[Software] Is this the demonstrated behavior of Gnome Software Updates?

[Shamak]

I found this from Gnome. A flow chart showing the expected behavior of Gnome Software Updates on the Gnome Wiki. Basically, if automatic updates is set to "on" Gnome Software is supposed to check for updates daily. If it finds critical updates it downloads them and notifies the user. If non-critical updates are found they are downloaded after two weeks and the user is notified at that time.

https://wiki.gnome.org/Design/Apps/Soft ... ive_Design

The banner at the top of the page says it's outdated but I also found this post (at the end of the page) by Milan Crha on Gnome Gitlab from 6 months ago saying that Gnome Software is supposed to follow the flow chart above.

https://gitlab.gnome.org/GNOME/gnome-so ... ssues/2568

When I install Debian with Gnome I generally get a notification about updates being available within a few days. (Can't remember if it says "ready to install" or "ready to download".) I install them. Then in another few days more updates appear on the Gnome Software tab but no notification. At that point I generally assume that Gnome Software has a bug and turn off its update capability.

But now I've found this new information. I'm going to leave it on this time and see what happens but I'm a bit scared to just leave my machine for two weeks without updating, trusting that Gnome Software will send me a notification eventually so I was wondering if the above intended behavior actually works.

P.S. I'm aware that the automatic setting at least applies to Flatpaks but according the the above link it's supposed to have this additional functionality. (If automatic updates are set to off then it's on manual and there's a flowchart on that page for that case.)

I'm hoping that @FreewheelinFrank shows up since he has dealt with this type of question in the past.

[FreewheelinFrank]

I think this was my last journey down that rabbit hole.

viewtopic.php?p=799851&hilit=Gnome+updates#p799851

Not at my PC at the moment. I will have a more careful read in the morning.

[Shamak]

I followed that thread. At least until you got into the triggers and I thought it was too technical for me. But I sometimes give up too quickly. I had a read through it again from the triggers part on. I have the same results.

Code: Select all

$systemctl list-timers
NEXT                        LEFT          LAST                        PASSED      UNIT                         ACTIVATES                     
Sat 2024-11-30 17:33:45 PST 33min left    Sat 2024-11-30 16:40:03 PST 20min ago   anacron.timer                anacron.service
Sat 2024-11-30 18:20:21 PST 1h 19min left Sat 2024-11-30 10:19:46 PST 6h ago      fwupd-refresh.timer          fwupd-refresh.service
Sun 2024-12-01 00:00:00 PST 6h left       -                           -           dpkg-db-backup.timer         dpkg-db-backup.service
Sun 2024-12-01 00:00:00 PST 6h left       Sat 2024-11-30 07:46:03 PST 9h ago      logrotate.timer              logrotate.service
Sun 2024-12-01 00:05:21 PST 7h left       Sat 2024-11-30 12:52:39 PST 4h 8min ago apt-daily.timer              apt-daily.service
Sun 2024-12-01 03:10:53 PST 10h left      Sun 2024-11-24 07:54:38 PST 6 days ago  e2scrub_all.timer            e2scrub_all.service
Sun 2024-12-01 06:18:26 PST 13h left      Sat 2024-11-30 07:59:55 PST 9h ago      apt-daily-upgrade.timer      apt-daily-upgrade.service
Sun 2024-12-01 07:31:44 PST 14h left      Sat 2024-11-30 10:07:36 PST 6h ago      man-db.timer                 man-db.service
Sun 2024-12-01 11:39:28 PST 18h left      Sat 2024-11-30 08:01:03 PST 8h ago      systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Mon 2024-12-02 01:18:47 PST 1 day 8h left Mon 2024-11-25 08:13:26 PST 5 days ago  fstrim.timer                 fstrim.service

But I'm not asking you to get into all of that again. Just curious if you (or others) have observed the expected behavior I listed above.

[Shamak]

I also have a couple of more links. I'm not asking about them nor asking you to read them but here they are if you want to see them. I think the main thing I gathered from them is this idea of "critical-severity" updates. The idea as I understand it is that those updates which are of critical-severity are downloaded and the user is notified regardless of whether or not they are security or non-security updates. If the automatic setting is set to on, that is.

This one is a developer named Michael Catanzaro clarifying the behavior of Gnome Software. His is the chosen answer so it appears just beneath the OP.

https://discussion.fedoraproject.org/t/ ... tes/117225

This one is some developers discussing what the behavior should be. Catanzaro is here too. He seems to be the driving force.

https://pagure.io/fedora-workstation/issue/107

[FreewheelinFrank]

But I'm not asking you to get into all of that again. Just curious if you (or others) have observed the expected behavior I listed above.

I can't say I have observed that exact behaviour, but I haven't used Gnome regularly for several years, and not at all for many months.

When I did use Gnome, I was curious about the update process, and why updates would appear and disappear, or appear and remain, which got me into investigating the update process.

I was just about to comment that the severity level was probably the reason for the delay in notification for some updates, but you beat me to it.

So yes - there seems to be a rational explanation for why you don't see notifications for some updates (at least as quickly).

The gnome-software.log in your link confirms that Gnome is checking appstream metadata, which is what I suspected in the topic I linked to, so thanks for that information.

As mentioned in that topic, there seems to be some overlap between distro update information via packagekit (and Apt in Debian) and appstream metadata, which I suppose could lead to difference in notifications if severity level is inconsistent between distro-independent appstream metadata and distro specific information from Apt. There is also the concern that appstream metadata is not aware of conflicts in available updates in the same way that Apt is - I don't know how legitimate that concern is.

[FreewheelinFrank]

I also have a couple of more links. I'm not asking about them nor asking you to read them but here they are if you want to see them. I think the main thing I gathered from them is this idea of "critical-severity" updates. The idea as I understand it is that those updates which are of critical-severity are downloaded and the user is notified regardless of whether or not they are security or non-security updates. If the automatic setting is set to on, that is.

This one is a developer named Michael Catanzaro clarifying the behavior of Gnome Software. His is the chosen answer so it appears just beneath the OP.

https://discussion.fedoraproject.org/t/ ... tes/117225

This one is some developers discussing what the behavior should be. Catanzaro is here too. He seems to be the driving force.

https://pagure.io/fedora-workstation/issue/107

I'm always interested in information on this subject. It's a shame Gnome hasn't updated their Wiki on this. Last time I checked it was a decade out of date.

I will read the links later. At the moment I am wondering if the critical-severity level is an appstream thing. Relating updates to security advisories (and therefore severity level) seems to be a Redhat/Fedora feature.

https://docs.redhat.com/en/documentatio ... ty-updates

[FreewheelinFrank]

I also have a couple of more links. I'm not asking about them nor asking you to read them but here they are if you want to see them. I think the main thing I gathered from them is this idea of "critical-severity" updates. The idea as I understand it is that those updates which are of critical-severity are downloaded and the user is notified regardless of whether or not they are security or non-security updates. If the automatic setting is set to on, that is.

This one is a developer named Michael Catanzaro clarifying the behavior of Gnome Software. His is the chosen answer so it appears just beneath the OP.

https://discussion.fedoraproject.org/t/ ... tes/117225

This one is some developers discussing what the behavior should be. Catanzaro is here too. He seems to be the driving force.

https://pagure.io/fedora-workstation/issue/107

What a dog's breakfast: notification of updates that aren't ready, no notification of updates that are ready. I hope they have sorted it out now.

Two points I did notice: appstream doesn't apparently do severity. That seems to have been added to PackageKit. I presume Apt must also have some sort of reference to security advisories as that found in Redhat's dnf. This link from the thread:

https://github.com/PackageKit/PackageKit/pull/475

Better: change GNOME Software to quit when it's not doing anything, so it's not constantly running in the background, and schedule the check for updates using a systemd timer unit.

This presumably went through, which is why unattended-upgrades is no longer installed by default with Gnome in Debian.

[Shamak]

Ok thanks! It's all very interesting. Maybe I'll just let Gnome Software do it's thing out of curiosity. If I don't get too anxious just letting updates sit there that is. For example, I think someone mentioned that an update for Firefox might not be critical because of the sandbox and so could wait two weeks. That's an idea I'd have to get used to. Well, we'll see. I mostly want the firmware notifications as Dell's site has become a bit more cumbersome to check after having "improved" it.

Added later: I forgot that I turn off the computer at night so the updates would be installed at that time anyway.

[Shamak]

When I install Debian with Gnome I generally get a notification about updates being available within a few days. (Can't remember if it says "ready to install" or "ready to download".) I install them. Then in another few days more updates appear on the Gnome Software tab but no notification. At that point I generally assume that Gnome Software has a bug and turn off its update capability.

Just found this post by catanzaro which seems to explain this.

If you've just installed fresh, you should be notified about updates immediately because there has not been a successful system update during the past two weeks (or ever).

https://pagure.io/fedora-workstation/issue/107

[FreewheelinFrank]

Ok thanks! It's all very interesting. Maybe I'll just let Gnome Software do it's thing out of curiosity. If I don't get too anxious just letting updates sit there that is. For example, I think someone mentioned that an update for Firefox might not be critical because of the sandbox and so could wait two weeks. That's an idea I'd have to get used to. Well, we'll see. I mostly want the firmware notifications as Dell's site has become a bit more cumbersome to check after having "improved" it.

Added later: I forgot that I turn off the computer at night so the updates would be installed at that time anyway.

Firmware update is possible outside of Gnome Software.

viewtopic.php?t=160856

I don't use Gnome any more and have apt-config-auto-update installed in XFCE, and a simple Genmon script to tell me when updates are available. Often I notice a security update is available from the Debian security mailing list even before the script notification. This morning there was an email about a Webkit update, so I did an update in Synaptic and installed it.

This works well for me at least - no waiting for security updates based on severity level, no caching of updates for weeks and concomitant issues, no update checks at boot, and no upgrade notifications at shutdown.

I don't use flatpacks, so no worries there.

I suppose I could also find any fwupd updates using my script. It seems to refresh itself automatically. Something to work on.

Code: Select all

$ fwupdmgr refresh
Firmware metadata last refresh: 13 hours ago. Use --force to refresh again.

I must check if the Systemd timer for Apt update is applied for an XFCE install, in which case apt-config-auto-update would be unnecessary now.

[Shamak]

Thanks. I was aware of fwupd and have even used it in the past. I think what happened is that it seemed to use a larger portion of my 100 MB efi partition and I became concerned that it would fill up if I took a notion to install Arch or something at some point so I stopped using it and deleted the relevant files. But since then I've reinstalled Windows (dual boot) and it gave me a 500 MB efi partition so that wouldn't be an issue now so something to keep in mind. I kind of like the DE taking care of it automatically so there's that. But it would be easy enough to do everything manually too.