From b6a782fe50fc538d0385beec2c3e5f1de924224d Mon Sep 17 00:00:00 2001
From: mhoellein <mario@hoellein.online>
Date: Thu, 6 Apr 2023 14:33:33 +0200
Subject: [PATCH] committing changes in /etc made by "apt-get install
 linux-generic linux-headers-generic linux-image-generic mysql-server-8.0
 mysql-server-core-8.0 ubuntu-advantage-tools"

Package changes:
+distro-info 0.23ubuntu1 amd64
+libevent-pthreads-2.1-7 2.1.11-stable-1 amd64
-linux-generic 5.4.0.40.43 amd64
+linux-generic 5.4.0.146.144 amd64
+linux-headers-5.4.0-146 5.4.0-146.163 all
+linux-headers-5.4.0-146-generic 5.4.0-146.163 amd64
-linux-headers-generic 5.4.0.40.43 amd64
+linux-headers-generic 5.4.0.146.144 amd64
+linux-image-5.4.0-146-generic 5.4.0-146.163 amd64
-linux-image-generic 5.4.0.40.43 amd64
+linux-image-generic 5.4.0.146.144 amd64
+linux-modules-5.4.0-146-generic 5.4.0-146.163 amd64
+linux-modules-extra-5.4.0-146-generic 5.4.0-146.163 amd64
-mysql-server-8.0 8.0.20-0ubuntu0.20.04.1 amd64
-mysql-server-core-8.0 8.0.20-0ubuntu0.20.04.1 amd64
+mysql-server-8.0 8.0.32-0ubuntu0.20.04.2 amd64
+mysql-server-core-8.0 8.0.32-0ubuntu0.20.04.2 amd64
-ubuntu-advantage-tools 20.3 amd64
+ubuntu-advantage-tools 27.13.6~20.04.1 amd64
---
 .etckeeper                                    |  5 +-
 apt/apt.conf.d/20apt-esm-hook.conf            | 12 ++-
 logrotate.d/ubuntu-advantage-tools            |  6 +-
 mysql/mysql.conf.d/mysqld.cnf                 |  1 +
 .../ua-reboot-cmds.service                    |  1 +
 .../ubuntu-advantage.service                  |  1 +
 .../system/timers.target.wants/ua-timer.timer |  1 +
 ubuntu-advantage/help_data.yaml               | 87 +++++++++++++++++++
 ubuntu-advantage/uaclient.conf                | 19 +++-
 .../ubuntu-advantage-upgrades.cfg             |  4 +
 update-motd.d/88-esm-announce                 |  4 +
 update-motd.d/91-contract-ua-esm-status       |  8 ++
 12 files changed, 140 insertions(+), 9 deletions(-)
 create mode 120000 systemd/system/multi-user.target.wants/ua-reboot-cmds.service
 create mode 120000 systemd/system/multi-user.target.wants/ubuntu-advantage.service
 create mode 120000 systemd/system/timers.target.wants/ua-timer.timer
 create mode 100644 ubuntu-advantage/help_data.yaml
 create mode 100644 update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg
 create mode 100755 update-motd.d/88-esm-announce
 create mode 100755 update-motd.d/91-contract-ua-esm-status

diff --git a/.etckeeper b/.etckeeper
index e00f710..892ed23 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -46,7 +46,6 @@ mkdir -p './systemd/network'
 mkdir -p './udev/hwdb.d'
 mkdir -p './udev/rules.d'
 mkdir -p './ufw/applications.d/apache2'
-mkdir -p './update-manager/release-upgrades.d'
 maybe chmod 0755 '.'
 maybe chmod 0700 '.etckeeper'
 maybe chmod 0600 '.gitignore'
@@ -1472,6 +1471,7 @@ maybe chmod 0644 'timezone'
 maybe chmod 0755 'tmpfiles.d'
 maybe chmod 0644 'tmpfiles.d/screen-cleanup.conf'
 maybe chmod 0755 'ubuntu-advantage'
+maybe chmod 0644 'ubuntu-advantage/help_data.yaml'
 maybe chmod 0644 'ubuntu-advantage/uaclient.conf'
 maybe chmod 0644 'ucf.conf'
 maybe chmod 0755 'udev'
@@ -1500,10 +1500,13 @@ maybe chmod 0755 'update-manager'
 maybe chmod 0644 'update-manager/meta-release'
 maybe chmod 0644 'update-manager/release-upgrades'
 maybe chmod 0755 'update-manager/release-upgrades.d'
+maybe chmod 0644 'update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg'
 maybe chmod 0755 'update-motd.d'
 maybe chmod 0755 'update-motd.d/00-header'
 maybe chmod 0755 'update-motd.d/10-help-text'
 maybe chmod 0755 'update-motd.d/50-motd-news'
+maybe chmod 0755 'update-motd.d/88-esm-announce'
+maybe chmod 0755 'update-motd.d/91-contract-ua-esm-status'
 maybe chmod 0755 'update-motd.d/91-release-upgrade'
 maybe chmod 0644 'updatedb.conf'
 maybe chmod 0755 'vim'
diff --git a/apt/apt.conf.d/20apt-esm-hook.conf b/apt/apt.conf.d/20apt-esm-hook.conf
index d6d1ad1..7bcae44 100644
--- a/apt/apt.conf.d/20apt-esm-hook.conf
+++ b/apt/apt.conf.d/20apt-esm-hook.conf
@@ -1,7 +1,11 @@
+APT::Update::Pre-Invoke {
+	"[ ! -e /run/systemd/system ] || [ $(id -u) -ne 0 ] || systemctl start --no-block apt-news.service esm-cache.service || true";
+};
+
 APT::Update::Post-Invoke-Stats {
-	"[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook";
+	"[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook || true";
 };
 
-APT::Install::Post-Invoke-Success {
-	"[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook";
-}; 
+binary::apt::AptCli::Hooks::Upgrade {
+	"[ ! -f /usr/lib/ubuntu-advantage/apt-esm-json-hook ] || /usr/lib/ubuntu-advantage/apt-esm-json-hook || true";
+};
diff --git a/logrotate.d/ubuntu-advantage-tools b/logrotate.d/ubuntu-advantage-tools
index 1dede3f..7c64857 100644
--- a/logrotate.d/ubuntu-advantage-tools
+++ b/logrotate.d/ubuntu-advantage-tools
@@ -1,4 +1,8 @@
-/var/log/ubuntu-advantage.log {
+# use the root group by default, since this is the owning group
+# of /var/log/ubuntu-advantage*.log files.
+/var/log/ubuntu-advantage*.log {
+    su root root
+    create 0644 root root
     rotate 6
     monthly
     compress
diff --git a/mysql/mysql.conf.d/mysqld.cnf b/mysql/mysql.conf.d/mysqld.cnf
index f5de296..7b234a1 100644
--- a/mysql/mysql.conf.d/mysqld.cnf
+++ b/mysql/mysql.conf.d/mysqld.cnf
@@ -29,6 +29,7 @@ user		= mysql
 # Instead of skip-networking the default is now to listen only on
 # localhost which is more compatible and is not less secure.
 bind-address		= 127.0.0.1
+mysqlx-bind-address	= 127.0.0.1
 #
 # * Fine Tuning
 #
diff --git a/systemd/system/multi-user.target.wants/ua-reboot-cmds.service b/systemd/system/multi-user.target.wants/ua-reboot-cmds.service
new file mode 120000
index 0000000..e2ace0a
--- /dev/null
+++ b/systemd/system/multi-user.target.wants/ua-reboot-cmds.service
@@ -0,0 +1 @@
+/lib/systemd/system/ua-reboot-cmds.service
\ No newline at end of file
diff --git a/systemd/system/multi-user.target.wants/ubuntu-advantage.service b/systemd/system/multi-user.target.wants/ubuntu-advantage.service
new file mode 120000
index 0000000..d7d5cd6
--- /dev/null
+++ b/systemd/system/multi-user.target.wants/ubuntu-advantage.service
@@ -0,0 +1 @@
+/lib/systemd/system/ubuntu-advantage.service
\ No newline at end of file
diff --git a/systemd/system/timers.target.wants/ua-timer.timer b/systemd/system/timers.target.wants/ua-timer.timer
new file mode 120000
index 0000000..470cbfa
--- /dev/null
+++ b/systemd/system/timers.target.wants/ua-timer.timer
@@ -0,0 +1 @@
+/lib/systemd/system/ua-timer.timer
\ No newline at end of file
diff --git a/ubuntu-advantage/help_data.yaml b/ubuntu-advantage/help_data.yaml
new file mode 100644
index 0000000..13bcb26
--- /dev/null
+++ b/ubuntu-advantage/help_data.yaml
@@ -0,0 +1,87 @@
+cc-eal:
+    help: |
+      Common Criteria is an Information Technology Security Evaluation standard
+      (ISO/IEC IS 15408) for computer security certification. Ubuntu 16.04 has
+      been evaluated to assurance level EAL2 through CSEC. The evaluation was
+      performed on Intel x86_64, IBM Power8 and IBM Z hardware platforms.
+
+cis:
+    help: |
+      Ubuntu Security Guide is a tool for hardening and auditing and allows for
+      environment-specific customizations. It enables compliance with profiles
+      such as DISA-STIG and the CIS benchmarks. Find out more at
+      https://ubuntu.com/security/certifications/docs/usg
+
+
+esm-apps:
+    help: |
+      Expanded Security Maintenance for Applications is enabled by default
+      on entitled workloads. It provides access to a private PPA which includes
+      available high and critical CVE fixes for Ubuntu LTS packages in the Ubuntu
+      Main and Ubuntu Universe repositories from the Ubuntu LTS release date until
+      its end of life. You can find out more about the esm service at
+      https://ubuntu.com/security/esm
+
+esm-infra:
+   help: |
+     Expanded Security Maintenance for Infrastructure provides access
+     to a private ppa which includes available high and critical CVE fixes
+     for Ubuntu LTS packages in the Ubuntu Main repository between the end
+     of the standard Ubuntu LTS security maintenance and its end of life.
+     It is enabled by default with Ubuntu Pro. You can find out more about
+     the service at https://ubuntu.com/security/esm
+
+fips:
+    help: |
+      FIPS 140-2 is a set of publicly announced cryptographic standards
+      developed by the National Institute of Standards and Technology
+      applicable for FedRAMP, HIPAA, PCI and ISO compliance use cases.
+      Note that "fips" does not provide security patching. For fips certified
+      modules with security patches please refer to fips-updates. The modules
+      are certified on Intel x86_64 and IBM Z hardware platforms for Ubuntu
+      18.04 and Intel x86_64, IBM Power8 and IBM Z hardware platforms for
+      Ubuntu 16.04. Below is the list of fips certified components per an
+      Ubuntu Version. You can find out more at
+      https://ubuntu.com/security/certifications#fips
+
+fips-updates:
+    help: |
+      fips-updates installs fips modules including all security patches
+      for those modules that have been provided since their certification date.
+      You can find out more at https://ubuntu.com/security/certifications#fips.
+
+livepatch:
+    help: |
+      Livepatch provides selected high and critical kernel CVE fixes and other
+      non-security bug fixes as kernel livepatches. Livepatches are applied
+      without rebooting a machine which drastically limits the need for
+      unscheduled system reboots. Due to the nature of fips compliance,
+      livepatches cannot be enabled on fips-enabled systems. You can find out
+      more about Ubuntu Kernel Livepatch service at
+      https://ubuntu.com/security/livepatch
+
+realtime-kernel:
+  help: |
+    The Real-time kernel is an Ubuntu kernel with PREEMPT_RT patches integrated.
+    It services latency-dependent use cases by providing deterministic response times.
+    The Real-time kernel meets stringent preemption specifications and is suitable for
+    telco applications and dedicated devices in industrial automation and robotics.
+    The Real-time kernel is currently incompatible with FIPS and Livepatch. 
+
+ros:
+  help: |
+    ros provides access to a private PPA which includes security-related
+    updates for available high and critical CVE fixes for Robot Operating
+    System (ROS) packages. For access to ROS ESM and security updates, both
+    esm-infra and esm-apps services will also be enabled. To get additional
+    non-security updates, enable ros-updates. You can find out more about the
+    ROS ESM service at https://ubuntu.com/robotics/ros-esm
+
+ros-updates:
+  help: |
+    ros-updates provides access to a private PPA which includes
+    non-security-related updates for Robot Operating System (ROS) packages.
+    For full access to ROS ESM, security and non-security updates,
+    the esm-infra, esm-apps, and ros services will also be enabled. You can
+    find out more about the ROS ESM service at
+    https://ubuntu.com/robotics/ros-esm
diff --git a/ubuntu-advantage/uaclient.conf b/ubuntu-advantage/uaclient.conf
index 8dc2f1a..3bf107a 100644
--- a/ubuntu-advantage/uaclient.conf
+++ b/ubuntu-advantage/uaclient.conf
@@ -1,5 +1,18 @@
-# Ubuntu-Advantage client config file.
-contract_url: 'https://contracts.canonical.com'
+# Ubuntu Pro Client config file.
+# If you modify this file, run "pro refresh config" to ensure changes are
+# picked up by Ubuntu Pro Client.
+
+contract_url: https://contracts.canonical.com
 data_dir: /var/lib/ubuntu-advantage
-log_level: debug
 log_file: /var/log/ubuntu-advantage.log
+log_level: debug
+security_url: https://ubuntu.com/security
+timer_log_file: /var/log/ubuntu-advantage-timer.log
+daemon_log_file: /var/log/ubuntu-advantage-daemon.log
+ua_config:
+  apt_http_proxy: null
+  apt_https_proxy: null
+  http_proxy: null
+  https_proxy: null
+  update_messaging_timer: 21600
+  metering_timer: 14400
diff --git a/update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg b/update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg
new file mode 100644
index 0000000..c7da279
--- /dev/null
+++ b/update-manager/release-upgrades.d/ubuntu-advantage-upgrades.cfg
@@ -0,0 +1,4 @@
+[Sources]
+Pockets=security,updates,proposed,backports,infra-security,infra-updates,apps-security,apps-updates
+[Distro]
+PostInstallScripts=./xorg_fix_proprietary.py, /usr/lib/ubuntu-advantage/upgrade_lts_contract.py
diff --git a/update-motd.d/88-esm-announce b/update-motd.d/88-esm-announce
new file mode 100755
index 0000000..44b521b
--- /dev/null
+++ b/update-motd.d/88-esm-announce
@@ -0,0 +1,4 @@
+#!/bin/sh
+stamp="/var/lib/ubuntu-advantage/messages/motd-esm-announce"
+
+[ ! -r "$stamp" ] || cat "$stamp"
diff --git a/update-motd.d/91-contract-ua-esm-status b/update-motd.d/91-contract-ua-esm-status
new file mode 100755
index 0000000..cc82334
--- /dev/null
+++ b/update-motd.d/91-contract-ua-esm-status
@@ -0,0 +1,8 @@
+#!/bin/sh
+esm_stamp="/var/lib/ubuntu-advantage/messages/motd-esm-service-status"
+
+[ ! -r "$esm_stamp" ] || cat "$esm_stamp"
+
+auto_attach_stamp="/var/lib/ubuntu-advantage/messages/motd-auto-attach-status"
+
+[ ! -r "$auto_attach_stamp" ] || cat "$auto_attach_stamp"
-- 
2.43.0