Monday, April 12, 2021

An update on Debian updates

I recently wrote several posts on updates in Debian, on XFCE and Gnome, Bullseye and Buster.

The default, I wrote, was no notifications of updates by default on XFCE in Bullseye, and no automatic updates, and notification of updates and automatic installation of security updates in Gnome on Buster.

However, after applying the same default to XFCE, I noticed that I was actually getting automatic updates to all packages.

Sure enough, Gnome on Buster was also getting more than security updates.

It turns out that unattended-upgrades (the package which installs automatic updates in Debian,  actually updates all packages by default in Debian Buster and later. (The default in previous version of Debian was security updates only.)

I discovered this in a post on the Debian User Forum, which linked to the Debian Buster release information page. I found the NEWS.Debian file thanks to Debian documentation

It reads: 

Unattended-upgrades in previous versions defaulted to install security updates only on Debian by using the label=Debian-Security origin pattern. Now it is changed to allow updates with label=Debian, which allows applying stable updates in stable releases and following all package updates in testing and unstable. 

In stable releases this unlocks installation of security updates depending on package versions present only in stable updates. 

Note that testing and unstable can often contain packages for which installation or upgrade performed by unattended-upgrades fails and requires the administrator to fix the system later.

My fault then for not reading the release information when I upgraded from Stretch.

The Debian Wiki page says:

The purpose of unattended-upgrades is to keep the computer current with the latest security (and other) updates automatically.

Which to me implies that other updates are optional, but obviously not.

I have updated the post on automatic updates in XFCE.  As I am currently using XFCE on Debian Testing, I have disabled updates to all packages by commenting out the line:

//      "origin=Debian,codename=${distro_codename},label=Debian";

I have checked my Gnome installation on Debian Buster, and it also contains the line above, which means that "stable updates" are applied automatically. I've also updated my post on automatic updates in Gnome.

Interestingly, the Gnome Blog states that Gnome will not install updates automatically. unattended-upgrades is a system package and overrides Gnome in Debian, which explains why Gnome notifies me of available updates, but they often disappear before I can install them, with the exception of Chrome, whose repository is not included in unattended-upgrades. NB unattended-upgrades is triggered to run within a randomised period, so the time that update notifications, whether those displayed by default in Gnome, or by the options I described in XFCE (Conky, Genmon), may appear for a few minutes or a few hours before disappearing if you have unattended-upgrades installed.

I hope this post helps anybody struggling, like me, to work out how automatic updates happen in Debian. Apologies for any confusion caused previously.



Tuesday, March 23, 2021

Update notifications in Conky


An improved Conky system updates notification for Debian (The first version and information on how to enable package list update if you are not using Gnome, which I assume you're not, as Gnome already has update notifications.). This one includes the time of the last package list update so you can see that the system is actually checking for updates, and tells you if there are any security updates (it should list package names to if there are security updates, but I haven't been able to test this yet.) The script requires aptitude.

I used the following code:

Linux - display or upgrade security updates only using apt

How to know last time `apt-get update` was executed?

if_match in Conky


Here's the code:

${if_match ${execi 1800 aptitude search "~U" | wc -l}==0}\ ${alignr}No updates available ${alignr}${color grey}Last check:${color} ${execi 1800 ls -l /var/cache/apt/pkgcache.bin | awk '{print $6,$7,$8}'} ${else}${alignr}Updates available: ${execi 1800 aptitude search "~U" | wc -l} ${alignr}Security: ${execi 1800 aptitude search '~U ~ODebian' -F "%p %O"|awk '/Debian-security/' | wc -l} #${execi 1800 aptitude search '~U ~ODebian' -F "%p %O"|awk '/Debian-security/' | wc -l} ${execi 1800 aptitude search '~U ~ODebian' -F "%p %O"|awk '/Debian-Security/ {print $1}'} ${endif}



${execi 1800 ls -l /var/cache/apt/pkgcache.bin | cut -d' ' -f6,7,8}


${execi 1800 ls -l /var/cache/apt/pkgcache.bin | awk '{print $6,$7,$8}'}

The first command would only output the date when the date was one digit only.

Thursday, March 18, 2021

Configure automatic updates gnome

[Updated to reflect the fact that Unattended Upgrades actually installs all packages by default in Debian Buster and later. Interestingly, the Gnome Blog states that Gnome installs only security updates by default correction: doesn't install packages by default, except for Flatpaks. I imagine that as Unattended Upgrades is a system process, it overrides Gnome. If you really only want security updates, edit Unattended Upgrades accordingly.)

If you search for "configure automatic updates gnome" (without the quotes), the third result will be from, which you'd think might be useful, but isn't. The Gnome Help site is rubbish, not by virtue of being badly written or designed, but by virtue of being thirteen years out of date. It refers to Gnome 2 (does anybody use Gnome 2 in 2021) and is not relevant today.

So here is a quick guide to configuring automatic updates in Gnome - in this case on Debian Buster.

The Gnome Help page refers to PackageKit being updated by a cron-job. (PackageKit being an update system that works in different distributions and cron being a job-scheduler.)

This was true in 2007, but today it's the Systemd scheduler that triggers updates, as I wrote about here. In XFCE this is not enabled by default, but in Gnome it is, because the package unattended-upgrades is installed, which sets a configuration file which tells APT (the Debian package manager) to check for updates and automatically install security updates when it is triggered by the Systemd timer.

Configuration is done via launching Software & Updates, or  Synaptic > Settings > Repositories (it's the same window).

We can confirm that configuration settings are set in the unattended-upgrades configuration file 20auto-upgrades by watching it as we change the check interval.


You can of course change the configuration directly by editing the file in etc/apt/apt.conf.d if you wish. It's also possible to turn automatic installation of security updates off via the GUI or the configuration file.

If you look in that folder you will also notice a file called 20packagekit, which is there to make sure PackageKit knows about updates too.

I presume it is still PackageKit that Gnome Software uses to notify you of available updates. I will have to leave that for another investigation. I don't use Gnome Software because it always asks to restart the computer to install updates even through this is not necessary. Maybe it's possible to configure that too.

For now, I hope this post is useful to somebody like me who has observed updates in Gnome 3 and wondered what was happening.


Edit: The default setting for Unattended Upgrades was changed in Buster. The previous default was to apply security updates, but the default now is to update all packages.

I found a note in the "News" file (found in /usr/share/doc/unattended-upgrades) which states:

Unattended-upgrades in previous versions defaulted to install security updates only on Debian by using the label=Debian-Security origin pattern. Now it is changed to allow updates with label=Debian, which allows applying stable updates in stable releases and following all package updates in testing and unstable. 

In stable releases this unlocks installation of security updates depending on package versions present only in stable updates.

Friday, March 12, 2021

XFCE Genmon weather script - New & Improved

I tidied up the old script and added new information available from ansiweather (which the script requires). I made it easy to choose which information to display and the units of measurement by commenting out lines.

And added a notification icon if there is no internet.

The script only requires you to add a city and country once at the top. There are various options for what happens when you click the temperature- go to the website, refresh, or show ansiweather in a terminal. Make sure only the one you want is uncommented. If you choose the refresh option, you will need to find the Genmon ID in your panel, as this varies. Hover over Genmon in Panel Preferences>Items.

As before, save the script in a suitable location and make it executable. Add an instance of Genmon in the panel, enter the path to the script and choose a suitable refresh time in seconds.



#try city,country code or look up at
data_metric=$(ansiweather -l $location -u metric -s true -a false -d true)
data_imperial=$(ansiweather -l $location -u imperial -s true -a false -d true)
#comment out one if you want only metric or only imperial
data7day=$(ansiweather -l $location -u metric -s true -a false -f 7) #centigrade
#data7day=$(ansiweather -l $location -u imperial -s true -a false -f 7) #fahrenheit

city=$(echo "$data_metric" | awk '{print $3}')
temp=$(echo "$data_metric" | awk '{print $5$6}') #city,temp,°C
#temp=$(echo "$data_imperial" | awk '{print $5$6}') #city,temp,°F
symbol=$(echo "$data_metric" | awk '{print $7}')
#wind=$(echo "$data_metric" | awk '{print $9,$11,$12,$13}') #wind,m/s
wind=$(echo "$data_imperial" | awk '{print $9,$11,$12,$13}') #wind,mph
humidity=$(echo "$data_imperial" | awk '{print $15,$17$18}') #humidity
pressure=$(echo "$data_metric" | awk '{print $20,$22,$23}') #pressure,hPa
#pressure=$(echo "$data_imperial" | awk '{print $20,$22,$23}') #pressure,inHg
sunrise=$(echo "$data_metric" | awk '{printf "%7s %.5s %s\n", $25,$29,$30}') #sunrise
sunset=$(echo "$data_metric" | awk '{printf "%-7s %.5s %s\n", $32,$36,$37}') #sunset

forecast=$(echo "$data7day" | awk 'BEGIN {format="%s %7s%s  %s\n"} #7-day-forcast
            {printf format, $4,$7,$8,$9}
            {printf format, $11,$14,$15,$16}
            {printf format, $18,$21,$22,$23}
            {printf format, $25,$28,$29,$30}
            {printf format, $32,$35,$36,$37}
            {printf format, $39,$42,$43,$44}
            {printf format, $46,$49,$50,$51}')

PANEL+="<txtclick>firefox --new-tab --url$location[city code number]</txtclick>"
#PANEL+="<txtclick>xfce4-panel --plugin-event=genmon-*:refresh:bool:true</txtclick>"
#Replace "*" with the ID number from the XFCE panel - Preferences>Items (Hover)
#PANEL+="<txtclick>xterm -hold -e  ansiweather -l $location -s true -f 7</txtclick>"

TOOLTIP+="<span weight='bold' font='sans regular'>W E A T H E R</span>\n\n"
TOOLTIP+="<span font= 'sans regular'>$city</span>\n"
TOOLTIP+="Now: $temp $symbol\n\n"
#TOOLTIP+="<span font= 'sans regular'>$wind</span>\n"
#TOOLTIP+="<span font= 'sans regular'>$humidity</span>\n"
#TOOLTIP+="<span font= 'sans regular'>$pressure</span>\n\n"
TOOLTIP+="<span font= 'monospace regular'>$forecast</span>\n\n"
TOOLTIP+="<span font= 'sans regular'>$sunrise</span>\n"
TOOLTIP+="<span font= 'sans regular'>$sunset</span>\n\n"
#TOOLTIP+="<span weight='bold' font='sans regular'>Click to update</span>"
TOOLTIP+="<span weight='bold' font='sans regular'>OpenWeather</span>"

if [[ -z "$data7day" || "$data7day" == "ERROR: Cannot fetch weather data" ]]; then

echo "<icon>network-offline</icon>"
echo "<tool>No Internet</tool>"
  echo -e "${PANEL}"
  echo -e "${TOOLTIP}"

[Edit: you will have to go to and search for the city code number for your town if you want to open the web page on clicking the icon. The script passed the town and city details to the browser, but my browser was opening the correct location because I'd used the page before.]

Monday, March 8, 2021

Things that are fixed in Debian Bullseye

A kernel and lots of firmware updates and Bluetooth is working!

This fixes the issue of the kernel not recognising the Bluetooth adapter because the vendor had reused the chip identifier, with the following message in dmesg.

Bluetooth: hci0: don't support firmware rome 0x31010100

A simple Conky weather script

The script requires ansiweather. It's pretty much self explanatory. Add your town and country code, comment out items you don't want, or double up for extra locations.


#try city,country code or look up at
data_metric=$(ansiweather -l $location -u metric -s true -a false -d true)
data_imperial=$(ansiweather -l $location -u imperial -s true -a false -d true)
#comment out one if you want only metric or only imperial
forecast=$(ansiweather -l $location -u metric -s true -a false -f 7)

echo "W E A T H E R"
echo ""
echo "$data_metric" | awk '{print $3,$5$6,$7}'#city,temp,°C
#echo "$data_imperial" | awk '{print $3,$5$6,$7}'#city,temp,°F
echo ""
echo "$data_imperial" | awk '{print $9,$11,$12,$13}'#wind,mph
#echo "$data_metric" | awk '{print $9,$11,$12,$13}'#wind,m/s
echo "$data_metric" | awk '{print $15,$17$18}'#humidity
echo "$data_metric" | awk '{print $20,$22,$23}'#pressure,hPa
#echo "$data_imperial" | awk '{print $20,$22,$23}'#pressure,inHg
echo ""
echo "$data_metric" | awk '{printf "%7s %.5s %s\n", $25,$29,$30}'#sunrise
echo "$data_metric" | awk '{printf "%-7s %.5s %s\n", $32,$36,$37}'#sunset 
echo ""
echo "Forecast"
echo ""
echo "$forecast" | awk 'BEGIN {format="%s %7s%s  %s\n"}
            {printf format, $4,$7,$8,$9}
            {printf format, $11,$14,$15,$16}
            {printf format, $18,$21,$22,$23}
            {printf format, $25,$28,$29,$30}
            {printf format, $32,$35,$36,$37}
            {printf format, $39,$42,$43,$44}
            {printf format, $46,$49,$50,$51}'
echo ""

Sunday, March 7, 2021

Toshiba laptop gets a memory upgrade

Previously on this blog I described how my laptop was using 93% of its available RAM and 69% of available swap memory after a few hours use, largely due to having a dozen or more browser tabs open. Not an ideal situation. That doesn't leave any memory available to open up a word processing application or an image editor without the computer slowing down as Firefox is forced to cache tab content to disk. I have noticed that with several memory-intensive programs running, background programs are very slow to reopen, presumable because they have cached content to the disk. And of course with both RAM and swap (virtual memory) almost full, it leaves the computer likely to experience thrashing and crashing, if a program uses too much memory, whether due to me asking it to work on a large file, or some sort of bug causing excessive memory use.

So, time for some new memory. I found an identical card to the existing 4GB card in the laptop on eBay and popped it in the empty slot.

I didn't take a picture, but I have one from when I cleaned the fan (hence the very dusty fan in the corner). The procedure is very simple. Pull out the metal cover between the two sockets, put in the new card pins into socket at a 45 degree angle, push it down till it clicks, and replace the metal cover. Be careful because it has a lug on one side that goes into a hole in the board. Don't forget to earth yourself. I put my naked toe on the copper radiator pipe - only issue in the winter, it's hot, ouch!

A useful command to check memory is:

dmidecode --type memory | less

Which tells you about the cards installed, including manufacturer, part number and specification, all of which matched for my eBay card, although the label was different - something I will have to investigate later.

Here is a comparison shot of Task Manager with 43(!) tabs open in Firefox.

Swap memory has also increased since my previous post, when the laptop had 975MB of swap. The default installation of Debian Bullseye created this much swap. Supposedly this is done automatically according to memory and hard disk space available, but my other computer has the same amount of memory and the same hard disk size, and yet it has four times as much swap.

There are a lot of different recommendations for swap size on the internet, but 975MB certainly seems too small a size - it certainly isn't big enough to hibernate the computer because that involves writing the entire memory to disk, and 4GB won't fit in 975MB. Swap memory was at 69% as mentioned before, which doesn't allow much room for manoeuvrer. 

Increasing the size of swap memory was actually fairly easy, but it does involve booting into a GParted live CD or USB. Once I had done so I could shrink the main partition to make room for the swap partition to expand. The swap partition is found inside an extended partition, at the "end" of the main partition, so it's necessary to move the extended partition to the left before expanding the swap partition.

Grab the arrows at the ends of the partition to resize because the buttons take forever.

I gave the extended swap partition 9542MB, a fairly arbitrary figure, but as I actually did this before adding the extra RAM, it meant I had over twice as much swap as RAM. Surely enough to hibernate?

I tried hibernating the computer, but unfortunately ran into a video driver bug that means the screen remains blank after coming out of hibernation.

kernel: [drm:radeon_dp_link_train [radeon]] *ERROR* displayport link status failed
kernel: [drm:radeon_dp_link_train [radeon]] *ERROR* clock recovery failed
kernel: [drm:radeon_dp_link_train [radeon]] *ERROR* displayport link status failed
kernel: [drm:radeon_dp_link_train [radeon]] *ERROR* clock recovery failed
Oh, well. On a 500GB disk, I'm not really missing 9.5GB. The computer hasn't touched available swap space since I installed the new memory, but maybe the video bug will get fixed and allow hibernation at some point.