[Bug 1690980] Re: unattended-upgrades does not block shutdown of system, as it is designed to

Balint Reczey balint.reczey at canonical.com
Mon Dec 3 14:54:18 UTC 2018 

** Description changed:

  Title: No pop-up window to warn users that system should not reboot or
  shutdown while installing security updates
  
  Summary:
  No pop-up window to warn users that system should not reboot or shutdown while installing security updates
  
  Steps:
  1. trigger unattended-upgrades
  2. reboot or shutdown system while installing packages
  
  Expected results: There is a pop-up window to warn users that system
  should not reboot or shutdown
  
  Actual results: There is no pop-up window to warn users
  
  Additional information:
  $ apt-cache policy unattended-upgrades
  unattended-upgrades:
    Installed: 0.90
    Candidate: 0.90ubuntu0.5
  $ lsb_release -rd
  Description:    Ubuntu 16.04 LTS
  
- 
  * APT SRU *
  [Impact]
  Stopping apt-daily-upgrade.service terminates dpkg and friends by sending the signals to all processes in the cgroup, and will send KILL quickly after.
  
  [Test case]
  Start apt-daily-upgrade.service and stop it while unattended-upgrades is running.
  
  The upgrade should run to completion or a safe exit point as long as it
  takes less than about 900s (which is the timeout for sending kill).
  
  [Regression potential]
  Leftover processes might remain in the apt-daily-upgrade cgroup if the postinst scripts or some apt hooks do something funny.
  
  Shutdown might take longer due to the 900 second timeout.
+ 
+ * unattended-upgrades SRU
+ 
+ [Impact]
+ 
+  * Undattended-upgrades does not stop quickly gracefully when shutdown/reboot is initiated by the user.
+  * The fix is performing the updates in minimal package sets and allow gracefully stopping between those steps when unattended-upgrades.service sends a TERM signal to running u-u. The signal is sent on receiving PrepareForShutdown() from logind (https://www.freedesktop.org/wiki/Software/systemd/inhibit/) to stop unattended-upgrades a bit earlier than the shutdown process starts (LP: #1803137).
+ 
+ [Test Case]
+ 
+ * Configure the system to have several 20+ packages upgradable by
+ unattended-upgrades. One easy way of setting this up is starting with a
+ system where packages from -security are installed but packages from
+ -updates are not and enabling -updates in u-u:
+ 
+   # echo 'Unattended-Upgrade::Allowed-Origins::
+ "${distro_id}:${distro_codename}-updates";' > /etc/apt/apt.conf.d
+ /51unattended-upgrades-updates-too
+ 
+ * Pre-download upgrades
+   # unattended-upgraded --download-only
+ 
+ * Trigger unattended-upgrades run:
+   # service apt-daily-upgrade start
+ 
+ * Shutdown the system from a graphical user session or by executing
+   # dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1 "org.freedesktop.login1.Manager.Reboot" boolean:false
+ 
+  * Observe the system unattended-upgrades being gracefully stopped,
+ checking /var/log/unattended-upgrades/unattended-upgrades.log. There
+ should be packages left to be upgraded.
+ 
+ [Regression Potential]
+ 
+ On Xenial (with Unity) starting shutdown from the graphical session does
+ not log the user out nor show any progress on the shutdown until the
+ inhibition timer expires which is confusing. Users should be logged out
+ on PrepareForShutdown() (LP: #1803581).

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/1690980

Title:
  unattended-upgrades does not block shutdown of system, as it is
  designed to

Status in OEM Priority Project:
  Triaged
Status in OEM Priority Project xenial series:
  Triaged
Status in apt package in Ubuntu:
  Fix Released
Status in unattended-upgrades package in Ubuntu:
  Fix Released
Status in apt source package in Xenial:
  Fix Released
Status in unattended-upgrades source package in Xenial:
  New
Status in apt source package in Zesty:
  Won't Fix
Status in unattended-upgrades source package in Zesty:
  Won't Fix

Bug description:
  Title: No pop-up window to warn users that system should not reboot or
  shutdown while installing security updates

  Summary:
  No pop-up window to warn users that system should not reboot or shutdown while installing security updates

  Steps:
  1. trigger unattended-upgrades
  2. reboot or shutdown system while installing packages

  Expected results: There is a pop-up window to warn users that system
  should not reboot or shutdown

  Actual results: There is no pop-up window to warn users

  Additional information:
  $ apt-cache policy unattended-upgrades
  unattended-upgrades:
    Installed: 0.90
    Candidate: 0.90ubuntu0.5
  $ lsb_release -rd
  Description:    Ubuntu 16.04 LTS

  * APT SRU *
  [Impact]
  Stopping apt-daily-upgrade.service terminates dpkg and friends by sending the signals to all processes in the cgroup, and will send KILL quickly after.

  [Test case]
  Start apt-daily-upgrade.service and stop it while unattended-upgrades is running.

  The upgrade should run to completion or a safe exit point as long as
  it takes less than about 900s (which is the timeout for sending kill).

  [Regression potential]
  Leftover processes might remain in the apt-daily-upgrade cgroup if the postinst scripts or some apt hooks do something funny.

  Shutdown might take longer due to the 900 second timeout.

  * unattended-upgrades SRU

  [Impact]

   * Undattended-upgrades does not stop quickly gracefully when shutdown/reboot is initiated by the user.
   * The fix is performing the updates in minimal package sets and allow gracefully stopping between those steps when unattended-upgrades.service sends a TERM signal to running u-u. The signal is sent on receiving PrepareForShutdown() from logind (https://www.freedesktop.org/wiki/Software/systemd/inhibit/) to stop unattended-upgrades a bit earlier than the shutdown process starts (LP: #1803137).

  [Test Case]

  * Configure the system to have several 20+ packages upgradable by
  unattended-upgrades. One easy way of setting this up is starting with
  a system where packages from -security are installed but packages from
  -updates are not and enabling -updates in u-u:

    # echo 'Unattended-Upgrade::Allowed-Origins::
  "${distro_id}:${distro_codename}-updates";' > /etc/apt/apt.conf.d
  /51unattended-upgrades-updates-too

  * Pre-download upgrades
    # unattended-upgraded --download-only

  * Trigger unattended-upgrades run:
    # service apt-daily-upgrade start

  * Shutdown the system from a graphical user session or by executing
    # dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1 "org.freedesktop.login1.Manager.Reboot" boolean:false

   * Observe the system unattended-upgrades being gracefully stopped,
  checking /var/log/unattended-upgrades/unattended-upgrades.log. There
  should be packages left to be upgraded.

  [Regression Potential]

  On Xenial (with Unity) starting shutdown from the graphical session
  does not log the user out nor show any progress on the shutdown until
  the inhibition timer expires which is confusing. Users should be
  logged out on PrepareForShutdown() (LP: #1803581).

To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1690980/+subscriptions

More information about the foundations-bugs mailing list