[Bug 1878694] [NEW] ubuntu-security-status checks esm-infra for ESM Apps
David Coronel
david.coronel at canonical.com
Thu May 14 21:02:24 UTC 2020
Public bug reported:
It looks like ubuntu-security-status assumes that ESM Apps is enabled
when only ESM Infra is enabled.
There is no problem with ESM Apps and ubuntu-security-status. It's just
that it looks like ESM Infra gives a false positive about receiving the
updates.
Reproducer with an Ubuntu 18.04 Pro instance on AWS:
ubuntu at ip-172-31-11-12:~$ ua status
SERVICE ENTITLED STATUS DESCRIPTION
cc-eal yes n/a Common Criteria EAL2 Provisioning Packages
cis-audit no — Center for Internet Security Audit Tools
esm-apps yes enabled UA Apps: Extended Security Maintenance
esm-infra yes enabled UA Infra: Extended Security Maintenance
fips yes disabled NIST-certified FIPS modules
fips-updates yes disabled Uncertified security updates to FIPS modules
livepatch yes enabled Canonical Livepatch service
[...]
ubuntu at ip-172-31-11-12:~$ sudo apt update
ubuntu at ip-172-31-11-12:~$ sudo apt install ansible
ubuntu at ip-172-31-11-12:~$ wget https://bit.ly/3cDGwLe -qO ubuntu-
security-status
ubuntu at ip-172-31-11-12:~$ python3 ubuntu-security-status
535 packages installed on Ubuntu 18.04 LTS, of which:
529 receive package updates with LTS until 4/2023
5 are receiving security updates with ESM Apps until 4/2028
1 package is no longer available for download
[...]
ubuntu at ip-172-31-11-12:~$ sudo ua disable esm-apps
Updating package lists
ubuntu at ip-172-31-11-12:~$ python3 ubuntu-security-status
535 packages installed on Ubuntu 18.04 LTS, of which:
529 receive package updates with LTS until 4/2023
5 are receiving security updates with ESM Apps until 4/2028
1 package is no longer available for download
[...]
ubuntu at ip-172-31-11-12:~$ sudo ua disable esm-infra
Updating package lists
ubuntu at ip-172-31-11-12:~$ python3 ubuntu-security-status
535 packages installed on Ubuntu 18.04 LTS, of which:
529 receive package updates with LTS until 4/2023
5 could receive security updates with ESM Apps until 4/2028
1 package is no longer available for download
Packages that are not available for download may be left over from a
previous release of Ubuntu, may have been installed directly from a
.deb file, or are from a source which has been disabled.
For more information on the packages, run 'ubuntu-security-status
--unavailable'.
Enable Extended Security Maintenance (ESM Apps) to get 5 security
updates (so far) and enable coverage of 5 packages.
Enable ESM Apps with: ua enable esm-apps
ubuntu at ip-172-31-11-12:~$ sudo ua enable esm-infra
One moment, checking your subscription first
Updating package lists
ESM Infra enabled
ubuntu at ip-172-31-11-12:~$ python3 ubuntu-security-status
535 packages installed on Ubuntu 18.04 LTS, of which:
529 receive package updates with LTS until 4/2023
5 are receiving security updates with ESM Apps until 4/2028
1 package is no longer available for download
[...]
** Affects: update-manager (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1878694
Title:
ubuntu-security-status checks esm-infra for ESM Apps
Status in update-manager package in Ubuntu:
New
Bug description:
It looks like ubuntu-security-status assumes that ESM Apps is enabled
when only ESM Infra is enabled.
There is no problem with ESM Apps and ubuntu-security-status. It's
just that it looks like ESM Infra gives a false positive about
receiving the updates.
Reproducer with an Ubuntu 18.04 Pro instance on AWS:
ubuntu at ip-172-31-11-12:~$ ua status
SERVICE ENTITLED STATUS DESCRIPTION
cc-eal yes n/a Common Criteria EAL2 Provisioning Packages
cis-audit no — Center for Internet Security Audit Tools
esm-apps yes enabled UA Apps: Extended Security Maintenance
esm-infra yes enabled UA Infra: Extended Security Maintenance
fips yes disabled NIST-certified FIPS modules
fips-updates yes disabled Uncertified security updates to FIPS modules
livepatch yes enabled Canonical Livepatch service
[...]
ubuntu at ip-172-31-11-12:~$ sudo apt update
ubuntu at ip-172-31-11-12:~$ sudo apt install ansible
ubuntu at ip-172-31-11-12:~$ wget https://bit.ly/3cDGwLe -qO ubuntu-
security-status
ubuntu at ip-172-31-11-12:~$ python3 ubuntu-security-status
535 packages installed on Ubuntu 18.04 LTS, of which:
529 receive package updates with LTS until 4/2023
5 are receiving security updates with ESM Apps until 4/2028
1 package is no longer available for download
[...]
ubuntu at ip-172-31-11-12:~$ sudo ua disable esm-apps
Updating package lists
ubuntu at ip-172-31-11-12:~$ python3 ubuntu-security-status
535 packages installed on Ubuntu 18.04 LTS, of which:
529 receive package updates with LTS until 4/2023
5 are receiving security updates with ESM Apps until 4/2028
1 package is no longer available for download
[...]
ubuntu at ip-172-31-11-12:~$ sudo ua disable esm-infra
Updating package lists
ubuntu at ip-172-31-11-12:~$ python3 ubuntu-security-status
535 packages installed on Ubuntu 18.04 LTS, of which:
529 receive package updates with LTS until 4/2023
5 could receive security updates with ESM Apps until 4/2028
1 package is no longer available for download
Packages that are not available for download may be left over from a
previous release of Ubuntu, may have been installed directly from a
.deb file, or are from a source which has been disabled.
For more information on the packages, run 'ubuntu-security-status
--unavailable'.
Enable Extended Security Maintenance (ESM Apps) to get 5 security
updates (so far) and enable coverage of 5 packages.
Enable ESM Apps with: ua enable esm-apps
ubuntu at ip-172-31-11-12:~$ sudo ua enable esm-infra
One moment, checking your subscription first
Updating package lists
ESM Infra enabled
ubuntu at ip-172-31-11-12:~$ python3 ubuntu-security-status
535 packages installed on Ubuntu 18.04 LTS, of which:
529 receive package updates with LTS until 4/2023
5 are receiving security updates with ESM Apps until 4/2028
1 package is no longer available for download
[...]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1878694/+subscriptions
More information about the foundations-bugs
mailing list