adsys (0.8.4) jammy; urgency=medium

  * Sync refresh timer with Windows
  * Some lint fixes due to Go 1.18
  * Fix image reference in documentation

 -- Didier Roche <didrocks@ubuntu.com>  Wed, 06 Apr 2022 15:37:58 +0200

adsys (0.8.3) jammy; urgency=medium

  [ Jean-Baptiste Lallement ]
  [ Didier Roche ]
  * Use ua attached instead of a specific ua feature to gate optional
    features.
  * Added and updated documentation for privilege escalation and scripts
    support.
  * New linter version trigger fix.
  * Dependencies update for latest bug fixes:
    - github.com/golangci/golangci-lint
    - github.com/spf13/cobra-1.4.0
    - github.com/stretchr/testify-1.7.1
    - google.golang.org/protobuf-1.28.0
    - google.golang.org/grpc-1.45.0

 -- Didier Roche <didrocks@ubuntu.com>  Wed, 23 Mar 2022 13:39:27 +0100

adsys (0.8.2) jammy; urgency=medium

  * Fix flaky "pick up config changes" tests on armhf and arm64

 -- Didier Roche <didrocks@ubuntu.com>  Thu, 10 Mar 2022 11:00:27 +0100

adsys (0.8.1) jammy; urgency=medium

  * Change chown logic on script directory and parents to avoid potential
    vulnerability. (LP: #1961458)
  * Separate readiness from session running to avoid unrefreshed user script
    directories after a logout without any new logins.
  * pam_adsys: Fix memory leak and identation. (LP: #1961459)
  * Adapt to newer samba, while keeping backward compatilibity for CI.
    Thanks Michael. (LP: #1962170)
  * Try to stabilize configuration detection change test by calling sync() to
    sync FHS to disk, and then, hoping we get the inotify update. Seems to fix
    flakyness on armhf. (LP: #1962510)
  * Enforce closing stderr on ppcel64 in tests with new samba to avoid hangs
    in race.
  * Fix linting issues discovered by new golangci-lint.
  * Misc syntax polish.
  * Dependencies update:
    - github.com/godbus/dbus/v5
    - github.com/golangci/golangci-lint
    - gopkg.in/ini.v1

 -- Didier Roche <didrocks@ubuntu.com>  Tue, 08 Mar 2022 09:49:08 +0100

adsys (0.8) jammy; urgency=medium

  [ Jean-Baptiste Lallement ]
  [ Didier Roche ]
  * Add new types of GPOs support, with ubuntu advantage subscription
    integration. Recommends ubuntu-advantage-desktop-daemon.
  * Privilege escalation: support for privilege escalation and gives
    administrator access to users and groups registered in Active Directory.
    The administrator can also prevent any kind of local administrator on
    the machine.
  * Scripts integration: support for scripts in GPO when the computer boots and
    shuts down, and when the user logs on or off.
    - The computer scripts are ran as root, on startup (or first AD user login
      if we couldn’t fetch GPOs and had no cache)
    - The user scripts are ran with systemd user session, as the user.
    - A transactional state is handled: New versions of scripts or list of
      scripts are only updated when a given session is not opened.
      Said differently, the shutdown scripts for the machine will be the ones
      downloaded and enabled when the start scripts were ran.
      Similarly, the user logoff scripts will be the ones corresponding to
      the time when the log on scripts were executed.
    - Any failing scripts won’t stop the boot or log on. Similarly to Windows
      script support, this is not a security feature.
  * Support downloading assets from the Active Directory server. Those assets
    are located in the <Distribution> named directory at SYSVOL root.
    Those needs a GPT.INI, similarly to GPO, to control cache update.
  * Internal changes on how policies and cached are handled. Those changes are
    needed to enhance the model of caching with assets, while keeping
    a transactional behaviour.
  * Many new tests covering all the new and existing changes.
  * General cleanups:
    - More debugging and info messages.
    - In templates, policies define personalized notes and descriptions.
      Those are now used to generate the description of the policy.
    - Modernize, fix bugs and workarounds now that we are on at min Go 1.16,
      and prepare for 1.17 and new vendored dependencies versions.
    - Add more linting support and fix discovered issues.
    - Rewrite integration tests containers mimicking system services in python
      for better reliability and support via dbus-mock. Upgraded to a newer
      version.
    - Adapt to new GitHub infrastructure changes with new container repository,
      and change workflows adjustements by new linting rules.
    - Discare deprecated dconf keys for those releases.
  * Updated vendored go dependencies:
    - bluemonday
    - cobra
    - color
    - glamour
    - go-dbus
    - golangci-lint
    - grpc
    - ini
    - viper

 -- Didier Roche <didrocks@ubuntu.com>  Mon, 07 Feb 2022 09:37:45 +0100

adsys (0.7.1) impish; urgency=medium

  * Fix user login name when being prefixed by domain (domain\user) or using
    default domain suffix.
  * Relax commands to always normalize to user@domain even if a previous form
    of entry is given
  * Fix pam module to always be loaded for those.
  * All users and machine update should not provide a target
  * Relax rule for hostname length when > 15 characters. Try first real name
    in AD and then fallback to 15 for NETBIOS compatibility if AD is configured
    in such a way.
  * Pull sss connection state dynamically, to switch between online and offline
    mode.
  * Misc smaller fixes in namings and entry permissive mode.
  * Add and adapt unit and integration tests for all the above, including
    docker test container.
  * Fixes for incoming Golang 1.17 tests Name() behaviour change
  * Make some integration tests more stable
  * Refresh policy definition file
  * Update vendored dependency via DEPENDABOT:
    - github.com/fsnotify/fsnotify
    - github.com/godbus/dbus
    - golang.org/x/text
    - google.golang.org/grpc
    - gopkg.in/ini.v1
    - honnef.co/go/tools
  * CI:
    - switch back to hirsute for QA code check, as impish docker images have
      a broken libc.
  * Packaging fixes:
    - Ensure we always build with PIE
    - Fix autopkgtests by not running them as root
    - Ship NOTICE from a vendor dependency as being Apache2 licensed
    - Modernize gbp.conf

 -- Didier Roche <didrocks@ubuntu.com>  Wed, 15 Sep 2021 10:30:27 +0200

adsys (0.7) impish; urgency=medium

  [ Jean-Baptiste Lallement ]
  [ Didier Roche ]
  * Depends on sssd offline status to try fetching the GPOs
    - request to sssd in what status we are in
    - if we are online, do the samba/ldap requests as we used to do, but
      with a contextual timeout.
  * Allow empty ad_server in sssd.conf.
  * Fix dependencies between service and relax adsys-boot retrials.
  * Pam to request machine update if no machine cache is available.a
  * Print N/A when no Active Server was found.
  * Refresh policy definition files
  * Updates to latest release of viper, cobra, protobuf, grpc.
  * Use cobra 2.0 completion.
  * Adapt and add new tests to previous changes
  * Reenable LTO optimization.

 -- Didier Roche <didrocks@ubuntu.com>  Mon, 19 Jul 2021 13:01:07 +0200

adsys (0.6) impish; urgency=medium

  [ Jean-Baptiste Lallement ]
  [ Didier Roche ]
  * Add a new status command, returning current user connected, mode, last
    refresh time and applied configuration
  * Add a new doc command, which allows listing the documentation or write a
    specific chapter on the terminal or disk.
  * Add a new debus hidden (system) command, which allows dumping
    adsys-gpolist and (in the future) various multiple debugging tools for a
    specific AD setup
  * Advance CI completion for users, machines and other contextual strings
    (requesting the service for available valid items, based on context).
  * Hook up CI to update online documentation (on github) and local offline
    one in two ways (updating the local doc will update the online one and
    vice-versa)
  * Write the whole documentation for setting up and using adsys
  * Refactor configuration handling and const location
  * Only start machine GPO download on boot (blocking) if we have AD configured
  * Fix pam integration by setting correct linker property
  * Fallback to sssd discovery active AD server
  * Fix GDM dconf keys to use for screen customization
  * New adsysservice to properly shutdown authorizer and move service dbus
    handling
  * Integrate gosec to CI and multiple fixes
  * Serialize adsys-gpolist and admx/adml in binary
  * Misc fixes in listing Active Directory GPO, multiple error cases
    graceful handling and fix some Windows requirements like spec names.
  * Small fixes and error message reformulation
  * Update all dependencies to latest version and hook up Dependabot in CI
  * Multiple CI enhancements
  * Fix for admx generation, allowing pointing at keys not present in a
    release if filtered out
  * Tighten build and package depdencies.
  * Tests:
    - add more configuration for integration tests
    - fix protobuf namespace conflicts
    - multiple refactoring
    - ensure local dbus are properly shutdown
    - fix some racy tests but being more relax on times
    - allow coverage for python code and subprocesses
    - add many new tests, including integration tests
    - replace wharthogs.biz domain by example.com. Thanks Paul Mars

 -- Didier Roche <didrocks@ubuntu.com>  Mon, 21 Jun 2021 14:16:16 +0200

adsys (0.5) hirsute; urgency=medium

  [ Jean-Baptiste Lallement ]
  [ Didier Roche ]
  * Add integration tests to cover (all but policy update command):
    - command line parsing and handling
    - interaction between daemon and client
  * Add tests and coverage support for python embedded code to interact with
    samba (ldap AD connection).
  * Create a samba mock to test adsys-gpolist.
  * Add a container to control and tests polkitd with our uninstalled,
    current version in branch .policy file on its own couple of system dbus.
  * Abstract many test helpers in their own function to be more reusable.
  * Code cleanup (races, shutdown handling and other fixes) detected
    via the new tests.
  * CI coverage integration.
  * Various CI fixes on tagged version.

 -- Didier Roche <didrocks@ubuntu.com>  Fri, 16 Apr 2021 09:53:07 +0200

adsys (0.4) hirsute; urgency=medium

  [ Jean-Baptiste Lallement ]
  [ Didier Roche ]
  * Disable LTO to fix FTBFS
  * Fix Version test on released package
  * Fix timeout idler race
  * Add tests for logstreamer
  * Misc cleanups

 -- Didier Roche <didrocks@ubuntu.com>  Thu, 01 Apr 2021 10:23:52 +0200

adsys (0.3) hirsute; urgency=medium

  [ Jean-Baptiste Lallement ]
  [ Didier Roche ]
  * Fix namespace in admx files to avoid conflict with Windows one.
  * Special case GDM user as a machine to support login screen configuration
    in both admx and policy daemon side.
  * CI fixes and additions for admx generation and tests. Enable devel (hirsute) series.
  * Multiple gosec fixes.
  * Add missing samba dependencies to packaging
  * Graceful stop handling fixes.
  * Lot of new tests
  * Multiple fixes/races discovered by tests

 -- Didier Roche <didrocks@ubuntu.com>  Thu, 25 Mar 2021 10:58:58 +0100

adsys (0.2) hirsute; urgency=medium

  [ Jean-Baptiste Lallement ]
  [ Didier Roche ]
  * Fix FTBFS due to race:
    - workaround amd64 mkdirall while creating directory for pam module
      integration
    - fix sigchild flag capture, including additional flags on non amd64,
      before restoring them after each samba call to workaround libsamba
      signals override.
  * Fix utf-16 and memory management when .pol windows file are more than 4106
    size long (-8 header bytes > 4096).
  * Fix GPO list order when a policy is enforced
  * Embed GPO list python helper inside the go binary
  * Fix emptying a GPO after setting value doesn’t reset the applied policy
  * Fix multi-lines support while dumping applied policies
  * Internal: rename "default" dconf metadata to "empty" for clarity

 -- Didier Roche <didrocks@ubuntu.com>  Thu, 25 Feb 2021 10:11:13 +0100

adsys (0.1) hirsute; urgency=medium

  * Initial release

 -- Didier Roche <didrocks@ubuntu.com>  Fri, 08 Jan 2021 16:35:16 +0100
