The openSUSE.Asia Summit brought together developers, students and open-source advocates together at Manav Rachna International Institute of Research and Studies (MRIIRS) from Aug. 29 - 30 and celebrated 20 years of the project.

The two-day event opened with a ceremony and keynotes from Satyakam Goswami and I. Goswami covered the history of open-source and pulled off his shirt to reveal an openSUSE-themed T-shirt, underscoring his enthusiasm for the project. My keynote reflected the past two decades of the project and highlighted the milestones in the community’s growth.

Cake:

Talks ranged from healthcare to cloud computing. Axel Braun addressed the risks of commercial health data platforms and showcased GNU Health while Prakhar Bansal shared his experience deploying GNU Health at AIIMS during the COVID-19 pandemic, emphasizing the need for collaboration and code-sharing in India’s public sector.

Other sessions included virtualization strategies for enterprises, openSUSE’s role in data science with Python and Jupyter, and a shorter workshop on SELinux as well as a presentation on its advances and being the default security layer in openSUSE Tumbleweed. The project also had a few Google Summer of Code mentees provide talks at the event.

Google Summer of Code:

Google Summer of Code:

Lubos Kocman previewed the upcoming Leap 16.0 release and Patrick Fitzgerald argued the reasons for Linux adoption in governments and businesses as the end of Windows 10 opens the door for openSUSE. The summit was organized with the support of MRIIRS faculty and students, who worked alongside many speakers. More than 600 people attended the event.

Between talks, students and speakers bonded over tea breaks sharing interests, exchanging technical knowledge and personal stories.

The cultural exchange extended beyond the campus; on Sunday after the summit, a group of speakers, student helpers and organizers traveled to visit the Taj Mahal, capping the event by seeing one of India’s most iconic landmarks and one of the New 7 Wonders of the World.

Trip to Taj Mahal:

For many participants, the trip highlighted how open-source events can transcend technical learning and build networks for learning.

The book containing images of all the openSUSE Asia Summits was handed over to organizers of this year’s summit in India from last year’s organizers in Japan.

Summit Book:

The openSUSE.Asia Summit brought together developers, students and open-source advocates together at Manav Rachna International Institute of Research and Studies (MRIIRS) from Aug. 29 - 30 and celebrated 20 years of the project.

The two-day event opened with a ceremony and keynotes from Satyakam Goswami and I. Goswami covered the history of open-source and pulled off his shirt to reveal an openSUSE-themed T-shirt, underscoring his enthusiasm for the project. My keynote reflected the past two decades of the project and highlighted the milestones in the community’s growth.

Cake:

Talks ranged from healthcare to cloud computing. Axel Braun addressed the risks of commercial health data platforms and showcased GNU Health while Prakhar Bansal shared his experience deploying GNU Health at AIIMS during the COVID-19 pandemic, emphasizing the need for collaboration and code-sharing in India’s public sector.

Other sessions included virtualization strategies for enterprises, openSUSE’s role in data science with Python and Jupyter, and a shorter workshop on SELinux as well as a presentation on its advances and being the default security layer in openSUSE Tumbleweed. The project also had a few Google Summer of Code mentees provide talks at the event.

Google Summer of Code:

Google Summer of Code:

Lubos Kocman previewed the upcoming Leap 16.0 release and Patrick Fitzgerald argued the reasons for Linux adoption in governments and businesses as the end of Windows 10 opens the door for openSUSE. The summit was organized with the support of MRIIRS faculty and students, who worked alongside many speakers. More than 600 people attended the event.

Between talks, students and speakers bonded over tea breaks sharing interests, exchanging technical knowledge and personal stories.

The cultural exchange extended beyond the campus; on Sunday after the summit, a group of speakers, student helpers and organizers traveled to visit the Taj Mahal, capping the event by seeing one of India’s most iconic landmarks and one of the New 7 Wonders of the World.

Trip to Taj Mahal:

For many participants, the trip highlighted how open-source events can transcend technical learning and build networks for learning.

The book containing images of all the openSUSE Asia Summits was handed over to organizers of this year’s summit in India from last year’s organizers in Japan.

Summit Book:

Several software packages were updated in openSUSE Tumbleweed during August that brought new features, performance improvements and some important security fixes for rolling release users.

Major updates included glibc 2.42 with support for new C standards, VirtualBox 7.2.0 and Bash 5.3.3, which improves script handling and adds new built-ins. KDE Gear 25.08.0 also landed to enhance applications for travel, file management, and encrypted communication.

These updates were complemented by refinements to xfce4-session 4.20.3, xfce4-settings 4.20.2, improvements to multimedia with GStreamer 1.26.5, HarfBuzz 11.4.1, and graphics stability enhancements were also realized through the Mesa 25.1.7 update. Kernel 6.16.0 expanded hardware support by notably adding integration for the Raspberry Pi 5 RP1 chipset.

Other essential tools saw progress as well. Read more below and as always, be sure to roll back using snapper if any issues arise.

For more details on the change logs for the month, visit the openSUSE Factory mailing list.

New Features and Enhancements

KDE Gear 25.08.0: This is a fresh wave of app updates focused on travel, productivity, and usability for KDE Plasma users. Itinerary gets major upgrades, letting users manually add trips, view live maps, check delays, and even find ferry and flight alternatives. Dolphin adds a faster file search, direct Filelight integration for visualizing disk usage, and more sorting and view options. Akonadi cuts memory usage by up to 75 percent for smoother email, contacts, and calendar syncing, while Kleopatra now supports multiple encrypted notepads. Neochat introduces polls and Angelfish improves browsing shortcuts. A was a well-rounded release that makes KDE apps faster, smarter, and travel-ready.

xfce4-session 4.20.3: This update improves startup speed and stability for Xfce users, especially on Wayland. The auto-start timeout has been reduced to make sessions launch faster, which addresses slow startups. Several enhancements improve Wayland integration, including better keyboard layout detection, avoiding duplicate D-Bus sessions, and removing unnecessary settings like the SDL video driver variable. Screen casting support has been improved with updated portal configurations, and default settings for Labwc (a Wayland-compatible window manager) have been added. This update changes make Xfce sessions more responsive and better optimized.

xfce4-settings 4.20.2: The Xfce settings update fixes a memory leak and enhances security when reading hardware identification data. The update improves display handling on both X11 and Wayland and ensures screen modes and flags are processed correctly to reduce unnecessary communication with the display server. Debug logging has been improved for easier troubleshooting, and a minor build system update ensures resources are properly included at runtime.

glibc 2.42: This release adds support for the latest ISO C23 and upcoming C2Y standards, which include new math functions like pown, rsqrt, and compoundn. Performance is improved with enhancements to the memory allocator and a new lightweight stack guard feature helps prevent stack overflow attacks.

VirtualBox 7.2.0: The interface has been redesigned to make tools easier to access with this release. On ARM-based systems, VirtualBox now supports running Windows 11 ARM virtual machines, which expands compatibility for developers and testers. Linux users gain improved video playback performance with hardware-accelerated video decoding when 3D support is enabled. Additionally, the NVMe storage controller emulation has been moved into the open-source base package and advances storage features to all users by default.

Bash 5.3.3: Bash fixes how the wait command handles process IDs in POSIX mode and improves script detection by checking the first two lines. The shell now better preserves quotes during command completion and reports more accurate error locations in scripts. New features include a GLOBSORT variable to control how file names are sorted, a ${ command; } syntax for faster command substitution without forking, and new built-ins like strptime and kv. Security and stability are enhanced by removing outdated reliance on shm_open and improving signal handling during completions. These changes make daily terminal use smoother and more predictable for developers and system administrators.

GStreamer 1.26.5: This fixes a regression in audio conversion, prevents crashes when adding URIs without available decoders, and resolves memory leaks during video resolution changes. Support for modern formats like JPEG XS is now available in videorate and imagefreeze, and GPU memory handling is improved for closed caption overlays. The update also brings better device monitoring and screen capture, along with numerous fixes for thread-sharing and streaming, which result in smoother media playback, fewer glitches, and better performance.

HarfBuzz 11.4.1, 11.4.3, 11.4.4: The text shaping engine introduces general speedups for shaping and subsetting fonts, making applications that display complex text faster and more responsive. ccuracy has been improved by fixing a regression that affected mark glyphs in certain fonts and correcting the pruning of mark filtering sets during subsetting, which previously caused unintended shaping changes. The Graphite backend now properly handles cases where glyph spacing could turn negative, enhancing text layout quality. Subsetting is further optimized by removing unused mark-attachment lookups to reduce font size, and a new experimental shaping backend offers flexibility for testing and performance evaluation.

ModemManager 1.24.2: This update fixing issues with CDMA/EVDO detection, NB-IoT reporting, and manual registration refresh. It enhances system stability by ensuring bearers disconnect before suspend and disabling unwanted 3GPP events during quick suspend/resume cycles.

Key Package Updates

Kernel Source 6.16.0: One of the biggest additions to the Linux kernel is expanded support for the Raspberry Pi 5 through the integration of the RP1 chipset, so people can see it put to use with openSUSE arm development. New drivers and configurations have been added to enable RP1 clocks, GPIO, pin control, and miscellaneous device features, ensuring full compatibility with Raspberry Pi’s latest hardware. Several security and stability fixes are included, such as resolving issues with Btrfs log tree recovery, SPI property handling, and HKDF cryptographic operations in FIPS mode. Configuration files have been refreshed for ARM and x86 platforms. This release also improves device tree bindings and clock management while addressing multiple driver and architecture-specific issues.

Mesa 25.1.7: This 3D Graphics package update resolves issues like high GPU usage in Zink, crashes in Chromium’s accelerated video decoding, X11 image acquire segfaults, and some video color conversion bugs. Fixes also address performance regressions, race conditions with timeline semaphores, Vulkan device creation issues in Lavapipe, and some RadeonSI and RADV driver problems. While no new features are introduced; this release improves reliability across OpenGL and Vulkan implementations.

btrfsprogs 6.16: This update improves how the Btrfs filesystem handles data and storage. It fixes incorrect size reporting for partitions, prevents accidental overwriting of existing filesystems, and adds better detection for storage device features. There’s also a new option to disable file compression during defragmentation, along with improved support for Android builds and updated documentation.

NetworkManager-openvpn 1.12.2: This update improves the stability and security of OpenVPN connections in NetworkManager. It fixes a bug where invalid or expired authentication challenges were being reused to ensure safer connection handling. Support has been added for the data-ciphers option and its fallback setting along with a graphical interface to manage these settings more easily. The authentication dialog has been updated to GTK4 for a more modern look, and certificate handling has been improved by importing them into the user’s data directory. Additional fixes improve password export handling, translation updates, and overall reliability.

git 2.51.0: This update introduces a better way to save and move certain changes between repositories, improves performance when pushing and fetching updates, and adds support for modern authentication like OAuth2. Git is also preparing for version 3.0, which will include a faster storage format and stronger SHA‑256 security by default.

QEMU 10.0.3: The update of for the machine emulator and virtualizer fixes critical issues in PCIe SR-IOV configuration that could lead to state desynchronization (CVE-2025-54566, CVE-2025-54567), resolves a buffer overflow in the network backend, and corrects bugs in register handling and CPUID emulation. The release also improves ARM virtualization on HVF, fixes VNC performance, and enhances virtio-net migration with RSS support.

hplip 3.25.6: The HP Linux printing software now supports more printers, including the HP LaserJet Enterprise Flow MFP 8601z, HP Envy Photo 7900 series, and HP OfficeJet Pro 9130 series. It also fixes crashes when setting up printers and improves compatibility with certain configuration files.

opensuse-welcome 0.1.10: The welcome app that appears after installing openSUSE has been streamlined. It now hides itself automatically on GNOME desktops, removes unused options, and adds new translations in multiple languages for a smoother experience.

wireless-regdb 20250710: This update improves Wi-Fi compatibility worldwide. It adds updated regulations for using the 6 GHz band in multiple countries, including the UK, Brazil, Egypt, Indonesia, and Vietnam, which allows for faster and more reliable wireless connections.

GTK3 3.24.50: The themes have been refreshed with updated CSS, better symbolic icon support, and a new progress-working icon, while removing the dependency on the hardcoded Cantarell font. The GtkShortcutsWindow now visually differentiates all keypad symbols for improved accessibility. Integration has been enhanced by allowing unsandboxed apps to register with desktop portals to improve compatibility in modern environments. Important fixes include resolving a crash on Wayland, improving window geometry handling on X11, and making compose sequence visuals configurable for better input control. Printing support has been improved with compatibility for libcups 3.

libvirt 11.6.0: This release has a new flag allowing computing baseline CPU models on any host, which makes cross-host compatibility easier. QEMU TLS settings can now be controlled via qemu.conf, helping avoid potential crashes during live migrations. For s390 domains, deprecated CPU model features are now disabled by default, ensuring better compatibility when migrating workloads to newer systems. Several enhancements improve usability and compatibility, including switching the default SCSI controller model to virtio-scsi on ARM and RISC-V for better operating system support. Users can now set zero discard granularity for block devices, helping systems like Windows avoid unwanted disk trimming. Timeout handling for bhyveload has been added, along with improved debugging for NSS modules and relaxed TLS certificate requirements to better support TLS 1.3.

Qt 6.9.2: This update finclude more accurate URL handling, stricter QByteArray::toDouble() parsing, better font family support, and fixes for window focus and orientation reporting. Multimedia sees crash fixes, more reliable FFmpeg integration. WebEngine and Wayland stability are improved, while QML and Qt Quick address crashes, rendering issues, and input glitches. Bundled libraries such as SQLite, libpng, libjpeg-turbo, and Harfbuzz are updated, ensuring a more secure and reliable development base.

PHP 8 8.4.12: This release resolves issues with property handling, iterators, generators, and compiler crashes. LDAP, LibXML, and MbString received stability updates to prevent segmentation faults and shutdown crashes. Opcache improvements prevent use-after-free errors and crashes related to hooks and JIT restarts. OpenSSL fixes address incorrect return checks and segmentation faults in key derivation.

Bug Fixes and Security Updates

tpm2-0-tss 4.1.3: This update improves TPM2 software stack stability and POSIX compliance. Version 4.1.3 fixes name collisions during dlopen() on certain linkers. Version 4.1.2 corrects a POSIX compliance issue in configure.ac and replaces the deprecated use of which with command -v. Version 4.1.1 fixes the inclusion of .map and .def files in release tarballs, ensuring proper packaging. Overall, this release focuses on compatibility, cleaner builds, and enhanced reliability across supported environments.

Several key security vulnerabilities were addressed this month. Common Vulnerabilities and Exposures this month are:

Security Updates

postgresql 17.6:

• CVE-2025-8713: Fixed issue where PostgreSQL optimizer statistics could expose sampled data within a view, partition, or child table.

• CVE-2025-8714: Patched vulnerability in pg_dump allowing a superuser on the origin server to execute arbitrary code in the psql client. CVE-2025-8715: Addressed pg_dump flaw where a newline in object names could trigger arbitrary code execution in both the psql client and the restore target server.

QEMU 10.0.3:

• CVE-2025-54566: Fixed migration state inconsistency which could trigger unexpected behavior and potentially a denial-of-service.

• CVE-2025-54567: Addressed logic flaw in handling the VF Enable bit write mask within QEMU’s SR‑IOV code (hw/pci/pcie_sriov.c), which could lead to improper control of virtual function configuration.

python-pycares 4.10:

• CVE-2025-48945: Fixed use-after-free vulnerability in the Python module pycares, where a Channel object could be garbage collected while DNS queries were still pending—leading to interpreter crashes.

**unbound **:

• CVE-2025-5994: A multi‑vendor cache poisoning vulnerability—dubbed the “Rebirthday Attack” affects caching DNS resolvers that support EDNS Client Subnet (ECS). This segregation enables attackers to exploit the birthday paradox, guessing DNS transaction IDs with non‑ECS poison responses to contaminate the cache.

glibc:

• CVE-2025-7039: Fixed a buffer underrun vulnerability that could lead to memory corruption or instability.

Python:

• CVE‑2025‑8194: Resolved a high‑severity infinite‑loop and deadlock flaw in CPython’s tarfile module. When parsing maliciously crafted .tar archives containing entries with negative offsets, the vulnerable code fails to validate these offsets properly, which can result in an infinite loop and parser deadlock. The issue was addressed in Python 3.14.0 and has backported patches.

GnuTLS 3.8.10:

• CVE-2025-6395: Fixed a NULL pointer dereference in GnuTLS’s _gnutls_figure_common_ciphersuite() when the second Client Hello omits a pre‑shared key (PSK), which could lead to memory corruption or a denial‑of‑service (DoS).

• CVE-2025-32989: Patched a heap-buffer-overread vulnerability in the handling of Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extensions during X.509 certificate parsing in GnuTLS. A specially crafted SCT extension could expose sensitive data.

• CVE-2025-32988: Addressed a double‑free vulnerability due to incorrect ownership handling in Subject Alternative Name (SAN) export logic for otherName entries in GnuTLS. Malformed OID data could trigger freeing of memory twice, potentially causing memory corruption or DoS.

• CVE-2025-32990: Fixed an off‑by‑one heap-buffer-overflow in GnuTLS’s certtool template parsing logic. When reading certain template file settings, this could trigger a NULL pointer write outside intended bounds, leading to memory corruption and DoS.

Users are advised to update to the latest versions to mitigate these vulnerabilities.

Conclusion

August’s updates reinforced why openSUSE Tumbleweed is a premier rolling release that brings modern standards, polished desktop environments, and rapid security fixes consistently. From adding cutting-edge hardware support to enhancing developer tools, the distribution continues to evolve at a rapid pace. Users can reliably enjoy stability, security and keep rolling with the pace of development.

Slowroll Arrivals

Please note that these updates also apply to Slowroll and arrive between an average of 5 to 10 days after being released in Tumbleweed snapshot. This monthly approach has been consistent for many months, ensuring stability and timely enhancements for users. Updated packages for Slowroll are regularly published in emails on openSUSE Factory mailing list.

Contributing to openSUSE Tumbleweed

Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list. For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.

Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.

Those who follow my blog are already aware that I love and listen to “Made in Hungary” high-end audio gear: https://peter.czanik.hu/posts/zsolt-audio-turns-40-this-year/. This weekend I visited Zsolt Audio again. He showed us his latest creation, a pair of speakers, which he called “no-name” and “anti-marketing”.

However, when I arrived at today’s event, music was still playing on another pair of loudspeakers. Last time I wrote about a pair of classical floor-standing speakers, a reincarnation of the StandArt line of loudspeakers. It is now turned into a proper product and should be available soon. No more beautiful code names, instead it’s called C35, where C refers to classical design, and 35 to the years of his experience in loudspeaker production.

After a few songs Zsolt changed to the main attraction: a completely boring looking, bookshelf loudspeaker. A slightly larger 12 liter brick. Spoiler alert: “No-name” and “anti-marketing” only describes the look, not the sound…

Someone recommended him to check out Wavecor speakers. He built a loudspeaker around the sample pair of speakers he received from the manufacturer, and was impressed about the result. We had a chance to listen to the design which is considered to be final, and as far as I could tell, everyone in the room was impressed about the no-name loudspeakers as well. :-)

Once upon a time I became a Zsolt Audio fan, because I heard the Enigma 5 loudspeakers at an event. They are non-directional speakers, and I love the spatial sound they create. These “no-name” loudspeakers are directional, at least by the look. Of course they cannot match the Enigma 5, but these boring looking loudspeakers do a really good job playing back any acoustic music, be it jazz, classical or contemporary recordings, in a spatial way. Voices and instruments are not just right and left, as with most speakers, but a bit also up and down, close and far away, which is usually Enigma territory. Somewhere between the C35 and the Enigma 5.

The above list of genres of course also means that something is missing. (Prog)rock and metal, where it’s not just the ear, but the whole body is sensing the sound, are a kind of weak point on these loudspeakers. Except when you double them. Note: Do not try this at home! :-) Zsolt connected a second pair of “no-name” loudspeakers to the amplifier, and we listened to some Rammstein. The result was considered as perfect also by the rockers in the room!

I just realized recently that Zsolt also has loudspeakers, which combine directional and non-directional sound. This event was of course not about these, I’m not even sure if they are still produced. But I hope that one day I can listen to the Envoy:

Dear Tumbleweed users and hackers,

Week 35 felt a little calmer. Our packagers delivered high-quality submissions that required little intervention from release engineering once staged. When things just work, they tend to go unnoticed. We published four snapshots this week, namely 0822, 0825, 0826, and 0827.

The most noteworthy changes in these snapshots were:

• GNU Gettext 0.26
• ImageMagick 7.1.2.1 & 7.1.2.2
• bind 9.20.12
• nftables 1.1.4
• Python 3.13.7
• kdump 2.1.6
• colord 1.4.8 / colord-gtk 0.3.1
• GStreamer 1.26.5
• Linux kernel 6.16.3
• mozjs 128.14.0
• system-users: all system users are now configured to be ‘fully locked’ (as per man sysusers.d). This means not only is an invalid password set, but any login method is denied for these users

Staging projects and QA are currently busy on these updates:

• Migrate to use ffmpeg-8 by default
• Qt 6.9.2
• Linux kernel 6.16.4
• GCC 15.2
• Mozilla Firefox 142: mozilla-nss 3.115.1 breaks the build of certmonger

After I took a longer break from KDE development, I’ve been back in action for a few months now. It’s really nice to be back among friends, hacking on what I like most: Plasma. My focus has been on Plasma Mobile with some work naturally bleeding over into other areas.

Plasma on more Devices

I’d like to share some bits and pieces that I’ve worked on in the past months. Most of my efforts have revolved around making Plasma Mobile suitable for a wider range of devices and use-cases. The purpose of this work is that I want to make Plasma Mobile a more viable base for all kinds of products, not just mobile phones. We have a really mature software stack and great tools and applications which make it relatively easy for companies to create amazing products without having to hire large teams and many years to get the product ready for their market. This is I think a very interesting and worthwhile niche for Plasma to get into and I’m sure that Valve is not the only company that understands this.

Convergence Improvements

Convergence, or rather being able to support and switch between formfactors and usage patterns has always been a pet-peeve of mine and still is.
One area was improving using the available screen real estate use landscape displays (Plasma Mobile has quite naturally been rather “portrait-focused”, though a few smaller patches go a long way.)

I also improve usability with different pixel densities in the mobile shell by making the size of the top panel configurable. Also, when plugging in a second monitor, Plasma Mobile now switches from “all apps are maximized” to normal window management. (I’m currently working on KWin supporting more fine-grained window management. Currently, we just maximize all windows which has problems especially with modal dialogs.)

One changeset I worked on earlier this year makes it possible to ship multiple user interfaces for settings modules (“kcms”). An example is the “remote desktop” kcm which now shows a mobile-focused UI in Plasma Mobile. What happens here is that we load a main_phone.qml file in Plasma Mobile (where “phone” is picked from a list of form factors set in the environment of the session, so basically the “main” QML file gets picked based on the device. This mechanism allows us to share components quite easily, reducing the delta between different device UIs.

This actually builds on top of work that I’ve done ten years ago which added support for form factors to our plugin metadata system.
I’ve also made the “Display & Monitor” kcm usable on mobile, this is a pretty important thing to have working when you want to be able to plug in an external monitor into your device. I have a mobile version of the keyboard KCM in the pipeline, too, but this will need a bit more work before it’s ready for prime-time.

More Features

There’s a new page in the mobile Wi-fi settings module, showing connection details and tranfer speeds. The code for this was amazingly simple since I could lift most of the functionality from the desktop panel widget. A shared code-base across devices really speeds up development.

Adding useful features here and there, such as having the list of available bluetooth devices now filtered by default and only showing devices which actually make sense to pair (with an option to “Show all devices” in good Plasma manner). This feature isn’t mobile-specific, so desktop and laptop users will benefit.

Welcome to Okular Mobile

Not all my work goes into infrastructural and “shell” bits. The mobile okular version has now kind of caught up with the desktop version since it got a nice welcome screen when opened. This allows the user to easily open a document either from the “Documents” directory on disk (this is actually configurable) or one of the recent files viewed.

Going to Akademy ’25

After having missed our yearly world conference for a number of years, this year I will be at Akademy again. I’m really looking forward to seeing everybody in person again!

See you in Berlin!

Whenever I present syslog-ng at a conference or I stand next to a booth, people often ask me why should they use syslog-ng instead of one of its competitors. So let me summarize what the users and developers of syslog-ng typically consider as its most important values.

Documentation

Yes, I know, this is not syslog-ng itself. However, talking to some of our most active and loyal users, one common feedback was that they had chosen syslog-ng because of the quality of its documentation. Syslog-ng have always had very detailed and (usually) up-to-date documentation. Unfortunately though, there has been a period when our documentation has fallen victim of resource shortages for a while. However, as soon as these resource shortages have been taken care of, bringing our documentation up to pace has been at the top of our list.

Read about the rest at https://www.syslog-ng.com/community/b/blog/posts/the-core-values-of-syslog-ng

This week is the last week of Google Summer of Code for this year edition, and I'll do a summary of what we have been doing and future plans for the Log Detective integration in openSUSE.

I wrote a blog post about this project when it starts, so if you didn't read, you can take a look.

All the work and code was done in the logdetective-obs github repository.

Aazam, aka the intern, also wrote some blog post about his work.

Initial Research

The idea of the project was to explore ways of integration of LogDetective with the openSUSE dev workflow. So we started collecting some build failures in the openSUSE build service and testing with log detective to check if the output is smart or even relevant.

The intern creates a script to collect log from build failures and we store the LLM answer.

Doing this we detected that the log-detective.com explain is very slow and the local tool is less accurate.

The results that we got weren't too good, but at this point of the project is something expected. The model is being trained and will improve with every new log that users send.

Local vs Remote, model comparison

The logdetective command line tool is nice, but LLM requires a lot of resources to run locally. This tool also uses the models published by fedora in huggingface.co, so it's not as accurate as the remote instance that has a better trained model and is up to date.

In any case, the local logdetective tool is interesting and, at this moment, it's faster than the deployed log-detective.com.

Using this tool, Aazam did some research, comparing the output with different models.

logdetective apache-arrow_standard_x86_64.log\
  --model unsloth/Qwen2.5-Coder-7B-Instruct-128K-GGUF\
  -F Qwen2.5-Coder-7B-Instruct-Q4_K_M.gguf\
  --prompt ~/prompt.yaml

So using other specific models, the logdetective tool can return better results.

The plugin

openSUSE packagers uses the osc tool, to build packages in build.opensuse.org. This tool can be extended with plugins and we created a new plugin to use log-detective.

So a packager can get some AI explanation about a build failure with a simple command:

$ osc ld -r -p devel:languages:python --package python-pygame --repo openSUSE_Tumbleweed
🔍 Running logdetective for python-pygame (openSUSE_Tumbleweed/x86_64)...
Log url: https://api.opensuse.org/public/build/devel:languages:python/openSUSE_Tumbleweed/x86_64/python-pygame/_log
🌐 Sending log to LogDetective API...
 The RPM build process for the `python-pygame` package failed during the
`%check` phase, as indicated by the "Bad exit status from /var/tmp/rpm-
tmp.hiddzT (%check)" log snippet. This failure occurred due to seven test
failures, one error, and six skipped steps in the test suite of the package.



The primary issue causing the build failure seems to be the traceback error in
the `surface_test.py` file, which can be seen in the following log snippets:



[[  278s] Traceback (most recent call last):
[  278s]   File "/home/abuild/rpmbuild/BUILD/python-
pygame-2.6.1-build/BUILDROOT/usr/lib64/python3.11/site-
packages/pygame/tests/surface_test.py", line 284, in test_copy_rle
]
[[  278s] Traceback (most recent call last):
[  278s]   File "/home/abuild/rpmbuild/BUILD/python-
pygame-2.6.1-build/BUILDROOT/usr/lib64/python3.11/site-
packages/pygame/tests/surface_test.py", line 274, in
test_mustlock_surf_alpha_rle
]
[[  278s] Traceback (most recent call last):
[  278s]   File "/home/abuild/rpmbuild/BUILD/python-
pygame-2.6.1-build/BUILDROOT/usr/lib64/python3.11/site-
packages/pygame/tests/surface_test.py", line 342, in test_solarwolf_rle_usage
]



These traceback errors suggest that there are issues with the test functions
`test_copy_rle`, `test_mustlock_surf_alpha_rle`, and `test_solarwolf_rle_usage`
in the `surface_test.py` file. To resolve this issue, you should:



1. Identify the root cause of the traceback errors in each of the functions.
2. Fix the issues found, either by modifying the test functions or correcting
the underlying problem they are testing for.
3. Re-build the RPM package with the updated `surface_test.py` file.



It's also recommended to review the other test failures and skipped steps, as
they might indicate other issues with the package or its dependencies that
should be addressed.

Or if we are building locally, it's possible to run using the installed logdetective command line. But this method is less accurate, because the model used is not smart enough, yet:

$ osc build
[...]
$ osc ld --local-log --repo openSUSE_Tumbleweed
Found local build log: /var/tmp/build-root/openSUSE_Tumbleweed-x86_64/.build.log
🚀 Analyzing local build log: /tmp/tmpuu1sg1q0
INFO:logdetective:Loading model from fedora-copr/Mistral-7B-Instruct-v0.3-GGUF
...

Future plans

1. Adding submit-log functionality to osc-ld-plugin. In-progress. This will make it easier to collaborate with log-detective.com, allowing openSUSE packagers to send new data for model training.
2. Gitea bot. openSUSE development workflow is moving to git, so we can create a bot that comment on Pull Request with packages that fails to build. Something similar to what fedora people have for centos gitlab
3. Add a new tab to log-detective.com website to submit logs directly from OBS

This was an interesting Summer of Code project. I learned a bit about LLM. I think that this project has a lot of potential, this can be integrated in different workflows and an expert LLM can be a great tool to help packagers, summarizing big logs, tagging similar failures, etc.

We have a lot of packages and a lot of data in OBS, so we should start to feed the LLM with this data, and in combination with the fedora project, the log-detective could be a real expert in open source RPM packaging.

Summer is vacation season, at least in Europe, and that usually means nothing seems to move too much. But since there is an exception to every rule, here comes a new Agama version to prove that not even heat can stop Free Software!

Agama 17 represents an important milestone for the Agama project. Taking into account how close the release of SUSE Linux Enterprise 16.0 is, we foresee this version of Agama (or a very similar one) becoming the endorsed installer for that release of SUSE's flagship distribution.

So let's see what's new.

Better representation of wired network connections​

Starting with the web user interface, the page to display and configure a concrete wired interface was heavily reorganized to improve clarity and to correctly represent the situation in which several devices share the connection.

Improvements in the storage user interface​

The page to configure the storage setup was also slightly restructured. The information displayed at the "Installation Devices" section was reorganized with the goal of making its usage more understandable at first sight.

This is just an intermediate step to our envisioned user interface. But that is how goals are reached - one step at a time.

Apart from reorganizing the information, the new user interface offers the possibility to directly use a disk (or a pre-existing RAID device) without creating partitions.

There is also a new option to re-scan the system in case new hardware devices has been plugged in, new logical devices (line RAIDs or LVM volume groups) have been created or the user needs a second chance to enter an encryption password.

Last but not least, the user interface can now detect when an Agama configuration has been loaded affecting the storage setup.

More options at the registration page​

To finish the recap of the main changes at the user interface, we must mention the registration page. Apart from registering the system on the SUSE Customer Center (SCC), now the user interface can be used to register the system on a custom instance of RMT (Repository Mirroring Tool).

Users of such RMTs do not longer need to use a configuration profile or Agama's command-line tools, like in previous versions of the installer.

Skipping SELinux configuration​

The default installations of SUSE Linux Enterprise Server 16.0 and openSUSE Leap 16.0 will use SELinux as the default Linux kernel security module (LSM). But it is possible to adjust the software selection to not install SELinux or to install an alternative LSM (like AppArmor).

Previous versions of Agama did not manage that situation correctly. Agama always enforced the configuration of the default LSM for the product (SELinux in the mentioned cases).

Now the configuration of the LSM is based on the software selection. At the end of the installation process, Agama configures the installed security module. If several ones are installed, Agama configures one of them, with the default one having precedence over the other candidates.

New options in the JSON configuration​

As most of our readers know, the best way to access the full potential of Agama is to use a JSON (or Jsonnet) configuration. That goes far beyond the options offered by the web interface and is the default mechanism to configure unattended installations.

Agama 17 adds the possibility to configure VLAN interfaces. See the following example.

{
  "id":          "vlan10",
  "method4":     "manual",
  "method6":     "disabled",
  "addresses":   ["192.168.1.28/24"],
  "gateway4":    "192.168.1.1",
  "nameservers": ["192.168.1.1"],
  "vlan": {
    "id":     10,
    "parent": "eth0"
  }
}

Now it is also possible to activate zFCP devices by specifying the corresponding section at the JSON configuration, like in this example.

{
  "zfcp": {
    "devices": [
      {
        "channel": "0.0.fa00",
        "wwpn":    "0x500507630300c562",
        "lun":     "0x4010403300000000"
      }
    ]
  }
}

This version also adds more flexibility to define the list of software patterns to be installed. In previous versions, it was only possible to specify a whole list that would replace the default list of optional patterns defined by the product. Now it is possible to ask Agama to modify that list, just adding or removing certain patterns.

{
  "software": {
    "patterns": {
      "remove": ["selinux"],
      "add":    ["apparmor", "gnome"]
    }
  }
}

But sometimes it is Agama that wants to ask something to the user. For example, when it finds an encrypted device and needs the password to inspect its content. If that happens, Agama's user interface can show a dialog for the user to provide the answer. But there are more options to communicate those answers to Agama, like using the command agama questions to load a file containing answers. Agama 17 introduces a third way - the new questions section at the JSON configuration. Again, let's illustrate it with an example.

{
  "questions": {
    "policy": "auto",
    "answers": [
      {
        "class": "storage.luks_activation",
        "password": "nots3cr3t"
      }
    ]
  }
}

Improvements for unattended installation​

Users of the unattended installation will of course benefit from the mentioned new options added to the JSON configuration. But the improvements for automated installations go beyond that.

On the one hand, Agama does not longer proceed silently if it fails to fetch or process a configuration provided via the inst.auto boot argument. Instead, this new version displays an error message asking the user whether or not to retry. If the user decides to not retry, Agama does not start the auto-installation process. This is just a first step in the right direction, in the future Agama will offer better diagnostics and the possibility to specify a new URL.

On the other hand, the new boot arguments inst.auto_insecure and inst.script_insecure allow to disable the SSL checks when fetching the configuration or the installation script for an unattended installation. That simplifies setting up the corresponding infrastructure in controlled environments.

More possibilities to patch the installer​

Traditionally, the (open)SUSE installation process could be modified using RPM packages or a so-called DUD (driver update disk). Despite the name, the possibilities go way further than updating the drivers. A DUD might contain files to be copied to the installation media, scripts to be executed during the process, new or updated packages to be installed, etc. You can learn more at this classic document.

Previous versions of Agama already had some limited compatibility that allowed to patch the installation process. But that compatibility improves a lot with Agama 17.

At Agama, the URL of an update is specified through the boot option inst.dud. As mentioned, an update can be a simple rpm package or a more complex DUD, created with the mkdud tool. You can specify as many updates as you wish. Do not forget the rd.neednet option if you need the network to retrieve the DUD.

inst.dud=http://192.168.122.1/agama.dud rd.neednet

Additionally, the inst.dud_insecure boot argument allows to ignore SSL certificate problems (eg. a self-signed certificate) when fetching updates.

The family grows​

As you know, Agama allows to install different distributions that are called "products" in Agama's jargon. Recently Lubos Kocman contributed a new product definition for openSUSE Leap Micro 6.2. That means you will now find a new option on the initial page that allows to select the distribution to install.

Welcome aboard, Leap Micro!

Web page reorganization​

And last but not least, a news that is not about Agama itself but about the site that hosts this blog. As a first step to extend Agama's documentation, we reorganized agama-project.github.io quite a lot. Check the new additions like the "Get started" and "Guides & HowTos" sections. The second one is at an early stage, but we are already working on growing it with more and more content. Of course, contributions are more than welcome.

As a drawback, many of the links you may have from previous sources may now be broken. We rearranged the content a lot and it was not feasible to define a redirection for every moved piece of information. Sorry about that.

We keep moving​

As mentioned, the upcoming SUSE Linux Enterprise 16.0 will be distributed with the current version of Agama or with a very similar one. But that does not imply Agama development will slow down, quite the opposite. There is still a long road ahead and we will keep implementing fixes and new features that you could always test with our constantly updated testing ISO.

Of course, we will keep you updated on this blog. But if you got questions or want to get involved further, do not hesitate to contact us at the Agama project at GitHub and our #yast channel at Libera.chat.

Have a lot of fun!