News

Canonical/Microsoft Partnership Puts .NET 6 into Ubuntu Linux

• By David Ramel
• 08/16/2022

Microsoft and Canonical today announced a months-long partnership has resulted in .NET 6 being included in the latter company's latest Ubuntu distribution of the Linux OS.

And, not only is .NET 6 bundled with Ubuntu 22.04 (Jammy), it's easier to install with a simple apt command. Furthermore, closer ties between the two companies -- with dev teams working directly together and sharing content -- also resulted in the joint announcement that .NET 6 is available in a new type of lean, stripped-down container images created by Canonical.

Canonical uses the term "chiseling" to describe the process of stripping out all but a strict set of files and packages needed by the images at runtime. "These "chiseled" images -- so-called because everything not needed to provide a minimal Ubuntu image optimized for OCI containers has been cut away -- address developer feedback around attack surface and image size, without sacrificing Ubuntu's stability and familiarity," Canonical said in an Aug. 16 blog post.

The company said chiseling has resulted in the smallest Ubuntu-based Open Container Initiative (OCI) image ever published, coming in a 6MB compressed package that has been reduced by some 100MB of code. The Ubuntu creator released two new beta Ubuntu-based OCI images for .NET 6.

The new container images are said to significantly improve security posture with:

• Ultra-small images (reduced size and attack surface)
• No package manager (avoids a whole class of attacks)
• No shell (avoids a whole class of attacks)
• Non-root (avoids a whole class of attacks)

All of the above has come about after Microsoft, having open sourced .NET Core about five years ago, recently decided it had finally acquired enough open source experience to team up with Canonical for its Ubuntu distro, which has long been one of the most popular offerings for everyday Linux users.

"A partnership with Canonical was felt out of grasp during the early days of our project on GitHub," said Microsoft's Richard Lander in the company's own Aug. 16 blog post. "We've learned a lot about how to structure an OSS project so that it is a candidate for inclusion in a Linux distro."

Thus the partnership was formed with two goals: Simplify using .NET on Ubuntu and shortening the supply chain between Canonical and Microsoft.

The former has been fulfilled with the inclusion of .NET 6 in Jammy, installable via a simple apt install dotnet6 command.

Of the latter, Microsoft said: "Canonical already has secure processes in place for directly delivering Ubuntu Virtual Machine images to Azure for customers to use. It occurred to us that Canonical could do the same thing with the Ubuntu container base images that we use to build Ubuntu-based .NET images (regular and Chiseled). That's what we're now using, instead of pulling from Docker Hub. We now have what's effectively a zero-distance supply chain for all Canonical assets with known custody/provenance throughout."

.NET deb packages are now in Ubuntu Jammy 22.04 LTS for the x64 architecture and will soon be available for the Arm64 architecture as well as all newer Ubuntu releases, Canonical said, while also confirming that pre-built container images are available on the Azure Container Registry and via Docker Hub.

Going forward, Lander said Microsoft has set up a distro-maintainer group for .NET, of which Canonical is a member, and is discussing potential source-build improvements that might provide opportunities to make it easier for Canonical to consume .NET source, already looking ahead to .NET 8. As can be seen in the above graphic, one of those improvements for .NET 8 is to "Enable and better define 'portable Linux' behavior."

"Ubuntu now has an end-to-end story from development to production with ultra-small supported container images, starting with the .NET platform," said Valentin Viennot, product manager, Canonical. "We think it's a huge improvement for both our communities; collaborating with the .NET team at Microsoft has enabled us to go above and beyond."