unattended-upgrade hangs on shutdown when network is required for updates

Bug #1723761 reported by Juergen Scholz on 2017-10-15
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
unattended-upgrades (Ubuntu)

Bug Description

Recently an update for flashplugin-installer on xenial was available in the ubuntu repositories.

During the installation of this package a blob is downloaded from Adobe servers, which requires network connectivity/internet access.

Because the network interface(s) have already stopped when this package is installed, the server cannot be reached, thus blocking the shutdown process until a timeout kills the unattended-upgrades process.

On my machines the shutdown takes about 30 minutes in this case. The systemd configuration is standard here, except for a few additional services.

A possible fix could be adding After=network-online.target NetworkManager-wait-online.service to After= in the systemd unit file.

As a workaround I pinned the flashplugin-installer to -1:
#echo >/etc/apt/preferences.d/forbid_flashplugin "\
Package: flashplugin-installer
Pin: release *
Pin-Priority: -1";

Balint Reczey (rbalint) wrote :

There are two modes of running u-u chosen by setting Unattended-Upgrade::InstallOnShutdown to "false" (default) or "true".

When InstallOnShutdown is "false" apt's apt-daily-upgrade.service runs u-u thus this service needs to ensure that network is still up, to not break similar packages.

Note that while vast majority of packages do not need network connection during installation a small fraction of them do perform downloads thus apt's service should try to keep the network up.

When InstallOnShutdown is "true" unattended-upgrades.service is responsible for keeping the network connection up and I believe versions starting with 0.93.1+nmu1 are fixed.

Changed in unattended-upgrades (Ubuntu):
status: New → Fix Released
Julian Andres Klode (juliank) wrote :

grr. So we actually need to add an After=network.target there for shutdown. For start up, we actually also need to do the whole network-online dance, meaning

<= 1.4.y:
 After=network-online.target Wants=network-online.target

>= 1.5.y:

 After=network.target network-online.target systemd-networkd.service NetworkManager.service connman.service
 ExecStartPre=-/usr/lib/apt/apt-helper wait-online

(basically, just copy that stuff from apt-daily.service)

Installer packages are fun!

Changed in unattended-upgrades (Ubuntu):
importance: Undecided → High
Changed in apt (Ubuntu):
importance: Undecided → High
status: New → Triaged
Julian Andres Klode (juliank) wrote :

I guess I'll really have to do 1.6~alpha1 finally this week, so I'll put it in there, and after we have verified and migrated the old SRUs, we can do SRUs for stable releases as well (1.2.26, 1.4.9, 1.5.1).

This really is the APT problem with the most fixups ever :D :(

Changed in apt (Ubuntu):
status: Triaged → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 1.7.0~alpha1

apt (1.7.0~alpha1) experimental; urgency=medium

  [ Julian Andres Klode ]
  * CMake: Fix builds without zstd
  * apt.conf.autoremove: Catch some new Ubuntu module packages
  * Fix build with new gtest (Closes: #897149)
  * tests: Do not expect requested-by if sudo was invoked by root
  * Run tests on GitLab CI
  * Handle a missed case of timed out ip addresses (LP: #1766542)
  * Lower default timeout from 120s to 30s
  * apt-key: Pass all instead of gpg-agent to gpgconf --kill (LP: #1773992)
  * Fix lock counting in debSystem
  * CI: Export DEBIAN_FRONTEND=noninteractive in all CI environments
  * Ensure that we are online in apt-daily-upgrade.service (LP: #1723761)
  * gitlab-ci: chmod 755 /root

  [ David Kalnischkies ]
  * move special READMEs into doc/ and format as md
  * Add boilerplate plural form to po/apt-all.pot
  * don't try SRV requests based on IP addresses
  * use instead of localhost as default Tor proxy
  * Extend apt build-dep pkg/release to switch dep as needed
  * Support release selector for volatile files as well
  * Start pkg records for deb files with dpkg output
  * Deprectate buggy/incorrect Rls/PkgFile::IsOk methods
  * Support --with-source in show & search commands
  * Support local files as arguments in show command (Closes: 883206)
  * Drop alternative URIs we got a hash-based fail from
  * Handle by-hash URI construction more centrally
  * Don't force the same mirror for by-hash URIs
  * Reword error for timed out read/write on SOCKS proxy (Closes: #898886)
  * Don't show acquire warning for "hidden" components (Closes: #879591)
  * Use a steady clock source for progress reporting
  * Use steady clock source for bandwidth limitation

  [ Guillem Jover ]
  * Remove obsolete RCS keywords
  * Normalize authors through a mailmap file
  * po: Fill Project-Id-Version with correct project id and version
  * po: Fix translated string not matching format string arguments
  * po: Fix Language field to match actual locale
  * po: Remove spurious text in Plural-Forms field
  * po: Add missing Plural-Forms fields

  [ Filipe Brandenburger ]
  * Update .gitignore
  * Increase debug verbosity in `apt-get autoremove`
  * Extend test-apt-get-autoremove to check debug output

  [ annadane ]
  * Add verb 'be' to NEWS entry for 1.5~beta1 (Closes: 892792)

  [ Алексей Шилин ]
  * Russian program translation update (Closes: 898797)

  [ Frans Spiesschaert ]
  * Dutch program translation update (Closes: #900589)
  * Dutch manpage translation update (Closes: #900602)

 -- Julian Andres Klode <email address hidden> Mon, 25 Jun 2018 17:12:30 +0200

Changed in apt (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers