ubuntu: ucf tracking of valid known md5sums should be limited to only those md5sums that affect a given distro release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unattended-upgrades (Ubuntu) |
New
|
Low
|
Unassigned | ||
Bionic |
New
|
Low
|
Unassigned | ||
Focal |
New
|
Low
|
Unassigned | ||
Groovy |
Won't Fix
|
Low
|
Unassigned | ||
Hirsute |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Currently the project tracks all valid md5sums of permutations of 50unattended-
50unattended-
50unattended-
50unattended-
50unattended-
Ultimately ucf for a given packaging release should only track the applicable md5sums which are expected to be seen on that particular distribution and release.
For example:
On Ubuntu Bionic: valid md5sums should be limited to the md5sum of the most recent Ubuntu Xenial 50unattended-
Changed in unattended-upgrades (Ubuntu Bionic): | |
importance: | Undecided → Low |
Changed in unattended-upgrades (Ubuntu Hirsute): | |
importance: | Undecided → Low |
Changed in unattended-upgrades (Ubuntu Groovy): | |
importance: | Undecided → Low |
Changed in unattended-upgrades (Ubuntu Focal): | |
importance: | Undecided → Low |
It is highly unlikely that the configuration file on one distro is replaced with one that was shipped on a different one. It may be a bit more likely that a config file is overwritten by a variant from a previous release, but I think this is still unlikely and I believe trimming the md5sum list is not a general practice for UCF managed configuration files.
As an example openssh-server ships the historical list, too: openssh/ sshd_config. md5sum sshd_config up to and including 09d4833dc88df74 0f 10a98a051273de2 2c cabe7f8e8da7343 71 aca05ec5eea6383 d7 f2e538314e17768 7b 8f6d624ae506958 ae 848f0eec457d3e0 50 f17c2cb54aa634f bd
$ cat /usr/share/
# Historical md5sums of the default /etc/ssh/
# 1:7.3p1-5.
0d06fc337cee106
10dc68360f66589
11f9e107b4d13bb
16c827adcff44ef
2eeff28468576c3
386c8b9079625b7
38fc7b31b3e3078
395c5e13801f9b4
...