2022-01-20 15:52:38 |
Lucas Albuquerque Medeiros de Moura |
bug |
|
|
added bug |
2022-01-20 15:54:28 |
Lucas Albuquerque Medeiros de Moura |
description |
[Impact]
The main focus of this release is to allow focal cloud users to enable FIPS services on their machines. Furthermore, we are also performing some small fixes in the code:
* Fixing how apt and motd messages are updated after some ua operations
* Disable the license check job after attach/auto-attach operations.
Additionally, we are now making our logs word readable
See the changelog entry below for a full list of changes and bugs. We have spent a lot time
debugging our logs to see if are leaking any credentials there, but we are now sure that we
have redacted all of the private information
[Test Case]
The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
The ubuntu-advantage-tools team will be in charge of attaching the artifacts and
console output of the appropriate run to the bug. ubuntu-advantage-tools team
members will not mark ‘verification-done’ until this has happened.
Integration test artifacts are attached to the bug.
[Regression Potential]
Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved.
However, by making the logs world readable, we could be still leaking some credentials there which would be now readable be every user on the machine.
[Discussion]
Even though the focus of this release is on allowing FIPS services on Focal machines, the major change of this release is making the logs world readable.
We have performed several tests on different scenarios to verify that the logs are not leaking, but even though we have tested it multiple times, we could still have a blind spot on that work.
If we do have those leaks, this means that user on the machine can try to use the leaked credentials on other machines. This will not affect the machines already attached to an UA subscription.
If the team has any reservations about this work, we can better discuss better path moving forward here.
[Changelog]
* d/tools.postinst:
- make log files world readable
* New upstream release 27.6
- cli: only go for resources on explicit help calls
- fips:
+ allow enabling FIPS on focal clouds
+ update prompt messages
- jobs: disable jobs after attach/auto-attach
- message: fix how apt and motd messages are updated after ua commands |
[Impact]
The main focus of this release is to allow focal cloud users to enable FIPS services on their machines. Furthermore, we are also performing some small fixes in the code:
* Fixing how apt and motd messages are updated after some ua operations
* Disable the license check job after attach/auto-attach operations.
Additionally, we are now making our logs word readable
We have spent a lot time debugging our logs to see if are leaking any credentials there, but we are now sure that we have redacted all of the private information
See the changelog entry below for a full list of changes and bugs.
[Test Case]
The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened.
Integration test artifacts are attached to the bug.
[Regression Potential]
Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved.
However, by making the logs world readable, we could be still leaking some credentials there which would be now readable be every user on the machine.
[Discussion]
Even though the focus of this release is on allowing FIPS services on Focal machines, the major change of this release is making the logs world readable.
We have performed several tests on different scenarios to verify that the logs are not leaking, but even though we have tested it multiple times, we could still have a blind spot on that work.
If we do have those leaks, this means that user on the machine can try to use the leaked credentials on other machines. This will not affect the machines already attached to an UA subscription.
If the team has any reservations about this work, we can better discuss a better path moving forward here.
[Changelog]
* d/tools.postinst:
- make log files world readable
* New upstream release 27.6
- cli: only go for resources on explicit help calls
- fips:
+ allow enabling FIPS on focal clouds
+ update prompt messages
- jobs: disable jobs after attach/auto-attach
- message: fix how apt and motd messages are updated after ua commands |
|
2022-01-20 17:59:59 |
Grant Orndorff |
bug |
|
|
added subscriber Grant Orndorff |
2022-01-24 15:02:12 |
Paride Legovini |
summary |
[SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Hirsute, Impish |
[SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Impish |
|
2022-01-24 19:40:41 |
Lucas Albuquerque Medeiros de Moura |
description |
[Impact]
The main focus of this release is to allow focal cloud users to enable FIPS services on their machines. Furthermore, we are also performing some small fixes in the code:
* Fixing how apt and motd messages are updated after some ua operations
* Disable the license check job after attach/auto-attach operations.
Additionally, we are now making our logs word readable
We have spent a lot time debugging our logs to see if are leaking any credentials there, but we are now sure that we have redacted all of the private information
See the changelog entry below for a full list of changes and bugs.
[Test Case]
The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened.
Integration test artifacts are attached to the bug.
[Regression Potential]
Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved.
However, by making the logs world readable, we could be still leaking some credentials there which would be now readable be every user on the machine.
[Discussion]
Even though the focus of this release is on allowing FIPS services on Focal machines, the major change of this release is making the logs world readable.
We have performed several tests on different scenarios to verify that the logs are not leaking, but even though we have tested it multiple times, we could still have a blind spot on that work.
If we do have those leaks, this means that user on the machine can try to use the leaked credentials on other machines. This will not affect the machines already attached to an UA subscription.
If the team has any reservations about this work, we can better discuss a better path moving forward here.
[Changelog]
* d/tools.postinst:
- make log files world readable
* New upstream release 27.6
- cli: only go for resources on explicit help calls
- fips:
+ allow enabling FIPS on focal clouds
+ update prompt messages
- jobs: disable jobs after attach/auto-attach
- message: fix how apt and motd messages are updated after ua commands |
[Impact]
The main focus of this release is to allow focal cloud users to enable FIPS services on their machines. Furthermore, we are also performing some small fixes in the code:
* Fixing how apt and motd messages are updated after some ua operations
* Disable the license check job after attach/auto-attach operations.
Additionally, we are now making our logs word readable
We have spent a lot time debugging our logs to see if are leaking any credentials there, but we are now sure that we have redacted all of the private information
See the changelog entry below for a full list of changes and bugs.
[Test Case]
The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened.
Integration test artifacts are attached to the bug.
[Regression Potential]
Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved.
However, by making the logs world readable, we could be still leaking some credentials there which would be now readable be every user on the machine.
[Discussion]
Even though the focus of this release is on allowing FIPS services on Focal machines, the major change of this release is making the logs world readable.
The reason for making the logs world readable is that we don't have any major reason keep it readable by only sudo users. Also, this will also allow for non-root users to more easily open bugs that affect the package.
We have performed several tests on different scenarios to verify that the logs are not leaking, but even though we have tested it multiple times, we could still have a blind spot on that work.
If we do have those leaks, this means that user on the machine can try to use the leaked credentials on other machines. This will not affect the machines already attached to an UA subscription.
If the team has any reservations about this work, we can better discuss a better path moving forward here.
[Changelog]
* d/tools.postinst:
- make log files world readable
* New upstream release 27.6
- cli: only go for resources on explicit help calls
- fips:
+ allow enabling FIPS on focal clouds
+ update prompt messages
- jobs: disable jobs after attach/auto-attach
- message: fix how apt and motd messages are updated after ua commands |
|
2022-02-02 19:25:23 |
Launchpad Janitor |
ubuntu-advantage-tools (Ubuntu): status |
New |
Fix Released |
|
2022-02-03 12:09:44 |
Paride Legovini |
nominated for series |
|
Ubuntu Bionic |
|
2022-02-03 12:09:44 |
Paride Legovini |
bug task added |
|
ubuntu-advantage-tools (Ubuntu Bionic) |
|
2022-02-03 12:09:44 |
Paride Legovini |
nominated for series |
|
Ubuntu Xenial |
|
2022-02-03 12:09:44 |
Paride Legovini |
bug task added |
|
ubuntu-advantage-tools (Ubuntu Xenial) |
|
2022-02-03 12:09:44 |
Paride Legovini |
nominated for series |
|
Ubuntu Focal |
|
2022-02-03 12:09:44 |
Paride Legovini |
bug task added |
|
ubuntu-advantage-tools (Ubuntu Focal) |
|
2022-02-03 12:09:44 |
Paride Legovini |
nominated for series |
|
Ubuntu Impish |
|
2022-02-03 12:09:44 |
Paride Legovini |
bug task added |
|
ubuntu-advantage-tools (Ubuntu Impish) |
|
2022-02-03 12:22:26 |
Robie Basak |
ubuntu-advantage-tools (Ubuntu Impish): status |
New |
Fix Committed |
|
2022-02-03 12:22:27 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2022-02-03 12:22:28 |
Robie Basak |
bug |
|
|
added subscriber SRU Verification |
2022-02-03 12:22:30 |
Robie Basak |
tags |
|
verification-needed verification-needed-impish |
|
2022-02-03 12:22:41 |
Robie Basak |
ubuntu-advantage-tools (Ubuntu Focal): status |
New |
Fix Committed |
|
2022-02-03 12:22:44 |
Robie Basak |
tags |
verification-needed verification-needed-impish |
verification-needed verification-needed-focal verification-needed-impish |
|
2022-02-03 12:22:55 |
Robie Basak |
ubuntu-advantage-tools (Ubuntu Bionic): status |
New |
Fix Committed |
|
2022-02-03 12:22:58 |
Robie Basak |
tags |
verification-needed verification-needed-focal verification-needed-impish |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish |
|
2022-02-03 12:23:08 |
Robie Basak |
ubuntu-advantage-tools (Ubuntu Xenial): status |
New |
Fix Committed |
|
2022-02-03 12:23:12 |
Robie Basak |
tags |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish verification-needed-xenial |
|
2022-02-04 20:07:15 |
Lucas Albuquerque Medeiros de Moura |
attachment added |
|
sru-release-27.6.tar.xz https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1958556/+attachment/5559186/+files/sru-release-27.6.tar.xz |
|
2022-02-04 20:07:38 |
Lucas Albuquerque Medeiros de Moura |
tags |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish verification-needed-xenial |
verification-done verification-done-bionic verification-done-focal verification-done-impish verification-done-xenial |
|
2022-02-07 12:32:18 |
Ioanna Alifieraki |
bug |
|
|
added subscriber Ioanna Alifieraki |
2022-02-10 09:51:29 |
Launchpad Janitor |
ubuntu-advantage-tools (Ubuntu Impish): status |
Fix Committed |
Fix Released |
|
2022-02-10 09:51:33 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2022-02-10 09:54:45 |
Launchpad Janitor |
ubuntu-advantage-tools (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2022-02-10 09:57:40 |
Launchpad Janitor |
ubuntu-advantage-tools (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2022-02-10 09:57:51 |
Launchpad Janitor |
ubuntu-advantage-tools (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|