Activity log for bug #1446552

Date Who What changed Old value New value Message
2015-04-21 09:58:23 Sjoerd Job Postmus bug added bug
2015-04-21 09:58:23 Sjoerd Job Postmus attachment added also_adjust_candidate_version_for_non_installed_packages.patch https://bugs.launchpad.net/bugs/1446552/+attachment/4380466/+files/also_adjust_candidate_version_for_non_installed_packages.patch
2015-04-21 10:02:46 Sjoerd Job Postmus description When an installed package adds a dependency that is not yet installed on the system, this sometimes causes the package to not be installed, depending on the origin containing the original candidate version. I believe that the problem is in /usr/bin/unattended-upgrade, line 102. Here a check is performed to prevent downgrades. However, as a side effect it also prevents adjusting the candidate version for packages that have not yet been installed (because pkg.is_upgradable is False for packages that have not been installed). This makes updating private packages using unattended-upgrades troublesome, especially when new dependencies have been added. Currently it requires repackaging the dependencies with a slightly higher version number than what is in the main repository, and than hosting them on the private repository, which is time consuming and error-prone. With the included patch, it is sufficient to just host the same version on the private repository. When an installed package adds a dependency that is not yet installed on the system, this sometimes causes the package to not be installed, depending on the origin containing the original candidate version. I believe that the problem is in /usr/bin/unattended-upgrade, line 102. Here a check is performed to prevent downgrades. However, as a side effect it also prevents adjusting the candidate version for packages that have not yet been installed (because pkg.is_upgradable is False for packages that have not been installed). This makes updating private packages using unattended-upgrades troublesome, especially when new dependencies have been added. Currently it requires repackaging the dependencies with a slightly higher version number than what is in the main repository, and then hosting them on the private repository, which is time consuming and error-prone. With the included patch, it is sufficient to just host the same version on the private repository.
2015-04-21 12:21:42 Ubuntu Foundations Team Bug Bot tags patch
2015-04-21 12:21:48 Ubuntu Foundations Team Bug Bot bug added subscriber Ubuntu Review Team
2015-04-21 14:57:13 Brian Murray tags patch patch vivid
2015-04-21 14:57:17 Brian Murray unattended-upgrades (Ubuntu): status New Confirmed
2015-04-21 14:57:22 Brian Murray unattended-upgrades (Ubuntu): importance Undecided High
2015-04-21 14:57:29 Brian Murray tags patch vivid patch trusty utopic vivid
2015-04-21 14:57:38 Brian Murray nominated for series Ubuntu W-series
2015-04-21 14:57:38 Brian Murray bug task added unattended-upgrades (Ubuntu W-series)
2015-04-21 14:57:45 Brian Murray unattended-upgrades (Ubuntu W-series): status New Confirmed
2015-04-21 14:57:47 Brian Murray unattended-upgrades (Ubuntu W-series): importance Undecided High
2015-10-05 17:47:55 Brian Murray bug added subscriber Brian Murray
2016-09-07 23:56:22 Mathew Hodson bug task deleted unattended-upgrades (Ubuntu Wily)
2018-02-15 09:21:26 Launchpad Janitor unattended-upgrades (Ubuntu): status Confirmed Fix Released
2018-12-03 13:21:32 Balint Reczey description When an installed package adds a dependency that is not yet installed on the system, this sometimes causes the package to not be installed, depending on the origin containing the original candidate version. I believe that the problem is in /usr/bin/unattended-upgrade, line 102. Here a check is performed to prevent downgrades. However, as a side effect it also prevents adjusting the candidate version for packages that have not yet been installed (because pkg.is_upgradable is False for packages that have not been installed). This makes updating private packages using unattended-upgrades troublesome, especially when new dependencies have been added. Currently it requires repackaging the dependencies with a slightly higher version number than what is in the main repository, and then hosting them on the private repository, which is time consuming and error-prone. With the included patch, it is sufficient to just host the same version on the private repository. [Impact] When an installed package adds a dependency that is not yet installed on the system, this sometimes causes the package to not be installed, depending on the origin containing the original candidate version. I believe that the problem is in /usr/bin/unattended-upgrade, line 102. Here a check is performed to prevent downgrades. However, as a side effect it also prevents adjusting the candidate version for packages that have not yet been installed (because pkg.is_upgradable is False for packages that have not been installed). This makes updating private packages using unattended-upgrades troublesome, especially when new dependencies have been added. Currently it requires repackaging the dependencies with a slightly higher version number than what is in the main repository, and then hosting them on the private repository, which is time consuming and error-prone. With the included patch, it is sufficient to just host the same version on the private repository. [Test Case] - Create a testing package (doesn't have to really contain anything) that just installs 1 file into /usr/share/testpackage/, and have it depend on some packages. - Put that package on a private repository (which is also configured for APT and unattended-upgrades) - Install the package using `apt-get install testingpackage` - Update the package as follows: 1. Add a dependency which is not yet installed on your machine (and is also not in the security-repository). Up the version number, and add it to the private repository. - Run `unattended-upgrade --debug --apt-debug 2>&1 | tee output.txt`. - Verify the package was not updated (missing dependency). - Host the dependency on your private APT server as well (1-1 copy). - Run `unattended-upgrade --debug --apt-debug 2>&1 | tee output.txt`. - Verify the package was not updated (missing dependency). - Re-build the dependency with a higher version number, and add it to your private APT repository. - Run `unattended-upgrade --debug --apt-debug 2>&1 | tee output.txt`. - Verify the package was now upgraded. With the proposed patch, the upgrade would already succeed after hosting the exact copy on the private APT repository. [Regression Potential] The changed code logic now allows adjusting candidates of packages which are not upgradable and not installed. Since the changed check was there to avoid downgrades the possible regression would be somehow enabling downgrades accidentally. Adjusting _not_ installed packages in itself would not cause downgrading installed packages thus the change seems to be safe.
2018-12-03 19:12:57 Brian Murray unattended-upgrades (Ubuntu Xenial): status New Fix Committed
2018-12-03 19:12:58 Brian Murray bug added subscriber Ubuntu Stable Release Updates Team
2018-12-03 19:13:01 Brian Murray bug added subscriber SRU Verification
2018-12-03 19:13:05 Brian Murray tags patch trusty utopic vivid patch trusty utopic verification-needed verification-needed-xenial vivid
2019-04-07 13:04:30 Balint Reczey tags patch trusty utopic verification-needed verification-needed-xenial vivid patch trusty utopic verification-done verification-done-xenial vivid
2019-04-25 10:50:00 Launchpad Janitor unattended-upgrades (Ubuntu Xenial): status Fix Committed Fix Released