[Bug 2059756] Re: [SRU] adsys 0.14.1
Łukasz Zemczak
2059756 at bugs.launchpad.net
Mon Jun 3 09:30:26 UTC 2024
Hello Jean-Baptiste, or anyone else affected,
Accepted golang-1.22 into mantic-proposed. The package will build now
and be available at
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.2-2~23.10 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed. Your feedback will aid us getting this
update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
mantic to verification-done-mantic. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-mantic. In either case, without details of your testing we will
not be able to proceed.
Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance for helping!
N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.
** Changed in: golang-1.22 (Ubuntu Mantic)
Status: Confirmed => Fix Committed
** Tags added: verification-needed verification-needed-mantic
** Changed in: adsys (Ubuntu Mantic)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2059756
Title:
[SRU] adsys 0.14.1
Status in adsys package in Ubuntu:
Fix Released
Status in golang-1.22 package in Ubuntu:
Fix Released
Status in adsys source package in Jammy:
Confirmed
Status in golang-1.22 source package in Jammy:
Confirmed
Status in adsys source package in Mantic:
Fix Committed
Status in golang-1.22 source package in Mantic:
Fix Committed
Bug description:
[context]
ADSys is a tool designed for administering and implementing Group Policy Objects (GPOs) from Active Directory on Linux systems. It includes a suite of services and commands that empower administrators to efficiently manage policy updates and maintain compliance with organizational business rules.
Given that ADSys directly interfaces with Active Directory and needs
to align with new business requirements in LTS releases, it has been
essential to keep the package consistently updated with the latest
changes of ADSys upstream source. As ADSys is a key component of our
commercial offerings, our customers anticipate the availability of
recently implemented features in the 22.04 release.
Now that ADSys has a complete set of features, the request is to
proceed with a one-off release of ADSys 0.14.1 to 22.04. Please note
that any new features introduced in subsequent versions will be
exclusively available in 24.04 and later releases.
This version includes a comprehensive end to end automated test suite
that runs ADSys against a real Active directory environment.
Version 0.14.1 is available for 22.04 in a PPA
(https://launchpad.net/~ubuntu-enterprise-
desktop/+archive/ubuntu/adsys) and already used in production by
customers.
At this time of writing the number of open issues is 1 in Launchpad
and 16 in GitHub including 6 enhancements. None of them have a high or
critical importance.
[references]
LP: https://launchpad.net/ubuntu/+source/adsys
LP Bugs: https://bugs.launchpad.net/ubuntu/+source/adsys
GitHub: https://github.com/ubuntu/adsys/
GH Bugs: https://github.com/ubuntu/adsys/issues
Documentation: https://canonical-adsys.readthedocs-hosted.com/en/stable/
Initial SRU discussion: https://lists.ubuntu.com/archives/ubuntu-release/2023-June/005650.html
[changes]
Full LP Changelog: https://launchpad.net/ubuntu/+source/adsys/+changelog
* New features
* New policies:
- Add mount / network shares policy manager
- Add AppArmor policy manager
- Support multiple AD backends and implement Winbind support
- Add system proxy policy manager
- Add certificate policy manager for machines
- Add adsysctl policy purge command to purge applied policies
- Full documentation
- Full end to end automated test suite.
* Enhancements
* Add a --machine / -m flag to adsysctl applied, indicating the policies applied to the current machine
* Expose Ubuntu Pro status in the "status" command
* Update scripts manager creation
* List Pro policy types in service status output
* Warn when Pro-only rules are configured
* Use systemd via D-Bus instead of systemctl commands
* Add placeholder notes for entry types
* Rework Kerberos ticket handling logic to satisfy the Heimdal implementation of Kerberos
* Rework policy application sync strategy
* Print logs when policies are up to date
* Update policy definitions to include dconf key for dark mode background
* Infer user KRB5CCNAME path via the libkrb5 API (LP: #2049061)
* Allow sssd backend to work without ad_domain being set (LP: #2054445)
* Update apport hook to include journal errors and package logs
* Bug fixes
* Fix policy update failing when GPT.INI contains no version key
* Fix object lookup for users having a FQDN as their hostname
* Support special characters in domains when parsing sssd configuration
* Fix DCONF_PROFILE not considering default_domain_suffix on sssd.conf
* Ensure empty state for dconf policy
* Handle case mismatches in GPT.INI file name
* Ensure GPO URLs contain the FQDN of the domain controller
* Add runtime dependency on nfs-common
* Other
* Updates to latest versions of Go (fixing known Go vulnerabilities)
* Updates to latest versions of the Go dependencies
* Updates and improvements to CI and QoL
* Migrate translation support to native approach using go-i18n + gotext and switch to upstream gotext version
Dependencies:
* Build-dep: golang-go (>= 2:1.22~)
* Dependencies to backport to 22.04:
* golang-go >= 2:1.22
* ubuntu-proxy-manager (suggest. Required for Proxy support - feature will be disabled otherwise)
* python3-cepces (suggest. Required for Certificates autoenrollment support - feature will be disabled otherwise)
* Note: Both are currently in the new queue of 22.04 : https://launchpad.net/ubuntu/jammy/+queue?queue_state=0&queue_text=
[test plan]
# Process
Adsys follows a robust continuous integration and testing process. It is covered by a comprehensive automated tests suite (https://github.com/ubuntu/adsys/actions/workflows/qa.yaml) and an automated end to end test suite that runs in a real active directory environment (https://github.com/ubuntu/adsys/actions/workflows/e2e-tests.yaml).
The team applied the following quality criteria:
* All changes are thoroughly reviewed and approved by core team members before integration.
* Each change is thoroughly tested at the unit, integration and system levels.
* All the tests pass in all supported architectures.
* All bugs fixed in this release must have a link to the pull request that fixes them.
* All bug fixes and new features are verified in a system by executing automated or manual tests. Most of these tests are automated and executed in the autopkgtest suite. Tests that are not automated are executed manually.
* New and existing features are tested in a real Active Directory environment.
* There are no unfixed bugs tagged "blocker" on the milestone.
# Packaging QA
To prepare the release to 22.04, the following procedures will be completed to ensure quality:
* All autopkgtests pass.
* The package does not break when upgrading.
* The binary is identical to the CI build, with only Debian packaging changes.
* The copyrights and changelog are up to date.
* An upgrade test from the previous package version has been performed using apt install/upgrade.
# Code sanity
Code sanity checks are performed automatically on each build. They verify:
* Code linting
* Go module files are up to date
* Generated files are up to date
* Any binary in the project builds
* Vulnerabilities
Example report: https://github.com/ubuntu/adsys/actions/runs/6955264244
# Code coverage
* Code coverage is computed on every build and a report generated.
* Codecov report: https://app.codecov.io/gh/ubuntu/adsys
* Coverage as of today: 90.78%
# Manual tests
1. Configure your machine with AD, with a correctly configured SSSD and KRB5. AD user should be able to log in (https://canonical-adsys.readthedocs-hosted.com/en/latest/how-to/set-up-adsys/)
2. Install admx and adml files on your AD controller (https://canonical-adsys.readthedocs-hosted.com/en/latest/how-to/set-up-ad/)
3. Configure some Group Policies in the AD server (https://canonical-adsys.readthedocs-hosted.com/en/latest/how-to/use-gpo/)
4. Install ADSys, reboot the machine and login in as an AD user.
5. Ensure that the configuration done in the AD server is reflected on the Ubuntu machine.
[where problems could occur]
For AD users:
* ADSys can prevent authentication of AD users if some policies can't be applied or fail to apply properly
* Note: The categories of bugs we've identified typically revolve around Active Directory setup or network configuration. Extensive and detailed logging of both SSSD and ADSys aids in resolving these issues promptly.
* For local users, no impact will occur.
Notes:
* Recommends python-cepces and python-requests-gssapi are referenced in https://bugs.launchpad.net/ubuntu/+source/python-cepces/+bug/2048514
* The other recommends ubuntu-proxy-manager is referenced in https://bugs.launchpad.net/ubuntu/+source/ubuntu-proxy-manager/+bug/2048232
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2059756/+subscriptions
More information about the Ubuntu-sponsors
mailing list