- contribute
- how
- promote
- material
- slides
- Paris-Tails HackFest-201407
- Infrastructure
- infrastructure
% Improving the infrastructure behind Tails % intrigeri % July, 2014
Current Tails' challenges
Cadence & popularity
- new release every 6 weeks
- about 10k boots a day, doubles every 6-9 months
Limited resources and time
- mostly volunteer work
- 2000 commits, by ~10 persons, on the last 6 months
Roadmap
July 22
- Tails 1.1 — Debian Wheezy, UEFI
And then
- Tails 2.0: sustainability and maintainability
Greeter
same-day security updates
mitigate effects of security holes - Tails 3.0: hardening, sandboxing
- More?
What we have
People
very few people involved in infrastructure work
Services
- APT repository
- Debian package builder
- Gitolite
- Jenkins
- rsync
- etc.
Needed infrastructure improvements
Release process
- building Debian packages
- building ISO images
- freezing for real
Quality assurance
- does our stuff stop building?
- does our stuff stop working?
- does new stuff break anything?
Security
- deterministic (reproducible) builds
- hardening build flags status
- same-day security updates
Internal communication
- commit notifications
- package upload notifications
Tails system administrators
Goals
The Tails system administrators set up and maintain the infrastructure that supports the development and operations of Tails. We aim at making the life of Tails contributors easier, and to improve the quality of the Tails releases.
Principles
- Infrastructure as code
- Free Software
- Relationships with upstream
Infrastructure as code
We want to treat system administration like a (free) software development project.
Infrastructure as code: why?
- enabling people to participate without needing accounts on our servers
- reviewing changes applied to our systems
- being able to easily reproduce our systems via automatic deployment
- sharing knowledge with other people
Infrastructure as code: how?
- publish as much as possible of our systems configuration
- manage our whole infrastructure with configuration management tools
Free Software
- Debian Free Software Guidelines
- exception: firmware our hardware might need
Relationships with upstream
https://tails.boum.org/contribute/relationship_with_upstream/
Tools
- Debian GNU/Linux
- Puppet
- Git to host and deploy configuration, including our Puppet modules
How to help?
Entry points
- https://tails.boum.org/contribute/how/sysadmin/
- https://tails.boum.org/contribute/working_together/roles/sysadmins/
- "easy" tasks
Where to start?
- #6295: Evaluate consequences of importing large amounts of packages into reprepro
- #6891: Monitor broken links on our website
- #6918: Track hardening status of the binaries shipped in Tails
- #7427: Evaluate using aptly
- #7221: Write a script that deletes old Git branches
Tell us about your skills and desires,
we'll help you get started :)
Contact
Talk to us
- I'm here.
- Development mailing-list: tails-dev@boum.org
- Sysadmins (private and encrypted) mailing-list: tails-sysadmins@boum.org
- Private and encrypted mailing-list: tails@boum.org
- IRC: see https://tails.boum.org/contribute/
- Web: https://tails.boum.org/