Ubuntu
ubuntu-advantage-tools package

Merge ~lamoura/ubuntu/+source/ubuntu-advantage-tools:upload-29.2-mantic into ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel

  1. Git
  2. lp:~lamoura/ubuntu/+source/ubuntu-advantage-tools
  3. upload-29.2-mantic
  4. Merge into ubuntu/devel
Proposed by Lucas Albuquerque Medeiros de Moura
Status: Merged
Merged at revision: 1a4649696bcb308d722454964caaeb8599fcde45
Proposed branch: ~lamoura/ubuntu/+source/ubuntu-advantage-tools:upload-29.2-mantic
Merge into: ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel
Diff against target: 390 lines (+211/-18)
13 files modified
debian/changelog (+9/-0)
debian/ubuntu-advantage-tools.postinst (+3/-3)
features/proxy_config.feature (+15/-2)
preferences.d/ubuntu-pro-esm-apps (+7/-4)
preferences.d/ubuntu-pro-esm-infra (+7/-5)
sru/release-29/test-esm-pinning.sh (+6/-0)
sru/release-29/test-key-rename-failure.sh (+118/-0)
uaclient/cli.py (+14/-0)
uaclient/exceptions.py (+7/-0)
uaclient/http/__init__.py (+13/-2)
uaclient/http/tests/test_http.py (+8/-1)
uaclient/messages.py (+3/-0)
uaclient/version.py (+1/-1)
Reviewer Review Type Date Requested Status
Sergio Durigan Junior (community) Approve
Ubuntu Sponsors Pending
Canonical Server Reporter Pending
Review via email: mp+449741@code.launchpad.net

Description of the change

New release addressing the bugs identified on the SRU review of 29.1

To post a comment you must log in.
Revision history for this message
Lucas Albuquerque Medeiros de Moura (lamoura) wrote :
Download full text (13.5 KiB)

Xenial:
 - Source ubuntu-advantage-tools/29.2~16.04~rc1: Published
    + amd64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=amd64&trigger=ubuntu-advantage-tools%2F29.2~16.04~rc1&ppa=ua-client%2Fstaging♻️
    + arm64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=arm64&trigger=ubuntu-advantage-tools%2F29.2~16.04~rc1&ppa=ua-client%2Fstaging♻️
    + armhf: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=armhf&trigger=ubuntu-advantage-tools%2F29.2~16.04~rc1&ppa=ua-client%2Fstaging♻️
    + ppcel64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=ppcel64&trigger=ubuntu-advantage-tools%2F29.2~16.04~rc1&ppa=ua-client%2Fstaging♻️
    + riscv64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=riscv64&trigger=ubuntu-advantage-tools%2F29.2~16.04~rc1&ppa=ua-client%2Fstaging♻️
    + s390x: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=s390x&trigger=ubuntu-advantage-tools%2F29.2~16.04~rc1&ppa=ua-client%2Fstaging♻️
    + amd64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=amd64&trigger=ubuntu-advantage-tools%2F29.2~16.04~rc1&ppa=ua-client%2Fstaging💍
    + arm64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=arm64&trigger=ubuntu-advantage-tools%2F29.2~16.04~rc1&ppa=ua-client%2Fstaging💍
    + armhf: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=armhf&trigger=ubuntu-advantage-tools%2F29.2~16.04~rc1&ppa=ua-client%2Fstaging💍
    + ppcel64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=ppcel64&trigger=ubuntu-advantage-tools%2F29.2~16.04~rc1&ppa=ua-client%2Fstaging💍
    + riscv64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=riscv64&trigger=ubuntu-advantage-tools%2F29.2~16.04~rc1&ppa=ua-client%2Fstaging💍
    + s390x: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=s390x&trigger=ubuntu-advantage-tools%2F29.2~16.04~rc1&ppa=ua-client%2Fstaging💍

Bionic:
  - Source ubuntu-advantage-tools/29.2~18.04~rc1: Published
    + amd64: https://autopkgtest.ubuntu.com/request.cgi?release=bionic&package=ubuntu-advantage-tools&arch=amd64&trigger=ubuntu-advantage-tools%2F29.2~18.04~rc1&ppa=ua-client%2Fstaging♻️
    + arm64: https://autopkgtest.ubuntu.com/request.cgi?release=bionic&package=ubuntu-advantage-tools&arch=arm64&trigger=ubuntu-advantage-tools%2F29.2~18.04~rc1&ppa=ua-client%2Fstaging♻️
    + armhf: https://autopkgtest.ubuntu.com/request.cgi?release=bionic&package=ubuntu-advantage-tools&arch=armhf&trigger=ubuntu-advantage-tools%2F29.2~18.04~rc1&ppa=ua-client%2Fstaging♻️
    + ppcel64: https://autopkgtest.ubuntu.com/request.cgi?release=bionic&package=ubuntu-advantage-tools&arch=ppcel64&trigger=ubuntu-advantage-tools%2F29.2~18.04~rc1&ppa=ua-client%2Fstaging♻️
    + riscv64: https://autopkgtest.ubuntu.com/r...

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks, Lucas.

There's a small nit on sru/release-29/test-key-rename-failure.sh that needs fixing, but other than that the changes LGTM. I can sponsor the package as soon as you fix the issue.

review: Needs Fixing
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

So I talked to Lucas in private, and while pedantically speaking the comparison operator '==' shouldn't be used when comparing strings with '[', bash still supports it (although it is not the standard) and this won't affect the release per se.

Therefore, in order to avoid spending even more time changing the code, I will go ahead and upload the package as is. Lucas also told me that they plan to tackle this specific issue in the next releases.

Uploaded:

$ dput ubuntu-advantage-tools_29.2_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/ubuntu-advantage-tools/ubuntu-advantage-tools_29.2_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/ubuntu-advantage-tools/ubuntu-advantage-tools_29.2.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_29.2.dsc: done.
  Uploading ubuntu-advantage-tools_29.2.tar.xz: done.
  Uploading ubuntu-advantage-tools_29.2_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_29.2_source.changes: done.
Successfully uploaded packages.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 6d7a651..1378858 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
1ubuntu-advantage-tools (29.2) mantic; urgency=medium
2
3 * d/ubuntu-advantage-tools.postinst:
4 - replace deb-systemd-invoke back to systemctl
5 * proxy: alert user if ca-certificates is not installed when using
6 a TLS-in-TLS proxy
7
8 -- Lucas Moura <lucas.moura@canonical.com> Thu, 17 Aug 2023 19:45:48 -0300
9
1ubuntu-advantage-tools (29.1) mantic; urgency=medium10ubuntu-advantage-tools (29.1) mantic; urgency=medium
211
3 * anbox: allow enabling service on container using the --access-only flag12 * anbox: allow enabling service on container using the --access-only flag
diff --git a/debian/ubuntu-advantage-tools.postinst b/debian/ubuntu-advantage-tools.postinst
index b332333..b11748f 100644
--- a/debian/ubuntu-advantage-tools.postinst
+++ b/debian/ubuntu-advantage-tools.postinst
@@ -256,11 +256,11 @@ remove_old_systemd_units() {
256 # The failed state is ephemeral and only needs to be cleared if256 # The failed state is ephemeral and only needs to be cleared if
257 # it is there so that the system doesn't say it is degraded.257 # it is there so that the system doesn't say it is degraded.
258 # If the old timer was not running, then this is a noop.258 # If the old timer was not running, then this is a noop.
259 deb-systemd-invoke --system daemon-reload > /dev/null || true259 systemctl --system daemon-reload > /dev/null || true
260 deb-systemd-invoke reset-failed ua-license-check.timer > /dev/null 2>&1 || true260 systemctl reset-failed ua-license-check.timer > /dev/null 2>&1 || true
261 # In rare race-condition scenarios, the service can also get into261 # In rare race-condition scenarios, the service can also get into
262 # the same failed state.262 # the same failed state.
263 deb-systemd-invoke reset-failed ua-license-check.service > /dev/null 2>&1 || true263 systemctl reset-failed ua-license-check.service > /dev/null 2>&1 || true
264 fi264 fi
265 deb-systemd-helper purge ua-license-check.path > /dev/null || true265 deb-systemd-helper purge ua-license-check.path > /dev/null || true
266 deb-systemd-helper unmask ua-license-check.path > /dev/null || true266 deb-systemd-helper unmask ua-license-check.path > /dev/null || true
diff --git a/features/proxy_config.feature b/features/proxy_config.feature
index 0b6359d..755f5dc 100644
--- a/features/proxy_config.feature
+++ b/features/proxy_config.feature
@@ -1257,7 +1257,19 @@ Feature: Proxy configuration
1257 Proxy authentication failed1257 Proxy authentication failed
1258 """1258 """
12591259
1260 When I run `pro config set https_proxy=https://someuser:somepassword@$behave_var{machine-name proxy}.lxd:3129` with sudo1260 When I run `apt remove ca-certificates -y` with sudo
1261 And I run `rm -f /etc/ssl/certs/ca-certificates.crt` with sudo
1262 And I verify that running `pro config set https_proxy=https://someuser:somepassword@$behave_var{machine-name proxy}.lxd:3129` `with sudo` exits `1`
1263 Then stderr matches regexp:
1264 """
1265 Failed to access URL: https://.*
1266 Cannot verify certificate of server
1267 Please install "ca-certificates" and try again.
1268 """
1269
1270 When I run `apt install ca-certificates -y` with sudo
1271 And I run `update-ca-certificates` with sudo
1272 And I run `pro config set https_proxy=https://someuser:somepassword@$behave_var{machine-name proxy}.lxd:3129` with sudo
1261 And I run `pro config set ua_apt_https_proxy=https://someuser:somepassword@$behave_var{machine-name proxy}.lxd:3129` with sudo1273 And I run `pro config set ua_apt_https_proxy=https://someuser:somepassword@$behave_var{machine-name proxy}.lxd:3129` with sudo
12621274
1263 When I run `truncate -s 0 /var/log/squid/access.log` `with sudo` on the `proxy` machine1275 When I run `truncate -s 0 /var/log/squid/access.log` `with sudo` on the `proxy` machine
@@ -1285,7 +1297,8 @@ Feature: Proxy configuration
1285 """1297 """
12861298
1287 # Pre-install canonical-livepatch to tell it to trust the cert1299 # Pre-install canonical-livepatch to tell it to trust the cert
1288 When I run `snap install canonical-livepatch` with sudo1300 When I run `apt install snapd -y` with sudo
1301 And I run `snap install canonical-livepatch` with sudo
1289 And I run shell command `canonical-livepatch config ca-certs=@stdin < /usr/local/share/ca-certificates/ca.crt` with sudo1302 And I run shell command `canonical-livepatch config ca-certs=@stdin < /usr/local/share/ca-certificates/ca.crt` with sudo
12901303
1291 When I run `truncate -s 0 /var/log/squid/access.log` `with sudo` on the `proxy` machine1304 When I run `truncate -s 0 /var/log/squid/access.log` `with sudo` on the `proxy` machine
diff --git a/preferences.d/ubuntu-pro-esm-apps b/preferences.d/ubuntu-pro-esm-apps
index aa60598..5ded6f8 100644
--- a/preferences.d/ubuntu-pro-esm-apps
+++ b/preferences.d/ubuntu-pro-esm-apps
@@ -1,7 +1,10 @@
1# This file was created by ubuntu-advantage-tools1# This file is used by Ubuntu Pro and supplied by the ubuntu-advantage-tools
22# package. It has no effect if Ubuntu Pro services are not in use since no
3# Pin esm-apps packages to a slightly higher value than the archive,3# other apt repositories are expected to match o=UbuntuESMApps.
4# so those are preferred when the service is enabled4#
5# Pin esm-apps packages to a slightly higher value than the default,
6# so those are preferred over a non-ESM package from the archive when the
7# service is enabled.
58
6Package: *9Package: *
7Pin: release o=UbuntuESMApps10Pin: release o=UbuntuESMApps
diff --git a/preferences.d/ubuntu-pro-esm-infra b/preferences.d/ubuntu-pro-esm-infra
index af9bf5a..e956e0a 100644
--- a/preferences.d/ubuntu-pro-esm-infra
+++ b/preferences.d/ubuntu-pro-esm-infra
@@ -1,8 +1,10 @@
1# This file was created by ubuntu-advantage-tools1# This file is used by Ubuntu Pro and supplied by the ubuntu-advantage-tools
22# package. It has no effect if Ubuntu Pro services are not in use since no
3# Pin esm-infra packages to a slightly higher value than the archive,3# other apt repositories are expected to match o=UbuntuESM.
4# so those are preferred when the service is enabled4#
55# Pin esm-infra packages to a slightly higher value than the default,
6# so those are preferred over a non-ESM package from the archive when the
7# service is enabled.
6Package: *8Package: *
7Pin: release o=UbuntuESM9Pin: release o=UbuntuESM
8Pin-Priority: 51010Pin-Priority: 510
diff --git a/sru/release-29/test-esm-pinning.sh b/sru/release-29/test-esm-pinning.sh
index b9db8c6..b64d8e3 100755
--- a/sru/release-29/test-esm-pinning.sh
+++ b/sru/release-29/test-esm-pinning.sh
@@ -104,6 +104,12 @@ check_esm_pin "infra" 510
104check_esm_pin "apps" 510104check_esm_pin "apps" 510
105echo -e "###########################################\n"105echo -e "###########################################\n"
106106
107# Check pin for archive packages
108echo -e "\n* Check pins for package in archive"
109echo "###########################################"
110lxc exec $name -- apt-cache policy toilet python3-ipdb
111echo -e "###########################################\n"
112
107# Disable esm-apps and esm-infra113# Disable esm-apps and esm-infra
108# ----------------------------------------------------------------114# ----------------------------------------------------------------
109disable_esm_services115disable_esm_services
diff --git a/sru/release-29/test-key-rename-failure.sh b/sru/release-29/test-key-rename-failure.sh
110new file mode 100644116new file mode 100644
index 0000000..6ad58e8
--- /dev/null
+++ b/sru/release-29/test-key-rename-failure.sh
@@ -0,0 +1,118 @@
1#!/bin/bash
2set -e
3
4series=$1
5token=$2
6install_from=$3 # either path to a .deb, or 'staging', or 'proposed'
7
8name=$series-dev
9
10function cleanup {
11 lxc delete $name --force
12}
13
14function on_err {
15 echo -e "Test Failed"
16 cleanup
17 exit 1
18}
19trap on_err ERR
20
21lxc launch ubuntu-daily:$series $name
22sleep 5
23
24# Install latest ubuntu-advantage-tools
25lxc exec $name -- apt-get update > /dev/null
26lxc exec $name -- apt-get install -y ubuntu-advantage-tools > /dev/null
27echo -e "\n* Latest u-a-t is installed"
28echo "###########################################"
29lxc exec $name -- apt-cache policy ubuntu-advantage-tools
30echo -e "###########################################\n"
31
32# Attach so we can have some gpg keys in place
33lxc exec $name -- pro attach $token
34echo -e "\n* Pro is attached"
35echo "###########################################"
36lxc exec $name -- pro status --wait
37echo -e "###########################################\n"
38
39# Upgrade u-a-t to new version
40# ----------------------------------------------------------------
41if [ $install_from == 'staging' ]; then
42 lxc exec $name -- sudo add-apt-repository ppa:ua-client/staging -y > /dev/null
43 lxc exec $name -- apt-get update > /dev/null
44 lxc exec $name -- apt-get install ubuntu-advantage-tools -y > /dev/null
45elif [ $install_from == 'proposed' ]; then
46 lxc exec $name -- sh -c "echo \"deb http://archive.ubuntu.com/ubuntu $series-proposed main\" | tee /etc/apt/sources.list.d/proposed.list"
47 lxc exec $name -- apt-get update > /dev/null
48 lxc exec $name -- apt-get install ubuntu-advantage-tools -y > /dev/null
49else
50 lxc file push $install_from $name/new-ua.deb
51 lxc exec $name -- dpkg -i /new-ua.deb > /dev/null
52fi
53# ----------------------------------------------------------------
54
55echo -e "\n* Renaiming keys back to their original name"
56echo "###########################################"
57lxc exec $name -- mv /etc/apt/trusted.gpg.d/ubuntu-pro-esm-infra.gpg /etc/apt/trusted.gpg.d/ubuntu-advantage-esm-infra-trusty.gpg
58lxc exec $name -- mv /etc/apt/trusted.gpg.d/ubuntu-pro-esm-apps.gpg /etc/apt/trusted.gpg.d/ubuntu-advantage-esm-apps.gpg
59echo -e "###########################################\n"
60
61echo -e "\n* List gpg keys"
62echo "###########################################"
63lxc exec $name -- ls /etc/apt/trusted.gpg.d/
64echo -e "###########################################\n"
65
66# Modify the postinst script to fail after renaming just one key
67lxc exec $name -- sed -i "s/^\s\+SERVICES=.*/error/g" /var/lib/dpkg/info/ubuntu-advantage-tools.postinst
68echo -e "\n* Running postinst script again"
69echo "###########################################"
70lxc exec $name -- dpkg-reconfigure ubuntu-advantage-tools || true
71echo -e "###########################################\n"
72
73# Check that only one key got renamed
74echo -e "\n* List gpg keys"
75echo "###########################################"
76lxc exec $name -- ls /etc/apt/trusted.gpg.d/
77echo -e "###########################################\n"
78
79# Make sure the services are still enabled
80echo -e "\n* Check that services are still enabled"
81echo "###########################################"
82lxc exec $name -- pro status --wait
83echo -e "###########################################\n"
84
85# Check that apt update is working as expected
86echo -e "\n* Check that APT update is working as expected"
87echo "###########################################"
88lxc exec $name -- apt update
89echo -e "###########################################\n"
90
91# Disable service which key was not renamed
92echo -e "\n* Disable esm-apps service which gpg key was not renamed"
93echo "###########################################"
94lxc exec $name -- pro disable esm-apps
95lxc exec $name -- pro status
96echo -e "###########################################\n"
97
98# Check that the GPG key is still there
99echo -e "\n* List gpg keys"
100echo "###########################################"
101lxc exec $name -- ls /etc/apt/trusted.gpg.d/
102echo -e "###########################################\n"
103
104# Enable esm-apps
105echo -e "\n* Enable esm-apps and check new gpg key is created"
106echo "###########################################"
107lxc exec $name -- pro enable esm-apps
108lxc exec $name -- pro status
109lxc exec $name -- ls /etc/apt/trusted.gpg.d/
110echo -e "###########################################\n"
111
112# Check that the new GPG key is there
113echo -e "\n* check ubuntu-pro-esm-apps.gpg key now exists"
114echo "###########################################"
115lxc exec $name -- ls /etc/apt/trusted.gpg.d/
116echo -e "###########################################\n"
117
118cleanup
diff --git a/uaclient/cli.py b/uaclient/cli.py
index 120158b..9807a59 100644
--- a/uaclient/cli.py
+++ b/uaclient/cli.py
@@ -2000,6 +2000,20 @@ def main_error_handler(func):
2000 _warn_about_new_version()2000 _warn_about_new_version()
20012001
2002 sys.exit(1)2002 sys.exit(1)
2003 except exceptions.PycurlCACertificatesError as exc:
2004 tmpl = messages.SSL_VERIFICATION_ERROR_CA_CERTIFICATES
2005 if apt.is_installed("ca-certificates"):
2006 tmpl = messages.SSL_VERIFICATION_ERROR_OPENSSL_CONFIG
2007 msg = tmpl.format(url=exc.url)
2008 event.error(error_msg=msg.msg, error_code=msg.name)
2009 event.info(info_msg=msg.msg, file_type=sys.stderr)
2010
2011 lock.clear_lock_file_if_present()
2012 event.process_events()
2013
2014 _warn_about_new_version()
2015
2016 sys.exit(1)
2003 except exceptions.UserFacingError as exc:2017 except exceptions.UserFacingError as exc:
2004 with util.disable_log_to_console():2018 with util.disable_log_to_console():
2005 LOG.error(exc.msg)2019 LOG.error(exc.msg)
diff --git a/uaclient/exceptions.py b/uaclient/exceptions.py
index 447b4eb..156abb2 100644
--- a/uaclient/exceptions.py
+++ b/uaclient/exceptions.py
@@ -522,6 +522,13 @@ class PycurlError(UserFacingError):
522 super().__init__(msg=msg.msg, msg_code=msg.name)522 super().__init__(msg=msg.msg, msg_code=msg.name)
523523
524524
525class PycurlCACertificatesError(UserFacingError):
526 def __init__(self, url: str) -> None:
527 msg = messages.PYCURL_CA_CERTIFICATES_ERROR
528 self.url = url
529 super().__init__(msg=msg.msg, msg_code=msg.name)
530
531
525class ProxyAuthenticationFailed(UserFacingError):532class ProxyAuthenticationFailed(UserFacingError):
526 def __init__(self) -> None:533 def __init__(self) -> None:
527 msg = messages.PROXY_AUTH_FAIL534 msg = messages.PROXY_AUTH_FAIL
diff --git a/uaclient/http/__init__.py b/uaclient/http/__init__.py
index 36b616e..6540f85 100644
--- a/uaclient/http/__init__.py
+++ b/uaclient/http/__init__.py
@@ -72,6 +72,8 @@ def validate_proxy(
72 raise72 raise
73 except exceptions.ProxyAuthenticationFailed:73 except exceptions.ProxyAuthenticationFailed:
74 raise74 raise
75 except exceptions.PycurlCACertificatesError:
76 raise
75 except Exception as e:77 except Exception as e:
76 with util.disable_log_to_console():78 with util.disable_log_to_console():
77 msg = getattr(e, "reason", str(e))79 msg = getattr(e, "reason", str(e))
@@ -208,7 +210,9 @@ def should_use_pycurl(https_proxy, target_url):
208 return ret210 return ret
209211
210212
211def _handle_pycurl_error(error, authentication_error_code):213def _handle_pycurl_error(
214 error, url, authentication_error_code, ca_certificates_error_code
215):
212 code = None216 code = None
213 msg = None217 msg = None
214 if len(error.args) > 0:218 if len(error.args) > 0:
@@ -221,6 +225,8 @@ def _handle_pycurl_error(error, authentication_error_code):
221 and "HTTP code 407 from proxy" in msg225 and "HTTP code 407 from proxy" in msg
222 ):226 ):
223 raise exceptions.ProxyAuthenticationFailed()227 raise exceptions.ProxyAuthenticationFailed()
228 elif code == ca_certificates_error_code:
229 raise exceptions.PycurlCACertificatesError(url)
224 else:230 else:
225 raise exceptions.PycurlError(error)231 raise exceptions.PycurlError(error)
226232
@@ -302,7 +308,12 @@ def _readurl_pycurl_https_in_https(
302 try:308 try:
303 c.perform()309 c.perform()
304 except pycurl.error as e:310 except pycurl.error as e:
305 _handle_pycurl_error(e, authentication_error_code=pycurl.E_RECV_ERROR)311 _handle_pycurl_error(
312 e,
313 url=req.get_full_url(),
314 authentication_error_code=pycurl.E_RECV_ERROR,
315 ca_certificates_error_code=pycurl.E_SSL_CACERT_BADFILE,
316 )
306317
307 code = int(c.getinfo(pycurl.RESPONSE_CODE))318 code = int(c.getinfo(pycurl.RESPONSE_CODE))
308 body = body_output.getvalue().decode("utf-8")319 body = body_output.getvalue().decode("utf-8")
diff --git a/uaclient/http/tests/test_http.py b/uaclient/http/tests/test_http.py
index 9b00c30..1161e76 100644
--- a/uaclient/http/tests/test_http.py
+++ b/uaclient/http/tests/test_http.py
@@ -453,9 +453,16 @@ class TestHandlePycurlError:
453 ("PYCURL_ERROR", "HTTP code 407 from proxy: proxy"),453 ("PYCURL_ERROR", "HTTP code 407 from proxy: proxy"),
454 exceptions.ProxyAuthenticationFailed,454 exceptions.ProxyAuthenticationFailed,
455 ),455 ),
456 (("PYCURL_ERROR", "test"), exceptions.PycurlError),
457 (
458 ("CA_CERTIFICATES_ERROR", "test"),
459 exceptions.PycurlCACertificatesError,
460 ),
456 ),461 ),
457 )462 )
458 def test_handle_pycurl_error(self, error_args, expected_exception):463 def test_handle_pycurl_error(self, error_args, expected_exception):
459 with pytest.raises(expected_exception):464 with pytest.raises(expected_exception):
460 m_error = mock.MagicMock(args=error_args)465 m_error = mock.MagicMock(args=error_args)
461 http._handle_pycurl_error(m_error, "PYCURL_ERROR")466 http._handle_pycurl_error(
467 m_error, "url", "PYCURL_ERROR", "CA_CERTIFICATES_ERROR"
468 )
diff --git a/uaclient/messages.py b/uaclient/messages.py
index 4fd06d8..a5cee3c 100644
--- a/uaclient/messages.py
+++ b/uaclient/messages.py
@@ -1411,6 +1411,9 @@ PYCURL_REQUIRED = NamedMessage(
1411 ),1411 ),
1412)1412)
1413PYCURL_ERROR = FormattedNamedMessage("pycurl-error", "PycURL Error: {e}")1413PYCURL_ERROR = FormattedNamedMessage("pycurl-error", "PycURL Error: {e}")
1414PYCURL_CA_CERTIFICATES_ERROR = NamedMessage(
1415 "pycurl-ca-certificates-error", "Problem reading SSL CA certificates"
1416)
14141417
1415PROXY_AUTH_FAIL = NamedMessage(1418PROXY_AUTH_FAIL = NamedMessage(
1416 "proxy-auth-fail", "Proxy authentication failed"1419 "proxy-auth-fail", "Proxy authentication failed"
diff --git a/uaclient/version.py b/uaclient/version.py
index b8e1f94..5191f37 100644
--- a/uaclient/version.py
+++ b/uaclient/version.py
@@ -15,7 +15,7 @@ from uaclient.defaults import CANDIDATE_CACHE_PATH, UAC_RUN_PATH
15from uaclient.exceptions import ProcessExecutionError15from uaclient.exceptions import ProcessExecutionError
16from uaclient.system import subp16from uaclient.system import subp
1717
18__VERSION__ = "29.1"18__VERSION__ = "29.2"
19PACKAGED_VERSION = "@@PACKAGED_VERSION@@"19PACKAGED_VERSION = "@@PACKAGED_VERSION@@"
2020
21CANDIDATE_REGEX = r"Candidate: (?P<candidate>.*?)\n"21CANDIDATE_REGEX = r"Candidate: (?P<candidate>.*?)\n"

Subscribers

People subscribed via source and target branches

to status/vote changes: