admin/modules/automatic-update-extensions do not sohw up

Thanks for this detailed bug report! I notice that you are using Windows Subsystem for Linux, which we theoretically support, but don't test with, largely 'cause (AFAIK) GitLab CI doesn't support it.

This is definitely worth investigating, if one of us can rustle up a Windows machine.

This is not the WSL, I am not sure. The part of the error message that is a mystery to me is

... failed.\n\nExit Code: 2(Misuse of shell builtins)

Maybe the code to execute Composer validate is currently being passed incorrectly

Refferences:

1. https://access.redhat.com/solutions/196563
2, https://tldp.org/LDP/abs/html/exitcodes.html

Well,

I sat down again and did a bit of debugging. Since Adam suspected that it could be the Windows subsystem for Linux. Instead of Ubuntu in my WSL, I spawned a Debiaian container. Ta-da, suddenly the WSOD is gone. If I can now find out whether the Ubuntu provided for WSL uses a different Bash version than Debian 12 bookworm, which is what I'm currently using, then that would confirm the theory that this is a bug related to Bash. That wouldn't be good, because we can't tell every host out there which Bash version to install to make the Automatic Update Module work. However, it will take some time before I have a final result. I'll be in touch again then.
By the way, I installed exactly the same packages and modules on Debian as listed above. I even used the same package source.

Debian Linux JosPC 5.15.167.4-microsoft-standard-WSL2 #1 SMP Tue Nov 5 00:21:55 UTC 2024 x86_64 GNU/Linux
Bash Version
bash --version
GNU bash, version 5.2.15(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Update will follow as soon as I have reinstalled Ubuntu 22.04 and checked the Bash version and the behavior on the Drupal page mentioned above.

reopened the issue because I got this even on a regular Ubuntu Server without WSL so that still seems to be valid.

I think this is almost certainly an issue specific to your installation of Drupal. Having said that, with a truncated error message to work, I unfortuately can't pinpoint the problem.

If you're able to SSH into your server, can you try running the following at the command line, and paste the full output here?

/usr/bin/composer validate --check-lock --no-check-publish --with-dependencies --no-ansi --working-dir=/var/www/cms

(tl;dr: This is may be some syntax issue with composer.json or composer.lock, if it's the same error that you mentioned in the issue summary)

hm, I did that and it seems to me that everyting looks fine when I execute that via ssh only.

That is the reason why I reopened the Issue. I have no intention of annoying anyone with this, I would much rather know why the error message regarding the readiness test simply cannot be eliminated.

Because when you execute that via ssh everyting is fine. But when I try to re run redyness checks via the status report page link drupal is telling me that there is an error.

I updated the site with composer so now it is Drupal 11.16 with all latest module versions. But the rediness check still fails and the message simply does not give me any indication as to which requirement is not met so that the readiness check can pass again without errors. To be honest, I am a little at a loss.

In the meantime, I have also moved the page from the WSL to a normal web server with Ubuntu 24.04.2 LTS, PHP 8.3.20 (cli) (built: Apr 10 2025 21:33:50) and Mysql Ver 15.1 Distrib 10.11.11-MariaDB. The error message appears there as well.

That is the reason why I reopened that issue. Here is the output from the command mentioned in #9

🕙[ 21:46:36 ] onUbuntu ➜ /usr/bin/composer validate --check-lock --no-check-publish --with-dependencies --no-ansi --working-dir=/var/www/cms
./composer.json is valid, but with a few warnings
See https://getcomposer.org/doc/04-schema.md for details on the schema
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/project_browser : unbound version constraints (@beta) should be avoided
- require.drupal/webform : unbound version constraints (@beta) should be avoided
asm89/stack-cors is valid
carbonphp/carbon-doctrine-types is valid
chi-teck/drupal-code-generator is valid
clue/stream-filter is valid
commerceguys/addressing is valid
composer/installers is valid
composer/semver is valid
composer/spdx-licenses is valid
consolidation/annotated-command is valid
consolidation/config is valid
consolidation/filter-via-dot-access-data is valid
consolidation/log is valid
consolidation/output-formatters is valid
consolidation/robo is valid
consolidation/site-alias is valid
consolidation/site-process is valid
davedevelopment/stiphle is valid
dflydev/dot-access-data is valid
doctrine/annotations is valid
doctrine/collections is valid
doctrine/deprecations is valid
doctrine/inflector is valid
doctrine/lexer is valid
dragonmantank/cron-expression is valid
drupal/add_content_by_bundle is valid
drupal/address is valid
drupal/addtocal_augment is valid
drupal/ai is valid, but with a few warnings
# General warnings
- No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
drupal/ai_agents is valid
drupal/ai_image_alt_text is valid
drupal/ai_provider_anthropic is valid, but with a few warnings
# General warnings
- require.wpai-inc/anthropic-sdk-php : unbound version constraints (>=0.1.0) should be avoided
drupal/ai_provider_openai is valid, but with a few warnings
# General warnings
- require.openai-php/client : unbound version constraints (>=v0.10.1) should be avoided
drupal/attribution is valid, but with a few warnings
# General warnings
- License "GPL-2-or-later" is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.
If the software is closed-source, you may use "proprietary" as license.
drupal/autocomplete_deluxe is valid
drupal/automatic_updates is valid
drupal/autosave_form is valid
drupal/better_exposed_filters is valid
drupal/book is valid
drupal/bpmn_io is valid
drupal/captcha is valid
drupal/checklistapi is valid
drupal/coffee is valid
drupal/content_planner is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/core is valid
drupal/core-composer-scaffold is valid
drupal/core-project-message is valid
drupal/crop is valid
drupal/ctools is valid
drupal/custom_book_block is valid
drupal/dashboard is valid
drupal/drupal_cms_accessibility_tools is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.3) should be avoided
drupal/drupal_cms_admin_ui is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.3) should be avoided
drupal/drupal_cms_ai is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_anti_spam is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_authentication is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.3) should be avoided
drupal/drupal_cms_blog is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_case_study is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_content_type_base is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_events is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_forms is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_google_analytics is valid, but with a few warnings
# General warnings
- No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_image is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_news is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_olivero is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
drupal/drupal_cms_page is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_person is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_privacy_basic is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_project is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_remote_video is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_search is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_seo_basic is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_seo_tools is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/drupal_cms_starter is valid, but with a few warnings
# General warnings
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/easy_breadcrumb is valid
drupal/easy_email is valid
drupal/easy_email_express is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/easy_email_standard is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/easy_email_text_format is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/easy_email_types_core is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/easy_email_types_default is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/eca is valid
drupal/editoria11y is valid
drupal/estimated_read_time is valid
drupal/field_group is valid
drupal/filter_perms is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/focal_point is valid
drupal/friendly_captcha_challenge is valid
drupal/friendlycaptcha is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
- require.drupal/captcha : unbound version constraints (>=1 || <=2) should be avoided
drupal/geocoder is valid
drupal/geofield is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/gin is valid
drupal/gin_login is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/gin_toolbar is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/google_tag is valid
drupal/honeypot is valid
drupal/jquery_ui_autocomplete is valid, but with a few warnings
# General warnings
- No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
drupal/jquery_ui_button is valid, but with a few warnings
# General warnings
- No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
drupal/jquery_ui_checkboxradio is valid, but with a few warnings
# General warnings
- No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
drupal/jquery_ui_controlgroup is valid, but with a few warnings
# General warnings
- No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
drupal/jquery_ui_datepicker is valid, but with a few warnings
# General warnings
- No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
drupal/jquery_ui_menu is valid, but with a few warnings
# General warnings
- No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
drupal/jquery_ui_resizable is valid, but with a few warnings
# General warnings
- No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
drupal/key is valid
drupal/klaro is valid, but with a few warnings
# General warnings
- No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
drupal/klaro_js is valid
drupal/leaflet is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/linkit is valid
drupal/login_emailusername is valid
drupal/mailsystem is valid
drupal/media_library_importer is invalid, the following errors/warnings were found:
# General errors
- name : Does not match the regex pattern ^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]|-{1,2})?[a-z0-9]+)*$
- name : Media Library Importer is invalid, it should have a vendor name, a forward slash, and a package name. The vendor and package name can be words separated by -, . or _. The complete name should match "^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9](([_.]?|-{0,2})[a-z0-9]+)*$".
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/media_thumbnails is valid
drupal/media_thumbnails_video is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
- require.drupal/media_thumbnails : unbound version constraints (>=2.0) should be avoided
- require.php-ffmpeg/php-ffmpeg : unbound version constraints (>=0.14.0) should be avoided
drupal/menu_link_attributes is valid
drupal/metatag is valid
drupal/moderation_sidebar is valid
drupal/module_filter is valid
drupal/nouislider_js is valid, but with a few warnings
# General warnings
- License "MIT License" is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.
If the software is closed-source, you may use "proprietary" as license.
drupal/pathauto is valid, but with a few warnings
# General warnings
- require.drupal/token : unbound version constraints (*) should be avoided
- require.drupal/ctools : unbound version constraints (*) should be avoided
drupal/plyr is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/prismjs is valid
drupal/project_browser is valid
drupal/queue_ui is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/reading_progress_bar is valid
drupal/recipe_installer_kit is valid, but with a few warnings
# General warnings
- require.drupal/core : unbound version constraints (>=10.4) should be avoided
drupal/redirect is valid
drupal/robotstxt is valid
drupal/sam is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/scheduler is valid, but with a few warnings
# General warnings
- Key _comment is a duplicate in /var/www/cms/web/modules/contrib/scheduler/composer.json at line 44
drupal/scheduler_content_moderation_integration is valid
drupal/search_api is valid
drupal/search_api_autocomplete is valid
drupal/search_api_exclude is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/selective_better_exposed_filters is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
drupal/seo_checklist is valid
drupal/simple_sitemap is valid
drupal/sitemap is valid
drupal/smart_date is valid
drupal/smart_trim is valid
drupal/svg_image is valid
drupal/symfony_mailer_lite is valid
drupal/tagify is valid
drupal/token is valid
drupal/token_or is valid
drupal/trash is valid
drupal/views_slick_animate is valid, but with a few warnings
# General warnings
- License "MTL" is not a valid SPDX license identifier, see https://spdx.org/licenses/ if you use an open license.
If the software is closed-source, you may use "proprietary" as license.
drupal/webform is valid
drupal/yoast_seo is valid
drush/drush is valid
egulias/email-validator is valid
enshrined/svg-sanitize is valid
evenement/evenement is valid
geocoder-php/common-http is valid
geocoder-php/nominatim-provider is valid
goalgorilla/rtseo.js is valid, but with a few warnings
# General warnings
- License "GPL-3.0" is a deprecated SPDX license identifier, use "GPL-3.0-only" or "GPL-3.0-or-later" instead
- The version field is present, it is recommended to leave it out if the package is published on Packagist.
grasmash/expander is valid
grasmash/yaml-cli is valid
guzzlehttp/guzzle is valid
guzzlehttp/promises is valid
guzzlehttp/psr7 is valid
html2text/html2text is valid
illuminate/collections is valid
illuminate/conditionable is valid
illuminate/contracts is valid
illuminate/macroable is valid
illuminate/support is valid
itamair/geophp is valid, but with a few warnings
# General warnings
- License "GPL-2.0+" is a deprecated SPDX license identifier, use "GPL-2.0-or-later" instead
laravel/prompts is valid
league/commonmark is valid
league/config is valid
league/container is valid
league/html-to-markdown is valid
masterminds/html5 is valid
mck89/peast is valid
mtownsend/read-time is valid
mtownsend/xml-to-array is valid
nesbot/carbon is valid
nette/schema is valid
nette/utils is valid
nikic/php-parser is valid
openai-php/client is valid, but with a few warnings
# General warnings
- require.psr/http-factory-implementation : unbound version constraints (*) should be avoided
pear/archive_tar is valid
pear/console_getopt is valid
pear/pear-core-minimal is valid
pear/pear_exception is valid
phootwork/collection is valid
phootwork/lang is valid
php-ffmpeg/php-ffmpeg is valid
php-http/discovery is valid
php-http/guzzle7-adapter is valid
php-http/httplug is valid
php-http/message is valid
php-http/multipart-stream-builder is valid
php-http/promise is valid
php-tuf/composer-stager is valid
phpowermove/docblock is valid
psr/cache is valid
psr/clock is valid
psr/container is valid
psr/event-dispatcher is valid
psr/http-client is valid
psr/http-factory is valid
psr/http-message is valid
psr/log is valid
psr/simple-cache is valid
psy/psysh is valid
ralouphie/getallheaders is valid
revolt/event-loop is valid
sebastian/diff is valid
simshaun/recurr is valid
spatie/temporary-directory is valid
symfony/cache is valid
symfony/cache-contracts is valid
symfony/clock is valid
symfony/console is valid
symfony/css-selector is valid
symfony/dependency-injection is valid
symfony/deprecation-contracts is valid
symfony/error-handler is valid
symfony/event-dispatcher is valid
symfony/event-dispatcher-contracts is valid
symfony/filesystem is valid
symfony/finder is valid
symfony/http-foundation is valid
symfony/http-kernel is valid
symfony/mailer is valid
symfony/mime is valid
symfony/polyfill-ctype is valid
symfony/polyfill-iconv is valid
symfony/polyfill-intl-grapheme is valid
symfony/polyfill-intl-idn is valid
symfony/polyfill-intl-normalizer is valid
symfony/polyfill-mbstring is valid
symfony/polyfill-php80 is valid
symfony/polyfill-php81 is valid
symfony/polyfill-php83 is valid
symfony/polyfill-php84 is valid
symfony/process is valid
symfony/psr-http-message-bridge is valid
symfony/routing is valid
symfony/serializer is valid
symfony/service-contracts is valid
symfony/string is valid
symfony/translation is valid
symfony/translation-contracts is valid
symfony/validator is valid
symfony/var-dumper is valid
symfony/var-exporter is valid
symfony/yaml is valid
tijsverkoyen/css-to-inline-styles is valid
twig/twig is valid
voku/portable-ascii is valid
webmozart/assert is valid
willdurand/geocoder is valid
wpai-inc/anthropic-sdk-php is valid
yethee/tiktoken is valid

So I tried everything now. Even switching the whole server from Ubuntu 22.04 to Debian bookworm 12. And the error persists. So it is very unlikely that 3 different systems are all misconfigured. So what can I do to get automatic update to find Composer. That's very seldom

Well, this is a tricky one. If it's the same issue about composer validate failing when Package Manager runs it, then it's honestly hard to say without getting the full error.

You could try hacking Package Manager to write the full output of the error to a file, which you could then attach to this issue. It's maddening that it doesn't seem to happen if you run the same damn command at the command line, though!

This is a support issue until it's proven that it's an actual bug in Automatic Updates or Package Manager.

I know. I do not have a clue how to prove it. Suppose someone comes across this and has some Ubuntu/Debian server where Drupal Cms is running and automatic updates are enabled. Tell me if you got the same error when automatic updates is enabled. I posted that issue in case it doesn't happen exclusively when I set up a server.

So that Drupal CMS and automatic updates could be used on Ubuntu and Debian, too. So maybe someone tries to set up Drupal CMS on Ubuntu 22.04 with Drupal Core 11.6 and composer in /usr/local/bin.

I turned the module off for now, but maybe it's not just me getting this.