commit 45b8d25b57f58c29c999050b49e58d194f1fc19a3d85caa8c9a9775909352682 Author: William Brown Date: Thu Sep 12 01:11:22 2024 +0000 - explicitly depend on cargo to pull in latest compiler revision OBS-URL: https://build.opensuse.org/package/show/network:idm/kanidm?expand=0&rev=63 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_constraints b/_constraints new file mode 100644 index 0000000..c2d8678 --- /dev/null +++ b/_constraints @@ -0,0 +1,13 @@ + + + + 2 + + 8 + + + + 25 + + + diff --git a/_service b/_service new file mode 100644 index 0000000..22f20a7 --- /dev/null +++ b/_service @@ -0,0 +1,28 @@ + + + https://github.com/kanidm/kanidm.git + @PARENT_TAG@~git@TAG_OFFSET@.%h + git + 1.3.0 + v* + v(\d+\.\d+\.\d+) + \1 + enable + william.brown@suse.com + + + + *.tar + zst + + + + kanidm-*.tar.zst + zst + RUSTSEC-2022-0040 + true + + + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..8352e2d --- /dev/null +++ b/_servicedata @@ -0,0 +1,4 @@ + + + https://github.com/kanidm/kanidm.git + f075d13e165f0587054e2c91bc9175b7b1f2a806 \ No newline at end of file diff --git a/kanidm-1.2.2~git0.c4153c9.tar.zst b/kanidm-1.2.2~git0.c4153c9.tar.zst new file mode 100644 index 0000000..85cb688 --- /dev/null +++ b/kanidm-1.2.2~git0.c4153c9.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:afd10f85af96b1ebf0942d178d1aeaa181ddb423bbff0feed93538a6861bc275 +size 11175378 diff --git a/kanidm-1.3.1~git0.eed7c07.tar.zst b/kanidm-1.3.1~git0.eed7c07.tar.zst new file mode 100644 index 0000000..124c544 --- /dev/null +++ b/kanidm-1.3.1~git0.eed7c07.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5965a13cb0cd03a420fef2ced4119f4f3cab188f94684f12ec2a676e6bbf294d +size 11627809 diff --git a/kanidm-1.3.3~git0.f075d13.tar.zst b/kanidm-1.3.3~git0.f075d13.tar.zst new file mode 100644 index 0000000..a839c43 --- /dev/null +++ b/kanidm-1.3.3~git0.f075d13.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ea1ecccc0cb1ac71c30ee3b5442b271222e4c2b607f609a07b4cfeab371a44af +size 11628892 diff --git a/kanidm.changes b/kanidm.changes new file mode 100644 index 0000000..21771a8 --- /dev/null +++ b/kanidm.changes @@ -0,0 +1,1646 @@ +------------------------------------------------------------------- +Thu Sep 12 00:23:51 UTC 2024 - William Brown + +- explicitly depend on cargo to pull in latest compiler revision + +------------------------------------------------------------------- +Tue Aug 20 02:20:12 UTC 2024 - william.brown@suse.com + +- Update to version 1.3.3~git0.f075d13: + * Release 1.3.3 + * Mail substr index (#2981) + +------------------------------------------------------------------- +Sat Aug 10 00:14:34 UTC 2024 - william.brown@suse.com + +- Update to version 1.3.2~git0.229b0cc: + * Release 1.3.2 + * Prevent bug in pam (#2960) + * Reduce client logging noise + * Improve migration error message (#2959) + +------------------------------------------------------------------- +Thu Aug 08 02:16:57 UTC 2024 - william.brown@suse.com + +- Update to version 1.3.1~git0.eed7c07: + * Fix incorrect logic in cred update flow (#2956) + * Resolve maintainer bikeshedding + +------------------------------------------------------------------- +Wed Aug 07 03:15:00 UTC 2024 - william.brown@suse.com + +- Update to version 1.3.0~git0.e2a563f: + * Release 1.3.0 (#2941) + * New orca models (#2909) + * Run rust_build CI between multiple Rust versions (#2939) + * Bump the all group across 1 directory with 9 updates (#2938) + * Bump the all group in /pykanidm with 4 updates (#2937) + * fixing println bug (#2935) + * Reorganising the daemon startup so it doesn't fail with OTEL configured (#2934) + * clippying all the things (#2931) + * docs reordering and cleanup (#2932) + * Add scim proto to kanidm, refactor to improve serde performance. (#2933) + * 20240725 allow connection to older servers (#2930) + * Ubuntu/Debian buildy scripty tweaky things (#2928) + * kanidm graph graphviz unfit for scripting bc. of non-graphviz output (#2876) + * Improve workflow when account policy isnt satisfied (#2927) + * Docs rework (#2919) + * Bump the all group in /pykanidm with 4 updates (#2924) + * Bump the all group with 5 updates (#2925) + * Substring Indexing (#2905) + * Oauth2 in htmx (#2912) + * Strict redirect URL enforcement (#2917) + * Bump gix-path from 0.10.8 to 0.10.9 in the cargo group (#2918) + * fix typos (#2908) + * Add missing groups scope to Grafana example scope-map (#2914) + * build profiles: rename release_suse_generic to release_linux (#2907) + * 20240716 check mkdir (#2906) + * Fix issues with suspend reported by himmelblau (#2911) + * Implement home_mount_path logic (#2894) + * Forcing the http2 feature on hyper, but also chasing some out of date packages (#2896) + * Updating service type per kanidm/kanidm#2892 (#2898) + * making the internals of kanidmclientconfig public for other users (#2895) + * enable build htmx in docker (#2893) + * Fixes the logout flow in htmx and improves the login error dialog (#2889) + * htmx logout tidy up (#2884) + * Tidy up replication poll interval (#2883) + * Bump the all group with 8 updates (#2899) + * Bump the all group in /pykanidm with 2 updates (#2900) + * Add a migration for future versions that will notify and warn about the removal of security keys. (#2885) + * Update mtls cert lifetime (#2886) + * Bump zipp from 3.16.2 to 3.19.1 in /pykanidm in the pip group (#2888) + * [htmx] Apps page (#2868) + * Bump the all group in /pykanidm with 3 updates (#2879) + * Bump the all group across 1 directory with 10 updates (#2881) + * 20240703 htmx (#2870) + * Bump certifi from 2023.7.22 to 2024.7.4 in /pykanidm (#2877) + * Offer configuration of images for Oauth2 resources (#2665) + * 2818 2511 oauth2 urls (#2867) + * Vale Edits 0.1 (#2869) + * added orca docker file, make target and credential reset capabilities (#2846) + * 20240620 htmx (#2854) + * Bump the all group in /pykanidm with 2 updates (#2864) + * Bump the all group with 5 updates (#2865) + * Fixed link to the developers guide (#2862) + * Tweaks to make the makefile make things make easier. + * Update sssd.md + * adding freebsd target_os + * Bump the all group across 1 directory with 8 updates (#2852) + * Bump the all group in /pykanidm with 3 updates (#2849) + * Bump the all group with 2 updates (#2850) + * Configurable thread count (#2847) + * 20240613 performance improvements (#2844) + * Bump urllib3 from 2.0.7 to 2.2.2 in /pykanidm (#2843) + * Allow providers to be box dyn (#2794) + * Bump the all group in /pykanidm with 2 updates (#2842) + * illumos support (#2838) + * 20240611 performance (#2836) + * Bump the all group across 1 directory with 3 updates (#2837) + * Bump the all group across 1 directory with 5 updates (#2835) + * 20240607 2417 piv (#2829) + * fix: typos in OpenApi (#2827) + * Bump authlib from 1.3.0 to 1.3.1 in /pykanidm (#2834) + * Bump the all group with 7 updates (#2811) + * Double shutdown doesn't help! (#2828) + * Stats collection improvements and a bunch of other stuff (#2820) + * Add development taint flag to prevent mismatch of server versions (#2821) + * Remove small ambiguity in docs (#2823) + * lowering "access search" security log levels (#2819) + * Better WebAuthn and other error responses (#2608) + * Update examples/server_container.toml (#2814) + * Bump the all group in /pykanidm with 3 updates (#2812) + * 20240530 nightly warnings (#2806) + * Regrets Dot Pee Enn Gee (#2804) + * Resolve incorrect handling of tokens in logout flow (#2795) + * 2756 - resolve invalid loading of dyngroups at startup (#2779) + * WIP: serialization and domain info setting wonkiness (#2791) + * Bump the all group in /pykanidm with 3 updates (#2799) + * fix DB_PATH variable propagation (#2797) + * feat: add support for ldap compare request (#2780) + * Add ACP checking to exists operations. (#2790) + * Allow name write privileges to be withheld (#2773) + * Check for same version with backup/restore (#2789) + * Revive Cookies. (#2788) + * Fixing up the docs deploy script (#2787) + * chore(deps-dev): bump the all group in /pykanidm with 3 updates (#2781) + * Update our domain TGT level (#2776) + * Fix PIN and MFA Code pam prompts (#2759) + * Update design for KRC (#2713) + * Add some extra comparisons to the readme (#2768) + * strip out some debug messages unless *really* debugging. (#2767) + * Update dev version (#2726) + * Don't need to check versions when there's an intermediary reporting connectivity issues (#2758) + * updating text to fix typo, add more info (#2761) + * Changing TOTP "copy" box from form field to code block. (#2765) + * chore(deps-dev): bump ruff in /pykanidm in the all group (#2763) + * Use fully qualified container URLS (#2754) + * chore(deps-dev): bump the all group in /pykanidm with 3 updates (#2747) + * chore(deps-dev): bump jinja2 from 3.1.3 to 3.1.4 in /pykanidm (#2752) + * Fixing up build for rust 1.78, hiding things behind cfg(test) etc. (#2753) + * Fix broken links in
sections (#2737) + * Update Webauthn and Base64 (#2734) + * Add some metadata for lib macros (#2735) + * chore(deps): bump the all group in /pykanidm with 7 updates (#2729) + * Clean up utils password rand generation. (#2727) + +------------------------------------------------------------------- +Thu May 30 02:47:22 UTC 2024 - william.brown@suse.com + +- Update to version 1.2.2~git0.c4153c9: + * Resolve incorrect handling of tokens in logout flow (#2795) (#2803) + +------------------------------------------------------------------- +Sat May 18 03:11:05 UTC 2024 - william.brown@suse.com + +- Update to version 1.2.1~git0.ba82b1a: + * 2756 - resolve dyngroups not loading correctly at startup (#2778) + +------------------------------------------------------------------- +Wed May 01 04:20:10 UTC 2024 - william.brown@suse.com + +- Update to version 1.2.0~git0.9efa91a: + * Release 1.2.0 (#2733) + * Prepare 1.2.0 + * Release 1.2.0 prep (#2724) + * Minor upgrade fixes (#2722) + * Resolve OAuth2 client/rs confusion (#2719) + * Improve access control doc to describe privilege access mode (#2721) + * Support 1.1 attribute in LDAP (#2720) + * Add mail support to groups (#2718) + * Add session limit (#2714) + * added profile and `memberof` search to the basic model (#2712) + * chore(deps): bump the all group in /pykanidm with 4 updates (#2717) + * Fix typo in oauth2 error message (#2715) + * 20240409 rework orca markov (#2699) + * Begin the basis of the key provider model (#2640) + * chore(deps): bump the all group in /pykanidm with 4 updates (#2707) + * chore(deps): bump peaceiris/actions-mdbook from 1 to 2 in the all group (#2706) + * chore(deps): bump idna from 3.4 to 3.7 in /pykanidm (#2703) + * fix(TotpDigits): fix typo in TryFrom impl (#2702) + * chore(deps-dev): bump the all group in /pykanidm with 4 updates (#2696) + * chore(deps): bump h2 from 0.3.25 to 0.3.26 (#2694) + * Windows Hello Authentication requirements (#2688) + * chore(deps): bump the all group with 1 update (#2690) + * chore(deps-dev): bump the all group in /pykanidm with 1 update (#2691) + * Require kanidm-unixd before kanidm-unixd-tasks (#2687) + * kanidm unixd mfa capabilities (#2672) + * Add Grafana integration to OAuth2 documentation (#2685) + * [SECURITY: LOW] Administrator triggered thread crash in oauth2 claim maps #2686 (#2686) + * ldap-sync: allow to use attrs more than once (#2676) + * chore(deps-dev): bump the all group in /pykanidm with 4 updates (#2683) + * chore(deps): bump the all group with 1 update (#2682) + * fix(docs): packaging section improved (#2677) + * Fix developer ethics link (#2674) + * fix(docs): filename, header and title mismatch fixes (#2660) + * 20240312 concread upgrade (#2668) + * fix(docs): capitalization fixes (#2659) + * fix(docs): links corrected (#2661) + * fix api typo (#2657) + * chore(deps-dev): bump the all group in /pykanidm with 2 updates (#2662) + * chore(deps): bump the all group in /pykanidm with 9 updates (#2656) + * Update bootstrap 5.0.2 to 5.3.3 & minor UI fixes (#2650) + * fix(docs): typos, grammar and broken link fixes (#2644) + * increase severity for "{:?} !⊆ allowed: {:?}" (#2648) + * Add instructions on how to enable PKCE in Nextcloud (#2647) + * 20230224 2437 orca remodel (#2591) + * Add initial design for key domains (#2564) + * Add upgrade process, improve developer readme (#2635) + * Doc unix client support (#2633) + * 20240301 systemd uid (#2602) + * expose group patch for parity (#2628) + * Adding a builtin class for all built-in things (#2603) + * apidoc tag fixes (#2625) + * chore(deps): bump mio from 0.8.10 to 0.8.11 (#2620) + * Fix missing entry managed by on anonymouns (#2623) + * Notes on privilege-expiry (#2622) + * SPAs really are stupid sometimes (#2609) + * apidoc fixes (#2614) + * chore(deps): bump the all group in /pykanidm with 4 updates (#2615) + * Typo fixes (#2610) + * Return consent scope to service account (#2605) + * OpenAPI schema fixes (#2590) + * WASM test fixing (#2595) + * Feature object graph (#2518) + * Add domain version test framework (#2576) + * Fix the miniflux oauth2 example (#2598) + * docs(monitoring): Fix syntax for OpenTelemetry config (#2594) + * 20240221 2489 cleanup api v1 (#2573) + * Changing to allow startup without a config file (#2582) + * Allow /dev/tpmrm0 on older systemd versions (#2587) + * Adjust output of claim maps for better parsing (#2566) + * chore(deps): bump the all group in /pykanidm with 4 updates (#2585) + * improved error description for commit_credential_update (#2579) + * Make /status less noisy (#2574) + * chore(deps): bump cryptography from 42.0.2 to 42.0.4 in /pykanidm (#2567) + * Add system range protection (#2565) + * Fix string comparison in Debian build script (#2409) + * of course I started looking at clippy things and now I can't stop (#2560) + * 20240216 308 resource limits (#2559) + * fix(oauth2): typo in basic path (#2562) + * Adding duplicate-finder script (#2550) + * prctl compile-time fixes, also chasing lints (#2558) + * Removing unused constant and updating docstring for LDAP bind address (#2556) + * chore(deps-dev): bump the all group in /pykanidm with 3 updates (#2553) + * Support Policy Updates (#2536) + * chore(deps): bump cryptography from 42.0.0 to 42.0.2 in /pykanidm (#2548) + * Re-enable HW tpm support (#2531) + * Add further hardening for system services (#2542) + * fixing the test script (#2547) + * when the HTTPS server fails, handle that gracefully (#2546) + * Fix update intent ttl parameters (#2540) + * radius build workflow fixes (#2541) + * Conflict nscd, start before sshd (#2539) + * Fix incorrect documentation elements (#2533) + * Remove replication is in dev flag (#2535) + * Ordering auth methods in the CLI (#2508) + * Set lowercase owner name in tag (#2534) + * Add code_challenge_methods_supported to OIDC discovery (#2525) + * Himmelblau requires the machine key for unix_user_get (#2523) + * Extend on Apache example (#2524) + * chore(deps): bump the all group in /pykanidm with 4 updates (#2520) + * List of supported features (#2499) + * Update to latest dev version (#2486) + +------------------------------------------------------------------- +Sat Mar 30 04:03:52 UTC 2024 - william.brown@suse.com + +- Update to version 1.1.0~rc16~git7.8a1b7b5: + * Require kanidm-unixd before kanidm-unixd-tasks (#2687) + +------------------------------------------------------------------- +Tue Mar 26 01:59:01 UTC 2024 - william.brown@suse.com + +- Update to version 1.1.0~rc16~git6.e51d0de: + * [SECURITY: LOW] Administrator triggered thread crash in oauth2 claim maps #2686 (#2686) + * return consent map to service account (#2604) + +------------------------------------------------------------------- +Wed Feb 28 01:10:20 UTC 2024 - william.brown@suse.com + +- Update to version 1.1.0~rc16~git4.d407844: + * Remove zstd feature + +------------------------------------------------------------------- +Tue Feb 27 03:03:35 UTC 2024 - william.brown@suse.com + +- Update to version 1.1.0~rc16~git3.81298e8: + * Allow /dev/tpmrm0 on older systemd versions (#2587) + +------------------------------------------------------------------- +Tue Feb 20 04:31:01 UTC 2024 - william.brown@suse.com + +- Add ipa-sync service +- Update to version 1.1.0~rc16~git2.6fb4fac: + * List of supported features (#2499) + +------------------------------------------------------------------- +Wed Feb 07 05:35:09 UTC 2024 - william.brown@suse.com + +- Update to version 1.1.0~rc16~git1.a917291: + * Correct cargo versions + * Release 1.1.0-rc.16 (#2483) + * Fix for incorrect domain migration rollbacks (#2482) + * Add tools for remigration and domain level raising (#2481) + * chore(deps): bump cryptography from 41.0.6 to 42.0.0 in /pykanidm (#2480) + * Support SPN in groups claim (#2474) + * Credential update tweaks (#2475) + * Oauth2 pkce faq (#2473) + * Fix debian versioning (#2472) + * chore(deps): bump the all group in /pykanidm with 7 updates (#2479) + * chore(deps): bump the all group with 1 update (#2478) + * Fix RUV trim (#2466) + * 20240125 2217 client credentials grant (#2456) + * docs: Add application passwords design document (#2427) + * handling master docs (#2465) + * update the artifact name in the download step (#2464) + * Book SUMMARY.md: Fix part titles according to mdbook (#2463) + * Update chat link, add keywords (#2462) + * PyKanidm updates and testing (#2301) + * chore(deps): bump aiohttp from 3.9.1 to 3.9.2 in /pykanidm (#2461) + * 1222 what rights does anonymous have (#2436) + * Fix inverted key/chain logic from TLS error improvement (#2453) + * Improve TLS configuration errors (#2447) + * chore(deps): bump shlex from 1.2.0 to 1.3.0 (#2445) + * chore(deps): bump the all group with 1 update (#2441) + * chore(deps-dev): bump the all group in /pykanidm with 2 updates (#2443) + * Return sshkey label to cli fields (#2440) + * Add rfc8414 metadata (#2434) + * Add test for delete referer invalid (#2435) + * Clarify role of WebUI in README.md (#2431) + * Adding max_ber_size option in config for ldap sync (#2416) + * Debian build fixes (also the book) (#2400) + * 2390 1980 allow native applications (#2428) + * chore(deps-dev): bump the all group in /pykanidm with 2 updates (#2430) + * cookies (#2426) + * Clean RUV (#2424) + * chore(deps-dev): bump jinja2 from 3.1.2 to 3.1.3 in /pykanidm (#2425) + * Upgrade replication to use anchors (#2423) + * Minor fixes for oidc with single page applications (#2420) + * chore(deps-dev): bump the all group in /pykanidm with 2 updates (#2421) + * Use case insensitive match on substrings in line with ldap (#2419) + * Change OAuth2 RS Origin from the CLI (#2418) + * Add design diagrams (#2332) + * chore(deps-dev): bump the all group in /pykanidm with 3 updates (#2410) + * Fix deb release flow to find the matrix split artifacts (#2406) + * 20231222 piv authentication (#2398) + * Update docs, closes SQLite Write-Ahead Logging might make page size immutable #2404 (#2405) + * Build the kanidm cli tools deb as well (#2402) + * Force apply idm migrations to apply access controls (#2401) + * fixing up the integration script (#2392) + * chore(deps): bump the all group in /pykanidm with 8 updates (#2396) + * chore(deps): bump the all group with 2 updates (#2395) + * fix backup filename and regexp pattern for cleanup (#2386) + * idprovider: Provide the keystore during auth (#2385) + * db: Fix insert_tagged_hsm_key doesn't cache the hsm key (#2389) + * daemon: Fix inverted logic on cache dir check (#2388) + * Add improved domain migration framework and default MFA (#2382) + * Trim and lowecase usernames (#2380) + * Add DN as a virtual ldap attr (#2379) + * fixing default for oauth2 request_parameter_supported metadata (#2378) + * chore(deps): bump the all group in /pykanidm with 6 updates (#2375) + * 20231218 ipa sync unix password (#2374) + * chore(deps): bump the all group with 2 updates (#2372) + * 1481 2024 access control rework (#2366) + * chore(deps): bump zerocopy from 0.7.26 to 0.7.31 (#2368) + * chore(deps): bump the all group with 3 updates (#2363) + * chore(deps-dev): bump the all group in /pykanidm with 4 updates (#2362) + * 249 2024 managed by syntax (#2359) + * typo (#2356) + * 20231204 ipa sync minor improvements (#2357) + * chore(deps-dev): bump the all group in /pykanidm with 2 updates (#2355) + * Unixd build/debugging updates (#2350) + * 20231129 webauthn attestation (#2351) + * Fix handling of TPM in some trait contexts (#2347) + * docs: miniflux added pkce support (#2352) + * Using proper axum http headers lib for compatibility (#2348) + * Bearer should send with same caps we accept (#2345) + * chore(deps): bump cryptography from 41.0.4 to 41.0.6 in /pykanidm (#2341) + * docs: improve grammar for book/src/developers/faq.md (#2343) + * Expose machine key in auth phase (#2340) + * 20231128 freeipa migration (#2338) + * Unix crossbuild scripts and docs (#2326) + * Expose TPM in more interface places (#2334) + * chore(deps): bump the all group in /pykanidm with 6 updates (#2336) + * Adding kanidm client config docs and notes ref #2248 (#2333) + * Update to the latest compact-jwt version (#2331) + * Adding env var configs for the server (#2329) + * Better errors when TPM PIN file not found (#2330) + * 20231120 2320 sssd compat (#2328) + * Resolve future send issue with keystore (#2311) + * chore(deps): bump the all group in /pykanidm with 6 updates (#2325) + * chore(deps): bump the all group with 3 updates (#2324) + * Add test (#2323) + * OAuth2 scopes validation logging missing details (#2317) + * Add systemd deps for unixd (#2314) + * 20231115 oauth2 authreq (#2310) + * Docs - Bump Fedora 36 to Fedora 38 (#2309) + * chore(deps): bump the all group with 4 updates (#2306) + * chore(deps-dev): bump the all group in /pykanidm with 5 updates (#2305) + * Remove serde json from wasm (#2304) + * Fix spelling (#2303) + * 20231109 1122 credential class (#2300) + * Moving daemon tracing to OpenTelemetry (#2292) + * 20231101 add id cert to unixint (#2284) + * Docs fixes for #2296 (#2297) + * Update OpenAPI schema gen to actually... be kinda sorta valid. (#2296) + * chore(deps-dev): bump the all group in /pykanidm with 2 updates (#2294) + * chore(deps): bump the all group with 8 updates (#2293) + * pw min length in account policy (#2289) + * WASM troubleshooting docs closes #2286 (#2291) + * oauth2 typo (#2290) + * Update notes to avoid some possible interpretation errors (#2288) + * Feature: kanidm CLI pulling OpenAPI schema (#2285) + * Feature: configurable replication poll interval (#2283) + * Minor improvements to incoming replication (#2279) + * Problems with bash completion autocomplete (#2281) + * Remove unused imports and clippy lint (#2276) + * Rework ldap bind routine (#2268) + * Disable inconsistent test (#2278) + * make versions consistent + * 1.1.0 rc.15 dev post-release (#2271) + +------------------------------------------------------------------- +Wed Jan 24 01:18:23 UTC 2024 - william.brown@suse.com + +- Update to version 1.1.0~rc15~git8.122b6af: + * Remove unused import that breaks builds on newer rust versions + * Update to latest webauthn-rs version + * fix version + * Fix maint branch versions + * Disable inconsistent test (#2278) + +------------------------------------------------------------------- +Tue Oct 31 12:02:37 UTC 2023 - william.brown@suse.com + +- Update to version 1.1.0~rc15~git2.74f5c0f: + * make versions consistent + * 1.1.0 rc.15 dev post-release (#2271) + * Release 1.1.0-rc.15-dev + * started writing docs and ended up in another rabbit hole (#2267) + * CLI integration test beginnings (#2261) + * chore(deps): bump the all group with 7 updates (#2266) + * chore(deps-dev): bump the all group in /pykanidm with 5 updates (#2265) + * Add book chapter + cli + * Cargo fmt and clippy checks + * Restrict posix passwords on ldap bind with config + * Splitting the SPAs (#2219) + * Bug chasing (#2257) + * cargo fmt + clippy (#2241) + * service-account or person validity show returns for non-existing identity (#2258) + * don't need write if we are not writing (#2256) + * adding service account patch methods (#2255) + * .deb package build and docs fixes (#2252) + * Auth flow docs (#2249) + * pykanidm test code (#2202) + * chore(deps): bump the all group with 5 updates (#2247) + * chore(deps-dev): bump the all group in /pykanidm with 4 updates (#2246) + * 20231019 1122 account policy basics (#2245) + * Add note on snaps to PAM and nsswitch with link to new section in FAQ (#2244) + * 20231014 account policy (#2218) + * chore(deps): bump rustix from 0.38.15 to 0.38.19 (#2242) + * Fix incorrect references to LDAP in sync (#2239) + * Remove unused crate users (#2240) + * chore(deps-dev): bump urllib3 from 2.0.6 to 2.0.7 in /pykanidm (#2238) + * Windows build fixes and test coverage (#2220) + * more space checks (#2234) + * Fixing dependabot and its mistakes (#2232) + * chore(deps-dev): bump mypy from 1.5.1 to 1.6.0 in /pykanidm (#2231) + * chore(deps-dev): bump mkdocs-material from 9.4.4 to 9.4.6 in /pykanidm (#2230) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#2229) + * chore(deps): bump tokio from 1.32.0 to 1.33.0 (#2228) + * chore(deps): bump tss-esapi from 7.3.0 to 7.4.0 (#2227) + * chore(deps): bump regex from 1.9.6 to 1.10.1 (#2226) + * chore(deps): bump tracing from 0.1.37 to 0.1.39 (#2225) + * chore(deps): bump utoipa-swagger-ui from 3.1.5 to 4.0.0 (#2224) + * chore(deps): bump proc-macro2 from 1.0.68 to 1.0.69 (#2223) + * chore(deps): bump async-trait from 0.1.73 to 0.1.74 (#2222) + * chore(deps): bump serde from 1.0.188 to 1.0.189 (#2221) + * OpenAPI/swagger docs autogen (#2175) + * 20231012 346 name deny list (#2214) + * Add file diagnosis (#2210) + * fix RUV on startup, improve filter output (#2211) + * Chasing yaks down dark alleyways (#2207) + * Reduce `pam_kanidm`'s priority in Debian platforms (#2209) + * chore(deps-dev): bump ruff from 0.0.291 to 0.0.292 in /pykanidm (#2194) + * chore(deps-dev): bump coverage from 7.3.1 to 7.3.2 in /pykanidm (#2195) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#2193) + * chore(deps-dev): bump mkdocs-material from 9.4.2 to 9.4.4 in /pykanidm (#2197) + * chore(deps): bump libc from 0.2.148 to 0.2.149 (#2201) + * chore(deps): bump axum-auth from 0.4.0 to 0.4.1 (#2200) + * chore(deps): bump syn from 2.0.37 to 2.0.38 (#2199) + * chore(deps): bump proc-macro2 from 1.0.67 to 1.0.68 (#2198) + * chore(deps): bump aiohttp from 3.8.5 to 3.8.6 in /pykanidm (#2196) + * chore(deps-dev): bump pylint-pydantic from 0.2.4 to 0.3.0 in /pykanidm (#2192) + * 20231008 remove expect used (#2191) + * Thread naming and display (#2190) + * Replication tweaks - try the most recent successful one and error less (#2189) + * Chasing wooly quadrapeds again (#2163) + * 68 20230929 replication finalisation (#2160) + * In-system image storage (#2112) + * chore(deps-dev): bump urllib3 from 2.0.4 to 2.0.6 in /pykanidm (#2173) + * chore(deps-dev): bump mkdocs-material from 9.3.2 to 9.4.2 in /pykanidm (#2165) + * chore(deps): bump clap_complete from 4.4.1 to 4.4.3 (#2170) + * chore(deps): bump hashbrown from 0.14.0 to 0.14.1 (#2169) + * chore(deps): bump clap from 4.4.4 to 4.4.6 (#2168) + * chore(deps): bump regex from 1.9.5 to 1.9.6 (#2167) + * chore(deps): bump pydantic from 2.3.0 to 2.4.2 in /pykanidm (#2166) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#2164) + * fix credential update intent defaults (#2162) + * 68 20230919 replication configuration (#2131) + * Can't build kanidmd using the Ubuntu docker builder scripts - cleanup (#2154) + * Enforce TLS key size minimums (#2145) + * bindaddress default doesn't match documentation (#2150) + * chore(deps-dev): bump ruff from 0.0.290 to 0.0.291 in /pykanidm (#2137) + * chore(deps-dev): bump mkdocs from 1.5.2 to 1.5.3 in /pykanidm (#2138) + * chore(deps): bump syn from 2.0.32 to 2.0.37 (#2143) + * chore(deps): bump tss-esapi from 7.2.0 to 7.3.0 (#2142) + * chore(deps): bump tokio-util from 0.7.8 to 0.7.9 (#2141) + * chore(deps): bump dyn-clone from 1.0.13 to 1.0.14 (#2140) + * chore(deps): bump clap from 4.4.3 to 4.4.4 (#2139) + * chore(deps-dev): bump mkdocs-material from 9.3.1 to 9.3.2 in /pykanidm (#2136) + * minor changes to speed up WASM tests (#2133) + * chore(deps): bump cryptography from 41.0.3 to 41.0.4 in /pykanidm (#2134) + * CLI and kanidm_client changes to handle errors and TLS validation changes (#2127) + * Typo (#2125) + * chore(deps-dev): bump mkdocs-material from 9.2.8 to 9.3.1 in /pykanidm (#2114) + * chore(deps-dev): bump ruff from 0.0.287 to 0.0.290 in /pykanidm (#2115) + * chore(deps-dev): bump black from 23.9.0 to 23.9.1 in /pykanidm (#2116) + * chore(deps): bump chrono from 0.4.30 to 0.4.31 (#2124) + * chore(deps): bump docker/setup-qemu-action from 2 to 3 (#2119) + * chore(deps): bump proc-macro2 from 1.0.66 to 1.0.67 (#2123) + * chore(deps): bump serde_json from 1.0.106 to 1.0.107 (#2122) + * chore(deps): bump libc from 0.2.147 to 0.2.148 (#2121) + * chore(deps): bump clap from 4.4.2 to 4.4.3 (#2120) + * chore(deps): bump docker/build-push-action from 4 to 5 (#2118) + * chore(deps): bump docker/setup-buildx-action from 2 to 3 (#2117) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#2113) + * Yaleman/issue989 (#2111) + * Cinco de yakko (#2108) + * 68 20230912 session consistency (#2110) + * Fix typo (#2109) + * Implement DeviceAuthorizationGrant for MFA (#2079) + * Schema dooby doo ... yon (#2103) + * sqlite3 doesn't need to be installed on dev machines (#2104) + * 68 20230908 replication attrunique (#2086) + * chore(deps-dev): bump pytest-aiohttp from 1.0.4 to 1.0.5 in /pykanidm (#2092) + * chore(deps-dev): bump coverage from 7.3.0 to 7.3.1 in /pykanidm (#2089) + * chore(deps-dev): bump mkdocs-material from 9.2.7 to 9.2.8 in /pykanidm (#2090) + * chore(deps-dev): bump black from 23.7.0 to 23.9.0 in /pykanidm (#2088) + * chore(deps-dev): bump pytest from 7.4.1 to 7.4.2 in /pykanidm (#2091) + * chore(deps): bump actions/checkout from 3 to 4 (#2102) + * chore(deps): bump walkdir from 2.3.3 to 2.4.0 (#2101) + * chore(deps): bump serde_json from 1.0.105 to 1.0.106 (#2100) + * chore(deps): bump openssl-sys from 0.9.92 to 0.9.93 (#2099) + * chore(deps): bump bytes from 1.4.0 to 1.5.0 (#2097) + * chore(deps): bump clap_complete from 4.4.0 to 4.4.1 (#2098) + * chore(deps): bump argon2 from 0.5.1 to 0.5.2 (#2096) + * chore(deps): bump syn from 2.0.31 to 2.0.32 (#2095) + * chore(deps): bump chrono from 0.4.28 to 0.4.30 (#2094) + * chore(deps): bump base64 from 0.21.3 to 0.21.4 (#2093) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#2087) + * move from git2 to gix (#2085) + * Schema-dooby-doo-part-trois (#2082) + * CLI and test things (#2080) + * 68 20230907 replication (#2081) + * minor tweaks to Orca (#2077) + * Changing build targets for debs (#2076) + * Removing default features from git2 package (#2078) + * 68 20230829 replication referential integrity (#2048) + * Schema dooby doo part two (#2071) + * 68 20230831 design replication coordinator (#2051) + * improve wording of webauthn cli interaction (#2073) + * When an empty body was returned, do request would error incorrectly (#2074) + * update bug template, closes #2054 (#2055) + * Yak hassling (#2059) + * docs: api tokens are managed by idm_admin (#2072) + * chore(deps-dev): bump pytest from 7.4.0 to 7.4.1 in /pykanidm (#2062) + * chore(deps-dev): bump mkdocstrings from 0.22.0 to 0.23.0 in /pykanidm (#2063) + * chore(deps-dev): bump ruff from 0.0.286 to 0.0.287 in /pykanidm (#2061) + * chore(deps): bump async-recursion from 1.0.4 to 1.0.5 (#2070) + * chore(deps): bump syn from 2.0.29 to 2.0.31 (#2069) + * chore(deps): bump clap from 4.4.0 to 4.4.2 (#2068) + * chore(deps): bump url from 2.4.0 to 2.4.1 (#2067) + * chore(deps): bump regex from 1.9.4 to 1.9.5 (#2066) + * chore(deps): bump chrono from 0.4.26 to 0.4.28 (#2065) + * chore(deps): bump tower-http from 0.4.3 to 0.4.4 (#2064) + * chore(deps-dev): bump mkdocs-material from 9.2.5 to 9.2.7 in /pykanidm (#2060) + * Check in missing users crate for SELinux integration (#2050) + * Add tests for X-Forwarded-For header (kinda) (#1957) + * docs: fix miniflux oauth example (#2046) + * Clear cache before verify on some low-level tests (#2044) + * 68 20230828 replication of schema (#2045) + * Update compact jwt (#2043) + * Allow patching of crates from related projects (#2042) + * pam multistep auth state machine (#2022) + * chore(deps): bump clap from 4.3.23 to 4.4.0 (#2039) + * chore(deps): bump reqwest from 0.11.18 to 0.11.20 (#2040) + * chore(deps): bump openssl from 0.10.56 to 0.10.57 (#2038) + * chore(deps): bump clap_complete from 4.3.2 to 4.4.0 (#2036) + * chore(deps): bump base64 from 0.21.2 to 0.21.3 (#2037) + * chore(deps): bump regex from 1.9.3 to 1.9.4 (#2035) + * chore(deps): bump serde from 1.0.183 to 1.0.188 (#2034) + * chore(deps): bump openssl-sys from 0.9.91 to 0.9.92 (#2033) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#2032) + * chore(deps-dev): bump mkdocs-material from 9.1.21 to 9.2.5 in /pykanidm (#2031) + * chore(deps-dev): bump ruff from 0.0.285 to 0.0.286 in /pykanidm (#2030) + * chore(deps): bump pydantic from 2.2.1 to 2.3.0 in /pykanidm (#2029) + * Authentication shortcut to get a RW session (#1993) + * wopsies, missing imports (#2023) + * idv cli (#2001) + * Trying to fix the (current) container build failures (#2021) + * pykanidm updoots (#2019) + * 68 20230821 replication (#2020) + * Configurable session timeouts (#1965) + * fix: output an array in json mode for `kanidm group list` (#2016) + * feat: add json output modes for `person list` and `system oauth2 list` (#2017) + * docs: Update missed add_members command (#2018) + * Less human strings more enums (#1989) + * Resolve incorrect time units on timeout (#2014) + * chore(deps): bump dyn-clone from 1.0.12 to 1.0.13 (#2013) + * chore(deps): bump quote from 1.0.32 to 1.0.33 (#2012) + * chore(deps): bump gloo-timers from 0.2.6 to 0.3.0 (#2011) + * chore(deps): bump serde_with from 3.2.0 to 3.3.0 (#2010) + * chore(deps): bump clap from 4.3.21 to 4.3.23 (#2009) + * chore(deps): bump tokio from 1.31.0 to 1.32.0 (#2008) + * chore(deps): bump serde_json from 1.0.104 to 1.0.105 (#2007) + * chore(deps): bump syn from 2.0.28 to 2.0.29 (#2006) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#2005) + * chore(deps-dev): bump mypy from 1.5.0 to 1.5.1 in /pykanidm (#2004) + * chore(deps-dev): bump ruff from 0.0.284 to 0.0.285 in /pykanidm (#2003) + * chore(deps): bump pydantic from 2.1.1 to 2.2.1 in /pykanidm (#2002) + * reordering layers so the web server works in non-debug-mode (#1999) + * 20230817 idv migration (#1992) + * daemon: kanidmd version requires a config file to run (#1959) (#1990) + * Resolve issues with dyngroup members (#1986) + * Revert "sqlite where IN for id entry (#1988)" (#1991) + * sqlite where IN for id entry (#1988) + * Identity verification feature (#1819) + * 1982 service account access (#1985) + * Fixing test release (#1983) + * error handling and web server logging fixes (#1960) + * Struct-ifying schema things (#1971) + * Orca tweaks (#1963) + * Fighting with zypper, tagging our images (#1964) + * chore(deps-dev): bump coverage from 7.2.7 to 7.3.0 in /pykanidm (#1974) + * chore(deps-dev): bump mypy from 1.4.1 to 1.5.0 in /pykanidm (#1973) + * chore(deps): bump serde from 1.0.182 to 1.0.183 (#1979) + * Are we JSON yet? Kinda. But we're closer. (#1967) + * chore(deps): bump clap from 4.3.19 to 4.3.21 (#1978) + * chore(deps): bump tokio from 1.29.1 to 1.31.0 (#1977) + * chore(deps): bump async-trait from 0.1.72 to 0.1.73 (#1976) + * chore(deps): bump selinux from 0.4.1 to 0.4.2 (#1975) + * chore(deps-dev): bump ruff from 0.0.282 to 0.0.284 in /pykanidm (#1972) + * docs: Fix outdated oauth2 subcommands (#1969) + * Allow one-character usernames (#1941) + * resolver: Himmelblau needs old token for refresh (#1962) + * updating python packages to close dependabot securiity alerts (#1956) + * providing server configuration in the testkit::test macro (#1953) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#1952) + * chore(deps-dev): bump ruff from 0.0.280 to 0.0.282 in /pykanidm (#1951) + * chore(deps-dev): bump mkdocs from 1.5.1 to 1.5.2 in /pykanidm (#1950) + * chore(deps): bump openssl from 0.10.55 to 0.10.56 (#1949) + * chore(deps): bump regex from 1.9.1 to 1.9.3 (#1948) + * chore(deps): bump serde from 1.0.180 to 1.0.182 (#1947) + * chore(deps): bump filetime from 0.2.21 to 0.2.22 (#1946) + * chore(deps): bump openssl-sys from 0.9.90 to 0.9.91 (#1945) + * chore(deps): bump serde_with from 3.1.0 to 3.2.0 (#1944) + * chore(deps): bump axum from 0.6.19 to 0.6.20 (#1943) + * removing debug string (#1937) + * Final v3 master x book deployment fix (#1936) + * trying a different ref (#1935) + * replaced `skip_serializing_if` with `skip_serializing_none` (#1932) + * another book round (#1933) + * trying again (#1931) + * fixed serialization of oauth2 token scope (#1930) + * added compression layer for the pkg route (#1928) + * Resolve build failiures when selinux is enabled (#1927) + * Resolve issue with publishing (#1925) + * Set dev version (#1924) + +------------------------------------------------------------------- +Mon Aug 21 04:41:21 UTC 2023 - william.brown@suse.com + +- Update to version 1.1.0~beta13~git7.1fb34a9: + * Resolve incorrect time units on timeout (#2014) + * Update cargo lock, docker fixes + * 1982 service account access (#1985) + * fixed serialization of oauth2 token scope (#1930) + * added compression layer for the pkg route (#1928) + +------------------------------------------------------------------- +Mon Aug 14 04:31:37 UTC 2023 - William Brown + +- Resolve issues with fedora/centos build + +------------------------------------------------------------------- +Tue Aug 01 09:12:42 UTC 2023 - william.brown@suse.com + +- Update to version 1.1.0~beta13~git2.5d1e2f9: + * Resolve build failiures when selinux is enabled (#1927) + * Resolve issue with publishing (#1925) + * Set dev version (#1924) + * Release 1.1.0-beta.13 (#1922) + * 20230731 release (#1921) + * Improve default shells for distros (#1920) + * 20230728 techdebt paydown (#1909) + * chasing weirdness (#1910) + * chore(deps-dev): bump mkdocs-material from 9.1.19 to 9.1.21 in /pykanidm (#1918) + * chore(deps): bump serde_json from 1.0.103 to 1.0.104 (#1917) + * chore(deps): bump serde from 1.0.174 to 1.0.178 (#1916) + * chore(deps): bump tikv-jemallocator from 0.5.0 to 0.5.4 (#1915) + * chore(deps-dev): bump mkdocs from 1.4.3 to 1.5.1 in /pykanidm (#1913) + * chore(deps-dev): bump pylint-pydantic from 0.2.3 to 0.2.4 in /pykanidm (#1912) + * chore(deps): bump pydantic from 2.0.3 to 2.1.1 in /pykanidm (#1911) + * 20230727 unix int modularity (#1907) + * bumping action version (#1908) + * 68 20230720 replication improvements (#1905) + * Resolve compilation issue with tpm enabled on linux (#1902) + * Improve service file for host installs (#1901) + * 20230720 unix int modular (#1881) + * fixing up pydantic things (#1885) + * 1788 admin unix socket (#1880) + * chore(deps-dev): bump pylint-pydantic from 0.2.1 to 0.2.3 in /pykanidm (#1900) + * chore(deps-dev): bump ruff from 0.0.278 to 0.0.280 in /pykanidm (#1899) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#1898) + * chore(deps-dev): bump mkdocs-material from 9.1.18 to 9.1.19 in /pykanidm (#1897) + * chore(deps): bump async-trait from 0.1.71 to 0.1.72 (#1895) + * chore(deps-dev): bump types-toml from 0.10.8.6 to 0.10.8.7 in /pykanidm (#1896) + * chore(deps): bump axum from 0.6.18 to 0.6.19 (#1894) + * chore(deps): bump clap from 4.3.12 to 4.3.19 (#1893) + * chore(deps): bump axum-macros from 0.3.7 to 0.3.8 (#1892) + * chore(deps): bump serde from 1.0.171 to 1.0.174 (#1891) + * chore(deps): bump uuid from 1.4.0 to 1.4.1 (#1890) + * chore(deps): bump quote from 1.0.31 to 1.0.32 (#1889) + * chore(deps): bump tower-http from 0.4.1 to 0.4.3 (#1888) + * chore(deps): bump syn from 2.0.26 to 2.0.27 (#1887) + * chore(deps): bump urlencoding from 2.1.2 to 2.1.3 (#1886) + * added hsts header middleware (#1882) + * chore(deps): bump aiohttp from 3.8.4 to 3.8.5 in /pykanidm (#1883) + * 1785 allow sync attr yielding via partial write admin (#1879) + * Alter filter generation to exclude empty conditions (#1877) + * Revert to opensuse based radius container. (#1878) + * Unix gid duplicate fix (#1876) + * Refactor docker_build_kanidm to be more isolated (v13) (#1872) + * Sync account import improvements (#1873) + * chore(deps): bump quote from 1.0.29 to 1.0.31 (#1870) + * chore(deps-dev): bump black from 23.3.0 to 23.7.0 in /pykanidm (#1859) + * Add a newline to fix links in LLDAP section of the README (#1871) + * chore(deps): bump dyn-clone from 1.0.11 to 1.0.12 (#1869) + * chore(deps): bump pydantic from 1.10.11 to 2.0.3 in /pykanidm (#1858) + * chore(deps): bump serde_json from 1.0.102 to 1.0.103 (#1868) + * Fix missing slash in tag (#1853) + * chore(deps): bump argon2 from 0.5.0 to 0.5.1 (#1867) + * chore(deps): bump syn from 2.0.25 to 2.0.26 (#1866) + * chore(deps): bump paste from 1.0.13 to 1.0.14 (#1864) + * chore(deps-dev): bump pylint-pydantic from 0.2.0 to 0.2.1 in /pykanidm (#1863) + * chore(deps): bump clap from 4.3.11 to 4.3.12 (#1862) + * chore(deps-dev): bump pytest-asyncio from 0.21.0 to 0.21.1 in /pykanidm (#1861) + * chore(deps): bump proc-macro2 from 1.0.64 to 1.0.66 (#1860) + * chore(deps-dev): bump ruff from 0.0.277 to 0.0.278 in /pykanidm (#1857) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#1856) + * chore(deps): bump actions/upload-pages-artifact from 1 to 2 (#1855) + * Revert "something something token permissions (#1850)" (#1852) + * something something token permissions (#1850) + * Upgraded clap, removing atty as a dependency (#1849) + * Ensure we dont use std hashmaps (#1848) + * Improve selinux in tasks daemon (#1847) + * Resolve issue with order of operations causing group memberships to disappear (#1845) + * headless webdriver testing, starting on brotli feature (#1844) + * chore(deps-dev): bump mkdocs-material from 9.1.17 to 9.1.18 in /pykanidm (#1835) + * chore(deps): bump serde from 1.0.166 to 1.0.170 (#1843) + * Fix a typo in the unix daemon debug (#1822) + * chore(deps-dev): bump ruff from 0.0.275 to 0.0.277 in /pykanidm (#1833) + * chore(deps): bump serde-wasm-bindgen from 0.4.5 to 0.5.0 (#1842) + * chore(deps): bump proc-macro2 from 1.0.63 to 1.0.64 (#1841) + * chore(deps): bump syn from 2.0.23 to 2.0.25 (#1840) + * chore(deps): bump async-trait from 0.1.69 to 0.1.71 (#1839) + * chore(deps): bump regex from 1.8.4 to 1.9.1 (#1838) + * chore(deps): bump is-terminal from 0.4.8 to 0.4.9 (#1837) + * chore(deps): bump serde_json from 1.0.99 to 1.0.100 (#1836) + * Allow Authorization header in CORS preflight response (#1831) + * chore(deps): bump pydantic from 1.10.10 to 1.10.11 in /pykanidm (#1834) + * chore(deps-dev): bump pylint-pydantic from 0.1.8 to 0.2.0 in /pykanidm (#1832) + * Add preflight headers (#1829) + * Persist nonce through refresh to support client (#1826) + * Cleanup spa handling (#1825) + * 1792 public oauth clients (#1821) + * 1812 1813 post axum cleanup (#1817) + * Fix diagram colours (#1815) + * Converting from tide to axum (#1797) + * Add client UX for redirecting to an external portal for synced accounts (#1791) + * Add cors policy (#1807) + * Improve tasks daemon shutdown (#1806) + * Improve durability of migrations (#1804) + * clippy-izing an unsafe in pam (#1795) + * chore(deps): bump pydantic from 1.10.9 to 1.10.10 in /pykanidm (#1803) + * chore(deps): bump uuid from 1.3.4 to 1.4.0 (#1802) + * chore(deps): bump tokio from 1.28.2 to 1.29.1 (#1801) + * chore(deps): bump syn from 2.0.20 to 2.0.23 (#1800) + * chore(deps): bump whoami from 1.4.0 to 1.4.1 (#1799) + * chore(deps): bump quote from 1.0.28 to 1.0.29 (#1798) + * 20230629 tpm keygen ... again (#1793) + * Fixing the kanidmd healthcheck (#1789) + * Name change history (#1727) + * 20230628 tpm minor issue with key regen (#1790) + * Still trying to fix the docs. (#1709) + * Improve cli to support multi-domain handling. (#1786) + * Started chasing noise, found some code to delete... (#1768) + * Improve tpm key generation - improve unix config for tpms. (#1782) + * chore(deps-dev): bump pytest from 7.3.2 to 7.4.0 in /pykanidm (#1771) + * chore(deps-dev): bump mkdocs-material from 9.1.16 to 9.1.17 in /pykanidm (#1773) + * chore(deps-dev): bump mypy from 1.3.0 to 1.4.1 in /pykanidm (#1784) + * chore(deps): bump serde_json from 1.0.97 to 1.0.99 (#1778) + * chore(deps): bump syn from 2.0.18 to 2.0.20 (#1779) + * chore(deps): bump authlib from 1.2.0 to 1.2.1 in /pykanidm (#1777) + * chore(deps): bump proc-macro2 from 1.0.60 to 1.0.63 (#1776) + * chore(deps): bump libc from 0.2.146 to 0.2.147 (#1774) + * chore(deps): bump gloo-net from 0.2.6 to 0.3.0 (#1772) + * chore(deps-dev): bump ruff from 0.0.272 to 0.0.275 in /pykanidm (#1770) + * Fix debian packaging (#1742) + * Remove r2d2 - sad beep noises (#1766) + * Kanidmd is a bit noisy (#1765) + * Ux improvements - Allow enrolling other devices (#1764) + * Make argon2id default pw hasher - improve parameter detection (#1762) + * chore(deps): bump openssl from 0.10.54 to 0.10.55 (#1761) + * Implement tpm binding of cached password hashes (#1754) + * Mention client configuration in tool installation guide (#1756) + * Remove scripts that are no longer required (#1759) + * OAuth2 secret JSON (#1758) + * Allow account locking with expire-at 'epoch' and 'now' (#1757) + * Resolve codespell issues (#1753) + * Add tls generator to main kanidmd (#1743) + * Fix block_on in ssh authorised keys (#1752) + * chore(deps-dev): bump mkdocs-material from 9.1.15 to 9.1.16 in /pykanidm (#1751) + * chore(deps): bump gloo from 0.8.0 to 0.8.1 (#1750) + * chore(deps-dev): bump pytest-mock from 3.10.0 to 3.11.1 in /pykanidm (#1749) + * chore(deps): bump hashbrown from 0.13.2 to 0.14.0 (#1748) + * 1737 1739 sync - map uidnumbers mail (#1741) + * Add support for argon2id (#1736) + * Disable neon on linux (#1740) + * 20230614 unix account security - move account name deny to unixd (#1733) + * fixed return value of add_ava_int (#1735) + * unix_integration: also check running SELinux mode (#1704) + * added pre_cand entries to both pre_modify and pre_batch_modify plugin functions (#1732) + * 20230608 ldap sync (#1728) + * Add acp allowing service accounts to clear their own sessions (#1731) + * Declare when no applications are available (#1730) + * Fix ip addr parse (#1729) + * X-Forwarded-For catcher - improve ip addr parsing (#1725) + * chore(deps): bump proc-macro2 from 1.0.59 to 1.0.60 (#1723) + * chore(deps): bump url from 2.3.1 to 2.4.0 (#1722) + * chore(deps-dev): bump pytest from 7.3.1 to 7.3.2 in /pykanidm (#1719) + * chore(deps): bump libc from 0.2.145 to 0.2.146 (#1721) + * chore(deps-dev): bump ruff from 0.0.270 to 0.0.272 in /pykanidm (#1720) + * docs: fix typo in sync concepts (#1715) + * chore(deps): bump regex from 1.8.3 to 1.8.4 (#1718) + * chore(deps): bump pydantic from 1.10.8 to 1.10.9 in /pykanidm (#1717) + * chore(deps): bump serde from 1.0.163 to 1.0.164 (#1716) + * Absolutely minimal implementation (#1711) + * Add further incremental replication tests (#1707) + * Save two more kay strokes (#1708) + * Documentation root directory 404 (#1706) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#1697) + * Improve diagnostic and docs of ldap bind requiring posix password (#1702) + * #1680 redux - trying to fix docs again (#1692) + * Automatically login & reauth (#1691) + * chore(deps-dev): bump coverage from 7.2.6 to 7.2.7 in /pykanidm (#1698) + * chore(deps): bump libc from 0.2.144 to 0.2.145 (#1701) + * chore(deps): bump openssl from 0.10.52 to 0.10.54 (#1700) + * chore(deps): bump csv from 1.2.1 to 1.2.2 (#1699) + * chore(deps): bump syn from 2.0.17 to 2.0.18 (#1696) + * chore(deps): bump chrono from 0.4.24 to 0.4.26 (#1695) + * chore(deps-dev): bump mkdocs-material from 9.1.14 to 9.1.15 in /pykanidm (#1694) + * chore(deps): bump openssl-sys from 0.9.87 to 0.9.88 (#1693) + * Documentation root directory 404 (#1681) + * Crono expression parser fix (#1682) + * Document OpenID connect setup for Miniflux (#1683) + * chore(deps): bump cryptography from 39.0.1 to 41.0.0 in /pykanidm (#1684) + * Improve the readme (#1679) + * Move the socket startup to localise it to the acceptor (#1678) + * SELinux support for kanidm-unixd-tasks daemon (#1661) + * Resolve ability to delete ssh keys with spaces in tags (#1674) + * Adding mdbook-template back for bookgen (#1660) + * chore(deps-dev): bump coverage from 7.2.5 to 7.2.6 in /pykanidm (#1669) + * chore(deps-dev): bump mkdocstrings from 0.21.2 to 0.22.0 in /pykanidm (#1671) + * 20230526 incremental replication improvements (#1659) + * chore(deps): bump regex from 1.8.1 to 1.8.3 (#1670) + * chore(deps): bump hashbrown from 0.12.3 to 0.13.2 (#1668) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#1667) + * chore(deps): bump tokio from 1.28.1 to 1.28.2 (#1666) + * chore(deps-dev): bump ruff from 0.0.269 to 0.0.270 in /pykanidm (#1665) + * chore(deps): bump quote from 1.0.27 to 1.0.28 (#1664) + * chore(deps): bump pydantic from 1.10.7 to 1.10.8 in /pykanidm (#1663) + * fixing get-tags-action in book build (#1657) + * Add more replication tests, improve some handling of tombstones. (#1656) + * Bring back CpuOptLevel x86_64_v1 (#1590) + * Doc fixes (#1658) + * Identifiable tokens (#1623) + * Add version tag to makefile images (#1654) + * during service account recovery, remove incompatible credentials (#1650) + * signal handling for tasks daemon (#1651) + * Time travelling (#1648) + * chore(deps): bump requests from 2.28.2 to 2.31.0 in /pykanidm (#1649) + * 20230508 replication incremental (#1620) + * chore(deps-dev): bump mkdocs-material from 9.1.12 to 9.1.14 in /pykanidm (#1642) + * chore(deps): bump wasm-bindgen from 0.2.85 to 0.2.86 (#1647) + * chore(deps): bump js-sys from 0.3.62 to 0.3.63 (#1646) + * chore(deps): bump uuid from 1.3.2 to 1.3.3 (#1645) + * chore(deps): bump proc-macro2 from 1.0.56 to 1.0.58 (#1644) + * chore(deps): bump reqwest from 0.11.17 to 0.11.18 (#1643) + * chore(deps-dev): bump ruff from 0.0.267 to 0.0.269 in /pykanidm (#1641) + * Fix use-reset-token command hint (#1639) + * chore(deps): bump pymdown-extensions from 9.9.2 to 10.0 in /pykanidm (#1638) + * chore(deps-dev): bump mypy from 1.2.0 to 1.3.0 in /pykanidm (#1636) + * chore(deps): bump wasm-bindgen-test from 0.3.34 to 0.3.35 (#1635) + * chore(deps-dev): bump ruff from 0.0.265 to 0.0.267 in /pykanidm (#1634) + * chore(deps): bump syn from 2.0.15 to 2.0.16 (#1633) + * chore(deps): bump quote from 1.0.26 to 1.0.27 (#1628) + * chore(deps): bump serde from 1.0.162 to 1.0.163 (#1632) + * chore(deps-dev): bump mkdocs-material from 9.1.9 to 9.1.12 in /pykanidm (#1631) + * chore(deps): bump tokio from 1.28.0 to 1.28.1 (#1629) + * chore(deps): bump web-sys from 0.3.61 to 0.3.62 (#1627) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#1626) + * chore(deps): bump libc from 0.2.143 to 0.2.144 (#1625) + * chore(deps): bump js-sys from 0.3.61 to 0.3.62 (#1624) + * Update policy (#1619) + * fixing up some spelling errors (#1618) + * Update RELEASE_NOTES.md (#1616) + * 20230505 replication groundwork - ruv consistency improvements (#1606) + * chore(deps-dev): bump ruff from 0.0.263 to 0.0.265 in /pykanidm (#1608) + * chore(deps-dev): bump mkdocs-material from 9.1.8 to 9.1.9 in /pykanidm (#1609) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#1611) + * chore(deps): bump serde from 1.0.160 to 1.0.162 (#1613) + * chore(deps): bump libc from 0.2.142 to 0.2.143 (#1612) + * chore(deps): bump pkg-config from 0.3.26 to 0.3.27 (#1610) + * chore(deps-dev): bump mkdocs from 1.4.2 to 1.4.3 in /pykanidm (#1607) + * github pages ... something is definitely going weird. (#1605) + * token permissions! (#1604) + * Using github actions might actually push a change (#1603) + * looks like that's a bug (#1602) + * fix things (#1601) + * 20230506 ignore some references (#1600) + * Harden migrate session to prevent duplicate migration errors (#1599) + * reducing action concurrency load (#1598) + * more testing cleanup (#1595) + * Document that you need to tell Nginx or other proxies to use HTTP 1.1… (#1592) + * sccache github actions fixes (#1593) + * Start next dev cycle (#1589) + +------------------------------------------------------------------- +Mon May 01 01:18:44 UTC 2023 - william.brown@suse.com + +- Update to version 1.1.0~alpha12~git0.bcdbb18: + * Release 1.1.0-alpha.12 (#1588) + * chore(deps): bump tokio-util from 0.7.7 to 0.7.8 (#1587) + * chore(deps): bump reqwest from 0.11.16 to 0.11.17 (#1586) + * chore(deps): bump tokio from 1.27.0 to 1.28.0 (#1585) + * chore(deps): bump uuid from 1.3.1 to 1.3.2 (#1584) + * chore(deps): bump clap from 3.2.23 to 3.2.25 (#1583) + * chore(deps-dev): bump coverage from 7.2.3 to 7.2.5 in /pykanidm (#1582) + * Correctly prevent start up when https sockets in use (#1579) + * Filter rdns and dns for ldap filters (#1576) + * use sccache, merge "test" actions into "build", remove homebrew caching (#1578) + * Cleanup incorrect log errors of denied entries (#1577) + * 20230424 clippppppppppppyyyyyyyy (#1574) + * Add exclusive process lock to Kanidm to prevent accidental duplicate commands. (#1575) + * more more more unixd build fixes (#1573) + * chore(deps-dev): bump mkdocs-material from 9.1.7 to 9.1.8 in /pykanidm (#1572) + * chore(deps): bump openssl from 0.10.51 to 0.10.52 (#1571) + * chore(deps): bump openssl-sys from 0.9.86 to 0.9.87 (#1570) + * chore(deps-dev): bump ruff from 0.0.262 to 0.0.263 in /pykanidm (#1569) + * more-merge unixd commands (#1568) + * Consolidate unix tools (#1566) + * 1553 pam remote or local detection (#1565) + * chore(deps): bump openssl from 0.10.50 to 0.10.51 (#1563) + * Improve user experince of refreshing with intent tokens during cred update (#1556) + * chore(deps): bump tracing-subscriber from 0.3.16 to 0.3.17 (#1562) + * chore(deps): bump regex from 1.7.3 to 1.8.1 (#1561) + * chore(deps): bump libc from 0.2.141 to 0.2.142 (#1560) + * chore(deps-dev): bump ruff from 0.0.261 to 0.0.262 in /pykanidm (#1559) + * chore(deps-dev): bump mkdocs-material from 9.1.6 to 9.1.7 in /pykanidm (#1558) + * chore(deps): bump actions/upload-artifact from 1 to 3 (#1557) + * Fix incompatible future warnings by removing older crates (#1554) + * 20230330 oauth2 refresh tokens (#1502) + * Sorting documentation builds (#1551) + * Add troubleshooting step for pam home dirs (#1550) + * AuthSession non empty vec part 2 (#1543) + * chore(deps): bump openssl from 0.10.49 to 0.10.50 (#1548) + * chore(deps): bump serde from 1.0.159 to 1.0.160 (#1547) + * chore(deps): bump syn from 2.0.13 to 2.0.15 (#1546) + * chore(deps): bump serde_json from 1.0.95 to 1.0.96 (#1545) + * chore(deps-dev): bump pytest from 7.3.0 to 7.3.1 in /pykanidm (#1544) + * chore(deps): bump h2 from 0.3.15 to 0.3.17 (#1540) + * Improve unicode control character detection (#1539) + * chore(deps-dev): bump mkdocstrings-python in /pykanidm (#1533) + * chore(deps-dev): bump mypy from 1.0.1 to 1.2.0 in /pykanidm (#1532) + * chore(deps): bump filetime from 0.2.20 to 0.2.21 (#1529) + * chore(deps-dev): bump mkdocstrings from 0.20.0 to 0.21.2 in /pykanidm (#1536) + * chore(deps-dev): bump mkdocs-material from 9.1.5 to 9.1.6 in /pykanidm (#1535) + * chore(deps-dev): bump ruff from 0.0.260 to 0.0.261 in /pykanidm (#1534) + * chore(deps-dev): bump coverage from 7.2.2 to 7.2.3 in /pykanidm (#1530) + * chore(deps): bump uuid from 1.3.0 to 1.3.1 (#1531) + * chore(deps): bump syn from 2.0.12 to 2.0.13 (#1527) + * chore(deps): bump dialoguer from 0.10.3 to 0.10.4 (#1526) + * chore(deps-dev): bump pytest from 7.2.2 to 7.3.0 in /pykanidm (#1528) + * chore(deps): bump libc from 0.2.140 to 0.2.141 (#1525) + * chore(deps): bump fernet from 0.2.0 to 0.2.1 (#1524) + * Authsession non empty vec (#1522) + * chore(deps-dev): bump ruff from 0.0.259 to 0.0.260 in /pykanidm (#1506) + * chore(deps-dev): bump mkdocs-material from 9.1.4 to 9.1.5 in /pykanidm (#1510) + * chore(deps): bump serde from 1.0.158 to 1.0.159 (#1515) + * chore(deps): bump openssl from 0.10.48 to 0.10.49 (#1513) + * chore(deps): bump tokio from 1.26.0 to 1.27.0 (#1505) + * chore(deps): bump openssl-sys from 0.9.83 to 0.9.84 (#1507) + * chore(deps): bump futures from 0.3.27 to 0.3.28 (#1509) + * chore(deps): bump reqwest from 0.11.15 to 0.11.16 (#1517) + * chore(deps-dev): bump black from 23.1.0 to 23.3.0 in /pykanidm (#1514) + * changing from merge to squash (#1521) + * chore(deps): bump proc-macro2 from 1.0.54 to 1.0.56 + * fixing up auto-merge (#1519) + * chore(deps): bump syn from 2.0.10 to 2.0.12 (#1511) + * chore(deps-dev): bump types-toml from 0.10.8.5 to 0.10.8.6 in /pykanidm (#1504) + * chore(deps): bump serde_json from 1.0.94 to 1.0.95 (#1516) + * chore(deps): bump ldap3_proto from 0.3.1 to 0.3.2 (#1518) + * chore(deps): bump syn from 1.0.109 to 2.0.10 (#1499) + * Be non empty vec (#1501) + * 1496 ldap basedn config (#1500) + * chore(deps): bump proc-macro2 from 1.0.52 to 1.0.54 (#1494) + * chore(deps): bump regex from 1.7.1 to 1.7.3 (#1491) + * chore(deps): bump pydantic from 1.10.6 to 1.10.7 in /pykanidm (#1492) + * chore(deps-dev): bump mkdocs-material from 9.1.3 to 9.1.4 in /pykanidm (#1487) + * chore(deps): bump async-trait from 0.1.67 to 0.1.68 (#1488) + * Improve string validation (#1497) + * chore(deps): bump reqwest from 0.11.14 to 0.11.15 (#1493) + * chore(deps-dev): bump ruff from 0.0.257 to 0.0.259 in /pykanidm (#1489) + * chore(deps): bump serde from 1.0.157 to 1.0.158 (#1490) + * Adding an auto-merger for dependabot updates (#1486) + * Make examples in ldap chapter consistent (#1495) + * 1115 priv (reauth, sudo) mode (#1479) + * chore(deps): bump openssl from 0.10.47 to 0.10.48 (#1484) + * Server daemon logging and exit codes (#1475) + * Fix path-relative links in documentation (#1478) + * chore(deps): bump openssl from 0.10.45 to 0.10.47 (#1471) + * chore(deps): bump serde from 1.0.155 to 1.0.157 (#1473) + * chore(deps-dev): bump mkdocs-material from 9.1.2 to 9.1.3 in /pykanidm (#1468) + * chore(deps-dev): bump pylint-pydantic from 0.1.7 to 0.1.8 in /pykanidm (#1469) + * chore(deps-dev): bump coverage from 7.2.1 to 7.2.2 in /pykanidm (#1463) + * chore(deps-dev): bump ruff from 0.0.254 to 0.0.257 in /pykanidm (#1466) + * chore(deps): bump async-trait from 0.1.66 to 0.1.67 (#1461) + * chore(deps): bump whoami from 1.3.0 to 1.4.0 (#1460) + * chore(deps): bump zxcvbn from 2.2.1 to 2.2.2 (#1464) + * chore(deps): bump openssl-sys from 0.9.80 to 0.9.82 (#1470) + * chore(deps-dev): bump pytest-asyncio from 0.20.3 to 0.21.0 in /pykanidm (#1459) + * Add unixd exit code (#1453) + * Unixd daemon improvement (#1454) + * chore(deps): bump walkdir from 2.3.2 to 2.3.3 (#1458) + * checks for a minimum number of arguments (#1452) + * chore(deps): bump chrono from 0.4.23 to 0.4.24 (#1444) + * chore(deps): bump futures from 0.3.26 to 0.3.27 (#1447) + * chore(deps): bump paste from 1.0.11 to 1.0.12 (#1449) + * chore(deps-dev): bump mkdocs-material from 9.1.1 to 9.1.2 in /pykanidm (#1450) + * chore(deps): bump csv from 1.2.0 to 1.2.1 (#1443) + * chore(deps): bump libc from 0.2.139 to 0.2.140 (#1442) + * chore(deps): bump serde from 1.0.152 to 1.0.155 (#1446) + * chore(deps): bump pydantic from 1.10.5 to 1.10.6 in /pykanidm (#1448) + * Image fixes in the build (#1441) + * Fix RADIUS docker image file permissions (#1439) + * User auth token session display implementation (#1415) + * RADIUS container fixes (#1424) + * Update book - OAuth2 integration step (#1437) + * chore(deps): bump async-trait from 0.1.64 to 0.1.66 (#1433) + * Hopefully fix exp issues by making it a stable part of the access token. (#1434) + * chore(deps): bump base64 from 0.13.1 to 0.21.0 (#1350) + * chore(deps): bump serde_json from 1.0.93 to 1.0.94 (#1427) + * chore(deps-dev): bump pytest from 7.2.1 to 7.2.2 in /pykanidm (#1431) + * chore(deps-dev): bump pylint-pydantic from 0.1.6 to 0.1.7 in /pykanidm (#1430) + * chore(deps-dev): bump ruff from 0.0.253 to 0.0.254 in /pykanidm (#1429) + * chore(deps-dev): bump mkdocs-material from 9.0.15 to 9.1.1 in /pykanidm (#1428) + * Openssl build fix (#1422) + * 1399 some async cleanup (#1421) + * Web UI: Sort group memberships of profile (#1410) + * Update the dev docs to flow nicer (#1420) + * chore(deps): bump dyn-clone from 1.0.10 to 1.0.11 (#1417) + * chore(deps): bump tokio from 1.25.0 to 1.26.0 (#1418) + * chore(deps-dev): bump coverage from 7.1.0 to 7.2.1 in /pykanidm (#1405) + * chore(deps-dev): bump ruff from 0.0.230 to 0.0.253 in /pykanidm (#1419) + * 1399 cleanup cli docs (#1413) + * 1399 cleanup reorg (#1412) + * 1399 cleanup (#1409) + * Version output for 4 unix_int tools (#1408) + * Windows build fixes (#1388) + * chore(deps): bump num_enum from 0.5.10 to 0.5.11 (#1404) + * chore(deps-dev): bump types-toml from 0.10.8.4 to 0.10.8.5 in /pykanidm (#1407) + * chore(deps): bump syn from 1.0.107 to 1.0.109 (#1406) + * chore(deps-dev): bump mkdocs-material from 9.0.13 to 9.0.15 in /pykanidm (#1403) + * Mention my Recursing of the Passport (#1402) + * Start to add reauth capabilities (#1398) + * Add Recursive Logos (#1401) + * Prevent invalidation of api tokens (#1397) + * chore(deps): bump tokio-util from 0.7.4 to 0.7.7 (#1378) + * chore(deps): bump web-sys from 0.3.60 to 0.3.61 (#1362) + * chore(deps): bump filetime from 0.2.19 to 0.2.20 (#1375) + * chore(deps): bump pydantic from 1.10.4 to 1.10.5 in /pykanidm (#1392) + * chore(deps-dev): bump mkdocs-material from 9.0.12 to 9.0.13 in /pykanidm (#1394) + * chore(deps): bump num_enum from 0.5.9 to 0.5.10 (#1391) + * chore(deps-dev): bump types-toml from 0.10.8.3 to 0.10.8.4 in /pykanidm (#1395) + * chore(deps-dev): bump mypy from 1.0.0 to 1.0.1 in /pykanidm (#1390) + * chore(deps): bump csv from 1.1.6 to 1.2.0 (#1393) + * chore(deps): bump base64urlsafedata from 0.1.2 to 0.1.3 (#1389) + * 20230220 passkey cleanup (#1396) + * 1115 store credential ids per session (#1386) + * Reduce the number of cow cells in idm (#1385) + * 1355 docker builds (#1384) + * chore(deps): bump proc-macro2 from 1.0.50 to 1.0.51 (#1369) + * Improve some small behaviours of login and key management (#1383) + * 967 oauth2 implicit search (#1382) + * chore(deps): bump wasm-bindgen-test from 0.3.33 to 0.3.34 (#1364) + * chore(deps): bump serde_json from 1.0.91 to 1.0.93 (#1376) + * chore(deps-dev): bump black from 22.12.0 to 23.1.0 in /pykanidm (#1367) + * chore(deps-dev): bump pylint-pydantic from 0.1.5 to 0.1.6 in /pykanidm (#1351) + * chore(deps-dev): bump coverage from 7.0.5 to 7.1.0 in /pykanidm (#1352) + * 20230130 hackweek replication (#1358) + * Improve some diagnostic messages in console (#1381) + * chore(deps): bump docker/build-push-action from 3 to 4 (#1360) + * chore(deps): bump aiohttp from 3.8.3 to 3.8.4 in /pykanidm (#1377) + * chore(deps-dev): bump mypy from 0.991 to 1.0.0 in /pykanidm (#1380) + * chore(deps): bump uuid from 1.2.2 to 1.3.0 (#1368) + * chore(deps-dev): bump mkdocs-material from 9.0.6 to 9.0.12 in /pykanidm (#1379) + * chore(deps-dev): bump types-toml from 0.10.8.1 to 0.10.8.3 in /pykanidm (#1374) + * chore(deps): bump cryptography from 39.0.0 to 39.0.1 in /pykanidm (#1371) + * Update release docs to prevent forgetting a release step (#1370) + * 1355 docker builds (#1357) + * Update to 12 dev (#1356) + +------------------------------------------------------------------- +Fri Apr 14 00:02:31 UTC 2023 - William Brown + +- bsc#1210356 - CVE-2023-26964 - hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames + +------------------------------------------------------------------- +Tue Feb 14 01:43:11 UTC 2023 - William Brown + +- Automatic update of vendored dependencies + +------------------------------------------------------------------- +Wed Feb 01 03:34:08 UTC 2023 - william.brown@suse.com + +- Update to version 1.1.0~alpha11~git0.d3a2a6b: + * Release 1.1.0-alpha.11 (#1354) + * 20230128 protected to access (#1349) + * 20230125 pre rel cleanup (#1348) + * 20230125 pre rel cleanup (#1347) + * Allow multiple backends to run in parallel for repl tests (#1346) + * 20230121 access improvement (#1345) + * Fix debian build path (#1331) + * Windows-related build fixes (#1344) + * chore(deps): bump gloo-net from 0.2.5 to 0.2.6 (#1338) + * chore(deps-dev): bump mkdocstrings from 0.19.1 to 0.20.0 in /pykanidm (#1334) + * making the robots easier and happier (#1343) + * chore(deps): bump tokio from 1.24.1 to 1.24.2 (#1340) + * chore(deps): bump toml from 0.5.10 to 0.5.11 (#1337) + * chore(deps): bump proc-macro2 from 1.0.49 to 1.0.50 (#1332) + * chore(deps): bump reqwest from 0.11.13 to 0.11.14 (#1333) + * chore(deps): bump async-trait from 0.1.61 to 0.1.62 (#1335) + * 2023 orca improve (#1342) + * Adding healthcheck functionality to kanidmd (#1330) + * less lint more bark, ruff ruff (#1341) + * 1121 SCIM import totp freeipa (#1328) + * 1121 multiple totp (#1325) + * chore(deps-dev): bump pylint from 2.15.9 to 2.15.10 in /pykanidm (#1324) + * chore(deps-dev): bump mkdocs-material from 9.0.3 to 9.0.5 in /pykanidm (#1322) + * chore(deps-dev): bump coverage from 7.0.4 to 7.0.5 in /pykanidm (#1323) + * chore(deps-dev): bump pytest from 7.2.0 to 7.2.1 in /pykanidm (#1318) + * chore(deps): bump regex from 1.7.0 to 1.7.1 (#1316) + * chore(deps): bump ldap3_client from `2c9dc31` to `b3c7653` (#1320) + * chore(deps-dev): bump pook from 1.0.2 to 1.1.1 in /pykanidm (#1319) + * chore(deps): bump dialoguer from 0.10.2 to 0.10.3 (#1317) + * Fix ldap vattr search (#1315) + * Spell checking and stuff (#1314) + * Bump coverage from 7.0.1 to 7.0.4 in /pykanidm (#1311) + * Bump mkdocstrings-python from 0.8.2 to 0.8.3 in /pykanidm (#1313) + * Bump async-trait from 0.1.60 to 0.1.61 (#1310) + * Bump mkdocs-material from 8.5.11 to 9.0.3 in /pykanidm (#1312) + * Update yew to 0.20 (#1308) + * Bump tokio from 1.23.0 to 1.24.1 (#1309) + * Cleanup references to sqlite, add a FAQ section (#1307) + * Bump serde from 1.0.151 to 1.0.152 (#1303) + * Bump whoami from 1.2.3 to 1.3.0 (#1304) + * Bump pydantic from 1.10.2 to 1.10.4 in /pykanidm (#1305) + * Fix the book again (#1302) + * 20221224 cleanup (#1300) + * Bump scim_proto from `cb147c8` to `b5a392f` (#1294) + * Bump openssl from 0.10.44 to 0.10.45 (#1295) + * Bump openssl-sys from 0.9.79 to 0.9.80 (#1296) + * docs: reformat book and introduce workflow to ensure it stays formatted (#1286) + * Bump libc from 0.2.138 to 0.2.139 (#1292) + * Bump ldap3_proto from `5149451` to `2c9dc31` (#1297) + * Bump coverage from 6.5.0 to 7.0.1 in /pykanidm (#1298) + * feat(kanidmd): add ldap support for mail primary and alternative address (#1287) + * chore(make): co-locate .PHONY declaration and target (#1291) + * Can’t build designs private documentation (#1289) + * 20221221 sync deploy (#1285) + * Bump serde from 1.0.150 to 1.0.151 (#1276) + * 20221219 sync polish (#1284) + * Bump async-trait from 0.1.59 to 0.1.60 (#1278) + * Bump toml from 0.5.9 to 0.5.10 (#1280) + * Bump dyn-clone from 1.0.9 to 1.0.10 (#1282) + * Bump serde_json from 1.0.89 to 1.0.91 (#1275) + * Bump mkdocstrings from 0.19.0 to 0.19.1 in /pykanidm (#1277) + * feat(oauth2): add support for a 'groups' claim (#1272) + * Bump paste from 1.0.9 to 1.0.11 (#1279) + * Bump syn from 1.0.105 to 1.0.107 (#1283) + * Bump quote from 1.0.21 to 1.0.23 (#1281) + * Bump pylint from 2.15.8 to 2.15.9 in /pykanidm (#1274) + * Bump proc-macro2 from 1.0.47 to 1.0.49 (#1273) + * 20221216 a little cleanup as a treat (#1266) + * fix(make): improve help output and solve warnings (#1269) + * fix: set executable flag for shell scripts (#1268) + * chore: add jceb to list of contributors (#1267) + * docs: correct LDAP DN for token authentication (#1263) + * docs: correct command for generating a password (#1261) + * docs: replace kanidm account with kanidm person (#1262) + * docs: unify representation of dn=token (#1264) + * docs: fix link to oauth2 documentation (#1260) + * 20221123 iam migration work (#1258) + * fix(oauth2): use the short name in the userinfo (#1259) + * Bump serde from 1.0.148 to 1.0.150 (#1257) + * Bump authlib from 1.1.0 to 1.2.0 in /pykanidm (#1255) + * Bump pytest-asyncio from 0.20.2 to 0.20.3 in /pykanidm (#1254) + * Bump openssl from 0.10.43 to 0.10.44 (#1251) + * Bump certifi from 2022.9.24 to 2022.12.7 in /pykanidm (#1247) + * Bump tokio from 1.22.0 to 1.23.0 (#1249) + * Bump pylint from 2.15.7 to 2.15.8 in /pykanidm (#1253) + * Bump black from 22.10.0 to 22.12.0 in /pykanidm (#1256) + * Bump filetime from 0.2.18 to 0.2.19 (#1248) + * Bump libc from 0.2.137 to 0.2.138 (#1243) + * Bump serde from 1.0.147 to 1.0.148 (#1242) + * Bump gloo-net from 0.2.4 to 0.2.5 (#1244) + * Bump syn from 1.0.103 to 1.0.105 (#1240) + * Bump async-trait from 0.1.58 to 0.1.59 (#1239) + * Bump pylint from 2.15.6 to 2.15.7 in /pykanidm (#1246) + * Bump mkdocs-material from 8.5.10 to 8.5.11 in /pykanidm (#1245) + * Improve ldap sections (#1218) + * Bump openssl from 0.10.42 to 0.10.43 (#1235) + * Bump serde_json from 1.0.88 to 1.0.89 (#1238) + * Bump bytes from 1.2.1 to 1.3.0 (#1236) + * Bump jetli/wasm-pack-action from 0.3.0 to 0.4.0 (#1231) + * Bump rpassword from 7.1.0 to 7.2.0 (#1233) + * Add new mail read group (#1224) + * fixing up automation (#1230) + * Add signal trapping for a variety of signals (#1223) + * docs tweaks, renaming integrations (#1228) + * Add ability to bind with token with a dn=token marker (#1225) + * 20221121 debug webui (#1217) + * Cargo updates (#1219) + * Bump reqwest from 0.11.12 to 0.11.13 (#1210) + * Abstract webauthn authenticator access, and use Windows API on Windows (#1203) + * 20221116 oauth2 app portal 2 (#1201) + * Bump pylint from 2.15.5 to 2.15.6 in /pykanidm (#1216) + * Bump serde_json from 1.0.87 to 1.0.88 (#1212) + * Bump tokio from 1.21.2 to 1.22.0 (#1213) + * Bump mkdocstrings-python from 0.8.0 to 0.8.2 in /pykanidm (#1215) + * Bump mypy from 0.990 to 0.991 in /pykanidm (#1214) + * 20221116 oauth2 app portal (#1200) + * Bump pytest-asyncio from 0.20.1 to 0.20.2 in /pykanidm (#1194) + * 1116 UI hints (#1199) + * Reword security keys (#1196) + * Bump mkdocs-material from 8.5.8 to 8.5.10 in /pykanidm (#1193) + * remove pam tester (#1197) + * Bump mkdocstrings-python from 0.7.1 to 0.8.0 in /pykanidm (#1195) + * Bump types-toml from 0.10.8 to 0.10.8.1 in /pykanidm (#1192) + * Bump mypy from 0.982 to 0.990 in /pykanidm (#1191) + * Bump chrono from 0.4.22 to 0.4.23 (#1188) + * Bump actions/dependency-review-action from 2 to 3 (#1187) + * Bump base64urlsafedata from 0.1.1 to 0.1.2 (#1190) + * Workflow tweaks (#1186) + * 1116 UI hint (#1185) + * 613 oauth2 logout (#1184) + * started working on fixing a log issue and chased some clippy lints (#1182) + * 20221103 ipa import driver (#1180) + * Review oauth2 best practices document (#1181) + * Add tools container support (#1178) + * improve webauthn errors (#1179) + * Add version header and warnings (#1175) + * Bump mkdocs-material from 8.5.7 to 8.5.8 in /pykanidm (#1173) + * Bump mkdocs from 1.4.1 to 1.4.2 in /pykanidm (#1174) + * Bump regex from 1.6.0 to 1.7.0 (#1172) + * Improve handling of openssl3 in md4 tests (#1171) + * Add /etc/skel templating and notes adjacent to kanidm-unixd and packaging (#1113) + * Further test improvements (#1166) + * Setup for next dev cycle (#1165) + +------------------------------------------------------------------- +Wed Nov 09 21:48:25 UTC 2022 - william.brown@suse.com + +- Update to version 1.1.0~alpha10~git2.4a03ca5: + * Add tools container support (#1178) + * Improve handling of openssl3 in md4 tests (#1171) + +------------------------------------------------------------------- +Tue Nov 1 04:31:58 UTC 2022 - William Brown + +- Update to kanidm 1.1.0-alpha.10 + * Management and tracking of authenticated sessions + * Make upgrade migrations more robust when upgrading over multiple versions + * Add support for service account tokens via ldap for extended read permissions + * Unix password management in web ui for posix accounts + * Support internal dynamic group entries + * Allow selection of name/spn in oidc claims + * Admin UI wireframes and basic elements + * TLS enforced as a requirement for all servers + * Support API service account tokens + * Make name rules stricter due to issues found in production + * Improve Oauth2 PKCE testing + * Add support for new password import hashes + * Allow configuration of trusting x forward for headers + * Components for account permission elevation modes + * Make pam\_unix more robust in high latency environments + * Add proc macros for test cases + * Improve authentication requests with cookie/token seperation + * Cleanup of expired authentication sessions + * Improved administration of password badlists + +------------------------------------------------------------------- +Fri Sep 09 02:33:47 UTC 2022 - william.brown@suse.com + +- Update to version 1.1.0~alpha9~git6.b20d5312: + * Resolve upgrade in place error with cbor to json (#1028) + +------------------------------------------------------------------- +Fri Aug 26 06:03:26 UTC 2022 - william.brown@suse.com + +- Update to version 1.1.0~alpha9~git5.98546259: + * Remove dependency on git webauthn authentication versions + +------------------------------------------------------------------- +Fri Aug 26 04:28:35 UTC 2022 - william.brown@suse.com + +- Update to version 1.1.0~alpha9~git4.33b4e11b: + * Resolve issue with migration application order (#986) + +------------------------------------------------------------------- +Tue Aug 02 04:58:28 UTC 2022 - william.brown@suse.com + +- Update to version 1.1.0~alpha9~git2.ebab6c5f: + * Fix cargo.lock + Docker + * Fixing the Github Actions Kanidmd build (#963) + * (cargo-release) version 1.1.0-alpha.9 (#962) + * Improve radius to support eap-tls with ca-dir (#957) + * A pile of Wasm UI tweaks (#958) + * Bump types-requests from 2.28.3 to 2.28.6 in /kanidm_rlm_python (#960) + * Update validator requirement from ^0.15.0 to ^0.16.0 (#959) + * Bump types-requests from 2.28.3 to 2.28.6 in /pykanidm (#961) + * 383 164 authentication updates 9 (#956) + * Update libsqlite3-sys requirement from 0.24.2 to 0.25.0 in /kanidm_unix_int (#929) + +------------------------------------------------------------------- +Sun May 01 05:33:09 UTC 2022 - william.brown@suse.com + +- Update to version 1.1.0~alpha8~git1.980f358d: + * Push some missed bits to documents + * (cargo-release) version 1.1.0-alpha.8 + * 20220501 fix logging (#730) + * ref #725 - updated comment to note it's still failing (#727) + * Remove async references (#724) + * 383 170 164 authentication updates 3 (#723) + * Making the login path nicer, dev scripting (#721) + * Tweak docs generation... (#722) + * Docs updates to push all tagged versions + dev (#720) + * 20220427 dependency updates (#718) + +------------------------------------------------------------------- +Tue Apr 5 05:35:55 UTC 2022 - William Brown + +- Automatic update of vendored dependencies + +------------------------------------------------------------------- +Mon Mar 14 06:58:28 UTC 2022 - william.brown@suse.com + +- Update to resolve bsc#1196972 CVE-2022-24713 - Regex DOS + +------------------------------------------------------------------- +Fri Jan 07 00:59:36 UTC 2022 - wbrown@suse.de + +- resolve bsc#1194119 (CVE-2021-45710) + +------------------------------------------------------------------- +Fri Dec 31 00:11:55 UTC 2021 - wbrown@suse.de + +- Update to version 1.1.0~alpha7~git0.c8468199: + * (cargo-release) version 1.1.0-alpha.7 + * Pre-release update and cleanup (#631) + * Improve autofocus to oauth2 (#630) + * Finalise email changes for oidc (#629) + * Temp use env filter (#628) + * 20211216 tracing cleanup (#627) + * Art attribution + * Refactor of value and addition of base types for business attributes (#626) + * Add xmas logo + * Add rinstall file (#625) + +------------------------------------------------------------------- +Fri Oct 01 02:10:02 UTC 2021 - wbrown@suse.de + +- bsc#1191031 - use _pam_moduledir in spec macros +- Update to version 1.1.0~alpha6~git0.c9f4b1d: + * (cargo-release) version 1.1.0-alpha.6 + * Added an interactive cli dialog to kanidm login (#584) + * Add support for storing security token key in domain config (#581) + * Remove auditscope for tracing (#580) + * Entry Arc Tracking to reduce memory footprint (#579) + * Rewrite how we store the internals of valuesets in entries (#578) + * Improving logging and docs around unixd/PAM/NSS (#577) + * Swap to tide-openssl (#575) + * Start to remove audit scope :) (#574) + * Fix io capture in tests (#573) + +------------------------------------------------------------------- +Wed Jul 07 02:36:51 UTC 2021 - wbrown@suse.de + +- Update to version 1.1.0~alpha5~git0.4be329e: + * (cargo-release) version 1.1.0-alpha.5 + * Release prep + * Fix totp registration workflow with broken authenticators (#516) + * Add statistical analysis to indexes (#505) + * 511 upgrade failure - add debuging tools and improve debugging of the issue. (#512) + * fixes #503 - TOTP prompt no longer drops a newline (#515) + * Fixing kanidm windows client build (#507) + * Add the ability to configure and provide Oauth2 authentication for Kanidm. (#485) + * Change default totp to sha256 (#504) + * Fixes #494 - password change user-facing responses (#499) + * Fix readonly check (#496) + * Update webauthn-authenticator-rs to fix test failures (#493) + * Update repo locations and versions in prep for release (#492) + * Add workaround for podman subid issue (#491) + * 163 account recovery code (#469) + * check user shell (#392) (#490) + * Removed `OperationResponse` (#489) + * Set default shell to `bin/sh` (#488) + * 20210607 orca ldap (#470) + * `kanidm_client` bool/return values (#479) + * Arc cachesize warning fixes (#483) + * Closure Refactoring (#482) + * Renamed fields in `dbvalue` (#477) + * 471 add service files (#474) + * fixes #478 - adds note about web ui already being packaged (#480) + * unixd will now bail if startup tests fail (#476) + * Add email syntax (#465) + * Add some openid stubs (#464) + * Add auth docs (#463) + * 64 120 session claims (#462) + * Add ldap vattr mapping (#459) + * Fix for unixd issue (#460) + * 414 clear stale credentials (#447) + * Fix multivalue setting of description attribute (#457) + * 445 update pam nsswitch md (#451) + * simpler ip logging (#454) + * I might have become clippy this time (#449) + * Calming clippy's nerves, Friday edition (#448) + * 444 - client's config URI missing and more file open handling (#446) + * Fix proxy usage in tests (#443) + * This allows TOTP to accept an OTP that is one step behind AKA the previous TOTP (#442) + * oauth design (#441) + * Adding an example config file (#440) + * adding env vars, making clippy happier, cleaning up some error messages (#438) + * 20210509 cleanup clippy and audit name (#437) + * 277 radius pw not accept for main pw (#435) + * Orca - a load testing framework for Kanidm (#431) + * Add verification of name indexes (#433) + * Add ability to pick a server role (#432) + * Adding a new verb group remove_members (#434) + * 397 Caching password badlist (#425) + * User feedback improvements, also handling a permissions issue (#424) + * Fix concat issue + * Update contributors + * Making clippy happy (#420) + * Fix 421 - clearer debug messages when doing things (#422) + * 62 idm qs cleanup (#419) + * Rough working login page (#417) + * Make clippy happy (#415) + * More debug messages (#413) + * merging upstream (#411) + * Improve error message when socket not found (#412) + * Idlset2, query cache, acp resolve cache (#409) + * Add lto thin (#410) + * fixing broken action (#405) + * Basic documentation for monitoring (#404) + * Create design for mfa_backup_code.rst (#402) + * phrasing (#401) + * Docs update (#400) +- Remove un-needed source files: + * kanidm-unixd-tasks.service + * kanidm-unixd.service + * kanidmd.service + * server.toml + +------------------------------------------------------------------- +Thu Jun 24 02:54:31 UTC 2021 - wbrown@suse.de + +- Update to version 1.1.0~alpha4~git54.675146e: + * check user shell (#392) (#490) + * Removed `OperationResponse` (#489) + * Set default shell to `bin/sh` (#488) + * 20210607 orca ldap (#470) + * `kanidm_client` bool/return values (#479) + * Arc cachesize warning fixes (#483) + * Closure Refactoring (#482) + +------------------------------------------------------------------- +Wed Jun 16 02:38:11 UTC 2021 - wbrown@suse.de + +- Update to version 1.1.0~alpha4~git47.5e83b68: + * Renamed fields in `dbvalue` (#477) + * 471 add service files (#474) + * fixes #478 - adds note about web ui already being packaged (#480) + * unixd will now bail if startup tests fail (#476) + * Add email syntax (#465) + * Add some openid stubs (#464) + * Add auth docs (#463) + * 64 120 session claims (#462) + * Add ldap vattr mapping (#459) + +------------------------------------------------------------------- +Thu May 27 11:18:43 UTC 2021 - wbrown@suse.de + +- Update to version 1.1.0~alpha4~git38.d978c9d: + * Fix for unixd issue (#460) + +------------------------------------------------------------------- +Wed May 26 06:12:04 UTC 2021 - wbrown@suse.de + +- Update to version 1.1.0~alpha4~git37.e8b1089: + * 414 clear stale credentials (#447) + * Fix multivalue setting of description attribute (#457) + * 445 update pam nsswitch md (#451) + * simpler ip logging (#454) + * I might have become clippy this time (#449) + * Calming clippy's nerves, Friday edition (#448) + * 444 - client's config URI missing and more file open handling (#446) + * Fix proxy usage in tests (#443) + * This allows TOTP to accept an OTP that is one step behind AKA the previous TOTP (#442) + * oauth design (#441) + * Adding an example config file (#440) + * adding env vars, making clippy happier, cleaning up some error messages (#438) + * 20210509 cleanup clippy and audit name (#437) + * 277 radius pw not accept for main pw (#435) + * Orca - a load testing framework for Kanidm (#431) + * Add verification of name indexes (#433) + * Add ability to pick a server role (#432) + * Adding a new verb group remove_members (#434) + * 397 Caching password badlist (#425) + * User feedback improvements, also handling a permissions issue (#424) + * Fix concat issue + * Update contributors + * Making clippy happy (#420) + * Fix 421 - clearer debug messages when doing things (#422) + * 62 idm qs cleanup (#419) + * Rough working login page (#417) + * Make clippy happy (#415) + * More debug messages (#413) + * merging upstream (#411) + * Improve error message when socket not found (#412) + * Idlset2, query cache, acp resolve cache (#409) + * Add lto thin (#410) + * fixing broken action (#405) + * Basic documentation for monitoring (#404) + * Create design for mfa_backup_code.rst (#402) + * phrasing (#401) + * Docs update (#400) + +------------------------------------------------------------------- +Thu Apr 01 01:11:04 UTC 2021 - wbrown@suse.de + +- Update to version 1.1.0~alpha4~git0.0ac5da8: + * Performance Improvements + * TOTP CLI enrollment + * Jemalloc in main server instead of system allocator + * Command line completion + * TLS file handling improvements + * Webauthn authentication and enrollment on CLI + * Add db vacuum task + * Unix tasks daemon that automatically creates home directories + * Support for sk-ecdsa public ssh keys + * Badlist checked at login to determine account compromise + * Minor Fixes for attribute display + +------------------------------------------------------------------- +Mon Dec 28 00:15:25 UTC 2020 - wbrown@suse.de + +- Update to version v1.1.0alpha.3~git0.b34c893: + * (cargo-release) version 1.1.0-alpha.3 + * release notes + * Update Dependencies + * Unixd - NXCache of unknown items (#338) + * WIP - Improve Auth Proto to Support Webauthn (#333) + * Follow up on ci fixes + * Add port verification to start server in kanidm_client tests + * Update CI base image to ubuntu 20.04 + * Add libudev to ci + * 13 135 webauthn support (#332) + * Change root user check to warning due to container run times (#328) + * Fixes #324 account softlocking and rate limiting (#326) + * Add passpoint link + * Update tumbleweed docs + * Account valid-from and expiry (#322) + +------------------------------------------------------------------- +Thu Oct 01 00:19:19 UTC 2020 - wbrown@suse.de + +- Update to version v1.1.0alpha.2~git0.764e727: + * Update + * (cargo-release) version 1.1.0-alpha.2 + * (cargo-release) version 1.1.0-alpha.2 + * (cargo-release) version 1.1.0-alpha.2 + * (cargo-release) version 1.1.0-alpha.2 + * (cargo-release) version 1.1.0-alpha.2 + * (cargo-release) version 1.1.0-alpha.2 + * (cargo-release) version 1.1.0-alpha.2 + * gitignore + * Update Release Notes + * 250 cookie to auth bearer (#321) + * 259 reduce clones (#319) + * Xxx clippy outdated (#318) + * 314 improve async (#316) + * Update README.md + * On login pw upgrade (#315) + * Add python3 support to radius + * Dynamic crypto rounds (#311) + * tweak book chapter + * 67 resource limits impl (#307) + * Update based on review + * Apply suggestions from code review + * doc + * Build improvements + * Support zfs page size + * V large cleanup + * Cleanup and improve client error handling + * Improve server hardening + * Update deps + add simd support in container + * Add FAQ + eap selection + * Minor updates + * tweak release steps + +------------------------------------------------------------------- +Mon Aug 3 00:38:29 UTC 2020 - William Brown + +- Initial Commit diff --git a/kanidm.spec b/kanidm.spec new file mode 100644 index 0000000..6fea295 --- /dev/null +++ b/kanidm.spec @@ -0,0 +1,306 @@ +# +# spec file for package kanidm +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define kanidm_profile release_linux +%define configdir %{_sysconfdir}/kanidm + +Name: kanidm +Version: 1.3.3~git0.f075d13 +Release: 0 +Summary: A identity management service and clients. +License: ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR ISC OR MIT ) AND ( Apache-2.0 OR MIT ) AND ( Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT ) AND ( CC0-1.0 OR Apache-2.0 ) AND ( MIT OR Apache-2.0 OR Zlib ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND ISC AND MIT AND MPL-2.0 AND MPL-2.0+ +URL: https://github.com/Firstyear/kanidm +Source: kanidm-%{version}.tar.zst +Source1: vendor.tar.zst + +BuildRequires: cargo +BuildRequires: cargo-packaging +%if 0%{?is_opensuse} +BuildRequires: llvm-clang >= 13 +%else +# Sle is missing these provides. +BuildRequires: clang15 +%endif +BuildRequires: libselinux-devel +BuildRequires: libudev-devel +BuildRequires: pam-devel +BuildRequires: rust >= 1.69.0 +BuildRequires: sqlite-devel +%if 0%{?rhel} > 7 || 0%{?fedora} +BuildRequires: tpm2-tss-devel +%else +BuildRequires: tpm2-0-tss-devel +# BuildRequires: tpm2-openssl +%endif + +%if 0%{?rhel} > 7 || 0%{?fedora} +BuildRequires: openssl-devel +BuildRequires: systemd +%{?systemd_requires} +%else +BuildRequires: libopenssl-3-devel +%endif + +Requires: %{name}-clients +Requires: %{name}-unixd-clients + +ExclusiveArch: %{rust_tier1_arches} + +%description +An identity management platform written in rust that supports RADIUS, SSH Key management +and more. + +%package clients +Summary: Client tools for interacting with Kanidm +License: MPL-2.0 + +%description clients +Client utilities for interactive with kanidm servers + +%package server +Summary: Kanidm server and related tools +License: MPL-2.0 +Requires: %{name}-clients + +%description server +Server for kanidm providing the main authentication and identity service + +%package unixd-clients +Summary: Client nsswitch/pam/ssh integration for consuming kanidm +License: MPL-2.0 +Requires: %{name}-clients +%if 0%{?rhel} > 7 || 0%{?fedora} +Requires: tpm2-tools +Requires: tpm2-tss +%else +Requires: system-user-tss +Requires: tpm2.0-tools +%endif + +%description unixd-clients +A localhost resolver and libraries that allow a system to resolve posix +identities to a kanidm instance. + +%package docs +Summary: Documentation for Kanidm Administration +License: MPL-2.0 + +%description docs +Documentation for using and configuring Kanidm. + +%prep +%setup -q -n kanidm-%{version} -a 0 +%setup -q -n kanidm-%{version} -a 1 -D -T + +# Remove exec bits to prevent an issue in fedora shebang checking +find vendor -type f -name \*.rs -exec chmod -x '{}' \; + +%build +# Set our build profile, this will autodetect our cpu flags +export KANIDM_BUILD_PROFILE=%{kanidm_profile} +# Show linking info for debugging +# export RUSTC_LOG='rustc_codegen_ssa::back::link=info' +# Dump the target features of this cpu. +rustc --print target-cpus +# Override buildflags, we want to use clang + lld here. It's much better/faster than bfd. +%define build_rustflags -C linker=clang -C link-arg=-fuse-ld=/usr/lib/rustlib/%{_arch}-unknown-linux-gnu/bin/gcc-ld/ld.lld -C debuginfo=2 -C incremental=false + +%{cargo_build} --features=kanidm_unix_int/tpm,kanidm_unix_int/selinux + +%install +install -D -d -m 0755 %{buildroot}%{_sysconfdir} +install -D -d -m 0755 %{buildroot}%{_sysconfdir}/zsh_completion.d +install -D -d -m 0755 %{buildroot}%{_sysconfdir}/bash_completion.d +install -D -d -m 0755 %{buildroot}%{configdir} +install -D -d -m 0755 %{buildroot}%{_unitdir} +install -D -d -m 0755 %{buildroot}%{_sbindir} +install -D -d -m 0755 %{buildroot}%{_bindir} +install -D -d -m 0755 %{buildroot}%{_libdir} +%if 0%{?suse_version} > 1549 +install -D -d -m 0755 %{buildroot}/%{_pam_moduledir} +%else +install -D -d -m 0755 %{buildroot}/%_lib/security +%endif +install -D -d -m 0755 %{buildroot}%{_datadir}/kanidm +install -D -d -m 0755 %{buildroot}%{_datadir}/kanidm/docs/ +install -D -d -m 0755 %{buildroot}%{_datadir}/kanidm/ui/ + +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/kanidmd %{buildroot}%{_sbindir}/kanidmd +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/kanidm %{buildroot}%{_bindir}/kanidm +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/kanidm-ipa-sync %{buildroot}%{_sbindir}/kanidm-ipa-sync +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/kanidm-ldap-sync %{buildroot}%{_sbindir}/kanidm-ldap-sync +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/kanidm-unix %{buildroot}%{_sbindir}/kanidm-unix +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/kanidm_ssh_authorizedkeys %{buildroot}%{_sbindir}/kanidm_ssh_authorizedkeys +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/kanidm_ssh_authorizedkeys_direct %{buildroot}%{_sbindir}/kanidm_ssh_authorizedkeys_direct +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/kanidm_unixd %{buildroot}%{_sbindir}/kanidm_unixd +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/kanidm_unixd_tasks %{buildroot}%{_sbindir}/kanidm_unixd_tasks +install -m 0644 %{_builddir}/kanidm-%{version}/target/release/libnss_kanidm.so %{buildroot}%{_libdir}/libnss_kanidm.so.2 +%if 0%{?suse_version} > 1549 +install -m 0644 %{_builddir}/kanidm-%{version}/target/release/libpam_kanidm.so %{buildroot}/%{_pam_moduledir}/pam_kanidm.so +%else +install -m 0644 %{_builddir}/kanidm-%{version}/target/release/libpam_kanidm.so %{buildroot}/%_lib/security/pam_kanidm.so +%endif + +install -m 0644 %{_builddir}/kanidm-%{version}/platform/opensuse/kanidmd.service %{buildroot}%{_unitdir}/kanidmd.service +install -m 0644 %{_builddir}/kanidm-%{version}/platform/opensuse/kanidm-unixd.service %{buildroot}%{_unitdir}/kanidm-unixd.service +install -m 0644 %{_builddir}/kanidm-%{version}/platform/opensuse/kanidm-unixd-tasks.service %{buildroot}%{_unitdir}/kanidm-unixd-tasks.service +install -m 0644 %{_builddir}/kanidm-%{version}/platform/opensuse/kanidm-ipa-sync.service %{buildroot}%{_unitdir}/kanidm-ipa-sync.service +install -m 0644 %{_builddir}/kanidm-%{version}/examples/server.toml %{buildroot}%{configdir}/server.toml + +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/build/completions/_kanidmd %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidmd +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/build/completions/_kanidm %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidm +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/build/completions/_kanidm_ssh_authorizedkeys_direct %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidm_ssh_authorizedkeys_direct +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/build/completions/_kanidm_unix %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidm_unix +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/build/completions/_kanidm_ssh_authorizedkeys %{buildroot}%{_sysconfdir}/zsh_completion.d/_kanidm_ssh_authorizedkeys + +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/build/completions/kanidmd.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidmd.sh +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/build/completions/kanidm.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidm.sh +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/build/completions/kanidm_ssh_authorizedkeys_direct.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidm_ssh_authorizedkeys_direct.sh +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/build/completions/kanidm_unix.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidm_unix.sh +install -m 0755 %{_builddir}/kanidm-%{version}/target/release/build/completions/kanidm_ssh_authorizedkeys.bash %{buildroot}%{_sysconfdir}/bash_completion.d/kanidm_ssh_authorizedkeys.sh + +cp -r %{_builddir}/kanidm-%{version}/book/src/ %{buildroot}%{_datadir}/kanidm/docs/ +cp -r %{_builddir}/kanidm-%{version}/server/web_ui/pkg %{buildroot}%{_datadir}/kanidm/ui/pkg + +## End install + +%if 0%{?rhel} > 7 || 0%{?fedora} +%else + +%pre server +%service_add_pre kanidmd.service +%service_add_pre kanidm-ipa-sync.service +%endif + +%if 0%{?rhel} > 7 || 0%{?fedora} +%else + +%post server +%service_add_post kanidmd.service +%service_add_post kanidm-ipa-sync.service +%endif + +%if 0%{?rhel} > 7 || 0%{?fedora} +%else + +%preun server +%service_del_preun kanidmd.service +%service_del_preun kanidm-ipa-sync.service +%endif + +%if 0%{?rhel} > 7 || 0%{?fedora} +%else + +%postun server +%service_del_postun kanidmd.service +%service_del_postun kanidm-ipa-sync.service +%endif + +%if 0%{?rhel} > 7 || 0%{?fedora} +%else + +%pre unixd-clients +%service_add_pre kanidm-unixd.service +%service_add_pre kanidm-unixd-tasks.service +%endif + +%if 0%{?rhel} > 7 || 0%{?fedora} +%else + +%post unixd-clients +%service_add_post kanidm-unixd.service +%service_add_post kanidm-unixd-tasks.service +%endif + +%if 0%{?rhel} > 7 || 0%{?fedora} +%else + +%preun unixd-clients +%service_del_preun kanidm-unixd.service +%service_del_preun kanidm-unixd-tasks.service +%endif + +%if 0%{?rhel} > 7 || 0%{?fedora} +%else + +%postun unixd-clients +%service_del_postun kanidm-unixd.service +%service_del_postun kanidm-unixd-tasks.service +%endif + +%files +%defattr(-,root,root) +# percent exclude /usr/.crates.toml + +%files clients +%defattr(-,root,root) +%dir %{configdir} +%{_bindir}/kanidm +%dir %{_sysconfdir}/zsh_completion.d +%dir %{_sysconfdir}/bash_completion.d +%{_sysconfdir}/zsh_completion.d/_kanidm +%{_sysconfdir}/bash_completion.d/kanidm.sh + +%files server +%{_sbindir}/kanidmd +%{_sbindir}/kanidm-ipa-sync +%{_sbindir}/kanidm-ldap-sync +%{_unitdir}/kanidmd.service +%{_unitdir}/kanidm-ipa-sync.service +%dir %{_datadir}/kanidm +%dir %{_datadir}/kanidm/ui +%dir %{_datadir}/kanidm/ui/pkg +%dir %{_datadir}/kanidm/ui/pkg/external +%{_datadir}/kanidm/ui/pkg/* +%{_datadir}/kanidm/ui/pkg/external/* +%dir %{configdir} +%config(noreplace) %{configdir}/server.toml +%dir %{_sysconfdir}/zsh_completion.d +%dir %{_sysconfdir}/bash_completion.d +%{_sysconfdir}/zsh_completion.d/_kanidmd +%{_sysconfdir}/bash_completion.d/kanidmd.sh + +%files unixd-clients +%{_libdir}/libnss_kanidm.so.2 +%if 0%{?suse_version} > 1549 +%{_pam_moduledir}/pam_kanidm.so +%else +/%_lib/security/pam_kanidm.so +%endif +%{_sbindir}/kanidm-unix +%{_sbindir}/kanidm_ssh_authorizedkeys +%{_sbindir}/kanidm_ssh_authorizedkeys_direct +%{_sbindir}/kanidm_unixd +%{_sbindir}/kanidm_unixd_tasks +%{_unitdir}/kanidm-unixd.service +%{_unitdir}/kanidm-unixd-tasks.service +%dir %{_sysconfdir}/zsh_completion.d +%dir %{_sysconfdir}/bash_completion.d +%{_sysconfdir}/zsh_completion.d/_kanidm_ssh_authorizedkeys_direct +%{_sysconfdir}/zsh_completion.d/_kanidm_ssh_authorizedkeys +%{_sysconfdir}/zsh_completion.d/_kanidm_unix +%{_sysconfdir}/bash_completion.d/kanidm_ssh_authorizedkeys_direct.sh +%{_sysconfdir}/bash_completion.d/kanidm_ssh_authorizedkeys.sh +%{_sysconfdir}/bash_completion.d/kanidm_unix.sh + +%files docs +%dir %{_datadir}/kanidm +%dir %{_datadir}/kanidm/docs +%doc %{_datadir}/kanidm/docs/* + +%changelog diff --git a/vendor.tar.zst b/vendor.tar.zst new file mode 100644 index 0000000..5e5be42 --- /dev/null +++ b/vendor.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:59dc51d23d78ff8cb7d6fce2810142e7d03bb3523ce5fa6cb2306f0e0c6f5ede +size 69311053