Automatic reboot after Ubuntu Livepatch

Look Out Explosive Woofy

4/23/24, 12:03 AM

When Ubuntu Livepatch has patched the kernel but recommends restarting to boot into the new version, a message appears in the motd like this:

*** Livepatch has fixed kernel vulnerabilities. System restart recommended on the closest maintenance window

It doesn't touch /run/reboot-required, even when apt upgrade has installed the new kernel.

I'm in the fortunate situation of having a weekly maintenance window, and I would like the system to reboot automatically when Livepatch recommends it. In other words, I want Livepatch's immediate patch functionality, but I don't need marathon uptime.

What's the best way of achieving this? As far as I can tell, there are four possibilities:

Is there a way to set Livepatch to touch /run/reboot-required?
Is there a way to set apt to touch /run/reboot-required after a kernel upgrade, even though Livepatch is active?
Is there a way to set unattended-upgrades to reboot when recommended by Livepatch, even when /run/reboot-required isn't present?
Is there a way to test whether Livepatch is recommending a restart, programmatically? canonical-livepatch kernel-upgrade-required appears to produce specific return codes, but these don't seem to be documented officially.

200

1 + 0

server

canonical-livepatch

22.04

ubuntu-pro

Score:0

Ubuntu

Look Out Explosive Woofy

4/24/24, 6:12 AM

The problem described in the question is a (possibly unforeseen) side effect of a change made by Ubuntu to the unattended-upgrades package.

Until this issue is resolved by Ubuntu, the best workaround I've found is to use this script from current versions of Debian, which will restore usual reboot-required behaviour after kernel upgrades without taking account of Livepatch:

#!/bin/sh

case "$DPKG_MAINTSCRIPT_PACKAGE::$DPKG_MAINTSCRIPT_NAME" in
   linux-image-extra*::postrm)
      exit 0;;
esac

if [ -d /var/run ]; then
    touch /var/run/reboot-required
    if ! grep -q "^$DPKG_MAINTSCRIPT_PACKAGE$" /var/run/reboot-required.pkgs 2> /dev/null ; then
        echo "$DPKG_MAINTSCRIPT_PACKAGE" >> /var/run/reboot-required.pkgs
    fi
fi

Details:

Add it as a new file in the /etc/kernel/postinst.d directory (for example /etc/kernel/postinst.d/x-user-unattended-upgrades).
In some circumstances it may duplicate functionality found in other kernel post-install hook scripts, but it will do so harmlessly.
The system needs to have the unattended-upgrades package installed for the script to be useful.
I've confirmed it's applicable for all recent versions of Ubuntu at time of writing. If you come to this answer at some point in the distant future, double-check it's still applicable and relevant.

A bug has been registered concerning this issue in Launchpad.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Automatic reboot after Ubuntu Livepatch

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.