** Description changed: [Impact] This is a major rewrite of ubuntu-advantage-client. This version introduces an updated command line interface (UA Client) to simplify some interaction with Ubuntu Advantage support offerings, and interacts with a new service backend built specifically for this new streamlined experience. Disco and Eoan already have this new version (but slightly older), but trusty, xenial, bionic and cosmic do not. This update is for trusty only at the moment, because the other LTSs and later releases have other services available under the UA umbrella which haven't yet been fully converted to the new backend. [Test Case] There are free services available for Trusty and anyone with an ubuntu one account can try them out with the new client. You can sign up interactively by just typing: sudo ua attach That will prompt you for your ubuntu one login credentials, and 2FA if needed, and enable ESM and Livepatch (the latter if running an HWE kernel). Alternatively, you can go to https://auth.contracts.canonical.com/, obtain a token, and attach your machine with: sudo ua attach <token> [Regression Potential] This is a major rewrite from bash to python3 and there are changes in behavior. - new services will be listed, but not avaialble for trusty, only for later LTSs - even when ESM is not enabled, an apt hook will advertise the availability of updates in that repository. This hook has failed in the past while this package was in disco, and that failed the apt transaction. This has of course been fixed since then (see #1824523 and #1824523). [Other Info] This is the FFe bug that got this rewrite into Disco at that time: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1814157 Development of this client is happening on github: https://github.com/CanonicalLtd/ubuntu-advantage-client The GPG keys can be verified by checking the signed release files over https. Respectively: CC (not available on trusty atm): https://esm.ubuntu.com/cc/ubuntu/dists/xenial/InRelease FIPS (not available on trusty atm): https://esm.ubuntu.com/fips/ubuntu/dists/xenial/InRelease FIPS-updates (not available on trusty atm): https://esm.ubuntu.com/fips-updates/ubuntu/dists/xenial-updates/InRelease ESM: https://esm.ubuntu.com/ubuntu/dists/trusty-updates/InRelease and https://esm.ubuntu.com/ubuntu/dists/trusty-security/InRelease cis-audit is not ready and we don't have a gpg key for it yet, so we are shpping a placeholder file in the package called ubuntu- securitybenchmarks-keyring.gpg and that is a zero-sized file. Since cis- audit is not available for trusty, and gpg keyrings are only copied over to /etc/apt/trusted.gpg.d/ at enable time, this isn't an issue. And even if it was copied over to that directory, an empty file there doesn't cause issues. The reason we still have the file is, as said, a placeholder, as the code and tests expect it, and because we want to use the same source package for all supported ubuntu releases. + + On an upgrade, existing users of trusty esm are expected to run "sudo ua + attach [<token>]", although not doing it won't disable their existing + ESM access. The new ua tool just won't recognize esm as being active in + its "ua status" output until the attach operation is complete.
** Description changed: [Impact] This is a major rewrite of ubuntu-advantage-client. This version introduces an updated command line interface (UA Client) to simplify some interaction with Ubuntu Advantage support offerings, and interacts with a new service backend built specifically for this new streamlined experience. Disco and Eoan already have this new version (but slightly older), but trusty, xenial, bionic and cosmic do not. This update is for trusty only at the moment, because the other LTSs and later releases have other services available under the UA umbrella which haven't yet been fully converted to the new backend. [Test Case] There are free services available for Trusty and anyone with an ubuntu one account can try them out with the new client. You can sign up interactively by just typing: sudo ua attach That will prompt you for your ubuntu one login credentials, and 2FA if needed, and enable ESM and Livepatch (the latter if running an HWE kernel). Alternatively, you can go to https://auth.contracts.canonical.com/, obtain a token, and attach your machine with: sudo ua attach <token> [Regression Potential] This is a major rewrite from bash to python3 and there are changes in behavior. - new services will be listed, but not avaialble for trusty, only for later LTSs - even when ESM is not enabled, an apt hook will advertise the availability of updates in that repository. This hook has failed in the past while this package was in disco, and that failed the apt transaction. This has of course been fixed since then (see #1824523 and #1824523). [Other Info] This is the FFe bug that got this rewrite into Disco at that time: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1814157 Development of this client is happening on github: https://github.com/CanonicalLtd/ubuntu-advantage-client The GPG keys can be verified by checking the signed release files over https. Respectively: CC (not available on trusty atm): https://esm.ubuntu.com/cc/ubuntu/dists/xenial/InRelease FIPS (not available on trusty atm): https://esm.ubuntu.com/fips/ubuntu/dists/xenial/InRelease FIPS-updates (not available on trusty atm): https://esm.ubuntu.com/fips-updates/ubuntu/dists/xenial-updates/InRelease ESM: https://esm.ubuntu.com/ubuntu/dists/trusty-updates/InRelease and https://esm.ubuntu.com/ubuntu/dists/trusty-security/InRelease cis-audit is not ready and we don't have a gpg key for it yet, so we are shpping a placeholder file in the package called ubuntu- securitybenchmarks-keyring.gpg and that is a zero-sized file. Since cis- audit is not available for trusty, and gpg keyrings are only copied over to /etc/apt/trusted.gpg.d/ at enable time, this isn't an issue. And even if it was copied over to that directory, an empty file there doesn't cause issues. The reason we still have the file is, as said, a placeholder, as the code and tests expect it, and because we want to use the same source package for all supported ubuntu releases. On an upgrade, existing users of trusty esm are expected to run "sudo ua attach [<token>]", although not doing it won't disable their existing ESM access. The new ua tool just won't recognize esm as being active in - its "ua status" output until the attach operation is complete. + its "ua status" output until the attach operation is complete. The same + applies to livepatch, if it was enabled before. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1832757 Title: Update ubuntu-advantage-client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1832757/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
