Merge ~orndorffgrant/ubuntu/+source/ubuntu-advantage-tools:upload-27.15-mantic into ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel
- Git
- lp:~orndorffgrant/ubuntu/+source/ubuntu-advantage-tools
- upload-27.15-mantic
- Merge into ubuntu/devel
Proposed by
Grant Orndorff
Status: | Merged |
---|---|
Merged at revision: | 42eb665f4babf121e08122bcb5443ec1ba64a102 |
Proposed branch: | ~orndorffgrant/ubuntu/+source/ubuntu-advantage-tools:upload-27.15-mantic |
Merge into: | ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel |
Diff against target: |
16157 lines (+6580/-2282) 161 files modified
.github/PULL_REQUEST_TEMPLATE.md (+21/-2) .github/actions/bug-refs/action.yml (+9/-0) .github/actions/bug-refs/index.js (+61/-0) .github/actions/bug-refs/package-lock.json (+430/-0) .github/actions/bug-refs/package.json (+10/-0) .github/workflows/ci-base.yaml (+2/-0) .github/workflows/ci-integration.yaml (+3/-0) .github/workflows/custom_pr_checks.yaml (+27/-0) apport/source_ubuntu-advantage-tools.py (+6/-2) apt-hook/json-hook.cc (+35/-19) debian/changelog (+38/-0) debian/ubuntu-advantage-tools.postinst (+1/-1) dev-docs/howtoguides/building.md (+0/-13) dev-docs/howtoguides/release_a_new_version.md (+27/-10) dev-docs/howtoguides/testing.md (+0/-11) dev-docs/references/directory_layout.md (+0/-1) dev-docs/references/version_string_formatting.md (+10/-10) dev/null (+0/-91) docs/_static/js/github_issue_links.js (+1/-1) docs/conf.py (+6/-1) docs/explanations.rst (+2/-0) docs/explanations/apt_messages.md (+1/-1) docs/explanations/cves_and_usns_explained.md (+44/-0) docs/explanations/how_to_interpret_output_of_unattended_upgrades.md (+82/-0) docs/explanations/motd_messages.md (+121/-20) docs/explanations/status_columns.md (+102/-0) docs/googleaf254801a5285c31.html (+1/-0) docs/howtoguides.rst (+1/-0) docs/howtoguides/enable_fips.md (+1/-1) docs/howtoguides/get_rid_of_corrupt_lock.md (+1/-1) docs/howtoguides/get_token_and_attach.md (+37/-3) docs/howtoguides/how_to_not_fix_related_usns.md (+65/-0) docs/index.rst (+3/-2) docs/references/api.md (+125/-0) docs/references/network_requirements.md (+1/-1) docs/sitemap-index.xml (+8/-0) docs/tutorials/create_a_fips_updates_pro_cloud_image.md (+9/-9) docs/tutorials/fix_scenarios.md (+54/-15) features/api_full_auto_attach.feature (+1/-1) features/apt_messages.feature (+22/-16) features/attach_validtoken.feature (+29/-15) features/attached_commands.feature (+1/-1) features/attached_status.feature (+5/-1) features/cloud.py (+25/-5) features/daemon.feature (+4/-4) features/docker.feature (+0/-1) features/enable_fips_cloud.feature (+1/-1) features/enable_fips_vm.feature (+32/-32) features/environment.py (+58/-92) features/fix.feature (+281/-63) features/i8n.feature (+128/-0) features/livepatch.feature (+7/-2) features/logs.feature (+59/-0) features/proxy_config.feature (+4/-3) features/realtime_kernel.feature (+274/-41) features/reboot_cmds.feature (+48/-0) features/retry_auto_attach.feature (+4/-2) features/security_status.feature (+225/-61) features/steps/airgap.py (+2/-2) features/steps/attach.py (+5/-3) features/steps/files.py (+5/-2) features/steps/fix.py (+2/-2) features/steps/machines.py (+8/-8) features/steps/output.py (+7/-0) features/steps/packages.py (+17/-18) features/steps/shell.py (+4/-2) features/steps/status.py (+1/-1) features/steps/ubuntu_advantage_tools.py (+24/-23) features/timer.feature (+20/-0) features/ubuntu_pro.feature (+12/-12) features/unattached_status.feature (+18/-2) features/util.py (+9/-4) integration-requirements.txt (+1/-4) lib/apt_news.py (+7/-1) lib/auto_attach.py (+7/-1) lib/daemon.py (+7/-0) lib/esm_cache.py (+7/-0) lib/reboot_cmds.py (+73/-106) lib/timer.py (+10/-3) lib/upgrade_lts_contract.py (+6/-114) pyproject.toml (+20/-0) sru/release-27.14/test-migrate-user-config.sh (+46/-28) systemd/ua-reboot-cmds.service (+2/-2) systemd/ua-timer.timer (+3/-1) tools/README.md (+14/-2) tools/create-lp-release-branches.sh (+5/-5) tools/run-integration-tests.py (+21/-13) tox.ini (+16/-9) uaclient/actions.py (+30/-5) uaclient/apt.py (+6/-2) uaclient/apt_news.py (+2/-2) uaclient/cli.py (+63/-18) uaclient/clouds/gcp.py (+2/-2) uaclient/clouds/tests/test_gcp.py (+106/-20) uaclient/clouds/tests/test_identity.py (+4/-3) uaclient/config.py (+9/-30) uaclient/conftest.py (+15/-1) uaclient/contract.py (+42/-18) uaclient/data_types.py (+10/-10) uaclient/defaults.py (+1/-1) uaclient/entitlements/__init__.py (+9/-3) uaclient/entitlements/base.py (+144/-22) uaclient/entitlements/esm.py (+4/-4) uaclient/entitlements/fips.py (+2/-2) uaclient/entitlements/livepatch.py (+4/-10) uaclient/entitlements/realtime.py (+64/-2) uaclient/entitlements/repo.py (+25/-12) uaclient/entitlements/tests/test_base.py (+170/-4) uaclient/entitlements/tests/test_cc.py (+24/-31) uaclient/entitlements/tests/test_cis.py (+18/-4) uaclient/entitlements/tests/test_entitlements.py (+17/-1) uaclient/entitlements/tests/test_esm.py (+8/-8) uaclient/entitlements/tests/test_fips.py (+52/-35) uaclient/entitlements/tests/test_livepatch.py (+67/-63) uaclient/entitlements/tests/test_realtime.py (+61/-0) uaclient/entitlements/tests/test_repo.py (+28/-40) uaclient/event_logger.py (+7/-0) uaclient/exceptions.py (+11/-1) uaclient/files/files.py (+7/-0) uaclient/files/state_files.py (+5/-6) uaclient/livepatch.py (+8/-3) uaclient/log.py (+28/-2) uaclient/messages.py (+111/-12) uaclient/security.py (+389/-145) uaclient/security_status.py (+139/-58) uaclient/status.py (+124/-54) uaclient/system.py (+109/-38) uaclient/tests/constraints/constraints-jammy.txt (+8/-0) uaclient/tests/test_actions.py (+19/-6) uaclient/tests/test_apt.py (+78/-13) uaclient/tests/test_apt_news.py (+3/-3) uaclient/tests/test_cli.py (+117/-43) uaclient/tests/test_cli_api.py (+2/-1) uaclient/tests/test_cli_attach.py (+8/-5) uaclient/tests/test_cli_auto_attach.py (+4/-1) uaclient/tests/test_cli_collect_logs.py (+34/-4) uaclient/tests/test_cli_detach.py (+1/-0) uaclient/tests/test_cli_disable.py (+8/-1) uaclient/tests/test_cli_enable.py (+41/-3) uaclient/tests/test_cli_fix.py (+12/-3) uaclient/tests/test_cli_reboot_required.py (+2/-1) uaclient/tests/test_cli_refresh.py (+5/-2) uaclient/tests/test_cli_security_status.py (+4/-0) uaclient/tests/test_cli_status.py (+8/-0) uaclient/tests/test_config.py (+7/-53) uaclient/tests/test_contract.py (+109/-82) uaclient/tests/test_data_types.py (+8/-1) uaclient/tests/test_livepatch.py (+18/-13) uaclient/tests/test_reboot_cmds.py (+166/-154) uaclient/tests/test_security.py (+542/-113) uaclient/tests/test_security_status.py (+26/-8) uaclient/tests/test_status.py (+74/-7) uaclient/tests/test_system.py (+232/-101) uaclient/tests/test_upgrade_lts_contract.py (+28/-53) uaclient/tests/test_util.py (+31/-9) uaclient/timer/__init__.py (+20/-0) uaclient/timer/tests/test_update_contract_info.py (+2/-2) uaclient/timer/tests/test_update_messaging.py (+2/-2) uaclient/upgrade_lts_contract.py (+103/-0) uaclient/util.py (+0/-1) uaclient/version.py (+1/-1) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Canonical Server Core Reviewers | Pending | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+442895@code.launchpad.net |
Commit message
Description of the change
This is release 27.15 of ubuntu-
This is the final 27.x release before we move to scheduled releases, which will each bump the main version.
SRU Bug: https:/
To post a comment you must log in.
Revision history for this message
Grant Orndorff (orndorffgrant) wrote : | # |
Revision history for this message
Grant Orndorff (orndorffgrant) wrote : | # |
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md |
2 | index abf1338..7faa407 100644 |
3 | --- a/.github/PULL_REQUEST_TEMPLATE.md |
4 | +++ b/.github/PULL_REQUEST_TEMPLATE.md |
5 | @@ -1,5 +1,13 @@ |
6 | -## Proposed Commit Message |
7 | -<!-- Include a proposed commit message because all PRs can be merged in a variety of ways by the reviewer --> |
8 | +## Why is this needed? |
9 | +<!-- This information should be captured in your commit messages, so any description here can be very brief --> |
10 | +This PR solves all of our problems because... |
11 | + |
12 | +<!-- |
13 | +By default, we rebase PRs and will ask for a clean well-organized commit history in the PR before rebasing. |
14 | +If your PR is small enough and you prefer, uncomment the following section and fill it out to request a squashed PR. |
15 | +--> |
16 | +<!-- |
17 | +## Please Squash this PR with this commit message |
18 | |
19 | ``` |
20 | summary: no more than 70 characters |
21 | @@ -14,6 +22,7 @@ If you need to write multiple paragraphs, feel free. |
22 | LP: #NNNNNNN (replace with the appropriate Launchpad bug reference if applicable) |
23 | Fixes: #NNNNNNN (replace with the appropriate github issue if applicable) |
24 | ``` |
25 | +--> |
26 | |
27 | ## Test Steps |
28 | <!-- Please include any steps necessary to verify (and reproduce if |
29 | @@ -21,6 +30,16 @@ this is a bug fix) this change on a live deployed system, |
30 | including any necessary configuration files, user-data, |
31 | setup, and teardown. Scripts used may be attached directly to this PR. --> |
32 | |
33 | +<!-- Example: |
34 | +``` |
35 | +env SHELL_BEFORE=1 ./tools/test-in-lxd.sh xenial |
36 | +# Set up test scenario before upgrade |
37 | +exit # new version gets installed after exit and lxc shell is re-started |
38 | +sudo pro new-sub-command --new-flag |
39 | +# Assert something |
40 | +``` |
41 | +--> |
42 | + |
43 | ## Checklist |
44 | <!-- Go over all the following points, and put an `x` in all the boxes |
45 | that apply. --> |
46 | diff --git a/.github/actions/bug-refs/action.yml b/.github/actions/bug-refs/action.yml |
47 | new file mode 100644 |
48 | index 0000000..458d152 |
49 | --- /dev/null |
50 | +++ b/.github/actions/bug-refs/action.yml |
51 | @@ -0,0 +1,9 @@ |
52 | +name: 'Require Bug References' |
53 | +description: 'Block PRs on missing bug references' |
54 | +inputs: |
55 | + repo-token: |
56 | + description: 'Token for the repository. Can be passed in using {{ secrets.GITHUB_TOKEN }}' |
57 | + required: true |
58 | +runs: |
59 | + using: 'node16' |
60 | + main: 'index.js' |
61 | diff --git a/.github/actions/bug-refs/index.js b/.github/actions/bug-refs/index.js |
62 | new file mode 100644 |
63 | index 0000000..7804e06 |
64 | --- /dev/null |
65 | +++ b/.github/actions/bug-refs/index.js |
66 | @@ -0,0 +1,61 @@ |
67 | +const core = require('@actions/core'); |
68 | +const github = require('@actions/github'); |
69 | + |
70 | +async function run() { |
71 | + const context = github.context; |
72 | + if (context.eventName !== "pull_request") { |
73 | + console.log( |
74 | + 'The event that triggered this action was not a pull request, skipping.' |
75 | + ); |
76 | + return; |
77 | + } |
78 | + |
79 | + const body = context.payload.pull_request.body.toLocaleUpperCase(); |
80 | + const ignoreJira = body.includes("NO-JIRA"); |
81 | + const ignoreLaunchpad = body.includes("NO-LP"); |
82 | + const ignoreGithub = body.includes("NO-GH"); |
83 | + |
84 | + const errorMessages = []; |
85 | + |
86 | + const title = context.payload.pull_request.title; |
87 | + if (!ignoreJira && !title.toLocaleUpperCase().includes("SC-")) { |
88 | + errorMessages.push("The PR title does not include a Jira SC-#### reference.\nEither add one or add 'no-jira' to the PR description."); |
89 | + } |
90 | + |
91 | + const client = github.getOctokit( |
92 | + core.getInput('repo-token', {required: true}) |
93 | + ); |
94 | + const commits = await client.rest.pulls.listCommits({ |
95 | + owner: context.issue.owner, |
96 | + repo: context.issue.repo, |
97 | + pull_number: context.issue.number, |
98 | + }); |
99 | + |
100 | + let launchpadPresent = false; |
101 | + let githubPresent = false; |
102 | + commits.data.forEach(commit => { |
103 | + const message = commit.commit.message.toLocaleUpperCase(); |
104 | + if (message.includes("LP: #")) { |
105 | + launchpadPresent = true; |
106 | + } |
107 | + if (message.includes("FIXES: #") || message.includes("CLOSES: #")) { |
108 | + githubPresent = true; |
109 | + } |
110 | + }); |
111 | + |
112 | + if (!ignoreLaunchpad && !launchpadPresent) { |
113 | + errorMessages.push("None of the commits include a Launchpad bug reference.\nEither add one or add 'no-lp' to the PR description."); |
114 | + } |
115 | + if (!ignoreGithub && !githubPresent) { |
116 | + errorMessages.push("None of the commits include a Github bug reference.\nEither add one or add 'no-gh' to the PR description."); |
117 | + } |
118 | + |
119 | + if (errorMessages.length > 0) { |
120 | + core.setFailed(errorMessages.join("\n\n")); |
121 | + } |
122 | +} |
123 | + |
124 | +run().catch(error => { |
125 | + console.error(error); |
126 | + core.setFailed(error.message); |
127 | +}) |
128 | diff --git a/.github/actions/bug-refs/package-lock.json b/.github/actions/bug-refs/package-lock.json |
129 | new file mode 100644 |
130 | index 0000000..f9ad26b |
131 | --- /dev/null |
132 | +++ b/.github/actions/bug-refs/package-lock.json |
133 | @@ -0,0 +1,430 @@ |
134 | +{ |
135 | + "name": "bug-refs", |
136 | + "version": "1.0.0", |
137 | + "lockfileVersion": 2, |
138 | + "requires": true, |
139 | + "packages": { |
140 | + "": { |
141 | + "name": "bug-refs", |
142 | + "version": "1.0.0", |
143 | + "dependencies": { |
144 | + "@actions/core": "^1.10.0", |
145 | + "@actions/github": "^5.1.1" |
146 | + } |
147 | + }, |
148 | + "node_modules/@actions/core": { |
149 | + "version": "1.10.0", |
150 | + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz", |
151 | + "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==", |
152 | + "dependencies": { |
153 | + "@actions/http-client": "^2.0.1", |
154 | + "uuid": "^8.3.2" |
155 | + } |
156 | + }, |
157 | + "node_modules/@actions/github": { |
158 | + "version": "5.1.1", |
159 | + "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz", |
160 | + "integrity": "sha512-Nk59rMDoJaV+mHCOJPXuvB1zIbomlKS0dmSIqPGxd0enAXBnOfn4VWF+CGtRCwXZG9Epa54tZA7VIRlJDS8A6g==", |
161 | + "dependencies": { |
162 | + "@actions/http-client": "^2.0.1", |
163 | + "@octokit/core": "^3.6.0", |
164 | + "@octokit/plugin-paginate-rest": "^2.17.0", |
165 | + "@octokit/plugin-rest-endpoint-methods": "^5.13.0" |
166 | + } |
167 | + }, |
168 | + "node_modules/@actions/http-client": { |
169 | + "version": "2.1.0", |
170 | + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.0.tgz", |
171 | + "integrity": "sha512-BonhODnXr3amchh4qkmjPMUO8mFi/zLaaCeCAJZqch8iQqyDnVIkySjB38VHAC8IJ+bnlgfOqlhpyCUZHlQsqw==", |
172 | + "dependencies": { |
173 | + "tunnel": "^0.0.6" |
174 | + } |
175 | + }, |
176 | + "node_modules/@octokit/auth-token": { |
177 | + "version": "2.5.0", |
178 | + "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz", |
179 | + "integrity": "sha512-r5FVUJCOLl19AxiuZD2VRZ/ORjp/4IN98Of6YJoJOkY75CIBuYfmiNHGrDwXr+aLGG55igl9QrxX3hbiXlLb+g==", |
180 | + "dependencies": { |
181 | + "@octokit/types": "^6.0.3" |
182 | + } |
183 | + }, |
184 | + "node_modules/@octokit/core": { |
185 | + "version": "3.6.0", |
186 | + "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz", |
187 | + "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==", |
188 | + "dependencies": { |
189 | + "@octokit/auth-token": "^2.4.4", |
190 | + "@octokit/graphql": "^4.5.8", |
191 | + "@octokit/request": "^5.6.3", |
192 | + "@octokit/request-error": "^2.0.5", |
193 | + "@octokit/types": "^6.0.3", |
194 | + "before-after-hook": "^2.2.0", |
195 | + "universal-user-agent": "^6.0.0" |
196 | + } |
197 | + }, |
198 | + "node_modules/@octokit/endpoint": { |
199 | + "version": "6.0.12", |
200 | + "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.12.tgz", |
201 | + "integrity": "sha512-lF3puPwkQWGfkMClXb4k/eUT/nZKQfxinRWJrdZaJO85Dqwo/G0yOC434Jr2ojwafWJMYqFGFa5ms4jJUgujdA==", |
202 | + "dependencies": { |
203 | + "@octokit/types": "^6.0.3", |
204 | + "is-plain-object": "^5.0.0", |
205 | + "universal-user-agent": "^6.0.0" |
206 | + } |
207 | + }, |
208 | + "node_modules/@octokit/graphql": { |
209 | + "version": "4.8.0", |
210 | + "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.8.0.tgz", |
211 | + "integrity": "sha512-0gv+qLSBLKF0z8TKaSKTsS39scVKF9dbMxJpj3U0vC7wjNWFuIpL/z76Qe2fiuCbDRcJSavkXsVtMS6/dtQQsg==", |
212 | + "dependencies": { |
213 | + "@octokit/request": "^5.6.0", |
214 | + "@octokit/types": "^6.0.3", |
215 | + "universal-user-agent": "^6.0.0" |
216 | + } |
217 | + }, |
218 | + "node_modules/@octokit/openapi-types": { |
219 | + "version": "12.11.0", |
220 | + "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.11.0.tgz", |
221 | + "integrity": "sha512-VsXyi8peyRq9PqIz/tpqiL2w3w80OgVMwBHltTml3LmVvXiphgeqmY9mvBw9Wu7e0QWk/fqD37ux8yP5uVekyQ==" |
222 | + }, |
223 | + "node_modules/@octokit/plugin-paginate-rest": { |
224 | + "version": "2.21.3", |
225 | + "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.21.3.tgz", |
226 | + "integrity": "sha512-aCZTEf0y2h3OLbrgKkrfFdjRL6eSOo8komneVQJnYecAxIej7Bafor2xhuDJOIFau4pk0i/P28/XgtbyPF0ZHw==", |
227 | + "dependencies": { |
228 | + "@octokit/types": "^6.40.0" |
229 | + }, |
230 | + "peerDependencies": { |
231 | + "@octokit/core": ">=2" |
232 | + } |
233 | + }, |
234 | + "node_modules/@octokit/plugin-rest-endpoint-methods": { |
235 | + "version": "5.16.2", |
236 | + "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-5.16.2.tgz", |
237 | + "integrity": "sha512-8QFz29Fg5jDuTPXVtey05BLm7OB+M8fnvE64RNegzX7U+5NUXcOcnpTIK0YfSHBg8gYd0oxIq3IZTe9SfPZiRw==", |
238 | + "dependencies": { |
239 | + "@octokit/types": "^6.39.0", |
240 | + "deprecation": "^2.3.1" |
241 | + }, |
242 | + "peerDependencies": { |
243 | + "@octokit/core": ">=3" |
244 | + } |
245 | + }, |
246 | + "node_modules/@octokit/request": { |
247 | + "version": "5.6.3", |
248 | + "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.6.3.tgz", |
249 | + "integrity": "sha512-bFJl0I1KVc9jYTe9tdGGpAMPy32dLBXXo1dS/YwSCTL/2nd9XeHsY616RE3HPXDVk+a+dBuzyz5YdlXwcDTr2A==", |
250 | + "dependencies": { |
251 | + "@octokit/endpoint": "^6.0.1", |
252 | + "@octokit/request-error": "^2.1.0", |
253 | + "@octokit/types": "^6.16.1", |
254 | + "is-plain-object": "^5.0.0", |
255 | + "node-fetch": "^2.6.7", |
256 | + "universal-user-agent": "^6.0.0" |
257 | + } |
258 | + }, |
259 | + "node_modules/@octokit/request-error": { |
260 | + "version": "2.1.0", |
261 | + "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz", |
262 | + "integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==", |
263 | + "dependencies": { |
264 | + "@octokit/types": "^6.0.3", |
265 | + "deprecation": "^2.0.0", |
266 | + "once": "^1.4.0" |
267 | + } |
268 | + }, |
269 | + "node_modules/@octokit/types": { |
270 | + "version": "6.41.0", |
271 | + "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.41.0.tgz", |
272 | + "integrity": "sha512-eJ2jbzjdijiL3B4PrSQaSjuF2sPEQPVCPzBvTHJD9Nz+9dw2SGH4K4xeQJ77YfTq5bRQ+bD8wT11JbeDPmxmGg==", |
273 | + "dependencies": { |
274 | + "@octokit/openapi-types": "^12.11.0" |
275 | + } |
276 | + }, |
277 | + "node_modules/before-after-hook": { |
278 | + "version": "2.2.3", |
279 | + "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz", |
280 | + "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==" |
281 | + }, |
282 | + "node_modules/deprecation": { |
283 | + "version": "2.3.1", |
284 | + "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", |
285 | + "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==" |
286 | + }, |
287 | + "node_modules/is-plain-object": { |
288 | + "version": "5.0.0", |
289 | + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", |
290 | + "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==", |
291 | + "engines": { |
292 | + "node": ">=0.10.0" |
293 | + } |
294 | + }, |
295 | + "node_modules/node-fetch": { |
296 | + "version": "2.6.9", |
297 | + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.9.tgz", |
298 | + "integrity": "sha512-DJm/CJkZkRjKKj4Zi4BsKVZh3ValV5IR5s7LVZnW+6YMh0W1BfNA8XSs6DLMGYlId5F3KnA70uu2qepcR08Qqg==", |
299 | + "dependencies": { |
300 | + "whatwg-url": "^5.0.0" |
301 | + }, |
302 | + "engines": { |
303 | + "node": "4.x || >=6.0.0" |
304 | + }, |
305 | + "peerDependencies": { |
306 | + "encoding": "^0.1.0" |
307 | + }, |
308 | + "peerDependenciesMeta": { |
309 | + "encoding": { |
310 | + "optional": true |
311 | + } |
312 | + } |
313 | + }, |
314 | + "node_modules/once": { |
315 | + "version": "1.4.0", |
316 | + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", |
317 | + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", |
318 | + "dependencies": { |
319 | + "wrappy": "1" |
320 | + } |
321 | + }, |
322 | + "node_modules/tr46": { |
323 | + "version": "0.0.3", |
324 | + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", |
325 | + "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" |
326 | + }, |
327 | + "node_modules/tunnel": { |
328 | + "version": "0.0.6", |
329 | + "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz", |
330 | + "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==", |
331 | + "engines": { |
332 | + "node": ">=0.6.11 <=0.7.0 || >=0.7.3" |
333 | + } |
334 | + }, |
335 | + "node_modules/universal-user-agent": { |
336 | + "version": "6.0.0", |
337 | + "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz", |
338 | + "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w==" |
339 | + }, |
340 | + "node_modules/uuid": { |
341 | + "version": "8.3.2", |
342 | + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", |
343 | + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", |
344 | + "bin": { |
345 | + "uuid": "dist/bin/uuid" |
346 | + } |
347 | + }, |
348 | + "node_modules/webidl-conversions": { |
349 | + "version": "3.0.1", |
350 | + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", |
351 | + "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" |
352 | + }, |
353 | + "node_modules/whatwg-url": { |
354 | + "version": "5.0.0", |
355 | + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", |
356 | + "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", |
357 | + "dependencies": { |
358 | + "tr46": "~0.0.3", |
359 | + "webidl-conversions": "^3.0.0" |
360 | + } |
361 | + }, |
362 | + "node_modules/wrappy": { |
363 | + "version": "1.0.2", |
364 | + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", |
365 | + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" |
366 | + } |
367 | + }, |
368 | + "dependencies": { |
369 | + "@actions/core": { |
370 | + "version": "1.10.0", |
371 | + "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.10.0.tgz", |
372 | + "integrity": "sha512-2aZDDa3zrrZbP5ZYg159sNoLRb61nQ7awl5pSvIq5Qpj81vwDzdMRKzkWJGJuwVvWpvZKx7vspJALyvaaIQyug==", |
373 | + "requires": { |
374 | + "@actions/http-client": "^2.0.1", |
375 | + "uuid": "^8.3.2" |
376 | + } |
377 | + }, |
378 | + "@actions/github": { |
379 | + "version": "5.1.1", |
380 | + "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz", |
381 | + "integrity": "sha512-Nk59rMDoJaV+mHCOJPXuvB1zIbomlKS0dmSIqPGxd0enAXBnOfn4VWF+CGtRCwXZG9Epa54tZA7VIRlJDS8A6g==", |
382 | + "requires": { |
383 | + "@actions/http-client": "^2.0.1", |
384 | + "@octokit/core": "^3.6.0", |
385 | + "@octokit/plugin-paginate-rest": "^2.17.0", |
386 | + "@octokit/plugin-rest-endpoint-methods": "^5.13.0" |
387 | + } |
388 | + }, |
389 | + "@actions/http-client": { |
390 | + "version": "2.1.0", |
391 | + "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.1.0.tgz", |
392 | + "integrity": "sha512-BonhODnXr3amchh4qkmjPMUO8mFi/zLaaCeCAJZqch8iQqyDnVIkySjB38VHAC8IJ+bnlgfOqlhpyCUZHlQsqw==", |
393 | + "requires": { |
394 | + "tunnel": "^0.0.6" |
395 | + } |
396 | + }, |
397 | + "@octokit/auth-token": { |
398 | + "version": "2.5.0", |
399 | + "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-2.5.0.tgz", |
400 | + "integrity": "sha512-r5FVUJCOLl19AxiuZD2VRZ/ORjp/4IN98Of6YJoJOkY75CIBuYfmiNHGrDwXr+aLGG55igl9QrxX3hbiXlLb+g==", |
401 | + "requires": { |
402 | + "@octokit/types": "^6.0.3" |
403 | + } |
404 | + }, |
405 | + "@octokit/core": { |
406 | + "version": "3.6.0", |
407 | + "resolved": "https://registry.npmjs.org/@octokit/core/-/core-3.6.0.tgz", |
408 | + "integrity": "sha512-7RKRKuA4xTjMhY+eG3jthb3hlZCsOwg3rztWh75Xc+ShDWOfDDATWbeZpAHBNRpm4Tv9WgBMOy1zEJYXG6NJ7Q==", |
409 | + "requires": { |
410 | + "@octokit/auth-token": "^2.4.4", |
411 | + "@octokit/graphql": "^4.5.8", |
412 | + "@octokit/request": "^5.6.3", |
413 | + "@octokit/request-error": "^2.0.5", |
414 | + "@octokit/types": "^6.0.3", |
415 | + "before-after-hook": "^2.2.0", |
416 | + "universal-user-agent": "^6.0.0" |
417 | + } |
418 | + }, |
419 | + "@octokit/endpoint": { |
420 | + "version": "6.0.12", |
421 | + "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-6.0.12.tgz", |
422 | + "integrity": "sha512-lF3puPwkQWGfkMClXb4k/eUT/nZKQfxinRWJrdZaJO85Dqwo/G0yOC434Jr2ojwafWJMYqFGFa5ms4jJUgujdA==", |
423 | + "requires": { |
424 | + "@octokit/types": "^6.0.3", |
425 | + "is-plain-object": "^5.0.0", |
426 | + "universal-user-agent": "^6.0.0" |
427 | + } |
428 | + }, |
429 | + "@octokit/graphql": { |
430 | + "version": "4.8.0", |
431 | + "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-4.8.0.tgz", |
432 | + "integrity": "sha512-0gv+qLSBLKF0z8TKaSKTsS39scVKF9dbMxJpj3U0vC7wjNWFuIpL/z76Qe2fiuCbDRcJSavkXsVtMS6/dtQQsg==", |
433 | + "requires": { |
434 | + "@octokit/request": "^5.6.0", |
435 | + "@octokit/types": "^6.0.3", |
436 | + "universal-user-agent": "^6.0.0" |
437 | + } |
438 | + }, |
439 | + "@octokit/openapi-types": { |
440 | + "version": "12.11.0", |
441 | + "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-12.11.0.tgz", |
442 | + "integrity": "sha512-VsXyi8peyRq9PqIz/tpqiL2w3w80OgVMwBHltTml3LmVvXiphgeqmY9mvBw9Wu7e0QWk/fqD37ux8yP5uVekyQ==" |
443 | + }, |
444 | + "@octokit/plugin-paginate-rest": { |
445 | + "version": "2.21.3", |
446 | + "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-2.21.3.tgz", |
447 | + "integrity": "sha512-aCZTEf0y2h3OLbrgKkrfFdjRL6eSOo8komneVQJnYecAxIej7Bafor2xhuDJOIFau4pk0i/P28/XgtbyPF0ZHw==", |
448 | + "requires": { |
449 | + "@octokit/types": "^6.40.0" |
450 | + } |
451 | + }, |
452 | + "@octokit/plugin-rest-endpoint-methods": { |
453 | + "version": "5.16.2", |
454 | + "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-5.16.2.tgz", |
455 | + "integrity": "sha512-8QFz29Fg5jDuTPXVtey05BLm7OB+M8fnvE64RNegzX7U+5NUXcOcnpTIK0YfSHBg8gYd0oxIq3IZTe9SfPZiRw==", |
456 | + "requires": { |
457 | + "@octokit/types": "^6.39.0", |
458 | + "deprecation": "^2.3.1" |
459 | + } |
460 | + }, |
461 | + "@octokit/request": { |
462 | + "version": "5.6.3", |
463 | + "resolved": "https://registry.npmjs.org/@octokit/request/-/request-5.6.3.tgz", |
464 | + "integrity": "sha512-bFJl0I1KVc9jYTe9tdGGpAMPy32dLBXXo1dS/YwSCTL/2nd9XeHsY616RE3HPXDVk+a+dBuzyz5YdlXwcDTr2A==", |
465 | + "requires": { |
466 | + "@octokit/endpoint": "^6.0.1", |
467 | + "@octokit/request-error": "^2.1.0", |
468 | + "@octokit/types": "^6.16.1", |
469 | + "is-plain-object": "^5.0.0", |
470 | + "node-fetch": "^2.6.7", |
471 | + "universal-user-agent": "^6.0.0" |
472 | + } |
473 | + }, |
474 | + "@octokit/request-error": { |
475 | + "version": "2.1.0", |
476 | + "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-2.1.0.tgz", |
477 | + "integrity": "sha512-1VIvgXxs9WHSjicsRwq8PlR2LR2x6DwsJAaFgzdi0JfJoGSO8mYI/cHJQ+9FbN21aa+DrgNLnwObmyeSC8Rmpg==", |
478 | + "requires": { |
479 | + "@octokit/types": "^6.0.3", |
480 | + "deprecation": "^2.0.0", |
481 | + "once": "^1.4.0" |
482 | + } |
483 | + }, |
484 | + "@octokit/types": { |
485 | + "version": "6.41.0", |
486 | + "resolved": "https://registry.npmjs.org/@octokit/types/-/types-6.41.0.tgz", |
487 | + "integrity": "sha512-eJ2jbzjdijiL3B4PrSQaSjuF2sPEQPVCPzBvTHJD9Nz+9dw2SGH4K4xeQJ77YfTq5bRQ+bD8wT11JbeDPmxmGg==", |
488 | + "requires": { |
489 | + "@octokit/openapi-types": "^12.11.0" |
490 | + } |
491 | + }, |
492 | + "before-after-hook": { |
493 | + "version": "2.2.3", |
494 | + "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz", |
495 | + "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==" |
496 | + }, |
497 | + "deprecation": { |
498 | + "version": "2.3.1", |
499 | + "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", |
500 | + "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==" |
501 | + }, |
502 | + "is-plain-object": { |
503 | + "version": "5.0.0", |
504 | + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", |
505 | + "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==" |
506 | + }, |
507 | + "node-fetch": { |
508 | + "version": "2.6.9", |
509 | + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.9.tgz", |
510 | + "integrity": "sha512-DJm/CJkZkRjKKj4Zi4BsKVZh3ValV5IR5s7LVZnW+6YMh0W1BfNA8XSs6DLMGYlId5F3KnA70uu2qepcR08Qqg==", |
511 | + "requires": { |
512 | + "whatwg-url": "^5.0.0" |
513 | + } |
514 | + }, |
515 | + "once": { |
516 | + "version": "1.4.0", |
517 | + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", |
518 | + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", |
519 | + "requires": { |
520 | + "wrappy": "1" |
521 | + } |
522 | + }, |
523 | + "tr46": { |
524 | + "version": "0.0.3", |
525 | + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", |
526 | + "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" |
527 | + }, |
528 | + "tunnel": { |
529 | + "version": "0.0.6", |
530 | + "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz", |
531 | + "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==" |
532 | + }, |
533 | + "universal-user-agent": { |
534 | + "version": "6.0.0", |
535 | + "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz", |
536 | + "integrity": "sha512-isyNax3wXoKaulPDZWHQqbmIx1k2tb9fb3GGDBRxCscfYV2Ch7WxPArBsFEG8s/safwXTT7H4QGhaIkTp9447w==" |
537 | + }, |
538 | + "uuid": { |
539 | + "version": "8.3.2", |
540 | + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", |
541 | + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==" |
542 | + }, |
543 | + "webidl-conversions": { |
544 | + "version": "3.0.1", |
545 | + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", |
546 | + "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" |
547 | + }, |
548 | + "whatwg-url": { |
549 | + "version": "5.0.0", |
550 | + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", |
551 | + "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", |
552 | + "requires": { |
553 | + "tr46": "~0.0.3", |
554 | + "webidl-conversions": "^3.0.0" |
555 | + } |
556 | + }, |
557 | + "wrappy": { |
558 | + "version": "1.0.2", |
559 | + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", |
560 | + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" |
561 | + } |
562 | + } |
563 | +} |
564 | diff --git a/.github/actions/bug-refs/package.json b/.github/actions/bug-refs/package.json |
565 | new file mode 100644 |
566 | index 0000000..14ceb07 |
567 | --- /dev/null |
568 | +++ b/.github/actions/bug-refs/package.json |
569 | @@ -0,0 +1,10 @@ |
570 | +{ |
571 | + "name": "bug-refs", |
572 | + "version": "1.0.0", |
573 | + "description": "Block PRs on missing bug references", |
574 | + "main": "index.js", |
575 | + "dependencies": { |
576 | + "@actions/core": "^1.10.0", |
577 | + "@actions/github": "^5.1.1" |
578 | + } |
579 | +} |
580 | diff --git a/.github/workflows/ci-base.yaml b/.github/workflows/ci-base.yaml |
581 | index 59174bf..dab17d3 100644 |
582 | --- a/.github/workflows/ci-base.yaml |
583 | +++ b/.github/workflows/ci-base.yaml |
584 | @@ -29,6 +29,8 @@ jobs: |
585 | run: tox -e mypy |
586 | - name: Version Consistency |
587 | run: python3 ./tools/check-versions-are-consistent.py |
588 | + - name: Docs |
589 | + run: tox -e docs |
590 | unit-tests: |
591 | name: Unit Tests |
592 | runs-on: ubuntu-22.04 |
593 | diff --git a/.github/workflows/ci-integration.yaml b/.github/workflows/ci-integration.yaml |
594 | index 62df9e3..937de39 100644 |
595 | --- a/.github/workflows/ci-integration.yaml |
596 | +++ b/.github/workflows/ci-integration.yaml |
597 | @@ -92,6 +92,9 @@ jobs: |
598 | # in a way that is incompatible with lxd. |
599 | # https://linuxcontainers.org/lxd/docs/master/howto/network_bridge_firewalld/#prevent-issues-with-lxd-and-docker |
600 | sudo iptables -I DOCKER-USER -j ACCEPT |
601 | + - name: Refresh LXD |
602 | + if: matrix.platform == 'lxd' || matrix.platform == 'vm' |
603 | + run: sudo snap refresh --channel latest/stable lxd |
604 | - name: Initialize LXD |
605 | if: matrix.platform == 'lxd' || matrix.platform == 'vm' |
606 | run: sudo lxd init --auto |
607 | diff --git a/.github/workflows/custom_pr_checks.yaml b/.github/workflows/custom_pr_checks.yaml |
608 | new file mode 100644 |
609 | index 0000000..b3be667 |
610 | --- /dev/null |
611 | +++ b/.github/workflows/custom_pr_checks.yaml |
612 | @@ -0,0 +1,27 @@ |
613 | +--- |
614 | + |
615 | +name: Custom PR Checks |
616 | + |
617 | +on: |
618 | + pull_request: |
619 | + types: |
620 | + - opened |
621 | + - synchronize |
622 | + - reopened |
623 | + - edited |
624 | + branches: |
625 | + - main |
626 | + |
627 | +jobs: |
628 | + bug-refs: |
629 | + runs-on: ubuntu-latest |
630 | + steps: |
631 | + - name: Git checkout |
632 | + uses: actions/checkout@v3 |
633 | + - name: Install dependencies |
634 | + run: cd ./.github/actions/bug-refs && npm install |
635 | + - name: Check for bug references |
636 | + uses: ./.github/actions/bug-refs |
637 | + id: bug-refs |
638 | + with: |
639 | + repo-token: ${{ secrets.GITHUB_TOKEN }} |
640 | diff --git a/apport/source_ubuntu-advantage-tools.py b/apport/source_ubuntu-advantage-tools.py |
641 | index 193d557..f2c4f1a 100644 |
642 | --- a/apport/source_ubuntu-advantage-tools.py |
643 | +++ b/apport/source_ubuntu-advantage-tools.py |
644 | @@ -2,6 +2,7 @@ import os |
645 | import tempfile |
646 | |
647 | from apport.hookutils import attach_file_if_exists |
648 | +from uaclient import defaults |
649 | from uaclient.actions import collect_logs |
650 | from uaclient.config import UAConfig |
651 | |
652 | @@ -12,7 +13,7 @@ def add_info(report, ui=None): |
653 | cfg = UAConfig() |
654 | with tempfile.TemporaryDirectory() as output_dir: |
655 | collect_logs(cfg, output_dir) |
656 | - auto_include_log_files = [ |
657 | + auto_include_log_files = { |
658 | "cloud-id.txt", |
659 | "cloud-id.txt-error", |
660 | "ua-status.json", |
661 | @@ -24,6 +25,9 @@ def add_info(report, ui=None): |
662 | os.path.basename(cfg.timer_log_file), |
663 | os.path.basename(cfg.daemon_log_file), |
664 | os.path.basename(cfg.data_path("jobs-status")), |
665 | - ] |
666 | + os.path.basename(defaults.CONFIG_DEFAULTS["log_file"]), |
667 | + os.path.basename(defaults.CONFIG_DEFAULTS["timer_log_file"]), |
668 | + os.path.basename(defaults.CONFIG_DEFAULTS["daemon_log_file"]), |
669 | + } |
670 | for f in auto_include_log_files: |
671 | attach_file_if_exists(report, os.path.join(output_dir, f), key=f) |
672 | diff --git a/apt-hook/json-hook.cc b/apt-hook/json-hook.cc |
673 | index 1d36bd2..61548b7 100644 |
674 | --- a/apt-hook/json-hook.cc |
675 | +++ b/apt-hook/json-hook.cc |
676 | @@ -218,13 +218,17 @@ CloudID get_cloud_id() { |
677 | return ret; |
678 | } |
679 | |
680 | -bool is_xenial() { |
681 | +enum ESMInfraSeries {NOT_ESM_INFRA, XENIAL, BIONIC}; |
682 | + |
683 | +ESMInfraSeries get_esm_infra_series() { |
684 | std::ifstream os_release_file("/etc/os-release"); |
685 | - bool ret = false; |
686 | + ESMInfraSeries ret = NOT_ESM_INFRA; |
687 | if (os_release_file.is_open()) { |
688 | std::string os_release_str((std::istreambuf_iterator<char>(os_release_file)), (std::istreambuf_iterator<char>())); |
689 | if (os_release_str.find("xenial") != os_release_str.npos) { |
690 | - ret = true; |
691 | + ret = XENIAL; |
692 | + } else if (os_release_str.find("bionic") != os_release_str.npos) { |
693 | + ret = BIONIC; |
694 | } |
695 | os_release_file.close(); |
696 | } |
697 | @@ -238,27 +242,39 @@ struct ESMContext { |
698 | |
699 | ESMContext get_esm_context() { |
700 | CloudID cloud_id = get_cloud_id(); |
701 | - bool is_x = is_xenial(); |
702 | + ESMInfraSeries esm_infra_series = get_esm_infra_series(); |
703 | |
704 | ESMContext ret; |
705 | ret.context = ""; |
706 | ret.url = "https://ubuntu.com/pro"; |
707 | |
708 | - if (cloud_id != AZURE && is_x) { |
709 | - ret.context = " for 16.04"; |
710 | - ret.url = "https://ubuntu.com/16-04"; |
711 | - } else if (cloud_id == AZURE && !is_x) { |
712 | - ret.context = " on Azure"; |
713 | - ret.url = "https://ubuntu.com/azure/pro"; |
714 | - } else if (cloud_id == AZURE && is_x) { |
715 | - ret.context = " for 16.04 on Azure"; |
716 | - ret.url = "https://ubuntu.com/16-04/azure"; |
717 | - } else if (cloud_id == AWS && !is_x) { |
718 | - ret.context = " on AWS"; |
719 | - ret.url = "https://ubuntu.com/aws/pro"; |
720 | - } else if (cloud_id == GCE && !is_x) { |
721 | - ret.context = " on GCP"; |
722 | - ret.url = "https://ubuntu.com/gcp/pro"; |
723 | + if (esm_infra_series == XENIAL) { |
724 | + if (cloud_id == AZURE) { |
725 | + ret.context = " for 16.04 on Azure"; |
726 | + ret.url = "https://ubuntu.com/16-04/azure"; |
727 | + } else { |
728 | + ret.context = " for 16.04"; |
729 | + ret.url = "https://ubuntu.com/16-04"; |
730 | + } |
731 | + } else if (esm_infra_series == BIONIC) { |
732 | + if (cloud_id == AZURE) { |
733 | + ret.context = " for 18.04 on Azure"; |
734 | + ret.url = "https://ubuntu.com/18-04/azure"; |
735 | + } else { |
736 | + ret.context = " for 18.04"; |
737 | + ret.url = "https://ubuntu.com/18-04"; |
738 | + } |
739 | + } else { |
740 | + if (cloud_id == AZURE) { |
741 | + ret.context = " on Azure"; |
742 | + ret.url = "https://ubuntu.com/azure/pro"; |
743 | + } else if (cloud_id == AWS) { |
744 | + ret.context = " on AWS"; |
745 | + ret.url = "https://ubuntu.com/aws/pro"; |
746 | + } else if (cloud_id == GCE) { |
747 | + ret.context = " on GCP"; |
748 | + ret.url = "https://ubuntu.com/gcp/pro"; |
749 | + } |
750 | } |
751 | |
752 | return ret; |
753 | diff --git a/apt.conf.d/51ubuntu-advantage-esm b/apt.conf.d/51ubuntu-advantage-esm |
754 | deleted file mode 100644 |
755 | index e9b1c3a..0000000 |
756 | --- a/apt.conf.d/51ubuntu-advantage-esm |
757 | +++ /dev/null |
758 | @@ -1,6 +0,0 @@ |
759 | -Unattended-Upgrade::Allowed-Origins { |
760 | - "${distro_id}ESM:${distro_codename}-infra-security"; |
761 | -}; |
762 | -Unattended-Upgrade::Allowed-Origins { |
763 | - "${distro_id}ESMApps:${distro_codename}-apps-security"; |
764 | -}; |
765 | diff --git a/debian/changelog b/debian/changelog |
766 | index 69290bb..e9979e2 100644 |
767 | --- a/debian/changelog |
768 | +++ b/debian/changelog |
769 | @@ -1,3 +1,41 @@ |
770 | +ubuntu-advantage-tools (27.15) mantic; urgency=medium |
771 | + |
772 | + * d/ubuntu-advantage-tools.postinst: |
773 | + - more specific regex for ua_config warning |
774 | + * New upstream release 27.15 (LP: #2017949) |
775 | + - apport: collect default log files if present for bug reports |
776 | + - apt messaging: add bionic-specific urls |
777 | + - config: no longer load uaclient.conf from current working directory |
778 | + - fix: |
779 | + + add support for --no-related flag |
780 | + + separate target USN from related USNs |
781 | + - general: |
782 | + + logs to user cache directory when run as non-root |
783 | + + fix bug where non-root commands failed with file permission error |
784 | + accessing /tmp/ubuntu-advantage (GH: #2567) |
785 | + + use system environment vars by default in sub processes (GH: #2527) |
786 | + + fall back to /usr/lib/os-release for release info |
787 | + + start logging to default log file until config is loaded |
788 | + + remove small timeout from contract checking request |
789 | + - livepatch: use uname.machine for kernel arch when checking support |
790 | + (GH: #2517) |
791 | + - realtime-kernel: add support for intel-iotg variant |
792 | + - reboot-required: new criteria for "yes-kernel-livepatches-applied" |
793 | + livepatch status must be either "applied" or "nothing-to-apply" and |
794 | + livepatch support status must say "supported" |
795 | + - security-status: |
796 | + + always show available/installed counts for esm packages |
797 | + + include hint to run apt-get update for up-to-date info (GH: #2443) |
798 | + + improve visibility of installed and available updates (GH: #2442) |
799 | + + change package info message hint to recommend apt-cache show |
800 | + - systemd: update service unit for reboot_cmds to not run if not attached |
801 | + - status: |
802 | + + add hint for pro status --all |
803 | + + better message if no services are available (LP: #1994923) |
804 | + - timer: only run timer when attached |
805 | + |
806 | + -- Grant Orndorff <grant.orndorff@canonical.com> Thu, 27 Apr 2023 16:34:55 -0400 |
807 | + |
808 | ubuntu-advantage-tools (27.14.4) lunar; urgency=medium |
809 | |
810 | * timer: disable update_contract_info job (LP: #2015302) |
811 | diff --git a/debian/ubuntu-advantage-tools.postinst b/debian/ubuntu-advantage-tools.postinst |
812 | index 7d9d03e..31d93ae 100644 |
813 | --- a/debian/ubuntu-advantage-tools.postinst |
814 | +++ b/debian/ubuntu-advantage-tools.postinst |
815 | @@ -452,7 +452,7 @@ case "$1" in |
816 | migrate_user_config_post |
817 | fi |
818 | |
819 | - if grep -q "ua_config:" /etc/ubuntu-advantage/uaclient.conf; then |
820 | + if grep -q "^ua_config:" /etc/ubuntu-advantage/uaclient.conf; then |
821 | echo "Warning: uaclient.conf contains old ua_config field." >&2 |
822 | echo " Please do the following:" >&2 |
823 | echo " 1. Run 'pro config set field=value' for each field/value pair" >&2 |
824 | diff --git a/docs/README.md b/dev-docs/howtoguides/build-docs.md |
825 | similarity index 100% |
826 | rename from docs/README.md |
827 | rename to dev-docs/howtoguides/build-docs.md |
828 | diff --git a/dev-docs/howtoguides/building.md b/dev-docs/howtoguides/building.md |
829 | index 17be892..40b4d70 100644 |
830 | --- a/dev-docs/howtoguides/building.md |
831 | +++ b/dev-docs/howtoguides/building.md |
832 | @@ -41,16 +41,3 @@ sbuild-launchpad-chroot create --architecture="riscv64" "--name=focal-riscv64" " |
833 | > # this script can be used to update all chroots |
834 | > sudo PATTERN=\* sh /usr/share/doc/sbuild/examples/sbuild-debian-developer-setup-update-all |
835 | > ``` |
836 | - |
837 | -## Setting up an lxc development container |
838 | -```shell |
839 | -lxc launch ubuntu-daily:xenial dev-x -c user.user-data="$(cat tools/ua-dev-cloud-config.yaml)" |
840 | -lxc exec dev-x bash |
841 | -``` |
842 | - |
843 | -## Setting up a kvm development environment with multipass |
844 | -**Note:** There is a sample procedure documented in tools/multipass.md as well. |
845 | -```shell |
846 | -multipass launch daily:focal -n dev-f --cloud-init tools/ua-dev-cloud-config.yaml |
847 | -multipass connect dev-f |
848 | -``` |
849 | diff --git a/dev-docs/howtoguides/how_to_release_a_new_version_of_ua.md b/dev-docs/howtoguides/release_a_new_version.md |
850 | similarity index 75% |
851 | rename from dev-docs/howtoguides/how_to_release_a_new_version_of_ua.md |
852 | rename to dev-docs/howtoguides/release_a_new_version.md |
853 | index 7a067dc..9d9109c 100644 |
854 | --- a/dev-docs/howtoguides/how_to_release_a_new_version_of_ua.md |
855 | +++ b/dev-docs/howtoguides/release_a_new_version.md |
856 | @@ -31,6 +31,14 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
857 | ``` |
858 | * You must have Launchpad already properly configured in your system in order to upload packages to the PPAs. Follow [this guide](https://help.launchpad.net/Packaging/PPA/Uploading) to get set up. |
859 | |
860 | +* In order to run the `ppa` command, install `ppa-dev-tools` from `bryce`'s PPA: |
861 | + ```bash |
862 | + sudo add-apt-repository ppa:bryce/ppa-dev-tools |
863 | + sudo apt update |
864 | + sudo apt install ppa-dev-tools |
865 | + ``` |
866 | + When running `ppa` for the first time, there will be another round of launchpad authorization to be performed. |
867 | + |
868 | ## I. Preliminary/staging release to team infrastructure |
869 | 1. Create a release PR: |
870 | |
871 | @@ -41,7 +49,7 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
872 | b Create a new entry in the `debian/changelog` file: |
873 | |
874 | * You can do that by running `dch --newversion <version-name>`. |
875 | - * Remember to update the release from `UNRELEASED` to the ubuntu/devel release. Edit the version to look like: `27.2~21.10.1`, with the appropriate pro-client and ubuntu/devel version numbers. |
876 | + * Remember to update the release from `UNRELEASED` to the ubuntu/devel release. Edit the version to look like: `27.2`, with the appropriate pro-client version number. |
877 | * Populate `debian/changelog` with the commits you have cherry-picked. |
878 | * You can do that by running `git log <first-cherry-pick-commit>..<last-cherry-pick-commit> | log2dch` |
879 | * This will generate a list of commits that could be included in the changelog. |
880 | @@ -84,7 +92,7 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
881 | |
882 | b. Edit the changelog |
883 | * List yourself as the author of this release. |
884 | - * Edit the version number to look like: `27.2~20.04.1~rc1` (`<version>~<ubuntu-release-number>.<revno>~rc<release-candidate-number>`) |
885 | + * Edit the version number to look like: `27.2~rc1` (`<version>~rc<release-candidate-number>`) |
886 | * Edit the Ubuntu release name. Start with the ubuntu/devel release. |
887 | * `git add debian/changelog && git commit -m "throwaway"` - Do **not** push this commit! |
888 | |
889 | @@ -95,9 +103,10 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
890 | * If this succeeds move on. If this fails, debug and fix before continuing. |
891 | |
892 | e. Repeat 3.b through 3.d for all supported Ubuntu Releases |
893 | - * PS: remember to also change the version number on the changelog. For example, suppose |
894 | - the new version is `1.1~20.04.1~rc1`. If you want to test Bionic now, change it to |
895 | - `1.1~18.04.1~rc1`. |
896 | + * The version for series other than devel should be in the form `<version>~<ubuntu-release-number>~rc<release-candidate-number>` |
897 | + This means you must add the release number in the changelog. For example, suppose |
898 | + the devel version is `1.1~rc1`. If you want to build for jammy now, change it to |
899 | + `1.1~22.04~rc1`. |
900 | |
901 | f. For each release, dput to the staging PPA: |
902 | * `dput ppa:ua-client/staging ../out/<package_name>_source.changes` |
903 | @@ -136,14 +145,17 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
904 | e. `git checkout -B upload-<this-version>-kinetic` |
905 | * This creates a new local branch name based on your detached branch. |
906 | |
907 | - f. Make sure the changelog version contains the release version in the name (e.g., `27.1~22.10.1`) |
908 | + f. `git push <your_launchpad_user> upload-<this-version>-kinetic` |
909 | |
910 | - g. `git push <your_launchpad_user> upload-<this-version>-kinetic` |
911 | - |
912 | - h. On Launchpad, create a merge proposal for this version which targets `ubuntu/devel` |
913 | - * For an example, see the [27.9 merge proposal](https://code.launchpad.net/~orndorffgrant/ubuntu/+source/ubuntu-advantage-tools/+git/ubuntu-advantage-tools/+merge/422906). |
914 | + g. On Launchpad, create a merge proposal for this version which targets `ubuntu/devel` |
915 | + * For an example, see the [27.14.1 merge proposal](https://code.launchpad.net/~renanrodrigo/ubuntu/+source/ubuntu-advantage-tools/+git/ubuntu-advantage-tools/+merge/439507). |
916 | * Add 2 review slots for `canonical-server-reporter` and `canonical-server-core-reviewers`. |
917 | |
918 | + h. With the packages published to `ppa:ua-client/staging`, add links to the autopkgtest triggers to the Merge Proposal. The reviewer will have permission to trigger those tests. The links can be obtained by running `ppa tests -r <release> -a <arch1,arch2> ua-client/staging -L` |
919 | + * Make sure to post links to all the architectures built for a given release. |
920 | + * The riscv64 autopkgtests are not avaialble and don't need to be included. |
921 | + * The `ppa test` command will have two variations of tests: the regular one, and one with `all-proposed=1`; only the regular test need to be there. |
922 | + |
923 | 4. Server Team Review and Pre-SRU Review |
924 | |
925 | a. Ask the assigned ubuntu-advantage-tools reviewer/sponsor from Server team for a review of your MPs. If you don't know who that is, ask in ~Server. Include a link to the ubuntu/devel MP and to the SRU bug. |
926 | @@ -160,7 +172,12 @@ If this is your first time releasing ubuntu-advantage-tools, you'll need to do t |
927 | * Follow instructions in `II.4.b` if they request any changes. |
928 | |
929 | e. Once the SRU team member gives a pre-SRU approval, create the branches for each stable release. They should be named `upload-<this-version>-<codename>`. |
930 | + * The versions for the stable releases must include `~<release-number>` |
931 | * If you've followed the instructions precisely so far, you can just run `bash tools/create-lp-release-branches.sh`. |
932 | + - When using the `create-lp-release-branches.sh` script, an important parameter is `SRU_BUG`: |
933 | + - In the vast majority of cases, this should be set to the overall SRU bug written in step II.1.b. |
934 | + - In the case where an existing SRU never got released, and a new patch version was uploaded on top of it to fix a new bug discovered during review, then the bug should still be the overall SRU bug. |
935 | + - If the release is exclusively a bugfix release and the previous version has already been successfully released all the way through the SRU process, then the bug should instead be the specific bugfix number. |
936 | |
937 | f. Ask Server team member sponsor to upload to devel, and then the SRU proposed queue using the stable release branches you just created. |
938 | * Ask them to tag the PR with the appropriate `upload/<version>` tag so git-ubuntu will import rich commit history. |
939 | diff --git a/dev-docs/howtoguides/testing.md b/dev-docs/howtoguides/testing.md |
940 | index fb0519a..37d6cb2 100644 |
941 | --- a/dev-docs/howtoguides/testing.md |
942 | +++ b/dev-docs/howtoguides/testing.md |
943 | @@ -175,17 +175,6 @@ To specifically run non-ubuntu pro tests using canonical cloud-images an |
944 | additional token obtained from https://ubuntu.com/pro needs to be set: |
945 | - UACLIENT_BEHAVE_CONTRACT_TOKEN=<your_token> |
946 | |
947 | -By default, the public AMIs for Ubuntu Pro testing used for each Ubuntu |
948 | -release are defined in features/aws-ids.yaml. These ami-ids are determined by |
949 | -running `./tools/refresh-aws-pro-ids`. |
950 | - |
951 | -Integration tests will read features/aws-ids.yaml to determine which default |
952 | -AMI id to use for each supported Ubuntu release. |
953 | - |
954 | -To update `features/aws-ids.yaml`, run `./tools/refresh-aws-pro-ids` and put up |
955 | -a pull request against this repo to updated that content from the ua-contracts |
956 | -marketplace definitions. |
957 | - |
958 | * To manually run EC2 integration tests with a specific AMI Id provide the |
959 | following environment variable to launch your specific AMI instead of building |
960 | a daily ubuntu-advantage-tools image. |
961 | diff --git a/dev-docs/references/directory_layout.md b/dev-docs/references/directory_layout.md |
962 | index 241fa36..ccee76b 100644 |
963 | --- a/dev-docs/references/directory_layout.md |
964 | +++ b/dev-docs/references/directory_layout.md |
965 | @@ -14,7 +14,6 @@ The following describes the intent of Ubuntu Pro Client related directories: |
966 | | uaclient.messages | Module that contains the messages delivered by `pro` to the user | |
967 | | uaclient.security | Module that hold the logic used to run `pro fix` commands | |
968 | | ./apt-hook/ | the C++ apt-hook delivering MOTD and apt command notifications about Ubuntu Pro support services | |
969 | -| ./apt-conf.d/ | apt config files delivered to /etc/apt/apt-conf.d to automatically allow unattended upgrades of ESM security-related components. If apt proxy settings are configured, an additional apt config file will be placed here to configure the apt proxy. | |
970 | | /etc/ubuntu-advantage/uaclient.conf | Configuration file for the Ubuntu Pro Client.| |
971 | | /var/lib/ubuntu-advantage/private | `root` read-only directory containing Contract API responses, machine-tokens and service credentials | |
972 | | /var/lib/ubuntu-advantage/machine-token.json | `world` readable file containing redacted Contract API responses, machine-tokens and service credentials | |
973 | diff --git a/dev-docs/references/version_string_formatting.md b/dev-docs/references/version_string_formatting.md |
974 | index 98c150e..59f163c 100644 |
975 | --- a/dev-docs/references/version_string_formatting.md |
976 | +++ b/dev-docs/references/version_string_formatting.md |
977 | @@ -5,10 +5,10 @@ Below are the versioning schemes used for publishing debs: |
978 | | Build target | Version Format | |
979 | | --------------------------------------------------------------------------------- | ------------------------------------------ | |
980 | | [Daily PPA](https://code.launchpad.net/~canonical-server/+recipe/ua-client-daily) | `XX.YY-<revno>~g<commitish>~ubuntu22.04.1` | |
981 | -| Staging PPA | `XX.YY~22.04.1~rc1` | |
982 | -| Stable PPA | `XX.YY~22.04.1~stableppa1` | |
983 | -| Archive release | `XX.YY~22.04.1` | |
984 | -| Archive bugfix release | `XX.YY.Z~22.04.1` | |
985 | +| Staging PPA | `XX.YY~22.04~rc1` | |
986 | +| Stable PPA | `XX.YY~22.04~stableppa1` | |
987 | +| Archive release | `XX.YY~22.04` | |
988 | +| Archive bugfix release | `XX.YY.Z~22.04` | |
989 | |
990 | ## Supported upgrade paths on same upstream version |
991 | |
992 | @@ -18,10 +18,10 @@ This table demonstrates upgrade paths between sources for one particular upstrea |
993 | |
994 | | Upgrade path | Version diff example | |
995 | | ------------------------------- | ----------------------------------------------------------------------- | |
996 | -| Staging to Next Staging rev | `31.4~22.04.1~rc1` ➜ `31.4~22.04.1~rc2` | |
997 | -| Staging to Stable | `31.4~22.04.1~rc2` ➜ `31.4~22.04.1~stableppa1` | |
998 | -| Stable to Next Stable rev | `31.4~22.04.1~stableppa1` ➜ `31.4~22.04.1~stableppa2` | |
999 | -| Stable to Archive | `31.4~22.04.1~stableppa2` ➜ `31.4~22.04.1` | |
1000 | -| LTS Archive to Next LTS Archive | `31.4~22.04.1` ➜ `31.4~24.04.1` | |
1001 | -| Archive to Daily | `31.4~24.04.1` ➜ `31.4-1500~g75fa134~ubuntu24.04.1` | |
1002 | +| Staging to Next Staging rev | `31.4~22.04~rc1` ➜ `31.4~22.04~rc2` | |
1003 | +| Staging to Stable | `31.4~22.04~rc2` ➜ `31.4~22.04~stableppa1` | |
1004 | +| Stable to Next Stable rev | `31.4~22.04~stableppa1` ➜ `31.4~22.04~stableppa2` | |
1005 | +| Stable to Archive | `31.4~22.04~stableppa2` ➜ `31.4~22.04` | |
1006 | +| LTS Archive to Next LTS Archive | `31.4~22.04` ➜ `31.4~24.04` | |
1007 | +| Archive to Daily | `31.4~24.04` ➜ `31.4-1500~g75fa134~ubuntu24.04.1` | |
1008 | | Daily to Next Daily | `31.4-1500~g75fa134~ubuntu24.04.1` ➜ `31.4-1501~g3836375~ubuntu24.04.1` | |
1009 | diff --git a/docs/_static/js/github_issue_links.js b/docs/_static/js/github_issue_links.js |
1010 | index e449b4e..d339060 100644 |
1011 | --- a/docs/_static/js/github_issue_links.js |
1012 | +++ b/docs/_static/js/github_issue_links.js |
1013 | @@ -2,7 +2,7 @@ window.onload = function() { |
1014 | const link = document.createElement("a"); |
1015 | link.classList.add("muted-link"); |
1016 | link.classList.add("github-issue-link"); |
1017 | - link.text = "Have a question?"; |
1018 | + link.text = "Give feedback"; |
1019 | link.href = ( |
1020 | "https://github.com/canonical/ubuntu-pro-client/issues/new?" |
1021 | + "title=docs%3A+TYPE+YOUR+QUESTION+HERE" |
1022 | diff --git a/docs/conf.py b/docs/conf.py |
1023 | index 8dd4d59..f1f82b0 100644 |
1024 | --- a/docs/conf.py |
1025 | +++ b/docs/conf.py |
1026 | @@ -38,6 +38,11 @@ extensions = [ |
1027 | |
1028 | templates_path = ["_templates"] |
1029 | |
1030 | +html_extra_path = [ |
1031 | + "googleaf254801a5285c31.html", |
1032 | + "sitemap-index.xml" |
1033 | +] |
1034 | + |
1035 | # List of patterns, relative to source directory, that match files and |
1036 | # directories to ignore when looking for source files. |
1037 | # This pattern also affects html_static_path and html_extra_path. |
1038 | @@ -100,7 +105,7 @@ html_static_path = ["_static"] |
1039 | html_css_files = [ |
1040 | "css/logo.css", |
1041 | "css/github_issue_links.css", |
1042 | - "css/custom.css" |
1043 | + "css/custom.css", |
1044 | ] |
1045 | html_js_files = [ |
1046 | "js/github_issue_links.js", |
1047 | diff --git a/docs/explanations.rst b/docs/explanations.rst |
1048 | index a424451..78adb85 100644 |
1049 | --- a/docs/explanations.rst |
1050 | +++ b/docs/explanations.rst |
1051 | @@ -27,6 +27,7 @@ selection of some of the commands -- what they do, and how they work. |
1052 | :maxdepth: 1 |
1053 | |
1054 | explanations/how_to_interpret_the_security_status_command.md |
1055 | + explanations/how_to_interpret_output_of_unattended_upgrades.md |
1056 | explanations/status_columns.md |
1057 | explanations/what_refresh_does.md |
1058 | |
1059 | @@ -48,6 +49,7 @@ Other Pro features explained |
1060 | .. toctree:: |
1061 | :maxdepth: 1 |
1062 | |
1063 | + explanations/cves_and_usns_explained.md |
1064 | explanations/what_are_the_timer_jobs.md |
1065 | explanations/what_is_the_daemon.md |
1066 | explanations/why_trusty_is_no_longer_supported.md |
1067 | diff --git a/docs/explanations/apt_messages.md b/docs/explanations/apt_messages.md |
1068 | index d4e62ef..edd50d2 100644 |
1069 | --- a/docs/explanations/apt_messages.md |
1070 | +++ b/docs/explanations/apt_messages.md |
1071 | @@ -25,7 +25,7 @@ Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04 |
1072 | |
1073 | ## LTS series with esm-apps service disabled |
1074 | |
1075 | -When you are running `apt upgraded` on a LTS release, like Focal, we advertise |
1076 | +When you are running `apt upgrade` on a LTS release, like Focal, we advertise |
1077 | the `esm-apps` service if packages could be upgraded by enabling the service: |
1078 | |
1079 | ``` |
1080 | diff --git a/docs/explanations/cves_and_usns_explained.md b/docs/explanations/cves_and_usns_explained.md |
1081 | new file mode 100644 |
1082 | index 0000000..272c1d8 |
1083 | --- /dev/null |
1084 | +++ b/docs/explanations/cves_and_usns_explained.md |
1085 | @@ -0,0 +1,44 @@ |
1086 | +# CVEs and USNs explained |
1087 | + |
1088 | +## What is a CVE |
1089 | + |
1090 | +Common Vulnerabilities and Exposures (CVEs) are a way to catalogue and track public security |
1091 | +vulnerabilities for a given software. Every CVE is identified through a unique identifier, |
1092 | +for example [CVE-2023-0465](https://www.cve.org/CVERecord?id=CVE-2023-0465). |
1093 | + |
1094 | +CVEs are maintained by the [MITRE Corporation](https://cve.mitre.org/) and the goal of the project |
1095 | +is to provide naming conventions for the public known security issues while also maintaining a |
1096 | +centralised repository for all of the security issues. This makes it easier for an organization to |
1097 | +submit a new security flaw though the CVE convention while also analysing any other existing CVEs |
1098 | +in the database. |
1099 | + |
1100 | +You can search for any existing CVE related to Ubuntu using |
1101 | +[the Ubuntu CVE page](https://ubuntu.com/security/cves). |
1102 | + |
1103 | +## What is a USN? |
1104 | + |
1105 | +An Ubuntu Security Notice (USN) is the way that Canonical publicly catalogues and displays security |
1106 | +vulneratibilities for Ubuntu packages. Usually, a USN is composed of one or more |
1107 | +[CVEs](#what-is-a-cve) and it also contains update instructions to fix the issue, if a fix is |
1108 | +already available. |
1109 | + |
1110 | +USNs follow a naming convention of the format: [USN-5963-1](https://ubuntu.com/security/notices/USN-5963-1) |
1111 | + |
1112 | +You can search for any existing USN using |
1113 | +[the Ubuntu Security Notices page](https://ubuntu.com/security/notices). |
1114 | + |
1115 | +## What are related USNs? |
1116 | + |
1117 | +A USN is composed of different CVEs. If the same CVE appears on multiple USNs, we say that those USNs are related. |
1118 | +In the following image, we can see a visual representation of that concept, where USN-789 and USN-321 |
1119 | +are related USNs because both are affected by CVE-2: |
1120 | + |
1121 | +![Related USN example](../images/usn-related.png) |
1122 | + |
1123 | + |
1124 | +A real example can be seen in [USN-5573-1](https://ubuntu.com/security/notices/USN-5573-1). |
1125 | +In the section **Related notices**, it shows that both **USN-5570-1** |
1126 | +and **USN-5570-2** are related to **USN-5573-1**. |
1127 | + |
1128 | +This information is useful for users that want to tackle |
1129 | +all related USNs at once, making sure that a CVE is fully fixed on their Ubuntu machine. |
1130 | diff --git a/docs/explanations/how_to_interpret_output_of_unattended_upgrades.md b/docs/explanations/how_to_interpret_output_of_unattended_upgrades.md |
1131 | new file mode 100644 |
1132 | index 0000000..714c14a |
1133 | --- /dev/null |
1134 | +++ b/docs/explanations/how_to_interpret_output_of_unattended_upgrades.md |
1135 | @@ -0,0 +1,82 @@ |
1136 | +# How to interpret the output of unattended-upgrades |
1137 | + |
1138 | +On Pro Client version 27.14~, we introduced the `u.pro.unattended_upgrades.status.v1` endpoint. |
1139 | +This endpoint is designed to provide users with an overview of the configuration and setup for |
1140 | +unattended-upgrades on the machine. The expected output follows this JSON example: |
1141 | + |
1142 | +```json |
1143 | +{ |
1144 | + "_schema_version": "v1", |
1145 | + "data": { |
1146 | + "attributes": { |
1147 | + "apt_periodic_job_enabled": true, |
1148 | + "package_lists_refresh_frequency_days": 1, |
1149 | + "systemd_apt_timer_enabled": true, |
1150 | + "unattended_upgrades_allowed_origins": [ |
1151 | + "${distro_id}:${distro_codename}", |
1152 | + "${distro_id}:${distro_codename}-security", |
1153 | + "${distro_id}ESMApps:${distro_codename}-apps-security", |
1154 | + "${distro_id}ESM:${distro_codename}-infra-security" |
1155 | + ], |
1156 | + "unattended_upgrades_disabled_reason": null, |
1157 | + "unattended_upgrades_frequency_days": 1, |
1158 | + "unattended_upgrades_last_run": null, |
1159 | + "unattended_upgrades_running": true |
1160 | + }, |
1161 | + "meta": { |
1162 | + "environment_vars": [], |
1163 | + "raw_config": { |
1164 | + "APT::Periodic::Enable": "1", |
1165 | + "APT::Periodic::Unattended-Upgrade": "1", |
1166 | + "APT::Periodic::Update-Package-Lists": "1", |
1167 | + "Unattended-Upgrade::Allowed-Origins": [ |
1168 | + "${distro_id}:${distro_codename}", |
1169 | + "${distro_id}:${distro_codename}-security", |
1170 | + "${distro_id}ESMApps:${distro_codename}-apps-security", |
1171 | + "${distro_id}ESM:${distro_codename}-infra-security" |
1172 | + ] |
1173 | + } |
1174 | + }, |
1175 | + "type": "UnattendedUpgradesStatus" |
1176 | + }, |
1177 | + "errors": [], |
1178 | + "result": "success", |
1179 | + "version": "27.14~16.04.1", |
1180 | + "warnings": [] |
1181 | +} |
1182 | +``` |
1183 | + |
1184 | +As we can see from this output, we have a variable named `unattended_upgrades_running`. That variable |
1185 | +indicates if unattended-upgrades is properly configured and running on the machine. |
1186 | +The value of this field will only be `true` if *ALL* of the following prerequisites are also true: |
1187 | + |
1188 | +* *`apt_periodic_job_enable` is true*: That variable indicates if the APT::Periodic::Enable configuration variable |
1189 | + is turned on. If it is turned off, unattended-upgrades will not automatically run on the machine. |
1190 | +* *`package_lists_refresh_frequency_days` is non-zero*: That variable shows the value of APT::Periodic::Package-List-Frequency. |
1191 | + This configuration defines the daily frequency for updating package sources in the background. If it has a zero value, this step will never |
1192 | + happen and unattended-upgrades might not be able to install new versions of the packages. |
1193 | +* *`systemd_apt_timer_enabled` is true*: This variable is true if both `apt-daily.timer` and `apt-daily-upgrade.timer` are running |
1194 | + on the machine. These timers are the ones that control when unattended-upgrades run. The first job, `apt-daily.timer` is responsible |
1195 | + for triggering the code that downloads the lastest package information on the system. The second job, `apt-daily-upgrade.timer` is |
1196 | + responsible for running unattended-upgrades to download the latest version of the packages. If one of these jobs is disabled, |
1197 | + unattended-upgrades might not work as expected. |
1198 | +* *`unattended_upgrades_allowed_origins` is not empty*: This variable defines the origins that |
1199 | + unattended-upgrades can use to install a package. If that list is empty, no packages can be |
1200 | + installed and unattended-upgrades will not work as expected. |
1201 | +* *`unattended_upgrades_frequency_days` is non-zero*: That variable shows the value of |
1202 | + APT::Periodic::Unattended-Upgrade. This configuration defines the daily frequency for running |
1203 | + unattended-upgrades in the background. Therefore, if it has a zero value, the command will never |
1204 | + run. |
1205 | + |
1206 | + |
1207 | +If any of those conditions are not met, the variable |
1208 | +*unattended_upgrades_disabled_reason* will contain an object explaining why unattended-upgrades is |
1209 | +not running. For example, if `package_lists_refresh_frequency_days` has a zero value, we will see |
1210 | +the following value for *unattended_upgrades_disabled_reason*: |
1211 | + |
1212 | +```json |
1213 | +{ |
1214 | + "msg": "APT::Periodic::Update-Package-Lists is turned off", |
1215 | + "code": "unattended-upgrades-cfg-value-turned-off" |
1216 | +} |
1217 | +``` |
1218 | diff --git a/docs/explanations/motd_messages.md b/docs/explanations/motd_messages.md |
1219 | index 337a4bd..6a8f22b 100644 |
1220 | --- a/docs/explanations/motd_messages.md |
1221 | +++ b/docs/explanations/motd_messages.md |
1222 | @@ -2,21 +2,51 @@ |
1223 | |
1224 | When the Ubuntu Pro Client (`pro`) is installed on the system, it delivers |
1225 | custom messages on ["Message of the Day" (MOTD)](https://wiki.debian.org/motd). |
1226 | -Those messages are generated directly by two different sources. |
1227 | +Those messages are generated directly by three different sources. |
1228 | |
1229 | -## Python-scripted MOTD |
1230 | +* MOTD about available updates |
1231 | +* MOTD about important subscription conditions |
1232 | +* MOTD about ESM being available |
1233 | + |
1234 | +## MOTD about available updates |
1235 | |
1236 | The [update-notifier](https://wiki.ubuntu.com/UpdateNotifier) delivers a script |
1237 | -called `apt_check.py`. With regards to Ubuntu Pro, this script is responsible |
1238 | -for: |
1239 | - |
1240 | +via the `update-notifier-common` package called |
1241 | +`/usr/lib/update-notifier/apt_check.py. |
1242 | +With regards to Ubuntu Pro, this script is responsible for: |
1243 | + |
1244 | * Informing the user about the status of one of the ESM services; `esm-apps` if |
1245 | the machine is an LTS series, or `esm-infra` if the series is in ESM mode. |
1246 | * Showing the number of `esm-infra` or `esm-apps` packages that can be upgraded |
1247 | on the machine. |
1248 | |
1249 | -For example, here is the output of the `apt_check.py` script on a LTS machine |
1250 | -when both of those services are enabled: |
1251 | +`update-notifier` has always added information about potential updates to |
1252 | +MOTD to raise user awareness. With the advent of Ubuntu Pro they are |
1253 | +just more differentiated. |
1254 | + |
1255 | +Note that if you run `apt_check.py` directly it might give you rather |
1256 | +unreadable output as it is meant for program use. You can add `--human-readable` |
1257 | +to see the information as it would be presented in MOTD. |
1258 | + |
1259 | +### Machine is unattached |
1260 | + |
1261 | +On a machine that runs an Ubuntu release for which the `esm-apps` service |
1262 | +is available, but not yet attached to an Ubuntu Pro subscription, there will |
1263 | +be a message notifying the user that there may be more security updates |
1264 | +available through ESM Apps. |
1265 | + |
1266 | +``` |
1267 | +Expanded Security Maintenance for Applications is not enabled. |
1268 | + |
1269 | +0 updates can be applied immediately. |
1270 | + |
1271 | +Enable ESM Apps to receive additional future security updates. |
1272 | +See https://ubuntu.com/esm or run: sudo pro status |
1273 | +``` |
1274 | + |
1275 | +### Machine is fully attached |
1276 | + |
1277 | +In the opposite situation, if an LTS machine has the `esm-infra` and `esm-apps` services enabled then users will see the following output in MOTD: |
1278 | |
1279 | ``` |
1280 | Expanded Security Maintenance for Applications is enabled. |
1281 | @@ -28,8 +58,16 @@ Expanded Security Maintenance for Applications is enabled. |
1282 | To see these additional updates run: apt list --upgradable |
1283 | ``` |
1284 | |
1285 | -However, if we were running this on an ESM series, we would instead see |
1286 | -`esm-infra` being advertised: |
1287 | +### Machine is fully attached, on an older release |
1288 | + |
1289 | +Above you have seen examples of recent (as in "still in their first 5 |
1290 | +years of support") Ubuntu releases, where the hint is about ESM Apps |
1291 | +extending the coverage to the universe repositories. |
1292 | + |
1293 | +However, if running on an Ubuntu release that has is already past the initial |
1294 | +5 years of support and has thereby entered Expanded Security Maintenance |
1295 | +(["ESM"](https://ubuntu.com/security/esm)), we would instead see |
1296 | +`esm-infra` (which provides coverage for another 5 years) being shown: |
1297 | |
1298 | ``` |
1299 | Expanded Security Maintenance Infrastructure is enabled. |
1300 | @@ -41,17 +79,19 @@ Expanded Security Maintenance Infrastructure is enabled. |
1301 | To see these additional updates run: apt list --upgradable |
1302 | ``` |
1303 | |
1304 | +### Partial service enablement |
1305 | + |
1306 | Now let's consider a scenario where one of these services is not enabled. For |
1307 | example, if `esm-apps` was disabled, the output will be: |
1308 | |
1309 | ``` |
1310 | Expanded Security Maintenance for Applications is not enabled. |
1311 | - |
1312 | + |
1313 | 6 updates can be applied immediately. |
1314 | 1 of these updates is a ESM Infra security update. |
1315 | 5 of these updates are standard security updates. |
1316 | To see these additional updates run: apt list --upgradable |
1317 | - |
1318 | + |
1319 | 5 additional security updates can be applied with ESM Apps |
1320 | Learn more about enabling ESM Apps for Ubuntu 16.04 at |
1321 | https://ubuntu.com/16-04 |
1322 | @@ -62,13 +102,13 @@ upgraded if that service was enabled. Note that we would deliver the same |
1323 | information for `esm-infra` if the service was disabled and the series running |
1324 | on the machine is in ESM state. |
1325 | |
1326 | -## MOTD through Ubuntu Pro timer jobs |
1327 | +## MOTD about important subscription conditions |
1328 | |
1329 | -One of the timer jobs Ubuntu Pro uses can insert additional messages into MOTD. |
1330 | -These messages will be always delivered before or after the content created by |
1331 | -the Python script delivered by `update-notifier`. These additional messages are |
1332 | -generated when `pro` detects that certain conditions on the machine have been |
1333 | -met. They are: |
1334 | +One of the [timer jobs](https://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/explanations/what_are_the_timer_jobs.html) |
1335 | +Ubuntu Pro uses can insert additional messages into MOTD. |
1336 | +These messages will be always delivered next to the content created by |
1337 | +`update-notifier`. These additional messages are generated when `pro` |
1338 | +detects that certain conditions on the machine have been met. They are: |
1339 | |
1340 | ### Subscription expired |
1341 | |
1342 | @@ -104,8 +144,69 @@ coverage for your applications. |
1343 | Your grace period will expire in 9 days. |
1344 | ``` |
1345 | |
1346 | -### How are these messages updated and inserted into MOTD? |
1347 | +## MOTD about ESM being available |
1348 | + |
1349 | +When Ubuntu Pro became generally available, a temporary announcement was made |
1350 | +through MOTD. This was intended to raise awareness of Pro now being available |
1351 | +and free for personal use, and was shown on systems that could be covered |
1352 | +by `esm-apps`. |
1353 | +It looked like: |
1354 | + |
1355 | +``` |
1356 | + * Introducing Expanded Security Maintenance for Applications. |
1357 | + Receive updates to over 25,000 software packages with your |
1358 | + Ubuntu Pro subscription. Free for personal use. |
1359 | + |
1360 | + https://ubuntu.com/pro |
1361 | +``` |
1362 | + |
1363 | +Since this message was intended as a limited-time announcement to coincide |
1364 | +with the release of Ubuntu Pro into general availability, it was removed in |
1365 | +27.14. |
1366 | + |
1367 | +## How are these messages inserted into MOTD and how can I disable them? |
1368 | + |
1369 | +Just as there are different purposes to the messages outlined above, |
1370 | +there are different sources producing these MOTD elements that one |
1371 | +sees at login. |
1372 | + |
1373 | +Those messages are considered important to ensure user awareness about |
1374 | +the free additional security coverage provided by Ubuntu Pro and about |
1375 | +not-yet-applied potential updates in general. Therefore it is generally not |
1376 | +recommended to disable them. But still, you can selectively disable them |
1377 | +by removing the config files that add them, as outlined below. |
1378 | + |
1379 | +Removing those files is considered a conffile change to customize a program |
1380 | +and they will stay removed even on future upgrades or re-installations of the |
1381 | +related packages. |
1382 | + |
1383 | +If you realize that you actually need them back you need |
1384 | +to reinstall the related packages and tell apt/dpkg to offer you to restore |
1385 | +those files via: |
1386 | + |
1387 | +``` |
1388 | +sudo apt install --reinstall -o Dpkg::Options::="--force-confask" ubuntu-advantage-tools update-notifier-common |
1389 | +``` |
1390 | + |
1391 | +## Source: MOTD about available updates |
1392 | + |
1393 | +1. `update-notifier-common` has a hook `/etc/apt/apt.conf.d/99update-notifier` that runs after `apt update`. |
1394 | +2. That hook will update the information in `/var/lib/update-notifier/updates-available` matching the new package information that was just fetched by using `/usr/lib/update-notifier/apt-check --human-readable`. |
1395 | +3. At MOTD generation time, the script located at `/etc/update-motd.d/90-updates-available` checks if `/var/lib/update-notifier/updates-available` exists and if it does, inserts the message into the full MOTD. |
1396 | + |
1397 | +If you want to disable any message of update-notifier (not just related to Ubuntu Pro and ESM) about potentially available updates remove `/etc/update-motd.d/90-updates-available`. |
1398 | |
1399 | -1. The contract status is checked periodically in the background when the machine is attached to an Ubuntu Pro contract. |
1400 | -2. If one of the above messages applies to the contract that the machine is attached to, then the message is stored in `/var/lib/ubuntu-advantage/messages/motd-contract-status`. |
1401 | +## Source: MOTD about important subscription conditions |
1402 | + |
1403 | +1. The subscription status is checked periodically in the background when the machine is attached to an Ubuntu Pro subscription. |
1404 | +2. If one of the above conditions applies to the subscription that the machine is attached to (there are no messages generated by this for unattached machines), then the message is stored in `/var/lib/ubuntu-advantage/messages/motd-contract-status`. |
1405 | 3. At MOTD generation time, the script located at `/etc/update-motd.d/91-contract-ua-esm-status` checks if `/var/lib/ubuntu-advantage/messages/motd-contract-status` exists and if it does, inserts the message into the full MOTD. |
1406 | + |
1407 | +If you want to disable any message about important conditions of your attached subscription remove `/etc/update-motd.d/91-contract-ua-esm-status`. |
1408 | + |
1409 | +## Source: MOTD about ESM being available |
1410 | + |
1411 | +1. `pro` checks regularly if a system would have `esm-apps` available to it and if so places a message in `/var/lib/ubuntu-advantage/messages/motd-esm-announce`. |
1412 | +2. At MOTD generation time, the script located at `/etc/update-motd.d/88-esm-announce` checks if `/var/lib/ubuntu-advantage/messages/motd-esm-announce` exists and if it does, inserts the message into the full MOTD. |
1413 | + |
1414 | +If you want to disable the ESM announcement remove `/etc/update-motd.d/88-esm-announce` (or upgrade to 27.14 or later which will remove it for you). |
1415 | diff --git a/docs/explanations/status_columns.md b/docs/explanations/status_columns.md |
1416 | index 1447b44..6e79449 100644 |
1417 | --- a/docs/explanations/status_columns.md |
1418 | +++ b/docs/explanations/status_columns.md |
1419 | @@ -101,3 +101,105 @@ allow_beta: True |
1420 | It's important to keep in mind that any feature defined like this will be |
1421 | listed, even if it is invalid or typed the wrong way. Those appear in `status` |
1422 | output for informational and debugging purposes. |
1423 | + |
1424 | +## Machine-readable output |
1425 | + |
1426 | +The `pro status` command supports a `--format` flag with options including `json` and `yaml`. These result in a machine-readable form of the information presented by the `pro status` command. |
1427 | + |
1428 | +```{note} |
1429 | +`pro status` should return the same results whether using `sudo` or not, but earlier versions did not always do this. We recommend using `sudo` whenever possible. |
1430 | +``` |
1431 | + |
1432 | +For example, running `sudo pro status --format=json` on an attached machine may give you something like this: |
1433 | +```javascript |
1434 | +{ |
1435 | + "_doc": "Content provided in json response is currently considered Experimental and may change", |
1436 | + "_schema_version": "0.1", |
1437 | + "account": { |
1438 | + "created_at": "2000-01-02T03:04:05+06:00", |
1439 | + "id": "account_id", |
1440 | + "name": "Test" |
1441 | + }, |
1442 | + "attached": true, |
1443 | + "config": { ...effectiveConfiguration }, |
1444 | + "config_path": "/etc/ubuntu-advantage/uaclient.conf", |
1445 | + "contract": { |
1446 | + "created_at": "2000-01-02T03:04:05+06:00", |
1447 | + "id": "contract_id", |
1448 | + "name": "contract_name", |
1449 | + "products": [ "uaa-essential" ], |
1450 | + "tech_support_level": "essential" |
1451 | + }, |
1452 | + "effective": null, |
1453 | + "environment_vars": [...proClientEnvironmentVariables], |
1454 | + "errors": [], |
1455 | + "execution_details": "No Ubuntu Pro operations are running", |
1456 | + "execution_status": "inactive", |
1457 | + "expires": "9999-12-31T00:00:00+00:00", |
1458 | + "features": {}, |
1459 | + "machine_id": "machine_id", |
1460 | + "notices": [], |
1461 | + "result": "success", |
1462 | + "services": [ |
1463 | + { |
1464 | + "available": "yes", |
1465 | + "blocked_by": [], |
1466 | + "description": "Expanded Security Maintenance for Applications", |
1467 | + "description_override": null, |
1468 | + "entitled": "yes", |
1469 | + "name": "esm-apps", |
1470 | + "status": "enabled", |
1471 | + "status_details": "Ubuntu Pro: ESM Apps is active", |
1472 | + "warning": null |
1473 | + }, |
1474 | + { |
1475 | + "available": "yes", |
1476 | + "blocked_by": [], |
1477 | + "description": "Expanded Security Maintenance for Infrastructure", |
1478 | + "description_override": null, |
1479 | + "entitled": "yes", |
1480 | + "name": "esm-infra", |
1481 | + "status": "enabled", |
1482 | + "status_details": "Ubuntu Pro: ESM Infra is active", |
1483 | + "warning": null |
1484 | + }, |
1485 | + { |
1486 | + "available": "yes", |
1487 | + "blocked_by": [], |
1488 | + "description": "Canonical Livepatch service", |
1489 | + "description_override": null, |
1490 | + "entitled": "yes", |
1491 | + "name": "livepatch", |
1492 | + "status": "enabled", |
1493 | + "status_details": "", |
1494 | + "warning": null |
1495 | + }, |
1496 | + ...otherServiceStatusObjects |
1497 | + ], |
1498 | + "simulated": false, |
1499 | + "version": "27.13.6~18.04.1", |
1500 | + "warnings": [] |
1501 | +} |
1502 | +``` |
1503 | + |
1504 | +Some particularly important attributes in the output include: |
1505 | +* `attached`: This boolean value indicates whether this machine is attached to an Ubuntu Pro account. This does not tell you if any particular service (e.g. `esm-infra`) is enabled. You must check the individual service item in the `services` list for that status (described below). |
1506 | +* `expires`: This is the date that the Ubuntu Pro subscription is valid until (in RFC3339 format). After this date has passed the machine should be treated as if not attached and no services are enabled. `attached` may still say `true` and services may still say they are `entitled` and `enabled`, but if the `expires` date has passed, you should assume the services are not functioning. |
1507 | +* `services`: This is a list of Ubuntu Pro services. Each item has its own attributes. Widely applicable services include those with `name` equal to `esm-infra`, `esm-apps`, and `livepatch`. Some important fields in each service object are: |
1508 | + * `name`: The name of the service. |
1509 | + * `entitled`: A boolean indicating whether the attached Ubuntu Pro account is allowed to enable this service. |
1510 | + * `status`: A string indicating the service's current status on the machine. Any value other than `enabled` should be treated as if the service is not enabled and not working properly on the machine. Possible values are: |
1511 | + * `enabled`: The service is enabled and working. |
1512 | + * `disabled`: The service can be enabled but is not currently. |
1513 | + * `n/a`: The service cannot be enabled on this machine. |
1514 | + * `warning`: The service is supposed to be enabled but something is wrong. Check the `warning` field in the service item for additional information. |
1515 | + |
1516 | +For example, if you want to programatically find the status of esm-infra on a particular machine, you can use the following command: |
1517 | +```shell |
1518 | +sudo pro status --format=json | jq '.services[] | select(.name == "esm-infra").status' |
1519 | +``` |
1520 | +That command will print one of the `status` values defined above. |
1521 | + |
1522 | +```{attention} |
1523 | +In an future version of Ubuntu Pro Client, there will be an [API](../references/api.md) function to access this information. For now, though, `pro status --format=json` is the recommended machine-readable interface to this data. |
1524 | +``` |
1525 | diff --git a/docs/googleaf254801a5285c31.html b/docs/googleaf254801a5285c31.html |
1526 | new file mode 100644 |
1527 | index 0000000..b603071 |
1528 | --- /dev/null |
1529 | +++ b/docs/googleaf254801a5285c31.html |
1530 | @@ -0,0 +1 @@ |
1531 | +google-site-verification: googleaf254801a5285c31.html |
1532 | \ No newline at end of file |
1533 | diff --git a/docs/howtoguides.rst b/docs/howtoguides.rst |
1534 | index 7127394..5b93de6 100644 |
1535 | --- a/docs/howtoguides.rst |
1536 | +++ b/docs/howtoguides.rst |
1537 | @@ -59,6 +59,7 @@ How to use ``pro`` commands |
1538 | :maxdepth: 1 |
1539 | |
1540 | Run `fix` in "dry run" mode <howtoguides/how_to_run_fix_in_dry_run_mode.md> |
1541 | + Skip fixing related USNs <howtoguides/how_to_not_fix_related_usns.md> |
1542 | |
1543 | ``refresh`` |
1544 | ----------- |
1545 | diff --git a/docs/howtoguides/enable_fips.md b/docs/howtoguides/enable_fips.md |
1546 | index 8f614fb..4fe8b8a 100644 |
1547 | --- a/docs/howtoguides/enable_fips.md |
1548 | +++ b/docs/howtoguides/enable_fips.md |
1549 | @@ -36,5 +36,5 @@ been installed: |
1550 | ``` |
1551 | Installing FIPS packages |
1552 | FIPS enabled |
1553 | -A reboot is required to complete installl |
1554 | +A reboot is required to complete install. |
1555 | ``` |
1556 | diff --git a/docs/howtoguides/get_rid_of_corrupt_lock.md b/docs/howtoguides/get_rid_of_corrupt_lock.md |
1557 | index 03da4a3..17e8e37 100644 |
1558 | --- a/docs/howtoguides/get_rid_of_corrupt_lock.md |
1559 | +++ b/docs/howtoguides/get_rid_of_corrupt_lock.md |
1560 | @@ -2,7 +2,7 @@ |
1561 | |
1562 | Some pro commands (`attach`, `enable`, `detach` and `disable`) will potentially change the |
1563 | internal state of your system. Since those commands can run in parallel, we have a lock file |
1564 | -mechanism to guarantee that only one of these commands can run at the same time. The lock follow |
1565 | +mechanism to guarantee that only one of these commands can run at the same time. The lock follows |
1566 | this pattern: |
1567 | |
1568 | ``` |
1569 | diff --git a/docs/howtoguides/get_token_and_attach.md b/docs/howtoguides/get_token_and_attach.md |
1570 | index 41726ef..ff15c15 100644 |
1571 | --- a/docs/howtoguides/get_token_and_attach.md |
1572 | +++ b/docs/howtoguides/get_token_and_attach.md |
1573 | @@ -1,10 +1,21 @@ |
1574 | # How to get an Ubuntu Pro token and attach to a subscription |
1575 | |
1576 | +## Get an Ubuntu Pro token |
1577 | + |
1578 | Retrieve your Ubuntu Pro token from the |
1579 | -[Ubuntu Pro portal](https://ubuntu.com/pro/). You will log in with your "Single |
1580 | +[Ubuntu Pro portal](https://ubuntu.com/pro/). Log in with your "Single |
1581 | Sign On" credentials, the same credentials you use for https://login.ubuntu.com. |
1582 | -Note that you can obtain a free personal token, which provides you with access |
1583 | -to several of the Ubuntu Pro services. |
1584 | + |
1585 | +Being logged in you can then go to the |
1586 | +[Ubuntu Pro Dashboard](https://ubuntu.com/pro/dashboard) that is associated to |
1587 | +your user. It will show you all subscriptions currently available to you and |
1588 | +for each the associated token. |
1589 | + |
1590 | +Note that even without buying anything you can always obtain a free personal |
1591 | +token that way, which provides you with access to several of the Ubuntu Pro |
1592 | +services. |
1593 | + |
1594 | +## Attach to a subscription |
1595 | |
1596 | Once that token is obtained, to attach your machine to a subscription, just run: |
1597 | |
1598 | @@ -35,3 +46,26 @@ Enable services with: pro enable <service> |
1599 | Once the Ubuntu Pro Client is attached to your Ubuntu Pro account, you can use |
1600 | it to activate various services, including: access to ESM packages, Livepatch, |
1601 | FIPS, and CIS. Some features are specific to certain LTS releases. |
1602 | + |
1603 | +## Control of auto-enabled services |
1604 | + |
1605 | +Your subscription controls which services are available to you and which ones |
1606 | +you can manage via the [Ubuntu Pro Dashboard](https://ubuntu.com/pro/dashboard). |
1607 | + |
1608 | +Recommended services are auto-enabled by default when attaching a system. |
1609 | +You can choose which of the available services will be automatically |
1610 | +enabled or disabled when you attach by toggling them in the |
1611 | +[Ubuntu Pro Dashboard](https://ubuntu.com/pro/dashboard). |
1612 | +Available services can always be enabled or disabled on the command line |
1613 | +with `pro enable` and `pro disable` after attaching. |
1614 | + |
1615 | +![Toggling recommended services in the Pro Dashboard](pro-dashboard-service-toggles.png) |
1616 | + |
1617 | +If your subscription does not permit you to change the default |
1618 | +enabled services via the Dashboard, or if you want to keep the |
1619 | +defaults but do not want to auto-enable any services while attaching a particular |
1620 | +machine, you can pass the `--no-auto-enable` flag to `attach` using the following command: |
1621 | + |
1622 | +``` |
1623 | +$ sudo pro attach YOUR_TOKEN --no-auto-enable |
1624 | +``` |
1625 | diff --git a/docs/howtoguides/how_to_not_fix_related_usns.md b/docs/howtoguides/how_to_not_fix_related_usns.md |
1626 | new file mode 100644 |
1627 | index 0000000..c9fabf0 |
1628 | --- /dev/null |
1629 | +++ b/docs/howtoguides/how_to_not_fix_related_usns.md |
1630 | @@ -0,0 +1,65 @@ |
1631 | +# How to not fix related USNs |
1632 | + |
1633 | +When running the `pro fix` command for a USN, by default we also try to fix |
1634 | +any related USNs as well. To better understand the concept of related USNs, |
1635 | +you can refer to our [related USNs guide](../explanations/cves_and_usns_explained.md). |
1636 | +To make this clear, let's take a look into the following example: |
1637 | + |
1638 | +``` |
1639 | +USN-5573-1: rsync vulnerability |
1640 | +Found CVEs: |
1641 | + - https://ubuntu.com/security/CVE-2022-37434 |
1642 | + |
1643 | +Fixing requested USN-5573-1 |
1644 | +1 affected source package is installed: rsync |
1645 | +(1/1) rsync: |
1646 | +A fix is available in Ubuntu standard updates. |
1647 | +{ apt update && apt install --only-upgrade -y rsync } |
1648 | + |
1649 | +✔ USN-5573-1 is resolved. |
1650 | + |
1651 | +Found related USNs: |
1652 | +- USN-5570-1 |
1653 | +- USN-5570-2 |
1654 | + |
1655 | +Fixing related USNs: |
1656 | +- USN-5570-1 |
1657 | +No affected source packages are installed. |
1658 | + |
1659 | +✔ USN-5570-1 does not affect your system. |
1660 | + |
1661 | +- USN-5570-2 |
1662 | +1 affected source package is installed: zlib |
1663 | +(1/1) zlib: |
1664 | +A fix is available in Ubuntu standard updates. |
1665 | +{ apt update && apt install --only-upgrade -y zlib1g } |
1666 | + |
1667 | +✔ USN-5570-2 is resolved. |
1668 | + |
1669 | +Summary: |
1670 | +✔ USN-5573-1 [requested] is resolved. |
1671 | +✔ USN-5570-1 [related] does not affect your system. |
1672 | +✔ USN-5570-2 [related] is resolved. |
1673 | +``` |
1674 | + |
1675 | +We can see here that the `pro fix` command fixed the requested **USN-5573-1** while also |
1676 | +handling both **USN-5570-1** and **USN-5570-2**, which are related to the requested USN. |
1677 | +If you don't want to fix any related USNs during the `fix` operation, just use the |
1678 | +`--no-related` flag. By running the command `pro fix USN-5573-1 --no-related` we would get |
1679 | +the following output instead: |
1680 | + |
1681 | +``` |
1682 | +USN-5573-1: rsync vulnerability |
1683 | +Found CVEs: |
1684 | + - https://ubuntu.com/security/CVE-2022-37434 |
1685 | + |
1686 | +Fixing requested USN-5573-1 |
1687 | +1 affected source package is installed: rsync |
1688 | +(1/1) rsync: |
1689 | +A fix is available in Ubuntu standard updates. |
1690 | +{ apt update && apt install --only-upgrade -y rsync } |
1691 | + |
1692 | +✔ USN-5573-1 is resolved. |
1693 | +``` |
1694 | + |
1695 | +Note that we have not analysed or tried to fix any related USNs |
1696 | diff --git a/docs/howtoguides/pro-dashboard-service-toggles.png b/docs/howtoguides/pro-dashboard-service-toggles.png |
1697 | new file mode 100644 |
1698 | index 0000000..90095f5 |
1699 | Binary files /dev/null and b/docs/howtoguides/pro-dashboard-service-toggles.png differ |
1700 | diff --git a/docs/images/usn-related.png b/docs/images/usn-related.png |
1701 | new file mode 100644 |
1702 | index 0000000..9db73c0 |
1703 | Binary files /dev/null and b/docs/images/usn-related.png differ |
1704 | diff --git a/docs/index.rst b/docs/index.rst |
1705 | index b63cce0..d07dd4d 100644 |
1706 | --- a/docs/index.rst |
1707 | +++ b/docs/index.rst |
1708 | @@ -63,9 +63,10 @@ using it! |
1709 | |
1710 | - **Having trouble?** |
1711 | We would like to help! To get help on a specific page in this documentation, |
1712 | - simply click on the "Have a question?" link at the top of that page. This |
1713 | + simply click on the "Give feedback" link at the top of that page. This |
1714 | will open up an issue in GitHub where you can tell us more about the problem |
1715 | - you're having and we will do our best to resolve it for you. |
1716 | + you're having or suggestion you'd like to make, and we will do our best to |
1717 | + resolve it for you. |
1718 | |
1719 | - **Found a bug?** |
1720 | You can `Report bugs on Launchpad`_! |
1721 | diff --git a/docs/references/api.md b/docs/references/api.md |
1722 | index 4708d9b..9c40f60 100644 |
1723 | --- a/docs/references/api.md |
1724 | +++ b/docs/references/api.md |
1725 | @@ -75,6 +75,28 @@ except ImportError: |
1726 | |
1727 | You could do something similar by catching certain errors when using the `pro api` subcommand, but there are more cases that could indicate an old version, and it generally isn't recommended. |
1728 | |
1729 | + |
1730 | +### Errors and Warnings fields |
1731 | + |
1732 | +When using the API through the CLI, we use two distinct fields to list issues to the users; *errors* |
1733 | +and *warnings*. Both of those fields will contain a list of JSON objects explaining unexpected |
1734 | +behavior during the execution of a command. For example, the *errors* field will be populated like |
1735 | +this if we have a connectivity issue when running a `pro api` command: |
1736 | + |
1737 | +```json |
1738 | +[ |
1739 | + { |
1740 | + "msg": "Failed to connect to authentication server", |
1741 | + "code": "connectivity-error", |
1742 | + "meta": {} |
1743 | + } |
1744 | +] |
1745 | +``` |
1746 | + |
1747 | +Finally, *warnings* follow the exact same structure as *errors*. The only difference is that |
1748 | +*warnings* means that the command was able to complete although unexpected scenarios happened |
1749 | +when executing the command. |
1750 | + |
1751 | ## Available endpoints |
1752 | The currently available endpoints are: |
1753 | - [u.pro.version.v1](#uproversionv1) |
1754 | @@ -89,6 +111,7 @@ The currently available endpoints are: |
1755 | - [u.pro.packages.summary.v1](#upropackagessummaryv1) |
1756 | - [u.pro.packages.updates.v1](#upropackagesupdatesv1) |
1757 | - [u.security.package_manifest.v1](#usecuritypackage_manifestv1) |
1758 | +- [u.unattended_upgrades.status.v1](#uunattended_upgradesstatusv1) |
1759 | |
1760 | ## u.pro.version.v1 |
1761 | |
1762 | @@ -801,3 +824,105 @@ pro api u.security.package_manifest.v1 |
1763 | "package_manifest":"package1\t1.0\npackage2\t2.3\n" |
1764 | } |
1765 | ``` |
1766 | + |
1767 | +## u.unattended_upgrades.status.v1 |
1768 | + |
1769 | +Introduced in Ubuntu Pro Client Version: `27.14~` |
1770 | + |
1771 | +Returns the status around unattended-upgrades. The focus of the endpoint |
1772 | +is to verify if the application is running and how it is configured on |
1773 | +the machine. |
1774 | + |
1775 | +```{important} |
1776 | +For this endpoint, we deliver a unique key under `meta` called `raw_config`. This field contains |
1777 | +all related unattended-upgrades configurations unparsed. This means that this field will maintain |
1778 | +both original name and values for those configurations. |
1779 | +``` |
1780 | + |
1781 | +### Args |
1782 | + |
1783 | +This endpoint takes no arguments. |
1784 | + |
1785 | +### Python API interaction |
1786 | + |
1787 | +#### Calling from Python code |
1788 | + |
1789 | +```python |
1790 | +from uaclient.api.u.unattended_upgrades.status.v1 import status |
1791 | + |
1792 | +result = status() |
1793 | +``` |
1794 | + |
1795 | +#### Expected return object: |
1796 | +`uaclient.api.u.unattended_upgrades.status.v1.UnattendedUpgradesStatusResult |
1797 | + |
1798 | +|Field Name|Type|Description| |
1799 | +|-|-|-| |
1800 | +|`systemd_apt_timer_enabled`|*bool*|Indicate if the apt-daily.timer jobs are enabled| |
1801 | +|`apt_periodic_job_enabled`|*bool*|Indicate if the APT::Periodic::Enabled configuration is turned off| |
1802 | +|`package_lists_refresh_frequency_days`|*int*|The value of the APT::Periodic::Update-Package-Lists configuration| |
1803 | +|`unattended_upgrades_frequency_days`|*int*|The value of the APT::Periodic::Unattended-Upgrade configuration| |
1804 | +|`unattended_upgrades_allowed_origins`|*List[str]*|The value of the Unattended-Upgrade::Allowed-Origins configuration| |
1805 | +|`unattended_upgrades_running`|*bool*|Indicate if the unattended-upgrade service is correctly configured and running| |
1806 | +|`unattended_upgrades_disabled_reason`|*object*|Object that explains why unattended-upgrades is not running. In case the application is running, the object will be null| |
1807 | +|`unatteded_upgrades_last_run`|`datetime.datetime`|The last time unattended-upgrades has run| |
1808 | + |
1809 | +`uaclient.api.u.unattended_upgrades.status.v1.UnattendedUpgradesStatusDisabledReason` |
1810 | + |
1811 | +|Field Name|Type|Description| |
1812 | +|-|-|-| |
1813 | +|`msg`|*str*|The reason why unattended-upgrades is not running in the system| |
1814 | +|`code`|*str*|The message code associated with the message| |
1815 | + |
1816 | +### Raised exceptions |
1817 | + |
1818 | +- `UnattendedUpgradesError`: Raised in case we cannot run a necessary command to show the status |
1819 | + of unattended-upgrades |
1820 | + |
1821 | +### CLI interaction |
1822 | + |
1823 | +#### Calling from the CLI: |
1824 | + |
1825 | +```bash |
1826 | +pro api u.unattended_upgrades.status.v1 |
1827 | +``` |
1828 | + |
1829 | +#### Expected attributes in JSON structure |
1830 | + |
1831 | +```json |
1832 | +{ |
1833 | + "apt_periodic_job_enabled": true, |
1834 | + "package_lists_refresh_frequency_days": 1, |
1835 | + "systemd_apt_timer_enabled": true, |
1836 | + "unattended_upgrades_allowed_origins": [ |
1837 | + "${distro_id}:${distro_codename}", |
1838 | + "${distro_id}:${distro_codename}-security", |
1839 | + "${distro_id}ESMApps:${distro_codename}-apps-security", |
1840 | + "${distro_id}ESM:${distro_codename}-infra-security" |
1841 | + ], |
1842 | + "unattended_upgrades_disabled_reason": null, |
1843 | + "unattended_upgrades_frequency_days": 1, |
1844 | + "unattended_upgrades_last_run": null, |
1845 | + "unattended_upgrades_running": true |
1846 | +} |
1847 | +``` |
1848 | + |
1849 | +#### Possible attributes in JSON meta field |
1850 | +```json |
1851 | +{ |
1852 | + "meta": { |
1853 | + "environment_vars": [], |
1854 | + "raw_config": { |
1855 | + "APT::Periodic::Enable": "1", |
1856 | + "APT::Periodic::Unattended-Upgrade": "1", |
1857 | + "APT::Periodic::Update-Package-Lists": "1", |
1858 | + "Unattended-Upgrade::Allowed-Origins": [ |
1859 | + "${distro_id}:${distro_codename}", |
1860 | + "${distro_id}:${distro_codename}-security", |
1861 | + "${distro_id}ESMApps:${distro_codename}-apps-security", |
1862 | + "${distro_id}ESM:${distro_codename}-infra-security" |
1863 | + ] |
1864 | + } |
1865 | + } |
1866 | +} |
1867 | +``` |
1868 | diff --git a/docs/references/network_requirements.md b/docs/references/network_requirements.md |
1869 | index cb25256..ffbeffd 100644 |
1870 | --- a/docs/references/network_requirements.md |
1871 | +++ b/docs/references/network_requirements.md |
1872 | @@ -10,7 +10,7 @@ access to: |
1873 | |
1874 | ```{seealso} |
1875 | |
1876 | -You can also refer to our [Proxy Configuration guide](/../howtoguides/configure_proxies.md) |
1877 | +You can also refer to our [Proxy Configuration guide](../howtoguides/configure_proxies.md) |
1878 | to learn how to inform Ubuntu Pro Client of HTTP(S)/APT proxies. |
1879 | ``` |
1880 | |
1881 | diff --git a/docs/sitemap-index.xml b/docs/sitemap-index.xml |
1882 | new file mode 100644 |
1883 | index 0000000..efce50f |
1884 | --- /dev/null |
1885 | +++ b/docs/sitemap-index.xml |
1886 | @@ -0,0 +1,8 @@ |
1887 | +<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"> |
1888 | + <url> |
1889 | + <loc>https://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/</loc> |
1890 | + <changefreq>weekly</changefreq> |
1891 | + <priority>1.0</priority> |
1892 | + </url> |
1893 | +</urlset> |
1894 | + |
1895 | diff --git a/docs/tutorials/create_a_fips_updates_pro_cloud_image.md b/docs/tutorials/create_a_fips_updates_pro_cloud_image.md |
1896 | index e4427bc..10b87b3 100644 |
1897 | --- a/docs/tutorials/create_a_fips_updates_pro_cloud_image.md |
1898 | +++ b/docs/tutorials/create_a_fips_updates_pro_cloud_image.md |
1899 | @@ -1,8 +1,8 @@ |
1900 | -# Customised Cloud Ubuntu Pro images with FIPS updates |
1901 | +# How to customise a cloud Ubuntu Pro image with FIPS updates |
1902 | |
1903 | ## Launch an Ubuntu Pro instance on your cloud |
1904 | |
1905 | -See the following links for up to date information for each supported Cloud: |
1906 | +See the following links for up to date information for each supported cloud: |
1907 | |
1908 | * https://ubuntu.com/aws/pro |
1909 | * https://ubuntu.com/azure/pro |
1910 | @@ -10,20 +10,20 @@ See the following links for up to date information for each supported Cloud: |
1911 | |
1912 | ## Enable FIPS updates |
1913 | |
1914 | -First, we need to wait for the standard Ubuntu Pro services to be set up: |
1915 | +Wait for the standard Ubuntu Pro services to be set up: |
1916 | |
1917 | ```bash |
1918 | sudo pro status --wait |
1919 | ``` |
1920 | |
1921 | -We can then use [the `enable` command](../howtoguides/enable_fips.md) to set up |
1922 | +Use [the `enable` command](../howtoguides/enable_fips.md) to set up |
1923 | FIPS updates. |
1924 | |
1925 | ```bash |
1926 | sudo pro enable fips-updates --assume-yes |
1927 | ``` |
1928 | |
1929 | -Now, we need to reboot the instance: |
1930 | +Now, reboot the instance: |
1931 | |
1932 | ```bash |
1933 | sudo reboot |
1934 | @@ -49,12 +49,12 @@ Cloud-specific instructions are here: |
1935 | * [Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/capture-image-resource) |
1936 | * [GCP](https://cloud.google.com/compute/docs/machine-images/create-machine-images) |
1937 | |
1938 | -## Launch your custom image! |
1939 | +## Launch your custom image |
1940 | |
1941 | -Use your specific Cloud to launch a new instance from your custom image. |
1942 | +Use your specific cloud to launch a new instance from the custom image. |
1943 | |
1944 | ````{note} |
1945 | -For versions prior to 27.11, you will need to re-enable `fips-updates` on each |
1946 | +For versions of the Ubuntu Pro Client prior to 27.11, you will need to re-enable `fips-updates` on each |
1947 | instance launched from the custom image. |
1948 | |
1949 | This won't require a reboot and is only necessary to ensure the instance gets |
1950 | @@ -64,7 +64,7 @@ updates to FIPS packages when they become available. |
1951 | sudo pro enable fips-updates --assume-yes |
1952 | ``` |
1953 | |
1954 | -You can easily script this using [cloud-init user data](https://cloudinit.readthedocs.io/en/latest/topics/modules.html#runcmd) at launch time: |
1955 | +This can be scripted using [cloud-init user data](https://cloudinit.readthedocs.io/en/latest/topics/modules.html#runcmd) at launch time: |
1956 | ```yaml |
1957 | #cloud-config |
1958 | # Enable fips-updates after pro auto-attach and reboot after cloud-init completes |
1959 | diff --git a/docs/tutorials/fix_scenarios.md b/docs/tutorials/fix_scenarios.md |
1960 | index fe6f8e2..1c96800 100644 |
1961 | --- a/docs/tutorials/fix_scenarios.md |
1962 | +++ b/docs/tutorials/fix_scenarios.md |
1963 | @@ -81,7 +81,9 @@ You should see an output like this: |
1964 | ``` |
1965 | CVE-2020-15180: MariaDB vulnerabilities |
1966 | https://ubuntu.com/security/CVE-2020-15180 |
1967 | + |
1968 | No affected source packages are installed. |
1969 | + |
1970 | ✔ CVE-2020-15180 does not affect your system. |
1971 | ``` |
1972 | |
1973 | @@ -110,10 +112,12 @@ You will then see the following output: |
1974 | ``` |
1975 | CVE-2020-25686: Dnsmasq vulnerabilities |
1976 | https://ubuntu.com/security/CVE-2020-25686 |
1977 | + |
1978 | 1 affected package is installed: dnsmasq |
1979 | (1/1) dnsmasq: |
1980 | A fix is available in Ubuntu standard updates. |
1981 | { apt update && apt install --only-upgrade -y dnsmasq } |
1982 | + |
1983 | ✔ CVE-2020-25686 is resolved. |
1984 | ``` |
1985 | |
1986 | @@ -137,10 +141,12 @@ run the `pro fix` command again, and we should now see the following: |
1987 | ``` |
1988 | CVE-2020-25686: Dnsmasq vulnerabilities |
1989 | https://ubuntu.com/security/CVE-2020-25686 |
1990 | + |
1991 | 1 affected package is installed: dnsmasq |
1992 | (1/1) dnsmasq: |
1993 | A fix is available in Ubuntu standard updates. |
1994 | The update is already installed. |
1995 | + |
1996 | ✔ CVE-2020-25686 is resolved. |
1997 | ``` |
1998 | |
1999 | @@ -151,30 +157,34 @@ let you know! Before we reproduce this scenario, let us first install a package |
2000 | that we know has no fix available by running: |
2001 | |
2002 | ```console |
2003 | -$ sudo apt install -y libawl-php |
2004 | +$ sudo apt-get install -y expat=2.1.0-7 swish-e matanza ghostscript |
2005 | ``` |
2006 | |
2007 | Now, we can confirm that there is no fix by running the following command: |
2008 | |
2009 | ```console |
2010 | -$ pro fix USN-4539-1 |
2011 | +$ pro fix CVE-2017-9233 |
2012 | ``` |
2013 | |
2014 | You will see the following output: |
2015 | |
2016 | ``` |
2017 | -USN-4539-1: AWL vulnerability |
2018 | -Found CVEs: |
2019 | -https://ubuntu.com/security/CVE-2020-11728 |
2020 | -1 affected source package is installed: awl |
2021 | -(1/1) awl: |
2022 | -Sorry, no fix is available. |
2023 | -1 package is still affected: awl |
2024 | -✘ USN-4539-1 is not resolved. |
2025 | +CVE-2017-9233: Coin3D vulnerability |
2026 | + - https://ubuntu.com/security/CVE-2017-9233 |
2027 | + |
2028 | +3 affected source packages are installed: expat, matanza, swish-e |
2029 | +(1/3, 2/3) matanza, swish-e: |
2030 | +Ubuntu security engineers are investigating this issue. |
2031 | +(3/3) expat: |
2032 | +A fix is available in Ubuntu standard updates. |
2033 | +{ apt update && apt install --only-upgrade -y expat } |
2034 | + |
2035 | +2 packages are still affected: matanza, swish-e |
2036 | +✘ CVE-2017-9233 is not resolved. |
2037 | ``` |
2038 | |
2039 | -As you can see, we are informed by `pro fix` that there is no fix available. In |
2040 | -the last line, we can also see that the USN is not resolved. |
2041 | +As you can see, we are informed by `pro fix` that some packages do not have a fix available. In |
2042 | +the last line, we can also see that the CVE is not resolved. |
2043 | |
2044 | ## CVE/USN that require an Ubuntu Pro subscription |
2045 | |
2046 | @@ -193,6 +203,8 @@ USN-5079-2: curl vulnerabilities |
2047 | Found CVEs: |
2048 | https://ubuntu.com/security/CVE-2021-22946 |
2049 | https://ubuntu.com/security/CVE-2021-22947 |
2050 | + |
2051 | +Fixing requested USN-5079-2 |
2052 | 1 affected package is installed: curl |
2053 | (1/1) curl: |
2054 | A fix is available in Ubuntu Pro: ESM Infra. |
2055 | @@ -222,6 +234,7 @@ USN-5079-2: curl vulnerabilities |
2056 | Found CVEs: |
2057 | https://ubuntu.com/security/CVE-2021-22946 |
2058 | https://ubuntu.com/security/CVE-2021-22947 |
2059 | + |
2060 | 1 affected package is installed: curl |
2061 | (1/1) curl: |
2062 | A fix is available in Ubuntu Pro: ESM Infra. |
2063 | @@ -258,22 +271,40 @@ Enable services with: pro enable <service> |
2064 | Technical support level: essential |
2065 | { apt update && apt install --only-upgrade -y curl libcurl3-gnutls } |
2066 | ✔ USN-5079-2 is resolved. |
2067 | + |
2068 | +Found related USNs: |
2069 | +- USN-5079-1 |
2070 | + |
2071 | +Fixing related USNs: |
2072 | +- USN-5079-1 |
2073 | +No affected source packages are installed. |
2074 | + |
2075 | +✔ USN-5079-1 does not affect your system. |
2076 | + |
2077 | +Summary: |
2078 | +✔ USN-5079-2 [requested] is resolved. |
2079 | +✔ USN-5079-1 [related] does not affect your system. |
2080 | ``` |
2081 | |
2082 | -We can see that that the attach command was successful, which can be verified |
2083 | +We can see that this command also fixed related USN **USN-5079-1**. |
2084 | +If you want to learn more about related USNs, refer to [our explanation guide](../explanations/cves_and_usns_explained.md#what-are-related-usns) |
2085 | + |
2086 | +Finally, we can see that that the attach command was successful, which can be verified |
2087 | by the status output we see when executing the command. Additionally, we can |
2088 | observe that the USN is indeed fixed, which you can confirm by running the |
2089 | `pro fix` command again: |
2090 | |
2091 | ``` |
2092 | -N-5079-2: curl vulnerabilities |
2093 | +USN-5079-2: curl vulnerabilities |
2094 | Found CVEs: |
2095 | https://ubuntu.com/security/CVE-2021-22946 |
2096 | https://ubuntu.com/security/CVE-2021-22947 |
2097 | + |
2098 | 1 affected package is installed: curl |
2099 | (1/1) curl: |
2100 | A fix is available in Ubuntu Pro: ESM Infra. |
2101 | The update is already installed. |
2102 | + |
2103 | ✔ USN-5079-2 is resolved. |
2104 | ``` |
2105 | |
2106 | @@ -308,6 +339,7 @@ prompted): |
2107 | ``` |
2108 | CVE-2021-44731: snapd vulnerabilities |
2109 | https://ubuntu.com/security/CVE-2021-44731 |
2110 | + |
2111 | 1 affected package is installed: snapd |
2112 | (1/1) snapd: |
2113 | A fix is available in Ubuntu Pro: ESM Infra. |
2114 | @@ -321,6 +353,7 @@ One moment, checking your subscription first |
2115 | Updating package lists |
2116 | Ubuntu Pro: ESM Infra enabled |
2117 | { apt update && apt install --only-upgrade -y ubuntu-core-launcher snapd } |
2118 | + |
2119 | ✔ CVE-2021-44731 is resolved. |
2120 | ``` |
2121 | |
2122 | @@ -342,13 +375,15 @@ $ sudo pro fix CVE-2022-0778 |
2123 | Then you will see the following output: |
2124 | |
2125 | ``` |
2126 | -VE-2022-0778: OpenSSL vulnerability |
2127 | +CVE-2022-0778: OpenSSL vulnerability |
2128 | https://ubuntu.com/security/CVE-2022-0778 |
2129 | + |
2130 | 1 affected package is installed: openssl |
2131 | (1/1) openssl: |
2132 | A fix is available in Ubuntu Pro: ESM Infra. |
2133 | { apt update && apt install --only-upgrade -y libssl1.0.0 openssl } |
2134 | A reboot is required to complete fix operation. |
2135 | + |
2136 | ✘ CVE-2022-0778 is not resolved. |
2137 | ``` |
2138 | |
2139 | @@ -358,10 +393,12 @@ indeed fixed: |
2140 | ``` |
2141 | CVE-2022-0778: OpenSSL vulnerability |
2142 | https://ubuntu.com/security/CVE-2022-0778 |
2143 | + |
2144 | 1 affected package is installed: openssl |
2145 | (1/1) openssl: |
2146 | A fix is available in Ubuntu Pro: ESM Infra. |
2147 | The update is already installed. |
2148 | + |
2149 | ✔ CVE-2022-0778 is resolved. |
2150 | ``` |
2151 | |
2152 | @@ -390,6 +427,7 @@ And you will see the following output: |
2153 | ``` |
2154 | CVE-2017-9233: Expat vulnerability |
2155 | https://ubuntu.com/security/CVE-2017-9233 |
2156 | + |
2157 | 3 affected packages are installed: expat, matanza, swish-e |
2158 | (1/3, 2/3) matanza, swish-e: |
2159 | Sorry, no fix is available. |
2160 | @@ -397,6 +435,7 @@ Sorry, no fix is available. |
2161 | A fix is available in Ubuntu standard updates. |
2162 | { apt update && apt install --only-upgrade -y expat } |
2163 | 2 packages are still affected: matanza, swish-e |
2164 | + |
2165 | ✘ CVE-2017-9233 is not resolved. |
2166 | ``` |
2167 | |
2168 | diff --git a/features/api_full_auto_attach.feature b/features/api_full_auto_attach.feature |
2169 | index c65fca5..9df2f69 100644 |
2170 | --- a/features/api_full_auto_attach.feature |
2171 | +++ b/features/api_full_auto_attach.feature |
2172 | @@ -27,7 +27,7 @@ Feature: Full Auto-Attach Endpoint |
2173 | """ |
2174 | Then stdout matches regexp: |
2175 | """ |
2176 | - livepatch +yes +(disabled|n/a) +Canonical Livepatch service |
2177 | + livepatch +yes +(disabled|n/a) +(Canonical Livepatch service|Current kernel is not supported) |
2178 | """ |
2179 | Examples: |
2180 | | release | |
2181 | diff --git a/features/apt_messages.feature b/features/apt_messages.feature |
2182 | index 401360d..693ebee 100644 |
2183 | --- a/features/apt_messages.feature |
2184 | +++ b/features/apt_messages.feature |
2185 | @@ -175,7 +175,7 @@ Feature: APT Messages |
2186 | Calculating upgrade... |
2187 | Get more security updates through Ubuntu Pro with 'esm-apps' enabled: |
2188 | <package> |
2189 | - Learn more about Ubuntu Pro at https://ubuntu.com/pro |
2190 | + <learn_more_msg> |
2191 | 0 upgraded, 0 newly installed, 0 to remove and \d+ not upgraded. |
2192 | """ |
2193 | When I run `apt-get upgrade` with sudo |
2194 | @@ -211,10 +211,10 @@ Feature: APT Messages |
2195 | 0 upgraded, 0 newly installed, 0 to remove and \d+ not upgraded\. |
2196 | """ |
2197 | Examples: ubuntu release |
2198 | - | release | package | |
2199 | - | bionic | ansible | |
2200 | - | focal | hello | |
2201 | - | jammy | hello | |
2202 | + | release | package | learn_more_msg | |
2203 | + | bionic | ansible | Learn more about Ubuntu Pro for 18.04 at https://ubuntu.com/18-04 | |
2204 | + | focal | hello | Learn more about Ubuntu Pro at https://ubuntu.com/pro | |
2205 | + | jammy | hello | Learn more about Ubuntu Pro at https://ubuntu.com/pro | |
2206 | |
2207 | @series.all |
2208 | @uses.config.machine_type.lxd.container |
2209 | @@ -613,6 +613,7 @@ Feature: APT Messages |
2210 | |
2211 | @series.xenial |
2212 | @series.bionic |
2213 | + @series.focal |
2214 | @uses.config.machine_type.aws.generic |
2215 | Scenario Outline: AWS URLs |
2216 | Given a `<release>` machine with ubuntu-advantage-tools installed |
2217 | @@ -620,17 +621,19 @@ Feature: APT Messages |
2218 | When I run `apt-get install ansible -y` with sudo |
2219 | When I run `apt-get update` with sudo |
2220 | When I run `apt upgrade --dry-run` with sudo |
2221 | - Then stdout matches regexp: |
2222 | + Then stdout contains substring: |
2223 | """ |
2224 | <msg> |
2225 | """ |
2226 | Examples: ubuntu release |
2227 | - | release | msg | |
2228 | - | xenial | Learn more about Ubuntu Pro for 16\.04 at https:\/\/ubuntu\.com\/16-04 | |
2229 | - | bionic | Learn more about Ubuntu Pro on AWS at https:\/\/ubuntu\.com\/aws\/pro | |
2230 | + | release | msg | |
2231 | + | xenial | Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04 | |
2232 | + | bionic | Learn more about Ubuntu Pro for 18.04 at https://ubuntu.com/18-04 | |
2233 | + | focal | Learn more about Ubuntu Pro on AWS at https://ubuntu.com/aws/pro | |
2234 | |
2235 | @series.xenial |
2236 | @series.bionic |
2237 | + @series.focal |
2238 | @uses.config.machine_type.azure.generic |
2239 | Scenario Outline: Azure URLs |
2240 | Given a `<release>` machine with ubuntu-advantage-tools installed |
2241 | @@ -638,17 +641,19 @@ Feature: APT Messages |
2242 | When I run `apt-get install ansible -y` with sudo |
2243 | When I run `apt-get update` with sudo |
2244 | When I run `apt upgrade --dry-run` with sudo |
2245 | - Then stdout matches regexp: |
2246 | + Then stdout contains substring: |
2247 | """ |
2248 | <msg> |
2249 | """ |
2250 | Examples: ubuntu release |
2251 | - | release | msg | |
2252 | - | xenial | Learn more about Ubuntu Pro for 16\.04 on Azure at https:\/\/ubuntu\.com\/16-04\/azure | |
2253 | - | bionic | Learn more about Ubuntu Pro on Azure at https:\/\/ubuntu\.com\/azure\/pro | |
2254 | + | release | msg | |
2255 | + | xenial | Learn more about Ubuntu Pro for 16.04 on Azure at https://ubuntu.com/16-04/azure | |
2256 | + | bionic | Learn more about Ubuntu Pro for 18.04 on Azure at https://ubuntu.com/18-04/azure | |
2257 | + | focal | Learn more about Ubuntu Pro on Azure at https://ubuntu.com/azure/pro | |
2258 | |
2259 | @series.xenial |
2260 | @series.bionic |
2261 | + @series.focal |
2262 | @uses.config.machine_type.gcp.generic |
2263 | Scenario Outline: GCP URLs |
2264 | Given a `<release>` machine with ubuntu-advantage-tools installed |
2265 | @@ -656,14 +661,15 @@ Feature: APT Messages |
2266 | When I run `apt-get install ansible -y` with sudo |
2267 | When I run `apt-get update` with sudo |
2268 | When I run `apt upgrade --dry-run` with sudo |
2269 | - Then stdout matches regexp: |
2270 | + Then stdout contains substring: |
2271 | """ |
2272 | <msg> |
2273 | """ |
2274 | Examples: ubuntu release |
2275 | | release | msg | |
2276 | - | xenial | Learn more about Ubuntu Pro for 16\.04 at https:\/\/ubuntu\.com\/16-04 | |
2277 | - | bionic | Learn more about Ubuntu Pro on GCP at https:\/\/ubuntu\.com\/gcp\/pro | |
2278 | + | xenial | Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04 | |
2279 | + | bionic | Learn more about Ubuntu Pro for 18.04 at https://ubuntu.com/18-04 | |
2280 | + | focal | Learn more about Ubuntu Pro on GCP at https://ubuntu.com/gcp/pro | |
2281 | |
2282 | @series.kinetic |
2283 | @uses.config.machine_type.lxd.container |
2284 | diff --git a/features/attach_validtoken.feature b/features/attach_validtoken.feature |
2285 | index da04c06..3ff70d5 100644 |
2286 | --- a/features/attach_validtoken.feature |
2287 | +++ b/features/attach_validtoken.feature |
2288 | @@ -8,18 +8,31 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro |
2289 | Scenario Outline: Attached command in a non-lts ubuntu machine |
2290 | Given a `<release>` machine with ubuntu-advantage-tools installed |
2291 | When I attach `contract_token` with sudo |
2292 | - And I run `pro status --all` as non-root |
2293 | + And I run `pro status` as non-root |
2294 | Then stdout matches regexp: |
2295 | - """ |
2296 | - SERVICE +ENTITLED STATUS DESCRIPTION |
2297 | - cc-eal +yes +n/a +Common Criteria EAL2 Provisioning Packages |
2298 | - cis +yes +n/a +Security compliance and audit tools |
2299 | - esm-apps +yes +n/a +Expanded Security Maintenance for Applications |
2300 | - esm-infra +yes +n/a +Expanded Security Maintenance for Infrastructure |
2301 | - fips +yes +n/a +NIST-certified core packages |
2302 | - fips-updates +yes +n/a +NIST-certified core packages with priority security updates |
2303 | - livepatch +yes +n/a +Canonical Livepatch service |
2304 | - """ |
2305 | + """ |
2306 | + No Ubuntu Pro services are available to this system. |
2307 | + """ |
2308 | + And stdout matches regexp: |
2309 | + """ |
2310 | + For a list of all Ubuntu Pro services, run 'pro status --all' |
2311 | + """ |
2312 | + When I run `pro status --all` as non-root |
2313 | + Then stdout matches regexp: |
2314 | + """ |
2315 | + SERVICE +ENTITLED STATUS DESCRIPTION |
2316 | + cc-eal +yes +n/a +Common Criteria EAL2 Provisioning Packages |
2317 | + cis +yes +n/a +Security compliance and audit tools |
2318 | + esm-apps +yes +n/a +Expanded Security Maintenance for Applications |
2319 | + esm-infra +yes +n/a +Expanded Security Maintenance for Infrastructure |
2320 | + fips +yes +n/a +NIST-certified core packages |
2321 | + fips-updates +yes +n/a +NIST-certified core packages with priority security updates |
2322 | + livepatch +yes +n/a +Canonical Livepatch service |
2323 | + """ |
2324 | + And stdout does not match regexp: |
2325 | + """ |
2326 | + For a list of all Ubuntu Pro services, run 'pro status --all' |
2327 | + """ |
2328 | |
2329 | Examples: ubuntu release |
2330 | | release | |
2331 | @@ -83,7 +96,7 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro |
2332 | | xenial | libkrad0=1.13.2+dfsg-5 | disabled | cis | disabled | disabled | Canonical Livepatch service | |
2333 | | bionic | libkrad0=1.16-2build1 | disabled | cis | disabled | disabled | Canonical Livepatch service | |
2334 | | focal | hello=2.10-2ubuntu2 | n/a | usg | disabled | disabled | Canonical Livepatch service | |
2335 | - | jammy | hello=2.10-2ubuntu4 | n/a | usg | n/a | n/a | Available with the HWE kernel | |
2336 | + | jammy | hello=2.10-2ubuntu4 | n/a | usg | n/a | n/a | Canonical Livepatch service | |
2337 | |
2338 | @series.lts |
2339 | @uses.config.machine_type.lxd.container |
2340 | @@ -380,6 +393,7 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro |
2341 | |
2342 | Examples: ubuntu release livepatch status |
2343 | | release | |
2344 | - | xenial | |
2345 | - | bionic | |
2346 | - | focal | |
2347 | + # removing until we add this feature back in a way that doesn't hammer the server |
2348 | + #| xenial | |
2349 | + #| bionic | |
2350 | + #| focal | |
2351 | diff --git a/features/attached_commands.feature b/features/attached_commands.feature |
2352 | index 524e4e0..ffedcbe 100644 |
2353 | --- a/features/attached_commands.feature |
2354 | +++ b/features/attached_commands.feature |
2355 | @@ -294,7 +294,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription |
2356 | | xenial | yes | yes | yes | yes | yes | yes | cis | no | |
2357 | | bionic | yes | yes | yes | yes | yes | yes | cis | no | |
2358 | | focal | yes | no | yes | yes | yes | no | usg | no | |
2359 | - | jammy | yes | no | no | no | no | no | usg | yes | |
2360 | + | jammy | yes | no | yes | no | no | no | usg | yes | |
2361 | |
2362 | @series.all |
2363 | @uses.config.machine_type.lxd.container |
2364 | diff --git a/features/attached_status.feature b/features/attached_status.feature |
2365 | index b01386e..571bba4 100644 |
2366 | --- a/features/attached_status.feature |
2367 | +++ b/features/attached_status.feature |
2368 | @@ -101,6 +101,7 @@ Feature: Attached status |
2369 | ros +yes +disabled +Security Updates for the Robot Operating System |
2370 | ros-updates +yes +disabled +All Updates for the Robot Operating System |
2371 | |
2372 | + For a list of all Ubuntu Pro services, run 'pro status --all' |
2373 | Enable services with: pro enable <service> |
2374 | """ |
2375 | When I verify root and non-root `pro status --all` calls have the same output |
2376 | @@ -143,6 +144,7 @@ Feature: Attached status |
2377 | fips-updates +yes +disabled +NIST-certified core packages with priority security updates |
2378 | usg +yes +disabled +Security compliance and audit tools |
2379 | |
2380 | + For a list of all Ubuntu Pro services, run 'pro status --all' |
2381 | Enable services with: pro enable <service> |
2382 | """ |
2383 | When I verify root and non-root `pro status --all` calls have the same output |
2384 | @@ -180,7 +182,9 @@ Feature: Attached status |
2385 | SERVICE +ENTITLED +STATUS +DESCRIPTION |
2386 | esm-apps +yes +enabled +Expanded Security Maintenance for Applications |
2387 | esm-infra +yes +enabled +Expanded Security Maintenance for Infrastructure |
2388 | + usg +yes +disabled +Security compliance and audit tools |
2389 | |
2390 | + For a list of all Ubuntu Pro services, run 'pro status --all' |
2391 | Enable services with: pro enable <service> |
2392 | """ |
2393 | When I verify root and non-root `pro status --all` calls have the same output |
2394 | @@ -197,7 +201,7 @@ Feature: Attached status |
2395 | realtime-kernel +yes +n/a +Ubuntu kernel with PREEMPT_RT patches integrated |
2396 | ros +yes +n/a +Security Updates for the Robot Operating System |
2397 | ros-updates +yes +n/a +All Updates for the Robot Operating System |
2398 | - usg +yes +n/a +Security compliance and audit tools |
2399 | + usg +yes +disabled +Security compliance and audit tools |
2400 | |
2401 | Enable services with: pro enable <service> |
2402 | """ |
2403 | diff --git a/features/cloud.py b/features/cloud.py |
2404 | index 1a5d11b..d222f84 100644 |
2405 | --- a/features/cloud.py |
2406 | +++ b/features/cloud.py |
2407 | @@ -168,7 +168,7 @@ class Cloud: |
2408 | """ |
2409 | return instance.id |
2410 | |
2411 | - def locate_image_name(self, series: str) -> str: |
2412 | + def locate_image_name(self, series: str, daily: bool = True) -> str: |
2413 | """Locate and return the image name to use for vm provision. |
2414 | |
2415 | :param series: |
2416 | @@ -189,7 +189,14 @@ class Cloud: |
2417 | elif "pro" in self.machine_type: |
2418 | image_type = ImageType.PRO |
2419 | |
2420 | - return self.api.daily_image(release=series, image_type=image_type) |
2421 | + if daily: |
2422 | + logging.debug("looking up daily image for {}".format(series)) |
2423 | + return self.api.daily_image(release=series, image_type=image_type) |
2424 | + else: |
2425 | + logging.debug("looking up released image for {}".format(series)) |
2426 | + return self.api.released_image( |
2427 | + release=series, image_type=image_type |
2428 | + ) |
2429 | |
2430 | def manage_ssh_key( |
2431 | self, |
2432 | @@ -297,7 +304,14 @@ class EC2(Cloud): |
2433 | An AWS cloud provider instance |
2434 | """ |
2435 | if not image_name: |
2436 | - image_name = self.locate_image_name(series) |
2437 | + if series == "xenial" and "pro" not in self.machine_type: |
2438 | + logging.debug( |
2439 | + "defaulting to non-daily image for awsgeneric-16.04" |
2440 | + ) |
2441 | + daily = False |
2442 | + else: |
2443 | + daily = True |
2444 | + image_name = self.locate_image_name(series, daily=daily) |
2445 | |
2446 | logging.info( |
2447 | "--- Launching AWS image {}({})".format(image_name, series) |
2448 | @@ -603,7 +617,7 @@ class _LXD(Cloud): |
2449 | # instead of the instance id |
2450 | return instance.name |
2451 | |
2452 | - def locate_image_name(self, series: str) -> str: |
2453 | + def locate_image_name(self, series: str, daily: bool = True) -> str: |
2454 | """Locate and return the image name to use for vm provision. |
2455 | |
2456 | :param series: |
2457 | @@ -618,7 +632,13 @@ class _LXD(Cloud): |
2458 | "Must provide either series or image_name to launch azure" |
2459 | ) |
2460 | |
2461 | - image_name = self.api.daily_image(release=series) |
2462 | + if daily: |
2463 | + logging.debug("looking up daily image for {}".format(series)) |
2464 | + image_name = self.api.daily_image(release=series) |
2465 | + else: |
2466 | + logging.debug("looking up released image for {}".format(series)) |
2467 | + image_name = self.api.released_image(release=series) |
2468 | + |
2469 | return image_name |
2470 | |
2471 | |
2472 | diff --git a/features/daemon.feature b/features/daemon.feature |
2473 | index ed74ec5..88fbbf7 100644 |
2474 | --- a/features/daemon.feature |
2475 | +++ b/features/daemon.feature |
2476 | @@ -105,10 +105,10 @@ Feature: Pro Upgrade Daemon only runs in environments where necessary |
2477 | Active: active \(running\) |
2478 | """ |
2479 | # TODO find out what caused memory to go up, try to lower it again |
2480 | - Then on `xenial`, systemd status output says memory usage is less than `16` MB |
2481 | - Then on `bionic`, systemd status output says memory usage is less than `14` MB |
2482 | - Then on `focal`, systemd status output says memory usage is less than `12` MB |
2483 | - Then on `jammy`, systemd status output says memory usage is less than `13` MB |
2484 | + Then on `xenial`, systemd status output says memory usage is less than `17` MB |
2485 | + Then on `bionic`, systemd status output says memory usage is less than `15` MB |
2486 | + Then on `focal`, systemd status output says memory usage is less than `13` MB |
2487 | + Then on `jammy`, systemd status output says memory usage is less than `14` MB |
2488 | |
2489 | When I run `cat /var/log/ubuntu-advantage-daemon.log` with sudo |
2490 | Then stdout matches regexp: |
2491 | diff --git a/features/docker.feature b/features/docker.feature |
2492 | index 2e82266..bf204d9 100644 |
2493 | --- a/features/docker.feature |
2494 | +++ b/features/docker.feature |
2495 | @@ -77,4 +77,3 @@ Feature: Build docker images with pro services |
2496 | | focal | xenial | [ esm-infra ] | curl | esm | |
2497 | | focal | bionic | [ fips ] | openssl | fips | |
2498 | | focal | focal | [ esm-apps ] | hello | esm | |
2499 | - |
2500 | diff --git a/features/enable_fips_cloud.feature b/features/enable_fips_cloud.feature |
2501 | index c14b39b..41edbb0 100644 |
2502 | --- a/features/enable_fips_cloud.feature |
2503 | +++ b/features/enable_fips_cloud.feature |
2504 | @@ -217,7 +217,7 @@ Feature: FIPS enablement in cloud based machines |
2505 | And I verify that `strongswan-hmac` is installed from apt source `<fips-apt-source>` |
2506 | When I run `apt-cache policy ubuntu-fips` as non-root |
2507 | Then stdout does not match regexp: |
2508 | - "" |
2509 | + """ |
2510 | .*Installed: \(none\) |
2511 | """ |
2512 | When I reboot the machine |
2513 | diff --git a/features/enable_fips_vm.feature b/features/enable_fips_vm.feature |
2514 | index ea6c38e..88a5db8 100644 |
2515 | --- a/features/enable_fips_vm.feature |
2516 | +++ b/features/enable_fips_vm.feature |
2517 | @@ -11,7 +11,7 @@ Feature: FIPS enablement in lxd VMs |
2518 | When I run `pro status --format json` with sudo |
2519 | Then stdout contains substring |
2520 | """ |
2521 | - {"available": "yes", "blocked_by": [{"name": "livepatch", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "disabled", "status_details": "FIPS is not configured"} |
2522 | + {"available": "yes", "blocked_by": [{"name": "livepatch", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "disabled", "status_details": "FIPS is not configured", "warning": null} |
2523 | """ |
2524 | When I run `pro disable livepatch` with sudo |
2525 | And I run `DEBIAN_FRONTEND=noninteractive apt-get install -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y openssh-client openssh-server strongswan` with sudo, retrying exit [100] |
2526 | @@ -48,15 +48,14 @@ Feature: FIPS enablement in lxd VMs |
2527 | When I run `pro status --format json --all` with sudo |
2528 | Then stdout contains substring: |
2529 | """ |
2530 | - {"available": "no", "blocked_by": [{"name": "fips", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}], "description": "Canonical Livepatch service", "description_override": null, "entitled": "yes", "name": "livepatch", "status": "n/a", "status_details": "Cannot enable Livepatch when FIPS is enabled."} |
2531 | + {"available": "no", "blocked_by": [{"name": "fips", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}], "description": "Canonical Livepatch service", "description_override": null, "entitled": "yes", "name": "livepatch", "status": "n/a", "status_details": "Cannot enable Livepatch when FIPS is enabled.", "warning": null} |
2532 | """ |
2533 | - |
2534 | When I reboot the machine |
2535 | And I run `uname -r` as non-root |
2536 | Then stdout matches regexp: |
2537 | - """ |
2538 | - fips |
2539 | - """ |
2540 | + """ |
2541 | + fips |
2542 | + """ |
2543 | When I run `cat /proc/sys/crypto/fips_enabled` with sudo |
2544 | Then I will see the following on stdout: |
2545 | """ |
2546 | @@ -64,24 +63,24 @@ Feature: FIPS enablement in lxd VMs |
2547 | """ |
2548 | When I run `pro status --all` with sudo |
2549 | Then stdout does not match regexp: |
2550 | - """ |
2551 | - FIPS support requires system reboot to complete configuration |
2552 | - """ |
2553 | + """ |
2554 | + FIPS support requires system reboot to complete configuration |
2555 | + """ |
2556 | When I run `pro disable <fips-service>` `with sudo` and stdin `y` |
2557 | Then stdout matches regexp: |
2558 | - """ |
2559 | - This will disable the FIPS entitlement but the FIPS packages will remain installed. |
2560 | - """ |
2561 | + """ |
2562 | + This will disable the FIPS entitlement but the FIPS packages will remain installed. |
2563 | + """ |
2564 | And stdout matches regexp: |
2565 | - """ |
2566 | - Updating package lists |
2567 | - A reboot is required to complete disable operation |
2568 | - """ |
2569 | + """ |
2570 | + Updating package lists |
2571 | + A reboot is required to complete disable operation |
2572 | + """ |
2573 | When I run `pro status --all` with sudo |
2574 | Then stdout matches regexp: |
2575 | - """ |
2576 | - Disabling FIPS requires system reboot to complete operation |
2577 | - """ |
2578 | + """ |
2579 | + Disabling FIPS requires system reboot to complete operation |
2580 | + """ |
2581 | When I run `apt-cache policy ubuntu-fips` as non-root |
2582 | Then stdout matches regexp: |
2583 | """ |
2584 | @@ -103,13 +102,13 @@ Feature: FIPS enablement in lxd VMs |
2585 | """ |
2586 | When I run `pro status --all` with sudo |
2587 | Then stdout matches regexp: |
2588 | - """ |
2589 | - <fips-service> +yes disabled |
2590 | - """ |
2591 | + """ |
2592 | + <fips-service> +yes disabled |
2593 | + """ |
2594 | Then stdout does not match regexp: |
2595 | - """ |
2596 | - Disabling FIPS requires system reboot to complete operation |
2597 | - """ |
2598 | + """ |
2599 | + Disabling FIPS requires system reboot to complete operation |
2600 | + """ |
2601 | When I run `pro enable <fips-service> --assume-yes --format json --assume-yes` with sudo |
2602 | Then stdout is a json matching the `ua_operation` schema |
2603 | And I will see the following on stdout: |
2604 | @@ -125,9 +124,9 @@ Feature: FIPS enablement in lxd VMs |
2605 | """ |
2606 | When I run `pro status --all` with sudo |
2607 | Then stdout matches regexp: |
2608 | - """ |
2609 | - <fips-service> +yes disabled |
2610 | - """ |
2611 | + """ |
2612 | + <fips-service> +yes disabled |
2613 | + """ |
2614 | |
2615 | Examples: ubuntu release |
2616 | | release | fips-name | fips-service |fips-apt-source | |
2617 | @@ -171,7 +170,7 @@ Feature: FIPS enablement in lxd VMs |
2618 | When I run `pro status --all --format json` with sudo |
2619 | Then stdout contains substring: |
2620 | """ |
2621 | - {"available": "no", "blocked_by": [{"name": "fips-updates", "reason": "FIPS cannot be enabled if FIPS Updates has ever been enabled because FIPS Updates installs security patches that aren't officially certified.", "reason_code": "fips-updates-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "n/a", "status_details": "Cannot enable FIPS when FIPS Updates is enabled."} |
2622 | + {"available": "no", "blocked_by": [{"name": "fips-updates", "reason": "FIPS cannot be enabled if FIPS Updates has ever been enabled because FIPS Updates installs security patches that aren't officially certified.", "reason_code": "fips-updates-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "n/a", "status_details": "Cannot enable FIPS when FIPS Updates is enabled.", "warning": null} |
2623 | """ |
2624 | |
2625 | When I reboot the machine |
2626 | @@ -245,7 +244,7 @@ Feature: FIPS enablement in lxd VMs |
2627 | When I run `pro status --all --format json` with sudo |
2628 | Then stdout contains substring: |
2629 | """ |
2630 | - {"available": "no", "blocked_by": [{"name": "livepatch", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}, {"name": "fips-updates", "reason": "FIPS cannot be enabled if FIPS Updates has ever been enabled because FIPS Updates installs security patches that aren't officially certified.", "reason_code": "fips-updates-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "n/a", "status_details": "Cannot enable FIPS when FIPS Updates is enabled."} |
2631 | + {"available": "no", "blocked_by": [{"name": "livepatch", "reason": "Livepatch cannot be enabled while running the official FIPS certified kernel. If you would like a FIPS compliant kernel with additional bug fixes and security updates, you can use the FIPS Updates service with Livepatch.", "reason_code": "livepatch-invalidates-fips"}, {"name": "fips-updates", "reason": "FIPS cannot be enabled if FIPS Updates has ever been enabled because FIPS Updates installs security patches that aren't officially certified.", "reason_code": "fips-updates-invalidates-fips"}], "description": "NIST-certified core packages", "description_override": null, "entitled": "yes", "name": "fips", "status": "n/a", "status_details": "Cannot enable FIPS when FIPS Updates is enabled.", "warning": null} |
2632 | """ |
2633 | When I run `pro disable <fips-service> --assume-yes` with sudo |
2634 | And I run `pro enable <fips-service> --assume-yes --format json --assume-yes` with sudo |
2635 | @@ -342,7 +341,6 @@ Feature: FIPS enablement in lxd VMs |
2636 | """ |
2637 | Updating package lists |
2638 | Installing <fips-name> packages |
2639 | - FIPS strongswan-hmac package could not be installed |
2640 | <fips-name> enabled |
2641 | A reboot is required to complete install |
2642 | """ |
2643 | @@ -376,6 +374,8 @@ Feature: FIPS enablement in lxd VMs |
2644 | When I reboot the machine |
2645 | Then I verify that `openssh-server` installed version matches regexp `fips` |
2646 | And I verify that `openssh-client` installed version matches regexp `fips` |
2647 | + And I verify that `strongswan` installed version matches regexp `fips` |
2648 | + And I verify that `strongswan-hmac` installed version matches regexp `fips` |
2649 | When I run `apt-mark unhold openssh-client openssh-server strongswan` with sudo |
2650 | Then I will see the following on stdout: |
2651 | """ |
2652 | @@ -520,7 +520,7 @@ Feature: FIPS enablement in lxd VMs |
2653 | """ |
2654 | And stdout matches regexp: |
2655 | """ |
2656 | - livepatch +yes enabled |
2657 | + livepatch +yes (enabled|warning) |
2658 | """ |
2659 | When I run `uname -r` as non-root |
2660 | Then stdout matches regexp: |
2661 | diff --git a/features/environment.py b/features/environment.py |
2662 | index 8c3f685..522a02f 100644 |
2663 | --- a/features/environment.py |
2664 | +++ b/features/environment.py |
2665 | @@ -6,6 +6,7 @@ import random |
2666 | import re |
2667 | import string |
2668 | import sys |
2669 | +import tarfile |
2670 | from typing import Dict, List, Optional, Tuple, Union # noqa: F401 |
2671 | |
2672 | import pycloudlib # type: ignore # noqa: F401 |
2673 | @@ -123,8 +124,8 @@ class UAClientBehaveConfig: |
2674 | contract_token: Optional[str] = None, |
2675 | contract_token_staging: Optional[str] = None, |
2676 | contract_token_staging_expired: Optional[str] = None, |
2677 | - artifact_dir: Optional[str] = None, |
2678 | - install_from: InstallationSource = InstallationSource.DAILY, |
2679 | + artifact_dir: str = "artifacts", |
2680 | + install_from: InstallationSource = InstallationSource.LOCAL, |
2681 | custom_ppa: Optional[str] = None, |
2682 | debs_path: Optional[str] = None, |
2683 | userdata_file: Optional[str] = None, |
2684 | @@ -299,6 +300,9 @@ class UAClientBehaveConfig: |
2685 | bool_value = False |
2686 | kwargs[key] = bool_value |
2687 | |
2688 | + # userdata should override environment variables |
2689 | + kwargs.update(config.userdata) |
2690 | + |
2691 | if "install_from" in kwargs: |
2692 | kwargs["install_from"] = InstallationSource(kwargs["install_from"]) |
2693 | |
2694 | @@ -329,17 +333,17 @@ def before_all(context: Context) -> None: |
2695 | print(" - {} = {}".format(key, value)) |
2696 | context.series_image_name = {} |
2697 | context.series_reuse_image = "" |
2698 | - context.config = UAClientBehaveConfig.from_environ(context.config) |
2699 | - context.config.cloud_manager.manage_ssh_key() |
2700 | + context.pro_config = UAClientBehaveConfig.from_environ(context.config) |
2701 | + context.pro_config.cloud_manager.manage_ssh_key() |
2702 | context.snapshots = {} |
2703 | context.machines = {} |
2704 | |
2705 | - if context.config.reuse_image: |
2706 | + if context.pro_config.reuse_image: |
2707 | series = lxc_get_property( |
2708 | - context.config.reuse_image, property_name="series", image=True |
2709 | + context.pro_config.reuse_image, property_name="series", image=True |
2710 | ) |
2711 | machine_type = lxc_get_property( |
2712 | - context.config.reuse_image, |
2713 | + context.pro_config.reuse_image, |
2714 | property_name="machine_type", |
2715 | image=True, |
2716 | ) |
2717 | @@ -347,26 +351,26 @@ def before_all(context: Context) -> None: |
2718 | print("Found machine_type: {vm_type}".format(vm_type=machine_type)) |
2719 | if series is not None: |
2720 | context.series_reuse_image = series |
2721 | - context.series_image_name[series] = context.config.reuse_image |
2722 | + context.series_image_name[series] = context.pro_config.reuse_image |
2723 | else: |
2724 | print(" Could not check image series. It will not be used. ") |
2725 | - context.config.reuse_image = None |
2726 | + context.pro_config.reuse_image = None |
2727 | |
2728 | |
2729 | def _should_skip_tags(context: Context, tags: List) -> str: |
2730 | """Return a reason if a feature or scenario should be skipped""" |
2731 | - machine_type = getattr(context.config, "machine_type", "") |
2732 | + machine_type = getattr(context.pro_config, "machine_type", "") |
2733 | machine_types = [] |
2734 | |
2735 | for tag in tags: |
2736 | parts = tag.split(".") |
2737 | - if parts[0] != "uses": |
2738 | - continue # Only process @uses.* tags for skipping: |
2739 | - val = context |
2740 | - for idx, attr in enumerate(parts[1:], 1): |
2741 | + if parts[0] != "uses" or parts[1] != "config": |
2742 | + continue # Only process @uses.config.* tags for skipping: |
2743 | + val = context.pro_config |
2744 | + for idx, attr in enumerate(parts[2:], 1): |
2745 | val = getattr(val, attr, None) |
2746 | if attr == "machine_type": |
2747 | - curr_machine_type = ".".join(parts[idx + 1 :]) |
2748 | + curr_machine_type = ".".join(parts[idx + 2 :]) |
2749 | machine_types.append(curr_machine_type) |
2750 | if curr_machine_type == machine_type: |
2751 | return "" |
2752 | @@ -397,7 +401,7 @@ def before_scenario(context: Context, scenario: Scenario): |
2753 | scenario.skip(reason=reason) |
2754 | return |
2755 | |
2756 | - filter_series = context.config.filter_series |
2757 | + filter_series = context.pro_config.filter_series |
2758 | given_a_series_match = re.match( |
2759 | "a `(.*)` machine with ubuntu-advantage-tools installed", |
2760 | scenario.steps[0].name, |
2761 | @@ -431,61 +435,30 @@ def before_scenario(context: Context, scenario: Scenario): |
2762 | ) |
2763 | |
2764 | |
2765 | -FAILURE_FILES = ( |
2766 | - "/etc/ubuntu-advantage/uaclient.log", |
2767 | - "/var/log/cloud-init.log", |
2768 | - "/var/log/ubuntu-advantage.log", |
2769 | - "/var/log/ubuntu-advantage-daemon.log", |
2770 | - "/var/log/ubuntu-advantage-timer.log", |
2771 | - "/var/lib/cloud/instance/user-data.txt", |
2772 | - "/var/lib/cloud/instance/vendor-data.txt", |
2773 | -) |
2774 | -FAILURE_CMDS = { |
2775 | - "ua-version": ["pro", "version"], |
2776 | - "cloud-init-analyze": ["cloud-init", "analyze", "show"], |
2777 | - "cloud-init.status": ["cloud-init", "status", "--long"], |
2778 | - "status.yaml": ["pro", "status", "--all", "--format=yaml"], |
2779 | - "journal.log": ["journalctl", "-b", "0"], |
2780 | - "systemd-analyze-blame": ["systemd-analyze", "blame"], |
2781 | - "systemctl-status": ["systemctl", "status"], |
2782 | - "systemctl-status-ua-auto-attach": [ |
2783 | - "systemctl", |
2784 | - "status", |
2785 | - "ua-auto-attach.service", |
2786 | - ], |
2787 | - "systemctl-status-ua-reboot-cmds": [ |
2788 | - "systemctl", |
2789 | - "status", |
2790 | - "ua-reboot-cmds.service", |
2791 | - ], |
2792 | - "systemctl-status-ubuntu-advantage": [ |
2793 | - "systemctl", |
2794 | - "status", |
2795 | - "ubuntu-advantage.service", |
2796 | - ], |
2797 | - "systemctl-status-apt-news": [ |
2798 | - "systemctl", |
2799 | - "status", |
2800 | - "apt-news.service", |
2801 | - ], |
2802 | -} |
2803 | - |
2804 | - |
2805 | def after_step(context, step): |
2806 | """Collect test artifacts in the event of failure.""" |
2807 | if step.status == "failed": |
2808 | - if context.config.artifact_dir: |
2809 | - artifacts_dir = context.config.artifact_dir |
2810 | - else: |
2811 | - artifacts_dir = "artifacts" |
2812 | - artifacts_dir = os.path.join( |
2813 | - artifacts_dir, |
2814 | + logging.warning("STEP FAILED. Collecting logs.") |
2815 | + inner_dir = os.path.join( |
2816 | + datetime.datetime.now().strftime("%Y-%m-%dT%H-%M-%S"), |
2817 | "{}_{}".format(os.path.basename(step.filename), step.line), |
2818 | ) |
2819 | + new_artifacts_dir = os.path.join( |
2820 | + context.pro_config.artifact_dir, |
2821 | + inner_dir, |
2822 | + ) |
2823 | + if not os.path.exists(new_artifacts_dir): |
2824 | + os.makedirs(new_artifacts_dir) |
2825 | + |
2826 | + latest_link_dir = os.path.join( |
2827 | + context.pro_config.artifact_dir, "latest" |
2828 | + ) |
2829 | + if os.path.exists(latest_link_dir): |
2830 | + os.unlink(latest_link_dir) |
2831 | + os.symlink(inner_dir, latest_link_dir) |
2832 | + |
2833 | if hasattr(context, "process"): |
2834 | - if not os.path.exists(artifacts_dir): |
2835 | - os.makedirs(artifacts_dir) |
2836 | - artifact_file = os.path.join(artifacts_dir, "process.log") |
2837 | + artifact_file = os.path.join(new_artifacts_dir, "process.log") |
2838 | process = context.process |
2839 | with open(artifact_file, "w") as stream: |
2840 | stream.write( |
2841 | @@ -497,35 +470,28 @@ def after_step(context, step): |
2842 | ) |
2843 | |
2844 | if hasattr(context, "machines") and SUT in context.machines: |
2845 | - if not os.path.exists(artifacts_dir): |
2846 | - os.makedirs(artifacts_dir) |
2847 | - for log_file in FAILURE_FILES: |
2848 | - artifact_file = os.path.join( |
2849 | - artifacts_dir, os.path.basename(log_file) |
2850 | + try: |
2851 | + context.machines[SUT].instance.execute( |
2852 | + ["pro", "collect-logs", "-o", "/tmp/logs.tar.gz"], |
2853 | + use_sudo=True, |
2854 | ) |
2855 | - logging.info( |
2856 | - "-- pull instance:{} {}".format(log_file, artifact_file) |
2857 | + context.machines[SUT].instance.execute( |
2858 | + ["chmod", "666", "/tmp/logs.tar.gz"], use_sudo=True |
2859 | ) |
2860 | - try: |
2861 | - result = context.machines[SUT].instance.execute( |
2862 | - ["cat", log_file], use_sudo=True |
2863 | - ) |
2864 | - content = result.stdout if result.ok else "" |
2865 | - except RuntimeError: |
2866 | - content = "" |
2867 | - with open(artifact_file, "w") as stream: |
2868 | - stream.write(content) |
2869 | - for artifact_file, cmd in FAILURE_CMDS.items(): |
2870 | - result = context.machines[SUT].instance.execute( |
2871 | - cmd, use_sudo=True |
2872 | + dest = os.path.join(new_artifacts_dir, "logs.tar.gz") |
2873 | + context.machines[SUT].instance.pull_file( |
2874 | + "/tmp/logs.tar.gz", dest |
2875 | ) |
2876 | - artifact_file = os.path.join(artifacts_dir, artifact_file) |
2877 | - with open(artifact_file, "w") as stream: |
2878 | - stream.write(result.stdout) |
2879 | + with tarfile.open(dest) as logs_tarfile: |
2880 | + logs_tarfile.extractall(new_artifacts_dir) |
2881 | + logging.warning("Done collecting logs.") |
2882 | + except Exception as e: |
2883 | + logging.error(str(e)) |
2884 | + logging.warning("Failed to collect logs") |
2885 | |
2886 | |
2887 | def after_all(context): |
2888 | - if context.config.image_clean: |
2889 | + if context.pro_config.image_clean: |
2890 | for key, image in context.series_image_name.items(): |
2891 | if key == context.series_reuse_image: |
2892 | logging.info( |
2893 | @@ -533,11 +499,11 @@ def after_all(context): |
2894 | context.series_image_name[key], |
2895 | ) |
2896 | else: |
2897 | - context.config.cloud_api.delete_image(image) |
2898 | + context.pro_config.cloud_api.delete_image(image) |
2899 | |
2900 | - if context.config.destroy_instances: |
2901 | + if context.pro_config.destroy_instances: |
2902 | try: |
2903 | - key_pair = context.config.cloud_manager.api.key_pair |
2904 | + key_pair = context.pro_config.cloud_manager.api.key_pair |
2905 | os.remove(key_pair.private_key_path) |
2906 | os.remove(key_pair.public_key_path) |
2907 | except Exception as e: |
2908 | @@ -547,7 +513,7 @@ def after_all(context): |
2909 | |
2910 | if "builder" in context.snapshots: |
2911 | try: |
2912 | - context.config.cloud_manager.api.delete_image( |
2913 | + context.pro_config.cloud_manager.api.delete_image( |
2914 | context.snapshots["builder"] |
2915 | ) |
2916 | except RuntimeError as e: |
2917 | diff --git a/features/fix.feature b/features/fix.feature |
2918 | index f62946f..cc10066 100644 |
2919 | --- a/features/fix.feature |
2920 | +++ b/features/fix.feature |
2921 | @@ -39,64 +39,158 @@ Feature: Ua fix command behaviour |
2922 | When I run `apt-get update` with sudo |
2923 | When I verify that running `pro fix CVE-1800-123456` `as non-root` exits `1` |
2924 | Then I will see the following on stderr: |
2925 | - """ |
2926 | - Error: CVE-1800-123456 not found. |
2927 | - """ |
2928 | + """ |
2929 | + Error: CVE-1800-123456 not found. |
2930 | + """ |
2931 | When I verify that running `pro fix USN-12345-12` `as non-root` exits `1` |
2932 | Then I will see the following on stderr: |
2933 | - """ |
2934 | - Error: USN-12345-12 not found. |
2935 | - """ |
2936 | + """ |
2937 | + Error: USN-12345-12 not found. |
2938 | + """ |
2939 | When I verify that running `pro fix CVE-12345678-12` `as non-root` exits `1` |
2940 | Then I will see the following on stderr: |
2941 | - """ |
2942 | - Error: issue "CVE-12345678-12" is not recognized. |
2943 | - Usage: "pro fix CVE-yyyy-nnnn" or "pro fix USN-nnnn" |
2944 | - """ |
2945 | + """ |
2946 | + Error: issue "CVE-12345678-12" is not recognized. |
2947 | + Usage: "pro fix CVE-yyyy-nnnn" or "pro fix USN-nnnn" |
2948 | + """ |
2949 | When I verify that running `pro fix USN-12345678-12` `as non-root` exits `1` |
2950 | Then I will see the following on stderr: |
2951 | - """ |
2952 | - Error: issue "USN-12345678-12" is not recognized. |
2953 | - Usage: "pro fix CVE-yyyy-nnnn" or "pro fix USN-nnnn" |
2954 | - """ |
2955 | + """ |
2956 | + Error: issue "USN-12345678-12" is not recognized. |
2957 | + Usage: "pro fix CVE-yyyy-nnnn" or "pro fix USN-nnnn" |
2958 | + """ |
2959 | When I run `apt install -y libawl-php=0.60-1 --allow-downgrades` with sudo |
2960 | And I run `pro fix USN-4539-1` with sudo |
2961 | Then stdout matches regexp: |
2962 | - """ |
2963 | - USN-4539-1: AWL vulnerability |
2964 | - Found CVEs: |
2965 | - - https://ubuntu.com/security/CVE-2020-11728 |
2966 | + """ |
2967 | + USN-4539-1: AWL vulnerability |
2968 | + Found CVEs: |
2969 | + - https://ubuntu.com/security/CVE-2020-11728 |
2970 | |
2971 | - 1 affected source package is installed: awl |
2972 | - \(1/1\) awl: |
2973 | - A fix is available in Ubuntu standard updates. |
2974 | - .*\{ apt update && apt install --only-upgrade -y libawl-php \}.* |
2975 | + Fixing requested USN-4539-1 |
2976 | + 1 affected source package is installed: awl |
2977 | + \(1/1\) awl: |
2978 | + A fix is available in Ubuntu standard updates. |
2979 | + .*\{ apt update && apt install --only-upgrade -y libawl-php \}.* |
2980 | |
2981 | - .*✔.* USN-4539-1 is resolved. |
2982 | - """ |
2983 | + .*✔.* USN-4539-1 is resolved. |
2984 | + """ |
2985 | When I run `pro fix CVE-2020-28196` as non-root |
2986 | Then stdout matches regexp: |
2987 | - """ |
2988 | - CVE-2020-28196: Kerberos vulnerability |
2989 | - - https://ubuntu.com/security/CVE-2020-28196 |
2990 | + """ |
2991 | + CVE-2020-28196: Kerberos vulnerability |
2992 | + - https://ubuntu.com/security/CVE-2020-28196 |
2993 | |
2994 | - 1 affected source package is installed: krb5 |
2995 | - \(1/1\) krb5: |
2996 | - A fix is available in Ubuntu standard updates. |
2997 | - The update is already installed. |
2998 | + 1 affected source package is installed: krb5 |
2999 | + \(1/1\) krb5: |
3000 | + A fix is available in Ubuntu standard updates. |
3001 | + The update is already installed. |
3002 | |
3003 | - .*✔.* CVE-2020-28196 is resolved. |
3004 | - """ |
3005 | + .*✔.* CVE-2020-28196 is resolved. |
3006 | + """ |
3007 | When I run `pro fix CVE-2022-24959` as non-root |
3008 | Then stdout matches regexp: |
3009 | - """ |
3010 | - CVE-2022-24959: Linux kernel vulnerabilities |
3011 | - - https://ubuntu.com/security/CVE-2022-24959 |
3012 | + """ |
3013 | + CVE-2022-24959: Linux kernel vulnerabilities |
3014 | + - https://ubuntu.com/security/CVE-2022-24959 |
3015 | |
3016 | - No affected source packages are installed. |
3017 | + No affected source packages are installed. |
3018 | |
3019 | - .*✔.* CVE-2022-24959 does not affect your system. |
3020 | - """ |
3021 | + .*✔.* CVE-2022-24959 does not affect your system. |
3022 | + """ |
3023 | + When I run `apt install -y rsync=3.1.3-8 --allow-downgrades` with sudo |
3024 | + And I run `apt install -y zlib1g=1:1.2.11.dfsg-2ubuntu1 --allow-downgrades` with sudo |
3025 | + And I run `pro fix USN-5573-1` with sudo |
3026 | + Then stdout matches regexp: |
3027 | + """ |
3028 | + USN-5573-1: rsync vulnerability |
3029 | + Found CVEs: |
3030 | + - https://ubuntu.com/security/CVE-2022-37434 |
3031 | + |
3032 | + Fixing requested USN-5573-1 |
3033 | + 1 affected source package is installed: rsync |
3034 | + \(1/1\) rsync: |
3035 | + A fix is available in Ubuntu standard updates. |
3036 | + .*\{ apt update && apt install --only-upgrade -y rsync \}.* |
3037 | + |
3038 | + .*✔.* USN-5573-1 is resolved. |
3039 | + |
3040 | + Found related USNs: |
3041 | + - USN-5570-1 |
3042 | + - USN-5570-2 |
3043 | + |
3044 | + Fixing related USNs: |
3045 | + - USN-5570-1 |
3046 | + No affected source packages are installed. |
3047 | + |
3048 | + .*✔.* USN-5570-1 does not affect your system. |
3049 | + |
3050 | + - USN-5570-2 |
3051 | + 1 affected source package is installed: zlib |
3052 | + \(1/1\) zlib: |
3053 | + A fix is available in Ubuntu standard updates. |
3054 | + .*\{ apt update && apt install --only-upgrade -y zlib1g \}.* |
3055 | + |
3056 | + .*✔.* USN-5570-2 is resolved. |
3057 | + |
3058 | + Summary: |
3059 | + .*✔.* USN-5573-1 \[requested\] is resolved. |
3060 | + .*✔.* USN-5570-1 \[related\] does not affect your system. |
3061 | + .*✔.* USN-5570-2 \[related\] is resolved. |
3062 | + """ |
3063 | + When I run `pro fix USN-5573-1` with sudo |
3064 | + Then stdout matches regexp: |
3065 | + """ |
3066 | + USN-5573-1: rsync vulnerability |
3067 | + Found CVEs: |
3068 | + - https://ubuntu.com/security/CVE-2022-37434 |
3069 | + |
3070 | + Fixing requested USN-5573-1 |
3071 | + 1 affected source package is installed: rsync |
3072 | + \(1/1\) rsync: |
3073 | + A fix is available in Ubuntu standard updates. |
3074 | + The update is already installed. |
3075 | + |
3076 | + .*✔.* USN-5573-1 is resolved. |
3077 | + |
3078 | + Found related USNs: |
3079 | + - USN-5570-1 |
3080 | + - USN-5570-2 |
3081 | + |
3082 | + Fixing related USNs: |
3083 | + - USN-5570-1 |
3084 | + No affected source packages are installed. |
3085 | + |
3086 | + .*✔.* USN-5570-1 does not affect your system. |
3087 | + |
3088 | + - USN-5570-2 |
3089 | + 1 affected source package is installed: zlib |
3090 | + \(1/1\) zlib: |
3091 | + A fix is available in Ubuntu standard updates. |
3092 | + The update is already installed. |
3093 | + |
3094 | + .*✔.* USN-5570-2 is resolved. |
3095 | + |
3096 | + Summary: |
3097 | + .*✔.* USN-5573-1 \[requested\] is resolved. |
3098 | + .*✔.* USN-5570-1 \[related\] does not affect your system. |
3099 | + .*✔.* USN-5570-2 \[related\] is resolved. |
3100 | + """ |
3101 | + When I run `pro fix USN-5573-1 --no-related` with sudo |
3102 | + Then stdout matches regexp: |
3103 | + """ |
3104 | + USN-5573-1: rsync vulnerability |
3105 | + Found CVEs: |
3106 | + - https://ubuntu.com/security/CVE-2022-37434 |
3107 | + |
3108 | + Fixing requested USN-5573-1 |
3109 | + 1 affected source package is installed: rsync |
3110 | + \(1/1\) rsync: |
3111 | + A fix is available in Ubuntu standard updates. |
3112 | + The update is already installed. |
3113 | + |
3114 | + .*✔.* USN-5573-1 is resolved. |
3115 | + """ |
3116 | |
3117 | Examples: ubuntu release details |
3118 | | release | |
3119 | @@ -107,22 +201,30 @@ Feature: Ua fix command behaviour |
3120 | @uses.config.machine_type.lxd.container |
3121 | Scenario Outline: Fix command on an unattached machine |
3122 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3123 | + When I verify that running `pro fix CVE-1800-123456` `as non-root` exits `1` |
3124 | + Then I will see the following on stderr: |
3125 | + """ |
3126 | + Error: CVE-1800-123456 not found. |
3127 | + """ |
3128 | + When I verify that running `pro fix USN-12345-12` `as non-root` exits `1` |
3129 | + Then I will see the following on stderr: |
3130 | + """ |
3131 | + Error: USN-12345-12 not found. |
3132 | + """ |
3133 | When I run `apt-get update` with sudo |
3134 | When I run `apt install -y libawl-php` with sudo |
3135 | And I reboot the machine |
3136 | - And I verify that running `pro fix USN-4539-1` `as non-root` exits `1` |
3137 | + And I run `pro fix USN-4539-1` as non-root |
3138 | Then stdout matches regexp: |
3139 | """ |
3140 | USN-4539-1: AWL vulnerability |
3141 | Found CVEs: |
3142 | - https://ubuntu.com/security/CVE-2020-11728 |
3143 | |
3144 | - 1 affected source package is installed: awl |
3145 | - \(1/1\) awl: |
3146 | - Ubuntu security engineers are investigating this issue. |
3147 | + Fixing requested USN-4539-1 |
3148 | + No affected source packages are installed. |
3149 | |
3150 | - 1 package is still affected: awl |
3151 | - .*✘.* USN-4539-1 is not resolved. |
3152 | + .*✔.* USN-4539-1 does not affect your system. |
3153 | """ |
3154 | When I run `pro fix CVE-2020-15180` as non-root |
3155 | Then stdout matches regexp: |
3156 | @@ -192,6 +294,7 @@ Feature: Ua fix command behaviour |
3157 | - https://ubuntu.com/security/CVE-2021-22946 |
3158 | - https://ubuntu.com/security/CVE-2021-22947 |
3159 | |
3160 | + Fixing requested USN-5079-2 |
3161 | 1 affected source package is installed: curl |
3162 | \(1/1\) curl: |
3163 | A fix is available in Ubuntu Pro: ESM Infra. |
3164 | @@ -207,6 +310,19 @@ Feature: Ua fix command behaviour |
3165 | .*\{ apt update && apt install --only-upgrade -y curl libcurl3-gnutls \}.* |
3166 | |
3167 | .*✔.* USN-5079-2 is resolved. |
3168 | + |
3169 | + Found related USNs: |
3170 | + - USN-5079-1 |
3171 | + |
3172 | + Fixing related USNs: |
3173 | + - USN-5079-1 |
3174 | + No affected source packages are installed. |
3175 | + |
3176 | + .*✔.* USN-5079-1 does not affect your system. |
3177 | + |
3178 | + Summary: |
3179 | + .*✔.* USN-5079-2 \[requested\] is resolved. |
3180 | + .*✔.* USN-5079-1 \[related\] does not affect your system. |
3181 | """ |
3182 | When I fix `USN-5079-2` by attaching to a subscription with `contract_token_staging_expired` |
3183 | Then stdout matches regexp |
3184 | @@ -216,6 +332,7 @@ Feature: Ua fix command behaviour |
3185 | - https://ubuntu.com/security/CVE-2021-22946 |
3186 | - https://ubuntu.com/security/CVE-2021-22947 |
3187 | |
3188 | + Fixing requested USN-5079-2 |
3189 | 1 affected source package is installed: curl |
3190 | \(1/1\) curl: |
3191 | A fix is available in Ubuntu Pro: ESM Infra. |
3192 | @@ -240,6 +357,7 @@ Feature: Ua fix command behaviour |
3193 | - https://ubuntu.com/security/CVE-2021-22946 |
3194 | - https://ubuntu.com/security/CVE-2021-22947 |
3195 | |
3196 | + Fixing requested USN-5079-2 |
3197 | 1 affected source package is installed: curl |
3198 | \(1/1\) curl: |
3199 | A fix is available in Ubuntu Pro: ESM Infra. |
3200 | @@ -259,6 +377,19 @@ Feature: Ua fix command behaviour |
3201 | .*\{ apt update && apt install --only-upgrade -y curl libcurl3-gnutls \}.* |
3202 | |
3203 | .*✔.* USN-5079-2 is resolved. |
3204 | + |
3205 | + Found related USNs: |
3206 | + - USN-5079-1 |
3207 | + |
3208 | + Fixing related USNs: |
3209 | + - USN-5079-1 |
3210 | + No affected source packages are installed. |
3211 | + |
3212 | + .*✔.* USN-5079-1 does not affect your system. |
3213 | + |
3214 | + Summary: |
3215 | + .*✔.* USN-5079-2 \[requested\] is resolved. |
3216 | + .*✔.* USN-5079-1 \[related\] does not affect your system. |
3217 | """ |
3218 | When I verify that running `pro fix USN-5051-2` `with sudo` exits `2` |
3219 | Then stdout matches regexp: |
3220 | @@ -267,6 +398,7 @@ Feature: Ua fix command behaviour |
3221 | Found CVEs: |
3222 | - https://ubuntu.com/security/CVE-2021-3712 |
3223 | |
3224 | + Fixing requested USN-5051-2 |
3225 | 1 affected source package is installed: openssl |
3226 | \(1/1\) openssl: |
3227 | A fix is available in Ubuntu Pro: ESM Infra. |
3228 | @@ -276,6 +408,8 @@ Feature: Ua fix command behaviour |
3229 | .*✘.* USN-5051-2 is not resolved. |
3230 | """ |
3231 | When I run `pro disable esm-infra` with sudo |
3232 | + # Allow esm-cache to be populated |
3233 | + And I run `sleep 5` as non-root |
3234 | And I run `apt-get install gzip -y` with sudo |
3235 | And I run `pro fix USN-5378-4 --dry-run` as non-root |
3236 | Then stdout matches regexp: |
3237 | @@ -286,17 +420,53 @@ Feature: Ua fix command behaviour |
3238 | Found CVEs: |
3239 | - https://ubuntu.com/security/CVE-2022-1271 |
3240 | |
3241 | - 2 affected source packages are installed: gzip, xz-utils |
3242 | - \(1/2, 2/2\) gzip, xz-utils: |
3243 | + Fixing requested USN-5378-4 |
3244 | + 1 affected source package is installed: gzip |
3245 | + \(1/1\) gzip: |
3246 | A fix is available in Ubuntu Pro: ESM Infra. |
3247 | |
3248 | .*Ubuntu Pro service: esm-infra is not enabled. |
3249 | To proceed with the fix, a prompt would ask permission to automatically enable |
3250 | this service. |
3251 | \{ pro enable esm-infra \}.* |
3252 | - .*\{ apt update && apt install --only-upgrade -y gzip liblzma5 xz-utils \}.* |
3253 | + .*\{ apt update && apt install --only-upgrade -y gzip \}.* |
3254 | |
3255 | .*✔.* USN-5378-4 is resolved. |
3256 | + |
3257 | + Found related USNs: |
3258 | + - USN-5378-1 |
3259 | + - USN-5378-2 |
3260 | + - USN-5378-3 |
3261 | + |
3262 | + Fixing related USNs: |
3263 | + - USN-5378-1 |
3264 | + No affected source packages are installed. |
3265 | + |
3266 | + .*✔.* USN-5378-1 does not affect your system. |
3267 | + |
3268 | + - USN-5378-2 |
3269 | + No affected source packages are installed. |
3270 | + |
3271 | + .*✔.* USN-5378-2 does not affect your system. |
3272 | + |
3273 | + - USN-5378-3 |
3274 | + 1 affected source package is installed: xz-utils |
3275 | + \(1/1\) xz-utils: |
3276 | + A fix is available in Ubuntu Pro: ESM Infra. |
3277 | + |
3278 | + .*Ubuntu Pro service: esm-infra is not enabled. |
3279 | + To proceed with the fix, a prompt would ask permission to automatically enable |
3280 | + this service. |
3281 | + \{ pro enable esm-infra \}.* |
3282 | + .*\{ apt update && apt install --only-upgrade -y liblzma5 xz-utils \}.* |
3283 | + |
3284 | + .*✔.* USN-5378-3 is resolved. |
3285 | + |
3286 | + Summary: |
3287 | + .*✔.* USN-5378-4 \[requested\] is resolved. |
3288 | + .*✔.* USN-5378-1 \[related\] does not affect your system. |
3289 | + .*✔.* USN-5378-2 \[related\] does not affect your system. |
3290 | + .*✔.* USN-5378-3 \[related\] is resolved. |
3291 | """ |
3292 | When I run `pro fix USN-5378-4` `with sudo` and stdin `E` |
3293 | Then stdout matches regexp: |
3294 | @@ -305,8 +475,9 @@ Feature: Ua fix command behaviour |
3295 | Found CVEs: |
3296 | - https://ubuntu.com/security/CVE-2022-1271 |
3297 | |
3298 | - 2 affected source packages are installed: gzip, xz-utils |
3299 | - \(1/2, 2/2\) gzip, xz-utils: |
3300 | + Fixing requested USN-5378-4 |
3301 | + 1 affected source package is installed: gzip |
3302 | + \(1/1\) gzip: |
3303 | A fix is available in Ubuntu Pro: ESM Infra. |
3304 | The update is not installed because this system does not have |
3305 | esm-infra enabled. |
3306 | @@ -316,9 +487,59 @@ Feature: Ua fix command behaviour |
3307 | One moment, checking your subscription first |
3308 | Updating package lists |
3309 | Ubuntu Pro: ESM Infra enabled |
3310 | - .*\{ apt update && apt install --only-upgrade -y gzip liblzma5 xz-utils \}.* |
3311 | + .*\{ apt update && apt install --only-upgrade -y gzip \}.* |
3312 | |
3313 | .*✔.* USN-5378-4 is resolved. |
3314 | + |
3315 | + Found related USNs: |
3316 | + - USN-5378-1 |
3317 | + - USN-5378-2 |
3318 | + - USN-5378-3 |
3319 | + |
3320 | + Fixing related USNs: |
3321 | + - USN-5378-1 |
3322 | + No affected source packages are installed. |
3323 | + |
3324 | + .*✔.* USN-5378-1 does not affect your system. |
3325 | + |
3326 | + - USN-5378-2 |
3327 | + No affected source packages are installed. |
3328 | + |
3329 | + .*✔.* USN-5378-2 does not affect your system. |
3330 | + |
3331 | + - USN-5378-3 |
3332 | + 1 affected source package is installed: xz-utils |
3333 | + \(1/1\) xz-utils: |
3334 | + A fix is available in Ubuntu Pro: ESM Infra. |
3335 | + .*\{ apt update && apt install --only-upgrade -y liblzma5 xz-utils \}.* |
3336 | + |
3337 | + .*✔.* USN-5378-3 is resolved. |
3338 | + |
3339 | + Summary: |
3340 | + .*✔.* USN-5378-4 \[requested\] is resolved. |
3341 | + .*✔.* USN-5378-1 \[related\] does not affect your system. |
3342 | + .*✔.* USN-5378-2 \[related\] does not affect your system. |
3343 | + .*✔.* USN-5378-3 \[related\] is resolved. |
3344 | + """ |
3345 | + When I run `pro detach --assume-yes` with sudo |
3346 | + And I run `sed -i "/xenial-updates/d" /etc/apt/sources.list` with sudo |
3347 | + And I run `sed -i "/xenial-security/d" /etc/apt/sources.list` with sudo |
3348 | + And I run `apt-get update` with sudo |
3349 | + And I run `apt-get install squid -y` with sudo |
3350 | + And I verify that running `pro fix CVE-2020-25097` `as non-root` exits `1` |
3351 | + Then stdout matches regexp: |
3352 | + """ |
3353 | + CVE-2020-25097: Squid vulnerabilities |
3354 | + - https://ubuntu.com/security/CVE-2020-25097 |
3355 | + |
3356 | + 1 affected source package is installed: squid3 |
3357 | + \(1/1\) squid3: |
3358 | + A fix is available in Ubuntu standard updates. |
3359 | + - Cannot install package squid version 3.5.12-1ubuntu7.16 |
3360 | + - Cannot install package squid-common version 3.5.12-1ubuntu7.16 |
3361 | + |
3362 | + 1 package is still affected: squid3 |
3363 | + .*✘.* CVE-2020-25097 is not resolved |
3364 | """ |
3365 | |
3366 | Examples: ubuntu release details |
3367 | @@ -353,7 +574,7 @@ Feature: Ua fix command behaviour |
3368 | Usage: "pro fix CVE-yyyy-nnnn" or "pro fix USN-nnnn" |
3369 | """ |
3370 | When I run `apt install -y libawl-php` with sudo |
3371 | - And I verify that running `pro fix USN-4539-1 --dry-run` `as non-root` exits `1` |
3372 | + And I run `pro fix USN-4539-1 --dry-run` as non-root |
3373 | Then stdout matches regexp: |
3374 | """ |
3375 | .*WARNING: The option --dry-run is being used. |
3376 | @@ -362,26 +583,22 @@ Feature: Ua fix command behaviour |
3377 | Found CVEs: |
3378 | - https://ubuntu.com/security/CVE-2020-11728 |
3379 | |
3380 | - 1 affected source package is installed: awl |
3381 | - \(1/1\) awl: |
3382 | - Ubuntu security engineers are investigating this issue. |
3383 | + Fixing requested USN-4539-1 |
3384 | + No affected source packages are installed. |
3385 | |
3386 | - 1 package is still affected: awl |
3387 | - .*✘.* USN-4539-1 is not resolved. |
3388 | + .*✔.* USN-4539-1 does not affect your system. |
3389 | """ |
3390 | - When I verify that running `pro fix USN-4539-1` `as non-root` exits `1` |
3391 | + When I run `pro fix USN-4539-1` as non-root |
3392 | Then stdout matches regexp: |
3393 | """ |
3394 | USN-4539-1: AWL vulnerability |
3395 | Found CVEs: |
3396 | - https://ubuntu.com/security/CVE-2020-11728 |
3397 | |
3398 | - 1 affected source package is installed: awl |
3399 | - \(1/1\) awl: |
3400 | - Ubuntu security engineers are investigating this issue. |
3401 | + Fixing requested USN-4539-1 |
3402 | + No affected source packages are installed. |
3403 | |
3404 | - 1 package is still affected: awl |
3405 | - .*✘.* USN-4539-1 is not resolved. |
3406 | + .*✔.* USN-4539-1 does not affect your system. |
3407 | """ |
3408 | When I run `pro fix CVE-2020-28196` as non-root |
3409 | Then stdout matches regexp: |
3410 | @@ -462,6 +679,7 @@ Feature: Ua fix command behaviour |
3411 | Found Launchpad bugs: |
3412 | - https://launchpad.net/bugs/1834494 |
3413 | |
3414 | + Fixing requested USN-4038-3 |
3415 | 1 affected source package is installed: bzip2 |
3416 | \(1/1\) bzip2: |
3417 | A fix is available in Ubuntu standard updates. |
3418 | diff --git a/features/i8n.feature b/features/i8n.feature |
3419 | new file mode 100644 |
3420 | index 0000000..f87f994 |
3421 | --- /dev/null |
3422 | +++ b/features/i8n.feature |
3423 | @@ -0,0 +1,128 @@ |
3424 | +Feature: Pro supports multiple languages |
3425 | + |
3426 | + @series.all |
3427 | + @uses.config.machine_type.lxd.container |
3428 | + @uses.config.contract_token |
3429 | + Scenario Outline: Pro client's commands run successfully |
3430 | + Given a `<release>` machine with ubuntu-advantage-tools installed |
3431 | + ## Change the locale |
3432 | + When I run `apt install language-pack-fr -y` with sudo |
3433 | + And I run `update-locale LANG=fr_FR.UTF-8` with sudo |
3434 | + And I reboot the machine |
3435 | + And I run `cat /etc/default/locale` as non-root |
3436 | + Then stdout matches regexp: |
3437 | + """ |
3438 | + LANG=fr_FR.UTF-8 |
3439 | + """ |
3440 | + #Attach invalid token |
3441 | + When I verify that running `pro attach INVALID_TOKEN` `with sudo` exits `1` |
3442 | + Then stderr matches regexp: |
3443 | + """ |
3444 | + Invalid token. See https://ubuntu.com/pro |
3445 | + """ |
3446 | + When I run `lscpu` as non-root |
3447 | + Then stdout does not match regexp: |
3448 | + """ |
3449 | + Architecture: |
3450 | + """ |
3451 | + When I run `apt update` with sudo |
3452 | + Then stdout does not match regexp: |
3453 | + """ |
3454 | + Hit |
3455 | + """ |
3456 | + When I verify that running `pro attach INVALID_TOKEN` `as non-root` exits `1` |
3457 | + Then I will see the following on stderr: |
3458 | + """ |
3459 | + This command must be run as root (try using sudo). |
3460 | + """ |
3461 | + When I verify that running `pro attach invalid-token --format json` `with sudo` exits `1` |
3462 | + Then stdout is a json matching the `ua_operation` schema |
3463 | + And I will see the following on stdout: |
3464 | + """ |
3465 | + {"_schema_version": "0.1", "errors": [{"message": "Invalid token. See https://ubuntu.com/pro", "message_code": "attach-invalid-token", "service": null, "type": "system"}], "failed_services": [], "needs_reboot": false, "processed_services": [], "result": "failure", "warnings": []} |
3466 | + """ |
3467 | + When I attach `contract_token` with sudo |
3468 | + # Refresh command |
3469 | + When I run `pro refresh` with sudo |
3470 | + Then I will see the following on stdout: |
3471 | + """ |
3472 | + Successfully processed your pro configuration. |
3473 | + Successfully refreshed your subscription. |
3474 | + Successfully updated Ubuntu Pro related APT and MOTD messages. |
3475 | + """ |
3476 | + # auto-attach command |
3477 | + When I verify that running `pro auto-attach` `with sudo` exits `2` |
3478 | + Then stderr matches regexp: |
3479 | + """ |
3480 | + This machine is already attached to 'UA Client Test' |
3481 | + To use a different subscription first run: sudo pro detach. |
3482 | + """ |
3483 | + # status command |
3484 | + When I run `pro status --format json` as non-root |
3485 | + Then stdout is a json matching the `ua_status` schema |
3486 | + When I run `pro status --format yaml` as non-root |
3487 | + Then stdout is a yaml matching the `ua_status` schema |
3488 | + When I create the file `/tmp/machine-token-overlay.json` with the following: |
3489 | + """ |
3490 | + { |
3491 | + "machineTokenInfo": { |
3492 | + "contractInfo": { |
3493 | + "effectiveTo": null |
3494 | + } |
3495 | + } |
3496 | + } |
3497 | + """ |
3498 | + And I append the following on uaclient config: |
3499 | + """ |
3500 | + features: |
3501 | + machine_token_overlay: "/tmp/machine-token-overlay.json" |
3502 | + """ |
3503 | + And I run `pro status` with sudo |
3504 | + Then stdout contains substring: |
3505 | + """ |
3506 | + Valid until: Unknown/Expired |
3507 | + """ |
3508 | + # api command invalid endpoint |
3509 | + When I verify that running `pro api invalid.endpoint` `with sudo` exits `1` |
3510 | + Then stdout matches regexp: |
3511 | + """ |
3512 | + {\"_schema_version\": \"v1\", \"data\": {\"meta\": {\"environment_vars\": \[]}}, \"errors\": \[{\"code\": \"api\-invalid\-endpoint", \"meta\": {}, \"title\": \"'invalid\.endpoint' is not a valid endpoint\"}], \"result\": \"failure\", \"version\": \".*\", \"warnings\": \[]} |
3513 | + """ |
3514 | + When I verify that running `pro api u.pro.version.v1 --args extra=arg` `with sudo` exits `1` |
3515 | + Then stdout matches regexp: |
3516 | + """ |
3517 | + {\"_schema_version\": \"v1\", \"data\": {\"meta\": {\"environment_vars\": \[]}}, \"errors\": \[{\"code\": \"api\-no\-argument\-for\-endpoint\", \"meta\": {}, \"title\": \"u\.pro\.version\.v1 accepts no arguments\"}], \"result\": \"failure\", \"version\": \".*\", \"warnings\": \[]} |
3518 | + """ |
3519 | + # api command valid endpoint |
3520 | + When I run `pro api u.pro.version.v1` with sudo |
3521 | + Then stdout matches regexp: |
3522 | + """ |
3523 | + {\"_schema_version\": \"v1\", \"data\": {\"attributes\": {\"installed_version\": \".*\"}, \"meta\": {\"environment_vars\": \[]}, \"type\": \"Version\"}, \"errors\": \[], \"result\": \"success\", \"version\": \".*\", \"warnings\": \[]} |
3524 | + """ |
3525 | + When I run `UA_LOG_FILE=/tmp/some_file OTHER_ENVVAR=not_there pro api u.pro.version.v1` with sudo |
3526 | + Then stdout matches regexp: |
3527 | + """ |
3528 | + {\"_schema_version\": \"v1\", \"data\": {\"attributes\": {\"installed_version\": \".*\"}, \"meta\": {\"environment_vars\": \[{\"name\": \"UA_LOG_FILE\", \"value\": \"\/tmp\/some_file\"}]}, \"type\": \"Version\"}, \"errors\": \[], \"result\": \"success\", \"version\": \".*\", \"warnings\": \[]} |
3529 | + """ |
3530 | + When I run `ua api u.pro.attach.auto.should_auto_attach.v1` with sudo |
3531 | + Then stdout matches regexp: |
3532 | + """ |
3533 | + {"_schema_version": "v1", "data": {"attributes": {"should_auto_attach": false}, "meta": {"environment_vars": \[\]}, "type": "ShouldAutoAttach"}, "errors": \[\], "result": "success", "version": ".*", "warnings": \[\]} |
3534 | + """ |
3535 | + # version |
3536 | + When I run `pro version` as non-root |
3537 | + Then I will see the uaclient version on stdout |
3538 | + When I run `pro version` with sudo |
3539 | + Then I will see the uaclient version on stdout |
3540 | + When I run `pro --version` as non-root |
3541 | + Then I will see the uaclient version on stdout |
3542 | + When I run `pro --version` with sudo |
3543 | + Then I will see the uaclient version on stdout |
3544 | + Examples: ubuntu release |
3545 | + | release | |
3546 | + | bionic | |
3547 | + | focal | |
3548 | + | xenial | |
3549 | + | jammy | |
3550 | + | kinetic | |
3551 | + | lunar | |
3552 | diff --git a/features/livepatch.feature b/features/livepatch.feature |
3553 | index 31641b7..724fa1a 100644 |
3554 | --- a/features/livepatch.feature |
3555 | +++ b/features/livepatch.feature |
3556 | @@ -5,6 +5,10 @@ Feature: Livepatch |
3557 | @uses.config.machine_type.lxd.vm |
3558 | Scenario Outline: Attached livepatch status shows warning when on unsupported kernel |
3559 | Given a `<release>` machine with ubuntu-advantage-tools installed |
3560 | + Then I verify that no files exist matching `/home/ubuntu/.cache/ubuntu-pro/livepatch-kernel-support-cache.json` |
3561 | + When I run `pro status` as non-root |
3562 | + Then I verify that files exist matching `/home/ubuntu/.cache/ubuntu-pro/livepatch-kernel-support-cache.json` |
3563 | + Then I verify that no files exist matching `/run/ubuntu-advantage/livepatch-kernel-support-cache.json` |
3564 | When I run `pro status` with sudo |
3565 | Then stdout matches regexp: |
3566 | """ |
3567 | @@ -14,6 +18,7 @@ Feature: Livepatch |
3568 | """ |
3569 | Supported livepatch kernels are listed here: https://ubuntu.com/security/livepatch/docs/kernels |
3570 | """ |
3571 | + Then I verify that files exist matching `/run/ubuntu-advantage/livepatch-kernel-support-cache.json` |
3572 | When I attach `contract_token` with sudo |
3573 | When I run `pro status` with sudo |
3574 | Then stdout matches regexp: |
3575 | @@ -23,7 +28,7 @@ Feature: Livepatch |
3576 | Then stdout matches regexp: |
3577 | """ |
3578 | NOTICES |
3579 | - The current kernel \(5.4.0-(\d+)-kvm, amd64\) is not supported by livepatch. |
3580 | + The current kernel \(5.4.0-(\d+)-kvm, x86_64\) is not supported by livepatch. |
3581 | Supported kernels are listed here: https://ubuntu.com/security/livepatch/docs/kernels |
3582 | Either switch to a supported kernel or `pro disable livepatch` to dismiss this warning. |
3583 | |
3584 | @@ -37,7 +42,7 @@ Feature: Livepatch |
3585 | Then stdout does not match regexp: |
3586 | """ |
3587 | NOTICES |
3588 | - The current kernel \(5.4.0-(\d+)-kvm, amd64\) is not supported by livepatch. |
3589 | + The current kernel \(5.4.0-(\d+)-kvm, x86_64\) is not supported by livepatch. |
3590 | Supported kernels are listed here: https://ubuntu.com/security/livepatch/docs/kernels |
3591 | Either switch to a supported kernel or `pro disable livepatch` to dismiss this warning. |
3592 | |
3593 | diff --git a/features/logs.feature b/features/logs.feature |
3594 | index 80924af..b64facd 100644 |
3595 | --- a/features/logs.feature |
3596 | +++ b/features/logs.feature |
3597 | @@ -28,3 +28,62 @@ Feature: Logs in Json Array Formatter |
3598 | | kinetic | |
3599 | | jammy | |
3600 | | lunar | |
3601 | + |
3602 | + @series.all |
3603 | + @uses.config.machine_type.lxd.container |
3604 | + Scenario Outline: Non-root user and root user log files are different |
3605 | + Given a `<release>` machine with ubuntu-advantage-tools installed |
3606 | + # Confirm user log file does not exist |
3607 | + When I verify `/var/log/ubuntu-advantage.log` is empty |
3608 | + Then I verify that no files exist matching `/home/ubuntu/.cache/ubuntu-pro/ubuntu-pro.log` |
3609 | + When I verify that running `pro status` `as non-root` exits `0` |
3610 | + Then I verify that files exist matching `/home/ubuntu/.cache/ubuntu-pro/ubuntu-pro.log` |
3611 | + When I verify `/var/log/ubuntu-advantage.log` is empty |
3612 | + And I run `cat /home/ubuntu/.cache/ubuntu-pro/ubuntu-pro.log` as non-root |
3613 | + Then stdout contains substring |
3614 | + """ |
3615 | + Executed with sys.argv: ['/usr/bin/pro', 'status'] |
3616 | + """ |
3617 | + When I run `truncate -s 0 /home/ubuntu/.cache/ubuntu-pro/ubuntu-pro.log` with sudo |
3618 | + And I attach `contract_token` with sudo |
3619 | + And I verify `/home/ubuntu/.cache/ubuntu-pro/ubuntu-pro.log` is empty |
3620 | + And I run `cat /var/log/ubuntu-advantage.log` as non-root |
3621 | + Then stdout contains substring |
3622 | + """ |
3623 | + Executed with sys.argv: ['/usr/bin/pro', 'attach' |
3624 | + """ |
3625 | + Examples: ubuntu release |
3626 | + | release | |
3627 | + | xenial | |
3628 | + | bionic | |
3629 | + | focal | |
3630 | + | kinetic | |
3631 | + | jammy | |
3632 | + | lunar | |
3633 | + |
3634 | + @series.all |
3635 | + @uses.config.machine_type.lxd.container |
3636 | + Scenario Outline: Non-root user log files included in collect logs |
3637 | + Given a `<release>` machine with ubuntu-advantage-tools installed |
3638 | + When i verify that running `pro status` `with sudo` exits `0` |
3639 | + And I verify that running `pro collect-logs` `with sudo` exits `0` |
3640 | + And I run `tar -tf ua_logs.tar.gz` as non-root |
3641 | + Then stdout does not contain substring |
3642 | + """ |
3643 | + user0.log |
3644 | + """ |
3645 | + When i verify that running `pro status` `as non-root` exits `0` |
3646 | + And I verify that running `pro collect-logs` `with sudo` exits `0` |
3647 | + And I run `tar -tf ua_logs.tar.gz` as non-root |
3648 | + Then stdout contains substring |
3649 | + """ |
3650 | + user0.log |
3651 | + """ |
3652 | + Examples: ubuntu release |
3653 | + | release | |
3654 | + | xenial | |
3655 | + | bionic | |
3656 | + | focal | |
3657 | + | kinetic | |
3658 | + | jammy | |
3659 | + | lunar | |
3660 | diff --git a/features/proxy_config.feature b/features/proxy_config.feature |
3661 | index 733c4ce..dd9d6df 100644 |
3662 | --- a/features/proxy_config.feature |
3663 | +++ b/features/proxy_config.feature |
3664 | @@ -582,7 +582,7 @@ Feature: Proxy configuration |
3665 | When I create the file `/var/lib/ubuntu-advantage/user-config.json` with the following: |
3666 | """ |
3667 | { |
3668 | - "ua_apt_http_proxy": "http://someuser:somepassword@$behave_var{machine-ip proxy}:3128" |
3669 | + "ua_apt_http_proxy": "http://someuser:somepassword@$behave_var{machine-ip proxy}:3128", |
3670 | "ua_apt_https_proxy": "http://someuser:somepassword@$behave_var{machine-ip proxy}:3128" |
3671 | } |
3672 | """ |
3673 | @@ -1133,7 +1133,7 @@ Feature: Proxy configuration |
3674 | When I create the file `/var/lib/ubuntu-advantage/user-config.json` with the following: |
3675 | """ |
3676 | { |
3677 | - "apt_http_proxy": "http://$behave_var{machine-ip proxy}:3128" |
3678 | + "apt_http_proxy": "http://$behave_var{machine-ip proxy}:3128", |
3679 | "apt_https_proxy": "http://$behave_var{machine-ip proxy}:3128" |
3680 | } |
3681 | """ |
3682 | @@ -1206,7 +1206,8 @@ Feature: Proxy configuration |
3683 | esm-apps +yes +enabled +Expanded Security Maintenance for Applications |
3684 | esm-infra +yes +enabled +Expanded Security Maintenance for Infrastructure |
3685 | """ |
3686 | - When I run `pro enable realtime-kernel --beta` `with sudo` and stdin `y` |
3687 | + When I run `pro disable livepatch --assume-yes` with sudo |
3688 | + When I run `pro enable realtime-kernel` `with sudo` and stdin `y` |
3689 | Then stdout matches regexp: |
3690 | """ |
3691 | Installing Real-time kernel packages |
3692 | diff --git a/features/realtime_kernel.feature b/features/realtime_kernel.feature |
3693 | index ef0cfc0..78972a2 100644 |
3694 | --- a/features/realtime_kernel.feature |
3695 | +++ b/features/realtime_kernel.feature |
3696 | @@ -50,65 +50,298 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription |
3697 | When I attach `contract_token` with sudo and options `--no-auto-enable` |
3698 | Then I verify that running `pro enable realtime-kernel` `as non-root` exits `1` |
3699 | And I will see the following on stderr: |
3700 | - """ |
3701 | - This command must be run as root (try using sudo). |
3702 | - """ |
3703 | + """ |
3704 | + This command must be run as root (try using sudo). |
3705 | + """ |
3706 | When I run `pro enable realtime-kernel` `with sudo` and stdin `y` |
3707 | Then stdout matches regexp: |
3708 | - """ |
3709 | - One moment, checking your subscription first |
3710 | - The Real-time kernel is an Ubuntu kernel with PREEMPT_RT patches integrated. |
3711 | + """ |
3712 | + One moment, checking your subscription first |
3713 | + The Real-time kernel is an Ubuntu kernel with PREEMPT_RT patches integrated. |
3714 | |
3715 | - .*This will change your kernel. To revert to your original kernel, you will need |
3716 | - to make the change manually..* |
3717 | + .*This will change your kernel. To revert to your original kernel, you will need |
3718 | + to make the change manually..* |
3719 | |
3720 | - Do you want to continue\? \[ default = Yes \]: \(Y/n\) Updating package lists |
3721 | - Installing Real-time kernel packages |
3722 | - Real-time kernel enabled |
3723 | - A reboot is required to complete install. |
3724 | - """ |
3725 | + Do you want to continue\? \[ default = Yes \]: \(Y/n\) Updating package lists |
3726 | + Installing Real-time kernel packages |
3727 | + Real-time kernel enabled |
3728 | + A reboot is required to complete install. |
3729 | + """ |
3730 | When I run `apt-cache policy ubuntu-realtime` as non-root |
3731 | Then stdout does not match regexp: |
3732 | - """ |
3733 | - .*Installed: \(none\) |
3734 | - """ |
3735 | + """ |
3736 | + .*Installed: \(none\) |
3737 | + """ |
3738 | And stdout matches regexp: |
3739 | - """ |
3740 | - \s* 500 https://esm.ubuntu.com/realtime/ubuntu <release>/main amd64 Packages |
3741 | - """ |
3742 | + """ |
3743 | + \s* 500 https://esm.ubuntu.com/realtime/ubuntu <release>/main amd64 Packages |
3744 | + """ |
3745 | When I verify that running `pro enable realtime-kernel` `with sudo` exits `1` |
3746 | Then stdout matches regexp |
3747 | - """ |
3748 | - One moment, checking your subscription first |
3749 | - Real-time kernel is already enabled. |
3750 | - See: sudo pro status |
3751 | - """ |
3752 | + """ |
3753 | + One moment, checking your subscription first |
3754 | + Real-time kernel is already enabled. |
3755 | + See: sudo pro status |
3756 | + """ |
3757 | When I reboot the machine |
3758 | When I run `uname -r` as non-root |
3759 | Then stdout matches regexp: |
3760 | - """ |
3761 | - realtime |
3762 | - """ |
3763 | + """ |
3764 | + realtime |
3765 | + """ |
3766 | When I run `pro disable realtime-kernel` `with sudo` and stdin `y` |
3767 | Then stdout matches regexp: |
3768 | - """ |
3769 | - This will remove the boot order preference for the Real-time kernel and |
3770 | - disable updates to the Real-time kernel. |
3771 | + """ |
3772 | + This will remove the boot order preference for the Real-time kernel and |
3773 | + disable updates to the Real-time kernel. |
3774 | |
3775 | - This will NOT fully remove the kernel from your system. |
3776 | + This will NOT fully remove the kernel from your system. |
3777 | |
3778 | - After this operation is complete you must: |
3779 | - - Ensure a different kernel is installed and configured to boot |
3780 | - - Reboot into that kernel |
3781 | - - Fully remove the realtime kernel packages from your system |
3782 | - - This might look something like `apt remove linux\*realtime`, |
3783 | - but you must ensure this is correct before running it. |
3784 | - """ |
3785 | + After this operation is complete you must: |
3786 | + - Ensure a different kernel is installed and configured to boot |
3787 | + - Reboot into that kernel |
3788 | + - Fully remove the realtime kernel packages from your system |
3789 | + - This might look something like `apt remove linux\*realtime`, |
3790 | + but you must ensure this is correct before running it. |
3791 | + """ |
3792 | When I run `apt-cache policy ubuntu-realtime` as non-root |
3793 | Then stdout contains substring |
3794 | - """ |
3795 | - Installed: (none) |
3796 | - """ |
3797 | + """ |
3798 | + Installed: (none) |
3799 | + """ |
3800 | + When I verify that running `pro enable realtime-kernel --access-only --variant nvidia-tegra` `with sudo` exits `1` |
3801 | + Then I will see the following on stderr: |
3802 | + """ |
3803 | + Error: Cannot use --access-only together with --variant. |
3804 | + """ |
3805 | + When I run `pro status` as non-root |
3806 | + Then stdout does not match regexp: |
3807 | + """ |
3808 | + \* Service has variants |
3809 | + """ |
3810 | + When I run `pro status --all` as non-root |
3811 | + Then stdout does not match regexp: |
3812 | + """ |
3813 | + realtime-kernel yes +disabled +Ubuntu kernel with PREEMPT_RT patches integrated |
3814 | + ├ generic yes +disabled +Generic version of the RT kernel \(default\) |
3815 | + ├ intel-iotg yes +disabled +RT kernel optimized for Intel IOTG platform |
3816 | + └ nvidia-tegra yes +disabled +RT kernel optimized for NVIDIA Tegra platform |
3817 | + """ |
3818 | + And stdout matches regexp: |
3819 | + """ |
3820 | + realtime-kernel yes +disabled +Ubuntu kernel with PREEMPT_RT patches integrated |
3821 | + """ |
3822 | + |
3823 | + # Test one variant |
3824 | + # We need to disable this job before adding the overlay, because we might |
3825 | + # write the machine token to disk with the override content |
3826 | + When I run `pro config set update_messaging_timer=0` with sudo |
3827 | + And I set the machine token overlay to the following yaml |
3828 | + """ |
3829 | + machineTokenInfo: |
3830 | + contractInfo: |
3831 | + resourceEntitlements: |
3832 | + - type: realtime-kernel |
3833 | + overrides: |
3834 | + - directives: |
3835 | + additionalPackages: |
3836 | + - ubuntu-intel-iot-realtime |
3837 | + selector: |
3838 | + variant: intel-iotg |
3839 | + affordances: |
3840 | + platformChecks: {"cpu_vendor_ids": ["intel"]} |
3841 | + """ |
3842 | + When I run `pro enable realtime-kernel --assume-yes` with sudo |
3843 | + When I run `pro status --all` as non-root |
3844 | + Then stdout matches regexp: |
3845 | + """ |
3846 | + realtime-kernel yes +enabled +Ubuntu kernel with PREEMPT_RT patches integrated |
3847 | + ├ generic yes +enabled +Generic version of the RT kernel \(default\) |
3848 | + └ intel-iotg yes +disabled +RT kernel optimized for Intel IOTG platform |
3849 | + """ |
3850 | + When I run `pro enable realtime-kernel --variant intel-iotg` `with sudo` and stdin `y\ny\n` |
3851 | + Then stdout contains substring: |
3852 | + """ |
3853 | + Real-time Intel IOTG Kernel cannot be enabled with Real-time kernel. |
3854 | + Disable Real-time kernel and proceed to enable Real-time Intel IOTG Kernel? (y/N) |
3855 | + """ |
3856 | + When I run `pro status --all` as non-root |
3857 | + Then stdout matches regexp: |
3858 | + """ |
3859 | + realtime-kernel yes +enabled +Ubuntu kernel with PREEMPT_RT patches integrated |
3860 | + ├ generic yes +disabled +Generic version of the RT kernel \(default\) |
3861 | + └ intel-iotg yes +enabled +RT kernel optimized for Intel IOTG platform |
3862 | + """ |
3863 | + When I run `pro enable realtime-kernel --variant generic` `with sudo` and stdin `y\ny\n` |
3864 | + When I run `pro status --all` as non-root |
3865 | + Then stdout matches regexp: |
3866 | + """ |
3867 | + realtime-kernel yes +enabled +Ubuntu kernel with PREEMPT_RT patches integrated |
3868 | + ├ generic yes +enabled +Generic version of the RT kernel \(default\) |
3869 | + └ intel-iotg yes +disabled +RT kernel optimized for Intel IOTG platform |
3870 | + """ |
3871 | + When I run `pro enable realtime-kernel --variant intel-iotg` `with sudo` and stdin `y\ny\n` |
3872 | + When I run `pro status --all` as non-root |
3873 | + Then stdout matches regexp: |
3874 | + """ |
3875 | + realtime-kernel yes +enabled +Ubuntu kernel with PREEMPT_RT patches integrated |
3876 | + ├ generic yes +disabled +Generic version of the RT kernel \(default\) |
3877 | + └ intel-iotg yes +enabled +RT kernel optimized for Intel IOTG platform |
3878 | + """ |
3879 | + When I verify that running `pro enable realtime-kernel` `with sudo` exits `1` |
3880 | + Then stdout contains substring: |
3881 | + """ |
3882 | + Real-time kernel is already enabled. |
3883 | + """ |
3884 | + When I run `pro disable realtime-kernel --assume-yes` with sudo |
3885 | + When I run `apt-cache policy hello` as non-root |
3886 | + Then stdout contains substring: |
3887 | + """ |
3888 | + Installed: (none) |
3889 | + """ |
3890 | + |
3891 | + # Test multiple variants |
3892 | + When I set the machine token overlay to the following yaml |
3893 | + """ |
3894 | + machineTokenInfo: |
3895 | + contractInfo: |
3896 | + resourceEntitlements: |
3897 | + - type: realtime-kernel |
3898 | + overrides: |
3899 | + - directives: |
3900 | + additionalPackages: |
3901 | + - nvidia-prime |
3902 | + selector: |
3903 | + variant: nvidia-tegra |
3904 | + - directives: |
3905 | + additionalPackages: |
3906 | + - ubuntu-intel-iot-realtime |
3907 | + selector: |
3908 | + variant: intel-iotg |
3909 | + affordances: |
3910 | + platformChecks: {"cpu_vendor_ids": ["intel"]} |
3911 | + """ |
3912 | + When I run `pro enable realtime-kernel --variant nvidia-tegra` `with sudo` and stdin `y` |
3913 | + Then stdout matches regexp: |
3914 | + """ |
3915 | + One moment, checking your subscription first |
3916 | + The Real-time kernel is an Ubuntu kernel with PREEMPT_RT patches integrated. |
3917 | + |
3918 | + .*This will change your kernel. To revert to your original kernel, you will need |
3919 | + to make the change manually..* |
3920 | + |
3921 | + Do you want to continue\? \[ default = Yes \]: \(Y/n\) Updating package lists |
3922 | + Installing Real-time NVIDIA Tegra Kernel packages |
3923 | + Real-time NVIDIA Tegra Kernel enabled |
3924 | + """ |
3925 | + When I run `pro status` as non-root |
3926 | + Then stdout matches regexp: |
3927 | + """ |
3928 | + realtime-kernel\* yes +enabled +Ubuntu kernel with PREEMPT_RT patches integrated |
3929 | + usg +yes +disabled +Security compliance and audit tools |
3930 | + |
3931 | + \* Service has variants |
3932 | + """ |
3933 | + Then stdout contains substring: |
3934 | + """ |
3935 | + For a list of all Ubuntu Pro services and variants, run 'pro status --all' |
3936 | + """ |
3937 | + When I run `pro status --all` as non-root |
3938 | + Then stdout matches regexp: |
3939 | + """ |
3940 | + realtime-kernel yes +enabled +Ubuntu kernel with PREEMPT_RT patches integrated |
3941 | + ├ generic yes +disabled +Generic version of the RT kernel \(default\) |
3942 | + ├ intel-iotg yes +disabled +RT kernel optimized for Intel IOTG platform |
3943 | + └ nvidia-tegra yes +enabled +RT kernel optimized for NVIDIA Tegra platform |
3944 | + """ |
3945 | + When I verify that running `pro enable realtime-kernel --variant intel-iotg` `with sudo` and stdin `N` exits `1` |
3946 | + Then stdout matches regexp: |
3947 | + """ |
3948 | + Real-time Intel IOTG Kernel cannot be enabled with Real-time NVIDIA Tegra Kernel. |
3949 | + Disable Real-time NVIDIA Tegra Kernel and proceed to enable Real-time Intel IOTG Kernel\? \(y/N\) |
3950 | + """ |
3951 | + And stdout matches regexp: |
3952 | + """ |
3953 | + Cannot enable Real-time Intel IOTG Kernel when Real-time NVIDIA Tegra Kernel is enabled. |
3954 | + """ |
3955 | + When I run `pro help realtime-kernel` as non-root |
3956 | + Then I will see the following on stdout: |
3957 | + """ |
3958 | + Name: |
3959 | + realtime-kernel |
3960 | + |
3961 | + Entitled: |
3962 | + yes |
3963 | + |
3964 | + Status: |
3965 | + enabled |
3966 | + |
3967 | + Help: |
3968 | + The Real-time kernel is an Ubuntu kernel with PREEMPT_RT patches integrated. |
3969 | + It services latency-dependent use cases by providing deterministic response times. |
3970 | + The Real-time kernel meets stringent preemption specifications and is suitable for |
3971 | + telco applications and dedicated devices in industrial automation and robotics. |
3972 | + The Real-time kernel is currently incompatible with FIPS and Livepatch. |
3973 | + |
3974 | + Variants: |
3975 | + |
3976 | + * generic: Generic version of the RT kernel (default) |
3977 | + * intel-iotg: RT kernel optimized for Intel IOTG platform |
3978 | + * nvidia-tegra: RT kernel optimized for NVIDIA Tegra platform |
3979 | + """ |
3980 | + When I run `pro disable realtime-kernel` `with sudo` and stdin `y` |
3981 | + Then stdout matches regexp: |
3982 | + """ |
3983 | + This will remove the boot order preference for the Real-time kernel and |
3984 | + disable updates to the Real-time kernel. |
3985 | + |
3986 | + This will NOT fully remove the kernel from your system. |
3987 | + |
3988 | + After this operation is complete you must: |
3989 | + - Ensure a different kernel is installed and configured to boot |
3990 | + - Reboot into that kernel |
3991 | + - Fully remove the realtime kernel packages from your system |
3992 | + - This might look something like `apt remove linux\*realtime`, |
3993 | + but you must ensure this is correct before running it. |
3994 | + """ |
3995 | + When I run `pro status` as non-root |
3996 | + Then stdout matches regexp: |
3997 | + """ |
3998 | + realtime-kernel\* +yes +disabled +Ubuntu kernel with PREEMPT_RT patches integrated |
3999 | + """ |
4000 | + When I run `pro status --all` as non-root |
4001 | + Then stdout matches regexp: |
4002 | + """ |
4003 | + realtime-kernel yes +disabled +Ubuntu kernel with PREEMPT_RT patches integrated |
4004 | + ├ generic yes +disabled +Generic version of the RT kernel \(default\) |
4005 | + ├ intel-iotg yes +disabled +RT kernel optimized for Intel IOTG platform |
4006 | + └ nvidia-tegra yes +disabled +RT kernel optimized for NVIDIA Tegra platform |
4007 | + """ |
4008 | + When I verify that running `pro enable realtime-kernel --variant nonexistent` `with sudo` exits `1` |
4009 | + Then I will see the following on stdout: |
4010 | + """ |
4011 | + One moment, checking your subscription first |
4012 | + could not find entitlement named "nonexistent" |
4013 | + """ |
4014 | + When I run `pro detach --assume-yes` with sudo |
4015 | + And I run `pro status` as non-root |
4016 | + Then stdout matches regexp: |
4017 | + """ |
4018 | + realtime-kernel +yes +Ubuntu kernel with PREEMPT_RT patches integrated |
4019 | + """ |
4020 | + When I run `pro status --all` as non-root |
4021 | + Then stdout matches regexp: |
4022 | + """ |
4023 | + realtime-kernel +yes +Ubuntu kernel with PREEMPT_RT patches integrated |
4024 | + """ |
4025 | + And stdout does not match regexp: |
4026 | + """ |
4027 | + nvidia-tegra |
4028 | + """ |
4029 | + And stdout does not match regexp: |
4030 | + """ |
4031 | + intel-iotg |
4032 | + """ |
4033 | |
4034 | Examples: ubuntu release |
4035 | | release | |
4036 | diff --git a/features/reboot_cmds.feature b/features/reboot_cmds.feature |
4037 | new file mode 100644 |
4038 | index 0000000..13548b8 |
4039 | --- /dev/null |
4040 | +++ b/features/reboot_cmds.feature |
4041 | @@ -0,0 +1,48 @@ |
4042 | +@uses.config.contract_token |
4043 | +Feature: Reboot Commands |
4044 | + |
4045 | + @series.focal |
4046 | + @uses.config.machine_type.lxd.container |
4047 | + Scenario Outline: reboot-cmds removes fips package holds and updates packages |
4048 | + Given a `<release>` machine with ubuntu-advantage-tools installed |
4049 | + When I attach `contract_token` with sudo |
4050 | + When I run `apt install -y strongswan` with sudo |
4051 | + When I run `pro enable fips --assume-yes` with sudo |
4052 | + When I reboot the machine |
4053 | + When I run `pro status` with sudo |
4054 | + Then stdout matches regexp: |
4055 | + """ |
4056 | + fips +yes +enabled |
4057 | + """ |
4058 | + When I run `apt install -y --allow-downgrades strongswan=<old_version>` with sudo |
4059 | + When I run `apt-mark hold strongswan` with sudo |
4060 | + When I run `dpkg-reconfigure ubuntu-advantage-tools` with sudo |
4061 | + When I run `pro status` with sudo |
4062 | + Then stdout matches regexp: |
4063 | + """ |
4064 | + NOTICES |
4065 | + Reboot to FIPS kernel required |
4066 | + """ |
4067 | + When I reboot the machine |
4068 | + And I verify that running `systemctl status ua-reboot-cmds.service` `as non-root` exits `0,3` |
4069 | + Then stdout matches regexp: |
4070 | + """ |
4071 | + .*status=0\/SUCCESS.* |
4072 | + """ |
4073 | + When I run `pro status` with sudo |
4074 | + Then stdout does not match regexp: |
4075 | + """ |
4076 | + NOTICES |
4077 | + """ |
4078 | + When I run `apt-mark showholds` with sudo |
4079 | + Then I will see the following on stdout: |
4080 | + """ |
4081 | + """ |
4082 | + When I run `apt policy strongswan` with sudo |
4083 | + Then stdout contains substring: |
4084 | + """ |
4085 | + *** <new_version> 1001 |
4086 | + """ |
4087 | + Examples: ubuntu release |
4088 | + | release | old_version | new_version | |
4089 | + | focal | 5.8.2-1ubuntu3.5 | 5.8.2-1ubuntu3.fips.3.1.2 | |
4090 | diff --git a/features/retry_auto_attach.feature b/features/retry_auto_attach.feature |
4091 | index 84540ef..68db599 100644 |
4092 | --- a/features/retry_auto_attach.feature |
4093 | +++ b/features/retry_auto_attach.feature |
4094 | @@ -190,7 +190,8 @@ Feature: auto-attach retries periodically on failures |
4095 | """ |
4096 | Active: inactive (dead) |
4097 | """ |
4098 | - When I run `run-parts /etc/update-motd.d/` with sudo |
4099 | + # Workaround for livepatch issue LP #2015585 |
4100 | + Then I verify that running `run-parts /etc/update-motd.d/` `with sudo` exits `0,1` |
4101 | Then stdout does not match regexp: |
4102 | """ |
4103 | Failed to automatically attach to Ubuntu Pro services |
4104 | @@ -345,7 +346,8 @@ Feature: auto-attach retries periodically on failures |
4105 | """ |
4106 | Active: inactive (dead) |
4107 | """ |
4108 | - When I run `run-parts /etc/update-motd.d/` with sudo |
4109 | + # Workaround for livepatch issue LP #2015585 |
4110 | + Then I verify that running `run-parts /etc/update-motd.d/` `with sudo` exits `0,1` |
4111 | Then stdout does not match regexp: |
4112 | """ |
4113 | Failed to automatically attach to Ubuntu Pro services |
4114 | diff --git a/features/security_status.feature b/features/security_status.feature |
4115 | index 1ee472c..a27fe5b 100644 |
4116 | --- a/features/security_status.feature |
4117 | +++ b/features/security_status.feature |
4118 | @@ -136,10 +136,10 @@ Feature: Security status command behavior |
4119 | This machine is NOT attached to an Ubuntu Pro subscription. |
4120 | |
4121 | Ubuntu Pro with 'esm-infra' enabled provides security updates for |
4122 | - Main/Restricted packages until 2026 and has \d+ pending security update[s]?\. |
4123 | + Main/Restricted packages until 2026\. There (is|are) \d+ pending security update[s]?\. |
4124 | |
4125 | Ubuntu Pro with 'esm-apps' enabled provides security updates for |
4126 | - Universe/Multiverse packages until 2026 and has \d+ pending security update[s]?\. |
4127 | + Universe/Multiverse packages until 2026\. There (is|are) \d+ pending security update[s]?\. |
4128 | |
4129 | Try Ubuntu Pro with a free personal subscription on up to 5 machines. |
4130 | Learn more at https://ubuntu.com/pro |
4131 | @@ -155,17 +155,18 @@ Feature: Security status command behavior |
4132 | and esm-infra is not enabled. |
4133 | |
4134 | Ubuntu Pro with 'esm-infra' enabled provides security updates for |
4135 | - Main/Restricted packages until 2026 and has \d+ pending security update[s]?\. |
4136 | + Main/Restricted packages until 2026\. There (is|are) \d+ pending security update[s]?\. |
4137 | |
4138 | Run 'pro help esm-infra' to learn more |
4139 | |
4140 | - Package names in .*bold.* currently have an available update |
4141 | - with 'esm-infra' enabled |
4142 | - Packages: |
4143 | + Installed packages with an available esm-infra update: |
4144 | + (.|\n)+ |
4145 | + |
4146 | + Further installed packages covered by esm-infra: |
4147 | (.|\n)+ |
4148 | |
4149 | For example, run: |
4150 | - apt-cache policy .+ |
4151 | + apt-cache show .+ |
4152 | to learn more about that package\. |
4153 | """ |
4154 | When I verify root and non-root `pro security-status --esm-apps` calls have the same output |
4155 | @@ -176,17 +177,18 @@ Feature: Security status command behavior |
4156 | +\d+ package[s]? from Ubuntu Universe/Multiverse repository |
4157 | |
4158 | Ubuntu Pro with 'esm-apps' enabled provides security updates for |
4159 | - Universe/Multiverse packages until 2026 and has \d+ pending security update[s]?\. |
4160 | + Universe/Multiverse packages until 2026\. There (is|are) \d+ pending security update[s]?\. |
4161 | |
4162 | Run 'pro help esm-apps' to learn more |
4163 | |
4164 | - Package names in .*bold.* currently have an available update |
4165 | - with 'esm-apps' enabled |
4166 | - Packages: |
4167 | + Installed packages with an available esm-apps update: |
4168 | + (.|\n)+ |
4169 | + |
4170 | + Further installed packages covered by esm-apps: |
4171 | (.|\n)+ |
4172 | |
4173 | For example, run: |
4174 | - apt-cache policy .+ |
4175 | + apt-cache show .+ |
4176 | to learn more about that package\. |
4177 | """ |
4178 | When I attach `contract_token` with sudo |
4179 | @@ -207,10 +209,10 @@ Feature: Security status command behavior |
4180 | This machine is attached to an Ubuntu Pro subscription. |
4181 | |
4182 | Main/Restricted packages are receiving security updates from |
4183 | - Ubuntu Pro with 'esm-infra' enabled until 2026\. |
4184 | + Ubuntu Pro with 'esm-infra' enabled until 2026\. There (is|are) \d+ pending security update[s]?\. |
4185 | |
4186 | Universe/Multiverse packages are receiving security updates from |
4187 | - Ubuntu Pro with 'esm-apps' enabled until 2026\. |
4188 | + Ubuntu Pro with 'esm-apps' enabled until 2026\. There (is|are) \d+ pending security update[s]?\. |
4189 | """ |
4190 | When I verify root and non-root `pro security-status --esm-infra` calls have the same output |
4191 | And I run `pro security-status --esm-infra` as non-root |
4192 | @@ -220,17 +222,18 @@ Feature: Security status command behavior |
4193 | +\d+ packages from Ubuntu Main/Restricted repository |
4194 | |
4195 | Main/Restricted packages are receiving security updates from |
4196 | - Ubuntu Pro with 'esm-infra' enabled until 2026\. |
4197 | + Ubuntu Pro with 'esm-infra' enabled until 2026\. There (is|are) \d+ pending security update[s]?\. |
4198 | |
4199 | Run 'pro help esm-infra' to learn more |
4200 | |
4201 | - Package names in .*bold.* currently have an available update |
4202 | - with 'esm-infra' enabled |
4203 | - Packages: |
4204 | + Installed packages with an available esm-infra update: |
4205 | + (.|\n)+ |
4206 | + |
4207 | + Further installed packages covered by esm-infra: |
4208 | (.|\n)+ |
4209 | |
4210 | For example, run: |
4211 | - apt-cache policy .+ |
4212 | + apt-cache show .+ |
4213 | to learn more about that package\. |
4214 | """ |
4215 | When I verify root and non-root `pro security-status --esm-apps` calls have the same output |
4216 | @@ -241,17 +244,18 @@ Feature: Security status command behavior |
4217 | +\d+ package[s]? from Ubuntu Universe/Multiverse repository |
4218 | |
4219 | Universe/Multiverse packages are receiving security updates from |
4220 | - Ubuntu Pro with 'esm-apps' enabled until 2026\. |
4221 | + Ubuntu Pro with 'esm-apps' enabled until 2026\. There (is|are) \d+ pending security update[s]?\. |
4222 | |
4223 | Run 'pro help esm-apps' to learn more |
4224 | |
4225 | - Package names in .*bold.* currently have an available update |
4226 | - with 'esm-apps' enabled |
4227 | - Packages: |
4228 | + Installed packages with an available esm-apps update: |
4229 | + (.|\n)+ |
4230 | + |
4231 | + Further installed packages covered by esm-apps: |
4232 | (.|\n)+ |
4233 | |
4234 | For example, run: |
4235 | - apt-cache policy .+ |
4236 | + apt-cache show .+ |
4237 | to learn more about that package\. |
4238 | """ |
4239 | When I run `apt upgrade -y` with sudo |
4240 | @@ -300,10 +304,12 @@ Feature: Security status command behavior |
4241 | |
4242 | Ubuntu Pro with 'esm-infra' enabled provides security updates for |
4243 | Main/Restricted packages until 2026. |
4244 | + |
4245 | Enable esm-infra with: pro enable esm-infra |
4246 | |
4247 | Ubuntu Pro with 'esm-apps' enabled provides security updates for |
4248 | Universe/Multiverse packages until 2026. |
4249 | + |
4250 | Enable esm-apps with: pro enable esm-apps |
4251 | """ |
4252 | When I verify root and non-root `pro security-status --thirdparty` calls have the same output |
4253 | @@ -320,7 +326,7 @@ Feature: Security status command behavior |
4254 | (.|\n)+ |
4255 | |
4256 | For example, run: |
4257 | - apt-cache policy .+ |
4258 | + apt-cache show .+ |
4259 | to learn more about that package\. |
4260 | """ |
4261 | When I verify root and non-root `pro security-status --unavailable` calls have the same output |
4262 | @@ -338,7 +344,7 @@ Feature: Security status command behavior |
4263 | (.|\n)+ |
4264 | |
4265 | For example, run: |
4266 | - apt-cache policy .+ |
4267 | + apt-cache show .+ |
4268 | to learn more about that package\. |
4269 | """ |
4270 | When I verify root and non-root `pro security-status --esm-infra` calls have the same output |
4271 | @@ -356,14 +362,8 @@ Feature: Security status command behavior |
4272 | |
4273 | Run 'pro help esm-infra' to learn more |
4274 | |
4275 | - Package names in .*bold.* currently have an available update |
4276 | - with 'esm-infra' enabled |
4277 | - Packages: |
4278 | + Installed packages covered by esm-infra: |
4279 | (.|\n)+ |
4280 | - |
4281 | - For example, run: |
4282 | - apt-cache policy .+ |
4283 | - to learn more about that package\. |
4284 | """ |
4285 | When I verify root and non-root `pro security-status --esm-apps` calls have the same output |
4286 | And I run `pro security-status --esm-apps` as non-root |
4287 | @@ -377,14 +377,8 @@ Feature: Security status command behavior |
4288 | |
4289 | Run 'pro help esm-apps' to learn more |
4290 | |
4291 | - Package names in .*bold.* currently have an available update |
4292 | - with 'esm-apps' enabled |
4293 | - Packages: |
4294 | + Installed packages covered by esm-apps: |
4295 | (.|\n)+ |
4296 | - |
4297 | - For example, run: |
4298 | - apt-cache policy .+ |
4299 | - to learn more about that package\. |
4300 | """ |
4301 | When I verify that running `pro security-status --thirdparty --unavailable` `as non-root` exits `2` |
4302 | Then I will see the following on stderr |
4303 | @@ -393,6 +387,70 @@ Feature: Security status command behavior |
4304 | [--thirdparty | --unavailable | --esm-infra | --esm-apps] |
4305 | argument --unavailable: not allowed with argument --thirdparty |
4306 | """ |
4307 | + When I run `rm /var/lib/apt/periodic/update-success-stamp` with sudo |
4308 | + And I run `pro security-status` as non-root |
4309 | + Then stdout matches regexp: |
4310 | + """ |
4311 | + \d+ packages installed: |
4312 | + +\d+ package[s]? from Ubuntu Main/Restricted repository |
4313 | + +\d+ package[s]? from Ubuntu Universe/Multiverse repository |
4314 | + +\d+ package[s]? from a third party |
4315 | + +\d+ package[s]? no longer available for download |
4316 | + |
4317 | + To get more information about the packages, run |
4318 | + pro security-status --help |
4319 | + for a list of available options\. |
4320 | + |
4321 | + The system apt cache may be outdated\. Make sure to run |
4322 | + sudo apt-get update |
4323 | + to get the latest package information from apt\. |
4324 | + |
4325 | + This machine is NOT receiving security patches because the LTS period has ended |
4326 | + and esm-infra is not enabled. |
4327 | + This machine is attached to an Ubuntu Pro subscription. |
4328 | + |
4329 | + Ubuntu Pro with 'esm-infra' enabled provides security updates for |
4330 | + Main/Restricted packages until 2026. |
4331 | + |
4332 | + Enable esm-infra with: pro enable esm-infra |
4333 | + |
4334 | + Ubuntu Pro with 'esm-apps' enabled provides security updates for |
4335 | + Universe/Multiverse packages until 2026. |
4336 | + |
4337 | + Enable esm-apps with: pro enable esm-apps |
4338 | + """ |
4339 | + When I run `touch -d '-2 days' /var/lib/apt/periodic/update-success-stamp` with sudo |
4340 | + And I run `pro security-status` as non-root |
4341 | + Then stdout matches regexp: |
4342 | + """ |
4343 | + \d+ packages installed: |
4344 | + +\d+ package[s]? from Ubuntu Main/Restricted repository |
4345 | + +\d+ package[s]? from Ubuntu Universe/Multiverse repository |
4346 | + +\d+ package[s]? from a third party |
4347 | + +\d+ package[s]? no longer available for download |
4348 | + |
4349 | + To get more information about the packages, run |
4350 | + pro security-status --help |
4351 | + for a list of available options\. |
4352 | + |
4353 | + The system apt information was updated 2 day\(s\) ago\. Make sure to run |
4354 | + sudo apt-get update |
4355 | + to get the latest package information from apt\. |
4356 | + |
4357 | + This machine is NOT receiving security patches because the LTS period has ended |
4358 | + and esm-infra is not enabled. |
4359 | + This machine is attached to an Ubuntu Pro subscription. |
4360 | + |
4361 | + Ubuntu Pro with 'esm-infra' enabled provides security updates for |
4362 | + Main/Restricted packages until 2026. |
4363 | + |
4364 | + Enable esm-infra with: pro enable esm-infra |
4365 | + |
4366 | + Ubuntu Pro with 'esm-apps' enabled provides security updates for |
4367 | + Universe/Multiverse packages until 2026. |
4368 | + |
4369 | + Enable esm-apps with: pro enable esm-apps |
4370 | + """ |
4371 | |
4372 | @series.focal |
4373 | @uses.config.machine_type.lxd.container |
4374 | @@ -423,7 +481,7 @@ Feature: Security status command behavior |
4375 | Main/Restricted packages until 2030. |
4376 | |
4377 | Ubuntu Pro with 'esm-apps' enabled provides security updates for |
4378 | - Universe/Multiverse packages until 2030 and has \d+ pending security update[s]?\. |
4379 | + Universe/Multiverse packages until 2030\. There (is|are) \d+ pending security update[s]?\. |
4380 | |
4381 | Try Ubuntu Pro with a free personal subscription on up to 5 machines. |
4382 | Learn more at https://ubuntu.com/pro |
4383 | @@ -451,17 +509,18 @@ Feature: Security status command behavior |
4384 | +\d+ package[s]? from Ubuntu Universe/Multiverse repository |
4385 | |
4386 | Ubuntu Pro with 'esm-apps' enabled provides security updates for |
4387 | - Universe/Multiverse packages until 2030 and has \d+ pending security update[s]?\. |
4388 | + Universe/Multiverse packages until 2030\. There (is|are) \d+ pending security update[s]?\. |
4389 | |
4390 | Run 'pro help esm-apps' to learn more |
4391 | |
4392 | - Package names in .*bold.* currently have an available update |
4393 | - with 'esm-apps' enabled |
4394 | - Packages: |
4395 | + Installed packages with an available esm-apps update: |
4396 | + (.|\n)+ |
4397 | + |
4398 | + Further installed packages covered by esm-apps: |
4399 | (.|\n)+ |
4400 | |
4401 | For example, run: |
4402 | - apt-cache policy .+ |
4403 | + apt-cache show .+ |
4404 | to learn more about that package\. |
4405 | """ |
4406 | When I attach `contract_token` with sudo |
4407 | @@ -485,7 +544,7 @@ Feature: Security status command behavior |
4408 | Ubuntu Pro with 'esm-infra' enabled until 2030. |
4409 | |
4410 | Universe/Multiverse packages are receiving security updates from |
4411 | - Ubuntu Pro with 'esm-apps' enabled until 2030\. |
4412 | + Ubuntu Pro with 'esm-apps' enabled until 2030\. There (is|are) \d+ pending security update[s]?\. |
4413 | """ |
4414 | When I verify root and non-root `pro security-status --esm-infra` calls have the same output |
4415 | And I run `pro security-status --esm-infra` as non-root |
4416 | @@ -507,17 +566,18 @@ Feature: Security status command behavior |
4417 | +\d+ package[s]? from Ubuntu Universe/Multiverse repository |
4418 | |
4419 | Universe/Multiverse packages are receiving security updates from |
4420 | - Ubuntu Pro with 'esm-apps' enabled until 2030\. |
4421 | + Ubuntu Pro with 'esm-apps' enabled until 2030\. There (is|are) \d+ pending security update[s]?\. |
4422 | |
4423 | Run 'pro help esm-apps' to learn more |
4424 | |
4425 | - Package names in .*bold.* currently have an available update |
4426 | - with 'esm-apps' enabled |
4427 | - Packages: |
4428 | + Installed packages with an available esm-apps update: |
4429 | + (.|\n)+ |
4430 | + |
4431 | + Further installed packages covered by esm-apps: |
4432 | (.|\n)+ |
4433 | |
4434 | For example, run: |
4435 | - apt-cache policy .+ |
4436 | + apt-cache show .+ |
4437 | to learn more about that package\. |
4438 | """ |
4439 | When I run `apt upgrade -y` with sudo |
4440 | @@ -565,10 +625,12 @@ Feature: Security status command behavior |
4441 | |
4442 | Ubuntu Pro with 'esm-infra' enabled provides security updates for |
4443 | Main/Restricted packages until 2030. |
4444 | + |
4445 | Enable esm-infra with: pro enable esm-infra |
4446 | |
4447 | Ubuntu Pro with 'esm-apps' enabled provides security updates for |
4448 | Universe/Multiverse packages until 2030. |
4449 | + |
4450 | Enable esm-apps with: pro enable esm-apps |
4451 | """ |
4452 | When I verify root and non-root `pro security-status --thirdparty` calls have the same output |
4453 | @@ -585,7 +647,7 @@ Feature: Security status command behavior |
4454 | (.|\n)+ |
4455 | |
4456 | For example, run: |
4457 | - apt-cache policy .+ |
4458 | + apt-cache show .+ |
4459 | to learn more about that package\. |
4460 | """ |
4461 | When I verify root and non-root `pro security-status --unavailable` calls have the same output |
4462 | @@ -603,7 +665,7 @@ Feature: Security status command behavior |
4463 | (.|\n)+ |
4464 | |
4465 | For example, run: |
4466 | - apt-cache policy .+ |
4467 | + apt-cache show .+ |
4468 | to learn more about that package\. |
4469 | """ |
4470 | When I verify root and non-root `pro security-status --esm-infra` calls have the same output |
4471 | @@ -633,14 +695,8 @@ Feature: Security status command behavior |
4472 | |
4473 | Run 'pro help esm-apps' to learn more |
4474 | |
4475 | - Package names in .*bold.* currently have an available update |
4476 | - with 'esm-apps' enabled |
4477 | - Packages: |
4478 | + Installed packages covered by esm-apps: |
4479 | (.|\n)+ |
4480 | - |
4481 | - For example, run: |
4482 | - apt-cache policy .+ |
4483 | - to learn more about that package\. |
4484 | """ |
4485 | When I verify that running `pro security-status --thirdparty --unavailable` `as non-root` exits `2` |
4486 | Then I will see the following on stderr |
4487 | @@ -649,6 +705,70 @@ Feature: Security status command behavior |
4488 | [--thirdparty | --unavailable | --esm-infra | --esm-apps] |
4489 | argument --unavailable: not allowed with argument --thirdparty |
4490 | """ |
4491 | + When I run `rm /var/lib/apt/periodic/update-success-stamp` with sudo |
4492 | + And I run `pro security-status` as non-root |
4493 | + Then stdout matches regexp: |
4494 | + """ |
4495 | + \d+ packages installed: |
4496 | + +\d+ package[s]? from Ubuntu Main/Restricted repository |
4497 | + +\d+ package[s]? from Ubuntu Universe/Multiverse repository |
4498 | + +\d+ package[s]? from a third party |
4499 | + +\d+ package[s]? no longer available for download |
4500 | + |
4501 | + To get more information about the packages, run |
4502 | + pro security-status --help |
4503 | + for a list of available options\. |
4504 | + |
4505 | + The system apt cache may be outdated\. Make sure to run |
4506 | + sudo apt-get update |
4507 | + to get the latest package information from apt\. |
4508 | + |
4509 | + This machine is receiving security patching for Ubuntu Main/Restricted |
4510 | + repository until 2025. |
4511 | + This machine is attached to an Ubuntu Pro subscription. |
4512 | + |
4513 | + Ubuntu Pro with 'esm-infra' enabled provides security updates for |
4514 | + Main/Restricted packages until 2030. |
4515 | + |
4516 | + Enable esm-infra with: pro enable esm-infra |
4517 | + |
4518 | + Ubuntu Pro with 'esm-apps' enabled provides security updates for |
4519 | + Universe/Multiverse packages until 2030. |
4520 | + |
4521 | + Enable esm-apps with: pro enable esm-apps |
4522 | + """ |
4523 | + When I run `touch -d '-2 days' /var/lib/apt/periodic/update-success-stamp` with sudo |
4524 | + And I run `pro security-status` as non-root |
4525 | + Then stdout matches regexp: |
4526 | + """ |
4527 | + \d+ packages installed: |
4528 | + +\d+ package[s]? from Ubuntu Main/Restricted repository |
4529 | + +\d+ package[s]? from Ubuntu Universe/Multiverse repository |
4530 | + +\d+ package[s]? from a third party |
4531 | + +\d+ package[s]? no longer available for download |
4532 | + |
4533 | + To get more information about the packages, run |
4534 | + pro security-status --help |
4535 | + for a list of available options\. |
4536 | + |
4537 | + The system apt information was updated 2 day\(s\) ago\. Make sure to run |
4538 | + sudo apt-get update |
4539 | + to get the latest package information from apt\. |
4540 | + |
4541 | + This machine is receiving security patching for Ubuntu Main/Restricted |
4542 | + repository until 2025. |
4543 | + This machine is attached to an Ubuntu Pro subscription. |
4544 | + |
4545 | + Ubuntu Pro with 'esm-infra' enabled provides security updates for |
4546 | + Main/Restricted packages until 2030. |
4547 | + |
4548 | + Enable esm-infra with: pro enable esm-infra |
4549 | + |
4550 | + Ubuntu Pro with 'esm-apps' enabled provides security updates for |
4551 | + Universe/Multiverse packages until 2030. |
4552 | + |
4553 | + Enable esm-apps with: pro enable esm-apps |
4554 | + """ |
4555 | |
4556 | @series.kinetic |
4557 | @uses.config.machine_type.lxd.container |
4558 | @@ -695,3 +815,47 @@ Feature: Security status command behavior |
4559 | |
4560 | Ubuntu Pro is not available for non-LTS releases\. |
4561 | """ |
4562 | + When I run `rm /var/lib/apt/periodic/update-success-stamp` with sudo |
4563 | + And I run `pro security-status` as non-root |
4564 | + Then stdout matches regexp: |
4565 | + """ |
4566 | + \d+ packages installed: |
4567 | + +\d+ packages from Ubuntu Main/Restricted repository |
4568 | + +\d+ package[s]? from Ubuntu Universe/Multiverse repository |
4569 | + +\d+ package[s]? from a third party |
4570 | + +\d+ package[s]? no longer available for download |
4571 | + |
4572 | + To get more information about the packages, run |
4573 | + pro security-status --help |
4574 | + for a list of available options\. |
4575 | + |
4576 | + The system apt cache may be outdated\. Make sure to run |
4577 | + sudo apt-get update |
4578 | + to get the latest package information from apt\. |
4579 | + |
4580 | + Main/Restricted packages receive updates until 7/2023\. |
4581 | + |
4582 | + Ubuntu Pro is not available for non-LTS releases\. |
4583 | + """ |
4584 | + When I run `touch -d '-2 days' /var/lib/apt/periodic/update-success-stamp` with sudo |
4585 | + And I run `pro security-status` as non-root |
4586 | + Then stdout matches regexp: |
4587 | + """ |
4588 | + \d+ packages installed: |
4589 | + +\d+ packages from Ubuntu Main/Restricted repository |
4590 | + +\d+ package[s]? from Ubuntu Universe/Multiverse repository |
4591 | + +\d+ package[s]? from a third party |
4592 | + +\d+ package[s]? no longer available for download |
4593 | + |
4594 | + To get more information about the packages, run |
4595 | + pro security-status --help |
4596 | + for a list of available options\. |
4597 | + |
4598 | + The system apt information was updated 2 day\(s\) ago\. Make sure to run |
4599 | + sudo apt-get update |
4600 | + to get the latest package information from apt\. |
4601 | + |
4602 | + Main/Restricted packages receive updates until 7/2023\. |
4603 | + |
4604 | + Ubuntu Pro is not available for non-LTS releases\. |
4605 | + """ |
4606 | diff --git a/features/steps/airgap.py b/features/steps/airgap.py |
4607 | index 004f875..85f2ddf 100644 |
4608 | --- a/features/steps/airgap.py |
4609 | +++ b/features/steps/airgap.py |
4610 | @@ -10,7 +10,7 @@ from features.steps.shell import when_i_run_command |
4611 | |
4612 | @when("I download the service credentials on the `{machine_name}` machine") |
4613 | def download_service_credentials(context, machine_name): |
4614 | - token = context.config.contract_token |
4615 | + token = context.pro_config.contract_token |
4616 | when_i_run_command( |
4617 | context, |
4618 | "get-resource-tokens {}".format(token), |
4619 | @@ -112,7 +112,7 @@ def serve_apt_mirror(context, service, port, machine_name): |
4620 | "I create the contract config overrides file for `{service_list}` on the `{machine_name}` machine" # noqa |
4621 | ) |
4622 | def create_contract_overrides(context, service_list, machine_name): |
4623 | - token = context.config.contract_token |
4624 | + token = context.pro_config.contract_token |
4625 | config_override = {token: {}} # type: Dict[str, Any] |
4626 | |
4627 | for service in service_list.split(","): |
4628 | diff --git a/features/steps/attach.py b/features/steps/attach.py |
4629 | index ad6d7de..921bbc4 100644 |
4630 | --- a/features/steps/attach.py |
4631 | +++ b/features/steps/attach.py |
4632 | @@ -23,7 +23,7 @@ def when_i_attach_staging_token_with_options( |
4633 | def when_i_attach_staging_token( |
4634 | context, token_type, user_spec, verify_return=True, options="" |
4635 | ): |
4636 | - token = getattr(context.config, token_type) |
4637 | + token = getattr(context.pro_config, token_type) |
4638 | if ( |
4639 | token_type == "contract_token_staging" |
4640 | or token_type == "contract_token_staging_expired" |
4641 | @@ -47,7 +47,9 @@ def when_i_attempt_to_attach_staging_token(context, token_type, user_spec): |
4642 | "I verify that running attach `{spec}` with json response exits `{exit_codes}`" # noqa |
4643 | ) |
4644 | def when_i_verify_attach_with_json_response(context, spec, exit_codes): |
4645 | - cmd = "pro attach {} --format json".format(context.config.contract_token) |
4646 | + cmd = "pro attach {} --format json".format( |
4647 | + context.pro_config.contract_token |
4648 | + ) |
4649 | then_i_verify_that_running_cmd_with_spec_exits_with_codes( |
4650 | context=context, cmd_name=cmd, spec=spec, exit_codes=exit_codes |
4651 | ) |
4652 | @@ -59,7 +61,7 @@ def when_i_verify_attach_with_json_response(context, spec, exit_codes): |
4653 | def when_i_verify_attach_expired_token_with_json_response(context, spec): |
4654 | change_contract_endpoint_to_staging(context, user_spec="with sudo") |
4655 | cmd = "pro attach {} --format json".format( |
4656 | - context.config.contract_token_staging_expired |
4657 | + context.pro_config.contract_token_staging_expired |
4658 | ) |
4659 | then_i_verify_that_running_cmd_with_spec_exits_with_codes( |
4660 | context=context, cmd_name=cmd, spec=spec, exit_codes=ERROR_CODE |
4661 | diff --git a/features/steps/files.py b/features/steps/files.py |
4662 | index 8b34375..f4e8545 100644 |
4663 | --- a/features/steps/files.py |
4664 | +++ b/features/steps/files.py |
4665 | @@ -36,8 +36,11 @@ def when_i_add_this_text_on_file_above_line( |
4666 | ) |
4667 | |
4668 | |
4669 | +@when("I verify `{file_name}` is empty") |
4670 | @when("I verify `{file_name}` is empty on `{machine_name}` machine") |
4671 | -def when_i_verify_file_is_empty_on_machine(context, file_name, machine_name): |
4672 | +def when_i_verify_file_is_empty_on_machine( |
4673 | + context, file_name, machine_name=SUT |
4674 | +): |
4675 | command = 'sh -c "cat {} | wc -l"'.format(file_name) |
4676 | when_i_run_command( |
4677 | context, command, user_spec="with sudo", machine_name=machine_name |
4678 | @@ -97,7 +100,7 @@ def when_i_replace_string_in_file(context, original, filename, new): |
4679 | def when_i_replace_string_in_file_with_token( |
4680 | context, original, filename, token_name |
4681 | ): |
4682 | - token = getattr(context.config, token_name) |
4683 | + token = getattr(context.pro_config, token_name) |
4684 | when_i_replace_string_in_file(context, original, filename, token) |
4685 | |
4686 | |
4687 | diff --git a/features/steps/fix.py b/features/steps/fix.py |
4688 | index a799d79..a9a77fe 100644 |
4689 | --- a/features/steps/fix.py |
4690 | +++ b/features/steps/fix.py |
4691 | @@ -9,7 +9,7 @@ from features.steps.shell import when_i_run_command |
4692 | |
4693 | @when("I fix `{issue}` by attaching to a subscription with `{token_type}`") |
4694 | def when_i_fix_a_issue_by_attaching(context, issue, token_type): |
4695 | - token = getattr(context.config, token_type) |
4696 | + token = getattr(context.pro_config, token_type) |
4697 | |
4698 | if ( |
4699 | token_type == "contract_token_staging" |
4700 | @@ -40,7 +40,7 @@ def when_i_fix_a_issue_by_enabling_service(context, issue): |
4701 | |
4702 | @when("I fix `{issue}` by updating expired token") |
4703 | def when_i_fix_a_issue_by_updating_expired_token(context, issue): |
4704 | - token = getattr(context.config, "contract_token") |
4705 | + token = getattr(context.pro_config, "contract_token") |
4706 | when_i_run_command( |
4707 | context=context, |
4708 | command="pro fix {}".format(issue), |
4709 | diff --git a/features/steps/machines.py b/features/steps/machines.py |
4710 | index c06555d..4101649 100644 |
4711 | --- a/features/steps/machines.py |
4712 | +++ b/features/steps/machines.py |
4713 | @@ -40,7 +40,7 @@ def given_a_machine( |
4714 | |
4715 | inbound_ports = ports.split(",") if ports is not None else None |
4716 | |
4717 | - is_pro = "pro" in context.config.machine_type |
4718 | + is_pro = "pro" in context.pro_config.machine_type |
4719 | pro_user_data = ( |
4720 | "bootcmd:\n" |
4721 | """ - "cloud-init-per once disable-auto-attach printf '\\nfeatures: {disable_auto_attach: true}\\n' >> /etc/ubuntu-advantage/uaclient.conf"\n""" # noqa: E501 |
4722 | @@ -53,10 +53,10 @@ def given_a_machine( |
4723 | if user_data is not None: |
4724 | user_data_to_use += user_data |
4725 | |
4726 | - instance = context.config.cloud_manager.launch( |
4727 | + instance = context.pro_config.cloud_manager.launch( |
4728 | series=series, |
4729 | instance_name=instance_name, |
4730 | - ephemeral=context.config.ephemeral_instance, |
4731 | + ephemeral=context.pro_config.ephemeral_instance, |
4732 | image_name=context.snapshots.get(snapshot_name, None), |
4733 | inbound_ports=inbound_ports, |
4734 | user_data=user_data_to_use, |
4735 | @@ -69,7 +69,7 @@ def given_a_machine( |
4736 | if cleanup: |
4737 | |
4738 | def cleanup_instance(): |
4739 | - if not context.config.destroy_instances: |
4740 | + if not context.pro_config.destroy_instances: |
4741 | logging.info( |
4742 | "--- Leaving instance running: {}".format( |
4743 | context.machines[machine_name].instance.name |
4744 | @@ -92,7 +92,7 @@ def given_a_machine( |
4745 | @when("I take a snapshot of the machine") |
4746 | def when_i_take_a_snapshot(context, machine_name=SUT, cleanup=True): |
4747 | inst = context.machines[machine_name].instance |
4748 | - snapshot = context.config.cloud_manager.api.snapshot(inst) |
4749 | + snapshot = context.pro_config.cloud_manager.api.snapshot(inst) |
4750 | |
4751 | context.snapshots[machine_name] = snapshot |
4752 | |
4753 | @@ -100,7 +100,7 @@ def when_i_take_a_snapshot(context, machine_name=SUT, cleanup=True): |
4754 | |
4755 | def cleanup_snapshot() -> None: |
4756 | try: |
4757 | - context.config.cloud_manager.api.delete_image( |
4758 | + context.pro_config.cloud_manager.api.delete_image( |
4759 | context.snapshots[machine_name] |
4760 | ) |
4761 | except RuntimeError as e: |
4762 | @@ -115,13 +115,13 @@ def when_i_take_a_snapshot(context, machine_name=SUT, cleanup=True): |
4763 | |
4764 | @given("a `{series}` machine with ubuntu-advantage-tools installed") |
4765 | def given_a_sut_machine(context, series): |
4766 | - if context.config.install_from == InstallationSource.LOCAL: |
4767 | + if context.pro_config.install_from == InstallationSource.LOCAL: |
4768 | # build right away, this will cache the built debs for later use |
4769 | # building early means we catch build errors before investing in |
4770 | # launching instances |
4771 | build_debs(series) |
4772 | |
4773 | - if context.config.snapshot_strategy: |
4774 | + if context.pro_config.snapshot_strategy: |
4775 | if "builder" not in context.snapshots: |
4776 | given_a_machine( |
4777 | context, series, machine_name="builder", cleanup=False |
4778 | diff --git a/features/steps/output.py b/features/steps/output.py |
4779 | index abb1f7f..788e939 100644 |
4780 | --- a/features/steps/output.py |
4781 | +++ b/features/steps/output.py |
4782 | @@ -65,6 +65,13 @@ def then_stream_contains_substring(context, stream): |
4783 | assert_that(content, contains_string(text)) |
4784 | |
4785 | |
4786 | +@then("{stream} does not contain substring") |
4787 | +def then_stream_not_contains_substring(context, stream): |
4788 | + content = getattr(context.process, stream).strip() |
4789 | + text = process_template_vars(context, context.text) |
4790 | + assert_that(content, not_(contains_string(text))) |
4791 | + |
4792 | + |
4793 | @then("I will see the following on stderr") |
4794 | def then_i_will_see_on_stderr(context): |
4795 | text = process_template_vars(context, context.text) |
4796 | diff --git a/features/steps/packages.py b/features/steps/packages.py |
4797 | index a523706..2239e51 100644 |
4798 | --- a/features/steps/packages.py |
4799 | +++ b/features/steps/packages.py |
4800 | @@ -3,16 +3,9 @@ import re |
4801 | from behave import then, when |
4802 | from hamcrest import assert_that, contains_string, matches_regexp |
4803 | |
4804 | -from features.steps.files import when_i_create_file_with_content |
4805 | from features.steps.shell import when_i_run_command |
4806 | from features.util import SUT |
4807 | |
4808 | -APT_REPO_ENTRY = ( |
4809 | - "deb [trusted=yes] " |
4810 | - "http://proclientdummyrepo.s3-website.us-east-2.amazonaws.com/" |
4811 | - "actual_ppa/ unstable main" |
4812 | -) |
4813 | - |
4814 | |
4815 | @when("I apt install `{package_name}`") |
4816 | @when("I apt install `{package_name}` on the `{machine_name}` machine") |
4817 | @@ -108,27 +101,33 @@ def verify_packages_are_installed_from_apt_source( |
4818 | @when("I install third-party / unknown packages in the machine") |
4819 | def when_i_install_packages(context): |
4820 | # Dummy packages are installed to serve as third-party and unknown |
4821 | - # packages for the tests. They live happy and joyful lives in a s3 bucket. |
4822 | + # packages for the tests. Those packages are in Launchpad PPAs |
4823 | + # owned by the uaclient team. |
4824 | # Many APT updates just to make sure we are up to date |
4825 | |
4826 | - # Unknown package - installed directly, no external reference |
4827 | + # Unknown package - we remove the PPA afterwards so there is no |
4828 | + # external references for the deb. |
4829 | when_i_run_command( |
4830 | context, |
4831 | - ( |
4832 | - "curl -L " |
4833 | - "http://proclientdummyrepo.s3-website.us-east-2.amazonaws.com/" |
4834 | - "unknown_deb/pro-dummy-unknown_1.2.3_all.deb " |
4835 | - "-o /tmp/unknown.deb" |
4836 | - ), |
4837 | + "add-apt-repository -y ppa:ua-client/pro-client-ci-test-unknown", |
4838 | "with sudo", |
4839 | ) |
4840 | + when_i_run_command(context, "apt-get update", "with sudo") |
4841 | when_i_run_command( |
4842 | - context, "apt-get install -y /tmp/unknown.deb", "with sudo" |
4843 | + context, "apt-get install -y pro-dummy-unknown", "with sudo" |
4844 | + ) |
4845 | + # Why no remove-apt-repository? |
4846 | + when_i_run_command( |
4847 | + context, |
4848 | + "add-apt-repository -y -r ppa:ua-client/pro-client-ci-test-unknown", |
4849 | + "with sudo", |
4850 | ) |
4851 | |
4852 | # PPA to install the third-party package |
4853 | - when_i_create_file_with_content( |
4854 | - context, "/etc/apt/sources.list.d/prodummy.list", text=APT_REPO_ENTRY |
4855 | + when_i_run_command( |
4856 | + context, |
4857 | + "add-apt-repository -y ppa:ua-client/pro-client-ci-test-thirdparty", |
4858 | + "with sudo", |
4859 | ) |
4860 | when_i_run_command(context, "apt-get update", "with sudo") |
4861 | when_i_run_command( |
4862 | diff --git a/features/steps/shell.py b/features/steps/shell.py |
4863 | index aad147b..6e04988 100644 |
4864 | --- a/features/steps/shell.py |
4865 | +++ b/features/steps/shell.py |
4866 | @@ -43,10 +43,12 @@ def when_i_run_command( |
4867 | machine_name=SUT, |
4868 | ): |
4869 | command = process_template_vars(context, command) |
4870 | - |
4871 | prefix = get_command_prefix_for_user_spec(user_spec) |
4872 | - |
4873 | full_cmd = prefix + shlex.split(command) |
4874 | + |
4875 | + if stdin is not None: |
4876 | + stdin = stdin.replace("\\n", "\n") |
4877 | + |
4878 | result = context.machines[machine_name].instance.execute( |
4879 | full_cmd, stdin=stdin |
4880 | ) |
4881 | diff --git a/features/steps/status.py b/features/steps/status.py |
4882 | index 3fada5e..4c606da 100644 |
4883 | --- a/features/steps/status.py |
4884 | +++ b/features/steps/status.py |
4885 | @@ -5,7 +5,7 @@ from features.steps.shell import when_i_run_command |
4886 | |
4887 | @when("I do a preflight check for `{contract_token}` {user_spec}") |
4888 | def when_i_preflight(context, contract_token, user_spec, verify_return=True): |
4889 | - token = getattr(context.config, contract_token, "invalid_token") |
4890 | + token = getattr(context.pro_config, contract_token, "invalid_token") |
4891 | command = "pro status --simulate-with-token {}".format(token) |
4892 | if user_spec == "with the all flag": |
4893 | command += " --all" |
4894 | diff --git a/features/steps/ubuntu_advantage_tools.py b/features/steps/ubuntu_advantage_tools.py |
4895 | index 2b6bf16..827e89b 100644 |
4896 | --- a/features/steps/ubuntu_advantage_tools.py |
4897 | +++ b/features/steps/ubuntu_advantage_tools.py |
4898 | @@ -14,8 +14,8 @@ from features.util import SUT, InstallationSource, build_debs |
4899 | def when_i_install_uat(context, machine_name=SUT): |
4900 | instance = context.machines[machine_name].instance |
4901 | series = context.machines[machine_name].series |
4902 | - is_pro = "pro" in context.config.machine_type |
4903 | - if context.config.install_from is InstallationSource.ARCHIVE: |
4904 | + is_pro = "pro" in context.pro_config.machine_type |
4905 | + if context.pro_config.install_from is InstallationSource.ARCHIVE: |
4906 | instance.execute("sudo apt update") |
4907 | when_i_apt_install( |
4908 | context, "ubuntu-advantage-tools", machine_name=machine_name |
4909 | @@ -24,8 +24,8 @@ def when_i_install_uat(context, machine_name=SUT): |
4910 | when_i_apt_install( |
4911 | context, "ubuntu-advantage-pro", machine_name=machine_name |
4912 | ) |
4913 | - elif context.config.install_from is InstallationSource.PREBUILT: |
4914 | - debs_path = context.config.debs_path |
4915 | + elif context.pro_config.install_from is InstallationSource.PREBUILT: |
4916 | + debs_path = context.pro_config.debs_path |
4917 | deb_paths = [ |
4918 | os.path.join(debs_path, deb_file) |
4919 | for deb_file in os.listdir(debs_path) |
4920 | @@ -39,7 +39,7 @@ def when_i_install_uat(context, machine_name=SUT): |
4921 | context, "/tmp/behave_ua.deb", machine_name=machine_name |
4922 | ) |
4923 | instance.execute("sudo rm /tmp/behave_ua.deb") |
4924 | - elif context.config.install_from is InstallationSource.LOCAL: |
4925 | + elif context.pro_config.install_from is InstallationSource.LOCAL: |
4926 | ua_deb_path, pro_deb_path = build_debs(series) |
4927 | instance.push_file(ua_deb_path, "/tmp/behave_ua.deb") |
4928 | when_i_apt_install( |
4929 | @@ -52,7 +52,7 @@ def when_i_install_uat(context, machine_name=SUT): |
4930 | context, "/tmp/behave_ua.deb", machine_name=machine_name |
4931 | ) |
4932 | instance.execute("sudo rm /tmp/behave_ua.deb") |
4933 | - elif context.config.install_from is InstallationSource.DAILY: |
4934 | + elif context.pro_config.install_from is InstallationSource.DAILY: |
4935 | instance.execute("sudo add-apt-repository ppa:ua-client/daily") |
4936 | instance.execute("sudo apt update") |
4937 | when_i_apt_install( |
4938 | @@ -62,7 +62,7 @@ def when_i_install_uat(context, machine_name=SUT): |
4939 | when_i_apt_install( |
4940 | context, "ubuntu-advantage-pro", machine_name=machine_name |
4941 | ) |
4942 | - elif context.config.install_from is InstallationSource.STAGING: |
4943 | + elif context.pro_config.install_from is InstallationSource.STAGING: |
4944 | instance.execute("sudo add-apt-repository ppa:ua-client/staging") |
4945 | instance.execute("sudo apt update") |
4946 | when_i_apt_install( |
4947 | @@ -72,7 +72,7 @@ def when_i_install_uat(context, machine_name=SUT): |
4948 | when_i_apt_install( |
4949 | context, "ubuntu-advantage-pro", machine_name=machine_name |
4950 | ) |
4951 | - elif context.config.install_from is InstallationSource.STABLE: |
4952 | + elif context.pro_config.install_from is InstallationSource.STABLE: |
4953 | instance.execute("sudo add-apt-repository ppa:ua-client/stable") |
4954 | instance.execute("sudo apt update") |
4955 | when_i_apt_install( |
4956 | @@ -82,7 +82,7 @@ def when_i_install_uat(context, machine_name=SUT): |
4957 | when_i_apt_install( |
4958 | context, "ubuntu-advantage-pro", machine_name=machine_name |
4959 | ) |
4960 | - elif context.config.install_from is InstallationSource.PROPOSED: |
4961 | + elif context.pro_config.install_from is InstallationSource.PROPOSED: |
4962 | context.text = "deb http://archive.ubuntu.com/ubuntu/ {series}-proposed main\n".format( # noqa: E501 |
4963 | series=series |
4964 | ) |
4965 | @@ -127,9 +127,9 @@ def when_i_install_uat(context, machine_name=SUT): |
4966 | when_i_apt_install( |
4967 | context, "ubuntu-advantage-pro", machine_name=machine_name |
4968 | ) |
4969 | - elif context.config.install_from is InstallationSource.CUSTOM: |
4970 | + elif context.pro_config.install_from is InstallationSource.CUSTOM: |
4971 | instance.execute( |
4972 | - "sudo add-apt-repository {}".format(context.config.custom_ppa) |
4973 | + "sudo add-apt-repository {}".format(context.pro_config.custom_ppa) |
4974 | ) |
4975 | instance.execute("sudo apt update") |
4976 | when_i_apt_install( |
4977 | @@ -143,7 +143,7 @@ def when_i_install_uat(context, machine_name=SUT): |
4978 | |
4979 | @when("I have the `{series}` debs under test in `{dest}`") |
4980 | def when_i_have_the_debs_under_test(context, series, dest): |
4981 | - if context.config.install_from is InstallationSource.LOCAL: |
4982 | + if context.pro_config.install_from is InstallationSource.LOCAL: |
4983 | deb_paths = build_debs(series) |
4984 | |
4985 | for deb_path in deb_paths: |
4986 | @@ -151,17 +151,17 @@ def when_i_have_the_debs_under_test(context, series, dest): |
4987 | dest_path = "{}/ubuntu-advantage-{}.deb".format(dest, tools_or_pro) |
4988 | context.machines[SUT].instance.push_file(deb_path, dest_path) |
4989 | else: |
4990 | - if context.config.install_from is InstallationSource.PROPOSED: |
4991 | + if context.pro_config.install_from is InstallationSource.PROPOSED: |
4992 | ppa_opts = "" |
4993 | else: |
4994 | - if context.config.install_from is InstallationSource.DAILY: |
4995 | + if context.pro_config.install_from is InstallationSource.DAILY: |
4996 | ppa = "ppa:ua-client/daily" |
4997 | - elif context.config.install_from is InstallationSource.STAGING: |
4998 | + elif context.pro_config.install_from is InstallationSource.STAGING: |
4999 | ppa = "ppa:ua-client/staging" |
5000 | - elif context.config.install_from is InstallationSource.STABLE: |
The diff has been truncated for viewing.
* Staging PPA Test Triggers: advantage- tools/27. 15~rc1: Published /autopkgtest. ubuntu. com/request. cgi?release= mantic& package= ubuntu- advantage- tools&arch= amd64&trigger= ubuntu- advantage- tools%2F27. 15~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= mantic& package= ubuntu- advantage- tools&arch= arm64&trigger= ubuntu- advantage- tools%2F27. 15~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= mantic& package= ubuntu- advantage- tools&arch= armhf&trigger= ubuntu- advantage- tools%2F27. 15~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= mantic& package= ubuntu- advantage- tools&arch= ppc64el& trigger= ubuntu- advantage- tools%2F27. 15~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= mantic& package= ubuntu- advantage- tools&arch= s390x&trigger= ubuntu- advantage- tools%2F27. 15~rc1& ppa=ua- client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= mantic& package= ubuntu- advantage- tools&arch= riscv64& trigger= ubuntu- advantage- tools%2F27. 15~rc1& ppa=ua- client% 2Fstaging♻ advantage- tools/27. 15~23.04~ rc1: Published /autopkgtest. ubuntu. com/request. cgi?release= lunar&package= ubuntu- advantage- tools&arch= amd64&trigger= ubuntu- advantage- tools%2F27. 15~23.04~ rc1&ppa= ua-client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= lunar&package= ubuntu- advantage- tools&arch= arm64&trigger= ubuntu- advantage- tools%2F27. 15~23.04~ rc1&ppa= ua-client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= lunar&package= ubuntu- advantage- tools&arch= armhf&trigger= ubuntu- advantage- tools%2F27. 15~23.04~ rc1&ppa= ua-client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= lunar&package= ubuntu- advantage- tools&arch= ppc64el& trigger= ubuntu- advantage- tools%2F27. 15~23.04~ rc1&ppa= ua-client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= lunar&package= ubuntu- advantage- tools&arch= s390x&trigger= ubuntu- advantage- tools%2F27. 15~23.04~ rc1&ppa= ua-client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= lunar&package= ubuntu- advantage- tools&arch= riscv64& trigger= ubuntu- advantage- tools%2F27. 15~23.04~ rc1&ppa= ua-client% 2Fstaging♻ advantage- tools/27. 15~22.10~ rc1: Published /autopkgtest. ubuntu. com/request. cgi?release= kinetic& package= ubuntu- advantage- tools&arch= amd64&trigger= ubuntu- advantage- tools%2F27. 15~22.10~ rc1&ppa= ua-client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= kinetic& package= ubuntu- advantage- tools&arch= arm64&trigger= ubuntu- advantage- tools%2F27. 15~22.10~ rc1&ppa= ua-client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= kinetic& package= ubuntu- advantage- tools&arch= armhf&trigger= ubuntu- advantage- tools%2F27. 15~22.10~ rc1&ppa= ua-client% 2Fstaging♻ /autopkgtest. ubuntu. com/request. cgi?release= kinetic& package= ubuntu- advantage- tools&arch= ppc64el& trigger= ubuntu- advantage- tools%2F27. 15~22.10~ rc1&ppa= ua-client% 2Fstaging♻
- Source ubuntu-
+ amd64: https:/
+ arm64: https:/
+ armhf: https:/
+ ppc64el: https:/
+ s390x: https:/
+ riscv64: https:/
- Source ubuntu-
+ amd64: https:/
+ arm64: https:/
+ armhf: https:/
+ ppc64el: https:/
+ s390x: https:/
+ riscv64: https:/
- Source ubuntu-
+ amd64: https:/
+ arm64: https:/
+ armhf: https:/
+ ppc64el: https:/
...