unattended upgrades are not properly disabled

[jabbera]

Description

When building an ubuntu 24.04 image from this repository (stock with no modifications) on 10/2 we see unattended upgrades properly disabled here with no further output referencing unattended updates:

2025-10-02T17:17:42.0071703Z ==> ubuntu-24_04.azure-arm.image: Reading state information...
2025-10-02T17:17:42.0139465Z ==> ubuntu-24_04.azure-arm.image: The following packages will be REMOVED:
2025-10-02T17:17:42.0147585Z ==> ubuntu-24_04.azure-arm.image:   unattended-upgrades*
2025-10-02T17:17:42.2525370Z ==> ubuntu-24_04.azure-arm.image: 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
2025-10-02T17:17:42.2533825Z ==> ubuntu-24_04.azure-arm.image: After this operation, 422 kB disk space will be freed.
2025-10-02T17:17:42.2967675Z ==> ubuntu-24_04.azure-arm.image: (Reading database ... 68434 files and directories currently installed.)
2025-10-02T17:17:42.2993032Z ==> ubuntu-24_04.azure-arm.image: Removing unattended-upgrades (2.9.1+nmu4ubuntu1) ...
2025-10-02T17:17:42.4326361Z ==> ubuntu-24_04.azure-arm.image: Processing triggers for man-db (2.12.0-4build2) ...
2025-10-02T17:17:44.4780682Z ==> ubuntu-24_04.azure-arm.image: (Reading database ... 68407 files and directories currently installed.)
2025-10-02T17:17:44.4796777Z ==> ubuntu-24_04.azure-arm.image: Purging configuration files for unattended-upgrades (2.9.1+nmu4ubuntu1) ...
2025-10-02T17:17:45.9842691Z ==> ubuntu-24_04.azure-arm.image: dpkg: warning: while removing unattended-upgrades, directory '/var/log/unattended-upgrades' not empty so not removed

However as of 10/23 when building an image we see the same text but some additional text indicating it's not properly disabled (I think?):

2025-10-23T13:27:16.9192359Z ==> ubuntu-24_04.azure-arm.image: The following packages will be REMOVED:
2025-10-23T13:27:16.9198627Z ==> ubuntu-24_04.azure-arm.image:   unattended-upgrades*
2025-10-23T13:27:17.1223759Z ==> ubuntu-24_04.azure-arm.image: 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
2025-10-23T13:27:17.1230370Z ==> ubuntu-24_04.azure-arm.image: After this operation, 422 kB disk space will be freed.
2025-10-23T13:27:17.1667343Z ==> ubuntu-24_04.azure-arm.image: (Reading database ... 68434 files and directories currently installed.)
2025-10-23T13:27:17.1684074Z ==> ubuntu-24_04.azure-arm.image: Removing unattended-upgrades (2.9.1+nmu4ubuntu1) ...
2025-10-23T13:27:17.2998834Z ==> ubuntu-24_04.azure-arm.image: Processing triggers for man-db (2.12.0-4build2) ...
2025-10-23T13:27:19.2189595Z ==> ubuntu-24_04.azure-arm.image: (Reading database ... 68407 files and directories currently installed.)
2025-10-23T13:27:19.2206124Z ==> ubuntu-24_04.azure-arm.image: Purging configuration files for unattended-upgrades (2.9.1+nmu4ubuntu1) ...
2025-10-23T13:27:20.4234999Z ==> ubuntu-24_04.azure-arm.image: dpkg: warning: while removing unattended-upgrades, directory '/var/log/unattended-upgrades' not empty so not removed

<SNIP>

ubuntu-24_04.azure-arm.image: Service restarts being deferred:
2025-10-23T13:32:23.7103249Z ==> ubuntu-24_04.azure-arm.image:  /etc/needrestart/restart.d/dbus.service
2025-10-23T13:32:23.7109489Z ==> ubuntu-24_04.azure-arm.image:  systemctl restart networkd-dispatcher.service
2025-10-23T13:32:23.7115912Z ==> ubuntu-24_04.azure-arm.image:  systemctl restart systemd-logind.service
2025-10-23T13:32:23.7123208Z ==> ubuntu-24_04.azure-arm.image:  systemctl restart unattended-upgrades.service

Now when starting an image via devops pool for the image created on 10/23 we see the following process running:

2025-11-06T20:01:33.0364484Z root        1113  0.0  0.0 110020 22968 ?        Ssl  19:57   0:00 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal

We see no such process on the 10/2 image.

This seems related to the dpkg corruption issue here: #13259 but either way I don't think the unattended upgrades should be running.

Platforms affected

• Azure DevOps
• GitHub Actions - Standard Runners
• GitHub Actions - Larger Runners

Runner images affected

• Ubuntu 22.04
• Ubuntu 24.04
• macOS 13
• macOS 13 Arm64
• macOS 14
• macOS 14 Arm64
• macOS 15
• macOS 15 Arm64
• macOS 26 Arm64
• Windows Server 2019
• Windows Server 2022
• Windows Server 2025

Image version and build link

None

Is it regression?

yes

Expected behavior

unattended upgrades should not be running

Actual behavior

unattended upgrades are running

Repro steps

GenerateResourcesAndImage -SubscriptionId $subscriptionId -ResourceGroupName $custommanagedimageresourcegroupname -ImageGenerationRepositoryRoot "$pwd" -ImageType ubuntu2404 -AzureLocation "eastus2" -AzureTenantId $(AzureTenantID) -AzureClientId $(AzureClientID) -AzureClientSecret $(AzureClientSecret) -ReuseResourceGroup

[Alexey-Ayupov]

Hello @jabbera, for issues related to Azure Managed DevOps pools, please contact Azure support. We do not provide support for this product within this repository.

[jabbera]

@Alexey-Ayupov, My entire report has to do with the image build and generation process and the unattended upgrade process running. I don't understand what that has to do with the dev ops pools except that it's how we start our agents. Do you want us to repro it on scalesets to be considered a valid issue?