From 07643b59eb04f56114f6c0481f17a3b880a7d554 Mon Sep 17 00:00:00 2001
From: mhoellein <mario@hoellein.online>
Date: Wed, 10 Apr 2024 08:14:51 +0200
Subject: [PATCH] committing changes in /etc made by "apt-get install apache2
 apache2-bin apache2-data apache2-utils linux-generic linux-headers-generic
 linux-image-generic python3-update-manager ubuntu-advantage-tools
 update-manager-core"

Package changes:
-apache2 2.4.58-1+ubuntu20.04.1+deb.sury.org+1 amd64
-apache2-bin 2.4.58-1+ubuntu20.04.1+deb.sury.org+1 amd64
-apache2-data 2.4.58-1+ubuntu20.04.1+deb.sury.org+1 all
-apache2-utils 2.4.58-1+ubuntu20.04.1+deb.sury.org+1 amd64
+apache2 2.4.59-1+ubuntu20.04.1+deb.sury.org+1 amd64
+apache2-bin 2.4.59-1+ubuntu20.04.1+deb.sury.org+1 amd64
+apache2-data 2.4.59-1+ubuntu20.04.1+deb.sury.org+1 all
+apache2-utils 2.4.59-1+ubuntu20.04.1+deb.sury.org+1 amd64
+debsuryorg-archive-keyring 2024.02.05+ubuntu20.04.1+deb.sury.org+1 all
-linux-generic 5.4.0.165.162 amd64
+linux-generic 5.4.0.176.174 amd64
-linux-headers-generic 5.4.0.165.162 amd64
+linux-headers-5.4.0-176 5.4.0-176.196 all
+linux-headers-5.4.0-176-generic 5.4.0-176.196 amd64
+linux-headers-generic 5.4.0.176.174 amd64
+linux-image-5.4.0-176-generic 5.4.0-176.196 amd64
-linux-image-generic 5.4.0.165.162 amd64
+linux-image-generic 5.4.0.176.174 amd64
+linux-modules-5.4.0-176-generic 5.4.0-176.196 amd64
+linux-modules-extra-5.4.0-176-generic 5.4.0-176.196 amd64
-python3-update-manager 1:20.04.10.18 all
+python3-update-manager 1:20.04.10.20 all
-ubuntu-advantage-tools 29.4~20.04 amd64
+ubuntu-advantage-tools 31.2~20.04 all
+ubuntu-pro-client 31.2~20.04 amd64
+ubuntu-pro-client-l10n 31.2~20.04 amd64
-update-manager-core 1:20.04.10.18 all
+update-manager-core 1:20.04.10.20 all
---
 .etckeeper                                    |  11 +-
 apache2/mods-available/proxy_connect.conf     |   3 +
 apparmor.d/local/ubuntu_pro_apt_news          |   0
 apparmor.d/ubuntu_pro_apt_news                |  41 +++++++
 apt/preferences.d/ubuntu-pro-esm-apps         |  11 ++
 apt/preferences.d/ubuntu-pro-esm-infra        |  10 ++
 apt/trusted.gpg.d/debsuryorg-archive.gpg      | Bin 0 -> 1769 bytes
 letsencrypt/.certbot.lock                     |   0
 ...untu-advantage-tools => ubuntu-pro-client} |   0
 ubuntu-advantage/help_data.yaml               | 109 ------------------
 .../ubuntu-advantage-upgrades.cfg             |   2 +-
 11 files changed, 74 insertions(+), 113 deletions(-)
 create mode 100644 apache2/mods-available/proxy_connect.conf
 create mode 100644 apparmor.d/local/ubuntu_pro_apt_news
 create mode 100644 apparmor.d/ubuntu_pro_apt_news
 create mode 100644 apt/preferences.d/ubuntu-pro-esm-apps
 create mode 100644 apt/preferences.d/ubuntu-pro-esm-infra
 create mode 100644 apt/trusted.gpg.d/debsuryorg-archive.gpg
 create mode 100644 letsencrypt/.certbot.lock
 rename logrotate.d/{ubuntu-advantage-tools => ubuntu-pro-client} (100%)
 delete mode 100644 ubuntu-advantage/help_data.yaml

diff --git a/.etckeeper b/.etckeeper
index 5e1995db2..b53d5512a 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -5,7 +5,6 @@ mkdir -p './acpi/events'
 mkdir -p './apm/event.d'
 mkdir -p './apparmor.d/force-complain'
 mkdir -p './apt/auth.conf.d'
-mkdir -p './apt/preferences.d'
 mkdir -p './binfmt.d'
 mkdir -p './ca-certificates/update.d'
 mkdir -p './clamav/onerrorexecute.d'
@@ -435,6 +434,7 @@ maybe chmod 0644 'apache2/mods-available/proxy.load'
 maybe chmod 0644 'apache2/mods-available/proxy_ajp.load'
 maybe chmod 0644 'apache2/mods-available/proxy_balancer.conf'
 maybe chmod 0644 'apache2/mods-available/proxy_balancer.load'
+maybe chmod 0644 'apache2/mods-available/proxy_connect.conf'
 maybe chmod 0644 'apache2/mods-available/proxy_connect.load'
 maybe chmod 0644 'apache2/mods-available/proxy_express.load'
 maybe chmod 0644 'apache2/mods-available/proxy_fcgi.load'
@@ -638,6 +638,7 @@ maybe chmod 0644 'apparmor.d/local/README'
 maybe chmod 0644 'apparmor.d/local/lsb_release'
 maybe chmod 0644 'apparmor.d/local/nvidia_modprobe'
 maybe chmod 0644 'apparmor.d/local/sbin.dhclient'
+maybe chmod 0644 'apparmor.d/local/ubuntu_pro_apt_news'
 maybe chmod 0644 'apparmor.d/local/usr.bin.freshclam'
 maybe chmod 0644 'apparmor.d/local/usr.bin.man'
 maybe chmod 0644 'apparmor.d/local/usr.lib.ipsec.charon'
@@ -670,6 +671,7 @@ maybe chmod 0644 'apparmor.d/tunables/sys'
 maybe chmod 0644 'apparmor.d/tunables/xdg-user-dirs'
 maybe chmod 0755 'apparmor.d/tunables/xdg-user-dirs.d'
 maybe chmod 0644 'apparmor.d/tunables/xdg-user-dirs.d/site.local'
+maybe chmod 0644 'apparmor.d/ubuntu_pro_apt_news'
 maybe chmod 0644 'apparmor.d/usr.bin.freshclam'
 maybe chmod 0644 'apparmor.d/usr.bin.man'
 maybe chmod 0644 'apparmor.d/usr.lib.ipsec.charon'
@@ -695,6 +697,8 @@ maybe chmod 0644 'apt/apt.conf.d/50command-not-found'
 maybe chmod 0644 'apt/apt.conf.d/70debconf'
 maybe chmod 0755 'apt/auth.conf.d'
 maybe chmod 0755 'apt/preferences.d'
+maybe chmod 0644 'apt/preferences.d/ubuntu-pro-esm-apps'
+maybe chmod 0644 'apt/preferences.d/ubuntu-pro-esm-infra'
 maybe chmod 0644 'apt/sources.list'
 maybe chmod 0755 'apt/sources.list.d'
 maybe chmod 0644 'apt/sources.list.d/apache2.list'
@@ -707,6 +711,7 @@ maybe chmod 0644 'apt/sources.list.d/webmin.list.distUpgrade'
 maybe chmod 0644 'apt/sources.list.distUpgrade'
 maybe chmod 0644 'apt/trusted.gpg'
 maybe chmod 0755 'apt/trusted.gpg.d'
+maybe chmod 0644 'apt/trusted.gpg.d/debsuryorg-archive.gpg'
 maybe chmod 0644 'apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg'
 maybe chmod 0644 'apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg'
 maybe chmod 0644 'apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg'
@@ -1644,6 +1649,7 @@ maybe chmod 0755 'ldap/schema'
 maybe chmod 0644 'ldap/schema/amavis.schema'
 maybe chmod 0644 'legal'
 maybe chmod 0755 'letsencrypt'
+maybe chmod 0600 'letsencrypt/.certbot.lock'
 maybe chmod 0644 'letsencrypt/.updated-options-ssl-apache-conf-digest.txt'
 maybe chmod 0700 'letsencrypt/accounts'
 maybe chmod 0700 'letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org'
@@ -19448,7 +19454,7 @@ maybe chmod 0644 'logrotate.d/razor'
 maybe chmod 0644 'logrotate.d/redis-server'
 maybe chmod 0644 'logrotate.d/rsnapshot'
 maybe chmod 0644 'logrotate.d/rsyslog'
-maybe chmod 0644 'logrotate.d/ubuntu-advantage-tools'
+maybe chmod 0644 'logrotate.d/ubuntu-pro-client'
 maybe chmod 0644 'logrotate.d/ufw'
 maybe chmod 0644 'logrotate.d/wtmp'
 maybe chmod 0755 'loolwsd'
@@ -20012,7 +20018,6 @@ maybe chmod 0755 'tmpfiles.d'
 maybe chmod 0644 'tmpfiles.d/screen-cleanup.conf'
 maybe chmod 0644 'turnserver.conf'
 maybe chmod 0755 'ubuntu-advantage'
-maybe chmod 0644 'ubuntu-advantage/help_data.yaml'
 maybe chmod 0644 'ubuntu-advantage/uaclient.conf'
 maybe chmod 0644 'ucf.conf'
 maybe chmod 0755 'udev'
diff --git a/apache2/mods-available/proxy_connect.conf b/apache2/mods-available/proxy_connect.conf
new file mode 100644
index 000000000..35d6ad935
--- /dev/null
+++ b/apache2/mods-available/proxy_connect.conf
@@ -0,0 +1,3 @@
+# Avoid having open-proxy when one vhost uses proxy_connect
+# See https://bugs.debian.org/1054564 for more
+AllowCONNECT 0
diff --git a/apparmor.d/local/ubuntu_pro_apt_news b/apparmor.d/local/ubuntu_pro_apt_news
new file mode 100644
index 000000000..e69de29bb
diff --git a/apparmor.d/ubuntu_pro_apt_news b/apparmor.d/ubuntu_pro_apt_news
new file mode 100644
index 000000000..402d93930
--- /dev/null
+++ b/apparmor.d/ubuntu_pro_apt_news
@@ -0,0 +1,41 @@
+
+include <tunables/global>
+
+profile ubuntu_pro_apt_news flags=(attach_disconnected) {
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/openssl>
+  include <abstractions/python>
+
+  # Needed because apt-news calls apt_pkg.init() which tries to
+  # switch to the _apt system user/group.
+  capability setgid,
+  capability setuid,
+  capability dac_read_search,
+
+  /etc/apt/** r,
+  /etc/default/apport r,
+  /etc/ubuntu-advantage/* r,
+  /usr/bin/python3.{1,}[0-9] mrix,
+
+  # "import uuid" in focal triggers an uname call
+  /usr/bin/uname mrix,
+
+  /usr/lib/apt/methods/http mrix,
+  /usr/lib/apt/methods/https mrix,
+  /usr/lib/ubuntu-advantage/apt_news.py r,
+  /usr/share/dpkg/* r,
+  /var/log/ubuntu-advantage.log rw,
+  /var/lib/ubuntu-advantage/** r,
+  /var/lib/ubuntu-advantage/messages/ rw,
+  /var/lib/ubuntu-advantage/messages/* rw,
+  /run/ubuntu-advantage/ rw,
+  /run/ubuntu-advantage/* rw,
+
+  /tmp/** r,
+
+  owner @{PROC}/@{pid}/fd/ r,
+  @{PROC}/@{pid}/cgroup r,
+
+
+}
\ No newline at end of file
diff --git a/apt/preferences.d/ubuntu-pro-esm-apps b/apt/preferences.d/ubuntu-pro-esm-apps
new file mode 100644
index 000000000..ccdff4be9
--- /dev/null
+++ b/apt/preferences.d/ubuntu-pro-esm-apps
@@ -0,0 +1,11 @@
+# This file is used by Ubuntu Pro and supplied by the ubuntu-pro-client
+# package. It has no effect if Ubuntu Pro services are not in use since no
+# other apt repositories are expected to match o=UbuntuESMApps.
+#
+# Pin esm-apps packages to a slightly higher value than the default,
+# so those are preferred over a non-ESM package from the archive when the
+# service is enabled.
+
+Package: *
+Pin: release o=UbuntuESMApps
+Pin-Priority: 510
diff --git a/apt/preferences.d/ubuntu-pro-esm-infra b/apt/preferences.d/ubuntu-pro-esm-infra
new file mode 100644
index 000000000..125b31d09
--- /dev/null
+++ b/apt/preferences.d/ubuntu-pro-esm-infra
@@ -0,0 +1,10 @@
+# This file is used by Ubuntu Pro and supplied by the ubuntu-pro-client
+# package. It has no effect if Ubuntu Pro services are not in use since no
+# other apt repositories are expected to match o=UbuntuESM.
+#
+# Pin esm-infra packages to a slightly higher value than the default,
+# so those are preferred over a non-ESM package from the archive when the
+# service is enabled.
+Package: *
+Pin: release o=UbuntuESM
+Pin-Priority: 510
diff --git a/apt/trusted.gpg.d/debsuryorg-archive.gpg b/apt/trusted.gpg.d/debsuryorg-archive.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..28043b0af5928d6e14a85b6a51ae931fd02377b0
GIT binary patch
literal 1769
zcmV<F1{V350gVJ)k8hs=3;@#(QcJ92WVK-0Q9Ugdh+`KVzm&a(aaJkgFn#k=79cRR
zXoMLN7u01Is{V`rEN#WnNMyc?f;PF=h*pY3Cyg7OsX)yS{+-~MgQz_2Ka5={-6FLC
zs$cxpicTHGf#w(rbxOMzR~oFY)Rg$C{Oz)32AJUU#ajOTf=fT1BdjGLBY9)vF&<11
z-o*>&l~o1j)iwSqOsj~Ns;go1_KdQIW!;-!anC!95nCjR9ze)hwAN%IPRrMpm?4$c
zV`lOPE{g|^hdysZz|Vb`XPDqc#(WCDQ3sf8F{qv<!K$#-MhFM4Lf;#<U!m+p>%aX=
zYdTej(&BnnRs1$cL(_dAU5T+JY-!wg>U~+hlA`*Wq$A~WxeI{!K?6V0^v=ZmZS#5A
zq7oYw@5(_JcJ8O?&{ptOwO`G-!+AHN<N?W3;O)hJQJHIB<|WEtjaI2or*30I&Rxvk
zORH?>oOT3F6n%?VeHqo9dv4q4{F0^y+}%d8^=Hi)Fts&-GZO$20RRECF+@c|E>l%f
zSuRgfM<79UbZ>28bZKKCQ)y>zX>MmAOJ#W=JY;2JKy!6+c`k2qXFiDm)C3a&3IIL=
z8v_Lk2?z%Q1{Dek2nzxP76JnS0v-VZ7l0Na1Qi8^0H7mXm-W#AW3h<hww1j{Lj?k5
zz_+Re2@LbE3jhiU5V45jww1j{L&aDN{x|EIg;l!jd6#D0UE|>;lu<3B+yOq$iI;Y<
zR_Ry8u$}#2FSuCJ*uOlsakgp@KViPM3^MWHapUZ_%&&@t*ypXUYfM?j?*Lue4DVLL
z;Wv0^R>P2!K$Kg$B5|W)03J?#;`W)=l8ziz8x@#8y0be)ZJ_VWZ!rR<pZgIZ<4$Si
z!rQy#``UxiV%m}(uM3LC(oqd9JI)rs|D7&h{b~EDnp<d@mmE=HLozn4&R7k6^75Rx
zHd6d*y}5DhIL++aKM7tY`0Ce-q?BcMTw1(zWhst(PpY<$`U<p$eAn`*WPwSks_zAW
z8d_9F!Ad%~jNEJA;7P^#RUROw7_{e9fI&sYK!yswYRWa+bFJs%T(n}rzYF^p$jiQm
z^PX#n`d{Sq`q#8=c8GZY>D$*)vT6<Xqt8n_!z^<OV3AJ|*82U5f%4||^bZEZ+I;v<
z{WnIJhY>3_tAIeJoEW|02@G(v4n7M$Lda_`H`asWd0p(BcU~uvYb$I<&$$7O1YD1A
zp8*U2;Kv#>{I*>Lhm?>~VIK0Sn@3;y8S)Qlomi@nApj3Q7bq&|6Fb<}29~uRsBYNW
ztI9>v4hpmYy65-^I@<@mXg4{@YdACHT;H)c%}b?rMpvmYlj7GpyqmQ6Rb}nPw(!hb
zLltG=*o*5ZXNyxnc?yk{4*_;;-I^J#XT;_Ec;mYQ$2I<s5b(lRB#^3^_QBW>MAh+*
zTEBE`#wCHb=O}U?Bfk%|m^O6G7|c7yQ4hoJy#G{8pp7_*w3%-}*~K5GNk6y@DCQ8S
z!-%DgFE#w4hBNyd!Olv@p|@FT0B^|}j@=a$Z}4E<s*U*Fg?nAQc5!0R-HZ*C7-U<5
zK&-Fm5ejsZitH~hFqLF1{aD=DjYA;lu}|2F$DQYRDcra!GHCh_@OYwV#qy|;pZ&c?
zDZ`VP$8`irNjJ!F&Gx^^3xr80Yed?q9)bdV_hd;M6$<>kH~+ZEK&GWTbTQjD6smBT
zFfU*}6b2vReUk*K8C)CCGKEj55%l|a01*KI0f_;;1Q-Dd044$(3>F~-6$OO=pd($E
z_0a%hv54ZfmAywp1p;Njx61_y4D+un0162Zv54ZfmAywpUM&m!3;nG9P8+w*Xge`?
zgx(>IiNLqW0*qE=hui<@*I^hXHAzBtHj8D%a$$rTLPyT)s7fueaMIu8=p9<qWf^sd
zl^GZbEoAPi7xLpROn}NF&mzJVO~l5mR(GW?WI?Pc$0AT{q^?|&PD2OHXjdQ^d)OXZ
zSGhYAI1^yEH^vb@8NI@Uo>N4nY{5rI4ONqy`Ks5uz%KOSMKqHp&A?s{mm)CB_n~S6
zGX<{bzK_(`g98WZJw*~3x25`2k+{aj{xk1aboh(8-(IL^LE8Vd#n+;f-OrvB&b4J4
z2^X%6wyd8XxLHj&!Tl>tIXEH8as@>wkF&;HWZY3kGhjwPXZOnmhT=@^&ul3HAHvOG
z#RbT|txrsN87{7Yr>Y;<GuO<HjWDj|*G+_N<6)G+oIcFVNsE|6q}#%|+sYhv(`^_)
zUPPH}yS+faw&*Eh7jJP#4hpI5H>j!$=_7I!D%B-8d++}P3K^1wP;O2Ou1QEa=q-X*
L%DPvtl8KUsUky+R

literal 0
HcmV?d00001

diff --git a/letsencrypt/.certbot.lock b/letsencrypt/.certbot.lock
new file mode 100644
index 000000000..e69de29bb
diff --git a/logrotate.d/ubuntu-advantage-tools b/logrotate.d/ubuntu-pro-client
similarity index 100%
rename from logrotate.d/ubuntu-advantage-tools
rename to logrotate.d/ubuntu-pro-client
diff --git a/ubuntu-advantage/help_data.yaml b/ubuntu-advantage/help_data.yaml
deleted file mode 100644
index 61b81df46..000000000
--- a/ubuntu-advantage/help_data.yaml
+++ /dev/null
@@ -1,109 +0,0 @@
-anbox-cloud:
-    help: |
-      Anbox Cloud lets you stream mobile apps securely, at any scale, to any
-      device, letting you focus on your apps. Run Android in system
-      containers on public or private clouds with ultra low streaming
-      latency. When the anbox-cloud service is enabled, by default, the
-      Appliance variant is enabled. Enabling this service allows
-      orchestration to provision a PPA with the Anbox Cloud resources. This
-      step also configures the Anbox Management Service (AMS) with the
-      necessary image server credentials. To learn more about Anbox Cloud,
-      see https://anbox-cloud.io
-
-cc-eal:
-    help: |
-      Common Criteria is an Information Technology Security Evaluation standard
-      (ISO/IEC IS 15408) for computer security certification. Ubuntu 16.04 has
-      been evaluated to assurance level EAL2 through CSEC. The evaluation was
-      performed on Intel x86_64, IBM Power8 and IBM Z hardware platforms.
-
-cis:
-    help: |
-      Ubuntu Security Guide is a tool for hardening and auditing and allows for
-      environment-specific customizations. It enables compliance with profiles
-      such as DISA-STIG and the CIS benchmarks. Find out more at
-      https://ubuntu.com/security/certifications/docs/usg
-
-
-esm-apps:
-    help: |
-      Expanded Security Maintenance for Applications is enabled by default
-      on entitled workloads. It provides access to a private PPA which includes
-      available high and critical CVE fixes for Ubuntu LTS packages in the Ubuntu
-      Main and Ubuntu Universe repositories from the Ubuntu LTS release date until
-      its end of life. You can find out more about the esm service at
-      https://ubuntu.com/security/esm
-
-esm-infra:
-   help: |
-     Expanded Security Maintenance for Infrastructure provides access
-     to a private ppa which includes available high and critical CVE fixes
-     for Ubuntu LTS packages in the Ubuntu Main repository between the end
-     of the standard Ubuntu LTS security maintenance and its end of life.
-     It is enabled by default with Ubuntu Pro. You can find out more about
-     the service at https://ubuntu.com/security/esm
-
-fips:
-    help: |
-      FIPS 140-2 is a set of publicly announced cryptographic standards
-      developed by the National Institute of Standards and Technology
-      applicable for FedRAMP, HIPAA, PCI and ISO compliance use cases.
-      Note that "fips" does not provide security patching. For fips certified
-      modules with security patches please refer to fips-updates. The modules
-      are certified on Intel x86_64 and IBM Z hardware platforms for Ubuntu
-      18.04 and Intel x86_64, IBM Power8 and IBM Z hardware platforms for
-      Ubuntu 16.04. Below is the list of fips certified components per an
-      Ubuntu Version. You can find out more at
-      https://ubuntu.com/security/certifications#fips
-
-fips-updates:
-    help: |
-      fips-updates installs fips modules including all security patches
-      for those modules that have been provided since their certification date.
-      You can find out more at https://ubuntu.com/security/certifications#fips.
-
-landscape:
-  help: |
-    Landscape Client can be installed on this machine and enrolled in
-    Canonical's Landscape SaaS: https://landscape.canonical.com
-    or a self-hosted Landscape: https://ubuntu.com/landscape/install
-    Landscape allows you to manage many machines as easily as one,
-    with an intuitive dashboard and API interface for automation,
-    hardening, auditing, and more. Find out more about Landscape at
-    https://ubuntu.com/landscape
-
-livepatch:
-    help: |
-      Livepatch provides selected high and critical kernel CVE fixes and other
-      non-security bug fixes as kernel livepatches. Livepatches are applied
-      without rebooting a machine which drastically limits the need for
-      unscheduled system reboots. Due to the nature of fips compliance,
-      livepatches cannot be enabled on fips-enabled systems. You can find out
-      more about Ubuntu Kernel Livepatch service at
-      https://ubuntu.com/security/livepatch
-
-realtime-kernel:
-  help: |
-    The Real-time kernel is an Ubuntu kernel with PREEMPT_RT patches integrated.
-    It services latency-dependent use cases by providing deterministic response times.
-    The Real-time kernel meets stringent preemption specifications and is suitable for
-    telco applications and dedicated devices in industrial automation and robotics.
-    The Real-time kernel is currently incompatible with FIPS and Livepatch. 
-
-ros:
-  help: |
-    ros provides access to a private PPA which includes security-related
-    updates for available high and critical CVE fixes for Robot Operating
-    System (ROS) packages. For access to ROS ESM and security updates, both
-    esm-infra and esm-apps services will also be enabled. To get additional
-    non-security updates, enable ros-updates. You can find out more about the
-    ROS ESM service at https://ubuntu.com/robotics/ros-esm
-
-ros-updates:
-  help: |
-    ros-updates provides access to a private PPA which includes
-    non-security-related updates for Robot Operating System (ROS) packages.
-    For full access to ROS ESM, security and non-security updates,
-    the esm-infra, esm-apps, and ros services will also be enabled. You can
-    find out more about the ROS ESM service at
-    https://ubuntu.com/robotics/ros-esm
diff --git a/update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg b/update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg
index c7da279af..c811ae032 100644
--- a/update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg
+++ b/update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg
@@ -1,4 +1,4 @@
 [Sources]
 Pockets=security,updates,proposed,backports,infra-security,infra-updates,apps-security,apps-updates
 [Distro]
-PostInstallScripts=./xorg_fix_proprietary.py, /usr/lib/ubuntu-advantage/upgrade_lts_contract.py
+PostInstallScripts=./xorg_fix_proprietary.py, /usr/lib/ubuntu-advantage/convert_list_to_deb822.py, /usr/lib/ubuntu-advantage/upgrade_lts_contract.py
-- 
2.43.0