By default settings unattended-upgrade does not automatically remove kernel packages that become unused in conjunction with updating by other software

Bug #1624644 reported by Jarno Suni on 2016-09-17
68
This bug affects 41 people
Affects Status Importance Assigned to Milestone
unattended-upgrades (Ubuntu)
High
Balint Reczey
Xenial
High
Unassigned
Artful
High
Balint Reczey
update-manager (Ubuntu)
Undecided
Balint Reczey
Xenial
Undecided
Unassigned
Artful
Undecided
Balint Reczey

Bug Description

[Impact]

 * Update-manager and unattended-upgrades install many kernel packages during the lifetime of a release but does not remove them automatically leading to those packages filling disk space potentially completely filling /boot and making the system unable to install updates or even boot.
 * Stable release users are impacted by this bug for years and their systems already collected many autoremovable unused kernel packages, thus they would benefit from backporting the fix greatly.
 * The bug is fixed by removing autoremovable (not currently booted) kernel packages when running unattended-upgrades or update-manager. Update manager offers the kernel removals when there are other updates to be installed.

[Test Case]

Note: test either update-manager or unattended-upgrades, not both at the same time. If you remove unused kernels by the former, you can not test the function in the latter.

 1. Install kernel packages to be removed, mark them auto-installed and run apt's kernel hook script to make apt consider them autoremovable and simulate apt autoremove to get list of autoremovable packages:

  sudo apt install -y linux-image-extra-4.4.0-92-generic linux-image-extra-4.4.0-93-generic
  sudo apt-mark auto linux-image-extra-4.4.0-92-generic linux-image-extra-4.4.0-93-generic
  sudo /etc/kernel/postinst.d/apt-auto-removal
  apt autoremove --simulate

 2. (for update-manager; add something for it to update as update-manager will not show removable packages, if there is not something to update, right?) Downgrade a package to be upgraded:

   sudo apt-get install -y --allow-downgrades ca-certificates=20160104ubuntu1

 3. (update-manager). Run update-manager and observe that kernel packages are offered for removal in Details of updates.

  sudo update-manager

 4. (update-manager) Click on Install Now and observe that the kernel packages are removed.

 2. (unattended-upgrades, the fix comes in an update of u-u) Run unattended-upgrades manually and observe the removal of the autoremovable kernel packages:

  sudo unattended-upgrade -v

[Regression Potential]

 The change may cause update-manager or unattanded-upgrades to remove used kernel packages or fail to install other package updates.

[Other Info]

The unattended-upgrades fix is uploaded with many other fixes and those may cause regressions in other areas in unattended-upgrades.

[Original bug text]

When using default settings for unattended-upgrade i.e.
Unattended-Upgrade::Remove-Unused-Dependencies "false";
# default "false"
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
# default "true"
in configuration file /etc/apt/apt.conf.d/50unattended-upgrades,
unattended-upgrade is unable to remove packages that become unused in conjunction with updating by other software such as update-manager or apt full-upgrade. This is because unattended-upgrade compares the list of unneeded packages before and after it upgrades packages to detect which packages are new unused ones.

Consequently, if user installs new kernels using e.g. update-manager, the excessive kernels will not be removed by unattended-upgrade, and eventually (small) /boot will become full.

Expected behavior: handle removing of unused packages differently at least until other package management software installed by default can handle removing of new unused packages.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: unattended-upgrades 0.90
ProcVersionSignature: Ubuntu 4.4.0-36.55-generic 4.4.16
Uname: Linux 4.4.0-36-generic i686
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: i386
CurrentDesktop: XFCE
Date: Sat Sep 17 11:28:44 2016
InstallationDate: Installed on 2016-09-05 (11 days ago)
InstallationMedia: Mythbuntu 16.04.1 LTS "Xenial Xerus" - Release i386 (20160719)
PackageArchitecture: all
SourcePackage: unattended-upgrades
UpgradeStatus: No upgrade log present (probably fresh install)

Jarno Suni (jarnos) wrote :
description: updated
Ian Weisser (ian-weisser) wrote :

Can you please talk us through exactly how to reproduce the issue?
I have used u-u with a wide variety of other apt frontends in 16.04 without seeing that problem yet.

Jarno Suni (jarnos) wrote :

Install each kernel update by update-manager and notice no kernels will be automatically removed by U-U.

Jarno Suni (jarnos) on 2016-09-21
description: updated
summary: - Unable to remove packages that become unused in conjunction with
- updating by other software
+ Unable to automatically remove packages that become unused in
+ conjunction with updating by other software
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unattended-upgrades (Ubuntu):
status: New → Confirmed

I find that on most times the bug occurs, but not always. Though it has caused me some problems before with /boot filling up and me being forced to manually remove the old kernels.

Jarno Suni (jarnos) wrote :

Nikita, what do you mean by that it does not occur always?

Jarno Suni (jarnos) wrote :

I run /etc/kernel/postinst.d/apt-auto-removal on each boot. That also makes the "Unattended-Upgrade::Remove-New-Unused-Dependencies" setting not work.
(See Bug #1615381.)

Changed in unattended-upgrades (Ubuntu):
importance: Undecided → High
tags: added: rls-z-incoming
Jarno Suni (jarnos) wrote :

A fix could be adding line
Unattended-Upgrade::Remove-Unused-Dependencies "true";
in /etc/apt/apt.conf.d/50unattended-upgrades
But does it remove too many packages? Why was
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
setting ever added?

Jarno Suni (jarnos) wrote :

Besides:
If you do not want automatic updates, but just automatic removal of unnecessary software including kernels, you could have 'Download and install updates automatically' set, but edit /etc/apt/apt.conf.d/50unattended-upgrades to have only comments within Unattended-Upgrade::Allowed-Origins section.

tags: added: rls-aa-incoming
removed: rls-z-incoming
tags: removed: rls-aa-incoming
Steve Langasek (vorlon) on 2017-06-22
Changed in unattended-upgrades (Ubuntu Artful):
assignee: nobody → Steve Langasek (vorlon)
assignee: Steve Langasek (vorlon) → Canonical Foundations Team (canonical-foundations)
Changed in unattended-upgrades (Ubuntu Artful):
assignee: Canonical Foundations Team (canonical-foundations) → Balint Reczey (rbalint)
Balint Reczey (rbalint) wrote :

@Jarno: IMO Unattended-Upgrade::Remove-Unused-Dependencies is already a risky option and I don't recommend enabling it because it may remove packages which are not used according the to package-dependency chain but which users rely on using software that is not packaged.
The only place I would use this option are dedicated server systems where everything is packaged and which run services only without allowing user shell/GUI logins.

This bug is about removing packages which became unused as a result of running other package management tools, not u-u.

I consider this out of scope for u-u because it can be solved easily by the used other package management tool and this feature will most likely unpleasantly surprise users by removing unexpected packages.

Changed in unattended-upgrades (Ubuntu Artful):
status: Confirmed → Opinion
Balint Reczey (rbalint) wrote :

I suggest marking that bug as Won't Fix.

Balint Reczey (rbalint) wrote :

Added update-manager as affected package because update-manager is the tool leaving newly unused packages around.

Jarno Suni (jarnos) wrote :

rbalint, user could mark such packages as manually installed (by apt-mark), so autoremove will not remove them.

If you mark update-manager affected, you should mark other updaters, too. E.g. 'apt full-upgrade' or Synaptic will not remove newly unused packages, right?

Jarno Suni (jarnos) wrote :

I think less advanced users do not install software that is not packaged. Advanced users can configure system to work as they wish. IMO currently Unattended-Upgrade::Remove-New-Unused-Dependencies is more risky as default.

Balint Reczey (rbalint) wrote :

@Jarno I added update-manager based on my experience with (less experienced) users, who kept their system up-to-date by saying yes to everything regarding updates which popped up on their system.

They never touched apt or synaptic nor installed packages by themselves by other means.

I think removing newly unused packages would be a reasonable default for u-u and update-manager.

I agree that Remove-New-Unused-Dependencies=true is riskier than having it disabled but it still removes a subset of what Remove-Unused-Dependencies=true would thus Remove-Unused-Dependencies=true would be more risky.

Remove-New-Unused-Dependencies=true is needed to clean up old kernel packages filling up /boot (and the whole disk).
If update-manager defaults to that by default, too, the system won't break itself.

Jarno Suni (jarnos) wrote :

I think removing "newly unused" packages is an ugly hack. Deciding which packages are excessive or unneeded should not depend on how some packages were removed previously. If the reason for this automatic remove thing is to get rid of excessive kernels, a specific tool for that could be used. I have written such a tool. It is called linux-purge (https://launchpad.net/linux-purge)

Jarno Suni (jarnos) wrote :

I meant deciding which packages are excessive or unneeded should be possible also after upgrading, not only in conjunction with upgrading.

I still do not get it why advanced users could not make sure the packages needed by their not packaged software is not marked as manually installed.

Jarno Suni (jarnos) wrote :

Minus last "not"

Jarno Suni (jarnos) wrote :

Anyway, it would be good, if other software could optionally remove new unused packages.
I do not consider Unattended-Upgrade::Remove-New-Unused-Dependencies as an reasonable default option for unattended-upgrades before the feature has been released for at least apt, update-manager, gnome-software and possible other related software installed by default.

Jarno Suni (jarnos) on 2017-09-18
summary: - Unable to automatically remove packages that become unused in
- conjunction with updating by other software
+ By default settings unattended-upgrade is unable to automatically remove
+ packages that become unused in conjunction with updating by other
+ software.
description: updated
Jarno Suni (jarnos) on 2017-09-18
description: updated
Changed in unattended-upgrades (Ubuntu Artful):
status: Opinion → New
Jarno Suni (jarnos) on 2017-09-20
tags: added: full-boot
Brian Murray (brian-murray) wrote :

I found the description somewhat confusing because 'Unattended-Upgrade::Remove-New-Unused-Dependencies "true"; doesn't actually exist in /etc/apt/apt.conf.d/50unattended-upgrades, rather that's the default setting in unattended-upgrades since 0.90. Regardless, I was able to recreate the issue on an Ubuntu 16.04 system via the following procedure.

1) Use apt-get install to install a new kernel (linux-image-generic)
2) Run unattended-upgrades (observe "no pending auto-removals")

However, running 'sudo apt autoremove' does want to remove an old kernel.

Jarno Suni (jarnos) wrote :

Brian, however, as you installed the kernel by apt-get install, the kernel becomes manually installed, and will not later be removed by 'sudo apt autoremove', unless you change it to be marked as automatically installed.

I question the use of 'sudo apt autoremove' in this case. If its action was the desired one, setting
Unattended-Upgrade::Remove-Unused-Dependencies "false";
would be the setting to use, instead of the current default
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
Balint Reczey tries to explain in #11 why that setting is not desired.

On Thu, Sep 21, 2017 at 02:03:41PM -0000, Jarno Suni wrote:
> Brian, however, as you installed the kernel by apt-get install, the
> kernel becomes manually installed, and will not later be removed by
> 'sudo apt autoremove', unless you change it to be marked as
> automatically installed.

No, this is not the behavior I observed. After installing a new kernel
version via update-manager or 'sudo apt-get install' on Ubuntu 16.04, 'sudo
apt autoremove' does the right thing and wants to remove my third newest
kernel.

--
Brian Murray

It will remove the third newest kernel, but later, when the one you installed by "apt install" will become third newest, it will not be removed automatically. That is by design.

Jarno Suni (jarnos) wrote :

Anyway, in my view
Unattended-Upgrade::Remove-Unused-Dependencies "true";
would be the default setting to have now, and advanced users should mark the dependencies of their unpackaged software as "manual".

Brian Murray (brian-murray) wrote :

The get_auto_removable function in unattended-ugprades just checks to see if the package has the "is_auto_removable" flag set. So setting "Unattended-Upgrade::Remove-Unused-Dependencies" to "true" will produce the same outcome as using "sudo apt autoremove" e.g.:

bdmurray@clean-xenial-amd64:~$ sudo apt autoremove
[sudo] password for bdmurray:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  libllvm3.8 libmircommon5 libsnapd-glib1 linux-headers-4.4.0-31 linux-headers-4.4.0-31-generic linux-image-4.4.0-31-generic
  linux-image-extra-4.4.0-31-generic snap-confine snapd-login-service ubuntu-core-launcher

bdmurray@clean-xenial-amd64:~$ sudo unattended-upgrade --dry-run
/usr/bin/dpkg --status-fd 9 --force-depends --remove libllvm3.8:amd64 libmircommon5:amd64 snapd-login-service:amd64 libsnapd-glib1:amd64 linux-headers-4.4.0-31-generic:amd64 linux-headers-4.4.0-31:all linux-image-extra-4.4.0-31-generic:amd64 linux-image-4.4.0-31-generic:amd64 snap-confine:amd64 ubuntu-core-launcher:amd64
/usr/bin/dpkg --status-fd 11 --configure --pending

So I think the question here is whether or not we think it is safe to run autoremovals without user interaction.

Brian Murray (brian-murray) wrote :

@Balint re "@Jarno: IMO Unattended-Upgrade::Remove-Unused-Dependencies is already a risky option and I don't recommend enabling it because it may remove packages which are not used according the to package-dependency chain but which users rely on using software that is not packaged."

Could you give me an example of how people would install dependencies for software that is not package that would also set the "is_auto_removable" flag in the apt cache to True? I can't think of a situation like this.

On Wed, Sep 27, 2017 at 1:49 PM, Brian Murray <email address hidden> wrote:
> @Balint re "@Jarno: IMO Unattended-Upgrade::Remove-Unused-Dependencies
> is already a risky option and I don't recommend enabling it because it
> may remove packages which are not used according the to package-
> dependency chain but which users rely on using software that is not
> packaged."
>
> Could you give me an example of how people would install dependencies
> for software that is not package that would also set the
> "is_auto_removable" flag in the apt cache to True? I can't think of a
> situation like this.

I had the opposite situation in my mind. People would remove packages
which are not auto removable, like ubuntu-desktop (for example because
something ubuntu-desktop depends on is acting badly) and then many
package in ubuntu-desktop's dependency change become auto removable:

$ sudo apt-get remove ubuntu-desktop
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  a11y-profile-manager-indicator activity-log-manager adium-theme-ubuntu
  aisleriot app-install-data-partner apturl apturl-common baobab bluez-cups
...
  xorg
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
  ubuntu-desktop
0 upgraded, 0 newly installed, 1 to remove and 7 not upgraded.
After this operation, 46,1 kB disk space will be freed.
Do you want to continue? [Y/n]

It is a simpler problematic situation than the one I originally mentioned, u-u
would remove software which is probably in use, no additional software is
broken.

Hmm, I thought we would not do that anymore, and packages get marked as manual when removing a meta package, but I might be missing something.

On Wed, Sep 27, 2017 at 2:42 PM, Julian Andres Klode
<email address hidden> wrote:
> Hmm, I thought we would not do that anymore, and packages get marked as
> manual when removing a meta package, but I might be missing something.

I ran this on zesty, but if meta packages are handled differently then
I could imagine a similar
case when meta packages are not involved.

Brian Murray (brian-murray) wrote :

On Wed, Sep 27, 2017 at 08:36:13PM -0000, Balint Reczey wrote:
> On Wed, Sep 27, 2017 at 2:42 PM, Julian Andres Klode
> <email address hidden> wrote:
> > Hmm, I thought we would not do that anymore, and packages get marked as
> > manual when removing a meta package, but I might be missing something.
>
> I ran this on zesty, but if meta packages are handled differently then
> I could imagine a similar
> case when meta packages are not involved.

I ran the same metapackage removal test on Xenial, so if Julian is right
and this is a regression its a rather old one. Do you have any more
details about your thoughts Julian?

--
Brian Murray

There were like 3 versions of metapackage auto removal, I don't remember exactly.

I think in the beginning, we just autoremovef everything.

Then we did not mark packages as automatically installed if installed by a meta package.

Then we moved to moving the auto bit on uninstall, but maybe only if the meta is removed due to a conflict, and not when manually.

I only followed this on the sidelines.

tags: added: id-597a833ca49ff66291d34705
Brian Murray (brian-murray) wrote :

Well this does work in Trusty, Ubuntu 14.04, perhaps this is a regression in support "Never-MarkAuto-Sections"?

One thing to note is that using 'apt-mark' I saw that vino was marked as manual on Ubuntu 14.04, but automatic on Ubuntu 16.04.

Iain Lane (laney) on 2017-10-04
Changed in gnome-software (Ubuntu Artful):
status: New → Invalid
Brian Murray (brian-murray) wrote :

I reported bug 1721364 regarding the Never-MarkAuto-Sections issue.

Balint Reczey (rbalint) on 2017-10-25
summary: - By default settings unattended-upgrade is unable to automatically remove
+ By default settings unattended-upgrade does not automatically remove
packages that become unused in conjunction with updating by other
- software.
+ software
Changed in unattended-upgrades (Ubuntu):
status: New → Confirmed
Changed in unattended-upgrades (Ubuntu Artful):
status: New → Confirmed
Changed in unattended-upgrades (Ubuntu):
status: Confirmed → Opinion
Changed in unattended-upgrades (Ubuntu Artful):
status: Confirmed → Opinion

Changed to title to reflect that the issue is not about something not implemented, but something not set as default.

Balint Reczey (rbalint) wrote :

s/to title/the title/

Balint Reczey (rbalint) on 2018-01-18
Changed in update-manager (Ubuntu):
assignee: nobody → Balint Reczey (rbalint)
Changed in update-manager (Ubuntu Artful):
assignee: nobody → Balint Reczey (rbalint)
Changed in update-manager (Ubuntu):
status: New → In Progress
Changed in update-manager (Ubuntu Artful):
status: New → Confirmed
status: Confirmed → In Progress
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apt (Ubuntu Artful):
status: New → Confirmed
Changed in apt (Ubuntu):
status: New → Confirmed

Observe #1267059 about 'Unattended-Upgrade::Remove-Unused-Dependencies' not working as expected for old versions of unattended-upgrades, also resulting e.g. in obsolete kernel packages not getting removed.

Balint Reczey (rbalint) on 2018-02-14
Changed in unattended-upgrades (Ubuntu):
status: Opinion → In Progress
Changed in unattended-upgrades (Ubuntu Artful):
status: Opinion → In Progress
Balint Reczey (rbalint) wrote :

I'm working on removing old kernels in u-u and also make the similar changes to update-manager: https://github.com/mvo5/unattended-upgrades/pull/97

tags: added: id-59653842b438d4859259928d
Balint Reczey (rbalint) on 2018-02-16
Changed in unattended-upgrades (Ubuntu):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.0ubuntu1

---------------
unattended-upgrades (1.0ubuntu1) bionic; urgency=medium

  * Merge from Debian unstable
    - Remaining changes:
      - unattended-upgrades: Do not automatically upgrade the development
        release of Ubuntu unless Unattended-Upgrade::DevRelease is true.
    - Dropped changes, included in Debian:
      - Run upgrade-between-snapshots only on amd64.
        The test exercises only unattented-upgrade's Python code and uses
        dependencies from the frozen Debian snapshot archive thus running
        it on all architectures would provide little benefit.

unattended-upgrades (1.0) unstable; urgency=medium

  [ Simon Arlott ]
  * Revert sending mails on WARNINGS when in MailOnlyOnError mode"
  * Consider conffile prompts to be errors (Closes: #852465)
    Flag packages that have to be upgraded manually because of a conffile
    prompt and consider this to be an error when sending email or exiting.

  [ Simon McVittie ]
  * Add python, python3, setuptools, DistutilsExtra to Build-Depends.
    They are needed for `clean`, so Build-Depends-Indep is not enough.
  * Add .gitignore and debian/.gitignore
  * Remove bzr configuration.
    This is unnecessary now that u-u is in git.

  [ Michael Vogt ]
  * unattended-upgrades: tweak mail-on-warnings PR
  * unattended-upgrade: extract is_autoremove_valid helper

  [ Balint Reczey ]
  * Run upgrade-between-snapshots only on amd64.
    The test exercises only unattented-upgrade's Python code and uses
    dependencies from the frozen Debian snapshot archive thus running
    it on all architectures would provide little benefit.
  * Clean up processes started for getting md5 sums
  * Don't keep /var/lib/dpkg/status open multiple times
  * Adjust candidates in UnattendedUpgradesCache.open()
  * Perform autoremovals in minimal steps, too.
    Also add check to remove only the set of packages selected for autoremoval.
    Without that check unattended-upgrades when (by default) configured to
    remove newly unused packages could also remove auto removable packages
    which were unused before starting starting the upgrade step.
  * Remove unused automatically installed kernel packages
    (LP: #1357093, #1624644, #1675079, #1698159)
  * Stop including Python syntax in the report (Closes: #876796)
  * Do not auto remove packages related to the running kernel (LP: #1615381)
  * Check packages to be autoremoved against blacklists, whitelists.
    Also check if the packages are held.
  * Report package removals in the summary email (Closes: #876797)
  * Run upgrade-between-snapshots test with debugging enabled
  * Don't create new UnattendedUpgradesCache for checking for autoremovals
    .open() refreshes the state in each cache_commit(), this is enough
  * Update .pot and .po files
  * Update .travis.yml to actually build and test u-u from the repo
  * Run only a simple installation test on Travis, the system upgrade
    test was always failing

 -- Balint Reczey <email address hidden> Thu, 01 Mar 2018 17:29:33 +0700

Changed in unattended-upgrades (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package update-manager - 1:18.04.9

---------------
update-manager (1:18.04.9) bionic; urgency=medium

  * Keep PEP 8 checks happy

 -- Balint Reczey <email address hidden> Wed, 21 Mar 2018 17:53:59 +0000

Changed in update-manager (Ubuntu):
status: In Progress → Fix Released
Łukasz Zemczak (sil2100) wrote :

Please fill in the Impact, Test Case and Regression Potential fields of the SRU recommended bug description [1]. Thank you!

[1] https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template

Balint Reczey (rbalint) on 2018-03-27
description: updated

Hello Jarno, or anyone else affected,

Accepted update-manager into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/update-manager/1:17.10.14 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in update-manager (Ubuntu Artful):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-artful
Changed in update-manager (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed-xenial
Brian Murray (brian-murray) wrote :

Hello Jarno, or anyone else affected,

Accepted update-manager into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/update-manager/1:16.04.13 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Testing is painfully slow because connection to e.g. archive.canonical.com is very slow.

Downgrading in step 2 does not work without --allow-downgrades

Jarno Suni (jarnos) wrote :

Brian, I tested the update-manager version you told. It is true that update-manager removes the unused packages, but step 3. (unattended-upgrades) does not remove the unused kernels.

I add failed tag as this bug is originally about unattended-upgrades.

tags: added: verification-failed-xenial
removed: verification-needed-xenial

On Fri, Mar 30, 2018 at 3:12 PM, Jarno Suni <email address hidden> wrote:
> Brian, I tested the update-manager version you told. It is true that
> update-manager removes the unused packages, but step 3. (unattended-
> upgrades) does not remove the unused kernels.
>
> I add failed tag as this bug is originally about unattended-upgrades.

Thanks for testing the fix and also thank you for preparing the
linux-purge script. I read it but integrating it to to current tools
would have been problematic and I hope you agree that the solution
finally used is minimally intrusive and achieves removing unused
kernels in a safe way.

The fix for unattended-upgrades is not uploaded yet but is available
Bionic and in the ppa:rbalint/scratch PPA if you would like to give it
a try.

Balint Reczey (rbalint) on 2018-04-03
description: updated

Yes, it is good that update-manager can do removing, as that is what most people use anyway. linux-purge might still have some use e.g. if for some reason /boot becomes full, or there are non-autoremovable kernel packages (which may happen in 14.04 even with kernels installed using update-manager Bug #1439769).

Jarno Suni (jarnos) on 2018-04-03
description: updated
Balint Reczey (rbalint) wrote :

@jarnos Verification is needed only for update-manager for now, thus I think you verified that the fix worked for Xenial. Could you please change the tag to reflect that or you would like to wait for the u-u fix, - which may come later?

Jarno Suni (jarnos) on 2018-04-04
tags: added: verification-done-xenial
removed: verification-failed-xenial
Łukasz Zemczak (sil2100) wrote :

Can anyone potentially perform verification of the artful packages? We usually prefer releasing packages for newer series first, although it's not really a big deal right now because xenial -> artful is not an official upgrade path anymore.

Brian Murray (brian-murray) wrote :

Verified update-manager for artful.

tags: added: verification-done-artful
removed: verification-needed-artful
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package update-manager - 1:16.04.13

---------------
update-manager (1:16.04.13) xenial; urgency=medium

  * Offer removal of unused autoremovable kernel packages
    (LP: #1624644, #1675079)
  * Support package removals in install backends and really remove packages
    (LP: #1624644, #1675079)
  * Keep PEP 8 checks happy
  * Place .keep files in empty directories to keep them when converting the
    repo to git (LP: #1758963)

 -- Balint Reczey <email address hidden> Sun, 25 Mar 2018 20:10:49 +0100

Changed in update-manager (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for update-manager has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package update-manager - 1:17.10.14

---------------
update-manager (1:17.10.14) artful; urgency=medium

  * Offer removal of unused autoremovable kernel packages
    (LP: #1624644, #1675079)
  * Support package removals in install backends and really remove packages
    (LP: #1624644, #1675079)
  * Keep PEP 8 checks happy
  * Place .keep files in empty directories to keep them when converting the
    repo to git (LP: #1758963)

 -- Balint Reczey <email address hidden> Sun, 25 Mar 2018 19:57:57 +0100

Changed in update-manager (Ubuntu Artful):
status: Fix Committed → Fix Released
Changed in unattended-upgrades (Ubuntu Artful):
status: In Progress → Won't Fix

Hello Jarno, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unattended-upgrades (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed-xenial
removed: verification-done-xenial
Łukasz Zemczak (sil2100) wrote :

Hello Jarno, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Łukasz Zemczak (sil2100) wrote :

Hello Jarno, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Download full text (5.1 KiB)

Tested with 1.1ubuntu1.18.04.7~16.04.2 on Xenial:

root@x-uu-lp-1260041:~# apt-mark auto linux-image-extra-4.8.0-56-generic linux-image-extra-4.8.0-58-generic linux-image-extra-4.8.0-54-generic linux-image-extra-4.8.0-53-generic
linux-image-extra-4.8.0-56-generic set to automatically installed.
linux-image-extra-4.8.0-58-generic set to automatically installed.
linux-image-extra-4.8.0-54-generic set to automatically installed.
linux-image-extra-4.8.0-53-generic set to automatically installed.
root@x-uu-lp-1260041:~# unattended-upgrade --verbose
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=xenial, o=Ubuntu,a=xenial-security, o=UbuntuESM,a=xenial, o=Ubuntu,a=xenial-updates
Removing unused kernel packages: linux-image-extra-4.8.0-54-generic linux-image-4.8.0-54-generic
Keeping auto-removable linux-image-extra-4.8.0-54-generic package(s) because it would also remove the following packages which should be kept in this step: libpam-systemd libsystemd0 libudev1 systemd systemd-sysv udev
(Reading database ... 53554 files and directories currently installed.)
Removing linux-image-extra-4.8.0-54-generic (4.8.0-54.57~16.04.1) ...
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.8.0-54-generic /boot/vmlinuz-4.8.0-54-generic
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 4.8.0-54-generic /boot/vmlinuz-4.8.0-54-generic
update-initramfs: Generating /boot/initrd.img-4.8.0-54-generic
W: mdadm: /etc/mdadm/mdadm.conf defines no arrays.
run-parts: executing /etc/kernel/postinst.d/unattended-upgrades 4.8.0-54-generic /boot/vmlinuz-4.8.0-54-generic
run-parts: executing /etc/kernel/postinst.d/update-notifier 4.8.0-54-generic /boot/vmlinuz-4.8.0-54-generic
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 4.8.0-54-generic /boot/vmlinuz-4.8.0-54-generic
Removing linux-image-4.8.0-54-generic (4.8.0-54.57~16.04.1) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 4.8.0-54-generic /boot/vmlinuz-4.8.0-54-generic
update-initramfs: Deleting /boot/initrd.img-4.8.0-54-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 4.8.0-54-generic /boot/vmlinuz-4.8.0-54-generic
Packages that were successfully auto-removed: linux-image-4.8.0-54-generic linux-image-extra-4.8.0-54-generic
Packages that are kept back: linux-image-extra-4.8.0-54-generic
Packages that will be upgraded: libpam-systemd libsystemd0 libudev1 systemd systemd-sysv udev
Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
(Reading database ... 47681 files and directories currently installed.)
Preparing to unpack .../systemd-sysv_229-4ubuntu21.17_amd64.deb ...
Unpacking systemd-sysv (229-4ubuntu21.17) over (229-4ubuntu21.16) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up systemd-sysv (229-4ubuntu21.17) ...
Log ended: 2019-03-13 17:17:36

Log started: 2019-03-13 17:17:36
(Reading database ... 47681 files and directories currently installed.)
Preparing to unpack .../udev_229-4ubuntu21.17_amd64.deb ...
Unpacking udev (229-4ubuntu21.17) over (229-4ubuntu21.16) ...
Preparing to unpack .../libudev1_229-4ubunt...

Read more...

tags: added: verification-done verification-done-xenial
removed: verification-needed verification-needed-xenial
Mathew Hodson (mhodson) on 2019-03-14
no longer affects: gnome-software (Ubuntu Artful)
no longer affects: gnome-software (Ubuntu)
Changed in unattended-upgrades (Ubuntu Xenial):
importance: Undecided → High
no longer affects: apt (Ubuntu Artful)
no longer affects: apt (Ubuntu)
Jarno Suni (jarnos) on 2019-03-18
summary: By default settings unattended-upgrade does not automatically remove
- packages that become unused in conjunction with updating by other
+ kernel packages that become unused in conjunction with updating by other
software
Jarno Suni (jarnos) wrote :

rbalint, in the output there is some oddity:
"Keeping auto-removable linux-image-extra-4.8.0-54-generic package(s) because it would also remove the following packages which should be kept in this step: libpam-systemd libsystemd0 libudev1 systemd systemd-sysv udev
(Reading database ... 53554 files and directories currently installed.)
Removing linux-image-extra-4.8.0-54-generic (4.8.0-54.57~16.04.1) ..."

So it says it is keeping linux-image-extra-4.8.0-54-generic and right thereafter it is removing the same package.

Jarno Suni (jarnos) wrote :
Download full text (10.6 KiB)

@rbalint about your test case: I wonder why linux-image-4.8.0-53-generic was not removed by u-u? Was it the booted kernel? You also did not run 'sudo /etc/kernel/postinst.d/apt-auto-removal' before running u-u. Your test case does not show how the kernels were installed.

In the following, I show the extraction of terminal output of a more complete test case for u-u. It installs linux-image-extra-4.4.0-141-generic by apt. Output of 'apt autoremove --simulate' shows it would remove the kernel, and one unneeded package that is not a kernel related. Whereas u-u just removes the kernel (which may be the expected behavior).

$ set -x; sudo apt install -y unattended-upgrades/xenial-proposed linux-image-extra-4.4.0-141-generic; sudo apt-mark auto linux-image-extra-4.4.0-141-generic; sudo /etc/kernel/postinst.d/apt-auto-removal; apt autoremove --simulate; sudo unattended-upgrade -v; set +x
+ sudo apt install -y unattended-upgrades/xenial-proposed linux-image-extra-4.4.0-141-generic
Reading package lists... Done
Building dependency tree
Reading state information... Done
unattended-upgrades is already the newest version (1.1ubuntu1.18.04.7~16.04.2).
Selected version '1.1ubuntu1.18.04.7~16.04.2' (Ubuntu:16.04/xenial-proposed [all]) for 'unattended-upgrades'
The following package was automatically installed and is no longer required:
  xscreensaver-data
Use 'sudo apt autoremove' to remove it.
Suggested packages:
  fdutils linux-doc-4.4.0 | linux-source-4.4.0 linux-tools linux-headers-4.4.0-141-generic
The following NEW packages will be installed:
  linux-image-4.4.0-141-generic linux-image-extra-4.4.0-141-generic
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 58,7 MB of archives.
After this operation, 224 MB of additional disk space will be used.
Get:1 http://ubuntu.mirror.true.nl/ubuntu xenial-updates/main amd64 linux-image-4.4.0-141-generic amd64 4.4.0-141.167 [22,2 MB]
Get:2 http://ubuntu.mirror.true.nl/ubuntu xenial-updates/main amd64 linux-image-extra-4.4.0-141-generic amd64 4.4.0-141.167 [36,5 MB]
Fetched 58,7 MB in 26s (2 233 kB/s)
Selecting previously unselected package linux-image-4.4.0-141-generic.
(Reading database ... 332942 files and directories currently installed.)
Preparing to unpack .../linux-image-4.4.0-141-generic_4.4.0-141.167_amd64.deb ...
Examining /etc/kernel/preinst.d/
run-parts: executing /etc/kernel/preinst.d/intel-microcode 4.4.0-141-generic /boot/vmlinuz-4.4.0-141-generic
Done.
Unpacking linux-image-4.4.0-141-generic (4.4.0-141.167) ...
Selecting previously unselected package linux-image-extra-4.4.0-141-generic.
Preparing to unpack .../linux-image-extra-4.4.0-141-generic_4.4.0-141.167_amd64.deb ...
Unpacking linux-image-extra-4.4.0-141-generic (4.4.0-141.167) ...
Setting up linux-image-4.4.0-141-generic (4.4.0-141.167) ...
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.4.0-141-generic /boot/vmlinuz-4.4.0-141-generic
run-parts: executing /etc/kernel/postinst.d/dkms 4.4.0-14...

Jarno Suni (jarnos) on 2019-03-18
description: updated
Balint Reczey (rbalint) wrote :

@jarnos #61
this is a separate issue fixed later, calculating upgradable packages leaves the upgradable packages in the cache, and u-u counts them as the reverse dependencies of the first kernel to be removed.
This keeps the first kernel on the system, but when there are no upgradable packages in a later run this kernel can be removed, too.

See:
https://github.com/mvo5/unattended-upgrades/commit/93d43fbcd53c5df5ce69a16b26a981bf06ce3085
https://github.com/mvo5/unattended-upgrades/commit/654898b05c933047ca8c97df655743aab0898db1
https://github.com/mvo5/unattended-upgrades/commit/1a39eb257ad786902de11add212879241919be44

In this particular case -extra was detected not autoremovable because of the dirty cache, but it was successfully removed when trying to remove linux-image-4.8.0-54-generic.
The printout is confusing indeed, but no harm was done, since only valid autoremovals were performed.

Launchpad Janitor (janitor) wrote :
Download full text (33.9 KiB)

This bug was fixed in the package unattended-upgrades - 1.1ubuntu1.18.04.7~16.04.2

---------------
unattended-upgrades (1.1ubuntu1.18.04.7~16.04.2) xenial; urgency=medium

  * Don't check blacklist too early and report updates from not allowed origins
    as kept back. (LP: #1781176)
  * test/test_blacklisted_wrong_origin.py: Fix and enable test
  * Filter out progress indicator from dpkg log (LP: #1599646)
  * Clear cache when autoremoval fails (LP: #1779157)
  * Find autoremovable kernel packages using the patterns in APT's way
    (LP: #1815494)

unattended-upgrades (1.1ubuntu1.18.04.7~16.04.1) xenial; urgency=medium

  * Start service after systemd-logind.service to be able to take inhibition
    lock (LP: #1806487)
  * Handle gracefully when logind is down (LP: #1806487)

unattended-upgrades (1.1ubuntu1.18.04.7~16.04.0) xenial; urgency=medium

  * Backport to Xenial (LP: #1702793)
  * Revert to build-depending on debhelper (>= 9~) and dh-systemd
  * Revert configuration example changes to avoid triggering a debconf question
  * debian/postinst: Update recovery to be triggered on Xenial's package versions

unattended-upgrades (1.1ubuntu1.18.04.7) bionic; urgency=medium

  * Trigger unattended-upgrade-shutdown actions with PrepareForShutdown()
    Performing upgrades in service's ExecStop did not work when the upgrades
    involved restarting services because systemd blocked other stop/start
    actions making maintainer scripts time out and be killed leaving a broken
    system behind.
    Running unattended-upgrades.service before shutdown.target as a oneshot
    service made it run after unmounting filesystems and scheduling services
    properly on shutdown is a complex problem and adding more services to the
    mix make it even more fragile.
    The solution of monitoring PrepareForShutdown() signal from DBus
    allows Unattended Upgrade to run _before_ the jobs related to shutdown are
    queued thus package upgrades can safely restart services without
    risking causing deadlocks or breaking part of the shutdown actions.
    Also ask running unattended-upgrades to stop when shutdown starts even in
    InstallOnShutdown mode and refactor most of unattended-upgrade-shutdown to
    UnattendedUpgradesShutdown class. (LP: #1778219)
  * Increase logind's InhibitDelayMaxSec to 30s. (LP: #1778219)
    This allows more time for unattended-upgrades to shut down gracefully
    or even install a few packages in InstallOnShutdown mode, but is still a
    big step back from the 30 minutes allowed for InstallOnShutdown previously.
    Users enabling InstallOnShutdown node are advised to increase
    InhibitDelayMaxSec even further possibly to 30 minutes.
    - Add NEWS entry about increasing InhibitDelayMaxSec and InstallOnShutdown
      changes
  * Ignore "W503 line break before binary operator"
    because it will become the best practice and breaks the build
  * Stop using ActionGroups, they interfere with apt.Cache.clear()
    causing all autoremovable packages to be handled as newly autoremovable
    ones and be removed by default. Dropping ActionGroup usage does not slow
    down the most frequent case of not having anything to upgrade a...

Changed in unattended-upgrades (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers