report packages from security pocket
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| landscape-client (Ubuntu) |
In Progress
|
Medium
|
Simon Poirier | ||
| Xenial |
In Progress
|
Medium
|
Simon Poirier | ||
| Bionic |
In Progress
|
Medium
|
Simon Poirier | ||
| Disco |
Won't Fix
|
Medium
|
Simon Poirier | ||
| Eoan |
Won't Fix
|
Medium
|
Simon Poirier | ||
| Focal |
In Progress
|
Medium
|
Simon Poirier | ||
Bug Description
[Impact]
I report this bug to add the necessary bit into lds-client for all affected/supported releases.
[Test Case]
* One must use Landscape server on-prem (version >=19.01) or hosted which already contain the necessary server side change.
* Install landscape-client.
* Successfully register a client against Landscape server.
* Security updates will only rely on USN notices and could possibly ignore other packages found in -security pocket even if they are there simply by the fact that there was no USN notice specific for them.
(e.g. systemd has an USN, systemd get updated but its derived systemd binary packages aren't updated)
[Regression Potential]
* The patch flags potential security updates by matching the pocket name. The server then does additional package selection from that info. If the pocket matching were to break, security updates would continue as it was previously.
* False positive matching could be possible, assuming one builds a mirror which mimics security pockets and contains normal updates. In that case, landscape could mistakenly update as if they were security updates.
* Landscape may apply security updates without USN data, if the update comes from a security pocket. Since this matches the behaviour of unattended-upgrades and MOTD info, this may be closer to what users expect, even though this is a change of behaviour.
[Other Info]
* Upstream details:
https:/
https:/
https:/
Related branches
- Canonical Server: Pending requested
- git-ubuntu developers: Pending requested
-
Diff: 346 lines (+312/-0)5 files modifieddebian/changelog (+8/-0)
debian/patches/apt-pulse-1758529.patch (+27/-0)
debian/patches/reporter_logging.patch (+19/-0)
debian/patches/security_pocket_1848828.patch (+255/-0)
debian/patches/series (+3/-0)
- Eric Desrochers (community): Approve
- git-ubuntu developers: Pending requested
-
Diff: 346 lines (+312/-0)5 files modifieddebian/changelog (+8/-0)
debian/patches/apt-pulse-1758529.patch (+27/-0)
debian/patches/reporter_logging.patch (+19/-0)
debian/patches/security_pocket_1848828.patch (+255/-0)
debian/patches/series (+3/-0)
- Eric Desrochers (community): Approve
- git-ubuntu developers: Pending requested
-
Diff: 346 lines (+312/-0)5 files modifieddebian/changelog (+8/-0)
debian/patches/apt-pulse-1758529.patch (+27/-0)
debian/patches/reporter_logging.patch (+19/-0)
debian/patches/security_pocket_1848828.patch (+255/-0)
debian/patches/series (+3/-0)
- Eric Desrochers (community): Approve
- git-ubuntu developers: Pending requested
-
Diff: 346 lines (+312/-0)5 files modifieddebian/changelog (+8/-0)
debian/patches/apt-pulse-1758529.patch (+27/-0)
debian/patches/reporter_logging.patch (+19/-0)
debian/patches/security_pocket_1848828.patch (+255/-0)
debian/patches/series (+3/-0)
| tags: | added: sts |
| description: | updated |
| Changed in landscape-client (Ubuntu Focal): | |
| assignee: | nobody → Simon Poirier (simpoir) |
| status: | New → In Progress |
| importance: | Undecided → Medium |
| description: | updated |
| description: | updated |
| description: | updated |
| description: | updated |
| Changed in landscape-client (Ubuntu Eoan): | |
| assignee: | nobody → Simon Poirier (simpoir) |
| Changed in landscape-client (Ubuntu Disco): | |
| assignee: | nobody → Simon Poirier (simpoir) |
| Changed in landscape-client (Ubuntu Bionic): | |
| assignee: | nobody → Simon Poirier (simpoir) |
| Changed in landscape-client (Ubuntu Xenial): | |
| assignee: | nobody → Simon Poirier (simpoir) |
| Changed in landscape-client (Ubuntu Eoan): | |
| status: | New → In Progress |
| Changed in landscape-client (Ubuntu Disco): | |
| status: | New → In Progress |
| Changed in landscape-client (Ubuntu Xenial): | |
| importance: | Undecided → Medium |
| Changed in landscape-client (Ubuntu Bionic): | |
| status: | New → In Progress |
| Changed in landscape-client (Ubuntu Eoan): | |
| importance: | Undecided → Medium |
| Changed in landscape-client (Ubuntu Disco): | |
| importance: | Undecided → Medium |
| tags: | added: sts-sponsor-slashd |
| Changed in landscape-client (Ubuntu Bionic): | |
| importance: | Undecided → Medium |
| Changed in landscape-client (Ubuntu Xenial): | |
| status: | New → In Progress |
| description: | updated |
| Eric Desrochers (slashd) wrote | #1 |
| tags: | removed: sts-sponsor-slashd |
| Changed in landscape-client (Ubuntu Disco): | |
| status: | In Progress → Won't Fix |
| Brian Murray (brian-murray) wrote | #2 |
| Changed in landscape-client (Ubuntu Eoan): | |
| status: | In Progress → Won't Fix |
Simon and I are working on delivering a more recent lds-client codebase (ofc including the code to fix this particular bug) and modernising the actual src package (e.g. compat v7 to v12) for focal.
Once everything is found in focal-release, we will SRU PR#57 and PR#70 into stable releases.
- Eric