Remove update-notifier-common installation

[jnv]

Per #44.

[kousu]

Hiya!

update-notifier-common generates messages at login (from /etc/update-motd.d/{}) and my users have asked me to remove them. The easiest thing is apt purge update-notifier-common, but then this role countermands that!

[kousu]

I've got a patch for this in #85, if you'd be up for taking a look @jnv.

[kousu]

I take it back. I deployed my patched jnv.unattended-upgrades yesterday, alongside this:

- name: cruft
  apt:
    name: "{{item}}"
    state: absent
    autoremove: yes
    purge: yes
  loop:
    - "update-notifier-common" # Includes summary of upgradable packages in MOTD; irrelevant to most users
                               # and superseded by our aggressive unattended-upgrades configuration.

Overnight I got this email from the server:

subject: unattended-upgrades result for romane.neuro.polymtl.ca: SUCCESS

Unattended upgrade result: All upgrades installed

Packages that were upgraded:
 grub-common grub-pc grub-pc-bin grub2-common intel-microcode
 libpolkit-agent-1-0 libpolkit-gobject-1-0 linux-firmware policykit-1

Package installation log:
Log started: 2021-06-10  06:27:36
Preparing to unpack .../intel-microcode_3.20210608.0ubuntu0.20.04.1_amd64.deb ...
Unpacking intel-microcode (3.20210608.0ubuntu0.20.04.1) over (3.20210216.0ubuntu0.20.04.1) ...
Setting up intel-microcode (3.20210608.0ubuntu0.20.04.1) ...
update-initramfs: deferring update (trigger activated)
intel-microcode: microcode will be updated at next boot
Processing triggers for initramfs-tools (0.136ubuntu6.5) ...
update-initramfs: Generating /boot/initrd.img-5.4.0-74-generic
W: Possible missing firmware /lib/firmware/ast_dp501_fw.bin for module ast
Log ended: 2021-06-10  06:28:00

Log started: 2021-06-10  06:28:01
Preconfiguring packages ...
Can't exec "/tmp/grub-pc.config.Xh9t4S": Permission denied at /usr/share/perl/5.30/IPC/Open3.pm line 281.
open2: exec of /tmp/grub-pc.config.Xh9t4S configure 2.04-1ubuntu26.11 failed: Permission denied at /usr/share/perl5/Debconf/ConfModule.pm line 59.
Preconfiguring packages ...
Can't exec "/tmp/grub-pc.config.Zw3nPC": Permission denied at /usr/share/perl/5.30/IPC/Open3.pm line 281.
open2: exec of /tmp/grub-pc.config.Zw3nPC configure 2.04-1ubuntu26.11 failed: Permission denied at /usr/share/perl5/Debconf/ConfModule.pm line 59.
Preparing to unpack .../grub2-common_2.04-1ubuntu26.12_amd64.deb ...
Unpacking grub2-common (2.04-1ubuntu26.12) over (2.04-1ubuntu26.11) ...
Preparing to unpack .../grub-pc_2.04-1ubuntu26.12_amd64.deb ...
Unpacking grub-pc (2.04-1ubuntu26.12) over (2.04-1ubuntu26.11) ...
Preparing to unpack .../grub-pc-bin_2.04-1ubuntu26.12_amd64.deb ...
Unpacking grub-pc-bin (2.04-1ubuntu26.12) over (2.04-1ubuntu26.11) ...
Preparing to unpack .../grub-common_2.04-1ubuntu26.12_amd64.deb ...
Unpacking grub-common (2.04-1ubuntu26.12) over (2.04-1ubuntu26.11) ...
Setting up grub-common (2.04-1ubuntu26.12) ...
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
Setting up grub2-common (2.04-1ubuntu26.12) ...
Setting up grub-pc-bin (2.04-1ubuntu26.12) ...
Setting up grub-pc (2.04-1ubuntu26.12) ...
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.4.0-74-generic
Found initrd image: /boot/initrd.img-5.4.0-74-generic
Found linux image: /boot/vmlinuz-5.4.0-73-generic
Found initrd image: /boot/initrd.img-5.4.0-73-generic
Found Ubuntu 18.04.5 LTS (18.04) on /dev/sda1
done
Processing triggers for systemd (245.4-4ubuntu3.6) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for install-info (6.7.0.dfsg.2-5) ...
Log ended: 2021-06-10  06:28:10

Log started: 2021-06-10  06:28:11
Preparing to unpack .../policykit-1_0.105-26ubuntu1.1_amd64.deb ...
Unpacking policykit-1 (0.105-26ubuntu1.1) over (0.105-26ubuntu1) ...
Preparing to unpack .../libpolkit-agent-1-0_0.105-26ubuntu1.1_amd64.deb ...
Unpacking libpolkit-agent-1-0:amd64 (0.105-26ubuntu1.1) over (0.105-26ubuntu1) ...
Preparing to unpack .../libpolkit-gobject-1-0_0.105-26ubuntu1.1_amd64.deb ...
Unpacking libpolkit-gobject-1-0:amd64 (0.105-26ubuntu1.1) over (0.105-26ubuntu1) ...
Setting up libpolkit-gobject-1-0:amd64 (0.105-26ubuntu1.1) ...
Setting up libpolkit-agent-1-0:amd64 (0.105-26ubuntu1.1) ...
Setting up policykit-1 (0.105-26ubuntu1.1) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for dbus (1.12.16-2ubuntu2.1) ...
Processing triggers for libc-bin (2.31-0ubuntu9.2) ...
Log ended: 2021-06-10  06:28:13

Log started: 2021-06-10  06:28:14
Preparing to unpack .../linux-firmware_1.187.14_all.deb ...
Unpacking linux-firmware (1.187.14) over (1.187.12) ...
Setting up linux-firmware (1.187.14) ...
update-initramfs: Generating /boot/initrd.img-5.4.0-74-generic
W: Possible missing firmware /lib/firmware/ast_dp501_fw.bin for module ast
update-initramfs: Generating /boot/initrd.img-5.4.0-73-generic
W: Possible missing firmware /lib/firmware/ast_dp501_fw.bin for module ast
Log ended: 2021-06-10  06:29:06



Unattended-upgrades log:
Starting unattended upgrades script
Allowed origins are: origin=Ubuntu,archive=focal, origin=Ubuntu,archive=focal-security, origin=UbuntuESMApps,archive=focal-apps-security, origin=UbuntuESM,archive=focal-infra-security, origin=Ubuntu,archive=focal-updates, origin=Ubuntu,archive=focal-backports
Initial blacklist: 
Initial whitelist (not strict): 
Packages that will be upgraded: grub-common grub-pc grub-pc-bin grub2-common intel-microcode libpolkit-agent-1-0 libpolkit-gobject-1-0 linux-firmware policykit-1
Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
All upgrades installed

I was surprised to see it update intel-microcode without also putting "System restart required" in the subject nor the body.

So I reinstalled update-notifier-common and went hunting:

root@romane:~# dpkg-query -L update-notifier-common | while read c; do if [ -f "$c" ]; then echo "$c"; fi done | xargs -n 1 grep required /tmp/lol 2>/dev/null
/etc/update-motd.d/98-reboot-required:if [ -x /usr/lib/update-notifier/update-motd-reboot-required ]; then
/etc/update-motd.d/98-reboot-required:    exec /usr/lib/update-notifier/update-motd-reboot-required
/usr/lib/update-notifier/apt_check.py:        # required entry in it, we will get the distro name from lsb_release
/usr/lib/update-notifier/apt_check.py:        # required entry in it, we will get the distro name from lsb_release
/usr/lib/update-notifier/update-motd-reboot-required:if [ -f /var/run/reboot-required ]; then
/usr/lib/update-notifier/update-motd-reboot-required:	cat /var/run/reboot-required
/usr/share/update-notifier/notify-reboot-required:echo "*** $(eval_gettext "System restart required") ***" > /var/run/reboot-required
/usr/share/update-notifier/notify-reboot-required:echo "$DPKG_MAINTSCRIPT_PACKAGE" >> /var/run/reboot-required.pkgs
/etc/kernel/postinst.d/update-notifier:echo "*** $(eval_gettext "System restart required") ***" > /var/run/reboot-required
/etc/kernel/postinst.d/update-notifier:echo "$DPKG_MAINTSCRIPT_PACKAGE" >> /var/run/reboot-required.pkgs
/usr/lib/update-notifier/apt-check:        # required entry in it, we will get the distro name from lsb_release
/usr/lib/update-notifier/apt-check:        # required entry in it, we will get the distro name from lsb_release

The two scripts that create /var/run/reboot-required are duplicates and both say:

root@romane:~# diff /usr/share/update-notifier/notify-reboot-required /etc/kernel/postinst.d/update-notifier
root@romane:~# cat /etc/kernel/postinst.d/update-notifier
#!/bin/sh

# we do not include ". gettext.sh" here because:
# a) it breaks if its not available
# b) the string we have here does not need it (because it has no vars)
eval_gettext() {
    if [ -x /usr/bin/gettext ]; then
        echo $(gettext "$1")
    else
        echo "$1"
    fi
}
export TEXTDOMAIN=update-notifier
export TEXTDOMAINDIR=/usr/share/locale

case "$DPKG_MAINTSCRIPT_PACKAGE::$DPKG_MAINTSCRIPT_NAME" in
    linux-image-extra*::postrm)
        exit 0;;
esac

if [ "$0" = "/etc/kernel/postinst.d/update-notifier" ]; then
    DPKG_MAINTSCRIPT_PACKAGE=linux-base
fi

# Wake the applet up
echo "*** $(eval_gettext "System restart required") ***" > /var/run/reboot-required
echo "$DPKG_MAINTSCRIPT_PACKAGE" >> /var/run/reboot-required.pkgs

So install scripts, like intel-microcode's, must be calling notify-reboot-required and silently failing if this isn't here.

Version info

root@romane:~# cat /etc/os-release 
NAME="Ubuntu"
VERSION="20.04.2 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.2 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

root@romane:~# apt list --installed | grep update-notifier

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

update-notifier-common/focal-updates,now 3.192.30.8 all [installed]

root@romane:~# apt-cache show update-notifier-common
Package: update-notifier-common
Architecture: all
Version: 3.192.30.8
Priority: optional
Section: gnome
Source: update-notifier
Origin: Ubuntu
Maintainer: Michael Vogt <michael.vogt@ubuntu.com>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 1161
Pre-Depends: dpkg (>= 1.15.7.2), apt (>= 1.1~)
Depends: python3:any, python3-apt, python3-dbus, python3-debian, python3-debconf | debconf (<< 1.5.64~), python3-distro-info, lsb-release, patch, update-manager-core (>= 1:17.04.2)
Recommends: libpam-modules (>= 1.0.1-9ubuntu3)
Suggests: policykit-1
Replaces: update-notifier (<< 0.75.1)
Filename: pool/main/u/update-notifier/update-notifier-common_3.192.30.8_all.deb
Size: 132392
MD5sum: d6bcbbe0497e02899908480e814214da
SHA1: 4372730a41c2fce7a2fd9125250af59e5ccccb3e
SHA256: 49a7cf1a3795c4b110b6d0ed06f8c7b98880b948b2072036d1e64ef3754eb4ac
SHA512: 55ce984ea25c4416ad476ddb6de4979ac2fa0ba2984a93e51f8f1e674c73e40d6e6b8820f8a6842e9520466cfbe74726216854c54e7d286b0128e3f6d1631b94
Description-en: Files shared between update-notifier and other packages
 Apt setup files and reboot notification scripts shared between
 update-notifier and other packages, notably for server use cases.
Description-md5: 9e55b33c0bb042acf203440099a61649
Task: server, ubuntu-desktop-minimal, ubuntu-desktop, cloud-image, xubuntu-desktop, lubuntu-desktop, ubuntustudio-desktop, ubuntukylin-desktop, ubuntu-mate-core, ubuntu-mate-desktop, ubuntu-budgie-desktop
Phased-Update-Percentage: 0

Package: update-notifier-common
Architecture: all
Version: 3.192.30
Priority: optional
Section: gnome
Source: update-notifier
Origin: Ubuntu
Maintainer: Michael Vogt <michael.vogt@ubuntu.com>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 1386
Pre-Depends: dpkg (>= 1.15.7.2), apt (>= 1.1~)
Depends: python3:any, python3-apt, python3-dbus, python3-debian, python3-debconf | debconf (<< 1.5.64~), patch, update-manager-core (>= 1:17.04.2)
Recommends: libpam-modules (>= 1.0.1-9ubuntu3)
Suggests: policykit-1
Replaces: update-notifier (<< 0.75.1)
Filename: pool/main/u/update-notifier/update-notifier-common_3.192.30_all.deb
Size: 162008
MD5sum: f5fb522ee2c96a9486b2af702d11af8c
SHA1: 05c99d67c0e3314252317aaca273df897aaf21b7
SHA256: c900fb1b639e72e4411f5c1f4871d62e43f0f03e7465409381787edc7fb7537a
Description-en: Files shared between update-notifier and other packages
 Apt setup files and reboot notification scripts shared between
 update-notifier and other packages, notably for server use cases.
Description-md5: 9e55b33c0bb042acf203440099a61649
Task: server, ubuntu-desktop-minimal, ubuntu-desktop, cloud-image, xubuntu-desktop, lubuntu-desktop, ubuntustudio-desktop, ubuntukylin-desktop, ubuntu-mate-core, ubuntu-mate-desktop, ubuntu-budgie-desktop

So #6 is still required even 5 years later on the latest "production" Ubuntu LTS servers.

[kousu]

I take back what I said before, this seems to be safe now! #85 (comment)

[jnv]

I am closing this issue since this role has been deprecated. Feel free to suggest alternatives in #98.