Re: unattended-upgrades downloaded package information only from the sources in sources.list.d directory ignoring sources.list file
Hi, looks like the culprit is a /etc/cron.daily/do-agent cron-job which executes the /opt/digitalocean/do-agent/scripts/update.sh script which includes following if statement: if command -v apt-get 2&>/dev/null; then apt-get -qq update -o Dir::Etc::sourcelist="sources.list.d/digitalocean-agent.list" -o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="1" apt-get -qq install -y --only-upgrade do-agent /* output removed for brevity */ '-o APT::Get::List-Cleanup="1"' flushes other repositories.. Martin
Re: unattended-upgrades downloaded package information only from the sources in sources.list.d directory ignoring sources.list file
> I did some further debugging and it is the > /usr/lib/apt/apt.systemd.daily script executed by apt-daily systemd > service unit which updates the package index from the sources: I configured cron with one minute interval to log the output of "apt policy" with a timestamp into a log file in order to understand when exactly the repository list is messed up. Turns out, that /usr/lib/apt/apt.systemd.daily script executed by apt-daily systemd service unit does not mess up the repository list. It happened between "Sat Jun 8 06:25:01 UTC 2019" and "Sat Jun 8 06:26:01 UTC 2019". When I check the logs for 06:00 to 06:30 time-period, then following was logged: $ sudo journalctl --since "2019-06-08 06:00:00" --until "2019-06-08 06:30:00" -- Logs begin at Mon 2019-05-13 19:38:07 UTC, end at Sat 2019-06-08 08:11:24 UTC. -- Jun 08 06:25:04 vps systemd[1]: Reloading The Apache HTTP Server. Jun 08 06:25:05 vps systemd[1]: Reloaded The Apache HTTP Server. Jun 08 06:25:05 vps liblogging-stdlog[556]: [origin software="rsyslogd" swVersion="8.24.0" x-pid="556" x-info="http://www.rsyslog.com;] rsyslogd was HUPed $ What and why is sending those signals to processes? Could it somehow affect the repository list..? thanks, Martin
Re: unattended-upgrades downloaded package information only from the sources in sources.list.d directory ignoring sources.list file
> Looks like the "apt update" or equivalent ran by unattended-upgrades > ignored the /etc/apt/sources.list file and used only > /etc/apt/sources.list.d/digitalocean-agent.list as a source for > repositories. > What might cause this behavior? I did some further debugging and it is the /usr/lib/apt/apt.systemd.daily script executed by apt-daily systemd service unit which updates the package index from the sources: # update package lists UPDATED=0 UPDATE_STAMP=/var/lib/apt/periodic/update-stamp if check_stamp $UPDATE_STAMP $UpdateInterval; then if eval apt-get $XAPTOPT -y update $XSTDERR; then /* output removed fro brevity */ Now I set the APT::Periodic::Verbose value to "2": $ apt-config dump APT::Periodic::Verbose APT::Periodic::Verbose "2"; $ ..and actually the entries in /etc/apt/sources.list file are not ignored: $ sudo journalctl --since today --no-pager -u apt-daily -- Logs begin at Mon 2019-05-13 19:38:07 UTC, end at Thu 2019-06-06 08:40:31 UTC. -- Jun 06 00:49:10 vps systemd[1]: Starting Daily apt download activities... Jun 06 00:49:10 vps apt.systemd.daily[31062]: verbose level 2 Jun 06 00:49:10 vps apt.systemd.daily[31062]: Reading package lists... Jun 06 00:49:10 vps apt.systemd.daily[31062]: Building dependency tree... Jun 06 00:49:10 vps apt.systemd.daily[31062]: Reading state information... Jun 06 00:49:10 vps apt.systemd.daily[31062]: check_stamp: interval=86400, now=1559779200, stamp=1559692800, delta=86400 (sec) Jun 06 00:49:10 vps apt.systemd.daily[31062]: Get:1 http://security.debian.org stretch/updates InRelease [94.3 kB] Jun 06 00:49:10 vps apt.systemd.daily[31062]: Ign:2 http://mirrors.digitalocean.com/debian stretch InRelease Jun 06 00:49:10 vps apt.systemd.daily[31062]: Get:3 http://mirrors.digitalocean.com/debian stretch-updates InRelease [91.0 kB] Jun 06 00:49:10 vps apt.systemd.daily[31062]: Hit:4 http://mirrors.digitalocean.com/debian stretch Release Jun 06 00:49:10 vps apt.systemd.daily[31062]: Get:5 http://security.debian.org stretch/updates/main Sources [205 kB] Jun 06 00:49:10 vps apt.systemd.daily[31062]: Get:6 http://security.debian.org stretch/updates/main amd64 Packages [492 kB] Jun 06 00:49:10 vps apt.systemd.daily[31062]: Get:7 https://repos.insights.digitalocean.com/apt/do-agent main InRelease [5,132 B] Jun 06 00:49:10 vps apt.systemd.daily[31062]: Fetched 888 kB in 0s (1,643 kB/s) Jun 06 00:49:11 vps apt.systemd.daily[31062]: Reading package lists... Jun 06 00:49:11 vps apt.systemd.daily[31062]: download updated metadata (success). Jun 06 00:49:11 vps apt.systemd.daily[31062]: send dbus signal (success) Jun 06 00:49:11 vps apt.systemd.daily[31062]: check_stamp: interval=0 Jun 06 00:49:11 vps apt.systemd.daily[31062]: download upgradable (not run) Jun 06 00:49:11 vps apt.systemd.daily[31062]: unattended-upgrade -d (not run) Jun 06 00:49:11 vps systemd[1]: Started Daily apt download activities. $ However, again, at the morning "apt policy" listed only the repository in /etc/apt/sources.list.d/digitalocean-agent.list file: $ apt policy Package files: 100 /var/lib/dpkg/status release a=now 500 https://repos.insights.digitalocean.com/apt/do-agent main/main amd64 Packages release o=. main,a=main,n=main,l=. main,c=main,b=amd64 origin repos.insights.digitalocean.com Pinned packages: $ After running manually the "sudo apt update" command, the apt downloaded >50MiB of packages data and output of "apt policy" listed all the repositories. Log files in /var/log/apt/ directory have not been updated. What could cause such behavior? How to debug this further? thanks, Martin
unattended-upgrades downloaded package information only from the sources in sources.list.d directory ignoring sources.list file
Hi, in order to test unattended-upgrades I downgraded yesterday(4.06) packages iceweasel, qemu-utils and thunderbird: # # "apt list --upgradable" command below was executed on 4.06 # apt list --upgradable Listing... Done iceweasel/stable 60.7.0esr-1~deb9u1 all [upgradable from: 52.9.0esr-1~deb9u1] qemu-utils/stable 1:2.8+dfsg-6+deb9u6 amd64 [upgradable from: 1:2.8+dfsg-6+deb9u5] thunderbird/stable 1:60.7.0-1~deb9u1 amd64 [upgradable from: 1:60.6.1-1~deb9u1] # As expected, the unattended-upgrades ran today(5.06) morning, but it reported, that "No packages found that can be upgraded unattended and no pending auto-removals". Indeed, when I checked for example "apt policy iceweasel", then the apt saw the installed version as the latest one: $ sudo apt policy iceweasel iceweasel: Installed: 52.9.0esr-1~deb9u1 Candidate: 52.9.0esr-1~deb9u1 Version table: *** 52.9.0esr-1~deb9u1 100 100 /var/lib/dpkg/status $ "apt policy" listed only the repository configured in /etc/apt/sources.list.d/digitalocean-agent.list while ignoring the ones in sources.list: # apt policy Package files: 100 /var/lib/dpkg/status release a=now 500 https://repos.insights.digitalocean.com/apt/do-agent main/main amd64 Packages release o=. main,a=main,n=main,l=. main,c=main,b=amd64 origin repos.insights.digitalocean.com Pinned packages: # After executing "apt update", the rest of the repositories were again seen in the output of "apt policy" and for example, the iceweasel was again upgradable to 60.7.0esr-1~deb9u1: $ sudo apt policy iceweasel iceweasel: Installed: 52.9.0esr-1~deb9u1 Candidate: 60.7.0esr-1~deb9u1 /* output removed for brevity */ $ Looks like the "apt update" or equivalent ran by unattended-upgrades ignored the /etc/apt/sources.list file and used only /etc/apt/sources.list.d/digitalocean-agent.list as a source for repositories. What might cause this behavior? thanks, Martin