pkg: rename existing ubuntu-esm-precise.list file to trusty
When upgrading from precise to trusty and esm is enabled,
ubuntu-advantage-tools v 10ubuntu0.14.04.4 does not rename
any apt precise apt sources files to trusty.
So if customers have already upgraded from precise enabled-esm to trusty
10ubuntu0.14.04.4, a subsequent upgrade to version 19.6 will
skip trying to rename:
ubuntu-esm-precise.list -> ubuntu-esm-infra-trusty.list.
postinst unconditionally renames ubuntu-esm-precise.list to
ubuntu-esm-infra-trusty.list. It no longer limits this rename
operation to the case where postinst is upgrading from version 1 (the precise
package version)
New changelog entries:
* New upstream release (LP: #1832757). Main changes:
- drop SSO interactive login support
- d/control: no longer depend on pymacaroons, which was only needed for
the SSO interactive login support
- drop keyrings for services not supported in trusty: cc-eal, fips,
fips-updates, cis audit
- make sure /var/lib/ubuntu-advantage/private has 0700 perms
- rename esm to esm-infra. Also handle upgrades
- don't unecessarily remove config files that are already handled by dpkg
- expand the apt related runtime dependencies
- handle sources.list.d esm snippet when release upgrading from precise
- ua status now reports availability of services even in unattached state
- the "ua status" output was changed, including the json format option
- drop "ua status" call in postinst as it now requires internet access and
that is restricted in LP builders and test runners.
- fix the d/t/usage DEP8 test that was also using status
New changelog entries:
* New upstream release (LP: #1832757):
- packaging:
+ d/control: depend on libapt-pkg<ABI_VERSION> to use pin-priority never
+ d/postinst: adjust logfile permissions
+ d/postinst: remove public files and generate status cache on upgrade
+ d/postinst: Remove the old CACHE_DIR in postinst
+ d/postrm: remove log files on package purge
+ d/postrm: remove the ESM pinning file on purge
+ trusty should remove v1 esm key if present after upgrade
+ keyrings: regenerate keyrings on a trusty host
+ refresh keyrings to match current production for fips and cc-eal
- apt:
+ all repo entitlements now call apt-get update on enable
+ enable -updates if -updates from the Ubuntu archive is enabled
+ Add basic i18n (good enough for lang packs)
+ retry apt install and update commands 3 times simple backoff
+ write commented -updates lines instead of omitting them
- attach/detach:
+ added --no-auto-enable option
+ suppress messages from inapplicable default entitlements
+ two-factor auth reprompt only two-factor auth on failed 2fa
+ honour enableByDefault obligations from contract server
+ livepatch: no auto-enable on attach for trusty
+ don't attempt to disable inapplicable entitlements during detach
+ check for root before checking for attach in assert_attached_root
- status:
+ add --json cli formatting option
+ emit a SERVICE header in status output
+ redact technical support and expiry for free contracts
+ unentitled services will report n/a
- cc-eal:
+ add a warning about download size before install
+ change cc to cc-eal in docs, parameters and commandline help
- esm:
+ add esm-v2 gpg keyring, drop old keyring, ignore aptKey directive
+ and livepatch auto enabled on attach where supported
+ on upgrade do not install preferences to pin never if esm enabled
+ remove only the apt auth entry on disable, leaving sources.list
+ use Pin-Priority never apt preference file to disable esm initially
- fips:
+ display as pending when linux-fips is not the running kernel
+ only install/upgrade optional packages that are already on the system
- logs:
+ no longer redact secrets as logfile is root read-only
+ separate console log devel from logfile level
+ remove level from messages to the console
- add subcommand to refresh all contract details
- config: allow contract_url and sso_auth_url to have a trailing slash
- docker: fix persisting generated uuid on images without machine-id files
- environ: allow lowercase ua_<config_option> overrides
- repo: un-comment ESM sources.list lines on repo disable
- updated manpage and help docs