[SRU] Backport Fix barbican client with application credentials/trusts to Ussuri/Victoria

this is just a placeholder atm until the upstream backports are merged

The upstream fixes have been merged, and this is now ready to be reviewed.

I have attached the following debdiffs:

* lp2035180-octavia-focal.debdiff - Ubuntu Focal
* lp2035180-octavia-bionic-ussuri.debdiff - UCA Bionic-Ussuri
* lp2035180-octavia-focal-victoria.debdiff - UCA Focal-Victoria

The attachment "lp2035180-octavia-focal.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

Duplicating the contents from pastebin for documentation purposes.
Please always use comments/attachments (in case external links break in the future, but this needs to be revisited/reviewed; e.g., when analyzing regressions or related work :)

(originally in https://pastebin.ubuntu.com/p/458fsc9ffz/ )

ubuntu@dnegreira-bastion:~/stsstack-bundles/openstack$ openstack project list
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+
| 424d928b34b640e0a36a8a2e3fdc6f09 | demo |
| 507dbc22af73459b853e3766c35c8b64 | admin |
| cab27753566d42029be264f36ba2b8e4 | admin |
| d212590292cf4a60b445c6d6343ccfbc | services |
| ec0fb8a582714d54aaa71fef843e1dea | alt_demo |
| fe131c6831fc477ea15e27d46c28fe2f | services |
+----------------------------------+----------+
ubuntu@dnegreira-bastion:~/stsstack-bundles/openstack$ openstack domain list
+----------------------------------+----------------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+----------------+---------+--------------------+
| 201b2ebc79db4c73bf5e72b548327830 | service_domain | True | Created by Juju |
| 9a9ba9e3fb704f24a45098c605f6b4fb | admin_domain | True | Created by Juju |
| default | Default | True | The default domain |
+-------------------...

Hey David,

Thanks for the patches and SRU template, it looks good and to the point.

1) I'd just suggest to add more detail to 'Where problems could occur section'
(e.g., why is that a possible regression, and if there are other cases where
it wouldn't apply, say http only, or if a workaround is available if needed).

Regarding the debdiffs and .patch files -- mostly good too! Just a few points:

2) The version increment in Ubuntu stable releases is almost always '0.1'
(vs. '1' in Ubuntu development releases), see guide in [1].
For the Cloud Archive, the number in the ~cloudX suffix is incremented
(with '1' instead of '0.1' now :) instead of another ubuntuX(.Y) scheme at the end).

3) Some of the changelogs have an extra empty line before the signature.
Ah, and you may set TZ= for dch to pick up your timezone if you want.)
Bug number and patch file name format look good!

4) The git commit/patch format provides most fields (see Standard Fields in DEP3 [2];
e.g., Description/Subject, Origin/Author/From, Bug-Ubuntu), and only 'Origin:' and
'Bug-Ubuntu:' are usually required for Ubuntu SRUs, in addition.

Origin: ideally points to the commit merged upstream (instead of a review/issue/pr),
and has the 'backport' keyword (vs. 'upstream') only if changes were needed for the
patch to apply in the Ubuntu package (instead of whether the upstream commit itself
is a backport of an upstream change introduced in later versions).

Thanks again,
Mauricio

[1] https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging
[2] https://dep-team.pages.debian.net/deps/dep3/

Ah, it would be nice to note in Impact and/or Other Info (depending on the level of detail) in which version in Ubuntu the fix is introduced (i.e., so we can mark the devel release task as Fix Released) -- in this case it seems to be Jammy, but having it documented is great! Thanks.

Hi Mauricio,

Thank you for your comments, I have improved the bug description as well as uploaded new debdiffs:

For Ubuntu focal:
* lp2035180-octavia-focal.debdiff

I have also uploaded the debdiffs for UCA:

* lp2035180-octavia-bionic-ussuri.debdiff
* lp2035180-octavia-focal-victoria.debdiff
* lp2035180-octavia-focal-wallaby.debdiff

I have also added the targets with the released Fixes.

PS, the TZ is set to 0000 as that is what I usually work with on my development environments :)

Hope this is good now, any comments appreciated.

David, thank you for your work on this. I've uploaded to wallaby and victoria staging PPAs for the cloud archive and to the ubuntu focal unapproved queue for SRU team review: https://launchpad.net/ubuntu/focal/+queue?queue_state=1&queue_text=octavia

Hello David, or anyone else affected,

Accepted octavia into wallaby-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:wallaby-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-wallaby-needed to verification-wallaby-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-wallaby-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello David, or anyone else affected,

Accepted octavia into victoria-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:victoria-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-victoria-needed to verification-victoria-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-victoria-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello,

Focal-wallaby has been verified, cli commands and reproducer on comment #21, and package installation on comment #22.

I have followed the reproducer as described in comment #10 and verified that the issue was fixed.

The verification of the Stable Release Update for octavia has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package octavia - 1:8.0.1-0ubuntu1~cloud1
---------------

 octavia (1:8.0.1-0ubuntu1~cloud1) focal-wallaby; urgency=medium
 .
   * d/p/fix-barbican-client-with-application-credentials-trust.patch:
     Fix barbican client when using application credentials. (LP: #2035180).

Hello,

Focal-victoria has been verified, cli commands and reproducer on comment #26, and package installation on comment #27.

I have followed the reproducer as described in comment #10 and verified that the issue was fixed.

The verification of the Stable Release Update for octavia has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package octavia - 7.1.2-0ubuntu1~cloud1
---------------

 octavia (7.1.2-0ubuntu1~cloud1) focal-victoria; urgency=medium
 .
   * d/p/fix-barbican-client-with-application-credentials-trust.patch:
     Fix barbican client when using application credentials. (LP: #2035180).

Hello David, or anyone else affected,

Accepted octavia into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/octavia/6.2.2-0ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello,

Focal-Ussuri has been verified, cli commands and reproducer on comment #33 and package installation on comment #34

I have followed the reproducer as described in comment #10 and verified that the issue was fixed.

Hello David, or anyone else affected,

Accepted octavia into ussuri-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ussuri-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ussuri-needed to verification-ussuri-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ussuri-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello,

Bionic-Ussuri UCA package has been verified, cli commands and reproducer on comment #37 and package installation on comment #38

I have followed the reproducer as described in comment #10 and verified that the issue was fixed.

This bug was fixed in the package octavia - 6.2.2-0ubuntu1.1

---------------
octavia (6.2.2-0ubuntu1.1) focal; urgency=medium

  * d/p/fix-barbican-client-with-application-credentials-trust.patch:
    Fix barbican client when using application credentials. (LP: #2035180).

 -- David Negreira <email address hidden> Tue, 24 Oct 2023 12:56:13 +0000