2.0.0-alpha

Himmelblau 2.0.0-alpha is a major preview release focused on new features, platform support, and security hardening. Key changes include generation of Office 365 desktop web-apps, support for Entra registered devices, improved SELinux and authselect integration, supply-chain safeguards (license checks, SBOM, dependency vetting, fuzzing), and CI and packaging improvements. As an alpha, features may be incomplete. Please test, report bugs, and share feedback to help shape the final 2.0 release.

What's Changed

• deps(rust): bump the all-cargo-updates group with 6 updates by @dependabot[bot] in #643
• Correct the RPM postinst script syntax by @dmulder in #646
• deps(rust): bump the all-cargo-updates group with 7 updates by @dependabot[bot] in #649
• deps(rust): bump the all-cargo-updates group with 11 updates by @dependabot[bot] in #660
• cron dep for Intune and SELINUX config by @dmulder in #648
• Generate Office 365 desktop apps by @dmulder in #659
• Miscellaneous fixes by @scabrero in #663
• Make broker work for Edge by @mw-a in #661
• Fix building packages with docker in root mode by @dmulder in #664
• Add help output to the Makefile by @dmulder in #665
• Don't overwrite the himmelblau.conf on rpm upgrade by @dmulder in #666
• deps(rust): bump tracing-subscriber from 0.3.19 to 0.3.20 in the cargo group by @dependabot[bot] in #670
• Fix NixOS build by optionally adding selinux tools to the build path. by @twoolie in #673
• Add a Code of Conduct by @dmulder in #678
• Add a Contributing document by @dmulder in #679
• Add authselect module for Rocky/Fedora by @dmulder in #681
• Add CI check for licenses by @dmulder in #685
• Update dependabot.yml to target all stable branches by @dmulder in #683
• deps(rust): bump the all-cargo-updates group with 10 updates by @dependabot[bot] in #686
• Remove glib dependency by @dmulder in #690
• Fix mixed case names in Hello PIN lookup, and increase maximum group lookup by @dmulder in #695
• Add supply-chain protection by @dmulder in #698
• Add an IRP checklist for security incidents by @dmulder in #699
• Add SBOM generation by @dmulder in #700
• Fix RHEL8 package signing by @dmulder in #705
• Remove incompatible licenses from deps by @dmulder in #701
• deps(rust): bump the all-cargo-updates group with 6 updates by @dependabot[bot] in #709
• Entra group based sudo access by @iLikeToCode in #711
• Fix building w/out deprecated interactive feature by @dmulder in #713
• Fix NixOS CI by @iLikeToCode in #714
• Improve o365 app handling by @dmulder in #716
• Resolve CodeQL errors by @dmulder in #721
• feat: Add support for aarch64 on Debian-based distributions by @RobertDeRose in #723
• deps(rust): bump the all-cargo-updates group across 1 directory with 11 updates by @dependabot[bot] in #729
• Fix Group static mapping (main) by @dmulder in #736
• Add a OpenSSF Scorecard by @dmulder in #742
• Add scorecard badge by @dmulder in #748
• Add the OpenSSF Best Practices badge by @dmulder in #753
• Combination of dependabot updates by @dmulder in #754
• Add basic fuzzing by @dmulder in #756
• Add apply_policy to nix config by @iLikeToCode in #734
• Add fuzzing for the idmap code by @dmulder in #758
• Fix various security related issues by @dmulder in #763
• Bump cachix/install-nix-action from 31.6.2 to 31.7.0 by @dependabot[bot] in #764
• Support for Entra registered devices by @dmulder in #765
• Fix Nix Error With Fuzz by @iLikeToCode in #773
• Group mapping inconsistency by @dmulder in #784
• Improve SELinux support by @dmulder in #779
• dependabot updates with dependency vetting by @dmulder in #790
• Mask the sshkey-attest package by @dmulder in #792
• Bump cachix/install-nix-action from 31.7.0 to 31.8.1 by @dependabot[bot] in #789

New Contributors

• @scabrero made their first contribution in #663
• @iLikeToCode made their first contribution in #711
• @RobertDeRose made their first contribution in #723

Full Changelog: 1.4.0...2.0.0-alpha