[Bug 2059756] Re: [SRU] adsys 0.14.1
This bug was fixed in the package adsys - 0.14.1~22.04 --- adsys (0.14.1~22.04) jammy; urgency=medium * Backport 0.14.1 to jammy (LP: #2059756) - Build with Go 1.22 - Disable dh_dwz on account of go >= 1.19 compressing symbols itself (fixed in newer dh_golang) - Revert incorrect prerm purge stanza adsys (0.14.1build1) noble; urgency=medium * No-change rebuild for CVE-2024-3094 adsys (0.14.1) noble; urgency=medium * Pin Go toolchain to 1.22.1 to fix the following security vulnerabilities: - GO-2024-2598 - GO-2024-2599 * Update apport hook to include journal errors and package logs * CI and quality of life changes not impacting package functionality: - Enable end-to-end tests in GitHub Actions - Remove stale AD resources on test finish - Add developer documentation for running end-to-end tests - Collect and upload end-to-end test logs on failure - Report test coverage in Cobertura XML format - Silence gosec warnings using nolint and remove deprecated ifshort linter - Use an environment variable to update golden files - Bump github actions to latest: - azure/login - softprops/action-gh-release * Update dependencies to latest: - github.com/charmbracelet/lipgloss - github.com/golangci/golangci-lint - github.com/golang/protobuf - github.com/stretchr/testify - golang.org/x/crypto - golang.org/x/net - google.golang.org/grpc - google.golang.org/protobuf adsys (0.14.0) noble; urgency=medium * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) - This functionality is opt-in and activated if the detect_cached_ticket setting is set to true - If the AD backend (e.g. sssd) doesn't export the KRB5CCNAME variable, adsys will now determine the path to the default ticket cache and use it during authentication (when adsys is executed through the PAM module) and runs of adsysctl update for the current user. * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Upgrade to Go 1.22 * CI and quality of life changes not impacting package functionality: - Pass token explicitly to Codecov action - Fix require outside of main goroutine - Mark function arguments as unused where applicable Thanks to Edu Gómez Escandell - End to end test VM template creation updates - Bump github actions to latest: - codecov/codecov-action - peter-evans/create-pull-request * Update dependencies to latest: - github.com/charmbracelet/bubbles - github.com/golangci/golangci-lint - golang.org/x/crypto - golang.org/x/net - google.golang.org/grpc adsys (0.13.3) noble; urgency=medium * Fix cert auto-enroll without NDES (LP: #2051363) * Refresh policy definition files (remove Lunar support) * CI and quality of life changes not impacting package functionality: - Bump github actions to latest: - actions/download-artifact - actions/setup-go - actions/upload-artifact * Update dependencies to latest: - github.com/charmbracelet/bubbles - github.com/charmbracelet/bubbletea - github.com/google/uuid - github.com/spf13/viper - golang.org/x/crypto - golang.org/x/net - golang.org/x/sync - golang.org/x/sys - google.golang.org/grpc - google.golang.org/protobuf adsys (0.13.2) noble; urgency=medium [ Denison Barbosa ] [ Didier Roche ] [ Gabriel Nagy ] [ Jean-Baptiste Lallement ] * Ensure GPO URLs contain the FQDN of the domain controller (LP: #2024377) * Add runtime dependency on nfs-common (LP: #2044112) * Documentation changes: - Switch to Read the Docs for project documentation - Generate documentation from policy definitions - Fix installation path of adwatchd * CI and quality of life changes not impacting package functionality: - Bump go version to 1.21.4 - Fix docker stop behavior on integration tests - Add e2e tests provisioning workflow - Reduce the amount of workflows to be run - Remove scopes from dependabot config * Update dependencies to latest: - github.com/charmbracelet/lipgloss - github.com/fatih/color - github.com/fsnotify/fsnotify - github.com/golangci/golangci-lint - github.com/google/uuid - github.com/maruel/natural - github.com/pkg/sftp - github.com/spf13/cobra - github.com/spf13/viper - golang.org/x/crypto - golang.org/x/net - golang.org/x/sync - golang.org/x/sys - golang.org/x/text - google.golang.org/grpc adsys (0.13.1) mantic; urgency=medium [ Denison Barbosa ] [ Didier Roche ] [ Gabriel Nagy ] * Fix pam_adsys build (LP: #2037270) * Switch to upstream gotext version and align go-i18n (LP: #2037271) * Add documentation for certificate policy manager * CI and quality of life changes not impacting package functionality: - Workflow to auto-patch vendored Samba code - Fix typo on build command
[Bug 2059756] Re: [SRU] adsys 0.14.1
I have validated adsys in Mantic using the following steps: 1. Join Mantic client to AD test domain where GPOs are configured 2. Install adsys from proposed 3. Apply user and machine policies (assert non-Pro policy managers) 4. Attach Mantic client to Ubuntu Pro 5. Re-apply user and machine policies (assert Pro-only policy managers) Below are the steps used: Joined domain using the following command: # realm join warthogs.biz -U localadmin -v --unattended <<<$AD_PASSWORD ... * Successfully enrolled machine in realm Installed adsys using: # apt install adsys/mantic-proposed --install-suggests # apt-cache policy adsys adsys: Installed: 0.14.1~23.10.1 Candidate: 0.14.1~23.10.1 Version table: *** 0.14.1~23.10.1 400 400 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 Packages 100 /var/lib/dpkg/status 0.13.1ubuntu0.1 500 500 http://azure.archive.ubuntu.com/ubuntu mantic-updates/main amd64 Packages 500 http://azure.archive.ubuntu.com/ubuntu mantic-security/main amd64 Packages 0.13.1 500 500 http://azure.archive.ubuntu.com/ubuntu mantic/main amd64 Packages Applied non-Pro policies: # adsysctl update -m -v INFO Assets directory is already up to date INFO GPO "e2e-mantic-b093-computers-gpo" is already up to date INFO Applying policies for mantic-b093 (machine: true) WARNING Rules from the following policy types will be filtered out as the machine is not enrolled to Ubuntu Pro: privilege, scripts, mount, apparmor, proxy, certificate mantic-b093-usr$ adsysctl update -v INFO GPO "e2e-mantic-b093-users-gpo" is already up to date INFO Assets directory is already up to date INFO Applying policies for mantic-b093-...@warthogs.biz (machine: false) WARNING Rules from the following policy types will be filtered out as the machine is not enrolled to Ubuntu Pro: scripts, mount Confirmed non-Pro policies have been applied (dconf/gdm): # DCONF_PROFILE=gdm dconf read /org/gnome/login-screen/banner-message-text 'Sample banner text' mantic-b093-usr$ dconf read /org/gnome/shell/favorite-apps ['rhythmbox.desktop'] Confirmed Pro-only policies (e.g. certificate, mount) are not applied: # getcert list Number of certificates and requests being tracked: 0. mantic-b093-usr$ gio mount -l | grep warthogs.biz Attached machine to Pro and re-applied user and machine policies: # pro attach $UBUNTU_PRO_TOKEN --no-auto-enable This machine is now attached to 'Ubuntu Pro - free personal subscription' # adsysctl update -m -v INFO GPO "e2e-mantic-b093-computers-gpo" is already up to date INFO Assets directory is already up to date INFO Applying policies for mantic-b093 (machine: true) INFO Running machine startup scripts INFO Certificate autoenrollment script ran successfully mantic-b093-usr$ adsysctl update -v INFO GPO "e2e-mantic-b093-users-gpo" is already up to date INFO Assets directory is already up to date INFO Applying policies for mantic-b093-...@warthogs.biz (machine: false) Confirmed Pro-only policies have now been applied: # getcert list root@mantic-b093:~# getcert list Number of certificates and requests being tracked: 1. Request ID 'warthogs-CA.Machine': status: MONITORING stuck: no key pair storage: type=FILE,location='/var/lib/adsys/private/certs/warthogs-CA.Machine.key' certificate: type=FILE,location='/var/lib/adsys/certs/warthogs-CA.Machine.crt' CA: warthogs-CA issuer: CN=warthogs-CA,DC=warthogs,DC=biz subject: CN=mantic-b093 ... mantic-b093-usr$ gio mount -l | grep warthogs.biz Mount(0): user-mount-smb on warthogs.biz -> smb://warthogs.biz/user-mount-smb/ Mount(1): user-mount-nfs on warthogs.biz -> nfs://warthogs.biz/user-mount-nfs ** Tags removed: verification-needed verification-needed-mantic ** Tags added: verification-done verification-done-mantic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
Hello Jean-Baptiste, or anyone else affected, Accepted adsys into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/adsys/0.14.1~23.10.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-mantic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Tags removed: verification-done verification-done-mantic ** Tags added: verification-needed verification-needed-mantic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
adsys is failing all autopkgtests on mantic in all architectures. The error is the same: 106s autopkgtest [12:17:38]: test command1: ./debian/tests/test no-sudo 106s autopkgtest [12:17:38]: test command1: [--- 106s Running non-root tests... 106s ./debian/tests/test: 36: go: not found 106s autopkgtest [12:17:38]: test command1: ---] Comment #19 states that adsys vesion 0.14.1~23.10.1 was uploaded to mantic-unapproved with a fix for that, and I see it wasn't accepted still. I'll try to get to it in my shift. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
I have validated the new adsys in Jammy using the following steps: 1. Join Jammy client to AD test domain where GPOs are configured 2. Install adsys from proposed 3. Apply user and machine policies (assert non-Pro policy managers) 4. Attach Jammy client to Ubuntu Pro 5. Re-apply user and machine policies (assert Pro-only policy managers) Below are the steps used: Joined domain using the following command: # realm join warthogs.biz -U localadmin -v --unattended <<<$AD_PASSWORD ... * Successfully enrolled machine in realm Installed adsys using: # apt install adsys/jammy-proposed --install-suggests # apt-cache policy adsys adsys: Installed: 0.14.1~22.04 Candidate: 0.14.1~22.04 Version table: *** 0.14.1~22.04 400 400 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages 100 /var/lib/dpkg/status 0.9.2~22.04.2 500 500 http://azure.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages 0.9.2~22.04.1 500 500 http://azure.archive.ubuntu.com/ubuntu jammy-security/main amd64 Packages 0.8.4 500 500 http://azure.archive.ubuntu.com/ubuntu jammy/main amd64 Packages Applied non-Pro policies: # adsysctl update -m -v INFO Downloading "e2e-jammy-fccb9151-computers-gpo" INFO Downloading "assets" INFO Applying policies for jammy-fccb9151 (machine: true) WARNING Rules from the following policy types will be filtered out as the machine is not enrolled to Ubuntu Pro: privilege, scripts, mount, apparmor, proxy, certificate jammy-fccb9151-usr$ adsysctl update -v INFO GPO "e2e-jammy-fccb9151-users-gpo" is already up to date INFO Assets directory is already up to date INFO Applying policies for jammy-fccb9151-...@warthogs.biz (machine: false) WARNING Rules from the following policy types will be filtered out as the machine is not enrolled to Ubuntu Pro: scripts, mount Confirmed non-Pro policies have been applied (dconf/gdm): # DCONF_PROFILE=gdm dconf read /org/gnome/login-screen/banner-message-text 'Sample banner text' jammy-fccb9151-usr$ dconf read /org/gnome/shell/favorite-apps ['rhythmbox.desktop'] Confirmed Pro-only policies (e.g. certificate, mount) are not applied: # getcert list Number of certificates and requests being tracked: 0. jammy-fccb9151-usr$ gio mount -l | grep warthogs.biz Attached machine to Pro and re-applied user and machine policies: # pro attach $UBUNTU_PRO_TOKEN --no-auto-enable This machine is now attached to 'Ubuntu Pro - free personal subscription' # adsysctl update -m -v INFO GPO "e2e-jammy-fccb9151-computers-gpo" is already up to date INFO Assets directory is already up to date INFO Applying policies for jammy-fccb9151 (machine: true) INFO Running machine startup scripts INFO Certificate autoenrollment script ran successfully jammy-fccb9151-usr$ adsysctl update -v INFO GPO "e2e-jammy-fccb9151-users-gpo" is already up to date INFO Assets directory is already up to date INFO Applying policies for jammy-fccb9151-...@warthogs.biz (machine: false) Confirmed Pro-only policies have now been applied: # getcert list root@jammy-fccb9151:~# getcert list Number of certificates and requests being tracked: 1. Request ID 'warthogs-CA.Machine': status: MONITORING stuck: no key pair storage: type=FILE,location='/var/lib/adsys/private/certs/warthogs-CA.Machine.key' certificate: type=FILE,location='/var/lib/adsys/certs/warthogs-CA.Machine.crt' CA: warthogs-CA issuer: CN=warthogs-CA,DC=warthogs,DC=biz subject: CN=jammy-fccb9151 ... jammy-fccb9151-usr$ gio mount -l | grep warthogs.biz Mount(0): user-mount-smb on warthogs.biz -> smb://warthogs.biz/user-mount-smb/ Mount(1): user-mount-nfs on warthogs.biz -> nfs://warthogs.biz/user-mount-nfs ** Tags removed: verification-needed verification-needed-jammy ** Tags added: verification-done verification-done-jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
Hello Jean-Baptiste, or anyone else affected, Accepted adsys into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/adsys/0.14.1~22.04 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: adsys (Ubuntu Jammy) Status: Incomplete => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
Thank you for the thorough review and approval. I've updated the bugs linked above, and we have reuploaded adsys with the requested changes (https://launchpad.net/ubuntu/jammy/+queue?queue_state=1_text=adsys) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
> First, I note that since this is a new upstream version, there are a number > of bugs referenced in the > changelog that are not going to go through SRU verification. Per > https://wiki.ubuntu.com/StableReleaseUpdates#Bug_references_in_changelogs, > please update the > descriptions of these bugs to indicate this explicitly, so it is clear as > part of the SRU review > process that these are net SRU bugs that are missing the SRU bug template. > The bugs referenced in the .changes are: > LP: #2012371 LP: #2020682 LP: #2024377 LP: #2037270 LP: #2037271 LP: #2044112 > LP: #2049061 LP: #2051363 LP: #2054445 This hasn't been done yet, can you please take care of it? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
I've completed the review of the rest of the adsys delta. This looks good to me; my only observation is that as part of the change of i18n handling libraries, there are two regressions in the localizability of strings: internal/adsysservice/service.go: updateFmt := "%s" + gotext.Get(", updated on ") + "%s" internal/cmdhandler/suggest.go: requireMsg := "%s " + gotext.Get("requires a valid subcommand") Both of these introduce assumptions about the word order of the sentences which were not present before, making the new version less translatable than the previous version. However, I will not block the SRU on this because I see that the only language adsys is currently translated to is French, which is not affected. Still, it is bad form to use concatenation of translated strings like this, which you appear to know because both of these are marked with 'fixme's in the code. For the other issues with the packaging: > - debian/prerm: thank you for catching this, I don't know how it slipped > through, I guess it was all the false encouragement given by packages in the > wild that employ the same (broken) prerm workflow. I've opened a PR to revert > this upstream https://github.com/ubuntu/adsys/pull/1026 -- I don't think it > adds much value to have this working (and it was not explicitly documented in > the changelog either, so I'm happy with removing the broken code, as it never > worked) Yes, please revert this, thanks. > - krb5/winbind as an alternative to sssd: this was explicitly requested by > paying customers with specific requirements related to cross-domain forest > setups which could not be satisfied by sssd directly -- it's documented > (albeit > in a terse manner, only mentioning winbind) in the 0.10.0 changelog Ok, understood (and accepted for SRU). > - addition of Depends: apparmor: opted for this because the apparmor policy > manager subprocesses "apparmor_parser" (ref: > https://github.com/ubuntu/adsys/blob/b20890f78bd55d5b5c90d77af61d17eb31f40b77/internal/policies/apparmor/apparmor.go#L82) > -- happy to drop it if you think it's the best practice Since you are invoking programs from this package directly, it's fine to leave this as-is. > - additional of dependency on nfs-common: opted for a "Depends" here because > adsys could apply a nfs mount policy which would fail hard if nfs-common were > not installed -- I would've gone for "Recommends" in case of a soft warning Ok, please leave this as-is. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
Thank you, Chris. I can confirm that Jammy Go 1.22 works nicely so far - $ lxc launch ubuntu-daily:jammy docker-io --vm Creating docker-io Starting docker-io $ lxc shell docker-io root@docker-io:~# apt update root@docker-io:~# ls docker-doc_24.0.7-0ubuntu4~22.04.1_all.deb docker.io_24.0.7-0ubuntu4~22.04.1_amd64.deb snap root@docker-io:~# apt install ./*.deb Reading package lists... Done Building dependency tree... Done Reading state information... Done Note, selecting 'docker-doc' instead of './docker-doc_24.0.7-0ubuntu4~22.04.1_all.deb' Note, selecting 'docker.io' instead of './docker.io_24.0.7-0ubuntu4~22.04.1_amd64.deb' The following additional packages will be installed: bridge-utils containerd dns-root-data dnsmasq-base pigz runc ubuntu-fan Suggested packages: ifupdown aufs-tools cgroupfs-mount | cgroup-lite debootstrap docker-buildx docker-compose-v2 rinse zfs-fuse | zfsutils The following NEW packages will be installed: bridge-utils containerd dns-root-data dnsmasq-base docker-doc docker.io pigz runc ubuntu-fan 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. Need to get 46.7 MB/78.2 MB of archives. After this operation, 288 MB of additional disk space will be used. Do you want to continue? [Y/n] Get:1 /root/docker-doc_24.0.7-0ubuntu4~22.04.1_all.deb docker-doc all 24.0.7-0ubuntu4~22.04.1 [2325 kB] Get:2 /root/docker.io_24.0.7-0ubuntu4~22.04.1_amd64.deb docker.io amd64 24.0.7-0ubuntu4~22.04.1 [29.1 MB] Get:3 http://archive.ubuntu.com/ubuntu jammy/universe amd64 pigz amd64 2.6-1 [63.6 kB] Get:4 http://archive.ubuntu.com/ubuntu jammy/main amd64 bridge-utils amd64 1.7-1ubuntu3 [34.4 kB] Get:5 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 runc amd64 1.1.12-0ubuntu2~22.04.1 [8405 kB] Get:6 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 containerd amd64 1.7.12-0ubuntu2~22.04.1 [37.8 MB] Get:7 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 dns-root-data all 2023112702~ubuntu0.22.04.1 [5136 B] Get:8 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 dnsmasq-base amd64 2.90-0ubuntu0.22.04.1 [374 kB] Get:9 http://archive.ubuntu.com/ubuntu jammy/universe amd64 ubuntu-fan all 0.12.16 [35.2 kB] Fetched 46.7 MB in 11s (4128 kB/s) Preconfiguring packages ... Selecting previously unselected package pigz. (Reading database ... 56810 files and directories currently installed.) Preparing to unpack .../0-pigz_2.6-1_amd64.deb ... Unpacking pigz (2.6-1) ... Selecting previously unselected package bridge-utils. Preparing to unpack .../1-bridge-utils_1.7-1ubuntu3_amd64.deb ... Unpacking bridge-utils (1.7-1ubuntu3) ... Selecting previously unselected package runc. Preparing to unpack .../2-runc_1.1.12-0ubuntu2~22.04.1_amd64.deb ... Unpacking runc (1.1.12-0ubuntu2~22.04.1) ... Selecting previously unselected package containerd. Preparing to unpack .../3-containerd_1.7.12-0ubuntu2~22.04.1_amd64.deb ... Unpacking containerd (1.7.12-0ubuntu2~22.04.1) ... Selecting previously unselected package dns-root-data. Preparing to unpack .../4-dns-root-data_2023112702~ubuntu0.22.04.1_all.deb ... Unpacking dns-root-data (2023112702~ubuntu0.22.04.1) ... Selecting previously unselected package dnsmasq-base. Preparing to unpack .../5-dnsmasq-base_2.90-0ubuntu0.22.04.1_amd64.deb ... Unpacking dnsmasq-base (2.90-0ubuntu0.22.04.1) ... Selecting previously unselected package docker-doc. Preparing to unpack .../6-docker-doc_24.0.7-0ubuntu4~22.04.1_all.deb ... Unpacking docker-doc (24.0.7-0ubuntu4~22.04.1) ... Selecting previously unselected package docker.io. Preparing to unpack .../7-docker.io_24.0.7-0ubuntu4~22.04.1_amd64.deb ... Unpacking docker.io (24.0.7-0ubuntu4~22.04.1) ... Selecting previously unselected package ubuntu-fan. Preparing to unpack .../8-ubuntu-fan_0.12.16_all.deb ... Unpacking ubuntu-fan (0.12.16) ... Setting up dnsmasq-base (2.90-0ubuntu0.22.04.1) ... Setting up runc (1.1.12-0ubuntu2~22.04.1) ... Setting up dns-root-data (2023112702~ubuntu0.22.04.1) ... Setting up bridge-utils (1.7-1ubuntu3) ... Setting up pigz (2.6-1) ... Setting up docker-doc (24.0.7-0ubuntu4~22.04.1) ... Setting up containerd (1.7.12-0ubuntu2~22.04.1) ... Created symlink /etc/systemd/system/multi-user.target.wants/containerd.service → /lib/systemd/system/containerd.servi ce. Setting up ubuntu-fan (0.12.16) ... Created symlink /etc/systemd/system/multi-user.target.wants/ubuntu-fan.service → /lib/systemd/system/ubuntu-fan.servi ce. Setting up docker.io (24.0.7-0ubuntu4~22.04.1) ... Adding group `docker' (GID 121) ... Done. Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service. Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket. Processing triggers for dbus (1.12.20-2ubuntu4.1) ... Processing triggers for man-db (2.10.2-1) ... Scanning
[Bug 2059756] Re: [SRU] adsys 0.14.1
(out of band) Additionally, Utkarsh has validated that the golang-1.22 packages in jammy-proposed correctly build docker.io, and golang-1.22 from mantic has correctly built the adsys in mantic. As golang-1.22 a new package in Jammy and Mantic and hence low regression risk, and in the absence of any other test plan for the golang-1.22 packages (:P), I'm releasing golang-1.22 for jammy and mantic. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
This bug was fixed in the package golang-1.22 - 1.22.2-2~22.04 --- golang-1.22 (1.22.2-2~22.04) jammy; urgency=medium * Backport golang 1.22 to jammy (LP: #2059756) * Build with Go 1.20 - d/control{,.in}: use golang-1.20-go in Build-Depends - d/rules: use /usr/lib/go-1.20/bin/go to set GOROOT_BOOTSTRAP path -- Gabriel Nagy Mon, 22 Apr 2024 14:49:00 +0300 ** Changed in: golang-1.22 (Ubuntu Jammy) Status: Fix Committed => Fix Released ** Changed in: golang-1.22 (Ubuntu Mantic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
This bug was fixed in the package golang-1.22 - 1.22.2-2~23.10 --- golang-1.22 (1.22.2-2~23.10) mantic; urgency=medium * Backport to Mantic (LP: #2059756) * Build with Go 1.20 + d/control{,.in}: use golang-1.20-go in Build-Depends + d/rules: use /usr/lib/go-1.20/bin/go to set GOROOT_BOOTSTRAP path -- Gabriel Nagy Tue, 30 Apr 2024 15:39:36 +0300 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
Hello, golang-1.22-go looks good, I've tested the package from -proposed and it seems to build just fine. A snip from the successful testing: [...] Get:56 http://archive.ubuntu.com/ubuntu jammy-security/main amd64 git-man all 1:2.34.1-1ubuntu1.11 [955 kB] Get:57 http://archive.ubuntu.com/ubuntu jammy-security/main amd64 git amd64 1:2.34.1-1ubuntu1.11 [3165 kB] Get:58 http://archive.ubuntu.com/ubuntu jammy-proposed/universe amd64 golang-1.22-src all 1.22.2-2~22.04 [19.8 MB] Get:59 http://archive.ubuntu.com/ubuntu jammy-proposed/universe amd64 golang-1.22-go amd64 1.22.2-2~22.04 [26.0 MB] Get:60 http://archive.ubuntu.com/ubuntu jammy/main amd64 libbtrfs0 amd64 5.16.2-1 [12.0 kB] Get:61 http://archive.ubuntu.com/ubuntu jammy/main amd64 libbtrfs-dev amd64 5.16.2-1 [47.3 kB] [...] Can we please move that to -updates? It's blocking some other customer work we have. Many thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
@Steve, thanks for the first part of your review. Can you provide the rest of your review so we can do a single upload that addresses all your comments? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
> - krb5/winbind as an alternative to sssd: this was explicitly requested by > paying customers with specific > requirements related to cross-domain forest setups which could not be > satisfied by sssd directly -- it's > documented (albeit in a terse manner, only mentioning winbind) in the 0.10.0 > changelog I haven't looked at the specifics of winbind + adsys, or whether one could pick one or the other at runtime, but indeed, sssd is not able to integrate well with cross-domain AD forests. I wrote about winbind in such environments in the server guide[1]. 1. https://ubuntu.com/server/docs/choosing-an-integration-method -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
Hi Steve, Thanks for the review. Here are my responses for the not-accepted packaging bits: - debian/prerm: thank you for catching this, I don't know how it slipped through, I guess it was all the false encouragement given by packages in the wild that employ the same (broken) prerm workflow. I've opened a PR to revert this upstream https://github.com/ubuntu/adsys/pull/1026 -- I don't think it adds much value to have this working (and it was not explicitly documented in the changelog either, so I'm happy with removing the broken code, as it never worked) - krb5/winbind as an alternative to sssd: this was explicitly requested by paying customers with specific requirements related to cross-domain forest setups which could not be satisfied by sssd directly -- it's documented (albeit in a terse manner, only mentioning winbind) in the 0.10.0 changelog - addition of Depends: apparmor: opted for this because the apparmor policy manager subprocesses "apparmor_parser" (ref: https://github.com/ubuntu/adsys/blob/b20890f78bd55d5b5c90d77af61d17eb31f40b77/internal/policies/apparmor/apparmor.go#L82) -- happy to drop it if you think it's the best practice - additional of dependency on nfs-common: opted for a "Depends" here because adsys could apply a nfs mount policy which would fail hard if nfs-common were not installed -- I would've gone for "Recommends" in case of a soft warning Thanks, Gabriel -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
I have begun reviewing the adsys upload in the jammy unapproved queue. The review is not yet complete, but I am sending my partial review notes for the desktop team to respond to. First, I note that since this is a new upstream version, there are a number of bugs referenced in the changelog that are not going to go through SRU verification. Per https://wiki.ubuntu.com/StableReleaseUpdates#Bug_references_in_changelogs, please update the descriptions of these bugs to indicate this explicitly, so it is clear as part of the SRU review process that these are net SRU bugs that are missing the SRU bug template. The bugs referenced in the .changes are: LP: #2012371 LP: #2020682 LP: #2024377 LP: #2037270 LP: #2037271 LP: #2044112 LP: #2049061 LP: #2051363 LP: #2054445 Then, I have reviewed the changes to the Debian packaging in this package. I have prioritized this initially because as a rule, exceptions for new upstream versions of software do not extend to packaging changes since those pertain to distro integration and not upstream code. My observations: - debian/prerm: this change is simply incorrect and clearly untested, because dpkg NEVER calls a prerm script with an argument of 'purge'; 'purge' is only ever given as an argument to a postrm script. This change to the prerm should be reverted, in devel and in the SRU in the queue; and brought back only after there is a verified implementation with a test case. - apport hook changes: no runtime impact. accepted. - addition of a new empty /var/lib/adsys dir: accepted. - installation of additional adsys python module: accepted. - lintian overrides change: no runtime impact. accepted. - build dep on golang-1.22-go: golang-go in jammy is 1.18. accepted. - added build-deps: accepted. - krb5/winbind as an alternative to sssd: why? not discussed in the changelog and the integration of krb5+winbind directly, vs sssd, is strictly inferior. - addition of Depends: apparmor - unusual; packages which integrate with apparmor do not in general depend on it. Basically irrelevant anyway since snapd does depend on apparmor and is mandatory. But I think this should be dropped in devel. - additional of dependency on nfs-common: since nfs mounts are not used by default, and are overall uncommon in AD environments, I believe this better fits the policy definition of a Recommends rather than a Depends. However, adsys is opt-in and in either case will pull in nfs-common by default so I will not block on this. I will follow up with any review comments on the upstream changes incrementally. ** Changed in: adsys (Ubuntu Jammy) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
I've successfully performed validation on mantic with adsys and dependencies from proposed, with a Windows Server 2019 AD Controller. I've tested the specific cases for the following bugs and confirm the fixes: * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) Otherwise I've performed a full set of all combinations of policy apply (user, machine, pro enabled, pro disabled) for the full suite of policy managers and confirm they work as expected. NB: The autopkgtest failure was due to not specifying the full path to the Go executable in the test runner (because we use Go from golang-1.22 which doesn't put the `go` binary in $PATH). We fixed that and uploaded the package with the autopkgtest fix as version 0.14.1~23.10.1. ** Tags removed: verification-needed-mantic ** Tags added: verification-done-mantic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
Hello Jean-Baptiste, or anyone else affected, Accepted golang-1.22 into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/golang-1.22/1.22.2-2~22.04 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: golang-1.22 (Ubuntu Jammy) Status: Confirmed => Fix Committed ** Tags added: verification-needed-jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
Hello Jean-Baptiste, or anyone else affected, Accepted golang-1.22 into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/golang-1.22/1.22.2-2~23.10 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-mantic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: golang-1.22 (Ubuntu Mantic) Status: Confirmed => Fix Committed ** Tags added: verification-needed verification-needed-mantic ** Changed in: adsys (Ubuntu Mantic) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
golang 1.22 is now in mantic NEW queue and adsys 0.14.1~23.10 is in the unapproved queue (the only change on the last one is that I adapted the debdiff to not remove the rebuild upload changelog entry). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
Yes, the package is ready to upload to Mantic, and it is strictly the same. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
OK, thanks. I guess we can review the Jammy upload for now then on the assumption that the Mantic upload won't have substantial changes until it arrives in the queue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
We plan to SRU the stack to Mantic and align all the supported releases on the same version. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
Currently the version of adsys in Mantic is 0.13.1ubuntu0.1, which is lower than the version in Jammy Unapproved. What's your plan for Mantic and/or users upgrading to Mantic please? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Also affects: adsys (Ubuntu Mantic) Importance: Undecided Status: New ** Also affects: golang-1.22 (Ubuntu Mantic) Importance: Undecided Status: New ** Changed in: adsys (Ubuntu Mantic) Status: New => Confirmed ** Changed in: golang-1.22 (Ubuntu Mantic) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
Attached debdiff for adsys 0.14.1 backport to Mantic ** Patch added: "adsys_0.14.1~23.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+attachment/5773212/+files/adsys_0.14.1~23.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
Attached debdiff for Go 1.22 backport to Mantic ** Patch added: "golang-1.22_1.22.2-2~23.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+attachment/5773187/+files/golang-1.22_1.22.2-2~23.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) * Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0_text= [test plan] # Process Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment (https://github.com/ubuntu/adsys/actions/workflows/e2e-tests.yaml). The team applied the following quality
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) * Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0_text= [test plan] # Process Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment (https://github.com/ubuntu/adsys/actions/workflows/e2e-tests.yaml). The team applied the following quality
[Bug 2059756] Re: [SRU] adsys 0.14.1
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: golang-1.22 (Ubuntu Jammy) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: adsys (Ubuntu Jammy) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) * Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0_text= [test plan] # Process Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment (https://github.com/ubuntu/adsys/actions/workflows/e2e-tests.yaml). The team applied the following quality
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Patch removed: "ubuntu-proxy-manager_0.1~22.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+attachment/5761552/+files/ubuntu-proxy-manager_0.1~22.04.1.debdiff ** Patch added: "ubuntu-proxy-manager_0.1.1~22.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+attachment/5769691/+files/ubuntu-proxy-manager_0.1.1~22.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Changed in: golang-1.22 (Ubuntu) Status: New => Fix Released ** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: - * golang-go >= 2:1.22 + * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) * Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0_text= - [test plan] # Process Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment
[Bug 2059756] Re: [SRU] adsys 0.14.1
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Patch added: "ubuntu-proxy-manager_0.1~22.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.22/+bug/2059756/+attachment/5761552/+files/ubuntu-proxy-manager_0.1~22.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
The attachment "golang-1.22_1.22.1-1~ubuntu22.04.1.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Patch added: "golang-1.22_1.22.1-1~ubuntu22.04.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/golang-1.22/+bug/2059756/+attachment/5761550/+files/golang-1.22_1.22.1-1~ubuntu22.04.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Also affects: golang-1.22 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: + * golang-go >= 2:1.22 * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) - * Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0_text= + * Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0_text= + [test plan] # Process Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Changed in: adsys (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. + Version 0.14.1 is available for 22.04 in a PPA and already used in + production by customers. + [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues - Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ + Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] - Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog - * New features -* New policies: - - Add mount / network shares policy manager - - Add AppArmor policy manager - - Support multiple AD backends and implement Winbind support - - Add system proxy policy manager - - Add certificate policy manager for machines - - Add adsysctl policy purge command to purge applied policies - - Full documentation - - Full end to end automated test suite. + Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog + * New features + * New policies: + - Add mount / network shares policy manager + - Add AppArmor policy manager + - Support multiple AD backends and implement Winbind support + - Add system proxy policy manager + - Add certificate policy manager for machines + - Add adsysctl policy purge command to purge applied policies + - Full documentation + - Full end to end automated test suite. - * Enhancements - * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine - * Expose Ubuntu Pro status in the "status" command - * Update scripts manager creation - * List Pro policy types in service status output - * Warn when Pro-only rules are configured - * Use systemd via D-Bus instead of systemctl commands - * Add placeholder notes for entry types - * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos - * Rework policy application sync strategy - * Print logs when policies are up to date - * Update policy definitions to include dconf key for dark mode background - * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) - * Allow sssd backend to work without ad_domain being set (LP: #2054445) - * Update apport hook to include journal errors and package logs + * Enhancements + * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine + * Expose Ubuntu Pro status in the "status" command + * Update scripts manager creation + * List Pro policy types in service status output + * Warn when Pro-only rules are configured + * Use systemd via D-Bus instead of systemctl commands + * Add placeholder notes for entry types + * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos + * Rework policy application sync strategy + * Print logs when policies are up to date + * Update policy definitions to include dconf key for dark mode background + * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) + * Allow sssd backend to work without ad_domain being set (LP: #2054445) + * Update apport hook to include journal errors and package logs - * Bug fixes - * Fix policy update failing when GPT.INI contains no version key - * Fix object lookup for users having a FQDN as their hostname - * Support special characters in domains when parsing sssd configuration - * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf - * Ensure empty state for dconf policy - * Handle case mismatches in GPT.INI file name - * Ensure GPO URLs contain the FQDN of the domain
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) [test plan] # Process - Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment. + Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active
[Bug 2059756] Re: [SRU] adsys 0.14.1
** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA (https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/adsys) and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) + * Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0_text= [test plan] # Process Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment (https://github.com/ubuntu/adsys/actions/workflows/e2e-tests.yaml). The team applied the following quality criteria: * All changes