Red Hat Enterprise Linux 9 became generally available recently. Version 3.35 of syslog-ng has been part of EPEL 9 (the semi-official extra software repo for RHEL maintained by Fedora packagers) for a while and now I enabled a few more destination drivers. I also enabled RHEL 9 support in my unofficial Git snapshot packages, so I can support RHEL 9 together with other RHEL and Fedora versions on the next syslog-ng release.

You can read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/rhel-9-syslog-ng-news

There are situations where you cannot avoid giving a user full shell access through sudo. A shell with administrative privileges gives complete control over your hosts. Until recently, sudo could only log the start of the shell, not the commands executed within it. You could record sessions with sudo, but watching recordings is boring, time consuming and can still be subverted. Version 1.9.8 introduced logging of sub-commands, but that is not yet available on many systems. An alternate approach is to use auditd to log commands started from a root shell.

From this blog you will learn how to use auditd to log commands from a sudo-run root shell, why it is better to use the sub-command logging built into recent sudo releases, and why you should still record sessions with sudo.

You can read the rest of my blog at https://www.sudo.ws/posts/2022/05/looking-inside-sudo-shell-sessions-auditd-session-recordings-log_subcmds/

As the title says, SailfishOS has just recently added official support for the Sony Xperia 10iii. This is great news to anyone in search of an alternative to Android or iPhone. You can read more on the Jolla blog.

You can buy the image for EUR 49,90 in the Jolla webshop and you can find installation instructions for Linux, MS Windows and Mac here.

In case you didn’t already know, SailfishOS is a proper GNU/Linux based mobile operating system developed by the company Jolla in Finland. It’s the continuation of Maemo/MeeGo developed by Nokia so to speak, and it even makes use of some openSUSE technologies such as zypper and Open Build Service. It includes an Android runtime that allows you to run most Android apps.

You can also install SailfishOS on older Sony Xperia models (10ii, 10, XA2, X). Personally I intend to stick with my XA2 Plus for now, even if the 10iii is very tempting.

Snapshots for openSUSE Tumbleweed have been continuously released this month. This week we will look at packages released in four snapshots since Friday.

However, before venturing in to those snapshots, there is a change to NetworkManager expected to arrive in a soon-to-be-released snapshot; it will provide a fix for the wifi chunk changes made in a prior snapshot that caused some connectivity challenges for some users. The advantages of snapper with Btrfs can keep openSUSE’s rolling release users connected through a rollback; users can then update next week and not skip a beat.

The most recent snapshot, 20220523, provided three package updates. Among those were an update to secure communications library gnutls 3.7.5; the package was laying the ground for a future release by adding options to disable session ticket usage in TLS 1.2 because it does not provide forward confidentiality; TLS 1.2 has future backward incompatibility. The other two packages to update in the snapshot were libxkbcommon 1.4.1 and python-sympy 1.10.1, which removed the long deprecated densearith, densesolve, and densetools.

Mesa 22.1.0 arrived in snapshot 20220522. The 3D graphics library included some new features like support for Intel’s Alchemist DG2 platform, Vulkan 1.3 support to Lavapipe, and Kopper interface backports for the Zink. An update of aws-cli 1.24.4 added an optional DeploymentResult field in the responses of GetStageDeploymentIntegrationTests and ListStageDeploymentIntegrationTests Application Programming Interfaces. The release also added support for a human readable alert. An update was made to gtk3 3.24.34, which updated translations and fixed the build issues with GNU Compiler Collection 12. Photo manager shotwell 0.30.16 fixed an issue with dark mode wallpapers and an import and video from a Sony A7C camera. Other packages to update in the snapshot were iptables 1.8.8, yast2-network 4.5.2 and more.

The first minor update was made to Mozilla Firefox 100 in snapshot 20220521. The update took care of two Common Vulnerabilities and Exposures, which were CVE-2022-1802 and CVE-2022-1529, and the web browser also fixed an issue with subtitles in the Picture-in-Picture mode while using Netflix. The 5.17.9 Linux Kernel update fixed a potential theoretical leak in the open-source driver for Nvidia cards, Nouveau. There was also a fix for a potential memory leak with s390.

The update of ImageMagick 7.1.0.35 arrived in snapshot 20220520. The image editor removed some special dolor deduction and fixed a temporary file leak. Sandboxing tool bubblewrap 0.6.2 made changes to the installation directory and to allow compilation with an older glibc. GNOME’s character map gucharmap 14.0.3 improved Korean Hanja pronunciation properties and enabled alphabetical sorting of the Unicode blocks. Other packages to update in the snapshot were a few libraries, yast2-packager 4.5.4 and orca 42.1, which made some changes to the handling of WebKitGtk’s toolkit name casing, so older versions of orca continue to work with newer versions of the WebKit rendering engine.

Terraform and kiwi

Setting up a slurm cluster for testing purpose is always time consuming and error prone. Especially if just some smaller changes in the configuration have to be tested.

In order to automate this, I have written a small test setup based on kiwi and terraform.

The kiwi part builds one image and bakes in the slurm.conf and a proper shared nfs /home. As all nodes boot from the same image the munge key, which is generated at install time, is the same.

So all configuration files are in the right place.

The network configuration is managed with the terraform configuration and with DHCLIENT_SET_HOSTNAME="yes" in the file /etc/sysconfig/network/dhcp the dhpd name is the FQDN.

Usage

The terraform providers have to be installed with

sudo terraform init

Now you can build a image with

./build-image.sh leap15.4

With the image the cluster can be started with

sudo terraform apply -var="image=/var/tmp/leap15.4-current/Leap-15.4_appliance.x86_64-1.15.3.qcow2"

Quiet easy?

Customization

The individual configurations for the images are in their directories. E.g. the configuration for the openSUSE Leap 15.4 image is the file leap15.4/config.xml.

The configuration of the services comes from the files in the assets/ directory, but as the distribution directory is copied over this directory during the image build process, e.g. a distribution specific slurm.conf would resided in tw/root/etc/slurm/slurm.conf.

We are happy to announce the new Kraft version 0.98 that is available for download.

Kraft is software for the Linux desktop to handle quotes and invoices in the small business.

This is a version packed with bugfixes and also new features. The most important fixes were in the area of the catalog handling: Based on bug reports from the community the catalog window was completely reworked. Drag and drop of items in the catalog, the sorting and reordering of items are now working properly and as planned.

Another big addition is the support of . XRechnung is an E-invoicing format more and more mandatory in the governmental area in Germany. We are very proud that Kraft is the first open source office tool that supports that standard in a user friendly way. All invoices can now also exported in the XRechnung-XML format.

Beside these two big improvements, there are lots of others. For example, the user manual was further improved and is available also in Dutch. A lot of other smaller but non the less important improvements and fixes make version 0.98 a valueable release.

We wish a lot of fun with this new improved version of Kraft!

Dear Tumbleweed users and hackers,

This week, we released 6 snapshots. One snapshot hit reached the (negative) record of most failed tests in one run. The issue was simply that YaST was unable to start, which for rather obvious reasons impacts almost all tests. This could swiftly be corrected and the following snapshot already worked again. The 6 published snapshots were 0512, 0513, 0515, 0516, 0517, and 0518.

The main changes included in those snapshots are:

• KDE Gear 22.04.1
• KDE Frameworks 5.94.0
• GStreamer 1.20.2
• Linux kernel 5.17.7
• PostgreSQL 14.3
• bind 9.18.2
• NetworkManager 1.38.0: NOTE: Users upgrading with –no-recommends or recommends disabled in the zypp config, might lose wifi connection. Install NetworkManager-wifi (that specific split is under review in Bugzilla)

The main changes being worked on in Stagings are currently:

• Setting build flags to FORTIFY_SOURCE=3 (starting from snapshot 0519). No full rebuild will be done for this, the packages will get that feature on their next natural rebuild
• Perl 5.34.1
• Linux kernel 5.17.9
• Mozilla Firefox 101
• Mesa 22.1.0
• Python 3.10 as the default interpreter

I got ”inspired” by my writing of the previous blog post, and wrote in a channel about my experience some time ago. So why not also do a blog post about doing a blog post :)

So… I was planning to use GitLab’s Pages feature via my Hugo fork as usual to push it through. So like, concentrate on writing and do a publish, right, like in good old times? I did so, but all I got both locally and in remote pipeline was stuff like…

"ERROR  render of "page" failed: execute of template failed: template: _default/single.html:3:5: executing "_default/single.html" at <partial "head.html" .>: error calling partial: "/git/themes/beautifulhugo/layouts/partials/head.html:33:38": execute of template failed: template: partials/head.html:33:38: executing "partials/head.html" at <.URL>: can't evaluate field URL in type *hugolib.pageState"

Quite helpful, right, and points to the right direction to quickly resolve the issue?

With some googling it turned out everything has changed and stuff is now broken, and meanwhile the approach was re-done (in that and following commits) making everyone’s forks incompatible.

Well, I merged back modifications from there, and noticed there’s another problem, documented as “Generics were introduced in Go 1.18, and they broke some features in the newer versions of Hugo. For now, if you use hugo or hugo_extended versions 0.92.2 or later, you might encounter problems building the website.”. So I went ahead and hard-coded to ages old hugo version, although it then later was revealed it seems to still work for me with newer one as well. The issue is though mentioned in README, and probably leads many to think that’s a cause for their whatever problem, and the issue is still open.

Eventually I got everything working and figured out the settings which naturally had changed. Then I wanted my RSS to be like it was before, non-cut since I knew the cut version worked poorly in Planet.o.o. Naturally this meant I needed to fork the whole theme, declare it as a module of my own to not clash over the upstream, and add the one custom XML file I had hacked together from various sources for the previous theme. This was actually a very pleasant surprise in the end – I randomly guessed I’d paste the file under layouts in my theme fork, and it simply worked the same way it worked in the previous theme!

So problem solved! I think?

Now my emotions regarding Modern Technology were affected by the following, last part too even though it’s not related to Hugo. So, in the end I had everything setup and working, but my post didn’t appear to Planet.o.o. Turns out Planet was also broken, ignoring last 15% of blogs, and I needed to Ruby my way to figure out the workaround 😁

All good in the end, but it turns out there’s no substitute for stable platforms, good documentation and solid user experience even in the days of possibilities of doing git forks, using great languages like Go, having container running pipelines for testing etc - the error messages might be just as unhelpful as ever.

Meanwhile… I updated an association’s 10 year old PHP based Wordpress site (that I got access rights from my fellows who are non-techies) containing the most horrible custom hacks I have seen and no idea who created the site back then – and that site simply upgraded to very latest security patched Wordpress version with zero problems.

Postscriptum: I was not able to publish this blog post, since… you know, stuff had broken again.

panic: languages not configured
goroutine 1 [running]:
github.com/gohugoio/hugo/commands.(*commandeer).loadConfig(0xc0003cc1e0)
	/root/project/hugo/commands/commandeer.go:374 +0xb3c
github.com/gohugoio/hugo/commands.newCommandeer(0x0, 0x0, 0x0, 0xc0003cc0f0, {0x28740a0?, 0xc000010d38}, 0x0, {0x0, 0x0, 0x0})

Helpful error messages to rescue again! After staring at awe at the above for some time… remember the warning about Go generics and Hugo versions? Looks like it came into “fruition”, so it was time to hard-code the Hugo version down now. And you are now enjoying the result!

seidl is a small pint query utility designed to easily list the current publiccloud images in the terminal. Pint (Public Cloud Information Tracker) is the SUSE service to provide data about the current state of publiccloud images across all supported public cloud service providers. The public-cloud-info-client is an already existing versitale client, however I find its usage a bit bulky if it comes to the task of displaying the current images. This is where seidl complements the existing client. See for yourself: