Certificate Auto Enrollment allows devices to enroll for certificates from Active Directory Certificate Services. As of Samba 4.16, Linux clients can now auto enroll for certificates just like a Windows client.

Samba’s Certificate Auto Enrollment uses the certmonger service to keep track of certificates. It also uses the cepces plugin to certmonger. The sscep command is also used to download the trust chain.

Certificate Auto Enrollment is compatible with both Winbind and SSSD.

Certificate Auto Enrollment is initiated using Samba’s Group Policy client, samba-gpupdate. The Samba wiki has more details on how to setup Group Policy, and how to configure Certificate Auto Enrollment.

The recent release of openSUSE Leap 15.3 has gained some maintenance improvements from a new repository setup.

Maintenance efforts for Leap related to Closing the Leap Gap expands to having three separate repository groups instead of one.

The openSUSE specific package repositories called oss and non-oss repositories changed. While these two repositories contained all the content of Leap 15.2 and older, they now contain only the branding and related setup packages.

The shared PackageHub and openSUSE packages known as the backports repository contains all the packages not in SUSE Linux Enterprise nor in the openSUSE specific packages. Previously, PackageHub was specific to SLE, which duplicated packages between openSUSE and PackageHub; now this single project is shared between both PackageHub and openSUSE Leap 15.3. This single repository will improve the quality of delivering updates and avoid package conflicts like zypper patch for openSUSE Leap 15.3.

There is a single repository with the SLE imported packages that contain the base packages and other packages from SLE. A single channel regenerated through a script will not need to be adjusted manually and will be good for the openSUSE setup in aarch64, s390x, x86_64/i586 and ppc64le architectures.

The first method used to export the SLE imported package repository for Leap was not working well in the current repository system, which led to several dependency issues, package version overlaps and other related instabilities.

Last week, the new export method was deployed using regular SLES module technology. This resolved all the current problems and also made handling and debugging the repository easier for the coordination teams.

The topic recieved various feedback from the Leap retrospective.

Linux audio has been considered a sore-spot with some audiophiles. Personally, I have been very happy with Linux Audio since about 2009 or 2010 or so and enjoyed its continual improvements as the project has matured. The high point for PulseAudio has been the intuitive, input / output switching. The downside has been the latency […]

Episode 30 | Packing up the Vintage - LeoCAD 21.06 - SUSE Academic Program - BDLL Follow Up - openSUSE Corner - Computer History Retrospective on Computer Games (1984) Website - https://CubicleNate.com Mastodon - https://social.tchncs.de/@CubicleNate Twitter - https://twitter.com/CubicleNate YouTube - https://www.youtube.com/channel/UCY6KdxWFOlKaIPand7ROwvw https://open.lbry.com/@cubiclenate:9 Music: "Pixelland" by Kevin MacLeod

Dear Tumbleweed users and hackers,

This week I can’t but hope everybody is safe – at least here in Europe, water keeps falling from the sky. That bad weather has a positive side effect on Tumbleweed though: I prefer hiding inside, doing some Tumbleweed stuff instead of going outside. This has been visible during this week with a full 7 snapshots being published (0708…0714)

The most relevant updates included:

• linux-glibc-devel 5.13
• Linux kernel 5.13.1
• KDE Gear 21.04.3
• KDE Plasma 5.22.3
• vsftpd 3.0.4: Disable TLS prior to v1.2 by default
• grub2 2.0.6
• bluez 5.60
• fmt 8.0.0 together with ceph 16.2.5

Despite all this, the staging projects are not empty at all. You awesome maintainers keep things coming. Currently, we’re testing integration of these parts:

• KDE Frameworks 5.84.0
• Mozilla Firefox 90.0 & Thunderbird 78.12.0
• Mesa 21.1.5
• Linux kernel 5.13.2
• libxcrypt 4.4.23: addition of CRYPT_SALT_METHOD_LEGACY
• meson 0.58.1
• rpmlint 2.0

pasta is a stupid simple pastebin service for self-hosting. I started this project months ago because I was missing an easy, simple and no pain self-hosting solution. This is what pasta is about. You just throw a file at it via it’s archaic web interface, a simple POST request or with its stupid simple CLI tool:

You are being constantly tracked, surreptitiously, through the web. Various sites are tracking you with the intent of selling you products or selling your information. It’s one thing if a website inquires basic information when you are visiting, it is another thing when a website stalks you across the internet. I believe this to be, … Continue reading Ad-Blocking and Why You Should →

Dear Tumbleweed users and hackers,

From the feeling, I probably have to say, the Summer holiday is upon us. Tumbleweed is still rolling of course: it’s not warm enough to have melted our rubber tires to make them sticky glue. During the last week, we have released 5 snapshots (0702, 0703, 0704, 0706, and 0707)

The main changes included:

• sendmail 8.17.0.3
• Mesa 21.1.4
• PHP 7.4.21
• nodejs 16.4.1
• Linux kernel 5.13.0
• NetworkManager 1.32.2
• bluez 5.59
• MOTD (mot of the day) handing moved from login.defs to pam_motd
• Rust 1.53

Changes planned for the next few weeks:

• linux-glibc-devel 5.13
• KDE Gear 21.04.1
• KDE Plasma 5.22.2
• Linux kernel 5.13.1
• libxcrypt 4.4.23: addition of CRYPT_SALT_METHOD_LEGACY; needs a fix in pam
• fmt 8.0.0

I have espoused the glorious wonders of LeoCAD on openSUSE before. This is a fantastic application to work with Lego bricks and components in a virtual, safe for your feet, environment. Building with Lego bricks is a lot of fun, using it virtually can help to refine ideas. Although the title of this post mentions […]

A total of four openSUSE Tumbleweed snapshots have been released since the last update.

Three smaller snapshots, which included a new systemd update, and one large snapshot, which included a bunch of RubyGems updates, provided several upstream packages for rolling release users.

The newest snapshot available for end users was 20210703, which brought just two updated packages. The first package update was made to the data compression library zlib-ng-compat; the update to version 2.0.5 made some minor improvements to small data chunks and fixed an inflate corruption on AArch64. GNU Compiler Collection 11 updated the headbranch and fixed some legacy Fortran code, which is a general-purpose, compiled imperative programming language developed at IBM in the 1950s for numeric computations and scientific computing.

The biggest snapshot was 20210702. The snapshot was mostly filled with RubyGems. Both rubygem-rails 6.0.4 and 5.2.6 were updated. The 6.0.4 version fixed an issue in ActiveSupport::Cache::RedisCacheStore that was not passing options to read_multi, which caused fetch_multi to not work properly. The 4.6.0 rubygem-commander, which bridges terminal related libraries, dropped support for Ruby 2.4 and fixed an error with SortedSet on Ruby 3.0. The patch-level verification package for bundled apps, rubygem-bundler-audit 0.8.0, added several configurations and now supports a --database option for specifying a path to an alternative ruby-advisory-db copy. PipeWire updated to version 0.3.31 and provided some fixes for Advanced Linux Sound Architecture-Library 1.2.5 and Bluetooth now uses a hardware database to disable non-working features on listed devices. GNOME’s IRC app Polari updated to version 40.0, which added Libera.Chat to the predefined networks. Other packages to update in the snapshot were GNOME’s library that is full of GTK+ widgets for mobile phones libhandy 1.2.3, text editor vim 8.2.3075, sendmail 8.17.0.3 and openSUSE’s libstorage-ng 4.4.19 package.

The not so frequently updated systemd package arrived in snapshot 20210701. The move from version to 246.13 to 248.3 brings a new systemd-sysext tool that can be used to merge, unmerge, list, and refresh system extension hierarchies. The new version introduces the concept of system extension images and now allows sysusers configuration files shipped by systemd rpms to be overridden during system installation. The 3.1 sysuser-tools version added dependencies on those greater than or equal to systemd 238 if systemd is installed to sysuser-shadow. YaST jumped a few versions to 4.4.14 and added a RISC-V 64-bit architecture helper. Remote desktop client package remmina 1.4.19 added a process-control to the remmina snapcraft and made some User Interface improvements. Other packages to update in the snapshot were Bluetooth utility package blueberry 1.4.4 and python-gst 1.18.4.

The snapshot that was released just shortly before last week’s update was snapshot 20210629. This snapshot updated four RubyGems packages. These gems included rubygem-virtus 2.0.0, which added a new method and replaced an equalizer with an internal virtus/equalizer, and rubygem-webpacker 5.4.0, which added experimental support for the Yarn 2 package manager. Both rubygem-tzinfo-0 0.3.60 and rubygem-websocket-driver 0.7.5 were also included in the snapshot. KDE package for repetitive strain injury called rsibreak cleaned up the spec file, mirror code and made some translation improvements in the update to 0.12.14; the package helps people take regular breaks from sitting too long in front of a computer.