[10:42] <zxm-pi> allo allo
[11:23] <bigcalm> o/
[11:23] <zxm-pi> \o
[11:55] <laney> |O|
[12:14] <zxm-pi> \o/
[12:32] <jlj_> o7
[12:34] <zxm-pi> o>
[16:46] <bigcalm> I have a question about security updates!
[16:46] <bigcalm> On a client's server:
[16:46] <bigcalm> 57 packages can be updated.
[16:46] <bigcalm> 1 of these updates is a security update.
[16:47] <bigcalm> I only want to see/run the 1 security update. Thus running "apt dist-upgrade" isn't ideal.
[16:47] <bigcalm> "unattended-upgrade" got most of the packages that needed security updates, but not this last one
[16:48] <bigcalm> Does anybody know how to find out which package it is?
[16:48] <bigcalm> Without updating all of the others in the process
[16:53] <zxm-pi> https://www.poftut.com/how-to-list-available-updates-and-updateable-packages-with-apt-apt-get-aptitude-commands/
[16:53] <bigcalm> I like verbose titles :)
[16:53] <popey> apt list --upgradable
[16:54] <popey> (it tells you this after you run apt update)
[16:55] <bigcalm> Yeah, I tried that, but I don't see where it says which are security updates
[16:55] <bigcalm> My visual grepping may be bad
[16:55] <popey> apache2/bionic-updates,bionic-security 2.4.29-1ubuntu4.16 i386 [upgradable from: 2.4.29-1ubuntu4.14]
[16:55] <popey> after the package name
[16:55] <popey> bionic-security
[16:56] <bigcalm> I tried: apt list --upgradable | grep -i sec
[16:56] <bigcalm> I got: libseccomp2/bionic-updates 2.5.1-1ubuntu1~18.04.1 amd64 [upgradable from: 2.4.3-1ubuntu3.18.04.3]
[16:57] <popey> what told you one of the 57 was a security update?
[16:58] <bigcalm> Logging into the server
[16:59] <bigcalm> So whatever has written to MOTD
[16:59] <bigcalm> This is weird
[17:00] <bigcalm> I ran `sudo apt update` and got: 54 packages can be upgraded. Run 'apt list --upgradable' to see them.
[17:00] <bigcalm> So whatever is in the MOTD is out of date
[17:02] <popey> Look at the date stamp on /var/lib/update-notifier/updates-available
[17:02] <popey> which contains the text, that'll tell you when it was generated
[17:02] <bigcalm> Jun 21 16:15
[17:02] <bigcalm> Server's time is UTC
[17:03] <bigcalm> So about 45 minutes ago
[17:03] <popey> there's a regular job which updates it
[17:04] <bigcalm> Okay. I'll leave it for now and check back another day :)
[17:04] <popey> update-notifier-common
[17:04] <popey> you could just run dist-upgrade, and not actually say "y" at the end
[17:04] <bigcalm> Ah
[17:04] <popey> it will download all the files, and you can see where they come from
[17:04] <popey> or use the dry-run option to not do it, or the download option
[17:05] <bigcalm> None of the above has updated the MOTD
[17:06] <popey> I didn't say it would
[17:06] <popey> I'm saying you can see what the updates are using those options
[17:06] <popey> much like apt list --upgradable
[17:06] <bigcalm> Oh, okay. Yeah, that's not the issue :)
[17:07] <popey> What specifically is the issue?
[17:07] <bigcalm> The MOTD saying that there is 1 package for security updates, but running unattended-upgrade is not getting that 1 package.
[17:08] <popey> How do you know it's not?
[17:08] <bigcalm> We have since worked out that the MOTD is out of date and will be updated at some point by cron
[17:08] <popey> Given MOTD isn't dynamic
[17:08] <bigcalm> I thought that's what we worked out :|
[17:08] <popey> (you could comment out updates from apt sources.list, and do a dist-upgrade)
[17:08] <popey> then you'll only get security updates
[17:09] <popey> I'm saying, how do you know there is still 1 security update, given MOTD isn't dynamic.
[17:09] <bigcalm> It's my guess that the information is in MOTD
[17:10] <popey> but you proved there's *now* (since MOTD was generated) no security updates with your grepping?
[17:11] <bigcalm> "sudo apt update" results in "54 packages can be upgraded. Run 'apt list --upgradable' to see them."
[17:11] <bigcalm> This is what I see when I ssh into the server: https://paste.ubuntu.com/p/dCMWp5WxpM/
[17:12] <popey> Right, and the date stamp on the  /var/lib/update-notifier/updates-available file suggests perhaps security updates were pending and have now been installed? Check the unattended-upgrades log?
[17:15] <bigcalm> Running "unattended-upgrade" results in no email being sent (previous run did send an email when there was something for it to do)
[17:15] <popey> I meant look at the logs to see what it did. There's a log in /var/log/unattended-upgrades
[17:16] <bigcalm> From the last run https://paste.ubuntu.com/p/wNwfQ5gJWM/
[17:17] <popey> Good news, no security updates to install then. Happy days.
[17:17] <bigcalm> There's nothing for it to upgrade
[17:17] <bigcalm> Indeed!
[17:17] <bigcalm> Except that the MOTD says that there is. That's what I was trying to work out.
[17:17] <bigcalm> You've let me know that a cron job will update it at some point
[17:18] <popey> Sweet
[17:18] <popey> Hapy days
[17:18] <popey> also happy
[17:19] <bigcalm> I guess my expectation was that the MOTD would be updated as and when packages were installed/upgraded. I have new knowledge that I can pass on to the client - "yes we can see what the MOTD says, but that's not always in sync with the truth"
[17:22] <bigcalm> Now I want ribs :|
[21:42] <ball> Anyone have a feel for which is lighter out of lxde and lxqt?
[21:59] <ball> Ah, it sounds as though lxqt is newer, somehow.  I'll try that.