This bug was fixed in the package ubuntu-advantage-tools - 27.6~21.10.1 --------------- ubuntu-advantage-tools (27.6~21.10.1) impish; urgency=medium
* Backport new upstream release: (LP: #1958556) to impish -- Lucas Moura <lucas.mo...@canonical.com> Thu, 20 Jan 2022 18:02:36 -0300 ** Changed in: ubuntu-advantage-tools (Ubuntu Impish) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1958556 Title: [SRU] ubuntu-advantage-tools (27.5 -> 27.6) Xenial, Bionic, Focal, Impish Status in ubuntu-advantage-tools package in Ubuntu: Fix Released Status in ubuntu-advantage-tools source package in Xenial: Fix Released Status in ubuntu-advantage-tools source package in Bionic: Fix Released Status in ubuntu-advantage-tools source package in Focal: Fix Released Status in ubuntu-advantage-tools source package in Impish: Fix Released Bug description: [Impact] The main focus of this release is to allow focal cloud users to enable FIPS services on their machines. Furthermore, we are also performing some small fixes in the code: * Fixing how apt and motd messages are updated after some ua operations * Disable the license check job after attach/auto-attach operations. Additionally, we are now making our logs word readable We have spent a lot time debugging our logs to see if are leaking any credentials there, but we are now sure that we have redacted all of the private information See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. Integration test artifacts are attached to the bug. [Regression Potential] Most of the changes are adding new things and the integration tests make sure that the existing functionality is preserved. However, by making the logs world readable, we could be still leaking some credentials there which would be now readable be every user on the machine. [Discussion] Even though the focus of this release is on allowing FIPS services on Focal machines, the major change of this release is making the logs world readable. The reason for making the logs world readable is that we don't have any major reason keep it readable by only sudo users. Also, this will also allow for non-root users to more easily open bugs that affect the package. We have performed several tests on different scenarios to verify that the logs are not leaking, but even though we have tested it multiple times, we could still have a blind spot on that work. If we do have those leaks, this means that user on the machine can try to use the leaked credentials on other machines. This will not affect the machines already attached to an UA subscription. If the team has any reservations about this work, we can better discuss a better path moving forward here. [Changelog] * d/tools.postinst: - make log files world readable * New upstream release 27.6 - cli: only go for resources on explicit help calls - fips: + allow enabling FIPS on focal clouds + update prompt messages - jobs: disable jobs after attach/auto-attach - message: fix how apt and motd messages are updated after ua commands To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1958556/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp