| 2024-06-13 03:18:05 |
Renan Rodrigo |
bug |
|
|
added bug |
| 2024-06-13 19:01:56 |
Renan Rodrigo |
description |
[ Impact ]
This release brings both bug-fixes and new features for the Pro Client, and we would like to make sure all of our supported customers have access to these improvements on all releases.
The most important changes are:
<TODO>
See the changelog entry below for a full list of changes and bugs.
[ Test Plan ]
The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
The Pro Client developers will be in charge of attaching the artifacts of the appropriate test runs to the bug, and will not mark ‘verification-done’ until this has happened.
Besides the full integration test runs, manual tests were executed to verify bugs:
<TODO>
[ Where problems could occur ]
In order to mitigate the regression potential of the changes in this version, the results of the integration tests suite runs are attached to this bug.
Other considerations not covered by the integration test suite are:
* Think about what the upload changes in the software. Imagine the change is wrong or breaks something else: how would this show up?
* This must '''never''' be "None" or "Low", or entirely an argument as to why your upload is low risk.
* This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU.
[ Other Info ]
* Anything else you think is useful to include
* Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board and address these questions in advance
[ Changelog ]
<TODO> |
[ Impact ]
This release brings both bug-fixes and new features for the Pro Client, and we would like to make sure all of our supported customers have access to these improvements on all releases.
The most important changes are:
- Some contracts now carry a restriction - they are valid only for a specific series. This new version of the client ensures that behavior, by blocking attachment on different series, and detaching on non-compliant scenarios.
- Now we are auto-selecting package updates when enabling FIPS based on what is installed in the system and what is available in the repository, rather than using hardcoded lists of packages, by default on J/N and as opt-in in X/B/F
- We are automatically selecting the raspi variant of Realtime Kernel when enabling the service on Raspberry Pi 4 and 5.
See the changelog entry below for a full list of changes and bugs.
[ Test Plan ]
The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates
The Pro Client developers will be in charge of attaching the artifacts of the appropriate test runs to the bug, and will not mark ‘verification-done’ until this has happened.
[ Where problems could occur ]
In order to mitigate the regression potential of the changes in this version, the results of the integration tests suite runs are attached to this bug.
Other considerations are:
- Although this version brings a fix from a previous hotfix on Apparmor profiles, we may be missing other problems and denials which may happen. We keep an eye on bug reports for anything apparmor related and have released hotfixes in the past for known cases, always guaranteeing to cover the new scenario in acceptance tests.
- The support for beta services was removed in this version, because it was far from ideal from an implementation standpoint, and we have no beta services at the moment. If a beta service appears in the future, the functionality would have to be reimplemented, but we have communicated that such services should be planned in advance so we can work on the engineering side. To ensure compatibility with older releases, anything beta-related is accepted (and then ignored) when running CLI commands.
- Now, instead of hardcoding a list of packages to install when enabling FIPS, we are installing/upgrading packages based on their presence in the system, checking for candidates with python3-apt. Of course, if any mistake was made here, we may be leaving systems with a wrong package set for FIPS. To avoid that, we have extensive integration testing in the acceptance suite. Besides that, even doing it right *may* cause the package list to be different somehow based on the dynamic updates to the PPAs (this does not happen to FIPS, but may happen to FIPS Updates / Preview). To avoid this kind of situation, we made the feature enabled by default only on Jammy+ (where we could test and verify the package sets match), and made it opt-in for Xenial, Bionic, Focal.
- We are now auto-selecting variants when no --variant flag is passed by the user. We in fact always did that, but we auto-selected a hardcoded default, which was not ideal for every scenario. Now we have platform checks to determine a variant. We made it explicit to users by adding an extra prompt when enabling. The raspi variant is the first one to be auto-selected on systems where it should be default (Raspberry Pi 4 and 5), but further may come in the future. Auto-selecting the wrong variant may break the user's system, as this kind of change is hard to revert. However, we believe our new mechanism will cause *less* errors, and not more, given the hardcoded generic kernel would be wrong for many systems anyway. We are in touch with the RT Kernel developers, and have tests on our suite to guarantee functionality.
[ Other Info ]
Many changes in this release are refactors, test improvements, among other code-quality improvement changes. So there are many commits that don't bring functionality changes.
[ Changelog ]
ubuntu-advantage-tools (33) oracular; urgency=medium
* d/apparmor: adjust the esm_cache apparmor profile to allow reading of dpkg
data directory (LP: #2067810) (GH: #3137)
* New upstream release 33 (LP: #2069237)
- apt: use Python bindings instead of apt CLI to query for installed
packages (LP: #2060769) (LP: #2068744)
- beta: drop support for beta services
- contracts: add support for contracts which target a specific series
- fips: change enable functionality to ensure all packages with a FIPS
candidate are upgraded to the FIPS version (GH: #2667)
- fix:
+ add the current_status field to the plan api return object
+ change recommended attach method to magic attach (GH: #3040)
- livepatch: prefer the term 'coverage' instead of 'support' in messaging
(GH: #3063)
- realtime:
+ auto-select the raspi variant when appropriate
+ inform the user when auto-selecting a variant |
|
| 2024-06-14 01:59:58 |
Renan Rodrigo |
summary |
[SRU] ubuntu-advantage-tools (32.3 -> 33) Xenial, Bionic, Focal, Jammy, Mantic, Noble |
[SRU] ubuntu-advantage-tools (32.3 -> 33) Xenial, Bionic, Focal, Jammy, Noble |
|
| 2024-07-05 00:05:45 |
Launchpad Janitor |
ubuntu-advantage-tools (Ubuntu): status |
New |
Fix Released |
|
| 2024-07-08 11:29:18 |
Robie Basak |
ubuntu-advantage-tools (Ubuntu Noble): status |
New |
Fix Committed |
|
| 2024-07-08 11:29:19 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2024-07-08 11:29:20 |
Robie Basak |
bug |
|
|
added subscriber SRU Verification |
| 2024-07-08 11:29:22 |
Robie Basak |
tags |
|
verification-needed verification-needed-noble |
|
| 2024-07-08 11:33:27 |
Robie Basak |
ubuntu-advantage-tools (Ubuntu Jammy): status |
New |
Fix Committed |
|
| 2024-07-08 11:33:30 |
Robie Basak |
tags |
verification-needed verification-needed-noble |
verification-needed verification-needed-jammy verification-needed-noble |
|
| 2024-07-08 11:34:14 |
Robie Basak |
ubuntu-advantage-tools (Ubuntu Focal): status |
New |
Fix Committed |
|
| 2024-07-08 11:34:17 |
Robie Basak |
tags |
verification-needed verification-needed-jammy verification-needed-noble |
verification-needed verification-needed-focal verification-needed-jammy verification-needed-noble |
|
| 2024-07-08 11:35:01 |
Robie Basak |
ubuntu-advantage-tools (Ubuntu Bionic): status |
New |
Fix Committed |
|
| 2024-07-08 11:35:05 |
Robie Basak |
tags |
verification-needed verification-needed-focal verification-needed-jammy verification-needed-noble |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-noble |
|
| 2024-07-08 11:36:05 |
Robie Basak |
ubuntu-advantage-tools (Ubuntu Xenial): status |
New |
Fix Committed |
|
| 2024-07-08 11:36:07 |
Robie Basak |
tags |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-noble |
verification-needed verification-needed-bionic verification-needed-focal verification-needed-jammy verification-needed-noble verification-needed-xenial |
|
