Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
24c875030e
core-agent-linux/misc/apt-conf-70no-unattended
Marek Marczykowski-Górecki 128af0d191
debian: disable timer-based apt-get 
Debian stretch in default configuration calls apt-get update every 24h.
And additionally, have automatic unattended security updates enabled.
Generally it would be good thing on standalone system, but in AppVM
which loose its rootfs changes after restart it is a waste of resources.
Especially when it kicks in on multiple VMs simultaneously, while on
battery (apt-daily.service have ConditionACPower=true, but VM don't have
that information...).

It would make some sense on TemplateVM/StandaloneVM, but then it kicks
in just at VM startup. Which conflicts with starting the update manually
then (by clicking "update VM" button in manager for example, or using
salt).

So, disable this feature completely.

The actual solution is based on pkg-manager-no-autoupdate by @adrelanos.

Fixes QubesOS/qubes-issues#2621
2017-10-19 15:03:06 +02:00

27 lines
1.1 KiB
Plaintext
Raw Blame History

## Based on pkg-manager-no-autoupdate by Patrick Schleizer <adrelanos@riseup.net>
## https://github.com/Whonix/pkg-manager-no-autoupdate
## Disable automatic update check APT::Periodic::Update-Package-Lists
## which is the Debian default in /etc/apt/apt.conf.d/10periodic.
##
## The execution time would be too predictable, thus make us fingerprintable.
##
## 20noperiodic comes after 10periodic in alphabet so it takes precedence.
##
## Quoted from the Debian Handbook
## http://debian-handbook.info/browse/wheezy/sect.apt-get.html
##
## "[...] Each directory represents a configuration file which is split over multiple
## files. In this sense, all of the files in /etc/apt/apt.conf.d/ are instructions
## for the configuration of APT. APT includes them in alphabetical order, so that the
## last ones can modify a configuration element defined in one of the first ones. [...]
##
## That changes take effect can be verified using:
## apt-config dump
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "0";
APT::Periodic::Enable "0";
Reference in New Issue View Git Blame Copy Permalink