Running 'unattended-upgrades --dry-run' reboots the machine

Bug #1269177 reported by Tom Eastman on 2014-01-14
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
unattended-upgrades (Ubuntu)
High
Brian Murray
Xenial
Undecided
Brian Murray
Zesty
Undecided
Brian Murray
Artful
Undecided
Brian Murray
Bionic
High
Brian Murray

Bug Description

Impact
------
An Ubuntu system will unexpectedly reboot if reboot-required exists and you run unattended-upgrades in dry-run mode.

Test Case
---------
1) modify /etc/apt/apt.conf.d/50unattended-upgrades so that Automatic-Reboot is true
2) Ensure all updates are installed
3) sudo touch /var/run/reboot-required
4) run 'sudo unattended-upgrades --dry-run'
5) watch the system reboot

With the version of unattended-upgrades from -proposed the system will not reboot.

Regression Potential
--------------------
This checks to see if the --dry-run switch is passed to unattended-upgrades before calling the reboot function. I guess it would be a regression to people who expect the system to reboot but that seems like a very strange corner case.

Original Description
--------------------
Much to my surprise, when I did a dry-run test of unattended-upgrades my server was forcibly rebooted. I must have had the file '/var/run/reboot-required' present.

But needless to say: a --dry-run should NOT perform a reboot of the server with zero warning. Seriously.

Output from /var/log/unattended-upgrades.log

2014-01-15 11:14:26,474 INFO Initial blacklisted packages:
2014-01-15 11:14:26,474 INFO Starting unattended upgrades script
2014-01-15 11:14:26,475 INFO Allowed origins are: ['o=Ubuntu,a=precise-security']
2014-01-15 11:14:35,846 INFO Option --dry-run given, *not* performing real actions
2014-01-15 11:14:35,846 INFO Packages that are upgraded: bind9-host dnsutils libbind9-80 libdns81 libisc83 libisccc80 libisccfg82 liblwres80 libssl1.0.0 linux-generic-pae linux-headers-generic-pae linux-image-generic-pae linux-libc-dev openssl
2014-01-15 11:14:35,847 INFO Writing dpkg log to '/var/log/unattended-upgrades/unattended-upgrades-dpkg_2014-01-15_11:14:35.846820.log'
2014-01-15 11:15:10,610 INFO All upgrades installed
2014-01-15 11:15:10,611 WARNING Found /var/run/reboot-required, rebooting

Version: 0.76ubuntu1

As an aside, it makes a lot of sense to me to put the reboot on a timer, even if it's only a one minute (i.e. shutdown -r 1). That would have at least given me a chance to prevent the reboot if I had seen the warning. If that's a configuration setting I don't see it anywhere.

Related branches

Tom Eastman (tveastman) wrote :

To be clear, I did have:

Unattended-Upgrade::Automatic-Reboot "true";

But I still feel a reboot shouldn't actually happen during a '--dry-run'.

Changed in unattended-upgrades (Ubuntu):
assignee: nobody → Brian Murray (brian-murray)
status: New → Triaged
importance: Undecided → High
Changed in unattended-upgrades (Ubuntu):
status: Triaged → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 0.82.1ubuntu1

---------------
unattended-upgrades (0.82.1ubuntu1) trusty; urgency=medium

  * debian/tests/control: Add missing python-apt test dependency, so that
    tests also work with Python 2.
 -- Martin Pitt <email address hidden> Tue, 25 Feb 2014 09:45:18 +0100

Changed in unattended-upgrades (Ubuntu):
status: Fix Committed → Fix Released
Denis Nikolaenko (geckoneer) wrote :

The bug is still reproducible in xenial.

----------------------
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial

# grep Automatic-Reboot /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Automatic-Reboot "true";
//Unattended-Upgrade::Automatic-Reboot-Time "02:00";

# dpkg -l unattended-upgrades
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-===========================================-==========================-==========================-===========================================================================================
ii unattended-upgrades 0.90ubuntu0.8 all automatic installation of security upgrades

# touch /var/run/reboot-required

# unattended-upgrades --dry-run

(System reboots)

Brian Murray (brian-murray) wrote :

I was unable to recreate this given the test case you've provided. Here's the end of my unattended-upgrade dry-run with --verbose:

thunderbird-gnome-support:amd64 thunderbird-locale-en-us:all xserver-common:all xserver-xorg-core:amd64 xul-ext-ubufox:all liblouis-data:all liblouis9:amd64 python3-louis:all
/usr/bin/dpkg --status-fd 73 --configure --pending
All upgrades installed

The last line is a lie.

bdmurray@clean-xenial-amd64:~$ apt-cache policy unattended-upgrades
unattended-upgrades:
  Installed: 0.90ubuntu0.8
  Candidate: 0.90ubuntu0.8
  Version table:
 *** 0.90ubuntu0.8 500
        500 http://192.168.10.7/ubuntu xenial-updates/main amd64 Packages
        500 http://192.168.10.7/ubuntu xenial-updates/main i386 Packages
        100 /var/lib/dpkg/status
     0.90ubuntu0.1 500
        500 http://192.168.10.7/ubuntu xenial-security/main amd64 Packages
        500 http://192.168.10.7/ubuntu xenial-security/main i386 Packages
     0.90 500
        500 http://192.168.10.7/ubuntu xenial/main amd64 Packages
        500 http://192.168.10.7/ubuntu xenial/main i386 Packages
N: Ignoring file '50unattended-upgrades.ucf-dist' in directory '/etc/apt/apt.conf.d/' as it has an invalid filename extension
bdmurray@clean-xenial-amd64:~$ grep Automatic-Reboot /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Automatic-Reboot "true";
//Unattended-Upgrade::Automatic-Reboot-Time "02:00";
bdmurray@clean-xenial-amd64:~$ file /var/run/reboot-required
/var/run/reboot-required: empty

Can you provide any more details about how this happened? Does your unattended-upgrades log file include information about the reboot?

From the code:
    # reboot at the specified time
    when = apt_pkg.config.find(
        "Unattended-Upgrade::Automatic-Reboot-Time", "now")
    if shutdown_lock > 0:
        os.close(shutdown_lock)
    logging.warning("Found %s, rebooting" % REBOOT_REQUIRED_FILE)
    subprocess.call(["/sbin/shutdown", "-r", when])

Thanks in advance!

Denis Nikolaenko (geckoneer) wrote :

I was able to reproduce it in a freshly installed VM (VMware).

----------------------
root@ubuntu:~# egrep -v '(^\s*//.*$|^\s*$)' /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        "${distro_id}ESM:${distro_codename}";
};
Unattended-Upgrade::Package-Blacklist {
};
Unattended-Upgrade::Automatic-Reboot "true";

root@ubuntu:~# uname -a
Linux ubuntu 4.4.0-104-generic #127-Ubuntu SMP Mon Dec 11 12:16:42 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

root@ubuntu:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial

root@ubuntu:~# apt-get update && apt-get dist-upgrade -y
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Hit:2 http://us.archive.ubuntu.com/ubuntu xenial InRelease
Get:3 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB]
Fetched 306 kB in 2s (146 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

root@ubuntu:~# file /var/run/reboot-required
/var/run/reboot-required: cannot open `/var/run/reboot-required' (No such file or directory)

root@ubuntu:~# touch /var/run/reboot-required

root@ubuntu:~# unattended-upgrades --dry-run

(ssh disconnects, system reboots)

root@ubuntu:~# cat /var/log/unattended-upgrades/unattended-upgrades.log
2017-12-16 09:59:17,772 INFO Initial blacklisted packages:
2017-12-16 09:59:17,773 INFO Initial whitelisted packages:
2017-12-16 09:59:17,773 INFO Starting unattended upgrades script
2017-12-16 09:59:17,773 INFO Allowed origins are: ['o=Ubuntu,a=xenial', 'o=Ubuntu,a=xenial-security', 'o=UbuntuESM,a=xenial']
2017-12-16 09:59:21,610 INFO No packages found that can be upgraded unattended and no pending auto-removals
2017-12-16 09:59:21,611 WARNING Found /var/run/reboot-required, rebooting

Brian Murray (brian-murray) wrote :

Okay, I've sorted out what's wrong. Thanks!

Brian Murray (brian-murray) wrote :

Let's go ahead and reuse this bug although this only happens when there are no updates available and the previous fix was for when updates were available.

Changed in unattended-upgrades (Ubuntu Bionic):
status: Fix Released → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 0.98ubuntu2

---------------
unattended-upgrades (0.98ubuntu2) bionic; urgency=medium

  * unattended-upgrades: Do not reboot during a dry-run. (LP: #1269177)

 -- Brian Murray <email address hidden> Tue, 19 Dec 2017 11:04:52 -0800

Changed in unattended-upgrades (Ubuntu Bionic):
status: In Progress → Fix Released
description: updated
Changed in unattended-upgrades (Ubuntu Xenial):
assignee: nobody → Brian Murray (brian-murray)
Changed in unattended-upgrades (Ubuntu Zesty):
assignee: nobody → Brian Murray (brian-murray)
Changed in unattended-upgrades (Ubuntu Artful):
assignee: nobody → Brian Murray (brian-murray)
Changed in unattended-upgrades (Ubuntu Xenial):
status: New → In Progress
Changed in unattended-upgrades (Ubuntu Zesty):
status: New → In Progress
Changed in unattended-upgrades (Ubuntu Artful):
status: New → In Progress
Brian Murray (brian-murray) wrote :

The SRUs are in the queue and awaiting review.

Hello Tom, or anyone else affected,

Accepted unattended-upgrades into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/0.98ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in unattended-upgrades (Ubuntu Artful):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-artful
Changed in unattended-upgrades (Ubuntu Zesty):
status: In Progress → Fix Committed
tags: added: verification-needed-zesty
Brian Murray (brian-murray) wrote :

Hello Tom, or anyone else affected,

Accepted unattended-upgrades into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/0.93.1ubuntu2.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in unattended-upgrades (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed-xenial
Brian Murray (brian-murray) wrote :

Hello Tom, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/0.90ubuntu0.9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

As a part of the Stable Release Updates quality process a search for Launchpad bug reports using the version of unattended-upgrades from artful-proposed was performed and bug 1739918 was found. Please investigate this bug report to ensure that a regression will not be created by this SRU. In the event that this is not a regression remove the "verification-failed" tag from this bug report and add the tag "bot-stop-nagging" to bug 1739918 (not this bug). Thanks!

tags: added: verification-failed
Denis NIkolaenko (z-denis) wrote :

A new version from xenial-proposed fixes the issue for me.
--
root@ubuntu:~# dpkg -l unattended-upgrades
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-========================================-=========================-=========================-======================================================================================
ii unattended-upgrades 0.90ubuntu0.9 all automatic installation of security upgrades

root@ubuntu:~# touch /var/run/reboot-required
root@ubuntu:~# unattended-upgrades --dry-run
root@ubuntu:~#

(reboot does not happen)

tags: added: verification-done-xenial
removed: verification-needed-xenial

The package installation errors in bug 1739918 are not related to unattended-upgrade in xenial-proposed. I removed the tag verification-failed.

tags: removed: verification-failed
Brian Murray (brian-murray) wrote :

The new version in zesty-proposed resolves the issue for me.

bdmurray@clean-zesty-amd64:~$ sudo apt-get install unattended-upgrades
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  linux-headers-4.10.0-19 linux-headers-4.10.0-19-generic linux-image-4.10.0-19-generic linux-image-extra-4.10.0-19-generic
Use 'sudo apt autoremove' to remove them.
Suggested packages:
  bsd-mailx mail-transport-agent needrestart
The following packages will be upgraded:
  unattended-upgrades
1 upgraded, 0 newly installed, 0 to remove and 43 not upgraded.
Need to get 34.7 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://192.168.10.7/ubuntu zesty-proposed/main amd64 unattended-upgrades all 0.93.1ubuntu2.4 [34.7 kB]
Fetched 34.7 kB in 0s (1,556 kB/s)
Preconfiguring packages ...
(Reading database ... 259925 files and directories currently installed.)
Preparing to unpack .../unattended-upgrades_0.93.1ubuntu2.4_all.deb ...
Unpacking unattended-upgrades (0.93.1ubuntu2.4) over (0.93.1ubuntu2.3) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for systemd (232-21ubuntu7.1) ...
Setting up unattended-upgrades (0.93.1ubuntu2.4) ...
Processing triggers for man-db (2.7.6.1-2) ...
bdmurray@clean-zesty-amd64:~$ sudo unattended-upgrades --dry-run
bdmurray@clean-zesty-amd64:~$ sudo touch /var/run/reboot-required
bdmurray@clean-zesty-amd64:~$ sudo unattended-upgrades --dry-run
bdmurray@clean-zesty-amd64:~$

tags: added: verification-done-zesty
removed: verification-needed-zesty
Brian Murray (brian-murray) wrote :

The update in artful-proposed also resolves the issue for me.

bdmurray@clean-artful-amd64:~$ sudo apt-get install unattended-upgrades
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  bsd-mailx mail-transport-agent needrestart
The following packages will be upgraded:
  unattended-upgrades
1 upgraded, 0 newly installed, 0 to remove and 36 not upgraded.
Need to get 37.4 kB of archives.
After this operation, 4,096 B of additional disk space will be used.
Get:1 http://192.168.10.7/ubuntu artful-proposed/main amd64 unattended-upgrades all 0.98ubuntu1.1 [37.4 kB]
Fetched 37.4 kB in 0s (518 kB/s)
Preconfiguring packages ...
(Reading database ... 166406 files and directories currently installed.)
Preparing to unpack .../unattended-upgrades_0.98ubuntu1.1_all.deb ...
Unpacking unattended-upgrades (0.98ubuntu1.1) over (0.98ubuntu1) ...
Processing triggers for ureadahead (0.100.0-20) ...
Processing triggers for systemd (234-2ubuntu12.1) ...
Setting up unattended-upgrades (0.98ubuntu1.1) ...
Processing triggers for man-db (2.7.6.1-2) ...
bdmurray@clean-artful-amd64:~$ sudo touch /var/run/reboot-required
bdmurray@clean-artful-amd64:~$ sudo unattended-upgrades --dry-run
bdmurray@clean-artful-amd64:~$

tags: added: verification-done-artful
removed: verification-needed-artful

As a part of the Stable Release Updates quality process a search for Launchpad bug reports using the version of unattended-upgrades from artful-proposed was performed and bug 1739918 was found. Please investigate this bug report to ensure that a regression will not be created by this SRU. In the event that this is not a regression remove the "verification-failed" tag from this bug report and add the tag "bot-stop-nagging" to bug 1739918 (not this bug). Thanks!

tags: added: verification-failed
tags: removed: verification-failed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 0.90ubuntu0.9

---------------
unattended-upgrades (0.90ubuntu0.9) xenial; urgency=medium

  * unattended-upgrade: Do not reboot during a dry-run. (LP: #1269177)

 -- Brian Murray <email address hidden> Tue, 19 Dec 2017 14:51:05 -0800

Changed in unattended-upgrades (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for unattended-upgrades has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 0.93.1ubuntu2.4

---------------
unattended-upgrades (0.93.1ubuntu2.4) zesty; urgency=medium

  * unattended-upgrade: Do not reboot during a dry-run. (LP: #1269177)

 -- Brian Murray <email address hidden> Tue, 19 Dec 2017 14:46:42 -0800

Changed in unattended-upgrades (Ubuntu Zesty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 0.98ubuntu1.1

---------------
unattended-upgrades (0.98ubuntu1.1) artful; urgency=medium

  * unattended-upgrades: Do not reboot during a dry-run. (LP: #1269177)

 -- Brian Murray <email address hidden> Tue, 19 Dec 2017 11:04:52 -0800

Changed in unattended-upgrades (Ubuntu Artful):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers