Ubuntu
ubuntu-advantage-tools package

Merge ~lamoura/ubuntu/+source/ubuntu-advantage-tools:upload-29-mantic into ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel

  1. Git
  2. lp:~lamoura/ubuntu/+source/ubuntu-advantage-tools
  3. upload-29-mantic
  4. Merge into ubuntu/devel
Proposed by Lucas Albuquerque Medeiros de Moura
Status: Merged
Merge reported by: Andreas Hasenack
Merged at revision: 8380832503fb8750973606fdd2aec380bf63f7ca
Proposed branch: ~lamoura/ubuntu/+source/ubuntu-advantage-tools:upload-29-mantic
Merge into: ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel
Diff against target: 30422 lines (+11104/-4457)
207 files modified
.github/PULL_REQUEST_TEMPLATE.md (+1/-1)
.github/actions/bug-refs/index.js (+30/-3)
.github/actions/release-changelog-bug-refs/action.yml (+9/-0)
.github/actions/release-changelog-bug-refs/index.js (+44/-0)
.github/actions/release-changelog-bug-refs/package-lock.json (+430/-0)
.github/actions/release-changelog-bug-refs/package.json (+10/-0)
.github/workflows/ci-base.yaml (+0/-2)
.github/workflows/ci-integration.yaml (+5/-2)
.github/workflows/release-checks.yaml (+22/-0)
.gitignore (+51/-0)
.readthedocs.yaml (+5/-7)
CONTRIBUTING.md (+17/-17)
README.md (+4/-4)
debian/README.source (+38/-0)
debian/changelog (+35/-0)
debian/control (+2/-2)
debian/copyright (+3/-3)
debian/source/lintian-overrides (+0/-3)
debian/ubuntu-advantage-tools.lintian-overrides (+10/-0)
debian/ubuntu-advantage-tools.postinst (+29/-6)
debian/ubuntu-advantage-tools.postrm (+1/-1)
dev/null (+0/-474)
features/_version.feature (+2/-2)
features/airgapped.feature (+3/-2)
features/anbox.feature (+136/-0)
features/api.feature (+2/-2)
features/api_fix_plan.feature (+239/-0)
features/api_packages.feature (+1/-1)
features/api_unattended_upgrades.feature (+1/-1)
features/apt_messages.feature (+109/-28)
features/attach_invalidtoken.feature (+18/-16)
features/attach_validtoken.feature (+4/-3)
features/attached_commands.feature (+77/-130)
features/attached_enable.feature (+34/-105)
features/attached_status.feature (+6/-1)
features/collect_logs.feature (+2/-2)
features/config.feature (+3/-2)
features/daemon.feature (+4/-4)
features/environment.py (+25/-8)
features/fix.feature (+134/-1)
features/i8n.feature (+1/-1)
features/install_uninstall.feature (+3/-3)
features/landscape.feature (+257/-0)
features/livepatch.feature (+4/-4)
features/logs.feature (+4/-3)
features/magic_attach.feature (+3/-4)
features/motd_messages.feature (+2/-1)
features/proxy_config.feature (+116/-0)
features/schemas/anbox_cloud_credentials.json (+18/-0)
features/schemas/cve_fix_plan.json (+91/-0)
features/schemas/usn_fix_plan.json (+107/-0)
features/security_status.feature (+11/-7)
features/steps/files.py (+10/-0)
features/steps/landscape.py (+69/-0)
features/steps/machines.py (+31/-2)
features/steps/output.py (+42/-19)
features/steps/packages.py (+4/-5)
features/steps/shell.py (+22/-13)
features/steps/snap.py (+31/-0)
features/steps/ubuntu_advantage_tools.py (+24/-13)
features/timer.feature (+3/-2)
features/ubuntu_pro.feature (+39/-30)
features/ubuntu_pro_fips.feature (+24/-24)
features/ubuntu_upgrade.feature (+2/-2)
features/ubuntu_upgrade_unattached.feature (+5/-5)
features/unattached_commands.feature (+44/-43)
features/unattached_status.feature (+68/-31)
features/util.py (+56/-11)
help_data.yaml (+22/-0)
lib/apt_news.py (+1/-3)
lib/auto_attach.py (+12/-13)
lib/daemon.py (+13/-4)
lib/esm_cache.py (+2/-4)
lib/patch_status_json.py (+5/-3)
lib/reboot_cmds.py (+18/-14)
lib/timer.py (+3/-2)
lib/upgrade_lts_contract.py (+2/-1)
preferences.d/ubuntu-pro-esm-apps (+8/-0)
preferences.d/ubuntu-pro-esm-infra (+8/-0)
setup.py (+2/-1)
sru/README.md (+1/-1)
sru/_archive/release-28/azure_auto_attach_on_boot.sh (+108/-0)
sru/_archive/release-28/test-esm-infra-key-rename.sh (+78/-0)
sru/release-29/test-esm-pinning.sh (+177/-0)
tools/build.py (+20/-2)
tools/create-lp-release-branches.sh (+1/-1)
tools/refresh-keyrings.sh (+2/-2)
tools/run-integration-tests.py (+5/-5)
tools/setup_sbuild.sh (+1/-1)
tools/ua.bash (+2/-2)
tox.ini (+5/-8)
types-requirements.txt (+1/-0)
uaclient/actions.py (+44/-14)
uaclient/api/__init__.py (+4/-0)
uaclient/api/api.py (+87/-34)
uaclient/api/tests/test_api.py (+80/-10)
uaclient/api/tests/test_api_u_pro_attach_auto_full_auto_attach_v1.py (+25/-0)
uaclient/api/tests/test_api_u_pro_security_status_get_package_manifest.py (+61/-21)
uaclient/api/tests/test_api_u_pro_security_status_reboot_required_v1.py (+296/-11)
uaclient/api/tests/test_api_u_unattended_upgrades_status_v1.py (+10/-4)
uaclient/api/tests/test_fix.py (+833/-0)
uaclient/api/u/apt_news/__init__.py (+0/-0)
uaclient/api/u/apt_news/current_news/__init__.py (+0/-0)
uaclient/api/u/apt_news/current_news/v1.py (+32/-0)
uaclient/api/u/pro/attach/auto/full_auto_attach/v1.py (+4/-1)
uaclient/api/u/pro/security/fix/__init__.py (+720/-0)
uaclient/api/u/pro/security/fix/cve/__init__.py (+0/-0)
uaclient/api/u/pro/security/fix/cve/plan/__init__.py (+0/-0)
uaclient/api/u/pro/security/fix/cve/plan/v1.py (+88/-0)
uaclient/api/u/pro/security/fix/usn/__init__.py (+0/-0)
uaclient/api/u/pro/security/fix/usn/plan/__init__.py (+0/-0)
uaclient/api/u/pro/security/fix/usn/plan/v1.py (+88/-0)
uaclient/api/u/pro/security/status/reboot_required/v1.py (+136/-4)
uaclient/api/u/security/package_manifest/v1.py (+3/-3)
uaclient/api/u/unattended_upgrades/status/v1.py (+5/-4)
uaclient/apt.py (+11/-10)
uaclient/apt_news.py (+46/-50)
uaclient/cli.py (+80/-47)
uaclient/clouds/aws.py (+26/-26)
uaclient/clouds/azure.py (+17/-10)
uaclient/clouds/gcp.py (+30/-45)
uaclient/clouds/identity.py (+5/-3)
uaclient/clouds/tests/test_aws.py (+83/-40)
uaclient/clouds/tests/test_azure.py (+56/-29)
uaclient/clouds/tests/test_gcp.py (+60/-27)
uaclient/config.py (+28/-30)
uaclient/conftest.py (+21/-6)
uaclient/contract.py (+276/-198)
uaclient/daemon/__init__.py (+8/-5)
uaclient/daemon/poll_for_pro_license.py (+1/-1)
uaclient/daemon/retry_auto_attach.py (+6/-20)
uaclient/daemon/tests/test_retry_auto_attach.py (+2/-14)
uaclient/data_types.py (+1/-1)
uaclient/defaults.py (+3/-0)
uaclient/entitlements/__init__.py (+4/-0)
uaclient/entitlements/anbox.py (+85/-0)
uaclient/entitlements/base.py (+154/-11)
uaclient/entitlements/cc.py (+1/-1)
uaclient/entitlements/cis.py (+1/-1)
uaclient/entitlements/esm.py (+2/-2)
uaclient/entitlements/fips.py (+3/-6)
uaclient/entitlements/landscape.py (+142/-0)
uaclient/entitlements/livepatch.py (+18/-50)
uaclient/entitlements/realtime.py (+1/-1)
uaclient/entitlements/repo.py (+20/-14)
uaclient/entitlements/ros.py (+1/-1)
uaclient/entitlements/tests/test_base.py (+217/-6)
uaclient/entitlements/tests/test_cc.py (+3/-26)
uaclient/entitlements/tests/test_cis.py (+1/-17)
uaclient/entitlements/tests/test_fips.py (+2/-2)
uaclient/entitlements/tests/test_landscape.py (+272/-0)
uaclient/entitlements/tests/test_livepatch.py (+35/-92)
uaclient/entitlements/tests/test_repo.py (+1/-1)
uaclient/exceptions.py (+74/-66)
uaclient/files/files.py (+8/-1)
uaclient/files/notices.py (+2/-2)
uaclient/files/state_files.py (+51/-0)
uaclient/gpg.py (+4/-2)
uaclient/http/__init__.py (+388/-0)
uaclient/http/serviceclient.py (+36/-71)
uaclient/http/tests/test_http.py (+461/-0)
uaclient/http/tests/test_serviceclient.py (+22/-69)
uaclient/livepatch.py (+25/-34)
uaclient/lock.py (+2/-2)
uaclient/messages.py (+145/-47)
uaclient/security.py (+45/-33)
uaclient/security_status.py (+4/-61)
uaclient/snap.py (+127/-42)
uaclient/status.py (+1/-1)
uaclient/system.py (+107/-38)
uaclient/testing/fakes.py (+11/-4)
uaclient/testing/helpers.py (+8/-0)
uaclient/tests/test_actions.py (+249/-37)
uaclient/tests/test_apt.py (+14/-14)
uaclient/tests/test_apt_news.py (+151/-151)
uaclient/tests/test_cli.py (+29/-202)
uaclient/tests/test_cli_api.py (+19/-2)
uaclient/tests/test_cli_attach.py (+47/-67)
uaclient/tests/test_cli_auto_attach.py (+5/-3)
uaclient/tests/test_cli_collect_logs.py (+2/-1)
uaclient/tests/test_cli_config.py (+1/-1)
uaclient/tests/test_cli_config_set.py (+13/-13)
uaclient/tests/test_cli_disable.py (+8/-3)
uaclient/tests/test_cli_enable.py (+33/-15)
uaclient/tests/test_cli_refresh.py (+14/-16)
uaclient/tests/test_cli_status.py (+5/-4)
uaclient/tests/test_config.py (+25/-19)
uaclient/tests/test_contract.py (+844/-584)
uaclient/tests/test_esm_cache.py (+13/-10)
uaclient/tests/test_gpg.py (+2/-2)
uaclient/tests/test_lib_auto_attach.py (+1/-8)
uaclient/tests/test_livepatch.py (+89/-13)
uaclient/tests/test_log.py (+4/-3)
uaclient/tests/test_security.py (+67/-24)
uaclient/tests/test_security_status.py (+5/-170)
uaclient/tests/test_snap.py (+194/-73)
uaclient/tests/test_status.py (+13/-1)
uaclient/tests/test_system.py (+215/-23)
uaclient/tests/test_util.py (+74/-279)
uaclient/timer/__init__.py (+2/-2)
uaclient/timer/tests/test_update_messaging.py (+3/-6)
uaclient/timer/update_contract_info.py (+1/-1)
uaclient/timer/update_messaging.py (+16/-51)
uaclient/upgrade_lts_contract.py (+11/-8)
uaclient/util.py (+34/-152)
uaclient/version.py (+1/-1)
uaclient/yaml.py (+6/-3)
Reviewer Review Type Date Requested Status
Robie Basak Needs Fixing
Sergio Durigan Junior (community) Approve
Canonical Server Reporter Pending
Review via email: mp+448239@code.launchpad.net

Description of the change

Release version 29 for ubuntu-advantage-tools package.
More information can be found on the following SRU bug:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2029144

See the CHANGELOG and related bugs for more information.

To post a comment you must log in.
Revision history for this message
Lucas Albuquerque Medeiros de Moura (lamoura) wrote :
Download full text (13.8 KiB)

Xenial tests:
  - Source ubuntu-advantage-tools/29~16.04~rc1: Published
    + amd64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=amd64&trigger=ubuntu-advantage-tools%2F29~16.04~rc1&ppa=ua-client%2Fstaging♻️
    + arm64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=arm64&trigger=ubuntu-advantage-tools%2F29~16.04~rc1&ppa=ua-client%2Fstaging♻️
    + armhf: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=armhf&trigger=ubuntu-advantage-tools%2F29~16.04~rc1&ppa=ua-client%2Fstaging♻️
    + ppcel64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=ppcel64&trigger=ubuntu-advantage-tools%2F29~16.04~rc1&ppa=ua-client%2Fstaging♻️
    + riscv64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=riscv64&trigger=ubuntu-advantage-tools%2F29~16.04~rc1&ppa=ua-client%2Fstaging♻️
    + s390x: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=s390x&trigger=ubuntu-advantage-tools%2F29~16.04~rc1&ppa=ua-client%2Fstaging♻️
    + amd64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=amd64&trigger=ubuntu-advantage-tools%2F29~16.04~rc1&ppa=ua-client%2Fstaging💍
    + arm64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=arm64&trigger=ubuntu-advantage-tools%2F29~16.04~rc1&ppa=ua-client%2Fstaging💍
    + armhf: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=armhf&trigger=ubuntu-advantage-tools%2F29~16.04~rc1&ppa=ua-client%2Fstaging💍
    + ppcel64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=ppcel64&trigger=ubuntu-advantage-tools%2F29~16.04~rc1&ppa=ua-client%2Fstaging💍
    + riscv64: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=riscv64&trigger=ubuntu-advantage-tools%2F29~16.04~rc1&ppa=ua-client%2Fstaging💍
    + s390x: https://autopkgtest.ubuntu.com/request.cgi?release=xenial&package=ubuntu-advantage-tools&arch=s390x&trigger=ubuntu-advantage-tools%2F29~16.04~rc1&ppa=ua-client%2Fstaging💍

Bionic tests:

  - Source ubuntu-advantage-tools/29~18.04~rc1: Published
    + amd64: https://autopkgtest.ubuntu.com/request.cgi?release=bionic&package=ubuntu-advantage-tools&arch=amd64&trigger=ubuntu-advantage-tools%2F29~18.04~rc1&ppa=ua-client%2Fstaging♻️
    + arm64: https://autopkgtest.ubuntu.com/request.cgi?release=bionic&package=ubuntu-advantage-tools&arch=arm64&trigger=ubuntu-advantage-tools%2F29~18.04~rc1&ppa=ua-client%2Fstaging♻️
    + armhf: https://autopkgtest.ubuntu.com/request.cgi?release=bionic&package=ubuntu-advantage-tools&arch=armhf&trigger=ubuntu-advantage-tools%2F29~18.04~rc1&ppa=ua-client%2Fstaging♻️
    + ppcel64: https://a...

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :
Download full text (4.0 KiB)

Thank you, Lucas.

Here's my review. I focused on the Debian packaging stuff, but also tried to review the overall changes to the source code. Also, some of the points I raise below can be considered nitpicky/wishlist.

## dep8 tests

Before I forget: I triggered the dep8 tests for Mantic. Here's the result:

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-mantic-ua-client-staging/?format=plain)
  ubuntu-advantage-tools @ amd64:
    02.08.23 19:27:59 Log 🗒️ ✅ Triggers: ubuntu-advantage-tools/29~rc1
  ubuntu-advantage-tools @ arm64:
    02.08.23 19:48:24 Log 🗒️ ✅ Triggers: ubuntu-advantage-tools/29~rc1
  ubuntu-advantage-tools @ armhf:
    02.08.23 19:23:09 Log 🗒️ ✅ Triggers: ubuntu-advantage-tools/29~rc1
  ubuntu-advantage-tools @ ppc64el:
    02.08.23 20:17:12 Log 🗒️ ✅ Triggers: ubuntu-advantage-tools/29~rc1
  ubuntu-advantage-tools @ s390x:
    02.08.23 19:36:43 Log 🗒️ ✅ Triggers: ubuntu-advantage-tools/29~rc1

## lintian messages

I noticed that you do read the lintian messages (good!) and take care to handle them when needed, so I decided to comment on some of the existing messages that I believe could be addressed as well.

- maintainer-script-calls-systemctl: you should be able to use "deb-systemd-invoke" instead of invoking "systemctl" directly in the postinst script, because "deb-systemd-invoke" will simply execute "systemctl" with whatever arguments you pass to it.

- possible-bashism-in-maintainer-script: you can safely override this one.

- command-with-path-in-maintainer-script: I see that this has been done this way because of LP #1930121, so it's OK to override this (and leave a comment referencing the bug).

- package-supports-alternative-init-but-no-init.d-script: you can safely override this one (Ubuntu doesn't support sysv init.d).

- systemd-service-file-missing-documentation-key: I'd recommend adding the Documentation directive in the systemd service files.

There are two override flags that can probably be dropped (invalid-arch-string-in-source-relation and missing-build-dependency-for-dh_-command) because lintian is saying that they're unused.

## d/changelog

- The new README file is called d/README.source (you missed the ".source" suffix).

- Typo: subsctiption

- The text after "- proxy:" starts with a capital "A". It should follow the convention and start with lowercase "a".

- Nitpick: you might also mention the d/copyright update here, just for completeness sake. No need to rebase the branch just for that, though.

I still have to look deeper into the contents of d/changelog vs. the commits.

## d/README.source

LGTM, but I have a question:

- According to the discussion on https://github.com/canonical/ubuntu-pro-client/issues/2463, you had decided to keep the documentation bits as part of the tarball but mention that they're not actually used to generate the binary package. However, df505d4643a20a7210a9c9ae972678549adc0801 seems to indicate that you decided to move the documentation out of the tarball. Is that correct? Is this why I don't see a mention to the documentation part in the "Particularities" section here?

## d/*postinst

- Nitpick: you co...

Read more...

review: Needs Information
~lamoura/ubuntu/+source/ubuntu-advantage-tools:upload-29-mantic updated
ac83297... by Renan Rodrigo

d/changelog: fix typos and add missing d/copyright entry

Signed-off-by: Renan Rodrigo <email address hidden>

097d33b... by Renan Rodrigo

chore: tweak messages in the preferences files

Following release review suggestions

Signed-off-by: Renan Rodrigo <email address hidden>

Revision history for this message
Renan Rodrigo (renanrodrigo) wrote :

Hello, sergiodj, thanks much for this first round of feedback - appreciated.

So,

> - According to the discussion on https://github.com/canonical/ubuntu-pro-client/issues/2463, you had decided to keep the documentation bits as part of the tarball but mention that they're not actually used to generate the binary package. However, df505d4643a20a7210a9c9ae972678549adc0801 seems to indicate that you decided to move the documentation out of the tarball. Is that correct? Is this why I don't see a mention to the documentation part in the "Particularities" section here?

Sorry, this is on me - I updated the Jira ticket, but not the (public and available) GH issue :/
We have decided to completely remove the documentation bits from the tarball, so anyone packaging/sponsoring u-a-t would not need to care about docs in the process. We would include it in the readme if we had decided to keep those around, but given we removed it, we also don't mention it in the readme.

~lamoura/ubuntu/+source/ubuntu-advantage-tools:upload-29-mantic updated
8137d60... by Lucas Albuquerque Medeiros de Moura

lintian: add overrides to some known warnings

3b619ce... by Lucas Albuquerque Medeiros de Moura

postinst: change systemctl to deb-systemd-invoke

Calling systemctl on the postinst script generates a lintian warning.
We are replacing it for deb-systemd-invoke to silence it

8380832... by Lucas Albuquerque Medeiros de Moura

postinst: use for loop to rename gpg keys

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

> Hello, sergiodj, thanks much for this first round of feedback - appreciated.
>
> So,
>
> > - According to the discussion on https://github.com/canonical/ubuntu-pro-
> client/issues/2463, you had decided to keep the documentation bits as part of
> the tarball but mention that they're not actually used to generate the binary
> package. However, df505d4643a20a7210a9c9ae972678549adc0801 seems to indicate
> that you decided to move the documentation out of the tarball. Is that
> correct? Is this why I don't see a mention to the documentation part in the
> "Particularities" section here?
>
> Sorry, this is on me - I updated the Jira ticket, but not the (public and
> available) GH issue :/
> We have decided to completely remove the documentation bits from the tarball,
> so anyone packaging/sponsoring u-a-t would not need to care about docs in the
> process. We would include it in the readme if we had decided to keep those
> around, but given we removed it, we also don't mention it in the readme.

Thanks for the reply and for clarifying this part, Renan.

Revision history for this message
Lucas Albuquerque Medeiros de Moura (lamoura) wrote :

Hi Sergio,

Thanks for the review. I have updated the MR addressing all of the suggested changes.
Regarding b33fb5e3, this is an issue generated by a previous release. What I did was at least to remove the duplicated code generated by it.

But please let me know if you identify anything else that needs improvement/changes.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thank you, Lucas et al.

I did a second pass to verify the points that I raised, and confirmed that they've been properly addressed.

Everything else LGTM, so I'm approving this MP and uploading the package. Thank you again!

$ dput ubuntu-advantage-tools_29_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/ubuntu-advantage-tools/ubuntu-advantage-tools_29_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/ubuntu-advantage-tools/ubuntu-advantage-tools_29.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_29.dsc: done.
  Uploading ubuntu-advantage-tools_29.tar.xz: done.
  Uploading ubuntu-advantage-tools_29_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_29_source.changes: done.
Successfully uploaded packages.

review: Approve
Revision history for this message
Robie Basak (racb) wrote :
Download full text (5.5 KiB)

> b33fb5e3 lock: alert the user about corrupted lock

[Comment only] This seems to have no relation to the change, and the referenced bug is already fixed?

> 31572946 refactor: implementation-agnostic interface to readurl

[Comment only] On what you describe in the commit message: in Python, I'm dubious about failures being presented by return codes instead of via exceptions. It's not the normal pattern, and thus seems error-prone in that a caller is more likely to fail to check and for that to be missed in future reviews.

> 296edca3 chore: rename repo GPG keys from -advantage to -pro
> 83808325 postinst: use for loop to rename gpg keys

[Comment only] I'm not sure why this is labelled as "chore". I don't subscribe to "semantic commit messages" but even then this is absolutely a user-visible change!

[Needs Information] Why are we renaming these keys at all? We're not renaming the package name, and the prefix /etc/apt/trusted.gpg.d/ubuntu-advantage- arguably makes it clear the these file belong to this package. And there are further complications: these are in /etc, so could be modified or removed by users, so we have to consider that type of case - at least to review to ensure that the maintainer scripts cannot explode. Further, even though mv_conffile is not appropriate in this case, it demonstrates the error rollbacks that are not implemented here, so a failure somewhere else in the postinst could lead to a user's system ending up in a broken state due to this part not being rolled back correctly, and that requires further thought, review and possible implementation. Is this worth the regression risk and review effort?

> 7c2f481b http: use pycurl for tls-in-tls requests

[Comment only]

Note that you are depending on ca-certificates (due to /etc/ssl/certs/ca-certificates.crt) but cannot Depend on it. The instruction "apt install python3-pycurl" will probably pull it in as a Recommends, but not necessarily if users have Recommends installation disabled (this is not uncommon in "minimal" server deployments). So it might be worth stating it explicitly.

IIRC this is also an issue for plain Python SSL. I remember it coming up but don't remember how we handled it. It might be worth verifying that there are tests to ensure that behaviour is reasonable when ca-certificates is not installed - both for the Python and pycurl cases.

> fead7d19 contract: support requiredPackages directive

[Needs Information] Under what circumstances are these directives provided? Just when a service is being enabled, or is it wider than this?

> c2a7f7ab landscape: support enabling and disabling landscape-client

[Comment only] I asked why is help_data.yaml in /etc, and understand that you are planning to move it out.

> 1162f56f esm: pin repositories to a higher priority using static files
> 21c28f36 esm: add comment to preference files
> 097d33bf chore: tweak messages in the preferences files

[Needs Fixing]

1. Could you please add a test to ensure that a regular archive package not from ESM remains *not* pinned (ie. priority 500)? Unless I'm missing something, I looked at features/attached_enable.feature and at sru/release-29/test-esm-pinning.sh and didn't se...

Read more...

review: Needs Fixing
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Thursday, August 17 2023, Robie Basak wrote:

>> 3b619ce9 postinst: change systemctl to deb-systemd-invoke
>
> [Needs Information]
>
> Did you do this because lintian told you to? deb-systemd-invoke is
> documented as only supporting start|stop|restart and I'm not sure
> policy-rc.d makes sense for daemon-reload or reset-failed anyway. But
> I tested this on Mantic and it seems to work. I'm OK with the change,
> but as it's in a less common upgrade path, do we have an ongoing test
> that validates that it will work into the future please? Alternatively
> this seems like a lintian bug that should allow "--system
> daemon-reload" and "reset-failed" and might be worth a bug report (and
> additionally a blanket "use deb-systemd-invoke" claim contradicts the
> command's own usage notice that only permits it for
> start|stop|restart). I see code to allow daemon-reload upstream
> already[1]. See also the scoped overrides I mentioned above.
>
> Please either: 1) defer the change; or 2) ensure an ongoing test exists for the purposes of exercising this code path (this might already exist; I didn't check; if you say there is one then that's good enough for me).
>
> I suggest also specific lintian overrides and a bug to lintian upstream.
>
> [1] https://salsa.debian.org/lintian/lintian/-/blob/ea05801918ed0e87824d89bf16a6ee166450b977/lib/Lintian/Check/MaintainerScripts/Systemctl.pm

Hey Robie,

Thanks for the extra review. This change was done because of a request
I made after building the package noticing the lintian warning.

My rationale here is that even though "deb-systemd-invoke" does not
explicitly document support actions other than start|stop|restart, there
is code in place to support deferring any other command to "systemctl"
directly:

  https://salsa.debian.org/debian/init-system-helpers/-/blob/master/script/deb-systemd-invoke#L157

This code (or other versions of it) has been there since the start, so
we should be covered when dealing with Xenial.

It is indeed arguable whether "deb-systemd-invoke" should be used only
for the actions mentioned above; the manpage's SYNOPSIS indicates that,
but the DESCRIPTION is more generic and doesn't impose the same limits.

Anyway, this is a really small change and I'm absolutely fine if Lucas
decides to revert it, although he also told me that they do have tests
to cover this code path, but I will let him elaborate more on that.

Thanks,

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message
Lucas Albuquerque Medeiros de Moura (lamoura) wrote :

Hi Robie, thanks for the review.

Let me address all of the comments here:

> b33fb5e3 lock: alert the user about corrupted lock

This commit is just trying to fix a rebase issue we had in the past. It just deletes duplicated lines on the messages module. It is not ideal, but I think this can be ignored for the release.

> 31572946 refactor: implementation-agnostic interface to readurl

Yes, since the libraries we support now have those differences between how they raise the exception, we have tried to follow a pattern similar to what request does:
https://requests.readthedocs.io/en/latest/user/quickstart/#response-status-codes
But we understand that we need to be careful on the review regarding new code that perform any type of requests

> 296edca3 chore: rename repo GPG keys from -advantage to -pro
> 83808325 postinst: use for loop to rename gpg keys
> Why are we renaming these keys at all?

we plan to rename the package before 24.04 and we are already addressing some parts of the code earlier, to make this change more incremental.

> And there are further complications: these are in /etc, so could be modified or removed by users, so we have to consider that type of case - at least to review to ensure that the maintainer scripts cannot explode. Further, even though mv_conffile is not appropriate in this case, it demonstrates the error rollbacks that are not implemented here, so a failure somewhere else in the postinst could lead to a user's system ending up in a broken state due to this part not being rolled back correctly, and that requires further thought, review and possible implementation. Is this worth the regression risk and review effort?

Regarding user modifications, I believe we shouldn't worry. Those files are only created once the service is enabled and the key there isn unique for each service. Therefore, modifications are definitely unsupported.

Regarding failures, the only impact is that we will end up with a key that was not renamed. In that situation, the service will still work as expected and the only side-effect is that during disable, we will
not remove the old key. But I will of course create a test script that demonstrate that

> 7c2f481b http: use pycurl for tls-in-tls requests

Great catch, we need to better alert the user about ca-certificates. I will add a commit addressing this.

> fead7d19 contract: support requiredPackages directive

[Needs Information] Under what circumstances are these directives provided? Just when a service is being enabled, or is it wider than this?

We will only read and act upon this directive when a service is enabled. Also this directive is currently only present for the Landscape service

[Needs Fixing]

Yes, I will update the test and update the comment on the pin file too

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Some version of this eventually landed in mantic-proposed[1], but was superseeded by multiple follow-up uploads.

I'll mark this MP as merged due to that.

1. https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/29

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 7faa407..a652232 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -45,7 +45,7 @@ sudo pro new-sub-command --new-flag
45that apply. -->45that apply. -->
46 - [ ] I have updated or added any unit tests accordingly46 - [ ] I have updated or added any unit tests accordingly
47 - [ ] I have updated or added any integration tests accordingly47 - [ ] I have updated or added any integration tests accordingly
48 - [ ] I have updated or added any documentation accordingly48 - [ ] Changes here need to be documented, and this was done in: <!-- Insert PR number here if the box is checked (ex. #1234) -->
4949
50## Does this PR require extra reviews?50## Does this PR require extra reviews?
51<!-- Should people outside of the team see and approve these changes before the51<!-- Should people outside of the team see and approve these changes before the
diff --git a/.github/actions/bug-refs/index.js b/.github/actions/bug-refs/index.js
index b603793..c873aca 100644
--- a/.github/actions/bug-refs/index.js
+++ b/.github/actions/bug-refs/index.js
@@ -3,7 +3,7 @@ const github = require('@actions/github');
33
4const commentHeader = "<!-- ubuntu-pro-client-bug-refs -->";4const commentHeader = "<!-- ubuntu-pro-client-bug-refs -->";
55
6function createCommentBody(commits, title) {6function createCommentBody(commits, title, body) {
7 let newComment = "";7 let newComment = "";
8 newComment += commentHeader;8 newComment += commentHeader;
9 newComment += "\n";9 newComment += "\n";
@@ -49,6 +49,19 @@ function createCommentBody(commits, title) {
49 }49 }
50 newComment += "\n";50 newComment += "\n";
5151
52 newComment += "Documentation:";
53 if (!body.includes('[x] Changes here need to be documented')){
54 newComment += " The changes in this PR do not require documentation changes.";
55 } else {
56 docsPullMatch = body.match(/and this was done in: (#\d+)/)
57 if (docsPullMatch){
58 newComment += ` Documentation changes addressed in ${docsPullMatch[1]}`;
59 } else {
60 newComment += " The changes in this PR do require documentation changes, but those were not addressed yet.";
61 }
62 }
63 newComment += "\n\n";
64
52 newComment += "👍 this comment to confirm that this is correct.";65 newComment += "👍 this comment to confirm that this is correct.";
5366
54 return newComment;67 return newComment;
@@ -80,7 +93,11 @@ async function run() {
80 if (theComment) {93 if (theComment) {
81 // comment already exists, update it appropriately94 // comment already exists, update it appropriately
82 const existingBody = theComment.body;95 const existingBody = theComment.body;
83 const newBody = createCommentBody(commits.data, context.payload.pull_request.title);96 const newBody = createCommentBody(
97 commits.data,
98 context.payload.pull_request.title,
99 context.payload.pull_request.body
100 );
84 if (existingBody !== newBody) {101 if (existingBody !== newBody) {
85 client.rest.issues.updateComment({102 client.rest.issues.updateComment({
86 owner: context.issue.owner,103 owner: context.issue.owner,
@@ -91,13 +108,23 @@ async function run() {
91 }108 }
92 } else {109 } else {
93 // first run, comment doesn't exist yet110 // first run, comment doesn't exist yet
94 const newBody = createCommentBody(commits.data, context.payload.pull_request.title);111 const newBody = createCommentBody(
112 commits.data,
113 context.payload.pull_request.title,
114 context.payload.pull_request.body
115 );
95 client.rest.issues.createComment({116 client.rest.issues.createComment({
96 owner: context.issue.owner,117 owner: context.issue.owner,
97 repo: context.issue.repo,118 repo: context.issue.repo,
98 issue_number: context.issue.number,119 issue_number: context.issue.number,
99 body: newBody,120 body: newBody,
100 });121 });
122 client.rest.reactions.createForIssue({
123 owner: context.issue.owner,
124 repo: context.issue.repo,
125 issue_number: context.issue.number,
126 content: "eyes"
127 });
101 }128 }
102}129}
103130
diff --git a/.github/actions/release-changelog-bug-refs/action.yml b/.github/actions/release-changelog-bug-refs/action.yml
104new file mode 100644131new file mode 100644
index 0000000..edd4ca1
--- /dev/null
+++ b/.github/actions/release-changelog-bug-refs/action.yml
@@ -0,0 +1,9 @@
1name: 'Ensure Release Changelog has Bug References'
2description: "Block releases if bug references in commits aren't in the proposed changelog entry"
3inputs:
4 repo-token:
5 description: 'Token for the repository. Can be passed in using {{ secrets.GITHUB_TOKEN }}'
6 required: true
7runs:
8 using: 'node16'
9 main: 'index.js'
diff --git a/.github/actions/release-changelog-bug-refs/index.js b/.github/actions/release-changelog-bug-refs/index.js
0new file mode 10064410new file mode 100644
index 0000000..5c8a494
--- /dev/null
+++ b/.github/actions/release-changelog-bug-refs/index.js
@@ -0,0 +1,44 @@
1const fs = require('fs/promises');
2const core = require('@actions/core');
3const github = require('@actions/github');
4
5async function run() {
6 const context = github.context;
7 if (context.eventName !== "pull_request") {
8 console.log(
9 'The event that triggered this action was not a pull request, skipping.'
10 );
11 return;
12 }
13
14 const client = github.getOctokit(
15 core.getInput('repo-token', {required: true})
16 );
17 const commits = await client.rest.pulls.listCommits({
18 owner: context.issue.owner,
19 repo: context.issue.repo,
20 pull_number: context.issue.number,
21 });
22 let lpBugs = [];
23 let ghIssues = [];
24 commits.data.forEach(commit => {
25 const message = commit.commit.message.toLocaleUpperCase();
26 lpBugs = lpBugs.concat(Array.from(message.matchAll(/LP: #(\d+)/g)).map(m => m[1]));
27 ghIssues = ghIssues.concat(Array.from(message.matchAll(/FIXES: #(\d+)/g)).map(m => m[1]));
28 ghIssues = ghIssues.concat(Array.from(message.matchAll(/CLOSES: #(\d+)/g)).map(m => m[1]));
29 });
30 const changelog = await fs.readFile("./debian/changelog", { encoding: "utf8" });
31 const changelogEntries = changelog.split("ubuntu-advantage-tools");
32 const newEntry = changelogEntries[1];
33 const missingLpBugs = lpBugs.filter(bug => !newEntry.includes(`LP: #${bug}`));
34 const missingGhIssues = ghIssues.filter(issue => !newEntry.includes(`GH: #${issue}`));
35
36 if (missingLpBugs.length > 0 || missingGhIssues.length > 0) {
37 core.setFailed({ missingLpBugs, missingGhIssues });
38 }
39}
40
41run().catch(error => {
42 console.error(error);
43 core.setFailed(error.message);
44})
diff --git a/.github/actions/release-changelog-bug-refs/package-lock.json b/.github/actions/release-changelog-bug-refs/package-lock.json
0new file mode 10064445new file mode 100644
index 0000000..f9ad26b
--- /dev/null
+++ b/.github/actions/release-changelog-bug-refs/package-lock.json
@@ -0,0 +1,430 @@
1{
2 "name": "bug-refs",
3 "version": "1.0.0",
4 "lockfileVersion": 2,
5 "requires": true,
6 "packages": {
7 "": {
8 "name": "bug-refs",
9 "version": "1.0.0",
10 "dependencies": {
11 "@actions/core": "^1.10.0",
12 "@actions/github": "^5.1.1"
13 }
14 },
15 "node_modules/@actions/core": {
16 "version": "1.10.0",
17 "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz",
18 "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==",
19 "dependencies": {
20 "@actions/http-client": "^2.0.1",
21 "uuid": "^8.3.2"
22 }
23 },
24 "node_modules/@actions/github": {
25 "version": "5.1.1",
26 "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz",
27 "integrity": "sha512-Nk59rMDoJaV+mHCOJPXuvB1zIbomlKS0dmSIqPGxd0enAXBnOfn4VWF+CGtRCwXZG9Epa54tZA7VIRlJDS8A6g==",
28 "dependencies": {
29 "@actions/http-client": "^2.0.1",
30 "@octokit/core": "^3.6.0",
31 "@octokit/plugin-paginate-rest": "^2.17.0",
32 "@octokit/plugin-rest-endpoint-methods": "^5.13.0"
33 }
34 },
35 "node_modules/@actions/http-client": {
36 "version": "2.1.0",
37 "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.0.tgz",
38 "integrity": "sha512-BonhODnXr3amchh4qkmjPMUO8mFi/zLaaCeCAJZqch8iQqyDnVIkySjB38VHAC8IJ+bnlgfOqlhpyCUZHlQsqw==",
39 "dependencies": {
40 "tunnel": "^0.0.6"
41 }
42 },
43 "node_modules/@octokit/auth-token": {
44 "version": "2.5.0",
45 "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz",
46 "integrity": "sha512-r5FVUJCOLl19AxiuZD2VRZ/ORjp/4IN98Of6YJoJOkY75CIBuYfmiNHGrDwXr+aLGG55igl9QrxX3hbiXlLb+g==",
47 "dependencies": {
48 "@octokit/types": "^6.0.3"
49 }
50 },
51 "node_modules/@octokit/core": {
52 "version": "3.6.0",
53 "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz",
54 "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==",
55 "dependencies": {
56 "@octokit/auth-token": "^2.4.4",
57 "@octokit/graphql": "^4.5.8",
58 "@octokit/request": "^5.6.3",
59 "@octokit/request-error": "^2.0.5",
60 "@octokit/types": "^6.0.3",
61 "before-after-hook": "^2.2.0",
62 "universal-user-agent": "^6.0.0"
63 }
64 },
65 "node_modules/@octokit/endpoint": {
66 "version": "6.0.12",
67 "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.12.tgz",
68 "integrity": "sha512-lF3puPwkQWGfkMClXb4k/eUT/nZKQfxinRWJrdZaJO85Dqwo/G0yOC434Jr2ojwafWJMYqFGFa5ms4jJUgujdA==",
69 "dependencies": {
70 "@octokit/types": "^6.0.3",
71 "is-plain-object": "^5.0.0",
72 "universal-user-agent": "^6.0.0"
73 }
74 },
75 "node_modules/@octokit/graphql": {
76 "version": "4.8.0",
77 "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.8.0.tgz",
78 "integrity": "sha512-0gv+qLSBLKF0z8TKaSKTsS39scVKF9dbMxJpj3U0vC7wjNWFuIpL/z76Qe2fiuCbDRcJSavkXsVtMS6/dtQQsg==",
79 "dependencies": {
80 "@octokit/request": "^5.6.0",
81 "@octokit/types": "^6.0.3",
82 "universal-user-agent": "^6.0.0"
83 }
84 },
85 "node_modules/@octokit/openapi-types": {
86 "version": "12.11.0",
87 "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.11.0.tgz",
88 "integrity": "sha512-VsXyi8peyRq9PqIz/tpqiL2w3w80OgVMwBHltTml3LmVvXiphgeqmY9mvBw9Wu7e0QWk/fqD37ux8yP5uVekyQ=="
89 },
90 "node_modules/@octokit/plugin-paginate-rest": {
91 "version": "2.21.3",
92 "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.21.3.tgz",
93 "integrity": "sha512-aCZTEf0y2h3OLbrgKkrfFdjRL6eSOo8komneVQJnYecAxIej7Bafor2xhuDJOIFau4pk0i/P28/XgtbyPF0ZHw==",
94 "dependencies": {
95 "@octokit/types": "^6.40.0"
96 },
97 "peerDependencies": {
98 "@octokit/core": ">=2"
99 }
100 },
101 "node_modules/@octokit/plugin-rest-endpoint-methods": {
102 "version": "5.16.2",
103 "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-5.16.2.tgz",
104 "integrity": "sha512-8QFz29Fg5jDuTPXVtey05BLm7OB+M8fnvE64RNegzX7U+5NUXcOcnpTIK0YfSHBg8gYd0oxIq3IZTe9SfPZiRw==",
105 "dependencies": {
106 "@octokit/types": "^6.39.0",
107 "deprecation": "^2.3.1"
108 },
109 "peerDependencies": {
110 "@octokit/core": ">=3"
111 }
112 },
113 "node_modules/@octokit/request": {
114 "version": "5.6.3",
115 "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.6.3.tgz",
116 "integrity": "sha512-bFJl0I1KVc9jYTe9tdGGpAMPy32dLBXXo1dS/YwSCTL/2nd9XeHsY616RE3HPXDVk+a+dBuzyz5YdlXwcDTr2A==",
117 "dependencies": {
118 "@octokit/endpoint": "^6.0.1",
119 "@octokit/request-error": "^2.1.0",
120 "@octokit/types": "^6.16.1",
121 "is-plain-object": "^5.0.0",
122 "node-fetch": "^2.6.7",
123 "universal-user-agent": "^6.0.0"
124 }
125 },
126 "node_modules/@octokit/request-error": {
127 "version": "2.1.0",
128 "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz",
129 "integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==",
130 "dependencies": {
131 "@octokit/types": "^6.0.3",
132 "deprecation": "^2.0.0",
133 "once": "^1.4.0"
134 }
135 },
136 "node_modules/@octokit/types": {
137 "version": "6.41.0",
138 "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.41.0.tgz",
139 "integrity": "sha512-eJ2jbzjdijiL3B4PrSQaSjuF2sPEQPVCPzBvTHJD9Nz+9dw2SGH4K4xeQJ77YfTq5bRQ+bD8wT11JbeDPmxmGg==",
140 "dependencies": {
141 "@octokit/openapi-types": "^12.11.0"
142 }
143 },
144 "node_modules/before-after-hook": {
145 "version": "2.2.3",
146 "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz",
147 "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ=="
148 },
149 "node_modules/deprecation": {
150 "version": "2.3.1",
151 "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz",
152 "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="
153 },
154 "node_modules/is-plain-object": {
155 "version": "5.0.0",
156 "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz",
157 "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==",
158 "engines": {
159 "node": ">=0.10.0"
160 }
161 },
162 "node_modules/node-fetch": {
163 "version": "2.6.9",
164 "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.9.tgz",
165 "integrity": "sha512-DJm/CJkZkRjKKj4Zi4BsKVZh3ValV5IR5s7LVZnW+6YMh0W1BfNA8XSs6DLMGYlId5F3KnA70uu2qepcR08Qqg==",
166 "dependencies": {
167 "whatwg-url": "^5.0.0"
168 },
169 "engines": {
170 "node": "4.x || >=6.0.0"
171 },
172 "peerDependencies": {
173 "encoding": "^0.1.0"
174 },
175 "peerDependenciesMeta": {
176 "encoding": {
177 "optional": true
178 }
179 }
180 },
181 "node_modules/once": {
182 "version": "1.4.0",
183 "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
184 "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
185 "dependencies": {
186 "wrappy": "1"
187 }
188 },
189 "node_modules/tr46": {
190 "version": "0.0.3",
191 "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
192 "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
193 },
194 "node_modules/tunnel": {
195 "version": "0.0.6",
196 "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
197 "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
198 "engines": {
199 "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
200 }
201 },
202 "node_modules/universal-user-agent": {
203 "version": "6.0.0",
204 "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
205 "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
206 },
207 "node_modules/uuid": {
208 "version": "8.3.2",
209 "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
210 "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
211 "bin": {
212 "uuid": "dist/bin/uuid"
213 }
214 },
215 "node_modules/webidl-conversions": {
216 "version": "3.0.1",
217 "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
218 "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="
219 },
220 "node_modules/whatwg-url": {
221 "version": "5.0.0",
222 "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
223 "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
224 "dependencies": {
225 "tr46": "~0.0.3",
226 "webidl-conversions": "^3.0.0"
227 }
228 },
229 "node_modules/wrappy": {
230 "version": "1.0.2",
231 "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
232 "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
233 }
234 },
235 "dependencies": {
236 "@actions/core": {
237 "version": "1.10.0",
238 "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz",
239 "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==",
240 "requires": {
241 "@actions/http-client": "^2.0.1",
242 "uuid": "^8.3.2"
243 }
244 },
245 "@actions/github": {
246 "version": "5.1.1",
247 "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz",
248 "integrity": "sha512-Nk59rMDoJaV+mHCOJPXuvB1zIbomlKS0dmSIqPGxd0enAXBnOfn4VWF+CGtRCwXZG9Epa54tZA7VIRlJDS8A6g==",
249 "requires": {
250 "@actions/http-client": "^2.0.1",
251 "@octokit/core": "^3.6.0",
252 "@octokit/plugin-paginate-rest": "^2.17.0",
253 "@octokit/plugin-rest-endpoint-methods": "^5.13.0"
254 }
255 },
256 "@actions/http-client": {
257 "version": "2.1.0",
258 "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.0.tgz",
259 "integrity": "sha512-BonhODnXr3amchh4qkmjPMUO8mFi/zLaaCeCAJZqch8iQqyDnVIkySjB38VHAC8IJ+bnlgfOqlhpyCUZHlQsqw==",
260 "requires": {
261 "tunnel": "^0.0.6"
262 }
263 },
264 "@octokit/auth-token": {
265 "version": "2.5.0",
266 "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz",
267 "integrity": "sha512-r5FVUJCOLl19AxiuZD2VRZ/ORjp/4IN98Of6YJoJOkY75CIBuYfmiNHGrDwXr+aLGG55igl9QrxX3hbiXlLb+g==",
268 "requires": {
269 "@octokit/types": "^6.0.3"
270 }
271 },
272 "@octokit/core": {
273 "version": "3.6.0",
274 "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz",
275 "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==",
276 "requires": {
277 "@octokit/auth-token": "^2.4.4",
278 "@octokit/graphql": "^4.5.8",
279 "@octokit/request": "^5.6.3",
280 "@octokit/request-error": "^2.0.5",
281 "@octokit/types": "^6.0.3",
282 "before-after-hook": "^2.2.0",
283 "universal-user-agent": "^6.0.0"
284 }
285 },
286 "@octokit/endpoint": {
287 "version": "6.0.12",
288 "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.12.tgz",
289 "integrity": "sha512-lF3puPwkQWGfkMClXb4k/eUT/nZKQfxinRWJrdZaJO85Dqwo/G0yOC434Jr2ojwafWJMYqFGFa5ms4jJUgujdA==",
290 "requires": {
291 "@octokit/types": "^6.0.3",
292 "is-plain-object": "^5.0.0",
293 "universal-user-agent": "^6.0.0"
294 }
295 },
296 "@octokit/graphql": {
297 "version": "4.8.0",
298 "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.8.0.tgz",
299 "integrity": "sha512-0gv+qLSBLKF0z8TKaSKTsS39scVKF9dbMxJpj3U0vC7wjNWFuIpL/z76Qe2fiuCbDRcJSavkXsVtMS6/dtQQsg==",
300 "requires": {
301 "@octokit/request": "^5.6.0",
302 "@octokit/types": "^6.0.3",
303 "universal-user-agent": "^6.0.0"
304 }
305 },
306 "@octokit/openapi-types": {
307 "version": "12.11.0",
308 "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.11.0.tgz",
309 "integrity": "sha512-VsXyi8peyRq9PqIz/tpqiL2w3w80OgVMwBHltTml3LmVvXiphgeqmY9mvBw9Wu7e0QWk/fqD37ux8yP5uVekyQ=="
310 },
311 "@octokit/plugin-paginate-rest": {
312 "version": "2.21.3",
313 "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.21.3.tgz",
314 "integrity": "sha512-aCZTEf0y2h3OLbrgKkrfFdjRL6eSOo8komneVQJnYecAxIej7Bafor2xhuDJOIFau4pk0i/P28/XgtbyPF0ZHw==",
315 "requires": {
316 "@octokit/types": "^6.40.0"
317 }
318 },
319 "@octokit/plugin-rest-endpoint-methods": {
320 "version": "5.16.2",
321 "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-5.16.2.tgz",
322 "integrity": "sha512-8QFz29Fg5jDuTPXVtey05BLm7OB+M8fnvE64RNegzX7U+5NUXcOcnpTIK0YfSHBg8gYd0oxIq3IZTe9SfPZiRw==",
323 "requires": {
324 "@octokit/types": "^6.39.0",
325 "deprecation": "^2.3.1"
326 }
327 },
328 "@octokit/request": {
329 "version": "5.6.3",
330 "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.6.3.tgz",
331 "integrity": "sha512-bFJl0I1KVc9jYTe9tdGGpAMPy32dLBXXo1dS/YwSCTL/2nd9XeHsY616RE3HPXDVk+a+dBuzyz5YdlXwcDTr2A==",
332 "requires": {
333 "@octokit/endpoint": "^6.0.1",
334 "@octokit/request-error": "^2.1.0",
335 "@octokit/types": "^6.16.1",
336 "is-plain-object": "^5.0.0",
337 "node-fetch": "^2.6.7",
338 "universal-user-agent": "^6.0.0"
339 }
340 },
341 "@octokit/request-error": {
342 "version": "2.1.0",
343 "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz",
344 "integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==",
345 "requires": {
346 "@octokit/types": "^6.0.3",
347 "deprecation": "^2.0.0",
348 "once": "^1.4.0"
349 }
350 },
351 "@octokit/types": {
352 "version": "6.41.0",
353 "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.41.0.tgz",
354 "integrity": "sha512-eJ2jbzjdijiL3B4PrSQaSjuF2sPEQPVCPzBvTHJD9Nz+9dw2SGH4K4xeQJ77YfTq5bRQ+bD8wT11JbeDPmxmGg==",
355 "requires": {
356 "@octokit/openapi-types": "^12.11.0"
357 }
358 },
359 "before-after-hook": {
360 "version": "2.2.3",
361 "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz",
362 "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ=="
363 },
364 "deprecation": {
365 "version": "2.3.1",
366 "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz",
367 "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="
368 },
369 "is-plain-object": {
370 "version": "5.0.0",
371 "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz",
372 "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q=="
373 },
374 "node-fetch": {
375 "version": "2.6.9",
376 "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.9.tgz",
377 "integrity": "sha512-DJm/CJkZkRjKKj4Zi4BsKVZh3ValV5IR5s7LVZnW+6YMh0W1BfNA8XSs6DLMGYlId5F3KnA70uu2qepcR08Qqg==",
378 "requires": {
379 "whatwg-url": "^5.0.0"
380 }
381 },
382 "once": {
383 "version": "1.4.0",
384 "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
385 "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
386 "requires": {
387 "wrappy": "1"
388 }
389 },
390 "tr46": {
391 "version": "0.0.3",
392 "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
393 "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
394 },
395 "tunnel": {
396 "version": "0.0.6",
397 "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
398 "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="
399 },
400 "universal-user-agent": {
401 "version": "6.0.0",
402 "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",
403 "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w=="
404 },
405 "uuid": {
406 "version": "8.3.2",
407 "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
408 "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg=="
409 },
410 "webidl-conversions": {
411 "version": "3.0.1",
412 "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
413 "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ=="
414 },
415 "whatwg-url": {
416 "version": "5.0.0",
417 "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
418 "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
419 "requires": {
420 "tr46": "~0.0.3",
421 "webidl-conversions": "^3.0.0"
422 }
423 },
424 "wrappy": {
425 "version": "1.0.2",
426 "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
427 "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="
428 }
429 }
430}
diff --git a/.github/actions/release-changelog-bug-refs/package.json b/.github/actions/release-changelog-bug-refs/package.json
0new file mode 100644431new file mode 100644
index 0000000..62509b1
--- /dev/null
+++ b/.github/actions/release-changelog-bug-refs/package.json
@@ -0,0 +1,10 @@
1{
2 "name": "release-changelog-bug-refs",
3 "version": "1.0.0",
4 "description": "Block releases if bug references in commits aren't in the proposed changelog entry",
5 "main": "index.js",
6 "dependencies": {
7 "@actions/core": "^1.10.0",
8 "@actions/github": "^5.1.1"
9 }
10}
diff --git a/.github/workflows/ci-base.yaml b/.github/workflows/ci-base.yaml
index dab17d3..59174bf 100644
--- a/.github/workflows/ci-base.yaml
+++ b/.github/workflows/ci-base.yaml
@@ -29,8 +29,6 @@ jobs:
29 run: tox -e mypy29 run: tox -e mypy
30 - name: Version Consistency30 - name: Version Consistency
31 run: python3 ./tools/check-versions-are-consistent.py31 run: python3 ./tools/check-versions-are-consistent.py
32 - name: Docs
33 run: tox -e docs
34 unit-tests:32 unit-tests:
35 name: Unit Tests33 name: Unit Tests
36 runs-on: ubuntu-22.0434 runs-on: ubuntu-22.04
diff --git a/.github/workflows/ci-integration.yaml b/.github/workflows/ci-integration.yaml
index 937de39..be05d93 100644
--- a/.github/workflows/ci-integration.yaml
+++ b/.github/workflows/ci-integration.yaml
@@ -27,7 +27,7 @@ jobs:
27 runs-on: ubuntu-22.0427 runs-on: ubuntu-22.04
28 strategy:28 strategy:
29 matrix:29 matrix:
30 release: ['xenial', 'bionic', 'focal', 'jammy', 'kinetic', 'lunar']30 release: ['xenial', 'bionic', 'focal', 'jammy', 'lunar', 'mantic']
31 steps:31 steps:
32 - name: Prepare build tools32 - name: Prepare build tools
33 env:33 env:
@@ -65,7 +65,7 @@ jobs:
65 # as much information as possible from them.65 # as much information as possible from them.
66 fail-fast: false66 fail-fast: false
67 matrix:67 matrix:
68 release: ['bionic', 'focal', 'jammy', 'kinetic']68 release: ['bionic', 'focal', 'jammy', 'lunar']
69 platform: ['lxd']69 platform: ['lxd']
70 host_os: ['ubuntu-22.04']70 host_os: ['ubuntu-22.04']
71 include:71 include:
@@ -123,6 +123,9 @@ jobs:
123 UACLIENT_BEHAVE_CONTRACT_TOKEN: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN }}'123 UACLIENT_BEHAVE_CONTRACT_TOKEN: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN }}'
124 UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING }}'124 UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING }}'
125 UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING_EXPIRED: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING_EXPIRED }}'125 UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING_EXPIRED: '${{ secrets.UACLIENT_BEHAVE_CONTRACT_TOKEN_STAGING_EXPIRED }}'
126 UACLIENT_BEHAVE_LANDSCAPE_REGISTRATION_KEY: '${{ secrets.UACLIENT_BEHAVE_LANDSCAPE_REGISTRATION_KEY }}'
127 UACLIENT_BEHAVE_LANDSCAPE_API_ACCESS_KEY: '${{ secrets.UACLIENT_BEHAVE_LANDSCAPE_API_ACCESS_KEY }}'
128 UACLIENT_BEHAVE_LANDSCAPE_API_SECRET_KEY: '${{ secrets.UACLIENT_BEHAVE_LANDSCAPE_API_SECRET_KEY }}'
126 run: |129 run: |
127 PYCLOUDLIB_CONFIG="$(mktemp --tmpdir="${{ runner.temp }}" pycloudlib.toml.XXXXXXXXXX)"130 PYCLOUDLIB_CONFIG="$(mktemp --tmpdir="${{ runner.temp }}" pycloudlib.toml.XXXXXXXXXX)"
128 GCE_CREDENTIALS_PATH="$(mktemp --tmpdir="${{ runner.temp }}" gcloud.json.XXXXXXXXXX)"131 GCE_CREDENTIALS_PATH="$(mktemp --tmpdir="${{ runner.temp }}" gcloud.json.XXXXXXXXXX)"
diff --git a/.github/workflows/release-checks.yaml b/.github/workflows/release-checks.yaml
129new file mode 100644132new file mode 100644
index 0000000..a5e0c83
--- /dev/null
+++ b/.github/workflows/release-checks.yaml
@@ -0,0 +1,22 @@
1---
2
3name: Release Checks
4
5on:
6 pull_request:
7 branches:
8 - release
9
10jobs:
11 release-changelog-bug-refs:
12 runs-on: ubuntu-latest
13 steps:
14 - name: Git checkout
15 uses: actions/checkout@v3
16 - name: Install dependencies
17 run: cd ./.github/actions/release-changelog-bug-refs && npm install
18 - name: Check for bug references
19 uses: ./.github/actions/release-changelog-bug-refs
20 id: release-changelog-bug-refs
21 with:
22 repo-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.gitignore b/.gitignore
0new file mode 10064423new file mode 100644
index 0000000..def4de5
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,51 @@
1artifacts/*
2*debhelper*
3debian/ubuntu-advantage-tools/
4debian/ubuntu-advantage-tools.substvars
5dev/entitlement-creds.json.*
6*.pyc
7*.pyo
8__pycache__
9.tox
10.pybuild
11.coverage
12.cache
13*.egg-info/
14.mypy_cache/
15.python-version
16
17# Ignore artifacts generated by bddeb
18*-1~bddeb*
19ubuntu-advantage-tools_*.orig.tar.gz
20ubuntu-advantage-tools_all.deb
21ubuntu_advantage_tools.dsc
22
23# test/jenkins artifacts
24pytest_results.xml
25reports/
26
27# integration test artifacts
28azure-priv-*.pem
29azure-pub-*.txt
30ec2-*.pem
31gcp-pub-*
32gcp-priv-*
33lxd-*-uaclient-ci-*
34build-from-source.sh
35test-results*
36
37# credentials - don't commit credentials
38tools/ua-test-credentials.yaml
39
40# apt-hook build artifacts
41apt-hook/hook
42apt-hook/ubuntu-advantage.pot
43apt-hook/json-hook
44apt-hook/json-hook-test
45
46# custom github actions use node
47node_modules
48
49# docs
50docs/build/
51.sphinx
diff --git a/.readthedocs.yaml b/.readthedocs.yaml
index 5090ca0..5840eeb 100644
--- a/.readthedocs.yaml
+++ b/.readthedocs.yaml
@@ -1,14 +1,12 @@
1version: 21version: 2
22
3sphinx:
4 configuration: docs/conf.py
5
6build:3build:
7 os: ubuntu-22.044 os: ubuntu-22.04
8 tools:5 tools:
9 python: "3.10"6 python: "3.10"
7 jobs:
8 post_checkout:
9 # Always skip on main branch.
10 # Docs are kept in separate docs and docs-devel branches.
11 - exit 183
1012
11python:
12 install:
13 - requirements: docs-requirements.txt
14 - requirements: requirements.txt
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 03568a6..3529de0 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -7,29 +7,29 @@ from the architecture of the project to how you should test any code changes.
77
8### How to Guides8### How to Guides
99
10* [How to build](./dev-docs/howtoguides/building.md)10* [How to build](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/howtoguides/building.md)
11* [How to run the code formatting tools](./dev-docs/howtoguides/code_formatting.md)11* [How to run the code formatting tools](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/howtoguides/code_formatting.md)
12* [How to run the tests](./dev-docs/howtoguides/testing.md)12* [How to run the tests](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/howtoguides/testing.md)
13* [How to release a new version](./dev-docs/howtoguides/how_to_release_a_new_version_of_ua.md)13* [How to release a new version](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/howtoguides/how_to_release_a_new_version_of_ua.md)
14* [How to use the contract staging environment](./dev-docs/howtoguides/use_staging_environment.md)14* [How to use the contract staging environment](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/howtoguides/use_staging_environment.md)
15* [How to use the magic attach endpoints](./dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md)15* [How to use the magic attach endpoints](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md)
1616
17### Reference17### Reference
1818
19* [Terminology](./dev-docs/references/terminology.md)19* [Terminology](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/references/terminology.md)
20* [Architecture](./dev-docs/references/architecture.md)20* [Architecture](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/references/architecture.md)
21* [Early review sign-off](./dev-docs/references/early_review_signoff.md)21* [Early review sign-off](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/references/early_review_signoff.md)
22* [What happens during attach](./dev-docs/references/what_happens_during_attach.md)22* [What happens during attach](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/references/what_happens_during_attach.md)
23* [Enabling a service](./dev-docs/references/enabling_a_service.md)23* [Enabling a service](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/references/enabling_a_service.md)
24* [Directory layout](./dev-docs/references/directory_layout.md)24* [Directory layout](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/references/directory_layout.md)
25* [Daily Builds](./dev-docs/references/daily_builds.md)25* [Daily Builds](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/references/daily_builds.md)
26* [Version String Formatting](./dev-docs/references/version_string_formatting.md)26* [Version String Formatting](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/references/version_string_formatting.md)
27* [PR review policy](./dev-docs/references/pr_review_policy.md)27* [PR review policy](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/references/pr_review_policy.md)
2828
29### Explanation29### Explanation
3030
31* [How auto-attach works](./dev-docs/explanations/how_auto_attach_works.md)31* [How auto-attach works](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/explanations/how_auto_attach_works.md)
3232
33### Documentation33### Documentation
3434
35* [Documentation guide](./dev-docs/devdocs_styleguide.md)35* [Documentation guide](https://github.com/canonical/ubuntu-pro-client/blob/docs/dev-docs/devdocs_styleguide.md)
diff --git a/README.md b/README.md
index 4e7a493..54295c9 100644
--- a/README.md
+++ b/README.md
@@ -1,22 +1,22 @@
1<h1>1<h1>
2 <a href="https://ubuntu.com/pro" target="_blank">2 <a href="https://ubuntu.com/pro" target="_blank">
3 <img src="./docs/_static/circle_of_friends.png" width="33"/>3 <img src="https://raw.githubusercontent.com/canonical/ubuntu-pro-client/docs/docs/_static/circle_of_friends.png" width="33"/>
4 </a>4 </a>
5 <br>5 <br>
6 Ubuntu Pro Client6 Ubuntu Pro Client
7</h1>7</h1>
88
9###### Clean and Consistent CLI for your Ubuntu Pro Systems9###### Clean and Consistent CLI for your Ubuntu Pro Systems
10[![Latest Upstream Version](https://img.shields.io/github/v/tag/canonical/ubuntu-advantage-client.svg?label=Latest%20Upstream%20Version&logo=github&logoColor=white&color=33ce57)](https://github.com/canonical/ubuntu-pro-client/tags)10[![Latest Upstream Version](https://img.shields.io/github/v/tag/canonical/ubuntu-pro-client.svg?label=Latest%20Upstream%20Version&logo=github&logoColor=white&color=33ce57)](https://github.com/canonical/ubuntu-pro-client/tags)
11[![CI](https://github.com/canonical/ubuntu-advantage-client/actions/workflows/ci-base.yaml/badge.svg?branch=main)](https://github.com/canonical/ubuntu-pro-client/actions)11[![CI](https://github.com/canonical/ubuntu-pro-client/actions/workflows/ci-base.yaml/badge.svg?branch=main)](https://github.com/canonical/ubuntu-pro-client/actions)
12[![Documentation Status](https://readthedocs.com/projects/canonical-ubuntu-pro-client/badge/?version=latest)](https://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/?badge=latest)12[![Documentation Status](https://readthedocs.com/projects/canonical-ubuntu-pro-client/badge/?version=latest)](https://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/?badge=latest)
13<br/>13<br/>
14[![Released Xenial Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/xenial?label=Xenial&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/xenial/+source/ubuntu-advantage-tools)14[![Released Xenial Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/xenial?label=Xenial&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/xenial/+source/ubuntu-advantage-tools)
15[![Released Bionic Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/bionic?label=Bionic&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/bionic/+source/ubuntu-advantage-tools)15[![Released Bionic Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/bionic?label=Bionic&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/bionic/+source/ubuntu-advantage-tools)
16[![Released Focal Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/focal?label=Focal&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/focal/+source/ubuntu-advantage-tools)16[![Released Focal Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/focal?label=Focal&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/focal/+source/ubuntu-advantage-tools)
17[![Released Jammy Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/jammy?label=Jammy&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/jammy/+source/ubuntu-advantage-tools)17[![Released Jammy Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/jammy?label=Jammy&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/jammy/+source/ubuntu-advantage-tools)
18[![Released Kinetic Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/kinetic?label=Kinetic&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/kinetic/+source/ubuntu-advantage-tools)
19[![Released Lunar Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/lunar?label=Lunar&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/lunar/+source/ubuntu-advantage-tools)18[![Released Lunar Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/lunar?label=Lunar&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/lunar/+source/ubuntu-advantage-tools)
19[![Released Mantic Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/mantic?label=Mantic&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/mantic/+source/ubuntu-advantage-tools)
2020
21The Ubuntu Pro Client (`pro`) is the official tool to enable Canonical offerings on your21The Ubuntu Pro Client (`pro`) is the official tool to enable Canonical offerings on your
22system.22system.
diff --git a/debian/README.source b/debian/README.source
23new file mode 10064423new file mode 100644
index 0000000..44b96b9
--- /dev/null
+++ b/debian/README.source
@@ -0,0 +1,38 @@
1===================================
2Packaging of ubuntu-advantage-tools
3===================================
4
5Development code
6===================================
7
8The development branches of ubuntu-advantage-tools are hosted in GitHub, at:
9https://github.com/canonical/ubuntu-pro-client
10
11New pull requests with contributions either to the codebase itself or to the
12documentation branches should always be opened in GitHub.
13
14Package source code
15===================================
16
17The source code used to build the package is hosted in Launchpad, at:
18https://git.launchpad.net/ubuntu/+source/ubuntu-advantage-tools
19
20The development branch in Launchpad is equivalent to the release branch in
21GitHub. Everytime a new version is released, the content of the GitHub release
22branch is brought in a Merge Request to the Launchpad development branch.
23
24Particularities
25===================================
26
27- ubuntu-advantage-tools ships the same features and bugfixes to all
28 supported Ubuntu releases. This means the package is practically the
29 same across all LTS releases, including the ones in ESM period, and in
30 the interim releases. (The only differences are the specific dependencies,
31 dealt with in the debian/ files when building the package).
32
33- Some test-related files and folders are present in the source package, but
34 are ignored when building the binary packages. debian/rules specifies
35 'pybuild' as the build system, and unit tests / integration tests are
36 excluded in 'setup.py'. As a consequence, changes to the tests are less
37 relevant in SRU reviews: they stil reflect what is being tested in each
38 release, but they do not cause any impact to the stable releases.
diff --git a/debian/changelog b/debian/changelog
index 85d1272..26f78a9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,38 @@
1ubuntu-advantage-tools (29) mantic; urgency=medium
2
3 * d/control:
4 - update links for the project github page
5 * d/copyright:
6 - bump date to 2023
7 - update upstream-name and source
8 * d/ubuntu-advantage-tools.{postinst,postrm}:
9 - rename repo GPG keys from -advantage to -pro (GH: #1539)
10 - replace calls to systemctl for deb-systemd-invoke
11 * d/README.source:
12 - add file with basic explanation on the source code (GH: #2463)
13 * New upstream release 29 (LP: #2029144)
14 - anbox-cloud: add support for service
15 - api
16 + new endpoint: u.pro.security.fix.plan.cve.v1
17 + new endpoint: u.pro.security.fix.plan.usn.v1
18 + new endpoint: u.apt_news.current_news.v1
19 + add more data explaining the decision made for
20 u.pro.security.status.reboot_required.v1 endpoint
21 - contract:
22 + send activityInfo after cli attach, enable and disable
23 + start recording when the machine has attached to a Pro subscription
24 + more reliable detection when running on a docker container
25 - esm: create static files to pin packages from esm-infra and esm-apps with
26 higher priority (GH: #2580)
27 - fix: ignore non-USN items on related usns
28 - landscape: add support for the service
29 - logging: update to ubuntupro logging namespace
30 - proxy: add support for TLS-in-TLS proxy (LP: #1999909)
31 - snapd: look for the snapd package instead of the snap command
32 - system: try/except logic to remove files and folders (LP: #2025731)
33
34 -- Lucas Moura <lucas.moura@canonical.com> Mon, 31 Jul 2023 15:46:23 +0000
35
1ubuntu-advantage-tools (28.1) mantic; urgency=medium36ubuntu-advantage-tools (28.1) mantic; urgency=medium
237
3 * New upstream release 28.1 (LP: #2017949)38 * New upstream release 28.1 (LP: #2017949)
diff --git a/debian/control b/debian/control
index 1f78a18..51f0549 100644
--- a/debian/control
+++ b/debian/control
@@ -26,8 +26,8 @@ Build-Depends: bash-completion,
26 python3-yaml26 python3-yaml
27Standards-Version: 4.5.127Standards-Version: 4.5.1
28Homepage: https://ubuntu.com/advantage28Homepage: https://ubuntu.com/advantage
29Vcs-Git: https://github.com/canonical/ubuntu-advantage-client.git29Vcs-Git: https://github.com/canonical/ubuntu-pro-client.git
30Vcs-Browser: https://github.com/canonical/ubuntu-advantage-client30Vcs-Browser: https://github.com/canonical/ubuntu-pro-client
31Rules-Requires-Root: no31Rules-Requires-Root: no
3232
33Package: ubuntu-advantage-tools33Package: ubuntu-advantage-tools
diff --git a/debian/copyright b/debian/copyright
index 7eb8c9e..e965469 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,9 +1,9 @@
1Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/1Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
2Upstream-Name: ubuntu-advantage-script2Upstream-Name: ubuntu-pro-client
3Source: https://github.com/CanonicalLtd/ubuntu-advantage-script3Source: https://github.com/canonical/ubuntu-pro-client
44
5Files: *5Files: *
6Copyright: 2017, Canonical Ltd6Copyright: 2023, Canonical Ltd
7License: GPL-3.07License: GPL-3.0
8 This program is free software: you can redistribute it and/or modify8 This program is free software: you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by9 it under the terms of the GNU General Public License as published by
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
index b1ce79a..0697833 100644
--- a/debian/source/lintian-overrides
+++ b/debian/source/lintian-overrides
@@ -3,6 +3,3 @@ ubuntu-advantage-tools: missing-build-dependency-for-dh_-command dh_systemd_star
33
4# Lintian can't handle the multiline debhelper/dh-systemd dependencies explained in debian/control4# Lintian can't handle the multiline debhelper/dh-systemd dependencies explained in debian/control
5ubuntu-advantage-tools: missing-build-dependency-for-dh-addon *systemd*5ubuntu-advantage-tools: missing-build-dependency-for-dh-addon *systemd*
6
7# Lintian doesn't like mentioning riscv64 for older go package
8ubuntu-advantage-tools: invalid-arch-string-in-source-relation riscv64 [build-depends: golang-1.10-go [!powerpc !riscv64]]
diff --git a/debian/ubuntu-advantage-tools.lintian-overrides b/debian/ubuntu-advantage-tools.lintian-overrides
9new file mode 1006446new file mode 100644
index 0000000..0b09bcb
--- /dev/null
+++ b/debian/ubuntu-advantage-tools.lintian-overrides
@@ -0,0 +1,10 @@
1# We are silencing this issue because of this LP: #1930121
2ubuntu-advantage-tools: command-with-path-in-maintainer-script
3
4# Ubuntu doesn't support sysv init.d
5ubuntu-advantage-tools: package-supports-alternative-init-but-no-init.d-script
6
7# We have made the decision of delivering those files
8ubuntu-advantage-tools: package-installs-apt-preferences
9
10ubuntu-advantage-tools: possible-bashism-in-maintainer-script
diff --git a/debian/ubuntu-advantage-tools.postinst b/debian/ubuntu-advantage-tools.postinst
index 31d93ae..b332333 100644
--- a/debian/ubuntu-advantage-tools.postinst
+++ b/debian/ubuntu-advantage-tools.postinst
@@ -16,8 +16,11 @@ fi
1616
17APT_TRUSTED_KEY_DIR="/etc/apt/trusted.gpg.d"17APT_TRUSTED_KEY_DIR="/etc/apt/trusted.gpg.d"
1818
19ESM_INFRA_KEY_TRUSTY="ubuntu-advantage-esm-infra-trusty.gpg"19# ubuntu-advantage-* GPG keys renamed to ubuntu-pro-* in version 29
20ESM_APPS_KEY="ubuntu-advantage-esm-apps.gpg"20OLD_ESM_INFRA_KEY_TRUSTY="ubuntu-advantage-esm-infra-trusty.gpg"
21OLD_ESM_APPS_KEY="ubuntu-advantage-esm-apps.gpg"
22ESM_INFRA_KEY="ubuntu-pro-esm-infra.gpg"
23ESM_APPS_KEY="ubuntu-pro-esm-apps.gpg"
2124
22APT_SRC_DIR="/etc/apt/sources.list.d"25APT_SRC_DIR="/etc/apt/sources.list.d"
23APT_PREFERENCES_DIR="/etc/apt/preferences.d"26APT_PREFERENCES_DIR="/etc/apt/preferences.d"
@@ -132,7 +135,8 @@ if status:
132esm_infra_cleanup() {135esm_infra_cleanup() {
133 if ! check_service_is_enabled esm-infra; then136 if ! check_service_is_enabled esm-infra; then
134 rm -f "$APT_TRUSTED_KEY_DIR/ubuntu-esm*gpg" # Remove previous esm keys137 rm -f "$APT_TRUSTED_KEY_DIR/ubuntu-esm*gpg" # Remove previous esm keys
135 rm -f "$APT_TRUSTED_KEY_DIR/$ESM_INFRA_KEY_TRUSTY"138 rm -f "$APT_TRUSTED_KEY_DIR/$OLD_ESM_INFRA_KEY_TRUSTY"
139 rm -f "$APT_TRUSTED_KEY_DIR/$ESM_INFRA_KEY"
136 rm -f "$ESM_INFRA_APT_SOURCE_FILE"140 rm -f "$ESM_INFRA_APT_SOURCE_FILE"
137 rm -f "$ESM_INFRA_OLD_APT_SOURCE_FILE_TRUSTY"141 rm -f "$ESM_INFRA_OLD_APT_SOURCE_FILE_TRUSTY"
138 rm -f "$ESM_APT_PREF_FILE_TRUSTY" "$ESM_INFRA_OLD_APT_PREF_FILE_TRUSTY"142 rm -f "$ESM_APT_PREF_FILE_TRUSTY" "$ESM_INFRA_OLD_APT_PREF_FILE_TRUSTY"
@@ -143,6 +147,7 @@ esm_infra_cleanup() {
143147
144esm_apps_cleanup() {148esm_apps_cleanup() {
145 if ! check_service_is_enabled esm-apps; then149 if ! check_service_is_enabled esm-apps; then
150 rm -f "$APT_TRUSTED_KEY_DIR/$OLD_ESM_APPS_KEY"
146 rm -f "$APT_TRUSTED_KEY_DIR/$ESM_APPS_KEY"151 rm -f "$APT_TRUSTED_KEY_DIR/$ESM_APPS_KEY"
147 rm -f "$ESM_APPS_APT_SOURCE_FILE"152 rm -f "$ESM_APPS_APT_SOURCE_FILE"
148 rm -f "$ESM_APPS_APT_PREF_FILE"153 rm -f "$ESM_APPS_APT_PREF_FILE"
@@ -251,11 +256,11 @@ remove_old_systemd_units() {
251 # The failed state is ephemeral and only needs to be cleared if256 # The failed state is ephemeral and only needs to be cleared if
252 # it is there so that the system doesn't say it is degraded.257 # it is there so that the system doesn't say it is degraded.
253 # If the old timer was not running, then this is a noop.258 # If the old timer was not running, then this is a noop.
254 systemctl --system daemon-reload > /dev/null || true259 deb-systemd-invoke --system daemon-reload > /dev/null || true
255 systemctl reset-failed ua-license-check.timer > /dev/null 2>&1 || true260 deb-systemd-invoke reset-failed ua-license-check.timer > /dev/null 2>&1 || true
256 # In rare race-condition scenarios, the service can also get into261 # In rare race-condition scenarios, the service can also get into
257 # the same failed state.262 # the same failed state.
258 systemctl reset-failed ua-license-check.service > /dev/null 2>&1 || true263 deb-systemd-invoke reset-failed ua-license-check.service > /dev/null 2>&1 || true
259 fi264 fi
260 deb-systemd-helper purge ua-license-check.path > /dev/null || true265 deb-systemd-helper purge ua-license-check.path > /dev/null || true
261 deb-systemd-helper unmask ua-license-check.path > /dev/null || true266 deb-systemd-helper unmask ua-license-check.path > /dev/null || true
@@ -359,6 +364,19 @@ migrate_user_config_post() {
359 fi364 fi
360}365}
361366
367rename_gpg_keys() {
368 # esm-infra doesn't follow the name pattern
369 if [ -f "$APT_TRUSTED_KEY_DIR/$OLD_ESM_INFRA_KEY_TRUSTY" ]; then
370 mv "$APT_TRUSTED_KEY_DIR/$OLD_ESM_INFRA_KEY_TRUSTY" "$APT_TRUSTED_KEY_DIR/$ESM_INFRA_KEY"
371 fi
372 SERVICES="cc-eal cis esm-apps fips ros realtime-kernel"
373 for service in $SERVICES; do
374 if [ -f "$APT_TRUSTED_KEY_DIR/ubuntu-advantage-$service.gpg" ]; then
375 mv "$APT_TRUSTED_KEY_DIR/ubuntu-advantage-$service.gpg" "$APT_TRUSTED_KEY_DIR/ubuntu-pro-$service.gpg"
376 fi
377 done
378}
379
362case "$1" in380case "$1" in
363 configure)381 configure)
364 PREVIOUS_PKG_VER=$2382 PREVIOUS_PKG_VER=$2
@@ -452,6 +470,11 @@ case "$1" in
452 migrate_user_config_post470 migrate_user_config_post
453 fi471 fi
454472
473 # Rename the gpg keys to -pro-
474 if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "29~"; then
475 rename_gpg_keys
476 fi
477
455 if grep -q "^ua_config:" /etc/ubuntu-advantage/uaclient.conf; then478 if grep -q "^ua_config:" /etc/ubuntu-advantage/uaclient.conf; then
456 echo "Warning: uaclient.conf contains old ua_config field." >&2479 echo "Warning: uaclient.conf contains old ua_config field." >&2
457 echo " Please do the following:" >&2480 echo " Please do the following:" >&2
diff --git a/debian/ubuntu-advantage-tools.postrm b/debian/ubuntu-advantage-tools.postrm
index c1bcdf5..e0e930d 100644
--- a/debian/ubuntu-advantage-tools.postrm
+++ b/debian/ubuntu-advantage-tools.postrm
@@ -20,7 +20,7 @@ remove_logs(){
20}20}
2121
22remove_gpg_files(){22remove_gpg_files(){
23 rm -f /etc/apt/trusted.gpg.d/ubuntu-advantage-*.gpg23 rm -f /etc/apt/trusted.gpg.d/ubuntu-pro-*.gpg
24}24}
2525
26case "$1" in26case "$1" in
diff --git a/dev-docs/devdocs_styleguide.md b/dev-docs/devdocs_styleguide.md
27deleted file mode 10064427deleted file mode 100644
index 818a189..0000000
--- a/dev-docs/devdocs_styleguide.md
+++ /dev/null
@@ -1,152 +0,0 @@
1# Documentation
2
3Our docs are hosted on [Read the Docs](https://readthedocs.com/). This page
4will explain how to contribute to the docs and build them locally.
5
6The documentation is *primarily* written in standard Markdown, but pages can
7be written in reStructuredText if you prefer.
8
9We also use the
10[MyST-Parser Sphinx extension](https://myst-parser.readthedocs.io/en/latest/intro.html).
11This causes all Markdown (.md) files to be parsed as MyST, and
12[enables the use of directives](https://myst-parser.readthedocs.io/en/latest/syntax/roles-and-directives.html),
13which can be awkward to achieve in standard Markdown.
14
15## Building the docs
16
17To build the docs for Ubuntu Pro Client, you can use a `tox` command. You can
18install `tox` on your machine by running the `make test` command. Once tox is
19installed, just run the command:
20
21```
22$ tox -e docs
23```
24
25The command will generate the HTML pages inside `docs/build`. The makefile
26target will build the documentation for you using Sphinx.
27
28Once built, the HTML files will be viewable in `docs/build/html/`. Use your web
29browser to open `index.html` to preview the site.
30
31## Style guide
32
33We use the [Canonical style guide](https://docs.ubuntu.com/styleguide/en) in
34our documentation, which is summarised below -- with a few additions relevant
35to our docs.
36
37### Language
38
39Where possible, text should be written in UK English. However, discretion and
40common sense can both be applied. For example, where text refers to code
41elements that exist in US English, the spelling of these elements should not
42be changed to UK English.
43
44### Voice
45
46Try to use active voice where possible, rather than the passive voice. The
47active voice is generally more concise and easier to read. As an example, you
48could say "we recommend" (active) rather than "it is recommended that"
49(passive).
50
51### Headings
52
53Headings should be written in sentence case. This means that only the first
54letter is capitalised (unless the header text refers to e.g., a product name
55that would normally be capitalised, such as "Ubuntu Pro Client").
56
57Ensure that you do not skip header levels when creating your document
58structure, i.e., that a section is followed by a subsection, and not a
59sub-subsection. Skipping header levels can lead to de-ranking of pages in
60search engines.
61
62Try to craft your headings to be descriptive, but as short as possible, to help
63readers understand what content to expect if they click on it.
64
65### Line length
66
67Please keep the line lengths to a maximum of **79** characters. This ensures
68that the pages and tables do not get so wide that side scrolling is required.
69
70### Links
71
72Where possible, use contextual text in your links to aid users with screen
73readers and other accessibility tools. For example, "check out our
74[documentation style guide](#links) is preferable to "click
75[here](#links) for more".
76
77### Code blocks
78
79Our documentation uses the
80[Sphinx extension "sphinx-copybutton"](https://sphinx-copybutton.readthedocs.io/en/latest/),
81which creates a small button on the right-hand side of code blocks for users to
82copy the code snippets we provide.
83
84The copied code will strip out any prompt symbols so that users can
85paste commands directly into their terminal. For user convenience, please
86ensure that if you show any code output, it is presented in a separate code
87block to the commands.
88
89Please also specify the language used in your code block, to make sure it
90renders with the correct syntax highlighting.
91
92### Vertical whitespace
93
94One newline between each section helps ensure readability of the documentation
95source code. Keeping paragraphs relatively short (up to ~5-6 sentences) aids in
96keeping the text readable when rendered to a web page. Some rST elements also
97require an empty newline before and after, so for consistency, ensure that all
98elements (tables, images, headers, etc) have a newline before and after.
99
100### Acronyms and jargon
101
102Acronyms are always capitalised (e.g., JSON, YAML, QEMU, LXD) in text.
103
104The first time an acronym is used on a page, it is best practice to introduce
105it by showing the expanded name followed by the acronym in parentheses. E.g.,
106Quick EMUlator (QEMU). If the acronym is *very* common (e.g., URL, HTTP), or
107you provide a link to a documentation page with these details, you do not need
108to include them.
109
110Avoid using jargon unless absolutely necessary, to keep our documentation
111accessible to as wide a range of users as possible. If jargon is unavoidable,
112consider including brief explanations to help the user keep up with the
113material.
114
115### Admonitions and callouts
116
117Notes, warnings, or other information you wish to draw the reader's attention
118to can be called out in an admonition block. If you are writing your code in
119Markdown, this is where the MyST extension comes in handy. Here is an example:
120
121````
122 ```{note}
123 The options are: note, important, hint, seealso, tip, attention, caution,
124 warning, danger, and error.
125 ```{warning}
126 Although it's possible to nest admonitions inside each other, it's better to
127 avoid doing that unless it's strictly necessary!
128 ```
129````
130
131```{note}
132The options are: note, important, hint, seealso, tip, attention, caution,
133warning, danger, and error.
134```{warning}
135Although it's possible to nest admonitions inside each other, it's better to
136avoid doing that unless it's strictly necessary!
137```
138
139## Organisation
140
141We follow the [principles of Diataxis](https://diataxis.fr/) in our
142documentation. When writing new docs, try to consider the purpose of the
143document and how the reader will probably use it. This will help you to decide
144which section it belongs in.
145
146### Getting advice
147
148If you are in any doubt, please contact our team's
149[Technical Author (Sally)](https://github.com/s-makin) for guidance. If you
150would like her to review any documentation, she would be very happy to help!
151Please also tag her as a reviewer on any PR that contains documentation
152elements.
diff --git a/dev-docs/explanations/how_auto_attach_works.md b/dev-docs/explanations/how_auto_attach_works.md
153deleted file mode 1006440deleted file mode 100644
index c1734f7..0000000
--- a/dev-docs/explanations/how_auto_attach_works.md
+++ /dev/null
@@ -1,57 +0,0 @@
1# How auto-attach works
2
3The `pro auto-attach` command follows a specific flow on every **Public Cloud Ubuntu Pro** image:
4
51. Identify which cloud the command is running on. This is achieved by running
6 the `cloud-id` command provided by the [cloud-init](https://cloudinit.readthedocs.io/en/latest/)
7 package. Currently, we only support the following clouds when
8 running the command: AWS, Azure and GCP. The command will fail if performed on other
9 cloud types.
10
112. Fetch the cloud metadata. This metadata is a cryptographically signed json blob
12 that provides the necessary information for the contract server to validate
13 the machine and return a valid pro token. To fetch that metadata, every cloud
14 provide a different endpoint to reach it:
15
16 * **AWS**: http://169.254.169.254/latest/dynamic/instance-identity/pkcs7
17 * **Azure**: http://169.254.169.254/metadata/attested/document?api-version=2020-09-01
18 * **GCP**: http://metadata/computeMetadata/v1/instance/service-accounts/default/identity
19
20> **Note**
21> On AWS, the client will also try the IPv6 address (`[fd00:ec2::254]`) to fetch the metadata if the IPv4 address doesn't work.
22
233. Send this metadata json blob to the contract server at:
24
25 * https://contracts.canonical.com/v1/clouds/CLOUD-TYPE/token
26
27 Where CLOUD-TYPE is the cloud name we identified on step 1.
28
29 The contract server will verify if the metadata is signed correctly based on the cloud
30 it is stored. Additionally, some other checks are performed to see if the metadata is valid.
31 For example, the contract server checks the product id provided in the metadata is a
32 valid product. If any problems is found on the metadata, the contract server will produce
33 an error response.
34
354. After the contract server validates the metadata, it returns a token that will be used
36 to attach the machine to a pro subscription. To attach the machine we will reach the
37 following contract server endpoint:
38
39 * https://contracts.canonical.com/v1/context/machines/token
40
41 We will pass the token provided on step 3 as header bearer token for this request
42
435. The contract returns a json specification based on the provided token. This json
44 contains all the directives the pro client needs to setup the machine and enable
45 the necessary services the token is associated with.
46
476. Disable the `ubuntu-advantage.service` [daemon](../../docs/explanations/what_is_the_daemon.md), if running.
48 If the machine is detached, this daemon will be started again.
49
50Additionally, you can disable the `pro auto-attach` command by adding
51the following lines on your `uaclient.conf` configuration file, (by default located at
52`/etc/ubuntu-advantage/uaclient.conf`):
53
54```bash
55features:
56 disable_auto_attach: true
57```
diff --git a/dev-docs/explanations/systemd_units.md b/dev-docs/explanations/systemd_units.md
58deleted file mode 1006440deleted file mode 100644
index 577960a..0000000
--- a/dev-docs/explanations/systemd_units.md
+++ /dev/null
@@ -1,89 +0,0 @@
1# Mechanisms for auto-attaching Ubuntu Pro Cloud instances
2
3> **Note**
4> This document explains the systemd units that attempt to auto-attach in various scenarios. If you're interested in how auto-attach itself works, see [How auto-attach works](./how_auto_attach_works.md).
5
6There are three methods by which a cloud instance may auto-attach to become Ubuntu Pro.
7
81. On boot auto-attach for known Pro cloud instances.
92. Upgrade-in-place for non-Pro instances that get modified via the Cloud platform to entitle them to become Ubuntu Pro (only on Azure and GCP for now).
103. Retry auto-attach in case of failures.
11
12(1) is handled by a systemd unit (`ua-auto-attach.service`) delivered by a separate package called `ubuntu-advantage-pro`. This package is only installed on Ubuntu Pro Cloud images. In this way, an instance launched from an Ubuntu Pro Cloud image knows that it needs to auto-attach.
13
14(2) and (3) are both handled in a systemd unit (`ubuntu-advantage.service`) that is present on all Ubuntu machines (including non-Pro).
15
16Below is a flow chart intended to describe how all of these methods and systemd units interact.
17
18```mermaid
19graph TD;
20 %% nodes
21 %%%% decisions
22 is_pro{Is -pro installed?}
23 auto_outcome{Success?}
24 is_attached{Attached?}
25 should_run_daemon{on Azure? or GCP? or retry flag set?}
26 is_gcp{Azure or GCP?}
27 is_retry{retry flag set?}
28 is_gcp_pro{Pro license detected?}
29 daemon_attach_outcome{Success?}
30 daemon_attach_outcome2{Success?}
31
32 %%%% actions
33 auto_attach[/Try to Attach/]
34 trigger_retry[/Create Retry Flag File/]
35 trigger_retry2[/Create Retry Flag File/]
36 poll_gcp[/Poll for cloud Pro license/]
37 daemon_attach[/Try to Attach/]
38 daemon_attach2[/Try to Attach/]
39 wait[/Wait a while/]
40
41 %%%% systemd units
42 auto(ua-auto-attach.service)
43 daemon(ubuntu-advantage.service)
44
45 %%%% states
46 done([End])
47
48
49 %% arrows
50 is_pro--Yes-->auto
51 auto-->auto_attach
52 subgraph ua-auto-attach.service blocks boot
53 auto_attach-->auto_outcome
54 auto_outcome--No-->trigger_retry
55 end
56
57 is_pro--No-->is_attached
58 trigger_retry-->is_attached
59 auto_outcome--Yes-->is_attached
60 is_attached--No-->should_run_daemon
61 is_attached--Yes-->done
62 should_run_daemon--No-->done
63 should_run_daemon--Yes-->daemon
64
65 daemon-->is_gcp
66 subgraph ubuntu-advantage.service
67 is_gcp--Yes-->poll_gcp
68 subgraph poll for pro license
69 poll_gcp-->is_gcp_pro
70 is_gcp_pro--No-->poll_gcp
71 is_gcp_pro--Yes-->daemon_attach
72 daemon_attach-->daemon_attach_outcome
73 daemon_attach_outcome--No-->trigger_retry2
74 end
75 trigger_retry2-->is_retry
76 is_gcp--No-->is_retry
77 is_retry--Yes-->daemon_attach2
78 subgraph retry auto-attach
79 daemon_attach2-->daemon_attach_outcome2
80 daemon_attach_outcome2--No-->wait
81 end
82 wait-->daemon_attach2
83 end
84
85 daemon_attach_outcome--Yes-->done
86 is_retry--No-->done
87 daemon_attach_outcome2--Yes-->done
88 daemon_attach_outcome2--Failed for a month-->done
89```
diff --git a/dev-docs/howtoguides/build-docs.md b/dev-docs/howtoguides/build-docs.md
90deleted file mode 1006440deleted file mode 100644
index f2a2606..0000000
--- a/dev-docs/howtoguides/build-docs.md
+++ /dev/null
@@ -1,11 +0,0 @@
1# How to generate Ubuntu Pro Client user documentation
2
3To build the docs for Ubuntu Pro Client, you can use a dedicated `tox` command for it.
4You can install `tox` on your machine by running the `make test` command. Once tox is
5installed just run the command:
6
7```console
8$ tox -e docs
9```
10
11The command will generate the html pages inside `docs/build`
diff --git a/dev-docs/howtoguides/building.md b/dev-docs/howtoguides/building.md
12deleted file mode 1006440deleted file mode 100644
index 40b4d70..0000000
--- a/dev-docs/howtoguides/building.md
+++ /dev/null
@@ -1,43 +0,0 @@
1# Building
2
3Packages ubuntu-advantage-tools and ubuntu-advantage-pro are created from the
4debian/control file in this repository. You can build the
5packages the way you would normally build a Debian package:
6
7
8```shell
9dpkg-buildpackage -us -uc
10```
11
12> **Note**
13> It will build the packages with dependencies for the Ubuntu release on
14> which you are building, so it's best to build in a container or kvm for the
15> release you are targeting.
16
17OR, if you want to build for a target release other than the release
18you're on:
19
20## using sbuild
21[configure sbuild](https://wiki.ubuntu.com/SimpleSbuild) and
22use that for the build:
23
24Setup some chroots for sbuild with this script
25```shell
26bash ./tools/setup_sbuild.sh
27```
28
29```shell
30debuild -S
31sbuild --dist=<target> ../ubuntu-advantage-tools_*.dsc
32# emulating different architectures in sbuild-launchpad-chroot
33sbuild-launchpad-chroot create --architecture="riscv64" "--name=focal-riscv64" "--series=focal"
34```
35
36> **Note**
37> Every so often, it is recommended to update your chroots.
38> ```bash
39> # to update a single chroot
40> sudo sbuild-launchpad-chroot update -n ua-xenial-amd64
41> # this script can be used to update all chroots
42> sudo PATTERN=\* sh /usr/share/doc/sbuild/examples/sbuild-debian-developer-setup-update-all
43> ```
diff --git a/dev-docs/howtoguides/code_formatting.md b/dev-docs/howtoguides/code_formatting.md
44deleted file mode 1006440deleted file mode 100644
index 153b134..0000000
--- a/dev-docs/howtoguides/code_formatting.md
+++ /dev/null
@@ -1,25 +0,0 @@
1# Code Formatting
2
3The `ubuntu-advantage-client` code base is formatted using
4[black](https://github.com/psf/black), and imports are sorted with
5[isort](https://github.com/PyCQA/isort). When making changes, you
6should ensure that your code is blackened and isorted, or it will
7be rejected by CI.
8Formatting the whole codebase is as simple as running:
9
10```shell
11black uaclient/
12isort uaclient/
13```
14
15To make it easier to avoid committing incorrectly formatted code, this
16repo includes configuration for [pre-commit](https://pre-commit.com/)
17which will stop you from committing any code that isn't blackened. To
18install the project's pre-commit hook, install `pre-commit` and run:
19
20```shell
21pre-commit install
22```
23
24(To install `black` and `pre-commit` at the appropriate versions for
25the project, you should install them via `dev-requirements.txt`.)
diff --git a/dev-docs/howtoguides/detach_pro_instances.md b/dev-docs/howtoguides/detach_pro_instances.md
26deleted file mode 1006440deleted file mode 100644
index 5bbf541..0000000
--- a/dev-docs/howtoguides/detach_pro_instances.md
+++ /dev/null
@@ -1,25 +0,0 @@
1# How to permanently detach Pro instances
2
3## TL;DR
4
51. Modify the client configuration file, normally `/etc/ubuntu-advantage/uaclient.conf`,
6to contain:
7
8 ```yaml
9 features:
10 disable_auto_attach: true
11 ```
12
132. Perform a `sudo pro detach --assume-yes`.
14
15## Explanation
16
17On Pro instances, a `pro detach` won't permanently detach them as,
18the instance will be reauto-attached on the next boot (on non GCE instances)
19or immediately (on GCE instances due to the daemon).
20
21The config in step 1 will prevent the [daemon](../../systemd/ubuntu-advantage.service)
22and the a [service](../../systemd/ua-auto-attach.service) at next boot to auto-reattach.
23
24If you want to allow the instance to reauto attach by itself, then remove or set to false
25`disable_auto_attach` in the configuration file.
diff --git a/dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md b/dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md
26deleted file mode 1006440deleted file mode 100644
index c06c32b..0000000
--- a/dev-docs/howtoguides/how_to_use_magic_attach_endpoints.md
+++ /dev/null
@@ -1,168 +0,0 @@
1# How to use magic attach API endpoints
2
3> **Note**
4> Minimum version: 27.11
5
6Th Ubuntu Pro Client provides three distinct endpoints to make it easier to perform
7the magic attach flow. They are:
8
9* u.pro.attach.magic.initiate.v1
10* u.pro.attach.magic.wait.v1
11* u.pro.attach.magic.revoke.v1
12
13We will explain how to use each endpoint and what is the expected output for each of them.
14
15## Initiate endpoint
16
17To start the magic attach flow, we need to create a token for it. The initiate endpoint
18will perform exactly that. When you run:
19
20```console
21$ pro api u.pro.attach.magic.initiate.v1
22```
23
24It is expected for you to see the following json response:
25
26```json
27{
28 "_schema_version": "v1",
29 "data": {
30 "meta": {
31 "environment_vars": []
32 },
33 "attributes": {
34 "expires": "EXPIRE_DATE",
35 "expires_in": 10000,
36 "token": "MAGIC_ATTACH_TOKEN",
37 "user_code": "USER_CODE"
38 },
39 "type": "MagicAttachInitiate"
40 },
41 "errors": [],
42 "result": "success",
43 "version": "UBUNTU PRO CLIENT VERSION",
44 "warnings": []
45}
46```
47
48It is noteworthy here that the `attributes` contain both the `user_code` and `token`. The `user_code`
49is the information that will be presented to the user, which it will make possible for the user
50to validate the magic attach on the Ubuntu Pro portal. Additionally, the `token` information is required
51for the other two API endpoints which will be described next.
52
53
54## Wait endpoint
55
56After we initiate the magic attach procedure, the user must go to the Ubuntu Pro portal and validate
57the `user_code` it received. Once that is done, a contract token will be generated for the user, allowing
58the attach procedure to begin. The wait endpoint will wait for the user to perform all of those
59steps on the Ubuntu Pro portal. To call it, use:
60
61```console
62$ pro api u.pro.attach.magic.wait.v1 --args magic_token=MAGIC_ATTACH_TOKEN
63```
64
65Note here that the command requires the `token` that was generated in the initiate step. This command
66will block and poll the server until there are any updates for that token. If the
67user successfully performed the necessary steps on the Ubuntu Pro portal, we should see the following
68response:
69
70```json
71{
72 "_schema_version": "v1",
73 "data": {
74 "attributes": {
75 "contract_id": "CONTRACT_ID",
76 "contract_token": "CONTRACT_TOKEN",
77 "expires": "EXPIRE_DATE",
78 "expires_in": 10000,
79 "token": "MAGIC_ATTACH_TOKEN",
80 "user_code": "USER_CODE"
81 }
82 "type": "MagicAttachInitiate"
83 },
84 "errors": [],
85 "result": "success",
86 "version": "UBUNTU PRO CLIENT VERSION",
87 "warnings": []
88}
89```
90
91The `contract_token` is the token that can be used to perform an attach operation.
92
93If the provided token is invalid or has expired, we will see the following response:
94
95```json
96{
97 "_schema_version": "v1",
98 "data": {
99 "meta": {
100 "environment_vars": []
101 }
102 },
103 "errors": [
104 {
105 "code": "magic-attach-token-error",
106 "meta": {},
107 "title": "The magic attach token is invalid, has expired or never existed"
108 }
109 ],
110 "result": "failure",
111 "version": "UBUNTU PRO CLIENT VERSION",
112 "warnings": []
113}
114```
115
116It is expected that the token will be valid for about 10 minutes. Therefore, we expect the wait
117command to keep polling for about that amount of time.
118
119
120## Revoke
121
122If we want to revoke the token created during the initiate call, we can use the revoke command:
123
124```console
125$ pro api u.pro.attach.magic.revoke.v1 --args magic_token=MAGIC_ATTACH_TOKEN
126```
127
128If the token is valid, we should see the following output:
129
130```json
131{
132 "_schema_version": "v1",
133 "data": {
134 "attributes": {},
135 "meta": {
136 "environment_vars": []
137 },
138 "type": "MagicAttachRevoke"
139 },
140 "errors": [],
141 "result": "success",
142 "version": "PRO CLIENT VERSION",
143 "warnings": []
144}
145```
146
147However, if the token is already expired or even invalid, we will see the following output:
148
149```json
150{
151 "_schema_version": "v1",
152 "data": {
153 "meta": {
154 "environment_vars": []
155 }
156 },
157 "errors": [
158 {
159 "code": "magic-attach-token-error",
160 "meta": {},
161 "title": "The magic attach token is invalid, has expired or never existed"
162 }
163 ],
164 "result": "failure",
165 "version": "PRO CLIENT VERSION",
166 "warnings": []
167}
168```
diff --git a/dev-docs/howtoguides/release_a_new_version.md b/dev-docs/howtoguides/release_a_new_version.md
169deleted file mode 1006440deleted file mode 100644
index 44ebd48..0000000
--- a/dev-docs/howtoguides/release_a_new_version.md
+++ /dev/null
@@ -1,227 +0,0 @@
1# Ubuntu Pro Client releases
2
3## Background
4
5The release process for ubuntu-advantage-tools has three overarching steps/goals.
6
71. Release to our team infrastructure. This includes GitHub and the `ua-client` PPAs.
82. Release to the latest Ubuntu devel release.
93. Release to the supported Ubuntu past releases via [SRU](https://wiki.ubuntu.com/StableReleaseUpdates) using the [ubuntu-advantage-tools specific SRU process](https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates).
10
11Generally speaking, these steps happen in order, but there is some overlap. Also we may backtrack if issues are found part way through the process.
12
13An average release should take somewhere between 10 and 14 calendar days if things go smoothly, starting at the decision to release and ending at the new version being available in all supported Ubuntu releases. Note that it is not 2 weeks of full time work. Most of the time is spent waiting for review or sitting in proposed.
14
15> **Warning**
16> If the release contains any change listed in the [Early Review Sign-Off list](../references/early_review_signoff.md), make sure it was properly reviewed *before* starting the release process. Ideally they would be reviewed even before implementation, but if some feature is in the list and didn't get a proper review, now is the time to do so.
17
18## Prerequisites
19
20If this is your first time releasing ubuntu-advantage-tools, you'll need to do the following before getting started:
21
22* Add the team helper scripts to your PATH: [uss-tableflip](https://github.com/canonical/uss-tableflip).
23* If you don't yet have a gpg key set up, follow the instructions
24 [here](https://help.launchpad.net/YourAccount/ImportingYourPGPKey) to create a key,
25 publish it to `hkp://keyserver.ubuntu.com`, and import it into Launchpad.
26* Before you run `sbuild-it` for the first time, you'll need to set up a chroot for each Ubuntu release.
27 Run the following to set up chroots with dependencies pre-installed for each release:
28 ```bash
29 apt-get install sbuild-launchpad-chroot
30 bash ./tools/setup_sbuild.sh # This will give you usage information on how to call it with the correct parameters
31 ```
32* You must have Launchpad already properly configured in your system in order to upload packages to the PPAs. Follow [this guide](https://help.launchpad.net/Packaging/PPA/Uploading) to get set up.
33
34* In order to run the `ppa` command, install `ppa-dev-tools` from `bryce`'s PPA:
35 ```bash
36 sudo add-apt-repository ppa:bryce/ppa-dev-tools
37 sudo apt update
38 sudo apt install ppa-dev-tools
39 ```
40 When running `ppa` for the first time, there will be another round of launchpad authorization to be performed.
41
42## I. Preliminary/staging release to team infrastructure
431. Create a release PR:
44
45 a. Move the desired commits from our `main` branch onto the desired release branch.
46
47 * This step is currently not well defined. We currently are using `release-27` for all `27.X` releases and have been cherry-picking/rebasing all commits from `main` into this branch for a release.
48
49 b. Create a new entry in the `debian/changelog` file:
50
51 * You can do that by running `dch --newversion <version-name>`.
52 * Remember to update the release from `UNRELEASED` to the ubuntu/devel release. Edit the version to look like: `27.2`, with the appropriate pro-client version number.
53 * Populate `debian/changelog` with the commits you have cherry-picked.
54 * You can do that by running `git log <first-cherry-pick-commit>..<last-cherry-pick-commit> | log2dch`
55 * This will generate a list of commits that could be included in the changelog.
56 * You don't need to include all of the commits generated. Remember that the changelog should
57 be read by the user to understand the new features/modifications in the package. If you
58 think a commit will not add that much to the user experience, you can drop it from the
59 changelog.
60 * To structure the changelog you can use the other entries as example. But we basically try to
61 keep this order: debian changes, new features/modifications, testing. Within each section, bullet points should be alphabetized.
62
63 c. Create a PR on GitHub into the release branch. Ask in the ~UA channel on Mattermost for review.
64
65 d. When reviewing the release PR, please use the following guidelines when reviewing the new changelog entry:
66
67 * Is the version correctly updated? We must ensure that the new version in the changelog is
68 correct and it also targets the latest Ubuntu release at the moment.
69 * Is the entry useful for the user? The changelog entries should be user focused, meaning
70 that we should only add entries that we think users will care about (i.e. we don't need
71 entries when fixing a test, as this doesn't provide meaningful information to the user).
72 * Is this entry redundant? Sometimes we may have changes that affect separate modules of the
73 code. We should have an entry only for the module that was most affected by it.
74 * Is the changelog entry unique? We need to verify that the changelog entry is not already
75 reflected in an earlier version of the changelog. If it is, we need not only to remove but double
76 check the process we are using to cherry-pick the commits.
77 * Is this entry actually reflected in the code? Sometimes, we can have changelog entries
78 that are not reflected in the code anymore. This can happen during development when we are
79 still unsure about the behaviour of a feature or when we fix a bug that removes the code
80 that was added. We must verify each changelog entry that is added to be sure of their
81 presence in the product.
82
832. After the release PR is merged, tag the head of the release branch with the version number, e.g., `27.1`. Push this tag to GitHub.
84
853. Build the package for all Ubuntu releases and upload to `ppa:ua-client/staging`:
86
87 a. Clone the repository into a clean directory and switch to the release branch.
88 * *WARNING* Build the package in a clean environment. The reason is that the package
89 will contain everything that is present in the folder. If you are storing credentials or
90 other sensible development information in your folder, they will be uploaded too when we send
91 the package to the ppa. A clean environment is the safest way to perform this.
92
93 b. Edit the changelog
94 * List yourself as the author of this release.
95 * Edit the version number to look like: `27.2~rc1` (`<version>~rc<release-candidate-number>`)
96 * Edit the Ubuntu release name. Start with the ubuntu/devel release.
97 * `git add debian/changelog && git commit -m "throwaway"` - Do **not** push this commit!
98
99 c. `build-package`
100 * This script will generate all the package artefacts in the parent directory as `../out`.
101
102 d. `sbuild-it ../out/<package_name>.dsc`
103 * If this succeeds move on. If this fails, debug and fix before continuing.
104
105 e. Repeat 3.b through 3.d for all supported Ubuntu Releases
106 * The version for series other than devel should be in the form `<version>~<ubuntu-release-number>~rc<release-candidate-number>`
107 This means you must add the release number in the changelog. For example, suppose
108 the devel version is `1.1~rc1`. If you want to build for jammy now, change it to
109 `1.1~22.04~rc1`.
110
111 f. For each release, dput to the staging PPA:
112 * `dput ppa:ua-client/staging ../out/<package_name>_source.changes`
113 * After each `dput` wait for the "Accepted" email from Launchpad before moving on.
114
115## II. Release to Ubuntu (devel and SRU)
116
117> **Note**
118> `kinetic` is used throughout as a reference to the current devel release. This will change.
119
1201. Prepare SRU Launchpad bugs.
121
122 a. We do this even before a successful merge into ubuntu/devel because the context added to these bugs is useful for the Server Team reviewer.
123
124 b. Create a new bug on Launchpad for ubuntu-advantage-tools and use the format defined [here](https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates#SRU_Template) for the description.
125 * The title should be in the format `[SRU] ubuntu-advantage-tools (27.1 -> 27.2) Xenial, Bionic, Focal, Jammy`, substituting version numbers and release names as necessary.
126 * If any of the changes for the SRU is in the [Early Review Sign-off list](../references/early_review_signoff.md), include a pointer in the `[Discussion]` section to where the discussion/approval of that feature took place (if possible).
127
128 c. For each Launchpad bug fixed by this release (which should all be referenced in our changelog), add the SRU template to the description and fill out each section.
129 * Leave the original description in the bug at the bottom under the header `[Original Description]`.
130 * For the testing steps, include steps to reproduce the bug. Then include instructions for adding `ppa:ua-client/staging`, and steps to verify the bug is no longer present.
131
1322. Set up the Merge Proposal (MP) for ubuntu/devel:
133
134 a. `git-ubuntu clone ubuntu-advantage-tools; cd ubuntu-advantage-tools`
135
136 b. `git remote add upstream git@github.com:canonical/ubuntu-advantage-client.git`
137
138 c. `git fetch upstream`
139
140 d. `git rebase --onto pkg/ubuntu/devel <last-version-tag> <this-version-tag>`
141 * e.g. `git rebase --onto pkg/ubuntu/devel 27.0.2 27.1`
142 * You may need to resolve conflicts, but hopefully these will be minimal.
143 * You'll end up in a detached state.
144
145 e. `git checkout -B upload-<this-version>-kinetic`
146 * This creates a new local branch name based on your detached branch.
147
148 f. `git push <your_launchpad_user> upload-<this-version>-kinetic`
149
150 g. On Launchpad, create a merge proposal for this version which targets `ubuntu/devel`
151 * For an example, see the [27.14.1 merge proposal](https://code.launchpad.net/~renanrodrigo/ubuntu/+source/ubuntu-advantage-tools/+git/ubuntu-advantage-tools/+merge/439507).
152 * Add 2 review slots for `canonical-server-reporter` and `canonical-server-core-reviewers`.
153
154 h. With the packages published to `ppa:ua-client/staging`, add links to the autopkgtest triggers to the Merge Proposal. The reviewer will have permission to trigger those tests. The links can be obtained by running `ppa tests -r <release> -a <arch1,arch2> ua-client/staging -L`
155 * Make sure to post links to all the architectures built for a given release.
156 * The riscv64 autopkgtests are not avaialble and don't need to be included.
157 * The `ppa test` command will have two variations of tests: the regular one, and one with `all-proposed=1`; only the regular test need to be there.
158
1593. Server Team Review and Pre-SRU Review
160
161 a. Ask the assigned ubuntu-advantage-tools reviewer/sponsor from Server team for a review of your MPs. If you don't know who that is, ask in ~Server. Include a link to the ubuntu/devel MP and to the SRU bug.
162
163 b. If they request changes, create a PR into the release branch on GitHub and ask Pro Client team for review. After that is merged, cherry-pick the commit into your `upload-<this-version>-<devel-release>` branch and push to launchpad. Then notify the Server Team member that you have addressed their requests.
164 * Some issues may just be filed for addressing in the future if they are not urgent or pertinent to this release.
165 * Unless the changes are very minor, or only testing related, you should upload a new release candidate version to `ppa:ua-client/staging` as described in I.3.
166 * After the release is finished, any commits that were merged directly into the release branch in this way should be brought back into `main` via a single PR.
167
168 c. Once review is complete and approved, the Server Team member should **not** upload the version to the devel release.
169 * If they do, then any changes to the code after this point will require a bump in the patch version of the release.
170
171 d. Now ask the SRU team for a pre-SRU review of the same MP. Mention that the exact same code will be released to all stable Ubuntu releases.
172 * Follow instructions in `II.4.b` if they request any changes.
173
174 e. Once the SRU team member gives a pre-SRU approval, create the branches for each stable release. They should be named `upload-<this-version>-<codename>`.
175 * The versions for the stable releases must include `~<release-number>`
176 * If you've followed the instructions precisely so far, you can just run `bash tools/create-lp-release-branches.sh`.
177 - When using the `create-lp-release-branches.sh` script, an important parameter is `SRU_BUG`:
178 - In the vast majority of cases, this should be set to the overall SRU bug written in step II.1.b.
179 - In the case where an existing SRU never got released, and a new patch version was uploaded on top of it to fix a new bug discovered during review, then the bug should still be the overall SRU bug.
180 - If the release is exclusively a bugfix release and the previous version has already been successfully released all the way through the SRU process, then the bug should instead be the specific bugfix number.
181
182 f. Ask Server team member sponsor to upload to devel, and then the SRU proposed queue using the stable release branches you just created.
183 * Ask them to tag the PR with the appropriate `upload/<version>` tag so git-ubuntu will import rich commit history.
184 * If they do not have upload rights to the proposed queue, ask in ~Server channel for a Ubuntu Server team member with upload rights for an upload review of the MP for the proposed queue.
185
186 g. Check the [-proposed release queue](https://launchpad.net/ubuntu/xenial/+queue?queue_state=1&queue_text=ubuntu-advantage-tools) for presence of ubuntu-advantage-tools in unapproved state for each supported release. Note: libera chat #ubuntu-release IRC channel has a bot that reports queued uploads of any package in a message like "Unapproved: ubuntu-advantage-tools .. version".
187
188 h. Tell the SRU team member who performed the pre-SRU review that the packages are in the -proposed release queue. They will need to actually approve the package to move into -proposed.
189
1904. -proposed verification and release to -updates
191
192 a. As soon as the SRU vanguard approves the packages, a bot in #ubuntu-release will announce that ubuntu-advantage-tools is accepted into the applicable -proposed pockets, or the [Xenial -proposed release rejection queue](https://launchpad.net/ubuntu/xenial/+queue?queue_state=4&queue_text=ubuntu-advantage-tools) will contain a reason for rejections. Double check the SRU process bug for any actionable review feedback.
193 * Once accepted into `-proposed` by an SRU vanguard [ubuntu-advantage-tools shows up in the pending_sru page](https://people.canonical.com/~ubuntu-archive/pending-sru.html), check `rmadison ubuntu-advantage-tools | grep -proposed` to see if the upload exists in -proposed yet.
194 * Also actually check that the packages are accessible in a container by [enabling proposed](https://wiki.ubuntu.com/Testing/EnableProposed) and updating the package.
195
196 b. With the package in proposed, perform the steps from `I.3` above but use a `~stableppaX` suffix instead of `~rcX` in the version name, and upload to `ppa:ua-client/stable` instead of staging.
197
198 c. Perform the [Ubuntu-advantage-client SRU verification steps](https://wiki.ubuntu.com/UbuntuAdvantageToolsUpdates). This typically involves running all behave targets with `UACLIENT_BEHAVE_ENABLE_PROPOSED=1 UACLIENT_BEHAVE_CHECK_VERSION=<this-version>` and saving the output.
199 * There may also be one-time test scripts added in the `sru/` directory for this release.
200
201 d. After all tests have passed, tarball all of the output files and upload them to the SRU bug with a message that looks like this:
202
203 ```
204 We have run the full ubuntu-advantage-tools integration test suite against the version in -proposed. The results are attached. All tests passed.
205
206 You can verify the correct version was used by checking the output of the first test in each file, which prints the version number.
207
208 I am marking the verification done for this SRU.
209 ```
210
211 Change the tags on the bug from `verification-needed` to `verification-done` (including the verification tags for each Ubuntu release).
212
213 e. For any other related Launchpad bugs that are fixed in this release, perform the verification steps necessary for those bugs and mark them `verification-done` as needed. This will likely involve following the test steps, but instead of adding the staging PPA, enabling -proposed.
214
215 f. Once all SRU bugs are tagged as `verification*-done`, all SRU-bugs should be listed as green in [the pending_sru page](https://people.canonical.com/~ubuntu-archive/pending-sru.html).
216
217 g. After the pending SRU page says that ubuntu-advantage-tools has been in proposed for 7 days, it is now time to ping the [current SRU vanguard](https://wiki.ubuntu.com/StableReleaseUpdates#Publishing) for acceptance of ubuntu-advantage-tools into -updates.
218
219 h. Check `rmadison ubuntu-advantage-tools` for updated version in -updates.
220 * Also actually check that the packages are accessible in a container and updating the package.
221
222## III. Post-release updates
223
2241. Ensure the version tag is correct on GitHub. The `version` git tag should point to the commit that was released as that version to ubuntu -updates. If changes were made in response to feedback during the release process, the tag may have to be moved.
2252. Bring in any changes that were made to the release branch into `main` via PR (e.g., changelog edits).
2263. Move any scripts added in `sru/` to a new folder in `sru/_archive` for the release.
2274. Tell CPC that there is a new version of `ubuntu-advantage-tools` in -updates for all series.
diff --git a/dev-docs/howtoguides/testing.md b/dev-docs/howtoguides/testing.md
228deleted file mode 1006440deleted file mode 100644
index 24706d4..0000000
--- a/dev-docs/howtoguides/testing.md
+++ /dev/null
@@ -1,247 +0,0 @@
1# Testing
2All unit and lint tests are run using `tox`, with different versions of Python with specific constraints. We also use `tox-setuptools-version` to specify the correct setuptools version based on what is present in each release, and `tox-pyenv` to recognize the different local [pyenv interpreters](https://github.com/pyenv/pyenv).
3
4First, run the script to install and configure `pyenv`, and the `tox` dependencies:
5
6```shell
7./tools/setup_pyenv.sh
8```
9
10After that you need to [set up your shell environment](https://github.com/pyenv/pyenv#set-up-your-shell-environment-for-pyenv), according to the pyenv documentation.
11The guide has quick snippets to configure `bash`, `zsh` and `fish` shells.
12
13Refresh your terminal to make sure pyenv is working. Then you can run the unit and lint tests:
14
15```shell
16tox
17```
18
19> **Note**
20> There are a number of `autouse` mocks in our unit tests. These are intended to prevent accidental side effects on the host system from running the unit tests, as well as prevent leaks of the system environment into the unit tests.
21> One such `autouse` mock tells the unit tests that they are run as root (unless the mock is overriden for a particular test).
22> These `autouse` mocks have helped, but may not be preventing all side effects or environment leakage.
23
24The client also includes built-in dep8 tests. These are run as follows:
25
26```shell
27autopkgtest -U --shell-fail . -- lxd ubuntu:xenial
28```
29
30## Integration Tests
31
32Ubuntu Pro Client uses [behave](https://behave.readthedocs.io)
33for its integration testing.
34
35The integration test definitions are stored in the `features/`
36directory and consist of two parts: `.feature` files that define the
37tests we want to run, and `.py` files which implement the underlying
38logic for those tests.
39
40By default, integration tests will do the following on a given cloud platform:
41 * Launch an instance running latest daily image of the target Ubuntu release
42 * Add the Ubuntu Pro client daily build PPA: [ppa:ua-client/daily](https://code.launchpad.net/~ua-client/+archive/ubuntu/daily)
43 * Install the appropriate ubuntu-advantage-tools and ubuntu-advantage-pro deb
44 * Run the integration tests on that instance.
45
46The testing can be overridden to install ubuntu-advantage-tools from other sources instead of the daily PPA by providing `UACLIENT_BEHAVE_INSTALL_FROM` to the behave test runner. The default is `UACLIENT_BEHAVE_INSTALL_FROM=daily`, and the other available options are:
47
48- `staging`: install from the [staging PPA](https://code.launchpad.net/~ua-client/+archive/ubuntu/staging)
49- `stable`: install from the [stable PPA](https://code.launchpad.net/~ua-client/+archive/ubuntu/stable)
50- `archive`: install the latest version available in the archive, not adding any PPA
51- `proposed`: install the package from the -proposed pocket - specially useful for SRU testing (see [the release guide](how_to_release_a_new_version_of_ua.md))
52- `custom`: install from a custom provided PPA. If set, then two other variables need to be set: `UACLIENT_BEHAVE_CUSTOM_PPA=<PPA URL>` and `UACLIENT_BEHAVE_CUSTOM_PPA_KEYID=<signing key for the PPA>`.
53- `local`: install from a local copy of the ubuntu-advantage-client source code
54
55`local` is particularly useful, as it runs the suite against the local code, thus including and validating the latest changes made. It is advised to run any related integration tests against local code changes before pushing them to be reviewed.
56
57> **Note**
58> Note that we cache the source when running with `UACLIENT_BEHAVE_INSTALL_FROM=local` based on a hash, calculated from the repository state. If you change the python code locally and run the behave tests against your new version, there will be new debs in the cache source with the new repo state hash.
59
60To run the tests, you can use `tox`:
61
62```shell
63tox -e behave-lxd-20.04
64```
65
66or, if you just want to run a specific file, or a test within a file:
67
68```shell
69tox -e behave-lxd-20.04 features/unattached_commands.feature
70tox -e behave-lxd-20.04 features/unattached_commands.feature:28
71```
72
73As can be seen, this will run behave tests only for release 20.04 (Focal Fossa). We are currently
74supporting 5 distinct releases:
75
76* 21.10 (Kinetic Kudu)
77* 22.04 (Jammy Jellyfish)
78* 20.04 (Focal Fossa)
79* 18.04 (Bionic Beaver)
80* 16.04 (Xenial Xerus)
81
82Therefore, to change which release to run the behave tests against, just change the release version
83on the behave command.
84
85Furthermore, when developing/debugging a new scenario:
86
87 1. Add a `@wip` tag decorator on the scenario
88 2. To only run @wip scenarios run: `tox -e behave-lxd-20.04 -- -w`
89 3. If you want to use a debugger:
90 1. Add ipdb to integration-requirements.txt
91 2. Add ipdb.set_trace() in the code block you wish to debug
92
93(If you're getting started with behave, we recommend at least reading
94through [the behave
95tutorial](https://behave.readthedocs.io/en/latest/tutorial.html) to get
96an idea of how it works, and how tests are written.)
97
98## Iterating Locally
99
100To make running the tests repeatedly less time-intensive, our behave
101testing setup has support for reusing images between runs via two
102configuration options (provided in environment variables),
103`UACLIENT_BEHAVE_IMAGE_CLEAN` and `UACLIENT_BEHAVE_REUSE_IMAGE`.
104
105To avoid the test framework cleaning up the image it creates, you can
106run it like this:
107
108```sh
109UACLIENT_BEHAVE_IMAGE_CLEAN=0 tox -e behave
110```
111
112which will emit a line like this above the test summary:
113
114```
115Image cleanup disabled, not deleting: behave-image-1572443113978755
116```
117
118You can then reuse that image by plugging its name into your next test
119run, like so:
120
121```sh
122UACLIENT_BEHAVE_REUSE_IMAGE=behave-image-1572443113978755 tox -e behave
123```
124
125If you've done this correctly, you should see something like
126`reuse_image = behave-image-1572443113978755` in the "Config options"
127output, and test execution should start immediately (without the usual
128image build step).
129
130(Note that this handling is specific to our behave tests as it's
131performed in `features/environment.py`, so don't expect to find
132documentation about it outside of this codebase.)
133
134## Optimizing total run time of integration tests with snapshots
135When `UACLIENT_BEHAVE_SNAPSHOT_STRATEGY=1` we create a snapshot of an instance
136with ubuntu-advantage-tools installed and restore from that snapshot for all tests.
137This adds an upfront cost that is amortized across several test scenarios.
138
139Based on some rough testing in July 2021, these are the situations
140when you should set UACLIENT_BEHAVE_SNAPSHOT_STRATEGY=1
141
142> At time of writing, starting a lxd-vm instance from a local snapshot takes
143> longer than starting a fresh lxd-vm instance and installing ua.
144
145| machine_type | condition |
146| ------------- | ------------------ |
147| lxd-container | num_scenarios > 7 |
148| lxd-vm | never |
149| gcp | num_scenarios > 5 |
150| azure | num_scenarios > 14 |
151| aws | num_scenarios > 11 |
152
153## Integration testing on EC2
154The following tox environments allow for testing focal on EC2:
155
156```
157 # To test ubuntu-pro-images
158 tox -e behave-awspro-20.04
159 # To test Canonical cloud images (non-ubuntu-pro)
160 tox -e behave-awsgeneric-20.04
161```
162
163To run the test for a different release, just update the release version string. For example,
164to run AWS pro xenial tests, you can run:
165
166```
167tox -e behave-awspro-16.04
168```
169
170In order to run EC2 tests, please set up the [pycloudlib toml
171file](https://github.com/canonical/pycloudlib/blob/main/pycloudlib.toml.template) with
172the required EC2 credentials.
173
174To specifically run non-ubuntu pro tests using canonical cloud-images an
175additional token obtained from https://ubuntu.com/pro needs to be set:
176 - UACLIENT_BEHAVE_CONTRACT_TOKEN=<your_token>
177
178* To manually run EC2 integration tests with a specific AMI Id provide the
179following environment variable to launch your specific AMI instead of building
180a daily ubuntu-advantage-tools image.
181```sh
182UACLIENT_BEHAVE_REUSE_IMAGE=your-custom-ami tox -e behave-awspro-20.04
183```
184
185## Integration testing on Azure
186The following tox environments allow for testing focal on Azure:
187
188```
189 # To test ubuntu-pro-images
190 tox -e behave-azurepro-20.04
191 # To test Canonical cloud images (non-ubuntu-pro)
192 tox -e behave-azuregeneric-20.04
193```
194
195To run the test for a different release, just update the release version string. For example,
196to run Azure pro xenial tests, you can run:
197
198```
199tox -e behave-azurepro-16.04
200```
201
202In order to run Azure tests, please set up the [pycloudlib toml
203file](https://github.com/canonical/pycloudlib/blob/main/pycloudlib.toml.template) with
204the required Azure credentials.
205
206To specifically run non-ubuntu pro tests using canonical cloud-images an
207additional token obtained from https://ubuntu.com/pro needs to be set:
208 - UACLIENT_BEHAVE_CONTRACT_TOKEN=<your_token>
209
210* To manually run Azure integration tests with a specific Image Id provide the
211following environment variable to launch your specific Image Id instead of building
212a daily ubuntu-advantage-tools image.
213```sh
214UACLIENT_BEHAVE_REUSE_IMAGE=your-custom-image-id tox -e behave-azurepro-20.04
215```
216
217## Integration testing on GCP
218The following tox environments allow for testing focal on GCP:
219
220```
221 # To test ubuntu-pro-images
222 tox -e behave-gcppro-20.04
223 # To test Canonical cloud images (non-ubuntu-pro)
224 tox -e behave-gcpgeneric-20.04
225```
226
227To run the test for a different release, just update the release version string. For example,
228to run GCP pro xenial tests, you can run:
229
230```
231tox -e behave-gcppro-16.04
232```
233
234In order to run GCP tests, please set up the [pycloudlib toml
235file](https://github.com/canonical/pycloudlib/blob/main/pycloudlib.toml.template) with
236the required GCP credentials.
237
238To specifically run non-ubuntu pro tests using canonical cloud-images an
239additional token obtained from https://ubuntu.com/pro needs to be set:
240 - UACLIENT_BEHAVE_CONTRACT_TOKEN=<your_token>
241
242* To manually run GCP integration tests with a specific Image Id provide the
243following environment variable to launch your specific Image Id instead of building
244a daily ubuntu-advantage-tools image.
245```sh
246UACLIENT_BEHAVE_REUSE_IMAGE=your-custom-image-id tox -e behave-gcppro-20.04
247```
diff --git a/dev-docs/howtoguides/use_staging_environment.md b/dev-docs/howtoguides/use_staging_environment.md
248deleted file mode 1006440deleted file mode 100644
index b616fce..0000000
--- a/dev-docs/howtoguides/use_staging_environment.md
+++ /dev/null
@@ -1,13 +0,0 @@
1# Use the contracts staging environment
2
3You can change the contract server that the Pro Client will use by setting the
4following option in your `uaclient.conf` configuration file, (by default located at
5`/etc/ubuntu-advantage/uaclient.conf`).
6
7```yaml
8contract_url: https://contracts.staging.canonical.com
9```
10
11> **Note**
12> You might be using a local `uaclient.conf` file when running the pro client.
13> If that is the case, remember to change that file instead.
diff --git a/dev-docs/references/architecture.md b/dev-docs/references/architecture.md
14deleted file mode 1006440deleted file mode 100644
index a4efbdd..0000000
--- a/dev-docs/references/architecture.md
+++ /dev/null
@@ -1,18 +0,0 @@
1# Architecture
2
3Ubuntu Pro Client is a python3-based command line
4utility. It provides a CLI to attach, detach, enable,
5disable and check status of support related services.
6
7The package `ubuntu-advantage-tools` also provides a C++ APT hook which helps
8advertise ESM service and available packages in MOTD and during various apt
9commands.
10
11The `ubuntu-advantage-pro` package delivers auto-attach functionality via a
12systemd service for various cloud platforms.
13
14By default, Ubuntu machines are deployed in an unattached state. A machine can
15get manually or automatically attached to a specific contract by interacting
16with the Contract Server REST API. Any change in state of services or machine
17attach results in additional interactions with the Contract Server API to
18validate such operations.
diff --git a/dev-docs/references/daily_builds.md b/dev-docs/references/daily_builds.md
19deleted file mode 1006440deleted file mode 100644
index ea52c39..0000000
--- a/dev-docs/references/daily_builds.md
+++ /dev/null
@@ -1,4 +0,0 @@
1# Daily Builds
2
3On Launchpad, there is a [daily build recipe](https://code.launchpad.net/~canonical-server/+recipe/ua-client-daily),
4which will build the client and place it in the [ua-client-daily PPA](https://code.launchpad.net/~ua-client/+archive/ubuntu/daily).
diff --git a/dev-docs/references/directory_layout.md b/dev-docs/references/directory_layout.md
5deleted file mode 1006440deleted file mode 100644
index 1fc1f77..0000000
--- a/dev-docs/references/directory_layout.md
+++ /dev/null
@@ -1,31 +0,0 @@
1# Directory layout
2
3The following describes the intent of Ubuntu Pro Client related directories:
4
5| File/Directory | Intent |
6| -------- | -------- |
7| ./tools | Helpful scripts used to publish, release or test various aspects of Ubuntu Pro Client |
8| ./features/ | Behave BDD integration tests for Ubuntu Pro Client
9| ./uaclient/ | collection of python modules which will be packaged into ubuntu-advantage-tools package to deliver the Ubuntu Pro Client CLI |
10| uaclient.entitlements | Service-specific \*Entitlement class definitions which perform enable, disable, status, and entitlement operations etc. All classes derive from base.py:UAEntitlement and many derive from repo.py:RepoEntitlement |
11| ./uaclient/cli.py | The entry-point for the command-line client
12| ./uaclient/clouds/ | Cloud-platform detection logic used in Ubuntu Pro to determine if a given instance should be auto-attached to a contract |
13| uaclient.contract | Module for interacting with the Contract Server API |
14| uaclient.messages | Module that contains the messages delivered by `pro` to the user |
15| uaclient.security | Module that hold the logic used to run `pro fix` commands |
16| ./apt-hook/ | the C++ apt-hook delivering MOTD and apt command notifications about Ubuntu Pro support services |
17| /etc/ubuntu-advantage/uaclient.conf | Configuration file for the Ubuntu Pro Client.|
18| /var/lib/ubuntu-advantage/private | `root` read-only directory containing Contract API responses, machine-tokens and service credentials |
19| /var/lib/ubuntu-advantage/machine-token.json | `world` readable file containing redacted Contract API responses, machine-tokens and service credentials |
20| /var/log/ubuntu-advantage.log | `root` read-only log of ubuntu-advantage operations |
21
22## Note
23
24We have two `machine-token.json` files, located at:
25
26- /var/lib/ubuntu-advantage/private/machine-token.json
27- /var/lib/ubuntu-advantage/machine-token.json
28
29The first file, located in the `private` directory, is root read-only. We have another world readable file in the `/var/lib/ubuntu-advantage` directory.
30
31The latter is currently being used when calling the `pro status` command as a non-root user. This file is redacted to remove any sensitive user data.
diff --git a/dev-docs/references/early_review_signoff.md b/dev-docs/references/early_review_signoff.md
32deleted file mode 1006440deleted file mode 100644
index f5d99d8..0000000
--- a/dev-docs/references/early_review_signoff.md
+++ /dev/null
@@ -1,36 +0,0 @@
1# Early review sign-off
2As the Client has a very broad exception for SRUs, there are some features which
3need pre-evaluation from people outside the team.
4
5This pre-evaluation should be performed at specification time, even before any
6implementation, to prevent frustration from any side when trying to SRU and to
7avoid possible blockers for the process.
8
9The review for such special features must be performed by:
101. A SRU team member, and
112. Someone from the Ubuntu Core Development team with appropriate expertise on
12 the topic being changed.
13
14There may be the case where a single person matches both of the descriptions
15above - that is acceptable from the review perspective.
16
17## Features which need special attention
18
19The team should request the aforementioned pre-evaluation of any feature which
20involves:
21
22- How the Client interacts with APT
23- How the Client interacts with systemd
24- Anything that changes network traffic patterns, including anything
25that might "phone home"
26- Anything that changes the use of persistent processes or scheduled
27jobs
28- Changes that affect what part of the namespace in PATH we consume
29- Actions that take place without an explicit user opt-in*
30
31New items may be eventually added to this list
32(preferrably before any problem happens!).
33
34
35\* executing a CLI command to perform a specific task counts a
36 opt-in for that task.
diff --git a/dev-docs/references/enabling_a_service.md b/dev-docs/references/enabling_a_service.md
37deleted file mode 1006440deleted file mode 100644
index d799972..0000000
--- a/dev-docs/references/enabling_a_service.md
+++ /dev/null
@@ -1,21 +0,0 @@
1# Enabling a service
2
3Each service controlled by Ubuntu Pro Client will have a python module in
4uaclient/entitlements/\*.py which handles setup and teardown of services when
5enabled or disabled.
6
7If a contract entitles a machine to a service, `root` user can enable the
8service with `pro enable <service>`. If a service can be disabled
9`pro disable <service>` will be permitted.
10
11The goal of the Ubuntu Pro Client is to remain simple and flexible and let the
12contracts backend drive dynamic changes in contract offerings and constraints.
13In pursuit of that goal, the Ubuntu Pro Client obtains most of it's service constraints
14from a machine token that it obtains from the Contract Server API.
15
16The Ubuntu Pro Client is simple in that it relies on the machine token on the attached
17machine to describe whether a service is applicable for an environment and what
18configuration is required to properly enable that service.
19
20Any interactions with the Contract Server API are defined as UAContractClient
21class methods in [uaclient/contract.py](../../uaclient/contract.py).
diff --git a/dev-docs/references/pr_review_policy.md b/dev-docs/references/pr_review_policy.md
22deleted file mode 1006440deleted file mode 100644
index ce9a35e..0000000
--- a/dev-docs/references/pr_review_policy.md
+++ /dev/null
@@ -1,19 +0,0 @@
1# PR review policy
2
3The team follows this policy for PR reviews:
4
5* Simple PRs: PRs that fix typos or perform one line changes require **one** approval from a team
6 member and can be merged immediately by the reviewer.
7* Low complexity PRs: For short PRs we require **one** approval to merge. However, after approving the
8 PR we will wait for **one** day before merging it. This will allow other team members to review
9 the PR if they want. When one day has passed after the approval and there are no new requested
10 changes, any team member can merge.
11* Complex PRs: Minimum of **two** approvals from team members. After there are two team-member approvals
12 and there are no remaining requested changes, any team member can merge.
13* SRU blocker PRs: Some PRs may also require review from members that are not on the team, like SRU
14 reviewers. This is the case, for example, when adding/creating new systemd units. For those PRs, we
15 will directly ask for feedback from members outside the team that have a more suitable background to review
16 the change we are proposing. Therefore, we not only require at least **two** approvals from team members,
17 but also approvals from every external reviewer we assigned. After the required approvals have been given,
18 the additional review feedback has been taken into account, and there are no requested changes remaining,
19 any team member can merge.
diff --git a/dev-docs/references/terminology.md b/dev-docs/references/terminology.md
20deleted file mode 1006440deleted file mode 100644
index 0459eb7..0000000
--- a/dev-docs/references/terminology.md
+++ /dev/null
@@ -1,13 +0,0 @@
1# Terminology
2
3The following vocabulary is used to describe different aspects of the work
4Ubuntu Pro Client performs:
5
6| Term | Meaning |
7| -------- | -------- |
8| Ubuntu Pro Client | The python command line client represented in this ubuntu-pro-client repository. It is installed on each Ubuntu machine and is the entry-point to enable any Ubuntu Pro commercial service on an Ubuntu machine |
9| Contract Server | The backend service exposing a REST API to which Ubuntu Pro Client authenticates in order to obtain contract and commercial service information and manage which support services are active on a machine |
10| Entitlement/Service | An Ubuntu Pro commercial support service such as FIPS, ESM, Livepatch, CIS-Audit to which a contract may be entitled |
11| Affordance | Service-specific list of applicable architectures and Ubuntu series on which a service can run |
12| Directives | Service-specific configuration values which are applied to a service when enabling that service |
13| Obligations | Service-specific policies that must be instrumented for support of a service. Example: `enableByDefault: true` means that any attached machine **MUST** enable a service on attach |
diff --git a/dev-docs/references/version_string_formatting.md b/dev-docs/references/version_string_formatting.md
14deleted file mode 1006440deleted file mode 100644
index 59f163c..0000000
--- a/dev-docs/references/version_string_formatting.md
+++ /dev/null
@@ -1,27 +0,0 @@
1# Version string formatting
2
3Below are the versioning schemes used for publishing debs:
4
5| Build target | Version Format |
6| --------------------------------------------------------------------------------- | ------------------------------------------ |
7| [Daily PPA](https://code.launchpad.net/~canonical-server/+recipe/ua-client-daily) | `XX.YY-<revno>~g<commitish>~ubuntu22.04.1` |
8| Staging PPA | `XX.YY~22.04~rc1` |
9| Stable PPA | `XX.YY~22.04~stableppa1` |
10| Archive release | `XX.YY~22.04` |
11| Archive bugfix release | `XX.YY.Z~22.04` |
12
13## Supported upgrade paths on same upstream version
14
15Regardless of source, the latest available "upstream version" (e.g. 27.4) will always be installed, because the upstream version comes first followed by a tilde in all version formats.
16
17This table demonstrates upgrade paths between sources for one particular upstream version.
18
19| Upgrade path | Version diff example |
20| ------------------------------- | ----------------------------------------------------------------------- |
21| Staging to Next Staging rev | `31.4~22.04~rc1` ➜ `31.4~22.04~rc2` |
22| Staging to Stable | `31.4~22.04~rc2` ➜ `31.4~22.04~stableppa1` |
23| Stable to Next Stable rev | `31.4~22.04~stableppa1` ➜ `31.4~22.04~stableppa2` |
24| Stable to Archive | `31.4~22.04~stableppa2` ➜ `31.4~22.04` |
25| LTS Archive to Next LTS Archive | `31.4~22.04` ➜ `31.4~24.04` |
26| Archive to Daily | `31.4~24.04` ➜ `31.4-1500~g75fa134~ubuntu24.04.1` |
27| Daily to Next Daily | `31.4-1500~g75fa134~ubuntu24.04.1` ➜ `31.4-1501~g3836375~ubuntu24.04.1` |
diff --git a/dev-docs/references/what_happens_during_attach.md b/dev-docs/references/what_happens_during_attach.md
28deleted file mode 1006440deleted file mode 100644
index 05854e1..0000000
--- a/dev-docs/references/what_happens_during_attach.md
+++ /dev/null
@@ -1,15 +0,0 @@
1### What happens during attach
2After running the command `pro attach TOKEN`, Ubuntu Pro Client will perform the following steps:
3
4* Read the config from /etc/ubuntu-advantage/uaclient.conf to obtain
5 the contract\_url (default: https://contracts.canonical.com)
6* POSTs to the Contract Server API @
7 <contract_url>/api/v1/context/machines/token providing the \<contractToken\>
8* The Contract Server responds with a JSON blob containing an unique machine
9 token, service credentials, affordances, directives and obligations to allow
10 enabling and disabling Ubuntu Pro services
11* Ubuntu Pro Client writes the machine token API response to the root-readonly
12 /var/lib/ubuntu-advantage/private/machine-token.json and a version with secrets redacted to the world-readable
13 file /var/lib/ubuntu-advantage/machine-token.json.
14* Ubuntu Pro Client auto-enables any services defined with
15 `obligations:{enableByDefault: true}`
diff --git a/docs-requirements.txt b/docs-requirements.txt
16deleted file mode 1006440deleted file mode 100644
index a2de834..0000000
--- a/docs-requirements.txt
+++ /dev/null
@@ -1,7 +0,0 @@
1furo
2m2r2
3myst-parser
4sphinx==5.1.1
5sphinx_autobuild
6sphinx_copybutton
7sphinx_design
diff --git a/docs/_static/circle_of_friends.png b/docs/_static/circle_of_friends.png
8deleted file mode 1006440deleted file mode 100644
index 4178914..0000000
9Binary files a/docs/_static/circle_of_friends.png and /dev/null differ1Binary files a/docs/_static/circle_of_friends.png and /dev/null differ
diff --git a/docs/_static/css/custom.css b/docs/_static/css/custom.css
10deleted file mode 1006442deleted file mode 100644
index 49efd28..0000000
--- a/docs/_static/css/custom.css
+++ /dev/null
@@ -1,240 +0,0 @@
1/** Fix the font weight (300 for normal, 400 for slightly bold) **/
2/** Should be 100 for all headers, 400 for normal text **/
3
4h1, h2, h3, h4, h5, h6, .sidebar-tree .current-page>.reference, button, input, optgroup, select, textarea, th.head {
5 font-weight: 200;
6}
7
8.toc-title {
9 font-weight: 400;
10}
11
12div.page, li.scroll-current>.reference, dl.glossary dt, dl.simple dt, dl:not([class]) dt {
13 font-weight: 300;
14 line-height: 1.5;
15 font-size: var(--font-size--normal);
16}
17
18
19/** Side bars (side-bar tree = left, toc-tree = right) **/
20div.sidebar-tree {
21 font-weight: 200;
22 line-height: 1.5;
23 font-size: var(--font-size--normal);
24}
25
26div.toc-tree {
27 font-weight: 200;
28 font-size: var(--font-size--medium);
29 line-height: 1.5;
30}
31
32.sidebar-tree .toctree-l1>.reference, .toc-tree li.scroll-current>.reference {
33 font-weight: 400;
34}
35
36/** List styling **/
37ol, ul {
38 margin-bottom: 1.5rem;
39 margin-left: 1rem;
40 margin-top: 0;
41 padding-left: 1rem;
42}
43
44/** Table styling **/
45
46th.head {
47 text-transform: uppercase;
48 font-size: var(--font-size--small);
49}
50
51table.docutils {
52 border: 0;
53 box-shadow: none;
54 width:100%;
55}
56
57table.docutils td, table.docutils th, table.docutils td:last-child, table.docutils th:last-child, table.docutils td:first-child, table.docutils th:first-child {
58 border-right: none;
59 border-left: none;
60}
61
62/* center align table cells with ":-:" */
63td.text-center {
64 text-align: center;
65}
66
67/** No rounded corners **/
68
69.admonition, code.literal, .sphinx-tabs-tab, .sphinx-tabs-panel, .highlight {
70 border-radius: 0;
71}
72
73/** code blocks and literals **/
74code.docutils.literal.notranslate, .highlight pre, pre.literal-block {
75 font-size: var(--font-size--medium);
76}
77
78
79/** Admonition styling **/
80
81.admonition {
82 font-size: var(--font-size--medium);
83 box-shadow: none;
84}
85
86/** Styling for links **/
87/* unvisited link */
88a:link {
89 color: #06c;
90 text-decoration: none;
91}
92
93/* visited link */
94a:visited {
95 color: #7d42b8;
96 text-decoration: none;
97}
98
99/* mouse over link */
100a:hover {
101 text-decoration: underline;
102}
103
104/* selected link */
105a:active {
106 text-decoration: underline;
107}
108
109a.sidebar-brand.centered {
110 text-decoration: none;
111}
112
113/** Color for the "copy link" symbol next to headings **/
114
115a.headerlink {
116 color: var(--color-brand-primary);
117}
118
119/** Line to the left of the current navigation entry **/
120
121.sidebar-tree li.current-page {
122 border-left: 2px solid var(--color-brand-primary);
123}
124
125/** Some tweaks for issue #16 **/
126
127[role="tablist"] {
128 border-bottom: 1px solid var(--color-sidebar-item-background--hover);
129}
130
131.sphinx-tabs-tab[aria-selected="true"] {
132 border: 0;
133 border-bottom: 2px solid var(--color-brand-primary);
134 background-color: var(--color-sidebar-item-background--current);
135 font-weight:300;
136}
137
138.sphinx-tabs-tab{
139 color: var(--color-brand-primary);
140 font-weight:300;
141}
142
143.sphinx-tabs-panel {
144 border: 0;
145 border-bottom: 1px solid var(--color-sidebar-item-background--hover);
146 background: var(--color-background-primary);
147}
148
149button.sphinx-tabs-tab:hover {
150 background-color: var(--color-sidebar-item-background--hover);
151}
152
153/** Custom classes to fix scrolling in tables by decreasing the
154 font size or breaking certain columns.
155 Specify the classes in the Markdown file with, for example:
156 ```{rst-class} break-col-4 min-width-4-8
157 ```
158**/
159
160table.dec-font-size {
161 font-size: smaller;
162}
163table.break-col-1 td.text-left:first-child {
164 word-break: break-word;
165}
166table.break-col-4 td.text-left:nth-child(4) {
167 word-break: break-word;
168}
169table.min-width-1-15 td.text-left:first-child {
170 min-width: 15em;
171}
172table.min-width-4-8 td.text-left:nth-child(4) {
173 min-width: 8em;
174}
175
176/** Underline for abbreviations **/
177
178abbr[title] {
179 text-decoration: underline solid #cdcdcd;
180}
181
182/** Use the same style for right-details as for left-details **/
183.bottom-of-page .right-details {
184 font-size: var(--font-size--small);
185 display: block;
186}
187
188/** Version switcher */
189button.version_select {
190 color: var(--color-foreground-primary);
191 background-color: var(--color-toc-background);
192 padding: 5px 10px;
193 border: none;
194}
195
196.version_select:hover, .version_select:focus {
197 background-color: var(--color-sidebar-item-background--hover);
198}
199
200.version_dropdown {
201 position: relative;
202 display: inline-block;
203 text-align: right;
204 font-size: var(--sidebar-item-font-size);
205}
206
207.available_versions {
208 display: none;
209 position: absolute;
210 right: 0px;
211 background-color: var(--color-toc-background);
212 box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.2);
213 z-index: 11;
214}
215
216.available_versions a {
217 color: var(--color-foreground-primary);
218 padding: 12px 16px;
219 text-decoration: none;
220 display: block;
221}
222
223.available_versions a:hover {background-color: var(--color-sidebar-item-background--current)}
224
225.show {display:block;}
226
227/** Fix for nested numbered list - the nested list is lettered **/
228ol.arabic ol.arabic {
229 list-style: lower-alpha;
230}
231
232/** Make expandable sections look like links **/
233details summary {
234 color: var(--color-link);
235}
236
237/** Context links at the bottom of the page **/
238footer {
239 font-size: var(--font-size--medium);
240}
diff --git a/docs/_static/css/github_issue_links.css b/docs/_static/css/github_issue_links.css
241deleted file mode 1006440deleted file mode 100644
index af4be86..0000000
--- a/docs/_static/css/github_issue_links.css
+++ /dev/null
@@ -1,24 +0,0 @@
1.github-issue-link-container {
2 padding-right: 0.5rem;
3}
4.github-issue-link {
5 font-size: var(--font-size--small);
6 font-weight: bold;
7 background-color: #DD4814;
8 padding: 13px 23px;
9 text-decoration: none;
10}
11.github-issue-link:link {
12 color: #FFFFFF;
13}
14.github-issue-link:visited {
15 color: #FFFFFF
16}
17.muted-link.github-issue-link:hover {
18 color: #FFFFFF;
19 text-decoration: underline;
20}
21.github-issue-link:active {
22 color: #FFFFFF;
23 text-decoration: underline;
24}
diff --git a/docs/_static/css/logo.css b/docs/_static/css/logo.css
25deleted file mode 1006440deleted file mode 100644
index 98d7cef..0000000
--- a/docs/_static/css/logo.css
+++ /dev/null
@@ -1,7 +0,0 @@
1.sidebar-brand.centered {
2 text-align: start;
3}
4.sidebar-logo {
5 max-width: 44px;
6 margin: initial;
7}
diff --git a/docs/_static/js/github_issue_links.js b/docs/_static/js/github_issue_links.js
8deleted file mode 1006440deleted file mode 100644
index d339060..0000000
--- a/docs/_static/js/github_issue_links.js
+++ /dev/null
@@ -1,25 +0,0 @@
1window.onload = function() {
2 const link = document.createElement("a");
3 link.classList.add("muted-link");
4 link.classList.add("github-issue-link");
5 link.text = "Give feedback";
6 link.href = (
7 "https://github.com/canonical/ubuntu-pro-client/issues/new?"
8 + "title=docs%3A+TYPE+YOUR+QUESTION+HERE"
9 + "&body=*Please describe the question or issue you're facing with "
10 + `"${document.title}"`
11 + ".*"
12 + "%0A%0A%0A%0A%0A"
13 + "---"
14 + "%0A"
15 + `*Reported+from%3A+${location.href}*`
16 );
17 link.target = "_blank";
18
19 const div = document.createElement("div");
20 div.classList.add("github-issue-link-container");
21 div.append(link)
22
23 const container = document.querySelector(".article-container > .content-icon-container");
24 container.prepend(div);
25};
diff --git a/docs/conf.py b/docs/conf.py
26deleted file mode 1006440deleted file mode 100644
index 33da04c..0000000
--- a/docs/conf.py
+++ /dev/null
@@ -1,109 +0,0 @@
1# Configuration file for the Sphinx documentation builder.
2#
3# This file only contains a selection of the most common options. For a full
4# list see the documentation:
5# https://www.sphinx-doc.org/en/master/usage/configuration.html
6
7# -- Path setup --------------------------------------------------------------
8
9# If extensions (or modules to document with autodoc) are in another directory,
10# add these directories to sys.path here. If the directory is relative to the
11# documentation root, use os.path.abspath to make it absolute, like shown here.
12#
13# import os
14# import sys
15# sys.path.insert(0, os.path.abspath('.'))
16
17import datetime
18
19# -- Project information -----------------------------------------------------
20
21project = "Ubuntu Pro Client"
22author = "Canonical Group Ltd"
23copyright = "%s, %s" % (datetime.date.today().year, author)
24
25# -- General configuration ---------------------------------------------------
26
27# Add any Sphinx extension module names here, as strings. They can be
28# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
29# ones.
30
31extensions = [
32 "myst_parser",
33 "sphinx_copybutton",
34 "sphinx_design",
35]
36
37# Add any paths that contain templates here, relative to this directory.
38
39templates_path = ["_templates"]
40
41html_extra_path = ["googleaf254801a5285c31.html", "sitemap-index.xml"]
42
43# List of patterns, relative to source directory, that match files and
44# directories to ignore when looking for source files.
45# This pattern also affects html_static_path and html_extra_path.
46
47exclude_patterns = []
48
49# It seems we need to request creation of automatic anchors for our headings.
50# Setting to 2 because that's what we need now.
51# If referencing any heading of lesser importance, adjust here.
52
53myst_heading_anchors = 3
54
55
56# -- Options for HTML output -------------------------------------------------
57
58# The theme to use for HTML and HTML Help pages. See the documentation for
59# a list of builtin themes:
60# https://www.sphinx-doc.org/en/master/usage/configuration.html#options-for-html-output
61
62html_theme = "furo"
63html_logo = "_static/circle_of_friends.png"
64html_theme_options = {
65 "light_css_variables": {
66 "color-sidebar-background-border": "none",
67 "font-stack": "Ubuntu, -apple-system, Segoe UI, Roboto, Oxygen, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif",
68 "font-stack--monospace": "Ubuntu Mono variable, Ubuntu Mono, Consolas, Monaco, Courier, monospace",
69 "color-foreground-primary": "#111",
70 "color-foreground-secondary": "var(--color-foreground-primary)",
71 "color-foreground-muted": "#333",
72 "color-background-secondary": "#FFF",
73 "color-background-hover": "#f2f2f2",
74 "color-brand-primary": "#111",
75 "color-brand-content": "#06C",
76 "color-inline-code-background": "rgba(0,0,0,.03)",
77 "color-sidebar-link-text": "#111",
78 "color-sidebar-item-background--current": "#ebebeb",
79 "color-sidebar-item-background--hover": "#f2f2f2",
80 "sidebar-item-line-height": "1.3rem",
81 "color-link-underline": "var(--color-background-primary)",
82 "color-link-underline--hover": "var(--color-background-primary)",
83 },
84 "dark_css_variables": {
85 "color-foreground-secondary": "var(--color-foreground-primary)",
86 "color-foreground-muted": "#CDCDCD",
87 "color-background-secondary": "var(--color-background-primary)",
88 "color-background-hover": "#666",
89 "color-brand-primary": "#fff",
90 "color-brand-content": "#06C",
91 "color-sidebar-link-text": "#f7f7f7",
92 "color-sidebar-item-background--current": "#666",
93 "color-sidebar-item-background--hover": "#333",
94 },
95}
96
97# Add any paths that contain custom static files (such as style sheets) here,
98# relative to this directory. They are copied after the builtin static files,
99# so a file named "default.css" will overwrite the builtin "default.css".
100html_static_path = ["_static"]
101
102html_css_files = [
103 "css/logo.css",
104 "css/github_issue_links.css",
105 "css/custom.css",
106]
107html_js_files = [
108 "js/github_issue_links.js",
109]
diff --git a/docs/explanations.rst b/docs/explanations.rst
110deleted file mode 1006440deleted file mode 100644
index 78adb85..0000000
--- a/docs/explanations.rst
+++ /dev/null
@@ -1,56 +0,0 @@
1Ubuntu Pro Client explanation
2*****************************
3
4Our explanatory and conceptual guides are written to provide a better
5understanding of how the Ubuntu Pro Client (``pro``) works. They enable you
6to expand your knowledge and become better at using and configuring ``pro``.
7
8Messaging
9=========
10
11Here you'll find details about Ubuntu Pro Client-related APT and MOTD messages
12-- what they are, when they are used and how they work.
13
14.. toctree::
15 :maxdepth: 1
16
17 Pro-related APT messages <explanations/apt_messages.md>
18 Pro-related MOTD messages <explanations/motd_messages.md>
19
20Commands
21========
22
23Some of the commands in ``pro`` do more than you think. Here we'll show you a
24selection of some of the commands -- what they do, and how they work.
25
26.. toctree::
27 :maxdepth: 1
28
29 explanations/how_to_interpret_the_security_status_command.md
30 explanations/how_to_interpret_output_of_unattended_upgrades.md
31 explanations/status_columns.md
32 explanations/what_refresh_does.md
33
34Public Cloud Ubuntu Pro
35=======================
36
37Here we talk about Ubuntu Pro images for AWS, Azure and GCP, and the related
38tooling: the ``ubuntu-advantage-pro`` package.
39
40.. toctree::
41 :maxdepth: 1
42
43 explanations/what_are_ubuntu_pro_cloud_instances.md
44 explanations/what_is_the_ubuntu_advantage_pro_package.md
45
46Other Pro features explained
47============================
48
49.. toctree::
50 :maxdepth: 1
51
52 explanations/cves_and_usns_explained.md
53 explanations/what_are_the_timer_jobs.md
54 explanations/what_is_the_daemon.md
55 explanations/why_trusty_is_no_longer_supported.md
56 explanations/errors_explained.md
diff --git a/docs/explanations/apt_messages.md b/docs/explanations/apt_messages.md
57deleted file mode 1006440deleted file mode 100644
index edd50d2..0000000
--- a/docs/explanations/apt_messages.md
+++ /dev/null
@@ -1,156 +0,0 @@
1# Ubuntu Pro-related APT messages
2
3When running some APT commands, you might see Ubuntu Pro-related messages in
4the output of those commands. Currently, we deliver those messages when
5running either `apt upgrade` or `apt dist-upgrade`. The scenarios
6where we deliver those messages are:
7
8## ESM series with esm-infra service disabled
9
10When you run `apt upgrade` on an ESM release, like Xenial, we advertise
11the `esm-infra` service if packages could be upgraded by enabling the service:
12
13```
14Reading package lists... Done
15Building dependency tree
16Reading state information... Done
17Calculating upgrade... Done
18The following package was automatically installed and is no longer required:
19 libfreetype6
20 Use 'apt autoremove' to remove it.
21The following security updates require Ubuntu Pro with 'esm-infra' enabled:
22 libpam0g libpam-modules openssl ntfs-3g git-man libsystemd0 squashfs-tools git openssh-sftp-server udev libpam-runtime isc-dhcp-common libx11-6 libudev1 apport python3-apport systemd-sysv liblz4-1 libpam-systemd systemd libpam-modules-bin openssh-server libx11-data openssh-client libxml2 curl isc-dhcp-client python3-problem-report libcurl3-gnutls libssl1.0.0
23Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04
24```
25
26## LTS series with esm-apps service disabled
27
28When you are running `apt upgrade` on a LTS release, like Focal, we advertise
29the `esm-apps` service if packages could be upgraded by enabling the service:
30
31```
32Reading package lists... Done
33Building dependency tree
34Reading state information... Done
35Calculating upgrade... Done
36The following package was automatically installed and is no longer required:
37 libfreetype6
38Use 'apt autoremove' to remove it.
39Get more security updates through Ubuntu Pro with 'esm-apps' enabled:
40 adminer editorconfig ansible
41Learn more about Ubuntu Pro at https://ubuntu.com/pro
420 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
43```
44
45## ESM package count
46
47If both ESM services are enabled on the system, we deliver a package count
48related to each service near the end of the `apt` command:
49
50```
511 standard LTS security update, 29 esm-infra security updates and 8 esm-apps security updates
52```
53
54We only deliver this message if the service is enabled *and* we upgraded
55packages related to it. For example, if we had no `esm-infra` package upgrades,
56the message would be:
57
58```
591 standard LTS security update and 8 esm-apps security updates
60```
61
62## Expired contract
63
64If we detect that your contract is expired, we will deliver the following
65message advertising `esm-infra` in the middle of the `apt upgrade` command:
66
67```
68#
69# *Your Ubuntu Pro subscription has EXPIRED*
70# 10 additional security update(s) require Ubuntu Pro with '{service}' enabled.
71# Renew your service at https://ubuntu.com/pro
72#
73```
74
75If we don't have any `esm-infra`-related packages to upgrade, we would show the
76following message instead:
77
78```
79#
80# *Your Ubuntu Pro subscription has EXPIRED*
81# Renew your service at https://ubuntu.com/pro
82#
83```
84
85## Contract is about to expire
86
87Similarly, if we detect that your contract is about to expire, we deliver the
88following message in the middle of the `apt` command:
89
90```
91#
92# CAUTION: Your Ubuntu Pro subscription will expire in 2 days.
93# Renew your subscription at https://ubuntu.com/pro to ensure continued
94# security coverage for your applications.
95#
96```
97
98## Contract has expired, but still in grace period
99
100Additionally, if we detect that the contract has expired, but is still in the
101grace period, the following message will be seen in the middle of the `apt`
102command output:
103
104```
105#
106# CAUTION: Your Ubuntu Pro subscription expired on 10 Sep 2021.
107# Renew your subscription at https://ubuntu.com/pro to ensure continued
108# security coverage for your applications.
109# Your grace period will expire in 11 days.
110#
111```
112
113## How are the APT messages generated?
114
115We have two distinct `apt` hooks that allow us to deliver these messages when
116you run `apt upgrade` or `apt dist-upgrade`. They are:
117
118### `apt-esm-hook`
119
120Responsible for populating templates with accurate package counts (i.e. the package
121count we see on the Expired contract messages).
122However, the messaging here is created by two distinct steps:
123
1241. Our [update_messages](what_are_the_timer_jobs.md) timer job creates
125 templates for the APT messages this hook will deliver. We cannot create the
126 full message on the timer job, because we need the accurate package names
127 and count. This information can only be obtained when running the `apt`
128 command.
129
130 ```{note}
131 These templates will only be produced if certain conditions are met. For
132 example, we only produce "expired contract" templates if the contracts are
133 indeed expired.
134 ```
135
1362. When you run either `apt upgrade` or `apt dist-upgrade`, the hook
137 searches for these templates and if they exist, they are populated with the
138 correct `apt` content and delivered to the user.
139
140### `apt-esm-json-hook`
141
142The JSON hook is responsible for delivering the rest of the message we have presented here.
143This hook is used to inject the message in the exact place we want, so we need to use a specific `apt`
144[JSON hook](https://salsa.debian.org/apt-team/apt/-/blob/main/doc/json-hooks-protocol.md)
145to communicate with it.
146
147```{note}
148Those hooks are only delivered on LTS releases. This is because the hooks will
149not deliver useful messages on non-LTS due to lack of support for ESM services.
150```
151
152## How are APT configured to deliver those messages?
153
154We currently ship the package the `20apt-esm-hook.conf` configuration that
155configures both the basic apt hooks to call our `apt-esm-hook` binary, and also
156the `json` API of `apt` to call our `apt-esm-json-hook` binary.
diff --git a/docs/explanations/cves_and_usns_explained.md b/docs/explanations/cves_and_usns_explained.md
157deleted file mode 1006440deleted file mode 100644
index 272c1d8..0000000
--- a/docs/explanations/cves_and_usns_explained.md
+++ /dev/null
@@ -1,44 +0,0 @@
1# CVEs and USNs explained
2
3## What is a CVE
4
5Common Vulnerabilities and Exposures (CVEs) are a way to catalogue and track public security
6vulnerabilities for a given software. Every CVE is identified through a unique identifier,
7for example [CVE-2023-0465](https://www.cve.org/CVERecord?id=CVE-2023-0465).
8
9CVEs are maintained by the [MITRE Corporation](https://cve.mitre.org/) and the goal of the project
10is to provide naming conventions for the public known security issues while also maintaining a
11centralised repository for all of the security issues. This makes it easier for an organization to
12submit a new security flaw though the CVE convention while also analysing any other existing CVEs
13in the database.
14
15You can search for any existing CVE related to Ubuntu using
16[the Ubuntu CVE page](https://ubuntu.com/security/cves).
17
18## What is a USN?
19
20An Ubuntu Security Notice (USN) is the way that Canonical publicly catalogues and displays security
21vulneratibilities for Ubuntu packages. Usually, a USN is composed of one or more
22[CVEs](#what-is-a-cve) and it also contains update instructions to fix the issue, if a fix is
23already available.
24
25USNs follow a naming convention of the format: [USN-5963-1](https://ubuntu.com/security/notices/USN-5963-1)
26
27You can search for any existing USN using
28[the Ubuntu Security Notices page](https://ubuntu.com/security/notices).
29
30## What are related USNs?
31
32A USN is composed of different CVEs. If the same CVE appears on multiple USNs, we say that those USNs are related.
33In the following image, we can see a visual representation of that concept, where USN-789 and USN-321
34are related USNs because both are affected by CVE-2:
35
36![Related USN example](../images/usn-related.png)
37
38
39A real example can be seen in [USN-5573-1](https://ubuntu.com/security/notices/USN-5573-1).
40In the section **Related notices**, it shows that both **USN-5570-1**
41and **USN-5570-2** are related to **USN-5573-1**.
42
43This information is useful for users that want to tackle
44all related USNs at once, making sure that a CVE is fully fixed on their Ubuntu machine.
diff --git a/docs/explanations/errors_explained.md b/docs/explanations/errors_explained.md
45deleted file mode 1006440deleted file mode 100644
index 6739e8b..0000000
--- a/docs/explanations/errors_explained.md
+++ /dev/null
@@ -1,101 +0,0 @@
1# Errors you may encounter and their meaning
2
3If you encounter an error or warning message from Pro Client that you don't understand and cannot find it in this document, please click "Have a question?" at the top of the page and let us know so that we can add it.
4
5## User Configuration Migration in version 27.14
6
7Version 27.14 of Ubuntu Pro Client changed how some user configuration settings are stored on disk. It moved several settings out of `/etc/ubuntu-advantage/uaclient.conf` and into a file managed solely by the `pro config {set,unset,show}` subcommands.
8
9Most settings should've gotten automatically migrated to the new file when Pro Client upgraded. If something failed you may see one of the following messages:
10
11### Migration error 1
12**Error message:**
13```
14Warning: Failed to load /etc/ubuntu-advantage/uaclient.conf
15 No automatic migration will occur.
16 You may need to use "pro config set" to re-set your settings.
17```
18
19**Where you'll see it:**
20
21During an `apt upgrade` or `apt install ubuntu-advantage-tools`
22
23**What does it mean:**
24
25This means that `/etc/ubuntu-advantage/uaclient.conf` was unable to be read or unable to be parsed as yaml during the migration.
26
27**What you can do about it:**
28
29Check the contents of `/etc/ubuntu-advantage/uaclient.conf`.
301. Ensure it is valid yaml
312. For any setting that is nested under `ua_config`:
32 - If you modified the value in the past: run `pro config set field_name=your_custom_value`
33 - delete the setting from `/etc/ubuntu-advantage/uaclient.conf`
34 - delete the `ua_config:` line from `/etc/ubuntu-advantage/uaclient.conf`
35
36### Migration error 2
37**Error message:**
38```
39Warning: Failed to migrate user_config from /etc/ubuntu-advantage/uaclient.conf
40 Please run the following to keep your custom settings:
41 pro config set example=example
42```
43
44**Where you'll see it:**
45
46During an `apt upgrade` or `apt install ubuntu-advantage-tools`
47
48**What does it mean:**
49
50This means that `/var/lib/ubuntu-advantage/user-config.json` was unable to be written or a json serialization error occurred.
51
52**What you can do about it:**
53
54Run each of the `pro config set` commands recommended in the warning message.
55
56### Migration error 3
57**Error message:**
58```
59Warning: Failed to migrate /etc/ubuntu-advantage/uaclient.conf
60 Please add following to uaclient.conf to keep your config:
61 example: example
62```
63
64**Where you'll see it:**
65
66During an `apt upgrade` or `apt install ubuntu-advantage-tools`
67
68**What does it mean:**
69
70This means that `/etc/ubuntu-advantage/uaclient.conf` was unable to be written or a yaml serialization error occurred.
71
72**What you can do about it:**
73
74Ensure that the settings listed in the warning output make it into your new uaclient.conf.
75
76### Warnings in versions >=27.14~
77
78**Error message:**
79```
80legacy "ua_config" found in uaclient.conf
81```
82or
83```
84Warning: uaclient.conf contains old ua_config field.
85```
86
87**Where you'll see it:**
88
89In `/var/log/ubuntu-advantage.log` after using the `pro` cli or during an `apt upgrade` to a newer version of ubuntu-advantage-tools.
90
91**What does it mean:**
92
93This means that there are still settings nested under `ua_config` in `/etc/ubuntu-advantage/uaclient.conf`. These will still be honored, but support may be removed in the future.
94
95**What you can do about it:**
96
97Check the contents of `/etc/ubuntu-advantage/uaclient.conf`.
98For any setting that is nested under `ua_config`:
99- If you modified the value in the past: run `pro config set field_name=your_custom_value`
100- delete the setting from `/etc/ubuntu-advantage/uaclient.conf`
101- delete the `ua_config:` line from `/etc/ubuntu-advantage/uaclient.conf`
diff --git a/docs/explanations/how_to_interpret_output_of_unattended_upgrades.md b/docs/explanations/how_to_interpret_output_of_unattended_upgrades.md
102deleted file mode 1006440deleted file mode 100644
index 714c14a..0000000
--- a/docs/explanations/how_to_interpret_output_of_unattended_upgrades.md
+++ /dev/null
@@ -1,82 +0,0 @@
1# How to interpret the output of unattended-upgrades
2
3On Pro Client version 27.14~, we introduced the `u.pro.unattended_upgrades.status.v1` endpoint.
4This endpoint is designed to provide users with an overview of the configuration and setup for
5unattended-upgrades on the machine. The expected output follows this JSON example:
6
7```json
8{
9 "_schema_version": "v1",
10 "data": {
11 "attributes": {
12 "apt_periodic_job_enabled": true,
13 "package_lists_refresh_frequency_days": 1,
14 "systemd_apt_timer_enabled": true,
15 "unattended_upgrades_allowed_origins": [
16 "${distro_id}:${distro_codename}",
17 "${distro_id}:${distro_codename}-security",
18 "${distro_id}ESMApps:${distro_codename}-apps-security",
19 "${distro_id}ESM:${distro_codename}-infra-security"
20 ],
21 "unattended_upgrades_disabled_reason": null,
22 "unattended_upgrades_frequency_days": 1,
23 "unattended_upgrades_last_run": null,
24 "unattended_upgrades_running": true
25 },
26 "meta": {
27 "environment_vars": [],
28 "raw_config": {
29 "APT::Periodic::Enable": "1",
30 "APT::Periodic::Unattended-Upgrade": "1",
31 "APT::Periodic::Update-Package-Lists": "1",
32 "Unattended-Upgrade::Allowed-Origins": [
33 "${distro_id}:${distro_codename}",
34 "${distro_id}:${distro_codename}-security",
35 "${distro_id}ESMApps:${distro_codename}-apps-security",
36 "${distro_id}ESM:${distro_codename}-infra-security"
37 ]
38 }
39 },
40 "type": "UnattendedUpgradesStatus"
41 },
42 "errors": [],
43 "result": "success",
44 "version": "27.14~16.04.1",
45 "warnings": []
46}
47```
48
49As we can see from this output, we have a variable named `unattended_upgrades_running`. That variable
50indicates if unattended-upgrades is properly configured and running on the machine.
51The value of this field will only be `true` if *ALL* of the following prerequisites are also true:
52
53* *`apt_periodic_job_enable` is true*: That variable indicates if the APT::Periodic::Enable configuration variable
54 is turned on. If it is turned off, unattended-upgrades will not automatically run on the machine.
55* *`package_lists_refresh_frequency_days` is non-zero*: That variable shows the value of APT::Periodic::Package-List-Frequency.
56 This configuration defines the daily frequency for updating package sources in the background. If it has a zero value, this step will never
57 happen and unattended-upgrades might not be able to install new versions of the packages.
58* *`systemd_apt_timer_enabled` is true*: This variable is true if both `apt-daily.timer` and `apt-daily-upgrade.timer` are running
59 on the machine. These timers are the ones that control when unattended-upgrades run. The first job, `apt-daily.timer` is responsible
60 for triggering the code that downloads the lastest package information on the system. The second job, `apt-daily-upgrade.timer` is
61 responsible for running unattended-upgrades to download the latest version of the packages. If one of these jobs is disabled,
62 unattended-upgrades might not work as expected.
63* *`unattended_upgrades_allowed_origins` is not empty*: This variable defines the origins that
64 unattended-upgrades can use to install a package. If that list is empty, no packages can be
65 installed and unattended-upgrades will not work as expected.
66* *`unattended_upgrades_frequency_days` is non-zero*: That variable shows the value of
67 APT::Periodic::Unattended-Upgrade. This configuration defines the daily frequency for running
68 unattended-upgrades in the background. Therefore, if it has a zero value, the command will never
69 run.
70
71
72If any of those conditions are not met, the variable
73*unattended_upgrades_disabled_reason* will contain an object explaining why unattended-upgrades is
74not running. For example, if `package_lists_refresh_frequency_days` has a zero value, we will see
75the following value for *unattended_upgrades_disabled_reason*:
76
77```json
78{
79 "msg": "APT::Periodic::Update-Package-Lists is turned off",
80 "code": "unattended-upgrades-cfg-value-turned-off"
81}
82```
diff --git a/docs/explanations/how_to_interpret_the_security_status_command.md b/docs/explanations/how_to_interpret_the_security_status_command.md
83deleted file mode 1006440deleted file mode 100644
index b0a56e9..0000000
--- a/docs/explanations/how_to_interpret_the_security_status_command.md
+++ /dev/null
@@ -1,323 +0,0 @@
1# What does `security-status` do?
2
3The `security-status` command provides an overview of all the packages
4installed on your machine, and the security coverage that applies to those
5packages.
6
7The output of the `security-status` command varies, depending on the configuration of the machine you run it on. In this article, we'll take a look at the different outputs of `security-status` and the situations in which you might see them.
8
9## Command output
10
11If you run the `pro security-status` command, the first blocks of information
12you see look like:
13
14```
152871 packages installed:
16 2337 packages from Ubuntu Main/Restricted repository
17 504 packages from Ubuntu Universe/Multiverse repository
18 8 packages from third parties
19 22 packages no longer available for download
20
21To get more information about the packages, run
22 pro security-status --help
23for a list of available options.
24```
25
26Those are counts for the `apt` packages installed in the system, sorted
27between the packages in main, universe, third party packages, and packages
28that are no longer available. You will also see a hint to run
29`pro security-status --help` to get more information.
30
31### `apt update` hint
32
33To get accurate package information, the `apt` caches must be up to date. If
34your cache was not updated recently, you may see a message in the output with
35a hint to update.
36
37```
38The system apt cache may be outdated. Make sure to run
39 sudo apt-get update
40to get the latest package information from apt.
41```
42
43### LTS coverage
44
45If `esm-infra` is disabled in your system, main/restricted packages will be
46covered during the LTS period - this information is presented right after the
47hints. A covered system will present this message:
48
49```
50This machine is receiving security patching for Ubuntu Main/Restricted
51repository until <year>.
52```
53
54On a system where the LTS period ended, you'll see:
55
56```
57This machine is NOT receiving security patches because the LTS period has ended
58and esm-infra is not enabled.
59```
60
61### Ubuntu Pro coverage
62
63An Ubuntu Pro subscription provides more security coverage than a standard LTS.
64The next blocks of information are related to Ubuntu Pro itself:
65
66```
67This machine is attached to an Ubuntu Pro subscription.
68
69Main/Restricted packages are receiving security updates from
70Ubuntu Pro with 'esm-infra' enabled until 2032.
71
72Universe/Multiverse packages are receiving security updates from
73Ubuntu Pro with 'esm-apps' enabled until 2032. You have received 21 security
74updates.
75```
76
77This system is already attached to Pro! It is a Jammy machine, which has
78installed some updates from `esm-apps`. Running the same command on a Xenial
79system without Pro enabled, the output looks like:
80
81```
82This machine is NOT attached to an Ubuntu Pro subscription.
83
84Ubuntu Pro with 'esm-infra' enabled provides security updates for
85Main/Restricted packages until 2026. There are 170 pending security updates.
86
87Ubuntu Pro with 'esm-apps' enabled provides security updates for
88Universe/Multiverse packages until 2026. There is 1 pending security update.
89
90Try Ubuntu Pro with a free personal subscription on up to 5 machines.
91Learn more at https://ubuntu.com/pro
92```
93
94There are lots of `esm-infra` updates for this machine, and even an `esm-apps`
95update. The hint in the end of the output has a link to the main Pro website,
96so the user can learn more about Pro and get their subscription.
97
98### Interim releases
99
100If you are running an interim release, the output is slightly different because
101there are no Ubuntu Pro services available. You will still see the package
102counts and support period though - your main/restricted packages are supported
103for 9 months from the release date.
104
105```
106613 packages installed:
107 601 packages from Ubuntu Main/Restricted repository
108 12 packages from Ubuntu Universe/Multiverse repository
109
110To get more information about the packages, run
111 pro security-status --help
112for a list of available options.
113
114Main/Restricted packages receive updates until 1/2024.
115
116Ubuntu Pro is not available for non-LTS releases.
117```
118
119### Optional flags for specific package sets
120
121Some flags can be passed to `security-status` to get information about coverage
122of specific package sets. As an example, let's look at the output of
123`pro security-status --esm-infra`:
124
125```
126442 packages installed:
127 441 packages from Ubuntu Main/Restricted repository
128
129Main/Restricted packages are receiving security updates from
130Ubuntu Pro with 'esm-infra' enabled until 2026. You have received 3 security
131updates. There are 160 pending security updates.
132
133Run 'pro help esm-infra' to learn more
134
135Installed packages with an available esm-infra update:
136( ... list of packages ... )
137
138Installed packages with an esm-infra update applied:
139( ... list of packages ... )
140
141Further installed packages covered by esm-infra:
142( ... list of packages ... )
143
144For example, run:
145 apt-cache show tcpdump
146to learn more about that package.
147```
148
149Besides the support information of main/restricted (which Ubuntu Pro with
150`esm-infra` extends) there are lists of:
151- packages which have some updated version available in esm-infra repositories
152- packages which have an installed version from the esm-infra repositories
153- packages which are covered by esm-infra
154
155You will see a similar output when running `pro security-status --esm-apps`,
156but with information regarding universe/multiverse packages.
157
158You can also get a list of the third-party packages installed in the system:
159
160```
161$ pro security-status --thirdparty
1622871 packages installed:
163 8 packages from third parties
164
165Packages from third parties are not provided by the official Ubuntu
166archive, for example packages from Personal Package Archives in Launchpad.
167
168Packages:
169( ... list of packages ... )
170
171For example, run:
172 apt-cache show <package_name>
173to learn more about that package.
174```
175
176And also a list of unavailable packages (which no longer have any installation
177source):
178
179```
180$ pro security-status --unavailable
1812871 packages installed:
182 22 packages no longer available for download
183
184Packages that are not available for download may be left over from a
185previous release of Ubuntu, may have been installed directly from a
186.deb file, or are from a source which has been disabled.
187
188Packages:
189( ... list of packages ... )
190
191
192For example, run:
193 apt-cache show <package_name>
194to learn more about that package.
195```
196
197## Machine-readable output
198
199If you run the `pro security-status --format yaml` command on your machine, you
200should expect to see an output that follows this structure:
201
202```
203_schema_version: '0.1'
204summary:
205 num_esm_apps_packages: 0
206 num_esm_apps_updates: 0
207 num_esm_infra_packages: 1
208 num_esm_infra_updates: 1
209 num_main_packages: 70
210 num_multiverse_packages: 10
211 num_restricted_packages: 10
212 num_third_party_packages: 0
213 num_universe_packages: 9
214 num_installed_packages: 100
215 num_standard_security_updates: 0
216 ua:
217 attached: true
218 enabled_services:
219 - esm-apps
220 - esm-infra
221 entitled_services:
222 - esm-apps
223 - esm-infra
224packages:
225- origin: esm.ubuntu.com
226 package: zlib1g
227 service_name: esm-infra
228 status: upgrade_available
229 version: 1:1.2.8.dfsg-2ubuntu4.3+esm1
230 download_size: 123456
231livepatch:
232 fixed_cves:
233 - Name: cve-2013-1798
234 Patched: true
235```
236
237Let's understand what each key means in the output of the
238`pro security-status --format yaml` command:
239
240### `summary`
241
242This provides a summary of the system related to Ubuntu Pro and the different
243package sources in the system:
244
245* **`num_installed_packages`**: The total number of installed packages on the
246 system.
247* **`num_esm_apps_packages`**: The number of packages installed from `esm-apps`.
248* **`num_esm_apps_updates`**: The number of `esm-apps` package updates available
249 to the system.
250* **`num_esm_infra_packages`**: The number of packages installed from
251 `esm-infra`.
252* **`num_esm_infra_updates`**: The number of `esm-infra` package updates
253 available to the system.
254* **`num_main_packages`**: The number of packages installed from the `main`
255 archive component.
256* **`num_multiverse_packages`**: The number of packages installed from the
257 `multiverse` archive component.
258* **`num_restricted_packages`**: The number of packages installed from the
259 `restricted` archive component.
260* **`num_third_party_packages`** : The number of packages installed from
261 `third party` sources.
262* **`num_universe_packages`**: The number of packages installed from the
263 `universe` archive component.
264* **`num_unknown_packages`**: The number of packages installed from sources not
265 known to `apt` (e.g., those installed locally through `dpkg` or packages
266 without a remote reference).
267* **`num_standard_security_updates`**: The number of standard security updates
268 available to the system.
269
270```{note}
271 It is worth mentioning here that the `_updates` fields are presenting the
272 number of **security** updates for **installed** packages. For example, let's
273 assume your machine has a universe package that has a security update from
274 `esm-infra`. The count will be displayed as:
275
276 ```
277 num_esm_infra_packages: 0
278 num_esm_infra_updates: 1
279 num_universe_packages: 1
280 ```
281
282 After upgrading the system, the count will turn to:
283
284 ```
285 num_esm_infra_packages: 1
286 num_esm_infra_updates: 0
287 num_universe_packages: 0
288 ```
289```
290
291* **`ua`**: An object representing the state of Ubuntu Pro on the system:
292 * **`attached`**: If the system is attached to an Ubuntu Pro subscription.
293 * **`enabled_services`**: A list of services that are enabled on the system.
294 If unattached, this will always be an empty list.
295 * **`entitled_services`**: A list of services that are entitled on your
296 Ubuntu Pro subscription. If unattached, this will always be an empty list.
297
298### `packages`
299
300This provides a list of security updates for packages installed on the system.
301Every entry on the list will follow this structure:
302
303* **`origin`**: The host where the update comes from.
304* **`package`**: The name of the package.
305* **`service_name`**: The service that provides the package update. It can be
306 one of: `esm-infra`, `esm-apps` or `standard-security`.
307* **`status`**: The status for this update. It will be one of:
308 * **"upgrade_available"**: The package can be upgraded right now.
309 * **"pending_attach"**: The package needs an Ubuntu Pro subscription attached
310 to be upgraded.
311 * **"pending_enable"**: The machine is attached to an Ubuntu Pro subscription,
312 but the service required to provide the upgrade is not enabled.
313 * **"upgrade_unavailable"**: The machine is attached, but the contract is not
314 entitled to the service which provides the upgrade.
315* **`version`**: The update version.
316* **`download_size`**: The number of bytes that would be downloaded in order to
317 install the update.
318
319### `livepatch`
320
321This displays Livepatch-related information. Currently, the only information
322presented is **`fixed_cves`**. This represents a list of CVEs that were fixed
323by Livepatches applied to the kernel.
diff --git a/docs/explanations/motd_messages.md b/docs/explanations/motd_messages.md
324deleted file mode 1006440deleted file mode 100644
index 6a8f22b..0000000
--- a/docs/explanations/motd_messages.md
+++ /dev/null
@@ -1,212 +0,0 @@
1# Ubuntu Pro-related MOTD messages
2
3When the Ubuntu Pro Client (`pro`) is installed on the system, it delivers
4custom messages on ["Message of the Day" (MOTD)](https://wiki.debian.org/motd).
5Those messages are generated directly by three different sources.
6
7* MOTD about available updates
8* MOTD about important subscription conditions
9* MOTD about ESM being available
10
11## MOTD about available updates
12
13The [update-notifier](https://wiki.ubuntu.com/UpdateNotifier) delivers a script
14via the `update-notifier-common` package called
15`/usr/lib/update-notifier/apt_check.py.
16With regards to Ubuntu Pro, this script is responsible for:
17
18* Informing the user about the status of one of the ESM services; `esm-apps` if
19 the machine is an LTS series, or `esm-infra` if the series is in ESM mode.
20* Showing the number of `esm-infra` or `esm-apps` packages that can be upgraded
21 on the machine.
22
23`update-notifier` has always added information about potential updates to
24MOTD to raise user awareness. With the advent of Ubuntu Pro they are
25just more differentiated.
26
27Note that if you run `apt_check.py` directly it might give you rather
28unreadable output as it is meant for program use. You can add `--human-readable`
29to see the information as it would be presented in MOTD.
30
31### Machine is unattached
32
33On a machine that runs an Ubuntu release for which the `esm-apps` service
34is available, but not yet attached to an Ubuntu Pro subscription, there will
35be a message notifying the user that there may be more security updates
36available through ESM Apps.
37
38```
39Expanded Security Maintenance for Applications is not enabled.
40
410 updates can be applied immediately.
42
43Enable ESM Apps to receive additional future security updates.
44See https://ubuntu.com/esm or run: sudo pro status
45```
46
47### Machine is fully attached
48
49In the opposite situation, if an LTS machine has the `esm-infra` and `esm-apps` services enabled then users will see the following output in MOTD:
50
51```
52Expanded Security Maintenance for Applications is enabled.
53
5411 updates can be applied immediately.
555 of these updates are ESM Apps security updates.
561 of these updates is a ESM Infra security update.
575 of these updates are standard security updates.
58To see these additional updates run: apt list --upgradable
59```
60
61### Machine is fully attached, on an older release
62
63Above you have seen examples of recent (as in "still in their first 5
64years of support") Ubuntu releases, where the hint is about ESM Apps
65extending the coverage to the universe repositories.
66
67However, if running on an Ubuntu release that has is already past the initial
685 years of support and has thereby entered Expanded Security Maintenance
69(["ESM"](https://ubuntu.com/security/esm)), we would instead see
70`esm-infra` (which provides coverage for another 5 years) being shown:
71
72```
73Expanded Security Maintenance Infrastructure is enabled.
74
7511 updates can be applied immediately.
765 of these updates are ESM Apps security updates.
771 of these updates is a ESM Infra security update.
785 of these updates are standard security updates.
79To see these additional updates run: apt list --upgradable
80```
81
82### Partial service enablement
83
84Now let's consider a scenario where one of these services is not enabled. For
85example, if `esm-apps` was disabled, the output will be:
86
87```
88Expanded Security Maintenance for Applications is not enabled.
89
906 updates can be applied immediately.
911 of these updates is a ESM Infra security update.
925 of these updates are standard security updates.
93To see these additional updates run: apt list --upgradable
94
955 additional security updates can be applied with ESM Apps
96Learn more about enabling ESM Apps for Ubuntu 16.04 at
97https://ubuntu.com/16-04
98```
99
100At the end of the output we can see the number of packages that *could* be
101upgraded if that service was enabled. Note that we would deliver the same
102information for `esm-infra` if the service was disabled and the series running
103on the machine is in ESM state.
104
105## MOTD about important subscription conditions
106
107One of the [timer jobs](https://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/explanations/what_are_the_timer_jobs.html)
108Ubuntu Pro uses can insert additional messages into MOTD.
109These messages will be always delivered next to the content created by
110`update-notifier`. These additional messages are generated when `pro`
111detects that certain conditions on the machine have been met. They are:
112
113### Subscription expired
114
115When the Ubuntu Pro subscription is expired, `pro` will deliver the following
116message after the `update-notifier` message:
117
118```
119*Your Ubuntu Pro subscription has EXPIRED*
1202 additional security update(s) require Ubuntu Pro with 'esm-infra' enabled.
121Renew your service at https://ubuntu.com/pro
122```
123
124### Subscription about to expire
125
126When the Ubuntu Pro subscription is about to expire, we deliver the following
127message after the `update-notifier` message:
128
129```
130CAUTION: Your Ubuntu Pro subscription will expire in 2 days.
131Renew your subscription at https://ubuntu.com/pro to ensure continued security
132coverage for your applications.
133```
134
135### Subscription expired but within grace period
136
137When the Ubuntu Pro subscription has expired, but is still within the grace
138period, we deliver the following message after the `update-notifier` script:
139
140```
141CAUTION: Your Ubuntu Pro subscription expired on 10 Sep 2021.
142Renew your subscription at https://ubuntu.com/pro to ensure continued security
143coverage for your applications.
144Your grace period will expire in 9 days.
145```
146
147## MOTD about ESM being available
148
149When Ubuntu Pro became generally available, a temporary announcement was made
150through MOTD. This was intended to raise awareness of Pro now being available
151and free for personal use, and was shown on systems that could be covered
152by `esm-apps`.
153It looked like:
154
155```
156 * Introducing Expanded Security Maintenance for Applications.
157 Receive updates to over 25,000 software packages with your
158 Ubuntu Pro subscription. Free for personal use.
159
160 https://ubuntu.com/pro
161```
162
163Since this message was intended as a limited-time announcement to coincide
164with the release of Ubuntu Pro into general availability, it was removed in
16527.14.
166
167## How are these messages inserted into MOTD and how can I disable them?
168
169Just as there are different purposes to the messages outlined above,
170there are different sources producing these MOTD elements that one
171sees at login.
172
173Those messages are considered important to ensure user awareness about
174the free additional security coverage provided by Ubuntu Pro and about
175not-yet-applied potential updates in general. Therefore it is generally not
176recommended to disable them. But still, you can selectively disable them
177by removing the config files that add them, as outlined below.
178
179Removing those files is considered a conffile change to customize a program
180and they will stay removed even on future upgrades or re-installations of the
181related packages.
182
183If you realize that you actually need them back you need
184to reinstall the related packages and tell apt/dpkg to offer you to restore
185those files via:
186
187```
188sudo apt install --reinstall -o Dpkg::Options::="--force-confask" ubuntu-advantage-tools update-notifier-common
189```
190
191## Source: MOTD about available updates
192
1931. `update-notifier-common` has a hook `/etc/apt/apt.conf.d/99update-notifier` that runs after `apt update`.
1942. That hook will update the information in `/var/lib/update-notifier/updates-available` matching the new package information that was just fetched by using `/usr/lib/update-notifier/apt-check --human-readable`.
1953. At MOTD generation time, the script located at `/etc/update-motd.d/90-updates-available` checks if `/var/lib/update-notifier/updates-available` exists and if it does, inserts the message into the full MOTD.
196
197If you want to disable any message of update-notifier (not just related to Ubuntu Pro and ESM) about potentially available updates remove `/etc/update-motd.d/90-updates-available`.
198
199## Source: MOTD about important subscription conditions
200
2011. The subscription status is checked periodically in the background when the machine is attached to an Ubuntu Pro subscription.
2022. If one of the above conditions applies to the subscription that the machine is attached to (there are no messages generated by this for unattached machines), then the message is stored in `/var/lib/ubuntu-advantage/messages/motd-contract-status`.
2033. At MOTD generation time, the script located at `/etc/update-motd.d/91-contract-ua-esm-status` checks if `/var/lib/ubuntu-advantage/messages/motd-contract-status` exists and if it does, inserts the message into the full MOTD.
204
205If you want to disable any message about important conditions of your attached subscription remove `/etc/update-motd.d/91-contract-ua-esm-status`.
206
207## Source: MOTD about ESM being available
208
2091. `pro` checks regularly if a system would have `esm-apps` available to it and if so places a message in `/var/lib/ubuntu-advantage/messages/motd-esm-announce`.
2102. At MOTD generation time, the script located at `/etc/update-motd.d/88-esm-announce` checks if `/var/lib/ubuntu-advantage/messages/motd-esm-announce` exists and if it does, inserts the message into the full MOTD.
211
212If you want to disable the ESM announcement remove `/etc/update-motd.d/88-esm-announce` (or upgrade to 27.14 or later which will remove it for you).
diff --git a/docs/explanations/status_columns.md b/docs/explanations/status_columns.md
213deleted file mode 1006440deleted file mode 100644
index 6e79449..0000000
--- a/docs/explanations/status_columns.md
+++ /dev/null
@@ -1,205 +0,0 @@
1# The `pro status` output explained
2
3When running `pro status` we can observe two different types of outputs, which
4depend on whether the Ubuntu Pro subscription is attached or unattached.
5
6## Pro subscription unattached
7When unattached, users will see the following status table containing only
8three columns:
9
10```
11SERVICE AVAILABLE DESCRIPTION
12cc-eal no Common Criteria EAL2 Provisioning Packages
13cis no Security compliance and audit tools
14esm-infra yes Expanded Security Maintenance for Infrastructure
15fips no NIST-certified core packages
16fips-updates no NIST-certified core packages with priority security updates
17livepatch yes Canonical Livepatch service
18```
19
20Where:
21
22* **SERVICE**: Is the name of service being offered
23* **AVAILABLE**: Shows if that service is available on that machine. To verify
24 if a service is available, we check the machine kernel version, architecture,
25 Ubuntu release being used and the machine type (i.e lxd for LXD containers)
26* **DESCRIPTION**: A short description of the service.
27
28## With Pro subscription attached
29
30However, if we run the same command when attached, we have an output with 4
31columns:
32
33```
34SERVICE ENTITLED STATUS DESCRIPTION
35cis yes disabled Center for Internet Security Audit Tools
36esm-infra yes enabled Expanded Security Maintenance for Infrastructure
37fips yes n/a NIST-certified core packages
38fips-updates yes n/a NIST-certified core packages with priority security updates
39livepatch yes n/a Canonical Livepatch service
40```
41
42You may notice that the column **AVAILABLE** is no longer shown, and instead we
43see the following new columns:
44
45* **ENTITLED**: Shows if the user subscription allows that service to be
46 enabled.
47* **STATUS**: Reports the state of that service on the machine.
48
49It is possible that a service could appear as "available" when the Pro status is
50unattached, but then shows as "not entitled" if the subscription is later
51attached. This happens because even if the service is available, if your Ubuntu
52Pro subscription doesn't allow you access to a service, `pro` cannot enable it.
53
54The **STATUS** column allows for three possible states:
55
56* **enabled**: The service is enabled on the machine.
57* **disabled**: The service is not currently running.
58* **n/a**: This means "not applicable". This will show if the service cannot be
59 enabled on the machine due to a non-contract restriction. For example, we
60 cannot enable `livepatch` on a container.
61
62## Notices
63
64"Notices" are information regarding the Ubuntu Pro status which either require
65some kind of action from the user, or may impact the experience with Ubuntu Pro.
66
67For example, let's say FIPS was just enabled, but the system wasn't rebooted
68yet (which is required for booting into the FIPS Kernel). The output of
69`pro status` in this case will contain:
70
71```
72NOTICES
73FIPS support requires system reboot to complete configuration.
74```
75
76After the system is rebooted, the notice will go away.
77
78Notices can always be resolved, and the instructions on how to resolve it will
79be explicitly stated in the notice itself.
80
81## Features
82
83"Features" are extra configuration values that can be set and unset in
84`uaclient.conf`. Most of these are meant for development/testing purposes, but
85some can be used in application flows. For example, to always have beta services
86with the same flow as the non-beta (for `enable`, `status`, etc.),
87`uaclient.conf` may have:
88
89```
90features:
91 allow_beta: true
92```
93
94In this case, the output of `pro status` will contain:
95
96```
97FEATURES
98allow_beta: True
99```
100
101It's important to keep in mind that any feature defined like this will be
102listed, even if it is invalid or typed the wrong way. Those appear in `status`
103output for informational and debugging purposes.
104
105## Machine-readable output
106
107The `pro status` command supports a `--format` flag with options including `json` and `yaml`. These result in a machine-readable form of the information presented by the `pro status` command.
108
109```{note}
110`pro status` should return the same results whether using `sudo` or not, but earlier versions did not always do this. We recommend using `sudo` whenever possible.
111```
112
113For example, running `sudo pro status --format=json` on an attached machine may give you something like this:
114```javascript
115{
116 "_doc": "Content provided in json response is currently considered Experimental and may change",
117 "_schema_version": "0.1",
118 "account": {
119 "created_at": "2000-01-02T03:04:05+06:00",
120 "id": "account_id",
121 "name": "Test"
122 },
123 "attached": true,
124 "config": { ...effectiveConfiguration },
125 "config_path": "/etc/ubuntu-advantage/uaclient.conf",
126 "contract": {
127 "created_at": "2000-01-02T03:04:05+06:00",
128 "id": "contract_id",
129 "name": "contract_name",
130 "products": [ "uaa-essential" ],
131 "tech_support_level": "essential"
132 },
133 "effective": null,
134 "environment_vars": [...proClientEnvironmentVariables],
135 "errors": [],
136 "execution_details": "No Ubuntu Pro operations are running",
137 "execution_status": "inactive",
138 "expires": "9999-12-31T00:00:00+00:00",
139 "features": {},
140 "machine_id": "machine_id",
141 "notices": [],
142 "result": "success",
143 "services": [
144 {
145 "available": "yes",
146 "blocked_by": [],
147 "description": "Expanded Security Maintenance for Applications",
148 "description_override": null,
149 "entitled": "yes",
150 "name": "esm-apps",
151 "status": "enabled",
152 "status_details": "Ubuntu Pro: ESM Apps is active",
153 "warning": null
154 },
155 {
156 "available": "yes",
157 "blocked_by": [],
158 "description": "Expanded Security Maintenance for Infrastructure",
159 "description_override": null,
160 "entitled": "yes",
161 "name": "esm-infra",
162 "status": "enabled",
163 "status_details": "Ubuntu Pro: ESM Infra is active",
164 "warning": null
165 },
166 {
167 "available": "yes",
168 "blocked_by": [],
169 "description": "Canonical Livepatch service",
170 "description_override": null,
171 "entitled": "yes",
172 "name": "livepatch",
173 "status": "enabled",
174 "status_details": "",
175 "warning": null
176 },
177 ...otherServiceStatusObjects
178 ],
179 "simulated": false,
180 "version": "27.13.6~18.04.1",
181 "warnings": []
182}
183```
184
185Some particularly important attributes in the output include:
186* `attached`: This boolean value indicates whether this machine is attached to an Ubuntu Pro account. This does not tell you if any particular service (e.g. `esm-infra`) is enabled. You must check the individual service item in the `services` list for that status (described below).
187* `expires`: This is the date that the Ubuntu Pro subscription is valid until (in RFC3339 format). After this date has passed the machine should be treated as if not attached and no services are enabled. `attached` may still say `true` and services may still say they are `entitled` and `enabled`, but if the `expires` date has passed, you should assume the services are not functioning.
188* `services`: This is a list of Ubuntu Pro services. Each item has its own attributes. Widely applicable services include those with `name` equal to `esm-infra`, `esm-apps`, and `livepatch`. Some important fields in each service object are:
189 * `name`: The name of the service.
190 * `entitled`: A boolean indicating whether the attached Ubuntu Pro account is allowed to enable this service.
191 * `status`: A string indicating the service's current status on the machine. Any value other than `enabled` should be treated as if the service is not enabled and not working properly on the machine. Possible values are:
192 * `enabled`: The service is enabled and working.
193 * `disabled`: The service can be enabled but is not currently.
194 * `n/a`: The service cannot be enabled on this machine.
195 * `warning`: The service is supposed to be enabled but something is wrong. Check the `warning` field in the service item for additional information.
196
197For example, if you want to programatically find the status of esm-infra on a particular machine, you can use the following command:
198```shell
199sudo pro status --format=json | jq '.services[] | select(.name == "esm-infra").status'
200```
201That command will print one of the `status` values defined above.
202
203```{attention}
204In an future version of Ubuntu Pro Client, there will be an [API](../references/api.md) function to access this information. For now, though, `pro status --format=json` is the recommended machine-readable interface to this data.
205```
diff --git a/docs/explanations/what_are_the_timer_jobs.md b/docs/explanations/what_are_the_timer_jobs.md
206deleted file mode 1006440deleted file mode 100644
index fa84b36..0000000
--- a/docs/explanations/what_are_the_timer_jobs.md
+++ /dev/null
@@ -1,26 +0,0 @@
1# Timer jobs explained
2
3Ubuntu Pro Client (`pro`) sets up a `systemd` timer to run jobs that need to be
4carried out periodically. Every time the timer runs, it decides which jobs need
5to be performed based on their intervals. When a job runs successfully, its next
6run is determined by the interval defined for that job.
7
8## Current jobs
9
10The jobs that `pro` runs periodically are `metering` and `update_messaging`.
11
12### The `update_messaging` job
13
14`update_messaging` updates the MOTD and APT messages every 6 hours. It ensures
15that the MOTD and APT messages displayed on the system match those that are
16available/enabled. It finds updated information about available packages or
17security updates and shows these to the user.
18
19### The `metering` job
20
21`metering` pings the Canonical servers for contract metering every 4 hours. It
22informs Canonical which services are enabled on the machine.
23
24```{note}
25The `metering` job only runs when attached to an Ubuntu Pro subscription.
26```
diff --git a/docs/explanations/what_are_ubuntu_pro_cloud_instances.md b/docs/explanations/what_are_ubuntu_pro_cloud_instances.md
27deleted file mode 1006440deleted file mode 100644
index 4e84d7e..0000000
--- a/docs/explanations/what_are_ubuntu_pro_cloud_instances.md
+++ /dev/null
@@ -1,28 +0,0 @@
1# About Public Cloud Ubuntu Pro images
2
3Ubuntu Pro images are published to [AWS](https://ubuntu.com/aws/pro),
4[Azure](https://ubuntu.com/azure/pro) and [GCP](https://ubuntu.com/gcp/pro).
5All of these come with Ubuntu Pro support and services built in.
6
7On first boot, Ubuntu Pro images will automatically attach to an Ubuntu Pro
8support contract and enable all necessary Ubuntu Pro services so that no extra
9setup is required to ensure a secure and supported Ubuntu machine.
10
11There are two primary flavors of Ubuntu Pro images in clouds: *Ubuntu Pro*, and
12*Ubuntu Pro FIPS*.
13
14## Ubuntu Pro
15
16These Ubuntu LTS images are provided already attached to Ubuntu Pro support,
17with kernel Livepatch and ESM security access enabled. Ubuntu Pro images are
18entitled to enable any additional Ubuntu Pro services (like
19[`fips`](../howtoguides/enable_fips.md) or
20[`usg`](../howtoguides/enable_cis.md)).
21
22## Ubuntu Pro FIPS
23
24These specialized Ubuntu Pro images for 16.04, 18.04 and 20.04 come pre-enabled
25with the cloud-optimized FIPS-certified kernel, as well as all additional SSL
26and security hardening enabled. These images are available as
27[AWS Ubuntu Pro FIPS](https://ubuntu.com/aws/fips),
28[Azure Ubuntu Pro FIPS](https://ubuntu.com/azure/fips) and GCP Ubuntu Pro FIPS.
diff --git a/docs/explanations/what_is_the_daemon.md b/docs/explanations/what_is_the_daemon.md
29deleted file mode 1006440deleted file mode 100644
index 0ad510f..0000000
--- a/docs/explanations/what_is_the_daemon.md
+++ /dev/null
@@ -1,14 +0,0 @@
1# What is the Pro upgrade daemon?
2
3Ubuntu Pro Client sets up a daemon on supported platforms (currently GCP
4only) to detect if an Ubuntu Pro license has been purchased for the machine.
5If a Pro license is detected, then the machine is automatically attached.
6
7If you are not interested in Ubuntu Pro services and don't want your machine to
8be automatically attached to your subscription, you can safely stop and disable
9the daemon using `systemctl`:
10
11```
12sudo systemctl stop ubuntu-advantage.service
13sudo systemctl disable ubuntu-advantage.service
14```
diff --git a/docs/explanations/what_is_the_ubuntu_advantage_pro_package.md b/docs/explanations/what_is_the_ubuntu_advantage_pro_package.md
15deleted file mode 1006440deleted file mode 100644
index 337e97c..0000000
--- a/docs/explanations/what_is_the_ubuntu_advantage_pro_package.md
+++ /dev/null
@@ -1,8 +0,0 @@
1# What is the `ubuntu-advantage-pro` package?
2
3The `ubuntu-advantage-pro` package is used by
4[Public Cloud Ubuntu Pro](what_are_ubuntu_pro_cloud_instances.md) machines to
5automate the process of attaching a machine on boot.
6
7Therefore, the only thing that `ubuntu-advantage-pro` does is ship a `systemd`
8unit that runs an auto-attach command on first boot.
diff --git a/docs/explanations/what_refresh_does.md b/docs/explanations/what_refresh_does.md
9deleted file mode 1006440deleted file mode 100644
index 5312962..0000000
--- a/docs/explanations/what_refresh_does.md
+++ /dev/null
@@ -1,25 +0,0 @@
1# What `pro refresh` does
2
3When you run the `pro refresh` command on your machine, three distinct stages
4are performed.
5
6## Contract
7
8The contract information on the machine is refreshed. If we find any deltas
9between the old contract and the new one, we process that delta and apply the
10changes to the machine.
11
12If you need *only* this stage during refresh, run `pro refresh contract`.
13
14## Configuration
15
16If there is any config change made to `/etc/ubuntu-advantage/uaclient.conf`,
17those changes will now be applied to the machine.
18
19If you need *only* this stage during refresh, run `pro refresh config`.
20
21## MOTD and APT messages
22
23Processes new MOTD and APT messages, and refreshes the machine to use them.
24
25If you need *only* this stage during refresh, run `pro refresh messages`.
diff --git a/docs/explanations/why_trusty_is_no_longer_supported.md b/docs/explanations/why_trusty_is_no_longer_supported.md
26deleted file mode 1006440deleted file mode 100644
index 3d37ee6..0000000
--- a/docs/explanations/why_trusty_is_no_longer_supported.md
+++ /dev/null
@@ -1,10 +0,0 @@
1# Why is 14.04 (Trusty) no longer supported?
2
3On 14.04 (Trusty), the Ubuntu Pro Client package is not receiving upstream
4updates beyond version 19.6, plus any critical CVE maintenance related to this
5version.
6
7Version 19.6 already has full-featured support of the applicable Ubuntu Pro
8service offerings `esm-infra` and `livepatch`. In the event that a CVE is
9discovered that affects the Ubuntu Pro Client version on Trusty, a fix and
10backport will be provided for those specific issues.
diff --git a/docs/googleaf254801a5285c31.html b/docs/googleaf254801a5285c31.html
11deleted file mode 1006440deleted file mode 100644
index b603071..0000000
--- a/docs/googleaf254801a5285c31.html
+++ /dev/null
@@ -1 +0,0 @@
1google-site-verification: googleaf254801a5285c31.html
2\ No newline at end of file0\ No newline at end of file
diff --git a/docs/howtoguides.rst b/docs/howtoguides.rst
3deleted file mode 1006441deleted file mode 100644
index 5b93de6..0000000
--- a/docs/howtoguides.rst
+++ /dev/null
@@ -1,102 +0,0 @@
1Ubuntu Pro Client how-to guides
2*******************************
3
4If you have a specific goal and are already familiar with the Ubuntu Pro Client
5(``pro``), our how-to guides have more in-depth detail than our tutorials and
6can be applied to a wider range of situations.
7
8They will help you to achieve a particular end result, but may require you to
9understand and adapt the steps to fit your specific requirements.
10
11How to use ``pro`` commands
12===========================
13
14``attach``
15----------
16
17.. toctree::
18 :maxdepth: 1
19
20 Get an Ubuntu Pro token and attach to a subscription <howtoguides/get_token_and_attach.md>
21 Attach with a configuration file <howtoguides/how_to_attach_with_config_file.md>
22
23``collect-logs``
24----------------
25
26.. toctree::
27 :maxdepth: 1
28
29 Collect data logs for bug reporting <howtoguides/how_to_collect_logs.md>
30
31``config``
32----------
33
34.. toctree::
35 :maxdepth: 1
36
37 Disable or re-enable APT News <howtoguides/disable_enable_apt_news.md>
38 Configure a proxy <howtoguides/configure_proxies.md>
39 Configure a timer job <howtoguides/configuring_timer_jobs.md>
40
41``enable``
42----------
43
44.. toctree::
45 :maxdepth: 1
46
47 Enable Pro Services in a Dockerfile <howtoguides/enable_in_dockerfile.md>
48 Enable CC EAL <howtoguides/enable_cc.md>
49 Enable CIS <howtoguides/enable_cis.md>
50 Enable Expanded Security Maintenance for Infrastructure <howtoguides/enable_esm_infra.md>
51 Enable FIPS <howtoguides/enable_fips.md>
52 Enable Livepatch <howtoguides/enable_livepatch.md>
53 Enable Real-Time Kernel <howtoguides/enable_realtime_kernel.md>
54
55``fix``
56-------
57
58.. toctree::
59 :maxdepth: 1
60
61 Run `fix` in "dry run" mode <howtoguides/how_to_run_fix_in_dry_run_mode.md>
62 Skip fixing related USNs <howtoguides/how_to_not_fix_related_usns.md>
63
64``refresh``
65-----------
66
67.. toctree::
68 :maxdepth: 1
69
70 Update MOTD and APT messages <howtoguides/update_motd_messages.md>
71
72``status``
73----------
74
75.. toctree::
76 :maxdepth: 1
77
78 Simulate the `attach` operation <howtoguides/how_to_simulate_attach.md>
79
80``version``
81-----------
82
83.. toctree::
84 :maxdepth: 1
85
86 Check Ubuntu Pro Client version <howtoguides/check_pro_version>
87
88``lock``
89-----------
90
91.. toctree::
92 :maxdepth: 1
93
94 Get rid of corrupted locks <howtoguides/get_rid_of_corrupt_lock.md>
95
96Create a ``pro`` Golden Image
97=============================
98
99.. toctree::
100 :maxdepth: 1
101
102 Create a customised Cloud Ubuntu Pro image <howtoguides/create_pro_golden_image.md>
diff --git a/docs/howtoguides/check_pro_version.md b/docs/howtoguides/check_pro_version.md
103deleted file mode 1006440deleted file mode 100644
index faeaf6b..0000000
--- a/docs/howtoguides/check_pro_version.md
+++ /dev/null
@@ -1,14 +0,0 @@
1# How to check your Ubuntu Pro Client version
2
3There are two ways to check the current version of the Ubuntu Pro Client you
4are running. You can use the command:
5
6```bash
7pro version
8```
9
10Or the alternative:
11
12```bash
13pro --version
14```
diff --git a/docs/howtoguides/configure_proxies.md b/docs/howtoguides/configure_proxies.md
15deleted file mode 1006440deleted file mode 100644
index 4fa5081..0000000
--- a/docs/howtoguides/configure_proxies.md
+++ /dev/null
@@ -1,120 +0,0 @@
1# How to configure a proxy
2
3The Ubuntu Pro Client can be configured to use an HTTP/HTTPS proxy as needed
4for network requests. It will also honor the `no_proxy` environment variable
5(if set) to avoid using local proxies for certain outbound traffic. In
6addition, the Ubuntu Pro Client will automatically set up proxies for all
7programs required for enabling Ubuntu Pro services. This includes APT, Snaps,
8and Livepatch.
9
10## HTTP/HTTPS proxies
11
12To configure standard HTTP and/or HTTPS proxies, run the following commands:
13
14```console
15$ sudo pro config set http_proxy=http://host:port
16$ sudo pro config set https_proxy=https://host:port
17```
18
19After running the above commands, Ubuntu Pro Client will:
20
211. Verify that the proxy is working by using it to reach `api.snapcraft.io`
222. Configure itself to use the given proxy for all future network requests
233. Configure `snapd` (if `snapd` is installed) to use the given proxy
244. Configure Livepatch (if Livepatch has already been enabled) to use the given
25 proxy
26 1. If Livepatch is enabled after the `config` command, Ubuntu Pro Client
27 will configure Livepatch to use the given proxy at that time.
28
29To remove HTTP/HTTPS proxy configuration, run the following:
30
31```console
32$ sudo pro config unset http_proxy
33$ sudo pro config unset https_proxy
34```
35
36After running the above commands, Ubuntu Pro Client will also remove proxy
37configuration from `snapd` (if installed) and Livepatch (if enabled).
38
39## APT proxies
40
41APT proxy settings are configured separately. To have Ubuntu Pro Client manage
42your global APT proxy configuration, run the following commands:
43
44```console
45$ sudo pro config set global_apt_http_proxy=http://host:port
46$ sudo pro config set global_apt_https_proxy=https://host:port
47```
48
49After running the above commands, Ubuntu Pro Client will:
50
511. Verify that the proxy works by using it to reach `archive.ubuntu.com` or
52 `esm.ubuntu.com`.
532. Configure APT to use the given proxy by writing an apt configuration file to
54 `/etc/apt/apt.conf.d/90ubuntu-advantage-aptproxy`.
55
56```{caution}
57Any configuration file that comes later in the `apt.conf.d`
58directory could override the proxy configured by the Ubuntu Pro Client.
59```
60
61To remove the APT proxy configuration, run the following:
62
63```
64$ sudo pro config unset global_apt_http_proxy
65$ sudo pro config unset global_apt_https_proxy
66```
67
68```{attention}
69Starting in version 27.9, APT proxy config options changed.
70The old settings: `apt_http_proxy` and `apt_https_proxy` will still work and
71will be treated the same as `global_apt_http_proxy` and
72`global_apt_https_proxy`, respectively.
73```
74
75### Pro-service-only APT proxies
76
77To set an APT proxy that will only be used for Ubuntu Pro services, use the
78following commands instead:
79
80```console
81$ sudo pro config set ua_apt_http_proxy=http://host:port
82$ sudo pro config set ua_apt_https_proxy=https://host:port
83```
84
85## Authenticate your proxy server
86
87If your proxy server requires authentication, you can pass the credentials
88directly in the URL when setting the configuration, as in:
89
90```
91$ sudo pro config set https_proxy=https://username:password@host:port
92```
93
94## Check the configuration
95
96To see which proxies Ubuntu Pro Client is currently configured to use, you can
97use the `show` command.
98
99```console
100$ sudo pro config show
101```
102
103The above will output something that looks like the following if there are
104proxies set:
105
106```
107http_proxy http://proxy
108https_proxy https://proxy
109global_apt_http_proxy http://aptproxy
110global_apt_https_proxy https://aptproxy
111```
112
113Or it may look like this if there aren’t any proxies set:
114
115```
116http_proxy None
117https_proxy None
118global_apt_http_proxy None
119global_apt_https_proxy None
120```
diff --git a/docs/howtoguides/configuring_timer_jobs.md b/docs/howtoguides/configuring_timer_jobs.md
121deleted file mode 1006440deleted file mode 100644
index 05059df..0000000
--- a/docs/howtoguides/configuring_timer_jobs.md
+++ /dev/null
@@ -1,39 +0,0 @@
1# How to configure a timer job
2
3All timer jobs can be configured through the `pro config set` command.
4We will show how you can properly use this command to interact with timer jobs.
5
6## Check a timer job's configuration
7
8To see each job’s running interval, use the `show` command:
9
10```console
11$ sudo pro config show
12```
13
14You should see output which includes the timer jobs:
15
16```
17update_messaging_timer 21600
18metering_timer 14400
19```
20
21## Change a timer job interval
22
23Each job has a configuration option of the form `<job_name>_timer`,
24which can be set with `pro config`. The expected value is a positive
25integer for the number of seconds in the interval. For example, to
26change the `update_messaging job` timer interval to run every 24 hours, run:
27
28```console
29$ sudo pro config set update_messaging_timer=86400
30```
31
32## Disable a timer job
33
34To disable a job, set its interval to zero. For instance, to disable
35the `update_messaging` job, run:
36
37```console
38$ sudo pro config set update_messaging_timer=0
39```
diff --git a/docs/howtoguides/create_pro_golden_image.md b/docs/howtoguides/create_pro_golden_image.md
40deleted file mode 1006440deleted file mode 100644
index 99e4265..0000000
--- a/docs/howtoguides/create_pro_golden_image.md
+++ /dev/null
@@ -1,14 +0,0 @@
1# How to create a customised Cloud Ubuntu Pro image
2
3* Launch an Ubuntu Pro instance on your cloud of choice
4* Customize the instance as you see fit
5* Run the command: `sudo rm /etc/machine-id`
6* Use your cloud platform to clone or snapshot this VM as a golden image
7
8```{tip}
9Prior to version 27.11 - when launching instances based on this instance,
10you will need to re-enable any non-standard Ubuntu Pro services that you
11enabled on the image. This will be faster on the new instance because it was
12already enabled on the image. You will not need to reboot for e.g. `fips` or
13`fips-updates`.
14```
diff --git a/docs/howtoguides/disable_enable_apt_news.md b/docs/howtoguides/disable_enable_apt_news.md
15deleted file mode 1006440deleted file mode 100644
index c9ffd59..0000000
--- a/docs/howtoguides/disable_enable_apt_news.md
+++ /dev/null
@@ -1,45 +0,0 @@
1# How to disable or re-enable APT News
2
3APT News is a feature that allows for timely package-related news to be displayed during an `apt upgrade`. It is distinct from [Ubuntu Pro 'available update' messages](../explanations/apt_messages.md) that are also displayed during an `apt upgrade`. APT News messages are fetched from [https://motd.ubuntu.com/aptnews.json](https://motd.ubuntu.com/aptnews.json) at most once per day.
4
5By default, APT News is turned on. In this How-to-guide, we show how to turn off and on the APT News feature for a particular machine.
6
7## Step 1: Check the current configuration of APT News
8
9```
10pro config show apt_news
11```
12
13The default value is `True`, so if you haven't yet modified this setting, you will see:
14```
15apt_news True
16```
17
18## Step 2: Disable APT News
19
20```
21pro config set apt_news=false
22```
23
24This should also clear any current APT News you may be seeing on your system during `apt upgrade`.
25
26You can double-check that the setting was successful by running the following again:
27
28```
29pro config show apt_news
30```
31
32You should now see:
33```
34apt_news False
35```
36
37## Step 3: (Optional) Re-enable APT News
38
39If you change your mind and want APT News to start appearing again in `apt upgrade`, run the following:
40
41```
42pro config set apt_news=true
43```
44
45And verify the setting worked with `pro config show apt_news`.
diff --git a/docs/howtoguides/enable_cc.md b/docs/howtoguides/enable_cc.md
46deleted file mode 1006440deleted file mode 100644
index 45e9435..0000000
--- a/docs/howtoguides/enable_cc.md
+++ /dev/null
@@ -1,56 +0,0 @@
1# How to enable CC EAL
2
3```{note}
4CC EAL can be enabled on both Xenial and Bionic, but the installed scripts
5that configure CC EAL on those machines will only run on Xenial 16.04.4 and
6Bionic 18.04.4 point releases.
7
8Common Criteria is supported only on 16.04 and 18.04. For more information,
9please see https://ubuntu.com/security/cc
10```
11
12## Enable and auto-install
13
14To enable CC EAL using the Ubuntu Pro Client, please run:
15
16```console
17$ sudo pro enable cc-eal
18```
19
20You should see output like the following, indicating that the CC EAL package
21has been installed.
22
23```
24(This will download more than 500MB of packages, so may take some time.)
25Installing CC EAL2 packages
26CC EAL2 enabled
27Please follow instructions in /usr/share/doc/ubuntu-commoncriteria/README to configure EAL2
28```
29
30## Enable and manually install
31
32```{important}
33The --access-only flag is introduced in version 27.11
34```
35
36If you would like to enable access to the CC EAL apt repository but not install
37the packages right away, use the `--access-only` flag while enabling.
38
39```console
40$ sudo pro enable cc-eal --access-only
41```
42
43With that extra flag you'll see output like the following:
44
45```
46One moment, checking your subscription first
47Updating package lists
48Skipping installing packages: ubuntu-commoncriteria
49CC EAL2 access enabled
50```
51
52To install the packages you can then run:
53
54```console
55$ sudo apt install ubuntu-commoncriteria
56```
diff --git a/docs/howtoguides/enable_cis.md b/docs/howtoguides/enable_cis.md
57deleted file mode 1006440deleted file mode 100644
index 380075b..0000000
--- a/docs/howtoguides/enable_cis.md
+++ /dev/null
@@ -1,27 +0,0 @@
1# How to enable CIS
2
3```{note}
4On Focal (and later releases), CIS was
5[replaced by USG](https://ubuntu.com/security/certifications/docs/usg),
6therefore, just change `cis` to `usg` when running the enable command on those
7releases.
8```
9
10To access the CIS tooling, first enable the software repository as follows:
11
12```console
13$ sudo pro enable cis
14```
15
16You should see output like the following, indicating that the CIS package has
17been installed:
18
19```
20Installing CIS Audit packages
21CIS Audit enabled
22Visit https://security-certs.docs.ubuntu.com/en/cis to learn how to use CIS
23```
24
25Once the feature is enabled please
26[follow the documentation](https://ubuntu.com/security/certifications/docs/cis)
27for the CIS tooling, to run the provided hardening audit scripts.
diff --git a/docs/howtoguides/enable_esm_infra.md b/docs/howtoguides/enable_esm_infra.md
28deleted file mode 1006440deleted file mode 100644
index efdaf55..0000000
--- a/docs/howtoguides/enable_esm_infra.md
+++ /dev/null
@@ -1,32 +0,0 @@
1# How to enable Expanded Security Maintenance for Infrastructure (`esm-infra`)
2
3For Ubuntu LTS releases, `esm-infra` will be automatically enabled after
4attaching the Ubuntu Pro Client to your account. After `ubuntu-advantage-tools`
5is installed and your machine is attached, `esm-infra` should be enabled. If
6`esm-infra` is not enabled, you can enable it with the following command:
7
8```console
9$ sudo pro enable esm-infra
10```
11
12With the `esm-infra` repository enabled, especially on Ubuntu 14.04 and 16.04,
13you may see a number of additional package updates available that were not
14available previously.
15
16Even if your system had indicated that it was up to date before installing the
17`ubuntu-advantage-tools` and attaching, make sure to check for new package
18updates after `esm-infra` is enabled using `apt upgrade`. If you have cron jobs
19set to install updates, or other unattended upgrades configured, be aware that
20this will likely result in a number of package updates with the `esm-infra`
21content.
22
23Running `apt upgrade` will now apply all available package updates, including
24the ones in `esm-infra`.
25
26```console
27$ sudo apt upgrade
28```
29
30```{seealso}
31For more information, see https://ubuntu.com/security/esm
32```
diff --git a/docs/howtoguides/enable_fips.md b/docs/howtoguides/enable_fips.md
33deleted file mode 1006440deleted file mode 100644
index 4fe8b8a..0000000
--- a/docs/howtoguides/enable_fips.md
+++ /dev/null
@@ -1,40 +0,0 @@
1# How to enable FIPS
2
3```{important}
4[FIPS is supported on 16.04, 18.04 and 20.04 releases](https://ubuntu.com/security/certifications/docs/fips).
5```
6
7To use FIPS, one can either launch existing Ubuntu premium support images which
8already have FIPS kernel and security pre-enabled on first boot at
9[AWS Ubuntu Pro FIPS images](https://ubuntu.com/aws/fips),
10[Azure Pro FIPS images](https://ubuntu.com/azure/fips) and GCP Pro FIPS Images.
11
12Alternatively, you can enable FIPS using the Ubuntu Pro Client, which will
13install a FIPS-certified kernel and core security-related packages such as
14`openssh-server/client` and `libssl`.
15
16```{danger}
17Disabling FIPS is not currently supported: only use it on machines intended
18expressly for this purpose.
19```
20
21```{danger}
22Enabling FIPS should be performed during a system maintenance window because
23this operation makes changes to underlying SSL-related libraries and requires a
24reboot into the FIPS-certified kernel.
25```
26
27To enable FIPS, run:
28
29```console
30$ sudo pro enable fips
31```
32
33You should see output like the following, indicating that the FIPS packages has
34been installed:
35
36```
37Installing FIPS packages
38FIPS enabled
39A reboot is required to complete install.
40```
diff --git a/docs/howtoguides/enable_in_dockerfile.md b/docs/howtoguides/enable_in_dockerfile.md
41deleted file mode 1006440deleted file mode 100644
index 5501a92..0000000
--- a/docs/howtoguides/enable_in_dockerfile.md
+++ /dev/null
@@ -1,156 +0,0 @@
1# How to enable Ubuntu Pro Services in a Dockerfile
2
3```{important}
4This requires at least Ubuntu Pro Client version 27.7
5```
6
7Ubuntu Pro comes with several services, some of which can be useful in Docker.
8For example, Expanded Security Maintenance (ESM) of packages and FIPS-certified
9packages may be desirable in a Docker image. In this how-to guide, we show how
10you can use the `pro` tool to take advantage of these services in your
11Dockerfile.
12
13## Create an Ubuntu Pro Attach Config file
14
15```{attention}
16The Ubuntu Pro Attach Config file will contain your Ubuntu Pro Contract token
17and should be treated as a secret file.
18```
19
20An Attach Config file for `pro` is a YAML file that specifies some options when
21running `pro attach`. The file has two fields, `token` and `enable_services`
22and looks something like this:
23
24```yaml
25token: TOKEN
26enable_services:
27 - service1
28 - service2
29 - service3
30```
31
32The `token` field is required and must be set to your Ubuntu Pro token that you
33can get from signing into [ubuntu.com/pro](https://ubuntu.com/pro).
34
35The `enable_services` field value is a list of Ubuntu Pro service names. When
36it is set, then the services specified will be automatically enabled after
37attaching with your Ubuntu Pro token.
38
39Service names that you may be interested in enabling in your Docker builds
40include:
41
42- `esm-infra`
43- `esm-apps`
44- `fips`
45- `fips-updates`
46
47You can find out more about these services by running `pro help service-name`
48on any Ubuntu machine.
49
50## Create a Dockerfile to use `pro` and your Attach Config file
51
52Your Dockerfile is going to look something like the following -- there are
53inline comments explaining each line:
54
55```dockerfile
56# Base off of the LTS of your choice
57FROM ubuntu:focal
58
59# We mount a BuildKit secret here to access the attach config file which should
60# be kept separate from the Dockerfile and managed in a secure fashion since it
61# needs to contain your Ubuntu Pro token.
62# In the next step, we demonstrate how to pass the file as a secret when
63# running docker build.
64RUN --mount=type=secret,id=pro-attach-config \
65 #
66 # First we update apt so we install the correct versions of packages in
67 # the next step
68 apt-get update \
69 #
70 # Here we install `pro` (ubuntu-advantage-tools) as well as ca-certificates,
71 # which is required to talk to the Ubuntu Pro authentication server securely.
72 && apt-get install --no-install-recommends -y ubuntu-advantage-tools ca-certificates \
73 #
74 # With pro installed, we attach using our attach config file from the
75 # previous step
76 && pro attach --attach-config /run/secrets/pro-attach-config \
77 #
78 ###########################################################################
79 # At this point, the container has access to all Ubuntu Pro services
80 # specified in the attach config file.
81 ###########################################################################
82 #
83 # Always upgrade all packages to the latest available version with the Ubuntu Pro
84 # services enabled.
85 && apt-get upgrade -y \
86 #
87 # Then, you can install any specific packages you need for your docker
88 # container.
89 # Install them here, while Ubuntu Pro is enabled, so that you get the appropriate
90 # versions.
91 # Any `apt-get install ...` commands you have in an existing Dockerfile
92 # that you may be migrating to use Ubuntu Pro should probably be moved here.
93 && apt-get install -y openssl \
94 #
95 ###########################################################################
96 # Now that we have upgraded and installed any packages from the Ubuntu Pro
97 # services, we can clean up.
98 ###########################################################################
99 #
100 # This purges ubuntu-advantage-tools, including all Ubuntu Pro related
101 # secrets from the system.
102 ###########################################################################
103 # IMPORTANT: As written here, this command assumes your container does not
104 # need ca-certificates so it is purged as well.
105 # If your container needs ca-certificates, then do not purge it from the
106 # system here.
107 ###########################################################################
108 && apt-get purge --auto-remove -y ubuntu-advantage-tools ca-certificates \
109 #
110 # Finally, we clean up the apt lists which should not be needed anymore
111 # because any `apt-get install`s should have happened above. Cleaning these
112 # lists keeps your image smaller.
113 && rm -rf /var/lib/apt/lists/*
114
115
116# Now, with all of your ubuntu apt packages installed, including all those
117# from Ubuntu Pro services, you can continue the rest of your app-specific Dockerfile.
118```
119
120An important point to note about the above Dockerfile is that all of the `apt`
121and `pro` commands happen inside one Dockerfile `RUN` instruction. This is
122critical and must not be changed. Keeping everything as written inside of
123one `RUN` instruction has two key benefits:
124
1251. It prevents any Ubuntu Pro Subscription-related tokens and secrets from
126 being leaked in an image layer.
1272. It keeps the image as small as possible by cleaning up extra packages and
128 files before the layer is finished.
129
130```{note}
131These benefits could also be attained by squashing the image.
132```
133
134## Build the Docker image
135
136Now, with our Attach Config file and Dockerfile created, we can build the image
137with a command like the following:
138
139```bash
140DOCKER_BUILDKIT=1 docker build . --secret id=pro-attach-config,src=pro-attach-config.yaml -t ubuntu-focal-pro
141```
142
143There are two important pieces to this command.
144
1451. We enable BuildKit with `DOCKER_BUILDKIT=1`. This is necessary to support
146 the secret mount feature.
1472. We use the secret mount feature of BuildKit with
148 `--secret id=pro-attach-config,src=pro-attach-config.yaml`. This is what
149 passes our Attach Config file in to be securely used by the
150 `RUN --mount=type=secret,id=pro-attach-config` command in the Dockerfile.
151
152## Success
153
154Congratulations! At this point, you should have a docker image that has been
155built with Ubuntu Pro packages installed from whichever Ubuntu Pro service you
156required.
diff --git a/docs/howtoguides/enable_livepatch.md b/docs/howtoguides/enable_livepatch.md
157deleted file mode 1006440deleted file mode 100644
index d220553..0000000
--- a/docs/howtoguides/enable_livepatch.md
+++ /dev/null
@@ -1,34 +0,0 @@
1# How to enable Livepatch
2
3```{important}
4Check if your kernel is supported by Livepatch here:
5https://ubuntu.com/security/livepatch/docs/kernels
6```
7
8To enable Livepatch, run:
9
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to status/vote changes: