I've hit the same bug and did some investigation. I profiled the
unattended-upgrade script with python's cProfile and attached the
result.
I've run:
sudo python3 -m cProfile -s time /usr/bin/unattended-upgrade -d -v
on Ubuntu 16.04.3 booted from live cd after uncommenting the
"${distro_id}:${distro_codename}-security"; line in
/etc/apt/apt.conf.d/50unattended-upgrades. Otherwise no packages are selected
for an upgrade and the issue doesn't reproduce.
It turns out that several functions in apt's cache are called millions of
times. I tracked it down to the quadratic nature of the algorithm, which
appears to come from the very initial version of the script:
https://github.com/mvo5/unattended-upgrades/blob/0ec001874ad48300199565f8591818ca75bc5f9f/unattended.py#L47
The check_changes_for_sanity() function loops over all packages in the
cache. This function is called for every package marked for upgrade.
The problem appears on systems with many packages to upgrade (in my case
it was 169). It makes the initial unattended-upgrades run ridiculously
slow. Also, on systems configured to only perform security updates, but
not other updates there's always a considerable list of packages to
upgrade. It renders unattended-upgrades almost unusable on such systems.
I think this is a serious issue and the algorithm should be overhauled.
Doing so many checks seems unnecessary.
** Attachment added: "unatended-upgrade-profile"
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1396787/+attachment/5028172/+files/unatended-upgrade-profile
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1396787
Title:
checking trust of archives eats a lot of cpu
Status in unattended-upgrades package in Ubuntu:
New
Bug description:
(System: Ubuntu 14.04, up to date packages)
I noticed that unattended-upgrades spends a significant amount of time
in phases where it runs at 100% cpu. On a slower machine (core 2 t7200
2GHz) this goes on for minutes rather than seconds. This interferes
with using the machine for other tasks.
Using the --debug option to unattended-upgrades shows that the program
outputs a lot of lines like the following during these 100% cpu
phases:
matching 'a'='trusty-updates' against '<Origin component:'universe'
archive:'trusty-updates' origin:'Ubuntu' label:'Ubuntu'
site:'de.archive.ubuntu.com' isTrusted:True>
From this output I guess the operation executed is not so complicated
that it should require so much cpu power. ??
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: unattended-upgrades 0.82.1ubuntu2
ProcVersionSignature: Ubuntu 3.13.0-40.69-generic 3.13.11.10
Uname: Linux 3.13.0-40-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.5
Architecture: amd64
Date: Wed Nov 26 21:53:57 2014
InstallationDate: Installed on 2014-08-28 (90 days ago)
InstallationMedia: Kubuntu 14.04 LTS "Trusty Tahr" - Release amd64
(20140416.1)
PackageArchitecture: all
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: unattended-upgrades
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1396787/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
