Hack call: 14:00 UTC
- Providing LXC and Docker container images
- For Proxmox - OS/distro for VMs or containers
- Used for self hosting
- Requires a lot changes to freedom-maker
- Extract the necessary files from freedom-maker images and convert to LXC/Docker
- Distromaker is another option
- Updates on freedom-maker (sunil)
- Trixie images did not have freedombox package from trixie-backports.
- Started building new images with the fix.
- Final step to reduce disk image compressed size was failing for some targets.
- Image sizes had gotten significantly larger.
- Replace with new btrfs option that takes care of it, and much smaller image size.
- Updates on OpenID Connect and systemd-homed (sunil)
- Many applications can be migrated to OpenID Connect.
- Tested client login to OpenID Connect Provider.
- With systemd-homed, don't need to provide user ID or group ID.
At user login, user's home directory is decrypted and mounted at /home/<user>/.
- Easier to backup and restore.
- Recovery keys in addition to password
- Option to add administrator password to user account.
- Initial implementation won't include encryption, postponed for later.
- Automatically assign user ID and group ID to user, set on all files in home directory.
- Can copy the entire directory to another system.
- Password hashes store in both Plinth database and /etc/shadow.
- 1st approach: Store old password hashes in systemd-homed user record.
- If initial login fails, check it against old passwords, then create new hash.
- Requires modifying PAM stack, so there are security concerns.
- All LDAP users can be migrated, and LDAP uninstalled.
- 2nd approach: Do password hashes in Plinth login. Required before login with SSH or Cockpit.
- Problem if web interface is not working.
- Many applications can be migrated to OpenID Connect.