| 2022-03-07 19:40:46 |
Grant Orndorff |
bug |
|
|
added bug |
| 2022-03-07 19:41:32 |
Grant Orndorff |
nominated for series |
|
Ubuntu Xenial |
|
| 2022-03-07 19:41:32 |
Grant Orndorff |
bug task added |
|
ubuntu-advantage-tools (Ubuntu Xenial) |
|
| 2022-03-07 19:41:32 |
Grant Orndorff |
nominated for series |
|
Ubuntu Focal |
|
| 2022-03-07 19:41:32 |
Grant Orndorff |
bug task added |
|
ubuntu-advantage-tools (Ubuntu Focal) |
|
| 2022-03-07 19:41:32 |
Grant Orndorff |
nominated for series |
|
Ubuntu Impish |
|
| 2022-03-07 19:41:32 |
Grant Orndorff |
bug task added |
|
ubuntu-advantage-tools (Ubuntu Impish) |
|
| 2022-03-07 19:41:32 |
Grant Orndorff |
nominated for series |
|
Ubuntu Bionic |
|
| 2022-03-07 19:41:32 |
Grant Orndorff |
bug task added |
|
ubuntu-advantage-tools (Ubuntu Bionic) |
|
| 2022-03-07 20:24:24 |
Grant Orndorff |
description |
[Impact]
This release sports both bug-fixes and new features and we would like to
make sure all of our supported customers have access to these
improvements. The notable ones are:
* --format=json for attach,detach,enable,disable
* --attach-config option when attaching for users to pass their token via a file and also to customize the auto-enabled services
* Support enabling FIPS and FIPS-Updates on containers
* Add more information to ua security-status and remove --beta flag
See the changelog entry below for a full list of changes and bugs.
[Test Case]
The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened.
[Regression Potential]
There is a small refactor that touches a python section of the postinst script. Any adjustment to postinst poses the risk of breaking upgrades if a mistake was made.
We are setting all newly created log files to world-readable. If we have failed to catch every scenario of redacting secrets from potentially logged strings, then some secrets could slip into the world-readable log files.
The refactor required to support json output for more commands required changing how all output is printed. A mistake during this process could result in missing output that we previously printed. Some messages were moved from stderr to stdout during this process as well. If a third party script was parsing the error messages on stderr from `ua` this update may break that.
We are moving from requiring a --beta flag for ua security-status to requiring that there is not a --beta flag for ua security-status. If a third party script is using ua security-status --beta command, then this change could break that script.
This is a big update, with several refactors touching many pieces of the codebase. It is possible that some behavior changed in subtle ways not captured by our integration tests.
[Discussion]
The reason for making the logs world readable is that we no longer have any major reason keep it readable by only sudo users. Also, this will also allow for non-root users to more easily open bugs that affect the package. We are purposefully only setting new log files to be world-readable, because it is possible that logs made prior to version 27.6 still contain secrets.
The focus on json output is to support other pieces of software than want to use `ua`, such as the upcoming Desktop settings screen to attach and enable/disable services.
[Changelog]
* d/logrotate:
- make new logs world readable
* d/tools.postinst:
- refactor to catch exception from entitlement_factory
- no longer always set log file to only root readable
- when creating log file for the first time, make world readable
* New upstream release 27.7
- attach: --attach-config option for customizing auto-enabled services
and supplying token via a file
- auto-attach: fix bug where auto-attach caused a manually attached
machine to detach
- cli:
+ support --format=json for attach
+ support --format=json for detach
+ support --format=json for enable
+ support --format=json for disable
- contract: include activity info when updating contract
- detach: no longer contacts contract server on detach
- fips: allow fips on containers
- fix: support USNs that don't have related CVEs
- logs: make all newly created logs world-readable
- security-status:
+ show already installed esm package counts
+ include APT origin for each potential update
+ bump schema version to "0.1"
+ remove previously required --beta flag
- status:
+ include blocked_by information in service status when format=json
+ --simulate-with-token now reports expired tokens as errors
+ --simulate-with-token now returns errors in the specified format |
[Impact]
This release sports both bug-fixes and new features and we would like to
make sure all of our supported customers have access to these
improvements. The notable ones are:
* --format=json for attach,detach,enable,disable
* --attach-config option when attaching for users to pass their token via a file and also to customize the auto-enabled services
* Support enabling FIPS and FIPS-Updates on containers
* Add more information to ua security-status and remove --beta flag
* New log files will be world readable
See the changelog entry below for a full list of changes and bugs.
[Test Case]
The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened.
[Regression Potential]
There is a small refactor that touches a python section of the postinst script. Any adjustment to postinst poses the risk of breaking upgrades if a mistake was made.
We are setting all newly created log files to world-readable. If we have failed to catch every scenario of redacting secrets from potentially logged strings, then some secrets could slip into the world-readable log files.
The refactor required to support json output for more commands required changing how all output is printed. A mistake during this process could result in missing output that we previously printed. Some messages were moved from stderr to stdout during this process as well. If a third party script was parsing the error messages on stderr from `ua` this update may break that.
We are moving from requiring a --beta flag for ua security-status to requiring that there is not a --beta flag for ua security-status. If a third party script is using ua security-status --beta command, then this change could break that script.
This is a big update, with several refactors touching many pieces of the codebase. It is possible that some behavior changed in subtle ways not captured by our integration tests.
[Discussion]
The reason for making the logs world readable is that we no longer have any major reason keep it readable by only sudo users. Also, this will also allow for non-root users to more easily open bugs that affect the package. We are purposefully only setting new log files to be world-readable, because it is possible that logs made prior to version 27.6 still contain secrets.
The focus on json output is to support other pieces of software than want to use `ua`, such as the upcoming Desktop settings screen to attach and enable/disable services.
[Changelog]
* d/logrotate:
- make new logs world readable
* d/tools.postinst:
- refactor to catch exception from entitlement_factory
- no longer always set log file to only root readable
- when creating log file for the first time, make world readable
* New upstream release 27.7
- attach: --attach-config option for customizing auto-enabled services
and supplying token via a file
- auto-attach: fix bug where auto-attach caused a manually attached
machine to detach
- cli:
+ support --format=json for attach
+ support --format=json for detach
+ support --format=json for enable
+ support --format=json for disable
- contract: include activity info when updating contract
- detach: no longer contacts contract server on detach
- fips: allow fips on containers
- fix: support USNs that don't have related CVEs
- logs: make all newly created logs world-readable
- security-status:
+ show already installed esm package counts
+ include APT origin for each potential update
+ bump schema version to "0.1"
+ remove previously required --beta flag
- status:
+ include blocked_by information in service status when format=json
+ --simulate-with-token now reports expired tokens as errors
+ --simulate-with-token now returns errors in the specified format |
|
| 2022-03-08 18:03:52 |
Paride Legovini |
bug |
|
|
added subscriber Paride Legovini |
| 2022-03-23 14:21:26 |
Paride Legovini |
ubuntu-advantage-tools (Ubuntu Impish): status |
New |
In Progress |
|
| 2022-03-23 14:21:29 |
Paride Legovini |
ubuntu-advantage-tools (Ubuntu Focal): status |
New |
In Progress |
|
| 2022-03-23 14:21:31 |
Paride Legovini |
ubuntu-advantage-tools (Ubuntu Bionic): status |
New |
In Progress |
|
| 2022-03-23 14:21:34 |
Paride Legovini |
ubuntu-advantage-tools (Ubuntu Xenial): status |
New |
In Progress |
|
| 2022-03-23 14:21:36 |
Paride Legovini |
ubuntu-advantage-tools (Ubuntu): status |
New |
In Progress |
|
| 2022-03-23 17:52:17 |
Launchpad Janitor |
ubuntu-advantage-tools (Ubuntu): status |
In Progress |
Fix Released |
|
| 2022-03-24 15:40:00 |
Andy Whitcroft |
ubuntu-advantage-tools (Ubuntu Impish): status |
In Progress |
Fix Committed |
|
| 2022-03-24 15:40:01 |
Andy Whitcroft |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2022-03-24 15:40:03 |
Andy Whitcroft |
bug |
|
|
added subscriber SRU Verification |
| 2022-03-24 15:40:07 |
Andy Whitcroft |
tags |
|
verification-needed verification-needed-impish |
|
| 2022-03-24 15:42:01 |
Andy Whitcroft |
ubuntu-advantage-tools (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2022-03-24 15:42:06 |
Andy Whitcroft |
tags |
verification-needed verification-needed-impish |
verification-needed verification-needed-focal verification-needed-impish |
|
| 2022-03-24 15:42:33 |
Andy Whitcroft |
ubuntu-advantage-tools (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2022-03-24 15:42:38 |
Andy Whitcroft |
tags |
verification-needed verification-needed-focal verification-needed-impish |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish |
|
| 2022-03-24 15:48:17 |
Andy Whitcroft |
ubuntu-advantage-tools (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
| 2022-03-24 15:48:23 |
Andy Whitcroft |
tags |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish verification-needed-xenial |
|
| 2022-03-28 18:21:01 |
Lucas Albuquerque Medeiros de Moura |
attachment added |
|
ua-test-results-27.7.tar.xz https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1964028/+attachment/5573894/+files/ua-test-results-27.7.tar.xz |
|
| 2022-03-28 18:21:22 |
Lucas Albuquerque Medeiros de Moura |
tags |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish verification-needed-xenial |
verification-done verification-done-bionic verification-done-focal verification-done-impish verification-done-xenial |
|
| 2022-04-04 07:58:44 |
Launchpad Janitor |
ubuntu-advantage-tools (Ubuntu Impish): status |
Fix Committed |
Fix Released |
|
| 2022-04-04 07:58:48 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2022-04-04 08:01:25 |
Launchpad Janitor |
ubuntu-advantage-tools (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2022-04-04 08:23:30 |
Launchpad Janitor |
ubuntu-advantage-tools (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2022-04-04 08:23:55 |
Launchpad Janitor |
ubuntu-advantage-tools (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
