← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 2019997] Re: pro livepatch status incorrect when run as normal user

 

This bug was fixed in the package ubuntu-advantage-tools - 31.2~22.04

---------------
ubuntu-advantage-tools (31.2~22.04) jammy; urgency=medium

  * Backport new upstream release (LP: #2048921)

ubuntu-advantage-tools (31.2) noble; urgency=medium

  * properly rename logrotate conffile to avoid duplicate confiles, keep user changes
    and avoid unnecessary prompts (LP: #2055046)
  * use mv_conffile on all ubuntu-advantage-tools conffiles to avoid "obsolete" dpkg
    conffile statuses
  * fix regression in api u.pro.attach.auto.should_auto_attach.v1 so that it works with
    the new package names

ubuntu-advantage-tools (31.1) noble; urgency=medium

  * fix unit test that failed on newer version of python

ubuntu-advantage-tools (31) noble; urgency=medium

  * d/*:
    - rename ubuntu-advantage-tools to ubuntu-pro-client
    - rename ubuntu-advantage-pro to ubuntu-pro-image-auto-attach
  * d/apparmor:
    - introduce new ubuntu_pro_apt_news apparmor policy
  * d/control:
    - update descriptions and homepages
    - update ubuntu-pro-client-l10n to Depend on same binary version
      of ubuntu-pro-client
  * d/rules:
    - install ubuntu_pro_apt_news apparmor policy
  * d/ubuntu-pro-client.prerm:
    - removed dependency on python3 by reimplementing in sh (LP: #2021988)
  * apport:
    - collect logs related to ubuntu_pro_apt_news apparmor policy
  * release-upgrades.d/ubuntu-advantage-upgrades.cfg:
    - convert APT list files to deb822 files when upgrading to noble
  * systemd/apt-news.service:
    - add apparmor profile and capability restrictions
  * systemd/ubuntu-advantage.service:
    - avoid deadlock when started during cloud-config.service (LP: #2050022)
  * New upstream release 31 (LP: #2048921)
    - api:
      + u.pro.attach.auto.full_auto_attach.v1: new cloud_override param
      + u.pro.status.enabled_services.v1:
        * include services in "warning" state
        * include "usg"
      + u.pro.security.fix.*.plan.v1: export common objects from
        endpoint modules (GH: #2714)
    - cli:
      + add autocomplete for api subcommand
      + autocomplete multiple services for enable/disable subcommands
      + if lock is held, cli will retry over the course of a few seconds
    - collect-logs:
      + include logs related to ubuntu_pro_apt_news apparmor policy
      + include logs of apt-news.service
      + include logs of esm-cache.service
    - enable:
      + use deb822 apt source file format when on noble or later
    - fix:
      + avoid insinuating that CVEs were found on the machine (GH: #1522)
      + ignore LSNs when considering related USNs
      + pick CVE description based on what packages are installed
    - landscape:
      + don't disable landscape on ubuntu releases where it cannot be
        enabled (GH: #2743)
      + no longer assume landscape-client gets removed on disable (GH: #2840)
      + leave client.conf in place instead of renaming
      + require service to be running to consider "enabled"
      + new explanatory message when disabling
    - motd: properly pluralize messages about updates (GH: #1579)
    - status: show warning when canonical-livepatch command fails
      (LP: #2019997)
    - timer jobs: jobs-status.json is now world readable (GH: #2601)

ubuntu-advantage-tools (30.1) noble; urgency=medium

  * fix UnboundLocalError in update-check error handling (LP: #2043836)

 -- Grant Orndorff <grant.orndorff@xxxxxxxxxxxxx>  Thu, 29 Feb 2024
09:03:11 -0500

** Changed in: ubuntu-advantage-tools (Ubuntu Jammy)
       Status: Fix Committed => Fix Released

** Changed in: ubuntu-advantage-tools (Ubuntu Focal)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2019997

Title:
  pro livepatch status incorrect when run as normal user

Status in Canonical Livepatch Client:
  New
Status in ubuntu-advantage-tools package in Ubuntu:
  Fix Released
Status in ubuntu-advantage-tools source package in Xenial:
  Fix Released
Status in ubuntu-advantage-tools source package in Bionic:
  Fix Released
Status in ubuntu-advantage-tools source package in Focal:
  Fix Released
Status in ubuntu-advantage-tools source package in Jammy:
  Fix Released
Status in ubuntu-advantage-tools source package in Mantic:
  Fix Released

Bug description:
  [ Impact ]

  pro status shows livepatch as "disabled" when "canonical-livepatch"
  returns an error. This can be misleading. It would be more helpful to
  propagate the error message up to the user through pro status; that is
  what the fix does.

  [ Test Plan ]

  In a multipass VM:
  ```
  # attach to pro
  sudo pro attach
  # hack canonical-livepatch to return an error
  cat > error.sh <<EOF
  #!/bin/sh
  echo "this is a simulated error" >&2
  false
  EOF
  chmod +x error.sh
  sudo rm /snap/bin/canonical-livepatch
  sudo ln -s /home/ubuntu/error.sh /snap/bin/canonical-livepatch
  # check livepatch's status according to pro
  pro status
  ```

  Without the fix, livepatch will show as "disabled".
  With the fix, livepatch will show as "warning", and there will be a notice that says "Error running canonical-livepatch status:  this is a simulated error"

  [ Where problems could occur ]

  Since this changes how the status of livepatch is displayed, then a
  mistake could lead to livepatch's status being incorrect

  [Original Description]

  livepatch shows as disabled when `pro status` is run as a normal user,
  but enabled when run with sudo.

  $ pro status
  SERVICE          ENTITLED  STATUS    DESCRIPTION
  esm-apps         yes       enabled   Expanded Security Maintenance for Applications
  esm-infra        yes       enabled   Expanded Security Maintenance for Infrastructure
  livepatch        yes       disabled  Canonical Livepatch service

  $ sudo pro status
  SERVICE          ENTITLED  STATUS    DESCRIPTION
  esm-apps         yes       enabled   Expanded Security Maintenance for Applications
  esm-infra        yes       enabled   Expanded Security Maintenance for Infrastructure
  livepatch        yes       enabled   Canonical Livepatch service

  This is probably a separate issue, but similarly (with a few numbers I have replaced by <censored>:
  $ canonical-livepatch status
  internal error, please report: running "canonical-livepatch" failed: transient scope could not be started, job /org/freedesktop/systemd1/job/235 finished with result failed

  $ sudo canonical-livepatch status
  last check: 35 minutes ago
  kernel: <censored>
  server check-in: succeeded
  kernel state: ✓ kernel is supported by Canonical.
  patch state: ✓ all applicable livepatch modules inserted
  patch version: <censored>
  tier: stable

  ubuntu-advantage-tools 27.14.4~22.04
  Ubuntu 22.04.2 LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/canonical-livepatch-client/+bug/2019997/+subscriptions