Since netplan 0.106.1, Netplan YAMLs should have file permissions
with mode 0o600 (owner RW only) and root owner.
(cherry picked from commit 9ecc4060b9)
The identity screen tells the user that SSH can be configured on the
next screen. That said, nowadays, other screens can be presented between
the identity screen and the SSH screen (including the Ubuntu Pro screen).
Reword the message accordingly.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
(cherry picked from commit 81c16f5a83)
When trying to delete a partition using the answers-based mechanism,
subiquity tries to call .done() on the ConfirmDeletesStretchy overlay.
However, this method does not exist. The .confirm() method is what we
should use instead.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
(cherry picked from commit 76f0469705)
Adjusted to pick revision from the ubuntu/mantic branch.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
(cherry picked from commit a36d969745)
This commit re-adds some of the shared mock fields for testing
and removes a bad import from test_snaplist. These are changes
that shouldn't have been part of the previously reverted patch:
0a70a969d4
(cherry picked from commit 6c27d656f2)
This reverts commit 39f1ea9cb6. The fix proposed
in this patch caused more issues than it fixed. We will have to revisit this in
a more nuanced way in the future. In the meantime users can make use of env
directly to strip/modify the subcommand environment.
(cherry picked from commit 0a70a969d4)
When the source changes, the available variations should change as well.
If we keep the old variations in the
FilesystemController._variations_info dictionary, we end up with a crash
later in the install.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
(cherry picked from commit d4820497e7)
It will log arguments, so unless we are certain the arguments are clean
this will cause trouble. Just turn it off.
(cherry picked from commit 1da5cac477)
When handling a POST request to /source, Subiquity sends a 'source
configured' event. This signals other controllers / models that they
need to restart their tasks that depend on the source being used.
However, if the user of the installer goes back all the way to the
source page and submits it again without changing the settings, there
should be no reason to restart the machinery.
If a call to source ends up doing no modification to the model (i.e.,
not changing the source used or the search_drivers setting), we now
avoid emitting the 'source configured' event ; except if the model has
not been configured yet.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
(cherry picked from commit fff2f6591f)
CVE-2023-5182
As autoinstall-user-data contains a password hash hash for a user with
sudo access, create the autoinstall-user-data as 0400 root:root.
The old permissions are 0640 root:adm, and the adm group does not by
default have sudo access, so cracking that hash could lead to privilege
escallation for someone in the adm group.
Thanks to Patric Åhlin and Johan Hortling for identifying and reporting
the issue.
(cherry picked from commit 62e126896f)
These have owner syslog at install time, but that is uid remapped on the
target system which may end up with a different owning user.
(cherry picked from commit ab0af6375e)
The workflows defined respectively in build.yaml and snap.yaml were
both called "CI". On the Github web interface, it resulted in two menus
called "CI" with no easy way to know which is which.
To make things clearer, we now:
* rename build.yaml -> ci.yaml
* call "Snap" the workflow defined by snap.yaml
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
(cherry picked from commit a34bce470f)
If we ask for reboot before the installation has started (i.e., if
curtin install was not invoked at least once), the following call fails
and prevents the system from rebooting.
$ umount --recursive /target
Make sure we check that /target exists and is mounted before calling
umount.
Another approach would be to check the return value of umount but the
values are not documented.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
(cherry picked from commit abef05178c)
ubuntu-restricted-addons is a multiverse package and is not included in
the pool. Therefore, trying to get it installed when offline leads to an
obvious error.
Instead of making the whole Ubuntu installation fail, we now warn and
skip installation of the package when performing an offline install.
In a perfect world, we should not have offered to install the package in
the first place, but in practice, we can run an offline installation as
the result of failed mirror testing (bad network for instance).
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
(cherry picked from commit 01ec1da86f)
In LP: #2009141, we are hitting kernel limits and pyudev buffer limits.
We don't care about specific events, so much as getting one event,
waiting for things to calm down, then reprobing.
Outright disable the event monitor, and re-enable later. If there is a
storm of events, testing has shown that stopping the listener is not
enough.
(cherry picked from commit b11726d398)
Before using fs_controller.is_core_boot_classic(), we wait for the call
to /meta/confirmation?tty=xxx. That said, in semi-automated desktop
installs, sometimes the call to /meta/confirmation happens before
marking storage configured. This leads to the following error:
File "subiquity/server/controllers/oem.py", line 209, in apply_autoinstall_config
await self.load_metapkgs_task
File "subiquity/server/controllers/oem.py", line 81, in list_and_mark_configured
await self.load_metapackages_list()
File "subiquitycore/context.py", line 149, in decorated_async
return await meth(self, **kw)
File "subiquity/server/controllers/oem.py", line 136, in load_metapackages_list
if fs_controller.is_core_boot_classic():
File "subiquity/server/controllers/filesystem.py", line 284, in is_core_boot_classic
return self._info.is_core_boot_classic()
AttributeError: 'NoneType' object has no attribute 'is_core_boot_classic'
Receiving the confirmation before getting the storage configured is
arguably wrong - but let's be prepared for it just in case.
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
(cherry picked from commit 59849f7f45)