DynamicUser=1 doesn't get along with services that need dbus-daemon

Yes, I think we could create a new user for fwupd, similar to how it is done in systemd-oomd.postinst (https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/tree/debian/systemd-oomd.postinst?h=ubuntu-jammy) and then use a "User=fwupd" configuration in fwupd-refresh.service.

OK, so upstream here is what we have done (pretty much your suggested W/A).

main:
https://github.com/fwupd/fwupd/commit/7b0d6bc6e03381544e3fb1836c177d492c9d0bbc
https://github.com/fwupd/fwupd/commit/e90b04d7319874db36c06245ab07858589ce8bc8
https://github.com/fwupd/fwupd/commit/f818404d817f6f36699807424cd1d9b84c9be752

backported to 1_7_X (which can SRU to Ubuntu):
https://github.com/fwupd/fwupd/commit/e6ea2916b1f7e1b26eefd6e2e762a9a26492ffaa
https://github.com/fwupd/fwupd/commit/3c72bcc181470c5a9f1f01fbd9826fa6f7e37cc1
https://github.com/fwupd/fwupd/commit/7bb2f00ca96fb23f7de88c64353916436b2504bb

Thank you for getting it fixed upstream and getting the package synced into Ubuntu kinetic-proposed!

We should SRU this fix back to the other affected series.
Also, I'll mark the systemd component as WONTFIX, as we want to apply your upstream fwupd fix (not wait on upstream systemd)

This bug was fixed in the package fwupd - 1.7.7-1ubuntu2

---------------
fwupd (1.7.7-1ubuntu2) kinetic; urgency=medium

  * d/t/ci: don't stderr-fail the autopkgtest on modprobe error
    + it's optional as tests can be skipped, if mtdram module isn't there

 -- Lukas Märdian <email address hidden> Wed, 18 May 2022 09:34:56 +0200

Status changed to 'Confirmed' because the bug affects multiple users.

It may be fixed for kinetic but it's still very much not fixed for jammy! That still has the broken 1.7.5 release...

Can someone explain why this fix is still not rolled out on Focal and Jammy? What am I missing?

I think Eric has a good point. Why this fix is not ported back to Jammy? Jammy is a LTS Version so this service won't work for the next two years if the fix gets not back ported for all who stick to LTS for whatever reason.

This is then from my point of view also a security issue, since if this service is not running no firmware updates will be installed for several devices automatically. Since this is what this service is supposed to do and FW updates may also fix security issues.
But the user thinks this service is there and doing it's job. Since from my experience most users never check if all the services are up and running fine as long as there is no unexpected behavior.
So the user will also not manually check for FW updates, he believes the service does.

And this service does not start on any Ubuntu installation at the moment!

Also Focal needs this fix, since it is still supported for two more years. So can you please explain?

YC is in the process of doing an SRU for a bunch of other bugs in fwupd and the fix should come in that same SRU I expect.

Hello Mario, or anyone else affected,

Accepted fwupd into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd/1.8.3-1~22.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

I would be happy to test this on 22.04. However, I am new to the process. I followed the linked instructions to enable proposed repository, but I don't see a fwupd/jammy-proposed available after an apt-get update. I'm unfamiliar with the process -- does it just take more time to get into -proposed, or is there some other step in the pipeline needed to go from Fix Committed -> -proposed? I set the software updater to use "Main Servers", thinking that a gap in mirroring could be an issue, but it's been over 24h...

I know process issues probably don't belong here, but I would like to learn how to get involved in things like this. Thanks in advance for patience.

I am on jammy and have tested the package.

Package: fwupd
Version: 1.8.3-1~22.04.1
Priority: optional
Section: admin
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>

My testing has been to install the package then stop and start the fwupd-refresh.service unit. The unit exited successfully.

Aaron:

This step adds the repository to apt:

cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF

This step makes it so that packages from -proposes are not automatically pulled in, which is what you want:

cat <<EOF >/etc/apt/preferences.d/proposed-updates
# Configure apt to allow selective installs of packages from proposed
Package: *
Pin: release a=$(lsb_release -cs)-proposed
Pin-Priority: 400
EOF

Then to install the fwupd package in particular:

sudo apt-get install fwupd/jammy-proposed

I hope this helps. If not maybe try #ubuntu on Libera IRC.

All autopkgtests for the newly accepted fwupd (1.8.3-1~22.04.1) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

fwupd/1.8.3-1~22.04.1 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#fwupd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

as the deb is removed from jammy proposed, change back to confimed

Hello Mario, or anyone else affected,

Accepted fwupd into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd/1.7.9-1~22.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted fwupd (1.7.9-1~22.04.1) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

fwupd/1.7.9-1~22.04.1 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#fwupd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Hello Mario, or anyone else affected,

Accepted fwupd into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/fwupd/1.7.9-1~20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted fwupd (1.7.9-1~20.04.1) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

fwupd/1.7.9-1~20.04.1 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#fwupd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Hi,

I can also confirm that fwupd Version 1.7.9-1~22.04.1 fixes this issue for jammy.
After installing the patched version, the service starts and runs as expected.

I'm sorry that I can not provide tests for focal, since I already updated all my machines..

Thank you all
imker

given #23, jammy is tested and test passed, thank you.

Test method: "systemctl start fwupd-refresh.service" and check syslog
to see if the fwupd metadata could be updated.

Per test on focal, use existing 1.7.5-3~20.04.1, still can reproduce this issue.

After install 1.7.9-1~20.04.1 from the proposed channel, can't reproduce this issue.

Given so, mark verification-done-focal

The verification of the Stable Release Update for fwupd has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package fwupd - 1.7.9-1~20.04.1

---------------
fwupd (1.7.9-1~20.04.1) focal; urgency=medium

  * New upstream release, and drop all patches since they are merged.
  * Properly fall back to use DMI instead of /sys/class/dmi interface.
    (LP: #1982103)
  * Build depends on mondemmanager 1.8 and libxmlb 0.3.6 to support
    EM120/160. (LP: #1980334)
  * Don't stderr-fail the autopkgtest on modprobe error as they are
    optional. (LP: #1966364)
  * Run fwupd-refresh under a dedicated fwupd-refresh user. This is
    fixed in 1.1.7, so it's automatically included. (LP: #1969976)

 -- Yuan-Chen Cheng <email address hidden> Sun, 03 Jul 2022 03:18:51 +0000

This bug was fixed in the package fwupd - 1.7.9-1~22.04.1

---------------
fwupd (1.7.9-1~22.04.1) jammy; urgency=medium

  * New upstream release, and drop all patches since they are merged.
  * Properly fall back to use DMI instead of /sys/class/dmi interface.
    (LP: #1982103)
  * Don't stderr-fail the autopkgtest on modprobe error as they are
    optional. (LP: #1966364)
  * Run fwupd-refresh under a dedicated fwupd-refresh user. This is
    fixed in 1.7.7, so it's automatically included. (LP: #1969976)

 -- Yuan-Chen Cheng <email address hidden> Tue, 20 Sep 2022 03:18:51 +0000

All autopkgtests for the newly accepted fwupd (1.7.9-1~20.04.1) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

fwupd/1.7.9-1~20.04.1 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#fwupd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted fwupd (1.7.9-1~22.04.1) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

fwupd/1.7.9-1~22.04.1 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#fwupd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!