[Bug 1924766] Re: update-notifier does not handle ESM Apps in the apt-check script
Lucas Albuquerque Medeiros de Moura
1924766 at bugs.launchpad.net
Mon Apr 19 20:43:24 UTC 2021
For this SRU bug I have created the following test script:
-----------------------------------
#!/bin/sh
set -x
series=hirsute
name=$series-dev
function update-notifier-ua-not-installed () {
# Expects this output
# x packages can be updated.
# x of these updates are security updates.
echo "-----------------------------------------------------------"
echo "$series: ua not installed"
lxc exec $name -- /usr/lib/update-notifier/apt-check --human-readable
echo "-----------------------------------------------------------"
}
function update-notifier-ua-not-attached-esm () {
# x updates can be installed immediately.
# x of these updates are security updates.
#
# Enable UA Apps: ESM to receive x additional security updates.
# See https://ubuntu.com/security/esm or run: sudo ua status
echo "-----------------------------------------------------------"
echo "$series esm: ua not attached"
lxc exec $name -- /usr/lib/update-notifier/apt-check --human-readable
echo "-----------------------------------------------------------"
}
function update-notifier-ua-not-attached () {
# Expects this output
# UA Infra: Extended Security Maintenance (ESM) is not enabled.
#
# x updates can be installed immediately.
# x of these updates are security updates.
echo "-----------------------------------------------------------"
echo "$series non-esm: ua not attached"
lxc exec $name -- /usr/lib/update-notifier/apt-check --human-readable
echo "-----------------------------------------------------------"
}
function update-notifier-ua-attached-esm () {
# Expects this output
# x updates can be installed immediately.
# x of these updates are fixed through UA Apps: ESM.
# x of these updates are security updates.
# To see these additional updates run: apt list --upgradable
echo "-----------------------------------------------------------"
echo "$series esm: ua attached"
lxc exec $name -- /usr/lib/update-notifier/apt-check --human-readable
echo "-----------------------------------------------------------"
}
function update-notifier-ua-attached () {
# Expects this output
# x updates can be installed immediately.
# x of these updates are fixed through UA Apps: ESM.
# x of these updates are security updates.
# To see these additional updates run: apt list --upgradable
echo "-----------------------------------------------------------"
echo "$series non-esm: ua attached"
lxc exec $name -- /usr/lib/update-notifier/apt-check --human-readable
echo "-----------------------------------------------------------"
}
function turn-distro-into-esm-mode() {
# guarantee that xenial distro is on ESM mode
lxc exec $name -- sed -i 's/is_esm_supported and is_not_currently_supported/True #comment/' /usr/lib/update-notifier/apt-check
}
function turn-distro-into-non-esm-mode() {
# guarantee that xenial distro is on ESM mode
lxc exec $name -- sed -i 's/True #comment/False/' /usr/lib/update-notifier/apt-check
}
function setup-update-notifier() {
lxc exec $name -- add-apt-repository ppa:lamoura/update-notifier-test-ppa -y
lxc exec $name -- apt update
lxc exec $name -- apt install update-notifier-common -y
}
function install-ua() {
lxc exec $name -- add-apt-repository ppa:ua-client/daily -y
lxc exec $name -- sudo apt-get update
lxc exec $name -- sudo apt-get install ubuntu-advantage-tools -y
lxc exec $name -- ua version
lxc exec $name -- sudo apt-get update
}
function ua-attach() {
lxc exec $name -- sed -i 's/contracts.can/contracts.staging.can/' /etc/ubuntu-advantage/uaclient.conf
lxc exec $name -- ua attach $UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING
}
function ua-detach() {
lxc exec $name -- ua detach --assume-yes
}
lxc delete --force $name
lxc launch ubuntu-daily:$series $name
sleep 10
setup-update-notifier
update-notifier-ua-not-installed
install-ua
turn-distro-into-esm-mode
update-notifier-ua-not-attached-esm
ua-attach
update-notifier-ua-attached-esm
turn-distro-into-non-esm-mode
ua-detach
update-notifier-ua-not-attached
ua-attach
update-notifier-ua-attached
set +x
------------------------------------
I have used it to verify the behavior of the updated package on xenial and hirsute. The packages used to perform such testing are found on this ppa:
https://launchpad.net/~lamoura/+archive/ubuntu/update-notifier-test-ppa
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-notifier in Ubuntu.
https://bugs.launchpad.net/bugs/1924766
Title:
update-notifier does not handle ESM Apps in the apt-check script
Status in update-notifier package in Ubuntu:
New
Status in update-notifier source package in Xenial:
New
Bug description:
[Impact]
When ESM Apps goes into production we want to be able to advertise it to our users through MOTD.
Currently, update-notifier apt-check does not take into consideration the exclusive packages of ESM Apps, which is a problem.
[Test case]
To reproduce the issue, you can:
1. Launch a xenial vm
2. Install the latest version of uaclient from the stable ppa:
https://launchpad.net/~ua-client/+archive/ubuntu/stable/
3. Change the following line on `/etc/ubuntu-advantage/uaclient.conf` from
contract_url: 'https://contracts.canonical.com'
To:
contract_url: 'https://contracts.staging.canonical.com'
4. Attach a staging token to uaclient thorough:
ua attach YOUR_STAGING_TOKEN
5. Run /usr/lib/update-notifier/apt-check --human-readable
6. Verify that no mention to ESM Apps is made and that update-notifier puts all of the ESM packages in the same bucket
To verify that the error is fixed:
1.Perform all the stages above until step 4
2 Install the new update-notifier from this ppa:
https://launchpad.net/~lamoura/+archive/ubuntu/update-notifier-test-ppa
3. Verify now that ESM Apps is reflected in the message
[Where problems could occur]
The changes in this package should only be seen when MOTD is getting a
new message. If that script fails for some reason, it seems that MOTD
will only not present the message, which is doesn't seem to be a
system critical issue.
[Discussion]
With ESM Apps going to production soon, we have decided to update the
messages delivered by update-notifier apt-check to address the package
count of ESM Apps and the possibility of installing more upgrades if
the user has ESM Apps disabled.
We are also updating other parts of the messaging as well. First, we only display ESM Infra status
on ESM distros. However, we will keep showing the ESM Infra package count on all of them.
For ESM Apps, we are only performing the alerts (For example, that you
might have x packages updates if ESM Apps is installed) if the user is
on a LTS distro.
Finally, we are also addressing this bug here:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1883315
Where we were incorrectly counting ESM packages even if the user did
not have access to those services.
== Changelog ==
+ data/apt-check
- Make distinction of ESM Apps and ESM Infra when doing package count
- Only count ESM packages if the user has access to the service (LP #1883315)
- Only display ESM Infra alerts if the distro is ESM
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1924766/+subscriptions
More information about the foundations-bugs
mailing list