[Bug 1878694] Re: ubuntu-security-status checks esm-infra for ESM Apps

David Coronel 1878694 at bugs.launchpad.net
Thu May 21 20:29:26 UTC 2020 

Thanks @brian-murray. However it doesn't look like it fixed it, it seems
to be even worse now. It doesn't tell me I am getting the security
updates when I have ESM-apps enabled:

ubuntu at ip-172-31-55-253:~$ bzr branch lp:~brian-murray/update-manager/u-s-s-new
ubuntu at ip-172-31-55-253:~$ cd u-s-s-new/

ubuntu at ip-172-31-55-253:~/u-s-s-new$ python3 ubuntu-security-status
551 packages installed on Ubuntu 18.04 LTS, of which:
542 receive package updates with LTS until 4/2023
  8 could receive security updates with ESM Apps until 4/2028
  1 package is no longer available for download

Packages that are not available for download may be left over from a
previous release of Ubuntu, may have been installed directly from a
.deb file, or are from a source which has been disabled.
For more information on the packages, run 'ubuntu-security-status
--unavailable'.

ubuntu at ip-172-31-55-253:~/u-s-s-new$ ua status
SERVICE       ENTITLED  STATUS    DESCRIPTION
cc-eal        yes       n/a       Common Criteria EAL2 Provisioning Packages
cis-audit     no        —         Center for Internet Security Audit Tools
esm-apps      yes       enabled   UA Apps: Extended Security Maintenance
esm-infra     yes       enabled   UA Infra: Extended Security Maintenance
fips          yes       disabled  NIST-certified FIPS modules
fips-updates  yes       disabled  Uncertified security updates to FIPS modules
livepatch     yes       enabled   Canonical Livepatch service

Enable services with: ua enable <service>

                Account: <edited out>
           Subscription: <edited out>
            Valid until: n/a
Technical support level: essential

ubuntu at ip-172-31-55-253:~/u-s-s-new$ sudo ua disable esm-infra
Updating package lists

ubuntu at ip-172-31-55-253:~/u-s-s-new$ python3 ubuntu-security-status
551 packages installed on Ubuntu 18.04 LTS, of which:
542 receive package updates with LTS until 4/2023
  8 could receive security updates with ESM Apps until 4/2028
  1 package is no longer available for download

Packages that are not available for download may be left over from a
previous release of Ubuntu, may have been installed directly from a
.deb file, or are from a source which has been disabled.
For more information on the packages, run 'ubuntu-security-status
--unavailable'.

ubuntu at ip-172-31-55-253:~/u-s-s-new$ ua status
SERVICE       ENTITLED  STATUS    DESCRIPTION
cc-eal        yes       n/a       Common Criteria EAL2 Provisioning Packages
cis-audit     no        —         Center for Internet Security Audit Tools
esm-apps      yes       enabled   UA Apps: Extended Security Maintenance
esm-infra     yes       disabled  UA Infra: Extended Security Maintenance
fips          yes       disabled  NIST-certified FIPS modules
fips-updates  yes       disabled  Uncertified security updates to FIPS modules
livepatch     yes       enabled   Canonical Livepatch service

Enable services with: ua enable <service>

                Account: <edited out>
           Subscription: <edited out>
            Valid until: n/a
Technical support level: essential

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1878694

Title:
  ubuntu-security-status checks esm-infra for ESM Apps

Status in update-manager package in Ubuntu:
  In Progress

Bug description:
  It looks like ubuntu-security-status assumes that ESM Apps is enabled
  when only ESM Infra is enabled.

  There is no problem with ESM Apps and ubuntu-security-status. It's
  just that it looks like ESM Infra gives a false positive about
  receiving the updates.

  
  Reproducer with an Ubuntu 18.04 Pro instance on AWS:

  ubuntu at ip-172-31-11-12:~$ ua status
  SERVICE       ENTITLED  STATUS    DESCRIPTION
  cc-eal        yes       n/a       Common Criteria EAL2 Provisioning Packages
  cis-audit     no        —         Center for Internet Security Audit Tools
  esm-apps      yes       enabled   UA Apps: Extended Security Maintenance
  esm-infra     yes       enabled   UA Infra: Extended Security Maintenance
  fips          yes       disabled  NIST-certified FIPS modules
  fips-updates  yes       disabled  Uncertified security updates to FIPS modules
  livepatch     yes       enabled   Canonical Livepatch service
  [...]

  ubuntu at ip-172-31-11-12:~$ sudo apt update
  ubuntu at ip-172-31-11-12:~$ sudo apt install ansible

  ubuntu at ip-172-31-11-12:~$ wget https://bit.ly/3cDGwLe -qO ubuntu-
  security-status

  ubuntu at ip-172-31-11-12:~$ python3 ubuntu-security-status
  535 packages installed on Ubuntu 18.04 LTS, of which:
  529 receive package updates with LTS until 4/2023
    5 are receiving security updates with ESM Apps until 4/2028
    1 package is no longer available for download
  [...]

  ubuntu at ip-172-31-11-12:~$ sudo ua disable esm-apps
  Updating package lists

  ubuntu at ip-172-31-11-12:~$ python3 ubuntu-security-status
  535 packages installed on Ubuntu 18.04 LTS, of which:
  529 receive package updates with LTS until 4/2023
    5 are receiving security updates with ESM Apps until 4/2028
    1 package is no longer available for download
  [...]

  ubuntu at ip-172-31-11-12:~$ sudo ua disable esm-infra
  Updating package lists

  ubuntu at ip-172-31-11-12:~$ python3 ubuntu-security-status
  535 packages installed on Ubuntu 18.04 LTS, of which:
  529 receive package updates with LTS until 4/2023
    5 could receive security updates with ESM Apps until 4/2028
    1 package is no longer available for download

  Packages that are not available for download may be left over from a
  previous release of Ubuntu, may have been installed directly from a
  .deb file, or are from a source which has been disabled.
  For more information on the packages, run 'ubuntu-security-status
  --unavailable'.

  Enable Extended Security Maintenance (ESM Apps) to get 5 security
  updates (so far) and enable coverage of 5 packages.

  Enable ESM Apps with: ua enable esm-apps

  ubuntu at ip-172-31-11-12:~$ sudo ua enable esm-infra
  One moment, checking your subscription first
  Updating package lists
  ESM Infra enabled

  ubuntu at ip-172-31-11-12:~$ python3 ubuntu-security-status
  535 packages installed on Ubuntu 18.04 LTS, of which:
  529 receive package updates with LTS until 4/2023
    5 are receiving security updates with ESM Apps until 4/2028
    1 package is no longer available for download
  [...]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1878694/+subscriptions

More information about the foundations-bugs mailing list