[Bug 1853861] Update Released

Brian Murray brian at ubuntu.com
Wed Dec 4 17:20:33 UTC 2019 

The verification of the Stable Release Update for unattended-upgrades
has completed successfully and the package is now being released to
-updates.  Subsequently, the Ubuntu Stable Release Updates Team is being
unsubscribed and will not receive messages about this bug report.  In
the event that you encounter a regression using the package from
-updates please report a new bug using ubuntu-bug and tag the bug report
regression-update so we can easily find any regressions.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/1853861

Title:
  [SRU] Unattended-upgrades silently does not apply updates when
  MinimalSteps is disabled and there are autoremovable kernels

Status in unattended-upgrades package in Ubuntu:
  Fix Released
Status in unattended-upgrades source package in Xenial:
  Fix Released
Status in unattended-upgrades source package in Bionic:
  Fix Committed
Status in unattended-upgrades source package in Disco:
  Fix Released
Status in unattended-upgrades source package in Eoan:
  Fix Released

Bug description:
  [Impact]

   * When autoremovable kernel packages are present on the system, there are updates to apply and Unattended-Upgrade::MinimalSteps is set to "false", the autoremovable kernel packages are not removed and the updates are not applied.
   * The root cause is u-u not cleaning the dirty cache between operations and also relying on having a cache with packages marked to be installed when applying updates in one shot.
   * The fix is clearing the cache between operations and marking packages before installing them in one shot.

  [Test Case]

   * Install kernel-related packages, mark them as automatically installed to make them auto-removable ones.
   * Downgrade a few packages to a version lower than what is present in the security pocket.
   * Set Unattended-Upgrade::MinimalSteps to "false":
     # echo 'Unattended-Upgrade::MinimalSteps "false";' > /etc/apt/apt.conf.d/51unattended-upgrades-oneshot

   * Run u-u:
     # unattended-upgrade --verbose --debug

   * Observe fixed versions removing the kernel packages properly and
  also upgrading packages.

  [Regression Potential]

   * The changes introduce marking packages to install/upgrade and clearing the cache more often. The added operations slow down u-u, but clearing the cache adds a few 100 milliseconds on typical hardware and marking upgradable packages is also in the same range.
   * Functional regressions are unlikely due to those changes since the fixes are present in 19.04 and later releases and the extensive autopkgtest also covers when upgrades are performed in minimal steps.

  [Other Info]

   * While this bug has a security impact by holding back installation of security updates I don't recommend releasing the fix via the security pocket because this bug occurs only when the local configuration file of u-u is changed and u-u does not hold back upgrades with UCF-managed config file conflicts.
    See: https://github.com/mvo5/unattended-upgrades/issues/168

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1853861/+subscriptions

More information about the foundations-bugs mailing list