New Features
Package Management Policy
This release introduces a new Package policy type, enabling administrators to manage software repositories and packages on enrolled Linux desktops.
Features
Agent: Package enforcement via PackageKit
- Package installation, removal, and "keep at latest" enforcement via the PackageKit (https://www.freedesktop.org/software/PackageKit/) D-Bus API — abstracts APT, DNF, and Zypper uniformly across distributions.
- Auto-detects the node's package manager (APT / DNF / Zypper) to write the correct repository file format.
- Writes APT deb822 .sources files to /etc/apt/sources.list.d/ and GPG keys to /etc/apt/trusted.gpg.d/.
- Writes DNF/YUM .repo INI files to /etc/yum.repos.d/ and RPM GPG keys to /etc/pki/rpm-gpg/.
- Writes Zypper .repo INI files to /etc/zypp/repos.d/.
- Repository and package state is merged from multiple bound policies by priority (higher-priority bindings win conflicts).
- Desktop notifications inform the user when package policy changes are applied.
Web UI: Package Policy Editor
- Repositories tab — add, edit, and remove repositories per type (APT deb822, DNF, Zypper). Fields adapt to the selected type. GPG key upload supported for all types.
- Packages tab — manage packages with desired state (present / absent / latest), optional version pinning, and an "optional" flag.
- Options tab — control cache refresh after repo writes and allow-downgrade behaviour.
Web UI: Repository import helpers
Three one-click import flows are available in the Repositories tab:
- Add Ubuntu PPA… — enter a ppa:owner/name address and select an Ubuntu codename; the server fetches the repository URI and signing key from Launchpad and the Ubuntu keyserver automatically.
- Add openSUSE 1-Click .ymp… — upload a .ymp file; the server parses the XML and populates repositories and packages. When the file contains multiple distversion groups, a selection modal lets you choose which to import.
- Add Fedora COPR… — enter a owner/project or @group/project address and select a chroot; the server resolves the DNF repo URL and signing key from the COPR API.
Notes
- GPG verification is enabled automatically when a signing key is fetched successfully; it is disabled (with a warning) when no key is available, so the repository is still added and usable.
- The .ymp importer skips type="pattern" items (not installable via PackageKit) and reports them as warnings.
- Signed-off builds require godbus/dbus/v5 as a new agent dependency.