Archive for the A month in the archive Category

May in the archive: a view from the Ubuntu Server team

Posted in A month in the archive on Friday, 12 June 2009 by Robbie

A few days after Jaunty was pushed out of the door the new release cycle was opened soon after. Karmic repositories were set up and syncing packages from Debian unstable started. A lot of developers were busy preparing and attending UDS in Barcelona during the month of May. It didn’t prevent them to start merging packages from Debian. Here are some highlights from the archive:

No-change rebuild to gain FORTIFY defaults

kees has been busy uploading packages for no-change rebuilds. Intrepid saw the integration of some compiler hardening which are only applied if the package is rebuilt with the new toolchain. The  goal here is to have all packages in main rebuilt by the next LTS release to gain all the fortify defaults.

MIT krb5 update

mathiaz synced the latest release of MIT kerberos from unstable. Version 1.7 brings amongst other things an improved compatibility with Microsoft Windows and the drop of version 4 of the Kerberos protocol. The upload of 1.7 also started a library transition: libkrb53 has been replaced by libkrb5-3. A lot of packages in main and universe need to be rebuilt so that krb5 1.6 can be removed from the karmic repository. The transition is still ongoing: while most of packages in main have been transitioned, universe still needs a lot of work.

pure-ftpd update

A new version of pureftpd (1.0.22) has found its way into karmic: the LDAP authentication backend now supports TLS encryption and TLS encryption is available on data channels. MySQL 5 stored procedures can now be used in the authentication process.

ufw in debian

ufw, the Ucomplicated Firewall, made his way to Debian unstable. Available since Hardy in Ubuntu ufw finally landed in Debian unstable with the help of kees. This frontend for iptables is particularly well-suited for host-based firewalls and is now available to the broader Debian community.

Advertisements

March in the archive: a view from the Ubuntu Server team

Posted in A month in the archive on Thursday, 26 March 2009 by Robbie

Since we entered FeatureFreeze one and half month ago the Ubuntu developers have shifted their focus on fixing bugs. As such the archive hasn’t seen a lot of new package versions or shiny new features. Here are a few highlights from the archive that happened during last month:

Python 2.6 transition

One of the main focus of the MOTU team has been conducting the python 2.6 transition. Scott Kitterman and other MOTUs have uploaded numerous packages to the archive in order to get ready for python 2.6 in Jaunty.

Loads of bug fixes

Most of the uploads have been fixing bugs: bacula packages can now be installed successfully in Jaunty. The samba package has been updated twice to new upstream versions to fix the broken ‘force group’ option as well as saving files on Samba shares using MS Office 2007.

Karmic is known in Jaunty

Some packages have been updated to  know about the next release codenamed Karmic Koala. Lintian, vim and other developers packages in Jaunty won’t complain when karmic will show up in Changelogs and other places once the release cycle opens.

Ubuntu in the cloud

In the realm of cloud computing things are moving fast.

Ubuntu on EC2 saw another beta released. ec2-init is now accepting more options such as disabling the root account and supporting RightScale managed instances. The EC2 API tools have also been packaged: managing EC2 instances using command lines tools is just a package installation away in Jaunty.

Eucalyptus, which helps to build private clouds using Ubuntu, saw a handful of bug fixes by Soren Hansen: better support for EBS in KVM, compression for image transfers are amongst the improvements. Collaboration with the upstream developers is working well as Ubuntu patches are integrated in new bzr snapshots.

kvm saw a packaging cleanup: Dustin Kirkland dug through the patches and kept the relevant ones while removing obsoletes patches. Builds on lpia and ia64 have also been enabled. DKMS support has been improved so that the kvm kernel module available from the kvm-source package can be easily updated.

likewise-open5 in universe

Likewise-open make it a snap to integrate an Ubuntu system in an AD environment. Thierry Carrez uploaded the latest version to the Ubuntu universe. Version 5 has seen many architectural changes: gone is the monolithic daemon – it has been replaced with a collection of daemons that handle one task. However upgrades from 4.1 to 5.0 aren’t supported. The system has to be rejoined when moving from 4.1 to 5.0. As a consequence 5.0 and 4.1 are available in Ubuntu with 4.1 in main and 5.0 in universe.

MySQL 5.0 to 5.1 upgrades

Even though MySQL 5.0 is still the supported version in Ubuntu, MySQL 5.1 is already available in universe. Upgrading from 5.0 to 5.1 is now possible in Jaunty thanks to the work of Mathias Gug.

screen-profiles

Dustin Kirkland has been busy updating the screen-profiles package. The ec2-cost script has been fine-tuned while a new package, screen-profiles-extra, has been created to ship additional color profiles.

February in the archive: a view from the Ubuntu Server Team

Posted in A month in the archive on Friday, 27 February 2009 by Robbie

On February the 19th another important milestone has been reached on the road to the Jaunty Jackalope: Feature Freeze. The Ubuntu Developers are now focusing on fixing bugs to produce a rock solid release by then end of April 2009. Here are some highlights from the Ubuntu Server team:

Ubuntu in the cloud

The long-awaited Eucalyptus package made it to the archive just before Feature Freeze paving the way for easy deployment of a cloud infrastructure built upon Ubuntu Server. In its wake a handful of java related components have also become available from the archive:

  • Apache Axis2 is a Web services engine implemented in C which can be used to provide and consume WebServices. Both SOAP and REST style webservice are supported with binary data being exchanged via MTOM.
  • The WS-Security specification is provided by the rampart package, the Apache web services security engine.

Other virtualization related components have also been updated:

  • kvm: the new upstream release ships with an updated version of qemu as well as loads of bugfixes. Nested svm is also available in Jaunty – now you can run kvm in kvm in kvm…
  • libvirt 0.6.0 brings in improved support for daemon restart as well as copy-on-write storage volume support.
  • virt-manager 0.6.1 supports remote storage management and provisioning, remote VM installation  and VM migration. Avahi is also used to detect existing libvirt systems available on the local network.
  • opennebula has been updated to version 1.2. Cloning and transferring vms is easier thanks to the new Image Management feature. Networking has also been improved.

Samba 3.3.0

The latest version of samba 3 has been uploaded to Jaunty. In the area of file serving it brings extended cluster support as well as new experimental VFS modules to store NTFS ACLs on Samba file servers. On the Winbind front two new idmap backends have been added (adex and hash) as well as support for user and group aliasing. The idmap_ad backend now supports multiple domains.

AppArmor profiles

Jamie Strandbodge has been working on new AppArmor profiles. Both dhcp and tcpdump packages have seen the addition of a profile: dhcp-client is now protected by AppArmor.

Encrypted swap

Dustin Kirkland added a script to the ecryptfs-utils to help configuring systems to use an encrypted swap.

Directory services

Mathias Gug uploaded a new version of openldap. Better support for GnuTLS as well as a transition to libdb 4.7 are available from the jaunty archive.

libdb transition

Scott Kitterman and other developers spent quite some time updating packages to use the newest versions of libdb. 4.2 is almost gone now that openldap has been updated to use 4.7. Other versions are also on their way out with dspam, awffull and ggcov being built with the latest version of libdb.

/etc under revision control

Thierry Carrez has been busy merging new versions from Debian. A daily cron job has been added that will commit any changes to /etc to the local tree, bzr being the default vcs used in Ubuntu.

Boot from multipathed devices

Timo Aaltonen updated grub to support booting from multipathed devices.

Hardware management tools

Ante Karamatić added dell specific commands to the ipmitools package.

krb5 and Microsoft kerberos implementation

Mathias Gug integrated a likewise-open patch to better support Microsoft kerberos implementation in MIT krb5.

Phoronix test suite

Dustin Kirkland worked with Michael Owens to make the phoronix test suite available in Ubuntu. This automated suite is able to test and benchmark different parts of a Linux OS.

New django applications

As the popularity of django is rising so is the number of django applications available from the Ubuntu archive: python-django-tagging, python-django-evolution, python-django-djblets and python-django-debug-toolbar are now available in Jaunty.

AMQP support

AMQP, the emerging standard for high performance enterprise messaging, is now easily available in Ubuntu with the addition of rabbitmq-server to the archive. Written in the erlang language and based on the Open Telecom Platform rabbitmq features a complete, conformant and interoperable implementation of the published AMQP specification.

January in the archive: a view from the Ubuntu Server team

Posted in A month in the archive on Monday, 26 January 2009 by Robbie

Mail services

dkim was added during the Intrepid release cycle. Work keeps being done by Scott Kitterman to keep the milter support up-to-date: dkim-milter, pymilter, pymilter-milters have been updated to the latest upstream version in Jaunty.

Virtualisation

Soren Hansen has uploaded a new version of the libvirt package. Amongst bug fixes the version available in Jaunty brings support for openvz. A patch to support opennebula has also been added but is not enabled yet. The related tool virt-viewer has also been updated and provides a Mozilla plugin package. The tools used to interact with EC2 have been updated to the latest version released by Amazon while the latest version of virtualbox-ose made its way to the Jaunty archive. The 2.1 version brings better support for 64 bit systems as well as full VMDK/VHD support including snapshots.

Collaboration tools

moinmoin has been updated to a new major version. The 1.8 version brings in a major GUI editor upgrade, a new theme in addition to the usual round of bug fixes.

Databases

MySQL 5.0.75 is available in main while MySQL 5.1.30 is in universe. Some more work is still needed to make the latter fully working. One of the new feature provided by MySQL 5.1 is the embedded server library. libmysqld is already used by the new version of the Amarok music player shipped by the Kubuntu team in Jaunty.

Clustering support

redhat-cluster has been updated to the latest alpha2 release of the 3.0 branch. This soon-to-be-stable third generation of the code includes a new conga interface – the graphical tool to manage clusters. Related dependencies such as openais and corosync have also been updated.

Screen-profiles

Multiple uploads include the work done by Dustin Kirkland and Nicolas Barcet. After some discussions on the ubuntu-server mailing the default escape sequence has been changed back to ctrl-a. A few scripts have also been added to provide more information: a memory count script and a load average script. The common key bindings are using the F-keys to ensure that they work in both gnome-terminal and the tty console. A screen-profile-helper has been added to allow the selection of profiles as well as to install screen by default.

Squid proxy

The default configuration has been updated to better support apt repository caching: the cached object size has been increased so that big packages are properly cached. The Release and the Package file are also kept for a longer period of time.

Tomcat6

The tomcat6 package has seen the addition of a webapp auto-deployment feature to handle application load and unloads. One of the consequence is that installing webapp packages doesn’t stop tomcat6 processes anymore.

Uncomplicated Firewall

The 0.26 version has seen the addition of a new REJECT functionality. debconf questions have also been added to enable the firewall and set some basic rules. This is the first step towards integration of ufw in the installer.

September in the archive – a view from the Ubuntu Server Team

Posted in A month in the archive on Tuesday, 7 October 2008 by Robbie

September has been a busy month in terms of milestones: alpha5 and alpha6 were pushed out of the door. And a BetaFreeze went in effect during the last week of the month. Here is a selection of what happened in the archive during the month of September.

clamav protected by apparmor

The clamav anti-virus package saw the addition of an apparmor profile to increase the protection of the virus scanning daemon.

freeradius 2.1

A new upstream release of freeradius made its way to the intrepid archive. Support for ipv6, virtual servers and an improved administration tool are some of the new features. The server core has also been rewritten to be event based. This resulted in fixing lots of bugs that were difficult to address in the 1.1.X version.

Virtualization

A helper script that checks if the hardware supports virtualization extensions has been added to the kvm package. Support for hal and policykit has also been integrated thus improving the kvm experience in a desktop environment.

Both  kvm and qemu have been fixed to use evdev for keycode mapping based on the code from gtk-vnc. That lead to the resolution of a particular bug causing grief to kvm users, namely the unfortunate loss of ability to use arrow keys, function keys, and any other sort of extended keys.

vm-builder has seen an big update to its documentation as well as support for creating vmware and xen images.

AD integration with likewise-open

Likewise-open has been integrated with the new pam-auth-update infrastructure available in Intrepid. likewise-open is also able to properly register DDNS entries on domain join.

Boot in degraded mode

The final integration work for boot in degraded mode has been done: the installer asks whether the system should be set to boot from a degraded array if the /boot partition is located on an mirrored array.

Landscape integration

The landscape client has been split in two packages: a -common package that is installed by default. It does not require a landscape account and provides system monitoring information in the motd (via the update-motd package). Here is a example of the information included in the motd:

  System information as of Tue Oct  7 15:32:45 EDT 2008

  System load: 0.79              Memory usage: 54%   Processes:       56
  Usage of /:  30.3% of 5.60GB   Swap usage:   0%    Users logged in: 1

  Graph these measurements at https://landscape.canonical.com

The -client package is used with a Landscape account. Registration of the system with Landscape is now available at installation time when selecting the package update policy.

Status action for init scripts

Another round of packages have seen a status action added to their init script: openvpn, asterisk, mythtv and net-snmp.

Tomcat5.5

Following the work done on the tomcat6 package, tomcat5.5 has also been updated to integrate nicely with the intrepid java environment. And security fixes have been applied to the package.

August in the archive – a view from the Ubuntu Server Team

Posted in A month in the archive on Thursday, 4 September 2008 by Robbie

The month of August saw a lot of activity in the archive reaching Feature Freeze on Thursday, August the 28th.

PIE hardening

Kees Cook tackled one of the last point on his hardening ubuntu list: enabling PIE for a subset of the archive. While other hardening measures have been implemented directly in gcc PIE is enabled at the packaging level. Some of the packages natively support PIE  in their build process. But for the vast majority PIE is enabled by adding a build dependency on hardening-wrapper and exporting DEB_BUILD_HARDENING=1″ in the debian/rules file.

The lucky packages to provide increased protection against vulnerabilities include:

  • apache2
  • bind9
  • dhcp3
  • dovecot
  • openldap
  • postfix
  • postgresql
  • samba
  • openssh

UFW package integration

Jamie Strandboge updated ufw to support application profiles. Packages can simply add profiles to /etc/ufw/applications.d and dpkg triggers will discover the changes and update ufw accordingly. Nicolas Valcárcel and Didier Roche jumped in and added ufw application profiles to the following packages:

  • apache2
  • bind9
  • dovecot
  • openssh
  • postfix
  • samba

Dovecot 1.1

Dovecot has been merged from Debian experimental repository. This brings in support for the manage sieve protocol. Although Dovecot LDA has had support for sieve scripts for some time end-users management of sieve scripts is greatly enhanced now. End users don’t need shell or FTP access to upload their sieve scripts any more.

Pam-auth-update support

Steve Langasek improved the support for pam modules by implementing the Pam Config Framework specification. Packages can now declare which pam modules they’re providing. A central tool can be used by system administrators to choose which modules should be enabled for the system.

Several packages have been updated to support the new pam-auth-update command:

  • libpam-ldap
  • libpam-smbpass
  • libpam-cracklib
  • ecryptfs-utils (provides pam_ecryptfs)
  • libpam-ck-connector

Latest MySQL Community Edition

Following the upstream relase mysql 5.0.67 has been uploaded to the intrepid archive.

Openldap stable release

Openldap has been updated to version 2.4.11 which has been declared stable by the Openldap project:

The OpenLDAP Software stable release is the last release which has proven through general use to be the most reliable release available. OpenLDAP-2.4.11, as of 20080813, is considered stable.

The upload also marks the move from slapd.conf to the cn=config backend. Although slapd.conf support is still available new installs and package upgrades will only support the cn=config backend.

July in the archive – a view from the Ubuntu Server Team

Posted in A month in the archive on Friday, 1 August 2008 by Robbie

Another month passed on the road to the Intrepid Ibex. Two alpha releases have been pushed out the door and the Debian Import Freeze has been in effect for one month. Does this mean that the intrepid archive has been quiet ? Not really… Here are some highlights for the month of July:

DKIM verification is on by default

For those of you that deploy mail servers we’ve added another component for your spam fighting toolbox: DomainKeys Identified Mail. As mentioned earlier this month more testing of this new feature is welcome.

Default ssl virtual host in apache2

Amongst other things the apache2 package comes now with a default ssl virtual host. One more step closer to add support for SNI.

Improved autochanger support in Bacula

The new version of Bacula – 2.4.1 – comes with a major rewrite of the storage daemon autochanger and reservation code. Those of you using multiple drive autochangers should see more reliable operations.

Openldap update

The new upload saw an update to 2.4.10 and also the package renamed from openldap23 to openldap. It should bring in more stability (especially in the replication sub-system) and less confusion for the end user as to which version of openldap they’re running.

Smartcard support in Openvpn

The new package reenables PKCS#11 support.

Samba 3.2

At the begining of the month the Samba team released version 3.2. Shortly after it was uploaded to the archive. Lots of new features have been added: clustered file server support, encrypted network transport, ipv6 support and better integration with the latest version of Microsoft Windows© clients and servers. It should also be noted that Samba 3.2 is licensed under the GPLv3.