Ubuntu's crypto-config Continues Being Developed For Gradual Roll-Out
([Ubuntu] 3 Hours Ago
crypto-config)
- Reference: 0001524695
- News link: https://www.phoronix.com/news/Ubuntu-crypto-config-2025
- Source link:
A year ago I raised attention about [1]crypto-config as a new Ubuntu project for system-wide cryptography configuration . That crypto config tool continues being developed by Canonical engineers for a gradual roll-out into the Ubuntu Linux landscape.
Since writing last summer about crypto-config, it's been easy to forget about with much else to report but in recent weeks there has been an uptick in activity around it by Canonical engineers. Among the activity has been improved documentation to better spell out their plans for crypto-config. Among the new documentation:
"A configuration management framework for cryptography using system-wide profiles that are switched atomically. It is gradually being rolled out in Ubuntu.
This repository contains the framework. Profile data is to be stored directly inside each package. As an exception during early days, this repository may also contain profile data in order to avoid a chicken-and-egg situation.
...
Crypto-config profiles are made of drop-in files and configuration fragments. You can think of a profile as a subset of configuration files on your system, and choosing a profile as atomically switching these to alternative ones."
Among the example crypto profiles demonstrated in their enhanced documentation is configuring the Nginx web server with TLS and using the "sslscan" utility to verify its configuration.
This GPLv3-licensed crypto-config software continues to be actively developed but as of writing hasn't appeared in the Ubuntu 24.10 repository or the in-development Ubuntu 25.04 "Plucky Puffin" repository, but is available in source form or as a PPA.
As the documentation mentions, crypto-config is to be "gradually being rolled out" for Ubuntu users. We'll see how that goes. Presumably their objective will be to get it into good shape for Ubuntu 26.04 LTS so by Ubuntu 25.10 would need to be in sufficiently good shape for testing ahead of the all-important Long Term Support cycle.
Those wanting to track the progress on Canonical's crypto-config for Ubuntu Linux can find it via [2]this GitHub repository .
[1] https://www.phoronix.com/news/Ubuntu-crypto-config
[2] https://github.com/canonical/crypto-config
Since writing last summer about crypto-config, it's been easy to forget about with much else to report but in recent weeks there has been an uptick in activity around it by Canonical engineers. Among the activity has been improved documentation to better spell out their plans for crypto-config. Among the new documentation:
"A configuration management framework for cryptography using system-wide profiles that are switched atomically. It is gradually being rolled out in Ubuntu.
This repository contains the framework. Profile data is to be stored directly inside each package. As an exception during early days, this repository may also contain profile data in order to avoid a chicken-and-egg situation.
...
Crypto-config profiles are made of drop-in files and configuration fragments. You can think of a profile as a subset of configuration files on your system, and choosing a profile as atomically switching these to alternative ones."
Among the example crypto profiles demonstrated in their enhanced documentation is configuring the Nginx web server with TLS and using the "sslscan" utility to verify its configuration.
This GPLv3-licensed crypto-config software continues to be actively developed but as of writing hasn't appeared in the Ubuntu 24.10 repository or the in-development Ubuntu 25.04 "Plucky Puffin" repository, but is available in source form or as a PPA.
As the documentation mentions, crypto-config is to be "gradually being rolled out" for Ubuntu users. We'll see how that goes. Presumably their objective will be to get it into good shape for Ubuntu 26.04 LTS so by Ubuntu 25.10 would need to be in sufficiently good shape for testing ahead of the all-important Long Term Support cycle.
Those wanting to track the progress on Canonical's crypto-config for Ubuntu Linux can find it via [2]this GitHub repository .
[1] https://www.phoronix.com/news/Ubuntu-crypto-config
[2] https://github.com/canonical/crypto-config
phoronix