** Description changed: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm <creds>' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number - 5. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. - 6. install unattended-upgrades from -proposed. - 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number - 8. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. + 5. Run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' + 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. + 7. install unattended-upgrades from -proposed. + 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number + 9. Again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' + 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases.
** Description changed: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates' 2. run 'sudo ubuntu-advantage enable-esm <creds>' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number - 5. Run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' + 5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 7. install unattended-upgrades from -proposed. 8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number - 9. Again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' + 9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease' 10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
