** Description changed: [ Impact ] - * An explanation of the effects of the bug on users and justification - for backporting the fix to the stable release. + This release of wsl-pro-service brings latest enhancements we would like to make sure all of our supported + customers will have access to these improvements on all releases as we approach the GA of Ubuntu Pro + for WSL, system which this service is a key part of. + As before, this service is only applicable for Ubuntu on WSL, its service unit is contained to not even start + if the condition `ConditionVirtualization=wsl` is not met. As we don't publish nor advertise interim releases + of Ubuntu on WSL, we're mostly releasing this version to Oracular and later to ensure the package stays available for + future releases as well as for covering the small percentage of users who `do-release-upgrade` their + instances. - * In addition, it is helpful, but not required, to include an - explanation of how the upload fixes this bug. + The most important changes are: - [ Test Plan ] + - Upgrade to the latest Go toolchain to address vulnerabilities + GO-2025-3563, GO-2025-3447 and GO-2025-3373. - * detailed instructions how to reproduce the bug + - Reduce the duration under which wsl-pro-service remains running without being connected to the Windows side: + * That allowed the service to spam the system's journal with too often complaints of connection retrials. + * The existing behaviour was already highlighted by some users when reporting issues, not necessarily + caused by this service, such as: + . https://github.com/microsoft/WSL/issues/12433#issue-2768853006: Here users misunderstood it as an + issue issue because of how often that message appears. + . https://github.com/microsoft/WSL/issues/11522#issuecomment-2148499450: Here an example of systemd journal + showing too many logs of wsl-pro-service. + * With the current implementation we reduce the number of connection attempts and increase the duration + systemd takes before restarting the service. - * these should allow someone who is not familiar with the affected - package to reproduce the bug and verify that the updated package - fixes the problem. + - Increase systemd confinement: + * Due a bug in ubuntu-pro-client we had to reduce the restrictions in the systemd unit in the past to let + it subprocess livepatch, even thought that's not applicable under WSL. + * That bug is fixed in v35 being SRU'ed in LP: #2083973 - * if other testing is appropriate to perform before landing this - update, this should also be described here. + - Prevents unnecessary re-registration with Landscape + * by passing the CLI flag --register-if-needed when subprocessing landscape-config. + + + [ Test plan ] + + == 1. Less loging: + + * Make sure the Ubuntu Pro for WSL Windows agent is not running: + - On Windows run `taskkill /f /im ubuntu-pro-agent.exe` + - Depending on the OS settings elevated permissions might be required. + * Install wsl-pro-service version 0.1.18 on Ubuntu on WSL (Noble, Oracular and Plucky should behave exactly + the same) + * Follow it's journal with `journalctl -f -u wsl-pro.service` + * Notice that it starts logging connection attempts too often, backing off exponentially up to 1min interval. + Approximately 10 minutes after attempting to connect without success, it silents. + * systemd should take approximately 20 min to attempt to restart the unit. + + == 2. Pro attachment works under systemd restrictions and without + livepatch being installed. + + (Most of this test case would be testing ubuntu-pro-client v35 indeed, but we must verify that our integration + is not harmed with the changes in wsl-pro-service systemd confinement) + + * Create a fresh instance of Ubuntu on WSL: + - On Windows run `wsl.exe --install -d Ubuntu` + * Install ubuntu-pro-agent v35 (currently available via the `-proposed` repository) + * Make sure livepatch is not installed: `sudo snap remove canonical-livepatch` + * Make sure the Ubuntu on WSL instance is not pro attached: `pro status` (`pro detach` if needed). + * Install wsl-pro-service version 0.1.18 on Ubuntu on WSL (Noble, Oracular and Plucky should behave exactly + the same) + * Install Ubuntu Pro for WSL (download the latest production build from https://github.com/canonical/ubuntu-pro-for-wsl/actions/runs/14386282882/artifacts/2921576467) + * Follow this guide to attach your Pro token: https://documentation.ubuntu.com/wsl/en/stable/tutorials/getting-started-with-up4w/#set-up-ubuntu-pro-for-wsl + * Follow it's journal with `journalctl -f -u wsl-pro.service`: + - If pro-attaching fails because of systemd restrictions we should see some "permission denied" or "bad system + call" errors in the journal. + - If the livepatch fix was not correct, we should see mentions to `canonical-livepatch` in the journal. + - Both conditions should be considered a failure. Otherwise, proceed. + * Confirm pro attachment `pro status` inside the Ubuntu instance. + * Finally assert that canonical-livepatch remains not installed on this machine. + + == 3. (Optional) wsl-pro-service outside of WSL + + (Ensures the unit does nothing outside of WSL) + + * Install wsl-pro-service on an instance of Ubuntu 24.04 (or later) on any platform other than WSL (Desktop, + Server bare-metal or VM, OCI containers). + * Verify that the unit is disabled due unmet condition: `systemctl status wsl-pro.service` + [ Where problems could occur ] - * Think about what the upload changes in the software. Imagine the - change is wrong or breaks something else: how would this show up? + Up until now, wsl-pro-service remains running all the time the unit is alive, thus anytime a user installs the + Ubuntu Pro for WSL application on Windows they could expect the communication with the Windows agents to start + briefly. - * It is assumed that any SRU candidate patch is well-tested before - upload and has a low overall risk of regression, but it's important - to make the effort to think about what ''could'' happen in the event - of a regression. + With the behaviour changes, that won't be the case always, as the service could just had quit seconds before + and systemd will take about 20min to restart it. Users can always `sudo systemctl restart wsl-pro.service`. - * This must never be "None" or "Low", or entirely an argument as to why - your upload is low risk. + Since the entire system is not yet generally available the number of users affected by this behaviour change + is very minimal, comprising of a handful of beta testers and internal collaborators (such as the + Landscape team). - * This both shows the SRU team that the risks have been considered, - and provides guidance to testers in regression-testing the SRU. + If the changes in wsl-pro-service landed before ubuntu-pro-client v35, we'd have issues with livepatch already + described. I judge that as almost impossible since the SRU bug LP: #2083973 is older and is very likely to + handle any regressions in time. [ Other Info ] - * Anything else you think is useful to include + I purposefully skipped testing the changes related to Landscape because it's too complex to set up a server + just for this purpose. - * Make sure to explain any deviation from the norm, to save the SRU - reviewer from having to infer your reasoning, possibly incorrectly. - This should also help reduce review iterations, particularly when the - reason for the deviation is not obvious. + We upgraded many vendored Go dependencies, thus they comprise a huge + part of the diffs. - * Anticipate questions from users, SRU, +1 maintenance, security teams - and the Technical Board and address these questions in advance + [ Changelog ] + + wsl-pro-service (0.1.18~22.04.1) jammy; urgency=medium + + * Pin Go toolchain to 1.23.8 to fix the following security vulnerabilities: + - GO-2025-3563, GO-2025-3447 and GO-2025-3373 (LP: #2106757) + * Allows the service to quit for longer period of time if the Windows agent + is not reachable. + - resulting in less logging to system journal. + * Removes workaround for livepatch no longer needed since pro-client v35 + - systemd service is more confined again. + * Prevents unnecessary re-registration with Landscape + - by passing the CLI flag --register-if-needed to landscape-config. + * Upgrades various golang dependencies. + + -- Carlos Nihelton <cnihel...@ubuntu.com> Thu, 10 Apr 2025 13:50:32 + -0300 + + wsl-pro-service (0.1.5) oracular; urgency=medium + + * Fix UserProfileDir when %USERPROFILE% is empty + * Fix for empty field for landscape SSL public key + * Prevent subprocesses to sent notification to systemd + * Workaround livepatch disable failure + * Remove now unused hostagent UID and move it to our GRPc part + in landscape protocole + * Force all subcommands to run with LC_ALL=C + * Removes dependency on /etc/resolv.conf + * Fix logging level in config + * Upgrade to Go 1.23 + * Annotate assertion on int conversion check with bitSize 32 + * Add some more tests and enhanced/cleanup existing ones, including mocks + * Fix some flaky tests + * Update some vendored dependencies + * Fix some vendoring scripts + + -- Didier Roche-Tolomelli <didro...@ubuntu.com> Tue, 10 Sep 2024 + 13:24:08 +0200 + + wsl-pro-service (0.1.4) noble; urgency=medium + + * Vendor manually on the host as the go mod vendoring when using + dpkg-buildpackage works in a different environment. + + -- Didier Roche-Tolomelli <didro...@ubuntu.com> Fri, 19 Apr 2024 + 07:56:41 +0200
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106757 Title: [SRU] wsl-pro-service version 0.1.18 for Plucky, Oracular and Noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wsl-pro-service/+bug/2106757/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
