Livepatch has fixed kernel vulnerabilities. Or not???

Bo Berglund bo.berglund at gmail.com
Tue Apr 18 06:27:04 UTC 2023 

On Wed, 12 Apr 2023 14:47:17 -0500, Keith <keithw at caramail.com> wrote:

>On 4/12/23 10:32 AM, Bo Berglund wrote:
>> $ canonical-livepatch status --verbose
>> last check: 8 minutes ago
>> kernel: 5.4.0-89.100-generic
>
>Have you performed a system update since you last posted on 3/27?
>Currently, 5.4.0.146.144-generic is the latest kernel version for focal.

Yes, as my history shows:

2023-04-08 18:13:51 sudo /home/bosse/bin/aptupdate Y

aptupdate is my script for doing the system update/upgrade:


#!/bin/bash
#This script must be executed as sudo:
# sudo aptupdate Y
#Based on a post in the ubuntu user list by Ian Burntlett

if [ "$1" != "Y" ]; then
  echo "Error! Call syntax: sudo $0 Y"
  echo "Try again!"
  exit -1
fi

set -e # exit immediately if a command returns a non-zero status
set -x # print a trace of simple commands

apt update # download package information
apt full-upgrade -y # upgrade and remove packages if required
apt autoremove -y
apt autoclean # removes virtually useless files from the cache
#apt purge # even more tidying up

echo "Update completed!"
exit 0


>
>Given that the "canonical-livepatch status" command indicates you're 
>running an older kernel than what's currently available in the repos, 
>maybe do a system update to upgrade the kernel.

Did that on April 8 as shown above...
Message still lingers.

Right now an apt update shows the following candidates for upgrade after an apt
update:

$ apt list --upgradable
Listing... Done
libnss-systemd/focal-updates,focal-updates 245.4-4ubuntu3.21 amd64 [upgradable
from: 245.4-4ubuntu3.20]
libpam-systemd/focal-updates,focal-updates 245.4-4ubuntu3.21 amd64 [upgradable
from: 245.4-4ubuntu3.20]
libsystemd0/focal-updates,focal-updates 245.4-4ubuntu3.21 amd64 [upgradable
from: 245.4-4ubuntu3.20]
libudev1/focal-updates,focal-updates 245.4-4ubuntu3.21 amd64 [upgradable from:
245.4-4ubuntu3.20]
systemd-sysv/focal-updates,focal-updates 245.4-4ubuntu3.21 amd64 [upgradable
from: 245.4-4ubuntu3.20]
systemd-timesyncd/focal-updates,focal-updates 245.4-4ubuntu3.21 amd64
[upgradable from: 245.4-4ubuntu3.20]
systemd/focal-updates,focal-updates 245.4-4ubuntu3.21 amd64 [upgradable from:
245.4-4ubuntu3.20]
udev/focal-updates,focal-updates 245.4-4ubuntu3.21 amd64 [upgradable from:
245.4-4ubuntu3.20]

Does not seem to contain any kernel updates..

>One last thing to try and then I would file a bug at the link Oliver 
>provided if it doesn't fix the problem.
>
>Disable livepatch
>$ sudo pro disable livepatch
done

>
>Uninstall canonical-livepatch snap
>$ sudo snap remove --purge canonical-livepatch
done

>
>Delete ~/snap/canonical-livepatch directory
>Delete /root/snap/canonical-livepatch directory also
done

>
>Remove /etc/update-motd.d/99-livepatch-kernel-upgrade-required if its 
>still present. It should have been removed when the snap was uninstalled.
not there

>
>Remove cached snap files in /var/lib/snapd/cache
>Not directory, just files.
there are 7 files in there all with very long names like this:
3aca523f924d16583217c9b029f8c626972012f9c6fab26b4cb987ec64b50e273751f8a7be35328d5bd6404d4db0af2d

and sudo rm /var/lib/snapd/cache/* just shows an error message: 
rm: cannot remove '/var/lib/snapd/cache/*': No such file or directory

When I specify one of the files by adding the start of the name:
sudo ls -la /var/lib/snapd/cache/3*
ls: cannot access '/var/lib/snapd/cache/3*': No such file or directory

Are these strange files the ones you refer to as "cached snap files"?

Had top stop here since I could not follow your instructions for removing....
But I looked at the  commands and found some I do not really understand:

>Manually install canonical-livepatch snap
>$ sudo snap install canonical-livepatch
>
>Enable canonical-livepatch
>$ sudo pro enable livepatch
>
>Check ~/snap/canonical-livepatch
>Is there a symbolic link "current" pointing to the revision of the 
>canonical-livepatch snap (196 for the latest/stable)?
>If not, make one.
>Do the same for /root/snap/canonical-livepatch

Please explain these commands, I do not understand how to make it manually...
What is "revision of the canonical-livepatch snap"?
Is that a file somewhere and is it named "196"???
Also what do you mean by "do the same"?

>Logout/Login
>
>Still getting message? File the bug, and/or disconnect the 
>etc-update-motd-d interface as described above. That gets rid of that 
>99-livepatch.. script generating the motd message.

Can't do the above completely since I struck the non-working command...
Please advice.

Livepatch is now uninstalled and the message does not show when I log in.
But this is probably not a good situation so I need to get this fixed.


-- 
Bo Berglund
Developer in Sweden

More information about the ubuntu-users mailing list