Please add ${distro_id}ESM:${distro_codename}-infra-security and ${distro_id}ESMApps:${distro_codename}-apps-security to allowed origins (on Ubuntu)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unattended-upgrades (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Won't Fix
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
* Changes to the ESM repo naming and the introduction of the new esm-infra and esm-apps suites require an update to unattended-upgrades to ensure the security pockets are used.
* This change will ensure users are actually receiving updates, where as today they will not without making manual changes.
[Test Case]
* 1) Bionic and Xenial ESM-Apps/ESM-infra with Ubuntu Pro
* 2) Trusty ESM
[Regression Potential]
* This change is ensuring users actually receive security updates when using ESM. Therefore, 1) users of ESM-apps on Ubuntu Pro and 2) ESM-infra on Trusty will be the only users affected.
* The possible issue would be if/when users receive actual security updates that then regress or cause issues to the system.
[Other Info]
Previous description:
ESM <distro>
Currently /etc/apt/
Unattended-
}
Given that there have been ESM apt pocket renames over the last few months, the above ESM allowed-origin should not apply anymore and can be dropped or replaced.
See RT #C122697 and #C121067 for the pocket/suite renames related to ESM
What is needed after the ESM apt pocket/suite renames:
Support for unattended upgrades for ESM for Infrastructure customers:
Unattended-
// Extended Security Maintenance; doesn't necessarily exist for
// every release and this system may not have it installed, but if
// available, the policy for updates is such that unattended-upgrades
// should also install from here by default.
"${distro_
"${distro_
};
=== Confirmed proper origin on an attached Trusty instance with ESM-infra enabled:
500 https:/
release v=14.04,
=== Confirmed proper origins on Bionic for enabled ESM-infra and ESM-apps on an AWS Ubuntu PRO instance:
500 https:/
release v=18.04,
500 https:/
release v=18.04,
summary: |
Please add ${distro_id}ESM:${distro_codename}-infra-security and - t${distro_id}ESM:${distro_codename}-apps-securityo allowed origins (on + ${distro_id}ESM:${distro_codename}-apps-security to allowed origins (on Ubuntu) |
description: | updated |
description: | updated |
summary: |
Please add ${distro_id}ESM:${distro_codename}-infra-security and - ${distro_id}ESM:${distro_codename}-apps-security to allowed origins (on - Ubuntu) + ${distro_id}ESMApps:${distro_codename}-apps-security to allowed origins + (on Ubuntu) |
Changed in unattended-upgrades (Ubuntu): | |
status: | Incomplete → New |
description: | updated |
tags: | added: id-5e2af6c2292b6f85495764a9 |
tags: |
added: verification-needed-eoan removed: verification-failed-eoan |
tags: |
added: verification-done-xenial removed: verification-dibe-xenial |
Changed in unattended-upgrades (Ubuntu Trusty): | |
status: | New → Won't Fix |
https:/ /github. com/mvo5/ unattended- upgrades/ pull/243