Fedora People

PHP version 8.0.23RC1 and 8.1.10RC1

Posted by Remi Collet on August 19, 2022 05:57 AM

Release Candidate versions are available in testing repository for Fedora and Enterprise Linux (RHEL / CentOS / Alma / Rocky and other clones) to allow more people to test them. They are available as Software Collections, for a parallel installation, perfect solution for such tests, and also as base packages.

RPM of PHP version 8.1.10RC1 are available

  • as SCL in remi-test repository
  • as base packages
    • in the remi-php81-test repository for Enterprise Linux 7
    • in the remi-modular-test for Fedora 34-36 and Enterprise Linux ≥ 8

RPM of PHP version 8.0.23RC1 are available

  • as SCL in remi-test repository
  • as base packages
    • in the remi-php80-test repository for Enterprise Linux 7
    • in the remi-modular-test for Fedora 34-36 and Enterprise Linux ≥ 8

 

emblem-notice-24.pngPHP version 7.4 is now in security mode only, so no more RC will be released.

emblem-notice-24.pngInstallation : follow the wizard instructions.

Parallel installation of version 8.1 as Software Collection:

yum --enablerepo=remi-test install php81

Parallel installation of version 8.0 as Software Collection:

yum --enablerepo=remi-test install php80

Update of system version 8.1 (EL-7) :

yum --enablerepo=remi-php81,remi-php81-test update php\*

or, the modular way (Fedora and EL ≥ 8):

dnf module reset php
dnf module enable php:remi-8.1
dnf --enablerepo=remi-modular-test update php\*

Update of system version 8.0 (EL-7) :

yum --enablerepo=remi-php80,remi-php80-test update php\*

or, the modular way (Fedora and EL ≥ 8):

dnf module reset php
dnf module enable php:remi-8.0
dnf --enablerepo=remi-modular-test update php\*

Notice: version 8.1.9RC1 is also in Fedora rawhide for QA.

emblem-notice-24.pngEL-9 packages are built using RHEL-9.0

emblem-notice-24.pngEL-8 packages are built using RHEL-8.6

emblem-notice-24.pngEL-7 packages are built using RHEL-7.9

emblem-notice-24.pngoci8 extension now uses Oracle Client version 21.7, intl extension now uses libicu 71.1

emblem-notice-24.pngRC version is usually the same as the final version (no change accepted after RC, exception for security fix).

emblem-notice-24.pngVersion 8.2.0beta3 is also available

Software Collections (php80, php81)

Base packages (php)

Untitled Post

Posted by Zach Oglesby on August 18, 2022 06:22 PM

Pro tip: Make sure you are not scaling a picture of your family on your desktop background. Avoid being asked “Do I really look like that?”

For my X11 friends…

[✓] feh --bg-fill good

[✗] feh --bg-scale bad

Upgrade of Copr servers

Posted by Fedora Infrastructure Status on August 18, 2022 12:00 PM

We're updating copr packages to the new versions which will bring new features and bugfixes.

This outage impacts the copr-frontend and the copr-backend.

Call for Projects and Mentors for Outreachy December ’22 – March ’23 cohort

Posted by Fedora Community Blog on August 18, 2022 11:33 AM
outreachy banner - an image with diverse candidates in a group picture

The Fedora Project is participating in the upcoming round of Outreachy. We need more project ideas and mentors! The last day to propose a project or to apply as a general mentor is September 20, 2022 at 4pm UTC.

Being a community of diverse people from various backgrounds and different walks of life, the Fedora Project has participated as a mentoring organization for Outreachy internships for years. The Outreachy program is instrumental in providing a rich experience in working with free and open-source software. Fedora is a proud participant.

Project Proposal

If you have a project idea for the upcoming round of Outreachy, please open a ticket in the mentored projects repository. You can also volunteer to be a mentor for a project that’s not yours. As a supporting mentor, you will guide interns through the completion of the project.

A good project proposal makes all the difference. It saves time for both the mentors and the applicants.

What makes a good project proposal

  • Well-defined – The project has a well defined scope.
  • Self-contained – Has few dependencies on uncompleted work. Does not require interacting with multiple open source communities who are not on-board with interacting with an Outreachy intern.
  • Incremental – The project should produce several deliverables during the internship period, rather than having only one large deliverable. This allows the project goals to be modified if the intern completes task faster or slower than expected. If the project does have one large deliverable, it’s recommended that the intern complete a design document. This allows the intern to hand off unfinished work to the next intern, or the community.

The Mentored Projects Coordinators will review your ideas and help you prep your project proposal to be submitted to Outreachy.

Project Mentor

Signing up as a mentor is a commitment. Before signing up, please consider the following

  • Do you have enough time to work on this with the intern during the entire timeline?
    • Committing to 5-10 hours a week during the six-week application period to review applicant contributions
    • Committing up to 5 hours a week during the three month internship period to work with the Outreachy intern
  • It is harder to find success when you are completely certain of how an idea needs to be implemented. finding an intern with the skills and interest to implement a specific solution is a lot harder. Instead, the goal should be to focus on finding an intern with enough skills to respond to a use case need.
  • Who can help you? Try to find a second mentor for the project. Not only they can bring new perspective, in case you decide to go on a vacation, they will be the back up.

Please read through the mentor-faq page from Outreachy.

General Mentor

We are also looking for general mentors for the facilitation of proper communication of feedback and evaluation with the interns working on the selected projects.


Please submit your project ideas and mentorship availability as soon as possible. The last date for projects idea submission is September 20th, 2022.

Mentoring can be a fulfilling pursuit. It is beneficial for you, the intern and applicants, the Fedora Project, and the overall open source ecosystem. Join us in fostering the growth of our community and the love of open source!

The post Call for Projects and Mentors for Outreachy December ’22 – March ’23 cohort appeared first on Fedora Community Blog.

The War of the Worlds

Posted by Peter Czanik on August 18, 2022 10:40 AM

“Jeff Wayne’s Musical Version of The War of the Worlds” has been a turning point in my life in many ways. It was one of the first non-classical albums I listened to. It was the starting point in my ability to understand spoken English.

The first steps from classical

My parents only listen to classical music. Even Bartók is too modern for them. In my household growing up, I was only exposed to classical music. Yes, I heard some pop-music on the streets, but I was told that it’s just noise, not music. I must admit that even to this date I mostly agree with this statement :-)

However, today I do not listen only to classical music. I still recall the first album that I liked and was not fully classical. It was Hooked on Classics played by the Royal Philharmonic Orchestra. Tons of familiar classical melodies played in the style of pop music of that time. I listened to these albums countless times.

<iframe allowfullscreen="allowfullscreen" src="https://www.youtube.com/embed/P7PRGiQjbqk" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; border:0;" title="YouTube Video"></iframe>

Once the damage was done, I started to listen other non-classical works. From the early years I recall the names of Richard Clayderman and Kitaro. Clearly not classical music any more, even some electronic instruments, but still very different from mainstream pop music.

Understanding spoken English

In high school one of my classmates lent me an album: Jeff Wayne’s Musical Version of The War of the Worlds. First I listened to it as I loved the music and the story on which album was built. Then I realized that it can help me to understand spoken English.

<figure><figcaption>

The War of the Worlds album cover

</figcaption> </figure>

It was right after 1989, when Hungary changed to a democracy. The Russian troops were still in the country, but I was in the first high school year where learning Russian was not mandatory any more. My primary foreign language in high school was German, the secondary was English. There was a glut of Russian language teachers and barely enough teachers for other languages. We had one or two English lessons a week, and very minimal chance to listen to real English pronunciation. At that time there was no YouTube, etc. We had a satellite TV receiver, but I could not follow spoken English there at all, as in school I never heard anything close to real English…

When I first listened to The War of the Worlds, I could barely understand anything, even when I was reading the text from the album cover. After a while I realized that repeated listening and reading the book, things “clicked” and I started to understand the language better. Then I started listening to the album not just for the music but to check if my understanding of spoken English improves. After a while I could follow the narrator and the singers even without having the album cover at hand.

The good thing is that understanding spoken English did not stop at this album. It was as very important milestone. From that time on, I could pick up more English from the television. Of course high school level English provided just a very basic level of understanding, which I would later build on to greatly improve my English skills. That’s another story, not related to music…

Listen to the album on TIDAL: https://listen.tidal.com/album/2917051

Read my blog about Discogs to learn about my music collection: https://peter.czanik.hu/posts/discogs/

Server Updates & Reboots

Posted by Fedora Infrastructure Status on August 17, 2022 08:00 PM

We will be updating and rebooting various servers to bring them up to date. During the outage window any services may be up and down as proxies and gateways are rebooted. Any fedoraproject services may be affected with the exception of mirrorlists and static web content.

This outage is now …

Finding Linux Kernel Config options in menuconfig

Posted by Adam Young on August 17, 2022 02:15 PM

We have reason to believe that we should not be setting CONFIG_EFI_DISABLE_RUNTIME=y In our Kernel configs. I want to perform a controlled expereient booting two Kernel builds, one with this option set and one with it disabled. Since I have the option set, building that Kernel is trivial.

 make olddefconfig
 make -j$(nproc)  rpm-pkg

Now, to turn that option off, I could just edit the .config file. However, it is possible that there are other config options linked to that one, and there is logic to modify them together. I want to see what happens if I use make menuconfig to change the option to confirm (or deny) that only that option gets changed. But where do I find this option in the menu?

grep -rn EFI_DISABLE_RUNTIME .
...
./drivers/firmware/efi/Kconfig:278:config EFI_DISABLE_RUNTIME
...

Lets take a quick look at that file. Near the end of it, we can see the longer entry that will show up in Menuconfig:

config EFI_DISABLE_RUNTIME
        bool "Disable EFI runtime services support by default"
        default y if PREEMPT_RT

At the top of it we have:

menu "EFI (Extensible Firmware Interface) Support"
        depends on EFI

However, that second level menu is not visible from the main menu screen

<figure class="wp-block-image"><figcaption>make menuconfig main screen
</figcaption></figure>

What thinks to pull in this file? Lets take a guess and look one level up in the directory.

$ grep Kconfig ./drivers/firmware/Kconfig 
source "drivers/firmware/arm_scmi/Kconfig"
source "drivers/firmware/arm_ffa/Kconfig"
source "drivers/firmware/broadcom/Kconfig"
source "drivers/firmware/cirrus/Kconfig"
source "drivers/firmware/google/Kconfig"
source "drivers/firmware/efi/Kconfig"
source "drivers/firmware/imx/Kconfig"
source "drivers/firmware/meson/Kconfig"
source "drivers/firmware/psci/Kconfig"
source "drivers/firmware/smccc/Kconfig"
source "drivers/firmware/tegra/Kconfig"
source "drivers/firmware/xilinx/Kconfig"

So the directory structure should be mirrored in the menu structure. Lets again look one level up.

$ grep drivers/firmware ./drivers/Kconfig 
source "drivers/firmware/Kconfig"

And again one level up.

[ayoung@eng14sys-r111 linux]$ grep drivers ./Kconfig 
source "drivers/Kconfig"

Now, the toplevel one does not have a “menu” entry in it, it just sources all of the entries below it, and I assume that makes a flat structure that is somehow organized. To get a tree we probably need those menu entries..

$ grep menu ./drivers/Kconfig 
menu "Device Drivers"
endmenu
$ grep menu ./drivers/firmware/Kconfig 
menu "Firmware Drivers"
endmenu

Going back to our top level menu, we can see that there is a Device Drivers entry just under networking support. On the second level menu we can see a Firmware Drivers entry.

Scroll a few lines down and you can see the EFI entry

<figure class="wp-block-image"><figcaption>make menuconfig->main->Device Drivers->Firmware->EFI Entry:</figcaption></figure> <figure class="wp-block-image"><figcaption>Disable EFI entry highlighted</figcaption></figure>

From here we can deselct the option and see the change in our config file:

$ diff old.config .config
2354c2354
< CONFIG_EFI_DISABLE_RUNTIME=y
---
> # CONFIG_EFI_DISABLE_RUNTIME is not set

johnnycanencrypt 0.7.0 released

Posted by Kushal Das on August 17, 2022 11:28 AM

Today I released Johnnycanencrypt 0.7.0. It has breaking change of some function names.

  • create_newkey renamed to create_key
  • import_cert renamed to import_key

But, the major work done are in few different places:

  • Handling errors better, no more normal Rust panics, instead providing better Python exceptions as CryptoError.
  • We can now sign bytes/files in both detached & in normal compressed binary form.
  • Signature can be done via smartcards, and verification works as usual.

In the Github release page you can find an OpenPGP signature, which you can use to verify the release. You can also verify via sigstore.

SIGSTORE_LOGLEVEL=debug python -m sigstore verify --cert-email mail@kushaldas.in --cert-oidc-issuer https://github.com/login/oauth johnnycanencrypt-0.7.0.tar.gz
DEBUG:sigstore._cli:parsed arguments Namespace(subcommand='verify', certificate=None, signature=None, cert_email='mail@kushaldas.in', cert_oidc_issuer='https://github.com/login/oauth', rekor_url='https://rekor.sigstore.dev', staging=False, files=[PosixPath('johnnycanencrypt-0.7.0.tar.gz')])
DEBUG:sigstore._cli:Using certificate from: johnnycanencrypt-0.7.0.tar.gz.crt
DEBUG:sigstore._cli:Using signature from: johnnycanencrypt-0.7.0.tar.gz.sig
DEBUG:sigstore._cli:Verifying contents from: johnnycanencrypt-0.7.0.tar.gz
DEBUG:sigstore._verify:Successfully verified signing certificate validity...
DEBUG:sigstore._verify:Successfully verified signature...
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): rekor.sigstore.dev:443
DEBUG:urllib3.connectionpool:https://rekor.sigstore.dev:443 "POST /api/v1/index/retrieve/ HTTP/1.1" 200 85
DEBUG:urllib3.connectionpool:https://rekor.sigstore.dev:443 "GET /api/v1/log/entries/362f8ecba72f4326972bc321d658ba3c9197b29bb8015967e755a97e1fa4758c13222bc07f26d27c HTTP/1.1" 200 None
DEBUG:sigstore._verify:Successfully verified Rekor entry...
OK: johnnycanencrypt-0.7.0.tar.gz

I took 8 months for this release, now time to write some tools to use it in more places :)

Speeding up the kernel testing loop

Posted by Bastien Nocera on August 17, 2022 09:14 AM

When I create kernel contributions, I usually rely on a specific hardware, which makes using a system on which I need to deploy kernels too complicated or time-consuming to be worth it. Yes, I'm an idiot that hacks the kernel directly on their main machine, though in my defense, I usually just need to compile drivers rather than full kernels.

But sometimes I work on a part of the kernel that can't be easily swapped out, like the USB sub-system. In which case I need to test out full kernels.

I usually prefer compiling full kernels as RPMs, on my Fedora system as it makes it easier to remove old test versions and clearly tag more information in the changelog or version numbers if I need to.

Step one, build as non-root

First, if you haven't already done so, create an ~/.rpmmacros file (I know...), and add a few lines so you don't need to be root, or write stuff in /usr to create RPMs.

$ cat ~/.rpmmacros
%_topdir        /home/hadess/Projects/packages
%_tmppath        %{_topdir}/tmp

Easy enough. Now we can use fedpkg or rpmbuild to create RPMs. Don't forget to run those under “powerprofilesctl launch” to speed things up a bit.

Step two, build less

We're hacking the kernel, so let's try and build from upstream. Instead of the aforementioned fedpkg, we'll use “make binrpm-pkg” in the upstream kernel, which builds the kernel locally, as it normally would, and then packages just the binaries into an RPM. This means that you can't really redistribute the results of this command, but it's fine for our use.

 If you choose to build a source RPM using “make rpm-pkg”, know that this one will build the kernel inside rpmbuild, this will be important later.

 Now that we're building from the kernel sources, that's our time to activate the cheat code. Run “make localmodconfig”. It will generate a .config file containing just the currently loaded modules. Don't forget to modify it to include your new driver, or driver for a device you'll need for testing.

Step three, build faster

If running “make rpm-pkg” is the same as running “make ; make modules” and then packaging up the results, does that mean that the “%{?_smp_mflags}” RPM macro is ignored, I make you ask rhetorically. The answer is yes. “make -j16 rpm-pkg”. Boom. Faster.

Step four, build fasterer

As we're building in the kernel tree locally before creating a binary package, already compiled modules and binaries are kept, and shouldn't need to be recompiled. This last trick can however be used to speed up compilation significantly if you use multiple kernel trees, or need to clean the build tree for whatever reason. In my tests, it made things slightly slower for a single tree compilation.

$ sudo dnf install -y ccache
$ make CC="ccache gcc" -j16 binrpm-pkg

Easy.

And if you want to speed up the rpm-pkg build:

$ cat ~/.rpmmacros
[...]
%__cc            ccache gcc
%__cxx            ccache g++

More information is available in Speeding Up Linux Kernel Builds With Ccache.

Step five, package faster

Now, if you've implemented all this, you'll see that the compilation still stops for a significant amount of time just before writing “Wrote kernel...rpm”. A quick look at top will show a single CPU core pegged to 100% CPU. It's rpmbuild compressing the package that you will just install and forget about.

$ cat ~/.rpmmacros
[...]
%_binary_payload    w2T16.xzdio

More information is available in Accelerating Ceph RPM Packaging: Using Multithreaded Compression.

TL;DR and further work

All those changes sped up the kernel compilation part of my development from around 20 minutes to less than 2 minutes on my desktop machine.

$ cat ~/.rpmmacros
%_topdir        /home/hadess/Projects/packages
%_tmppath        %{_topdir}/tmp
%__cc            ccache gcc
%__cxx            ccache g++
%_binary_payload    w2T16.xzdio


$ powerprofilesctl launch make CC="ccache gcc" -j16 binrpm-pkg

I believe there's still significant speed ups that could be done, in the kernel, by parallelising some of the symbols manipulation, caching the BTF parsing for modules, switching the single-threaded vmlinux bzip2 compression, and not generating a headers RPM (note: tested this last one, saves 4 seconds :)

 

The results of my tests. YMMV, etc.

<style>table, th, td { border: 1px solid black; border-collapse: collapse; padding: 10px; } </style>
Command Time spent Notes
koji build --scratch --arch-override=x86_64 f36 kernel.src.rpm 129 minutes It's usually quicker, but that day must have been particularly busy
fedpkg local 70 minutes No rpmmacros changes except setting the workdir in $HOME
powerprofilesctl launch fedpkg local 25 minutes
localmodconfig / bin-rpmpkg 19 minutes Defaults to "-j2"
localmodconfig -j16 / bin-rpmpkg 1:48 minutes
powerprofilesctl launch localmodconfig ccache -j16 / bin-rpmpkg 7 minutes Cold cache
powerprofilesctl launch localmodconfig ccache -j16 / bin-rpmpkg 1:45 minutes Hot cache
powerprofilesctl launch localmodconfig xzdio -j16 / bin-rpmpkg 1:20 minutes

Releasing new libre Malayalam font ‘Karuna’

Posted by Rajeesh K Nambiar on August 17, 2022 05:52 AM

Today, on the auspicious day of Malayalam new year (ചിങ്ങം ൧), I am pleased to announce the release of a new libre font for Malayalam script ‘Karuna’ by Rachana Institute of Typography. Karuna is a display typeface suitable for titling and headlines.

Here are some beautiful posters designed in Karuna by Narayana Bhattathiri.

Karuna is designed by renowned calligrapher Narayana Bhattathiri, font development is done by KH Hussain, font engineering is done by me (Rajeesh KV) in collaboration with CV Radhakrishnan.

Bhattathiri explains that the font was inspired by style of CN Karunakaran (1940–2013), an acclaimed painter, illustrator & art director from Kerala. Inspired by and as a homage to his style of titling and designs; Bhattathiri designed the shapes for Karuna. Karuna brings a unique design to the growing collection of high-quality open fonts maintained by Rachana Institute of Typography. In KH Hussain’s words:

മലയാളത്തിന്റെ ടൈറ്റിലിംഗിലും കവർ ഡിസൈനിംഗിലും സി.എൻ.കരുണാകരൻ ആയിരത്തിത്തൊള്ളായിരത്തി എഴുപതുകളിൽ കൊണ്ടുവന്ന മാറ്റം വിപ്ലവാത്മകമായിരുന്നു. എ.എസ്സിന്റെയും നമ്പൂതിരിയുടെയും സമകാലീനനായിരിക്കുമ്പോൾ തന്നെ ചിത്രീകരണങ്ങളിലും അക്ഷര രൂപകല്പനയിലും കരുണാകരൻ പൂർവ്വഗാമികളിൽ നിന്നു വ്യക്തമായ അകലവും വ്യത്യസ്തതയും പുലർത്തി.

അരനൂറ്റാണ്ടിനു ശേഷം നാരയണ ഭട്ടതിരി കരുണ ഡിസൈൻ ചെയ്യുമ്പോൾ വെറുമൊരു പകർത്തലല്ലാതായി അത് മാറുന്നുണ്ട്. കരുണാകരൻ മലയാള അക്ഷരങ്ങളിൽ കാണിച്ച അതേ സ്വാതന്ത്ര്യം കരുണാകരന്റെ അക്ഷരങ്ങളിൽ ഭട്ടതിരിയും എടുക്കുന്നു. മലയാളം ടൈപോഗ്രഫിയിലെ ഏറ്റവും അനന്യമായ ഫോണ്ടായി കരുണ മാറുകയാണ്. ഇന്നിപ്പോൾ ആസ്കിയിലും യൂണികോഡിലും ഉപയോഗത്തിലുള്ള മറ്റെല്ലാ ഫോണ്ടുകൾക്കും മലയാളത്തിലും റോമനിലുമൊക്കെ ചാർച്ചകൾ കണ്ടെത്താൻ കഴിയും. കരുണയ്ക്കു കഴിയില്ല.

1977 ൽ തടവറക്കവിതകൾക്കു വേണ്ടി കരുണാകരൻ ഡിസൈൻ ചെയ്ത പുറംചട്ടയിൽ കരുണാകരന്റെ കാലിഗ്രാഫിയുടെ പ്രത്യേകതകൾ ദർശിക്കാൻ കഴിയും. അടിയന്തിരാവസ്ഥയിൽ കൊടിയ മർദ്ദനങ്ങൾക്കിരയായി തടവറയിൽ കിടന്ന് നക്സലൈറ്റുകൾ എഴുതിയ കവിതകളുടെ സമാഹാരമായിരുന്നു ആ പുസ്തകം. അടിയന്തിരാവസ്ഥയുടെ നൃശംസതകൾ ആ കവർ ചിത്രത്തിലെ അക്ഷരങ്ങളിൽ വിറങ്ങലിപ്പായി നിഴലിക്കുന്നു. കരുണ ഫോണ്ട് അതിന്റെയൊരു പകർന്നാട്ടമായി മാറുന്നു.
<figure class="wp-block-image size-large is-resized"><figcaption class="wp-element-caption">Title designed by CN Karunakaran in 1977. Source: KH Hussain.</figcaption></figure>

Karuna follows the traditional orthography of Malayalam script (neither reformed script, nor re-reformed script) and has precise OTL shaping rules required for advanced script layout. The font is licensed and made available for public use under Open Font License (OFL). You may download it at Rachana website. Font sources are available at the GitLab repository.

Shim Ab Booting Poc

Posted by Robbie Harwood on August 17, 2022 04:00 AM

I've implemented a proof-of-concept for "A/B booting" of shim itself. Concretely, this means that when a shim fails to boot, an older version will be tried as a fallback. This aims to increase the stability and reliability of shim updates. Booting the older shim is a stop-gap and not something we want systems to be regularly doing, so the situation is detected and reported for admin attention.

This is a proof-of-concept, and additional features/changes are not only possible but likely.

("fallback" is a term with many meanings in this context, so we attempt to avoid its use.)

Trying it out

On Fedora rawhide, install this COPR:

dnf copr enable rharwood/shim-ab-enable
dnf update

This updates the shim packaging to be wired up with the A/B logic.

However, it doesn't actually provide a second shim (the "B" part of "A/B"). Once the system is updated with the shim from the first COPR, install the second COPR:

dnf copr enable rharwood/shim-ab-second
dnf update

Now there are two versions of shim installed on the system.

Boot counting

Firmwares don't operate on BLS entries, and so this looks different than boot counting at that level of the stack. However, in all cases the operation of recording when a boot succeeds lives in userspace (since the system must have booted). It is also possible to detect failures of the "A" loader that fall through to booting the "B" loader. In this proof-of-concept, the decision on what action to take is left to the admin, though it would be easy to script additional behavior.

This proof-of-concept implements both detections, logging results and a warning when the "A" loader has failed.

(To simulate "A" loader failure: remove or rename the shimx64.efi/shimaa64.efi files in the ESP and the latest /usr/lib/shim*, then reboot the system. Alternately, use efibootmgr to switch the order of primary and fallback.)

Technical details

The "A" shim uses the existing location in the ESP (e.g., \EFI\fedora\shimaa64.efi) and UEFI boot entry.

The "B" shim also lives in the ESP, and its name ends with b (e.g., \EFI\fedora\shimaa64b.efi). We do not think 8.3 names are required for these files. A new UEFI boot entry is created for it, currently called "Fedora fallback", and placed immediately after the "A" entry ("Fedora") in the boot order. This could be renamed to something else if that’s preferred.

On system update, the shims are rotated - that is, the old "A" shimx64.efi becomes the "B" shimx64_b.efi, and the new shimx64.efi is dropped into place. Because the same filenames are used, boot entries are not typically modified on update. It is therefore technically possible (though discouraged) to make an older shim the primary "A" boot target.

The shim files themselves are stored in /usr/lib/shim-ARCH-VERSION-RELEASE (where ARCH is the UEFI architecture name, like x64 or aa64). This allows userspace boot logging to determine which version of shim was booted, not just whether it was "A" or "B". (It also allows reuse of these files without granting read access to the ESP or unpacking RPMs, which is a feature that has been requested elsewhere.)

Boot logging is kicked off by shim-booted.service, which is currently a requirement of multi-user.target. This runs a python script (shimctl) which logs to /var/log/shim_boots. The same script is also used for updating shims.

Functional Fixedness

Posted by Adam Young on August 17, 2022 12:33 AM

Today I was reminded how easy it is to get fixed in your thinking.

The short lessons learned: if the Hostname fails (due to SSL) try the IP address.

Longer story:


I have to reprovision a system. It was currently running Ubuntu 22.04, but the software we needed to run on it only worked with Ubuntu 20.04. While this should not have been the case, it was not my problem to solve…My problem was to figure out how to run our development stack.

And I got stuck. Why…because sometimes you miss the obvious things, and sometimes you miss the less than obvious things.

To reprovision the system, I needed to tell it top reboot to PXE. THere are many ways to do this, but the best way is to use IPMI. However, I wanted to “see” it provision, so I did what I usually do (on Our ARM based servers) and open up an IPMI base Serial-over-lan (SOL) terminal and wait to see the output.

Well, no I didn’t. Something in the back of my mind said “Hey, on these Dell systems,. you need to use the web based console to reprovision them, not the SOL.” So I tried to get to them via a web browser but I kept getting HTTPS errors about bad certificates. SO I grumbled about our X509 management and I moved back to using the SOL.

And I power cycled the machine and waited and it never came up.

Dumb mistake number one…make sure the SOL terminal is on the same system that you run the power cycle command on. This seems trivial, but when you rely on your bash history as much as I do, it is easy to get mixed up using the most recent command instead of the second (or tenth) most recent version.

I had a rhythm to doing this kind of work when I work on our own servers. I had it scripted tightly so that I only had to keep track of the machine I was on, and could work in large arrays of the servers. But the Dells are in a different rack, have different rules, and I had forgotten them. Part of this article is to write down the things I need to remember next time I get there.

Anyway, I got the SOL to work with the recycle, got the PXE menu, selected the install I wanted and I waited…and it never moved on to the installer. This was the reason I was supposed to use the Web based BMC console.

Which works just fine if you use the IP address of the console and not the FQDN. But the FQDN is what is related to our FQDN of address I use to log in to the server after it is provisioned. So what I needed to do is pint the FQDN of the BMC (IPMI) and use the returned IP address to connect to the BMC via the web portal.

So what caused the functional fixedness? I think, in part, due to my annoyance at having to use the web console in the first place. I really want all of our provisioning to be automated. And this kind of workflow is out of my normal path. For everything else I do it THIS way, but for this server I need to do it THAT way.

And that bothers me.



Episode 336 – We don’t have data, we have security biases

Posted by Josh Bressers on August 15, 2022 12:00 AM

Josh and Kurt talk about our lack of security and some of the data bias problems that can emerge. A lot of what we think is security data is really just biased data. This is OK as long as we understand the data is broken and know this is the first step in a longer journey.

<audio class="wp-audio-shortcode" controls="controls" id="audio-2848-1" preload="none" style="width: 100%;"><source src="https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_336_We_dont_have_data_data_we_have_security_biases.mp3?_=1" type="audio/mpeg">https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_336_We_dont_have_data_data_we_have_security_biases.mp3</audio>

Show Notes

4 cool new projects to try in Copr for August 2022

Posted by Fedora Magazine on August 14, 2022 08:58 PM

Copr is a build system for anyone in the Fedora community. It hosts thousands of projects for various purposes and audiences. Some of them should never be installed by anyone, some are already being transitioned to the official Fedora Linux repositories, and the rest are somewhere in between. Copr gives you the opportunity to install third-party software that is not available in Fedora Linux repositories, try nightly versions of your dependencies, use patched builds of your favorite tools to support some non-standard use cases, and just experiment freely.

If you don’t know how to enable a repository or if you are concerned about whether it is safe to use Copr, please consult the project documentation.

This article takes a closer look at interesting projects that recently landed in Copr.

Ntfy

Ntfy is a simple HTTP-based notification service that allows you to send notifications to your devices using scripts from any computer. To send notifications ntfy uses PUT/POST commands or it is possible to send notifications via ntfy CLI without any registration or login. For this reason, choose a hard-to guess topic name, as this is essentially a password.

In the case of sending notifications, it is as simple as this:

$ ntfy publish beer-lovers "Hi folks. I love beer!"
{"id":"4ZADC9KNKBse", "time":1649963662, "event":"message", "topic":"beer-lovers", "message":"Hi folks. I love beer!"}

And a listener who subscribes to this topic will receive:

$ ntfy subscribe beer-lovers
{"id":"4ZADC9KNKBse", "time":1649963662, "event":"message", "topic":"beer-lovers", "message":"Hi folks. I love beer!"}

If you wish to receive notifications on your phone, then ntfy also has a mobile app for Android so you can send notifications from your laptop to your phone.

<figure class="wp-block-image size-full is-resized"></figure>

Installation instructions

The repo currently provides ntfy for Fedora Linux 35, 36, 37, and Fedora Rawhide. To install it, use these commands:

sudo dnf copr enable cyqsimon/ntfysh
sudo dnf install ntfysh

Koi

If you use light mode during the day but want to protect your eyesight overnight and switch to dark mode, you don’t have to do it manually anymore. Koi will do it for you!

Koi provides KDE Plasma Desktop functionality to automatically switch between light and dark mode according to your preferences. Just set the time and themes.

<figure class="wp-block-image size-full is-resized is-style-default"></figure>

Installation instructions

The repo currently provides Koi for Fedora Linux 35, 36, 37, and Fedora Rawhide. To install it, use these commands:

sudo dnf copr enable birkch/Koi
sudo dnf install Koi

SwayNotificationCenter

SwayNotificationCenter provides a simple and nice looking GTK GUI for your desktop notifications.

You will find some key features such as do-not-disturb mode, a panel to view previous notifications, track pad/mouse gestures, support for keyboard shortcuts, and customizable widgets. SwayNotificationCenter also provides a good way to configure and customize via JSON and CSS files.

More information on https://github.com/ErikReider/SwayNotificationCenter with screenshots at the bottom of the page.

Installation instructions

The repo currently provides SwayNotificationCenter for Fedora Linux 35, 36, 37, and Fedora Rawhide. To install it, use these commands:

sudo dnf copr enable erikreider/SwayNotificationCenter
sudo dnf install SwayNotificationCenter

Webapp Manager

Ever want to launch your favorite websites from one place? With WebApp manager, you can save your favorite websites and run them later as if they were an apps.

You can set a browser in which you want to open the website and much more. For example, with Firefox, all links are always opened within the WebApp.

<figure class="wp-block-image size-full">WebApp manager showcase</figure>

Installation instructions

The repo currently provides WebApp for Fedora Linux 35, 36, 37, and Fedora Rawhide. To install it, use these commands:

sudo dnf copr enable perabyte/webapp-manager
sudo dnf install webapp-manager

Untitled Post

Posted by Zach Oglesby on August 14, 2022 02:51 AM

Padres lost, but we had a good time.

nbdkit for macOS

Posted by Richard W.M. Jones on August 13, 2022 09:34 PM

nbdkit, our high performance, portable Network Block Device server has now been ported to macOS. It’s a command line tool and macOS is sufficiently FreeBSD-like that the port wasn’t very hard. It’s relatively full featured, including a large portion of the plugins and filters, a brand new exit-with-parent implementation, and almost all tests passing.

However one larger problem remains (for performance) which is the lack of atomic CLOEXEC when opening pipes or sockets. Linux has pipe2 and accept4. I wasn’t able to find any good equivalent on macOS, and hence most of the time we are limited to serializing some requests that could otherwise run in parallel.

nbdkit already supported Linux, FreeBSD, OpenBSD, Haiku and Windows!

Untitled Post

Posted by Zach Oglesby on August 13, 2022 03:49 PM

The thermometer says 77 but I am sweating bullets cutting the grass. East Coast humidity is awful.

Untitled Post

Posted by Zach Oglesby on August 13, 2022 02:35 AM

Had a great vacation in the Dominica Republic. We really enjoyed getting away as a family and spending time relaxing. Such a beautiful country and wounderful people!

Contribute at the Fedora Kernel 5.19 and GNOME 43 Beta test weeks

Posted by Fedora Magazine on August 12, 2022 04:01 PM

There are two upcoming test weeks in the coming weeks. The first is Sunday 14 August through Sunday 21 August. It is to test Kernel 5.19. The second is Monday 15 August through Monday 22 August. It focuses on testing GNOME 43 Beta. Come and test with us to make the upcoming Fedora 37 even better. Read more below on how to participate.

Kernel test week

The kernel team is working on final integration for Linux kernel 5.19. This version was just recently released, and will arrive soon in Fedora. As a result, the Fedora kernel and QA teams have organized a test week Sunday, August 14, 2022 through Sunday, August 21, 2022. Refer to the wiki page for links to the test images you’ll need to participate.

GNOME 43 Beta test week

GNOME is the default desktop environment for Fedora Workstation and thus for many Fedora users. As a part of the planned change the GNOME 43 beta will land on Fedora which then will be shipped with Fedora 37. To ensure that everything works fine The Workstation Working Group and QA team will have this test week Monday 15 August through Monday 22 August. Refer to the GNOME 43 Beta test week wiki page for links and resources needed to participate.

How do test days work?

A test day is an event where anyone can help make sure changes in Fedora work well in an upcoming release. Fedora community members often participate, and the public is welcome at these events. If you’ve never contributed before, this is a perfect way to get started.

To contribute, you only need to be able to download test materials (which include some large files) and then read and follow directions step by step.

Detailed information about both test days is available on the wiki pages mentioned above. If you’re available on or around the days of the events, please do some testing and report your results.

Again, the two upcoming test days in the upcoming week are:

  • Kernel 5.19 testing on Sunday 14 August through Sunday 21 August
  • Gnome 43 Beta testing on Monday 15 August through Monday 22 August

Come and test with us to make the upcoming Fedora 37 even better.

CPE Weekly Update – Week 32 2022

Posted by Fedora Community Blog on August 12, 2022 10:00 AM
featured image with CPE team's name

This is a weekly report from the CPE (Community Platform Engineering) Team. If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on libera.chat (https://libera.chat/).

Week: 8th – 12th August 2022

Highlights of the week

Infrastructure & Release Engineering

Goal of this Initiative

Purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
The ARC (which is a subset of the team) investigates possible initiatives that CPE might take on.
Link to planning board
Link to docs

Update

Fedora Infra

  • Some great nest talks and discussions, check them out on replay!
  • Debugging instability in 32bit arm builders again. ;(
  • Rebalanced the s390x builders.
  • Business as usual

CentOS Infra including CentOS CI

Release Engineering

  • Mass branching yesterday (f37 split off rawhide, which is now f38)

CentOS Stream

Goal of this Initiative

This initiative is working on CentOS Stream/Emerging RHEL to make this new distribution a reality. The goal of this initiative is to prepare the ecosystem for the new CentOS Stream.

Updates

  • Git source moved from git.centos.org to gitlab, for c8s modules.

EPEL

Goal of this initiative

Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).

EPEL packages are usually based on their Fedora counterparts and will never conflict with or replace packages in the base Enterprise Linux distributions. EPEL uses much of the same infrastructure as Fedora, including buildsystem, bugzilla instance, updates manager, mirror manager and more.

Updates

  • EPEL9 is up to 7233 (+106) packages from 3207 (+27) source packages
  • “State of EPEL” presentation at Nest conference, recording will be posted to YouTube at a later date
  • EPEL Survey has launched and is available through the end of August
  • epel-release has been improved with a recommends on dnf-command(config-manager) to ensure crb enabling script can work out of the box
  • KDE Plasma updated from 5.23 to 5.24 (LTS release) in epel8-next and epel9-next

FMN replacement

Goal of this initiative

FMN (Fedora-Messaging-Notification) is a web application allowing users to create filters on messages sent to (currently) fedmsg and forward these as notifications on to email or IRC.
The goal of the initiative is mainly to add fedora-messaging schemas, create a new UI for a better user experience and create a new service to triage incoming messages to reduce the current message delivery lag problem. Community will profit from speedier notifications based on own preferences (IRC, Matrix, Email), unified fedora project to one message service and human-readable results in Datagrepper.
Also, CPE tech debt will be significantly reduced by dropping the maintenance of fedmsg altogether.

Updates

  • Unit tests/coverage tests on frontend (Vue.js)
  • Auth/OIDC work on both frontend and backend
  • Initial backend connection via SQLAlchemy/fastAPI
  • Basic functionality of connecting to FASJSON
  • CI improvements and fixes

Kindest regards,
CPE Team

The post CPE Weekly Update – Week 32 2022 appeared first on Fedora Community Blog.

Fedora Sway OSTree Spin name

Posted by Fabio Alessandro Locati on August 12, 2022 12:00 AM
The Fedora Sway SIG is working to create an immutable version of the Sway Spin (also work in progress) using OSTree. Those immutable spins of Fedora are becoming more common following Silverblue and Kinoite’s success. As it often happens, one of the most challenging things to do in creating something is to come up with clever names. This task is made even more complex by the relatively small amount of people active in this conversation.

Common GLib Programming Errors, Part Two: Weak Pointers

Posted by Michael Catanzaro on August 11, 2022 09:40 PM

This post is a sequel to Common GLib Programming Errors, where I covered four common errors: failure to disconnect a signal handler, misuse of a GSource handle ID, failure to cancel an asynchronous function, and misuse of main contexts in library or threaded code. Although there are many ways to mess up when writing programs that use GLib, I believe the first post covered the most likely and most pernicious… except I missed weak pointers. Sébastien pointed out that these should be covered too, so here we are.

Mistake #5: Failure to Disconnect Weak Pointer

In object-oriented languages, weak pointers are a safety improvement. The idea is to hold a non-owning pointer to an object that gets automatically set to NULL when that object is destroyed to prevent use-after-free vulnerabilities. However, this only works well because object-oriented languages have destructors. Without destructors, we have to deregister the weak pointer manually, and failure to do so is a disaster that will result in memory corruption that’s extremely difficult to track down. For example:

static void
a_start_watching_b (A *self,
                    B *b)
{
  // Keep a weak reference to b. When b is destroyed,
  // self->b will automatically be set to NULL.
  self->b = b;
  g_object_add_weak_pointer (b, &self->b);
}

static void
a_do_something_with_b (Foo *self)
{
  if (self->b) {
    // Do something safely here, knowing that b
    // is assuredly still alive. This avoids a
    // use-after-free vulnerability if b is destroyed,
    // i.e. self->b cannot be dangling.
  }
}

Let’s say that the Bar in this example outlives the Foo, but Foo failed to call g_object_remove_weak_pointer() . Then when Bar is destroyed later, the memory that used to be occupied by self->bar will get clobbered with NULL. Hopefully that will result in an immediate crash. If not, good luck trying to debug what’s going wrong when some innocent variable elsewhere in your program gets randomly clobbered. This is often results in a frustrating wild goose chase when trying to track down what is going wrong (example).

The solution is to always disconnect your weak pointer. In most cases, your dispose function is the best place to do this:

static void
a_dispose (GObject *object)
{
  A *a = (A *)object;
  g_clear_weak_pointer (&a->b);
  G_OBJECT_CLASS (a_parent_class)->dispose (object);
}

Note that g_clear_weak_pointer() is equivalent to:

if (a->b) {
  g_object_remove_weak_pointer (a->b, &a->b);
  a->b = NULL;
}

but you probably guessed that, because it follows the same pattern as the other clear functions that we’ve used so far.

Friday’s Fedora Facts: 2022-32

Posted by Fedora Community Blog on August 11, 2022 08:46 PM

Here’s your weekly Fedora report. Read what happened this week and what’s coming up. Your contributions are welcome (see the end of the post)!

I have weekly office hours on Wednesdays in the morning and afternoon (US/Eastern time) in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else. See the upcoming meetings for more information.

Announcements

CfPs

<figure class="wp-block-table">
ConferenceLocationDateCfP
Kieler Open Source und Linux TageKiel, DE and virtual16–17 Sepcloses 14 Aug
Hardwear.io NetherlandsThe Hauge, NL24–28 Octcloses 15 Aug
SeaGLvirtual4–5 Novcloses 19 Aug
PyGeeklevirtual6–7 Sepcloses 24 Aug
EuroRustBerlin, DE and virtual13–14 Octcloses 28 Aug
Denver Dev DayDenver, CO, US20–21 Octcloses 2 Sep
Vue.js LiveLondon, UK and virtual28, 31 Octcloses 5 Sep
EmacsConfvirtual3–4 Deccloses 18 Sep
JavaLandBrühl, DE21–23 Marcloses 26 Sep
Python Web Confvirtual14–17 Marcloses 1 Oct
</figure>

Help wanted

Upcoming test days

Meetings & events

Releases

<figure class="wp-block-table">
Releaseopen bugs
F354112
F363573
F37 (pre-release)1476
Rawhide6283
</figure>

Prioritized Bugs

See the Prioritized Bugs documentation for information on the process, including how to nominate bugs.

<figure class="wp-block-table">
Bug IDComponentStatus
2079833cmakeNEW
</figure>

Fedora Linux 37

Schedule

Below are some upcoming schedule dates. See the schedule website for the full schedule.

  • 2022-08-23 — Beta freeze begins, Change complete (100% complete) deadline
  • 2022-09-13 — Current beta target date (early target date)

Changes

<figure class="wp-block-table">
StatusCount
ASSIGNED13
MODIFIED17
ON_QA22
CLOSED1
</figure>

The table below lists proposed Changes. See the ChangeSet page or Bugzilla for information on approved Changes.

<figure class="wp-block-table">
ProposalTypeStatus
Emacs 28Self-ContainedFESCo #2845
</figure>

Blockers

<figure class="wp-block-table">
Bug IDComponentBug StatusBlocker Status
2117706kde-settingsNEWAccepted(Beta)
2070823anacondaON_QAProposed(Beta)
2101229anacondaNEWProposed(Beta)
1907030dnfNEWProposed(Beta)
2107858dracutPOSTProposed(Beta)
2109145polkitASSIGNEDProposed(Beta)
2110801sddmNEWProposed(Beta)
</figure>

Fedora Linux 38

Changes

The table below lists proposed Changes. See the ChangeSet page or Bugzilla for information on approved Changes.

<figure class="wp-block-table">
ProposalTypeStatus
Add -fno-omit-frame-pointer to default compilation flagsSystem-WideFESCo #2817
</figure>

Contributing

Have something you want included? You can file an issue or submit a pull request in the fedora-pgm/pgm_communication repo.

The post Friday’s Fedora Facts: 2022-32 appeared first on Fedora Community Blog.

Next Open NeuroFedora meeting: 15 August 1300 UTC

Posted by The NeuroFedora Blog on August 11, 2022 08:44 PM
Photo by William White on Unsplash

Photo by William White on Unsplash.


Please join us at the next regular Open NeuroFedora team meeting on Monday 15 August at 1300 UTC. The meeting is a public meeting, and open for everyone to attend. You can join us over:

You can use this link to convert the meeting time to your local time. Or, you can also use this command in the terminal:

$ date --date='TZ="UTC" 1300 2022-08-15'

The meeting will be chaired by @ankursinha. The agenda for the meeting is:

We hope to see you there!

Type support: getting started with syslog-ng 4.0

Posted by Peter Czanik on August 11, 2022 10:05 AM

Version 4.0 of syslog-ng is right around the corner. It hasn’tyet been released; however, you can already try some of its features. The largest and most interesting change is type support. Right now, name-value pairs within syslog-ng are represented as text, even if the PatternDB or JSON parsers could see the actual type of the incoming data. This does not change, but starting with 4.0, syslog-ng will keep the type information, and use it correctly on the destination side. This makes your life easier, for example when you store numbers to Elasticsearch or to other type-aware storage.

From this blog, you can learn how type support makes your life easier and helps you to give it a testdrive on your own hosts: https://www.syslog-ng.com/community/b/blog/posts/type-support-getting-started-with-syslog-ng-4-0

<figure><figcaption>

syslog-ng logo

</figcaption> </figure>

The new XWAYLAND extension is available

Posted by Peter Hutterer on August 11, 2022 06:50 AM

As of xorgproto 2022.2, we have a new X11 protocol extension. First, you may rightly say "whaaaat? why add new extensions to the X protocol?" in a rather unnecessarily accusing way, followed up by "that's like adding lipstick to a dodo!". And that's not completely wrong, but nevertheless, we have a new protocol extension to the ... [checks calendar] almost 40 year old X protocol. And that extension is, ever creatively, named "XWAYLAND".

If you recall, Xwayland is a different X server than Xorg. It doesn't try to render directly to the hardware, instead it's a translation layer between the X protocol and the Wayland protocol so that X clients can continue to function on a Wayland compositor. The X application is generally unaware that it isn't running on Xorg and Xwayland (and the compositor) will do their best to accommodate for all the quirks that the application expects because it only speaks X. In a way, it's like calling a restaurant and ordering a burger because the person answering speaks American English. Without realising that you just called the local fancy French joint and now the chefs will have to make a burger for you, totally without avec.

Anyway, sometimes it is necessary for a client (or a user) to know whether the X server is indeed Xwayland. Previously, this was done through heuristics: the xisxwayland tool checks for XRandR properties, the xinput tool checks for input device names, and so on. These heuristics are just that, though, so they can become unreliable as Xwayland gets closer to emulating Xorg or things just change. And properties in general are problematic since they could be set by other clients. To solve this, we now have a new extension.

The XWAYLAND extension doesn't actually do anything, it's the bare minimum required for an extension. It just needs to exist and clients only need to XQueryExtension or check for it in XListExtensions (the equivalent to xdpyinfo | grep XWAYLAND). Hence, no support for Xlib or libxcb is planned. So of all the nightmares you've had in the last 2 years, the one of misidentifying Xwayland will soon be in the past.

Give nothing, expect nothing: GitLab’s the latest punching bag for entitled users

Posted by Joe Brockmeier on August 10, 2022 03:26 PM
What do Docker, GitLab, and Red Hat have in common? Aside from various levels of participation in open source, they've all been punching bags over the past few years for non-paying users angry that they've taken some freebies off the table. When Docker had the temerity to introduce limits for free users pulling containers from … Continue reading Give nothing, expect nothing: GitLab’s the latest punching bag for entitled users

Hibernation in Fedora Workstation

Posted by Fedora Magazine on August 10, 2022 08:07 AM

This article walks you through the manual setup for hibernation in Fedora Linux 36 Workstation using BTRFS and is based on a gist by eloylp on github.

Goal and Rationale

Hibernation stores the current runtime state of your machine – effectively the contents of your RAM, onto disk and does a clean shutdown. Upon next boot this state is restored from disk to memory such that everything, including open programs, is how you left it.

Fedora Workstation uses ZRAM. This is a sophisticated approach to swap using compression inside a portion of your RAM to avoid the slower on-disk swap files. Unfortunately this means you don’t have persistent space to move your RAM upon hibernation when powering off your machine.

How it works

The technique configures systemd and dracut to store and restore the contents of your RAM in a temporary swap file on disk. The swap file is created just before and removed right after hibernation to avoid trouble with ZRAM. A persistent swap file is not recommended in conjunction with ZRAM, as it creates some confusing problems compromising your systems stability.

A word on compatibility and expectations

Hibernation following this guide might not work flawless on your particular machine(s). Due to possible shortcomings of certain drivers you might experience glitches like non-working wifi or display after resuming from hibernation. In that case feel free to reach out to the comment section of the gist on github, or try the tips from the troubleshooting section at the bottom of this article.

The changes introduced in this article are linked to the systemd hibernation.service and hibernation.target units and hence won’t execute on their own nor interfere with your system if you don’t initiate a hibernation. That being said, if it does not work it still adds some small bloat which you might want to remove.

Hibernation in Fedora Workstation

The first step is to create a btrfs sub volume to contain the swap file.

$ btrfs subvolume create /swap

In order to calculate the size of your swap file use swapon to get the size of your zram device.

$ swapon
NAME       TYPE      SIZE USED PRIO
/dev/zram0 partition   8G   0B  100

In this example the machine has 16G of RAM and a 8G zram device. ZRAM stores roughly double the amount of system RAM compressed in a portion of your RAM. Let that sink in for a moment. This means that in total the memory of this machine can hold 8G * 2 + 8G of RAM which equals 24G uncompressed data. Create and configure the swapfile using the following commands.

$ touch /swap/swapfile
# Disable Copy On Write on the file
$ chattr +C /swap/swapfile
$ fallocate --length 24G /swap/swapfile
$ chmod 600 /swap/swapfile 
$ mkswap /swap/swapfile

Modify the dracut configuration and rebuild your initramfs to include the

resume
module, so it can later restore the state at boot.

$ cat <<-EOF | sudo tee /etc/dracut.conf.d/resume.conf
add_dracutmodules+=" resume "
EOF
$ dracut -f

In order to configure grub to tell the kernel to resume from hibernation using the swapfile, you need the UUID and the physical offset.

Use the following command to determine the UUID of the swap file and take note of it.

$ findmnt -no UUID -T /swap/swapfile
dbb0f71f-8fe9-491e-bce7-4e0e3125ecb8

Calculate the correct offset. In order to do this you’ll unfortunately need gcc and the source of the btrfs_map_physical tool, which computes the physical offset of the swapfile on disk. Invoke gcc in the directory you placed the source in and run the tool.

$ gcc -O2 -o btrfs_map_physical btrfs_map_physical.c
$ ./btrfs_map_physical /path/to/swapfile

FILE OFFSET  EXTENT TYPE  LOGICAL SIZE  LOGICAL OFFSET  PHYSICAL SIZE  DEVID  PHYSICAL OFFSET
0            regular      4096          2927632384      268435456      1      <4009762816>
4096         prealloc     268431360     2927636480      268431360      1      4009766912
268435456    prealloc     268435456     3251634176      268435456      1      4333764608
536870912    prealloc     268435456     3520069632      268435456      1      4602200064
805306368    prealloc     268435456     3788505088      268435456      1      4870635520
1073741824   prealloc     268435456     4056940544      268435456      1      5139070976
1342177280   prealloc     268435456     4325376000      268435456      1      5407506432
1610612736   prealloc     268435456     4593811456      268435456      1      5675941888

The first value in the PHYSICAL OFFSET column is the relevant one. In the above example it is 4009762816.

Take note of the pagesize you get from getconf PAGESIZE.

Calculate the kernel resume_offset through division of physical offset by the pagesize. In this example that is 4009762816 / 4096 = 978946.

Update your grub configuration file and add the resume and resume_offset kernel cmdline parameters.

grubby --args="resume=UUID=dbb0f71f-8fe9-491e-bce7-4e0e3125ecb8 resume_offset=2459934" --update-kernel=ALL

The created swapfile is only used in the hibernation stage of system shutdown and boot hence not configured in fstab. Systemd units control this behavior, so create the two units hibernate-preparation.service and hibernate-resume.service.

$ cat <<-EOF | sudo tee /etc/systemd/system/hibernate-preparation.service
[Unit]
Description=Enable swap file and disable zram before hibernate
Before=systemd-hibernate.service

[Service]
User=root
Type=oneshot
ExecStart=/bin/bash -c "/usr/sbin/swapon /swap/swapfile && /usr/sbin/swapoff /dev/zram0"

[Install]
WantedBy=systemd-hibernate.service
EOF
$ systemctl enable hibernate-preparation.service
$ cat <<-EOF | sudo tee /etc/systemd/system/hibernate-resume.service
[Unit]
Description=Disable swap after resuming from hibernation
After=hibernate.target

[Service]
User=root
Type=oneshot
ExecStart=/usr/sbin/swapoff /swap/swapfile

[Install]
WantedBy=hibernate.target
EOF
$ systemctl enable hibernate-resume.service

Systemd does memory checks on login and hibernation. In order to avoid issues when moving the memory back and forth between swapfile and zram disable some of them.

$ mkdir -p /etc/systemd/system/systemd-logind.service.d/
$ cat <<-EOF | sudo tee /etc/systemd/system/systemd-logind.service.d/override.conf
[Service]
Environment=SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK=1
EOF
$ mkdir -p /etc/systemd/system/systemd-hibernate.service.d/
$ cat <<-EOF | sudo tee /etc/systemd/system/systemd-hibernate.service.d/override.conf
[Service]
Environment=SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK=1
EOF

Reboot your machine for the changes to take effect. The following SELinux configuration won’t work if you don’t reboot first.

SELinux won’t like hibernation attempts just yet. Change that with a new policy. An easy although “brute” approach is to initiate hibernation and use the audit log of this failed attempt via audit2allow. The following command will fail, returning you to a login prompt.

systemctl hibernate

After you’ve logged in again check the audit log, compile a policy and install it. The -b option filters for audit log entries from last boot. The -M option compiles all filtered rules into a module, which is then installed using semodule -i.

$ audit2allow -b
#============= systemd_sleep_t ==============
allow systemd_sleep_t unlabeled_t:dir search;
$ cd /tmp
$ audit2allow -b -M systemd_sleep
$ semodule -i systemd_sleep.pp

Check that hibernation is working via systemctl hibernate again. After resume check that ZRAM is indeed the only active swap device.

$ swapon
NAME       TYPE      SIZE USED PRIO
/dev/zram0 partition   8G   0B  100

You now have hibernation configured.

GNOME Shell hibernation integration

You might want to add a hibernation button to the GNOME Shell “Power Off / Logout” section. Check out the extension Hibernate Status Button to do so.

Troubleshooting

A first place to troubleshoot any problems is through journalctl -b. Have a look around the end of the log, after trying to hibernate, to pin-point log entries that tell you what might be wrong.

Another source of information on errors is the Problem Reporting tool. Especially problems, that are not common but more specific to your hardware configuration. Have a look at it before and after attempting hibernation and see if something comes up. Follow up on any issues via BugZilla and see if others experience similar problems.

Revert the changes

To reverse the changes made above, follow this check-list:

  • remove the swapfile
  • remove the swap subvolume
  • remove the dracut configuration and rebuild dracut
  • remove kernel cmdline args via grubby –remove-args=
  • disable and remove hibernation preparation and resume services
  • remove systemd overrides for systemd-logind.service and systemd-hibernation.service
  • remove SELinux module via semodule -r systemd_sleep

Credits and Additional Resources

This article is a community effort based primarily on the work of eloylp. As author of this article I’d like to make transparent that I’ve participated in the discussion to advance the gist behind this but many more minds contributed to make this work. Make certain to check out the discussion on github.

There are already some ansible playbooks and shell scripts to automate the process depicted in this guide. For example check out the shell scripts by krokwen and pietryszak or the ansible playbook by jorp

See the arch wiki for the full guide on how to calculate the swapfile offset.

Building and Running the Linux Kernel Selftests on AARCH64/ Fedora

Posted by Adam Young on August 09, 2022 10:42 PM

I won’t go into checking out or building the Kernel, as that is covered elsewhere. Assuming you have a buildable Kernel, you can build the tests with:

make -C tools/testing/selftests

But you are probably going to see errors like this:

ksm_tests.c:7:10: fatal error: numa.h: No such file or directory
    7 | #include <numa.h>
      |          ^~~~~~~~
compilation terminated.

The userland test suites use several libraries and need headers to compile the tests that call those libraries. Here is the yum, line I ran to get the dependencies I needed for my system:

sudo yum install libmnl-devel fuse-devel numactl-devel libcap-ng-devel alsa-lib-devel

With those installed, the make line succeeded.

Running the test like this CRASHED THE SYSTEM. Don’t do this.

 make -C tools/testing/selftests run_tests

A more sensible test to run is the example on the Docs page:

# make -C tools/testing/selftests TARGETS=ptrace run_tests
make: Entering directory '/root/linux/tools/testing/selftests'
make --no-builtin-rules ARCH=arm64 -C ../../.. headers_install
make[1]: Entering directory '/root/linux'
  INSTALL ./usr/include
make[1]: Leaving directory '/root/linux'
make[1]: Entering directory '/root/linux/tools/testing/selftests/ptrace'
make[1]: Nothing to be done for 'all'.
make[1]: Leaving directory '/root/linux/tools/testing/selftests/ptrace'
make[1]: Entering directory '/root/linux/tools/testing/selftests/ptrace'
TAP version 13
1..3
# selftests: ptrace: get_syscall_info
# TAP version 13
# 1..1
# # Starting 1 tests from 1 test cases.
# #  RUN           global.get_syscall_info ...
# #            OK  global.get_syscall_info
# ok 1 global.get_syscall_info
# # PASSED: 1 / 1 tests passed.
# # Totals: pass:1 fail:0 xfail:0 xpass:0 skip:0 error:0
ok 1 selftests: ptrace: get_syscall_info
# selftests: ptrace: peeksiginfo
# PASS
ok 2 selftests: ptrace: peeksiginfo
# selftests: ptrace: vmaccess
# TAP version 13
# 1..2
# # Starting 2 tests from 1 test cases.
# #  RUN           global.vmaccess ...
# #            OK  global.vmaccess
# ok 1 global.vmaccess
# #  RUN           global.attach ...


# # attach: Test terminated by timeout
# #          FAIL  global.attach
# not ok 2 global.attach
# # FAILED: 1 / 2 tests passed.
# # Totals: pass:1 fail:1 xfail:0 xpass:0 skip:0 error:0
not ok 3 selftests: ptrace: vmaccess # exit=1
make[1]: Leaving directory '/root/linux/tools/testing/selftests/ptrace'
make: Leaving directory '/root/linux/tools/testing/selftests'

Next up is to write my own stub test.

Discogs

Posted by Peter Czanik on August 09, 2022 12:16 PM

Last week I became a Discogs user. Why? I have been browsing the site for years to find information on albums. Recently I also needed a solution to create an easy to access database of my CD/DVD collection. Right now I am not interested in the marketplace function of Discogs, but that might change in the long term :-)

Information overload

For many years when I searched for an album, the first few hits were from YouTube and Wikipedia. Nowadays the first few results are often from Discogs. While Wikipedia sometimes provides some interesting background information about the creation of an album, Discogs has more structured and uniform information about albums. It also lists the many variants of the same album. Even for artists where I thought that I have all albums in my collection (like Mike Oldfield), I can find albums I have never heard about before. It is also easy to see who a given artist was working with and using TIDAL I can instantly listen to some really interesting (or awful…) music right away.

My collection

I only have a few hundred CDs, but that is already more than I can remember. When I am in a CD shop, I happily buy new CDs from artists I have never heard about before, as I can be sure that I do not already have that disc. However, when it comes to Solaris, Mike Oldfield or Vangelis, I can never be sure if I already have an album. Of course I tried some DIY methods, but it was difficult to maintain the lists and they were never at hand when I really needed them.

Discogs provides an easy to use mobile application to scan bar codes on the back of CDs. This can speed up adding new items to my collection tremendously. Of course not all bar codes are in available in Discogs, but until now there was only one CD that I could not find at all. The more difficult part is when it lists dozens of disks for the same bar code: various (re)prints of the the same album from around the World. I must admit that I am lazy here and just take an educated guess… I can use the same mobile app to check my collection when away from home.

A few weeks ago I realized that I have a duplicate album, and while entering my collection into Discogs, I discovered another one. I have no plans for selling them, I already know which of my friends would be happy to receive them. But in the long term it could be interesting to buy a few CDs which are otherwise impossible to buy here in Hungary.

Discogs also gives a price estimate for most CDs. It was a kind of surprising: some of my most expensive disks are not worth too much anymore, as they were printed in large numbers. On the other hand I have a large collection of Hungarian progrock music, and the price of those is much higher than I paid for them originally.

You can find my collection at https://www.discogs.com/user/pczanik/collection. The list is constantly growing, as I am still just at less than a half of my collection. The next time I visit my favorite CD shop, Periferic Records - Stereo Kft., I will have an easier job when I see a CD from a familiar artist :-)

<figure><figcaption>

flower

</figcaption> </figure>

Fedora Linux 38 development schedule

Posted by Fedora Community Blog on August 09, 2022 08:00 AM

Fedora Linux 37 branches from Rawhide today. While there’s still a lot of work before the Fedora Linux 37 release in October, this marks the beginning of the Fedora Linux 38 development cycle. The work you do in Rawhide will be in the Fedora Linux 38 release in April.

With that in mind, here are some important milestones:

  • Wed 2022-12-21: Proposal submission deadline (Changes requiring infrastructure changes)
  • Tue 2022-12-27: Proposal submission deadline (Changes requiring mass rebuild & System-Wide Changes)
  • Tue 2023-01-17: Proposal submission deadline (Self Contained Changes)
  • Tue 2023-02-07:
    • Change Checkpoint: Completion deadline (testable)
    • Branch Fedora Linux 38 from Rawhide
  • Tue 2023-02-21:
    • Change Checkpoint: 100% Code Complete Deadline
    • Beta Freeze begins
  • Tue 2023-03-14: Beta release (early target date)
  • Tue 2023-03-21: Beta release (target date #1)
  • Tue 2023-04-04: Final Freeze begins
  • Tue 2023-04-18: Final release (early target date)
  • Tue 2023-04-25: Final release (target date #1)

Of course, the schedule is subject to change. The schedules published to fedorapeople.org are always the most up-to-date.

As always, if your team needs additions, removals, or changes, you can file a ticket in the Pagure repo.

The post Fedora Linux 38 development schedule appeared first on Fedora Community Blog.

SSH from RHEL 9 to RHEL 5 or RHEL 6

Posted by Richard W.M. Jones on August 08, 2022 09:06 AM

RHEL 9 no longer lets you ssh to RHEL ≤ 6 hosts out of the box. You can weaken security of the whole system but there’s no easy way to set security policy per remote host. Here’s how to set up ssh so it works for a RHEL 5 or RHEL 6 host:

First edit your .ssh/config file, adding an entry for the host:

Host rhel5or6-host
KexAlgorithms +diffie-hellman-group14-sha1
MACs +hmac-sha1
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa

(The lines except the first “Host” line should be indented. WordPress screws up the formatting …)

That’s not enough on its own, because RHEL 9 also maims the openssl library by disabling SHA1 support by default. To fix that, create /var/tmp/openssl.cnf with:

.include /etc/ssl/openssl.cnf
[openssl_init]
alg_section = evp_properties
[evp_properties]
rh-allow-sha1-signatures = yes

Now you can ssh to RHEL 5 or RHEL 6 hosts like this:

OPENSSL_CONF=/var/tmp/openssl.cnf ssh rhel5or6-host

Thanks Laszlo Ersek for working out most of this. Related bugs:

2064740 – RFE: Make it easier to configure LEGACY policy per service or per host

2062360 – RFE: Virt-v2v should replace hairy “enable LEGACY crypto” advice which a more targeted mechanism

آموزش نصب و پیکربندی Cilium در Kubernetes – بخش ۲

Posted by Fedora fans on August 08, 2022 06:30 AM
cilium-kubernetes-ebpf

cilium-kubernetes-ebpfدر ادامه ی سلسه مطالب نصب و پیکربندی Cilium بر روی Kubernetes، اکنون در قسمت دوم قصد داریم تا Cilium را نصب کنیم. روش نصب Cilium بستگی به نحوه ی Deploy کردن کلاستر کوبرنتیز شما دارد که با توجه به مستندات Cilium باید روش و ابزار مناسب جهت نصب Cilium را انتخاب کنید. در این مطلب می خواهیم تا با استفاده از Minikube یک Kubernetes cluster راه اندازی کنیم و سپس Cilium را روی آن نصب کنیم. بدین منظور کافیست تا دستور زیر را اجرا کنید:

minikube start --network-plugin=cni --cni=false --memory 10240 --cpus 6

نکته: برای اطلاعات بیشتر در مورد نصب Minikube می توانید مطلب « آموزش نصب Kubernetes با Minikube» را ببینید.

یک نمونه خروجی از دستور گفته شده را در تصویر پایین مشاهده می کنید:

kubernetes-clusterنصب Cilium CLI:

اکنون نیاز است تا آخرین نسخه ی Cilium CLI را نصب کنیم. با استفاده از Cilium CLI می توان Cilium را نصب کرد، وضعیت نصب Cilium را بررسی کرد و برخی ویژگی ها مانند clustermesh و Hubble را فعال و غیر فعال کرد. برای نصب Cilium CLI کافیست تا دستورهای زیر را بر روی لینوکس اجرا کنید:

CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/master/stable.txt)
CLI_ARCH=amd64
if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi

 


curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}

نصب Cilium:

بطور کلی برای نصب Cilium بر روی Kubernetes cluster می توان از دستور زیر استفاده کرد. با اجرای دستور زیر، Cilium بر روی کوبرنتیز کلاستری که در kubectl context جاری باشد نصب خواهد شد:

cilium install

بررسی نصب Cilium:

جهت بررسی صحت نصب Cilium می توان از دستور زیر استفاده کرد:

cilium status --wait

یک نمونه خروجی از دستور گفته شده را در تصویر پایین مشاهده می کنید:

cilium-statusبرای بررسی درستی کارکرد شبکه می توان از دستور زیر استفاده کرد:

cilium connectivity test

یک نمونه خروجی از دستور گفته شده را در تصویر پایین مشاهده می کنید:

cilium connectivity testبرای لیست گرفتن از Cilium agent ها می توان از دستور زیر استفاده کرد:

kubectl -n kube-system get pods -l k8s-app=cilium

اکنون با فهمیدن نام Cilium pod (یکی از Cilium pod ها) می توان وارد آن شد و دستورهای Cilium را اجرا کرد. به عنوان نمونه برای گرفتن لیست endpoint ها می توان از دستور زیر استفاده کرد:

kubectl -n kube-system exec cilium-ff8xd -- cilium endpoint list

یک نمونه خروجی از دستور گفته شده را در تصویر پایین مشاهده می کنید:

cilium endpoint listاز آنجایی که Cilium مبتنی بر eBPF است می توانیم یک لایه عمیق تر جلو برویم و به policy های مربوط به eBPF نگاه بیندازیم:

kubectl -n kube-system exec cilium-ff8xd -- cilium bpf policy get --all

یک نمونه خروجی از دستور گفته شده را در تصویر پایین مشاهده می کنید:

cilium policyنکته اینکه، شماره policy با endpoint ID که بالاتر آنها را لیست کردیم مرتبط است.

ادامه دارد …

The post آموزش نصب و پیکربندی Cilium در Kubernetes – بخش ۲ first appeared on طرفداران فدورا.

Episode 335 – Bull*&$% security ideas

Posted by Josh Bressers on August 08, 2022 12:00 AM

Josh and Kurt talk about a tweet from @kmcquade3 asking the question “What’s a concept in security that is generally accepted as true but is actually bull%$#*?” How many of the replies make sense? Most of them do. We go over some of the best replies as fast as we can.

<audio class="wp-audio-shortcode" controls="controls" id="audio-2844-2" preload="none" style="width: 100%;"><source src="https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_335_Bull_security_ideas.mp3?_=2" type="audio/mpeg">https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_335_Bull_security_ideas.mp3</audio>

Show Notes

Friday’s Fedora Facts: 2022-31

Posted by Fedora Community Blog on August 05, 2022 10:10 PM

Here’s your weekly Fedora report. Read what happened this week and what’s coming up. Your contributions are welcome (see the end of the post)!

I have weekly office hours on Wednesdays in the morning and afternoon (US/Eastern time) in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else. See the upcoming meetings for more information.

Announcements

CfPs

<figure class="wp-block-table">
ConferenceLocationDateCfP
Hardwear.io NetherlandsThe Hauge, NL24–28 Octcloses 15 Aug
SeaGLvirtual4–5 Novcloses 19 Aug
PyGeeklevirtual6–7 Sepcloses 24 Aug
EuroRustBerlin, DE and virtual13–14 Octcloses 28 Aug
Denver Dev DayDenver, CO, US20–21 Octcloses 2 Sep
Vue.js LiveLondon, UK and virtual28, 31 Octcloses 5 Sep
Python Web Confvirtual14–17 Marcloses 1 Oct
</figure>

Help wanted

Prioritized Bugs

See the Prioritized Bugs documentation for information on the process, including how to nominate bugs.

<figure class="wp-block-table">
Bug IDComponentStatus
2079833cmakeNEW
</figure>

Meetings & events

Fedora Hatches

Hatches are local, in-person events to augment Nest With Fedora. Here are the upcoming Hatch events.

<figure class="wp-block-table">
DateLocation
11 AugBrno, CZ
</figure>

Releases

<figure class="wp-block-table">
Releaseopen bugs
F354117
F363522
Rawhide7927
</figure>

Fedora Linux 37

Schedule

Below are some upcoming schedule dates. See the schedule website for the full schedule.

  • 2022-08-09 — F37 branches from Rawhide, Change complete (testable) deadline
  • 2022-08-23 — Beta freeze begins, Change complete (100% complete) deadline
  • 2022-09-13 — Current beta target date (early target date)

Changes

The table below lists proposed Changes. See the ChangeSet page or Bugzilla for information on approved Changes.

<figure class="wp-block-table">
ProposalTypeStatus
Preset All Systemd Units on First BootSelf-ContainedApproved
Public release of the Anaconda Web UI preview imageSelf-ContainedApproved
BIND 9.18Self-ContainedApproved
SELinux Parallel AutorelabelSelf-ContainedApproved
ibus-libpinyin 1.13Self-ContainedApproved
z13 as the Baseline for IBM Z HardwareSelf-ContainedApproved for F38
Haskell GHC 8.10.7 & Stackage LTS 18.28Self-ContainedApproved
Emacs 28Self-ContainedFESCo #2845
Mumble 1.4Self-ContainedApproved
</figure>

Fedora Linux 38

Changes

The table below lists proposed Changes. See the ChangeSet page or Bugzilla for information on approved Changes.

<figure class="wp-block-table">
ProposalTypeStatus
Add -fno-omit-frame-pointer to default compilation flagsSystem-WideFESCo #2817
</figure>

Contributing

Have something you want included? You can file an issue or submit a pull request in the fedora-pgm/pgm_communication repo.

The post Friday’s Fedora Facts: 2022-31 appeared first on Fedora Community Blog.

CPE Weekly Update – Week 31 2022

Posted by Fedora Community Blog on August 05, 2022 10:00 AM
featured image with CPE team's name

This is a weekly report from the CPE (Community Platform Engineering) Team. If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on libera.chat (https://libera.chat/).

Week: 1st – 5th August 2022

Highlights of the week

Infrastructure & Release Engineering

Goal of this Initiative

Purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
The ARC (which is a subset of the team) investigates possible initiatives that CPE might take on.
Link to planning board
Link to docs

Update

Fedora Infra

  • Unblocked osbuild in production, should be working now. (Uses script to keep api ip updated in the firewalls)
  • Ocp4 cluster api uses valid cert not (for webhooks/external oc)
  • Disabled systemd-oomd in some places (koji hubs in particular)
  • Barcamp at Nest on Saturday
  • Some sysadmin-main additions: Nils, Michal, Ryan

CentOS Infra including CentOS CI

  • Duffy CI is now live (so hotfixes are also coming, thanks to Nils)
  • Preparing CBS/koji upgrade to 1.29 (would unblock other RFEs on tracker)

Release Engineering

  • FTBFS bugs filed on failing to build packages
  • Containers: rawhide fixed/updating, updated f35/f36

CentOS Stream

Goal of this Initiative

This initiative is working on CentOS Stream/Emerging RHEL to make this new distribution a reality. The goal of this initiative is to prepare the ecosystem for the new CentOS Stream.

Updates

  • Meetings about and started code, to move module source from git.centos to gitlab.
  • New ISOs for CentOS Linux 7 for installation that fixes libtimezonemap (and other) issues.
  • Rewrote the errata announcement scripts for CentOS Linux 7 to use new endpoints after the decommissioning of the API search/rs/ on access.redhat.com.

EPEL

Goal of this initiative

Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).

EPEL packages are usually based on their Fedora counterparts and will never conflict with or replace packages in the base Enterprise Linux distributions. EPEL uses much of the same infrastructure as Fedora, including buildsystem, bugzilla instance, updates manager, mirror manager and more.

Updates

  • EPEL9 is up to 7127 (+141) packages from 3180 (+97) source packages
  • Prepared EPEL survey, it will be promoted on FedoraNest
  • Provided a fix to nagios-plugins-check-updates to improve distro compatibility

FMN replacement

Goal of this initiative

FMN (Fedora-Messaging-Notification) is a web application allowing users to create filters on messages sent to (currently) fedmsg and forward these as notifications on to email or IRC.
The goal of the initiative is mainly to add fedora-messaging schemas, create a new UI for a better user experience and create a new service to triage incoming messages to reduce the current message delivery lag problem. Community will profit from speedier notifications based on own preferences (IRC, Matrix, Email), unified fedora project to one message service and human-readable results in Datagrepper.
Also, CPE tech debt will be significantly reduced by dropping the maintenance of fedmsg altogether.

Updates

  • Frontend auth being developed
  • Access token and refresh token
  • Making pages require auth, if user is not authenticated, redirect to login
  • Backend auth still being developed (tests)
  • Mockups for UI – bootstrap/HTML/CSS
  • Agile ceremonies being planned

Kindest regards,
CPE Team

The post CPE Weekly Update – Week 31 2022 appeared first on Fedora Community Blog.

Untitled Post

Posted by Zach Oglesby on August 04, 2022 02:36 PM

It seems like Microsoft is killing it with the Surface lineup. I am on vacation and I have seen more Surface products than MacBooks or Dell laptops combined. This is obviously not backed up by sales data, but the experience is real if not puzzling.

PHP version 8.0.22 and 8.1.9

Posted by Remi Collet on August 04, 2022 01:05 PM

RPMs of PHP version 8.1.9 are available in remi-modular repository for Fedora ≥ 34 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...) and in remi-php81 repository for EL 7.

RPMs of PHP version 8.0.22 are available in remi-modular repository for Fedora ≥ 34 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...) and in remi-php80 repository for EL 7.

emblem-notice-24.png The modules for EL-9 are now available for x86_64 and aarch64.

emblem-notice-24.pngNo security fix this month, so no update for version 7.4.30.

emblem-important-2-24.pngPHP version 7.3 have reached its end of life and is no longer maintained by the PHP project.

These versions are also available as Software Collections in the remi-safe repository.

Version announcements:

emblem-notice-24.pngInstallation: use the Configuration Wizard and choose your version and installation mode.

Replacement of default PHP by version 8.1 installation (simplest):

dnf module reset php
dnf module enable php:remi-8.1
dnf update php\*

or, the old EL-7 way:

yum-config-manager --enable remi-php81
yum update php\*

Parallel installation of version 8.1 as Software Collection

yum install php81

Replacement of default PHP by version 8.0 installation (simplest):

dnf module reset php
dnf module enable php:remi-8.0
dnf update php\*

or, the old EL-7 way:

yum-config-manager --enable remi-php80
yum update

Parallel installation of version 8.0 as Software Collection

yum install php80

Replacement of default PHP by version 7.4 installation (simplest):

dnf module reset php
dnf module enable php:remi-7.4
dnf update php\*

or, the old EL-7 way:

yum-config-manager --enable remi-php74
yum update

Parallel installation of version 7.4 as Software Collection

yum install php74

And soon in the official updates:

emblem-important-2-24.pngTo be noticed :

  • EL-8 RPMs are build using RHEL-8.6
  • EL-7 RPMs are build using RHEL-7.9
  • EL-7 builds now use libicu69 (version 69.1)
  • EL builds now uses oniguruma5php (version 6.9.5, instead of outdated system library)
  • oci8 extension now uses Oracle Client version 21.6
  • a lot of extensions are also available, see the PHP extensions RPM status (from PECL and other sources) page

emblem-notice-24.pngInformation:

Base packages (php)

Software Collections (php74 / php80 / php81)

Kiwi TCMS 11.4

Posted by Kiwi TCMS on August 04, 2022 12:56 PM

We're happy to announce Kiwi TCMS version 11.4!

IMPORTANT: This is a medium sized release which contains security related updates, multiple improvements, database and API changes, new settings, bug fixes and new translations!

You can explore everything at https://public.tenant.kiwitcms.org!

Supported upgrade paths:

5.3   (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1            -> 6.1
6.1              -> 6.1.1
6.1.1            -> 6.2 (or newer)

---

Upstream container images (x86_64):

kiwitcms/kiwi   latest  8c8356c0268d    610MB

IMPORTANT: version tagged and multi-arch container images are available only to subscribers!

Changes since Kiwi TCMS 11.3

Security

Improvements

  • Update bleach from 5.0.0 to 5.0.1
  • Update django-colorfield from 0.6.3 to 0.7.2
  • Update django-extensions from 3.1.5 to 3.2.0
  • Update django-tree-queries from 0.9.0 to 0.11.0
  • Update jira from 3.2.0 to 3.3.1
  • Update markdown from 3.3.6 to 3.4.1
  • Update mysqlclient from 2.1.0 to 2.1.1
  • Update python-gitlab from 3.3.0 to 3.7.0
  • Update node_modules/marked from 4.0.14 to 4.0.18
  • Relax docutils requirement. Use latest version
  • Add template block which will allow logo customizations (Ivajlo Karabojkov)
  • Don't show PLUGINS menu when no plugins are installed. References Issue #2729
  • Add information about Kiwi TCMS user to 1-click bug reports. Closes Issue #2591
  • Use a better icon to signify a manual test inside the user interface
  • Change UserAdmin to be permission based instead of being role-based. Fixes Issue #2496
  • Allow post-processing of automatically created issues. Closes Issue #2383
  • Allow more customization over issue type discovery for Jira. Closes Issue #2833
  • Allow more customization over project discovery for Jira
  • Allow more customization over Redmine tracker. Closes Issue #2382
  • Allow DB settings to be read from Docker Secret files. Fixes Issue #2606
  • Add filter on TestRun page to show test executions assigned to the current user. Closes Issue #333
  • Add URL for creating new TestRun from a TestPlan. The format is /runs/from-plan/<plan-id>/. Closes Issue #274
  • Add bug.Severity attribute which is fully customizeable. Closes Issue #2703
  • Update documentation around TCMS_ environment variables used by automation plugins
  • Update documentation to denote that pytest plugin is now generally available
  • Document necessary permissions for adding new users. References Issue #2496

Database

  • New migration for bug.Severity model

Settings

API

  • If default_tester field is not specified for TestRun.create() method then use the currently logged-in user.
  • Return value for method TestExecution.filter() now contains fields expected_duration and actual_duration. Closes Issue #1924
  • Return value for method Bug.filter() now contains fields severity__name, severity__icon and severity__color

Bug fixes

  • Adjust field name when rendering test execution on TestRun page. Fixes Issue #2794
  • Render rich text editor preview via backend API:
    • Makes display on HTML pages and editor preview the same. Fixes Issue #2659
    • Fixes a bug with markdown rendered in JavaScript. Fixes Issue #2711
  • Stop propagation of HTML unescape which causes display issues with code snippets that contain XML values. Fixes Issue #2800
  • Show bug text only when creating new records, not when editing
  • Properly display & validate related form fields when editing bugs
  • Don't send duplicate emails when editing bugs. Fixes Issue #2782

Refactoring and testing

  • Convert two assignment statements to augmented source code. Closes Issue #2610 (Markus Elfring)

  • Rename method IssueTrackerType.report_issue_from_testexecution():

    • Rename to _report_issue() which returns tuple of (object, str)
    • In case new issue was not created automatically and the method falls back to manual creation the return value will be (None, str)
    • report_issue_from_testexecution() will call _report_issue() internally and handle the change in return type

    Note

    • This change is backwards compatible!
    • For customized issue tracker integration you will have to apply the same changes to your customized code if you wish new functionality, like post-processing of automatically created issues to work.
  • Add tests for backup & restore commands. Closes Issue #2695

  • Update versions of several CI tools

  • Updates around new version of pylint

  • Use codecov-action to upload coverage results

  • Remove setuptools and other workarounds in tests

  • Don't special case dependencies which already provide wheel packages

  • Workaround an issue with setuptools_git_archive introduced by jira==3.2.0

  • Workaround the fact that django-ranged-response doesn't provide wheels

  • Report test results via kiwitcms-django-plugin. Closes Issue #1757

Kiwi TCMS Enterprise v11.4-mt

  • Based on Kiwi TCMS v11.4

  • Update django-python3-ldap from 0.13.1 to 0.15.2

  • Update django-ses from 3.0.1 to 3.1.0

  • Update dj-database-url from 0.5.0 to 1.0.0

  • Add more icons for extra GitHub login backends

  • Add images for various Google login backends

    Private images:

    quay.io/kiwitcms/enterprise         11.4-mt (aarch64)       f5720d030612    03 Aug 2022     862MB
    quay.io/kiwitcms/enterprise         11.4-mt (x86_64)        8ffd5a64a4d1    03 Aug 2022     829MB
    quay.io/kiwitcms/version            11.4 (aarch64)          62207c605dcf    03 Aug 2022     639MB
    quay.io/kiwitcms/version            11.4 (x86_64)           8c8356c0268d    03 Aug 2022     610MB
    

IMPORTANT: version tagged, multi-arch and Enterprise container images are available only to subscribers!

How to upgrade

Backup first! Then execute the commands:

cd path/containing/docker-compose/
docker-compose down
docker-compose pull
docker-compose up -d
docker exec -it kiwi_web /Kiwi/manage.py upgrade

Refer to our documentation for more details!

Happy testing!

---

If you like what we're doing and how Kiwi TCMS supports various communities please help us grow!

Toolbx @ Community Central

Posted by Debarshi Ray on August 04, 2022 09:38 AM

At 15:00 UTC today, I will be talking about Toolbx on a new episode of Community Central. It will be broadcast live on BlueJeans Events (formerly Primetime) and the recording will be available on YouTube. I am looking forward to seeing some friendly faces in the audience.

<figure class="wp-block-image size-large"></figure>

Community Blog monthly summary: July 2022

Posted by Fedora Community Blog on August 04, 2022 08:00 AM
Community Blog update

This is the latest in our monthly series summarizing the past month on the Community Blog. Please leave a comment below to let me know what you think.

Stats

In July, we published 17 posts. The site had 5,500 visits from 3,548 unique viewers. 1,850 visits came from search engines, while 111 came from Twitter and 48 came from Phoronix.

The most read post last month was Fedora Linux 37 development schedule with 776 views. The most read post published last month was Nest With Fedora 2022 registration now open with 252 views.

Badges

Your content here!

The Community Blog is the place to publish community-facing updates on what you’re working on in Fedora. The process is easy, so submit early and submit often.

The post Community Blog monthly summary: July 2022 appeared first on Fedora Community Blog.

GTK[3|4] GtkScrollbar for writer documents

Posted by Caolán McNamara on August 03, 2022 04:03 PM

 

GTK4 screenshot of writer using true GtkScrollbars rather than themed Vcl ScrollBars. Long press enters gtk's usual fine control mode for scrolling.

How to find the current ChromeOS Flex image

Posted by Ville-Pekka Vainio on August 03, 2022 04:02 PM

Edit: The quick answer to the question by a reader of my blog, Julien:

The info to download Chrome OS Flex from Linux is a bit hidden, but official info and link is available here: https://support.google.com/chromeosflex/answer/11543105?hl=en#zippy=%2Chow-do-i-create-a-chromeos-flex-usb-installer-on-linux

My dad has an Acer Chromebook 14 CB3-431, codenamed Edgar. Google just stopped supporting it with ChromeOS, but it’s still working well. Luckily, Google also just released the first stable version of ChromeOS Flex.

I decided to install the full UEFI image to the Chromebook from https://mrchromebox.tech/ so that starting Flex would be as easy as possible. That went well after finding and removing the write protect screw.

But it wasn’t too easy to find the URL to download the current ChromeOS Flex installation image. Google’s Chromebook recovery extension for Chrome does not work on Linux. By reading through some reddit threads, I found out that you can get the download URLs from this json file: https://dl.google.com/dl/edgedl/chromeos/recovery/cloudready_recovery2.json So as of this writing, the current image is https://dl.google.com/dl/edgedl/chromeos/recovery/chromeos_14816.99.0_reven_recovery_stable-channel_mp-v2.bin.zip

Use dd to write the image straight to a USB stick (not to a partition) and you should be good to go. Flex installs pretty much like a regular Linux distribution and seems to work well.

Fedora 37 Beta Wallpaper Update

Posted by Madeline Peck on August 03, 2022 09:56 AM

The night and day versions for Beta release need some feedback before we choose our final version to be packaged. Please feel free to leave constructive feedback

<figure class=" sqs-block-image-figure intrinsic "> </figure>

Day Option 1 - the eco city in daylight

<figure class=" sqs-block-image-figure intrinsic "> </figure>

Day Option 2 - light streaming through the sky

<figure class=" sqs-block-image-figure intrinsic "> </figure>

Night Option 1 - stars in sky

<figure class=" sqs-block-image-figure intrinsic "> </figure>

Night Option 2 - stars and satellites moving through sky

Jess Chitas was able to test the first day option on her desktop as seen below:

<figure class=" sqs-block-image-figure intrinsic "> </figure> <figure class=" sqs-block-image-figure intrinsic "> </figure>

Part 2: How to automate graphics production with Inkscape

Posted by Máirín Duffy on August 02, 2022 11:31 PM

A couple weeks ago I recorded a 15-minute tutorial with supporting materials on how to automate graphics production in Inkscape by building a base template and automatically replacing various text strings in the file from an CSV using the Next Generator Inkscape extension from Maren Hachmann.

Based on popular demand from that tutorial, I have created a more advanced tutorial that expands upon the last one, demonstrating how to automate image replacement and changing colors via the same method. (Which, oddly, also turned out to be roughly 15-minutes long!)

You can watch it below embedded from the Fedora Design Team Linux Rocks PeerTube channel, or on YouTube. (PeerTube is open source so I prefer it!)

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="315" loading="lazy" sandbox="allow-same-origin allow-scripts allow-popups" src="https://peertube.linuxrocks.online/videos/embed/5d60fd32-5ccd-41cf-9e6e-2fe6784df132" title="Inkscape Advanced Automation Tutorial" width="560"></iframe>

As in the last tutorial, I will provide a very high-level summary of the content in the video in case you’d rather skim text and not watch a video.

Conference Talk Card Graphics

The background on this tutorial is continued from the original tutorial: for each Flock / Nest conference, we need a graphic for each talk for the online platform we use to host the virtual conference. There’s usually on the order of 50+ talks for large events like this, and that’s a lot of graphics to produce manually.

With this tutorial, you will learn how to make a template like this in Inkscape:

Graphic template showing a speaker photo in the lower left corner and a bright red background on the track name.

And a CSV file like this:

ConferenceName TalkName PresenterNames TrackNames BackgroundColor1 BackgroundColor2 AccentColor Photo
BestCon The Pandas Are Marching Beefy D. Miracle Exercise 51a2da 294172 e59728 beefy.png
Fedora Nest Why Fedora is the Best Linux Colúr and Badger The Best Things afda51 0d76c4 79db32 colur.png
BambooFest 2022 Bamboo Tastes Better with Fedora Panda Panda Life 9551da 130dc4 a07cbc panda.png
AwesomeCon The Best Talk You Ever Heard Dr. Ver E. Awesome Hyperbole da51aa e1767c db3279 badger.png

And combine them to generate one graphic per row in the CSV, like so, where the background color of the slide, the background color of the track name / speaker headshot background, and the speaker headshot image changes accordingly:

Graphic showing one of the example rows "Why Fedora is the Best Linux" with a green and blue background, a green accent color, and a hot dog picture as the speaker photo to demonstrate the technique.

As we discussed in the previous post – there are so many things you can use this technique for – even creating consistent cover images for your video channel videos 🙂 I need to point out again, that you could even use it to create awesome banners and graphics for Fedora as a member of the Fedora Design Team!! (We’d love to have you 🙂 )

The Inkscape Next Generator Extension

As in the last tutorial, the first step to creating these is to install the Next Generator extension for Inkscape created by Maren Hachmann, if you haven’t already:

  1. Grab the .inx and .py files from the top level of the repo, download them [next_gen.inx] [next_gen.py].
  2. Then go into the Edit > Preferences > System dialog in Inkscape, search for the “User Extensions” directory listing and click the “Open” icon next to it. Drag the .inx and .py files into that folder.
  3. Close all open Inkscape windows, and restart Inkscape. The new extension will be under the “Extensions” menu: Extensions > Export > Next Generator.

Creating the Template

Each header of your CSV file (in my example: ConferenceName, TalkName, PresenterNames) is a variable you can place in an Inkscape file that will serve as your template. Take a look at the example SVG template file for direction. To have the TalkName appear in your template, create a text object in Inkscape and put the following content into it:

%VAR_TalkName%

When you run the extension, the %VAR_TalkName% text will be replaced with the TalkName listed for each row of the CSV. So for the first row, %VAR_TalkName% will be replaced with the text The Pandas Are Marching for the first graphic. For the second graphic, the TalkName will be Why Fedora is the Best Linux. So on and so forth down the TalkName column per each graphic.

Extending the Template for Color Changes

For the color changes, there’s not much you have to do except decide what colors you want to change, come up for field names for them in your CSV, and pick out colors for each row of your CSV. In our example CSV, we have two colors of the background gradient that change (BackgroundColor1 and BackgroundColor2) and an accent color (AccentColor) that is used to color the conference track name background lozenge as well as the outline on the speaker headshot:

BackgroundColor1 BackgroundColor2 AccentColor
51a2da 294172 e59728
afda51 0d76c4 79db32
9551da 130dc4 a07cbc
da51aa e1767c db3279

Tip: changing only certain items of the same color

There is one trick you have to do if you have the same color you want to change in some parts of the image and to stay the same in other parts of the image.

The way color changes work in Next Generator is a simple find & replace type of mechanism. So when you tell Next Generator in Inkscape to replace anything with the color code #ff0000 (which is in the sample template and what I like to call “obnoxious red”) to some other color (let’s say #aaaa00), it will replace every single object in the file that has #ff0000 as a color to the new value, #aaaa00.

If you wanted just the conference track name background’s red to change color, but you wanted to keep the color border around the speaker’s headshot red in all of the graphics, there’s a little trick you can use to achieve this. Simply use the HSV tool in the Fill & Stroke dialog in Inkscape to tune the red item that you didn’t down just one notch, say to #fa0000, so it has a different hex value for its color code. Then, you can have anything with #ff0000 change color according to the values in your CSV, and anything #fa0000 would stay red and be unaffected by the color replacement mechanism.

Now a couple of things to note about color codes (and we review this in the troubleshooting section below):

  • Do not use # in the CSV or the JSON (more on the JSON below) for these color values.
  • Only use the first six “digits” of the hex color code. Inkscape by default includes 8; the last two are the alpha channel / opacity value for the color. (But wait, how do you use different opacity color values here then? You might be able to use an inline stylesheet that changes the fill-opacity value for the items you want transparency on, but I have not tested this yet.)

Extending the Template for Image Changes

First, you’ll want to add “filler” images to your template (do this by linking them, do not embed them when you import them into Inkscape! I don’t make this point in the video and I should have!) We used just one in our template – photo.png.

Then, similarly to how we prepped the CSV for the color changes, for the image changes you’ll need to come up for field names for any images you’d like to be swappable in your CSV, and list out the image filenames you want to use to replace those images for each row of your CSV. In our example CSV, we have just one image with a field name of “Photo”:

Photo
beefy.png
colur.png
panda.png
badger.png

Note that the images as listed in the CSV are just filenames. I recommend placing these files in the same directory as your template SVG file – you won’t have to worry about specifying specific file paths, which will make your template more portable (tar or zip it up and share!)

Building the JSON for the NextGenerator dialog

The final (and trickiest!) bit of getting this all to work is to write some JSON formatted key-value pairs for NextGenerator to understand which colors / images present in the template file map to which field names / column headers in your CSV file, so it knows what goes where.

Here is the example JSON we used:
{"BackgroundColor1":"51a2da","BackgroundColor2":"294172","AccentColor":"ff0000","Photo":"photo.png"}

Where did I come up with those color codes for the JSON? They are all picked from the template.svg file. 51a2da is the lighter blue color in the circular gradient in the background; 294172 is the darker blue towards the bottom of the gradient. ff0000 (aka obnoxious red) is the color border around the speaker headshot and the background lozenge color behind the track name.

Where did the photo.png filename come from? That’s the name of the filler image I used for the headshot placement (if you’re in Inkscape and not sure what the filename of the image you’re using is, right click, select “Image Properties” and it’s the value in the URL field that pops up in the sidebar.)

Running the Generator

Once your template is ready, you simply run the Next Generator extension by loading your CSV into it, selecting which variables (header names) you want to use in each file name, and copy pasting your JSON snippet into the dialog in the “Non-text values to replace” field:

Screenshot showing the JSON text in the NextGenerator dialog

Then hit apply and enjoy!

Troubleshooting Tips

Tips to troubleshoot color and image replacement issues

Some hard-won knowledge on how to troubleshoot color and/or image replacement not working:

  • Image names are just the filename; keep the images in the same directory as your template and you do not need to use the full file path. (This will make your templates more portable since you can then tar or zip up the directory and share it.)
  • Image names and color values and variable names in the spreadsheet do not need any ” or ‘ unless you need to escape a comma (,) character in a text field. But image names and color values and variable names do need quotes always in the JSON.
  • Color values are not preceded by the # character. It won’t work if you add it.
  • By default Inkscape gives you an 8-“digit” hex value for color codes, the last two correspond to the alpha value of the color (e.g. ff0000ff for bright red with no opacity.) You will need to remove the last two digits so you are using the base 6-“digit” hex code for the color values (that correspond to RGB colors) to remove the opacity/alpha values from the color code. Otherwise, the color replacement won’t work.
  • Check that you have all variable names in the JSON spelled and written exactly the same as in the CSV header entries except with ” in the JSON (e.g. BackgroundColor1 in the CSV is “BackgroundColor1” in the JSON)
  • Use the filename for the default image you are replacing in the template. You do not use the ObjectID or any other Inkscape-specific identifier for the image. Also, link the image instead of embedding it.

Tutorial Resources

All of the example files used in this tutorial are available here:
https://gitlab.com/fedora/design/team/tutorials/inkscape-automation

Link to the Next Generator extension:
https://gitlab.com/Moini/nextgenerator

Direct Links to download *.inx and *.py for the extension:

Have fun 🙂

Nest with Fedora 2022: Thanks to our Sponsors!

Posted by Fedora Community Blog on August 02, 2022 08:00 AM

Fedora’s annual contributor conference Nest with Fedora 2022 is occurring August 4th–6th. Even with the virtual format, we are so excited to see everyone together, so don’t forget to register! Nest with Fedora is made possible by funding from our sponsors. Their assistance brings us everything from the conference platform to promotion to swag.

A big “Thank You!” goes to our astounding sponsors for their support in bringing Fedora Friends together in 2022. Thank you Red Hat, Lenovo, AlmaLinux, openSUSE, GitLab, Datto, and Das Keyboard.

We also want to thank TuxDigital, GNOME, KDE, and Opensource.com for being our amazing media partners for this event and helping us reach a bigger audience.

The post Nest with Fedora 2022: Thanks to our Sponsors! appeared first on Fedora Community Blog.

August 2022

Posted by Weekly status of Packit Team on August 01, 2022 12:00 AM
Week 30 (July 26th–August 1st) # Packit has switched to python-specfile library for handling spec files. This may cause some issues to pop up. (packit#1588) Packit CLI can now build RPMs in mock. For more information see https://packit.dev/docs/cli/build/mock (packit#1662) When using Packit before being allowed, Packit newly links an approval issue where the self-approval can be performed. (packit-service#1596) A downstream koji-build can now be re-triggered by adding a comment containing /packit koji-build into a dist-git pull request with target branch corresponding to the branch the build should be acted upon.

Episode 334 – Leap seconds break everything

Posted by Josh Bressers on August 01, 2022 12:00 AM

Josh and Kurt talk about leap seconds. Every time there’s a leap second, things break. Facebook wants to get rid of them because they break computers, but Google found a clever way to keep leap seconds without breaking anything. Corner cases are hard, security is often just one huge corner case. There are lessons we can learn here.

<audio class="wp-audio-shortcode" controls="controls" id="audio-2837-3" preload="none" style="width: 100%;"><source src="https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_334_Leap_seconds_break_everything.mp3?_=3" type="audio/mpeg">https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_334_Leap_seconds_break_everything.mp3</audio>

Show Notes

MACCHIATObin Single Shot first impressions

Posted by Fabio Alessandro Locati on July 31, 2022 12:00 AM
I’ve played with a MACCHIATObin Single Shot board for the last month. I decided to pick this up instead of a different board because of its sheer connectivity. This board has 1x1GbE, 1x2.5GbE, and 2x10GbE, which is very rare for those kinds of boards. I was most interested in the two 10GbE due to some projects I have in mind. I was interested in installing Fedora, which proved very easy. The first time I created a bootable micro-SD card with Fedora, it worked perfectly out of the box.