[SRU] ubuntu-advantage-tools (34 -> 35) Xenial, Bionic, Focal, Jammy, Noble, Oracular

[ Impact ]

This release brings both bug-fixes and new features for the Pro Client, and we would like to make sure all of our supported customers have access to these improvements on all releases.

The most important changes are:

- We are introducing API and CLI features that allow users to visualize the vulnerability issues (CVEs/USNs) that affects machine.

  For the API, we are introducing three new endpoints:

  * u.pro.security.vulnerabilities.cve.v1: Show the fixable CVEs that affects the machine
  * u.pro.security.vulnerabilities.usn.v1: Show the fixable USNs that affects the machine
  * u.pro.package.updates_with_cves.v1: Show the available package updates and the CVEs that these updates would fix

  For the CLI commands, we are also introducing three new commands:

  * pro vulnerability list: Show the fixable CVEs in the system
  * pro vulnerability show: Show information about an affected vulnerability issue in the machine
  * pro update: Update the vulnerability data in the machine

  All of these commands also support a manifest file as input. Today, the only manifest file format we support is the created by the Pro client through: u.security.package_manifest.v1

- We are now supporting for pro auto-attach on LXD container/VMs. If the host is attached to a Pro subscription, running pro auto-attach on the LXD container/VM should also attach it to the Pro subscription used by the host.

  We are also introducing a configuration that allow user to specify if all LXD container/VMs should auto-attach on boot or not.

- We are introducing several new API endpoints to provide information about Pro:

  * u.pro.config.v1: Show the Pro configuration in the machine
  * u.pro.subscription.v1: Show information about the Pro subscription
    in the machine
  * u.pro.status.notices.v1: Show the active Pro notices in the machine
  * u.pro.token_info.v1: Show the Pro token information
  * u.pro.services.list.v1: Show the services provided by Pro

[ Test Plan ]

The following development and SRU process was followed:
https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates

The Pro Client developers will be in charge of attaching the artifacts of the appropriate test runs to the bug, and will not mark ‘verification-done’ until this has happened.

[ Where problems could occur ]

In order to mitigate the regression potential of the changes in this version, the results of the integration tests suite runs are attached to this bug.

Other considerations are:

- We are adding new dep8 tests for this Pro release. The main goal of those tests is to spot any problems on python3-apt related changes, as the test rely heavily on that package functionality to work. Those tests could cause package breakages we have not anticipated.

- We have refactored the enforcement of tthe onlySeries contract directice. This directive states that some contracts should only be valid on certain ubuntu releases. Since a ubuntu release can only really fully change after a reboot, we are now only checking the onlySeries ubuntu release requirement on reboot.

- We are now guaranteeing that our ESM cache exis...

Comment #1 is now stale, as the release changeset has changed. The bug description has the correct text for the SRU purposes.

This bug was fixed in the package ubuntu-advantage-tools - 35

---------------
ubuntu-advantage-tools (35) plucky; urgency=medium

  * d/tests/usage: add more scenarios to dep8 tests
  * d/control: drop strict dependency on python3-pkg-resources (LP: #2083665)
  * d/rules: add conditional python3-pkg-resources dependency up to noble
  * d/ubuntu-pro-client.postrm: remove /var/lib/ubuntu-pro cache dir on purge
  * New upstream release 35: (LP: #2083973)
    - api:
      + new endpoints:
        * u.pro.attach.guest.get_guest_token.v1: Get the Pro client guest
          token
        * u.pro.security.cves.v1: List the fixable CVEs that affect the system
      + u.pro.packages.updates.v1: create new package status:
        upgrade_available_not_preferred (GH: #3184)
      + fixes for u.unattended_upgrades.status.v1:
        * do not crash when a Unattended-Upgrade config is missing
        * do not report unattended-upgrade disabled if any config is false
        * report missing Unattended-Upgrade configs as turned off
    - apt:
      + always ensure the ESM cache is present (GH: #3132)
      + fix permission warning when fetching apt-news (GH: #3209, LP: #2070095)
      + update logging for apt errors (GH: #3299)
      + only run the apt upgrade hook when run as root (LP: #2084677)
    - auto-attach:
      + aws: skip operation if no product codes found
      + gcp: add minimal image license codes
    - cli:
      + add support for vulnerability commands:
        * pro cves: List cves in the machine
        * pro cve: Show information about a specific cve
      + deduplicate entries in 'pro help' output (LP: #2091327)
    - config: add option lxd_guest_attach to control LXD integration with Pro
    - contract:
      + check onlySeries on reboot (GH: #3189)
      + collect cpu type for activity info
    - landscape:
      + update message if service not available through Pro (GH: #3331)
    - livepatch: do not enable livepatch on wsl (GH: #3156)
    - lxd: allow pro auto-attach to work on a LXD container

 -- Renan Rodrigo <email address hidden> Thu, 20 Feb 2025 12:00:14 -0300

Hello Lucas, or anyone else affected,

Accepted ubuntu-advantage-tools into oracular-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/35~24.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-oracular to verification-done-oracular. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-oracular. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted ubuntu-advantage-tools into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/35~24.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted ubuntu-advantage-tools into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/35~22.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted ubuntu-advantage-tools into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/35~20.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted ubuntu-advantage-tools into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/35~18.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted ubuntu-advantage-tools into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/35~16.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted ubuntu-advantage-tools (35~16.04) for xenial have finished running.
The following regressions have been reported in tests triggered by the package:

ubuntu-advantage-tools/unknown (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/xenial/update_excuses.html#ubuntu-advantage-tools

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted ubuntu-advantage-tools (35~18.04) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

ubuntu-advantage-tools/unknown (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#ubuntu-advantage-tools

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted ubuntu-advantage-tools (35~24.04) for noble have finished running.
The following regressions have been reported in tests triggered by the package:

software-properties/unknown (s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/noble/update_excuses.html#ubuntu-advantage-tools

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Hello Lucas, or anyone else affected,

Accepted ubuntu-advantage-tools into oracular-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/35.1ubuntu0~24.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-oracular to verification-done-oracular. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-oracular. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted ubuntu-advantage-tools into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/35.1ubuntu0~24.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted ubuntu-advantage-tools into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/35.1ubuntu0~22.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted ubuntu-advantage-tools into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/35.1ubuntu0~20.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted ubuntu-advantage-tools into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/35.1ubuntu0~18.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Lucas, or anyone else affected,

Accepted ubuntu-advantage-tools into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/35.1ubuntu0~16.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted ubuntu-advantage-tools (35.1ubuntu0~16.04) for xenial have finished running.
The following regressions have been reported in tests triggered by the package:

ubuntu-advantage-tools/unknown (arm64, armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/xenial/update_excuses.html#ubuntu-advantage-tools

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted ubuntu-advantage-tools (35.1ubuntu0~24.10) for oracular have finished running.
The following regressions have been reported in tests triggered by the package:

software-properties/unknown (arm64, armhf, i386, ppc64el)
ubuntu-advantage-tools/unknown (amd64, armhf, ppc64el)
update-motd/unknown (arm64, armhf)
wsl-pro-service/unknown (arm64, ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/oracular/update_excuses.html#ubuntu-advantage-tools

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted ubuntu-advantage-tools (35.1ubuntu0~20.04) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

software-properties/unknown (armhf, ppc64el)
ubuntu-advantage-tools/unknown (amd64, arm64, armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#ubuntu-advantage-tools

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted ubuntu-advantage-tools (35.1ubuntu0~22.04) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

software-properties/unknown (amd64, arm64, armhf, i386)
ubuntu-advantage-tools/unknown (arm64, armhf, ppc64el)
update-motd/unknown (arm64, armhf, ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#ubuntu-advantage-tools

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted ubuntu-advantage-tools (35.1ubuntu0~18.04) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

ubuntu-advantage-tools/unknown (arm64, armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#ubuntu-advantage-tools

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

All autopkgtests for the newly accepted ubuntu-advantage-tools (35.1ubuntu0~24.04) for noble have finished running.
The following regressions have been reported in tests triggered by the package:

software-properties/unknown (amd64, arm64, armhf, i386)
ubuntu-advantage-tools/unknown (arm64, armhf, ppc64el)
update-manager/unknown (amd64, arm64, armhf, ppc64el, s390x)
update-motd/unknown (arm64, armhf, s390x)
wsl-pro-service/0.1.4 (amd64)
wsl-pro-service/unknown (arm64, armhf, ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/noble/update_excuses.html#ubuntu-advantage-tools

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

We have run the full ubuntu-advantage-tools integration test suite against version 35, while it was in -proposed. The results are attached. Some of the tests failed, and the explanation for those is detailed below.

You can verify the correct version was used by checking the output of the first test in each file, which prints the version number.

I am marking the verification done for this particular bug.

Failed tests:

1. Several tests have failed due to the known outage of the Security API. Those are flaky as they depend on the API to respond properly. We have manually checked some of those results and have made sure it works when the API works. This is a problem already present in the current version of the Pro Client, so not considered a regression for the purpose of this SRU.
List of failing tests:
Xenial VM:
- features/fix.feature:611 Fix command on an unattached machine
Xenial LXD:
- features/fix.feature:610 Fix command on an unattached machine
- features/api/fix_execute.feature:185 Fix execute command on invalid CVEs/USNs
- features/api/fix_execute.feature:1115 Fix execute API command on a Xenial machine
- features/api/fix_plan.feature:177 Fix command on an unattached machine
- features/api/fix_plan.feature:1889 Fix command on an unattached machine
Bionic WSL:
- features/fix.feature:918 Fix command on an unattached machine
Focal WSL:
- features/fix.feature:226 Fix command on an unattached machine
Bug: https://github.com/canonical/ubuntu-com-security-api/issues/165

2. Focal VM tests which include enabling the FIPS service when secure-boot is turned on started to fail now. This is not related to the client: images are actually broken and can't be fixed, as the FIPS package versions are pinned, and the shim version present in Focal got revoked. I have manually checked and disabling secure boot before running those particular tests make them pass.
List of failing tests:
Focal VM
- features/enable_fips_vm.feature:131 Attached enable of FIPS in an ubuntu lxd vm
- features/enable_fips_vm.feature:293 Attached enable fips-updates on fips enabled vm
- features/cli/disable.feature:317 Disable and purge fips
- features/cli/disable.feature:351 Disable does not purge if no other kernel found
Bug: https://github.com/canonical/ubuntu-pro-client/issues/3420

3. A bug in pycloudlib image selection causes fips-updates instances to be created for Focal, making the FIPS test fail. I have manually checked and using the fips instance the test passes. I have sent a PR to pycloudlib to fix the issue, and opened a bug against the Pro Client to make sure to cover both FIPS and FIPS-Updates testing where available on the clouds.
List of failing tests:
Focal VM
- features/ubuntu_pro_fips.feature:151
Bug: https://github.com/canonical/ubuntu-pro-client/issues/3415
Pycloudlib PR: https://github.com/canonical/pycloudlib/pull/483

4. A race condition (a race we lost here) with LXD makes the auto-attach feature we are shipping here not to work out of the box. We have created a separate LP issue for that, and have updated the version in -proposed to 35.1ubuntu0 to fix it. Verification of that bug (and for that version) will be done separately, and tracked ...

This bug was fixed in the package ubuntu-advantage-tools - 35.1ubuntu0~24.10

---------------
ubuntu-advantage-tools (35.1ubuntu0~24.10) oracular; urgency=medium

  * Backport 35.1ubuntu0 to oracular (LP: #2106660)

ubuntu-advantage-tools (35.1ubuntu0) plucky; urgency=medium

  * apt: support ESM snapshots by adding snapshot URLs for ESM repositories
    to the authentication file (released in version 35)
  * lxd: store the configuration in /var/lib/ubuntu-advantage instead of
    /var/lib/ubuntu-pro (LP: #2106660)

ubuntu-advantage-tools (35) plucky; urgency=medium

  * d/tests/usage: add more scenarios to dep8 tests
  * d/control: drop strict dependency on python3-pkg-resources (LP: #2083665)
  * d/rules: add conditional python3-pkg-resources dependency up to noble
  * d/ubuntu-pro-client.postrm: remove /var/lib/ubuntu-pro cache dir on purge
  * New upstream release 35: (LP: #2083973)
    - api:
      + new endpoints:
        * u.pro.attach.guest.get_guest_token.v1: Get the Pro client guest
          token
        * u.pro.security.cves.v1: List the fixable CVEs that affect the system
      + u.pro.packages.updates.v1: create new package status:
        upgrade_available_not_preferred (GH: #3184)
      + fixes for u.unattended_upgrades.status.v1:
        * do not crash when a Unattended-Upgrade config is missing
        * do not report unattended-upgrade disabled if any config is false
        * report missing Unattended-Upgrade configs as turned off
    - apt:
      + always ensure the ESM cache is present (GH: #3132)
      + fix permission warning when fetching apt-news (GH: #3209, LP: #2070095)
      + update logging for apt errors (GH: #3299)
      + only run the apt upgrade hook when run as root (LP: #2084677)
    - auto-attach:
      + aws: skip operation if no product codes found
      + gcp: add minimal image license codes
    - cli:
      + add support for vulnerability commands:
        * pro cves: List cves in the machine
        * pro cve: Show information about a specific cve
      + deduplicate entries in 'pro help' output (LP: #2091327)
    - config: add option lxd_guest_attach to control LXD integration with Pro
    - contract:
      + check onlySeries on reboot (GH: #3189)
      + collect cpu type for activity info
    - landscape:
      + update message if service not available through Pro (GH: #3331)
    - livepatch: do not enable livepatch on wsl (GH: #3156)
    - lxd: allow pro auto-attach to work on a LXD container

 -- Renan Rodrigo <email address hidden> Thu, 10 Apr 2025 10:38:44 -0300

The verification of the Stable Release Update for ubuntu-advantage-tools has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package ubuntu-advantage-tools - 35.1ubuntu0~24.04

---------------
ubuntu-advantage-tools (35.1ubuntu0~24.04) noble; urgency=medium

  * Backport 35.1ubuntu0 to noble (LP: #2106660)

ubuntu-advantage-tools (35.1ubuntu0) plucky; urgency=medium

  * apt: support ESM snapshots by adding snapshot URLs for ESM repositories
    to the authentication file (released in version 35)
  * lxd: store the configuration in /var/lib/ubuntu-advantage instead of
    /var/lib/ubuntu-pro (LP: #2106660)

ubuntu-advantage-tools (35) plucky; urgency=medium

  * d/tests/usage: add more scenarios to dep8 tests
  * d/control: drop strict dependency on python3-pkg-resources (LP: #2083665)
  * d/rules: add conditional python3-pkg-resources dependency up to noble
  * d/ubuntu-pro-client.postrm: remove /var/lib/ubuntu-pro cache dir on purge
  * New upstream release 35: (LP: #2083973)
    - api:
      + new endpoints:
        * u.pro.attach.guest.get_guest_token.v1: Get the Pro client guest
          token
        * u.pro.security.cves.v1: List the fixable CVEs that affect the system
      + u.pro.packages.updates.v1: create new package status:
        upgrade_available_not_preferred (GH: #3184)
      + fixes for u.unattended_upgrades.status.v1:
        * do not crash when a Unattended-Upgrade config is missing
        * do not report unattended-upgrade disabled if any config is false
        * report missing Unattended-Upgrade configs as turned off
    - apt:
      + always ensure the ESM cache is present (GH: #3132)
      + fix permission warning when fetching apt-news (GH: #3209, LP: #2070095)
      + update logging for apt errors (GH: #3299)
      + only run the apt upgrade hook when run as root (LP: #2084677)
    - auto-attach:
      + aws: skip operation if no product codes found
      + gcp: add minimal image license codes
    - cli:
      + add support for vulnerability commands:
        * pro cves: List cves in the machine
        * pro cve: Show information about a specific cve
      + deduplicate entries in 'pro help' output (LP: #2091327)
    - config: add option lxd_guest_attach to control LXD integration with Pro
    - contract:
      + check onlySeries on reboot (GH: #3189)
      + collect cpu type for activity info
    - landscape:
      + update message if service not available through Pro (GH: #3331)
    - livepatch: do not enable livepatch on wsl (GH: #3156)
    - lxd: allow pro auto-attach to work on a LXD container

ubuntu-advantage-tools (34.1.3) plucky; urgency=medium

  * apt-hook: set C++ standards version to c++17 for APT 2.9.30 compatibility
    (LP: #2098862)
  * tests: remove argparse error tests from unit tests (LP: #2098862)

ubuntu-advantage-tools (34.1.2build1) plucky; urgency=high

  * No change rebuild against libapt-pkg7.0.

ubuntu-advantage-tools (34.1.2) oracular; urgency=medium

  * check-versions-are-consistent.py: fix regexp to cope with X.Y.Z version
    formats
  * version.py: bump to 34.1.2

ubuntu-advantage-tools (34.1.1) oracular; urgency=medium

  * Bump version.py.

ubuntu-advantage-tools (34.1) oracular; urgency=medium

  * Drop direct dependency on python3-pkg-resources to resolve priority
    mis...

This bug was fixed in the package ubuntu-advantage-tools - 35.1ubuntu0~22.04

---------------
ubuntu-advantage-tools (35.1ubuntu0~22.04) jammy; urgency=medium

  * Backport 35.1ubuntu0 to jammy (LP: #2106660)

ubuntu-advantage-tools (35.1ubuntu0) plucky; urgency=medium

  * apt: support ESM snapshots by adding snapshot URLs for ESM repositories
    to the authentication file (released in version 35)
  * lxd: store the configuration in /var/lib/ubuntu-advantage instead of
    /var/lib/ubuntu-pro (LP: #2106660)

ubuntu-advantage-tools (35) plucky; urgency=medium

  * d/tests/usage: add more scenarios to dep8 tests
  * d/control: drop strict dependency on python3-pkg-resources (LP: #2083665)
  * d/rules: add conditional python3-pkg-resources dependency up to noble
  * d/ubuntu-pro-client.postrm: remove /var/lib/ubuntu-pro cache dir on purge
  * New upstream release 35: (LP: #2083973)
    - api:
      + new endpoints:
        * u.pro.attach.guest.get_guest_token.v1: Get the Pro client guest
          token
        * u.pro.security.cves.v1: List the fixable CVEs that affect the system
      + u.pro.packages.updates.v1: create new package status:
        upgrade_available_not_preferred (GH: #3184)
      + fixes for u.unattended_upgrades.status.v1:
        * do not crash when a Unattended-Upgrade config is missing
        * do not report unattended-upgrade disabled if any config is false
        * report missing Unattended-Upgrade configs as turned off
    - apt:
      + always ensure the ESM cache is present (GH: #3132)
      + fix permission warning when fetching apt-news (GH: #3209, LP: #2070095)
      + update logging for apt errors (GH: #3299)
      + only run the apt upgrade hook when run as root (LP: #2084677)
    - auto-attach:
      + aws: skip operation if no product codes found
      + gcp: add minimal image license codes
    - cli:
      + add support for vulnerability commands:
        * pro cves: List cves in the machine
        * pro cve: Show information about a specific cve
      + deduplicate entries in 'pro help' output (LP: #2091327)
    - config: add option lxd_guest_attach to control LXD integration with Pro
    - contract:
      + check onlySeries on reboot (GH: #3189)
      + collect cpu type for activity info
    - landscape:
      + update message if service not available through Pro (GH: #3331)
    - livepatch: do not enable livepatch on wsl (GH: #3156)
    - lxd: allow pro auto-attach to work on a LXD container

ubuntu-advantage-tools (34.1.3) plucky; urgency=medium

  * apt-hook: set C++ standards version to c++17 for APT 2.9.30 compatibility
    (LP: #2098862)
  * tests: remove argparse error tests from unit tests (LP: #2098862)

ubuntu-advantage-tools (34.1.2build1) plucky; urgency=high

  * No change rebuild against libapt-pkg7.0.

ubuntu-advantage-tools (34.1.2) oracular; urgency=medium

  * check-versions-are-consistent.py: fix regexp to cope with X.Y.Z version
    formats
  * version.py: bump to 34.1.2

ubuntu-advantage-tools (34.1.1) oracular; urgency=medium

  * Bump version.py.

ubuntu-advantage-tools (34.1) oracular; urgency=medium

  * Drop direct dependency on python3-pkg-resources to resolve priority
    mis...

This bug was fixed in the package ubuntu-advantage-tools - 35.1ubuntu0~20.04

---------------
ubuntu-advantage-tools (35.1ubuntu0~20.04) focal; urgency=medium

  * Backport 35.1ubuntu0 to focal (LP: #2106660)

ubuntu-advantage-tools (35.1ubuntu0) plucky; urgency=medium

  * apt: support ESM snapshots by adding snapshot URLs for ESM repositories
    to the authentication file (released in version 35)
  * lxd: store the configuration in /var/lib/ubuntu-advantage instead of
    /var/lib/ubuntu-pro (LP: #2106660)

ubuntu-advantage-tools (35) plucky; urgency=medium

  * d/tests/usage: add more scenarios to dep8 tests
  * d/control: drop strict dependency on python3-pkg-resources (LP: #2083665)
  * d/rules: add conditional python3-pkg-resources dependency up to noble
  * d/ubuntu-pro-client.postrm: remove /var/lib/ubuntu-pro cache dir on purge
  * New upstream release 35: (LP: #2083973)
    - api:
      + new endpoints:
        * u.pro.attach.guest.get_guest_token.v1: Get the Pro client guest
          token
        * u.pro.security.cves.v1: List the fixable CVEs that affect the system
      + u.pro.packages.updates.v1: create new package status:
        upgrade_available_not_preferred (GH: #3184)
      + fixes for u.unattended_upgrades.status.v1:
        * do not crash when a Unattended-Upgrade config is missing
        * do not report unattended-upgrade disabled if any config is false
        * report missing Unattended-Upgrade configs as turned off
    - apt:
      + always ensure the ESM cache is present (GH: #3132)
      + fix permission warning when fetching apt-news (GH: #3209, LP: #2070095)
      + update logging for apt errors (GH: #3299)
      + only run the apt upgrade hook when run as root (LP: #2084677)
    - auto-attach:
      + aws: skip operation if no product codes found
      + gcp: add minimal image license codes
    - cli:
      + add support for vulnerability commands:
        * pro cves: List cves in the machine
        * pro cve: Show information about a specific cve
      + deduplicate entries in 'pro help' output (LP: #2091327)
    - config: add option lxd_guest_attach to control LXD integration with Pro
    - contract:
      + check onlySeries on reboot (GH: #3189)
      + collect cpu type for activity info
    - landscape:
      + update message if service not available through Pro (GH: #3331)
    - livepatch: do not enable livepatch on wsl (GH: #3156)
    - lxd: allow pro auto-attach to work on a LXD container

ubuntu-advantage-tools (34.1.3) plucky; urgency=medium

  * apt-hook: set C++ standards version to c++17 for APT 2.9.30 compatibility
    (LP: #2098862)
  * tests: remove argparse error tests from unit tests (LP: #2098862)

ubuntu-advantage-tools (34.1.2build1) plucky; urgency=high

  * No change rebuild against libapt-pkg7.0.

ubuntu-advantage-tools (34.1.2) oracular; urgency=medium

  * check-versions-are-consistent.py: fix regexp to cope with X.Y.Z version
    formats
  * version.py: bump to 34.1.2

ubuntu-advantage-tools (34.1.1) oracular; urgency=medium

  * Bump version.py.

ubuntu-advantage-tools (34.1) oracular; urgency=medium

  * Drop direct dependency on python3-pkg-resources to resolve priority
    mis...

This bug was fixed in the package ubuntu-advantage-tools - 35.1ubuntu0~18.04

---------------
ubuntu-advantage-tools (35.1ubuntu0~18.04) bionic; urgency=medium

  * Backport 35.1ubuntu0 to bionic (LP: #2106660)

ubuntu-advantage-tools (35.1ubuntu0) plucky; urgency=medium

  * apt: support ESM snapshots by adding snapshot URLs for ESM repositories
    to the authentication file (released in version 35)
  * lxd: store the configuration in /var/lib/ubuntu-advantage instead of
    /var/lib/ubuntu-pro (LP: #2106660)

ubuntu-advantage-tools (35) plucky; urgency=medium

  * d/tests/usage: add more scenarios to dep8 tests
  * d/control: drop strict dependency on python3-pkg-resources (LP: #2083665)
  * d/rules: add conditional python3-pkg-resources dependency up to noble
  * d/ubuntu-pro-client.postrm: remove /var/lib/ubuntu-pro cache dir on purge
  * New upstream release 35: (LP: #2083973)
    - api:
      + new endpoints:
        * u.pro.attach.guest.get_guest_token.v1: Get the Pro client guest
          token
        * u.pro.security.cves.v1: List the fixable CVEs that affect the system
      + u.pro.packages.updates.v1: create new package status:
        upgrade_available_not_preferred (GH: #3184)
      + fixes for u.unattended_upgrades.status.v1:
        * do not crash when a Unattended-Upgrade config is missing
        * do not report unattended-upgrade disabled if any config is false
        * report missing Unattended-Upgrade configs as turned off
    - apt:
      + always ensure the ESM cache is present (GH: #3132)
      + fix permission warning when fetching apt-news (GH: #3209, LP: #2070095)
      + update logging for apt errors (GH: #3299)
      + only run the apt upgrade hook when run as root (LP: #2084677)
    - auto-attach:
      + aws: skip operation if no product codes found
      + gcp: add minimal image license codes
    - cli:
      + add support for vulnerability commands:
        * pro cves: List cves in the machine
        * pro cve: Show information about a specific cve
      + deduplicate entries in 'pro help' output (LP: #2091327)
    - config: add option lxd_guest_attach to control LXD integration with Pro
    - contract:
      + check onlySeries on reboot (GH: #3189)
      + collect cpu type for activity info
    - landscape:
      + update message if service not available through Pro (GH: #3331)
    - livepatch: do not enable livepatch on wsl (GH: #3156)
    - lxd: allow pro auto-attach to work on a LXD container

ubuntu-advantage-tools (34.1.3) plucky; urgency=medium

  * apt-hook: set C++ standards version to c++17 for APT 2.9.30 compatibility
    (LP: #2098862)
  * tests: remove argparse error tests from unit tests (LP: #2098862)

ubuntu-advantage-tools (34.1.2build1) plucky; urgency=high

  * No change rebuild against libapt-pkg7.0.

ubuntu-advantage-tools (34.1.2) oracular; urgency=medium

  * check-versions-are-consistent.py: fix regexp to cope with X.Y.Z version
    formats
  * version.py: bump to 34.1.2

ubuntu-advantage-tools (34.1.1) oracular; urgency=medium

  * Bump version.py.

ubuntu-advantage-tools (34.1) oracular; urgency=medium

  * Drop direct dependency on python3-pkg-resources to resolve priority
    m...

This bug was fixed in the package ubuntu-advantage-tools - 35.1ubuntu0~16.04

---------------
ubuntu-advantage-tools (35.1ubuntu0~16.04) xenial; urgency=medium

  * Backport 35.1ubuntu0 to xenial (LP: #2106660)

ubuntu-advantage-tools (35.1ubuntu0) plucky; urgency=medium

  * apt: support ESM snapshots by adding snapshot URLs for ESM repositories
    to the authentication file (released in version 35)
  * lxd: store the configuration in /var/lib/ubuntu-advantage instead of
    /var/lib/ubuntu-pro (LP: #2106660)

ubuntu-advantage-tools (35) plucky; urgency=medium

  * d/tests/usage: add more scenarios to dep8 tests
  * d/control: drop strict dependency on python3-pkg-resources (LP: #2083665)
  * d/rules: add conditional python3-pkg-resources dependency up to noble
  * d/ubuntu-pro-client.postrm: remove /var/lib/ubuntu-pro cache dir on purge
  * New upstream release 35: (LP: #2083973)
    - api:
      + new endpoints:
        * u.pro.attach.guest.get_guest_token.v1: Get the Pro client guest
          token
        * u.pro.security.cves.v1: List the fixable CVEs that affect the system
      + u.pro.packages.updates.v1: create new package status:
        upgrade_available_not_preferred (GH: #3184)
      + fixes for u.unattended_upgrades.status.v1:
        * do not crash when a Unattended-Upgrade config is missing
        * do not report unattended-upgrade disabled if any config is false
        * report missing Unattended-Upgrade configs as turned off
    - apt:
      + always ensure the ESM cache is present (GH: #3132)
      + fix permission warning when fetching apt-news (GH: #3209, LP: #2070095)
      + update logging for apt errors (GH: #3299)
      + only run the apt upgrade hook when run as root (LP: #2084677)
    - auto-attach:
      + aws: skip operation if no product codes found
      + gcp: add minimal image license codes
    - cli:
      + add support for vulnerability commands:
        * pro cves: List cves in the machine
        * pro cve: Show information about a specific cve
      + deduplicate entries in 'pro help' output (LP: #2091327)
    - config: add option lxd_guest_attach to control LXD integration with Pro
    - contract:
      + check onlySeries on reboot (GH: #3189)
      + collect cpu type for activity info
    - landscape:
      + update message if service not available through Pro (GH: #3331)
    - livepatch: do not enable livepatch on wsl (GH: #3156)
    - lxd: allow pro auto-attach to work on a LXD container

ubuntu-advantage-tools (34.1.3) plucky; urgency=medium

  * apt-hook: set C++ standards version to c++17 for APT 2.9.30 compatibility
    (LP: #2098862)
  * tests: remove argparse error tests from unit tests (LP: #2098862)

ubuntu-advantage-tools (34.1.2build1) plucky; urgency=high

  * No change rebuild against libapt-pkg7.0.

ubuntu-advantage-tools (34.1.2) oracular; urgency=medium

  * check-versions-are-consistent.py: fix regexp to cope with X.Y.Z version
    formats
  * version.py: bump to 34.1.2

ubuntu-advantage-tools (34.1.1) oracular; urgency=medium

  * Bump version.py.

ubuntu-advantage-tools (34.1) oracular; urgency=medium

  * Drop direct dependency on python3-pkg-resources to resolve priority
    m...