group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #44701
[Bug 2004193] Re: Duplicate entries on security-status for systems that got esm-apps with the old advertisement model
This bug was fixed in the package ubuntu-advantage-tools -
27.13.5~22.04.1
---------------
ubuntu-advantage-tools (27.13.5~22.04.1) jammy; urgency=medium
* Backport new upstream release
ubuntu-advantage-tools (27.13.5~23.04.1) lunar; urgency=medium
* d/ubuntu-advantage-tools.postinst:
- fix version for cleaning the esm-apps stale unauthenticated files
(LP: #2006765)
ubuntu-advantage-tools (27.13.4~23.04.1) lunar; urgency=medium
* d/ubuntu-advantage-tools.postinst:
- remove stale esm-apps unauthenticated caches (LP: #2004193)
* apt-hook:
- Change esm-apps advertisement message on apt upgrade to
make it clearer that the service is providing more upgrades
and not restricting user to only get updates if esm-apps
is enabled (LP: #2006510)
* contract:
- make code aware that the effective date is not a required field
in the machine-token.json file (LP: #2006351)
* esm_cache
- do not fail if we cannot extract information from
/etc/os-release file (LP: #2006508)
* security-status:
- consider packages without a candidate as 'unknown' (LP: #2006049)
* status:
- treat null effective contract dates as unknown/expired
(LP: #2004650)
* timer:
- recycle invalid jobs-status.json file if we detect it is
corrupted (LP: #2006261)
-- Renan Rodrigo <renanrodrigo@xxxxxxxxxxxxx> Thu, 09 Feb 2023
14:36:10 -0300
** Changed in: ubuntu-advantage-tools (Ubuntu Jammy)
Status: Fix Committed => Fix Released
** Changed in: ubuntu-advantage-tools (Ubuntu Focal)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2004193
Title:
Duplicate entries on security-status for systems that got esm-apps
with the old advertisement model
Status in ubuntu-advantage-tools package in Ubuntu:
In Progress
Status in ubuntu-advantage-tools source package in Xenial:
Fix Released
Status in ubuntu-advantage-tools source package in Bionic:
Fix Released
Status in ubuntu-advantage-tools source package in Focal:
Fix Released
Status in ubuntu-advantage-tools source package in Jammy:
Fix Released
Status in ubuntu-advantage-tools source package in Kinetic:
Fix Released
Status in ubuntu-advantage-tools source package in Lunar:
In Progress
Bug description:
[Original description]
When esm-apps went open beta, November 2022, some versions of ubuntu-
advantage-tools have set the service as non-beta. Although those never
got to -updates, they could be (and were, actually) installed using
-proposed or any of the uaclient PPAs.
In those cases, the client inserted the unauthenticated esm-apps
repository to the system APT. This causes packages to show twice now
that esm-apps is GA.
Another case where it could happen is when the `allow_beta` flag was
set, inserting the aforementioned file to the config as well.
[Impact]
When running the pro security-status command we users that have the unauthenticated esm-apps source file will see the duplicate package counts
in the command output and will probably make wrong assumptions about the system.
[Test Case]
To test that change, we will use the following script:
-----------------------------
#!/bin/bash
set -e
series=$1
name=$series-dev
version=$2
install_from=$3
function cleanup {
lxc delete $name --force
}
function on_err {
echo -e "Test Failed"
cleanup
exit 1
}
trap on_err ERR
lxc launch ubuntu-daily:$series $name
sleep 5
# Install ubuntu-advantage-tools 27.11.1 (version which inserted files by accident)
lxc exec $name -- wget -O ./ua.deb $(curl https://launchpad.net/ubuntu/$series/amd64/ubuntu-advantage-tools/$version | grep -o "http://launchpadlibrarian.net/.*/ubuntu-advantage-tools_${version}_amd64.deb";)
lxc exec $name -- dpkg -i ./ua.deb > /dev/null
echo -e "\n* UA version 27.11.1 is installed"
echo "###########################################"
lxc exec $name -- apt-cache policy ubuntu-advantage-tools
echo -e "###########################################\n"
# Install a universe package (ansible)
lxc exec $name -- apt-get update > /dev/null
lxc exec $name -- apt-get install ansible -y > /dev/null
echo -e "\n* Ansible (from universe) is installed"
echo "###########################################"
lxc exec $name -- apt-cache policy ansible
echo -e "###########################################\n"
# Run security-status and see the number of esm-apps updates
echo -e "\n* Updates from esm-apps"
echo "###########################################"
lxc exec $name -- pro security-status
echo -e "###########################################\n"
# Run security-status --esm-apps to check for the updates
echo -e "\n* Updates from esm-apps"
echo "###########################################"
lxc exec $name -- pro security-status --esm-apps
echo -e "###########################################\n"
# Install latest ubuntu-advantage-tools ( < 27.13.4 )
lxc exec $name -- apt-get install ubuntu-advantage-tools -y > /dev/null
echo -e "\n* UA is updated to the latest version"
echo "###########################################"
lxc exec $name -- apt-cache policy ubuntu-advantage-tools
echo -e "###########################################\n"
lxc exec $name -- apt-get update > /dev/null
# Run security-status and see the number of esm-apps updates
echo -e "\n* Duplicated updates"
echo "###########################################"
lxc exec $name -- pro security-status
echo -e "###########################################\n"
# Run security-status --esm-apps to check for the updates
echo -e "\n* Duplicated updates"
echo "###########################################"
lxc exec $name -- pro security-status --esm-apps
echo -e "###########################################\n"
# Upgrading UA to new version
# ----------------------------------------------------------------
if [ $install_from == 'staging' ]; then
lxc exec $name -- sudo add-apt-repository ppa:ua-client/staging -y > /dev/null
lxc exec $name -- apt-get install ubuntu-advantage-tools -y > /dev/null
elif [ $install_from == 'proposed' ]; then
lxc exec $name -- sh -c "echo \"deb http://archive.ubuntu.com/ubuntu $series-proposed main\" | tee /etc/apt/sources.list.d/proposed.list"
lxc exec $name -- apt-get install ubuntu-advantage-tools -y > /dev/null
else
lxc file push $install_from $name/new-ua.deb
lxc exec $name -- dpkg -i /new-ua.deb > /dev/null
fi
# ----------------------------------------------------------------
echo -e "\n* UA now has the fix"
echo "###########################################"
lxc exec $name -- apt-cache policy ubuntu-advantage-tools
echo -e "###########################################\n"
# Run security-status and see the number of esm-apps updates
echo -e "\n* Updates are back to normal"
echo "###########################################"
lxc exec $name -- pro security-status
echo -e "###########################################\n"
# Run security-status --esm-apps to check for the updates
echo -e "\n* Updates are back to normal"
echo "###########################################"
lxc exec $name -- pro security-status --esm-apps
echo -e "###########################################\n"
# Check that files don't exist where they shouldn't
echo -e "\n* No unauthenticated apt files"
echo "###########################################"
lxc exec $name -- ls /etc/apt/sources.list.d/ubuntu-esm-apps.list || true
echo -e "###########################################\n"
cleanup
---------------------------------------
[Regression Potential]
Since 27.13, we are no longer relying on any unauthenticated esm source file to deliver any feature to the users. Therefore, removing that file should not pose any extra risk for existing users
[Discussion]
There are some scenarios where users where able to get the unauthenticated esm-apps source file in the system. For example, version 27.11.1 introduced that file. Additionally, if the user added the allow_beta: true
line into uaclient.conf before upgrading the package, the unauthenticated file will also be there. The fix should cover all of those scenarios
$ uname -a
Linux sdeziel-lemur 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 11:43:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2004193/+subscriptions
