ubuntu-public-cloud team mailing list archive
-
ubuntu-public-cloud team
-
Mailing list archive
-
Message #00073
[Bug 2084496] Re: Please update to 20240926.03
The d/changelog in, for example, jammy, hints that this is a straight
backport from plucky. The first 3 entries have:
google-osconfig-agent (20240926.03-0ubuntu1~22.04.0) jammy;
urgency=medium
* No change rebuild for Jammy.
-- Chloé 'kajiya' Smith <chloe.smith@xxxxxxxxxxxxx> Wed, 06 Nov 2024
11:54:47 +0000
google-osconfig-agent (20240926.03-0ubuntu1) plucky; urgency=medium
* New upstream version for upstream tag 20240926.03. (LP: #2084496)
* Golang revendoring.
* Add new debian/source/include-binaries entries.
-- Chloé 'kajiya' Smith <chloe.smith@xxxxxxxxxxxxx> Mon, 14 Oct 2024
19:14:20 +0100
google-osconfig-agent (20240524.03-0ubuntu2~22.04.0) jammy;
urgency=medium
* Rebuild for Jammy.
- Bump golang version to 1.22.
- Revert the addition of
d/p/0002-Edit-TestAptRepositories-for-signed-repos.patch.
-- Chloé 'kajiya' Smith <chloe.smith@xxxxxxxxxxxxx> Tue, 06 Aug 2024
22:52:48 +0100
So it's like 20240926.03-0ubuntu1 was taken as-is from plucky, and rebuilt on jammy.
That doesn't seem to be the case, because if I diff this upload against
plucky, there are way more differences than just d/changelog:
$ git diff queue/jammy/unapproved/325567c pkg/ubuntu/devel|diffstat
b/debian/changelog | 53 --------
b/debian/control | 2
b/debian/patches/0002-Edit-TestAptRepositories-for-signed-repos.patch | 29 ++++
b/debian/patches/series | 1
b/debian/rules | 9 -
debian/extra/vendor/google.golang.org/protobuf/0001-protojson-configurable-recursion-limit-when-unmarsha.patch | 243 ----------------------------------------
debian/extra/vendor/patches-applied/README.txt | 1
debian/extra/vendor/patches-applied/protobuf-CVE-2024-24786.patch | 73 ------------
8 files changed, 31 insertions(+), 380 deletions(-)
The diff related to the previous upload in jammy is fine (bar the missing no-change rebuild which is the last upload in jammy, but since it's just a rebuild, and this sru will definitely rebuild the package, that's ok).
There is also a d/control change not declared in d/changelog, but since
it's just in the uploaders field, and doesn't impact the build of the
package, it's not a blocker. Unless you didn't mean to change that:
--- a/debian/control
+++ b/debian/control
@@ -1,6 +1,6 @@
Source: google-osconfig-agent
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@xxxxxxxxxxxxxxxx>
-Uploaders: Balint Reczey <rbalint@xxxxxxxxxx>
+Uploaders: Utkarsh Gupta <utkarsh@xxxxxxxxxx>
Section: devel
Testsuite: autopkgtest-pkg-go
Priority: optional
In the end, it's difficult to follow the history of this package. The
changelog is all over the place: jammy -> oracular -> jammy -> plucky ->
jammy again. That is the "normal" case for backports, but this doesn't
look like a straight backport. Anyway, I won't block on it, but we
should chat about how these uploads are prepared, so it's better
understood for the next one, and the review can be quicker.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-24786
** Changed in: google-osconfig-agent (Ubuntu Oracular)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Public Cloud, which is subscribed to google-osconfig-agent in Ubuntu.
https://bugs.launchpad.net/bugs/2084496
Title:
Please update to 20240926.03
Status in google-osconfig-agent package in Ubuntu:
Fix Released
Status in google-osconfig-agent source package in Focal:
New
Status in google-osconfig-agent source package in Jammy:
New
Status in google-osconfig-agent source package in Noble:
New
Status in google-osconfig-agent source package in Oracular:
Fix Committed
Status in google-osconfig-agent source package in Plucky:
Fix Released
Bug description:
Following on from previous similar package update requests @ LP:
#2073161, LP: #2064580 LP: #2020762, LP: #1996735 and LP: #1938553,
this bug is a request to update the google-osconfig-agent package to
the upstream version `20240926.03` @
https://github.com/GoogleCloudPlatform/osconfig/releases/tag/20240926.03
This package has an SRU exception @
https://wiki.ubuntu.com/StableReleaseUpdates#google-osconfig-agent
including an ageing exception detailed @
https://wiki.ubuntu.com/google-osconfig-agent-Updates
[Impact]
This package is provided by Google for installation within guests that
run on Google Compute Engine. It is part of a collection of tools and
daemons, that ensure that the Ubuntu images published to GCE run
properly on their platform.
Cloud platforms evolve at a rate that can't be handled in six-month
increments, and they will often develop features that they would like
to be available to customers who don't want to upgrade from earlier
Ubuntu releases. As such, updating this package to more recent
upstream releases is required within all Ubuntu releases, so they
continue to function properly in their environment.
[Test Case]
When a new version of this package is uploaded to -proposed, the
following will happen:
* an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-devel project
* the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation.
If all the testing indicates that the image containing the new package
is acceptable, verification will be considered to be done.
[Vendored Dependency]
There were no vendoring changes in these releases (OO/NN/JJ/FF)
[Where Problems Could Occur]
There are many upstream changes in `20240926.03-ubuntu1` vs.
`20240320.00-0ubuntu2`; however between the guest-test-infra suite [0]
(which is run for validation by CPC _and_ Google) and CPC's own
internal test harness (CTF), there is confidence that most if not all
"edge cases" and/or obvious regressions concerns can be dismissed
before the new version lands in `-updates`
That being said, there are big changes to auth in this release, and
significant changes to network config management, OSLogin, SSH access
and networkctl/dhclient in this bug's "sister" at LP: #2084498. We
should be mindful of all these changes as they could possibly cause
instances to become inaccessible. To mitigate this there are several
CTF suites that will trigger an instance reboot (e.g.
google_disk_size, google_shutdown_script, google_shutdown_script_url,
etc.). There are explicit tests in CIT (Google owned tests) that
validate authorisation as well.
We (CPC) also have a specific job we have internally that will create
an instance from a "normal" image, and gradually install each guest-
agent package from -proposed with reboots in between. Assuming all
this works as expected we can be assured we've mitigated.
[Other Information]
This bug is used for tracking of releasing the new upstream version
for all supported series, as per the approved policy mentioned in the
following MRE:
https://wiki.ubuntu.com/google-osconfig-agent-Updates
The updated package is not built for armhf and riscv64 due to upstream
regressions but the package is not used on those architectures thus
please release the SRU without the armhf and risc64 binaries.
The package does not build for powerpc on Xenial, but this is OK since
it is not used on powerpc either.
[0]: https://github.com/GoogleCloudPlatform/guest-test-infra
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/google-osconfig-agent/+bug/2084496/+subscriptions
References
