touch-packages team mailing list archive

Thread
Date

[Bug 1446552] Re: Unattended upgrades handles new dependencies inconsistently

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Sjoerd Job Postmus <sjoerdjob.postmus@xxxxxxx>
Date: Tue, 06 Oct 2015 10:09:47 -0000
Reply-to: Bug 1446552 <1446552@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

@BrianMurray: Not anymore, unfortunately.

How I originally reproduced it was:

- Create a testing package (doesn't have to really contain anything) that just installs 1 file into /usr/share/testpackage/, and have it depend on some packages.
- Put that package on a private repository (which is also configured for APT and unattended-upgrades)
- Install the package using `apt-get install testingpackage`
- Update the package as follows: 1. Add a dependency which is not yet installed on your machine (and is also not in the security-repository). Up the version number, and add it to the private repository.
- Run `unattended-upgrade --debug --apt-debug 2>&1 | tee output.txt`.
- Verify the package was not updated (missing dependency).
- Host the dependency on your private APT server as well (1-1 copy).
- Run `unattended-upgrade --debug --apt-debug 2>&1 | tee output.txt`.
- Verify the package was not updated (missing dependency).
- Re-build the dependency with a higher version number, and add it to your private APT repository.
- Run `unattended-upgrade --debug --apt-debug 2>&1 | tee output.txt`.
- Verify the package was now upgraded.

With the proposed patch, the upgrade would already succeed after hosting
the exact copy on the private APT repository.

If needed I could probably figure out how to reproduce this again, but
it would take me quite some time, as I'd have to set-up everything
again. Hopefully my description of the case is enough for you to
reproduce this.

Let me know if you need my help in reproducing.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1446552

Title:
  Unattended upgrades handles new dependencies inconsistently

Status in unattended-upgrades package in Ubuntu:
  Confirmed
Status in unattended-upgrades source package in Wily:
  Confirmed

Bug description:
  When an installed package adds a dependency that is not yet installed
  on the system, this sometimes causes the package to not be installed,
  depending on the origin containing the original candidate version.

  I believe that the problem is in /usr/bin/unattended-upgrade, line
  102. Here a check is performed to prevent downgrades. However, as a
  side effect it also prevents adjusting the candidate version for
  packages that have not yet been installed (because pkg.is_upgradable
  is False for packages that have not been installed).

  This makes updating private packages using unattended-upgrades
  troublesome, especially when new dependencies have been added.
  Currently it requires repackaging the dependencies with a slightly
  higher version number than what is in the main repository, and then
  hosting them on the private repository, which is time consuming and
  error-prone. With the included patch, it is sufficient to just host
  the same version on the private repository.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1446552/+subscriptions

References

[Bug 1446552] [NEW] Unattended upgrades handles new dependencies inconsistently
From: Sjoerd Job Postmus, 2015-04-21