way to get plain text on it like one can from a real
> computer. Sometimes I go to my Linux laptop and force plain text, but
> normally I try to strip out what I can.
>

Don't get me wrong Tom. I'm perfectly fine with receiving emails in HTML format. It's just that a few years ago, when I sent emails with HTML formatting, Debian User Mailing List rejected them outright. It took me quite a while - about at least two months - trying to figure out why my sent HTML-formatted emails were rejected.

> This time i'm replying from my laptop so it **should** be plain text.
>

I am OK as long as Debian User Mailing List now accepts HTML-formatted emails.

Stella

[Stella Ashburne]

Hi Greg

> Sent: Thursday, June 03, 2021 at 9:55 AM
> From: "Greg Wooledge" <gr...@wooledge.org>

> To: debia...@lists.debian.org
> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>
>

> I gave some alternatives that will reveal more information. Replies to
> my reply elaborated further still.
>

Output of systemctl list-timers | grep apt

[Thomas D. Dean]

I have the same problem.

I saw this in: https://askubuntu.com/questions/1038923

sudo systemctl disable apt-daily.service
sudo systemctl disable apt-daily.timer

sudo systemctl disable apt-daily-upgrade.timer
sudo systemctl disable apt-daily-upgrade.service

[Stella Ashburne]

Hi Thomas

Thank you for your help and time. I really appreciate it.

> Sent: Friday, June 04, 2021 at 10:23 AM
> From: "Thomas D. Dean" <tom...@wavecable.com>

> To: debia...@lists.debian.org
> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> I have the same problem.

OK, but do you use Ubuntu or Debian or both?

>
> I saw this in: https://askubuntu.com/questions/1038923
>
> sudo systemctl disable apt-daily.service
> sudo systemctl disable apt-daily.timer
>
> sudo systemctl disable apt-daily-upgrade.timer
> sudo systemctl disable apt-daily-upgrade.service
>

A poster named l0f...@tuta.io replied to me via this mailing list yesterday and below is what he wrote (verbatim):

"Cannot remember if you have Gnome installed but you should have a look at https://unix.stackexchange.com/a/594287, especially ALL the associated comments (click on "Show 7 more comments")."

When I did a *fresh* minimal install of Debian about two years ago, I didn't install the whole Gnome DE. Instead, I installed the following packages: xorg gnome-core gnome-tweak-tool synaptic file-roller gedit

A few days ago, after reading replies from some posters, I purged the package called unattended-upgrades. I don't know how and when it was installed in the first place. You see, about two years I chose the option Expert Install (without GUI) and during the installation process, I chose the option to not install updates automatically.

After reading what was written in the page (https://unix.stackexchange.com/a/594287), I disabled the package called PackageKit today. Only time will tell if said step works.

By the way, does Ubuntu use the full or stripped-down version of Gnome Desktop Environment?

*fresh* = not upgraded from Debian Stretch

[Andrei POPESCU]

On Vi, 04 iun 21, 02:03:10, Stella Ashburne wrote:
> Hi Tom
>
> > Sent: Friday, June 04, 2021 at 4:18 AM
> > From: "Tom Browder" <tom.b...@gmail.com>
>

> Don't get me wrong Tom. I'm perfectly fine with receiving emails in
> HTML format. It's just that a few years ago, when I sent emails with
> HTML formatting, Debian User Mailing List rejected them outright. It
> took me quite a while - about at least two months - trying to figure
> out why my sent HTML-formatted emails were rejected.

As far as I know the list only rejects large-ish attachments. A small
screenshot, output of 'dmesg' or compressed logs should go through
(though not necessarily a good idea).

> > This time i'm replying from my laptop so it **should** be plain text.
> >
> I am OK as long as Debian User Mailing List now accepts HTML-formatted
> emails.

HTML mails are possible, just frowned upon, especially if they don't
contain an equivalent text part (which would make the html part
redundant). Most readers will have their mail client configured to
display the text part (only).

Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser

[Thomas D. Dean]

I use Ubuntu. I removed the ubuntu desktop and installed vanilla gnome.
Google:
'Converting Ubuntu 20.04 LTS to Vanilla Gnome3'

After I disabled timers, I rebooted. apt-update && apt-upgrade. After
that I had one popup that said I had upgrades pending. The apt timer
was set to expire in 3 hours...

[Stella Ashburne]

Hi Thomas

> Sent: Friday, June 04, 2021 at 6:02 PM

> From: "Thomas D. Dean" <tom...@wavecable.com>
> To: debia...@lists.debian.org
> Subject: Re: How do I permanently disable unattended downloads of software/security updates?
>

> I use Ubuntu. I removed the ubuntu desktop and installed vanilla gnome.
> Google:
> 'Converting Ubuntu 20.04 LTS to Vanilla Gnome3'

According to the website "The 8 Best Ubuntu Desktop Environments (20.04 Focal Fossa Linux)" [https://linuxconfig.org/the-8-best-ubuntu-desktop-environments-20-04-focal-fossa-linux], Ubuntu 20.04 LTS comes with the default Gnome 3.36 desktop.

>
> After I disabled timers, I rebooted. apt-update && apt-upgrade. After
> that I had one popup that said I had upgrades pending. The apt timer
> was set to expire in 3 hours...

See...you'd an automatic download of updates.....

[Greg Wooledge]

On Fri, Jun 04, 2021 at 02:15:24AM +0200, Stella Ashburne wrote:
> Output of systemctl list-timers | grep apt
>
> Thu 2021-06-03 20:29:30 GMT 9h left Thu 2021-06-03 09:18:00 GMT 1h 17min ago apt-daily.timer apt-daily.service
> Fri 2021-06-04 06:51:16 GMT 20h left Thu 2021-06-03 09:18:00 GMT 1h 17min ago apt-daily-upgrade.timer apt-daily-upgrade.service

Yes, you posted this already.

The point wasn't for you to copy and paste the output here and wait
for someone to hand-hold you through the next step. The point was
for you to read and understand the output yourself.

You've got these two systemd timers. Now you have their names, and you
know when they last triggered, and when they will trigger in the future.

Given their names (and the fact of their *existence*) you can investigate
further and learn what they do.

You could also correlate the time that the timer last triggered against
the time that the packages were downloaded, to confirm causality. If
you've waited too long, and the downloads actually occurred in a previous
cycle, then consider using "journalctl -u unitname" to get the full logs
from that unit.

Here are some more hints:

1) You can use "systemctl cat" followed by a unit name to get a dump of
the "unit file" (which may not be a single file) which defines that
unit.

2) Prior messages in this thread contain analysis of some of these
systemd units and the Debian tools that they call upon.

2a) The Debian tools that these units call have configuration files
which control what they do. Documentation is sketchy, but most
of these tools are scripts, so you can read the scripts. That's
part of the analysis that's already been done which you seem
to have skipped over.

3) Calling "systemctl disable" only works for *services*, and all it
does is remove them from the list of services that get launched at
boot time. It does nothing for units that are triggered by other
means than booting.

4) Calling "systemctl mask" will completely remove *all* possibility of
a unit being invoked, by booting, or by socket trigger, or being
called by some other unit, etc.

5) If journalctl isn't showing you logs from before your last reboot,
it's possible that you haven't enabled the persistent journal yet.
The persistent journal wasn't the default in Debian prior to (I think)
bullseye, which of course is not released yet.

To enable the persistent journal, see systemd-journald(8). There is
a simple two-line recipe in there.

6) Nobody knows what the fuck GNOME does. If GNOME's doing something
that you dislike, well, uh... that's unfortunate. But there's a
reason most of us don't run it. Several reasons, in fact.

[Polyna-Maude Racicot-Summerside]

Hi,

No one asked you for opinion regarding a particular desktop environment
or if it's a good choice to run it or not. Those type of comment are at
least useless at most unproductive.

Yes there's people who know what GNOME does and how it's done, there's
even people who look into the source code... And people who investigated
GNOME the same way you tell this guy to investigate some actions of the
timers...

GNOME is part of the Debian distribution so this type of opinionated
answer shall not arrive. This seem as sterile discussion as talking to
some hard head politician... And it goes nowhere...

--
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

[Reco]

Hi.

On Fri, Jun 04, 2021 at 07:59:31AM -0400, Greg Wooledge wrote:
> On Fri, Jun 04, 2021 at 02:15:24AM +0200, Stella Ashburne wrote:
> > Output of systemctl list-timers | grep apt
> >
> > Thu 2021-06-03 20:29:30 GMT 9h left Thu 2021-06-03 09:18:00 GMT 1h 17min ago apt-daily.timer apt-daily.service
> > Fri 2021-06-04 06:51:16 GMT 20h left Thu 2021-06-03 09:18:00 GMT 1h 17min ago apt-daily-upgrade.timer apt-daily-upgrade.service
>
> Yes, you posted this already.
>
> The point wasn't for you to copy and paste the output here and wait
> for someone to hand-hold you through the next step. The point was
> for you to read and understand the output yourself.

I'd like to add here that:

- apt-daily is written to respect APT::Periodic::* settings, and you
have those unset.
- in this very thread a possibility of a custom cron job that download
updates was excluded.
- therefore it's simply wrong to include in the result of "systemctl
list-timers" only "apt" timers and exclude everything else, since
your problem can lie in those excluded timers.

> 3) Calling "systemctl disable" only works for *services*,

That not how it works, actually.
systemctl disable can be used to disable any timer, but you have to
specify it explicitly. I.e.

systemctl disable apt-daily.timer

Running "systemctl disable" on a service that's called by timer should
do nothing indeed.

Reco

[David Wright]

On Fri 04 Jun 2021 at 12:40:26 (+0200), Stella Ashburne wrote:
> > Sent: Friday, June 04, 2021 at 6:02 PM
> > From: "Thomas D. Dean" <tom...@wavecable.com>
> >

> > I use Ubuntu. I removed the ubuntu desktop and installed vanilla gnome.
> > Google:
> > 'Converting Ubuntu 20.04 LTS to Vanilla Gnome3'
>
> According to the website "The 8 Best Ubuntu Desktop Environments (20.04 Focal Fossa Linux)" [https://linuxconfig.org/the-8-best-ubuntu-desktop-environments-20-04-focal-fossa-linux], Ubuntu 20.04 LTS comes with the default Gnome 3.36 desktop.
> >
> > After I disabled timers, I rebooted. apt-update && apt-upgrade. After
> > that I had one popup that said I had upgrades pending. The apt timer
> > was set to expire in 3 hours...
>
> See...you'd an automatic download of updates.....

Here are a few files with which you might compare your own versions
while you look for clues. This system has no DE installed and,
unusually for me, it has no cron job to update/upgrade the system.
It's been languishing for nearly a fortnight while I was on holiday,
and apt has shown no signs of stirring, even though I know from my
master system that yelp should be demanding a dist-upgrade (for
new packages).

Like you, I selected no-unattended-security-upgrades during
installation, but I may have packages that you lack (like, say,
apt-file) which will put extra lines in the configuration.

The cron job that's missing from this machine is
# check for updated packages and provoke an email if any are in the cache
0 */3 * * * apt-get -qq update && apt-get -qq -d upgrade && find /var/cache/apt/archives/ -name '*deb'
which, of course, does exactly what you're trying to avoid!
(For the guardians of Debian bandwidth: all my systems proxy off
apt-cacher-ng running on the system I'm typing on.)

Cheers,
David.

[David Wright]

Actually, I find candid opinions posted here about software to be useful.
Many times I have written "I don't know anything about DEs as I don't
run one", but I don't expect my opinion to carry any weight here.

> Yes there's people who know what GNOME does and how it's done, there's
> even people who look into the source code... And people who investigated
> GNOME the same way you tell this guy to investigate some actions of the
> timers...

Nobody here is censoring them. But my impression is that we don't hear
from them very often.

> GNOME is part of the Debian distribution so this type of opinionated
> answer shall not arrive. This seem as sterile discussion as talking to
> some hard head politician... And it goes nowhere...

So I guess this means that around 58000 pieces of software should be
protected from having opinions passed on them. It hasn't worked out
so well for systemd.

Someone recently argued that respect for people here had to be earned
(I'm not sure how). I'd argue rather that it's their opinions that
have to earn respect, by being evaluated in the context of their other
contributions. We can then all make our own individual judgements.

Cheers,
David.

[Andrei POPESCU]

Agreed.

On the other hand disabling the systemd timer might not have the desired
effect if an equivalent cron job exists as well and cron is installed
(by default it is).

Side note: cron jobs that have an equivalent systemd timer should check
if running under systemd and do nothing. On my system
/etc/cron.daily/apt-compat does contain such a check, but maybe I missed
some other cron job that might be invoked, I've lost track of what else
was mentioned in the thread.