apt-get autoremove may remove current kernel

I suppose this may happen with unattended-upgrades, too, if user has configured removing of old kernels.

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

This should not happen...

# Mark as not-for-autoremoval those kernel packages that are:
# - the currently booted version
# - the kernel version we've been called for
# - the latest kernel version (as determined by debian version number)
# - the second-latest kernel version

Not sure what went wrong there...

Julian, it protects the kernel currently booted at the time of running /etc/kernel/postinst.d/apt-auto-removal. If you later boot another kernel that is not protected, it may be removed. Not a likely case, though.

Status changed to 'Confirmed' because the bug affects multiple users.

In my case autoremove wants to delete the second-latest regular kernel version. Maybe because I have a bunch of mainline kernels installed also.

In default configuration booted kernel does not become newly unused, but when u-u is configured to remove all autoremovable packages the booted kernel can be removed in case it was not running when was run.

... /etc/kernel/postinst.d/apt-auto-removal was run.

This bug was fixed in the package unattended-upgrades - 1.0ubuntu1

---------------
unattended-upgrades (1.0ubuntu1) bionic; urgency=medium

  * Merge from Debian unstable
    - Remaining changes:
      - unattended-upgrades: Do not automatically upgrade the development
        release of Ubuntu unless Unattended-Upgrade::DevRelease is true.
    - Dropped changes, included in Debian:
      - Run upgrade-between-snapshots only on amd64.
        The test exercises only unattented-upgrade's Python code and uses
        dependencies from the frozen Debian snapshot archive thus running
        it on all architectures would provide little benefit.

unattended-upgrades (1.0) unstable; urgency=medium

  [ Simon Arlott ]
  * Revert sending mails on WARNINGS when in MailOnlyOnError mode"
  * Consider conffile prompts to be errors (Closes: #852465)
    Flag packages that have to be upgraded manually because of a conffile
    prompt and consider this to be an error when sending email or exiting.

  [ Simon McVittie ]
  * Add python, python3, setuptools, DistutilsExtra to Build-Depends.
    They are needed for `clean`, so Build-Depends-Indep is not enough.
  * Add .gitignore and debian/.gitignore
  * Remove bzr configuration.
    This is unnecessary now that u-u is in git.

  [ Michael Vogt ]
  * unattended-upgrades: tweak mail-on-warnings PR
  * unattended-upgrade: extract is_autoremove_valid helper

  [ Balint Reczey ]
  * Run upgrade-between-snapshots only on amd64.
    The test exercises only unattented-upgrade's Python code and uses
    dependencies from the frozen Debian snapshot archive thus running
    it on all architectures would provide little benefit.
  * Clean up processes started for getting md5 sums
  * Don't keep /var/lib/dpkg/status open multiple times
  * Adjust candidates in UnattendedUpgradesCache.open()
  * Perform autoremovals in minimal steps, too.
    Also add check to remove only the set of packages selected for autoremoval.
    Without that check unattended-upgrades when (by default) configured to
    remove newly unused packages could also remove auto removable packages
    which were unused before starting starting the upgrade step.
  * Remove unused automatically installed kernel packages
    (LP: #1357093, #1624644, #1675079, #1698159)
  * Stop including Python syntax in the report (Closes: #876796)
  * Do not auto remove packages related to the running kernel (LP: #1615381)
  * Check packages to be autoremoved against blacklists, whitelists.
    Also check if the packages are held.
  * Report package removals in the summary email (Closes: #876797)
  * Run upgrade-between-snapshots test with debugging enabled
  * Don't create new UnattendedUpgradesCache for checking for autoremovals
    .open() refreshes the state in each cache_commit(), this is enough
  * Update .pot and .po files
  * Update .travis.yml to actually build and test u-u from the repo
  * Run only a simple installation test on Travis, the system upgrade
    test was always failing

 -- Balint Reczey <email address hidden> Thu, 01 Mar 2018 17:29:33 +0700

Any particular reason why the fix hasn't been SRU'd ? I'll start looking at SRU'ing it into the rest of Stable Release.

From what I read the reporter first filed the bug against Xenial 16.04 LTS. Anyone still affected by this issue on Xenial or Artful ?

On Thu, May 24, 2018 at 1:24 PM, Eric Desrochers
<email address hidden> wrote:
> Any particular reason why the fix hasn't been SRU'd ? I'll start looking
> at SRU'ing it into the rest of Stable Release.
>
> >From what I read the reporter first filed the bug against Xenial 16.04
> LTS. Anyone still affected by this issue on Xenial or Artful ?

The reason is that many additional fixes were needed in u-u.
1.2ubuntu1 which I uploaded yesterday seem to have fixed all serious
regressions and I'm about SRU it.

Thanks for the heads-up Balint.

I saw the "full backport" discussion in the ML, thanks !

For now, I'm setting Xenial as 'high' priority as it has been brought to my attention that 'uu' in Xenial removed a running kernel recently :

/var/log/unattended-upgrades/unattended-upgrades-dpkg.log
...
Removing linux-image-4.13.0-39-generic (4.13.0-39.44~16.04.1) ...^M
WARN: Proceeding with removing running kernel image.^M
...

Hello Jarno, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Jarno, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Jarno, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Verified 1.1ubuntu1.18.04.7~16.04.2 on Xenial.

Installed a few linux packages, marked them auto-installed, ran /etc/kernel/postinst.d/apt-auto-removal , then booted to a old kernel.
Apt would have removed it, but u-u did not. (The -34- kernel.)

ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ uname -a
Linux ubuntu-Standard-PC-i440FX-PIIX-1996 4.15.0-34-generic #37~16.04.1-Ubuntu SMP Tue Aug 28 10:44:06 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ yes no | apt autoremove
E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied)
E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?
ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ yes no | sudo apt autoremove
[sudo] password for ubuntu:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  linux-image-4.15.0-34-generic linux-image-4.15.0-36-generic linux-image-4.15.0-38-generic linux-modules-4.15.0-34-generic linux-modules-4.15.0-36-generic
  linux-modules-4.15.0-38-generic
0 upgraded, 0 newly installed, 6 to remove and 9 not upgraded.
After this operation, 223 MB disk space will be freed.
Do you want to continue? [Y/n] Abort.
ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ sudo unattended-upgrade --dry-run --verbose
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=xenial, o=Ubuntu,a=xenial-security, o=UbuntuESM,a=xenial
Removing unused kernel packages: linux-modules-4.15.0-36-generic linux-image-4.15.0-36-generic linux-modules-4.15.0-38-generic linux-image-4.15.0-38-generic
Keeping auto-removable linux-modules-4.15.0-36-generic package(s) because it would also remove the following packages which should be kept in this step: libpam-systemd libsmbclient libsystemd0 libudev1 libwbclient0 samba-libs systemd systemd-sysv udev
Packages that were successfully auto-removed:
Packages that are kept back: linux-modules-4.15.0-36-generic
ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ dpkg -l unattended-upgrades | cat
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-===================-==========================-============-===========================================
ii unattended-upgrades 1.1ubuntu1.18.04.7~16.04.2 all automatic installation of security upgrades

I do not understand why u-u keeps linux-modules-4.15.0-36-generic. How do those packages depend on that?

@jarnos, this is a separate issue fixed later, calculating upgradable packages leaves the upgradable packages in the cache, and u-u counts them as the reverse dependencies of the first kernel to be removed.
This keeps the first kernel on the system, but when there are no upgradable packages in a later run this kernel can be removed, too.

See:
https://github.com/mvo5/unattended-upgrades/commit/93d43fbcd53c5df5ce69a16b26a981bf06ce3085
https://github.com/mvo5/unattended-upgrades/commit/654898b05c933047ca8c97df655743aab0898db1
https://github.com/mvo5/unattended-upgrades/commit/1a39eb257ad786902de11add212879241919be44

This bug was fixed in the package unattended-upgrades - 1.1ubuntu1.18.04.7~16.04.2

---------------
unattended-upgrades (1.1ubuntu1.18.04.7~16.04.2) xenial; urgency=medium

  * Don't check blacklist too early and report updates from not allowed origins
    as kept back. (LP: #1781176)
  * test/test_blacklisted_wrong_origin.py: Fix and enable test
  * Filter out progress indicator from dpkg log (LP: #1599646)
  * Clear cache when autoremoval fails (LP: #1779157)
  * Find autoremovable kernel packages using the patterns in APT's way
    (LP: #1815494)

unattended-upgrades (1.1ubuntu1.18.04.7~16.04.1) xenial; urgency=medium

  * Start service after systemd-logind.service to be able to take inhibition
    lock (LP: #1806487)
  * Handle gracefully when logind is down (LP: #1806487)

unattended-upgrades (1.1ubuntu1.18.04.7~16.04.0) xenial; urgency=medium

  * Backport to Xenial (LP: #1702793)
  * Revert to build-depending on debhelper (>= 9~) and dh-systemd
  * Revert configuration example changes to avoid triggering a debconf question
  * debian/postinst: Update recovery to be triggered on Xenial's package versions

unattended-upgrades (1.1ubuntu1.18.04.7) bionic; urgency=medium

  * Trigger unattended-upgrade-shutdown actions with PrepareForShutdown()
    Performing upgrades in service's ExecStop did not work when the upgrades
    involved restarting services because systemd blocked other stop/start
    actions making maintainer scripts time out and be killed leaving a broken
    system behind.
    Running unattended-upgrades.service before shutdown.target as a oneshot
    service made it run after unmounting filesystems and scheduling services
    properly on shutdown is a complex problem and adding more services to the
    mix make it even more fragile.
    The solution of monitoring PrepareForShutdown() signal from DBus
    allows Unattended Upgrade to run _before_ the jobs related to shutdown are
    queued thus package upgrades can safely restart services without
    risking causing deadlocks or breaking part of the shutdown actions.
    Also ask running unattended-upgrades to stop when shutdown starts even in
    InstallOnShutdown mode and refactor most of unattended-upgrade-shutdown to
    UnattendedUpgradesShutdown class. (LP: #1778219)
  * Increase logind's InhibitDelayMaxSec to 30s. (LP: #1778219)
    This allows more time for unattended-upgrades to shut down gracefully
    or even install a few packages in InstallOnShutdown mode, but is still a
    big step back from the 30 minutes allowed for InstallOnShutdown previously.
    Users enabling InstallOnShutdown node are advised to increase
    InhibitDelayMaxSec even further possibly to 30 minutes.
    - Add NEWS entry about increasing InhibitDelayMaxSec and InstallOnShutdown
      changes
  * Ignore "W503 line break before binary operator"
    because it will become the best practice and breaks the build
  * Stop using ActionGroups, they interfere with apt.Cache.clear()
    causing all autoremovable packages to be handled as newly autoremovable
    ones and be removed by default. Dropping ActionGroup usage does not slow
    down the most frequent case of not having anything to upgrade a...

@mathew-hodson apt still does that.

I have code to fix that just need to merge it and like update tests

This bug was fixed in the package apt - 2.1.18

---------------
apt (2.1.18) unstable; urgency=high

  * pkgcachegen: Avoid write to old cache for Version::Extra (Closes: #980037)
  * Adjust apt-mark test for dpkg 1.20.7

 -- Julian Andres Klode <email address hidden> Wed, 13 Jan 2021 17:37:30 +0100

Hello Jarno, or anyone else affected,

Accepted apt into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/2.1.10ubuntu0.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted apt (2.1.10ubuntu0.3) for groovy have finished running.
The following regressions have been reported in tests triggered by the package:

reprotest/0.7.15 (arm64, s390x)
livecd-rootfs/2.694.3 (amd64, s390x)
dgit/9.11ubuntu1 (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/groovy/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Hello Jarno, or anyone else affected,

Accepted apt into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/2.0.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Jarno, or anyone else affected,

Accepted apt into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.6.13 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted apt (1.6.13) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

apport/2.20.9-0ubuntu7.23 (amd64, i386)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted apt (2.0.5) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

reprotest/0.7.14 (s390x, ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

The autopkgtests for apt have passed, so testing succeeded. I retried the failures, I expect them to be unrelated: apport one already happened with binutils/2.30-21ubuntu1~18.04.5, the i386 retry succeeded; and reprotest fails in its normal way, a few retries should get it working.

This bug was fixed in the package apt - 2.1.10ubuntu0.3

---------------
apt (2.1.10ubuntu0.3) groovy; urgency=medium

  [ David Kalnischkies ]
  * Fix incorrect base64 encoding due to int promotion (LP: #1916050)
  * Harden test for no new acquires after transaction abort (Closes: #984966)
    (LP: #1918920)

  [ Julian Andres Klode ]
  * Implement update --error-on=any (Closes: #594813) (LP: #1693900)
  * Include all translations when building the cache (LP: #1907850)
  * Do not require force-loopbreak on Protected packages (Closes: #983014)
    (LP: #1916725)
  * RunScripts: Do not reset SIGQUIT and SIGINT to SIG_DFL (LP: #1898026)
  * Protect currently running kernel at run-time (LP: #1615381)
  * Make ADDARG{,C}() macros expand to single statements

 -- Julian Andres Klode <email address hidden> Fri, 12 Mar 2021 09:22:11 +0100

The verification of the Stable Release Update for apt has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package apt - 1.6.13

---------------
apt (1.6.13) bionic; urgency=medium

  [ David Kalnischkies ]
  * Fix incorrect base64 encoding due to int promotion (LP: #1916050)
  * Harden test for no new acquires after transaction abort (Closes: #984966)
    (LP: #1918920)

  [ Julian Andres Klode ]
  * Implement update --error-on=any (Closes: #594813) (LP: #1693900)
  * Include all translations when building the cache (LP: #1907850)
  * Add basic support for the Protected field
  * Do not require force-loopbreak on Important packages
    (Closes: #983014) (LP: #1916725)
  * Protect currently running kernel at run-time (LP: #1615381)
  * Make ADDARG{,C}() macros expand to single statements
  * Improve immediate configuration handling (LP: #1871268)
    - Do not immediately configure m-a: same packages in lockstep
    - Ignore failures from immediate configuration. This does not change the
      actual installation ordering - we never passed the return code to the
      caller and installation went underway anyway if it could be ordered at a
      later stage, this just removes spurious after-the-fact errors.
      (Closes: #973305, #188161, #211075, #649588)
  * Default Acquire::AllowReleaseInfoChange::Suite to "true" (Closes: #931566)
    (LP: #1918907)

  [ Balint Reczey ]
  * Set LC_ALL=C.UTF-8 for unattended-upgrades environment when parsing its --help
    (LP: #1806076)

 -- Julian Andres Klode <email address hidden> Fri, 12 Mar 2021 14:09:15 +0100

This bug was fixed in the package apt - 2.0.5

---------------
apt (2.0.5) focal; urgency=medium

  [ Julian Andres Klode ]
  * private-search: Only use V.TranslatedDescription() if good (LP: #1877987)
  * Implement update --error-on=any (Closes: #594813) (LP: #1693900)
  * Include all translations when building the cache (LP: #1907850)
  * Add basic support for the Protected field, and do not require force-loopbreak
    on Protected/Important packages (Closes: #983014) (LP: #1916725)
  * Protect currently running kernel at run-time (LP: #1615381)
  * Make ADDARG{,C}() macros expand to single statements
  * Default Acquire::AllowReleaseInfoChange::Suite to "true" (Closes: #931566)
    (LP: #1918907)

  [ David Kalnischkies ]
  * Fix incorrect base64 encoding due to int promotion (LP: #1916050)
  * Harden test for no new acquires after transaction abort (Closes: #984966)
    (LP: #1918920)

 -- Julian Andres Klode <email address hidden> Fri, 12 Mar 2021 12:47:30 +0100

Hello Jarno, or anyone else affected,

Accepted apt into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/2.0.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Jarno, or anyone else affected,

Accepted apt into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.6.15 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted apt (2.0.8) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

reprotest/0.7.14 (ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted apt (1.6.15) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

autopkgtest/5.3.1ubuntu1.1 (i386)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

So there is neither /etc/apt/apt.conf.d/01autoremove-kernels nor /etc/kernel/postinst.d/apt-auto-removal anymore. Anyway I could not make 'apt autoremove' try to remove current kernel anymore. Tested by apt 2.0.8.

Hello Jarno, or anyone else affected,

Accepted apt into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.6.16 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

For some reason the test case worked even with apt 1.6.14 as the following shows:

$ apt policy apt
apt:
  Installed: 1.6.14
  Candidate: 1.6.14
  Version table:
     1.6.16 400
        400 http://mirrors.nic.funet.fi/ubuntu bionic-proposed/main i386 Packages
 *** 1.6.14 500
        500 http://mirrors.nic.funet.fi/ubuntu bionic-updates/main i386 Packages
        100 /var/lib/dpkg/status
     1.6.12ubuntu0.2 500
        500 http://mirrors.nic.funet.fi/ubuntu bionic-security/main i386 Packages
     1.6.1 500
        500 http://mirrors.nic.funet.fi/ubuntu bionic/main i386 Packages

$ grep '\^linux-image' /etc/apt/apt.conf.d/01autoremove-kernels
   "^linux-image-5\.4\.0-122-generic$";
   "^linux-image-5\.4\.0-123-generic$";
   "^linux-image-extra-5\.4\.0-122-generic$";
   "^linux-image-extra-5\.4\.0-123-generic$";
   "^linux-image-unsigned-5\.4\.0-122-generic$";
   "^linux-image-unsigned-5\.4\.0-123-generic$";

$ uname -r
5.4.0-121-generic

$ dpkg -l linux-image-5.4.0-121-generic
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=================================-=====================-=====================-=======================================================================
ii linux-image-5.4.0-121-generic 5.4.0-121.137~18.04.1 i386 Linux kernel image for version 5.4.0 on 32 bit x86 SMP

$ apt-cache rdepends --installed --recurse linux-image-5.4.0-121-generic
linux-image-5.4.0-121-generic
Reverse Depends:
 |linux-modules-extra-5.4.0-121-generic
linux-modules-extra-5.4.0-121-generic
Reverse Depends:

$ apt-mark showauto linux-image-5.4.0-121-generic linux-modules-extra-5.4.0-121-generic
linux-image-5.4.0-121-generic
linux-modules-extra-5.4.0-121-generic

$ sudo apt autoremove
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Thereafter I installed the proposed apt by

$ sudo apt install apt -t=bionic-proposed

$ apt --version
apt 1.6.16 (i386)

$ apt autoremove -s

$ uname -r
5.4.0-121-generic

$ apt autoremove -s
NOTE: This is only a simulation!
      apt needs root privileges for real execution.
      Keep also in mind that locking is deactivated,
      so don't depend on the relevance to the real current situation!
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  linux-headers-5.4.0-121-generic linux-headers-5.4.0-122-generic linux-hwe-5.4-headers-5.4.0-121 linux-hwe-5.4-headers-5.4.0-122
  linux-image-5.4.0-121-generic linux-image-5.4.0-122-generic linux-modules-5.4.0-121-generic linux-modules-5.4.0-122-generic
  linux-modules-extra-5.4.0-121-generic linux-modules-extra-5.4.0-122-generic
0 upgraded, 0 newly installed, 10 to remove and 0 not upgraded.
Remv linux-headers-5.4.0-121-generic [5.4.0-121.137~18.04.1]
Remv linux-headers-5.4.0-122-generic [5.4.0-122.138~18.04.1]
Remv linux-hwe-5.4-headers-5.4.0-121 [5.4.0-121.137~18.04.1]
Remv linux-hwe-5.$ apt autoremove -s
NOTE: This is only a simulation!
      apt needs root privileges for real execution.
      Keep also in mind that locking is deactivated,
      so don't depend on the relevance to the real current situation!
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  linux-headers-5.4.0-121-generic linux-headers-5.4.0-122-generic linux-hwe-5.4-headers-5.4.0-121 linux-hwe-5.4-headers-5.4.0-122
  linux-image-5.4.0-121-generic linux-image-5.4.0-122-generic linux-modules-5.4.0-121-generic linux-modules-5.4.0-122-generic
  linux-modules-extra-5.4.0-121-generic linux-modules-extra-5.4.0-122-generic
0 upgraded, 0 newly installed, 10 to remove and 0 not upgraded.
Remv linux-headers-5.4.0-121-generic [5.4.0-121.137~18.04.1]
Remv linux-headers-5.4.0-122-generic [5.4.0-122.138~18.04.1]
Remv linux-hwe-5.4-headers-5.4.0-121 [5.4.0-121.137~18.04.1]
Remv linux-hwe-5.4-headers-5.4.0-122 [5.4.0-122.138~18.04.1]
Remv linux-modules-extra-5.4.0-121-generic [5.4.0-121.137~18.04.1]
Remv linux-image-5.4.0-121-generic [5.4.0-121.137~18.04.1]
Remv linux-modules-extra-5.4.0-122-generic [5.4.0-122.138~18.04.1]
Remv linux-image-5.4.0-122-generic [5.4.0-122.138~18.04.1]
Remv linux-modules-5.4.0-121-generic [5.4.0-121.137~18.04.1]
Remv linux-modules-5.4.0-122-generic [5.4.0-122.138~18.04.1]
4-headers-5.4.0-122 [5.4.0-122.138~18.04.1]
Remv linux-modules-extra-5.4.0-121-generic [5.4.0-121.137~18.04.1]
Remv linux-image-5.4.0-121-generic [5.4.0-121.137~18.04.1]
Remv linux-modules-extra-5.4.0-122-generic [5.4.0-122.138~18.04.1]
Remv linux-image-5.4.0-122-generic [5.4.0-122.138~18.04.1]
Remv linux-modules-5.4.0-121-generic [5.4.0-121.137~18.04.1]
Remv linux-modules-5.4.0-122-generic [5.4.0-122.138~18.04.1]

So the proposed apt would have removed current kernel and this seems to be regression from version 1.6.14.

Jarno, you do realize that you need to upgrade libapt-pkg6.0, not apt?

But I do believe it's simply the wrong package being upgraded here. The new apt package removes the conffiles the old library version needs, so it doesn't protect anything, so we need to make sure that apt Breaks libapt-pkg6.0 (<< 1.6.15) [or Depends on >= 1.6.15, whatever ends up nicer).

The latter option sounds nicer.

BTW can someone comment on https://bugs.launchpad.net/ubuntu/+source/ppa-purge/+bug/1392954

@Jarno OK I was wrong, new apt pulls in new libapt-pkg5.0. What happens instead is that the cache built by the old version does not include information about available kernels, we essentially need to bump the cache minor version, if we can do that, I don't know, I lost track of what major version is what version.

Later versions embed the apt version into the cache hash so they always rebuilt after an apt upgrade.

Oh, so I downgraded those packages again to bionic-updates.

Hello Jarno, or anyone else affected,

Accepted apt into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.6.17 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

As told before, the issue seems to be fixed even in apt 1.6.14, but I tested the proposed 1.6.17 anyway. Autoremove did not (try to) remove current kernel even with that one, but it removes one more kernel than the old one (which is desired by developers, I assume).

All autopkgtests for the newly accepted apt (1.6.17) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

unattended-upgrades/1.1ubuntu1.18.04.14 (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

This bug was fixed in the package apt - 1.6.17

---------------
apt (1.6.17) bionic; urgency=medium

  * Bump cache minor version for kernel collection.
    The previous update introduced the new kernel autoremoval code which
    collects kernels in the cache as providers of a $kernel package.
    We need to bump the cache minor version for this as otherwise the
    $kernel package might not exist and all kernels end up autoremovable
    until a package got installed or sources updated.

apt (1.6.16) bionic; urgency=medium

  * postinst: Do not run removed kernel postinst.d script (LP: #1974456)

apt (1.6.15) bionic; urgency=medium

  * Revert "Protect currently running kernel at run-time"
  * Backport Determine autoremovable kernels at run-time (LP: #1615381) as of
    2.4.5; including the change to only protect two kernels, not last installed
    one (LP: #1968154)

 -- Julian Andres Klode <email address hidden> Fri, 12 Aug 2022 12:38:33 +0200