30

I would like to inhibit the generation of the following messages when I ssh into my machine

Expanded Security Maintenance for Applications is not enabled.

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status

For some reason (I do not care to speculate why) these messages are not emitted through the normal motd process, but seem to emanate from update-notifier. There are scripts in the motd directory that appear to generate these messages, but removing them has no effect.

How can I prevent my system from generating these messages at login?

Organic Marble
  • 23,641
  • 15
  • 70
  • 122

4 Answers4

35

These messages are defined in /usr/lib/update-notifier/apt_check.py with no flags to disable them.

Here's a sed command that will neuter the functions that generate the messages by inserting a return statement as the first line of the message function:

sudo sed -Ezi.orig \
  -e 's/(def _output_esm_service_status.outstream, have_esm_service, service_type.:\n)/\1    return\n/' \
  -e 's/(def _output_esm_package_alert.*?\n.*?\n.:\n)/\1    return\n/' \
  /usr/lib/update-notifier/apt_check.py

A diff of the old and new files looks like this:

$ diff -u /usr/lib/update-notifier/apt_check.py{.orig,}
--- /usr/lib/update-notifier/apt_check.py.orig  2023-02-22 11:33:39.476095290 -0500
+++ /usr/lib/update-notifier/apt_check.py   2023-02-22 11:59:41.396527682 -0500
@@ -160,6 +160,7 @@
 def _output_esm_package_alert(
     outstream, service_type, disabled_pkg_count, is_esm=False
 ):
+    return
     " output the number of upgradable packages if esm service was enabled "
     outstream.write("\n")
     if disabled_pkg_count > 0:
@@ -206,6 +207,7 @@

def _output_esm_service_status(outstream, have_esm_service, service_type):


    

  • return
if have_esm_service:
    outstream.write(gettext.dgettext("update-notifier",
                                     "Expanded Security Maintenance for "
    •

Test the fix with this command:

$ /usr/lib/update-notifier/apt_check.py --human-readable
1 update can be applied immediately.
To see these additional updates run: apt list --upgradable

Regenerate the cached message file

sudo /usr/lib/update-notifier/update-motd-updates-available --force
jwatson0
  • 474
  • 3
    Works on Ubuntu 22.10. – bvargo Feb 26 '23 at 19:02
  • 3
    And Ubuntu 22.04 – bvargo Mar 11 '23 at 18:14
  • 1
    Is there an advantage to using /usr/lib/update-notifier/apt_check.py --human-readable vs sudo run-parts /etc/update-motd.d/ to test the patch? – bvargo Mar 11 '23 at 18:19
  • 1
    Interestingly, after apply the fix above, testing with /usr/lib/update-notifier/apt_check.py --human-readable gives the desired output, while testing with sudo run-parts /etc/update-motd.d/ gives the output with ESM junk. Unfortunately I still get the ESM junk on login, which suggests the latter is the better test... :/ – rednoyz Sep 25 '23 at 06:49
  • @rednoyz Just throwing my notes in here: the run-parts command runs teh scripts in that folder, and those scripts really just paste out a text file that's been generated before. I believe if you use jwatson0's last line for regenerating the cached message, that the run-parts command, and your login, will work correctly. – DauntlessRob Nov 15 '23 at 00:40
23

The easiest way I found to avoid this esm message is to comment out the esm-repo in

/var/lib/ubuntu-advantage/apt-esm/etc/apt/sources.list.d/ubuntu-esm-apps.list

# Written by ubuntu-advantage-tools

#deb https://esm.ubuntu.com/apps/ubuntu jammy-apps-security main


deb-src https://esm.ubuntu.com/apps/ubuntu jammy-apps-security main


#deb https://esm.ubuntu.com/apps/ubuntu jammy-apps-updates main


deb-src https://esm.ubuntu.com/apps/ubuntu jammy-apps-updates main
Matt M
  • 113
nobody
  • 5,437
  • 4
    this should be the accepted answer. works perfectly – taiyodayo Mar 04 '23 at 08:19
  • 2
    @taiyodayo I don't have that repo (or even the /var/lib/ubuntu-advantage/apt-esm directory), so this should not be the accepted answer. – Organic Marble Mar 31 '23 at 18:06
  • @OrganicMarble which ubuntu release? Only tested in jammy. – nobody Mar 31 '23 at 18:59
  • @nobody that's a great point. I have 20.04 but I never said that. I'll add the tag. And have an upvote. – Organic Marble Mar 31 '23 at 19:55
  • confirmed this working on Ubuntu 20.04.6 LTS. maybe it is different in older point releases? In that case it is probably advisable to upgrade 20.04 to the latest version. – taiyodayo Apr 03 '23 at 05:55
  • 1
    @taiyodayo I am running 20.04.6. But I have been removing ubuntu advantage's whack-a-mole installs since they started appearing, so maybe that's why I don't have the directories. – Organic Marble Apr 04 '23 at 14:10
  • Weird. I'm also running 22.04 LTS jammy, and the /var/lib/ubuntu-advantage directory exists but is empty. I'm still getting the advertisement spam in the generated MOTD. – Ti Strga Apr 10 '23 at 19:29
  • @TiStrga fresh install or upgrade. (mine is an upgrated release since 19.04) – nobody Apr 11 '23 at 10:28
  • 1
    @nobody Ours are semi-fresh installs. More specifically, they're Canonical's official "pre-configured" images for AWS EC2, but "always have been 22.04 rather than upgraded from earlier LTS," if that's what you mean. Maybe that's the crucial difference? – Ti Strga Apr 11 '23 at 16:22
  • 1
    I reverted my changes in the file I mentioned. And get the esm message back. But I have a simple desktop install no AWS image or something similiar. This could be the difference. – nobody Apr 11 '23 at 16:27
  • Didn't work for me on ubuntu 22.04 – rednoyz Sep 25 '23 at 06:50
5

Using e.g. bash:
create .hushlogin and add something like this to an init file like .bashrc_profile

 grep 'immediately' /var/lib/update-notifier/updates-available
 grep 'security' /var/lib/update-notifier/updates-available
 grep 'upgradable' /var/lib/update-notifier/updates-available
 /etc/update-motd.d/98-reboot-required

On login:

2 updates can be applied immediately.
To see these additional updates run: apt list --upgradable
*** System restart required ***

Note that /var/lib/update-notifier/updates-available may be mode 0600 so you'll have to fix that.

PaulG
  • 51
  • 1
    This looks like a valid approach so +1. I ended up just disabling update-notifier and wrote my own script that runs at login and shows the number of updates. – Organic Marble Feb 09 '23 at 17:57
  • 1
    @OrganicMarble: would you please post that script either here or somewhere else? – bvargo Feb 26 '23 at 19:02
  • @bvargo I posted it in answer to another question, and a smarter user than me pointed out that it was wrong. So now I use the method in the accepted answer here. – Organic Marble Feb 26 '23 at 19:13
1

Finished product

Another way to do it:

cd /etc/update-motd.d/

rm 50-motd-news 91-contract-ua-esm-status

nano /var/lib/update-notifier/updates-available

So that only

  0 updates can be applied immediately.

(One blank line on top, two spaces before '0')

nano 10-help-text

comment out

#printf "\n"[enter image description here][1]
#printf " * Documentation:  https://help.ubuntu.com\n"
#printf " * Management:     https://landscape.canonical.com\n"
#printf " * Support:        https://ubuntu.com/advantage\n"
lane_ftw
  • 11
  • Instead of deleting the /etc/update-motd.d/50-motd-news script entirely, you can also just edit /etc/defaults/motd-news to set ENABLE=0. – L0tad Jan 23 '24 at 15:03