Ubuntu
unattended-upgrades package

ubuntu: ucf tracking of valid known md5sums should be limited to only those md5sums that affect a given distro release

  1. Focal (20.04)
  2. Bug #1917677
Bug #1917677 reported by Chad Smith
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unattended-upgrades (Ubuntu)
New
Low
Unassigned
Bionic
New
Low
Unassigned
Focal
New
Low
Unassigned
Groovy
New
Low
Unassigned
Hirsute
Won't Fix
Low
Unassigned

Bug Description

Currently the project tracks all valid md5sums of permutations of 50unattended-upgrades.conf in a single md5sum file that contains every md5sum of every historic version of all unique distros:

 50unattended-upgrades.Debian
 50unattended-upgrades.Devuan
 50unattended-upgrades.Raspbian
 50unattended-upgrades.Ubuntu

Ultimately ucf for a given packaging release should only track the applicable md5sums which are expected to be seen on that particular distribution and release.

For example:
   On Ubuntu Bionic: valid md5sums should be limited to the md5sum of the most recent Ubuntu Xenial 50unattended-upgrades.conf and the md5sums of previous Ubuntu Bionic releases to allow Xenial->Bionic and Bionic->Bionic upgrades without prompt.

Balint Reczey (rbalint)
Changed in unattended-upgrades (Ubuntu Bionic):
importance: Undecided → Low
Changed in unattended-upgrades (Ubuntu Hirsute):
importance: Undecided → Low
Changed in unattended-upgrades (Ubuntu Groovy):
importance: Undecided → Low
Changed in unattended-upgrades (Ubuntu Focal):
importance: Undecided → Low
Revision history for this message
Balint Reczey (rbalint) wrote :

It is highly unlikely that the configuration file on one distro is replaced with one that was shipped on a different one. It may be a bit more likely that a config file is overwritten by a variant from a previous release, but I think this is still unlikely and I believe trimming the md5sum list is not a general practice for UCF managed configuration files.

As an example openssh-server ships the historical list, too:
$ cat /usr/share/openssh/sshd_config.md5sum
# Historical md5sums of the default /etc/ssh/sshd_config up to and including
# 1:7.3p1-5.
0d06fc337cee10609d4833dc88df740f
10dc68360f6658910a98a051273de22c
11f9e107b4d13bbcabe7f8e8da734371
16c827adcff44efaca05ec5eea6383d7
2eeff28468576c3f2e538314e177687b
386c8b9079625b78f6d624ae506958ae
38fc7b31b3e3078848f0eec457d3e050
395c5e13801f9b4f17c2cb54aa634fbd
...

Revision history for this message
Robie Basak (racb) wrote :

See also: bug 1915547

> It is highly unlikely that the configuration file on one distro is replaced with one that was shipped on a different one.

I think it's more likely than you say in cases that a configuration shipped is primarily a set of boolean values and enumerations of a limited set of strings, and the difference in distributions is mostly in choices of those values. The extreme example would be a configuration file that ships just one boolean setting. I think this unattended-upgrades case is closer to that extreme example than it is to openssh's sshd_config.

Revision history for this message
Brian Murray (brian-murray) wrote :

The Hirsute Hippo has reached End of Life, so this bug will not be fixed for that release.

Changed in unattended-upgrades (Ubuntu Hirsute):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.