[Bug 2050956] Re: [SRU] Update d/control file with dependencies

[Chloé Smith]

** Description changed:

+ [SRU]
+ =======
+ 
  [Impact]
  
  `google-guest-agent` is a package provided by Google for installation
  within guests that run on Google Compute Engine (GCE). It is part of a
  collection of tools and daemons that ensure that Ubuntu images published
  to GCE run properly on the platform.
  
  There is a diff between Google's packaged debian distro [0]
- `debian/control` file and what's currently in the archive [1]. This was
- originally harmless but now has caused a customer issue where they were
- unable to login as they'd upgraded the `google-guest-agent` package but
- _not_ the `google-compute-engine-oslogin` package.
+ `debian/control` file and what's currently in the ubuntu archive. This
+ was originally harmless but now has caused a customer issue.
  
- The `google-guest-agent` should have a dependency on `google-compute-
- engine-oslogin` the same as it does in the Google managed control file.
- Also the `Uploaders` and `Vcs-*` fields are out of date.
+ Unattended upgrades caused a `google-guest-agent` update (the last
+ release was a no-change-rebuild against `-security`) but as there was
+ _no_ dependency on `google-compute-engine-oslogin` in the d/control
+ file, users became locked out of their instances.
+ 
+ This is because the creation of the `sudoers` file has moved from the
+ PAM module to `authorized keys` (example diffs in jammy here [1][2]). It
+ was previously in the PAM account manager stack, but since the latest
+ update this `google-guest-agent` version doesn't try to setup an account
+ manager stack anymore. In other words the responsibility of creating
+ these files has changed, but without the dependency in d/control on
+ `google-compute-engine-oslogin` the `sudoers` file is not created when a
+ user tries OSlogin.
+ 
  
  [Test Case]
  
  When the new version of this package is uploaded to -proposed, the
  following will happen:
  
   * an image based on -proposed will be built for GCE and published
   * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation.
   * Each test image will be launched, and we will validate:
   ** the package version(s)
   ** that the correct ssh keys have been imported
   ** that the google specific services are running successfully
  
  If all the testing indicates that the image containing the new package
  is acceptable, verification will be considered to be done.
  
  [Additional Information]
  
  This bug is used to track the release of this new version for all the
- supported suites, as per the policy mentioned here [2].
+ supported suites, as per the policy mentioned here [3].
  
  [0]: https://github.com/GoogleCloudPlatform/guest-agent/tree/main/packaging/debian
- [1]: https://git.launchpad.net/~cloud-images/cloud-images/+git/google-guest-agent/tree/debian/control?h=ubuntu/master
- [2]: https://wiki.ubuntu.com/google-guest-agent-Updates
+ [1]: https://launchpadlibrarian.net/709883238/google-guest-agent_20220622.00-0ubuntu2~22.04.1_20231004.02-0ubuntu1~22.04.2.diff.gz
+ [2]: https://launchpadlibrarian.net/696732553/google-compute-engine-oslogin_20220714.00-0ubuntu1~22.04.1_20231004.00-0ubuntu1~22.04.1.diff.gz
+ [3]: https://wiki.ubuntu.com/google-guest-agent-Updates

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2050956

Title:
  [SRU] Update d/control file with dependencies

Status in google-guest-agent package in Ubuntu:
  Fix Released
Status in google-guest-agent source package in Xenial:
  New
Status in google-guest-agent source package in Bionic:
  New
Status in google-guest-agent source package in Focal:
  New
Status in google-guest-agent source package in Jammy:
  New
Status in google-guest-agent source package in Mantic:
  New
Status in google-guest-agent source package in Noble:
  Fix Released

Bug description:
  [SRU]
  =======

  [Impact]

  `google-guest-agent` is a package provided by Google for installation
  within guests that run on Google Compute Engine (GCE). It is part of a
  collection of tools and daemons that ensure that Ubuntu images
  published to GCE run properly on the platform.

  There is a diff between Google's packaged debian distro [0]
  `debian/control` file and what's currently in the ubuntu archive. This
  was originally harmless but now has caused a customer issue.

  Unattended upgrades caused a `google-guest-agent` update (the last
  release was a no-change-rebuild against `-security`) but as there was
  _no_ dependency on `google-compute-engine-oslogin` in the d/control
  file, users became locked out of their instances.

  This is because the creation of the `sudoers` file has moved from the
  PAM module to `authorized keys` (example diffs in jammy here [1][2]).
  It was previously in the PAM account manager stack, but since the
  latest update this `google-guest-agent` version doesn't try to setup
  an account manager stack anymore. In other words the responsibility of
  creating these files has changed, but without the dependency in
  d/control on `google-compute-engine-oslogin` the `sudoers` file is not
  created when a user tries OSlogin.

  
  [Test Case]

  When the new version of this package is uploaded to -proposed, the
  following will happen:

   * an image based on -proposed will be built for GCE and published
   * the GCE team will be asked to validate that the new package addresses the issues it is expected to address, and that the image passes their internal image validation.
   * Each test image will be launched, and we will validate:
   ** the package version(s)
   ** that the correct ssh keys have been imported
   ** that the google specific services are running successfully

  If all the testing indicates that the image containing the new package
  is acceptable, verification will be considered to be done.

  [Additional Information]

  This bug is used to track the release of this new version for all the
  supported suites, as per the policy mentioned here [3].

  [0]: https://github.com/GoogleCloudPlatform/guest-agent/tree/main/packaging/debian
  [1]: https://launchpadlibrarian.net/709883238/google-guest-agent_20220622.00-0ubuntu2~22.04.1_20231004.02-0ubuntu1~22.04.2.diff.gz
  [2]: https://launchpadlibrarian.net/696732553/google-compute-engine-oslogin_20220714.00-0ubuntu1~22.04.1_20231004.00-0ubuntu1~22.04.1.diff.gz
  [3]: https://wiki.ubuntu.com/google-guest-agent-Updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/google-guest-agent/+bug/2050956/+subscriptions