[Bug 1825239] Re: Enable support for trusty ESM

Thu, 18 Apr 2019 12:01:34 -0700 

Thanks, questions about this upload:

How do I know that keyrings/ubuntu-esm-v2-keyring.gpg is authentic?  Not
that I don't trust you, but when dealing with the installation of gpg
keys that will be trusted by apt, it is useful to have a trust path that
can be independently verified by someone other than the uploader (even
if the set of people that can verify it is still limited, e.g. archive
admins etc).

--- ubuntu-advantage-tools-10ubuntu0.14.04.2/apt.conf.d/51ubuntu-advantage-esm  
1970-01-01 00:00:00.000000000 +0000
+++ ubuntu-advantage-tools-10ubuntu0.14.04.3/apt.conf.d/51ubuntu-advantage-esm  
2019-04-18 17:24:38.000000000 +0000
@@ -0,0 +1,3 @@
+Unattended-Upgrade::Allowed-Origins {
+  "${distro_id}ESM:${distro_codename}-security";
+};

I think this is worth calling out in the changelog, since it changes the
configuration of the system for all users even if the user does not
enable esm.

+_apt_add_auth() {
+    local repo_host="$1"
+    local credentials="$2"
+
+    local login password
+    login=$(echo "$credentials" | cut -d: -f1)
+    password=$(echo "$credentials" | cut -d: -f2)
+    [ -d "$APT_AUTH_DIR" ] || mkdir -p "$APT_AUTH_DIR"
+    [ -f "$APT_AUTH_FILE" ] || touch "$APT_AUTH_FILE"
+    chmod 600 "$APT_AUTH_FILE"
+    echo "machine ${repo_host}/ login ${login} password ${password}" \
+         >>"$APT_AUTH_FILE"
+}

Does this mean that if I run 'ua enable-esm' twice, the file gets two
entries?  (Should this instead be > instead of >> so that it's
idempotent?)

+_apt_remove_auth() {
+    local repo_host="$1"
+
+    sed -i "/^machine ${repo_host}\/ login/d" "$APT_AUTH_FILE"
+}

Given that this file is /etc/apt/auth.conf.d/90ubuntu-advantage which is
exclusive to ESM, why sedding this out instead of deleting the file?

+deb https://${ESM_REPO_HOST}/ubuntu ${SERIES}-updates main
+# deb-src https://${ESM_REPO_HOST}/ubuntu ${SERIES}-updates main
+EOF

I would suggest that we don't enable -updates at this stage, and defer
that until the new client lands.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1825239

Title:
  Enable support for trusty ESM

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1825239/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to