Comment #1 is now stale, as the release changeset has changed. The bug description has the correct text for the SRU purposes.
** Description changed: - SRU bug + [ Impact ] + + This release brings both bug-fixes and new features for the Pro Client, + and we would like to make sure all of our supported customers have + access to these improvements on all releases. + + The most important changes are: + + - We are introducing API and CLI features that allow users to visualize + the CVEs that affects machine. + + For the API, we are introducing a new endpoint: + + * u.pro.security.cves.v1: Show the CVEs that affects the machine + + For the CLI commands, we are also introducing two new commands: + + * pro cves: Show the CVEs that affects the machine + * pro cve: Show information about a specific CVE + + - We are now supporting for pro auto-attach on LXD container/VMs. If the + host is attached to a Pro subscription, running pro auto-attach on the + LXD container/VM should also attach it to the Pro subscription used by + the host. + + We are also introducing a configuration that allow user to specify if + all LXD container/VMs should auto-attach on boot or not. + + [ Test Plan ] + + The following development and SRU process was followed: + https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates + + The Pro Client developers will be in charge of attaching the artifacts + of the appropriate test runs to the bug, and will not mark + ‘verification-done’ until this has happened. + + [ Where problems could occur ] + + In order to mitigate the regression potential of the changes in this + version, the results of the integration tests suite runs are attached to + this bug. + + Other considerations are: + + - We are adding new dep8 tests for this Pro release. The main goal of + those tests is to spot any problems on python3-apt related changes, as + the test rely heavily on that package functionality to work. Those tests + could cause package breakages we have not anticipated. + + - We have refactored the enforcement of the onlySeries contract + directive. This directive states that some contracts should only be + valid on certain ubuntu releases. Since a ubuntu release can only really + fully change after a reboot, we are now only checking the onlySeries + ubuntu release requirement on reboot. Failing to do so would make it + possible to attach a machine to a contract in a series it's not entitled + to, or to deny a machine that should be able to attach on a specific + series. Our integration tests cover the onlySeries scenarios to help + checking this works right. + + - We are now guaranteeing that our ESM cache exists when a user runs pro + security-status. This is not only to guarantee that command display the + most accurate information possible, but to avoid apt related warning to + show up if the directory doesn't yet exists + + - We are creating a new package status for u.pro.packages.updates.v1. If + a package is installed from ESM, but there is a new version in the + archive, we are now returning the status as + upgrade_available_not_preferred. Since the ESM package are pinned, this + status tells the user that there is an upgrade available, but apt will + not install it by default. We added proper documentation about this + change to avoid confusion. + + - We saw warning on Noble generated by our apt news feature. That was + caused because the _apt user didn't had access to the folder we were + storing the apt news content at. We have now changed the directory + ownership to the _apt user to silence the warning. We have double + checked with the APT team if changing the ownership of the directory + would pose a risk of someone else changing the content of APT news, but + they stated that this is not a concern. + + - We dropped the dependency on python3-pkg-resources for Oracular + onward. A mistake in the logic there could break the dependency on older + releases, or fail to remove it from newer ones. Errors like that would + show at build time though. + + - We bumped the C++ standards to C++17. If this would not be available + on older releases, then the apt-hook builds would break. We tested it + and it compiles correctly. + + [ Other Info ] + + Many changes in this release are refactors, test improvements, among + other code-quality improvement changes. So there are many commits that + don't bring functionality changes. + + [ Changelog ] + + * d/tests/usage: add more scenarios to dep8 tests + * d/control: drop strict dependency on python3-pkg-resources (LP: #2083665) + * d/rules: add conditional python3-pkg-resources dependency up to noble + * New upstream release 35: (LP: #2083973) + - api: + + new endpoints: + * u.pro.attach.guest.get_guest_token.v1: Get the Pro client guest + token + * u.pro.security.cves.v1: List the fixable CVEs that affect the system + + u.pro.packages.updates.v1: create new package status: + upgrade_available_not_preferred (GH: #3184) + + fixes for u.unattended_upgrades.status.v1: + * do not crash when a Unattended-Upgrade config is missing + * do not report unattended-upgrade disabled if any config is false + * report missing Unattended-Upgrade configs as turned off + - apt: + + always ensure the ESM cache is present (GH: #3132) + + silence warnings when fetching apt-news (GH: #3209, LP: #2070095) + + update logging for apt errors (GH: #3299) + + only run the apt upgrade hook when run as root (LP: #2084677) + - auto-attach: + + aws: skip operation if no product codes found + + gcp: add minimal image license codes + - cli: + + add support for vulnerability commands: + * pro cves: List cves in the machine + * pro cve: Show information about a specific cve + + deduplicate entries in 'pro help' output (LP: #2091327) + - config: add option lxd_guest_attach to control LXD integration with Pro + - contract: + + check onlySeries on reboot (GH: #3189) + + collect cpu type for activity info + - landscape: + + update message if service not available through Pro (GH: #3331) + - livepatch: do not enable livepatch on wsl (GH: #3156) + - lxd: allow pro auto-attach to work on a LXD container + + -- Renan Rodrigo <[email protected]> Thu, 20 Feb 2025 + 12:00:14 -0300 + + ubuntu-advantage-tools (34.1.3) plucky; urgency=medium + + * apt-hook: set C++ standards version to c++17 for APT 2.9.30 compatibility + (LP: #2098862) + * tests: remove argparse error tests from unit tests (LP: #2098862) + + -- Renan Rodrigo <[email protected]> Wed, 19 Feb 2025 + 11:53:40 -0300 + + ubuntu-advantage-tools (34.1.2build1) plucky; urgency=high + + * No change rebuild against libapt-pkg7.0. + + -- Julian Andres Klode <[email protected]> Mon, 17 Feb 2025 22:47:04 + +0100 + + ubuntu-advantage-tools (34.1.2) oracular; urgency=medium + + * check-versions-are-consistent.py: fix regexp to cope with X.Y.Z version + formats + * version.py: bump to 34.1.2 + + -- Andreas Hasenack <[email protected]> Fri, 04 Oct 2024 17:06:07 + -0300 + + ubuntu-advantage-tools (34.1.1) oracular; urgency=medium + + * Bump version.py. + + -- Robie Basak <[email protected]> Fri, 04 Oct 2024 20:34:56 + +0100 + + ubuntu-advantage-tools (34.1) oracular; urgency=medium + + * Drop direct dependency on python3-pkg-resources to resolve priority + mismatch (LP: #2083665) + + -- Robie Basak <[email protected]> Fri, 04 Oct 2024 17:51:47 + +0100 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083973 Title: [SRU] ubuntu-advantage-tools (34 -> 35) Xenial, Bionic, Focal, Jammy, Noble, Oracular To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2083973/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
