[Bug 1803749] Re: apt.Cache.clear() may set apt.Package.is_auto_removable to False

Brian Murray brian at ubuntu.com
Mon Dec 3 19:21:11 UTC 2018 

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will
build now and be available at https://launchpad.net/ubuntu/+source
/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.0 in a few hours, and then
in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-xenial to verification-done-xenial. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-xenial. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: unattended-upgrades (Ubuntu Xenial)
       Status: New => Fix Committed

** Tags removed: verification-done
** Tags added: verification-needed verification-needed-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/1803749

Title:
  apt.Cache.clear() may set apt.Package.is_auto_removable to False

Status in unattended-upgrades package in Ubuntu:
  Fix Released
Status in unattended-upgrades source package in Xenial:
  Fix Committed
Status in unattended-upgrades source package in Bionic:
  Fix Released
Status in unattended-upgrades source package in Cosmic:
  Fix Released

Bug description:
  [Impact]

   * Originally autoremovable packages can be removed as newly autoremovable ones by unattended-upgrades
   * This can surprise users potentially removing packages which are needed for the system's operation.

  [Test Case]

  * The buggy u-u version will remove the previously autoremovable zsh
  at the end, the fixed one does not.

  $ sudo debootstrap bionic uu-test-bionic-1803749
  ...
  $ sudo chroot uu-test-bionic-1803749
  # apt install unattended-upgrades zsh
  # apt-mark auto zsh
  ...
  # echo "Unattended-Upgrade::Package-Blacklist {"libs";}"  > /etc/apt/apt.conf.d/51unattended-upgrades
  # echo "deb http://archive.ubuntu.com/ubuntu bionic-security main" >> /etc/apt/sources.list
  # echo "deb http://archive.ubuntu.com/ubuntu bionic-updates main" >> /etc/apt/sources.list
  # apt update -qq
  # unattended-upgrades --dry-run --verbose --debug
  ...
  All upgrades installed
  marking zsh for removal
  marking zsh-common for removal
  Packages that were successfully auto-removed:
  Packages that are kept back:
  InstCount=0 DelCount=0 BrokenCount=0
  #

  [Regression Potential]

   * Unattended-upgrades may use more CPU-time for operation but I did not observe a significant increase. Autopkgtest measures u-u's performance thus if this regression occurs, we can observe it easily.
   * Due to the code changes u-u may still remove already autoremovable packages or fail to remove newly autoremovable ones in default configuration, but since the code became simpler with the change by eliminating an optimization this regression is unlikely to take place.

  [Original Bug Text]

  While triaging LP: #1803587 I found that originally autoremovable
  packages were handled as newly autoremovable ones by unattended-
  upgrades due to not finding all of them at the beginning of u-u's run.

  The root cause seems to be cache.clear() resetting
  pkg.is_auto_removable to False under some circumstances I haven't
  fully narrowed down.

  Set up a Bionic (or later) system with autoremovable packages,
  packages upgradable from -security and blacklist at least one
  upgradable package and apply the following patch to u-u:

  root at bb-1803587:~# diff -Naur /usr/bin/unattended-upgrade.orig /usr/bin/unattended-upgrade
  --- /usr/bin/unattended-upgrade.orig	2018-11-16 16:17:58.522583254 +0000
  +++ /usr/bin/unattended-upgrade	2018-11-16 16:36:12.226675870 +0000
  @@ -948,7 +948,9 @@
   def rewind_cache(cache, pkgs_to_upgrade):
       # type: (apt.Cache, List[apt.Package]) -> None
       """ set the cache back to the state with packages_to_upgrade """
  +    print([pkg.name  for pkg in cache if pkg.is_auto_removable])
       cache.clear()
  +    print([pkg.name for pkg in cache if pkg.is_auto_removable])
       for pkg2 in pkgs_to_upgrade:
           pkg2.mark_install(from_user=not pkg2.is_auto_installed)
       if cache.broken_count > 0:

  Run u-u to observe cache.clear() resetting the list of autoremovable
  packages:

   ~# /usr/bin/unattended-upgrade --dry-run --verbose --debug
  Initial blacklisted packages: systemd
  Initial whitelisted packages:
  Starting unattended upgrades script
  Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic
  Using (^linux-image|^linux-headers|^linux-image-extra|^linux-modules|^linux-modules-extra|^linux-signed-image|^kfreebsd-image|^kfreebsd-headers|^gnumach-image|^.*-modules|^.*-kernel|^linux-backports-modules-.*|^linux-modules-.*|^linux-tools|^linux-cloud-tools) regexp to find kernel packages
  Using (^linux-image.*4.15.0-38-generic|^linux-headers.*4.15.0-38-generic|^linux-image-extra.*4.15.0-38-generic|^linux-modules.*4.15.0-38-generic|^linux-modules-extra.*4.15.0-38-generic|^linux-signed-image.*4.15.0-38-generic|^kfreebsd-image.*4.15.0-38-generic|^kfreebsd-headers.*4.15.0-38-generic|^gnumach-image.*4.15.0-38-generic|4.15.0-38-generic.*-modules|4.15.0-38-generic.*-kernel|^linux-backports-modules-.*.*4.15.0-38-generic|^linux-modules-.*.*4.15.0-38-generic|^linux-tools.*4.15.0-38-generic|^linux-cloud-tools.*4.15.0-38-generic) regexp to find running kernel packages
  Checking: apport ([<Origin component:'main' archive:'bionic-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>])
  adjusting candidate version: apport=2.20.9-0ubuntu7.1
  ...
  Checking: libnss-systemd ([<Origin component:'main' archive:'bionic-updates' origin:'Ubuntu' label:'Ubuntu' site:'archive.ubuntu.com' isTrusted:True>, <Origin component:'main' archive:'bionic-security' origin:'Ubuntu' label:'Ubuntu' site:'security.ubuntu.com' isTrusted:True>])
  skipping blacklisted package systemd
  pkg systemd package has been blacklisted
  sanity check failed
  ['libfreetype6']
  []
  ...

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1803749/+subscriptions

More information about the foundations-bugs mailing list