apt upgrade 显示有关英特尔微代码更新的警告。我需要做什么吗?

apt upgrade 显示有关英特尔微代码更新的警告。我需要做什么吗?

当我sudo apt upgrade在 Kubuntu 23.10 中运行时,我得到以下输出:

user1@user1-Desktop1:~$ sudo apt upgrade 
Reading package lists... Done
Building dependency tree 
Reading state information... Done
Calculating upgrade... Done
#
# Canonical released microcode updates for both Intel (CVE-2022-40982) and AMD
# (CVE-2023-20593). ‘Unattended upgrades’ provide security updates by default.
# Ensure it remains enabled to always get all updates as they become available.
#
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

我是否需要按照警告中所述启用无人值守升级?如何操作以及为什么我需要做任何事情?

我正在使用 Kubuntu,并使用 GUI 工具从 23.04 升级到 23.10(完全按照说明这里)。我的系统安装大约一个月了。我从未更改过任何内容/etc/apt,一切都是默认的。这是我的/etc/apt/sources.list

# deb cdrom:[Kubuntu 23.04 _Lunar Lobster_ - Release amd64 (20230414.1)]/ lunar main multiverse restricted universe

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://de.archive.ubuntu.com/ubuntu/ mantic main restricted
# deb-src http://de.archive.ubuntu.com/ubuntu/ lunar main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://de.archive.ubuntu.com/ubuntu/ mantic-updates main restricted
# deb-src http://de.archive.ubuntu.com/ubuntu/ lunar-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ mantic universe
# deb-src http://de.archive.ubuntu.com/ubuntu/ lunar universe
deb http://de.archive.ubuntu.com/ubuntu/ mantic-updates universe
# deb-src http://de.archive.ubuntu.com/ubuntu/ lunar-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 
## team, and may not be under a free licence. Please satisfy yourself as to 
## your rights to use the software. Also, please note that software in 
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://de.archive.ubuntu.com/ubuntu/ mantic multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu/ lunar multiverse
deb http://de.archive.ubuntu.com/ubuntu/ mantic-updates multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu/ lunar-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://de.archive.ubuntu.com/ubuntu/ mantic-backports main restricted universe multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu/ lunar-backports main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu mantic-security main restricted
# deb-src http://security.ubuntu.com/ubuntu lunar-security main restricted
deb http://security.ubuntu.com/ubuntu mantic-security universe
# deb-src http://security.ubuntu.com/ubuntu lunar-security universe
deb http://security.ubuntu.com/ubuntu mantic-security multiverse
# deb-src http://security.ubuntu.com/ubuntu lunar-security multiverse

# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.

答案1

您最新的终端输出显示 intel-microcode 已经是最新版本,并且启用了无人值守升级。没有错误消息,因此您的 Ubuntu 是最新的并且受到保护。一切正常,所以您无需执行任何操作。‘Unattended upgrades’ provide security updates by default. Ensure it remains enabled您的主要问题中的不是错误消息,它只是提醒您在 Ubuntu 中启用安全更新。

您收到的消息是 Ubuntu 提醒您启用无人值守升级功能。无人值守升级会自动下载并安装系统的安全更新,无需用户进行任何手动干预。所有当前支持的 Ubuntu 版本都默认启用无人值守升级。保持此功能处于启用状态是一种很好的做法,可确保您的 Ubuntu 始终保持最新且安全。

以下命令将检查 Ubuntu 中当前是否启用了无人值守升级:

sudo apt-config dump | grep -E 'APT::Periodic::Update-Package-Lists|APT::Periodic::Unattended-Upgrade'

该命令的输出应为:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

两行末尾的“1”表示无人值守升级已启用,否则如果任一值设置为“0”,则无人值守升级将被禁用。

要启用无人值守升级,请运行以下命令:

sudo apt install unattended-upgrades

要检查无人值守升级包是否已安装,请运行以下命令:

apt policy unattended-upgrades

Ubuntu 中的英特尔微码更新提高了 Ubuntu 的安全性、性能和稳定性。在英特尔微码更新可用时立即在 Ubuntu 中安装是一种很好的做法。也可以通过运行以下命令在 Ubuntu 中手动安装英特尔微码更新包:

sudo apt install intel-microcode

intel-microcode 软件包通过无人值守升级自动安装和更新。要验证是否如此,您可以检查无人值守升级配置文件:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

查找 50unattended-upgrades 末尾以 开头的行Unattended-Upgrade::Package-Blacklist。如果此行后未列出 intel-microcode 软件包,则该软件包符合无人值守升级的条件。

您的 sources.list 文件中有一些来自 Ubuntu 23.04 lunar 的剩余行,这些行都已被注释掉,因此无需担心。其余未注释掉的行均适用于 Ubuntu 23.10 mantic,正如它们应该的那样。

相关内容