In the “Software” system tool I have automatic updates disabled, but somehow I still see flatpak updates happening, sometimes with disasterous results (e.g., an incompatible version of KiCad getting automatically installed). The latest update (fortunately benign) occurred at 6:30 AM today according to the ctimes of files in /var/lib/flatpak. How do I stop this? My “nuclear” option would be to put /var/lib/flatpak on a separate filesystem and mount it read-only, but that’s likely to cause other issues.
Starting down the rabbit hole …
At about 6:49 AM each day, PackageKit, running under my UID, attempts to run org.freedesktop.packagekit.system-sources-refresh, which then runs flatpak-system-helper.service. Oddly, “systemctl list-units -t service --all” lists no such service, even though the service file exists in /usr/lib/systemd/system/.
Mar 7 06:49:01 omega-3x PackageKit[2770]: uid 1000 is trying to obtain org.freedesktop.packagekit.system-sources-refresh auth (only_trusted:0)
Mar 7 06:49:01 omega-3x PackageKit[2770]: uid 1000 obtained auth for org.freedesktop.packagekit.system-sources-refresh
Mar 7 06:49:21 omega-3x gnome-software[1358131]: libostree pull from 'flathub' for appstream2/x86_64 complete#012security: GPG: summary+commit #012security: SIGN: disabled http: TLS#012non-delta: meta: 7 content: 5#012transfer: secs: 0 size: 8.3 MB
Mar 7 06:49:21 omega-3x gnome-software[1358131]: /var/tmp/flatpak-cache-9LHL22/repo-Col8yk: Pulled appstream2/x86_64 from flathub
Mar 7 06:49:21 omega-3x dbus-daemon[1280]: [system] Activating via systemd: service name='org.freedesktop.Flatpak.SystemHelper' unit='flatpak-system-helper.service' requested by ':1.67344' (uid=1000 pid=1358131 comm="/usr/bin/gnome-software --gapplication-service " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023")
Mar 7 06:49:21 omega-3x systemd[1]: Starting flatpak system helper...
Mar 7 06:49:21 omega-3x dbus-daemon[1280]: [system] Successfully activated service 'org.freedesktop.Flatpak.SystemHelper'
Mar 7 06:49:21 omega-3x systemd[1]: Started flatpak system helper.
OK, nothing got updated this time, but this is the time of day that the unwanted updates occur. I don’t know how this gets started, or how to stop it.
FWIW, here’s the service file for the service that does not exist, but apparently can be run anyway:
# cat /usr/lib/systemd/system/flatpak-system-helper.service
[Unit]
Description=flatpak system helper
[Service]
BusName=org.freedesktop.Flatpak.SystemHelper
Environment=XDG_DATA_DIRS=/var/lib/flatpak/exports/share/:/usr/local/share/:/usr/share/
ExecStart=/usr/libexec/flatpak-system-helper
Type=dbus
IOSchedulingClass=idle
# systemctl list-units -t service --all | grep -i flat
#
At this point, a quote from Edgar Allen Poe’s The Pit and the Pendulum comes to mind,
“Disgust for which the world has no name swelled in my bosom.”
I was going to comment yesterday, but was hoping it wasn’t this.
I don’t use flatpak, but I ran into this after updating to Rocky 9.5 where it started to offer to install updates (which I don’t want), and traced it to the same thing.
In my case I ended up uninstalling Gnome Software, and Packagekit.
Some of these “dbus” services are a bit confusing, different to normal systemd services, and run in the per user context.
Thanks. I’m not sure just what else might be affected if I uninstall PackageKit, so I’ll try just masking packagekit.service. I see that it would make Gnome Software unusable, and that might seem like “no big loss,” but I think it leaves me with no way at all to learn about updates to flatpak installations or actually perform those updates when I want to.
Another possibility would be to put /var/lib/flatpak on a separate filesystem and mount that read-only. I can try that and see what else it breaks. I’ve got to do something, since a fatpak includes what is pretty much a whole OS and services, and any time one gets updated it turns my usual ~20 minute daily backup routine into a 2+ hour job.