August in the archive – a view from the Ubuntu Server Team

The month of August saw a lot of activity in the archive reaching Feature Freeze on Thursday, August the 28th.

PIE hardening

Kees Cook tackled one of the last point on his hardening ubuntu list: enabling PIE for a subset of the archive. While other hardening measures have been implemented directly in gcc PIE is enabled at the packaging level. Some of the packages natively support PIE in their build process. But for the vast majority PIE is enabled by adding a build dependency on hardening-wrapper and exporting DEB_BUILD_HARDENING=1″ in the debian/rules file.

The lucky packages to provide increased protection against vulnerabilities include:

apache2
bind9
dhcp3
dovecot
openldap
postfix
postgresql
samba
openssh

UFW package integration

Jamie Strandboge updated ufw to support application profiles. Packages can simply add profiles to /etc/ufw/applications.d and dpkg triggers will discover the changes and update ufw accordingly. Nicolas Valcárcel and Didier Roche jumped in and added ufw application profiles to the following packages:

apache2
bind9
dovecot
openssh
postfix
samba

Dovecot 1.1

Dovecot has been merged from Debian experimental repository. This brings in support for the manage sieve protocol. Although Dovecot LDA has had support for sieve scripts for some time end-users management of sieve scripts is greatly enhanced now. End users don’t need shell or FTP access to upload their sieve scripts any more.

Pam-auth-update support

Steve Langasek improved the support for pam modules by implementing the Pam Config Framework specification. Packages can now declare which pam modules they’re providing. A central tool can be used by system administrators to choose which modules should be enabled for the system.

Several packages have been updated to support the new pam-auth-update command:

libpam-ldap
libpam-smbpass
libpam-cracklib
ecryptfs-utils (provides pam_ecryptfs)
libpam-ck-connector

Latest MySQL Community Edition

Following the upstream relase mysql 5.0.67 has been uploaded to the intrepid archive.

Openldap stable release

Openldap has been updated to version 2.4.11 which has been declared stable by the Openldap project:

The OpenLDAP Software stable release is the last release which has proven through general use to be the most reliable release available. OpenLDAP-2.4.11, as of 20080813, is considered stable.

The upload also marks the move from slapd.conf to the cn=config backend. Although slapd.conf support is still available new installs and package upgrades will only support the cn=config backend.

Dustin Kirkland’s Ubuntu Server posts

Results of the Ubuntu Virtualization Survey

A big thanks to everyone that participated in the Ubuntu Virtualization Survey. I am pleased to share the results with you now.ResultsAnswersI will provide a few of my own observations, but we are very interested in your own conclusions!There were a total of 354 responses -- excellent feedback!Nearly 2/3 of all responders use virtualization on Ubuntu every d […]

Introducing Testdrive!

I'm pleased to introduce a new package I have created for Ubuntu called testdrive!Testdrive makes it simple to run any Ubuntu release in a virtual machine, safely, and without affecting your current Ubuntu installation.This is a great way to "try out" the Ubuntu release beyond your current version, before upgrading. For example, if you're […]

Ubuntu 9.10 Byobu and OpenWeek Session

I thought I would provide a brief set of highlights about Byobu accomplishments during the Karmic development cycle, now that we have released Ubuntu 9.10. Also, I'd like to promote my Ubuntu Open Week Presentation on Byobu, which is scheduled for 18:00 UTC, tomorrow, Tuesday November 3, 2009. It will included a live demonstration, in Amazon EC2. Be pre […]

Kees Cook’s Ubuntu Server posts

karmic and log rotation

In Ubuntu’s Karmic and and Debian’s Lenny, sysklogd was replaced with rsyslog. This is fine, since rsyslog will have converted your /etc/syslog.conf to /etc/rsyslog.d/50-default.conf. However, if you modified the (maddeningly strange sysklogd-specific) log file rotation in /etc/cron.daily/sysklogd or /etc/cron.weekly/sysklogd, you’ll want t […]

TPM as RNG

I was reminded about some TPM coding I’d done to get random bytes from the pRNG on my TPM-enabled system from Matt Domsch’s recent post. I’m not fully convinced that the pRNG of the TPM is an appropriate source of entropy, but it does pass my simple FIPS-140-2 test. I had to find the Intel TPM docs to figure out how to enable TPM on my syst […]

uninstall sun-java6

With the vrms meme raging on Planet Ubuntu, I noticed some people still have sun-java6 installed. I’ve been using openjdk-6 since Hardy, and everything I use works fine with it (e.g. Vuze, Catan, Eclipse, FreeMind, and even Facebook’s photo uploader thing). Given the Ubuntu Tech Board’s “remove sun-java6 from the archive” Agenda […]

Mathias Gug’s Ubuntu Server posts

Sep 20 – Sep 25 Wrap-up

Spent most of my week in Portland to attend conferences. Conferences Attended LDAPCon 2009 and published report. Attended LinuxCon 2009. Image Store Proxy Updated image-store-proxy to 1.0. This version brings support for gpg signed images. Still need testing against the real-world Canonical Image Store infrastructure.

A summary of LDAPCon 2009

On Sunday, September 20th and Monday, September 21st I attended LDAPCon 2009 in Portland, OR. Most of the open source projects were there – with the notable absence of Port 389 (Redhat) – as well as some vendors (Apple and UnboundID). Most of the slides are available online. Apache Directory project The Apache Directory folks gave several present […]

Sep 11 – Sep 18 Wrap-up

Image-store-proxy Package image-store-proxy to enable the Image Store tab in Eucalyptus. The package (python-image-store-proxy) has made its way to main and on the -server isos in time for alpha6 with the help of Thierry and Kees. Server-karmic-directory-enabled-user-login Kept on investigating the use of puppet to build an ldap/krb5 infrastructure on EC2. I […]

Thierry Carrez’s Ubuntu Server posts

UDS Lucid

This week, Dallas hosts the Ubuntu Developer Summit for the Lucid Lynx release. This is the key moment where we define what will be done for Ubuntu 10.04 LTS, and discuss how it will be done. There will be plenty of interesting sessions in all the tracks, and sometimes I wish I could attend two sessions at the same time. In the server track, Monday will have […]

Run your own Ubuntu Enterprise Cloud, part 3

In part 1 and part 2 of this series, we saw how to set up a minimal cloud infrastructure and bundle a basic image (and test it). In this final article, we’ll play with our cloud from an end-user perspective. Setting up the web UI First of all, before accepting end users, as the administrator of the cloud you will have to setup a few things on the web U […]

Run your own Ubuntu Enterprise Cloud, part 2

In part 1 of this series, we saw how to install the cloud infrastructure. In this article, we’ll bundle and upload an EMI (Eucalyptus Machine Image), based on Ubuntu Server 9.10 Beta, and validate that we can run an instance of it. Download required elements Go to the cloud/cluster controller and download the required items. For a 64-bit image: $ URL= […]

Jamie Strandboge’s Ubuntu Server Posts

AppArmor sVirt security driver for libvirt

Serving up Sftp and AppArmor

AppArmor now available in Karmic — testing needed

After a lot of hard work by John Johansen and the Ubuntu kernel team, bug #375422 is well on its way to be fixed. More than just forward ported for Ubuntu, AppArmor has been reworked to use the updated kernel infrastructure for LSMs. As seen in #apparmor on Freenode a couple of days ago: 11:24 < jjohansen> I am working to a point where I can try upstre […]

M	T	W	T	F	S	S
« Aug				Oct »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Ubuntu Server Blog