unattended-upgrades may hold back upgrades due to comparing package versions by their string representation

Bug #1820888 reported by Balint Reczey on 2019-03-19
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unattended-upgrades (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned

Bug Description

[Impact]

 * Without the fix u-u could not upgrade particular packages from -security. It could be observed in Cosmic with systemd security updates failing to install partly due to 239-7ubuntu10.10 being smaller than 239-7ubuntu10.8 when comparing them as strings:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-disco/disco/amd64/u/unattended-upgrades/20190318_182031_fe4fe@/log.gz

[Test Case]

 * The fix includes the extension of the build-time test cases to cover package sets with which u-u fails with without the fallback:

...
Running ./test_rewind.py with python3
DEBUG:root:APT::VersionedKernelPackages is not set
DEBUG:root:adjusting candidate version: test-package=2.0
...

With the unfixed version the test case fails here because u-u tries to upgrade test-package to version 12.0 because it does not find version 2.0 smaller.

[Regression Potential]

* The change is very small and isolated, but fixing it revealed the issue fixed in LP: #1821101. Since the found issue's fix introduces fallbacks when apt's resolver can't find a the solution it is unlikely that other failures are triggered by the fix.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.10ubuntu2

---------------
unattended-upgrades (1.10ubuntu2) disco; urgency=medium

  * Compare apt.package.Version objects and not the versions' string
    representation. (LP: #1820888)
    This prevented adjusting candidates when the strings sorted differently.
    Also extend tests to catch issue.
  * Fall back to adjusting more packages' candidates
    when a package from an allowed origin can't be marked to install/upgrade.
    (LP: #1821101)
  * Skip sending email when no package had to be installed, upgraded or removed
    (LP: #1821103) (Closes: #924554)

 -- Balint Reczey <email address hidden> Fri, 22 Mar 2019 20:42:08 +0100

Changed in unattended-upgrades (Ubuntu):
status: New → Fix Released
Balint Reczey (rbalint) on 2019-03-25
description: updated

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.5ubuntu3.18.10.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unattended-upgrades (Ubuntu Cosmic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Brian Murray (brian-murray) wrote :

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unattended-upgrades (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed-bionic
Balint Reczey (rbalint) wrote :

Tested with 1.1ubuntu1.18.04.10 on Bionic:

https://launchpadlibrarian.net/416582722/buildlog_ubuntu-bionic-amd64.unattended-upgrades_1.1ubuntu1.18.04.10_BUILDING.txt.gz :
...
Running ./test_rewind.py with python3
DEBUG:root:APT::VersionedKernelPackages is not set
DEBUG:root:adjusting candidate version: test-package=2.0
...
----------------------------------------------------------------------
Ran 1 test in 0.051s

OK
...

Balint Reczey (rbalint) wrote :

Tested with 1.5ubuntu3.18.10.3 on Cosmic:

https://launchpadlibrarian.net/416582074/buildlog_ubuntu-cosmic-amd64.unattended-upgrades_1.5ubuntu3.18.10.3_BUILDING.txt.gz :
...
OK
Running ./test_rewind.py with python3
DEBUG:root:APT::VersionedKernelPackages is not set
DEBUG:root:adjusting candidate version: test-package=2.0
...

OK
...

tags: added: verification-done verification-done-bionic verification-done-cosmic
removed: verification-needed verification-needed-bionic verification-needed-cosmic
Changed in unattended-upgrades (Ubuntu Xenial):
status: New → In Progress

The verification of the Stable Release Update for unattended-upgrades has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.5ubuntu3.18.10.3

---------------
unattended-upgrades (1.5ubuntu3.18.10.3) cosmic; urgency=medium

  * Compare apt.package.Version objects and not the versions' string
    representation. (LP: #1820888)
    This prevented adjusting candidates when the strings sorted differently.
    Also extend tests to catch issue.
  * Fall back to adjusting more packages' candidates
    when a package from an allowed origin can't be marked to install/upgrade.
    (LP: #1821101)

 -- Balint Reczey <email address hidden> Mon, 25 Mar 2019 17:10:19 +0100

Changed in unattended-upgrades (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.1ubuntu1.18.04.10

---------------
unattended-upgrades (1.1ubuntu1.18.04.10) bionic; urgency=medium

  * do_auto_remove() is successful unless a commit() operation fails
    (LP: #1795696)
  * Compare apt.package.Version objects and not the versions' string
    representation. (LP: #1820888)
    This prevented adjusting candidates when the strings sorted differently.
    Also extend tests to catch issue.
  * Fall back to adjusting more packages' candidates
    when a package from an allowed origin can't be marked to install/upgrade.
    (LP: #1821101)

 -- Balint Reczey <email address hidden> Mon, 25 Mar 2019 18:17:56 +0100

Changed in unattended-upgrades (Ubuntu Bionic):
status: Fix Committed → Fix Released

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unattended-upgrades (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-xenial
removed: verification-done
Balint Reczey (rbalint) wrote :
Download full text (4.0 KiB)

Verified 1.1ubuntu1.18.04.7~16.04.3 on Xenial:

https://launchpadlibrarian.net/421614532/buildlog_ubuntu-xenial-amd64.unattended-upgrades_1.1ubuntu1.18.04.7~16.04.3_BUILDING.txt.gz

Running ./test_rewind.py with python3
DEBUG:root:APT::VersionedKernelPackages is not set
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:falling back to adjusting test2-package's dependencies recursively
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:falling back to adjusting test3-package's dependencies recursively
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-old-package-dependency=2.0
DEBUG:root:pkg forbidden-dependency not in allowed origin
DEBUG:root:sanity check failed for: {'z-package=1.0', 'test3-old-package-dependency=2.0', 'test3-package=2.0', 'forbidden-dependency=2.0'}
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:falling back to adjusting test-package's dependencies recursively
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-old-package-dependency=2.0
DEBUG:root:falling back to adjusting test2-package's dependencies recursively
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-old-package-dependency=2.0
DEBUG:root:falling back to adjusting test3-package's dependencies recursively
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-old-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:falling back to adjusting test-package's dependencies recursively
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-old-package-d...

Read more...

tags: added: verification-done verification-done-xenial
removed: verification-needed verification-needed-xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.1ubuntu1.18.04.7~16.04.3

---------------
unattended-upgrades (1.1ubuntu1.18.04.7~16.04.3) xenial; urgency=medium

  * Detect changes to moved conffiles (LP: #1823872)
    - Add tests for checking conffile moves.
      Build depend on and use equivs to generate new test packages
    - Split() conffile data to set of names only once
    - Don't parse dpkg conffile db when there are no conffiles in the package
  * Detect unchanged moved conffiles.
    When a package moves a conffile properly without any change no conffile
    prompt needs to be shown thus the package can be upgraded unattended.
    (LP: #1823872)
  * Skip sending email when no package had to be installed, upgraded or removed
    (LP: #1821103) (Closes: #924554)
  * Make sure autoremovals don't start with a dirty cache and remove other
    packages (LP: #1824341)
  * Continue applying minimal sets when one set can't be marked for upgrade.
    Thanks to Anderson Luiz Alves for the patch, it needed minor modifications
    (LP: #1824341)
  * Stop raising NoAllowedOriginError when marking packages to upgrade/install
    fails (LP: #1824876)
  * Adjust only transitive dependencies in the fallback when a package from an
    allowed origin can't be marked to install/upgrade.
    This is a much lighter approach than marking every upgradable package
    because the full fallback was triggered on packages held back as well,
    using an excessive amount of CPU time.
    Also it crashed with packages not having any version in allowed origins.
    (LP: #1824804, #1824949)
  * Skip trying to upgrade held packages in call_adjusted() (LP: #1824804)
  * Follow all kinds of transitive dependencies when adjusting dependencies
  * Don't crash collecting transitive dependencies when package has no candidate
    (LP: #1825886)
  * Use mark_install_adjusted() in rewind_cache()
    The original cache had packages marked with adjustments thus rewinding
    should also do adjustments to reach the same state.
    Also not using mark_install_adjusted() crashes when apt raises error on
    held packages. (LP: #1826157)
    - test_rewind: Update test to check if adjustend rewinding took place
  * do_auto_remove() is successful unless a commit() operation fails
    (LP: #1795696)
  * Compare apt.package.Version objects and not the versions' string
    representation. (LP: #1820888)
    This prevented adjusting candidates when the strings sorted differently.
    Also extend tests to catch issue.
  * Fall back to adjusting more packages' candidates
    when a package from an allowed origin can't be marked to install/upgrade.
    (LP: #1821101)

 -- Balint Reczey <email address hidden> Mon, 29 Apr 2019 12:23:14 +0200

Changed in unattended-upgrades (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers