Ship ubuntu-advantage in ubuntu-minimal

Bug #1686183 reported by David Britton on 2017-04-25
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ubuntu-advantage-tools (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned
ubuntu-meta (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned

Bug Description

[Impact]

 * Allow ubuntu-advantage users to access the extended security maintenance script with a simple command line tool. This script needs to hit precise machines and be easy for ubuntu-advantage customers to enable, thus basefiles was chosen as a home.

[Test Case]

 * Run ubuntu-advantage, it should print out help
 * Run sudo ubuntu-advantage enable <token> (without sudo it will warn you), but you need to be an ubuntu-advantage customer to get that token. In the end, the script simply adds and removes an /etc/apt/sources.list.d entry.
 * you can contact me (<email address hidden>) if you would like a token for test purposes.

[Regression Potential]

 * Low, this is a new script, not included in any automated startup paths.

[Other Info]

 * http://blog.dustinkirkland.com/2017/03/ubuntu-1204-esm.html

Andreas Hasenack (ahasenack) wrote :

debdiff for base-files on precise

description: updated
tags: added: patch
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in base-files (Ubuntu):
status: New → Confirmed
Changed in base-files (Ubuntu):
status: Confirmed → Incomplete
Andreas Hasenack (ahasenack) wrote :

This introduces a python dependency to base-files, which I think is incorrect. I think the decision to choose base-files should be reevaluated.

From the point of view of end-users, regardless if the script is in base-files or in its own package, the same number of apt commands will be needed either way.

It's either:
apt-get update
apt-get dist-upgrade
ubuntu-advantage enable-esm <token>

or:
apt-get update
apt-get install ubuntu-advantage
ubuntu-advantage enable-esm <token>

In its own package it can have its own copyright, manpage, correct dependencies, its own source tarball, tests (which were stripped from the debdiff here), upstream url, nice description, etc.

David Britton (davidpbritton) wrote :

The difference here is a supported machine is up to date, even if it only has the minimum packages installed.

Asking for another package to be installed to be "supported" is a small bit of friction that can be removed by delivering the script with basefiles.

Andreas Hasenack (ahasenack) wrote :

Updated debdiff attached. Changes:
- the ubuntu-advantage script is now shell (/bin/sh)
- install an MOTD script that will print a banner informing the status of ESM

Dimitri John Ledkov (xnox) wrote :

The key UID is interesting. It is "Ubuntu ESM <email address hidden>" is this an appropriate user facing uid that is listed in the output of $ apt-key list?

Our current key names are a bit more descriptive than that, e.g.:
* Ubuntu Archive Automatic Signing Key <email address hidden>
* Ubuntu CD Image Automatic Signing Key <email address hidden>

Have you considered changing UID to e.g.
 * Ubuntu Extended Security Maintenance Automatic Signing Key <email address hidden>

Such that it is descriptive, and has email address that is user/public facing.

prodstack-cdo seems like an internal email address, which is not customer facing.

Dimitri John Ledkov (xnox) wrote :

* the key should be shipped as a key fragment in /usr/share/keyrings/ubuntu-keyring-extended-security-maintainance.gpg

* the shell script should simply copy that key fragment into /etc/apt/trusted.gpg.d/ upon enablement of the ESM repository

* there should not be encoded binary in the shell script, and no need to call apt-key; just a cp.

* the script should check for and install apt-transport-https if missing

Dimitri John Ledkov (xnox) wrote :

<email address hidden> actually might be a better email address, following on ftpmaster@ cdimage@ pattern.

Dimitri John Ledkov (xnox) wrote :

The key was updated, is there an updated export of it available?

Andreas Hasenack (ahasenack) wrote :

I pushed it to keyserver.ubuntu.com, key id 67C7A026

Andreas Hasenack (ahasenack) wrote :

I can't use a debdiff here anymore because the new key is a binary file. I created a git branch here:

https://code.launchpad.net/~ahasenack/ubuntu/+source/base-files/+git/base-files/+ref/ubuntu-advantage-sru

Is that enough for your review? Should I make an MP against the precise-updates packaging branch imported at https://code.launchpad.net/~usd-import-team/ubuntu/+source/base-files/+git/base-files ?

summary: - Ship ubuntu-advantage in basefiles for ubuntu
+ Ship ubuntu-advantage in ubuntu-minimal
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

affects: base-files (Ubuntu) → ubuntu-advantage-tools (Ubuntu)
Changed in ubuntu-advantage-tools (Ubuntu Precise):
status: New → Confirmed
Dimitri John Ledkov (xnox) wrote :

Hello David, or anyone else affected,

Accepted ubuntu-advantage-tools into precise-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in ubuntu-advantage-tools (Ubuntu Precise):
status: Confirmed → Fix Committed
Changed in ubuntu-advantage-tools (Ubuntu):
status: Incomplete → New

An upload of ubuntu-meta to precise-proposed has been rejected from the upload queue for the following reason: "unexpected changes to desktop seed".

Hello David, or anyone else affected,

Accepted ubuntu-meta into precise-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-meta/1.267.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in ubuntu-meta (Ubuntu Precise):
status: New → Fix Committed
tags: added: verification-needed
Steve Langasek (vorlon) wrote :

$ ubuntu-advantage
usage: ubuntu-advantage [enable-esm|disable-esm]

Enable or disable the Ubuntu Extended Security Maintenance archive.

Parameters:
 enable-esm <token> enable the ESM repository
 disable-esm disable the ESM repository

the <token> argument must be in the form "user:password"

$ sudo ubuntu-advantage enable-esm <token>
[sudo] password for vorlon:
Running apt-get update...
W: Failed to fetch https://esm.ubuntu.com/ubuntu/dists/precise/Release Unable to find expected entry 'main/binary-armhf/Packages' in Release file (Wrong sources.list entry or malformed file)

E: Some index files failed to download. They have been ignored, or old ones used instead.
$

Having foreign-arch multiarch enabled on 12.04 is a pretty marginal use case. ;) Should we care about filtering out unsupported ports architectures when constructing the sources.list.d file?

Steve Langasek (vorlon) wrote :

discussed the above error with the team:
- non-x86 multiarch is a quite minor use case on precise
- it is not clear that esm.ubuntu.com is intended to be x86-only, or that it will remain so indefinitely

So we will not limit the sources.list.d entry by architecture, which could do more harm than good, and so I'm considering this verified.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 1

---------------
ubuntu-advantage-tools (1) precise; urgency=medium

  * Initial Release. LP: #1686183

 -- Dimitri John Ledkov <email address hidden> Fri, 28 Apr 2017 15:04:47 +0100

Changed in ubuntu-advantage-tools (Ubuntu Precise):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for ubuntu-advantage-tools has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-meta - 1.267.2

---------------
ubuntu-meta (1.267.2) precise; urgency=medium

  * Refreshed dependencies
  * Added ubuntu-advantage-tools to minimal LP: #1686183

 -- Dimitri John Ledkov <email address hidden> Fri, 28 Apr 2017 16:12:30 +0100

Changed in ubuntu-meta (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers