User temporary directory

systemd-tmpfiles /tmp and other temporary directories and files are now managed by systemd and are not tmpfs. sytemd-tmpfiles gives to the user the ability to choose what they want to do with temporary directories/files. There are a ton of options that the user can choose from and everything is managed though config files (see man tmpfiles.d). Create a temporary directory in your HOME folder Using the global /tmp directory can be security issue as anyone can read this directory....

<span title='2023-08-07 11:10:00 +0000 UTC'>August 7, 2023</span>&nbsp;·&nbsp;230 words&nbsp;·&nbsp;Gauthier Jolly
Artwork generated by AI representing computer.

A basic CLI tool to build Ubuntu images

Genesis a CLI project written in Python. It can build Ubuntu images from scratch. The tool is named genesis (because you start from nothing). And is available as a python package: https://github.com/gjolly/genesis (it’s also packaged as a deb in a PPA. A basic example We are going to create a very minimal image of Ubuntu 23.04 (Lunar Lobster) and try to boot from it using qemu. Creating a base image First you want to start by bootstrapping a basic filesystem:...

<span title='2023-06-09 09:10:00 +0000 UTC'>June 9, 2023</span>&nbsp;·&nbsp;635 words&nbsp;·&nbsp;Gauthier Jolly
Artwork generated by AI representing a padlock.

FDE, Secureboot and unified kernel image

The flow In order to decrypt the root filesystem, the kernel uses a initial ram disk (initramfs). The initramfs provides an temporary filesystem from which extra kernel modules can be loaded, it also contains a set of scripts used to boot the system including scripts to decrypt the user’s root filesystem. This initramfs image is a file stored un-encrypted next to the kernel image. However, unlike the kernel image, it is not signed by the kernel publisher as the iniramfs is generated locally and can be modified by the user....

<span title='2022-11-13 09:10:00 +0000 UTC'>November 13, 2022</span>&nbsp;·&nbsp;480 words&nbsp;·&nbsp;Gauthier Jolly

Firewall, Tailscale and Ubuntu

I recently enabled the Firewall on my desktop on Ubuntu. I probably did a quick lookup online to find out that sudo ufw enable was enough to enable it. I entered the command and forgot about it. $ sudo ufw enable Firewall is active and enabled on system startup Obviously, (and to be honest I was waiting for it), it didn’t take long for things to go bad. A few weeks later, while I was not at home and wanted to SSH on my machine via tailscale, I realized that I couldn’t and quickly remember about the Firewall....

<span title='2021-11-14 13:10:00 +0000 UTC'>November 14, 2021</span>&nbsp;·&nbsp;312 words&nbsp;·&nbsp;Gauthier Jolly