ubuntu-release-upgrader:ubuntu/focal

Branch merges

Propose for merging

1 branch proposed for merging into this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

163c091... by Brian Murray on 2023-01-16

Update mirrors, demotions, and translations.

5fafe12... by Matthew Ruffell on 2023-01-10

Quirks: Change fips libgcrypt functions from subp.Popen to safer alternatives

Robie Basak pointed out during SRU review that subprocess.Popen()
requires the author to call wait() and check the return code manually
when it could be done in a more safe fashion with check_call().

Change _fipsLibgcryptDivert() to use subprocess.check_call().

Additionally, change the subprocess.Popen() for manual rm to
os.unlink(), again a safer way of removing the hmac file.

Change the tests to match new functions.

(LP: #1982534)

Merged branch ~mruffell/ubuntu-release-upgrader:lp1982534

5e3e30c... by Brian Murray on 2022-11-30

Update mirrors, demotions, and translations.

3611166... by Matthew Ruffell on 2022-11-20

Quirks: Add a dpkg-divert for fips enabled systems to work around libgcrypt20-hmac file

libgcrypt20-hmac versions 1.8.5-5ubuntu1.fips.1.4 and below contain a
bug where .libgcrypt.so.20.hmac is placed in /lib/x86_64-linux-gnu/
instead of /usr/lib/x86_64-linux-gnu/, which leads to issues on
non-usrmerged systems during upgrade.

Affected users would see:

update-initramfs: Generating /boot/initrd.img-5.4.0-84-generic
Failed to copy HMAC file "/usr/lib/x86_64-linux-gnu/.libgcrypt.so.20.hmac".
E: /usr/share/initramfs-tools/hooks/fips-libgcrypt failed with return 1.

This only affects users using the certified fips pocket, as it has been
resolved in 1.8.5-5ubuntu1.fips.1.5 in fips-updates. Since recertification
is a year or two away, add an upgrade quirk for the time being.

A comprehensive test suite is included for all edge cases.

(LP: #1982534)

Merged branch ~mruffell/ubuntu-release-upgrader:lp1982534

6f42071... by Brian Murray on 2022-08-19

releasing package ubuntu-release-upgrader version 1:20.04.39

857cadb... by Brian Murray on 2022-08-19

Manually run utils/update_mirrors.py to update mirrors.

2b01b00... by Nick Rosbrook on 2022-04-18

data: manually update mirrors.cfg

The age check in pre-build.sh prevented this from happening in the
previous run.

Merged branch ~enr0n/ubuntu-release-upgrader:lp.1968607-focal

dc977e4... by Nick Rosbrook on 2022-04-14

releasing package ubuntu-release-upgrader version 1:20.04.38

Merged branch ~enr0n/ubuntu-release-upgrader:lp.1968607-focal

edf0082... by Nick Rosbrook on 2022-04-14

Run pre-build.sh: updating translations.

7a8a075... by Nick Rosbrook on 2022-04-12

do-release-upgrade: preserve env vars needed for screen lock prevention

The screen lock prevention code relies on environment variables such as
DBUS_SESSION_BUS_ADDRESS being preserved, since the
org.freedesktop.ScreenSaver DBus interface is needed. This works in
cases where the dist-upgrade script is invoked with 'sudo -E' (e.g.
DistUpgradeViewText frontend). However, when pkexec is used (e.g.
DistUpgradeViewGtk3 frontend) the environment variables cannot be
preserved as per pkexec's design.

Add an --env flag to do-release-upgrade that accepts a comma-separated
list of environment variables (e.g. VAR1=VALUE1,VAR2=VALUE2) which should be set when
executing the dist-upgrade script. This approach is similar to the
existing workaround for RELEASE_UPGRADER_ALLOW_THIRD_PARTY, but is
generalized to allow any environment variables to be set.

Finally, when the DistUpgradeViewGtk3 or DistUpgradeViewKDE frontends
are used, and the do-release-upgrade script is re-exec'd with pkexec,
set the DBUS_SESSION_BUS_ADDRESS and XDG_SESSION_TYPE variables with
--env so that the screen lock prevention code works with these
frontends.

LP: #1968607