:: Re: [DNG] unatternded upgrades by d…
Forside
Slet denne besked
Besvar denne besked
Skribent: Olaf Meeuwissen
Dato:  
Til: KatolaZ
CC: dng
Emne: Re: [DNG] unatternded upgrades by default in Debian
Hi KatolaZ,

KatolaZ writes:

> On Tue, Feb 12, 2019 at 08:32:25AM -0500, Hendrik Boom wrote:
>> I just found the following comment on Soylent News:
>>
>> https://soylentnews.org/comments.pl?noupdate=1&sid=30051&page=1&cid=799766#commentwrap
>>
>> > As of Debian 9 (Stretch) both the unattended-upgrades and
>> > apt-listchanges packages are installed by default and upgrades are
>> > enabled with the GNOME desktop. Rudimentary configuration is
>> > accessible via the "Software & Updates" application
>> > (software-properties-gtk).
>>
>> > it's a Debian thing that depend on systemd to start at reboot
>>
>> Sounds like something we don't want.
>
> Sorry Hendrik, but instead of citing an anonymous post on an unknown
> blog with rants about Debian and other Debian derivatives (among a lot
> of other unrelated things), have you actually seen unattended-upgrades
> installed "automatically and by default" in any Devuan installation?


Not me. I have seen it on Ubuntu server installs but am not sure about
it being installed by default.

> I am asking because I can safely say I have installed Devuan literally
> hundreds of times (Jessie, Ascii, Beowulf, and Ceres), and in no
> occasion was unattended-upgrades installed by default, on any install
> path, or brought in as a Depends or as a Recommends. I am also
> maintaining `tasksel` in Devuan, and I cannot see any installation
> selection that would bring in unattended-upgrades by default.[*]


As long as parl-desktop cannot be selected in the installer, I would
have said you were right if it weren't for what follows below.

# BTW, hadn't heard of that until I started poking around in my APT
# caches.

> Could everybody please report immediately on any such case, if it
> happened, so that we can track the problem down (I mean, a new Devuan
> install where unattended-upgrades is silently installed and
> automatically enabled)?


For your selection of APT sources, you can check (I think!) with

  apt-cache rdepends --recurse \
                     --no-recommends \
                     --no-suggests \
                     --no-conflicts \
                     --no-breaks \
                     --no-replaces \
                     --no-enhances \
                     unattended-upgrades \
       | sed -n '/^ /p' | sort -u


On my ASCII setup that gives

freedombox-setup
parl-desktop
parl-desktop-eu
parl-desktop-strict
parl-desktop-world
plinth

If I leave out the --no-recommends the list becomes rather, eh, long and
includes all(?) task-*-desktop packages.

Checking the other way around with (notice the lack of an 'r' on the
depends!) on, for example, task-gnome-desktop

  apt-cache depends --recurse \
                    --no-suggests \
                    --no-conflicts \
                    --no-breaks \
                    --no-replaces \
                    --no-enhances \
                    task-gnome-desktop \
      | grep unattended-upgrades


yields a "Recommends: unattended-upgrades".

Further investigation shows that that is courtesy of
python3-software-properties, which is depended on by
software-properties-common-gtk, which is depended on by
gnome-software, which is a dependency for
gnome-core which is a requirement for
task-gnome-desktop.

> We should try to solve the problems we have, not the problems we might
> have had if we were using another distribution at another time... :\
>
> HND
>
> KatolaZ
>
> [*] AFAIK, there is no way to have unattended-upgrades installed by
> default in Debian either, but I am not 100% sure about that.


See above :-( Actually, I wasn't quite sure that apt-cache showed me
what I thought I was asking for so I cross-checked with my Devuan Docker
images for ASCII. The slim images, which have --no-install-recommends
baked in, do *not* try to install unattended-upgrades when you install
task-gnome-desktop. The default images, which do not have that option
baked in, *do* try to install unattended-upgrades.

FTR, task-xfce-desktop doesn't pull it in on either image :-)
But task-kde-desktop does, unless --no-install-recommends is given.

BTW, this is all using the `apt` command-line, not some synaptic or
aptitude or whatever. Dependency resolution is apparently not exactly
the same between tools :-((

But of course us "server-only" and/or "rolling my own DE" types are not
affected by all of this.

Anyway, you can always tell apt to *not* install it

apt get install task-gnome-desktop unattended-upgrades-

and live without everything else that was not installed either as a
result of that :-)

Hope this helps,
--
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join