| zxm-pi | allo allo | 10:42 |
|---|---|---|
| bigcalm | o/ | 11:23 |
| zxm-pi | \o | 11:23 |
| laney | |O| | 11:55 |
| zxm-pi | \o/ | 12:14 |
| jlj_ | o7 | 12:32 |
| zxm-pi | o> | 12:34 |
| bigcalm | I have a question about security updates! | 16:46 |
| bigcalm | On a client's server: | 16:46 |
| bigcalm | 57 packages can be updated. | 16:46 |
| bigcalm | 1 of these updates is a security update. | 16:46 |
| bigcalm | I only want to see/run the 1 security update. Thus running "apt dist-upgrade" isn't ideal. | 16:47 |
| bigcalm | "unattended-upgrade" got most of the packages that needed security updates, but not this last one | 16:47 |
| bigcalm | Does anybody know how to find out which package it is? | 16:48 |
| bigcalm | Without updating all of the others in the process | 16:48 |
| zxm-pi | https://www.poftut.com/how-to-list-available-updates-and-updateable-packages-with-apt-apt-get-aptitude-commands/ | 16:53 |
| bigcalm | I like verbose titles :) | 16:53 |
| popey | apt list --upgradable | 16:53 |
| popey | (it tells you this after you run apt update) | 16:54 |
| bigcalm | Yeah, I tried that, but I don't see where it says which are security updates | 16:55 |
| bigcalm | My visual grepping may be bad | 16:55 |
| popey | apache2/bionic-updates,bionic-security 2.4.29-1ubuntu4.16 i386 [upgradable from: 2.4.29-1ubuntu4.14] | 16:55 |
| popey | after the package name | 16:55 |
| popey | bionic-security | 16:55 |
| bigcalm | I tried: apt list --upgradable | grep -i sec | 16:56 |
| bigcalm | I got: libseccomp2/bionic-updates 2.5.1-1ubuntu1~18.04.1 amd64 [upgradable from: 2.4.3-1ubuntu3.18.04.3] | 16:56 |
| popey | what told you one of the 57 was a security update? | 16:57 |
| bigcalm | Logging into the server | 16:58 |
| bigcalm | So whatever has written to MOTD | 16:59 |
| bigcalm | This is weird | 16:59 |
| bigcalm | I ran `sudo apt update` and got: 54 packages can be upgraded. Run 'apt list --upgradable' to see them. | 17:00 |
| bigcalm | So whatever is in the MOTD is out of date | 17:00 |
| popey | Look at the date stamp on /var/lib/update-notifier/updates-available | 17:02 |
| popey | which contains the text, that'll tell you when it was generated | 17:02 |
| bigcalm | Jun 21 16:15 | 17:02 |
| bigcalm | Server's time is UTC | 17:02 |
| bigcalm | So about 45 minutes ago | 17:03 |
| popey | there's a regular job which updates it | 17:03 |
| bigcalm | Okay. I'll leave it for now and check back another day :) | 17:04 |
| popey | update-notifier-common | 17:04 |
| popey | you could just run dist-upgrade, and not actually say "y" at the end | 17:04 |
| bigcalm | Ah | 17:04 |
| popey | it will download all the files, and you can see where they come from | 17:04 |
| popey | or use the dry-run option to not do it, or the download option | 17:04 |
| bigcalm | None of the above has updated the MOTD | 17:05 |
| popey | I didn't say it would | 17:06 |
| popey | I'm saying you can see what the updates are using those options | 17:06 |
| popey | much like apt list --upgradable | 17:06 |
| bigcalm | Oh, okay. Yeah, that's not the issue :) | 17:06 |
| popey | What specifically is the issue? | 17:07 |
| bigcalm | The MOTD saying that there is 1 package for security updates, but running unattended-upgrade is not getting that 1 package. | 17:07 |
| popey | How do you know it's not? | 17:08 |
| bigcalm | We have since worked out that the MOTD is out of date and will be updated at some point by cron | 17:08 |
| popey | Given MOTD isn't dynamic | 17:08 |
| bigcalm | I thought that's what we worked out :| | 17:08 |
| popey | (you could comment out updates from apt sources.list, and do a dist-upgrade) | 17:08 |
| popey | then you'll only get security updates | 17:08 |
| popey | I'm saying, how do you know there is still 1 security update, given MOTD isn't dynamic. | 17:09 |
| bigcalm | It's my guess that the information is in MOTD | 17:09 |
| popey | but you proved there's *now* (since MOTD was generated) no security updates with your grepping? | 17:10 |
| bigcalm | "sudo apt update" results in "54 packages can be upgraded. Run 'apt list --upgradable' to see them." | 17:11 |
| bigcalm | This is what I see when I ssh into the server: https://paste.ubuntu.com/p/dCMWp5WxpM/ | 17:11 |
| popey | Right, and the date stamp on the /var/lib/update-notifier/updates-available file suggests perhaps security updates were pending and have now been installed? Check the unattended-upgrades log? | 17:12 |
| bigcalm | Running "unattended-upgrade" results in no email being sent (previous run did send an email when there was something for it to do) | 17:15 |
| popey | I meant look at the logs to see what it did. There's a log in /var/log/unattended-upgrades | 17:15 |
| bigcalm | From the last run https://paste.ubuntu.com/p/wNwfQ5gJWM/ | 17:16 |
| popey | Good news, no security updates to install then. Happy days. | 17:17 |
| bigcalm | There's nothing for it to upgrade | 17:17 |
| bigcalm | Indeed! | 17:17 |
| bigcalm | Except that the MOTD says that there is. That's what I was trying to work out. | 17:17 |
| bigcalm | You've let me know that a cron job will update it at some point | 17:17 |
| popey | Sweet | 17:18 |
| popey | Hapy days | 17:18 |
| popey | also happy | 17:18 |
| bigcalm | I guess my expectation was that the MOTD would be updated as and when packages were installed/upgraded. I have new knowledge that I can pass on to the client - "yes we can see what the MOTD says, but that's not always in sync with the truth" | 17:19 |
| bigcalm | Now I want ribs :| | 17:22 |
| ball | Anyone have a feel for which is lighter out of lxde and lxqt? | 21:42 |
| ball | Ah, it sounds as though lxqt is newer, somehow. I'll try that. | 21:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!