[SRU] ubuntu-advantage-tools (27.6 -> 27.7) Xenial, Bionic, Focal, Impish

Bug #1964028 reported by Grant Orndorff
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-advantage-tools (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Impish
Fix Released
Undecided
Unassigned

Bug Description

[Impact]
This release sports both bug-fixes and new features and we would like to
make sure all of our supported customers have access to these
improvements. The notable ones are:

  * --format=json for attach,detach,enable,disable
  * --attach-config option when attaching for users to pass their token via a file and also to customize the auto-enabled services
  * Support enabling FIPS and FIPS-Updates on containers
  * Add more information to ua security-status and remove --beta flag
  * New log files will be world readable

See the changelog entry below for a full list of changes and bugs.

[Test Case]
The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates

The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened.

[Regression Potential]
There is a small refactor that touches a python section of the postinst script. Any adjustment to postinst poses the risk of breaking upgrades if a mistake was made.

We are setting all newly created log files to world-readable. If we have failed to catch every scenario of redacting secrets from potentially logged strings, then some secrets could slip into the world-readable log files.

The refactor required to support json output for more commands required changing how all output is printed. A mistake during this process could result in missing output that we previously printed. Some messages were moved from stderr to stdout during this process as well. If a third party script was parsing the error messages on stderr from `ua` this update may break that.

We are moving from requiring a --beta flag for ua security-status to requiring that there is not a --beta flag for ua security-status. If a third party script is using ua security-status --beta command, then this change could break that script.

This is a big update, with several refactors touching many pieces of the codebase. It is possible that some behavior changed in subtle ways not captured by our integration tests.

[Discussion]
The reason for making the logs world readable is that we no longer have any major reason keep it readable by only sudo users. Also, this will also allow for non-root users to more easily open bugs that affect the package. We are purposefully only setting new log files to be world-readable, because it is possible that logs made prior to version 27.6 still contain secrets.

The focus on json output is to support other pieces of software than want to use `ua`, such as the upcoming Desktop settings screen to attach and enable/disable services.

[Changelog]

  * d/logrotate:
    - make new logs world readable
  * d/tools.postinst:
    - refactor to catch exception from entitlement_factory
    - no longer always set log file to only root readable
    - when creating log file for the first time, make world readable
  * New upstream release 27.7
    - attach: --attach-config option for customizing auto-enabled services
      and supplying token via a file
    - auto-attach: fix bug where auto-attach caused a manually attached
      machine to detach
    - cli:
      + support --format=json for attach
      + support --format=json for detach
      + support --format=json for enable
      + support --format=json for disable
    - contract: include activity info when updating contract
    - detach: no longer contacts contract server on detach
    - fips: allow fips on containers
    - fix: support USNs that don't have related CVEs
    - logs: make all newly created logs world-readable
    - security-status:
      + show already installed esm package counts
      + include APT origin for each potential update
      + bump schema version to "0.1"
      + remove previously required --beta flag
    - status:
      + include blocked_by information in service status when format=json
      + --simulate-with-token now reports expired tokens as errors
      + --simulate-with-token now returns errors in the specified format

description: updated
Revision history for this message
Paride Legovini (paride) wrote :
Paride Legovini (paride)
Changed in ubuntu-advantage-tools (Ubuntu Impish):
status: New → In Progress
Changed in ubuntu-advantage-tools (Ubuntu Focal):
status: New → In Progress
Changed in ubuntu-advantage-tools (Ubuntu Bionic):
status: New → In Progress
Changed in ubuntu-advantage-tools (Ubuntu Xenial):
status: New → In Progress
Changed in ubuntu-advantage-tools (Ubuntu):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 27.7~22.04.1

---------------
ubuntu-advantage-tools (27.7~22.04.1) jammy; urgency=medium

  * d/changelog:
    - fix changelog trailer line for 27.4.1
  * d/logrotate:
    - make new logs world readable
  * d/tools.postinst:
    - refactor to catch exception from entitlement_factory
    - no longer always set log file to only root readable
    - when creating log file for the first time, make world readable
    - adapt postinst for new messages module
  * New upstream release 27.7 (LP: #1964028)
    - attach: --attach-config option for customizing auto-enabled services
      and supplying token via a file
    - auto-attach: fix bug where auto-attach caused a manually attached
      machine to detach
    - cli:
      + support --format=json for attach
      + support --format=json for detach
      + support --format=json for enable
      + support --format=json for disable
    - contract: include activity info when updating contract
    - detach: no longer contacts contract server on detach
    - fips: allow fips on containers
    - fix: support USNs that don't have related CVEs
    - logs: make all newly created logs world-readable
    - security-status:
      + show already installed esm package counts
      + include APT origin for each potential update
      + bump schema version to "0.1"
      + remove previously required --beta flag
    - status:
      + include blocked_by information in service status when format=json
      + --simulate-with-token now reports expired tokens as errors
      + --simulate-with-token now returns errors in the specified format

 -- Grant Orndorff <email address hidden> Mon, 07 Mar 2022 13:14:57 -0500

Changed in ubuntu-advantage-tools (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Andy Whitcroft (apw) wrote : Please test proposed package

Hello Grant, or anyone else affected,

Accepted ubuntu-advantage-tools into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.7~21.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-impish. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ubuntu-advantage-tools (Ubuntu Impish):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-impish
Changed in ubuntu-advantage-tools (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Andy Whitcroft (apw) wrote :

Hello Grant, or anyone else affected,

Accepted ubuntu-advantage-tools into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.7~20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ubuntu-advantage-tools (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed-bionic
Revision history for this message
Andy Whitcroft (apw) wrote :

Hello Grant, or anyone else affected,

Accepted ubuntu-advantage-tools into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.7~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Andy Whitcroft (apw) wrote :

Hello Grant, or anyone else affected,

Accepted ubuntu-advantage-tools into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.7~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in ubuntu-advantage-tools (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed-xenial
Revision history for this message
Lucas Albuquerque Medeiros de Moura (lamoura) wrote :

We have performed the test for release 27.7 using the package that is proposed

tags: added: verification-done verification-done-bionic verification-done-focal verification-done-impish verification-done-xenial
removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-impish verification-needed-xenial
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Okay, this looks good. For a moment I wasn't sure if the actual packages are tested as part of the testing as most of the test artifacts do not seem to print out the actual Debian package version - but then I saw that the respective series-version number is present in the behave-upgrade-* logs. Let's release.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 27.7~21.10.1

---------------
ubuntu-advantage-tools (27.7~21.10.1) impish; urgency=medium

  * Backport new upstream release: (LP: #1964028) to impish

 -- Grant Orndorff <email address hidden> Thu, 10 Mar 2022 12:17:36 -0500

Changed in ubuntu-advantage-tools (Ubuntu Impish):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for ubuntu-advantage-tools has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 27.7~20.04.1

---------------
ubuntu-advantage-tools (27.7~20.04.1) focal; urgency=medium

  * Backport new upstream release: (LP: #1964028) to focal

 -- Grant Orndorff <email address hidden> Thu, 10 Mar 2022 12:17:34 -0500

Changed in ubuntu-advantage-tools (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 27.7~18.04.1

---------------
ubuntu-advantage-tools (27.7~18.04.1) bionic; urgency=medium

  * Backport new upstream release: (LP: #1964028) to bionic

 -- Grant Orndorff <email address hidden> Thu, 10 Mar 2022 12:17:31 -0500

Changed in ubuntu-advantage-tools (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 27.7~16.04.1

---------------
ubuntu-advantage-tools (27.7~16.04.1) xenial; urgency=medium

  * Backport new upstream release: (LP: #1964028) to xenial

 -- Grant Orndorff <email address hidden> Thu, 10 Mar 2022 12:17:29 -0500

Changed in ubuntu-advantage-tools (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.