[ Impact ]
This release brings both bug-fixes and new features for the Pro Client, and we would like to make sure all of our supported customers have access to these improvements on all releases.
The most important changes are:
- rename ubuntu-advantage-tools to ubuntu-pro-client
- rename ubuntu-advantage-pro to ubuntu-pro-image-auto-attach
- introduce new ubuntu_pro_apt_news apparmor policy
- api:
+ u.pro.attach.auto.full_auto_attach.v1: new cloud_override param
+ u.pro.status.enabled_services.v1:
* include services in "warning" state
* include "usg"
- enable:
+ use deb822 apt source file format when on noble or later
- landscape:
+ don't disable landscape on ubuntu releases where it is not
enable-able (GH: #2743)
+ no longer assume landscape-client gets removed on disable (GH: #2840)
+ leave client.conf in place instead of renaming
See the changelog entry below for a full list of changes and bugs.
[ Test Plan ]
The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
The Pro Client developers will be in charge of attaching the artifacts of the appropriate test runs to the bug, and will not mark ‘verification-done’ until this has happened.
Besides the full integration test runs, manual tests were executed to verify bugs:
- LP: #2019997
- LP: #2021988
Additional testing will also be done for the binary package rename transition and the deb822 transition.
## Test Plan for binary package rename:
### Assumptions
- ubuntu-minimal or ubuntu-cloud-minimal is installed everywhere
- these have “Depends: ubuntu-advantage-tools”
### One-time testing for this SRU
Many of these will be scripted and the log of the script will be manually reviewed.
- For each ubuntu release (xenial, bionic, focal, jammy, mantic, noble - note noble will behave differently after seed is updated to u-p-c):
- `apt install ubuntu-pro-client=31 ubuntu-advantage-tools- ubuntu-minimal`
- Should refuse
- For each of the following upgrade methods: pro attach in a container, then upgrade, then "apt autoremove", then check that ESM is still enabled, u-a-t is 31 and u-p-c is 31
- apt install ubuntu-advantage-tools
- apt install ubuntu-pro-client
- apt install ubuntu-pro-client=31
- apt upgrade
- apt dist-upgrade
- Default desktop GUI upgrade
- For each ubuntu release (xenial, bionic, focal, jammy, mantic, noble)
- upgrade to v31, then apt reinstall ubuntu-advantage-tools
- For each cloud pro image: (aws, azure, gcp) x (xenial, bionic, focal, jammy):
- Boot and allow auto-attach to finish with current package (ubuntu-advantage-pro)
- apt upgrade
- Verify that ubuntu-pro-auto-attach is now installed
- pro detach
- Reboot
- Verify that auto-attach works with new package
### After the SRU and the noble seed is updated one time test
- For jammy->noble and mantic->noble:
- Will need to enable -proposed
- For each of the following release upgrade methods: pro attach in a container, then release-upgrade, then check that ESM is still enabled, u-a-t is 31 and u-p-c is 31
- do-release-upgrade (start from <= 30 and let the tool do the apt upgrade)
- Default desktop GUI release-upgrade
### Ongoing regression tests that we added to our behave test suite
- Install u-a-t and verify that it brings with it an up-to-date u-p-c
- Install ubuntu-advantage-pro and verify that it brings with it an up-to-date ubuntu-pro-auto-attach
#### Test cases we will add after the noble seed is updated to ubuntu-pro-client
- After `apt install ubuntu-pro-client`, remove u-a-t and ensure things still work
### Cases/Variables we’re purposefully ignoring
- Different architectures
- Nothing about the rename transition is related to the architecture
- Apt-get upgrade
- This will refuse to install new packages such as u-p-c
- Really old versions of u-a-t (< 27) upgrading directly to u-p-c
### Scenarios that may lead to issues but are unsupported
Test these once so we know what happens and can include some notes in the SRU bug, but otherwise don’t worry about them.
- On jammy, with u-a-t on version 30
- pro attach
- Change sources.list to noble
- apt full-upgrade
- apt autoremove
- This might disable ESM
- `apt install ubuntu-pro-client-31.deb` when u-a-t 31 is not available from an apt source
- This will remove ubuntu-minimal and disable ESM
[ Where problems could occur ]
In order to mitigate the regression potential of the changes in this version, the results of the integration tests suite runs are attached to this bug.
Other considerations not covered by the integration test suite are:
* deb822
- we now support two different APT source formats. If they are not equivalent
in outcome, we could've introduced odd bugs where things only break when
one of the formats is in use
- we are transitioning jammy/mantic users to deb822 after a
do-release-upgrade. If something goes wrong, they may get stuck with the
old format, which may cause warnings in APT in the future.
* package rename transition
- if we fail to properly support compatibility with old documentation,
existing automations that use `apt install ubuntu-advantage-tools` to
update pro-client will stop working
- if u-a-t <31 gets removed and ESM was enabled, then the prerm script will
effectively disable ESM
* apparmor
- if the new apparmor profile (or the new restrictions in apt-news.service)
prevent APT news from working, then users will not see APT news
* other
- we're collecting more logs and auto-uploading them with bug reports, if we
made a mistake then these logs may include sensitive information
unnecessarily
- many maintscripts were changed, if we made a mistake, upgrades could be
broken
- we fixed bugs in the enabled_services.v1 API function, which we consider
backwards compatible. If someone was relying on the incorrect output, they
could be broken by getting the correct output.
[ Changelog ]
* d/*:
- rename ubuntu-advantage-tools to ubuntu-pro-client
- rename ubuntu-advantage-pro to ubuntu-pro-image-auto-attach
* d/apparmor:
- introduce new ubuntu_pro_apt_news apparmor policy
* d/control:
- update descriptions and homepages
- update ubuntu-pro-client-l10n to Depend on same binary version
of ubuntu-pro-client
* d/rules:
- install ubuntu_pro_apt_news apparmor policy
* d/ubuntu-pro-client.prerm:
- removed dependency on python3 by reimplementing in sh (LP: #2021988)
* apport:
- collect logs related to ubuntu_pro_apt_news apparmor policy
* release-upgrades.d/ubuntu-advantage-upgrades.cfg:
- convert APT list files to deb822 files when upgrading to noble
* systemd/apt-news.service:
- add apparmor profile and capability restrictions
* New upstream release 31 (LP: #2048921)
- api:
+ u.pro.attach.auto.full_auto_attach.v1: new cloud_override param
+ u.pro.status.enabled_services.v1:
* include services in "warning" state
* include "usg"
+ u.pro.security.fix.*.plan.v1: export common objects from
endpoint modules (GH: #2714)
- cli:
+ add autocomplete for api subcommand
+ autocomplete multiple services for enable/disable subcommands
+ if lock is held, cli will retry over the course of a few seconds
- collect-logs:
+ include logs related to ubuntu_pro_apt_news apparmor policy
+ include logs of apt-news.service
+ include logs of esm-cache.service
- enable:
+ use deb822 apt source file format when on noble or later
- fix:
+ avoid insinuating that CVEs were found on the machine (GH: #1522)
+ ignore LSNs when considering related USNs
+ pick CVE description based on what packages are installed
- landscape:
+ don't disable landscape on ubuntu releases where it is not
enable-able (GH: #2743)
+ no longer assume landscape-client gets removed on disable (GH: #2840)
+ leave client.conf in place instead of renaming
+ require service to be running to consider "enabled"
+ new explanatory message when disabling
- motd: properly pluralize messages about updates (GH: #1579)
- status: show warning when canonical-livepatch command fails
(LP: #2019997)
- timer jobs: jobs-status.json is now world readable (GH: #2601)
This bug was fixed in the package ubuntu-
---------------
ubuntu-
* fix unit test that failed on newer version of python
-- Grant Orndorff <email address hidden> Wed, 14 Feb 2024 13:51:44 -0500