[Bug 1917677] Re: ubuntu: ucf tracking of valid known md5sums should be limited to only those md5sums that affect a given distro release

Balint Reczey 1917677 at bugs.launchpad.net
Thu Mar 4 15:36:39 UTC 2021 

It is highly unlikely that the configuration file on one distro is
replaced with one that was shipped on a different one. It may be a bit
more likely that a config file is overwritten by a variant from a
previous release, but I think this is still unlikely and I believe
trimming the md5sum list is not a general practice for UCF managed
configuration files.

As an example openssh-server ships the historical list, too:
$ cat /usr/share/openssh/sshd_config.md5sum 
# Historical md5sums of the default /etc/ssh/sshd_config up to and including
# 1:7.3p1-5.
0d06fc337cee10609d4833dc88df740f
10dc68360f6658910a98a051273de22c
11f9e107b4d13bbcabe7f8e8da734371
16c827adcff44efaca05ec5eea6383d7
2eeff28468576c3f2e538314e177687b
386c8b9079625b78f6d624ae506958ae
38fc7b31b3e3078848f0eec457d3e050
395c5e13801f9b4f17c2cb54aa634fbd
...

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/1917677

Title:
  ubuntu: ucf tracking of valid known md5sums   should be limited to
  only those md5sums that affect a given distro release

Status in unattended-upgrades package in Ubuntu:
  New
Status in unattended-upgrades source package in Bionic:
  New
Status in unattended-upgrades source package in Focal:
  New
Status in unattended-upgrades source package in Groovy:
  New
Status in unattended-upgrades source package in Hirsute:
  New

Bug description:
  Currently the project tracks all valid md5sums of permutations of
  50unattended-upgrades.conf in a single md5sum file that contains every
  md5sum of every historic version of all unique distros:

   50unattended-upgrades.Debian
   50unattended-upgrades.Devuan
   50unattended-upgrades.Raspbian
   50unattended-upgrades.Ubuntu

  Ultimately ucf for a given packaging release should only track the
  applicable md5sums which are expected to be seen on that particular
  distribution and release.

  For example:
     On Ubuntu Bionic: valid md5sums should be limited to the md5sum of the most recent Ubuntu Xenial 50unattended-upgrades.conf and the md5sums of previous Ubuntu Bionic releases to allow Xenial->Bionic and Bionic->Bionic upgrades without prompt.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1917677/+subscriptions

More information about the foundations-bugs mailing list