a) What happens if an older adsys receives a policy that sets these new dconf usb settings? Will it be ignored, will it crash, or something else? I think this should be part of the test plan, or if automated tests check for this scenario, then just add a note stating so.
The two other comments I have are not specific to any of the 3 bugs this upload is fixing, but about the upload in general: b) There is a tmp directory in the diff that looks like it's a build or test artifact, and it is not present in the package currently in updates: tmp/cMKE91wkKA/adsys-0.14.2~22.04/tmp/21kxRXRjme/adsys-0.14.2~22.04/tmp/IOVgtSyoq1/adsys-0.15.1/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/LockDown/mount-removable-storage-devices-as-read-only.md tmp/cMKE91wkKA/adsys-0.14.2~22.04/tmp/21kxRXRjme/adsys-0.14.2~22.04/tmp/IOVgtSyoq1/adsys-0.15.1/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Privacy/usb-protection-level.md tmp/cMKE91wkKA/adsys-0.14.2~22.04/tmp/21kxRXRjme/adsys-0.14.2~22.04/tmp/IOVgtSyoq1/adsys-0.15.1/docs/reference/policies/User Policies/Ubuntu/Desktop/Shell/Privacy/usb-protection.md It does not look like it should be part of the upload, but let me know if I'm wrong. c) It needs rebasing, because while this upload was waiting in the unapproved queue, a security update happened: https://launchpad.net/ubuntu/+source/adsys/0.14.2~24.04ubuntu0.1 adsys (0.14.2~24.04ubuntu0.1) noble-security; urgency=medium * No change rebuild due to golang-1.22 update -- Evan Caville <[email protected]> Mon, 11 Nov 2024 10:15:58 +1000 That is a no-change rebuild, so we would not lose the security fix in this upload here, but given (b), plus that it's nice to preserve changelog history and this is not a backport from later releases, I think this should be fixed as well. Given how long this was in the unapproved queue without anyone noticing/looking, please feel free to ping me directly anytime during my working hours when there is an update here, and I will do a review. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2081968 Title: [SRU] Add support for DCONF usb settings Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Jammy: New Status in adsys source package in Noble: New Bug description: [Impact] adsys does not have support for some USB settings in DCONF [Test Plan] 1. Configure the administrative templates in the AD server: - The templates can be generated through adsys with `adsysctl policy admx all` 2. Configure a GPO that applies the new DCONF USB settings, they are located at: - {GPO}->User Config.->Policies->Admin. Templates->Ubuntu->Desktop->Shell-> - LockDown->Mount removable storage devices as read-only - Privacy->Whether to protect USB devices - Privacy->When USB devices should be rejected 3. Login with an AD user to which the configured GPO should be applied 4. Ensure the DCONF keys are configured as expected. [Where Problems Could Occur] This only affects the generation of the XML files that will be deployed on the Windows AD server to allow for the DCONF keys to be configured, it has no impact on Ubuntu. ------------------------------------ [Original Description] Adds support for some DCONF usb related settings: Allows for usbguard configuration and mounting removable media as read-only. SRU placeholder for fix: https://github.com/ubuntu/adsys/pull/1096 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2081968/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
