| 2021-02-12 19:27:04 |
Lucas Albuquerque Medeiros de Moura |
bug |
|
|
added bug |
| 2021-02-12 19:27:19 |
Lucas Albuquerque Medeiros de Moura |
nominated for series |
|
Ubuntu Xenial |
|
| 2021-02-12 19:27:19 |
Lucas Albuquerque Medeiros de Moura |
bug task added |
|
unattended-upgrades (Ubuntu Xenial) |
|
| 2021-02-24 19:56:55 |
Bryce Harrington |
unattended-upgrades (Ubuntu Xenial): status |
New |
Triaged |
|
| 2021-02-24 19:56:58 |
Bryce Harrington |
unattended-upgrades (Ubuntu Xenial): importance |
Undecided |
High |
|
| 2021-02-24 19:57:15 |
Bryce Harrington |
unattended-upgrades (Ubuntu Xenial): assignee |
|
Lucas Albuquerque Medeiros de Moura (lamoura) |
|
| 2021-02-25 13:50:04 |
Balint Reczey |
unattended-upgrades (Ubuntu): status |
New |
Fix Released |
|
| 2021-02-26 16:48:14 |
Bryce Harrington |
description |
== Begin SRU Template ==
[Impact]
When upgrading from trusty to xenial, we are prompted about config changes on 50unattended-upgrades with the following diff:
--- /etc/apt/apt.conf.d/50unattended-upgrades root.root 0644 2017-05-08 19:21:39
+++ /etc/apt/apt.conf.d/50unattended-upgrades.ucftmp root.root 0644 2020-02-17 18:03:38
@@ -1,11 +1,13 @@
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
+ "${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
// Extended Security Maintenance; doesn't necessarily exist for
// every release and this system may not have it installed, but if
// available, the policy for updates is such that unattended-upgrades
// should also install from here by default.
- "${distro_id}ESM:${distro_codename}";
+ "${distro_id}ESMApps:${distro_codename}-apps-security";
+ "${distro_id}ESM:${distro_codename}-infra-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
The reason we are presented with this diff is that the xenial package does not contain a md5sum history file that informs ucf about all the supported configs for 50unattended-upgrades. To fix that upgrade problem, we are prosing the following changes on the xenial package of unattended-upgrades:
- Add 50unattended-upgrades.md5sum file into the xenial package
- Add md5sum of the current xenial 50unattende-upgrades file into the md5sum history file
- Modify ucf command in postinst to be aware of the md5sum history file
See the changelog entry below for a full list of changes and bugs.
[Test Case]
We have performed a manual test with a modified version of the xenial package:
https://launchpad.net/~lamoura/+archive/ubuntu/unattended-upgrades-ppa
Using that package, we were able to verify that the config change prompt no longer happens from trusty to xenial.
[Regression Potential]
Since we are modifying are features on unattended-upgrades, just adding a new file to package, we don't believe there is any regression potential
[Discussion]
== End SRU Template ==
== Changelog ==
* data: add md5sum history file on the data folder
- This file contains md5sum of several supported 50unattended-upgrades
config files
* data: add xenial md5sum of 50unattented-upgrades into md5sum file
* debian/postint: make ucf command reference the md5sum history file |
[Impact]
During an upgrade from trusty to xenial, users will be prompted to make a decision regarding the diff on unattended-upgrades. This is not a good user experience, specially because the user can make an uninformed decision of keeping the old config file, which will make unattended-upgrades to not work as we expect.
[Test case]
To reproduce the issue, you can:
1. Launch a trusty vm
2. Perform a do-release-upgrade and observe that you will be prompted with the 50unattended-upgrades change
To verify that the error is fixed:
1. Launch a trusty vm
2. Import this ppa into the system:
https://launchpad.net/~lamoura/+archive/ubuntu/unattended-upgrades-ppa
3. Configure do-release-upgrade to allow using third parties during upgrade
4. Run a do-release-upgrade
5. Verify the prompt is no longer there and that we end up with the
expected 50unattended-upgrades config file
[Where problems could occur]
The changes in this package should only surface during an upgrade operation. With this change, we are now delivering a new file to the system and configuring postinst to use it. Because of that, we believe this is the only scenario that could be affected in case of a regression is discovered in the package.
[Discussion]
When upgrading from trusty to xenial, we are prompted about config changes on 50unattended-upgrades with the following diff:
--- /etc/apt/apt.conf.d/50unattended-upgrades root.root 0644 2017-05-08 19:21:39
+++ /etc/apt/apt.conf.d/50unattended-upgrades.ucftmp root.root 0644 2020-02-17 18:03:38
@@ -1,11 +1,13 @@
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
+ "${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
// Extended Security Maintenance; doesn't necessarily exist for
// every release and this system may not have it installed, but if
// available, the policy for updates is such that unattended-upgrades
// should also install from here by default.
- "${distro_id}ESM:${distro_codename}";
+ "${distro_id}ESMApps:${distro_codename}-apps-security";
+ "${distro_id}ESM:${distro_codename}-infra-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
The reason we are presented with this diff is that the xenial package does not contain a md5sum history file that informs ucf about all the supported configs for 50unattended-upgrades. To fix that upgrade problem, we are prosing the following changes on the xenial package of unattended-upgrades:
- Add 50unattended-upgrades.md5sum file into the xenial package
- Add md5sum of the current xenial 50unattende-upgrades file into the md5sum history file
- Modify ucf command in postinst to be aware of the md5sum history file
See the changelog entry below for a full list of changes and bugs.
We have performed a manual test with a modified version of the xenial package:
https://launchpad.net/~lamoura/+archive/ubuntu/unattended-upgrades-ppa
Using that package, we were able to verify that the config change prompt no longer happens from trusty to xenial.
Since we are modifying are features on unattended-upgrades, just adding a new file to package, we don't believe there is any regression potential
== Changelog ==
* data: add md5sum history file on the data folder
- This file contains md5sum of several supported 50unattended-upgrades
config files
* data: add xenial md5sum of 50unattented-upgrades into md5sum file
* debian/postint: make ucf command reference the md5sum history file |
|
| 2021-03-03 17:26:52 |
Robie Basak |
summary |
sru unattended-upgrades ( 1.1ubuntu1.18.04.7~16.04.6 update to 1.1ubuntu1.18.04.7~16.04.7 ) Xenial |
Users are prompted by ucf on upgrade from Trusty to Xenial |
|
| 2021-03-03 19:32:10 |
Robie Basak |
bug |
|
|
added subscriber Robie Basak |
| 2021-03-05 13:31:45 |
Robie Basak |
unattended-upgrades (Ubuntu Xenial): status |
Triaged |
Fix Committed |
|
| 2021-03-05 13:31:46 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2021-03-05 13:31:49 |
Robie Basak |
bug |
|
|
added subscriber SRU Verification |
| 2021-03-05 13:31:51 |
Robie Basak |
tags |
|
verification-needed verification-needed-xenial |
|
| 2021-03-22 14:57:30 |
Lucas Albuquerque Medeiros de Moura |
tags |
verification-needed verification-needed-xenial |
verification-done-xenial verification-needed |
|
| 2021-03-24 02:13:22 |
Chad Smith |
tags |
verification-done-xenial verification-needed |
verification-done verification-done-xenial |
|
| 2021-03-25 10:39:33 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2021-03-25 10:49:35 |
Launchpad Janitor |
unattended-upgrades (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
