Public bug reported: [Impact]
VMware Horizon is a VDI product that runs atop of VMware's normal virtualisation stack, and it supports SSO authentication for login. In the past, the VMware Horizon agent has been pretty buggy, and requires SSO patches to be present to function, otherwise it breaks and causes entire outages for anyone trying to use the VDI. To solve this, VMware had been custom compiling their own libgnome- shell.so libraries with their SSO patches, which are based on oVirt's SSO implementation. When you install VMware Horizon agent to the instance, it overwrites Ubuntu's libgnome-shell.so with their custom compiled one. VMware don't keep their custom compiled libgnome-shell.so library up to date, so bugs that have already been fixed still live on in their library. Also, when Ubuntu updates our gnome-shell packages, it overwrites the custom libgnome-shell.so library, which then causes the Horizon agent to break, and causes outages for anyone using the VDI, which have to be solved by manually copying the custom library back. This situation is untenable for VMware Horizon users, so I have asked VMware to upstream their SSO patches. After a long painful process, they have landed in gnome-shell master. This SRU will significantly improve the quality of life for VMware Horizon users, and will remove the need for VMware to distribute custom libraries. [Testcase] You need an instance that runs on VMware Horizon, and the Horizon agent needs to be installed and running. Ideally, SSO authentication should be enabled to test all features, but it is not necessary to partially test. Test packages are available in this ppa: https://launchpad.net/~mruffell/+archive/ubuntu/sf247978-test If you install the test package in a VMware Horizon VDI, the instance should come up cleanly after reboot and function properly, especially with SSO login. The instance should be able to function without custom libgnome-shell.so libraries provided by VMware. [Regression Potential] The code refactors the oVirt SSO implementation into a more generalised interface, which other virtualisation platforms can use. oVirt has been transitioned to this interface as part of the refactoring, which means that any if the new oVirt SSO implementation is broken, it could break users running in oVirt. VMware's patches also use the new generalised interface, which is much simpler than before, and it has been tested internally by VMware. There was a very long review process with upstream GNOME, which ironed out all of their concerns. I have been reviewing the code along the way, and I am confident that it will not cause any regressions. If a regression did occur, then it would break SSO functionality only. [Other Information] Upstream Issue: https://gitlab.gnome.org/GNOME/gnome-shell/issues/1983 Upstream merge-request: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/915 Commits: commit 809f820cd4a4eebb120ab5dde3f1985d35bcb540 Author: yun341 <5933...@qq.com> Date: Sat, 4 Jan 2020 00:31:15 +0800 Subject: gdm: Refactor oVirt to a generic CredentialManager interface Link: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/809f820cd4a4eebb120ab5dde3f1985d35bcb540 commit 4ea0fca4fc09ffd6e0b6994ee1354f07f7d5d2b5 Author: yun341 <5933...@qq.com> Date: Thu, 2 Jul 2020 06:54:55 +0800 Subject: gdm: Introduce vmware credential manager for pre-authenticated logins Link: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/4ea0fca4fc09ffd6e0b6994ee1354f07f7d5d2b5 ** Affects: gnome-shell (Ubuntu) Importance: Undecided Assignee: Matthew Ruffell (mruffell) Status: In Progress ** Affects: gnome-shell (Ubuntu Bionic) Importance: Undecided Assignee: Matthew Ruffell (mruffell) Status: In Progress ** Affects: gnome-shell (Ubuntu Eoan) Importance: Undecided Status: Won't Fix ** Affects: gnome-shell (Ubuntu Focal) Importance: Undecided Assignee: Matthew Ruffell (mruffell) Status: In Progress ** Affects: gnome-shell (Ubuntu Groovy) Importance: Undecided Assignee: Matthew Ruffell (mruffell) Status: In Progress ** Tags: sts ** Also affects: gnome-shell (Ubuntu Eoan) Importance: Undecided Status: New ** Also affects: gnome-shell (Ubuntu Groovy) Importance: Undecided Status: New ** Also affects: gnome-shell (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: gnome-shell (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: gnome-shell (Ubuntu Bionic) Status: New => In Progress ** Changed in: gnome-shell (Ubuntu Focal) Status: New => In Progress ** Changed in: gnome-shell (Ubuntu Groovy) Status: New => In Progress ** Changed in: gnome-shell (Ubuntu Eoan) Status: New => Won't Fix ** Changed in: gnome-shell (Ubuntu Bionic) Assignee: (unassigned) => Matthew Ruffell (mruffell) ** Changed in: gnome-shell (Ubuntu Focal) Assignee: (unassigned) => Matthew Ruffell (mruffell) ** Changed in: gnome-shell (Ubuntu Groovy) Assignee: (unassigned) => Matthew Ruffell (mruffell) ** Tags added: sts -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-shell in Ubuntu. https://bugs.launchpad.net/bugs/1886592 Title: Add support for VMware Horizon SSO to gnome-shell Status in gnome-shell package in Ubuntu: In Progress Status in gnome-shell source package in Bionic: In Progress Status in gnome-shell source package in Eoan: Won't Fix Status in gnome-shell source package in Focal: In Progress Status in gnome-shell source package in Groovy: In Progress Bug description: [Impact] VMware Horizon is a VDI product that runs atop of VMware's normal virtualisation stack, and it supports SSO authentication for login. In the past, the VMware Horizon agent has been pretty buggy, and requires SSO patches to be present to function, otherwise it breaks and causes entire outages for anyone trying to use the VDI. To solve this, VMware had been custom compiling their own libgnome- shell.so libraries with their SSO patches, which are based on oVirt's SSO implementation. When you install VMware Horizon agent to the instance, it overwrites Ubuntu's libgnome-shell.so with their custom compiled one. VMware don't keep their custom compiled libgnome-shell.so library up to date, so bugs that have already been fixed still live on in their library. Also, when Ubuntu updates our gnome-shell packages, it overwrites the custom libgnome-shell.so library, which then causes the Horizon agent to break, and causes outages for anyone using the VDI, which have to be solved by manually copying the custom library back. This situation is untenable for VMware Horizon users, so I have asked VMware to upstream their SSO patches. After a long painful process, they have landed in gnome-shell master. This SRU will significantly improve the quality of life for VMware Horizon users, and will remove the need for VMware to distribute custom libraries. [Testcase] You need an instance that runs on VMware Horizon, and the Horizon agent needs to be installed and running. Ideally, SSO authentication should be enabled to test all features, but it is not necessary to partially test. Test packages are available in this ppa: https://launchpad.net/~mruffell/+archive/ubuntu/sf247978-test If you install the test package in a VMware Horizon VDI, the instance should come up cleanly after reboot and function properly, especially with SSO login. The instance should be able to function without custom libgnome- shell.so libraries provided by VMware. [Regression Potential] The code refactors the oVirt SSO implementation into a more generalised interface, which other virtualisation platforms can use. oVirt has been transitioned to this interface as part of the refactoring, which means that any if the new oVirt SSO implementation is broken, it could break users running in oVirt. VMware's patches also use the new generalised interface, which is much simpler than before, and it has been tested internally by VMware. There was a very long review process with upstream GNOME, which ironed out all of their concerns. I have been reviewing the code along the way, and I am confident that it will not cause any regressions. If a regression did occur, then it would break SSO functionality only. [Other Information] Upstream Issue: https://gitlab.gnome.org/GNOME/gnome-shell/issues/1983 Upstream merge-request: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/915 Commits: commit 809f820cd4a4eebb120ab5dde3f1985d35bcb540 Author: yun341 <5933...@qq.com> Date: Sat, 4 Jan 2020 00:31:15 +0800 Subject: gdm: Refactor oVirt to a generic CredentialManager interface Link: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/809f820cd4a4eebb120ab5dde3f1985d35bcb540 commit 4ea0fca4fc09ffd6e0b6994ee1354f07f7d5d2b5 Author: yun341 <5933...@qq.com> Date: Thu, 2 Jul 2020 06:54:55 +0800 Subject: gdm: Introduce vmware credential manager for pre-authenticated logins Link: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/4ea0fca4fc09ffd6e0b6994ee1354f07f7d5d2b5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-shell/+bug/1886592/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
