Score:21

Ubuntu

Inhibit ESM messages at login

Organic Marble

2/6/24, 3:09 PM

I would like to inhibit the generation of the following messages when I ssh into my machine

Expanded Security Maintenance for Applications is not enabled.

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status

For some reason (I do not care to speculate why) these messages are not emitted through the normal motd process, but seem to emanate from update-notifier. There are scripts in the motd directory that appear to generate these messages, but removing them has no effect.

How can I prevent my system from generating these messages at login?

7012

3 + 6

motd

20.04

esm

nobody

2/6/24, 3:31 PM

Maybe this way https://askubuntu.com/questions/1452519/what-are-the-services-apt-news-and-esm-cache-and-how-do-i-disable-them

Organic Marble

2/6/24, 3:35 PM

@nobody thanks, but I already disabled the 'esm-hook'.

nobody

2/6/24, 6:13 PM

`sudo chmod -x /etc/update-motd.d/90-updates-available`

Organic Marble

2/6/24, 6:15 PM

Wouldn't that completely disable update-notifier?

nobody

2/6/24, 6:24 PM

I do not use update-notifier. Another way is to create empty file `$HOME/.hushlogin` But this will disable all motd. Oh ssh maybe this is https://serverfault.com/questions/36421/stop-ssh-login-from-printing-motd-from-the-client helpful.

Organic Marble

2/6/24, 6:26 PM

@nobody disabling update-notifier may be the best approach. If you write that up as an answer, I'll accept it.

Score:23

Ubuntu

jwatson0

2/22/24, 5:20 PM

These messages are defined in /usr/lib/update-notifier/apt_check.py with no flags to disable them.

Here's a sed command that will neuter the functions that generate the messages by inserting a return statement as the first line of the message function:

sudo sed -Ezi.orig \
  -e 's/(def _output_esm_service_status.outstream, have_esm_service, service_type.:\n)/\1    return\n/' \
  -e 's/(def _output_esm_package_alert.*?\n.*?\n.:\n)/\1    return\n/' \
  /usr/lib/update-notifier/apt_check.py

A diff of the old and new files looks like this:

$ diff -u /usr/lib/update-notifier/apt_check.py{.orig,}
--- /usr/lib/update-notifier/apt_check.py.orig  2023-02-22 11:33:39.476095290 -0500
+++ /usr/lib/update-notifier/apt_check.py   2023-02-22 11:59:41.396527682 -0500
@@ -160,6 +160,7 @@
 def _output_esm_package_alert(
     outstream, service_type, disabled_pkg_count, is_esm=False
 ):
+    return
     " output the number of upgradable packages if esm service was enabled "
     outstream.write("\n")
     if disabled_pkg_count > 0:
@@ -206,6 +207,7 @@
 
 
 def _output_esm_service_status(outstream, have_esm_service, service_type):
+    return
     if have_esm_service:
         outstream.write(gettext.dgettext("update-notifier",
                                          "Expanded Security Maintenance for "

Test the fix with this command:

$ /usr/lib/update-notifier/apt_check.py --human-readable
1 update can be applied immediately.
To see these additional updates run: apt list --upgradable

Regenerate the cached message file

sudo /usr/lib/update-notifier/update-motd-updates-available --force

+ 4

Organic Marble

2/22/24, 8:43 PM

This works perfectly.

bvargo

2/26/24, 7:02 PM

Works on Ubuntu 22.10.

bvargo

3/11/24, 6:14 PM

And Ubuntu 22.04

bvargo

3/11/24, 6:19 PM

Is there an advantage to using ` /usr/lib/update-notifier/apt_check.py --human-readable ` vs ` sudo run-parts /etc/update-motd.d/ ` to test the patch?

Score:16

Ubuntu

nobody

2/14/24, 1:51 PM

The easiest way I found to avoid this esm message is to comment the esm-repo in

/var/lib/ubuntu-advantage/apt-esm/etc/apt/sources.list.d/ubuntu-esm-apps.list 
# Written by ubuntu-advantage-tools

#deb https://esm.ubuntu.com/apps/ubuntu jammy-apps-security main
# deb-src https://esm.ubuntu.com/apps/ubuntu jammy-apps-security main

#deb https://esm.ubuntu.com/apps/ubuntu jammy-apps-updates main
# deb-src https://esm.ubuntu.com/apps/ubuntu jammy-apps-updates main

out.

+ 10

taiyodayo

3/4/24, 8:19 AM

this should be the accepted answer. works perfectly

Organic Marble

3/31/24, 6:06 PM

@taiyodayo I don't have that repo (or even the /var/lib/ubuntu-advantage/apt-esm directory), so this should not be the accepted answer.

nobody

3/31/24, 6:59 PM

@OrganicMarble which ubuntu release? Only tested in jammy.

Organic Marble

3/31/24, 7:55 PM

@nobody that's a great point. I have 20.04 but I never said that. I'll add the tag. And have an upvote.

taiyodayo

4/3/24, 5:55 AM

confirmed this working on Ubuntu 20.04.6 LTS. maybe it is different in older point releases? In that case it is probably advisable to upgrade 20.04 to the latest version.

Organic Marble

4/4/24, 2:10 PM

@taiyodayo I am running 20.04.6. But I have been removing ubuntu advantage's whack-a-mole installs since they started appearing, so maybe that's why I don't have the directories.

Ti Strga

4/10/24, 7:29 PM

Weird. I'm also running 22.04 LTS jammy, and the /var/lib/ubuntu-advantage directory exists but is empty. I'm still getting the advertisement spam in the generated MOTD.

nobody

4/11/24, 10:28 AM

@TiStrga fresh install or upgrade. (mine is an upgrated release since 19.04)

Ti Strga

4/11/24, 4:22 PM

@nobody Ours are semi-fresh installs. More specifically, they're Canonical's official "pre-configured" images for AWS EC2, but "always have been 22.04 rather than upgraded from earlier LTS," if that's what you mean. Maybe that's the crucial difference?

nobody

4/11/24, 4:27 PM

I reverted my changes in the file I mentioned. And get the esm message back. But I have a simple desktop install no AWS image or something similiar. This could be the difference.

Score:5

Ubuntu

PaulG

2/9/24, 5:54 PM

Using e.g. bash:
create .hushlogin and add something like this to an init file like .bashrc_profile

 grep 'immediately' /var/lib/update-notifier/updates-available
 grep 'security' /var/lib/update-notifier/updates-available
 grep 'upgradable' /var/lib/update-notifier/updates-available
 /etc/update-motd.d/98-reboot-required

On login:

2 updates can be applied immediately.
To see these additional updates run: apt list --upgradable
*** System restart required ***

Note that /var/lib/update-notifier/updates-available may be mode 0600 so you'll have to fix that.

+ 3

Organic Marble

2/9/24, 5:57 PM

This looks like a valid approach so +1. I ended up just disabling update-notifier and wrote my own script that runs at login and shows the number of updates.

bvargo

2/26/24, 7:02 PM

@OrganicMarble: would you please post that script either here or somewhere else?

Organic Marble

2/26/24, 7:13 PM

@bvargo I posted it in answer to another question, and a smarter user than me pointed out that it was wrong. So now I use the method in the accepted answer here.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Inhibit ESM messages at login

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.