[Bug 1687129] Re: Needs to allow updates from the ESM archive

Steve Langasek steve.langasek at canonical.com
Fri May 12 00:59:27 UTC 2017 

Yakkety output, before:

$ sudo unattended-upgrades --debug --dry-run
Initial blacklisted packages: 
Initial whitelisted packages: 
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,a=yakkety', 'o=Ubuntu,a=yakkety-security']
adjusting candidate version: 'unattended-upgrades=0.92ubuntu1'
pkgs that look like they should be upgraded: 
Fetched 0 B in 0s (0 B/s)                                                      
fetch.run() result: 0
blacklist: []
whitelist: []
No packages found that can be upgraded unattended and no pending auto-removals
$

after:

$ sudo unattended-upgrades --debug --dry-run
Initial blacklisted packages: 
Initial whitelisted packages: 
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,a=yakkety', 'o=Ubuntu,a=yakkety-security', 'o=UbuntuESM,a=yakkety']
adjusting candidate version: 'binutils=2.27-8ubuntu2'
adjusting candidate version: 'binutils-arm-linux-gnueabihf=2.27-8ubuntu2'
adjusting candidate version: 'iproute2=4.3.0-1ubuntu3'
adjusting candidate version: 'less=481-2.1ubuntu1'
adjusting candidate version: 'libssl1.0.0=1.0.2g-1ubuntu9'
adjusting candidate version: 'linux-libc-dev=4.8.0-22.24'
adjusting candidate version: 'openssl=1.0.2g-1ubuntu9'
adjusting candidate version: 'sudo=1.8.16-0ubuntu3'
Checking: unattended-upgrades ([<Origin component:'main' archive:'yakkety' origin:'UbuntuESM' label:'UbuntuESM' site:'esm.ubuntu.com' isTrusted:True>])
pkgs that look like they should be upgraded: unattended-upgrades
Err https://esm.ubuntu.com/ubuntu precise/main amd64 unattended-upgrades all 0.92ubuntu1.6
  404  Not Found                                                               
Fetched 0 B in 0s (0 B/s)                                                      
fetch.run() result: 0
<apt_pkg.AcquireItem object:Status: 3 Complete: 0 Local: 0 IsTrusted: 1 FileSize: 34112 DestFile:'/var/cache/apt/archives/partial/unattended-upgrades_0.92ubuntu1.6_all.deb' DescURI: 'https://ubuntu-esm-testing:saiZ0oopieTah6ai@esm.ubuntu.com/ubuntu/pool/main/u/unattended-upgrades/unattended-upgrades_0.92ubuntu1.6_all.deb' ID:0 ErrorText: '404  Not Found'>
An error occurred: '404  Not Found'
An error occurred: '404  Not Found'
The URI 'https://ubuntu-esm-testing:saiZ0oopieTah6ai@esm.ubuntu.com/ubuntu/pool/main/u/unattended-upgrades/unattended-upgrades_0.92ubuntu1.6_all.deb' failed to download, aborting
The URI 'https://ubuntu-esm-testing:saiZ0oopieTah6ai@esm.ubuntu.com/ubuntu/pool/main/u/unattended-upgrades/unattended-upgrades_0.92ubuntu1.6_all.deb' failed to download, aborting
$

** Tags added: verification-done-yakkety

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/1687129

Title:
  Needs to allow updates from the ESM archive

Status in unattended-upgrades package in Ubuntu:
  Confirmed
Status in unattended-upgrades source package in Precise:
  Fix Released
Status in unattended-upgrades source package in Trusty:
  Fix Committed
Status in unattended-upgrades source package in Xenial:
  Fix Committed
Status in unattended-upgrades source package in Yakkety:
  Fix Committed
Status in unattended-upgrades source package in Zesty:
  Fix Committed

Bug description:
  [SRU Justification]
  When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match.

  [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43

  Since the ESM archive contains packages updated by the Ubuntu Security
  team, we should ensure the behavior of unattended-upgrades applies the
  same default policy to both.

  [Test case]
  1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades ca-certificates'
  2. run 'sudo ubuntu-advantage enable-esm <creds>' with your private creds to enable the ESM archive
  3. run 'sudo apt-get update'
  4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number
  5. run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease'
  6. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed.
  7. install unattended-upgrades from -proposed.
  8. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number
  9. again run 'sudo sed -i -e"s/precise/$(lsb_release -c | cut -f2)/" /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_InRelease'
  10. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package.

  [Regression potential]
  Worst-case scenario is a bug that prevents future security updates from being applied correctly.  This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions

More information about the foundations-bugs mailing list