Ubuntu
landscape-client package

Applying package profile on Xenial doesn't work

Bug #1886491 reported by Chris Johnston
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
landscape-client (Ubuntu)
Fix Released
Undecided
Unassigned
Xenial
Fix Released
Undecided
Simon Poirier

Bug Description

[Impact]

 * Users trying to apply a landscape package profile with a recent version of python-apt on xenial will get a stuck activity and an incomplete sources.list.d entry.

 * The change adds a [trusted=yes] option to temporary local sources created by landscape. Global sources and apt options

[Test Case]

 * install landscape-client and register it.

 * create and associate a package profile.

 * the packages are installed and /var/log/landscape/package-changer.log has no errors

[Regression Potential]

 * This is a backport of fixes already released since yakkety. The change has been released for a long time.

 * Change is agnostic of whether the issue is present or not and should work no matter the apt configuration.

 * The affected code path is limited to profiles, but is also used a lot in unit tests fixtures, thus making it reasonably exercised.

[Other Info]

 * This change was not previously required on xenial, as it was not required. Acquire::AllowInsecureRepositories was set to be backward compatible and was accepted by python-apt. Changes in python-apt now looks for APT::Get::AllowUnauthenticated.

 * We fix landcape-client instead of raising the python-apt regression because the new behaviour is consistent with later releases, which we already handle. Also, it decouples landscape from requiring specific configuration.

[Original Description]
 * install landscape-server-quickstart and landscape-api
 * Create a package profile "minimum packages" and add basic packages (byobu, vim, ubuntu-cloud-keyring). Enable for all computers
 * create a xenial container or machine and install/configure landscape-client

Note that the apply package profile gets stuck and doesn't progress. On the container that was created, running apt update shows:

sudo apt update
Get:1 file:/var/lib/landscape/client/package/binaries ./ InRelease
Ign:1 file:/var/lib/landscape/client/package/binaries ./ InRelease
Get:2 file:/var/lib/landscape/client/package/binaries ./ Release
Err:2 file:/var/lib/landscape/client/package/binaries ./ Release
  File not found - /var/lib/landscape/client/package/binaries/./Release (2: No such file or directory)
Get:3 http://mirror/ubuntu xenial InRelease [247 kB]
Hit:4 http://mirror/ubuntu xenial-updates InRelease
Hit:5 http://mirror/ubuntu xenial-backports InRelease
Hit:6 http://mirror/ubuntu xenial-security InRelease
Reading package lists... Done
E: The repository 'file:/var/lib/landscape/client/package/binaries ./ Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

apt-cache policy landscape-client
landscape-client:
  Installed: 16.03-0ubuntu2.16.04.7
  Candidate: 16.03-0ubuntu2.16.04.7
  Version table:
 *** 16.03-0ubuntu2.16.04.7 500
        500 http://mirror/ubuntu xenial-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     16.03-0ubuntu2 500
        500 http://mirror/ubuntu xenial/main amd64 Packages

This can be easily worked around by:
 * Remove the file /etc/apt/sources.list.d/_landscape-internal-facade.list
 * add-apt-repository ppa:landscape/19.01
 * apt install landscape-client

apt-cache policy landscape-client
landscape-client:
  Installed: 18.03~1070~git.8e52e1d~ubuntu16.04.1
  Candidate: 18.03~1070~git.8e52e1d~ubuntu16.04.1
  Version table:
 *** 18.03~1070~git.8e52e1d~ubuntu16.04.1 500
        500 http://ppa.launchpad.net/landscape/19.01/ubuntu xenial/main amd64 Packages
        100 /var/lib/dpkg/status
     16.03-0ubuntu2.16.04.7 500
        500 http://mirror.glacier.dev/ubuntu xenial-updates/main amd64 Packages
     16.03-0ubuntu2 500
        500 http://mirror.glacier.dev/ubuntu xenial/main amd64 Packages

See original description

Related branches

~simpoir/ubuntu/+source/landscape-client:xenial_trusted_local
git-ubuntu developers: Pending requested
Diff: 773 lines (+740/-0)
4 files modified
debian/changelog (+7/-0)
debian/landscape-client.postinst (+8/-0)
debian/patches/1886491-trusted-local.patch (+724/-0)
debian/patches/series (+1/-0)
Chris Johnston (cjohnston)
description: updated
Revision history for this message
Simon Poirier (simpoir) wrote :

It looks like python-apt (1.1.0~beta1ubuntu0.16.04.7) created a regression and elects to ignore
Acquire::AllowInsecureRepositories in favor of APT::Get::AllowUnauthenticated.

The simpler approach would likely be to backport the [trusted=true] fix we've got working with later releases, instead of trying anything related to the global apt config.

Changed in landscape-client (Ubuntu Xenial):
status: New → Confirmed
no longer affects: landscape-client
Simon Poirier (simpoir)
description: updated
Changed in landscape-client (Ubuntu Xenial):
assignee: nobody → Simon Poirier (simpoir)
status: Confirmed → In Progress
Revision history for this message
Eric Desrochers (slashd) wrote :

[sts-sponsor]

Sponsored for Xenial. It is now waiting for the SRU team approval to start building in xenial-proposed pocket.

- Eric

Revision history for this message
Robie Basak (racb) wrote : Please test proposed package

Hello Chris, or anyone else affected,

Accepted landscape-client into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/landscape-client/16.03-0ubuntu2.16.04.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in landscape-client (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-xenial
Revision history for this message
Robie Basak (racb) wrote :

I assumed that Groovy isn't affected. Please could you set the bug status for the development task accordingly?

Revision history for this message
Simon Poirier (simpoir) wrote :

Subsequent releases already had this corrected. I have updated the task status.

Changed in landscape-client (Ubuntu):
status: New → Fix Released
Revision history for this message
Simon Poirier (simpoir) wrote :

I verified the fix by upgrading landcape-client from 16.03-0ubuntu2.16.04.7 to 16.03-0ubuntu2.16.04.8 on an Ubuntu 16.04 machine.
After the upgrade, the profile applied as expected.

tags: added: verification-done verification-done-xenial
removed: verification-needed verification-needed-xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package landscape-client - 16.03-0ubuntu2.16.04.8

---------------
landscape-client (16.03-0ubuntu2.16.04.8) xenial; urgency=medium

  * d/p/1886491-trusted-local.patch: (LP: #1886491)
    Backport implicit trust of file sources created by landscape.

 -- Simon Poirier <email address hidden> Tue, 07 Jul 2020 17:26:43 -0400

Changed in landscape-client (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for landscape-client has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.