[Bug 1926990] Re: update-notifier should not alert users about esm-apps in a ESM machine

[Łukasz Zemczak]

Hello Lucas, or anyone else affected,

Accepted update-notifier into bionic-proposed. The package will build
now and be available at https://launchpad.net/ubuntu/+source/update-
notifier/3.192.1.11 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
bionic to verification-done-bionic. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-bionic. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: update-notifier (Ubuntu Bionic)
       Status: New => Fix Committed

** Tags added: verification-needed-bionic

** Changed in: update-notifier (Ubuntu Xenial)
       Status: New => Fix Committed

** Tags added: verification-needed-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-notifier in Ubuntu.
https://bugs.launchpad.net/bugs/1926990

Title:
  update-notifier should not alert users about esm-apps in a ESM machine

Status in update-notifier package in Ubuntu:
  Fix Released
Status in update-notifier source package in Xenial:
  Fix Committed
Status in update-notifier source package in Bionic:
  Fix Committed
Status in update-notifier source package in Focal:
  Fix Committed
Status in update-notifier source package in Hirsute:
  Fix Committed

Bug description:
  [Impact]
  When users are running an ESM distro and looking at the MOTD they may be surprised by an alert generated by update-notifier that both esm-infra and esm-apps could be enabled in the machine to receive future updates. However, esm-apps will not bring much to an ESM distro. This means that users will be receiving alerts about esm-apps unnecessarily.

  [Test case]

  To reproduce the issue:

  1. Launch a xenial container
  2. Create the file /etc/ubuntu-advantage/uaclient.conf with the following content:

  # Ubuntu-Advantage client config file.
  contract_url: 'https://contracts.canonical.com'
  security_url: 'https://ubuntu.com/security'
  data_dir: /var/lib/ubuntu-advantage
  log_level: debug
  log_file: /var/log/ubuntu-advantage.log
  features:
    allow_beta: true

  3. Install ubuntu-advantage-client from this PPA:
  https://code.launchpad.net/~ua-client/+archive/ubuntu/daily

  PS: Make sure to not allow the installation to override the config
  file you have just created.

  4. Update the version of update-notifier to the one in proposed
  5. Run `/usr/lib/update-notifier/apt-check --human-readable`
  6. Verify that both esm-infra and esm-apps alerts appear at the end of the message

  To verify that the error is fixed:

  1. Run the past scenario until step 3
  2. Install the new update-notifier from this ppa:
  https://launchpad.net/~lamoura/+archive/ubuntu/update-notifier-test-ppa/
  3. Run `/usr/lib/update-notifier/apt-check --human-readable`
  4. Verify that only esm-infra is now showing an alert message at the end

  [Where problems could occur]

  We are changing some aspects of the package that could generate
  problems:

  1) We are changing the condition for when to output esm-apps alerts. If that condition is not right, we may miss displaying the messages to users that need them.
  2) We are adding a new dependency to the package, lsb-release. But since the package was already relying on that dependency, we are just fixing a packaging mistake here.
  3) Instead of relying on `lsb_release` for distro-info, we are now getting that info directly from `/etc/os-release`. Since is an attempt to not rely on subprocess python calls on that script. However, since we are adding more python code, logic errors can not happen because of that new chunk of code.
  4) Since we are touching translatable message, translation errors can happen because of the modifications we are providing here.
  5) We are now adding a ESM Apps headers for the case where users now have
  esm-apps source files in the system. If our logic is incorrect, we could be displaying that info on situations that are not needed.

  However, we believe that all of the risks mentioned above are
  manageable and should not block the changes we are bringing to the
  package.

  [Discussion]
  When running /usr/lib/update-notifier/apt-check on a ESM machine, we could alert the user about the existence of both esm-infra and esm-apps if the system has unauthenticated source files for both services. Therefore, we would display a message like this in the system:

  --------------------------
  Enable UA Apps: ESM to receive additional future security updates.
  See https://ubuntu.com/security/esm or run: sudo ua status

  Enable UA Infra: ESM to receive additional future security updates.
  See https://ubuntu.com/security/esm or run: sudo ua status
  ----------------------------------

  This is not ideal, since ESM machines will not gain much from esm-apps.
  Also, this messaging may hide the importance of using esm-infra on ESM
  machines, since the users will not know beforehand which service to
  prioritize.

  Furthermore, we are also bringing back the message:

  0 updates can be applied immediately

  When the system has no packages to install. This is because users
  found that omission confusing, since they thought that maybe something
  went wrong with motd if display no messages when the system is up to
  date.

  Additionally, we are adding an esm-apps header to the `apt-check`
  message if the system is a LTS one with esm-apps source files on it.
  The header should behave exactly like the one we have for esm-infra:

   UA Apps: Extended Security Maintenance (ESM) is (enabled|disabled).

  We doing this to be consistent with the message we have on ESM distros

  Finally, we are no longer relying on `lsb_release` on `apt-check` to
  get distro info, like name and version. We are parsing `/etc/os-
  release` for that now. The rationale for this change is some errors we
  have saw regarding the use of `subprocess.check_output`. Since we can
  parse the os-release file directly, we believe it is safer to do so
  than to rely on shell out for getting that info.

  == Changelog ==

    * debian/control: add lsb-release to the update-notifier-common depends   as it is used by apt-cdrom-check. (LP: #1927996)
    * data/apt_check.py
      - Only show esm-apps alerts on lts and non-esm distros (LP: #1926990)
      - Update esm-infra alert for distros on ESM mode 
      - Show message with number of upgradable packages even if that 
        number is zero (LP: #1926819)
      - Get distro name and version directly from /etc/os-release
      - Show esm-apps status header when running on LTS distro that 
        has not yet entered Extended Security Maintenance

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/1926990/+subscriptions