Fedora People

Contribute to Fedora 39 Upgrade, Virtualization, and Cloud Test Day

Posted by Fedora Magazine on September 29, 2023 08:00 AM

Fedora test days are events where anyone can help make certain that changes in Fedora work well in an upcoming release. Fedora community members often participate, and the public is welcome at these events. If you’ve never contributed to Fedora before, this is a perfect way to get started.

There are three test days occurring in the next two weeks covering three topics:

  • Tuesday October 03, is to test the Fedora Cloud
  • Thursday October 05 , is to test the Fedora Upgrade
  • Monday October 09 , is to test Virtualization

Come and test with us to make Fedora 39 even better. Read more below on how to do it.

Fedora Cloud test day

Fedora Linux 39 is coming close to the release date and the Fedora Cloud SIG would like to get the community together to find and squash some bugs.

The test day will occur on Tuesday October 03. This event will test Fedora Cloud Base content. See the wiki page for links to the Beta Cloud Base Images. We have qcow, AMI, and ISO images ready for testing.

Upgrade test day

As we come closer to Fedora Linux 39 release dates, it’s time to test upgrades. This release has a lot of changes and it becomes essential that we test the graphical upgrade methods as well as the command line methods.

This test day will happen on Thursday, October 05. It will test upgrading from a full updated F37 and F38 to F39 for all architectures (x86_64, ARM, aarch64) and variants (WS, cloud, server, silverblue, IoT). See this wiki page for information and details.

Virtualization test day

This test day will happen on Monday, October 09 and will test all forms of virtualization possible in Fedora. The test day will focus on testing Fedora or your favorite distro inside a bare metal implementation of Fedora running Boxes, KVM, VirtualBox and whatever you have. The general features of installing the OS and working with it are outlined in the test cases which you will find on the results page.

How do test days work?

A test day is an event where anyone can help make certain that changes in Fedora work well in an upcoming release. Fedora community members often participate, and the public is welcome at these events. Test days are the perfect way to start contributing if you not in the past.

The only requirement to get started is the ability to download test materials (which include some large files) and then read and follow directions step by step.

Detailed information about all the test days are on the wiki page links provided above. If you are available on or around the days of the events, please do some testing and report your results.

PHP version 8.1.24 and 8.2.11

Posted by Remi Collet on September 29, 2023 04:44 AM

RPMs of PHP version 8.2.11 are available in remi-modular repository for Fedora ≥ 37 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...) and in remi-php82 repository for EL 7.

RPMs of PHP version 8.1.24 are available in remi-modular repository for Fedora ≥ 37 and Enterprise Linux ≥ 8 (RHEL, Alma, CentOS, Rocky...) and in remi-php81 repository for EL 7.

emblem-notice-24.png The Fedora 39, EL-8 and EL-9 packages (modules and SCL) are available for x86_64 and aarch64.

emblem-notice-24.pngNo security fix this month, so no update for version 8.0.30.

emblem-important-2-24.pngPHP version 7.4 have reached its end of life and is no longer maintained by the PHP project.

These versions are also available as Software Collections in the remi-safe repository.

Version announcements:

emblem-notice-24.pngInstallation: use the Configuration Wizard and choose your version and installation mode.

Replacement of default PHP by version 8.2 installation (simplest):

dnf module reset php
dnf module enable php:remi-8.2
dnf update php\*

or, the old EL-7 way:

yum-config-manager --enable remi-php82
yum update

Parallel installation of version 8.2 as Software Collection

yum install php82

Replacement of default PHP by version 8.1 installation (simplest):

dnf module reset php
dnf module enable php:remi-8.1
dnf update php\*

or, the old EL-7 way:

yum-config-manager --enable remi-php81
yum update php\*

Parallel installation of version 8.1 as Software Collection

yum install php81

And soon in the official updates:

emblem-important-2-24.pngTo be noticed :

  • EL-9 RPMs are built using RHEL-9.2
  • EL-8 RPMs are built using RHEL-8.8
  • EL-7 RPMs are built using RHEL-7.9
  • intl extension now uses libicu72 (version 72.1)
  • mbstring extension (EL builds) now uses oniguruma5php (version 6.9.8, instead of the outdated system library)
  • oci8 extension now uses the RPM of Oracle Instant Client version 21.11 on x86_64, 19.19 on aarch64
  • a lot of extensions are also available, see the PHP extensions RPM status (from PECL and other sources) page

emblem-notice-24.pngInformation:

Base packages (php)

Software Collections (php80 / php81 / php82)

Why is a feature not available in the syslog-ng package?

Posted by Peter Czanik on September 28, 2023 02:24 PM

You can read about many interesting syslog-ng features in my blogs. However, it can happen that when you want to try them at home, you fail because the feature is missing. How can you solve such problems? In this blog, I discuss some of the possible solutions from installing sub-packages through using unofficial repositories, to upgrading your OS.

This blog focuses on RPM packages for openSUSE / SLES, Fedora / RHEL, and FreeBSD, because these are the packages I know – I am their maintainer. However, these problems and their solutions also apply to Debian / Ubuntu, and other Linux distributions.

https://www.syslog-ng.com/community/b/blog/posts/why-is-a-feature-not-available-in-the-syslog-ng-package

<figure><figcaption>

syslog-ng logo

</figcaption> </figure>

Kubernetes Support On Fedora Linux 37

Posted by Fedora Community Blog on September 28, 2023 08:00 AM

Kubernetes v1.25 is the version available for Fedora Linux 37 from Fedora repositories. Starting with Kubernetes v1.25.12, Kubernetes developers changed the version of the go language used to compile Kubernetes from v1.19 to v1.20. Fedora 37 currently provides go language v1.19. As a result, the latest version of Kubernetes available in the Fedora repository is v1.25.11 which is several versions behind the current v1.25 release. Kubernetes v1.25.12 included an important security patch for clusters that include Windows nodes.

A Copr project (buckaroogeek/copr-k8s-1.25) is available for Kubernetes 1.25 so that updates for Kubernetes are still available for Fedora 37 users. Be aware that Kubernetes 1.25 is scheduled to reach end of life on 27 October 2023. Fedora Linux 37 will reach end of life four weeks after the F39 releas

The post Kubernetes Support On Fedora Linux 37 appeared first on Fedora Community Blog.

Announcing composefs 1.0

Posted by Alexander Larsson on September 26, 2023 01:36 PM

As of Linux 6.6-rc1, which contains the overlayfs fs-verity support, all the kernel changes that was required for composefs are upstream. This allows us to finalize the composefs image format and give guarantees of its future stability.

This means that we are happy to welcome Composefs 1.0 to the world!

The main feature of 1.0 is the stability of the file format and the library API, however, there are a few new major features in 1.0:

  • Various tweaks make the image format more efficient.
  • The library and the tools now has the ability to inspect composefs image files. This includes listing what basedir object files they refer to which makes it easy to figure out what objects are missing (and has to be downloaded).
  • The use of the built-in kernel fs-verity signature verification has been dropped on recommendation from the fs-verity maintainer. Instead we recommended to use userspace libraries to verify fs-verity digests.

For more details and download links, see the release notes.  For a short introduction to composefs, see this earlier blog entry.

There is also ongoing work in the wider community to use composefs:

Ostree 2023.6 and rpm-ostree 2023.6 together allow for end-to-end signed and validated composefs ostree deployments. The code is still marked experimental and composefs needs to be enabled manually on the host, but the feature is compiled in and available by default.

containers/storage contains initial work on supporting composefs in the overlayfs backend. Once this is finalized and used in podman, it will be possible to use the cross-image de-duplication and tamper-proofing features of composefs for all podman containers. This will lead to improved container density and security.

#freetober – Join the latest Art Challenge!

Posted by Fedora Community Blog on September 26, 2023 08:00 AM

We welcome you to join , the latest Art Challenge hosted by the Creative Freedom Summit and Fedora Design Team! If you’ve heard about or participated in #inktober, this is the same thing, but focused on the use of Free Software to create your art and designs. There are 31 prompts, one for each day of October. Check out the prompt list, brush off your tools, and share your creations!

How to Participate

  • The Art Challenge will run from October 1st through October 31st. Create art or designs inspired by the corresponding daily prompts using Free Software.
  • Use the hashtag on X (formerly Twitter), Mastodon (Fediverse), Instagram, or TikTok. We also encourage you to use the hashtags and . The Summit team will be watching these hashtags and reposting as we are able. Optionally, tag the Fedora Design or Fedora accounts on each of these platforms:
  • Post to the thread created by this post on Fedora Discussion. This requires a free Fedora account, which you can create using the Fedora Accounts system. At the end of the month, anyone who posts to this thread with a submission will receive a Fedora Badge! (Not sure what Badges are? Check out the Fedora Badges page to learn more.)
  • <figure></figure>
  • <figure></figure>
  • <figure></figure>

All submissions or contributions:

  • Must not contain material that violates or infringes another’s rights, including but not limited to privacy, publicity or intellectual property rights, or that constitutes copyright infringement. Just because a work is licensed with a Creative Commons license does not mean it is free to use (make sure you provide attribution to artists that license their work with a CC Attribution clause.)
  • May post on another artist behalf with the consent and approval of the author or creator.
  • Are thereby licensed to the public for reuse under CC BY-SA unless specifically identified as being licensed by another Fedora approved open source license.
  • No AI-generated images

Subject matter:

  • Must not contain brand names or trademarks of any kind
  • Must not contain material that is inappropriate, offensive, indecent, obscene, hateful, tortuous, defamatory, slanderous or libelous
  • No sexually explicit or provocative subject matter
  • No images of weapons or violent imagery
  • No alcohol, smoking, or drug use imagery
  • Must not contain material that promotes bigotry, racism, hatred or harm against any group or individual or promotes discrimination based on race, gender, religion, nationality, disability, sexual orientation or age
  • Must not contain material that is unlawful, in violation of or contrary to the laws or regulations in the jurisdiction where the work is created
  • No religious, political, or nationalist imagery (including flags)

Works in Progress and Self promotion:

  • Feel free to share a link to your portfolio or designs on your submissions, we are here to get to know each other and share! We request that you please do not spam the hashtags or Discussion thread with excessive self promotion. Any such posts on Discussion will be moderated.
  • We encourage you to share “works in progress” or “WIP”. Please limit the number of WIP posts to once a day so that you are not spamming the hashtag or Discussion thread. Replies to feedback with revisions are okay!

The post #freetober – Join the latest Art Challenge! appeared first on Fedora Community Blog.

Untitled Post

Posted by Zach Oglesby on September 26, 2023 04:06 AM

Finished reading: Klara and the Sun by Kazuo Ishiguro 📚

I’m not sure how I feel about this book. Interesting story, but I feel like so many things were left unanswered. I’m not sure yet if that was the intention or not. It will definitely be on my mind a bit longer and may require a reread again one day.

Error building Kernel ln: target ‘+/source’: No such file or directory

Posted by Adam Young on September 25, 2023 04:47 PM

I have battled this problem a couple times and so I am documenting the issue and solution here.
Here is the error message from make modules_install

ln: target '+/source': No such file or directory

The short solution is to watch out for stray whitespace in the Makefile

This happens when I attempt to modify the Makefile in order to revision control the Kernel. I I suspect that a build I am about to make will prevent the machine I am working on from booting, I want to keep an older build functional in order to restore the machine.

Here is the diff for my Makefile:

diff --git a/Makefile b/Makefile
index 2fdd8b40b7e0..cb747c16e33c 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: GPL-2.0
 VERSION = 6
 PATCHLEVEL = 5
-SUBLEVEL = 0
+SUBLEVEL = 5
 EXTRAVERSION =
 NAME = Hurr durr I'ma ninja sloth

When the run fails, the diff will show a stray whitespace character around the SUBLEVEL value. This value is used to generate the string the becomes part of the path where the install happens. At the top level, Kernels get installed into here:

# ls -la /usr/lib/modules/
total 20
drwxr-xr-x.  8 root root  122 Sep 25 08:15 .
dr-xr-xr-x. 34 root root 4096 Sep 18 09:51 ..
drwxr-xr-x.  8 root root 4096 May 15 19:06 5.17.5-300.fc36.aarch64
drwxr-xr-x.  8 root root 4096 Sep 18 09:53 6.2.15-100.fc36.aarch64
drwxr-xr-x.  3 root root 4096 Sep 22 10:26 6.5.0+
drwxr-xr-x.  2 root root    6 Sep 23 07:42 6.5.1
drwxr-xr-x.  2 root root    6 Sep 23 07:57 6.5.5
drwxr-xr-x.  3 root root 4096 Sep 25 08:18 6.5.5+

The source directory is a symlink underneath it:

# ls -la /usr/lib/modules/6.5.5+/source
lrwxrwxrwx. 1 root root 11 Sep 25 08:15 /usr/lib/modules/6.5.5+/source -> /root/linux

Thus by having an extra space anywhere in there, the path generation gets messed up.

Documentation of Puppet code using sphinx

Posted by Kushal Das on September 25, 2023 09:23 AM

Sphinx is the primary documentation tooling for most of my projects. I use it for the Linux command line book too. Last Friday while in a chat with Leif about documenting all of our puppet codebase, I thought of mixing these too.

Now puppet already has a tool to generate documentation from it's code, called puppet strings. We can use that to generate markdown output and then use the same in sphix for the final HTML output.

I am using https://github.com/simp/pupmod-simp-simplib as the example puppet code as it comes with good amount of reference documentation.

Install puppet strings and the dependencies

$ gem install yard puppet-strings

Then cloning puppet codebase.

$ git clone https://github.com/simp/pupmod-simp-simplib

Finally generating the initial markdown output.

$ puppet strings generate --format markdown --out simplib.md
Files                     161
Modules                   3 (3 undocumented)
Classes                   0 (0 undocumented)
Constants                 0 (0 undocumented)
Attributes                0 (0 undocumented)
Methods                   5 (0 undocumented)
Puppet Tasks              0 (0 undocumented)
Puppet Types              7 (0 undocumented)
Puppet Providers          8 (0 undocumented)
Puppet Plans              0 (0 undocumented)
Puppet Classes            2 (0 undocumented)
Puppet Data Type Aliases  73 (0 undocumented)
Puppet Defined Types      1 (0 undocumented)
Puppet Data Types         0 (0 undocumented)
Puppet Functions          68 (0 undocumented)
 98.20% documented

sphinx setup

python3 -m venv .venv
source .venv/bin/activate
python3 -m pip install sphinx myst_parser

After that create a standard sphinx project or use your existing one, and update the conf.py with the following.

extensions = ["myst_parser"]
source_suffix = {
    '.rst': 'restructuredtext',
    '.txt': 'markdown',
    '.md': 'markdown',
}

Then copy over the generated markdown from the previous step and use sed command to update the title of the document to something better.

$ sed -i '1 s/^.*$/SIMPLIB Documenation/' simplib.md

Don't forget to add the simplib.md file to your index.rst and then build the HTML documentation.

$ make html

We can still improve the markdown generated by the puppet strings command, have to figure out simpler ways to do that part.

Example output

Share your game achievements with Gamerzilla

Posted by Fedora Magazine on September 25, 2023 08:00 AM

Gamerzilla is an open source game achievement system that stores and shares your game achievements. Games use libgamerzilla to easily add achievements. The Gamerzilla library is written in C but bindings exist for other languages.

Two years ago I described how to setup a Gamerzilla server. In addition to the .net implementation, php and python implementations are available. But you probably don’t want to run your own server. Here is an introduction to a public server and the Gnome interface.

Public server

My web server now hosts an instance of Gamerzilla with public registration enabled. To create an account click on the Sign In link on the top right corner. From there click the Register link next to the Login button.

The user accounts collect very little information. Simply enter a username and password. You do not need to enter your real name or email address. As a result, forgotten password is not implemented.

Accounts start as invisible. If you want the public to see your achievements after login, click on your username on the top right of the page and select Make Visible. New users must be approved before they can upload achievements. Currently no indication appears whether you are approved or not.

Getting an achievement

Before you get your first achievement, you need to install the Gamerzilla gnome shell extension with:

sudo dnf install gnome-shell-extension

After installation you will need to logout and log back in. The extension needs to be enabled with the the following:

gnome-extensions enable gamerzilla@gamerzilla.identicalsoftware.com 

The game controller icon appears in the top bar of the gnome shell.

Click on the controller icon and select preferences. On the resulting screen enter your gamerzilla url including the trailing slash but without the ‘trophy’ destination for the UI. If using my server, the value will be ‘https://identicalsoftware.com/ ‘. Fill in your username and password. Click on save. By default Automatic Connect is enabled. If you don’t want to always connect disable this.

<figure class="wp-block-image size-full"><figcaption class="wp-element-caption">Gamerzilla Controller menu</figcaption></figure>

Unfortunately a bug prevents the shell extension from working right away. You need to logout and log back in again. Fixing this is high priority.

Currently Supported Games

Several games in the Fedora repository support Gamerzilla achievements. If you want to get one to try it out, I suggest Shippy 1984, Seahorse Adventures, or Anagramarama. Seahorse Adventures will store some progress as soon as you complete a single level. If you play Super Tux Kart, you may already have achievements. Simply starting the game will synch any previous completed achievements. Gamerzilla does not display any notification when achievements complete but games may implement it on their own.

Going Forward

Besides fixing the bug with connecting the first time, I want a local browser for achievements. That way you can view all your game achievements without forcing you to upload them.

Achievements do have negative aspects. Some people feel compelled to complete them. This can lead to negative play experience, if the achievements are very difficult. I understand this concern but some people enjoy these aspects as well. More importantly, to attract and retain players, I feel open source games need a game achievement system.

We need more games to implement Gamerzilla achievements. We need players to show their support for the system. I continue to add achievements to my games and other open source games I try out.

Week 38 in Packit

Posted by Weekly status of Packit Team on September 25, 2023 12:00 AM

Week 38 (September 19th – September 25th)

  • As part of the effort of implementing release syncing for CentOS Stream, Packit now supports the pkg_tool option in the config (at the top-level or with specific packages when using the monorepo syntax). This option can be used for switching between fedpkg or centpkg. (packit#2085)
  • When updating the Version tag during propose_downstream or pull_from_upstream, Packit now tries to update referenced macros (if any) rather than overwriting the references. (packit#2087)

Episode 394 – The lie anyone can contribute to open source

Posted by Josh Bressers on September 25, 2023 12:00 AM

Josh and Kurt talk about filing bugs for software. There’s the old saying that anyone can file bugs and submit patches for open source, but the reality is most people can’t. Filing bugs for both closed and open source is nearly impossible in many instances. Even if you want to file a bug for an open source project, there are a lot of hoops before it’s something that can be actionable.

<audio class="wp-audio-shortcode" controls="controls" id="audio-3216-1" preload="none" style="width: 100%;"><source src="https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_394_The_lie_anyone_can_contribute_to_open_source.mp3?_=1" type="audio/mpeg">https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_394_The_lie_anyone_can_contribute_to_open_source.mp3</audio>

Show Notes

Quadlets might make me finally stop using docker-compose

Posted by Major Hayden on September 25, 2023 12:00 AM
Sure, docker-compose is great, but could we get similar functionality using just the tools that are built into CoreOS? Can we get automatic updates, too? Yes we can! 📦

[Short Tip] Using a Python virtual environment in Nushell

Posted by Roland Wolters on September 23, 2023 07:01 PM
<figure class="alignright size-thumbnail"></figure>

Nushell is becoming a more and more serious shell every day. One thing missing in the past was the capability to create and use Python virtual environments.

This has changed: Nushell was added as another supported shell in the virtualenv package:

🕙(20:39:55) ~/development
❯ virtualenv ansible
created virtual environment CPython3.11.5.final.0-64 in 190ms
creator CPython3Posix(dest=/home/liquidat/development/ansible, clear=False, no_vcs_ignore=False, global=False)
seeder FromAppData(extra_search_dir=/usr/share/python-wheels,download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/home/liquidat/.local/share/virtualenv)
added seed packages: pip==22.3.1, setuptools==65.5.1, wheel==0.38.4
activators BashActivator,CShellActivator,FishActivator,NushellActivator,PowerShellActivator,PythonActivator

However, there is one catch: the source command does not work when you try to use it to switch to the new environment:

🕙(20:40:28) ~ 
❯ source ~/development/ansible/bin/activate.nu
Error: nu::parser::unexpected_keyword

  × Statement used in pipeline.
     ╭─[/home/liquidat/development/ansible/bin/activate.nu:116:1]
 116 │ export alias pydoc = python -m pydoc
 117 │ export alias deactivate = overlay hide activate
     ·                           ───┬───
     ·                              ╰── not allowed in pipeline
     ╰────
  help: 'overlay' keyword is not allowed in pipeline. Use 'overlay' by itself, outside of a pipeline.

Instead, you need to use the overlay command:

🕙(20:40:50) ~ 
❯ overlay use ~/development/ansible/bin/activate.nu
(ansible)

Afterwards, you can continue to operate in the environment like usual:

🕙(20:42:41) ~/development/ansible via 🐍 v3.11.5 (ansible) 
❯ pip install ansible
Collecting ansible
  Downloading ansible-8.4.0-py3-none-any.whl (47.4 MB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 47.4/47.4 MB 19.6 MB/s eta 0:00:00
[...]

[notice] A new release of pip available: 22.3.1 -> 23.2.1
[notice] To update, run: pip install --upgrade pip
(ansible) 
🕙(20:43:15) ~/development/ansible via 🐍 v3.11.5 (ansible) took 20s 
❯ 

Allowing keyboard capture for Remmina, Virt Manager and other software in GNOME Wayland

Posted by Izhar Firdaus on September 23, 2023 01:26 AM

One capability seems missing in Wayland compared to X11 is the ability to fully capture keyboard events, for example when using remote desktop tools or virtual machines.

Apaprently, this is implemented differently now in Wayland, where the desktop evironment need to allow application to inhibit shortcut keys. To do this in GNOME, go do Settings > Apps > $application_name and allow Inhibit shortcuts

Wayland inhibit shortcut

CPE Weekly update – Week 38 2023

Posted by Fedora Community Blog on September 22, 2023 10:00 AM

This is a weekly report from the CPE (Community Platform Engineering) Team. If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on libera.chat.

We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

Week: 18-22 September 2023

<figure class="wp-block-image size-large"></figure>

Highlights of the week

Infrastructure & Release Engineering

Goal of this Initiative

Purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
The ARC (which is a subset of the team) investigates possible initiatives that CPE might take on.
Planning board
Docs

Update

Fedora Infra

CentOS Infra including CentOS CI

Release Engineering

  • Fedora 39 Beta released

EPEL

Goal of this initiative

Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).

EPEL packages are usually based on their Fedora counterparts and will never conflict with or replace packages in the base Enterprise Linux distributions. EPEL uses much of the same infrastructure as Fedora, including buildsystem, bugzilla instance, updates manager, mirror manager and more.

Updates

The post CPE Weekly update – Week 38 2023 appeared first on Fedora Community Blog.

CPE at Flock 2023

Posted by Fedora Community Blog on September 21, 2023 08:00 AM

This year the annual Flock to Fedora conference was finally in person again. It happened in Clayton Hotel Silver Springs (Cork, Ireland) and it also offered the online streams for those who couldn’t attend in person. There was also CentOS Connect happening at the same time. As Community Platform Engineering (CPE) Team is part of those communities it was there and gave a few talks as well.

2nd August – First day of Flock

On the first day of the conference, the folks from the CPE Team were part of five sessions. We were mostly giving updates about various projects the CPE is part of. At the end of the day Aoife Moloney was hosting a Pub Quiz, which was really fun. It was great to see so many people in person again.

Fedora Websites and Apps Revamp Community Initiative Retrospective

Time (UTC): 10:00

Recording: https://www.youtube.com/watch?v=emoBQPmJdvQ

Speakers: 

  • Akashdeep Dhar (t0xic0der, gridhead)

Few words from speaker(s):

This was the first talk in the “Fedora Is For Everyone” category and was organized in the Tivoli hall. The talk went fairly well for the most part – although the last few slides had to be rushed to completion in the absence of enough time. It covered topics like the story of the Fedora Council community initiative, the outcomes and outputs from it as well as the learnings that can be derived from the endeavors. The audience had questions about the future collaboration efforts with other teams such as Cloud SIG, about the use of artificial intelligence software in generating the artworks for the slide deck and about the purpose of using of four distinct languages (i.e. English, Hindi, Bengali and Irish) in the slide deck.

More information can be found at https://apexaltruism.net/day-one-part-ii-flock-to-fedora-2023/ 

State of Community Applications and Infrastructure

Time (UTC): 11:00

Recording: https://www.youtube.com/watch?v=8b3E_A_wLXA

Speakers: 

  • Akashdeep Dhar (t0xic0der, gridhead)
  • Aoife Moloney

Few words from speaker(s):

This was the third talk under the “Fedora Leads In Linux Distribution Development” category and was organized in the Harbour 06 room. Aoife had brought along some Red Hat themed and Community Platform Engineering themed swags to distribute in the audience as we wanted to make the presentation as interactive as possible. We spoke about the apps and services the CPE team maintains and runs, and also gave  a small overview of the makeup of the team itself – where some members are based, the type of work we do and recent team accomplishments like the delivery of the new Fedora Messaging Notification service. The audience, mixed with contributors to Fedora Infrastructure and other parts of the community, actively participated in the discussions. One of the community members, Nick Bebout even remarked that the Fedora Infrastructure consists of both employed as well as volunteering contributors – and opened up for folks to participate in the community, which indeed felt like a welcome thing to do.

More information can be found at https://apexaltruism.net/day-one-part-iii-flock-to-fedora-2023/ and https://apexaltruism.net/day-one-part-iv-flock-to-fedora-2023/ 

What’s new in the land of release-monitoring.org? 2023 Edition

Time (UTC): 13:30

Recording: https://www.youtube.com/watch?v=Mxoej_qSNeE

Speakers: 

  • Michal Konečný (mkonecny, zlopez)

Few words from speaker(s):

There weren’t many people attending my talk (probably the other talks at the same time were more interesting). But the talk went well. I started with a small magic trick and continued with a story. I made part of the talk interactive as well, so the audience was having fun. I presented what happened till the last Nest and compared this with the previous year. I even got a few interesting questions at the end. I think the talk went well and I’m looking forward to creating another one for next year.

State of EPEL

Time (UTC): 15:30

Speakers: 

  • Carl George (CPE) (carlwgeorge)
  • Troy Dawson (tdawson)

Few words from speaker(s):

This is our annual “State of Fedora” given at Flock or Nest.  We say what EPEL and its community did in the past year, and what we expect in the future.  The talk was fairly well attended, possibly because of the wonderful presenters, possibly because it was the last talk of the day and there wasn’t anything else.  I think the two highlights of the talk were Troy’s stats that listed all 100+ distributions using EPEL, and Carl’s EPEL 10 section.

Fedora Pub Quiz: Flock edition

Time (UTC): 19:30

Speakers: 

  • Aoife Moloney (amoloney)
  • Stefan Mattejiet (smattejiet)

Few words from speaker(s):

It has become a yearly tradition that there is a pub quiz at Nest with Fedora, so finally, after several years of covid-restricting travel, we were able to bring the live version to Flock to Fedora in Cork, Ireland this year. And as it was the first in-person event in a while, it had to be the best one yet! I along with my colleague Stefan Mattejiet organized a quiz with a twist – attendees of the conference were invited to sign up four teams of six to take part in the quiz, and then the fun began. The four teams oriented themselves around a standing table, complete with a chalk board to name their team, and a buzzer to press. Our teams were:

  • The Saboteurs
  • Team South 
  • Team Dev-Null
  • Team Craic

Then the ‘twist’ was explained 🙂 

The quiz would have a series of questions on Fedora, general knowledge and Ireland. Teams must wait to hear the question, and then they could hit their buzzers to answer. Whoever buzzed in quickest got to answer. If they were wrong, the remaining teams could buzz in again, but as the folks around the Fedora project are pretty clued up on all things Fedora and general knowledge, we didn’t have many wrong answers. We did need to make sure each team had an ‘Irish Support Person’ for the Ireland-themed questions though, in the interest of good sportsmanship 🙂 And now for the twist: to create a more engaging and fun atmosphere for not only the contestant, but for the audience as well, we introduced the concept of a Challenge Round. The team who buzzed in and answered the question correctly then got to choose a card, face down from a deck, that had an activity challenge that the team could either choose to complete for a bonus point, or pass to another team of their choosing to try to complete. The twist on this though is that whichever team does the challenge and if they fail, that team then loses a point. Teams could also choose an audience member to complete their activity for them if they wished, which meant there was a lot more inclusivity and fun for the spectators. It was a LOT of fun! The challenges came from the game Beat That and most participants were successful, with the Friendship element of Fedora shining through the game by some teams offering the challenge round to other teams who were lagging behind on points….which was definitely not a ploy to defeat the competition thoroughly, it was most assuredly those folks just being nice…!

But there can only be one winner, and the decision came to a nail-biting finale in a tie-break question. Team South faced off with Team Craic, and the final question was ‘What is a group of Pandas called?’. Team craic were straight off the mark with their buzzer, but alas their answer was incorrect! So Team South now had a chance! Jonathan Wright of Alma Linux swore he knew it and so his team trusted his confidence and Jonathan landed the win for his team with the funniest answer I have ever heard; A group of pandas is called…an Embarrassment! 

Team South were invited to choose from a selection of silly but somewhat useful prizes such as a self-stirring mug, a hip flask, a hot-dog themed pencil case and other fun stuff. And of course our audience participants received a prize too for their participation.

The night ended in good spirits with folks tired from laughing and enjoying themselves throughout the quiz with a twist, and we cannot wait to bring the quiz back to Flock in 2024! 

3rd August – Second day of Flock

On the second day of the conference the CPE Team took part in 3 sessions. Either as part of the FESCo and Design team or presenting about Communishift.

Meet your FESCo

Time (UTC): 8:30

Recording: https://www.youtube.com/watch?v=Bc7VxNwgpfo

Speakers:

  • Kevin Fenzi (CPE) (nirik)
  • David Cantrell
  • Neal Gompa
  • Zbigniew Jędrzejewski-Szmek

Few words from speaker(s):

The panel was pretty interactive and we had some great questions and some nice answers. I hope everyone gained a better understanding of FESCo’s viewpoint and what it does.

Authorising OpenShift Hosted Projects to Community Members

Time (UTC): 11:00

Recording: https://www.youtube.com/watch?v=8bhXFv6xn3o

Speakers:

  • Lenka Segura (lenkaseg)
  • David Kirwan (saffronique)

Few words from speaker(s):

We presented an operator that we made to handle the authorization of OpenShift hosted projects to Fedora community members, and how the solution is portable to any other project. The talk was confirmed to happen in the last minute, and we opted for a lightning talk format. Although there was finally space for a discussion, since the talk happened just before lunch, there were no questions.

Design Clinic with the Community Design Team

Time (UTC): 14:30

Speakers:

  • Jess Chitas (CPE) (jesschitas)
  • Paul Power
  • Máirín Duffy
  • Emma Kidney (CPE) (ekidney)

Few words from speaker(s):

There were a few attendees. Everyone was involved in helping improve designs that were brought to us. Troy Dawson brought a character he has been creating for EPEL, which was enjoyable to help with. We also had Greg Sutcliffe from Ansible requesting icons for Ansible’s Matrix rooms – which is currently underway.

4th August – Last day of Flock

On the last day of the conference the CPE Team participated in 3 sessions. There was plenty of discussion about mentoring (one of the goals for Fedora). We also hosted a hackfest for Fedora Infrastructure, where we were talking about onboarding, mentoring and documentation.

Keynote: Fedora Mentor Summit kickoff and reflection on mentoring in Fedora community

Time (UTC): 07:30

Speakers: 

  • Amita Sharma
  • Jona Azizaj
  • Sumantro Mukherjee
  • Akashdeep Dhar (CPE) (t0xic0der, gridhead)

Few words from speaker(s):

This belonged to the Fedora Mentor Summit track and was organized in the Tivoli hall with a good strength in the audience presence. Being the second iteration of the Fedora Mentor Summit and the first iteration of the event being in person as a satellite event to Flock To Fedora 2023, this event began with a bang with Amita Sharma delivering a keynote on the importance of mentorship within the Fedora Project community. Akashdeep Dhar helped out with being the facilitating moderator for the hall and giving the opportunity for the attendees to project their questions and opinions on the matter.

Panel: Mentoring and mentorship best practices in Fedora

Time (UTC): 8:00

Speakers:

  • Amita Sharma
  • Adam Williamson
  • Jess Chitas (CPE) (jesschitas)
  • Kevin Fenzi (CPE) (nirik)
  • Máirín Duffy
  • Jona Azizaj

Moderators:

  • Akashdeep Dhar

Few words from speaker(s):

The moderator did an outstanding job asking the panel questions as well as taking them from the audience. There were a lot of great angles on mentoring and how we could improve it in Fedora. There was some thought about finding a middle ground between a formal program like outreachy and a completely informal mentoring process most of the Fedora Project community uses now. The panel shared a number of great stories from their mentoring and being mentees.

Hackfest: Infra and Releng onboarding, mentoring and documentation

Time (UTC): 10:00

Speakers:

  • Kevin Fenzi (nirik)
  • James Richardson (jrichardson)

Few words from speaker(s):

We had a large and engaging crowd before Lunch (and much less so after :). The workshop started out with a bit of history and a framework of items we wanted to discuss and then jumped right into interactive questions and discussion. We took a bunch of notes and will be writing up a plan for documentation and outstanding questions for everyone.

Epilogue

As you can see we had plenty of fun at the Flock and we will for sure be at the conference next year. Looking forward to seeing you next year!

If you want to read more about Flock 2023, see fedoraproject Flock 2023 wiki.

The post CPE at Flock 2023 appeared first on Fedora Community Blog.

Make Haste Slowly

Posted by Adam Young on September 20, 2023 08:18 PM

In the software development world, we call it technical debt.


In the Army it was “Half-assed, full-blast. Don’t know where we are going but we should have been there yesterday.”

And the solution was told to be by a guy going through officer basic with me…after a long career as an NCO in Army Special Forces.


“Make Haste Slowly.”


It is ok to “just make it work.” But have a strict enough code review process that is happy to kick back semi-functional code to get it production quality.

Think of it like an English Essay: it is ok to show your teacher a rough draft, but expect lots of Red Ink and rewriting on it.


Unit Test Everything. Automated testing will catch when your change code that breaks other code. Visual and manual testing does not count. It has to be automated or it is not sufficient. Not writing unit tests is heavy tech debt.

Finding a line of code in the Kernel from a stack trace

Posted by Adam Young on September 20, 2023 08:14 PM

To find out what line a particular stack trace entry points to, use the script ./scripts/faddr2line for example If I have the line __get_vm_area_node+0x17c/0x1a8 I can run

./scripts/faddr2line vmlinux.o __get_vm_area_node+0x17c/0x1a8
__get_vm_area_node+0x17c/0x1a8:
__get_vm_area_node at /root/linux/mm/vmalloc.c:2579 (discriminator 1)

How to rebase to Fedora Silverblue 39 Beta

Posted by Fedora Community Blog on September 20, 2023 12:17 PM

Silverblue is an operating system for your desktop built on Fedora Linux. It’s excellent for daily use, development, and container-based workflows. It offers numerous advantages such as being able to roll back in case of any problems. Let’s see the steps to upgrade to the newly released Fedora 39 Beta, and how to revert if anything unforeseen happens.

Before attempting an upgrade to the Fedora 39 Beta, apply any pending upgrades.

Updating using terminal

Because the Fedora 39 Beta is not available in GNOME Software, the whole upgrade must be done through a terminal.

First, check if the 39 branch is available, which should be true now:

$ ostree remote refs fedora

You should see the following line in the output:

fedora:fedora/39/x86_64/silverblue

If you want to pin the current deployment (this deployment will stay as option in GRUB until you remove it), you can do it by running:

# 0 is entry position in rpm-ostree status
$ sudo ostree admin pin 0

To remove the pinned deployment use following command (2 corresponds to the entry position in rpm-ostree status):

$ sudo ostree admin pin --unpin 2

Next, rebase your system to the Fedora 39 branch.

$ rpm-ostree rebase fedora:fedora/39/x86_64/silverblue

Finally, the last thing to do is restart your computer and boot to Fedora Silverblue 39 Beta.

How to revert

If anything bad happens — for instance, if you can’t boot to Fedora Silverblue 39 Beta at all — it’s easy to go back. Pick the previous entry in the GRUB boot menu (you need to press ESC during boot sequence to see the GRUB menu in newer versions of Fedora Silverblue), and your system will start in its previous state. To make this change permanent, use the following command:

$ rpm-ostree rollback

That’s it. Now you know how to rebase to Fedora Silverblue 39 Beta and back. So why not do it today?

FAQ

Because there are similar questions in comments for each blog about rebasing to newer version of Silverblue I will try to answer them in this section.

Question: Can I skip versions during rebase of Fedora? For example from Fedora 36 Silverblue to Fedora 38 Silverblue?

Answer: Although it could be sometimes possible to skip versions during rebase, it is not recommended. You should always update to one version above (37->38 for example) to avoid unnecessary errors.

Question: I have rpm-fusion layered and I got errors during rebase. How should I do the rebase?

Answer: If you have rpm-fusion layered on your Silverblue installation, you should do the following before rebase:

rpm-ostree update --uninstall rpmfusion-free-release --uninstall rpmfusion-nonfree-release --install rpmfusion-free-release --install rpmfusion-nonfree-release

After doing this you can follow the guide in this blog post.

The post How to rebase to Fedora Silverblue 39 Beta appeared first on Fedora Community Blog.

SBOM and vulnerability scanning

Posted by Kushal Das on September 20, 2023 07:26 AM

Software Bill of Materials became one of the latest buzzword. A lot of people and companies talking about it like a magical thing, if you use it then all of your security problems will be solved, just like what happened with Blockchain!!.

Though a hand full of projects (or companies building those projects) focused on the actual tooling part. Things we can use and see some useful output than blogposts/presentations with fancy graphics.

In this post we will try to see how can we use these tools today (2023/09/20).

SBOM currently comes in two major flavors, SPDX aka Software Package Data Index and CycloneDX. There are existing tooling to convert in between.

Syft

We will use syft from Anchore to generate our SBOM(s).

This tool can generate from various sources, starting from container images to Python projects, RPM/Debian dbs, Rust or Go projects.

Let us generate the SBOM for a Debian 12 VM.

$ syft /var/lib/dpkg -o spdx-json=server.spdx.json --source-name debian12 
 ✔ Indexed file system                                                                                         /var/lib/dpkg
 ✔ Cataloged packages              [395 packages]  

For for a Rust project:

$ syft /home/kdas/code/johnnycanencrypt/Cargo.lock -o spdx-json=jce.spdx.json
 ✔ Indexed file system                                                                      /home/kdas/code/johnnycanencrypt
 ✔ Cataloged packages              [203 packages]

We generated the SBOMs. Now this should solve the security issues, isn't?

SBOM joke

I found the above in Matthew Martin's timeline.

Grype

This is where Grype comes handy, it is a vulnerability scanner for container images and filesystems and works with the SBOM(s) generated by syft.

$ grype jce.spdx.json 
 ✔ Vulnerability DB                [updated]  
 ✔ Scanned for vulnerabilities     [1 vulnerability matches]  
   ├── by severity: 0 critical, 0 high, 1 medium, 0 low, 0 negligible
   └── by status:   1 fixed, 0 not-fixed, 0 ignored 
NAME  INSTALLED  FIXED-IN  TYPE        VULNERABILITY        SEVERITY 
time  0.1.45     0.2.23    rust-crate  GHSA-wcg3-cvx6-7396  Medium

And:

grype server.spdx.json 
 ✔ Vulnerability DB                [no update available]  
 ✔ Scanned for vulnerabilities     [178 vulnerability matches]  
   ├── by severity: 6 critical, 136 high, 34 medium, 2 low, 0 negligible
   └── by status:   0 fixed, 178 not-fixed, 0 ignored 
NAME     INSTALLED     FIXED-IN  TYPE  VULNERABILITY     SEVERITY 
file     1:5.44-3                      CVE-2007-1536     High      
git      1:2.39.2-1.1                  CVE-2020-5260     High      
gnupg    2.2.40-1.1                    CVE-2022-3515     Critical  
gnupg    2.2.40-1.1                    CVE-2022-34903    Medium    
gnupg    2.2.40-1.1                    CVE-2022-3219     Low       
openssl  3.0.9-1                       CVE-2023-4807     High      
openssl  3.0.9-1                       CVE-2023-3817     Medium    
openssl  3.0.9-1                       CVE-2023-2975     Medium    
openssl  3.0.9-1                       CVE-2023-1255     Medium    
perl     5.36.0-7                      CVE-2023-31486    High      
perl     5.36.0-7                      CVE-2023-31484    High      
vim      2:9.0.1378-2                  CVE-2022-3520     Critical  
vim      2:9.0.1378-2                  CVE-2022-0318     Critical  
vim      2:9.0.1378-2                  CVE-2017-6350     Critical  
vim      2:9.0.1378-2                  CVE-2017-6349     Critical  
vim      2:9.0.1378-2                  CVE-2017-5953     Critical  
vim      2:9.0.1378-2                  CVE-2023-4781     High      
vim      2:9.0.1378-2                  CVE-2023-4752     High      

<snipped>

Now it is on your team members to decide how to react to information we gather from these tools. The tools themselves will not solve the problems at hand. You have to decide the update steps and if that is at all required or not.

Also please remember, there is and will be a lot of false positives (not in Grype output yet, but other tools in the SBOM ecosystem). The projects (I am talking about in general most of the tooling in this field) are trying hard to reduce these, but not possible always to remove every such edge case.

Cockpit 301

Posted by Cockpit Project on September 20, 2023 12:00 AM

Cockpit is the modern Linux admin interface. We release regularly.

Here are the release notes from Cockpit 301:

The interface names in the current network I/O card are now clickable links which lead to the detail view of the “Networking” page.

screenshot of link to network interface details

Thanks to leomoty for this improvement!

Networking: Add support for WireGuard

The Networking page can now create and edit WireGuard VPN connections.

screenshot of add support for wireguard

screenshot of add support for wireguard

Many thanks to Subho Ghosh for adding this feature as part of his Google Summer of Code project! And thanks to Gil Obradors for his initial work.

Try it out

Cockpit 301 is available now:

Announcing Fedora Linux 39 Beta

Posted by Fedora Magazine on September 19, 2023 02:00 PM

The Fedora Project is pleased to announce the immediate availability of Fedora Linux 39 Beta, the next step towards our planned Fedora Linux 39 release at the end of October.

Get the the prerelease of any of our editions from our project website:

Or, try one of our many different desktop variants (like KDE Plasma, Xfce, or Cinnamon) from Fedora Linux Spins.

You can also update an existing system to the beta using DNF system-upgrade.

Beta release highlights

In some ways, this release might seem notable largely for what isn’t here. We’d planned to update the DNF package manager to a new, speedier version.  We also hoped to showcase a long-awaited refresh to the user interface for Anaconda, our installation program. However, we decided these things just weren’t ready in time.

Don’t let this get you down, though — this is a healthy process at work. Years ago, we didn’t always have a good way to alter course once we’d accepted a change proposal. We often found ourselves in a situation where the only reasonable way forward was to forge ahead, even if we weren’t happy enough with the change for general users. Now, even though it’s somewhat disappointing, we’re recognizing that these big changes need more time to bake, and putting them back into the oven is a good thing.

I’ve got a kid that always wants to get 100% (or higher!) in every class. I keep telling her, “Really, you learn best when you’re right 80% of the time. Otherwise, you’re not getting enough of a challenge.” To keep up with Fedora’s commitment to innovation, we also need to take risks. If everything went according to plan, that would mean we’re not trying hard enough. At the same time, our process now allows us to take these risks while still making sure the Fedora Linux OS we ship for general use is of A+ quality.

We still plan to bring you these features in the near future, and if they’re of interest to you, please keep your eyes open for upcoming test announcements.

In the meantime, enjoy the many updates across all of Fedora Linux updates, ready for you to test in this new beta.

Notable updates

Fedora Workstation 39 Beta brings us GNOME 45 (itself also in beta). For everyone who needs a free and open source desktop suite, there’s LibreOffice 7.6.

Fedora Cloud images for AWS now default to less-expensive gp3 storage volumes.

We also have an update to the GNU Toolchain (gcc 13.2, binutils 2.40, glibc 2.38, gdb 13.2). Of course, developers appreciate that we include the latest tools, but these updates also include improvements to security and performance that will benefit everyone who uses Fedora Linux.

Testing needed

Since this is a beta release, we expect that you may encounter bugs or missing features. To report issues encountered during testing, contact the Fedora Quality team via the test mailing list or in the #quality channel on Fedora Chat. As testing progresses, common issues are tracked in the “Common Issues” category on Ask Fedora.

For tips on reporting a bug effectively, read how to file a bug.

What is the beta release?

A beta release is code-complete and bears a very strong resemblance to the final release. If you take the time to download and try out the beta, you can check and make sure the things that are important to you are working. Every bug you find and report doesn’t just help you, it improves the experience of millions of Fedora Linux users worldwide! Together, we can make Fedora rock-solid. We have a culture of coordinating new features and pushing fixes upstream as much as we can. Your feedback improves not only Fedora Linux, but the Linux ecosystem and free software as a whole.

More information

For more detailed information about what’s new on the Fedora Linux 39 Beta release, you can consult the Fedora Linux 39 Change set. It contains more technical information about the new packages and improvements shipped with this release.

Sortie de Fedora Linux 39 Beta

Posted by Charles-Antoine Couret on September 19, 2023 02:00 PM

En ce mardi 19 septembre, la communauté du Projet Fedora sera ravie d'apprendre la disponibilité de la version Beta de Fedora Linux 39.

Malgré les risques concernant la stabilité d’une version Beta, il est important de la tester ! En rapportant les bogues maintenant, vous découvrirez les nouveautés avant tout le monde, tout en améliorant la qualité de Fedora Linux 39 et réduisant du même coup le risque de retard. Les versions en développement manquent de testeurs et de retours pour mener à bien leurs buts.

La version finale est pour le moment fixée pour le 17 ou 24 octobre.

Expérience utilisateur

  • Passage à GNOME 45 ;
  • La suite bureautique LibreOffice est mise à jour vers sa version 7.6 ;
  • L'interface d’installation de Fedora Workstation avec Anaconda passe à la WebUI par défaut ;
  • Le shell Bash dispose par défaut d'un prompt coloré pour le rendre plus distinct des commandes ;
  • Clap de fin par défaut pour QGnomePlatform et Adwaita-qt afin de fournir une intégration graphique des applications écrites en Qt dans un environnement GNOME ;
  • Les spins Sericea et Sway seront fournis sans X.org par défaut ;
  • Le spin de l'environnement Budgie dispose d'une variante immuable nommée Onyx ;
  • La variante Fedora Kinoite propose par défaut des mises à jour automatique de la base de son système ;
  • Le jeu d'icônes FontAwesome est proposé à la version 6.

Gestion du matériel

  • Possibilité d'installer Fedora Linux avec systemd-boot au lieu de grub comme chargeur de démarrage ;
  • Les vieux pilotes Xorg xorg-x11-drv-vesa et xorg-x11-drv-fbdev ont été supprimés ;
  • Le service régulier fwupd-refresh.timer, pour vérifier si les firmwares sont à jour, est activé par défaut pour les images IoT, CoreOS et Server ;
  • La partition ESP pour les machines EFI aura une taille minimale de 500 Mio au lieu de 200 Mio ;
  • L'image avec l'environnement LXQt est disponible pour l'architecture aarch64.

Internationalisation

  • Le correcteur orthographique Aspell n'est plus fourni, remplacé avantageusement par hunspell ou enchant2 ;
  • Mise à jour de IBus à la version 1.5.29 ;
  • Alors que IBus-anthy dispose lui de la version 1.5.15 ;
  • La police Noto devient celle par défaut pour les langues indiennes ;
  • Les polices par défaut sont gérées via des méta-paquets débutant par default-fonts ;
  • Le paquet man-pages-ru est supprimé car il fait déjà partie de man-pages-l10n ;

Administration système

  • Le module GNOME Keyring est modularisé pour être géré par systemd ;
  • Une mise à jour de l'édition Cloud qui nécessite un redémarrage entrainera un redémarrage automatique à la fin du processus ;
  • Possibilité de s'identifier avec un périphérique compatible FIDO2 pour l'authentification d'un utilisateur géré via Active Directory, FreeIPA, ou LDAP ;
  • Conversion des fichiers de configuration NetworkManager du format obsolète ifcfg vers keyfile ;
  • Les paquets tzdata fournissant les fuseaux horaires peuvent être supprimés ;
  • Suppression de awscli qui fournissait la version 1 de l'interface en ligne de commande pour les services AWS ;
  • Par défaut les dépôts modulaires ne sont plus fournis ;
  • Par ailleurs la modularité dans son ensemble est arrêtée, cela signifie que les dépôts modulaires sont voués à disparaître ;
  • L'utilitaire pam_console est supprimé ;
  • La valeur du paramètre sysctl vm.max_map_count passe de 65530 à 1048576 ;
  • Mise à jour du système de paquets RPM 4.19 ;
  • L'outil de gestion et de configuration des machines virtuelles Vagrant est proposé à la version 2.3 ;
  • Les images Fedora Linux sont proposées sur Microsoft Azure ;
  • Les images EC2 seront sans l'option standard pour le stockage ;
  • Les images EC2 utiliseront par défaut l'option gp3 pour le stockage ;
  • Ces images seront pas d'ailleurs soumises avec l'option uefi-preferred ;

Développement

  • Mise à niveau de la chaîne de compilation GNU avec GCC 13.2, Binutils 2.40, glibc 2.38 et GDB 13.2 ;
  • De même sa variante MinGW passe à GCC 13 et Binutils 2.40 ;
  • Tandis que celle du projet LLVM passe à la version 17 ;
  • Mise à jour du langage rampant Python 3.12 ;
  • Mise à jour du langage sautillant Go 1.21 ;
  • Les bibliothèques Go empaquetées dans Fedora Linux mais n'étant pas utilisées par un autre paquet sont supprimées ;
  • Mise à jour du langage reluisant Perl 5.38 ;
  • Mise à jour dans l'écosystème Haskell GHC 9.4 et Stackage LTS 21 ;
  • La bibliothèque Boost est mise à jour dans sa version 1.81 ;
  • La bibliothèque Libffi 34 va utiliser des redirections d'appels statiques et non plus dynamiques ;
  • La bibliothèque Thread Building Blocks dispose de la version 2021.8 ;
  • L'environnement de développement Free Pascal nommé Lazarus est découpé en sous-paquets.

Projet Fedora

  • Image builder est utilisé pour générer les images ISO de Fedora Workstation ;
  • Les JDKs sont générés qu'une fois, et rempaquetés ainsi à toutes les variantes du système ;
  • Les Flatpak générés par le projet Fedora sont produits sans utiliser les modules ;
  • Les images OCI pour fedora-toolbox deviennent bloquantes pour la sortie d'une nouvelle version de Fedora Linux, ces images devront donc être disponibles et suffisamment fiables ;
  • Mise à jour de createrepo_c à la version 1.0.0 ;
  • Étape 2 dans la conversion des licences des paquets vers le format SPDX ;
  • Seconde réduction des extensions des options de compilation de Python ;
  • Les images Fedora Silverblue et Kinoite utiliseront le mode unifié de rpm-ostree ;

Tester

Durant le développement d'une nouvelle version de Fedora Linux, comme cette version Beta, quasiment chaque semaine le projet propose des journées de tests. Le but est de tester pendant une journée une fonctionnalité précise comme le noyau, Fedora Silverblue, la mise à niveau, GNOME, l’internationalisation, etc. L'équipe d'assurance qualité élabore et propose une série de tests en général simples à exécuter. Suffit de les suivre et indiquer si le résultat est celui attendu. Dans le cas contraire, un rapport de bogue devra être ouvert pour permettre l'élaboration d'un correctif.

C'est très simple à suivre et requiert souvent peu de temps (15 minutes à une heure maximum) si vous avez une Beta exploitable sous la main.

Les tests à effectuer et les rapports sont à faire via la page suivante. J'annonce régulièrement sur mon blog quand une journée de tests est planifiée.

Si l'aventure vous intéresse, les images sont disponibles par Torrent ou via le site officiel.

Si vous avez déjà Fedora Linux 38 ou 37 sur votre machine, vous pouvez faire une mise à niveau vers la Beta. Cela consiste en une grosse mise à jour, vos applications et données sont préservées.

Nous vous recommandons dans les deux cas de procéder à une sauvegarde de vos données au préalable.

En cas de bogue, n'oubliez pas de relire la documentation pour signaler les anomalies sur le BugZilla ou de contribuer à la traduction sur Weblate. N'oubliez pas de consulter les bogues déjà connus pour Fedora 39.

Bons tests à tous !

Contribute at Passkey Auth, Fedora CoreOS and IoT Test Week

Posted by Fedora Magazine on September 18, 2023 08:00 AM

Fedora test days are events where anyone can help make certain that changes in Fedora Linux work well in an upcoming release. Fedora community members often participate, and the public is welcome at these events. If you’ve never contributed to Fedora Linux before, this is a perfect way to get started.

There are several test periods in the upcoming weeks.

  • Thursday 21 September and Friday 22 September, is to test Passkey Auth.
  • Sunday 24 September through Sunday 01 October, is to test Fedora IoT Edition.
  • Monday 25 September through Monday October 02, focuses on testing Fedora CoreOS .

Passkey Auth

Passwordless authentication methods to log into Linux systems became a hot topic in the past few years. Various organizations started to mandate more secure methods of authentication, including governments and regulated industries. FIDO2 tokens, and smartcards, represent two passwordless authentication methods mandated by the US government in their Zero Trust architecture.

FreeIPA, and SSSD in Fedora 39, enable the capability to log-in to a desktop or a console terminal with a FIDO2-compatible device, for centrally managed users enrolled in Active Directory. This is supported by the libfido2 library. Additionally, for FreeIPA, once the user is authenticated with the FIDO2-compatible device, a Kerberos ticket may be issued .

As a part of this changeset , we will be having test days on Thursday 21 September and Friday 22 September.  The idea is to run through test cases and submit results here.

Fedora IoT

For this test week, the focus is all-around; test all the bits that come in a Fedora IoT release as well as validate different hardware. This includes:

  • Basic installation to different media
  • Installing in a VM
  • rpm-ostree upgrades, layering, rebasing
  • Basic container manipulation with Podman.

We welcome all different types of hardware, but have a specific list of target hardware for convenience. This test week will occur Sunday 24 September through Sunday 01 October.

Fedora 39 CoreOS Test Week

The Fedora 39 CoreOS Test Week focuses on testing FCOS based on Fedora 39. The FCOS next stream is already rebased on Fedora 38 content, which will be coming soon to testing and stable. To prepare for the content being promoted to other streams the Fedora CoreOS and QA teams have organized test days from Monday, 25 September through 2 October. Refer to the wiki page for links to the test cases and materials you’ll need to participate. The FCOS and QA team will meet and communicate with the community in async over multiple matrix/element channels. The announcements will be made 48 hours prior to the start of test week. Stay tuned to official Fedora channels for more info.

How do test days work?

Test days or weeks are an event where anyone can help make certain that changes in Fedora work well in an upcoming release. Fedora community members often participate, and the public is welcome at these events. Test days are the perfect way to start contributing if you not in the past.

The only requirement to get started is the ability to download test materials (which include some large files) and then read and follow directions step by step.

Detailed information about all the test days are on the wiki page links provided above. If you are available on or around the days of the events, please do some testing and report your results.

Week 37 in Packit

Posted by Weekly status of Packit Team on September 18, 2023 12:00 AM

Week 37 (September 12th – September 18th)

  • If you have concerns about Packit uploading new archives to lookaside cache before creating a pull request, you can newly set upload_sources to False to disable this. (packit#2086)
  • We have introduced a new configuration option notifications.failure_comment.message that enables notifying users on failure via a comment using the configured message. (packit-service#2182)

Episode 393 – Can you secure something you don’t own?

Posted by Josh Bressers on September 18, 2023 12:00 AM

Josh and Kurt talk about the weird world we live in how where we can’t control a lot of our hardware. We don’t really have control over most devices we interact with on a daily basis. The conversation shifts into a question of how can we decide what to trust and where. It’s a very strange problem we experience now.

<audio class="wp-audio-shortcode" controls="controls" id="audio-3212-2" preload="none" style="width: 100%;"><source src="https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_393_Can_you_secure_something_you_dont_own.mp3?_=2" type="audio/mpeg">https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_393_Can_you_secure_something_you_dont_own.mp3</audio>

Show Notes

Use per-host SSH key pairs on AWX and Ansible Automation Controller

Posted by Fabio Alessandro Locati on September 18, 2023 12:00 AM
One of the aspects that I have always loved about Ansible is that it integrates very nicely with the rest of the system where it is running. For example, you can easily configure all the SSH configurations directly by changing the ~/.ssh/config file. I’ve seen multiple cases where the SSH configuration file needs to be tweaked. A case that comes up occasionally is an environment configured in a way that requires Ansible to use a different SSH key for each machine it manages.

Quick Fedora shirt update and sale of last stock with the old logo

Posted by Fedora Magazine on September 15, 2023 02:38 PM

There are some updates on Fedora shirts and sweatshirts.

Two years after the announcement of the current Fedora logo, we decided to clear our stock of shirts with the old logo. Soon our shirts will only be made and stocked with the new Fedora logo.

The Fedora jackets and hoodies are back again:

<figure class="wp-block-image size-large"></figure> <figure class="wp-block-image size-large"></figure>

The old Fedora polo shirts are almost out of stock, so we have a new type with black buttons:

<figure class="wp-block-image size-large"></figure>

We have improved delivery too. No more taxes and customs paperwork within the European Union, the United States and the United Kingdom.
If you have your own embroidery machine, the PES file for the Fedora embroidery is available here; for the Fedora Classic, here.

Check out the embroidered Fedora collection here and don’t forget to use the FEDORA5 coupon code, for the $5 discount on every Fedora shirt and sweatshirt.

When ordering, note that the old logo style items are labelled “Fedora Classic”.

New ARM builder for 2023, 2024... from ETES GmbH

Posted by Remi Collet on September 15, 2023 12:22 PM

Architecture

ARM 64-bit is a RISC family processor.

As an old Unix user (on 68000, PA-RISC, PowerPC...) I'm a big fan of these architectures and a bit sad by the CISC (Intel/AMD) domination.

But the wheel is turning. ARM can be fast, cheap, and use less energy. Remember they are used to power your smartphone.

Chicken or egg

Classic dilema.

For a few years, some users have started asking about aarch64 builds. But as there are few users, there are few available systems and few available software. Having more users, software or systems will allow others to grow (and price to decrease).

Raspberry Pi was a small, low-cost solution, but unsuitable for a serious builder.  Other professional solutions were too expensive for a free project.

Last year I set up an aarch64 VM (emulated on x86_64) and started producing packages.

Because this solution was terribly slow (by 50, so minutes became hours), I had to reduce the target. So only a minimal set of packages and only for EL-9, which is very frustrating for me and for the repository users.

Sponsoring

A few months ago, while I was thinking about a small fundraising for a builder, Robert Scheck contacted me on behalf of ETES GmbH to find a way to thank me, support my work, and increase my motivation. We agree on the goal of an ARM server to create a RPM builder.

And this is now a reality: I have an ARM builder, see ETES sponsert ARM-Buildsystem für Remi's RPM repository (in German with English translation).

Even if I'm used to receive Paypal donations from the repository user (for hosting budget and builder), lot of support by mirror providers, and some thanks messages such testimonial of faith is really very appreciated in a world where too many users confuse free and gratis.

The beast

  • 2.2 GHz 64-core Ampere Altra processor (based on Neoverse N1)
  • 64 GB DDR4 RAM
  • 512 GB NVMe M.2 SSD
  • two boards from ADLINK Technology

Benchmark

A simple CPU benchmark says it has the same note as my (now old) x86_64 builder.

After a quick (and very simple) installation of RHEL 9.2 for aarch64 (using a free developer subscription), and the setup of my build environment, I  was able to run some comparisons and optimizations of builds.

1. a QT application

I run a build of qelectrotech on both builder.

The build takes 4' on x86_64 and 6' on aarch64. Despite this being a quite big project, it doesn't have the benefit of multiple-core parallelism.

For memory, a RPM build has a lot of steps which are not parallelized (chroot installation, link, archive...)

So for other tests, I will build PHP extensions that I usually build various time for various targets (distributions, PHP versions)

2. A small PHP extension

I run a set of builds of the ZIP extension, a small project (2 C files) which is quite common.

On x86_64

  • 24" for a single build using -j16
  • 15" average for 2 builds using -j8
  • 12" average for 3 builds using -j5

On aarch64

  • 29" for a single build using -j64
  • 15" average for 2 builds using -j32
  • 12" average for 3 builds using -j22

As this is a very small project, again no benefit from the number of cores, but same time for both builders.

3. A big PHP extension in C

I run a set of builds of GRPC extension, among the biggest ones (~2800 source files)

On x86_64

  • 4'12" for a single build using -j16
  • 3'29" average for 2 builds using -j8
  • 3'25" average for 3 builds using -j5

On aarch64

  • 2'34" for a single build using -j64
  • 2'21" average for 2 builds using -j32
  • 2'10" average for 3 builds using -j22

Here the number of cores gives a real benefit, as the aarch64 is even faster than the x86_64 one.

4. Another big PHP extension in Rust

I run a set of builds of datadog_trace extension, a terrible project in Rust using 400MB of sources

On x86_64

  • 2'38" for a single build using -j16
  • 1'30" average for 2 builds using -j8
  • 1'12" average for 3 builds using -j5

On aarch64

  • 4'44" for a single build using -j64
  • 2'55" average for 2 builds using -j32
  • 1'38" average for 3 builds using -j22

Strangely, x86_64 is slightly faster, not real difference.

5. Conclusion

This set of tests confirms that whatever the number of available cores, it is better to run various builds simultaneously. 3 or 4 seems the good choice for me as more will require more memory (chroot are stored in a 40GB tmpfs).

This new aarch64 is really an awesome builder! It will give me much more resources to build more packages. For example, I was able to rebuild the full Software Collections of PHP 7.4 to 8.3 for EL-9 (~150 extensions, more than 1000 built RPMs) in about 10 hours.

New goals

So aarch64 is now considered a primary arch for my repository

  • x86_64 and aarch64 packages are built simultaneously
  • modules and SCLs are available
  • same set of packages
  • testing packages

For now only for Enterprise Linux 9, but other distributions soon (probably EL-8, perhaps Fedora 39)

Thanks

I want to heartily thank ETES GmbH for its public support of my work and Robert Scheck for his time on this project.

CPE Weekly update – Week 37 2023

Posted by Fedora Community Blog on September 15, 2023 10:00 AM

This is a weekly report from the CPE (Community Platform Engineering) Team. If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on libera.chat.

We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

Week: 11 September – 15 September 2023

<figure class="wp-block-image size-full">CPE Infographics</figure>

Highlights of the week

Infrastructure & Release Engineering

Goal of this Initiative

Purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
The ARC (which is a subset of the team) investigates possible initiatives that CPE might take on.
Planning board
Docs

Update

Fedora Infra

CentOS Infra including CentOS CI

Release Engineering

  • F39 beta rc-1.1 is available for testing

EPEL

Goal of this initiative

Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).

EPEL packages are usually based on their Fedora counterparts and will never conflict with or replace packages in the base Enterprise Linux distributions. EPEL uses much of the same infrastructure as Fedora, including buildsystem, bugzilla instance, updates manager, mirror manager and more.

Updates

Community Design

Goal of this initiative

CPE has few members that are working as part of Community Design Team. This team is working on anything related to design in Fedora Community.

Updates

  • Looking for feedback for F39 beta wallpaper

Matrix Native Zodbot

Goal of this initiative

With ongoing stability issues with the Matrix <-> IRC bridge and many contributors switching over to Matrix, zodbot has become increasingly unreliable. The bridge is currently shut off completely. This initiative will provide a future proof solution and allow us to conduct meetings without wasting time troubleshooting the bridge and zodbot.

Updates

  • Ticket tracker found here.
  • Zodbot is now in production
  • Meetbot is in staging & being tested in some meetings this week

The post CPE Weekly update – Week 37 2023 appeared first on Fedora Community Blog.

PHP version 8.1.24RC1 and 8.2.11RC1

Posted by Remi Collet on September 15, 2023 05:21 AM

Release Candidate versions are available in testing repository for Fedora and Enterprise Linux (RHEL / CentOS / Alma / Rocky and other clones) to allow more people to test them. They are available as Software Collections, for a parallel installation, perfect solution for such tests, and also as base packages.

RPM of PHP version 8.2.11RC1 are available

  • as base packages
    • in the remi-php82-test repository for Enterprise Linux 7
    • in the remi-modular-test for Fedora 36-38 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

RPM of PHP version 8.1.24RC1 are available

  • as base packages
    • in the remi-php81-test repository for Enterprise Linux 7
    • in the remi-modular-test for Fedora 36-38 and Enterprise Linux ≥ 8
  • as SCL in remi-test repository

emblem-notice-24.png The EL-8 and EL-9 packages (modules and SCL) are available for x86_64 and aarch64.

emblem-notice-24.pngPHP version 8.0 is now in security mode only, so no more RC will be released.

emblem-notice-24.pngInstallation : follow the wizard instructions.

Parallel installation of version 8.2 as Software Collection:

yum --enablerepo=remi-test install php82

Parallel installation of version 8.1 as Software Collection:

yum --enablerepo=remi-test install php81

Update of system version 8.2 (EL-7) :

yum --enablerepo=remi-php82,remi-php82-test update php\*

or, the modular way (Fedora and EL ≥ 8):

dnf module reset php
dnf module enable php:remi-8.2
dnf --enablerepo=remi-modular-test update php\*

Update of system version 8.1 (EL-7) :

yum --enablerepo=remi-php81,remi-php81-test update php\*

or, the modular way (Fedora and EL ≥ 8):

dnf module reset php
dnf module enable php:remi-8.1
dnf --enablerepo=remi-modular-test update php\*

emblem-notice-24.png Notice:

  • version 8.2.14RC1 is also in Fedora rawhide for QA
  • version 8.3.0RC2 is also available in the repository
  • EL-9 packages are built using RHEL-9.2
  • EL-8 packages are built using RHEL-8.8
  • EL-7 packages are built using RHEL-7.9
  • oci8 extension now uses the RPM of the Oracle Instant Client version 21.11 on x86_64 or 19.19 on aarch64
  • intl extension now uses libicu 72.1
  • RC version is usually the same as the final version (no change accepted after RC, exception for security fix).
  • versions 8.1.24 and 8.2.11 are planed for September 28th, in 2 weeks.

Software Collections (php81, php82)

Base packages (php)

Reconstructing an invalid TPM event log

Posted by Matthew Garrett on September 13, 2023 09:02 PM
TPMs contain a set of registers ("Platform Configuration Registers", or PCRs) that are used to track what a system boots. Each time a new event is measured, a cryptographic hash representing that event is passed to the TPM. The TPM appends that hash to the existing value in the PCR, hashes that, and stores the final result in the PCR. This means that while the PCR's value depends on the precise sequence and value of the hashes presented to it, the PCR value alone doesn't tell you what those individual events were. Different PCRs are used to store different event types, but there are still more events than there are PCRs so we can't avoid this problem by simply storing each event separately.

This is solved using the event log. The event log is simply a record of each event, stored in RAM. The algorithm the TPM uses to calculate the PCR values is known, so we can reproduce that by simply taking the events from the event log and replaying the series of events that were passed to the TPM. If the final calculated value is the same as the value in the PCR, we know that the event log is accurate, which means we now know the value of each individual event and can make an appropriate judgement regarding its security.

If any value in the event log is invalid, we'll calculate a different PCR value and it won't match. This isn't terribly helpful - we know that at least one entry in the event log doesn't match what was passed to the TPM, but we don't know which entry. That means we can't trust any of the events associated with that PCR. If you're trying to make a security determination based on this, that's going to be a problem.

PCR 7 is used to track information about the secure boot policy on the system. It contains measurements of whether or not secure boot is enabled, and which keys are trusted and untrusted on the system in question. This is extremely helpful if you want to verify that a system booted with secure boot enabled before allowing it to do something security or safety critical. Unfortunately, if the device gives you an event log that doesn't replay correctly for PCR 7, you now have no idea what the security state of the system is.

We ran into that this week. Examination of the event log revealed an additional event other than the expected ones - a measurement accompanied by the string "Boot Guard Measured S-CRTM". Boot Guard is an Intel feature where the CPU verifies the firmware is signed with a trusted key before executing it, and measures information about the firmware in the process. Previously I'd only encountered this as a measurement into PCR 0, which is the PCR used to track information about the firmware itself. But it turns out that at least some versions of Boot Guard also measure information about the Boot Guard policy into PCR 7. The argument for this is that this is effectively part of the secure boot policy - having a measurement of the Boot Guard state tells you whether Boot Guard was enabled, which tells you whether or not the CPU verified a signature on your firmware before running it (as I wrote before, I think Boot Guard has user-hostile default behaviour, and that enforcing this on consumer devices is a bad idea).

But there's a problem here. The event log is created by the firmware, and the Boot Guard measurements occur before the firmware is executed. So how do we get a log that represents them? That one's fairly simple - the firmware simply re-calculates the same measurements that Boot Guard did and creates a log entry after the fact[1]. All good.

Except. What if the firmware screws up the calculation and comes up with a different answer? The entry in the event log will now not match what was sent to the TPM, and replaying will fail. And without knowing what the actual value should be, there's no way to fix this, which means there's no way to verify the contents of PCR 7 and determine whether or not secure boot was enabled.

But there's still a fundamental source of truth - the measurement that was sent to the TPM in the first place. Inspired by Henri Nurmi's work on sniffing Bitlocker encryption keys, I asked a coworker if we could sniff the TPM traffic during boot. The TPM on the board in question uses SPI, a simple bus that can have multiple devices connected to it. In this case the system flash and the TPM are on the same SPI bus, which made things easier. The board had a flash header for external reprogramming of the firmware in the event of failure, and all SPI traffic was visible through that header. Attaching a logic analyser to this header made it simple to generate a record of that. The only problem was that the chip select line on the header was attached to the firmware flash chip, not the TPM. This was worked around by simply telling the analysis software that it should invert the sense of the chip select line, ignoring all traffic that was bound for the flash and paying attention to all other traffic. This worked in this case since the only other device on the bus was the TPM, but would cause problems in the event of multiple devices on the bus all communicating.

With the aid of this analyser plugin, I was able to dump all the TPM traffic and could then search for writes that included the "0182" sequence that corresponds to the command code for a measurement event. This gave me a couple of accesses to the locality 3 registers, which was a strong indication that they were coming from the CPU rather than from the firmware. One was for PCR 0, and one was for PCR 7. This corresponded to the two Boot Guard events that we expected from the event log. The hash in the PCR 0 measurement was the same as the hash in the event log, but the hash in the PCR 7 measurement differed from the hash in the event log. Replacing the event log value with the value actually sent to the TPM resulted in the event log now replaying correctly, supporting the hypothesis that the firmware was failing to correctly reconstruct the event.

What now? The simple thing to do is for us to simply hard code this fixup, but longer term we'd like to figure out how to reconstruct the event so we can calculate the expected value ourselves. Unfortunately there doesn't seem to be any public documentation on this. Sigh.

[1] What stops firmware on a system with no Boot Guard faking those measurements? TPMs have a concept of "localities", effectively different privilege levels. When Boot Guard performs its initial measurement into PCR 0, it does so at locality 3, a locality that's only available to the CPU. This causes PCR 0 to be initialised to a different initial value, affecting the final PCR value. The firmware can't access locality 3, so can't perform an equivalent measurement, so can't fake the value.

comment count unavailable comments

CPE Weekly update – Week 36 2023

Posted by Fedora Community Blog on September 13, 2023 08:21 PM

This is a weekly report from the CPE (Community Platform Engineering) Team. If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on libera.chat.

We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

Week: 4 – 8 September 2023

<figure class="wp-block-image size-large">CPE infographic</figure>

Highlights of the week

Infrastructure & Release Engineering

Goal of this Initiative

Purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
The ARC (which is a subset of the team) investigates possible initiatives that CPE might take on.
Planning board
Docs

Update

Fedora Infra

CentOS Infra including CentOS CI

Release Engineering

EPEL

Goal of this initiative

Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).

EPEL packages are usually based on their Fedora counterparts and will never conflict with or replace packages in the base Enterprise Linux distributions. EPEL uses much of the same infrastructure as Fedora, including buildsystem, bugzilla instance, updates manager, mirror manager and more.

Updates

Community Design

Goal of this initiative

CPE has few members that are working as part of Community Design Team. This team is working on anything related to design in Fedora Community.

Updates

  • Freetober has been announced, with social media posts are starting 😸 More information to come over the next few weeks. 📣
  • Continued work on Fedora podcast.
  • First cut of BlueChi logo – looking for feedback 🩵
  • Ansible Matrix icons in progress – first draft here.

The post CPE Weekly update – Week 36 2023 appeared first on Fedora Community Blog.

Mounting the AWS Elastic File Store on Fedora

Posted by Major Hayden on September 13, 2023 12:00 AM
Fedora now has the AWS Elastic File Store (EFS) mount helper available for Fedora 38 and newer releases! It chooses optimized NFS mount options for you and makes mounting and unmounting a breeze.

Untitled Post

Posted by Zach Oglesby on September 12, 2023 10:44 AM

Finished reading: Yumi and the Nightmare Painter by Brandon Sanderson

I really enjoyed this story and for the second time in the Secret Projects again the narrative form as told by everyone’s favorite Cosmere character.

📚

Next Open NeuroFedora meeting: 11 September 1300 UTC

Posted by The NeuroFedora Blog on September 11, 2023 08:53 AM
Photo by William White on Unsplash

Photo by William White on Unsplash.


Please join us at the next regular Open NeuroFedora team meeting on Monday 11 September at 1300 UTC. The meeting is a public meeting, and open for everyone to attend. You can join us over:

You can use this link to convert the meeting time to your local time. Or, you can also use this command in the terminal:

$ date --date='TZ="UTC" 1300 2023-09-11'

The meeting will be chaired by @ankursinha. The agenda for the meeting is:

We hope to see you there!

Week 36 in Packit

Posted by Weekly status of Packit Team on September 11, 2023 12:00 AM

Week 36 (September 5th – September 11th)

  • Packit now supports commit-message action that can be used to override the default commit message produced by Packit during propose-downstream or pull-from-upstream. Please pay attention to our documentation with regards to the usage of this action. (packit#2070)
  • Packit CLI now supports testing the pull-from-upstream workflow. Use the packit pull-from-upstream command from the packit RPM package. (packit#2063)
  • Packit now passes initiator context for tmt to the Testing Farm. You can use this option to run or skip certain tests when they're run by Packit. (packit-service#2176)
  • Testing Farm started additionally exposing regexes on top of the exact compose names in the /composes/ endpoints, and we now support this as well when checking the validity of compose. (packit-service#2168)
  • We have disabled the jitter for retrying Bodhi update tasks to prevent race conditions causing not created updates. (packit-service#2170)
  • We have fixed a bug in get_fork method for Pagure about checking the usernames for a match when going through existing forks. (ogr#800)

Episode 392 – Curl and the calamity of CVE

Posted by Josh Bressers on September 11, 2023 12:00 AM

Josh and Kurt talk about why CVE is making the news lately. Things are not well in the CVE program, and it’s not looking like anything will get fixed anytime soon. Josh and Kurt have a unique set of knowledge around CVE. There’s a lot of confusion and difficulty in understanding how CVE works.

<audio class="wp-audio-shortcode" controls="controls" id="audio-3208-3" preload="none" style="width: 100%;"><source src="https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_392_Curl_and_the_calamity_of_CVE.mp3?_=3" type="audio/mpeg">https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_392_Curl_and_the_calamity_of_CVE.mp3</audio>

Show Notes

Creating “Reverse WSL” For Running Windows Application On Linux Host

Posted by Izhar Firdaus on September 10, 2023 04:01 PM
<iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/L9j6-vpuSmY?si=-tmP8sotHIb3oUe0" title="YouTube video player" width="560"></iframe>

State of the linux desktop in 2023

Linux today have matured to the point where majority of activities commonly done by computer users can be achieved easily, especially considering most people are primarily using the computer to access internet applications. Even when it comes to gaming, thanks to Steam’s effort in Proton and Steam Deck, Linux is now a pretty viable platform for those who who are not playing competitive games.

People I know also have experimented with making purely non-technical people to use Linux without them knowing, with good success rate, while I myself have experimented with forcing my department staff to use Linux as their primary operating system with good success, to the point of the staff noticed that Windows is a pretty difficult platform to work with for modern day developers.

Libreoffice also is fully capable to do all common office tasks without issues, and with some training to leverage the features available in Libreoffice, the team also discovered how frustrating it can be when working with Microsoft Office especially when trying to structurally automate formatting. A simple tool you know how to use well is a magnitude better than a fancy tool that you only know how to use its basic feature. Libreoffice also opens Microsoft Office documents well with minimal issues, except for the usual missing fonts messing with documents a bit, which easily fixed by installing the fonts.

However, Microsoft Office dominance can be an annoying problem when working with clients that primarily uses Microsoft’s stack and refuses to accept or work with PDF. Microsoft Office also almost always open ODF poorly with regular corruption, while DOCX files saved by Libreoffice seems to almost always opened poorly by Microsoft Office.

Wine, while becoming a great platform to run games thanks to Proton initiative, is still quite flaky to run Office due to less community investment is put on the matter. The Wine AppDB page for Office generally reported garbage rating for Office 2016 and newer.

Windows Subsystem For Linux (WSL)

The frustration regularly faced by developers when working on Windows, and the dominance of Open Source in software development ecosystem to a degree threathened Windows, where developers preferring MacOS for their preferred desktop because of its Unix heritage and MacPorts.

In response to that , for a few years now, Windows introduced the ability to run Linux commandline seamlessly on Windows through their WSL feature which essentially runs a Linux VM on top of Windows, with seamless filesystem integration to allow access of files in the host by the guest VM. This to a degree allows developers to have access to their Linux tooling on Windows, alongside access to Microsoft Office.

WSL also shows that, with some clever virtualization tricks to integrate the host and guest, the experience of using VM can be pretty seamless to the user if done well.

Reverse WSL With QEMU, Libvirt, VirtIO & SPICE/RDP

For those who primarily use Linux as their daily driver and dealing with clients who are locked into Microsoft ecosystem (even rejecting Google Docs), the lack of Microsoft Office on Linux sometimes forces people to switch to Windows in order to get work done, which usually means a troublesome dual computer operation.

However little is known to most that Linux virtualization have also improved significantly over the past several years, where it is now possible to create a “Reverse WSL” that allows you access to Microsoft Office on your Linux desktop, complete with clipboard sharing and filesystem sharing, with near-native performance using QEMU KVM virtualization. Effectively allowing you to keep using Linux as your primary operating system, while still getting access to Microsoft Office without having to dual-boot or lugging two computers around.

This guide will help you set up your computer with a highly fine tuned VM of Windows 11, alongside customizations needed to make integration seamless between the two operating systems, so that you can get benefits of both worlds on a single unified dual operating system experience.

System Requirements

This guide assumes that you have at least 4c/8t CPU with 16GB of RAM, and you are using Fedora as the primary operating system. Any other Linux distro should work too, but this guide focuses on Fedora.

You may want to use Windows 10 Pro or Windows 11 Pro as I found RDP local cursor give a better experience compared to SPICE. RDP is only available on the Pro edition of Windows.

Setting Up The VM

You will need to install and use QEMU and Libvirt for your virtualization, as VirtIO comes with it.

$ sudo dnf install virt-manager libvirt-daemon-kvm -y
$ sudo systemctl enable --now libvirtd.service

For near-native performance, we will be using VritIO to improve both disks, network and graphics I/O, which means, the VM creation process would be slightly different.

The first step is to start up Virt Manager, and before starting with installation, you will need to enable XML editing at Edit > Preferences

Screenshot from 2023-09-10 12-04-11.png

Then, create a new VM with at least 2 cores, and 8GB of RAM (you can enable ballooning later). Make sure that you check “Customize configuration before install” option at the final step of VM creation.

Screenshot from 2023-09-10 11-58-00.png

Screenshot from 2023-09-10 12-08-43.png

Screenshot from 2023-09-10 11-58-21.png

Screenshot from 2023-09-10 11-59-07.png

At the customization page, you will need to configure the following:

  1. CPU Pinning

    Screenshot from 2023-09-10 12-09-46.png

    Replace <vcpu>2<vcpu> with:

      <vcpu placement="static" cpuset="2,3">2</vcpu>
      <cputune>
        <vcpupin vcpu="0" cpuset="2"/>
        <vcpupin vcpu="1" cpuset="3"/>
      </cputune>
    

    This will pin the 2 CPU to physical core 2 (third core) and core 3 (fourth core) of the base host, minimizing competition with the main operating system running at core 0 (first core) and core 1 (second core)

    You can view which core tied to which cpuset by running cat /proc/cpuinfo |egrep -i 'processor|core id'. From the output, processor is the cpuset id, while core id is the physical core id.

  2. Set SPICE port. Note that we keep video to QXL as VirtIO video is only supported on Linux guests.

    801899947084c122e9a703b84096614a.png

  3. Change default disk to VirtIO bus

    f2d14462bca721f419b98ea5723d5bf7.png

  4. (Optional) If you will only have 1 windows VM, you may want to use TPM passthrough.

    9e6f389d39dca4bd249aa6f634033d73.png

  5. Add VirtIO driver ISO image as another SATA CDROM. You will need it to load VirtIO driver

    3f239e940b4d6d2511a023335243b7f9.png

    You can get VirtIO driver ISO image from Fedora here: https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso

  6. Configure HyperV enlightenment.

    6ed357ee7d3192bb75be953cc34aea1b.png

    Set the configuration to:

        <hyperv mode="custom">
          <relaxed state="on"/>
          <vapic state="on"/>
          <spinlocks state="on" retries="8191"/>
          <vpindex state="on"/>
          <synic state="on"/>
          <stimer state="on"/>
          <reset state="on"/>
        </hyperv>
    
  7. Enable shared memory (this is needed later for filesystem sharing)

    24f3f26420939629495918bfd2e02a92.png

  8. Add filesystem sharing to your Home directory

5fd1a365bcbb39fd0b427b3477bf9e82.png

  1. Then click Begin Installation to start installation.

When at the disk selection you will see that there are no disk to select. This is because Windows does not carry VirtIO disk drivers by default. You will need to load the driver from the secondary CD drive.

d8e04293c14c805a42661a89dc42d1e0.png

29d87b13b54d48ad069ac9d4f7224575.png

a8ebffcfeccb3c030fe47a6c9dbb09d1.png

Then proceed the installation as you would normally

c2d6c93cb0d5b566922b9b2fb2ce6113.png

On first boot , to improve performance, disable all telemetry monitoring

1d0399064cb6020ed67cadfe5aa1db4c.png

Setting up Windows

After successful installation, you will need to then install the rest of VirtIO drivers, VirtIO guest tools, and WinFSP to further improve host-guest integration and improve user experience.

  1. Install VirtIO drivers

    40f17b3274c9463d29682d0cef383ac8.png

  2. Install VirtIO guest tools

    420e6f638b94174fcce664b1a27e74ca.png

  3. Install WinFSP & Enable VirtIO FS

    WinFSP (https://github.com/winfsp/winfsp) provide capabilities similar to FUSE on Windows, which allows mounting of userspace filesystems. It is required in order to mount VirtIO shared filesystem as a drive in Windows. Download and install it, then enable VirtIO FS by enabling the following service in the Services app.

    Screenshot from 2023-09-10 21-53-18.png

    Screenshot from 2023-09-10 21-53-41.png

    If enabled correctly, you will see that a new drive Z:\ appeared that links to the Linux host storage

    Screenshot from 2023-09-10 21-54-14.png

  4. (Optional) Then, enable RDP

    f4958f01ca425b8326bc7b15b43d36d1.png

  5. Afterwards, shutdown the VM, as we now need to switch the network to VirtIO. Open the VM properties and ensure that NIC is switch to VirtIO

    11b06bfa96cf2da6ca416feb3e132a88.png

  6. Now you can start the VM back up.

Connecting to VM

To connect to the VM, I recommend to use Remmina

$ sudo dnf install remmina remmina-plugins-spice -y

Launch Remmina, then you may want to disable the fullscreen toolbar in Remmina preferences for added seamlessness

617cece718677af769e1b922937d65e0.png

Using SPICE

SPICE is the default remote connection protocol for QEMU and is generally recommended if you just need basic capabilities.

You make sure you use QXL driver. If you are using SPICE with Virtio video driver, you may experience mouse lag on slower computers.

On Wayland on my F37, SPICE also behave weirdly after Alt+Tab when put in full screen mode, where it behave as if Alt/Ctrl is always pressed until you leave full screen.

If you face above issues, then use RDP.

To connect to SPICE, use following settings

  • Protocol: SPICE
  • Basic tab:
    • Server: localhost:5900
  • Advanced tab:
    • Preferred video codec: VP8
    • Preferred image compression: LZ4
    • Enable audio channel

ac19822843405d04f683eeff7aa173a9.png

Click Save and connect., and you now have connected to the VM and can use it.

Switch to full screen view for seamless display. You will need to set resolution to match your monitor resolution.

Optionally, for better display performance with this method of connection, launch Performance app and configure it for best performance.

e33461d312451dc99354652afe56b1b6.png

Using RDP

I recommend using RDP because it uses local cursor and suffer less mouse lag compared to SPICE. You also have better control on display peformance tweaks on the client side, however, it might not perform that well for videos.

To connect to RDP, use following settings

  • Protocol: RDP
  • Basic tab:
    • Server: IP Address of the VM
    • Username: Windows login username
    • Password: Windows login password
    • Resolution: Use client resolution
    • Network connection type: LAN
  • Advanced tab:
    • Quality: Medium/Good
    • Gateway transport type: RPC
    • FreeRDP log level: ERROR
    • Audio output mode: Local

f6a8f2992a211f8e0ce8a54c788ed975.png

Click Save and connect., and you now have connected to the VM and can use it.

Switch to full screen view for seamless display.

Optimization & Tuning

For less CPU and RAM usage, you may want to also do the following:

  • Uninstall Microsoft 365
  • Uninstall Microsoft Teams
  • Uninstall OneDrive
  • Uninstall ClipChamp
  • Uninstall Microsoft Todo
  • Uninstall Microsoft News
  • Uninstall Xbox related packages

If you are on GNOME and is used to use top right hot corner for window switching, you may also want to install Winxcorners, and set top left corner to open Task View.

I recommend setting the VM wallpaper to match your main desktop wallpaper.

Conclusion

Windows-on-Linux virtualization have improved significantly today that it is possible to run Windows VM with minimal impact on performance. Open Source RDP clients also have catched up quite well in bringing smooth integration of audio and clipboard with remote Windows connection that it become pretty seamless to use Windows applications through RDP, especially for work related applications such as Microsoft office. VirtIO FS in the other hand makes disk integration experience almost as if you are using Wine.

Using this method, one more barrier of adoption of Linux as primary operating system is solved as it is relatively seamless to work with documents in the VM, that it barely feel like Microsoft Office is running in a VM.

References

Following a code path in the Linux Kernel without a debugger

Posted by Adam Young on September 10, 2023 03:18 AM

Sometimes you don’t get to use a debugger. When do bare metal development, often it is faster to get to the root of a problem by throwing in trace statements, and seeing what path is taken through the code.

There are two main techniques I have been using to do this. The first is to print out the spot in the code using built in macros that tell the file, the name of the function, and the line number. That looks like this:

pr_info("%s %s %d", __FILE__, __func__,  __LINE);

I know it looks a little weird having some upper and some lower case in there, but that is what works.

However, Linux makes heavy use of function pointers, and you cannot use tags to jump to a function whose name you do not know. To print out the source of a function from a pointer, you can use the print formatting macros specific to the Linux Kernel. For example: I can use

printk("%ps", pmu->event_init);

In my case, that prints out:

arm_cspmu_event_init [arm_cspmu_module]

Which I could then jump to using the :tag command in vim.

Contribute at the Fedora Linux Test Week for Kernel 6.5 and Toolbx Test Day

Posted by Fedora Magazine on September 08, 2023 06:54 PM

Fedora test days are events where anyone can help make sure changes in Fedora Linux work well in an upcoming release. Fedora community members often participate, and the public is welcome at these events. If you’ve never contributed to Fedora Linux before, this is a perfect way to get started.

There are several test periods in the upcoming weeks. Here are the first two:

  • Sunday 10 Sept through Sunday 17 Sept , is to test Kernel 6.5.
  • Thursday 14 Sept focuses on testing Toolbx .

Kernel 6.5

The kernel team is working on final integration for Linux kernel 6.5. This recently released version, will arrive soon in Fedora Linux. As a result, the Fedora Linux kernel and QA teams have organized a test week from Sunday, Sept 10, 2023 to Sunday, Sept 17, 2023. This wiki page contains links to the test images you’ll need to participate. This is also going to be the release Kernel for Fedora 39 and any help testing regression for this Kernel will be very helpful.

Toolbx

Recently, Toolbx has been made a release-blocking deliverable and now has release-blocking test criteria. Given Toolbx is very popular and has a variety of usage, we would like to run a test day to ensure nothing is broken. This test day encourages people to use containers, run apps in them ; across all platforms ie
Workstation , KDE , Silverblue and CoreOS. The details are available on this wiki and results can be submitted in the events page.

How do test days work?

A test day is an event where anyone can help make sure changes in Fedora Linux work well in an upcoming release. Fedora community members often participate, and the public is welcome at these events. If you’ve never contributed before, this is a perfect way to get started.

To contribute, you only need to be able to download test materials (which include some large files) and then read and follow directions step by step.

Detailed information about all the test days is available on the wiki pages mentioned above. If you’re available on or around the days of the events, please do some testing and report your results. All the test day pages receive some final touches which complete about 24 hrs before the test day begins. We urge you to be patient about resources that are, in most cases, uploaded hours before the test day starts.

Come and test with us to make the upcoming Fedora Linux 39 even better.

Using virtiofs with libvirt/virt-install

Posted by Dusty Mabe on September 08, 2023 12:00 AM
Recently we switched our 9p filesystem usage in CoreOS Assembler to use virtiofs. This is the technology behind a lot of new lightweight container VM technology like kata-containers and libkrun, but can also be easily used with libvirt. Running as non-root using qemu:///session Currently the virtiofs integration doesn’t work as non-root via a qemu:///session connection. There is an oustanding RFE for this upstream and downstream in RHEL that can be followed for updates.

Contributing to Fedora

Posted by Christiano Anderson on September 07, 2023 06:20 PM
Fedora is the Linux distribution that I primarily utilize, as it offers a satisfactory balance between cutting-edge packages and stability. The release schedule is six-monthly, and you can expect the most recent version of the main packages, a level of innovation you can only find in one of the most up-to-date and stable operating systems. Being a data professional, I enjoy trying new software and staying abreast of the newest industry innovation.

Sending logs to OpenObserve using syslog-ng

Posted by Peter Czanik on September 06, 2023 11:52 AM

OpenObserve has an Elasticsearch compatible API for log ingestion, but syslog-ng is not mentioned in the documentation. My plan was to document how to modify the syslog-ng elasticsearch-http() destination, based on API documentation. However, as it turned out, OpenObserve has a ready to use syslog-ng configuration example in the web UI.

https://www.syslog-ng.com/community/b/blog/posts/sending-logs-to-openobserve-using-syslog-ng

<figure><figcaption>

syslog-ng logo

</figcaption> </figure>

Cockpit 300

Posted by Cockpit Project on September 06, 2023 12:00 AM

Cockpit is the modern Linux admin interface. We release regularly.

Today we celebrate the 300th release of Cockpit 🎉. This is brought to you live from a developer team gathering in the beautiful city of Nürnberg, Germany – home of world-famous visual artists like Albrecht Dürer and Garrett LeSage!

group photo

Today’s versions primarily fix bugs, as they are the final stabilization for the upcoming Red Hat Enterprise Linux releases. But we also have one nice new feature for you.

Storage: Support for growing block devices of a Stratis pool

Cockpit can now grow logical volumes that are used as block devices in a Stratis pool. Also, if a Stratis block device grows for any reason, Cockpit will notify you about this and can extend the pool to use all of it.

screenshot of support for growing block devices of a stratis pool

Try it out

Cockpit 300 is available now:

Call for volunteers: help to test us the release syncing using staging instance

Posted by Packit Team on September 05, 2023 12:46 PM

In the upcoming months, we plan to migrate our service to a new cluster. However, this may affect propose_downstream and pull_from_upstream jobs due to the new firewall rules. The problematic aspects could be:

  • commands you run in your actions during syncing the release involving interactions with external servers
  • downloading your sources from various hosting services (crates.io, npm, gems, etc.)

To smoothen this transition, we kindly encourage you to enable one of these jobs on our already migrated staging instance. This recommendation is particularly important if you belong to one of the groups affected by the two previous points. This proactive step will help us identify and address any issues promptly.

Both instances can be run at the same time and the behaviour can be configured via the packit_instances configuration key, which is by default set to ["prod"]. Picking just one instance is required only for koji_build and bodhi_update jobs since both instances work with the production instances of Fedora systems. To avoid too much noise in your dist-git PRs, you may enable the pull_from_upstream/propose_downstream job for only one target, resulting in only one additional PR created.

Here's how you can enable one of the jobs on the staging instance:

  • pull-from-upstream: The only thing needed is to duplicate the job in your Packit config using packit_instances configuration option. Example:
- job: pull_from_upstream
trigger: release
packit_instances: ["stg"]
dist_git_branches:
- fedora-rawhide
  • propose-downstream: For this job, you first need to enable our staging Github app (you should be already automatically approved if you had been previously approved for production instance). After that, similarly to pull-from-upstream, you only need to duplicate the job in your Packit config using packit_instances. Example:
- job: propose_downstream
trigger: release
packit_instances: ["stg"]
dist_git_branches:
- fedora-rawhide
info

When merging the PRs created by Packit, please don't forget to merge the PRs created by the production instance if you have a follow-up koji_build job enabled to ensure your builds will not be skipped (or you can allow builds for staging instance as well, see allowed_pr_authors)).

We would be happy if you could then report any problems to us. We appreciate your collaboration in ensuring a seamless migration. Your Packit team!

Community Blog monthly summary: August 2023

Posted by Fedora Community Blog on September 05, 2023 08:00 AM

This is the latest in our monthly series summarizing the past month on the Community Blog. Please leave a comment below to let us know what you think.

Stats

In August, we published seven posts. The site had 3,172 visits from 2,175 unique viewers. 163 visits came from search engines, while 4 came from Fedora Discussion, and 2 came from Reddit.

The most read post last month was “Fedora Linux 39 development schedule” with 579 views. The most read post published last month was “Job posting: Fedora Operations Architect” with 217 views.

Badges

No new badges awarded this month. Why don’t you submit an article and earn one?

Your content here!

The Community Blog is the place to publish community-facing updates on what you’re working on in Fedora. The process is easy, so submit early and submit often.

The post Community Blog monthly summary: August 2023 appeared first on Fedora Community Blog.

CPE Weekly update – Week 35 2023

Posted by Fedora Community Blog on September 04, 2023 12:43 PM

This is a weekly report from the CPE (Community Platform Engineering) Team. If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on libera.chat.

We provide you both infographic and text version of the weekly report. If you just want to quickly look at what we did, just look at the infographic. If you are interested in more in depth details look below the infographic.

Week: 28 August – 01 September 2023

<figure class="wp-block-image size-full">CPE Infographic</figure>

Highlights of the week

Infrastructure & Release Engineering

Goal of this Initiative

Purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
The ARC (which is a subset of the team) investigates possible initiatives that CPE might take on.
Planning board
Docs

Update

Fedora Infra

  • Zabbix agent being added to various playbooks
  • Update the SLE for services
  • [Fedora Badges] Foundations for testing backend server are being laid
  • [Fedora Badges] Interactions for accolades are about to be completed

CentOS Infra including CentOS CI

  • New public mirror in Serbia
  • Investigation finished: export moin wiki pages to static content
  • Migrating sponsored server to new DC
  • New koji tags for Cloud SIG
  • Migrated main mirror ref on rhel9 (from centos 7)
  • warranty/capex discussions
    • Related : decommissioning (very) old IBM servers in RDU2c
  • Stream infra
    • Enabled ELN mirrors for brew/stream infra (c10s bootstrap)
    • Enabled gitlab-runner for koji automated operations (ansible)
    • Finished converting remaining centos stream 8 to RHEL 8
    • Updated robosignatory to latest released and fixed role
    • Updated koji env for cs10 bootstrap using different mock settings (starting from fedora 40)

Release Engineering

EPEL

Goal of this initiative

Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).

EPEL packages are usually based on their Fedora counterparts and will never conflict with or replace packages in the base Enterprise Linux distributions. EPEL uses much of the same infrastructure as Fedora, including buildsystem, bugzilla instance, updates manager, mirror manager and more.

Updates

Community Design

Goal of this initiative

CPE has few members that are working as part of Community Design Team. This team is working on anything related to design in Fedora Community.

Updates

  • Finalising F39 beta wallpaper
  • Freetober – Creative Freedom 30-day Art Challenge planning
  • Fedora Podcast animation work underway

The post CPE Weekly update – Week 35 2023 appeared first on Fedora Community Blog.