Only keep 2 kernels

Bug #1968154 reported by Julian Andres Klode
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Fix Released
High
Julian Andres Klode
Bionic
Fix Committed
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Impish
Fix Released
Undecided
Unassigned

Bug Description

[Impact]
APT currently keeps 3 kernels or even 4 in some releases. Our boot partition is sized for a steady state of 2 kernels + 1 new one being unpacked, hence users run out of space and new kernels fail to install, upgrade runs might abort in the middle. It's not nice.

[Test plan]
1. Have two kernels installed (let's call them version 3, 2)
2. Check that both kernels are not autoremovable
3. Install an old kernel (let's call it 1), and mark it automatic
4. Check that 1 will be autoremovable (apt autoremove -s)
5. Reboot into 1, check that 2 is autoremovable (apt autoremove -s)
6. Actually remove 2
7. Reboot into 3 and check that both 1 and 3 are now not autoremovable

[Where problems could occur]
We could keep the wrong kernels installed that the user did not expect.

We remove the requirement to keep the most recently installed version, previously recorded in APT::LastInstalledKernel, to achieve this, as we had 3 hard requirements so far:

1. keep booted kernel
2. keep highest version
3. keep most recently installed

1 can't be removed as it would break running systems, 2 is what you definitely want to keep.

During normal system lifetime, the most recently installed kernel is the same as the highest version, so 2==3, and there are no changes to behavior.

Likewise, if you most recently installed an older kernel manually for debugging, it would be manually installed and not subject to removal, even if the rule is dropped.

The behavior really only changes if you install an older kernel, and then mark it auto - that older kernel becomes automatically removable immediately after it is marked as auto.

description: updated
description: updated
Changed in apt (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Julian Andres Klode (juliank)
tags: added: fr-2155
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 2.4.5

---------------
apt (2.4.5) unstable; urgency=medium

  * Only protect two kernels, not last installed one (LP: #1968154)
  * Fix segfault in CacheSetHelperAPTGet::tryVirtualPackage()

 -- Julian Andres Klode <email address hidden> Fri, 08 Apr 2022 12:22:23 +0200

Changed in apt (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Julian Andres Klode (juliank) wrote :

unattended-upgrades in jammy did not need a change, we'll see if SRUs will need changes, hence keeping the task so we can add them later on without having to reset to launchpad API shenanigans.

description: updated
Changed in unattended-upgrades (Ubuntu):
status: New → Invalid
Changed in apt (Ubuntu Impish):
status: New → In Progress
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Can you mention a bit more about the APT::LastInstalledKernel logic usage removal in this SRU? What was it used before? Since right now this SRU seems to be dropping its use + only keeping track of 2 kernels, can you help me understand the implications of that (as I didn't know about this logic before)?

Revision history for this message
Julian Andres Klode (juliank) wrote :

@sil2100 Added that to regression potential. It was used to keep the third kernel. There was some misunderstanding how that affects the set calculated.

I noticed that 2.0.7 and 2.3.9ubuntu0.1 had the wrong version in maintainer scripts, so I will have to upload a fixed 2.0.8 for the former (it has proper upstream release, and possibly other downstreams), and replace 2.3.9ubuntu0.1 with a newer one.

description: updated
Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello Julian, or anyone else affected,

Accepted apt into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/2.3.9ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-impish. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in apt (Ubuntu Impish):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-impish
Changed in apt (Ubuntu Focal):
status: New → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Julian, or anyone else affected,

Accepted apt into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/2.0.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in apt (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed-bionic
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Julian, or anyone else affected,

Accepted apt into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.6.15 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (apt/2.3.9ubuntu0.1)

All autopkgtests for the newly accepted apt (2.3.9ubuntu0.1) for impish have finished running.
The following regressions have been reported in tests triggered by the package:

reprotest/0.7.16 (s390x, amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/impish/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (apt/2.0.8)

All autopkgtests for the newly accepted apt (2.0.8) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

reprotest/0.7.14 (ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (apt/1.6.15)

All autopkgtests for the newly accepted apt (1.6.15) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

autopkgtest/5.3.1ubuntu1.1 (i386)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

no longer affects: unattended-upgrades (Ubuntu Impish)
no longer affects: unattended-upgrades (Ubuntu Focal)
no longer affects: unattended-upgrades (Ubuntu Bionic)
no longer affects: unattended-upgrades (Ubuntu)
description: updated
Revision history for this message
Julian Andres Klode (juliank) wrote :

Verified impish 2.3.9ubuntu0.1

Log:
1. (in 1016) started with 5.13.0-1016-kvm; installed 5.13.0-1022-kvm
2. (in 1016) no kernels to autoremove
3. (in 1016) installed linux-image-5.13.0-1011-kvm linux-modules-5.13.0-1011-kvm, and marked auto
4. (in 1016) SUCCESS: autoremove would remove 1011
5. (in 1011) SUCCESS: After reboot into 1011, 1016 is autoremovable (*1)
7. (in 1022) SUCCESS: After reboot into 1022, both 1011 and 1022 are kept

(*1) There is a bug in the image used by lxd: The 1016 kernel that was preinstalled on the image was marked as manually installed, this was corrected with apt-mark auto linux-.*-5.13.0-1016-kvm

tags: added: verification-done-impish
removed: verification-needed-impish
Revision history for this message
Jarno Suni (jarnos) wrote :

Test passed for apt 2.0.8

tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 2.3.9ubuntu0.1

---------------
apt (2.3.9ubuntu0.1) impish; urgency=medium

  * Only protect two kernels, not last installed one (LP: #1968154)
  * Point to impish in gitlab-ci and gbp.conf

 -- Julian Andres Klode <email address hidden> Mon, 25 Apr 2022 16:14:41 +0200

Changed in apt (Ubuntu Impish):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for apt has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 2.0.8

---------------
apt (2.0.8) focal; urgency=medium

  * Adjust conffile removal version in postinst and maintscript; followup
    fix for (LP: #1968154)

apt (2.0.7) focal; urgency=medium

  * Revert "Protect currently running kernel at run-time"
  * Backport Determine autoremovable kernels at run-time (LP: #1615381) as of
    2.4.5; including the change to only protect two kernels, not last installed
    one (LP: #1968154)

 -- Julian Andres Klode <email address hidden> Mon, 25 Apr 2022 15:58:46 +0200

Changed in apt (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
David Röthlisberger (drothlis) wrote :

This is causing me trouble building a focal (20.04) userspace from scratch:

    $ dpkg --configure -a
    [...]
    Setting up apt (2.0.8) ...
    /var/lib/dpkg/info/apt.postinst: 65: /etc/kernel/postinst.d/apt-auto-removal: not found
    dpkg: error processing package apt (--configure):
     installed apt package post-installation script subprocess returned error exit status 127

It works with apt 2.0.6.

I think it's because the patch[1] removes `/etc/kernel/postinst.d/apt-auto-removal`:

    diff --git a/debian/rules b/debian/rules
    index 7997739..8a110f7 100755
    --- a/debian/rules
    +++ b/debian/rules
    @@ -29,7 +29,6 @@ override_dh_install-arch:
      dh_install -papt -Xmethods/curl -Xmethods/curl+https -Xmethods/curl+http
      dh_install --remaining
      install -m 644 debian/apt.conf.autoremove debian/apt/etc/apt/apt.conf.d/01autoremove
    - install -m 755 debian/apt.auto-removal.sh debian/apt/etc/kernel/postinst.d/apt-auto-removal

     override_dh_gencontrol:
      dh_gencontrol -- -Vapt:keyring="$(shell ./vendor/getinfo keyring-package)"

...but `apt.postinst` still contains this:

    # create kernel autoremoval blacklist on update
    if dpkg --compare-versions "$2" lt 0.9.9.3; then
        /etc/kernel/postinst.d/apt-auto-removal
    fi

Since I'm building this from scratch, "$2" (the most-recently-configured-version) is empty, and `dpkg --compare-versions lt` returns true.

[1]: https://git.launchpad.net/ubuntu/+source/apt/commit/?id=f9d2d993687c0d5223c241956ef6a0aabcf15bf0

Revision history for this message
Julian Andres Klode (juliank) wrote :

Please create a new bug for that regression, thanks for noticing!

Revision history for this message
David Röthlisberger (drothlis) wrote :

Raised #1974456.

Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Julian, or anyone else affected,

Accepted apt into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.6.16 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Chris Halse Rogers (raof) wrote :

Hello Julian, or anyone else affected,

Accepted apt into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.6.17 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (apt/1.6.17)

All autopkgtests for the newly accepted apt (1.6.17) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

unattended-upgrades/1.1ubuntu1.18.04.14 (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers