unattended-upgrades hangs on shutdown, leaves system in a broken state

apport information

apport information

apport information

apport information

apport information

This is not a bug in unattended-upgrades, but u-u triggers the problem in many packages which are not able to install/upgrade during a system shutdown.

Helper scripts in init-system-helpers must not start services when maintainer scripts are executed during shutdown and maintainer scripts must use helper scripts and not call systemct and friends directly to start services.

Snapd for example calls systemctl start "$unit" in postinst.

Thank you for the bug report. I marked it "Confirmed for u-u" to not let it disappear, but u-u is just triggering the issue and it can't be fixed in u-u.

An approximation of the packages that need to be fixed individually are listed here:
https://lintian.debian.org/tags/maintainer-script-calls-systemctl.html

The fix for LP: #1654600 in addition to making u-u keep /var mounted also made u-u perform the upgrades in ExecStop that causes hanging when an upgrade would start/stop services.

This bug was fixed in the package unattended-upgrades - 1.5ubuntu2

---------------
unattended-upgrades (1.5ubuntu2) cosmic; urgency=medium

  * Reopen Cache after commit() even when frontend locking is supported.
    This fixes build and operation with latest python-apt.

 -- Balint Reczey <email address hidden> Tue, 28 Aug 2018 15:46:25 +0200

The hang can also occur when unattended-upgrades is started by apt's timer (u-u is modified to help hitting it at the right time):

$ cat reproduce-apt-ran-uu.sh
#!/bin/sh

set -e

apt update
apt upgrade -y
echo 'Unattended-Upgrade::Allowed-Origins:: "${distro_id}:${distro_codename}-updates";' > /etc/apt/apt.conf.d/51unattended-upgrades-updates-too
case $(lsb_release -c -s) in
    bionic)
        apt install --allow-downgrades -y apport=2.20.9-0ubuntu7 snapd=2.32.5+18.04
        ;;
esac

grep -q 'sleep' /usr/bin/unattended-upgrade || sed -i 's/import atexit/import time\nimport atexit/;s/res = cache\.commit/time.sleep(5)\n res = cache.commit/' /usr/bin/unattended-upgrade

rm -f /var/lib/apt/periodic/u*
apt upgrade -d -y
service apt-daily-upgrade start &
sleep 7
reboot

@juliank In https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1690980/comments/50 you suggested inhibiting shutdown for the commit operations only in u-u, but IMO that would still leave the race condition open where the user can start shutdown between commits thus possibly hanging the system with the issue reported in this bug.

One option (1) would be u-u starting the inhibition at the beginning of its run via dbus, the other (2) would be apt.systemd.daily calling u-u with the systemd-inhibit wrapper.
2 would be cleaner and u-u would not have to grow dependency on Python3 dbus modules.

Apt.systemd.daily calling u-u with systemd-inhibit would not back shutdown for long on average since it is already unlikely to hit an upgrade with a shutdown, but in the worst case installing all bionic security updates can take 10-s of minutes. Again, this is a highly unlikely scenario, but if users are hitting that u-u could still get support for monitoring inhibited shutdown requests on dbus and gracefully stop without applying all updates.

https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/amd64/u/unattended-upgrades/20181010_011153_2b8c7@/log.gz

@juliank nevermind, i'm adding the inhibition support to u-u, thus apt does not need patching.

This affects Bionic reported on (LP: #1796376). It was only fixed for Cosmic.

I have tested w/ a test package of 'u-u' and it fixes the problem so far, but I have asked impacted user to give it a try as well for double-confirmation.

If it fixes the problem, I'll SRU it for Bionic.

- Eric

@slashd (and all) the fix caused regressions elsewhere and it is being partially reverted and the issue is fixed in a different way. Please don't backport the current fix.

The candidate for fixing the issue without the regressions introduced:
https://github.com/mvo5/unattended-upgrades/pull/148

Status changed to 'Confirmed' because the bug affects multiple users.

Hello Cs-gon, or anyone else affected,

Accepted unattended-upgrades into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.5ubuntu3.18.10.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Cs-gon, or anyone else affected,

Accepted unattended-upgrades into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Verified 1.1ubuntu1.18.04.7 on Bionic:

...
root@uu-shutdown-test:~# service unattended-upgrades status
● unattended-upgrades.service - Unattended Upgrades Shutdown
   Loaded: loaded (/lib/systemd/system/unattended-upgrades.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-11-28 16:06:14 UTC; 1s ago
     Docs: man:unattended-upgrade(8)
 Main PID: 230 (unattended-upgr)
    Tasks: 2 (limit: 4915)
   CGroup: /system.slice/unattended-upgrades.service
           └─230 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal

Nov 28 16:06:14 uu-shutdown-test systemd[1]: unattended-upgrades.service: Failed to reset devices.list: Operation not permitted
Nov 28 16:06:14 uu-shutdown-test systemd[1]: Started Unattended Upgrades Shutdown.
root@uu-shutdown-test:~# vi /etc/apt/sources.list
root@uu-shutdown-test:~# apt update
Hit:1 http://archive.ubuntu.com/ubuntu bionic InRelease
Get:2 http://security.ubuntu.com/ubuntu bionic-security InRelease [83.2 kB]
Get:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Fetched 247 kB in 0s (505 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
6 packages can be upgraded. Run 'apt list --upgradable' to see them.
root@uu-shutdown-test:~# echo 'Unattended-Upgrade::InstallOnShutdown "true";' > /etc/apt/apt.conf.d/51unattended-upgrades-on-shutdown
root@uu-shutdown-test:~# echo 'Unattended-Upgrade::Allowed-Origins:: "${distro_id}:${distro_codename}-updates";' > /etc/apt/apt.conf.d/51unattended-upgrades-updates-too
root@uu-shutdown-test:~#
root@uu-shutdown-test:~# apt install snapd=2.32.5+18.04
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
  libfreetype6
Use 'apt autoremove' to remove it.
The following packages will be DOWNGRADED:
  snapd
0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 6 not upgraded.
Need to get 12.2 MB of archives.
After this operation, 860 kB disk space will be freed.
Do you want to continue? [Y/n]
Get:1 http://archive.ubuntu.com/ubuntu bionic/main amd64 snapd amd64 2.32.5+18.04 [12.2 MB]
Fetched 12.2 MB in 0s (75.4 MB/s)
dpkg: warning: downgrading snapd from 2.34.2+18.04 to 2.32.5+18.04
(Reading database ... 28538 files and directories currently installed.)
Preparing to unpack .../snapd_2.32.5+18.04_amd64.deb ...
Unpacking snapd (2.32.5+18.04) over (2.34.2+18.04) ...
Setting up snapd (2.32.5+18.04) ...
Installing new version of config file /etc/apparmor.d/usr.lib.snapd.snap-confine.real ...
Installing new version of config file /etc/profile.d/apps-bin-path.sh ...
snapd.snap-repair.service is a disabled or a static unit, not starting it.
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
root@uu-shutdown-test:~# unattended-upgrade --download-only
root@uu-shutdown-test:~# dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1 "org.freedesktop.login1.Manage...

Verified 1.5ubuntu3.18.10.0 on cosmic with installing apport, rather than snapd:

...
root@uu-shutdown-test:~# echo 'Unattended-Upgrade::InstallOnShutdown "true";' > /etc/apt/apt.conf.d/51unattended-upgrades-on-shutdown
root@uu-shutdown-test:~# echo 'Unattended-Upgrade::Allowed-Origins:: "${distro_id}:${distro_codename}-updates";' > /etc/apt/apt.conf.d/51unattended-upgrades-updates-too
root@uu-shutdown-test:~# unattended-upgrade --download-only
root@uu-shutdown-test:~# dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1 "org.freedesktop.login1.Manager.Reboot" boolean:false
method return time=1543423811.418244 sender=:1.4 -> destination=:1.27 serial=81 reply_serial=2
root@uu-shutdown-test:~#
Session terminated, terminating shell... ...terminated.
rbalint@yogi:~$ lxc shell uu-shutdown-test
mesg: ttyname failed: No such device
root@uu-shutdown-test:~# cat /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
Log started: 2018-11-28 16:50:13
(Reading database ... 28278 files and directories currently installed.)
Preparing to unpack .../apport_2.20.10-0ubuntu13.1_all.deb ...
Unpacking apport (2.20.10-0ubuntu13.1) over (2.20.10-0ubuntu13) ...
Processing triggers for systemd (239-7ubuntu10.4) ...
Setting up apport (2.20.10-0ubuntu13.1) ...
apport-autoreport.service is a disabled or a static unit, not starting it.
Processing triggers for man-db (2.8.4-2) ...
Log ended: 2018-11-28 16:50:16

Installing apport locked up during shutdown when downgrading u-u to 1.4ubuntu2. Latest unfixed u-u in cosmic does not lock up because the system shuts down earlier with u-u still running (LP: #1803137), but this is fixed, too.

This bug was fixed in the package unattended-upgrades - 1.5ubuntu3.18.10.0

---------------
unattended-upgrades (1.5ubuntu3.18.10.0) cosmic; urgency=medium

  * Revert to running unattended-upgrades.service in multi-user.target
  * Trigger unattended-upgrade-shutdown actions with PrepareForShutdown()
    Performing upgrades in service's ExecStop did not work when the upgrades
    involved restarting services because systemd blocked other stop/start
    actions making maintainer scripts time out and be killed leaving a broken
    system behind.
    Running unattended-upgrades.service before shutdown.target as a oneshot
    service made it run after unmounting filesystems and scheduling services
    properly on shutdown is a complex problem and adding more services to the
    mix make it even more fragile.
    The solution of monitoring PrepareForShutdown() signal from DBus
    allows Unattended Upgrade to run _before_ the jobs related to shutdown are
    queued thus package upgrades can safely restart services without
    risking causing deadlocks or breaking part of the shutdown actions.
    Also ask running unattended-upgrades to stop when shutdown starts even in
    InstallOnShutdown mode and refactor most of unattended-upgrade-shutdown to
    UnattendedUpgradesShutdown class. (LP: #1778219, LP: #1803137)
  * Handle reverting to WantedBy=multi-user.target
  * Increase logind's InhibitDelayMaxSec to 30s.
    This allows more time for unattended-upgrades to shut down gracefully
    or even install a few packages in InstallOnShutdown mode, but is still a
    big step back from the 30 minutes allowed for InstallOnShutdown previously.
    Users enabling InstallOnShutdown mode are advised to increase
    InhibitDelayMaxSec even further possibly to 30 minutes.
  * Cache polling result for PreparingForShutdown after it becomes true
  * debian/tests/test-systemd.py: Reboot system with dbus call to honor
    inhibitor locks
  * Add NEWS entry about increasing InhibitDelayMaxSec and InstallOnShutdown
    changes
  * Stop using ActionGroups, they interfere with apt.Cache.clear()
    causing all autoremovable packages to be handled as newly autoremovable ones
    and be removed by default. Dropping ActionGroup usage does not slow down the
    most frequent case of not having anything to upgrade and when ther are
    packages to upgrade the gain is small compared to the actual package
    installation.
    Also collect autoremovable packages before adjusting candidates because that
    also changed .is_auto_removable attribute of some of them. (LP: #1803749)
    (Closes: #910874)

 -- Balint Reczey <email address hidden> Mon, 26 Nov 2018 12:28:55 +0100

The verification of the Stable Release Update for unattended-upgrades has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package unattended-upgrades - 1.1ubuntu1.18.04.7

---------------
unattended-upgrades (1.1ubuntu1.18.04.7) bionic; urgency=medium

  * Trigger unattended-upgrade-shutdown actions with PrepareForShutdown()
    Performing upgrades in service's ExecStop did not work when the upgrades
    involved restarting services because systemd blocked other stop/start
    actions making maintainer scripts time out and be killed leaving a broken
    system behind.
    Running unattended-upgrades.service before shutdown.target as a oneshot
    service made it run after unmounting filesystems and scheduling services
    properly on shutdown is a complex problem and adding more services to the
    mix make it even more fragile.
    The solution of monitoring PrepareForShutdown() signal from DBus
    allows Unattended Upgrade to run _before_ the jobs related to shutdown are
    queued thus package upgrades can safely restart services without
    risking causing deadlocks or breaking part of the shutdown actions.
    Also ask running unattended-upgrades to stop when shutdown starts even in
    InstallOnShutdown mode and refactor most of unattended-upgrade-shutdown to
    UnattendedUpgradesShutdown class. (LP: #1778219)
  * Increase logind's InhibitDelayMaxSec to 30s. (LP: #1778219)
    This allows more time for unattended-upgrades to shut down gracefully
    or even install a few packages in InstallOnShutdown mode, but is still a
    big step back from the 30 minutes allowed for InstallOnShutdown previously.
    Users enabling InstallOnShutdown node are advised to increase
    InhibitDelayMaxSec even further possibly to 30 minutes.
    - Add NEWS entry about increasing InhibitDelayMaxSec and InstallOnShutdown
      changes
  * Ignore "W503 line break before binary operator"
    because it will become the best practice and breaks the build
  * Stop using ActionGroups, they interfere with apt.Cache.clear()
    causing all autoremovable packages to be handled as newly autoremovable
    ones and be removed by default. Dropping ActionGroup usage does not slow
    down the most frequent case of not having anything to upgrade and when
    there are packages to upgrade the gain is small compared to the actual
    package installation.
    Also collect autoremovable packages before adjusting candidates because that
    also changed .is_auto_removable attribute of some of them. (LP: #1803749)
    (Closes: #910874)

 -- Balint Reczey <email address hidden> Mon, 26 Nov 2018 13:37:47 +0100

Hello Cs-gon, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Cs-gon, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

I am still affected by this bug (Bionic server installation with the latest updates - 24.01.2019)
Attached: unattended-upgrades.log

@andre-jutisz From the log it looks like unattended-upgrades stops gracefully during shutdown and there are not broken packages upon next invocation.
Do you have other logs that suggest otherwise?

Hello Cs-gon, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

@mathew-hodson Could you please add a comment why you think init-system-helpers is not affected? It could handle service operations better when systemd already queued the shutdown, but since it would not have solved the graceful shutdown of u-u i did not fix it yet.

Verified 1.1ubuntu1.18.04.7~16.04.2 on Xenial:

root@x-uu:~# dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1 "org.freedesktop.login1.Manager.Reboot" boolean:false
method return time=1554982311.759518 sender=:1.1 -> destination=:1.7 serial=19 reply_serial=2
root@x-uu:~#
$
$ lxc shell x-uu
root@x-uu:~# dpkg -l unattended-upgrades | cat
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-===================-==========================-============-===========================================
ii unattended-upgrades 1.1ubuntu1.18.04.7~16.04.2 all automatic installation of security upgrades

root@x-uu:~# cat /var/log/unattended-upgrades/unattended-upgrades.log
2019-04-11 11:31:44,714 INFO Initial blacklisted packages:
2019-04-11 11:31:44,715 INFO Initial whitelisted packages:
2019-04-11 11:31:44,715 INFO Starting unattended upgrades script
2019-04-11 11:31:44,715 INFO Allowed origins are: o=Ubuntu,a=xenial, o=Ubuntu,a=xenial-security, o=UbuntuESM,a=xenial, o=Ubuntu,a=xenial-updates
2019-04-11 11:31:52,034 INFO Initial blacklisted packages:
2019-04-11 11:31:52,034 INFO Initial whitelisted packages:
2019-04-11 11:31:52,035 INFO Starting unattended upgrades script
2019-04-11 11:31:52,035 INFO Allowed origins are: o=Ubuntu,a=xenial, o=Ubuntu,a=xenial-security, o=UbuntuESM,a=xenial, o=Ubuntu,a=xenial-updates
2019-04-11 11:31:59,193 INFO Packages that will be upgraded: snapd ubuntu-core-launcher
2019-04-11 11:31:59,194 INFO Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
2019-04-11 11:32:06,043 INFO All upgrades installed

@rbalint I removed the init-system-helpers task because it was marked as invalid.

I think we should also remove snapd from this bug and open another one if there needs to be more work done. Otherwise, this bug will become confusing

This bug was fixed in the package unattended-upgrades - 1.1ubuntu1.18.04.7~16.04.2

---------------
unattended-upgrades (1.1ubuntu1.18.04.7~16.04.2) xenial; urgency=medium

  * Don't check blacklist too early and report updates from not allowed origins
    as kept back. (LP: #1781176)
  * test/test_blacklisted_wrong_origin.py: Fix and enable test
  * Filter out progress indicator from dpkg log (LP: #1599646)
  * Clear cache when autoremoval fails (LP: #1779157)
  * Find autoremovable kernel packages using the patterns in APT's way
    (LP: #1815494)

unattended-upgrades (1.1ubuntu1.18.04.7~16.04.1) xenial; urgency=medium

  * Start service after systemd-logind.service to be able to take inhibition
    lock (LP: #1806487)
  * Handle gracefully when logind is down (LP: #1806487)

unattended-upgrades (1.1ubuntu1.18.04.7~16.04.0) xenial; urgency=medium

  * Backport to Xenial (LP: #1702793)
  * Revert to build-depending on debhelper (>= 9~) and dh-systemd
  * Revert configuration example changes to avoid triggering a debconf question
  * debian/postinst: Update recovery to be triggered on Xenial's package versions

unattended-upgrades (1.1ubuntu1.18.04.7) bionic; urgency=medium

  * Trigger unattended-upgrade-shutdown actions with PrepareForShutdown()
    Performing upgrades in service's ExecStop did not work when the upgrades
    involved restarting services because systemd blocked other stop/start
    actions making maintainer scripts time out and be killed leaving a broken
    system behind.
    Running unattended-upgrades.service before shutdown.target as a oneshot
    service made it run after unmounting filesystems and scheduling services
    properly on shutdown is a complex problem and adding more services to the
    mix make it even more fragile.
    The solution of monitoring PrepareForShutdown() signal from DBus
    allows Unattended Upgrade to run _before_ the jobs related to shutdown are
    queued thus package upgrades can safely restart services without
    risking causing deadlocks or breaking part of the shutdown actions.
    Also ask running unattended-upgrades to stop when shutdown starts even in
    InstallOnShutdown mode and refactor most of unattended-upgrade-shutdown to
    UnattendedUpgradesShutdown class. (LP: #1778219)
  * Increase logind's InhibitDelayMaxSec to 30s. (LP: #1778219)
    This allows more time for unattended-upgrades to shut down gracefully
    or even install a few packages in InstallOnShutdown mode, but is still a
    big step back from the 30 minutes allowed for InstallOnShutdown previously.
    Users enabling InstallOnShutdown node are advised to increase
    InhibitDelayMaxSec even further possibly to 30 minutes.
    - Add NEWS entry about increasing InhibitDelayMaxSec and InstallOnShutdown
      changes
  * Ignore "W503 line break before binary operator"
    because it will become the best practice and breaks the build
  * Stop using ActionGroups, they interfere with apt.Cache.clear()
    causing all autoremovable packages to be handled as newly autoremovable
    ones and be removed by default. Dropping ActionGroup usage does not slow
    down the most frequent case of not having anything to upgrade a...