adsys 0.14.1~22.04 source package in Ubuntu
Changelog
adsys (0.14.1~22.04) jammy; urgency=medium * Backport 0.14.1 to jammy (LP: #2059756) - Build with Go 1.22 - Disable dh_dwz on account of go >= 1.19 compressing symbols itself (fixed in newer dh_golang) - Revert incorrect prerm purge stanza adsys (0.14.1build1) noble; urgency=medium * No-change rebuild for CVE-2024-3094 adsys (0.14.1) noble; urgency=medium * Pin Go toolchain to 1.22.1 to fix the following security vulnerabilities: - GO-2024-2598 - GO-2024-2599 * Update apport hook to include journal errors and package logs * CI and quality of life changes not impacting package functionality: - Enable end-to-end tests in GitHub Actions - Remove stale AD resources on test finish - Add developer documentation for running end-to-end tests - Collect and upload end-to-end test logs on failure - Report test coverage in Cobertura XML format - Silence gosec warnings using nolint and remove deprecated ifshort linter - Use an environment variable to update golden files - Bump github actions to latest: - azure/login - softprops/action-gh-release * Update dependencies to latest: - github.com/charmbracelet/lipgloss - github.com/golangci/golangci-lint - github.com/golang/protobuf - github.com/stretchr/testify - golang.org/x/crypto - golang.org/x/net - google.golang.org/grpc - google.golang.org/protobuf adsys (0.14.0) noble; urgency=medium * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061) - This functionality is opt-in and activated if the detect_cached_ticket setting is set to true - If the AD backend (e.g. sssd) doesn't export the KRB5CCNAME variable, adsys will now determine the path to the default ticket cache and use it during authentication (when adsys is executed through the PAM module) and runs of adsysctl update for the current user. * Allow sssd backend to work without ad_domain being set (LP: #2054445) * Upgrade to Go 1.22 * CI and quality of life changes not impacting package functionality: - Pass token explicitly to Codecov action - Fix require outside of main goroutine - Mark function arguments as unused where applicable Thanks to Edu Gómez Escandell - End to end test VM template creation updates - Bump github actions to latest: - codecov/codecov-action - peter-evans/create-pull-request * Update dependencies to latest: - github.com/charmbracelet/bubbles - github.com/golangci/golangci-lint - golang.org/x/crypto - golang.org/x/net - google.golang.org/grpc adsys (0.13.3) noble; urgency=medium * Fix cert auto-enroll without NDES (LP: #2051363) * Refresh policy definition files (remove Lunar support) * CI and quality of life changes not impacting package functionality: - Bump github actions to latest: - actions/download-artifact - actions/setup-go - actions/upload-artifact * Update dependencies to latest: - github.com/charmbracelet/bubbles - github.com/charmbracelet/bubbletea - github.com/google/uuid - github.com/spf13/viper - golang.org/x/crypto - golang.org/x/net - golang.org/x/sync - golang.org/x/sys - google.golang.org/grpc - google.golang.org/protobuf adsys (0.13.2) noble; urgency=medium [ Denison Barbosa ] [ Didier Roche ] [ Gabriel Nagy ] [ Jean-Baptiste Lallement ] * Ensure GPO URLs contain the FQDN of the domain controller (LP: #2024377) * Add runtime dependency on nfs-common (LP: #2044112) * Documentation changes: - Switch to Read the Docs for project documentation - Generate documentation from policy definitions - Fix installation path of adwatchd * CI and quality of life changes not impacting package functionality: - Bump go version to 1.21.4 - Fix docker stop behavior on integration tests - Add e2e tests provisioning workflow - Reduce the amount of workflows to be run - Remove scopes from dependabot config * Update dependencies to latest: - github.com/charmbracelet/lipgloss - github.com/fatih/color - github.com/fsnotify/fsnotify - github.com/golangci/golangci-lint - github.com/google/uuid - github.com/maruel/natural - github.com/pkg/sftp - github.com/spf13/cobra - github.com/spf13/viper - golang.org/x/crypto - golang.org/x/net - golang.org/x/sync - golang.org/x/sys - golang.org/x/text - google.golang.org/grpc adsys (0.13.1) mantic; urgency=medium [ Denison Barbosa ] [ Didier Roche ] [ Gabriel Nagy ] * Fix pam_adsys build (LP: #2037270) * Switch to upstream gotext version and align go-i18n (LP: #2037271) * Add documentation for certificate policy manager * CI and quality of life changes not impacting package functionality: - Workflow to auto-patch vendored Samba code - Fix typo on build command for the admxgen package - Switch to reusable code quality action in CI - Apply issue template changes - Open issue when ADMX/L builds fail * Update dependencies to latest: - github.com/charmbracelet/lipgloss - github.com/golangci/golangci-lint - github.com/gomarkdown/markdown - golang.org/x/net - golang.org/x/sys - golang.org/x/text - google.golang.org/grpc adsys (0.13.0) mantic; urgency=medium [ Denison Barbosa ] [ Didier Roche ] [ Gabriel Nagy ] * Add certificate policy manager for machines - a new Pro-only policy manager that leverages Samba functionality in order to enroll the machine for certificates from AD Certificate Services * Migrate translation support to native approach using go-i18n + gotext * Update policy definitions to include dconf key for dark mode background * Update dependencies to latest: - github.com/charmbracelet/bubbles - github.com/charmbracelet/bubbletea - github.com/golangci/golangci-lint - github.com/muesli/termenv - github.com/sirupsen/logrus - golang.org/x/net - golang.org/x/sync - golang.org/x/sys - golang.org/x/text - google.golang.org/grpc - google.golang.org/protobuf * CI and quality of life changes not impacting package functionality: - Address a few issues in smbsafe_test.go - Fix typo on build command for the admxgen package - Switch to reusable code quality action in CI - Apply issue template changes - Open issue when ADMX/L builds fail adsys (0.12.0) mantic; urgency=medium [ Denison Barbosa ] [ Didier Roche ] [ Gabriel Nagy ] [ Jean-Baptiste Lallement ] * Release 0.12.0 (LP: #2020682) - Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf - Go implementation for the user mount handler - Remove Rust source code from adsys - Rework Kerberos ticket handling logic: - to satisfy the Heimdal implementation of Kerberos, we now store and use a root-owned copy of the cached ticket - the ticket lifetime is still handled via a symlink, and the copy is kept up to date based on the original ticket timestamp - Ensure empty state for dconf policy - Handle case mismatches in GPT.INI file name - Refactor ListActiveUsers gRPC function - Add adsysctl policy purge command to purge applied policies - Rework policy application sync strategy - Print logs when policies are up to date - Bump Go version to 1.20 - Update dependencies to latest: - github.com/charmbracelet/bubbles - github.com/charmbracelet/bubbletea - github.com/sirupsen/logrus - github.com/spf13/cobra - github.com/stretchr/testify - golang.org/x/net - golang.org/x/sync - golang.org/x/sys - google.golang.org/grpc - CI and quality of life changes not affecting package functionality: - peter-evans/create-pull-request - Apply clang-format to C source files - Remove Rust related code from CI and tests - Improve test consistency - Fix documentation example images adsys (0.11.0) lunar; urgency=medium [ Denison Barbosa ] [ Gabriel Nagy ] * List Pro policy types in service status output * Warn when Pro-only rules are configured * Use systemd via D-Bus instead of systemctl commands * Add placeholder notes for entry types * Add guideline docs to the policy managers * Change Ubuntu Advantage to Ubuntu Pro in docs * Add system proxy policy manager (LP: #2012371) * Update dependencies to latest: - github.com/charmbracelet/lipgloss - github.com/coreos/go-systemd/v22 - github.com/fatih/color - github.com/golangci/golangci-lint - github.com/golang/protobuf - golang.org/x/net - google.golang.org/grpc - google.golang.org/grpc/cmd/protoc-gen-go-grpc - google.golang.org/protobuf * CI and quality of life changes not impacting package functionality: - Bump github actions to latest: - actions/setup-go - Update Rust related auto update jobs - Replace testutils.Setenv with t.Setenv - Set up more tests to run in parallel - Various test refactors and improvements adsys (0.10.1) lunar; urgency=medium [ Denison Barbosa ] [ Jean-Baptiste Lallement ] [ Gabriel Nagy ] [ Didier Roche ] * Fix erroneous non alternative dependency on package krb5-user * Fix a bug in internal/config tests that was causing the autopkgtests to fail * Update internal/config to also trigger a reload when config file is overwritten * Update dependencies to latest: - github.com/golangci/golangci-lint - github.com/stretchr/testify * CI and quality of life changes not impacting package functionality: - Bump github actions to latest: - peter-evans/create-pull-request - actions/download-artifact - Addressing some linter issues pointed out by new golangci-lint version adsys (0.10.0) lunar; urgency=medium [ Denison Barbosa ] [ Jean-Baptiste Lallement ] [ Gabriel Nagy ] [ Didier Roche ] * Add mount / network shares policy manager - this is an Ubuntu Pro feature that allows mounting network shares at a user or machine level - supported mount types: smb, nfs, and ftp (after installing curlftpfs) - supported authentication: anonymous (default), krb5 - user mounts are handled at login by a Rust binary now shipped with adsys Thanks to schopin for the packaging guidance and contributions - computer mounts are handled by systemd mount units requiring root privileges * Add AppArmor policy manager - this is an Ubuntu Pro feature that allows enforcing application confinement at a user or machine level using AppArmor - user policies rely on the libpam-apparmor package which must be installed manually * Support multiple AD backends and implement Winbind support - sssd is still the default backend, but winbind can be opted into through the adsys.yaml configuration file * Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine * Expose Ubuntu Pro status in the "status" command - status is now fetched dynamically instead of relying on a possibly outdated state when updating policies * Update scripts manager creation - scripts manager now creates both an users and machine directory on initialization * Fix policy update failing when GPT.INI contains no version key * Fix object lookup for users having a FQDN as their hostname * Support special characters in domains when parsing sssd configuration * Reduce dependencies by excluding CI tools from go.mod - tooling-related packages are now vendored in a separate go.mod file, allowing for a smaller source package * Replace gopkg.in/yaml.v2 with gopkg.in/yaml.v3 Thanks to Juneezee for the contribution * Clean-up packaging scripts related to the user mount handler Thanks to liushuyu for the contribution * CI and quality of life changes not impacting package functionality: - Add golden functionality to testutils - Switch to new fsnotify event check syntax - Move adsysgpotests to golden generated by testutils - Fix test helper permission when making directory RO - Rework skipping integration tests - Compare golden tree executable permissions - Allow running mount_handler tests as part of go test - Fix python coverage in integration tests - Factorize some coverage testutils functions - Refactor tracking and generating coverage files - Implement session dbus mock - Stabilize integration test coverage - Fix set-output GitHub Actions deprecation warning - Reuse our utility function for comparing trees - Install missing packages for auto-updates workflow - Update d/copyright to account for the new Rust dependencies - Fix FTBFS on Launchpad introduced by the latest unreleased work - Standardize on test case naming and use the previously added testutils functions for golden file comparison * Update dependencies to latest: - github.com/charmbracelet/bubbles - github.com/charmbracelet/bubbletea - github.com/charmbracelet/glamour - github.com/charmbracelet/lipgloss - github.com/fatih/color - github.com/fsnotify/fsnotify - github.com/golangci/golangci-lint - github.com/kardianos/service - github.com/muesli/termenv - github.com/spf13/cobra - github.com/spf13/viper - github.com/stretchr/testify - golang.org/x/net - golang.org/x/sys - golang.org/x/text - google.golang.org/grpc - gopkg.in/ini.v1 adsys (0.9.2) kinetic; urgency=medium * Update generators to fix FTBFS - shell out to mkdir instead of go's os.Mkdir which can bypass fakeroot's filesystem hijacking and cause unexpected behavior * Update dependencies to latest: - github.com/golangci/golangci-lint - google.golang.org/protobuf -- Gabriel Nagy <email address hidden> Wed, 26 Jun 2024 12:34:21 +0300
Upload details
- Uploaded by:
- Gabriel Nagy
- Sponsored by:
- Didier Roche-Tolomelli
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Jammy | proposed | main | admin |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| adsys_0.14.1~22.04.tar.xz | 6.8 MiB | d84033929f9d651096b8676740f553d4b9b1e0075e1520edc315c9e8e36a2ddd |
| adsys_0.14.1~22.04.dsc | 1.5 KiB | e96105f36ce390cee012aede12f835eb1131b6bd677d0c40306cf6b004e875a8 |
Available diffs
- diff from 0.9.2~22.04.2 to 0.14.1~22.04 (5.3 MiB)
Binary packages built by this source
- adsys: AD SYStem integration
ADSys is an AD SYStem tool to integrate GPOs with a linux system.
It allows one to handle machine and users GPOs, mapping them to dconf keys,
apparmor rules, mounts, proxy settings, certificate autoenrollment and running
scripts at different points in time.
- adsys-dbgsym: debug symbols for adsys
- adsys-windows: AD SYStem integration
ADSys is an AD SYStem tool to integrate GPOs with a linux system.
It allows one to handle machine and users GPOs, mapping them to dconf keys,
apparmor rules, mounts, proxy settings, certificate autoenrollment and running
scripts at different points in time.
.
This package contains all the assets and binaries to install
on the Active Directory Windows server.
The binaries are Windows executables.
