security sources.list needs fixing on upgrade
Bug #2036679 reported by
Steve Langasek
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-release-upgrader (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Mantic |
Fix Released
|
High
|
Unassigned |
Bug Description
subiquity was inadvertently configuring installed systems to use CC.archive.
This has been fixed in subiquity, but installed systems still have the wrong config.
We need quirking to fix this on upgrade.
Related branches
~enr0n/ubuntu-release-upgrader:ubuntu/main
Merged
into
ubuntu-release-upgrader:ubuntu/main
at
revision d1b30f03a797a1d37c2622ad8ddff858dced9d4a
- Brian Murray: Approve
- Gunnar Hjalmarsson: Approve
-
Diff: 362 lines (+153/-20)7 files modifiedDistUpgrade/DistUpgradeController.py (+9/-0)
DistUpgrade/DistUpgradeQuirks.py (+111/-4)
DistUpgrade/DistUpgradeVersion.py (+1/-1)
data/mirrors.cfg (+8/-10)
debian/changelog (+12/-0)
utils/demoted.cfg (+6/-3)
utils/demoted.cfg.jammy (+6/-2)
tags: | added: foundations-todo |
Changed in ubuntu-release-upgrader (Ubuntu Mantic): | |
importance: | Undecided → High |
description: | updated |
information type: | Public → Public Security |
Changed in ubuntu-release-upgrader (Ubuntu Mantic): | |
status: | New → Fix Committed |
tags: | removed: foundations-todo |
To post a comment you must log in.
I'd like to provide some more information
1. Affected installs done offline would have left the systems configured to use archive.ubuntu.com rather than $CC.archive. ubuntu. com. The country-code is determined using a query to geoip.ubuntu.com. So no network means no country mirror. Moreover, Subiquity runs mirror testing against the country mirror and can automatically revert to the non-country alternative (i.e., archive.ubuntu.com) if it seems to work better.
2. The ubuntu-server installer allows the user to customize the URL that is used to access the $release and $release-updates pockets. Since the URL was mistakenly applied to the security pocket as well, it is possible (although uncommon) that some people have their system configured with arbitrary URLs for the security pocket. A similar configuration can only be achieved on ubuntu-desktop by means of autoinstall directives.
3. On ports architectures (e.g., arm64, s390x, riscv64, ...) the systems were previously expected to have ports.ubuntu. com/ubuntu- ports set for the -security pocket - but I didn't find an official statement. ubuntu. com instead of ports.ubuntu.com for the -security pocket.
Affected installs would likely show $CC.ports.