[Bug 1883082] Re: Crash when using Package-Whitelist-Strict
Balint Reczey
1883082 at bugs.launchpad.net
Tue Jul 21 15:00:59 UTC 2020
** Description changed:
+ [Impact]
+
+ * Unattended-upgrades crashes when strict whitelist is enabled and
+ there is an update available.
+
+ [Test Case]
+
+ Set up a system with at least one updated package available:
+
+ $ lxc launch ubuntu:focal ff-uu-strict
+ Creating ff-uu-strict
+ Starting ff-uu-strict
+ $ lxc shell ff-uu-strict
+ root at ff-uu-strict:~# apt update
+ ...
+ root at ff-uu-strict:~# apt list --upgradable
+ Listing... Done
+ open-vm-tools/focal-updates 2:11.1.0-2~ubuntu20.04.1 amd64 [upgradable from: 2:11.0.5-4]
+ N: There is 1 additional version. Please use the '-a' switch to see it
+
+ Set up strict whitelist not covering the package:
+
+ root at ff-uu-strict:~# echo 'Unattended-Upgrade::Package-Whitelist-Strict "true";' > /etc/apt/apt.conf.d/51unattended-upgrades-whitelist
+ root at ff-uu-strict:~# echo 'Unattended-Upgrade::Package-Whitelist {"foo";}' >> /etc/apt/apt.conf.d/51unattended-upgrades-whitelist
+
+ Run unattended-upgrades:
+ root at ff-uu-strict:~# unattended-upgrade
+
+ The fixed version does not crash here, the not fixed one does.
+
+
+ [Regression Potential]
+
+ Minimal. The fix adds only one extra check to not crash dereferencing
+ None.
+
+ [Original Bug Text]
+
+
Hi,
I'm trying to use unattended-upgrades only with a few packages from a
list; to do that I tried this simple /etc/apt/apt.conf.d/51local-ua
file:
- root at focal-ua:~# cat /etc/apt/apt.conf.d/51local-ua
- Unattended-Upgrade::Package-Whitelist-Strict "true";
+ root at focal-ua:~# cat /etc/apt/apt.conf.d/51local-ua
+ Unattended-Upgrade::Package-Whitelist-Strict "true";
Unattended-Upgrade::Package-Whitelist {
"firefox";
"bash";
"openssh-server";
}
When running unattended-upgrades in dry run mode I get this crash:
root at focal-ua:~# unattended-upgrade --debug --dry-run
Running on the development release
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=focal, o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, o=UbuntuESM,a=focal-infra-security, o=UbuntuESM,a=focal-security
- Initial blacklist:
+ Initial blacklist:
Initial whitelist (strict): firefox bash openssh-server
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-backports_universe_i18n_Translation-en' a=focal-backports,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=2895 ID:17> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-backports_universe_binary-amd64_Packages' a=focal-backports,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=11575 ID:16> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_multiverse_i18n_Translation-en' a=focal-updates,c=multiverse,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=783 ID:15> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_multiverse_binary-amd64_Packages' a=focal-updates,c=multiverse,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=2025 ID:14> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_universe_i18n_Translation-en' a=focal-updates,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=297335 ID:13> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_universe_binary-amd64_Packages' a=focal-updates,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=658122 ID:12> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_restricted_i18n_Translation-en' a=focal-updates,c=restricted,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=34222 ID:11> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_restricted_binary-amd64_Packages' a=focal-updates,c=restricted,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=76674 ID:10> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_main_i18n_Translation-en' a=focal-updates,c=main,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=660043 ID:9> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_main_binary-amd64_Packages' a=focal-updates,c=main,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=1198660 ID:8> with -32768 pin
An error occurred: '>' not supported between instances of 'apt_pkg.Version' and 'int'
Traceback (most recent call last):
- File "/usr/bin/unattended-upgrade", line 1983, in main
- res = run(options, rootdir, mem_log, logfile_dpkg,
- File "/usr/bin/unattended-upgrade", line 2124, in run
- cache = UnattendedUpgradesCache(rootdir=rootdir)
- File "/usr/bin/unattended-upgrade", line 171, in __init__
- apt.Cache.__init__(self, rootdir=rootdir)
- File "/usr/lib/python3/dist-packages/apt/cache.py", line 170, in __init__
- self.open(progress)
- File "/usr/bin/unattended-upgrade", line 330, in open
- self.apply_pinning(self.pinning_from_config())
- File "/usr/bin/unattended-upgrade", line 302, in pinning_from_config
- and policy.get_candidate_ver(pkg) > -1: # type: ignore
- TypeError: '>' not supported between instances of 'apt_pkg.Version' and 'int'
- Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2020-06-11 09:38:25
- Traceback (most recent call last):
- File "/usr/bin/unattended-upgrade", line 2512, in <module>
- sys.exit(main(options))
- File "/usr/bin/unattended-upgrade", line 1983, in main
- res = run(options, rootdir, mem_log, logfile_dpkg,
- File "/usr/bin/unattended-upgrade", line 2124, in run
- cache = UnattendedUpgradesCache(rootdir=rootdir)
- File "/usr/bin/unattended-upgrade", line 171, in __init__
- apt.Cache.__init__(self, rootdir=rootdir)
- File "/usr/lib/python3/dist-packages/apt/cache.py", line 170, in __init__
- self.open(progress)
- File "/usr/bin/unattended-upgrade", line 330, in open
- self.apply_pinning(self.pinning_from_config())
- File "/usr/bin/unattended-upgrade", line 302, in pinning_from_config
- and policy.get_candidate_ver(pkg) > -1: # type: ignore
+ File "/usr/bin/unattended-upgrade", line 1983, in main
+ res = run(options, rootdir, mem_log, logfile_dpkg,
+ File "/usr/bin/unattended-upgrade", line 2124, in run
+ cache = UnattendedUpgradesCache(rootdir=rootdir)
+ File "/usr/bin/unattended-upgrade", line 171, in __init__
+ apt.Cache.__init__(self, rootdir=rootdir)
+ File "/usr/lib/python3/dist-packages/apt/cache.py", line 170, in __init__
+ self.open(progress)
+ File "/usr/bin/unattended-upgrade", line 330, in open
+ self.apply_pinning(self.pinning_from_config())
+ File "/usr/bin/unattended-upgrade", line 302, in pinning_from_config
+ and policy.get_candidate_ver(pkg) > -1: # type: ignore
TypeError: '>' not supported between instances of 'apt_pkg.Version' and 'int'
+ Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2020-06-11 09:38:25
+ Traceback (most recent call last):
+ File "/usr/bin/unattended-upgrade", line 2512, in <module>
+ sys.exit(main(options))
+ File "/usr/bin/unattended-upgrade", line 1983, in main
+ res = run(options, rootdir, mem_log, logfile_dpkg,
+ File "/usr/bin/unattended-upgrade", line 2124, in run
+ cache = UnattendedUpgradesCache(rootdir=rootdir)
+ File "/usr/bin/unattended-upgrade", line 171, in __init__
+ apt.Cache.__init__(self, rootdir=rootdir)
+ File "/usr/lib/python3/dist-packages/apt/cache.py", line 170, in __init__
+ self.open(progress)
+ File "/usr/bin/unattended-upgrade", line 330, in open
+ self.apply_pinning(self.pinning_from_config())
+ File "/usr/bin/unattended-upgrade", line 302, in pinning_from_config
+ and policy.get_candidate_ver(pkg) > -1: # type: ignore
+ TypeError: '>' not supported between instances of 'apt_pkg.Version' and 'int'
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/1883082
Title:
Crash when using Package-Whitelist-Strict
Status in unattended-upgrades package in Ubuntu:
In Progress
Status in unattended-upgrades source package in Focal:
New
Bug description:
[Impact]
* Unattended-upgrades crashes when strict whitelist is enabled and
there is an update available.
[Test Case]
Set up a system with at least one updated package available:
$ lxc launch ubuntu:focal ff-uu-strict
Creating ff-uu-strict
Starting ff-uu-strict
$ lxc shell ff-uu-strict
root at ff-uu-strict:~# apt update
...
root at ff-uu-strict:~# apt list --upgradable
Listing... Done
open-vm-tools/focal-updates 2:11.1.0-2~ubuntu20.04.1 amd64 [upgradable from: 2:11.0.5-4]
N: There is 1 additional version. Please use the '-a' switch to see it
Set up strict whitelist not covering the package:
root at ff-uu-strict:~# echo 'Unattended-Upgrade::Package-Whitelist-Strict "true";' > /etc/apt/apt.conf.d/51unattended-upgrades-whitelist
root at ff-uu-strict:~# echo 'Unattended-Upgrade::Package-Whitelist {"foo";}' >> /etc/apt/apt.conf.d/51unattended-upgrades-whitelist
Run unattended-upgrades:
root at ff-uu-strict:~# unattended-upgrade
The fixed version does not crash here, the not fixed one does.
[Regression Potential]
Minimal. The fix adds only one extra check to not crash dereferencing
None.
[Original Bug Text]
Hi,
I'm trying to use unattended-upgrades only with a few packages from a
list; to do that I tried this simple /etc/apt/apt.conf.d/51local-ua
file:
root at focal-ua:~# cat /etc/apt/apt.conf.d/51local-ua
Unattended-Upgrade::Package-Whitelist-Strict "true";
Unattended-Upgrade::Package-Whitelist {
"firefox";
"bash";
"openssh-server";
}
When running unattended-upgrades in dry run mode I get this crash:
root at focal-ua:~# unattended-upgrade --debug --dry-run
Running on the development release
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=focal, o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, o=UbuntuESM,a=focal-infra-security, o=UbuntuESM,a=focal-security
Initial blacklist:
Initial whitelist (strict): firefox bash openssh-server
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-backports_universe_i18n_Translation-en' a=focal-backports,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=2895 ID:17> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-backports_universe_binary-amd64_Packages' a=focal-backports,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=11575 ID:16> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_multiverse_i18n_Translation-en' a=focal-updates,c=multiverse,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=783 ID:15> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_multiverse_binary-amd64_Packages' a=focal-updates,c=multiverse,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=2025 ID:14> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_universe_i18n_Translation-en' a=focal-updates,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=297335 ID:13> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_universe_binary-amd64_Packages' a=focal-updates,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=658122 ID:12> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_restricted_i18n_Translation-en' a=focal-updates,c=restricted,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=34222 ID:11> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_restricted_binary-amd64_Packages' a=focal-updates,c=restricted,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=76674 ID:10> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_main_i18n_Translation-en' a=focal-updates,c=main,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=660043 ID:9> with -32768 pin
Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_main_binary-amd64_Packages' a=focal-updates,c=main,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=1198660 ID:8> with -32768 pin
An error occurred: '>' not supported between instances of 'apt_pkg.Version' and 'int'
Traceback (most recent call last):
File "/usr/bin/unattended-upgrade", line 1983, in main
res = run(options, rootdir, mem_log, logfile_dpkg,
File "/usr/bin/unattended-upgrade", line 2124, in run
cache = UnattendedUpgradesCache(rootdir=rootdir)
File "/usr/bin/unattended-upgrade", line 171, in __init__
apt.Cache.__init__(self, rootdir=rootdir)
File "/usr/lib/python3/dist-packages/apt/cache.py", line 170, in __init__
self.open(progress)
File "/usr/bin/unattended-upgrade", line 330, in open
self.apply_pinning(self.pinning_from_config())
File "/usr/bin/unattended-upgrade", line 302, in pinning_from_config
and policy.get_candidate_ver(pkg) > -1: # type: ignore
TypeError: '>' not supported between instances of 'apt_pkg.Version' and 'int'
Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2020-06-11 09:38:25
Traceback (most recent call last):
File "/usr/bin/unattended-upgrade", line 2512, in <module>
sys.exit(main(options))
File "/usr/bin/unattended-upgrade", line 1983, in main
res = run(options, rootdir, mem_log, logfile_dpkg,
File "/usr/bin/unattended-upgrade", line 2124, in run
cache = UnattendedUpgradesCache(rootdir=rootdir)
File "/usr/bin/unattended-upgrade", line 171, in __init__
apt.Cache.__init__(self, rootdir=rootdir)
File "/usr/lib/python3/dist-packages/apt/cache.py", line 170, in __init__
self.open(progress)
File "/usr/bin/unattended-upgrade", line 330, in open
self.apply_pinning(self.pinning_from_config())
File "/usr/bin/unattended-upgrade", line 302, in pinning_from_config
and policy.get_candidate_ver(pkg) > -1: # type: ignore
TypeError: '>' not supported between instances of 'apt_pkg.Version' and 'int'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1883082/+subscriptions
More information about the foundations-bugs
mailing list