Posted inExperience / Information Technology

Nuking unattended-upgrades

unable to get lock

If you ever needed physical proof AGILE is a false methodology you need look no further than unattended-upgrades in Ubuntu. This Canonical produced and preinstalled piece of software well and truly qualifies as a virus. It is a shining example that no amount of pointing User Stories and hacking on the fly (Sprints) will ever produce a viable architectural software design.

This Canonical produced virus has been afflicting the computing world since at least Ubuntu 18.04 and possibly earlier. A highly privileged background process that blocks all software updates/installs, sometimes for over an hour. It all depends on how sucky your Internet connection is and how much needs to be looked at. God forbid you start a VM without an Internet connection.

Yes, we throw security under the bus once again. Thanks Canonical.

Killing this thing!

The first thing you need to do when you’ve just installed a VM is run the following:

sudo systemctl stop unattended-upgrades
sudo systemctl disable unattended-upgrades.service

# To be certain for a little while
# Future upgrades will install and activate this virus again
#
sudo apt-get purge unattended-upgrades

Many people skip running the purge. Theoretically the purge makes it more difficult for a command line update to re-install this thing.

Keep Killing Jason

Jason from Friday 13th horror series

That really should be the application icon for unattended-upgrades. Perhaps one of them with the giant knife? If you want to protect yourself as much as you can open a text editor and type:

systemctl stop unattended-upgrades
systemctl disable unattended-upgrades.service

Exit and save the file as nuke-unattended.sh

chmod +x nuke-unattended.sh
First time you run crontab for root you have to choose an editor

The very first time you run crontab for root you have to choose an editor. Ordinarily I would choose jed, but I chose nano. Why? Because you are running as root, not yourself, and root doesn’t have my .jedrc file anywhere in its path. I can barely remember how to run jed without my custom tweaks. I can edit with nano as long as I don’t have to search for anything. Emacs, without my custom settings, I can barely function in any more. Don’t choose your favorite editor here because it won’t have your custom config.

You will notice these are all terminal editors. You won’t see a GUI editor in the list. That’s why none of the CsScintilla or RedDiamond editors were listed.

One possible weekly

I haven’t let this one run to be certain @weekly still works. There are various opinions as to what @keyword values are supported for all. The comments above show you how to run things at 5am on Monday. You can find some more information here. An example of @weekly here.

The point is, you can schedule a job to run that executes that shell script as often as you want under root to keep the unattended-upgrades virus at bay. Technically I probably don’t need the full path because I copied it to /bin/.

Roland Hughes started his IT career in the early 1980s. He quickly became a consultant and president of Logikal Solutions, a software consulting firm specializing in OpenVMS application and C++/Qt touchscreen/embedded Linux development. Early in his career he became involved in what is now called cross platform development. Given the dearth of useful books on the subject he ventured into the world of professional author in 1995 writing the first of the "Zinc It!" book series for John Gordon Burke Publisher, Inc.

A decade later he released a massive (nearly 800 pages) tome "The Minimum You Need to Know to Be an OpenVMS Application Developer" which tried to encapsulate the essential skills gained over what was nearly a 20 year career at that point. From there "The Minimum You Need to Know" book series was born.

Three years later he wrote his first novel "Infinite Exposure" which got much notice from people involved in the banking and financial security worlds. Some of the attacks predicted in that book have since come to pass. While it was not originally intended to be a trilogy, it became the first book of "The Earth That Was" trilogy:
Infinite Exposure
Lesedi - The Greatest Lie Ever Told
John Smith - Last Known Survivor of the Microsoft Wars

When he is not consulting Roland Hughes posts about technology and sometimes politics on his blog. He also has regularly scheduled Sunday posts appearing on the Interesting Authors blog.