© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
[Impact]
This release sports both bug-fixes and new features and we would like to
make sure all of our supported customers have access to these
improvements. The notable ones are:
* --format=json for attach,
* --attach-config option when attaching for users to pass their token via a file and also to customize the auto-enabled services
* Support enabling FIPS and FIPS-Updates on containers
* Add more information to ua security-status and remove --beta flag
See the changelog entry below for a full list of changes and bugs.
[Test Case]
The following development and SRU process was followed:
https:/
The ubuntu-
[Regression Potential]
There is a small refactor that touches a python section of the postinst script. Any adjustment to postinst poses the risk of breaking upgrades if a mistake was made.
We are setting all newly created log files to world-readable. If we have failed to catch every scenario of redacting secrets from potentially logged strings, then some secrets could slip into the world-readable log files.
The refactor required to support json output for more commands required changing how all output is printed. A mistake during this process could result in missing output that we previously printed. Some messages were moved from stderr to stdout during this process as well. If a third party script was parsing the error messages on stderr from `ua` this update may break that.
We are moving from requiring a --beta flag for ua security-status to requiring that there is not a --beta flag for ua security-status. If a third party script is using ua security-status --beta command, then this change could break that script.
This is a big update, with several refactors touching many pieces of the codebase. It is possible that some behavior changed in subtle ways not captured by our integration tests.
[Discussion]
The reason for making the logs world readable is that we no longer have any major reason keep it readable by only sudo users. Also, this will also allow for non-root users to more easily open bugs that affect the package. We are purposefully only setting new log files to be world-readable, because it is possible that logs made prior to version 27.6 still contain secrets.
The focus on json output is to support other pieces of software than want to use `ua`, such as the upcoming Desktop settings screen to attach and enable/disable services.
[Changelog]
* d/logrotate:
- make new logs world readable
* d/tools.postinst:
- refactor to catch exception from entitlement_factory
- no longer always set log file to only root readable
- when creating log file for the first time, make world readable
* New upstream release 27.7
- attach: --attach-config option for customizing auto-enabled services
and supplying token via a file
- auto-attach: fix bug where auto-attach caused a manually attached
machine to detach
- cli:
+ support --format=json for attach
+ support --format=json for detach
+ support --format=json for enable
+ support --format=json for disable
- contract: include activity info when updating contract
- detach: no longer contacts contract server on detach
- fips: allow fips on containers
- fix: support USNs that don't have related CVEs
- logs: make all newly created logs world-readable
- security-status:
+ show already installed esm package counts
+ include APT origin for each potential update
+ bump schema version to "0.1"
+ remove previously required --beta flag
- status:
+ include blocked_by information in service status when format=json
+ --simulate-
+ --simulate-