Merge branch 'main' into user-disable

ubuntu · Feb 10, 2025 · e6410f4 · e6410f4
2 parents fed3921 + b0c5187
commit e6410f4
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 21 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/debian/control b/debian/control
@@ -23,7 +23,7 @@ Build-Depends: debhelper-compat (= 13),
                protobuf-compiler,
 Standards-Version: 4.6.2
 XS-Go-Import-Path: github.com/ubuntu/authd
-XS-Vendored-Sources-Rust: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
+XS-Vendored-Sources-Rust: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
 Homepage: https://github.com/ubuntu/authd
 Vcs-Browser: https://github.com/ubuntu/authd
 Vcs-Git: https://github.com/ubuntu/authd.git

diff --git a/docs/conf.py b/docs/conf.py
@@ -210,7 +210,7 @@
 # NOTE: By default, the following MyST extensions are enabled:
 #       substitution, deflist, linkify
 
-# myst_enable_extensions = set()
+myst_enable_extensions = set({"colon_fence"})
 
 
 # Auto-generate header anchors

diff --git a/docs/howto/install-authd.md b/docs/howto/install-authd.md
@@ -1,36 +1,60 @@
 # Installation
 
 This project consists of two components:
-* authd: The authentication daemon responsible for managing access to the authentication mechanism.
-* an identity broker: The services that handle the interface with an identity provider. There can be several identity brokers installed and enabled on the system.
+* **authd**: The authentication daemon responsible for managing access to the authentication mechanism.
+* **identity broker**: The services that handle the interface with an identity provider. There can be several identity brokers installed and enabled on the system.
 
-authd is delivered as a Debian package.
+authd is delivered as a Debian package for Ubuntu Desktop and Ubuntu Server.
 
 ## System requirements
 
 * Distribution: Ubuntu Desktop 24.04 LTS or Ubuntu Server 24.04 LTS
 * Architectures: amd64, arm64
 
+## Install authd
 
-```{note}
-While this project is in active development, a version for Ubuntu 24.04 is available from the [authd testing PPA](https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/authd). <br />
+You can install authd from the [stable PPA](https://launchpad.net/~ubuntu-enterprise-desktop/+archive/ubuntu/authd).
 
-You can add this PPA to your system's software sources with the following commands:
+To add this PPA to your system's software sources, run the following commands:
 
 ```shell
 sudo add-apt-repository ppa:ubuntu-enterprise-desktop/authd
 sudo apt update
 ```
 
-Install the following Debian packages (note that `gnome-shell` and `yaru-theme*` are only required for desktop integration, server installations may ignore them):
+```{note}
+The stable PPA release of authd can be used today as an authentication service.
+This project is under active development and the release of authd to the
+official archive is planned for Ubuntu 26.04 LTS.
+```
+
+Then install authd and any additional Debian packages needed for your system of
+choice:
+
+:::::{tab-set}
+:sync-group: system
+
+::::{tab-item} Ubuntu Desktop
+:sync: desktop
 
 ```shell
 sudo apt install authd gnome-shell yaru-theme-gnome-shell
 ```
+::::
+
+::::{tab-item} Ubuntu Server
+:sync: server
+
+```shell
+sudo apt install authd
+```
+::::
+:::::
 
 ## Install brokers
 
-The brokers are provided as Snap packages and available from the Snap Store.
+The brokers are provided as Snap packages and are available from the Snap
+Store.
 
 ### MS Entra ID broker
 
@@ -40,7 +64,8 @@ To install the MS Entra ID broker, run the following command:
 sudo snap install authd-msentraid
 ```
 
-At this stage, you have installed the main service and an identity broker to authenticate against Microsoft Entra ID.
+At this stage, you have installed the main service and an identity broker to
+authenticate against Microsoft Entra ID.
 
 ### Google IAM broker
 
@@ -50,4 +75,5 @@ To install the Google IAM broker, run the following command:
 sudo snap install authd-google
 ```
 
-At this stage, you have installed the main service and an identity broker to authenticate against Google IAM.
+At this stage, you have installed the main service and an identity broker to
+authenticate against Google IAM.
diff --git a/go.mod b/go.mod
@@ -2,7 +2,7 @@ module github.com/ubuntu/authd
 
 go 1.23.0
 
-toolchain go1.23.5
+toolchain go1.23.6
 
 require (
 	github.com/charmbracelet/bubbles v0.20.0

diff --git a/internal/users/manager.go b/internal/users/manager.go
@@ -366,9 +366,8 @@ func (m *Manager) UserByID(uid uint32) (types.UserEntry, error) {
 
 // AllUsers returns all users.
 func (m *Manager) AllUsers() ([]types.UserEntry, error) {
-	// TODO: I'm not sure if we should return temporary users here. On the one hand, they are usually not interesting to
-	// the user and would clutter the output of `getent passwd`. On the other hand, it might be surprising that some
-	// users are not returned by `getent passwd` and some apps might rely on all users being returned.
+	// We don't return temporary users here, because they are not interesting to the user and would clutter the output
+	// of `getent passwd`. Other tools should check `getpwnam`/`getpwuid` to check for conflicts, like `useradd` does.
 	usrs, err := m.cache.AllUsers()
 	if err != nil {
 		return nil, err
@@ -409,7 +408,7 @@ func (m *Manager) GroupByID(gid uint32) (types.GroupEntry, error) {
 
 // AllGroups returns all groups.
 func (m *Manager) AllGroups() ([]types.GroupEntry, error) {
-	// TODO: Same as for AllUsers, we might want to return temporary groups here.
+	// Same as in AllUsers, we don't return temporary groups here.
 	grps, err := m.cache.AllGroups()
 	if err != nil {
 		return nil, err
@@ -433,7 +432,6 @@ func (m *Manager) ShadowByName(username string) (types.ShadowEntry, error) {
 
 // AllShadows returns all shadow entries.
 func (m *Manager) AllShadows() ([]types.ShadowEntry, error) {
-	// TODO: Even less sure if we should return temporary users here.
 	usrs, err := m.cache.AllUsers()
 	if err != nil {
 		return nil, err

diff --git a/nss/Cargo.toml b/nss/Cargo.toml
@@ -33,4 +33,4 @@ hyper-util = "0.1.10"
 [build-dependencies]
 # We need to pin tonic-build to 0.11.* for now until https://github.com/hyperium/tonic/issues/1909 is fixed.
 tonic-build = "0.11.*"
-cc = "1.2.10"
+cc = "1.2.12"