apt-get will start failing for some users when Bionic reaches ESM
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-advantage-tools (Ubuntu) |
Fix Released
|
Critical
|
Renan Rodrigo | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned | ||
Kinetic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
[Original Description]
As discussed in https:/
It appears that this will be problematic for users who run in an isolated network environment with their own local apt mirrors or managed apt repositories. For them, "apt-get update" will start to fail on this date, whereas previously it worked. Effectively, for those users, this is a time bomb.
Following discussion we think that we must find a way that does not change users' system apt configuration except when they explicitly opt-in to that.
This bug has an obvious hard deadline, but really needs fixing well in advance to prevent inadvertent triggering of the bug before users have picked up the fix.
[Test Case]
It is important to notice that this 'time bomb' described above will be triggered not only by Bionic reaching ESM (trigger for esm-infra), but also can be triggered by esm-apps as it goes out of beta. This will happen in the exact release where this bug is fixed.
For the functionality: on a Xenial system:
- verify that there is a unauthenticated .lists file for esm-infra
- run security-status and see there are package counts for esm, advertising possible updates
- install ubuntu-
- verify that there are no unauthenticated esm-infra files
- run apt update
- run security-status and see there are package counts for esm, advertising possible updates
For this particular bug fix: on a Bionic system:
- install ubuntu-
- verify that there are no unauthenticated esm-apps files, or esm-infra files
- run apt update
- run security-status and see there are package counts for esm, advertising possible updates
[Regression Potential]
This should be a 'refactor' from the functionality point of view - all integration/
If we have a gap in our unit/integration tests, then this gap may contain errors that we did not catch yet. We have also tested this change taking into consideration all of the common scenarios where it would run to avoid surprises.
A review from juliank was most helpful to make sure we didn't implement anything wrong with the available apt libraries.
[Discussion]
As discussed in https:/
Changed in ubuntu-advantage-tools (Ubuntu): | |
assignee: | nobody → Renan Rodrigo (renanrodrigo) |
Changed in ubuntu-advantage-tools (Ubuntu): | |
status: | Triaged → In Progress |
description: | updated |
options from IRC discussion notes:
* download yourself -> big no no, don't want reimplementation of metadata verification
* run a private apt instance and hide the output -> you just hide the failures, but you still end up talking to the server or failing.
* debconf prompt to add sources.list entry -> terrible UX to ask everyone
* check that esm.ubuntu.com is reachable when installing package -> sounds reasonable to _me_
Further discussion warranted.