[Bug 1926990] Re: update-notifier should not alert users about esm-apps in a ESM machine
Lucas Albuquerque Medeiros de Moura
1926990 at bugs.launchpad.net
Fri May 21 19:02:04 UTC 2021
** Description changed:
[Impact]
When users are running an ESM distro and looking at the MOTD they may be surprised by an alert generated by update-notifier that both esm-infra and esm-apps could be enabled in the machine to receive future updates. However, esm-apps will not bring much to an ESM distro. This means that users will be receiving alerts about esm-apps unnecessarily.
[Test case]
To reproduce the issue:
1. Launch a xenial container
2. Create the file /etc/ubuntu-advantage/uaclient.conf with the following content:
# Ubuntu-Advantage client config file.
contract_url: 'https://contracts.canonical.com'
security_url: 'https://ubuntu.com/security'
data_dir: /var/lib/ubuntu-advantage
log_level: debug
log_file: /var/log/ubuntu-advantage.log
features:
allow_beta: true
3. Install ubuntu-advantage-client from this PPA:
https://code.launchpad.net/~ua-client/+archive/ubuntu/daily
PS: Make sure to not allow the installation to override the config file
you have just created.
4. Update the version of update-notifier to the one in proposed
5. Run `/usr/lib/update-notifier/apt-check --human-readable`
6. Verify that both esm-infra and esm-apps alerts appear at the end of the message
To verify that the error is fixed:
1. Run the past scenario until step 3
2. Install the new update-notifier from this ppa:
https://launchpad.net/~lamoura/+archive/ubuntu/update-notifier-test-ppa/
3. Run `/usr/lib/update-notifier/apt-check --human-readable`
4. Verify that only esm-infra is now showing an alert message at the end
[Where problems could occur]
- We are only changing the condition for when to output esm-apps alerts.
- If that condition is not right, we may miss displaying the messages to
- users that need them.
+ We are changing some aspects of the package that could generate
+ problems:
+
+ 1) We are changing the condition for when to output esm-apps alerts. If that condition is not right, we may miss displaying the messages to users that need them.
+ 2) We are adding a new dependency to the package, lsb-release. But since the package was already relying on that dependency, we are just fixing a packaging mistake here.
+ 3) Instead of relying on `lsb_release` for distro-info, we are now getting that info directly from `/etc/os-release`. Since is an attempt to not rely on subprocess python calls on that script. However, since we are adding more python code, logic errors can not happen because of that new chunk of code.
+ 4) Since we are touching translatable message, translation errors can happen because of the modifications we are providing here.
+ 5) We are now adding a ESM Apps headers for the case where users now have
+ esm-apps source files in the system. If our logic is incorrect, we could be displaying that info on situations that are not needed.
+
+ However, we believe that all of the risks mentioned above are manageable
+ and should not block the changes we are bringing to the package.
[Discussion]
When running /usr/lib/update-notifier/apt-check on a ESM machine, we could alert the user about the existence of both esm-infra and esm-apps if the system has unauthenticated source files for both services. Therefore, we would display a message like this in the system:
--------------------------
Enable UA Apps: ESM to receive additional future security updates.
See https://ubuntu.com/security/esm or run: sudo ua status
Enable UA Infra: ESM to receive additional future security updates.
See https://ubuntu.com/security/esm or run: sudo ua status
----------------------------------
This is not ideal, since ESM machines will not gain much from esm-apps.
Also, this messaging may hide the importance of using esm-infra on ESM
machines, since the users will not know beforehand which service to
prioritize.
+ Furthermore, we are also bringing back the message:
+
+ 0 updates can be applied immediately
+
+ When the system has no packages to install. This is because users found
+ that omission confusing, since they thought that maybe something went
+ wrong with motd if display no messages when the system is up to date.
+
+ Additionally, we are adding an esm-apps header to the `apt-check`
+ message if the system is a LTS one with esm-apps source files on it. The
+ header should behave exactly like the one we have for esm-infra:
+
+ UA Apps: Extended Security Maintenance (ESM) is (enabled|disabled).
+
+ We doing this to be consistent with the message we have on ESM distros
+
+ Finally, we are no longer relying on `lsb_release` on `apt-check` to get
+ distro info, like name and version. We are parsing `/etc/os-release` for
+ that now. The rationale for this change is some errors we have saw
+ regarding the use of `subprocess.check_output`. Since we can parse the
+ os-release file directly, we believe it is safer to do so than to rely
+ on shell out for getting that info.
+
== Changelog ==
- * data/apt_check.py
- - do not show esm-apps alerts on esm distros
+ * debian/control: add lsb-release to the update-notifier-common depends as it is used by apt-cdrom-check. (LP: #1927996)
+ * data/apt_check.py
+ - Only show esm-apps alerts on lts and non-esm distros (LP: #1926990)
+ - Update esm-infra alert for distros on ESM mode
+ - Show message with number of upgradable packages even if that
+ number is zero (LP: #1926819)
+ - Get distro name and version directly from /etc/os-release
+ - Show esm-apps status header when running on LTS distro that
+ has not yet entered Extended Security Maintenance
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-notifier in Ubuntu.
https://bugs.launchpad.net/bugs/1926990
Title:
update-notifier should not alert users about esm-apps in a ESM machine
Status in update-notifier package in Ubuntu:
Fix Released
Status in update-notifier source package in Xenial:
New
Status in update-notifier source package in Bionic:
New
Status in update-notifier source package in Focal:
New
Bug description:
[Impact]
When users are running an ESM distro and looking at the MOTD they may be surprised by an alert generated by update-notifier that both esm-infra and esm-apps could be enabled in the machine to receive future updates. However, esm-apps will not bring much to an ESM distro. This means that users will be receiving alerts about esm-apps unnecessarily.
[Test case]
To reproduce the issue:
1. Launch a xenial container
2. Create the file /etc/ubuntu-advantage/uaclient.conf with the following content:
# Ubuntu-Advantage client config file.
contract_url: 'https://contracts.canonical.com'
security_url: 'https://ubuntu.com/security'
data_dir: /var/lib/ubuntu-advantage
log_level: debug
log_file: /var/log/ubuntu-advantage.log
features:
allow_beta: true
3. Install ubuntu-advantage-client from this PPA:
https://code.launchpad.net/~ua-client/+archive/ubuntu/daily
PS: Make sure to not allow the installation to override the config
file you have just created.
4. Update the version of update-notifier to the one in proposed
5. Run `/usr/lib/update-notifier/apt-check --human-readable`
6. Verify that both esm-infra and esm-apps alerts appear at the end of the message
To verify that the error is fixed:
1. Run the past scenario until step 3
2. Install the new update-notifier from this ppa:
https://launchpad.net/~lamoura/+archive/ubuntu/update-notifier-test-ppa/
3. Run `/usr/lib/update-notifier/apt-check --human-readable`
4. Verify that only esm-infra is now showing an alert message at the end
[Where problems could occur]
We are changing some aspects of the package that could generate
problems:
1) We are changing the condition for when to output esm-apps alerts. If that condition is not right, we may miss displaying the messages to users that need them.
2) We are adding a new dependency to the package, lsb-release. But since the package was already relying on that dependency, we are just fixing a packaging mistake here.
3) Instead of relying on `lsb_release` for distro-info, we are now getting that info directly from `/etc/os-release`. Since is an attempt to not rely on subprocess python calls on that script. However, since we are adding more python code, logic errors can not happen because of that new chunk of code.
4) Since we are touching translatable message, translation errors can happen because of the modifications we are providing here.
5) We are now adding a ESM Apps headers for the case where users now have
esm-apps source files in the system. If our logic is incorrect, we could be displaying that info on situations that are not needed.
However, we believe that all of the risks mentioned above are
manageable and should not block the changes we are bringing to the
package.
[Discussion]
When running /usr/lib/update-notifier/apt-check on a ESM machine, we could alert the user about the existence of both esm-infra and esm-apps if the system has unauthenticated source files for both services. Therefore, we would display a message like this in the system:
--------------------------
Enable UA Apps: ESM to receive additional future security updates.
See https://ubuntu.com/security/esm or run: sudo ua status
Enable UA Infra: ESM to receive additional future security updates.
See https://ubuntu.com/security/esm or run: sudo ua status
----------------------------------
This is not ideal, since ESM machines will not gain much from esm-apps.
Also, this messaging may hide the importance of using esm-infra on ESM
machines, since the users will not know beforehand which service to
prioritize.
Furthermore, we are also bringing back the message:
0 updates can be applied immediately
When the system has no packages to install. This is because users
found that omission confusing, since they thought that maybe something
went wrong with motd if display no messages when the system is up to
date.
Additionally, we are adding an esm-apps header to the `apt-check`
message if the system is a LTS one with esm-apps source files on it.
The header should behave exactly like the one we have for esm-infra:
UA Apps: Extended Security Maintenance (ESM) is (enabled|disabled).
We doing this to be consistent with the message we have on ESM distros
Finally, we are no longer relying on `lsb_release` on `apt-check` to
get distro info, like name and version. We are parsing `/etc/os-
release` for that now. The rationale for this change is some errors we
have saw regarding the use of `subprocess.check_output`. Since we can
parse the os-release file directly, we believe it is safer to do so
than to rely on shell out for getting that info.
== Changelog ==
* debian/control: add lsb-release to the update-notifier-common depends as it is used by apt-cdrom-check. (LP: #1927996)
* data/apt_check.py
- Only show esm-apps alerts on lts and non-esm distros (LP: #1926990)
- Update esm-infra alert for distros on ESM mode
- Show message with number of upgradable packages even if that
number is zero (LP: #1926819)
- Get distro name and version directly from /etc/os-release
- Show esm-apps status header when running on LTS distro that
has not yet entered Extended Security Maintenance
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1926990/+subscriptions
More information about the foundations-bugs
mailing list