** Description changed: + [Impact] + + * Users trying to apply changes to package profiles through landscape will get + an error in the activity. This will result in incomplete apt source list on + those clients. + + * This change add handling for both unicode and bytes contents for + apt-sources-replace messages from landscape-server. + + [Test Case] + + * install landscape-server-quickstart and landscape-api from ppa:landscape/17.03 + * create user, generate api key and export it in a shell + * Import the mirror key + $ curl 'https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0xC0B21F32' > mirror_key + $ landscape-api import-gpg-key ubuntu-new-mirror-key ./mirror_key + * Create a gpg key named sign-key, without passphrase: + $ gpg --gen-key + $ gpg -a -o sign-key --export-secret-key sign-key + $ landscape-api import-gpg-key sign-key ./sign-key + * Create a mirror and profile + $ landscape-api create-distribution ubuntu + $ landscape-api create-series --pockets security --components restricted --architectures amd64 --mirror-gpg-key ubuntu-new-mirror-key --gpg-key sign-key --mirror-uri http://archive.ubuntu.com/ubuntu/ --mirror-series bionic bionic-repo ubuntu + $ landscape-api sync-mirror-pocket security bionic-repo ubuntu + $ landscape-api create-repository-profile --description "This profile is for Bionic-security-restricted" bio-secu-restricted-profile + $ landscape-api associate-repository-profile --all-computers bio-secu-restricted-profile + + * Create a bionic container or machine, and install landscape-client. + $ echo | openssl s_client --connect landscape-server:443 | openssl x509 | tee /etc/landscape/server.crt + $ landscape-config --silent --computer-title "My Web Server" --account-name standalone --url https://landscape-server/message-system --ping-url http://landscape-server/ping -k /etc/landscape/server.crt + * Accept the client and repository activitiy. The profile should apply correctly. + $ landscape-api accept-pending-computers 1 + $ landscape-api approve-activities type:ChangeRepositoryProfilesRequest + * Update the repository profile. The activity should succeed with the fix, + and the client should have a non-empty source file at + /etc/apt/sources.list.d/landscape-bio-secu-restricted-profile.list + $ landscape-api add-pockets-to-repository-profile bio-secu-restricted-profile security bionic-repo ubuntu + + [Regression Potential] + + * This change tries to correct the issue as simply and locally as + possible. + + * Further regressions are unlikely as the fix only adds a flag in case the + content is not the expected type when writing. + + * No other functionality depends on this code path. + + [Other Info] + + * Shouldn't the content always be str anyway? Yes, but messages which went + through the broker before the python3 switch wouldn't be due previously + implicit typing, thus the fact we need to handle both. + * Shouldn't there be other messages with the same issue? There were, and + they got caught before the 18.01 release. + + [Original description] + + Landscape can't apply Ubuntu 18.04 repository profiles. Steps to reproduce: 1) Have the newest Ubuntu signing mirror key [C0B21F32] and your resign mirror key imported, and a registered 18.04 computer that has the tag "bionic-test". 2) Create a small repository: $ landscape-api create-distribution ubuntu $ landscape-api create-series --pockets security --components restricted --architectures amd64 --mirror-gpg-key ubuntu-new-mirror-key --gpg-key lds-repo-sign-key --mirror-uri http://archive.ubuntu.com/ubuntu/ --mirror-series bionic bionic-repo ubuntu 3) Initiate the sync: $ landscape-api sync-mirror-pocket security bionic-repo ubuntu 4) Create a repository profile: $ landscape-api create-repository-profile --description "This profile is for Bionic-security-restricted" bio-secu-restricted-profile - 5) Associate the repository profile to the computer with the "bionic-test" tag: + 5) Associate the repository profile to the computer with the "bionic-test" tag: $ landscape-api associate-repository-profile --tags bionic-test bio-secu-restricted-profile 6) Add the security pocket to the repository profile: $ landscape-api add-pockets-to-repository-profile bio-secu-restricted-profile security bionic-repo ubuntu The activity fails with "TypeError: a bytes-like object is required, not 'str'", and the landscape-bio-secu-restricted-profile.list file on the client is empty.
** Patch added: "bionic.debdiff" https://bugs.launchpad.net/ubuntu/+source/landscape-client/+bug/1771443/+attachment/5141518/+files/bionic.debdiff ** Description changed: [Impact] - * Users trying to apply changes to package profiles through landscape will get - an error in the activity. This will result in incomplete apt source list on - those clients. + * Users trying to apply changes to package profiles through landscape will get + an error in the activity. This will result in incomplete apt source list on + those clients. - * This change add handling for both unicode and bytes contents for - apt-sources-replace messages from landscape-server. + * This change add handling for both unicode and bytes contents for + apt-sources-replace messages from landscape-server. [Test Case] - * install landscape-server-quickstart and landscape-api from ppa:landscape/17.03 - * create user, generate api key and export it in a shell - * Import the mirror key - $ curl 'https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0xC0B21F32' > mirror_key - $ landscape-api import-gpg-key ubuntu-new-mirror-key ./mirror_key - * Create a gpg key named sign-key, without passphrase: - $ gpg --gen-key - $ gpg -a -o sign-key --export-secret-key sign-key - $ landscape-api import-gpg-key sign-key ./sign-key - * Create a mirror and profile - $ landscape-api create-distribution ubuntu - $ landscape-api create-series --pockets security --components restricted --architectures amd64 --mirror-gpg-key ubuntu-new-mirror-key --gpg-key sign-key --mirror-uri http://archive.ubuntu.com/ubuntu/ --mirror-series bionic bionic-repo ubuntu - $ landscape-api sync-mirror-pocket security bionic-repo ubuntu - $ landscape-api create-repository-profile --description "This profile is for Bionic-security-restricted" bio-secu-restricted-profile - $ landscape-api associate-repository-profile --all-computers bio-secu-restricted-profile + * install landscape-server-quickstart and landscape-api from ppa:landscape/17.03 + * create user, generate api key and export it in a shell + * Import the mirror key + $ curl 'https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0xC0B21F32' > mirror_key + $ landscape-api import-gpg-key ubuntu-new-mirror-key ./mirror_key + * Create a gpg key named sign-key, without passphrase: + $ gpg --gen-key + $ gpg -a -o sign-key --export-secret-key sign-key + $ landscape-api import-gpg-key sign-key ./sign-key + * Create a mirror and profile + $ landscape-api create-distribution ubuntu + $ landscape-api create-series --pockets security --components restricted --architectures amd64 --mirror-gpg-key ubuntu-new-mirror-key --gpg-key sign-key --mirror-uri http://archive.ubuntu.com/ubuntu/ --mirror-series bionic bionic-repo ubuntu + $ landscape-api sync-mirror-pocket security bionic-repo ubuntu + $ landscape-api create-repository-profile --description "This profile is for Bionic-security-restricted" bio-secu-restricted-profile + $ landscape-api associate-repository-profile --all-computers bio-secu-restricted-profile - * Create a bionic container or machine, and install landscape-client. - $ echo | openssl s_client --connect landscape-server:443 | openssl x509 | tee /etc/landscape/server.crt - $ landscape-config --silent --computer-title "My Web Server" --account-name standalone --url https://landscape-server/message-system --ping-url http://landscape-server/ping -k /etc/landscape/server.crt - * Accept the client and repository activitiy. The profile should apply correctly. - $ landscape-api accept-pending-computers 1 - $ landscape-api approve-activities type:ChangeRepositoryProfilesRequest - * Update the repository profile. The activity should succeed with the fix, - and the client should have a non-empty source file at - /etc/apt/sources.list.d/landscape-bio-secu-restricted-profile.list - $ landscape-api add-pockets-to-repository-profile bio-secu-restricted-profile security bionic-repo ubuntu + * Create a bionic container or machine, and install landscape-client. + $ echo | openssl s_client --connect landscape-server:443 | openssl x509 | tee /etc/landscape/server.crt + $ landscape-config --silent --computer-title "My Web Server" --account-name standalone --url https://landscape-server/message-system --ping-url http://landscape-server/ping -k /etc/landscape/server.crt + * Accept the client and repository activitiy. The profile should apply correctly. + $ landscape-api accept-pending-computers 1 + $ landscape-api approve-activities type:ChangeRepositoryProfilesRequest + * Update the repository profile. The activity should succeed with the fix, + and the client should have a non-empty source file at + /etc/apt/sources.list.d/landscape-bio-secu-restricted-profile.list + $ landscape-api add-pockets-to-repository-profile bio-secu-restricted-profile security bionic-repo ubuntu [Regression Potential] - * This change tries to correct the issue as simply and locally as + * This change tries to correct the issue as simply and locally as possible. - * Further regressions are unlikely as the fix only adds a flag in case the - content is not the expected type when writing. + * Further regressions are unlikely as the fix only adds a flag in case the + content is not the expected type when writing. - * No other functionality depends on this code path. + * No other functionality depends on this code path. [Other Info] - * Shouldn't the content always be str anyway? Yes, but messages which went - through the broker before the python3 switch wouldn't be due previously - implicit typing, thus the fact we need to handle both. - * Shouldn't there be other messages with the same issue? There were, and - they got caught before the 18.01 release. + * Shouldn't the content always be str anyway? Yes, but messages which went + through the broker before the python3 switch wouldn't be due previously + implicit typing, thus the fact we need to handle both. + * Shouldn't there be other messages with the same issue? There were, and + they got caught before the 18.01 release. + [Original description] - Landscape can't apply Ubuntu 18.04 repository profiles. Steps to reproduce: 1) Have the newest Ubuntu signing mirror key [C0B21F32] and your resign mirror key imported, and a registered 18.04 computer that has the tag "bionic-test". 2) Create a small repository: $ landscape-api create-distribution ubuntu $ landscape-api create-series --pockets security --components restricted --architectures amd64 --mirror-gpg-key ubuntu-new-mirror-key --gpg-key lds-repo-sign-key --mirror-uri http://archive.ubuntu.com/ubuntu/ --mirror-series bionic bionic-repo ubuntu 3) Initiate the sync: $ landscape-api sync-mirror-pocket security bionic-repo ubuntu 4) Create a repository profile: $ landscape-api create-repository-profile --description "This profile is for Bionic-security-restricted" bio-secu-restricted-profile 5) Associate the repository profile to the computer with the "bionic-test" tag: $ landscape-api associate-repository-profile --tags bionic-test bio-secu-restricted-profile 6) Add the security pocket to the repository profile: $ landscape-api add-pockets-to-repository-profile bio-secu-restricted-profile security bionic-repo ubuntu The activity fails with "TypeError: a bytes-like object is required, not 'str'", and the landscape-bio-secu-restricted-profile.list file on the client is empty. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1771443 Title: Applying Bionic repository profile doesn't work To manage notifications about this bug go to: https://bugs.launchpad.net/landscape-client/+bug/1771443/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
