18 Sep 2018 11:21pm GMT

It may be the biggest story in open source in 2018, a year that saw Microsoft purchase GitHub. Linus Torvalds replaced the Code of Conflict for the Linux kernel with a Code of Conduct. In a message on the Linux Kernel Mailing List (LKML), Torvalds explained that he was taking time off to examine the way he led the kernel development community.

Torvalds has taken a lot of flak for his style over the years, including on this blog. While he has done an excellent job shepherding the technical development of the Linux kernel, his community management has often - to put it mildly - left something to be desired. Abusive and insulting behavior is corrosive to a community, and Torvalds has spent the better part of the last three decades enabling and partaking in it.

But he has seen the light, it would seem. To an outside observer, this change is rather abrupt, but it is welcome. Reaction to his message has been mixed. Some, like my friend Jono Bacon, have advocated supporting Linus in his awakening. Others take a more cynical approach:

<figure class="wp-block-embed-twitter wp-block-embed is-type-rich is-provider-twitter">

Oh look, an abusive OSS maintainer finally admitted, after *decades* of abusive and toxic behavior, that his behavior *might* be an issue.

And a bunch of people I follow are tripping all over themselves to give him cookies for that.

- Kelly Ellis (@justkelly_ok) September 17, 2018

<script async="async" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script> </figure>

I understand Kelly's position. It's frustrating to push for a more welcoming and inclusive community only to be met with insults and then when someone finally comes around to have everyone celebrate. Kelly and others who feel like her are absolutely justified in their position.

For myself, I like to think of it as a modern parable of the prodigal son. As tempting as it is to reject those who awaken late, it is better than them not waking at all. If Linus fails to follow through, it would be right to excoriate him. But if he does follow through, it can only improve the community around one of the most important open source projects. And it will set an example for other projects to follow.

I spend a lot of time thinking about community, particularly since I joined Red Hat as the Fedora Program Manager a few months ago. Community members - especially those in a highly-visible role - have an obligation to model the kind of behavior the community needs. This sometimes means a patient explanation when an angry rant would feel better. It can be demanding and time-consuming work. But an open source project is more than just the code; it's also the community. We make technology to serve the people, so if our communities are not healthy, we're not doing our jobs.

The post Linus's awakening appeared first on Blog Fiasco.

18 Sep 2018 12:02pm GMT

Many users like hidden system titlebar as Firefox feature although it's not finished yet. But we're very close and I hope to have Firefox 64 in shape that the title bar can be disabled by default at least on Gnome and matches Firefox outfit at Windows and Mac.

Thunderbird 60 was finally released for Fedora and comes with a basic version of the feature as it was introduced at Firefox 60 ESR. There's a simple checkbox at "Customize" page at Firefox but Thunderbird is missing an easy switch.

To disable the title bar at Thunderbird 60, you need to go to system menu Edit -> Preferences and choose Advanced tab. Then click at Config Editor at page left bottom corner, open it and look for mail.tabs.drawInTitlebar. Double clik on it and your bird should be titleless

18 Sep 2018 8:58am GMT

Fedora Appreciation Week is a new event this year organized by the Fedora Community Operations (CommOps) team. Fedora Appreciation Week, abbreviated as FAW, is a week-long event to celebrate the efforts of Fedora Project contributors and to say "thank you" to each other. Fedora Appreciation Week begins Monday, November 5, 2018 and runs until Sunday, November 11, 2018.

What is it?

The Ubuntu Community Appreciation Day inspired the CommOps team to organize a similar event of appreciation for contributors who make Fedora what it is. This includes all types of contributors, from development, design, infrastructure, marketing, engineering, and more.

During this time of appreciation, users and contributors alike are highly encouraged to select either an individual or a group of contributors to thank for their efforts in Fedora. Appreciation can be given as a karma cookie in IRC, a short note of thanks on a mailing list, or a longer form appreciation such as a Fedora Happiness Packet.

This year's Fedora Appreciation Week will occur during the 15th anniversary of the Fedora Project on November 6, 2018.

Why have an Appreciation Week?

Most Fedora contributors do not get to work together in the same building or office. Our daily interactions are usually in text (e.g. IRC, emails, wikis, etc.). Even though these work well and we accomplish our goals, we lose touch with the human side of contributing. Fedora contributors aren't robots, but real people! Fedora Appreciation Week is a chance to remember the Fedora community is a community of people, and to thank our colleagues and friends who might be halfway across the room or halfway across the planet.

How to participate in Appreciation Week

More information about how to participate will come in October. In the meanwhile, consider writing a Contributor Story! Contributor Stories are just that: the record of our best moments with our Fedora friends. The story can be about our work in Fedora or something personal or unique which you would like to share with the community. Selected stories will be shared on the Community Blog every day during Fedora Appreciation Week.

See some examples and consider writing one of your own before Fedora Appreciation Week rolls around on Monday, November 5, 2018.

Photo by "My Life Through A Lens" on Unsplash.

The post Say thank you this November during Fedora Appreciation Week 2018 appeared first on Fedora Community Blog.

18 Sep 2018 8:30am GMT

Recently, I started to use Vagrant to test Ansible playbooks on Fedora machines. I'm using the Fedora 28 cloud base image. However, when I tried to provision my Vagrant box, I was warned the Python binary is missing.

$ vagrant provision
==> default: Running provisioner: ansible...
    default: Running ansible-playbook...

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
fatal: [default]: FAILED! => {"changed": false, "module_stderr": "Shared connection to 192.168.121.3 closed.\r\n", "module_stdout": "\r\n/bin/sh: /usr/bin/python: No such file or directory\r\n", "msg": "MODULE FAILURE", "rc": 127}
        to retry, use: --limit @playbook.retry

Problem: Python 3 by default

This error appears because Fedora 28 does not provide a Python 2 binary by default. Only Python 3 is provided on the base cloud image. I verified this by SSHing into the Vagrant box.

[jflory@vagrant-host vagrant]$ vagrant ssh
[vagrant@localhost ~]$ dnf list installed | grep -i python

Annoyingly, I must install Python 2 manually in the box each time it fails to provision. Surely, there is an easier way? Fortunately, StackOverflow came to the rescue.

Solution: ansible.extra_vars

It's possible to tell Vagrant where the Python binary is located. You can pass the path to the python3 binary manually in your Vagrantfile.

# Provisioning configuration for Ansible.
config.vm.provision :ansible do |ansible|
  ansible.playbook = "playbook.yml"
  ansible.extra_vars = { ansible_python_interpreter:"/usr/bin/python3" }
end

Adding these changes to your Vagrantfile allows Ansible to successfully run on the Fedora Vagrant guest. Python is successfully located.

This is an annoying workaround, but it solves the issue and lets you successfully test and iterate changes on Fedora systems. Here's hoping the Fedora cloud image maintainers add a default binary for /usr/bin/python to point to /usr/bin/python3 in the future.

The post How to fix missing Python for Ansible in Fedora Vagrant appeared first on Justin W. Flory's Blog.

18 Sep 2018 8:30am GMT

Every release, the Fedora Design team creates a new default wallpaper for Fedora. In addition to the default wallpaper, the Fedora repositories also contain a set of extra Supplemental Wallpapers for each release. These older wallpapers are not installed by default, but are easily installed from the Fedora Repositories. If you have just set up a fresh install of Fedora, and want to expand your choices for your desktop wallpaper, the older Fedora wallpapers are a great choice.

This post lists out the older wallpapers available in the Fedora repositories, and how to install them on your current Fedora install. On Fedora Workstation, after you have installed your desired pack, they will show up in the Wallpapers tab in the Background chooser in the Settings.

Note: If you are using a desktop environment other than the default for Fedora Workstation (GNOME), there are also packages tailored to some of the more popular alternative desktops. In most of the examples below, simply change

in the dnf install line to

or

or

when installing the package.

Fedora 28 Wallpapers

Fedora 28 Default Wallpaper

To install the Fedora 28 default wallpaper, use the following command in the Terminal:

sudo dnf install f28-backgrounds-gnome

Fedora 28 Supplemental Wallpapers

To install the Fedora 28 supplementary wallpapers, use the following command in the Terminal:

sudo dnf install f28-backgrounds-extras-gnome

Fedora 27 Wallpaper

To install the Fedora 27 default wallpaper, use the following command in the Terminal:

sudo dnf install f27-backgrounds-gnome

Fedora 26 Wallpapers

Fedora 26 Default Wallpaper

To install the Fedora 26 default wallpaper, use the following command in the Terminal:

sudo dnf install f26-backgrounds-gnome

Fedora 26 Supplemental Wallpapers

To install the Fedora 26 supplementary wallpapers, use the following command in the Terminal:

sudo dnf install f26-backgrounds-extras-gnome

Fedora 25 Wallpapers

Fedora 25 Default Wallpaper

To install the Fedora 25 default wallpaper, use the following command in the Terminal:

sudo dnf install f25-backgrounds-gnome

Fedora 25 Supplemental Wallpapers

To install the Fedora 25 supplementary wallpapers, use the following command in the Terminal:

sudo dnf install f25-backgrounds-extras-gnome

Fedora 24 Wallpapers

Fedora 24 Default Wallpaper

To install the Fedora 24 default wallpaper, use the following command in the Terminal:

sudo dnf install f24-backgrounds-gnome

Fedora 24 Supplemental Wallpapers

To install the Fedora 24 supplementary wallpapers, use the following command in the Terminal:

sudo dnf install f24-backgrounds-extras-gnome

Fedora 23 Wallpapers

Fedora 23 Default Wallpaper

To install the Fedora 23 default wallpaper, use the following command in the Terminal:

sudo dnf install f23-backgrounds-gnome

Fedora 23 Supplemental Wallpapers

To install the Fedora 23 supplementary wallpapers, use the following command in the Terminal:

sudo dnf install f23-backgrounds-extras-gnome

Fedora 22 Wallpapers

Fedora 22 Default Wallpaper

To install the Fedora 22 default wallpaper, use the following command in the Terminal:

sudo dnf install f22-backgrounds-gnome

Fedora 22 Supplemental Wallpapers

To install the Fedora 22 supplementary wallpapers, use the following command in the Terminal:

sudo dnf install f22-backgrounds-extras-gnome

Fedora 21 Wallpapers

Fedora 21 Default Wallpaper

To install the Fedora 21 default wallpaper, use the following command in the Terminal:

sudo dnf install f21-backgrounds-gnome

Fedora 21 Supplemental Wallpapers

To install the Fedora 21 supplementary wallpapers, use the following command in the Terminal:

sudo dnf install f21-backgrounds-extras-gnome

Fedora 20 Wallpapers

Fedora 20 Default Wallpaper

To install the Fedora 20 default wallpaper, use the following command in the Terminal:

sudo dnf install heisenbug-backgrounds-gnome

Fedora 20 Supplemental Wallpapers

To install the Fedora 20 supplementary wallpapers, use the following command in the Terminal:

sudo dnf install heisenbug-backgrounds-extras-gnome

Fedora 19 Wallpapers

Fedora 19 Default Wallpaper

To install the Fedora 19 default wallpaper, use the following command in the Terminal:

sudo dnf install schroedinger-cat-backgrounds-gnome

Fedora 19 Supplemental Wallpapers

To install the Fedora 19 supplementary wallpapers, use the following command in the Terminal:

sudo dnf install schroedinger-cat-backgrounds-extras-gnome

Fedora 18 Wallpapers

Fedora 18 Default Wallpaper

To install the Fedora 18 default wallpaper, use the following command in the Terminal:

sudo dnf install spherical-cow-backgrounds-gnome

Fedora 18 Supplemental Wallpapers

To install the Fedora 18 supplementary wallpapers, use the following command in the Terminal:

sudo dnf install spherical-cow-backgrounds-extras-gnome

Fedora 17 Default Wallpaper

To install the Fedora 17 default wallpaper, use the following command in the Terminal:

sudo dnf install beefy-miracle-backgrounds-gnome

Fedora 16 Wallpapers

Fedora 16 Default Wallpaper

To install the Fedora 16 default wallpaper, use the following command in the Terminal:

sudo dnf install verne-backgrounds-gnome

Fedora 16 Supplemental Wallpapers

To install the Fedora 16 supplementary wallpapers, use the following command in the Terminal:

sudo dnf install verne-backgrounds-extras-gnome

Fedora 15 Wallpapers

Fedora 15 Default Wallpaper

The default wallpaper for Fedora 15 was a remix of the default GNOME wallpaper at the time. To install the Fedora 15 default wallpaper, use the following command in the Terminal:

sudo dnf install lovelock-backgrounds-stripes-gnome

Fedora 15 Alternate Wallpaper

Fedora 15 also shipped with an alternate wallpaper, that was used by default on non-GNOME spins. To get this wallpaper, use the following command in the Terminal:

sudo dnf install lovelock-backgrounds-gnome

Fedora 14 Wallpapers

Fedora 14 Default Wallpaper

To install the Fedora 14 default wallpaper, use the following command in the Terminal:

sudo dnf install laughlin-backgrounds-gnome

Fedora 14 Supplemental Wallpapers

To install the Fedora 14 supplementary wallpapers, use the following command in the Terminal:

sudo dnf install laughlin-backgrounds-extras-gnome

Fedora 13 Default Wallpaper

To install the Fedora 13 default wallpaper, use the following command in the Terminal:

sudo dnf install goddard-backgrounds-gnome

Fedora 12 Default Wallpaper

To install the Fedora 12 default wallpaper, use the following command in the Terminal:

sudo dnf install constantine-backgrounds

Fedora 11 Default Wallpaper

To install the Fedora 11 default wallpaper, use the following command in the Terminal:

sudo dnf install leonidas-backgrounds-lion

Fedora 10 Default Wallpaper

To install the Fedora 10 default wallpaper, use the following command in the Terminal:

sudo dnf install solar-backgrounds

Fedora 9 Default Wallpaper

To install the Fedora 9 default wallpaper, use the following command in the Terminal:

sudo dnf install desktop-backgrounds-waves

Fedora 8 Default Wallpaper

To install the Fedora 8 default wallpaper, use the following command in the Terminal:

sudo dnf install fedorainfinity-backgrounds

18 Sep 2018 2:50am GMT

Switching to Universal Ctags

After some time spent with exuberant-ctags and ripper-tags, I am switching over to universal-ctags. Ruby language and other languages like Golang is vastly improved over to exuberant-ctags and even ripper-tags. Here are my git hooks which I use for all my project checkouts. It's fast, fluent and works across all my projects.

For navigation I stick with Vim, sometimes I use fzf.vim plugin together with fzf for terminal.

For longer coding sessions, I am trying GNOME Builder which looks great and every single release it is catching up with Submlime Text 3, except it is fully open source and it has usable Vim emulation. I've tried Atom and VSCode but these slow things are not for me.

18 Sep 2018 12:00am GMT

After reading Mike's blog post about official Mozilla Firefox switch to LLVM Clang, I was wondering if we should also use that setup for official Fedora Firefox binaries.

The numbers look strong but as Honza Hubicka mentioned, Mozilla uses pretty ancient GCC6 to create binaries and it's not very fair to compare it with up-to date LLVM Clang 6.

Also if I'm reading the mozilla bug correctly the PGO/LTO is not yet enabled for Linux, only plain optimized builds are used for now…which means the transition at Mozilla is not so far than I expected.

I also went through some Poronix tests which indicates there's no black and white situation there although Mike claimed that LLVM Clang is generally better that GCC. But it's possible that Firefox codebase somehow fits better LLVM Clang than GCC.

After some consideration I think we'll stay with GCC for now and I'm going compare Fedora GCC 8 builds with the Mozilla LLVM Clang ones when there are available. Both builds can't use -march=native so It may be an equal comparsion. Also Fedora should enable the PGO+LTO GCC setup to get the best from GCC.

[Update] I was wrong and PGO+LTO should be enabled also for Linux builds now. The numbers looks very well and I wonder if we can match them with GCC8!

17 Sep 2018 9:00pm GMT

Dependency changes

The composer now requires hawkey.

Server upgrade instructions

This release contains database migrations. To apply them, run::

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Features

• It is no longer an error if a developer tries to create an override for a build that already had
  an override. Instead, Bodhi helpfully edits the old override automatically (#2030).
• The UI displays the date that expired overrides became expired (#2136).
• Security updates now require severity to be set (#2206).
• The Waiver UI now gives the user more context (#2270 and #2363).
• The CLI can be used to edit Release mail templates (#2475).
• A new clean_old_composes setting allows admins to disable the automatic compose cleanup
  feature that was new in Bodhi 3.9.0 (#2561).
• The API can filter releases by state (beb69a0).
• The CLI now has a --debug flag on a couple of commands (1bd7617).
• The bindings have some debug level logging when retrieving Greenwave status (b55fa45).
• The UI now makes it clear that only authenticated users can leave karma on updates
  (3b551c3).
• Bodhi can now manage Flatpaks (1a6c4e8).
• Bodhi now ships a /usr/bin/bodhi-skopeo-lite, which is intended to be an alternative for use
  with the skopeo.cmd setting. It allows for multi-arch containers and Flatpaks to be managed by
  Bodhi (a0496fc).
• The composer now uses librepo/hawkey to do much more extensive testing on the produced yum
  repositories to ensure they are valid (7dda554).

Bug fixes

• More space was added around some buttons so they don't touch on small screens (#1902).
• The bodhi releases subcommands no longer prompt for password when not necessary
  (#2496).
• The submit feedback button now appears on low resolution screens (#2509).
• Articles were fixed in a tooltip on the update page (075f8a9).
• The CLI can again display missing required tests (cf75ff8).
• Fix a failure that sometimes occurred when editing multi-build updates (d997ed4).
• Unknown Koji tags will no longer cause an Exception when creating new updates
  (78dd4aa).

Development improvements

• Line test coverage has reached 100% (2477fc8).
• A fake Pungi is used in the Vagrant environment to speed up vagrant up (1b4f5fc).
• No tests are skipped on Python 3 anymore (44d46e3).

Contributors

The following developers contributed to Bodhi 3.10.0:

• Anatoli Babenia
• Clement Verna
• Mattia Verga
• Owen W. Taylor
• Patrick Uiterwijk
• Pierre-Yves Chibon
• Ralph Bean
• Rick Elrod
• Vismay Golwala
• Randy Barlow

17 Sep 2018 3:50pm GMT

After only 3 take off/landings I was very happy to participate in the Stein PTG in Denver. This is a brief summary with pointers of the sessions or rooms I attended in the order they happened (Stein PTG Schedule)

• Upgrades ci with the stand-alone deployment
• Upgrades SIG
• Edge room
• TripleO room

Upgrades CI with the stand-alone deployment

We had a productive impromptu round table (weshay++) in one of the empty rooms with the tripleo ci folks present (weshay, panda, sshnaidm, arxcruz, marios) the tripleo upgrades folks present (chem and holser) as well emeritus PTL mwahaha around the stand-alone and how we can use it for upgrades ci. We introduced the proposed spec and one of the main topics discussed was, ultimately is it worth it, to solve all of these subproblems to only end up with some approximation of the upgrade?

The consensus was yes since we can have 2 types of upgrades job: use the stand-alone to ci the actual tasks, i.e. upgrade_tasks and deployment_tasks for each service in the tripleo-heat-templates, and another job (the current job which will be adapted) to ci the upgrades workflow tripleoclient/mistral workflows etc. There was general consensus in this approach between the upgrades and ci representatives so that we could try and sell it to the wider team in the tripleo room on wednesday together.

Upgrades Special Interest Group

Room etherpad.

Monday afternoon was spent in the upgrades SIG room. There was first discussion of the placement api extraction and how this would have to be dealt with during the upgrade, with a solution sketched out around the db migrations required.

This lead into discussion around pre-upgrade checks that could deal with things like db migrations (or just check if something is missing and fail accordingly before the upgrade). As I was reminded during the lunchtime presentations pre upgrade checks is one of the Stein community goals (together with python-3). The idea is that each service would own a set of checks that should be performed before an upgrade is run and that they would be invoked via the openstack client (sthing along the lines of 'openstack pre-upgrade-check nova' - I believe there is already some implementation (from the nova team) but I don't readily have details.

There was then a productive discussion about the purpose and direction of the upgrades SIG. One of the points raised was that the SIG should not be just about the fast forward upgrade even though that has been a main focus until now. The pre-upgrade checks are a good example of that and the SIG will try and continue to promote these with adoption by all the OpenStack services. On that note I proposed that whilst the services themselves will own the service specific pre-upgrade checks, it's the deployment projects which will own the pre-upgrade infrastructure checks, such as healthy cluster/database or responding service endpoints.

There was ofcourse discussion around the fast forward upgrade with status updates from the deployment projects present (kolla-ansible, TripleO, charms, OSA). TripleO is the only project with an implemented workflow at present. Finally there was a discussion about whether we're doing better in terms of operator experience for upgrades in general and how we can continue to improve (e.g. rolling upgrades was one of the discussed points here).

Edge room

Room etherpad Room etherpad2 Use cases Edge primer

I was only in attendance for the first part of this session which was about understanding the requirements (and hopefully continuing to find the common ground). The room started with a review of the various proposed use cases from dublin and any review of work since then. One of the main points raised by shardy is that in TripleO whilst we have a number of exploratory efforts ongoing (like split controlplane for example) it would be good to have a specific architecture to aim for and that is missing currently. It was agreed that the existing use cases will be extended to include the proposed architecture and that these can serve as a starting point for anyone looking to deploy with edge locations.

There are pointers to the rest of the edge sessions in the etherpad above.

TripleO room

Room etherpad Team picture

The order of sessions was slightly revised from that listed in the etherpad above because the East coast storms forced folks to change travel plans. The following order is to the best of my recollection ;)

TripleO and Edge cloud deployments

Session etherpad

There was first a summary from the Edge room from shardy and then tripleo specific discussion around the current work (split controlplane). There was some discussion around possibly using/repurposing "the multinode job" for multiple stacks to simulate the Edge locations in ci. There was also discussion around the networking aspects (though this will depend on the architecture which we don't yet have fully targetted) with respect to the tripleo deployment networks (controlplane/internalapi etc) in an edge deployment. Finally there was consideration of the work needed in tripleo-common and the mistral workflows needed for the split controlplane deployment.

OS / Platform

(tracked on main tripleo etherpad linked above)

The main items discussed here were Python 3 support, removing instack-undercloud and "that upgrade" to Centos8 on Stein.

For Python3 the discussion included the fact that in TripleO we are bound by whatever python the deployed services support (as well as what the upstream distribution will be i.e. Centos 7/8 and which python ships where).

For the Centos8/Stein upgrade the upgrades folks chem and holser lead the discussion outlining how we will need a completely new workflow, which may be dictated in large by how the Centos8 is delivered. One of the approaches discussed here was to use a completely external/distinct upgrade workflow for the OS, versus the TripleO driven OpenStack upgrade itself. We got into more details about this during the Baremetal session see below).

TripleO CI

Session etherpad

One of the first items raised was the stand-alone deployment and its use in ci. The general proposal is that we should use a lot more of it! In particular to replace existing jobs (like scenarios 1/2) with a standalone deployement.

There was also discussion around the stand-alone for the upgrades ci as we agreed with the upgrades folks on Monday (spec). The idea of service vs workflow upgrades was presented/solidified here and I have just updated v8 of the spec accordingly to emphasise this point.

Other points discussed in the CI session were testing ovb in infra and how we could make jobs voting. The first move will be towards removing te-broker.

There was also some consideration of the involvement of the ci team with other squads and vice versa. There is a new column in our trello board called "requests from other DFG".

A further point raised was the reproducer scripts and future directions including running and not only generating this in ci. As related side note it sounds like folks are using the reproducer and having some successes.

Ansible / Framework

(tracked on main tripleo etherpad linked above)

In this session an overview of the work towards splitting out the ansible tasks from the tripleo-heat-templates into re-usable roles was given by jillr and slagle. More info and pointers in the the main tripleo etherpad above.

Security

Session etherpad

Discussion around the workflow to change overcloud/service passwords (this is currently borked!). In particular problems around trying to CI this since the deploy takes too long to have deploy + stack update for the passwords and validation within the timeout. Possibly could be a 3rd party (but then non voting) job for now. There was also an overview of work towards using Castellan with TripleO, as well as discussion around selinux and locking down ssh.

UX / UI

Session etherpad

CLI/UI feature parity is a main goal for this cycle (and further probably it seems there is a lot to do) and plan management operations around this. Also good discussion around validations with Tengu joining remotely via Bluejeans to champion the effort of providing a nice way to run these via the tripleoclient.

Baremetal

Session etherpad

This session started with discussion around metalsmith vs nova on the undercloud and the required upgrade path to make this so. Also considered were the overcloud image customization and discussions around network automation (ansible with python-networking-ansible ml2 driver ).

However unexpectedly and the most interesting part of this session personally was an impromptu design session started by ipilcher (prompted by a question from phuongh who I believe was new to the room). The session was about the upgrade to Centos8 and three main approaches were explored, the "big bang" (everything off upgrade everything back), "some kind of rolling upgrade" and finally supporting either Centos8/Rocky or Centos7/Stein. The first and third were deemed unworkable but there was a very lively and well engaged group design session trying to navigate to a workable process for the 'rolling upgrade' aka split personality. Thanks to ipilcher (via bandini) the whiteboards looked like this.

17 Sep 2018 3:00pm GMT

As I teased about last week I recently played around with WSL, which lets you run Linux applications on Windows. This isn't necessarily very useful, as there isn't really a lack of native applications on Windows, but it is still interesting from a technical viewpoint.

I created a wip/WSL branch of flatpak that has some workarounds needed for flatpak to work, and wrote some simple docs on how to build and test it.

There are some really big problems with this port. For example, WSL doesn't support seccomp or network namespaces which removes some of the utility of the sandbox. There is also a bad bug that makes read-only bind-mounts not work for flatpak, which is really unsafe as apps can modify themselves (or the runtime). There were also various other bugs that I reported. Additionally, some apps rely on things on the linux host that don't exist in the WSL environment (such as pulseaudio, or various dbus services).

Still, its amazing that it works as well as it does. I was able to run various games, gnome and kde apps, and even the linux versions of telegram. Massive kudos to the Microsoft developers who worked on this!

I know you crave more screenshots, so here is one:

17 Sep 2018 2:44pm GMT

Josh and Kurt review Bruce Schneier's new book Click Here to Kill Everybody. It's a book everyone could benefit from reading. It does a nice job explaining many existing security problems in a simple manner.

<iframe allowfullscreen="" height="90" mozallowfullscreen="" msallowfullscreen="" oallowfullscreen="" scrolling="no" src="https://html5-player.libsyn.com/embed/episode/id/7052800/height/90/theme/custom/autoplay/no/autonext/no/thumbnail/yes/preload/no/no_addthis/no/direction/backward/render-playlist/no/custom-color/6e6a6a/" style="border: none;" webkitallowfullscreen="" width="100%"></iframe>

Show Notes

• Click Here to Kill Everybody
• There Will Be Cyberwar
• Reddit OSHA

Comment on Twitter with the #osspodcast hashtag

17 Sep 2018 12:13am GMT

AdonisJs is a Node.js web framework with a breath of fresh air and drizzle of elegant syntax on top of it.
We prefer developer joy and stability over anything else.
I tested today this web framework named AdonisJs with Fedora 28.
The main goal was to use mysql with mariadb from Fedora 28 distro.
Let's start with instalation of AdonisJs on Fedora 28:

[root@desk mythcat]# npm i --global @adonisjs/cli
/usr/bin/adonis -> /usr/lib/node_modules/@adonisjs/cli/index.js
...
+ @adonisjs/cli@4.0.7
added 406 packages from 182 contributors in 33.533s

Go to default user:

[root@desk mythcat]# exit
exit

Create the application , I named myapp:

[mythcat@desk ~]$ adonis new myapp
    _       _             _         _     
   / \   __| | ___  _ __ (_)___    | |___ 
  / _ \ / _` |/ _ \| '_ \| / __|_  | / __|
 / ___ \ (_| | (_) | | | | \__ \ |_| \__ \
/_/   \_\__,_|\___/|_| |_|_|___/\___/|___/

  [1/6] 🔬  Requirements matched [node & npm]
  [2/6] 🔦  Ensuring project directory is clean [myapp]
  [3/6] 📥  Cloned [adonisjs/adonis-fullstack-app]
  [4/6] 📦  Dependencies installed
  [5/6] 📖  Environment variables copied [.env]
  [6/6] 🔑  Key generated [adonis key:generate]

🚀   Successfully created project
👉   Get started with the following commands

Let's test the default myapp with this commands:

$ cd myapp
$ adonis serve --dev

[mythcat@desk ~]$ cd myapp
[mythcat@desk myapp]$ adonis serve --dev

 SERVER STARTED 
> Watching files for changes...

2018-09-16T09:47:46.799Z - info: serving app on http://127.0.0.1:3333

This is the result of the running myapp on 127.0.0.1:3333 web address:
Let's see the folders and files from AdonisJS:

[mythcat@desk myapp]$ ls
ace  config    node_modules  package-lock.json  README.md  server.js
app  database  package.json  public             resources  start

The configuration for web files can be see here:

[mythcat@desk myapp]$ vim  start/routes.js 
'use strict'

/*
|--------------------------------------------------------------------------
| Routes
|--------------------------------------------------------------------------
|
| Http routes are entry points to your web application. You can create
| routes for different URL's and bind Controller actions to them.
|
| A complete guide on routing is available here.
| http://adonisjs.com/docs/4.1/routing
|
*/

/** @type {import('@adonisjs/framework/src/Route/Manager'} */
const Route = use('Route')

Route.on('/').render('welcome')
~                                                                               

This is telling Adonis that when the root of the site is loaded, render a template/view called welcome.
That welcome template can be found in /resources/views/welcome.edge.

[mythcat@desk myapp]$ cd resources/
[mythcat@desk resources]$ ll
total 0
drwxrwxr-x. 2 mythcat mythcat 26 Sep 16 12:46 views
[mythcat@desk resources]$ cd views/
[mythcat@desk views]$ ll
total 4
-rw-rw-r--. 1 mythcat mythcat 339 Sep 16 12:46 welcome.edge

Let's see the source code of this default webpage:

[mythcat@desk views]$ vim welcome.edge 
...

For example , if you change into start/routes.js from welcome to index then you need to rename the welcome.edge to index.edge .
About css files you can make changes into public/style.css :

[mythcat@desk myapp]$ cd public/
[mythcat@desk public]$ vim  style.css


@import url('https://fonts.googleapis.com/css?family=Montserrat:300');

html, body {
  height: 100%;
  width: 100%;
}

body {
  font-family: 'Montserrat', sans-serif;
  font-weight: 300;
  background-image: url("/splash.png");
  background-color: #220052;
}

* {
  margin: 0;
  padding: 0;
}
...

Using the mysql database is simple. Into Fedora 28 distro you can use mariadb, let's install it.

[mythcat@desk myapp]$ su
Password: 
[root@desk myapp]# dnf install mariadb mariadb-server
...
Complete!
[root@desk myapp]# systemctl start mariadb
[root@desk myapp]# systemctl status mariadb
● mariadb.service - MariaDB 10.2 database server
...

You need to make changes into .env file into your project folder.

[mythcat@desk myapp]$ vim .env
HOST=127.0.0.1
PORT=3333
NODE_ENV=development
APP_URL=http://${HOST}:${PORT}
CACHE_VIEWS=false
APP_KEY=xxxxxxxxxxxxxxxx
DB_CONNECTION=sqlite
DB_HOST=127.0.0.1
DB_PORT=3306
DB_USER=root
DB_PASSWORD=
DB_DATABASE=adonis
SESSION_DRIVER=cookie
HASH_DRIVER=bcrypt
~

Use this changes for mariadb:

DB_CONNECTION=mysql

Install into AdonisJs with this command:

[mythcat@desk myapp]$ adonis install mysql
  [1/1] 📦  Dependencies installed [mysql]

Use this mysql commands to create the database:

[mythcat@desk myapp]$ mysql -u root
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 18
Server version: 10.2.17-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database adonis;
Query OK, 1 row affected (0.11 sec)

MariaDB [(none)]> exit;
Bye 

Let's test migration command for files to allow you to create and delete tables.

[mythcat@desk myapp]$ adonis migration:run
migrate: 1503248427885_user.js
migrate: 1503248427886_token.js
Database migrated successfully in 4.11 s
[mythcat@desk myapp]$ adonis make:migration jobs
> Choose an action undefined
✔ create  database/migrations/1537095058367_jobs_schema.js

Now that our database and tables have been created, I can create a model for handling jobs table and associated data.
The next tasks to follow depends by your website:

• Creating a Model
• Creating a Controller
• User Authentication

16 Sep 2018 11:15am GMT

Avec la sortie de la nouvelle version de tripwire, j'en profite pour rédiger un tutoriel sur la configuration, l'initialisation et l'utilisation de tripwire.
Tripwire ne peut que constater la modification des fichiers et doit donc être installé/configuré juste après l'installation de la distribution.

Configuration initiale

L'initialisation consiste à créer deux paires de clés, et à chiffrer le fichier de configuration, ainsi que celui de définition de la politique. La paire nommée site servant à chiffrer/déchiffrer les fichiers de configuration et de définition de la politique, et la paire nommée local servant à chiffrer/déchiffrer la base de données et les rapports.

Méthode manuelle pas à pas

Générer la paire de clés nommée site:

sudo twadmin -m G -v -S /etc/tripwire/site.key

Générer la paire de clés nommée local:

sudo twadmin -m G -v -L /etc/tripwire/$(hostname --fqdn)-local.key

Chiffrer le fichier de configuration avec la paire de clés nommée site:

sudo twadmin -m F -c /etc/tripwire/tw.cfg -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt

Chiffrer le fichier de politique avec la paire de clés nommée site:

sudo twadmin -m P -p /etc/tripwire/tw.pol -S /etc/tripwire/site.key /etc/tripwire/twpol.txt

Avec le script qui va bien

Ce script interactif est présent dans le paquet RPM. Dans le cas d'un déploiement automatique (via ansible ou autre), il faudra utiliser la méthode manuelle.

sudo tripwire-setup-keyfiles


----------------------------------------------
The Tripwire site and local passphrases are used to sign a  variety  of
files, such as the configuration, policy, and database files.

Passphrases should be at least 8 characters in length and contain  both
letters and numbers.

See the Tripwire manual for more information.

----------------------------------------------
Creating key files...

(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)

Enter the site keyfile passphrase:
Verify the site keyfile passphrase:
Generating key (this may take several minutes)...Key generation complete.

(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)

Enter the local keyfile passphrase:
Verify the local keyfile passphrase:
Generating key (this may take several minutes)...Key generation complete.

----------------------------------------------
Signing configuration file...
Please enter your site passphrase: 
Wrote configuration file: /etc/tripwire/tw.cfg

A clear-text version of the Tripwire configuration file:
/etc/tripwire/twcfg.txt
has been preserved for your inspection.  It  is  recommended  that  you
move this file to a secure location and/or encrypt it in place (using a
tool such as GPG, for example) after you have examined it.


----------------------------------------------
Signing policy file...
Please enter your site passphrase: 
Wrote policy file: /etc/tripwire/tw.pol

A clear-text version of the Tripwire policy file:
/etc/tripwire/twpol.txt
has been preserved for  your  inspection.  This  implements  a  minimal
policy, intended only to test  essential  Tripwire  functionality.  You
should edit the policy file to  describe  your  system,  and  then  use
twadmin to generate a new signed copy of the Tripwire policy.

Once you have a satisfactory Tripwire policy file, you should move  the
clear-text version to a secure location  and/or  encrypt  it  in  place
(using a tool such as GPG, for example).

Now run "tripwire --init" to enter Database Initialization  Mode.  This
reads the policy file, generates a database based on its contents,  and
then cryptographically signs the resulting  database.  Options  can  be
entered on the command line to specify which policy, configuration, and
key files are used  to  create  the  database.  The  filename  for  the
database can be specified as well. If no  options  are  specified,  the
default values from the current configuration file are used.

Initialisation

On va créer un petit script afin de modifier notre fichier de politique. Celui-ci commentera en direct, dans le fichier de politique, les fichiers absents de notre système.

#/bin/bash

while read line
do
        if [ "${line:0:13}" == "### Filename:" ]
        then
                key=$(echo ${line:14} | sed "s;/;\\\\/;g")
                sudo sed -i -e "/${key}/ s/^/#/" /etc/tripwire/twpol.txt
        fi
done

On lance une première fois l'initialisation en envoyant la sortie sur notre script.

sudo tripwire --init | /tmp/configure-tripwire.sh

Une fois notre fichier de politique modifier, on va chiffrer ce fichier, encore une fois

sudo twadmin -m P -p /etc/tripwire/tw.pol -S /etc/tripwire/site.key /etc/tripwire/twpol.txt

Et on relance l'initialisation

sudo tripwire --init

Utilisation

Tripwire n'utilise que la version chiffrée des fichiers de configuration et de définition de la politique. On peut tout à fait supprimer/vider les fichiers en clair. On peut toutefois les récupérer à partir de leur version chiffrée.

• Récupération du fichier de configuration

  sudo twadmin -m f > /etc/tripwire/twcfg.txt
  

• Récupération du fichier de définition de la politique

  sudo twadmin -m p > /etc/tripwire/twpol.txt
  

Tâches usuelles:

• Vérification du système (En plus de la tâche planifiée). C'est utile après un mise à jour, pour valider ensuite ces modifications.

  sudo tripwire --check
  

• Application des modifications du système trouvées lors de la vérification dans la base de données et rapportées dans le rapport

  sudo tripwire --update --accept-all --twrfile /var/lib/tripwire/report/<nom d'hôte pleinement qualifié>-<date du rapport>-<heure du rapport>.twr
  

• Mise à jour de la politique, une fois le fichier /etc/tripwire/twpol.txt modifié

  sudo tripwire --update-policy -p /etc/tripwire/tw.pol --secure-mode low /etc/tripwire/twpol.txt
  

• Visualiser un rapport précis

  sudo twprint -m r -r /var/lib/tripwire/report/web.tartarefr.eu-20180520-033515.twr
  

• Dumper de la base de données

  sudo twprint -m d
  

15 Sep 2018 3:00pm GMT

With Microsoft and the rest of the tech industry trying to flaunt their open source bona fides, people keep trotting out deeply flawed analyses of "who contributes most to open source" based on … what they can measure on GitHub. For many reasons, using GitHub as the gold standard for open source contributions is extremely biased and doesn't […]

15 Sep 2018 2:04pm GMT

Here's your report of what has happened in Fedora Program Management this week. The Fedora 29 Beta was declared No-Go and will move to the alternate target date of 25 September. Also, the Respins SIG announced an updated set of live ISOs for Fedora 28.

I've set up weekly office hours in #fedora-meeting. Drop by if you have any questions or comments about the schedule, Changes, elections or anything else.

Upcoming meetings

• Blocker review meeting: 1600 UTC on Monday in in #fedora-blocker-review
• FPgM office hours: 1300 UTC on Wednesday in #fedora-meeting
• Council (Subproject Report: Fedora & CentOS CI): 1400 UTC on Wednesday on meet.jit.si
• Fedora 29 Beta Go/No Go: 1700 UTC on Thursday in #fedora-meeting-1

Schedule

Fedora 29

• Beta freeze is underway through September 18.
• Beta release date is now targeted at 25 September. The GA date remains unchanged.

Fedora 30

• Added the keepalive deadline approved by FESCo to the Spins schedule.

Fedora 29 Status

• Release Readiness Meeting minutes
• Blocker bugs and freeze exceptions

Changes

The numbers below reflect the current state of Bugzilla tracking bugs.

Deferred to Fedora 30

• Make BootLoaderSpec-style configuration files the default
• uEFI for ARMv7
• Make dbus-broker the default DBus implementation

Fedora 30 Changes

Fedora 30 includes a Change that will cause ambiguous python shebangs to error. A list of failing builds is available on Taskotron.

Approved

• Mass Python2 package removal
• Make ambiguous python shebangs error
• No more automagic Python bytecompilation (phase 2)
• Remove glibc-all-langpacks from buildroot
• Remove the Group: Tag From All Packages
• FreeIPA Python 2 removal

The post FPgM report: 2018-37 appeared first on Fedora Community Blog.

14 Sep 2018 8:21pm GMT