trusty verification, test case (3) Both start from fresh trusty minimal with no u-a-t installed a) u-a-t updates -> enable esm -> upgrade proposed b) u-a-t proposed -> attach The u-a-t package from updates that was used is: 10ubuntu0.14.04.4 The u-a-t package from proposed that was used is: 19.6~ubuntu14.04.2 1) Output of diff -uNr /tank/trusty-3{a,b}/etc/apt. An explanation follows each hunk: --- /tank/trusty-3a/etc/apt/auth.conf.d/90ubuntu-advantage +++ /tank/trusty-3b/etc/apt/auth.conf.d/90ubuntu-advantage @@ -1 +1 @@ -machine esm.ubuntu.com/ login $user password $pass +machine esm.ubuntu.com/ login bearer password $reallylongpass Since (a) didn't run ua attach, but just upgraded to the proposed package, the credentials were not migrated to the new bearer token. ESM keeps working without this step, but "ua status" will say the machine is unattached. This is expected and explained in the last paragraph of the "[Other Info]" section in this SRU bug. --- /tank/trusty-3a/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list +++ /tank/trusty-3b/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list @@ -1,5 +1,4 @@ -deb https://esm.ubuntu.com/ubuntu trusty-security main -# deb-src https://esm.ubuntu.com/ubuntu trusty-security main - -deb https://esm.ubuntu.com/ubuntu trusty-updates main -# deb-src https://esm.ubuntu.com/ubuntu trusty-updates main +deb https://esm.ubuntu.com/ubuntu trusty-infra-security main +# deb-src https://esm.ubuntu.com/ubuntu trusty-infra-security main +deb https://esm.ubuntu.com/ubuntu trusty-infra-updates main +# deb-src https://esm.ubuntu.com/ubuntu trusty-infra-updates main Only an "ua attach" command will rewrite the esm pockets in the sources.list snippet to include the "infra" word. The old names, without "infra", will not be removed from the ESM server for trusty, so having step (a) keep using the old names isn't a problem. 2) File listing diff. An explanation follows each hunk: --- trusty-3a.list +++ trusty-3b.list @@ -13723,7 +13723,6 @@ /var/cache/apt/archives/sysv-rc_2.88dsf-41ubuntu6_all.deb /var/cache/apt/archives/tar_1.27.1-1_amd64.deb /var/cache/apt/archives/tzdata_2014b-1_all.deb -/var/cache/apt/archives/ubuntu-advantage-tools_10ubuntu0.14.04.4_all.deb /var/cache/apt/archives/ubuntu-advantage-tools_19.6~ubuntu14.04.2_amd64.deb /var/cache/apt/archives/ubuntu-keyring_2012.05.19_all.deb /var/cache/apt/archives/ucf_3.0027+nmu1_all.deb (b) didn't go through trusty-updates, therefore that package isn't cached. @@ -13765,10 +13764,10 @@ /var/lib/apt/lists/br.archive.ubuntu.com_ubuntu_dists_trusty-updates_InRelease /var/lib/apt/lists/br.archive.ubuntu.com_ubuntu_dists_trusty-updates_main_binary-amd64_Packages /var/lib/apt/lists/br.archive.ubuntu.com_ubuntu_dists_trusty-updates_main_i18n_Translation-en -/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-security_InRelease -/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-security_main_binary-amd64_Packages -/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-updates_InRelease -/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-updates_main_binary-amd64_Packages +/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-security_InRelease +/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-security_main_binary-amd64_Packages +/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-updates_InRelease +/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-updates_main_binary-amd64_Packages /var/lib/apt/lists/lock /var/lib/apt/lists/partial /var/lib/apt/mirrors (a) is still using the trusty pockets without the "infra" name, and (b), because it ran an "ua attach", that also runs "apt update", therefore the infra pockets are shown in apt's lists/ directory. @@ -14881,6 +14880,15 @@ /var/lib/systemd/deb-systemd-helper-enabled/rsyslog.service.dsh-also /var/lib/systemd/deb-systemd-helper-enabled/syslog.service /var/lib/ubuntu-advantage +/var/lib/ubuntu-advantage/machine-id +/var/lib/ubuntu-advantage/private +/var/lib/ubuntu-advantage/private/machine-access-cc-eal.json +/var/lib/ubuntu-advantage/private/machine-access-esm-infra.json +/var/lib/ubuntu-advantage/private/machine-access-fips.json +/var/lib/ubuntu-advantage/private/machine-access-fips-updates.json +/var/lib/ubuntu-advantage/private/machine-access-livepatch.json +/var/lib/ubuntu-advantage/private/machine-access-support.json +/var/lib/ubuntu-advantage/private/machine-token.json /var/lib/ubuntu-advantage/status.json /var/lib/ucf /var/lib/ucf/cache Since (b) ran "ua attach", that fully migrated that setup to the new client, which is then showing content in its data directory at /var/lib/ubuntu-advantage/. The (a) case did not run attach. I declare test case (3) as having succeeded.