pro security-status not showing support as expected.

Hello, oshirowanen, thanks for reporting this issue.

Yes, the text there is misleading. After enabling Ubuntu Pro, you DO get updates until 2028. It works like this:
- You have support until 2023 with the regular LTS support
- You have support from 2023 to 2028 with Pro and esm-infra enabled, which is missing in the text.

Your support is assured, don't worry. But the message should say it right, we will fix it.

Good to know. Thank you.

In the SRU review it was noticed that the apt environment used to update the ESM cache is not really isolated from the system. For example, we noticed that the APT::Update::Pre-Invoke hook was called twice if a user ran just "apt update".

APT::Update::Pre-Invoke {
        "[ ! -e /run/systemd/system ] || systemctl start --no-block apt-news.service esm-cache.service || true";
};

https://pastebin.ubuntu.com/p/hkZyzKmjj8/ shows the hook being called twice: line 29, and line 45.

This happens because esm-cache.service, in the end, calls apt update again (via the python library). We just don't get a nasty loop here because systemd won't start a second copy of esm-cache.service.

This lack of isolation is a concern. All hooks from the system apt (defined in /etc/apt) will be called by the esm-only apt, maybe even in parallel, depending on timing. There are hooks to update stamp files, and motd. There are many unknowns here.

We discussed this at length with the Pro team, and will take the following approach:
- the Pro team work on isolating the esm-cache apt instance, and pull in only very specific configs from the system apt (/etc/apt), like proxy settings, and other settings they identify as being needed
- I will accept u-a-t into proposed, so that the other aspects of this SRU can be tested in parallel, but with the condition that: a) the Pro team will come up with a new set of fixes on top for the "shared config" issue identified above, and upload a new version to proposed; b) this package I'm accepting into proposed today MUST NOT be released. I will add a block-proposed tag to this bug to that effect
- when the improved package is ready to be uploaded, it shall be accepted in to proposed on top of today's package, and a new round of testing will be done. Initially only on top of the new changes, but if possible, the whole test suite.

Hello oshirowanen, or anyone else affected,

Accepted ubuntu-advantage-tools into kinetic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.13~22.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-kinetic to verification-done-kinetic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-kinetic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello oshirowanen, or anyone else affected,

Accepted ubuntu-advantage-tools into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.13~22.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello oshirowanen, or anyone else affected,

Accepted ubuntu-advantage-tools into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.13~20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello oshirowanen, or anyone else affected,

Accepted ubuntu-advantage-tools into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.13~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello oshirowanen, or anyone else affected,

Accepted ubuntu-advantage-tools into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.13~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

This bug was fixed in the package ubuntu-advantage-tools - 27.13~23.04.1

---------------
ubuntu-advantage-tools (27.13~23.04.1) lunar; urgency=medium

  * d/bash-completion:
    - enable autocomplete for the 'pro' command (GH: #2280)
  * d/control:
    - update the package description
  * d/postinst:
    - remove unauthenticated esm repos from Xenial systems (LP: #1990378)
  * New upstream release 27.13 (LP: #2003018)
    - apt:
      + remove logic which added repositories and pinned them to 'never' to
        enable access to esm package lists
      + add functionality to create and update a local apt esm cache with
        the lists for esm-infra and esm-apps
    - apt-hook: update the cpp hook to use the local esm apt cache
    - apt-news:
      + fetch and display APT News in apt upgrade
      + show contract expiration notices in the apt news output
    - attach: support attaching without being able to install snapd
      (LP: #1997514)
    - cli:
      + do not show invalid subcommands in autocomplete (GH: #2279)
      + add support for attaching through the web portal, without a token
    - config: add apt_news_url option
    - docs: reorganize documentation and correct information
    - esm-apps: release the service as GA
    - jobs:
      + remove the update_status job
      + remove unused job which checks for the system EOL
    - messaging: do not fail if the apt-hook executable is not present
      (LP: #1994480)
    - motd: announce esm-apps as GA
    - security-status:
      + use the local esm cache to report updates when the services are
        disabled
      + redesign output to properly show support (LP: #2002407)
    - services: add new service to update the local esm caches
    - ros: release the service as GA
    - bug fixes:
      + report reboot_required even if 'livepatch status' fails
      + do not create unexpected environment variables when the autocomplete
        script runs
      + contract requests do not cause 'pro status' to fail
      + remove auto-attach motd message if any failure happens
      + log when 'cloud-id' fails
      + always honor the metering job timer config
      + write files atomically

 -- Renan Rodrigo <email address hidden> Mon, 16 Jan 2023 10:01:11 -0300

Hello oshirowanen, or anyone else affected,

Accepted ubuntu-advantage-tools into kinetic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.13.1~22.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-kinetic to verification-done-kinetic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-kinetic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello oshirowanen, or anyone else affected,

Accepted ubuntu-advantage-tools into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.13.1~22.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello oshirowanen, or anyone else affected,

Accepted ubuntu-advantage-tools into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.13.1~20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello oshirowanen, or anyone else affected,

Accepted ubuntu-advantage-tools into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.13.1~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello oshirowanen, or anyone else affected,

Accepted ubuntu-advantage-tools into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ubuntu-advantage-tools/27.13.1~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

I have verified this bug with the following script:

---------------------------------
#!/bin/bash
set -e

series=$1
token=$2
name=$series-dev

cleanup () {
  lxc delete $name --force
}

on_err () {
  echo -e "Test Failed"
  cleanup
  exit 1
}

trap on_err ERR

lxc launch ubuntu-daily:$series $name
sleep 10

echo "##############################"
echo "Update to latest version of pro (27.12)"
lxc exec $name -- sudo apt-get update > /dev/null
lxc exec $name -- sudo apt-get install ubuntu-advantage-tools -y > /dev/null
lxc exec $name -- apt-cache policy ubuntu-advantage-tools
echo -e "##############################\n"

echo "##############################"
echo "Attach to Pro subscription"
lxc exec $name -- sudo pro attach $token
echo -e "##############################\n"

echo "##############################"
echo "Run pro security-status (Verify that the esm-infra date is incorrect)"
lxc exec $name -- pro security-status
echo -e "##############################\n"

echo "##############################"
echo "Installing package from proposed"
lxc exec $name -- sh -c "echo \"deb http://archive.ubuntu.com/ubuntu $series-proposed main\" | tee /etc/apt/sources.list.d/proposed.list"
lxc exec $name -- sudo apt-get update > /dev/null
lxc exec $name -- sudo apt-get install ubuntu-advantage-tools -y > /dev/null
lxc exec $name -- apt-cache policy ubuntu-advantage-tools
echo -e "##############################\n"

echo "##############################"
echo "Run pro security-status (Verify that the esm-infra date is now correct)"
lxc exec $name -- pro security-status
echo "##############################"

cleanup
----------------------------------

And I can confirm that `pro security-status` is working as expected.
PS: Note we will not see dates wrong dates on Xenial, is it already ESM and Kinetic does not have esm-infra support

I verified all test logs and am satisfied that they followed the proposed test plan. Noted the exception for xenial (already under ESM, dates are correct), and kinetic (not an LTS, so no change).

The package built correctly in all architectures and ubuntu releases it was meant for.

There are no DEP8 regressions.

There is no SRU freeze ongoing at the moment.

There is no halted phasing for previous SRUs of ubuntu-advantage-tools.

This bug was fixed in the package ubuntu-advantage-tools - 27.13.1~22.10.1

---------------
ubuntu-advantage-tools (27.13.1~22.10.1) kinetic; urgency=medium

  * Backport new upstream release: (LP: #2003018) to kinetic

ubuntu-advantage-tools (27.13.1~23.04.1) lunar; urgency=medium

  * apt: better isolate apt esm cache by only fetching necessary
    configuration from the system apt

ubuntu-advantage-tools (27.13~23.04.1) lunar; urgency=medium

  * d/bash-completion:
    - enable autocomplete for the 'pro' command (GH: #2280)
  * d/control:
    - update the package description
  * d/postinst:
    - remove unauthenticated esm repos from Xenial systems (LP: #1990378)
  * New upstream release 27.13 (LP: #2003018)
    - apt:
      + remove logic which added repositories and pinned them to 'never' to
        enable access to esm package lists
      + add functionality to create and update a local apt esm cache with
        the lists for esm-infra and esm-apps
    - apt-hook: update the cpp hook to use the local esm apt cache
    - apt-news:
      + fetch and display APT News in apt upgrade
      + show contract expiration notices in the apt news output
    - attach: support attaching without being able to install snapd
      (LP: #1997514)
    - cli:
      + do not show invalid subcommands in autocomplete (GH: #2279)
      + add support for attaching through the web portal, without a token
    - config: add apt_news_url option
    - docs: reorganize documentation and correct information
    - esm-apps: release the service as GA
    - jobs:
      + remove the update_status job
      + remove unused job which checks for the system EOL
    - messaging: do not fail if the apt-hook executable is not present
      (LP: #1994480)
    - motd: announce esm-apps as GA
    - security-status:
      + use the local esm cache to report updates when the services are
        disabled
      + redesign output to properly show support (LP: #2002407)
    - services: add new service to update the local esm caches
    - ros: release the service as GA
    - bug fixes:
      + report reboot_required even if 'livepatch status' fails
      + do not create unexpected environment variables when the autocomplete
        script runs
      + contract requests do not cause 'pro status' to fail
      + remove auto-attach motd message if any failure happens
      + log when 'cloud-id' fails
      + always honor the metering job timer config
      + write files atomically

 -- Lucas Moura <email address hidden> Mon, 23 Jan 2023 12:28:56 -0300

The verification of the Stable Release Update for ubuntu-advantage-tools has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package ubuntu-advantage-tools - 27.13.1~22.04.1

---------------
ubuntu-advantage-tools (27.13.1~22.04.1) jammy; urgency=medium

  * Backport new upstream release: (LP: #2003018) to jammy

ubuntu-advantage-tools (27.13.1~23.04.1) lunar; urgency=medium

  * apt: better isolate apt esm cache by only fetching necessary
    configuration from the system apt

ubuntu-advantage-tools (27.13~23.04.1) lunar; urgency=medium

  * d/bash-completion:
    - enable autocomplete for the 'pro' command (GH: #2280)
  * d/control:
    - update the package description
  * d/postinst:
    - remove unauthenticated esm repos from Xenial systems (LP: #1990378)
  * New upstream release 27.13 (LP: #2003018)
    - apt:
      + remove logic which added repositories and pinned them to 'never' to
        enable access to esm package lists
      + add functionality to create and update a local apt esm cache with
        the lists for esm-infra and esm-apps
    - apt-hook: update the cpp hook to use the local esm apt cache
    - apt-news:
      + fetch and display APT News in apt upgrade
      + show contract expiration notices in the apt news output
    - attach: support attaching without being able to install snapd
      (LP: #1997514)
    - cli:
      + do not show invalid subcommands in autocomplete (GH: #2279)
      + add support for attaching through the web portal, without a token
    - config: add apt_news_url option
    - docs: reorganize documentation and correct information
    - esm-apps: release the service as GA
    - jobs:
      + remove the update_status job
      + remove unused job which checks for the system EOL
    - messaging: do not fail if the apt-hook executable is not present
      (LP: #1994480)
    - motd: announce esm-apps as GA
    - security-status:
      + use the local esm cache to report updates when the services are
        disabled
      + redesign output to properly show support (LP: #2002407)
    - services: add new service to update the local esm caches
    - ros: release the service as GA
    - bug fixes:
      + report reboot_required even if 'livepatch status' fails
      + do not create unexpected environment variables when the autocomplete
        script runs
      + contract requests do not cause 'pro status' to fail
      + remove auto-attach motd message if any failure happens
      + log when 'cloud-id' fails
      + always honor the metering job timer config
      + write files atomically

 -- Lucas Moura <email address hidden> Mon, 23 Jan 2023 12:28:48 -0300

This bug was fixed in the package ubuntu-advantage-tools - 27.13.1~20.04.1

---------------
ubuntu-advantage-tools (27.13.1~20.04.1) focal; urgency=medium

  * Backport new upstream release: (LP: #2003018) to focal

ubuntu-advantage-tools (27.13.1~23.04.1) lunar; urgency=medium

  * apt: better isolate apt esm cache by only fetching necessary
    configuration from the system apt

ubuntu-advantage-tools (27.13~23.04.1) lunar; urgency=medium

  * d/bash-completion:
    - enable autocomplete for the 'pro' command (GH: #2280)
  * d/control:
    - update the package description
  * d/postinst:
    - remove unauthenticated esm repos from Xenial systems (LP: #1990378)
  * New upstream release 27.13 (LP: #2003018)
    - apt:
      + remove logic which added repositories and pinned them to 'never' to
        enable access to esm package lists
      + add functionality to create and update a local apt esm cache with
        the lists for esm-infra and esm-apps
    - apt-hook: update the cpp hook to use the local esm apt cache
    - apt-news:
      + fetch and display APT News in apt upgrade
      + show contract expiration notices in the apt news output
    - attach: support attaching without being able to install snapd
      (LP: #1997514)
    - cli:
      + do not show invalid subcommands in autocomplete (GH: #2279)
      + add support for attaching through the web portal, without a token
    - config: add apt_news_url option
    - docs: reorganize documentation and correct information
    - esm-apps: release the service as GA
    - jobs:
      + remove the update_status job
      + remove unused job which checks for the system EOL
    - messaging: do not fail if the apt-hook executable is not present
      (LP: #1994480)
    - motd: announce esm-apps as GA
    - security-status:
      + use the local esm cache to report updates when the services are
        disabled
      + redesign output to properly show support (LP: #2002407)
    - services: add new service to update the local esm caches
    - ros: release the service as GA
    - bug fixes:
      + report reboot_required even if 'livepatch status' fails
      + do not create unexpected environment variables when the autocomplete
        script runs
      + contract requests do not cause 'pro status' to fail
      + remove auto-attach motd message if any failure happens
      + log when 'cloud-id' fails
      + always honor the metering job timer config
      + write files atomically

 -- Lucas Moura <email address hidden> Mon, 23 Jan 2023 12:28:43 -0300

This bug was fixed in the package ubuntu-advantage-tools - 27.13.1~18.04.1

---------------
ubuntu-advantage-tools (27.13.1~18.04.1) bionic; urgency=medium

  * Backport new upstream release: (LP: #2003018) to bionic

ubuntu-advantage-tools (27.13.1~23.04.1) lunar; urgency=medium

  * apt: better isolate apt esm cache by only fetching necessary
    configuration from the system apt

ubuntu-advantage-tools (27.13~23.04.1) lunar; urgency=medium

  * d/bash-completion:
    - enable autocomplete for the 'pro' command (GH: #2280)
  * d/control:
    - update the package description
  * d/postinst:
    - remove unauthenticated esm repos from Xenial systems (LP: #1990378)
  * New upstream release 27.13 (LP: #2003018)
    - apt:
      + remove logic which added repositories and pinned them to 'never' to
        enable access to esm package lists
      + add functionality to create and update a local apt esm cache with
        the lists for esm-infra and esm-apps
    - apt-hook: update the cpp hook to use the local esm apt cache
    - apt-news:
      + fetch and display APT News in apt upgrade
      + show contract expiration notices in the apt news output
    - attach: support attaching without being able to install snapd
      (LP: #1997514)
    - cli:
      + do not show invalid subcommands in autocomplete (GH: #2279)
      + add support for attaching through the web portal, without a token
    - config: add apt_news_url option
    - docs: reorganize documentation and correct information
    - esm-apps: release the service as GA
    - jobs:
      + remove the update_status job
      + remove unused job which checks for the system EOL
    - messaging: do not fail if the apt-hook executable is not present
      (LP: #1994480)
    - motd: announce esm-apps as GA
    - security-status:
      + use the local esm cache to report updates when the services are
        disabled
      + redesign output to properly show support (LP: #2002407)
    - services: add new service to update the local esm caches
    - ros: release the service as GA
    - bug fixes:
      + report reboot_required even if 'livepatch status' fails
      + do not create unexpected environment variables when the autocomplete
        script runs
      + contract requests do not cause 'pro status' to fail
      + remove auto-attach motd message if any failure happens
      + log when 'cloud-id' fails
      + always honor the metering job timer config
      + write files atomically

 -- Lucas Moura <email address hidden> Mon, 23 Jan 2023 12:28:37 -0300

This bug was fixed in the package ubuntu-advantage-tools - 27.13.1~16.04.1

---------------
ubuntu-advantage-tools (27.13.1~16.04.1) xenial; urgency=medium

  * Backport new upstream release: (LP: #2003018) to xenial

ubuntu-advantage-tools (27.13.1~23.04.1) lunar; urgency=medium

  * apt: better isolate apt esm cache by only fetching necessary
    configuration from the system apt

ubuntu-advantage-tools (27.13~23.04.1) lunar; urgency=medium

  * d/bash-completion:
    - enable autocomplete for the 'pro' command (GH: #2280)
  * d/control:
    - update the package description
  * d/postinst:
    - remove unauthenticated esm repos from Xenial systems (LP: #1990378)
  * New upstream release 27.13 (LP: #2003018)
    - apt:
      + remove logic which added repositories and pinned them to 'never' to
        enable access to esm package lists
      + add functionality to create and update a local apt esm cache with
        the lists for esm-infra and esm-apps
    - apt-hook: update the cpp hook to use the local esm apt cache
    - apt-news:
      + fetch and display APT News in apt upgrade
      + show contract expiration notices in the apt news output
    - attach: support attaching without being able to install snapd
      (LP: #1997514)
    - cli:
      + do not show invalid subcommands in autocomplete (GH: #2279)
      + add support for attaching through the web portal, without a token
    - config: add apt_news_url option
    - docs: reorganize documentation and correct information
    - esm-apps: release the service as GA
    - jobs:
      + remove the update_status job
      + remove unused job which checks for the system EOL
    - messaging: do not fail if the apt-hook executable is not present
      (LP: #1994480)
    - motd: announce esm-apps as GA
    - security-status:
      + use the local esm cache to report updates when the services are
        disabled
      + redesign output to properly show support (LP: #2002407)
    - services: add new service to update the local esm caches
    - ros: release the service as GA
    - bug fixes:
      + report reboot_required even if 'livepatch status' fails
      + do not create unexpected environment variables when the autocomplete
        script runs
      + contract requests do not cause 'pro status' to fail
      + remove auto-attach motd message if any failure happens
      + log when 'cloud-id' fails
      + always honor the metering job timer config
      + write files atomically

 -- Lucas Moura <email address hidden> Mon, 23 Jan 2023 12:28:29 -0300