Ubuntu
google-guest-agent package

[SRU] Update and backport google-guest-agent to 20230426.00

Bug #2018272 reported by Utkarsh Gupta
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
google-guest-agent (Ubuntu)
Fix Released
Undecided
Utkarsh Gupta
Bionic
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned
Kinetic
Fix Released
Undecided
Unassigned
Lunar
Fix Committed
Undecided
Unassigned

Bug Description

[SRU]
=====

[Impact]

This package is provided by Google for installation within guests that run on Google Compute Engine. It is part of a collection of tools and daemons, that ensure that the Ubuntu images published to GCE run properly on their platform.

Cloud platforms evolve at a rate that can't be handled in six-month increments, and they will often develop features that they would like to be available to customers who don't want to upgrade from earlier Ubuntu releases. As such, updating this package to more recent upstream releases is required within all Ubuntu releases, so they continue to function properly in their environment.

In addition, this fixes CVE-2022-41723 (affecting google-guest-agent because golang.org/x/net is vendored in the package).

[Test Case]

When a new version of this package is uploaded to -proposed, the following will be done:

 * an image based on -proposed will be built for GCE and published to the ubuntu-os-cloud-devel project
 * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation.
 * Each test image will be launched, and we will validate:
 ** the package version(s)
 ** that the correct ssh keys have been imported
 ** that the google specific services are running successfully

If all the testing indicates that the image containing the new package is acceptable, verification will be considered to be done.

[Other Information]

This bug is used for tracking of releasing the new upstream version for all supported series, as per the approved policy mentioned in the following MRE:

https://wiki.ubuntu.com/google-guest-agent-Updates

The updated package is not built for riscv64 on Focal, but it is not used on riscv64 either, thus please release the SRU without the risc64 binaries.

The package does not build for powerpc on Xenial, but this is OK since it is not used on powerpc either.

Also, since this bumps some of the vendored dependencies, here's a diff of the version bump: https://paste.ubuntu.com/p/T26kznfs9q/

See original description

CVE References

Utkarsh Gupta (utkarsh)
description: updated
Changed in google-guest-agent (Ubuntu):
assignee: nobody → Utkarsh Gupta (utkarsh)
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Utkarsh, or anyone else affected,

Accepted google-guest-agent into lunar-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/google-guest-agent/20230426.00-0ubuntu1~23.04.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-lunar to verification-done-lunar. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-lunar. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in google-guest-agent (Ubuntu Lunar):
status: New → Fix Committed
tags: added: verification-needed verification-needed-lunar
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Utkarsh, or anyone else affected,

Accepted google-guest-agent into kinetic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/google-guest-agent/20230426.00-0ubuntu1~22.10.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-kinetic to verification-done-kinetic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-kinetic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in google-guest-agent (Ubuntu Kinetic):
status: New → Fix Committed
tags: added: verification-needed-kinetic
Changed in google-guest-agent (Ubuntu Jammy):
status: New → Fix Committed
tags: added: verification-needed-jammy
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Utkarsh, or anyone else affected,

Accepted google-guest-agent into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/google-guest-agent/20230426.00-0ubuntu1~22.04.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in google-guest-agent (Ubuntu Focal):
status: New → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Utkarsh, or anyone else affected,

Accepted google-guest-agent into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/google-guest-agent/20230426.00-0ubuntu1~20.04.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in google-guest-agent (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed-bionic
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Utkarsh, or anyone else affected,

Accepted google-guest-agent into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/google-guest-agent/20230426.00-0ubuntu1~18.04.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package google-guest-agent - 20230426.00-0ubuntu1

---------------
google-guest-agent (20230426.00-0ubuntu1) mantic; urgency=medium

  * New upstream version 20230426.00. (LP: #2018272)
    - update mod: update golang.org/x/net to 0.7.0 and its
      dependencies.
    - Fix compilation directives.
  * d/extra/vendor: Update vendored dependencies.
    (Fixes: CVE-2022-41723)

 -- Utkarsh Gupta <email address hidden> Tue, 02 May 2023 08:51:38 +0200

Changed in google-guest-agent (Ubuntu):
status: New → Fix Released
Revision history for this message
Philip Roche (philroche) wrote (last edit ):

Due to LP: #2019089 "shutdown-scripts service is restarted on package upgrade - causing any configured shutdown scripts to be run" [1] I would like to request blocking of all of these -proposed packages moving to -updates.

Further update being proposed @ https://code.launchpad.net/~philroche/ubuntu/+source/google-guest-agent/+git/google-guest-agent/+merge/442648 will be built upon this currently proposed changes but include fixes for LP: #2019089

[1] https://bugs.launchpad.net/ubuntu/+source/google-guest-agent/+bug/2019089

Revision history for this message
Philip Roche (philroche) wrote :

Adding `block-proposed` tag now on vorlon's recommendation

tags: added: block-proposed
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

The block-proposed needs to be per-series.

tags: added: block-proposed-bionic block-proposed-focal block-proposed-jammy block-proposed-kinetic block-proposed-lunar
Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Oh actually, this is no longer blocked and can be released.

Testing
=======

The following testing has been done on the -proposed packages:

* The restart regression has been successfully tested
* Images using the -proposed packages have been built, and the CTF tests have passed on those images
* Those images have also been shared with Google and they have successfully validated them

Adjusting verification tags accordingly.

tags: added: verification-done verification-done-bionic verification-done-focal verification-done-jammy verification-done-kinetic verification-done-lunar
removed: block-proposed block-proposed-bionic block-proposed-focal block-proposed-jammy block-proposed-kinetic block-proposed-lunar verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-kinetic verification-needed-lunar
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package google-guest-agent - 20230426.00-0ubuntu2~22.10.0

---------------
google-guest-agent (20230426.00-0ubuntu2~22.10.0) kinetic; urgency=medium

  * No-change rebuild for Kinetic

google-guest-agent (20230426.00-0ubuntu2) mantic; urgency=medium

  * d/rules: Add --no-stop-on-upgrade for upgrade path
    to enforce no stop of the services on package upgrade.
    This has the desired side-effect of not stopping, starting or
    restarting the services as a part of the upgrade (LP: #2019089)
  * d/{rules,install}: ship gce-workload-cert-refresh.timer.

 -- Utkarsh Gupta <email address hidden> Thu, 25 May 2023 13:11:33 +0530

Changed in google-guest-agent (Ubuntu Kinetic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package google-guest-agent - 20230426.00-0ubuntu2~22.04.0

---------------
google-guest-agent (20230426.00-0ubuntu2~22.04.0) jammy; urgency=medium

  * No-change rebuild for Jammy.

google-guest-agent (20230426.00-0ubuntu2) mantic; urgency=medium

  * d/rules: Add --no-stop-on-upgrade for upgrade path
    to enforce no stop of the services on package upgrade.
    This has the desired side-effect of not stopping, starting or
    restarting the services as a part of the upgrade (LP: #2019089)
  * d/{rules,install}: ship gce-workload-cert-refresh.timer.

 -- Utkarsh Gupta <email address hidden> Thu, 25 May 2023 13:13:37 +0530

Changed in google-guest-agent (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package google-guest-agent - 20230426.00-0ubuntu2~20.04.0

---------------
google-guest-agent (20230426.00-0ubuntu2~20.04.0) focal; urgency=medium

  * No-change rebuild for Focal.

google-guest-agent (20230426.00-0ubuntu2) mantic; urgency=medium

  * d/rules: Add --no-stop-on-upgrade for upgrade path
    to enforce no stop of the services on package upgrade.
    This has the desired side-effect of not stopping, starting or
    restarting the services as a part of the upgrade (LP: #2019089)
  * d/{rules,install}: ship gce-workload-cert-refresh.timer.

 -- Utkarsh Gupta <email address hidden> Thu, 25 May 2023 13:16:13 +0530

Changed in google-guest-agent (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package google-guest-agent - 20230426.00-0ubuntu2~18.04.0

---------------
google-guest-agent (20230426.00-0ubuntu2~18.04.0) bionic; urgency=medium

  * No-change rebuild for Bionic.

google-guest-agent (20230426.00-0ubuntu2) mantic; urgency=medium

  * d/rules: Add --no-stop-on-upgrade for upgrade path
    to enforce no stop of the services on package upgrade.
    This has the desired side-effect of not stopping, starting or
    restarting the services as a part of the upgrade (LP: #2019089)
  * d/{rules,install}: ship gce-workload-cert-refresh.timer.

 -- Utkarsh Gupta <email address hidden> Thu, 25 May 2023 13:22:23 +0530

Changed in google-guest-agent (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.