Ubuntu
update-manager package

include system state from apt-clone in apport package hook

Bug #1029046 reported by Brian Murray
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
update-manager (Ubuntu)
Won't Fix
Undecided
Unassigned
Precise
Fix Released
High
Brian Murray

Bug Description

As documented in bug 954483 and bug 1004503 update-manager was attaching apt-clone system state information which included usernames and passwords from apt sources files. apt-clone has been modified to scrub the sources files (bug 1029021) before creating them and update-manager should be updated to take advantage of this and start including apt system state information again as it is useful in debugging distribution upgrades.

[Impact]
update-manager is not currently include apt clone system state information when creating apport reports for sending to Launchpad. This information is essential for debugging distribution upgrades and should be included.

[Test Case]
0) Install apt-clone version 0.2.2ubuntu1 as this includes necessary functionality
1) Create a file /etc/apt/sources.list.d/my-ppa.list with a line like so:
'deb http://bdmurray:<email address hidden>/bdmurray/hda/ubuntu precise main'
2) Edit /etc/default/grub so that you have a line missing a final quote:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash
3) start a distribution upgrade from Oneiric to Precise
4) there should now be a file in /var/log/dist-upgrade named apt-clone_system_state.tar.gz; copy this to /tmp/ and tar xfvz it
5) look for bdmurray and g00dpassw0rd in the extracted version of my-ppa.list

With the version of update-manager from -proposed my-ppa.list should contain USERNAME:PASSWORD instead of my nick and password.

[Regression Potential]
It is possible that usernames and passwords will appear in apt-clone_system_state.tar.gz but test case in this bug report is pretty solid. Additionally this same code has been in quantal since early July.

See original description
Revision history for this message
Brian Murray (brian-murray) wrote :

This is already done in quantal, in ubuntu-release-upgrader, which contains code split out from update-manager and specifically deals with release upgrades.

description: updated
Changed in update-manager (Ubuntu):
status: New → Won't Fix
Changed in update-manager (Ubuntu Precise):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Brian Murray (brian-murray)
Brian Murray (brian-murray)
description: updated
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello Brian, or anyone else affected,

Accepted update-manager into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/update-manager/1:0.156.14.7 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in update-manager (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Jean-Baptiste Lallement (jibel)
description: updated
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

SRU verification for Precise:
I have reproduced the problem with update-manager 1:0.156.14.6 in precise-updates and have verified that the version of update-manager 1:0.156.14.9 in -proposed fixes the issue.

Marking as verification-done

tags: added: verification-done
removed: verification-needed
Revision history for this message
Steve Langasek (vorlon) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package update-manager - 1:0.156.14.9

---------------
update-manager (1:0.156.14.9) precise-proposed; urgency=low

  * No change rebuild to pick up the fixed apt_clone.py

update-manager (1:0.156.14.8) precise-proposed; urgency=low

  * Fix removal_blacklist to blacklist "^screen$" instead of "screen".
    This fixes cases where the upgrade would fail because of a package
    containing "screen" being removed. (LP: #1029531)

update-manager (1:0.156.14.7) precise-proposed; urgency=low

  * DistUpgrade/DistUpgradeMain.py: call clone.save_state with
    scrub_sources set so that VarLogDistUpgradeAptclonesystemstate will be
    included in bug reports again (LP: #1029046)
  * DistUpgrade/DistUpgradeApport.py: check errormsg for the English version of
    the dependency problems error first (LP: #999890)
    - add apt-clone_system_state.tar.gz to white list of files to upload
  * In the apport source package hook collect apt-clone information if the bug
    report is about a distribution upgrade (LP: #1029046)
  * Don't throw exception on socket timeout when downloading metarelease file
    (LP: #818760)
 -- Stephane Graber <email address hidden> Thu, 09 Aug 2012 17:05:37 -0400

Changed in update-manager (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.