Verified 1.1ubuntu1.18.04.7~16.04.2 on Ubuntu Xenial.
I changed a different, but equivalent way of verifying the fix,
in
/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_xenial-updates_main_binary-amd64_Packages
I bumped the version of bash-doc to 4.3-14ubuntu1.3, bumped git's version in
updates to 1:2.7.4-0ubuntu1.7 and made git depend on bash-doc (>=
4.3-14ubuntu1) in both -updates and -security.
Bash-doc was not installed originally on the system.
With unfixed u-u it fails to upgrade git:
root@x-uu-ref:~# unattended-upgrade --dry-run --verbose --debug
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,a=xenial', 'o=Ubuntu,a=xenial-security',
'o=UbuntuESM,a=xenial']
Checking: git ([<Origin component:'main' archive:'xenial-updates'
origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
blacklist: []
whitelist: []
No packages found that can be upgraded unattended and no pending auto-removals
root@x-uu-ref:~# vi
/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_xenial-updates_main_binary-amd64_Packages
root@x-uu-ref:~# vi
/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_xenial-updates_main_binary-amd64_Packages
root@x-uu-ref:~# unattended-upgrade --dry-run --verbose --debug
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,a=xenial', 'o=Ubuntu,a=xenial-security',
'o=UbuntuESM,a=xenial']
adjusting candidate version: 'git=1:2.7.4-0ubuntu1.6'
Checking: git ([<Origin component:'main' archive:'xenial-security'
origin:'Ubuntu' label:'Ubuntu' site:'security.ubuntu.com' isTrusted:True>])
pkg 'bash-doc' not in allowed origin
sanity check failed
adjusting candidate version: 'git=1:2.7.4-0ubuntu1.6'
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
blacklist: []
whitelist: []
Option --dry-run given, *not* performing real actions
Packages that will be upgraded:
adjusting candidate version: 'git=1:2.7.4-0ubuntu1.6'
Packages that are auto removed: 'libfreetype6'
Packages were successfully auto-removed
InstCount=0 DelCount=0 BrokenCount=0
With fixed u-u, git is upgraded:
root@x-uu-verify:~# unattended-upgrade --dry-run --verbose --debug
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=xenial, o=Ubuntu,a=xenial-security,
o=UbuntuESM,a=xenial
Using
(^linux-image-[0-9]+\.[0-9\.]+-.*|^linux-headers-[0-9]+\.[0-9\.]+-.*|^linux-image-extra-[0-9]+\.[0-9\.]+-.*|^linux-modules-[0-9]+\.[0-9\.]+-.*|^linux-modules-extra-[0-9]+\.[0-9\.]+-.*|^linux-signed-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-headers-[0-9]+\.[0-9\.]+-.*|^gnumach-image-[0-9]+\.[0-9\.]+-.*|^.*-modules-[0-9]+\.[0-9\.]+-.*|^.*-kernel-[0-9]+\.[0-9\.]+-.*|^linux-backports-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-tools-[0-9]+\.[0-9\.]+-.*|^linux-cloud-tools-[0-9]+\.[0-9\.]+-.*)
regexp to find kernel packages
Using
(^linux-image-4\.18\.0\-17\-generic$|^linux-headers-4\.18\.0\-17\-generic$|^linux-image-extra-4\.18\.0\-17\-generic$|^linux-modules-4\.18\.0\-17\-generic$|^linux-modules-extra-4\.18\.0\-17\-generic$|^linux-signed-image-4\.18\.0\-17\-generic$|^kfreebsd-image-4\.18\.0\-17\-generic$|^kfreebsd-headers-4\.18\.0\-17\-generic$|^gnumach-image-4\.18\.0\-17\-generic$|^.*-modules-4\.18\.0\-17\-generic$|^.*-kernel-4\.18\.0\-17\-generic$|^linux-backports-modules-.*-4\.18\.0\-17\-generic$|^linux-modules-.*-4\.18\.0\-17\-generic$|^linux-tools-4\.18\.0\-17\-generic$|^linux-cloud-tools-4\.18\.0\-17\-generic$)
regexp to find running kernel packages
Checking: git ([<Origin component:'main' archive:'xenial-updates'
origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
adjusting candidate version: git=1:2.7.4-0ubuntu1.6
adjusting candidate version: bash-doc=4.3-14ubuntu1.2
pkgs that look like they should be upgraded: git
Get:1 http://security.ubuntu.com/ubuntu xenial-security/main amd64 bash-doc all
4.3-14ubuntu1.2 [1151 kB]
Fetched 1151 kB in 0s (0 B/s)
fetch.run() result: 0
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1
FileSize: 1150602
DestFile:'/var/cache/apt/archives/bash-doc_4.3-14ubuntu1.2_all.deb' DescURI:
'http://security.ubuntu.com/ubuntu/pool/main/b/bash/bash-doc_4.3-14ubuntu1.2_all.deb'
ID:1 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/bash-doc_4.3-14ubuntu1.2_all.deb)
No conffiles in deb /var/cache/apt/archives/bash-doc_4.3-14ubuntu1.2_all.deb
(There is no member named 'conffiles')
<apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 1 IsTrusted: 1
FileSize: 3175852
DestFile:'/var/cache/apt/archives/git_1%3a2.7.4-0ubuntu1.6_amd64.deb' DescURI:
'http://security.ubuntu.com/ubuntu/pool/main/g/git/git_2.7.4-0ubuntu1.6_amd64.deb'
ID:0 ErrorText: ''>
check_conffile_prompt(/var/cache/apt/archives/git_1%3a2.7.4-0ubuntu1.6_amd64.deb)
found pkg: git
conffile line: /etc/bash_completion.d/git-prompt -
blacklist: []
whitelist: []
Option --dry-run given, *not* performing real actions
Packages that will be upgraded: git
Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
adjusting candidate version: bash-doc=4.3-14ubuntu1.2
adjusting candidate version: git=1:2.7.4-0ubuntu1.6
applying set ['git', 'bash-doc']
/usr/bin/dpkg --status-fd 9 --unpack --auto-deconfigure
/var/cache/apt/archives/bash-doc_4.3-14ubuntu1.2_all.deb
/var/cache/apt/archives/git_1%3a2.7.4-0ubuntu1.6_amd64.deb
/usr/bin/dpkg --status-fd 11 --configure bash-doc:all git:amd64
/usr/bin/dpkg --status-fd 13 --configure --pending
left to upgrade set()
All upgrades installed
InstCount=0 DelCount=0 BrokenCount=0
** Tags removed: verification-needed verification-needed-xenial
** Tags added: verification-done verification-done-xenial
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1446552
Title:
Unattended upgrades handles new dependencies inconsistently
Status in unattended-upgrades package in Ubuntu:
Fix Released
Status in unattended-upgrades source package in Xenial:
Fix Committed
Bug description:
[Impact]
When an installed package adds a dependency that is not yet installed
on the system, this sometimes causes the package to not be installed,
depending on the origin containing the original candidate version.
I believe that the problem is in /usr/bin/unattended-upgrade, line
102. Here a check is performed to prevent downgrades. However, as a
side effect it also prevents adjusting the candidate version for
packages that have not yet been installed (because pkg.is_upgradable
is False for packages that have not been installed).
This makes updating private packages using unattended-upgrades
troublesome, especially when new dependencies have been added.
Currently it requires repackaging the dependencies with a slightly
higher version number than what is in the main repository, and then
hosting them on the private repository, which is time consuming and
error-prone. With the included patch, it is sufficient to just host
the same version on the private repository.
[Test Case]
- Create a testing package (doesn't have to really contain anything) that
just installs 1 file into /usr/share/testpackage/, and have it depend on some
packages.
- Put that package on a private repository (which is also configured for APT
and unattended-upgrades)
- Install the package using `apt-get install testingpackage`
- Update the package as follows: 1. Add a dependency which is not yet
installed on your machine (and is also not in the security-repository). Up the
version number, and add it to the private repository.
- Run `unattended-upgrade --debug --apt-debug 2>&1 | tee output.txt`.
- Verify the package was not updated (missing dependency).
- Host the dependency on your private APT server as well (1-1 copy).
- Run `unattended-upgrade --debug --apt-debug 2>&1 | tee output.txt`.
- Verify the package was not updated (missing dependency).
- Re-build the dependency with a higher version number, and add it to your
private APT repository.
- Run `unattended-upgrade --debug --apt-debug 2>&1 | tee output.txt`.
- Verify the package was now upgraded.
With the proposed patch, the upgrade would already succeed after
hosting the exact copy on the private APT repository.
[Regression Potential]
The changed code logic now allows adjusting candidates of packages
which are not upgradable and not installed. Since the changed check
was there to avoid downgrades the possible regression would be somehow
enabling downgrades accidentally. Adjusting _not_ installed packages
in itself would not cause downgrading installed packages thus the
change seems to be safe.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1446552/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
