[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
This bug was fixed in the package unattended-upgrades - 0.90ubuntu0.6 --- unattended-upgrades (0.90ubuntu0.6) xenial; urgency=medium * Add UbuntuESM to the list of sources automatically upgraded from by default. LP: #1687129. -- Steve LangasekTue, 02 May 2017 21:41:25 -0400 ** Changed in: unattended-upgrades (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Fix Released Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Released Status in unattended-upgrades source package in Xenial: Fix Released Status in unattended-upgrades source package in Yakkety: Fix Released Status in unattended-upgrades source package in Zesty: Fix Released Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
This bug was fixed in the package unattended-upgrades - 0.92ubuntu1.5 --- unattended-upgrades (0.92ubuntu1.5) yakkety; urgency=medium * Add UbuntuESM to the list of sources automatically upgraded from by default. LP: #1687129. -- Steve LangasekTue, 02 May 2017 21:43:24 -0400 ** Changed in: unattended-upgrades (Ubuntu Yakkety) Status: Fix Committed => Fix Released ** Changed in: unattended-upgrades (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Fix Released Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Released Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Released Status in unattended-upgrades source package in Zesty: Fix Released Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
This bug was fixed in the package unattended-upgrades - 0.93.1ubuntu2.2 --- unattended-upgrades (0.93.1ubuntu2.2) zesty; urgency=medium * Add UbuntuESM to the list of sources automatically upgraded from by default. LP: #1687129. -- Steve LangasekTue, 02 May 2017 21:44:58 -0400 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Fix Released Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Released Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Released Status in unattended-upgrades source package in Zesty: Fix Released Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
This bug was fixed in the package unattended-upgrades - 0.82.1ubuntu2.5 --- unattended-upgrades (0.82.1ubuntu2.5) trusty; urgency=medium * Add UbuntuESM to the list of sources automatically upgraded from by default. LP: #1687129. -- Steve LangasekTue, 02 May 2017 15:55:13 -0400 ** Changed in: unattended-upgrades (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Fix Released Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Released Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Committed Status in unattended-upgrades source package in Zesty: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
This bug was fixed in the package unattended-upgrades - 0.93.1ubuntu4 --- unattended-upgrades (0.93.1ubuntu4) artful; urgency=medium * Add UbuntuESM to the list of sources automatically upgraded from by default. LP: #1687129. -- Steve LangasekThu, 11 May 2017 18:08:55 -0700 ** Changed in: unattended-upgrades (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Fix Released Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Committed Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Committed Status in unattended-upgrades source package in Zesty: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
zesty, output before: $ sudo unattended-upgrades --debug --dry-run Initial blacklisted packages: Initial whitelisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=zesty', 'o=Ubuntu,a=zesty-security'] adjusting candidate version: 'linux-libc-dev=4.10.0-19.21' adjusting candidate version: 'unattended-upgrades=0.93.1ubuntu2' pkgs that look like they should be upgraded: Fetched 0 B in 0s (0 B/s) fetch.run() result: 0 blacklist: [] whitelist: [] No packages found that can be upgraded unattended and no pending auto-removals $ after: $ sudo unattended-upgrades --debug --dry-run Initial blacklisted packages: Initial whitelisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=zesty', 'o=Ubuntu,a=zesty-security', 'o=UbuntuESM,a=zesty'] adjusting candidate version: 'libgssapi-krb5-2=1.15-1' adjusting candidate version: 'libk5crypto3=1.15-1' adjusting candidate version: 'libkrb5-3=1.15-1' adjusting candidate version: 'libkrb5support0=1.15-1' adjusting candidate version: 'libssl1.0.0=1.0.2g-1ubuntu11' adjusting candidate version: 'linux-libc-dev=4.10.0-19.21' adjusting candidate version: 'openssl=1.0.2g-1ubuntu11' Checking: unattended-upgrades ([]) pkgs that look like they should be upgraded: unattended-upgrades Err https://esm.ubuntu.com/ubuntu precise/main amd64 unattended-upgrades all 0.93.1ubuntu2.3 404 Not Found Fetched 0 B in 0s (0 B/s) fetch.run() result: 0 [...] $ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Fix Committed Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Committed Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Committed Status in unattended-upgrades source package in Zesty: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
Yakkety output, before: $ sudo unattended-upgrades --debug --dry-run Initial blacklisted packages: Initial whitelisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=yakkety', 'o=Ubuntu,a=yakkety-security'] adjusting candidate version: 'unattended-upgrades=0.92ubuntu1' pkgs that look like they should be upgraded: Fetched 0 B in 0s (0 B/s) fetch.run() result: 0 blacklist: [] whitelist: [] No packages found that can be upgraded unattended and no pending auto-removals $ after: $ sudo unattended-upgrades --debug --dry-run Initial blacklisted packages: Initial whitelisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=yakkety', 'o=Ubuntu,a=yakkety-security', 'o=UbuntuESM,a=yakkety'] adjusting candidate version: 'binutils=2.27-8ubuntu2' adjusting candidate version: 'binutils-arm-linux-gnueabihf=2.27-8ubuntu2' adjusting candidate version: 'iproute2=4.3.0-1ubuntu3' adjusting candidate version: 'less=481-2.1ubuntu1' adjusting candidate version: 'libssl1.0.0=1.0.2g-1ubuntu9' adjusting candidate version: 'linux-libc-dev=4.8.0-22.24' adjusting candidate version: 'openssl=1.0.2g-1ubuntu9' adjusting candidate version: 'sudo=1.8.16-0ubuntu3' Checking: unattended-upgrades ([]) pkgs that look like they should be upgraded: unattended-upgrades Err https://esm.ubuntu.com/ubuntu precise/main amd64 unattended-upgrades all 0.92ubuntu1.6 404 Not Found [...] $ -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Fix Committed Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Committed Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Committed Status in unattended-upgrades source package in Zesty: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
zesty, output before: $ sudo unattended-upgrades --debug --dry-run Initial blacklisted packages: Initial whitelisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=zesty', 'o=Ubuntu,a=zesty-security'] adjusting candidate version: 'linux-libc-dev=4.10.0-19.21' adjusting candidate version: 'unattended-upgrades=0.93.1ubuntu2' pkgs that look like they should be upgraded: Fetched 0 B in 0s (0 B/s) fetch.run() result: 0 blacklist: [] whitelist: [] No packages found that can be upgraded unattended and no pending auto-removals $ after: $ sudo unattended-upgrades --debug --dry-run Initial blacklisted packages: Initial whitelisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=zesty', 'o=Ubuntu,a=zesty-security', 'o=UbuntuESM,a=zesty'] adjusting candidate version: 'libgssapi-krb5-2=1.15-1' adjusting candidate version: 'libk5crypto3=1.15-1' adjusting candidate version: 'libkrb5-3=1.15-1' adjusting candidate version: 'libkrb5support0=1.15-1' adjusting candidate version: 'libssl1.0.0=1.0.2g-1ubuntu11' adjusting candidate version: 'linux-libc-dev=4.10.0-19.21' adjusting candidate version: 'openssl=1.0.2g-1ubuntu11' Checking: unattended-upgrades ([]) pkgs that look like they should be upgraded: unattended-upgrades Err https://esm.ubuntu.com/ubuntu precise/main amd64 unattended-upgrades all 0.93.1ubuntu2.3 404 Not Found Fetched 0 B in 0s (0 B/s) fetch.run() result: 0 https://ubuntu-esm-testing:saiz0oopietah...@esm.ubuntu.com/ubuntu/pool/main/u/unattended-upgrades/unattended-upgrades_0.93.1ubuntu2.3_all.deb' ID:0 ErrorText: '404 Not Found'> An error occurred: '404 Not Found' An error occurred: '404 Not Found' The URI 'https://ubuntu-esm-testing:saiz0oopietah...@esm.ubuntu.com/ubuntu/pool/main/u/unattended-upgrades/unattended-upgrades_0.93.1ubuntu2.3_all.deb' failed to download, aborting The URI 'https://ubuntu-esm-testing:saiz0oopietah...@esm.ubuntu.com/ubuntu/pool/main/u/unattended-upgrades/unattended-upgrades_0.93.1ubuntu2.3_all.deb' failed to download, aborting $ ** Tags added: verification-done-zesty ** Changed in: unattended-upgrades (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Fix Committed Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Committed Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Committed Status in unattended-upgrades source package in Zesty: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to:
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
Yakkety output, before: $ sudo unattended-upgrades --debug --dry-run Initial blacklisted packages: Initial whitelisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=yakkety', 'o=Ubuntu,a=yakkety-security'] adjusting candidate version: 'unattended-upgrades=0.92ubuntu1' pkgs that look like they should be upgraded: Fetched 0 B in 0s (0 B/s) fetch.run() result: 0 blacklist: [] whitelist: [] No packages found that can be upgraded unattended and no pending auto-removals $ after: $ sudo unattended-upgrades --debug --dry-run Initial blacklisted packages: Initial whitelisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=yakkety', 'o=Ubuntu,a=yakkety-security', 'o=UbuntuESM,a=yakkety'] adjusting candidate version: 'binutils=2.27-8ubuntu2' adjusting candidate version: 'binutils-arm-linux-gnueabihf=2.27-8ubuntu2' adjusting candidate version: 'iproute2=4.3.0-1ubuntu3' adjusting candidate version: 'less=481-2.1ubuntu1' adjusting candidate version: 'libssl1.0.0=1.0.2g-1ubuntu9' adjusting candidate version: 'linux-libc-dev=4.8.0-22.24' adjusting candidate version: 'openssl=1.0.2g-1ubuntu9' adjusting candidate version: 'sudo=1.8.16-0ubuntu3' Checking: unattended-upgrades ([]) pkgs that look like they should be upgraded: unattended-upgrades Err https://esm.ubuntu.com/ubuntu precise/main amd64 unattended-upgrades all 0.92ubuntu1.6 404 Not Found Fetched 0 B in 0s (0 B/s) fetch.run() result: 0 https://ubuntu-esm-testing:saiz0oopietah...@esm.ubuntu.com/ubuntu/pool/main/u/unattended-upgrades/unattended-upgrades_0.92ubuntu1.6_all.deb' ID:0 ErrorText: '404 Not Found'> An error occurred: '404 Not Found' An error occurred: '404 Not Found' The URI 'https://ubuntu-esm-testing:saiz0oopietah...@esm.ubuntu.com/ubuntu/pool/main/u/unattended-upgrades/unattended-upgrades_0.92ubuntu1.6_all.deb' failed to download, aborting The URI 'https://ubuntu-esm-testing:saiz0oopietah...@esm.ubuntu.com/ubuntu/pool/main/u/unattended-upgrades/unattended-upgrades_0.92ubuntu1.6_all.deb' failed to download, aborting $ ** Tags added: verification-done-yakkety -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Committed Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Committed Status in unattended-upgrades source package in Zesty: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
Output on xenial was much more straightforward: Allowed origins are: ['o=Ubuntu,a=xenial', 'o=Ubuntu,a=xenial-security', 'o=UbuntuESM,a=xenial'] [...] Checking: unattended-upgrades ([]) pkgs that look like they should be upgraded: unattended-upgrades Err https://esm.ubuntu.com/ubuntu precise/main amd64 unattended-upgrades all 0.90ubuntu0.7 404 Not Found -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Committed Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Committed Status in unattended-upgrades source package in Zesty: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
On trusty, with the faked-up test case I see output such as the following: Checking: unattended-upgrades ([]) [...] matching 'o'='UbuntuESM' against '' matching 'a'='trusty' against '' pkg 'unattended-upgrades' is untrusted sanity check failed So while unattended-upgrades still doesn't install the package, that's because u-u is too clever for my test case. It is clear that it is considering this package differently than it does for linux-libc-dev in -proposed, which reports: Checking: linux-libc-dev ([]) matching 'o'='Ubuntu' against '' matching 'a'='trusty-security' against '' matching 'o'='UbuntuESM' against '' matching 'a'='trusty' against '' so I'm considering this verification-done for trusty anyway. ** Tags added: verification-done-trusty -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Committed Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Committed Status in unattended-upgrades source package in Zesty: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
** Description changed: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number - 5. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. - 6. install unattended-upgrades from -proposed. - 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number - 8. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. + 5. Run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' + 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. + 7. install unattended-upgrades from -proposed. + 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number + 9. Again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' + 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. ** Description changed: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number - 5. Run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' + 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number - 9. Again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' + 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Released Status in
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
'apt -o Debug::Acquire::https=1 update' reveals that the problem is due to missing ssl certificates. Updated the test case to suit, and moving forward. ** Description changed: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] - 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' + 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 6. install unattended-upgrades from -proposed. 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 8. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Committed Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Committed Status in unattended-upgrades source package in Zesty: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
Behavior on xenial is even worse: Ign:5 https://esm.ubuntu.com/ubuntu precise InRelease Err:6 https://esm.ubuntu.com/ubuntu precise Release [...] E: The repository 'https://esm.ubuntu.com/ubuntu precise Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Committed Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Committed Status in unattended-upgrades source package in Zesty: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 6. install unattended-upgrades from -proposed. 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 8. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
I'm having difficulty verifying this SRU for later releases, because even though I'm pointing at the precise release (which is published on esm.ubuntu.com), and I have valid credentials for the site, I get: Ign https://esm.ubuntu.com precise InRelease [...] Ign https://esm.ubuntu.com precise Release.gpg [...] Ign https://esm.ubuntu.com precise Release [...] Err https://esm.ubuntu.com precise/main amd64 Packages [...] W: Failed to fetch https://esm.ubuntu.com/ubuntu/dists/precise/main/binary-amd64/Packages It's possible this is due to an apt behavior change in 14.04 and later, and the fact that the esm Packages files are currently zero bytes in length. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Committed Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Committed Status in unattended-upgrades source package in Zesty: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 6. install unattended-upgrades from -proposed. 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 8. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
Hello Adam, or anyone else affected, Accepted unattended-upgrades into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source /unattended-upgrades/0.90ubuntu0.6 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: unattended-upgrades (Ubuntu Xenial) Status: New => Fix Committed ** Changed in: unattended-upgrades (Ubuntu Yakkety) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Committed Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Committed Status in unattended-upgrades source package in Zesty: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 6. install unattended-upgrades from -proposed. 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 8. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
Hello Adam, or anyone else affected, Accepted unattended-upgrades into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source /unattended-upgrades/0.82.1ubuntu2.5 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: unattended-upgrades (Ubuntu Trusty) Status: New => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Released Status in unattended-upgrades source package in Trusty: Fix Committed Status in unattended-upgrades source package in Xenial: Fix Committed Status in unattended-upgrades source package in Yakkety: Fix Committed Status in unattended-upgrades source package in Zesty: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 6. install unattended-upgrades from -proposed. 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 8. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
This bug was fixed in the package unattended-upgrades - 0.76ubuntu1.3 --- unattended-upgrades (0.76ubuntu1.3) precise; urgency=medium * Add UbuntuESM to the list of sources automatically upgraded from by default. LP: #1687129. -- Steve LangasekTue, 02 May 2017 15:45:12 -0400 ** Changed in: unattended-upgrades (Ubuntu Precise) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Released Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 6. install unattended-upgrades from -proposed. 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 8. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
Output now that the publication change is live on esm.u.c: $ sudo unattended-upgrades --debug --dry-run Initial blacklisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=precise-security', 'o=UbuntuESM,a=precise'] Checking: unattended-upgrades ([""]) pkgs that look like they should be upgraded: unattended-upgrades Get:1 https://esm.ubuntu.com/ubuntu/ precise/main unattended-upgrades all 0.76ubuntu1.4 [24.8 kB] Err https://esm.ubuntu.com/ubuntu/ precise/main unattended-upgrades all 0.76ubuntu1.4 Fetched 0 B in 0s (0 B/s) $ This looks like what we want. ** Tags removed: verification-needed ** Tags added: verification-done-precise -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 6. install unattended-upgrades from -proposed. 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 8. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
The publication changes are now live on esm.ubuntu.com: 500 https://esm.ubuntu.com/ubuntu/ precise/main i386 Packages release v=12.04,o=UbuntuESM,a=precise,n=precise,l=UbuntuESM,c=main origin esm.ubuntu.com -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 6. install unattended-upgrades from -proposed. 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 8. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
My output with precise-updates: $ sudo unattended-upgrades --debug --dry-run Initial blacklisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=precise-security'] Checking: unattended-upgrades ([""]) pkgs that look like they should be upgraded: Fetched 0 B in 0s (0 B/s) blacklist: [] InstCount=0 DelCount=0 BrokenCout=0 No packages found that can be upgraded unattended and no pending auto-removals $ My output with precise-proposed: $ sudo unattended-upgrades --debug --dry-runInitial blacklisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=precise-security', 'o=UbuntuESM,a=precise'] Checking: unattended-upgrades ([""]) pkgs that look like they should be upgraded: Fetched 0 B in 0s (0 B/s) blacklist: [] InstCount=0 DelCount=0 BrokenCout=0 No packages found that can be upgraded unattended and no pending auto-removals $ So it's not being installed. It doesn't look like the publication changes are live on esm.u.c. ** Description changed: - [Impact] - ESM users relying on unattended upgrades. + [SRU Justification] + When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. - [Test cases] - This requires a system installed with Ubuntu 12.04 and Ubuntu Advantage credentials. + [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 - 1) install ubuntu-advantage-tools and unattended upgrades - 2) run 'sudo ubuntu-advantage enable-esm'; supply credentials for Ubuntu Advantage - 3) run 'sudo apt-get update' - 4) fake up the contents of /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages to list a newer version of unattended-upgrades - 5) run 'sudo unattended-upgrades --debug --apt-debug' + Since the ESM archive contains packages updated by the Ubuntu Security + team, we should ensure the behavior of unattended-upgrades applies the + same default policy to both. + + [Test case] + 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' + 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive + 3. run 'sudo apt-get update' + 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number + 5. run 'sudo unattended-upgrades --debug --apt-debug' and verify that no unattended-upgrades package is installed. + 6. install unattended-upgrades from -proposed. + 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number + 8. run 'sudo unattended-upgrades --debug --aptdebug' and verify that it tries to install a new unattended-upgrades package (though this will fail). [Regression potential] - --- - - When the dust has settled on the ESM archive Release file format[1], - unattended-upgrades needs to be tweaked to match. - - [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 ** Description changed: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number - 5. run 'sudo unattended-upgrades --debug --apt-debug' and verify that no unattended-upgrades package is installed. + 5. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 6. install unattended-upgrades from -proposed. 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number - 8. run 'sudo unattended-upgrades --debug --aptdebug' and verify that it tries to install a new unattended-upgrades package (though this will fail). + 8. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] - - --- + Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
Here is a run with the updated unattended-upgrades package against the staging version of the ESM service which is using the requested changes to the Release file. It recognises the sample landscape-common update that is there: root@precise-esm:~# unattended-upgrades --dry-run -d 2>&1 Initial blacklisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=precise-security', 'o=UbuntuESM,a=precise'] Checking: landscape-common ([""]) pkgs that look like they should be upgraded: landscape-common Fetched 0 B in 0s (0 B/s) https://user:p...@extended.security.staging.ubuntu.com/ubuntu/pool/main/l/landscape-client/landscape-common_14.12-0ubuntu5.12.04_amd64.deb' ID:0 ErrorText: ''> check_conffile_prompt('/var/cache/apt/archives/landscape-common_14.12-0ubuntu5.12.04_amd64.deb') found pkg: landscape-common blacklist: [] InstCount=1 DelCount=0 BrokenCout=0 Option --dry-run given, *not* performing real actions Packages that are upgraded: landscape-common Writing dpkg log to '/var/log/unattended-upgrades/unattended-upgrades-dpkg_2017-05-03_16:49:57.997981.log' Preconfiguring packages ... /usr/bin/dpkg --status-fd 6 --unpack --auto-deconfigure /var/cache/apt/archives/landscape-common_14.12-0ubuntu5.12.04_amd64.deb /usr/bin/dpkg --status-fd 8 --configure landscape-common:amd64 All upgrades installed InstCount=1 DelCount=0 BrokenCount=0 root@precise-esm:~# apt-cache policy unattended-upgrades unattended-upgrades: Installed: 0.76ubuntu1.3 Candidate: 0.76ubuntu1.3 Version table: *** 0.76ubuntu1.3 0 500 http://br.archive.ubuntu.com/ubuntu/ precise-proposed/main amd64 Packages With the previous version of unattended-upgrades (0.76ubuntu1.2), the ESM staging archive isn't recognized: root@precise-esm:~# unattended-upgrades --dry-run -d 2>&1 Initial blacklisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=precise-security'] adjusting candidate version: '' Checking: landscape-common ([""]) pkgs that look like they should be upgraded: Fetched 0 B in 0s (0 B/s) blacklist: [] InstCount=0 DelCount=0 BrokenCout=0 No packages found that can be upgraded unattended and no pending auto-removals -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Committed Bug description: [Impact] ESM users relying on unattended upgrades. [Test cases] This requires a system installed with Ubuntu 12.04 and Ubuntu Advantage credentials. 1) install ubuntu-advantage-tools and unattended upgrades 2) run 'sudo ubuntu-advantage enable-esm'; supply credentials for Ubuntu Advantage 3) run 'sudo apt-get update' 4) fake up the contents of /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages to list a newer version of unattended-upgrades 5) run 'sudo unattended-upgrades --debug --apt-debug' [Regression potential] --- When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
** Description changed: - [SRU Justification] - When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. + [Impact] + ESM users relying on unattended upgrades. + + [Test cases] + This requires a system installed with Ubuntu 12.04 and Ubuntu Advantage credentials. + + 1) install ubuntu-advantage-tools and unattended upgrades + 2) run 'sudo ubuntu-advantage enable-esm'; supply credentials for Ubuntu Advantage + 3) run 'sudo apt-get update' + 4) fake up the contents of /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages to list a newer version of unattended-upgrades + 5) run 'sudo unattended-upgrades --debug --apt-debug' + + [Regression potential] + + + --- + + When the dust has settled on the ESM archive Release file format[1], + unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 - - Since the ESM archive contains packages updated by the Ubuntu Security - team, we should ensure the behavior of unattended-upgrades applies the - same default policy to both. - - [Test case] - 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' - 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds enable the ESM archive - 3. run 'sudo apt-get update' - 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number - 5. ?? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Committed Bug description: [Impact] ESM users relying on unattended upgrades. [Test cases] This requires a system installed with Ubuntu 12.04 and Ubuntu Advantage credentials. 1) install ubuntu-advantage-tools and unattended upgrades 2) run 'sudo ubuntu-advantage enable-esm'; supply credentials for Ubuntu Advantage 3) run 'sudo apt-get update' 4) fake up the contents of /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages to list a newer version of unattended-upgrades 5) run 'sudo unattended-upgrades --debug --apt-debug' [Regression potential] --- When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
I think unattended-upgrade with -v and --dry-run will be helpful for testing this. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. ?? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
** Description changed: - When the dust has settled on the ESM archive Release file format[1], - unattended-upgrades needs to be tweaked to match. + [SRU Justification] + When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 + + Since the ESM archive contains packages updated by the Ubuntu Security + team, we should ensure the behavior of unattended-upgrades applies the + same default policy to both. + + [Test case] + 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' + 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds enable the ESM archive + 3. run 'sudo apt-get update' + 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number + 5. ?? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Committed Bug description: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' 2. run 'sudo ubuntu-advantage enable-esm ' with your private creds enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number 5. ?? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: unattended-upgrades (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: Confirmed Status in unattended-upgrades source package in Precise: Fix Committed Bug description: When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
Hello Adam, or anyone else affected, Accepted unattended-upgrades into precise-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source /unattended-upgrades/0.76ubuntu1.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: unattended-upgrades (Ubuntu Precise) Status: Triaged => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: New Status in unattended-upgrades source package in Precise: Fix Committed Bug description: When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
This is the format we have now (in the staging esm service, soon to be deployed to production) 500 https://extended.security.staging.ubuntu.com/ubuntu/ precise/main i386 Packages release v=12.04,o=UbuntuESM,a=precise,n=precise,l=UbuntuESM,c=main origin extended.security.staging.ubuntu.com Here is a "normal" precise repo, for comparison: 500 http://br.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages release v=12.04,o=Ubuntu,a=precise,n=precise,l=Ubuntu,c=main origin br.archive.ubuntu.com -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: New Status in unattended-upgrades source package in Precise: Fix Committed Bug description: When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1687129] Re: Needs to allow updates from the ESM archive
** Also affects: unattended-upgrades (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: unattended-upgrades (Ubuntu Precise) Status: New => Triaged ** Changed in: unattended-upgrades (Ubuntu Precise) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive Status in unattended-upgrades package in Ubuntu: New Status in unattended-upgrades source package in Precise: Triaged Bug description: When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp