[Desktop-packages] [Bug 2078473] Re: Discovery of KRB5 ticket fails even if ticket is discoverable
** Description changed: tracking bug https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245 [ Impact ] Even if the krb5 ticket is discoverable, the discovery fails (but actually succeeded) So we cannot retrieve the policies or do any action with the controller. [ Test Plan ] This is not something that can be easily reproduced in a real environment, so the best approach to reproduce this issue is: - 1. Get adsys codebase before the fix. You can do this by getting the available version in the archive with `apt source adsys`. - 2. Run the TestTicketPath test located in internal/ad/krb5_test.go as many times as needed to get the failure (using `go test -run TestTicketPatch -count X` inside the mentioned directory runs the test X times). + 1. Get adsys codebase before the fix. You can do this by getting the available version in the archive with the command: + apt source adsys + 2. Run the TestTicketPath test located in internal/ad/krb5_test.go as many times as needed to get the failure. To run the test, open a terminal and, inside the mentioned directory, runs the test X times with the command: + go test -run TestTicketPatch -count X 3. The test can fail due to krb5_init_context changing the errno without returning any error. + + Without the patched version the test will fail after a number of runs. + With the patch, it will not fail. [ Where problems could occur ] We now reset errno to 0, because krb5_init_context() can alter it, even if it succeeds. So the discovery always returns success when it succeeds. Worst case would be that discovery failed but errno is set to 0 but this is handled earlier in the code. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2078473 Title: Discovery of KRB5 ticket fails even if ticket is discoverable Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Jammy: New Status in adsys source package in Noble: New Bug description: tracking bug https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245 [ Impact ] Even if the krb5 ticket is discoverable, the discovery fails (but actually succeeded) So we cannot retrieve the policies or do any action with the controller. [ Test Plan ] This is not something that can be easily reproduced in a real environment, so the best approach to reproduce this issue is: 1. Get adsys codebase before the fix. You can do this by getting the available version in the archive with the command: apt source adsys 2. Run the TestTicketPath test located in internal/ad/krb5_test.go as many times as needed to get the failure. To run the test, open a terminal and, inside the mentioned directory, runs the test X times with the command: go test -run TestTicketPatch -count X 3. The test can fail due to krb5_init_context changing the errno without returning any error. Without the patched version the test will fail after a number of runs. With the patch, it will not fail. [ Where problems could occur ] We now reset errno to 0, because krb5_init_context() can alter it, even if it succeeds. So the discovery always returns success when it succeeds. Worst case would be that discovery failed but errno is set to 0 but this is handled earlier in the code. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078473/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2078246] Re: Ignore casing in domain/ section of sssd.conf
** Description changed: Upstream issues: https://github.com/ubuntu/adsys/issues/1054 + tracking bug https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245 [ Impact ] adsys does not accept uppercase domainnames and lowercase ones mixed like this: - [sssd] domains = domain.tld config_file_version = 2 services = nss, pam, ifp default_domain_suffix = domain.tld [domain/DOMAIN.TLD] default_shell = /bin/bash - This imposed to set all the domains to lower cases. This has been introduced by the support for Winbind. - [ Test Plan ] 1. In sssd.conf set the value of the key "domains" and the correponding section to the same domain but with different casing 2. Log in without the patch, the user cannot log in and the following error is displayed in the logs: Jul 17 15:06:09 HOSTNAME systemd[1]: Starting ADSys daemon service... Jul 17 15:06:09 HOSTNAME adsysd[35284]: level=error msg="couldn't create adsys service: could not initialize AD backend: can't get domain configuration from {Conf:/etc/sssd/sssd.conf CacheDir:/var/lib/sss/db}:could not find AD domain section corresponding to "domain.tld"> with the patch the user can log in - [ Where problems could occur ] Worst case, the user still cannot log in [ Other Info ] -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2078246 Title: Ignore casing in domain/ section of sssd.conf Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Jammy: New Status in adsys source package in Noble: New Bug description: Upstream issues: https://github.com/ubuntu/adsys/issues/1054 tracking bug https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245 [ Impact ] adsys does not accept uppercase domainnames and lowercase ones mixed like this: [sssd] domains = domain.tld config_file_version = 2 services = nss, pam, ifp default_domain_suffix = domain.tld [domain/DOMAIN.TLD] default_shell = /bin/bash This imposed to set all the domains to lower cases. This has been introduced by the support for Winbind. [ Test Plan ] 1. In sssd.conf set the value of the key "domains" and the correponding section to the same domain but with different casing 2. Log in without the patch, the user cannot log in and the following error is displayed in the logs: Jul 17 15:06:09 HOSTNAME systemd[1]: Starting ADSys daemon service... Jul 17 15:06:09 HOSTNAME adsysd[35284]: level=error msg="couldn't create adsys service: could not initialize AD backend: can't get domain configuration from {Conf:/etc/sssd/sssd.conf CacheDir:/var/lib/sss/db}:could not find AD domain section corresponding to "domain.tld"> with the patch the user can log in [ Where problems could occur ] Worst case, the user still cannot log in [ Other Info ] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078246/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2078473] Re: Discovery of KRB5 ticket fails even if ticket is discoverable
** Description changed: + tracking bug + https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245 + [ Impact ] Even if the krb5 ticket is discoverable, the discovery fails (but actually succeeded) So we cannot retrieve the policies or do any action with the controller. - [ Test Plan ] 1. [ Where problems could occur ] We now reset errno to 0, because krb5_init_context() can alter it, even if it succeeds. So the discovery always returns success when it succeeds. Worst case would be that discovery failed but errno is set to 0 but this is handled earlier in the code. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2078473 Title: Discovery of KRB5 ticket fails even if ticket is discoverable Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Jammy: New Status in adsys source package in Noble: New Bug description: tracking bug https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245 [ Impact ] Even if the krb5 ticket is discoverable, the discovery fails (but actually succeeded) So we cannot retrieve the policies or do any action with the controller. [ Test Plan ] 1. [ Where problems could occur ] We now reset errno to 0, because krb5_init_context() can alter it, even if it succeeds. So the discovery always returns success when it succeeds. Worst case would be that discovery failed but errno is set to 0 but this is handled earlier in the code. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078473/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2078247] Re: rewrite from / to @ formats overwrites usernames
** Description changed: + tracking bug + https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245 + [ Impact ] In this code, the string was not zero terminated properly when overwritten resulting in extra characters: static char *slash_to_at_username(const char *username) { - char *backslash = strchr(username, '\\'); - if (backslash != NULL) { - char *ret = malloc((strlen(username) + 1) * sizeof(char)); - strcpy(ret, backslash + 1); - strcat(ret, "@"); - strncpy(ret + strlen(ret), username, backslash - username); - return ret; - } - return strdup(username); + char *backslash = strchr(username, '\\'); + if (backslash != NULL) { + char *ret = malloc((strlen(username) + 1) * sizeof(char)); + strcpy(ret, backslash + 1); + strcat(ret, "@"); + strncpy(ret + strlen(ret), username, backslash - username); + return ret; + } + return strdup(username); For instance: domain.tld\\user was changed to user@domain.tldld So se user cannot login with the domain\user format [ Test Plan ] 1. On a machine joined to an AD domain with ADsys installed, login with domain\user => Without the patch the user cannot log in => With the patch the user can log in - [ Where problems could occur ] Worst case the user still cannot log in -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2078247 Title: rewrite from / to @ formats overwrites usernames Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Jammy: New Status in adsys source package in Noble: New Bug description: tracking bug https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245 [ Impact ] In this code, the string was not zero terminated properly when overwritten resulting in extra characters: static char *slash_to_at_username(const char *username) { char *backslash = strchr(username, '\\'); if (backslash != NULL) { char *ret = malloc((strlen(username) + 1) * sizeof(char)); strcpy(ret, backslash + 1); strcat(ret, "@"); strncpy(ret + strlen(ret), username, backslash - username); return ret; } return strdup(username); For instance: domain.tld\\user was changed to user@domain.tldld So se user cannot login with the domain\user format [ Test Plan ] 1. On a machine joined to an AD domain with ADsys installed, login with domain\user => Without the patch the user cannot log in => With the patch the user can log in [ Where problems could occur ] Worst case the user still cannot log in To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078247/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2078245] Re: DCONF policy manager removes userdb on empty policy
** Description changed: Upstream issue https://github.com/ubuntu/adsys/issues/1002 + tracking bug https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245 [ Impact ] - This is a regression introduced by the implementation of the purge command in 0.14.1. + This is a regression introduced by the implementation of the purge command in 0.14.1. When the user doesn't have at least one dconf setting set in a policy, the following error is thrown: unable to open named profile (user@domain): using the null configuration - [ Test Plan ] - 1. Create a policy with no dconf rule and make sure it applies to the user or the machiune under test + 1. Create a policy with no dconf rule and make sure it applies to the user or the machiune under test 2. Login on the machine Without the patched version the following error is displayed: "unable to open named profile (user@domain): using the null configuration" With the patched version no error happens - [ Where problems could occur ] The code that purges the dconf DB has been removed. Worst case, a dconf setting still applies while all the dconf rules have been removed from the policy. But then next time the policies applies you'll just end up with an empty dconf db and no dconf settings enforced. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2078245 Title: DCONF policy manager removes userdb on empty policy Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Jammy: New Status in adsys source package in Noble: New Bug description: Upstream issue https://github.com/ubuntu/adsys/issues/1002 tracking bug https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245 [ Impact ] This is a regression introduced by the implementation of the purge command in 0.14.1. When the user doesn't have at least one dconf setting set in a policy, the following error is thrown: unable to open named profile (user@domain): using the null configuration [ Test Plan ] 1. Create a policy with no dconf rule and make sure it applies to the user or the machiune under test 2. Login on the machine Without the patched version the following error is displayed: "unable to open named profile (user@domain): using the null configuration" With the patched version no error happens [ Where problems could occur ] The code that purges the dconf DB has been removed. Worst case, a dconf setting still applies while all the dconf rules have been removed from the policy. But then next time the policies applies you'll just end up with an empty dconf db and no dconf settings enforced. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2079824] [NEW] [SRU] bug fix release of adsys 0.14.2
Public bug reported: This is the master bug to track the SRU of ADSys 0.14.2 to 22.04 and 24.04 This version is a bug fix release that addresses the following issues: adsys (0.15) oracular; urgency=medium * Fix DCONF policy manager removing user DB on empty policy (LP: #2078245) * Ignore casing in domain/ section of sssd.conf (LP: #2078246) * Fix parsing of slash usernames (i.e. domain\user) (LP: #2078247) * Fix errno in get_ticket_path(LP: #2078473) ** Affects: adsys (Ubuntu) Importance: High Status: Fix Released ** Affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New ** Affects: adsys (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: adsys (Ubuntu Noble) Importance: Undecided Status: New ** Changed in: adsys (Ubuntu) Status: New => Fix Released ** Changed in: adsys (Ubuntu) Importance: Undecided => High ** Summary changed: - [sru] release of adsys 0.15.2 + [sru] release of adsys 0.14.2 ** Summary changed: - [sru] release of adsys 0.14.2 + [SRU] bug fix release of adsys 0.14.2 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2079824 Title: [SRU] bug fix release of adsys 0.14.2 Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Jammy: New Status in adsys source package in Noble: New Bug description: This is the master bug to track the SRU of ADSys 0.14.2 to 22.04 and 24.04 This version is a bug fix release that addresses the following issues: adsys (0.15) oracular; urgency=medium * Fix DCONF policy manager removing user DB on empty policy (LP: #2078245) * Ignore casing in domain/ section of sssd.conf (LP: #2078246) * Fix parsing of slash usernames (i.e. domain\user) (LP: #2078247) * Fix errno in get_ticket_path(LP: #2078473) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2079824/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
@Sean thanks for your report. Could you file a separate but report for your issue? Also we've a bug fix release coming that is currently available in a PPA. If you can reproduce your issue, could you test the version from the PPA (https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/adsys) and report if it fixes your issue. Thanks. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2024377 Title: Adsys can't fetch GPOs Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Jammy: Fix Released Status in adsys source package in Mantic: Won't Fix Bug description: This bug is not being verified individually because of the use of the SRU exception process (LP: #2059756) - Bad, maybe no understandable english ahead. Can't find anything related to this on Github, Canonical Forums, Reddit or StackOverflow. On Ubuntu 22.04, I've followed the Wiki tutorial and verified all steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD backend, I can log with Active Directory users however when adsys is installed I can't fetch GPOs. In this version the error is: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument It happens when using "adsysctl update -m" or "adsysctl update usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just "adsysctl update" too. I've upgrade the machine to 22.10 and the error changed to: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). After upgrade to 23.04 the error persist same as the above. Full info 22.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[2504:109556]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" DEBUG GPO "ubuntuRoot" for "ubuntu" available at "smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}" DEBUG Analyzing "assets" DEBUG Analyzing "ubuntuRoot" INFO No assets directory with GPT.INI file found on AD, skipping assets download ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument Full info 23.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". DEBUG Connecting as [[58811:006019]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER') Additional info: Domain Controller and machine are on the same subnet without firewall on any level; Domain Controller is a Windows Server 201
[Desktop-packages] [Bug 2078473] Re: Discovery of KRB5 ticket fails even if ticket is discoverable
** Description changed: - [placeholder for - https://github.com/ubuntu/adsys/pull/1065/commits/3d71626665b1560de9159b3b12c13bd5dc3d091a] + [ Impact ] + + Even if the krb5 ticket is discoverable, the discovery fails (but + actually succeeded) So we cannot retrieve the policies or do any action + with the controller. + + + [ Test Plan ] + + 1. + + [ Where problems could occur ] + + We now reset errno to 0, because krb5_init_context() can alter it, even + if it succeeds. So the discovery always returns success when it + succeeds. + + Worst case would be that discovery failed but errno is set to 0 but this + is handled earlier in the code. ** Also affects: adsys (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2078473 Title: Discovery of KRB5 ticket fails even if ticket is discoverable Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Jammy: New Status in adsys source package in Noble: New Bug description: [ Impact ] Even if the krb5 ticket is discoverable, the discovery fails (but actually succeeded) So we cannot retrieve the policies or do any action with the controller. [ Test Plan ] 1. [ Where problems could occur ] We now reset errno to 0, because krb5_init_context() can alter it, even if it succeeds. So the discovery always returns success when it succeeds. Worst case would be that discovery failed but errno is set to 0 but this is handled earlier in the code. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078473/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2078247] Re: rewrite from / to @ formats overwrites usernames
** Description changed: - [placeholder for https://warthogs.atlassian.net/browse/UDENG-4314] + [ Impact ] + + In this code, the string was not zero terminated properly when + overwritten resulting in extra characters: + + static char *slash_to_at_username(const char *username) { + char *backslash = strchr(username, '\\'); + if (backslash != NULL) { + char *ret = malloc((strlen(username) + 1) * sizeof(char)); + strcpy(ret, backslash + 1); + strcat(ret, "@"); + strncpy(ret + strlen(ret), username, backslash - username); + return ret; + } + return strdup(username); + + For instance: + domain.tld\\user was changed to user@domain.tldld + + So se user cannot login with the domain\user format + + [ Test Plan ] + + 1. On a machine joined to an AD domain with ADsys installed, login with + domain\user + + => Without the patch the user cannot log in + => With the patch the user can log in + + + [ Where problems could occur ] + + Worst case the user still cannot log in ** Also affects: adsys (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2078247 Title: rewrite from / to @ formats overwrites usernames Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Jammy: New Status in adsys source package in Noble: New Bug description: [ Impact ] In this code, the string was not zero terminated properly when overwritten resulting in extra characters: static char *slash_to_at_username(const char *username) { char *backslash = strchr(username, '\\'); if (backslash != NULL) { char *ret = malloc((strlen(username) + 1) * sizeof(char)); strcpy(ret, backslash + 1); strcat(ret, "@"); strncpy(ret + strlen(ret), username, backslash - username); return ret; } return strdup(username); For instance: domain.tld\\user was changed to user@domain.tldld So se user cannot login with the domain\user format [ Test Plan ] 1. On a machine joined to an AD domain with ADsys installed, login with domain\user => Without the patch the user cannot log in => With the patch the user can log in [ Where problems could occur ] Worst case the user still cannot log in To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078247/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2078246] Re: Ignore casing in domain/ section of sssd.conf
** Description changed: - [placeholder for https://github.com/ubuntu/adsys/pull/1079] + Upstream issues: https://github.com/ubuntu/adsys/issues/1054 + + [ Impact ] + + adsys does not accept uppercase domainnames and lowercase ones mixed + like this: + + + [sssd] + domains = domain.tld + config_file_version = 2 + services = nss, pam, ifp + default_domain_suffix = domain.tld + + [domain/DOMAIN.TLD] + default_shell = /bin/bash + + + This imposed to set all the domains to lower cases. + This has been introduced by the support for Winbind. + + + [ Test Plan ] + + 1. In sssd.conf set the value of the key "domains" and the correponding section to the same domain but with different casing + 2. Log in + + without the patch, the user cannot log in and the following error is displayed in the logs: + Jul 17 15:06:09 HOSTNAME systemd[1]: Starting ADSys daemon service... + Jul 17 15:06:09 HOSTNAME adsysd[35284]: level=error msg="couldn't create adsys service: could not initialize AD backend: can't get domain configuration from {Conf:/etc/sssd/sssd.conf CacheDir:/var/lib/sss/db}:could not find AD domain section corresponding to "domain.tld"> + + with the patch the user can log in + + + [ Where problems could occur ] + + Worst case, the user still cannot log in + + [ Other Info ] ** Also affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: adsys (Ubuntu Noble) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2078246 Title: Ignore casing in domain/ section of sssd.conf Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Jammy: New Status in adsys source package in Noble: New Bug description: Upstream issues: https://github.com/ubuntu/adsys/issues/1054 [ Impact ] adsys does not accept uppercase domainnames and lowercase ones mixed like this: [sssd] domains = domain.tld config_file_version = 2 services = nss, pam, ifp default_domain_suffix = domain.tld [domain/DOMAIN.TLD] default_shell = /bin/bash This imposed to set all the domains to lower cases. This has been introduced by the support for Winbind. [ Test Plan ] 1. In sssd.conf set the value of the key "domains" and the correponding section to the same domain but with different casing 2. Log in without the patch, the user cannot log in and the following error is displayed in the logs: Jul 17 15:06:09 HOSTNAME systemd[1]: Starting ADSys daemon service... Jul 17 15:06:09 HOSTNAME adsysd[35284]: level=error msg="couldn't create adsys service: could not initialize AD backend: can't get domain configuration from {Conf:/etc/sssd/sssd.conf CacheDir:/var/lib/sss/db}:could not find AD domain section corresponding to "domain.tld"> with the patch the user can log in [ Where problems could occur ] Worst case, the user still cannot log in [ Other Info ] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078246/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2078245] Re: DCONF policy manager removes userdb on empty policy
** Description changed: - upstream issue https://github.com/ubuntu/adsys/pull/1070 + Upstream issue https://github.com/ubuntu/adsys/issues/1002 + [ Impact ] - * An explanation of the effects of the bug on users and justification -for backporting the fix to the stable release. + This is a regression introduced by the implementation of the purge command in 0.14.1. + When the user doesn't have at least one dconf setting set in a policy, the following error is thrown: - * In addition, it is helpful, but not required, to include an -explanation of how the upload fixes this bug. + unable to open named profile (user@domain): using the null configuration + [ Test Plan ] - * detailed instructions how to reproduce the bug + 1. Create a policy with no dconf rule and make sure it applies to the user or the machiune under test + 2. Login on the machine - * these should allow someone who is not familiar with the affected -package to reproduce the bug and verify that the updated package -fixes the problem. + Without the patched version the following error is displayed: + "unable to open named profile (user@domain): using the null configuration" - * if other testing is appropriate to perform before landing this -update, this should also be described here. + With the patched version no error happens + [ Where problems could occur ] - - * Think about what the upload changes in the software. Imagine the -change is wrong or breaks something else: how would this show up? - - * It is assumed that any SRU candidate patch is well-tested before -upload and has a low overall risk of regression, but it's important -to make the effort to think about what ''could'' happen in the event -of a regression. - - * This must never be "None" or "Low", or entirely an argument as to why -your upload is low risk. - - * This both shows the SRU team that the risks have been considered, -and provides guidance to testers in regression-testing the SRU. - - [ Other Info ] - - * Anything else you think is useful to include - - * Anticipate questions from users, SRU, +1 maintenance, security teams -and the Technical Board and address these questions in advance + The code that purges the dconf DB has been removed. Worst case, a dconf setting still applies while all the dconf rules have been removed from the policy. But then next time the policies applies you'll just end up with an empty dconf db and no dconf settings enforced. ** Also affects: adsys (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2078245 Title: DCONF policy manager removes userdb on empty policy Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Jammy: New Status in adsys source package in Noble: New Bug description: Upstream issue https://github.com/ubuntu/adsys/issues/1002 [ Impact ] This is a regression introduced by the implementation of the purge command in 0.14.1. When the user doesn't have at least one dconf setting set in a policy, the following error is thrown: unable to open named profile (user@domain): using the null configuration [ Test Plan ] 1. Create a policy with no dconf rule and make sure it applies to the user or the machiune under test 2. Login on the machine Without the patched version the following error is displayed: "unable to open named profile (user@domain): using the null configuration" With the patched version no error happens [ Where problems could occur ] The code that purges the dconf DB has been removed. Worst case, a dconf setting still applies while all the dconf rules have been removed from the policy. But then next time the policies applies you'll just end up with an empty dconf db and no dconf settings enforced. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2078245] Re: DCONF policy manager removes userdb on empty policy
** Description changed: - [placeholder for https://github.com/ubuntu/adsys/pull/1070] + upstream issue https://github.com/ubuntu/adsys/pull/1070 + [ Impact ] + + * An explanation of the effects of the bug on users and justification +for backporting the fix to the stable release. + + * In addition, it is helpful, but not required, to include an +explanation of how the upload fixes this bug. + + [ Test Plan ] + + * detailed instructions how to reproduce the bug + + * these should allow someone who is not familiar with the affected +package to reproduce the bug and verify that the updated package +fixes the problem. + + * if other testing is appropriate to perform before landing this +update, this should also be described here. + + [ Where problems could occur ] + + * Think about what the upload changes in the software. Imagine the +change is wrong or breaks something else: how would this show up? + + * It is assumed that any SRU candidate patch is well-tested before +upload and has a low overall risk of regression, but it's important +to make the effort to think about what ''could'' happen in the event +of a regression. + + * This must never be "None" or "Low", or entirely an argument as to why +your upload is low risk. + + * This both shows the SRU team that the risks have been considered, +and provides guidance to testers in regression-testing the SRU. + + [ Other Info ] + + * Anything else you think is useful to include + + * Anticipate questions from users, SRU, +1 maintenance, security teams +and the Technical Board and address these questions in advance -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2078245 Title: DCONF policy manager removes userdb on empty policy Status in adsys package in Ubuntu: Fix Released Bug description: upstream issue https://github.com/ubuntu/adsys/pull/1070 [ Impact ] * An explanation of the effects of the bug on users and justification for backporting the fix to the stable release. * In addition, it is helpful, but not required, to include an explanation of how the upload fixes this bug. [ Test Plan ] * detailed instructions how to reproduce the bug * these should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem. * if other testing is appropriate to perform before landing this update, this should also be described here. [ Where problems could occur ] * Think about what the upload changes in the software. Imagine the change is wrong or breaks something else: how would this show up? * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This must never be "None" or "Low", or entirely an argument as to why your upload is low risk. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [ Other Info ] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board and address these questions in advance To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2078245] [NEW] DCONF policy manager removes userdb on empty policy
Public bug reported: [placeholder for https://github.com/ubuntu/adsys/pull/1070] ** Affects: adsys (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2078245 Title: DCONF policy manager removes userdb on empty policy Status in adsys package in Ubuntu: New Bug description: [placeholder for https://github.com/ubuntu/adsys/pull/1070] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2078246] [NEW] Ignore casing in domain/ section of sssd.conf
Public bug reported: [placeholder for https://github.com/ubuntu/adsys/pull/1079] ** Affects: adsys (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2078246 Title: Ignore casing in domain/ section of sssd.conf Status in adsys package in Ubuntu: New Bug description: [placeholder for https://github.com/ubuntu/adsys/pull/1079] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078246/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2078247] [NEW] rewrite from / to @ formats overwrites usernames
Public bug reported: [placeholder for https://warthogs.atlassian.net/browse/UDENG-4314] ** Affects: adsys (Ubuntu) Importance: Undecided Status: New ** Summary changed: - username overwritten during rewrite from / to @ + rewrite from / to @ formats overwrites usernames -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2078247 Title: rewrite from / to @ formats overwrites usernames Status in adsys package in Ubuntu: New Bug description: [placeholder for https://warthogs.atlassian.net/browse/UDENG-4314] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078247/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
We plan to SRU the stack to Mantic and align all the supported releases on the same version. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 Status in adsys package in Ubuntu: Fix Released Status in golang-1.22 package in Ubuntu: Fix Released Status in adsys source package in Jammy: Confirmed Status in golang-1.22 source package in Jammy: Confirmed Status in adsys source package in Mantic: Confirmed Status in golang-1.22 source package in Mantic: Confirmed Bug description: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise- desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenroll
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
** Also affects: adsys (Ubuntu Mantic) Importance: Undecided Status: New ** Also affects: golang-1.22 (Ubuntu Mantic) Importance: Undecided Status: New ** Changed in: adsys (Ubuntu Mantic) Status: New => Confirmed ** Changed in: golang-1.22 (Ubuntu Mantic) Status: New => Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 Status in adsys package in Ubuntu: Fix Released Status in golang-1.22 package in Ubuntu: Fix Released Status in adsys source package in Jammy: Confirmed Status in golang-1.22 source package in Jammy: Confirmed Status in adsys source package in Mantic: Confirmed Status in golang-1.22 source package in Mantic: Confirmed Bug description: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise- desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Depen
[Desktop-packages] [Bug 2007742] Re: Can't update stage views actor (regarding MetaWindowGroup, MetaWindowActorX11, MetaSurfaceActorX11)
Same issue on Ubuntu 24.04 noble LTS: - gnome-shell: 46.0-0ubuntu5 - linux 6.8.0-19-generic #19-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar 14 14:56:46 UTC 2024 x86_64 - DisplayManager: lightdm 1.30.0-0ubuntu14 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-shell in Ubuntu. https://bugs.launchpad.net/bugs/2007742 Title: Can't update stage views actor (regarding MetaWindowGroup, MetaWindowActorX11, MetaSurfaceActorX11) Status in GNOME Shell: New Status in Mutter: New Status in gnome-shell package in Ubuntu: Confirmed Bug description: These messages repeat: [ 105.711276] ingenika gnome-shell[2919]: Can't update stage views actor [:0x55bba91da500] is on because it needs an allocation. [ 105.711772] ingenika gnome-shell[2919]: Can't update stage views actor [:0x55bbac95c330] is on because it needs an allocation. [ 105.711903] ingenika gnome-shell[2919]: Can't update stage views actor [:0x55bbae726860] is on because it needs an allocation. --- ProblemType: Bug DistroRelease: Ubuntu 22.10 Package: gnome-shell 43.1-0ubuntu1 Uname: Linux 6.1.11-060111-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Fri Feb 17 21:54:39 2023 DisplayManager: gdm3 InstallationDate: Installed on 2022-08-22 (179 days ago) InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1) RelatedPackageVersions: mutter-common 43.0-1ubuntu4 SourcePackage: gnome-shell UpgradeStatus: Upgraded to kinetic on 2023-02-08 (9 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-shell/+bug/2007742/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2049061] Re: adsysctl update with a domain user fails if KRB5CCNAME is not set
Hi Timo, We plan to do a release of ADSys from 24.04 to 22.04 which contains much more than this bug and we'll cover the testing of the entirety of the package. Master SRU bug https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756 We'll send the exception request in the coming days. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2049061 Title: adsysctl update with a domain user fails if KRB5CCNAME is not set Status in adsys package in Ubuntu: Fix Released Bug description: In an environment where /etc/krb5.conf sets "default_ccache_name = FILE:/tmp/krb5cc_%{uid}" and you don't have the KRB5CCNAME variable set, running "adsysctl update" with a AD domain user will fail. If you either export the variable with the path to the kerberos ticket OR run the command "adsysctl update " it works. The adsysctl command should fallback to the default location when KRB5CCNAME is not defined or have a mechanism to query klist and find the Kerberos tickets location. Given that adsys can't find Kerberos tickets when `klist` does. It seems like a feature parity issue, granted, an edge case. Here is an example of a reproducer: https://pastebin.ubuntu.com/p/FjyTWQChjM/ ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: adsys 0.9.2~22.04.2 ProcVersionSignature: Ubuntu 6.2.0-1014.14~22.04.1-aws 6.2.16 Uname: Linux 6.2.0-1014-aws x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CloudArchitecture: x86_64 CloudID: aws CloudName: aws CloudPlatform: ec2 CloudRegion: us-west-2 CloudSubPlatform: metadata (http://169.254.169.254) CurrentDesktop: ubuntu:GNOME Date: Thu Jan 11 11:39:06 2024 Ec2AMI: ami-00094f7041bb1b79d Ec2AMIManifest: (unknown) Ec2Architecture: x86_64 Ec2AvailabilityZone: us-west-2b Ec2Imageid: ami-00094f7041bb1b79d Ec2InstanceType: t3.large Ec2Instancetype: t3.large Ec2Kernel: unavailable Ec2Ramdisk: unavailable Ec2Region: us-west-2 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.utf8 SHELL=/bin/bash RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: sssd 2.6.3-1ubuntu3.2 python3-samba 2:4.15.13+dfsg-0ubuntu1.5 SourcePackage: adsys UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.polkit-1.localauthority.conf.d.99-adsys-privilege-enforcement.conf: [deleted] modified.conffile..etc.sudoers.d.99-adsys-privilege-enforcement: [deleted] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2049061/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) * Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0&queue_text= [test plan] # Process Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment (https://github.com/ubuntu/adsys/actions/workflows/e2e-tests.yaml). The team applied the following qual
[Desktop-packages] [Bug 2062557] Re: [FFe] add trace-cmd to standand seed
** Also affects: ubuntu-meta (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/2062557 Title: [FFe] add trace-cmd to standand seed Status in trace-cmd package in Ubuntu: Triaged Status in ubuntu-meta package in Ubuntu: New Bug description: trace-cmd is one of the package to be available in Ubuntu by default as part of the Performance Engineering tools initiative. See https://discourse.ubuntu.com/t/spec-include-performance-tooling-in- ubuntu/43134 for more details. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/trace-cmd/+bug/2062557/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2062564] Re: [FFe] Seed pemmican
** Also affects: ubuntu-meta (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to ubuntu-meta in Ubuntu. https://bugs.launchpad.net/bugs/2062564 Title: [FFe] Seed pemmican Status in pemmican package in Ubuntu: New Status in ubuntu-meta package in Ubuntu: New Bug description: [ Impact ] Add pemmican to raspi server and desktop images in order that Pi 5 users can be notified if/when overcurrent or undervolt events occur (potentially resulting in brownout, data-corruption, and all manner of other symptoms typically caused as a result of undervolt). [ Test Plan ] On all supported models of Pi: * Boot the image with pemmican installed * Ensure boot proceeds normally with package installed and that no warnings appear On the Pi 5 specifically: * Boot the image normally * Ensure boot proceeds normally with package installed and that no warnings appear * Using bench power-supply to back-feed the Pi, lower voltage until brownout occurs * Reboot and ensure undervolt warning is shown * Shutdown and boot with PSU that cannot negotiate 5A * Ensure deficient PSU warning is shown On the Pi 5 desktop image specifically: * Boot desktop image * Attach USB load tester and raise current draw until USB ports fail * Ensure overcurrent warning is displayed [ Regression Potential ] Quite low given all the tests noted above have already been performed on all supported models. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pemmican/+bug/2062564/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: + * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) - * Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0&queue_text= + * Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0&queue_text= + [test plan] # Process Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
** Changed in: adsys (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Jammy: New Bug description: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise- desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) * Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0&queue_text= [test plan] # Process Adsys follows a robust continuous integration and testing process. It is covere
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) + * Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0&queue_text= [test plan] # Process Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment (https://github.com/ubuntu/adsys/actions/workflows/e2e-tests.yaml). The team applied the following quality criteria: * All cha
[Desktop-packages] [Bug 2043376] Re: adsys cant fetch gpos ubuntu 22.04.3
** Changed in: adsys (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2043376 Title: adsys cant fetch gpos ubuntu 22.04.3 Status in adsys package in Ubuntu: Incomplete Bug description: VERSIONS: ubuntu 22.04.3 libsmbclient 2:4.15.13+dfsg-0ubuntu1.5 adsysctl 0.9.2~22.04.2 adsysd 0.9.2~22.04.2 Hi when i try the command adsysctl update -m or --all i receive this error: Error from server: error while updating policy: cant get policies for "ubuntuvm": failed to retrieve the list of GPO (exited with -1): signal: killed Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). Result of adsysctl service cat -vvv NFO github.com/ubuntu/adsys/internal/config/config.go:73 Init() No configuration file: Config File "adsys" Not Found in "[/home/ubuntuvm /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[41753:876951]] DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27 StreamServerInterceptor.func1() New request /service/Cat DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() Requesting with parameters: DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() Check if grpc request peer is authorized DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:191 Authorizer.isAllowed() Polkit call result, authorized: true DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:397 (*AD).ListActiveUsers() [[41745:695267]] ListActiveUsers INFO github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:39 StreamServerInterceptor.func1() Error sent to client: error while updating policy: can't get policies for "ubuntuvm": failed to retrieve the list of GPO (exited with -1): signal: killed DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:33 StreamServerInterceptor.func1.1() Request /service/UpdatePolicy done INFO github.com/ubuntu/adsys/internal/grpc/interceptorschain/chainer.go:16 StreamServer.func1.1.1() New connection from client [[41768:773422]] DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27 StreamServerInterceptor.func1() [[41768:773422]] New request /service/UpdatePolicy DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() [[41768:773422]] Requesting with parameters: IsComputer: false, All: true, Target: , Krb5Cc: DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:571 (*AD).NormalizeTargetName() [[41768:773422]] NormalizeTargetName for "", type "computer" DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() [[41768:773422]] Check if grpc request peer is authorized DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:150 Authorizer.isAllowed() [[41768:773422]] Authorized as being administrator DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:225 (*AD).GetPolicies() [[41768:773422]] GetPolicies for "ubuntuvm", type "computer" DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:293 (*AD).GetPolicies() [[41768:773422]] Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com ubuntuvm" DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:397 (*AD).ListActiveUsers() [[41768:773422]] ListActiveUsers INFO github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:39 StreamServerInterceptor.func1() Error sent to client: error while updating policy: can't get policies for "ubuntuvm": failed to retrieve the list of GPO (exited with -1): signal: killed When I run the commands: export KRB5CCNAME=/var/run/adsys/krb5cc/$(hostname) adsysctl policy debug gpolist-script chmod +x adsys-gpolist ./adsys-gpolist --objectclass computer ldap:// $(hostname) adsys-gpolist script get this error: Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). and the command smbclient get this error smbclient --option='log level=10' ///SYSVOL/ -k -c 'get /Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI /dev/fd/1' | cat I get this error: smbclient --option='log level=10' ///SYSVOL/ -k -c 'get /Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI /dev/fd/1' | cat INFO: Current debug levels: all: 10 tdb: 10
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) [test plan] # Process - Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment. + Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory
[Desktop-packages] [Bug 2059756] Re: [SRU] adsys 0.14.1
** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. + Version 0.14.1 is available for 22.04 in a PPA and already used in + production by customers. + [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues - Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ + Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] - Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog - * New features -* New policies: - - Add mount / network shares policy manager - - Add AppArmor policy manager - - Support multiple AD backends and implement Winbind support - - Add system proxy policy manager - - Add certificate policy manager for machines - - Add adsysctl policy purge command to purge applied policies - - Full documentation - - Full end to end automated test suite. + Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog + * New features + * New policies: + - Add mount / network shares policy manager + - Add AppArmor policy manager + - Support multiple AD backends and implement Winbind support + - Add system proxy policy manager + - Add certificate policy manager for machines + - Add adsysctl policy purge command to purge applied policies + - Full documentation + - Full end to end automated test suite. - * Enhancements - * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine - * Expose Ubuntu Pro status in the "status" command - * Update scripts manager creation - * List Pro policy types in service status output - * Warn when Pro-only rules are configured - * Use systemd via D-Bus instead of systemctl commands - * Add placeholder notes for entry types - * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos - * Rework policy application sync strategy - * Print logs when policies are up to date - * Update policy definitions to include dconf key for dark mode background - * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) - * Allow sssd backend to work without ad_domain being set (LP: #2054445) - * Update apport hook to include journal errors and package logs + * Enhancements + * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine + * Expose Ubuntu Pro status in the "status" command + * Update scripts manager creation + * List Pro policy types in service status output + * Warn when Pro-only rules are configured + * Use systemd via D-Bus instead of systemctl commands + * Add placeholder notes for entry types + * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos + * Rework policy application sync strategy + * Print logs when policies are up to date + * Update policy definitions to include dconf key for dark mode background + * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) + * Allow sssd backend to work without ad_domain being set (LP: #2054445) + * Update apport hook to include journal errors and package logs - * Bug fixes - * Fix policy update failing when GPT.INI contains no version key - * Fix object lookup for users having a FQDN as their hostname - * Support special characters in domains when parsing sssd configuration - * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf - * Ensure empty state for dconf policy - * Handle case mismatches in GPT.INI file name - * Ensure GPO URLs contain the FQDN of the domain contro
[Desktop-packages] [Bug 2059756] [NEW] [SRU] adsys 0.14.1
Public bug reported: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version ** Affects: adsys (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 Status in adsys package in Ubuntu: New Bug description: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated
[Desktop-packages] [Bug 2055300] Re: DEP8 failures in noble/armhf with samba 4.19.5
There is a passing run with samba/2:4.19.5+dfsg-1ubuntu1 This could be a flaky test on armhf. I'm closing this report for now and will look further if it becomes a blocker on this arch in the futur. ** Changed in: adsys (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2055300 Title: DEP8 failures in noble/armhf with samba 4.19.5 Status in adsys package in Ubuntu: Won't Fix Bug description: https://autopkgtest.ubuntu.com/packages/adsys/noble/armhf I did multiple retries already, but the failures look persistent. The tests passed in other architectures, but also needed one retry on arm64. In armhf, there have been 5 retries already. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2055300/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2055300] Re: DEP8 failures in noble/armhf with samba 4.19.5
** Changed in: adsys (Ubuntu) Assignee: (unassigned) => Gabriel Nagy (gabuscus) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2055300 Title: DEP8 failures in noble/armhf with samba 4.19.5 Status in adsys package in Ubuntu: New Bug description: https://autopkgtest.ubuntu.com/packages/adsys/noble/armhf I did multiple retries already, but the failures look persistent. The tests passed in other architectures, but also needed one retry on arm64. In armhf, there have been 5 retries already. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2055300/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2049061] Re: adsysctl update with a domain user fails if KRB5CCNAME is not set
** Changed in: adsys (Ubuntu) Importance: Undecided => Critical ** Changed in: adsys (Ubuntu) Status: Confirmed => Triaged ** Changed in: adsys (Ubuntu) Assignee: (unassigned) => Gabriel Nagy (gabuscus) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2049061 Title: adsysctl update with a domain user fails if KRB5CCNAME is not set Status in adsys package in Ubuntu: Triaged Bug description: In an environment where /etc/krb5.conf sets "default_ccache_name = FILE:/tmp/krb5cc_%{uid}" and you don't have the KRB5CCNAME variable set, running "adsysctl update" with a AD domain user will fail. If you either export the variable with the path to the kerberos ticket OR run the command "adsysctl update " it works. The adsysctl command should fallback to the default location when KRB5CCNAME is not defined or have a mechanism to query klist and find the Kerberos tickets location. Given that adsys can't find Kerberos tickets when `klist` does. It seems like a feature parity issue, granted, an edge case. Here is an example of a reproducer: https://pastebin.ubuntu.com/p/FjyTWQChjM/ ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: adsys 0.9.2~22.04.2 ProcVersionSignature: Ubuntu 6.2.0-1014.14~22.04.1-aws 6.2.16 Uname: Linux 6.2.0-1014-aws x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CloudArchitecture: x86_64 CloudID: aws CloudName: aws CloudPlatform: ec2 CloudRegion: us-west-2 CloudSubPlatform: metadata (http://169.254.169.254) CurrentDesktop: ubuntu:GNOME Date: Thu Jan 11 11:39:06 2024 Ec2AMI: ami-00094f7041bb1b79d Ec2AMIManifest: (unknown) Ec2Architecture: x86_64 Ec2AvailabilityZone: us-west-2b Ec2Imageid: ami-00094f7041bb1b79d Ec2InstanceType: t3.large Ec2Instancetype: t3.large Ec2Kernel: unavailable Ec2Ramdisk: unavailable Ec2Region: us-west-2 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.utf8 SHELL=/bin/bash RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: sssd 2.6.3-1ubuntu3.2 python3-samba 2:4.15.13+dfsg-0ubuntu1.5 SourcePackage: adsys UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.polkit-1.localauthority.conf.d.99-adsys-privilege-enforcement.conf: [deleted] modified.conffile..etc.sudoers.d.99-adsys-privilege-enforcement: [deleted] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2049061/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2049975] Re: Screencast fails when Thai format is enabled
Sorry for not providing enough information. It's Ubuntu 22.04. System: Host: CNX-LAPTOP-5 Kernel: 6.5.0-14-generic x86_64 bits: 64 Desktop: GNOME 42.9 Distro: Ubuntu 22.04.3 LTS (Jammy Jellyfish) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-shell in Ubuntu. https://bugs.launchpad.net/bugs/2049975 Title: Screencast fails when Thai format is enabled Status in gnome-shell package in Ubuntu: Incomplete Bug description: When I try screencasting with Thai format enabled, the program fails with the following error: Jan 20 16:41:55 Khadas-Mind-CNX dbus-daemon[1801]: [session uid=1000 pid=1801] Successfully activated service 'org.gnome.Shell.Screencast' Jan 20 16:41:55 Khadas-Mind-CNX gjs[49974]: JS ERROR: TypeError: datestr is null#012_generateFilePath/<@resource:///org/gnome/Shell/Screencast/js/screencastService.js:319:44#012_generateFilePath@resource:///org/gnome/Shell/Screencast/js/screencastService.js:310:23#012ScreencastAreaAsync@resource:///org/gnome/Shell/Screencast/js/screencastService.js:428:31#012_handleMethodCall@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:354:35#012_wrapJSObject/<@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:387:34#012run@resource:///org/gnome/Shell/Screencast/js/dbusService.js:186:20#012main@resource:///org/gnome/Shell/Screencast/js/main.js:10:13#012run@resource:///org/gnome/gjs/modules/script/package.js:206:19#012start@resource:///org/gnome/gjs/modules/script/package.js:190:8#012@/usr/share/gnome-shell/org.gnome.Shell.Screencast:1:17 Jan 20 16:41:57 Khadas-Mind-CNX gnome-shell[1993]: D-Bus client with active sessions vanished Jan 20 16:41:57 Khadas-Mind-CNX gnome-shell[1993]: Error starting screencast: GDBus.Error:org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying The recording icon shows for two seconds and disappears and nothing is recorded. If I change the format to US, I can record a screencast fine. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/2049975/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2049975] [NEW] Screencast fails when Thai format is enabled
Public bug reported: When I try screencasting with Thai format enabled, the program fails with the following error: Jan 20 16:41:55 Khadas-Mind-CNX dbus-daemon[1801]: [session uid=1000 pid=1801] Successfully activated service 'org.gnome.Shell.Screencast' Jan 20 16:41:55 Khadas-Mind-CNX gjs[49974]: JS ERROR: TypeError: datestr is null#012_generateFilePath/<@resource:///org/gnome/Shell/Screencast/js/screencastService.js:319:44#012_generateFilePath@resource:///org/gnome/Shell/Screencast/js/screencastService.js:310:23#012ScreencastAreaAsync@resource:///org/gnome/Shell/Screencast/js/screencastService.js:428:31#012_handleMethodCall@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:354:35#012_wrapJSObject/<@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:387:34#012run@resource:///org/gnome/Shell/Screencast/js/dbusService.js:186:20#012main@resource:///org/gnome/Shell/Screencast/js/main.js:10:13#012run@resource:///org/gnome/gjs/modules/script/package.js:206:19#012start@resource:///org/gnome/gjs/modules/script/package.js:190:8#012@/usr/share/gnome-shell/org.gnome.Shell.Screencast:1:17 Jan 20 16:41:57 Khadas-Mind-CNX gnome-shell[1993]: D-Bus client with active sessions vanished Jan 20 16:41:57 Khadas-Mind-CNX gnome-shell[1993]: Error starting screencast: GDBus.Error:org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying The recording icon shows for two seconds and disappears and nothing is recorded. If I change the format to US, I can record a screencast fine. ** Affects: gnome-shell (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-shell in Ubuntu. https://bugs.launchpad.net/bugs/2049975 Title: Screencast fails when Thai format is enabled Status in gnome-shell package in Ubuntu: New Bug description: When I try screencasting with Thai format enabled, the program fails with the following error: Jan 20 16:41:55 Khadas-Mind-CNX dbus-daemon[1801]: [session uid=1000 pid=1801] Successfully activated service 'org.gnome.Shell.Screencast' Jan 20 16:41:55 Khadas-Mind-CNX gjs[49974]: JS ERROR: TypeError: datestr is null#012_generateFilePath/<@resource:///org/gnome/Shell/Screencast/js/screencastService.js:319:44#012_generateFilePath@resource:///org/gnome/Shell/Screencast/js/screencastService.js:310:23#012ScreencastAreaAsync@resource:///org/gnome/Shell/Screencast/js/screencastService.js:428:31#012_handleMethodCall@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:354:35#012_wrapJSObject/<@resource:///org/gnome/gjs/modules/core/overrides/Gio.js:387:34#012run@resource:///org/gnome/Shell/Screencast/js/dbusService.js:186:20#012main@resource:///org/gnome/Shell/Screencast/js/main.js:10:13#012run@resource:///org/gnome/gjs/modules/script/package.js:206:19#012start@resource:///org/gnome/gjs/modules/script/package.js:190:8#012@/usr/share/gnome-shell/org.gnome.Shell.Screencast:1:17 Jan 20 16:41:57 Khadas-Mind-CNX gnome-shell[1993]: D-Bus client with active sessions vanished Jan 20 16:41:57 Khadas-Mind-CNX gnome-shell[1993]: Error starting screencast: GDBus.Error:org.freedesktop.DBus.Error.NoReply: Message recipient disconnected from message bus without replying The recording icon shows for two seconds and disappears and nothing is recorded. If I change the format to US, I can record a screencast fine. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/2049975/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
Yes, it is going to be fixed. We are currently in the process of backporting 0.13.2 with the latest fixes and features from noble to 22.04. Sorry for the time it is taking. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2024377 Title: Adsys can't fetch GPOs Status in adsys package in Ubuntu: Fix Released Bug description: Bad, maybe no understandable english ahead. Can't find anything related to this on Github, Canonical Forums, Reddit or StackOverflow. On Ubuntu 22.04, I've followed the Wiki tutorial and verified all steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD backend, I can log with Active Directory users however when adsys is installed I can't fetch GPOs. In this version the error is: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument It happens when using "adsysctl update -m" or "adsysctl update usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just "adsysctl update" too. I've upgrade the machine to 22.10 and the error changed to: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). After upgrade to 23.04 the error persist same as the above. Full info 22.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[2504:109556]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" DEBUG GPO "ubuntuRoot" for "ubuntu" available at "smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}" DEBUG Analyzing "assets" DEBUG Analyzing "ubuntuRoot" INFO No assets directory with GPT.INI file found on AD, skipping assets download ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument Full info 23.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". DEBUG Connecting as [[58811:006019]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER') Additional info: Domain Controller and machine are on the same subnet without firewall on any level; Domain Controller is a Windows Server 2019 updated to the last security version; Both machine and user are on the same OU with "no heritage" enabled and just one policy added to permit usern...@domain.com.br to become root; The info header directory is "/home/jzprates" on both logs because I've collected them using the local account using "sudo adsysctl update -m -"; If I disable Adsys login on pam-auth-update, Ubuntu creates a h
[Desktop-packages] [Bug 2011385] ProcCpuinfoMinimal.txt
apport information ** Attachment added: "ProcCpuinfoMinimal.txt" https://bugs.launchpad.net/bugs/2011385/+attachment/5723443/+files/ProcCpuinfoMinimal.txt -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/2011385 Title: [950XED, Realtek ALC298, Speaker, Internal] No sound at all Status in alsa-driver package in Ubuntu: Confirmed Status in linux-hwe-5.19 package in Ubuntu: New Bug description: only bluetooth can work,im sungsang book2 pro ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: alsa-base 1.0.25+dfsg-0ubuntu7 ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17 Uname: Linux 5.19.0-35-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: wang 1658 F pulseaudio CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Mon Mar 13 15:41:47 2023 InstallationDate: Installed on 2023-03-08 (4 days ago) InstallationMedia: Ubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230223) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaPlaybackTest: ALSA playback test through plughw:sofhdadsp failed Symptom_Card: sof-hda-dsp - sof-hda-dsp Symptom_DevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: wang 1658 F pulseaudio Symptom_Jack: Speaker, Internal Symptom_Type: No sound at all Title: [950XED, Realtek ALC298, Speaker, Internal] No sound at all UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 08/17/2022 dmi.bios.release: 5.25 dmi.bios.vendor: American Megatrends International, LLC. dmi.bios.version: P08RGF.054.220817.ZQ dmi.board.asset.tag: No Asset Tag dmi.board.name: NT950XEW-A51AS dmi.board.vendor: SAMSUNG ELECTRONICS CO., LTD. dmi.board.version: SGLFREEDOS-C00-R000-S+1.0. dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: SAMSUNG ELECTRONICS CO., LTD. dmi.chassis.version: N/A dmi.modalias: dmi:bvnAmericanMegatrendsInternational,LLC.:bvrP08RGF.054.220817.ZQ:bd08/17/2022:br5.25:svnSAMSUNGELECTRONICSCO.,LTD.:pn950XED:pvrP08RGF:rvnSAMSUNGELECTRONICSCO.,LTD.:rnNT950XEW-A51AS:rvrSGLFREEDOS-C00-R000-S+1.0.:cvnSAMSUNGELECTRONICSCO.,LTD.:ct10:cvrN/A:skuSCAI-ICPS-A5A5-ADLP-PRGF: dmi.product.family: Galaxy Book2 Pro dmi.product.name: 950XED dmi.product.sku: SCAI-ICPS-A5A5-ADLP-PRGF dmi.product.version: P08RGF dmi.sys.vendor: SAMSUNG ELECTRONICS CO., LTD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/2011385/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2011385] CurrentDmesg.txt
apport information ** Attachment added: "CurrentDmesg.txt" https://bugs.launchpad.net/bugs/2011385/+attachment/5723442/+files/CurrentDmesg.txt -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/2011385 Title: [950XED, Realtek ALC298, Speaker, Internal] No sound at all Status in alsa-driver package in Ubuntu: Confirmed Status in linux-hwe-5.19 package in Ubuntu: New Bug description: only bluetooth can work,im sungsang book2 pro ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: alsa-base 1.0.25+dfsg-0ubuntu7 ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17 Uname: Linux 5.19.0-35-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: wang 1658 F pulseaudio CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Mon Mar 13 15:41:47 2023 InstallationDate: Installed on 2023-03-08 (4 days ago) InstallationMedia: Ubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230223) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaPlaybackTest: ALSA playback test through plughw:sofhdadsp failed Symptom_Card: sof-hda-dsp - sof-hda-dsp Symptom_DevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: wang 1658 F pulseaudio Symptom_Jack: Speaker, Internal Symptom_Type: No sound at all Title: [950XED, Realtek ALC298, Speaker, Internal] No sound at all UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 08/17/2022 dmi.bios.release: 5.25 dmi.bios.vendor: American Megatrends International, LLC. dmi.bios.version: P08RGF.054.220817.ZQ dmi.board.asset.tag: No Asset Tag dmi.board.name: NT950XEW-A51AS dmi.board.vendor: SAMSUNG ELECTRONICS CO., LTD. dmi.board.version: SGLFREEDOS-C00-R000-S+1.0. dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: SAMSUNG ELECTRONICS CO., LTD. dmi.chassis.version: N/A dmi.modalias: dmi:bvnAmericanMegatrendsInternational,LLC.:bvrP08RGF.054.220817.ZQ:bd08/17/2022:br5.25:svnSAMSUNGELECTRONICSCO.,LTD.:pn950XED:pvrP08RGF:rvnSAMSUNGELECTRONICSCO.,LTD.:rnNT950XEW-A51AS:rvrSGLFREEDOS-C00-R000-S+1.0.:cvnSAMSUNGELECTRONICSCO.,LTD.:ct10:cvrN/A:skuSCAI-ICPS-A5A5-ADLP-PRGF: dmi.product.family: Galaxy Book2 Pro dmi.product.name: 950XED dmi.product.sku: SCAI-ICPS-A5A5-ADLP-PRGF dmi.product.version: P08RGF dmi.sys.vendor: SAMSUNG ELECTRONICS CO., LTD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/2011385/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2011385] AlsaInfo.txt
apport information ** Attachment added: "AlsaInfo.txt" https://bugs.launchpad.net/bugs/2011385/+attachment/5723441/+files/AlsaInfo.txt -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/2011385 Title: [950XED, Realtek ALC298, Speaker, Internal] No sound at all Status in alsa-driver package in Ubuntu: Confirmed Status in linux-hwe-5.19 package in Ubuntu: New Bug description: only bluetooth can work,im sungsang book2 pro ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: alsa-base 1.0.25+dfsg-0ubuntu7 ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17 Uname: Linux 5.19.0-35-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: wang 1658 F pulseaudio CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Mon Mar 13 15:41:47 2023 InstallationDate: Installed on 2023-03-08 (4 days ago) InstallationMedia: Ubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230223) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaPlaybackTest: ALSA playback test through plughw:sofhdadsp failed Symptom_Card: sof-hda-dsp - sof-hda-dsp Symptom_DevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: wang 1658 F pulseaudio Symptom_Jack: Speaker, Internal Symptom_Type: No sound at all Title: [950XED, Realtek ALC298, Speaker, Internal] No sound at all UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 08/17/2022 dmi.bios.release: 5.25 dmi.bios.vendor: American Megatrends International, LLC. dmi.bios.version: P08RGF.054.220817.ZQ dmi.board.asset.tag: No Asset Tag dmi.board.name: NT950XEW-A51AS dmi.board.vendor: SAMSUNG ELECTRONICS CO., LTD. dmi.board.version: SGLFREEDOS-C00-R000-S+1.0. dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: SAMSUNG ELECTRONICS CO., LTD. dmi.chassis.version: N/A dmi.modalias: dmi:bvnAmericanMegatrendsInternational,LLC.:bvrP08RGF.054.220817.ZQ:bd08/17/2022:br5.25:svnSAMSUNGELECTRONICSCO.,LTD.:pn950XED:pvrP08RGF:rvnSAMSUNGELECTRONICSCO.,LTD.:rnNT950XEW-A51AS:rvrSGLFREEDOS-C00-R000-S+1.0.:cvnSAMSUNGELECTRONICSCO.,LTD.:ct10:cvrN/A:skuSCAI-ICPS-A5A5-ADLP-PRGF: dmi.product.family: Galaxy Book2 Pro dmi.product.name: 950XED dmi.product.sku: SCAI-ICPS-A5A5-ADLP-PRGF dmi.product.version: P08RGF dmi.sys.vendor: SAMSUNG ELECTRONICS CO., LTD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/2011385/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2011385] apport information
ProblemType: Bug ApportVersion: 2.27.0-0ubuntu5 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: djib 2733 F pipewire djib 2749 F wireplumber /dev/snd/controlC0: djib 2749 F wireplumber /dev/snd/seq:djib 2733 F pipewire CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 23.10 InstallationDate: Installed on 2023-09-26 (60 days ago) InstallationMedia: Ubuntu 23.04 "Lunar Lobster" - Release amd64 (20230418) Package: linux-hwe-5.19 ProcEnviron: LANG=fr_FR.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR= ProcVersionSignature: Ubuntu 6.5.0-10.10-generic 6.5.3 Tags: mantic wayland-session Uname: Linux 6.5.0-10-generic x86_64 UpgradeStatus: Upgraded to mantic on 2023-11-20 (5 days ago) UserGroups: adm cdrom dip docker lpadmin plugdev sudo users _MarkForUpload: True dmi.bios.date: 07/27/2023 dmi.bios.release: 2.1 dmi.bios.vendor: Razer dmi.bios.version: 2.01 dmi.board.name: SO690 dmi.board.vendor: Razer dmi.board.version: 4 dmi.chassis.type: 10 dmi.chassis.vendor: Razer dmi.ec.firmware.release: 1.9 dmi.modalias: dmi:bvnRazer:bvr2.01:bd07/27/2023:br2.1:efr1.9:svnRazer:pnBlade16-RZ09-0483:pvr9.04:rvnRazer:rnSO690:rvr4:cvnRazer:ct10:cvr:skuRZ09-0483SFH3: dmi.product.family: 1A583006 Razer Blade dmi.product.name: Blade 16 - RZ09-0483 dmi.product.sku: RZ09-0483SFH3 dmi.product.version: 9.04 dmi.sys.vendor: Razer -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to alsa-driver in Ubuntu. https://bugs.launchpad.net/bugs/2011385 Title: [950XED, Realtek ALC298, Speaker, Internal] No sound at all Status in alsa-driver package in Ubuntu: Confirmed Status in linux-hwe-5.19 package in Ubuntu: New Bug description: only bluetooth can work,im sungsang book2 pro ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: alsa-base 1.0.25+dfsg-0ubuntu7 ProcVersionSignature: Ubuntu 5.19.0-35.36~22.04.1-generic 5.19.17 Uname: Linux 5.19.0-35-generic x86_64 ApportVersion: 2.20.11-0ubuntu82.3 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: wang 1658 F pulseaudio CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Mon Mar 13 15:41:47 2023 InstallationDate: Installed on 2023-03-08 (4 days ago) InstallationMedia: Ubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64 (20230223) PackageArchitecture: all SourcePackage: alsa-driver Symptom: audio Symptom_AlsaPlaybackTest: ALSA playback test through plughw:sofhdadsp failed Symptom_Card: sof-hda-dsp - sof-hda-dsp Symptom_DevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: wang 1658 F pulseaudio Symptom_Jack: Speaker, Internal Symptom_Type: No sound at all Title: [950XED, Realtek ALC298, Speaker, Internal] No sound at all UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 08/17/2022 dmi.bios.release: 5.25 dmi.bios.vendor: American Megatrends International, LLC. dmi.bios.version: P08RGF.054.220817.ZQ dmi.board.asset.tag: No Asset Tag dmi.board.name: NT950XEW-A51AS dmi.board.vendor: SAMSUNG ELECTRONICS CO., LTD. dmi.board.version: SGLFREEDOS-C00-R000-S+1.0. dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: SAMSUNG ELECTRONICS CO., LTD. dmi.chassis.version: N/A dmi.modalias: dmi:bvnAmericanMegatrendsInternational,LLC.:bvrP08RGF.054.220817.ZQ:bd08/17/2022:br5.25:svnSAMSUNGELECTRONICSCO.,LTD.:pn950XED:pvrP08RGF:rvnSAMSUNGELECTRONICSCO.,LTD.:rnNT950XEW-A51AS:rvrSGLFREEDOS-C00-R000-S+1.0.:cvnSAMSUNGELECTRONICSCO.,LTD.:ct10:cvrN/A:skuSCAI-ICPS-A5A5-ADLP-PRGF: dmi.product.family: Galaxy Book2 Pro dmi.product.name: 950XED dmi.product.sku: SCAI-ICPS-A5A5-ADLP-PRGF dmi.product.version: P08RGF dmi.sys.vendor: SAMSUNG ELECTRONICS CO., LTD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/2011385/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2024377] Re: Adsys can't fetch GPOs
** Changed in: adsys (Ubuntu) Status: Confirmed => Triaged ** Changed in: adsys (Ubuntu) Importance: Undecided => High ** Changed in: adsys (Ubuntu) Assignee: (unassigned) => Gabriel Nagy (gabuscus) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2024377 Title: Adsys can't fetch GPOs Status in adsys package in Ubuntu: Triaged Bug description: Bad, maybe no understandable english ahead. Can't find anything related to this on Github, Canonical Forums, Reddit or StackOverflow. On Ubuntu 22.04, I've followed the Wiki tutorial and verified all steps on Integration Ubuntu Desktop whitepaper. Currently using SSSD backend, I can log with Active Directory users however when adsys is installed I can't fetch GPOs. In this version the error is: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument It happens when using "adsysctl update -m" or "adsysctl update usern...@domain.com.br /tmp/krb5c_getentId_randomdnumber" and just "adsysctl update" too. I've upgrade the machine to 22.10 and the error changed to: ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). After upgrade to 23.04 the error persist same as the above. Full info 22.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[2504:109556]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" DEBUG GPO "ubuntuRoot" for "ubuntu" available at "smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}" DEBUG Analyzing "assets" DEBUG Analyzing "ubuntuRoot" INFO No assets directory with GPT.INI file found on AD, skipping assets download ERROR Error from server: error while updating policy: can't get policies for "ubuntu": can't download all gpos and assets: one or more error while fetching GPOs and assets: can't download "ubuntuRoot": can't check if ubuntuRoot needs refreshing: no GPT.INI file: cannot open smb://addc01.domain.com.br/SysVol/domain.com.br/Policies/{DF072E7E-6F2F-46D1-A90F-699415F72F2E}/GPT.INI: invalid argument Full info 23.04 (- verbose): INFO No configuration file: Config File "adsys" Not Found in "[/home/jzprates /root /etc /usr/sbin]". DEBUG Connecting as [[58811:006019]] DEBUG New request /service/UpdatePolicy DEBUG Requesting with parameters: IsComputer: true, All: false, Target: ubuntu, Krb5Cc: DEBUG NormalizeTargetName for "ubuntu", type "computer" DEBUG Check if grpc request peer is authorized DEBUG Authorized as being administrator DEBUG GetPolicies for "ubuntu", type "computer" DEBUG Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com.br ubuntu" ERROR Error from server: error while updating policy: can't get policies for "ubuntu": failed to retrieve the list of GPO (exited with 1): exit status 1 Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com.br' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER') Additional info: Domain Controller and machine are on the same subnet without firewall on any level; Domain Controller is a Windows Server 2019 updated to the last security version; Both machine and user are on the same OU with "no heritage" enabled and just one policy added to permit usern...@domain.com.br to become root; The info header directory is "/home/jzprates" on both logs because I've collected them using the local account using "sudo adsysctl update -m -"; If I disable Adsys login o
[Desktop-packages] [Bug 2015403] Re: Feature Request: adsys 802.1X certificate auto-enrolment from Active Directory CA
Thanks for your report. Certificates auto-enrolment will be released in 23.10 and possibly backported to 22.04 (no ETA yet) ** Changed in: adsys (Ubuntu) Importance: Undecided => Wishlist ** Changed in: adsys (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2015403 Title: Feature Request: adsys 802.1X certificate auto-enrolment from Active Directory CA Status in adsys package in Ubuntu: Fix Released Bug description: Hi Team, I'd like to make a feature request to support 802.1X certificate auto- enrolment from Active Directory CA Ideally, certificates for client ubuntu desktops could then be pushed via GPOs from and managed by Active Directory CA This feature would be for Ubuntu 22.04 LTS or later Thanks for you time and consideration! --- Cheers, Jaimes Joschko Canonical Support --- To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2015403/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2034672] [NEW] gnome-shell crashed with signal 5 in g_log_structured_array()
Public bug reported: Mantic 20230907 on Latitude 3320 Crash on boot of the live session ProblemType: Crash DistroRelease: Ubuntu 23.10 Package: gnome-shell 45~rc-0ubuntu1 ProcVersionSignature: Ubuntu 6.3.0-7.7-generic 6.3.5 Uname: Linux 6.3.0-7-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.27.0-0ubuntu2 Architecture: amd64 CasperMD5CheckResult: unknown CasperVersion: 1.482 CrashCounter: 1 CurrentDesktop: ubuntu:GNOME Date: Thu Sep 7 08:02:08 2023 DisplayManager: gdm3 ExecutablePath: /usr/bin/gnome-shell ExecutableTimestamp: 1694028853 LiveMediaBuild: Ubuntu 23.10 "Mantic Minotaur" - Daily amd64 (20230907) ProcCmdline: /usr/bin/gnome-shell ProcCwd: /home/ubuntu ProcEnviron: LANG=C.UTF-8 PATH=(custom, no user) SHELL=/bin/bash XDG_RUNTIME_DIR= RelatedPackageVersions: mutter-common 45~rc-0ubuntu1 Signal: 5 SourcePackage: gnome-shell StacktraceTop: g_log_structured_array () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 g_log_default_handler () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 g_logv () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 g_log () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 ?? () from /usr/lib/x86_64-linux-gnu/mutter-13/libmutter-mtk-13.so.0 Title: gnome-shell crashed with signal 5 in g_log_structured_array() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo users separator: ** Affects: gnome-shell (Ubuntu) Importance: Medium Status: New ** Tags: amd64 apport-crash mantic ** Information type changed from Private to Public -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-shell in Ubuntu. https://bugs.launchpad.net/bugs/2034672 Title: gnome-shell crashed with signal 5 in g_log_structured_array() Status in gnome-shell package in Ubuntu: New Bug description: Mantic 20230907 on Latitude 3320 Crash on boot of the live session ProblemType: Crash DistroRelease: Ubuntu 23.10 Package: gnome-shell 45~rc-0ubuntu1 ProcVersionSignature: Ubuntu 6.3.0-7.7-generic 6.3.5 Uname: Linux 6.3.0-7-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.27.0-0ubuntu2 Architecture: amd64 CasperMD5CheckResult: unknown CasperVersion: 1.482 CrashCounter: 1 CurrentDesktop: ubuntu:GNOME Date: Thu Sep 7 08:02:08 2023 DisplayManager: gdm3 ExecutablePath: /usr/bin/gnome-shell ExecutableTimestamp: 1694028853 LiveMediaBuild: Ubuntu 23.10 "Mantic Minotaur" - Daily amd64 (20230907) ProcCmdline: /usr/bin/gnome-shell ProcCwd: /home/ubuntu ProcEnviron: LANG=C.UTF-8 PATH=(custom, no user) SHELL=/bin/bash XDG_RUNTIME_DIR= RelatedPackageVersions: mutter-common 45~rc-0ubuntu1 Signal: 5 SourcePackage: gnome-shell StacktraceTop: g_log_structured_array () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 g_log_default_handler () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 g_logv () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 g_log () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 ?? () from /usr/lib/x86_64-linux-gnu/mutter-13/libmutter-mtk-13.so.0 Title: gnome-shell crashed with signal 5 in g_log_structured_array() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo users separator: To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/2034672/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2018672] Re: Gnome 44: GDM background configurable with gsettings
Setting to high because it is a regression introduced by Gnome 44. ** Changed in: gnome-shell (Ubuntu) Assignee: Didier Roche-Tolomelli (didrocks) => Sebastien Bacher (seb128) ** Changed in: gnome-shell (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-shell in Ubuntu. https://bugs.launchpad.net/bugs/2018672 Title: Gnome 44: GDM background configurable with gsettings Status in gnome-shell package in Ubuntu: Confirmed Bug description: [Description] The prior implementation of exposing the login screen background setting via `gsettings` is not working as expected in Gnome 44 and Ubuntu 23.04. Specifically, the background image is infact set, however, the default Gnome theme appears as an overlay on top of the com.ubuntu.login-screen schema. This appears as the default grey background with a remarkably high alpha value of 0.975 from my inspection. If you set a very high contrast background image, you can just make out the outline in beneath the greeter. My expectation would be that we can set the greeter parameters using the provided gsettings keys, and set the background-color to transparent to only display the configured background-picture-uri key. gdm@zen:~$ gsettings list-keys com.ubuntu.login-screen background-color background-picture-uri background-repeat background-size [Test Case] 1. Boot a desktop session 2. Verify that the default aubergine background is displayed in the greeter. 3. Login as the administrator of the machine 4. Install systemd-container 5. Switch to the GDM user: $ sudo machinectl shell gdm@ /bin/bash 6. Apply a different background with the command: $ gsettings set com.ubuntu.login-screen background-picture-uri 'file:///usr/share/backgrounds/Lunar-lobster-side_by_Gixo-light.png' 7. Logout 8. Verify that the image 'Lunar-lobster-side_by_Gixo-light.png' is displayed as the background of the greeter. 9. Observe the remaining grey overlay with high alpha value. After login, the background image is briefly displayed without the overlay before initiating the user gnome shell session. [Further Investigation] PRATAP-KUMAR has done some excellent work overcoming this with their GitHub project, and it appears that modifying the Gnome theme with this script correctly sets the transparency. However, perhaps there are two layers to the greeter, and even though the background image is set, the additional layer is not exposed for configuration via gsettings. https://github.com/PRATAP-KUMAR/ubuntu-gdm-set- background/blob/main/ubuntu-gdm-set- background-23.04-transparent#L168-L171 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/2018672/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2013235]
*** This bug has been marked as a duplicate of bug 469961 *** -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to mutter in Ubuntu. https://bugs.launchpad.net/bugs/2013235 Title: Drag and Drop not working in Qt-Applications on Gnome 44 Status in Kdenlive: Invalid Status in Mutter: Fix Released Status in mutter package in Ubuntu: Fix Committed Bug description: Drag and drop items within Qt applications not working since upgrade to Ubuntu Lunar developmental release. The items can be picked up then the cursor changed to the "forbid" sign and no further interaction to the app. Confirmed affected apps: 3d Slicer, Krita. Upstream bug report: https://gitlab.gnome.org/GNOME/mutter/-/issues/2715 To manage notifications about this bug go to: https://bugs.launchpad.net/kdenlive/+bug/2013235/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2013235]
As reported, this is caused by a bug in mutter affecting all Qt Apps: https://gitlab.gnome.org/GNOME/mutter/-/issues/2715 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to mutter in Ubuntu. https://bugs.launchpad.net/bugs/2013235 Title: Drag and Drop not working in Qt-Applications on Gnome 44 Status in Kdenlive: Invalid Status in Mutter: Fix Released Status in mutter package in Ubuntu: Fix Committed Bug description: Drag and drop items within Qt applications not working since upgrade to Ubuntu Lunar developmental release. The items can be picked up then the cursor changed to the "forbid" sign and no further interaction to the app. Confirmed affected apps: 3d Slicer, Krita. Upstream bug report: https://gitlab.gnome.org/GNOME/mutter/-/issues/2715 To manage notifications about this bug go to: https://bugs.launchpad.net/kdenlive/+bug/2013235/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2013235]
*** Bug 470255 has been marked as a duplicate of this bug. *** -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to mutter in Ubuntu. https://bugs.launchpad.net/bugs/2013235 Title: Drag and Drop not working in Qt-Applications on Gnome 44 Status in Kdenlive: Invalid Status in Mutter: Fix Released Status in mutter package in Ubuntu: Fix Committed Bug description: Drag and drop items within Qt applications not working since upgrade to Ubuntu Lunar developmental release. The items can be picked up then the cursor changed to the "forbid" sign and no further interaction to the app. Confirmed affected apps: 3d Slicer, Krita. Upstream bug report: https://gitlab.gnome.org/GNOME/mutter/-/issues/2715 To manage notifications about this bug go to: https://bugs.launchpad.net/kdenlive/+bug/2013235/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1897456] Re: [Z390 M, Realtek ALC892, Green Line Out, Rear] No sound at all
I have the same issue after a recent kernel update. Not sure if the cause is the same, but after about 5 hours looking to the issue, the mostly likely cause seems well explained on this bug comment: https://bugzilla.kernel.org/show_bug.cgi?id=208061#c5 In my case. Distro v: 20.04.6 LTS Kernel v: 5.15.0-71-generic I'm hoping the upstream kernel will have the regression with jack sensing fixed. Via the CLI, I can use alas directly and the sound card works fine, but with pulseaudio, it claims the ports are not available / connected and refuses to default sound output to the analogue line out port because jack sensing fails and even in gnome audio settings it won't list analogue audio as an option. ** Bug watch added: Linux Kernel Bug Tracker #208061 https://bugzilla.kernel.org/show_bug.cgi?id=208061 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1897456 Title: [Z390 M, Realtek ALC892, Green Line Out, Rear] No sound at all Status in pulseaudio package in Ubuntu: Confirmed Bug description: The desktop speakers not working. No sound at all. However the same setup of sound port and speakers work fine on Windows. I am using the Green port for the speakers. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: pulseaudio 1:13.99.1-1ubuntu3.6 ProcVersionSignature: Ubuntu 5.4.0-48.52-generic 5.4.60 Uname: Linux 5.4.0-48-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.20.11-0ubuntu27.8 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: suds 1634 F pulseaudio /dev/snd/controlC0: suds 1634 F pulseaudio CasperMD5CheckResult: skip CurrentDesktop: ubuntu:GNOME Date: Sun Sep 27 18:38:58 2020 InstallationDate: Installed on 2020-07-04 (84 days ago) InstallationMedia: Ubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423) SourcePackage: pulseaudio Symptom: audio Symptom_AlsaPlaybackTest: ALSA playback test through plughw:PCH successful Symptom_Card: Built-in Audio - HDA Intel PCH Symptom_DevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC1: gdm1132 F pulseaudio suds 1634 F pulseaudio /dev/snd/controlC0: gdm1132 F pulseaudio suds 1634 F pulseaudio Symptom_Jack: Green Line Out, Rear Symptom_PulsePlaybackTest: PulseAudio playback test failed Symptom_Type: No sound at all Title: [Z390 M, Realtek ALC892, Green Line Out, Rear] No sound at all UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 10/15/2019 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: F5 dmi.board.asset.tag: Default string dmi.board.name: Z390 M-CF dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.board.version: x.x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrF5:bd10/15/2019:svnGigabyteTechnologyCo.,Ltd.:pnZ390M:pvrDefaultstring:rvnGigabyteTechnologyCo.,Ltd.:rnZ390M-CF:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring: dmi.product.family: Default string dmi.product.name: Z390 M dmi.product.sku: Default string dmi.product.version: Default string dmi.sys.vendor: Gigabyte Technology Co., Ltd. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1897456/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1961508] Re: Dock displaying over window after resuming from blank screen
Affected here, 22.04.1 with Wayland, didn't happen with X11. I thought that this bug was this one: https://gitlab.gnome.org/GNOME/mutter/-/issues/1627 How can we fix this? Is there any possible workaround? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-shell-extension-ubuntu-dock in Ubuntu. https://bugs.launchpad.net/bugs/1961508 Title: Dock displaying over window after resuming from blank screen Status in Dash to dock: Unknown Status in Mutter: New Status in gnome-shell package in Ubuntu: Confirmed Status in gnome-shell-extension-ubuntu-dock package in Ubuntu: Confirmed Status in mutter package in Ubuntu: Confirmed Status in gnome-desktop package in Fedora: Confirmed Bug description: I have Blank Screen set to happen after 2 minutes of inactivity. When resuming from a Blank Screen (by moving the mouse or touching the keyboard), the Dock is displayed over the top of the current program. To get it back to normal I need to click "Restore Down" on the current programs window and then "Maximize" so that the Dock no longer overlaps it. (Note: I have Auto-hide dock turned off.) This only happens sometimes. I can't reproduce the bug it every time. - 1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> About Ubuntu - Ubuntu 21.10 2) The version of the package you are using, via 'apt-cache policy pkgname' or by checking in Software Center - Not sure (I guess the Dock is part of the Gnome interface?) 3) What you expected to happen - Dock should not overlap the current program on resume from screen blank. 4) What happened instead - The Dock overlaps the current program on resume from screen blank. --- ProblemType: Bug ApportVersion: 2.20.11-0ubuntu71 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME DisplayManager: gdm3 DistroRelease: Ubuntu 21.10 InstallationDate: Installed on 2022-02-18 (24 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012) Package: gnome-shell-extension-ubuntu-dock PackageArchitecture: amd64 ProcVersionSignature: Ubuntu 5.13.0-35.40-generic 5.13.19 RelatedPackageVersions: mutter-common 40.5-1ubuntu3~21.10.1 Tags: wayland-session impish Uname: Linux 5.13.0-35-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True --- ProblemType: Bug ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME DisplayManager: gdm3 DistroRelease: Ubuntu 22.10 InstallationDate: Installed on 2022-02-18 (328 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012) Package: mutter PackageArchitecture: amd64 ProcVersionSignature: Ubuntu 5.19.0-28.29-generic 5.19.17 RebootRequiredPkgs: Error: path contained symlinks. RelatedPackageVersions: mutter-common 43.0-1ubuntu4 Tags: wayland-session third-party-packages kinetic Uname: Linux 5.19.0-28-generic x86_64 UpgradeStatus: Upgraded to kinetic on 2022-10-25 (79 days ago) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True To manage notifications about this bug go to: https://bugs.launchpad.net/dash-to-dock/+bug/1961508/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1998082] Re: Hotspot Login window [gnome-shell-portal-helper] randomly opens with https://help.ubuntu.com
Confirmed and setting priority to high given the potential number of users affected. ** Changed in: gnome-shell (Ubuntu) Importance: Undecided => High ** Changed in: gnome-shell (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-shell in Ubuntu. https://bugs.launchpad.net/bugs/1998082 Title: Hotspot Login window [gnome-shell-portal-helper] randomly opens with https://help.ubuntu.com Status in gnome-shell package in Ubuntu: Confirmed Bug description: Hotspot Login window [gnome-shell-portal-helper] randomly opens with https://help.ubuntu.com I'm not even using wifi. I don't care about hotspots. ProblemType: Bug DistroRelease: Ubuntu 23.04 Package: gnome-shell 43.1-2ubuntu1 ProcVersionSignature: Ubuntu 5.19.0-21.21-generic 5.19.7 Uname: Linux 5.19.0-21-generic x86_64 ApportVersion: 2.23.1-0ubuntu3 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Mon Nov 28 16:40:28 2022 DisplayManager: gdm3 ExecutablePath: /usr/libexec/gnome-shell-portal-helper GsettingsChanges: b'org.gnome.shell' b'welcome-dialog-last-shown-version' b"'43.0'" b'org.gnome.desktop.app-folders' b'folder-children' b"['Utilities', 'YaST']" b'org.gnome.desktop.input-sources' b'sources' b"[('xkb', 'us')]" b'org.gnome.desktop.privacy' b'report-technical-problems' b'true' InstallationDate: Installed on 2022-11-28 (0 days ago) InstallationMedia: Ubuntu 23.04 "Lunar Lobster" - Alpha amd64 (20221126) ProcEnviron: SHELL=/bin/bash XDG_RUNTIME_DIR= PATH=(custom, no user) LANGUAGE=en_AU:en LANG=en_AU.UTF-8 RelatedPackageVersions: mutter-common 43.0-1ubuntu5 SourcePackage: gnome-shell UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1998082/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1998050] [NEW] package firefox 107.0+build2-0ubuntu0.20.04.1 failed to install/upgrade: new firefox package pre-installation script subprocess returned error exit status 1
Public bug reported: Here's the apt upgrade output: me@host:~$ sudo apt install firefox [sudo] password for me: Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: libgdk-pixbuf-xlib-2.0-0 libgdk-pixbuf2.0-0 xul-ext-ubufox Use 'sudo apt autoremove' to remove them. The following packages will be upgraded: firefox 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/72.3 kB of archives. After this operation, 210 MB disk space will be freed. Preconfiguring packages ... (Reading database ... 221702 files and directories currently installed.) Preparing to unpack .../firefox_1%3a1snap1-0ubuntu2_arm64.deb ... => Installing the firefox snap ==> Checking connectivity with the snap store ==> Installing the firefox snap error: cannot perform the following tasks: - Run hook connect-plug-host-hunspell of snap "firefox" (run hook "connect-plug-host-hunspell": cannot perform operation: mount --bind /snap/core20/current/etc/nsswitch.conf /tmp/s nap.rootfs_yMyxE3/etc/nsswitch.conf: Permission denied) dpkg: error processing archive /var/cache/apt/archives/firefox_1%3a1snap1-0ubuntu2_arm64.deb (--unpack): new firefox package pre-installation script subprocess returned error exit status 1 Please restart all running instances of firefox, or you will experience problems. Errors were encountered while processing: /var/cache/apt/archives/firefox_1%3a1snap1-0ubuntu2_arm64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) ProblemType: Package DistroRelease: Ubuntu 22.04 Package: firefox 107.0+build2-0ubuntu0.20.04.1 Uname: Linux 4.9.333-86 aarch64 AddonCompatCheckDisabled: False ApportVersion: 2.20.11-0ubuntu27.25 Architecture: arm64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: lightdm3473 F pulseaudio chombier 3649 F pulseaudio BuildID: 20221110173214 CasperMD5CheckResult: skip Channel: Unavailable Date: Sun Nov 27 13:34:58 2022 ErrorMessage: new firefox package pre-installation script subprocess returned error exit status 1 ForcedLayersAccel: False IfupdownConfig: # ifupdown has been replaced by netplan(5) on this system. See # /etc/netplan for current configuration. # To re-enable ifupdown on this system, you can run: #sudo apt install ifupdown IpRoute: default via 192.168.1.1 dev eth0 proto dhcp metric 100 169.254.0.0/16 dev eth0 scope link metric 1000 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.49 metric 100 Lspci: NoProfiles: True PciNetwork: PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No PulseAudio daemon running, or not running as session daemon. Python3Details: /usr/bin/python3.10, Python 3.10.6, python3-minimal, 3.10.6-1~22.04 PythonDetails: N/A RelatedPackageVersions: dpkg 1.21.1ubuntu2.1 apt 2.4.8 RunningIncompatibleAddons: False SourcePackage: firefox Title: package firefox 107.0+build2-0ubuntu0.20.04.1 failed to install/upgrade: new firefox package pre-installation script subprocess returned error exit status 1 UpgradeStatus: Upgraded to jammy on 2022-11-27 (0 days ago) ** Affects: firefox (Ubuntu) Importance: Undecided Status: New ** Tags: apport-package arm64 jammy need-duplicate-check -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1998050 Title: package firefox 107.0+build2-0ubuntu0.20.04.1 failed to install/upgrade: new firefox package pre-installation script subprocess returned error exit status 1 Status in firefox package in Ubuntu: New Bug description: Here's the apt upgrade output: me@host:~$ sudo apt install firefox [sudo] password for me: Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: libgdk-pixbuf-xlib-2.0-0 libgdk-pixbuf2.0-0 xul-ext-ubufox Use 'sudo apt autoremove' to remove them. The following packages will be upgraded: firefox 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/72.3 kB of archives. After this operation, 210 MB disk space will be freed. Preconfiguring packages ... (Reading database ... 221702 files and directories currently installed.) Preparing to unpack .../firefox_1%3a1snap1-0ubuntu2_arm64.deb ... => Installing the firefox snap ==> Checking connectivity with the snap store ==> Installing the firefox snap error: cannot perform the following tasks: - Run hook connect-plug-host-hunspell of snap "firefox" (run hook "connect-plug-host-hunspell": cannot perform operation: mount --bind /snap/core20/current/etc/nsswitch.conf /tmp/s nap.rootfs_yMyxE3/etc/nsswitch.conf: Permission denied) dpkg: error processing archive /var/cache/apt/archives
[Desktop-packages] [Bug 1995311] [NEW] seahorse-nautilus not working on ubuntu 22.10
Public bug reported: impossible to install seahorse-nautilus on ubuntu 22.10 so I cannot encrypt/decrypt files (except with line commands) ** Affects: nautilus (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to nautilus in Ubuntu. https://bugs.launchpad.net/bugs/1995311 Title: seahorse-nautilus not working on ubuntu 22.10 Status in nautilus package in Ubuntu: New Bug description: impossible to install seahorse-nautilus on ubuntu 22.10 so I cannot encrypt/decrypt files (except with line commands) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/1995311/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1993154] Re: Sane genesys 1.0.29 and later drive HP Scanjet 3670 motor beyond limits
Log file for A4 scan in "Image" mode with libsane-genesys.so.1.0.25 under Xenial ** Attachment added: "Log file for A4 scan in "Image" mode with libsane-genesys.so.1.0.25 under Xenial" https://bugs.launchpad.net/ubuntu/+source/sane-backends/+bug/1993154/+attachment/5624536/+files/sane-genesys-1.0.25-xenial-HP-scanjet-3670.log -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to sane-backends in Ubuntu. https://bugs.launchpad.net/bugs/1993154 Title: Sane genesys 1.0.29 and later drive HP Scanjet 3670 motor beyond limits Status in sane-backends package in Ubuntu: New Bug description: [Impact] When using scan-image with a HP ScanJet 3670 scanner under Xubuntu Jammy 22.04 at 300 dpi or more, the scanner motor is incorrectly driven by the driver: - when scanning an A4 page, the driver attempts to drive motor out of limits at the bottom of the page, resulting in a grinding sound. - the resulting image misses horizontal stripes. - the resulting image has an incorrect aspect ratio (it should be bigger in the vertical dimension). This doesn't happen under Xubuntu Xenial 16.04 (64 bit). This is a serious regression. [Test case] - install Xubuntu Jammy - install sane package - install flatbed scanner HP ScanJet 3670 - run Document Scanner in "Image" mode with default parameters (resulting in a full-size, color, 300 dpi scan) - check scanner noise at bottom of document and resulting image [Analysis] Genesys driver under Jammy is libsane-genesys.so.1.1.1 Genesys driver under Xenial is libsane-genesys.so.1.0.25 This library has been entirely changed between releases 1.0.28 (which is written in C) and 1.0.29 (which has been relocated in its own subdir and is written in C++). When libsane-genesys.so.1.0.25 is copied to Jammy environment and symlink libsane-genesys.so.1 is adjusted to make it point at this file, the problem disappears entirely, the scanner works as expected and the resulting image is fine. When libsane-genesys.so.1.0.29 is copied to Jammy environment and symlink libsane-genesys.so.1 is adjusted to make it point at this file, the problem appears again. Please note that other files haven't been modified and belong to Jammy's version 1.1.1. Therefore, it is likely that something has been broken between versions 1.0.28 and 1.0.29 of libsane-genesys.so, when converting its sources from C to C++. [Details] OS version: Ubuntu 22.04.1 LTS Packages versions: libsane1 1.1.1-5 Log file attached for Jammy case (will attach Xenial case in a later step if possible). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sane-backends/+bug/1993154/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1993154] [NEW] Sane genesys 1.0.29 and later drive HP Scanjet 3670 motor beyond limits
Public bug reported: [Impact] When using scan-image with a HP ScanJet 3670 scanner under Xubuntu Jammy 22.04 at 300 dpi or more, the scanner motor is incorrectly driven by the driver: - when scanning an A4 page, the driver attempts to drive motor out of limits at the bottom of the page, resulting in a grinding sound. - the resulting image misses horizontal stripes. - the resulting image has an incorrect aspect ratio (it should be bigger in the vertical dimension). This doesn't happen under Xubuntu Xenial 16.04 (64 bit). This is a serious regression. [Test case] - install Xubuntu Jammy - install sane package - install flatbed scanner HP ScanJet 3670 - run Document Scanner in "Image" mode with default parameters (resulting in a full-size, color, 300 dpi scan) - check scanner noise at bottom of document and resulting image [Analysis] Genesys driver under Jammy is libsane-genesys.so.1.1.1 Genesys driver under Xenial is libsane-genesys.so.1.0.25 This library has been entirely changed between releases 1.0.28 (which is written in C) and 1.0.29 (which has been relocated in its own subdir and is written in C++). When libsane-genesys.so.1.0.25 is copied to Jammy environment and symlink libsane-genesys.so.1 is adjusted to make it point at this file, the problem disappears entirely, the scanner works as expected and the resulting image is fine. When libsane-genesys.so.1.0.29 is copied to Jammy environment and symlink libsane-genesys.so.1 is adjusted to make it point at this file, the problem appears again. Please note that other files haven't been modified and belong to Jammy's version 1.1.1. Therefore, it is likely that something has been broken between versions 1.0.28 and 1.0.29 of libsane-genesys.so, when converting its sources from C to C++. [Details] OS version: Ubuntu 22.04.1 LTS Packages versions: libsane1 1.1.1-5 Log file attached for Jammy case (will attach Xenial case in a later step if possible). ** Affects: sane-backends (Ubuntu) Importance: Undecided Status: New ** Attachment added: "Log file for A4 scan in "Image" mode with libsane-genesys.so.1.1.1" https://bugs.launchpad.net/bugs/1993154/+attachment/5624535/+files/sane-genesys-1.1.1-jammy-HP-scanjet-3670.log -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to sane-backends in Ubuntu. https://bugs.launchpad.net/bugs/1993154 Title: Sane genesys 1.0.29 and later drive HP Scanjet 3670 motor beyond limits Status in sane-backends package in Ubuntu: New Bug description: [Impact] When using scan-image with a HP ScanJet 3670 scanner under Xubuntu Jammy 22.04 at 300 dpi or more, the scanner motor is incorrectly driven by the driver: - when scanning an A4 page, the driver attempts to drive motor out of limits at the bottom of the page, resulting in a grinding sound. - the resulting image misses horizontal stripes. - the resulting image has an incorrect aspect ratio (it should be bigger in the vertical dimension). This doesn't happen under Xubuntu Xenial 16.04 (64 bit). This is a serious regression. [Test case] - install Xubuntu Jammy - install sane package - install flatbed scanner HP ScanJet 3670 - run Document Scanner in "Image" mode with default parameters (resulting in a full-size, color, 300 dpi scan) - check scanner noise at bottom of document and resulting image [Analysis] Genesys driver under Jammy is libsane-genesys.so.1.1.1 Genesys driver under Xenial is libsane-genesys.so.1.0.25 This library has been entirely changed between releases 1.0.28 (which is written in C) and 1.0.29 (which has been relocated in its own subdir and is written in C++). When libsane-genesys.so.1.0.25 is copied to Jammy environment and symlink libsane-genesys.so.1 is adjusted to make it point at this file, the problem disappears entirely, the scanner works as expected and the resulting image is fine. When libsane-genesys.so.1.0.29 is copied to Jammy environment and symlink libsane-genesys.so.1 is adjusted to make it point at this file, the problem appears again. Please note that other files haven't been modified and belong to Jammy's version 1.1.1. Therefore, it is likely that something has been broken between versions 1.0.28 and 1.0.29 of libsane-genesys.so, when converting its sources from C to C++. [Details] OS version: Ubuntu 22.04.1 LTS Packages versions: libsane1 1.1.1-5 Log file attached for Jammy case (will attach Xenial case in a later step if possible). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sane-backends/+bug/1993154/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1973441] Re: Printing does not work on Ubuntu 22.04 - cups-pki-invalid
One more confirmation: deleting the certificate on the client computer also worked for me.Thanks a lot to Samie ! Canon printer. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1973441 Title: Printing does not work on Ubuntu 22.04 - cups-pki-invalid Status in cups package in Ubuntu: Confirmed Bug description: After upgrading to 22.04 printing did not work. There is cups-pki- invalid error and printer goes to paused state. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: cups 2.4.1op1-1ubuntu4 Uname: Linux 5.17.7-051707-generic x86_64 ApportVersion: 2.20.11-0ubuntu82 Architecture: amd64 CasperMD5CheckResult: pass CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log' CurrentDesktop: ubuntu:GNOME Date: Sun May 15 15:34:47 2022 EcryptfsInUse: Yes InstallationDate: Installed on 2021-10-12 (214 days ago) InstallationMedia: Ubuntu 21.10 "Impish Indri" - Daily amd64 (20211010) Lpstat: device for HP_Color_LaserJet_M552_5F80BF: implicitclass://HP_Color_LaserJet_M552_5F80BF/ MachineType: ASUSTeK COMPUTER INC. ROG Strix G513QY_G513QY Papersize: a4 PpdFiles: Error: command ['fgrep', '-H', '*NickName', '/etc/cups/ppd/HP_Color_LaserJet_M552_5F80BF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/HP_Color_LaserJet_M552_5F80BF.ppd: Permission denied ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.17.7-051707-generic root=UUID=ff964c9b-ce92-4334-8759-9d785a262c60 ro rootflags=subvol=@ quiet splash vt.handoff=7 SourcePackage: cups UpgradeStatus: Upgraded to jammy on 2022-04-24 (21 days ago) dmi.bios.date: 03/29/2022 dmi.bios.release: 5.19 dmi.bios.vendor: American Megatrends International, LLC. dmi.bios.version: G513QY.318 dmi.board.asset.tag: ATN12345678901234567 dmi.board.name: G513QY dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: 1.0 dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 10 dmi.chassis.vendor: ASUSTeK COMPUTER INC. dmi.chassis.version: 1.0 dmi.ec.firmware.release: 0.81 dmi.modalias: dmi:bvnAmericanMegatrendsInternational,LLC.:bvrG513QY.318:bd03/29/2022:br5.19:efr0.81:svnASUSTeKCOMPUTERINC.:pnROGStrixG513QY_G513QY:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnG513QY:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0:sku: dmi.product.family: ROG Strix dmi.product.name: ROG Strix G513QY_G513QY dmi.product.version: 1.0 dmi.sys.vendor: ASUSTeK COMPUTER INC. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1973441/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982347] Re: Username is case sensitive when applying policies on login
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982347 Title: Username is case sensitive when applying policies on login Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] When logging in (either via login or ssh) to an AD account using different case combinations, adsysd uses the specified account name instead of the lowercase one reported by getent/whoami to apply the GPOs. I believe this comes from the pam_get_item call here: https://github.com/ubuntu/adsys/blob/e3316e5e37970a07f09fa6df553ddac096c91255/pam/pam_adsys.c#L266 This works but has the unintended side effect of producing multiple dconf profile files for each variant of the username, and caching policies as well: root@ubuntu2204:~# ls /etc/dconf/profile/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz root@ubuntu2204:~# ls /var/cache/adsys/policies/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz Of course this all stems from the username retrieved by PAM so there might be more unintended side-effects, the dconf one being the easiest to observe. To ensure an unified experience, when a target name is normalized from e.g. DOMAIN\User to User@DOMAIN, it will also be lowercased. [Test Plan] Reproduction: * With adsys set up, log in on the Ubuntu client using an AD account, alternating cases * Observe multiple files created at /var/cache/adsys/policies With the fix applied, remove *all* cached policies at /var/cache/adsys/policies and attempt to login with different case combinations of the AD account, e.g.: administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz As root, check the contents of /var/cache/adsys/policies - you should only see a lowercase entry: administra...@warthogs.biz [Where problems could occur] Target name normalization is exercised by the code that dumps policies applied for a given user, and by the code that updates or creates a policy for a given user. If this happens to cause a bug, it will render the core part of adsys unusable. We believe this is highly unlikely given that in some cases, adsys already used the lowercase variant of the username to apply and display policies. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/378 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982347/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982348] Re: Describe if a key requires an Ubuntu Pro subscription
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982348 Title: Describe if a key requires an Ubuntu Pro subscription Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] Before applying policies, adsys checks for the existence of an Ubuntu Pro subscription. If not found, all keys with the exception of dconf keys are filtered, as they require Ubuntu Pro. Annotate the generated ADMX/ADML files with this information. [Test Plan] * Open the Group Policy Management Editor * Navigate to User Configuration > Administrative Templates > Ubuntu > Session Management > User Scripts > Logoff scripts * The description should contain the following line: An Ubuntu Pro subscription on the client is required to apply this policy. [Where problems could occur] This is a purely visual change that only impacts generated XML files. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/377 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982348/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982349] Re: Manage energy profile settings
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982349 Title: Manage energy profile settings Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] Adsys cannot currently manage GSettings power management keys, such as: /org/gnome/settings-daemon/plugins/power/ambient-enabled /org/gnome/settings-daemon/plugins/power/idle-brightness /org/gnome/settings-daemon/plugins/power/idle-dim /org/gnome/settings-daemon/plugins/power/lid-close-ac-action /org/gnome/settings-daemon/plugins/power/lid-close-battery-action /org/gnome/settings-daemon/plugins/power/lid-close-suspend-with-external-monitor /org/gnome/settings-daemon/plugins/power/power-button-action /org/gnome/settings-daemon/plugins/power/power-saver-profile-on-low-battery /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-type /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type [Test Plan] * Open the Group Policy Management Editor for a configured policy * Navigate to Computer Configuration > Administrative Templates > Ubuntu > Client management > Power Management * Double click on the last entry: Whether to hibernate ... * Enable it, set the value to "hibernate" * On a client with adsys, while connected on an AD account, run sudo adsysctl update -m -vv * Observe the logs that indicate the parsing of the dconf key: DEBUG Analyzing entry {Key:org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type Value:hibernate Disabled:false Meta:s Strategy: Err:} * Observe the output of the following command (it should print 'hibernate'): gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type [Where problems could occur] This code is located in the dconf policy application manager and restricted to it. The negative impact in case of a new bug will be seen by gsettings key not being applied. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/135 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982349/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982351] Re: [SRU] Backport adsys-windows binary package
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982351 Title: [SRU] Backport adsys-windows binary package Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: As part of our entreprise desktop offering, there is the request to backport the adsys-windows binary package to 20.04 LTS and 22.04 LTS. ADSys is our Active Directory GPO integration. It’s available starting Ubuntu 21.04. adsys-windows contains Windows-specific files including a Windows executable (the Active Directory Watch Daemon), and XML files (ADMX/ADML) that are to be used solely on Windows. The package is provided as a safe way for Windows administrators to source the required adsys files that are needed on Windows. [Impact] * adsys-windows is a new binary package. Impact is thus only for people installing. * This is a enterprise feature requested by desktop customers running LTS. [Test Plan] 1. Install the adsys-windows package 2. Copy the adwatchd.exe executable from /usr/share/adsys/windows on a Windows machine and run it: 3. Set a path where the configuration file will be written 4. Input a list of policy scripts directories to be watched The executable will then install itself as a Windows Service and start monitoring the given directories for changes. Whenever it notices a change it will attempt to bump the version in the GPT.INI file at the root of the watched directory. If a GPT.INI is not found, the daemon will create one. For more information refer to the documentation at: https://github.com/ubuntu/adsys/wiki/11.-Active-Directory-Watch-Daemon [Where problems could occur] * As this is a separate, versioned, new package, no impact on existing installations. * Moreover the package has no files that are used in any way on Linux. It's just data to be copied on Windows machines. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982351/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982330] Re: Cannot apply policies from uppercase class path like "MACHINE"
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982330 Title: Cannot apply policies from uppercase class path like "MACHINE" Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] ADSys cannot update GPOs on Jammy Jellyfish 22.04 because of misnamed folders. adsysctl expects the folders to be title cased (e.g. Machine), but they are uppercase (e.g. MACHINE). This prevents any GPOs from being applied. This is a common occurence with GPOs created by Microsoft, like the Default Domain Policy. [Test Plan] Reproduction: * Mark the Default Domain Policy as active for the client, and set some Ubuntu policy entries. * Restart and/or manually sync the client machine. * Observe the log message indicating that parsing the GPO failed: Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory * Observe that the Ubuntu policies were not applied. To confirm the bug is fixed, repeat the steps above after applying the fix, and the policies should be applied. [Where problems could occur] * Fixing this bug will allow adsys to parse, and possibly fail when applying policies from an uppercase path, whereas before it silently ignored them. Fixes for these potential bugs have also been submitted. [Other Info] The issue was initially reported on GitHub: https://github.com/ubuntu/adsys/issues/346 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982330/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982342] Re: Cannot parse policies with empty values
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982342 Title: Cannot parse policies with empty values Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] In addition to empty data, some Microsoft policy entries happen to have empty values as well. See the following entry: // [key;value;type;size;data] : 5052 6567 0100 5b00 5300 6f00 6600 PReg[.S.o.f. 0010: 7400 7700 6100 7200 6500 5c00 5000 6f00 t.w.a.r.e.\.P.o. 0020: 6c00 6900 6300 6900 6500 7300 5c00 4d00 l.i.c.i.e.s.\.M. 0030: 6900 6300 7200 6f00 7300 6f00 6600 7400 i.c.r.o.s.o.f.t. 0040: 5c00 5300 7900 7300 7400 6500 6d00 4300 \.S.y.s.t.e.m.C. 0050: 6500 7200 7400 6900 6600 6900 6300 6100 e.r.t.i.f.i.c.a. 0060: 7400 6500 7300 5c00 4100 4300 5200 5300 t.e.s.\.A.C.R.S. 0070: 5c00 4300 6500 7200 7400 6900 6600 6900 \.C.e.r.t.i.f.i. 0080: 6300 6100 7400 6500 7300 3b00 c.a.t.e.s...;... 0090: 3b00 3b00 3b00 5d00 ;.;.;.]. This fails hard when parsing, returning an `empty value` error, rendering the remaining policies unparsable. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu does not support policy entries with empty values, we must still be able to parse them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/386 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982342/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982343] Re: Cannot parse policy entries with unsupported types
** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982343 Title: Cannot parse policy entries with unsupported types Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] Policies with unsupported types are currently unable to be parsed. Even if Ubuntu doesn't support these types we should still be able to parse the Microsoft ones - otherwise we are unable to apply any of the GPOs. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu supports a limited subset of types, we must still be able to parse all of them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/387 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982343/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982345] Re: Cannot parse policy entries with no data
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982345 Title: Cannot parse policy entries with no data Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] The Default Domain Policy for Computers has a bunch of SystemCertificates keys with no data which adsys fails to parse. Here are some examples: Software\Policies\Microsoft\SystemCertificates\ACRS\Certificates Software\Policies\Microsoft\SystemCertificates\ACRS\CRLs Software\Policies\Microsoft\SystemCertificates\ACRS\CTLs Software\Policies\Microsoft\SystemCertificates\CA\Certificates Software\Policies\Microsoft\SystemCertificates\CA\CRLs Software\Policies\Microsoft\SystemCertificates\CA\CTLs Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs Software\Policies\Microsoft\SystemCertificates\DPNGRA\Certificates When examined with a hex editor, these look like the following: : 5052 6567 0100 5b00 5300 6f00 6600 PReg[.S.o.f. 0010: 7400 7700 6100 7200 6500 5c00 5000 6f00 t.w.a.r.e.\.P.o. 0020: 6c00 6900 6300 6900 6500 7300 5c00 4d00 l.i.c.i.e.s.\.M. 0030: 6900 6300 7200 6f00 7300 6f00 6600 7400 i.c.r.o.s.o.f.t. 0040: 5c00 5300 7900 7300 7400 6500 6d00 4300 \.S.y.s.t.e.m.C. 0050: 6500 7200 7400 6900 6600 6900 6300 6100 e.r.t.i.f.i.c.a. 0060: 7400 6500 7300 5c00 4100 4300 5200 5300 t.e.s.\.A.C.R.S. 0070: 5c00 4300 6500 7200 7400 6900 6600 6900 \.C.e.r.t.i.f.i. 0080: 6300 6100 7400 6500 7300 3b00 c.a.t.e.s...;... 0090: 3b00 3b00 3b00 5d00 ;.;.;.]. The last field of the [key;value;type;size;data] stanza is entirely empty (semicolon succeeded immediately by a closing brace) whereas we expect a null character. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu does not have policy entries with no data, we must still be able to parse all of them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy for Computers on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/384 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982345/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1973748] Re: Updating any gsettings key makes user dconf database unreadable
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1973748 Title: Updating any gsettings key makes user dconf database unreadable Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Released Bug description: [Impact] Changing any gsettings key in AD resulted in user databases under /etc/dconf, owned by root, with 0600 as permissions. This change was done late in the cycle after passing some permissions checkers to harden the binaries. However, in that case, the user databases needs to be readable by the users so that they can apply those values, so we need to align with ibus profile and makes them 644. [Test case] * Change a gsettings key under AD, like picture-uri one. * Login on the Ubuntu laptop connected with AD by adsys * The background should now be changed to the set value. [Where problems could occur] This code is located in the dconf policy application manager and restricted to it. The negative impact in case of a new bug will be seen by gsettings key not being applied as it is already nowdays. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1973748/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1973751] Re: Machines or Users scripts are not executed
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1973751 Title: Machines or Users scripts are not executed Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Released Bug description: [Impact] Machine and user scripts are not executed on startup/shutdown/login/logoff. /run has been recently changed to be noexec on jammy. Ensure that we can execute the scripts in /run/adsys subdirectories. The scripts mecanism has been reviewed by the security team, so we can reset them as executable. [Test case] * Setup some scripts under AD to be executed, one for machine scripts (on startup), one for user scripts (on login). Those scripts can create some temporary files under /tmp for instance. * Reboot and login on the Ubuntu laptop connected with AD by adsys, with ua attached * Check that the scripts were executed by testing that the created file under /tmp are present. [Where problems could occur] This is technically a new .mount systemd unit service which takes the same mount option than /run, but don’t set noexec. The setup is similar than qemu .mount unit for instance. Worst impact could be that the script policy manager can’t run the scripts as it is already the case today. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1973751/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1973752] Re: Fix privilege permission which can not be set to disabled
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1973752 Title: Fix privilege permission which can not be set to disabled Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Released Bug description: [Impact] Disallowing local administrator does not work as excepted: - on some AD server, setting in the UI this key (and some other similars) to disabled, go to next GPO rule, then back to this one, AD will display the key as enabled. - on the client machine, we can see that the key has no state and nothing is forcibly allowed or disallowed. [Test case] * Install the new admx/adml with this version on the AD server. * On AD, go to disallow local administator, set it to disabled * Go to next GPO rules and then go back * The rule should still be disabled. * On an Ubuntu machine connected with AD by adsys, with ua attached, force a machine refresh with adsysctl policy update -m. * Check in adsysctl policy applied --all that the key is displayed as disabled * Confirm that no local administrator (part of the sudo group) can run "sudo". [Where problems could occur] The privilege manager and other policies impacts both Windows and client: - on Windows, this is in the admx/adml are statically generated and then shipped as thus. There is no runtime exercising this. The consequence of those generated files to be invalid is that Windows AD server will not show up "Ubuntu" in its GPO template. - on the client, the privilege manager is the main consumer of those disabled key types. The other kinds of keys are not impacted. [Additional informations] * New test cases have been added for the client part. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1973752/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1961459] Re: adsys pam issues
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1961459 Title: adsys pam issues Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Bug description: [Impact] Memory leaks in adsys pam modules. [Test Plan] 1. Install SRU version of adsys 2. Login as an user 3. Ensure that you can still login successfully. [Where problems could occur] Login can be disabled due to the PAM module crashing. There is only one code path leading to that, so easy to detect. -- These may not be security issues but it's possible I overlooked something; since they live in a security boundary I thought it worth reporting with a bit of hassle. If you'd rather work on this in the open, feel free to open this. pam_adsys.c update_policy() arggv leak in fork() failure pam_adsys.c update_machine_policy() arggv leak in fork() failure pam_adsys.c update_machine_policy() -- status != 0 looks like it ought to work but I don't think that's how that API is supposed to be used pam_adsys.c pam_sm_open_session() -- gethostname() indentation is funny Thanks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1961459/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1961458] Re: chown of script directory and contents
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1961458 Title: chown of script directory and contents Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Bug description: [Impact] Potential security issues in ApplyPolicy due to race when scripts are enabled. [Test Plan] 1. Attach your machine to Ubuntu Advantage to get script support. 2. Add a script to one GPO for user login/logout 3. Login as an user, starting a new user session (no session should be currently running for that given user). 4. Check the permissions are following what is described from the discussion below. [Where problems could occur] Script support was added recently, and it needs Ubuntu Advantage enablement to be activated. However, to this day, there is still no official ubuntu-advantage-desktop-daemon packaged on focal. ./internal/policies/scripts/scripts.go ApplyPolicy() unsafe owner changes: Changing the scripts directory owner allows any user processes to create symbolic links within, and then they can take ownership of any file on writable mounts. If the files must be owned by the user, the best way is to switch to the user's uid before creating the files. fchown(2) of the file descriptor before closing it should also work. I lose track of what's happening around the "Running machine startup scripts" -- it looks to me like adsys is also *executing* the scripts that were moments ago given to the user to modify. It is not safe for root to run user-owned files. Does the user *have* to own the directory and scripts? Thanks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1961458/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1962510] Re: failing tests with new sssd, blocks python3-defaults
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1962510 Title: failing tests with new sssd, blocks python3-defaults Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Bug description: [Impact] Fix some flaky tests to ensure that future SRUs are easier to release [Test Plan] 1. Have the package build (tests are running) and that DEP8 tests are passing. [Where problems could occur] The fix is only impacting some tests that were flaky and asking for a rerun. Fixes are only located in this test code to make them more reliable and less racy, even in VM environments. - adsys has failing autopkgtests on armhf. Demoting the package to -proposed to unblock the python3-defaults transition. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1962510/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1962170] Re: DEP8 failure with samba 4.15.5
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1962170 Title: DEP8 failure with samba 4.15.5 Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Bug description: [Impact] Tests are failing with the samba version in jammy. We want people using focal be able to upgrade to newer samba and still be compatible with adsys. [Test Plan] 1. Ensure that DEP8 tests are passing once uploaded to proposed and ready to be migrated [Where problems could occur] The functionalities failing are only on tests running (DEP8 or tests during package builds), but we want to be able to run our tests with newer versions of samba on focal too without regressing existing testsuite. -- The DEP8 tests of adsys started to fail[1] with my samba 4.15.5 upload. Some hints: ahasenack: it seems we can’t start our smbd local daemon to simulate Active Directory smb server ahasenack: yeah, I’m puzzled because on smbd start failure, we do print stderr (not stdout though): https://github.com/ubuntu/adsys/blob/main/internal/testutils/samba.go#L16 https://github.com/ubuntu/adsys/blob/main/internal/testutils/samba.go#L43 in particular you can see here how we start it: https://github.com/ubuntu/adsys/blob/main/internal/testutils/samba.go#L21 and the config template is at https://github.com/ubuntu/adsys/blob/20e6f962eb87f667f5e29800be0715ab2496a10d/internal/testutils/samba.go#L55 2022/02/24 03:13:59 Setup: smbd hasn’t started successfully that's here: https://github.com/ubuntu/adsys/blob/main/internal/testutils/samba.go#L129 you wait for the port to be open? which port is that, 445/tcp? we wait on the port to be opened, and this one is passed as a parameter, see the template. For the argument we pass in ad tests, once sec, looking 1446 https://github.com/ubuntu/adsys/blob/20e6f962eb87f667f5e29800be0715ab2496a10d/cmd/integration_tests/adsys_test.go#L47 you just need to run go test . in internal/ad/ the failure is as the pre-test setup 1. https://autopkgtest.ubuntu.com/results/autopkgtest- jammy/jammy/amd64/a/adsys/20220224_031434_4d453@/log.gz To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1962170/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1973745] Re: adsys windows admx/adml lts only does not include 22.04
Verified successfully on Focal with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1973745 Title: adsys windows admx/adml lts only does not include 22.04 Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Released Bug description: [Impact] Due to some misunterpretation in how the launchpad API works when listing lts only, 22.04 was not included there by the admx/adml files generated by CI. Consequently, when those files are deployed on Windows AD server with LTS only templates, this one is not listed. [Test Plan] * Deploy the admx/adml generated for "LTS Only" use cases on an AD server * Open any GPO rule like changing the background * Ensure there is an "Override for 22.04" entry. [Where problems could occur] Those files are statically generated and then shipped as thus. There is no runtime exercising this. The consequence of those generated files to be invalid is that Windows AD server will not show up "Ubuntu" in its GPO template. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1973745/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982330] Re: Cannot apply policies from uppercase class path like "MACHINE"
SRU Verification done successfully on Jammy with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982330 Title: Cannot apply policies from uppercase class path like "MACHINE" Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] ADSys cannot update GPOs on Jammy Jellyfish 22.04 because of misnamed folders. adsysctl expects the folders to be title cased (e.g. Machine), but they are uppercase (e.g. MACHINE). This prevents any GPOs from being applied. This is a common occurence with GPOs created by Microsoft, like the Default Domain Policy. [Test Plan] Reproduction: * Mark the Default Domain Policy as active for the client, and set some Ubuntu policy entries. * Restart and/or manually sync the client machine. * Observe the log message indicating that parsing the GPO failed: Policy "Default Domain Policy" doesn't have any policy for class "user" open /var/cache/adsys/sysvol/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/User/Registry.pol: no such file or directory * Observe that the Ubuntu policies were not applied. To confirm the bug is fixed, repeat the steps above after applying the fix, and the policies should be applied. [Where problems could occur] * Fixing this bug will allow adsys to parse, and possibly fail when applying policies from an uppercase path, whereas before it silently ignored them. Fixes for these potential bugs have also been submitted. [Other Info] The issue was initially reported on GitHub: https://github.com/ubuntu/adsys/issues/346 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982330/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982348] Re: Describe if a key requires an Ubuntu Pro subscription
SRU Verification done successfully on Jammy with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982348 Title: Describe if a key requires an Ubuntu Pro subscription Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] Before applying policies, adsys checks for the existence of an Ubuntu Pro subscription. If not found, all keys with the exception of dconf keys are filtered, as they require Ubuntu Pro. Annotate the generated ADMX/ADML files with this information. [Test Plan] * Open the Group Policy Management Editor * Navigate to User Configuration > Administrative Templates > Ubuntu > Session Management > User Scripts > Logoff scripts * The description should contain the following line: An Ubuntu Pro subscription on the client is required to apply this policy. [Where problems could occur] This is a purely visual change that only impacts generated XML files. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/377 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982348/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982342] Re: Cannot parse policies with empty values
SRU Verification done successfully on Jammy with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982342 Title: Cannot parse policies with empty values Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] In addition to empty data, some Microsoft policy entries happen to have empty values as well. See the following entry: // [key;value;type;size;data] : 5052 6567 0100 5b00 5300 6f00 6600 PReg[.S.o.f. 0010: 7400 7700 6100 7200 6500 5c00 5000 6f00 t.w.a.r.e.\.P.o. 0020: 6c00 6900 6300 6900 6500 7300 5c00 4d00 l.i.c.i.e.s.\.M. 0030: 6900 6300 7200 6f00 7300 6f00 6600 7400 i.c.r.o.s.o.f.t. 0040: 5c00 5300 7900 7300 7400 6500 6d00 4300 \.S.y.s.t.e.m.C. 0050: 6500 7200 7400 6900 6600 6900 6300 6100 e.r.t.i.f.i.c.a. 0060: 7400 6500 7300 5c00 4100 4300 5200 5300 t.e.s.\.A.C.R.S. 0070: 5c00 4300 6500 7200 7400 6900 6600 6900 \.C.e.r.t.i.f.i. 0080: 6300 6100 7400 6500 7300 3b00 c.a.t.e.s...;... 0090: 3b00 3b00 3b00 5d00 ;.;.;.]. This fails hard when parsing, returning an `empty value` error, rendering the remaining policies unparsable. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu does not support policy entries with empty values, we must still be able to parse them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/386 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982342/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982347] Re: Username is case sensitive when applying policies on login
SRU Verification done successfully on Jammy with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982347 Title: Username is case sensitive when applying policies on login Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] When logging in (either via login or ssh) to an AD account using different case combinations, adsysd uses the specified account name instead of the lowercase one reported by getent/whoami to apply the GPOs. I believe this comes from the pam_get_item call here: https://github.com/ubuntu/adsys/blob/e3316e5e37970a07f09fa6df553ddac096c91255/pam/pam_adsys.c#L266 This works but has the unintended side effect of producing multiple dconf profile files for each variant of the username, and caching policies as well: root@ubuntu2204:~# ls /etc/dconf/profile/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz root@ubuntu2204:~# ls /var/cache/adsys/policies/ | grep -i administrator administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz Of course this all stems from the username retrieved by PAM so there might be more unintended side-effects, the dconf one being the easiest to observe. To ensure an unified experience, when a target name is normalized from e.g. DOMAIN\User to User@DOMAIN, it will also be lowercased. [Test Plan] Reproduction: * With adsys set up, log in on the Ubuntu client using an AD account, alternating cases * Observe multiple files created at /var/cache/adsys/policies With the fix applied, remove *all* cached policies at /var/cache/adsys/policies and attempt to login with different case combinations of the AD account, e.g.: administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz administra...@warthogs.biz As root, check the contents of /var/cache/adsys/policies - you should only see a lowercase entry: administra...@warthogs.biz [Where problems could occur] Target name normalization is exercised by the code that dumps policies applied for a given user, and by the code that updates or creates a policy for a given user. If this happens to cause a bug, it will render the core part of adsys unusable. We believe this is highly unlikely given that in some cases, adsys already used the lowercase variant of the username to apply and display policies. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/378 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982347/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982345] Re: Cannot parse policy entries with no data
SRU Verification done successfully on Jammy with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982345 Title: Cannot parse policy entries with no data Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] The Default Domain Policy for Computers has a bunch of SystemCertificates keys with no data which adsys fails to parse. Here are some examples: Software\Policies\Microsoft\SystemCertificates\ACRS\Certificates Software\Policies\Microsoft\SystemCertificates\ACRS\CRLs Software\Policies\Microsoft\SystemCertificates\ACRS\CTLs Software\Policies\Microsoft\SystemCertificates\CA\Certificates Software\Policies\Microsoft\SystemCertificates\CA\CRLs Software\Policies\Microsoft\SystemCertificates\CA\CTLs Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs Software\Policies\Microsoft\SystemCertificates\DPNGRA\Certificates When examined with a hex editor, these look like the following: : 5052 6567 0100 5b00 5300 6f00 6600 PReg[.S.o.f. 0010: 7400 7700 6100 7200 6500 5c00 5000 6f00 t.w.a.r.e.\.P.o. 0020: 6c00 6900 6300 6900 6500 7300 5c00 4d00 l.i.c.i.e.s.\.M. 0030: 6900 6300 7200 6f00 7300 6f00 6600 7400 i.c.r.o.s.o.f.t. 0040: 5c00 5300 7900 7300 7400 6500 6d00 4300 \.S.y.s.t.e.m.C. 0050: 6500 7200 7400 6900 6600 6900 6300 6100 e.r.t.i.f.i.c.a. 0060: 7400 6500 7300 5c00 4100 4300 5200 5300 t.e.s.\.A.C.R.S. 0070: 5c00 4300 6500 7200 7400 6900 6600 6900 \.C.e.r.t.i.f.i. 0080: 6300 6100 7400 6500 7300 3b00 c.a.t.e.s...;... 0090: 3b00 3b00 3b00 5d00 ;.;.;.]. The last field of the [key;value;type;size;data] stanza is entirely empty (semicolon succeeded immediately by a closing brace) whereas we expect a null character. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu does not have policy entries with no data, we must still be able to parse all of them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy for Computers on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/384 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982345/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982351] Re: [SRU] Backport adsys-windows binary package
SRU Verification done successfully on Jammy with adsys 0.9.2~20.04 and verified on Windows Server 2019. Marking as verification-done ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982351 Title: [SRU] Backport adsys-windows binary package Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: As part of our entreprise desktop offering, there is the request to backport the adsys-windows binary package to 20.04 LTS and 22.04 LTS. ADSys is our Active Directory GPO integration. It’s available starting Ubuntu 21.04. adsys-windows contains Windows-specific files including a Windows executable (the Active Directory Watch Daemon), and XML files (ADMX/ADML) that are to be used solely on Windows. The package is provided as a safe way for Windows administrators to source the required adsys files that are needed on Windows. [Impact] * adsys-windows is a new binary package. Impact is thus only for people installing. * This is a enterprise feature requested by desktop customers running LTS. [Test Plan] 1. Install the adsys-windows package 2. Copy the adwatchd.exe executable from /usr/share/adsys/windows on a Windows machine and run it: 3. Set a path where the configuration file will be written 4. Input a list of policy scripts directories to be watched The executable will then install itself as a Windows Service and start monitoring the given directories for changes. Whenever it notices a change it will attempt to bump the version in the GPT.INI file at the root of the watched directory. If a GPT.INI is not found, the daemon will create one. For more information refer to the documentation at: https://github.com/ubuntu/adsys/wiki/11.-Active-Directory-Watch-Daemon [Where problems could occur] * As this is a separate, versioned, new package, no impact on existing installations. * Moreover the package has no files that are used in any way on Linux. It's just data to be copied on Windows machines. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982351/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982343] Re: Cannot parse policy entries with unsupported types
SRU Verification done successfully on Jammy with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982343 Title: Cannot parse policy entries with unsupported types Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] Policies with unsupported types are currently unable to be parsed. Even if Ubuntu doesn't support these types we should still be able to parse the Microsoft ones - otherwise we are unable to apply any of the GPOs. This is a common occurence on Microsoft's policies like the Default Domain Policy. Even if Ubuntu supports a limited subset of types, we must still be able to parse all of them in case a Group Policy has both Ubuntu and non-Ubuntu entries. [Test Plan] * Attempt to apply the Default Domain Policy on a client [Where problems could occur] Adsys already excluded non-Ubuntu keys before applying policies, so this change has no impact other than letting all policies be parsed. If an error occurs in parsing an Ubuntu entry, it will be surfaced before policies are applied instead of at parsing time. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/387 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982343/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1982349] Re: Manage energy profile settings
SRU Verification done successfully on Jammy with adsys 0.9.2~20.04. Marking as verification-done ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1982349 Title: Manage energy profile settings Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] Adsys cannot currently manage GSettings power management keys, such as: /org/gnome/settings-daemon/plugins/power/ambient-enabled /org/gnome/settings-daemon/plugins/power/idle-brightness /org/gnome/settings-daemon/plugins/power/idle-dim /org/gnome/settings-daemon/plugins/power/lid-close-ac-action /org/gnome/settings-daemon/plugins/power/lid-close-battery-action /org/gnome/settings-daemon/plugins/power/lid-close-suspend-with-external-monitor /org/gnome/settings-daemon/plugins/power/power-button-action /org/gnome/settings-daemon/plugins/power/power-saver-profile-on-low-battery /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-ac-type /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-timeout /org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type [Test Plan] * Open the Group Policy Management Editor for a configured policy * Navigate to Computer Configuration > Administrative Templates > Ubuntu > Client management > Power Management * Double click on the last entry: Whether to hibernate ... * Enable it, set the value to "hibernate" * On a client with adsys, while connected on an AD account, run sudo adsysctl update -m -vv * Observe the logs that indicate the parsing of the dconf key: DEBUG Analyzing entry {Key:org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-type Value:hibernate Disabled:false Meta:s Strategy: Err:} * Observe the output of the following command (it should print 'hibernate'): gsettings get org.gnome.settings-daemon.plugins.power sleep-inactive-battery-type [Where problems could occur] This code is located in the dconf policy application manager and restricted to it. The negative impact in case of a new bug will be seen by gsettings key not being applied. [Other Info] This issue was initially reported on GitHub at https://github.com/ubuntu/adsys/issues/135 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1982349/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1968522] Re: Remmina can't connect to windows 2008 R2
*** This bug is a duplicate of bug 1954970 *** https://bugs.launchpad.net/bugs/1954970 I just hit this bug and found out that a temporary working workaround is to edit your RDP connection in Remmina, go to the advanced settings tab, then in the negociated security protocol chose RDP security protocol. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to remmina in Ubuntu. https://bugs.launchpad.net/bugs/1968522 Title: Remmina can't connect to windows 2008 R2 Status in remmina package in Ubuntu: Confirmed Bug description: Remmina on Ubuntu 22.04 can't connect to windows server 2008 R2 error: Could not connect to the RDP server "***" via TLS. See the DEBUG traces for more information. Remmina Version: 1.4.25 (git n/a) i think remmina on ubuntu 22.04 doesn't support TLS 1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/remmina/+bug/1968522/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1971763] Re: www-browser is not satisfied by the default Firefox snap
** Also affects: firefox (Ubuntu) Importance: Undecided Status: New ** Changed in: firefox (Ubuntu) Status: New => Confirmed ** Changed in: firefox (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1971763 Title: www-browser is not satisfied by the default Firefox snap Status in firefox package in Ubuntu: Confirmed Status in gimp-help package in Ubuntu: Confirmed Bug description: When installing a package that has the virtual-package www-browser as a dependency, the Firefox snap is not taken into account. This leads to wslu being installed on Ubuntu 22.04 Desktop (notably when installing the GIMP translation packages), which breaks the ding desktop behaviour: https://bugs.launchpad.net/ubuntu/+source/wslu/+bug/1971757 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1971763/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1985304] Re: Update GNOME Shell to 42.4
I successfully verified gnome-shell42.4-0ubuntu0.22.04.1, in particular that extensions could be enabled/disabled, uninstalled/installed and are working as expected. I also performed some exploratory testing of the features that have been touched by this update didn't find any regression. Marking as verification-done. ** Tags removed: verification-needed verification-needed-jammy ** Tags added: verification-done verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-shell in Ubuntu. https://bugs.launchpad.net/bugs/1985304 Title: Update GNOME Shell to 42.4 Status in gnome-shell package in Ubuntu: Fix Released Status in gnome-shell source package in Jammy: Fix Committed Bug description: Impact -- There is a new bugfix release in the stable 42 series. https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/42.4/NEWS The version currently in Ubuntu 22.04.1 LTS is 42.2 Test Case 1 - sudo apt install gnome-session gnome-shell-extensions Install the update. Log out. Select your name on the login screen. Click the gear button to choose a session to log in to. Finish logging in. Verify that things continue to work well for all these sessions: GNOME GNOME Classic Ubuntu Ubuntu on Xorg Test Case 2 --- Because a GNOME Shell update years ago broke some GNOME Shell extensions, it's also requested that we do a basic test of all the extensions included in the Ubuntu repositories. https://discourse.ubuntu.com/t/removal-of-gnome-shell-extension-from- universe-and-stop-auto-syncs/18437/9 Install all the extensions. Log out and then log back in. Use one of the Extensions apps to enable all the extensions. Verify that they can all be enabled without showing an error. Verify that the basic functionality of each extension works as expected. What Could Go Wrong --- GNOME Shell is the heart of the Ubuntu desktop experience. A severe enough bug could mean that people are unable to use their desktop version of Ubuntu. Smaller bugs could interrupt people's workflows. GNOME Shell is included in the GNOME micro release exception https://wiki.ubuntu.com/StableReleaseUpdates/GNOME To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1985304/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1985128] Re: GDM fails to activate the login session in AWS Workspaces
Version 42.4-0ubuntu0.22.04.1 has been verified and fixes the issue. Marking as verification-done. ** Tags removed: verification-needed verification-needed-jammy ** Tags added: verification-done verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-shell in Ubuntu. https://bugs.launchpad.net/bugs/1985128 Title: GDM fails to activate the login session in AWS Workspaces Status in gnome-shell package in Ubuntu: Fix Released Status in gnome-shell source package in Jammy: Fix Committed Bug description: [Impact] This is the main error: Aug 05 18:05:39 ip-198-19-76-222 gdm3[837]: Gdm: GdmSession: conversation dcv-graphical-sso started more than once Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: _reportInitError dcv-graphical-sso Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: JS ERROR: Failed to start dcv-graphical-sso verification: Gio.DBusError: GDBus.Error:org.freedesktop.DBus.Error.Spawn.Failed: Could not create authentication > _promisify/proto[asyncFunc]/https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1985128/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1985128] Re: GDM fails to activate the login session in AWS Workspaces
** Description changed: - s We may get this error: - Aug 05 18:05:39 ip-198-19-76-222 gdm3[837]: Gdm: GdmSession: conversation dcv-graphical-sso started more than once Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: _reportInitError dcv-graphical-sso Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: JS ERROR: Failed to start dcv-graphical-sso verification: Gio.DBusError: GDBus.Error:org.freedesktop.DBus.Error.Spawn.Failed: Could not create authentication > _promisify/proto[asyncFunc]/ + _promisify/proto[asyncFunc]/https://bugs.launchpad.net/bugs/1985128 Title: GDM fails to activate the login session in AWS Workspaces Status in gnome-shell package in Ubuntu: Fix Released Status in gnome-shell source package in Jammy: In Progress Bug description: [Impact] This is the main error: Aug 05 18:05:39 ip-198-19-76-222 gdm3[837]: Gdm: GdmSession: conversation dcv-graphical-sso started more than once Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: _reportInitError dcv-graphical-sso Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: JS ERROR: Failed to start dcv-graphical-sso verification: Gio.DBusError: GDBus.Error:org.freedesktop.DBus.Error.Spawn.Failed: Could not create authentication > _promisify/proto[asyncFunc]/https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1985128/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1985128] Re: [SRU] Update gnome-shell to 42.4 in 22.04
** Description changed: [Impact] This is the current GNOME 42.4 stable update, including some fixes and translation updates. https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/gnome-42/NEWS [ Test case ] The update is part of GNOME stable updates https://wiki.ubuntu.com/StableReleaseUpdates/GNOME GNOME Shell and its components should continue working Ideally the verification should include checking those extensions before and after the update to ensure the SRU isn't creating regressions https://launchpadlibrarian.net/511426552/gse [ Regression potential ] + There have been fixes in various places: a11y features and ibus, OSK, various UI fixes, login and SSO, extension loading and updates, stylesheets, ** Description changed: [Impact] This is the current GNOME 42.4 stable update, including some fixes and translation updates. https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/gnome-42/NEWS [ Test case ] The update is part of GNOME stable updates https://wiki.ubuntu.com/StableReleaseUpdates/GNOME GNOME Shell and its components should continue working Ideally the verification should include checking those extensions before and after the update to ensure the SRU isn't creating regressions https://launchpadlibrarian.net/511426552/gse - [ Regression potential ] + [ What could go wrong ] There have been fixes in various places: a11y features and ibus, OSK, various UI fixes, login and SSO, extension loading and updates, stylesheets, ** Description changed: [Impact] This is the current GNOME 42.4 stable update, including some fixes and translation updates. https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/gnome-42/NEWS - [ Test case ] + [Test case] The update is part of GNOME stable updates https://wiki.ubuntu.com/StableReleaseUpdates/GNOME GNOME Shell and its components should continue working Ideally the verification should include checking those extensions before and after the update to ensure the SRU isn't creating regressions https://launchpadlibrarian.net/511426552/gse - [ What could go wrong ] + [Where problems could occur] There have been fixes in various places: a11y features and ibus, OSK, various UI fixes, login and SSO, extension loading and updates, stylesheets, ** Description changed: [Impact] This is the current GNOME 42.4 stable update, including some fixes and translation updates. https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/gnome-42/NEWS [Test case] The update is part of GNOME stable updates https://wiki.ubuntu.com/StableReleaseUpdates/GNOME GNOME Shell and its components should continue working Ideally the verification should include checking those extensions before and after the update to ensure the SRU isn't creating regressions https://launchpadlibrarian.net/511426552/gse [Where problems could occur] - There have been fixes in various places: a11y features and ibus, OSK, various UI fixes, login and SSO, extension loading and updates, stylesheets, + There have been fixes in various places: a11y features and ibus, OSK, various UI fixes, login and SSO, extension loading and updates, stylesheets. ** Description changed: [Impact] This is the current GNOME 42.4 stable update, including some fixes and translation updates. https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/gnome-42/NEWS [Test case] The update is part of GNOME stable updates https://wiki.ubuntu.com/StableReleaseUpdates/GNOME GNOME Shell and its components should continue working Ideally the verification should include checking those extensions before and after the update to ensure the SRU isn't creating regressions https://launchpadlibrarian.net/511426552/gse [Where problems could occur] - There have been fixes in various places: a11y features and ibus, OSK, various UI fixes, login and SSO, extension loading and updates, stylesheets. + There have been fixes in various places: a11y features and ibus, OSK, various UI fixes, login with realmd and SSO, extension loading and updates, stylesheets. ** Summary changed: - [SRU] Update gnome-shell to 42.4 in 22.04 + GDM fails to activate the login session in AWS Workspaces ** Description changed: - [Impact] - - This is the current GNOME 42.4 stable update, including some fixes and - translation updates. - - https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/gnome-42/NEWS - - [Test case] - - The update is part of GNOME stable updates - https://wiki.ubuntu.com/StableReleaseUpdates/GNOME - - GNOME Shell and its components should continue working - - Ideally the verification should include checking those extensions before and after the update to ensure the SRU isn't creating regressions - https://launchpadlibrarian.net/511426552/gse - - [Where problems could occur] - There have been fixes in various places: a11y features and ibus, OSK, various UI fixes, log
[Desktop-packages] [Bug 1985128] Re: [SRU] Update gnome-shell to 42.4 in 22.04
** Description changed: [Impact] This is the current GNOME 42.4 stable update, including some fixes and translation updates. https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/gnome-42/NEWS [ Test case ] The update is part of GNOME stable updates https://wiki.ubuntu.com/StableReleaseUpdates/GNOME GNOME Shell and its components should continue working Ideally the verification should include checking those extensions before and after the update to ensure the SRU isn't creating regressions https://launchpadlibrarian.net/511426552/gse [ Regression potential ] - - == Original Description == - GDM fails to activate the login session in AWS Workspaces - - We may get this error: - - Aug 05 18:05:39 ip-198-19-76-222 gdm3[837]: Gdm: GdmSession: conversation dcv-graphical-sso started more than once - Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: _reportInitError dcv-graphical-sso - Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: JS ERROR: Failed to start dcv-graphical-sso verification: Gio.DBusError: GDBus.Error:org.freedesktop.DBus.Error.Spawn.Failed: Could not create authentication > - _promisify/proto[asyncFunc]/https://bugs.launchpad.net/bugs/1985128 Title: [SRU] Update gnome-shell to 42.4 in 22.04 Status in gnome-shell package in Ubuntu: Fix Released Status in gnome-shell source package in Jammy: In Progress Bug description: [Impact] This is the current GNOME 42.4 stable update, including some fixes and translation updates. https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/gnome-42/NEWS [ Test case ] The update is part of GNOME stable updates https://wiki.ubuntu.com/StableReleaseUpdates/GNOME GNOME Shell and its components should continue working Ideally the verification should include checking those extensions before and after the update to ensure the SRU isn't creating regressions https://launchpadlibrarian.net/511426552/gse [ Regression potential ] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1985128/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1985128] Re: [SRU] Update gnome-shell to 42.4 in 22.04
** Description changed: + [Impact] + This is the current GNOME 42.4 stable update, including some fixes and + translation updates. + + https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/gnome-42/NEWS + + [ Test case ] + + The update is part of GNOME stable updates + https://wiki.ubuntu.com/StableReleaseUpdates/GNOME + + GNOME Shell and its components should continue working + + Ideally the verification should include checking those extensions before and after the update to ensure the SRU isn't creating regressions + https://launchpadlibrarian.net/511426552/gse + + [ Regression potential ] + + == Original Description == GDM fails to activate the login session in AWS Workspaces We may get this error: Aug 05 18:05:39 ip-198-19-76-222 gdm3[837]: Gdm: GdmSession: conversation dcv-graphical-sso started more than once Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: _reportInitError dcv-graphical-sso Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: JS ERROR: Failed to start dcv-graphical-sso verification: Gio.DBusError: GDBus.Error:org.freedesktop.DBus.Error.Spawn.Failed: Could not create authentication > _promisify/proto[asyncFunc]/https://bugs.launchpad.net/bugs/1985128 Title: [SRU] Update gnome-shell to 42.4 in 22.04 Status in gnome-shell package in Ubuntu: Fix Released Status in gnome-shell source package in Jammy: In Progress Bug description: [Impact] This is the current GNOME 42.4 stable update, including some fixes and translation updates. https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/gnome-42/NEWS [ Test case ] The update is part of GNOME stable updates https://wiki.ubuntu.com/StableReleaseUpdates/GNOME GNOME Shell and its components should continue working Ideally the verification should include checking those extensions before and after the update to ensure the SRU isn't creating regressions https://launchpadlibrarian.net/511426552/gse [ Regression potential ] == Original Description == GDM fails to activate the login session in AWS Workspaces We may get this error: Aug 05 18:05:39 ip-198-19-76-222 gdm3[837]: Gdm: GdmSession: conversation dcv-graphical-sso started more than once Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: _reportInitError dcv-graphical-sso Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: JS ERROR: Failed to start dcv-graphical-sso verification: Gio.DBusError: GDBus.Error:org.freedesktop.DBus.Error.Spawn.Failed: Could not create authentication > _promisify/proto[asyncFunc]/https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1985128/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1985128] Re: [SRU] Update gnome-shell to 42.4 in 22.04
** Summary changed: - GDM fails to activate the login session in AWS Workspaces + [SRU] Update gnome-shell to 42.4 in 22.04 ** Description changed: + + GDM fails to activate the login session in AWS Workspaces + We may get this error: Aug 05 18:05:39 ip-198-19-76-222 gdm3[837]: Gdm: GdmSession: conversation dcv-graphical-sso started more than once Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: _reportInitError dcv-graphical-sso Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: JS ERROR: Failed to start dcv-graphical-sso verification: Gio.DBusError: GDBus.Error:org.freedesktop.DBus.Error.Spawn.Failed: Could not create authentication > - _promisify/proto[asyncFunc]/https://bugs.launchpad.net/bugs/1985128 Title: [SRU] Update gnome-shell to 42.4 in 22.04 Status in gnome-shell package in Ubuntu: Fix Released Status in gnome-shell source package in Jammy: In Progress Bug description: [Impact] This is the current GNOME 42.4 stable update, including some fixes and translation updates. https://gitlab.gnome.org/GNOME/gnome-shell/-/blob/gnome-42/NEWS [ Test case ] The update is part of GNOME stable updates https://wiki.ubuntu.com/StableReleaseUpdates/GNOME GNOME Shell and its components should continue working Ideally the verification should include checking those extensions before and after the update to ensure the SRU isn't creating regressions https://launchpadlibrarian.net/511426552/gse [ Regression potential ] == Original Description == GDM fails to activate the login session in AWS Workspaces We may get this error: Aug 05 18:05:39 ip-198-19-76-222 gdm3[837]: Gdm: GdmSession: conversation dcv-graphical-sso started more than once Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: _reportInitError dcv-graphical-sso Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: JS ERROR: Failed to start dcv-graphical-sso verification: Gio.DBusError: GDBus.Error:org.freedesktop.DBus.Error.Spawn.Failed: Could not create authentication > _promisify/proto[asyncFunc]/https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1985128/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1985128] Re: GDM fails to activate the login session in AWS Workspaces
** Also affects: gnome-shell (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: gnome-shell (Ubuntu Jammy) Status: New => Confirmed ** Changed in: gnome-shell (Ubuntu Jammy) Status: Confirmed => In Progress ** Changed in: gnome-shell (Ubuntu Jammy) Importance: Undecided => High -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-shell in Ubuntu. https://bugs.launchpad.net/bugs/1985128 Title: [SRU] Update gnome-shell to 42.4 in 22.04 Status in gnome-shell package in Ubuntu: Fix Released Status in gnome-shell source package in Jammy: In Progress Bug description: GDM fails to activate the login session in AWS Workspaces We may get this error: Aug 05 18:05:39 ip-198-19-76-222 gdm3[837]: Gdm: GdmSession: conversation dcv-graphical-sso started more than once Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: _reportInitError dcv-graphical-sso Aug 05 18:05:39 ip-198-19-76-222 gnome-shell[1006]: JS ERROR: Failed to start dcv-graphical-sso verification: Gio.DBusError: GDBus.Error:org.freedesktop.DBus.Error.Spawn.Failed: Could not create authentication > _promisify/proto[asyncFunc]/https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1985128/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1973751] Re: Machines or Users scripts are not executed
I successfully verified that this is fixed in Jammy and didn't introduce any regression with adsys 0.8.5~22.04. Marking as verification-done ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1973751 Title: Machines or Users scripts are not executed Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: New Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] Machine and user scripts are not executed on startup/shutdown/login/logoff. /run has been recently changed to be noexec on jammy. Ensure that we can execute the scripts in /run/adsys subdirectories. The scripts mecanism has been reviewed by the security team, so we can reset them as executable. [Test case] * Setup some scripts under AD to be executed, one for machine scripts (on startup), one for user scripts (on login). Those scripts can create some temporary files under /tmp for instance. * Reboot and login on the Ubuntu laptop connected with AD by adsys, with ua attached * Check that the scripts were executed by testing that the created file under /tmp are present. [Where problems could occur] This is technically a new .mount systemd unit service which takes the same mount option than /run, but don’t set noexec. The setup is similar than qemu .mount unit for instance. Worst impact could be that the script policy manager can’t run the scripts as it is already the case today. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1973751/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1973748] Re: Updating any gsettings key makes user dconf database unreadable
I successfully verified that this is fixed in Jammy and didn't introduce any regression with adsys 0.8.5~22.04. Marking as verification-done ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1973748 Title: Updating any gsettings key makes user dconf database unreadable Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: New Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] Changing any gsettings key in AD resulted in user databases under /etc/dconf, owned by root, with 0600 as permissions. This change was done late in the cycle after passing some permissions checkers to harden the binaries. However, in that case, the user databases needs to be readable by the users so that they can apply those values, so we need to align with ibus profile and makes them 644. [Test case] * Change a gsettings key under AD, like picture-uri one. * Login on the Ubuntu laptop connected with AD by adsys * The background should now be changed to the set value. [Where problems could occur] This code is located in the dconf policy application manager and restricted to it. The negative impact in case of a new bug will be seen by gsettings key not being applied as it is already nowdays. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1973748/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1973745] Re: adsys windows admx/adml lts only does not include 22.04
I successfully verified that this is fixed in Jammy and didn't introduce any regression with adsys 0.8.5~22.04. Marking as verification-done ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1973745 Title: adsys windows admx/adml lts only does not include 22.04 Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: New Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] Due to some misunterpretation in how the launchpad API works when listing lts only, 22.04 was not included there by the admx/adml files generated by CI. Consequently, when those files are deployed on Windows AD server with LTS only templates, this one is not listed. [Test Plan] * Deploy the admx/adml generated for "LTS Only" use cases on an AD server * Open any GPO rule like changing the background * Ensure there is an "Override for 22.04" entry. [Where problems could occur] Those files are statically generated and then shipped as thus. There is no runtime exercising this. The consequence of those generated files to be invalid is that Windows AD server will not show up "Ubuntu" in its GPO template. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1973745/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1973752] Re: Fix privilege permission which can not be set to disabled
I successfully verified that this is fixed in Jammy and didn't introduce any regression with adsys 0.8.5~22.04. Marking as verification-done ** Tags removed: verification-needed-jammy ** Tags added: verification-done-jammy -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1973752 Title: Fix privilege permission which can not be set to disabled Status in adsys package in Ubuntu: Fix Released Status in adsys source package in Focal: New Status in adsys source package in Jammy: Fix Committed Bug description: [Impact] Disallowing local administrator does not work as excepted: - on some AD server, setting in the UI this key (and some other similars) to disabled, go to next GPO rule, then back to this one, AD will display the key as enabled. - on the client machine, we can see that the key has no state and nothing is forcibly allowed or disallowed. [Test case] * Install the new admx/adml with this version on the AD server. * On AD, go to disallow local administator, set it to disabled * Go to next GPO rules and then go back * The rule should still be disabled. * On an Ubuntu machine connected with AD by adsys, with ua attached, force a machine refresh with adsysctl policy update -m. * Check in adsysctl policy applied --all that the key is displayed as disabled * Confirm that no local administrator (part of the sudo group) can run "sudo". [Where problems could occur] The privilege manager and other policies impacts both Windows and client: - on Windows, this is in the admx/adml are statically generated and then shipped as thus. There is no runtime exercising this. The consequence of those generated files to be invalid is that Windows AD server will not show up "Ubuntu" in its GPO template. - on the client, the privilege manager is the main consumer of those disabled key types. The other kinds of keys are not impacted. [Additional informations] * New test cases have been added for the client part. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1973752/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1975426] [NEW] package libinput-bin 1.15.5-1ubuntu0.3 failed to install/upgrade: le paquet est dans un état vraiment incohérent; vous devriez le réinstaller avant de tenter de
Public bug reported: ? ProblemType: Package DistroRelease: Ubuntu 20.04 Package: libinput-bin 1.15.5-1ubuntu0.3 ProcVersionSignature: Ubuntu 5.13.0-41.46~20.04.1-generic 5.13.19 Uname: Linux 5.13.0-41-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 AptOrdering: thunderbird-locale-en:amd64: Install thunderbird-locale-fr:amd64: Install thunderbird:amd64: Install thunderbird-gnome-support:amd64: Install NULL: ConfigurePending Architecture: amd64 CasperMD5CheckResult: skip CompositorRunning: None Date: Sun May 22 17:28:56 2022 DistUpgraded: Fresh install DistroCodename: focal DistroVariant: ubuntu ErrorMessage: le paquet est dans un état vraiment incohérent; vous devriez le réinstaller avant de tenter de le configurer. GraphicsCard: NVIDIA Corporation TU116 [GeForce GTX 1650 SUPER] [10de:2187] (rev a1) (prog-if 00 [VGA controller]) Subsystem: PNY TU116 [GeForce GTX 1650 SUPER] [196e:1350] InstallationDate: Installed on 2021-09-22 (242 days ago) InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) MachineType: Gigabyte Technology Co., Ltd. B450M DS3H ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.13.0-41-generic root=UUID=5c263473-36e2-410e-95e7-1174764ce9f8 ro quiet splash vt.handoff=7 Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 3.8.2-0ubuntu2 PythonDetails: N/A RelatedPackageVersions: dpkg 1.19.7ubuntu3 apt 2.0.6 SourcePackage: libinput Title: package libinput-bin 1.15.5-1ubuntu0.3 failed to install/upgrade: le paquet est dans un état vraiment incohérent; vous devriez le réinstaller avant de tenter de le configurer. UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/27/2019 dmi.bios.release: 5.14 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: F50 dmi.board.asset.tag: Default string dmi.board.name: B450M DS3H-CF dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.board.version: x.x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrF50:bd11/27/2019:br5.14:svnGigabyteTechnologyCo.,Ltd.:pnB450MDS3H:pvrDefaultstring:rvnGigabyteTechnologyCo.,Ltd.:rnB450MDS3H-CF:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring:skuDefaultstring: dmi.product.family: Default string dmi.product.name: B450M DS3H dmi.product.sku: Default string dmi.product.version: Default string dmi.sys.vendor: Gigabyte Technology Co., Ltd. version.compiz: compiz N/A version.libdrm2: libdrm2 2.4.107-8ubuntu1~20.04.2 version.libgl1-mesa-dri: libgl1-mesa-dri 21.2.6-0ubuntu0.1~20.04.2 version.libgl1-mesa-glx: libgl1-mesa-glx N/A version.xserver-xorg-core: xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.2 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20200226-1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1 ** Affects: libinput (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-package focal ubuntu -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libinput in Ubuntu. https://bugs.launchpad.net/bugs/1975426 Title: package libinput-bin 1.15.5-1ubuntu0.3 failed to install/upgrade: le paquet est dans un état vraiment incohérent; vous devriez le réinstaller avant de tenter de le configurer. Status in libinput package in Ubuntu: New Bug description: ? ProblemType: Package DistroRelease: Ubuntu 20.04 Package: libinput-bin 1.15.5-1ubuntu0.3 ProcVersionSignature: Ubuntu 5.13.0-41.46~20.04.1-generic 5.13.19 Uname: Linux 5.13.0-41-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.24 AptOrdering: thunderbird-locale-en:amd64: Install thunderbird-locale-fr:amd64: Install thunderbird:amd64: Install thunderbird-gnome-support:amd64: Install NULL: ConfigurePending Architecture: amd64 CasperMD5CheckResult: skip CompositorRunning: None Date: Sun May 22 17:28:56 2022 DistUpgraded: Fresh install DistroCodename: focal DistroVariant: ubuntu ErrorMessage: le paquet est dans un état vraiment incohérent; vous devriez le réinstaller avant de tenter de le configurer. GraphicsCard: NVIDIA Corporation TU116 [GeForce GTX 1650 SUPER] [10de:2187] (rev a1) (prog-if 00 [VGA controller]) Subsystem: PNY TU116 [GeForce GTX 1650 SUPER] [196e:1350] InstallationDate: Installed on 2021-09-22 (242 days ago) InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) MachineType: Gigabyte Technology Co., Ltd. B450M DS3H ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.13.0-41-generic root=UUID=5c263473-36e2-410e-95e7-1174764ce9f8 ro quiet splash vt.handoff=7 Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 3.8.2-0ubuntu2 PythonDetails: N/A RelatedPackageVersions: dpkg 1.19.7ubuntu
[Desktop-packages] [Bug 1929038] Re: [SRU] Backport to 20.04 LTS
It's a desktop package that we do not need on riscv64 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1929038 Title: [SRU] Backport to 20.04 LTS Status in adsys package in Ubuntu: Fix Released Status in golang-1.16 package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Released Status in golang-1.16 source package in Focal: Fix Released Bug description: As part of our entreprise desktop offering, there is the request to backport ADSys to 20.04 LTS. The package is in universe for now. ADSys is our Active Directory GPO integration. It’s available starting Ubuntu 21.04. [Impact] * ADSys is a new package. Impacts is thus only for people installing. * It depends on a recent Golang (1.16). We thus needs to backport this package from Ubuntu 21.04/21.10 (1.16.2-0ubuntu1 at the time of this writing) by introducing a versioned separate package (each Go version is a separate package already in the distribution). It is similar to what has been done for snaps in previous LTS. * This is a entreprise feature requested by desktop customers running LTS. [Test Plan for Golang 1.16] 1. Ensure Golang 1.16 is published in -proposed 2. Start a build with a package, requiring Golang 1.16 (dependency + PATH set to Golang 1.16 go binary). 3. Ensure the package builds successfully. 4. Run go version which should display: "go1.16.x" (x being the version uploaded). [Test Plan for ADSys] 1. Configure your machine with AD, with a correctly configured SSSD and KRB5 (AD user should be able to log in). Instructions can be found on https://github.com/ubuntu/adsys/wiki/2.-Prerequisites 2. Install admx and adml files on your AD controller: https://github.com/ubuntu/adsys/wiki/3.-AD-Setup 3. Configure some values in AD (https://github.com/ubuntu/adsys/wiki/4.-Using-GPO), for instance: * GDM login screen background * User favorites apps 4. Install ADSys, reboot the machine and login in as an AD user 5. Ensure both GDM background and user favorites apps follows what you set in AD [Where problems could occur] For Go 1.16: * Package depending on this Go version would not be able to compile. * As this is a separate, versionned, new package, no impact on existing ones. * FYI, we already built ADSys against this Go version in our ppa: https://launchpad.net/~didrocks/+archive/ubuntu/adsys For ADSys: * Machine will fail booting if ADSys can’t connect to AD on first boot. * AD User will fail logging if ADSys can’t connect to AD on first boot. * As this is a separate, versionned, new package, no impact on existing installations. [Other Info] * ADSys (built against Go 1.16 in the same PPA) is battle-tested from our PPA. * We will first upload Go 1.16 and let it migrate before uploading ADSys itself. * Of course, ADSys new version (the one we will backport) will be first uploaded in Impish. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1929038/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1929038] Re: [SRU] Backport to 20.04 LTS
This has been verified a while ago and already deployed in production for customers. Marking as verification-done. ** Tags removed: removal-candidate verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/1929038 Title: [SRU] Backport to 20.04 LTS Status in adsys package in Ubuntu: Fix Released Status in golang-1.16 package in Ubuntu: Fix Released Status in adsys source package in Focal: Fix Committed Status in golang-1.16 source package in Focal: Fix Released Bug description: As part of our entreprise desktop offering, there is the request to backport ADSys to 20.04 LTS. The package is in universe for now. ADSys is our Active Directory GPO integration. It’s available starting Ubuntu 21.04. [Impact] * ADSys is a new package. Impacts is thus only for people installing. * It depends on a recent Golang (1.16). We thus needs to backport this package from Ubuntu 21.04/21.10 (1.16.2-0ubuntu1 at the time of this writing) by introducing a versioned separate package (each Go version is a separate package already in the distribution). It is similar to what has been done for snaps in previous LTS. * This is a entreprise feature requested by desktop customers running LTS. [Test Plan for Golang 1.16] 1. Ensure Golang 1.16 is published in -proposed 2. Start a build with a package, requiring Golang 1.16 (dependency + PATH set to Golang 1.16 go binary). 3. Ensure the package builds successfully. 4. Run go version which should display: "go1.16.x" (x being the version uploaded). [Test Plan for ADSys] 1. Configure your machine with AD, with a correctly configured SSSD and KRB5 (AD user should be able to log in). Instructions can be found on https://github.com/ubuntu/adsys/wiki/2.-Prerequisites 2. Install admx and adml files on your AD controller: https://github.com/ubuntu/adsys/wiki/3.-AD-Setup 3. Configure some values in AD (https://github.com/ubuntu/adsys/wiki/4.-Using-GPO), for instance: * GDM login screen background * User favorites apps 4. Install ADSys, reboot the machine and login in as an AD user 5. Ensure both GDM background and user favorites apps follows what you set in AD [Where problems could occur] For Go 1.16: * Package depending on this Go version would not be able to compile. * As this is a separate, versionned, new package, no impact on existing ones. * FYI, we already built ADSys against this Go version in our ppa: https://launchpad.net/~didrocks/+archive/ubuntu/adsys For ADSys: * Machine will fail booting if ADSys can’t connect to AD on first boot. * AD User will fail logging if ADSys can’t connect to AD on first boot. * As this is a separate, versionned, new package, no impact on existing installations. [Other Info] * ADSys (built against Go 1.16 in the same PPA) is battle-tested from our PPA. * We will first upload Go 1.16 and let it migrate before uploading ADSys itself. * Of course, ADSys new version (the one we will backport) will be first uploaded in Impish. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/1929038/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1969787] [NEW] package libinput-bin 1.15.5-1ubuntu0.3 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configu
Public bug reported: No idea ProblemType: Package DistroRelease: Ubuntu 20.04 Package: libinput-bin 1.15.5-1ubuntu0.3 ProcVersionSignature: Ubuntu 5.13.0-40.45~20.04.1-generic 5.13.19 Uname: Linux 5.13.0-40-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.23 AptOrdering: libinput10:amd64: Install NULL: ConfigurePending Architecture: amd64 CasperMD5CheckResult: skip CompositorRunning: None Date: Thu Apr 21 16:01:58 2022 DistUpgraded: Fresh install DistroCodename: focal DistroVariant: ubuntu DuplicateSignature: package:libinput-bin:1.15.5-1ubuntu0.3 Unpacking libinput10:amd64 (1.15.5-1ubuntu0.3) over (1.15.5-1ubuntu0.2) ... dpkg: error processing package libinput-bin (--configure): package is in a very bad inconsistent state; you should ErrorMessage: package is in a very bad inconsistent state; you should reinstall it before attempting configuration GraphicsCard: NVIDIA Corporation TU116 [GeForce GTX 1650 SUPER] [10de:2187] (rev a1) (prog-if 00 [VGA controller]) Subsystem: PNY TU116 [GeForce GTX 1650 SUPER] [196e:1350] InstallationDate: Installed on 2021-09-22 (211 days ago) InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) MachineType: Gigabyte Technology Co., Ltd. B450M DS3H ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.13.0-40-generic root=UUID=5c263473-36e2-410e-95e7-1174764ce9f8 ro quiet splash vt.handoff=7 Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 3.8.2-0ubuntu2 PythonDetails: N/A RelatedPackageVersions: dpkg 1.19.7ubuntu3 apt 2.0.6 SourcePackage: libinput Title: package libinput-bin 1.15.5-1ubuntu0.3 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 11/27/2019 dmi.bios.release: 5.14 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: F50 dmi.board.asset.tag: Default string dmi.board.name: B450M DS3H-CF dmi.board.vendor: Gigabyte Technology Co., Ltd. dmi.board.version: x.x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrF50:bd11/27/2019:br5.14:svnGigabyteTechnologyCo.,Ltd.:pnB450MDS3H:pvrDefaultstring:rvnGigabyteTechnologyCo.,Ltd.:rnB450MDS3H-CF:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring:skuDefaultstring: dmi.product.family: Default string dmi.product.name: B450M DS3H dmi.product.sku: Default string dmi.product.version: Default string dmi.sys.vendor: Gigabyte Technology Co., Ltd. version.compiz: compiz N/A version.libdrm2: libdrm2 2.4.107-8ubuntu1~20.04.2 version.libgl1-mesa-dri: libgl1-mesa-dri 21.2.6-0ubuntu0.1~20.04.2 version.libgl1-mesa-glx: libgl1-mesa-glx N/A version.xserver-xorg-core: xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.2 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-1 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20200226-1 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.16-1 ** Affects: libinput (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-package focal need-duplicate-check ubuntu -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libinput in Ubuntu. https://bugs.launchpad.net/bugs/1969787 Title: package libinput-bin 1.15.5-1ubuntu0.3 failed to install/upgrade: package is in a very bad inconsistent state; you should reinstall it before attempting configuration Status in libinput package in Ubuntu: New Bug description: No idea ProblemType: Package DistroRelease: Ubuntu 20.04 Package: libinput-bin 1.15.5-1ubuntu0.3 ProcVersionSignature: Ubuntu 5.13.0-40.45~20.04.1-generic 5.13.19 Uname: Linux 5.13.0-40-generic x86_64 ApportVersion: 2.20.11-0ubuntu27.23 AptOrdering: libinput10:amd64: Install NULL: ConfigurePending Architecture: amd64 CasperMD5CheckResult: skip CompositorRunning: None Date: Thu Apr 21 16:01:58 2022 DistUpgraded: Fresh install DistroCodename: focal DistroVariant: ubuntu DuplicateSignature: package:libinput-bin:1.15.5-1ubuntu0.3 Unpacking libinput10:amd64 (1.15.5-1ubuntu0.3) over (1.15.5-1ubuntu0.2) ... dpkg: error processing package libinput-bin (--configure): package is in a very bad inconsistent state; you should ErrorMessage: package is in a very bad inconsistent state; you should reinstall it before attempting configuration GraphicsCard: NVIDIA Corporation TU116 [GeForce GTX 1650 SUPER] [10de:2187] (rev a1) (prog-if 00 [VGA controller]) Subsystem: PNY TU116 [GeForce GTX 1650 SUPER] [196e:1350] InstallationDate: Installed on 2021-09-22 (211 days ago) InstallationMedia: Ubuntu 20.04.3 LTS "Focal Fossa" - Release amd64 (20210819) MachineType: Gigabyte Technology Co., Ltd. B450M DS3H ProcKernelCmdLine:
[Desktop-packages] [Bug 1936907] Re: [MIR] ADSys
** Description changed: [Availability] Available on all archs, available starting hirsute. It will be backported to Focal once an FFe has been accepted. [Rationale] We are supporting GPO Active Directory support on ubuntu starting hirsute. This features allows for an administrator to configure their Active Directory server to deploy per-machine and per-user configurations, enforce rules and other domain policies. - Right now, dconf keys are supported. + Right now, dconf keys, sudo administration rights and computer and user + scripts are supported. This feature is built and use the krb5 tickets which are provided by SSSD. Basically: - SSSD is dealing with user and machine registration/authentification and enforce password policies - ADSys is handling GPO enforcement and support. The Ubuntu specific policies needs to be installed on the Active Directory server (they are contained in the daemon). [Security] The daemon is started is running as a root user to be able to enforce machine policies, like rebuilding dconf databases, setting profiles. User only interacts with the client side (both sides communicates over GRPC), which can be ran as any user. Polkit is used to restrain access to some part of the API. There is a PAM module to build on demand per-user policy once authenticated with SSSD. They are rejected if the authentication or not all affected policies could be downloaded. [Quality assurance] Joining a domain in the ubiquity desktop installer makes the machine joining the AD domain and install adsys functionality. The package will be seeded directly on the desktop ISO. - An extensive testsuite (more than 700) is included and available as + An extensive testsuite (more than 1k) is included and available as autopkgtests for rdepends. The whole stack is tested (even the client/daemon interaction) and coverage is measured (including in the small python script). However, tests with a real Active Directory server can only be done manually as there is no setup available in the autopkgtests infrastructure. [Dependencies] Main dependencies are libsmbclient, python3 (an embeeded script allows, via samba, connecting to AD LDAP) and SSSD/KRB5. This is a Go package, and all dependencies are vendored, and versions are controlled via go.mod. We are using dependabot (from Github) to automatically get notified of any dependencies updates (and security issues), which opens a PR, rebuild and run all tests to report it there. We are thus able to quickly merge them. [Standards compliance] Standard debhelper packaging, including a systemd service. [Maintenance] The desktop team will maintain it. * we commit to test no-change-rebuilds triggered by a dependent library/compiler and to fix any issues found for the lifetime of the release (including ESM when included) * we will provide timely testing of no-change-rebuilds from the security team, fixing the rebuilt package as necessary * we commit to provide updates to the security team for any affected vendored code for the lifetime of the release (including ESM when included) * we will provide timely, high quality updates for the security team to sponsor to fix issues in the affected vendored code - [Background information] ADSys is composed of: - a daemon, named adsysd, running as root. This one will shutdown after a period of inactivity without any active request. It is socket activated. - a client, named adsysctl (which is a symlink to adsysd and only differ behavior from its executable name), which is running as the user (or root on boot for machine update). This ones optionally wakes up adsysd, connect through an Unix socket with SO_PEERCRED to communicate current user running the process. We are using grpc to communicate between the client and service. Each client request is validated through polkit, matching user name and permissions. The daemon will reject any unauthorized client connections. Note that all actions are always performed from executing the client, even the scheduled one by a cron. - The daemon contains a python embeeded script to reuse samba utilities to - connect with GSSAPI to the AD LDAP server and list available GPOs. GPOs - are then downloaded in a cache directory which isn’t accessible to + The daemon contains a python embedded script that uses samba utilities + to connect with GSSAPI to the AD LDAP server and list available GPOs. + GPOs are then downloaded in a cache directory which isn’t accessible to users. The daemon also contains all GPOs policies to install on the Active Directory side to reflect them in the UI. This could be accessed online or dumped directly via the command line tool. Finally, those are automatically refreshed for any supported LTSes and intermediate versions. The availability of features can be different cross-releas
[Desktop-packages] [Bug 1959667] [NEW] non informative error message when enabling a non available UA service
Public bug reported: Jammy / software-properties-gtk: Installed: 0.99.17 When trying to enable a service that is not available the error message provide no useful information about what went wrong (cf screenshot) and in the journal: ubuntu-advantag[1461382]: Failed to parse UA status: Operation was cancelled In both cases the error message should be similar to UA CLI: UA Infra: ESM is not available for Ubuntu 22.04 (Jammy Jellyfish). ** Affects: software-properties (Ubuntu) Importance: Undecided Status: New ** Attachment added: "2022-02-01_12-06.png" https://bugs.launchpad.net/bugs/1959667/+attachment/5558588/+files/2022-02-01_12-06.png -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to software-properties in Ubuntu. https://bugs.launchpad.net/bugs/1959667 Title: non informative error message when enabling a non available UA service Status in software-properties package in Ubuntu: New Bug description: Jammy / software-properties-gtk: Installed: 0.99.17 When trying to enable a service that is not available the error message provide no useful information about what went wrong (cf screenshot) and in the journal: ubuntu-advantag[1461382]: Failed to parse UA status: Operation was cancelled In both cases the error message should be similar to UA CLI: UA Infra: ESM is not available for Ubuntu 22.04 (Jammy Jellyfish). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1959667/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1838151] Re: Poor quality audio with modern Bluetooth headsets in HSP/HFP. Missing wide band speech support (Bluetooth A2DP codecs).
Hi everyone, small progress report : I tried the pipewire trick and it didn't work out for me, while it initially seemed to work: auto switch to the HSP/HPF profile didn't work and after a manual switch the headset would drop out during a conversation. I reverted to pulseaudio and invested a bit more time, now I am _almost_ there : I had to add the following to ~/.config/pulse/default.pa .include /etc/pulse/default.pa .nofail unload-module module-bluetooth-policy .fail .ifexists module-bluetooth-policy.so load-module module-bluetooth-policy auto_switch=2 .endif .ifexists module-bluetooth-discover.so load-module module-bluetooth-discover .endif to get the autoswitch to work. I am happy to report that in slack (from snap) the audio now behaves just right and friends tell me I no longer sound like a robot. Unfortunately this still doesn't work with zoom and there seems to be multiple issues. They probably come from zoom itself but I am unsure what to report to them. according to https://gavv.github.io/articles/pulseaudio-under-the- hood/#autodetecting-properties it should be possible to make pulseaudio understand that it has to switch profiles by changing /usr/share/applications/Zoom.desktop and adding Telephony to the categories. I have not been able to make this work without auto_switch=2 Here are two scenarios that fail: after a fresh boot (so all the stars are aligned), start zoom, create a new meeting, start the recording, say a few words, stop the recording, stop the meeting, open the resulting audio or video file the sound is bad when it is expected to be good. After a fresh boot (so all the stars are aligned), start zoom, go to settings-> audio, after doing this my headset is non functional and I must shut it down and start it back up to restore functionality. can someone help me determine what zoom is doing wrong ? I will also try a few other apps in the coming weeks -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/1838151 Title: Poor quality audio with modern Bluetooth headsets in HSP/HFP. Missing wide band speech support (Bluetooth A2DP codecs). Status in PulseAudio: Fix Released Status in bluez package in Ubuntu: Fix Released Status in linux package in Ubuntu: Fix Released Status in pulseaudio package in Ubuntu: Fix Released Status in Arch Linux: New Bug description: Bluetooth HSP/HFP audio quality is poor on Ubuntu comparative to all other major platforms (Windows, MacOS, ChromeOS, Android, iOS). Modern Bluetooth headsets (such as the Bose QC series headphones, many others) are capable of using HFP 1.6 with mSBC 16kHz audio encoding. As it currently stands, Ubuntu defaults to only supporting HSP headsets using 8kHz CVSD, and is incapable of supporting HFP 1.6 at this time. The ChromiumOS team recently tackled this issue - https://bugs.chromium.org/p/chromium/issues/detail?id=843048 Their efforts may assist in bringing this to Ubuntu, however it appears that there are quite a lot of differences considering they have developed their own audio server solution etc. The Bluetooth Telephony Working Group published the HFP 1.6 spec in May 2011 - https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=238193 Patches have been proposed in the past for this issue to the kernel and PulseAudio: PulseAudio: https://patchwork.freedesktop.org/patch/245272/ Kernel: https://www.spinics.net/lists/linux-bluetooth/msg76982.html It appears that the Chromium OS team applied the same kernel patch: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/77dd0cb94c1713a8a12f6e392955dfa64c430e54 ProblemType: Bug DistroRelease: Ubuntu 19.04 Package: pulseaudio 1:12.2-2ubuntu3 ProcVersionSignature: Ubuntu 5.0.0-20.21-generic 5.0.8 Uname: Linux 5.0.0-20-generic x86_64 ApportVersion: 2.20.10-0ubuntu27.1 Architecture: amd64 AudioDevicesInUse: USERPID ACCESS COMMAND /dev/snd/controlC0: jnappi 2777 F pulseaudio CurrentDesktop: ubuntu:GNOME Date: Sat Jul 27 11:08:29 2019 EcryptfsInUse: Yes InstallationDate: Installed on 2017-11-04 (629 days ago) InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018) ProcEnviron: PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: pulseaudio UpgradeStatus: Upgraded to disco on 2019-07-18 (9 days ago) dmi.bios.date: 06/07/2016 dmi.bios.vendor: LENOVO dmi.bios.version: R07ET67W (2.07 ) dmi.board.asset.tag: Not Available dmi.board.name: 20FW000TUS dmi.board.vendor: LENOVO dmi.board.version: SDK0J40705 WIN dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: None dmi.modalias: dmi:bvnLENOVO:bvrR07ET67W(2.07):bd06/07/2016:svnLENOVO:pn20FW000TUS:pvrThinkPadT460p:rvnLENOVO:r
[Desktop-packages] [Bug 1952999] Re: Wayland blocks the microphone of the webcam
Yes, it works perfectly with Xorg. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to mutter in Ubuntu. https://bugs.launchpad.net/bugs/1952999 Title: Wayland blocks the microphone of the webcam Status in mutter package in Ubuntu: Incomplete Bug description: Jammy daily In the wayland session the microphone of the webcam is no available. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: libwayland-bin 1.19.0-2build1 ProcVersionSignature: Ubuntu 5.13.0-20.20-generic 5.13.14 Uname: Linux 5.13.0-20-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu73 Architecture: amd64 BootLog: Error: [Errno 13] Permission denied: '/var/log/boot.log' CasperMD5CheckResult: unknown CompositorRunning: None CurrentDesktop: ubuntu:GNOME Date: Thu Dec 2 07:45:44 2021 DistUpgraded: Fresh install DistroCodename: jammy DistroVariant: ubuntu GraphicsCard: Intel Corporation Comet Lake UHD Graphics [8086:9bca] (rev 04) (prog-if 00 [VGA controller]) Subsystem: Intel Corporation Device [8086:2081] InstallationDate: Installed on 2020-05-31 (549 days ago) InstallationMedia: Ubuntu 20.10 "Groovy Gorilla" - Alpha amd64 (20200527) MachineType: Intel(R) Client Systems NUC10i7FNH ProcKernelCmdLine: BOOT_IMAGE=/BOOT/ubuntu_nt06gx@/vmlinuz-5.13.0-20-generic root=ZFS=rpool/ROOT/ubuntu_nt06gx ro snd-intel-dspcfg.dsp_driver=1 SourcePackage: wayland UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 10/21/2019 dmi.bios.release: 5.16 dmi.bios.vendor: Intel Corp. dmi.bios.version: FNCML357.0032.2019.1021.1624 dmi.board.asset.tag: Default string dmi.board.name: NUC10i7FNB dmi.board.vendor: Intel Corporation dmi.board.version: K61360-302 dmi.chassis.asset.tag: Default string dmi.chassis.type: 35 dmi.chassis.vendor: Intel Corporation dmi.chassis.version: 2.0 dmi.ec.firmware.release: 3.4 dmi.modalias: dmi:bvnIntelCorp.:bvrFNCML357.0032.2019.1021.1624:bd10/21/2019:br5.16:efr3.4:svnIntel(R)ClientSystems:pnNUC10i7FNH:pvrK61081-302:skuBXNUC10i7FNH:rvnIntelCorporation:rnNUC10i7FNB:rvrK61360-302:cvnIntelCorporation:ct35:cvr2.0: dmi.product.family: FN dmi.product.name: NUC10i7FNH dmi.product.sku: BXNUC10i7FNH dmi.product.version: K61081-302 dmi.sys.vendor: Intel(R) Client Systems version.compiz: compiz N/A version.libdrm2: libdrm2 2.4.107-8ubuntu1 version.libgl1-mesa-dri: libgl1-mesa-dri 21.2.2-1ubuntu1 version.libgl1-mesa-glx: libgl1-mesa-glx N/A version.xserver-xorg-core: xserver-xorg-core 2:1.20.13-1ubuntu1 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:19.1.0-2build1 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.99.917+git20200714-1ubuntu2 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:1.0.17-1build1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mutter/+bug/1952999/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp