Interactive prompt during non-interactive install

Ah, looks like this is a fault with apt-get for not detecting a non-interactive install.

Status changed to 'Confirmed' because the bug affects multiple users.

This bug hits me via an automated install of Ansible which brings in libssl as a dependency. There is a functional workaround mentioned here which works for me --> https://github.com/hashicorp/vagrant/issues/10914#issuecomment-503055527 but it is a bit ugly.

This exact problem seem to appear in appears in AWS when launching an EC2 instance with the Ubuntu Server 18.04 LTS (HVM), SSD Volume Type - ami-0c55b159cbfafe1f0 (64-bit x86) / ami-0f2057f28f0a44d06 (64-bit Arm)

Looks like it was introduced by this: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1832522

Thank you for taking the time to report this bug and helping to make Ubuntu better.

> `apt-get install -y -qq ansible`

This does not guarantee a non-interactive run. If you want a non-interactive run, you must use all the necessary parameters. For example:

UCF_FORCE_CONFOLD=1 DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -qq -y install ansible

See the dpkg and ucf documentation to set the default behaviour as you actually want it.

Perhaps this could be better documented in apt-get(8). The -y option there refers to apt-get itself only and does not apply to underlying dpkg behaviour and debconf and ucf calls that might be called from maintainer scripts that need to interact with the user.

Unfortunately my example above isn't a complete answer either, since there is no unified "must run non-interactively" directive that individual package maintainer scripts must follow. In general though they tend to use dpkg's built-in handling, debconf and ucf when prompting the user is required, so this should cover most (99%+?) cases.

It's valid to say that we could do with a better unified way of achieving non-interactivity. However, in today's current design, if you're not calling apt-get with the appropriate parameters as in my example above, then it's your script that isn't correctly calling for non-interactivity. All configuration management tooling that expects non-interactivity needs to be doing this, and this isn't a workaround - it's the official CLI interface.

Bug 1747464 is related, though that relates to the default conffile state in our cloud images, so is a more specific instance of the problem where _interactive_ use causes unnecessary prompts.

This bug is not valid for openssl, because it isn't a bug for it to prompt in itself. It is perhaps valid for ansible if ansible itself incorrectly assumes non-interactivity without requesting it correctly - I don't if that's the case specifically with Ubuntu's ansible package; if it is, please describe the detail and change that bug status back to New.

It would be a valid feature request for Ubuntu to request a more unified way of requesting non-interactivity, though that would be a major effort as it would require changes across the stack, and wouldn't be of particularly high priority as we have a good enough (if non-obvious) way of achieving the same thing today (my example above). Specific requests to make this clear in documentation would also be valid. Please file separate bugs for those if you wish. I hope though that I've described adequately above why the behaviour you describe isn't itself a bug in the base packages.

I have some automatic scripts stopped to work recently. This is not a feature, this is a bug and should be fixed.

Robie: We had one of our automated builds start failing due to this. We were using only -y and DEBIAN_FRONTEND=noninteractive (wrongly thinking that was enough).

I've now changed to

sudo apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y install $(cat requirements-ubuntu.txt)

and with DEBCONF_NONINTERACTIVE_SEEN=true, DEBIAN_FRONTEND=noninteractive and UCF_FORCE_CONFOLD=1 in the environment. But the prompt when configuring libssl1.1 still shows up, so the job hangs :(

Robie: Nevermind, I was not setting up the env vars correctly. Sorry for the noise.