Ubuntu
apparmor package

package apparmor 2.12-4ubuntu5.3 failed to install/upgrade: new apparmor package pre-installation script subprocess returned error exit status 1

Bug #2032851 reported by Ravi
238
This bug affects 48 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Critical
Georgia Garcia
Focal
Fix Released
Critical
Georgia Garcia

Bug Description

[ Impact ]

 * During an apparmor package upgrade, the cache files were
   deleted, but there could also be directories under
   /etc/apparmor.d/cache/ which the pre installation scripts did
   not account for. The upgrade would then fail with the
   following error message because it would not be able to remove
   the directories:

 package:apparmor:2.12-4ubuntu5.3
 Preparing to unpack .../16-apparmor_2.13.3-7ubuntu5.2_amd64.deb ...
 rm: cannot remove '/etc/apparmor.d/cache/bf9d6da9.0': Is a directory
 dpkg: error processing archive /tmp/apt-dpkg-install-InP0fz/16-apparmor_2.13.3-7ubuntu5.2_amd64.deb (--unpack):
  new apparmor package pre-installation script subprocess returned error exit status 1
ErrorMessage: new apparmor package pre-installation script subprocess returned error exit status 1

[ Test Plan ]

 * On a bionic machine, create a directory under
/etc/apparmor.d/cache

sudo mkdir /etc/apparmor.d/cache/test

 * To simulate a system upgrade to focal, you can run the following steps

1. Add the focal archive

sudo bash -c "cat <<EOF >/etc/apt/sources.list.d/apparmor-focal.list
deb http://archive.ubuntu.com/ubuntu/ focal restricted main multiverse universe
EOF"

2. Set up preferences so not all packages are upgraded from focal

sudo bash -c "cat <<EOF >/etc/apt/preferences.d/apparmor-focal
Package: *
Pin: release a=focal
Pin-Priority: 400
EOF"

3. Install only apparmor from focal

sudo apt-get install apparmor/focal

4. Notice that the error occurs:

The following packages will be upgraded:
  apparmor
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/494 kB of archives.
After this operation, 99.3 kB of additional disk space will be used.
Preconfiguring packages ...
(Reading database ... 220084 files and directories currently installed.)
Preparing to unpack .../apparmor_2.13.3-7ubuntu5_amd64.deb ...
rm: cannot remove '/etc/apparmor.d/cache/test': Is a directory
dpkg: error processing archive /var/cache/apt/archives/apparmor_2.13.3-7ubuntu5_amd64.deb (--unpack):
 new apparmor package pre-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 /var/cache/apt/archives/apparmor_2.13.3-7ubuntu5_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

[ Where problems could occur ]

 * Since the cache files are being removed, they will have to be
   recreated next time apparmor runs.

-----------------------------------------------------
Original bug description
-----------------------------------------------------

package install error

ProblemType: Package
DistroRelease: Ubuntu 20.04
Package: apparmor 2.12-4ubuntu5.3
ProcVersionSignature: Ubuntu 4.15.0-213.224-generic 4.15.18
Uname: Linux 4.15.0-213-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.27
Architecture: amd64
CasperMD5CheckResult: skip
Date: Thu Aug 24 02:35:35 2023
DuplicateSignature:
 package:apparmor:2.12-4ubuntu5.3
 Preparing to unpack .../16-apparmor_2.13.3-7ubuntu5.2_amd64.deb ...
 rm: cannot remove '/etc/apparmor.d/cache/bf9d6da9.0': Is a directory
 dpkg: error processing archive /tmp/apt-dpkg-install-InP0fz/16-apparmor_2.13.3-7ubuntu5.2_amd64.deb (--unpack):
  new apparmor package pre-installation script subprocess returned error exit status 1
ErrorMessage: new apparmor package pre-installation script subprocess returned error exit status 1
InstallationDate: Installed on 2023-08-22 (1 days ago)
InstallationMedia: Ubuntu 14.04.5 LTS "Trusty Tahr" - Release amd64 (20160803)
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-4.15.0-213-generic root=UUID=c5495aa8-cf2c-4042-a2ea-4533e9343808 ro quiet splash vt.handoff=1
Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 3.8.2-0ubuntu2
PythonDetails: N/A
RelatedPackageVersions:
 dpkg 1.19.7ubuntu3.2
 apt 2.0.9
SourcePackage: apparmor
Syslog:
 Aug 24 02:04:25 adminn-Lenovo-V110-15ISK dbus-daemon[4678]: [session uid=1000 pid=4678] AppArmor D-Bus mediation is enabled
 Aug 24 02:05:26 adminn-Lenovo-V110-15ISK dbus-daemon[856]: [system] AppArmor D-Bus mediation is enabled
 Aug 24 02:05:31 adminn-Lenovo-V110-15ISK dbus-daemon[1021]: [session uid=124 pid=1021] AppArmor D-Bus mediation is enabled
 Aug 24 02:06:04 adminn-Lenovo-V110-15ISK dbus-daemon[1506]: [session uid=1000 pid=1506] AppArmor D-Bus mediation is enabled
 Aug 24 03:39:11 adminn-Lenovo-V110-15ISK dbus-daemon[9963]: [session uid=0 pid=9956] AppArmor D-Bus mediation is enabled
Title: package apparmor 2.12-4ubuntu5.3 failed to install/upgrade: new apparmor package pre-installation script subprocess returned error exit status 1
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Ravi (zeno1209) wrote :
Leonidas S. Barbosa (leosilvab)
information type: Private Security → Public
Apport retracing service (apport)
tags: removed: need-duplicate-check
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status: New → Confirmed
Revision history for this message
Trevor Dearham (fydon) wrote (last edit ):

This occurs when updating from Ubuntu 18.04 to 20.04. I have a few instances that I'm trying to update to Ubuntu 22.04, but this issue is preventing them from updating. I was able to perform the update a few times earlier this week and over the past few weeks. I successfully performed test updates on multiple clones and then successfully on the actual instances prior to this week.

Revision history for this message
G (gkzf) wrote (last edit ):

Had this when updating from ubuntu (with unity) 18.4 to 20.04 Yesterday (27 Aug)

Possible Work around?
Moved bf9d6da9.0 to desktop (Moved, just in case was not a solution as had tried re-namaing, with no effect)
sudo apt-get install -f, then ran ok.

afterwards noted that etc/../cache/ & desktop/bf9d6da9.0 no longer present on the system

NB - to do this had to use back version of Ubuntu, as new version did not load.

Revision history for this message
Trevor Dearham (fydon) wrote (last edit ):

I'm not sure if G is saying something similar above, but I found that deleting all the subfolders in cache when still on Ubuntu 18.04 allows for do-release-upgrade to complete successfully:

sudo find /etc/apparmor.d/cache/* -type d -exec rm -r {} \;

There were other files in the cache folder, but I assume that rm can handle those. I wasn't sure if it was safe to delete the cache folder, but it didn't appear to be present after do-release-upgrade completed.

Revision history for this message
G (gkzf) wrote (last edit ):

In essences Trevor - yes.
I moved the directory, as i would have moved it back if the update had not been succeeded. (Being cautions)

To clarify, the move and running the fix install was after I had rebooted using previous 18.04 kernel set up, as the 20.04 was not complete/bootable.
So effectively running incomplete 20.04, under 18.04, (and therefore Libra Office and other applications did not run).
I hope that make sense.

Revision history for this message
Principal (dandu-01) wrote :

This bug is trying to boot my system late

Revision history for this message
No (thanks7) wrote :

I seem to be having the same trouble as the rest of you. Similar issues and messages were popping up during the attempted install. I am a fairly new user and have no idea how to fix this. If given instructions and a simple line of code I DO know how to open a terminal window and type in commands LOL.
Will someone email me when a solution is found?
Thanks a ton!

Revision history for this message
Georgia Garcia (georgiag) wrote :

I'm attaching the debdiff that fixes this issue on the apparmor pre-install script.

description: updated
Changed in apparmor (Ubuntu):
assignee: nobody → Georgia Garcia (georgiag)
Georgia Garcia (georgiag)
Changed in apparmor (Ubuntu):
status: Confirmed → In Progress
Georgia Garcia (georgiag)
Changed in apparmor (Ubuntu):
importance: Undecided → Critical
Revision history for this message
Lukas Märdian (slyon) wrote :

Targetted to the Focal series and removed the ~ubuntu-sponsors team, as the debdiff got already sponsored into Focal and does not affect the newer series (Jammy+): https://launchpad.net/ubuntu/focal/+queue?queue_state=1&queue_text=apparmor

Changed in apparmor (Ubuntu Focal):
assignee: nobody → Georgia Garcia (georgiag)
status: New → In Progress
Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
Changed in apparmor (Ubuntu Focal):
importance: Undecided → Critical
Revision history for this message
Alex Tu (alextu) wrote :

Hi there, I appreciate the great work to fix this issue. We have some AWS Ubuntu instance waiting for this release on Focal to upgrade from 18.04 to 20.04. Do you think there's an expected date that we can get the new AppArmor from the generic focal pocket instead of Proposed pocket?

Revision history for this message
Trevor Dearham (fydon) wrote :

Hi Alex. Have you tried applying the workaround I mentioned above before attempting the update, namely `sudo find /etc/apparmor.d/cache/* -type d -exec rm -r {} \;`? Using that allowed the update of many instances to work without any related problems.

Revision history for this message
Andreas Hasenack (ahasenack) wrote : Please test proposed package

Hello Ravi, or anyone else affected,

Accepted apparmor into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apparmor/2.13.3-7ubuntu5.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in apparmor (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-focal
Revision history for this message
Georgia Garcia (georgiag) wrote :
Download full text (4.9 KiB)

Verification from proposed was successful:

georgia@sec-bionic-amd64:~$ sudo bash -c "cat <<EOF >/etc/apt/sources.list.d/apparmor-focal.list
> deb http://archive.ubuntu.com/ubuntu/ focal-proposed restricted main multiverse universe
> EOF"
 georgia@sec-bionic-amd64:~$ sudo bash -c "cat <<EOF >/etc/apt/preferences.d/apparmor-focal
> Package: *
> Pin: release a=focal-proposed
> Pin-Priority: 400
> EOF"
 georgia@sec-bionic-amd64:~$ sudo apt update
...

georgia@sec-bionic-amd64:~$ sudo mkdir /etc/apparmor.d/cache/test
georgia@sec-bionic-amd64:~$ sudo apt-get install apparmor/focal-proposed
Reading package lists... Done
Building dependency tree
Reading state information... Done
Selected version '2.13.3-7ubuntu5.3' (Ubuntu:20.04/focal-proposed [amd64]) for 'apparmor'
The following packages were automatically installed and are no longer required:
  gir1.2-goa-1.0 gir1.2-snapd-1
Use 'sudo apt autoremove' to remove them.
Suggested packages:
  apparmor-profiles-extra apparmor-utils
The following packages will be upgraded:
  apparmor
1 upgraded, 0 newly installed, 0 to remove and 154 not upgraded.
Need to get 502 kB of archives.
After this operation, 125 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 apparmor amd64 2.13.3-7ubuntu5.3 [502 kB]
Fetched 502 kB in 1s (375 kB/s)
Preconfiguring packages ...
(Reading database ... 183583 files and directories currently installed.)
Preparing to unpack .../apparmor_2.13.3-7ubuntu5.3_amd64.deb ...
Unpacking apparmor (2.13.3-7ubuntu5.3) over (2.12-4ubuntu5.3) ...
Setting up apparmor (2.13.3-7ubuntu5.3) ...
Installing new version of config file /etc/apparmor.d/abstractions/X ...
Installing new version of config file /etc/apparmor.d/abstractions/apache2-common ...
Installing new version of config file /etc/apparmor.d/abstractions/apparmor_api/is_enabled ...
Installing new version of config file /etc/apparmor.d/abstractions/audio ...
Installing new version of config file /etc/apparmor.d/abstractions/base ...
Installing new version of config file /etc/apparmor.d/abstractions/dovecot-common ...
Installing new version of config file /etc/apparmor.d/abstractions/fonts ...
Installing new version of config file /etc/apparmor.d/abstractions/freedesktop.org ...
Installing new version of config file /etc/apparmor.d/abstractions/gnome ...
Installing new version of config file /etc/apparmor.d/abstractions/ibus ...
Installing new version of config file /etc/apparmor.d/abstractions/kde ...
Installing new version of config file /etc/apparmor.d/abstractions/kerberosclient ...
Installing new version of config file /etc/apparmor.d/abstractions/ldapclient ...
Installing new version of config file /etc/apparmor.d/abstractions/mdns ...
Installing new version of config file /etc/apparmor.d/abstractions/nameservice ...
Installing new version of config file /etc/apparmor.d/abstractions/nvidia ...
Installing new version of config file /etc/apparmor.d/abstractions/php ...
Installing new version of config file /etc/apparmor.d/abstractions/postfix-common ...
Installing new version of config file /etc/apparmor.d/abstractions/private-files ...
Installing new version of config file...

Read more...

tags: added: verification-done verification-done-focal
removed: verification-needed verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.13.3-7ubuntu5.3

---------------
apparmor (2.13.3-7ubuntu5.3) focal; urgency=medium

  * apparmor.preinst: recursively remove cache directories during a
    upgrade. (LP: #2032851)

 -- Georgia Garcia <email address hidden> Tue, 10 Oct 2023 09:20:12 -0300

Changed in apparmor (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for apparmor has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.