Last month, I attended the GNOME.Asia Summit 2025 held at the IIJ office in Tokyo. This was my fourth time attending the summit, following previous events in Taipei (2010), Beijing (2015), and Delhi (2016). As I live near Tokyo, this year’s conference was a unique experience for me: an opportunity to welcome the international GNOME …
Author Archives: dueno
Optimizing CI resource usage in upstream projects
At GnuTLS, our journey into optimizing GitLab CI began when we faced a significant challenge: we lost our GitLab.com Open Source Program subscription. While we are still hoping that this limitation is temporary, this meant our available CI/CD resources became considerably lower. We took this opportunity to find smarter ways to manage our pipelines and …
Continue reading “Optimizing CI resource usage in upstream projects”
On command-line argument parsing
The command-line tools that are part of GnuTLS (such as certtool and p11tool) had been using the GNU AutoGen for handling command-line arguments. AutoGen (do not be confused with autogen.sh script commonly used in Autotools based projects) does a great job in that regard, as it produces command-line parsing code and the documentation from the …
AF_ALG support in GnuTLS
The Linux kernel implements a set of cryptographic algorithms to be used by other parts of the kernel. These algorithms can be accessed through the internal API; notable consumers of this API are encrypted network protocols such as WireGuard, as well as data encryption as in fscrypt. The kernel also provides an interface for user-space …
Bringing FIDO2 device support to sandboxes
Hardening user logins with 2FA is becoming must-feature of Web services; most of the services I use daily (such as GitLab instances) are already enabling it. Although it’s a bit cumbersome to enter secondary factor manually, using hardware tokens (such as FIDO2 authenticators) simplifies the process to a single tap, also making the entire authentication …
Continue reading “Bringing FIDO2 device support to sandboxes”
What’s new in GnuTLS 3.7.0
On behalf of the GnuTLS team, I am pleased to present GnuTLS 3.7.0, the first cut of the 3.7 series. This is the result of several months of planning and work by 25 contributors and includes feature enhancements and behavior changes, such as removal of deprecated functions and tightening of system requirements. In this entry, …
libsecret is accepting Outreachy interns as well
Like other projects in GNOME, libsecret also has an open project for Outreachy internship: Create a portable library for reading/writing libsecret keyring format. libsecret is a library that allows applications to store/retrieve user secrets (typically passwords). While it usually works as a client against a separate D-Bus service, it can also use a local file …
Continue reading “libsecret is accepting Outreachy interns as well”
Secrets management for Flatpak applications
At this year’s GUADEC, I talked about how Flatpak applications could manage user secrets such as passwords. It has now been summarized as an article on opensource.com: TL;DR, the points are: If your app is using libsecret and you are willing to avoid unnecessary exposure of D-Bus Secret Service API to Flatpak sandboxes, we recommend …
Continue reading “Secrets management for Flatpak applications”
Talk on TLS 1.3 APIs
I have been recently working on TLS (Transport Layer Security) libraries, in particular GnuTLS and NSS. For the last few years there had been a lot of activities in upstream implementing the latest standard, which officially came out as TLS 1.3. While the protocol design drastically changed from TLS 1.2, applications usually don’t need to …