[Bug 1883082] Re: Crash when using Package-Whitelist-Strict

Balint Reczey 1883082 at bugs.launchpad.net
Fri Jul 31 16:56:38 UTC 2020 

Verified 2.3ubuntu0.1 on Focal (checking reproducibility with buggy
version first):

root at ff-uu-1-verify:~# apt list --upgradable 
Listing... Done
open-vm-tools/focal-updates 2:11.1.0-2~ubuntu20.04.1 amd64 [upgradable from: 2:11.0.5-4]
N: There is 1 additional version. Please use the '-a' switch to see it
root at ff-uu-1-verify:~# unattended-upgrade
root at ff-uu-1-verify:~# echo 'Unattended-Upgrade::Package-Whitelist-Strict "true";' > /etc/apt/apt.conf.d/51unattended-upgrades-whitelist
root at ff-uu-1-verify:~# echo 'Unattended-Upgrade::Package-Whitelist {"foo";}' >> /etc/apt/apt.conf.d/51unattended-upgrades-whitelist
root at ff-uu-1-verify:~# unattended-upgrade
Traceback (most recent call last):
  File "/usr/bin/unattended-upgrade", line 2512, in <module>
    sys.exit(main(options))
  File "/usr/bin/unattended-upgrade", line 1983, in main
    res = run(options, rootdir, mem_log, logfile_dpkg,
  File "/usr/bin/unattended-upgrade", line 2124, in run
    cache = UnattendedUpgradesCache(rootdir=rootdir)
  File "/usr/bin/unattended-upgrade", line 171, in __init__
    apt.Cache.__init__(self, rootdir=rootdir)
  File "/usr/lib/python3/dist-packages/apt/cache.py", line 170, in __init__
    self.open(progress)
  File "/usr/bin/unattended-upgrade", line 330, in open
    self.apply_pinning(self.pinning_from_config())
  File "/usr/bin/unattended-upgrade", line 302, in pinning_from_config
    and policy.get_candidate_ver(pkg) > -1:  # type: ignore
TypeError: '>' not supported between instances of 'apt_pkg.Version' and 'int'
root at ff-uu-1-verify:~# sed -i 's/backports/proposed/' /etc/apt/sources.list
root at ff-uu-1-verify:~# apt update
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:3 http://security.ubuntu.com/ubuntu focal-security InRelease
Get:4 http://archive.ubuntu.com/ubuntu focal-proposed InRelease [265 kB]
Get:5 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages [42.9 kB]
Get:6 http://archive.ubuntu.com/ubuntu focal-proposed/main Translation-en [19.5 kB]
Get:7 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 c-n-f Metadata [1308 B]
Get:8 http://archive.ubuntu.com/ubuntu focal-proposed/restricted amd64 Packages [3684 B]
Get:9 http://archive.ubuntu.com/ubuntu focal-proposed/restricted Translation-en [1252 B]
Get:10 http://archive.ubuntu.com/ubuntu focal-proposed/restricted amd64 c-n-f Metadata [116 B]
Get:11 http://archive.ubuntu.com/ubuntu focal-proposed/universe amd64 Packages [40.9 kB]
Get:12 http://archive.ubuntu.com/ubuntu focal-proposed/universe Translation-en [22.5 kB]
Get:13 http://archive.ubuntu.com/ubuntu focal-proposed/universe amd64 c-n-f Metadata [1688 B]
Get:14 http://archive.ubuntu.com/ubuntu focal-proposed/multiverse amd64 Packages [672 B]
Get:15 http://archive.ubuntu.com/ubuntu focal-proposed/multiverse Translation-en [3492 B]
Get:16 http://archive.ubuntu.com/ubuntu focal-proposed/multiverse amd64 c-n-f Metadata [188 B]
Fetched 403 kB in 2s (179 kB/s)          
Reading package lists... Done
Building dependency tree       
Reading state information... Done
17 packages can be upgraded. Run 'apt list --upgradable' to see them.
root at ff-uu-1-verify:~# apt install unattended-upgrades 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following package was automatically installed and is no longer required:
  libfreetype6
Use 'apt autoremove' to remove it.
Suggested packages:
  bsd-mailx default-mta | mail-transport-agent needrestart
The following packages will be upgraded:
  unattended-upgrades
1 upgraded, 0 newly installed, 0 to remove and 16 not upgraded.
Need to get 48.7 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 unattended-upgrades all 2.3ubuntu0.1 [48.7 kB]
Fetched 48.7 kB in 0s (135 kB/s)             
Preconfiguring packages ...
(Reading database ... 31266 files and directories currently installed.)
Preparing to unpack .../unattended-upgrades_2.3ubuntu0.1_all.deb ...
Unpacking unattended-upgrades (2.3ubuntu0.1) over (2.3) ...
Setting up unattended-upgrades (2.3ubuntu0.1) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.2) ...
seroot at ff-uu-1-verify:~# sed -i 's/proposed/backports/' /etc/apt/sources.list
root at ff-uu-1-verify:~# apt update
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:3 http://security.ubuntu.com/ubuntu focal-security InRelease
Get:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease [98.3 kB]
Get:5 http://archive.ubuntu.com/ubuntu focal-backports/main amd64 c-n-f Metadata [112 B]
Get:6 http://archive.ubuntu.com/ubuntu focal-backports/restricted amd64 c-n-f Metadata [116 B]
Get:7 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [3096 B]
Get:8 http://archive.ubuntu.com/ubuntu focal-backports/universe Translation-en [1448 B]
Get:9 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 c-n-f Metadata [224 B]
Get:10 http://archive.ubuntu.com/ubuntu focal-backports/multiverse amd64 c-n-f Metadata [116 B]
Fetched 103 kB in 1s (73.9 kB/s)         
Reading package lists... Done
Building dependency tree       
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
root at ff-uu-1-verify:~# unattended-upgrade
root at ff-uu-1-verify:~# unattended-upgrade --verbose
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=focal, o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, o=UbuntuESM,a=focal-infra-security
Initial blacklist: 
Initial whitelist (strict): foo
No packages found that can be upgraded unattended and no pending auto-removals
root at ff-uu-1-verify:~# 


** Tags removed: verification-needed verification-needed-focal
** Tags added: verification-done verification-done-focal

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/1883082

Title:
  Crash when using Package-Whitelist-Strict

Status in unattended-upgrades package in Ubuntu:
  Fix Released
Status in unattended-upgrades source package in Focal:
  Fix Committed

Bug description:
  [Impact]

   * Unattended-upgrades crashes when strict whitelist is enabled and
  there is an update available.

  [Test Case]

  Set up a system with at least one updated package available:

   $ lxc launch ubuntu:focal ff-uu-strict
   Creating ff-uu-strict
   Starting ff-uu-strict                       
   $ lxc shell ff-uu-strict 
   root at ff-uu-strict:~# apt update
   ...
   root at ff-uu-strict:~# apt list --upgradable 
   Listing... Done
   open-vm-tools/focal-updates 2:11.1.0-2~ubuntu20.04.1 amd64 [upgradable  from: 2:11.0.5-4]
   N: There is 1 additional version. Please use the '-a' switch to see it

  Set up strict whitelist not covering the package:

   root at ff-uu-strict:~# echo 'Unattended-Upgrade::Package-Whitelist-Strict "true";' > /etc/apt/apt.conf.d/51unattended-upgrades-whitelist
   root at ff-uu-strict:~# echo 'Unattended-Upgrade::Package-Whitelist {"foo";}' >> /etc/apt/apt.conf.d/51unattended-upgrades-whitelist

  Run unattended-upgrades:
   root at ff-uu-strict:~# unattended-upgrade 

  The fixed version does not crash here, the not fixed one does.

  
  [Regression Potential] 

  Minimal. The fix adds only one extra check to not crash dereferencing
  None.

  [Original Bug Text]

  
  Hi,

  I'm trying to use unattended-upgrades only with a few packages from a
  list; to do that I tried this simple /etc/apt/apt.conf.d/51local-ua
  file:

  root at focal-ua:~# cat /etc/apt/apt.conf.d/51local-ua
  Unattended-Upgrade::Package-Whitelist-Strict "true";
  Unattended-Upgrade::Package-Whitelist {
  "firefox";
  "bash";
  "openssh-server";
  }

  When running unattended-upgrades in dry run mode I get this crash:

  root at focal-ua:~# unattended-upgrade --debug --dry-run
  Running on the development release
  Starting unattended upgrades script
  Allowed origins are: o=Ubuntu,a=focal, o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, o=UbuntuESM,a=focal-infra-security, o=UbuntuESM,a=focal-security
  Initial blacklist:
  Initial whitelist (strict): firefox bash openssh-server
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-backports_universe_i18n_Translation-en'  a=focal-backports,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=2895 ID:17> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-backports_universe_binary-amd64_Packages'  a=focal-backports,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=11575 ID:16> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_multiverse_i18n_Translation-en'  a=focal-updates,c=multiverse,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=783 ID:15> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_multiverse_binary-amd64_Packages'  a=focal-updates,c=multiverse,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=2025 ID:14> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_universe_i18n_Translation-en'  a=focal-updates,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=297335 ID:13> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_universe_binary-amd64_Packages'  a=focal-updates,c=universe,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=658122 ID:12> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_restricted_i18n_Translation-en'  a=focal-updates,c=restricted,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=34222 ID:11> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_restricted_binary-amd64_Packages'  a=focal-updates,c=restricted,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=76674 ID:10> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_main_i18n_Translation-en'  a=focal-updates,c=main,v=20.04,o=Ubuntu,l=Ubuntu arch='' site='archive.ubuntu.com' IndexType='Debian Translation Index' Size=660043 ID:9> with -32768 pin
  Marking not allowed <apt_pkg.PackageFile object: filename:'/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_focal-updates_main_binary-amd64_Packages'  a=focal-updates,c=main,v=20.04,o=Ubuntu,l=Ubuntu arch='amd64' site='archive.ubuntu.com' IndexType='Debian Package Index' Size=1198660 ID:8> with -32768 pin
  An error occurred: '>' not supported between instances of 'apt_pkg.Version' and 'int'
  Traceback (most recent call last):
    File "/usr/bin/unattended-upgrade", line 1983, in main
      res = run(options, rootdir, mem_log, logfile_dpkg,
    File "/usr/bin/unattended-upgrade", line 2124, in run
      cache = UnattendedUpgradesCache(rootdir=rootdir)
    File "/usr/bin/unattended-upgrade", line 171, in __init__
      apt.Cache.__init__(self, rootdir=rootdir)
    File "/usr/lib/python3/dist-packages/apt/cache.py", line 170, in __init__
      self.open(progress)
    File "/usr/bin/unattended-upgrade", line 330, in open
      self.apply_pinning(self.pinning_from_config())
    File "/usr/bin/unattended-upgrade", line 302, in pinning_from_config
      and policy.get_candidate_ver(pkg) > -1:  # type: ignore
  TypeError: '>' not supported between instances of 'apt_pkg.Version' and 'int'
  Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.log since 2020-06-11 09:38:25
  Traceback (most recent call last):
    File "/usr/bin/unattended-upgrade", line 2512, in <module>
      sys.exit(main(options))
    File "/usr/bin/unattended-upgrade", line 1983, in main
      res = run(options, rootdir, mem_log, logfile_dpkg,
    File "/usr/bin/unattended-upgrade", line 2124, in run
      cache = UnattendedUpgradesCache(rootdir=rootdir)
    File "/usr/bin/unattended-upgrade", line 171, in __init__
      apt.Cache.__init__(self, rootdir=rootdir)
    File "/usr/lib/python3/dist-packages/apt/cache.py", line 170, in __init__
      self.open(progress)
    File "/usr/bin/unattended-upgrade", line 330, in open
      self.apply_pinning(self.pinning_from_config())
    File "/usr/bin/unattended-upgrade", line 302, in pinning_from_config
      and policy.get_candidate_ver(pkg) > -1:  # type: ignore
  TypeError: '>' not supported between instances of 'apt_pkg.Version' and 'int'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1883082/+subscriptions

More information about the foundations-bugs mailing list