Ubuntu
ubuntu-advantage-tools package

Merge ~renanrodrigo/ubuntu/+source/ubuntu-advantage-tools:upload-27.14-lunar into ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel

Git
lp:~renanrodrigo/ubuntu/+source/ubuntu-advantage-tools
upload-27.14-lunar
Merge into ubuntu/devel

Proposed by Renan Rodrigo on 2023-03-22

Status:

Merged

Merged at revision:

01aebdc37ea06b5b7e7022ae74b110e8fddab200

Proposed branch:

~renanrodrigo/ubuntu/+source/ubuntu-advantage-tools:upload-27.14-lunar

Merge into:

ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel

Diff against target:

23735 lines (+9575/-5030)

183 files modified

.github/workflows/ci-base.yaml (+5/-17)
CONTRIBUTING.md (+4/-0)
README.md (+10/-50)
apt-hook/20apt-esm-hook.conf (+0/-4)
apt-hook/Makefile (+3/-10)
apt-hook/esm-counts.cc (+13/-0)
apt-hook/json-hook.cc (+3/-4)
debian/changelog (+38/-0)
debian/rules (+0/-4)
debian/ubuntu-advantage-tools.maintscript (+1/-0)
debian/ubuntu-advantage-tools.postinst (+82/-39)
debian/ubuntu-advantage-tools.postrm (+3/-6)
debian/ubuntu-advantage-tools.preinst (+19/-85)
dev-docs/devdocs_styleguide.md (+152/-0)
dev-docs/howtoguides/building.md (+1/-1)
dev-docs/howtoguides/detach_pro_instances.md (+25/-0)
dev-docs/howtoguides/testing.md (+5/-0)
dev/null (+0/-4)
docs/_static/css/custom.css (+240/-0)
docs/_static/css/github_issue_links.css (+17/-0)
docs/_static/js/github_issue_links.js (+1/-1)
docs/conf.py (+44/-5)
docs/explanations.rst (+43/-4)
docs/explanations/apt_messages.md (+130/-106)
docs/explanations/errors_explained.md (+101/-0)
docs/explanations/how_to_interpret_the_security_status_command.md (+77/-56)
docs/explanations/motd_messages.md (+100/-101)
docs/explanations/status_columns.md (+55/-26)
docs/explanations/what_are_the_timer_jobs.md (+20/-13)
docs/explanations/what_are_ubuntu_pro_cloud_instances.md (+25/-12)
docs/explanations/what_is_the_daemon.md (+7/-3)
docs/explanations/what_is_the_ubuntu_advantage_pro_package.md (+7/-3)
docs/explanations/what_refresh_does.md (+21/-9)
docs/explanations/why_trusty_is_no_longer_supported.md (+9/-6)
docs/howtoguides.rst (+9/-8)
docs/howtoguides/disable_enable_apt_news.md (+45/-0)
docs/howtoguides/enable_realtime_kernel.md (+3/-3)
docs/howtoguides/get_rid_of_corrupt_lock.md (+29/-0)
docs/index.rst (+2/-3)
docs/references.rst (+7/-4)
docs/references/api.md (+314/-130)
docs/references/network_requirements.md (+30/-13)
docs/references/ppas.md (+30/-9)
docs/references/support_matrix.md (+15/-15)
features/_version.feature (+16/-0)
features/api_packages.feature (+10/-8)
features/api_security.feature (+11/-1)
features/api_unattended_upgrades.feature (+207/-0)
features/apt_messages.feature (+81/-66)
features/attach_validtoken.feature (+30/-72)
features/attached_commands.feature (+13/-36)
features/attached_enable.feature (+79/-108)
features/config.feature (+55/-0)
features/daemon.feature (+2/-3)
features/environment.py (+13/-7)
features/fix.feature (+97/-25)
features/livepatch.feature (+72/-0)
features/logs.feature (+30/-0)
features/motd_messages.feature (+14/-148)
features/proxy_config.feature (+71/-72)
features/realtime_kernel.feature (+20/-6)
features/steps/attach.py (+4/-18)
features/steps/contract.py (+23/-0)
features/steps/files.py (+5/-4)
features/steps/misc.py (+9/-0)
features/steps/packages.py (+18/-0)
features/steps/shell.py (+11/-14)
features/steps/ubuntu_advantage_tools.py (+20/-1)
features/ubuntu_pro.feature (+11/-1)
features/ubuntu_pro_fips.feature (+12/-0)
features/unattached_commands.feature (+75/-0)
features/unattached_status.feature (+3/-3)
features/util.py (+31/-7)
lib/apt_news.py (+1/-1)
lib/auto_attach.py (+1/-1)
lib/daemon.py (+1/-1)
lib/esm_cache.py (+1/-1)
lib/migrate_user_config.py (+162/-0)
lib/reboot_cmds.py (+13/-14)
lib/timer.py (+17/-4)
lib/upgrade_lts_contract.py (+2/-3)
sru/release-27.14/test-migrate-user-config.sh (+288/-0)
systemd/apt-news.service (+10/-0)
tools/test-in-lxd.sh (+29/-12)
tools/test-in-multipass.sh (+19/-13)
uaclient-devel.conf (+0/-7)
uaclient.conf (+0/-16)
uaclient/actions.py (+7/-9)
uaclient/api/api.py (+1/-0)
uaclient/api/data_types.py (+2/-2)
uaclient/api/exceptions.py (+7/-0)
uaclient/api/tests/test_api_u_pro_attach_auto_full_auto_attach_v1.py (+13/-3)
uaclient/api/tests/test_api_u_unattended_upgrades_status_v1.py (+150/-0)
uaclient/api/u/pro/attach/auto/full_auto_attach/v1.py (+1/-1)
uaclient/api/u/unattended_upgrades/__init__.py (+0/-0)
uaclient/api/u/unattended_upgrades/status/__init__.py (+0/-0)
uaclient/api/u/unattended_upgrades/status/v1.py (+215/-0)
uaclient/apt.py (+172/-15)
uaclient/cli.py (+51/-73)
uaclient/config.py (+130/-126)
uaclient/conftest.py (+58/-8)
uaclient/contract.py (+2/-1)
uaclient/contract_data_types.py (+6/-5)
uaclient/daemon/__init__.py (+7/-3)
uaclient/daemon/retry_auto_attach.py (+17/-6)
uaclient/daemon/tests/test_poll_for_pro_license.py (+3/-12)
uaclient/data_types.py (+57/-28)
uaclient/defaults.py (+7/-1)
uaclient/entitlements/base.py (+296/-265)
uaclient/entitlements/entitlement_status.py (+1/-0)
uaclient/entitlements/esm.py (+6/-6)
uaclient/entitlements/fips.py (+28/-41)
uaclient/entitlements/livepatch.py (+46/-85)
uaclient/entitlements/realtime.py (+11/-1)
uaclient/entitlements/repo.py (+5/-9)
uaclient/entitlements/tests/test_base.py (+292/-239)
uaclient/entitlements/tests/test_cc.py (+1/-5)
uaclient/entitlements/tests/test_cis.py (+1/-3)
uaclient/entitlements/tests/test_esm.py (+2/-152)
uaclient/entitlements/tests/test_fips.py (+53/-79)
uaclient/entitlements/tests/test_livepatch.py (+54/-358)
uaclient/entitlements/tests/test_repo.py (+53/-55)
uaclient/event_logger.py (+7/-3)
uaclient/exceptions.py (+6/-0)
uaclient/files/__init__.py (+1/-2)
uaclient/files/data_types.py (+13/-6)
uaclient/files/files.py (+18/-97)
uaclient/files/notices.py (+231/-0)
uaclient/files/state_files.py (+103/-2)
uaclient/files/tests/test_files.py (+7/-4)
uaclient/files/tests/test_notices.py (+124/-0)
uaclient/jobs/tests/test_update_contract_info.py (+88/-0)
uaclient/jobs/tests/test_update_messaging.py (+294/-500)
uaclient/jobs/update_contract_info.py (+29/-0)
uaclient/jobs/update_messaging.py (+108/-327)
uaclient/livepatch.py (+397/-0)
uaclient/lock.py (+6/-2)
uaclient/log.py (+60/-0)
uaclient/messages.py (+157/-22)
uaclient/security.py (+129/-32)
uaclient/security_status.py (+70/-121)
uaclient/serviceclient.py (+6/-5)
uaclient/status.py (+87/-38)
uaclient/system.py (+36/-3)
uaclient/testing/fakes.py (+6/-0)
uaclient/tests/test_actions.py (+3/-4)
uaclient/tests/test_apt.py (+112/-10)
uaclient/tests/test_cli.py (+67/-41)
uaclient/tests/test_cli_api.py (+2/-1)
uaclient/tests/test_cli_attach.py (+43/-39)
uaclient/tests/test_cli_auto_attach.py (+3/-9)
uaclient/tests/test_cli_collect_logs.py (+2/-6)
uaclient/tests/test_cli_config.py (+57/-0)
uaclient/tests/test_cli_config_set.py (+17/-24)
uaclient/tests/test_cli_config_show.py (+17/-30)
uaclient/tests/test_cli_config_unset.py (+8/-10)
uaclient/tests/test_cli_detach.py (+15/-22)
uaclient/tests/test_cli_disable.py (+33/-23)
uaclient/tests/test_cli_enable.py (+28/-41)
uaclient/tests/test_cli_refresh.py (+55/-45)
uaclient/tests/test_cli_security_status.py (+1/-1)
uaclient/tests/test_cli_status.py (+79/-105)
uaclient/tests/test_config.py (+155/-146)
uaclient/tests/test_contract.py (+6/-5)
uaclient/tests/test_data_types.py (+41/-0)
uaclient/tests/test_event_logger.py (+3/-3)
uaclient/tests/test_lib_migrate_user_config.py (+242/-0)
uaclient/tests/test_livepatch.py (+875/-0)
uaclient/tests/test_lock.py (+9/-4)
uaclient/tests/test_log.py (+159/-0)
uaclient/tests/test_reboot_cmds.py (+17/-14)
uaclient/tests/test_security.py (+188/-46)
uaclient/tests/test_security_status.py (+69/-134)
uaclient/tests/test_serviceclient.py (+1/-1)
uaclient/tests/test_status.py (+63/-47)
uaclient/tests/test_system.py (+49/-1)
uaclient/tests/test_ua_timer.py (+8/-4)
uaclient/tests/test_util.py (+6/-3)
uaclient/util.py (+33/-23)
uaclient/version.py (+1/-1)
uaclient/yaml.py (+29/-0)
ubuntu-advantage.1 (+7/-3)
update-motd.d/91-contract-ua-esm-status (+2/-2)

Undecided

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Athos Ribeiro (community)		2023-03-22	Approve on 2023-03-22
Review via email: mp+439382@code.launchpad.net

Description of the change

This is release 27.14 of ubuntu-advantage-tools.

You can find the description of changes in the overall SRU bug here: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2011477

Revision history for this message

Athos Ribeiro (athos-ribeiro) wrote on 2023-03-22:

The diff below is being truncated.

I am adding my comments here then.

In commit 76e0a70cba62fdcbd7ea8c34fbe67728893f632e:

- Parsing the Acquire" apt option should be done with a regular expression to avoid parsing debugging option by mistake

- nitpick: uaclient/conftest.py - Could the "Useless try/except to make flake8 happy" be just an ignore hint for flake8 instead? i.e., use the resources described at https://flake8.pycqa.org/en/latest/user/violations.html.

In commit 990b3f134996c5a235aeaec608ca1e477c56d00b:

- debian/ubuntu-advantage-tools.postinst: The first message is being echo'ed to stdout, the others, to stderr. is this intentional?

Revision history for this message

Lucas Albuquerque Medeiros de Moura (lamoura) wrote on 2023-03-22:

Hi Athos, thanks for the review

In commit 76e0a70cba62fdcbd7ea8c34fbe67728893f632e:
- Yes, the Acquire fix is indeed missing. We will address it today

nitpick: uaclient/conftest.py
I Agree we can change that, but I think we can touch this later in the next release, due to the timeline we have at the moment. But I think it is indeed a good idea.

In commit 990b3f134996c5a235aeaec608ca1e477c56d00b:
- Good catch, this is indeed a mistake. I will fix that

Revision history for this message

Renan Rodrigo (renanrodrigo) wrote on 2023-03-22:

@Athos, MP updated including the requested changes

Revision history for this message

Athos Ribeiro (athos-ribeiro) wrote on 2023-03-22:

Thank you!

LGTM

review: Approve

Revision history for this message

Athos Ribeiro (athos-ribeiro) wrote on 2023-03-22:

I just triggered the DEP8 tests suite for the builds pushed to ppa:ua-client/staging. I will start uploading those as soon as we get the test results.

Revision history for this message

Athos Ribeiro (athos-ribeiro) wrote on 2023-03-22:

  - ubuntu-advantage-tools/27.14~23.04.1~rc3+noflake8
    + ✅ ubuntu-advantage-tools on lunar for amd64 @ 22.03.23 18:55:26 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on lunar for arm64 @ 22.03.23 18:23:35 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on lunar for armhf @ 22.03.23 18:14:49 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on lunar for ppc64el @ 22.03.23 18:13:59 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on lunar for s390x @ 22.03.23 18:15:40 Log️ 🗒️

  - ubuntu-advantage-tools/27.14~22.10.1~rc3+noflake8
    + ✅ ubuntu-advantage-tools on kinetic for amd64 @ 22.03.23 18:20:11 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on kinetic for arm64 @ 22.03.23 18:34:50 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on kinetic for armhf @ 22.03.23 18:16:25 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on kinetic for ppc64el @ 22.03.23 18:17:11 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on kinetic for s390x @ 22.03.23 18:15:08 Log️ 🗒️

  - ubuntu-advantage-tools/27.14~22.04.1~rc3+noflake8
    + ✅ ubuntu-advantage-tools on jammy for amd64 @ 22.03.23 18:32:04 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on jammy for arm64 @ 22.03.23 18:26:01 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on jammy for armhf @ 22.03.23 18:16:13 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on jammy for ppc64el @ 22.03.23 18:15:32 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on jammy for s390x @ 22.03.23 18:16:13 Log️ 🗒️

  - ubuntu-advantage-tools/27.14~20.04.1~rc3+noflake8
    + ✅ ubuntu-advantage-tools on focal for amd64 @ 22.03.23 18:34:01 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on focal for arm64 @ 22.03.23 18:21:46 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on focal for armhf @ 22.03.23 18:20:53 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on focal for ppc64el @ 22.03.23 18:16:55 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on focal for s390x @ 22.03.23 18:18:16 Log️ 🗒️

  - ubuntu-advantage-tools/27.14~18.04.1~rc3+noflake8
    + ✅ ubuntu-advantage-tools on bionic for amd64 @ 22.03.23 18:25:33 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on bionic for arm64 @ 22.03.23 18:39:00 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on bionic for armhf @ 22.03.23 18:18:01 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on bionic for ppc64el @ 22.03.23 18:17:45 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on bionic for s390x @ 22.03.23 18:18:12 Log️ 🗒️

  - ubuntu-advantage-tools/27.14~16.04.1~rc3+noflake8
    + ✅ ubuntu-advantage-tools on xenial for amd64 @ 22.03.23 19:01:26 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on xenial for arm64 @ 22.03.23 18:24:08 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on xenial for armhf @ 22.03.23 18:17:55 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on xenial for ppc64el @ 22.03.23 18:17:00 Log️ 🗒️
    + ✅ ubuntu-advantage-tools on xenial for s390x @ 22.03.23 18:16:54 Log️ 🗒️

Revision history for this message

Athos Ribeiro (athos-ribeiro) wrote on 2023-03-22:

Uploaded.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_27.14~23.04.1.dsc: done.
  Uploading ubuntu-advantage-tools_27.14~23.04.1.tar.xz: done.
  Uploading ubuntu-advantage-tools_27.14~23.04.1_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_27.14~23.04.1_source.changes: done.
Successfully uploaded packages.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_27.14~22.10.1.dsc: done.
  Uploading ubuntu-advantage-tools_27.14~22.10.1.tar.xz: done.
  Uploading ubuntu-advantage-tools_27.14~22.10.1_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_27.14~22.10.1_source.changes: done.
Successfully uploaded packages.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_27.14~22.04.1.dsc: done.
  Uploading ubuntu-advantage-tools_27.14~22.04.1.tar.xz: done.
  Uploading ubuntu-advantage-tools_27.14~22.04.1_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_27.14~22.04.1_source.changes: done.
Successfully uploaded packages.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_27.14~20.04.1.dsc: done.
  Uploading ubuntu-advantage-tools_27.14~20.04.1.tar.xz: done.
  Uploading ubuntu-advantage-tools_27.14~20.04.1_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_27.14~20.04.1_source.changes: done.
Successfully uploaded packages.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_27.14~18.04.1.dsc: done.
  Uploading ubuntu-advantage-tools_27.14~18.04.1.tar.xz: done.
  Uploading ubuntu-advantage-tools_27.14~18.04.1_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_27.14~18.04.1_source.changes: done.
Successfully uploaded packages.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_27.14~16.04.1.dsc: done.
  Uploading ubuntu-advantage-tools_27.14~16.04.1.tar.xz: done.
  Uploading ubuntu-advantage-tools_27.14~16.04.1_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_27.14~16.04.1_source.changes: done.
Successfully uploaded packages.

Uploaded.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_27.14~23.04.1.dsc: done.
  Uploading ubuntu-advantage-tools_27.14~23.04.1.tar.xz: done.    
  Uploading ubuntu-advantage-tools_27.14~23.04.1_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_27.14~23.04.1_source.changes: done.
Successfully uploaded packages.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_27.14~22.10.1.dsc: done.
  Uploading ubuntu-advantage-tools_27.14~22.10.1.tar.xz: done.    
  Uploading ubuntu-advantage-tools_27.14~22.10.1_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_27.14~22.10.1_source.changes: done.
Successfully uploaded packages.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_27.14~22.04.1.dsc: done.
  Uploading ubuntu-advantage-tools_27.14~22.04.1.tar.xz: done.    
  Uploading ubuntu-advantage-tools_27.14~22.04.1_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_27.14~22.04.1_source.changes: done.
Successfully uploaded packages.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_27.14~20.04.1.dsc: done.
  Uploading ubuntu-advantage-tools_27.14~20.04.1.tar.xz: done.    
  Uploading ubuntu-advantage-tools_27.14~20.04.1_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_27.14~20.04.1_source.changes: done.
Successfully uploaded packages.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_27.14~18.04.1.dsc: done.
  Uploading ubuntu-advantage-tools_27.14~18.04.1.tar.xz: done.    
  Uploading ubuntu-advantage-tools_27.14~18.04.1_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_27.14~18.04.1_source.changes: done.
Successfully uploaded packages.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ubuntu-advantage-tools_27.14~16.04.1.dsc: done.
  Uploading ubuntu-advantage-tools_27.14~16.04.1.tar.xz: done.    
  Uploading ubuntu-advantage-tools_27.14~16.04.1_source.buildinfo: done.
  Uploading ubuntu-advantage-tools_27.14~16.04.1_source.changes: done.
Successfully uploaded packages.

Revision history for this message

Renan Rodrigo (renanrodrigo) wrote on 2023-03-22:

Thank you very much again for all the effort!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes:

Renan Rodrigo

git-ubuntu developers

to status/vote changes:

Terrence Bobryk-Ozaki

 diff --git a/.github/workflows/ci-base.yaml b/.github/workflows/ci-base.yaml
 index 0b8f1ed..59174bf 100644
 --- a/.github/workflows/ci-base.yaml
 +++ b/.github/workflows/ci-base.yaml
@@ -23,33 +23,21 @@ jobs:
          uses: actions/checkout@v3
        - name: Formatting
          run: tox -e black -e isort
++      - name: Style
++        run: tox -e flake8
        - name: Mypy
          run: tox -e mypy
        - name: Version Consistency
          run: python3 ./tools/check-versions-are-consistent.py
    unit-tests:
--    name: Matrix
--    strategy:
--      matrix:
--        testenv:
--          - {os: ubuntu-18.04, pyver: py35, deadsnake: python3.5}
--          - {os: ubuntu-18.04, pyver: py36}
--          - {os: ubuntu-20.04, pyver: py38}
--          - {os: ubuntu-22.04, pyver: py310}
--    runs-on: ${{ matrix.testenv.os }}
++    name: Unit Tests
++    runs-on: ubuntu-22.04
      steps:
        - name: Install dependencies
          run: |
            sudo DEBIAN_FRONTEND=noninteractive apt-get -qy update
            sudo DEBIAN_FRONTEND=noninteractive apt-get -qy install tox
--      - name: Install older Python from deadsnakes PPA
--        if: matrix.testenv.deadsnake != ''
--        run: |
--          sudo add-apt-repository --yes ppa:deadsnakes/ppa
--          sudo DEBIAN_FRONTEND=noninteractive apt-get -qy install "${{ matrix.testenv.deadsnake }}" "${{ matrix.testenv.deadsnake }}-dev"
        - name: Git checkout
          uses: actions/checkout@v3
--      - name: Flake8
--        run: tox -e "${{ matrix.testenv.pyver }}-flake8"
        - name: Unit
--        run: tox -e "${{ matrix.testenv.pyver }}-test"
++        run: tox -e test
 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
 index dd7809e..03568a6 100644
 --- a/CONTRIBUTING.md
 +++ b/CONTRIBUTING.md
@@ -29,3 +29,7 @@ from the architecture of the project to how you should test any code changes.
  ### Explanation
  * [How auto-attach works](./dev-docs/explanations/how_auto_attach_works.md)
++
++### Documentation
++
++* [Documentation guide](./dev-docs/devdocs_styleguide.md)
 diff --git a/README.md b/README.md
 index 922188d..4e7a493 100644
 --- a/README.md
 +++ b/README.md
@@ -7,13 +7,16 @@
  </h1>
  ###### Clean and Consistent CLI for your Ubuntu Pro Systems
--![Latest Upstream Version](https://img.shields.io/github/v/tag/canonical/ubuntu-advantage-client.svg?label=Latest%20Upstream%20Version&logo=github&logoColor=white&color=33ce57)
--![CI](https://github.com/canonical/ubuntu-advantage-client/actions/workflows/ci-base.yaml/badge.svg?branch=main)
++[![Latest Upstream Version](https://img.shields.io/github/v/tag/canonical/ubuntu-advantage-client.svg?label=Latest%20Upstream%20Version&logo=github&logoColor=white&color=33ce57)](https://github.com/canonical/ubuntu-pro-client/tags)
++[![CI](https://github.com/canonical/ubuntu-advantage-client/actions/workflows/ci-base.yaml/badge.svg?branch=main)](https://github.com/canonical/ubuntu-pro-client/actions)
++[![Documentation Status](https://readthedocs.com/projects/canonical-ubuntu-pro-client/badge/?version=latest)](https://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/?badge=latest)
  <br/>
--![Released Xenial Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/xenial?label=Xenial&logo=ubuntu&logoColor=white)
--![Released Bionic Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/bionic?label=Bionic&logo=ubuntu&logoColor=white)
--![Released Focal Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/focal?label=Focal&logo=ubuntu&logoColor=white)
--![Released Jammy Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/jammy?label=Jammy&logo=ubuntu&logoColor=white)
++[![Released Xenial Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/xenial?label=Xenial&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/xenial/+source/ubuntu-advantage-tools)
++[![Released Bionic Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/bionic?label=Bionic&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/bionic/+source/ubuntu-advantage-tools)
++[![Released Focal Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/focal?label=Focal&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/focal/+source/ubuntu-advantage-tools)
++[![Released Jammy Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/jammy?label=Jammy&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/jammy/+source/ubuntu-advantage-tools)
++[![Released Kinetic Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/kinetic?label=Kinetic&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/kinetic/+source/ubuntu-advantage-tools)
++[![Released Lunar Version](https://img.shields.io/ubuntu/v/ubuntu-advantage-tools/lunar?label=Lunar&logo=ubuntu&logoColor=white)](https://launchpad.net/ubuntu/lunar/+source/ubuntu-advantage-tools)
  The Ubuntu Pro Client (`pro`) is the official tool to enable Canonical offerings on your
  system.
@@ -33,50 +36,7 @@ If you need any of those services for your machine, `pro` is the right tool for
  `pro` is already installed on every Ubuntu system. Try it out by running `pro help`!
--## Documentation
--
--### Tutorials
--
--* [Getting started with Ubuntu Pro Client](./docs/tutorials/basic_commands.md)
--* [Create a FIPS compliant Ubuntu Docker image](./docs/tutorials/create_a_fips_docker_image.md)
--* [Fix vulnerabilities by CVE or USN using `pro fix`](./docs/tutorials/fix_scenarios.md)
--* [Create a Custom Ubuntu Pro Cloud Image with FIPS Updates](./docs/tutorials/create_a_fips_updates_pro_cloud_image.md)
--
--### How To Guides
--
--* [How to get an Ubuntu Pro token and attach to a subscription](./docs/howtoguides/get_token_and_attach.md)
--* [How to Configure Proxies](./docs/howtoguides/configure_proxies.md)
--* [How to Enable Ubuntu Pro Services in a Dockerfile](./docs/howtoguides/enable_in_dockerfile.md)
--* [How to Create a custom Golden Image based on Public Cloud Ubuntu Pro images](./docs/howtoguides/create_pro_golden_image.md)
--* [How to Manually update MOTD and APT messages](./docs/howtoguides/update_motd_messages.md)
--* [How to enable CIS](./docs/howtoguides/enable_cis.md)
--* [How to enable CC EAL](./docs/howtoguides/enable_cc.md)
--* [How to enable ESM Infra](./docs/howtoguides/enable_esm_infra.md)
--* [How to enable FIPS](./docs/howtoguides/enable_fips.md)
--* [How to enable Livepatch](./docs/howtoguides/enable_livepatch.md)
--* [How to configure a timer job](./docs/howtoguides/configuring_timer_jobs.md)
--* [How to attach with a configuration file](./docs/howtoguides/how_to_attach_with_config_file.md)
--* [How to collect Ubuntu Pro Client logs](./docs/howtoguides/how_to_collect_logs.md)
--* [How to simulate attach operation](./docs/howtoguides/how_to_simulate_attach.md)
--* [How to run `pro fix` in dry-run mode](./docs/howtoguides/how_to_run_fix_in_dry_run_mode.md)
--
--### Reference
--
--* [Ubuntu Release and Architecture Support Matrix](./docs/references/support_matrix.md)
--* [Network Requirements](./docs/references/network_requirements.md)
--* [API Reference Guide](./docs/references/api.md)
--* [PPAs with different versions of `pro`](./docs/references/ppas.md)
--
--### Explanation
--
--* [What is the daemon for? (And how to disable it)](./docs/explanations/what_is_the_daemon.md)
--* [What are Public Cloud Ubuntu Pro instances?](./docs/explanations/what_are_ubuntu_pro_cloud_instances.md)
--* [What is the ubuntu-advantage-pro package?](./docs/explanations/what_is_the_ubuntu_advantage_pro_package.md)
--* [What are the timer jobs?](./docs/explanations/what_are_the_timer_jobs.md)
--* [What are the Ubuntu Pro related MOTD messages?](./docs/explanations/motd_messages.md)
--* [What are the Ubuntu Pro related APT messages?](./docs/explanations/apt_messages.md)
--* [How to interpret the security-status command](./docs/explanations/how_to_interpret_the_security_status_command.md)
--* [Why Trusty (14.04) is no longer supported](./docs/explanations/why_trusty_is_no_longer_supported.md)
++Or [check out the docs](https://canonical-ubuntu-pro-client.readthedocs-hosted.com/en/latest/).
  ## Project and community
 diff --git a/apt-hook/20apt-esm-hook.conf b/apt-hook/20apt-esm-hook.conf
 index 7bcae44..36a7593 100644
 --- a/apt-hook/20apt-esm-hook.conf
 +++ b/apt-hook/20apt-esm-hook.conf
@@ -2,10 +2,6 @@ APT::Update::Pre-Invoke {
  	"[ ! -e /run/systemd/system ] || [ $(id -u) -ne 0 ] || systemctl start --no-block apt-news.service esm-cache.service || true";
  };
--APT::Update::Post-Invoke-Stats {
--	"[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook || true";
--};
--
  binary::apt::AptCli::Hooks::Upgrade {
  	"[ ! -f /usr/lib/ubuntu-advantage/apt-esm-json-hook ] || /usr/lib/ubuntu-advantage/apt-esm-json-hook || true";
  };
 diff --git a/apt-hook/Makefile b/apt-hook/Makefile
 index 9bb2bcd..ad7d586 100644
 --- a/apt-hook/Makefile
 +++ b/apt-hook/Makefile
@@ -1,12 +1,6 @@
  all: build
--build: hook ubuntu-advantage.pot json-hook
--
--ubuntu-advantage.pot: hook.cc
--	xgettext hook.cc -o ubuntu-advantage.pot
--
--hook: hook.cc
--	$(CXX) -Wall -Wextra -pedantic -std=c++11 $(CXXFLAGS) $(CPPFLAGS) $(LDFLAGS) -g -o hook hook.cc esm-templates.cc -lapt-pkg $(LDLIBS)
++build: json-hook
  json-hook: json-hook.cc
  	$(CXX) -Wall -Wextra -pedantic -std=c++11 $(CXXFLAGS) $(CPPFLAGS) $(LDFLAGS) -g -o json-hook json-hook-main.cc json-hook.cc esm-counts.cc -ljson-c -lapt-pkg $(LDLIBS)
@@ -18,11 +12,10 @@ test:
  install-conf:
  	install -D -m 644 20apt-esm-hook.conf $(DESTDIR)/etc/apt/apt.conf.d/20apt-esm-hook.conf
--install: hook json-hook
--	install -D -m 755 hook $(DESTDIR)/usr/lib/ubuntu-advantage/apt-esm-hook
++install: json-hook
  	install -D -m 755 json-hook $(DESTDIR)/usr/lib/ubuntu-advantage/apt-esm-json-hook
  clean:
--	rm -f hook json-hook json-hook-test ubuntu-advantage.pot
++	rm -f json-hook json-hook-test
  .PHONY: test
 diff --git a/apt-hook/esm-counts.cc b/apt-hook/esm-counts.cc
 index 82aea99..1a94d87 100644
 --- a/apt-hook/esm-counts.cc
 +++ b/apt-hook/esm-counts.cc
@@ -52,11 +52,24 @@ bool get_potential_esm_updates(ESMUpdates &updates) {
+    }
     // set up esm cache
++   // make sure the configuration is isolated, apart from Acquire
++   for (const Configuration::Item *ConfigItem = _config->Tree(0); ConfigItem != NULL; ConfigItem = ConfigItem->Next) {
++      if (ConfigItem->FullTag(0) != "Acquire") {
++         _config->Clear(ConfigItem->FullTag(0));
++      }
++   }
++
     _config->Set("Dir", "/var/lib/ubuntu-advantage/apt-esm/");
     _config->Set("Dir::State::status", "/var/lib/ubuntu-advantage/apt-esm/var/lib/dpkg/status");
++
++   if (!pkgInitConfig(*_config)) {
++      return false;
++   }
++
     if (!pkgInitSystem(*_config, _system)) {
        return false;
+    }
++
     pkgCacheFile esm_cachefile;
     pkgCache *esm_cache = esm_cachefile.GetPkgCache();
     if (esm_cache == NULL) {
 diff --git a/apt-hook/esm-templates.cc b/apt-hook/esm-templates.cc
 deleted file mode 100644
 index 3444e2e..0000000
 --- a/apt-hook/esm-templates.cc
 +++ /dev/null
@@ -1,273 +0,0 @@
--#include <apt-pkg/cachefile.h>
--#include <apt-pkg/error.h>
--#include <apt-pkg/init.h>
--#include <apt-pkg/pkgsystem.h>
--#include <apt-pkg/policy.h>
--#include <apt-pkg/strutl.h>
--
--#include <algorithm>
--#include <array>
--#include <fstream>
--#include <iostream>
--#include <sstream>
--#include <string>
--#include <vector>
--
--#include "esm-templates.hh"
--
--
--struct result {
--   int enabled_esms_i;
--   int disabled_esms_i;
--   std::vector<std::string> esm_i_packages;
--
--   int enabled_esms_a;
--   int disabled_esms_a;
--   std::vector<std::string> esm_a_packages;
--};
--
--// Check if we have an ESM upgrade for the specified package
--static void check_esm_upgrade(pkgCache::PkgIterator pkg, pkgPolicy *policy, result &res)
--{
--   pkgCache::VerIterator cur = pkg.CurrentVer();
--
--   if (cur.end())
--      return;
--
--   // Search all versions >= cur (list in decreasing order)
--   for (pkgCache::VerIterator ver = pkg.VersionList(); !ver.end() && ver->ID != cur->ID; ver++)
--   {
--      for (pkgCache::VerFileIterator pf = ver.FileList(); !pf.end(); pf++)
--      {
--         if (pf.File().Archive() != 0 && DeNull(pf.File().Origin()) == std::string("UbuntuESM"))
--         {
--            if (std::find(res.esm_i_packages.begin(), res.esm_i_packages.end(), pkg.Name()) == res.esm_i_packages.end()) {
--                res.esm_i_packages.push_back(pkg.Name());
--
--                // Pin-Priority: never unauthenticated APT repos == -32768
--                if (policy->GetPriority(pf.File()) == -32768)
--                {
--                   res.disabled_esms_i++;
--                }
--                else
--                {
--                   res.enabled_esms_i++;
--                }
--            }
--         }
--         if (pf.File().Archive() != 0 && DeNull(pf.File().Origin()) == std::string("UbuntuESMApps"))
--         {
--            if (std::find(res.esm_a_packages.begin(), res.esm_a_packages.end(), pkg.Name()) == res.esm_a_packages.end()) {
--                res.esm_a_packages.push_back(pkg.Name());
--
--                // Pin-Priority: never unauthenticated APT repos == -32768
--                if (policy->GetPriority(pf.File()) == -32768)
--                {
--                   res.disabled_esms_a++;
--                }
--                else
--                {
--                   res.enabled_esms_a++;
--                }
--            }
--         }
--      }
--   }
--}
--
--// Calculate the update count
--static int get_update_count(result &res)
--{
--   int count = 0;
--   if (!pkgInitConfig(*_config))
--      return -1;
--
--   if (!pkgInitSystem(*_config, _system))
--      return -1;
--
--   pkgCacheFile cachefile;
--
--   pkgCache *cache = cachefile.GetPkgCache();
--   pkgPolicy *policy = cachefile.GetPolicy();
--
--   if (cache == NULL || policy == NULL)
--      return -1;
--
--   for (pkgCache::PkgIterator pkg = cache->PkgBegin(); !pkg.end(); pkg++)
--   {
--      check_esm_upgrade(pkg, policy, res);
--   }
--   return count;
--}
--
--
--static void process_template_file(
--   std::string template_file_name,
--   std::string static_file_name,
--   std::string esm_a_pkgs_count,
--   std::string esm_a_pkgs,
--   std::string esm_i_pkgs_count,
--   std::string esm_i_pkgs
--) {
--   std::ifstream message_tmpl_file(template_file_name.c_str());
--   if (message_tmpl_file.is_open()) {
--      // This line loads the whole file contents into a string
--      std::string message_tmpl((std::istreambuf_iterator<char>(message_tmpl_file)), (std::istreambuf_iterator<char>()));
--
--      message_tmpl_file.close();
--
--      // Process all template variables
--      std::array<std::string, 4> tmpl_var_names = {
--         ESM_APPS_PKGS_COUNT_TEMPLATE_VAR,
--         ESM_APPS_PACKAGES_TEMPLATE_VAR,
--         ESM_INFRA_PKGS_COUNT_TEMPLATE_VAR,
--         ESM_INFRA_PACKAGES_TEMPLATE_VAR
--      };
--      std::array<std::string, 4> tmpl_var_vals = {
--         esm_a_pkgs_count,
--         esm_a_pkgs,
--         esm_i_pkgs_count,
--         esm_i_pkgs
--      };
--      for (uint i = 0; i < tmpl_var_names.size(); i++) {
--         size_t pos = message_tmpl.find(tmpl_var_names[i]);
--         if (pos != std::string::npos) {
--            message_tmpl.replace(pos, tmpl_var_names[i].size(), tmpl_var_vals[i]);
--         }
--      }
--
--      std::ofstream message_static_file(static_file_name.c_str());
--      if (message_static_file.is_open()) {
--         message_static_file << message_tmpl;
--         message_static_file.close();
--      }
--   } else {
--      remove(static_file_name.c_str());
--   }
--}
--
--void process_all_templates() {
--   int bytes_written;
--   int length;
--
--   // Iterate over apt cache looking for esm packages
--   result res = {0, 0, std::vector<std::string>(), 0, 0, std::vector<std::string>()};
--   get_update_count(res);
--   if (_error->PendingError())
--   {
--      _error->DumpErrors();
--      return;
--   }
--
--   // Compute all strings necessary to fill in templates
--   std::string space_separated_esm_i_packages = "";
--   if (res.esm_i_packages.size() > 0) {
--      for (uint i = 0; i < res.esm_i_packages.size() - 1; i++) {
--         space_separated_esm_i_packages.append(res.esm_i_packages[i]);
--         space_separated_esm_i_packages.append(" ");
--      }
--      space_separated_esm_i_packages.append(res.esm_i_packages[res.esm_i_packages.size() - 1]);
--   }
--   std::string space_separated_esm_a_packages = "";
--   if (res.esm_a_packages.size() > 0) {
--      for (uint i = 0; i < res.esm_a_packages.size() - 1; i++) {
--         space_separated_esm_a_packages.append(res.esm_a_packages[i]);
--         space_separated_esm_a_packages.append(" ");
--      }
--      space_separated_esm_a_packages.append(res.esm_a_packages[res.esm_a_packages.size() - 1]);
--   }
--
--   std::array<std::string, 4> static_file_names = {
--      APT_PRE_INVOKE_APPS_PKGS_STATIC_PATH,
--      MOTD_APPS_PKGS_STATIC_PATH,
--      APT_PRE_INVOKE_INFRA_PKGS_STATIC_PATH,
--      MOTD_INFRA_PKGS_STATIC_PATH,
--   };
--   std::array<std::string, 2> apt_static_files = {
--      APT_PRE_INVOKE_APPS_PKGS_STATIC_PATH,
--      APT_PRE_INVOKE_INFRA_PKGS_STATIC_PATH,
--   };
--   std::array<std::string, 2> motd_static_files = {
--      MOTD_APPS_PKGS_STATIC_PATH,
--      MOTD_INFRA_PKGS_STATIC_PATH,
--   };
--
--   // Decide which templates to use (nopkg or pkg variants)
--   std::vector<std::string> template_file_names;
--   if (res.esm_a_packages.size() > 0) {
--      template_file_names.push_back(APT_PRE_INVOKE_APPS_PKGS_TEMPLATE_PATH);
--      template_file_names.push_back(MOTD_APPS_PKGS_TEMPLATE_PATH);
--   } else {
--      template_file_names.push_back(APT_PRE_INVOKE_APPS_NO_PKGS_TEMPLATE_PATH);
--      template_file_names.push_back(MOTD_APPS_NO_PKGS_TEMPLATE_PATH);
--   }
--   if (res.esm_i_packages.size() > 0) {
--      template_file_names.push_back(APT_PRE_INVOKE_INFRA_PKGS_TEMPLATE_PATH);
--      template_file_names.push_back(MOTD_INFRA_PKGS_TEMPLATE_PATH);
--   } else {
--      template_file_names.push_back(APT_PRE_INVOKE_INFRA_NO_PKGS_TEMPLATE_PATH);
--      template_file_names.push_back(MOTD_INFRA_NO_PKGS_TEMPLATE_PATH);
--   }
--   // Insert values into selected templates and render to separate file
--   for (uint i = 0; i < template_file_names.size(); i++) {
--      process_template_file(
--         template_file_names[i],
--         static_file_names[i],
--         std::to_string(res.esm_a_packages.size()),
--         space_separated_esm_a_packages,
--         std::to_string(res.esm_i_packages.size()),
--         space_separated_esm_i_packages
--      );
--   }
--
--   // combine rendered files so that there is one apt file and one motd file
--   // first apt
--   std::ofstream apt_pre_invoke_msg;
--   apt_pre_invoke_msg.open(APT_PRE_INVOKE_MESSAGE_STATIC_PATH);
--   for (uint i = 0; i < apt_static_files.size(); i++) {
--       std::ifstream message_file(apt_static_files[i]);
--       if (message_file.is_open()) {
--           apt_pre_invoke_msg << message_file.rdbuf();
--           message_file.close();
--       };
--   }
--   bytes_written = apt_pre_invoke_msg.tellp();
--   if (bytes_written > 0) {
--       // Then we wrote some content add trailing newline
--       apt_pre_invoke_msg << std::endl;
--   }
--   apt_pre_invoke_msg.close();
--   if (bytes_written == 0) {
--       // We added nothing. Remove the file
--       remove(APT_PRE_INVOKE_MESSAGE_STATIC_PATH);
--   }
--
--   // then motd
--   std::ofstream motd_msg;
--   motd_msg.open(MOTD_ESM_SERVICE_STATUS_MESSAGE_STATIC_PATH);
--   for (uint i = 0; i < motd_static_files.size(); i++) {
--       std::ifstream message_file(motd_static_files[i]);
--       if (message_file.is_open()) {
--           message_file.seekg(0, message_file.end);
--           length = message_file.tellg();
--           if ( length > 0 ) {
--               message_file.seekg(0, message_file.beg);
--               if ( motd_msg.tellp() > 0 ) {
--                   motd_msg << std::endl;
--               }
--               motd_msg << message_file.rdbuf();
--           }
--           message_file.close();
--       };
--   }
--   bytes_written = motd_msg.tellp();
--   if (bytes_written > 0) {
--       // Then we wrote some content add trailing newline
--       motd_msg << std::endl;
--   }
--   motd_msg.close();
--   if (bytes_written == 0) {
--       // We added nothing. Remove the file
--       remove(MOTD_ESM_SERVICE_STATUS_MESSAGE_STATIC_PATH);
--   }
--}
 diff --git a/apt-hook/esm-templates.hh b/apt-hook/esm-templates.hh
 deleted file mode 100644
 index 26115f5..0000000
 --- a/apt-hook/esm-templates.hh
 +++ /dev/null
@@ -1,24 +0,0 @@
--#include <string>
--#include <vector>
--
--#define MOTD_ESM_SERVICE_STATUS_MESSAGE_STATIC_PATH      "/var/lib/ubuntu-advantage/messages/motd-esm-service-status"
--#define MOTD_APPS_NO_PKGS_TEMPLATE_PATH                  "/var/lib/ubuntu-advantage/messages/motd-no-packages-apps.tmpl"
--#define MOTD_INFRA_NO_PKGS_TEMPLATE_PATH                 "/var/lib/ubuntu-advantage/messages/motd-no-packages-infra.tmpl"
--#define MOTD_APPS_PKGS_TEMPLATE_PATH                     "/var/lib/ubuntu-advantage/messages/motd-packages-apps.tmpl"
--#define MOTD_INFRA_PKGS_TEMPLATE_PATH                    "/var/lib/ubuntu-advantage/messages/motd-packages-infra.tmpl"
--#define MOTD_APPS_PKGS_STATIC_PATH                       "/var/lib/ubuntu-advantage/messages/motd-packages-apps"
--#define MOTD_INFRA_PKGS_STATIC_PATH                      "/var/lib/ubuntu-advantage/messages/motd-packages-infra"
--#define APT_PRE_INVOKE_APPS_NO_PKGS_TEMPLATE_PATH        "/var/lib/ubuntu-advantage/messages/apt-pre-invoke-no-packages-apps.tmpl"
--#define APT_PRE_INVOKE_INFRA_NO_PKGS_TEMPLATE_PATH       "/var/lib/ubuntu-advantage/messages/apt-pre-invoke-no-packages-infra.tmpl"
--#define APT_PRE_INVOKE_APPS_PKGS_TEMPLATE_PATH           "/var/lib/ubuntu-advantage/messages/apt-pre-invoke-packages-apps.tmpl"
--#define APT_PRE_INVOKE_APPS_PKGS_STATIC_PATH             "/var/lib/ubuntu-advantage/messages/apt-pre-invoke-packages-apps"
--#define APT_PRE_INVOKE_INFRA_PKGS_TEMPLATE_PATH          "/var/lib/ubuntu-advantage/messages/apt-pre-invoke-packages-infra.tmpl"
--#define APT_PRE_INVOKE_INFRA_PKGS_STATIC_PATH            "/var/lib/ubuntu-advantage/messages/apt-pre-invoke-packages-infra"
--#define APT_PRE_INVOKE_MESSAGE_STATIC_PATH               "/var/lib/ubuntu-advantage/messages/apt-pre-invoke-esm-service-status"
--
--#define ESM_APPS_PKGS_COUNT_TEMPLATE_VAR "{ESM_APPS_PKG_COUNT}"
--#define ESM_APPS_PACKAGES_TEMPLATE_VAR "{ESM_APPS_PACKAGES}"
--#define ESM_INFRA_PKGS_COUNT_TEMPLATE_VAR "{ESM_INFRA_PKG_COUNT}"
--#define ESM_INFRA_PACKAGES_TEMPLATE_VAR "{ESM_INFRA_PACKAGES}"
--
--void process_all_templates();
 diff --git a/apt-hook/hook.cc b/apt-hook/hook.cc
 deleted file mode 100644
 index d8ec2e7..0000000
 --- a/apt-hook/hook.cc
 +++ /dev/null
@@ -1,35 +0,0 @@
--/*
-- * Copyright (C) 2018-2019 Canonical Ltd
-- * Author: Julian Andres Klode <juliank@ubuntu.com>
-- *
-- * This program is free software: you can redistribute it and/or modify
-- * it under the terms of the GNU General Public License as published by
-- * the Free Software Foundation, version 3 of the License.
-- *
-- * This package is distributed in the hope that it will be useful,
-- * but WITHOUT ANY WARRANTY; without even the implied warranty of
-- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- * GNU General Public License for more details.
-- *
-- * You should have received a copy of the GNU General Public License
-- * along with this program. If not, see <https://www.gnu.org/licenses/>.
-- *
--*/
--
--#include <libintl.h>
--#include <locale.h>
--
--#include "esm-templates.hh"
--
--int main(int argc, char *argv[])
--{
--   (void) argc;   // unused
--   (void) argv;   // unused
--
--   setlocale(LC_ALL, "");
--   textdomain("ubuntu-advantage");
--
--   process_all_templates();
--
--   return 0;
--}
 diff --git a/apt-hook/json-hook.cc b/apt-hook/json-hook.cc
 index a107a3e..1d36bd2 100644
 --- a/apt-hook/json-hook.cc
 +++ b/apt-hook/json-hook.cc
@@ -206,11 +206,11 @@ CloudID get_cloud_id() {
      CloudID ret = NONE;
      if (cloud_id_file.is_open()) {
          std::string cloud_id_str((std::istreambuf_iterator<char>(cloud_id_file)), (std::istreambuf_iterator<char>()));
--        if (cloud_id_str == "aws") {
++        if (cloud_id_str.find("aws") == 0) {
              ret = AWS;
--        } else if (cloud_id_str == "azure") {
++        } else if (cloud_id_str.find("azure") == 0) {
              ret = AZURE;
--        } else if (cloud_id_str == "gce") {
++        } else if (cloud_id_str.find("gce") == 0) {
              ret = GCE;
+         }
          cloud_id_file.close();
@@ -239,7 +239,6 @@ struct ESMContext {
  ESMContext get_esm_context() {
      CloudID cloud_id = get_cloud_id();
      bool is_x = is_xenial();
--    bool non_azure_cloud = cloud_id != NONE && cloud_id != AZURE;
      ESMContext ret;
      ret.context = "";
 diff --git a/debian/changelog b/debian/changelog
 index fff7487..29fcf04 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,41 @@
++ubuntu-advantage-tools (27.14~23.04.1) lunar; urgency=medium
++
++  * d/ubuntu-advantage-tools.{postinst,postrm,preinst}:
++    - migrate certain settings out of uaclient.conf to a new file managed by
++      the pro config subcommand (LP: #2004280)
++  * d/ubuntu-advantage-tools.postinst:
++    - refactor PREVIOUS_PKG_VER as a global variable
++    - simplify how we add notices
++  * New upstream release 27.14 (LP: #2011477)
++    - api: new u.unattended_upgrades.status.v1 endpoint for querying status of
++      unattended upgrades
++    - apt:
++      + remove legacy apt-hook
++      + deliver json apt-hook for interim releases
++      + fix cloud identification logic in json apt-hook
++      + make all calls to esm-cache isolated from system configuration
++        (LP: #2008280)
++      + only set up the esm cache on supported systems (LP: #2004018)
++    - fix:
++      + format the output to be more readable (LP: #1926182)
++      + add option to attach during a fix without a token
++      + verify if fixed version can be installed before trying (LP: #2006705)
++    - livepatch: show warning if current kernel is not supported
++    - locks: alert user about corrupted lock files (LP: #1996931)
++    - logging: logs are now formatted as jsonlines
++    - motd: remove esm-apps announcement
++    - notices: new representation on disk as separate files (LP: #1987738)
++    - realtime: remove ubuntu-realtime package on disablement
++    - status:
++      + removed contract info update check network call
++      + no longer includes warnings about notices when non-root (LP: #2006138)
++      + unattached status sends virt type to contract server for better
++        resource availability calculation
++    - timer jobs: add daily job to check for contract updates
++    - yaml: always import distro-provided pyyaml (LP: #2007234, LP: #2007241)
++
++ -- Grant Orndorff <grant.orndorff@canonical.com>  Mon, 13 Mar 2023 15:28:33 -0400
++
  ubuntu-advantage-tools (27.13.6~23.04.1) lunar; urgency=medium
    * apt-news:
 diff --git a/debian/rules b/debian/rules
 index 48a17d2..09d805c 100755
 --- a/debian/rules
 +++ b/debian/rules
@@ -66,11 +66,7 @@ override_dh_auto_install:
  	# We install the conf file even on non-LTS version to avoid issues on upgrade scenarios
  	make -C apt-hook DESTDIR=$(CURDIR)/debian/ubuntu-advantage-tools install-conf
--
--# Hooks will only be delivered on LTS instances
--ifeq (LTS,$(findstring LTS,$(VERSION)))
  	make -C apt-hook DESTDIR=$(CURDIR)/debian/ubuntu-advantage-tools install
--endif
  	# We want to guarantee that we are not shipping any conftest files
  	find $(CURDIR)/debian/ubuntu-advantage-tools -type f -name conftest.py -delete
 diff --git a/debian/ubuntu-advantage-tools.maintscript b/debian/ubuntu-advantage-tools.maintscript
 index a37d265..f4c89c9 100644
 --- a/debian/ubuntu-advantage-tools.maintscript
 +++ b/debian/ubuntu-advantage-tools.maintscript
@@ -3,3 +3,4 @@ rm_conffile /etc/update-motd.d/80-esm 19.1~ ubuntu-advantage-tools
  rm_conffile /etc/update-motd.d/80-livepatch 19.1~ ubuntu-advantage-tools
  rm_conffile /etc/cron.daily/ubuntu-advantage-tools 19.1~ ubuntu-advantage-tools
  rm_conffile /etc/init/ua-auto-attach.conf 20.2~ ubuntu-advantage-tools
++rm_conffile /etc/update-motd.d/88-esm-announce 27.14~ ubuntu-advantage-tools
 diff --git a/debian/ubuntu-advantage-tools.postinst b/debian/ubuntu-advantage-tools.postinst
 index 5551478..7d9d03e 100644
 --- a/debian/ubuntu-advantage-tools.postinst
 +++ b/debian/ubuntu-advantage-tools.postinst
@@ -57,6 +57,20 @@ APT_NEWS_FLAG_FILE="$UA_FLAGS_DIR/show-apt-news"
  TMP_CANDIDATE_CACHE_PATH="/tmp/ubuntu-advantage/candidate-version"
++NOTICES_DIR="/var/lib/ubuntu-advantage/notices"
++TEMP_NOTICES_DIR="/run/ubuntu-advantage/notices"
++
++add_notice() {
++    notice=$1
++    mkdir -p $NOTICES_DIR
++    touch $NOTICES_DIR/$notice
++}
++add_temp_notice() {
++    notice=$1
++    mkdir -p $TEMP_NOTICES_DIR
++    touch $TEMP_NOTICES_DIR/$notice
++}
++
  # Rename apt config files for ua services removing ubuntu release names
  redact_ubuntu_release_from_ua_apt_filenames() {
      DIR=$1
@@ -140,27 +154,15 @@ esm_apps_cleanup() {
  mark_reboot_for_fips_pro() {
      FIPS_HOLDS=$(apt-mark showholds | grep -E 'fips|libssl1|openssh-client|openssh-server|linux-fips|openssl|strongswan' || exit 0)
      if [ "$FIPS_HOLDS" ]; then
--       mark_reboot_cmds_as_needed FIPS_REBOOT_REQUIRED_MSG
++       mark_reboot_cmds_as_needed
++       add_temp_notice 20-fips_reboot_required
      fi
+ }
--
--add_notice() {
--    msg_name=$1
--    /usr/bin/python3 -c "
--from uaclient.config import UAConfig
--from uaclient.messages import ${msg_name}
--cfg = UAConfig(root_mode=True)
--cfg.notice_file.add(label='', description=${msg_name})
--"
--}
--
  mark_reboot_cmds_as_needed() {
--    msg_name=$1
      if [ ! -f "$REBOOT_CMD_MARKER_FILE" ]; then
        touch $REBOOT_CMD_MARKER_FILE
      fi
--    add_notice "$msg_name"
+ }
  patch_status_json_0_1_for_non_root() {
@@ -195,7 +197,7 @@ notify_wrong_fips_metapackage_on_cloud() {
      if echo "$cloud_id" | grep -E -q "^(azure|aws)"; then
        if echo "$fips_installed" | grep -E -q "installed"; then
--        add_notice NOTICE_WRONG_FIPS_METAPACKAGE_ON_CLOUD
++        add_notice 25-wrong_fips_metapackage_on_cloud
        fi
      fi
+ }
@@ -209,7 +211,6 @@ disable_new_timer_if_old_timer_already_disabled() {
      # then we will assume that the user would want the
      # ua-timer to be disabled as well. In that case, we will
      # disable the ua-timer here.
--    PREVIOUS_PKG_VER=$1
      # We should only perform this check on UA version that have the
      # ua-messaging.timer: 27.0 until 27.2. This will also guarantee
@@ -236,7 +237,6 @@ disable_new_timer_if_old_timer_already_disabled() {
+ }
  remove_old_systemd_units() {
--    PREVIOUS_PKG_VER=$1
      # These are the commands that are run when the package is purged.
      # Since we actually want to remove this service from now on
      # we have replicated that behavior here
@@ -282,12 +282,11 @@ create_public_machine_token_file() {
  from uaclient.files import MachineTokenFile
  machine_token_file = MachineTokenFile()
  content = machine_token_file.read()
--machine_token_file.write(content=content)
++machine_token_file.write(content)
+ "
+ }
  migrate_ubuntu_pro_beta_banner() {
--    PREVIOUS_PKG_VER=$1
      # This only shipped in 27.11.2~
      if dpkg --compare-versions "$PREVIOUS_PKG_VER" ge "27.11.2~" \
         && dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.11.3~"; then
@@ -302,6 +301,25 @@ migrate_ubuntu_pro_beta_banner() {
          fi
      fi
+ }
++migrate_old_notices(){
++    notices_file=/var/lib/ubuntu-advantage/notices.json
++    # only run if notices.json is present
++    if [ ! -f $notices_file ];then
++        return
++    fi
++
++    # This migration will happen for pro client versions <27.14 that still use notices.json.
++    # Notices are generally short lived, so the chances of an upgrade happening while a
++    # notice is in place is very small.
++    # Despite that we do a simple migration here of the most important notices: reboot required notices.
++    # All notices with "reboot" in them can be safely transformed into a generic reboot required message.
++    # The new message won't include the exact reason for the reboot, but the recommended action is the same.
++    if grep -q -i "reboot" $notices_file; then
++        add_temp_notice 10-reboot_required
++    fi
++    rm -f $notices_file
++}
++
  cleanup_candidate_version_stamp_permissions() {
      if [ -f $TMP_CANDIDATE_CACHE_PATH ]; then
@@ -315,6 +333,32 @@ cleanup_apt_news_flag_file() {
      fi
+ }
++cleanup_old_motd_files() {
++    rm -rf $UA_MESSAGES_DIR/motd*
++}
++
++migrate_user_config_post() {
++    # LP: #2004280
++    preinst_file="/etc/ubuntu-advantage/uaclient.conf.preinst-backup"
++    bkp_file="/etc/ubuntu-advantage/uaclient.conf.dpkg-bak"
++
++    if [ -f /etc/ubuntu-advantage/uaclient.conf.preinst-backup ]; then
++        # This script modifies the preinst-backup version of the file in-place
++        /usr/bin/python3 /usr/lib/ubuntu-advantage/migrate_user_config.py
++
++        if cmp --silent $preinst_file $bkp_file; then
++            # This should only happen if we failed to perform the migration.
++            # Therefore, there is no need to keep the backup file around
++            rm -f $bkp_file
++        fi
++
++        # Overwrite uaclient.conf with the now-migrated version from preinst
++        mv $preinst_file /etc/ubuntu-advantage/uaclient.conf
++        # just in case this temp file was left behind
++        rm -f /etc/ubuntu-advantage/uaclient.conf.preinst-backup-migrated-temp
++    fi
++}
++
  case "$1" in
      configure)
        PREVIOUS_PKG_VER=$2
@@ -343,7 +387,7 @@ case "$1" in
        # Repo for FIPS packages changed from old client
        if [ -f $FIPS_APT_SOURCE_FILE ]; then
          if grep -q $OLD_CLIENT_FIPS_PPA $FIPS_APT_SOURCE_FILE; then
--            add_notice FIPS_INSTALL_OUT_OF_DATE
++            add_notice 22-fips_install_out_of_date
          fi
        fi
@@ -369,7 +413,8 @@ case "$1" in
        if [ "$VERSION_ID" = "16.04" ]; then
          if echo "$PREVIOUS_PKG_VER" | grep -q "14.04"; then
--          mark_reboot_cmds_as_needed LIVEPATCH_LTS_REBOOT_REQUIRED
++          mark_reboot_cmds_as_needed
++          add_temp_notice 30-lp_lts_reboot_required
          fi
          if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.13~"; then
            # Clean any unauthenticated ESM infra files previously inserted
@@ -385,8 +430,8 @@ case "$1" in
        mark_reboot_for_fips_pro
        rm_old_license_check_marker
--      disable_new_timer_if_old_timer_already_disabled $PREVIOUS_PKG_VER
--      remove_old_systemd_units $PREVIOUS_PKG_VER
++      disable_new_timer_if_old_timer_already_disabled
++      remove_old_systemd_units
        /usr/lib/ubuntu-advantage/cloud-id-shim.sh || true
        # On old version of ubuntu-advantange-tools, we don't have a public
@@ -395,27 +440,25 @@ case "$1" in
        if [ -f $MACHINE_TOKEN_FILE ] && [ ! -f $PUBLIC_MACHINE_TOKEN_FILE ]; then
            create_public_machine_token_file
        fi
--      migrate_ubuntu_pro_beta_banner $PREVIOUS_PKG_VER
++      migrate_ubuntu_pro_beta_banner
        cleanup_candidate_version_stamp_permissions
        if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.13~"; then
            cleanup_apt_news_flag_file
        fi
--
--      # LP: #2003977
--      # The version gate is open ended, and should be closed when the apt_news
--      # configuration is moved away from a conffile.
--      if dpkg --compare-versions "$2" ge 27.11.3~; then
--          if [ -f /var/lib/ubuntu-advantage/preinst-detected-apt-news-disabled ]; then
--              # The preinst has left us a note to tell us that apt-news was
--              # previously disabled and should be re-disabled, so disable it
--              # and discard the note.
--              pro config set apt_news=false
--              rm /var/lib/ubuntu-advantage/preinst-detected-apt-news-disabled
--          fi
--          # Remove the conffile backup if it exists now that an error unwind is
--          # no longer possible
--          rm -f /etc/ubuntu-advantage/uaclient.conf.preinst-remove
++      if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.14~"; then
++          cleanup_old_motd_files
++          migrate_old_notices
++          migrate_user_config_post
++      fi
++
++      if grep -q "ua_config:" /etc/ubuntu-advantage/uaclient.conf; then
++          echo "Warning: uaclient.conf contains old ua_config field." >&2
++          echo "         Please do the following:" >&2
++          echo "         1. Run 'pro config set field=value' for each field/value pair" >&2
++          echo "            present under ua_config in /etc/ubuntu-advantage/uaclient.conf" >&2
++          echo "         2. Delete ua_config and all sub-fields in" >&2
++          echo "            /etc/ubuntu-advantage/uaclient.conf" >&2
        fi
        ;;
  esac
 diff --git a/debian/ubuntu-advantage-tools.postrm b/debian/ubuntu-advantage-tools.postrm
 index 3f69ce8..c1bcdf5 100644
 --- a/debian/ubuntu-advantage-tools.postrm
 +++ b/debian/ubuntu-advantage-tools.postrm
@@ -31,12 +31,9 @@ case "$1" in
          remove_gpg_files
          ;;
      abort-install|abort-upgrade)
--        # LP: #2003977
--        # The version gate is open ended, and should be closed when the
--        # apt_news configuration is moved away from a conffile.
--        if dpkg --compare-versions "$2" ge 27.11.3~; then
--            rm -f /var/lib/ubuntu-advantage/preinst-detected-apt-news-disabled
--            [ -f /etc/ubuntu-advantage/uaclient.conf.preinst-remove ] && mv /etc/ubuntu-advantage/uaclient.conf.preinst-remove /etc/ubuntu-advantage/uaclient.conf
++        # LP: #2004280
++        if dpkg --compare-versions "$2" lt "27.14~"; then
++            [ -f /etc/ubuntu-advantage/uaclient.conf.preinst-backup ] && mv /etc/ubuntu-advantage/uaclient.conf.preinst-backup /etc/ubuntu-advantage/uaclient.conf
          fi
          ;;
  esac
 diff --git a/debian/ubuntu-advantage-tools.preinst b/debian/ubuntu-advantage-tools.preinst
 index a45c602..f7270bb 100644
 --- a/debian/ubuntu-advantage-tools.preinst
 +++ b/debian/ubuntu-advantage-tools.preinst
@@ -2,100 +2,34 @@
  set -e
--remove_old_config_fields() {
--    PREVIOUS_PKG_VER="$1"
--    if dpkg --compare-versions "$PREVIOUS_PKG_VER" le "27.8"; then
--        if grep -q "^license_check_log_file:" /etc/ubuntu-advantage/uaclient.conf; then
--            sed -i '/^license_check_log_file:.*$/d' /etc/ubuntu-advantage/uaclient.conf || true
--        fi
--    fi
--}
--restore_previous_conffile() {
--    previous_pkg_version=$1
--    # Back up existing conffile in case of an error unwind
--    cp -a /etc/ubuntu-advantage/uaclient.conf /etc/ubuntu-advantage/uaclient.conf.preinst-remove
--
--    if dpkg --compare-versions "$previous_pkg_version" ge 27.13.1~; then
--      # Restore the default conffile that shipped with 27.13.X
--      cat > /etc/ubuntu-advantage/uaclient.conf <<EOT
--# Ubuntu Pro Client config file.
--# If you modify this file, run "pro refresh config" to ensure changes are
--# picked up by Ubuntu Pro Client.
--
--contract_url: https://contracts.canonical.com
--data_dir: /var/lib/ubuntu-advantage
--log_file: /var/log/ubuntu-advantage.log
--log_level: debug
--security_url: https://ubuntu.com/security
--timer_log_file: /var/log/ubuntu-advantage-timer.log
--daemon_log_file: /var/log/ubuntu-advantage-daemon.log
--ua_config:
--  apt_http_proxy: null
--  apt_https_proxy: null
--  http_proxy: null
--  https_proxy: null
--  update_messaging_timer: 21600
--  metering_timer: 14400
--EOT
--  else
--      # Restore the default conffile that shipped with 27.11.3 through 27.12
--      cat > /etc/ubuntu-advantage/uaclient.conf <<EOT
--# Ubuntu Pro Client config file.
--# If you modify this file, run "pro refresh config" to ensure changes are
--# picked up by Ubuntu Pro Client.
++migrate_user_config_pre() {
++    if [ ! -f /etc/ubuntu-advantage/uaclient.conf ]; then
++        return
++    fi
++    curr_conf_hash=$(md5sum /etc/ubuntu-advantage/uaclient.conf | awk '{print $1}')
++    expected_conf_hash=$(dpkg-query --showformat='${Conffiles}\n' --show ubuntu-advantage-tools | grep /etc/ubuntu-advantage/uaclient.conf | awk '{print $2}')
++
++    if [ "$curr_conf_hash" != "$expected_conf_hash" ]; then
++        # Back up existing conffile in case of an error unwind
++        cp -a /etc/ubuntu-advantage/uaclient.conf /etc/ubuntu-advantage/uaclient.conf.preinst-backup
++        # Create this backup in case the user has made some comments on the config file.
++        # In that way, the user can retrive them if they want to
++        cp -a /etc/ubuntu-advantage/uaclient.conf /etc/ubuntu-advantage/uaclient.conf.dpkg-bak
++        # Insert the new about-to-be-installed uaclient.conf to avoid conffile prompts
++        cat > /etc/ubuntu-advantage/uaclient.conf <<EOT
  contract_url: https://contracts.canonical.com
--data_dir: /var/lib/ubuntu-advantage
--log_file: /var/log/ubuntu-advantage.log
  log_level: debug
--security_url: https://ubuntu.com/security
--timer_log_file: /var/log/ubuntu-advantage-timer.log
--daemon_log_file: /var/log/ubuntu-advantage-daemon.log
--ua_config:
--  apt_http_proxy: null
--  apt_https_proxy: null
--  http_proxy: null
--  https_proxy: null
--  update_messaging_timer: 21600
--  update_status_timer: 43200
--  metering_timer: 14400
  EOT
--  fi
++    fi
+ }
  case "$1" in
      install|upgrade)
--        if [ -n "$2" ]; then
--            PREVIOUS_PKG_VER=$2
--            remove_old_config_fields "$PREVIOUS_PKG_VER"
--        fi
--
--        # LP: #2003977
--        # If the user used "pro config set apt_news=false|true" previously,
--        # then we don't want a conffile prompt if they haven't otherwise
--        # changed the conffile. In these two cases, restore the conffile back
--        # to how it shipped, and then fix up in postinst if required. The
--        # version gate is open ended, and should be closed when the apt_news
--        # configuration is moved away from a conffile.
--        if dpkg --compare-versions "$2" ge 27.11.3~; then
--            if [ -f /etc/ubuntu-advantage/uaclient.conf ]; then
--                conffile_hash=$(md5sum /etc/ubuntu-advantage/uaclient.conf|awk '{print $1}')
--                case "$conffile_hash" in
--                    038902993a843cac6cbe3efa4d1fcb92|f8049c664dff27e212a77aef514e4b64)
--                        # User had run "pro config set apt_news=false" with no other
--                        # conffile changes
--                        mkdir -p /var/lib/ubuntu-advantage
--                        touch /var/lib/ubuntu-advantage/preinst-detected-apt-news-disabled
--                        restore_previous_conffile $2
--                        ;;
--                    3b01d7406cbb4ba628a9ffa57485d324|d9971401a6409032b1c9069236040dc4)
--                        # User had run "pro config set apt_news=true" with no other
--                        # conffile changes
--                        restore_previous_conffile $2
--                        ;;
--                esac
--            fi
++        # LP: #2004280
++        if dpkg --compare-versions "$2" lt "27.14~"; then
++            migrate_user_config_pre
          fi
          ;;
  esac
 diff --git a/dev-docs/devdocs_styleguide.md b/dev-docs/devdocs_styleguide.md
 new file mode 100644
 index 0000000..818a189
 --- /dev/null
 +++ b/dev-docs/devdocs_styleguide.md
@@ -0,0 +1,152 @@
++# Documentation
++
++Our docs are hosted on [Read the Docs](https://readthedocs.com/). This page
++will explain how to contribute to the docs and build them locally.
++
++The documentation is *primarily* written in standard Markdown, but pages can
++be written in reStructuredText if you prefer.
++
++We also use the
++[MyST-Parser Sphinx extension](https://myst-parser.readthedocs.io/en/latest/intro.html).
++This causes all Markdown (.md) files to be parsed as MyST, and
++[enables the use of directives](https://myst-parser.readthedocs.io/en/latest/syntax/roles-and-directives.html),
++which can be awkward to achieve in standard Markdown.
++
++## Building the docs
++
++To build the docs for Ubuntu Pro Client, you can use a `tox` command. You can
++install `tox` on your machine by running the `make test` command. Once tox is
++installed, just run the command:
++
++```
++$ tox -e docs
++```
++
++The command will generate the HTML pages inside `docs/build`. The makefile
++target will build the documentation for you using Sphinx.
++
++Once built, the HTML files will be viewable in `docs/build/html/`. Use your web
++browser to open `index.html` to preview the site.
++
++## Style guide
++
++We use the [Canonical style guide](https://docs.ubuntu.com/styleguide/en) in
++our documentation, which is summarised below -- with a few additions relevant
++to our docs.
++
++### Language
++
++Where possible, text should be written in UK English. However, discretion and
++common sense can both be applied. For example, where text refers to code
++elements that exist in US English, the spelling of these elements should not
++be changed to UK English.
++
++### Voice
++
++Try to use active voice where possible, rather than the passive voice. The
++active voice is generally more concise and easier to read. As an example, you
++could say "we recommend" (active) rather than "it is recommended that"
++(passive).
++
++### Headings
++
++Headings should be written in sentence case. This means that only the first
++letter is capitalised (unless the header text refers to e.g., a product name
++that would normally be capitalised, such as "Ubuntu Pro Client").
++
++Ensure that you do not skip header levels when creating your document
++structure, i.e., that a section is followed by a subsection, and not a
++sub-subsection. Skipping header levels can lead to de-ranking of pages in
++search engines.
++
++Try to craft your headings to be descriptive, but as short as possible, to help
++readers understand what content to expect if they click on it.
++
++### Line length
++
++Please keep the line lengths to a maximum of **79** characters. This ensures
++that the pages and tables do not get so wide that side scrolling is required.
++
++### Links
++
++Where possible, use contextual text in your links to aid users with screen
++readers and other accessibility tools. For example, "check out our
++[documentation style guide](#links) is preferable to "click
++[here](#links) for more".
++
++### Code blocks
++
++Our documentation uses the
++[Sphinx extension "sphinx-copybutton"](https://sphinx-copybutton.readthedocs.io/en/latest/),
++which creates a small button on the right-hand side of code blocks for users to
++copy the code snippets we provide.
++
++The copied code will strip out any prompt symbols so that users can
++paste commands directly into their terminal. For user convenience, please
++ensure that if you show any code output, it is presented in a separate code
++block to the commands.
++
++Please also specify the language used in your code block, to make sure it
++renders with the correct syntax highlighting.
++
++### Vertical whitespace
++
++One newline between each section helps ensure readability of the documentation
++source code. Keeping paragraphs relatively short (up to ~5-6 sentences) aids in
++keeping the text readable when rendered to a web page. Some rST elements also
++require an empty newline before and after, so for consistency, ensure that all
++elements (tables, images, headers, etc) have a newline before and after.
++
++### Acronyms and jargon
++
++Acronyms are always capitalised (e.g., JSON, YAML, QEMU, LXD) in text.
++
++The first time an acronym is used on a page, it is best practice to introduce
++it by showing the expanded name followed by the acronym in parentheses. E.g.,
++Quick EMUlator (QEMU). If the acronym is *very* common (e.g., URL, HTTP), or
++you provide a link to a documentation page with these details, you do not need
++to include them.
++
++Avoid using jargon unless absolutely necessary, to keep our documentation
++accessible to as wide a range of users as possible. If jargon is unavoidable,
++consider including brief explanations to help the user keep up with the
++material.
++
++### Admonitions and callouts
++
++Notes, warnings, or other information you wish to draw the reader's attention
++to can be called out in an admonition block. If you are writing your code in
++Markdown, this is where the MyST extension comes in handy. Here is an example:
++
++````
++  ```{note}
++  The options are: note, important, hint, seealso, tip, attention, caution,
++  warning, danger, and error.
++  ```{warning}
++  Although it's possible to nest admonitions inside each other, it's better to
++  avoid doing that unless it's strictly necessary!
++  ```
++````
++
++```{note}
++The options are: note, important, hint, seealso, tip, attention, caution,
++warning, danger, and error.
++```{warning}
++Although it's possible to nest admonitions inside each other, it's better to
++avoid doing that unless it's strictly necessary!
++```
++
++## Organisation
++
++We follow the [principles of Diataxis](https://diataxis.fr/) in our
++documentation. When writing new docs, try to consider the purpose of the
++document and how the reader will probably use it. This will help you to decide
++which section it belongs in.
++
++### Getting advice
++
++If you are in any doubt, please contact our team's
++[Technical Author (Sally)](https://github.com/s-makin) for guidance. If you
++would like her to review any documentation, she would be very happy to help!
++Please also tag her as a reviewer on any PR that contains documentation
++elements.
 diff --git a/dev-docs/howtoguides/building.md b/dev-docs/howtoguides/building.md
 index 084a3a1..17be892 100644
 --- a/dev-docs/howtoguides/building.md
 +++ b/dev-docs/howtoguides/building.md
@@ -30,7 +30,7 @@ bash ./tools/setup_sbuild.sh
  debuild -S
  sbuild --dist=<target> ../ubuntu-advantage-tools_*.dsc
  # emulating different architectures in sbuild-launchpad-chroot
--sbuild-launchpad-chroot create --architecture="riscv64" "--name=focal-riscv64" "--series=focal
++sbuild-launchpad-chroot create --architecture="riscv64" "--name=focal-riscv64" "--series=focal"
  ```
  > **Note**
 diff --git a/dev-docs/howtoguides/detach_pro_instances.md b/dev-docs/howtoguides/detach_pro_instances.md
 new file mode 100644
 index 0000000..5bbf541
 --- /dev/null
 +++ b/dev-docs/howtoguides/detach_pro_instances.md
@@ -0,0 +1,25 @@
++# How to permanently detach Pro instances
++
++## TL;DR
++
++1. Modify the client configuration file, normally `/etc/ubuntu-advantage/uaclient.conf`,
++to contain:
++
++    ```yaml
++    features:
++      disable_auto_attach: true
++    ```
++
++2. Perform a `sudo pro detach --assume-yes`.
++
++## Explanation
++
++On Pro instances, a `pro detach` won't permanently detach them as,
++the instance will be reauto-attached on the next boot (on non GCE instances)
++or immediately (on GCE instances due to the daemon).
++
++The config in step 1 will prevent the [daemon](../../systemd/ubuntu-advantage.service)
++and the a [service](../../systemd/ua-auto-attach.service) at next boot to auto-reattach.
++
++If you want to allow the instance to reauto attach by itself, then remove or set to false
++`disable_auto_attach` in the configuration file.
 diff --git a/dev-docs/howtoguides/testing.md b/dev-docs/howtoguides/testing.md
 index f7872b8..fb0519a 100644
 --- a/dev-docs/howtoguides/testing.md
 +++ b/dev-docs/howtoguides/testing.md
@@ -16,6 +16,11 @@ Refresh your terminal to make sure pyenv is working. Then you can run the unit a
  tox
  ```
++> **Note**
++> There are a number of `autouse` mocks in our unit tests. These are intended to prevent accidental side effects on the host system from running the unit tests, as well as prevent leaks of the system environment into the unit tests.
++> One such `autouse` mock tells the unit tests that they are run as root (unless the mock is overriden for a particular test).
++> These `autouse` mocks have helped, but may not be preventing all side effects or environment leakage.
++
  The client also includes built-in dep8 tests. These are run as follows:
  ```shell
 diff --git a/docs/_static/css/custom.css b/docs/_static/css/custom.css
 new file mode 100644
 index 0000000..49efd28
 --- /dev/null
 +++ b/docs/_static/css/custom.css
@@ -0,0 +1,240 @@
++/** Fix the font weight (300 for normal, 400 for slightly bold) **/
++/** Should be 100 for all headers, 400 for normal text  **/
++
++h1, h2, h3, h4, h5, h6, .sidebar-tree .current-page>.reference, button, input, optgroup, select, textarea, th.head {
++    font-weight: 200;
++}
++
++.toc-title {
++    font-weight: 400;
++}
++
++div.page, li.scroll-current>.reference, dl.glossary dt, dl.simple dt, dl:not([class]) dt {
++    font-weight: 300;
++    line-height: 1.5;
++    font-size: var(--font-size--normal);
++}
++
++
++/** Side bars (side-bar tree = left, toc-tree = right) **/
++div.sidebar-tree {
++    font-weight: 200;
++    line-height: 1.5;
++    font-size: var(--font-size--normal);
++}
++
++div.toc-tree {
++    font-weight: 200;
++    font-size: var(--font-size--medium);
++    line-height: 1.5;
++}
++
++.sidebar-tree .toctree-l1>.reference, .toc-tree li.scroll-current>.reference {
++    font-weight: 400;
++}
++
++/** List styling   **/
++ol, ul {
++    margin-bottom: 1.5rem;
++    margin-left: 1rem;
++    margin-top: 0;
++    padding-left: 1rem;
++}
++
++/** Table styling **/
++
++th.head {
++    text-transform: uppercase;
++    font-size: var(--font-size--small);
++}
++
++table.docutils {
++    border: 0;
++    box-shadow: none;
++    width:100%;
++}
++
++table.docutils td, table.docutils th, table.docutils td:last-child, table.docutils th:last-child, table.docutils td:first-child, table.docutils th:first-child {
++    border-right: none;
++    border-left: none;
++}
++
++/* center align table cells with ":-:" */
++td.text-center {
++    text-align: center;
++}
++
++/** No rounded corners **/
++
++.admonition, code.literal, .sphinx-tabs-tab, .sphinx-tabs-panel, .highlight {
++    border-radius: 0;
++}
++
++/** code blocks and literals **/
++code.docutils.literal.notranslate, .highlight pre, pre.literal-block {
++    font-size: var(--font-size--medium);
++}
++
++
++/** Admonition styling **/
++
++.admonition {
++    font-size: var(--font-size--medium);
++    box-shadow: none;
++}
++
++/** Styling for links **/
++/* unvisited link */
++a:link {
++    color: #06c;
++    text-decoration: none;
++}
++
++/* visited link */
++a:visited {
++    color: #7d42b8;
++    text-decoration: none;
++}
++
++/* mouse over link */
++a:hover {
++    text-decoration: underline;
++}
++
++/* selected link */
++a:active {
++    text-decoration: underline;
++}
++
++a.sidebar-brand.centered {
++    text-decoration: none;
++}
++
++/** Color for the "copy link" symbol next to headings **/
++
++a.headerlink {
++    color: var(--color-brand-primary);
++}
++
++/** Line to the left of the current navigation entry **/
++
++.sidebar-tree li.current-page {
++    border-left: 2px solid var(--color-brand-primary);
++}
++
++/** Some tweaks for issue #16 **/
++
++[role="tablist"] {
++    border-bottom: 1px solid var(--color-sidebar-item-background--hover);
++}
++
++.sphinx-tabs-tab[aria-selected="true"] {
++    border: 0;
++    border-bottom: 2px solid var(--color-brand-primary);
++    background-color: var(--color-sidebar-item-background--current);
++    font-weight:300;
++}
++
++.sphinx-tabs-tab{
++    color: var(--color-brand-primary);
++    font-weight:300;
++}
++
++.sphinx-tabs-panel {
++    border: 0;
++    border-bottom: 1px solid var(--color-sidebar-item-background--hover);
++    background: var(--color-background-primary);
++}
++
++button.sphinx-tabs-tab:hover {
++    background-color: var(--color-sidebar-item-background--hover);
++}
++
++/** Custom classes to fix scrolling in tables by decreasing the
++    font size or breaking certain columns.
++    Specify the classes in the Markdown file with, for example:
++    ```{rst-class} break-col-4 min-width-4-8
++    ```
++**/
++
++table.dec-font-size {
++    font-size: smaller;
++}
++table.break-col-1 td.text-left:first-child {
++    word-break: break-word;
++}
++table.break-col-4 td.text-left:nth-child(4) {
++    word-break: break-word;
++}
++table.min-width-1-15 td.text-left:first-child {
++    min-width: 15em;
++}
++table.min-width-4-8 td.text-left:nth-child(4) {
++    min-width: 8em;
++}
++
++/** Underline for abbreviations **/
++
++abbr[title] {
++    text-decoration: underline solid #cdcdcd;
++}
++
++/** Use the same style for right-details as for left-details **/
++.bottom-of-page .right-details {
++    font-size: var(--font-size--small);
++    display: block;
++}
++
++/** Version switcher */
++button.version_select {
++  color: var(--color-foreground-primary);
++  background-color: var(--color-toc-background);
++  padding: 5px 10px;
++  border: none;
++}
++
++.version_select:hover, .version_select:focus {
++    background-color: var(--color-sidebar-item-background--hover);
++}
++
++.version_dropdown {
++  position: relative;
++  display: inline-block;
++  text-align: right;
++  font-size: var(--sidebar-item-font-size);
++}
++
++.available_versions {
++  display: none;
++  position: absolute;
++  right: 0px;
++  background-color: var(--color-toc-background);
++  box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.2);
++  z-index: 11;
++}
++
++.available_versions a {
++  color: var(--color-foreground-primary);
++  padding: 12px 16px;
++  text-decoration: none;
++  display: block;
++}
++
++.available_versions a:hover {background-color: var(--color-sidebar-item-background--current)}
++
++.show {display:block;}
++
++/** Fix for nested numbered list - the nested list is lettered **/
++ol.arabic ol.arabic {
++  list-style: lower-alpha;
++}
++
++/** Make expandable sections look like links **/
++details summary {
++    color: var(--color-link);
++}
++
++/** Context links at the bottom of the page **/
++footer {
++    font-size: var(--font-size--medium);
++}
 diff --git a/docs/_static/css/github_issue_links.css b/docs/_static/css/github_issue_links.css
 index d72a145..af4be86 100644
 --- a/docs/_static/css/github_issue_links.css
 +++ b/docs/_static/css/github_issue_links.css
@@ -4,4 +4,21 @@
  .github-issue-link {
      font-size: var(--font-size--small);
      font-weight: bold;
++    background-color: #DD4814;
++    padding: 13px 23px;
++    text-decoration: none;
++}
++.github-issue-link:link {
++    color: #FFFFFF;
++}
++.github-issue-link:visited {
++    color: #FFFFFF
++}
++.muted-link.github-issue-link:hover {
++    color: #FFFFFF;
++    text-decoration: underline;
++}
++.github-issue-link:active {
++    color: #FFFFFF;
++    text-decoration: underline;
+ }
 diff --git a/docs/_static/js/github_issue_links.js b/docs/_static/js/github_issue_links.js
 index 162706a..e449b4e 100644
 --- a/docs/_static/js/github_issue_links.js
 +++ b/docs/_static/js/github_issue_links.js
@@ -4,7 +4,7 @@ window.onload = function() {
      link.classList.add("github-issue-link");
      link.text = "Have a question?";
      link.href = (
--        "https://github.com/canonical/ubuntu-advantage-client/issues/new?"
++        "https://github.com/canonical/ubuntu-pro-client/issues/new?"
          + "title=docs%3A+TYPE+YOUR+QUESTION+HERE"
          + "&body=*Please describe the question or issue you're facing with "
          + `"${document.title}"`
 diff --git a/docs/conf.py b/docs/conf.py
 index a803a70..8dd4d59 100644
 --- a/docs/conf.py
 +++ b/docs/conf.py
@@ -14,18 +14,20 @@
  # import sys
  # sys.path.insert(0, os.path.abspath('.'))
++import datetime
  # -- Project information -----------------------------------------------------
  project = "Ubuntu Pro Client"
--copyright = "2022, Canonical Ltd."
--
++author = "Canonical Group Ltd"
++copyright = "%s, %s" % (datetime.date.today().year, author)
  # -- General configuration ---------------------------------------------------
  # Add any Sphinx extension module names here, as strings. They can be
  # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
  # ones.
++
  extensions = [
      "myst_parser",
      "sphinx_copybutton",
@@ -33,26 +35,62 @@ extensions = [
+ ]
  # Add any paths that contain templates here, relative to this directory.
++
  templates_path = ["_templates"]
  # List of patterns, relative to source directory, that match files and
  # directories to ignore when looking for source files.
  # This pattern also affects html_static_path and html_extra_path.
++
  exclude_patterns = []
  # It seems we need to request creation of automatic anchors for our headings.
  # Setting to 2 because that's what we need now.
  # If referencing any heading of lesser importance, adjust here.
--myst_heading_anchors = 2
++
++myst_heading_anchors = 3
  # -- Options for HTML output -------------------------------------------------
  # The theme to use for HTML and HTML Help pages.  See the documentation for
--# a list of builtin themes.
--#
++# a list of builtin themes:
++# https://www.sphinx-doc.org/en/master/usage/configuration.html#options-for-html-output
++
  html_theme = "furo"
  html_logo = "_static/circle_of_friends.png"
++html_theme_options = {
++    "light_css_variables": {
++        "color-sidebar-background-border": "none",
++        "font-stack": "Ubuntu, -apple-system, Segoe UI, Roboto, Oxygen, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif",
++        "font-stack--monospace": "Ubuntu Mono variable, Ubuntu Mono, Consolas, Monaco, Courier, monospace",
++        "color-foreground-primary": "#111",
++        "color-foreground-secondary": "var(--color-foreground-primary)",
++        "color-foreground-muted": "#333",
++        "color-background-secondary": "#FFF",
++        "color-background-hover": "#f2f2f2",
++        "color-brand-primary": "#111",
++        "color-brand-content": "#06C",
++        "color-inline-code-background": "rgba(0,0,0,.03)",
++        "color-sidebar-link-text": "#111",
++        "color-sidebar-item-background--current": "#ebebeb",
++        "color-sidebar-item-background--hover": "#f2f2f2",
++        "sidebar-item-line-height": "1.3rem",
++        "color-link-underline": "var(--color-background-primary)",
++        "color-link-underline--hover": "var(--color-background-primary)",
++    },
++    "dark_css_variables": {
++        "color-foreground-secondary": "var(--color-foreground-primary)",
++        "color-foreground-muted": "#CDCDCD",
++        "color-background-secondary": "var(--color-background-primary)",
++        "color-background-hover": "#666",
++        "color-brand-primary": "#fff",
++        "color-brand-content": "#06C",
++        "color-sidebar-link-text": "#f7f7f7",
++        "color-sidebar-item-background--current": "#666",
++        "color-sidebar-item-background--hover": "#333",
++    },
++}
  # Add any paths that contain custom static files (such as style sheets) here,
  # relative to this directory. They are copied after the builtin static files,
@@ -62,6 +100,7 @@ html_static_path = ["_static"]
  html_css_files = [
      "css/logo.css",
      "css/github_issue_links.css",
++    "css/custom.css"
+ ]
  html_js_files = [
      "js/github_issue_links.js",
 diff --git a/docs/explanations.rst b/docs/explanations.rst
 index e27f11f..a424451 100644
 --- a/docs/explanations.rst
 +++ b/docs/explanations.rst
@@ -5,11 +5,50 @@ Our explanatory and conceptual guides are written to provide a better
  understanding of how the Ubuntu Pro Client (``pro``) works. They enable you
  to expand your knowledge and become better at using and configuring ``pro``.
--Explanation
--===========
++Messaging
++=========
++
++Here you'll find details about Ubuntu Pro Client-related APT and MOTD messages
++-- what they are, when they are used and how they work.
  ..  toctree::
      :maxdepth: 1
--    :glob:
--    explanations/*
++    Pro-related APT messages <explanations/apt_messages.md>
++    Pro-related MOTD messages <explanations/motd_messages.md>
++
++Commands
++========
++
++Some of the commands in ``pro`` do more than you think. Here we'll show you a
++selection of some of the commands -- what they do, and how they work.
++
++..  toctree::
++    :maxdepth: 1
++
++    explanations/how_to_interpret_the_security_status_command.md
++    explanations/status_columns.md
++    explanations/what_refresh_does.md
++
++Public Cloud Ubuntu Pro
++=======================
++
++Here we talk about Ubuntu Pro images for AWS, Azure and GCP, and the related
++tooling: the ``ubuntu-advantage-pro`` package.
++
++..  toctree::
++    :maxdepth: 1
++
++    explanations/what_are_ubuntu_pro_cloud_instances.md
++    explanations/what_is_the_ubuntu_advantage_pro_package.md
++
++Other Pro features explained
++============================
++
++..  toctree::
++    :maxdepth: 1
++
++    explanations/what_are_the_timer_jobs.md
++    explanations/what_is_the_daemon.md
++    explanations/why_trusty_is_no_longer_supported.md
++    explanations/errors_explained.md
 diff --git a/docs/explanations/apt_messages.md b/docs/explanations/apt_messages.md
 index 2201442..d4e62ef 100644
 --- a/docs/explanations/apt_messages.md
 +++ b/docs/explanations/apt_messages.md
@@ -1,131 +1,155 @@
--# Ubuntu Pro related APT messages
++# Ubuntu Pro-related APT messages
--When running some APT commands, you might see Ubuntu Pro related messages on
++When running some APT commands, you might see Ubuntu Pro-related messages in
  the output of those commands. Currently, we deliver those messages when
--running either `apt-get upgrade` or `apt-get dist-upgrade` commands. The scenarios
++running either `apt upgrade` or `apt dist-upgrade`. The scenarios
  where we deliver those messages are:
--* **ESM series with esm-infra service disabled**: When you are running a machine
--  with an ESM series, like Xenial, we advertise the `esm-infra` service if packages could
--  be upgraded by enabling the service:
--
--  ```
--  Reading package lists... Done
--  Building dependency tree
--  Reading state information... Done
--  Calculating upgrade... Done
--  The following package was automatically installed and is no longer required:
--    libfreetype6
--    Use 'apt autoremove' to remove it.
--  Get more security updates through Ubuntu Pro with 'esm-infra' enabled
--    libpam0g libpam-modules openssl ntfs-3g git-man libsystemd0 squashfs-tools git openssh-sftp-server udev libpam-runtime isc-dhcp-common libx11-6 libudev1 apport python3-apport systemd-sysv liblz4-1 libpam-systemd systemd libpam-modules-bin openssh-server libx11-data openssh-client libxml2 curl isc-dhcp-client python3-problem-report libcurl3-gnutls libssl1.0.0
--  Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04
--  ```
--
--  Note that the ESM message is located in the middle of the `apt-get` command output. Additionally,
--  if there are no packages to upgrade at the moment, we would instead deliver:
--
--  ```
--  Receive additional future security updates with Ubuntu Pro.
--  Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04
--  ```
--
--  ```{note}
--  If the user is using a LTS series instead, we will advertise `esm-apps`.
--  ```
--
--* **esm package count**: If both ESM services are enabled on the system,
--  we deliver a package count related to each service near the end of the `apt-get` command:
--
--  ```
--  1 standard LTS security update, 29 esm-infra security updates and 8 esm-apps security updates
--  ```
--
--  We only deliver that message if the service is enabled and we did upgrade packages related
--  to it. For example, if we had no `esm-infra` package upgrades, the message would be:
--
--  ```
--  1 standard LTS security update and 8 esm-apps security updates
--  ```
--
--* **expired contract**: If we detect that your contract is expired, we will deliver the following
--  message advertising `esm-infra` in the middle of the `apt` command:
--
--  ```
--  *Your Ubuntu Pro subscription has EXPIRED*
--  Get more security updates through Ubuntu Pro with 'esm-infra' enabled
--    libpam0g libpam-modules openssl ntfs-3g git-man libsystemd0 squashfs-tools git openssh-sftp-server udev libpam-runtime isc-dhcp-common libx11-6 libudev1 apport python3-apport systemd-sysv liblz4-1 libpam-systemd systemd libpam-modules-bin openssh-server libx11-data openssh-client libxml2 curl isc-dhcp-client python3-problem-report libcurl3-gnutls libssl1.0.0
--  Renew your service at https://ubuntu.com/pro
--  ```
++## ESM series with esm-infra service disabled
++
++When you run `apt upgrade` on an ESM release, like Xenial, we advertise
++the `esm-infra` service if packages could be upgraded by enabling the service:
++
++```
++Reading package lists... Done
++Building dependency tree
++Reading state information... Done
++Calculating upgrade... Done
++The following package was automatically installed and is no longer required:
++  libfreetype6
++  Use 'apt autoremove' to remove it.
++The following security updates require Ubuntu Pro with 'esm-infra' enabled:
++  libpam0g libpam-modules openssl ntfs-3g git-man libsystemd0 squashfs-tools git openssh-sftp-server udev libpam-runtime isc-dhcp-common libx11-6 libudev1 apport python3-apport systemd-sysv liblz4-1 libpam-systemd systemd libpam-modules-bin openssh-server libx11-data openssh-client libxml2 curl isc-dhcp-client python3-problem-report libcurl3-gnutls libssl1.0.0
++Learn more about Ubuntu Pro for 16.04 at https://ubuntu.com/16-04
++```
++
++## LTS series with esm-apps service disabled
++
++When you are running `apt upgraded` on a LTS release, like Focal, we advertise
++the `esm-apps` service if packages could be upgraded by enabling the service:
++
++```
++Reading package lists... Done
++Building dependency tree
++Reading state information... Done
++Calculating upgrade... Done
++The following package was automatically installed and is no longer required:
++  libfreetype6
++Use 'apt autoremove' to remove it.
++Get more security updates through Ubuntu Pro with 'esm-apps' enabled:
++  adminer editorconfig ansible
++Learn more about Ubuntu Pro at https://ubuntu.com/pro
++0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
++```
++
++## ESM package count
++
++If both ESM services are enabled on the system, we deliver a package count
++related to each service near the end of the `apt` command:
++
++```
++1 standard LTS security update, 29 esm-infra security updates and 8 esm-apps security updates
++```
++
++We only deliver this message if the service is enabled *and* we upgraded
++packages related to it. For example, if we had no `esm-infra` package upgrades,
++the message would be:
++
++```
++1 standard LTS security update and 8 esm-apps security updates
++```
++
++## Expired contract
++
++If we detect that your contract is expired, we will deliver the following
++message advertising `esm-infra` in the middle of the `apt upgrade` command:
++
++```
++#
++# *Your Ubuntu Pro subscription has EXPIRED*
++# 10 additional security update(s) require Ubuntu Pro with '{service}' enabled.
++# Renew your service at https://ubuntu.com/pro
++#
++```
--  Note that if we don't have any package to upgrade related to `esm-infra`, we would deliver instead
--  the message:
--
--  ```
--  *Your Ubuntu Pro subscription has EXPIRED*
--  Renew your service at https://ubuntu.com/pro
--  ```
--
--* **contract is about to expire**: Similarly, if we detect that your contract is about to expire,
--  we deliver the following message in the middle of the `apt-get` command:
--
--  ```
--  CAUTION: Your Ubuntu Pro subscription will expire in 2 days.
--  Renew your subscription at https://ubuntu.com/pro to ensure continued security
--  coverage for your applications.
--  ```
--
--* **contract expired, but in grace period**: Additionally, if we detect that the contract is
--  expired, but still in the grace period, the following message will be seen in the middle
--  of the `apt-get` command:
--
--  ```
--  CAUTION: Your Ubuntu Pro subscription expired on 10 Sep 2021.
--  Renew your subscription at https://ubuntu.com/pro to ensure continued security
--  coverage for your applications.
--  Your grace period will expire in 8 days.
--  ```
++If we don't have any `esm-infra`-related packages to upgrade, we would show the
++following message instead:
--```{note}
--For contract expired messages, we only advertise `esm-infra`.
++```
++#
++# *Your Ubuntu Pro subscription has EXPIRED*
++# Renew your service at https://ubuntu.com/pro
++#
++```
++
++## Contract is about to expire
++
++Similarly, if we detect that your contract is about to expire, we deliver the
++following message in the middle of the `apt` command:
++
++```
++#
++# CAUTION: Your Ubuntu Pro subscription will expire in 2 days.
++# Renew your subscription at https://ubuntu.com/pro to ensure continued
++# security coverage for your applications.
++#
++```
++
++## Contract has expired, but still in grace period
++
++Additionally, if we detect that the contract has expired, but is still in the
++grace period, the following message will be seen in the middle of the `apt`
++command output:
++
++```
++#
++# CAUTION: Your Ubuntu Pro subscription expired on 10 Sep 2021.
++# Renew your subscription at https://ubuntu.com/pro to ensure continued
++# security coverage for your applications.
++# Your grace period will expire in 11 days.
++#
  ```
++## How are the APT messages generated?
--## How are the APT messages generated
++We have two distinct `apt` hooks that allow us to deliver these messages when
++you run `apt upgrade` or `apt dist-upgrade`. They are:
--We have two distinct `apt` hooks that allow us to deliver those messages when you
--are running `apt-get upgrade` or `apt-get dist-upgrade`, they are:
++### `apt-esm-hook`
--* **apt-esm-hook**: Responsible for delivering the contract expired and ESM services
--  advertising. However, the messaging here is created by two distinct steps:
++Responsible for populating templates with accurate package counts (i.e. the package
++count we see on the Expired contract messages).
++However, the messaging here is created by two distinct steps:
--  1. Our [update_messages](what_are_the_timer_jobs.md) timer job create templates for
--     the APT messages this hook will deliver. We cannot create the full message on the
--     timer job, because we need the accurate package names and count. That information
--     can only be obtained when running the `apt-get` command.
++1. Our [update_messages](what_are_the_timer_jobs.md) timer job creates
++   templates for the APT messages this hook will deliver. We cannot create the
++   full message on the timer job, because we need the accurate package names
++   and count. This information can only be obtained when running the `apt`
++   command.
--     ```{note}
--     These templates will only be produced if some conditions are met. For example,
--     we only produce expired contract templates if the contracts are indeed expired.
--     ```
++   ```{note}
++   These templates will only be produced if certain conditions are met. For
++   example, we only produce "expired contract" templates if the contracts are
++   indeed expired.
++   ```
--  2. When you run either `apt-get upgrade` or `apt-get dist-upgrade`, the hook searches
--     for these templates and if they exist, they are populated with the right `apt`
--     content and delivered to the user.
++2. When you run either `apt upgrade` or `apt dist-upgrade`, the hook
++   searches for these templates and if they exist, they are populated with the
++   correct `apt` content and delivered to the user.
--* **apt-esm-json-hook**: The json hook is responsible for delivering the package count
--  message we mentioned on the `esm package count` item. This hook is used because
--  to inject that message on the exact place we want, we need to use a specific apt`
--  [json hook](https://salsa.debian.org/apt-team/apt/-/blob/main/doc/json-hooks-protocol.md)
--  to communicate with.
++### `apt-esm-json-hook`
++The JSON hook is responsible for delivering the rest of the message we have presented here.
++This hook is used to inject the message in the exact place we want, so we need to use a specific `apt`
++[JSON hook](https://salsa.debian.org/apt-team/apt/-/blob/main/doc/json-hooks-protocol.md)
++to communicate with it.
  ```{note}
  Those hooks are only delivered on LTS releases. This is because the hooks will
  not deliver useful messages on non-LTS due to lack of support for ESM services.
  ```
--## How are APT configured to deliver those messages
++## How are APT configured to deliver those messages?
  We currently ship the package the `20apt-esm-hook.conf` configuration that
  configures both the basic apt hooks to call our `apt-esm-hook` binary, and also
 diff --git a/docs/explanations/errors_explained.md b/docs/explanations/errors_explained.md
 new file mode 100644
 index 0000000..6739e8b
 --- /dev/null
 +++ b/docs/explanations/errors_explained.md
@@ -0,0 +1,101 @@
++# Errors you may encounter and their meaning
++
++If you encounter an error or warning message from Pro Client that you don't understand and cannot find it in this document, please click "Have a question?" at the top of the page and let us know so that we can add it.
++
++## User Configuration Migration in version 27.14
++
++Version 27.14 of Ubuntu Pro Client changed how some user configuration settings are stored on disk. It moved several settings out of `/etc/ubuntu-advantage/uaclient.conf` and into a file managed solely by the `pro config {set,unset,show}` subcommands.
++
++Most settings should've gotten automatically migrated to the new file when Pro Client upgraded. If something failed you may see one of the following messages:
++
++### Migration error 1
++**Error message:**
++```
++Warning: Failed to load /etc/ubuntu-advantage/uaclient.conf
++         No automatic migration will occur.
++         You may need to use "pro config set" to re-set your settings.
++```
++
++**Where you'll see it:**
++
++During an `apt upgrade` or `apt install ubuntu-advantage-tools`
++
++**What does it mean:**
++
++This means that `/etc/ubuntu-advantage/uaclient.conf` was unable to be read or unable to be parsed as yaml during the migration.
++
++**What you can do about it:**
++
++Check the contents of `/etc/ubuntu-advantage/uaclient.conf`.
++1. Ensure it is valid yaml
++2. For any setting that is nested under `ua_config`:
++  - If you modified the value in the past: run `pro config set field_name=your_custom_value`
++  - delete the setting from `/etc/ubuntu-advantage/uaclient.conf`
++  - delete the `ua_config:` line from `/etc/ubuntu-advantage/uaclient.conf`
++
++### Migration error 2
++**Error message:**
++```
++Warning: Failed to migrate user_config from /etc/ubuntu-advantage/uaclient.conf
++         Please run the following to keep your custom settings:
++           pro config set example=example
++```
++
++**Where you'll see it:**
++
++During an `apt upgrade` or `apt install ubuntu-advantage-tools`
++
++**What does it mean:**
++
++This means that `/var/lib/ubuntu-advantage/user-config.json` was unable to be written or a json serialization error occurred.
++
++**What you can do about it:**
++
++Run each of the `pro config set` commands recommended in the warning message.
++
++### Migration error 3
++**Error message:**
++```
++Warning: Failed to migrate /etc/ubuntu-advantage/uaclient.conf
++         Please add following to uaclient.conf to keep your config:
++           example: example
++```
++
++**Where you'll see it:**
++
++During an `apt upgrade` or `apt install ubuntu-advantage-tools`
++
++**What does it mean:**
++
++This means that `/etc/ubuntu-advantage/uaclient.conf` was unable to be written or a yaml serialization error occurred.
++
++**What you can do about it:**
++
++Ensure that the settings listed in the warning output make it into your new uaclient.conf.
++
++### Warnings in versions >=27.14~
++
++**Error message:**
++```
++legacy "ua_config" found in uaclient.conf
++```
++or
++```
++Warning: uaclient.conf contains old ua_config field.
++```
++
++**Where you'll see it:**
++
++In `/var/log/ubuntu-advantage.log` after using the `pro` cli or during an `apt upgrade` to a newer version of ubuntu-advantage-tools.
++
++**What does it mean:**
++
++This means that there are still settings nested under `ua_config` in `/etc/ubuntu-advantage/uaclient.conf`. These will still be honored, but support may be removed in the future.
++
++**What you can do about it:**
++
++Check the contents of `/etc/ubuntu-advantage/uaclient.conf`.
++For any setting that is nested under `ua_config`:
++- If you modified the value in the past: run `pro config set field_name=your_custom_value`
++- delete the setting from `/etc/ubuntu-advantage/uaclient.conf`
++- delete the `ua_config:` line from `/etc/ubuntu-advantage/uaclient.conf`
 diff --git a/docs/explanations/how_to_interpret_the_security_status_command.md b/docs/explanations/how_to_interpret_the_security_status_command.md
 index 43fb3d2..21be0b4 100644
 --- a/docs/explanations/how_to_interpret_the_security_status_command.md
 +++ b/docs/explanations/how_to_interpret_the_security_status_command.md
@@ -1,10 +1,10 @@
--# How to interpret the security-status command output
++# What does `security-status` do?
--The `security-status` command is used to get an overview
--of the packages installed in your machine.
++The `security-status` command is used to get an overview of the packages
++installed on your machine.
--If you run the `pro security-status --format yaml` command on your
--machine, you are expected to see the output following this structure:
++If you run the `pro security-status --format yaml` command on your machine, you
++should expect to see an output that follows this structure:
  ```
  _schema_version: '0.1'
@@ -41,31 +41,44 @@ livepatch:
        Patched: true
  ```
--Let's understand what each key mean on the output of the `pro security-status` command:
--
--* **`summary`**: The summary of the system related to Ubuntu Pro and
--  the different package sources in the system:
--
--  * **`num_installed_packages`**: The total number of installed packages in the system.
--  * **`num_esm_apps_packages`**: The number of packages installed from `esm-apps`.
--  * **`num_esm_apps_updates`**: The number of `esm-apps` package updates available to the system.
--  * **`num_esm_infra_packages`**:  The number of packages installed from `esm-infra`.
--  * **`num_esm_infra_updates`**: The number of `esm-infra` package updates available to the system.
--  * **`num_main_packages`**: The number of packages installed from the `main` archive component.
--  * **`num_multiverse_packages**: The number of packages installed from the `multiverse` archive
--    component.
--  * **`num_restricted_packages`**: The number of packages installed from the `restricted` archive
--    component.
--  * **`num_third_party_packages`** : The number of packages installed from `third party` sources.
--  * **`num_universe_packages`**: The number of packages installed from the `universe` archive
--    component.
--  * **`num_unknown_packages`**: The number of packages installed from sources not known to `apt`
--    (installed locally through dpkg or packages without a remote reference).
--  * **`num_standard_security_updates`**: The number of standard security updates available to the system.
--
--  It is worth mentioning here that the `_updates` fields are presenting the number of **security**
--  updates for **installed** packages. For example, let's assume your machine has a universe package that
--  has a security update from `esm-infra`. The count will be displayed as:
++Let's understand what each key means in the output of the `pro security-status`
++command:
++
++## `summary`
++
++This provides a summary of the system related to Ubuntu Pro and the different
++package sources in the system:
++
++* **`num_installed_packages`**: The total number of installed packages on the
++  system.
++* **`num_esm_apps_packages`**: The number of packages installed from `esm-apps`.
++* **`num_esm_apps_updates`**: The number of `esm-apps` package updates available
++  to the system.
++* **`num_esm_infra_packages`**: The number of packages installed from
++  `esm-infra`.
++* **`num_esm_infra_updates`**: The number of `esm-infra` package updates
++  available to the system.
++* **`num_main_packages`**: The number of packages installed from the `main`
++  archive component.
++* **`num_multiverse_packages`**: The number of packages installed from the
++  `multiverse` archive component.
++* **`num_restricted_packages`**: The number of packages installed from the
++  `restricted` archive component.
++* **`num_third_party_packages`** : The number of packages installed from
++  `third party` sources.
++* **`num_universe_packages`**: The number of packages installed from the
++  `universe` archive component.
++* **`num_unknown_packages`**: The number of packages installed from sources not
++  known to `apt` (e.g., those installed locally through `dpkg` or packages
++  without a remote reference).
++* **`num_standard_security_updates`**: The number of standard security updates
++  available to the system.
++
++```{note}
++  It is worth mentioning here that the `_updates` fields are presenting the
++  number of **security** updates for **installed** packages. For example, let's
++  assume your machine has a universe package that has a security update from
++  `esm-infra`. The count will be displayed as:
    ```
    num_esm_infra_packages: 0
@@ -80,30 +93,38 @@ Let's understand what each key mean on the output of the `pro security-status` c
    num_esm_infra_updates: 0
    num_universe_packages: 0
    ```
++```
++
++* **`ua`**: An object representing the state of Ubuntu Pro on the system:
++  * **`attached`**: If the system is attached to an Ubuntu Pro subscription.
++  * **`enabled_services`**: A list of services that are enabled on the system.
++    If unattached, this will always be an empty list.
++  * **`entitled_services`**: A list of services that are entitled on your
++    Ubuntu Pro subscription. If unattached, this will always be an empty list.
++
++## `packages`
++
++This provides a list of security updates for packages installed on the system.
++Every entry on the list will follow this structure:
++
++* **`origin`**: The host where the update comes from.
++* **`package`**: The name of the package.
++* **`service_name`**: The service that provides the package update. It can be
++  one of: `esm-infra`, `esm-apps` or `standard-security`.
++* **`status`**: The status for this update. It will be one of:
++  * **"upgrade_available"**: The package can be upgraded right now.
++  * **"pending_attach"**: The package needs an Ubuntu Pro subscription attached
++    to be upgraded.
++  * **"pending_enable"**: The machine is attached to an Ubuntu Pro subscription,
++    but the service required to provide the upgrade is not enabled.
++  * **"upgrade_unavailable"**: The machine is attached, but the contract is not
++    entitled to the service which provides the upgrade.
++* **`version`**: The update version.
++* **`download_size`**: The number of bytes that would be downloaded in order to
++  install the update.
++
++## `livepatch`
--  * **`ua`**: An object representing the state of Ubuntu Pro on the system:
--    * **`attached`**: If the system is attached to an Ubuntu Pro subscription.
--    * **`enabled_services`**: A list of services that are enabled on the system. If unattached, this
--      will always be an empty list.
--    * **`entitled_services`**: A list of services that are entitled on your Ubuntu Pro subscription. If
--      unattached, this will always be an empty list.
--
--* **`packages`**: A list of security updates for packages installed in the system.
--  Every entry on the list will follow this structure:
--
--  * **`origin`**: The host were the update comes from.
--  * **`package`**: The name of the package.
--  * **`service_name`**: The service that provides that package update. It can be either: `esm-infra`,
--    `esm-apps` or `standard-security`.
--  * **`status`**: The status for this update. It will be one of:
--    * **"upgrade_available"**: The package can be upgraded right now.
--    * **"pending_attach"**: The package needs an Ubuntu Pro subscription attached to be upgraded.
--    * **"pending_enable"**: The machine is attached to an Ubuntu Pro subscription, but the service required to
--      provide the upgrade is not enabled.
--    * **"upgrade_unavailable"**: The machine is attached, but the contract is not entitled to
--      the service which provides the upgrade.
--  * **`version`**: The update version.
--  * **`download_size`**: The number of bytes that would be downloaded in order to install the update.
--
--* **`livepatch`**: Livepatch related information. Currently, the only information
--presented is **`fixed_cves`** - a list of CVEs that were fixed by Livepatches applied to the kernel.
++This displays Livepatch-related information. Currently, the only information
++presented is **`fixed_cves`**. This represents a list of CVEs that were fixed
++by Livepatches applied to the kernel.
 diff --git a/docs/explanations/motd_messages.md b/docs/explanations/motd_messages.md
 index 7defd66..337a4bd 100644
 --- a/docs/explanations/motd_messages.md
 +++ b/docs/explanations/motd_messages.md
@@ -1,112 +1,111 @@
--# Ubuntu Pro related messages on MOTD
++# Ubuntu Pro-related MOTD messages
--When Ubuntu Pro Client (`pro`) is installed on the system, it delivers custom messages on [MOTD](https://wiki.debian.org/motd).
--Those messages are generated directly by two different sources:
++When the Ubuntu Pro Client (`pro`) is installed on the system, it delivers
++custom messages on ["Message of the Day" (MOTD)](https://wiki.debian.org/motd).
++Those messages are generated directly by two different sources.
--* **python script**: The [update-notifier](https://wiki.ubuntu.com/UpdateNotifier) deliver a script
--  called `apt_check.py`. Considering Ubuntu Pro related information, this script is responsible for:
++## Python-scripted MOTD
++
++The [update-notifier](https://wiki.ubuntu.com/UpdateNotifier) delivers a script
++called `apt_check.py`. With regards to Ubuntu Pro, this script is responsible
++for:
++
++* Informing the user about the status of one of the ESM services; `esm-apps` if
++  the machine is an LTS series, or `esm-infra` if the series is in ESM mode.
++* Showing the number of `esm-infra` or `esm-apps` packages that can be upgraded
++  on the machine.
++
++For example, here is the output of the `apt_check.py` script on a LTS machine
++when both of those services are enabled:
++
++```
++Expanded Security Maintenance for Applications is enabled.
++
++11 updates can be applied immediately.
++5 of these updates are ESM Apps security updates.
++1 of these updates is a ESM Infra security update.
++5 of these updates are standard security updates.
++To see these additional updates run: apt list --upgradable
++```
++
++However, if we were running this on an ESM series, we would instead see
++`esm-infra` being advertised:
++
++```
++Expanded Security Maintenance Infrastructure is enabled.
++
++11 updates can be applied immediately.
++5 of these updates are ESM Apps security updates.
++1 of these updates is a ESM Infra security update.
++5 of these updates are standard security updates.
++To see these additional updates run: apt list --upgradable
++```
++
++Now let's consider a scenario where one of these services is not enabled. For
++example, if `esm-apps` was disabled, the output will be:
++
++```
++Expanded Security Maintenance for Applications is not enabled.
++
++6 updates can be applied immediately.
++1 of these updates is a ESM Infra security update.
++5 of these updates are standard security updates.
++To see these additional updates run: apt list --upgradable
--  * inform the user about the status of one of the ESM services, `esm-apps` if the machine is a
--    LTS series or `esm-infra` if the series is on ESM mode.
--  * showing the number of `esm-infra` or `esm-apps` packages that can be upgraded in the machine
++5 additional security updates can be applied with ESM Apps
++Learn more about enabling ESM Apps for Ubuntu 16.04 at
++https://ubuntu.com/16-04
++```
--  For example, this is the output of the `apt_check.py` script on a LTS machine when both of
--  those services are enabled:
++At the end of the output we can see the number of packages that *could* be
++upgraded if that service was enabled. Note that we would deliver the same
++information for `esm-infra` if the service was disabled and the series running
++on the machine is in ESM state.
--  ```
--  Expanded Security Maintenance for Applications is enabled.
++## MOTD through Ubuntu Pro timer jobs
--  11 updates can be applied immediately.
--  5 of these updates are ESM Apps security updates.
--  1 of these updates is a ESM Infra security update.
--  5 of these updates are standard security updates.
--  To see these additional updates run: apt list --upgradable
--  ```
++One of the timer jobs Ubuntu Pro uses can insert additional messages into MOTD.
++These messages will be always delivered before or after the content created by
++the Python script delivered by `update-notifier`. These additional messages are
++generated when `pro` detects that certain conditions on the machine have been
++met. They are:
--  Note that if we were running this on a ESM series, we would instead see `esm-infra` being
--  advertised:
++### Subscription expired
--  ```
--  Expanded Security Maintenance Infrastructure is enabled.
++When the Ubuntu Pro subscription is expired, `pro` will deliver the following
++message after the `update-notifier` message:
--  11 updates can be applied immediately.
--  5 of these updates are ESM Apps security updates.
--  1 of these updates is a ESM Infra security update.
--  5 of these updates are standard security updates.
--  To see these additional updates run: apt list --upgradable
--  ```
++```
++*Your Ubuntu Pro subscription has EXPIRED*
++2 additional security update(s) require Ubuntu Pro with 'esm-infra' enabled.
++Renew your service at https://ubuntu.com/pro
++```
--  Now considering the scenario were one of those services is not enabled. For example, if
--  `esm-apps` was not enabled, the output will be:
++### Subscription about to expire
--  ```
--  Expanded Security Maintenance for Applications is not enabled.
--
--  6 updates can be applied immediately.
--  1 of these updates is a ESM Infra security update.
--  5 of these updates are standard security updates.
--  To see these additional updates run: apt list --upgradable
--
--  5 additional security updates can be applied with ESM Apps
--  Learn more about enabling ESM Apps for Ubuntu 16.04 at
--  https://ubuntu.com/16-04
--  ```
--
--  In the end of the output we can see the number of packages that could
--  be upgraded if that service was enabled. Note that we would deliver the same information
--  for `esm-infra` if the service was disabled and the series running on the machine is on ESM
--  state.
--
--* **Ubuntu Pro timer jobs**: One of the timer jobs Ubuntu Pro has is used to insert additional messages into MOTD.
--  Those messages will be always delivered before or after the content created by the python
--  script delivered by `update-notifier`. Those additional messages are generated when `pro` detects
--  some conditions on the machine. They are:
--
--  * **subscription expired**: When the Ubuntu Pro subscription is expired, `pro` will deliver the following
--    message after the `update-notifier` message:
--
--    ```
--    *Your Ubuntu Pro subscription has EXPIRED*
--    2 additional security update(s) require Ubuntu Pro with 'esm-infra' enabled.
--    Renew your service at https://ubuntu.com/pro
--    ```
--
--  * **subscription about to expire**: When the Ubuntu Pro subscription is about to expire, we deliver the
--    following message after the `update-notifier` message:
--
--    ```
--    CAUTION: Your Ubuntu Pro subscription will expire in 2 days.
--    Renew your subscription at https://ubuntu.com/pro to ensure continued security
--    coverage for your applications.
--    ```
--
--  * **subscription expired but within grace period**: When the Ubuntu Pro subscription is expired, but is
--    still within the grace period, we deliver the following message after the `update-notifier`
--    script:
--
--    ```
--    CAUTION: Your Ubuntu Pro subscription expired on 10 Sep 2021.
--    Renew your subscription at https://ubuntu.com/pro to ensure continued security
--    coverage for your applications.
--    Your grace period will expire in 9 days.
--    ```
--
--  * **advertising esm-apps service**: When we detect that `esm-apps` is supported and not enabled
--    in the system, we advertise it using the following message that is delivered before the
--    `update-notifier` message:
--
--    ```
--    * Introducing Expanded Security Maintenance for Applications.
--      Receive updates to over 25,000 software packages with your
--      Ubuntu Pro subscription. Free for personal use
--
--        https://ubuntu.com/16-04
--    ```
--
--  Note that we could also advertise the `esm-infra` service instead. This will happen
--  if you use an ESM release. Additionally, the the url we use to advertise the service is different
--  based on the series that is running on the machine.
--
--  Additionally, all of those Ubuntu Pro custom messages are delivered into
--  `/var/lib/ubuntu-advantage/messages`. We also add custom scripts into `/etc/update-motd.d` to
--  check if those messages exist and if they do, insert them on the full MOTD message.
++When the Ubuntu Pro subscription is about to expire, we deliver the following
++message after the `update-notifier` message:
++
++```
++CAUTION: Your Ubuntu Pro subscription will expire in 2 days.
++Renew your subscription at https://ubuntu.com/pro to ensure continued security
++coverage for your applications.
++```
++
++### Subscription expired but within grace period
++
++When the Ubuntu Pro subscription has expired, but is still within the grace
++period, we deliver the following message after the `update-notifier` script:
++
++```
++CAUTION: Your Ubuntu Pro subscription expired on 10 Sep 2021.
++Renew your subscription at https://ubuntu.com/pro to ensure continued security
++coverage for your applications.
++Your grace period will expire in 9 days.
++```
++
++### How are these messages updated and inserted into MOTD?
++
++1. The contract status is checked periodically in the background when the machine is attached to an Ubuntu Pro contract.
++2. If one of the above messages applies to the contract that the machine is attached to, then the message is stored in `/var/lib/ubuntu-advantage/messages/motd-contract-status`.
++3. At MOTD generation time, the script located at `/etc/update-motd.d/91-contract-ua-esm-status` checks if `/var/lib/ubuntu-advantage/messages/motd-contract-status` exists and if it does, inserts the message into the full MOTD.
 diff --git a/docs/explanations/status_columns.md b/docs/explanations/status_columns.md
 index 40a11e5..1447b44 100644
 --- a/docs/explanations/status_columns.md
 +++ b/docs/explanations/status_columns.md
@@ -1,7 +1,11 @@
--# Status output explanation
++# The `pro status` output explained
--When running `pro status` we can observe two different types of outputs, attached vs unattached.
--When unattached, users will see the status table containing only three columns:
++When running `pro status` we can observe two different types of outputs, which
++depend on whether the Ubuntu Pro subscription is attached or unattached.
++
++## Pro subscription unattached
++When unattached, users will see the following status table containing only
++three columns:
  ```
  SERVICE          AVAILABLE  DESCRIPTION
@@ -15,12 +19,16 @@ livepatch        yes        Canonical Livepatch service
  Where:
--* **SERVICE**: is the name of service being offered
--* **AVAILABLE**: if that service is available on that machine. To verify if a service is available, we
--  check the machine kernel version, architecture and Ubuntu release it is running.
++* **SERVICE**: Is the name of service being offered
++* **AVAILABLE**: Shows if that service is available on that machine. To verify
++  if a service is available, we check the machine kernel version, architecture,
++  Ubuntu release being used and the machine type (i.e lxd for LXD containers)
  * **DESCRIPTION**: A short description of the service.
--However, if we run the same command when attached, we have an output with 4 columns:
++## With Pro subscription attached
++
++However, if we run the same command when attached, we have an output with 4
++columns:
  ```
  SERVICE       ENTITLED  STATUS    DESCRIPTION
@@ -29,46 +37,67 @@ esm-infra     yes       enabled   Expanded Security Maintenance for Infrastructu
  fips          yes       n/a       NIST-certified core packages
  fips-updates  yes       n/a       NIST-certified core packages with priority security updates
  livepatch     yes       n/a       Canonical Livepatch service
--```
++```
++
++You may notice that the column **AVAILABLE** is no longer shown, and instead we
++see the following new columns:
++
++* **ENTITLED**: Shows if the user subscription allows that service to be
++  enabled.
++* **STATUS**: Reports the state of that service on the machine.
--Here we can notice that the column **AVAILABLE** no longer applies and we have new columns:
++It is possible that a service could appear as "available" when the Pro status is
++unattached, but then shows as "not entitled" if the subscription is later
++attached. This happens because even if the service is available, if your Ubuntu
++Pro subscription doesn't allow you access to a service, `pro` cannot enable it.
--* **ENTITLED**: If the user subscription allow that service to be enabled
--* **STATUS**: The state of that service on the machine.
++The **STATUS** column allows for three possible states:
--It is possible that a service appears as available when running status unattached, but turns
--out as not entitled. This happens because even if the service can be enabled on the machine,
--if your Ubuntu Pro subscription doesn't allow you to do that, `pro` cannot enable it.
++* **enabled**: The service is enabled on the machine.
++* **disabled**: The service is not currently running.
++* **n/a**: This means "not applicable". This will show if the service cannot be
++  enabled on the machine due to a non-contract restriction. For example, we
++  cannot enable `livepatch` on a container.
--Additionally, the **STATUS** column allows for three possible states:
++## Notices
--* **enabled**: service is enabled in the machine
--* **disabled**: service is not currently running
--* **n/a**: This means non-applicable. This can happen if the service cannot be enabled on the machine
--  due to a non-contract restriction. For example, we cannot enable `livepatch` on a container.
++"Notices" are information regarding the Ubuntu Pro status which either require
++some kind of action from the user, or may impact the experience with Ubuntu Pro.
--### Notices
--Notices are information regarding the Ubuntu Pro status which either require some kind of action from the user, or may impact the experience with Ubuntu Pro.
++For example, let's say FIPS was just enabled, but the system wasn't rebooted
++yet (which is required for booting into the FIPS Kernel). The output of
++`pro status` in this case will contain:
--For example, let's say FIPS was just enabled, but the system wasn't rebooted yet (which is needed for booting into the FIPS Kernel), the output of `pro status`  will contain:
  ```
  NOTICES
  FIPS support requires system reboot to complete configuration.
  ```
++
  After the system is rebooted, the notice will go away.
--Notices can always be resolved, and the way to resolve it should be explicit in the notice itself.
++Notices can always be resolved, and the instructions on how to resolve it will
++be explicitly stated in the notice itself.
++
++## Features
++
++"Features" are extra configuration values that can be set and unset in
++`uaclient.conf`. Most of these are meant for development/testing purposes, but
++some can be used in application flows. For example, to always have beta services
++with the same flow as the non-beta (for `enable`, `status`, etc.),
++`uaclient.conf` may have:
--### Features
--Features are extra configuration values that can be set/unset in `uaclient.conf`. Most of those are meant for development/testing purposes, but some can be used in application flows. For example, to always have beta services with the same flow as the non-beta (for enable, status, etc), `uaclient.conf` may have:
  ```
  features:
    allow_beta: true
  ```
++
  In this case, the output of `pro status` will contain:
++
  ```
  FEATURES
  allow_beta: True
  ```
--Keep in mind that any feature defined like this will be listed, even if it is invalid or typed the wrong way. Those appear on status for information/debugging purposes.
++It's important to keep in mind that any feature defined like this will be
++listed, even if it is invalid or typed the wrong way. Those appear in `status`
++output for informational and debugging purposes.
 diff --git a/docs/explanations/what_are_the_timer_jobs.md b/docs/explanations/what_are_the_timer_jobs.md
 index 30de317..fa84b36 100644
 --- a/docs/explanations/what_are_the_timer_jobs.md
 +++ b/docs/explanations/what_are_the_timer_jobs.md
@@ -1,19 +1,26 @@
--# Timer jobs
++# Timer jobs explained
--Ubuntu Pro Client (`pro`) sets up a systemd timer to run jobs that need to be executed recurrently. Everytime the
--timer runs, it decides which jobs need to be executed based on their intervals. When a job runs
--successfully, its next run is determined by the interval defined for that job.
++Ubuntu Pro Client (`pro`) sets up a `systemd` timer to run jobs that need to be
++carried out periodically. Every time the timer runs, it decides which jobs need
++to be performed based on their intervals. When a job runs successfully, its next
++run is determined by the interval defined for that job.
  ## Current jobs
--The jobs that `pro` runs periodically are:
++The jobs that `pro` runs periodically are `metering` and `update_messaging`.
--| Job | Description | Interval |
--| --- | ----------- | -------- |
--| update_messaging | Update MOTD and APT messages | 6 hours |
--| metering | (Only when attached to Ubuntu Pro services) Pings Canonical servers for contract metering | 4 hours |
++### The `update_messaging` job
--- The `update_messaging` job makes sure that the MOTD and APT messages match the
--available/enabled services on the system, showing information about available
--packages or security updates.
--- The `metering` will inform Canonical on which services are enabled on the machine.
++`update_messaging` updates the MOTD and APT messages every 6 hours. It ensures
++that the MOTD and APT messages displayed on the system match those that are
++available/enabled. It finds updated information about available packages or
++security updates and shows these to the user.
++
++### The `metering` job
++
++`metering` pings the Canonical servers for contract metering every 4 hours. It
++informs Canonical which services are enabled on the machine.
++
++```{note}
++The `metering` job only runs when attached to an Ubuntu Pro subscription.
++```
 diff --git a/docs/explanations/what_are_ubuntu_pro_cloud_instances.md b/docs/explanations/what_are_ubuntu_pro_cloud_instances.md
 index 84437e1..4e84d7e 100644
 --- a/docs/explanations/what_are_ubuntu_pro_cloud_instances.md
 +++ b/docs/explanations/what_are_ubuntu_pro_cloud_instances.md
@@ -1,15 +1,28 @@
--# What is a Public Cloud Ubuntu Pro machine?
++# About Public Cloud Ubuntu Pro images
--Ubuntu Pro images are published to [AWS](https://ubuntu.com/aws/pro), [Azure](https://ubuntu.com/azure/pro) and [GCP](https://ubuntu.com/gcp/pro) which come with Ubuntu
--Pro support and services built in. On first boot, Ubuntu Pro images will automatically attach
--to an Ubuntu Pro support contract and enable necessary Ubuntu Pro services so
--that no extra setup is required to ensure a secure and supported Ubuntu machine.
++Ubuntu Pro images are published to [AWS](https://ubuntu.com/aws/pro),
++[Azure](https://ubuntu.com/azure/pro) and [GCP](https://ubuntu.com/gcp/pro).
++All of these come with Ubuntu Pro support and services built in.
--There are two primary flavors of Ubuntu Pro images in clouds:
++On first boot, Ubuntu Pro images will automatically attach to an Ubuntu Pro
++support contract and enable all necessary Ubuntu Pro services so that no extra
++setup is required to ensure a secure and supported Ubuntu machine.
--* Ubuntu Pro: Ubuntu LTS images with attached Ubuntu Pro support with kernel Livepatch and
--ESM security access already enabled. Ubuntu Pro images are entitled to enable any additional Ubuntu Pro
--services (like [`fips`](../howtoguides/enable_fips.md) or [`usg`](../howtoguides/enable_cis.md)).
--* Ubuntu Pro FIPS: Specialized Ubuntu Pro images for 16.04, 18.04 and 20.04 which come pre-enabled
--with the cloud-optimized FIPS-certified kernel and all additional SSL and security hardening
--enabled. These images are available as [AWS Ubuntu Pro FIPS](https://ubuntu.com/aws/fips), [Azure Ubuntu Pro FIPS](https://ubuntu.com/azure/fips) and GCP Ubuntu Pro FIPS.
++There are two primary flavors of Ubuntu Pro images in clouds: *Ubuntu Pro*, and
++*Ubuntu Pro FIPS*.
++
++## Ubuntu Pro
++
++These Ubuntu LTS images are provided already attached to Ubuntu Pro support,
++with kernel Livepatch and ESM security access enabled. Ubuntu Pro images are
++entitled to enable any additional Ubuntu Pro services (like
++[`fips`](../howtoguides/enable_fips.md) or
++[`usg`](../howtoguides/enable_cis.md)).
++
++## Ubuntu Pro FIPS
++
++These specialized Ubuntu Pro images for 16.04, 18.04 and 20.04 come pre-enabled
++with the cloud-optimized FIPS-certified kernel, as well as all additional SSL
++and security hardening enabled. These images are available as
++[AWS Ubuntu Pro FIPS](https://ubuntu.com/aws/fips),
++[Azure Ubuntu Pro FIPS](https://ubuntu.com/azure/fips) and GCP Ubuntu Pro FIPS.
 diff --git a/docs/explanations/what_is_the_daemon.md b/docs/explanations/what_is_the_daemon.md
 index f7b1195..0ad510f 100644
 --- a/docs/explanations/what_is_the_daemon.md
 +++ b/docs/explanations/what_is_the_daemon.md
@@ -1,8 +1,12 @@
--# What is the Pro Upgrade Daemon?
++# What is the Pro upgrade daemon?
--Ubuntu Pro Client sets up a daemon on supported platforms (currently GCP only) to detect if an Ubuntu Pro license is purchased for the machine. If a Pro license is detected, then the machine is automatically attached.
++Ubuntu Pro Client sets up a daemon on supported platforms (currently GCP
++only) to detect if an Ubuntu Pro license has been purchased for the machine.
++If a Pro license is detected, then the machine is automatically attached.
--If you are uninterested in Ubuntu Pro services, you can safely stop and disable the daemon using systemctl:
++If you are not interested in Ubuntu Pro services and don't want your machine to
++be automatically attached to your subscription, you can safely stop and disable
++the daemon using `systemctl`:
  ```
  sudo systemctl stop ubuntu-advantage.service
 diff --git a/docs/explanations/what_is_the_ubuntu_advantage_pro_package.md b/docs/explanations/what_is_the_ubuntu_advantage_pro_package.md
 index 10a4d1d..337e97c 100644
 --- a/docs/explanations/what_is_the_ubuntu_advantage_pro_package.md
 +++ b/docs/explanations/what_is_the_ubuntu_advantage_pro_package.md
@@ -1,4 +1,8 @@
--# What is the ubuntu-advantage-pro package?
++# What is the `ubuntu-advantage-pro` package?
--The ubuntu-advantage-pro package is used by [Public Cloud Ubuntu Pro](what_are_ubuntu_pro_cloud_instances.md) machines to automate machine attach on boot.
--Therefore, the only thing that `ubuntu-advantage-pro` does is ship a systemd unit that runs an auto-attach command on first boot.
++The `ubuntu-advantage-pro` package is used by
++[Public Cloud Ubuntu Pro](what_are_ubuntu_pro_cloud_instances.md) machines to
++automate the process of attaching a machine on boot.
++
++Therefore, the only thing that `ubuntu-advantage-pro` does is ship a `systemd`
++unit that runs an auto-attach command on first boot.
 diff --git a/docs/explanations/what_refresh_does.md b/docs/explanations/what_refresh_does.md
 index 16542f7..5312962 100644
 --- a/docs/explanations/what_refresh_does.md
 +++ b/docs/explanations/what_refresh_does.md
@@ -1,13 +1,25 @@
--# What refresh does
++# What `pro refresh` does
--When you run the `pro refresh` command on your machine, three distinct stages are performed:
++When you run the `pro refresh` command on your machine, three distinct stages
++are performed.
--* **contract**: The contract information on the machine is refreshed. If we find any deltas
--  between the old contract and the new one, we process that delta and apply the changes
--  on the machine. If you need only this stage during refresh, run `pro refresh contract`.
++## Contract
--* **config**: If there is any config change made on `/etc/ubuntu-advantage/uaclient.conf`, those
--  changes will now be applied to the machine. If you need only this stage during refresh, run `pro refresh config`.
++The contract information on the machine is refreshed. If we find any deltas
++between the old contract and the new one, we process that delta and apply the
++changes to the machine.
--* **MOTD and APT messages**: Process new MOTD and APT messages and refresh the machine to use
--  them. If you need only this stage during refresh, run `pro refresh messages`.
++If you need *only* this stage during refresh, run `pro refresh contract`.
++
++## Configuration
++
++If there is any config change made to `/etc/ubuntu-advantage/uaclient.conf`,
++those changes will now be applied to the machine.
++
++If you need *only* this stage during refresh, run `pro refresh config`.
++
++## MOTD and APT messages
++
++Processes new MOTD and APT messages, and refreshes the machine to use them.
++
++If you need *only* this stage during refresh, run `pro refresh messages`.
 diff --git a/docs/explanations/why_trusty_is_no_longer_supported.md b/docs/explanations/why_trusty_is_no_longer_supported.md
 index f3e26d3..3d37ee6 100644
 --- a/docs/explanations/why_trusty_is_no_longer_supported.md
 +++ b/docs/explanations/why_trusty_is_no_longer_supported.md
@@ -1,7 +1,10 @@
--# Why trusty is no longer supported
++# Why is 14.04 (Trusty) no longer supported?
--On 14.04 (Trusty), the Ubuntu Pro Client package is not receiving upstream updates
--beyond version 19.6 plus any critical CVE maintenance related to this version. Version 19.6 already
--has full-featured support of the applicable Ubuntu Pro service offerings `esm-infra` and `livepatch`. In the
--event that a CVE is discovered that affects the Ubuntu Pro Client version on Trusty, a fix and backport will be
--provided for those specific issues.
++On 14.04 (Trusty), the Ubuntu Pro Client package is not receiving upstream
++updates beyond version 19.6, plus any critical CVE maintenance related to this
++version.
++
++Version 19.6 already has full-featured support of the applicable Ubuntu Pro
++service offerings `esm-infra` and `livepatch`. In the event that a CVE is
++discovered that affects the Ubuntu Pro Client version on Trusty, a fix and
++backport will be provided for those specific issues.
 diff --git a/docs/howtoguides.rst b/docs/howtoguides.rst
 index 8ddbc0c..7127394 100644
 --- a/docs/howtoguides.rst
 +++ b/docs/howtoguides.rst
@@ -34,6 +34,7 @@ How to use ``pro`` commands
  ..  toctree::
      :maxdepth: 1
++    Disable or re-enable APT News <howtoguides/disable_enable_apt_news.md>
      Configure a proxy <howtoguides/configure_proxies.md>
      Configure a timer job <howtoguides/configuring_timer_jobs.md>
@@ -82,19 +83,19 @@ How to use ``pro`` commands
      :maxdepth: 1
      Check Ubuntu Pro Client version <howtoguides/check_pro_version>
--
--Create a ``pro`` Golden Image
--=============================
++
++``lock``
++-----------
  ..  toctree::
      :maxdepth: 1
--    Create a customised Cloud Ubuntu Pro image <howtoguides/create_pro_golden_image.md>
--
--Use ``pro`` in an airgapped environment
--=======================================
++    Get rid of corrupted locks <howtoguides/get_rid_of_corrupt_lock.md>
++
++Create a ``pro`` Golden Image
++=============================
  ..  toctree::
      :maxdepth: 1
--    Use Ubuntu Pro in an airgapped environment <howtoguides/pro_in_airgapped.md>
++    Create a customised Cloud Ubuntu Pro image <howtoguides/create_pro_golden_image.md>
 diff --git a/docs/howtoguides/disable_enable_apt_news.md b/docs/howtoguides/disable_enable_apt_news.md
 new file mode 100644
 index 0000000..c9ffd59
 --- /dev/null
 +++ b/docs/howtoguides/disable_enable_apt_news.md
@@ -0,0 +1,45 @@
++# How to disable or re-enable APT News
++
++APT News is a feature that allows for timely package-related news to be displayed during an `apt upgrade`. It is distinct from [Ubuntu Pro 'available update' messages](../explanations/apt_messages.md) that are also displayed during an `apt upgrade`. APT News messages are fetched from [https://motd.ubuntu.com/aptnews.json](https://motd.ubuntu.com/aptnews.json) at most once per day.
++
++By default, APT News is turned on. In this How-to-guide, we show how to turn off and on the APT News feature for a particular machine.
++
++## Step 1: Check the current configuration of APT News
++
++```
++pro config show apt_news
++```
++
++The default value is `True`, so if you haven't yet modified this setting, you will see:
++```
++apt_news True
++```
++
++## Step 2: Disable APT News
++
++```
++pro config set apt_news=false
++```
++
++This should also clear any current APT News you may be seeing on your system during `apt upgrade`.
++
++You can double-check that the setting was successful by running the following again:
++
++```
++pro config show apt_news
++```
++
++You should now see:
++```
++apt_news False
++```
++
++## Step 3: (Optional) Re-enable APT News
++
++If you change your mind and want APT News to start appearing again in `apt upgrade`, run the following:
++
++```
++pro config set apt_news=true
++```
++
++And verify the setting worked with `pro config show apt_news`.
 diff --git a/docs/howtoguides/enable_realtime_kernel.md b/docs/howtoguides/enable_realtime_kernel.md
 index 4cf56c0..e5ca5e8 100644
 --- a/docs/howtoguides/enable_realtime_kernel.md
 +++ b/docs/howtoguides/enable_realtime_kernel.md
@@ -1,7 +1,7 @@
  # How to enable Real-time kernel
  ```{caution}
--Real-Time Kernel is only supported on 22.04. For more information, please see
++Real-time kernel is only supported on 22.04. For more information, please see
  https://ubuntu.com/realtime-kernel
  ```
@@ -14,7 +14,7 @@ $ sudo pro enable realtime-kernel
  ```
  You'll need to acknowledge a warning, and then you should see output like the
--following, indicating that the Real-Time Kernel package has been installed.
++following, indicating that the Real-time kernel package has been installed.
  ```
  One moment, checking your subscription first
@@ -39,7 +39,7 @@ After rebooting you'll be running the Real-time kernel!
  The --access-only flag is introduced in version 27.11
  ```
--If you would like to enable access to the Real-Time Kernel APT repository but
++If you would like to enable access to the Real-time kernel APT repository but
  not install the kernel right away, use the `--access-only` flag while enabling.
  ```console
 diff --git a/docs/howtoguides/get_rid_of_corrupt_lock.md b/docs/howtoguides/get_rid_of_corrupt_lock.md
 new file mode 100644
 index 0000000..03da4a3
 --- /dev/null
 +++ b/docs/howtoguides/get_rid_of_corrupt_lock.md
@@ -0,0 +1,29 @@
++# How to get rid of a corrupt lock
++
++Some pro commands (`attach`, `enable`, `detach` and `disable`) will potentially change the
++internal state of your system. Since those commands can run in parallel, we have a lock file
++mechanism to guarantee that only one of these commands can run at the same time. The lock follow
++this pattern:
++
++```
++PROCESS_PID:LOCK_HOLDER_NAME
++```
++
++Where:
++
++*PROCESS_PID*: The PID of the process that is running the pro command
++*LOCK_HOLDER_NAME*: The name of the command that is using the lock (i.e. `pro disable`)
++
++If the lock file doesn't follow that pattern, we say that it is corrupted. That might happen if we
++have any type of disk failures in the system. Once we detect a corrupted lock file, any of
++the mentioned pro commands will generate the following output:
++
++```
++There is a corrupted lock file in the system. To continue, please remove it
++from the system by running:
++
++$ sudo rm /var/lib/ubuntu-advantage/lock
++```
++
++You can follow the instructions presented on the output to get rid of the corrupted lock.
++After that, running the command should generate a correct lock file and continue as expected.
 diff --git a/docs/howtoguides/pro_in_airgapped.md b/docs/howtoguides/pro_in_airgapped.md
 deleted file mode 100644
 index f8f41a7..0000000
 --- a/docs/howtoguides/pro_in_airgapped.md
 +++ /dev/null
@@ -1,103 +0,0 @@
--# Get started with `pro` in airgapped environment
--Want to use `pro` in an offline (=airgapped/internetless) environment? This how-to guide will help you understand how to use the power of Ubuntu Pro in an internetless environment.
--
--We will show you how to use your existing token in the machine without Internet access and get the same resources as if your machine had network access.
--
--What you’ll learn
--* How to use the airgapped functionality
--* How to configure the Pro client to use airgapped
--* How to configure resources in the internetless environment
--
--What you’ll need
--* Preliminary Ubuntu Pro knowledge (refer [here](https://canonical-ubuntu-pro-client.readthedocs-hosted.com/) for more info)
--* Two Ubuntu machines (one in the airgapped & one in the non-airgapped environment) running 16.04 LTS, 18.04 LTS, 20.04 LTS or 22.04 LTS
--* `sudo` access on both machines
--* Existing Ubuntu One account
--* Ubuntu Pro client version 27.11.2 or newer on the airgapped machine
--
--## Before we start
--1. Check your machines are up-to-date: \
--`sudo apt update && sudo apt upgrade`
--2. Check the Ubuntu Pro client is installed on the airgapped machine: \
--`pro --version`
--3. Get the token from the [Ubuntu Pro dashboard](https://ubuntu.com/pro/dashboard) you plan to use in the airgapped environment. In this guide, we’ll refer to this token as `[YOUR_CONTRACT_TOKEN]`
--
--
--## Installation
--Run these commands on both machines:
--```bash
--sudo add-apt-repository ppa:yellow/ua-airgapped && sudo apt update
--sudo apt install ua-airgapped contracts-airgapped get-resource-tokens
--```
--
--These three commands serve the following purposes:
--1. `ua-airgapped` creates the configuration for running the server locally
--2. `contracts-airgapped` runs the server for the Ubuntu Pro client
--3. `get-resource-tokens` fetches resource tokens for setting up mirrors of Canonical repositories (as we cannot access Canonical-hosted resources in an offline environment)
--
--
--## Get configuration to set up mirrors
--The Ubuntu Pro client cannot access Canonical-hosted services in an offline environment, so we will mirror these repositories locally.
--
--First, find out the repositories’ URLs of all the resources your contract is entitled to. Run the following in a non-airgapped environment: \
--`echo '[YOUR_CONTRACT_TOKEN]:' | ua-airgapped | grep 'aptURL:'`
--
--Then, get the resource tokens to access these resources in a non-airgapped environment: \
--`get-resource-tokens [YOUR_CONTRACT_TOKEN]`
--
--Stdout from `get-resource-tokens` gives pairs of services and their resource tokens (one token per service). The repository URL is specified as `aptURL` from the first command and, together with the resource token, they are required to set up a mirror, be it `apt-mirror`, `aptly`, Landscape or another software.
--
--You can check the resource token's correctness. For example, let’s say we want to set a mirror for `esm-infra`. It has `aptURL: https://esm.ubuntu.com`. If the resource token is `[ESM_INFRA_RESOURCE_TOKEN]`, then the command on the non-airgapped machine will be:
--```bash
--/usr/lib/apt/apt-helper download-file https://bearer:[ESM_INFRA_RESOURCE_TOKEN]@esm.ubuntu.com/ubuntu/ /tmp/check-esm-resource-token.txt
--```
--Response must be `200`. `401 Unauthorized` shows that the resource token or the URL is wrong. Please note that the specifics of setting up mirrors may be different depending on the product, but the bearer authentication will be identical in all cases, so refer to the command above to distinguish between airgapped and mirror problems.
--
--## Set up mirrors
--If you have experience in setting up mirrors, this section is optional for you. However, if you want to get started with the simplest option of setting up mirrors and have no prior experience, keep reading.
--
--Suppose you want to set up mirrors for esm-infra. Then, the steps to set up a mirror would be:
--1. Install `apt-mirror`: \
--`sudo apt install apt-mirror`
--2. Fetch the resource token for `esm-infra` (as per the section above).
--3. Change the `/etc/apt/mirror.list` file to the following contents:
--	```
--	set nthreads     20
--	set _tilde 0
--
--	deb https://bearer:[ESM_INFRA_RESOURCE_TOKEN]@esm.ubuntu.com/infra/ubuntu/ jammy-infra-updates main
--	deb https://bearer:[ESM_INFRA_RESOURCE_TOKEN]@esm.ubuntu.com/infra/ubuntu/ jammy-infra-security main
--
--	clean http://archive.ubuntu.com/ubuntu
--	```
--4. Run `apt-mirror`: \
--`sudo -u apt-mirror apt-mirror`
--5. Serve the `esm-infra` mirror on port `9090` (will be `[ESM_INFRA_MIRROR_URL]` in the next section): \
--`python3 -m http.server --directory /var/spool/apt-mirror/mirror/esm.ubuntu.com/infra/ 9090`
--
--
--## Get configuration to run the server
--The prerequisites for this step are:
--1. Mirrors of needed resources are set up on the airgapped machine
--2. Mirrors of needed resources are served on some port on the airgapped machine
--
--We need to create such a configuration for our server so that it points to the local mirror server on the airgapped machine, not the Canonical one. For example, if we want to use `esm-infra` in the airgapped environment, create the `02-overridden.yml` file on the non-airgapped machine with the following contents:
--```yaml
--[YOUR_CONTRACT_TOKEN]:
--  esm-infra:
--    directives:
--      aptURL: [ESM_INFRA_MIRROR_URL]
--```
--Run `ua-airgapped` for the new config in non-airgapped environment: `cat 02-overridden.yml | ua-airgapped > 02-server-ready.yml`
--
--`02-server-ready.yml` is our final configuration to run the server.
--
--## Running the server and final tweaks
--Run the following commands in the airgapped environment:
--1. Run the server: `contracts-airgapped --input=./02-server-ready.yml`
--2. Change the `contract_url` setting in `uaclient.conf` to point to the server: `http://1.2.3.4:8484`. Here `1.2.3.4` is the IP address of the airgapped machine.
--3. Run `sudo pro refresh` to check everything works fine.
--4. Finally, attach your token: `sudo pro attach [YOUR_CONTRACT_TOKEN]`.
--
--## Congratulations!
--That’s been a long run, but you’ve made it! Now you are all set to run all the `pro` commands in the airgapped environment as you are used to.
 diff --git a/docs/index.rst b/docs/index.rst
 index 588bed0..b63cce0 100644
 --- a/docs/index.rst
 +++ b/docs/index.rst
@@ -55,9 +55,8 @@ for you.
  Getting help
  ============
--Having trouble? We would like to help! For help on a specific page in this
--documentation, click on the "Have a question?" link at the top of that page.
--You can also...
++Ubuntu Pro is a new product, and we're keen to know about your experience of
++using it!
  - **Have questions?**
    You might find the answers `in our FAQ`_.
 diff --git a/docs/references.rst b/docs/references.rst
 index 3190e66..ea61895 100644
 --- a/docs/references.rst
 +++ b/docs/references.rst
@@ -1,9 +1,9 @@
  Ubuntu Pro Client reference
  ***************************
--Our reference section contains support information for the Ubuntu Pro Client.
--This includes details on the network requirements, API definitions, support
--matrices and so on.
++Our reference section contains technical information for the Ubuntu Pro Client.
++This includes details of the network requirements, API definitions, and other
++related tools.
  Reference
  =========
@@ -12,4 +12,7 @@ Reference
      :maxdepth: 1
      :glob:
--    references/*
++    API reference guide <references/api.md>
++    Network requirements <references/network_requirements.md>
++    Personal Package Archives (PPAs) <references/ppas.md>
++    Support matrix <references/support_matrix.md>
 diff --git a/docs/references/api.md b/docs/references/api.md
 index 996835d..4708d9b 100644
 --- a/docs/references/api.md
 +++ b/docs/references/api.md
@@ -1,10 +1,16 @@
--# Pro API Reference Guide
++# The Ubuntu Pro API reference guide
++The Ubuntu Pro Client has a Python-based API to be consumed by users who want
++to integrate the Client's functionality with their software.
--The Pro Client has a Python-based API to be consumed by users who want to integrate the client's functionality to their software.
--The functions and objects are available through the `uaclient.api` module, and all of the available endpoints return an object with specific data for the calls.
++The functions and objects are available through the `uaclient.api` module, and
++all of the available endpoints return an object with specific data for the
++calls.
--Besides importing the Python code directly, consumers who are not writing Python may use the CLI to call the same functionality, using the `pro api` command. This command will always return a JSON with a standard structure, as can be seen below:
++Besides importing the Python code directly, consumers who are not writing
++Python may use the command line interface (CLI) to call the same functionality,
++using the `pro api` command. This command will always return a JSON with a
++standard structure, as can be seen below:
  ```json
+ {
@@ -25,6 +31,51 @@ Besides importing the Python code directly, consumers who are not writing Python
+ }
  ```
++## Version dependencies
++The package name of Ubuntu Pro Client is `ubuntu-advantage-tools`.
++
++The documentation for each endpoint below states the first version to include that endpoint.
++
++If you depend on these endpoints, we recommend using a standard dependency version requirement to ensure that a sufficiently up-to-date version of the Pro Client is installed before trying to use it.
++
++```{important}
++The `~` at the end of the version is important to ensure that dpkg version comparison works as expected.
++```
++
++For example, if your software is packaged as a deb, then you can add the following to your `Depends` list in your `control` file to ensure the installed version is at least 27.11~:
++```
++ubuntu-advantage-tools (>= 27.11~)
++```
++
++### Runtime version detection
++If you need to detect the current version at runtime, the most reliable way is to query `dpkg`.
++```
++dpkg-query --showformat='${Version}' --show ubuntu-advantage-tools
++```
++
++If you need to compare versions at runtime, make sure you use the `dpkg` version comparison algorithm.
++For example, the following will exit 0 if the currently installed version of Pro Client is at least 27.11~:
++```
++dpkg --compare-versions "$(dpkg-query --showformat='${Version}' --show ubuntu-advantage-tools)" ge "27.11~"
++```
++
++### Runtime feature detection
++As an alternative to version detection, you can use feature detection. This is easier to do when importing the API in python than it is when using the `pro api` subcommand.
++
++In python, try to import the desired endpoint. If an `ImportError` is raised, then the currently installed version of Ubuntu Pro Client doesn't support that endpoint.
++
++For example:
++```python
++try:
++    from uaclient.api.u.pro.version.v1 import version
++    pro_client_api_supported = True
++except ImportError:
++    pro_client_api_supported = False
++```
++
++You could do something similar by catching certain errors when using the `pro api` subcommand, but there are more cases that could indicate an old version, and it generally isn't recommended.
++
++## Available endpoints
  The currently available endpoints are:
  - [u.pro.version.v1](#uproversionv1)
  - [u.pro.attach.magic.initiate.v1](#uproattachmagicinitiatev1)
@@ -40,13 +91,19 @@ The currently available endpoints are:
  - [u.security.package_manifest.v1](#usecuritypackage_manifestv1)
  ## u.pro.version.v1
--Shows the installed Client version.
++
++Introduced in Ubuntu Pro Client Version: `27.11~`
++
++Shows the installed Pro Client version.
  ### Args
++
  This endpoint takes no arguments.
  ### Python API interaction
++
  #### Calling from Python code
++
  ```python
  from uaclient.api.u.pro.version.v1 import version
@@ -54,39 +111,48 @@ result = version()
  ```
  #### Expected return object:
++
  `uaclient.api.u.pro.version.v1.VersionResult`
  |Field Name|Type|Description|
  |-|-|-|
--|installed_version|str|The current installed version|
++|`installed_version`|*str*|The current installed version|
--### Raised Exceptions
--- `VersionError`: raised if the client cannot determine the version
++### Raised exceptions
++- `VersionError`: Raised if the Client cannot determine the version.
  ### CLI interaction
++
  #### Calling from the CLI:
++
  ```bash
  pro api u.pro.version.v1
  ```
  #### Expected attributes in JSON structure
++
  ```json
+ {
      "installed_version":"<version>"
+ }
  ```
--
  ## u.pro.attach.magic.initiate.v1
++
++Introduced in Ubuntu Pro Client Version: `27.11~`
++
  Initiates the Magic Attach flow, retrieving the User Code to confirm the
  operation and the Token used to proceed.
  ### Args
++
  This endpoint takes no arguments.
  ### Python API interaction
++
  #### Calling from Python code
++
  ```python
  from uaclient.api.u.pro.attach.magic.initiate.v1 import initiate
@@ -94,29 +160,35 @@ result = initiate()
  ```
  #### Expected return object:
++
  `uaclient.api.u.pro.attach.magic.initiate.v1.MagicAttachInitiateResult`
  |Field Name|Type|Description|
  |-|-|-|
--|user_code|str|Code the user will see in the UI when confirming the Magic Attach|
--|token|str|Magic token used by the tooling to continue the operation|
--|expires|str|Timestamp of the Magic Attach process expiration|
--|expires_in|int|Seconds before the Magic Attach process expires|
--
++|`user_code`|*str*|Code the user will see in the UI when confirming the Magic Attach|
++|`token`|*str*|Magic Token used by the tooling to continue the operation|
++|`expires`|*str*|Timestamp of the Magic Attach process expiration|
++|`expires_in`|*int*|Seconds before the Magic Attach process expires|
--### Raised Exceptions
++### Raised exceptions
--- `ConnectivityError`: raised if it is not possible to connect to the Contracts Server
--- `ContractAPIError`: raised if there is an unexpected error in the Contracts Server interaction
--- `MagicAttachUnavailable`: raised if the Magic Attach service is busy or unavailable at the moment
++- `ConnectivityError`: Raised if it is not possible to connect to the Contracts
++  Server.
++- `ContractAPIError`: Raised if there is an unexpected error in the Contracts
++  Server interaction.
++- `MagicAttachUnavailable`: Raised if the Magic Attach service is busy or
++  unavailable at the moment.
  ### CLI interaction
++
  #### Calling from the CLI:
++
  ```bash
  pro api u.pro.attach.magic.initiate.v1
  ```
  #### Expected attributes in JSON structure
++
  ```json
+ {
      "user_code":"<UI_code>",
@@ -126,16 +198,20 @@ pro api u.pro.attach.magic.initiate.v1
+ }
  ```
++## u.pro.attach.magic.wait.v1
++Introduced in Ubuntu Pro Client Version: `27.11~`
--## u.pro.attach.magic.wait.v1
  Polls the contract server waiting for the user to confirm the Magic Attach.
  ### Args
--- `magic_token`: The token provided by the initiate endpoint
++
++- `magic_token`: The Token provided by the initiate endpoint.
  ### Python API interaction
++
  #### Calling from Python code
++
  ```python
  from uaclient.api.u.pro.attach.magic.wait.v1 import MagicAttachWaitOptions, wait
@@ -144,33 +220,38 @@ result = wait(options)
  ```
  #### Expected return object:
++
  `uaclient.api.u.pro.attach.magic.wait.v1.MagicAttachWaitResult`
  |Field Name|Type|Description|
  |-|-|-|
--|user_code|str|Code the user will see in the UI when confirming the Magic Attach|
--|token|str|Magic token used by the tooling to continue the operation|
--|expires|str|Timestamp of the Magic Attach process expiration|
--|expires_in|int|Seconds before the Magic Attach process expires|
--|contract_id|str|ID of the contract the machine will be attached to|
--|contract_token|str|The contract token to attach the machine|
--
--
--### Raised Exceptions
--
--- `ConnectivityError`: raised if it is not possible to connect to the Contracts Server
--- `ContractAPIError`: raised if there is an unexpected error in the Contracts Server interaction
--- `MagicAttachTokenError`: raised when an invalid/expired token is sent
--- `MagicAttachUnavailable`: raised if the Magic Attach service is busy or unavailable at the moment
--
++|`user_code`|*str*|Code the user will see in the UI when confirming the Magic Attach|
++|`token`|*str*|Magic Token used by the tooling to continue the operation|
++|`expires`|*str*|Timestamp of the Magic Attach process expiration|
++|`expires_in`|*int*|Seconds before the Magic Attach process expires|
++|`contract_id`|*str*|ID of the contract the machine will be attached to|
++|`contract_token`|*str*|The contract Token to attach the machine|
++
++### Raised exceptions
++
++- `ConnectivityError`: Raised if it is not possible to connect to the Contracts
++  Server.
++- `ContractAPIError`: Raised if there is an unexpected error in the Contracts
++  Server interaction.
++- `MagicAttachTokenError`: Raised when an invalid/expired Token is sent.
++- `MagicAttachUnavailable`: Raised if the Magic Attach service is busy or
++  unavailable at the moment.
  ### CLI interaction
++
  #### Calling from the CLI:
++
  ```bash
  pro api u.pro.attach.magic.wait.v1 --args magic_token=<magic_token>
  ```
  #### Expected attributes in JSON structure
++
  ```json
+ {
      "user_code":"<UI_code>",
@@ -182,15 +263,20 @@ pro api u.pro.attach.magic.wait.v1 --args magic_token=<magic_token>
+ }
  ```
--
  ## u.pro.attach.magic.revoke.v1
--Revokes a magic attach token.
++
++Introduced in Ubuntu Pro Client Version: `27.11~`
++
++Revokes a Magic Attach Token.
  ### Args
--- `magic_token`: The token provided by the initiate endpoint
++
++- `magic_token`: The Token provided by the initiate endpoint.
  ### Python API interaction
++
  #### Calling from Python code
++
  ```python
  from uaclient.api.u.pro.attach.magic.revoke.v1 import MagicAttachRevokeOptions, revoke
@@ -199,40 +285,51 @@ result = revoke(options)
  ```
  #### Expected return object:
++
  `uaclient.api.u.pro.attach.magic.wait.v1.MagicAttachRevokeResult`
  No data present in the result.
++### Raised exceptions
--### Raised Exceptions
--
--- `ConnectivityError`: raised if it is not possible to connect to the Contracts Server
--- `ContractAPIError`: raised if there is an unexpected error in the Contracts Server interaction
--- `MagicAttachTokenAlreadyActivated`: raised when trying to revoke a token which was already activated through the UI
--- `MagicAttachTokenError`: raised when an invalid/expired token is sent
--- `MagicAttachUnavailable`: raised if the Magic Attach service is busy or unavailable at the moment
--
++- `ConnectivityError`: Raised if it is not possible to connect to the Contracts
++  Server.
++- `ContractAPIError`: Raised if there is an unexpected error in the Contracts
++  Server interaction.
++- `MagicAttachTokenAlreadyActivated`: Raised when trying to revoke a Token
++  which was already activated through the UI.
++- `MagicAttachTokenError`: Raised when an invalid/expired Token is sent.
++- `MagicAttachUnavailable`: Raised if the Magic Attach service is busy or
++  unavailable at the moment.
  ### CLI interaction
++
  #### Calling from the CLI:
++
  ```bash
  pro api u.pro.attach.magic.revoke.v1 --args magic_token=<token>
  ```
  #### Expected attributes in JSON structure
++
  ```json
  {}
  ```
--
  ## u.pro.attach.auto.should_auto_attach.v1
++
++Introduced in Ubuntu Pro Client Version: `27.11~`
++
  Checks if a given system should run auto-attach on boot.
  ### Args
++
  This endpoint takes no arguments.
  ### Python API interaction
++
  #### Calling from Python code
++
  ```python
  from uaclient.api.u.pro.attach.auto.should_auto_attach.v1 import should_auto_attach
@@ -240,40 +337,53 @@ result = should_auto_attach()
  ```
  #### Expected return object:
++
  `uaclient.api.u.pro.attach.auto.should_auto_attach.v1.ShouldAutoAttachResult`
  |Field Name|Type|Description|
  |-|-|-|
--|should_auto_attach|bool|True if the system should run auto-attach on boot|
++|`should_auto_attach`|*bool*|True if the system should run auto-attach on boot|
++
++### Raised exceptions
--### Raised Exceptions
  No exceptions raised by this endpoint.
  ### CLI interaction
++
  #### Calling from the CLI:
++
  ```bash
  pro api u.pro.attach.auto.should_auto_attach.v1
  ```
  #### Expected attributes in JSON structure
++
  ```json
+ {
      "should_auto_attach": false
+ }
  ```
--
  ## u.pro.attach.auto.full_auto_attach.v1
++
++Introduced in Ubuntu Pro Client Version: `27.11~`
++
  Runs the whole auto-attach process on the system.
  ### Args
--- `enable`: optional list of services to enable after auto-attaching
--- `enable_beta`: optional list of beta services to enable after auto-attaching
--> If none of the lists are set, the services will be enabled based on the contract definitions.
++- `enable`: Optional list of services to enable after auto-attaching.
++- `enable_beta`: Optional list of beta services to enable after auto-attaching.
++
++```{note}
++If none of the lists are set, the services will be enabled based on the
++contract definitions.
++```
  ### Python API interaction
++
  #### Calling from Python code
++
  ```python
  from uaclient.api.u.pro.attach.auto.full_auto_attach.v1 import full_auto_attach, FullAutoAttachOptions
@@ -282,46 +392,70 @@ result = full_auto_attach(options)
  ```
  #### Expected return object:
++
  `uaclient.api.u.pro.attach.auto.full_auto_attach.v1.FullAutoAttachResult`
  No data present in the result.
--### Raised Exceptions
--
--- `AlreadyAttachedError`: raised if running on a machine which is already attached to a Pro subscription
--- `AutoAttachDisabledError`: raised if `disable_auto_attach: true` in uaclient.conf
--- `ConnectivityError`: raised if it is not possible to connect to the Contracts Server
--- `ContractAPIError`: raised if there is an unexpected error in the Contracts Server interaction
--- `EntitlementsNotEnabledError`: raised if the client fails to enable any of the entitlements
--  (whether present in any of the lists or listed in the contract)
--- `LockHeldError`: raised if another Client process is holding the lock on the machine
--- `NonAutoAttachImageError`: raised if the cloud where the system is running does not support auto-attach
--- `UserFacingError`: raised if:
--  - the client is unable to determine on which cloud the system is running
--  - the image where the client is running does not support auto-attach
--
++### Raised exceptions
++
++- `AlreadyAttachedError`: Raised if running on a machine which is already
++  attached to a Pro subscription.
++- `AutoAttachDisabledError`: Raised if `disable_auto_attach: true` in
++  `uaclient.conf`.
++- `ConnectivityError`: Raised if it is not possible to connect to the Contracts
++  Server.
++- `ContractAPIError`: Raised if there is an unexpected error in the Contracts
++  Server interaction.
++- `EntitlementsNotEnabledError`: Raised if the Client fails to enable any of
++  the entitlements (whether present in any of the lists or listed in the
++  contract).
++- `LockHeldError`: Raised if another Client process is holding the lock on the
++  machine.
++- `NonAutoAttachImageError`: Raised if the cloud where the system is running
++  does not support auto-attach.
++- `UserFacingError`: Raised if:
++  - The Client is unable to determine which cloud the system is running on.
++  - The image where the Client is running does not support auto-attach.
  ### CLI interaction
++
  #### Calling from the CLI:
--This endpoint currently has no CLI support. Only the Python-based version is available.
++This endpoint currently has no CLI support. Only the Python-based version is
++available.
  ## u.pro.attach.auto.configure_retry_service.v1
--Configures options for the retry auto attach functionality and create file that will activate the retry auto attach functionality if `ubuntu-advantage.service` runs.
--Note that this does not start `ubuntu-advantage.service`. This makes it useful for calling during the boot process `Before: ubuntu-advantage.service` so that when `ubuntu-advantage.service` starts, its ConditionPathExists check passes and executes the retry auto attach function.
++Introduced in Ubuntu Pro Client Version: `27.12~`
--If you call this function outside of the boot process and would like the retry auto attach functionality to actually start, you'll need to call something like `systemctl start ubuntu-advantage.service`.
++Configures options for the retry auto-attach functionality, and creates files
++that will activate the retry auto-attach functionality if
++`ubuntu-advantage.service` runs.
++Note that this does not start `ubuntu-advantage.service`. This makes it useful
++for calling during the boot process `Before: ubuntu-advantage.service` so that
++when `ubuntu-advantage.service` starts, its `ConditionPathExists` check passes
++and activates the retry auto-attach function.
++
++If you call this function outside of the boot process and would like the retry
++auto-attach functionality to actually start, you'll need to call something
++like `systemctl start ubuntu-advantage.service`.
  ### Args
--- `enable`: optional list of services to enable after auto-attaching
--- `enable_beta`: optional list of beta services to enable after auto-attaching
--> If none of the lists are set, the services will be enabled based on the contract definitions.
++- `enable`: Optional list of services to enable after auto-attaching.
++- `enable_beta`: Optional list of beta services to enable after auto-attaching.
++
++```{note}
++If none of the lists are set, the services will be enabled based on the
++contract definitions.
++```
  ### Python API interaction
++
  #### Calling from Python code
++
  ```python
  from uaclient.api.u.pro.attach.auto.configure_retry_service.v1 import configure_retry_service, ConfigureRetryServiceOptions
@@ -330,26 +464,36 @@ result = configure_retry_service(options)
  ```
  #### Expected return object:
++
  `uaclient.api.u.pro.attach.auto.configure_retry_service.v1.ConfigureRetryServiceResult`
  No data present in the result.
--### Raised Exceptions
++### Raised exceptions
++
  No exceptions raised by this endpoint.
  ### CLI interaction
++
  #### Calling from the CLI:
--This endpoint currently has no CLI support. Only the Python-based version is available.
++This endpoint currently has no CLI support. Only the Python-based version is
++available.
  ## u.pro.security.status.livepatch_cves.v1
--Lists Livepatch patches for the current running kernel.
++
++Introduced in Ubuntu Pro Client Version: `27.12~`
++
++Lists Livepatch patches for the currently-running kernel.
  ### Args
++
  This endpoint takes no arguments.
  ### Python API interaction
++
  #### Calling from Python code
++
  ```python
  from uaclient.api.u.pro.security.status.livepatch_cves.v1 import livepatch_cves
@@ -357,30 +501,33 @@ result = livepatch_cves()
  ```
  #### Expected return object:
++
  `uaclient.api.u.pro.security.status.livepatch_cves.v1.LivepatchCVEsResult`
  |Field Name|Type|Description|
  |-|-|-|
--|fixed_cves|list(LivepatchCVEObject)|List of Livepatch patches for the given system|
++|`fixed_cves`|*list(LivepatchCVEObject)*|List of Livepatch patches for the given system|
  `uaclient.api.u.pro.security.status.livepatch_cves.v1.LivepatchCVEObject`
  |Field Name|Type|Description|
  |-|-|-|
--|name|str|Name (ID) of the CVE|
--|patched|bool|Livepatch has patched the CVE|
++|`name`|*str*|Name (ID) of the CVE|
++|`patched`|*bool*|Livepatch has patched the CVE|
++### Raised exceptions
--### Raised Exceptions
  No exceptions raised by this endpoint.
--
  ### CLI interaction
++
  #### Calling from the CLI:
++
  ```bash
  pro api u.pro.security.status.livepatch_cves.v1
  ```
  #### Expected attributes in JSON structure
++
  ```json
+ {
      "fixed_cves":[
@@ -396,19 +543,25 @@ pro api u.pro.security.status.livepatch_cves.v1
+ }
  ```
--
  ## u.pro.security.status.reboot_required.v1
--Informs if the system should be rebooted or not.
--Possible outputs are:
--- yes: the system should be rebooted
--- no: there is no need to reboot the system
--- yes-kernel-livepatches-applied: there are livepatch patches applied to the current kernel, but a reboot is required for an update to take place. This reboot can wait until the next maintenance window.
++
++Introduced in Ubuntu Pro Client Version: `27.12~`
++
++Informs if the system should be rebooted or not. Possible outputs are:
++- `yes`: The system should be rebooted.
++- `no`: There is no need to reboot the system.
++- `yes-kernel-livepatches-applied`: There are Livepatch patches applied to the
++  current kernel, but a reboot is required for an update to take place. This
++  reboot can wait until the next maintenance window.
  ### Args
++
  This endpoint takes no arguments.
  ### Python API interaction
++
  #### Calling from Python code
++
  ```python
  from uaclient.api.u.pro.security.status.reboot_required.v1 import reboot_required
@@ -416,38 +569,47 @@ result = reboot_required()
  ```
  #### Expected return object:
++
  `uaclient.api.u.pro.security.status.reboot_required.v1.RebootRequiredResult`
  |Field Name|Type|Description|
  |-|-|-|
--|reboot_required|str|One of the descriptive strings indicating if the system should be rebooted|
++|`reboot_required`|*str*|One of the descriptive strings indicating if the system should be rebooted|
--### Raised Exceptions
--No exceptions raised by this endpoint.
++### Raised exceptions
++No exceptions raised by this endpoint.
  ### CLI interaction
++
  #### Calling from the CLI:
++
  ```bash
  pro api u.pro.security.status.reboot_required.v1
  ```
  #### Expected attributes in JSON structure
++
  ```json
+ {
      "reboot_required": "yes|no|yes-kernel-livepatches-applied"
+ }
  ```
--
  ## u.pro.packages.summary.v1
++
++Introduced in Ubuntu Pro Client Version: `27.12~`
++
  Shows a summary of installed packages in the system, categorized by origin.
  ### Args
++
  This endpoint takes no arguments.
  ### Python API interaction
++
  #### Calling from Python code
++
  ```python
  from uaclient.api.u.pro.packages.summary.v1 import summary
@@ -455,37 +617,40 @@ result = summary()
  ```
  #### Expected return object:
++
  `uaclient.api.u.pro.packages.summary.v1.PackageSummaryResult`
  |Field Name|Type|Description|
  |-|-|-|
--|summary|PackageSummary|Summary of all installed packages|
++|`summary`|*PackageSummary*|Summary of all installed packages|
  `uaclient.api.u.pro.packages.summary.v1.PackageSummary`
  |Field Name|Type|Description|
  |-|-|-|
--|num_installed_packages|int|Total count of installed packages|
--|num_esm_apps_packages|int|Count of packages installed from esm-apps|
--|num_esm_infra_packages|int|Count of packages installed from esm-infra|
--|num_main_packages|int|Count of packages installed from main|
--|num_multiverse_packages|int|Count of packages installed from multiverse|
--|num_restricted_packages|int|Count of packages installed from restricted|
--|num_third_party_packages|int|Count of packages installed from third party sources|
--|num_universe_packages|int|Count of packages installed from universe|
--|num_unknown_packages|int|Count of packages installed from unknown sources|
--
--
--### Raised Exceptions
--No exceptions raised by this endpoint.
++|`num_installed_packages`|*int*|Total count of installed packages|
++|`num_esm_apps_packages`|*int*|Count of packages installed from `esm-apps`|
++|`num_esm_infra_packages`|*int*|Count of packages installed from `esm-infra`|
++|`num_main_packages`|*int*|Count of packages installed from `main`|
++|`num_multiverse_packages`|*int*|Count of packages installed from `multiverse`|
++|`num_restricted_packages`|*int*|Count of packages installed from `restricted`|
++|`num_third_party_packages`|*int*|Count of packages installed from third party sources|
++|`num_universe_packages`|*int*|Count of packages installed from `universe`|
++|`num_unknown_packages`|*int*|Count of packages installed from unknown sources|
++
++### Raised exceptions
++No exceptions raised by this endpoint.
  ### CLI interaction
++
  #### Calling from the CLI:
++
  ```bash
  pro api u.pro.packages.summary.v1
  ```
  #### Expected attributes in JSON structure
++
  ```json
+ {
      "summary":{
@@ -502,15 +667,21 @@ pro api u.pro.packages.summary.v1
+ }
  ```
--
  ## u.pro.packages.updates.v1
--Shows available updates for packages in a system, categorized by where they can be obtained.
++
++Introduced in Ubuntu Pro Client Version: `27.12~`
++
++Shows available updates for packages in a system, categorized by where they
++can be obtained.
  ### Args
++
  This endpoint takes no arguments.
  ### Python API interaction
++
  #### Calling from Python code
++
  ```python
  from uaclient.api.u.pro.packages.updates.v1 import updates
@@ -518,44 +689,48 @@ result = updates()
  ```
  #### Expected return object:
++
  `uaclient.api.u.pro.packages.updates.v1.PackageUpdatesResult`
  |Field Name|Type|Description|
  |-|-|-|
--|summary|UpdateSummary|Summary of all available updates|
--|updates|list(UpdateInfo)|Detailed list of all available updates|
++|`summary`|*UpdateSummary*|Summary of all available updates|
++|`updates`|*list(UpdateInfo)*|Detailed list of all available updates|
  `uaclient.api.u.pro.packages.updates.v1.UpdateSummary`
  |Field Name|Type|Description|
  |-|-|-|
--|num_updates|int|Total count of available updates|
--|num_esm_apps_updates|int|Count of available updates from esm-apps|
--|num_esm_infra_updates|int|Count of available updates from esm-infra|
--|num_standard_security_updates|int|Count of available updates from the -security pocket|
--|num_standard_updates|int|Count of available updates from the -updates pocket|
++|`num_updates`|*int*|Total count of available updates|
++|`num_esm_apps_updates`|*int*|Count of available updates from `esm-apps`|
++|`num_esm_infra_updates`|*int*|Count of available updates from `esm-infra`|
++|`num_standard_security_updates`|*int*|Count of available updates from the `-security` pocket|
++|`num_standard_updates`|*int*|Count of available updates from the `-updates` pocket|
  `uaclient.api.u.pro.packages.updates.v1.UpdateInfo`
  |Field Name|Type|Description|
  |-|-|-|
--|download_size|int|Download size for the update in bytes|
--|origin|str|Where the update is downloaded from|
--|package|str|Name of the package to be updated|
--|provided_by|str|Service which provides the update|
--|status|str|Whether this update is ready for download or not|
--|version|str|Version of the update|
--
--### Raised Exceptions
--No exceptions raised by this endpoint.
++|`download_size`|*int*|Download size for the update in bytes|
++|`origin`|*str*|Where the update is downloaded from|
++|`package`|*str*|Name of the package to be updated|
++|`provided_by`|*str*|Service which provides the update|
++|`status`|*str*|Whether this update is ready for download or not|
++|`version`|*str*|Version of the update|
++### Raised exceptions
++
++No exceptions raised by this endpoint.
  ### CLI interaction
++
  #### Calling from the CLI:
++
  ```bash
  pro api u.pro.packages.updates.v1
  ```
  #### Expected attributes in JSON structure
++
  ```json
+ {
      "summary":{
@@ -578,16 +753,21 @@ pro api u.pro.packages.updates.v1
+ }
  ```
--
  ## u.security.package_manifest.v1
--Returns the status of installed packages (apt and snap), formatted as a
--manifest file (i.e. `package_name\tversion`)
++
++Introduced in Ubuntu Pro Client Version: `27.12~`
++
++Returns the status of installed packages (`apt` and `snap`), formatted as a
++manifest file (i.e. `package_name\tversion`).
  ### Args
++
  This endpoint takes no arguments.
  ### Python API interaction
++
  #### Calling from Python code
++
  ```python
  from uaclient.api.u.security.package_manifest.v1 import package_manifest
@@ -595,23 +775,27 @@ result = package_manifest()
  ```
  #### Expected return object:
++
  `uaclient.api.u.security.package_manifest.v1.PackageManifestResult`
  |Field Name|Type|Description|
  |-|-|-|
--|manifest_data|str|Manifest of apt and snap packages installed on the system|
++|`manifest_data`|*str*|Manifest of `apt` and `snap` packages installed on the system|
--### Raised Exceptions
--No exceptions raised by this endpoint.
++### Raised exceptions
++No exceptions raised by this endpoint.
  ### CLI interaction
++
  #### Calling from the CLI:
++
  ```bash
  pro api u.security.package_manifest.v1
  ```
  #### Expected attributes in JSON structure
++
  ```json
+ {
      "package_manifest":"package1\t1.0\npackage2\t2.3\n"
 diff --git a/docs/references/network_requirements.md b/docs/references/network_requirements.md
 index 505f081..cb25256 100644
 --- a/docs/references/network_requirements.md
 +++ b/docs/references/network_requirements.md
@@ -1,18 +1,35 @@
--# Ubuntu Pro Client Network Requirements
++# Ubuntu Pro Client network requirements
--Using the Ubuntu Pro Client to enable support services will rely on network access to obtain updated service
--credentials, add APT repositories to install deb packages and install [snap packages](https://snapcraft.io/about) when
--Livepatch is enabled. Also see the Proxy Configuration explanation to inform Ubuntu Pro Client of HTTP(S)/APT proxies.
++Using the Ubuntu Pro Client to enable support services will rely on network
++access to:
--Ensure the managed system has access to the following port:urls if in a network-limited environment:
++- Obtain updated service credentials
++- Add APT repositories to install `deb` packages
++- Install [`snap` packages](https://snapcraft.io/about) when Livepatch is
++  enabled.
--* 443:https://contracts.canonical.com/ - HTTP PUTs, GETs and POSTs for Ubuntu Pro Client interaction
--* 443:https://esm.ubuntu.com/\* - APT repository access for most services
++```{seealso}
--Enabling kernel Livepatch require additional network egress:
++You can also refer to our [Proxy Configuration guide](/../howtoguides/configure_proxies.md)
++to learn how to inform Ubuntu Pro Client of HTTP(S)/APT proxies.
++```
--* snap endpoints required in order to install and run snaps as defined in [snap forum network-requirements post](https://forum.snapcraft.io/t/network-requirements/5147)
--* 443:api.snapcraft.io
--* 443:dashboard.snapcraft.io
--* 443:login.ubuntu.com
--* 443:\*.snapcraftcontent.com - Download CDNs
++## Network-limited
++
++Ensure the managed system has access to the following port:urls if in a
++network-limited environment:
++
++* `443:https://contracts.canonical.com/`: HTTP PUTs, GETs and POSTs for Ubuntu
++  Pro Client interaction.
++* `443:https://esm.ubuntu.com/\*`: APT repository access for most services.
++
++## Enable kernel Livepatch
++
++Enabling kernel Livepatch requires additional network egress:
++
++* `snap` endpoints required in order to install and run snaps as defined in
++  [snap forum network-requirements post](https://forum.snapcraft.io/t/network-requirements/5147)
++* `443:api.snapcraft.io`
++* `443:dashboard.snapcraft.io`
++* `443:login.ubuntu.com`
++* `443:\*.snapcraftcontent.com` - Download CDNs
 diff --git a/docs/references/ppas.md b/docs/references/ppas.md
 index 0642714..05f99ec 100644
 --- a/docs/references/ppas.md
 +++ b/docs/references/ppas.md
@@ -1,9 +1,30 @@
--# Available PPAs with different version of Ubuntu Pro Client
--There are 3 PPAs with different release channels of the Ubuntu Pro Client:
--
--1. Stable: This contains stable builds only which have been verified for release into Ubuntu stable releases or Ubuntu Pro images.
--    - add with `sudo add-apt-repository ppa:ua-client/stable`
--2. Staging: This contains builds under validation for release to stable Ubuntu releases and images
--    - add with `sudo add-apt-repository ppa:ua-client/staging`
--3. Daily: This PPA is updated every day with the latest changes.
--    - add with `sudo add-apt-repository ppa:ua-client/daily`
++# Ubuntu Pro Client PPAs
++
++There are three Personal Package Archives (PPAs) with different release
++channels in the Ubuntu Pro Client: *Stable*, *Staging*, and *Daily*.
++
++## Stable
++
++This contains stable builds only, which have been verified for release into
++Ubuntu stable releases or Ubuntu Pro images. You can add it with:
++
++```
++sudo add-apt-repository ppa:ua-client/stable
++```
++
++## Staging
++
++This contains builds *under validation* for release to stable Ubuntu releases
++and images. You can add it with:
++
++```
++sudo add-apt-repository ppa:ua-client/staging
++```
++
++## Daily
++
++This PPA is updated every day with the latest changes. You can add it with:
++
++```
++sudo add-apt-repository ppa:ua-client/daily
++```
 diff --git a/docs/references/support_matrix.md b/docs/references/support_matrix.md
 index 0f35f70..09cfa6d 100644
 --- a/docs/references/support_matrix.md
 +++ b/docs/references/support_matrix.md
@@ -1,19 +1,19 @@
--# Support Matrix for the client
++# Support matrix for the Ubuntu Pro Client
--Ubuntu Pro services are only available on Ubuntu Long Term Support (LTS) releases.
++Ubuntu Pro services are only available on Ubuntu Long Term Support (LTS)
++releases.
--On interim Ubuntu releases, `pro status` will report most of the services as 'n/a' and disallow enabling those services.
++On interim Ubuntu releases, `pro status` will report most of the services as
++"n/a" (not applicable), and disallow enabling those services.
--Below is a list of platforms and releases ubuntu-advantage-tools supports
++Here is a list of platforms and releases that `ubuntu-advantage-tools` supports.
--| Ubuntu Release | Build Architectures                                | Support Level              |
--| -------------- | -------------------------------------------------- | -------------------------- |
--| Trusty         | amd64, arm64, armhf, i386, powerpc, ppc64el        | Last release 19.6          |
--| Xenial         | amd64, arm64, armhf, i386, powerpc, ppc64el, s390x | Active SRU of all features |
--| Bionic         | amd64, arm64, armhf, i386, ppc64el, s390x          | Active SRU of all features |
--| Focal          | amd64, arm64, armhf, ppc64el, riscv64, s390x       | Active SRU of all features |
--| Groovy         | amd64, arm64, armhf, ppc64el, riscv64, s390x       | Last release 27.1          |
--| Hirsute        | amd64, arm64, armhf, ppc64el, riscv64, s390x       | Last release 27.5          |
--| Impish         | amd64, arm64, armhf, ppc64el, riscv64, s390x       | Last release 27.9          |
--| Jammy          | amd64, arm64, armhf, ppc64el, riscv64, s390x       | Active SRU of all features |
--| Kinetic        | amd64, arm64, armhf, ppc64el, riscv64, s390x       | Active SRU of all features |
++| Ubuntu Release | Build Architectures                                | Initial Release | Final Release              |
++| -------------- | -------------------------------------------------- | --------------- | -------------------------- |
++| Trusty         | amd64, arm64, armhf, i386, powerpc, ppc64el        | None            | 19.6                       |
++| Xenial         | amd64, arm64, armhf, i386, powerpc, ppc64el, s390x | None            | Active SRU of all features |
++| Bionic         | amd64, arm64, armhf, i386, ppc64el, s390x          | 17              | Active SRU of all features |
++| Focal          | amd64, arm64, armhf, ppc64el, riscv64, s390x       | 20.3            | Active SRU of all features |
++| Jammy          | amd64, arm64, armhf, ppc64el, riscv64, s390x       | 27.7            | Active SRU of all features |
++| Kinetic        | amd64, arm64, armhf, ppc64el, riscv64, s390x       | 27.11.2         | Active SRU of all features |
++| Lunar          | amd64, arm64, armhf, ppc64el, riscv64, s390x       | TBD             | Active SRU of all features |
 diff --git a/features/_version.feature b/features/_version.feature
 index 8d1cea5..2a575d8 100644
 --- a/features/_version.feature
 +++ b/features/_version.feature
@@ -25,6 +25,14 @@ Feature: Pro is expected version
          """
          $behave_var{version}
          """
++        # The following doesn't actually assert anything. It merely ensures that the output of
++        # apt-cache policy ubuntu-advantage-tools on the test machine is included in our test output.
++        # This is useful to manually verify the package is installed from the correct source e.g. -proposed.
++        When I check the apt-cache policy of ubuntu-advantage-tools
++        Then the apt-cache policy of ubuntu-advantage-tools is
++        """
++        THIS GETS REPLACED AT RUNTIME VIA A HACK IN steps/ubuntu_advantage_tools.py
++        """
          Examples: version
              | release |
              | xenial  |
@@ -50,6 +58,14 @@ Feature: Pro is expected version
          """
          $behave_var{version}
          """
++        # The following doesn't actually assert anything. It merely ensures that the output of
++        # apt-cache policy ubuntu-advantage-tools on the test machine is included in our test output.
++        # This is useful to manually verify the package is installed from the correct source e.g. -proposed.
++        When I check the apt-cache policy of ubuntu-advantage-tools
++        Then the apt-cache policy of ubuntu-advantage-tools is
++        """
++        THIS GETS REPLACED AT RUNTIME VIA A HACK IN steps/ubuntu_advantage_tools.py
++        """
          Examples: version
              | release |
              | xenial  |
 diff --git a/features/api_packages.feature b/features/api_packages.feature
 index 82d6b99..e22798b 100644
 --- a/features/api_packages.feature
 +++ b/features/api_packages.feature
@@ -21,16 +21,18 @@ Feature: Package related API endpoints
          # Install some outdated package
          And I run `apt install <package>=<outdated_version> -y --allow-downgrades` with sudo
          # See the update there
--        When I run `pro api u.pro.packages.updates.v1` as non-root
++        When I store candidate version of package `<package>`
++        And I regexify `candidate` stored var
++        And I run `pro api u.pro.packages.updates.v1` as non-root
          Then stdout matches regexp:
          """
--        {"download_size": \d+, "origin": ".+", "package": "<package>", "provided_by": "<provided_by>", "status": "upgrade_available", "version": "<candidate_version>"}
++        {"download_size": \d+, "origin": ".+", "package": "<package>", "provided_by": "<provided_by>", "status": "upgrade_available", "version": "$behave_var{stored_var candidate}"}
          """
          Examples: ubuntu release
--            | release | package         | outdated_version | candidate_version        | provided_by       |
--            | xenial  | libcurl3-gnutls | 7.47.0-1ubuntu2  | 7.47.0-1ubuntu2.19\+esm6 | esm-infra         |
--            | bionic  | libcurl4        | 7.58.0-2ubuntu3  | 7.58.0-2ubuntu3.22       | standard-security |
--            | focal   | libcurl4        | 7.68.0-1ubuntu2  | 7.68.0-1ubuntu2.15       | standard-security |
--            | jammy   | libcurl4        | 7.81.0-1         | 7.81.0-1ubuntu1.7        | standard-security |
--            | kinetic | libcurl4        | 7.85.0-1         | 7.85.0-1ubuntu0.2        | standard-security |
++            | release | package         | outdated_version | provided_by       |
++            | xenial  | libcurl3-gnutls | 7.47.0-1ubuntu2  | esm-infra         |
++            | bionic  | libcurl4        | 7.58.0-2ubuntu3  | standard-security |
++            | focal   | libcurl4        | 7.68.0-1ubuntu2  | standard-security |
++            | jammy   | libcurl4        | 7.81.0-1         | standard-security |
++            | kinetic | libcurl4        | 7.85.0-1         | standard-security |
 diff --git a/features/api_security.feature b/features/api_security.feature
 index 9d4c74d..85e8ae8 100644
 --- a/features/api_security.feature
 +++ b/features/api_security.feature
@@ -29,7 +29,17 @@ Feature: API security/security status tests
          """
          When I run `apt update` with sudo
          And I run `apt upgrade -y` with sudo
--        And I run `apt install jq bzip2 libopenscap8 -y` with sudo
++        And I run `apt install jq bzip2 -y` with sudo
++        # Install the oscap version 1.3.7 which solved the epoch error message issue
++        And I run `apt-get install -y cmake libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev libgcrypt20-dev libselinux1-dev libxslt1-dev libgconf2-dev libacl1-dev libblkid-dev libcap-dev libxml2-dev libldap2-dev libpcre3-dev swig libxml-parser-perl libxml-xpath-perl libperl-dev libbz2-dev g++ libapt-pkg-dev libyaml-dev libxmlsec1-dev libxmlsec1-openssl` with sudo
++        And I run `wget https://github.com/OpenSCAP/openscap/releases/download/1.3.7/openscap-1.3.7.tar.gz` as non-root
++        And I run `tar xzf openscap-1.3.7.tar.gz` as non-root
++        And I run shell command `mkdir -p openscap-1.3.7/build` as non-root
++        And I run shell command `cd openscap-1.3.7/build/ && cmake ..` with sudo
++        And I run shell command `cd openscap-1.3.7/build/ && make` with sudo
++        And I run shell command `cd openscap-1.3.7/build/ && make install` with sudo
++        # Installs its shared libs in /usr/local/lib/
++        And I run `ldconfig` with sudo
          And I run shell command `pro api u.security.package_manifest.v1 | jq -r '.data.attributes.manifest_data' > manifest` as non-root
          And I run shell command `wget https://security-metadata.canonical.com/oval/oci.com.ubuntu.<release>.usn.oval.xml.bz2` as non-root
          And I run `bunzip2 oci.com.ubuntu.<release>.usn.oval.xml.bz2` as non-root
 diff --git a/features/api_unattended_upgrades.feature b/features/api_unattended_upgrades.feature
 new file mode 100644
 index 0000000..43f0ef6
 --- /dev/null
 +++ b/features/api_unattended_upgrades.feature
@@ -0,0 +1,207 @@
++Feature: api.u.unattended_upgrades.status.v1
++
++    @series.all
++    @uses.config.machine_type.lxd.container
++    Scenario Outline: v1 unattended upgrades status
++        Given a `<release>` machine with ubuntu-advantage-tools installed
++        When I run `pro api u.unattended_upgrades.status.v1` as non-root
++        Then stdout matches regexp:
++        """
++        {"_schema_version": "v1", "data": {"attributes": {"apt_periodic_job_enabled": true, "package_lists_refresh_frequency_days": 1, "systemd_apt_timer_enabled": true, "unattended_upgrades_allowed_origins": \["\$\{distro_id\}:\$\{distro_codename\}", "\$\{distro_id\}:\$\{distro_codename\}\-security", "\$\{distro_id\}ESMApps:\$\{distro_codename\}\-apps-security", "\$\{distro_id\}ESM:\$\{distro_codename\}\-infra-security"\], "unattended_upgrades_disabled_reason": null, "unattended_upgrades_frequency_days": 1, "unattended_upgrades_last_run": null, "unattended_upgrades_running": true}, "meta": {"environment_vars": \[\], "raw_config": {"APT::Periodic::Enable": "1", "APT::Periodic::Unattended-Upgrade": "1", "APT::Periodic::Update-Package-Lists": "1", "Unattended-Upgrade::Allowed-Origins": \["\$\{distro_id\}:\$\{distro_codename\}", "\$\{distro_id\}:\$\{distro_codename\}\-security", "\$\{distro_id\}ESMApps:\$\{distro_codename\}\-apps-security", "\$\{distro_id\}ESM:\$\{distro_codename\}\-infra-security"\][,]?\s*<extra_field>}}, "type": "UnattendedUpgradesStatus"}, "errors": \[\], "result": "success", "version": ".*", "warnings": \[\]}
++        """
++        When I create the file `/etc/apt/apt.conf.d/99test` with the following:
++        """
++        APT::Periodic::Enable "0";
++        """
++        And I run `apt-get update` with sudo
++        And I run `apt-get install jq -y` with sudo
++        And I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.apt_periodic_job_enabled` as non-root
++        Then I will see the following on stdout:
++        """
++        false
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_running` as non-root
++        Then I will see the following on stdout:
++        """
++        false
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_disabled_reason.msg` as non-root
++        Then I will see the following on stdout:
++        """
++        "APT::Periodic::Enable is turned off"
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_disabled_reason.code` as non-root
++        Then I will see the following on stdout:
++        """
++        "unattended-upgrades-cfg-value-turned-off"
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq '.data.meta.raw_config.\"APT::Periodic::Enable\"'` as non-root
++        Then I will see the following on stdout:
++        """
++        "0"
++        """
++        When I create the file `/etc/apt/apt.conf.d/99test` with the following:
++        """
++        APT::Periodic::Update-Package-Lists "0";
++        """
++        And I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.apt_periodic_job_enabled` as non-root
++        Then I will see the following on stdout:
++        """
++        true
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.package_lists_refresh_frequency_days` as non-root
++        Then I will see the following on stdout:
++        """
++        0
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_running` as non-root
++        Then I will see the following on stdout:
++        """
++        false
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_disabled_reason.msg` as non-root
++        Then I will see the following on stdout:
++        """
++        "APT::Periodic::Update-Package-Lists is turned off"
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_disabled_reason.code` as non-root
++        Then I will see the following on stdout:
++        """
++        "unattended-upgrades-cfg-value-turned-off"
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq '.data.meta.raw_config.\"APT::Periodic::Update-Package-Lists\"'` as non-root
++        Then I will see the following on stdout:
++        """
++        "0"
++        """
++        When I create the file `/etc/apt/apt.conf.d/99test` with the following:
++        """
++        APT::Periodic::Unattended-Upgrade "0";
++        """
++        And I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_frequency_days` as non-root
++        Then I will see the following on stdout:
++        """
++        0
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.package_lists_refresh_frequency_days` as non-root
++        Then I will see the following on stdout:
++        """
++        1
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_running` as non-root
++        Then I will see the following on stdout:
++        """
++        false
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_disabled_reason.msg` as non-root
++        Then I will see the following on stdout:
++        """
++        "APT::Periodic::Unattended-Upgrade is turned off"
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_disabled_reason.code` as non-root
++        Then I will see the following on stdout:
++        """
++        "unattended-upgrades-cfg-value-turned-off"
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq '.data.meta.raw_config.\"APT::Periodic::Unattended-Upgrade\"'` as non-root
++        Then I will see the following on stdout:
++        """
++        "0"
++        """
++        When I run `systemctl stop apt-daily.timer` with sudo
++        And I run `rm /etc/apt/apt.conf.d/99test` with sudo
++        And I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.systemd_apt_timer_enabled` as non-root
++        Then I will see the following on stdout:
++        """
++        false
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_running` as non-root
++        Then I will see the following on stdout:
++        """
++        false
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_disabled_reason.msg` as non-root
++        Then I will see the following on stdout:
++        """
++        "apt-daily.timer jobs are not running"
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_disabled_reason.code` as non-root
++        Then I will see the following on stdout:
++        """
++        "unattended-upgrades-systemd-job-disabled"
++        """
++        When I create the file `/etc/apt/apt.conf.d/50unattended-upgrades` with the following:
++        """
++        APT::Periodic::Unattended-Upgrade "1";
++        """
++        And I run `systemctl start apt-daily.timer` with sudo
++        And I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_frequency_days` as non-root
++        Then I will see the following on stdout:
++        """
++        1
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.systemd_apt_timer_enabled` as non-root
++        Then I will see the following on stdout:
++        """
++        true
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_allowed_origins` as non-root
++        Then I will see the following on stdout:
++        """
++        []
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_running` as non-root
++        Then I will see the following on stdout:
++        """
++        false
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_disabled_reason.msg` as non-root
++        Then I will see the following on stdout:
++        """
++        "Unattended-Upgrade::Allowed-Origins is empty"
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_disabled_reason.code` as non-root
++        Then I will see the following on stdout:
++        """
++        "unattended-upgrades-cfg-list-value-empty"
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq '.data.meta.raw_config.\"Unattended-Upgrade::Allowed-Origins\"'` as non-root
++        Then I will see the following on stdout:
++        """
++        null
++        """
++        When I run `/usr/lib/apt/apt.systemd.daily update` with sudo
++        And I run `/usr/lib/apt/apt.systemd.daily install` with sudo
++        And I run shell command `pro api u.unattended_upgrades.status.v1 | jq .data.attributes.unattended_upgrades_last_run` as non-root
++        Then stdout matches regexp:
++        """
++        "(?!null).*"
++        """
++        When I create the file `/etc/apt/apt.conf.d/99test` with the following:
++        """
++        Unattended-Upgrade::Mail "mail";
++        Unattended-Upgrade::Package-Blacklist {
++            "vim";
++        };
++        """
++        And I run shell command `pro api u.unattended_upgrades.status.v1 | jq '.data.meta.raw_config.\"Unattended-Upgrade::Mail\"'` as non-root
++        Then I will see the following on stdout:
++        """
++        "mail"
++        """
++        When I run shell command `pro api u.unattended_upgrades.status.v1 | jq '.data.meta.raw_config.\"Unattended-Upgrade::Package-Blacklist\"'` as non-root
++        Then I will see the following on stdout:
++        """
++        [
++          "vim"
++        ]
++        """
++
++        Examples: ubuntu release
++           | release | extra_field                               |
++           | xenial  |                                           |
++           | bionic  | "Unattended-Upgrade::DevRelease": "false" |
++           | focal   | "Unattended-Upgrade::DevRelease": "auto"  |
++           | jammy   | "Unattended-Upgrade::DevRelease": "auto"  |
++           | kinetic | "Unattended-Upgrade::DevRelease": "auto"  |
++           | lunar   | "Unattended-Upgrade::DevRelease": "auto"  |
 diff --git a/features/apt_messages.feature b/features/apt_messages.feature
 index acbbe92..401360d 100644
 --- a/features/apt_messages.feature
 +++ b/features/apt_messages.feature
@@ -216,12 +216,14 @@ Feature: APT Messages
            | focal   | hello   |
            | jammy   | hello   |
--    @series.lts
++    @series.all
      @uses.config.machine_type.lxd.container
      Scenario Outline: APT News
          Given a `<release>` machine with ubuntu-advantage-tools installed
          When I attach `contract_token` with sudo
--        When I run `apt-get -o APT::Get::Always-Include-Phased-Updates=true upgrade -y` with sudo
++        # On interim releases we will not enable any service, so we need a manual apt-get update
++        When I run `apt-get update` with sudo
++        When I run `DEBIAN_FRONTEND=noninteractive apt-get -o APT::Get::Always-Include-Phased-Updates=true upgrade -y` with sudo
          When I run `apt-get autoremove -y` with sudo
          When I run `pro detach --assume-yes` with sudo
@@ -246,12 +248,7 @@ Feature: APT Messages
+           ]
+         }
          """
--        # test is too fast and systemd doesn't like triggering motd-news.service
--        # (during pro refresh messages) too frequently
--        # So there are "wait"s before each pro refresh messages call
--        When I wait `1` seconds
          When I run `pro refresh messages` with sudo
--        When I run shell command `rm -f /var/lib/ubuntu-advantage/messages/apt-pre*` with sudo
          When I run `apt upgrade` with sudo
          Then I will see the following on stdout
          """
@@ -293,7 +290,6 @@ Feature: APT Messages
          # apt update stamp will prevent a apt_news refresh
          When I run `apt-get update` with sudo
--        When I run shell command `rm -f /var/lib/ubuntu-advantage/messages/apt-pre*` with sudo
          When I run `apt upgrade` with sudo
          Then I will see the following on stdout
          """
@@ -306,11 +302,9 @@ Feature: APT Messages
+         #
 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
          """
--
++
          # manual refresh gets new message
--        When I wait `1` seconds
          When I run `pro refresh messages` with sudo
--        When I run shell command `rm -f /var/lib/ubuntu-advantage/messages/apt-pre*` with sudo
          When I run `apt upgrade` with sudo
          Then I will see the following on stdout
          """
@@ -325,13 +319,12 @@ Feature: APT Messages
+         #
 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
          """
--
++
          # creates /run/ubuntu-advantage and /var/lib/ubuntu-advantage/messages if not there
          When I run `rm -rf /run/ubuntu-advantage` with sudo
          When I run `rm -rf /var/lib/ubuntu-advantage/messages` with sudo
          When I run `rm /var/lib/apt/periodic/update-success-stamp` with sudo
          When I run `apt-get update` with sudo
--        When I run shell command `rm -f /var/lib/ubuntu-advantage/messages/apt-pre*` with sudo
          When I run `apt upgrade` with sudo
          Then I will see the following on stdout
          """
@@ -346,7 +339,7 @@ Feature: APT Messages
+         #
 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
          """
--
++
          # more than 3 lines ignored
          When I create the file `/var/www/html/aptnews.json` on the `apt-news-server` machine with the following:
          """
@@ -364,9 +357,7 @@ Feature: APT Messages
+           ]
+         }
          """
--        When I wait `1` seconds
          When I run `pro refresh messages` with sudo
--        When I run shell command `rm -f /var/lib/ubuntu-advantage/messages/apt-pre*` with sudo
          When I run `apt upgrade` with sudo
          Then I will see the following on stdout
          """
@@ -376,7 +367,7 @@ Feature: APT Messages
          Calculating upgrade...
 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
          """
--
++
          # more than 77 chars ignored
          When I create the file `/var/www/html/aptnews.json` on the `apt-news-server` machine with the following:
          """
@@ -391,9 +382,7 @@ Feature: APT Messages
+           ]
+         }
          """
--        When I wait `1` seconds
          When I run `pro refresh messages` with sudo
--        When I run shell command `rm -f /var/lib/ubuntu-advantage/messages/apt-pre*` with sudo
          When I run `apt upgrade` with sudo
          Then I will see the following on stdout
          """
@@ -403,7 +392,7 @@ Feature: APT Messages
          Calculating upgrade...
 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
          """
--
++
          # end is respected
          When I create the file `/var/www/html/aptnews.json` on the `apt-news-server` machine with the following:
          """
@@ -419,9 +408,7 @@ Feature: APT Messages
+           ]
+         }
          """
--        When I wait `1` seconds
          When I run `pro refresh messages` with sudo
--        When I run shell command `rm -f /var/lib/ubuntu-advantage/messages/apt-pre*` with sudo
          When I run `apt upgrade` with sudo
          Then I will see the following on stdout
          """
@@ -445,9 +432,7 @@ Feature: APT Messages
+           ]
+         }
          """
--        When I wait `1` seconds
          When I run `pro refresh messages` with sudo
--        When I run shell command `rm -f /var/lib/ubuntu-advantage/messages/apt-pre*` with sudo
          When I run `apt upgrade` with sudo
          Then I will see the following on stdout
          """
@@ -460,7 +445,7 @@ Feature: APT Messages
+         #
 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
          """
--
++
          # begin >30 days ago ignored, even if end is set to future
          When I create the file `/var/www/html/aptnews.json` on the `apt-news-server` machine with the following:
          """
@@ -476,9 +461,7 @@ Feature: APT Messages
+           ]
+         }
          """
--        When I wait `1` seconds
          When I run `pro refresh messages` with sudo
--        When I run shell command `rm -f /var/lib/ubuntu-advantage/messages/apt-pre*` with sudo
          When I run `apt upgrade` with sudo
          Then I will see the following on stdout
          """
@@ -488,7 +471,7 @@ Feature: APT Messages
          Calculating upgrade...
 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
          """
--
++
          # begin in future
          When I create the file `/var/www/html/aptnews.json` on the `apt-news-server` machine with the following:
          """
@@ -503,9 +486,7 @@ Feature: APT Messages
+           ]
+         }
          """
--        When I wait `1` seconds
          When I run `pro refresh messages` with sudo
--        When I run shell command `rm -f /var/lib/ubuntu-advantage/messages/apt-pre*` with sudo
          When I run `apt upgrade` with sudo
          Then I will see the following on stdout
          """
@@ -515,7 +496,7 @@ Feature: APT Messages
          Calculating upgrade...
 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
          """
--
++
          # local apt news overrides for contract expiry notices
          When I create the file `/var/www/html/aptnews.json` on the `apt-news-server` machine with the following:
          """
@@ -532,25 +513,15 @@ Feature: APT Messages
          """
          When I attach `contract_token` with sudo
          When I run `apt upgrade -y` with sudo
--        When I create the file `/tmp/machine-token-overlay.json` with the following:
--        """
--        {
--            "machineTokenInfo": {
--                "contractInfo": {
--                    "effectiveTo": "$behave_var{today +2}"
--                }
--            }
--        }
--        """
--        And I append the following on uaclient config:
++        When I set the machine token overlay to the following yaml
          """
--        features:
--          machine_token_overlay: "/tmp/machine-token-overlay.json"
++        machineTokenInfo:
++          contractInfo:
++            effectiveTo: $behave_var{today +2}
          """
          # test that apt update will trigger hook to update apt_news for local override
          When I run shell command `rm -f /var/lib/apt/periodic/update-success-stamp` with sudo
          When I run `apt-get update` with sudo
--        When I run shell command `rm -f /var/lib/ubuntu-advantage/messages/apt-pre*` with sudo
          When I run `apt upgrade` with sudo
          Then I will see the following on stdout
          """
@@ -565,17 +536,12 @@ Feature: APT Messages
+         #
 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
          """
--        When I create the file `/tmp/machine-token-overlay.json` with the following:
++        When I set the machine token overlay to the following yaml
          """
--        {
--            "machineTokenInfo": {
--                "contractInfo": {
--                    "effectiveTo": "$behave_var{today -3}"
--                }
--            }
--        }
++        machineTokenInfo:
++          contractInfo:
++            effectiveTo: $behave_var{today -3}
          """
--        When I wait `1` seconds
          When I run `pro refresh messages` with sudo
          When I run `apt upgrade` with sudo
          Then stdout matches regexp:
@@ -592,17 +558,12 @@ Feature: APT Messages
+         #
 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
          """
--        When I create the file `/tmp/machine-token-overlay.json` with the following:
++        When I set the machine token overlay to the following yaml
          """
--        {
--            "machineTokenInfo": {
--                "contractInfo": {
--                    "effectiveTo": "$behave_var{today -20}"
--                }
--            }
--        }
++        machineTokenInfo:
++          contractInfo:
++            effectiveTo: $behave_var{today -20}
          """
--        When I wait `1` seconds
          When I run `pro refresh messages` with sudo
          When I run `apt upgrade` with sudo
          Then I will see the following on stdout
@@ -648,6 +609,7 @@ Feature: APT Messages
            | bionic  |
            | focal   |
            | jammy   |
++          | kinetic |
      @series.xenial
      @series.bionic
@@ -655,7 +617,8 @@ Feature: APT Messages
      Scenario Outline: AWS URLs
          Given a `<release>` machine with ubuntu-advantage-tools installed
          When I run `apt-get update` with sudo
--        When I run `pro refresh messages` with sudo
++        When I run `apt-get install ansible -y` with sudo
++        When I run `apt-get update` with sudo
          When I run `apt upgrade --dry-run` with sudo
          Then stdout matches regexp:
          """
@@ -672,7 +635,8 @@ Feature: APT Messages
      Scenario Outline: Azure URLs
          Given a `<release>` machine with ubuntu-advantage-tools installed
          When I run `apt-get update` with sudo
--        When I run `pro refresh messages` with sudo
++        When I run `apt-get install ansible -y` with sudo
++        When I run `apt-get update` with sudo
          When I run `apt upgrade --dry-run` with sudo
          Then stdout matches regexp:
          """
@@ -689,7 +653,8 @@ Feature: APT Messages
      Scenario Outline: GCP URLs
          Given a `<release>` machine with ubuntu-advantage-tools installed
          When I run `apt-get update` with sudo
--        When I run `pro refresh messages` with sudo
++        When I run `apt-get install ansible -y` with sudo
++        When I run `apt-get update` with sudo
          When I run `apt upgrade --dry-run` with sudo
          Then stdout matches regexp:
          """
@@ -699,3 +664,53 @@ Feature: APT Messages
            | release | msg                                                                    |
            | xenial  | Learn more about Ubuntu Pro for 16\.04 at https:\/\/ubuntu\.com\/16-04 |
            | bionic  | Learn more about Ubuntu Pro on GCP at https:\/\/ubuntu\.com\/gcp\/pro  |
++
++    @series.kinetic
++    @uses.config.machine_type.lxd.container
++    Scenario Outline: APT Hook do not advertises esm-apps on upgrade for interim releases
++        Given a `<release>` machine with ubuntu-advantage-tools installed
++        When I run `apt-get update` with sudo
++        When I run `apt-get -o APT::Get::Always-Include-Phased-Updates=true upgrade -y` with sudo
++        When I run `apt-get -y autoremove` with sudo
++        When I run `apt-get install hello -y` with sudo
++        When I run `pro config set apt_news=false` with sudo
++        When I run `pro refresh messages` with sudo
++        When I run `apt upgrade` with sudo
++        Then stdout does not match regexp:
++        """
++        Get more security updates through Ubuntu Pro with 'esm-apps' enabled:
++        """
++        When I run `apt-get upgrade` with sudo
++        Then I will see the following on stdout:
++        """
++        Reading package lists...
++        Building dependency tree...
++        Reading state information...
++        Calculating upgrade...
++        0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
++        """
++        When I attach `contract_token` with sudo
++        When I run `apt upgrade --dry-run` with sudo
++        Then stdout matches regexp:
++        """
++        Reading package lists...
++        Building dependency tree...
++        Reading state information...
++        Calculating upgrade...
++        0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded\.
++        """
++        When I run `apt-get upgrade -y` with sudo
++        When I run `pro detach --assume-yes` with sudo
++        When I run `pro refresh messages` with sudo
++        When I run `apt upgrade` with sudo
++        Then stdout matches regexp:
++        """
++        Reading package lists...
++        Building dependency tree...
++        Reading state information...
++        Calculating upgrade...
++        0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded\.
++        """
++        Examples: ubuntu release
++          | release |
++          | kinetic |
 diff --git a/features/attach_validtoken.feature b/features/attach_validtoken.feature
 index a85b968..da04c06 100644
 --- a/features/attach_validtoken.feature
 +++ b/features/attach_validtoken.feature
@@ -198,25 +198,13 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro
      @uses.config.machine_type.aws.generic
      Scenario Outline: Attach command in an generic AWS Ubuntu VM
         Given a `<release>` machine with ubuntu-advantage-tools installed
--        When I create the file `/tmp/machine-token-overlay.json` with the following:
--        """
--        {
--            "machineTokenInfo": {
--                "contractInfo": {
--                    "resourceEntitlements": [
--                        {
--                            "type": "esm-apps",
--                            "entitled": false
--                        }
--                    ]
--                }
--            }
--        }
--        """
--        And I append the following on uaclient config:
--        """
--        features:
--          machine_token_overlay: "/tmp/machine-token-overlay.json"
++        When I set the machine token overlay to the following yaml
++        """
++        machineTokenInfo:
++          contractInfo:
++            resourceEntitlements:
++              - type: esm-apps
++                entitled: false
          """
          And I attach `contract_token` with sudo
          Then stdout matches regexp:
@@ -247,25 +235,13 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro
      @uses.config.machine_type.azure.generic
      Scenario Outline: Attach command in an generic Azure Ubuntu VM
         Given a `<release>` machine with ubuntu-advantage-tools installed
--        When I create the file `/tmp/machine-token-overlay.json` with the following:
--        """
--        {
--            "machineTokenInfo": {
--                "contractInfo": {
--                    "resourceEntitlements": [
--                        {
--                            "type": "esm-apps",
--                            "entitled": false
--                        }
--                    ]
--                }
--            }
--        }
--        """
--        And I append the following on uaclient config:
--        """
--        features:
--          machine_token_overlay: "/tmp/machine-token-overlay.json"
++        When I set the machine token overlay to the following yaml
++        """
++        machineTokenInfo:
++          contractInfo:
++            resourceEntitlements:
++              - type: esm-apps
++                entitled: false
          """
          And I attach `contract_token` with sudo
          Then stdout matches regexp:
@@ -296,25 +272,13 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro
      @uses.config.machine_type.gcp.generic
      Scenario Outline: Attach command in an generic GCP Ubuntu VM
         Given a `<release>` machine with ubuntu-advantage-tools installed
--        When I create the file `/tmp/machine-token-overlay.json` with the following:
--        """
--        {
--            "machineTokenInfo": {
--                "contractInfo": {
--                    "resourceEntitlements": [
--                        {
--                            "type": "esm-apps",
--                            "entitled": false
--                        }
--                    ]
--                }
--            }
--        }
--        """
--        And I append the following on uaclient config:
--        """
--        features:
--          machine_token_overlay: "/tmp/machine-token-overlay.json"
++        When I set the machine token overlay to the following yaml
++        """
++        machineTokenInfo:
++          contractInfo:
++            resourceEntitlements:
++              - type: esm-apps
++                entitled: false
          """
          And I attach `contract_token` with sudo
          Then stdout matches regexp:
@@ -386,22 +350,15 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro
         """
         esm-infra    +yes      +enabled  +Expanded Security Maintenance for Infrastructure
         """
--       When I create the file `/tmp/machine-token-overlay.json` with the following:
++       When I set the machine token overlay to the following yaml
         """
--       {
--           "machineTokenInfo": {
--               "contractInfo": {
--                   "effectiveTo": "2000-01-02T03:04:05Z"
--               }
--           }
--       }
++       machineTokenInfo:
++         contractInfo:
++           effectiveTo: 2000-01-02T03:04:05Z
         """
--       And I append the following on uaclient config:
--       """
--       features:
--         machine_token_overlay: "/tmp/machine-token-overlay.json"
--       """
--       When I run `pro status` with sudo
++       And I delete the file `/var/lib/ubuntu-advantage/jobs-status.json`
++       And I run `python3 /usr/lib/ubuntu-advantage/timer.py` with sudo
++       And I run `pro status` with sudo
         Then stdout matches regexp:
         """
         A change has been detected in your contract.
@@ -412,7 +369,8 @@ Feature: Command behaviour when attaching a machine to an Ubuntu Pro
         """
         Successfully refreshed your subscription.
         """
--       When I run `sed -i '/^.*machine_token_overlay:/d' /etc/ubuntu-advantage/uaclient.conf` with sudo
++       # remove machine token overlay
++       When I change config key `features` to use value `{}`
         And I run `pro status` with sudo
         Then stdout does not match regexp:
         """
 diff --git a/features/attached_commands.feature b/features/attached_commands.feature
 index 0b3e95e..524e4e0 100644
 --- a/features/attached_commands.feature
 +++ b/features/attached_commands.feature
@@ -249,7 +249,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
            esm-infra     +yes        +Expanded Security Maintenance for Infrastructure
            fips          +<fips>     +NIST-certified core packages
            fips-updates  +<fips>     +NIST-certified core packages with priority security updates
--          livepatch     +(yes|no)   +Canonical Livepatch service
++          livepatch     +(yes|no)   +(Canonical Livepatch service|Current kernel is not supported)
            realtime-kernel +<realtime-kernel> +Ubuntu kernel with PREEMPT_RT patches integrated
            ros           +<ros>      +Security Updates for the Robot Operating System
            ros-updates   +<ros>      +All Updates for the Robot Operating System
@@ -766,7 +766,7 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
          When I run `python3 /usr/lib/ubuntu-advantage/timer.py` with sudo
          And I run `cat /var/lib/ubuntu-advantage/jobs-status.json` with sudo
          Then stdout matches regexp:
--        """"
++        """
          "update_messaging":
          """
          When I run `pro config show` with sudo
@@ -779,50 +779,27 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
          And I run `python3 /usr/lib/ubuntu-advantage/timer.py` with sudo
          And I run `cat /var/lib/ubuntu-advantage/jobs-status.json` with sudo
          Then stdout matches regexp:
--        """"
++        """
          "update_messaging": null
          """
          When I delete the file `/var/lib/ubuntu-advantage/jobs-status.json`
--        And I create the file `/etc/ubuntu-advantage/uaclient.conf` with the following:
--        """
--        contract_url: https://contracts.canonical.com
--        data_dir: /var/lib/ubuntu-advantage
--        log_file: /var/log/ubuntu-advantage.log
--        log_level: debug
--        security_url: https://ubuntu.com/security
--        ua_config:
--          apt_http_proxy: null
--          apt_https_proxy: null
--          http_proxy: null
--          https_proxy: null
--          update_messaging_timer: 14400
--          metering_timer: 0
++        And I create the file `/var/lib/ubuntu-advantage/user-config.json` with the following:
++        """
++        { "metering_timer": 0 }
          """
          And I run `python3 /usr/lib/ubuntu-advantage/timer.py` with sudo
          And I run `cat /var/lib/ubuntu-advantage/jobs-status.json` with sudo
          Then stdout matches regexp:
--        """"
++        """
          "metering": null
          """
          When I delete the file `/var/lib/ubuntu-advantage/jobs-status.json`
--        And I create the file `/etc/ubuntu-advantage/uaclient.conf` with the following:
--        """
--        contract_url: https://contracts.canonical.com
--        data_dir: /var/lib/ubuntu-advantage
--        log_file: /var/log/ubuntu-advantage.log
--        log_level: debug
--        security_url: https://ubuntu.com/security
--        ua_config:
--          apt_http_proxy: null
--          apt_https_proxy: null
--          http_proxy: null
--          https_proxy: null
--          update_messaging_timer: -10
--          metering_timer: notanumber
++        And I create the file `/var/lib/ubuntu-advantage/user-config.json` with the following:
++        """
++        { "metering_timer": "notanumber", "update_messaging_timer": -10 }
          """
          And I run `python3 /usr/lib/ubuntu-advantage/timer.py` with sudo
          Then I verify that running `grep "Invalid value for update_messaging interval found in config." /var/log/ubuntu-advantage-timer.log` `with sudo` exits `0`
--        And I verify that running `grep "Invalid value for metering interval found in config." /var/log/ubuntu-advantage-timer.log` `with sudo` exits `0`
          And I verify that the timer interval for `update_messaging` is `21600`
          And I verify that the timer interval for `metering` is `14400`
          When I create the file `/var/lib/ubuntu-advantage/jobs-status.json` with the following:
@@ -832,15 +809,15 @@ Feature: Command behaviour when attached to an Ubuntu Pro subscription
          And I run `python3 /usr/lib/ubuntu-advantage/timer.py` with sudo
          And I run `cat /var/lib/ubuntu-advantage/jobs-status.json` with sudo
          Then stdout does not match regexp:
--        """"
++        """
          "update_status"
          """
          And stdout matches regexp:
--        """"
++        """
          "metering"
          """
          And stdout matches regexp:
--        """"
++        """
          "update_messaging"
          """
 diff --git a/features/attached_enable.feature b/features/attached_enable.feature
 index 7dc71a2..e833c54 100644
 --- a/features/attached_enable.feature
 +++ b/features/attached_enable.feature
@@ -79,27 +79,14 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
      Scenario Outline: Empty series affordance means no series, null means all series
          Given a `<release>` machine with ubuntu-advantage-tools installed
          When I attach `contract_token` with sudo and options `--no-auto-enable`
--        When I create the file `/tmp/machine-token-overlay.json` with the following:
--        """
--        {
--            "machineTokenInfo": {
--                "contractInfo": {
--                    "resourceEntitlements": [
--                        {
--                            "type": "esm-infra",
--                            "affordances": {
--                                "series": []
--                            }
--                        }
--                    ]
--                }
--            }
--        }
++        When I set the machine token overlay to the following yaml
          """
--        And I append the following on uaclient config:
--        """
--        features:
--          machine_token_overlay: "/tmp/machine-token-overlay.json"
++        machineTokenInfo:
++          contractInfo:
++            resourceEntitlements:
++              - type: esm-infra
++                affordances:
++                  series: []
          """
          When I verify that running `pro enable esm-infra` `with sudo` exits `1`
          Then stdout matches regexp:
@@ -344,25 +331,13 @@ Feature: Enable command behaviour when attached to an Ubuntu Pro subscription
      @uses.config.machine_type.lxd.container
      Scenario Outline: Attached enable not entitled service in a ubuntu machine

Ubuntuubuntu-advantage-tools package

Merge ~renanrodrigo/ubuntu/+source/ubuntu-advantage-tools:upload-27.14-lunar into ubuntu/+source/ubuntu-advantage-tools:ubuntu/devel

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
ubuntu-advantage-tools package