This year I started publishing a syslog-ng tutorial series both on my blog and on YouTube: https://peter.czanik.hu/posts/syslog-ng-tutorial-toc/ And while the series was praised as the best possible introduction to syslog-ng, viewers also mentioned that one interesting element is missing from it: namely, it does not tell users how to develop a syslog-ng configuration.

So, in this blog, learn how to develop a syslog-ng configuration from the ground up! I will explain not just the end result, but also the process and the steps to take to develop a configuration. It starts with a single source and destination, then concludes with a conditional log path and sending parsed and enriched logs to Elasticsearch (or a compatible document store).

You can read it at https://www.syslog-ng.com/community/b/blog/posts/developing-a-syslog-ng-configuration

Dear Tumbleweed users and hackers,

As announced on various channels, OBS services have been moved to a new location on new hardware. So the last check-in we could do was on Wednesday, building, and QA done before the move yesterday and then publishing it. As we managed to get the timing pretty right (which was more based on luck than anything else; timings for build and QA are only very rough estimates) we managed to publish 6 snapshots since the last review. At the moment, we do not yet have a new snapshot building, as the service migration seems to have left a few services in limbo – e.g. openQA is, up to the moment of this writing, not able to sync snapshots from OBS. So we rather slow down than risk sending out untested stuff.

The six snapshots (0817, 0818, 0819, 0821, 0822, and 0823) delivered during the last week brought you these changes:

• Mozilla Firefox 116.0.3
• OpenVPN 2.6.6
• Shadow 4.14.0
• KDE Frameworks 5.109.0
• Linux kernel 6.4.11
• LibreOffice 7.6.0.3
• GnuTLS 3.8.1
• gpgme 1.22.0
• PHP 8.2.9

As we are not building a new snapshot at the moment, the staging projects are getting filled up. We surely hope to be able to clean that up soon. The queue currently contains:

• KDE Gear 23.08.0
• Systemd 254.1: We are waiting for 254.2 due to identified performance regressions
• Keylime 7.5.0
• glibc fix for malloc: Enable merging of remainders in memalign, remove bin scanning from memalign
• libproxy 0.5.3 (changing from 0.4.18): This is the rewrite maintained by Volkswagen Group
• FMT 10: breaks mariadb boo#1213219 and ceph boo#1213217; help welcome
• libxml2 2.11.x
• doxygen 1.9.7 – breaks wxPython build

This week’s openSUSE Tumbleweed snapshot updates remained steady and small other than the release of KDE Frameworks 5.109.0 in one of the snapshots.

Daily snapshots were released this week other than the exception of one.

The refreshable braille display package snapshot brltty 6.6 updated in snapshot 20230822, the introduced patches and updated the Application Programming Interface to enhance the BrlAPI service. The update addresses compatibility issues with Cython 3.0 to resolve a crash related to object finalization APIs. An update to libreoffice 7.6.0.3 brought several enhancements to include a convenient Page Number Wizard and improvements in paragraph style. The character properties from .DOCX to .ODT filename extensions were retained, and a new citation handling feature was introduced. Calc spreadsheet had fixes for conditional border color export, added support for drawing styles for shapes and comments and improved formula input. There were some enhancements for fontwork and improvement to the navigation panel for presentations with Impress and Draw. An update to the yast2-trans package update had Latvian and Catalan language updates via Weblate.

Snapshot 20230821 had two weeks worth of updates bringing in kernel-firmware 20230814. This update included various enhancements and additions to include updates for the AMDgpu Display MicroController Unit B’s for different Application-Specific Integrated Circuits (ASICs), cirrus firmware for HP G11 models, and updates to Mellanox and RTL chipsets. The library that helps create and query binary XML blobs, libxmlb updated to version 0.3.13 and brought optimizations and improvements for content type detection like using indexes for binding values and bringing faster queries through inlining machine internals. The rebootmgr 2.1 package introduced support for the systemctl soft-reboot command and fixed the spec description. The rubygem-moneta 1.6.0 package saw numerous changes, including support for Rails 6.1 and above. This package also drops support for Ruby versions 2.3 and 2.4 while adding support for version 3. A few more packages updated in the snapshot including sysvinit 3.08, libfprint 1.94.6 and others.

KDE Frameworks 5.109.0 arrived in snapshot 20230819 along with one other package. An update of the file indexing and file search framework for KDE’s Plasma, known as Baloo, had some significant improvements; this includes additions to sorting order options in BalooSearch, a reduction of file-system dependencies in multiple tests, and it had the removal of the proxy for the obsolete org.kde.baloo interface, which streamlines the codebase and promotes a more maintainable system. KIO introduces improvements for utilizing switcheroo-control to locate discrete GPUs for enhanced functionality. Changes were also made for KFileWidget to better handle absolute URL cases and extract URLs using targetUrl. Kirigami provided a change in the Navigation Tab Bar to address a bug and the framework package had enhancements to ensure uppercase initials are consistently used. With KTextEditor changes were made for completion feature so that only the starting characters of items are matched. The package also addressed an issue with erratic cursor movement. The other package to update in the snapshot was the kernel module VirtualBox, virtualbox-kmp; the update includes crucial fixes to address issues related to flexible arrays in Linux Kernel versions 6.5. The fix was implemented to address breakage and address concerns highlighted in issues boo#1212761 and boo#1214391.

The 2.6.6 openvpn version arrived in snapshot 20230818, which addressed a typographical error in the LIBCAPNG_CFALGS configuration. The update enhances error messages for tls-crypt-v2 client authentication failures and improves IPv6 route handling on Android. Several other enhancements were made like better unit test handling. The web browser Mozilla Firefox resolved some issues in the 116.0.3 update. The update fixes a problem that impacts origin private file system (OPFS) users; this restores access to files that had been cached locally in a previous version. The update also addresses a screen sharing issue on Wayland and fixes a hang that occurs when conducting a Google search. An update was made to python-numpy 1.25.2, which upgrades build dependencies, and shadow 4.14.0, which introduces new options such as enable-logind and --prefix for various commands. A few other packages were updated.

The snapshot kicking off the week was 20230817. This snapshot had a 9.18.18 bind update. A notable change includes a behavior update where if a primary server for a zone responds to an Start of Authority (SOA) query but the subsequent TCP connection required to transfer the zone is refused or timed out, the server is marked as temporarily unreachable, which prevents excessive queuing of zones on unreachable servers and expedites the refresh process. Another package to update in the snapshot was the system’s time clock synchronisation package chrony 4.4, which introduces support for multiple refclocks using the extpps option and adds the maxpoll option to the hwtimestamp directive. Other packages to update were libzypp 17.31.19, which addresses build compatibility with the Clang compiler, gnome-bluetooth 42.6, less 643 and more.

Even if most people ask me to compare systemd-journald vs. syslog-ng, I would say that they complement each other. Systemd-journald excels at collecting local log messages, including those of various system services. The focus of syslog-ng is on central log collection and forwarding the logs to a wide variety of destinations after processing and filtering. Combining the two gives you the most flexibility.

Read more at https://www.syslog-ng.com/community/b/blog/posts/systemd-journald-vs-syslog-ng

People using certain openSUSE services and tools will experience an interruption starting August 24 at 16:00 UTC since a significant shift will happen for the Open Build Service.

The entire openSUSE OBS system is moving to a new data center and will be running on new hardware when it comes back online the following day.

After the migration process, there might be some troubleshooting delays as the generic build system gets a new home and build service engineers manage disruptions.

The initial phase of moving to the new data center involves a temporary shutdown of all services. This interval will facilitate the synchronization of file modifications to the new data center, and services are expected to resume on August 25.

A range of services will experience temporary downtime during this migration phase. These include:

• amqp.opensuse.org
• api.opensuse.org
• build.opensuse.org
• rabbit.opensuse.org
• registry.opensuse.org
• software.opensuse.org
• obs-debug.opensuse.org
• obs-grafana.opensuse.org
• obs-measure.opensuse.org
• obs-telegraf.opensuse.org
• errbit.opensuse.org
• glitchtip.opensuse.org
• gs-stats.opensuse.org
• gs-stats-stage.opensuse.org
• obs-analyze.opensuse.org

In a response to the notification, an important note was made that several Continuous Integration systems reliant on images with registry.opensuse.org will experience failures unless cached versions are utilized.

Efforts are being made to minimize inconveniences and setting up a temporary server to offer commonly downloaded images during this period is not feasible. Users can still access the latest Tumbleweed and Leap base containers from the Docker Hub. These images can be found at:

Tumbleweed: https://hub.docker.com/r/opensuse/tumbleweed
Leap: https://hub.docker.com/r/opensuse/leap

Please be aware that the usual pull rate limits on Docker Hub will apply to these images.

The temporary downtime and image unavailability is a necessary step toward a more robust and efficient system. People can get updates on the restoration of services and the resumption of normal operations at buildservice mailing list.

After almost five months without blogging we are back to confirm the YaST Team is still alive and kicking! Among many other things, we have been working lately on several internal aspects of Agama, the project previously known as D-Installer. And since SUSE is publishing an early preview of the first ALP-based product that will be released next year, we decided it was time to put a new version of Agama out, so you can use it to take a look to ALP Dolomite from a different angle.

Background​

In case you already got lost, let us give you some context.

What is ALP? The SUSE Adaptable Linux Platform is the base for future operating systems developed by SUSE.

What is SUSE ALP Dolomite? It's the codename of what will be the first operating system based on ALP. It's intended to be a minimal OS where software is managed in transactions and applications are containerized. So it will be close in spirit to SLE Micro. ALP Dolomite Milestone3 (the latest preview version) is available as a set of bootable images you can just grab, boot and enjoy. Unless you have any reason to prefer a "classical" installation process. That's where Agama comes into play.

What about Agama? As you hopefully already know, it's a new Linux installer that re-uses many of the YaST internals but offers a more modern web-based user interface and mechanisms for third-party integration. When finished (is still under heavy development) it will be able to install many operating systems like openSUSE Tumbleweed or ALP-based systems. If you need more details, you can (re)-watch out presentation from the recent openSUSE Conference 2023.

And D-Installer? Is just the previous name of Agama. No mysteries here.

Getting the testing Live ISO​

As mentioned, it has been more than four months since the announcement of Agama 0.8. It was still called D-Installer back then! Although we follow a continuous delivery process in which you can always try the daily changes, we decided it was time to publish and announce a new version. And after D-Installer 0.8 it comes... Agama 3! 😉 As you can see we decided to change the versioning schema and go for a plain single number: 1, 2, 3, etc. However, if we need to release a hot-fix we might use a dotted version like 3.1.

You can get a glance at Agama 3 by downloading any of the two flavors (openSUSE and ALP) of the Agama testing ISO. Feel free to ignore the "Playwright" variants unless you are interested in automated testing.

Remember those ISO images are not intended as the final installation media for future releases of openSUSE or ALP-based operating systems, but only as a vehicle to check the current status of Agama.

The main goal of the openSUSE flavor is to test the installation of openSUSE Tumbleweed, although it can also be used to install a very early prototype of a future Leap distribution based on ALP. The ALP flavor allows to install the prototype of ALP Dolomite (Milestone3 at the time of writing, so not even a beta version yet).

What's new​

There are several differences in Agama 3, when compared with versions previously announced or showed at conferences.

The first thing you will notice is that the images are available in four different architectures: x86_64, aarch64, s390x and ppc64le. And that's actually the first news, since D-Installer 0.8 didn't come with a PowerPC version.

Regarding the usage, there are some visible changes in the storage section, with a more informative screen to select the target device, a better overview of the file systems that will be created and the possibility to adjust the sizes of those partitions or LVM logical volumes.

Also related to the selection of target devices, now it's possible to interactively configure zFCP devices, in addition to the options to configure DASD and iSCSI that were already available in previous versions of Agama.

Error reporting in the web interface has also improved, including the new page to summarize all found issues that is described on this pull request.

The command line interface also received several enhancement with better error reporting and improved visualization of the installation progress. Not to mention the possibility of configuring the network from the command line and during unattended installation, something that was in the past only possible using the web interface.

Last but not least, there are many changes under the hood that result in a slightly lower memory consumption and better logging of the D-Bus service, which helps to debug errors reported by our much appreciated early adopters. We even got some nice contributions to improve the internals of the web interface. Thanks Balsa!

More to come​

We keep working to improve Agama on several areas, as our other duties and responsibilities permit. We hope to have news soon about internationalization support and improvements in both unattended installation and storage configuration.

Meanwhile we appreciate all opinions and feedback. As always, you can reach the YaST Team at the YaST Development mailing list and our #yast channel at Libera.chat. Have a lot of fun!

Dear Tumbleweed users and hackers,

Since the last weekly review, we have ‘only’ delivered six snapshots (0811…0816). Snapshot 0817 is still hanging in QA and is thus not part of today’s review.

The most relevant changes delivered in the aforementioned snapshots are:

• Node.JS 20.5.1
• Meson 1.2.1
• Python 3.11, configured for PEP-0668 (externally managed system tree)
• Mozilla Firefox 116.0.2
• NetworkManager 1.44.0
• glibc 2.38: rebuild mode of OBS was changed from ‘local’ (only build packages with changes) to ‘direct’ (rebuild based on dependencies) which resulted in a larger snapshot but with packages leveraging the new features of glibc 2.38
• Systemd 253.8
• GTK 4.12.0
• PostgreSQL 15.4

Things currently in QA, either as part of a new snapshot or staged, include:

• Linux kernel 6.4.11
• KDE Frameworks 5.109.0
• Systemd 254.1
• Mozilla Firefox 116.0.3
• Shadow 4.14.0
• FMT 10: breaks mariadb boo#1213219 and ceph boo#1213217; help welcome
• libxml2 2.11.x
• doxygen 1.9.7 – breaks wxPython build

This week’s openSUSE Tumbleweed snapshots were steady and there were no large updates.

While updating openSUSE rolling release once a week could result in a larger update, daily updates throughout this week would have meant smaller updates each day.

The latest snapshot is 20230816. This snapshot fixes compiler-warnings with the ncurses 6.4.20230812 update. This package had some patches added and improved manpages for wgetnstr() and wget_wnstr(). There was also an update for a tool to read manpages with the man 2.11.2 update. This manual tool package introduces security enhancements by replacing $ characters in page names with ? when constructing less prompts, along with other improvements like handling database entries for links better and reorganizing databases for reproducibility. The visual file manager mc 4.8.30 update now supports using Perl Compatible Regular Expressions 2 library as a search engine, and it improves the extfs helpers and patchfs. The yast2-installation 4.6.7 update had a change that addresses a specific issue requiring the presence of the awk utility for use in startup scripts.

Snapshot 20230815 fixes a crash with the 389-ds update. The 2.4.0~git74.4297d88 version for the device memory project brings ongoing efforts to test and improve the multiple listening thread feature. The update gtk4 4.12.0 has some new features for list widgets and an always-ask property in the GtkFileLauncher. The inspector tool provides more information in the accessibility tab. The ndctl 78 update brings improvements in CXL (Compute Express Link) support and some patches were removed. Security vulnerabilities were addressed with the postgresql15 15.4 update, including CVE-2023-39417, which prevents the substitution of certain characters into extension scripts that could lead to security issues, and CVE-2023-39418, which ensures proper enforcement of row security policies. The package also adjusted the International Components for Unicode handling to prepare for PostgreSQL 16. The yast2-trans updated the POT files for Georgian, Slovak, Japanese, Czech and Dutch. Several Python Package Index packages were also updated.

Snapshot 20230814 had just one package update. The python-Pygments 2.16.1 update improved some documentation and provides guides on creating terminal code highlighting commands and loading TrueType fonts to the ImageFormatter for formatting highlighted code as images. The Python library also has a new syntax highlighter for various programming languages and formats.

Similarly, snapshot 20230813 also featured an update for a single package. Binding package python-pyzmq 25.1.1 had some compatibility changes with Cython 0.29.35 for building Python 3.12 wheels, which no longer requires Cython 3. The package also improved error messages, added Cython as a build-time dependency and cleaned up the Socket.poll() method used to check the status of ZeroMQ sockets in a non-blocking manner.

Snapshot 20230812 provided a major update of a web browser. Mozilla Firefox 116.0.2 was primarily targeted at enhancing performance and functionality. The major version release provided several Common Vulnerability and Exposure fixes to include those including a memory bugs, a stack buffer overflow vulnerability and a potential for permissions requests to be bypass via clickjacking has been eliminated. One new feature is the sidebar switcher, which allows users to access Bookmarks, History and Synced Tabs panels easily. The NetworkManager 1.44.0 update brings a significant enhancement by introducing a new link setting that is designed to hold properties related to the kernel link, including parameters, and it now supports sending a DHCPv6 prefix delegation hint through the ipv6.dhcp-pd-hint connection property. Catfish 4.18.0, the Xfce file searching tool, brings performance improvements that enhance user experience, making it smoother and more responsive. The package also allows for more refined and specific searches based on different categories of files. An update of glibc 2.38 introduces the strlcpy and strlcat functions and addressed a vulnerability that pertains to the use of the printf family of functions with a format specifier and a minimum width specifier. An update of systemd 253.8 enhanced security and added a minimal bounds check to the bus component of systemd. Some improvements and core components were cleaned up. Several other packages updated in the snapshot

With snapshot 20230811, nodejs20 20.5.1 was updated. The new version took care of the CVEs; CVE-2023-32002, CVE-2023-32558 and CVE-2023-32004. The update of xen 4.17.2_02 addressed a vulnerability that pertains to a speculative return stack overflow on x86 AMD systems. An update of yast2-country 4.6.3 allows users to change the date to a year later than 2032. The re2c 3.1 package introduces new options such as --leftmost-captures for capturing groups and syntax for non-capturing groups. Command line tool and utilities package xz 5.4.4 updated documentation and translation and the latest openSUSE-repos-Tumbleweed package disabled the NVIDIA package building on LeapMicro since deployments are expected to have all drivers and tools inside the containers.

This week’s openSUSE Tumbleweed snapshots were steady and there were no large updates.

While updating openSUSE rolling release once a week could result in a larger update, daily updates throughout this week would have meant smaller updates each day.

The latest snapshot is 20230816. This snapshot fixes compiler-warnings with the ncurses 6.4.20230812 update. This package had some patches added and improved manpages for wgetnstr() and wget_wnstr(). There was also an update for a tool to read manpages with the man 2.11.2 update. This manual tool package introduces security enhancements by replacing $ characters in page names with ? when constructing less prompts, along with other improvements like handling database entries for links better and reorganizing databases for reproducibility. The visual file manager mc 4.8.30 update now supports using Perl Compatible Regular Expressions 2 library as a search engine, and it improves the extfs helpers and patchfs. The yast2-installation 4.6.7 update had a change that addresses a specific issue requiring the presence of the awk utility for use in startup scripts.

Snapshot 20230815 fixes a crash with the 389-ds update. The 2.4.0~git74.4297d88 version for the device memory project brings ongoing efforts to test and improve the multiple listening thread feature. The update gtk4 4.12.0 has some new features for list widgets and an always-ask property in the GtkFileLauncher. The inspector tool provides more information in the accessibility tab. The ndctl 78 update brings improvements in CXL (Compute Express Link) support and some patches were removed. Security vulnerabilities were addressed with the postgresql15 15.4 update, including CVE-2023-39417, which prevents the substitution of certain characters into extension scripts that could lead to security issues, and CVE-2023-39418, which ensures proper enforcement of row security policies. The package also adjusted the International Components for Unicode handling to prepare for PostgreSQL 16. The yast2-trans updated the POT files for Georgian, Slovak, Japanese, Czech and Dutch. Several Python Package Index packages were also updated.

Snapshot 20230814 had just one package update. The python-Pygments 2.16.1 update improved some documentation and provides guides on creating terminal code highlighting commands and loading TrueType fonts to the ImageFormatter for formatting highlighted code as images. The Python library also has a new syntax highlighter for various programming languages and formats.

Similarly, snapshot 20230813 also featured an update for a single package. Binding package python-pyzmq 25.1.1 had some compatibility changes with Cython 0.29.35 for building Python 3.12 wheels, which no longer requires Cython 3. The package also improved error messages, added Cython as a build-time dependency and cleaned up the Socket.poll() method used to check the status of ZeroMQ sockets in a non-blocking manner.

Snapshot 20230812 provided a major update of a web browser. Mozilla Firefox 116.0.2 was primarily targeted at enhancing performance and functionality. The major version release provided several Common Vulnerability and Exposure fixes to include those including a memory bugs, a stack buffer overflow vulnerability and a potential for permissions requests to be bypass via clickjacking has been eliminated. One new feature is the sidebar switcher, which allows users to access Bookmarks, History and Synced Tabs panels easily. The NetworkManager 1.44.0 update brings a significant enhancement by introducing a new link setting that is designed to hold properties related to the kernel link, including parameters, and it now supports sending a DHCPv6 prefix delegation hint through the ipv6.dhcp-pd-hint connection property. Catfish 4.18.0, the Xfce file searching tool, brings performance improvements that enhance user experience, making it smoother and more responsive. The package also allows for more refined and specific searches based on different categories of files. An update of glibc 2.38 introduces the strlcpy and strlcat functions and addressed a vulnerability that pertains to the use of the printf family of functions with a format specifier and a minimum width specifier. An update of systemd 253.8 enhanced security and added a minimal bounds check to the bus component of systemd. Some improvements and core components were cleaned up. Several other packages updated in the snapshot

With snapshot 20230811, nodejs20 20.5.1 was updated. The new version took care of the CVEs; CVE-2023-32002, CVE-2023-32558 and CVE-2023-32004. The update of xen 4.17.2_02 addressed a vulnerability that pertains to a speculative return stack overflow on x86 AMD systems. An update of yast2-country 4.6.3 allows users to change the date to a year later than 2032. The re2c 3.1 package introduces new options such as --leftmost-captures for capturing groups and syntax for non-capturing groups. Command line tool and utilities package xz 5.4.4 updated documentation and translation and the latest openSUSE-repos-Tumbleweed package disabled the NVIDIA package building on LeapMicro since deployments are expected to have all drivers and tools inside the containers.