The openSUSE Project is pleased to announce its modern lightweight host operating system Leap Micro 5.5 just entered Alpha.

This release brings a host of enhancements and additions that promise to make it an even more versatile and efficient choice for users.

The most visible change is the addition of the settroubleshoot server and its integration with the cockpit-selinux module.

Packages fwupdate and fwupdate-efi for an easy integration of UEFI firmware updates are being added.

Also being added is git, skopio for image manipulation, and podman-docker for emulation of Docker CLI using podman. The QEMU Copy On Write (QCOW) version of the RAW image for both x86_64 and aarch64 is newly available.

Leap Micro does not offer a graphical user interface or desktop version. Users can use Cockpit to manage their host OS through a web browser.

The Alpha is based on SUSE Linux Enterprise (SLE) Micro 5.5 Beta and is built on top of a SLE 15 Service Pack 5 update. Users can expect Leap Micro 5.5 Beta shortly after the SLE Micro 5.5 RC is released in the second half of September 2023. The global availability is planned for the middle of October 2023 together with SLE Micro 5.5 global availability. The schedule is entirely driven by the SLE Micro readiness.

See the roadmap for more details.

Users should know that zypper is not used with Leap Micro, but transactional-update is used instead.

Leap Micro can be used for several compute environments like edge, embedded, and IoT deployments. Developers and professionals can build and scale systems for use in aerospace, telecommunications, automotive, defense, healthcare, hospitality, manufacturing, database, web server, robotics, blockchain, and more.

Users are recommended to view the Release Notes.

Users can submit bug reports here.

Large development teams can add value to their operations by trying Leap Micro and transitioning to SUSE’s SLE Micro for extended maintenance and certification.

To download the ISO image, visit get.opensuse.org.

Find the latest documenation about the release.

The openSUSE Project is pleased to announce its modern lightweight host operating system Leap Micro 5.5 just entered Alpha.

This release brings a host of enhancements and additions that promise to make it an even more versatile and efficient choice for users.

The most visible change is the addition of the settroubleshoot server and its integration with the cockpit-selinux module.

Packages fwupdate and fwupdate-efi for an easy integration of UEFI firmware updates are being added.

Also being added is git, skopio for image manipulation, and podman-docker for emulation of Docker CLI using podman. The QEMU Copy On Write (QCOW) version of the RAW image for both x86_64 and aarch64 is newly available.

Leap Micro does not offer a graphical user interface or desktop version. Users can use Cockpit to manage their host OS through a web browser.

The Alpha is based on SUSE Linux Enterprise (SLE) Micro 5.5 Beta and is built on top of a SLE 15 Service Pack 5 update. Users can expect Leap Micro 5.5 Beta shortly after the SLE Micro 5.5 RC is released in the second half of September 2023. The global availability is planned for the middle of October 2023 together with SLE Micro 5.5 global availability. The schedule is entirely driven by the SLE Micro readiness.

See the roadmap for more details.

Users should know that zypper is not used with Leap Micro, but transactional-update is used instead.

Leap Micro can be used for several compute environments like edge, embedded, and IoT deployments. Developers and professionals can build and scale systems for use in aerospace, telecommunications, automotive, defense, healthcare, hospitality, manufacturing, database, web server, robotics, blockchain, and more.

Users are recommended to view the Release Notes.

Users can submit bug reports here.

Large development teams can add value to their operations by trying Leap Micro and transitioning to SUSE’s SLE Micro for extended maintenance and certification.

To download the ISO image, visit get.opensuse.org.

Find the latest documenation about the release.

OpenObserve has an Elasticsearch compatible API for log ingestion, but syslog-ng is not mentioned in the documentation. My plan was to document how to modify the syslog-ng elasticsearch-http() destination, based on API documentation. However, as it turned out, OpenObserve has a ready to use syslog-ng configuration example in the web UI.

https://www.syslog-ng.com/community/b/blog/posts/sending-logs-to-openobserve-using-syslog-ng

The openSUSE contributor community recently completed a comprehensive survey last week aimed at determining the project’s future direction. The results were obtained from 327 respondents, and it sheds some light on various aspects of openSUSE’s development, deployment and upgrade plans.

A pdf of the survey can be found on the openSUSE Wiki.

The questions and results are as follows:

Identity and Involvement

Question: Which group would you identify yourself with the most?

Interested: 3.98%
User of openSUSE distributions: 41.90%
Contributor to openSUSE distributions: 22.02%
Contributor to the openSUSE Project-wide: 8.87%
No answer: 1.53%
Not completed or Not displayed: 21.71%

Experience in openSUSE

How long have you been involved in openSUSE?

< 6 months: 7.03%
< 2 years: 12.84%
< 5 years: 10.40%
5 years and more: 46.18%
No answer: 1.83%
Not completed or Not displayed: 21.71%

This data demonstrates a significant portion of long-term users and contributors, which is indicative of a dedicated and stable community.

Deployment of openSUSE Leap

Where are you currently deploying openSUSE Leap?

My private server: 32.42%
My private laptop / desktop: 50.15%
My work machine (desktop/laptop): 33.33%
My cloud machines: 14.68%
Not applicable: 13.15%
Not completed or Not displayed: 21.71%

These findings show that openSUSE Leap has a diverse range of use cases, from personal computers to server environments.

Upgrade Preferences for Laptops/Desktops

How often would you like to upgrade to a new version of the openSUSE Leap successor distribution on a laptop or desktop machine?

Weekly: 10.40%
Every 3-6 months: 14.07%
Every 6-12 months: 20.49%
Every 12-18 months: 20.49%
No answer: 12.84%
Not completed or Not displayed: 21.71%

Upgrade Preferences for Servers/Cloud Servers

How often would you like to upgrade to a new version of the openSUSE Leap successor on a Server/Cloud Server?

Weekly: 2.75%
Every 3-6 months: 6.73%
Every 6-12 months: 11.01%
Every 12-18 months: 33.64%
No answer: 24.16%
Not completed or Not displayed: 21.71%

Contributor Preferences

What of the following options do you prefer to contribute your efforts toward?

Linarite: 19.88%
Slowroll: 19.88%
I'd prefer not to contribute to any Leap replacement and just focus on Tumbleweed: 20.80%
No answer: 17.74%
Not completed or Not displayed: 21.71%

Community’s Vision for openSUSE

What of the following overall options would you prefer most for the direction of openSUSE ?

Linarite: 23.85%
Slowroll: 27.83%
I'd prefer no Leap replacement and just focus on Tumbleweed: 17.43%
No answer: 9.17%
Not completed or Not displayed: 21.71%

Laptop/Desktop and Server/Cloud Server Preferences

For laptop/desktop machines:

Which of the following would you prefer for use on a laptop or desktop machine?

Linarite: 18.65%
Slowroll: 23.24%
I'd prefer no Leap replacement and just use Tumbleweed: 33.94%
No answer: 2.45%
Not completed or Not displayed: 21.71%

For server/cloud server machines:

Which of the following would you prefer for use on server or cloud server machine?

Linarite: 28.75%
Slowroll: 31.80%
I'd prefer no Leap replacement and just use Tumbleweed: 15.29%
No answer: 2.45%
Not completed or Not displayed: 21.71%

The results of this comprehensive survey offer a clear snapshot of the openSUSE community’s preferences and priorities, which will undoubtedly influence the project’s future direction.

As an active member of the openSUSE Linux developer community and Chapter Leader for OWASP SP, I am now responsible for maintaining and updating the ModSecurity CRS packages on the openSUSE platform, as well as managing other important packages such as the official ZAP Core. For more information and supporting documentation, please refer to the lin: https://build.opensuse.org/package/view_file/openSUSE:Factory/owasp-modsecurity-crs/owasp-modsecurity-crs.spec

First motivation

The motivation comes from the fact that OWASP ModSecurity Core Rule Set (CRS) v3.3.4 does not detect the presence of several “Content-Type” HTTP header fields. As a result, on some platforms it is possible to cause a CRS installation to process an HTTP request body differently (due to the different content type) than how it would be processed by a backend web application. More information at https://nvd.nist.gov/vuln/detail/CVE-2023-38199.

Version 3.3.5 of CRS was released to address this vulnerability. And so I decided to update the package in the SUSE and openSUSE distribution.

Second motivation

Implementing an effective Web Application Firewall (WAF) is not the sole responsibility of the information security department; it’s a shared duty that we all must take seriously.

Below is a simplified guide for installing ModSecurity for Apache with CRS, stripping away any unnecessary complexity or “black magic.”

After the entire installation, Ricardo Martins (r00t1ng) performed the pentest to ensure the CRS protection features. Thank you!

First install the necessary packages:

# zypper in apache2  apache2-example-page owasp-modsecurity-crs owasp-modsecurity-crs-apache2 apache2-mod_security2

Now with the packages properly installed, add the apache modules:

# a2enmod unique_id
# a2enmod security2

Verify that the /etc/apache2/conf.d/owasp-modsecurity-crs.conf file has the following content:

<IfModule mod_security2.c>
       Include “/etc/owasp-modsecurity-crs/crs-setup.conf”
       Include “/etc/owasp-modsecurity-crs/rules.d/*”
</IfModule>

In your domain’s configuration file, insert the SecRuleEngine line according to the example below:

Now restart apache and READY!

# rcapache2 restart

or

# systemctl restart apache2

Criticisms and suggestions at Cabelo@opensuse.org or alessandro.faria@owasp.org

Join us in this review of ‘What is Linux‘, tracing its evolution, the significance of open source, and SUSE’s role in this journey. From humble origins to future aspirations, we spotlight the challenges and milestones that define Linux’s legacy, rooted firmly in the ethos of open-source collaboration. Table of contents: Introduction to Linux Understanding Open […]

The post What is Linux? appeared first on SUSE Communities.

Dear Tumbleweed users and hackers,

The move of OBS to the new data center has been completed and issues we had seen as a consequence of this are mostly fixed (all in working order, some performance not exactly where it used to be, but in a workable state). Yet, we only managed to release a single, small snapshot during this week: 20230828. Two more made it to QA but had to be discarded for bugs identified which slipped Staging.

Snapshot 0828 was, as mentioned small, and only brought you those changes over 0823:

• clamav 0.109.9
• Java OpenJDK 11.0.20.1
• xfce4-terminal 1.1.0

The next snapshot (0901, should it pass openQA) will bring these changes:

• Mesa 23.1.6
• Mozilla Firefox 117.0
• KDE Gear 23.08.0
• glibc fix for malloc: Enable merging of remainders in memalign, remove bin scanning from memalign
• grub 2.12~rc1
• Linux kernel 6.4.12
• XWayland 23.2.0
• Keylime 7.5.0

Staging projects have been mostly cleared up: These few things are currently being tested:

• Systemd 254.1: We are waiting for 254.2 due to identified performance regressions
• libproxy 0.5.3 (changing from 0.4.18): This is the rewrite maintained by Volkswagen Group
• FMT 10: breaks mariadb boo#1213219 and ceph boo#1213217; help welcome
• libxml2 2.11.x
• Linux kernel 6.5
• Python Sphinx 7.2.4

The rolling release for openSUSE temporarily slowed the frequency of its snapshot release cycle to support the migration efforts and data center move of the Open Build Service from last week.

The release engineer team reported in its weekly meeting that the check in of Tumbleweed builds were intentionally paused so as not put additional stress on the OBS migration that was needed.

The first check-in build happened on Monday, passed openQA and snapshot 20230828 was released to update a half-dozen packages. An update of ImageMagick 7.1.1.15 removed a Common Vulnerability and Exposure patch after it was merged upstream. Some settings for RGBA images were corrected and some image compatibility issues were resolved. An update of clamav 0.103.9 addressed a possible denial of service vulnerability fixing CVE-2023-20197. The update also includes fixes for compiler warnings that may become errors in the Clang 16 compiler. The package for hardware identification and configuration data, hwdata, updated to version 0.373 and brings updates to Peripheral Component Interconnect, USB, and vendor IDs. An update of java-11-openjdk 11.0.20.1 brought an emergency release in response to a regression in the July 2023 update and addresses an issue of an invalid Central Directory Entry header. The wtmpdb package, which is meant to help solve the Y2038 problem, updated to 0.9.1 and includes a fix to a manual page reference and had a correction of the printf format specifier on 32-bit systems. Xfce users will be happy to see an update of xfce4-terminal 1.1.0 that introduces various changes, including allowing passing arguments to custom commands, translating strings in the unsafe paste dialog and improving window synchronization for showing tabs. The package also adds support for kinetic scrolling in VteTerminal and enhances the preferences dialog.

The 20230823 build from last week resulted in a snapshot; this happened before the weekly blog came out, but after the Review of the Week was posted. This snapshot also resulted in a half-dozen packages being updated. A key package to update in the snapshot was php8 8.2.9 that addresses CVE-2023-3824, which the insufficient length checking may lead to a stack buffer overflow, and CVE-2023-3823, which could have lead to the situation where a external XML is parsed with external entities loaded; this could have lead to disclosure of any local files accessible to PHP. The update of gpgme 1.22.0 prevents the wrong plaintext during signature verification and from returning a bad data error instead of a general error. The package also added a couple of patches, had a few new interface changes, various enhancements and fixes. The secure communications library gnutls 3.8.1 added a patch to fix a missing compatibility extension and added support for the RFC 9258 external PSK importer. Other packages to update in the snapshot were apache2-mod_php8 8.2.9, gpgmeqt 1.22.0 and libupnp 1.14.18, which included a fix for a busy loop on a socket error in a miniserver.

A few things are expected to come as new snapshots begin to arrive after slowing down builds due to the migration. According to the release engineer meeting, systemd 254.1 is in the queue, but is currently being blocked due to a performance regression, the glibc performance regression fix might be released in the next snapshot and Linux Kernel 6.5 was submitted and will make its way through passing openQA testing.

We are at the end of the summer and this means that this year Google Summer of code is ending.

The recent changes applied now in the main branch include:

• Remove usage of pkg_resource because it's deprecated.
• Fix elf binary check with ELF files with a prefix.
• New check for python packages with multiple .pyc files for different python versions.
• Improve the testing framework (merged the work done during the GSoC 2023)

Summer of Code 2023 updates

The summer of code is ending and the work done by Afrid was good enough to be merged, so I merged it the past week.

I'm really happy with the work done during the GSoC program, now we've a more simple way to define tests for rpmlint checks mocking the rpm, so it's not always needed to build a fake rpm binary for each new test. This will make a lot easier to create simple tests, so I hope that we can increase the code coverage using this new framework.

During this time Afrid has extended the FakePkg class, so it's possible now to define fake metadata and files with fake tags and attributes. It's not complete and it's not a simple task to replace all the rpm binaries used for tests, because the Pkg class and RPM tags is a complex thing, but the current state allow us to replace a lot of them. Afrid has replaced some of the tests that uses binaries, but in the following months we can continue working on this and replace more.

After this work, we can now start to use more the FakePkg class in tests, so another task that we can do is to provide some common fake pkgs to use in different tests and new checks, so now it's possible to create fake packages with dynamic random data, so we can extend tests with fuzz testing and maybe this will help to improve the tool reliability.

Conclusion

I've participated as mentor several times now in the summer of code, and outreachy, and almost always was a good experience. With the gnome foundation in previous programs and this year with opensuse. These two communities are very open to collaboration and makes the whole process really simple, for me as mentor, and also for the intern.

I want to congratulate Afrid, because it was nice to work with him during this summer, he has done a great work, not just technically, but communicating, asking and finding his own solutions without requiring a continuous guidance.

He is very passionate and looks like a nice person, so I hope that he will continue around the open source, it could be opensuse, rpmlint or any other community, but this kind of people is what you want to find in any community.

After many years collaborating with different free software communities, it's amazing that there are so many great people in every project, of course you can find toxic communities and people, but in my experience, that's usually just noise, there are a lot of nice people out there, doing a great work, and I'm happy that young people like Afrid can be part of the free software movement, because this is what makes the free software great, the people that is working on it.

So Thanks a lot to Google for another summer of code, thanks to SUSE for letting me, and encourage me, to mentor, and thanks to all the free software developers that are out there.

I encourage everyone to participate in this kind of programs, for interns, it's a good opportunity to learn and to make some money working on free software, for mentors it's an opportunity to get some help in your project and help newcomers to be part of the community.

Have a lot of fun!