** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. + Version 0.14.1 is available for 22.04 in a PPA and already used in + production by customers. + [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues - Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ + Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] - Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog - * New features - * New policies: - - Add mount / network shares policy manager - - Add AppArmor policy manager - - Support multiple AD backends and implement Winbind support - - Add system proxy policy manager - - Add certificate policy manager for machines - - Add adsysctl policy purge command to purge applied policies - - Full documentation - - Full end to end automated test suite. + Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog + * New features + * New policies: + - Add mount / network shares policy manager + - Add AppArmor policy manager + - Support multiple AD backends and implement Winbind support + - Add system proxy policy manager + - Add certificate policy manager for machines + - Add adsysctl policy purge command to purge applied policies + - Full documentation + - Full end to end automated test suite. - * Enhancements - * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine - * Expose Ubuntu Pro status in the "status" command - * Update scripts manager creation - * List Pro policy types in service status output - * Warn when Pro-only rules are configured - * Use systemd via D-Bus instead of systemctl commands - * Add placeholder notes for entry types - * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos - * Rework policy application sync strategy - * Print logs when policies are up to date - * Update policy definitions to include dconf key for dark mode background - * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) - * Allow sssd backend to work without ad_domain being set (LP: #2054445) - * Update apport hook to include journal errors and package logs + * Enhancements + * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine + * Expose Ubuntu Pro status in the "status" command + * Update scripts manager creation + * List Pro policy types in service status output + * Warn when Pro-only rules are configured + * Use systemd via D-Bus instead of systemctl commands + * Add placeholder notes for entry types + * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos + * Rework policy application sync strategy + * Print logs when policies are up to date + * Update policy definitions to include dconf key for dark mode background + * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) + * Allow sssd backend to work without ad_domain being set (LP: #2054445) + * Update apport hook to include journal errors and package logs - * Bug fixes - * Fix policy update failing when GPT.INI contains no version key - * Fix object lookup for users having a FQDN as their hostname - * Support special characters in domains when parsing sssd configuration - * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf - * Ensure empty state for dconf policy - * Handle case mismatches in GPT.INI file name - * Ensure GPO URLs contain the FQDN of the domain controller - * Add runtime dependency on nfs-common + * Bug fixes + * Fix policy update failing when GPT.INI contains no version key + * Fix object lookup for users having a FQDN as their hostname + * Support special characters in domains when parsing sssd configuration + * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf + * Ensure empty state for dconf policy + * Handle case mismatches in GPT.INI file name + * Ensure GPO URLs contain the FQDN of the domain controller + * Add runtime dependency on nfs-common - * Other - * Updates to latest versions of Go (fixing known Go vulnerabilities) - * Updates to latest versions of the Go dependencies - * Updates and improvements to CI and QoL - * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version + * Other + * Updates to latest versions of Go (fixing known Go vulnerabilities) + * Updates to latest versions of the Go dependencies + * Updates and improvements to CI and QoL + * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version + + Dependencies: + * Build-dep: golang-go (>= 2:1.22~) + + * Dependencies to backport to 22.04: + * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) + * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) + + + [test plan] + Process: + Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment. + + The team applied the following quality criteria: + * All changes are thoroughly reviewed and approved by core team members before integration. + * Each change is thoroughly tested at the unit, integration and system levels. * All the tests pass in all supported architectures. + * All bugs fixed in this release must have a link to the pull request that fixes them. + * All bug fixes and new features are verified in a system by executing automated or manual tests. Most of these tests are automated and executed in the autopkgtest suite. Tests that are not automated are executed manually. + * New and existing features are tested in a real Active Directory environment. + * There are no unfixed bugs tagged "blocker" on the milestone. + + Packaging QA: + To prepare the release to 22.04, the following procedures will be completed to ensure quality: + * All autopkgtests pass. + * The package does not break when upgrading. + * The binary is identical to the CI build, with only Debian packaging changes. + * The copyrights and changelog are up to date. + * An upgrade test from the previous package version has been performed using apt install/upgrade. + + Code sanity: + Code sanity checks are performed automatically on each build. They verify: + * Code linting + * Go module files are up to date + * Generated files are up to date + * Any binary in the project builds + * Vulnerabilities + Example report: https://github.com/ubuntu/adsys/actions/runs/6955264244 + + Code coverage: + * Code coverage is computed on every build and a report generated. + * Codecov report: https://app.codecov.io/gh/ubuntu/adsys + * Coverage as of today: 90.78% + + [where problems could occur] + For AD users: + * ADSys can prevent authentication of AD users if some policies can't be applied or fail to apply properly + * Note: The categories of bugs we've identified typically revolve around Active Directory setup or network configuration. Extensive and detailed logging of both SSSD and ADSys aids in resolving these issues promptly. + + * For local users, no impact will occur.
** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA and already used in production by customers. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) - * Dependencies to backport to 22.04: - * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) - * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) - + * Dependencies to backport to 22.04: + * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) + * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) [test plan] - Process: - Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment. + # Process + Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment. The team applied the following quality criteria: - * All changes are thoroughly reviewed and approved by core team members before integration. - * Each change is thoroughly tested at the unit, integration and system levels. * All the tests pass in all supported architectures. - * All bugs fixed in this release must have a link to the pull request that fixes them. - * All bug fixes and new features are verified in a system by executing automated or manual tests. Most of these tests are automated and executed in the autopkgtest suite. Tests that are not automated are executed manually. - * New and existing features are tested in a real Active Directory environment. - * There are no unfixed bugs tagged "blocker" on the milestone. + * All changes are thoroughly reviewed and approved by core team members before integration. + * Each change is thoroughly tested at the unit, integration and system levels. * All the tests pass in all supported architectures. + * All bugs fixed in this release must have a link to the pull request that fixes them. + * All bug fixes and new features are verified in a system by executing automated or manual tests. Most of these tests are automated and executed in the autopkgtest suite. Tests that are not automated are executed manually. + * New and existing features are tested in a real Active Directory environment. + * There are no unfixed bugs tagged "blocker" on the milestone. - Packaging QA: + # Packaging QA To prepare the release to 22.04, the following procedures will be completed to ensure quality: - * All autopkgtests pass. - * The package does not break when upgrading. - * The binary is identical to the CI build, with only Debian packaging changes. - * The copyrights and changelog are up to date. - * An upgrade test from the previous package version has been performed using apt install/upgrade. + * All autopkgtests pass. + * The package does not break when upgrading. + * The binary is identical to the CI build, with only Debian packaging changes. + * The copyrights and changelog are up to date. + * An upgrade test from the previous package version has been performed using apt install/upgrade. - Code sanity: + # Code sanity Code sanity checks are performed automatically on each build. They verify: - * Code linting - * Go module files are up to date - * Generated files are up to date - * Any binary in the project builds - * Vulnerabilities + * Code linting + * Go module files are up to date + * Generated files are up to date + * Any binary in the project builds + * Vulnerabilities Example report: https://github.com/ubuntu/adsys/actions/runs/6955264244 Code coverage: - * Code coverage is computed on every build and a report generated. - * Codecov report: https://app.codecov.io/gh/ubuntu/adsys - * Coverage as of today: 90.78% + * Code coverage is computed on every build and a report generated. + * Codecov report: https://app.codecov.io/gh/ubuntu/adsys + * Coverage as of today: 90.78% [where problems could occur] For AD users: - * ADSys can prevent authentication of AD users if some policies can't be applied or fail to apply properly - * Note: The categories of bugs we've identified typically revolve around Active Directory setup or network configuration. Extensive and detailed logging of both SSSD and ADSys aids in resolving these issues promptly. + * ADSys can prevent authentication of AD users if some policies can't be applied or fail to apply properly + * Note: The categories of bugs we've identified typically revolve around Active Directory setup or network configuration. Extensive and detailed logging of both SSSD and ADSys aids in resolving these issues promptly. - * For local users, no impact will occur. + * For local users, no impact will occur. ** Changed in: adsys (Ubuntu) Importance: Undecided => High ** Also affects: adsys (Ubuntu Jammy) Importance: Undecided Status: New ** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA and already used in production by customers. + + At this time of writing the number of open issues is 1 in Launchpad and + 16 in GitHub including 6 enhancements. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) [test plan] # Process Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment. The team applied the following quality criteria: * All changes are thoroughly reviewed and approved by core team members before integration. * Each change is thoroughly tested at the unit, integration and system levels. * All the tests pass in all supported architectures. * All bugs fixed in this release must have a link to the pull request that fixes them. * All bug fixes and new features are verified in a system by executing automated or manual tests. Most of these tests are automated and executed in the autopkgtest suite. Tests that are not automated are executed manually. * New and existing features are tested in a real Active Directory environment. * There are no unfixed bugs tagged "blocker" on the milestone. # Packaging QA To prepare the release to 22.04, the following procedures will be completed to ensure quality: * All autopkgtests pass. * The package does not break when upgrading. * The binary is identical to the CI build, with only Debian packaging changes. * The copyrights and changelog are up to date. * An upgrade test from the previous package version has been performed using apt install/upgrade. # Code sanity Code sanity checks are performed automatically on each build. They verify: * Code linting * Go module files are up to date * Generated files are up to date * Any binary in the project builds * Vulnerabilities Example report: https://github.com/ubuntu/adsys/actions/runs/6955264244 Code coverage: * Code coverage is computed on every build and a report generated. * Codecov report: https://app.codecov.io/gh/ubuntu/adsys * Coverage as of today: 90.78% [where problems could occur] For AD users: * ADSys can prevent authentication of AD users if some policies can't be applied or fail to apply properly * Note: The categories of bugs we've identified typically revolve around Active Directory setup or network configuration. Extensive and detailed logging of both SSSD and ADSys aids in resolving these issues promptly. * For local users, no impact will occur. ** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. Version 0.14.1 is available for 22.04 in a PPA and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and - 16 in GitHub including 6 enhancements. + 16 in GitHub including 6 enhancements. None of them have a high or + critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) [test plan] # Process Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment. The team applied the following quality criteria: * All changes are thoroughly reviewed and approved by core team members before integration. * Each change is thoroughly tested at the unit, integration and system levels. * All the tests pass in all supported architectures. * All bugs fixed in this release must have a link to the pull request that fixes them. * All bug fixes and new features are verified in a system by executing automated or manual tests. Most of these tests are automated and executed in the autopkgtest suite. Tests that are not automated are executed manually. * New and existing features are tested in a real Active Directory environment. * There are no unfixed bugs tagged "blocker" on the milestone. # Packaging QA To prepare the release to 22.04, the following procedures will be completed to ensure quality: * All autopkgtests pass. * The package does not break when upgrading. * The binary is identical to the CI build, with only Debian packaging changes. * The copyrights and changelog are up to date. * An upgrade test from the previous package version has been performed using apt install/upgrade. # Code sanity Code sanity checks are performed automatically on each build. They verify: * Code linting * Go module files are up to date * Generated files are up to date * Any binary in the project builds * Vulnerabilities Example report: https://github.com/ubuntu/adsys/actions/runs/6955264244 Code coverage: * Code coverage is computed on every build and a report generated. * Codecov report: https://app.codecov.io/gh/ubuntu/adsys * Coverage as of today: 90.78% [where problems could occur] For AD users: * ADSys can prevent authentication of AD users if some policies can't be applied or fail to apply properly * Note: The categories of bugs we've identified typically revolve around Active Directory setup or network configuration. Extensive and detailed logging of both SSSD and ADSys aids in resolving these issues promptly. * For local users, no impact will occur. ** Description changed: [context] ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules. Given that ADSys directly interfaces with Active Directory and needs to align with new business requirements in LTS releases, it has been essential to keep the package consistently updated with the latest changes of ADSys upstream source. As ADSys is a key component of our commercial offerings, our customers anticipate the availability of recently implemented features in the 22.04 release. Now that ADSys has a complete set of features, the request is to proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note that any new features introduced in subsequent versions will be exclusively available in 24.04 and later releases. This version includes a comprehensive end to end automated test suite that runs ADSys against a real Active directory environment. - Version 0.14.1 is available for 22.04 in a PPA and already used in - production by customers. + Version 0.14.1 is available for 22.04 in a PPA + (https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/adsys) + and already used in production by customers. At this time of writing the number of open issues is 1 in Launchpad and 16 in GitHub including 6 enhancements. None of them have a high or critical importance. [references] LP: https://launchpad.net/ubuntu/+source/adsys LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys GitHub: https://github.com/ubuntu/adsys/ GH Bugs: https://github.com/ubuntu/adsys/issues Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/ Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html [changes] Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog * New features * New policies: - Add mount / network shares policy manager - Add AppArmor policy manager - Support multiple AD backends and implement Winbind support - Add system proxy policy manager - Add certificate policy manager for machines - Add adsysctl policy purge command to purge applied policies - Full documentation - Full end to end automated test suite. * Enhancements * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command * Update scripts manager creation * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos * Rework policy application sync strategy * Print logs when policies are up to date * Update policy definitions to include dconf key for dark mode background * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Update apport hook to include journal errors and package logs * Bug fixes * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf * Ensure empty state for dconf policy * Handle case mismatches in GPT.INI file name * Ensure GPO URLs contain the FQDN of the domain controller * Add runtime dependency on nfs-common * Other * Updates to latest versions of Go (fixing known Go vulnerabilities) * Updates to latest versions of the Go dependencies * Updates and improvements to CI and QoL * Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version Dependencies: * Build-dep: golang-go (>= 2:1.22~) * Dependencies to backport to 22.04: * ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise) * python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise) [test plan] # Process Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment. The team applied the following quality criteria: * All changes are thoroughly reviewed and approved by core team members before integration. * Each change is thoroughly tested at the unit, integration and system levels. * All the tests pass in all supported architectures. * All bugs fixed in this release must have a link to the pull request that fixes them. * All bug fixes and new features are verified in a system by executing automated or manual tests. Most of these tests are automated and executed in the autopkgtest suite. Tests that are not automated are executed manually. * New and existing features are tested in a real Active Directory environment. * There are no unfixed bugs tagged "blocker" on the milestone. # Packaging QA To prepare the release to 22.04, the following procedures will be completed to ensure quality: * All autopkgtests pass. * The package does not break when upgrading. * The binary is identical to the CI build, with only Debian packaging changes. * The copyrights and changelog are up to date. * An upgrade test from the previous package version has been performed using apt install/upgrade. # Code sanity Code sanity checks are performed automatically on each build. They verify: * Code linting * Go module files are up to date * Generated files are up to date * Any binary in the project builds * Vulnerabilities Example report: https://github.com/ubuntu/adsys/actions/runs/6955264244 Code coverage: * Code coverage is computed on every build and a report generated. * Codecov report: https://app.codecov.io/gh/ubuntu/adsys * Coverage as of today: 90.78% [where problems could occur] For AD users: * ADSys can prevent authentication of AD users if some policies can't be applied or fail to apply properly * Note: The categories of bugs we've identified typically revolve around Active Directory setup or network configuration. Extensive and detailed logging of both SSSD and ADSys aids in resolving these issues promptly. * For local users, no impact will occur. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059756 Title: [SRU] adsys 0.14.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
