[Bug 1771443] [NEW] Applying Bionic repository profile doesn't work

Launchpad Bug Tracker 1771443 at bugs.launchpad.net
Fri May 18 23:36:30 UTC 2018 

You have been subscribed to a public bug by Simon Poirier (simpoir):

[Impact]

 * Users trying to apply changes to package profiles through landscape will get
   an error in the activity. This will result in incomplete apt source list on
   those clients.

 * This change add handling for both unicode and bytes contents for
   apt-sources-replace messages from landscape-server.

[Test Case]

 * install landscape-server-quickstart and landscape-api from ppa:landscape/17.03
 * create user, generate api key and export it in a shell
 * Import the mirror key
   $ curl 'https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0xC0B21F32' > mirror_key
   $ landscape-api import-gpg-key ubuntu-new-mirror-key ./mirror_key
 * Create a gpg key named sign-key, without passphrase:
   $ gpg --gen-key
   $ gpg -a -o sign-key --export-secret-key sign-key
   $ landscape-api import-gpg-key sign-key ./sign-key
 * Create a mirror and profile
   $ landscape-api create-distribution ubuntu
   $ landscape-api create-series --pockets security --components restricted --architectures amd64 --mirror-gpg-key ubuntu-new-mirror-key --gpg-key sign-key --mirror-uri http://archive.ubuntu.com/ubuntu/ --mirror-series bionic bionic-repo ubuntu
   $ landscape-api sync-mirror-pocket security bionic-repo ubuntu
   $ landscape-api create-repository-profile --description "This profile is for Bionic-security-restricted" bio-secu-restricted-profile
   $ landscape-api associate-repository-profile --all-computers bio-secu-restricted-profile

 * Create a bionic container or machine, and install landscape-client.
   $ echo | openssl s_client --connect landscape-server:443 | openssl x509 | tee /etc/landscape/server.crt
   $ landscape-config --silent  --computer-title "My Web Server" --account-name standalone  --url https://landscape-server/message-system --ping-url http://landscape-server/ping -k /etc/landscape/server.crt
 * Accept the client and repository activitiy. The profile should apply correctly.
   $ landscape-api accept-pending-computers 1
   $ landscape-api approve-activities type:ChangeRepositoryProfilesRequest
 * Update the repository profile. The activity should succeed with the fix,
   and the client should have a non-empty source file at
   /etc/apt/sources.list.d/landscape-bio-secu-restricted-profile.list
   $ landscape-api add-pockets-to-repository-profile bio-secu-restricted-profile security bionic-repo ubuntu

[Regression Potential]

 * This change tries to correct the issue as simply and locally as
possible.

 * Further regressions are unlikely as the fix only adds a flag in case the
   content is not the expected type when writing.

 * No other functionality depends on this code path.

[Other Info]

 * Shouldn't the content always be str anyway? Yes, but messages which went
   through the broker before the python3 switch wouldn't be due previously
   implicit typing, thus the fact we need to handle both.
 * Shouldn't there be other messages with the same issue? There were, and
   they got caught before the 18.01 release.


[Original description]

Landscape can't apply Ubuntu 18.04 repository profiles.

Steps to reproduce:

1) Have the newest Ubuntu signing mirror key [C0B21F32] and your resign
mirror key imported, and a registered 18.04 computer that has the tag
"bionic-test".

2) Create a small repository:
$ landscape-api create-distribution ubuntu
$ landscape-api create-series --pockets security --components restricted --architectures amd64 --mirror-gpg-key ubuntu-new-mirror-key --gpg-key lds-repo-sign-key --mirror-uri http://archive.ubuntu.com/ubuntu/ --mirror-series bionic bionic-repo ubuntu

3) Initiate the sync:
$ landscape-api sync-mirror-pocket security bionic-repo ubuntu

4) Create a repository profile:
$ landscape-api create-repository-profile --description "This profile is for Bionic-security-restricted" bio-secu-restricted-profile

5) Associate the repository profile to the computer with the "bionic-test" tag:
$ landscape-api associate-repository-profile --tags bionic-test bio-secu-restricted-profile

6) Add the security pocket to the repository profile:
$ landscape-api add-pockets-to-repository-profile bio-secu-restricted-profile security bionic-repo ubuntu

The activity fails with "TypeError: a bytes-like object is required, not
'str'", and the landscape-bio-secu-restricted-profile.list file on the
client is empty.

** Affects: landscape-client
     Importance: High
     Assignee: Simon Poirier (simpoir)
         Status: Fix Committed

** Affects: landscape-client (Ubuntu)
     Importance: High
     Assignee: Simon Poirier (simpoir)
         Status: Confirmed


** Tags: lds-squad
-- 
Applying Bionic repository profile doesn't work
https://bugs.launchpad.net/bugs/1771443
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list