ubuntu-security-tools

Merge ~alexmurray/ubuntu-security-tools:upgradeable-version into ubuntu-security-tools:master

  1. Git
  2. lp:~alexmurray/ubuntu-security-tools
  3. upgradeable-version
  4. Merge into master
Proposed by Alex Murray
Status: Merged
Merged at revision: ab37bcd7d8839c30693cbbd09b0eec33fb98846f
Proposed branch: ~alexmurray/ubuntu-security-tools:upgradeable-version
Merge into: ubuntu-security-tools:master
Diff against target: 38 lines (+27/-0)
1 file modified
package-tools/check-source-package (+27/-0)
Reviewer Review Type Date Requested Status
Ubuntu Security Team Pending
Review via email: mp+374411@code.launchpad.net

Description of the change

It was noticed that we had previously published an update for openjpeg2 in bionic which would not be able to be upgraded when doing a release upgrade to say disco/eoan etc:

$ rmadison -u ubuntu openjpeg2
 openjpeg2 | 2.1.0-2.1 | xenial/universe | source
 openjpeg2 | 2.1.2-1.1+deb9u3build0.16.04.1 | xenial-security/universe | source
 openjpeg2 | 2.1.2-1.1+deb9u3build0.16.04.1 | xenial-updates/universe | source
 openjpeg2 | 2.3.0-1 | bionic/universe | source
 openjpeg2 | 2.3.0-2 | disco/universe | source
 openjpeg2 | 2.3.0-2 | eoan/universe | source
 openjpeg2 | 2.3.0-2 | focal/universe | source
 openjpeg2 | 2.3.0-2build0.18.04.1 | bionic-security/universe | source
 openjpeg2 | 2.3.0-2build0.18.04.1 | bionic-updates/universe | source

Note that 2.3.0-2build0.18.04.1 now published to bionic-security and hence bionic-updates has a greater version than 2.3.0-2 in disco/eoan/focal so when a user upgrades to disco/eoan/focal openjpeg2 will not be upgraded to the appropriate version.

So we update check-source-package so that when running umt check in this case, the following extra output is emitted:

Upgradeable version: FAIL
 Current: 2.3.0-2build0.18.04.1 in bionic-security
 Found:
    2.3.0-2 in focal
    2.3.0-2 in eoan
    2.3.0-2 in disco

To post a comment you must log in.
Revision history for this message
Emilia Torino (emitorino) wrote :

LGTM!

BTW, Is it there any way to fix the issue in openjpeg2? or any other package having the same issue? something like a forced update?

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

Just a minor comment, it is supersede instead of supercede. But this shouldn't impact the merge and can be fixed later on.

Revision history for this message
Alex Murray (alexmurray) wrote :

emitorino - yes ebarretto pushed no-change-rebuilds with new version numbers to the newer releases so that they now have higher version numbers to deal with this:

https://launchpad.net/ubuntu/+source/openjpeg2/2.3.0-2build0.19.04.1
https://launchpad.net/ubuntu/+source/openjpeg2/2.3.0-2build0.19.10.1
https://launchpad.net/ubuntu/+source/openjpeg2/2.3.0-2build1

ebarretto - seems I am not the only one to misspell it since we have 1 occurrence of the correct spelling in the repo currently and 2 of the misspelling:

amurray@slate:~/ubuntu/git/ubuntu-security-tools[master|?P]$ rg -i supersede
build-tools/umt
2969: err("You will supersede the PPA and --esm is missing. Aborting.")

amurray@slate:~/ubuntu/git/ubuntu-security-tools[master|?P]$ rg -i supercede
repo-tools/am
4:# Get a list of current source package versions, ignoring superceded stuff

doc/wiki/deleted_SecurityTeam_UpdateProceduresDAK
4:'''IMPORTANT:''' These instructions have been superceded by SecurityTeam/UpdatePublication

So for now I will merge this as is and we can fix the spelling later :)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/package-tools/check-source-package b/package-tools/check-source-package
index 4f38478..62ae75c 100755
--- a/package-tools/check-source-package
+++ b/package-tools/check-source-package
@@ -702,6 +702,33 @@ check_version() {
702 echo "pass"702 echo "pass"
703 fi703 fi
704704
705 # check we are not superceding a version in a later release which would
706 # prevent updating to the other release's package on upgrade
707 format_test_name "Upgradeable version"
708 superceded=""
709 # get timestamp of this release
710 distdate=$(date -d $(curl -s https://api.launchpad.net/1.0/ubuntu/"${dist%%-*}" | grep -o '"date_created": "[0-9T:.+-]\+"' | sed 's/.*"\([0-9T:.+-]\+\)".*/\1/') +%s)
711 while read -r oldversion oldseries; do
712 # get timestamp of published release
713 olddist="${oldseries%%/*}"
714 olddate=$(date -d $(curl -s https://api.launchpad.net/1.0/ubuntu/"${olddist%%-*}" | grep -o '"date_created": "[0-9T:.+-]\+"' | sed 's/.*"\([0-9T:.+-]\+\)".*/\1/') +%s)
715 if [ $olddate -gt $distdate ]; then
716 if dpkg --compare-versions "$version" gt "$oldversion"; then
717 superceded="$oldversion $olddist\n$superceded"
718 fi
719 fi
720 done < <(rmadison -u ubuntu "$package" | awk '{print $3 " " $5}')
721 if [ -n "$superceded" ]; then
722 failed "FAIL"
723 echo " Current: $version in $dist"
724 echo " Found: "
725 while read -r oldversion olddist; do
726 if [ ! -z "$oldversion" ]; then
727 echo " $oldversion in $olddist"
728 fi
729 done < <(echo -e "$superceded")
730 fi
731
705 if echo "$version" | grep -E -q '~ppa[a-zA-Z0-9]+$' ; then732 if echo "$version" | grep -E -q '~ppa[a-zA-Z0-9]+$' ; then
706 warned "PPA version detected"733 warned "PPA version detected"
707 fi734 fi

Subscribers

People subscribed via source and target branches