[Bug 1446552] Please test proposed package

Ɓukasz Zemczak 1446552 at bugs.launchpad.net
Thu Feb 28 12:56:36 UTC 2019 

Hello Sjoerd, or anyone else affected,

Accepted unattended-upgrades into xenial-proposed. The package will
build now and be available at https://launchpad.net/ubuntu/+source
/unattended-upgrades/1.1ubuntu1.18.04.7~16.04.2 in a few hours, and then
in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-xenial to verification-done-xenial. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-xenial. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/1446552

Title:
  Unattended upgrades handles new dependencies inconsistently

Status in unattended-upgrades package in Ubuntu:
  Fix Released
Status in unattended-upgrades source package in Xenial:
  Fix Committed

Bug description:
  [Impact]

  When an installed package adds a dependency that is not yet installed
  on the system, this sometimes causes the package to not be installed,
  depending on the origin containing the original candidate version.

  I believe that the problem is in /usr/bin/unattended-upgrade, line
  102. Here a check is performed to prevent downgrades. However, as a
  side effect it also prevents adjusting the candidate version for
  packages that have not yet been installed (because pkg.is_upgradable
  is False for packages that have not been installed).

  This makes updating private packages using unattended-upgrades
  troublesome, especially when new dependencies have been added.
  Currently it requires repackaging the dependencies with a slightly
  higher version number than what is in the main repository, and then
  hosting them on the private repository, which is time consuming and
  error-prone. With the included patch, it is sufficient to just host
  the same version on the private repository.

  [Test Case]

  - Create a testing package (doesn't have to really contain anything) that just installs 1 file into /usr/share/testpackage/, and have it depend on some packages.
  - Put that package on a private repository (which is also configured for APT and unattended-upgrades)
  - Install the package using `apt-get install testingpackage`
  - Update the package as follows: 1. Add a dependency which is not yet installed on your machine (and is also not in the security-repository). Up the version number, and add it to the private repository.
  - Run `unattended-upgrade --debug --apt-debug 2>&1 | tee output.txt`.
  - Verify the package was not updated (missing dependency).
  - Host the dependency on your private APT server as well (1-1 copy).
  - Run `unattended-upgrade --debug --apt-debug 2>&1 | tee output.txt`.
  - Verify the package was not updated (missing dependency).
  - Re-build the dependency with a higher version number, and add it to your private APT repository.
  - Run `unattended-upgrade --debug --apt-debug 2>&1 | tee output.txt`.
  - Verify the package was now upgraded.

  With the proposed patch, the upgrade would already succeed after
  hosting the exact copy on the private APT repository.

  [Regression Potential]

  The changed code logic now allows adjusting candidates of packages
  which are not upgradable and not installed. Since the changed check
  was there to avoid downgrades the possible regression would be somehow
  enabling downgrades accidentally. Adjusting _not_ installed packages
  in itself would not cause downgrading installed packages thus the
  change seems to be safe.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1446552/+subscriptions

More information about the foundations-bugs mailing list