[Bug 1167053] Re: untrusted packages silently added to blacklist

Launchpad Bug Tracker 1167053 at bugs.launchpad.net
Thu Dec 13 19:26:59 UTC 2018


This bug was fixed in the package unattended-upgrades - 1.9

---------------
unattended-upgrades (1.9) unstable; urgency=medium

  [ Julian Andres Klode ]
  * test_dev_release: Fix and enable test.
  * Depend on python3-distro-info.
    This is needed to make sure DEVEL_UNTIL_RELEASE actually works. We need
    to fix up travis in addition to control, as it only knows about trusty
    build dependencies.
  * Import distro_info globally, and fix calculation of days.
    The check was off by one: If you were 21 days away from the release,
    it would not switch on, but tell you that it would not upgrade before
    today.
  * test_dev_release: Test Unattended-Upgrade::DevRelease=auto.

  [ David Lang and Balint Reczey]
  * Allow installing untrusted packages when APT::Get::AllowUnauthenticated
    is set (Closes: #775469) (LP: #1167053)

  [ Hans van Kranenburg and Balint Reczey]
  * Clarify highly misleading Package-Blacklist option documentation
    (Closes: #753892)

  [ Balint Reczey ]
  * test/test_dev_release.py: Fix missing mock attributes
  * Leave the cache clean when returning from calculate_upgradable_pkgs()
    When collecting upgradable packages the upgradable ones stayed in the
    cache and they were upgraded together even when unattended-upgrades
    was configured to perform upgrades in minimal steps.
    Thanks to Paul Wise
  * debian/tests/upgrade-all-security: Check if all security-updates are
    applied and if old-autoremovable packages are kept
  * Clear cache only when needed when checking black- and whitelists
  * Add --no-minimal-upgrade-steps option
  * Stop using untrusted package names as blacklists (LP: #1805447)
  * Update copyright info
  * Load modules lazily loaded by datetime.datetime.strptime() when u-u starts
    When Python is upgraded to a new major version the the version running
    unattended-upgrades can be removed as being newly unused causing a crash.
  * Start service after systemd-logind.service to be able to take inhibition lock
    and handle gracefully when logind is down (LP: #1806487)
  * List packages making reboot required in /var/run/reboot-required.pkgs

 -- Balint Reczey <rbalint at ubuntu.com>  Wed, 12 Dec 2018 13:41:49 +0100

** Changed in: unattended-upgrades (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/1167053

Title:
  untrusted packages silently added to blacklist

Status in unattended-upgrades package in Ubuntu:
  Fix Released

Bug description:
  Packages that are not trusted are added to the blacklist but no reason
  is ever printed out while running in debug mode causing confusion as
  to why a package would be blacklisted until you dig into the source.

  Release: All versions
  Package: All versions

  Expected behavior: Print out debug message that informs user package was blacklisted due to not being trusted
  Actual behavior: Message saying package is blacklisted without reason

  Still trying to figure out how to properly upload a patch to this, but
  basically just adding

  logging.debug("%s blacklisted because it's not trusted" %
  pkgname_from_deb(item.destfile))

  to line 946 would suffice

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1167053/+subscriptions



More information about the foundations-bugs mailing list