package apparmor 2.13.3-7ubuntu4 failed to install/upgrade: end of file on stdin at conffile prompt

Per https://launchpadlibrarian.net/473598993/DpkgHistoryLog.txt, unattended-upgrades is running on this system.

Per https://launchpadlibrarian.net/473598999/modified.conffile..etc.apparmor.d.abstractions.base.txt, /etc/apparmor.d/abstraction/base was modified to include:

  # adds networking to all snaps
  network inet,
  network inet6,

Per https://launchpadlibrarian.net/473598994/DpkgTerminalLog.txt, as part of the upgrade, a prompt was presented:

Configuration file '/etc/apparmor.d/abstractions/base'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ? Your options are:
    Y or I : install the package maintainer's version
    N or O : keep your currently-installed version
      D : show the differences between the versions
      Z : start a shell to examine the situation
 The default action is to keep your current version.
*** base (Y/I/N/O/D/Z) [default=N] ? dpkg: error processing package apparmor (--configure):
 end of file on stdin at conffile prompt

but since the upgrade was unattended, the prompt went unanswered.

You should be able to set things right again with: sudo apt-get -f install

This is not a bug in the apparmor package, so marking this task as Invalid.

Foundations, it seems like unattended-upgrades should be smarter with conffile changes (honestly, I thought it was)? Note, the security also saw this in https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/1871261. Is this a regression?

@jdstrand yes, u-u is designed to avoid such prompts. There could be a regression in doing so.

This has happened more than just these two cases, the timing was just enough for me to enquire about it.

sarnold@millbarge:~/.mail_cache$ grep -r 'end of file on stdin at conffile prompt' | wc -l
74

Thanks

@jdstrand I tried reproducing the issue with ufw, but u-u seems to be working ok, or it is not failing all the time at least when config files are changed. A reliable way of reproducing the issue would be nice, but I'll keep thinking.

@jdstrand @seth-arnold I may have fixed the issue in 2.2, please monitor if it occurs again with 2.2 which hopefully gets accepted today.

Thanks!

Thanks Balint! I gave a very quick read to the 2.2 debdiff and couldn't spot the fix, though -- I'd just like to double-check that the fix made it to the packaging.

Thanks

This bug was fixed in the package unattended-upgrades - 2.3

---------------
unattended-upgrades (2.3) unstable; urgency=medium

  * Fix checking if Python regexp is also a POSIX regexp
  * Prepend implied '^' when converting Python regex to a POSIX one
  * Blacklist not trusted packages and ones with conffile prompts
    instead of just pinning them once with NEVER_PIN which is can be cleared
    later. (LP: #1871615) (Closes: #956339)

 -- Balint Reczey <email address hidden> Tue, 14 Apr 2020 00:37:21 +0200