An upload of google-guest-agent to noble-proposed has been rejected from the upload queue for the following reason: "needs changes according to review".
-- You received this bug notification because you are a member of Ubuntu Public Cloud, which is subscribed to google-guest-agent in Ubuntu. https://bugs.launchpad.net/bugs/2113792 Title: [SRU] Please update to 20250506.01 Status in google-guest-agent package in Ubuntu: Fix Released Status in google-guest-agent source package in Jammy: New Status in google-guest-agent source package in Noble: New Status in google-guest-agent source package in Plucky: Incomplete Bug description: =================== SRU =================== Following on from similar package update requests @ LP: #2096765, LP: #2084498, LP: #2073163 and LP: #2040945, this bug is a request to update the google-guest-agent package to the upstream version `20250506.01` @ https://github.com/GoogleCloudPlatform/guest- agent/releases/tag/20250506.01 This package has an SRU exception @ https://wiki.ubuntu.com/StableReleaseUpdates#google-guest-agent including an ageing exception detailed @ https://wiki.ubuntu.com/google-guest-agent-Updates [Impact] This package is provided by Google for installation within guests that run on Google Compute Engine. It is part of a collection of tools and daemons, that ensure that the Ubuntu images published to GCE run properly on their platform. Cloud platforms evolve at a rate that can't be handled in six-month increments, and they will often develop features that they would like to be available to customers who don't want to upgrade from earlier Ubuntu releases. As such, updating this package to more recent upstream releases is required within all Ubuntu releases, so they continue to function properly in the GCP environment. [Test Case] When a new version of this package is uploaded to -proposed, the following will happen: * an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-image-proposed project * the CPC team will run internal validations (CTF) and Google's upstream test suite `cloud-image-tests` (CIT) * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their own internal image validation. If all the testing indicates that the new package is acceptable, verification can be considered done. [Vendored Dependencies] ``` --- a/go.mod +++ b/go.mod @@ -1,12 +1,12 @@ module github.com/GoogleCloudPlatform/guest-agent -go 1.20 +go 1.23.0 replace github.com/GoogleCloudPlatform/guest-agent/metadata => ../metadata require ( cloud.google.com/go/storage v1.31.0 - github.com/GoogleCloudPlatform/guest-logging-go v0.0.0-20250108002221-76154e4b3bd9 + github.com/GoogleCloudPlatform/guest-logging-go v0.0.0-20250327013322-4be06cdc8bd8 github.com/Microsoft/go-winio v0.6.1 github.com/go-ini/ini v1.66.6 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da @@ -17,8 +17,8 @@ require ( github.com/kardianos/service v1.2.2 github.com/robfig/cron/v3 v3.0.1 github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07 - golang.org/x/crypto v0.25.0 - golang.org/x/sys v0.22.0 + golang.org/x/crypto v0.35.0 + golang.org/x/sys v0.30.0 google.golang.org/api v0.134.0 google.golang.org/grpc v1.57.1 google.golang.org/protobuf v1.33.0 @@ -44,10 +44,10 @@ require ( github.com/pkg/errors v0.9.1 // indirect go.opencensus.io v0.24.0 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.27.0 // indirect + golang.org/x/net v0.36.0 // indirect golang.org/x/oauth2 v0.10.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/text v0.16.0 // indirect + golang.org/x/sync v0.11.0 // indirect + golang.org/x/text v0.22.0 // indirect golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/appengine v1.6.7 // indirect ``` ## Examining the crypto diff - golang.org/x/crypto v0.25.0 + golang.org/x/crypto v0.35.0 # Bump from v.0.25.0 --> v.0.330: Commit here https://github.com/GoogleCloudPlatform/guest- agent/commit/09884e466fc49e88e98bab6ce22ce732b426fdd2 [was added to fix CVE-2024-45337 (https://github.com/advisories/GHSA-v778-237x-gjrc)], closing issue: https://github.com/GoogleCloudPlatform/guest-agent/pull/499 # Bump from v.0.33.0 --> v.0.35.0 Commit here https://github.com/GoogleCloudPlatform/guest- agent/commit/c2e25edf755600c01e13a77ee7adb92d44a44fe0 [was added by their dependatbot automation], closing issue: https://github.com/GoogleCloudPlatform/guest-agent/pull/512) # Whole diff of v0.25.0 vs. v0.35.0: https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.25.0...refs/tags/v0.35.0 [Where Problems Could Occur] There are many upstream changes in `20250506.01-0ubuntu1` vs. `20250116.00-0ubuntu1` (38 commits/40 file changes); however between CIT [0] (which is run for validation by CPC _and_ Google) and CPC's own internal test harness (CTF), there is confidence that most if not all "edge cases" and/or obvious regressions concerns can be dismissed before the new version lands in `-updates`. Also, `google-guest-agent` is not a seeded package, and we vendor all golang dependencies. [Other Information] This bug is used for tracking of releasing the new upstream version for all supported series, as per the approved policy mentioned in the following MRE: https://wiki.ubuntu.com/google-guest-agent-Updates This package is only used on AMD64 and ARM64 but is built for all available architectures. [0]: https://github.com/GoogleCloudPlatform/cloud-image-tests To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/google-guest-agent/+bug/2113792/+subscriptions -- Mailing list: https://launchpad.net/~ubuntu-public-cloud Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-public-cloud More help : https://help.launchpad.net/ListHelp
