Merge ~paelzer/ubuntu-seeds/+git/ubuntu:eoan-server-meta-updates into ~ubuntu-core-dev/ubuntu-seeds/+git/ubuntu:eoan

Proposed by Christian Ehrhardt  on 2019-05-10
Status: Merged
Approved by: Christian Ehrhardt  on 2019-05-13
Approved revision: 2fa46090961c4e488d3d071441a4ad46b3e037f0
Merge reported by: Christian Ehrhardt 
Merged at revision: 2fa46090961c4e488d3d071441a4ad46b3e037f0
Proposed branch: ~paelzer/ubuntu-seeds/+git/ubuntu:eoan-server-meta-updates
Merge into: ~ubuntu-core-dev/ubuntu-seeds/+git/ubuntu:eoan
Diff against target: 19 lines (+1/-1)
1 file modified
server (+1/-1)
Reviewer Review Type Date Requested Status
Andreas Hasenack 2019-05-10 Approve on 2019-05-10
Robie Basak 2019-05-10 Needs Information on 2019-05-10
Canonical Server Team 2019-05-13 Pending
Review via email: mp+367238@code.launchpad.net
To post a comment you must log in.
Robie Basak (racb) wrote :

iproute2 is in the minimal seed, so looks like it's fine to drop net-tools from the server seed completely and iproute2 will still end up in our images.

On fwupd and fwupd-signed, is server definitely the correct seed? Or is it that the installer will install for us if relevant, so server-ship would be a better choice?

For example, do we really want to be Recommending fwupd-signed on a non-UEFI amd64 system, and on other architectures as well?

review: Needs Information
Christian Ehrhardt  (paelzer) wrote :

So on iproute that reads like an ack - thanks

Christian Ehrhardt  (paelzer) wrote :

The change for fwupd is aligned to how it is done on Desktop.
I haven't thought about other architecture and I agree that server is more relevant for non-x86 than desktop is. I'll take a look.

Christian Ehrhardt  (paelzer) wrote :

Non x86 is interesting but not too complex I'd think.

fwupd works there as well, no matter if it today might not provide anything reasonable to update.
I'd still make the package available for the infrastructure.

fwupd-signed is different, that does not exist for non EFI as you'd expect.

fwupd | 1.2.6-1ubuntu1 | eoan | amd64, arm64, armhf, i386, ppc64el, s390x
fwupd-signed | 1.7+1.2.6-1ubuntu1 | eoan | amd64, arm64, armhf, i386

But in fact apt would resolve all that for us.
$ apt-cache show fwupd | grep '^Recommend'
  Recommends: python3, bolt, fwupd-signed

It will pull in -signed for us "if available" and it will not fail if not available.

$ sudo apt install fwupd
[...]
The following NEW packages will be installed:
  bolt fwupd libfwupd2 libgcab-1.0-0 libgusb2 libxmlb1

A direct install would fail as expected:
$ sudo apt install fwupd-signed
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package fwupd-signed is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package 'fwupd-signed' has no installation candidate

So the solution is easy - we only seed (still as recommends) fwupd and it will drag in fwupd-signed where appropriate.

Making that change and answering the next question in an extra update for more readability.

Christian Ehrhardt  (paelzer) wrote :

For the question ship or server - no the non d-i installer will not install it on demand.
We want/need to add it to ubuntu-server via ubuntu-meta.

Please see [1] where I checked if that is too much of a burden (e.g. extra services in VMs and containers) - to me it seemed save except the increase of the install footprint which is bearable.

[1]: https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1749774/comments/2

Andreas Hasenack (ahasenack) wrote :

Dumb question, why is this not added to ubuntu-standard?

Andreas Hasenack (ahasenack) wrote :

+1

review: Approve
Steve Langasek (vorlon) wrote :

> For the question ship or server - no the non d-i installer will not install it on demand.

But it's valid to ask whether this *should* be installed on demand, before adding it to the server seed.

However, I would argue that it should not be installed "on demand", because fwupd is a generic firmware updating service - not specific to UEFI capsule updates, although that is one of the firmware update formats it supports - and may support further device firmware update backends over time. So I think the question of whether to include this on servers should be treated generically, and if the answer is that it should be included by default wherever useful, then it should be part of the server seed.

Christian Ehrhardt  (paelzer) wrote :

Thanks Andreas for the extra review.

Thanks Steve for chiming in as well - having your statement to the question of an on demand install helps to feel further reassured on this.

Christian Ehrhardt  (paelzer) wrote :

Changes pushed, branch is merged.

I'll take a look at ubuntu-meta now ...

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/server b/server
2index 5dc0a5b..5ab2b66 100644
3--- a/server
4+++ b/server
5@@ -13,7 +13,6 @@ This seed lists the packages we want to install by default in the new server ins
6 * byobu
7 * curl
8 * git # LP: 1394756
9- * net-tools
10 * patch
11 * pollinate # Seed the PRNG
12 * screen
13@@ -29,6 +28,7 @@ This seed lists the packages we want to install by default in the new server ins
14 = Maintenance =
15
16 * update-notifier-common
17+ * (fwupd) # in band vendor agnostic firmware updates (LP: #1749774)
18
19 = Block Device and Filesystem =
20

Subscribers

People subscribed via source and target branches