Dear Tumbleweed users and hackers,

Tumbleweed – full steam ahead! There have been 6 snapshots in the last week, some with quite some changes. The snapshots were 0227, 0228, 0229, 0301, 0303 and 0304.

The changes include:

• Zypper 1.14.34: beware! This version no longer supports abbreviated command line parameters (e.g zypper install --no-r is no longer accepted, you need to spell --no-recommends out)
• GCC 10 is available and provides base libraries to the system
• KDE Plasma 5.18.2
• Linux kernel 5.5.6
• Many changes in various YaST modules
• gimp 2.10.18

The future will bring those changes, sooner or later:

• Python 3.8: The latest fixes should be there. IF nothing new shows up, this will ship next week
• binutils 2.34
• Qt 5.15.0 (currently betas being tested)
• Ruby 2.7 – possibly paired with the removal of Ruby 2.6
• GCC 10 as the default compiler
• Removal of Python 2
• GNU Make 4.3
• RPM: change of database format to ndb

The Contents

After some time of silent work (our previous blog post was published a month ago), the YaST Team is back with some news about the latest development sprint and some Hack Week experiments. Those news include:

• Enabling YaST on the Windows Subsystem for Linux
• Usability improvements for the Online Search, the Partitioner and the Kdump module
• Better control of overridden sysctl configuration values
• Improvements in the default selections of the upcoming SLE 15 SP2 installer
• New features for zSeries mainframes like Secure Boot and I/O devices auto-configuration
• And, as a bonus, a couple of Hack Week projects related to YaST, Ruby and Crystal

So, as you can see, we have a little bit of everything in the menu, from WSL to mainframes, from new features to small usability improvements, from installation to system fine-tuning… So let’s dive into the details!

Improved compatibility with WSL

Have you ever heard about WSL, the Windows Subsystem for Linux? To be honest, before this sprint we haven’t payed much attention to it either. But as both openSUSE Leap and SUSE Linux Enterprise (SLE) are available to Windows users via WSL images and the 15.2 releases of both distributions are approaching, we decided it was time to dive into WSL to research how it works and how can YaST be useful there.

Setting up an (open)SUSE test system inside a WSL environment was a piece of cake thanks to the excellent documentation at the openSUSE Wiki.

Many components of YaST are useless in WSL because not everything can actually be configured from the Linux system itself and because systemd is not available (we are talking exclusively about WSL1 here). But YaST is still very useful for the initial setup of the system when running the (open)SUSE image for the first time. It can be used to setup the first user, to confirm the license and, in the SLE case, also to register the system. The YaST modules for software management can also be very handy to customize the image at any point after that initial setup.

So far, we have done three changes to improve the experience of executing YaST within WSL.

• We increased the speed of the initial boot by removing calls to systemd when it is not available.
• We fixed the registration process for YaST Firstboot.
• We implemented a feature to explicitly mark YaST modules that work in WSL and show only those modules in the YaST control center.

We also documented all our findings about WSL in this document.

As always, we are hungry for feedback. Please reach out to us and tell us what’s your experience using YaST inside WSL and which modules do you miss the most.

Improving the UX of the Online Search

As we announced one month ago, YaST will offer a mechanism to search for packages through all SUSE Linux Enterprise modules, even if they are not registered. This feature, known as package online search, was already available using zypper’s search-packages command or through the SCC web interface.

After gathering some feedback during the sprint review meeting, we decided to invest some time improving the overall UX experience. Perhaps the most relevant change is the new summary screen, which shows the list of modules to activate and packages to install.

Additionally, we improved error handling and, by the way, we fixed the case sensitive filter.

…And the Partitioner as Well

The online search is not the only part of YaST that has received some love in the UX area. We also tried to improve a bit the usability of the Partitioner. In this occasion, based on the feedback coming from our users via openSUSE’s Bugzilla.

On one hand, we got a report about this dialog been too long to properly fit in low screen resolutions.

The result was even worse in a text console with a resolution of 80 columns and 24 lines, which is the minimum size we design all YaST screens to work on.

So we dropped some obsolete options and made others more compact. Now the dialog fits in 24 lines again.

And, as you can see below, it looks also nicer (or at least less overwhelming) in graphical mode as well. It’s worth mentioning we also took the opportunity to fix other related dialogs that had similar problems.

On the other hand, we also got a report about how inconvenient was to always jump to the first tab when a device was selected in the devices tree at the left of the Partitioner, forcing the user to click in the “Partitions” tab (or any other desired one) over and over.

In that regard and as you may remember, a couple of sprints ago we made the overview screen actionable, avoiding the navigation to the device page just to perform a simple action over it. But navigating through the different devices back and forth is still possible and useful. Now such navigation has been improved by remembering the last tab and row selected per section or device whenever possible, which will save you a bunch of clicks when working with multiple devices.

Related to this, we started a public discussion about what should be the default tab the first time a device is visited. Once again, we are looking for opinions. So we would be grateful if you read the thread and contribute to the discussion.

Showing Suggested Values for Kdump Configuration

But the Partitioner was not the only YaST module for which our users pointed usability problems via Bugzilla. After some changes in how Kdump works after the migration from openSUSE Leap 42.3 to 15.0, it turned out that using YaST to re-adjust the values was not as helpful as it should be. YaST Kdump displayed the current size of the memory reservations, as well as the min and max margins. But it did not show the recommended default values for the current system, so if the user has adjusted the limits in the past it was impossible to get an up-to-date proposal from YaST calculated for the current system.

We have adapted the dialog to show those suggested values. As you can see below, we also took the opportunity to extend the help text to explain the meaning of the different values.

Better Control of Overridden Kernel Parameter Values

And talking about YaST pieces we are improving step by step, you may remember from our report of sprint 86 that we are adapting YaST to deal with the new structure of the sysctl configuration.

Up to now YaST has stored sysctl values mainly in /etc/sysctl.conf and /etc/sysctl.d/70-yast.conf. But this reflects only a part of the possibilities for storing those values. The truth is that there are many more locations where these settings can be stored: /run/sysctl.d, /etc/sysctl.d, /usr/local/lib/sysctl.d, /usr/lib/sysctl.d, /lib/sysctl.d, /etc/sysctl.conf…

Now YaST also takes care of these locations and informs the user if there are some conflicting values, as you can see in the following screenshot.

The Default Pre-selected SLE Modules

We have also invested some time smoothing some rough edges off the installation process for the upcoming openSUSE 15.2 and SLE 15 SP2. For example, if you register your SLE 15 product during installation you will see the available modules and extensions in the following dialog. Some of them are by default pre-selected because they either contain the base system components (kernel, glibc,…) or the product specific packages (e.g. GNOME for SLE Desktop).

However, if you skip the registration and use the packages from the DVD medium there were no modules or extension pre-selected. The problem is that the information about the default modules was only available in the SCC data which obviously is not available in an offline installation.

In SLE 15 SP2 we added this extra information to the installer configuration files so now also in an offline installation YaST can preselect the default modules for each product.

Proposing NTP Servers During Installation

And talking about offering sensible defaults for installation, we also improved the situation regarding the configuration of the NTP server. For openSUSE based systems (including Kubic) and a few SUSE products, like CaaSP or SLE High Performance Computing, YaST sets up the NTP daemon during installation. YaST tries to determine which server to use through the DHCP information but, when it is not available, it will propose one from openSUSE and SUSE pools (e.g., n.opensuse.pool.ntp.org where n is a number between 0 and 3).

However, we still were using the novell.pool.ntp.org pool for SUSE based products. During this sprint, we have switched to the suse.pool.ntp.org pool of servers and, additionally, we have refactored some code in order to reduce duplication and improve testability.

Secure Boot Support for IBM zSeries

You may have noticed by the recent sprint reports that we are improving several aspects related to the installation and configuration of zSeries mainframes. This sprint was not an exception… and will certainly not be the last one in that regard.

As a result of that effort, YaST now supports the Secure Boot feature found on the latest zSeries machines. It’s rather similar to the existing UEFI Secure Boot so we took the opportunity to unify the Secure Boot handling found on different architectures.

This means you get this checkbox if your zSeries machine does have Secure Boot support.

In addition, we added a shortcut link on the installation summary screen that lets you enable Secure Boot with just a click.

As mentioned, we took the opportunity to unify the management of Secure Boot in all platforms, so this new shortcut link is also available in x86_64 or aarch64 machines that have UEFI Secure Boot.

Automatic Configuration of I/O Devices in zSeries

And talking about zSeries mainframes, anyone having used Linux in one of those systems know that input/output devices, like disks or network cards, must be configured and activated before they can be detected and used normally by the operating system.

But thanks to the new I/O device auto-configuration mechanism, users can now specify IDs and settings of I/O devices that should be automatically enabled in Linux. We modified the installer to detect such configuration and trigger the corresponding configuration actions, removing the need of manually activating disks and network devices during the installation process.

This is still an experimental feature and we are waiting for feedback to make sure the current implementation works in all the desired scenarios. If everything goes as expected, the feature will debut in SLE 15 SP2.

Hack Week

As said at the beginning of the post, the main reason for spending almost a month without publishing any report was that the whole YaST Team at SUSE was diving into completely different topics due to Hack Week 19, which theme was “Simplify, Modernize and Accelerate”.

There were not many projects related to YaST in this edition of Hack Week, but there are at least two that could be interesting for YaST fans and contributors. Fortunately, we have published reports for both of them in the yast-devel mailing list. So check out the results of “Learn Crystal by Porting Part of YaST to that Language” and “YaST Logs Analyzer“.

More to come

Now that we are back to our usual development pace, we should have more news about YaST development in a couple of weeks. The plan is to focus on fixing bugs for the upcoming releases of openSUSE Leap and SUSE Enterprise Linux, but we are pretty sure we will still find interesting bits of information for you.

Meanwhile, keep in touch through the usual channels and have a lot of fun!

A total of five openSUSE Tumbleweed snapshots were released this week that provided updates for YaST, KDE’s Long Term Support version of Plasma and the open source printing system CUPS.

The latest snapshot, 20200301, updated a few libraries like libstorage-ng, which updated to version 4.2.65; the low-level storage library’s newer version added support for btrfs RAID1C, added being and end functions to ProbeCallbacks, and updated translations. The update of libyui to 3.9.3 removed obsolete RPM group tags. A check to make sure the network is working before starting the initialization scripts was made with the autoyast2 4.2.28 update. Support was added for IBM’s S390 secure boot with the yast2-firstboot package update. The update of yast2 4.2.67 made a change to show capable modules in the control center for Windows Subsystem for Linux and a jump from yast2-network 4.2.47 to 4.2.58 added a class to represent NTP servers. The snapshot is currently trending at a stable rating of 98, according to the Tumbleweed snapshot reviewer.

The KDE community provided multiple package updates in the Plasma 5.18.2 version, which arrived in snapshot 20200229. The libkscreen2 package in the 5.18.2 version fixed a kwayland bug and it will wait longer for a connection timeout and retry. There were also a handful of fixes for Flatpak in KDE’s application and addon package discover. Packet analyzer Wireshark 3.2.2 made some Common Vulnerabilities and Exposure fixes for wireless broadband communication for LTE and WiMax crashes as well as a CVE fix for WireGuard. The XFS file system had its first minor version update in the snapshot from xfsprogs 5.0.0 to 5.4.0, which provided multiple fixes, refactoring and a removal of unnecessary functions, and the 0.85.4 sysconfig package created a symlink, in ypbind, that allows for the bots to work properly. The snapshot is trending at a stable rating of 95, according to the Tumbleweed snapshot reviewer.

The cross-distro package AppStream, which is used for enhancing the metadata about software components, updated to 0.12.10 in snapshot 20200228 and it provides a few patches in the update; one of which restores compatibility with GLib. KDE’s music app Amarok fixed the loading of lyrics from lyrics.wikia.com. The search entry and exit behaviour were improved in the 3.34.0 gnome-characters update and krb5 1.18 removed support for single-DES encryption. The snapshot is also trending at a stable rating of 98,

Snapshot 20200227 updated dracut tool and added a warning when including unsupported modules and added Peripheral Component Interconnect (PCI) host controller modules. The Linux Kernel was also updated to version 5.5.6 in the snapshot, which included some Device Tree Source (DTS) fixes for dwmmc clock in a couple Rockchip products. The snapshot is trending at a stable rating of 97.

The snapshot from 20200226 had quite a few important package updates for users like ImageMagick 7.0.9.25 that adapt a change in command-line options in the SVG Inkscape delegate. Mozilla Firefox 73.0.1 fixed an unexpected exit when leaving Print Preview mode and resolved problems when connecting to the Royal Bank of Canada website (for those of you wanting to check out a cool game made on the Bank of Canada’s website, click on spin the $10 bill multiple times and see what happens). The cups-filters 1.27.1 package added support for Chinese/Japanese/Korean (CJK) fonts. The wayland 1.18.0 added an Application Programming Interface (API) to tag proxy objects to allow applications and toolkits to share the same Wayland connection. Other package updates in the snapshot were made to text editor vim , xen, mariadb 10.4.12, gegl 0.4.22 and ibus 1.5.22. The snapshot recorded a stable rating of 93.

GNU Compiler Collection 10 should arrive in the next Tumbleweed snapshot and it will be used as a library provider but not as the default compiler yet.

Here is my personal hardware & software stack. The things I use and enjoy on a daily basis since a long time. The software is pretty much the standard in Free Software development stack. Don't expect to find anything you don't know here. I write this because people keep asking me, especially in mentoring situations.

Operating System: openSUSE Tumbleweed

It's my Linux of choice. Why? Because it's the German Engineering version of Linux: Long heritage, a certain kind of stiffness and it's super tidy. The rolling nature of Tumbleweed gives me the stability and the velocity I need. It brings all the standard Linux tools through a kick ass package manager (zypper). And it embodies what makes the Free Software eco system great: software diversity. openSUSE tries very hard to treat all software as first class citizen of the distribution.

Okay I admit it, I have been involved in making this Linux distribution for decades. So take this as pure bragging on my part. What it also means for me is that it's super easy to "scratch my itch" a.k.a. understand things, fix bugs, implement features and find the right people to poke. I can only recommend this to you, find a Linux home, help to maintain it and make it your own.

Desktop Environment: GNOME

The thing I like most about GNOME is that it get's out of my way. It's restraint, simplistic, straight forward. And yet, if I want to do a thing I have never done before, it'll have an opinion on how to do it. I also dig the esthetics, I think I actually switched to it because it's soo damn beautiful to look at.

GNOME 3 Desktop by gnome.org

Shell: zsh

Well, any shell. I couldn't live without all those glorious one-liners like for i in *; do echo mv $i `echo $i |sed 's/.rb/_spec.rb/'`; done or history | awk '{print $2}' | sort | uniq -c | sort -nr |head -n 20. Utilizing all those programs that do only one thing, but one thing well. cp, mv, echo, grep, cat, awk, sed, find, head, tail, curl, test, sleep and so on and so on. What a wonderful chest of lego bricks, ready for you to plug together your own world. Also, I literally grew up in bash. It was shell scripting that introduced me to software development. And I will forever be fascinated by it, despite all the sneeze from the more sophisticated languages. Shell scripting is messy, raw, dangerous. Shell scripting is beautifully punk!

Browser: Mozilla Firefox

I think, not counting the Linux kernel, Firefox is the only piece of software I used all my life (if you think of netscape communicator as ancestor). It's because the single most important quality of Firefox is progress. Tabs, add-ons, session restore, firebug, sync, mobile version and now built in privacy. Mozilla has been steadily pushing it's flagship product forward. It might not always be the first to market, it might not always be perfect from the start but it is always moving forward relentlessly. That is a rare quality. We all should pray that Mozilla continues this despite the google browser monopoly. BTW how the flying f**k is that monopoly OK with 65% of you? Don't you remember any computing history? </rant>

Source Code Management: git

In the meanwhile all projects I contribute to use git. I like git for being the right amount of clever CLI. That opens the pager only in the right moment, corrects me if I typo or let's me extend it, just by nameing a command git-diff-to-deploy. And I really dig the file based approach which means that I can often recover my idiot mistakes by nervously mocking around in .git. It shows that the people maintaining this are seriously dog-fooding their own product day in and day out.

Source Code Collaboration: github

With github I have a love-hate relationship. I admire the idea, the product and many of the people who build it. I build a tool in the same space of the industry (developer tooling) using the same technology (Ruby on Rails) and github people set the gold standard in collaboration workflows since years. I only humbly follow their set out examples.

But I really don't like them riding and emphasizing the network effect. And I flat out hate that such a large piece of software in my stack is closed source. Quite frankly I do not understand how anyone at Microsoft can justify to their mirror that github is not Free Software. It's not like anyone will ever be able to take any business away from github.com which value is the number of people using it. As you can see with me and my projects, that ship has sailed a long time ago. Why do you have to deny me my software freedoms if I can't use them to hurt you in any way?

I am a Ruby on Rails developer, I know a thing or two about collaborating on software. I want to send a pull-requests fixing gripes or missing functionality I have with github itself. Why the hell can't I do that? Why do people have to resort to write browser extensions to be able to collaborate on github functionality. This is insane! </rant>

Mailer: Mozilla Thunderbird

Thunderbird is the only piece of software in this list I'm not very passionate about. It helps me reading, finding and writing mail from my four imap accounts in one single interface. It does so better than any mail user agent, web mailer or mobile app I have tried so far. Yet I have the feeling there should be something better. Can't seem to find it though, despite really searching. Guess Churchill was right: Thunderbird is the worst MUA, except for all the others.

Editor: Visual Studio Code and vim

I fire up vim when I need to do a quick script, jog down a note, edit configuration files or for a quick fix. Visual Studio Code is what I use for deep dive bug fixes or feature development. About vim I like most the raw power that comes with it. Doing something like gqaw or v<end>~ is gold. But I have a problem with vim: I easily remember a small set of things for a long time, but I have not much capacity to remember 50 keyboad shortcuts forever ¯\_(ツ)_/¯ That's why I need a user interface that guides me and offers me a place to search visually for what I want to do. CTRL+p+fold level+click is exactly that.

Visual Studio Code by Henne Vogelsang licensed CC BY 4.0

Containers: docker & docker-compose

I'm hacking a bunch of different software projects on a daily basis. I need them compartmentalized so I can build, start/stop and destroy them at will. Without each of them compromising the other, or my system, with their gazillion dependencies, services and side cars.

Linux containers are the most efficient way to do this for me. As I'm not super interested in architectural intricacies of container runtimes and a frequent visitor of doineedkubernetes.com, I'm kind of habituated to docker and docker-compose. Investing a day or two into building a development environment that you can set up, run, suspend and tear down at will is hacker magic! Mounting your local file system into it, so your can shell around and use whatever editor you want is 🤯

Laptop: Dell XPS 13 (9380)

I work from at least two different places during the day. My office, meeting room, home office etc. That's why I dig this powerful 13" laptop you can swing around with ease. It also features a nice enough keyboard, can be charged via USB-C (power bank ready) and you can even be buy it with (the wrong) Linux preloaded! What more can you ask from hardware?

Keyboard: Ducky One 2 Horizon TKL

Guess if you're an old fart like me you just need something that feels a bit like a model M keyboard. But please without the nicotine stained look. This ducky quacks for me at the office where I plug in my laptop into a docking station.

Ducky One 2 Horizon TKL duckychannel.com.tw

That's what I consistently make use of during the day, nothing spectacular right? Of course not, those things are about getting shit done! Not about impressing you, sport! 😜

The results of the openSUSE Board election were published on 1 February 2020. The community welcomed Sarah Julia Kriesch and Simon Lees as they started their new term.

However, ten days later, Sarah stepped down, leaving a vacant seat on the board. Under such circumstance and the board election rules, the sitting board may appoint someone until the next board election.

On 27 February 2020, openSUSE Chairman Gerald Pfeifer, announced the appointment of Vinzenz Vietzke as board member. His appointment was unanimously supported by the Board and the openSUSE Election Officials.

The appointment of Vinzenz, aka Vinz, on the Board was welcomed by the community.

The universe is full of captivating, compelling and exquisite things. The internet, the most complete representation of humanity, is no different in that regard. Both are vast, seemingly endless and full of places you should know about. Let me share content that has moved me, in some way, in the last month. February was mostly inter-personal stuff like ethics, hiring or collaborating remote. Enjoy.

YubiKey 5C Nano a product by yubico

Some collegue of mine mentioned andOTP and good Free Software citizen I am, moved all of my 2FA to it. Doing so made me think of checking support for hardware security modules on Linux again. Ordered this YubiKey, now I'm off 2FA with my phone and just touch my laptop when asked. Thanks WebAuthn! One of those "Why they heck did I not do this earlier?" moments.

A student guide for navigating ethical issues in the tech industry by Mozilla

I have no idea why Mozilla says this is for students? Clearly this is for everybody! Be it people considering going into the tech industry (like students), people already in it or even people who just want to know what it going on in this cesspool.

Especially if you are in this industry already: Read this, think about it, talk about it with your peers, dive deeper into this topic. Do this so you can help to save the environment you probably planed to work the rest of your life in. Ethics help them who help themselves!

git sparse-checkout a post by Derrick Stolee

An experimental git command that allows you to checkout one or more sub-directories of a repo. Primarily meant for monorepos with gazillion of projects in it. But I think this could also turn out to be usefull for other situations. Like skipping large infrequently used directories etc. Check it out!

The 2020 State of Remote Work a survey by Buffer.com

No real shockers this year, the concept of distributed teams is humming along. One thing I find interesting about this is how much the top challenges are also the top challenges of (larger) Free Software communities. If you reach a certain size your community fractures because people start their own communication neighborhoods. Mailing lists, forums, IRC etc. Each group get's enough information about the community (mostly from wanderers between the neighborhoods) so they feel they don't miss out. Yet, some important things fall through the cracks. Frequent cries for unification of groups are either ignored or end up in XKCD#927. In the end, you just live with it and realize that you can't streamline a large amount of people to this degree.

And I think loneliness is also at the root of many of the problems that Free Software communities face. Especially I suspect this to be the top reason for contributor churn. You can't vent at the time you're angry about something in the code base. You don't have anyone to share your joy with, at the time you finally feel confident enough to open this super cool feature pull request. You have to context switch to something else because no one is around at the time you need to know why this code behaves like it behaves. Those situations are just a little less fulfilling than they are if you're together with people. And this will bite at your willingness to continue, one at a time. And that's how you can eat an elephant.

Often I'd wish we would not have been such punks in the Free Software movement. That we instead collectively focused some of the time and energy we've spend on creating software on figuring out what happened to us and between us. We made collaboration among free equals into a viable option to be creative. But we were to lazy to write the documentation how to organize people doing it...

The Horrifically Dystopian World of Software Engineering Interviews a post by Jared Nelsen

One persons odyssey through many of the ridicolous hiring practices in play today. And the best analysis of why this is like it is I have read to today.

We are being consumed by our own mythology. We all know algorithm challenges are a contrived game. Why are we measuring people and not learning about people?

I start to feel bad for the nail, as much as this hits it on the head. Or as Chelsea puts it “Smart” is Not a Hiring Criterion.

Tools I found interesting

• flameshot · A screenshot tool
• scc · Fastest LOC counter possible
• Browser Lazy Load · Coming to a browser near you <img src="image.png" loading="lazy">
• Git Command Explorer · Interactive git documentation
• explorabl.es · A hub for learning through play!
• hackertyper · A neat way to show non-nerds what you do for a living
• capycorder · Generating capybara request specs by clicking in your browser

Talks I enjoyed

• Compassionate—Yet Candid—Code Reviews by April Wensel
• Salary Negotiation Workshop by Josh Doody
• Implementing a Strong Code-Review Culture by Derek Prior
• Single-Vendor Open Source Firms by Prof. Dr. Dirk Riehle
• Vom Ich zum Wir by maha and Kai Biermann

Neat stuff! Hope some of it makes you think/act in new ways, as it has me.

Dear Tumbleweed users and hackers,

During this week we released 4 snapshots (0220, 0222, 0224 and 0226) – an average week from that perspective, yet there have been some interesting and well-awaited updates in these snapshots:

• zsh 5.8
• Mesa 19.3.4 & Mesa 20.0
• libcap 2.32
• GNOME 3.34.4
• KDE Plasma 5.18.1
• LLVM 6 has been removed from the repository
• ncurses 6.2
• Linux kernel 5.5.5
• Mozilla Firefox 73.0.1: it will now launch in Wayland mode inside a Wayland session
• MariaDB 10.4.12

Despite all those things happenings, stagings are still – or again – filled up:

• Zypper 1.14.34: beware! This version no longer supports abbreviated command line parameters (e.g zypper in --no-r is no longer accepted)
• KDE Plasma 5.18.2
• Qt 5.15.0 (currently betas being tested)
• Ruby 2.7 – possibly paired with the removal of Ruby 2.6
• GCC 10
• Python 3.8 (unchanged, awaiting the fix for salt)
• Removal of Python 2
• GNU Make 4.3
• RPM: change of database format to ndb

Please find a 2021 update below and furtherdown a comment from 2024!

Some companies offer their employees to access their corporate computer work space remotely using a remote desktop connection. The company Citrix provides software for such a connection. To connect, the employees need the software Citrix Workspace on their terminal devices. The company provides on their download page also files for Linux including openSUSE. Unfortunately, their version 1912 from 12 December 2019 did not just work on my openSUSE Tumbleweed 64bit computer (and earlier versions I tried neither).

Segmentation Fault and Missing Libraries

First, I tried to install the software package from the vendor.

1. I downloaded the SuSE Full Package (Self-Service Support) Citrix Workspace app for Linux (x86_64) in version 1912 from 12 December 2019.
2. zypper in ICAClient-suse-19.12.0.19-0.x86_64.rpm
3. I logged into a corporate page, open a connection configuration file (*.ica) and nothing happened. So I assumed the application may have crashed. I downloaded the file and opened it in the terminal to see more.
4. /usr/lib64/ICAClient/wfica -icaroot /opt/Citrix/ICAClient configuration-file.ica
5. The app opened shortly and crashed then with the error message segmentation fault (core dumped)

Then, I tried to install somebody’s own software package. Note that this requires trust or a review of the package.

1. I downloaded the ICAClient from https://download.opensuse.org/repositories/home:/enzokiel/openSUSE_15.2_Update/x86_64/ for openSUSE 15.2 Update x86_64 (hence, not Tumbleweed).
2. I installed the package despite the missing library libcrypto.so.1.0.0.
3. I found the missing library openssl 1.0.0 and installed it.

Afterwards, the application did not segfault any longer. However, it produced an error due to a missing certificate from the GlobalSign Root CA.

1. So I went to Firefox, went to the Privacy and Security tab in the Preferences, and clicked on “View Certificates”.
2. I exported the GlobalSign Root CA certificate to e.g. /tmp. There is more than one. Look for the one in the tree GlobalSign nv-sa.
3. Then, the certificate needs to be put into the certificate folder of Citrix Workspace. For the sofware package I use, this is /usr/lib64/ICAClient/keystore/cacerts. Navigate in the terminal to this folder and copy the certificate file in it. Then use chown root:root [file.crt] and chmod 444 [file.crt] to adapt file ownership and properties.

Afterwards, Citrix Workspace worked for me. If I have too much time, I will try to use the vendor package and see if I still get the segfault considering that I have now openssl 1.0.0 installed.

Exchanging Data between Citrix Host and Citrix Client

There are two options to get data from your host OS to your Citrix client:

1. Clipboard: Copy’n’paste of text from the host to the client is suppoted on Linux. It did not work for me with files.
2. Mapping client devices: folders from the host can be mapped in the client as distinct drives. This is very useful to exchange files between host and client. To configure this option, launch from the startmenu “Citrix Receiver (configmgr)”. Alternatively, the tool can be launched from the command line with /usr/lib64/ICAClient/util/configmgr -icaroot /usr/lib64/ICAClient. In the tool, mappings are configured in the tab file access.

Update 2021

At some point, the setup broke due to an expiring SSL certificate I believe. After some time trying, I ended up with the following easy setup:

1. deinstall the outdated version: zypper rm ICAClient
2. go to https://www.citrix.com/downloads/workspace-app/linux/workspace-app-for-linux-latest.html and downoad the rpm. In my case it was ICAClient-suse-21.1.0.14-0.x86_64.rpm
3. install the rpm with e.g. zypper install [your folder]/ICAClient-suse-21.1.0.14-0.x86_64.rpm
4. try to open a file. In my case, I got a “SSL error 61” (see Citrix help)
5. I renamed the Citrix cacert storage: mv /opt/Citrix/ICAClient/keystore/cacerts{,~}
6. I linked in the system storage: ln -sv /etc/ssl/certs /opt/Citrix/ICAClient/keystore/cacerts

This did the trick!

References

• https://kenfallon.com/citrix-ssl-error-61-globalsign-root-ca/ with a tip on how to install the missing certificate
• https://docs.citrix.com/en-us/receiver/windows/current-release/optimize/map-client-devices.html with explanations on device mapping for Windows