Sorry but im not really on your side here and it also doesnt really
solve the problem.

I added docker.io to the blacklist because i want to take care manually
about the upgrades, it should leave in any case this package alone.

Adding here dependencies (containerd) for the packages will never solve
the issue, also i have to maintain this list, because dependencies (at
least in theorie) could change over time.

Just to prevent docker.io from restart i have to add a huge set of
packages (out of the list here
https://packages.ubuntu.com/focal/docker.io) to prevent it from
updating.

On top i have to go through all of the first level packages, to check if
it has dependencies on the next level, because those could trigger a
restart of the first level package, which will chain on the package
which i try to prevent.

As far as i get it currently, if unattended-upgrades is not considering
dependencies of blacklisted packages, theres no way except building an
incredibly huge list of packages which you dont want to update, and
regulary recalculate this list, because of maybe changed dependencies..

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1906364

Title:
  unattended-upgrade still restarts blacklisted daemons

Status in containerd package in Ubuntu:
  New
Status in docker.io package in Ubuntu:
  New
Status in unattended-upgrades package in Ubuntu:
  Won't Fix

Bug description:
  Hello,

  Today plenty of our systems running ubuntu 20.04 were restarting the
  docker daemon, even if i blacklisted the docker package. Since docker
  has an dependency on containerd thats the reason why it was restarted.
  IMO the blacklist should also check the full tree of dependencies...
  This should NOT happen!

  From the log you find:

  2020-12-01 06:40:13,881 INFO Starting unattended upgrades script
  2020-12-01 06:40:13,882 INFO Allowed origins are: o=Ubuntu,a=focal, 
o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, 
o=UbuntuESM,a=focal-infra-security
  2020-12-01 06:40:13,882 INFO Initial blacklist: docker docker.io
  2020-12-01 06:40:13,882 INFO Initial whitelist (not strict):
  2020-12-01 06:40:19,139 INFO Packages that will be upgraded: containerd 
qemu-block-extra qemu-kvm qemu-system-common qemu-system-data qemu-system-gui 
qemu-system-x86 qemu-utils
  2020-12-01 06:40:19,140 INFO Writing dpkg log to 
/var/log/unattended-upgrades/unattended-upgrades-dpkg.log
  2020-12-01 06:40:46,996 INFO All upgrades installed
  2020-12-01 06:40:50,732 INFO Starting unattended upgrades script
  2020-12-01 06:40:50,732 INFO Allowed origins are: o=Ubuntu,a=focal, 
o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, 
o=UbuntuESM,a=focal-infra-security
  2020-12-01 06:40:50,733 INFO Initial blacklist: docker docker.io
  2020-12-01 06:40:50,733 INFO Initial whitelist (not strict):

  Also this happened for us on plenty of our servers almost at the same
  (why the unattended updates are not spread over time?), which
  destroyed the second time an production environment.

  This is not how unattended-upgraded should be, sadly this package lost
  our trust and we disable it and schedule the 'unattended updates' now
  on our own.

  PS: Not to say that on some servers the docker daemon did not even
  restart..

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/containerd/+bug/1906364/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to