unattended-upgrades: Fall back to adjusting more packages' candidates when a package from an allowed origin can't be marked to install/upgrade

Bug #1821101 reported by Balint Reczey on 2019-03-20
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unattended-upgrades (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned

Bug Description

[Impact]

 * Without the introduced fallbacks u-u could not upgrade particular package sets from -security. It could be observed in Cosmic with systemd security updates failing to install in:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-disco/disco/amd64/u/unattended-upgrades/20190318_182031_fe4fe@/log.gz

[Test Case]

 * The fix includes the extension of the build-time test cases to cover package sets with which u-u fails with without the fallback:

Running ./test_rewind.py with python3
DEBUG:root:APT::VersionedKernelPackages is not set
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:falling back to marking test2-package, then adjusting changes
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:falling back to marking test3-package, then adjusting changes
WARNING:root:package test3-package upgradable but fails to be marked for upgrade (E:Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.)
DEBUG:root:falling back to adjusting all packages
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-old-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-package=2.0
WARNING:root:package z-package upgradable but fails to be marked for upgrade ()
.
----------------------------------------------------------------------
Ran 1 test in 0.039s

OK

[Regression Potential]

* When failing to mark a package to upgrade/install from the allowed origin holding the highest version the first fallback resets all already adjusted candidates to the highest available version irrespective to the origin of this version being allowed or not. This itself is not a risky operation and sanity checks later ensure that no package would be installed from not allowed origins but it can trigger code paths in apt that were not tried before and may crash.
* In testing apt's resolver failed to find a solution for upgrading packages with the first fallback raising an error, but the second fallback handles the error and tries adjusting _all_ potentially upgradable/installable package at the expense of using much more CPU time. This second fallback is not expected to be reached often (it is not reached in autopkgtests either) and adjusting all of those packages matches an earlier behavior of u-u, thus the slow-down may not be considered a regression.

[Other Info]
* If the second fallback is found to be reached often a different fallback can be introduced before the first one, to adjust all packages from the same source package then try again:
See: https://github.com/mvo5/unattended-upgrades/pull/175#discussion_r268226796

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.10ubuntu2

---------------
unattended-upgrades (1.10ubuntu2) disco; urgency=medium

  * Compare apt.package.Version objects and not the versions' string
    representation. (LP: #1820888)
    This prevented adjusting candidates when the strings sorted differently.
    Also extend tests to catch issue.
  * Fall back to adjusting more packages' candidates
    when a package from an allowed origin can't be marked to install/upgrade.
    (LP: #1821101)
  * Skip sending email when no package had to be installed, upgraded or removed
    (LP: #1821103) (Closes: #924554)

 -- Balint Reczey <email address hidden> Fri, 22 Mar 2019 20:42:08 +0100

Changed in unattended-upgrades (Ubuntu):
status: New → Fix Released
Balint Reczey (rbalint) on 2019-03-25
description: updated
Brian Murray (brian-murray) wrote :

Regarding "This second fallback is not expected to be reached often" - is there any logging of this fallback being reached done? It'd probably be useful to log that it is happening so we either end up getting the information in crash and bug reports. This isn't necessary for the SRU but is something to consider for the development release.

Changed in unattended-upgrades (Ubuntu Cosmic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-cosmic

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.5ubuntu3.18.10.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Brian Murray (brian-murray) wrote :

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unattended-upgrades (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed-bionic
Balint Reczey (rbalint) wrote :

Tested with 1.1ubuntu1.18.04.10 on Cosmic:

https://launchpadlibrarian.net/416582722/buildlog_ubuntu-bionic-amd64.unattended-upgrades_1.1ubuntu1.18.04.10_BUILDING.txt.gz :
...
Running ./test_rewind.py with python3
DEBUG:root:APT::VersionedKernelPackages is not set
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:falling back to marking test2-package, then adjusting changes
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:falling back to marking test3-package, then adjusting changes
WARNING:root:package test3-package upgradable but fails to be marked for upgrade (E:Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.)
DEBUG:root:falling back to adjusting all packages
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-old-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-package=2.0
WARNING:root:package z-package upgradable but fails to be marked for upgrade ()
.
----------------------------------------------------------------------
Ran 1 test in 0.051s

OK

Balint Reczey (rbalint) wrote :

It was Bionic ^.

Balint Reczey (rbalint) wrote :

Tested with 1.5ubuntu3.18.10.3 on Cosmic:

https://launchpadlibrarian.net/416582074/buildlog_ubuntu-cosmic-amd64.unattended-upgrades_1.5ubuntu3.18.10.3_BUILDING.txt.gz :
...
OK
Running ./test_rewind.py with python3
DEBUG:root:APT::VersionedKernelPackages is not set
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:falling back to marking test2-package, then adjusting changes
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:falling back to marking test3-package, then adjusting changes
WARNING:root:package test3-package upgradable but fails to be marked for upgrade (E:Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.)
DEBUG:root:falling back to adjusting all packages
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-old-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-package=2.0
WARNING:root:package z-package upgradable but fails to be marked for upgrade ()
.
----------------------------------------------------------------------
Ran 1 test in 0.025s

OK
...

tags: added: verification-done verification-done-bionic verification-done-cosmic
removed: verification-needed verification-needed-bionic verification-needed-cosmic
Changed in unattended-upgrades (Ubuntu Xenial):
status: New → In Progress
status: In Progress → Fix Committed
status: Fix Committed → In Progress

The verification of the Stable Release Update for unattended-upgrades has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.5ubuntu3.18.10.3

---------------
unattended-upgrades (1.5ubuntu3.18.10.3) cosmic; urgency=medium

  * Compare apt.package.Version objects and not the versions' string
    representation. (LP: #1820888)
    This prevented adjusting candidates when the strings sorted differently.
    Also extend tests to catch issue.
  * Fall back to adjusting more packages' candidates
    when a package from an allowed origin can't be marked to install/upgrade.
    (LP: #1821101)

 -- Balint Reczey <email address hidden> Mon, 25 Mar 2019 17:10:19 +0100

Changed in unattended-upgrades (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.1ubuntu1.18.04.10

---------------
unattended-upgrades (1.1ubuntu1.18.04.10) bionic; urgency=medium

  * do_auto_remove() is successful unless a commit() operation fails
    (LP: #1795696)
  * Compare apt.package.Version objects and not the versions' string
    representation. (LP: #1820888)
    This prevented adjusting candidates when the strings sorted differently.
    Also extend tests to catch issue.
  * Fall back to adjusting more packages' candidates
    when a package from an allowed origin can't be marked to install/upgrade.
    (LP: #1821101)

 -- Balint Reczey <email address hidden> Mon, 25 Mar 2019 18:17:56 +0100

Changed in unattended-upgrades (Ubuntu Bionic):
status: Fix Committed → Fix Released
Balint Reczey (rbalint) wrote :

@bdmurray The second fallback when debug is on, but the apt error is shown as a warning even when debug mode is not enabled:
...
WARNING:root:package test3-package upgradable but fails to be marked for upgrade (E:Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.)
....
IMO this is enough for the collected logs and in the development branch i would like to retire the adjustment logic and rely on internal pinning to make apt resolver do the right thing without fallbacks in u-u.

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unattended-upgrades (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-xenial
removed: verification-done
Balint Reczey (rbalint) wrote :
Download full text (4.0 KiB)

Verified 1.1ubuntu1.18.04.7~16.04.3 on Xenial:

https://launchpadlibrarian.net/421614532/buildlog_ubuntu-xenial-amd64.unattended-upgrades_1.1ubuntu1.18.04.7~16.04.3_BUILDING.txt.gz

Running ./test_rewind.py with python3
DEBUG:root:APT::VersionedKernelPackages is not set
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:falling back to adjusting test2-package's dependencies recursively
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:falling back to adjusting test3-package's dependencies recursively
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-old-package-dependency=2.0
DEBUG:root:pkg forbidden-dependency not in allowed origin
DEBUG:root:sanity check failed for: {'z-package=1.0', 'test3-old-package-dependency=2.0', 'test3-package=2.0', 'forbidden-dependency=2.0'}
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:falling back to adjusting test-package's dependencies recursively
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-old-package-dependency=2.0
DEBUG:root:falling back to adjusting test2-package's dependencies recursively
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-old-package-dependency=2.0
DEBUG:root:falling back to adjusting test3-package's dependencies recursively
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-old-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:falling back to adjusting test-package's dependencies recursively
DEBUG:root:adjusting candidate version: test3-package=2.0
DEBUG:root:adjusting candidate version: test-package=2.0
DEBUG:root:adjusting candidate version: test2-package=2.0
DEBUG:root:adjusting candidate version: test2-package-dependency=2.0
DEBUG:root:adjusting candidate version: test3-old-package-dep...

Read more...

tags: added: verification-done verification-done-xenial
removed: verification-needed verification-needed-xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.1ubuntu1.18.04.7~16.04.3

---------------
unattended-upgrades (1.1ubuntu1.18.04.7~16.04.3) xenial; urgency=medium

  * Detect changes to moved conffiles (LP: #1823872)
    - Add tests for checking conffile moves.
      Build depend on and use equivs to generate new test packages
    - Split() conffile data to set of names only once
    - Don't parse dpkg conffile db when there are no conffiles in the package
  * Detect unchanged moved conffiles.
    When a package moves a conffile properly without any change no conffile
    prompt needs to be shown thus the package can be upgraded unattended.
    (LP: #1823872)
  * Skip sending email when no package had to be installed, upgraded or removed
    (LP: #1821103) (Closes: #924554)
  * Make sure autoremovals don't start with a dirty cache and remove other
    packages (LP: #1824341)
  * Continue applying minimal sets when one set can't be marked for upgrade.
    Thanks to Anderson Luiz Alves for the patch, it needed minor modifications
    (LP: #1824341)
  * Stop raising NoAllowedOriginError when marking packages to upgrade/install
    fails (LP: #1824876)
  * Adjust only transitive dependencies in the fallback when a package from an
    allowed origin can't be marked to install/upgrade.
    This is a much lighter approach than marking every upgradable package
    because the full fallback was triggered on packages held back as well,
    using an excessive amount of CPU time.
    Also it crashed with packages not having any version in allowed origins.
    (LP: #1824804, #1824949)
  * Skip trying to upgrade held packages in call_adjusted() (LP: #1824804)
  * Follow all kinds of transitive dependencies when adjusting dependencies
  * Don't crash collecting transitive dependencies when package has no candidate
    (LP: #1825886)
  * Use mark_install_adjusted() in rewind_cache()
    The original cache had packages marked with adjustments thus rewinding
    should also do adjustments to reach the same state.
    Also not using mark_install_adjusted() crashes when apt raises error on
    held packages. (LP: #1826157)
    - test_rewind: Update test to check if adjustend rewinding took place
  * do_auto_remove() is successful unless a commit() operation fails
    (LP: #1795696)
  * Compare apt.package.Version objects and not the versions' string
    representation. (LP: #1820888)
    This prevented adjusting candidates when the strings sorted differently.
    Also extend tests to catch issue.
  * Fall back to adjusting more packages' candidates
    when a package from an allowed origin can't be marked to install/upgrade.
    (LP: #1821101)

 -- Balint Reczey <email address hidden> Mon, 29 Apr 2019 12:23:14 +0200

Changed in unattended-upgrades (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers