ubunyu 9.0 updates

David Curtis dcurtis at uniserve.com
Fri Jun 19 18:16:22 UTC 2009

On Fri, 19 Jun 2009 08:00:21 -0700
Linda Hammans <linda at snowcrest.net> wrote:

> ok, I can live with giving a password.  
> Please don't ask why, but is there a way to have 'update notification'
> automatically pop up instead of having to click on it ?
> thanks, I love this OS. -Linda 


Open a terminal and type 'sudo apt-get install gconf-editor' (if it's not already installed). Then, 'sudo gconf-editor' goto apps/update-notifier and check auto-launch, change auto-launch interval from 7 to 0. Quit gconf-editor, log out of X, log back in.  

You could also do this on the command line with gconftool, which is installed by default. But it's kinda nice actually seeing what your doing and seeing what other behaviors you can modify. 

I disagree with the virus issue the others pointed out, as successful dns poisoning or other sophisticated attacks (on official repos) would necessarily be a cryptographic attack. I would doubt this would be noticed even by an expert doing a manual update/upgrade. This is because apt rejects packages with bad crypto if you ended up updating/upgrading from a bad/compromised archive. If an attack like this was successful (highly doubtful) whether we're automatically updating or manually updating, let's just say we're all screwed. :(

I do agree that if your using unofficial repos that, yes, you definitely want to keep an eye on them and investigate and approve them one by one. But that can be configured within the apt upgrade system.

The biggest problem with automating updates/upgrades is that you tell apt to assume 'yes' for all questions it may ask. Once in a blue moon an upgrade will replace a configuration file. If you've manually edited a configuration file and apt assumes 'yes' and replaces it with the new default configuration file, things can break. Say, for example, we're talking about grub and a /boot/grub/menu.lst. If you've manually edited to include paramaters on the boot line and the file is automatically overwritten, conceivably, you could end up with a non-bootable system.

So, if you have a lot of manually configured settings don't do this. If you think your ok to deal with possible breakage and want to do this to your system you can do a:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

and remove the double // in front of "Ubuntu jaunty-updates"

<Not Recommended>

I would suppose you can also add lines for "Ubuntu jaunty-backports" and "Ubuntu jaunty-proposed" and other repos as you see fit, don't forget the semi-colons, but I have never done this till now so I can't tell you if it works well or not.

</Not Recommended>

hit CTRL-x and y to save.

Do a 'sudo nano /etc/apt/apt.conf.d/10periodic'

change any 0's to 1's as you see fit, I would recommend all of them changed to 1. And add APT::Periodic::Unattended-Upgrade "1";  to the bottom.

hit CTRL-x and y to save.

Again, a last caveat, you can make your system unstable by changing unattended-upgrades, consider it carefully before implementing it.

David Curtis <dcurtis at uniserve.com>

More information about the ubuntu-users mailing list