[Bug 1851858] Re: adds ESM to sources.list.d unconditionally, despite it being x86-only

Andreas Hasenack andreas at canonical.com
Thu Nov 14 18:17:46 UTC 2019


** Description changed:

  [Impact]
  The ubuntu-advantage-tools package ("uat", for short) installs by default a sources.list snippet so that the machine can become aware of available ESM updates. They cannot be downloaded without authentication, so to prevent them from being considered in updates, an apt preferences file is also installed pinning the esm repository down.
  
  Turns out that ESM is only available for the x86 architecture, and
  installing that sources.list snippet for other architectures leads to
  apt-get update failures.
  
  A mitigation was put in place on the ESM repository to publish an empty
  archive for these unsupported architectures, so apt-get update won't
  fail.
  
  The change in this SRU adds another case for when postinst configures
  and unconfigures ESM, and that is an architecture check via `dpkg
  --print-architecture`.
  
  This by itself is not enough to prevent users from trying to enable esm-
  infra on non-x86 architectures, as the contract server is still
  incorrectly advertising that support. This has been fixed in the staging
  deployment and a production deployment with this change should happen
  soon as well, completing the fix for this issue.
  
  [Test Case]
+ # Install the current trusty-updates ubuntu-advantage-tools on a non-x86 system (armhf, arm64, ppc64el, or s390x).
+ $ sudo apt install ubuntu-advantage-tools
  
-  * detailed instructions how to reproduce the bug
+ # verify that apt-get update is hitting the esm repository:
+ $ sudo apt-get update | grep esm
+ Get:1 https://esm.ubuntu.com trusty-infra-security InRelease
+ Get:2 https://esm.ubuntu.com trusty-infra-updates InRelease
+ ...
  
-  * these should allow someone who is not familiar with the affected
-    package to reproduce the bug and verify that the updated package fixes
-    the problem.
+ # verify that an esm pinning file was installed. Check that esm.ubuntu.com shows up in the apt-cache policy output, and that its pinning is negative:
+ $ apt-cache policy | grep esm
+ -32768 https://esm.ubuntu.com/ubuntu/ trusty-infra-updates/main ppc64el Packages
+      origin esm.ubuntu.com
+ -32768 https://esm.ubuntu.com/ubuntu/ trusty-infra-security/main ppc64el Packages
+      origin esm.ubuntu.com
+ 
+ # upgrade to the ubuntu-advantage-tools package from proposed and repeat the test. apt-get update shouldn't be hitting the ESm repository anymore, and the policy output should be empty as well:
+ $ sudo apt install ubuntu-advantage-tools # from trusty-proposed
+ $ apt-get update
+ <empty>
+ $ apt-cache policy | grep esm
+ <empty>
+ 
+ # conversely, on a x86 system, the output should remain the same, i.e.,
+ esm should be listed and again with a negative pinning
+ 
  
  [Regression Potential]
  
   * discussion of how regressions are most likely to manifest as a result
  of this change.
  
   * It is assumed that any SRU candidate patch is well-tested before
     upload and has a low overall risk of regression, but it's important
     to make the effort to think about what ''could'' happen in the
     event of a regression.
  
   * This both shows the SRU team that the risks have been considered,
     and provides guidance to testers in regression-testing the SRU.
  
  [Other Info]
  
   * Anything else you think is useful to include
   * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
   * and address these questions in advance
  
  [Original Description]
  The shiny new ubuntu-advantage-tools client adds ESM to sources.list.d unconditionally on all architectures, but the ESM archive itself currently only publishes for x86.  One of those two things is a bug.
  
  Personally, I think it's a bug we don't publish ESM for all the same
  arches as we released for (even if we don't update all the packages for
  all arches, people would at least get things like tzdata updates), but
  if the intent is to be strictly x86-only, then ubuntu-advantage-tools is
  very much in the wrong here, as it creates a situation where apt-get
  update fails on all !x86.

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to ubuntu-advantage-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1851858

Title:
  adds ESM to sources.list.d unconditionally, despite it being x86-only

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-advantage-script/+bug/1851858/+subscriptions



More information about the Ubuntu-server-bugs mailing list