** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1853861
Title:
[SRU] Unattended-upgrades silently does not apply updates when
MinimalSteps is disabled and there are autoremovable kernels
Status in unattended-upgrades package in Ubuntu:
Confirmed
Bug description:
[Impact]
* When autoremovable kernel packages are present on the system, there are
updates to apply and Unattended-Upgrade::MinimalSteps is set to "false", the
autoremovable kernel packages are not removed and the updates are not applied.
* The root cause is u-u not cleaning the dirty cache between operations and
also relying on having a cache with packages marked to be installed when
applying updates in one shot.
* The fix is clearing the cache between operations and marking packages
before installing them in one shot.
[Test Case]
* Install kernel-related packages, mark them as automatically installed to
make them auto-removable ones.
* Downgrade a few packages to a version lower than what is present in the
security pocket.
* Set Unattended-Upgrade::MinimalSteps to "false":
# echo 'Unattended-Upgrade::MinimalSteps "false";' >
/etc/apt/apt.conf.d/51unattended-upgrades-oneshot
* Run u-u:
# unattended-upgrade --verbose --debug
* Observe fixed versions removing the kernel packages properly and
also upgrading packages.
[Regression Potential]
* The changes introduce marking packages to install/upgrade and clearing the
cache more often. The added operations slow down u-u, but clearing the cache
adds a few 100 milliseconds on typical hardware and marking upgradable packages
is also in the same range.
* Functional regressions are unlikely due to those changes since the fixes
are present in 19.04 and later releases and the extensive autopkgtest also
covers when upgrades are performed in minimal steps.
[Other Info]
* While this bug has a security impact by holding back installation of
security updates I don't recommend releasing the fix via the security pocket
because this bug occurs only when the local configuration file of u-u is
changed and u-u does not hold back upgrades with UCF-managed config file
conflicts.
See: https://github.com/mvo5/unattended-upgrades/issues/168
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1853861/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
