May remove autoremovable non-kernel packages matching pattern from APT::VersionedKernelPackages

Bug #1815494 reported by Balint Reczey on 2019-02-11
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unattended-upgrades (Ubuntu)
High
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned
update-manager (Ubuntu)
High
Unassigned

Bug Description

[Impact]

* Non-kernel related autoremovable packages may be removed by unattended-upgrades due to their name matching generic patterns like '.*-modules' which should be applied to versioned kernel packages only.
* The fix corrects the way those patterns are handled.

[Test Case]

* test/test_remove_unused.py checks for correct pattern usage now.

[Regression Potential]

* Unattended-upgrades may stop removing autoremovable kernels, but the tests also contain cases covering this and u-u's kernel autoremoval still works.

[Original Bug Text]

Unattended-upgrades and Update Manager use the patterns from the APT::VersionedKernelPackages list directly for finding kernel packages to remove while APT uses patterns by attaching version and flavor to them.

As a result in APT's script ".*-modules" becomes "^.*-modules-4\.15\.0-45-generic$":

...
        for package in $(apt-config dump --no-empty --format '%v%n' 'APT::VersionedKernelPackages'); do
                for kernel in $kernels; do
                        echo " \"^${package}-${kernel}$\";"
  done
...

In unattended-upgrades and update-manager ".*-modules" is used directly for matching and may false identify autoremovable packages as kernel-related ones and remove them (of just offer the removal in case of update-manager):

...
Removing unused kernel packages: extra-cmake-modules
marking extra-cmake-modules for removal
(Reading database ... 31149 files and directories currently installed.)
Removing extra-cmake-modules (5.44.0-0ubuntu1) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Packages that were successfully auto-removed: extra-cmake-modules
...

Balint Reczey (rbalint) on 2019-02-11
Changed in unattended-upgrades (Ubuntu):
importance: Undecided → High
summary: - May remove non-kernel packages matching patttern from
+ May remove autoremovable non-kernel packages matching pattern from
APT::VersionedKernelPackages
Changed in update-manager (Ubuntu):
importance: Undecided → High
Balint Reczey (rbalint) on 2019-02-11
Changed in unattended-upgrades (Ubuntu):
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.10ubuntu1

---------------
unattended-upgrades (1.10ubuntu1) disco; urgency=medium

  * Use defaults in unattended-upgrades.service when the APT configuration is
    broken. (LP: #1815189)
  * test/test_blacklisted_wrong_origin.py: Fix and enable test
  * Clear cache when autoremoval fails (LP: #1779157)
  * Find autoremovable kernel packages using the patterns in APT's way
    (LP: #1815494)
  * debian/rules: clean frontend locks left by tests before building source

 -- Balint Reczey <email address hidden> Mon, 18 Feb 2019 17:26:05 +0100

Changed in unattended-upgrades (Ubuntu):
status: In Progress → Fix Released

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.5ubuntu3.18.10.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unattended-upgrades (Ubuntu Cosmic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Balint Reczey (rbalint) on 2019-02-21
description: updated
Łukasz Zemczak (sil2100) wrote :

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unattended-upgrades (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed-bionic
Balint Reczey (rbalint) wrote :
Download full text (4.8 KiB)

Verified on unattended-upgrades/1.5ubuntu3.18.10.2 for Cosmic:

https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-cosmic/cosmic/amd64/u/unattended-upgrades/20190221_173137_1ecf7@/log.gz :
...
Running ./test_remove_unused.py with python3
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=lucid-security
APT::VersionedKernelPackages is not set
Checking: test-package ([<Origin component:'main' archive:'lucid-security' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
pkgs that look like they should be upgraded: test-package

Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 624 DestFile:'/tmp/autopkgtest.5oXOHy/build.r1N/src/test/root.unused-deps/var/cache/apt/archives/test-package_2.0_all.deb' DescURI: 'http://archive.ubuntu.com/ubuntu/test-package_2.0_all.deb' ID:0 ErrorText: ''>
check_conffile_prompt(/tmp/autopkgtest.5oXOHy/build.r1N/src/test/root.unused-deps/var/cache/apt/archives/test-package_2.0_all.deb)
found pkg: test-package
blacklist: []
whitelist: []
Packages that will be upgraded: test-package
Writing dpkg log to ./root.unused-deps/var/log/unattended-upgrades/unattended-upgrades-dpkg.log
applying set ['test-package']
left to upgrade set()
All upgrades installed
marking linux-image-4.05.0-1021-kvm for removal
marking old-unused-dependency for removal
marking any-old-unused-modules for removal
marking test-package-dependency for removal
Packages that were successfully auto-removed: any-old-unused-modules linux-image-4.05.0-1021-kvm old-unused-dependency test-package-dependency
Packages that are kept back:
InstCount=0 DelCount=0 BrokenCount=0
...
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=lucid-security
Using (^linux-image-[0-9]+\.[0-9\.]+-.*|^.*-modules-[0-9]+\.[0-9\.]+-.*|^linux-headers-[0-9]+\.[0-9\.]+-.*) regexp to find kernel packages
Using (^linux-image-4\.18\.0\-15\-generic$|^.*-modules-4\.18\.0\-15\-generic$|^linux-headers-4\.18\.0\-15\-generic$) regexp to find running kernel packages
Checking: test-package ([<Origin component:'main' archive:'lucid-security' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
pkgs that look like they should be upgraded: test-package

Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 624 DestFile:'/tmp/autopkgtest.5oXOHy/build.r1N/src/test/root.unused-deps/var/cache/apt/archives/test-package_2.0_all.deb' DescURI: 'http://archive.ubuntu.com/ubuntu/test-package_2.0_all.deb' ID:0 ErrorText: ''>
check_conffile_prompt(/tmp/autopkgtest.5oXOHy/build.r1N/src/test/root.unused-deps/var/cache/apt/archives/test-package_2.0_all.deb)
found pkg: test-package
blacklist: []
whitelist: []
Removing unused kernel packages: linux-image-4.05.0-1021-kvm
marking linux-image-4.05.0-1021-kvm for ...

Read more...

tags: added: verification-done-cosmic
removed: verification-needed-cosmic
Balint Reczey (rbalint) wrote :
Download full text (5.7 KiB)

Verified with unattended-upgrades/1.1ubuntu1.18.04.9 on Bionic:

https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/amd64/u/unattended-upgrades/20190221_190835_4cafb@/log.gz :

...

Running ./test_remove_unused.py with python3
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=lucid-security
APT::VersionedKernelPackages is not set
Checking: test-package ([<Origin component:'main' archive:'lucid-security' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
pkgs that look like they should be upgraded: test-package

Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 624 DestFile:'/tmp/autopkgtest.SPDe54/build.D9P/src/test/root.unused-deps/var/cache/apt/archives/test-package_2.0_all.deb' DescURI: 'http://archive.ubuntu.com/ubuntu/test-package_2.0_all.deb' ID:0 ErrorText: ''>
check_conffile_prompt(/tmp/autopkgtest.SPDe54/build.D9P/src/test/root.unused-deps/var/cache/apt/archives/test-package_2.0_all.deb)
found pkg: test-package
blacklist: []
whitelist: []
Packages that will be upgraded: test-package
Writing dpkg log to ./root.unused-deps/var/log/unattended-upgrades/unattended-upgrades-dpkg.log
applying set ['test-package']
left to upgrade set()
All upgrades installed
marking old-unused-dependency for removal
marking test-package-dependency for removal
marking linux-image-4.05.0-1021-kvm for removal
marking any-old-unused-modules for removal
Packages that were successfully auto-removed: any-old-unused-modules linux-image-4.05.0-1021-kvm old-unused-dependency test-package-dependency
Packages that are kept back:
InstCount=0 DelCount=0 BrokenCount=0
Extracting content from ./root.unused-deps/var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2019-02-21 18:01:34
/tmp/autopkgtest.SPDe54/build.D9P/src/test/unattended_upgrade.py:1129: ResourceWarning: unclosed file <_io.TextIOWrapper name=13 mode='w' encoding='UTF-8'>
  options.verbose or options.debug)
/tmp/autopkgtest.SPDe54/build.D9P/src/test/unattended_upgrade.py:1129: ResourceWarning: unclosed file <_io.TextIOWrapper name=12 mode='r' encoding='UTF-8'>
  options.verbose or options.debug)
/tmp/autopkgtest.SPDe54/build.D9P/src/test/unattended_upgrade.py:1474: ResourceWarning: unclosed file <_io.TextIOWrapper name=10 mode='w' encoding='UTF-8'>
  res, error = cache_commit(cache, logfile_dpkg, verbose)
/tmp/autopkgtest.SPDe54/build.D9P/src/test/unattended_upgrade.py:1474: ResourceWarning: unclosed file <_io.TextIOWrapper name=9 mode='r' encoding='UTF-8'>
  res, error = cache_commit(cache, logfile_dpkg, verbose)
.Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=lucid-security
Using (^linux-image-[0-9]+\.[0-9\.]+-.*|^.*-modules-[0-9]+\.[0-9\.]+-.*|^linux-headers-[0-9]+\.[0-9\.]+-.*) regexp to find kernel packages
Using (^linux-image-4\.15\.0\-45\-generic$|^.*-modules-4\.15\.0\-45\-generic$|^linux-headers-4\.15\.0\-45\-ge...

Read more...

tags: added: verification-done-bionic
removed: verification-needed-bionic
Łukasz Zemczak (sil2100) wrote :

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unattended-upgrades (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed-xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.5ubuntu3.18.10.2

---------------
unattended-upgrades (1.5ubuntu3.18.10.2) cosmic; urgency=medium

  * Clear cache when autoremoval fails (LP: #1779157)
  * Find autoremovable kernel packages using the patterns in APT's way
    (LP: #1815494)
  * Filter out progress indicator from dpkg log (LP: #1599646)

 -- Balint Reczey <email address hidden> Thu, 21 Feb 2019 15:10:13 +0100

Changed in unattended-upgrades (Ubuntu Cosmic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for unattended-upgrades has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.1ubuntu1.18.04.9

---------------
unattended-upgrades (1.1ubuntu1.18.04.9) bionic; urgency=medium

  * debian/changlog: Drop extra trailer after old entry
  * Don't check blacklist too early and report updates from not allowed origins
    as kept back. (LP: #1781176)
  * test/test_blacklisted_wrong_origin.py: Fix and enable test
  * Clear cache when autoremoval fails (LP: #1779157)
  * Find autoremovable kernel packages using the patterns in APT's way
    (LP: #1815494)

 -- Balint Reczey <email address hidden> Thu, 21 Feb 2019 14:58:38 +0100

Changed in unattended-upgrades (Ubuntu Bionic):
status: Fix Committed → Fix Released
Balint Reczey (rbalint) wrote :
Download full text (5.7 KiB)

Verified with unattended-upgrades/1.1ubuntu1.18.04.7~16.04.2 on Xenial:

https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-xenial/xenial/amd64/u/unattended-upgrades/20190228_150449_11313@/log.gz :

Running ./test_remove_unused.py with python3
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=lucid-security
APT::VersionedKernelPackages is not set
Checking: test-package ([<Origin component:'main' archive:'lucid-security' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
pkgs that look like they should be upgraded: test-package

Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1 FileSize: 624 DestFile:'/tmp/autopkgtest.nX7fyI/build.uPt/src/test/root.unused-deps/var/cache/apt/archives/test-package_2.0_all.deb' DescURI: 'http://archive.ubuntu.com/ubuntu/test-package_2.0_all.deb' ID:0 ErrorText: ''>
check_conffile_prompt(/tmp/autopkgtest.nX7fyI/build.uPt/src/test/root.unused-deps/var/cache/apt/archives/test-package_2.0_all.deb)
found pkg: test-package
blacklist: []
whitelist: []
Packages that will be upgraded: test-package
Writing dpkg log to ./root.unused-deps/var/log/unattended-upgrades/unattended-upgrades-dpkg.log
applying set ['test-package']
left to upgrade set()
All upgrades installed
marking linux-image-4.05.0-1021-kvm for removal
marking test-package-dependency for removal
marking old-unused-dependency for removal
marking any-old-unused-modules for removal
Packages that were successfully auto-removed: any-old-unused-modules linux-image-4.05.0-1021-kvm old-unused-dependency test-package-dependency
Packages that are kept back:
InstCount=0 DelCount=0 BrokenCount=0
Extracting content from ./root.unused-deps/var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2019-02-28 14:26:03
/tmp/autopkgtest.nX7fyI/build.uPt/src/test/unattended_upgrade.py:1129: ResourceWarning: unclosed file <_io.TextIOWrapper name=13 mode='w' encoding='UTF-8'>
  options.verbose or options.debug)
/tmp/autopkgtest.nX7fyI/build.uPt/src/test/unattended_upgrade.py:1129: ResourceWarning: unclosed file <_io.TextIOWrapper name=12 mode='r' encoding='UTF-8'>
  options.verbose or options.debug)
/tmp/autopkgtest.nX7fyI/build.uPt/src/test/unattended_upgrade.py:1474: ResourceWarning: unclosed file <_io.TextIOWrapper name=13 mode='w' encoding='UTF-8'>
  res, error = cache_commit(cache, logfile_dpkg, verbose)
/tmp/autopkgtest.nX7fyI/build.uPt/src/test/unattended_upgrade.py:1474: ResourceWarning: unclosed file <_io.TextIOWrapper name=12 mode='r' encoding='UTF-8'>
  res, error = cache_commit(cache, logfile_dpkg, verbose)
.Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=lucid-security
Using (^linux-image-[0-9]+\.[0-9\.]+-.*|^.*-modules-[0-9]+\.[0-9\.]+-.*|^linux-headers-[0-9]+\.[0-9\.]+-.*) regexp to find kernel packages
Using (^linux-image-4\.4\.0\-142\-generic$|^.*-modules-4\.4\.0\-142\-generic$|^linux-headers-4\.4\.0\-142...

Read more...

tags: added: verification-done verification-done-xenial
removed: verification-needed verification-needed-xenial
Launchpad Janitor (janitor) wrote :
Download full text (33.9 KiB)

This bug was fixed in the package unattended-upgrades - 1.1ubuntu1.18.04.7~16.04.2

---------------
unattended-upgrades (1.1ubuntu1.18.04.7~16.04.2) xenial; urgency=medium

  * Don't check blacklist too early and report updates from not allowed origins
    as kept back. (LP: #1781176)
  * test/test_blacklisted_wrong_origin.py: Fix and enable test
  * Filter out progress indicator from dpkg log (LP: #1599646)
  * Clear cache when autoremoval fails (LP: #1779157)
  * Find autoremovable kernel packages using the patterns in APT's way
    (LP: #1815494)

unattended-upgrades (1.1ubuntu1.18.04.7~16.04.1) xenial; urgency=medium

  * Start service after systemd-logind.service to be able to take inhibition
    lock (LP: #1806487)
  * Handle gracefully when logind is down (LP: #1806487)

unattended-upgrades (1.1ubuntu1.18.04.7~16.04.0) xenial; urgency=medium

  * Backport to Xenial (LP: #1702793)
  * Revert to build-depending on debhelper (>= 9~) and dh-systemd
  * Revert configuration example changes to avoid triggering a debconf question
  * debian/postinst: Update recovery to be triggered on Xenial's package versions

unattended-upgrades (1.1ubuntu1.18.04.7) bionic; urgency=medium

  * Trigger unattended-upgrade-shutdown actions with PrepareForShutdown()
    Performing upgrades in service's ExecStop did not work when the upgrades
    involved restarting services because systemd blocked other stop/start
    actions making maintainer scripts time out and be killed leaving a broken
    system behind.
    Running unattended-upgrades.service before shutdown.target as a oneshot
    service made it run after unmounting filesystems and scheduling services
    properly on shutdown is a complex problem and adding more services to the
    mix make it even more fragile.
    The solution of monitoring PrepareForShutdown() signal from DBus
    allows Unattended Upgrade to run _before_ the jobs related to shutdown are
    queued thus package upgrades can safely restart services without
    risking causing deadlocks or breaking part of the shutdown actions.
    Also ask running unattended-upgrades to stop when shutdown starts even in
    InstallOnShutdown mode and refactor most of unattended-upgrade-shutdown to
    UnattendedUpgradesShutdown class. (LP: #1778219)
  * Increase logind's InhibitDelayMaxSec to 30s. (LP: #1778219)
    This allows more time for unattended-upgrades to shut down gracefully
    or even install a few packages in InstallOnShutdown mode, but is still a
    big step back from the 30 minutes allowed for InstallOnShutdown previously.
    Users enabling InstallOnShutdown node are advised to increase
    InhibitDelayMaxSec even further possibly to 30 minutes.
    - Add NEWS entry about increasing InhibitDelayMaxSec and InstallOnShutdown
      changes
  * Ignore "W503 line break before binary operator"
    because it will become the best practice and breaks the build
  * Stop using ActionGroups, they interfere with apt.Cache.clear()
    causing all autoremovable packages to be handled as newly autoremovable
    ones and be removed by default. Dropping ActionGroup usage does not slow
    down the most frequent case of not having anything to upgrade a...

Changed in unattended-upgrades (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers