ubuntu-public-cloud team mailing list archive

Thread
Date
[Bug 2113792] Re: [SRU] Please update to 20250506.01

To: ubuntu-public-cloud@xxxxxxxxxxxxxxxxxxx
From: Chris Halse Rogers <2113792@xxxxxxxxxxxxxxxxxx>
Date: Tue, 02 Sep 2025 03:38:46 -0000
Reply-to: Bug 2113792 <2113792@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
> Google try to maintain upstream what they think the d/rules,
d/control, etc. files should be [0] - so this was my attempt at unifying
them. I could see they're not really applicable here but I feel it's
still best to have parity.

Generally speaking, we do not expect upstream developers to have a good
handle of Ubuntu packaging policy, so we don't expect the upstream
debian/ directory to be in sync.

> If you want to see that called out in the changelog do let me know and
I'll add that.

Yeah, every change to the package should be mentioned in the changelog -
not necessarily in great detail, but every change should be
acknowledged. eg:

 * debian/rules: also install new libfoobar.cfg thing

or even

 * debian/install: refresh for new files in new version

> That being said if you think having the .preset file is actually a
detriment I can take it out and have it as a known diff.

I'm not sure if it breaks Ubuntu policy by existing, but it might (I'm
not familiar with exactly how systemd interprets those), and is not how
sysadmins are expecting to interact with an Ubuntu system. This should
be dropped, yes.

-- 
You received this bug notification because you are a member of Ubuntu
Public Cloud, which is subscribed to google-guest-agent in Ubuntu.
https://bugs.launchpad.net/bugs/2113792

Title:
  [SRU] Please update to 20250506.01

Status in google-guest-agent package in Ubuntu:
  Fix Released
Status in google-guest-agent source package in Jammy:
  New
Status in google-guest-agent source package in Noble:
  New
Status in google-guest-agent source package in Plucky:
  Incomplete

Bug description:
  =================== SRU ===================

  Following on from similar package update requests @ LP: #2096765, LP:
  #2084498, LP: #2073163 and LP: #2040945, this bug is a request to
  update the google-guest-agent package to the upstream version
  `20250506.01` @ https://github.com/GoogleCloudPlatform/guest-
  agent/releases/tag/20250506.01

  This package has an SRU exception @
  https://wiki.ubuntu.com/StableReleaseUpdates#google-guest-agent
  including an ageing exception detailed @
  https://wiki.ubuntu.com/google-guest-agent-Updates

  [Impact]

  This package is provided by Google for installation within guests that
  run on Google Compute Engine. It is part of a collection of tools and
  daemons, that ensure that the Ubuntu images published to GCE run
  properly on their platform.

  Cloud platforms evolve at a rate that can't be handled in six-month
  increments, and they will often develop features that they would like
  to be available to customers who don't want to upgrade from earlier
  Ubuntu releases. As such, updating this package to more recent
  upstream releases is required within all Ubuntu releases, so they
  continue to function properly in the GCP environment.

  [Test Case]

  When a new version of this package is uploaded to -proposed, the
  following will happen:

   * an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-image-proposed project
   * the CPC team will run internal validations (CTF) and Google's upstream test suite `cloud-image-tests` (CIT)
   * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their own internal image validation.

  If all the testing indicates that the new package is acceptable,
  verification can be considered done.

  [Vendored Dependencies]

  ```
  --- a/go.mod
  +++ b/go.mod
  @@ -1,12 +1,12 @@
   module github.com/GoogleCloudPlatform/guest-agent

  -go 1.20
  +go 1.23.0

   replace github.com/GoogleCloudPlatform/guest-agent/metadata =>
  ../metadata

   require (
          cloud.google.com/go/storage v1.31.0
  -       github.com/GoogleCloudPlatform/guest-logging-go v0.0.0-20250108002221-76154e4b3bd9
  +       github.com/GoogleCloudPlatform/guest-logging-go v0.0.0-20250327013322-4be06cdc8bd8
          github.com/Microsoft/go-winio v0.6.1
          github.com/go-ini/ini v1.66.6
          github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
  @@ -17,8 +17,8 @@ require (
          github.com/kardianos/service v1.2.2
          github.com/robfig/cron/v3 v3.0.1
          github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07
  -       golang.org/x/crypto v0.25.0
  -       golang.org/x/sys v0.22.0
  +       golang.org/x/crypto v0.35.0
  +       golang.org/x/sys v0.30.0
          google.golang.org/api v0.134.0
          google.golang.org/grpc v1.57.1
          google.golang.org/protobuf v1.33.0
  @@ -44,10 +44,10 @@ require (
          github.com/pkg/errors v0.9.1 // indirect
          go.opencensus.io v0.24.0 // indirect
          golang.org/x/mod v0.17.0 // indirect
  -       golang.org/x/net v0.27.0 // indirect
  +       golang.org/x/net v0.36.0 // indirect
          golang.org/x/oauth2 v0.10.0 // indirect
  -       golang.org/x/sync v0.7.0 // indirect
  -       golang.org/x/text v0.16.0 // indirect
  +       golang.org/x/sync v0.11.0 // indirect
  +       golang.org/x/text v0.22.0 // indirect
          golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
          golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
          google.golang.org/appengine v1.6.7 // indirect
  ```
  ## Examining the crypto diff

  -       golang.org/x/crypto v0.25.0
  +       golang.org/x/crypto v0.35.0

  # Bump from v.0.25.0 --> v.0.330:

  Commit here https://github.com/GoogleCloudPlatform/guest-
  agent/commit/09884e466fc49e88e98bab6ce22ce732b426fdd2 [was added to
  fix CVE-2024-45337
  (https://github.com/advisories/GHSA-v778-237x-gjrc)], closing issue:
  https://github.com/GoogleCloudPlatform/guest-agent/pull/499

  # Bump from v.0.33.0 --> v.0.35.0

  Commit here https://github.com/GoogleCloudPlatform/guest-
  agent/commit/c2e25edf755600c01e13a77ee7adb92d44a44fe0 [was added by
  their dependatbot automation], closing issue:
  https://github.com/GoogleCloudPlatform/guest-agent/pull/512)

  # Whole diff of v0.25.0 vs. v0.35.0:
  https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.25.0...refs/tags/v0.35.0

  [Where Problems Could Occur]

  There are many upstream changes in `20250506.01-0ubuntu1` vs.
  `20250116.00-0ubuntu1` (38 commits/40 file changes); however between
  CIT [0] (which is run for validation by CPC _and_ Google) and CPC's
  own internal test harness (CTF), there is confidence that most if not
  all "edge cases" and/or obvious regressions concerns can be dismissed
  before the new version lands in `-updates`.

  Also, `google-guest-agent` is not a seeded package, and we vendor all
  golang dependencies.

  [Other Information]

  This bug is used for tracking of releasing the new upstream version
  for all supported series, as per the approved policy mentioned in the
  following MRE:

  https://wiki.ubuntu.com/google-guest-agent-Updates

  This package is only used on AMD64 and ARM64 but is built for all
  available architectures.

  [0]: https://github.com/GoogleCloudPlatform/cloud-image-tests

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/google-guest-agent/+bug/2113792/+subscriptions
References

[Bug 2113792] [NEW] Please update to 20250506.01
From: Chloé Smith, 2025-06-09