prevent role to install unattended-upgrades package
mhow2 opened this issue · 5 comments
Version Information
Ansible: 2.9.6
Role: ansible-role-docker-ce
Steps to Reproduce
On Debian Stretch
regular usage just by including the role...
Expected Behavior
Not to install unattended-upgrades
package. We don't want an existing system to suddenly get some package to be automatically installed because we have installed docker via the role.
Actual Behavior
leads to installation of unattended-upgrades
package, through dependency chaining of the package software-properties-common
( coming from variable docker_repository_related_packages
). The later package recommends unattended-upgrades
This being said I'm unsure if it's possible to avoid the installation of software-properties-common
?
Thanks for reporting this. Will have a look at that and what can be done.
@mhow2 Which Debian version are you running this on? I checked in Debian 10 and even if unattented-upgrades
is installed it is still not activated in APT configuration by default what I can see. So it should not cause any unexpected updates to your system even if the package is installed.
Do you see unattented upgrades is activated in your apt configuration?
Documentation: https://wiki.debian.org/UnattendedUpgrades
Avoiding installation of software-properties-common
is not really feasible since I manipulate APT repositories in Ansible and it requires add-apt-repository
etc.
BR,
Hi!
It's on debian stretch, as reported.
When the package is installed, It creates /etc/apt/apt.conf.d/20auto-upgrades
which enables the auto upgrades (as far as I understand, by reading the documentation)
$ cat /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
and /etc/apt/apt.conf.d/50unattended-upgrades enables upgrade for Debian-Security
Or am I missing something ?
Hi,
Sorry missed that you wrote which Debian version you use. I went back and tested on both Debian 9 and 10. The difference there is that in Debian 9 the 20auto-upgrades
is added but it is not in Debian 10.
I cannot really remove the installation package software-properties-common
but maybe add a configuration parameter to ensure that file /etc/apt/apt.conf.d/20auto-upgrades
is not present. Then the behavior between 9 and 10 should be same. @mhow2: Would that be an option?
See below for more details of the files that is created in Debian 9 and 10:
Debian 9
Before installation of unattended-upgrades
:
root@debian9:~# ls /etc/apt/apt.conf.d/
00CDMountPoint 00trustcdrom 01autoremove 01autoremove-kernels 10periodic 20listchanges 20retries 70debconf
root@debian9:~# cat /etc/apt/apt.conf.d/10periodic
APT::Periodic::Enable "0";
After installation of unattended-upgrades
:
ls /etc/apt/apt.conf.d/
00CDMountPoint 00trustcdrom 01autoremove 01autoremove-kernels 10periodic 20auto-upgrades 20listchanges 20packagekit 20retries 50unattended-upgrades 70debconf
root@debian9:~# cat /etc/apt/apt.conf.d/10periodic
APT::Periodic::Enable "0";
root@debian9:~# cat /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
Debian 10
Before installation of unattended-upgrades
:
root@debian10:~# ls /etc/apt/apt.conf.d/
00CDMountPoint 00trustcdrom 01autoremove 01autoremove-kernels 10periodic 20listchanges 20retries 70debconf
root@debian10:~# cat /etc/apt/apt.conf.d/10periodic
APT::Periodic::Enable "0";
After installation of unattended-upgrades
:
root@debian10:~# ls /etc/apt/apt.conf.d/
00CDMountPoint 00trustcdrom 01autoremove 01autoremove-kernels 10periodic 20listchanges 20packagekit 20retries 50unattended-upgrades 70debconf
root@debian10:~# cat /etc/apt/apt.conf.d/10periodic
APT::Periodic::Enable "0";
Won't change this since Debian 9 was EOL at 2020-07-06
https://wiki.debian.org/DebianReleases