If you ever needed physical proof AGILE is a false methodology you need look no further than unattended-upgrades in Ubuntu. This Canonical produced and preinstalled piece of software well and truly qualifies as a virus. It is a shining example that no amount of pointing User Stories and hacking on the fly (Sprints) will ever produce a viable architectural software design.
This Canonical produced virus has been afflicting the computing world since at least Ubuntu 18.04 and possibly earlier. A highly privileged background process that blocks all software updates/installs, sometimes for over an hour. It all depends on how sucky your Internet connection is and how much needs to be looked at. God forbid you start a VM without an Internet connection.
Yes, we throw security under the bus once again. Thanks Canonical.
Killing this thing!
The first thing you need to do when you’ve just installed a VM is run the following:
sudo systemctl stop unattended-upgrades
sudo systemctl disable unattended-upgrades.service
# To be certain for a little while
# Future upgrades will install and activate this virus again
sudo apt-get purge unattended-upgrades
Many people skip running the purge. Theoretically the purge makes it more difficult for a command line update to re-install this thing.
Keep Killing Jason
That really should be the application icon for unattended-upgrades. Perhaps one of them with the giant knife? If you want to protect yourself as much as you can open a text editor and type:
systemctl stop unattended-upgrades
systemctl disable unattended-upgrades.service
Exit and save the file as nuke-unattended.sh
chmod +x nuke-unattended.sh
The very first time you run crontab for root you have to choose an editor. Ordinarily I would choose jed, but I chose nano. Why? Because you are running as root, not yourself, and root doesn’t have my .jedrc file anywhere in its path. I can barely remember how to run jed without my custom tweaks. I can edit with nano as long as I don’t have to search for anything. Emacs, without my custom settings, I can barely function in any more. Don’t choose your favorite editor here because it won’t have your custom config.
I haven’t let this one run to be certain @weekly still works. There are various opinions as to what @keyword values are supported for all. The comments above show you how to run things at 5am on Monday. You can find some more information here. An example of @weekly here.
The point is, you can schedule a job to run that executes that shell script as often as you want under root to keep the unattended-upgrades virus at bay. Technically I probably don’t need the full path because I copied it to /bin/.