Ubuntu
ubuntu-advantage-tools package

Code review comment for ~chad.smith/ubuntu/+source/ubuntu-advantage-tools:release-27-bionic

Git
lp:~chad.smith/ubuntu/+source/ubuntu-advantage-tools
release-27-bionic
Merge into ubuntu/bionic-proposed

Revision history for this message

Chad Smith (chad.smith) wrote on 2021-04-28:

csmith@downtown:/tmp$ lxc exec test-27-b -- cloud-init status --wait --long

status: done
time: Wed, 28 Apr 2021 00:09:04 +0000
detail:
DataSourceNoCloud [seed=/var/lib/cloud/seed/nocloud-net][dsmode=net]
csmith@downtown:/tmp$ lxc exec test-27-b -- ua version
27.0~18.04.1 +allow_beta +extra_security_params
csmith@downtown:/tmp$ lxc exec test-27-b -- ua status
SERVICE AVAILABLE DESCRIPTION
cc-eal no Common Criteria EAL2 Provisioning Packages
cis yes Center for Internet Security Audit Tools
esm-apps yes UA Apps: Extended Security Maintenance (ESM)
esm-infra yes UA Infra: Extended Security Maintenance (ESM)
fips yes NIST-certified FIPS modules
fips-updates yes Uncertified security updates to FIPS modules
livepatch yes Canonical Livepatch service

This machine is not attached to a UA subscription.
See https://ubuntu.com/advantage
csmith@downtown:/tmp$ lxc exec test-27-b -- ua attach <REDACTED_NO_APPS_>
Enabling default service esm-infra
Updating package lists
UA Infra: ESM enabled
This machine is now attached to '<email address hidden>'

SERVICE ENTITLED STATUS DESCRIPTION
cc-eal yes n/a Common Criteria EAL2 Provisioning Packages
cis yes disabled Center for Internet Security Audit Tools
esm-apps no — UA Apps: Extended Security Maintenance (ESM)
esm-infra yes enabled UA Infra: Extended Security Maintenance (ESM)
fips yes n/a NIST-certified FIPS modules
fips-updates yes n/a Uncertified security updates to FIPS modules
livepatch yes n/a Canonical Livepatch service

NOTICES
Operation in progress: ua attach

Enable services with: ua enable <service>

Account: <email address hidden>
Subscription: <email address hidden>
csmith@downtown:/tmp$ lxc exec test-27-b -- grep Traceback /var/log/ubuntu-advantage.log
csmith@downtown:/tmp$ lxc exec test-27-b -- ua enable esm-apps
One moment, checking your subscription first
This subscription is not entitled to UA Apps: ESM
For more information see: https://ubuntu.com/advantage.
csmith@downtown:/tmp$ lxc exec test-27-b -- ua detach
Detach will disable the following service:
esm-infra
Are you sure? (y/N) y
Updating package lists
This machine is now detached.
csmith@downtown:/tmp$ lxc exec test-27-b -- ua attach <REDACTED_WITH_APPS>
Enabling default service esm-apps
Updating package lists
UA Apps: ESM enabled
Enabling default service esm-infra
Updating package lists
UA Infra: ESM enabled
This machine is now attached to 'UA Applications - Essential (Physical)'

SERVICE ENTITLED STATUS DESCRIPTION
cc-eal yes n/a Common Criteria EAL2 Provisioning Packages
cis yes disabled Center for Internet Security Audit Tools
esm-apps yes enabled UA Apps: Extended Security Maintenance (ESM)
esm-infra yes enabled UA Infra: Extended Security Maintenance (ESM)
fips yes n/a NIST-certified FIPS modules
fips-updates yes n/a Uncertified security updates to FIPS modules
livepatch yes n/a Canonical Livepatch service

NOTICES
Operation in progress: ua attach

Enable services with: ua enable <service>

                Account:
           Subscription: UA Applications - Essential (Physical)
            Valid until: 3999-12-31 00:00:00
Technical support level: essential

root@test-27-b:~# apt install krb5-locales=1.16-2build1
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
  libfreetype6
Use 'apt autoremove' to remove it.
The following packages will be DOWNGRADED:
  krb5-locales
0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 7 not upgraded.
Need to get 13.8 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://archive.ubuntu.com/ubuntu bionic/main amd64 krb5-locales all 1.16-2build1 [13.8 kB]
Fetched 13.8 kB in 0s (30.7 kB/s)
dpkg: warning: downgrading krb5-locales from 1.16-2ubuntu0.2 to 1.16-2build1
(Reading database ... 28930 files and directories currently installed.)
Preparing to unpack .../krb5-locales_1.16-2build1_all.deb ...
Unpacking krb5-locales (1.16-2build1) over (1.16-2ubuntu0.2) ...
Setting up krb5-locales (1.16-2build1) ...
root@test-27-b:~# ua fix USN-4850-1
Unexpected error(s) occurred.
For more details, see the log: /var/log/ubuntu-advantage.log
To file a bug run: ubuntu-bug ubuntu-advantage-tools
root@test-27-b:~# vi /etc/ubuntu-advantage/uaclient.conf
root@test-27-b:~# ua fix USN-4850-1
USN-4850-1: Kerberos vulnerabilities
Found CVEs:
https://ubuntu.com/security/CVE-2018-20217
https://ubuntu.com/security/CVE-2020-28196
1 affected package is installed: krb5
(1/1) krb5:
A fix is available in UA Apps.
{
  apt update && apt install --only-upgrade -y krb5-locales libgssapi-krb5-2 \
  libk5crypto3 libkrb5-3 libkrb5support0
}
✔ USN-4850-1 is resolved.

csmith@downtown:/tmp$ lxc exec test-27-b -- cloud-init status --wait --long

status: done
time: Wed, 28 Apr 2021 00:09:04 +0000
detail:
DataSourceNoCloud [seed=/var/lib/cloud/seed/nocloud-net][dsmode=net]
csmith@downtown:/tmp$ lxc exec test-27-b -- ua version
27.0~18.04.1 +allow_beta +extra_security_params
csmith@downtown:/tmp$ lxc exec test-27-b -- ua status
SERVICE       AVAILABLE  DESCRIPTION
cc-eal        no         Common Criteria EAL2 Provisioning Packages
cis           yes        Center for Internet Security Audit Tools
esm-apps      yes        UA Apps: Extended Security Maintenance (ESM)
esm-infra     yes        UA Infra: Extended Security Maintenance (ESM)
fips          yes        NIST-certified FIPS modules
fips-updates  yes        Uncertified security updates to FIPS modules
livepatch     yes        Canonical Livepatch service

SERVICE       ENTITLED  STATUS    DESCRIPTION
cc-eal        yes       n/a       Common Criteria EAL2 Provisioning Packages
cis           yes       disabled  Center for Internet Security Audit Tools
esm-apps      no        —         UA Apps: Extended Security Maintenance (ESM)
esm-infra     yes       enabled   UA Infra: Extended Security Maintenance (ESM)
fips          yes       n/a       NIST-certified FIPS modules
fips-updates  yes       n/a       Uncertified security updates to FIPS modules
livepatch     yes       n/a       Canonical Livepatch service

NOTICES
Operation in progress: ua attach

Enable services with: ua enable <service>

Account: chad.smith@canonical.com
Subscription: chad.smith@canonical.com
csmith@downtown:/tmp$ lxc exec test-27-b -- grep Traceback /var/log/ubuntu-advantage.log
csmith@downtown:/tmp$ lxc exec test-27-b -- ua enable esm-apps
One moment, checking your subscription first
This subscription is not entitled to UA Apps: ESM
For more information see: https://ubuntu.com/advantage.
csmith@downtown:/tmp$ lxc exec test-27-b -- ua detach
Detach will disable the following service:
    esm-infra
Are you sure? (y/N) y
Updating package lists
This machine is now detached.
csmith@downtown:/tmp$ lxc exec test-27-b -- ua attach <REDACTED_WITH_APPS>
Enabling default service esm-apps
Updating package lists
UA Apps: ESM enabled
Enabling default service esm-infra
Updating package lists
UA Infra: ESM enabled
This machine is now attached to 'UA Applications - Essential (Physical)'

SERVICE       ENTITLED  STATUS    DESCRIPTION
cc-eal        yes       n/a       Common Criteria EAL2 Provisioning Packages
cis           yes       disabled  Center for Internet Security Audit Tools
esm-apps      yes       enabled   UA Apps: Extended Security Maintenance (ESM)
esm-infra     yes       enabled   UA Infra: Extended Security Maintenance (ESM)
fips          yes       n/a       NIST-certified FIPS modules
fips-updates  yes       n/a       Uncertified security updates to FIPS modules
livepatch     yes       n/a       Canonical Livepatch service

NOTICES
Operation in progress: ua attach

Enable services with: ua enable <service>

Account: 
           Subscription: UA Applications - Essential (Physical)
            Valid until: 3999-12-31 00:00:00
Technical support level: essential

root@test-27-b:~# apt install krb5-locales=1.16-2build1
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following package was automatically installed and is no longer required:
  libfreetype6
Use 'apt autoremove' to remove it.
The following packages will be DOWNGRADED:
  krb5-locales
0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 7 not upgraded.
Need to get 13.8 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y 
Get:1 http://archive.ubuntu.com/ubuntu bionic/main amd64 krb5-locales all 1.16-2build1 [13.8 kB]
Fetched 13.8 kB in 0s (30.7 kB/s)      
dpkg: warning: downgrading krb5-locales from 1.16-2ubuntu0.2 to 1.16-2build1
(Reading database ... 28930 files and directories currently installed.)
Preparing to unpack .../krb5-locales_1.16-2build1_all.deb ...
Unpacking krb5-locales (1.16-2build1) over (1.16-2ubuntu0.2) ...
Setting up krb5-locales (1.16-2build1) ...
root@test-27-b:~# ua fix USN-4850-1
Unexpected error(s) occurred.
For more details, see the log: /var/log/ubuntu-advantage.log
To file a bug run: ubuntu-bug ubuntu-advantage-tools
root@test-27-b:~# vi /etc/ubuntu-advantage/uaclient.conf
root@test-27-b:~# ua fix USN-4850-1
USN-4850-1: Kerberos vulnerabilities
Found CVEs:
https://ubuntu.com/security/CVE-2018-20217
https://ubuntu.com/security/CVE-2020-28196
1 affected package is installed: krb5
(1/1) krb5:
A fix is available in UA Apps.
{
  apt update && apt install --only-upgrade -y krb5-locales libgssapi-krb5-2 \
  libk5crypto3 libkrb5-3 libkrb5support0
}
✔ USN-4850-1 is resolved.

« Back to merge proposal

Ubuntuubuntu-advantage-tools package

Code review comment for ~chad.smith/ubuntu/+source/ubuntu-advantage-tools:release-27-bionic

Ubuntu
ubuntu-advantage-tools package