[Bug 2073163] Re: Please update to 20240716.00
Related bug (https://bugs.launchpad.net/ubuntu/+source/google-guest- agent/+bug/2057965) is now verified as well -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073163 Title: Please update to 20240716.00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/google-guest-agent/+bug/2073163/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2057965] Re: google-startup-scripts runs before cloud-init finished network setup
VALIDATION All images used below were built with snapshots from 20240306T030400Z and 20240510T030400Z for cloud-init and ubuntu-pro-client respectively. === FOCAL FOSSA === kajiya@little-HAL:~$ cat startup.sh #!/bin/bash cp /etc/apt/sources.list /tmp/startup-sources.list touch /home/ubuntu/hello.txt -- kajiya@little-HAL:~$ gcloud compute instances create focal-startup- bug-2057965 --image testing-ubuntu-guest-2004-focal-v20240823 --image- project ubuntu-kajiya --metadata-from-file=startup-script=startup.sh kajiya@little-HAL:~$ ssh ubuntu@35.204.59.206 -- ubuntu@focal-startup-bug-2057965:~$ pro --version 31.2.3~20.04 ubuntu@focal-startup-bug-2057965:~$ cloud-init --version /usr/bin/cloud-init 23.4.4-0ubuntu0~20.04.1 ubuntu@focal-startup-bug-2057965:~$ ls hello.txt ubuntu@focal-startup-bug-2057965:~$ diff /tmp/startup-sources.list /etc/apt/sources.list ubuntu@focal-startup-bug-2057965:~$ === JAMMY JELLYFISH === kajiya@little-HAL:~$ cat startup.sh #!/bin/bash cp /etc/apt/sources.list /tmp/startup-sources.list touch /home/ubuntu/hello.txt -- kajiya@little-HAL:~$ gcloud compute instances create jammy-startup- bug-2057965 --image testing-ubuntu-guest-2204-jammy-v20240823 --image- project ubuntu-kajiya --metadata-from-file=startup-script=startup.sh kajiya@little-HAL:~$ ssh ubuntu@34.90.192.236 -- ubuntu@jammy-startup-bug-2057965:~$ pro --version 31.2.3~22.04 ubuntu@jammy-startup-bug-2057965:~$ cloud-init --version /usr/bin/cloud-init 23.4.4-0ubuntu0~22.04.1 ubuntu@jammy-startup-bug-2057965:~$ ls hello.txt ubuntu@jammy-startup-bug-2057965:~$ diff /tmp/startup-sources.list /etc/apt/sources.list ubuntu@jammy-startup-bug-2057965:~$ === NOBLE NUMBAT === kajiya@little-HAL:~$ cat startup.sh #!/bin/bash cp /etc/apt/sources.list /tmp/startup-sources.list touch /home/ubuntu/hello.txt -- kajiya@little-HAL:~$ gcloud compute instances create noble-startup- bug-2057965 --image testing-ubuntu-guest-2404-noble-amd64-v20240823 --image-project ubuntu-kajiya --metadata-from-file=startup- script=startup.sh kajiya@little-HAL:~$ ssh ubuntu@35.204.72.82 -- ubuntu@noble-startup-bug-2057965:~$ ls hello.txt ubuntu@noble-startup-bug-2057965:~$ pro --version 31.2.3 ubuntu@noble-startup-bug-2057965:~$ cloud-init --version /usr/bin/cloud-init 24.1-0ubuntu1 ubuntu@noble-startup-bug-2057965:~$ diff /tmp/startup-sources.list /etc/apt/sources.list ubuntu@noble-startup-bug-2057965:~$ ubuntu@noble-startup-bug-2057965:~$ systemd-analyze critical-chain The time when unit became active or started is printed after the "@" character. The time the unit took to start is printed after the "+" character. graphical.target @23.527s └─multi-user.target @23.527s └─getty.target @23.527s └─getty@tty1.service @23.527s └─system-getty.slice @23.522s └─setvtrgb.service @23.462s +57ms └─plymouth-quit-wait.service @23.435s +11ms └─systemd-user-sessions.service @23.394s +34ms └─cloud-config.service @22.305s +1.080s <<< └─basic.target @11.709s └─sockets.target @11.700s └─snapd.socket @11.628s +59ms └─sysinit.target @11.517s └─cloud-init.service @8.942s +2.206s └─systemd-networkd-wait-online.service @8.893s +31ms └─systemd-networkd.service @8.692s +175ms └─network-pre.target @8.677s └─cloud-init-local.service @4.842s +3.822s └─systemd-remount-fs.service @2.192s +117ms └─systemd-fsck-root.service @1.917s +243ms └─systemd-journald.socket @1.643s └─-.mount @1.520s └─-.slice @1.520s ** Tags removed: verification-needed verification-needed-focal verification-needed-jammy verification-needed-noble ** Tags added: verification-done verification-done-focal verification-done-jammy verification-done-noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2057965 Title: google-startup-scripts runs before cloud-init finished network setup To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/google-guest-agent/+bug/2057965/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073166] [NEW] Please update to 20240701.00
Public bug reported: Following on from previous similar package update requests @ LP: #2043001, LP: #1995620, LP: #1944718 and LP: #1938289, this bug is a request to update the google-compute-engine-oslogin package to the upstream version `20240701.00` @ https://github.com/GoogleCloudPlatform/guest- oslogin/releases/tag/20240701.00 This package has an SRU exception @ https://wiki.ubuntu.com/StableReleaseUpdates#google-compute-engine- oslogin including an ageing exception detailed @ https://wiki.ubuntu.com/google-compute-engine-oslogin-Updates [Impact] This package is provided by Google for installation within guests that run on Google Compute Engine. It is part of a collection of tools and daemons, that ensure that the Ubuntu images published to GCE run properly on their platform. Cloud platforms evolve at a rate that can't be handled in six-month increments, and they will often develop features that they would like to be available to customers who don't want to upgrade from earlier Ubuntu releases. As such, updating this package to more recent upstream releases is required within all Ubuntu releases, so they continue to function properly in their environment. [Test Case] When a new version of this package is uploaded to -proposed, the following will happen: * an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-devel project * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation. If all the testing indicates that the image containing the new package is acceptable, verification will be considered to be done. [Vendored Dependency] There a no re-vendored dependencies (in oracular/devel anyway) [Where Problems Could Occur] There are many upstream changes in `20240701.00-0ubuntu1` vs. `20231004.00-0ubuntu5`; however between the guest-test-infra suite [0] (which is run for validation by CPC _and_ Google) and CPC's own internal test harness (CTF), there is confidence that most if not all "edge cases" and/or obvious regressions concerns can be dismissed before the new version lands in `-updates` [Other Information] This bug is used for tracking of releasing the new upstream version for all supported series, as per the approved policy mentioned in the following MRE: https://wiki.ubuntu.com/google-compute-engine-oslogin-Updates The updated package is not built for armhf and riscv64 due to upstream regressions but the package is not used on those architectures thus please release the SRU without the armhf and risc64 binaries. The package does not build for powerpc on Xenial, but this is OK since it is not used on powerpc either. [0]: https://github.com/GoogleCloudPlatform/guest-test-infra ** Affects: google-compute-engine-oslogin (Ubuntu) Importance: Undecided Assignee: Chloé Smith (kajiya) Status: New ** Changed in: google-compute-engine-oslogin (Ubuntu) Assignee: (unassigned) => Chloé Smith (kajiya) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073166 Title: Please update to 20240701.00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/google-compute-engine-oslogin/+bug/2073166/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073164] [NEW] Please update to 20240607.00
Public bug reported: Following on from previous similar package update requests @ LP: #2066314, LP: #2033061, LP: #2020770 and LP: #1973159 this bug is a request to update gce-compute-image-packages to the upstream version `20240607.00` @ https://github.com/GoogleCloudPlatform/guest- configs/releases/tag/20240607.00 This package has an SRU exception @ https://wiki.ubuntu.com/StableReleaseUpdates#gce-compute-image-packages including an ageing exception detailed @ https://wiki.ubuntu.com/gce- compute-image-packages-Updates [Impact] This package is provided by Google for installation within guests that run on Google Compute Engine. It is part of a collection of tools and daemons, that ensure that the Ubuntu images published to GCE run properly on their platform. Cloud platforms evolve at a rate that can't be handled in six-month increments, and they will often develop features that they would like to be available to customers who don't want to upgrade from earlier Ubuntu releases. As such, updating this package to more recent upstream releases is required within all Ubuntu releases, so they continue to function properly in their environment. [Test Case] When a new version of this package is uploaded to -proposed, the following will happen: * an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-devel project * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation. If all the testing indicates that the image containing the new package is acceptable, verification will be considered to be done. [Vendored Dependency] There a no re-vendored dependencies (in oracular/devel anyway) [Where Problems Could Occur] There are many upstream changes in `20240607.00-0ubuntu1` vs. `20240307.00-0ubuntu1`; however between the guest-test-infra suite [0] (which is run for validation by CPC _and_ Google) and CPC's own internal test harness (CTF), there is confidence that most if not all "edge cases" and/or obvious regressions concerns can be dismissed before the new version lands in `-updates` [Other Information] This bug is used for tracking of releasing the new upstream version for all supported series, as per the approved policy mentioned in the following MRE: https://wiki.ubuntu.com/gce-compute-image-packages-Updates The updated package is not built for armhf and riscv64 due to upstream regressions but the package is not used on those architectures thus please release the SRU without the armhf and risc64 binaries. The package does not build for powerpc on Xenial, but this is OK since it is not used on powerpc either. [0]: https://github.com/GoogleCloudPlatform/guest-test-infra ** Affects: gce-compute-image-packages (Ubuntu) Importance: Undecided Assignee: Chloé Smith (kajiya) Status: New ** Changed in: gce-compute-image-packages (Ubuntu) Assignee: (unassigned) => Chloé Smith (kajiya) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073164 Title: Please update to 20240607.00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gce-compute-image-packages/+bug/2073164/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073163] [NEW] Please update to 20240701.00
Public bug reported: Following on from previous similar package update requests @ LP: #2040945, LP: #2018272 and LP: #1959392, this bug is a request to update the google-guest-agent package to the upstream version `20240701.00` @ https://github.com/GoogleCloudPlatform/guest- agent/releases/tag/20240701.00 This package has an SRU exception @ https://wiki.ubuntu.com/StableReleaseUpdates#google-guest-agent including an ageing exception detailed @ https://wiki.ubuntu.com/google- guest-agent-Updates [Impact] This package is provided by Google for installation within guests that run on Google Compute Engine. It is part of a collection of tools and daemons, that ensure that the Ubuntu images published to GCE run properly on their platform. Cloud platforms evolve at a rate that can't be handled in six-month increments, and they will often develop features that they would like to be available to customers who don't want to upgrade from earlier Ubuntu releases. As such, updating this package to more recent upstream releases is required within all Ubuntu releases, so they continue to function properly in their environment. [Test Case] When a new version of this package is uploaded to -proposed, the following will happen: * an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-devel project * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation. If all the testing indicates that the image containing the new package is acceptable, verification will be considered to be done. [Vendored Dependency] ## Add notes here Chlo ## [Where Problems Could Occur] There are many upstream changes in `20240701.00-0ubuntu1` vs. `20240213.00-0ubuntu4`; however between the guest-test-infra suite [0] (which is run for validation by CPC _and_ Google) and CPC's own internal test harness (CTF), there is confidence that most if not all "edge cases" and/or obvious regressions concerns can be dismissed before the new version lands in `-updates` [Other Information] This bug is used for tracking of releasing the new upstream version for all supported series, as per the approved policy mentioned in the following MRE: https://wiki.ubuntu.com/google-guest-agent-Updates The updated package is not built for armhf and riscv64 due to upstream regressions but the package is not used on those architectures thus please release the SRU without the armhf and risc64 binaries. The package does not build for powerpc on Xenial, but this is OK since it is not used on powerpc either. [0]: https://github.com/GoogleCloudPlatform/guest-test-infra ** Affects: google-guest-agent (Ubuntu) Importance: Undecided Assignee: Chloé Smith (kajiya) Status: New ** Changed in: google-guest-agent (Ubuntu) Assignee: (unassigned) => Chloé Smith (kajiya) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073163 Title: Please update to 20240701.00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/google-guest-agent/+bug/2073163/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073161] [NEW] Please update to 20240524.03
Public bug reported: Following on from previous similar package update requests @ LP: #2064580 LP: #2020762, LP: #1996735, LP: #1938553 and LP: #1911689, this bug is a request to update the google-osconfig-agent package to the upstream version `20240524.03` @ https://github.com/GoogleCloudPlatform/osconfig/releases/tag/20240524.03 This package has an SRU exception @ https://wiki.ubuntu.com/StableReleaseUpdates#google-osconfig-agent including an ageing exception detailed @ https://wiki.ubuntu.com/google- osconfig-agent-Updates [Impact] This package is provided by Google for installation within guests that run on Google Compute Engine. It is part of a collection of tools and daemons, that ensure that the Ubuntu images published to GCE run properly on their platform. Cloud platforms evolve at a rate that can't be handled in six-month increments, and they will often develop features that they would like to be available to customers who don't want to upgrade from earlier Ubuntu releases. As such, updating this package to more recent upstream releases is required within all Ubuntu releases, so they continue to function properly in their environment. [Test Case] When a new version of this package is uploaded to -proposed, the following will happen: * an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-devel project * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation. If all the testing indicates that the image containing the new package is acceptable, verification will be considered to be done. [Vendored Dependency] In this update there are no re-vendored dependencies (for oracular/devel anyway) [Where Problems Could Occur] There are many upstream changes in `20240320.00-0ubuntu2` vs. `20240524.03-0ubuntu1`; however between the guest-test-infra suite [0] (which is run for validation by CPC _and_ Google) and CPC's own internal test harness (CTF), there is confidence that most if not all "edge cases" and/or obvious regressions concerns can be dismissed before the new version lands in `-updates` [Other Information] This bug is used for tracking of releasing the new upstream version for all supported series, as per the approved policy mentioned in the following MRE: https://wiki.ubuntu.com/google-osconfig-agent-Updates The updated package is not built for armhf and riscv64 due to upstream regressions but the package is not used on those architectures thus please release the SRU without the armhf and risc64 binaries. The package does not build for powerpc on Xenial, but this is OK since it is not used on powerpc either. [0]: https://github.com/GoogleCloudPlatform/guest-test-infra ** Affects: google-osconfig-agent (Ubuntu) Importance: Undecided Assignee: Chloé Smith (kajiya) Status: New ** Changed in: google-osconfig-agent (Ubuntu) Assignee: (unassigned) => Chloé Smith (kajiya) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073161 Title: Please update to 20240524.03 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/google-osconfig-agent/+bug/2073161/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066314] Re: Please update the agent to upstream tag 20240307.00
** Description changed: + === SRU === + Following on from previous similar package update requests @ LP: #2064580, LP: #2020762, LP: #1996735, LP: #1938553 and LP: #1911689 this bug is a request to update `gce-compute-image-packages` to the new upstream version `20240307.00` @ https://github.com/GoogleCloudPlatform/guest- configs/releases/tag/20240307.00 This package has an SRU exception @ https://wiki.ubuntu.com/StableReleaseUpdates#gce-compute-image-packages including an ageing exception detailed @ https://wiki.ubuntu.com/gce- compute-image-packages-Updates [Impact] This package is provided by Google for installation within guests that run on Google Compute Engine. It is part of a collection of tools and daemons, that ensure that the Ubuntu images published to GCE run properly on their platform. Cloud platforms evolve at a rate that can't be handled in six-month increments, and they will often develop features that they would like to be available to customers who don't want to upgrade from earlier Ubuntu releases. As such, updating this package to more recent upstream releases is required within all Ubuntu releases, so they continue to function properly in their environment. [Test Case] When a new version of this package is uploaded to -proposed, the following will be done: * an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-devel project * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation. If all the testing indicates that the image containing the new package is acceptable, verification will be considered to be done. [Vendored Dependency] - There a no new vendor dependencies needed so far (in oracular) + There a no new vendor dependencies needed (in any of the in-life suites) [Where Problems Could Occur] There are many upstream changes in `20230808.00-0ubuntu2` vs. `20240307.00-0ubuntu1`; however between the guest-test-infra suite [0] (which is run for validation by CPC _and_ Google) and CPC's own internal test harness (CTF) there is confidence that most if not all "edge cases" and/or obvious regressions concerns can be dismissed before the new version lands in `-updates` [Other Information] This bug is used for tracking of releasing the new upstream version for all supported series, as per the approved policy mentioned in the following MRE: https://wiki.ubuntu.com/gce-compute-image-packages-Updates The updated package is not built for armhf and riscv64 due to upstream regressions, but the package is not used on those architectures anyways thus please release the SRU without the armhf and risc64 binaries. The package does not build for powerpc on Xenial, but this is also fine as it is not used on powerpc either. [0]: https://github.com/GoogleCloudPlatform/guest-test-infra -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066314 Title: Please update the agent to upstream tag 20240307.00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gce-compute-image-packages/+bug/2066314/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066314] Re: Please update the agent to upstream tag 20240307.00
** Description changed: Following on from previous similar package update requests @ LP: #2064580, LP: #2020762, LP: #1996735, LP: #1938553 and LP: #1911689 this bug is a request to update `gce-compute-image-packages` to the new upstream version `20240307.00` @ https://github.com/GoogleCloudPlatform/guest- configs/releases/tag/20240307.00 This package has an SRU exception @ https://wiki.ubuntu.com/StableReleaseUpdates#gce-compute-image-packages including an ageing exception detailed @ https://wiki.ubuntu.com/gce- compute-image-packages-Updates [Impact] This package is provided by Google for installation within guests that run on Google Compute Engine. It is part of a collection of tools and daemons, that ensure that the Ubuntu images published to GCE run properly on their platform. Cloud platforms evolve at a rate that can't be handled in six-month increments, and they will often develop features that they would like to be available to customers who don't want to upgrade from earlier Ubuntu releases. As such, updating this package to more recent upstream releases is required within all Ubuntu releases, so they continue to function properly in their environment. [Test Case] When a new version of this package is uploaded to -proposed, the following will be done: - * an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-devel project - * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation. + * an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-devel project + * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation. If all the testing indicates that the image containing the new package is acceptable, verification will be considered to be done. [Vendored Dependency] - There a no new vendor dependencies need (in oracular) + There a no new vendor dependencies needed so far (in oracular) [Where Problems Could Occur] There are many upstream changes in `20230808.00-0ubuntu2` vs. `20240307.00-0ubuntu1`; however between the guest-test-infra suite [0] (which is run for validation by CPC _and_ Google) and CPC's own internal test harness (CTF) there is confidence that most if not all "edge cases" and/or obvious regressions concerns can be dismissed before the new version lands in `-updates` [Other Information] This bug is used for tracking of releasing the new upstream version for all supported series, as per the approved policy mentioned in the following MRE: https://wiki.ubuntu.com/gce-compute-image-packages-Updates The updated package is not built for armhf and riscv64 due to upstream regressions, but the package is not used on those architectures anyways thus please release the SRU without the armhf and risc64 binaries. The package does not build for powerpc on Xenial, but this is also fine as it is not used on powerpc either. [0]: https://github.com/GoogleCloudPlatform/guest-test-infra ** Changed in: gce-compute-image-packages (Ubuntu) Assignee: (unassigned) => Chloé Smith (kajiya) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066314 Title: Please update the agent to upstream tag 20240307.00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gce-compute-image-packages/+bug/2066314/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066314] Re: Please update the agent to upstream tag 20240307.00
** Merge proposal linked: https://code.launchpad.net/~kajiya/+git/gce-compute-image-packages/+merge/466197 ** Merge proposal linked: https://code.launchpad.net/~kajiya/+git/gce-compute-image-packages/+merge/466199 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066314 Title: Please update the agent to upstream tag 20240307.00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gce-compute-image-packages/+bug/2066314/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066314] Re: Please update the agent to upstream tag 20240307.00
** Description changed: - . + Following on from previous similar package update requests @ LP: + #2064580, LP: #2020762, LP: #1996735, LP: #1938553 and LP: #1911689 this + bug is a request to update `gce-compute-image-packages` to the new + upstream version `20240307.00` @ + https://github.com/GoogleCloudPlatform/guest- + configs/releases/tag/20240307.00 + + This package has an SRU exception @ + https://wiki.ubuntu.com/StableReleaseUpdates#gce-compute-image-packages + including an ageing exception detailed @ https://wiki.ubuntu.com/gce- + compute-image-packages-Updates + + [Impact] + + This package is provided by Google for installation within guests that + run on Google Compute Engine. It is part of a collection of tools and + daemons, that ensure that the Ubuntu images published to GCE run + properly on their platform. + + Cloud platforms evolve at a rate that can't be handled in six-month + increments, and they will often develop features that they would like to + be available to customers who don't want to upgrade from earlier Ubuntu + releases. As such, updating this package to more recent upstream + releases is required within all Ubuntu releases, so they continue to + function properly in their environment. + + [Test Case] + + When a new version of this package is uploaded to -proposed, the + following will be done: + + * an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-devel project + * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation. + + If all the testing indicates that the image containing the new package + is acceptable, verification will be considered to be done. + + [Vendored Dependency] + + There a no new vendor dependencies need (in oracular) + + [Where Problems Could Occur] + + There are many upstream changes in `20230808.00-0ubuntu2` vs. + `20240307.00-0ubuntu1`; however between the guest-test-infra suite [0] + (which is run for validation by CPC _and_ Google) and CPC's own internal + test harness (CTF) there is confidence that most if not all "edge cases" + and/or obvious regressions concerns can be dismissed before the new + version lands in `-updates` + + [Other Information] + + This bug is used for tracking of releasing the new upstream version for + all supported series, as per the approved policy mentioned in the + following MRE: + + https://wiki.ubuntu.com/gce-compute-image-packages-Updates + + The updated package is not built for armhf and riscv64 due to upstream + regressions, but the package is not used on those architectures anyways + thus please release the SRU without the armhf and risc64 binaries. + + The package does not build for powerpc on Xenial, but this is also fine + as it is not used on powerpc either. + + [0]: https://github.com/GoogleCloudPlatform/guest-test-infra -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066314 Title: Please update the agent to upstream tag 20240307.00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gce-compute-image-packages/+bug/2066314/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066314] [NEW] Please update the agent to upstream tag 20240307.00
Public bug reported: Following on from previous similar package update requests @ LP: #2064580, LP: #2020762, LP: #1996735, LP: #1938553 and LP: #1911689 this bug is a request to update `gce-compute-image-packages` to the new upstream version `20240307.00` @ https://github.com/GoogleCloudPlatform/guest- configs/releases/tag/20240307.00 This package has an SRU exception @ https://wiki.ubuntu.com/StableReleaseUpdates#gce-compute-image-packages including an ageing exception detailed @ https://wiki.ubuntu.com/gce- compute-image-packages-Updates [Impact] This package is provided by Google for installation within guests that run on Google Compute Engine. It is part of a collection of tools and daemons, that ensure that the Ubuntu images published to GCE run properly on their platform. Cloud platforms evolve at a rate that can't be handled in six-month increments, and they will often develop features that they would like to be available to customers who don't want to upgrade from earlier Ubuntu releases. As such, updating this package to more recent upstream releases is required within all Ubuntu releases, so they continue to function properly in their environment. [Test Case] When a new version of this package is uploaded to -proposed, the following will be done: * an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-devel project * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation. If all the testing indicates that the image containing the new package is acceptable, verification will be considered to be done. [Vendored Dependency] There a no new vendor dependencies need (in oracular) [Where Problems Could Occur] There are many upstream changes in `20230808.00-0ubuntu2` vs. `20240307.00-0ubuntu1`; however between the guest-test-infra suite [0] (which is run for validation by CPC _and_ Google) and CPC's own internal test harness (CTF) there is confidence that most if not all "edge cases" and/or obvious regressions concerns can be dismissed before the new version lands in `-updates` [Other Information] This bug is used for tracking of releasing the new upstream version for all supported series, as per the approved policy mentioned in the following MRE: https://wiki.ubuntu.com/gce-compute-image-packages-Updates The updated package is not built for armhf and riscv64 due to upstream regressions, but the package is not used on those architectures anyways thus please release the SRU without the armhf and risc64 binaries. The package does not build for powerpc on Xenial, but this is also fine as it is not used on powerpc either. [0]: https://github.com/GoogleCloudPlatform/guest-test-infra ** Affects: gce-compute-image-packages (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066314 Title: Please update the agent to upstream tag 20240307.00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gce-compute-image-packages/+bug/2066314/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064580] Re: Please update the package to 20240320.00
All suites (X, B, F, J, M, N, O) have passed CPC's internal testing (CTF) and were shared with Google. Google have came back to us today and confirmed that all the images passed their internal testing as well, so I've marked the bug as verification-done :) ** Tags removed: verification-needed verification-needed-focal verification-needed-jammy verification-needed-mantic verification-needed-noble ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-jammy verification-done-mantic verification-done-noble verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064580 Title: Please update the package to 20240320.00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/google-osconfig-agent/+bug/2064580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064580] Re: Please update the package to 20240320.00
** Description changed: Following on from previous similar package update requests @ LP: #2020762, LP: #1996735, LP: #1938553 and LP: #1911689 this bug is a request to update the google-osconfig-agent to the upstream version `20240320.00` @ https://github.com/GoogleCloudPlatform/osconfig/releases/tag/20240320.00 This package has an SRU exception @ https://wiki.ubuntu.com/StableReleaseUpdates#google-osconfig-agent including an ageing exception detailed @ https://wiki.ubuntu.com/google- osconfig-agent-Updates There is some urgency in landing these changes to accommodate planned infrastructure changes on the Google Compute Platform. [Impact] This package is provided by Google for installation within guests that run on Google Compute Engine. It is part of a collection of tools and daemons, that ensure that the Ubuntu images published to GCE run properly on their platform. Cloud platforms evolve at a rate that can't be handled in six-month increments, and they will often develop features that they would like to be available to customers who don't want to upgrade from earlier Ubuntu releases. As such, updating this package to more recent upstream releases is required within all Ubuntu releases, so they continue to function properly in their environment. [Test Case] When a new version of this package is uploaded to -proposed, the following will be done: * an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-devel project * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation. If all the testing indicates that the image containing the new package is acceptable, verification will be considered to be done. [Vendored Dependency] In this update, the vendored dependencies have changed. Here's the diff of what's changing and their version bumps: https://paste.ubuntu.com/p/ChcV6YB2CN/ There are some vendored dependencies changing in the tests, too. Here's the diff of that: https://paste.ubuntu.com/p/dwMPT675Rg/ Furthermore, the actual vendored changes are here: https://git.launchpad.net/~ubuntu-core-dev/+git/google-osconfig- agent/commit/?h=ubuntu/master&id=04c6d100f1d2a63c41456d04d0d3331e29199127 This also shows the exact files changed and the number of lines changed in those files. + [Where Problems Could Occur] + + There are many upstream changes in `20230504.00-0ubuntu3` vs. + `20240320.00-0ubuntu1`; however between the guest-test-infra suite [0] + (which is run for validation by CPC _and_ Google) and CPC's own internal + test harness (CTF) there is confidence that most if not all "edge cases" + and/or obvious regressions concerns can be dismissed before the new + version lands in `-updates` + [Other Information] This bug is used for tracking of releasing the new upstream version for all supported series, as per the approved policy mentioned in the following MRE: https://wiki.ubuntu.com/google-osconfig-agent-Updates The updated package is not built for armhf and riscv64 due to upstream regressions but the package is not used on those architectures thus please release the SRU without the armhf and risc64 binaries. The package does not build for powerpc on Xenial, but this is OK since it is not used on powerpc either. + + [0]: https://github.com/GoogleCloudPlatform/guest-test-infra -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064580 Title: Please update the package to 20240320.00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/google-osconfig-agent/+bug/2064580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064580] Re: Please update the package to 20240320.00
We'll also need ubuntu/mantic and ubuntu/noble branches created in preparation for the looming SRU :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064580 Title: Please update the package to 20240320.00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/google-osconfig-agent/+bug/2064580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064580] Re: Please update the package to 20240320.00
oracular (master) debdiff ** Merge proposal linked: https://code.launchpad.net/~kajiya/+git/google-osconfig-agent/+merge/465503 ** Merge proposal linked: https://code.launchpad.net/~kajiya/+git/google-osconfig-agent/+merge/465504 ** Patch added: "20230504.00-vs-20240320.00.diff" https://bugs.launchpad.net/ubuntu/+source/google-osconfig-agent/+bug/2064580/+attachment/5774570/+files/20230504.00-vs-20240320.00.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064580 Title: Please update the package to 20240320.00 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/google-osconfig-agent/+bug/2064580/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064136] Re: Please add a new entry for Ubuntu 24.10 Oracular Oriole
@bdrung I think those are the only places it's been announced publicly, and don't worry I know there isn't much you can do right now - I'm just getting our (CPC's) ducks in a row :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064136 Title: Please add a new entry for Ubuntu 24.10 Oracular Oriole To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/distro-info-data/+bug/2064136/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064136] [NEW] Please add a new entry for Ubuntu 24.10 Oracular Oriole
Public bug reported: [ Impact ] Several tools rely on the `distro-info` package to tell them which releases are available. This package just contains data, with no format changes. [ Regression Potential ] Minimal, as long as we are only adding new entries (we do this every release). [ Test Case ] "ubuntu-distro-info -df" should name the release in full: Ubuntu 24.10 "Oracular Oriole" ** Affects: distro-info-data (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064136 Title: Please add a new entry for Ubuntu 24.10 Oracular Oriole To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/distro-info-data/+bug/2064136/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063315] Re: Suspend & Resume functionality broken/timesout in GCE
** Description changed: - Suspend/Resume capability is broken in all noble images with kernel - version + [Impact] + + Suspend/Resume capability is broken in all noble images with kernel version 6.8.0-1007-gcp. + + GCE offers the capability to "Suspend" a VM to conserve power/lower + costs when the instance is not in use [0]. It uses ACPI S3 signals to + tell the guest to power down. This capability no longer works in the + latest kernel with the following error: + + ``` + Operation type [suspend] failed with message "Instance suspend failed due to guest timeout." + ``` + + which points to the following [1]. + + + + Refs: + + [0]: https://cloud.google.com/compute/docs/instances/suspend-resume- + instance + + [1]: + https://cloud.google.com/compute/docs/troubleshooting/troubleshooting- + suspend-resume#there_was_a_guest_timeout -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063315 Title: Suspend & Resume functionality broken/timesout in GCE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-gcp/+bug/2063315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063315] [NEW] Suspend & Resume functionality broken/timesout in GCE
Public bug reported: Suspend/Resume capability is broken in all noble images with kernel version ** Affects: linux-gcp (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063315 Title: Suspend & Resume functionality broken/timesout in GCE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-gcp/+bug/2063315/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2062607] Re: google-guest-agent and google-osconfig-agent security update and tests
Images with these changes (installed from the above PPA) passed CPC's own internal validation (CTF), and Google tested the candidate images and said they were fine to proceed with! ** Tags added: verification-done verification-done-jammy verification- done-mantic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2062607 Title: google-guest-agent and google-osconfig-agent security update and tests To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/google-guest-agent/+bug/2062607/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952421] Re: Issue on sshd finds correct private key for a certificate when using ssh-agent
Focal verification [INSTALLED PKG VERSION] chlo@BIG-HAL:~$ apt-cache policy openssh-server openssh-server: Installed: 1:8.2p1-4ubuntu0.4 Candidate: 1:8.2p1-4ubuntu0.4 Version table: *** 1:8.2p1-4ubuntu0.4 400 400 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages 100 /var/lib/dpkg/status 1:8.2p1-4ubuntu0.3 500 500 http://gb.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 1:8.2p1-4ubuntu0.2 500 500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages 1:8.2p1-4 500 500 http://gb.archive.ubuntu.com/ubuntu focal/main amd64 Packages [PROCEDURE] Create the keys/certs needed ``ssh-keygen -t rsa -b 4096 -f host_ca -C host_ca`` (no passphrase) ``ssh-keygen -f ssh_host_rsa_key -N '' -b 4096 -t rsa`` ``ssh-keygen -s host_ca -I localhost -h -n localhost -V +52w ssh_host_rsa_key.pub`` Copied ssh_host_rsa_key* files over to /etc/ssh and added the following to /etc/ssh/sshd_config ``HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub`` Restarted sshd using systemctl and added ``@cert-authority localhost ssh-rsa abcdefg`` (ssh-rsa abcdefg is the contents of host_ca.pub) to ~/.ssh/known_hosts Finally, running ssh -vv chlo@localhost 2>&1 | grep "Server" debug1: Server host certificate: ssh-rsa-cert-...@openssh.com SHA256:s2gq1xBSdetCarwElgQd0NbjJbiE3iLDxFtJqDhBFF4, serial 0 ID "localhost" CA ssh-rsa SHA256:v8ZgezKD9Zw/Ns8I0W6mfvxCAo9jv3WznUYAFhfPfCU valid from 2022-01-05T22:46:00 to 2023-01-04T22:47:11 debug2: Server host certificate hostname: localhost which tells us the certificate was seen and used ** Tags removed: verification-needed-hirsute verification-needed-impish ** Tags added: verification-done-hirsute verification-done-impish -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952421 Title: Issue on sshd finds correct private key for a certificate when using ssh-agent To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1952421/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952421] Re: Issue on sshd finds correct private key for a certificate when using ssh-agent
Apologies, I changed the tags *after* posting all the comments just to make it more confusing... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952421 Title: Issue on sshd finds correct private key for a certificate when using ssh-agent To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1952421/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952421] Re: Issue on sshd finds correct private key for a certificate when using ssh-agent
Impish verification [INSTALLED PKG VERSION] kajiya@chloe-HAL:~$ apt-cache policy openssh-server openssh-server: Installed: 1:8.4p1-6ubuntu2.1 Candidate: 1:8.4p1-6ubuntu2.1 Version table: *** 1:8.4p1-6ubuntu2.1 400 400 http://gb.archive.ubuntu.com/ubuntu impish-proposed/main amd64 Packages 400 http://archive.ubuntu.com/ubuntu impish-proposed/main amd64 Packages 100 /var/lib/dpkg/status 1:8.4p1-6ubuntu2 500 500 http://gb.archive.ubuntu.com/ubuntu impish/main amd64 Packages [PROCEDURE] Create the keys/certs needed ``ssh-keygen -t rsa -b 4096 -f host_ca -C host_ca`` (no passphrase) ``ssh-keygen -f ssh_host_rsa_key -N '' -b 4096 -t rsa`` ``ssh-keygen -s host_ca -I localhost -h -n localhost -V +52w ssh_host_rsa_key.pub`` Copied ssh_host_rsa_key* files over to /etc/ssh and added the following to /etc/ssh/sshd_config ``HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub`` Restarted sshd using systemctl and added ``@cert-authority localhost ssh-rsa abcdefg`` (ssh-rsa abcdefg is the contents of host_ca.pub) to ~/.ssh/known_hosts Finally, running ssh -vv kajiya@localhost 2>&1 | grep "Server host certificate" gives debug1: Server host certificate: ssh-rsa-cert-...@openssh.com SHA256:pprTqBvT2oazgTsfPF+RD47ca/W1U4JCgq5fl7m1LkA, serial 0 ID "localhost" CA ssh-rsa SHA256:l3PYuQBJMLruGeASt+BKEDGLDlk5NHx59cwW6/Qgzs4 valid from 2022-01-05T22:11:00 to 2023-01-04T22:12:07 debug2: Server host certificate hostname: localhost which tells us the certificate was seen and used -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952421 Title: Issue on sshd finds correct private key for a certificate when using ssh-agent To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1952421/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952421] Re: Issue on sshd finds correct private key for a certificate when using ssh-agent
Hirsute verification [INSTALLED PKG VERSION] kajiya@chloe-HAL:~/Documents/work$ apt-cache policy openssh-server openssh-server: Installed: 1:8.4p1-5ubuntu1.2 Candidate: 1:8.4p1-5ubuntu1.2 Version table: *** 1:8.4p1-5ubuntu1.2 500 500 http://gb.archive.ubuntu.com/ubuntu hirsute-proposed/main amd64 Packages 500 http://archive.ubuntu.com/ubuntu hirsute-proposed/main amd64 Packages 100 /var/lib/dpkg/status 1:8.4p1-5ubuntu1.1 500 500 http://gb.archive.ubuntu.com/ubuntu hirsute-updates/main amd64 Packages 1:8.4p1-5ubuntu1 500 500 http://gb.archive.ubuntu.com/ubuntu hirsute/main amd64 Packages [PROCEDURE] Create the keys/certs needed ``ssh-keygen -t rsa -b 4096 -f host_ca -C host_ca`` (no passphrase) ``ssh-keygen -f ssh_host_rsa_key -N '' -b 4096 -t rsa`` ``ssh-keygen -s host_ca -I localhost -h -n localhost -V +52w ssh_host_rsa_key.pub`` Copied ssh_host_rsa_key* files over to /etc/ssh and added the following to /etc/ssh/sshd_config ``HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub`` Restarted sshd using systemctl and added ``@cert-authority localhost ssh-rsa abcdefg`` (ssh-rsa abcdefg is the contents of host_ca.pub) to ~/.ssh/known_hosts Finally, running ``ssh -vv localhost 2>&1 | grep "Server host certificate"`` gives ssh -vv kajiya@localhost 2>&1 | grep "Server host certificate" debug1: Server host certificate: ssh-rsa-cert-...@openssh.com SHA256:ufStWAPad1IQ08xMPM1iF4u4JHEaeAuQcD3qoe8yJ9A, serial 0 ID "localhost" CA ssh-rsa SHA256:3iVQ6wcBeoRO3S12jO8K34Do8HbVTPxiBp3rNzCngGc valid from 2022-01-05T17:20:00 to 2023-01-04T17:21:17 debug2: Server host certificate hostname: localhost which tells us the certificate was seen and used -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952421 Title: Issue on sshd finds correct private key for a certificate when using ssh-agent To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1952421/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952421] Re: Issue on sshd finds correct private key for a certificate when using ssh-agent
Hey everyone, I can confirm the fix has been tested by our friends at Google (Anthos) for Focal 20.04, using the same patch used in 1:8.2p1-4ubuntu0.4 but *not* by using the package from focal-proposed itself. Hopefully this still suffices? Please let me know if not and I'll re-run the verification again using an instance pulling from focal-proposed. [RATIONALE] Need SSH to authenticate a ``HostCertificate`` and an SSH agent that holds the corresponding host private key. The sshd_config has the following directives: -- HostCertificate the public host certificate whose public key matches the private key stored in the ssh agent -- HostKey the public key of the host keypair -- HostKeyAgent the socket of the ssh agent that holds the host private key Before the patch, this combination didn't work - even though it authenticated successfully the setup behaved as if ``HostCertificate`` was never configured (i.e. it authenticated using only the public key and the private key in the ssh agent). [VERIFICATION OF FIX] sh-agent -a /path/agent-socket SSH_AUTH_SOCK=/path/agent-socket ssh-add -k /path/hostkey Then ran ``sshd`` with: HostCertificate /path/hostkey-cert.pub HostKey /path/hostkey.pub HostKeyAgent /path/agent-socket Then configured the CA trust anchor on the client's side. (localhost was used, but it would be the same if a second host is used as a client) ssh -vv localhost shows the host certificate was seen and used. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952421 Title: Issue on sshd finds correct private key for a certificate when using ssh-agent To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1952421/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1952421] Re: Issue on sshd finds correct private key for a certificate when using ssh-agent
** Description changed:
- Reported as https://bugzilla.mindrot.org/show_bug.cgi?id=3254 upstream:
+ Reported as https://bugzilla.mindrot.org/show_bug.cgi?id=3254 upstream
- Please take a look at line 1936 in main() function in sshd.c.
+ [Impact]
+
+ * HostCertificate and HostKeyAgent are not working together in sshd due
+to a mismatched certificate's public key and private key. The function `
`sshkey_equal_public()`` incorrectly compares the certificate's public
+ key with a private key, never finding a match. The impact is that sshd
+ cannot use said certificate *even though* its private key is indeed in
+ ssh-agent.
+
+ * What it should do is compare the certificate's public key with a
+ public key in `sensitive_data`.
+
+ * Having this SRU-ed is a direct ask from one of the major cloud partners.
+ They are currently using a customised version of the package to work
+ around this issue, and we would like them to use a package directly from
+ our own archive.
+
+ * Looping through sensitive_data.host_pubkeys[j] *instead* of
+sensitive_data.host_keys[j] fixes the issue
+
+ [https://github.com/openssh/openssh-portable/blob/V_8_4/sshd.c#L1936]
/* Find matching private key */
- for (j = 0; j < options.num_host_key_files; j++) {
- if (sshkey_equal_public(key,
- sensitive_data.host_keys[j])) {
- sensitive_data.host_certificates[j] = key;
- break;
- }
- }
+ for (j = 0; j < options.num_host_key_files; j++) {
+ if (sshkey_equal_public(key,
+ sensitive_data.host_keys[j])) {
+ sensitive_data.host_certificates[j] = key;
+ break;
+ }
+ }
- the sshkey_equal_public() is trying to compare a cert's pub with a private
key, and it never find a match which makes sshd cannot use this certificate
even though its private key is in ssh-agent.
- I believe it should be comparing a cert's public key with a public key in
sensitive_data as follow.
+ vs.
/* Find matching private key */
- for (j = 0; j < options.num_host_key_files; j++) {
- if (sshkey_equal_public(key,
- sensitive_data.host_pubkeys[j])) {
- sensitive_data.host_certificates[j] = key;
- break;
- }
- }
+ for (j = 0; j < options.num_host_key_files; j++) {
+ if (sshkey_equal_public(key,
+ sensitive_data.host_pubkeys[j])) {
+ sensitive_data.host_certificates[j] = key;
+ break;
+ }
+ }
+
- https://github.com/openssh/openssh-portable/blob/V_8_4/sshd.c#L1936
+ [Test Plan]
- Due to this HostCertificate and HostKeyAgent not working together in
- sshd and this affects every version of openssh back till Focal, at
- least.
+ * Due to the empirical nature of this bug, the test is quite straight
+forward. *Without* the fix, one cannot use certificates to authenticate
+successfully (e.g. ``sshd -c /path/to/certificate.pem``)
+whereas with the fix (assuming the certificate matches a host key) you
+can create a channel.
+
+ [Where problems could occur]
+
+ * This has already been fixed both upstream and in Jammy without issue.
+However, if a regression where to happen it would probably be in one of
+two ways:
+
+ * A dependency/reverse-dependency issue stemming from the version
+bump that will happen if this fix is ported. We mitigate this risk
+by testing for these exact types of regression,
+and by selecting carefully what to label this new version.
+
+ * Accidentally breaking a set up that was made to work around this
+bug in the first place. The risk of this is lower, as the most
+likely fix is the one being implemented here anyway. Though
+to mitigate this more we can describe exactly what is happening
+with the fix in the changelog.
+
+
+ This affects every version of openssh back until Focal, at least.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1952421
Title:
Issue on sshd finds correct private key for a certificate when using
ssh-agent
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1952421/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1895104] Re: It hangs during booting after deploy cloud image(.ova) and upgrade hardware vesion in ESXi
** Changed in: cloud-images Importance: Undecided => Low -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1895104 Title: It hangs during booting after deploy cloud image(.ova) and upgrade hardware vesion in ESXi To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/1895104/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1895104] Re: It hangs during booting after deploy cloud image(.ova) and upgrade hardware vesion in ESXi
** Merge proposal linked: https://code.launchpad.net/~kajiya/livecd-rootfs/+git/livecd-rootfs/+merge/404339 ** Changed in: cloud-images Assignee: (unassigned) => Chloé Smith (kajiya) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1895104 Title: It hangs during booting after deploy cloud image(.ova) and upgrade hardware vesion in ESXi To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/1895104/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
