Ubuntu 18.04.3 LTS is out, including GNOME stable updates and Livepatch desktop integration

Ubuntu 18.04.3 LTS has just been released. As usual with LTS point releases, the main changes are a refreshed hardware enablement stack (newer versions of the kernel, xorg & drivers) and a number of bug and security fixes.

For the Desktop, newer stable versions of GNOME components have been included as well as a new feature: Livepatch desktop integration.

For those who aren’t familiar, Livepatch is a service which applies critical kernel patches without rebooting. The service is available as part of an Ubuntu Advantage subscriptions but also made available for free to Ubuntu users (up to 3 machines).  Fixes are downloaded and applied to your machine automatically to help reduce downtime and keep your Ubuntu LTS systems secure and compliant.  Livepatch is available for your servers and your desktops.

Andrea Azzarone worked on desktop integration for the service and his work finally landed in the 18.04 LTS.

To enabling Livepatch you just need an Ubuntu One account. The set up is part of the first login or can be done later from the corresponding software-properties tab.

Here is a simple walkthrough showing the steps and the result:

The wizard displayed during the first login includes a Livepatch step will help you get signed in to Ubuntu One and enable Livepatch:

Clicking the ‘Set Up’ button invites you to enter you Ubuntu One information (or to create an account) and that’s all that is needed.

The new desktop integration includes an indicator showing the current status and notifications telling when fixes have been applied.

You can also get more details on the corresponding CVEs from the Livepatch configuration UI

You can always hide the indicator using the toggle if you prefer to keep your top panel clean and simple.

Enjoy the increased security in between reboots!

 

 

 

Bolt 0.8 update

Christian recently released bolt 0.8, which includes IOMMU support. The Ubuntu security team seemed eager to see that new feature available so I took some time this week to do the update.

Since the new version also featured a new bolt-mock utility and installed tests availability. I used the opportunity that I was updating the package to add an autopkgtest based on the new bolt-tests binary, hopefully that will help us making sure our tb3 supports stays solid in the futur ;-)

The update is available in Debian Experimental and Ubuntu Eoan, enjoy!

System76 / Pop! OS team, not upstreaming your patches isn’t going to benefit your users

I saw a few cases of those situations happening recently

  1.  System76 / Pop! OS finds a bug (where ‘find’ often means that they confirm an existing upstream bug is impacting their OS version)
  2. They write a patch or workaround, include it in their package but don’t upstream the change/fix (or just drop a .patch labelled as workaround in a comment rather than submitting it for proper review)
  3. Later-on they start commenting on the upstream (Ubuntu, GNOME, …) bugs trackers, pointing out to users that the issue has been addressed in Pop! OS, advertising how they care about users and that’s why they got the problem solved in their OS

System76 / Pop! OS team, while you should be proud of the work you do for you users I think you are going the wrong way there. Working on fixes and including them early in your product is one thing, not upstreaming those fixes and using that for marketing you as better than your upstreams is a risky game. You might be overlooking that now, but divergence has a cost, as does not having good relationship with your upstreams.

What triggered me to write this blog today was after reading https://blog.system76.com/post/185276928258/system76-news-a-may-with-zing yesterday which included that item

Fixes

We’ve updated the youtube-dl package to a newer version. This package, maintained by Debian and Canonical, is used for downloading videos from YouTube. Changes made by Google to the YouTube API had recently broken this package in the Ubuntu repositories, hence the update.

As the description mentions, they are using the Ubuntu package (which is coming from Debian). I went to check a bit more what happened and what’s the status of the fix, and oh, surprises!
– they didn’t report the bug in launchpad
– they didn’t send their patch/fix to launchpad
– they didn’t get in touch with Ubuntu/Canonical about fixing the issue in a SRU

So instead of working with their upstream on a fix which would benefit Ubuntu and Pop! OS users they did an upload in their overlay PPA with as description
‘ * Backport to Pop!_OS because Ubuntu is too slow.’

Thanks System76 for not trying to work with us and then stab us in the back with that package description.

Ubuntu users, sorry that we didn’t get to fix that earlier since it was not brought to our attention, I did upload SRUs for Bionic and Disco now, details on https://bugs.launchpad.net/ubuntu/+source/youtube-dl/+bug/1831778

(Other recent examples on https://gitlab.gnome.org/GNOME/gnome-shell/issues/1084 or https://bugs.launchpad.net/ubuntu/+source/gnome-desktop3/+bug/1731318/comments/6)

Ubuntu keeping up with GNOME stable updates

Recently Michael blogged about epiphany being outdated in Ubuntu. While I don’t think that a blog ranting was the best way to handle the problem (several of the Ubuntu Desktop members are on #gnome-hackers for example, it would have been easy to talk to us there) he was right that the Ubuntu package for epiphany was outdated.

Ubuntu does provide updates, even for packages in the universe repository

One thing Michael wrote was

Because Epiphany is in your universe repository, rather than main, I understand that Canonical does not provide updates

That statement is not really accurate.

First Ubuntu is a community project and not only maintained by Canonical. For example most of work done in recent cycles on the epiphany package was from Jeremy (which was one of the reason the package got outdated, Jeremy had to step down from that work and no-one picked it up).

Secondly, while it’s true that Canonical doesn’t provide official support for packages in universe we do have engineers who have interest in some of those components and help maintaining them.

Epiphany is now updated (deb & snap)

Going back to the initial problem, Michael was right and in this case Ubuntu didn’t keep up with available updates for epiphany, which has now been resolved

    • 3.28.5 is now available in Bionic (current LTS)
    • 3.32.1 is available in the devel serie and in the Disco (the current stable)
    • The snap versions are a build of gnome-3-32 git for the stable channel and a build of master in the edge channel.

Snaps and GTK 3.24

Michael also wrote that

The snap is still using 3.30.4, because Epiphany 3.32 depends on GTK 3.24, and that is not available in snaps yet.

Again the reality is a bit more complex. Snaps don’t have depends like debs do, so by nature they don’t have problems like being blocked by missing depends. To limit duplication we do provide a gnome platform snap though and most of our GNOME snaps use it. That platform snap is built from our LTS archive which is on GTK 3.22 and our snaps are built on a similar infrastructure.

Ken and Marcus are working on resolving that problem by providing an updated gnome-sdk snap but that’s not available yet. Meanwhile they changed the snap to build gtk itself instead of using the platform one, which unblocked the updates, thanks Ken and Marcus!

Ubuntu does package GNOME updates

I saw a few other comments recently along the lines of “Ubuntu does not provide updates for its GNOME components in stable series” which I also wanted to address here.

We do provide stable updates for GNOME components! Ubuntu usually ship its new version with the .1 updates included from the start and we do try to keep up with doing stable updates for point releases (especially for the LTS series).

Now we have a small team and lot to do so it’s not unusual to see some delays in the process.
Also while we have tools to track available updates, our reports are currently only for the active distro and not stable series which is a gap and leads us sometime to miss some updates.
I’ve now hacked up a stable report and reviewed the current output and we will work on updating a few components that are currently outdated as a result.

Oh, and as a note, we do tend to skip updates which are “translations updates only” because launchpad does allows us to get those without needing a stable package upload (the strings are shared by serie so getting the new version/translations uploaded to the most recent serie is enough to have those available for the next language pack stable updates)

And as a conclusion, if as an upstream or user you have an issue with a component that is still outdated in Ubuntu feel free to get in touch with us (IRC/email/launchpad) and we will do out best to fix the situation.

Ubuntu stable updates

There was some blog entries this week about GNOME stable updates on Ubuntu. There is no reason new bug fix versions could not be uploaded to stable out of the fact that the SRU rules require to check carrefully all the changes and doing this job on all the GNOME tarballs is quite some work, or the ubuntu desktop team is quite small and already overworked.

There is a list of packages which have a relaxed rules though, we have discussed adding GNOME to those since the stable serie usually has fixes worth having and not too many unstable changes (though the stable SVN code usually doesn’t get lot of testing) and decided than the stable updates which look reasonable should be uploaded to hardy-update.

There was also some concerns about gnome-games, 2.20.3 has been uploaded to gutsy-proposed today which should reduce the number of bugs sent to the GNOME bugzilla. The new dependencies on ggz has also been reviewed and 2.21 should be built soon in hardy.

GNOME and Ubuntu

The FOSSCamp and UDS week has been nice and a good occasion to talk to upstream and people from other distributions. We had desktop discussions about the new technologies landing in GNOME this cycle (the next Ubuntu will be a LTS so we need a balance between new features and stability), the desktop changes we want to do, and how Ubuntu contributes to GNOME.

Some random notes about the Ubuntu upstream contributions:

  • Vincent asked again for an easy way to browse the Ubuntu patches and Scott picked up the task, the result is available there
  • The new Canonical Desktop Team will focus on making the user experience better, most of the changes will likely be upstream material and discussed there, etc
  • Canonical has open Ubuntu Desktop Infrastructure Developer and Ubuntu Conceptual Interface Designer positions, if you want to do desktop work for a cool open source company you might be interested by those ;-)

GNOME updates in gutsy and hardy

  • Selected GNOME 2.20.1 changes have been uploaded to gutsy-updates
  • The GNOME 2.21.2 packaging has started in hardy, some updates and lot of Debian merges are still on the TODO though
  • We have decided to use tags in patches to indicate the corresponding Ubuntu and upstream bugs so it’s easier to get the context of the change, technical details still need to be discussed though

Update: Scott pointed that you can use http://patches.ubuntu.com/n/nautilus/extracted to access to the current nautilus version

Ubuntu desktop updates

  • GNOME 2.19.6 is now available in gutsy. Thanks to all the contributors mentioned on the WeeklyTODO, especially Áron, Baptiste and Fernando, you do a rocking job!
  • Daniel packaged rarian and I’ve made it easily instable now. If you want to replace scrollkeeper and give it a try what you have to do is to install rarian-compat. You can report bugs on launchpad or upstream on bugzilla. The new help will be uploaded soon and it’s likely that the next tribe CD will use rarian. Thank also to Don for the work on it and the quick reply to my questions
  • Ian worked on integrating the fast user switching work done by fedora and upstream in Ubuntu and fixed some bugs on the way. You can now install consolekit in gutsy and user switching should work nicely. That will likely be installed by default on the next gutsy CD.

GUADEC

The GUADEC week really rocked. There was quite some interesting presentations and talks during the week and it was really nice to meet Vincent, Jeff, Ryan, Lucas, Thomas, Carlos, Danilo and lot of other cool guys again.

Some random notes on the week:

  • Vincent is always a good source of entertainment
  • Lucas can also speak french
  • Daniel, several people asked why you were not there, you need to come next year! Alter!
  • The weather in France is not really great this summer, that’s nothing compared to Birmingham though
  • When it comes to food don’t trust Danilo‘s choices
  • Michael like tea (we already knew that though ;)

Ubuntu Desktop News

I’m sending this entry using blogs.gnome.org, thanks to jdub and everybody who worked on the new system which really rocks and is trivial to use!

Some news of the Ubuntu desktop:

  • New contributors have joined the desktop team and been doing a rocking work there, giving an hand on the merges and updates!
  • Desktop packages have been merged with Debian
  • The desktop has been updated to GNOME 2.19
  • glib 2.13, GTK 2.11 and pango 1.17 have been uploaded
  • xdg-user-dirs and xdg-user-dirs-gtk have been uploaded and will start being used soon
  • Michael Vogt and Travis Watkins have been working on updating compiz to the git version and packaging the new comcomm plugins, enabling them by default on the system supporting is a gutsy goal

The team is now working on GNOME 2.19.4. The packages which need an update are listed on the wiki, if you want to work on one of them just write your name next to it