Release adsys 0.12.0

Bug #2020682 reported by Denison Barbosa
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
adsys (Ubuntu)
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned
Lunar
Won't Fix
Undecided
Unassigned

Bug Description

This bug is not being verified individually because of the use of the SRU exception process (LP: #2059756)

-----

ADSys is part of the enterprise desktop offerings and customers are requesting the new version to be released for 22.04 LTS.

[Impact]

* ADSys depends on Go 1.20, so the golang-1.20 package must be backported to 22.04 as well.
* The new version has some features that are heavily requested by enterprise customers running the LTS.

[Test Plan]

 1. Configure your machine with AD, with a correctly configured SSSD and KRB5. AD user should be able to log in (https://github.com/ubuntu/adsys/wiki/2.-Prerequisites);
 2. Install admx and adml files on your AD controller (https://github.com/ubuntu/adsys/wiki/3.-AD-Setup);
 3. Configure some Group Policies in the AD server (https://github.com/ubuntu/adsys/wiki/4.-Using-GPO);
 4. Install ADSys, reboot the machine and login in as an AD user;
 5. Ensure that the configuration done in the AD server is reflected on the Ubuntu machine;

[Where problems could occur]

* ADSys can prevent authentication of AD users if some policies can't be applied;
* For local users, no impact will occur;

CVE References

description: updated
summary: - [SRU] Release new adsys version to Jammy
+ Release adsys 0.12.0
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package adsys - 0.12.0

---------------
adsys (0.12.0) mantic; urgency=medium

  [ Denison Barbosa ]
  [ Didier Roche ]
  [ Gabriel Nagy ]
  [ Jean-Baptiste Lallement ]
  * Release 0.12.0 (LP: #2020682)
    - Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf
    - Go implementation for the user mount handler
    - Remove Rust source code from adsys
    - Rework Kerberos ticket handling logic:
      - to satisfy the Heimdal implementation of Kerberos, we now store and use
        a root-owned copy of the cached ticket
      - the ticket lifetime is still handled via a symlink, and the copy is
        kept up to date based on the original ticket timestamp
    - Ensure empty state for dconf policy
    - Handle case mismatches in GPT.INI file name
    - Refactor ListActiveUsers gRPC function
    - Add adsysctl policy purge command to purge applied policies
    - Rework policy application sync strategy
    - Print logs when policies are up to date
    - Bump Go version to 1.20
    - Update dependencies to latest:
      - github.com/charmbracelet/bubbles
      - github.com/charmbracelet/bubbletea
      - github.com/sirupsen/logrus
      - github.com/spf13/cobra
      - github.com/stretchr/testify
      - golang.org/x/net
      - golang.org/x/sync
      - golang.org/x/sys
      - google.golang.org/grpc
    - CI and quality of life changes not affecting package functionality:
      - peter-evans/create-pull-request
      - Apply clang-format to C source files
      - Remove Rust related code from CI and tests
      - Improve test consistency
      - Fix documentation example images

 -- Denison Barbosa <email address hidden> Fri, 26 May 2023 07:11:55 -0400

Changed in adsys (Ubuntu):
status: New → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Please see https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2012371 - please address the concerns written there before we proceed with this SRU.

Changed in adsys (Ubuntu Jammy):
status: New → Incomplete
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Also, since I don't know the adsys codebase, how does the automated testing story for it look like? Does it have a thorough test suite? Autopkgtests?

Revision history for this message
Denison Barbosa (justdenis) wrote :

Hey, @sil2100! ubuntu-proxy-manager is just a suggested package and its absence does not impact adsys functionality. We will address the dependency later but do not want to block the release of adsys on this package.

Our whole test suite is automated through GitHub actions, which can be found at: https://github.com/ubuntu/adsys/blob/main/.github/workflows/qa.yaml. Every Go package developed by us is tested and we also have integration tests for the whole adsys package, with 86% source coverage, as shown on https://app.codecov.io/gh/ubuntu/adsys.

Revision history for this message
Chris Halse Rogers (raof) wrote :

I see that we've done this sort of wholesale backport once before, but this doesn't seem like it falls under the "other safe cases" part of the SRU criteria: https://wiki.ubuntu.com/StableReleaseUpdates#Other_safe_cases

It seems like this should have a more formal process? I don't see any special case documentation on the wiki, nor can I find it discussed on ubuntu-release.

Revision history for this message
Chris Halse Rogers (raof) wrote :
Revision history for this message
Brian Murray (brian-murray) wrote :

Ubuntu 23.04 (Lunar Lobster) has reached end of life, so this bug will not be fixed for that specific release.

Changed in adsys (Ubuntu Lunar):
status: New → Won't Fix
Gabriel Nagy (gabuscus)
description: updated
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello Denison, or anyone else affected,

Accepted adsys into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/adsys/0.14.1~22.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in adsys (Ubuntu Jammy):
status: Incomplete → Fix Committed
tags: added: verification-needed verification-needed-jammy
Gabriel Nagy (gabuscus)
tags: added: verification-done verification-done-jammy
removed: verification-needed verification-needed-jammy
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (13.7 KiB)

This bug was fixed in the package adsys - 0.14.1~22.04

---------------
adsys (0.14.1~22.04) jammy; urgency=medium

  * Backport 0.14.1 to jammy (LP: #2059756)
    - Build with Go 1.22
    - Disable dh_dwz on account of go >= 1.19 compressing symbols itself
      (fixed in newer dh_golang)
    - Revert incorrect prerm purge stanza

adsys (0.14.1build1) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

adsys (0.14.1) noble; urgency=medium

  * Pin Go toolchain to 1.22.1 to fix the following security vulnerabilities:
    - GO-2024-2598
    - GO-2024-2599
  * Update apport hook to include journal errors and package logs
  * CI and quality of life changes not impacting package functionality:
    - Enable end-to-end tests in GitHub Actions
    - Remove stale AD resources on test finish
    - Add developer documentation for running end-to-end tests
    - Collect and upload end-to-end test logs on failure
    - Report test coverage in Cobertura XML format
    - Silence gosec warnings using nolint and remove deprecated ifshort linter
    - Use an environment variable to update golden files
    - Bump github actions to latest:
      - azure/login
      - softprops/action-gh-release
  * Update dependencies to latest:
    - github.com/charmbracelet/lipgloss
    - github.com/golangci/golangci-lint
    - github.com/golang/protobuf
    - github.com/stretchr/testify
    - golang.org/x/crypto
    - golang.org/x/net
    - google.golang.org/grpc
    - google.golang.org/protobuf

adsys (0.14.0) noble; urgency=medium

  * Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061)
    - This functionality is opt-in and activated if the detect_cached_ticket
      setting is set to true
    - If the AD backend (e.g. sssd) doesn't export the KRB5CCNAME variable, adsys
      will now determine the path to the default ticket cache and use it during
      authentication (when adsys is executed through the PAM module) and runs of
      adsysctl update for the current user.
  * Allow sssd backend to work without ad_domain being set (LP: #2054445)
  * Upgrade to Go 1.22
  * CI and quality of life changes not impacting package functionality:
    - Pass token explicitly to Codecov action
    - Fix require outside of main goroutine
    - Mark function arguments as unused where applicable
      Thanks to Edu Gómez Escandell
    - End to end test VM template creation updates
    - Bump github actions to latest:
      - codecov/codecov-action
      - peter-evans/create-pull-request
  * Update dependencies to latest:
    - github.com/charmbracelet/bubbles
    - github.com/golangci/golangci-lint
    - golang.org/x/crypto
    - golang.org/x/net
    - google.golang.org/grpc

adsys (0.13.3) noble; urgency=medium

  * Fix cert auto-enroll without NDES (LP: #2051363)
  * Refresh policy definition files (remove Lunar support)
  * CI and quality of life changes not impacting package functionality:
    - Bump github actions to latest:
      - actions/download-artifact
      - actions/setup-go
      - actions/upload-artifact
  * Update dependencies to latest:
    - github.com/charmbracelet/bubbles
    - github.com/charmbracelet/bubbletea
    - github.com/google/uuid
    -...

Changed in adsys (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for adsys has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.