standard security upgrade counts should not include ESM packages
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
update-notifier (Ubuntu) |
Fix Released
|
High
|
Chad Smith | ||
Xenial |
Fix Released
|
High
|
Lucas Albuquerque Medeiros de Moura | ||
Bionic |
Fix Released
|
High
|
Lucas Albuquerque Medeiros de Moura | ||
Focal |
Fix Released
|
High
|
Lucas Albuquerque Medeiros de Moura | ||
Groovy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hirsute |
Fix Released
|
High
|
Chad Smith | ||
Impish |
Fix Released
|
High
|
Chad Smith |
Bug Description
[Impact]
When users are looking at MOTD messages, they might find the text confusing, since we don't explicitly say that the security updates count are taking into consideration both standard security pockets and ESM pockets.
[Test Case]
1. Launch the a xenial container
2. Add the ubuntu-
https:/
3. Install ubuntu-
4. Attach to ua subscription
5. Comment out all mentions of xenial-
6. Run apt update
7. Install libkrad0:
apt install libkrad0=
8. Run /usr/lib/
9. See a message like this:
UA Infra: Extended Security Maintenance (ESM) is not enabled. Install the latest version of uaclient from the stable ppa:
https:/
UA Infra: Extended Security Maintenance (ESM) is enabled.
3 packages can be updated.
1 of these updates is fixed through UA Infra: ESM.
1 of these updates is a security update.
To see these additional updates run: apt list --upgradable
To verify that the error is fixed:
1.Perform all the stages above until step 7
2. Bring back xenial-security on source.list (we need because of the python3-distro-info dependency of update-
3 Install the new update-notifier from this ppa:
https:/
4. Remove xenial-security from source.list again
5. Run /usr/lib/
UA Infra: Extended Security Maintenance (ESM) is enabled.
4 updates can be installed immediately.
1 of these updates are UA Infra: ESM security updates.
To see these additional updates run: apt list --upgradable
That is now correct.
[Where problems could occur]
The changes in this package should only be seen when MOTD is getting a new message. If that script fails for some reason, it seems that MOTD will only not present the message, which is doesn't seem to be a system critical issue. Additionally, we would potentially have tracebacks in the update-notifier logs. Finally, if the logic is also incorrect, we would be displaying incorrect standard security messages to the user.
[Discussion]
Currently, we treat the upgrades coming from standard security pocket and ESM service with the same packaging count. This could be confusing, since we don't point that out in the current message that we have:
5 updates can be installed immediately.
5 of these updates are provide through UA Infrastructure ESM
5 of these updates are security updates
We believe this will be better if the message stated:
5 updates can be installed immediately.
5 of these updates are provide through UA Infrastructure ESM
And if we had a situation like that:
10 updates can be installed immediately.
5 of these updates are provide through UA Infrastructure ESM
8 of these updates are security updates
We would change it to:
10 updates can be installed immediately.
5 of these updates are provide through UA Infrastructure ESM
3 of these updates are standard security updates
Related branches
- git-ubuntu import: Pending requested
-
Diff: 29251 lines (+12561/-0) (has conflicts)173 files modified.bzr-builddeb/default.conf (+5/-0)
.bzrignore (+31/-0)
autogen.sh (+17/-0)
config.h.in (+3/-0)
configure.ac (+11/-0)
data/Makefile.am (+11/-0)
data/apt_check.py (+46/-0)
data/backend_helper.py (+6/-0)
data/com.ubuntu.update-notifier.gschema.xml.in (+4/-0)
data/notify-reboot-required (+3/-0)
data/package-data-downloader (+6/-0)
data/update-motd-fsck-at-reboot (+7/-0)
data/update-motd-hwe-eol (+14/-0)
data/update-motd-updates-available (+3/-0)
debian/90-updates-available (+3/-0)
debian/95-hwe-eol (+3/-0)
debian/changelog (+128/-0)
debian/compat (+4/-0)
debian/control (+28/-0)
debian/rules (+7/-0)
debian/systemd/unicast-local-avahi.override (+1/-0)
debian/systemd/unicast-local-avahi.path (+6/-0)
debian/systemd/unicast-local-avahi.service (+6/-0)
debian/systemd/update-notifier-crash.path (+3/-0)
debian/systemd/update-notifier-crash.service (+6/-0)
debian/tests/control (+4/-0)
debian/unicast-local-avahi.conf (+14/-0)
debian/update-notifier-common.cron.daily (+8/-0)
debian/update-notifier-common.cron.weekly (+15/-0)
debian/update-notifier-common.install (+6/-0)
debian/update-notifier-common.postinst (+7/-0)
debian/update-notifier-common.postrm (+8/-0)
debian/update-notifier-common.preinst (+8/-0)
debian/update-notifier-common.triggers (+4/-0)
debian/update-notifier-crash (+3/-0)
debian/update-notifier.install (+21/-0)
debian/update-notifier.links (+4/-0)
pixmaps/scalable/livepatch-on.svg (+1/-0)
pixmaps/scalable/livepatch-warning.svg (+1/-0)
po/POTFILES.in (+10/-0)
po/ace.po (+93/-0)
po/af.po (+103/-0)
po/am.po (+97/-0)
po/an.po (+100/-0)
po/ar.po (+106/-0)
po/ast.po (+102/-0)
po/az.po (+96/-0)
po/be.po (+103/-0)
po/bem.po (+93/-0)
po/bg.po (+102/-0)
po/bn.po (+102/-0)
po/bo.po (+93/-0)
po/br.po (+102/-0)
po/bs.po (+103/-0)
po/ca.po (+103/-0)
po/ca@valencia.po (+103/-0)
po/ckb.po (+96/-0)
po/crh.po (+103/-0)
po/cs.po (+103/-0)
po/csb.po (+104/-0)
po/cv.po (+93/-0)
po/cy.po (+105/-0)
po/da.po (+103/-0)
po/de.po (+103/-0)
po/de_DE.po (+93/-0)
po/dv.po (+93/-0)
po/el.po (+102/-0)
po/en.po (+93/-0)
po/en_AU.po (+103/-0)
po/en_CA.po (+103/-0)
po/en_GB.po (+103/-0)
po/eo.po (+102/-0)
po/es.po (+102/-0)
po/et.po (+102/-0)
po/eu.po (+103/-0)
po/fa.po (+101/-0)
po/fa_AF.po (+93/-0)
po/fi.po (+103/-0)
po/fil.po (+97/-0)
po/fo.po (+102/-0)
po/fr.po (+103/-0)
po/fr_CA.po (+93/-0)
po/fur.po (+98/-0)
po/fy.po (+102/-0)
po/ga.po (+98/-0)
po/gd.po (+105/-0)
po/gl.po (+103/-0)
po/gu.po (+97/-0)
po/he.po (+102/-0)
po/hi.po (+102/-0)
po/hr.po (+104/-0)
po/hu.po (+103/-0)
po/hy.po (+93/-0)
po/id.po (+102/-0)
po/is.po (+102/-0)
po/it.po (+103/-0)
po/ja.po (+101/-0)
po/jv.po (+93/-0)
po/ka.po (+101/-0)
po/kk.po (+101/-0)
po/km.po (+101/-0)
po/kn.po (+93/-0)
po/ko.po (+101/-0)
po/ku.po (+100/-0)
po/ky.po (+93/-0)
po/lo.po (+93/-0)
po/lt.po (+103/-0)
po/lv.po (+103/-0)
po/mhr.po (+93/-0)
po/mi.po (+93/-0)
po/mk.po (+99/-0)
po/ml.po (+97/-0)
po/mn.po (+102/-0)
po/mr.po (+97/-0)
po/ms.po (+103/-0)
po/mt.po (+93/-0)
po/my.po (+96/-0)
po/nb.po (+103/-0)
po/nds.po (+102/-0)
po/ne.po (+97/-0)
po/nl.po (+103/-0)
po/nn.po (+103/-0)
po/oc.po (+103/-0)
po/pa.po (+100/-0)
po/pl.po (+104/-0)
po/ps.po (+93/-0)
po/pt.po (+103/-0)
po/pt_BR.po (+103/-0)
po/pt_PT.po (+93/-0)
po/qu.po (+93/-0)
po/ro.po (+104/-0)
po/ru.po (+103/-0)
po/sco.po (+93/-0)
po/sd.po (+93/-0)
po/se.po (+93/-0)
po/shn.po (+93/-0)
po/si.po (+100/-0)
po/sk.po (+103/-0)
po/sl.po (+105/-0)
po/sq.po (+103/-0)
po/sr.po (+103/-0)
po/st.po (+93/-0)
po/sv.po (+103/-0)
po/ta.po (+97/-0)
po/te.po (+102/-0)
po/tg.po (+103/-0)
po/th.po (+101/-0)
po/tl.po (+99/-0)
po/tr.po (+102/-0)
po/ug.po (+101/-0)
po/uk.po (+103/-0)
po/ur.po (+93/-0)
po/uz.po (+99/-0)
po/vi.po (+101/-0)
po/xh.po (+93/-0)
po/zh_CN.po (+101/-0)
po/zh_HK.po (+101/-0)
po/zh_TW.po (+101/-0)
src/Makefile.am (+23/-0)
src/avahi.c (+47/-0)
src/avahi.h (+3/-0)
src/crash.c (+13/-0)
src/hooks.c (+6/-0)
src/livepatch-tray.c (+16/-0)
src/livepatch-utils.c (+4/-0)
src/livepatch-utils.h (+9/-0)
src/system-crash.c (+8/-0)
src/update-notifier.c (+43/-0)
src/update-notifier.h (+16/-0)
src/update.c (+8/-0)
tests/pyflakes.exclude (+4/-0)
tests/test_motd.py (+88/-0)
tests/test_pep8.py (+39/-0)
- Bryce Harrington (community): Approve
-
Diff: 885 lines (+521/-143)4 files modifieddata/apt_check.py (+186/-83)
debian/changelog (+17/-0)
debian/control (+2/-0)
tests/test_motd.py (+316/-60)
- Bryce Harrington (community): Approve
- Lucas Albuquerque Medeiros de Moura: Pending requested
- Brian Murray: Pending requested
-
Diff: 885 lines (+521/-143)4 files modifieddata/apt_check.py (+186/-83)
debian/changelog (+17/-0)
debian/control (+2/-0)
tests/test_motd.py (+316/-60)
- Bryce Harrington (community): Approve
-
Diff: 910 lines (+535/-147)5 files modifieddata/apt_check.py (+195/-83)
data/backend_helper.py (+1/-0)
debian/changelog (+17/-0)
debian/control (+2/-0)
tests/test_motd.py (+320/-64)
- Bryce Harrington (community): Approve
-
Diff: 897 lines (+533/-146)4 files modifieddata/apt_check.py (+195/-81)
debian/changelog (+15/-0)
debian/control (+2/-0)
tests/test_motd.py (+321/-65)
- Bryce Harrington (community): Approve
-
Diff: 903 lines (+533/-149)4 files modifieddata/apt_check.py (+195/-82)
debian/changelog (+15/-0)
debian/control (+2/-0)
tests/test_motd.py (+321/-67)
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in update-notifier (Ubuntu Xenial): | |
status: | New → In Progress |
Changed in update-notifier (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in update-notifier (Ubuntu Focal): | |
status: | New → In Progress |
Changed in update-notifier (Ubuntu Hirsute): | |
status: | New → In Progress |
Changed in update-notifier (Ubuntu Impish): | |
status: | New → In Progress |
importance: | Undecided → High |
Changed in update-notifier (Ubuntu Hirsute): | |
importance: | Undecided → High |
Changed in update-notifier (Ubuntu Focal): | |
importance: | Undecided → High |
Changed in update-notifier (Ubuntu Bionic): | |
importance: | Undecided → High |
Changed in update-notifier (Ubuntu Xenial): | |
importance: | Undecided → High |
assignee: | nobody → Lucas Albuquerque Medeiros de Moura (lamoura) |
Changed in update-notifier (Ubuntu Bionic): | |
assignee: | nobody → Lucas Albuquerque Medeiros de Moura (lamoura) |
Changed in update-notifier (Ubuntu Focal): | |
assignee: | nobody → Lucas Albuquerque Medeiros de Moura (lamoura) |
Changed in update-notifier (Ubuntu Hirsute): | |
assignee: | nobody → Chad Smith (chad.smith) |
Changed in update-notifier (Ubuntu Impish): | |
assignee: | nobody → Chad Smith (chad.smith) |
description: | updated |
Hello Lucas, or anyone else affected,
Accepted update-notifier into hirsute-proposed. The package will build now and be available at https:/ /launchpad. net/ubuntu/ +source/ update- notifier/ 3.192.40. 1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification- needed- hirsute to verification- done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed- hirsute. In either case, without details of your testing we will not be able to proceed.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance for helping!
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.