We realized that, apart from the blog post presenting our D-Installer project, we have not reported any YaST activity during 2022 here in our blog. Since we are in the Beta phase of the development of SUSE Linux Enterprise 15-SP4 (which will also be the base for openSUSE Leap 15.4) we are quite focused on helping to diagnose and fix the problems found by the intensive and extensive tests done by SUSE QA department, partners and customers. We know that’s not the part of our job our audience wants to read about… and to be honest is not the part we enjoy writing about either.

Fortunately, two months after our latest regular report, we have some interesting more bits to share.

New YaST Features

While debugging and fixing issues we also found time to implement quite some interesting changes and new features in YaST. Let’s quickly go through a summary.

• Improvements in the way YaST handles the activation of encrypted devices.
• Better integration of NFS management in the Partitioner.
• Usability and speed enhancements for DASD formatting on S/390 systems.
• Support for GRUB2 password protection in AutoYaST (check the recently extended documentation for more information).
• Better handling of the errors found analyzing storage devices.
• Adapted the keyboard layouts used by YaST.
• Support for selecting during installation the desired Linux Security Module (note the screenshots on that pull request are not fully up-to-date and do not exactly reflect the current user interface).
• Improvements in how the _netdev mount option is handled for remote file-systems. Including changes in the general handling and the new warning in the Partitioner.
• Adapted YaST to be compliant with the inclusive naming initiative. This implies changes in different parts of YaST, like this, this, this or this.
• Definition of specific per-product schemas to validate the AutoYaST profiles.
• Integration of the package yast2-firstboot-wsl into yast2-firstboot.
• Adjusted creation of snapshots in YaST for transactional systems like MicroOS.
• New capability for roles and products to specify a default timeout for the boot-loader configuration.
• Support for switching themes.
• Adapted handling of network configuration if iBFT (iSCSI Boot Firmware Table) is used during installation.

We also found time to implement some internal changes that, even though they don’t have a direct impact on final users, may be interesting for the more technical audience like people who usually debug or develop YaST:

• Better ways to manually test yast2-storage and debug storage-related issues.
• Usage of RSpec verifying doubles and better YaST module mocking. See this announcement in the yast-devel mailing list.

Progress on D-Installer

As you all know from our previous blog post mentioned above, we are also working on a side project codenamed D-Installer, as our main YaST duties permit. We want to turn our initial proof of concept into something that you can actually try, so the team is working on a few topics at the same time.

On the one hand, we are redefining our D-Bus API thinking about how it should look like in the future. As a side effect, Martin is improving the ruby-dbus library to support a few features that we need, like better support for D-Bus properties.

On the other hand, we are redesigning the user interface. Although we have not implemented the new design, you can see the approach we would like to follow in our mock-ups. :-)

More to Come

As you can see, we have been quite busy lately and we plan to remain so. The bright side is that both YaST and D-Installer will keep evolving at a good pace. The not-so-bright one is that we are not sure when we will be able to blog again. But we promise we will try to recover the biweekly cadence. Meanwhile do as we do and have a lot of fun!

The openSUSE community has opened the call for papers for a summit that will be held in conjunction with Open Source Conference Albania (OSCAL) 2022.

People can submit a talk for the openSUSE Summit at OSCAL 2022 from now until April 26 on events.opensuse.org.

OSCAL will take place from June 18 and 19 in Tirana, Albania, and will gather free (libre) open source technology users, developers, academics, governmental agencies and people who share the idea that software should be free and open for people to study, develop and customize. The conference is organized by Open Labs, which is a non-profit community that promotes the importance of an open source culture in Albania since 2012.

The openSUSE Summit at OSCAL 2022 will take place on one day of OSCAL and people are encouraged to submit a talk about openSUSE and open source. There are two talks that can be submitted for the summit. One is a short talk with a 10-minute limit and the other is a normal talk with a 30-minute limit.

The summit will be a hybrid event, so people can submit talks for presentation at the event or submit a talk and do it virtually if they are unable to travel to Albania.

Some attendees who want to travel to the conference and summit may be required to apply for a visa. If an attendee requires visa approval, they can email nafie.shehu (at) gmail.com to assist with an invitation to the conference. All attendees traveling to the conference/summit require the following:

• have a valid passport;
• have enough money for each day of their stay;
• be able to demonstrate the purpose of your stay to border officials;
• pose no threat to public order, national security or international relations.

For more information, visit Albania’s Federal Foreign Office website.

The motivation of this post is to demonstrate how easy and logical is the workflow of an upstream change in a project to a given SUSE Linux codestream. I try to write this post in a codestream agnostic way. As I have experienced the workflow from the package maintainer point of view is the same for SUSE:SLE-15:Update and for openSUSE:Factory.

What I want to do

It all starts with a Bugzilla case. For the sake of this exercise I will walk through the process with this bug report: https://bugzilla.suse.com/show_bug.cgi?id=1195126 I use this case because it was a fairly simple, straight forward issue. It is a CVE-2022-0351: vim: uncontrolled recursion in eval7(). This is a Common Vulnerabilities and Exposures (CVE) what means that somebody has found and published an information-security vulnerabilities and exposures. By classification it is an important issue and as a package maintainer it is not my role to re-evaluate if the issue represents serious threat or not. My goal is to figure out if I can reproduce the issue and if I can find a fix for it.

Dear Tumbleweed users and hackers,

This week, the major news is a glibc update to version 2.35. This was surprisingly smooth (so far) compared to earlier version updates. Let’s all cross our fingers for this to stay the way it is. In total, Tumbleweed has seen 6 new snapshots during this week (0210, 0212, 0213, 0214, 0215, and 0216).

The major changes in these snapshots were:

• Mozilla Firefox 97.0
• GStreamer 1.18.6
• Mesa 21.3.6
• Linux kernel 5.16.8, with full drm support in earlyboot; this will be disabled again with kernel 5.16.10
• NetworkManager 1.34.0
• gnome-shell and mutter 41.4
• Glibc 2.35 (Snapshot 0216)

The future, near and far, will bring these changes to Tumbleweed (and of course more, which we have no tests in staging going on yet):

• KDE Plasma 5.24.1 (Snapshot 0217+)
• KDE Frameworks 5.91
• Linux kernel 5.16.10, simpedrm disabled again: too many issues reported
• systemd packaging changes: systemd-sysvinit will be renamed to systemd-sysvcompat: most users won’t need it (sysv support is minimized anyway, and Tumbleweed no longer ships any sysv init script)
• Python 3.6 interpreter will be removed (We have roughly 75 python36-FOO packages left)
• Python 3.10 as the distro default interpreter (a bit down the line)
• GCC 12 introduction has started to be as ready as possible for when the upstream release happens.

openSUSE’s rolling release Tumbleweed has produced five snapshots since our last review.

Snapshots 20220215, 20220214, 20220213, 20220212 and 20220210 updated several tools, libraries and clients this week.

The latest snapshot, 20220215, updated a couple Python Package Index and RubyGem packages. The package that generates profile reports from pandas DataFrame fixed almost a dozen regressions and reverted a performance speedup to fix a precision regression. The RubyGem package rubygem-faraday, which is an HTTP/REST Application Programming Interfaces client library, updated to a major new version from 1.3.0 to 2.1.0; the package added several new features like backport authorization process, improved documentation and added a policy on inclusive language. Data compression package lzip 1.23 reduced compression times by 5 to 12 percent depending on the file. Text editor vim 8.2.4375 fixed a few crashes and a couple of those involved FuncRef. An update of yast2-trans 84.87.20220211 added new pot files for storage, dns-server, nfs and s390.

Snapshot 20220214 updated six packages. Flatpak 1.12.5 now detects and removes left-over data from /var/lib/flatpak/appstream and a fix was made with a display bug in Flatpak history; it does not set up an unnecessary polkit agent for flatpak’s history. An update of gnome-maps 41.4 provided some translations and fixed build issues with Meson 0.60. The update of NetworkManager 1.34.0 had multiple additions for Meson builds requirements. The updated NetworkManager also split out NetworkManager-pppoe, which is needed to configure regular PPPoE connections; the changelog states that it’s not very common since most users have PPPoE routers for the DSL connections.

Internet Relay Chat client hexchat 2.16.1 updated in snapshot 20220213 and received build fixes with OpenSSL 3. The IRC client also fixed Python scripts not being opened as UTF-8. The 4.6.1 GTK4 package has a new API for text shaping engine HarfBuzz and the toolkit also fixes support for the new high-contrast setting with Wayland. The glib2 2.70.4 version updated translations and fixed a memory leak. Another packages to update in the snapshot was yast2-installation 4.4.40, which fixed some issue running with Qt 5.15.

Mesa 21.3.6 was among the many packages updated in snapshot 20220212. The update fixed a flickering with Intel UHD Graphic 620 and had some Wayland fixes with added modifiers for RGB formats. Apparmor 3.0.4 fixed a build error that could cause AppArmor builds to fail during tests in some build environments. The kernel security module also fixed log parsing for socklogd and added support in utils for new and future Python versions. With gnome-software 41.4, translations for Japanese and Icelandic languages were updated. Other GNOME packages to update were gnome-autoar 0.4.3, evolution 3.42.4 and gnome-documents 3.34.0+37, which the changelog states is the final version of gnome-documents as it is now archived. Identity management package sssd 2.6.3 fixed some critical regressions that prevented authentication of users via AD and IPA providers. There were some typo fixes and new tests added with the btrfsprogs 5.16.1 update. Other packages to update in the snapshot were nano 6.1, pango 1.50.4, Linux Kernel 5.16.8 and several YaST packages.

Snapshot 20220210 was released last week and brought ImageMagick 7.1.0.23. The image editor had a couple fixes for the minor version and one of those fixed an errant check, which increased memory and slowed down the tool. The newest Mozilla Firefox version, 97.0, was updated and it had a change that removed support for directly generating PostScript for printing on Linux. Printing to PostScript printers still remains a supported option, however. There was some code cleanup with the newest harfbuzz 3.3.2 upgrade and it reverted splitting of pair positioning values introduced in 3.3.0; the previous version in Tumbleweed was 3.2.0. The 1.18.6 version of GStreamer fixed an object leak for a plugin feature and the input-selector now uses the proper segments when cleaning cached buffers. Other packages to update in the snapshot were remmina 1.4.24, squid 5.4, webkit2gtk3 2.34.5 and many others.

Introduction

As openEuler also uses Redhat Anaconda as its OS installer, we can use Kickstart for Automatic Installation. However, the guides provided in the previous documentation officially are not straightforward enough for Linux newbies who tend to use virtual machines for installation. So in this blog, I’m going to show you how to perform openEuler 20.03 LTS SP3 Kickstart Automatic Installation on VMware Workstation with only a single ISO file referring to the CentOS Kickstart Installations Documentation.

Steps

Create the Kickstart file

Copy the following code into a file named ks.cfg at somewhere on your computer.

#version=DEVEL
# Use graphical install
graphical


%packages
@^minimal-environment
@standard

%end

# Keyboard layouts
keyboard --xlayouts='cn'
# System language
lang zh_CN.UTF-8

# Network information
network  --bootproto=dhcp --device=ens160 --onboot=off --ipv6=auto --activate
network  --hostname=localhost.localdomain

# Use CDROM installation media
cdrom

# Run the Setup Agent on first boot
firstboot --enable
# System services
services --enabled="chronyd"

ignoredisk --only-use=nvme0n1
autopart
# Partition clearing information
clearpart --none --initlabel

# System timezone
timezone Asia/Shanghai --utc

# Root password
rootpw openeuler
user --groups=wheel --name=openeuler --password=openeuler --gecos="openEuler"

%addon com_redhat_kdump --disable --reserve-mb='128'

%end

%anaconda
pwpolicy root --minlen=8 --minquality=1 --strict --nochanges --notempty
pwpolicy user --minlen=8 --minquality=1 --strict --nochanges --emptyok
pwpolicy luks --minlen=8 --minquality=1 --strict --nochanges --notempty
%end

The above Kickstart file will set Chinese as the default language, and set the root password to openeuler, with an additional account name and password both openeuler.

If you want to create your own Kickstart file, you can firstly perform a manual installation you would like, after successfully installing and logging into the system, get the generated Kickstart file that corresponds to the manual installation just performed at /root/anaconda-ks.cfg, rename it to ks.cfg.

Generate the ISO file

• If you are on Linux, run mkisofs for ISO generation:

cd <the folder where you store your ks.cfg>
mkisofs -JR -V OEMDRV -o auto-installation.iso ks.cfg

• If you are on Windows, you can use UltraISO for ISO generation:

1. open UltraISO, click on the New button, rename the disk into OEMDRV.

2. Press F3 to add file ks.cfg into the ISO, then click on the Save button to save the ISO file as auto-installation.iso.

Configure the Virtual Machine

Please first create the virtual machine on VMware Workstation for openEuler 20.03 LTS SP3. If you don’t know how to do this, please refer to the VMware Workstation documentation or related blogs as there’re already many tutorials that exist.

1. In the Virtual Machine’s tab, click on the Edit virtual machine settings.
2. On the prompted Virtual Machine Settings window, click on the Add... button.
3. On the prompted Add Hardware Wizard dialogue, choose CD/DVD Drive, click on the Finish button.

4. Then for the newly added CD/DVD Device, choose Use ISO image file:, and click on the Browse... button to select the ISO file auto-installation.iso just created in the last step, finally click on the OK button.

At last, start your virtual machine and enjoy Kickstart automatic installation!

General availability of Elasticsearch 8 was announced last week. There were quite a few rumors that it will break compatibility with third party tools. I tested it as soon as I had a little time: I am happy to share that anything I tested with the elasticsearch-http() destination of syslog-ng still seems to work perfectly well with the latest version of Elasticsearch.

You can read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/elasticsearch-8-and-syslog-ng

poetry is (yet another) python packaging and dependency management system. In this blog post I’m gonna describe how I am working with poetry repositories within VS Codium, the freely licensed variant of VS Code.

Those who follow me on LinkedIn might have seen an automatic post about my work anniversary. Well, almost nothing of that post is true, but I still consider it to be my real starting date. However, the official date is also impressive: 11.5 years, almost three times the industry average spent at the same workplace.

So, why do I say that the LinkedIn post is not true? Well, because all its major facts are wrong. In reality, the 12 years as open source evangelist at One Identity means that:

• I started at Balabit, a Hungarian company. One Identity was born only seven years later, and bought Balabit a year later.
• I started as a QA engineer for syslog-ng. My open source evangelist job was born only two weeks later, when I resigned from my QA engineer job.
• My current full-time job started only half a year later.

Still, I consider myself to be a part of Balabit (now One Identity Hungary) for 12 years now. I started 12 years ago as a QA engineer. At that time working remotely was not that commonplace as it is now. I had to travel four hours (two hours to and from the office) each and every day. I loved my job, but still it was too much. So, after two weeks I handed in my resignation. Side note: these two weeks were the only period in my whole life when I worked in an office…

It was a Friday afternoon at the end of February. Balázs Scheidler, founder of Balabit and my line manager in the syslog-ng team told me: “Peter. It took you three difficult interviews to get into Balabit. It’s not that easy to escape from here either. I understand your concerns. However, by Monday, when we can do the paperwork, I’ll have another job for you.”. He kept his word: I quit Balabit, but I had a new job as an external consultant: working on syslog-ng Open Source Edition tasks which I could do remotely. Half a year later, I started to work on syslog-ng full time from the comfort of my home. I was the first remote worker at Balabit.

Balabit was acquired by One Identity in 2018. It turned out that sudo maintainer, Todd Miller, became my colleague through the acquisition. Until that – just like most sysadmins – I considered sudo to be just a simple prefix for administrative commands. But then I took a closer look at sudo, and I learned that it’s a lot more: session recording, plugins, LDAP support, and many more. And soon I was spreading the word about the lesser-known features of sudo.

12 years are a lot and I’m bombarded with job offers almost every day. With 20+ years of sysadmin experience, I could easily find something better paying, especially if I accepted one of the many offers I receive from banks. However, my current job is a lot more interesting and a lot more fun than managing systems. I am the public face, evangelist of a well-known open source software developed in Hungary, and for one of the best known security utilities in the Linux / UNIX world. As far as I know, it’s a completely unique position here in Hungary!