From fb6536edd0c489073f613605e043637b70cfae8d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81ngel=20L=2E=20Mateo?= <amateo@um.es>
Date: Mon, 15 Jul 2024 14:21:49 +0200
Subject: [PATCH 1/3] Add support for Ubuntu 24.04 (noble)

---
 README.md                                |  1 +
 data/os/Ubuntu/24.04.yaml                | 34 ++++++++++++++++++++++++
 metadata.json                            |  3 ++-
 spec/acceptance/nodesets/ubuntu-2404.yml | 24 +++++++++++++++++
 templates/login.ubuntu24.erb             | 18 +++++++++++++
 templates/sshd.ubuntu24.erb              | 18 +++++++++++++
 6 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 data/os/Ubuntu/24.04.yaml
 create mode 100644 spec/acceptance/nodesets/ubuntu-2404.yml
 create mode 100644 templates/login.ubuntu24.erb
 create mode 100644 templates/sshd.ubuntu24.erb

diff --git a/README.md b/README.md
index 493217ba..3c0f5091 100644
--- a/README.md
+++ b/README.md
@@ -280,6 +280,7 @@ module aims to support the current and previous major Puppet versions.
  * Debian 12
  * Ubuntu 20.04 LTS
  * Ubuntu 22.04 LTS
+ * Ubuntu 24.04 LTS
 
 ### May work
 
diff --git a/data/os/Ubuntu/24.04.yaml b/data/os/Ubuntu/24.04.yaml
new file mode 100644
index 00000000..ca68164a
--- /dev/null
+++ b/data/os/Ubuntu/24.04.yaml
@@ -0,0 +1,34 @@
+---
+pam::common_files_create_links: false
+pam::common_files_suffix:       ~
+pam::common_files:
+  - common_account
+  - common_auth
+  - common_password
+  - common_session
+  - common_session_noninteractive
+
+pam::sshd_pam_access: absent
+pam::pam_d_login_template: pam/login.ubuntu24.erb
+pam::pam_d_sshd_template: pam/sshd.ubuntu24.erb
+pam::package_name: libpam0g
+pam::pam_auth_lines:
+  - 'auth	[success=1 default=ignore]	pam_unix.so nullok'
+  - 'auth	requisite			pam_deny.so'
+  - 'auth	required			pam_permit.so'
+  - 'auth	optional			pam_cap.so'
+pam::pam_account_lines:
+  - 'account	[success=1 new_authtok_reqd=done default=ignore]	pam_unix.so'
+  - 'account	requisite			pam_deny.so'
+  - 'account	required			pam_permit.so'
+pam::pam_password_lines:
+  - 'password	[success=1 default=ignore]	pam_unix.so obscure yescrypt'
+  - 'password	requisite			pam_deny.so'
+  - 'password	required			pam_permit.so'
+pam::pam_session_lines:
+  - 'session	[default=1]			pam_permit.so'
+  - 'session	requisite			pam_deny.so'
+  - 'session	required			pam_permit.so'
+  - 'session	optional			pam_umask.so'
+  - 'session	required	pam_unix.so'
+  - 'session	optional	pam_systemd.so'
diff --git a/metadata.json b/metadata.json
index 8fbed1e1..53da18ce 100644
--- a/metadata.json
+++ b/metadata.json
@@ -85,7 +85,8 @@
       "operatingsystem": "Ubuntu",
       "operatingsystemrelease": [
         "20.04",
-        "22.04"
+        "22.04",
+        "24.04"
       ]
     }
   ],
diff --git a/spec/acceptance/nodesets/ubuntu-2404.yml b/spec/acceptance/nodesets/ubuntu-2404.yml
new file mode 100644
index 00000000..b9a4e2bf
--- /dev/null
+++ b/spec/acceptance/nodesets/ubuntu-2404.yml
@@ -0,0 +1,24 @@
+HOSTS:
+  ubuntu2404:
+    roles:
+      - agent
+    platform: ubuntu-24.04-amd64
+    hypervisor : docker
+    image: ubuntu:24.04
+    docker_preserve_image: true
+    docker_cmd: '["/sbin/init"]'
+    docker_image_commands:
+      - "rm -f /etc/dpkg/dpkg.cfg.d/excludes"
+      - 'apt-get install -y wget net-tools iproute2 locales apt-transport-https ca-certificates'
+      - 'locale-gen en_US.UTF-8'
+    docker_env:
+      - LANG=en_US.UTF-8
+      - LANGUAGE=en_US.UTF-8
+      - LC_ALL=en_US.UTF-8
+    docker_container_name: 'pam-ubuntu2404'
+CONFIG:
+  log_level: debug
+  type: foss
+ssh:
+  password: root
+  auth_methods: ["password"]
diff --git a/templates/login.ubuntu24.erb b/templates/login.ubuntu24.erb
new file mode 100644
index 00000000..6a09e6a1
--- /dev/null
+++ b/templates/login.ubuntu24.erb
@@ -0,0 +1,18 @@
+auth       optional   pam_faildelay.so  delay=3000000
+auth       requisite  pam_nologin.so
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+session    required     pam_loginuid.so
+session    optional   pam_motd.so motd=/run/motd.dynamic
+session    optional   pam_motd.so noupdate
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+session       required   pam_env.so readenv=1
+session       required   pam_env.so readenv=1 envfile=/etc/default/locale
+@include common-auth
+auth       optional   pam_group.so
+session    required   pam_limits.so
+session    optional   pam_lastlog.so
+session    optional   pam_mail.so standard
+session    optional   pam_keyinit.so force revoke
+@include common-account
+@include common-session
+@include common-password
diff --git a/templates/sshd.ubuntu24.erb b/templates/sshd.ubuntu24.erb
new file mode 100644
index 00000000..4cce9a26
--- /dev/null
+++ b/templates/sshd.ubuntu24.erb
@@ -0,0 +1,18 @@
+@include common-auth
+account    required     pam_nologin.so
+<% if @sshd_pam_access != 'absent' -%>
+account  <%= @sshd_pam_access %>     pam_access.so
+<% end -%>
+@include common-account
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so close
+session    required     pam_loginuid.so
+session    optional     pam_keyinit.so force revoke
+@include common-session
+session    optional     pam_motd.so  motd=/run/motd.dynamic
+session    optional     pam_motd.so noupdate
+session    optional     pam_mail.so standard noenv # [1]
+session    required     pam_limits.so
+session    required     pam_env.so # [1]
+session    required     pam_env.so user_readenv=1 envfile=/etc/default/locale
+session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so open
+@include common-password

From fead0838f0d04e857d8bd0d892aa43bfa6c820e0 Mon Sep 17 00:00:00 2001
From: Garrett Honeycutt <code@garretthoneycutt.com>
Date: Mon, 30 Dec 2024 17:30:54 -0500
Subject: [PATCH 2/3] Add Debian 12 acceptance testing to pdk sync

---
 .sync.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.sync.yml b/.sync.yml
index 866dbac2..42d7e392 100644
--- a/.sync.yml
+++ b/.sync.yml
@@ -12,6 +12,7 @@
       - el8
       - el9
       - debian-11
+      - debian-12
       - ubuntu-2004
       - ubuntu-2204
     puppet:

From cd7444af51c98e90fbd42dd7e0d2f78febc989b5 Mon Sep 17 00:00:00 2001
From: Garrett Honeycutt <code@garretthoneycutt.com>
Date: Tue, 12 Nov 2024 11:31:47 -0500
Subject: [PATCH 3/3] Add support for Ubuntu 24.04 (noble)

---
 .github/workflows/ci.yaml | 1 +
 .sync.yml                 | 1 +
 metadata.json             | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index f5c377a3..8cad4118 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -61,6 +61,7 @@ jobs:
           - "debian-12"
           - "ubuntu-2004"
           - "ubuntu-2204"
+          - "ubuntu-2404"
         puppet:
           - "puppet7"
           - "puppet8"
diff --git a/.sync.yml b/.sync.yml
index 42d7e392..24bf5610 100644
--- a/.sync.yml
+++ b/.sync.yml
@@ -15,6 +15,7 @@
       - debian-12
       - ubuntu-2004
       - ubuntu-2204
+      - ubuntu-2404
     puppet:
       - puppet7
       - puppet8
diff --git a/metadata.json b/metadata.json
index 53da18ce..b207515b 100644
--- a/metadata.json
+++ b/metadata.json
@@ -97,7 +97,7 @@
     }
   ],
   "description": "Manages PAM, including specifying users and groups in access.conf, limits.conf, and limits fragments",
-  "pdk-version": "3.0.0",
+  "pdk-version": "3.3.0",
   "template-url": "https://github.com/tailored-automation/pdk-templates#main",
   "template-ref": "heads/main-0-g8e0611a"
 }