Ubuntu
pollinate package

[SRU] add pollinate to precise, update all

  1. Xenial (16.04)
  2. Bug #1593625
Bug #1593625 reported by Dustin Kirkland 
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pollinate (Ubuntu)
Fix Released
Medium
Dustin Kirkland 
Precise
Fix Released
Medium
Dustin Kirkland 
Trusty
Fix Released
Medium
Dustin Kirkland 
Xenial
Fix Released
Medium
Dustin Kirkland 

Bug Description

Please backport/SRU pollinate to 12.04 LTS, and update pollinate in 14.04 LTS and 16.04 LTS.

[Impact]
Pollinate doesn't exist in 12.04 LTS, but should. It has been steady and solid throughout the 14.04 and 16.04 releases of Ubuntu, improving the PRNG keys in cloud instances. And there are still plenty of Precise cloud instances out there. This upload also fixes a couple of bugs (which are already well validated on 16.04) in terms of when the systemd job runs, not running in containers, logging the correct PID, and timing out correctly.

[Test Case]
Pollinate can be tested on an existing system by specifying the -r|--reseed option. 'sudo pollinate -r' should exit 0 and appropriate, successful log messages should be displayed. You can also test the boot time run by removing the seeded flag with 'sudo rm -f /var/cache/pollinate/seeded', rebooting, and then 'grep pollinate /var/log/syslog'.

[Regression Potential]
Regression potential should be low, as entropy seeding is opportunistic. Boot should never hang or block. At most, it should add a second or two to boot, and it should fail gracefully, logging to syslog, and retrying again at each reboot.

See original description
Dustin Kirkland  (kirkland)
Changed in pollinate (Ubuntu):
assignee: nobody → Dustin Kirkland  (kirkland)
importance: Undecided → Medium
status: New → In Progress
Dustin Kirkland  (kirkland)
summary: - [SRU] add pollinate to precise
+ [SRU] add pollinate to precise, update all
Changed in pollinate (Ubuntu Precise):
status: New → In Progress
Changed in pollinate (Ubuntu Trusty):
status: New → In Progress
Changed in pollinate (Ubuntu Vivid):
status: New → In Progress
Changed in pollinate (Ubuntu Wily):
status: New → In Progress
Changed in pollinate (Ubuntu Xenial):
status: New → In Progress
Changed in pollinate (Ubuntu Precise):
importance: Undecided → Medium
Changed in pollinate (Ubuntu Trusty):
importance: Undecided → Medium
Changed in pollinate (Ubuntu Vivid):
importance: Undecided → Medium
Changed in pollinate (Ubuntu Wily):
importance: Undecided → Medium
Changed in pollinate (Ubuntu Xenial):
importance: Undecided → Medium
Changed in pollinate (Ubuntu Precise):
assignee: nobody → Dustin Kirkland  (kirkland)
Changed in pollinate (Ubuntu Trusty):
assignee: nobody → Dustin Kirkland  (kirkland)
Changed in pollinate (Ubuntu Vivid):
assignee: nobody → Dustin Kirkland  (kirkland)
Changed in pollinate (Ubuntu Wily):
assignee: nobody → Dustin Kirkland  (kirkland)
Changed in pollinate (Ubuntu Xenial):
assignee: nobody → Dustin Kirkland  (kirkland)
Dustin Kirkland  (kirkland)
no longer affects: pollinate (Ubuntu Vivid)
no longer affects: pollinate (Ubuntu Wily)
Dustin Kirkland  (kirkland)
description: updated
Dustin Kirkland  (kirkland)
Changed in pollinate (Ubuntu Precise):
status: In Progress → Fix Committed
Changed in pollinate (Ubuntu Trusty):
status: In Progress → Fix Committed
Changed in pollinate (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in pollinate (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Dustin Kirkland  (kirkland) wrote :
Download full text (8.0 KiB)

Verification in instances in AWS look good!

== Xenial ==
ubuntu@ip-172-30-0-32:~⟫ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial
ubuntu@ip-172-30-0-32:~⟫ dpkg -l pollinate
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-===========================================================-==================================-==================================-============================================================================================================================
ii pollinate 4.21-0ubuntu1~16.04 all seed the pseudo random number generator
ubuntu@ip-172-30-0-32:~⟫ pollinate
<13>Jul 29 18:21:31 pollinate[9529]: ERROR: should execute as the [pollinate] user
1 ubuntu@ip-172-30-0-32:~⟫ sudo pollinate
sudo: unable to resolve host ip-172-30-0-32
<13>Jul 29 18:21:37 pollinate[9635]: system was previously seeded at [2016-07-29 18:10:33.500000000 +0000]
<13>Jul 29 18:21:37 pollinate[9635]: To re-seed this system again, use the -r|--reseed option
ubuntu@ip-172-30-0-32:~⟫ sudo pollinate -r
sudo: unable to resolve host ip-172-30-0-32
<13>Jul 29 18:21:42 pollinate[9725]: system was previously seeded at [2016-07-29 18:10:33.500000000 +0000]
<13>Jul 29 18:21:42 pollinate[9725]: client sent challenge to [https://entropy.ubuntu.com/]
<13>Jul 29 18:21:43 pollinate[9725]: client verified challenge/response with [https://entropy.ubuntu.com/]
<13>Jul 29 18:21:43 pollinate[9725]: client hashed response from [https://entropy.ubuntu.com/]
<13>Jul 29 18:21:43 pollinate[9725]: client successfully seeded [/dev/urandom]
ubuntu@ip-172-30-0-32:~⟫ sudo rm -f /var/cache/pollinate/*
sudo: unable to resolve host ip-172-30-0-32
ubuntu@ip-172-30-0-32:~⟫ sudo reboot
...
ubuntu@ip-172-30-0-32:~⟫ ls -l /var/cache/pollinate/seeded
-rw-r--r-- 1 pollinate daemon 0 Jul 29 18:27 /var/cache/pollinate/seeded
ubuntu@ip-172-30-0-32:~⟫ grep pollinate /var/log/syslog
Jul 29 18:27:00 ip-172-30-0-32 pollinate[2606]: client sent challenge to [https://entropy.ubuntu.com/]
Jul 29 18:27:00 ip-172-30-0-32 pollinate[2606]: <13>Jul 29 18:26:59 pollinate[2606]: client sent challenge to [https://entropy.ubuntu.com/]
Jul 29 18:27:01 ip-172-30-0-32 pollinate[2606]: client verified challenge/response with [https://entropy.ubuntu.com/]
Jul 29 18:27:01 ip-172-30-0-32 pollinate[2606]: <13>Jul 29 18:27:01 pollinate[2606]: client verified challenge/response with [https://entropy.ubuntu.com/]
Jul 29 18:27:01 ip-172-30-0-32 pollinate[2606]: client hashed response from [https://entropy.ubuntu.com/]
Jul 29 18:27:01 ip-172-30-0-32 pollinate[2606]: <13>Jul 29 18:27:01 pollinate[2606]: client hashed response from [https://entropy.ubuntu.com/]
Jul 29 18:27:01 ip-172-30-0-32 pollinate[2606]: client successfully seeded [/dev/urandom]
Jul 29 ...

Read more...

tags: added: verification-done
Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Ran a bunch of tests on all three (precise, trusty, xenial) and it all looks great!

Revision history for this message
Nish Aravamudan (nacc) wrote :

Hey Dustin, just FYI, this looks to have landed in trusty & xenial, but is still in precise-proposed, according to rmadison.

Changed in pollinate (Ubuntu Trusty):
status: Fix Committed → Fix Released
Changed in pollinate (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Dustin Kirkland  (kirkland) wrote :

@Nish, can you track down an Archive Admin to get this published there? Thanks! Dustin

Revision history for this message
Brian Murray (brian-murray) wrote :

It was stuck in -proposed because it was missing a bug reference in the change log. Subsequently, it never appeared green in the following report - http://people.canonical.com/~ubuntu-archive/pending-sru.html. That report is used by the SRU team to determine which packages to add to -updates.

Revision history for this message
Mathew Hodson (mhodson) wrote :

This bug was fixed in the package pollinate - 4.23-0ubuntu1~16.04

---------------
pollinate (4.23-0ubuntu1~16.04) xenial; urgency=medium

  [ Dustin Kirkland ]
  * New upstream release (LP: #1621280):
    - pollinate:
      + revert revision r300, as this was the wrong fix to the slow
        pollinate problem; as it turns out, it was the user_agent
        function, which was running apt-cache very early in boot, before
        the apt database had been created
      + as it turns out, we need the curl timeout options in order for
        curl to work properly and be resilient against issues with the
        network coming up early in boot
    - debian/pollinate.default, pollinate
      + fix a couple of bugs affecting how long pollinate takes, and if
        it actually completes successfully
      + dpkg -l is way faster than apt-cache, when there is no apt cache
      + wait a maximum of 10 seconds
      + only log to stderr if in an interactive terminal; otherwise,
        just log to syslog
        - this fixes the odd double-printing to /var/log/syslog
      + optimize obtaining version strings by saving one pipe per call
      + source /etc/lsb/release and use $DISTRIB_DESCRIPTION, rather
        than calling lsb-release (python, can be slow)
      + add -m (max-timeout) back to curl options; removing this option
        has caused network failures in various strange ways
      + when network fails due to timeout, log accordingly
      + ignore cloud-init package not found; it's optional

 -- Nishanth Aravamudan <email address hidden> Wed, 28 Sep 2016 14:01:48 -0700

Changed in pollinate (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Mathew Hodson (mhodson) wrote :

pollinate (4.23-0ubuntu1~12.04) precise; urgency=medium

  [ Dustin Kirkland ]
  * New upstream release (LP: #1621280):
    - pollinate:
      + revert revision r300, as this was the wrong fix to the slow
        pollinate problem; as it turns out, it was the user_agent
        function, which was running apt-cache very early in boot, before
        the apt database had been created
      + as it turns out, we need the curl timeout options in order for
        curl to work properly and be resilient against issues with the
        network coming up early in boot
    - debian/pollinate.default, pollinate
      + fix a couple of bugs affecting how long pollinate takes, and if
        it actually completes successfully
      + dpkg -l is way faster than apt-cache, when there is no apt cache
      + wait a maximum of 10 seconds
      + only log to stderr if in an interactive terminal; otherwise,
        just log to syslog
        - this fixes the odd double-printing to /var/log/syslog
      + optimize obtaining version strings by saving one pipe per call
      + source /etc/lsb/release and use $DISTRIB_DESCRIPTION, rather
        than calling lsb-release (python, can be slow)
      + add -m (max-timeout) back to curl options; removing this option
        has caused network failures in various strange ways
      + when network fails due to timeout, log accordingly
      + ignore cloud-init package not found; it's optional

 -- Nishanth Aravamudan <email address hidden> Wed, 28 Sep 2016 14:13:33 -0700

Changed in pollinate (Ubuntu):
status: Fix Committed → Fix Released
affects: cloud-images → ubuntu-translations
no longer affects: ubuntu-translations
Mathew Hodson (mhodson)
tags: added: upgrade-software-version
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.