Cloud images for non-Intel architectures are configured with security repos that don't work
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
livecd-rootfs (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
Users who don't get a fresh sources.list written out on first boot (e.g. Docker users) can't install updates from xenial-security on non-Intel architectures.
[Test Case]
Run an ubuntu-cpc livefs build for a non-Intel architecture, unpack one of the produced root tarballs, chroot in to it and perform an `apt-get update`. You should see no errors.
[Regression Potential]
This change modifies the sources that apt will use for updates, so the biggest risk for regression is that the fix is malformed and systems become un-updateable (either partially or fully). The test above should catch this.
[Original Report]
In the fix for bug 1513529, we[0] modified livecd-rootfs to write out a sources.list that matches the sources.list in Ubuntu Server installed from an ISO. We (presumably) compared to an Intel installation, and hard-coded security.ubuntu.com as a repo in sources.list.
Unfortunately, packages for non-Intel architectures aren't published to security.
[0] Well, *ahem*, _I_.
Related branches
CVE References
description: | updated |
summary: |
- Non-Intel architectures are configured with security repos that don't - work + Cloud image tarballs for non-Intel architectures are configured with + security repos that don't work |
summary: |
- Cloud image tarballs for non-Intel architectures are configured with - security repos that don't work + Cloud images for non-Intel architectures are configured with security + repos that don't work |
tags: | added: patch |
Changed in livecd-rootfs: | |
status: | Unknown → New |
tags: | added: id-58e294093da7aa124fcea8a5 |
Status changed to 'Confirmed' because the bug affects multiple users.