SoftwareUpdates

Differences between revisions 97 and 98
Revision 97 as of 2013-01-14 10:52:43
Size: 35049
Editor: mpt
Comment: + bug 802065 (Soft-reboot using kexec instead of hard-rebooting)
Revision 98 as of 2013-01-16 18:01:54
Size: 35049
Editor: mpt
Comment: wireframe -> mockup for initial alert
Deletions are marked like this. Additions are marked like this.
Line 137: Line 137:
{{attachment:updates-initial.jpg}} {{attachment:updates-initial.png}}
  • Packages affected: software-properties, update-manager, update-notifier, ubuntu-release-upgrader

This is a living specification for how Ubuntu should present, download, and install software updates. It is part of Ubuntu’s overall software handling.

Our presentation of software updates should carefully balance promptness against interruption, and automation against informed consent, to maximize the prompt installation of updates across the millions of computers on which Ubuntu is installed.

How you can help

This specification includes many small changes and enhancements to the current update behavior, but they can be implemented in any order. Grab the code and submit your own branch.

Update settings

update-settings.png

The “When checking for updates, check for:” menu should contain options for “All updates” (the default, -security + -updates + -backports), “Security and recommended updates” (-security + -updates), and “Security updates only” (-security) (fixing bug 887079). If your current update config does not match one of those three options (for example, if you have opted in to -proposed), there should be a fourth, checked, option: “Custom”, and this option should persist until you close System Settings. (UI for configuring -proposed should be provided by the Ubuntu Contributor Console.)

The “Automatically check for updates:” menu should contain options for “Daily” (the default), “Every two days”, “Weekly”, “Every two weeks”, a separator, and “Never”.

The “When there are security updates:” menu should contain options “Display immediately” (the default), “Download automatically”, and “Download and install automatically”.

The “When there are other updates:” menu should contain options “Display immediately”, “Display weekly” (the default), and “Display every two weeks”.

The “Notify me of a new Ubuntu version:” menu should contain options “For any new version” (the default for a non-LTS, replacing “Normal releases”), “For long-term support versions” (the default for an LTS, replacing “Long term support releases only”), and “Never”, in that order.

Idea: Make this more predictable by letting you specify which day of the week it opens. [mvo]

Checking for updates automatically

If “Automatically check for updates” is checked, Ubuntu should become due to check for updates at the specified interval after updates were last checked. Once it is due to check for updates, it should try to check one minute after the first time any administrator connects to the Internet (fixing bug 323108). By default, it should not display any interface while checking.

What if broken proxy rules etc prevent successful checks indefinitely?

Downloading and installing updates automatically

If “When there are security updates” is set to “Download automatically” or “Download and install automatically”, and security updates are available, they should download in the background.

Launching

The Launcher icon for Software Updater should not use a badge, because (unlike with opt-in updates) the number of system updates available is not interesting.

Launching manually

Launching Software Updater manually should immediately begin an interactive check for updates, without showing any other interface beforehand (invalidating bug 289404).

Checking manually

When checking interactively, Software Updater should display only a progress window. As with any other progress window, the window should have a minimize button but no maximize or close button, and should be 33 em wide.

check-manual.jpg

Erratum: The “Cancel” button should read “Stop”, since it’s possible a partial or previous check may have some available updates.

If you stop the check, the progress window should morph into an info alert with the title “Software Updater” and primary text “You stopped the check for updates.”. If the partial check, and any previous check, found no installable updates, this should be followed simply by “Settings…”, “Check Again”, and “OK” buttons. But if the partial check, and any previous check, did find installable updates, the alert should be a variation of the updates-available alert, with the different primary text, and secondary text “Updated software is available from a previous check.”.

check-manual-stopped.png

check-manual-stopped-available.png

If the check fails because of an error, the progress window should morph into an error alert, with the title “Software Updater” and primary text depending on the exact situation (part of bug 1026060).

check-manual-error.png

If no updates are available, but previous updates require a restart, the progress window should morph into the restart-required alert.

requires-restart.png

If no updates are available and no previous updates require a restart, the progress window should morph into a note alert.

up-to-date.jpg

If updates are available, the progress window should instead morph into the “Updates Available” alert.

Launching automatically

Update Manager should launch automatically, in the background but not minimized, when the computer has been connected to the Internet for at least one minute (bug 385433), you are logged in as an administrator, and either:

  1. security updates are available, it has been at least 24 hours since security updates were last displayed, and either of these are true:

    1. “When there are security updates” is set to “Display immediately”; or
    2. “When there are security updates” is set to “Download automatically”, and the security updates have finished downloading; or

    b. non-security updates are available, and all of these are true:

    1. the “When there are other updates” interval has passed since Software Updater was last open (either automatically or manually);
    2. the “When there are other updates” interval has passed since updates were last installed by any manual method (e.g. apt-get or Synaptic, but not unattended-upgrades);

    3. no other package management utility (e.g. Synaptic or Ubuntu Software Center) is running.

Test case: (su-001)

  1. Install Ubuntu.
  2. Log in to the new Ubuntu installation for the first time.
  3. In “Software Sources” > “Updates”, choose “Check for updates: Daily” and “Install security updates without confirmation”.

  4. At a terminal, run sudo /etc/cron.daily to trigger the background installation of security updates.

  5. Once cron.daily has exited, run killall update-notifier && NO_FAKE_STAT=1 faketime -f +1d update-notifier to test the update-notifier behavior. Update Manager should open, displaying only non-security updates.

Need several more test cases here.

Optional updates

Once presentation of any optional (NotAutomatic) updates has been implemented in Ubuntu Software Center, those particular updates should no longer cause the “Updates Available” alert to appear. They should still be shown in the alert when it appears for any other reason, but they should not be checked (and should therefore not be installed) by default.

Handling uninstallable updates

If installing available updates would remove ubuntu-desktop, Software Updater should treat the updates as uninstallable.

Initial implementation

If an automatic check for updates finds that they are uninstallable, Software Updater should not launch at all.

If a manual check for updates finds that they are uninstallable, the progress window should morph to an error alert with “Settings…” and “OK” buttons. Its primary text should be “Ubuntu can’t be updated at the moment. Please try again later.”. Its secondary text should be “Updates currently available would remove critical Ubuntu components. If this problem persists, contact the software vendor.” And above the “Settings…” button should be a “Details” expander that expands to reveal a pane containing the apt error message.

Advanced implementation

  • If an automatic check shows that updates to Ubuntu packages are the cause of the problem, Software Updater should not launch at all.
  • If a manual check shows that updates to Ubuntu packages are the cause of the problem, then:
    • If you are running a pre-release Ubuntu version, then the progress window should morph to an error alert as described above, except that its secondary text should be “Updates currently available would remove critical Ubuntu components. This sometimes happens with pre-release Ubuntu versions.”

      updates-uninstallable-prerelease.png

    • If you are running an Ubuntu release, then the progress window should morph into an error alert as described above, except that its secondary text should be “Updates currently available would remove critical Ubuntu components. If this problem persists for several days, seek technical support.”
  • If either an automatic or manual check shows that updates to third-party software are the cause of the problem, then an error alert should open (or the progress window should morph into an error alert) with “Settings…” and “OK” buttons. Its primary text should be “Software updates are available, but some installed software is preventing updates.” Its secondary text should be ‘Updates to “{package name}” would remove critical Ubuntu components. If this problem persists for several days, contact the software vendor.’

Presenting installable updates

If a check shows that updates are available, an “Updates Available” alert should appear. (Like any progress window before it, it should be 33 em wide.) If the check was automatic, the alert should open non-minimized but unfocused.

updates-initial.png

If this is the first time Software Updater has launched since Ubuntu was installed, and this is a release version (not a daily/alpha/beta), the primary text should be “Updated software has been issued since Ubuntu {version} was released. Do you want to install it now?” Otherwise it should be: “Updated software is available for this computer. Do you want to install it now?”

This should be followed by an expander with the label “Details of updates”, that is collapsed by default but remembers its state between sessions. Expanding it should expand the alert to show the list of updates. Collapsing it should return the alert to its previous size.

The secondary text for the alert should consist of one or more list items, depending on the exact situation, each introduced by a mini icon:

  • The first item should be the amount that needs downloading, of the form “{amount} will be downloaded.”, e.g. “17.4 MB will be downloaded.”, with a download icon. If all the updates have already been downloaded, it should be of the form “The update has already been downloaded.” or “The updates have already been downloaded.”, with a greyed-out download icon. The amount should update automatically whenever you unselect or reselect updates in the list, or once per second when updates are downloading in the background.

  • Whenever any of the checked updates will require restarting the computer (as indicated in debian/control), there should be an item with a restart icon and the text: “The computer will need to restart.” ( fixing bug 255443 ) The item should automatically disappear or appear (with the alert resizing appropriately) if you deselect all, or reselect any, of the updates that require a restart.

  • Whenever the current Internet connection is mobile broadband, there should be an item with a mobile broadband icon and the text: “You may want to wait until you’re not using a mobile broadband connection.” (fixing bug 776374). The item should automatically appear or disappear (with the alert resizing appropriately) if the computer starts or stops using mobile broadband while the alert is open.

  • Whenever there is no Internet connection and at least one of the updates has not yet been downloaded, there should be an item with exactly the same icon as the networking menu is currently using for its title, and the text “You need an Internet connection to download updates.” (part of bug 1026060).

  • Whenever the computer is running on battery, there should be an item (fixing bug 484249 and bug 494772) with exactly the same battery icon as the battery menu is currently using for the battery, and the text: “It’s safer to connect the computer to AC power before updating.” (fixing bug 426708). The item should automatically appear or disappear (with the alert resizing appropriately) if the computer starts or stops using battery while the alert is open (fixing bug 426710).

The alert should have three buttons.

  • The main action, and default, should be “Install”; activating it should install the updates. Whenever the computer is not connected to the Internet, the button should be insensitive and have the tooltip “Not available because there is no Internet connection.”.

  • In the Cancel position should be “Cancel” if automatic checking is off, or “Remind Me Later” if it is on. (The button text should change automatically if automatic checking is turned on or off while the alert is open.) In the latter case, activating it should reset the timer for automatic checking for updates.

  • In the secondary action position should be “Settings…”. Activating it should leave the alert open, and non-modally open the Software Sources window to its Updates tab.

What happens if you open it manually while updates are downloading?

What happens if you get disconnected from the Internet while the alert is open?

What is the rationale behind telling the user that a restart will be required after updates have been installed? As I've mentioned on the ayatana list I feel this offers no benefits to the user, while possibly putting users off performing updates (particularly if they are in the middle of a task). -- funkyhat 2010-09-06 13:45:56

Expanded presentation of updates

Activating “Details of updates” should expand the window to accommodate the list of updates.

updates-list.png

The Updates Available window should be manually resizable only when it is in this expanded state. It should remember its previous expanded size, but by default should be the same width as when not expanded, and tall enough to show six items in the list, with a minimum height of three items.

Only if any of the updates are security updates, the updates should be listed in two sections, “Security updates” and “Other updates”, each with a checkbox with bold label. The state of the checkbox should reflect and change the state of the update checkboxes in that section: ☑ checked if they all are, ☐ unchecked if none of them are, and ⊟ indeterminate otherwise.

In the list, updateable packages should be in expandable groups (Brainstorm 14205), all collapsed by default:

  1. An “application” is any package that has a .desktop file. Any application that has an update should have its own item. If that application is the only updateable installed package that (recursively) depends on, or (recursively) recommends, another updateable package, the application should be shown as an expandable group containing that other package as well as the application package itself.

  2. Any other package that is not part of “Ubuntu base” should be presented by itself, not in any group.
  3. The base package is (a) ubuntu-desktop if it is installed, otherwise (b) the alphabetically first of any of the metapackages listed in /usr/share/ubuntu-release-upgrader/DistUpgrade.cfg that are installed (for example, kubuntu-desktop or ubuntustudio-desktop), otherwise (c) ubuntu-desktop even though it isn’t installed. Any updateable package not already shown in the list of updates, that is a (recursive) dependency and/or recommendation of the base package, and/or of ubuntu-standard and/or ubuntu-minimal, should be shown in an “Ubuntu base” or equivalently named group. This group should have distributor-logo (e.g. the Ubuntu logo) as its icon.

The list of updates should have three columns by default: an unlabelled restart-required column, an “Install” column, and a “Download” column. For each update or group of updates:

  • If it will require restarting the computer, the first column should contain a restart icon. This icon should line up exactly with the restart icon used for the secondary text below the list.
  • The “Install” column should contain:
    • an expander (always collapsed initially) for each top-level update where any of that package’s dependencies also have updates, or a blank space otherwise;
    • a checkbox, checked by default, for whether the update or group of updates will be installed (using indeterminate state if the checkbox is for a group where only some of the updates are checked);
    • the icon for the package, except that currently-installed packages should not have the usual installed emblem (because it’s noisy and uninteresting that nearly all updates are to already-installed packages);

    • the title of the update.

  • The “Download” column should contain a check mark “✓” (with accessible label “downloaded”) if the update has already downloaded, and the size to one decimal place (e.g. “7.1 MB”, “883.0 KB”) if it has not.

Future work: The ability to turn on “Codename”, “Installed Version”, and/or “Available Version” columns?

Below the list of updates should be another expander, “Technical description”, which is always collapsed initially. Expanding it should reveal a pane describing the selected update.

Installing

install-progress-morphing.jpg

If you activate “Install Now”, the alert should morph into a progress window.

install-progress.jpg

The title of the window should be “Software Updater”, and the primary text should be “Installing updates…”. The button should read “Cancel” until the first update actually starts installing, and “Stop” thereafter; it should be insensitive whenever the update process does not allow stopping safely.

If you choose to restart or shut down the computer while updates are installing, regardless of whether they are installing in the progress window or in the background, then:

  • all updates after the current one should be postponed;
  • for as long as the current update takes to finish installing, the Plymouth shutdown screen should contain the centered text “Ubuntu needs to finish installing an update. One moment, please…”

After installing

If one or more of the updates require restarting the computer, and the progress window is open, it should morph into an alert explaining this. If the progress window was not open (because updates were being installed in the background), the alert should open separately. The alert should have a minimize button but no maximize or close button, the same as in all other stages of the update process.

requires-restart.png

(If you want to restart now, you can click the button; otherwise, you can minimize the alert.)

And if one or more of the updates require logging out, the logout-required alert should appear for every user currently logged in graphically (except the user who installed the updates, if any of them also require restart).

requires-logout.png

Otherwise, if updates were completed successfully, and the progress window is open, it should morph into the same alert as is used after a manual check where the system is already up to date.

up-to-date.jpg

Installing updates automatically when you can’t login

Ubuntu should try to download and install updates automatically if there is a problem that allows Ubuntu startup but prevents logging in — whether it causes a kernel panic, an X crash, or simply a logout — and “Install updates automatically if a problem prevents login” is checked in the settings.

Upgrading to a new Ubuntu version

upgrade-available.png upgrade-required.png

If no updates are available but a new version of Ubuntu is, the alert should have “Upgrade…” and “OK” buttons (replacing the separate “Ubuntu {version} Upgrade Available” dialog), and text depending on the situation:

  • If the system is up to date, the primary text should be “The software on this computer is up to date.” and the secondary text “However, Ubuntu {version} is now available (you have {version}).”
  • If the system is obsolete, the primary text should be “Software updates are no longer provided for Ubuntu {version}.”, and the secondary text “To stay secure, you should upgrade to Ubuntu {version}.”

Test case: From a released version of Ubuntu, at a terminal enter check-new-release-gtk -d or update-manager -cd.

If you choose “Upgrade…”, Ubuntu should begin the release upgrade process.

When Software Updater is visible in any state, even just an alert box, it should have these menus.

_File
=====
  Check For Updates  Ctrl R
----------------------------
  Updates History    Ctrl H

“Check For Updates” should always be sensitive, except when a check is currently in progress. It should check again for updates without closing and reopening Software Updater.

_Edit
=====
  Undo                   Ctrl Z
  Redo             Shift Ctrl Z
--------------------------------
  Copy                   Ctrl C
  Select All             Ctrl A
  Select None      Shift Ctrl A
--------------------------------
  Find…                  Ctrl F
--------------------------------
  Software & Updates Settings…

“Undo” and “Redo” should be sensitive only when there is a selection or deselection that can be undone or redone, respectively.

“Copy” should be sensitive whenever any update or detail text is selected.

“Select All” and “Select None” should be sensitive whenever at least one update is available (fixing bug 878203).

_Help
=====
  _Help Using Software Updater
--------------------------------
  _About Software Updater

User stories

  • Sam is a college student who has recently migrated from to Windows XP to Ubuntu because he was fed up with adult sites installing spyware on his computer. The reason he had so much trouble with spyware was that XP kept on popping up balloons in the corner of the screen to tell him about security updates, but he closed them because that was the easiest thing to do. A few weeks after he installs Ubuntu, there is an important security update to Firefox.
  • A computer running Ubuntu unattended is being used as part of a shop-window display. While the machine was still connected to the Internet, the window dresser cancelled a software update reminder.
  • Helen is happily using Ubuntu 10.10 when it tells her that Ubuntu 11.04 has been released. Before she upgrades, she has some basic questions. What will the upgrade do? How long will it take? How much will it cost? Will she lose any of her files? What should she do if something goes wrong?

Design considerations

  • The easiest path should be to install updates.
  • That Ubuntu updates are split into individual packages is an irrelevant detail that must not be exposed by default. For example, Microsoft ExpertZone’s “Comparing Windows 7 to Linux” retail course claims: “Linux can require a lot of time to maintain. For example, Ubuntu (a variety of Linux) may have hundreds of updates per month.” [screenshot from Overclock.net]

  • Checking for updates should not be confused with downloading updates. For example, one netbook purchaser wondered why Update Manager said it was downloading the same 91 updates every time, because she thought the updates were actually being downloaded. [Dave Morley]
  • Checking for, and installing, updates should not consume large amounts of bandwidth per month — especially when on mobile broadband.

Overall approaches considered

The ideal situation would be that Ubuntu never needs updates at all. However, our development process does not allow for that (and if it did, probably we would have no users).

The next best situation would be for updates to be completely automatic, as they are in Chrome and as they will be in Chrome OS. Unfortunately, large organizations using Ubuntu would likely object to this on several grounds, including bandwidth and retraining costs. However, we should minimize the interactivity of updates, by encouraging people to download updates in the background and/or install them during shutdown.

In Ubuntu 8.10 and earlier, we used a notification area icon to advertise updates, with a notification balloon initially pointing to it. This worked poorly — because an icon that small could never communicate, to a usefully large proportion of people, something as bureaucratic as software update availability. The notification balloon was necessary to explain the icon, but was annoying because it floated on top of every other window, and is basically incompatible with our new notification model.

Since before the initial release of Ubuntu Software Center, we have considered integrating updates into that interface instead of having a dedicated interface. However, this turns out to be less compelling than it might first appear. It is not a serious use case to be reminded of updates and to decide, upon that reminder, to install or remove other software at the same time. And the extra quantity of interface in Ubuntu Software Center would be quite distracting when trying to persuade people to install security updates (especially if they’ve never needed to install extra applications at all).

However, Ubuntu Software Center is a good place to offer optional, non-urgent application updates, where they can be presented for individual selection.

The reverse case is also practical. When you are manually installing new software, bundling any pending updates along with it reduces the need to interrupt you later. We can achieve this by presenting the download and installation process in Ubuntu Software Center, while still doing the basic prompt in a separate interface for consistency with other update situations.

The current design includes many ideas from a cognitive walkthrough and design session at UDS Jaunty. And Sparkle, a third-party framework (hosted in Launchpad) for updating Mac applications, provides inspiration on how to present updates in a clear and understandable way.

Ideas

The process of keeping Ubuntu up to date has many steps, involving software, hardware, and human factors. There are potential opportunities at each step to increase the proportion of people who have secure and up-to-date software.

In order from source to destination:

  • Issue fewer updates.
    • Engineer software to be less buggy to begin with.
    • Stop issuing “no-change rebuild” updates.
    • Aggregate same-package updates into a single release more often.
  • Make checking for updates faster.
    • Check for security updates every day. But check for non-security updates only (a) at the scheduled interval (e.g. a week) after the last check, (b) when security updates are available, or (c) on manual launching, whichever is earlier. [vish]

    • Reduce the amount of data that needs to be downloaded to check for updates.
      • Make mirrors smarter so that they can report just those packages that have been updated since the last check. [~mark-k]
  • Reduce the urgency of updates.
    • Reduce the proportion of security problems that require critical updates (defense in depth).

    • Wait for longer by default before interrupting about updates.
    • Don’t interrupt at all just for NotAutomatic updates.

  • Persuade people to agree to installing updates more often.
    • Reduce the proportion of updates that require a restart.
    • Aggregate different-package updates requiring a restart more often.
    • Improve the updates-available alert.
    • Introduce credible human-readable descriptions for updates.
  • Install updates more often at the same time as other interruptions.
  • Install updates more often in the background.
    • Install more updates in the background by default.
    • Make it easier to set updates to install in the background.

  • Reduce the download size.
    • Use bsdiff, Courgette, or a similar binary diff system.

    • Stop requiring an update to -data and other dependent packages when an application gets a minor update.

  • Increase the download speed.
    • Increase the number and speed of mirrors.

    • Automate mirror testing.

    • Download updates from nearby computers using apt-p2p (bug 533416), debtorrent, or similar.

    • Ease downloading an update once for multiple computers you administer.
    • Download multiple updates simultaneously when appropriate (bug 275994, bug 313685).

  • Increase the installation speed.
    • Install the first update while the second is downloading (bug 313680).

      • Then download smaller updates first so that the installation process can start sooner (bug 209681).

    • Increase the speed of restarts (bug 802065).

To know whether any of these techniques are effective, we also need to collect statistics on how many people install updates how quickly. [Oli Warner]

More prominent option to install updates in the background

If fixing the existing settings did not result in as many people installing security updates in the background as we think should do so, we could add an extra checkbox to the alert itself whenever it appears for security updates.

updates-initial-with-background-option.png

The checkbox would be checked whenever “When there are security updates:” is set to “Download and install automatically” (so it would be unchecked by default), and would track that setting even if it was changed while the alert was open.

The icon-only help button would open a short help page describing the benefits and drawbacks of installing security updates in the background. The same help button would be present on the trailing side of the “When there are security updates:” menu in the settings (unless another help button is present in the window when those settings are shown).

Unresolved issues

  • What should happen with various HTTP errors?
  • How do distinguish security updates from other updates?
  • https://wiki.ubuntu.com/NotifyOSD#software-sources

  • Whether an update will require restarting, logging out, or restarting an application, should be presented before you choose to install it. How will we know this?

  • How should automatic installation interact with interactive installation and the various session commands?
  • Update Manager currently uses headings to separate “Security Updates”, “Distribution Updates”, “Recommended Updates”, “Other Updates (LP-PPA-something)”, etc. Is this necessary, and if so, how should it be presented?
    • In terms of distinguishing, security updates are to be distinguished from the rest in preferences, so they should be distinguished in the UI. The difference between distribution updates and recommended updates isn't important—I've been using Ubuntu since Jaunty and don't know the difference, but I've gotten along just fine. Other updates might be important, but I don't really think so—why should I care where caffeine came from, or whether an Ubuntu repo or a PPA has the latest version of GIMP or Firefox? —zpletan

SoftwareUpdates (last edited 2019-04-14 16:59:44 by mpt)