StableReleaseUpdates

Differences between revisions 21 and 378 (spanning 357 versions)
Revision 21 as of 2006-11-01 21:21:56
Size: 6908
Editor: studiocity-motorola-bsr1-70-36-194-85
Comment: clarify aging period
Revision 378 as of 2023-09-29 18:06:43
Size: 60064
Editor: racb
Comment: Clarify the requirement to SRU to interim releases for hardware enablements to avoid regression on release upgrades
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
Once an Ubuntu release has been completed and published, updates for it are only released under certain circumstances, and must follow a special procedure. ||<tablestyle="float:right; font-size: 0.9em; width:40%; background:#F1F1ED; margin: 0 0 1em 1em;" style="padding:0.5em;"><<TableOfContents>>||

Once an Ubuntu release has been completed and published, updates for it are only released under certain circumstances, and must follow a special procedure called a "stable release update" or SRU.

There is an automatically generated list of [[http://people.canonical.com/~ubuntu-archive/pending-sru.html|packages which are currently undergoing this process]].

/!\ '''Did you notice a regression in a package which went to -updates?''' Please report this using [[#regressions|these steps]].
Line 5: Line 11:
In contrast to pre-release versions, official releases of Ubuntu are subject to much wider use, and by a different demographic of user. During development, changes to the distribution primarily affect developers, early adopters and other advanced users, all of whom have elected to use pre-release software at their own risk. In contrast to pre-release versions, official releases of Ubuntu are subject to much wider use, and by a different demographic of users. During development, changes to the distribution primarily affect developers, early adopters and other advanced users, all of whom have elected to use pre-release software at their own risk.
Line 11: Line 17:
  ''"It's just a one-line change!"''

Even the simplest of changes can cause unexpected regressions due to lurking problems:

 * In bug Bug:81125, the upgrade regression had nothing to do with the content of the change that triggered it: any user who had installed the libpthread20 package would encounter a problem the next time libc6 was upgraded.

 * In bug Bug:309674, the failure was a misbuild due to timestamp skew in the build process. The underlying problem existed in the source package in the original release, but would only manifest in a small percentage of builds.

 * In bug Bug:559822, a C++ library (wxwidgets2.8) was uploaded with no code changes. Due to an underlying toolchain change/bug, this caused an ABI change, causing a lot of unrelated packages to break (see bug Bug:610975)

We never assume that any change, no matter how obvious, is completely free of regression risk.

In line with this, the requirements for stable updates are not necessarily the same as those in the development release. When preparing future releases, one of our goals is to construct the most elegant and maintainable system possible, and this often involves fundamental improvements to the system's architecture, rearranging packages to avoid bundled copies of other software so that we only have to maintain it in one place, and so on. However, once we have completed a release, the priority is normally to minimise risk caused by changes not explicitly required to fix qualifying bugs, and this tends to be well-correlated with minimising the size of those changes. As such, the same bug may need to be fixed in different ways in stable and development releases.
Line 13: Line 33:
=== High-impact bugs ===
Line 15: Line 37:
 * Bugs which may, under realistic circumstances, directly cause a '''security vulnerability'''
 * Bugs which represent '''severe regressions''' from the previous release of Ubuntu
 * Bugs which may, under realistic circumstances, directly cause a '''security vulnerability'''. These are done by the security team and are documented at SecurityTeam/UpdateProcedures.
 * Bugs which represent '''severe regressions''' from the previous release of Ubuntu. This includes packages which are totally unusable, like being uninstallable or crashing on startup.
Line 18: Line 40:

== How ==

This process is to be followed for all updates '''except''' those to fix security updates, which are only released by the Ubuntu security team. Security procedures are documented at SecurityUpdateProcedures.

 1. Propose
 * Updates that need to be applied to Ubuntu packages to adjust to changes in the environment, server protocols, web services, and similar, i. e. where the current version just ceases to work. Examples:
  * app-install-data-commercial is a package index which regularly needs to be adjusted to changes in the commercial package archive.
  * clamav needs [[ClamavUpdates|regular updates]] to latest virus signatures
  * tor needs a newer version to still work with the current Tor network.
  * A library for a web service needs to be updated for changes to the web server API.

=== Other safe cases ===

In the following cases a stable release update is also applicable as they have a low potential for regressing existing installations but a high potential for improving the user experience, particularly for Long Term Support releases:

 * Bugs which do not fit under above categories, but (1) have an obviously safe patch and (2) affect an application rather than critical infrastructure packages (like X.org or the kernel).
 * For Long Term Support releases we regularly want to enable new hardware. Such changes are appropriate provided that we can ensure not to affect upgrades on existing hardware. For example, modaliases of newly introduced drivers must not overlap with previously shipped drivers. This also includes updating hardware description data such as udev's keymaps, media-player-info, mobile broadband vendors, or PCI vendor/product list updates. To avoid regressions on upgrade, any such hardware enablement must first also be added to any newer supported Ubuntu release.
 * For Long Term Support releases we sometimes want to introduce new features. They must not change the behaviour on existing installations (e. g. entirely new packages are usually fine). If existing software needs to be modified to make use of the new feature, it must be demonstrated that these changes are unintrusive, have a minimal regression potential, and have been tested properly. To avoid regressions on upgrade, any such feature must then also be added to any newer supported Ubuntu release. Once a new feature/package has been introduced, subsequent changes to it are subject to the usual requirements of SRUs to avoid regressions.
 * New versions of commercial software in the Canonical partner archive.
 * '''FTBFS'''(Fails To Build From Source) can also be considered. Please note that in '''main''' the release process ensures that there are no binaries which are not built from a current source. Usually those bugs should only be SRUed in conjunction with another bug fix.
 * '''Autopkgtest failures''' should also normally be SRUed only in conjunction with other high-priority fixes affecting users at runtime, optionally by [[#Staging_low_priority_uploads|staging]] them. As an exception, when an SRU of one package will introduce a regression in the autopkgtests of another package, it is appropriate to do an autopkgtest-only SRU of the other package.

For new upstream versions of packages which provide new features, but don't fix critical bugs, a [[https://help.ubuntu.com/community/UbuntuBackports|backport]] should be requested instead.

=== New upstream microreleases ===

In some cases, when upstream fixes bugs, they do a new microrelease instead of just sending patches. If all of the changes are appropriate for an SRU by the criteria above, then it is acceptable (and usually easier) to just upload the complete new upstream microrelease instead of backporting the individual patches. Note that some noise introduced by autoreconf is okay, but making structural changes to the build system (such as introducing new library dependencies) is generally not.

For upstreams who have

 * a reliable and credible test suite for assuring the quality of every commit or release,
 * the tests are covering both functionality and API/ABI stability,
 * the tests run during package build to cover all architectures,
 * the package has an [[http://packaging.ubuntu.com/html/auto-pkg-test.html|autopkgtest]] to run the tests in an Ubuntu environment against the actual binary packages,

it is also acceptable to upload new microreleases with many bug fixes without individual Launchpad bugs for each of them (~ubuntu-sru will make the final decision). The upstream QA process must be documented/demonstrated and linked from the SRU tracking bug. In other cases where such upstream automatic testing is not available, exceptions must still be approved by at least one member of the Ubuntu Technical Board.

=== Staging low priority uploads ===

SRUs for bugs which do not affect users at runtime are inappropriate to force users to apply. There is a cost to our users (and our mirror network) for downloading updates of packages, which should be balanced against the utility of the update to the user downloading it.

However, if such an update otherwise complies with SRU policy, it can be staged to be bundled with a future SRU or security update.

=== ESM Uploads ===

There are special procedures for uploads to stable releases in their [[https://ubuntu.com/esm|Extended Security Maintenance (ESM)]] period. Please prepare the [[#srubug|SRU Bug]] then contact [[https://launchpad.net/~ubuntu-esm-team|the ESM team]].

<<Anchor(GeneralRequirements)>>
== General Requirements ==

=== Development Release Fixed First ===

If a stable release is fixed but the development release is not, then after the development release becomes a stable release, users upgrading would face an unexpected regression. Therefore, it is a general requirement that the development release is fixed before fixes are backported to the stable releases. Equivalently for new upstream releases, this (or a newer) release must be in the development release.

It is also, in general, not appropriate to release updates for stable systems without first testing them in the current development branch.

One exception to this general rule is the case where the development release is not yet open. There can sometimes be a delay between the release of the most recent version of Ubuntu and the opening for development of the next version. Provided they are important enough, stable release updates should not and do not need to wait for the development release to open.

=== Newer Releases ===

If a bug is being fixed in a particular stable release, we would like for all subsequent releases that are still supported to also be fixed at the same time. This is to prevent a user from facing a regression when they upgrade to a newer release.

Exceptions:

The following two exceptions apply to bugfixes, but do not apply to hardware enablement or new features.

 1. When there are two subsequent interim releases

    If there are two subsequent interim releases that are both current, then, as a compromise, additionally fixing only the most recent one is acceptable. Rationale: a user facing this class of regression will at least have an upgrade path available to them that fixes it.

 2. When you don't want to fix a subsequent interim release at all

    We recognise that making it a hard requirement to fix all subsequent interim releases would mandate more work, and that a team may not have the resources available to fix and verify (say) an LTS as well as a subsequent interim release that has fewer users. We wouldn't want to block a fix from landing at all, so we are not making it a hard requirement that subsequent interim releases be fixed.

   However, we strongly recommend that subsequent interim releases be fixed, and it is our expectation that normally uploaders will ensure this. If you are unable to do this, then please: 1) create and mark bug tasks against the subsequent affected releases "Won't Fix"; and 2) explicitly state in the bug that you are deliberately seeking to fix a release without fixing the subsquent releases. An SRU team member may then accept your upload at their discretion and on a case-by-case basis. If this is not done, then uploaders should expect an SRU review round trip while your intentions are clarified.


== Procedure ==

 1. Check that the bug is fixed in the current development release, and that its bug task is "Fix Released". See [[#GeneralRequirements|General Requirements]] above for special cases.
  * Also keep in mind that certain packages can change source package names between releases. In that case, if the given bug applies to a different source package that replaced the old one in a later releases, this source package has to be added as 'Also affecting'. Make sure that the devel releases package has the bug fixed before proceeding.
  * Do not create a meta-bug with a title like "Please SRU this" rather than using existing bug reports. It is redundant and is opaque to original bug reporters, whose feedback is valuable for verification, so these bugs will be invalidated by the SRU team and corresponding uploads will be rejected from the queue.

 1. Ensure that the bug report for this issue is public. If the bug has been reported privately and cannot be published, you must first create a separate public bug report in launchpad and copy over as much information as can be published.

 1. Update the bug report '''description''' and make sure it contains the following information:
  1. An explanation of the bug on users and justification for backporting the fix to the stable release. This may be preceded with an '''[Impact]''' header, but this is not required. In addition, it is helpful, but not required, to include an explanation of how the upload fixes this bug.
  1. A '''[Test Plan]''' section with detailed '''instructions''' how to reproduce the bug. These should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem.
  1. A '''[Where problems could occur]''' section which highlights areas where regressions ''might'' happen. It is assumed that uploaders believe their changes are as risk free as possible, but this section is for demonstrating that some thought has been given to "expecting the unexpected". This section goes along with the Test Plan section: while that one is for testing the specific bug being fixed in the upload, here is a place to give any additional test cases to help to ensure that there are no regressions in the update. Think "what if this change is wrong? How would that show up?" Bug:1590321 is an example of a simple fix with a legitimate regression analysis.

 1. Prepare the upload, attach a debdiff to the bug, and [[SponsorshipProcess|request sponsorship]] by subscribing 'ubuntu-sponsors' to the bug. The upload must have the correct ''release'' in the changelog header, a detailed and user-readable changelog, and no other unrelated changes. If you can upload to the archive directly, use dput as normal. There is no need to wait before uploading. After upload, the bug status should be changed to '''In Progress''', once accepted into ''release''-proposed, the status will be automatically changed to '''Fix Committed'''. Also, make sure that:
  1. The version number does not conflict with any later and future version in other Ubuntu releases (the [[https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging|security policy document]] has a well-working scheme which can be used for SRUs.)
  1. There is a reference to the SRU bug number in the changelog, using the 'LP: #NNNNNN' convention. Only public bugs should be referenced in the changelog.

 1. The ~ubuntu-sru team will [[https://wiki.ubuntu.com/StableReleaseUpdates#Reviewing_procedure_and_tools|review and accept]] your upload. You can then test the actual binaries in the Ubuntu archive yourself and follow up in the bug report regarding your verification of the bug. The SRU team will evaluate the testing feedback and they will move the package into -updates after it has passed a minimum aging period of '''7 days'''.

 1. Subscribe yourself to bugmail for the package in Launchpad, if you haven't done so already, and '''monitor Launchpad''' for bug reports relating to the update for at least one week.

 Any regression must '''always''' be documented in a bug report, which must be ''Importance: critical'' once the regression has been confirmed.

=== SRU Bug Template ===
{{{
[ Impact ]

 * An explanation of the effects of the bug on users and

 * justification for backporting the fix to the stable release.

 * In addition, it is helpful, but not required, to include an
   explanation of how the upload fixes this bug.

[ Test Plan ]

 * detailed instructions how to reproduce the bug

 * these should allow someone who is not familiar with the affected
   package to reproduce the bug and verify that the updated package fixes
   the problem.

 * if other testing is appropriate to perform before landing this update,
   this should also be described here.

[ Where problems could occur ]

 * Think about what the upload changes in the software. Imagine the change is
   wrong or breaks something else: how would this show up?

 * It is assumed that any SRU candidate patch is well-tested before
   upload and has a low overall risk of regression, but it's important
   to make the effort to think about what ''could'' happen in the
   event of a regression.

 * This must '''never''' be "None" or "Low", or entirely an argument as to why
   your upload is low risk.

 * This both shows the SRU team that the risks have been considered,
   and provides guidance to testers in regression-testing the SRU.

[ Other Info ]
Line 25: Line 175:
  All proposals for stable release updates must be '''approved''' by Matt Zimmerman or Colin Watson. SRU proposals must be accompanied by the following information for each bug to be addressed:

   * A '''bug number''' referring to a complete bug report describing the problem and its effect
   * A '''statement explaining the impact''' of the bug on users and justification for backporting the fix to the stable release
   * An explanation of '''how the bug has been addressed''' in the development branch, including the relevant version numbers of packages modified in order to implement the fix
   * A '''patch''' applicable to the stable version of the package. If preparing a patch is likely to be time-consuming, it may be preferable to discuss the first three items before preparing a patch.

  A copy of this proposal and a hyperlink to any prior discussion thread should be added to the bug report as a comment, usually by CCing ''bugnumber''`@bugs.launchpad.net`.

 1. Prepare

  Once an update has been discussed and approved in principle, an upload can be prepared. The following criteria apply to any packages modified as part of the update:

   * The changelog entry and resulting .changes file must include a reference to the corresponding '''bug report(s)'''
   * The bug report must include an '''approved SRU proposal'''
   * The '''version number(s)''' must be carefully checked in order to avoid clashing with any other version of the package, past, present or future
   * The upload target must be ''release''`-proposed`

  Uploads which do not meet these criteria will be '''rejected''' by an archive administrator and not published. Once the upload is ready, attach a complete source package diff (`debdiff`) to the bug report for review.

 1. Upload

  The upload will be reviewed by the archive administrators during regularly scheduled processing, and approved if it meets the above criteria. Archive administrators should verify that the package delta matches the debdiff attached to the bug report.

 1. Test

  Once the update has been published in `-proposed`, it can be tested by a wider audience.

  * Notify the QA team via Simon Law [mailto:sfllaw@ubuntu.com <sfllaw@ubuntu.com>] of the availability of this package for testing
   * Prepend "StableReleaseUpdates" to the Subject line of your e-mail.
   * Add a `verification-needed` tag to the bug report.
  * Test the package yourself
  * If the update has the potential for hardware-specific effects, request a hardware support regression test via the QA team (for example, kernel updates)

 1. Release

  After the package in `-proposed` has been successfully tested and passed a minimum aging period of '''7 days''', you may prepare a second upload to ''release''`-updates`:

  * Include a changelog entry with:
   * A new version number (the same cautions apply regarding the choice of version number)
   * '''Confirmation of the above testing''', including the name of the tester in each case
  * Make '''no other changes''' relative to the version in `-proposed`

  The archive administrators must verify that uploads to `-updates` meet these criteria. In the future, the update from `-proposed` will be copied verbatim instead, once the necessary infrastructure is available.

 1. Follow up

  * Add yourself as a '''bug contact''' for the package in Launchpad, if you are not one already
  * For 7 days after the update is released, '''monitor Launchpad''' for bug reports relating to the update
  * In the event of a regression, '''immediately''' notify the [mailto:technical-board@lists.ubuntu.com Ubuntu Technical Board] via email, and ask for help on `#ubuntu-devel` in making urgent contact with a member of the Board.

== Special Cases ==
 * Anything else you think is useful to include
 * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
 * and address these questions in advance
}}}

=== Staging an upload ===

See [[#Staging_low_priority_uploads|staging low priority uploads]] for details of SRU policy regarding staged uploads.

To stage an upload, follow the usual process but additionally add a block-proposed-<series> tag to at least one of the SRU bugs together with a comment explaining the reason for the staging.

Staging can also be added retrospectively simply by adding the tag; this can be done at any time before an SRU is released. If you do so, please make sure that you add a bug comment that explains the reason.

==== Landing an upload blocked by staging ====

In principle the block-proposed-<series> tag should be removed by an SRU team member when accepting a newer upload not planned for further staging. But if they overlook this, it's appropriate for whoever notices it (SRU team, or uploader) to remove the block-proposed-<series> tag with a suitable comment when it no longer applies.

==== Responsibility for SRU verification and cancellation of incomplete verification ====

It is essential to carry out SRU verification on all related bugs as usual as soon as the upload enters the proposed pocket. We do not want to burden a future SRUer with verification of your low priority bug. If timely verification is not performed, then as usual the staged upload is a candidate for deletion, and a future SRUer is quite entitled to base their upload on the version prior to your staged upload instead. If this happens, the future SRU will not include your changes, effectively cancelling the staging.

Since we try to avoid regressing users on upgrade to a new release, it is essential to carry out this SRU verification for every affected bug series task. If you skip verification of one series then staged uploads in all series are candidates for deletion or overriding as above at the discretion of the SRU team.

== Publishing ==

The Stable Release Updates team regularly checks for SRUs that have succesfully completed verification (all bugs are marked verification-done-$RELEASE for the given release) and releases those to the -updates pocket. Having said that, if there is a priority SRU waiting in the unapproved queue for release to -proposed, or needing release to -updates from -proposed, feel free to [[#Contacting_the_SRU_team|contact an SRU vanguard]].

Please note that SRUs will not be published to the -updates pocket on Friday (or Saturday or Sunday). Any exception will need justification.

== Phasing ==

Once an package is released to -updates, the update is then phased so that the update is gradually made available to expanding subsets of Ubuntu users. This process allows us to automatically monitor for regressions and halt the update process if any are found. Complete details about the process can be found in a [[http://www.murraytwins.com/blog/?p=127|blog post by Brian Murray]].

The Phased-Update-Percentage is initially set to 10%, then a job is run (every 6 hours) that checks for regressions and if none are found the phased update percentage will be incremented by 10%. So an update will become fully phased after 54 hours or about 2 days. In the event that a regression is detected the Phased-Update-Precentage will be set to 0% thereby causing supported package managers (update-manager) not to install the update.

The progress of phased updates is visible in a [[http://people.canonical.com/~ubuntu-archive/phased-updates.html|report]] which is updated by the same job that does the phasing.

=== Investigation of Halted Phased Updates ===

Here are some tips on how to utilize the phased updates report to investigate why the phasing has stopped.

When looking at an increased rate of crashes you'll want to look at the crash(es) with the greatest number of occurrences. Then check to see if the crash is occurring more frequently (by examining the Occurrences table) with the updated version of the package. If it is then'll you want to sort out why and address the crash in a follow on SRU. If it isn't then [[#Contacting_the_SRU_team|contact the SRU team]] regarding overriding the crash.

When looking at a new error you'll want to confirm that the error is in fact a new one by using the versions table. The phased-updater currently checks if the error has been reported about the version immediately before the current version, so if the previous version wasn't around very long its possiblpossible a specific error wasn't reported about it. Additionally, you can check to see if the error is really about the identified package or if it it occurs in an underlying library by looking at the Traceback or Stacktrace e.g.possible a specific error wasn't reported about it. Additionally, you can check to see if the error is really about the identified package or if it it occurs in an underlying library by looking at the Traceback or Stacktrace e.g.e a specific error wasn't reported about it. Additionally, you can check to see if the error is really about the identified package or if it it occurs in an underlying library by looking at the Traceback or Stacktrace e.g. python crashes being reported about a package using python. If you do not believe the error is a new one or was not caused by your stable release update then [[#Contacting_the_SRU_team|contact the SRU team]] regarding overriding the crash.

=== SRU team documentation ===

Overriding halted phasing is done in a similar way to overriding autopkgtest failures. The phased update machinery looks at [[https://code.launchpad.net/~ubuntu-sru/+junk/phased-update-overrides|phased-update-overrides.txt]], which is a simple CSV file containing lines of the form ''source package'', ''version'', ''$THING_TO_IGNORE'' where ''$THING_TO_IGNORE'' can either be an errors.ubuntu.com problem URL to ignore or ''increased-rate''.

== Verification ==

Verification must be done in a software environment as close as is feasible to that which will exist after the package is copied to *-updates. Generally this will be with a system that is up to date from *-release, *-security, and *-updates, but not with other packages from *-proposed (except other packages built from the affected source package - they must be updated if generally installed) or *-backports. While not ideal it is also possible for the uploader of the fix to perform the verification of the package in *-proposed, however it must still be done in a software environment as close as is feasible to that which will exist after the package is copied to *-updates.


If they discover that your fix is insufficient, or the test case is not sufficient to reproduce the bug, they will:

 1. Set the bug task to '''Status: In Progress'''
 1. Describe why the fix was insufficient or broken in a comment to the bug report.
 1. Modify the `verification-needed-$RELEASE` tag to a `verification-failed-$RELEASE` tag on the bug report where $RELEASE is the release name which you tested.

The SRU verification team may also discover that your fix is good. They will:

 1. Modify the 'verification-needed-$RELEASE' tag to a 'verification-done-$RELEASE' tag on the bug report where $RELEASE is the release name of the upload you have tested e.g. `verification-done-precise`. The tag global `verification-needed` should be left on the bug until all release tasks have been verified.
 1. Describe the general steps taken to verify the package (and any special difficulties) in a comment on the bug.

Verification feedback from bug reporters and subscribers is greatly appreciated, too, especially if the update is hardware specific. In this case we consider an update as verified if it has at least two positive, no negative testimonials in the bug report, and the verification team just checks whether the new version still works for the main use cases (to check for major regressions).

If you encounter a regression in a package that has been uploaded to *-proposed, please:

 1. File a bug report against the package, describing the nature of the regression you have encountered, including any special steps needed to reproduce the regression.
 1. Mark this bug with the tag `regression-proposed`
 1. [[https://answers.launchpad.net/launchpad/+question/140509|Ask a bug supervisor]] to target the bug to the appropriate Ubuntu releases.
 1. Follow up on the SRU bug report referenced from the package changelog, pointing to the new bug. If there is more than one bug in the SRU changelog, follow up to the bug that is most closely related to the regression.
 1. Set the `verification-failed-$RELEASE` tag on the corresponding SRU bug report where $RELEASE is the release name of the upload you tested.

If you want to help us to verify Stable Release Updates then read [[https://wiki.ubuntu.com/QATeam/PerformingSRUVerification|how to perform a Stable Release Update verification]]

Verification Notes

 1. There is a standing agenda item for the SRU & LTS meeting to make sure all stakeholders are able to raise issues as early as possible.
 1. Ensure all critical and high importance bugs are verified in a timely manner. If not, the SRU QA Engineer will perform the testing.
 1. The SRU QA Engineer will specifically ask at the SRU & LTS meeting if there are specific bugs that need verification that aren't being done by the bug reporter. If necessary, a QA team member will do the verification. If not able (e.g. lack of specific HW), will do more calls for testing and nag the bug reporter again.
 1. If necessary, the QA team will set up separate SRU verification program, for big packages like eglibc, python, X.

=== Autopkgtest Regressions ===

Packages accepted into -proposed as per the SRU process automatically trigger related autopkgtests, similarly to how it happens for the development series. Once those tests are finished, the pending SRU page provides links to any failures that have been noticed for the selected upload. The responsibility of the uploader (and/or the person performing update verification) is to make sure the upload does not cause any regressions - both in manual and automated testing.

In the case where an SRU upload triggers an autopkgtest regression, the target package will not be released into -updates until the failure is ''resolved''. There are a few ways that can happen:
 * If the reported autopkgtest regression is a '''real regression''' caused by the upload, the update should be considered `verification-failed` and the package should be re-uploaded with the regression fixed. Otherwise the update will be removed from -proposed as per the usual procedures.
 * If the reported autopkgtest regression is '''not a real regression''' or not a regression caused by the proposed update (but instead broken by some other dependency), the analysis of this has to be documented for the SRU team. The generally recommended way is commenting on one of the SRU bugs for the upload. Once the rationale is submitted and approved/validated by an SRU member, the SRU team will add a badtest or reset-test hint for the broken package and release the update as per usual procedures (once validation and aging is complete). Alternatively, the uploader/verifier can modify the hints and provide an MP in the bug along with the rationale. Useful input here can be re-running the failing test against only the release/updates pocket, as documented in the [[https://wiki.ubuntu.com/ProposedMigration#How_to_run_autopkgtests_of_a_package_against_the_version_in_the_release_pocket|ProposedMigration]] wiki page.
 * If the reported autopkgtest regression is the result of a '''flaky test''', the uploader can try re-running the test to see if it is indeed just a transient issue. If the issue still persists but the analysis clearly shows that it is not a real regression, a rationale for that should be provided in one of the SRU bugs.

It is important to remember that firstly it is the ''uploader's responsibility'' to make sure the package is in a releasable state and that all the autopkgtests triggered by the upload are either passing or badtested. Of course, it is not the uploader's responsibility to provide the hints for badtests themselves, but it is it's responsibility to perform the analysis and verification of each listed regression.

==== Expected resolution for reported autopkgtest failures ====

If an SRU did not cause a regression, the update is intended to land but autopkgtest regressions are still found, then the possible resolutions for this situation are as follows:

 * An SRU must not be released if outstanding autopkgtest regressions are reported on the [[https://people.canonical.com/~ubuntu-archive/pending-sru.html|Pending SRU Report]].

 * Ideally regressions can be fixed with new uploads to the proposed pockets as required. Fixes for autopkgtests are generally always acceptable. However uploads providing only test fixes will generally be [[#Staging_an_upload|staged]] using block-proposed-<series> (in which case they need a bug reference).

 * A regression not caused by the SRU may be badtest or reset-tested away (doesn't matter which for SRUs).

== Removal of updates ==

If a bug fixed by an update '''does not get any testing/verification feedback''' for '''90 days''' an automated call for testing comment will be made on the bug report. In the event that there is still no testing after an additional '''15 days''', that's a total of 105 days without any testing, the Stable Release Managers will '''remove the package from -proposed''' and usually close the bug task as "Won't Fix", due to lack of interest. Removal will happen immediately if a package update in -proposed is found to introduce a nontrivial regression.

== Regressions ==
<<Anchor(regressions)>>

If a package update introduces a regression which already made it through the verification process to `-updates`, please '''immediately''' file a bug report about the issue, and add the tag `regression-update` to the bug.

If the regression ''only'' applies to the package in `-proposed`, please follow up to the bug with a detailed explanation, and tag the bug with ``regression-proposed``.

=== Testing for Regressions ===
To minimise the risk of regressions being introduced via a SRU, testing will be performed by Canonical on each proposed kernel.

Depth Regression testing will be performed by the Ubuntu Platform QA team on minimal set of HW that represents the different flavours of Ubuntu Editions and Architectures. This activity will focus on verifying that hw-independent regressions have not been introduced.

Breadth hardware testing will be performed by the HW Certification team on release-certified HW. The test will verify that the proposed kernel can be successfully installed on the latest (point) release, network access is functional, and no other functionality is missing that will enable Update Manager to work correctly.

<<Anchor(Special)>>
== Documentation for Special Cases ==

The [[https://lists.ubuntu.com/archives/ubuntu-devel-announce/2009-March/000550.html|Technical Board resolution on Landscape]] provides a general rationale for the types of special cases that may be approved here in future. Most exception approvals are now handled directly by the SRU team.

To obtain a new ongoing exception such as those documented below:

 1. Draft a wiki page, like the ones below, outlining what you believe should be the exception.
 2. Submit it to the SRU team for approval. This can be done to any individual member of the SRU team directly, or you can send it to ubuntu-release@lists.ubuntu.com for review.

Note that the SRU team's delegation from the Technical Board is limited to accepting SRU uploads that meet the [[#When|policy criteria]] above. The SRU team maintains documentation for standing exceptions here to keep individual interpretations of the policy criteria consistent. Departing from the policy criteria above still requires approval from the Technical Board.
Line 80: Line 312:
Because of the way updates to the kernel work, it will follow a slightly different process. The following reasons call for this exception:

 * The kernel is uploaded frequently to -security, so uploading to -updates is not possible due to frequent version skew in the kernel and supporting packages (linux-restricted-modules, linux-meta, etc).
 * Kernel packages are not copied from `-proposed` to `-updates` or `-security`
 * A facility is needed for staging updates to the kernel in bulk, and `-proposed` is the closest fit

Therefore the following differences apply:

 * Updates for the kernel will be routinely uploaded to `-proposed` with a specially chosen ABI version (and therefore package name) to avoid clashing with any other kernel installed in the field. Users will not be automatically upgraded to this kernel.
 * No prior discussion and approval is needed for kernel updates to `-proposed`
 * Individual kernel patches, rather than complete packages, will go through the SRU process above, after having been staged in `-proposed`

(This section is based on discussions between AdamConrad, MattZimmerman and BenCollins)
Because of the way updates to the kernel work, it will follow a slightly
different process which is described on KernelTeam/KernelUpdates.

=== Landscape ===

The landscape-client source package may be uploaded according to the procedure documented in LandscapeUpdates. See the [[https://lists.ubuntu.com/archives/ubuntu-devel-announce/2009-March/000550.html|Technical Board resolution]] for details and rationale.

=== Juju ===
The juju-core source package may be uploaded according to the procedure documented in JujuUpdates. See the
[[https://lists.ubuntu.com/archives/technical-board/2014-August/001992.html|Technical Board discussion]] for historical context and rationale.

=== Snapd ===
The snapd source package may be uploaded according to the procedure documented in SnapdUpdates. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by SteveLangasek for the SRU team as of 2016-05-12.

=== Snapcraft ===
Related to the preceding snapd exception, the snapcraft source package may be uploaded according to the procedure documented in SnapcraftUpdates. This stable release exception has been approved by SteveLangasek for the SRU team as of 2016-05-16.

=== Ubuntu-image ===
Also related to snapd, the ubuntu-image package may be uploaded according to the procedure documented in UbuntuImageUpdates. This stable release exception has been approved by SteveLangasek for the SRU team as of 2016-10-19.

=== Docker.io group ===
The source packages docker.io, containerd, and runc may be uploaded according to the procedure documented in DockerUpdates. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by BrianMurray for the SRU team as of 2016-09-20.

=== gce-compute-image-packages ===
The source package gce-compute-image-packages may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/gce-compute-image-packages-Updates|gce-compute-image-packages-Updates]]. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by BrianMurray for the SRU team as of 2017-03-10. Further amendment to this exception for vendored dependencies approved by LukaszZemczak for the [[https://lists.ubuntu.com/archives/ubuntu-release/2023-April/005606.html|SRU team as of 2023-04-11]].

=== google-compute-engine ===
The source package gce-compute-image-packages may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/google-compute-engine-Updates|google-compute-engine-Updates]]. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by SteveLangasek for the [[https://lists.ubuntu.com/archives/ubuntu-release/2022-September/005479.html|SRU team as of 2022-09-01]]. Further amendment to this exception for vendored dependencies approved by LukaszZemczak for the [[https://lists.ubuntu.com/archives/ubuntu-release/2023-April/005606.html|SRU team as of 2023-04-11]].

=== google-compute-engine-oslogin ===
The source package google-compute-engine-oslogin may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/google-compute-engine-oslogin-Updates|google-compute-engine-oslogin-Updates]]. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by SteveLangasek for the [[https://lists.ubuntu.com/archives/ubuntu-release/2022-September/005479.html|SRU team as of 2022-09-01]]. Further amendment to this exception for vendored dependencies approved by LukaszZemczak for the [[https://lists.ubuntu.com/archives/ubuntu-release/2023-April/005606.html|SRU team as of 2023-04-11]].

=== google-guest-agent ===
The source package gce-compute-image-packages may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/google-guest-agent-Updates|google-guest-agent-Updates]]. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by SteveLangasek for the [[https://lists.ubuntu.com/archives/ubuntu-release/2022-September/005479.html|SRU team as of 2022-09-01]]. Further amendment to this exception for vendored dependencies approved by LukaszZemczak for the [[https://lists.ubuntu.com/archives/ubuntu-release/2023-April/005606.html|SRU team as of 2023-04-11]].

=== google-osconfig-agent ===
The source package google-osconfig-agent may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/google-osconfig-agent-Updates|google-osconfig-agent-Updates]]. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by SteveLangasek for the [[https://lists.ubuntu.com/archives/ubuntu-release/2022-September/005479.html|SRU team as of 2022-09-01]]. Further amendment to this exception for vendored dependencies approved by LukaszZemczak for the [[https://lists.ubuntu.com/archives/ubuntu-release/2023-April/005606.html|SRU team as of 2023-04-11]].

=== curtin ===
The source package curtin may be uploaded according to the procedure documented in CurtinUpdates. This stable release exception has been approved by SteveLangasek for the SRU team as of 2017-04-05.

=== walinuxagent ===
The source package walinuxagent may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/walinuxagentUpdates|walinuxagentUpdates]]. This stable release exception has been approved by SteveLangasek for the SRU team as of 2017-04-05.

=== GNOME ===

GNOME has a microrelease exception excepting it from the normal QA requirements of the microrelease policy, [[/GNOME|documented here]]. This was [[https://lists.ubuntu.com/archives/technical-board/2012-June/001327.html|granted by the technical board on 2012-06-22]].

=== OpenStack ===

!OpenStack packages can be updated according to the procedures documented in OpenStack/StableReleaseUpdates, which includes a list of source packages covered by the MRE. This stable release exception has been approved by LukaszZemczak for the SRU team as of 2017-08-07.

=== Certbot ===

The Certbot family of packages can be updated according to the procedures documented in [[/Certbot]]. This stable release exception was [[https://lists.ubuntu.com/archives/ubuntu-release/2017-July/004176.html|discussed]] and subsequently revision 10 of that document was approved by RobieBasak for the SRU team on 2017-08-08.

=== cloud-init ===
The source package cloud-init may be uploaded according to the procedure documented in CloudinitUpdates. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by BrianMurray for the SRU team as of 2017-10-06 with subsequent updates approved by RobieBasak on 2020-07-15.

=== DPDK ===

The dpdk source package can be uploaded according to the procedures documented in [[StableReleaseUpdates/DPDK|DPDK]] for supported LTS releases of Ubuntu. This stable release exception has been approved by LukaszZemczak for the SRU team as of 2017-08-07.

=== ubuntu-release-upgrader and python-apt ===

The packages ubuntu-release-upgrader and python-apt both contain files with listings of Ubuntu mirrors. To facilitate upgrades to new releases ubuntu-release-upgrader should be updated (particularly for LTS releases) so that the list of mirrors is accurate. With that in mind and given that it is just a text file with urls for mirrors it is okay to SRU only mirror changes for these packages without an SRU bug.

=== rax-nova-agent ===
The source package rax-nova-agent may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/rax-nova-agent-Updates|rax-nova-agent-Updates]]. This stable release exception has been approved by SteveLangasek for the SRU team as of 2018-08-15.

=== livecd-rootfs ===
The livecd-rootfs package is a frequent target of SRUs as part of development of changes to image builds for the target series, and is not intended for general installation on end-user systems. The risk of user-affecting regression is lower as a result, because the impact of changes to this package to end users is mediated by way of image builds. Therefore, the requirement for per-change bug reports and test cases is relaxed, as long as there is at least one linked bug with a test case.

=== fwupd and fwupdate ===
The source packages fwupd and fwupdate may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/firmware-updates|firmware-updates]]. This stable release exception has been approved by BrianMurray for the SRU team as of 2019-01-15.

=== snapd-glib ===
The source package snapd-glib may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/SnapdGlibUpdates|snapd-glib updates]]. This stable release exception has been approved by BrianMurray for the SRU team as of 2019-02-19.

=== netplan.io ===
The source package netplan.io may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/NetplanUpdates|netplan updates]]. This stable release exception has been approved by BrianMurray for the SRU team as of 2019-04-01 (no really!).

=== ec2-hibinit-agent ===
The source package ec2-hibinit-agent may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/ec2-hibinit-agent-Updates|ec2-hibinit-agent updates]]. This stable release exception has been approved by SteveLangasek for the SRU team as of 2019-09-06.

=== NVIDIA driver ===
NVIDIA driver (source packages nvidia-graphics-drivers-*, nvidia-settings, fabric-manager-*, libnvidia-nscq-*) may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/NVidiaUpdates|NVIDIA updates]]. This stable release exception has been approved by ChrisHalseRogers for the SRU team as of 2019-09-17.

=== wslu ===
The wslu package may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/wslu-Updates|wslu Updates]]. This stable release exception has been approved by LukaszZemczak for the SRU team as of 2019-10-24.

=== openjdk-N ===

We allow providing OpenJDK short term support releases in the updates pocket, instead of the release pocket to be able to remove those after their support ends as documented in [[https://wiki.ubuntu.com/OpenJDK-Updates|OpenJDK Updates]]. This very specific stable release exception has been approved by LukaszZemczak for the SRU team as of 2020-04-30.

=== Postfix ===

The postfix source package may be uploaded according to the procedure documented in PostfixUpdates. See the [[https://lists.ubuntu.com/archives/ubuntu-devel-announce/2011-October/000902.html|Technical Board meeting minutes]] and its [[https://lists.ubuntu.com/archives/technical-board/2012-May/001266.html|approval]] for details and rationale.

=== sosreport ===
The source package sosreport may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/SosreportUpdates|sosreport updates]]. This stable release exception has been approved by LukaszZemczak for the SRU team as of 2020-06-25.

=== oem-*-meta ===
Source packages of the form oem-*-meta may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/StableReleaseUpdates/OEMMeta|OEMMeta]]. This stable release exception has been approved by AndyWhitcroft for the SRU team as of 2021-07-15. New packages are acceptable under the same exception.

=== ubuntu-dev-tools ===
The source package ubuntu-dev-tools may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/UbuntuDevToolsUpdates|UbuntuDevToolsUpdates]]. This stable release exception has been [[https://lists.ubuntu.com/archives/ubuntu-release/2023-May/005640.html|approved by Robie Basak]].

=== OpenLDAP ===

The OpenLDAP source package may be uploaded according to the procedure documented in [[OpenLDAPUpdates]]. This stable release exception [[https://lists.ubuntu.com/archives/ubuntu-release/2022-June/005403.html|has been approved]] by SteveLangasek for the SRU team as of 2022-06-02.

=== HAProxy ===

The haproxy source package may be uploaded according to the procedure documented in [[HAProxyUpdates]]. This stable release exception [[https://lists.ubuntu.com/archives/ubuntu-release/2022-June/005417.html|has been approved]] by LukaszZemczak for the SRU team as of 2022-06-27.

=== autopkgtest ===

The autopkgtest source package may be uploaded according to the procedure documented in [[autopkgtest-Updates]]. This stable release exception [[https://lists.ubuntu.com/archives/ubuntu-release/2023-January/005530.html|has been approved]] by SteveLangasek for the SRU team as of 2023-01-30.

=== squid ===
The squid source package may be uploaded according to the procedure documented in [[SquidUpdates]]. This stable release exception [[https://lists.ubuntu.com/archives/ubuntu-release/2023-April/005589.html|has been approved]] by SteveLangasek for the SRU team on 2023-04-03.

=== bind9 ===

The bind9 source package may be uploaded according to the procedure documented in [[Bind9Updates]]. This stable release exception [[https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005647.html|has been approved]] by SteveLangasek for the SRU team as of 2023-06-06.

=== virtualbox ===

The virtualbox source packages may be uploaded according to the procedure documented in [[https://wiki.ubuntu.com/VirtualboxUpdates|VirtualboxUpdates]]. This stable release exception [[https://lists.ubuntu.com/archives/technical-board/2015-November/002177.html|has been approved]] by Martin Pitt for the SRU team as of 2015-11-04.
<<Anchor(Security)>>
== Data Packages Kept in Sync with Security ==

Some data packages must always be kept in sync between -updates and -security to avoid behaviour or functionality regressions when using only the security pocket. Because they are pure data, and contain no compiled code, these packages are safe to build in -proposed and then copy to both -updates and -security.

=== tzdata ===

The tzdata package is updated to reflect changes in timezones or daylight saving policies. The verification is done with the "zdump" utility. The first timezone that gets changed in the updated package is dumped with "zdump -v $region/$timezone_that_changed" (you can find the region and timezone name by grep'ing for it in /usr/share/zoneinfo/). This is compared to the same output after the updated package was installed. If those are different the verification is considered done.

||'''Feature'''||'''16.04 LTS'''||'''18.04 LTS'''||'''20.04 LTS'''||'''21.04'''||'''21.10'''||
||icu-data || No || No || Yes || Yes || Yes ||
||SystemV tzs || Yes || Yes || Yes || No || No ||

The version of tzdata in Ubuntu 20.04 LTS and later includes icu-data (see the update-icu rule in debian/rules) and the verification of it can be done after installing the '''python3-icu''' package. There can be a slight lag between the tzdata release and the matching icu-data release, we usually wait for the latter to be released before uploading the update.

{{{
python3 -c "from datetime import datetime; from icu import ICUtzinfo, TimeZone; tz = ICUtzinfo(TimeZone.createTimeZone('Pacific/Fiji')); print(str(tz.utcoffset(datetime(2020, 11, 10))))"
}}}

In the above we are checking a timezone with a change, "Pacific/Fiji", and a date that falls with in the changing period. We expect the output to be different before (13:00:00) and after (12:00:00) the SRU is installed.

The version of tzdata in Ubuntu 20.10 removed supported for SystemV timezones, however SRUs of tzdata to Ubuntu 20.04 LTS and earlier releases should still include the SystemV timezones. To test that they are still available confirm the following command returns nothing.

{{{
diff <(zdump -v America/Phoenix | cut -d' ' -f2-) <(zdump -v SystemV/MST7 | cut -d' ' -f2-)
}}}

Because tzdata's packaging has changed subtly from release to release, rather than just backporting the most recent release's source package, we just update the upstream tarball instead. You then need to edit debian/changelog to add bug closures, and make sure to use a version number consistent to the previous numbering scheme (e. g. `2012e-0ubuntu0.12.04`). Uploads should also be made to any releases supported via ESM.

Due to the potentially disastrous consequences of having localtime differ between systems running -updates and systems running only -security, this package is always kept in sync between the two pockets. However, the package can be built with -updates and then copied from -proposed to -updates and -security after the security team has signed off on the SRU bug e.g. Bug:1878108.

=== distro-info-data ===

Many tools behave drastically differently based on the contents of ubuntu.csv in distro-info-data. As such, information for new releases is always backported to -updates, and should always be copied to -security to avoid behaviour skew between the two pockets.

This package should be updated as soon as possible after the new release's name is known. If only the adjective is known, it should be updated even with this partial information (use XANIMAL for the animal where X is the first letter of the adjective). The aging requirement is not applied for releasing to -updates / -security. A tracking bug is still required for SRUs. Verification is still required. The testing section should contain:

{{{
[ Test Plan ]
  
Verify that the following subcommands of `distro-info` print information about the new devel and current stable releases:
  
 * `--devel`
 * `--supported`
 * `--stable`

and try the same commands with these modifiers:

 * `--date=<1 day after release>` along with the above
 * `--fullname`
 * `--release`
}}}

=== linux-firmware ===

linux-firmware in stable releases is kept in sync with new driver features and lts-hwe kernel updates. linux-firmware follows the normal SRU process (with bugs filed and regression tests performed), however it must also be copied to the -security pocket once verified, due to the vast majority of kernel SRUs also being in the -security pocket, and the necessity of linux and linux-firmware not being mismatched.

=== wireless-regdb ===

Much like linux-firmware, wireless-regdb follows the usual SRU process, including a bug and regression testing, however it is another package that needs to be kept in sync between -updates and -security pockets to avoid potential local legal issues for -security users who would otherwise not get the local regdb updates.
Line 96: Line 505:
As reference you can lookup [https://launchpad.net/distros/ubuntu/+source/cpio/+bug/59228] to have an idea on how the procedure works. As a reference, see [[https://launchpad.net/bugs/173082|bug #173082]] for an idea of how the SRU process works for a main package, or [[https://launchpad.net/bugs/208666|bug #208666]] for an SRU in universe.

== Package Removals ==

While it is always preferable to fix a package, rather than drop it, there are rare cases when a universe package becomes actively detrimental in stable releases: If it is unmaintained in Ubuntu and has unfixed security issues or has been broken because of changing network protocols/APIs, it is better to stop offering it in Ubuntu altogether rather than continuing to encourage users to install it.

It is not technically possible to remove a package from a stable release, but this can be approximated by SRUing an essentially empty package with an appropriate explanation in `NEWS` and a corresponding critical debconf note.

When a package is removed in this way from a stable release, it may need similar removal from the devel release as well, depending on the justification for removal.

Such a package removal should have an SRU tracking bug with an appropriate explanation, and needs to get confirmed by the [[https://launchpad.net/~techboard|Technical Board]]. Once removed, the SRU bug should be added to the "Previous Removals" list below.

Previous Removals:
 * [[https://lists.ubuntu.com/archives/ubuntu-devel/2007-September/024453.html|tor]] (was reintroduced later on in [[https://launchpad.net/bugs/413657|#413657]])
 * [[https://bugs.launchpad.net/ubuntu/+source/bitcoin/+bug/1314616|bitcoin]]
 * [[https://launchpad.net/bugs/1384355|owncloud]]
 * [[https://launchpad.net/bugs/1895643|jsunit and tinyjsd]] (more context in [[https://discourse.ubuntu.com/t/thunderbird-lts-update/20819|this post]])

== Toolchain Updates ==

Due to the nature of the various Ubuntu toolchain packages (gcc-*, binutils, glibc), any stable release updates of these packages should be released to both the -updates and -security pockets. For that to be possible, any updates of those should be first built in a reliable security-enabled PPA (without -updates or -proposed enabled) and only then '''binary-copied''' into -proposed for testing (that is a hard-requirement for anything copied into -security). After the usual successful SRU verification and aging, the updated packages should be released into both pockets.

== Links ==

Bugs in different stages of the stable release process: http://people.canonical.com/~ubuntu-archive/pending-sru

 * This page has an "Upload queue status" section which links to all stable review queues.

Phasing of Stable Release Updates: http://people.canonical.com/~ubuntu-archive/phased-updates.html

 * This page displays the Phased-Update-Percentage of packages in the -proposed repository for releases and any regressions detected in that package.

== Reviewing procedure and tools ==

If you are a member of the [[https://launchpad.net/~ubuntu-sru|SRU reviewing team]], you should check out the [[https://launchpad.net/ubuntu-archive-tools|ubuntu-archive-tools]] scripts with

 {{{
 git clone https://git.launchpad.net/ubuntu-archive-tools
 }}}

which greatly simplify the reviewing procedure. You should symlink `sru-review` and `sru-accept` somewhere to your `~/bin/` directory for easy access, or put the checkout into your `$PATH`.

The following review procedure is recommended:

 * Open the unapproved queue for a particular release, e. g. https://launchpad.net/ubuntu/precise/+queue?queue_state=1 for precise. This shows the list of SRU uploads which have to be reviewed, commented on, and approved/accepted/rejected.

 * For each package, generate the debdiff to the current version in the archive and open the corresponding bugs:

 {{{
 sru-review -s saucy gnash
 }}}

 This opens all the bugs which are mentioned in the .changes file in the browser, and will generate a debdiff between the current archive and the unapproved upload (unless the orig.tar.gz changes this will only download the two diff.gz, so it is reasonably fast).
  * In case the SRU is a package sync instead of a standard upload, the `sru-review` tool will not be able to fetch the debdiff for you and will exit with an error. You will have to review the changes manually and then re-run the tool with an additional argument of `--no-diff`.
  * For [[Bileto]] published SRU's you can easily fetch the relevant debdiffs by following the link to the sync's source PPA and opening the ticket URL that's provided in the PPA description. Each upload present there has two diffs generated for review convenience: full and packaging-only.

 * Review the bugs for complete description, justification, check that they have a stable release task, are conformant to SRU rules, etc, and comment accordingly.

 * Scrutinize the debdiff for matching the changes in the bugs, not having unrelated changes, etc. If you have doubts, comment on the bug.

 * ''If you are in the ubuntu-sru team:''
  * Exit the tool you are using to review the debdiff
  * If the bugs and debdiff are okay, accept the package by pressing `y` at the ""Accept the package into -proposed?" prompt.

  This will tag the bug(s) with `verification-needed`, `verification-needed-$RELEASE`, subscribe `ubuntu-sru`, and add a general "please test and give feedback"-like comment.

  * If the upload is broken or unsuitable for an SRU, reject it by pressing `N` at the ""Accept the package into -proposed?" prompt and pressing `y` at the "REJECT the package from -proposed?" prompt.

 * ''If you are not in the ubuntu-sru team:'' Send a follow up comment to the bugs:
  * If all is okay: send an "ubuntu-sru approved and reviewed" comment and set the task to "In Progress"
  * If something is wrong: send the feedback to the bug and set the task to "Incomplete"

The [[http://people.canonical.com/~ubuntu-archive/pending-sru|pending SRUs]] should also be reviewed to see whether or not there are any to be released or removed from the archive. The process for dealing with these follows:

<<Include(ArchiveAdministration, ,from="== Moving Packages to Updates ==", to="^=")>>

<<Include(ArchiveAdministration, ,from="== Failed SRUs ==", to="^=")>>

== Contacting the SRU team ==

If you do not have upload access to the archive, you should ask your sponsor for help in the first instance. If you don't have a sponsor, you can try asking generally on [[IRC|#ubuntu-devel on Libera.Chat]], or the [[https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss|ubuntu-devel-discuss]] mailing list. See SponsorshipProcess for details.

If you do have upload access, you can contact the SRU team by asking generally in #ubuntu-release on Libera.Chat, or on the ubuntu-release mailing list.

Vanguards from the SRU team can also usually be found in #ubuntu-release on the following schedule:

||'''Day''' || '''SRU Team Member (IRC nick)''' ||
|| Monday || Łukasz Zemczak (sil2100) ||
|| Tuesday || Chris Halse Rogers (RAOF), Brian Murray (bdmurray) ||
|| Wednesday || Robie Basak (rbasak) ||
|| Thursday || Andreas Hasenack (ahasenack), Łukasz Zemczak (sil2100 - backup) ||
|| Friday || Timo Aaltonen (tjaalton), Steve Langasek (vorlon - backup) ||

----
CategoryProcess

Once an Ubuntu release has been completed and published, updates for it are only released under certain circumstances, and must follow a special procedure called a "stable release update" or SRU.

There is an automatically generated list of packages which are currently undergoing this process.

Warning /!\ Did you notice a regression in a package which went to -updates? Please report this using these steps.

Why

In contrast to pre-release versions, official releases of Ubuntu are subject to much wider use, and by a different demographic of users. During development, changes to the distribution primarily affect developers, early adopters and other advanced users, all of whom have elected to use pre-release software at their own risk.

Users of the official release, in contrast, expect a high degree of stability. They use their Ubuntu system for their day-to-day work, and problems they experience with it can be extremely disruptive. Many of them are less experienced with Ubuntu and with Linux, and expect a reliable system which does not require their intervention.

Stable release updates are automatically recommended to a very large number of users, and so it is critically important to treat them with great caution. Therefore, when updates are proposed, they must be accompanied by a strong rationale and present a low risk of regressions.

  • "It's just a one-line change!"

Even the simplest of changes can cause unexpected regressions due to lurking problems:

  • In bug 81125, the upgrade regression had nothing to do with the content of the change that triggered it: any user who had installed the libpthread20 package would encounter a problem the next time libc6 was upgraded.

  • In bug 309674, the failure was a misbuild due to timestamp skew in the build process. The underlying problem existed in the source package in the original release, but would only manifest in a small percentage of builds.

  • In bug 559822, a C++ library (wxwidgets2.8) was uploaded with no code changes. Due to an underlying toolchain change/bug, this caused an ABI change, causing a lot of unrelated packages to break (see bug 610975)

We never assume that any change, no matter how obvious, is completely free of regression risk.

In line with this, the requirements for stable updates are not necessarily the same as those in the development release. When preparing future releases, one of our goals is to construct the most elegant and maintainable system possible, and this often involves fundamental improvements to the system's architecture, rearranging packages to avoid bundled copies of other software so that we only have to maintain it in one place, and so on. However, once we have completed a release, the priority is normally to minimise risk caused by changes not explicitly required to fix qualifying bugs, and this tends to be well-correlated with minimising the size of those changes. As such, the same bug may need to be fixed in different ways in stable and development releases.

When

High-impact bugs

Stable release updates will, in general, only be issued in order to fix high-impact bugs. Examples of such bugs include:

  • Bugs which may, under realistic circumstances, directly cause a security vulnerability. These are done by the security team and are documented at SecurityTeam/UpdateProcedures.

  • Bugs which represent severe regressions from the previous release of Ubuntu. This includes packages which are totally unusable, like being uninstallable or crashing on startup.

  • Bugs which may, under realistic circumstances, directly cause a loss of user data

  • Updates that need to be applied to Ubuntu packages to adjust to changes in the environment, server protocols, web services, and similar, i. e. where the current version just ceases to work. Examples:
    • app-install-data-commercial is a package index which regularly needs to be adjusted to changes in the commercial package archive.
    • clamav needs regular updates to latest virus signatures

    • tor needs a newer version to still work with the current Tor network.
    • A library for a web service needs to be updated for changes to the web server API.

Other safe cases

In the following cases a stable release update is also applicable as they have a low potential for regressing existing installations but a high potential for improving the user experience, particularly for Long Term Support releases:

  • Bugs which do not fit under above categories, but (1) have an obviously safe patch and (2) affect an application rather than critical infrastructure packages (like X.org or the kernel).
  • For Long Term Support releases we regularly want to enable new hardware. Such changes are appropriate provided that we can ensure not to affect upgrades on existing hardware. For example, modaliases of newly introduced drivers must not overlap with previously shipped drivers. This also includes updating hardware description data such as udev's keymaps, media-player-info, mobile broadband vendors, or PCI vendor/product list updates. To avoid regressions on upgrade, any such hardware enablement must first also be added to any newer supported Ubuntu release.
  • For Long Term Support releases we sometimes want to introduce new features. They must not change the behaviour on existing installations (e. g. entirely new packages are usually fine). If existing software needs to be modified to make use of the new feature, it must be demonstrated that these changes are unintrusive, have a minimal regression potential, and have been tested properly. To avoid regressions on upgrade, any such feature must then also be added to any newer supported Ubuntu release. Once a new feature/package has been introduced, subsequent changes to it are subject to the usual requirements of SRUs to avoid regressions.
  • New versions of commercial software in the Canonical partner archive.
  • FTBFS(Fails To Build From Source) can also be considered. Please note that in main the release process ensures that there are no binaries which are not built from a current source. Usually those bugs should only be SRUed in conjunction with another bug fix.

  • Autopkgtest failures should also normally be SRUed only in conjunction with other high-priority fixes affecting users at runtime, optionally by staging them. As an exception, when an SRU of one package will introduce a regression in the autopkgtests of another package, it is appropriate to do an autopkgtest-only SRU of the other package.

For new upstream versions of packages which provide new features, but don't fix critical bugs, a backport should be requested instead.

New upstream microreleases

In some cases, when upstream fixes bugs, they do a new microrelease instead of just sending patches. If all of the changes are appropriate for an SRU by the criteria above, then it is acceptable (and usually easier) to just upload the complete new upstream microrelease instead of backporting the individual patches. Note that some noise introduced by autoreconf is okay, but making structural changes to the build system (such as introducing new library dependencies) is generally not.

For upstreams who have

  • a reliable and credible test suite for assuring the quality of every commit or release,
  • the tests are covering both functionality and API/ABI stability,
  • the tests run during package build to cover all architectures,
  • the package has an autopkgtest to run the tests in an Ubuntu environment against the actual binary packages,

it is also acceptable to upload new microreleases with many bug fixes without individual Launchpad bugs for each of them (~ubuntu-sru will make the final decision). The upstream QA process must be documented/demonstrated and linked from the SRU tracking bug. In other cases where such upstream automatic testing is not available, exceptions must still be approved by at least one member of the Ubuntu Technical Board.

Staging low priority uploads

SRUs for bugs which do not affect users at runtime are inappropriate to force users to apply. There is a cost to our users (and our mirror network) for downloading updates of packages, which should be balanced against the utility of the update to the user downloading it.

However, if such an update otherwise complies with SRU policy, it can be staged to be bundled with a future SRU or security update.

ESM Uploads

There are special procedures for uploads to stable releases in their Extended Security Maintenance (ESM) period. Please prepare the SRU Bug then contact the ESM team.

General Requirements

Development Release Fixed First

If a stable release is fixed but the development release is not, then after the development release becomes a stable release, users upgrading would face an unexpected regression. Therefore, it is a general requirement that the development release is fixed before fixes are backported to the stable releases. Equivalently for new upstream releases, this (or a newer) release must be in the development release.

It is also, in general, not appropriate to release updates for stable systems without first testing them in the current development branch.

One exception to this general rule is the case where the development release is not yet open. There can sometimes be a delay between the release of the most recent version of Ubuntu and the opening for development of the next version. Provided they are important enough, stable release updates should not and do not need to wait for the development release to open.

Newer Releases

If a bug is being fixed in a particular stable release, we would like for all subsequent releases that are still supported to also be fixed at the same time. This is to prevent a user from facing a regression when they upgrade to a newer release.

Exceptions:

The following two exceptions apply to bugfixes, but do not apply to hardware enablement or new features.

  1. When there are two subsequent interim releases
    • If there are two subsequent interim releases that are both current, then, as a compromise, additionally fixing only the most recent one is acceptable. Rationale: a user facing this class of regression will at least have an upgrade path available to them that fixes it.
  2. When you don't want to fix a subsequent interim release at all
    • We recognise that making it a hard requirement to fix all subsequent interim releases would mandate more work, and that a team may not have the resources available to fix and verify (say) an LTS as well as a subsequent interim release that has fewer users. We wouldn't want to block a fix from landing at all, so we are not making it a hard requirement that subsequent interim releases be fixed.
    • However, we strongly recommend that subsequent interim releases be fixed, and it is our expectation that normally uploaders will ensure this. If you are unable to do this, then please: 1) create and mark bug tasks against the subsequent affected releases "Won't Fix"; and 2) explicitly state in the bug that you are deliberately seeking to fix a release without fixing the subsquent releases. An SRU team member may then accept your upload at their discretion and on a case-by-case basis. If this is not done, then uploaders should expect an SRU review round trip while your intentions are clarified.

Procedure

  1. Check that the bug is fixed in the current development release, and that its bug task is "Fix Released". See General Requirements above for special cases.

    • Also keep in mind that certain packages can change source package names between releases. In that case, if the given bug applies to a different source package that replaced the old one in a later releases, this source package has to be added as 'Also affecting'. Make sure that the devel releases package has the bug fixed before proceeding.
    • Do not create a meta-bug with a title like "Please SRU this" rather than using existing bug reports. It is redundant and is opaque to original bug reporters, whose feedback is valuable for verification, so these bugs will be invalidated by the SRU team and corresponding uploads will be rejected from the queue.
  2. Ensure that the bug report for this issue is public. If the bug has been reported privately and cannot be published, you must first create a separate public bug report in launchpad and copy over as much information as can be published.
  3. Update the bug report description and make sure it contains the following information:

    1. An explanation of the bug on users and justification for backporting the fix to the stable release. This may be preceded with an [Impact] header, but this is not required. In addition, it is helpful, but not required, to include an explanation of how the upload fixes this bug.

    2. A [Test Plan] section with detailed instructions how to reproduce the bug. These should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem.

    3. A [Where problems could occur] section which highlights areas where regressions might happen. It is assumed that uploaders believe their changes are as risk free as possible, but this section is for demonstrating that some thought has been given to "expecting the unexpected". This section goes along with the Test Plan section: while that one is for testing the specific bug being fixed in the upload, here is a place to give any additional test cases to help to ensure that there are no regressions in the update. Think "what if this change is wrong? How would that show up?" 1590321 is an example of a simple fix with a legitimate regression analysis.

  4. Prepare the upload, attach a debdiff to the bug, and request sponsorship by subscribing 'ubuntu-sponsors' to the bug. The upload must have the correct release in the changelog header, a detailed and user-readable changelog, and no other unrelated changes. If you can upload to the archive directly, use dput as normal. There is no need to wait before uploading. After upload, the bug status should be changed to In Progress, once accepted into release-proposed, the status will be automatically changed to Fix Committed. Also, make sure that:

    1. The version number does not conflict with any later and future version in other Ubuntu releases (the security policy document has a well-working scheme which can be used for SRUs.)

    2. There is a reference to the SRU bug number in the changelog, using the 'LP: #NNNNNN' convention. Only public bugs should be referenced in the changelog.
  5. The ~ubuntu-sru team will review and accept your upload. You can then test the actual binaries in the Ubuntu archive yourself and follow up in the bug report regarding your verification of the bug. The SRU team will evaluate the testing feedback and they will move the package into -updates after it has passed a minimum aging period of 7 days.

  6. Subscribe yourself to bugmail for the package in Launchpad, if you haven't done so already, and monitor Launchpad for bug reports relating to the update for at least one week.

    Any regression must always be documented in a bug report, which must be Importance: critical once the regression has been confirmed.

SRU Bug Template

[ Impact ] 

 * An explanation of the effects of the bug on users and

 * justification for backporting the fix to the stable release.

 * In addition, it is helpful, but not required, to include an
   explanation of how the upload fixes this bug.

[ Test Plan ]

 * detailed instructions how to reproduce the bug

 * these should allow someone who is not familiar with the affected
   package to reproduce the bug and verify that the updated package fixes
   the problem.

 * if other testing is appropriate to perform before landing this update,
   this should also be described here.

[ Where problems could occur ]

 * Think about what the upload changes in the software. Imagine the change is
   wrong or breaks something else: how would this show up?

 * It is assumed that any SRU candidate patch is well-tested before
   upload and has a low overall risk of regression, but it's important
   to make the effort to think about what ''could'' happen in the
   event of a regression.

 * This must '''never''' be "None" or "Low", or entirely an argument as to why
   your upload is low risk.

 * This both shows the SRU team that the risks have been considered,
   and provides guidance to testers in regression-testing the SRU.

[ Other Info ]
 
 * Anything else you think is useful to include
 * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
 * and address these questions in advance

Staging an upload

See staging low priority uploads for details of SRU policy regarding staged uploads.

To stage an upload, follow the usual process but additionally add a block-proposed-<series> tag to at least one of the SRU bugs together with a comment explaining the reason for the staging.

Staging can also be added retrospectively simply by adding the tag; this can be done at any time before an SRU is released. If you do so, please make sure that you add a bug comment that explains the reason.

Landing an upload blocked by staging

In principle the block-proposed-<series> tag should be removed by an SRU team member when accepting a newer upload not planned for further staging. But if they overlook this, it's appropriate for whoever notices it (SRU team, or uploader) to remove the block-proposed-<series> tag with a suitable comment when it no longer applies.

Responsibility for SRU verification and cancellation of incomplete verification

It is essential to carry out SRU verification on all related bugs as usual as soon as the upload enters the proposed pocket. We do not want to burden a future SRUer with verification of your low priority bug. If timely verification is not performed, then as usual the staged upload is a candidate for deletion, and a future SRUer is quite entitled to base their upload on the version prior to your staged upload instead. If this happens, the future SRU will not include your changes, effectively cancelling the staging.

Since we try to avoid regressing users on upgrade to a new release, it is essential to carry out this SRU verification for every affected bug series task. If you skip verification of one series then staged uploads in all series are candidates for deletion or overriding as above at the discretion of the SRU team.

Publishing

The Stable Release Updates team regularly checks for SRUs that have succesfully completed verification (all bugs are marked verification-done-$RELEASE for the given release) and releases those to the -updates pocket. Having said that, if there is a priority SRU waiting in the unapproved queue for release to -proposed, or needing release to -updates from -proposed, feel free to contact an SRU vanguard.

Please note that SRUs will not be published to the -updates pocket on Friday (or Saturday or Sunday). Any exception will need justification.

Phasing

Once an package is released to -updates, the update is then phased so that the update is gradually made available to expanding subsets of Ubuntu users. This process allows us to automatically monitor for regressions and halt the update process if any are found. Complete details about the process can be found in a blog post by Brian Murray.

The Phased-Update-Percentage is initially set to 10%, then a job is run (every 6 hours) that checks for regressions and if none are found the phased update percentage will be incremented by 10%. So an update will become fully phased after 54 hours or about 2 days. In the event that a regression is detected the Phased-Update-Precentage will be set to 0% thereby causing supported package managers (update-manager) not to install the update.

The progress of phased updates is visible in a report which is updated by the same job that does the phasing.

Investigation of Halted Phased Updates

Here are some tips on how to utilize the phased updates report to investigate why the phasing has stopped.

When looking at an increased rate of crashes you'll want to look at the crash(es) with the greatest number of occurrences. Then check to see if the crash is occurring more frequently (by examining the Occurrences table) with the updated version of the package. If it is then'll you want to sort out why and address the crash in a follow on SRU. If it isn't then contact the SRU team regarding overriding the crash.

When looking at a new error you'll want to confirm that the error is in fact a new one by using the versions table. The phased-updater currently checks if the error has been reported about the version immediately before the current version, so if the previous version wasn't around very long its possiblpossible a specific error wasn't reported about it. Additionally, you can check to see if the error is really about the identified package or if it it occurs in an underlying library by looking at the Traceback or Stacktrace e.g.possible a specific error wasn't reported about it. Additionally, you can check to see if the error is really about the identified package or if it it occurs in an underlying library by looking at the Traceback or Stacktrace e.g.e a specific error wasn't reported about it. Additionally, you can check to see if the error is really about the identified package or if it it occurs in an underlying library by looking at the Traceback or Stacktrace e.g. python crashes being reported about a package using python. If you do not believe the error is a new one or was not caused by your stable release update then contact the SRU team regarding overriding the crash.

SRU team documentation

Overriding halted phasing is done in a similar way to overriding autopkgtest failures. The phased update machinery looks at phased-update-overrides.txt, which is a simple CSV file containing lines of the form source package, version, $THING_TO_IGNORE where $THING_TO_IGNORE can either be an errors.ubuntu.com problem URL to ignore or increased-rate.

Verification

Verification must be done in a software environment as close as is feasible to that which will exist after the package is copied to *-updates. Generally this will be with a system that is up to date from *-release, *-security, and *-updates, but not with other packages from *-proposed (except other packages built from the affected source package - they must be updated if generally installed) or *-backports. While not ideal it is also possible for the uploader of the fix to perform the verification of the package in *-proposed, however it must still be done in a software environment as close as is feasible to that which will exist after the package is copied to *-updates.

If they discover that your fix is insufficient, or the test case is not sufficient to reproduce the bug, they will:

  1. Set the bug task to Status: In Progress

  2. Describe why the fix was insufficient or broken in a comment to the bug report.
  3. Modify the verification-needed-$RELEASE tag to a verification-failed-$RELEASE tag on the bug report where $RELEASE is the release name which you tested.

The SRU verification team may also discover that your fix is good. They will:

  1. Modify the 'verification-needed-$RELEASE' tag to a 'verification-done-$RELEASE' tag on the bug report where $RELEASE is the release name of the upload you have tested e.g. verification-done-precise. The tag global verification-needed should be left on the bug until all release tasks have been verified.

  2. Describe the general steps taken to verify the package (and any special difficulties) in a comment on the bug.

Verification feedback from bug reporters and subscribers is greatly appreciated, too, especially if the update is hardware specific. In this case we consider an update as verified if it has at least two positive, no negative testimonials in the bug report, and the verification team just checks whether the new version still works for the main use cases (to check for major regressions).

If you encounter a regression in a package that has been uploaded to *-proposed, please:

  1. File a bug report against the package, describing the nature of the regression you have encountered, including any special steps needed to reproduce the regression.
  2. Mark this bug with the tag regression-proposed

  3. Ask a bug supervisor to target the bug to the appropriate Ubuntu releases.

  4. Follow up on the SRU bug report referenced from the package changelog, pointing to the new bug. If there is more than one bug in the SRU changelog, follow up to the bug that is most closely related to the regression.
  5. Set the verification-failed-$RELEASE tag on the corresponding SRU bug report where $RELEASE is the release name of the upload you tested.

If you want to help us to verify Stable Release Updates then read how to perform a Stable Release Update verification

Verification Notes

  1. There is a standing agenda item for the SRU & LTS meeting to make sure all stakeholders are able to raise issues as early as possible.

  2. Ensure all critical and high importance bugs are verified in a timely manner. If not, the SRU QA Engineer will perform the testing.
  3. The SRU QA Engineer will specifically ask at the SRU & LTS meeting if there are specific bugs that need verification that aren't being done by the bug reporter. If necessary, a QA team member will do the verification. If not able (e.g. lack of specific HW), will do more calls for testing and nag the bug reporter again.

  4. If necessary, the QA team will set up separate SRU verification program, for big packages like eglibc, python, X.

Autopkgtest Regressions

Packages accepted into -proposed as per the SRU process automatically trigger related autopkgtests, similarly to how it happens for the development series. Once those tests are finished, the pending SRU page provides links to any failures that have been noticed for the selected upload. The responsibility of the uploader (and/or the person performing update verification) is to make sure the upload does not cause any regressions - both in manual and automated testing.

In the case where an SRU upload triggers an autopkgtest regression, the target package will not be released into -updates until the failure is resolved. There are a few ways that can happen:

  • If the reported autopkgtest regression is a real regression caused by the upload, the update should be considered verification-failed and the package should be re-uploaded with the regression fixed. Otherwise the update will be removed from -proposed as per the usual procedures.

  • If the reported autopkgtest regression is not a real regression or not a regression caused by the proposed update (but instead broken by some other dependency), the analysis of this has to be documented for the SRU team. The generally recommended way is commenting on one of the SRU bugs for the upload. Once the rationale is submitted and approved/validated by an SRU member, the SRU team will add a badtest or reset-test hint for the broken package and release the update as per usual procedures (once validation and aging is complete). Alternatively, the uploader/verifier can modify the hints and provide an MP in the bug along with the rationale. Useful input here can be re-running the failing test against only the release/updates pocket, as documented in the ProposedMigration wiki page.

  • If the reported autopkgtest regression is the result of a flaky test, the uploader can try re-running the test to see if it is indeed just a transient issue. If the issue still persists but the analysis clearly shows that it is not a real regression, a rationale for that should be provided in one of the SRU bugs.

It is important to remember that firstly it is the uploader's responsibility to make sure the package is in a releasable state and that all the autopkgtests triggered by the upload are either passing or badtested. Of course, it is not the uploader's responsibility to provide the hints for badtests themselves, but it is it's responsibility to perform the analysis and verification of each listed regression.

Expected resolution for reported autopkgtest failures

If an SRU did not cause a regression, the update is intended to land but autopkgtest regressions are still found, then the possible resolutions for this situation are as follows:

  • An SRU must not be released if outstanding autopkgtest regressions are reported on the Pending SRU Report.

  • Ideally regressions can be fixed with new uploads to the proposed pockets as required. Fixes for autopkgtests are generally always acceptable. However uploads providing only test fixes will generally be staged using block-proposed-<series> (in which case they need a bug reference).

  • A regression not caused by the SRU may be badtest or reset-tested away (doesn't matter which for SRUs).

Removal of updates

If a bug fixed by an update does not get any testing/verification feedback for 90 days an automated call for testing comment will be made on the bug report. In the event that there is still no testing after an additional 15 days, that's a total of 105 days without any testing, the Stable Release Managers will remove the package from -proposed and usually close the bug task as "Won't Fix", due to lack of interest. Removal will happen immediately if a package update in -proposed is found to introduce a nontrivial regression.

Regressions

If a package update introduces a regression which already made it through the verification process to -updates, please immediately file a bug report about the issue, and add the tag regression-update to the bug.

If the regression only applies to the package in -proposed, please follow up to the bug with a detailed explanation, and tag the bug with regression-proposed.

Testing for Regressions

To minimise the risk of regressions being introduced via a SRU, testing will be performed by Canonical on each proposed kernel.

Depth Regression testing will be performed by the Ubuntu Platform QA team on minimal set of HW that represents the different flavours of Ubuntu Editions and Architectures. This activity will focus on verifying that hw-independent regressions have not been introduced.

Breadth hardware testing will be performed by the HW Certification team on release-certified HW. The test will verify that the proposed kernel can be successfully installed on the latest (point) release, network access is functional, and no other functionality is missing that will enable Update Manager to work correctly.

Documentation for Special Cases

The Technical Board resolution on Landscape provides a general rationale for the types of special cases that may be approved here in future. Most exception approvals are now handled directly by the SRU team.

To obtain a new ongoing exception such as those documented below:

  1. Draft a wiki page, like the ones below, outlining what you believe should be the exception.
  2. Submit it to the SRU team for approval. This can be done to any individual member of the SRU team directly, or you can send it to ubuntu-release@lists.ubuntu.com for review.

Note that the SRU team's delegation from the Technical Board is limited to accepting SRU uploads that meet the policy criteria above. The SRU team maintains documentation for standing exceptions here to keep individual interpretations of the policy criteria consistent. Departing from the policy criteria above still requires approval from the Technical Board.

Kernel

Because of the way updates to the kernel work, it will follow a slightly different process which is described on KernelTeam/KernelUpdates.

Landscape

The landscape-client source package may be uploaded according to the procedure documented in LandscapeUpdates. See the Technical Board resolution for details and rationale.

Juju

The juju-core source package may be uploaded according to the procedure documented in JujuUpdates. See the Technical Board discussion for historical context and rationale.

Snapd

The snapd source package may be uploaded according to the procedure documented in SnapdUpdates. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by SteveLangasek for the SRU team as of 2016-05-12.

Snapcraft

Related to the preceding snapd exception, the snapcraft source package may be uploaded according to the procedure documented in SnapcraftUpdates. This stable release exception has been approved by SteveLangasek for the SRU team as of 2016-05-16.

Ubuntu-image

Also related to snapd, the ubuntu-image package may be uploaded according to the procedure documented in UbuntuImageUpdates. This stable release exception has been approved by SteveLangasek for the SRU team as of 2016-10-19.

Docker.io group

The source packages docker.io, containerd, and runc may be uploaded according to the procedure documented in DockerUpdates. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by BrianMurray for the SRU team as of 2016-09-20.

gce-compute-image-packages

The source package gce-compute-image-packages may be uploaded according to the procedure documented in gce-compute-image-packages-Updates. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by BrianMurray for the SRU team as of 2017-03-10. Further amendment to this exception for vendored dependencies approved by LukaszZemczak for the SRU team as of 2023-04-11.

google-compute-engine

The source package gce-compute-image-packages may be uploaded according to the procedure documented in google-compute-engine-Updates. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by SteveLangasek for the SRU team as of 2022-09-01. Further amendment to this exception for vendored dependencies approved by LukaszZemczak for the SRU team as of 2023-04-11.

google-compute-engine-oslogin

The source package google-compute-engine-oslogin may be uploaded according to the procedure documented in google-compute-engine-oslogin-Updates. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by SteveLangasek for the SRU team as of 2022-09-01. Further amendment to this exception for vendored dependencies approved by LukaszZemczak for the SRU team as of 2023-04-11.

google-guest-agent

The source package gce-compute-image-packages may be uploaded according to the procedure documented in google-guest-agent-Updates. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by SteveLangasek for the SRU team as of 2022-09-01. Further amendment to this exception for vendored dependencies approved by LukaszZemczak for the SRU team as of 2023-04-11.

google-osconfig-agent

The source package google-osconfig-agent may be uploaded according to the procedure documented in google-osconfig-agent-Updates. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by SteveLangasek for the SRU team as of 2022-09-01. Further amendment to this exception for vendored dependencies approved by LukaszZemczak for the SRU team as of 2023-04-11.

curtin

The source package curtin may be uploaded according to the procedure documented in CurtinUpdates. This stable release exception has been approved by SteveLangasek for the SRU team as of 2017-04-05.

walinuxagent

The source package walinuxagent may be uploaded according to the procedure documented in walinuxagentUpdates. This stable release exception has been approved by SteveLangasek for the SRU team as of 2017-04-05.

GNOME

GNOME has a microrelease exception excepting it from the normal QA requirements of the microrelease policy, documented here. This was granted by the technical board on 2012-06-22.

OpenStack

OpenStack packages can be updated according to the procedures documented in OpenStack/StableReleaseUpdates, which includes a list of source packages covered by the MRE. This stable release exception has been approved by LukaszZemczak for the SRU team as of 2017-08-07.

Certbot

The Certbot family of packages can be updated according to the procedures documented in /Certbot. This stable release exception was discussed and subsequently revision 10 of that document was approved by RobieBasak for the SRU team on 2017-08-08.

cloud-init

The source package cloud-init may be uploaded according to the procedure documented in CloudinitUpdates. Per Technical Board discussion regarding delegation of these decisions to the SRU team, this stable release exception has been approved by BrianMurray for the SRU team as of 2017-10-06 with subsequent updates approved by RobieBasak on 2020-07-15.

DPDK

The dpdk source package can be uploaded according to the procedures documented in DPDK for supported LTS releases of Ubuntu. This stable release exception has been approved by LukaszZemczak for the SRU team as of 2017-08-07.

ubuntu-release-upgrader and python-apt

The packages ubuntu-release-upgrader and python-apt both contain files with listings of Ubuntu mirrors. To facilitate upgrades to new releases ubuntu-release-upgrader should be updated (particularly for LTS releases) so that the list of mirrors is accurate. With that in mind and given that it is just a text file with urls for mirrors it is okay to SRU only mirror changes for these packages without an SRU bug.

rax-nova-agent

The source package rax-nova-agent may be uploaded according to the procedure documented in rax-nova-agent-Updates. This stable release exception has been approved by SteveLangasek for the SRU team as of 2018-08-15.

livecd-rootfs

The livecd-rootfs package is a frequent target of SRUs as part of development of changes to image builds for the target series, and is not intended for general installation on end-user systems. The risk of user-affecting regression is lower as a result, because the impact of changes to this package to end users is mediated by way of image builds. Therefore, the requirement for per-change bug reports and test cases is relaxed, as long as there is at least one linked bug with a test case.

fwupd and fwupdate

The source packages fwupd and fwupdate may be uploaded according to the procedure documented in firmware-updates. This stable release exception has been approved by BrianMurray for the SRU team as of 2019-01-15.

snapd-glib

The source package snapd-glib may be uploaded according to the procedure documented in snapd-glib updates. This stable release exception has been approved by BrianMurray for the SRU team as of 2019-02-19.

netplan.io

The source package netplan.io may be uploaded according to the procedure documented in netplan updates. This stable release exception has been approved by BrianMurray for the SRU team as of 2019-04-01 (no really!).

ec2-hibinit-agent

The source package ec2-hibinit-agent may be uploaded according to the procedure documented in ec2-hibinit-agent updates. This stable release exception has been approved by SteveLangasek for the SRU team as of 2019-09-06.

NVIDIA driver

NVIDIA driver (source packages nvidia-graphics-drivers-*, nvidia-settings, fabric-manager-*, libnvidia-nscq-*) may be uploaded according to the procedure documented in NVIDIA updates. This stable release exception has been approved by ChrisHalseRogers for the SRU team as of 2019-09-17.

wslu

The wslu package may be uploaded according to the procedure documented in wslu Updates. This stable release exception has been approved by LukaszZemczak for the SRU team as of 2019-10-24.

openjdk-N

We allow providing OpenJDK short term support releases in the updates pocket, instead of the release pocket to be able to remove those after their support ends as documented in OpenJDK Updates. This very specific stable release exception has been approved by LukaszZemczak for the SRU team as of 2020-04-30.

Postfix

The postfix source package may be uploaded according to the procedure documented in PostfixUpdates. See the Technical Board meeting minutes and its approval for details and rationale.

sosreport

The source package sosreport may be uploaded according to the procedure documented in sosreport updates. This stable release exception has been approved by LukaszZemczak for the SRU team as of 2020-06-25.

oem-*-meta

Source packages of the form oem-*-meta may be uploaded according to the procedure documented in OEMMeta. This stable release exception has been approved by AndyWhitcroft for the SRU team as of 2021-07-15. New packages are acceptable under the same exception.

ubuntu-dev-tools

The source package ubuntu-dev-tools may be uploaded according to the procedure documented in UbuntuDevToolsUpdates. This stable release exception has been approved by Robie Basak.

OpenLDAP

The OpenLDAP source package may be uploaded according to the procedure documented in OpenLDAPUpdates. This stable release exception has been approved by SteveLangasek for the SRU team as of 2022-06-02.

HAProxy

The haproxy source package may be uploaded according to the procedure documented in HAProxyUpdates. This stable release exception has been approved by LukaszZemczak for the SRU team as of 2022-06-27.

autopkgtest

The autopkgtest source package may be uploaded according to the procedure documented in autopkgtest-Updates. This stable release exception has been approved by SteveLangasek for the SRU team as of 2023-01-30.

squid

The squid source package may be uploaded according to the procedure documented in SquidUpdates. This stable release exception has been approved by SteveLangasek for the SRU team on 2023-04-03.

bind9

The bind9 source package may be uploaded according to the procedure documented in Bind9Updates. This stable release exception has been approved by SteveLangasek for the SRU team as of 2023-06-06.

virtualbox

The virtualbox source packages may be uploaded according to the procedure documented in VirtualboxUpdates. This stable release exception has been approved by Martin Pitt for the SRU team as of 2015-11-04.

Data Packages Kept in Sync with Security

Some data packages must always be kept in sync between -updates and -security to avoid behaviour or functionality regressions when using only the security pocket. Because they are pure data, and contain no compiled code, these packages are safe to build in -proposed and then copy to both -updates and -security.

tzdata

The tzdata package is updated to reflect changes in timezones or daylight saving policies. The verification is done with the "zdump" utility. The first timezone that gets changed in the updated package is dumped with "zdump -v $region/$timezone_that_changed" (you can find the region and timezone name by grep'ing for it in /usr/share/zoneinfo/). This is compared to the same output after the updated package was installed. If those are different the verification is considered done.

Feature

16.04 LTS

18.04 LTS

20.04 LTS

21.04

21.10

icu-data

No

No

Yes

Yes

Yes

SystemV tzs

Yes

Yes

Yes

No

No

The version of tzdata in Ubuntu 20.04 LTS and later includes icu-data (see the update-icu rule in debian/rules) and the verification of it can be done after installing the python3-icu package. There can be a slight lag between the tzdata release and the matching icu-data release, we usually wait for the latter to be released before uploading the update.

python3 -c "from datetime import datetime; from icu import ICUtzinfo, TimeZone; tz = ICUtzinfo(TimeZone.createTimeZone('Pacific/Fiji')); print(str(tz.utcoffset(datetime(2020, 11, 10))))"

In the above we are checking a timezone with a change, "Pacific/Fiji", and a date that falls with in the changing period. We expect the output to be different before (13:00:00) and after (12:00:00) the SRU is installed.

The version of tzdata in Ubuntu 20.10 removed supported for SystemV timezones, however SRUs of tzdata to Ubuntu 20.04 LTS and earlier releases should still include the SystemV timezones. To test that they are still available confirm the following command returns nothing.

diff <(zdump -v America/Phoenix | cut -d' ' -f2-) <(zdump -v SystemV/MST7 | cut -d' ' -f2-)

Because tzdata's packaging has changed subtly from release to release, rather than just backporting the most recent release's source package, we just update the upstream tarball instead. You then need to edit debian/changelog to add bug closures, and make sure to use a version number consistent to the previous numbering scheme (e. g. 2012e-0ubuntu0.12.04). Uploads should also be made to any releases supported via ESM.

Due to the potentially disastrous consequences of having localtime differ between systems running -updates and systems running only -security, this package is always kept in sync between the two pockets. However, the package can be built with -updates and then copied from -proposed to -updates and -security after the security team has signed off on the SRU bug e.g. 1878108.

distro-info-data

Many tools behave drastically differently based on the contents of ubuntu.csv in distro-info-data. As such, information for new releases is always backported to -updates, and should always be copied to -security to avoid behaviour skew between the two pockets.

This package should be updated as soon as possible after the new release's name is known. If only the adjective is known, it should be updated even with this partial information (use XANIMAL for the animal where X is the first letter of the adjective). The aging requirement is not applied for releasing to -updates / -security. A tracking bug is still required for SRUs. Verification is still required. The testing section should contain:

[ Test Plan ]
  
Verify that the following subcommands of `distro-info` print information about the new devel and current stable releases:
  
 * `--devel`
 * `--supported`
 * `--stable`

and try the same commands with these modifiers:

 * `--date=<1 day after release>` along with the above
 * `--fullname`
 * `--release`

linux-firmware

linux-firmware in stable releases is kept in sync with new driver features and lts-hwe kernel updates. linux-firmware follows the normal SRU process (with bugs filed and regression tests performed), however it must also be copied to the -security pocket once verified, due to the vast majority of kernel SRUs also being in the -security pocket, and the necessity of linux and linux-firmware not being mismatched.

wireless-regdb

Much like linux-firmware, wireless-regdb follows the usual SRU process, including a bug and regression testing, however it is another package that needs to be kept in sync between -updates and -security pockets to avoid potential local legal issues for -security users who would otherwise not get the local regdb updates.

Examples

As a reference, see bug #173082 for an idea of how the SRU process works for a main package, or bug #208666 for an SRU in universe.

Package Removals

While it is always preferable to fix a package, rather than drop it, there are rare cases when a universe package becomes actively detrimental in stable releases: If it is unmaintained in Ubuntu and has unfixed security issues or has been broken because of changing network protocols/APIs, it is better to stop offering it in Ubuntu altogether rather than continuing to encourage users to install it.

It is not technically possible to remove a package from a stable release, but this can be approximated by SRUing an essentially empty package with an appropriate explanation in NEWS and a corresponding critical debconf note.

When a package is removed in this way from a stable release, it may need similar removal from the devel release as well, depending on the justification for removal.

Such a package removal should have an SRU tracking bug with an appropriate explanation, and needs to get confirmed by the Technical Board. Once removed, the SRU bug should be added to the "Previous Removals" list below.

Previous Removals:

Toolchain Updates

Due to the nature of the various Ubuntu toolchain packages (gcc-*, binutils, glibc), any stable release updates of these packages should be released to both the -updates and -security pockets. For that to be possible, any updates of those should be first built in a reliable security-enabled PPA (without -updates or -proposed enabled) and only then binary-copied into -proposed for testing (that is a hard-requirement for anything copied into -security). After the usual successful SRU verification and aging, the updated packages should be released into both pockets.

Bugs in different stages of the stable release process: http://people.canonical.com/~ubuntu-archive/pending-sru

  • This page has an "Upload queue status" section which links to all stable review queues.

Phasing of Stable Release Updates: http://people.canonical.com/~ubuntu-archive/phased-updates.html

  • This page displays the Phased-Update-Percentage of packages in the -proposed repository for releases and any regressions detected in that package.

Reviewing procedure and tools

If you are a member of the SRU reviewing team, you should check out the ubuntu-archive-tools scripts with

  •  git clone https://git.launchpad.net/ubuntu-archive-tools

which greatly simplify the reviewing procedure. You should symlink sru-review and sru-accept somewhere to your ~/bin/ directory for easy access, or put the checkout into your $PATH.

The following review procedure is recommended:

  • Open the unapproved queue for a particular release, e. g. https://launchpad.net/ubuntu/precise/+queue?queue_state=1 for precise. This shows the list of SRU uploads which have to be reviewed, commented on, and approved/accepted/rejected.

  • For each package, generate the debdiff to the current version in the archive and open the corresponding bugs:
     sru-review -s saucy gnash
    This opens all the bugs which are mentioned in the .changes file in the browser, and will generate a debdiff between the current archive and the unapproved upload (unless the orig.tar.gz changes this will only download the two diff.gz, so it is reasonably fast).
    • In case the SRU is a package sync instead of a standard upload, the sru-review tool will not be able to fetch the debdiff for you and will exit with an error. You will have to review the changes manually and then re-run the tool with an additional argument of --no-diff.

    • For Bileto published SRU's you can easily fetch the relevant debdiffs by following the link to the sync's source PPA and opening the ticket URL that's provided in the PPA description. Each upload present there has two diffs generated for review convenience: full and packaging-only.

  • Review the bugs for complete description, justification, check that they have a stable release task, are conformant to SRU rules, etc, and comment accordingly.
  • Scrutinize the debdiff for matching the changes in the bugs, not having unrelated changes, etc. If you have doubts, comment on the bug.
  • If you are in the ubuntu-sru team:

    • Exit the tool you are using to review the debdiff
    • If the bugs and debdiff are okay, accept the package by pressing y at the ""Accept the package into -proposed?" prompt.

      This will tag the bug(s) with verification-needed, verification-needed-$RELEASE, subscribe ubuntu-sru, and add a general "please test and give feedback"-like comment.

    • If the upload is broken or unsuitable for an SRU, reject it by pressing N at the ""Accept the package into -proposed?" prompt and pressing y at the "REJECT the package from -proposed?" prompt.

  • If you are not in the ubuntu-sru team: Send a follow up comment to the bugs:

    • If all is okay: send an "ubuntu-sru approved and reviewed" comment and set the task to "In Progress"
    • If something is wrong: send the feedback to the bug and set the task to "Incomplete"

The pending SRUs should also be reviewed to see whether or not there are any to be released or removed from the archive. The process for dealing with these follows:

Packages in -proposed can be moved to -updates once they are approved by someone from sru-verification, and have passed the minimum aging period of 7 days. Use the sru-release script from ubuntu-archive-tools for this:

  • $ ./sru-release xenial kdebase

Please see --help, you can also use this tool to copy packages to -security and to the current development release. N.B. before copying a package to -security ping a member of the ubuntu-security team.

If a package should be removed from -proposed, use the remove-package tool (from ubuntu-archive-tools). e.g., to remove source and binaries for the libreoffice package currently in xenial-proposed:

  • $ ./remove-package -m "SRU abandoned (verification-failed)" -s xenial-proposed libreoffice

Contacting the SRU team

If you do not have upload access to the archive, you should ask your sponsor for help in the first instance. If you don't have a sponsor, you can try asking generally on #ubuntu-devel on Libera.Chat, or the ubuntu-devel-discuss mailing list. See SponsorshipProcess for details.

If you do have upload access, you can contact the SRU team by asking generally in #ubuntu-release on Libera.Chat, or on the ubuntu-release mailing list.

Vanguards from the SRU team can also usually be found in #ubuntu-release on the following schedule:

Day

SRU Team Member (IRC nick)

Monday

Łukasz Zemczak (sil2100)

Tuesday

Chris Halse Rogers (RAOF), Brian Murray (bdmurray)

Wednesday

Robie Basak (rbasak)

Thursday

Andreas Hasenack (ahasenack), Łukasz Zemczak (sil2100 - backup)

Friday

Timo Aaltonen (tjaalton), Steve Langasek (vorlon - backup)


CategoryProcess

StableReleaseUpdates (last edited 2024-11-12 14:14:03 by racb)