This bug was fixed in the package wsl-pro-service - 0.1.18
---------------
wsl-pro-service (0.1.18) questing; urgency=medium
* Pin Go toolchain to 1.23.8 to fix the following security vulnerabilities:
- GO-2025-3563, GO-2025-3447 and GO-2025-3373 (LP: #2106757)
* Allows the service to quit for longer period of time if the Windows agent
is not reachable.
- resulting in less logging to system journal.
* Removes workaround for livepatch no longer needed since pro-client v35
- systemd service is more confined again.
* Prevents unnecessary re-registration with Landscape
- by passing the CLI flag --register-if-needed to landscape-config.
* Upgrades various golang dependencies.
-- Carlos Nihelton <[email protected]> Thu, 10 Apr 2025 13:50:32
-0300
** Changed in: wsl-pro-service (Ubuntu Questing)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to wsl-pro-service in Ubuntu.
https://bugs.launchpad.net/bugs/2106757
Title:
[SRU] wsl-pro-service version 0.1.18 for Questing, Plucky, Oracular
and Noble
Status in wsl-pro-service package in Ubuntu:
Fix Released
Status in wsl-pro-service source package in Noble:
New
Status in wsl-pro-service source package in Oracular:
New
Status in wsl-pro-service source package in Plucky:
New
Status in wsl-pro-service source package in Questing:
Fix Released
Bug description:
[ Impact ]
This release of wsl-pro-service brings latest enhancements we would like to
make sure all of our supported
customers will have access to these improvements on all releases as we
approach the GA of Ubuntu Pro
for WSL, system which this service is a key part of.
As before, this service is only applicable for Ubuntu on WSL, its service
unit is contained to not even start
if the condition `ConditionVirtualization=wsl` is not met. As we don't
publish nor advertise interim releases
of Ubuntu on WSL, we're mostly releasing this version to Oracular and later
to ensure the package stays available for
future releases as well as for covering the small percentage of users who
`do-release-upgrade` their
instances.
The most important changes are:
- Upgrade to the latest Go toolchain to address vulnerabilities
GO-2025-3563, GO-2025-3447 and GO-2025-3373.
- Reduce the duration under which wsl-pro-service remains running without
being connected to the Windows side:
* That allowed the service to spam the system's journal with too often
complaints of connection retrials.
* The existing behaviour was already highlighted by some users when
reporting issues, not necessarily
caused by this service, such as:
. https://github.com/microsoft/WSL/issues/12433#issue-2768853006: Here
users misunderstood it as an
issue issue because of how often that message appears.
.
https://github.com/microsoft/WSL/issues/11522#issuecomment-2148499450: Here an
example of systemd journal
showing too many logs of wsl-pro-service.
* With the current implementation we reduce the number of connection
attempts and increase the duration
systemd takes before restarting the service.
- Increase systemd confinement:
* Due a bug in ubuntu-pro-client we had to reduce the restrictions in the
systemd unit in the past to let
it subprocess livepatch, even thought that's not applicable under WSL.
* That bug is fixed in v35 being SRU'ed in LP: #2083973
- Prevents unnecessary re-registration with Landscape
* by passing the CLI flag --register-if-needed when subprocessing
landscape-config.
[ Test plan ]
== 1. Less loging:
* Make sure the Ubuntu Pro for WSL Windows agent is not running:
- On Windows run `taskkill /f /im ubuntu-pro-agent.exe`
- Depending on the OS settings elevated permissions might be required.
* Install wsl-pro-service version 0.1.18 on Ubuntu on WSL (Noble, Oracular
and Plucky should behave exactly
the same)
* Follow it's journal with `journalctl -f -u wsl-pro.service`
* Notice that it starts logging connection attempts too often, backing off
exponentially up to 1min interval.
Approximately 10 minutes after attempting to connect without success, it
silents.
* systemd should take approximately 20 min to attempt to restart the unit.
== 2. Pro attachment works under systemd restrictions and without
livepatch being installed.
(Most of this test case would be testing ubuntu-pro-client v35 indeed, but we
must verify that our integration
is not harmed with the changes in wsl-pro-service systemd confinement)
* Create a fresh instance of Ubuntu on WSL:
- On Windows run `wsl.exe --install -d Ubuntu`
* Install ubuntu-pro-agent v35 (currently available via the `-proposed`
repository)
* Make sure livepatch is not installed: `sudo snap remove canonical-livepatch`
* Make sure the Ubuntu on WSL instance is not pro attached: `pro status`
(`pro detach` if needed).
* Install wsl-pro-service version 0.1.18 on Ubuntu on WSL (Noble, Oracular
and Plucky should behave exactly
the same)
* Install Ubuntu Pro for WSL (download the latest production build from
https://github.com/canonical/ubuntu-pro-for-wsl/actions/runs/14386282882/artifacts/2921576467)
* Follow this guide to attach your Pro token:
https://documentation.ubuntu.com/wsl/en/stable/tutorials/getting-started-with-up4w/#set-up-ubuntu-pro-for-wsl
* Follow it's journal with `journalctl -f -u wsl-pro.service`:
- If pro-attaching fails because of systemd restrictions we should see some
"permission denied" or "bad system
call" errors in the journal.
- If the livepatch fix was not correct, we should see mentions to
`canonical-livepatch` in the journal.
- Both conditions should be considered a failure. Otherwise, proceed.
* Confirm pro attachment `pro status` inside the Ubuntu instance.
* Finally assert that canonical-livepatch remains not installed on this
machine.
== 3. (Optional) wsl-pro-service outside of WSL
(Ensures the unit does nothing outside of WSL)
* Install wsl-pro-service on an instance of Ubuntu 24.04 (or later) on any
platform other than WSL (Desktop,
Server bare-metal or VM, OCI containers).
* Verify that the unit is disabled due unmet condition: `systemctl status
wsl-pro.service`
[ Where problems could occur ]
Up until now, wsl-pro-service remains running all the time the unit is alive,
thus anytime a user installs the
Ubuntu Pro for WSL application on Windows they could expect the communication
with the Windows agents to start
briefly.
With the behaviour changes, that won't be the case always, as the service
could just had quit seconds before
and systemd will take about 20min to restart it. Users can always `sudo
systemctl restart wsl-pro.service`.
Since the entire system is not yet generally available the number of users
affected by this behaviour change
is very minimal, comprising of a handful of beta testers and internal
collaborators (such as the
Landscape team).
If the changes in wsl-pro-service landed before ubuntu-pro-client v35, we'd
have issues with livepatch already
described. I judge that as almost impossible since the SRU bug LP: #2083973
is older and is very likely to
handle any regressions in time.
[ Other Info ]
I purposefully skipped testing the changes related to Landscape because it's
too complex to set up a server
just for this purpose.
We upgraded many vendored Go dependencies, thus they comprise a huge
part of the diffs.
[ Changelog ]
wsl-pro-service (0.1.18~22.04.1) jammy; urgency=medium
* Pin Go toolchain to 1.23.8 to fix the following security vulnerabilities:
- GO-2025-3563, GO-2025-3447 and GO-2025-3373 (LP: #2106757)
* Allows the service to quit for longer period of time if the Windows agent
is not reachable.
- resulting in less logging to system journal.
* Removes workaround for livepatch no longer needed since pro-client v35
- systemd service is more confined again.
* Prevents unnecessary re-registration with Landscape
- by passing the CLI flag --register-if-needed to landscape-config.
* Upgrades various golang dependencies.
-- Carlos Nihelton <[email protected]> Thu, 10 Apr 2025 13:50:32
-0300
wsl-pro-service (0.1.5) oracular; urgency=medium
* Fix UserProfileDir when %USERPROFILE% is empty
* Fix for empty field for landscape SSL public key
* Prevent subprocesses to sent notification to systemd
* Workaround livepatch disable failure
* Remove now unused hostagent UID and move it to our GRPc part
in landscape protocole
* Force all subcommands to run with LC_ALL=C
* Removes dependency on /etc/resolv.conf
* Fix logging level in config
* Upgrade to Go 1.23
* Annotate assertion on int conversion check with bitSize 32
* Add some more tests and enhanced/cleanup existing ones, including mocks
* Fix some flaky tests
* Update some vendored dependencies
* Fix some vendoring scripts
-- Didier Roche-Tolomelli <[email protected]> Tue, 10 Sep 2024
13:24:08 +0200
wsl-pro-service (0.1.4) noble; urgency=medium
* Vendor manually on the host as the go mod vendoring when using
dpkg-buildpackage works in a different environment.
-- Didier Roche-Tolomelli <[email protected]> Fri, 19 Apr 2024
07:56:41 +0200
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/wsl-pro-service/+bug/2106757/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
