Publishing details
Changelog
ubuntu-advantage-tools (27.0~18.04.1) bionic; urgency=medium
* Open 27.0 for active development
ubuntu-advantage-tools (26.2~21.04.1) hirsute; urgency=medium
* status: show beta services in status if enabled (GH: #1410)
ubuntu-advantage-tools (26.1~21.04.1) hirsute; urgency=medium
* New upstream release 26.1
- contract: block detach call to contract if machine-id change
- docs: add readme docs about mastering clean golden images
- fips: add reboot notices for fips operations (GH: #1368)
- livepatch: add retry when running canonical-livepatch status
(GH: #1360)
- util: use lru_cache to avoid re-reading os-release and machine-id
(GH: #1329)
- tests:
+ add disable_auto_attach config to all test PRO vms
+ add more log artifacts during failed integration test
+ check cloudinit status after launching image
+ mock leaking livepatch.application_status for fips test
+ retry package installs on apt exit 100
- jenkins: parameterize build stages to avoid parallel job collision
ubuntu-advantage-tools (26.0.1~21.04.1) hirsute; urgency=medium
* auto-attach: fix comparing numeric iid
ubuntu-advantage-tools (26.0~21.04.1) hirsute; urgency=medium
* New upstream release 26.0:
- auto-attach: systemd unit to run before ua-reboot-cmds.service
- config: remove_notice should remove notices.json when empty
- fips:
+ add notice if running a deactivated FIPS kernel (GH: #1348)
+ block enabling FIPS on clouds using Xenial
+ block enabling fips on GCP instances
+ check /proc/sys/crypto/fips_enable to see if fips is enabled
+ override fips metapackage when on bionic cloud
+ update metapackage override logic on fips
- notices: clear lock file and notice when encountering any exception
(GH: #1326)
- reboot_cmds: retry on lock held errors due to pro auto-attach
- services: allow uaclient to disable services during enable
- status: include beta services in json formatted output with --all
(GH: #1341)
- tests:
+ add FIPS tests to AWS and Azure bionic images
+ add GCP pro test for focal machine
+ add after_step collection of artifacts on failure
+ remove proc file check after disabling fips
+ pro: block auto-attach with cloud-config bootcmd
+ add validation of systemd unit ua-reboot-cmds.service
+ test enabling fips-updates when fips is enabled
- jenkins:
- add deb build stage to assert package builds
- use series-specific sbuild --build-dir avoid races
- use --append-to-version for each sbuild run to avoid races
- presume success when no integration artifacts created
ubuntu-advantage-tools (26.0~21.04.1~beta) hirsute; urgency=medium
* d/rules:
- add --with systemd to allow reboot init script
- do not remove lib/systemd/system folder
* d/postinst:
- create marker file when reboot script need to run:
- enable livepatch across trusty to xenial upgrade
- update fips on existing fips pro machines
* New upstream release 26.0~beta:
- gcp: add Google Cloud Platform support (GH #1269)
- fips:
+ remove is_beta from fips sevices
+ fips pro: add upgrade support to require reboot to unmark held fips pkgs
+ update origin UbuntuFIPSUpdates
- status:
+ add notice to tabular output
+ held locks emit notice about Operation in progress
- cli: help sort output so trusty ordering matches xenial++
- cis: rename service from cis-audit
- config: provide config notices and add_notice and remove_notice methods
- contract: add resource-machine-access route and datapath
- init: add init script to run commands on reboot
- keys: add ubuntu-advantage-cis keyring
- livepatch: make livepatch react to enableByDefault delta
- log: log when we install pkgs because of contract delta
- make: drop six testdeps target
- pro: do not install pro debs on non-pro instances
- services: Update beta info for services (GH #1220)
- tools: add tox-lxd-runner, that execute the test command in a shell
- tools: refresh-keyrings handles cis keys. drop series-specific keys
- tests:
+ add GCE support for integration tests
+ add cis integration tests for unattached and pro
+ add pytest constraint for mypy tests
+ add unittests for reboot_cmds script
+ fix esm package messages for new update notifier version
+ pin importlib-metadata for mypy tests
+ repo tests for request_resource_machine_access
+ unit tests for config cache clearing and machine-access data
- jenkins:
+ add basic Jenkinsfile for CI runs per PR
+ add jenkins parseable test results
+ add lxc cleanup stage on Jenkinsfile
ubuntu-advantage-tools (25.0~20.10.1) groovy; urgency=medium
* Release version 25.0
ubuntu-advantage-tools (25.0~20.10.1beta3) groovy; urgency=medium
* New upstream release 25.0~beta3:
- upgrade-lts-conract: noop during do-release-upgrade on unattached
(GH: #1255)
- ua-auto-attach: order systemd unit before cloud-config.service
- Update FIPSUpdates pin origin
- fips: unmark held fips packages for ubuntu pro fips image support
(GH: #1109)
- repo: handle changes to additionalPackages contract deltas
- repo: move package installation to install_packages method
- pro: trigger auto-attach as soon as instance-data.json is available
(GH: #1234)
- Conditionally install packages when enabling FIPS
- fips: allow disable (GH: #1168)
- cli: add trailing newline to argparse errors (GH: #1236)
- Install fips metapacking when enabling service
- integration test improvements:
+ upgrade-test: fix upgrade path restart failures on trusty (GH: #1257)
+ Fix integration test setup scripts (GH: #1253)
+ strict checking for command success on behave
+ Update tests to use new pycloudlib LXD abstraction
+ Add upgrade scenario tests when FIPS is enabled
+ Improve FIPS tests for checking packages
+ Update esm-infra xenial lxd test
+ Fix vm tests as esm-apps is beta service
+ Fix azure generic integration testing
+ Update esm-apps check on staging_commands tests
+ Install pycloudlib for azure jobs only
+ Fix shell condition in run_azure_travis_integration_tests.sh
+ Update azure jobs on travis
+ Update travis url in README
+ Update travis scripts to use ppa only on master
+ Fix cron event type check on travis yaml
ubuntu-advantage-tools (25.0~20.10.1~beta2) groovy; urgency=medium
* New upstream release 25.0~beta2:
- help: update esm-infra help text (GH: #1212)
- apt-hook: update apt cli messaging for UA Infra: ESM and UA Apps: ESM
product names
- help: update fips help docs (GH: #1213)
- help: revert CIS help doc URL (GH: #1211)
- help: add new fips help URLs to CLI help docs (GH: #1210)
- Show error when enabling service with invalid repo [Lucas Moura]
(GH: #954)
- Update beta info for services (#1220) [Lucas Moura] (GH: #1216)
- Do not enable fips when fips-updates is active [Lucas Moura] (GH: #1209)
- Add vm test commands in tox.ini (#1204) [Lucas Moura]
ubuntu-advantage-tools (25.0~20.10.1~beta1) groovy; urgency=medium
* Beta bug fix release
- status: fix missing description_override key after upgrade from
trusty (GH: #1201)
- During contract delta processing use _check_application_status_on_cache
instead of live service status
ubuntu-advantage-tools (25.0~20.10.1~beta) groovy; urgency=medium
* d/control:
- add po-debconf dependency and fix lintian not-using-po-debconf and
untranslatable-debconf-templates
- add ${misc:Depends} dep to ubuntu-advantage-pro to fix lintian
debhelper-but-no-misc-depends (GH: #1024)
* d/rules:
- drop --with systemd fix build-depends-on-obsolete-package
- set fix lintian warning extra:Depends even if empty
* d/postrm
- Add more gpg keys to be deleted in postrm for Xenial+ support
* d/postinst:
- do not unconfigure non-trusty esm. no series in apt filenames (GH: #1170)
- check if esm is already enabled (GH: #1095)
* New upstream release 25.0:
- Do not uninstall additionalPackages or livepatch when disabling services
- check for issubclass on clean_apt_files
- Add do-release-upgrade support for esm-infra and apps suites (GH: #1169)
- Apply contract deltas during do-release-upgrade operations
- cli: add ua help command
- cli: status add blocking --wait param and lock files for config change
- Fix livepatch behaviour on aws pro focal machine
- travis: drop inapplicable workspaces from specific awsgeneric release
jobs
- Add possible reboot text after enabling/disabling services
- apt-hook: package apt-hook and apt configuration files on all releases
(GH: #1150)
- Fix enable fail bug
- Add uaclient.conf override mechanism for auto-attach, beta services and
machine-token
- Support ESM Apps [Brian Murray] (GH: #930)
- Do not enable services if blocking services is active (GH: #1029)
- contract: handle 401 on invalid token, 403 on expired (GH: #1335)
- Hide beta services from default status output and enable/disable
operations (GH: #1079) (GH: #1091)
- fips: force apt noninteractive prompts during package installs
(GH: #1084)
- tests: add unit tests for aws-gov/aws-china cloud detection
- Add AWS China and GovCloud partitions [Robert Jennings]
- Disable beta services to be show/enabled without flag
- Add missing build_pr command to environment
- Use additionalPackages from service payload
- Add integration testing for Travis runs [patriciadomin] (GH: #856)
(GH: #857) (GH: #853)
ubuntu-advantage-tools (24.4) groovy; urgency=medium
* New bug-fix-only release 24.4:
- uaclient.version bump to 24.4
- fips: honor additionalPackage directive from contract for bionic
(GH #1173)
ubuntu-advantage-tools (24.3) groovy; urgency=medium
* New bug-fix-only release 24.3:
- uaclient.version bump to 24.3
- fips: add conditional reboot message only if /var/run/reboot-required is
present
- fips: add apt repo key for FIPS and FIPS updates (GH #1026)
ubuntu-advantage-tools (24.2) groovy; urgency=medium
* New bug-fix-only release 24.2:
- uaclient.version bump to 24.2
- pro: Add AWS China and GovCloud partitions support (GH #1077)
ubuntu-advantage-tools (24.1) groovy; urgency=medium
* New bug-fix-only release 24.1:
- livepatch: run snap wait system snap.seeded before trying to install
(GH: #1049)
- version: return debian/changelog version when git describe fails to
match upstream <major>.<minor> tags for git-ubuntu workflow
(GH: #1058)
ubuntu-advantage-tools (24.0) groovy; urgency=medium
* bump version to 24.0 for new versioninig scheme
ubuntu-advantage-tools (20.3) focal; urgency=medium
* New upstream release 20.3:
- ubuntu-pro: automatically reattach across instance id delta
(LP: #1867573)
- integration testing:
+ add behave tests ua subcommands for attached vm
+ add invalid token tests
+ add reuse_container test docs
+ refactor token parameter
ubuntu-advantage-tools (20.2) focal; urgency=medium
* d/templates: add a debconf note on upgrade from pre-ubuntu pro package
* d/control: create a separate ubuntu-advantage-pro package which
delivers the tooling and scripts necessary to auto-attach pro machines
This change breaks/replaces ubuntu-advantage-tools <= 20.1
* d/maintscript: rm_conffile /etc/init/ua-auto-attach.conf from ua-tools pkg
* d/postint: remove stale systemd symlinks which have migrated to ubuntu-pro
* d/rules: only install the apt hook on trusty
* d/rules: provide --no-start to debhelper to avoid auto-attach on pkg install
* Release 20.2:
- ubuntu-pro:
+ azure: fix detection of DatasourceAzureNet as azure on trusty
+ generalize identity_doc to return dict instead of string
+ auto-attach: any 4XX errors during auto-attach are the result of non-Pro
+ auto-attach: handle 403 errors raised by contract server for invalid vms
- attach: persist any status config changes after attach failures
- output: add messaging using a different subscription if attached
ubuntu-advantage-tools (20.1) xenial; urgency=medium
* Release 20.1:
- azure-pro, support for azure ubuntu pro auto-attach:
+ add azure auto-attach instance as valid cloud_instance_factory
+ add azure cloud instance module and tests
+ generalize request_aws_contract_token for multiple cloud_types
+ contract: request_auto_attach_contract_token takes an instance param
- constraints: add constraint on pyyaml version in trusty
- auto-attach: move duplicate invalid cloud_type check out of cli
ubuntu-advantage-tools (19.7) xenial; urgency=medium
* d/postinst: only configure ESM on supported architectures (LP: #1851858)
[Andreas Hasenack]
* d/postinst: rename existing ubuntu-esm-precise.list file to trusty.
This fixes the upgrade path from precise to trusty and to this client
while esm is enabled (LP: #1850672)
* Release 19.7:
- aws: handle missing SYS_HYPERVISOR_PRODUCT_UUID
- aws-pro: support for aws ubuntu pro auto-attach
- pro: add cloud identity module and fix unit tests
- pro: update systemd service and upstart boot scripts to auto-attach
- pro: esm do not do apt pin never on disable on xenial or bionic
- pro: esm-apps has origin UbuntuESMApps and esm-infra is UbuntuESM
- status: dynamic status available now from refreshed machine-token
- uaclient: update customer visible messages after UX review
- esm-apps: allow unattended security upgrades for esm-apps
- systemd: needs WantedBy=multi-user.target to get pulled into boot
- cli: update docstring to describe errors raised from auto-attach
- keyrings: update ubuntu-advantage-esm-apps.gpg with correct key
- repo: match strict repo url in apt-policy to avoid esm substring matches
- esm: don't disable_apt_auth_only for ESM entitlements
- initial implementation of esm-apps
- repo: don't raise exception in application_status if aptURL missing
- entitlements: rely solely on contract server for repo_url
- cli: exit 0 if already attached
- cli: use decorators for action_attach and action_attach_premium
- cli: add assert_not_attached decorator
- status: custom descriptions for n/a service status
ubuntu-advantage-tools (19.6) focal; urgency=medium
* New upstream release. Main changes:
- drop SSO interactive login support
- d/control: no longer depend on pymacaroons, which was only needed for
the SSO interactive login support
- drop keyrings for services not supported in trusty: cc-eal, fips,
fips-updates, cis audit
- make sure /var/lib/ubuntu-advantage/private has 0700 perms
- rename esm to esm-infra. Also handle upgrades
- don't unecessarily remove config files that are already handled by dpkg
- expand the apt related runtime dependencies
- handle sources.list.d esm snippet when release upgrading from precise
- ua status now reports availability of services even in unattached state
- the "ua status" output was changed, including the json format option
- drop "ua status" call in postinst as it now requires internet access and
that is restricted in LP builders and test runners.
- fix the d/t/usage DEP8 test that was also using status
ubuntu-advantage-tools (19.5.1) eoan; urgency=medium
* d/t/usage: fix dep8 test ("entitlements" was renamed to "services")
ubuntu-advantage-tools (19.5) eoan; urgency=medium
* New upstream release (LP: #1832757):
- packaging:
+ d/control: depend on libapt-pkg<ABI_VERSION> to use pin-priority never
+ d/postinst: adjust logfile permissions
+ d/postinst: remove public files and generate status cache on upgrade
+ d/postinst: Remove the old CACHE_DIR in postinst
+ d/postrm: remove log files on package purge
+ d/postrm: remove the ESM pinning file on purge
+ trusty should remove v1 esm key if present after upgrade
+ keyrings: regenerate keyrings on a trusty host
+ refresh keyrings to match current production for fips and cc-eal
- apt:
+ all repo entitlements now call apt-get update on enable
+ enable -updates if -updates from the Ubuntu archive is enabled
+ Add basic i18n (good enough for lang packs)
+ retry apt install and update commands 3 times simple backoff
+ write commented -updates lines instead of omitting them
- attach/detach:
+ added --no-auto-enable option
+ suppress messages from inapplicable default entitlements
+ two-factor auth reprompt only two-factor auth on failed 2fa
+ honour enableByDefault obligations from contract server
+ livepatch: no auto-enable on attach for trusty
+ don't attempt to disable inapplicable entitlements during detach
+ check for root before checking for attach in assert_attached_root
- status:
+ add --json cli formatting option
+ emit a SERVICE header in status output
+ redact technical support and expiry for free contracts
+ unentitled services will report n/a
- cc-eal:
+ add a warning about download size before install
+ change cc to cc-eal in docs, parameters and commandline help
- esm:
+ add esm-v2 gpg keyring, drop old keyring, ignore aptKey directive
+ and livepatch auto enabled on attach where supported
+ on upgrade do not install preferences to pin never if esm enabled
+ remove only the apt auth entry on disable, leaving sources.list
+ use Pin-Priority never apt preference file to disable esm initially
- fips:
+ display as pending when linux-fips is not the running kernel
+ only install/upgrade optional packages that are already on the system
- logs:
+ no longer redact secrets as logfile is root read-only
+ separate console log devel from logfile level
+ remove level from messages to the console
- add subcommand to refresh all contract details
- config: allow contract_url and sso_auth_url to have a trailing slash
- docker: fix persisting generated uuid on images without machine-id files
- environ: allow lowercase ua_<config_option> overrides
- repo: un-comment ESM sources.list lines on repo disable
- updated manpage and help docs
ubuntu-advantage-tools (19.4.1) eoan; urgency=medium
* apt-hook: Add missing headers for APT 1.9
ubuntu-advantage-tools (19.4) disco; urgency=medium
* Drop the self-test assert in the apt-hook, it's making the subiquity
server install fail (LP: #1824523)
ubuntu-advantage-tools (19.3) disco; urgency=medium
* apt-hook: Do not crash/fail if we can't read /proc/self/status
(LP: #1824523)
ubuntu-advantage-tools (19.2) disco; urgency=medium
* Ubuntu Advantage Tools rewrite in Python (LP: #1814157):
- Allow attaching a system to a contract or account
- More complete status output, dropping MOTD updates
- Easily enable and disable services offered
ubuntu-advantage-tools (18) bionic; urgency=medium
* Have ua status cope with the additional livepatch of running a kernel
that is not supported for livepatches.
* Have an option for enable-livepatch to install a compatible kernel if
needed.
[ Vineetha Kamath ]
* Add support to common criteria EAL2 artifacts installation #144
-- Lucas Moura <email address hidden> Fri, 15 Jan 2021 10:44:55 -0300
Builds
Built packages
-
ubuntu-advantage-pro
utilities and services for Ubuntu Pro images
-
ubuntu-advantage-tools
management tools for Ubuntu Advantage
Package files