apt.Cache.clear() may set apt.Package.is_auto_removable to False

Bug #1803749 reported by Balint Reczey on 2018-11-16
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unattended-upgrades (Ubuntu)
High
Balint Reczey
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned

Bug Description

[Impact]

 * Originally autoremovable packages can be removed as newly autoremovable ones by unattended-upgrades
 * This can surprise users potentially removing packages which are needed for the system's operation.

[Test Case]

* The buggy u-u version will remove the previously autoremovable zsh at the end, the fixed one does not.

$ sudo debootstrap bionic uu-test-bionic-1803749
...
$ sudo chroot uu-test-bionic-1803749
# apt install unattended-upgrades zsh
# apt-mark auto zsh
...
# echo "Unattended-Upgrade::Package-Blacklist {"libs";}" > /etc/apt/apt.conf.d/51unattended-upgrades
# echo "deb http://archive.ubuntu.com/ubuntu bionic-security main" >> /etc/apt/sources.list
# echo "deb http://archive.ubuntu.com/ubuntu bionic-updates main" >> /etc/apt/sources.list
# apt update -qq
# unattended-upgrades --dry-run --verbose --debug
...
All upgrades installed
marking zsh for removal
marking zsh-common for removal
Packages that were successfully auto-removed:
Packages that are kept back:
InstCount=0 DelCount=0 BrokenCount=0
#

[Regression Potential]

 * Unattended-upgrades may use more CPU-time for operation but I did not observe a significant increase. Autopkgtest measures u-u's performance thus if this regression occurs, we can observe it easily.
 * Due to the code changes u-u may still remove already autoremovable packages or fail to remove newly autoremovable ones in default configuration, but since the code became simpler with the change by eliminating an optimization this regression is unlikely to take place.

[Original Bug Text]

While triaging LP: #1803587 I found that originally autoremovable packages were handled as newly autoremovable ones by unattended-upgrades due to not finding all of them at the beginning of u-u's run.

The root cause seems to be cache.clear() resetting pkg.is_auto_removable to False under some circumstances I haven't fully narrowed down.

Set up a Bionic (or later) system with autoremovable packages, packages upgradable from -security and blacklist at least one upgradable package and apply the following patch to u-u:

root@bb-1803587:~# diff -Naur /usr/bin/unattended-upgrade.orig /usr/bin/unattended-upgrade
--- /usr/bin/unattended-upgrade.orig 2018-11-16 16:17:58.522583254 +0000
+++ /usr/bin/unattended-upgrade 2018-11-16 16:36:12.226675870 +0000
@@ -948,7 +948,9 @@
 def rewind_cache(cache, pkgs_to_upgrade):
     # type: (apt.Cache, List[apt.Package]) -> None
     """ set the cache back to the state with packages_to_upgrade """
+ print([pkg.name for pkg in cache if pkg.is_auto_removable])
     cache.clear()
+ print([pkg.name for pkg in cache if pkg.is_auto_removable])
     for pkg2 in pkgs_to_upgrade:
         pkg2.mark_install(from_user=not pkg2.is_auto_installed)
     if cache.broken_count > 0:

Run u-u to observe cache.clear() resetting the list of autoremovable packages:

 ~# /usr/bin/unattended-upgrade --dry-run --verbose --debug
Initial blacklisted packages: systemd
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic
Using (^linux-image|^linux-headers|^linux-image-extra|^linux-modules|^linux-modules-extra|^linux-signed-image|^kfreebsd-image|^kfreebsd-headers|^gnumach-image|^.*-modules|^.*-kernel|^linux-backports-modules-.*|^linux-modules-.*|^linux-tools|^linux-cloud-tools) regexp to find kernel packages
Using (^linux-image.*4.15.0-38-generic|^linux-headers.*4.15.0-38-generic|^linux-image-extra.*4.15.0-38-generic|^linux-modules.*4.15.0-38-generic|^linux-modules-extra.*4.15.0-38-generic|^linux-signed-image.*4.15.0-38-generic|^kfreebsd-image.*4.15.0-38-generic|^kfreebsd-headers.*4.15.0-38-generic|^gnumach-image.*4.15.0-38-generic|4.15.0-38-generic.*-modules|4.15.0-38-generic.*-kernel|^linux-backports-modules-.*.*4.15.0-38-generic|^linux-modules-.*.*4.15.0-38-generic|^linux-tools.*4.15.0-38-generic|^linux-cloud-tools.*4.15.0-38-generic) regexp to find running kernel packages
Checking: apport ([<Origin component:'main' archive:'bionic-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
adjusting candidate version: apport=2.20.9-0ubuntu7.1
...
Checking: libnss-systemd ([<Origin component:'main' archive:'bionic-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>, <Origin component:'main' archive:'bionic-security' origin:'Ubuntu' label:'Ubuntu' site:'security.ubuntu.com' isTrusted:True>])
skipping blacklisted package systemd
pkg systemd package has been blacklisted
sanity check failed
['libfreetype6']
[]
...

Julian Andres Klode (juliank) wrote :

This is caused by unattended-upgrades having an ActionGroup during the clear. So, UnattendedUpgrades cache should likely overwrite clear() and make it reset the action group, for example (after making actiongroup global):

 def clear(self):
   global actiongroup
    actiongroup.release() # pyflakes
    apt.Cache.clear(self)
    actiongroup = apt_pkg.ActionGroup(cache._depcache)

affects: python-apt (Ubuntu) → unattended-upgrades (Ubuntu)
Balint Reczey (rbalint) wrote :

I'm fixing the issue here in u-u:
https://github.com/mvo5/unattended-upgrades/pull/156

However I believe ActionGroup may need at least better documentation to clearly state when ActionGroups should be reset.

Changed in unattended-upgrades (Ubuntu):
status: New → In Progress
assignee: nobody → Balint Reczey (rbalint)
importance: Undecided → High
Balint Reczey (rbalint) on 2018-11-26
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.8

---------------
unattended-upgrades (1.8) unstable; urgency=medium

  * Add note about increasing InhibitDelayMaxSec for InstallOnShutdown to
    50unattended-upgrades.
  * Ship historical md5sums of /etc/apt/apt.conf.d/50unattended-upgrades for ucf
  * Remove .ucf-* configuration file copies on purge
  * Add NEWS entry about increasing InhibitDelayMaxSec and InstallOnShutdown
    changes
  * Revert to WantedBy=multi-user.target from 1.5ubuntu3 and 1.7, too, on
    Ubuntu. 1.5ubuntu4 is the first fixed version on and 1.7 did not upgrade
    properly from 1.5ubuntu3.
  * List commented-out default values in 50unattended-upgrades config file.
    Always list the default value commented out unless the explanation clearly
    states the default value.
  * Transition obsolete 50unattended-upgrades conffile to ucf prior upgrades did
    not do that (Closes: #808336)
  * Speed up ordering of packages in which minimal upgrade steps are performed.
  * Stop using ActionGroups, they interfere with apt.Cache.clear() causing all
    autoremovable packages to be handled as newly autoremovable ones and be
    removed by default. Dropping ActionGroup usage does not slow down the
    most frequent case of not having anything to upgrade and when ther are
    packages to upgrade the gain is small compared to the actual package
    installation.
    Also collect autoremovable packages before adjusting candidates because that
    also changed .is_auto_removable attribute of some of them. (LP: #1803749)
    (Closes: #910874)
  * Fix pyflakes

 -- Balint Reczey <email address hidden> Wed, 21 Nov 2018 17:02:49 +0100

Changed in unattended-upgrades (Ubuntu):
status: In Progress → Fix Released

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.5ubuntu3.18.10.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unattended-upgrades (Ubuntu Cosmic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Changed in unattended-upgrades (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed-bionic
Łukasz Zemczak (sil2100) wrote :

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Balint Reczey (rbalint) on 2018-11-27
description: updated
Balint Reczey (rbalint) wrote :

Verified 1.1ubuntu1.18.04.7 on bionic:
...
left to upgrade set()
All upgrades installed
InstCount=0 DelCount=0 BrokenCount=0
root@yogi:/# apt autoremove
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  zsh zsh-common
0 upgraded, 0 newly installed, 2 to remove and 55 not upgraded.
After this operation, 15.2 MB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.
root@yogi:/#

tags: added: verification-done-bionic
removed: verification-needed-bionic
description: updated
Balint Reczey (rbalint) wrote :

Verified unattended-upgrades 1.5ubuntu3.18.10.0 on cosmic:

...
left to upgrade set()
All upgrades installed
InstCount=0 DelCount=0 BrokenCount=0
Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2018-11-27 21:13:31
root@yogi:/# apt autoremove
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  zsh zsh-common
0 upgraded, 0 newly installed, 2 to remove and 15 not upgraded.
After this operation, 16.0 MB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.
root@yogi:/#

tags: added: verification-done verification-done-cosmic
removed: verification-needed verification-needed-cosmic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.5ubuntu3.18.10.0

---------------
unattended-upgrades (1.5ubuntu3.18.10.0) cosmic; urgency=medium

  * Revert to running unattended-upgrades.service in multi-user.target
  * Trigger unattended-upgrade-shutdown actions with PrepareForShutdown()
    Performing upgrades in service's ExecStop did not work when the upgrades
    involved restarting services because systemd blocked other stop/start
    actions making maintainer scripts time out and be killed leaving a broken
    system behind.
    Running unattended-upgrades.service before shutdown.target as a oneshot
    service made it run after unmounting filesystems and scheduling services
    properly on shutdown is a complex problem and adding more services to the
    mix make it even more fragile.
    The solution of monitoring PrepareForShutdown() signal from DBus
    allows Unattended Upgrade to run _before_ the jobs related to shutdown are
    queued thus package upgrades can safely restart services without
    risking causing deadlocks or breaking part of the shutdown actions.
    Also ask running unattended-upgrades to stop when shutdown starts even in
    InstallOnShutdown mode and refactor most of unattended-upgrade-shutdown to
    UnattendedUpgradesShutdown class. (LP: #1778219, LP: #1803137)
  * Handle reverting to WantedBy=multi-user.target
  * Increase logind's InhibitDelayMaxSec to 30s.
    This allows more time for unattended-upgrades to shut down gracefully
    or even install a few packages in InstallOnShutdown mode, but is still a
    big step back from the 30 minutes allowed for InstallOnShutdown previously.
    Users enabling InstallOnShutdown mode are advised to increase
    InhibitDelayMaxSec even further possibly to 30 minutes.
  * Cache polling result for PreparingForShutdown after it becomes true
  * debian/tests/test-systemd.py: Reboot system with dbus call to honor
    inhibitor locks
  * Add NEWS entry about increasing InhibitDelayMaxSec and InstallOnShutdown
    changes
  * Stop using ActionGroups, they interfere with apt.Cache.clear()
    causing all autoremovable packages to be handled as newly autoremovable ones
    and be removed by default. Dropping ActionGroup usage does not slow down the
    most frequent case of not having anything to upgrade and when ther are
    packages to upgrade the gain is small compared to the actual package
    installation.
    Also collect autoremovable packages before adjusting candidates because that
    also changed .is_auto_removable attribute of some of them. (LP: #1803749)
    (Closes: #910874)

 -- Balint Reczey <email address hidden> Mon, 26 Nov 2018 12:28:55 +0100

Changed in unattended-upgrades (Ubuntu Cosmic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for unattended-upgrades has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.1ubuntu1.18.04.7

---------------
unattended-upgrades (1.1ubuntu1.18.04.7) bionic; urgency=medium

  * Trigger unattended-upgrade-shutdown actions with PrepareForShutdown()
    Performing upgrades in service's ExecStop did not work when the upgrades
    involved restarting services because systemd blocked other stop/start
    actions making maintainer scripts time out and be killed leaving a broken
    system behind.
    Running unattended-upgrades.service before shutdown.target as a oneshot
    service made it run after unmounting filesystems and scheduling services
    properly on shutdown is a complex problem and adding more services to the
    mix make it even more fragile.
    The solution of monitoring PrepareForShutdown() signal from DBus
    allows Unattended Upgrade to run _before_ the jobs related to shutdown are
    queued thus package upgrades can safely restart services without
    risking causing deadlocks or breaking part of the shutdown actions.
    Also ask running unattended-upgrades to stop when shutdown starts even in
    InstallOnShutdown mode and refactor most of unattended-upgrade-shutdown to
    UnattendedUpgradesShutdown class. (LP: #1778219)
  * Increase logind's InhibitDelayMaxSec to 30s. (LP: #1778219)
    This allows more time for unattended-upgrades to shut down gracefully
    or even install a few packages in InstallOnShutdown mode, but is still a
    big step back from the 30 minutes allowed for InstallOnShutdown previously.
    Users enabling InstallOnShutdown node are advised to increase
    InhibitDelayMaxSec even further possibly to 30 minutes.
    - Add NEWS entry about increasing InhibitDelayMaxSec and InstallOnShutdown
      changes
  * Ignore "W503 line break before binary operator"
    because it will become the best practice and breaks the build
  * Stop using ActionGroups, they interfere with apt.Cache.clear()
    causing all autoremovable packages to be handled as newly autoremovable
    ones and be removed by default. Dropping ActionGroup usage does not slow
    down the most frequent case of not having anything to upgrade and when
    there are packages to upgrade the gain is small compared to the actual
    package installation.
    Also collect autoremovable packages before adjusting candidates because that
    also changed .is_auto_removable attribute of some of them. (LP: #1803749)
    (Closes: #910874)

 -- Balint Reczey <email address hidden> Mon, 26 Nov 2018 13:37:47 +0100

Changed in unattended-upgrades (Ubuntu Bionic):
status: Fix Committed → Fix Released

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unattended-upgrades (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed verification-needed-xenial
removed: verification-done
Łukasz Zemczak (sil2100) wrote :

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers