[Bug 2031192] Re: Enabling of Pro Services Does Not Update when using airgapped mirrors over http://
The verification for the main SRU bug (https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060732) was done for 32.2 and no errors were encountered related to this bug. No need to re-do all automation for 32.3, as explained in:https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2067319/comments/1 So I am marking verification-done for all releases. ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-mantic verification-needed-noble verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-jammy verification-done-mantic verification-done-noble verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2031192 Title: Enabling of Pro Services Does Not Update when using airgapped mirrors over http:// To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2031192/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2033313] Re: Rename ua_logs.tar.gz to up_logs.tar.gz
The verification for the main SRU bug (https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060732) was done for 32.2 and no errors were encountered related to this bug. No need to re-do all automation for 32.3, as explained in:https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2067319/comments/1 So I am marking verification-done for all releases. ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-mantic verification-needed-noble verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-jammy verification-done-mantic verification-done-noble verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2033313 Title: Rename ua_logs.tar.gz to up_logs.tar.gz To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2033313/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2066929] Re: 32.1 in -proposed causes new apparmor denials
The verification for the main SRU bug (https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060732) was done for 32.2 and no errors were encountered related to this bug. No need to re-do all automation for 32.3, as explained in:https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2067319/comments/1 So I am marking verification-done for all releases. ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-mantic verification-needed-noble verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-jammy verification-done-mantic verification-done-noble verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066929 Title: 32.1 in -proposed causes new apparmor denials To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2066929/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065573] Re: esm-cache.service denied access to /etc/os-release by apparmor
I'm re-marking this as verification-done for all releases, as it was verified on 32.2 and the new 32.3 version does not affect this. Further information in: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2067319/comments/1 ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-mantic verification-needed-noble verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-jammy verification-done-mantic verification-done-noble verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065573 Title: esm-cache.service denied access to /etc/os-release by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2065573/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065616] Re: apport hook AttributeError: 'UAConfig' object has no attribute 'data_path'
I'm re-marking this as verification-done for all releases, as it was verified on 32.2 and the new 32.3 version does not affect this. Further information in: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2067319/comments/1 ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-mantic verification-needed-noble verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-jammy verification-done-mantic verification-done-noble verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065616 Title: apport hook AttributeError: 'UAConfig' object has no attribute 'data_path' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2065616/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060732] Re: [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic
Context on the cloud-init failures: Cloud-init's newer version changed the key used in cloud config for the Pro client from ubuntu_advantage to ubuntu_pro. Because it is a "breaking" change, this works fine on Focal and Jammy, where both keys are accepted, but not on Noble. On Noble, when you use ubuntu_advantage, the functionality itself works but you get a warning and cloud-init is left in a degraded state - breaking our test expectations that all is good on their side. We changed the key to `ubuntu_pro` in tests so cloud-init can work well on Noble, and it does. But the catch is: the support for the `ubuntu_pro` key is only implemented in THIS version of the Client, >=32, which is in -proposed. When we launch the machines for testing, we are not using the package from proposed yet - we boot with cloud-config being considered in the installed version, and install from proposed later. This leads to the following conclusion: - our test is meant to verify the Client's behavior with the new key, and what is breaking is the cloud-init integration. So those failures are not related to the proposed package at all, and should not block verification for the SRU. - this is and has been true for a while, and those tests are always executed, which carries the side effect of guaranteeing some extent of cloud-init integration, but only after released. - We have assured this particular integration works using builds from local / daily PPAs. So all is good to proceed here despite those failures. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060732 Title: [SRU] ubuntu-advantage-tools (31 -> 32) Xenial, Bionic, Focal, Jammy, Mantic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060732/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2067319] Re: After upgrading from bionic to focal, esm-cache.service hits apparmor denials
Updated the description, as Robie asked, with the problems that could occur.
Also outlined the tests to be executed to validate the fix for this bug.
** Description changed:
[ Impact ]
On ubuntu-advantage-tools v32.2, currently in -proposed, we are hitting
apparmor DENIED errors on the apt update hook which executes esm-
cache.service.
This ONLY happens if the version with the apparmor profiles is installed
on a Focal system which has been upgraded from Bionic, using do-release-
upgrade.
It seems that despite covering /usr/bin/ in the profile on Focal for
commands like uname or systemctl, we don't account for /bin/. However,
when coming from a Bionic system, /bin/ is an actual folder instead of a
symlink (as expected on a fresh Focal machine).
This happens because of the usr-merge[1] effort. On fresh focal systems, we
have symlinks replacing top-level directories like /bin, /sbin, and others:
root@f-pristine:~# ls -la /{bin,lib,lib*,sbin}
lrwxrwxrwx 1 root root 7 May 24 21:40 /bin -> usr/bin
lrwxrwxrwx 1 root root 7 May 24 21:40 /lib -> usr/lib
lrwxrwxrwx 1 root root 7 May 24 21:40 /lib -> usr/lib
lrwxrwxrwx 1 root root 9 May 24 21:40 /lib32 -> usr/lib32
lrwxrwxrwx 1 root root 9 May 24 21:40 /lib64 -> usr/lib64
lrwxrwxrwx 1 root root 10 May 24 21:40 /libx32 -> usr/libx32
lrwxrwxrwx 1 root root 8 May 24 21:40 /sbin -> usr/sbin
In bionic, these are actual directories:
root@b:~# ls -lad /{bin,lib,lib*,sbin}
drwxr-xr-x 1 root root 2472 Jun 7 2023 /bin
drwxr-xr-x 1 root root 438 Jun 7 2023 /lib
drwxr-xr-x 1 root root 438 Jun 7 2023 /lib
drwxr-xr-x 1 root root 40 Jun 7 2023 /lib64
drwxr-xr-x 1 root root 3694 Jun 7 2023 /sbin
In a focal system that was upgraded from bionic, the usr-merge is not
done, and this focal system will retain the bionic top-level
directories.
Logs:
2024-05-24 03:09:16,344:WARNING:root:XXX apparmor DENIED begin
2024-05-24 03:09:16,344:WARNING:root:May 24 03:09:09 rtp kernel:
[237304.232128] audit: type=1400 audit(1716530949.314:82839): apparmor="DENIED"
operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_esm_cache" name="/bin/uname" pid=108713 comm="python3"
requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:09 rtp kernel: [237304.261953] audit: type=1400
audit(1716530949.346:82840): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_apt_news" name="/bin/uname" pid=108714 comm="python3"
requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:09 rtp kernel: [237304.456301] audit: type=1400
audit(1716530949.538:82841): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_esm_cache//cloud_id" name="/bin/uname" pid=108719
comm="cloud-id" requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:09 rtp kernel: [237304.514651] audit: type=1400
audit(1716530949.598:82842): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_esm_cache//cloud_id" name="/bin/systemctl" pid=108721
comm="cloud-id" requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:11 rtp kernel: [237306.797550] audit: type=1400
audit(1716530951.878:82843): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_esm_cache" name="/bin/uname" pid=109364 comm="python3"
requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:11 rtp kernel: [237306.827422] audit: type=1400
audit(1716530951.910:82844): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_apt_news" name="/bin/uname" pid=109365 comm="python3"
requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:12 rtp kernel: [237307.022790] audit: type=1400
audit(1716530952.106:82845): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_esm_cache//cloud_id" name="/bin/uname" pid=109370
comm="cloud-id" requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:12 rtp kernel: [237307.074546] audit: type=1400
audit(1716530952.158:82846): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_esm_cache//cloud_id" name="/bin/systemctl" pid=109372
comm="cloud-id" requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24
[Bug 2067319] Re: After upgrading from bionic to focal, esm-cache.service hits apparmor denials
** Description changed:
[ Impact ]
On ubuntu-advantage-tools v32.2, currently in -proposed, we are hitting
apparmor DENIED errors on the apt update hook which executes esm-
cache.service.
This ONLY happens if the version with the apparmor profiles is installed
on a Focal system which has been upgraded from Bionic, using do-release-
upgrade.
It seems that despite covering /usr/bin/ in the profile on Focal for
commands like uname or systemctl, we don't account for /bin/. However,
when coming from a Bionic system, /bin/ is an actual folder instead of a
symlink (as expected on a fresh Focal machine).
This happens because of the usr-merge[1] effort. On fresh focal systems, we
have symlinks replacing top-level directories like /bin, /sbin, and others:
root@f-pristine:~# ls -la /{bin,lib,lib*,sbin}
lrwxrwxrwx 1 root root 7 May 24 21:40 /bin -> usr/bin
lrwxrwxrwx 1 root root 7 May 24 21:40 /lib -> usr/lib
lrwxrwxrwx 1 root root 7 May 24 21:40 /lib -> usr/lib
lrwxrwxrwx 1 root root 9 May 24 21:40 /lib32 -> usr/lib32
lrwxrwxrwx 1 root root 9 May 24 21:40 /lib64 -> usr/lib64
lrwxrwxrwx 1 root root 10 May 24 21:40 /libx32 -> usr/libx32
lrwxrwxrwx 1 root root 8 May 24 21:40 /sbin -> usr/sbin
In bionic, these are actual directories:
root@b:~# ls -lad /{bin,lib,lib*,sbin}
drwxr-xr-x 1 root root 2472 Jun 7 2023 /bin
drwxr-xr-x 1 root root 438 Jun 7 2023 /lib
drwxr-xr-x 1 root root 438 Jun 7 2023 /lib
drwxr-xr-x 1 root root 40 Jun 7 2023 /lib64
drwxr-xr-x 1 root root 3694 Jun 7 2023 /sbin
In a focal system that was upgraded from bionic, the usr-merge is not
done, and this focal system will retain the bionic top-level
directories.
Logs:
2024-05-24 03:09:16,344:WARNING:root:XXX apparmor DENIED begin
2024-05-24 03:09:16,344:WARNING:root:May 24 03:09:09 rtp kernel:
[237304.232128] audit: type=1400 audit(1716530949.314:82839): apparmor="DENIED"
operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_esm_cache" name="/bin/uname" pid=108713 comm="python3"
requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:09 rtp kernel: [237304.261953] audit: type=1400
audit(1716530949.346:82840): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_apt_news" name="/bin/uname" pid=108714 comm="python3"
requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:09 rtp kernel: [237304.456301] audit: type=1400
audit(1716530949.538:82841): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_esm_cache//cloud_id" name="/bin/uname" pid=108719
comm="cloud-id" requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:09 rtp kernel: [237304.514651] audit: type=1400
audit(1716530949.598:82842): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_esm_cache//cloud_id" name="/bin/systemctl" pid=108721
comm="cloud-id" requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:11 rtp kernel: [237306.797550] audit: type=1400
audit(1716530951.878:82843): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_esm_cache" name="/bin/uname" pid=109364 comm="python3"
requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:11 rtp kernel: [237306.827422] audit: type=1400
audit(1716530951.910:82844): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_apt_news" name="/bin/uname" pid=109365 comm="python3"
requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:12 rtp kernel: [237307.022790] audit: type=1400
audit(1716530952.106:82845): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_esm_cache//cloud_id" name="/bin/uname" pid=109370
comm="cloud-id" requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:12 rtp kernel: [237307.074546] audit: type=1400
audit(1716530952.158:82846): apparmor="DENIED" operation="exec" class="file"
namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_"
profile="ubuntu_pro_esm_cache//cloud_id" name="/bin/systemctl" pid=109372
comm="cloud-id" requested_mask="x" denied_mask="x" fsuid=100 ouid=100
May 24 03:09:14 rtp kernel: [237309.142413] audit: type=1400
audit(1716530954.226:82847): apparmor="DENIED" operation="exec" class="file"
[Bug 2067319] [NEW] After upgrading from bionic to focal, esm-cache.service hits apparmor denials
Public bug reported: [ Impact ] On ubuntu-advantage-tools v32.2, currently in -proposed, we are hitting apparmor DENIED errors on the apt update hook which executes esm- cache.service. This ONLY happens if the version with the apparmor profiles is installed on a Focal system which has been upgraded from Bionic, using do-release- upgrade. It seems that despite covering /usr/bin/ in the profile on Focal for commands like uname or systemctl, we don't account for /bin/. However, when coming from a Bionic system, /bin/ is an actual folder instead of a symlink (as expected on a fresh Focal machine). Logs: 2024-05-24 03:09:16,344:WARNING:root:XXX apparmor DENIED begin 2024-05-24 03:09:16,344:WARNING:root:May 24 03:09:09 rtp kernel: [237304.232128] audit: type=1400 audit(1716530949.314:82839): apparmor="DENIED" operation="exec" class="file" namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_" profile="ubuntu_pro_esm_cache" name="/bin/uname" pid=108713 comm="python3" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 May 24 03:09:09 rtp kernel: [237304.261953] audit: type=1400 audit(1716530949.346:82840): apparmor="DENIED" operation="exec" class="file" namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_" profile="ubuntu_pro_apt_news" name="/bin/uname" pid=108714 comm="python3" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 May 24 03:09:09 rtp kernel: [237304.456301] audit: type=1400 audit(1716530949.538:82841): apparmor="DENIED" operation="exec" class="file" namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_" profile="ubuntu_pro_esm_cache//cloud_id" name="/bin/uname" pid=108719 comm="cloud-id" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 May 24 03:09:09 rtp kernel: [237304.514651] audit: type=1400 audit(1716530949.598:82842): apparmor="DENIED" operation="exec" class="file" namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_" profile="ubuntu_pro_esm_cache//cloud_id" name="/bin/systemctl" pid=108721 comm="cloud-id" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 May 24 03:09:11 rtp kernel: [237306.797550] audit: type=1400 audit(1716530951.878:82843): apparmor="DENIED" operation="exec" class="file" namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_" profile="ubuntu_pro_esm_cache" name="/bin/uname" pid=109364 comm="python3" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 May 24 03:09:11 rtp kernel: [237306.827422] audit: type=1400 audit(1716530951.910:82844): apparmor="DENIED" operation="exec" class="file" namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_" profile="ubuntu_pro_apt_news" name="/bin/uname" pid=109365 comm="python3" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 May 24 03:09:12 rtp kernel: [237307.022790] audit: type=1400 audit(1716530952.106:82845): apparmor="DENIED" operation="exec" class="file" namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_" profile="ubuntu_pro_esm_cache//cloud_id" name="/bin/uname" pid=109370 comm="cloud-id" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 May 24 03:09:12 rtp kernel: [237307.074546] audit: type=1400 audit(1716530952.158:82846): apparmor="DENIED" operation="exec" class="file" namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_" profile="ubuntu_pro_esm_cache//cloud_id" name="/bin/systemctl" pid=109372 comm="cloud-id" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 May 24 03:09:14 rtp kernel: [237309.142413] audit: type=1400 audit(1716530954.226:82847): apparmor="DENIED" operation="exec" class="file" namespace="root//lxd-upro-behave-bionic-system-under-test-0524-025458284620_" profile="ubuntu_pro_apt_news" name="/bin/uname" pid=109856 comm="python3" requested_mask="x" denied_mask="x" fsuid=100 ouid=100 2024-05-24 03:09:16,344:WARNING:root:XXX apparmor DENIED end [ Test Plan ] These were caught by the automated verification tests for v32.2 in -proposed. If all of the automated verification tests pass for the version with the fix (32.3), then that will be considered a verification for this bug as well. [ Where problems could occur ] The fix edits the template for the ubuntu_pro_esm_cache apparmor profile. If mistakes were made, it may cause new apparmor denials or other related issues, ultimately meaning esm-cache.service wouldn't run properly, preventing esm update notifications from being displayed on unattached machines. ** Affects: ubuntu-advantage-tools (Ubuntu) Importance: Undecided Status: Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2067319 Title: After upgrading from bionic to focal, esm-cache.service hits
[Bug 2066920] Re: Exceptions raised if UA_CONFIG_FILE is bad
Hello Nathan, thanks for raising this issue. tl;dr yes docs are wrong. The thing it should express is that this endpoint raises no *specific* exceptions, but at any time unexpected exceptions may happen and will be raised as UbuntuProError instances. There is ongoing work to update this on the docs as part of [1]. More specifically, there will be a message like [2] for all endpoints, which reflects the truth. [1] https://github.com/canonical/ubuntu-pro-client/pull/3085 [2] https://github.com/canonical/ubuntu-pro- client/pull/3085/files#diff-e0d846a2fce3599317d4f913c5c9257ec46228952bfc3a16b8bb7e8074160a99R102-R109 ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => In Progress ** Changed in: ubuntu-advantage-tools (Ubuntu) Assignee: (unassigned) => Grant Orndorff (orndorffgrant) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2066920 Title: Exceptions raised if UA_CONFIG_FILE is bad To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2066920/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2061236] Re: pro attach command didn't work
I am marking this bug incomplete until we see what is the apt output. @pici-1251, if you could please run the `apt list --installed` command and send us what happens. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061236 Title: pro attach command didn't work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2061236/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2063909] Re: Ubuntu Pro does not detach
Hello, harshitseelam, thanks for reporting this bug. I see in the logs that the detach operation fails because livepatch returns an error, saying it is not available in 23.10. I also see you just upgraded to 24.04. Did you try to detach after upgrading? Does it still fail? I tried to reproduce this issue both on 23.10 and on 24.04 after an upgrade, without success. Could you please send the output of `pro status --all` on your machine, and also from `canonical-livepatch status`? ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete ** Information type changed from Private to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2063909 Title: Ubuntu Pro does not detach To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2063909/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2064790] Re: Problems attaching ubuntu pro
*** This bug is a duplicate of bug 2060769 *** https://bugs.launchpad.net/bugs/2060769 Hello, linsms, thanks for reporting this bug. This is a duplicate of LP #2060769 - we will track there. ** Information type changed from Private to Public ** This bug has been marked a duplicate of bug 2060769 pro-client execs `apt list --installed` instead of using python3-apt - leading to utf-8 errors -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064790 Title: Problems attaching ubuntu pro To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2064790/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065095] Re: pro service enabling fails due to incorrect aptURL format
Hello, bcarbone, thanks for reporting this. I can see how this fails, it looks indeed like a bug. I will bring it to the team, and update you about a solution. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065095 Title: pro service enabling fails due to incorrect aptURL format To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2065095/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2065192] Re: (ubuntu) pro attach doesn't work !
Hello, pici-1251, thanks for reporting. The logs show the same error you reported in the other bug. The command returning an error is apt list --installed Could you please run the command above and send us what is the output you see in the command line? ** Information type changed from Private to Public ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065192 Title: (ubuntu) pro attach doesn't work ! To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2065192/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059952] Re: pro sometimes runs before cloud-config.service
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059952 Title: pro sometimes runs before cloud-config.service To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2059952/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060051] Re: Pro API missing end-point to query service availability
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060051 Title: Pro API missing end-point to query service availability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060051/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2060051] Re: Pro API missing end-point to query service availability
Hello, Nathan, Thank you very much for reporting this bug. The team is aware of the gaps and we have an open item to implement the missing API endpoints. We will keep you posted. ** Changed in: ubuntu-advantage-tools (Ubuntu) Assignee: (unassigned) => Dheyay Desai (dheyayd) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060051 Title: Pro API missing end-point to query service availability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2060051/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059102] Re: Die Aktualisierungsverwaltung läuft nicht mehr durch.
Hello, Rainer Thanks for reporting this issue - As the main problem you have is related to update manager, I am targeting the team so they can investigate what happens on their side. - On our side, I can see in the logs that livepatch is failing (whether enabling, disabling, etc;) with "Error running canonical-livepatch status: error executing status: livepatchd error: daemon shutting down". To be sure on how to proceed, I am also targeting livepatch people - which logs should we go for to understand what is happening? I expect them to request more information, and we need more information ourselves to fix the problem. ** Also affects: update-manager (Ubuntu) Importance: Undecided Status: New ** Also affects: canonical-livepatch-client Importance: Undecided Status: New ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete ** Information type changed from Private to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059102 Title: Die Aktualisierungsverwaltung läuft nicht mehr durch. To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-livepatch-client/+bug/2059102/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2049785] Re: /usr/bin/update-manager:json.decoder.JSONDecodeError:/bin/update-manager@118:start_update:start_available:refresh_cache:_get_ua_security_status:load:loads:decode:raw_decode
Hello everyone who worked on this bug It seems problems with the old Json parsing still happens even in ubuntu-advantage-tools > 30. See https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2058133. I would again ask you to reconsider using the --format json, and moving to using the APIs (as it landed on Mantic + ) Using the supported and maintained APIs will indeed make update-manager more robust than relying on stdout output that ubuntu-advantage-tools does not maintain by default. We can, again, patch u-a-t for the new error we found, but using the APIs and dealing with exceptions would solve this particular problem IMHO. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2049785 Title: /usr/bin/update-manager:json.decoder.JSONDecodeError:/bin/update- manager@118:start_update:start_available:refresh_cache:_get_ua_security_status:load:loads:decode:raw_decode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/2049785/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058133] Re: update-manager applet does exit successfully
** Information type changed from Private to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058133 Title: update-manager applet does exit successfully To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2058133/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058568] Re: ua enable usg fails on new EC2 instance
*** This bug is a duplicate of bug 2058560 *** https://bugs.launchpad.net/bugs/2058560 Hello, Daniel Thanks for reporting this bug Unfortunately this happened due to an outage in contracts.canonical.com. The service is now back online and everything should be working fine. Would you mind trying again please? For the future, we will improve this error message so users know what is happening instead of seeing 'unexpected error'. As we received many bug reports about this, I am marking this one a duplicate (for easier tracking). Feel free to come back if the error persists though. ** Information type changed from Private to Public ** This bug has been marked a duplicate of bug 2058560 "sudo pro attach " fails -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058568 Title: ua enable usg fails on new EC2 instance To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2058568/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058570] Re: version 31.2~2.04 does not let me enable esm-apps.
*** This bug is a duplicate of bug 2058560 *** https://bugs.launchpad.net/bugs/2058560 Hello, Andrew Thanks for reporting this bug On your first entry, there is a typo in the package name (upbuntu- advantage-tools) but that is not the root cause of the problem, as ubuntu-advantage-tools is installed properly. Unfortunately this happened due to an outage in contracts.canonical.com. The service is now back online and everything should be working fine. Would you mind trying again please? For the future, we will improve this error message so users know what is happening instead of seeing 'unexpected error'. As we received many bug reports about this, I am marking this one a duplicate (for easier tracking). Feel free to come back if the error persists though. ** Information type changed from Private to Public ** This bug has been marked a duplicate of bug 2058560 "sudo pro attach " fails -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058570 Title: version 31.2~2.04 does not let me enable esm-apps. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2058570/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058563] Re: Unable to register machine with pro
*** This bug is a duplicate of bug 2058560 *** https://bugs.launchpad.net/bugs/2058560 Hello, Marco Thanks for reporting this bug Unfortunately this happened due to an outage in contracts.canonical.com. The service is now back online and everything should be working fine. Would you mind trying again please? For the future, we will improve this error message so users know what is happening instead of seeing 'unexpected error'. As we received many bug reports about this, I am marking this one a duplicate (for easier tracking). Feel free to come back if the error persists though. ** Information type changed from Private to Public ** This bug has been marked a duplicate of bug 2058560 "sudo pro attach " fails -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058563 Title: Unable to register machine with pro To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2058563/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058564] Re: I tryed to attach a this server to ubuntu pro dashboard but it got rejected by some error...
*** This bug is a duplicate of bug 2058560 *** https://bugs.launchpad.net/bugs/2058560 Hello, Gabriēls Thanks for reporting this bug Unfortunately this happened due to an outage in contracts.canonical.com. The service is now back online and everything should be working fine. Would you mind trying again please? For the future, we will improve this error message so users know what is happening instead of seeing 'unexpected error'. As we received many bug reports about this, I am marking this one a duplicate (for easier tracking). Feel free to come back if the error persists though. ** This bug has been marked a duplicate of bug 2058560 "sudo pro attach " fails -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058564 Title: I tryed to attach a this server to ubuntu pro dashboard but it got rejected by some error... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2058564/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058565] Re: Ubuntu-Advantage-tools-package crashes when trying to install with license
*** This bug is a duplicate of bug 2058560 *** https://bugs.launchpad.net/bugs/2058560 Hello, Seth Thanks for reporting this bug Unfortunately this happened due to an outage in contracts.canonical.com. The service is now back online and everything should be working fine. Would you mind trying again please? For the future, we will improve this error message so users know what is happening instead of seeing 'unexpected error'. As we received many bug reports about this, I am marking this one a duplicate (for easier tracking). Feel free to come back if the error persists though. ** Information type changed from Private to Public ** This bug has been marked a duplicate of bug 2058560 "sudo pro attach " fails -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058565 Title: Ubuntu-Advantage-tools-package crashes when trying to install with license To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2058565/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058555] Re: sudo pro attach
*** This bug is a duplicate of bug 2058560 *** https://bugs.launchpad.net/bugs/2058560 Hello, Mirjana Thanks for reporting this bug Unfortunately this happened due to an outage in contracts.canonical.com. The service is now back online and everything should be working fine. Would you mind trying again please? For the future, we will improve this error message so users know what is happening instead of seeing 'unexpected error'. As we received many bug reports about this, I am marking this one a duplicate (for easier tracking). Feel free to come back if the error persists though. ** Information type changed from Private to Public ** This bug has been marked a duplicate of bug 2058560 "sudo pro attach " fails -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058555 Title: sudo pro attach To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2058555/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058556] Re: Can't enable livepatch
*** This bug is a duplicate of bug 2058560 *** https://bugs.launchpad.net/bugs/2058560 Hello, Julien Thanks for reporting this bug Unfortunately this happened due to an outage in contracts.canonical.com. The service is now back online and everything should be working fine. Would you mind trying again please? For the future, we will improve this error message so users know what is happening instead of seeing 'unexpected error'. As we received many bug reports about this, I am marking this one a duplicate (for easier tracking). Feel free to come back if the error persists though. ** Information type changed from Private to Public ** This bug has been marked a duplicate of bug 2058560 "sudo pro attach " fails -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058556 Title: Can't enable livepatch To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2058556/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058560] Re: "sudo pro attach " fails
Confirmed this error happened because we had an unexpected outage on contracts.canonical.com. I have checked the functionality now, and everything should work fine. Many other bugs were filed at the same time window, and I am marking them duplicates of this one for easier tracking. - We apologise for the trouble and kindly ask anyone who have hit this to try again now - We are going to improve the error message to reduce FUD -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058560 Title: "sudo pro attach " fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2058560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055737] Re: pro attach `Unexpected error(s) occurred`
We had several recent bug reports that also happened due to outages, really close to this one. I will not mark the reports duplicates of this bug here because this one happened on arm64, but I am keeping track of this until we release the better error message. ** Information type changed from Private to Public ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: Fix Committed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055737 Title: pro attach `Unexpected error(s) occurred` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2055737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058560] Re: "sudo pro attach " fails
We should have a better message for when this kind of thing happens, so people are not confused. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058560 Title: "sudo pro attach " fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2058560/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2058564] Re: I tryed to attach a this server to ubuntu pro dashboard but it got rejected by some error...
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058564 Title: I tryed to attach a this server to ubuntu pro dashboard but it got rejected by some error... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2058564/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2015420] Re: motd: can't disable esm-related messages
Now, to the actual functionality test on Jammy: Jammy is an LTS release still supported, so messages about esm-apps will be present in MOTD by default. After creating the marker file and triggering an update of MOTD, those messages disappear, but the updates count remains. root@jammy-sut:~# apt policy update-notifier-common update-notifier-common: Installed: 3.192.54.8 Candidate: 3.192.54.8 Version table: *** 3.192.54.8 500 500 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages 100 /var/lib/dpkg/status 3.192.54.6 500 500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 3.192.54 500 500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages root@jammy-sut:~# run-parts /etc/update-motd.d/ Welcome to Ubuntu 22.04.4 LTS (GNU/Linux 6.5.0-21-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/pro System information as of Fri Mar 15 23:08:15 UTC 2024 System load: 1.2568359375 Usage of /home:unknown Memory usage: 0% Swap usage:0% Temperature: 86.0 C Processes: 24 Users logged in: 0 IPv4 address for eth0: 10.46.74.160 IPv6 address for eth0: fd42:f539:1893:d366:216:3eff:fea1:40fb Expanded Security Maintenance for Applications is not enabled. 25 updates can be applied immediately. To see these additional updates run: apt list --upgradable Enable ESM Apps to receive additional future security updates. See https://ubuntu.com/esm or run: sudo pro status root@jammy-sut:~# touch /var/lib/update-notifier/hide-esm-in-motd root@jammy-sut:~# rm /var/lib/update-notifier/updates-available root@jammy-sut:~# apt update Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:5 http://archive.ubuntu.com/ubuntu jammy-proposed InRelease Reading package lists... Done Building dependency tree... Done Reading state information... Done 27 packages can be upgraded. Run 'apt list --upgradable' to see them. root@jammy-sut:~# run-parts /etc/update-motd.d/ Welcome to Ubuntu 22.04.4 LTS (GNU/Linux 6.5.0-21-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/pro System information as of Fri Mar 15 23:08:15 UTC 2024 System load: 1.2568359375 Usage of /home:unknown Memory usage: 0% Swap usage:0% Temperature: 86.0 C Processes: 24 Users logged in: 0 IPv4 address for eth0: 10.46.74.160 IPv6 address for eth0: fd42:f539:1893:d366:216:3eff:fea1:40fb 25 updates can be applied immediately. To see these additional updates run: apt list --upgradable I am marking this bug verification-done on Jammy, and verification-done overall as this is the last release to test. ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2015420 Title: motd: can't disable esm-related messages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/2015420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2015420] Re: motd: can't disable esm-related messages
Now, to the actual functionality test on Bionic: Bionic is an EOSS release, so messages about esm-infra will be present in MOTD by default. After creating the marker file and triggering an update of MOTD, those messages disappear, but the updates count remains. root@bionic-sut:~# apt policy update-notifier-common update-notifier-common: Installed: 3.192.1.21 Candidate: 3.192.1.21 Version table: *** 3.192.1.21 500 500 http://archive.ubuntu.com/ubuntu bionic-proposed/main amd64 Packages 100 /var/lib/dpkg/status 3.192.1.19 500 500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages 3.192 500 500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages root@bionic-sut:~# run-parts /etc/update-motd.d/ Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 6.5.0-21-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/pro System information as of Fri Mar 15 22:51:31 UTC 2024 System load:1.72 Processes: 23 Usage of /home: unknown Users logged in: 0 Memory usage: 0%IP address for eth0: 10.46.74.128 Swap usage: 0% Expanded Security Maintenance for Infrastructure is not enabled. 11 updates can be applied immediately. To see these additional updates run: apt list --upgradable 94 additional security updates can be applied with ESM Infra. Learn more about enabling ESM Infra service for Ubuntu 18.04 at https://ubuntu.com/18-04 New release '20.04.6 LTS' available. Run 'do-release-upgrade' to upgrade to it. root@bionic-sut:~# touch /var/lib/update-notifier/hide-esm-in-motd root@bionic-sut:~# rm /var/lib/update-notifier/updates-available root@bionic-sut:~# apt update Hit:1 http://archive.ubuntu.com/ubuntu bionic InRelease Hit:2 http://security.ubuntu.com/ubuntu bionic-security InRelease Hit:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease Hit:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease Hit:5 http://archive.ubuntu.com/ubuntu bionic-proposed InRelease Reading package lists... Done Building dependency tree Reading state information... Done 11 packages can be upgraded. Run 'apt list --upgradable' to see them. root@bionic-sut:~# run-parts /etc/update-motd.d/ Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 6.5.0-21-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/pro System information as of Fri Mar 15 22:52:04 UTC 2024 System load:1.58 Processes: 23 Usage of /home: unknown Users logged in: 0 Memory usage: 0%IP address for eth0: 10.46.74.128 Swap usage: 0% 11 updates can be applied immediately. To see these additional updates run: apt list --upgradable New release '20.04.6 LTS' available. Run 'do-release-upgrade' to upgrade to it. I am marking this bug verification-done on Bionic. ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2015420 Title: motd: can't disable esm-related messages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/2015420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2015420] Re: motd: can't disable esm-related messages
Now, to the actual functionality test on Focal: Focal is an LTS release still supported, so messages about esm-apps will be present in MOTD by default. After creating the marker file and triggering an update of MOTD, those messages disappear, but the updates count remains. root@focal-sut:~# apt policy update-notifier-common update-notifier-common: Installed: 3.192.30.19 Candidate: 3.192.30.19 Version table: *** 3.192.30.19 500 500 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages 100 /var/lib/dpkg/status 3.192.30.17 500 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 3.192.30 500 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages root@focal-sut:~# run-parts /etc/update-motd.d/ Welcome to Ubuntu 20.04.6 LTS (GNU/Linux 6.5.0-21-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/pro System information as of Fri Mar 15 22:55:55 UTC 2024 System load: 1.56 Usage of /home:unknown Memory usage: 0% Swap usage:0% Temperature: 86.0 C Processes: 30 Users logged in: 0 IPv4 address for eth0: 10.46.74.13 IPv6 address for eth0: fd42:f539:1893:d366:216:3eff:fe2a:1d97 * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s just raised the bar for easy, resilient and secure K8s cluster deployment. https://ubuntu.com/engage/secure-kubernetes-at-the-edge Expanded Security Maintenance for Applications is not enabled. 17 updates can be applied immediately. To see these additional updates run: apt list --upgradable Enable ESM Apps to receive additional future security updates. See https://ubuntu.com/esm or run: sudo pro status New release '22.04.3 LTS' available. Run 'do-release-upgrade' to upgrade to it. root@focal-sut:~# touch /var/lib/update-notifier/hide-esm-in-motd root@focal-sut:~# rm /var/lib/update-notifier/updates-available root@focal-sut:~# apt update Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease Hit:2 http://security.ubuntu.com/ubuntu focal-security InRelease Hit:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease Hit:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease Hit:5 http://archive.ubuntu.com/ubuntu focal-proposed InRelease Reading package lists... Done Building dependency tree Reading state information... Done 17 packages can be upgraded. Run 'apt list --upgradable' to see them. root@focal-sut:~# run-parts /etc/update-motd.d/ Welcome to Ubuntu 20.04.6 LTS (GNU/Linux 6.5.0-21-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/pro System information as of Fri Mar 15 22:56:49 UTC 2024 System load: 1.86 Usage of /home:unknown Memory usage: 0% Swap usage:0% Temperature: 76.0 C Processes: 30 Users logged in: 0 IPv4 address for eth0: 10.46.74.13 IPv6 address for eth0: fd42:f539:1893:d366:216:3eff:fe2a:1d97 * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s just raised the bar for easy, resilient and secure K8s cluster deployment. https://ubuntu.com/engage/secure-kubernetes-at-the-edge 17 updates can be applied immediately. To see these additional updates run: apt list --upgradable New release '22.04.3 LTS' available. Run 'do-release-upgrade' to upgrade to it. I am marking this bug verification-done on Focal. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2015420 Title: motd: can't disable esm-related messages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/2015420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2015420] Re: motd: can't disable esm-related messages
Now, to the actual functionality test on Xenial: Xenial is an EOSS release, so messages about esm-infra will be present in MOTD by default. After creating the marker file and triggering an update of MOTD, those messages disappear, but the updates count remains. root@xenial-sut:~# apt policy update-notifier-common update-notifier-common: Installed: 3.168.22 Candidate: 3.168.22 Version table: *** 3.168.22 500 500 http://archive.ubuntu.com/ubuntu xenial-proposed/main amd64 Packages 100 /var/lib/dpkg/status 3.168.20 500 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 3.168.15 500 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 3.168.7 500 500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages 3.168 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages root@xenial-sut:~# run-parts /etc/update-motd.d/ Welcome to Ubuntu 16.04.7 LTS (GNU/Linux 6.5.0-21-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/pro Expanded Security Maintenance for Infrastructure is not enabled. 9 updates can be applied immediately. To see these additional updates run: apt list --upgradable 206 additional security updates can be applied with ESM Infra. Learn more about enabling ESM Infra service for Ubuntu 16.04 at https://ubuntu.com/16-04 New release '18.04.6 LTS' available. Run 'do-release-upgrade' to upgrade to it. root@xenial-sut:~# touch /var/lib/update-notifier/hide-esm-in-motd root@xenial-sut:~# rm /var/lib/update-notifier/updates-available root@xenial-sut:~# apt update Hit:1 http://archive.ubuntu.com/ubuntu xenial InRelease Hit:2 http://security.ubuntu.com/ubuntu xenial-security InRelease Hit:3 http://archive.ubuntu.com/ubuntu xenial-updates InRelease Hit:4 http://archive.ubuntu.com/ubuntu xenial-backports InRelease Hit:5 http://archive.ubuntu.com/ubuntu xenial-proposed InRelease Reading package lists... Done Building dependency tree Reading state information... Done 6 packages can be upgraded. Run 'apt list --upgradable' to see them. root@xenial-sut:~# run-parts /etc/update-motd.d/ Welcome to Ubuntu 16.04.7 LTS (GNU/Linux 6.5.0-21-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/pro 9 updates can be applied immediately. To see these additional updates run: apt list --upgradable New release '18.04.6 LTS' available. Run 'do-release-upgrade' to upgrade to it. I am marking this bug verification-done on Xenial. ** Tags removed: verification-needed-xenial ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2015420 Title: motd: can't disable esm-related messages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/2015420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2015420] Re: motd: can't disable esm-related messages
To verify there are no regressions in messages, and that the new option in apt-check works as intended, I have executed the unit test suite for all releases, as it covers the message generation for an exhaustive amount of cases. On Xenial and Bionic I had to add the data/ folder to the pythonpath, so it could import apt_check and run the unit tests. On those releases, one unit test is failed. But the test also fails for the version without the patch that fixes this bug, so the behavior is kept. This error probably happens because the test misses a mock to is_esm, which is returning True for Xenial and Bionic. This is a bug. New tests pass for both releases. On Jammy: root@jammy-sut:~# python3 update-notifier-3.192.54.6/tests/test_motd.py . -- Ran 29 tests in 0.021s OK root@jammy-sut:~# python3 update-notifier-3.192.54.8/tests/test_motd.py .. -- Ran 34 tests in 0.023s OK On Focal: root@focal-sut:~# python3 update-notifier-3.192.30.17/tests/test_motd.py ... -- Ran 31 tests in 0.051s OK root@focal-sut:~# python3 update-notifier-3.192.30.19/tests/test_motd.py -- Ran 36 tests in 0.029s OK On Bionic: root@bionic-sut:~# python3 update-notifier-3.192.1.19/tests/test_motd.py F.. == FAIL: test_message_for_distro_that_will_not_go_into_esm_mode (__main__.TestMotd) -- (... Traceback details ...) -- Ran 31 tests in 0.020s FAILED (failures=1) root@bionic-sut:~# python3 update-notifier-3.192.1.21/tests/test_motd.py ...F == FAIL: test_message_for_distro_that_will_not_go_into_esm_mode (__main__.TestMotd) -- (... Traceback details ...) -- Ran 36 tests in 0.020s FAILED (failures=1) on Xenial: root@xenial-sut:~# python3 update-notifier-3.168.20/tests/test_motd.py F.. == FAIL: test_message_for_distro_that_will_not_go_into_esm_mode (__main__.TestMotd) -- (... Traceback details ...) -- Ran 31 tests in 0.021s FAILED (failures=1) root@xenial-sut:~# python3 update-notifier-3.168.22/tests/test_motd.py ...F == FAIL: test_message_for_distro_that_will_not_go_into_esm_mode (__main__.TestMotd) -- (... Traceback details ...) -- Ran 36 tests in 0.023s FAILED (failures=1) This concludes the regression testing, and assures funcionality works in apt-check. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2015420 Title: motd: can't disable esm-related messages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/2015420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056651] Re: can't enable livepatch for some reason
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete ** Information type changed from Private to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056651 Title: can't enable livepatch for some reason To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2056651/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2056779] Re: Don't offer realtime on Raspberry Pi
Hello, Juerg, thanks for bringing this to our attention. Currently, the definitions for the realtime-kernel service on Pro define it as available on amd64 and arm64. Should we disable it for PIs only or for all arm64? Removing arm64 is quite easy, but detecting if you are running a particular platform is not something we have yet - we would need to work on how to do it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056779 Title: Don't offer realtime on Raspberry Pi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2056779/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2048921] Re: [SRU] ubuntu-advantage-tools (30 -> 31) Xenial, Bionic, Focal, Jammy, Mantic
As orndorffgrant mentioned, here is an excerpt from the test I performed on the transition to deb822. The errors in the do-release-upgrade prevent us from installing the new ubuntu-pro-client when upgrading, but all the list files transition without a problem. This validates the expected behavior for the script. ** Attachment added: "deb822-jammy-to-noble.txt" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2048921/+attachment/5754759/+files/deb822-jammy-to-noble.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2048921 Title: [SRU] ubuntu-advantage-tools (30 -> 31) Xenial, Bionic, Focal, Jammy, Mantic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2048921/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2015420] Re: motd: can't disable esm-related messages
Linked new merge proposals with a different approach to the problem -
checking for a marker file instead of passing an option in a conf script
- and updated the description to match the new approach.
** Description changed:
[ Impact ]
If ESM Infra/Apps is available for a system, users will always see
messages related to those Ubuntu Pro services in their MOTDs. As stated
in the original description, there have been complains on how hard it is
to disable those messages - we have users who don't want Pro and don't
want to be reminded of Pro all the time.
The fix here is making it easier for people to disable the ESM related
messages in the update-related MOTD, by giving them a way to opt-out.
- Users will have the option to add the --no-esm-messages flag to
- /etc/apt/apt.conf.d/99update-notifier, where the message generation
- script is executed as a hook.
+ Users will have the option to create the /var/lib/ubuntu-advantage/hide-
+ esm-in-motd marker file, causing the /usr/lib/update-notifier/update-
+ motd-updates-available script to include a --no-esm-messages flag when
+ generating the outputs.
+
+ This file is the same file used in the Pro Client to suppress those
+ messages.
[ Test Plan ]
Compare the messages before and after installing the new version of the
package, and make sure they are exactly the same in different scenarios:
- ESM status: unavailable, disabled, enabled
- LTS system: yes or no
- updates available: yes or no
Thankfully, the unit test suite in tests/test_motd.py covers all of
those scenarios functionality-wise. Manual checks on real systems may
endorse the functionality.
New tests were added to the suite making sure the flag hides the ESM
related messages when it is present.
- On real systems, adding --no-esm-messages to the conf script and making
- sure it updates the MOTDs should remove ESM related messages for the
- same scenarios above.
+ On real systems, creating the /var/lib/ubuntu-advantage/hide-esm-in-motd
+ marker file and making sure it updates the MOTDs should remove ESM
+ related messages for the same scenarios above.
- The contents of /etc/apt/apt.conf.d/99update-notifier should be similar
- to:
-
- DPkg::Post-Invoke {"if [ -d /var/lib/update-notifier ]; then touch
/var/lib/update-notifier/dpkg-run-stamp; fi;
/usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true";};
- APT::Update::Post-Invoke-Success
{"/usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true";};
-
- To perform the test, the new flag needs to be added to all calls to
- update-motd-updates-available. Using the above as an example, the result
- would be:
-
- DPkg::Post-Invoke {"if [ -d /var/lib/update-notifier ]; then touch
/var/lib/update-notifier/dpkg-run-stamp; fi;
/usr/lib/update-notifier/update-motd-updates-available --no-esm-messages
2>/dev/null || true";};
- APT::Update::Post-Invoke-Success
{"/usr/lib/update-notifier/update-motd-updates-available --no-esm-messages
2>/dev/null || true";};
-
- The execution of the script relies on running one of those trigger
- hooks. Running `apt update` will trigger the second hook in the example
- above. To make sure messages will be updated, remove the
- /var/lib/update-notifier/updates-available stamp file before. (The
- alternative would be running manually with --force, but that is slightly
- worse for acceptance testing)
+ The execution of the script relies on running one of a couple trigger
+ hooks set in the apt configuration. Running `apt update` will trigger
+ one of them. To make sure messages will be updated, the /var/lib/update-
+ notifier/updates-available stamp file can be removed before the update.
+ (The alternative would be running manually with --force, but that is
+ slightly worse for acceptance testing)
[ Where problems could occur ]
- Other software may be relying on the apt-check script to generate
human-readable messages. A mistake here could intefere with the message
generated, changing expectation on stable releases, or causing errors.
- To mitigate that, the new flag is set to False as default, and all
- existing functionality is preserved.
+ To mitigate that, the standard behavior is exactly the same if the
+ marker file is absent, and all existing functionality is preserved.
- - Users may make mistakes when writing the new flag in the
- /etc/apt/apt.conf.d/99update-notifier configuration file. We will
+ - Users may make mistakes when creating the marker file. We will
mitigate that by having comprehensible documentation with a clear
- explanation of what the flag does and where to put it.
+ explanation of what the flag does and where to put it. The worst that
+ can happen is that users create a useless file, and no change happens.
- - If the user makes the mistake even following the documented steps,
- then it is out of our control. The impact of breaking the configuration
- file is that There will be
[Bug 2015420] Re: motd: can't disable esm-related messages
** Merge proposal unlinked: https://code.launchpad.net/~renanrodrigo/ubuntu/+source/update-notifier/+git/update-notifier/+merge/459800 ** Merge proposal unlinked: https://code.launchpad.net/~renanrodrigo/ubuntu/+source/update-notifier/+git/update-notifier/+merge/459796 ** Merge proposal unlinked: https://code.launchpad.net/~renanrodrigo/ubuntu/+source/update-notifier/+git/update-notifier/+merge/459797 ** Merge proposal unlinked: https://code.launchpad.net/~renanrodrigo/ubuntu/+source/update-notifier/+git/update-notifier/+merge/459798 ** Merge proposal unlinked: https://code.launchpad.net/~renanrodrigo/ubuntu/+source/update-notifier/+git/update-notifier/+merge/459799 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2015420 Title: motd: can't disable esm-related messages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/2015420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2015420] Re: motd: can't disable esm-related messages
** Changed in: update-notifier (Ubuntu) Status: Fix Released => In Progress ** Changed in: update-notifier (Ubuntu Xenial) Status: Fix Committed => In Progress ** Changed in: update-notifier (Ubuntu Bionic) Status: Fix Committed => In Progress ** Changed in: update-notifier (Ubuntu Focal) Status: Fix Committed => In Progress ** Changed in: update-notifier (Ubuntu Jammy) Status: Fix Committed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2015420 Title: motd: can't disable esm-related messages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/2015420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2015420] Re: motd: can't disable esm-related messages
Due to a double brackets expression in the /usr/lib/update- notifier/update-motd-updates-available file in the patch, the script cannot be run by `sh` (which is the interpreter used, as noted in the #! in the start...) I am marking verification failed for all releases. I will put up another upload soon, with single brackets instead, so this can be properly tested. ** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-xenial ** Tags added: verification-failed verification-failed-bionic verification-failed-focal verification-failed-jammy verification-failed-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2015420 Title: motd: can't disable esm-related messages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/2015420/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055239] Re: Warning: The unit file, source configuration file or drop-ins of {apt-news, esm-cache}.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Hello, Nobuto,
First of all, thanks for reporting this issue.
We did changes to the apt news service file - we added the apparmor
profiles and systemd security config there - and no, we didn't reload it
by default, which may be causing those warnings.
However, I could not reproduce this behavior. Do you have steps to
reproduce it on a fresh system?
I will bring this to the team.
** Changed in: ubuntu-advantage-tools (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2055239
Title:
Warning: The unit file, source configuration file or drop-ins of {apt-
news,esm-cache}.service changed on disk. Run 'systemctl daemon-reload'
to reload units.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2055239/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2015420] Re: motd: can't disable esm-related messages
@ahasenack
Thanks for your review and comments.
I have updated the bug description with more detailed information on
what to change and where to perform the testing, and also with the
decision @enr0n and I took about the translations.
> I don't even recall us ever handing out instructions like these in the
past, where we direct users to edit system configuration files by hand.
You are correct - we usually don't do that, but this is a change we only
expect people to make if they understand what they are doing, and most
of the users won't even bother with it.
** Description changed:
[ Impact ]
If ESM Infra/Apps is available for a system, users will always see
messages related to those Ubuntu Pro services in their MOTDs. As stated
in the original description, there have been complains on how hard it is
to disable those messages - we have users who don't want Pro and don't
want to be reminded of Pro all the time.
The fix here is making it easier for people to disable the ESM related
messages in the update-related MOTD, by giving them a way to opt-out.
Users will have the option to add the --no-esm-messages flag to
/etc/apt/apt.conf.d/99update-notifier, where the message generation
script is executed as a hook.
[ Test Plan ]
Compare the messages before and after installing the new version of the
package, and make sure they are exactly the same in different scenarios:
- ESM status: unavailable, disabled, enabled
- LTS system: yes or no
- updates available: yes or no
Thankfully, the unit test suite in tests/test_motd.py covers all of
those scenarios functionality-wise. Manual checks on real systems may
endorse the functionality.
New tests were added to the suite making sure the flag hides the ESM
related messages when it is present.
On real systems, adding --no-esm-messages to the conf script and making
sure it updates the MOTDs should remove ESM related messages for the
same scenarios above.
- The flag should be added according to what is described in
- https://github.com/canonical/ubuntu-pro-client/blob/docs-
- devel/docs/explanations/motd_messages.md#source-motd-about-available-
- updates
+ The contents of /etc/apt/apt.conf.d/99update-notifier should be similar
+ to:
+
+ DPkg::Post-Invoke {"if [ -d /var/lib/update-notifier ]; then touch
/var/lib/update-notifier/dpkg-run-stamp; fi;
/usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true";};
+ APT::Update::Post-Invoke-Success
{"/usr/lib/update-notifier/update-motd-updates-available 2>/dev/null || true";};
+
+ To perform the test, the new flag needs to be added to all calls to
+ update-motd-updates-available. Using the above as an example, the result
+ would be:
+
+ DPkg::Post-Invoke {"if [ -d /var/lib/update-notifier ]; then touch
/var/lib/update-notifier/dpkg-run-stamp; fi;
/usr/lib/update-notifier/update-motd-updates-available --no-esm-messages
2>/dev/null || true";};
+ APT::Update::Post-Invoke-Success
{"/usr/lib/update-notifier/update-motd-updates-available --no-esm-messages
2>/dev/null || true";};
+
+ The execution of the script relies on running one of those trigger
+ hooks. Running `apt update` will trigger the second hook in the example
+ above. To make sure messages will be updated, we will remove the
+ /var/lib/update-notifier/updates-available stamp file. (The alternative
+ would be running manually with --force, but that is slightly worse for
+ acceptance testing)
[ Where problems could occur ]
- Other software may be relying on the apt-check script to generate
human-readable messages. A mistake here could intefere with the message
generated, changing expectation on stable releases, or causing errors.
To mitigate that, the new flag is set to False as default, and all
existing functionality is preserved.
- Users may make mistakes when writing the new flag in the
/etc/apt/apt.conf.d/99update-notifier configuration file. We will
mitigate that by having comprehensible documentation with a clear
explanation of what the flag does and where to put it.
- If the user makes the mistake even following the documented steps,
then it is out of our control. The impact of breaking the configuration
file is that There will be no MOTD related to updates at all (as errors
are redirected to /dev/null), or the errors themselves will appear in
the apt update screen, or in the MOTD, if the user messes up the
redirection.
[ Other Info ]
As opposed to what was in the original description, the proposed
changeset does not separate esm messages from the regular updates
messages - this ensures current users and potential callers get exactly
the same result when checking their outputs after the change lands.
As suggested in the original description, we understand that it is not
easy and straightforward to add a flag to a script when compared to
running a command or clicking a button. However, the messages
[Bug 1880546] Re: 80-esm requires lsb_release but package does not depend on lsb-release
This is related to this Github Issue: https://github.com/canonical/ubuntu-advantage-client/issues/1245 All maintained versions of UA Client (19+) have removed the call to `lsb_release` and is parsing `os-release` directly, so this error does not happen anymore. ** Bug watch added: github.com/canonical/ubuntu-advantage-client/issues #1245 https://github.com/canonical/ubuntu-advantage-client/issues/1245 ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1880546 Title: 80-esm requires lsb_release but package does not depend on lsb-release To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1880546/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1972067] Re: package ubuntu-advantage-tools 27.8~22.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess was killed by signal (Broken pipe)
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1972067 Title: package ubuntu-advantage-tools 27.8~22.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess was killed by signal (Broken pipe) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1972067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1956764] Re: Proxy should be set up only for ua-related repos
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1956764 Title: Proxy should be set up only for ua-related repos To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1956764/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1965836] Re: Unexpected error(s) occurred. For more details, see the log: /var/log/ubuntu-advantage.log
Hello, grxmr3ap3r, thank you for reporting this bug. Could you please give us more information/context on how/when this error happened? If you have access to a CLI, could you please run `ua collect-logs` and send us the resulting file? Thanks in advance, ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1965836 Title: Unexpected error(s) occurred. For more details, see the log: /var/log/ubuntu-advantage.log To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1965836/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1961168] Re: package ubuntu-advantage-tools 27.6~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 139
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1961168 Title: package ubuntu-advantage-tools 27.6~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 139 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1961168/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1960198] Re: package ubuntu-advantage-tools 27.5~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 126
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1960198 Title: package ubuntu-advantage-tools 27.5~20.04.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 126 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1960198/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1954775] Re: # Development UA Client config file. YAML contract_url: https://contracts.staging.canonical.com data_dir: /var/tmp/uaclient log_file: ubuntu-advantage-devel.log log_level: debug secu
Hello, thanks for reaching out. Would you please describe what exactly is the problem you are facing here? We'll be glad to help when we understand the issue. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1954775 Title: # Development UA Client config file. YAML contract_url: https://contracts.staging.canonical.com data_dir: /var/tmp/uaclient log_file: ubuntu-advantage-devel.log log_level: debug security_url: https://ubuntu.com/security timer_log_file: ubuntu-advantage-timer- devel.log license_check_log_file: ubuntu-advantage-license-check- devel.log ua_config: apt_http_proxy: null apt_https_proxy: null http_proxy: null https_proxy: null update_messaging_timer: 21600 update_status_timer: 43200 metering_timer: 0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1954775/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1955471] Re: ubuntu-security-status shouldn't display information about ESM for Apps
I repeated the same tests above, changing the script to use the package in `-proposed` instead of directly applying the patches. As can be seen in the output, all the messages match the expected for each case, just like before. ** Attachment added: "esm-apps-test-proposed.tar.gz" https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+attachment/5557319/+files/esm-apps-test-proposed.tar.gz ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1955471 Title: ubuntu-security-status shouldn't display information about ESM for Apps To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1955471] Re: ubuntu-security-status shouldn't display information about ESM for Apps
Here is an improved version of the test script, considering a couple more scenarios to show the singulars and plurals. There is also an output of a run, applying this patch after the previous one, and using a valid token for UA Apps. ** Attachment added: "esm-apps-messages-test.tar.gz" https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+attachment/167/+files/esm-apps-messages-test.tar.gz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1955471 Title: ubuntu-security-status shouldn't display information about ESM for Apps To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1955471] Re: ubuntu-security-status shouldn't display information about ESM for Apps
I found it: there is a bug there for this message, because `esm_enabled` is considering only esm-infra and not esm-apps. This patch fixes it, and improves pluralization of the messages. ** Patch added: "esmmessages.patch" https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+attachment/165/+files/esmmessages.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1955471 Title: ubuntu-security-status shouldn't display information about ESM for Apps To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1955471] Re: ubuntu-security-status shouldn't display information about ESM for Apps
About the messages: - The plurals are exactly as before, I didn't touch them, but I do agree that it can be improved. `1 are` could also be fixed. - The upper message is telling that the package is covered by ESM-Apps, and receive security updates through ESM-Apps. The second part of the message tells you to enable it to get those updates. If you want, I can send another small patch fixing these messages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1955471 Title: ubuntu-security-status shouldn't display information about ESM for Apps To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1955471] Re: ubuntu-security-status shouldn't display information about ESM for Apps
Output of the aforementioned test ** Attachment added: "output.txt" https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+attachment/5554384/+files/output.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1955471 Title: ubuntu-security-status shouldn't display information about ESM for Apps To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1955471] Re: ubuntu-security-status shouldn't display information about ESM for Apps
Here is a script to test this patch against this bug. The script runs on Focal because today there is no ESM-Apps availability for Jammy, but there is no series-specific behavior and it shall work the same. ** Description changed: + [Impact] + + Users could have a message saying that packages are covered by ESM-Apps + even in series which are not under LTS support yet. ESM-Apps will cover + that, but it is still unreleased, which lead to confusion on why users + are seeing messages about it. + + ESM-Apps is currently a beta service, and users which explicitly enabled + it can use it. Ubuntu Advantage Tools only shows relevant information + about ESM-Apps if it is enabled. Ubuntu-security-status should do the + same. + + [Test Plan] + Attached to the bug there is a test script showing the messages, and how they behave with the proposed patch. + + [Where problems could occur] + There may be problems if there is the desire to show ESM-Apps related information before it comes out of beta. If people (products people?) change their minds and want to show those messages, there would be a need of a subsequent SRU. This is not a possibility being considered today. + + People with access to ESM-Apps can still see the message and be confused + about it, but if they have access to it in beta it means they have the + appropriate context. + + [Original Description] + There seems to be a misleading, incorrect message in ubuntu-security-status ESM wouldn’t be needed (or even enabled) until 20.04 is EOL, in 2025. --- See this link: https://discourse.ubuntu.com/t/why-is-extended-security-maintenance- needed-for-apps-in-ubuntu-20-04-x-lts-in-2021/25871 - tester@lenovo-v130:~$ ubuntu-security-status + tester@lenovo-v130:~$ ubuntu-security-status 1832 packages installed, of which: 1673 receive package updates with LTS until 4/2025 152 could receive security updates with ESM Apps until 4/2030 7 packages are from third parties Packages from third parties are not provided by the official Ubuntu archive, for example packages from Personal Package Archives in Launchpad. For more information on the packages, run 'ubuntu-security-status --thirdparty'. Enable Extended Security Maintenance (ESM Apps) to get 10 security updates (so far) and enable coverage of 152 packages. This machine is not attached to an Ubuntu Advantage subscription. See https://ubuntu.com/advantage - tester@lenovo-v130:~$ + tester@lenovo-v130:~$ Questions Why is Extended Maintenance needed for apps in Ubuntu 20.04.x LTS in 2021? Which are those 10 security updates that need ESM? Is there a link where they are listed? Where are the 152 packages (that need ESM) listed? --- I was told to report this as a bug by oSoMoN: Why is Extended Maintenance needed for apps in Ubuntu 20.04.x LTS in 2021? Which are those 10 security updates that need ESM? Is there a link where they are listed? This sounds like a misleading, incorrect message. ESM wouldn’t be needed (or even enabled) until 20.04 is EOL, in 2025. Can you file a bug issuing the following command: ubuntu-bug update-manager-core ? ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: update-manager-core 1:20.04.10.9 ProcVersionSignature: Ubuntu 5.11.0-43.47~20.04.2-generic 5.11.22 Uname: Linux 5.11.0-43-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.21 Aptdaemon: - + Architecture: amd64 CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Tue Dec 21 09:43:33 2021 GsettingsChanges: b'com.ubuntu.update-manager' b'launch-count' b'12' b'com.ubuntu.update-manager' b'first-run' b'false' b'com.ubuntu.update-manager' b'launch-time' b'int64 1639852408' InstallationDate: Installed on 2020-09-04 (472 days ago) InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731) PackageArchitecture: all SourcePackage: update-manager UpgradeStatus: No upgrade log present (probably fresh install) ** Attachment added: "Script to test it" https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+attachment/5554383/+files/test-uss.sh -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1955471 Title: ubuntu-security-status shouldn't display information about ESM for Apps To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1955471] Re: Why is Extended Maintenance needed for apps in Ubuntu 20.04.x LTS in 2021?
Hello everyone. In Ubuntu Advantage Client, as of now, `ua security-status` is showing ESM-Apps information only if it is enabled on the machine while the service is beta. This patch does the same for `ubuntu-security-status`: it will only show ESM-Apps related information if: - The user has enabled esm-apps through UA, or - ESM Apps gets released and we remove the `beta` flag on the UA side. Please let me know if this suffices and/or if there is anything else we could help with. ** Patch added: "esmapps.patch" https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+attachment/5554351/+files/esmapps.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1955471 Title: Why is Extended Maintenance needed for apps in Ubuntu 20.04.x LTS in 2021? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1951954] Re: ua refresh "Unexpected error(s) occurred"
Sorry for not putting the whole verification up here. For the LTS releases, I am attaching all the output files from running the test script (and did a small change to the script, to make sure only u-a-t is upgraded from proposed). This bug does not affect non-LTS releases because livepatch can't be enabled on those - current UA services will be n/a on hirsute/impish. ** Attachment added: "updated verification script and output" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951954/+attachment/5553869/+files/tests-1951954.tar.gz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951954 Title: ua refresh "Unexpected error(s) occurred" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1951954] Re: ua refresh "Unexpected error(s) occurred"
** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-hirsute verification-needed-impish verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-hirsute verification-done-impish verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951954 Title: ua refresh "Unexpected error(s) occurred" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1956456] Re: [SRU] ubuntu-advantage-tools (27.4.2 -> 27.5) Xenial, Bionic, Focal, Hirsute, Impish
** Tags removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-hirsute verification-needed-impish verification-needed-xenial ** Tags added: verification-done verification-done-bionic verification-done-focal verification-done-hirsute verification-done-impish verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1956456 Title: [SRU] ubuntu-advantage-tools (27.4.2 -> 27.5) Xenial, Bionic, Focal, Hirsute, Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1956456/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1956456] Re: [SRU] ubuntu-advantage-tools (27.4.2 -> 27.5) Xenial, Bionic, Focal, Hirsute, Impish
Attaching integration test result files for the SRU ** Attachment added: "integration test results" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1956456/+attachment/5553359/+files/test-results.tar.gz ** Description changed: [Impact] This release brings changes to match the Contract Server new affordance, presentedAs, to present a resource via CLI with the appropriate name based on the contract definition. The main use for this functionality is to show CIS as USG on series where the latter is available, enabling user access to this new service. Furthermore, these are the additional functionalities/bug fixes contained: * Improvement on redaction of sensitive information in log files * Support for getting AWS metadata through IPv6 * Ability to do a preflight query for contract/entitlements for a token without attaching * Fix the return codes when attaching an already attached machine - (GH: #1867) * Change the calls to livepatch to use the full path - (LP: #1951954) See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates - The ubuntu-advantage-tools team will be in charge of attaching the artifacts and + The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. - + Integratino test artifacts are attached to the bug. [Regression Potential] Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved. Redacting the logs is still a work in progress, and to avoid problems we will only make the logs world readable in the future, when all cases where sensitive information can be logged are verified. In postinst, we changed a dictionary iteration to the equivalent function implementation. Tests show that the return value is exactly the same, but we may be inadvertently adding a bug there. In postrm, we are using a wildcard to remove gpg keys that matches the naming schema we have for files. There is a risk if someone names an unrelated apt gpg key with the ua prefix - it will end up being removed as well. [Discussion] This is the first version of the CIS/USG migration, and we do expect the security team to come with more requests/fixes on this in the future. However, we did agree to do that iteratively over SRUs. The Xenial and Bionic series should see only UI text changes, preserving exactly the same functionality as before. From Focal on, it is expected that USG will replace CIS. Being a superset of CIS, USG enables people interested in CIS to use the functionality without problems, and security will have documentation up to guide on that. For the migration path, users on Focal which have already enabled CIS will see USG instead, while still keeping the functionality they enabled before. `ua enable cis` will still work from Focal onwards with the same functionality as before, but informing the user that USG should be used instead, and pointing to relevant documentation. [Changelog] * d/control: - Update homepage URL * d/tools.postinst: - Refactor to use valid_services * New upstream release 27.5: - aws: add support for the IPv6 metadata endpoint - cis: update URL for the documentation - cli: + add endpoint to simulate the status using a specific contract token + fix return code when attaching an already attached machine (GH: #1867) + fix security-status to consider all possible origins to show updates + include cloud build.info in the collect-logs tarball + only show services which exist in the contracts server in ua status - docs: fix typos and wrong/outdated information - livepatch: always use the full path in livepatch calls (LP: #1951954) - logs: + improve rules to redact sensitive information from all log files + redact sensitive information from older unredacted log files + log errors from external software execution, for debugging purposes - usg: + support the presentedAs affordance from the contract server, showing services in the CLI with the appropriate names + replace the CIS entitlement by USG on Focal and onwards ** Description changed: [Impact] This release brings changes to match the Contract Server new affordance, presentedAs, to present a resource via CLI with the appropriate name based on the contract definition. The main use for this functionality is to show CIS as USG on series where the latter is available, enabling user access to this new service. Furthermore, these are the additional
[Bug 1956456] Re: [SRU] ubuntu-advantage-tools (27.4.2 -> 27.5) Xenial, Bionic, Focal, Hirsute, Impish
Attaching manual test result for the AWS IPv6 endpoint support, in sru/release-27.5/test-aws-ipv6.sh ** Attachment added: "manual test result" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1956456/+attachment/5553355/+files/output -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1956456 Title: [SRU] ubuntu-advantage-tools (27.4.2 -> 27.5) Xenial, Bionic, Focal, Hirsute, Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1956456/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1951954] Re: ua refresh "Unexpected error(s) occurred"
** Attachment added: "Script to test it" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951954/+attachment/5553194/+files/testlivepatch.sh -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951954 Title: ua refresh "Unexpected error(s) occurred" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1951954] Re: ua refresh "Unexpected error(s) occurred"
** Attachment added: "Output of the script execution" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951954/+attachment/5553195/+files/output ** Description changed: [Impact] If /snap/bin is not present in the PATH, UA will fail when trying to run it. This is fixed by specifying the full path (/snap/bin/canonical-livepatch) to every call from UA side. [Test Case] To reproduce the bug, run `sudo env PATH="/usr/bin" ua refresh` on an attached bionic machine. Then, install the 27.5 version from the staging PPA (https://launchpad.net/~ua-client/+archive/ubuntu/staging) Repeating the same command as above runs without an error. + + There is a test script attached to this bug, as well as execution + output, to show the above solution works. [Regression Potential] It could only cause problems if canonical-livepatch is in a different place than /snap/bin, and it should not happen in any installation. [Original Description] root@somehost:~# ua refresh Unexpected error(s) occurred. For more details, see the log: /var/log/ubuntu-advantage.log To file a bug run: ubuntu-bug ubuntu-advantage-tools ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: ubuntu-advantage-tools 27.4.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-143.147-generic 4.15.18 Uname: Linux 4.15.0-143-generic x86_64 NonfreeKernelModules: lkp_Ubuntu_4_15_0_143_147_generic_82 lkp_Ubuntu_4_15_0_143_147_generic_81 lkp_Ubuntu_4_15_0_143_147_generic_80 lkp_Ubuntu_4_15_0_143_147_generic_79 ApportVersion: 2.20.9-0ubuntu7.27 Architecture: amd64 Date: Tue Nov 23 12:56:54 2021 InstallationDate: Installed on 2015-08-06 (2300 days ago) InstallationMedia: Ubuntu-Server 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1) ProcEnviron: LANGUAGE=en_GB:en TERM=screen PATH=(custom, no user) LANG=en_GB.UTF-8 SHELL=/bin/bash SourcePackage: ubuntu-advantage-tools UpgradeStatus: Upgraded to bionic on 2020-06-17 (524 days ago) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951954 Title: ua refresh "Unexpected error(s) occurred" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1956456] Re: [SRU] ubuntu-advantage-tools (27.4.2 -> 27.5) Xenial, Bionic, Focal, Hirsute, Impish
** Description changed: [Impact] This release brings changes to match the Contract Server new affordance, presentedAs, to present a resource via CLI with the appropriate name based on the contract definition. The main use for this functionality is to show CIS as USG on series where the latter is available, enabling user access to this new service. Furthermore, these are the additional functionalities/bug fixes contained: * Improvement on redaction of sensitive information in log files * Support for getting AWS metadata through IPv6 * Ability to do a preflight query for contract/entitlements for a token without attaching * Fix the return codes when attaching an already attached machine - (GH: #1867) * Change the calls to livepatch to use the full path - (LP: #1951954) See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. [Regression Potential] Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved. Redacting the logs is still a work in progress, and to avoid problems we will only make the logs world readable in the future, when all cases where sensitive information can be logged are verified. + In postinst, we changed a dictionary iteration to the equivalent + function implementation. Tests show that the return value is exactly the + same, but we may be inadvertently adding a bug there. + + In postrm, we are using a wildcard to remove gpg keys that matches the + naming schema we have for files. There is a risk if someone names an + unrelated apt gpg key with the ua prefix - it will end up being removed + as well. + [Discussion] This is the first version of the CIS/USG migration, and we do expect the security team to come with more requests/fixes on this in the future. However, we did agree to do that iteratively over SRUs. [Changelog] * d/control: - Update homepage URL * d/tools.postinst: - Refactor to use valid_services - * d/tools.postrm: - - Use a wildcard to remove ua related gpg files * New upstream release 27.5: - aws: add support for the IPv6 metadata endpoint - cis: update URL for the documentation - cli: + add endpoint to simulate the status using a specific contract token + fix return code when attaching an already attached machine (GH: #1867) + fix security-status to consider all possible origins to show updates + include cloud build.info in the collect-logs tarball + only show services which exist in the contracts server in ua status - docs: fix typos and wrong/outdated information - livepatch: always use the full path in livepatch calls (LP: #1951954) - logs: + improve rules to redact sensitive information from all log files + redact sensitive information from older unredacted log files + log errors from external software execution, for debugging purposes - usg: + support the presentedAs affordance from the contract server, showing services in the CLI with the appropriate names + replace the CIS entitlement by USG on Focal and onwards ** Description changed: [Impact] This release brings changes to match the Contract Server new affordance, presentedAs, to present a resource via CLI with the appropriate name based on the contract definition. The main use for this functionality is to show CIS as USG on series where the latter is available, enabling user access to this new service. Furthermore, these are the additional functionalities/bug fixes contained: * Improvement on redaction of sensitive information in log files * Support for getting AWS metadata through IPv6 * Ability to do a preflight query for contract/entitlements for a token without attaching * Fix the return codes when attaching an already attached machine - (GH: #1867) * Change the calls to livepatch to use the full path - (LP: #1951954) See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. [Regression Potential] Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved.
[Bug 1956456] Re: [SRU] ubuntu-advantage-tools (27.4.2 -> 27.5) Xenial, Bionic, Focal, Hirsute, Impish
** Description changed: [Impact] This release brings changes to match the Contract Server new affordance, presentedAs, to present a resource via CLI with the appropriate name based on the contract definition. The main use for this functionality is to show CIS as USG on series where the latter is available, enabling user access to this new service. Furthermore, these are the additional functionalities/bug fixes contained: * Improvement on redaction of sensitive information in log files * Support for getting AWS metadata through IPv6 * Ability to do a preflight query for contract/entitlements for a token without attaching * Fix the return codes when attaching an already attached machine - (GH: #1867) * Change the calls to livepatch to use the full path - (LP: #1951954) See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. [Regression Potential] Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved. Redacting the logs is still a work in progress, and to avoid problems we will only make the logs world readable in the future, when all cases where sensitive information can be logged are verified. [Discussion] This is the first version of the CIS/USG migration, and we do expect the security team to come with more requests/fixes on this in the future. However, we did agree to do that iteratively over SRUs. [Changelog] * d/control: - Update homepage URL * d/tools.postinst: - Refactor to use valid_services + * d/tools.postrm: + - Use a wildcard to remove ua related gpg files * New upstream release 27.5: - aws: add support for the IPv6 metadata endpoint - cis: update URL for the documentation - cli: + add endpoint to simulate the status using a specific contract token + fix return code when attaching an already attached machine (GH: #1867) + fix security-status to consider all possible origins to show updates + include cloud build.info in the collect-logs tarball + only show services which exist in the contracts server in ua status - docs: fix typos and wrong/outdated information - livepatch: always use the full path in livepatch calls (LP: #1951954) - logs: + improve rules to redact sensitive information from all log files + redact sensitive information from older unredacted log files + log errors from external software execution, for debugging purposes - usg: + support the presentedAs affordance from the contract server, showing services in the CLI with the appropriate names + replace the CIS entitlement by USG on Focal and onwards -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1956456 Title: [SRU] ubuntu-advantage-tools (27.4.2 -> 27.5) Xenial, Bionic, Focal, Hirsute, Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1956456/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1956456] Re: [SRU] ubuntu-advantage-tools (27.4.2 -> 27.5) Xenial, Bionic, Focal, Hirsute, Impish
** Description changed: [Impact] - This release brings changes to match the Contract Server new affordance, presentedAs, to present a resource via CLI with the appropriate name based on release. The main use for this functionality is to show CIS as USG on series where the latter is available, enabling user access to this new service. + This release brings changes to match the Contract Server new affordance, presentedAs, to present a resource via CLI with the appropriate name based on the contract definition. The main use for this functionality is to show CIS as USG on series where the latter is available, enabling user access to this new service. Furthermore, these are the additional functionalities/bug fixes contained: * Improvement on redaction of sensitive information in log files * Support for getting AWS metadata through IPv6 * Ability to do a preflight query for contract/entitlements for a token without attaching * Fix the return codes when attaching an already attached machine - (GH: #1867) * Change the calls to livepatch to use the full path - (LP: #1951954) See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. [Regression Potential] Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved. Redacting the logs is still a work in progress, and to avoid problems we will only make the logs world readable in the future, when all cases where sensitive information can be logged are verified. [Discussion] This is the first version of the CIS/USG migration, and we do expect the security team to come with more requests/fixes on this in the future. However, we did agree to do that iteratively over SRUs. [Changelog] - * d/control: - - Update homepage URL - * d/tools.postinst: - - Refactor to use valid_services - * New upstream release 27.5: - - aws: add support for the IPv6 metadata endpoint - - cis: update URL for the documentation - - cli: - + add endpoint to simulate the status using a specific contract token - + fix return code when attaching an already attached machine (GH: #1867) - + fix security-status to consider all possible origins to show updates - + include cloud build.info in the collect-logs tarball - + only show services which exist in the contracts server in ua status - - docs: fix typos and wrong/outdated information - - livepatch: always use the full path in livepatch calls (LP: #1951954) - - logs: - + improve rules to redact sensitive information from all log files - + redact sensitive information from older unredacted log files - + log errors from external software execution, for debugging purposes - - usg: - + support the presentedAs affordance from the contract server, showing - services in the CLI with the appropriate names - + replace the CIS entitlement by USG on Focal and onwards + * d/control: + - Update homepage URL + * d/tools.postinst: + - Refactor to use valid_services + * New upstream release 27.5: + - aws: add support for the IPv6 metadata endpoint + - cis: update URL for the documentation + - cli: + + add endpoint to simulate the status using a specific contract token + + fix return code when attaching an already attached machine (GH: #1867) + + fix security-status to consider all possible origins to show updates + + include cloud build.info in the collect-logs tarball + + only show services which exist in the contracts server in ua status + - docs: fix typos and wrong/outdated information + - livepatch: always use the full path in livepatch calls (LP: #1951954) + - logs: + + improve rules to redact sensitive information from all log files + + redact sensitive information from older unredacted log files + + log errors from external software execution, for debugging purposes + - usg: + + support the presentedAs affordance from the contract server, showing + services in the CLI with the appropriate names + + replace the CIS entitlement by USG on Focal and onwards -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1956456 Title: [SRU] ubuntu-advantage-tools (27.4.2 -> 27.5) Xenial, Bionic, Focal, Hirsute, Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1956456/+subscriptions --
[Bug 1951954] Re: ua refresh "Unexpected error(s) occurred"
** Description changed: + [Impact] + If /snap/bin is not present in the PATH, UA will fail when trying to run it. + This is fixed by specifying the full path (/snap/bin/canonical-livepatch) to every call from UA side. + + [Test Case] + To reproduce the bug, run `sudo env PATH="/usr/bin" ua refresh` on an attached bionic machine. + + Then, install the 27.5 version from the staging PPA + (https://launchpad.net/~ua-client/+archive/ubuntu/staging) + + Repeating the same command as above runs without an error. + + [Regression Potential] + It could only cause problems if canonical-livepatch is in a different place than /snap/bin, and it should not happen in any installation. + + [Original Description] + root@somehost:~# ua refresh Unexpected error(s) occurred. For more details, see the log: /var/log/ubuntu-advantage.log To file a bug run: ubuntu-bug ubuntu-advantage-tools ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: ubuntu-advantage-tools 27.4.1~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-143.147-generic 4.15.18 Uname: Linux 4.15.0-143-generic x86_64 NonfreeKernelModules: lkp_Ubuntu_4_15_0_143_147_generic_82 lkp_Ubuntu_4_15_0_143_147_generic_81 lkp_Ubuntu_4_15_0_143_147_generic_80 lkp_Ubuntu_4_15_0_143_147_generic_79 ApportVersion: 2.20.9-0ubuntu7.27 Architecture: amd64 Date: Tue Nov 23 12:56:54 2021 InstallationDate: Installed on 2015-08-06 (2300 days ago) InstallationMedia: Ubuntu-Server 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1) ProcEnviron: - LANGUAGE=en_GB:en - TERM=screen - PATH=(custom, no user) - LANG=en_GB.UTF-8 - SHELL=/bin/bash + LANGUAGE=en_GB:en + TERM=screen + PATH=(custom, no user) + LANG=en_GB.UTF-8 + SHELL=/bin/bash SourcePackage: ubuntu-advantage-tools UpgradeStatus: Upgraded to bionic on 2020-06-17 (524 days ago) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951954 Title: ua refresh "Unexpected error(s) occurred" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951954/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1956456] [NEW] [SRU] ubuntu-advantage-tools (27.4.2 -> 27.5) Xenial, Bionic, Focal, Hirsute, Impish
Public bug reported: [Impact] This release brings changes to match the Contract Server new affordance, presentedAs, to present a resource via CLI with the appropriate name based on release. The main use for this functionality is to show CIS as USG on series where the latter is available, enabling user access to this new service. Furthermore, these are the additional functionalities/bug fixes contained: * Improvement on redaction of sensitive information in log files * Support for getting AWS metadata through IPv6 * Ability to do a preflight query for contract/entitlements for a token without attaching * Fix the return codes when attaching an already attached machine - (GH: #1867) * Change the calls to livepatch to use the full path - (LP: #1951954) See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. [Regression Potential] Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved. Redacting the logs is still a work in progress, and to avoid problems we will only make the logs world readable in the future, when all cases where sensitive information can be logged are verified. [Discussion] This is the first version of the CIS/USG migration, and we do expect the security team to come with more requests/fixes on this in the future. However, we did agree to do that iteratively over SRUs. [Changelog] * d/control: - Update homepage URL * d/tools.postinst: - Refactor to use valid_services * New upstream release 27.5: - aws: add support for the IPv6 metadata endpoint - cis: update URL for the documentation - cli: + add endpoint to simulate the status using a specific contract token + fix return code when attaching an already attached machine (GH: #1867) + fix security-status to consider all possible origins to show updates + include cloud build.info in the collect-logs tarball + only show services which exist in the contracts server in ua status - docs: fix typos and wrong/outdated information - livepatch: always use the full path in livepatch calls (LP: #1951954) - logs: + improve rules to redact sensitive information from all log files + redact sensitive information from older unredacted log files + log errors from external software execution, for debugging purposes - usg: + support the presentedAs affordance from the contract server, showing services in the CLI with the appropriate names + replace the CIS entitlement by USG on Focal and onwards ** Affects: ubuntu-advantage-tools (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1956456 Title: [SRU] ubuntu-advantage-tools (27.4.2 -> 27.5) Xenial, Bionic, Focal, Hirsute, Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1956456/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1953638] Re: package ubuntu-advantage-tools 27.2.2~16.04.1 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1
** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Triaged ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1953638 Title: package ubuntu-advantage-tools 27.2.2~16.04.1 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1953638/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1954542] Re: package ubuntu-advantage-tools 27.4.2~21.10.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 1
Hello, Daevid, thanks for reporting this. I couldn't reproduce this problem even using a custom python2 installation. Could you please give us more details on your python setup? ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1954542 Title: package ubuntu-advantage-tools 27.4.2~21.10.1 failed to install/upgrade: installed ubuntu-advantage-tools package post- installation script subprocess returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1954542/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1951705] Re: traceback from postinst on upgrade
Thanks for the information, Steve. Indeed, this is a bug happening on arm, aarch64 and possibly other architectures. There is a PR up to fix it: https://github.com/canonical/ubuntu- advantage-client/pull/1891 ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: Incomplete => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951705 Title: traceback from postinst on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1951705] Re: traceback from postinst on upgrade
Hello Steve, thanks for reporting this. Could you please send us a copy of /var/log/ubuntu-advantage.log so the team can take a look on what is happening? Thanks. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951705 Title: traceback from postinst on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1951705/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1950813] Re: version 27.3: on unattached machines update_status_timer incorrectly pings contracts.canonical.com/v1/resources
Those are steps to assure that the status job does not call the contracts server on an unattached machine 1. Launch a lxd instance of (xenial|bionic|focal) 2. Install a version of ubuntu-advantage-tools containing the change (> 27.4.1). 3. Disable all jobs but the status job: `sudo ua config set metering_timer=0` `sudo ua config set update_messaging_timer=0` 4. Start Wireshark on a separate terminal, looking for calls to the Contracts Server `sudo tcpdump -i eth0 -A | grep contracts` 5. Run `sudo ua status` 6. Verify: a. The status output shows the machine as unnatached b. Wireshark captured the call to the contracts server 7. Remove jobs-status.json `sudo rm -f /var/lib/ubuntu-advantage/jobs-status.json` 6. Run the timer script `sudo python3 /usr/lib/ubuntu-advantage/timer.py` 7. Verify that no call to contracts.canonical.com is shown in the terminal with Wireshark (after the previous one) 8. Verify that the job was actually processes by the timer `sudo cat /var/lib/ubuntu-advantage/jobs-status.json` "update_status" should be the only job there. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950813 Title: version 27.3: on unattached machines update_status_timer incorrectly pings contracts.canonical.com/v1/resources To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1950813/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1942929] Re: [SRU] ubuntu-advantage-tools (27.2.2 -> 27.3) Xenial, Bionic, Focal, Hirsute
** Description changed: [Impact] This release sports both bug-fixes and new features and we would like to make sure all of our supported customers have access to these improvements. The notable ones are: * more robust error handling when determining the cloud we're on LP: #1940131 LP: #1938207 LP: #1944676 * disallows fips on focal aws/azure LP: #1939449 LP: #1939932 * adds/changes to ua-related recurring jobs: - change in frequency to existing job: updates the apt and motd esm update messaging: every 6 hours - new job: updates the contract details and status: every 12 hours - new job: ONLY ON GCP (implemented as separate timer that is only activated on GCP LTS when not attached): checks for license changes and auto-attaches if a pro license was added: every 5 minutes * adds support for ros/ros-updates entitlements with --beta flag With this change, the ua-message timer is renamed to ua-timer, as it has a more generic functionality: it triggers sub jobs which need to be executed periodically. One of those is exactly the job which updates the messaging - which has its interval reduced to 6h, as well as the timer itself. There is also a job to update the client status every 12h, and a third one to collect metrics, which is disabled for this release. See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. [Regression Potential] In order to mitigate the regression potential, the results of the aforementioned integration tests are attached to this bug. We moved the trigger of the apt and motd messaging updates from a dedicated systemd timer to a shared timer that conditionally calls the messaging updates in our python code. This adds complexity. If we made a mistake, then either the job won't get called frequently enough or will get called too frequently. If the former, then some esm updates related messaging will be out of date in apt and motd. If the latter, then cpu cycles will be wasted in needlessly updating messages. We touched postinst to handle cloud-id failures more robustly. Touching postinst is always scary because it is the most likely way for us to break upgrades. In theory this change made upgrades less likely to fail, but if we made a mistake, it could cause new unexpected failures. We added more recurring jobs in the service of new features. This increases complexity and potential for mistakes. In particular, we have strived to avoid excessive logging from these jobs. If we made a mistake in our logging, we could inadvertently fill up disks with useless logs. Additional recurring jobs will also use more cpu over time than previous versions. This is at least partially addressed below. We instrumented a high frequency timer to only run on GCP, but if we made a mistake, this could be accidentally activated on non-GCP machines, which would be a waste. (See below for additional high frequency timer discussion). + + We check if the ua-messaging timer was disabled prior to this update, + and if so we also disable the new ua-timer timer in systemd. Failing to + do so would keep enabled a service that the user had explicitly disabled + in the past, resulting in a unwanted behavior. [Discussion] Our timer on GCP runs every 5 minutes. This is necessary to support timely upgrades of gcp instances from standard ubuntu to ubuntu pro. We need to poll the metadata endpoint frequently to catch the license change in a timely manner. We exit as early as possible if there is nothing to be done for any given timer trigger. From our testing, this has minimal overall system performance impact. [Changelog] * d/tools.postinst: - consider cloud to be "none" on any cloud-id error - purge old ua-messaging.timer/service files * systemd: - remove ua-messaging.timer/service - add new ua-timer.timer that runs every 2 hours - add new ua-license_check.timer that runs every 5 minutes only if activated by ua-license-check.path * New upstream release 27.3 - ros: + add beta support to enable ros and ros-updates + add support for "required services" so that esm-infra and esm-apps get auto-enabled when enabling ros or ros-updates + add support for "dependent services" so that user gets prompted to disable ros/ros-updates if they disable esm-infra/esm-apps - fips: + allow fips on GCP bionic now that optimized kernel is ready + disallow enabling fips on focal on clouds until cloud-optimized focal
[Bug 1942929] Re: [SRU] ubuntu-advantage-tools (27.2.2 -> 27.3) Xenial, Bionic, Focal, Hirsute
** Description changed: [Impact] This release sports both bug-fixes and new features and we would like to make sure all of our supported customers have access to these improvements. The notable ones are: * more robust error handling when determining the cloud we're on LP: #1940131 LP: #1938207 LP: #1944676 * disallows fips on focal aws/azure LP: #1939449 LP: #1939932 * adds/changes to ua-related recurring jobs: - change in frequency to existing job: updates the apt and motd esm update messaging: every 6 hours - new job: updates the contract details and status: every 12 hours - new job: ONLY ON GCP (implemented as separate timer that is only activated on GCP LTS when not attached): checks for license changes and auto-attaches if a pro license was added: every 5 minutes * adds support for ros/ros-updates entitlements with --beta flag - This also lays the foundations for metering pro subscriptions. However, - this feature is disabled in this release. + With this change, the ua-message timer is renamed to ua-timer, as it has + a more generic functionality: it triggers sub jobs which need to be + executed periodically. One of those is exactly the job which updates the + messaging - which has its interval reduced to 6h, as well as the timer + itself. There is also a job to update the client status every 12h, and a + third one to collect metrics, which is disabled for this release. See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. [Regression Potential] In order to mitigate the regression potential, the results of the aforementioned integration tests are attached to this bug. We moved the trigger of the apt and motd messaging updates from a dedicated systemd timer to a shared timer that conditionally calls the messaging updates in our python code. This adds complexity. If we made a mistake, then either the job won't get called frequently enough or will get called too frequently. If the former, then some esm updates related messaging will be out of date in apt and motd. If the latter, then cpu cycles will be wasted in needlessly updating messages. We touched postinst to handle cloud-id failures more robustly. Touching postinst is always scary because it is the most likely way for us to break upgrades. In theory this change made upgrades less likely to fail, but if we made a mistake, it could cause new unexpected failures. We added more recurring jobs in the service of new features. This increases complexity and potential for mistakes. In particular, we have strived to avoid excessive logging from these jobs. If we made a mistake in our logging, we could inadvertently fill up disks with useless logs. Additional recurring jobs will also use more cpu over time than previous versions. This is at least partially addressed below. We instrumented a high frequency timer to only run on GCP, but if we made a mistake, this could be accidentally activated on non-GCP machines, which would be a waste. (See below for additional high frequency timer discussion). [Discussion] Our timer on GCP runs every 5 minutes. This is necessary to support timely upgrades of gcp instances from standard ubuntu to ubuntu pro. We need to poll the metadata endpoint frequently to catch the license change in a timely manner. We exit as early as possible if there is nothing to be done for any given timer trigger. From our testing, this has minimal overall system performance impact. [Changelog] - * d/tools.postinst: - - consider cloud to be "none" on any cloud-id error - - purge old ua-messaging.timer/service files - * systemd: - - remove ua-messaging.timer/service - - add new ua-timer.timer that runs every 2 hours - - add new ua-license_check.timer that runs every 5 minutes only if - activated by ua-license-check.path - * New upstream release 27.3 - - ros: - + add beta support to enable ros and ros-updates - + add support for "required services" so that esm-infra and esm-apps - get auto-enabled when enabling ros or ros-updates - + add support for "dependent services" so that user gets prompted to - disable ros/ros-updates if they disable esm-infra/esm-apps - - fips: - + allow fips on GCP bionic now that optimized kernel is ready - + disallow enabling fips on focal on clouds until cloud-optimized focal - fips-certified kernel is ready (LP: #1939449, LP: #1939932) - + print warning about generic fips kernel if cloud-id fails - - cloud: -
[Bug 1939932] Re: Ubuntu PRO Focal on AWS and Azure should not install the generic FIPS kernel via ubuntu-fips metapackage
** Description changed:
- For Ubuntu PRO on 20.04 (Focal) `ua enable fips` should only install a
- cloud-optimized ubuntu-aws-fips or ubuntu-azure-fips metapackage.
- Installing a non-cloud-optimized FIPS kernel on AWS and Azure could lead
- to inability to boot on certain instance types. Expectation is that
- Focal AWS and Azure images should disallow enabling either fips or fips-
- updates.
+ [Impact]
+ This bug impacts users on AWS or Azure, trying to enable FIPS/FIPS
+ updates on Focal images. Trying to install a non-cloud-optimized FIPS
+ kernel may lead to unwanted behavior on those clouds, including
+ inability to boot to the systems.
- Expected behavior on Ubuntu PRO AWS and Azure Focal:
+ Although Focal has a FIPS certified kernel, the AWS adapted kernel is
+ not ready yet. There will be in the future a cloud-optimized version of
+ the FIPS kernel, and then users will be able to install it.
+
+ With the applied fix, UA will show a message saying that the kernel is
+ not available instead of showing any error. If the user really wants to
+ install FIPS, there is a feature override
+ ("allow_default_fips_metapackage_on_focal_cloud") which will install the
+ default kernel, but this is the user's choice, and not recommended.
+
+ [Test Case]
+ The original description has steps to reproduce. To verify the fix, install
ubuntu-advantage-tools 27.3 and check for the expected behavior described.
+
+ [Regression Potential]
+ This change needs to make sure that we indeed prevent the installation of
non-cloud-optimized kernels. If a corner case shows up, the user might end up
with a wrong kernel. This is unlikely because we are using cloud-init tools,
present in AWS and Azure, to detect the cloud instance and effective blocking
the install. If this detection fails, it means cloud-init has some problem and
then, on AWS or Azure, the instance will have more problems than this one.
+
+ We need to make sure to keep track of the certification progress for the
+ cloud adapted FIPS package, so we can enable it in the future, when it
+ becomes available.
+
+ [Original Description]
+ For Ubuntu PRO on 20.04 (Focal) `ua enable fips` should only install a
cloud-optimized ubuntu-aws-fips or ubuntu-azure-fips metapackage. Installing a
non-cloud-optimized FIPS kernel on AWS and Azure could lead to inability to
boot on certain instance types. Expectation is that Focal AWS and Azure images
should disallow enabling either fips or fips-updates.
+
+ Expected behavior on Ubuntu PRO AWS and Azure Focal:
$ ua status | grep fips
- fips no— NIST-certified FIPS modules
- fips-updates no— Uncertified security updates to FIPS
modules
+ fips no — NIST-certified FIPS modules
+ fips-updates no — Uncertified security updates to FIPS modules
$ sudo ua enable fips-updates
One moment, checking your subscription first
This system will NOT be considered FIPS certified, but will include security
and bug fixes to the FIPS packages.
Are you sure? (y/N) y
This subscription is not entitled to FIPS Updates.
For more information see: https://ubuntu.com/advantage
-
Actual behavior:
$ ua status | grep fips
- fips yesdisabled NIST-certified FIPS
modules
- fips-updates yesdisabled Uncertified security
updates to FIPS modules
+ fips yes disabled NIST-certified FIPS modules
+ fips-updates yes disabled Uncertified security updates to FIPS modules
$ sudo ua enable fips-updates
One moment, checking your subscription first
This system will NOT be considered FIPS certified, but will include security
and bug fixes to the FIPS packages.
Are you sure? (y/N) y
Updating package lists
Installing FIPS Updates packages
FIPS Updates enabled
A reboot is required to complete install
# see ubuntu-fips generic get installed which potentially degrades AWS and
Azure environments
- $ sudo grep install /var/log/ubuntu-advantage.log
+ $ sudo grep install /var/log/ubuntu-advantage.log
2021-08-13 22:19:07,344 - util.py:(506) [DEBUG]: Ran cmd: apt-get install
--assume-yes -o Dpkg::Options::="--force-confdef" -o
Dpkg::Options::="--force-confold" ubuntu-fips openssh-client
openssh-client-hmac openssh-server openssh-server-hmac openssh-client
openssh-client-hmac openssh-server openssh-server-hmac, rc: 0 stderr: b''
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1939932
Title:
Ubuntu PRO Focal on AWS and Azure should not install the generic FIPS
kernel via ubuntu-fips metapackage
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1939932/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1939449] Re: Ubuntu Pro UA fails to enable fips-updates on 20.04
** Description changed:
[Impact]
This bug impacts users on AWS, trying to enable FIPS/FIPS updates on
Focal images. There is a missing package, 'ubuntu-aws-fips', which
causes the installation to fail.
This package is missing because, although Focal has a FIPS certified
kernel, the AWS adapted kernel is not ready yet. There will be in the
future a cloud-optimized version of the FIPS kernel, and then users will
be able to install it.
- Right now, UA will show a message saying that the kernel is not
- available instead of showing an error. If the user really wants to
+ With the applied fix, UA will show a message saying that the kernel is
+ not available instead of showing an error. If the user really wants to
install FIPS, there is a feature override
("allow_default_fips_metapackage_on_focal_cloud") which will install the
default kernel.
-
[Test Case]
To reproduce
- Spin an AWS instance using the Ubuntu 20.04 image.
- Attach a valid token
- Run `$ sudo ua enable fips` (or `fips-updates`)
To verify the fix:
1. Update to ubuntu-advantage-tools 27.3, and run the same procedure. Verify
that a message is displayed saying that the kernel is not available for the
Focal release.
2. Append the following to '/etc/ubuntu-advantage/uaclient.conf':
"""
features:
- allow_default_fips_metapackage_on_focal_cloud: true
+ allow_default_fips_metapackage_on_focal_cloud: true
"""
and then run the command again. Verify that it installs a base FIPS kernel,
without the -aws prefix.
[Regression Potential]
This change needs to make sure that we indeed prevent the installation of the
non-existent package. If a corner case shows up, the user might end up with a
wrong kernel. This is unlikely because we are using cloud-init tools, present
in AWS, to detect the cloud instance and effective blocking the install. If
this detection fails, it means cloud-init has some problem and then, on AWS,
the instance will have more problems than this one.
We need to make sure to keep track of the certification progress for the
cloud adapted FIPS package, so we can enable it in the future, when it
becomes available.
[Original Description]
Using AWS AMI: ami-0193aa0a9df84a08b
Attempting to enable fips-updates with the ua command line tool fails
with error that apt "Unable to locate package ubuntu-aws-fips."
Canonical has told me directly 20.04 is now FIPS 140-2 Level 1
certified.
Output:
ubuntu@ip-xx-xx-xx-xx:~$ lsb_release -rd
Description: Ubuntu 20.04.2 LTS
Release: 20.04
ubuntu@ip-xx-xx-xx-xx:~$ ua version
27.2.2~20.04.1
ubuntu@ip-xx-xx-xx-xx:~$ sudo ua status --all
SERVICE ENTITLED STATUS DESCRIPTION
cc-eal yes n/a Common Criteria EAL2 Provisioning Packages
cis yes disabled Center for Internet Security Audit Tools
esm-apps yes disabled UA Apps: Extended Security Maintenance (ESM)
esm-infra yes disabled UA Infra: Extended Security Maintenance (ESM)
fips yes disabled NIST-certified core packages
fips-updates yes disabled NIST-certified core packages with priority security
updates
livepatch yes disabled Canonical Livepatch service
Enable services with: ua enable
- Account:
-Subscription:
- Valid until: -12-31 00:00:00+00:00
+ Account:
+ Subscription:
+ Valid until: -12-31 00:00:00+00:00
Technical support level: essential
ubuntu@ip-xx-xx-xx-xx:~$ sudo ua --debug enable fips-updates
DEBUG: Executed with sys.argv: ['/usr/bin/ua', '--debug', 'enable',
'fips-updates']
This will install the FIPS core packages and will include priority updates
with security fixes.
Are you sure? (y/N) y
DEBUG: Writing file:
/var/lib/ubuntu-advantage/private/machine-access-fips-updates
DEBUG: Writing file: /etc/apt/preferences.d/ubuntu-fips-updates
DEBUG: Ran cmd: apt-cache policy, rc: 0 stderr: b''
DEBUG: Writing file: /etc/apt/sources.list.d/ubuntu-fips-updates.list
DEBUG: Writing file: /etc/apt/auth.conf.d/90ubuntu-advantage
DEBUG: Exporting GPG key /usr/share/keyrings/ubuntu-advantage-fips.gpg
Updating package lists
DEBUG: Ran cmd: apt-get update, rc: 0 stderr: b''
DEBUG: Reading file: /var/lib/ubuntu-advantage/private/machine-token.json
Installing FIPS Updates packages
DEBUG: Failed running command 'apt-get install --assume-yes
--allow-downgrades -o Dpkg::Options::="--force-confdef" -o
Dpkg::Options::="--force-confold" ubuntu-aws-fips' [exit(100)]. Message: E:
Unable to locate package ubuntu-aws-fips
DEBUG: Failed running command 'apt-get install --assume-yes
--allow-downgrades -o Dpkg::Options::="--force-confdef" -o
Dpkg::Options::="--force-confold" ubuntu-aws-fips' [exit(100)]. Message: E:
Unable to locate package ubuntu-aws-fips
- Retrying 3 more times.
+ Retrying 3 more times.
DEBUG: Failed running command 'apt-get install --assume-yes
[Bug 1939449] Re: Ubuntu Pro UA fails to enable fips-updates on 20.04
** Description changed:
+ [Impact]
+
+ This bug impacts users on AWS, trying to enable FIPS/FIPS updates on
+ Focal images. There is a missing package, 'ubuntu-aws-fips', which
+ causes the installation to fail.
+
+ This package is missing because, although Focal has a FIPS certified
+ kernel, the AWS adapted kernel is not ready yet. There will be in the
+ future a cloud-optimized version of the FIPS kernel, and then users will
+ be able to install it.
+
+ Right now, UA will show a message saying that the kernel is not
+ available instead of showing an error. If the user really wants to
+ install FIPS, there is a feature override
+ ("allow_default_fips_metapackage_on_focal_cloud") which will install the
+ default kernel.
+
+
+ [Test Case]
+ To reproduce
+ - Spin an AWS instance using the Ubuntu 20.04 image.
+ - Attach a valid token
+ - Run `$ sudo ua enable fips` (or `fips-updates`)
+
+ To verify the fix:
+ 1. Update to ubuntu-advantage-tools 27.3, and run the same procedure. Verify
that a message is displayed saying that the kernel is not available for the
Focal release.
+ 2. Append the following to '/etc/ubuntu-advantage/uaclient.conf':
+ """
+ features:
+ allow_default_fips_metapackage_on_focal_cloud: true
+ """
+ and then run the command again. Verify that it installs a base FIPS kernel,
without the -aws prefix.
+
+ [Regression Potential]
+ This change needs to make sure that we indeed prevent the installation of the
non-existent package. If a corner case shows up, the user might end up with a
wrong kernel. This is unlikely because we are using cloud-init tools, present
in AWS, to detect the cloud instance and effective blocking the install. If
this detection fails, it means cloud-init has some problem and then, on AWS,
the instance will have more problems than this one.
+
+ We need to make sure to keep track of the certification progress for the
+ cloud adapted FIPS package, so we can enable it in the future, when it
+ becomes available.
+
+ [Original Description]
Using AWS AMI: ami-0193aa0a9df84a08b
Attempting to enable fips-updates with the ua command line tool fails
with error that apt "Unable to locate package ubuntu-aws-fips."
Canonical has told me directly 20.04 is now FIPS 140-2 Level 1
certified.
Output:
ubuntu@ip-xx-xx-xx-xx:~$ lsb_release -rd
- Description: Ubuntu 20.04.2 LTS
- Release: 20.04
+ Description: Ubuntu 20.04.2 LTS
+ Release: 20.04
ubuntu@ip-xx-xx-xx-xx:~$ ua version
27.2.2~20.04.1
ubuntu@ip-xx-xx-xx-xx:~$ sudo ua status --all
- SERVICE ENTITLED STATUSDESCRIPTION
- cc-ealyes n/a Common Criteria EAL2 Provisioning Packages
- cis yes disabled Center for Internet Security Audit Tools
- esm-apps yes disabled UA Apps: Extended Security Maintenance (ESM)
- esm-infra yes disabled UA Infra: Extended Security Maintenance
(ESM)
- fips yes disabled NIST-certified core packages
- fips-updates yes disabled NIST-certified core packages with priority
security updates
- livepatch yes disabled Canonical Livepatch service
+ SERVICE ENTITLED STATUS DESCRIPTION
+ cc-eal yes n/a Common Criteria EAL2 Provisioning Packages
+ cis yes disabled Center for Internet Security Audit Tools
+ esm-apps yes disabled UA Apps: Extended Security Maintenance (ESM)
+ esm-infra yes disabled UA Infra: Extended Security Maintenance (ESM)
+ fips yes disabled NIST-certified core packages
+ fips-updates yes disabled NIST-certified core packages with priority security
updates
+ livepatch yes disabled Canonical Livepatch service
Enable services with: ua enable
Account:
Subscription:
Valid until: -12-31 00:00:00+00:00
Technical support level: essential
ubuntu@ip-xx-xx-xx-xx:~$ sudo ua --debug enable fips-updates
DEBUG: Executed with sys.argv: ['/usr/bin/ua', '--debug', 'enable',
'fips-updates']
This will install the FIPS core packages and will include priority updates
with security fixes.
Are you sure? (y/N) y
DEBUG: Writing file:
/var/lib/ubuntu-advantage/private/machine-access-fips-updates
DEBUG: Writing file: /etc/apt/preferences.d/ubuntu-fips-updates
DEBUG: Ran cmd: apt-cache policy, rc: 0 stderr: b''
DEBUG: Writing file: /etc/apt/sources.list.d/ubuntu-fips-updates.list
DEBUG: Writing file: /etc/apt/auth.conf.d/90ubuntu-advantage
DEBUG: Exporting GPG key /usr/share/keyrings/ubuntu-advantage-fips.gpg
Updating package lists
DEBUG: Ran cmd: apt-get update, rc: 0 stderr: b''
DEBUG: Reading file: /var/lib/ubuntu-advantage/private/machine-token.json
Installing FIPS Updates packages
DEBUG: Failed running command 'apt-get install --assume-yes
--allow-downgrades -o Dpkg::Options::="--force-confdef" -o
Dpkg::Options::="--force-confold" ubuntu-aws-fips' [exit(100)]. Message: E:
Unable to locate package ubuntu-aws-fips
DEBUG: Failed running command
[Bug 1944676] Re: Ubuntu ESM not working in WSL
** Description changed:
- Description:Ubuntu 16.04.7 LTS
- Release:16.04
+ [Impact]
+ This bug impacts users which are running on environments where
'/usr/bin/cloud-id' is present, but returns any error (even for valid reasons,
like cloud-init being installed on the system, but disabled, for example). UA
client will raise this error while trying to use this tool to detect the cloud.
+
+ The solution to this problem is to rely only on cloud-id when trying to
determine the cloud type, and assuming not on cloud when the command is not
present or if it fails.
+
https://github.com/canonical/ubuntu-advantage-client/commit/f968c46a686a8128af1ead85a4b86b9a1a84643f
+ and
+
https://github.com/canonical/ubuntu-advantage-client/commit/f6fbcee792cf42cc67e3ced02815b7d552dee19f
+
+ [Test Case]
+ To reproduce:
+ With ubuntu-advantage-tools 27.2 installed, in an Ubuntu machine:
+
+ - Make sure the '/run/cloud-init/instance-data.json' does not exist, so
cloud-id fails:
+ `$ mv /run/cloud-init/instance-data.json
/run/cloud-init/instance-data.json.old`
+ - Run `$ sudo ua status`
+ - Verify that it fails
+
+ To verify the fix:
+ Repeat the above process using ubuntu-advantage tools 27.3, and verify that
the operation succeeds and the status is shown on screen.
+
+ [Regression Potential]
+ When running on a non-cloud system, this fix brings no impact, as we expect
cloud-id to be absent and we are not running on cloud.
+
+ When running on a specific cloud, this fix brings the scenario where we
+ should detect the cloud and are unable to, due to problems with cloud-id
+ itself. This is not a problem though: considering no-cloud when not in
+ aws/azure/gcp has no impact on UA at all, and those three providers have
+ images with cloud-id working properly.
+
+ [Original Description]
+ Description: Ubuntu 16.04.7 LTS
+ Release: 16.04
ubuntu-advantage-tools:
- Installiert: 27.2.2~16.04.1
+ Installiert: 27.2.2~16.04.1
Installationskandidat: 27.2.2~16.04.1
Versionstabelle:
*** 27.2.2~16.04.1 500
500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64
Packages
100 /var/lib/dpkg/status
sudo ua status
Unexpected error(s) occurred.
For more details, see the log: /var/log/ubuntu-advantage.log
To file a bug run: ubuntu-bug ubuntu-advantage-tools
2021-09-23 07:55:53,550 - cli.py:(1297) [ERROR]: Unhandled exception, please
file a bug
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 1256, in wrapper
return func(*args, **kwargs)
File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 1342, in main
return args.action(args, cfg)
File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 1120, in
action_status
status = cfg.status(show_beta=show_beta)
File "/usr/lib/python3/dist-packages/uaclient/config.py", line 681, in
status
response = self._attached_status()
File "/usr/lib/python3/dist-packages/uaclient/config.py", line 654, in
_attached_status
self._attached_service_status(ent, inapplicable_resources)
File "/usr/lib/python3/dist-packages/uaclient/config.py", line 589, in
_attached_service_status
ent_status, details = ent.user_facing_status()
File "/usr/lib/python3/dist-packages/uaclient/entitlements/base.py", line
589, in user_facing_status
applicability, details = self.applicability_status()
File "/usr/lib/python3/dist-packages/uaclient/entitlements/base.py", line
379, in applicability_status
for error_message, functor, expected_result in self.static_affordances:
File "/usr/lib/python3/dist-packages/uaclient/entitlements/fips.py", line
331, in static_affordances
static_affordances = super().static_affordances
File "/usr/lib/python3/dist-packages/uaclient/entitlements/fips.py", line
176, in static_affordances
cloud_id = get_cloud_type() or ""
File "/usr/lib/python3/dist-packages/uaclient/config.py", line 940, in new_f
return f()
File "/usr/lib/python3/dist-packages/uaclient/clouds/identity.py", line 65,
in get_cloud_type
out, _err = util.subp(["cloud-id"])
File "/usr/lib/python3/dist-packages/uaclient/util.py", line 638, in subp
out, err = _subp(args, rcs, capture, timeout, env=env)
File "/usr/lib/python3/dist-packages/uaclient/util.py", line 595, in _subp
stderr=err.decode("utf-8"),
uaclient.util.ProcessExecutionError: Failed running command 'cloud-id'
[exit(1)]. Message: ERROR: File not found '/run/cloud-init/instance-data.json'.
Provide a path to instance data json file using --instance-data
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: ubuntu-advantage-tools 27.2.2~16.04.1
ProcVersionSignature: Microsoft 4.4.0-19041.1237-Microsoft 4.4.35
Uname: Linux 4.4.0-19041-Microsoft x86_64
ApportVersion: 2.20.1-0ubuntu2.30
Architecture: amd64
Date: Thu Sep 23 07:56:47 2021
ProcEnviron:
TERM=xterm-256color
[Bug 1942929] Re: [SRU] ubuntu-advantage-tools (27.2.2 -> 27.3) Xenial, Bionic, Focal, Hirsute
** Description changed: [Impact] This release sports both bug-fixes and new features and we would like to make sure all of our supported customers have access to these improvements. The notable ones are: - * more robust error handling when determining the cloud we're on LP: #1940131 LP: #1938207 + * more robust error handling when determining the cloud we're on LP: #1940131 LP: #1938207 LP: #1944676 * disallows fips on focal aws/azure LP: #1939449 LP: #1939932 * adds/changes to ua-related recurring jobs: - change in frequency to existing job: updates the apt and motd esm update messaging: every 6 hours - new job: updates the contract details and status: every 12 hours - new job: ONLY ON GCP (implemented as separate timer that is only activated on GCP LTS when not attached): checks for license changes and auto-attaches if a pro license was added: every 5 minutes * adds support for ros/ros-updates entitlements with --beta flag This also lays the foundations for metering pro subscriptions. However, this feature is disabled in this release. See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. [Regression Potential] In order to mitigate the regression potential, the results of the aforementioned integration tests are attached to this bug. We moved the trigger of the apt and motd messaging updates from a dedicated systemd timer to a shared timer that conditionally calls the messaging updates in our python code. This adds complexity. If we made a mistake, then either the job won't get called frequently enough or will get called too frequently. If the former, then some esm updates related messaging will be out of date in apt and motd. If the latter, then cpu cycles will be wasted in needlessly updating messages. We touched postinst to handle cloud-id failures more robustly. Touching postinst is always scary because it is the most likely way for us to break upgrades. In theory this change made upgrades less likely to fail, but if we made a mistake, it could cause new unexpected failures. We added more recurring jobs in the service of new features. This increases complexity and potential for mistakes. In particular, we have strived to avoid excessive logging from these jobs. If we made a mistake in our logging, we could inadvertently fill up disks with useless logs. Additional recurring jobs will also use more cpu over time than previous versions. This is at least partially addressed below. We instrumented a high frequency timer to only run on GCP, but if we made a mistake, this could be accidentally activated on non-GCP machines, which would be a waste. (See below for additional high frequency timer discussion). [Discussion] Our timer on GCP runs every 5 minutes. This is necessary to support timely upgrades of gcp instances from standard ubuntu to ubuntu pro. We need to poll the metadata endpoint frequently to catch the license change in a timely manner. We exit as early as possible if there is nothing to be done for any given timer trigger. From our testing, this has minimal overall system performance impact. [Changelog] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1942929 Title: [SRU] ubuntu-advantage-tools (27.2.2 -> 27.3) Xenial, Bionic, Focal, Hirsute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1942929/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1944700] Re: package ubuntu-advantage-tools 27.2.2~16.04.1 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück
Hello, thank you for reporting this bug. For better understanding of what is happening, could you please send us: - The content of '/var/log/ubuntu-advantage.log' after the update - The output of `ua status` so we can check on what is happening there? ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1944700 Title: package ubuntu-advantage-tools 27.2.2~16.04.1 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1944700/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1944676] Re: Ubuntu ESM not working in WSL
Hello, thanks for reporting this bug. This is a known issue, which was fixed for version 27.3. We are in process of releasing this version, so you can expect it to be available in a couple weeks. ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1944676 Title: Ubuntu ESM not working in WSL To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1944676/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1940131] Re: sudo ua attach is not working
** Description changed: + [Impact] + This bug impacts users which: + - Do not have the '/usr/bin/cloud-id' command in their system, + - Do have the '/var/lib/cloud/data/result.json' file in their system, and + - Have a non-standart (by cloud-init definitions) content in the '/var/lib/cloud/data/result.json' file. + + This is an unusual situation, given that the presence of the + 'result.json' file with the absence of the 'cloud-id' command is + observed on official Trusty images, but from Xenial onwards 'cloud-id' + should be there. Even in the case where the command is not there, the + file generated by cloud-init will have the required information. + + Since we are doing the SRU process for Xenial onwards, the solution for those problems is to rely only on cloud-id when trying to determine the cloud type, and assuming not on cloud when the command is not present or if it fails. + https://github.com/canonical/ubuntu-advantage-client/commit/f6fbcee792cf42cc67e3ced02815b7d552dee19f + + [Test Case] + To reproduce: + With ubuntu-advantage-tools 27.2 installed, in an Ubuntu machine: + - Make sure cloud-id is not there: + $ sudo mv /usr/bin/cloud-id /usr/bin/cloud-id.old + - Make sure to have the result.json file with non-standart (empty, for instance) content: + $ sudo mv /var/lib/cloud/data/result.json /var/lib/cloud/data/result.json.old (if the file exists) + $ sudo touch /var/lib/cloud/data/result.json + - Try to attach a token using "ua attach" + - Verify that it fails + + To verify the fix: + Repeat the above process using ubuntu-advantage tools 27.3, and verify that the attach operation succeeds. + + + [Regression Potential] + When running on a non-cloud system, this fix brings no impact, as we expect cloud-id to be absent and we are not running on cloud. + + When running on a specific cloud, this fix brings the scenario where we + should detect the cloud and are unable to, due to problems with cloud- + init. This is minor though, given that if cloud-init didn't run + properly, the instance has more problems than this one. Besides that, + considering no-cloud when not in aws/azure/gcp has no impact on UA at + all, and those three providers have images with cloud-id working + properly. + + No official Ubuntu image should be affected by this change. + + + [Discussion] + As stated above, this is an unusual situation, which led to an improvement to the cloud detection in UA. + + + [Original Description] sudo ua status Unexpected error(s) occurred. For more details, see the log: /var/log/ubuntu-advantage.log To file a bug run: ubuntu-bug ubuntu-advantage-tools ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: ubuntu-advantage-tools 27.2.2~18.04.1 ProcVersionSignature: Ubuntu 4.15.0-153.160-generic 4.15.18 Uname: Linux 4.15.0-153-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.24 Architecture: amd64 Date: Mon Aug 16 19:14:53 2021 InstallationDate: Installed on 2019-08-12 (735 days ago) InstallationMedia: - + SourcePackage: ubuntu-advantage-tools UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940131 Title: sudo ua attach is not working To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1940131/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1936833] Re: postinst fails when cloud-init is installed but never ran
Tested for Xenial, Bionic, Focal and Hirsute, using the attached script. All packages could be installed despite the cloud-id error. ** Attachment added: "testproposed.sh" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1936833/+attachment/5514125/+files/testproposed.sh -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1936833 Title: postinst fails when cloud-init is installed but never ran To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1936833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1936833] Re: postinst fails when cloud-init is installed but never ran
Execution results for the script from previous comment can be seen attached here. ** Attachment added: "results" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1936833/+attachment/5514126/+files/results -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1936833 Title: postinst fails when cloud-init is installed but never ran To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1936833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1936833] Re: postinst fails when cloud-init is installed but never ran
** Description changed: + [Impact] + + Users are not able to install or upgrade ubuntu-advantage-tools in + situations where cloud-init is installed in the system, but did not run + - either because of some error, or it was disabled, or it did not + finished executing yet. + + When cloud-init runs, instance-data.json will be available and cloud-id + does not fail. The fix checks for the existence of this file, and does + not run the script if the file is not present. + + Backporting the fix will enable users to install or upgrade ubuntu- + advantage tools without problems. + + [Test Plan] + + The bug can be reproduced by running: + "schroot -c impish-amd64 -u root -d /", + and then within the chroot, running: + "apt-get update && apt-get install -y ubuntu-advantage-tools cloud-init". + + Running the above using the patched version of ubuntu-advantage-tools + should succeed without any errors. + + [Where problems could occur] + + The fix itself just skips a call that adds a warning notice to ua. + + If the user is running on a cloud and has some kind of error in cloud- + init, the user may miss a warning about having the wrong metapackages + for the cloud. However, in the case where cloud-init did not run because + of some error, the instance has a problem anyway. + + If it happens that cloud init did not run yet - as if this happens at + image creation time - then cloud-init will be later executed, and the + cloud-id checked in the code so those wrong metapackages are not + installed. + + + [Original Description] + This happens when upgrading to Ubuntu 21.10. This is the full error: Setting up ubuntu-advantage-tools (27.2.1~21.10.1) ... ERROR: File not found '/run/cloud-init/instance-data.json'. Provide a path to instance data json file using --instance-data dpkg: error processing package ubuntu-advantage-tools (--configure): installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 1dpkg: dependency problems prevent configuration of ubuntu-minimal: ubuntu-minimal depends on ubuntu-advantage-tools; however: Package ubuntu-advantage-tools is not configured yet. ProblemType: Package DistroRelease: Ubuntu 21.10 Package: ubuntu-advantage-tools 27.2.1~21.10.1 Uname: Linux 5.4.72-microsoft-standard-WSL2 x86_64 ApportVersion: 2.20.11-0ubuntu67 Architecture: amd64 CasperMD5CheckResult: unknown Date: Mon Jul 19 14:32:11 2021 DuplicateSignature: package:ubuntu-advantage-tools:27.2.1~21.10.1 Installing new version of config file /etc/ubuntu-advantage/uaclient.conf ... ERROR: File not found '/run/cloud-init/instance-data.json'. Provide a path to instance data json file using --instance-data dpkg: error processing package ubuntu-advantage-tools (--configure): installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 1 ErrorMessage: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 1 Python3Details: /usr/bin/python3.9, Python 3.9.6, python3-minimal, 3.9.4-1 PythonDetails: N/A RebootRequiredPkgs: libc6 RelatedPackageVersions: dpkg 1.20.9ubuntu2 apt 2.3.6 SourcePackage: ubuntu-advantage-tools Title: package ubuntu-advantage-tools 27.2.1~21.10.1 failed to install/upgrade: installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 1 UpgradeStatus: Upgraded to impish on 2021-07-19 (0 days ago) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1936833 Title: postinst fails when cloud-init is installed but never ran To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1936833/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
