Category Archives: Linux

Package changes between two Ubuntu images

I work on the Canonical Public Cloud team and we publish all of the Ubuntu server images used in the cloud.

We often get asked what the differences are between two released images. For example what is the difference between the Ubuntu 20.04 LTS image kvm optimised image from 20200921 and the Ubuntu 20.04 LTS image kvm optimised image from 20201014, specifically what packages changed and what was included in those changes?

For each of our download images published to we publish a package version manifest which lists all the packages installed and the versions installed at that time. It also lists any installed snaps the the revision of that snap currently installed. This is very useful for checking to see if an image you are about to use has the expected package version for your requirements or has the expected package version that addresses a vulnerability.

Example snippet from a package version manifest:

python3-apport	2.20.11-0ubuntu27.9
python3-distutils	3.8.5-1~20.04.1

This manifest is also useful to determine the differences between two images. You can do a simple diff of the manifests which will show you the version changes but you can also, with the help of a new ubuntu-cloud-image-changelog command line utility I have published to the Snap store, determine what changed in those packages.

ubuntu-cloud-image-changelog available from the snap store
ubuntu-cloud-image-changelog available from the snap store

I’ll work through an example of how to use this tool now:

Using the the Ubuntu 20.04 LTS image kvm optimised image from 20200921 manifest and the Ubuntu 20.04 LTS image kvm optimised image from 20201014 manifest we can find the package version diff.

$ diff 20200921.1-ubuntu-20.04-server-cloudimg-amd64-disk-kvm.manifest 20201014-ubuntu-20.04-server-cloudimg-amd64-disk-kvm.manifest
< python3-apport	2.20.11-0ubuntu27.8
> python3-apport	2.20.11-0ubuntu27.9
< python3-distutils	3.8.2-1ubuntu1
> python3-distutils	3.8.5-1~20.04.1

This snippet above is a subset of the packages that changed but you can easily see the version changes. Full diff available @ .

To see the actual changelog for those package version changes…

$ #install ubuntu-cloud-image-changelog
$ sudo snap install ubuntu-cloud-image-changelog
$ ubuntu-cloud-image-changelog --from-manifest=20200921.1-ubuntu-20.04-server-cloudimg-amd64-disk-kvm.manifest --to-manifest=20201014-ubuntu-20.04-server-cloudimg-amd64-disk-kvm.manifest
Snap packages added: []
Snap packages removed: []
Snap packages changed: ['snapd']
Deb packages added: ['linux-headers-5.4.0-1026-kvm', 'linux-image-5.4.0-1026-kvm', 'linux-kvm-headers-5.4.0-1026', 'linux-modules-5.4.0-1026-kvm', 'python3-pexpect', 'python3-ptyprocess']
Deb packages removed: ['linux-headers-5.4.0-1023-kvm', 'linux-image-5.4.0-1023-kvm', 'linux-kvm-headers-5.4.0-1023', 'linux-modules-5.4.0-1023-kvm']
Deb packages changed: ['alsa-ucm-conf', 'apport', 'bolt', 'busybox-initramfs', 'busybox-static', 'finalrd', 'gcc-10-base:amd64', 'gir1.2-packagekitglib-1.0', 'language-selector-common', 'libbrotli1:amd64', 'libc-bin', 'libc6:amd64', 'libgcc-s1:amd64', 'libpackagekit-glib2-18:amd64', 'libpython3.8:amd64', 'libpython3.8-minimal:amd64', 'libpython3.8-stdlib:amd64', 'libstdc++6:amd64', 'libuv1:amd64', 'linux-headers-kvm', 'linux-image-kvm', 'linux-kvm', 'locales', 'mdadm', 'packagekit', 'packagekit-tools', 'python3-apport', 'python3-distutils', 'python3-gdbm:amd64', 'python3-lib2to3', 'python3-problem-report', 'python3-urllib3', 'python3.8', 'python3.8-minimal', 'secureboot-db', 'shim', 'shim-signed', 'snapd', 'sosreport', 'zlib1g:amd64']


python3-apport changed from version '2.20.11-0ubuntu27.8' to version '2.20.11-0ubuntu27.9'

Source: apport
Version: 2.20.11-0ubuntu27.9
Distribution: focal
Urgency: medium
Maintainer: Brian Murray < - >
Timestamp: 1599065319
Date: Wed, 02 Sep 2020 09:48:39 -0700
 apport (2.20.11-0ubuntu27.9) focal; urgency=medium
   [ YC Cheng ]
   * apport/apport/ add acpidump using built-in (LP: #1888352)
   * bin/oem-getlogs: add "-E" in the usage, since we'd like to talk to
     pulseaudio session and that need environment infomation. Also remove
     acpidump since we will use the one from hook.
 apport (2.20.11-0ubuntu27.8) focal; urgency=medium
   [Brian Murray]
   * Fix pep8 errors regarding ambiguous variables.

python3-distutils changed from version '3.8.2-1ubuntu1' to version '3.8.5-1~20.04.1'

Source: python3-stdlib-extensions
Version: 3.8.5-1~20.04.1
Distribution: focal-proposed
Urgency: medium
Maintainer: Matthias Klose <->
Timestamp: 1597062287
Date: Mon, 10 Aug 2020 14:24:47 +0200
Closes: 960653
 python3-stdlib-extensions (3.8.5-1~20.04.1) focal-proposed; urgency=medium
   * SRU: LP: #1889218. Backport Python 3.8.5 to 20.04 LTS.
   * Build as well for 3.9, except on i386.
 python3-stdlib-extensions (3.8.5-1) unstable; urgency=medium
   * Update 3.8 extensions and modules to the 3.8.5 release.
 python3-stdlib-extensions (3.8.4-1) unstable; urgency=medium
   * Update 3.8 extensions and modules to the 3.8.4 release.
 python3-stdlib-extensions (3.8.4~rc1-1) unstable; urgency=medium
   * Update 3.8 extensions and modules to 3.8.4 release candidate 1.
 python3-stdlib-extensions (3.8.3-2) unstable; urgency=medium
   * Remove bytecode files for 3.7 on upgrade. Closes: #960653.
   * Bump debhelper version.
 python3-stdlib-extensions (3.8.3-1) unstable; urgency=medium
   * Stop building extensions for 3.7.
   * Update 3.8 extensions and modules to 3.8.3 release.


Above is a snippet of the output where you can see the exact changes made between the two versions. Full changelog available @

I have found this very useful when tracking why a package version changes and also if a package version change includes patches addressing a specific vulnerability.

We don’t yet publish package version manifests for all of our cloud images so to help in generating manifests I published the ubuntu-package-manifest command line utility to easily generate a package version manifest for any Ubuntu or Debian based image or running instance for later use with ubuntu-cloud-image-changelog.

ubuntu-package-manifest available from the snap store
ubuntu-package-manifest available from the snap store
$ sudo snap install ubuntu-package-manifest
$ # This is a strict snap and requires you to connect the system-backup interface
$ # 
$ # to access the host system package list. This is access read-only.
$ snap connect ubuntu-package-manifest:system-data
$ sudo ubuntu-package-manifest

You can even use this on a running desktop install to track package version changes.

ps. We’re hiring in the Americas and in EMEA 🙂

Xerox DocuMate 3220 scanner on Ubuntu

TLDR; This blog post is confirming that the Xerox DocuMate 3220 does work on Ubuntu and shows how to add permissions for non root users to use it.


I was using my wife’s old printer/scanner all in one for scanning documents and it worked well but it was a pain to scan multiple documents so I decided to get a business scanner with auto feed and duplex scanning.

I went for the Xerox DocuMate 3220 as it stated it was SANE compatible so would work on Linux.


With an RRP of ~€310 I managed to get a refurbished model for €98 delivered from ebay but sadly I didn’t do enough research as the scanner is not SANE supported.

In my research in trying to add the scanner to the xerox_mfp SANE backend config (which didn’t work) I discovered that VueScan was available for Linux and it’s supported scanners did list some of the Xerox DocuMate series. I had used VueScan on my old MacBook Pro and was very happy with so I gave it a shot. Note that VueScan is not Open Source and not free but it is excellent software and well worth the €25 purchase price.

Lo and behold it found the scanner and it supported all of the scanner’s features.

  • Flatbed scanning
  • Auto feed
  • Duplex auto feed

However VueScan would only detect the scanner when run as root due to libusb permissions.

To add permissions for non root users to use the scanner I made the following changes. This guide should also be helpful when changing permissions for any USB device. The following changes were made on an Ubuntu 17.10 machine.

# Add myself to the scanner group. You can do this through the “Users and Groups” GUI too.

philroche@bomek:$ sudo usermod -a -G scanner philroche

# Find the scanner vendor id and product id

Running dmesg we can see the scanner listed with idVendor=04a7 and idProduct=04bf

philroche@bomek$ dmesg
usb 1-2.4.3: new high-speed USB device number 26 using xhci_hcd
usb 1-2.4.3: New USB device found, idVendor=04a7, idProduct=04bf
usb 1-2.4.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-2.4.3: Product: DM3220
usb 1-2.4.3: Manufacturer: Xerox
usb 1-2.4.3: SerialNumber: 3ASDHC0333

Note: The device number will most likley be different on your system.

Running lsusb we can see that the scanner is also listed as “Visioneer”

philroche@bomek:$ lsusb
Bus 001 Device 026: ID 04a7:04bf Visioneer

Note: As with the the device number, the Bus used is likley to be different on your system.

We can see above that the device is on bus 001 as device 026. Using this info we can get full udev (Dynamic device management) info.

philroche@bomek:$ udevadm info -a -p $(udevadm info -q path -n /dev/bus/usb/001/026)
looking at device '/devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.4/1-2.4.3':
 ATTR{bNumInterfaces}==" 1"
 ATTR{version}==" 2.00"

This is the info we need to create our udev rule

# Add Udev rules allowing non root users access to the scanner

Create a new udev rule

philroche@bomek:$ sudo nano /etc/udev/rules.d/71-xeroxdocument3220.rules

Paste the following text to that new file

SUBSYSTEM=="usb", ATTR{manufacturer}=="Xerox", ATTR{product}=="DM3220", ATTR{idVendor}=="04a7", ATTR{idProduct}=="04bf", MODE="0666", GROUP="scanner"

This adds a rule to allow any user in the “scanner” group (which we added ourselves to earlier) permission to use the usb device with vendor 04a7 and product 04bf.

Note you will have to log out and log in for any group changes to take effect or run su - $USER

# Reload the udev rules

philroche@bomek:$ sudo udevadm control --reload-rules

# Test these new udev rules

philroche@bomek:$ udevadm test $(udevadm info -q path -n /dev/bus/usb/001/026)

You shouldn’t see any permissions related errors.

Now when you run VueScan as a non-root user you should see no permissions errors.

# Start VueScan

philroche@bomek:$ ./vuescan