** Description changed:

  [Impact]
  
  Ubuntu 16.04 reaches its end of standard support this week. After this
  time, Canonical customers can continue receiving security updates
  through ESM. No other updates are expected. To enable ESM, users need
  the ubuntu-advantage-tools package to provide the ua command, and this
  package needs updating to correctly interact with the ESM archives.
  Without this, users will have no opportunity to continue receiving
  updates.
  
  Due to the urgency of this infrastructional update to maintain
  continuity of security updates for Ubuntu users transitioning over to
  ESM for 16.04, and in consideration of the limitation of regression risk
  as noted below, we (Steve and Robie) have decided to waive the usual 7
  day aging period, as well as the usual reluctance to release on a
  Friday.
  
  The notable changes are:
     * Xenial and Bionic:
       - New Python-based client to automatically setup livepatch, fips, 
esm-infra, esm-apps using a single UA contract token from 
https://ubuntu.com/advantage. This is a backward incompatible transition from 
the previous shell-based ubuntu-advantage commands to the new Python-based "ua" 
command.
  
     * For all Ubuntu releases:
       - APT command and MOTD messaging hooks about available esm-infra and 
esm-apps package upgrades and ESM-infra availability on Ubuntu releases 
entering Extended Security Maintenance (Xenial)
       - FIPS and FIPS-updates support
       - New “ua fix” subcommand to allow fixing individual CVE or USN security 
issues.
       - New “ua help” command to give information about the available products 
the “ua” command can enable.
       - Notices section in “ua status” about outstanding configuration changes 
needed to apply configuration changes as a result of Ubuntu Advantage services
  
  See the changelog entry below for a full list of changes and bugs.
  
  [Test Case]
  
  The following development and SRU process was followed:
  
      https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdate
  
  The ubuntu-advantage-tools team will be in charge of attaching the
  artifacts and console output of the appropriate run to the bug. ubuntu-
  advantage-tools team members will not mark ‘verification-done’ until
  this has happened.
  
      * Automated Test Results
  
  Logs added for all Xenial tests. Xenial is a pass.
  
  <TODO Bionic-> Hirsute verification tomorrow>
  Attach or link the following automated integration test runs for 
ubuntu-advantage-tools on each affected LTS release:
  - lxd.container platform
  - lxd.kvm platform
  - AWS Ubuntu PRO
  - AWS Ubuntu cloud-images (non-Pro)
  - Azure Ubuntu PRO
  - Azure Ubuntu cloud-images (non-Pro)
  - GCP Ubuntu PRO
  - GCP Ubuntu cloud-images (non-Pro)
  </TODO>
  
      * Manual Test Runs
          1.  Manual upgrade enabled livepatch/fips bash client -> retains 
enabled service attachment to APT repos/livepatch without running `ua attach
          2. Manual update enabled livepatch/FIPS bash client -> ua attach 
token  -> retains enabled livepatch/FIPS services
  Verification Script 1 & 2: 
https://github.com/canonical/ubuntu-advantage-client/blob/main/tools/test_xenial_upgrade.sh
          3. Upgrade Test Trusty released UA client -> Xenial
  
      * <TODO: attach manual upgrade path test from previous LTS to
  current -proposed release>
  
  [Where problems could occur]
  
  Extensive integration testing has been done to try to mitigate
  regression potential.  This section evaluates if issues do arise, where
  they may appear.
  
  Since Ubuntu 16.04 will be at the end of standard support, security
  updates will be ending for non-ESM users.  These users will already need
  to upgrade to a newer LTS, thus limiting our regression concerns.
  
  In a worst case scenario, if the update goes wrong it potentially could
  break: 1) users not interested in ESM, shortly before no other source of
  updates are available for 16.04; 2) users who wish to enable ESM, but in
  a manner that prevents ESM from being enabled.
  
  The list below represents places where this update could cause
  regressions:
  
  * apt hook messages not working properly resulting in error messages
  from ubuntu-advantage-tools apt hooks. apt will still exit 0 in these
  cases
  
  * MOTD hooks during error conditions omitting messages about available
  esm package updates.
  
  [ Known issues ]
  
  * The CLI for the “ua” command has changed, by design.
  It is possible that existing UA users have scripted use of this command, for 
example to enable UA on new cloud instances. We don’t think this type of 
breakage is likely. Therefore we have concluded that this deliberate 
behavioural change is acceptable, and this decision has been approved by Steve 
and Robie wearing their TB hats.
  
  Justification:
  These are intentional usage decisions that enabled adding and updating 
functionality for the client. Given the lack of previous usage and lack of risk 
for breaking or causing issues on the system it’s deemed safe and an 
improvement for the users going forward that needed to be done.
  
  * Logs of a successful run show a traceback that confuses users.
  https://github.com/canonical/ubuntu-advantage-client/issues/1586
  
  Justification:
  While the traceback is surprising there is no harm to the system or the 
configuration of the UA products. We agree to clean this in a subsequent point 
release.
  
  * trusty upgrade to xenial will result in esm-infra being disabled
  https://github.com/canonical/ubuntu-advantage-client/issues/1590
  
  Justification:
  Trusty ESM has ended as of April 23, 2021. This means users affected are 
beyond extended support. Trusty ESM users are a niche user base with very low 
volume and requiring a documented upgrade step is deemed to be acceptable from 
a product management perspective.
  
  * This has been documented in the FAQ section of the UA Client
  documentation at: https://discourse.ubuntu.com/t/ubuntu-advantage-
  client/21788
  
  * Customers using the following cloud-config userdata will have to
  update to use the new cmdline client 'ua attach', 'ua enable' commands.
  
     #cloud-config
       ubuntu_advantage:
           commands: XXX
       runcmd:
           ubuntu-advantage enable-fips
  
  Justification:
  There is no harm to the system in using the old behavior. The scope of 
impacted users is very small as much of the functionality that is used did not 
exist before this version of the UA client. This has been documented in the UA 
Client FAQ documentation at 
https://discourse.ubuntu.com/t/ubuntu-advantage-client/21788
  
  * autopkgtest regressions with update-motd pkg, will file an update
  excuses tag. not going to resolve it in ubuntu-advantage-tools
  
  Justification:
  This autopkgtest failure will occurr any time ua-tools adds a new 
/etc/update-motd.d file since the previous version of ua-tools in 
<release>-updates pocket will not contain that file. 
https://bugs.launchpad.net/ubuntu/+source/update-motd/+bug/1926660.Resolve to 
update-excuses tag on this and expect autokpkgtest failures to go away after 
publish to -updates
  
  
+ * package build failures on i386 focal, groovy, hirsute and impish due to 
inability to install golang-1.14-go build dependency. This is a known issue and 
considered unsupported build architecture on Focal and newer
+ https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1926361
  
  [Changelog for release delta]
  
  ubuntu-advantage-tools (27.0~16.04.1) xenial; urgency=medium
  
    * New upstream release 27.0: (LP: #1926361)
      - apt-hook: mitigate failures with true
      - messages: add optional (s) to apt messaging to include
        singular/plural pkgs
      - apt-hook: avoid reporting and counting duplicate package
        names (GH: #1578)
      - fix: don't say reboot required when unnecessary (LP: #1926183)
      - test: uncomment additional xenial upgrade tests
  
   -- Lucas Moura <lucas.mo...@canonical.com>  Tue, 27 Apr 2021 15:31:06
  -0300
  
  ubuntu-advantage-tools (27.0~21.04.1~beta3) hirsute; urgency=medium
  
    * New upstream beta3 release:
      - config: avoid tracebacks on invalid features value in uaclient.conf
        (GH: #1564)
      - apt-hook: new json hook for security update counts
      - Remove redundant messaging from uaclient
  
   -- Chad Smith <chad.sm...@canonical.com>  Fri, 23 Apr 2021 15:28:44
  -0600
  
  ubuntu-advantage-tools (27.0~21.04.1~beta2) hirsute; urgency=medium
  
    * d/control:
      - add distro-info dependency
      - add new debianutils dependency
      - add optional dh-systemd | debhelper (>= 13.3) to fallback on hirsute
        and later when dh-systemd is not present
    * d/rules: enable and start ua-messaging.timer on package install
    * d/postinst:
      - configure esm on any LTS release avoid beta services
      - configure esm-infra when is_active_esm and apps on LTS
      - xenial enable unauthenticated apt source for apps/infra
    * New upstream release 27.0~beta:
      - apt-hook:
        + adapt hook to process separate message templates
        + esm-apps and esm-infra pkg counts not mutually-exclusive
        + print static messages on apt upgrade/dist-upgrade (GH: #1546)
      - config: create settings_overrides on config (GH: #1507)
      - docs: add entry for uploading new version to ppa
      - esm:
        + add pin never when disabling esm-infra/apps on xenial
        + enable infra when EOL LTS and apps on all LTS (GH: #1558)
      - fips: add notice when installing over old fips
      - fix:
        + add links to ubuntu.com/gcp/aws in messaging when on non-PRO
        + add notice to reboot operation on ua fix
        + do not prompt user for beta services (GH: #1544)
        + notify users if reboot is required  (GH: #1476)
        + update how the expired token logic works
        + wrap output greater than 80 chars (GH: #1487)
      - lib: fix notice handling on reboot script
      - messages
        + provide static message files for use in APT and MOTD
        + update_ua_messages on attach/detach/disable
      - mypy: add lib/ dir for coverage
      - status: do not remove notices on non-root call (GH: #1518)
      - subp: separate % format strings when logging (GH: #1520)
      - systemd: add ua-messaging.timer to update ua MOTD and APT msgs
      - update-motd.d: add conditional hooks for motd to source ua messages
      - util: add is_lts and is_active_esm funtions to support ESM
      - test
        + add integration tests asserting esm-apps setup due to postinst
        + manual test script for xenial upgrade
        + trusty and xenial infra and apps disabled in pkg install
      - behave: use unaltered cloud images unsetting UACLIENT_BEHAVE_PPA
      - jenkins: make lint and style stage run sequentially
  
   -- Lucas Moura <lucas.mo...@canonical.com>  Thu, 22 Apr 2021 14:16:26
  -0300
  
  ubuntu-advantage-tools (27.0~21.04.1~beta) hirsute; urgency=medium
  
    * d/*: prefix all the debhelper conf files with the package name
    * d/control:
      - add Rules-Requires-Root: no
      - bump Standards-Version to 4.5.1
      - make ubuntu-advantage-pro Architecture: all
    * d/lintian-overrides:
      - override maintainer-script-calls-service
      - package-supports-alternative-init-but-no-init.d-script
    * d/postinst: move the u-a-pro note to a config script
    * d/ubuntu-advantage-tools.templates: suggest the use of apt
    * New upstream release 27.0~beta:
      - apt: add retry for apt-helper command (GH: #1431)
      - cli: drop subcommand repeated help output, fix enable & refresh
        (GH: #1440)
      - config:
        + allow parsing yaml delivered from env values
        + environment variable support for feature overrides (GH: #1395)
        + create config to add extra params to security url
      - docs:
        + add ppas and fix typos
        + use Ubuntu Pro not Ubuntu PRO
        + add stop "." punctuation to messages (GH: #1320)
      - fips: fix FIPS message when disable operation fails
      - fix:
        + add basic UASecurityClient to which queries CVE and USNs
        + add security_url to config
        + check if service is enabled during ua fix (GH: #1462)
        + closer representation of cve and usn responses
        + filter usns by cve details (GH: #1470)
        + fix regex to be more permissive and strict
        + get_cve_affected_source_packages_status won't list not-affected
          (GH: #1467)
        + handle other package status when running ua fix (GH: #1435)
        + improve error message for ua fix (GH: #1420)
        + install pkg fixes when they are on standard pocket (GH: #1401)
        + move timeout and retries to security client only
        + only prompt for subscription attach for UA-related pkg updates
        + parse all related USNS to a given CVE when fixing
        + parse full API responses for related CVEs and USNs
        + prefer USN.release_packages binary pkg versions to CVE src ver
          (GH: #1436)
        + prompt for new ua token when expired one is used (GH: #1475)
        + prompt to emit pro suggestion on pro_clouds if unattached (GH: #1386)
        + prompt to enable service during ua fix (GH: #1455)
        + provide related CVE URLs instead of USNs (GH: #1456)
        + raise errors when source_link is null or unexpected format
        + show packages that were not fixed in the output
        + update output for released packages in ua fix (GH: #1438)
        + update message for invalid issue in ua fix (GH: #1433)
        + use pocket values from USNs (GH: #1439)
      - logs: emit error response on API errors and redact sensitive logs
        (GH: #1424)
      - serviceclient: add 10 second timeout and two retries to API calls
        (GH: #1374)
      - util:
        + add error prompts on invalid selection
        + add timeout to readurl
      - tests:
        + Add disable_auto_attach config to all test PRO vms
        + add merge_usn_released_binary_package_versions tests
        + add unittest coverage for override_usn_release_package_status
        + drop traceback checks on fips integration tests
        + refactor integration tests for ua fix cmd
        + run status wait before detach in PRO tests
        + use ssh to run commands on lxd containers
      - jenkins: archiveArtifacts can only reference paths within workspace
  
   -- Lucas Moura <lucas.mo...@canonical.com>  Tue, 30 Mar 2021 14:16:03
  -0300
  
  ubuntu-advantage-tools (26.3~21.04.1) hirsute; urgency=medium
  
    * d/control: add new debianutils dependency
    * New upstream release 26.3
      - util: improve is_container check for chroot
      - cli: pass assume_yes param to services on detach (GH: #1530)
  
   -- Grant Orndorff <grant.orndo...@canonical.com>  Tue, 06 Apr 2021
  14:26:20 -0300
  
  ubuntu-advantage-tools (26.2) hirsute; urgency=medium
  
    * Drop dh-systemd build dependency.
  
   -- Matthias Klose <d...@ubuntu.com>  Wed, 10 Mar 2021 16:54:12 +0100
  
  ubuntu-advantage-tools (26.2~21.04.1) hirsute; urgency=medium
  
    * status: show beta services in status if enabled (GH: #1410)
  
   -- Lucas Moura <lucas.mo...@canonical.com>  Tue, 02 Mar 2021 10:11:53
  -0300
  
  ubuntu-advantage-tools (26.1~21.04.1) hirsute; urgency=medium
  
    *  New upstream release 26.1
       - contract: block detach call to contract if machine-id change
       - docs: add readme docs about mastering clean golden images
       - fips: add reboot notices for fips operations (GH: #1368)
       - livepatch: add retry when running canonical-livepatch status
         (GH: #1360)
       - util: use lru_cache to avoid re-reading os-release and machine-id
         (GH: #1329)
       - tests:
         + add disable_auto_attach config to all test PRO vms
         + add more log artifacts during failed integration test
         + check cloudinit status after launching image
         + mock leaking livepatch.application_status for fips test
         + retry package installs on apt exit 100
       - jenkins: parameterize build stages to avoid parallel job collision
  
   -- Lucas Moura <lucas.mo...@canonical.com>  Fri, 19 Feb 2021 10:30:22
  -0300
  
  ubuntu-advantage-tools (26.0.1~21.04.1) hirsute; urgency=medium
  
    * auto-attach: fix comparing numeric iid
  
   -- Lucas Moura <lucas.mo...@canonical.com>  Fri, 05 Feb 2021 14:10:09
  -0300
  
  ubuntu-advantage-tools (26.0~21.04.1) hirsute; urgency=medium
  
    * New upstream release 26.0:
      - auto-attach: systemd unit to run before ua-reboot-cmds.service
      - config: remove_notice should remove notices.json when empty
      - fips:
        + add notice if running a deactivated FIPS kernel (GH: #1348)
        + block enabling FIPS on clouds using Xenial
        + block enabling fips on GCP instances
        + check /proc/sys/crypto/fips_enable to see if fips is enabled
        + override fips metapackage when on bionic cloud
        + update metapackage override logic on fips
      - notices: clear lock file and notice when encountering any exception
        (GH: #1326)
      - reboot_cmds: retry on lock held errors due to pro auto-attach
      - services: allow uaclient to disable services during enable
      - status: include beta services in json formatted output with --all
        (GH: #1341)
      - tests:
        + add FIPS tests to AWS and Azure bionic images
        + add GCP pro test for focal machine
        + add after_step collection of artifacts on failure
        + remove proc file check after disabling fips
        + pro: block auto-attach with cloud-config bootcmd
        + add validation of systemd unit ua-reboot-cmds.service
        + test enabling fips-updates when fips is enabled
      - jenkins:
        - add deb build stage to assert package builds
        - use series-specific sbuild --build-dir avoid races
        - use --append-to-version for each sbuild run to avoid races
        - presume success when no integration artifacts created
  
   -- Lucas Moura <lucas.mo...@canonical.com>  Thu, 04 Feb 2021 16:34:56
  -0300
  
  ubuntu-advantage-tools (26.0~21.04.1~beta) hirsute; urgency=medium
  
    * d/rules:
      - add --with systemd to allow reboot init script
      - do not remove lib/systemd/system folder
    * d/postinst:
      - create marker file when reboot script need to run:
        - enable livepatch across trusty to xenial upgrade
        - update fips on existing fips pro machines
    * New upstream release 26.0~beta:
      - gcp: add Google Cloud Platform support (GH #1269)
      - fips:
        + remove is_beta from fips sevices
        + fips pro: add upgrade support to require reboot to unmark held fips 
pkgs
        + update origin UbuntuFIPSUpdates
      - status:
        + add notice to tabular output
        + held locks emit notice about Operation in progress
      - cli: help sort output so trusty ordering matches xenial++
      - cis: rename service from cis-audit
      - config: provide config notices and add_notice and remove_notice methods
      - contract: add resource-machine-access route and datapath
      - init: add init script to run commands on reboot
      - keys: add ubuntu-advantage-cis keyring
      - livepatch: make livepatch react to enableByDefault delta
      - log: log when we install pkgs because of contract delta
      - make: drop six testdeps target
      - pro: do not install pro debs on non-pro instances
      - services: Update beta info for services (GH #1220)
      - tools: add tox-lxd-runner, that execute the test command in a shell
      - tools: refresh-keyrings handles cis keys. drop series-specific keys
      - tests:
        + add GCE support for integration tests
        + add cis integration tests for unattached and pro
        + add pytest constraint for mypy tests
        + add unittests for reboot_cmds script
        + fix esm package messages for new update notifier version
        + pin importlib-metadata for mypy tests
        + repo tests for request_resource_machine_access
        + unit tests for config cache clearing and machine-access data
      - jenkins:
        + add basic Jenkinsfile for CI runs per PR
        + add jenkins parseable test results
        + add lxc cleanup stage on Jenkinsfile
  
   -- Lucas Moura <lucas.mo...@canonical.com>  Thu, 14 Jan 2021 10:08:20
  -0300
  
  ubuntu-advantage-tools (25.0~20.10.1) groovy; urgency=medium
  
    * Release version 25.0
  
   -- Chad Smith <chad.sm...@canonical.com>  Fri, 04 Dec 2020 13:32:16
  -0700
  
  ubuntu-advantage-tools (25.0~20.10.1beta3) groovy; urgency=medium
  
    * New upstream release 25.0~beta3:
      - upgrade-lts-conract: noop during do-release-upgrade on unattached
        (GH: #1255)
      - ua-auto-attach: order systemd unit before cloud-config.service
      - Update FIPSUpdates pin origin
      - fips: unmark held fips packages for ubuntu pro fips image support
        (GH: #1109)
      - repo: handle changes to additionalPackages contract deltas
      - repo: move package installation to install_packages method
      - pro: trigger auto-attach as soon as instance-data.json is available
        (GH: #1234)
      - Conditionally install packages when enabling FIPS
      - fips: allow disable (GH: #1168)
      - cli: add trailing newline to argparse errors (GH: #1236)
      - Install fips metapacking when enabling service
      - integration test improvements:
        + upgrade-test: fix upgrade path restart failures on trusty (GH: #1257)
        + Fix integration test setup scripts (GH: #1253)
        + strict checking for command success on behave
        + Update tests to use new pycloudlib LXD abstraction
        + Add upgrade scenario tests when FIPS is enabled
        + Improve FIPS tests for checking packages
        + Update esm-infra xenial lxd test
        + Fix vm tests as esm-apps is beta service
        + Fix azure generic integration testing
        + Update esm-apps check on staging_commands tests
        + Install pycloudlib for azure jobs only
        + Fix shell condition in run_azure_travis_integration_tests.sh
        + Update azure jobs on travis
        + Update travis url in README
        + Update travis scripts to use ppa only on master
        + Fix cron event type check on travis yaml
  
   -- Chad Smith <chad.sm...@canonical.com>  Wed, 02 Dec 2020 13:43:16
  -0700
  
  ubuntu-advantage-tools (25.0~20.10.1~beta2) groovy; urgency=medium
  
    * New upstream release 25.0~beta2:
      - help: update esm-infra help text (GH: #1212)
      - apt-hook: update apt cli messaging for UA Infra: ESM and UA Apps: ESM
        product names
      - help: update fips help docs (GH: #1213)
      - help: revert CIS help doc URL (GH: #1211)
      - help: add new fips help URLs to CLI help docs (GH: #1210)
      - Show error when enabling service with invalid repo [Lucas Moura]
        (GH: #954)
      - Update beta info for services (#1220) [Lucas Moura] (GH: #1216)
      - Do not enable fips when fips-updates is active [Lucas Moura] (GH: #1209)
      - Add vm test commands in tox.ini (#1204) [Lucas Moura]
  
   -- Chad Smith <chad.sm...@canonical.com>  Mon, 26 Oct 2020 20:01:21
  -0600
  
  ubuntu-advantage-tools (25.0~20.10.1~beta1) groovy; urgency=medium
  
    * Beta bug fix release
      - status: fix missing description_override key after upgrade from
        trusty (GH: #1201)
      - During contract delta processing use _check_application_status_on_cache
        instead of live service status
  
   -- Chad Smith <chad.sm...@canonical.com>  Sat, 10 Oct 2020 21:47:21
  -0600
  
  ubuntu-advantage-tools (25.0~20.10.1~beta) groovy; urgency=medium
  
    * d/control:
      - add po-debconf dependency and fix lintian not-using-po-debconf and
        untranslatable-debconf-templates
      - add ${misc:Depends} dep to ubuntu-advantage-pro to fix lintian
        debhelper-but-no-misc-depends (GH: #1024)
    * d/rules:
      - drop --with systemd fix build-depends-on-obsolete-package
      - set fix lintian warning extra:Depends even if empty
    * d/postrm
      - Add more gpg keys to be deleted in postrm for Xenial+ support
    * d/postinst:
      - do not unconfigure non-trusty esm. no series in apt filenames (GH: 
#1170)
      - check if esm is already enabled (GH: #1095)
    * New upstream release 25.0:
      - Do not uninstall additionalPackages or livepatch when disabling services
      - check for issubclass on clean_apt_files
      - Add do-release-upgrade support for esm-infra and apps suites (GH: #1169)
      - Apply contract deltas during do-release-upgrade operations
      - cli: add ua help command
      - cli: status add blocking --wait param and lock files for config change
      - Fix livepatch behaviour on aws pro focal machine
      - travis: drop inapplicable workspaces from specific awsgeneric release
        jobs
      - Add possible reboot text after enabling/disabling services
      - apt-hook: package apt-hook and apt configuration files on all releases
        (GH: #1150)
      - Fix enable fail bug
      - Add uaclient.conf override mechanism for auto-attach, beta services and
        machine-token
      - Support ESM Apps [Brian Murray] (GH: #930)
      - Do not enable services if blocking services is active (GH: #1029)
      - contract: handle 401 on invalid token, 403 on expired (GH: #1335)
      - Hide beta services from default status output and enable/disable
        operations (GH: #1079) (GH: #1091)
      - fips: force apt noninteractive prompts during package installs
        (GH: #1084)
      - tests: add unit tests for aws-gov/aws-china cloud detection
      - Add AWS China and GovCloud partitions [Robert Jennings]
      - Disable beta services to be show/enabled without flag
      - Add missing build_pr command to environment
      - Use additionalPackages from service payload
      - Add integration testing for Travis runs [patriciadomin] (GH: #856)
        (GH: #857)  (GH: #853)
  
   -- Chad Smith <chad.sm...@canonical.com>  Mon, 28 Sep 2020 21:11:54
  -0600
  
  ubuntu-advantage-tools (24.4) groovy; urgency=medium
  
    * New bug-fix-only release 24.4:
      - uaclient.version bump to 24.4
      - fips: honor additionalPackage directive from contract for bionic
        (GH #1173)
  
   -- Chad Smith <chad.sm...@canonical.com>  Tue, 01 Sep 2020 11:14:39
  -0600
  
  ubuntu-advantage-tools (24.3) groovy; urgency=medium
  
    * New bug-fix-only release 24.3:
      - uaclient.version bump to 24.3
      - fips: add conditional reboot message only if /var/run/reboot-required is
        present
      - fips: add apt repo key for FIPS and FIPS updates (GH #1026)
  
   -- Chad Smith <chad.sm...@canonical.com>  Thu, 20 Aug 2020 14:50:17
  -0600
  
  ubuntu-advantage-tools (24.2) groovy; urgency=medium
  
    * New bug-fix-only release 24.2:
      - uaclient.version bump to 24.2
      - pro: Add AWS China and GovCloud partitions support (GH #1077)
  
   -- Chad Smith <chad.sm...@canonical.com>  Wed, 03 Jun 2020 16:12:41
  -0600
  
  ubuntu-advantage-tools (24.1) groovy; urgency=medium
  
    * New bug-fix-only release 24.1:
      - livepatch: run snap wait system snap.seeded before trying to install
        (GH: #1049)
      - version: return debian/changelog version when git describe fails to
        match upstream <major>.<minor> tags for git-ubuntu workflow
        (GH: #1058)
  
   -- Chad Smith <chad.sm...@canonical.com>  Mon, 18 May 2020 15:07:17
  -0600
  
  ubuntu-advantage-tools (24.0) groovy; urgency=medium
  
    * bump version to 24.0 for new versioninig scheme
  
   -- Chad Smith <chad.sm...@canonical.com>  Mon, 18 May 2020 15:04:33
  -0600
  
  ubuntu-advantage-tools (20.3) focal; urgency=medium
  
    * New upstream release 20.3:
      - ubuntu-pro: automatically reattach across instance id delta
        (LP: #1867573)
      - integration testing:
        + add behave tests ua subcommands for attached vm
        + add invalid token tests
        + add reuse_container test docs
        + refactor token parameter
  
   -- Chad Smith <chad.sm...@canonical.com>  Mon, 30 Mar 2020 14:49:17
  -0600
  
  ubuntu-advantage-tools (20.2) focal; urgency=medium
  
    * d/templates: add a debconf note on upgrade from pre-ubuntu pro package
    * d/control: create a separate ubuntu-advantage-pro package which
        delivers the tooling and scripts necessary to auto-attach pro machines
        This change breaks/replaces ubuntu-advantage-tools <= 20.1
    * d/maintscript: rm_conffile /etc/init/ua-auto-attach.conf from ua-tools pkg
    * d/postint: remove stale systemd symlinks which have migrated to ubuntu-pro
    * d/rules: only install the apt hook on trusty
    * d/rules: provide --no-start to debhelper to avoid auto-attach on pkg 
install
    * Release 20.2:
      - ubuntu-pro:
        + azure: fix detection of DatasourceAzureNet as azure on trusty
        + generalize identity_doc to return dict instead of string
        + auto-attach: any 4XX errors during auto-attach are the result of 
non-Pro
        + auto-attach: handle 403 errors raised by contract server for invalid 
vms
      - attach: persist any status config changes after attach failures
      - output: add messaging using a different subscription if attached
  
   -- Chad Smith <chad.sm...@canonical.com>  Thu, 20 Feb 2020 11:13:15
  -0700
  
  ubuntu-advantage-tools (20.1) xenial; urgency=medium
  
    * Release 20.1:
      - azure-pro, support for azure ubuntu pro auto-attach:
        + add azure auto-attach instance as valid cloud_instance_factory
        + add azure cloud instance module and tests
        + generalize request_aws_contract_token for multiple cloud_types
        + contract: request_auto_attach_contract_token takes an instance param
      - constraints: add constraint on pyyaml version in trusty
      - auto-attach: move duplicate invalid cloud_type check out of cli
  
   -- Chad Smith <chad.sm...@canonical.com>  Mon, 13 Jan 2020 15:09:18
  -0700
  
  ubuntu-advantage-tools (19.7) xenial; urgency=medium
  
    * d/postinst: only configure ESM on supported architectures (LP: #1851858)
        [Andreas Hasenack]
    * d/postinst: rename existing ubuntu-esm-precise.list file to trusty.
      This fixes the upgrade path from precise to trusty and to this client
      while esm is enabled (LP: #1850672)
    * Release 19.7:
      - aws: handle missing SYS_HYPERVISOR_PRODUCT_UUID
      - aws-pro: support for aws ubuntu pro auto-attach
      - pro: add cloud identity module and fix unit tests
      - pro: update systemd service and upstart boot scripts to auto-attach
      - pro: esm do not do apt pin never on disable on xenial or bionic
      - pro: esm-apps has origin UbuntuESMApps and esm-infra is UbuntuESM
      - status: dynamic status available now from refreshed machine-token
      - uaclient: update customer visible messages after UX review
      - esm-apps: allow unattended security upgrades for esm-apps
      - systemd: needs WantedBy=multi-user.target to get pulled into boot
      - cli: update docstring to describe errors raised from auto-attach
      - keyrings: update ubuntu-advantage-esm-apps.gpg with correct key
      - repo: match strict repo url in apt-policy to avoid esm substring matches
      - esm: don't disable_apt_auth_only for ESM entitlements
      - initial implementation of esm-apps
      - repo: don't raise exception in application_status if aptURL missing
      - entitlements: rely solely on contract server for repo_url
      - cli: exit 0 if already attached
      - cli: use decorators for action_attach and action_attach_premium
      - cli: add assert_not_attached decorator
      - status: custom descriptions for n/a service status
  
   -- Chad Smith <chad.sm...@canonical.com>  Fri, 29 Nov 2019 11:09:18
  -0700
  
  ubuntu-advantage-tools (19.6) focal; urgency=medium
  
    * New upstream release. Main changes:
      - drop SSO interactive login support
      - d/control: no longer depend on pymacaroons, which was only needed for
        the SSO interactive login support
      - drop keyrings for services not supported in trusty: cc-eal, fips,
        fips-updates, cis audit
      - make sure /var/lib/ubuntu-advantage/private has 0700 perms
      - rename esm to esm-infra. Also handle upgrades
      - don't unecessarily remove config files that are already handled by dpkg
      - expand the apt related runtime dependencies
      - handle sources.list.d esm snippet when release upgrading from precise
      - ua status now reports availability of services even in unattached state
      - the "ua status" output was changed, including the json format option
      - drop "ua status" call in postinst as it now requires internet access and
        that is restricted in LP builders and test runners.
      - fix the d/t/usage DEP8 test that was also using status
  
   -- Andreas Hasenack <andr...@canonical.com>  Thu, 04 Jul 2019 14:12:58
  -0300
  
  ubuntu-advantage-tools (19.5.1) eoan; urgency=medium
  
    * d/t/usage: fix dep8 test ("entitlements" was renamed to "services")
  
   -- Andreas Hasenack <andr...@canonical.com>  Wed, 03 Jul 2019 21:55:25
  -0300
  
  ubuntu-advantage-tools (19.5) eoan; urgency=medium
  
    * New upstream release (LP: #1832757):
      - packaging:
        + d/control: depend on libapt-pkg<ABI_VERSION> to use pin-priority never
        + d/postinst: adjust logfile permissions
        + d/postinst: remove public files and generate status cache on upgrade
        + d/postinst: Remove the old CACHE_DIR in postinst
        + d/postrm: remove log files on package purge
        + d/postrm: remove the ESM pinning file on purge
        + trusty should remove v1 esm key if present after upgrade
        + keyrings: regenerate keyrings on a trusty host
        + refresh keyrings to match current production for fips and cc-eal
      - apt:
        + all repo entitlements now call apt-get update on enable
        + enable -updates if -updates from the Ubuntu archive is enabled
        + Add basic i18n (good enough for lang packs)
        + retry apt install and update commands 3 times simple backoff
        + write commented -updates lines instead of omitting them
      - attach/detach:
        + added --no-auto-enable option
        + suppress messages from inapplicable default entitlements
        + two-factor auth reprompt only two-factor auth on failed 2fa
        + honour enableByDefault obligations from contract server
        + livepatch: no auto-enable on attach for trusty
        + don't attempt to disable inapplicable entitlements during detach
        + check for root before checking for attach in assert_attached_root
      - status:
        + add --json cli formatting option
        + emit a SERVICE header in status output
        + redact technical support and expiry for free contracts
        + unentitled services will report n/a
      - cc-eal:
        + add a warning about download size before install
        + change cc to cc-eal in docs, parameters and commandline help
      - esm:
        + add esm-v2 gpg keyring, drop old keyring, ignore aptKey directive
        + and livepatch auto enabled on attach where supported
        + on upgrade do not install preferences to pin never if esm enabled
        + remove only the apt auth entry on disable, leaving sources.list
        + use Pin-Priority never apt preference file to disable esm initially
      - fips:
        + display as pending when linux-fips is not the running kernel
        + only install/upgrade optional packages that are already on the system
      - logs:
        + no longer redact secrets as logfile is root read-only
        + separate console log devel from logfile level
        + remove level from messages to the console
      - add subcommand to refresh all contract details
      - config: allow contract_url and sso_auth_url to have a trailing slash
      - docker: fix persisting generated uuid on images without machine-id files
      - environ: allow lowercase ua_<config_option> overrides
      - repo: un-comment ESM sources.list lines on repo disable
      - updated manpage and help docs
  
   -- Andreas Hasenack <andr...@canonical.com>  Wed, 03 Jul 2019 15:55:11
  -0300

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1926361

Title:
  [SRU] ubuntu-advantage-tools (10ubuntu0.16.04.1 -> 27.0) Xenial,
  Bionic, Focal, Hirsute

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1926361/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to