group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #34553
[Bug 1857051] Re: Please add ${distro_id}ESM:${distro_codename}-infra-security and ${distro_id}ESMApps:${distro_codename}-apps-security to allowed origins (on Ubuntu)
### Eoan esm-apps * esm-infra verification on stock Eoan cloudimages
# This test will show no regression in unattended-upgrades because there are no ESM offerings
# on Eoan.
test script:
#!/bin/bash
if [ $# != 1 ]; then
echo "usage: $0 <SERIES>"
exit 1
fi
SERIES=$1
LXC_NAME=test-sru-$SERIES
echo 1. Launch ubuntu-daily $SERIES lxc
#lxc launch ubuntu-daily:$SERIES $LXC_NAME
echo 2. Run unattended-upgrades to confirm Allowed origins does not find esm packages
lxc exec $LXC_NAME -- unattended-upgrades --dry-run --verbose 2>&1 | egrep -i 'Allowed|esm'
echo 3. Install unattended-upgrades from -proposed suites
cat > setup_proposed.sh <<EOF
#/bin/bash
mirror=http://archive.ubuntu.com/ubuntu
echo deb \$mirror \$(lsb_release -sc)-proposed main | tee /etc/apt/sources.list.d/proposed.list
apt-get update -q
apt-get install -qy unattended-upgrades
EOF
lxc file push setup_proposed.sh $LXC_NAME/
lxc exec $LXC_NAME bash /setup_proposed.sh 2>&1 | grep unattended-upgrades
echo 5.Run unattended-upgrades to confirm -proposed Allowed origins does cause regressions
lxc exec $LXC_NAME -- unattended-upgrades --dry-run --verbose 2>&1
### Verification output
$ ./sru.sh eoan
1. Launch ubuntu-daily eoan lxc
2. Run unattended-upgrades to confirm Allowed origins does not find esm packages
Allowed origins are: o=Ubuntu,a=eoan, o=Ubuntu,a=eoan-security, o=UbuntuESM,a=eoan, o=UbuntuESM,a=eoan-security, o=UbuntuESM,a=eoan-security
3. Install unattended-upgrades from -proposed suites
unattended-upgrades
Get:1 http://archive.ubuntu.com/ubuntu eoan-proposed/main amd64 unattended-upgrades all 1.14ubuntu1.2 [47.6 kB]
Preparing to unpack .../unattended-upgrades_1.14ubuntu1.2_all.deb ...
Unpacking unattended-upgrades (1.14ubuntu1.2) over (1.14ubuntu1.1) ...
Setting up unattended-upgrades (1.14ubuntu1.2) ...
Replacing config file /etc/apt/apt.conf.d/50unattended-upgrades with new version
5.Run unattended-upgrades to confirm -proposed Allowed origins does cause regressions
Initial blacklist :
Initial whitelist:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=eoan, o=Ubuntu,a=eoan-security, o=UbuntuESMApps,a=eoan-apps-security, o=UbuntuESM,a=eoan-infra-security, o=UbuntuESM,a=eoan-security
No packages found that can be upgraded unattended and no pending auto-removals
csmith@uptown:~/src/ubuntu-advantage-client$ echo $?
0
** Tags removed: verification-needed-eoan
** Tags added: verification-done-eoan
** Changed in: unattended-upgrades (Ubuntu Trusty)
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1857051
Title:
Please add ${distro_id}ESM:${distro_codename}-infra-security and
${distro_id}ESMApps:${distro_codename}-apps-security to allowed
origins (on Ubuntu)
Status in unattended-upgrades package in Ubuntu:
Fix Released
Status in unattended-upgrades source package in Trusty:
Won't Fix
Status in unattended-upgrades source package in Xenial:
Fix Committed
Status in unattended-upgrades source package in Bionic:
Fix Committed
Status in unattended-upgrades source package in Eoan:
Fix Committed
Bug description:
[Impact]
* Changes to the ESM repo naming and the introduction of the new esm-infra and esm-apps suites require an update to unattended-upgrades to ensure the security pockets are used.
* This change will ensure users are actually receiving updates, where as today they will not without making manual changes.
[Test Case]
* 1) Bionic and Xenial ESM-Apps/ESM-infra with Ubuntu Pro
* 2) Trusty ESM
[Regression Potential]
* This change is ensuring users actually receive security updates when using ESM. Therefore, 1) users of ESM-apps on Ubuntu Pro and 2) ESM-infra on Trusty will be the only users affected.
* The possible issue would be if/when users receive actual security updates that then regress or cause issues to the system.
[Other Info]
Previous description:
ESM <distro>-infra-security and <distro>-apps-security will need to
participate in unattended upgrades.
Currently /etc/apt/apt.conf.d/50unattended-upgrades provides:
Unattended-Upgrade::Allowed-Origins {
"${distro_id}ESM:${distro_codename}";
}
Given that there have been ESM apt pocket renames over the last few
months, the above ESM allowed-origin should not apply anymore and can
be dropped or replaced.
See RT #C122697 and #C121067 for the pocket/suite renames related to
ESM
What is needed after the ESM apt pocket/suite renames:
Support for unattended upgrades for ESM for Infrastructure customers:
Unattended-Upgrade::Allowed-Origins {
// Extended Security Maintenance; doesn't necessarily exist for
// every release and this system may not have it installed, but if
// available, the policy for updates is such that unattended-upgrades
// should also install from here by default.
"${distro_id}ESM:${distro_codename}-infra-security";
"${distro_id}ESMApps:${distro_codename}-apps-security";
};
=== Confirmed proper origin on an attached Trusty instance with ESM-
infra enabled:
500 https://esm.ubuntu.com/ubuntu/ trusty-infra-security/main amd64 Packages
release v=14.04,o=UbuntuESM,a=trusty-infra-security,n=trusty,l=UbuntuESM,c=main
=== Confirmed proper origins on Bionic for enabled ESM-infra and ESM-apps on an AWS Ubuntu PRO instance:
500 https://esm.ubuntu.com/infra/ubuntu bionic-infra-security/main amd64 Packages
release v=18.04,o=UbuntuESM,a=bionic-infra-security,n=bionic,l=UbuntuESM,c=main,b=amd64
500 https://esm.ubuntu.com/apps/ubuntu bionic-apps-security/main amd64 Packages
release v=18.04,o=UbuntuESMApps,a=bionic-apps-security,n=bionic,l=UbuntuESMApps,c=main,b=amd64
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1857051/+subscriptions
