Merge ~lamoura/ubuntu/+source/ubuntu-advantage-tools:upload-29.2-mantic into ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel
- Git
- lp:~lamoura/ubuntu/+source/ubuntu-advantage-tools
- upload-29.2-mantic
- Merge into ubuntu/devel
Status: | Merged |
---|---|
Merged at revision: | 1a4649696bcb308d722454964caaeb8599fcde45 |
Proposed branch: | ~lamoura/ubuntu/+source/ubuntu-advantage-tools:upload-29.2-mantic |
Merge into: | ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel |
Diff against target: |
390 lines (+211/-18) 13 files modified
debian/changelog (+9/-0) debian/ubuntu-advantage-tools.postinst (+3/-3) features/proxy_config.feature (+15/-2) preferences.d/ubuntu-pro-esm-apps (+7/-4) preferences.d/ubuntu-pro-esm-infra (+7/-5) sru/release-29/test-esm-pinning.sh (+6/-0) sru/release-29/test-key-rename-failure.sh (+118/-0) uaclient/cli.py (+14/-0) uaclient/exceptions.py (+7/-0) uaclient/http/__init__.py (+13/-2) uaclient/http/tests/test_http.py (+8/-1) uaclient/messages.py (+3/-0) uaclient/version.py (+1/-1) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Sergio Durigan Junior (community) | Approve | ||
Ubuntu Sponsors | Pending | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+449741@code.launchpad.net |
Commit message
Description of the change
New release addressing the bugs identified on the SRU review of 29.1
Lucas Albuquerque Medeiros de Moura (lamoura) wrote : | # |
Sergio Durigan Junior (sergiodj) wrote : | # |
Thanks, Lucas.
There's a small nit on sru/release-
Sergio Durigan Junior (sergiodj) wrote : | # |
So I talked to Lucas in private, and while pedantically speaking the comparison operator '==' shouldn't be used when comparing strings with '[', bash still supports it (although it is not the standard) and this won't affect the release per se.
Therefore, in order to avoid spending even more time changing the code, I will go ahead and upload the package as is. Lucas also told me that they plan to tackle this specific issue in the next releases.
Uploaded:
$ dput ubuntu-
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/
Checking signature on .dsc
gpg: /home/sergio/
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Uploading ubuntu-
Successfully uploaded packages.
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog | |||
2 | index 6d7a651..1378858 100644 | |||
3 | --- a/debian/changelog | |||
4 | +++ b/debian/changelog | |||
5 | @@ -1,3 +1,12 @@ | |||
6 | 1 | ubuntu-advantage-tools (29.2) mantic; urgency=medium | ||
7 | 2 | |||
8 | 3 | * d/ubuntu-advantage-tools.postinst: | ||
9 | 4 | - replace deb-systemd-invoke back to systemctl | ||
10 | 5 | * proxy: alert user if ca-certificates is not installed when using | ||
11 | 6 | a TLS-in-TLS proxy | ||
12 | 7 | |||
13 | 8 | -- Lucas Moura <lucas.moura@canonical.com> Thu, 17 Aug 2023 19:45:48 -0300 | ||
14 | 9 | |||
15 | 1 | ubuntu-advantage-tools (29.1) mantic; urgency=medium | 10 | ubuntu-advantage-tools (29.1) mantic; urgency=medium |
16 | 2 | 11 | ||
17 | 3 | * anbox: allow enabling service on container using the --access-only flag | 12 | * anbox: allow enabling service on container using the --access-only flag |
18 | diff --git a/debian/ubuntu-advantage-tools.postinst b/debian/ubuntu-advantage-tools.postinst | |||
19 | index b332333..b11748f 100644 | |||
20 | --- a/debian/ubuntu-advantage-tools.postinst | |||
21 | +++ b/debian/ubuntu-advantage-tools.postinst | |||
22 | @@ -256,11 +256,11 @@ remove_old_systemd_units() { | |||
23 | 256 | # The failed state is ephemeral and only needs to be cleared if | 256 | # The failed state is ephemeral and only needs to be cleared if |
24 | 257 | # it is there so that the system doesn't say it is degraded. | 257 | # it is there so that the system doesn't say it is degraded. |
25 | 258 | # If the old timer was not running, then this is a noop. | 258 | # If the old timer was not running, then this is a noop. |
28 | 259 | deb-systemd-invoke --system daemon-reload > /dev/null || true | 259 | systemctl --system daemon-reload > /dev/null || true |
29 | 260 | deb-systemd-invoke reset-failed ua-license-check.timer > /dev/null 2>&1 || true | 260 | systemctl reset-failed ua-license-check.timer > /dev/null 2>&1 || true |
30 | 261 | # In rare race-condition scenarios, the service can also get into | 261 | # In rare race-condition scenarios, the service can also get into |
31 | 262 | # the same failed state. | 262 | # the same failed state. |
33 | 263 | deb-systemd-invoke reset-failed ua-license-check.service > /dev/null 2>&1 || true | 263 | systemctl reset-failed ua-license-check.service > /dev/null 2>&1 || true |
34 | 264 | fi | 264 | fi |
35 | 265 | deb-systemd-helper purge ua-license-check.path > /dev/null || true | 265 | deb-systemd-helper purge ua-license-check.path > /dev/null || true |
36 | 266 | deb-systemd-helper unmask ua-license-check.path > /dev/null || true | 266 | deb-systemd-helper unmask ua-license-check.path > /dev/null || true |
37 | diff --git a/features/proxy_config.feature b/features/proxy_config.feature | |||
38 | index 0b6359d..755f5dc 100644 | |||
39 | --- a/features/proxy_config.feature | |||
40 | +++ b/features/proxy_config.feature | |||
41 | @@ -1257,7 +1257,19 @@ Feature: Proxy configuration | |||
42 | 1257 | Proxy authentication failed | 1257 | Proxy authentication failed |
43 | 1258 | """ | 1258 | """ |
44 | 1259 | 1259 | ||
46 | 1260 | When I run `pro config set https_proxy=https://someuser:somepassword@$behave_var{machine-name proxy}.lxd:3129` with sudo | 1260 | When I run `apt remove ca-certificates -y` with sudo |
47 | 1261 | And I run `rm -f /etc/ssl/certs/ca-certificates.crt` with sudo | ||
48 | 1262 | And I verify that running `pro config set https_proxy=https://someuser:somepassword@$behave_var{machine-name proxy}.lxd:3129` `with sudo` exits `1` | ||
49 | 1263 | Then stderr matches regexp: | ||
50 | 1264 | """ | ||
51 | 1265 | Failed to access URL: https://.* | ||
52 | 1266 | Cannot verify certificate of server | ||
53 | 1267 | Please install "ca-certificates" and try again. | ||
54 | 1268 | """ | ||
55 | 1269 | |||
56 | 1270 | When I run `apt install ca-certificates -y` with sudo | ||
57 | 1271 | And I run `update-ca-certificates` with sudo | ||
58 | 1272 | And I run `pro config set https_proxy=https://someuser:somepassword@$behave_var{machine-name proxy}.lxd:3129` with sudo | ||
59 | 1261 | And I run `pro config set ua_apt_https_proxy=https://someuser:somepassword@$behave_var{machine-name proxy}.lxd:3129` with sudo | 1273 | And I run `pro config set ua_apt_https_proxy=https://someuser:somepassword@$behave_var{machine-name proxy}.lxd:3129` with sudo |
60 | 1262 | 1274 | ||
61 | 1263 | When I run `truncate -s 0 /var/log/squid/access.log` `with sudo` on the `proxy` machine | 1275 | When I run `truncate -s 0 /var/log/squid/access.log` `with sudo` on the `proxy` machine |
62 | @@ -1285,7 +1297,8 @@ Feature: Proxy configuration | |||
63 | 1285 | """ | 1297 | """ |
64 | 1286 | 1298 | ||
65 | 1287 | # Pre-install canonical-livepatch to tell it to trust the cert | 1299 | # Pre-install canonical-livepatch to tell it to trust the cert |
67 | 1288 | When I run `snap install canonical-livepatch` with sudo | 1300 | When I run `apt install snapd -y` with sudo |
68 | 1301 | And I run `snap install canonical-livepatch` with sudo | ||
69 | 1289 | And I run shell command `canonical-livepatch config ca-certs=@stdin < /usr/local/share/ca-certificates/ca.crt` with sudo | 1302 | And I run shell command `canonical-livepatch config ca-certs=@stdin < /usr/local/share/ca-certificates/ca.crt` with sudo |
70 | 1290 | 1303 | ||
71 | 1291 | When I run `truncate -s 0 /var/log/squid/access.log` `with sudo` on the `proxy` machine | 1304 | When I run `truncate -s 0 /var/log/squid/access.log` `with sudo` on the `proxy` machine |
72 | diff --git a/preferences.d/ubuntu-pro-esm-apps b/preferences.d/ubuntu-pro-esm-apps | |||
73 | index aa60598..5ded6f8 100644 | |||
74 | --- a/preferences.d/ubuntu-pro-esm-apps | |||
75 | +++ b/preferences.d/ubuntu-pro-esm-apps | |||
76 | @@ -1,7 +1,10 @@ | |||
81 | 1 | # This file was created by ubuntu-advantage-tools | 1 | # This file is used by Ubuntu Pro and supplied by the ubuntu-advantage-tools |
82 | 2 | 2 | # package. It has no effect if Ubuntu Pro services are not in use since no | |
83 | 3 | # Pin esm-apps packages to a slightly higher value than the archive, | 3 | # other apt repositories are expected to match o=UbuntuESMApps. |
84 | 4 | # so those are preferred when the service is enabled | 4 | # |
85 | 5 | # Pin esm-apps packages to a slightly higher value than the default, | ||
86 | 6 | # so those are preferred over a non-ESM package from the archive when the | ||
87 | 7 | # service is enabled. | ||
88 | 5 | 8 | ||
89 | 6 | Package: * | 9 | Package: * |
90 | 7 | Pin: release o=UbuntuESMApps | 10 | Pin: release o=UbuntuESMApps |
91 | diff --git a/preferences.d/ubuntu-pro-esm-infra b/preferences.d/ubuntu-pro-esm-infra | |||
92 | index af9bf5a..e956e0a 100644 | |||
93 | --- a/preferences.d/ubuntu-pro-esm-infra | |||
94 | +++ b/preferences.d/ubuntu-pro-esm-infra | |||
95 | @@ -1,8 +1,10 @@ | |||
101 | 1 | # This file was created by ubuntu-advantage-tools | 1 | # This file is used by Ubuntu Pro and supplied by the ubuntu-advantage-tools |
102 | 2 | 2 | # package. It has no effect if Ubuntu Pro services are not in use since no | |
103 | 3 | # Pin esm-infra packages to a slightly higher value than the archive, | 3 | # other apt repositories are expected to match o=UbuntuESM. |
104 | 4 | # so those are preferred when the service is enabled | 4 | # |
105 | 5 | 5 | # Pin esm-infra packages to a slightly higher value than the default, | |
106 | 6 | # so those are preferred over a non-ESM package from the archive when the | ||
107 | 7 | # service is enabled. | ||
108 | 6 | Package: * | 8 | Package: * |
109 | 7 | Pin: release o=UbuntuESM | 9 | Pin: release o=UbuntuESM |
110 | 8 | Pin-Priority: 510 | 10 | Pin-Priority: 510 |
111 | diff --git a/sru/release-29/test-esm-pinning.sh b/sru/release-29/test-esm-pinning.sh | |||
112 | index b9db8c6..b64d8e3 100755 | |||
113 | --- a/sru/release-29/test-esm-pinning.sh | |||
114 | +++ b/sru/release-29/test-esm-pinning.sh | |||
115 | @@ -104,6 +104,12 @@ check_esm_pin "infra" 510 | |||
116 | 104 | check_esm_pin "apps" 510 | 104 | check_esm_pin "apps" 510 |
117 | 105 | echo -e "###########################################\n" | 105 | echo -e "###########################################\n" |
118 | 106 | 106 | ||
119 | 107 | # Check pin for archive packages | ||
120 | 108 | echo -e "\n* Check pins for package in archive" | ||
121 | 109 | echo "###########################################" | ||
122 | 110 | lxc exec $name -- apt-cache policy toilet python3-ipdb | ||
123 | 111 | echo -e "###########################################\n" | ||
124 | 112 | |||
125 | 107 | # Disable esm-apps and esm-infra | 113 | # Disable esm-apps and esm-infra |
126 | 108 | # ---------------------------------------------------------------- | 114 | # ---------------------------------------------------------------- |
127 | 109 | disable_esm_services | 115 | disable_esm_services |
128 | diff --git a/sru/release-29/test-key-rename-failure.sh b/sru/release-29/test-key-rename-failure.sh | |||
129 | 110 | new file mode 100644 | 116 | new file mode 100644 |
130 | index 0000000..6ad58e8 | |||
131 | --- /dev/null | |||
132 | +++ b/sru/release-29/test-key-rename-failure.sh | |||
133 | @@ -0,0 +1,118 @@ | |||
134 | 1 | #!/bin/bash | ||
135 | 2 | set -e | ||
136 | 3 | |||
137 | 4 | series=$1 | ||
138 | 5 | token=$2 | ||
139 | 6 | install_from=$3 # either path to a .deb, or 'staging', or 'proposed' | ||
140 | 7 | |||
141 | 8 | name=$series-dev | ||
142 | 9 | |||
143 | 10 | function cleanup { | ||
144 | 11 | lxc delete $name --force | ||
145 | 12 | } | ||
146 | 13 | |||
147 | 14 | function on_err { | ||
148 | 15 | echo -e "Test Failed" | ||
149 | 16 | cleanup | ||
150 | 17 | exit 1 | ||
151 | 18 | } | ||
152 | 19 | trap on_err ERR | ||
153 | 20 | |||
154 | 21 | lxc launch ubuntu-daily:$series $name | ||
155 | 22 | sleep 5 | ||
156 | 23 | |||
157 | 24 | # Install latest ubuntu-advantage-tools | ||
158 | 25 | lxc exec $name -- apt-get update > /dev/null | ||
159 | 26 | lxc exec $name -- apt-get install -y ubuntu-advantage-tools > /dev/null | ||
160 | 27 | echo -e "\n* Latest u-a-t is installed" | ||
161 | 28 | echo "###########################################" | ||
162 | 29 | lxc exec $name -- apt-cache policy ubuntu-advantage-tools | ||
163 | 30 | echo -e "###########################################\n" | ||
164 | 31 | |||
165 | 32 | # Attach so we can have some gpg keys in place | ||
166 | 33 | lxc exec $name -- pro attach $token | ||
167 | 34 | echo -e "\n* Pro is attached" | ||
168 | 35 | echo "###########################################" | ||
169 | 36 | lxc exec $name -- pro status --wait | ||
170 | 37 | echo -e "###########################################\n" | ||
171 | 38 | |||
172 | 39 | # Upgrade u-a-t to new version | ||
173 | 40 | # ---------------------------------------------------------------- | ||
174 | 41 | if [ $install_from == 'staging' ]; then | ||
175 | 42 | lxc exec $name -- sudo add-apt-repository ppa:ua-client/staging -y > /dev/null | ||
176 | 43 | lxc exec $name -- apt-get update > /dev/null | ||
177 | 44 | lxc exec $name -- apt-get install ubuntu-advantage-tools -y > /dev/null | ||
178 | 45 | elif [ $install_from == 'proposed' ]; then | ||
179 | 46 | lxc exec $name -- sh -c "echo \"deb http://archive.ubuntu.com/ubuntu $series-proposed main\" | tee /etc/apt/sources.list.d/proposed.list" | ||
180 | 47 | lxc exec $name -- apt-get update > /dev/null | ||
181 | 48 | lxc exec $name -- apt-get install ubuntu-advantage-tools -y > /dev/null | ||
182 | 49 | else | ||
183 | 50 | lxc file push $install_from $name/new-ua.deb | ||
184 | 51 | lxc exec $name -- dpkg -i /new-ua.deb > /dev/null | ||
185 | 52 | fi | ||
186 | 53 | # ---------------------------------------------------------------- | ||
187 | 54 | |||
188 | 55 | echo -e "\n* Renaiming keys back to their original name" | ||
189 | 56 | echo "###########################################" | ||
190 | 57 | lxc exec $name -- mv /etc/apt/trusted.gpg.d/ubuntu-pro-esm-infra.gpg /etc/apt/trusted.gpg.d/ubuntu-advantage-esm-infra-trusty.gpg | ||
191 | 58 | lxc exec $name -- mv /etc/apt/trusted.gpg.d/ubuntu-pro-esm-apps.gpg /etc/apt/trusted.gpg.d/ubuntu-advantage-esm-apps.gpg | ||
192 | 59 | echo -e "###########################################\n" | ||
193 | 60 | |||
194 | 61 | echo -e "\n* List gpg keys" | ||
195 | 62 | echo "###########################################" | ||
196 | 63 | lxc exec $name -- ls /etc/apt/trusted.gpg.d/ | ||
197 | 64 | echo -e "###########################################\n" | ||
198 | 65 | |||
199 | 66 | # Modify the postinst script to fail after renaming just one key | ||
200 | 67 | lxc exec $name -- sed -i "s/^\s\+SERVICES=.*/error/g" /var/lib/dpkg/info/ubuntu-advantage-tools.postinst | ||
201 | 68 | echo -e "\n* Running postinst script again" | ||
202 | 69 | echo "###########################################" | ||
203 | 70 | lxc exec $name -- dpkg-reconfigure ubuntu-advantage-tools || true | ||
204 | 71 | echo -e "###########################################\n" | ||
205 | 72 | |||
206 | 73 | # Check that only one key got renamed | ||
207 | 74 | echo -e "\n* List gpg keys" | ||
208 | 75 | echo "###########################################" | ||
209 | 76 | lxc exec $name -- ls /etc/apt/trusted.gpg.d/ | ||
210 | 77 | echo -e "###########################################\n" | ||
211 | 78 | |||
212 | 79 | # Make sure the services are still enabled | ||
213 | 80 | echo -e "\n* Check that services are still enabled" | ||
214 | 81 | echo "###########################################" | ||
215 | 82 | lxc exec $name -- pro status --wait | ||
216 | 83 | echo -e "###########################################\n" | ||
217 | 84 | |||
218 | 85 | # Check that apt update is working as expected | ||
219 | 86 | echo -e "\n* Check that APT update is working as expected" | ||
220 | 87 | echo "###########################################" | ||
221 | 88 | lxc exec $name -- apt update | ||
222 | 89 | echo -e "###########################################\n" | ||
223 | 90 | |||
224 | 91 | # Disable service which key was not renamed | ||
225 | 92 | echo -e "\n* Disable esm-apps service which gpg key was not renamed" | ||
226 | 93 | echo "###########################################" | ||
227 | 94 | lxc exec $name -- pro disable esm-apps | ||
228 | 95 | lxc exec $name -- pro status | ||
229 | 96 | echo -e "###########################################\n" | ||
230 | 97 | |||
231 | 98 | # Check that the GPG key is still there | ||
232 | 99 | echo -e "\n* List gpg keys" | ||
233 | 100 | echo "###########################################" | ||
234 | 101 | lxc exec $name -- ls /etc/apt/trusted.gpg.d/ | ||
235 | 102 | echo -e "###########################################\n" | ||
236 | 103 | |||
237 | 104 | # Enable esm-apps | ||
238 | 105 | echo -e "\n* Enable esm-apps and check new gpg key is created" | ||
239 | 106 | echo "###########################################" | ||
240 | 107 | lxc exec $name -- pro enable esm-apps | ||
241 | 108 | lxc exec $name -- pro status | ||
242 | 109 | lxc exec $name -- ls /etc/apt/trusted.gpg.d/ | ||
243 | 110 | echo -e "###########################################\n" | ||
244 | 111 | |||
245 | 112 | # Check that the new GPG key is there | ||
246 | 113 | echo -e "\n* check ubuntu-pro-esm-apps.gpg key now exists" | ||
247 | 114 | echo "###########################################" | ||
248 | 115 | lxc exec $name -- ls /etc/apt/trusted.gpg.d/ | ||
249 | 116 | echo -e "###########################################\n" | ||
250 | 117 | |||
251 | 118 | cleanup | ||
252 | diff --git a/uaclient/cli.py b/uaclient/cli.py | |||
253 | index 120158b..9807a59 100644 | |||
254 | --- a/uaclient/cli.py | |||
255 | +++ b/uaclient/cli.py | |||
256 | @@ -2000,6 +2000,20 @@ def main_error_handler(func): | |||
257 | 2000 | _warn_about_new_version() | 2000 | _warn_about_new_version() |
258 | 2001 | 2001 | ||
259 | 2002 | sys.exit(1) | 2002 | sys.exit(1) |
260 | 2003 | except exceptions.PycurlCACertificatesError as exc: | ||
261 | 2004 | tmpl = messages.SSL_VERIFICATION_ERROR_CA_CERTIFICATES | ||
262 | 2005 | if apt.is_installed("ca-certificates"): | ||
263 | 2006 | tmpl = messages.SSL_VERIFICATION_ERROR_OPENSSL_CONFIG | ||
264 | 2007 | msg = tmpl.format(url=exc.url) | ||
265 | 2008 | event.error(error_msg=msg.msg, error_code=msg.name) | ||
266 | 2009 | event.info(info_msg=msg.msg, file_type=sys.stderr) | ||
267 | 2010 | |||
268 | 2011 | lock.clear_lock_file_if_present() | ||
269 | 2012 | event.process_events() | ||
270 | 2013 | |||
271 | 2014 | _warn_about_new_version() | ||
272 | 2015 | |||
273 | 2016 | sys.exit(1) | ||
274 | 2003 | except exceptions.UserFacingError as exc: | 2017 | except exceptions.UserFacingError as exc: |
275 | 2004 | with util.disable_log_to_console(): | 2018 | with util.disable_log_to_console(): |
276 | 2005 | LOG.error(exc.msg) | 2019 | LOG.error(exc.msg) |
277 | diff --git a/uaclient/exceptions.py b/uaclient/exceptions.py | |||
278 | index 447b4eb..156abb2 100644 | |||
279 | --- a/uaclient/exceptions.py | |||
280 | +++ b/uaclient/exceptions.py | |||
281 | @@ -522,6 +522,13 @@ class PycurlError(UserFacingError): | |||
282 | 522 | super().__init__(msg=msg.msg, msg_code=msg.name) | 522 | super().__init__(msg=msg.msg, msg_code=msg.name) |
283 | 523 | 523 | ||
284 | 524 | 524 | ||
285 | 525 | class PycurlCACertificatesError(UserFacingError): | ||
286 | 526 | def __init__(self, url: str) -> None: | ||
287 | 527 | msg = messages.PYCURL_CA_CERTIFICATES_ERROR | ||
288 | 528 | self.url = url | ||
289 | 529 | super().__init__(msg=msg.msg, msg_code=msg.name) | ||
290 | 530 | |||
291 | 531 | |||
292 | 525 | class ProxyAuthenticationFailed(UserFacingError): | 532 | class ProxyAuthenticationFailed(UserFacingError): |
293 | 526 | def __init__(self) -> None: | 533 | def __init__(self) -> None: |
294 | 527 | msg = messages.PROXY_AUTH_FAIL | 534 | msg = messages.PROXY_AUTH_FAIL |
295 | diff --git a/uaclient/http/__init__.py b/uaclient/http/__init__.py | |||
296 | index 36b616e..6540f85 100644 | |||
297 | --- a/uaclient/http/__init__.py | |||
298 | +++ b/uaclient/http/__init__.py | |||
299 | @@ -72,6 +72,8 @@ def validate_proxy( | |||
300 | 72 | raise | 72 | raise |
301 | 73 | except exceptions.ProxyAuthenticationFailed: | 73 | except exceptions.ProxyAuthenticationFailed: |
302 | 74 | raise | 74 | raise |
303 | 75 | except exceptions.PycurlCACertificatesError: | ||
304 | 76 | raise | ||
305 | 75 | except Exception as e: | 77 | except Exception as e: |
306 | 76 | with util.disable_log_to_console(): | 78 | with util.disable_log_to_console(): |
307 | 77 | msg = getattr(e, "reason", str(e)) | 79 | msg = getattr(e, "reason", str(e)) |
308 | @@ -208,7 +210,9 @@ def should_use_pycurl(https_proxy, target_url): | |||
309 | 208 | return ret | 210 | return ret |
310 | 209 | 211 | ||
311 | 210 | 212 | ||
313 | 211 | def _handle_pycurl_error(error, authentication_error_code): | 213 | def _handle_pycurl_error( |
314 | 214 | error, url, authentication_error_code, ca_certificates_error_code | ||
315 | 215 | ): | ||
316 | 212 | code = None | 216 | code = None |
317 | 213 | msg = None | 217 | msg = None |
318 | 214 | if len(error.args) > 0: | 218 | if len(error.args) > 0: |
319 | @@ -221,6 +225,8 @@ def _handle_pycurl_error(error, authentication_error_code): | |||
320 | 221 | and "HTTP code 407 from proxy" in msg | 225 | and "HTTP code 407 from proxy" in msg |
321 | 222 | ): | 226 | ): |
322 | 223 | raise exceptions.ProxyAuthenticationFailed() | 227 | raise exceptions.ProxyAuthenticationFailed() |
323 | 228 | elif code == ca_certificates_error_code: | ||
324 | 229 | raise exceptions.PycurlCACertificatesError(url) | ||
325 | 224 | else: | 230 | else: |
326 | 225 | raise exceptions.PycurlError(error) | 231 | raise exceptions.PycurlError(error) |
327 | 226 | 232 | ||
328 | @@ -302,7 +308,12 @@ def _readurl_pycurl_https_in_https( | |||
329 | 302 | try: | 308 | try: |
330 | 303 | c.perform() | 309 | c.perform() |
331 | 304 | except pycurl.error as e: | 310 | except pycurl.error as e: |
333 | 305 | _handle_pycurl_error(e, authentication_error_code=pycurl.E_RECV_ERROR) | 311 | _handle_pycurl_error( |
334 | 312 | e, | ||
335 | 313 | url=req.get_full_url(), | ||
336 | 314 | authentication_error_code=pycurl.E_RECV_ERROR, | ||
337 | 315 | ca_certificates_error_code=pycurl.E_SSL_CACERT_BADFILE, | ||
338 | 316 | ) | ||
339 | 306 | 317 | ||
340 | 307 | code = int(c.getinfo(pycurl.RESPONSE_CODE)) | 318 | code = int(c.getinfo(pycurl.RESPONSE_CODE)) |
341 | 308 | body = body_output.getvalue().decode("utf-8") | 319 | body = body_output.getvalue().decode("utf-8") |
342 | diff --git a/uaclient/http/tests/test_http.py b/uaclient/http/tests/test_http.py | |||
343 | index 9b00c30..1161e76 100644 | |||
344 | --- a/uaclient/http/tests/test_http.py | |||
345 | +++ b/uaclient/http/tests/test_http.py | |||
346 | @@ -453,9 +453,16 @@ class TestHandlePycurlError: | |||
347 | 453 | ("PYCURL_ERROR", "HTTP code 407 from proxy: proxy"), | 453 | ("PYCURL_ERROR", "HTTP code 407 from proxy: proxy"), |
348 | 454 | exceptions.ProxyAuthenticationFailed, | 454 | exceptions.ProxyAuthenticationFailed, |
349 | 455 | ), | 455 | ), |
350 | 456 | (("PYCURL_ERROR", "test"), exceptions.PycurlError), | ||
351 | 457 | ( | ||
352 | 458 | ("CA_CERTIFICATES_ERROR", "test"), | ||
353 | 459 | exceptions.PycurlCACertificatesError, | ||
354 | 460 | ), | ||
355 | 456 | ), | 461 | ), |
356 | 457 | ) | 462 | ) |
357 | 458 | def test_handle_pycurl_error(self, error_args, expected_exception): | 463 | def test_handle_pycurl_error(self, error_args, expected_exception): |
358 | 459 | with pytest.raises(expected_exception): | 464 | with pytest.raises(expected_exception): |
359 | 460 | m_error = mock.MagicMock(args=error_args) | 465 | m_error = mock.MagicMock(args=error_args) |
361 | 461 | http._handle_pycurl_error(m_error, "PYCURL_ERROR") | 466 | http._handle_pycurl_error( |
362 | 467 | m_error, "url", "PYCURL_ERROR", "CA_CERTIFICATES_ERROR" | ||
363 | 468 | ) | ||
364 | diff --git a/uaclient/messages.py b/uaclient/messages.py | |||
365 | index 4fd06d8..a5cee3c 100644 | |||
366 | --- a/uaclient/messages.py | |||
367 | +++ b/uaclient/messages.py | |||
368 | @@ -1411,6 +1411,9 @@ PYCURL_REQUIRED = NamedMessage( | |||
369 | 1411 | ), | 1411 | ), |
370 | 1412 | ) | 1412 | ) |
371 | 1413 | PYCURL_ERROR = FormattedNamedMessage("pycurl-error", "PycURL Error: {e}") | 1413 | PYCURL_ERROR = FormattedNamedMessage("pycurl-error", "PycURL Error: {e}") |
372 | 1414 | PYCURL_CA_CERTIFICATES_ERROR = NamedMessage( | ||
373 | 1415 | "pycurl-ca-certificates-error", "Problem reading SSL CA certificates" | ||
374 | 1416 | ) | ||
375 | 1414 | 1417 | ||
376 | 1415 | PROXY_AUTH_FAIL = NamedMessage( | 1418 | PROXY_AUTH_FAIL = NamedMessage( |
377 | 1416 | "proxy-auth-fail", "Proxy authentication failed" | 1419 | "proxy-auth-fail", "Proxy authentication failed" |
378 | diff --git a/uaclient/version.py b/uaclient/version.py | |||
379 | index b8e1f94..5191f37 100644 | |||
380 | --- a/uaclient/version.py | |||
381 | +++ b/uaclient/version.py | |||
382 | @@ -15,7 +15,7 @@ from uaclient.defaults import CANDIDATE_CACHE_PATH, UAC_RUN_PATH | |||
383 | 15 | from uaclient.exceptions import ProcessExecutionError | 15 | from uaclient.exceptions import ProcessExecutionError |
384 | 16 | from uaclient.system import subp | 16 | from uaclient.system import subp |
385 | 17 | 17 | ||
387 | 18 | __VERSION__ = "29.1" | 18 | __VERSION__ = "29.2" |
388 | 19 | PACKAGED_VERSION = "@@PACKAGED_VERSION@@" | 19 | PACKAGED_VERSION = "@@PACKAGED_VERSION@@" |
389 | 20 | 20 | ||
390 | 21 | CANDIDATE_REGEX = r"Candidate: (?P<candidate>.*?)\n" | 21 | CANDIDATE_REGEX = r"Candidate: (?P<candidate>.*?)\n" |
Xenial: advantage- tools/29. 2~16.04~ rc1: Published /autopkgtest. ubuntu. com/request. cgi?release= xenial& package= ubuntu- advantage- tools&arch= amd64&trigger= ubuntu- advantage- tools%2F29. 2~16.04~ rc1&ppa= ua-client% 2Fstaging♻️ /autopkgtest. ubuntu. com/request. cgi?release= xenial& package= ubuntu- advantage- tools&arch= arm64&trigger= ubuntu- advantage- tools%2F29. 2~16.04~ rc1&ppa= ua-client% 2Fstaging♻️ /autopkgtest. ubuntu. com/request. cgi?release= xenial& package= ubuntu- advantage- tools&arch= armhf&trigger= ubuntu- advantage- tools%2F29. 2~16.04~ rc1&ppa= ua-client% 2Fstaging♻️ /autopkgtest. ubuntu. com/request. cgi?release= xenial& package= ubuntu- advantage- tools&arch= ppcel64& trigger= ubuntu- advantage- tools%2F29. 2~16.04~ rc1&ppa= ua-client% 2Fstaging♻️ /autopkgtest. ubuntu. com/request. cgi?release= xenial& package= ubuntu- advantage- tools&arch= riscv64& trigger= ubuntu- advantage- tools%2F29. 2~16.04~ rc1&ppa= ua-client% 2Fstaging♻️ /autopkgtest. ubuntu. com/request. cgi?release= xenial& package= ubuntu- advantage- tools&arch= s390x&trigger= ubuntu- advantage- tools%2F29. 2~16.04~ rc1&ppa= ua-client% 2Fstaging♻️ /autopkgtest. ubuntu. com/request. cgi?release= xenial& package= ubuntu- advantage- tools&arch= amd64&trigger= ubuntu- advantage- tools%2F29. 2~16.04~ rc1&ppa= ua-client% 2Fstaging💍 /autopkgtest. ubuntu. com/request. cgi?release= xenial& package= ubuntu- advantage- tools&arch= arm64&trigger= ubuntu- advantage- tools%2F29. 2~16.04~ rc1&ppa= ua-client% 2Fstaging💍 /autopkgtest. ubuntu. com/request. cgi?release= xenial& package= ubuntu- advantage- tools&arch= armhf&trigger= ubuntu- advantage- tools%2F29. 2~16.04~ rc1&ppa= ua-client% 2Fstaging💍 /autopkgtest. ubuntu. com/request. cgi?release= xenial& package= ubuntu- advantage- tools&arch= ppcel64& trigger= ubuntu- advantage- tools%2F29. 2~16.04~ rc1&ppa= ua-client% 2Fstaging💍 /autopkgtest. ubuntu. com/request. cgi?release= xenial& package= ubuntu- advantage- tools&arch= riscv64& trigger= ubuntu- advantage- tools%2F29. 2~16.04~ rc1&ppa= ua-client% 2Fstaging💍 /autopkgtest. ubuntu. com/request. cgi?release= xenial& package= ubuntu- advantage- tools&arch= s390x&trigger= ubuntu- advantage- tools%2F29. 2~16.04~ rc1&ppa= ua-client% 2Fstaging💍
- Source ubuntu-
+ amd64: https:/
+ arm64: https:/
+ armhf: https:/
+ ppcel64: https:/
+ riscv64: https:/
+ s390x: https:/
+ amd64: https:/
+ arm64: https:/
+ armhf: https:/
+ ppcel64: https:/
+ riscv64: https:/
+ s390x: https:/
Bionic: advantage- tools/29. 2~18.04~ rc1: Published /autopkgtest. ubuntu. com/request. cgi?release= bionic& package= ubuntu- advantage- tools&arch= amd64&trigger= ubuntu- advantage- tools%2F29. 2~18.04~ rc1&ppa= ua-client% 2Fstaging♻️ /autopkgtest. ubuntu. com/request. cgi?release= bionic& package= ubuntu- advantage- tools&arch= arm64&trigger= ubuntu- advantage- tools%2F29. 2~18.04~ rc1&ppa= ua-client% 2Fstaging♻️ /autopkgtest. ubuntu. com/request. cgi?release= bionic& package= ubuntu- advantage- tools&arch= armhf&trigger= ubuntu- advantage- tools%2F29. 2~18.04~ rc1&ppa= ua-client% 2Fstaging♻️ /autopkgtest. ubuntu. com/request. cgi?release= bionic& package= ubuntu- advantage- tools&arch= ppcel64& trigger= ubuntu- advantage- tools%2F29. 2~18.04~ rc1&ppa= ua-client% 2Fstaging♻️ /autopkgtest. ubuntu. com/r...
- Source ubuntu-
+ amd64: https:/
+ arm64: https:/
+ armhf: https:/
+ ppcel64: https:/
+ riscv64: https:/