** Description changed: [ Impact ] This release brings both bug-fixes and new features for the Pro Client, and we would like to make sure all of our supported customers have access to these improvements on all releases. The most important change is: - We are adding support for the legacy services on Xenial: esm-legacy- infra and esm-legacy-apps, in preparation for the 16.04 EOL (EOL?) next cycle. [ Test Plan ] The following development and SRU process was followed: https://documentation.ubuntu.com/sru/en/latest/reference/exception-UbuntuAdvantageTools-Updates/ The Pro Client developers will be in charge of attaching the artifacts of the appropriate test runs to the bug, and will not mark ‘verification-done’ until this has happened. [ Where problems could occur ] - Adding esm-legacy services is not fully testable now, as Xenial is not legacy yet. It is tested on the staging environment though, and there are basic behave tests against production which are passing. However, fixes would happen mainly in the backend side - our experience from implementing this on Trusty gives us the confidence that only the service definition on the client side is enough, and that is the change we are introducing here. - There is a bugfix in this release for the scenario where the user is enabling fips[-updates|-preview] on the clouds. Before the change, it was telling users that the system would downgrade to the regular fips kernel, but the actual version would be the cloud-specific variant, which is often different. Now we show the correct information, but the solution depends on a couple assumptions: a) There is only one metapackage for each fips flavor on cloud VMs - There should not be more than one metapackage, as FIPS dependencies are all bundled there. If more than one would exist, we would have to implement it in the backend first, giving us visibility. If that happens under the hood (unlikely, but you know), the client code will fall back to the regular fips kernel - which is what it does today in all situations. - b) The kernel package should be called linux[-somewhing]-fips, and the corresponding metapackage is called ubuntu[-somewhing]-fips. + b) The kernel package should be called linux[-somewhing]-fips, and the corresponding metapackage is called ubuntu[-somewhing]-fips. - This is the naming convention the Kernel team uses for a while now (since Xenial at least) and is also unlikely to change. This change cannot be done under the hood: the contracts server MUST be updated because default package names are defined there. It's important to note that the functionality is not affected, and breaking these assumption will result in wrong messages to users when enabling the services - which again, is what we have today. - This release changes the logic used to wait for the APT lock after a do-release-upgrade. Mistakes in the implementation here would lead either to errors in the post-execution hook, not updating the services as expected, or never executing anything at all if we don't recognize the lock as released. To avoid these situations, we have passing integration tests with updates from all supported releases, and we had - Julian Klode ( + Julian Klode ([email protected]) review it as the APT expert. + + - There is a change to apparmor profiles to support the new rust- + coreutils. It is needed only on questing onward, but will be SRUed as we + keep the same codebase everywhere. We believe this won't imply in a + regression because it is loosening the profile instead of restricting + more. There is the risk of allowing things we would not want, but the + patch comes directly from the apparmor team, via Georgia Garcia + ([email protected]), which makes it more reliable. [ Changelog ] ubuntu-advantage-tools (37ubuntu0) questing; urgency=medium - * d/apparmor/ubuntu_pro_[apt_news|esm_cache].jinja2: update coreutils path - Thanks to Georgia Garcia <[email protected]> (LP: #2123870) - * New upstream release 37: (LP: #2125453) - - attach: don't show a notice if attaching a one-time token set for a - future release (GH: #3485) - - enable: add the --auto option to enable all default services based on - the contract - - entitlements: - + add esm-infra-legacy support - + add esm-apps-legacy support - - fips: show correct kernel versions when downgrading on clouds (GH: #3488) - - upgrade-lts-contract: (LP: #2107604) - + remove implicit dependency on lsof - + fix the logic to hold the apt lock while performing operations + * d/apparmor/ubuntu_pro_[apt_news|esm_cache].jinja2: update coreutils path + Thanks to Georgia Garcia <[email protected]> (LP: #2123870) + * New upstream release 37: (LP: #2125453) + - attach: don't show a notice if attaching a one-time token set for a + future release (GH: #3485) + - enable: add the --auto option to enable all default services based on + the contract + - entitlements: + + add esm-infra-legacy support + + add esm-apps-legacy support + - fips: show correct kernel versions when downgrading on clouds (GH: #3488) + - upgrade-lts-contract: (LP: #2107604) + + remove implicit dependency on lsof + + fix the logic to hold the apt lock while performing operations
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2125453 Title: [SRU] ubuntu-advantage-tools (36 -> 37) Xenial, Bionic, Focal, Jammy, Noble, Plucky To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2125453/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
