MPU Meeting Wednesday 13th May 2020

Profile Security

Awaiting sign-off

Alternative DICE desktop

Awaiting sign-off

Ubuntu Focal Port of LCFG Platform

This has been rebuilt for 20.04 so we're close to removing all support for 19.10. Stephen also fixed a problem with the package quality checker failing the entire build when certain errors were returned by the lintian tool, they are now treated as warnings.

Stephen spotted that updates were not being applied which caused some confusing downgrades to happen during the install.

LCFG package spec
A few more small improvements were made to the package spec parser. The LCFG server also needs a change to how it handles packages with architecture all so they work in the same way as noarch.

The DICE PAM config has had lots of attention, Stephen has documented it on the wiki - PamConfig. This caused a problem with the way pkgforge runs the pdebuild command via sudo. It was copying the source files from AFS as part of the command run through sudo. The simple fix was to copy the source files to a temporary local directory before running pdebuild. This has the additional benefit of being more efficient when it takes multiple attempts to build a large multi-package job.

Stephen found a problem with cron due to some ancient support for Solaris lurking in the LCFG component. This caused cron.allow, cron.deny and crontab files to have the wrong group on Ubuntu.

Alastair has been investigating the desktop login manager and screen locking. He has been referring back to his lightdm notes from SL7 which are still applicable. We need to check that we can still run scripts at login time. He tried the locking support in lightdm but this won't be useful for us as it needs the user switching to be enabled (which we don't want). It seems that xscreensaver will be the best option, the standard .desktop files which ship with the package appear to work. The package might need some patching to set the DICE defaults for screen blanking. The dbus-user-session package causes trouble but removing it seems to be tricky, will investigate if it is possible to just disable it via a configuration file. Alastair is aiming to get a functional desktop environment based on Gnome.

We are now meeting weekly on a Thursday with Graham and Richard to discuss recent developments. Stephen wondered if it would be useful to run a Debian packaging tutorial, will start by collecting together useful online guides.

User Security Training Materials

Chris is hoping to put together a prototype in Learn with the next couple of weeks.

Misc Development

Chris is working on a DR LCFG slave at KB which uses the DR LCFG master as the data source. There are some access control issues, Stephen suggested looking at the apache logs.

Stephen updated the SL7 PXE installroot to use the kernel and ISO from SL7.8. All the lcfg-level work on SL7.8 is now completed.


Chris helped Services Unit move the Informatics web services to a new VM (named clout) on the KVM server girassol. It needs a lot of disk space so is not quick/easy to migrate, when we have downtime they will use the DR web server at KB instead.

Stephen suggested removing nsu from the SSH servers so we can try out using only ksu for root access, it was agreed that this would be a good idea. Stephen will do it after the stable release of 3rd June as it needs some related configuration changes first.

-- StephenQuinney - 02 Jun 2020

Topic revision: r2 - 02 Jun 2020 - 14:52:13 - StephenQuinney
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies