Ubuntu Look

This is the Ubuntu Kernel Team highlights and status for the week.

If you would like to reach the kernel team, you can find us at the #ubuntu-kernel channel on FreeNode. Alternatively, you can mail the Ubuntu Kernel Team mailing list at: kernel-team@lists.ubuntu.com.

Highlights

• The upstream stable releases, 4.4.77 and 4.4.78, have been applied to Xenial.
• The Artful staging repository has been rebased to 4.12.3.
• Work on 4.13 for Artful has been started.
• Changes of the _OSI object in ACPI spec 6.1a & 6.2 and in Linux.

• The following kernels were promoted to -updates and -security:

  xenial 4.4.0-87.110 xenial/raspi2 4.4.0-1065.73 xenial/snapdragon 4.4.0-1067.72 xenial/aws 4.4.0-1026.35 xenial/gke 4.4.0-1022.22 trusty/lts-xenial 4.4.0-87.110~14.04.1 

• The following CVE’s have been fixed in the last SRU cycle:

  • Zesty 17.10
    • CVE-2017-9605
    • CVE-2017-1000380
    • CVE-2017-7346
    • CVE-2014-9900
  • Xenial 16.04
    • CVE-2014-9900
    • CVE-2017-9074
    • CVE-2017-7346
    • CVE-2015-8944
    • CVE-2017-9150
    • CVE-2017-1000364
  • Trusty 14.04
    • CVE-2014-9900
    • CVE-2017-9074
    • CVE-2015-8963
    • CVE-2015-8962
    • CVE-2015-8955
    • CVE-2015-8964
    • CVE-2015-8967
    • CVE-2017-8925
    • CVE-2017-8924
    • CVE-2015-8966
    • CVE-2017-7346
    • CVE-2016-10088
    • CVE-2015-8944
    • CVE-2017-1000380
    • CVE-2017-9605
    • CVE-2017-7895

Development Kernel Announcements

We intend to target a 4.13 kernel for the Ubuntu 17.10 release. The artful kernel is now based on Linux 4.11. The Ubuntu 17.10 Kernel Freeze is Thurs Oct 5, 2017.

Stable Kernel Announcements

• Current cycle: 14-July through 05-August

   14-Jul Last day for kernel commits for this cycle. 17-Jul - 22-Jul Kernel prep week. 23-Jul - 04-Aug Bug verification & Regression testing. 07-Aug Release to -updates. 

• Next cycle: 04-Aug through 26-Aug

   04-Aug Last day for kernel commits for this cycle. 07-Aug - 12-Aug Kernel prep week. 13-Aug - 25-Aug Bug verification & Regression testing. 28-Aug Release to -updates. 

• The current CVE status

Screen Ordering

Previously, you would go through the install journey by picking your spell, selecting a cloud, modifying charm options, and then waiting for bootstrap/applications to be completely deployed prior to performing the post processing steps. In this latest update we’ve moved all steps to be completed prior to any of those longer blocking tasks.

This allows you to see the complete picture and giving you the ability to go back and make updates to your configuration items prior to running the longer tasks of the deployment.

Deployment resilience

We use a mechanism for determining when a deployment has “finished”, meaning, all hooks have been fired and each application is in a ready state to handle the next set of instructions from the installer. In some cases an application may get into a state of error but quickly resolve itself.

This was causing us some issues as we were taking a very strict approach that if there is an error in the application then the deployment should fail. Even though this is the proper thing to do we’ve made a decision that if the application is able to fix itself then we shouldn’t pass on that failed experience to the user since technically the deployment is able to finish and function as intended.

To combat this we’ve made our deployment checker a little more lenient and performing retries (up to 5 times) to validate if an application does fix itself. However, since an error was seen in the application it should not go unnoticed and needs to be fixed in the charm itself. In our integration tests we have an environment variable CONJURE_UP_MODE that can be set to test and gives us the ability to fail on charm failures and get those bugs reported upstream and resolved.

Spell authors can make use of this feature in their own spells by updating the 00_deploy-done script with the following bits:

#!/bin/bash set -eux . "$CONJURE_UP_SPELLSDIR/sdk/common.sh" retry_arg="-r5" if [[ "${CONJURE_UP_MODE-}" == "test" ]]; then retry_arg="" fi if ! juju wait $retry_arg -vwm "$JUJU_CONTROLLER:$JUJU_MODEL"; then setResult "Applications did not start successfully" exit 1 fi setResult "Applications Ready" exit 0 

Getting these changes

Installing the snap from the edge channel will give you the latest work outlined in these developer summaries:

sudo snap install conjure-up --classic --edge

 

In an earlier blog post I mentioned ss, another tool that comes with the iproute2 package and allows you to query statistics about sockets. The same thing that can be done with netstat, with the added benefit that it is typically a little bit faster, and shorter to type.

Just ss by default will display much the same thing as netstat, and can be similarly passed options to limit the output to just what you want. For instance:

$ ss -t State       Recv-Q Send-Q       Local Address:Port                        Peer Address:Port ESTAB       0      0                127.0.0.1:postgresql                     127.0.0.1:48154 ESTAB       0      0            192.168.0.136:35296                      192.168.0.120:8009 ESTAB       0      0            192.168.0.136:47574                     173.194.74.189:https

[…]

ss -t shows just TCP connections. ss -u can be used to show UDP connections, -l will show only listening ports, and things can be further filtered to just the information you want.

I have not tested all the possible options, but you can even forcibly close sockets with -K.

One place where ss really shines though is in its filtering capabilities. Let’s list all connections with a source port of 22 (ssh):

$ ss state all sport = :ssh Netid State      Recv-Q Send-Q     Local Address:Port                      Peer Address:Port tcp   LISTEN     0      128                    *:ssh                                  *:* tcp   ESTAB      0      0          192.168.0.136:ssh                      192.168.0.102:46540 tcp   LISTEN     0      128                   :::ssh                                 :::*

And if I want to show only connected sockets (everything but listening or closed):

$ ss state connected sport = :ssh Netid State      Recv-Q Send-Q     Local Address:Port                      Peer Address:Port tcp   ESTAB      0      0          192.168.0.136:ssh                      192.168.0.102:46540

Similarly, you can have it list all connections to a specific host or range; in this case, using the 74.125.0.0/16 subnet, which apparently belongs to Google:

$ ss state all dst 74.125.0.0/16 Netid State      Recv-Q Send-Q     Local Address:Port                      Peer Address:Port tcp   ESTAB      0      0          192.168.0.136:33616                   74.125.142.189:https tcp   ESTAB      0      0          192.168.0.136:42034                    74.125.70.189:https tcp   ESTAB      0      0          192.168.0.136:57408                   74.125.202.189:https

This is very much the same syntax as for iptables, so if you’re familiar with that already, it will be quite easy to pick up. You can also install the iproute2-doc package, and look in /usr/share/doc/iproute2-doc/ss.html for the full documentation.

Try it for yourself! You’ll see how well it works. If anything, I’m glad for the fewer characters this makes me type.

GNOME

We’re working on adding captive portal detection to Artful. We think it would be good if there were an option in the privacy settings to enable or disable this. We’ve done some initial work as preparation – some patches have been submitted to Network Manager’s upstream to enable an option to be created. They are currently awaiting review.

ISO cleanups

Work continues to move deprecated components out of the desktop ISO and to universe. This week’s list includes indicator-application and indicator-messages.

Snaps

Updated versions of gedit, gnome-sudoku, quadrapassel, gnome-dictionary, gnome-calculator, and gnome-clocks are in the edge channel of the store now built using the gnome-3-24 platform snap and content interface.

Video & Audio

A workaround has been uploaded for GDM which was blocking the A2DP high quality bluetooth profile from being activated in the user session.

Updates

• Libreoffice 5.3.4, with a workaround for an i386 kernel issue which had been blocking the previous version.
• GStreamer 1.12.2
• Evolution 3.24.2
• The nplan autopkgtest got fixed, unblocking the network-manager update.

Unity 7

16.04 continues to be supported, and we’ve been working on some further improvements for Unity that are targeted there. In particular there are improvements currently being developed to the low graphics mode that will benefit users of low powered systems and VMs.

QA

GNOME Software has a documented test plan now.

The purpose of this communication is to provide a status update and highlights for any interesting subjects from the Ubuntu Server Team. If you would like to reach the server team, you can find us at the #ubuntu-server channel on Freenode. Alternatively, you can sign up and use the Ubuntu Server Team mailing list.

cloud-init

• cloud-init now supports python 3.6
• modify Depends such that cloud-init no longer brings ifupdown into an image (LP: #1705639)
• IPv6 Networking and Gateway fixes (LP: #1694801, #1701097)
• Other networking fixes (LP: #1695092, #1702513)
• Numerous CentOS networking commits (LP: #1682014, #1701417, #1686856, #1687725)

Git Ubuntu

• Added initial linting tool (LP: #1702954)

Bug Work and Triage

• 120 bugs reviewed, 0 accepted, 299 in the backlog
• Notes on daily bug triage

IRC Meeting

• IRC Log
• Agenda and notes

Ubuntu Server Packages

Below is a summary of uploads to the development and supported releases. Current status of the Debian to Ubuntu merges is tracked on the Merge-o-Matic page. For a full list of recent merges with change logs please see the Ubuntu Server report.

Uploads to the Development Release (Artful)

asterisk, 1:13.14.1~dfsg-2ubuntu2, vorlon billiard, 3.5.0.2-1, None cloud-init, 0.7.9-221-g7e41b2a7-0ubuntu3, smoser cloud-init, 0.7.9-221-g7e41b2a7-0ubuntu2, smoser cloud-init, 0.7.9-221-g7e41b2a7-0ubuntu1, smoser cloud-init, 0.7.9-212-g865e941f-0ubuntu1, smoser cloud-init, 0.7.9-210-ge80517ae-0ubuntu1, smoser freeradius, 3.0.15+dfsg-1ubuntu1, nacc libvirt, 3.5.0-1ubuntu2, paelzer multipath-tools, 0.6.4-5ubuntu1, paelzer multipath-tools, 0.6.4-3ubuntu6, costamagnagianfranco multipath-tools, 0.6.4-3ubuntu5, jbicha nginx, 1.12.1-0ubuntu1, teward ocfs2-tools, 1.8.5-2, None openldap, 2.4.44+dfsg-8ubuntu1, costamagnagianfranco puppet, 4.10.4-2ubuntu1, nacc python-tornado, 4.5.1-2.1~build1, costamagnagianfranco samba, 2:4.5.8+dfsg-2ubuntu4, mdeslaur spice, 0.12.8-2.1ubuntu0.1, mdeslaur tgt, 1:1.0.71-1ubuntu1, paelzer Total: 20 

Uploads to Supported Releases (Trusty, Xenial, Yakkety, Zesty)

freeipmi, yakkety, 1.4.11-1.1ubuntu4~0.16.10, dannf golang-1.6, xenial, 1.6.2-0ubuntu5~16.04.3, mwhudson heimdal, zesty, 7.1.0+dfsg-9ubuntu1.1, sbeattie heimdal, yakkety, 1.7~git20150920+dfsg-4ubuntu1.16.10.1, sbeattie heimdal, xenial, 1.7~git20150920+dfsg-4ubuntu1.16.04.1, sbeattie heimdal, trusty, 1.6~git20131207+dfsg-1ubuntu1.2, sbeattie heimdal, xenial, 1.7~git20150920+dfsg-4ubuntu1.16.04.1, sbeattie heimdal, trusty, 1.6~git20131207+dfsg-1ubuntu1.2, sbeattie heimdal, yakkety, 1.7~git20150920+dfsg-4ubuntu1.16.10.1, sbeattie heimdal, zesty, 7.1.0+dfsg-9ubuntu1.1, sbeattie iscsitarget, xenial, 1.4.20.3+svn502-2ubuntu4.4, apw iscsitarget, xenial, 1.4.20.3+svn502-2ubuntu4.3, smb iscsitarget, trusty, 1.4.20.3+svn499-0ubuntu2.3, smb iscsitarget, trusty, 1.4.20.3+svn499-0ubuntu2.3, smb iscsitarget, xenial, 1.4.20.3+svn502-2ubuntu4.3, smb maas, xenial, 2.2.0+bzr6054-0ubuntu2~16.04.1, andreserl maas, yakkety, 2.2.0+bzr6054-0ubuntu2~16.10.1, andreserl maas, zesty, 2.2.0+bzr6054-0ubuntu2~17.04.1, andreserl mysql-5.5, trusty, 5.5.57-0ubuntu0.14.04.1, mdeslaur mysql-5.5, trusty, 5.5.57-0ubuntu0.14.04.1, mdeslaur mysql-5.7, zesty, 5.7.19-0ubuntu0.17.04.1, mdeslaur mysql-5.7, xenial, 5.7.19-0ubuntu0.16.04.1, mdeslaur mysql-5.7, xenial, 5.7.19-0ubuntu0.16.04.1, mdeslaur mysql-5.7, zesty, 5.7.19-0ubuntu0.17.04.1, mdeslaur nagios-images, zesty, 0.9.1ubuntu0.1, nacc ntp, yakkety, 1:4.2.8p8+dfsg-1ubuntu2.2, paelzer postfix, yakkety, 3.1.0-5ubuntu1, vorlon samba, zesty, 2:4.5.8+dfsg-0ubuntu0.17.04.4, sbeattie samba, yakkety, 2:4.4.5+dfsg-2ubuntu5.8, sbeattie samba, xenial, 2:4.3.11+dfsg-0ubuntu0.16.04.9, sbeattie samba, trusty, 2:4.3.11+dfsg-0ubuntu0.14.04.10, sbeattie samba, xenial, 2:4.3.11+dfsg-0ubuntu0.16.04.9, sbeattie samba, trusty, 2:4.3.11+dfsg-0ubuntu0.14.04.10, sbeattie samba, yakkety, 2:4.4.5+dfsg-2ubuntu5.8, sbeattie samba, zesty, 2:4.5.8+dfsg-0ubuntu0.17.04.4, sbeattie spice, zesty, 0.12.8-2ubuntu1.1, mdeslaur spice, xenial, 0.12.6-4ubuntu0.3, mdeslaur spice, trusty, 0.12.4-0nocelt2ubuntu1.5, mdeslaur spice, xenial, 0.12.6-4ubuntu0.3, mdeslaur spice, trusty, 0.12.4-0nocelt2ubuntu1.5, mdeslaur spice, zesty, 0.12.8-2ubuntu1.1, mdeslaur sssd, xenial, 1.13.4-1ubuntu1.6, slashd walinuxagent, zesty, 2.2.14-0ubuntu1~17.04.1, sil2100 walinuxagent, yakkety, 2.2.14-0ubuntu1~16.10.1, sil2100 walinuxagent, xenial, 2.2.14-0ubuntu1~16.04.1, sil2100 walinuxagent, trusty, 2.2.14-0ubuntu1~14.04.1, sil2100 xen, zesty, 4.8.0-1ubuntu2.2, mdeslaur xen, yakkety, 4.7.2-0ubuntu1.3, mdeslaur xen, xenial, 4.6.5-0ubuntu1.2, mdeslaur xen, trusty, 4.4.2-0ubuntu0.14.04.12, mdeslaur xen, xenial, 4.6.5-0ubuntu1.2, mdeslaur xen, trusty, 4.4.2-0ubuntu0.14.04.12, mdeslaur xen, yakkety, 4.7.2-0ubuntu1.3, mdeslaur xen, zesty, 4.8.0-1ubuntu2.2, mdeslaur Total: 54 

Contact the Ubuntu Server team

• Chat on #ubuntu-server on Freenode
• Email the ubuntu-server mailing list

Back in March, we asked the HackerNews community, “What do you want to see in Ubuntu 17.10?”: https://ubu.one/AskHN

A passionate discussion ensued, the results of which are distilled into this post: http://ubu.one/thankHN

In fact, you can check that link, http://ubu.one/thankHN and see our progress so far this cycle. We already have a beta code in 17.10 available for your testing for several of those:

• GNOME replaced Unity
• Bluetooth improvements with a new BlueZ
• Switched to libinput
• 4K/Multimonitor/HiDPI improvements
• Upgraded to Network Manager 1.8
• New Subiquity server installer
• Minimal images (36MB, 18% smaller)

And several others have excellent work in progress, and will be complete by 17.10:

• Autoremove old kernels from /boot
• EXT4 encryption with fscrypt
• Better GPU/CUDA support

In summary — your feedback matters! There are hundreds of engineers and designers working for *you* to continue making Ubuntu amazing!

Along with the switch from Unity to GNOME, we’re also reviewing some of the desktop applications we package and ship in Ubuntu. We’re looking to crowdsource input on your favorite Linux applications across a broad set of classic desktop functionality.

We invite you to contribute by listing the applications you find most useful in Linux in order of preference. To help us parse your input, please copy and paste the following bullets with your preferred apps in Linux desktop environments. You’re welcome to suggest multiple apps, please just order them prioritized (e.g. Web Browser: Firefox, Chrome, Chromium). If some of your functionality has moved entirely to the web, please note that too (e.g. Email Client: Gmail web, Office Suite: Office360 web). If the software isn’t free/open source, please note that (e.g. Music Player: Spotify client non-free). If I’ve missed a category, please add it in the same format. If your favorites aren’t packaged for Ubuntu yet, please let us know, as we’re creating hundreds of new snap packages for Ubuntu desktop applications, and we’re keen to learn what key snaps we’re missing.

• Web Browser: ???
• Email Client: ???
• Terminal: ???
• IDE: ???
• File manager: ???
• Basic Text Editor: ???
• IRC/Messaging Client: ???
• PDF Reader: ???
• Office Suite: ???
• Calendar: ???
• Video Player: ???
• Music Player: ???
• Photo Viewer: ???
• Screen recording: ???

In the interest of opening this survey as widely as possible, we’ve cross-posted this thread to HackerNews, Reddit, and Slashdot. We very much look forward to another friendly, energetic, collaborative discussion.

Thank you!

twitter.com/@DustinKirkland

On behalf of @Canonical and @Ubuntu