Comment 6 for bug 2039113

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

There are two bugs here:

1) pro client must never pull in non-matching base, this is prohibited by the seeded snaps policy in Ubuntu Archive, which it is currently violating. It is absolutely critical that it must never install non-matching base, meaning I will request removal of livepatch feature from Ubuntu Archive for 24.04 release if this is not fixed for 24.04 release to install core24/stable channel

2) pro client must fix this for upgrades, and refresh all existing installs on all LTS releases to an appropraite coreXX/stable channel before "core" goes EOL in April 2026 (ticking time bomb). Or have base:bare published in latest/stable, or publish a supported base snap into latest/stable (i.e. core22 base promoted to latest/stable). Another alternative is to make core22 the default track, but that's still kicking the can down the road by 8 years, as it will not be suitable for 24.04 release

3) Even after we fix pro client to switch/referesh everyone off "core" base livepatch-client, this is still not enough. As currently, once "core" snap gets installed it can never ever ever be removed from a system. This is I believe a snapd bug. Meaning today, whilst jammy systems start out without "core" snap that is about to go EOL, they gain it, and can never remove it again.

This is absolutely critical to solve in some way. Which way it is solved, doesn't matter. But you cannot all reference each other's implementations, and deprioritise all of them. As at least one of them should be scheduled to be fixed soon. (as in the current situation, where base:bare is deprioritised, and installing/refreshing to the matching coreXX/stable track is also deprioritised).

You are currently exposing modern ubuntu systems to the risk of forcing to run and make available obsolete and vulnerable binaries on modern Ubuntu releases. Recent security exploits have been demonstrated to use unrelated binaries available on the host system, to gain advantage (see recent ssh-agent attack that use random available files on the host, with the right properties to dlopen them to stage remote code executation and prviledge escalation attacks).