[Bug 1645906] [ubuntu-release-upgrader/xenial] possible regression found

[Ubuntu Foundations Team Bug Bot]

As a part of the Stable Release Updates quality process a search for
Launchpad bug reports using the version of ubuntu-release-upgrader from
xenial-proposed was performed and bug 1647014 was found.  Please
investigate this bug report to ensure that a regression will not be
created by this SRU. In the event that this is not a regression remove
the "verification-failed" tag from this bug report and add the tag "bot-
stop-nagging" to bug 1647014 (not this bug). Thanks!

** Tags added: verification-failed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1645906

Title:
  new dist-upgrader tarballs necessary so they are signed with 4k key

Status in ubuntu-release-upgrader package in Ubuntu:
  New
Status in update-manager package in Ubuntu:
  Invalid
Status in update-manager source package in Precise:
  Fix Committed
Status in ubuntu-release-upgrader source package in Trusty:
  Fix Committed
Status in update-manager source package in Trusty:
  Invalid
Status in ubuntu-release-upgrader source package in Xenial:
  Fix Committed
Status in update-manager source package in Xenial:
  Invalid
Status in ubuntu-release-upgrader source package in Yakkety:
  Fix Committed
Status in update-manager source package in Yakkety:
  Invalid

Bug description:
  With the ubuntu-archive-publishing change in
  https://code.launchpad.net/~xnox/ubuntu-archive-publishing/migrate-
  dist-upgrade-to-4k/+merge/311181 the signing process for the dist-
  upgrader tarball has been changed.  This change should be tested now,
  rather than doing an ubuntu-release-upgrader change months from now
  and wondering why things aren't working (if they are broken).

  Due to the way the gpg signature is generated we can't just remove it
  and have it regenerated as the timestamp for the signature will not
  change, so the change will not propogate to the mirrors.  Hence the
  need for a mostly no change (mirrors and demotions may change) upload
  of ubuntu-release-upgrader.

  Test Case
  ---------
  1) run do-release-upgrade -p --frontend DistUpgradeViewText
  2) ensure the tarball for the next release e.g. xenial.tar.gz is downloaded and the signature verification passes

  Regression Potential
  --------------------
  It's possible the signing is wrong and the verification of the signature will fail thereby causing release upgrades to be impossible.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1645906/+subscriptions