Ubuntu Developing "crypto-config" For System-Wide Cryptography Configuration
([Ubuntu] 3 Hours Ago
crypto-config)
- Reference: 0001475398
- News link: https://www.phoronix.com/news/Ubuntu-crypto-config
- Source link:
A new Ubuntu utility seeing an uptick in development recently is crypto-config as a means of system-wide cryptography configuration.
Crypto-config has been quietly in development since last year but seemingly now taking on more development load being past the Ubuntu 24.04 LTS phase. In last week's Ubuntu Foundations Team Updates it was [1]described by Canonical engineer Adrien Nader as:
Work on crypto-config for system-wide configuration of cryptography
Updated code against latest specification, fixed several small issues
Added temporary code to be able to not be a dependency of the configured packages
Started preparing demonstration profiles
looked at gnutls’ configuration handling to add drop-ins support
looked at nginx’ configuration which prevents disabling TLS versions after they’ve been enabled once
Crypto-config isn't currently relied upon by Ubuntu but is under active development. There is [2]a PPA for offering the latest crypto-config packages for those interested. The upstream code for crypto-config is currently on [3]GitLab .
Documentation is light but crypto-config currently is aiming to be a means of system-wide cryptography configuration profile management. There are currently profiles for managing the crypto settings around Apt, Nginx, GnuTLS, and OpenSSL. It will be interesting to see what comes of crypto-config for easing crypto settings management in future Ubuntu releases.
[1] https://discourse.ubuntu.com/t/foundations-team-updates-thursday-2024-06-27/45926/4
[2] https://launchpad.net/~adrien/+archive/ubuntu/crypto-config/+packages
[3] https://gitlab.com/crypto-config/crypto-config/
Crypto-config has been quietly in development since last year but seemingly now taking on more development load being past the Ubuntu 24.04 LTS phase. In last week's Ubuntu Foundations Team Updates it was [1]described by Canonical engineer Adrien Nader as:
Work on crypto-config for system-wide configuration of cryptography
Updated code against latest specification, fixed several small issues
Added temporary code to be able to not be a dependency of the configured packages
Started preparing demonstration profiles
looked at gnutls’ configuration handling to add drop-ins support
looked at nginx’ configuration which prevents disabling TLS versions after they’ve been enabled once
Crypto-config isn't currently relied upon by Ubuntu but is under active development. There is [2]a PPA for offering the latest crypto-config packages for those interested. The upstream code for crypto-config is currently on [3]GitLab .
Documentation is light but crypto-config currently is aiming to be a means of system-wide cryptography configuration profile management. There are currently profiles for managing the crypto settings around Apt, Nginx, GnuTLS, and OpenSSL. It will be interesting to see what comes of crypto-config for easing crypto settings management in future Ubuntu releases.
[1] https://discourse.ubuntu.com/t/foundations-team-updates-thursday-2024-06-27/45926/4
[2] https://launchpad.net/~adrien/+archive/ubuntu/crypto-config/+packages
[3] https://gitlab.com/crypto-config/crypto-config/
milo_hoffman