My output with precise-updates: $ sudo unattended-upgrades --debug --dry-run Initial blacklisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=precise-security'] Checking: unattended-upgrades (["<Origin component:'main' archive:'' origin:'' label:'precise archive' site:'esm.ubuntu.com' isTrusted:True>"]) pkgs that look like they should be upgraded: Fetched 0 B in 0s (0 B/s) blacklist: [] InstCount=0 DelCount=0 BrokenCout=0 No packages found that can be upgraded unattended and no pending auto-removals $
My output with precise-proposed: $ sudo unattended-upgrades --debug --dry-runInitial blacklisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=precise-security', 'o=UbuntuESM,a=precise'] Checking: unattended-upgrades (["<Origin component:'main' archive:'' origin:'' label:'precise archive' site:'esm.ubuntu.com' isTrusted:True>"]) pkgs that look like they should be upgraded: Fetched 0 B in 0s (0 B/s) blacklist: [] InstCount=0 DelCount=0 BrokenCout=0 No packages found that can be upgraded unattended and no pending auto-removals $ So it's not being installed. It doesn't look like the publication changes are live on esm.u.c. ** Description changed: - [Impact] - ESM users relying on unattended upgrades. + [SRU Justification] + When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. - [Test cases] - This requires a system installed with Ubuntu 12.04 and Ubuntu Advantage credentials. + [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 - 1) install ubuntu-advantage-tools and unattended upgrades - 2) run 'sudo ubuntu-advantage enable-esm'; supply credentials for Ubuntu Advantage - 3) run 'sudo apt-get update' - 4) fake up the contents of /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages to list a newer version of unattended-upgrades - 5) run 'sudo unattended-upgrades --debug --apt-debug' + Since the ESM archive contains packages updated by the Ubuntu Security + team, we should ensure the behavior of unattended-upgrades applies the + same default policy to both. + + [Test case] + 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' + 2. run 'sudo ubuntu-advantage enable-esm <creds>' with your private creds to enable the ESM archive + 3. run 'sudo apt-get update' + 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number + 5. run 'sudo unattended-upgrades --debug --apt-debug' and verify that no unattended-upgrades package is installed. + 6. install unattended-upgrades from -proposed. + 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number + 8. run 'sudo unattended-upgrades --debug --aptdebug' and verify that it tries to install a new unattended-upgrades package (though this will fail). [Regression potential] - --- - - When the dust has settled on the ESM archive Release file format[1], - unattended-upgrades needs to be tweaked to match. - - [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 ** Description changed: [SRU Justification] When the dust has settled on the ESM archive Release file format[1], unattended-upgrades needs to be tweaked to match. [1] https://github.com/CanonicalLtd/archive-auth-mirror/issues/43 Since the ESM archive contains packages updated by the Ubuntu Security team, we should ensure the behavior of unattended-upgrades applies the same default policy to both. [Test case] 1. run 'sudo apt-get install ubuntu-advantage-tools unattended-upgrades' 2. run 'sudo ubuntu-advantage enable-esm <creds>' with your private creds to enable the ESM archive 3. run 'sudo apt-get update' 4. create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number - 5. run 'sudo unattended-upgrades --debug --apt-debug' and verify that no unattended-upgrades package is installed. + 5. run 'sudo unattended-upgrades --debug --dry-run' and verify that no unattended-upgrades package is installed. 6. install unattended-upgrades from -proposed. 7. again create a faked-up entry in /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_precise_main_binary-amd64_Packages for the unattended-upgrades package with a higher version number - 8. run 'sudo unattended-upgrades --debug --aptdebug' and verify that it tries to install a new unattended-upgrades package (though this will fail). + 8. run 'sudo unattended-upgrades --debug --dry-run' and verify that it offers to install a new unattended-upgrades package. [Regression potential] - - --- + Worst-case scenario is a bug that prevents future security updates from being applied correctly. This is not a concern for precise because there will be no further security updates /except/ those enabled by this SRU, but this SRU should also be included in all later stable releases. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1687129 Title: Needs to allow updates from the ESM archive To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1687129/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
