This bug was fixed in the package unattended-upgrades -
1.1ubuntu1.18.04.11
---------------
unattended-upgrades (1.1ubuntu1.18.04.11) bionic; urgency=medium
* Detect changes to moved conffiles (LP: #1823872)
- Add tests for checking conffile moves.
Build depend on and use equivs to generate new test packages
- Split() conffile data to set of names only once
- Don't parse dpkg conffile db when there are no conffiles in the package
* Detect unchanged moved conffiles.
When a package moves a conffile properly without any change no conffile
prompt needs to be shown thus the package can be upgraded unattended.
(LP: #1823872)
* Skip sending email when no package had to be installed, upgraded or removed
(LP: #1821103) (Closes: #924554)
* Make sure autoremovals don't start with a dirty cache and remove other
packages (LP: #1824341)
* Continue applying minimal sets when one set can't be marked for upgrade.
Thanks to Anderson Luiz Alves for the patch, it needed minor modifications
(LP: #1824341)
* Stop raising NoAllowedOriginError when marking packages to upgrade/install
fails (LP: #1824876)
* Adjust only transitive dependencies in the fallback when a package from an
allowed origin can't be marked to install/upgrade.
This is a much lighter approach than marking every upgradable package
because the full fallback was triggered on packages held back as well,
using an excessive amount of CPU time.
Also it crashed with packages not having any version in allowed origins.
(LP: #1824804, #1824949)
* Skip trying to upgrade held packages in call_adjusted() (LP: #1824804)
* Follow all kinds of transitive dependencies when adjusting dependencies
* Don't crash collecting transitive dependencies when package has no candidate
(LP: #1825886)
* Use mark_install_adjusted() in rewind_cache()
The original cache had packages marked with adjustments thus rewinding
should also do adjustments to reach the same state.
Also not using mark_install_adjusted() crashes when apt raises error on
held packages. (LP: #1826157)
- test_rewind: Update test to check if adjustend rewinding took place
-- Balint Reczey <rbal...@ubuntu.com> Mon, 29 Apr 2019 12:13:14 +0200
** Changed in: unattended-upgrades (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1823872
Title:
Fixing fsfreeze-hook can break unattended upgrades
Status in unattended-upgrades package in Ubuntu:
Fix Released
Status in unattended-upgrades source package in Trusty:
Confirmed
Status in unattended-upgrades source package in Xenial:
Fix Released
Status in unattended-upgrades source package in Bionic:
Fix Released
Status in unattended-upgrades source package in Cosmic:
Fix Released
Status in unattended-upgrades source package in Disco:
Fix Released
Bug description:
[Impact]
* If an update has a new conffile at a path that in a former version was
a directory like
old: /a/b/c
new: a/b
Here b is the new file name and was a directory in the old version.
Then unattended upgrades breaks on installing such a package.
* a recent qemu update has such a case and due to that triggered the
issue in >=Bionic
* The fix is to harden unattended upgrades to be able to handle the case
without aborting.
[Test Case]
Get a qemu guest e.g. of Bionic before the update to 1:2.11+dfsg-1ubuntu7.12
That can be done with:
$ time uvt-simplestreams-libvirt --verbose sync --source
http://cloud-images.ubuntu.com/daily arch=amd64 label=daily release=bionic
$ uvt-kvm create --password ubuntu bionic-testuu arch=amd64 release=bionic
label=daily
Log in and apt update & upgrade all packages, then Install the release level
qemu in there.
$ uvt-kvm ssh bionic-testuu
$ sudo apt update
$ sudo apt dist-upgrade
$ sudo apt install unattended-upgrades
$ sudo apt install qemu-guest-agent=1:2.11+dfsg-1ubuntu7
All before was preparation, now force the unattended upgrade to trigger the
bug.
$ sudo unattended-upgrade -d
With the bug you'll find some error like:
found pkg: qemu-guest-agent
conffile line: /etc/init.d/qemu-guest-agent f61a64ac1e48993023018fd1cff85191
current md5: f61a64ac1e48993023018fd1cff85191
conffile line: /etc/qemu/fsfreeze-hook/fsfreeze-hook
15f6ff42cbc5550a07ee21c2a471d905
/etc/qemu/fsfreeze-hook/fsfreeze-hook not in package conffiles
/etc/init.d/qemu-guest-agent
/etc/qemu/fsfreeze-hook
found conffile /etc/qemu/fsfreeze-hook in new pkg but on dpkg status
Traceback (most recent call last):
File "/usr/bin/unattended-upgrade", line 2057, in <module>
sys.exit(main(options))
File "/usr/bin/unattended-upgrade", line 1773, in main
if conffile_prompt(item.destfile):
File "/usr/bin/unattended-upgrade", line 988, in conffile_prompt
with open(prefix + conf_file, 'rb') as fp:
IsADirectoryError: [Errno 21] Is a directory: '/etc/qemu/fsfreeze-hook'
[Regression Potential]
* The fix is trying to detect moved conffiles by looking for /etc/foo/foo
when the new package ships /etc/foo and /etc/foo is not a known conffile and
also checking the renames in the opposite direction.
The potential regression is breaking the logic for detecting changed
conffiles and either holding back a package for no reason or trying to install
a package with a modified conffile on the system and aborting the upgrade in
the middle due to the appearing conffile prompt. To avoid such regressions the
test_conffile.py tests are extended to cover rename scenarios.
[Other Info]
* n/a
---
As reported on
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1820291/comments/20
We fixed an issue and we added workrounds since basic mv_conffile coudn't
handle it and did all sort of upgrade tests.
That all worked fine and moved the conffile.
It was now reported that due to some pre-checks that unattended
upgrades might do this might do some checks on its own.
Next step:
- check unattended upgrades through this change
- check if it only affects cases were the former config was modified
(minority) or the default file layout (majority)
--- original report copied ---
just wanted to add: This bug also crashes unattended-upgrade and thus
prevents security updates on 18.04:
root@mailin1:~# unattended-upgrade
Traceback (most recent call last):
File "/usr/bin/unattended-upgrade", line 1998, in <module>
sys.exit(main(options))
File "/usr/bin/unattended-upgrade", line 1714, in main
if conffile_prompt(item.destfile):
File "/usr/bin/unattended-upgrade", line 929, in conffile_prompt
with open(prefix + conf_file, 'rb') as fp:
IsADirectoryError: [Errno 21] Is a directory: '/etc/qemu/fsfreeze-hook'
Basically, unattended-upgrade wants to compare old/new conffiles and
doesn't like it when the old conffile turns out to be a directory...
This prevents security updates to be installed. The unattended-upgrade
logs do not contain the trace, only the messages:
2019-04-05 13:24:24,851 INFO Initial blacklisted packages:
2019-04-05 13:24:24,853 INFO Initial whitelisted packages:
2019-04-05 13:24:24,853 INFO Starting unattended upgrades script
2019-04-05 13:24:24,854 INFO Allowed origins are: o=Ubuntu,a=bionic,
o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic'
And that's it.
You can't really get out of this without manually running 'apt-get
install qemu-guest-agent' because at this point, unattended-upgrade
can't update itself anymore.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1823872/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
