** Description changed: + [Impact] + ESM-related Security pocket packages are not reported being classified as security due to a rename in the backend apt suites from esm-security -> esm-infra-security and esm-apps-security. + + + [Test Case] + * Launch a trusty lxd. For example: + lxc launch ubuntu-daily:trusty trusty + + + * Update it to the latest publicly available updates: + sudo apt update && sudo apt dist-upgrade -y + + + * Make sure you have the latest ubuntu-advantage-tools: + sudo apt install ubuntu-advantage-tools + + + * Run the script that displays the motd bit about available updates: + sudo /usr/lib/update-notifier/apt-check --human-readable + + + * The output should be something like this, signaling there are only ESM updates available: + """ + UA Infrastructure Extended Security Maintenance (ESM) is not enabled. + + 0 updates can be installed immediately. + 0 of these updates are security updates. + + Enable UA Infrastructure ESM to receive 88 additional security updates. + See https://ubuntu.com/advantage or run: sudo ua status + """ + + + * Obtain an UA token for free at https://ubuntu.com/advantage + + + * Run attach: + sudo ua attach <token-obtained-in-previous-step> + + + * Confirm that esm-infra was enabled: + sudo ua status + + + * Run this command again to display the motd banner output about available updates: + sudo /usr/lib/update-notifier/apt-check --human-readable + + + * You should get something like this without the fix for this bug: + """ + UA Infrastructure Extended Security Maintenance (ESM) is enabled. + + 89 updates can be installed immediately. + 89 of these updates are provided through UA Infrastructure ESM. + 0 of these updates are security updates. + To see these additional updates run: apt list --upgradable + """ + + * In the output above, which is without the fix, note how none of the + available updates are flagged as security + + + * With the updated update-notifier package, the security updates count correctly includes the ESM security updates: + """ + UA Infrastructure Extended Security Maintenance (ESM) is enabled. + + 88 updates can be installed immediately. + 88 of these updates are provided through UA Infrastructure ESM. + 85 of these updates are security updates. + To see these additional updates run: apt list --upgradable + """ + + + [Regression Potential] + + * discussion of how regressions are most likely to manifest as a result + of this change. + + * It is assumed that any SRU candidate patch is well-tested before + upload and has a low overall risk of regression, but it's important + to make the effort to think about what ''could'' happen in the + event of a regression. + + * This both shows the SRU team that the risks have been considered, + and provides guidance to testers in regression-testing the SRU. + + [Other Info] + + * Anything else you think is useful to include + * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board + * and address these questions in advance + + + [Original Description] + ESM-related Security pocket packages are not reported being classified as security due to a rename in the backend apt suites from esm-security -> esm-infra-security and esm-apps-security. - The customer issue reported catches the symptom well: + """ - """ - I believe there's a problem with "apt_check.py" in the "update-notifier-common" package when using "ua". I have enabled "ua" via "ua attach" and yet "apt-check" shows updates, but does not specify they are security updates, even though they are: mrussell@deputy:~$ /usr/lib/update-notifier/apt-check --human-readable UA Infrastructure Extended Security Maintenance (ESM) is enabled. 8 updates can be installed immediately. 8 of these updates are provided through UA Infrastructure ESM. 0 of these updates are security updates. To see these additional updates run: apt list --upgradable Note, these are the packages: mrussell@deputy:~$ apt list --upgradable Listing... Done apt/trusty-infra-security 1.0.1ubuntu2.24+esm1 amd64 [upgradable from: 1.0.1ubuntu2.24] apt-transport-https/trusty-infra-security 1.0.1ubuntu2.24+esm1 amd64 [upgradable from: 1.0.1ubuntu2.24] apt-utils/trusty-infra-security 1.0.1ubuntu2.24+esm1 amd64 [upgradable from: 1.0.1ubuntu2.24] libapt-inst1.5/trusty-infra-security 1.0.1ubuntu2.24+esm1 amd64 [upgradable from: 1.0.1ubuntu2.24] libapt-pkg4.12/trusty-infra-security 1.0.1ubuntu2.24+esm1 amd64 [upgradable from: 1.0.1ubuntu2.24] libjson-c2/trusty-infra-security 0.11-3ubuntu1.2+esm3 amd64 [upgradable from: 0.11-3ubuntu1.2+esm2] libjson0/trusty-infra-security 0.11-3ubuntu1.2+esm3 amd64 [upgradable from: 0.11-3ubuntu1.2+esm2] If I change "isSecurityUpgrade()" to also include this value in "security_pockets": ("UbuntuESM", "%s-infra-security" % DISTRO), then, the output is correct: mrussell@deputy:~$ /usr/lib/update-notifier/apt-check --human-readable UA Infrastructure Extended Security Maintenance (ESM) is enabled. 8 updates can be installed immediately. 8 of these updates are provided through UA Infrastructure ESM. 8 of these updates are security updates. To see these additional updates run: apt list --upgradable """
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881632 Title: esm security updates not reported by apt update-notifier To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1881632/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
