Public bug reported: [Impact] The main focus of this release is to allow focal cloud users to enable FIPS services on their machines. Furthermore, we are also performing some small fixes in the code:
* Fixing how apt and motd messages are updated after some ua operations * Disable the license check job after attach/auto-attach operations. Additionally, we are now making our logs word readable We have spent a lot time debugging our logs to see if are leaking any credentials there, but we are now sure that we have redacted all of the private information See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu- advantage-tools team members will not mark ‘verification-done’ until this has happened. Integration test artifacts are attached to the bug. [Regression Potential] Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved. However, by making the logs world readable, we could be still leaking some credentials there which would be now readable be every user on the machine. [Discussion] Even though the focus of this release is on allowing FIPS services on Focal machines, the major change of this release is making the logs world readable. We have performed several tests on different scenarios to verify that the logs are not leaking, but even though we have tested it multiple times, we could still have a blind spot on that work. If we do have those leaks, this means that user on the machine can try to use the leaked credentials on other machines. This will not affect the machines already attached to an UA subscription. If the team has any reservations about this work, we can better discuss a better path moving forward here. [Changelog] * d/tools.postinst: - make log files world readable * New upstream release 27.6 - cli: only go for resources on explicit help calls - fips: + allow enabling FIPS on focal clouds + update prompt messages - jobs: disable jobs after attach/auto-attach - message: fix how apt and motd messages are updated after ua commands ** Affects: ubuntu-advantage-tools (Ubuntu) Importance: Undecided Status: New ** Description changed: [Impact] The main focus of this release is to allow focal cloud users to enable FIPS services on their machines. Furthermore, we are also performing some small fixes in the code: * Fixing how apt and motd messages are updated after some ua operations * Disable the license check job after attach/auto-attach operations. Additionally, we are now making our logs word readable - See the changelog entry below for a full list of changes and bugs. We have spent a lot time - debugging our logs to see if are leaking any credentials there, but we are now sure that we - have redacted all of the private information + We have spent a lot time debugging our logs to see if are leaking any + credentials there, but we are now sure that we have redacted all of the + private information + + See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates - The ubuntu-advantage-tools team will be in charge of attaching the artifacts and - console output of the appropriate run to the bug. ubuntu-advantage-tools team - members will not mark ‘verification-done’ until this has happened. + The ubuntu-advantage-tools team will be in charge of attaching the + artifacts and console output of the appropriate run to the bug. ubuntu- + advantage-tools team members will not mark ‘verification-done’ until + this has happened. Integration test artifacts are attached to the bug. [Regression Potential] Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved. However, by making the logs world readable, we could be still leaking some credentials there which would be now readable be every user on the machine. - [Discussion] Even though the focus of this release is on allowing FIPS services on Focal machines, the major change of this release is making the logs world readable. We have performed several tests on different scenarios to verify that the logs are not leaking, but even though we have tested it multiple times, we could still have a blind spot on that work. If we do have those leaks, this means that user on the machine can try to use the leaked credentials on other machines. This will not affect the machines already attached to an UA subscription. If the team has any reservations about this work, we can better discuss - better path moving forward here. + a better path moving forward here. [Changelog] - * d/tools.postinst: - - make log files world readable - * New upstream release 27.6 - - cli: only go for resources on explicit help calls - - fips: - + allow enabling FIPS on focal clouds - + update prompt messages - - jobs: disable jobs after attach/auto-attach - - message: fix how apt and motd messages are updated after ua commands + * d/tools.postinst: + - make log files world readable + * New upstream release 27.6 + - cli: only go for resources on explicit help calls + - fips: + + allow enabling FIPS on focal clouds + + update prompt messages + - jobs: disable jobs after attach/auto-attach + - message: fix how apt and motd messages are updated after ua commands -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958556 Title: [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Hirsute, Impish To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1958556/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
