In this week’s Packaging Training Session Jo Shields (directhex), of the Debian/Ubuntu Mono team, will be explaining how to package Mono applications and libraries. Come to #ubuntu-classroom on irc.freenode.net at 16th July, 18:00 UTC to find out more.
[Discuss this Packaging Training Session on the Forums]
Originally posted by James Westby here on July 15, 2009 at 8:06 pm
The Ubuntu Technical Board intends to grow its membership from the current four seats to six. All but one of these seats (the recently elected Colin Watson) will be up for election for a period of two years.
All Ubuntu developers are eligible to vote.
The nomination period runs from now until 1400 UTC on 28th July 2009.
There will then follow a two week deliberation period, before the candidates are announced in the Technical Board meeting of 1400 UTC on 11th August 2009.
Voting will run for two weeks, and the winning candidates announced in the Technical Board meeting of 1400 UTC on 25th August 2009.
The Technical Board is the custodian of technical architecture, engineering processes and technology strategy in Ubuntu. We like to make sure it represents the best combination of experience and innovation from all of the Ubuntu development teams.
If you would like to put yourself forward for nomination, or would like to nominate a member of the Ubuntu Developer community who you think would make a fine member of the board, please send an e-mail to technical-board at lists.ubuntu.com
[Discuss the Technical Board Nominations on the Forums]
Originally sent to the ubuntu-devel-announce mailing list by Scott James Remnant on Tue Jul 14 16:16:48 BST 2009
If you’re anything like me, you might have read something about the plans for debhelper 7 when they were still in the works. The idea of having a debian/rules file as simple as the following sounded pretty darn cool.
#!/usr/bin/make -f
%:
dh $@
Then Debian Sid was unfrozen and Ubuntu Karmic opened for development, and you found a packaging bug you wanted to fix or a package you work on was ready to be merged. Say you needed to run some code manually after a particular debhelper command is run, but the rules file was converted to use some of the new features in debhelper 7. You probably found your self wondering what happened to my rules file!
Well, in this week’s Packaging Training Session James Westby (james_w) will be answering just that question in his session, Debhelper v7: what happened to my rules file? Come to #ubuntu-classroom on irc.freenode.net at 09th July, 12:00 UTC to get the answer and learn how to take advantage of all the cool new stuff in dh 7.
[Discuss this Packaging Training Session on the Forums]
Originally posted by Andrew Starr-Bochicchio (andrewsomething) here on July 8, 2009 at 12:00 pm
This is just a friendly reminder to all of the people out there wanting to chip in with Ubuntu Development Contributions. The upcoming packaging training session gears up to be interesting “Make Your Package Upgrade Correctly”. This is one of a series of ongoing development-centered sessions focusing on showcasing the daily work of Ubuntu MOTU contributors.
When: 4th June, 6:00 UTC
Where: #ubuntu-classroom @ irc.freenode.net
What: Package Session: Make Your Package Upgrade Correctly
How Long: One hour, Short demo of packaging technique and rest for Questions.
If you want to find out more about the upcoming Packaging Sessions check https://wiki.ubuntu.com/Packaging/Training. Also make sure to follow the RSS feed of Ubuntu Packaging at http://ubuntupackaging.wordpress.com/
Short version: if you’re interested in learning what it takes to learn packaging, mark Thursday in your calendar. From now on Thursday is Packaging Training Day.
Based on our experience with initiatives like the MOTU Q&A Sessions, the Ubuntu Developer Week and Ubuntu Open Week, the Ubuntu Developer Community is offering the following training effort starting in April:
We rotate session times to make sure we cover all timezones:
So for April we’re very proud to announce the following sessions:
Do you want to give a session? Do you have questions? Would you like to request a session? Would you just like to hang out? Do you want to help out with translations? Head over to Packaging/Training and add yourself.
This is an effort by the Ubuntu Developer Community, if you can do something to improve it and help others to get the most out of it, help out. This is going to be what we make of it. Get involved now!
Ubuntu Developer News Issue #2 has been released.
Topics include:
Ubuntu Developer News Issue #1 has been released. Topics include:
There is now a spot available on the Technical Board. Voting is already open and will close 20 Jan 2009 09:00 UTC. Here is Mark Shuttleworth’s email about it:
There is now a ballot of Ubuntu developers, to select a new member of
the Technical Board:https://launchpad.net/~ubuntu-dev/+poll/2009-01-tb-nominees/+vote-simple
The candidates in alphabetical order are Colin Watson and Kees Cook.
In a departure from tradition, we will have a race between two
candidates, rather than a confirmation vote. So there are two
candidates, one place, and you get to choose. Both candidates have
indicated that they are happy to be in a race rather than a
confirmation. In future, depending on circumstance and candidates, we
may take either approach.As it happens, both candidates work for Canonical. That’s not a
requirement for the position. However, the requirements do stack the
deck heavily in favour of someone who is able to devote full time
attention to the whole linux stack, in Ubuntu or Debian, and is very
aware of the Ubuntu community processes and players. As more companies
build businesses around Ubuntu and hence employ people who are very
active in the Ubuntu developer community, I am sure we will find great
non-Canonical TB candidates. We have already built substantial
non-Canonical representation in the Community Council, for example.This is a simple two-candidate selection, the winner will be the
candidate with the most positive votes. In the event of a tie, I will
act as a tie breaker.Please vote soon, the vote is only open for a week. Thank you to both
candidates for standing, and thanks in advance to all who participate in
the ballot.Mark
This is the first in a series of interviews with Ubuntu developers about their work, and features that will be available in future versions.
Dustin Kirkland is a developer on Canonical’s Ubuntu Server Team, working from Austin, Texas, USA. He is the author of the highly anticipated encrypted private directories feature in the upcoming Ubuntu 8.10 release. Previously, Dustin worked for IBM in various capacities, including as an on-site employee at Red Hat. There he discovered his interest in working with Linux at the distribution level, which eventually led him to Canonical.
Dustin was also interviewed separately for Ubuntu Weekly Newsletter #114.
One thing you have worked on for Intrepid is Encrypted Private directories. Could you tell us a little about what they are, and why they might be useful to someone?
If you have sensitive, personal data on a laptop computer, and you travel anywhere with it, you should seriously consider some form of encryption to protect that data.
Perhaps you have used a LiveCD to recover data off of a broken system before… Did you have to enter any passwords to access that data? What’s to prevent someone from “borrowing” your computer for a few minutes (or stealing the whole thing), booting a LiveCD, reading your documents, mail, and keys? Encryption can protect your data…if you have it!
From a server perspective, many machines today have hot-swappable disks. A thief can flip a latch, yank a disk out, and be on his way. That is perhaps a bit far fetched, but it happens. And if your server is running a RAID, it might be many hours or days before you notice a disk is missing. Again, without encryption, a thief has transparent access to all of your data.
There are many different ways you can use encryption to protect your data. You can use gpg [1] to individually encrypt/decrypt individual files, but that would get cumbersome if you need to encrypt a lot of data.
Ubuntu supports encrypting the entire disk using LVM+LUKS [2], however there can be a performance penalty for encrypting *everything*, it’s not easy to conduct incremental backups of the encrypted data, and you have to enter a password just to boot the system. The latter point is a show-stopper in most server environments, where the system is required to boot unattended in a data center or lab.
Ideally (at least in my mind), each user’s entire home directory would be encrypted using a key that’s unique to them. It would be mounted when the user logs in, and unmounted when the user logs out. That was my original proposal for Intrepid, but this was deemed a bit too ambitious to accomplish within a single release. The compromise was to provide a single encrypted location inside of each user’s home directory, ~/Private.
Then, each time the user logs in (graphically, on the console, or via ssh), their “login passphrase” is used to decrypt the second “mount passphrase”. This “mount passphrase” is used to establish the ~/Private mountpoint, where the user can read and write their most sensitive data. This merely a mountpoint, though. The data, when written to disk, is stored in ~/.Private. Try reading any file in there and you’ll find that data is encrypted! You can incrementally backup ~/.Private using rsync [4] (or some other backup program) to remote, untrusted storage, without giving the administrators of that remote system access to your data.
Do they provide complete security of the data that is stored in them? What technologies does this feature make use of?
As with any good encryption scheme, the security of the data stored within an encrypted ~/Private directory is only as strong as long as your passphrases are secret and hard to guess. By default, a 128-bit random mount passphrase is generated, which should be considered relatively strong. This mount passphrase is then encrypted using your login passphrase, and so your login passphrase must be strong as well.
N.B. It is *essential* that you record your mount passphrase and store it somewhere safe. If you ever have to manually recover your data, you will need this passphrase, rather than your login passphrase.
Encrypted ~/Private directories in Ubuntu use eCryptfs as the cryptographic filesystem scheme. eCryptfs first appeared as a filesystem module in the Linux kernel in November of 2006, in the 2.6.19 release. eCryptfs uses the vetted cryptographic algorithms in the Linux kernel (AES, by default in Ubuntu), as well as the kernel keyring for per-user key management. Thus, I would argue that eCryptfs is built on top of established technologies.
The biggest current shortcoming is that while all file contents are encrypted, filenames are not (Bug #264977). The upstream kernel developer responsible for ecryptfs, Michael Halcrow if IBM, is currently pursuing this at a high priority, and has some working code that should make it into the Linux kernel soon. I think Jaunty is a realistic timeframe, for Ubuntu.
If you’re logged out, and the ~/Private directory is not mounted, it impossible for even the root user to mount your encrypted data without the appropriate passphrases. However, when ~/Private is mounted, normal filesystem permissions apply. The ~/Private directory is set up so that other non-privileged users should not be able to read the data. However, the root user may be able to. To solve this problem, eCryptfs needs integration with technology that provides Mandatory Access Controls, such as AppArmor and/or SELinux (Bug #278290).
Are my passwords from Firefox stored in there for example?
Ubuntu doesn’t put any data in ~/Private automatically. We felt that most people would have taken offense at any forced migration of data into ~/Private.
On the other hand, I’ve blogged about some of the data that I store in my encrypted ~/Private [5]. Basically, I’ve moved my user data directories of Evolution, GPG, Firefox, Pidgin, SSH, and XChat to ~/Private, and established symbolic links in their usual locations. I think this is a pretty sensible setup, but I recommend each user consciously choose what goes into their ~/Private directory.
How do I set up an encrypted private directory for myself?
Install ecryptfs-utils
$ sudo apt-get install ecryptfs-utils
Setup your private directory
$ ecryptfs-setup-private
Enter your login password, and either choose a mount pass phrase or generate one. Record both pass phrases in a safe location!!! They will be required if you ever have to recover your data manually.
Logout, and Log back in to establish the mount
$ mount | grep Private
Make sure that the application whose data you want to protect (e.g. Firefox or Evolution) is not running
$ ps -ef | grep firefox
Move the application’s data directory (e.g. ~/.mozilla or ~/.evolution) into your ~/Private directory
$ mv ~/.mozilla ~/Private
Establish a symbolic link from the old location to new location
$ ln -s ~/Private/.mozilla ~/.mozilla
Repeat for each of your most sensitive data directories.
N.B. If you put all of .ssh in ~/Private, you won’t be able to ssh into the system using public key authentication. In this case, you might want to only put your private key in ~/Private, and leave the rest in the clear.
N.B. DO NOT PUT ~/.ecryptfs/ in ~/Private! There’s a bootstrapping issue. ~/.ecryptfs/* are required to establish the mount. If those are not readable prior to establishing the mount, ~/Private cannot be mounted.
We have also added an option to the alternate and server installer, just after choosing a username and password, to optionally setup an encrypted ~/Private directory.
What did you as an Ubuntu developer have to do to bring this feature to Ubuntu users?
First, I created a Blueprint in Launchpad [6]. Then, I created a Specification design document in the wiki [7]. I used this to fuel a discussion at the Ubuntu Developer Summit in Prague in May of 2008. I refined the design document according to the feedback I got at UDS.
Next, I discussed the design thoroughly with a number of people, both on the Ubuntu side, as well as with the upstream eCryptfs project. I used IRC and the mailing lists to hash out some issues. And I started implementing it incrementally and in stages. I tracked the progress on the wiki page, and actively responded to questions in the wiki and in Launchpad bugs.
I posted all changes as patches to the eCryptfs mailing list, and worked all of my code into the eCryptfs upstream git tree [8]. As soon as each batch of patches was accepted, I would request a new release tarball of ecryptfs-utils from the upstream maintainer (Michael Halcrow). Then I’d request the Debian ecryptfs-utils maintainer (Daniel Baumann) sync the Debian unstable ecryptfs-utils package to the new upstream release. Finally, I’d merge the Debian package into Ubuntu and request sponsorship.
Also, I filed Main Inclusion Reports [9] for ecryptfs-utils and a number of its dependencies, in order to be in main and used in the installer. As a prerequisite, some of the source code was reviewed by various Ubuntu developers, including Kees Cook, Jamie Strandboge, Steve Langasek, and Martin Pitt. My thanks to them for their careful review. Colin Watson helped integrate the questions into the alternate and server installers.
It was about this time I discovered planet.ubuntu.com and “blogging”. Using my blog, I was able to generate some publicity around the feature and call for testing. The feedback was almost overwhelming, but with the help of the outstanding Ubuntu community, we did shake out and fix some interesting bugs.
Based on my contributions to Ubuntu through ecryptfs-utils (as well as a number of other packages), I was able to apply for and attain MOTU privileges in the Ubuntu community.
And as a result to my active contribution to ecryptfs-utils upstream, I was added as a maintainer to the ecryptfs project.
You say you were accepted as a MOTU due in part to your work on this feature, that implies that you implemented this without having upload rights to Ubuntu. Is that correct?
Correct. At the beginning of the Intrepid development cycle, ecryptfs-utils was in Universe, and I did not have upload privileges. Jamie Strandboge, Kees Cook, and Chuck Short sponsored many uploads of ecryptfs-utils.
Just about the time that I was granted upload rights to Universe, ecryptfs-utils was moved to Main, where I do not (yet) have upload privileges. So I still need to push my changes to the Ubuntu package through an Ubuntu Core Developer. I hope to apply for Core Dev in the coming months.
On the other hand, I am now an upstream co-maintainer of eCryptfs, and I have commit privileges against the upstream git repository.
Did you examine any other approaches to solving this? Why did you pick this particular one?
Among the other options I reviewed, I considered eCryptfs to be the most promising. It’s a filesystem in the Linux kernel, giving optimal performance, thorough peer review, and standard implementation. The development community is active and established. I have been privy to the overall design of eCryptfs since 2004, from my previous role as a security developer in the IBM Linux Technology Center.
A more comprehensive review of eCryptfs against other implementations (albeit biased) is available at [10].
I will note that it would be possible for a motivated Ubuntu developer to modify my Encrypted Private implementation to use a different underlying encryption scheme for ~/Private. I would actually encourage more development in this space, as I think choice is good for the Ubuntu community. I could easily see an Encrypted Private directory that uses, say, EncFS instead of eCryptfs. I wouldn’t necessarily work on it myself, but I would encourage such development.
Where can people go if they want to find out more? Are there any tasks that they can help with?
Start with the design specification [7]. Join the ecryptfs-users community in Launchpad [11]. Consider helping with upstream eCryptfs development [8,12].
I’ve focused mainly on the server space, and on the command-line only. I would love to get some help from more desktop oriented developers for better integration with the Gnome and KDE desktops. Nautilus, Konqueror, etc. There’s an effort to create a graphical interface for setting up an encrypted private directory. I would love to see something under System->Preferences->Encryption and Keyrings that allowed a user to setup their private directory right there.
Do you have any plans to improve this feature in future releases?
Upstream ecryptfs kernel development is working on encrypted filenames. We’ll want to help integrate and test that in Ubuntu. I expect this should make it into Jaunty.
I mentioned above that more graphical setup tools would be useful, for configuration and setup, and integration directly into the file managers. I’d like to see a similar option in the graphical installer for what we have in the alternate and server installers.
I plan on pitching encrypted home directories again at UDS. I hope to use the relative success of encrypted ~/Private to bolster my case. There will be problems to solve, of course. But that’s what discussions are for.
Finally, we really need encrypted swap by default. Swap can be a treasure trove of passphrases and keys on a system. I would like to see swap encrypted by default, with a randomly generated key every boot. This should be relatively easy to do, with most of the work needing to be done in the installers. Resuming from suspend and hibernate might take some new new magic, but I think it should be doable.
Otherwise, I’m open to suggestions. Please file wishlist bugs appropriately against:
References:
[1] http://manpages.ubuntu.com/manpages/intrepid/en/man1/gpg.html
[2] https://help.ubuntu.com/community/EncryptedFilesystemLVMHowto
[3] http://manpages.ubuntu.com/manpages/intrepid/en/man1/ecryptfs-setup-private.html
[4] http://manpages.ubuntu.com/manpages/intrepid/en/man1/rsync.html
[5] http://blog.dustinkirkland.com/2008/10/what-in-my-encrypted-private-directory.html
[6] https://blueprints.launchpad.net/ubuntu/+spec/encrypted-private-directories
[7] https://wiki.ubuntu.com/EncryptedPrivateDirectory
[8] http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=summary
[9] https://wiki.ubuntu.com/MainInclusionReportEcryptfsUtils
[10] http://ecryptfs.sourceforge.net/ecryptfs-faq.html#compare
[11] https://launchpad.net/~ecryptfs-users
[12] https://launchpad.net/ecryptfs
The Ubuntu Developer Channel on YouTube has gone live - a site that will be stuffed full of videos about Ubuntu development. To kick off the channel, Tony Whitmore will be doing interviews throughout UDS this week. The first couple are with James Westby of bzr fame and Jono Bacon.
Keep an eye on the Ubuntu Developer Channel this week, as more videos are added.
