[Bug 1832757] Re: Update ubuntu-advantage-client
I'm satisfied with the results, also considering test (5) done in the other bug. Just to be sure, I also tried it via dist-upgrade. That is a bit more hacky, as it involves changing s/precise/trusty/ in sources.list snippets, ignoring gpg errors (as precise doesn't have the gpg key for trusty-esm) and so on, but it also worked in the end. Flipping the tags. ** Tags removed: verification-needed-trusty ** Tags added: verification-done-trusty -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1832757] Re: Update ubuntu-advantage-client
Test 4: >From a fresh trusty instance, which has uat installed (from updates): a) enable esm (via ubuntu-advantage enable-esm), upgrade to proposed b) upgrade to proposed, enable esm (via ua attach) Result: PASS Details: In the end, both instances have the same proposed package: $ lxc exec esm-sru-4a apt-cache policy ubuntu-advantage-tools ubuntu-advantage-tools: Installed: 19.6~ubuntu14.04.3 Candidate: 19.6~ubuntu14.04.3 Version table: *** 19.6~ubuntu14.04.3 0 500 http://br.archive.ubuntu.com/ubuntu/ trusty-proposed/main amd64 Packages 100 /var/lib/dpkg/status 10ubuntu0.14.04.4 0 500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages And both have ESM enabled. In the (b) case, it's using the new infra pocket names because ESM was enabled with the new client via ua attach: $ lxc exec esm-sru-4b apt-cache policy |grep esm 500 https://esm.ubuntu.com/ubuntu/ trusty-infra-updates/main amd64 Packages origin esm.ubuntu.com 500 https://esm.ubuntu.com/ubuntu/ trusty-infra-security/main amd64 Packages origin esm.ubuntu.com Content comparison - etc directory (/dev/null was used because of the broken absolute symlinks; here is the suppressed output: https://paste.ubuntu.com/p/n98rSKBqvP/): $ diff -uNr 4a/etc 4b/etc 2>/dev/null diff -uNr 4a/etc/apt/auth.conf.d/90ubuntu-advantage 4b/etc/apt/auth.conf.d/90ubuntu-advantage --- 4a/etc/apt/auth.conf.d/90ubuntu-advantage 2019-10-31 15:52:19.613041203 -0300 +++ 4b/etc/apt/auth.conf.d/90ubuntu-advantage 2019-10-31 15:57:10.593242280 -0300 @@ -1 +1 @@ -machine esm.ubuntu.com/ login myuser password mypass +machine esm.ubuntu.com/ login bearer password longrandompass # ubuntu-advantage-tools Since (4b) runs ua attach, the credentials are converted to the new bearer format, so the above is expected and correct. diff -uNr 4a/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list 4b/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list --- 4a/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list 2019-10-31 15:52:19.629041498 -0300 +++ 4b/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list 2019-10-31 15:57:10.605241750 -0300 @@ -1,5 +1,4 @@ -deb https://esm.ubuntu.com/ubuntu trusty-security main -# deb-src https://esm.ubuntu.com/ubuntu trusty-security main - -deb https://esm.ubuntu.com/ubuntu trusty-updates main -# deb-src https://esm.ubuntu.com/ubuntu trusty-updates main +deb https://esm.ubuntu.com/ubuntu trusty-infra-security main +# deb-src https://esm.ubuntu.com/ubuntu trusty-infra-security main +deb https://esm.ubuntu.com/ubuntu trusty-infra-updates main +# deb-src https://esm.ubuntu.com/ubuntu trusty-infra-updates main Since (4b) runs attach, the pockets are renamed to the new infra names, so the above is also expected and correct. - /var: Also broken symlinks, and: $ diff -uNr 4a/var 4b/var|diffstat -l diff: 4a/var/lib/cloud/instance: No such file or directory diff: 4b/var/lib/cloud/instance: No such file or directory cache/apt/pkgcache.bin cache/apt/srcpkgcache.bin cache/man/index.db lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-security_InRelease lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-security_main_binary-amd64_Packages lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-updates_InRelease lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-updates_main_binary-amd64_Packages lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-security_InRelease lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-security_main_binary-amd64_Packages lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-updates_InRelease lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-updates_main_binary-amd64_Packages lib/cloud/data/status.json lib/cloud/instances/esm-sru-4a/boot-finished lib/cloud/instances/esm-sru-4a/user-data.txt.i lib/cloud/instances/esm-sru-4a/vendor-data.txt.i lib/dhcp/dhclient.eth0.leases lib/ubuntu-advantage/private/machine-access-cc-eal.json lib/ubuntu-advantage/private/machine-access-esm-infra.json lib/ubuntu-advantage/private/machine-access-fips-updates.json lib/ubuntu-advantage/private/machine-access-fips.json lib/ubuntu-advantage/private/machine-access-livepatch.json lib/ubuntu-advantage/private/machine-access-support.json lib/ubuntu-advantage/private/machine-token.json lib/ubuntu-advantage/status.json lib/urandom/random-seed log/apt/history.log log/apt/term.log log/cloud-init-output.log log/cloud-init.log log/dmesg log/dmesg.0 log/dmesg.1.gz log/dpkg.log log/kern.log log/syslog log/ubuntu-advantage.log log/upstart/acpid.log log/upstart/apport.log log/upstart/console-setup.log log/upstart/cryptdisks.log log/upstart/hwclock.log log/upstart/kmod.log log/upstart/mountall.log log/upstart/mounted-debugfs.log log/upstart/mounted-dev.log log/upstart/mounted-proc.log log/upstart/procps-static-network-up.log log/upstart/procps-virtual-filesystems.log log/upstart/setvtrgb.log log/upstart/systemd-logind.log log/upstart/ttyS0.log log/wtmp The /var/lib/ubuntu-advantage files are
[Bug 1832757] Re: Update ubuntu-advantage-client
Test 3: >From a fresh trusty system, no uat installed, no ubuntu-minimal installed a) install uat from updates, enable esm, upgrade to proposed b) install uat from proposed, enable esm (via ua attach) Result: PASS Details: At the end, confirmed that both chroots have esm enabled and with a positive pinning: # chroot /tank/trusty-3a/ apt-cache policy | grep esm 500 https://esm.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages origin esm.ubuntu.com 500 https://esm.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages origin esm.ubuntu.com # chroot /tank/trusty-3b/ apt-cache policy | grep esm 500 https://esm.ubuntu.com/ubuntu/ trusty-infra-updates/main amd64 Packages origin esm.ubuntu.com 500 https://esm.ubuntu.com/ubuntu/ trusty-infra-security/main amd64 Packages origin esm.ubuntu.com Note how (3b) is using the new infra pocket names, however. That's because "ua attach" was run in that case, and it wasn't run in (3a). Both work, though, and it's expected that users will eventually run "ua attach" after upgrading even if they had esm enabled before. This is mentioned in the [Other Info] section of the bug description. Filesystem differences: # diff -uNr /tank/trusty-3{a,b}/ 2>/dev/null | diffstat -l etc/apt/auth.conf.d/90ubuntu-advantage etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list var/cache/apt/archives/ubuntu-advantage-tools_10ubuntu0.14.04.4_all.deb var/cache/apt/pkgcache.bin var/cache/apt/srcpkgcache.bin var/cache/ldconfig/aux-cache var/lib/apt/extended_states var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-security_InRelease var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-security_main_binary-amd64_Packages var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-updates_InRelease var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-updates_main_binary-amd64_Packages var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-security_InRelease var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-security_main_binary-amd64_Packages var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-updates_InRelease var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-updates_main_binary-amd64_Packages var/lib/dpkg/available var/lib/dpkg/available-old var/lib/dpkg/status-old var/lib/ubuntu-advantage/machine-id var/lib/ubuntu-advantage/private/machine-access-cc-eal.json var/lib/ubuntu-advantage/private/machine-access-esm-infra.json var/lib/ubuntu-advantage/private/machine-access-fips-updates.json var/lib/ubuntu-advantage/private/machine-access-fips.json var/lib/ubuntu-advantage/private/machine-access-livepatch.json var/lib/ubuntu-advantage/private/machine-access-support.json var/lib/ubuntu-advantage/private/machine-token.json var/lib/ubuntu-advantage/status.json var/log/apt/history.log var/log/apt/term.log var/log/dpkg.log var/log/ubuntu-advantage.log Of the above, only /etc/apt is of interest, so let's take a closer look: # diff -uNr /tank/trusty-3{a,b}/etc/apt diff -uNr /tank/trusty-3a/etc/apt/auth.conf.d/90ubuntu-advantage /tank/trusty-3b/etc/apt/auth.conf.d/90ubuntu-advantage --- /tank/trusty-3a/etc/apt/auth.conf.d/90ubuntu-advantage 2019-10-31 15:04:20.083887502 -0300 +++ /tank/trusty-3b/etc/apt/auth.conf.d/90ubuntu-advantage 2019-10-31 15:06:51.943489600 -0300 @@ -1 +1 @@ -machine esm.ubuntu.com/ login myuser password mypass +machine esm.ubuntu.com/ login bearer password verylongrandompass # ubuntu-advantage-tools The above confirms that ua attach was run on (3b), because the old style credentials were removed and the new style was put in place. diff -uNr /tank/trusty-3a/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list /tank/trusty-3b/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list --- /tank/trusty-3a/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list 2019-10-31 15:04:20.083887502 -0300 +++ /tank/trusty-3b/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list 2019-10-31 15:06:51.935489610 -0300 @@ -1,5 +1,4 @@ -deb https://esm.ubuntu.com/ubuntu trusty-security main -# deb-src https://esm.ubuntu.com/ubuntu trusty-security main - -deb https://esm.ubuntu.com/ubuntu trusty-updates main -# deb-src https://esm.ubuntu.com/ubuntu trusty-updates main +deb https://esm.ubuntu.com/ubuntu trusty-infra-security main +# deb-src https://esm.ubuntu.com/ubuntu trusty-infra-security main +deb https://esm.ubuntu.com/ubuntu trusty-infra-updates main +# deb-src https://esm.ubuntu.com/ubuntu trusty-infra-updates main This also confirms that ua attach was run on (3b), since we now have the new infra pocket names. Like with test (2), absolute symlinks in the chroot get broken when looked at from the outside, so here is a list of what was suppressed from the full diff output: https://paste.ubuntu.com/p/7BmfzQjtqt/ -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage
[Bug 1832757] Re: Update ubuntu-advantage-client
Test 2: a) fresh install from t-updates, go to t-proposed b) fresh install from t-proposed directly Result: PASS Details: At the end, we have two chroots: /tank/trusty-2a and /tank/trusty-2b # chroot /tank/trusty-2a apt-cache policy ubuntu-advantage-tools ubuntu-advantage-tools: Installed: 19.6~ubuntu14.04.3 Candidate: 19.6~ubuntu14.04.3 Version table: *** 19.6~ubuntu14.04.3 0 500 http://br.archive.ubuntu.com/ubuntu/ trusty-proposed/main amd64 Packages 100 /var/lib/dpkg/status 10ubuntu0.14.04.4 0 500 http://br.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages # chroot /tank/trusty-2b apt-cache policy ubuntu-advantage-tools ubuntu-advantage-tools: Installed: 19.6~ubuntu14.04.3 Candidate: 19.6~ubuntu14.04.3 Version table: *** 19.6~ubuntu14.04.3 0 500 http://br.archive.ubuntu.com/ubuntu/ trusty-proposed/main amd64 Packages 100 /var/lib/dpkg/status 10ubuntu0.14.04.4 0 500 http://br.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages Diffing content of both chroots: # find /tank/trusty-2b/ -xdev | sed -r 's,^/tank/[^/]+,,' | sort > full-trusty-2b.list # find /tank/trusty-2a/ -xdev | sed -r 's,^/tank/[^/]+,,' | sort > full-trusty-2a.list The diff is: # diff -u full-trusty-2{a,b}.list --- full-trusty-2a.list 2019-10-31 14:46:33.307720630 -0300 +++ full-trusty-2b.list 2019-10-31 14:46:26.487592874 -0300 @@ -1567,7 +1567,6 @@ /opt /proc /root -/root/.bash_history /root/.bashrc /root/.profile /run @@ -13724,7 +13723,6 @@ /var/cache/apt/archives/sysv-rc_2.88dsf-41ubuntu6_all.deb /var/cache/apt/archives/tar_1.27.1-1_amd64.deb /var/cache/apt/archives/tzdata_2014b-1_all.deb -/var/cache/apt/archives/ubuntu-advantage-tools_10ubuntu0.14.04.4_all.deb /var/cache/apt/archives/ubuntu-advantage-tools_19.6~ubuntu14.04.3_amd64.deb /var/cache/apt/archives/ubuntu-keyring_2012.05.19_all.deb /var/cache/apt/archives/ucf_3.0027+nmu1_all.deb The above shows that trusty-2a went through the trusty-updates u-a-t package, while trusty-2b didn't. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1832757] Re: Update ubuntu-advantage-client
addendum for test 2: # diff -uNr /tank/trusty-2{a,b}/ 2>/dev/null|diffstat root/.bash_history |2 var/cache/apt/archives/ubuntu-advantage-tools_10ubuntu0.14.04.4_all.deb |binary var/cache/apt/pkgcache.bin |binary var/cache/ldconfig/aux-cache|binary var/lib/apt/extended_states | 24 var/lib/dpkg/available | 46 var/lib/dpkg/available-old | 601 - var/lib/dpkg/status-old | 105 - var/log/apt/history.log | 12 var/log/apt/term.log|7 var/log/dpkg.log| 639 -- 11 files changed, 409 insertions(+), 1027 deletions(-) 2>/dev/null was added because of broken absolute symlinks, which are only fine inside the chroot, but not from the outside. Full list at https://paste.ubuntu.com/p/sMmzYRrJT9/ -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1832757] Re: Update ubuntu-advantage-client
Test 1: basic attach w/ proposed Result: PASS Details: $ lxc launch ubuntu-daily:trusty t1 Creating t1 Starting t1 # enable proposed, update, check $ lxc exec t1 apt-get update $ lxc exec t1 apt-cache policy ubuntu-advantage-tools ubuntu-advantage-tools: Installed: 10ubuntu0.14.04.3 Candidate: 19.6~ubuntu14.04.3 Version table: 19.6~ubuntu14.04.3 0 500 http://archive.ubuntu.com/ubuntu/ trusty-proposed/main amd64 Packages 10ubuntu0.14.04.4 0 500 http://archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages *** 10ubuntu0.14.04.3 0 # update $ lxc exec t1 apt-get install ubuntu-advantage-tools # attach $ lxc exec t1 ua attach $token Enabling default service esm-infra Updating package lists ESM Infra enabled This machine is now attached to 'panli...@gmail.com' SERVICE ENTITLED STATUSDESCRIPTION cc-ealyes n/a Common Criteria EAL2 Provisioning Packages cis-audit no— Center for Internet Security Audit Tools esm-infra yes enabled UA Infra: Extended Security Maintenance fips yes n/a NIST-certified FIPS modules fips-updates yes n/a Uncertified security updates to FIPS modules livepatch yes n/a Canonical Livepatch service Enable services with: ua enable Account: panli...@gmail.com Subscription: panli...@gmail.com # confirm esm repo is enabled with positive pinning $ lxc exec t1 apt-cache policy|grep esm 500 https://esm.ubuntu.com/ubuntu/ trusty-infra-updates/main amd64 Packages origin esm.ubuntu.com 500 https://esm.ubuntu.com/ubuntu/ trusty-infra-security/main amd64 Packages origin esm.ubuntu.com # test download an esm update $ lxc exec t1 -- apt-get install -d sudo Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libfreetype6 os-prober Use 'apt-get autoremove' to remove them. The following packages will be upgraded: sudo 1 upgraded, 0 newly installed, 0 to remove and 59 not upgraded. Need to get 833 kB of archives. After this operation, 1072 kB of additional disk space will be used. Get:1 https://esm.ubuntu.com/ubuntu/ trusty-infra-security/main sudo amd64 1.8.9p5-1ubuntu1.5+esm2 [833 kB] Fetched 833 kB in 5s (166 kB/s) Download complete and in download only mode -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1832757] Re: Update ubuntu-advantage-client
Repeating tests 1-4 here. Test number 5, which failed in the previous verification, can be seen done in bug https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage- tools/+bug/1850672. It was done with do-release-upgade, which is how I expect users would upgrade from precise, and I took care with the repositories to make sure esm was included in the upgrades, and the right ubuntu-advantage-tools package was used each time (either from trusty-updates, or from -proposed). -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1832757] Re: Update ubuntu-advantage-client
An 19.6~ubuntu14.04.3 upload with the fix will be done shortly. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1832757] Re: Update ubuntu-advantage-client
Test (5a) failed. The scenario is an upgrade from precise with esm enabled to trusty, and then to trusty-proposed. What happened is that after installing the trusty proposed package in this sequence, ESM became disabled. Upstream bug: https://github.com/CanonicalLtd/ubuntu-advantage- client/issues/899 ** Bug watch added: github.com/CanonicalLtd/ubuntu-advantage-client/issues #899 https://github.com/CanonicalLtd/ubuntu-advantage-client/issues/899 ** Tags removed: verification-needed-trusty ** Tags added: verification-failed-trusty -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1832757] Re: Update ubuntu-advantage-client
trusty verification, test case (4) Both scenarios, (a) and (b), start from trusty with u-a-t already installed from updates Test (a): enable esm -> upgrade to proposed Test (b): upgrade to proposed -> ua attach (which enables esm) The u-a-t package from updates that was used is: 10ubuntu0.14.04.4 The u-a-t package from proposed that was used is: 19.6~ubuntu14.04.2 At the end, this is the diff between the files on both containers. I manually removed uninteresting bits like /etc/hostname, /etc/ssh/*, cloud-init data, etc. This is what remains: 1) output of diff -uNr 4a 4b (minus the manually excluded hunks described above): --- 4a/etc/apt/auth.conf.d/90ubuntu-advantage +++ 4b/etc/apt/auth.conf.d/90ubuntu-advantage @@ -1 +1 @@ -machine esm.ubuntu.com/ login $user password $pass +machine esm.ubuntu.com/ login bearer password $newverylongpass Since (a) didn't run ua attach, but just upgraded to the proposed package, the credentials were not migrated to the new bearer token. ESM keeps working without this step, but "ua status" will say the machine is unattached. This is expected and explained in the last paragraph of the "[Other Info]" section in this SRU bug. --- 4a/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list +++ 4b/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list @@ -1,5 +1,4 @@ -deb https://esm.ubuntu.com/ubuntu trusty-security main -# deb-src https://esm.ubuntu.com/ubuntu trusty-security main - -deb https://esm.ubuntu.com/ubuntu trusty-updates main -# deb-src https://esm.ubuntu.com/ubuntu trusty-updates main +deb https://esm.ubuntu.com/ubuntu trusty-infra-security main +# deb-src https://esm.ubuntu.com/ubuntu trusty-infra-security main +deb https://esm.ubuntu.com/ubuntu trusty-infra-updates main +# deb-src https://esm.ubuntu.com/ubuntu trusty-infra-updates main Only an "ua attach" command will rewrite the esm pockets in the sources.list snippet to include the "infra" word. The old names, without "infra", will not be removed from the ESM server for trusty, so having step (a) keep using the old names isn't a problem. 2) diff -u 4a/files.list 4b/files.list Manually removed the following diff noise: - /var/cache/apt/archives - /var/lib/cloud/instances - /var/log/auth.log and /var/log/dmesg.1.gz The following hunks remain: --- 4a/files.list +++ 4b/files.list @@ -29617,10 +29623,10 @@ /var/lib/apt/lists/br.archive.ubuntu.com_ubuntu_dists_trusty-proposed_InRelease /var/lib/apt/lists/br.archive.ubuntu.com_ubuntu_dists_trusty-proposed_main_binary-amd64_Packages /var/lib/apt/lists/br.archive.ubuntu.com_ubuntu_dists_trusty-proposed_main_i18n_Translation-en -/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-security_InRelease -/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-security_main_binary-amd64_Packages -/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-updates_InRelease -/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-updates_main_binary-amd64_Packages +/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-security_InRelease +/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-security_main_binary-amd64_Packages +/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-updates_InRelease +/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-updates_main_binary-amd64_Packages /var/lib/apt/lists/lock /var/lib/apt/lists/partial /var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_InRelease (a) is still using the trusty pockets without the "infra" name, and (b), because it ran an "ua attach", that also runs "apt update", therefore the infra pockets are shown in apt's lists/ directory for (b) and not for (a). @@ -31900,6 +31953,15 @@ /var/lib/systemd/deb-systemd-helper-enabled/ssh.socket.dsh-also /var/lib/systemd/deb-systemd-helper-enabled/syslog.service /var/lib/ubuntu-advantage +/var/lib/ubuntu-advantage/private +/var/lib/ubuntu-advantage/private/machine-access-cc-eal.json +/var/lib/ubuntu-advantage/private/machine-access-esm-infra.json +/var/lib/ubuntu-advantage/private/machine-access-fips.json +/var/lib/ubuntu-advantage/private/machine-access-fips-updates.json +/var/lib/ubuntu-advantage/private/machine-access-livepatch.json +/var/lib/ubuntu-advantage/private/machine-access-support.json +/var/lib/ubuntu-advantage/private/machine-token.json +/var/lib/ubuntu-advantage/status.json /var/lib/ubuntu-release-upgrader /var/lib/ubuntu-release-upgrader/release-upgrade-available /var/lib/ucf Since (b) ran "ua attach", that fully migrated that setup to the new client, which is then showing content in its data directory at /var/lib /ubuntu-advantage/. The (a) case did not run attach. I declare test case (4) as having succeeded. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to:
[Bug 1832757] Re: Update ubuntu-advantage-client
trusty verification, test case (3) Both start from fresh trusty minimal with no u-a-t installed a) u-a-t updates -> enable esm -> upgrade proposed b) u-a-t proposed -> attach The u-a-t package from updates that was used is: 10ubuntu0.14.04.4 The u-a-t package from proposed that was used is: 19.6~ubuntu14.04.2 1) Output of diff -uNr /tank/trusty-3{a,b}/etc/apt. An explanation follows each hunk: --- /tank/trusty-3a/etc/apt/auth.conf.d/90ubuntu-advantage +++ /tank/trusty-3b/etc/apt/auth.conf.d/90ubuntu-advantage @@ -1 +1 @@ -machine esm.ubuntu.com/ login $user password $pass +machine esm.ubuntu.com/ login bearer password $reallylongpass Since (a) didn't run ua attach, but just upgraded to the proposed package, the credentials were not migrated to the new bearer token. ESM keeps working without this step, but "ua status" will say the machine is unattached. This is expected and explained in the last paragraph of the "[Other Info]" section in this SRU bug. --- /tank/trusty-3a/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list +++ /tank/trusty-3b/etc/apt/sources.list.d/ubuntu-esm-infra-trusty.list @@ -1,5 +1,4 @@ -deb https://esm.ubuntu.com/ubuntu trusty-security main -# deb-src https://esm.ubuntu.com/ubuntu trusty-security main - -deb https://esm.ubuntu.com/ubuntu trusty-updates main -# deb-src https://esm.ubuntu.com/ubuntu trusty-updates main +deb https://esm.ubuntu.com/ubuntu trusty-infra-security main +# deb-src https://esm.ubuntu.com/ubuntu trusty-infra-security main +deb https://esm.ubuntu.com/ubuntu trusty-infra-updates main +# deb-src https://esm.ubuntu.com/ubuntu trusty-infra-updates main Only an "ua attach" command will rewrite the esm pockets in the sources.list snippet to include the "infra" word. The old names, without "infra", will not be removed from the ESM server for trusty, so having step (a) keep using the old names isn't a problem. 2) File listing diff. An explanation follows each hunk: --- trusty-3a.list +++ trusty-3b.list @@ -13723,7 +13723,6 @@ /var/cache/apt/archives/sysv-rc_2.88dsf-41ubuntu6_all.deb /var/cache/apt/archives/tar_1.27.1-1_amd64.deb /var/cache/apt/archives/tzdata_2014b-1_all.deb -/var/cache/apt/archives/ubuntu-advantage-tools_10ubuntu0.14.04.4_all.deb /var/cache/apt/archives/ubuntu-advantage-tools_19.6~ubuntu14.04.2_amd64.deb /var/cache/apt/archives/ubuntu-keyring_2012.05.19_all.deb /var/cache/apt/archives/ucf_3.0027+nmu1_all.deb (b) didn't go through trusty-updates, therefore that package isn't cached. @@ -13765,10 +13764,10 @@ /var/lib/apt/lists/br.archive.ubuntu.com_ubuntu_dists_trusty-updates_InRelease /var/lib/apt/lists/br.archive.ubuntu.com_ubuntu_dists_trusty-updates_main_binary-amd64_Packages /var/lib/apt/lists/br.archive.ubuntu.com_ubuntu_dists_trusty-updates_main_i18n_Translation-en -/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-security_InRelease -/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-security_main_binary-amd64_Packages -/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-updates_InRelease -/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-updates_main_binary-amd64_Packages +/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-security_InRelease +/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-security_main_binary-amd64_Packages +/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-updates_InRelease +/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-infra-updates_main_binary-amd64_Packages /var/lib/apt/lists/lock /var/lib/apt/lists/partial /var/lib/apt/mirrors (a) is still using the trusty pockets without the "infra" name, and (b), because it ran an "ua attach", that also runs "apt update", therefore the infra pockets are shown in apt's lists/ directory. @@ -14881,6 +14880,15 @@ /var/lib/systemd/deb-systemd-helper-enabled/rsyslog.service.dsh-also /var/lib/systemd/deb-systemd-helper-enabled/syslog.service /var/lib/ubuntu-advantage +/var/lib/ubuntu-advantage/machine-id +/var/lib/ubuntu-advantage/private +/var/lib/ubuntu-advantage/private/machine-access-cc-eal.json +/var/lib/ubuntu-advantage/private/machine-access-esm-infra.json +/var/lib/ubuntu-advantage/private/machine-access-fips.json +/var/lib/ubuntu-advantage/private/machine-access-fips-updates.json +/var/lib/ubuntu-advantage/private/machine-access-livepatch.json +/var/lib/ubuntu-advantage/private/machine-access-support.json +/var/lib/ubuntu-advantage/private/machine-token.json /var/lib/ubuntu-advantage/status.json /var/lib/ucf /var/lib/ucf/cache Since (b) ran "ua attach", that fully migrated that setup to the new client, which is then showing content in its data directory at /var/lib /ubuntu-advantage/. The (a) case did not run attach. I declare test case (3) as having succeeded. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage
[Bug 1832757] Re: Update ubuntu-advantage-client
** Description changed: [Impact] This is a major rewrite of ubuntu-advantage-client. This version introduces an updated command line interface (UA Client) to simplify some interaction with Ubuntu Advantage support offerings, and interacts with a new service backend built specifically for this new streamlined experience. - Disco and Eoan already have this new version (but slightly older), but - trusty, xenial, bionic and cosmic do not. This update is for trusty only - at the moment, because the other LTSs and later releases have other - services available under the UA umbrella which haven't yet been fully - converted to the new backend. + Disco, Eoan, and Focal already have this rewrite (but an older version + of it), but trusty, xenial, bionic and cosmic do not. This update is for + trusty only at the moment, because the other LTSs and later releases + have other services available under the UA umbrella which haven't yet + been fully converted to the new backend. [Test Case] There are free services available for Trusty and anyone with an ubuntu one account can try them out with the new client. - You can sign up interactively by just typing: - - sudo ua attach - - That will prompt you for your ubuntu one login credentials, and 2FA if - needed, and enable ESM and Livepatch (the latter if running an HWE - kernel). - - Alternatively, you can go to https://auth.contracts.canonical.com/, - obtain a token, and attach your machine with: + In order to attach a machine to UA, first obtain a token at + https://auth.contracts.canonical.com/. With that token, attach the + machine with this command: sudo ua attach + + If that's successful, you will have ESM-infra enabled at the end. Additional test cases to confirm that the package correctly handles upgrades for all relevant cases: 2. a. Start with a fresh Ubuntu instance which does not have u-a-t installed (i.e. ubuntu-minimal is not installed). Install u-a-t from -updates. Do not enable ua. Upgrade to u-a-t from -proposed. b. In an identical instance, install u-a-t from -proposed. c. Confirm that the on-disk results of a) and b) are identical. 3. a. Start with a fresh Ubuntu instance which does not have u-a-t installed (i.e. ubuntu-minimal is not installed). Install u-a-t from -updates. Enable esm with 'ubuntu-advantage enable-esm'. Upgrade to u-a-t from -proposed. b. In an identical instance, install u-a-t from -proposed. Enable esm with 'ubuntu-advantage attach'. c. Confirm that the on-disk results of a) and b) are identical. 4. a. Start with a fresh Ubuntu instance which does have u-a-t installed. Enable esm with 'ubuntu-advantage enable-esm'. Upgrade to u-a-t from -proposed. b. In an identical instance, upgrade to u-a-t from -proposed. Enable esm with 'ubuntu-advantage attach'. c. Confirm that the on-disk results of a) and b) are identical. 5. a. Start with a fresh Ubuntu *precise* instance which does have u-a-t installed and esm enabled. Dist-upgrade to trusty, then upgrade to u-a-t from -proposed. b. In an identical instance, dist-upgrade to trusty with -proposed enabled. c. Confirm that the on-disk results of a) and b) are identical. [Regression Potential] This is a major rewrite from bash to python3 and there are changes in behavior. - new services will be listed, but not avaialble for trusty, only for later LTSs - even when ESM is not enabled, an apt hook will advertise the availability of updates in that repository. This hook has failed in the past while this package was in disco, and that failed the apt transaction. This has of course been fixed since then (see #1824523 and #1824523). [Other Info] This is the FFe bug that got this rewrite into Disco at that time: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1814157 Development of this client is happening on github: https://github.com/CanonicalLtd/ubuntu-advantage-client The GPG keys can be verified by checking the signed release files over https. Respectively: CC (not available on trusty atm): https://esm.ubuntu.com/cc/ubuntu/dists/xenial/InRelease FIPS (not available on trusty atm): https://esm.ubuntu.com/fips/ubuntu/dists/xenial/InRelease FIPS-updates (not available on trusty atm): https://esm.ubuntu.com/fips-updates/ubuntu/dists/xenial-updates/InRelease ESM: https://esm.ubuntu.com/ubuntu/dists/trusty-updates/InRelease and https://esm.ubuntu.com/ubuntu/dists/trusty-security/InRelease cis-audit is not ready and we don't have a gpg key for it yet, so we are shpping a placeholder file in the package called ubuntu- securitybenchmarks-keyring.gpg and that is a zero-sized file. Since cis- audit is not available for trusty, and gpg keyrings are only copied over to /etc/apt/trusted.gpg.d/ at enable time, this isn't an issue. And even if it was copied over to that directory, an empty file there doesn't cause issues. The
[Bug 1832757] Re: Update ubuntu-advantage-client
** Changed in: ubuntu-advantage-tools (Ubuntu Trusty) Status: In Progress => Triaged ** Changed in: ubuntu-advantage-tools (Ubuntu Trusty) Assignee: Andreas Hasenack (ahasenack) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1832757] Re: Update ubuntu-advantage-client
** Description changed: [Impact] This is a major rewrite of ubuntu-advantage-client. This version introduces an updated command line interface (UA Client) to simplify some interaction with Ubuntu Advantage support offerings, and interacts with a new service backend built specifically for this new streamlined experience. Disco and Eoan already have this new version (disco's is slightly older), but trusty, xenial, bionic and cosmic do not. This update is for trusty only at the moment, because the other LTSs and later releases have other services available under the UA umbrella which haven't yet been fully converted to the new backend. [Test Case] There are free services available for Trusty and anyone with an ubuntu one account can try them out with the new client. You can sign up interactively by just typing: sudo ua attach That will prompt you for your ubuntu one login credentials, and 2FA if needed, and enable ESM and Livepatch (the latter if running an HWE kernel). Alternatively, you can go to https://auth.contracts.canonical.com/, obtain a token, and attach your machine with: sudo ua attach Additional test cases to confirm that the package correctly handles upgrades for all relevant cases: 2. a. Start with a fresh Ubuntu instance which does not have u-a-t installed (i.e. ubuntu-minimal is not installed). Install u-a-t from -updates. Do not enable ua. Upgrade to u-a-t from -proposed. b. In an identical instance, install u-a-t from -proposed. c. Confirm that the on-disk results of a) and b) are identical. 3. a. Start with a fresh Ubuntu instance which does not have u-a-t installed (i.e. ubuntu-minimal is not installed). Install u-a-t from -updates. Enable esm with 'ubuntu-advantage enable-esm'. Upgrade to u-a-t from -proposed. b. In an identical instance, install u-a-t from -proposed. Enable esm with 'ubuntu-advantage attach'. c. Confirm that the on-disk results of a) and b) are identical. 4. a. Start with a fresh Ubuntu instance which does have u-a-t installed. Enable esm with 'ubuntu-advantage enable-esm'. Upgrade to u-a-t from -proposed. b. In an identical instance, upgrade to u-a-t from -proposed. Enable esm with 'ubuntu-advantage attach'. c. Confirm that the on-disk results of a) and b) are identical. 5. a. Start with a fresh Ubuntu *precise* instance which does have u-a-t installed and esm enabled. Dist-upgrade to trusty, then upgrade to u-a-t from -proposed. b. In an identical instance, dist-upgrade to trusty with -proposed enabled. c. Confirm that the on-disk results of a) and b) are identical. [Regression Potential] This is a major rewrite from bash to python3 and there are changes in behavior. - new services will be listed, but not avaialble for trusty, only for later LTSs - even when ESM is not enabled, an apt hook will advertise the availability of updates in that repository. This hook has failed in the past while this package was in disco, and that failed the apt transaction. This has of course been fixed since then (see #1824523 and #1824523). [Other Info] This is the FFe bug that got this rewrite into Disco at that time: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1814157 Development of this client is happening on github: https://github.com/CanonicalLtd/ubuntu-advantage-client The GPG keys can be verified by checking the signed release files over https. Respectively: CC (not available on trusty atm): https://esm.ubuntu.com/cc/ubuntu/dists/xenial/InRelease FIPS (not available on trusty atm): https://esm.ubuntu.com/fips/ubuntu/dists/xenial/InRelease FIPS-updates (not available on trusty atm): https://esm.ubuntu.com/fips-updates/ubuntu/dists/xenial-updates/InRelease ESM: https://esm.ubuntu.com/ubuntu/dists/trusty-updates/InRelease and https://esm.ubuntu.com/ubuntu/dists/trusty-security/InRelease cis-audit is not ready and we don't have a gpg key for it yet, so we are shipping a placeholder file in the package called ubuntu- securitybenchmarks-keyring.gpg and that is a zero-sized file. Since cis- audit is not available for trusty, and gpg keyrings are only copied over to /etc/apt/trusted.gpg.d/ at enable time, this isn't an issue. And even if it was copied over to that directory, an empty file there doesn't cause issues. The reason we still have the file is, as said, a placeholder, as the code and tests expect it, and because we want to use the same source package for all supported ubuntu releases. - On an upgrade, existing users of trusty esm are expected to run "sudo ua - attach []", although not doing it won't disable their existing - ESM access. The new ua tool just won't recognize esm as being active in - its "ua status" output until the attach operation is complete. The same - applies to livepatch, if it was enabled before. + On an upgrade, existing users of
[Bug 1832757] Re: Update ubuntu-advantage-client
** Description changed: [Impact] This is a major rewrite of ubuntu-advantage-client. This version introduces an updated command line interface (UA Client) to simplify some interaction with Ubuntu Advantage support offerings, and interacts with a new service backend built specifically for this new streamlined experience. - Disco and Eoan already have this new version (but slightly older), but - trusty, xenial, bionic and cosmic do not. This update is for trusty only - at the moment, because the other LTSs and later releases have other - services available under the UA umbrella which haven't yet been fully - converted to the new backend. + Disco and Eoan already have this new version (disco's is slightly + older), but trusty, xenial, bionic and cosmic do not. This update is for + trusty only at the moment, because the other LTSs and later releases + have other services available under the UA umbrella which haven't yet + been fully converted to the new backend. [Test Case] There are free services available for Trusty and anyone with an ubuntu one account can try them out with the new client. You can sign up interactively by just typing: sudo ua attach That will prompt you for your ubuntu one login credentials, and 2FA if needed, and enable ESM and Livepatch (the latter if running an HWE kernel). Alternatively, you can go to https://auth.contracts.canonical.com/, obtain a token, and attach your machine with: sudo ua attach Additional test cases to confirm that the package correctly handles upgrades for all relevant cases: 2. a. Start with a fresh Ubuntu instance which does not have u-a-t installed (i.e. ubuntu-minimal is not installed). Install u-a-t from -updates. Do not enable ua. Upgrade to u-a-t from -proposed. b. In an identical instance, install u-a-t from -proposed. c. Confirm that the on-disk results of a) and b) are identical. 3. a. Start with a fresh Ubuntu instance which does not have u-a-t installed (i.e. ubuntu-minimal is not installed). Install u-a-t from -updates. Enable esm with 'ubuntu-advantage enable-esm'. Upgrade to u-a-t from -proposed. b. In an identical instance, install u-a-t from -proposed. Enable esm with 'ubuntu-advantage attach'. c. Confirm that the on-disk results of a) and b) are identical. 4. a. Start with a fresh Ubuntu instance which does have u-a-t installed. Enable esm with 'ubuntu-advantage enable-esm'. Upgrade to u-a-t from -proposed. b. In an identical instance, upgrade to u-a-t from -proposed. Enable esm with 'ubuntu-advantage attach'. c. Confirm that the on-disk results of a) and b) are identical. 5. a. Start with a fresh Ubuntu *precise* instance which does have u-a-t installed and esm enabled. Dist-upgrade to trusty, then upgrade to u-a-t from -proposed. b. In an identical instance, dist-upgrade to trusty with -proposed enabled. c. Confirm that the on-disk results of a) and b) are identical. [Regression Potential] This is a major rewrite from bash to python3 and there are changes in behavior. - new services will be listed, but not avaialble for trusty, only for later LTSs - even when ESM is not enabled, an apt hook will advertise the availability of updates in that repository. This hook has failed in the past while this package was in disco, and that failed the apt transaction. This has of course been fixed since then (see #1824523 and #1824523). [Other Info] This is the FFe bug that got this rewrite into Disco at that time: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1814157 Development of this client is happening on github: https://github.com/CanonicalLtd/ubuntu-advantage-client The GPG keys can be verified by checking the signed release files over https. Respectively: CC (not available on trusty atm): https://esm.ubuntu.com/cc/ubuntu/dists/xenial/InRelease FIPS (not available on trusty atm): https://esm.ubuntu.com/fips/ubuntu/dists/xenial/InRelease FIPS-updates (not available on trusty atm): https://esm.ubuntu.com/fips-updates/ubuntu/dists/xenial-updates/InRelease ESM: https://esm.ubuntu.com/ubuntu/dists/trusty-updates/InRelease and https://esm.ubuntu.com/ubuntu/dists/trusty-security/InRelease cis-audit is not ready and we don't have a gpg key for it yet, so we are shpping a placeholder file in the package called ubuntu- securitybenchmarks-keyring.gpg and that is a zero-sized file. Since cis- audit is not available for trusty, and gpg keyrings are only copied over to /etc/apt/trusted.gpg.d/ at enable time, this isn't an issue. And even if it was copied over to that directory, an empty file there doesn't cause issues. The reason we still have the file is, as said, a placeholder, as the code and tests expect it, and because we want to use the same source package for all supported ubuntu releases. On an upgrade, existing users of trusty esm are
[Bug 1832757] Re: Update ubuntu-advantage-client
** Changed in: ubuntu-advantage-tools (Ubuntu Trusty) Status: New => In Progress ** Changed in: ubuntu-advantage-tools (Ubuntu Trusty) Assignee: (unassigned) => Andreas Hasenack (ahasenack) -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1832757] Re: Update ubuntu-advantage-client
** Changed in: ubuntu-advantage-tools (Ubuntu) Assignee: (unassigned) => Andreas Hasenack (ahasenack) ** Changed in: ubuntu-advantage-tools (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1832757] Re: Update ubuntu-advantage-client
** Description changed: [Impact] This is a major rewrite of ubuntu-advantage-client. This version introduces an updated command line interface (UA Client) to simplify some interaction with Ubuntu Advantage support offerings, and interacts with a new service backend built specifically for this new streamlined experience. Disco and Eoan already have this new version (but slightly older), but trusty, xenial, bionic and cosmic do not. This update is for trusty only at the moment, because the other LTSs and later releases have other services available under the UA umbrella which haven't yet been fully converted to the new backend. [Test Case] There are free services available for Trusty and anyone with an ubuntu one account can try them out with the new client. You can sign up interactively by just typing: sudo ua attach That will prompt you for your ubuntu one login credentials, and 2FA if needed, and enable ESM and Livepatch (the latter if running an HWE kernel). Alternatively, you can go to https://auth.contracts.canonical.com/, obtain a token, and attach your machine with: sudo ua attach [Regression Potential] This is a major rewrite from bash to python3 and there are changes in behavior. - new services will be listed, but not avaialble for trusty, only for later LTSs - even when ESM is not enabled, an apt hook will advertise the availability of updates in that repository. This hook has failed in the past while this package was in disco, and that failed the apt transaction. This has of course been fixed since then (see #1824523 and #1824523). [Other Info] This is the FFe bug that got this rewrite into Disco at that time: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1814157 Development of this client is happening on github: https://github.com/CanonicalLtd/ubuntu-advantage-client The GPG keys can be verified by checking the signed release files over https. Respectively: CC (not available on trusty atm): https://esm.ubuntu.com/cc/ubuntu/dists/xenial/InRelease FIPS (not available on trusty atm): https://esm.ubuntu.com/fips/ubuntu/dists/xenial/InRelease FIPS-updates (not available on trusty atm): https://esm.ubuntu.com/fips-updates/ubuntu/dists/xenial-updates/InRelease ESM: https://esm.ubuntu.com/ubuntu/dists/trusty-updates/InRelease and https://esm.ubuntu.com/ubuntu/dists/trusty-security/InRelease cis-audit is not ready and we don't have a gpg key for it yet, so we are shpping a placeholder file in the package called ubuntu- securitybenchmarks-keyring.gpg and that is a zero-sized file. Since cis- audit is not available for trusty, and gpg keyrings are only copied over to /etc/apt/trusted.gpg.d/ at enable time, this isn't an issue. And even if it was copied over to that directory, an empty file there doesn't cause issues. The reason we still have the file is, as said, a placeholder, as the code and tests expect it, and because we want to use the same source package for all supported ubuntu releases. + + On an upgrade, existing users of trusty esm are expected to run "sudo ua + attach []", although not doing it won't disable their existing + ESM access. The new ua tool just won't recognize esm as being active in + its "ua status" output until the attach operation is complete. ** Description changed: [Impact] This is a major rewrite of ubuntu-advantage-client. This version introduces an updated command line interface (UA Client) to simplify some interaction with Ubuntu Advantage support offerings, and interacts with a new service backend built specifically for this new streamlined experience. Disco and Eoan already have this new version (but slightly older), but trusty, xenial, bionic and cosmic do not. This update is for trusty only at the moment, because the other LTSs and later releases have other services available under the UA umbrella which haven't yet been fully converted to the new backend. [Test Case] There are free services available for Trusty and anyone with an ubuntu one account can try them out with the new client. You can sign up interactively by just typing: sudo ua attach That will prompt you for your ubuntu one login credentials, and 2FA if needed, and enable ESM and Livepatch (the latter if running an HWE kernel). Alternatively, you can go to https://auth.contracts.canonical.com/, obtain a token, and attach your machine with: sudo ua attach [Regression Potential] This is a major rewrite from bash to python3 and there are changes in behavior. - new services will be listed, but not avaialble for trusty, only for later LTSs - even when ESM is not enabled, an apt hook will advertise the availability of updates in that repository. This hook has failed in the past while this package was in disco, and that failed the apt transaction. This has of course been fixed since
[Bug 1832757] Re: Update ubuntu-advantage-client
** Description changed: [Impact] This is a major rewrite of ubuntu-advantage-client. This version introduces an updated command line interface (UA Client) to simplify some interaction with Ubuntu Advantage support offerings, and interacts with a new service backend built specifically for this new streamlined experience. Disco and Eoan already have this new version (but slightly older), but trusty, xenial, bionic and cosmic do not. This update is for trusty only at the moment, because the other LTSs and later releases have other services available under the UA umbrella which haven't yet been fully converted to the new backend. [Test Case] There are free services available for Trusty and anyone with an ubuntu one account can try them out with the new client. You can sign up interactively by just typing: sudo ua attach That will prompt you for your ubuntu one login credentials, and 2FA if needed, and enable ESM and Livepatch (the latter if running an HWE kernel). Alternatively, you can go to https://auth.contracts.canonical.com/, obtain a token, and attach your machine with: sudo ua attach [Regression Potential] This is a major rewrite from bash to python3 and there are changes in behavior. - new services will be listed, but not avaialble for trusty, only for later LTSs - even when ESM is not enabled, an apt hook will advertise the availability of updates in that repository. This hook has failed in the past while this package was in disco, and that failed the apt transaction. This has of course been fixed since then (see #1824523 and #1824523). [Other Info] This is the FFe bug that got this rewrite into Disco at that time: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1814157 Development of this client is happening on github: https://github.com/CanonicalLtd/ubuntu-advantage-client The GPG keys can be verified by checking the signed release files over https. Respectively: CC (not available on trusty atm): https://esm.ubuntu.com/cc/ubuntu/dists/xenial/InRelease FIPS (not available on trusty atm): https://esm.ubuntu.com/fips/ubuntu/dists/xenial/InRelease FIPS-updates (not available on trusty atm): https://esm.ubuntu.com/fips-updates/ubuntu/dists/xenial-updates/InRelease ESM: https://esm.ubuntu.com/ubuntu/dists/trusty-updates/InRelease and https://esm.ubuntu.com/ubuntu/dists/trusty-security/InRelease + + cis-audit is not ready and we don't have a gpg key for it yet, so we are + shpping a placeholder file in the package called ubuntu- + securitybenchmarks-keyring.gpg and that is a zero-sized file. Since cis- + audit is not available for trusty, and gpg keyrings are only copied over + to /etc/apt/trusted.gpg.d/ at enable time, this isn't an issue. And even + if it was copied over to that directory, an empty file there doesn't + cause issues. The reason we still have the file is, as said, a + placeholder, as the code and tests expect it, and because we want to use + the same source package for all supported ubuntu releases. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1832757] Re: Update ubuntu-advantage-client
** Description changed: [Impact] This is a major rewrite of ubuntu-advantage-client. This version introduces an updated command line interface (UA Client) to simplify some interaction with Ubuntu Advantage support offerings, and interacts with a new service backend built specifically for this new streamlined experience. Disco and Eoan already have this new version (but slightly older), but trusty, xenial, bionic and cosmic do not. This update is for trusty only at the moment, because the other LTSs and later releases have other services available under the UA umbrella which haven't yet been fully converted to the new backend. [Test Case] There are free services available for Trusty and anyone with an ubuntu one account can try them out with the new client. You can sign up interactively by just typing: sudo ua attach That will prompt you for your ubuntu one login credentials, and 2FA if needed, and enable ESM and Livepatch (the latter if running an HWE kernel). Alternatively, you can go to https://auth.contracts.canonical.com/, obtain a token, and attach your machine with: sudo ua attach [Regression Potential] This is a major rewrite from bash to python3 and there are changes in behavior. - new services will be listed, but not avaialble for trusty, only for later LTSs - even when ESM is not enabled, an apt hook will advertise the availability of updates in that repository. This hook has failed in the past while this package was in disco, and that failed the apt transaction. This has of course been fixed since then (see #1824523 and #1824523). [Other Info] + This is the FFe bug that got this rewrite into Disco at that time: + https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1814157 + + Development of this client is happening on github: + https://github.com/CanonicalLtd/ubuntu-advantage-client + + The GPG keys can be verified by checking the signed release files over https. Respectively: + CC (not available on trusty atm): https://esm.ubuntu.com/cc/ubuntu/dists/xenial/InRelease + FIPS (not available on trusty atm): https://esm.ubuntu.com/fips/ubuntu/dists/xenial/InRelease + FIPS-updates (not available on trusty atm): https://esm.ubuntu.com/fips-updates/ubuntu/dists/xenial-updates/InRelease + ESM: https://esm.ubuntu.com/ubuntu/dists/trusty-updates/InRelease and https://esm.ubuntu.com/ubuntu/dists/trusty-security/InRelease -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1832757] Re: Update ubuntu-advantage-client
** Description changed: [Impact] This is a major rewrite of ubuntu-advantage-client. This version introduces an updated command line interface (UA Client) to simplify some interaction with Ubuntu Advantage support offerings, and interacts with a new service backend built specifically for this new streamlined experience. Disco and Eoan already have this new version (but slightly older), but trusty, xenial, bionic and cosmic do not. This update is for trusty only at the moment, because the other LTSs and later releases have other services available under the UA umbrella which haven't yet been fully converted to the new backend. [Test Case] There are free services available for Trusty and anyone with an ubuntu one account can try them out with the new client. You can sign up interactively by just typing: sudo ua attach That will prompt you for your ubuntu one login credentials, and 2FA if needed, and enable ESM and Livepatch (the latter if running an HWE kernel). Alternatively, you can go to https://auth.contracts.canonical.com/, obtain a token, and attach your machine with: sudo ua attach [Regression Potential] - - * discussion of how regressions are most likely to manifest as a result - of this change. - - * It is assumed that any SRU candidate patch is well-tested before - upload and has a low overall risk of regression, but it's important - to make the effort to think about what ''could'' happen in the - event of a regression. - - * This both shows the SRU team that the risks have been considered, - and provides guidance to testers in regression-testing the SRU. + This is a major rewrite from bash to python3 and there are changes in behavior. + - new services will be listed, but not avaialble for trusty, only for later LTSs + - even when ESM is not enabled, an apt hook will advertise the availability of updates in that repository. This hook has failed in the past while this package was in disco, and that failed the apt transaction. This has of course been fixed since then (see #1824523 and #1824523). [Other Info] - - * Anything else you think is useful to include - * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board - * and address these questions in advance -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1832757] Re: Update ubuntu-advantage-client
** Description changed: [Impact] + This is a major rewrite of ubuntu-advantage-client. This version introduces an updated command line interface (UA Client) to simplify some interaction with Ubuntu Advantage support offerings, and interacts with a new service backend built specifically for this new streamlined experience. - * An explanation of the effects of the bug on users and - - * justification for backporting the fix to the stable release. - - * In addition, it is helpful, but not required, to include an -explanation of how the upload fixes this bug. + Disco and Eoan already have this new version, but trusty, xenial, bionic + and cosmic do not. This update is for trusty only at the moment, because + the other LTSs and later releases have other services available under + the UA umbrella which haven't yet been fully converted to the new + backend. [Test Case] - * detailed instructions how to reproduce the bug + * detailed instructions how to reproduce the bug - * these should allow someone who is not familiar with the affected -package to reproduce the bug and verify that the updated package fixes -the problem. + * these should allow someone who is not familiar with the affected + package to reproduce the bug and verify that the updated package fixes + the problem. [Regression Potential] - * discussion of how regressions are most likely to manifest as a result + * discussion of how regressions are most likely to manifest as a result of this change. - * It is assumed that any SRU candidate patch is well-tested before -upload and has a low overall risk of regression, but it's important -to make the effort to think about what ''could'' happen in the -event of a regression. + * It is assumed that any SRU candidate patch is well-tested before + upload and has a low overall risk of regression, but it's important + to make the effort to think about what ''could'' happen in the + event of a regression. - * This both shows the SRU team that the risks have been considered, -and provides guidance to testers in regression-testing the SRU. + * This both shows the SRU team that the risks have been considered, + and provides guidance to testers in regression-testing the SRU. [Other Info] - - * Anything else you think is useful to include - * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board - * and address these questions in advance + + * Anything else you think is useful to include + * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board + * and address these questions in advance ** Description changed: [Impact] This is a major rewrite of ubuntu-advantage-client. This version introduces an updated command line interface (UA Client) to simplify some interaction with Ubuntu Advantage support offerings, and interacts with a new service backend built specifically for this new streamlined experience. Disco and Eoan already have this new version, but trusty, xenial, bionic and cosmic do not. This update is for trusty only at the moment, because the other LTSs and later releases have other services available under the UA umbrella which haven't yet been fully converted to the new backend. [Test Case] + There are free services available for Trusty and anyone with an ubuntu one account can try them out with the new client. - * detailed instructions how to reproduce the bug + You can sign up interactively by just typing: - * these should allow someone who is not familiar with the affected - package to reproduce the bug and verify that the updated package fixes - the problem. + sudo ua attach + + That will prompt you for your ubuntu one login credentials, and 2FA if + needed, and enable ESM and Livepatch (the latter if running an HWE + kernel). + + Alternatively, you can go to https://auth.contracts.canonical.com/, + obtain a token, and attach your machine with: + + sudo ua attach [Regression Potential] * discussion of how regressions are most likely to manifest as a result of this change. * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [Other Info] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board * and address these questions in advance ** Description changed: [Impact] This is a major rewrite of ubuntu-advantage-client. This version introduces an updated command line interface (UA Client) to simplify some interaction with Ubuntu