Over the past week I worked on merging the atk and at-spi2-atk repositories into at-spi2-core. A quick reminder of what they do:

• at-spi2-core: Has the XML definitions of the DBus interfaces for accessibility — what lets a random widget identify itself as having a Button role, or what lets a random text field to expose its current text contents to a screen reader. Also has the "registry daemon", which is the daemon that multiplexes applications to screen readers or other accessibility technologies. Also has the libatspi library, which is a hand-written binding to the DBus interfaces, and which is used by...

• at-spi2-atk: Translates the ATK API into calls to libatspi, to effectively make ATK talk DBus to the registry daemon. This is because...

• atk: is mostly just a bunch of GObject-based interfaces that programs can implement to make themselves accessible. GTK3, LibreOffice, and Mozilla use it. They haven't yet done like GTK4 or Qt5, which use the DBus interfaces directly and thus avoid a lot of wrappers and conversions.

Why merge the repositories?

at-spi2-core's DBus interfaces, the way the registry daemon works, atk's interfaces and their glue in at-spi2-atk via libatspi... all of these are tightly coupled. You can't make a change in the libatspi API without changing at-spi2-atk, and a change in the DBus interfaces really has to ripple down to everything, but keeping things as separate repositories makes it hard to keep them in sync.

I am still in the process of learning how the accessibility code works, and my strategy to learn a code base, besides reading code while taking notes, is to do a little exploratory refactoring.

However, when I did a little refactoring of bit of at-spi2-core's code, the tests that would let me see if that refactoring is correct were in another repository! This is old code, written before unit tests in C were doable in a convenient fashion, so it would take a lot more refactoring to get it to a unit-testable state. I need end-to-end tests instead...

... and it is at-spi2-atk that has the end-to-end tests for all the accessibility middleware, not at-spi2-core, which is the module I was working on. At-spi2-atk is the repository that has tests like this:

• Create a mock accessible application ("my_app").
• Create a mock accessibility technology ("my_screen_reader").
• See if the things transferred from the first one to the second one make sense, thus testing the middleware.

By merging the three repositories, and adding a code coverage report for the test suite, we can add a test, change some code, look at the coverage report, and see if the test really exercised the code that we changed.

Changes for distributions

Please see the announcement on discourse.gnome.org.

That coverage report is not accessible!

Indeed, it is pretty terrible. Lcov's genhtml tool creates a giant <pre>, with things like the execution count for each line just delimited with a <span>. Example of lcov's HTML.

(Librsvg's coverage report is pretty terrible as well; grcov's HTML output is a bunch of color-coded <div>. Example of grcov's HTML.)

Does anyone know code coverage tools that generate accessible output?

Members of SUSE and openSUSE have deleloped several Work Groups (WG) to discuss the formation of the Adaptable Linux Platform. Below readers can see the latest brief from the various WGs involved in the open-source project.

The System Management WG has been progressing with the branding of Cockpit. They have been experimenting with attempts to containerize it; though outside of a possible chance to use wormholing, it doesn’t look promising. They do continue to add functionality to YaST in cointainers at a good pace.

The ALP Virtualization team has taken some technical decisions regarding support, etc. In their first technical meetings regarding VMs inside of containers, some work was done looking for the best approach and blocking points.

In the Build Service Next-Generation WG, the initial feedback shows little interest in a git-based packaging approach. Software as a Service options via git hosting continue to be very expensive, though on-premises options should be considered. A self-hosted Gitea appears to be the best option so far, while the current discussions for Large-File-Storing-in-Git have been paused at this time.

The Components delivery & lifecycle WG’s goal is to find an alternative way to ship packages with different lifecycles. With this in mind, the group has been gathering input on RHEL’s modularity, in order to compare and learn what they can from them.

The Confidential Computing WG has been collecting information to determine where they want to be in the long term, and what can be achieved in a given period of time. This allows them to establish a timeline within Confidential Computing to support upstream projects in their endeavors.

The Container Management Frontend WG strongly favors Podman for it’s systemd integration, potentialy allowing for services-as-containers and RPM-delivered services. Docker may be required as well, along with Rancher and nerdctl/containerd embedded with their products. The group would appreciate feedback on the technology decision from other WGs, as so far there was none.

The Container Easy Deployment and Installation WG has been discussing problem space and preliminary research into quadlet and systemd portable services, etc.

The Community WG has drafted a communications plan and identified topics that are relevant to the current state of the project. Weekly meetings have been established and publish minutes are available at https://etherpad.opensuse.org/p/weeklymeeting. Group encourages all other WG to make public updates on their own, and recomemends YaST team as a role model.

The Deployment/Management Framework WG is looking to identify and decide on which configuration and management tool will be the next generation. The two current options looking best to meet customers needs and integrate into the rest of SUSE’s products look to be SALT and Ansible.

The Desktop WG is looking into a remote-Wayland-based remote desktop with a focus on a headless GNOME solution. Other discussions are focused on lightweight windows managers and desktops without Xorg, containerizing the GNOME core stack, and Nvidia open source kernel modules in Wayland.

The Documentation WG is starting to update the look and feel of the documentation pages for better navigation.

The Data Processing Unit (DPU) Integration team is looking into ongoing business and technical discussions with Dell.

Full-disk encryption experts are looking to use LUKS2 for TPM-auto unlocking (on systems which support it) and to design simple and secure, yet easy to use encrypted systems.

The High Performance Computing WG is participating in multiple community projects to develop and enhance a state-of-the-art deployment systems.

The Installation and Deployment WG is discussing an evolution of the traditional installer, including modularity to make it more useful. There may also be an option to create customized images on the fly for deployment.

The Kernel and Live Patching team is currently busy with the launch of Userspace Live Patching.

Kernel Performance Testing has kicked off with a focus on defining the scope and setup during biweekly calls and a mailing list for furthing discussions.

Qualiting Engineering assigned representatives to most other workgroups and planned a kicked off a meeting and created a slack channel.

Security Framework WG has benn constitued and held a kick off call. Discussions are being held on how to make a smooth switch from AppArmor to SELinux and how to prepare for it.

The Telemetry WG has been collecting data needed to summarize requirements to measure subscriptions.

There will be several discussions at the openSUSE Conference the next couple days. People interested in ALP news and WGs can register for the conference and watch the discussions online.

Red Hat Enterprise Linux 9 became generally available recently. Version 3.35 of syslog-ng has been part of EPEL 9 (the semi-official extra software repo for RHEL maintained by Fedora packagers) for a while and now I enabled a few more destination drivers. I also enabled RHEL 9 support in my unofficial Git snapshot packages, so I can support RHEL 9 together with other RHEL and Fedora versions on the next syslog-ng release.

You can read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/rhel-9-syslog-ng-news

There are situations where you cannot avoid giving a user full shell access through sudo. A shell with administrative privileges gives complete control over your hosts. Until recently, sudo could only log the start of the shell, not the commands executed within it. You could record sessions with sudo, but watching recordings is boring, time consuming and can still be subverted. Version 1.9.8 introduced logging of sub-commands, but that is not yet available on many systems. An alternate approach is to use auditd to log commands started from a root shell.

From this blog you will learn how to use auditd to log commands from a sudo-run root shell, why it is better to use the sub-command logging built into recent sudo releases, and why you should still record sessions with sudo.

You can read the rest of my blog at https://www.sudo.ws/posts/2022/05/looking-inside-sudo-shell-sessions-auditd-session-recordings-log_subcmds/

As the title says, SailfishOS has just recently added official support for the Sony Xperia 10iii. This is great news to anyone in search of an alternative to Android or iPhone. You can read more on the Jolla blog.

You can buy the image for EUR 49,90 in the Jolla webshop and you can find installation instructions for Linux, MS Windows and Mac here.

In case you didn’t already know, SailfishOS is a proper GNU/Linux based mobile operating system developed by the company Jolla in Finland. It’s the continuation of Maemo/MeeGo developed by Nokia so to speak, and it even makes use of some openSUSE technologies such as zypper and Open Build Service. It includes an Android runtime that allows you to run most Android apps.

You can also install SailfishOS on older Sony Xperia models (10ii, 10, XA2, X). Personally I intend to stick with my XA2 Plus for now, even if the 10iii is very tempting.

Snapshots for openSUSE Tumbleweed have been continuously released this month. This week we will look at packages released in four snapshots since Friday.

However, before venturing in to those snapshots, there is a change to NetworkManager expected to arrive in a soon-to-be-released snapshot; it will provide a fix for the wifi chunk changes made in a prior snapshot that caused some connectivity challenges for some users. The advantages of snapper with Btrfs can keep openSUSE’s rolling release users connected through a rollback; users can then update next week and not skip a beat.

The most recent snapshot, 20220523, provided three package updates. Among those were an update to secure communications library gnutls 3.7.5; the package was laying the ground for a future release by adding options to disable session ticket usage in TLS 1.2 because it does not provide forward confidentiality; TLS 1.2 has future backward incompatibility. The other two packages to update in the snapshot were libxkbcommon 1.4.1 and python-sympy 1.10.1, which removed the long deprecated densearith, densesolve, and densetools.

Mesa 22.1.0 arrived in snapshot 20220522. The 3D graphics library included some new features like support for Intel’s Alchemist DG2 platform, Vulkan 1.3 support to Lavapipe, and Kopper interface backports for the Zink. An update of aws-cli 1.24.4 added an optional DeploymentResult field in the responses of GetStageDeploymentIntegrationTests and ListStageDeploymentIntegrationTests Application Programming Interfaces. The release also added support for a human readable alert. An update was made to gtk3 3.24.34, which updated translations and fixed the build issues with GNU Compiler Collection 12. Photo manager shotwell 0.30.16 fixed an issue with dark mode wallpapers and an import and video from a Sony A7C camera. Other packages to update in the snapshot were iptables 1.8.8, yast2-network 4.5.2 and more.

The first minor update was made to Mozilla Firefox 100 in snapshot 20220521. The update took care of two Common Vulnerabilities and Exposures, which were CVE-2022-1802 and CVE-2022-1529, and the web browser also fixed an issue with subtitles in the Picture-in-Picture mode while using Netflix. The 5.17.9 Linux Kernel update fixed a potential theoretical leak in the open-source driver for Nvidia cards, Nouveau. There was also a fix for a potential memory leak with s390.

The update of ImageMagick 7.1.0.35 arrived in snapshot 20220520. The image editor removed some special dolor deduction and fixed a temporary file leak. Sandboxing tool bubblewrap 0.6.2 made changes to the installation directory and to allow compilation with an older glibc. GNOME’s character map gucharmap 14.0.3 improved Korean Hanja pronunciation properties and enabled alphabetical sorting of the Unicode blocks. Other packages to update in the snapshot were a few libraries, yast2-packager 4.5.4 and orca 42.1, which made some changes to the handling of WebKitGtk’s toolkit name casing, so older versions of orca continue to work with newer versions of the WebKit rendering engine.

Terraform and kiwi

Setting up a slurm cluster for testing purpose is always time consuming and error prone. Especially if just some smaller changes in the configuration have to be tested.

In order to automate this, I have written a small test setup based on kiwi and terraform.

The kiwi part builds one image and bakes in the slurm.conf and a proper shared nfs /home. As all nodes boot from the same image the munge key, which is generated at install time, is the same.

So all configuration files are in the right place.

The network configuration is managed with the terraform configuration and with DHCLIENT_SET_HOSTNAME="yes" in the file /etc/sysconfig/network/dhcp the dhpd name is the FQDN.

Usage

The terraform providers have to be installed with

sudo terraform init

Now you can build a image with

./build-image.sh leap15.4

With the image the cluster can be started with

sudo terraform apply -var="image=/var/tmp/leap15.4-current/Leap-15.4_appliance.x86_64-1.15.3.qcow2"

Quiet easy?

Customization

The individual configurations for the images are in their directories. E.g. the configuration for the openSUSE Leap 15.4 image is the file leap15.4/config.xml.

The configuration of the services comes from the files in the assets/ directory, but as the distribution directory is copied over this directory during the image build process, e.g. a distribution specific slurm.conf would resided in tw/root/etc/slurm/slurm.conf.

We are happy to announce the new Kraft version 0.98 that is available for download.

Kraft is software for the Linux desktop to handle quotes and invoices in the small business.

This is a version packed with bugfixes and also new features. The most important fixes were in the area of the catalog handling: Based on bug reports from the community the catalog window was completely reworked. Drag and drop of items in the catalog, the sorting and reordering of items are now working properly and as planned.

Another big addition is the support of . XRechnung is an E-invoicing format more and more mandatory in the governmental area in Germany. We are very proud that Kraft is the first open source office tool that supports that standard in a user friendly way. All invoices can now also exported in the XRechnung-XML format.

Beside these two big improvements, there are lots of others. For example, the user manual was further improved and is available also in Dutch. A lot of other smaller but non the less important improvements and fixes make version 0.98 a valueable release.

We wish a lot of fun with this new improved version of Kraft!