Dear Tumbleweed users and hackers,

The week has passed without any major hiccups, which also shows in the number of Tumbleweed snapshots released during this week. Not the highest count ever achieved, but we are at a solid 6 snapshots (0121.0126), with the next one already in QA.

The major changes in those 6 snapshots were:

• systemd 249.9
• Lots of YaST changes (mostly under the hood, some UI changes in the installer)
• Mozilla Firefox 96.0.2
• Samba 4.15.3 & 4.15.4, including a rather large reorganisation of the library packages (i.e. multiple libs combinaed into samba-client-libs
• Virtualbox 6.1.32
• Bash 5.1.16
• Linux kernel 5.16.2
• Switch the default Network interface manager from wicked to NetworkManager: so far this was only done for graphical installations, but newly NetworkManager is also the default on server/console-only installs. With nmtui it is rather comfortable to configure it. Upgraders do not (yet) get migrated to NetworkManager, but stay on their working wicked config. Of course wicked is still available in the repos

Thins being worked on to reach you in the future include:

• Linux kernel 5.16.3
• Polkit with fix for pwnkit (Snapshot 0127(: the fix is also already in the Tumbleweed update channel. Make sure to get this update soon
• Ruby 3.1, incl switch of default Ruby version to 3.1
• Removal of Ruby 2.7 and Ruby 3.0 (together with the switch to Ruby 3.1)
• KDE Plasma 5.24 (currently beta is staged and being tested)
• Python 3.6 interpreter will be removed (We have roughly 100 python36-FOO packages left)
• Python 3.10 as the distro default interpreter (a bit down the line)
• GCC 12 introduction has started to be as ready as possible for when the upstream release happens.

Cambios en el gobierno de Chile traen la oportunidad para que el pueblo de Chile haga oír sus propuestas en cuanto a derechos y libertades digitales

Activistas chilenos han presentado tres propuestas constitucionales relacionadas con el software libre y la libertad del usuario, pero para que estas propuestas se sometan al debate constitucional, deben conseguir un número de firmas hasta el 1 de febrero de 2022.

Así que desde este pequeño blog, quiero dar difusión y expandir esta gran propuesta para que si resides en Chile, las tomes en cuenta y las apoyes si crees (como yo) que deben ser aprobadas.

A continuació reproduzco un texto de Félix Freeman que se ha publicado en la web de la FSF, en el que explica qué propuestas están desarrollando.

Chile vive un momento histórico, por primera vez está redactando una constitución con constituyentes elegidos de forma democrática, paritaria y con participación de los pueblos originarios. 154 personas están encargadas de la redacción de la nueva carta fundamental del país, quienes han dispuesto un mecanismo de participación popular en base a la recolección de apoyos: 15.000 firmas son requeridas para elevar propuestas ciudadanas al debate constitucional de forma directa.

La oportunidad de conseguir un cambio sustantivo y a largo plazo en pro de los derechos digitales y la libertad del software así como otras obras intelectuales es única en nuestra historia, y podría no repetirse durante el transcurso de nuestra vida. Es por esto que 4 comunidades históricamente relacionadas al uso y la difusión del software libre en Chile nos reunimos a redactar 3 de estas propuestas, las cuales son:

1. Acceso al conocimiento: Se promueve la igualdad de acceso al conocimiento garantizando el acceso universal a las tecnologías de la información y la liberación del conocimiento generado con los recursos de todos los chilenos. Iniciativa 46.114
2. Derecho a la privacidad en internet: Se reconoce y garantiza el derecho a la privacidad – esencial para la protección de la autonomía y dignidad humana – como base para las libertades de consciencia, expresión y asociación. Iniciativa 43.014
3. Soberanía tecnológica y digital: Se reconoce y defiende nuestra soberanía nacional en el ciberespacio. El desarrollo, autonomía y protección de nuestros territorios, cuerpos, datos e interacción virtual deben ser considerados parte estructural y estratégica de nuestra soberanía. Iniciativa 46.138

Estas propuestas constitucionales explican principios de la nación, derechos de los ciudadanos y deberes del Estado en torno a estos. La inclusión de los articulados permitirán y provocarán la creación de leyes que defiendan nuestras libertades y derechos de forma efectiva, por lo que no son el fin del camino en pro de las libertades intelectuales y los derechos digitales, sino solo el comienzo.

Puedes ver y apoyar nuestras propuestas ingresando a https://EraDeLaInformacion.cl ; Además encontrarás material de difusión e incluso software libre para hacer seguimiento estas. Puedes monitorear el progreso de nuestras, y otras, iniciativas en en https://votos.eradelainformacion.cl

No dejes pasar esta oportunidad histórica, si eres Chileno puedes apoyar las iniciativas número 46114, 46138 y 43014 en la plataforma https://iniciativas.chileconvencion.cl con tu «clave única» o «serie de carnet.» Si eres de cualquier nacionalidad puedes apoyarnos difundiendo la palabra por todo Internet.

Así que si resides en Chile espero que después de revisar estas propuestas las consideres adecuadas y firmes por ellas. Para que sea un ejemplo a otros países.

Enlaces de interés

• https://www.eradelainformacion.cl/
• https://www.fsf.org/blogs/community/chile-citizens-support-these-constitutional-proposals-for-free-software-and-user-privacy-by-feb-1

There were openSUSE Tumbleweed snapshots every day this week.

Some other noteworthy news within Tumbleweed is that Wicked is being phased out. New installations of Tumbleweed are all using NetworkManager by default. This is not only for desktops, but also for server installs. However, upgraders are not planned as of yet to be migrated away from Wicked.

The latest Tumbleweed snapshot is 20220126. Samba updated twice this week; this snapshot brought in the 4.15.4 version, which provided a bit of cleanup and configuration changes. The 5.16.2 Linux Kernel quickly went from staging to snapshot. The updated kernel had multiple Advanced Linux Sound Architecture fixes for newer Lenovo laptops and KVM fixes for s390 and x86 architectures. The text editor vim had several fixes along with some additional changes for the experimental vim9 fork in its 8.2.4186 version. xlockmore, which is a screen saver and X Window System package, updated an xscreensaver port and fixed some modules in its 5.68 version. The 3.74 version for mozilla-nss replaced four Google Trust Services LLC root certificates, added a few iTrusChina root certificates and added support for SHA-2 hashes in CertIDs in Online Certificate Status Protocol responses.

Snapshot 20220125 brought some exciting system updates. A few patches were added in the bash 5.1.16 update; one of those fixed a corrupted input. Another fixed a tilde expansion following an unquoted colon on the right-hand side of an assignment statement in posix mode. Fedora’s enterprise-class package 389-ds 2.0.13 added a user interface feature and a fixed compiler warning. The cross-platform development library for accessing audio, keyboard, mouse, joystick, and graphics hardware SDL2 2.0.20 improved the accuracy of horizontal and vertical line drawing when using OpenGL. The major version update of pentobi 20.0, which is a computer opponent for the board game Blokus, made a workaround for bugs in Qt 6.2 that sometimes cause the wrong positions of unplayed pieces. Quite a few openSUSE packages were updated in the snapshot. The update of yast2-security 4.4.8 fixed a declarative AppArmor option; an update of libstorage-ng 4.4.76 added support for RAID metadata versions 1.1 and 1.2; yast2-bootloader 4.4.14, yast2-installation 4.4.35, yast2-storage-ng 4.4.33, autoyast2 4.4.27 and yast2 4.4.39 were just a few of the many YaST packages updated.

Snapshot 20220124 updated two packages. Text web browser lynx 2.9.0.10 had some translations and provided several fixes for problems found using asan2 with fuzzer-generated data. The z3 4.8.14 update fixed some constraints and provided some additional user functionality for the theorem prover.

The 20220123 snapshot brought in virtualbox 6.1.32, which fixed a Common Vulnerabilities and Exposures. CVE-2022-21394 would have allowed for unauthorized access to critical data; the package changed the guest RAM management when using Hyper-V to be more compatible with Hypervisor-Protected Code Integrity. The virtual machine package also fixed access to some USB devices and device classes that were not correctly handled. Mozilla Firefox 96.0.2 fixed an issue that caused the tab height to display inconsistently on Linux when audio was played. Bind 9.16.25 had some changes to prevent callbacks from being executed before the current read callback finishes. The highly portable DNS protcol implementation fixed seven more bugs in the update. Samba 4.15.3 fixed CVE-2020-25717 and, with windows active directory, could have allowed for the mapping of domain users to local users in an undesired way. Samba also added python-rpm-macros to the build requirements. Another package to update in the snapshot was webkit2gtk3 2.34.4, which fixed several crashes and rendering issues; the package release also fixes numerous security issues, including a severe issue that allowed websites to read the names of IndexedDB databases created by other websites. Other packages to update in the snapshot were codec2 1.0.3, iso-codes 4.9.0, kdump 1.0 and more.

The handling of add-on signature settings were changed with the autoyast2 4.4.26 update in snapshot 20220122. Three major versions updates came in the snapshot; these were systemd-rpm-macros 15 and userspace tooling package nvme-cli 2.0, which fixed some dependencies and version strings. The major version update of python-ipython 8.0.1 fixed CVE-2022-21699 and backported some fixes from Python 3.10.

Tumbleweeds 20220121 snapshot gave rolling release users systemd 249.9. The updated version moved the network configuration systemd-network-generator in the udev package; this generator can generate .link files and is mainly used in initrd where udev is mandatory. The new systemd also dropped a few patches and fixed undisclosed CVE-2021-3997. The 8.0 major version of libvirt was updated in the snapshot. One of the new features is the qemu synchronous write mode for disk copying operations. Other packages to update in the snapshot were ncurses 6.3.20220115, flatpak 1.12.4, autofs 5.1.8, gnutls 3.7.3 and more.

The snapshot released last Thursday, snapshot 20220120, updated the Linux Kernel to version 5.16.1. That update provided several Bluetooth fixes to include one for the MacBook Air 8,1 and 8,2. An update of the userspace setup tool cryptsetup 2.4.3 fixed CVE-2021-4122 that allowed for possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery, according to the changelog. The sqlite 3.37.2 fixed a bug introduced in version 3.35.0 that could cause database corruption and fix a long-standing problem involving a reset option. The update of yast2-bootloader 4.4.13 added support for password protection and added support for PowerPC secure boot.

Arm specific Tumbleweed snapshots released this week were arm 20220125 and arm 20220123.

Mit dem am Mittwoch durch den Patch openSUSE-SLE-15.3-2022-198 gelieferten Kernel mit Version 5.3.18-150300.59.43.1 startet Leap 15.3 auf vielen Systemen mit Radeon-Grafik nicht mehr. Gleich nach dem Laden des Kernels friert das System ein und schaltet die Bildschirmausgabe ab. Glücklicherweise gibt es aber gleich zwei einfache Wege betroffene Systeme wieder zum laufen zu bekommen. Die Systeme können entweder mit der vorherigen Kernelversion oder dem Kernelparameter nomodeset gestartet werden.

Die schnellste Variante ist sicher einfach den vorherigen Kernel zu starten. Dieser lässt sich im Bootmenü von Grub über die erweiterten Optionen einfach auswählen. Standardmäßig hebt openSUSE übrigens immer den genutzten und die zwei neuesten Kernel auf. Es sollte also immer ein funktionsfähiger Kernel zur Verfügung stehen. Mehr zu diesem Feature findet sich in einem älteren Artikel von mir.

Stört es, wie beispielsweise bei einem sowieso ohne Monitor betriebenen System, nicht, wenn das Modesetting nicht funktioniert, so lässt sich auch der neue Kernel booten. Der Bug lässt sich durch Nutzung des Kernelparameters nomodeset umgehen. Am einfachsten lässt sich dieser über das Modul Bootloader im Abschnitt System von YaST konfigurieren. Dafür muss das System aber erst mal laufen. Dafür kann entweder, wie oben beschrieben der alte Kernel genutzt werden, oder der Parameter einmal beim Start manuell gesetzt werden.

Um den Bootparameter beim Start manuell zu setzen muss im Bootmenü die Taste E gedrückt werden. Dies öffnet den gerade ausgewählten Startmenüeintrag in einem einfachen Editor. Hier ist die mit linux beginnende Zeile zu suchen und an deren Ende der Parameter nomodeset hinzuzufügen. Durch einen Druck auf F10 startet das System dann mit dem modifizierten Eintrag. Der Eintrag wird allerdings nicht permanent übernommen. Man muss ihn anschließend noch per YaST persistieren, kann sich dafür aber auch erst mal nichts kaputt machen.

Mehr Informationen zu diesem Problem finden sich im Bugzilla. Dort gibt es auch schon eine verifizierte richtige Lösung des Problems, welche im nächsten Kernel-Patch dann enthalten sein dürfte.

Aktualisierung vom 7.2.2022: Mit dem Update openSUSE-SLE-15.3-2022-340, welches den Kernel auf Version 5.3.18-150300.59.46 hebt, ist das Problem behoben. Die betroffenen Systeme starten auch ohne den Workaround nomodeset zu nutzen wieder. Solltet Ihr vorsichtshalber den letzten Kernel, mit dem euer System noch gestartet hat, zur dauerhaften Aufbewahrung markiert haben, so solltet ihr nicht vergessen auch dies wieder rückgängig zu machen. Sonst liegt der alte Kernel unnötig dauerhaft rum.

La nueva versión de la serie 15 de openSUSE Leap incluirá una actualización del escritorio Plasma de KDE

Buenas noticias para los usuario y usuarias de openSUSE Leap. La próxima versión de openSUSE que actualmente se encuentra en fase alfa de desarrollo traerá actualizaciones en el escritorio Plasma de KDE.

openSUSE Leap 15.4 que se publicará para el mes de junio de 2022 incorporará una actualización en su escritorio Plasma.

Se incluirá la versión 5.24 de Plasma (que pronto llegará a Tumbleweed) que además se ha anunciado que será la próxima versión LTS o versión de soporte extendido.

Según ha informado el encargado del desarrollo de openSUSE Leap, se han cumplido las expectativas y todas las dependencias necesarias para incluir Plasma 5.24 dentro de Leap 15.4.

Tan pronto como SLE 15 SP4 incluya los cambios necesarios (por ejemplo, Qt 5.15), Plasma se puede integrar en Leap 15.4, en la próxima versión Beta o en alguna de las snapshots siguientes, antes de la publicación final.

Plasma 5.24 será la nueva versión LTS de la comunidad KDE de su escritorio. Eso implicará que tendrá actualizaciones, correcciones y mejoras durante mucho tiempo.

De esta manera Leap 15.4 se asegura de publicarse con una versión del entorno de escritorio que recibirá mejoras y cuidados por parte de la comunidad KDE.

Dado que openSUSE comparte los mismos binarios con SUSE, y esta última se publica con el entorno GNOME, también se puede adelantar que vendrá con GNOME 41.x.

Los desarrollos de otros entornos de escritorio también disponibles en openSUSE como Xfce, LXQt, Cinnamon, o Mate entre otros, dependerá del estado de desarrollo de sus respectivas versiones. Para ver qué versiones se podrán incluir en openSUSE Leap 15.4.

Gracias a los desarrolladores de KDE y openSUSE (Antonio Larrosa seguro que ha tenido mucha «culpa» en esto, entre otras personas) que hacen un «trabajo en la sombra» enorme para que nos beneficiemos toda la comunidad.

Enlaces de interés

• https://news.opensuse.org/2022/01/27/release-manager-gives-update-on-de/
• https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/ZKKEYZNAPJSWVLURGRKL7HY3YQZIRKKP/
• https://code.opensuse.org/leap/features/issue/9

La noticia es reciente, no como la del año pasado. Ha sido anunciado Linux App Summit 2022 en Rovereto, Italia, en abril. Otra oportunidad de conocer las fortalezas de los dos entornos de trabajo más importantes de GNU/Linux: KDE y Gnome.

Anunciado Linux App Summit 2022 en Rovereto, Italia

Como ya he dicho en otros artículos aunque este blog siempre ha sido de KDE (el nombre del mismo da alguna pista) nunca ha sido anti-gnome. Creo que la colaboración, aunque sea entre proyectos paralelos, es beneficiosa para la Comunidad GNU/Linux.

Justo eso es el objetivo del evento Linux App Summit, que lleva celebrándose hace unos años, que va cogiendo cada vez más impulso y que se ha convertido en un clásico en el blog y que reúne bajo un mismo techo, aunque sea virtual, a los desarrolladores de los entornos de trabajo KDE y Gnome para que compartan ideas, código y conocimiento.

El Linux App Summit (LAS) reúne a la comunidad global de Linux para aprender, colaborar y ayudar a crecer el ecosistema de aplicaciones de Linux. A través de charlas, paneles y sesiones de preguntas y respuestas, animamos a los asistentes a compartir ideas, hacer conexiones y unirse a nuestro objetivo de construir un ecosistema de aplicaciones común.

De este modo me congratulo en compartir con vosotros que ha sido anunciado Linux App Summit 2022 en Rovereto, Italia, que se celebrará en abril con una modalidad híbrida, que combinará sesiones presenciales y a distancia, incluyendo charlas, paneles y preguntas. Además, los vídeos de LAS se transmitirán en directo en su canal de YouTube.

El cierre de «Call for Papers» se abrirá pronto, así que te interesa estate atento al blog, a la página de noticias de KDE o a la oficial del evento.

Por cierto, desde la organización invitan a los asistentes a unirse al canal de Telegram de LAS y a seguir a LAS en Twitter @linuxappsummit, y a utilizar el hashtag: #LAS2022.

Introduction

openSUSE Kubic is a certified Kubernetes Distribution based on openSUSE MicroOS. Calico is an open-source project that can be used by Kubernetes to deploy a pod network to the cluster. In this blog, I will show you how to deploy a Kubernetes Cluster based on Calico and openSUSE Kubic by a Virtual Machine. We are going to deploy a cluster that has a master and a worker.

I was intended to use Oracle VM VirtualBox. However, it turned out that on my machine, when I tried to run kubeadm at openSUSE Kubic in VirtualBox, it always stuck at watchdog: BUG: soft lockup - CPU#? stuck for xxs! with CPU usage around 100%. As a result, I switched to VMware Workstation Pro and the issue got solved. Guess it’s caused by some bugs of VirtualBox.

Steps

Create the Virtual Machine and Install openSUSE Kubic

Here I won’t explain how to do these things but share some important things to note, just refer to their documents if you don’t know or have any questions.

• Here is my configuration for the Virtual Machine. Recommend that your host machine has a memory that is larger than 8GB so that more than 3GB of memory can be assigned to the Virtual Machine for it to run smoothly. In order for the Virtual Machines to be connected to each other, and also connect to the Internet, you can set the Network Adapter to be Bridged (Automatic).

• For openSUSE Kubic Installation, remember to choose kubeadm Node when it comes to System Role, as it will deploy a Weave pod network cluster instead of Calico if you choose to use Kubic.

• I suggest that you can install the openSUSE Kubic in one Virtual Machine, later after successful installation, clone that Virtual Machine, assign one as master and another worker. Remember to do a full clone.

Configuring the Master

When you boot into the master Virtual Machine, you can see your IP address in the notification part. In my case, it’s 192.168.1.14. Take note of that.

For the convenience of copy and paste commands, we can use SSH to log into the system. To configure that, first, log into the system with root account. Second, execute vi /etc/ssh/sshd_config.d/10-enable-root-password.conf, type i to insert, write the following into the file:

PasswordAuthentication yes
PermitRootLogin yes

This will enable SSH root password login, although it’s not recommended if you are in production. When editing is finished, press [ESC] then type :wq to save and exit.

Kubeadm Init

Run kubeadm config images pull to pull the container images required for Kubernetes.

You can also specify the --image-repository if, in your location, registry.opensuse.org downloading speed is too slow. In my case (in China) I’ll use Aliyun to speed up: kubeadm config images pull --image-repository registry.aliyuncs.com/google_containers

Then run kubeadm init --apiserver-advertise-address=<Your Master IP Address> --pod-network-cidr=192.168.0.0/16, replace <Your Master IP Address> with the IP address you just noted. If you specified the --image-repository in the last step, also append that to this command.

Wait for it to finish, remember to take notes of the worker nodes joining command.

Execute export KUBECONFIG=/etc/kubernetes/admin.conf in your shell for the kubectl to work.

Deploy Calico

Get the latest copy of the calico configuration yaml file by curl -O https://docs.projectcalico.org/manifests/calico.yaml.

Change the path to install the FlexVolume driver by sed -i 's#/usr/libexec/kubernetes/kubelet-plugins/volume/exec#/var/lib/kubelet/volume-plugin#g' calico.yaml as in Transactional (Atomic) systems /usr/libexec/kubernetes is read-only.

Finally, apply the yaml file by kubectl apply -f calico.yaml.

Wait for all the pods to be available.

watch kubectl get pods --all-namespaces

You can check the Events of the pod to get the error messages if you are waiting too much time on a specific pod: kubectl describe pods -n kube-system <Pod Name>.

Configuring the Worker

Start the worker Virtual Machine, login as root, change the host name as it can’t be the same with the master: hostnamectl set-hostname 'worker'.

Finally, execute the worker nodes joining command just noted, ignoring the hostname could not be reached warnings since we didn’t and don’t need to configure the DNS.

Then wait for the worker to be available, Done!

The openSUSE community received cheerful news today after Leap release manager Luboš Kocman updated the community on the desktop environment expected for the next minor release.

Leap 15.4, which is in the alpha phase of the software release cycle, is planned to have updated desktop environments.

Kocman’s email “KDE Plasma 5.24 LTS will be in Leap 15.4” informed contributors on the Project’s Factory mailing list that all the “dependencies are already submitted” to SUSE Linux Enterprise. Leap is built with the same source code and exact same binary packages as SLE.

“We’ve received the green light,” Kocman wrote.

The feature is being tracked as issue #7.

Currently, the Long-Term-Support release of Plasma 5.24 is in it’s beta release cycle and will likely arrive in openSUSE Tumbleweed soon.

Based on GNOME’s upstream schedule and the roadmap for Leap, GNOME 41.x is expected to be in the release. The versions for LXQt, LXDE, Cinnamon, Mate, XFCE, sway have yet to be finalized, according to issue #9, which is tracking the Desktop Environments’ latest version for the forthcoming version Leap.

This blog post ist about uploading a custom VM disk image to the Azure cloud and create a VM to boot from this image.

If you just want to upload a image, checkout the az_upload_img bash script at the very end of this post for a easy-to-use script without the need to dive into details.

I received a new laptop for work - a Dell XPS 13. Dell has been long famous for offering certain models with pre-installed Linux as a supported option, and opting for those is nice for moving some euros/dollars from certain PC desktop OS monopoly towards Linux desktop engineering costs. Notably Lenovo also offers Ubuntu and Fedora options on many models these days (like Carbon X1 and P15 Gen 2).

Obviously a smooth, ready-to-rock Ubuntu installation is nice for most people already, but I need openSUSE, so after checking everything is fine with Ubuntu, I continued to install openSUSE Tumbleweed as a dual boot option. As I’m a funny little tinkerer, I obviously went with some special things. I wanted:

• Ubuntu to remain as the reference supported OS on a small(ish) partition, useful to compare to if trying out new development versions of software on openSUSE and finding oddities.
• openSUSE as the OS consuming most of the space.
• LUKS encryption for openSUSE without LVM.
• ext4’s new fancy ‘fast_commit’ feature in use during filesystem creation.
• As a result of all that, I ended up juggling back and forth installation screens a couple of times (even more than shown below, and also because I forgot I wanted to use encryption the first time around).

First boots to pre-installed Ubuntu and installation of openSUSE Tumbleweed as the dual-boot option:

(if the embedded video is not shown, use a direct link)

Some notes from the openSUSE installation:

• openSUSE installer’s partition editor apparently does not support resizing or automatically installing side-by-side another Linux distribution, so I did part of the setup completely on my own.
• Installation package download hanged a couple of times, only passed when I entered a mirror manually. On my TW I’ve also noticed download problems recently, there might be a problem with some mirror I need to escalate.
• The installer doesn’t very clearly show encryption status of the target installation - it took me a couple of attempts before I even noticed the small “encrypted” column and icon (well, very small, see below), which also did not spell out the device mapper name but only the main partition name. In the end it was going to do the right thing right away and use my pre-created encrypted target partition as I wanted, but it could be a better UX. Then again I was doing my very own tweaks anyway.
• Let’s not go to the details why I’m so old-fashioned and use ext4 :)
• openSUSE’s installer does not work fine with HiDPI screen. Funnily the tty consoles seem to be fine and with a big font.
• At the end of the video I install the two GNOME extensions I can’t live without, Dash to Dock and Sound Input & Output Device Chooser.