Hi!

I want to configure some KDE Neon PCs at my workplace in the university to do automatic unattended updates.
I read a lot and there are many confusing and contradictory explanations about how to do that. Suggestions reach from simply installing a package to 15 Minutes of work using additional commands, GUI options, extra packages and editing several config files. Also most of the descriptions are not for Neon 18.04 but old / other distributions.

So I want the Neon PCs to automatically install all updates (includes security updates and normal updates) every day. I also want the system to clean up unused kernels and packages each time. In case the user is informed about the process visually I would also prefer installation on shut down of the systems.

I would prefer to do this using bash script (since I am using one to configure my Neon PCs) or by GUI if possible.

I installed the software-properties-kde and unattended-upgrades packages. What do I need to do now?

Assuming...
- that the devices have automatic access to the internet
- that automatic updates in the updates tab of software sources is selected
- as in... download updates in background
then there really isn't anything else that needs to be done unless there are other issues

Well, that's what I thought too. But it doesn't work.

I tried various things and read a lot of web pages. There is a lot of confusion in the web about this.

The following finally made it work (kind of):

Code: Select all

sudo apt install software-properties-kde
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades


Before reconfiguring I also changed the following files:

Code: Select all

/etc/apt/apt.conf.d/50unattended-upgrades
/etc/apt/apt.conf.d/20auto-upgrades
/etc/apt/apt.conf.d/10periodic

(I can post my templates if you like)

I am not totally sure which of the above are actually needed. But I am sure that installing the packages and enabling the auto-update in software-source was NOT enough.

Also the default behavior was definitely not useful. E.g. I needed to update the Unattended-Upgrade::Origins-Pattern in 50unattended-upgrades to make the system to update packages from ALL sources (like a manual update does). Also I think the removal of unused (kernel) packages wasn't enabled by default (which means the system destroys itself after some time).

Still the auto updates are pretty much broken. I did the above on a few Neon systems and I experienced a lot of problems since:

1. Users do not get any information if they sit in front of the PC while updates start running. Especially a problem on slow hardware.
2. If a reboot is required, systems do not spawn any message to the user.
3. I experienced various random software crashes after automatically installed updates (like KIO problems and crashing application programs) even without a skipped reboot. I guess this would happen with manual updates as well, however, after a manual update you know the possible reason and you can reboot afterwards and/or finish/save your work first.
4. There is no way to allow the users to postpone the updates. This is fatal.
5. I experienced a broken system (unable to boot) after updates where installed. I am not sure about the reason. I think the user shutdown or rebooted the system while updates where active. It looks like running updates do not prevent the user from reboot/logout/shutdown/suspend (but I am not sure about that).

Administrative e-mails are working fine but do not help much in these cases.

I tried the update-on-shutdown option, which seems to be a nice workaround for most of the above problems but unfortunately this option is broken and currently the issue has not been successfully resolved according to the bug tracker.

Actually I think automatic updates are not usable for desktop systems under these circumstances. I will disable them for our entire network soon (unless the update-on-shutdown function is fixed and released soon).

FWIW you need to actually enable unattended upgrades on neon. They are entirely disabled by default

Code: Select all

echo 'unattended-upgrades unattended-upgrades/enable_auto_updates boolean true' | sudo debconf-set-selections

sudo dpkg-reconfigure -f noninteractive unattended-upgrades

To that end

Code: Select all

debconf-show unattended-upgrades

should show it enabled:true

Thanks a lot appachelogger, I will try that. Most of these commands are new to me, I can not remember I have seen them among the many variants out there in the web.

What exactly do they do? I mean, apart from properly enabling auto updates, can I expect any of my described issues to behave differently using those commands?

Does your solution make editing /etc/apt/apt.conf.d/20auto-upgrades and /etc/apt/apt.conf.d/10periodic obsolete?
(I suppose will need to modify /etc/apt/apt.conf.d/50unattended-upgrades anyway to configure package removal, source selection and e-mail)

I'm really loving KDE Neon. I use it almost since the beginning and I'm grateful for this to the devs and contributors. Unfortunately I think this is the kind of thing that prevents Linux from being a successful alternative to either Win or Mac. Users expect this to reliably work. The fact that there isn't just a button in Discover is already an issue for the average user but the real problem is that it doesn't seem to work at all.

I'm not an expert but I think the commands posted by @apachelogger are irrelevant. I just followed the Ubuntu documentation and activated the unattended updates and sure enough I started to see messages regularly in /var/log/unattended/unattended-updates.log . So the service IS working.

I thought the problem was that origins were wrong. It tries with o=neon which doesn't exist. I somehow figure out that o=Ubuntu (uppercase U seems to be important) is a valid origin but only for packages directly from ubuntu. I also tried with o=user, o=user_bionic, o=Neon and whatnot but nothing worked. Commands like e.g. apt show kamera doesn't output any Origin at all, unlike Ubuntu packages where you see Origin= Ubuntu.

After finding this thread I wonder if I even want o enable this at all. I'm probably better off using Ansible or some other orchestrator. The only thing I didn't test is that "software-properties-kde" package. Do I need that for unattended upgrades to work? Are there plans to better support this? Perhaps in 20.04? Is there some KDE documentation about this besides the Ubuntu site which everyone points to?

Thanks in advance. I think this is going to be the year of Linux Desktop but these details must be polished to be ready for it

pandiloko wrote:I'm not an expert but I think the commands posted by @apachelogger are irrelevant.

oh, really? You are telling one of the main architects of Neon that his comment is irrelevant? Think again...

Mamarok wrote:

pandiloko wrote:I'm not an expert but I think the commands posted by @apachelogger are irrelevant.

oh, really? You are telling one of the main architects of Neon that his comment is irrelevant? Think again...

I don't understand how your comment adds something to the matter at hand and don't think bashing users helps your project in any way or form. Maybe the guy is a genius but his comment didn't explain that much. I don't like to copy-paste and run commands in my computer without knowing what they do and the fact is that the auto-upgrade process seemed to be regularly triggered in my case without using that extra configuration.

Maybe the word "irrelevant" sounded harsher than I intend it to (I'm not a native English speaker) and for that I apologize.

apachelogger,

Thank you for your work. And if we, the users, aren't telling you and the other KDE developers that on a regular basis, then we are remiss and not showing the proper gratitude. KDE is an outstanding desktop. IMHO, it's the best and it's because of your time and effort.

Mick

Mamarok wrote:

pandiloko wrote:I'm not an expert but I think the commands posted by @apachelogger are irrelevant.

oh, really? You are telling one of the main architects of Neon that his comment is irrelevant? Think again...

FWIW I finally tried the given commands and didn't work in my case:

Code: Select all

# echo 'unattended-upgrades unattended-upgrades/enable_auto_updates boolean true' | sudo debconf-set-selections
# dpkg-reconfigure -f noninteractive unattended-upgrades
# debconf-show unattended-upgrades
* unattended-upgrades/enable_auto_updates: false


Running

Code: Select all

dpkg-reconfigure -plow unattended-upgrades

and answering "yes" as indicated in the relevant Ubuntu documention did work and changed the necessary config options in

Code: Select all

/etc/apt/apt.conf.d/20auto-upgrades

Still it only installs packages from Ubuntu origin (o=Ubuntu). My goal here was to setup a Neon laptop for a user wanting to make the change from Windows to Linux, thus the importance of having auto-updates. Perhaps Kubuntu could be a more reliable choice in this regard (I take it there should be no problems with origin).

Another related annoyance with Neon is that almost every installer script fails to recognize it as an Ubuntu based distro and I must always force some option or use another install method.

@pandiloko
The problem with what you're asking, is that I would think most Linux users don't want automatic updates. It was the one thing that annoyed the Hell out of me on Windows, when I came to shut my computer down & got the "please wait..." message, & then again when I booted it up. To me a simple:

Code: Select all

pkcon refresh && pkcon update

in a terminal, when I'm ready is far more preferable.