CA-423202: Xapi can incorrectly expect livepatches for EOL base versions

[minglumlu]

A new live patch update may drop live patch support for a component
running with an old version. This means the old version is EOL in sense
of live patching support.

Previously, the logic collected all live patches that shared the same
base build ID for the running component and treated them as cumulatively
applicable.

With this change, if the base build ID is marked EOL in the latest
relevant update (for the same live patching component), the component is
considered not live‑patchable

[lindig]

I believe this is mostly relevant for Xen packages. Each Xen packages states the base version from where it can live update. Given that currently running version is fixed, this seems easy to decide. Where is the complexity coming from? That there is more than one Xen package that could be used? So now the question is: use one that supports live patching but does update to the latest Xen? Or use one that updates to the latest Xen but can't live patch? And this commit implements the latter policy?

[minglumlu]

I believe this is mostly relevant for Xen packages. Each Xen packages states the base version from where it can live update. Given that currently running version is fixed, this seems easy to decide. Where is the complexity coming from? That there is more than one Xen package that could be used? So now the question is: use one that supports live patching but does update to the latest Xen? Or use one that updates to the latest Xen but can't live patch? And this commit implements the latter policy?

This is relevant for both Xen and Kernel. But I will explain with Xen...

A Xen live patch can be applied only to a running Xen with a matched version which actually is identified by the build ID. The build ID will not change until a reboot. A latest Xen update usually contains multiple live patches for multiple build IDs. In other words, for example, this update can be applied on a host with a running Xen with build ID A, and can be applied on another host with running Xen with build ID B. After applying, the running Xen on both hosts will have the live patch take effect as the latest Xen version delivered by the update.

Now looking at the build ID A and B. They corresponds to two old Xen versions. Suppose A is older than B. Now, it's possible that a latest Xen update doesn't contain a live patch for build ID A (the new package will deliver new live patch files and remove the old ones). This means for the latest update, a host running with Xen with build ID A is not live patchable, or equivalently, live patching support on running Xen with build ID A is EOL. So the conclusion is no live patch is applicable on this host in this case.