Ian Jackson

A tribute, from the FOSDEM Virtualization & IaaS Devroom, to the memory of Lars Kurth

Please note that this is a late addition to the schedule, and the program will now be starting 10 minutes earlier than originally scheduled.

Meetup for folks interested in Xen on Debian. From my point of view as a maintainer, the Debian Xen packages are in reasonable shape in buster. Work is needed for bullseye. Security updates are hard work. This is an opportunity for users and contributors to give feedback, and help out, with Xen on Debian and also feed back to Xen on upstream. (Ian is a maintainer of Xen in Debian and works on the upstream Xen Project for Citrix.)

During the DPL campaign, there was discussion of two related issues. First, we discussed moving our packaging to Git repositories on salsa.debian.org presumably as a matter of policy. Second we discussed moving away from source packages and to a model where `git push` is used to upload packages. This is a requirements collecting BOF for that discussion. We'll discuss what people would like out of such and experience, how we might meet those requirements, and problems meeting the requirements. Deciding whether to make this changes is out of scope: that belongs on our mailing lists. But if we were going to do it, what would people want? That belongs here. Requirements will be conflicting. Choosing which conflicting requirements to meet is out of scope beyond noting the conflict. This is a brainstorming session.

Other people: Sam Hartman

The idea for this session it to get together and as discuss all things autopkgtest/Debian CI and any related aspects. If you have ideas on how to test your package but don’t know exactly how to wire things up for running with autopkgtest, want to share your joy and/or your frustration with the tools or with the environments, or have tips or questions on writing autopkgtest tests, this is for you.

git-debrebase is a new tool for managing Debian packaging in git. dgit is a bidirectional gateway between git and the Debian archive. These tools can be used independently or in combination. We have published a tutorial for using the combination of git-debrebase and dgit to maintain Debian packages: the dgit-maint-debrebase(7) manpage. There are also: dgit-maint-gbp(7), dgit-maint-merge(7) and dgit-simple-nmu(7). In this workshop we will help package maintainers start using the workflows described in these tutorials to maintain their packages. We can also answer general questions about dgit and git-debrebase. We also hope to gain feedback as to how dgit-maint-debrebase(7), and git-debrebase and dgit more generally, could be improved. For more information about git-debrebase, see the abstract for the talk about git-debrebase. Before joining this workshop, it would be useful to review some of the dgit-maint-*(7) manpages.

Other people: Sean Whitton

With git-debrebase the Debian changes to the upstream source are represented and manipulated as git commits, with one commit corresponding to one quilt patch. However, unlike with gbp-pq and git-dpm, git-debrebase uses just a single git branch. git-debrebase branches are: * directly buildable * directly editable with git-commit(1) (whether of Debian files, upstream files, or both); * directly useable with dgit (without --quilt= option); * automatically made fast forwarding when published; and * have a history useful for git log, git blame etc. Unlike with gbp pq, there is no need to switch back and forth between public and patch queue branches and there is no need to apply and unapply patches. Unlike git-dpm, git-debrebase requires no in-tree metadata. Uploads of git-debrebase branches done with dgit publish the source both as: 1. a git branch which anyone new to Debian can immediately use, and which Debian contributors can directly work on; 2. a perfect `3.0 (quilt)' source package as expected by non-git users.

Other people: Sean Whitton

The Xen packages in Debian are in need of some work, including some tidying up, upstreaming of some Makefile patches, and updating to new versions. There is a large outstanding bug list. Also with the demise of Alioth and the change to maintainers, we will be talking about the future git maintence workflow. Come and stick your oar in. You can help influence the Xen maintainers' workflows, and our priorities.

Xen on x86 platforms offers two kinds of virtual machines: PV and HVM. PV is the oldest kind of guest, doesn't need any emulation, but requires extensive modifications to the guest operating system kernel. HVM is a newer kind of guest, which exploits hardware virtualization extensions, and offers an emulated PC-like environment. Linux typically runs on Xen as a PV guest but can also run as an HVM guest very efficiently. Windows runs as an HVM guest only.

QEMU is a critical component in Xen deployments because is in charge of emulating most devices for HVM guests, including IDE disks and PCI network cards. In fact in the Xen community QEMU is often called the "device model". QEMU's emulated interfaces are conveniently available for the guest to use. At the same time of course they are also exposed to malicious guests, which are inevitably going to try to find vulnerabilities in those interfaces, to take control over the system.

Therefore securing QEMU is critical. QEMU should be protected from guest attacks, not just in best case scenarios, where deployments use advanced and complex security hardening techniques, such as stubdoms or SELinux, but in all cases, for all users.

This presentation will show the defense in depth mechanisms which the Xen Project is putting in place to secure the execution of QEMU in Dom0 by default. The talk will explain the reasons behind the design choices and how they compare against other hypervisors and other deployment scenarios. Users will learn the trade-offs of the different solutions and will learn how to discern secure from insecure configurations.

Other people: Stefano Stabellini

In our interconnected world of mobile and cloud computing, particularly with the rise of governmental spying, corporate espionage, and theft of data by organized crime syndicates, security is more important than ever. Many claims are being made about the security of open-source cloud technologies: How can administrators, users, and developers separate fact from fiction?

This talk will equip the audience with the principles needed to evaluate security claims. We will talk the nature of risk, of vulnerabilities and exploits; the various factors that reduce the risk of vulnerabilities in software; and about TCB, threat models, and defense-in-depth. And we will introduce a colorful and (hopefully) helpful analogy to help make these concepts more clear.

We will then apply these principles to three open-source cloud technologies: containers, KVM, and Xen, to see how they stack up. These will be backed up with numbers: lines of code, security advisories, entry points, and so on.

Audience

This is particularly aimed at system administrators or system architects wishing to make decisions about which cloud technologies to use or deploy. It should also be of interest to those who want an introduction to thinking about security analysis in general.

Benefits to the ecosystem

First, it will help those making decisions about which technology to used to make an informed decision. Secondly, by giving the audience a framework for thinking about security analysis, and show how to apply it to some concrete examples, it will help anyone thinking about security in almost any area of development or configuration.

This talk will give an overview of some of the compatibility difficulties facing Xen upstream and the choices we have made to try best to support users.

We'll discuss some of the consequences, particularly from the point of view of distros packaging Xen, and some of the approaches we and others have used to mitigate.