Needs to allow updates from the ESM archive
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unattended-upgrades (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Yakkety |
Fix Released
|
Undecided
|
Unassigned | ||
Zesty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[SRU Justification]
When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match.
[1] https:/
Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both.
[Test case]
1. run 'sudo apt-get install ubuntu-
2. run 'sudo ubuntu-advantage enable-esm <creds>' with your private creds to enable the ESM archive
3. run 'sudo apt-get update'
4. create a faked-up entry in /var/lib/
5. run 'sudo sed -i -e"s/precise/
6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed.
7. install unattended-upgrades from -proposed.
8. again create a faked-up entry in /var/lib/
9. again run 'sudo sed -i -e"s/precise/
10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package.
[Regression potential]
Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases.
Changed in unattended-upgrades (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → High |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
tags: | added: verification-done-xenial |
tags: | added: verification-failed-trusty |
tags: | removed: verification-failed-trusty |
tags: | added: verification-done-yakkety |
tags: | added: verification-done-zesty |
Changed in unattended-upgrades (Ubuntu): | |
status: | Confirmed → Fix Committed |
This is the format we have now (in the staging esm service, soon to be deployed to production)
500 https:/ /extended. security. staging. ubuntu. com/ubuntu/ precise/main i386 Packages o=UbuntuESM, a=precise, n=precise, l=UbuntuESM, c=main security. staging. ubuntu. com
release v=12.04,
origin extended.
Here is a "normal" precise repo, for comparison: br.archive. ubuntu. com/ubuntu/ precise/main amd64 Packages o=Ubuntu, a=precise, n=precise, l=Ubuntu, c=main ubuntu. com
500 http://
release v=12.04,
origin br.archive.