Ubuntu
ubuntu-advantage-tools package

[SRU] ubuntu-advantage-tools (32.3 -> 33) Xenial, Bionic, Focal, Jammy, Noble

Bug #2069237 reported by Renan Rodrigo
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-advantage-tools (Ubuntu)
New
Undecided
Unassigned

Bug Description

[ Impact ]

This release brings both bug-fixes and new features for the Pro Client, and we would like to make sure all of our supported customers have access to these improvements on all releases.

The most important changes are:

- Some contracts now carry a restriction - they are valid only for a specific series. This new version of the client ensures that behavior, by blocking attachment on different series, and detaching on non-compliant scenarios.

- Now we are auto-selecting package updates when enabling FIPS based on what is installed in the system and what is available in the repository, rather than using hardcoded lists of packages, by default on J/N and as opt-in in X/B/F

- We are automatically selecting the raspi variant of Realtime Kernel when enabling the service on Raspberry Pi 4 and 5.

See the changelog entry below for a full list of changes and bugs.

[ Test Plan ]

The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates

The Pro Client developers will be in charge of attaching the artifacts of the appropriate test runs to the bug, and will not mark ‘verification-done’ until this has happened.

[ Where problems could occur ]

In order to mitigate the regression potential of the changes in this version, the results of the integration tests suite runs are attached to this bug.

Other considerations are:

- Although this version brings a fix from a previous hotfix on Apparmor profiles, we may be missing other problems and denials which may happen. We keep an eye on bug reports for anything apparmor related and have released hotfixes in the past for known cases, always guaranteeing to cover the new scenario in acceptance tests.

- The support for beta services was removed in this version, because it was far from ideal from an implementation standpoint, and we have no beta services at the moment. If a beta service appears in the future, the functionality would have to be reimplemented, but we have communicated that such services should be planned in advance so we can work on the engineering side. To ensure compatibility with older releases, anything beta-related is accepted (and then ignored) when running CLI commands.

- Now, instead of hardcoding a list of packages to install when enabling FIPS, we are installing/upgrading packages based on their presence in the system, checking for candidates with python3-apt. Of course, if any mistake was made here, we may be leaving systems with a wrong package set for FIPS. To avoid that, we have extensive integration testing in the acceptance suite. Besides that, even doing it right *may* cause the package list to be different somehow based on the dynamic updates to the PPAs (this does not happen to FIPS, but may happen to FIPS Updates / Preview). To avoid this kind of situation, we made the feature enabled by default only on Jammy+ (where we could test and verify the package sets match), and made it opt-in for Xenial, Bionic, Focal.

- We are now auto-selecting variants when no --variant flag is passed by the user. We in fact always did that, but we auto-selected a hardcoded default, which was not ideal for every scenario. Now we have platform checks to determine a variant. We made it explicit to users by adding an extra prompt when enabling. The raspi variant is the first one to be auto-selected on systems where it should be default (Raspberry Pi 4 and 5), but further may come in the future. Auto-selecting the wrong variant may break the user's system, as this kind of change is hard to revert. However, we believe our new mechanism will cause *less* errors, and not more, given the hardcoded generic kernel would be wrong for many systems anyway. We are in touch with the RT Kernel developers, and have tests on our suite to guarantee functionality.

[ Other Info ]

Many changes in this release are refactors, test improvements, among other code-quality improvement changes. So there are many commits that don't bring functionality changes.

[ Changelog ]

ubuntu-advantage-tools (33) oracular; urgency=medium

  * d/apparmor: adjust the esm_cache apparmor profile to allow reading of dpkg
    data directory (LP: #2067810) (GH: #3137)
  * New upstream release 33 (LP: #2069237)
    - apt: use Python bindings instead of apt CLI to query for installed
      packages (LP: #2060769) (LP: #2068744)
    - beta: drop support for beta services
    - contracts: add support for contracts which target a specific series
    - fips: change enable functionality to ensure all packages with a FIPS
      candidate are upgraded to the FIPS version (GH: #2667)
    - fix:
      + add the current_status field to the plan api return object
      + change recommended attach method to magic attach (GH: #3040)
    - livepatch: prefer the term 'coverage' instead of 'support' in messaging
      (GH: #3063)
    - realtime:
      + auto-select the raspi variant when appropriate
      + inform the user when auto-selecting a variant

See original description
Renan Rodrigo (renanrodrigo)
description: updated
Revision history for this message
Renan Rodrigo (renanrodrigo) wrote (last edit ):

Updated the title to remove Mantic from the releases list - we are not releasing there, because we aim for end of July as the date for v33 to be out and Mantic should be EOL when it happens.

There is a Mantic release candidate in the staging PPA, but no upload to mantic-proposed is expected.

summary: [SRU] ubuntu-advantage-tools (32.3 -> 33) Xenial, Bionic, Focal, Jammy,
- Mantic, Noble
+ Noble
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.