Now that the headline got your attention, let's start with the good news - D-Installer development is progressing just fine. What's the matter then? To answer that question is important to make a difference between D-Installer itself and the live ISO image we provide for everyone to test it.

So let's break this post into sections.

New prototype of D-Installer available for testing​

As you all know, D-Installer is a new application being developed by the YaST Team that will allow to install any (open)SUSE operating system into any virtual or physical machine. It can be controlled via a D-Bus API, a command-line interface or a modern web front-end. It can run directly on top of any Linux system and can also be executed as a container. So you can run D-Installer using the live ISO we provide for testing or you could use it from your currently installed Tumbleweed (eg. to install Leap Micro in another disk) or even as a container on top of Iguana.

Today we published a new prototype of D-Installer fixing several bugs reported by early testers and improving the usage experience in some areas like the configuration of passwords and users. But beyond those improvements, there are a couple of new features that deserve some attention.

The most visible change is the new screen to configure the storage setup. It's the first step towards the vision we documented a couple of months ago. Functionality-wise it brings the ability to install the system using LVM (Logical Volume Manager) and/or full-disk encryption. The exact type of encryption depends on the operating system being installed. For the prototype of ALP ContainerHost, D-Installer will use LUKS2 adjusting some settings to ensure everything works with the provided version of GRUB. The usage of LUKS2 opens the door for future possibilities, like unlocking the encrypted devices on boot using the system's TPM (Trusted Platform Module) instead of entering a passphrase.

Beware the new screen comes also with some other changes. When making space for the new operating system into the selected disk, previous versions of D-Installer mimicked some default behaviors of YaST like trying to keep alive as many partitions as possible or reusing existing LVM structures. That's not the case anymore. We plan to implement a user interface to decide exactly what to delete, keep or resize. But in the meantime D-Installer will go full throttle and delete all previous content in the chosen disk. You have been warned. 😉

Another relevant improvement is the ability to properly configure the boot loader on AArch64 systems. Previous prototypes messed up the selection of GRUB-related packages on non-x86 systems, but now D-Installer is more capable of handling different hardware architectures. At the YaST Team we don't have that many different Aarch64 systems at hand, so we would really appreciate any help testing whether this works consistently. You can do it by grabbing the aarch64 version of the testing live ISO... which leads us to our next topic.

The D-Installer testing ISO image​

As you already know, the most convenient way of testing the prototypes of D-Installer is using the already mentioned live ISO images we constantly build with the latest development version of D-Installer. But, to be honest, we don't have that much time (or knowledge) to invest on those images and there is a lot of room for improvement.

First of all, almost 1 GiB is clearly too much for an image that doesn't even include the packages of the operating systems to be installed (everything is fetched from online repositories). Beyond the size of the ISO, running X11 and Firefox may not be the most memory-efficient way to connect to a local web interface. There is already an open issue suggesting alternative components and approaches, but it's something that can hardly be addressed by the YaST Team in the short term.

Talking about the graphical environment and the web browser. There is actually no need to run them unconditionally when the system boots, like our current live image does. Adding some modularity to the boot process of the image could result in a much smaller memory footprint in scenarios in which the installation process is driven from another device or from the command-line interface.

Moreover, since our live ISO is just an slightly customized version of openSUSE Tumbleweed we are suffering the consequences of some performance problems present in the latest versions. We reported the problem as bug#1205938 and we really need some way to fix it or to work around it. The slowdown described at that bug report can completely ruin the overall experience of using the D-Installer live ISO image.

Join the fun​

The future looks pretty bright for D-Installer now that the general infrastructure is set and we can keep adding all the currently missing features reusing the power of YaST. So please join us in the adventure.

Of course, the easiest way to contribute is by testing the new release and giving us your valuable constructive feedback, so we can keep evolving the current prototype. Additionally, it would be great if you could help to improve the current testing live ISO image or to fix the mentioned performance issue at Tumbleweed. We would also welcome any kind of support in the area of containerization and Iguana.

In all cases, and for any other matter, you know where to find us!

Dear Tumbleweed users and hackers,

There seems to be no stopping Tumbleweed. It has again been rolling at full speed, with 7 snapshots (1125…1201) released this week. As usual, some smaller, some larger ones.

Let’s dive right in and see what changes have been delivered:

• Icewm 3.2.2
• VLC 3.0.18
• Ruby 3.1.3: There was an issue that ruby extensions are newly looked for in vendor_ruby/3.1.0/x86_64-linux-gnu, where the ‘-gnu’ part is new. All ruby packages in Tumbleweed have been rebuilt to follow this change
• SQLite 3.40.0
• Meson 0.64.1
• Python setuptools 65.6.3
• gawk 5.2.1
• libgcrypt 1.10.1: MD5 is disallowed in FIPS mode now
• Systemd 252.2
• LibreOffice 7.4.3RC2
• Bash 5.2.12
• KDE Plasma 5.26.4
• Cryptsetup 2.6.0
• Linux kernel 6.0.10
• Tcl/Tk 8.6.13
• ffmpeg has been switched to use version 5.x by default; ffmpeg-4 is still available and used by some packages

As that list got so long, it’s no surprise that the staging projects do not carry a lot of changes to be tested at the moment – not a lot, but still some, namely:

• rubygem-rspec 3.12.0: The remaining YaST fixes have been incoming and if nothing new comes up, this should be shipped next week
• Podman 4.3.1: fails the openQA tests
• Python pytest 7.2.0
• Switch to openSSL 3: tracked in Staging:N, main failures are nodejs18, nodejs19, openssh, mariadb

And I’m sure we will see many more changes that developers and packagers are currently preparing, but that has not yet been submitted.

A steady pace of openSUSE Tumbleweed snapshots arrived to users this week and there were tons of conversation on the openSUSE Factory mailing list regarding plans to advance the rolling release’s microarchitecture and discussions about the mitigation plan/call for help.

The changes to x86-64-v2 are expected to take place in the first quarter of the 2023 new year and forthcoming changes will be communicated on both the mailing list and blog.

A single package arrived in snapshot 20221128. The Skype plugin for chat client Pidgin, skype4pidgin, updated to version 1.7. The plugin fixed the loss of admin rights when joining a room, problems with file transfers through the client and issues where people were not appearing as being online.

An update of gawk 5.2.1 arrived in snapshot 20221127. The utility fixed issues with the debugger, dropped a few patches and addressed some subtle issues with untyped array elements being passed to functions. The general purpose cryptographic library package libgcrypt, which is based on code from GnuPG, updated to version 1.10.1 and fixed minor memory leaks. The package was updated to improve support for PowerPC architectures and it added the hardware optimizations configuration file hwf.deny to the /etc/gcrypt/ directory. There was also a git+ update of kdump, an update of heaptrack 1.4.0, iputils 20221126 and libeconf 0.4.9, which added new Application Programming Interface calls and fixed some compiling issues.

Snapshot 20221126 updated five packages. A memory leak and buffer overflow were fixed in the libpng16 1.6.39 update. Some code cleanup was made with the libstorage-ng 4.5.53 update and libzypp 17.31.6 avoids calling getsockopt when info is already known and the patch is expected to fix logging on Windows Subsystem for Linux. An upgrade of macros were made for both the coming Leap 15.5 and Fedora 37 in manpages-l10n 4.16.0. An update of python-setuptools 65.6.3 fixed logging errors and improved the reproducibility of clib builds by sorting the sources.

A major version update of text editor nano updated in snapshot 20221125. Nano 7.0 allows for unicode codes to be entered (via M-V) without leading zeroes and by finishing short codes. The new major version now allows string binds containing bindable function names between braces. The braced function names may be mixed with literal text. Nano was not the only text editor to update in the snapshot. An update of vim 9.0.0924 freed memory when executing mapclear, unmenu and delfunc at the more prompt. The package also fixed Amazon Web Services configuration files that were not recognized. An update of video media player VLC 3.0.18 fixed color regression and some rendering and performance issues with older GPUs. Several more packages were update in the snapshot including apparmor 3.1.2, image processing framework gegl 0.4.40, openvpn 2.5.8 and more.

The email announcement for snapshot 20221124 was not sent due to an error with the preparation of the changelog, but the snapshot did go out.

The 7.0.4 version update of virtualbox arrived in snapshot 20221123. The new major version had multiple Graphical User Interface changes to include fixing a regression in the new virtual machine wizard. Oracles’ VM package also added support for the Secure Boot feature. An update of sudo 1.9.12p1 fixed a Common Vulnerability and Exposure that had the potential out-of-bounds write for passwords smaller than eight characters when the password authentication is enabled. CVE-2022-43995 does not affect configurations that use other authentication methods like PAM, AIX authentication or BSD authentication. An update of mariadb 10.10.2 had InnoDB storage crash recovery fixes and improved optimization of joins with many tables, including eq_ref tables.

After yesterday’s deployment, we faced a downtime on our reference server. We want to share with you a detailed explanation of what happened. Impact Our reference server was offline for 13 minutes. The application responded to every request with a maintenance message. No one was able to work with the API or user interface during that time. Root Causes After deploying changes to production the application could not load some of our Ruby gems anymore...

Welcome to the first part of my syslog-ng tutorial series. In this part, I give you a quick introduction what to expect from this series and try to define what syslog-ng is.

I plan to release parts of my tutorial around every week. Of course, the Christmas holidays and the upcoming conference season may cause some delays. Each part will be released as a blog accompanied by a video. It is up to you, which version you follow. However, even if you go with the video, it is worth visiting the blog: you will be able to copy and paste configuration samples from there.

You can watch the video on YouTube:

Or you can read the rest of my blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-1-introduction

A mitigation plan for a microarchitecture level change and information about advancing openSUSE’s rolling release Tumbleweed to an x86-64-v2 microarchitecture kicked off a significant move forward for the project this week.

Tumbleweed and openSUSE other distributions are built for old x86-64-v1 hardware and transitioning to x86-64-v2 will require community efforts to support users with hardware that can’t make the transition to the microarchitecture. 

The “openSUSE Factory repository is repurposed to move forward with x86-64-v2,” wrote Tumbleweed release manager Dominique Leuenberger in an email to the openSUSE Factory mailing list. A new repository “will be set up as openSUSE Factory currently exists today. This change is necessary to align with the SUSE factory first policy to keep aligned with the project’s sponsor’s development efforts.

That new repository looks like it will be named openSUSE:Factory:LegacyX86 and volunteers would be needed to maintain aspects of the repository designed for x86-64-v1 users.

“I’ll help with the initial setup (incl openQA) but, once running, expect not to touch this anymore (unless the people opting to take care ask for specific help),” Leuenberger wrote in a reply. “I expect installer ISO files, but I’d not expect live” images.

People attending openSUSE’s open release engineering meeting discussed the topic and came up with an action plan. 

The discussed and agreed upon solution forward is repurposing Tumbleweed’s main repository to x86-64-v2 like ALP will be upon its release. The i586 support will be dropped from the repository and only -32bit parts that are necessary for specific packages will exist, but no complete repository will exist for -32bit. Users will not need to do anything other than to zypper dup when the repository transitions to x86-64-v2, but a notification for this change is expected to be sent to users.

As for the users of the legacy systems who remain on x86-64-v1, action will be necessary. The repository list will need to be updated from download.opensuse.org/tumbleweed/repo/oss to something like download.opensuse.org/ports/legacyx86/tumblewed/repo/oss.

“With this solution, we provide benefits to users of more recent machines than that of V1 by using the newer CPU instructions,” he wrote. “Yet this provides a path for users to still run Tumbleweed on machines that might not have the needed hardware.”

To check the hardware for those running Tumbleweed, users can use the following command in a terminal.

/lib64/ld-linux-x86-64.so.2 --help

Results should likely result in the following:

x86-64-v4

x86-64-v3 (supported, searched)

x86-64-v2 (supported, searched)

“Once the new intel port repository is ready, I’ll let you know the exact location of it,” Leuenberger emphasized in the email “We can expect for these changes to take place in the first quarter of the new year of 2023.”

A recent poll on openSUSE’s Twitter found that 51 percent of poll respondents had an understanding of microarchitecture levels and the benefits it brings to developers and infrastructure optimization.

For more information, follow the discussion on the openSUSE Factory mailing list.

Once again, we worked on the request workflow. This time we have delivered a renovated interface to show the build results, ready to be consumed by the most demanding palates. Besides that, we have cooked up a couple of additions arranged on several tabs for the hungriest. Just keep reading, help yourself and enjoy. The request redesign is part of the beta program. We started the redesign of the request workflow in August 2022. Then,...

Dear Tumbleweed users and hackers,

Apologies for sending out the review a day late, somehow I was drowning myself in build fixes yesterday, lost track of time, and suddenly it was too late. But of course, you are all curious to hear what happened during this week and, most likely even more interested in what the future holds for us. We again published a full 7 snapshots (1118…1124), of which 1124 did not have a Changes file generated, and thus no announcement mail was sent out (which will need to be investigated).

The most relevant changes in those snapshots were:

• libinput 1.22.0: A new flat acceleration profile for trackpoints, making them more usable in some cases
• ibus: switch to systemd service to start ibus daemon (boo#1201421)
• Mesa 22.2.4
• bind 9.18.9
• Virtualbox 7.0.4
• MariaDB 10.10.2
• llvm 15.0.5
• Nodejs 19.1.0
• pipewire 0.3.60
• Samba 4.17.3
• Poppler 22.11.0
• Memcached: binary was moved to /usr/bin to be aligned with RHEL and Debian (some of our build scripts explicitly expect it in /usr/sbin, those need to be adjusted)
• Apparmor 3.1.2
• Meson 0.64.0

Things that are currently in stagings or already passed and will be part of the next few snapshots:

• VLC 3.0.18
• Meson 0.64.1
• Icewm 3.2.2
• SQLite 3.40.0
• Python setuptools 65.6.3
• Libgcrypt 1.10.1
• gawk 5.2.1
• rubygem-rspec 3.12.0: YaST is in the progress of catching up with the needed changes
• Switch default from ffmpeg4 to ffmpeg5 (opencv3 is the last package missing)
• Switch to openSSL 3 (Status can be tracked in Staging:N)

Yesterday, I had an opportunity to visit the German Climate Computing Centre (Deutsches Klimarechenzentrum – DKRZ) here in Hamburg to learn more about their research and tour their data center.

They recently installed a new supercomputer named HLRE-4 Levante, and it was very impressive. What surprised me most was how quiet a data center can be inside when it’s water-cooled.

Some specs of this system include:

• 2,832 compute nodes
• Peak performance: 14 PetaFLOPS
• Main memory (total): 815 Terabyte
• 60 GPU nodes each equipped with 2 AMD 7713 CPUs (main memory 512 Gigabyte) and 4 Nvidia A100 GPUs
• Peak performance: : 2.8 PetaFLOPS
• Main memory: approx. 30 Terabyte
• Graphics memory: approx. 5 Terabyte
• Networking: NVIDIA Mellanox InfiniBand HDR 100G/200G
• Disk storage: 130 Petabyte (Lustre) by DDN
• Long-term storage is performed via an array of 8 Oracle/StorageTek SL8500 tape libraries (over 300 Petabytes total capacity)

I took some pictures that you can find here – enjoy!

This week saw the continuous release of openSUSE Tumbleweed snapshots reach 42.

Packages to arrive this week include Mesa, bind, Flatpak and more.

These three above packages arrived in snapshot 20221122. Mesa 22.2.4 fixed some flickering issues in Spider-Man Remastered related to RADV for AMD, and it fixed some other flaws affecting gaming. An update of bind 9.18.9 fixed a recovery related to connectivity issues during startup, and it fixed an overflow in certain resolution scenarios. Flatpak 1.14.1 added new features like a httpbackend variable that allows dependent projects like GNOME Software to detect whether they are compatible with libflatpak. The cross-distro package also fixed an issue so that applications do not inherit outdated Wayland and X11 socket addresses. After a year, hxtools moved from version 20211204 to 20221119; the collection of tools and scripts added a new utility and implemented an aspect ratio correction for selective file-dump outputs. There were a few yast2 package updates like yast2-storage-ng 4.5.14, which proposes support for LUKS2 encryption with a configurable PBKDF to be used by the D-Installer. Several other packages were updated as well.

The 20221121 snapshot updated just two packages. The GStreamer plugins written in Rust, gstreamer-plugins-rs, provided a recent November git 0.9+ update. The package added support for the muxing video VP9 codec stream and added a new mux subdirectory for container formats. Xfce’s configuration system was updated with the xfce4-settings 4.16.5 package. The minor update fixed a regression introduced in version 4.16.4 that caused exo-open not to work with the path spaces inside.

A handful of packages were updated in snapshot 20221120. Among those was an update of terminal emulator xterm 376; this update modified a configuration script to always check for GNU Compiler Collection attributes and it fixed a copy/paste error. An update of multiple-precision floating-point library was updated. The mpfr 4.1.1 version improved manual formatting, updated the keyring and fixed multiple bugs, which included one in particular for macros implemention function. The library and command line tool for compressed files, xz 5.2.8, had a change that matches GNU gzip and it is now a more logical treatment of the output file, which successfully closes when xz cannot remove an input file. The package also fixed displaying the file sizes in the progress indicator. Input device management and event handling library libinput 1.22.0 includes quirks for laptops from Lenovo, Acer as well as for arm-based Chromebooks. The package has a new flat acceleration profile for trackpoints that make them more usable in some cases. The last package to update in the snapshot was the Portable Open Source UPnP Development Kit libupnp 1.14.15, which made a fix for some CMake missing files in the autotools distro.

PDF renderer poppler updated to version 22.11.0 in snapshot 20221119. The update had some small code refactoring and protects against file breakage. A 1.0.2+git20 update of kdump disabled a build on arm 32bit. An update of NetworkManager-openvpn 1.10.2 updated translations, fixed secret flags initialization and added support for the DOMAIN-SEARCH option. Other packages updated in the snapshot including quota 4.09, libpipeline 1.5.7, taglib 1.13 and more.

The 20221118 snapshot had several YaST packages updated. An update of yast2-installation 4.5.9 wrote a configuration script to enable a security policy, and the package fixed with help in the installation summary to include text from corresponding proposals. An update of yast2-security 4.5.3 fixed hash vs keyword argumentations in the testing tool RSpec, which was also reflected in the yast2 4.5.19 update. An update of autoyast2 4.5.9 added the necessary packages for kdump even when a kdump section is not defined if the product enabled kdump by default. A couple patches were removed from llvm15 15.0.5 and a support function mocking on Node.js test runner was made with the nodejs19 19.1.0 update. The audio package update of pipewire 0.3.60 added a patch from upstream that fixes some devices that don’t seem to work in 48,000Hz, and a new Real-time Transport Protocol module was added with a sender and receiver that is compatible with the PulseAudio RTP modules. A 4.17.3+git update of samba fixed a Common Vulnerability and Exposure that had a buffer overflow on 32-bit systems.

To end the week, a discussion has been started on the openSUSE fatory mailing list about coming changes to the distro’s microarchitecture level specific to x86-64. News about this discussion and a path forward will be published next week.