Ubuntu system image

please add support to run postinst-style code on first boot after upgrades

Bug #1215092 reported by Jamie Strandboge
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu system image
In Progress
Critical
Unassigned
click-apparmor (Ubuntu)
Won't Fix
Undecided
Unassigned
Saucy
Won't Fix
Undecided
Unassigned
Trusty
Won't Fix
Undecided
Unassigned
lxc-android-config (Ubuntu)
Fix Released
High
Unassigned
Saucy
Fix Released
High
Unassigned

Bug Description

Currently updates to system packages are run on the server with postinst, triggers, etc running there such that when an image based update is delivered, all of this already done. This a great for the vast majority of cases but there are times when this is not enough, for example, updating click package apparmor profiles after the system has apparmor policy updates. Consider this scenario:
 1. user uses RO Ubuntu image on a device
 2. user install 15 click packages
 3. bug is found in apparmor policy for the ubuntu-sdk apparmor template
 4. apparmor-easyprof-ubuntu is updated to correct the template
 5. image based upgrades picks this up and include the new apparmor-easyprof-ubuntu in its update
 6. the update is delivered to users

At this point, newly installed click packages will get the apparmor policy fixes, but not the original 15. It is a requirement for application confinement that we are able to update policy for already installed click packages. Currently, policy updates may happen via apparmor, apparmor-easyprof-ubuntu and/or click-apparmor.

Tags: appstore
Jamie Strandboge (jdstrand)
summary: - please add support to run code on first boot after upgrades
+ please add support to run postinst-style code on first boot after
+ upgrades
tags: added: appstore
Changed in lxc-android-config (Ubuntu Saucy):
importance: Undecided → High
assignee: nobody → Stéphane Graber (stgraber)
status: New → Triaged
Stéphane Graber (stgraber)
Changed in ubuntu-system-image:
assignee: nobody → Stéphane Graber (stgraber)
importance: Undecided → High
status: New → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

apparmor, apparmor-easyprof-ubuntu and click-apparmor will need to be adjusted to use what Stephane comes up with. Add tasks for those.

Changed in apparmor (Ubuntu Saucy):
status: New → Confirmed
Changed in apparmor-easyprof-ubuntu (Ubuntu Saucy):
status: New → Confirmed
Changed in click-apparmor (Ubuntu Saucy):
status: New → Confirmed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

I am going to try to fix this in click-apparmor for now. I think having an upstart job for it will be better overall, since it can better manage what it is doing wrt apparmor and its sysvinit script.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

To be clear, I am leaving the the click-apparmor task here though, since I would like still like to hook into the lxc-android-config/system-image framework when it arrives.

Stéphane Graber (stgraber)
Changed in ubuntu-system-image:
importance: High → Critical
status: Triaged → In Progress
Revision history for this message
Stéphane Graber (stgraber) wrote :

Feature branch for lxc-android-config is here: https://code.launchpad.net/~stgraber/ubuntu/saucy/lxc-android-config/boot-hooks/+merge/188172

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc-android-config - 0.105

---------------
lxc-android-config (0.105) saucy; urgency=low

  [ Stéphane Graber ]
  * Add basic boot-hooks infrastructure (LP: #1215092)
 -- Loic Minier <email address hidden> Thu, 03 Oct 2013 14:44:09 +0200

Changed in lxc-android-config (Ubuntu Saucy):
status: Triaged → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Adding t-series task since we'll be redoing policy load then.

no longer affects: apparmor (Ubuntu T-series)
no longer affects: apparmor (Ubuntu Saucy)
no longer affects: apparmor (Ubuntu)
no longer affects: apparmor-easyprof-ubuntu (Ubuntu T-series)
no longer affects: apparmor-easyprof-ubuntu (Ubuntu Saucy)
no longer affects: apparmor-easyprof-ubuntu (Ubuntu)
Changed in click-apparmor (Ubuntu Saucy):
status: Confirmed → Won't Fix
no longer affects: lxc-android-config (Ubuntu T-series)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Marking the click-apparmor task as Won't Fix for now. What we have currently works and we will be coming up with a new way to do policy loads in the next release that should help with this.

Changed in click-apparmor (Ubuntu Trusty):
status: Triaged → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Marking click-apparmor as Won't Fix. We are going to handle this another way.

Changed in click-apparmor (Ubuntu):
status: Confirmed → Won't Fix
Stéphane Graber (stgraber)
Changed in ubuntu-system-image:
assignee: Stéphane Graber (stgraber) → nobody
Changed in lxc-android-config (Ubuntu):
assignee: Stéphane Graber (stgraber) → nobody
Changed in lxc-android-config (Ubuntu Saucy):
assignee: Stéphane Graber (stgraber) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.