MPU Meeting Wednesday 13th May 2020

Profile Security

(Project 402.)

Alastair will close this project, moving its one remaining action (a Security Peer Review) to a new project.

Alternative DICE desktop

(Project 474.)

Stephen has written a final report.

Ubuntu Focal Port of LCFG Platform

(Project 546.)

Stephen

  • The project now has a homepage at UbuntuFocalPort and a blog at https://blogs.ed.ac.uk/lcfgubuntu/ .
  • Recently he's been concentrating on the installer. It's at the point where you can install LCFG-controlled Ubuntu 20.4 and get it up and running.
  • He has also generated base and options package lists.
    • The base list is a mashup of the binaries which are available in our SL7 base with those provided by the base Ubuntu environment tools list.
    • He's sorted out the dependencies for the packages in LCFG's "core" and "standard" categories.
    • Generating the options list was made super-easy by using soy (it stands for "son of yummy") by Magnus Hagdorn of GeoSciences.
    • Making the options package lists also involved trawling through all the lcfg-level headers which add packages, and moving those packages into the options list. (Hopefully this will greatly simplify RAT packages support - you'll be able to simply "add Eclipse" or whatever.)
    • There's a general aim to move all packages options down into the LCFG level, because this makes it far easier to share them with other Schools.
  • We don't need to rebuild bash! For years we've been rebuilding it just to add one single compile-time option, which enables our system-wide local startup files, which we use to bootstrap the local user environment. But that option is enabled by default in Debian's bash build!
    • However we don't yet have bash-defenv running.

Alastair

  • Alastair has added Ubuntu support for the lightdm component.
  • Use of the new systemd/User feature doesn't seem to be an option unless we drop PAGs for AFS - see this epic debate.
  • He'll tackle screen locking next. This needs attention because GNOME relies on GDM to do its screen-locking for it.
  • Local mail is working. It's currently using the stock Ubuntu mail configuration, but a lot of this is probably redundant, so it'll need to be pared back to the minimum.
  • He's now devoting three days a week to this project.

User Security Training Materials

(Project 403.)

Chris is aiming to get the first draft of course material done by Friday 22 May, and a version of the Learn course ready for testing by computing staff by Friday 5th June.

Misc Development

  • Stephen has got the LCFG level working on SL 7.8.
  • Alastair has asked for a new project 554 to track the progress of the port of DICE to SL 7.8.
  • Stephen has made a new snapshot release to go alongside our weekly testing and stable releases, and the rolling develop release. This snapshot is taken automatically each morning at 8am.
    • This allows the weekly testing process to be simplified - each week's testing release will simply be a copy of Monday morning's snapshot release.
    • The motivation was to make it far easier to share recent progress and bug-fixes with people in other schools - this lets them use almost the latest config if they want to, rather than config which is a week or more out of date.

Operational

  • Red Hat has restructured the centosvirt repository along the same lines as the software collections repository. This broke our use of it, so to fix this, Stephen has restructured our local centosvirt mirror in the same way he restructured the scl mirror a few weeks ago.
  • Package Forge now gets its certificate from Let's Encrypt. (This hadn't been possible until Stephen switched to using the DNS challenge for the Let's Encrypt certificate acquiry process; this makes it far easier.) HTTP now simply redirects to HTTPS.
  • Stephen has configured Ubuntu such that we will use our new method of acquiring privilege and becoming root. (See project 399.) SL7 remains unchanged for now: Alastair will take to CEG the question of making an analogous change to SL7.
  • Alastair has got a quote for a new KVM server to replace azul. Its spec will be similar to those of banjo and mandolin, the AT KVM servers. Chris asked for it to have as much memory as possible.
Topic revision: r3 - 20 May 2020 - 09:58:14 - ChrisCooke
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies