← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 2004193] Re: Duplicate entries on security-status for systems that got esm-apps with the old advertisement model

 

This bug was fixed in the package ubuntu-advantage-tools -
27.13.5~22.10.1

---------------
ubuntu-advantage-tools (27.13.5~22.10.1) kinetic; urgency=medium

  * Backport new upstream release

ubuntu-advantage-tools (27.13.5~23.04.1) lunar; urgency=medium

  * d/ubuntu-advantage-tools.postinst:
    - fix version for cleaning the esm-apps stale unauthenticated files
      (LP: #2006765)

ubuntu-advantage-tools (27.13.4~23.04.1) lunar; urgency=medium

  * d/ubuntu-advantage-tools.postinst:
    - remove stale esm-apps unauthenticated caches (LP: #2004193)
  * apt-hook:
    - Change esm-apps advertisement message on apt upgrade to
      make it clearer that the service is providing more upgrades
      and not restricting user to only get updates if esm-apps
      is enabled (LP: #2006510)
  * contract:
    - make code aware that the effective date is not a required field
      in the machine-token.json file (LP: #2006351)
  * esm_cache
    - do not fail if we cannot extract information from
      /etc/os-release file (LP: #2006508)
  * security-status:
    -  consider packages without a candidate as 'unknown' (LP: #2006049)
  * status:
    - treat null effective contract dates as unknown/expired
      (LP: #2004650)
  * timer:
    - recycle invalid jobs-status.json file if we detect it is
      corrupted (LP: #2006261)

 -- Renan Rodrigo <renanrodrigo@xxxxxxxxxxxxx>  Thu, 09 Feb 2023
14:36:17 -0300

** Changed in: ubuntu-advantage-tools (Ubuntu Kinetic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2004193

Title:
  Duplicate entries on security-status for systems that got esm-apps
  with the old advertisement model

Status in ubuntu-advantage-tools package in Ubuntu:
  In Progress
Status in ubuntu-advantage-tools source package in Xenial:
  Fix Released
Status in ubuntu-advantage-tools source package in Bionic:
  Fix Released
Status in ubuntu-advantage-tools source package in Focal:
  Fix Released
Status in ubuntu-advantage-tools source package in Jammy:
  Fix Released
Status in ubuntu-advantage-tools source package in Kinetic:
  Fix Released
Status in ubuntu-advantage-tools source package in Lunar:
  In Progress

Bug description:
  [Original description]

  When esm-apps went open beta, November 2022, some versions of ubuntu-
  advantage-tools have set the service as non-beta. Although those never
  got to -updates, they could be (and were, actually) installed using
  -proposed or any of the uaclient PPAs.

  In those cases, the client inserted the unauthenticated esm-apps
  repository to the system APT. This causes packages to show twice now
  that esm-apps is GA.

  Another case where it could happen is when the `allow_beta` flag was
  set, inserting the aforementioned file to the config as well.

  [Impact]
  When running the pro security-status command we users that have the unauthenticated esm-apps source file will see the duplicate package counts
  in the command output and will probably make wrong assumptions about the system.

  [Test Case]
  To test that change, we will use the following script:

  -----------------------------
  #!/bin/bash
  set -e

  series=$1
  name=$series-dev

  version=$2
  install_from=$3

  function cleanup {
    lxc delete $name --force
  }

  function on_err {
    echo -e "Test Failed"
    cleanup
    exit 1
  }

  trap on_err ERR

  lxc launch ubuntu-daily:$series $name
  sleep 5

  # Install ubuntu-advantage-tools 27.11.1 (version which inserted files by accident)
  lxc exec $name -- wget -O ./ua.deb $(curl https://launchpad.net/ubuntu/$series/amd64/ubuntu-advantage-tools/$version | grep -o "http://launchpadlibrarian.net/.*/ubuntu-advantage-tools_${version}_amd64.deb";)
  lxc exec $name -- dpkg -i ./ua.deb > /dev/null
  echo -e "\n* UA version 27.11.1 is installed"
  echo "###########################################"
  lxc exec $name -- apt-cache policy ubuntu-advantage-tools
  echo -e "###########################################\n"

  # Install a universe package (ansible)
  lxc exec $name -- apt-get update > /dev/null
  lxc exec $name -- apt-get install ansible -y > /dev/null
  echo -e "\n* Ansible (from universe) is installed"
  echo "###########################################"
  lxc exec $name -- apt-cache policy ansible
  echo -e "###########################################\n"

  # Run security-status and see the number of esm-apps updates
  echo -e "\n* Updates from esm-apps"
  echo "###########################################"
  lxc exec $name -- pro security-status
  echo -e "###########################################\n"

  # Run security-status --esm-apps to check for the updates
  echo -e "\n* Updates from esm-apps"
  echo "###########################################"
  lxc exec $name -- pro security-status --esm-apps
  echo -e "###########################################\n"

  # Install latest ubuntu-advantage-tools ( < 27.13.4 )
  lxc exec $name -- apt-get install ubuntu-advantage-tools -y > /dev/null
  echo -e "\n* UA is updated to the latest version"
  echo "###########################################"
  lxc exec $name -- apt-cache policy ubuntu-advantage-tools
  echo -e "###########################################\n"
  lxc exec $name -- apt-get update > /dev/null

  # Run security-status and see the number of esm-apps updates
  echo -e "\n* Duplicated updates"
  echo "###########################################"
  lxc exec $name -- pro security-status
  echo -e "###########################################\n"

  # Run security-status --esm-apps to check for the updates
  echo -e "\n* Duplicated updates"
  echo "###########################################"
  lxc exec $name -- pro security-status --esm-apps
  echo -e "###########################################\n"

  # Upgrading UA to new version
  # ----------------------------------------------------------------
  if [ $install_from == 'staging' ]; then
    lxc exec $name -- sudo add-apt-repository ppa:ua-client/staging -y > /dev/null
    lxc exec $name -- apt-get install ubuntu-advantage-tools -y > /dev/null
  elif [ $install_from == 'proposed' ]; then
    lxc exec $name -- sh -c "echo \"deb http://archive.ubuntu.com/ubuntu $series-proposed main\" | tee /etc/apt/sources.list.d/proposed.list"
    lxc exec $name -- apt-get install ubuntu-advantage-tools -y > /dev/null
  else
    lxc file push $install_from $name/new-ua.deb
    lxc exec $name -- dpkg -i /new-ua.deb > /dev/null
  fi
  # ----------------------------------------------------------------
  echo -e "\n* UA now has the fix"
  echo "###########################################"
  lxc exec $name -- apt-cache policy ubuntu-advantage-tools
  echo -e "###########################################\n"

  # Run security-status and see the number of esm-apps updates
  echo -e "\n* Updates are back to normal"
  echo "###########################################"
  lxc exec $name -- pro security-status
  echo -e "###########################################\n"

  # Run security-status --esm-apps to check for the updates
  echo -e "\n* Updates are back to normal"
  echo "###########################################"
  lxc exec $name -- pro security-status --esm-apps
  echo -e "###########################################\n"

  # Check that files don't exist where they shouldn't
  echo -e "\n* No unauthenticated apt files"
  echo "###########################################"
  lxc exec $name -- ls /etc/apt/sources.list.d/ubuntu-esm-apps.list || true
  echo -e "###########################################\n"

  cleanup
  ---------------------------------------

  [Regression Potential]
  Since 27.13, we are no longer relying on any unauthenticated esm source file to deliver any feature to the users. Therefore, removing that file should not pose any extra risk for existing users

  [Discussion]
  There are some scenarios where users where able to get the unauthenticated esm-apps source file in the system. For example, version 27.11.1 introduced that file. Additionally, if the user added the allow_beta: true
  line into uaclient.conf before upgrading the package, the unauthenticated file will also be there. The fix should cover all of those scenarios

  $ uname -a
  Linux sdeziel-lemur 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 11:43:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2004193/+subscriptions