[Bug 1901627] Re: Update product naming: Simplify UA Infrastructure ESM to UA Infra: ESM
Chad Smith
1901627 at bugs.launchpad.net
Mon Jan 4 16:05:16 UTC 2021
Xenial test success
--- BEGIN xenial update-notifier testing
--- Launch cloud-init with ppa:ua-client/proposed enabled
Creating test-sru-xenial
Starting test-sru-xenial
--- Wait for cloud-init to finish
.................................................................................................................
status: done
time: Mon, 04 Jan 2021 16:01:37 +0000
detail:
DataSourceNoCloud [seed=/var/lib/cloud/seed/nocloud-net][dsmode=net]
--- Attach Ubuntu-Advantage, enabling services
Enabling default service esm-infra
Updating package lists
ESM Infra enabled
This machine is now attached to 'chad.smith at canonical.com'
SERVICE ENTITLED STATUS DESCRIPTION
esm-infra yes enabled UA Infra: Extended Security Maintenance (ESM)
livepatch yes n/a Canonical Livepatch service
Enable services with: ua enable <service>
Account: chad.smith at canonical.com
Subscription: chad.smith at canonical.com
-- Downgrading package to stable ubuntu release libkrad0=1.13.2+dfsg-5
Reading package lists...
Building dependency tree...
Reading state information...
The following package was automatically installed and is no longer required:
libfreetype6
Use 'apt autoremove' to remove it.
The following additional packages will be installed:
libverto-libevent1 libverto1
The following NEW packages will be installed:
libkrad0 libverto-libevent1 libverto1
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 36.1 kB of archives.
After this operation, 207 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu xenial/main amd64 libverto-libevent1 amd64 0.2.4-2.1ubuntu2 [5742 B]
Get:2 http://archive.ubuntu.com/ubuntu xenial/main amd64 libverto1 amd64 0.2.4-2.1ubuntu2 [9132 B]
Get:3 http://archive.ubuntu.com/ubuntu xenial/main amd64 libkrad0 amd64 1.13.2+dfsg-5 [21.3 kB]
Fetched 36.1 kB in 0s (42.8 kB/s)
Selecting previously unselected package libverto-libevent1:amd64.
(Reading database ... 25866 files and directories currently installed.)
Preparing to unpack .../libverto-libevent1_0.2.4-2.1ubuntu2_amd64.deb ...
Unpacking libverto-libevent1:amd64 (0.2.4-2.1ubuntu2) ...
Selecting previously unselected package libverto1:amd64.
Preparing to unpack .../libverto1_0.2.4-2.1ubuntu2_amd64.deb ...
Unpacking libverto1:amd64 (0.2.4-2.1ubuntu2) ...
Selecting previously unselected package libkrad0:amd64.
Preparing to unpack .../libkrad0_1.13.2+dfsg-5_amd64.deb ...
Unpacking libkrad0:amd64 (1.13.2+dfsg-5) ...
Processing triggers for libc-bin (2.23-0ubuntu11.2) ...
Setting up libverto-libevent1:amd64 (0.2.4-2.1ubuntu2) ...
Setting up libverto1:amd64 (0.2.4-2.1ubuntu2) ...
Setting up libkrad0:amd64 (1.13.2+dfsg-5) ...
Processing triggers for libc-bin (2.23-0ubuntu11.2) ...
update-notifier
Hit:1 http://archive.ubuntu.com/ubuntu xenial InRelease
Hit:2 http://ppa.launchpad.net/ua-client/staging/ubuntu xenial InRelease
Hit:3 http://archive.ubuntu.com/ubuntu xenial-backports InRelease
Hit:4 https://esm.ubuntu.com/infra/ubuntu xenial-infra-security InRelease
Hit:5 https://esm.ubuntu.com/infra/ubuntu xenial-infra-updates InRelease
Reading package lists... Done
2 packages can be updated. 0 updates are security updates.
SUCCESS: did not find UA Infra: Extended Security Maintenance (ESM) is enabled
SUCCESS: found 0 updates are security updates security updates pre-upgrade
--- Upgrade update-notifier from -proposed
update-notifier-common
Get:1 http://archive.ubuntu.com/ubuntu xenial-proposed/main amd64 update-notifier-common all 3.168.13 [133 kB]
dpkg-preconfigure: unable to re-open stdin: No such file or directory
Preparing to unpack .../update-notifier-common_3.168.13_all.deb ...
Unpacking update-notifier-common (3.168.13) over (3.168.10) ...
Setting up update-notifier-common (3.168.13) ...
update-notifier
SUCCESS: found UA Infra: Extended Security Maintenance (ESM) is enabled
--- Expect non-zero upgradable packages for MOTD from apt_check AFTER upgrade
UA Infra: Extended Security Maintenance (ESM) is enabled.
6 packages can be updated.
1 of these updates is fixed through UA Infra: ESM.
1 of these updates is a security update.
To see these additional updates run: apt list --upgradable
1 of these updates is a security update.
SUCCESS: found 1 ESM security updates pre-upgrade
** Tags removed: verification-needed verification-needed-xenial
** Tags added: verification-done verification-done-xenial
** Description changed:
[Impact]
The product names and product URLs of Ubuntu Advantage Extended
Security Maintenance offerings have been rebranded prior to an official
launch of the product ESM product in Ubuntu Xenial, Bionic and Focal.
MOTD messages reference the old product name UA Infrastructure: Extended
Security Maintenance as well as an invalid product URL
https://ubuntu.com/esm.
Correct both the product name "UA Infra: ESM" and the apt URL message
See https://ubuntu.com/security/esm.
Because these text messages are translated using gettext, translations
will need to be updated as well.
[Test Case]
* Install unreleased ubuntu-advantage-tools from a PPA
* Run: ua enable <yourToken> to activate UA apt repositories
* Check MOTD messaging related to UA Infra: ESM prior to upgrade to -proposed update-notifier via /usr/lib/update-notifier/apt-check --human-readable
* Upgrade update-notifier to -proposed
* Re-check MOTD messaging related to UA Infra: ESM to see expected messages (not on groovy as there are no esm repos)
#!/bin/bash
#
# SRU Verification update-notifier + ubuntu=advantage-tools
# Test procedure:
# - launch container Trusty, Xenial or Bionic
# - Install ubuntu-advantage-tools from https://launchpad.net/~ua-client/+archive/ubuntu/proposed which supports esm on trusty, xenial, bionic, and focal
# - Attach container to UA subscription (which activates the ESM APT repos
# - run apt_check --human-readable to assert ESM pkg counts ARE NOT reported
# - Upgrade update-notifier to -proposed
# - re-run apt_check --human-readable to assert ESM pkg counts ARE reported
set -e
UA_TOKEN=$1
if [ -z "$1" ]; then
echo "Usage: $0 <contractTOKEN>"
exit 1
fi
cat > test-un.yaml <<EOF
#cloud-config
ssh_import_id: [chad.smith]
package_update: true
package_upgrade: true
apt:
sources:
ua.proposed:
source: deb http://ppa.launchpad.net/ua-client/staging/ubuntu \$RELEASE main
keyid: 6E34E7116C0BC933
EOF
cat > setup_proposed.sh <<EOF
#/bin/bash
mirror=http://archive.ubuntu.com/ubuntu
echo deb \$mirror \$(lsb_release -sc)-proposed main | tee /etc/apt/sources.list.d/proposed.list
apt-get update -q
apt-get install -qy update-notifier-common
EOF
wait_for_boot() {
local vm=$1 release=$2
echo "--- Wait for cloud-init to finish"
sleep 5
lxc exec ${vm} -- cloud-init status --wait --long
}
- for release in groovy; do
+ for release in xenial; do
echo "--- BEGIN $release update-notifier testing"
vm=test-sru-$release
echo "--- Launch cloud-init with ppa:ua-client/proposed enabled"
lxc launch ubuntu-daily:${release} ${vm} -c user.user-data="$(cat test-un.yaml)"
wait_for_boot ${vm} ${release}
echo "--- Attach Ubuntu-Advantage, enabling services"
lxc exec ${vm} -- ua attach ${UA_TOKEN}
case "$release" in
- xenial) downrev_pkg="libkrad0=1.13.2+dfsg-5";;
- bionic) downrev_pkg="libkrad0=1.16-2build1";;
- focal) downrev_pkg="hello=2.10-2ubuntu2";;
- groovy) downrev_pkg="apport-retrace=2.20.11-0ubuntu50";;
+ xenial)
+ UPGRADE_MATCH="0 updates are security updates";
+ downrev_pkg="libkrad0=1.13.2+dfsg-5";;
+ bionic)
+ UPGRADE_MATCH="1 update is a security update"
+ downrev_pkg="libkrad0=1.16-2build1";;
+ focal)
+ UPGRADE_MATCH="0 updates are security updates"
+ downrev_pkg="hello=2.10-2ubuntu2";;
+ groovy)
+ UPGRADE_MATCH="1 of these updates is a security update"
+ downrev_pkg="apport-retrace=2.20.11-0ubuntu50";;
esac
- echo "-- Downgrading esm package to stable ubuntu release ver $downrev_pkg"
- lxc exec ${vm} -- apt-get install $downrev_pkg --yes
+ echo "-- Downgrading package to stable ubuntu release $downrev_pkg"
+ lxc exec ${vm} -- apt-get install $downrev_pkg --yes -q
lxc exec ${vm} -- dpkg-query --show update-notifier
- lxc exec ${vm} -- /usr/lib/update-notifier/apt-check --human-readable
- if [ "$release" = "groovy" ]; then
- UPGRADE_MATCH="1 of these updates is a security update"
- echo "Expect 1 upgradable package due to downgrade of non-esm pkg $downrev_pkg"
- else
- UPGRADE_MATCH="0 of these updates are security updates"
- UPGRADE_COUNT=0
-
- echo "--- Expect 0 upgradable packages for MOTD from apt_check before upgrade"
+ if [ "$release" = "xenial" ]; then
+ # Xenial-updates have already included esm package updates.
+ # Drop the xenial-updates apt source so we can be sure we are seeing only
+ # available esm updates
+ lxc exec ${vm} -- sed -e "/xenial-updates/ s/^#*/#/" -i /etc/apt/sources.list
+ lxc exec ${vm} -- sed -e "/xenial-security/ s/^#*/#/" -i /etc/apt/sources.list
+ lxc exec ${vm} -- apt-get update
fi
- lxc exec ${vm} -- /usr/lib/update-notifier/apt-check --human-readable
- lxc exec ${vm} -- /usr/lib/update-notifier/apt-check --human-readable | grep "${UPGRADE_MATCH}" && echo "SUCCESS: found ${UPGRADE_COUNT} security updates pre-upgrade" || echo "FAILURE: did not find expected ${UPGRADE_COUNT} ESM security updates"
+ MOTD=`lxc exec ${vm} -- /usr/lib/update-notifier/apt-check --human-readable`
+ echo ${MOTD}
+ POST_UPGRADE_MSG="UA Infra: Extended Security Maintenance (ESM) is enabled"
+ echo $MOTD | grep -q "${POST_UPGRADE_MSG}" && echo "FAILURE: found ${POST_UPGRADE_MSG}" || echo "SUCCESS: did not find ${POST_UPGRADE_MSG=}"
+ echo $MOTD | grep -q "${UPGRADE_MATCH}" && echo "SUCCESS: found ${UPGRADE_MATCH} security updates pre-upgrade" || echo "FAILURE: did not find expected ${UPGRADE_MATCH} ESM security updates"
echo "--- Upgrade update-notifier from -proposed"
lxc file push setup_proposed.sh ${vm}/
lxc exec ${vm} -- bash /setup_proposed.sh | grep update-notifier
lxc exec ${vm} -- dpkg-query --show update-notifier
+ MOTD=`lxc exec ${vm} -- /usr/lib/update-notifier/apt-check --human-readable`
+ echo $MOTD | grep -q "${POST_UPGRADE_MSG}" && echo "SUCCESS: found ${POST_UPGRADE_MSG}" || echo "FAILURE: did not find ${POST_UPGRADE_MSG=}"
echo "--- Expect non-zero upgradable packages for MOTD from apt_check AFTER upgrade"
lxc exec ${vm} -- /usr/lib/update-notifier/apt-check --human-readable
lxc exec ${vm} -- /usr/lib/update-notifier/apt-check --human-readable | grep '1 of these updates is a security update' && echo "SUCCESS: found 1 ESM security updates pre-upgrade" || echo "FAILURE: did not find expected 1 ESM security updates"
done
+
[Where problems could occur]
* Low risk:
pep8 lint fixes plus MOTD text changes here. Minor logic changes in supplemental MOTD messaging for a product (ESM) that is not yet released and active in the wild on Xenial -> Focal. If messaging falls over the result is a lack of MOTD information about ESM package updates in motd, which is not yet released. If we can ensure we receive MOTD messaging about both ESM and non-ESM package updates without error, then risk of regression is minimal.
[Other Info]
[Original Description]
MOTD text should align with the messaging that is being surfaced by
ubuntu-advantage-tools and apt command line hook messaging.
Current ESM product name is represented in MOTD as the following when
logging into a VM:
### Current ESM-relatedMOTD messaging
# When ESM is disabled:
UA Infrastructure Extended Security Maintenance \(ESM\) is not enabled.
Enable UA Infrastructure ESM to receive 14 additional security updates.
# When ESM is enabled:
UA Infrastructure Extended Security Maintenance \(ESM\) is enabled.
14 of these updates are provided through UA Infrastructure ESM.
#### Expected new ESM messaging:
# When ESM is disabled:
UA Infra: Extended Security Maintenance \(ESM\) is not enabled.
Enable UA Infra: ESM to receive 14 additional security updates.
# When ESM is enabled:
UA Infra: Extended Security Maintenance \(ESM\) is enabled.
14 of these updates are provided through UA Infrastructure
UA Infra: Extended Security Maintenance \(ESM\) is not enabled.
Enable UA Infra: ESM to receive 14 additional security updates.
This request for product naming changes and standardization is also
represented as a request against UA-Client tooling/apt-hooks/status
messaging.
https://github.com/canonical/ubuntu-advantage-
client/issues/1212#issuecomment-713735291
Additionally documentation URLs for esm are updated from ubuntu.com/esm
-> ubuntu.com/security/esm.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-notifier in Ubuntu.
https://bugs.launchpad.net/bugs/1901627
Title:
Update product naming: Simplify UA Infrastructure ESM to UA Infra: ESM
Status in update-notifier package in Ubuntu:
Fix Released
Status in update-notifier source package in Xenial:
Fix Committed
Status in update-notifier source package in Bionic:
Fix Committed
Status in update-notifier source package in Focal:
Fix Committed
Status in update-notifier source package in Groovy:
Fix Committed
Bug description:
[Impact]
The product names and product URLs of Ubuntu Advantage Extended
Security Maintenance offerings have been rebranded prior to an
official launch of the product ESM product in Ubuntu Xenial, Bionic
and Focal. MOTD messages reference the old product name UA
Infrastructure: Extended Security Maintenance as well as an invalid
product URL https://ubuntu.com/esm.
Correct both the product name "UA Infra: ESM" and the apt URL message
See https://ubuntu.com/security/esm.
Because these text messages are translated using gettext, translations
will need to be updated as well.
[Test Case]
* Install unreleased ubuntu-advantage-tools from a PPA
* Run: ua enable <yourToken> to activate UA apt repositories
* Check MOTD messaging related to UA Infra: ESM prior to upgrade to -proposed update-notifier via /usr/lib/update-notifier/apt-check --human-readable
* Upgrade update-notifier to -proposed
* Re-check MOTD messaging related to UA Infra: ESM to see expected messages (not on groovy as there are no esm repos)
#!/bin/bash
#
# SRU Verification update-notifier + ubuntu=advantage-tools
# Test procedure:
# - launch container Trusty, Xenial or Bionic
# - Install ubuntu-advantage-tools from https://launchpad.net/~ua-client/+archive/ubuntu/proposed which supports esm on trusty, xenial, bionic, and focal
# - Attach container to UA subscription (which activates the ESM APT repos
# - run apt_check --human-readable to assert ESM pkg counts ARE NOT reported
# - Upgrade update-notifier to -proposed
# - re-run apt_check --human-readable to assert ESM pkg counts ARE reported
set -e
UA_TOKEN=$1
if [ -z "$1" ]; then
echo "Usage: $0 <contractTOKEN>"
exit 1
fi
cat > test-un.yaml <<EOF
#cloud-config
ssh_import_id: [chad.smith]
package_update: true
package_upgrade: true
apt:
sources:
ua.proposed:
source: deb http://ppa.launchpad.net/ua-client/staging/ubuntu \$RELEASE main
keyid: 6E34E7116C0BC933
EOF
cat > setup_proposed.sh <<EOF
#/bin/bash
mirror=http://archive.ubuntu.com/ubuntu
echo deb \$mirror \$(lsb_release -sc)-proposed main | tee /etc/apt/sources.list.d/proposed.list
apt-get update -q
apt-get install -qy update-notifier-common
EOF
wait_for_boot() {
local vm=$1 release=$2
echo "--- Wait for cloud-init to finish"
sleep 5
lxc exec ${vm} -- cloud-init status --wait --long
}
for release in xenial; do
echo "--- BEGIN $release update-notifier testing"
vm=test-sru-$release
echo "--- Launch cloud-init with ppa:ua-client/proposed enabled"
lxc launch ubuntu-daily:${release} ${vm} -c user.user-data="$(cat test-un.yaml)"
wait_for_boot ${vm} ${release}
echo "--- Attach Ubuntu-Advantage, enabling services"
lxc exec ${vm} -- ua attach ${UA_TOKEN}
case "$release" in
xenial)
UPGRADE_MATCH="0 updates are security updates";
downrev_pkg="libkrad0=1.13.2+dfsg-5";;
bionic)
UPGRADE_MATCH="1 update is a security update"
downrev_pkg="libkrad0=1.16-2build1";;
focal)
UPGRADE_MATCH="0 updates are security updates"
downrev_pkg="hello=2.10-2ubuntu2";;
groovy)
UPGRADE_MATCH="1 of these updates is a security update"
downrev_pkg="apport-retrace=2.20.11-0ubuntu50";;
esac
echo "-- Downgrading package to stable ubuntu release $downrev_pkg"
lxc exec ${vm} -- apt-get install $downrev_pkg --yes -q
lxc exec ${vm} -- dpkg-query --show update-notifier
if [ "$release" = "xenial" ]; then
# Xenial-updates have already included esm package updates.
# Drop the xenial-updates apt source so we can be sure we are seeing only
# available esm updates
lxc exec ${vm} -- sed -e "/xenial-updates/ s/^#*/#/" -i /etc/apt/sources.list
lxc exec ${vm} -- sed -e "/xenial-security/ s/^#*/#/" -i /etc/apt/sources.list
lxc exec ${vm} -- apt-get update
fi
MOTD=`lxc exec ${vm} -- /usr/lib/update-notifier/apt-check --human-readable`
echo ${MOTD}
POST_UPGRADE_MSG="UA Infra: Extended Security Maintenance (ESM) is enabled"
echo $MOTD | grep -q "${POST_UPGRADE_MSG}" && echo "FAILURE: found ${POST_UPGRADE_MSG}" || echo "SUCCESS: did not find ${POST_UPGRADE_MSG=}"
echo $MOTD | grep -q "${UPGRADE_MATCH}" && echo "SUCCESS: found ${UPGRADE_MATCH} security updates pre-upgrade" || echo "FAILURE: did not find expected ${UPGRADE_MATCH} ESM security updates"
echo "--- Upgrade update-notifier from -proposed"
lxc file push setup_proposed.sh ${vm}/
lxc exec ${vm} -- bash /setup_proposed.sh | grep update-notifier
lxc exec ${vm} -- dpkg-query --show update-notifier
MOTD=`lxc exec ${vm} -- /usr/lib/update-notifier/apt-check --human-readable`
echo $MOTD | grep -q "${POST_UPGRADE_MSG}" && echo "SUCCESS: found ${POST_UPGRADE_MSG}" || echo "FAILURE: did not find ${POST_UPGRADE_MSG=}"
echo "--- Expect non-zero upgradable packages for MOTD from apt_check AFTER upgrade"
lxc exec ${vm} -- /usr/lib/update-notifier/apt-check --human-readable
lxc exec ${vm} -- /usr/lib/update-notifier/apt-check --human-readable | grep '1 of these updates is a security update' && echo "SUCCESS: found 1 ESM security updates pre-upgrade" || echo "FAILURE: did not find expected 1 ESM security updates"
done
[Where problems could occur]
* Low risk:
pep8 lint fixes plus MOTD text changes here. Minor logic changes in supplemental MOTD messaging for a product (ESM) that is not yet released and active in the wild on Xenial -> Focal. If messaging falls over the result is a lack of MOTD information about ESM package updates in motd, which is not yet released. If we can ensure we receive MOTD messaging about both ESM and non-ESM package updates without error, then risk of regression is minimal.
[Other Info]
[Original Description]
MOTD text should align with the messaging that is being surfaced by
ubuntu-advantage-tools and apt command line hook messaging.
Current ESM product name is represented in MOTD as the following when
logging into a VM:
### Current ESM-relatedMOTD messaging
# When ESM is disabled:
UA Infrastructure Extended Security Maintenance \(ESM\) is not enabled.
Enable UA Infrastructure ESM to receive 14 additional security
updates.
# When ESM is enabled:
UA Infrastructure Extended Security Maintenance \(ESM\) is enabled.
14 of these updates are provided through UA Infrastructure ESM.
#### Expected new ESM messaging:
# When ESM is disabled:
UA Infra: Extended Security Maintenance \(ESM\) is not enabled.
Enable UA Infra: ESM to receive 14 additional security updates.
# When ESM is enabled:
UA Infra: Extended Security Maintenance \(ESM\) is enabled.
14 of these updates are provided through UA Infrastructure
UA Infra: Extended Security Maintenance \(ESM\) is not enabled.
Enable UA Infra: ESM to receive 14 additional security updates.
This request for product naming changes and standardization is also
represented as a request against UA-Client tooling/apt-hooks/status
messaging.
https://github.com/canonical/ubuntu-advantage-
client/issues/1212#issuecomment-713735291
Additionally documentation URLs for esm are updated from
ubuntu.com/esm -> ubuntu.com/security/esm.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1901627/+subscriptions
More information about the foundations-bugs
mailing list