Articles in this section

What does it mean "Beta Support" for Ubuntu?

When talking about Patches in Ubuntu, it is needed first to understand the following patch related parts:

mceclip0.png

Packages

The collection of items that are updated on the endpoint.

Channel (Component)

For each pocket, there are 4 different components (from the Ubuntu wiki)

  • Main - Canonical-supported free and open-source software (supported by the Ubuntu Security team).

  • Restricted - Proprietary drivers for devices (supported by the Ubuntu Security team).

  • Universe - Community-maintained free and open-source software.

  • Multiverse - Software restricted by copyright or legal issues.

Note1: the standard Ubuntu installation is a collection of software from the main and restricted components. You can install additional software from the Ubuntu Software Center.

Repository (Pocket)

There are several pocket types for each version of Ubuntu (from the Ubuntu wiki)

  • release: during the development cycle, this is the only pocket that is used. Once the development version is released, the release pocket is frozen and does not change (supported by the Ubuntu Security team).

  • security: built with release and securityUpdateProcedures gives the process used for creating security updates (supported by the Ubuntu Security team).

  • updates: as a matter of Ubuntu policy, packages in updates are not directly built, but rather copied from proposed after they have been tested. See StableReleaseUpdates for details (supported by the Ubuntu Security team).

  • backports: built with releasesecurityupdates and backports. See UbuntuBackports for details.

Note1: Packages in backports are supported by the community

Note2: There is another pocket, proposed, but we do not recommend using that pocket, because packages in proposed are the responsibility of the uploader.

Rollup

Represent a combination of Component and Pocket.

Example - A package that exists in the "release" pocket and belongs to "main" component is part of the "release main" rollups.

Ubuntu Beta Support

In JetPatch, the user will have the ability to update the Ubuntu packages at the "rollup" level. In other words, there will be up 16 different rollups (based on the customer environment) that are applicable to update for each ubuntu version in the environment. 

In an environment with all supported Ubuntu versions (16.04 - 20.04) and configured to work with all the possible components in all repositories there will be 48 applicable updates in JetPatch:

4 Components * 4 Pockets * 3 Ubuntu versions 

Updates Information In JetPatch Patches Catalog

JetPatch will analyze the supported rollups in each endpoint and will present the following information for each patch in the Patch Catalog:

Patch ID

The ID will be generated by JetPatch and will be determined by the Ubuntu version, Component, and Pocket in the following logic:

 

Main

Restricted

Universe

Multiverse

Release

UBRM-JP:XX11

UBRR-JP:XX12

UBRU-JP:XX13

UBRT-JP:XX14

Security

UBSM-JP:XX21

UBSR-JP:XX22

UBSU-JP:XX23

UBST-JP:XX24

Updates

UBUM-JP:XX31

UBUR-JP:XX32

UBUU-JP:XX33

UBUT-JP:XX34

Backports

UBBM-JP:XX41

UBBR-JP:XX42

UBBU-JP:XX43

UBBT-JP:XX44

Note - the XX in the ID will be determined based on the Ubuntu version.  In Ubuntu 20.04 the XX will be “20”. For example, the patch from "release main" rollup will be “UBRM-JP:2011”.

Patch Description

Same as the Patch ID, the patch description will be generated by JetPatch and will be determined by the Ubuntu version, Component, and Pocket in the following logic:

 

Main

Restricted

Universe

Multiverse

Release

version-main

version-restricted

version-universe

version-multiverse

Security

version-security main

version-security restricted

version-release security universe

version-security multiverse

Updates

version-updates main

version-updates restricted

version-updates universe

version-updates multiverse

Backports

version-backports main

version-backports restricted

version-backports universe

version-backports multiverse

Note - the version variable will be the codename of the Ubuntu version (bionic, focal, xenial).  For example, title from "release main" on Xenial will be xenial-main. Bionic = 20.04, Focal = 19.04, Xenial = 16.04

Patch Title

Combines the Patch ID + Patch Description.  Example UBRM-JP:2011 bionic-main 

Operating System

Each patch will belong to a single Operating System that will be visible in the Patches Catalog table.

Category

The patch Category will be determined by the pocket it belongs to:

  • Release
  • Security
  • Updates
  • Backports

Release Date

The Release Date for a patch will remain empty

Needed On

JetPatch will determine if there is a patch for Ubuntu is needed if there is an available update for a package that belongs to the rollup.

In case that there are no updates for any package in a specific rollup, the patch will be marked as compliant.

Rollback

Removal of Ubuntu patches is currently not supported.

Example1: Install all available security packages supported by the Ubuntu Security team 

First, understand the security Patch IDs that are supported by the Ubuntu Security team

 

Main

Restricted

Security

UBSM-JP:XX21

UBSR-JP:XX22

Why?

  • Packages in the main and restricted channels are supported by the Ubuntu Security team (source)
  • Packages the security pocket are supported by the Ubuntu Security team (source)
  • These packages are under http://security.ubuntu.com/

Example with Ubuntu 16.04 (xenial)

Relevant Security Patch Titles to install in JetPatch

  • UBSM-JP:1621 xenial-security main
  • UBSR-JP:1622 xenial-security restricted

Example with Ubuntu 18.04 (bionic)

Relevant Patch Titles to install in JetPatch

  • UBSM-JP:2021 bionic-security main
  • UBSR-JP:2022 bionic-security restricted

Example with Ubuntu 20.04 (focal)

Relevant Patch Titles to install in JetPatch

  • UBSM-JP:2021 focal-security main
  • UBSR-JP:2022 focal-security restricted

Once a patch is deployed, it will only show as needed on again once there are new updates to deploy.

Example2: Install all available packages supported by the Ubuntu Security team 

First, understand the Patch IDs that are supported by the Ubuntu Security team

 

Main

Restricted

Release 

UBRM-JP:XX11

UBRR-JP:XX12

Security

UBSM-JP:XX21

UBSR-JP:XX22

Updates

UBUM-JP:XX31

UBUR-JP:XX32

Why?

  • Packages in the main and restricted channels are supported by the Ubuntu Security team (source)
  • Packages in the release, security, and updates pockets are supported by the Ubuntu Security team (source)

Example with Ubuntu 16.04 (xenial)

Relevant Patch Titles to install in JetPatch

  • UBRM-JP:1611 xenial-main
  • UBRR-JP:1612 xenial-restricted
  • UBSM-JP:1621 xenial-security main
  • UBSR-JP:1622 xenial-security restricted
  • UBUM-JP:1631 xenial-updates main
  • UBUR-JP:1632 xenial-updates restricted

Example with Ubuntu 18.04 (bionic)

Relevant Patch Titles to install in JetPatch

  • UBRM-JP:2011 bionic-main
  • UBRR-JP:2012 bionic-restricted
  • UBSM-JP:2021 bionic-security main
  • UBSR-JP:2022 bionic-security restricted
  • UBUM-JP:2031 bionic-updates main
  • UBUR-JP:2032 bionic-updates restricted

Example with Ubuntu 20.04 (focal)

Relevant Patch Titles to install in JetPatch

  • UBRM-JP:2011 focal-main
  • UBRR-JP:2012 focal-restricted
  • UBSM-JP:2021 focal-security main
  • UBSR-JP:2022 focal-security restricted
  • UBUM-JP:2031 focal-updates main
  • UBUR-JP:2032 focal-updates restricted

Once a patch is deployed, it will only show as needed on again once there are new updates to deploy.

FAQ: How do I know which packages are going to be deployed during patch execution?

Let's say I have a remediation plan that is deploying UBRM-JP:2011 focal-main on a couple of machines.  How do I know which packages got installed or upgraded?
 
JetPatch provides this information in the Ubuntu patch execution task via the Activites table:
unnamed.png
 
  1. Go to the Activities table
  2. Filter by the relevant Remediation Plan
  3. View the output of the "execute patch installation for single computer" activity on your Ubuntu machines.
  4. Download the output to view as shown below.
In the output itself you should see the following lines describing the packages operations:
The following NEW packages will be installed:
  linux-headers-5.4.0-80 linux-headers-5.4.0-80-generic
  linux-image-5.4.0-80-generic linux-modules-5.4.0-80-generic
  linux-modules-extra-5.4.0-80-generic
The following packages will be upgraded:
  alsa-ucm-conf apt apt-utils cloud-init initramfs-tools initramfs-tools-bin
  initramfs-tools-core libapt-pkg6.0 libnss-systemd libpam-modules
  libpam-modules-bin libpam-runtime libpam-systemd libpam0g libprocps8
  libssl1.1 libsystemd0 libudev1 linux-base linux-firmware linux-generic
  linux-headers-generic linux-image-generic openssl procps python-apt-common
  python3-apt python3-distupgrade snapd sosreport systemd systemd-sysv
  systemd-timesyncd ubuntu-release-upgrader-core udev update-notifier-common
36 upgraded, 5 newly installed, 0 to remove and 0 not upgraded.
 

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.