Debian Bug report logs - #867169
add "archive=oldoldstable" to 50unattended-upgrades

Display info messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Matus UHLAR - fantomas <uhlar@fantomas.sk>

To: submit@bugs.debian.org

Subject: add "archive=oldoldstable" to 50unattended-upgrades

Date: Tue, 4 Jul 2017 15:33:59 +0200

Package: unattended-upgrades
Version: 0.79.5+wheezy2

the /etc/apt/apt.conf.d/50unattended-upgrades file contains lines:

        "origin=Debian,archive=stable,label=Debian-Security";
        "origin=Debian,archive=oldstable,label=Debian-Security";

however, this does not apply for LTS packages in wheezy, currently renamed
to "oldoldstable".  The same situation will happen with jessie in ~2 years.

Please add following line to /etc/apt/apt.conf.d/50unattended-upgrades:

        "origin=Debian,archive=oldoldstable,label=Debian-Security";

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

Message #12 received at 867169@bugs.debian.org (full text, mbox, reply):

From: Antoine Beaupré <anarcat@orangeseeds.org>

To: Paul Wise <pabs@debian.org>, debian-lts@lists.debian.org, security@debian.org

Cc: 867169@bugs.debian.org

Subject: Re: unattended upgrades don't work in wheezy

Date: Tue, 04 Jul 2017 10:38:59 -0400

Control: fixed -1 0.93.1+nmu1

Adding the bug in CC.

On 2017-07-04 22:13:44, Paul Wise wrote:
> On Tue, Jul 4, 2017 at 10:02 PM, Matus UHLAR wrote:
>
>> I just found out that the unattended-upgrades package in wheezy does not
>> upgrade packages although configured to do it.
>
> I note that this same situation will apply to jessie when it becomes
> oldoldstable.
>
> I haven't tested the default stretch sources.list and u-u configuration.

This is a recurring problem, but I think it was fixed in more recent
releases (e.g. jessie). It was reported in #762965 before and I believe
those bugs may need to be merged.

I can at least say it seems to be fixed in stretch. This is my stretch
system's default u-u config:

        "origin=Debian,codename=${distro_codename},label=Debian-Security";

I added the following line to automate minor upgrades as well:

        "origin=Debian,codename=${distro_codename},label=Debian";

(Something that is still not fixed in the package, see #787945 for that
peculiar issue.)

It seems we should be using the codename there ("wheezy") and not the
archive name ("oldstable") as the latter has the risk of doing
unexpected major updates, although I suspect u-u may have built-in
protections against this.

Therefore when we fix this, we should use codename, if that's supported
in wheezy. There were issues with codename matching, however (#704087)
which may make that impossible, so we may be forced to do the
"oldoldstable" trick...

(There is, by the way, a long-standing need to do some serious triaging
in the unattended-upgrades BTS queue: lots of duplicates and old bugs
keep on accumulating there.)

A.

-- 
Information is not knowledge. Knowledge is not wisdom.
Wisdom is not truth. Truth is not beauty.
Beauty is not love. Love is not music.
Music is the best.      - Frank Zappa

Message #25 received at 867169@bugs.debian.org (full text, mbox, reply):

From: Matus UHLAR - fantomas <uhlar@fantomas.sk>

To: debian-lts@lists.debian.org

Cc: 867169@bugs.debian.org

Subject: Re: unattended upgrades don't work in wheezy

Date: Tue, 4 Jul 2017 17:13:50 +0200

On 04.07.17 10:38, Antoine Beaupré wrote:
>Adding the bug in CC.

so am I.

>> On Tue, Jul 4, 2017 at 10:02 PM, Matus UHLAR wrote:
>>> I just found out that the unattended-upgrades package in wheezy does not
>>> upgrade packages although configured to do it.

>On 2017-07-04 22:13:44, Paul Wise wrote:
>> I note that this same situation will apply to jessie when it becomes
>> oldoldstable.
>>
>> I haven't tested the default stretch sources.list and u-u configuration.

>This is a recurring problem, but I think it was fixed in more recent
>releases (e.g. jessie). It was reported in #762965 before and I believe
>those bugs may need to be merged.

I didn't feel that to be the same problem, because its submitter changed
configuration manually (different behaviour can be expected in such case).
   
u-u worked well with default 50unattended-upgrades on wheezy machines,
until stretch release 3 weeks ago.

>I can at least say it seems to be fixed in stretch. This is my stretch
>system's default u-u config:
>
>        "origin=Debian,codename=${distro_codename},label=Debian-Security";

>It seems we should be using the codename there ("wheezy") and not the
>archive name ("oldstable") as the latter has the risk of doing
>unexpected major updates, although I suspect u-u may have built-in
>protections against this.

I believe it has. This is however a problem of sources-list configuration,
not u-u itself.

>Therefore when we fix this, we should use codename, if that's supported
>in wheezy. There were issues with codename matching, however (#704087)
>which may make that impossible, so we may be forced to do the
>"oldoldstable" trick...

I have tried it and unfortunately it does not work. We apparently need the
oldoldstable trick...

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
WinError #98652: Operation completed successfully.

Message #30 received at 867169@bugs.debian.org (full text, mbox, reply):

From: Antoine Beaupré <anarcat@orangeseeds.org>

To: Matus UHLAR - fantomas <uhlar@fantomas.sk>, debian-lts@lists.debian.org

Cc: 867169@bugs.debian.org, 867728@bugs.debian.org, unattended-upgrades@packages.debian.org

Subject: NMU pending: fixing unattended-upgrades in wheezy

Date: Mon, 17 Jul 2017 15:20:40 -0400

[Message part 1 (text/plain, inline)]

Control: forcemerge 867169 867728
Control: severity 867169 important
Control: tags 867169 +patch

Hi everyone,

Some context, for the unattended-upgrades maintainer: the LTS folks have
noted there is an issue with unattended-upgrades in Debian LTS /
wheezy. It stopped working since the suite names got rotated during the
stretch release, as the wheezy configuration uses the "oldstable"
codename, which now points to jessie.

Two bugs were independently filed about this, which I am merging here.

The patch from #867728 looks good. I think it's also a good practice to
remove the newer suites while we're here, so I have removed the "stable"
and "oldstable" mentions from the config in the attached patch.

This will likely be the last necessary update to that configuration in
wheezy, so it should be okay for the lifetime of LTS.

In jessie and later, the codename is used so this divergence won't be
necessary.

Debdiff attached, I'll upload this to wheezy shortly unless someone else
objects.

Thanks,

A.

-- 
While the creative works from the 16th century can still be accessed
and used by others, the data in some software programs from the 1990s
is already inaccessible.
                         - Lawrence Lessig

[unattended-upgrades_0.79.5+wheezy3.debdiff (text/x-diff, inline)]

diff -Nru unattended-upgrades-0.79.5+wheezy2/data/50unattended-upgrades unattended-upgrades-0.79.5+wheezy3/data/50unattended-upgrades
--- unattended-upgrades-0.79.5+wheezy2/data/50unattended-upgrades	2015-06-19 04:45:37.000000000 -0400
+++ unattended-upgrades-0.79.5+wheezy3/data/50unattended-upgrades	2017-07-17 15:12:33.000000000 -0400
@@ -7,8 +7,7 @@
 //      "o=Debian,a=stable";
 //      "o=Debian,a=stable-updates";
 //      "o=Debian,a=proposed-updates";
-        "origin=Debian,archive=stable,label=Debian-Security";
-        "origin=Debian,archive=oldstable,label=Debian-Security";
+        "origin=Debian,archive=oldoldstable,label=Debian-Security";
 };
 
 // List of packages to not update
diff -Nru unattended-upgrades-0.79.5+wheezy2/data/50unattended-upgrades.Debian unattended-upgrades-0.79.5+wheezy3/data/50unattended-upgrades.Debian
--- unattended-upgrades-0.79.5+wheezy2/data/50unattended-upgrades.Debian	2013-06-25 10:17:26.000000000 -0400
+++ unattended-upgrades-0.79.5+wheezy3/data/50unattended-upgrades.Debian	2017-07-17 15:12:33.000000000 -0400
@@ -7,8 +7,7 @@
 //      "o=Debian,a=stable";
 //      "o=Debian,a=stable-updates";
 //      "o=Debian,a=proposed-updates";
-        "origin=Debian,archive=stable,label=Debian-Security";
-        "origin=Debian,archive=oldstable,label=Debian-Security";
+        "origin=Debian,archive=oldoldstable,label=Debian-Security";
 };
 
 // List of packages to not update
diff -Nru unattended-upgrades-0.79.5+wheezy2/debian/changelog unattended-upgrades-0.79.5+wheezy3/debian/changelog
--- unattended-upgrades-0.79.5+wheezy2/debian/changelog	2015-06-29 02:18:42.000000000 -0400
+++ unattended-upgrades-0.79.5+wheezy3/debian/changelog	2017-07-17 15:12:33.000000000 -0400
@@ -1,3 +1,11 @@
+unattended-upgrades (0.79.5+wheezy3) UNRELEASED; urgency=high
+
+  * Non-maintainer upload by the LTS Security Team.
+  * add "oldoldstable" to the default update origins to ensure updates
+    keep working since wheezy+2 (stretch) was released (closes: #867169)
+
+ -- Antoine Beaupré <anarcat@debian.org>  Mon, 17 Jul 2017 15:12:33 -0400
+
 unattended-upgrades (0.79.5+wheezy2) wheezy-security; urgency=high
 
   * fix missing package authentication check for apt

Message #43 received at 867169@bugs.debian.org (full text, mbox, reply):

From: Antoine Beaupré <anarcat@orangeseeds.org>

To: Matus UHLAR - fantomas <uhlar@fantomas.sk>, debian-lts@lists.debian.org

Cc: 867169@bugs.debian.org, unattended-upgrades@packages.debian.org

Subject: Re: NMU pending: fixing unattended-upgrades in wheezy

Date: Wed, 19 Jul 2017 09:57:07 -0400

Control: fixed 867169 0.79.5+wheezy3

This has now been fixed in 0.79.5+wheezy3 in wheezy. I have sent the DLA
1032-1 advisory to that regard.

I have also verified that jessie will not have this problem: it uses the
codename, not the archive name, so it will transition fine.

A.

-- 
I'm sorry if any of you are catholic. I'm not sorry if you're
offended, I'm actually just sorry by the fact that you're catholic
                         - Bill Hicks

Message #52 received at 867169-submitter@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: control@bugs.debian.org

Cc: 867169-submitter@bugs.debian.org

Subject: closing 867169

Date: Wed, 19 Jul 2017 16:04:00 +0200

close 867169 0.79.5+wheezy3
thanks

Send a report that this bug log contains spam.