** Description changed: == Begin SRU Template == [Impact] This release sports both bug-fixes and new features and we would like to make sure all of our supported customers have access to these improvements. The notable ones for are: * Xenial and Bionic: New Python-based client to automatically setup livepatch, fips, esm-infra, esm-apps using a single UA contract token from https://ubuntu.com/advantage. This is a backward incompatiple transition from the previous shell-based ubuntu-advantage commands to the new python-based "ua" command. For all Ubuntu releases: * APT command and MOTD messaging hooks about available esm-infra and esm-apps package upgrades and ESM-infra availability on Ubuntu releases entering Extended Security Maintenance (Xenial) * FIPS and FIPS-updates support * New ua fix subcommand to allow fixing individual CVE or USN security issues. * new 'ua help' command to give information about * notices section in `ua status` about outstanding configuration changes needed to finish intiial setup of Ubuntu Advantage services See the changelog entry below for a full list of changes and bugs. [Test Case] The following development and SRU process was followed: https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdate The ubuntu-advantage-tools team will be in charge of attaching the artifacts and console output of the appropriate run to the bug. ubuntu-advantage-tools team members will not mark ‘verification-done’ until this has happened. * Automated Test Results <TODO> Attach or link the following automated integration test runs for ubuntu-advantage-tools on each affected LTS release: - lxd.container platform - lxd.kvm platform - AWS Ubuntu PRO - AWS Ubuntu cloud-images (non-Pro) - Azure Ubuntu PRO - Azure Ubuntu cloud-images (non-Pro) - GCP Ubuntu PRO - GCP Ubuntu cloud-images (non-Pro) </TODO> * Manual Test Results If trusty targeted: <TODO: attach manual livepatch enablement on HWE kernels for trusty> For all SRUs: <TODO: attach manual upgrade path test from previous LTS to current -proposed release> [Regression Potential] In order to mitigate the regression potential, the results of the aforementioned integration tests are attached to this bug. The list below represents places where this update could cause regressions: * apt hook messages not working properly resulting in E: error messages from ubuntu-advantage-tools apt hooks. apt will still exit 0 in these cases * MOTD hooks during error conditions omitting messages about available esm package updates. * Customers trying to use scripts at system deployment that use the old ubuntu-advantage-tools < version 19 will not be able to `ua enable-livepatch` or `ua enable-esm` at system launch. Launch scripts need updating * Customers launching machines using the following cloud-config userdata during system launch will have to update their userdata to use new the new cmdline client 'ua attach', 'ua enable' commands. - #cloud-config - ubuntu_advantage: - commands: XXX - runcmd: - ubuntu-advantage enable-fips + #cloud-config + ubuntu_advantage: + commands: XXX + runcmd: + ubuntu-advantage enable-fips + * Upgrade from Trusty to Xenial of a UA attached VM may report ESM Infra as disabled https://github.com/canonical/ubuntu-advantage-client/issues/1590 + [Discussion] <TODO: other background> == End SRU Template == Changelog for release delta: ubuntu-advantage-tools (27.0~16.04.1) xenial; urgency=medium * New upstream release 27.0: (LP: #1926361) - apt-hook: mitigate failures with true - messages: add optional (s) to apt messaging to include singular/plural pkgs - apt-hook: avoid reporting and counting duplicate package names (GH: #1578) - fix: don't say reboot required when unnecessary (LP: #1926183) - test: uncomment additional xenial upgrade tests -- Lucas Moura <lucas.mo...@canonical.com> Tue, 27 Apr 2021 15:31:06 -0300 ubuntu-advantage-tools (27.0~21.04.1~beta3) hirsute; urgency=medium * New upstream beta3 release: - config: avoid tracebacks on invalid features value in uaclient.conf (GH: #1564) - apt-hook: new json hook for security update counts - Remove redundant messaging from uaclient -- Chad Smith <chad.sm...@canonical.com> Fri, 23 Apr 2021 15:28:44 -0600 ubuntu-advantage-tools (27.0~21.04.1~beta2) hirsute; urgency=medium * d/control: - add distro-info dependency - add new debianutils dependency - add optional dh-systemd | debhelper (>= 13.3) to fallback on hirsute and later when dh-systemd is not present * d/rules: enable and start ua-messaging.timer on package install * d/postinst: - configure esm on any LTS release avoid beta services - configure esm-infra when is_active_esm and apps on LTS - xenial enable unauthenticated apt source for apps/infra * New upstream release 27.0~beta: - apt-hook: + adapt hook to process separate message templates + esm-apps and esm-infra pkg counts not mutually-exclusive + print static messages on apt upgrade/dist-upgrade (GH: #1546) - config: create settings_overrides on config (GH: #1507) - docs: add entry for uploading new version to ppa - esm: + add pin never when disabling esm-infra/apps on xenial + enable infra when EOL LTS and apps on all LTS (GH: #1558) - fips: add notice when installing over old fips - fix: + add links to ubuntu.com/gcp/aws in messaging when on non-PRO + add notice to reboot operation on ua fix + do not prompt user for beta services (GH: #1544) + notify users if reboot is required (GH: #1476) + update how the expired token logic works + wrap output greater than 80 chars (GH: #1487) - lib: fix notice handling on reboot script - messages + provide static message files for use in APT and MOTD + update_ua_messages on attach/detach/disable - mypy: add lib/ dir for coverage - status: do not remove notices on non-root call (GH: #1518) - subp: separate % format strings when logging (GH: #1520) - systemd: add ua-messaging.timer to update ua MOTD and APT msgs - update-motd.d: add conditional hooks for motd to source ua messages - util: add is_lts and is_active_esm funtions to support ESM - test + add integration tests asserting esm-apps setup due to postinst + manual test script for xenial upgrade + trusty and xenial infra and apps disabled in pkg install - behave: use unaltered cloud images unsetting UACLIENT_BEHAVE_PPA - jenkins: make lint and style stage run sequentially -- Lucas Moura <lucas.mo...@canonical.com> Thu, 22 Apr 2021 14:16:26 -0300 ubuntu-advantage-tools (27.0~21.04.1~beta) hirsute; urgency=medium * d/*: prefix all the debhelper conf files with the package name * d/control: - add Rules-Requires-Root: no - bump Standards-Version to 4.5.1 - make ubuntu-advantage-pro Architecture: all * d/lintian-overrides: - override maintainer-script-calls-service - package-supports-alternative-init-but-no-init.d-script * d/postinst: move the u-a-pro note to a config script * d/ubuntu-advantage-tools.templates: suggest the use of apt * New upstream release 27.0~beta: - apt: add retry for apt-helper command (GH: #1431) - cli: drop subcommand repeated help output, fix enable & refresh (GH: #1440) - config: + allow parsing yaml delivered from env values + environment variable support for feature overrides (GH: #1395) + create config to add extra params to security url - docs: + add ppas and fix typos + use Ubuntu Pro not Ubuntu PRO + add stop "." punctuation to messages (GH: #1320) - fips: fix FIPS message when disable operation fails - fix: + add basic UASecurityClient to which queries CVE and USNs + add security_url to config + check if service is enabled during ua fix (GH: #1462) + closer representation of cve and usn responses + filter usns by cve details (GH: #1470) + fix regex to be more permissive and strict + get_cve_affected_source_packages_status won't list not-affected (GH: #1467) + handle other package status when running ua fix (GH: #1435) + improve error message for ua fix (GH: #1420) + install pkg fixes when they are on standard pocket (GH: #1401) + move timeout and retries to security client only + only prompt for subscription attach for UA-related pkg updates + parse all related USNS to a given CVE when fixing + parse full API responses for related CVEs and USNs + prefer USN.release_packages binary pkg versions to CVE src ver (GH: #1436) + prompt for new ua token when expired one is used (GH: #1475) + prompt to emit pro suggestion on pro_clouds if unattached (GH: #1386) + prompt to enable service during ua fix (GH: #1455) + provide related CVE URLs instead of USNs (GH: #1456) + raise errors when source_link is null or unexpected format + show packages that were not fixed in the output + update output for released packages in ua fix (GH: #1438) + update message for invalid issue in ua fix (GH: #1433) + use pocket values from USNs (GH: #1439) - logs: emit error response on API errors and redact sensitive logs (GH: #1424) - serviceclient: add 10 second timeout and two retries to API calls (GH: #1374) - util: + add error prompts on invalid selection + add timeout to readurl - tests: + Add disable_auto_attach config to all test PRO vms + add merge_usn_released_binary_package_versions tests + add unittest coverage for override_usn_release_package_status + drop traceback checks on fips integration tests + refactor integration tests for ua fix cmd + run status wait before detach in PRO tests + use ssh to run commands on lxd containers - jenkins: archiveArtifacts can only reference paths within workspace -- Lucas Moura <lucas.mo...@canonical.com> Tue, 30 Mar 2021 14:16:03 -0300 ubuntu-advantage-tools (26.3~21.04.1) hirsute; urgency=medium * d/control: add new debianutils dependency * New upstream release 26.3 - util: improve is_container check for chroot - cli: pass assume_yes param to services on detach (GH: #1530) -- Grant Orndorff <grant.orndo...@canonical.com> Tue, 06 Apr 2021 14:26:20 -0300 ubuntu-advantage-tools (26.2) hirsute; urgency=medium * Drop dh-systemd build dependency. -- Matthias Klose <d...@ubuntu.com> Wed, 10 Mar 2021 16:54:12 +0100 ubuntu-advantage-tools (26.2~21.04.1) hirsute; urgency=medium * status: show beta services in status if enabled (GH: #1410) -- Lucas Moura <lucas.mo...@canonical.com> Tue, 02 Mar 2021 10:11:53 -0300 ubuntu-advantage-tools (26.1~21.04.1) hirsute; urgency=medium * New upstream release 26.1 - contract: block detach call to contract if machine-id change - docs: add readme docs about mastering clean golden images - fips: add reboot notices for fips operations (GH: #1368) - livepatch: add retry when running canonical-livepatch status (GH: #1360) - util: use lru_cache to avoid re-reading os-release and machine-id (GH: #1329) - tests: + add disable_auto_attach config to all test PRO vms + add more log artifacts during failed integration test + check cloudinit status after launching image + mock leaking livepatch.application_status for fips test + retry package installs on apt exit 100 - jenkins: parameterize build stages to avoid parallel job collision -- Lucas Moura <lucas.mo...@canonical.com> Fri, 19 Feb 2021 10:30:22 -0300 ubuntu-advantage-tools (26.0.1~21.04.1) hirsute; urgency=medium * auto-attach: fix comparing numeric iid -- Lucas Moura <lucas.mo...@canonical.com> Fri, 05 Feb 2021 14:10:09 -0300 ubuntu-advantage-tools (26.0~21.04.1) hirsute; urgency=medium * New upstream release 26.0: - auto-attach: systemd unit to run before ua-reboot-cmds.service - config: remove_notice should remove notices.json when empty - fips: + add notice if running a deactivated FIPS kernel (GH: #1348) + block enabling FIPS on clouds using Xenial + block enabling fips on GCP instances + check /proc/sys/crypto/fips_enable to see if fips is enabled + override fips metapackage when on bionic cloud + update metapackage override logic on fips - notices: clear lock file and notice when encountering any exception (GH: #1326) - reboot_cmds: retry on lock held errors due to pro auto-attach - services: allow uaclient to disable services during enable - status: include beta services in json formatted output with --all (GH: #1341) - tests: + add FIPS tests to AWS and Azure bionic images + add GCP pro test for focal machine + add after_step collection of artifacts on failure + remove proc file check after disabling fips + pro: block auto-attach with cloud-config bootcmd + add validation of systemd unit ua-reboot-cmds.service + test enabling fips-updates when fips is enabled - jenkins: - add deb build stage to assert package builds - use series-specific sbuild --build-dir avoid races - use --append-to-version for each sbuild run to avoid races - presume success when no integration artifacts created -- Lucas Moura <lucas.mo...@canonical.com> Thu, 04 Feb 2021 16:34:56 -0300 ubuntu-advantage-tools (26.0~21.04.1~beta) hirsute; urgency=medium * d/rules: - add --with systemd to allow reboot init script - do not remove lib/systemd/system folder * d/postinst: - create marker file when reboot script need to run: - enable livepatch across trusty to xenial upgrade - update fips on existing fips pro machines * New upstream release 26.0~beta: - gcp: add Google Cloud Platform support (GH #1269) - fips: + remove is_beta from fips sevices + fips pro: add upgrade support to require reboot to unmark held fips pkgs + update origin UbuntuFIPSUpdates - status: + add notice to tabular output + held locks emit notice about Operation in progress - cli: help sort output so trusty ordering matches xenial++ - cis: rename service from cis-audit - config: provide config notices and add_notice and remove_notice methods - contract: add resource-machine-access route and datapath - init: add init script to run commands on reboot - keys: add ubuntu-advantage-cis keyring - livepatch: make livepatch react to enableByDefault delta - log: log when we install pkgs because of contract delta - make: drop six testdeps target - pro: do not install pro debs on non-pro instances - services: Update beta info for services (GH #1220) - tools: add tox-lxd-runner, that execute the test command in a shell - tools: refresh-keyrings handles cis keys. drop series-specific keys - tests: + add GCE support for integration tests + add cis integration tests for unattached and pro + add pytest constraint for mypy tests + add unittests for reboot_cmds script + fix esm package messages for new update notifier version + pin importlib-metadata for mypy tests + repo tests for request_resource_machine_access + unit tests for config cache clearing and machine-access data - jenkins: + add basic Jenkinsfile for CI runs per PR + add jenkins parseable test results + add lxc cleanup stage on Jenkinsfile -- Lucas Moura <lucas.mo...@canonical.com> Thu, 14 Jan 2021 10:08:20 -0300 ubuntu-advantage-tools (25.0~20.10.1) groovy; urgency=medium * Release version 25.0 -- Chad Smith <chad.sm...@canonical.com> Fri, 04 Dec 2020 13:32:16 -0700 ubuntu-advantage-tools (25.0~20.10.1beta3) groovy; urgency=medium * New upstream release 25.0~beta3: - upgrade-lts-conract: noop during do-release-upgrade on unattached (GH: #1255) - ua-auto-attach: order systemd unit before cloud-config.service - Update FIPSUpdates pin origin - fips: unmark held fips packages for ubuntu pro fips image support (GH: #1109) - repo: handle changes to additionalPackages contract deltas - repo: move package installation to install_packages method - pro: trigger auto-attach as soon as instance-data.json is available (GH: #1234) - Conditionally install packages when enabling FIPS - fips: allow disable (GH: #1168) - cli: add trailing newline to argparse errors (GH: #1236) - Install fips metapacking when enabling service - integration test improvements: + upgrade-test: fix upgrade path restart failures on trusty (GH: #1257) + Fix integration test setup scripts (GH: #1253) + strict checking for command success on behave + Update tests to use new pycloudlib LXD abstraction + Add upgrade scenario tests when FIPS is enabled + Improve FIPS tests for checking packages + Update esm-infra xenial lxd test + Fix vm tests as esm-apps is beta service + Fix azure generic integration testing + Update esm-apps check on staging_commands tests + Install pycloudlib for azure jobs only + Fix shell condition in run_azure_travis_integration_tests.sh + Update azure jobs on travis + Update travis url in README + Update travis scripts to use ppa only on master + Fix cron event type check on travis yaml -- Chad Smith <chad.sm...@canonical.com> Wed, 02 Dec 2020 13:43:16 -0700 ubuntu-advantage-tools (25.0~20.10.1~beta2) groovy; urgency=medium * New upstream release 25.0~beta2: - help: update esm-infra help text (GH: #1212) - apt-hook: update apt cli messaging for UA Infra: ESM and UA Apps: ESM product names - help: update fips help docs (GH: #1213) - help: revert CIS help doc URL (GH: #1211) - help: add new fips help URLs to CLI help docs (GH: #1210) - Show error when enabling service with invalid repo [Lucas Moura] (GH: #954) - Update beta info for services (#1220) [Lucas Moura] (GH: #1216) - Do not enable fips when fips-updates is active [Lucas Moura] (GH: #1209) - Add vm test commands in tox.ini (#1204) [Lucas Moura] -- Chad Smith <chad.sm...@canonical.com> Mon, 26 Oct 2020 20:01:21 -0600 ubuntu-advantage-tools (25.0~20.10.1~beta1) groovy; urgency=medium * Beta bug fix release - status: fix missing description_override key after upgrade from trusty (GH: #1201) - During contract delta processing use _check_application_status_on_cache instead of live service status -- Chad Smith <chad.sm...@canonical.com> Sat, 10 Oct 2020 21:47:21 -0600 ubuntu-advantage-tools (25.0~20.10.1~beta) groovy; urgency=medium * d/control: - add po-debconf dependency and fix lintian not-using-po-debconf and untranslatable-debconf-templates - add ${misc:Depends} dep to ubuntu-advantage-pro to fix lintian debhelper-but-no-misc-depends (GH: #1024) * d/rules: - drop --with systemd fix build-depends-on-obsolete-package - set fix lintian warning extra:Depends even if empty * d/postrm - Add more gpg keys to be deleted in postrm for Xenial+ support * d/postinst: - do not unconfigure non-trusty esm. no series in apt filenames (GH: #1170) - check if esm is already enabled (GH: #1095) * New upstream release 25.0: - Do not uninstall additionalPackages or livepatch when disabling services - check for issubclass on clean_apt_files - Add do-release-upgrade support for esm-infra and apps suites (GH: #1169) - Apply contract deltas during do-release-upgrade operations - cli: add ua help command - cli: status add blocking --wait param and lock files for config change - Fix livepatch behaviour on aws pro focal machine - travis: drop inapplicable workspaces from specific awsgeneric release jobs - Add possible reboot text after enabling/disabling services - apt-hook: package apt-hook and apt configuration files on all releases (GH: #1150) - Fix enable fail bug - Add uaclient.conf override mechanism for auto-attach, beta services and machine-token - Support ESM Apps [Brian Murray] (GH: #930) - Do not enable services if blocking services is active (GH: #1029) - contract: handle 401 on invalid token, 403 on expired (GH: #1335) - Hide beta services from default status output and enable/disable operations (GH: #1079) (GH: #1091) - fips: force apt noninteractive prompts during package installs (GH: #1084) - tests: add unit tests for aws-gov/aws-china cloud detection - Add AWS China and GovCloud partitions [Robert Jennings] - Disable beta services to be show/enabled without flag - Add missing build_pr command to environment - Use additionalPackages from service payload - Add integration testing for Travis runs [patriciadomin] (GH: #856) (GH: #857) (GH: #853) -- Chad Smith <chad.sm...@canonical.com> Mon, 28 Sep 2020 21:11:54 -0600 ubuntu-advantage-tools (24.4) groovy; urgency=medium * New bug-fix-only release 24.4: - uaclient.version bump to 24.4 - fips: honor additionalPackage directive from contract for bionic (GH #1173) -- Chad Smith <chad.sm...@canonical.com> Tue, 01 Sep 2020 11:14:39 -0600 ubuntu-advantage-tools (24.3) groovy; urgency=medium * New bug-fix-only release 24.3: - uaclient.version bump to 24.3 - fips: add conditional reboot message only if /var/run/reboot-required is present - fips: add apt repo key for FIPS and FIPS updates (GH #1026) -- Chad Smith <chad.sm...@canonical.com> Thu, 20 Aug 2020 14:50:17 -0600 ubuntu-advantage-tools (24.2) groovy; urgency=medium * New bug-fix-only release 24.2: - uaclient.version bump to 24.2 - pro: Add AWS China and GovCloud partitions support (GH #1077) -- Chad Smith <chad.sm...@canonical.com> Wed, 03 Jun 2020 16:12:41 -0600 ubuntu-advantage-tools (24.1) groovy; urgency=medium * New bug-fix-only release 24.1: - livepatch: run snap wait system snap.seeded before trying to install (GH: #1049) - version: return debian/changelog version when git describe fails to match upstream <major>.<minor> tags for git-ubuntu workflow (GH: #1058) -- Chad Smith <chad.sm...@canonical.com> Mon, 18 May 2020 15:07:17 -0600 ubuntu-advantage-tools (24.0) groovy; urgency=medium * bump version to 24.0 for new versioninig scheme -- Chad Smith <chad.sm...@canonical.com> Mon, 18 May 2020 15:04:33 -0600 ubuntu-advantage-tools (20.3) focal; urgency=medium * New upstream release 20.3: - ubuntu-pro: automatically reattach across instance id delta (LP: #1867573) - integration testing: + add behave tests ua subcommands for attached vm + add invalid token tests + add reuse_container test docs + refactor token parameter -- Chad Smith <chad.sm...@canonical.com> Mon, 30 Mar 2020 14:49:17 -0600 ubuntu-advantage-tools (20.2) focal; urgency=medium * d/templates: add a debconf note on upgrade from pre-ubuntu pro package * d/control: create a separate ubuntu-advantage-pro package which delivers the tooling and scripts necessary to auto-attach pro machines This change breaks/replaces ubuntu-advantage-tools <= 20.1 * d/maintscript: rm_conffile /etc/init/ua-auto-attach.conf from ua-tools pkg * d/postint: remove stale systemd symlinks which have migrated to ubuntu-pro * d/rules: only install the apt hook on trusty * d/rules: provide --no-start to debhelper to avoid auto-attach on pkg install * Release 20.2: - ubuntu-pro: + azure: fix detection of DatasourceAzureNet as azure on trusty + generalize identity_doc to return dict instead of string + auto-attach: any 4XX errors during auto-attach are the result of non-Pro + auto-attach: handle 403 errors raised by contract server for invalid vms - attach: persist any status config changes after attach failures - output: add messaging using a different subscription if attached -- Chad Smith <chad.sm...@canonical.com> Thu, 20 Feb 2020 11:13:15 -0700 ubuntu-advantage-tools (20.1) xenial; urgency=medium * Release 20.1: - azure-pro, support for azure ubuntu pro auto-attach: + add azure auto-attach instance as valid cloud_instance_factory + add azure cloud instance module and tests + generalize request_aws_contract_token for multiple cloud_types + contract: request_auto_attach_contract_token takes an instance param - constraints: add constraint on pyyaml version in trusty - auto-attach: move duplicate invalid cloud_type check out of cli -- Chad Smith <chad.sm...@canonical.com> Mon, 13 Jan 2020 15:09:18 -0700 ubuntu-advantage-tools (19.7) xenial; urgency=medium * d/postinst: only configure ESM on supported architectures (LP: #1851858) [Andreas Hasenack] * d/postinst: rename existing ubuntu-esm-precise.list file to trusty. This fixes the upgrade path from precise to trusty and to this client while esm is enabled (LP: #1850672) * Release 19.7: - aws: handle missing SYS_HYPERVISOR_PRODUCT_UUID - aws-pro: support for aws ubuntu pro auto-attach - pro: add cloud identity module and fix unit tests - pro: update systemd service and upstart boot scripts to auto-attach - pro: esm do not do apt pin never on disable on xenial or bionic - pro: esm-apps has origin UbuntuESMApps and esm-infra is UbuntuESM - status: dynamic status available now from refreshed machine-token - uaclient: update customer visible messages after UX review - esm-apps: allow unattended security upgrades for esm-apps - systemd: needs WantedBy=multi-user.target to get pulled into boot - cli: update docstring to describe errors raised from auto-attach - keyrings: update ubuntu-advantage-esm-apps.gpg with correct key - repo: match strict repo url in apt-policy to avoid esm substring matches - esm: don't disable_apt_auth_only for ESM entitlements - initial implementation of esm-apps - repo: don't raise exception in application_status if aptURL missing - entitlements: rely solely on contract server for repo_url - cli: exit 0 if already attached - cli: use decorators for action_attach and action_attach_premium - cli: add assert_not_attached decorator - status: custom descriptions for n/a service status -- Chad Smith <chad.sm...@canonical.com> Fri, 29 Nov 2019 11:09:18 -0700 ubuntu-advantage-tools (19.6) focal; urgency=medium * New upstream release. Main changes: - drop SSO interactive login support - d/control: no longer depend on pymacaroons, which was only needed for the SSO interactive login support - drop keyrings for services not supported in trusty: cc-eal, fips, fips-updates, cis audit - make sure /var/lib/ubuntu-advantage/private has 0700 perms - rename esm to esm-infra. Also handle upgrades - don't unecessarily remove config files that are already handled by dpkg - expand the apt related runtime dependencies - handle sources.list.d esm snippet when release upgrading from precise - ua status now reports availability of services even in unattached state - the "ua status" output was changed, including the json format option - drop "ua status" call in postinst as it now requires internet access and that is restricted in LP builders and test runners. - fix the d/t/usage DEP8 test that was also using status -- Andreas Hasenack <andr...@canonical.com> Thu, 04 Jul 2019 14:12:58 -0300 ubuntu-advantage-tools (19.5.1) eoan; urgency=medium * d/t/usage: fix dep8 test ("entitlements" was renamed to "services") -- Andreas Hasenack <andr...@canonical.com> Wed, 03 Jul 2019 21:55:25 -0300 ubuntu-advantage-tools (19.5) eoan; urgency=medium * New upstream release (LP: #1832757): - packaging: + d/control: depend on libapt-pkg<ABI_VERSION> to use pin-priority never + d/postinst: adjust logfile permissions + d/postinst: remove public files and generate status cache on upgrade + d/postinst: Remove the old CACHE_DIR in postinst + d/postrm: remove log files on package purge + d/postrm: remove the ESM pinning file on purge + trusty should remove v1 esm key if present after upgrade + keyrings: regenerate keyrings on a trusty host + refresh keyrings to match current production for fips and cc-eal - apt: + all repo entitlements now call apt-get update on enable + enable -updates if -updates from the Ubuntu archive is enabled + Add basic i18n (good enough for lang packs) + retry apt install and update commands 3 times simple backoff + write commented -updates lines instead of omitting them - attach/detach: + added --no-auto-enable option + suppress messages from inapplicable default entitlements + two-factor auth reprompt only two-factor auth on failed 2fa + honour enableByDefault obligations from contract server + livepatch: no auto-enable on attach for trusty + don't attempt to disable inapplicable entitlements during detach + check for root before checking for attach in assert_attached_root - status: + add --json cli formatting option + emit a SERVICE header in status output + redact technical support and expiry for free contracts + unentitled services will report n/a - cc-eal: + add a warning about download size before install + change cc to cc-eal in docs, parameters and commandline help - esm: + add esm-v2 gpg keyring, drop old keyring, ignore aptKey directive + and livepatch auto enabled on attach where supported + on upgrade do not install preferences to pin never if esm enabled + remove only the apt auth entry on disable, leaving sources.list + use Pin-Priority never apt preference file to disable esm initially - fips: + display as pending when linux-fips is not the running kernel + only install/upgrade optional packages that are already on the system - logs: + no longer redact secrets as logfile is root read-only + separate console log devel from logfile level + remove level from messages to the console - add subcommand to refresh all contract details - config: allow contract_url and sso_auth_url to have a trailing slash - docker: fix persisting generated uuid on images without machine-id files - environ: allow lowercase ua_<config_option> overrides - repo: un-comment ESM sources.list lines on repo disable - updated manpage and help docs -- Andreas Hasenack <andr...@canonical.com> Wed, 03 Jul 2019 15:55:11 -0300
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926361 Title: sru ubuntu-advantage-tools (10ubuntu0.16.04.1 -> 27.0) Xenial, Bionic, Focal, Hirsute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1926361/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs