16 Jul 2018

feedFedora People

Petr Kovar: GUADEC 2018

Back from GUADEC, held in the beautiful Andalusian city of Almería, Spain, from 6th July through 11th July, 2018, I wanted to share a few notes wrt documentation and localization activities at the conference and during the traditional post-conference hacking days.

Mike Hill and Rudolfs Mazurs already blogged about their reflections of GUADEC. I'd add that we had some i18n and L10n-related talks in the schedule (machine translations, input methods), which was a nice improvement in terms of representation from previous years.

The space available for the Birds of a Feather sessions this year was rather limited, so we could only secure an afternoon slot (thanks Kat!) for our docs+translators meetup. We were joined for a while by a group of local documentation writers creating Spanish manuals for the local market. After that, we focused on two main areas.

One was related to the recent migration of GNOME projects to GitLab and involved looking into usability of our wiki docs for contributors and, specifically, newcomers. We found quite a few outdated references to git.gnome.org, Bugzilla and the like, with the biggest issue, however, being the suboptimal overall structure of the contributor guides on the wiki. We also looked into how to improve submitting user feedback and switching languages for the users of help.gnome.org (and yelp).

The other area discussed was making our CI checks for GNOME documentation modules much more robust, with the idea of using the GitLab CI integration to its full potential with tests verifying translations and more.

You can find all notes from the meetup in our Etherpad.

There was also some continued discussion on reworking the GNOME developer center, but I couldn't take part in its final installment on Wednesday, as I was already flying out.

I'd like to thank the GNOME Foundation for their continued support in funding my travel.

16 Jul 2018 3:01pm GMT

Fedora Community Blog: Fedora 28 Release Party at Mexico City

On May 29, 2018 we celebrate our second release party in the UAM Azcapotzalco, this time the talks was given by Alberto Rodriguez Sanchez (bt0dotninja) one of the Fedora Ambassadors in the Mexico City. This release party had two main activities:

  1. "Introducing Fedora 28 " talk.
  2. and one improvised "How to contribute to the Fedora project" talk.

Four F's section

Introducing Fedora 28 talk


This talk was focus in the major improvements and new features of Fedora 28 from the perspective of casual user, developer and system administrator with emphasis on the following points:

Also we talked about the actual community objectives: Modularity, CI/CD and IoT.

How to contribute to the Fedora Project

Originally, this talk was not planned but the interest from some attendees become evident so I talk about my experience as Fedora contributor from my first WCIDFF visit to become part of the CommOps team.

We did a little demonstration with the details of the creation of a FAS account and a trip into WCIDFF and the Fedora Developer Portal.

From WCIDFF to CommOps

This release party in numbers

Indicators F27 RP F28 RP
Attendees 26 13
New FAS accounts 0 8
New Installations 2 3
Pizza 0 8


One of the most important lessons learned has to see that even Fedora is popular in some places should always try to reach new groups and improve the diffusion of events and even when the how to contribute to the Fedora project was not planned talk (this time at least) it's a important part of every release party. I really enjoyed organizing this release party and I am really hoping that this event becomes a tradition. See you in the F29 Release party.

Pizza time

The post Fedora 28 Release Party at Mexico City appeared first on Fedora Community Blog.

16 Jul 2018 12:30pm GMT

Lukas Vrabec: How to enable full auditing in audit daemon?

Full auditing in audit deamon could be useful e.g. to identify which object on system has too tight rules and object is causing dac_override SELinux denial. More info in my previous post.
Open /etc/audit/rules.d/audit.rules file in an editor.

1. Remove following line if it exists:

-a task,never

2. Add following line at the end of the file:

-w /etc/shadow -p w

3. Restart the audit daemon:

 # service auditd restart

4. Re-run your scenario.

Full auditing is useful when full paths to accessed objects are needed or certain audit event fields, which are normally hidden, should be visible.

The procedure works on Red Hat Enterprise Linux >= 5 and Fedoras.

If /etc/audit/rules.d/audit.rules file does not exist, please edit /etc/audit/audit.rules directly. Older versions of audit did not generate /etc/audit/audit.rules from /etc/audit/rules.d/audit.rules.

More info at: https://danwalsh.livejournal.com/34903.html
Thanks Milos Malik for this article.

The post How to enable full auditing in audit daemon? appeared first on Lukas Vrabec.

16 Jul 2018 9:14am GMT

Fedora Magazine: 3 cool productivity apps for Fedora 28

Productivity apps are especially popular on mobile devices. But when you sit down to do work, you're often at a laptop or desktop computer. Let's say you use a Fedora system for your platform. Can you find apps that help you get your work done? Of course! Read on for tips on apps to help you focus on your goals.

All these apps are available for free on your Fedora system. And they also respect your freedom. (Many also let you use existing services where you may have an account.)


FocusWriter is simply a full screen word processor. The app makes you more productive because it covers everything else on your screen. When you use FocusWriter, you have nothing between you and your text. With this app at work, you can focus on your thoughts with fewer distractions.

Screenshot of FocusWriter

FocusWriter lets you adjust fonts, colors, and theme to best suit your preferences. It also remembers your last document and location. This feature lets you jump right back into focusing on writing without delay.

To install FocusWriter, use the Software app in your Fedora Workstation. Or run this command in a terminal using sudo:

sudo dnf install focuswriter


This unique app is designed, as you can guess, for the GNOME desktop environment. It's a great fit for your Fedora Workstation for that reason. ToDo has a simple purpose: it lets you make lists of things you need to get done.

Screenshot from GNOME ToDo on Fedora 28

Using ToDo, you can prioritize and schedule deadlines for all your tasks. You can also build as many tasks lists as you want. ToDo has numerous extensions for useful functions to boost your productivity. These include GNOME Shell notifications, and list management with a todo.txt file. ToDo can even interface with a Todoist or Google account if you use one. It synchronizes tasks so you can share across your devices.

To install, search for ToDo in Software, or at the command line run:

sudo dnf install gnome-todo


If you are a KDE using productivity fan, you may enjoy Zanshin. This organizer helps you plan your actions across multiple projects. It has a full featured interface, and lets you browse across your various tasks to see what's most important to do next.

Screenshot of Zanshin on Fedora 28

Zanshin is extremely keyboard friendly, so you can be efficient during hacking sessions. It also integrates across numerous KDE applications as well as the Plasma Desktop. You can use it inline with KMail, KOrganizer, and KRunner.

To install, run this command:

sudo dnf install zanshin

Photo by Cathryn Lavery on Unsplash.

16 Jul 2018 8:00am GMT

Open Source Security Podcast: Episode 105 - More backdoors in open source

Josh and Kurt talk about some recent backdoor problems in open source packages. We touch on is open source secure, how that security works, and what it should look like in the future. This problem is never going to go away or get better, and that's probably OK.

<iframe allowfullscreen="" height="90" mozallowfullscreen="" msallowfullscreen="" oallowfullscreen="" scrolling="no" src="https://html5-player.libsyn.com/embed/episode/id/6814252/height/90/theme/custom/autoplay/no/autonext/no/thumbnail/yes/preload/no/no_addthis/no/direction/backward/render-playlist/no/custom-color/6e6a6a/" style="border: none;" webkitallowfullscreen="" width="100%"></iframe>

Show Notes

Join our Facebook Group
Comment on Twitter with the #osspodcast hashtag

16 Jul 2018 1:08am GMT

14 Jul 2018

feedFedora People

Fedora-Blog.de: Xfce: Compton als Compositor nutzen

Bitte beachtet auch die Anmerkungen zu den HowTos!

Der Xfce4-Window-Manager xfwm4 besitzt zwar selber Compositing-Funktionen, jedoch ist Compton eine interessante Alternative dazu, die nebenbei auch einige Anzeigeprobleme, wie z.B. Tearing beseitigt.

Um Compton nutzen zu können, muss zuerst in den Xfce-Einstellungen unter "Feineinstellungen der Fensterverwaltung" im Tab "Komposit" das Xfwm-Compositing deaktiviert werden.

Anschließend kann man Compton mittels

su -c'dnf install compton'

aus den Fedora-Repositories installieren. Bevor wir Compton jedoch in Dienst stellen, legen wir zuerst unter /.config eine Konfigurationsdatei für Compton an

nano ~/.config/compton.conf

Als Inhalt empfiehlt sich folgendes:

# Backend

# Backend to use: "xrender" or "glx".
# GLX backend is typically much faster but depends on a sane driver.
backend = "glx";

# GLX backend

glx-no-stencil = true;

# GLX backend: Copy unmodified regions from front buffer instead of redrawing them all.
# My tests with nvidia-drivers show a 10% decrease in performance when the whole screen is modified,
# but a 20% increase when only 1/4 is.
# My tests on nouveau show terrible slowdown.
# Useful with --glx-swap-method, as well.
glx-copy-from-front = false;

# GLX backend: Use MESA_copy_sub_buffer to do partial screen update.
# My tests on nouveau shows a 200% performance boost when only 1/4 of the screen is updated.
# May break VSync and is not available on some drivers.
# Overrides --glx-copy-from-front.
# glx-use-copysubbuffermesa = true;

# GLX backend: Avoid rebinding pixmap on window damage.
# Probably could improve performance on rapid window content changes, but is known to break things on some drivers (LLVMpipe).
# Recommended if it works.
# glx-no-rebind-pixmap = true;

# GLX backend: GLX buffer swap method we assume.
# Could be undefined (0), copy (1), exchange (2), 3-6, or buffer-age (-1).
# undefined is the slowest and the safest, and the default value.
# copy is fastest, but may fail on some drivers,
# 2-6 are gradually slower but safer (6 is still faster than 0).
# Usually, double buffer means 2, triple buffer means 3.
# buffer-age means auto-detect using GLX_EXT_buffer_age, supported by some drivers.
# Useless with --glx-use-copysubbuffermesa.
# Partially breaks --resize-damage.
# Defaults to undefined.
glx-swap-method = "undefined";

# Shadows

# Enabled client-side shadows on windows.
shadow = true;
# Don't draw shadows on DND windows.
no-dnd-shadow = true;
# Avoid drawing shadows on dock/panel windows.
no-dock-shadow = true;
# Zero the part of the shadow's mask behind the window. Fix some weirdness with ARGB windows.
clear-shadow = true;
# The blur radius for shadows. (default 12)
shadow-radius = 5;
# The left offset for shadows. (default -15)
shadow-offset-x = -5;
# The top offset for shadows. (default -15)
shadow-offset-y = -5;
# The translucency for shadows. (default .75)
shadow-opacity = 0.5;

# Set if you want different colour shadows
# shadow-red = 0.0;
# shadow-green = 0.0;
# shadow-blue = 0.0;

# The shadow exclude options are helpful if you have shadows enabled. Due to the way compton draws its shadows, certain applications will have visual glitches
# (most applications are fine, only apps that do weird things with xshapes or argb are affected).
# This list includes all the affected apps I found in my testing. The "! name~=''" part excludes shadows on any "Unknown" windows, this prevents a visual glitch with the XFWM alt tab switcher.
shadow-exclude = [
    "! name~=''",
    "name = 'Notification'",
    "name = 'Plank'",
    "name = 'Docky'",
    "name = 'Kupfer'",
    "name = 'xfce4-notifyd'",
    "name *= 'VLC'",
    "name *= 'compton'",
    "name *= 'Chromium'",
    "name *= 'Chrome'",
    "name *= 'Firefox'",
    "class_g = 'Conky'",
    "class_g = 'Kupfer'",
    "class_g = 'Synapse'",
    "class_g ?= 'Notify-osd'",
    "class_g ?= 'Cairo-dock'",
    "class_g ?= 'Xfce4-notifyd'",
    "class_g ?= 'Xfce4-power-manager'"
# Avoid drawing shadow on all shaped windows (see also: --detect-rounded-corners)
shadow-ignore-shaped = false;

# Opacity

menu-opacity = 1;
inactive-opacity = 1;
active-opacity = 1;
frame-opacity = 1;
inactive-opacity-override = false;
alpha-step = 0.06;

# Dim inactive windows. (0.0 - 1.0)
# inactive-dim = 0.2;
# Do not let dimness adjust based on window opacity.
# inactive-dim-fixed = true;
# Blur background of transparent windows. Bad performance with X Render backend. GLX backend is preferred.
# blur-background = true;
# Blur background of opaque windows with transparent frames as well.
# blur-background-frame = true;
# Do not let blur radius adjust based on window opacity.
blur-background-fixed = false;
blur-background-exclude = [
    "window_type = 'dock'",
    "window_type = 'desktop'"

# Fading

# Fade windows during opacity changes.
fading = true;
# The time between steps in a fade in milliseconds. (default 10).
fade-delta = 4;
# Opacity change between steps while fading in. (default 0.028).
fade-in-step = 0.03;
# Opacity change between steps while fading out. (default 0.03).
fade-out-step = 0.03;
# Fade windows in/out when opening/closing
# no-fading-openclose = true;

# Specify a list of conditions of windows that should not be faded.
fade-exclude = [ ];

# Other

# Try to detect WM windows and mark them as active.
mark-wmwin-focused = true;
# Mark all non-WM but override-redirect windows active (e.g. menus).
mark-ovredir-focused = true;
# Use EWMH _NET_WM_ACTIVE_WINDOW to determine which window is focused instead of using FocusIn/Out events.
# Usually more reliable but depends on a EWMH-compliant WM.
use-ewmh-active-win = true;
# Detect rounded corners and treat them as rectangular when --shadow-ignore-shaped is on.
detect-rounded-corners = true;

# Detect _NET_WM_OPACITY on client windows, useful for window managers not passing _NET_WM_OPACITY of client windows to frame windows.
# This prevents opacity being ignored for some apps.
# For example without this enabled my xfce4-notifyd is 100% opacity no matter what.
detect-client-opacity = true;

# Specify refresh rate of the screen.
# If not specified or 0, compton will try detecting this with X RandR extension.
refresh-rate = 0;

# Set VSync method. VSync methods currently available:
# none: No VSync
# drm: VSync with DRM_IOCTL_WAIT_VBLANK. May only work on some drivers.
# opengl: Try to VSync with SGI_video_sync OpenGL extension. Only work on some drivers.
# opengl-oml: Try to VSync with OML_sync_control OpenGL extension. Only work on some drivers.
# opengl-swc: Try to VSync with SGI_swap_control OpenGL extension. Only work on some drivers. Works only with GLX backend. Known to be most effective on many drivers. Does not actually control paint timing, only buffer swap is affected, so it doesn't have the effect of --sw-opti unlike other methods. Experimental.
# opengl-mswc: Try to VSync with MESA_swap_control OpenGL extension. Basically the same as opengl-swc above, except the extension we use.
# (Note some VSync methods may not be enabled at compile time.)
vsync = "opengl-swc";

# Enable DBE painting mode, intended to use with VSync to (hopefully) eliminate tearing.
# Reported to have no effect, though.
dbe = false;
# Painting on X Composite overlay window. Recommended.
paint-on-overlay = true;

# Limit compton to repaint at most once every 1 / refresh_rate second to boost performance.
# This should not be used with --vsync drm/opengl/opengl-oml as they essentially does --sw-opti's job already,
# unless you wish to specify a lower refresh rate than the actual value.
sw-opti = false;

# Unredirect all windows if a full-screen opaque window is detected, to maximize performance for full-screen windows, like games.
# Known to cause flickering when redirecting/unredirecting windows.
# paint-on-overlay may make the flickering less obvious.
unredir-if-possible = true;

# Specify a list of conditions of windows that should always be considered focused.
focus-exclude = [ ];

# Use WM_TRANSIENT_FOR to group windows, and consider windows in the same group focused at the same time.
detect-transient = true;
# Use WM_CLIENT_LEADER to group windows, and consider windows in the same group focused at the same time.
# WM_TRANSIENT_FOR has higher priority if --detect-transient is enabled, too.
detect-client-leader = true;

# Window type settings

    tooltip =
        # fade: Fade the particular type of windows.
        fade = true;
        # shadow: Give those windows shadow
        shadow = false;
        # opacity: Default opacity for the type of windows.
        opacity = 0.85;
        # focus: Whether to always consider windows of this type focused.
        focus = true;

Anschließend kann Compton mittels

compton -b

gestartet werden.

Wer Compton zukünftig automatisch starten lassen möchte, legt einfach in den Xfce-Einstellungen unter "Sitzung und Startverhalten" im Tab "Automatisch gestartet Anwendungen" einen entsprechenden Eintrag für Compton an.

14 Jul 2018 5:13pm GMT

Matthias Clasen: The Flatpak BoF at Guadec

Here is a quick summary of the Flatpak BoF that happened last week at Guadec.

1.0 approaching fast

We started by going over the list of outstanding 1.0 items. It is a very short list, and they should all be included in an upcoming 0.99.3 release.

1.0 preparation

Alex will do a 0.99.3 release with all outstanding changes for 1.0 (Update: this release has happened by now). Matthias will work with Allan and Bastien on the press release and other materials. Nick is very interested in having information about runtime availability, lifetime and stability easily available on the website for 1.0.

We agreed to remove the 'beta' label from the flathub website.

Post 1.0 plans

There was a suggestion that we should have an autostart portal. This request spawned a bigger discussion of application life-cycle control, background apps and services. We need to come up with a design for these intertwined topics before adding portals for it.

After 1.0, Alex wants to focus on tests and ci for a while. One idea in this area is to have a scriptable test app that can make portal requests.

Automatic migration on renames or EOL is on Endless' wishlist.

Exporting repositories in local networks is a feature that Endless has, but it may end up upstream in ostree instead of flatpak.

Everybody agreed that GNOME Software should merge apps from different sources in a better way.

For runtimes, the GNOME release teams aims to have the GNOME runtime built using buildstream, on top of the freedesktop 1.8 runtime. This may or may not happen in time for GNOME 3.30.

14 Jul 2018 3:54pm GMT

Alvaro Castillo: Como solucionar el problema de Netflix y Vivaldi en Linux

En el post anterior, estuvimos hablando sobre Vilvadi. Un navegador que se liberó en contraposición del rumbo que tomó Opera con su comunidad dando origen a su primera versión el 12 de abril del 2016.

Sin embargo, hemos tenido problemas al reproducir videos con Netflix o Atres Player porque al parecer hay un problema con los códecs. Fedora por ejemplo no incorpora códecs propietarios a menos que instales un repositorio adicional y los instales. No obstante, hemos hecho un sondeo por sus foro...

14 Jul 2018 3:20pm GMT

13 Jul 2018

feedFedora People

Ben Williams: F28-20180712 Updated isos released

The Fedora Respins SIG is pleased to announce the latest release of Updated F28-20180712 Live ISOs, carrying the 4.17.4-200 kernel.

This set of updated isos will save about 900+ MB of updates after install. (for new installs.)

We would also like to thank Fedora- QA for running the following Tests on our ISOs.: https://openqa.fedoraproject.org/tests/overview?distri=fedora&version=28&build=FedoraRespin-28-updates-20180712.0&groupid=1

These can be found at http://tinyurl.com/live-respins .We would also like to thank the following irc nicks for helping test these isos: dowdle, and Southern_Gentlem.

As always we are always needing Testers to help with our respins. We have a new Badge for People whom help test. See us in #fedora-respins on Freenode IRC.

13 Jul 2018 5:42pm GMT

Peter Robinson: Fedora on the UDOO Neo

Some time ago I backed the UDOO Neo Kickstarter as it looked like a nifty, well featured, IoT device. I got the full option which came with 1Gb RAM and both wired and wireless Ethernet and some add-on sensors. It was a well run kickstarter campaign and the device was well packaged with a fab box. It has both a Cortex-A9 processor to run Fedora and a Cortex-M4 embedded processor to enable you to do Arduino style functionality which should be interesting to experiment with.

For various reasons it has sat around gathering dust, it's been a bit of a long drawn out process with me randomly poking it as time allowed.. Primarily this was because there was no decent upstream U-Boot and kernel support, and I'd not had the time to hack that up myself from various downstream git repositories, but even without Fedora support their forked Ubuntu distro in the form of UDOObuntu has an experience that is truly terrible!

Late 2016 the problem of a lack of upstream support for U-Boot and kernel changed with initial basic support landing upstream for all three (Basic, Extended and Full) models so with a few cycles over a weekend it was time to dust it off to see if I could get Fedora 26 (did I mention this has been long running?) running on it and to see what worked.

The first thing for me to do was to setup a serial console for easy debugging. The UDOO Neo documentation is generally outstanding and the pins for the UART1 TTL are documented. Two things to note here is that the headers are female rather than the usual SBC male pins so I had to bodge my usual usb to serial TTL with some male-male jumper wires and you'll need a ground for the TTL which is undocumented on their page, I used one of the GNDs as documented on connector J7 and all was good.

So after an initial set of fixes to the U-Boot support it saw my Fedora install and started to boot! Success! Well sort of, as mentioned above the initial support is rudimentary, it started to boot the kernel and very quickly managed to corrupt and destroy the filesystem not making it much beyond switch root. That wasn't good. In the last week or two I've had a little time to look again, similar issues, it was better than it was a year or so ago but it still ended up with corruption. I reached out to one of the maintainers from NXP that deals with a bunch of the i.MX platforms and I got directed to a handful of patches, a test kernel and image later and a test boot… all the way to initial-setup! SUCCESS!

The core support for the i.MX6SX SoC and the UDOO Neo is pretty reasonable, with the MMC fixes it's been very stable, all the core bits are working as expected, included wired and wireless network, thermal, cpufreq, crypto and it looks like the display should work fine. There's a few quirks that I need to investigate further which should provide for a fun evening or weekend hacking. There has also been recently merged support for the i.MX6SX Cortex-M4 land upstream in Zephyr upstream for the 1.13 release, so getting that running and communication using Open-AMP between Fedora and Zephyr should also be an interesting addition. I think this will be a welcome addition to Fedora 29, and not a moment too soon!!

13 Jul 2018 12:00pm GMT

Fedora Magazine: Share awesome Fedora content here on the Magazine

Do you know how to do something on Fedora that needs to be shared with the world? Want to share an awesome piece of Fedora news that you know? Do you or someone you know use Fedora in an interesting way? The Fedora Magazine is always open for new contributors to write awesome, relevant content. Fedora Magazine is run by the Fedora community: users, developers, and everyone in between.

While much of our content features material for Workstation users, we also feature articles for other Fedora users: sysadmins, power users, and developers that use Fedora.

Be sure to get in contact with us even if you just have an awesome article idea, making more content that you all want to see is a primary goal of the Fedora Magazine.

How do I get started?

It's easy to start writing for Fedora Magazine! You just need to have decent skill in written English, since that's the language in which we publish. Our editors can help polish your work for maximum impact.

Follow this easy process to get involved.

The writers and editors use the Fedora Magazine mailing list to plan future articles. Create a new thread to that list and introduce yourself. If you have some ideas for posts, add them to your message as well. The Magazine team will then guide you through getting started. The team also hangs out on #fedora-magazine on Freenode. Drop by, and we can help you get started

13 Jul 2018 8:00am GMT

Charles-Antoine Couret: Compte rendu des Rencontres Mondiales du Logiciel Libre 2018

C'est ma première venue dans la ville de Strasbourg, je débarque pour promouvoir le projet Fedora et bien entendu l'association Borsalinux-fr.

gaia m'a bien rejoint et m'a accompagné toute la semaine. Merci à lui pour l'assistance et pour ces agréables moments.

RMLL 2018-Stand.jpg


Le samedi fut un peu chaotique niveau organisation apparemment, du coup nous n'étions pas à l'emplacement prévu tout en étant éloignés des lieux de conférences. Donc assez peu de visiteurs avec environ 5 personnes sur notre stand. J'ai croisé à l'occasion Véronique Fritière qui organisait les JM2L à Sophia-Antipolis traditionnellement. Ils m'ont invité à rejoindre l'édition de cette année (redevenu un évènement annuel au passage) le 15 décembre. J'ai passé la soirée à manger avec des membres et contributeurs de Zeste de Savoir, un site libre de tutoriels en français que je fréquente beaucoup et que je recommande.

Le dimanche, nous nous sommes installés à l'université entre Zeste de Savoir et Haiku ce qui fut bien sympathique tout le long de la semaine. Ce fut plus fourni avec 15-20 personnes utilisateurs ou non de Fedora. Dont des anglophones. On a croisé aussi le président du LUG de Remi Collet qui a tenu à passer le bonjour. Rien de plus spécifique.

Le lundi a été source d'un repas avec Jean-Baptiste, responsable traduction de Fedora en français qui est un régional de l'étape. Repas local à coup de tartes flambées suivi d'une petite visite agréable de la charmante ville hôte des lieux. Discussions intéressantes sur comment essayer d'attirer des nouveaux contributeurs. Agrémentées bien sûr les critiques habituelles de Zanata et de la procédure de traduction dans Fedora. Cela me donne de quoi travailler pour la suite. Merci pour l'accueil et ce moment sympathique. On devrait se voir plus souvent. ;-)

Le lundi s'est terminé par une discussion avec Benoît Sibaud sur le vénérable site linuxfr.org qui publie régulièrement mon contenu à propos de Fedora. Et la visite d'Adrien D et TheSuperGeek du canal IRC. Échanges intéressantes et toujours un plaisir de mettre une tête sur un pseudonyme ou une voix. Environ une dizaine de personnes se sont arrêtées chez nous.

Le mardi environ une dizaine de personnes sont venues, dont un qui a discuté du manque du paquet d'ancestris (pour faire de la généalogie) dans les dépôts de Fedora. J'en ai profité également pour faire un tour des stands présents, en particulier Mozilla dont j'apprécie beaucoup les travaux. J'ai eu le droit à une démonstration du synthétiseur / reconnaissance vocale et de WebVR. Intéressant pour la suite.

Le soir nous avons fait un tour à l'activité LAN party des RMLL. Soirée orientée rétro gaming, nous avons pu jouer à quelques jeux de la SNES mini, Supertuxkart et Flightgear accompagné d'un pilote licencié et de son matériel de simulation rendant l'expérience bien amusante.

RMLL 2018-Flightgear

Le mercredi matin a été l'occasion de présenter ma conférence sur les Apports de Fedora Workstation à l'écosystème du Logiciel Libre. Cela s'est bien passé, il y avait environ une quizaine de personnes qui y ont assistées et ils semblaient satisfaits. Un enregistrement ayant eu lieu, la vidéo devrait être disponible à un certain moment. Ensuite partage d'un repas avec gaia pour notre dernier jour dans une brasserie du coin. Durant l'après-midi le stand a accueilli une dizaine personnes encore. Nous avons généré notre seule image Live ce jour-là.

Pour finir, un petit troll sur l'EuheuheuhPC 701 avec Thierry Stoehr. La machine était en effet incroyable pour l'époque (et son prix !).

Bilan des discussions

gaia semble satisfait des changements dans la doc et les notes de version, il va nous soumettre normalement une liste d'articles ou d'infos qui manquent et qui pourrait être selon lui utile. Il souhaiterait qu'on centralise quelque part sur Peertube probablement les vidéo francophones de qualité parlant de Fedora. Et pourquoi pas en produire nous mêmes aussi.

On a eu le retour d'une utilisatrice malvoyante qui a fait des commentaires élogieux de Fedora par rapport à ce cas d'usage grâce à la disponibilité des derniers outils libres comme Orca pour ces utilisateurs. Même si elle utilise une distribution fournie par Hypra (basée sur Debian) pour bénéficier d'une meilleure synthèse et reconnaissance vocale via des outils propriétaires spécialisés.

Adrien D. semble satisfait de Fedora même s'il ne l'utilise pas au quotidien. Il n'a critiqué que la qualité de l'outil dnfdragora pour gérer les paquets graphiquement. On a évoqué la possibilité de travailler ensemble aux alentours de la sortie de Fedora 29 pour proposer une vidéo de tests avec questions / réponses à la fin. Ce serait en tout cas je pense enrichissant d'aller vers plus de vidéos. Et il accepte de nous fournir ses vidéos à propos de Fedora, ses vidéos étant dans l'ensemble de qualité ce qui est appréciable.

Une ambassadrice de Mageia a mentionné une discussion avec Emmanuel Seyman à propos de faire des commandes communes pour certains goodies afin de réduire les coûts ce qui est en effet une possibilité intéressante.

Un utilisateur professionnel de Fedora semble avoir des soucis avec VirtualBox, valgrind, ansible et VMware quand il y a gros changement de versions. Autrement il en semble satisfait, et de la communication de Fedora-fr aussi.

Un ex-utilisateur s'est plaint de l'instabilité d'Anaconda, notre installateur qui à force de cracher à empêcher l'installation. Un autre de son temps de démarrage long dans sa configuration. Enfin, une utilisatrice locale nous a pointé ses difficultés à recharger sa carte de transport en commun avec Fedora.

Pour le reste, des curieux ou des utilisateurs satisfaits dans l'ensemble de la distribution. Malgré les fortunes diverses mentionnées plus haut.

Merci en tout cas aux organisateurs pour cet évènement. Ce n'est pas évident de faire de l'évènementiel, j'en sais quelque chose. Bon courage en tout cas, cela a été dans l'ensemble sympa d'y être, de voir ce beau monde et de discuter avec des utilisateurs et contributeurs de tous les horizons.

13 Jul 2018 6:00am GMT

Fabio Alessandro Locati: Why you should bundle the root CAs in your image

If you have ever used Docker or any other Linux OCI container system, you inevitably have incurred in the following error: x509: failed to load system roots and no roots provided This message is remembering you that you forgot to provide Root Certificate Authorities to your application. There are two different ways to solve this: mount the /etc/ssl/certs folder from the machine where the container is running bundling the root CAs in your image As you may imagine from the title, I believe that the second option is by far better than the first one.

13 Jul 2018 12:00am GMT

12 Jul 2018

feedFedora People

Brian "bex" Exelbierd: Slice of Cake #26

A slice of cake

Cake BadgeLast week as the FCAIC I … ok, let's get real. I haven't written since February. Thanks to the amazing team of Community Leaders and pushed on by Stormy Peters, I bring you this out of sync, return to the cake updates.

and … drumroll please

À la mode

Cake Around the World

I'll be traveling some and hope you'll ping me for coffee if you're nearby. If your considering attending and want to collaborate on a talk, let's … talk :).

Note: My attendance at a few of the events is still tenative, but I expect most will happen.

12 Jul 2018 4:00pm GMT

Adam Young: Building QGo on RHEL 7.5

I've played Go for years. I've found that having a graphical Go client has helped me improve my game immensely. And, unlike many distractors,. I can make a move, then switch back in to work mode without really losing my train of thought.

I always like the QGo client. I have found it to be worthwhile to build and run from the git repo. After moving to RHEL 7.5 for my desktop, I had to go through the process again. Here is the short version.

Playing Go using the the QGo Client

All of the pre-reqs can come from Yum.

For the compiler and build tools, it is easiest to use a yum group:

sudo yum groupinstall "Development and Creative Workstation"

Once those packages are installed, you need some of the Qt5 development packages. At the bottom are is the complete list I have. I did not install all of these directly, but instead recently installed:


TO run the actual qmake command, things are a bit different from the README.

/usr/bin/qmake-qt5 src

That puts things in ../build, which took me a moment to find.

Now I can run qgo with


Et Voila

QGo Running on RHEL 7.5

The complete list of qt packages I have installed are:


12 Jul 2018 3:06pm GMT

Dan Walsh: unlabeled_t type

I often see bug reports or people showing AVC messages about confined domains not able to deal with unlabeled_t files.

type=AVC msg=audit(1530786314.091:639): avc: denied { read } for pid=4698 comm="modprobe" name="modules.alias.bin" dev="dm-0" ino=9115100 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file

I just saw this AVC, which shows the openvswitch domain attempting to read a file, modules.alias.bin, with modprobe. The usual response to this is to run restorecon on the files and everything should be fine.

But the next question I get is how did this content get the label unlabeled_t, and my response is usually I don't know, you did something.

Well lets look at how unlabeled_t files get created.

unlabeled_t really just means that the file on disk does not have an SELinux xattr indicating a file label. Here are a few ways these files can get created

1 File was created by on a file system when the kernel was not running in SELinux mode. If you take a system that was installed without SELinux (God forbid) or someone booted the machine with SELinux disabled, then all files created will not have labels. This is why we force a relabel, anytime someone changes from SELinux disabled to SElinux enabled at boot time.

2. An extension on content created while the kernel is not in SELinux mode is files created in the initramfs before SELinux Policy in the kernel. We have an issue in CoreOS Right now, where when the system boots up the initramfs is running `ignition`, which runs before systemd loads SELinux policy. The inition scrips create files on the file system, while SELinux is not enabled in the kernel, so those files get created as unlabeled_t. Ignition is adding a onetime systemd unit file to run restorecon on the content created.

3. People create USB Sticks with ext4 or xfs on them, on a non SELinux system, and then stick into systems with SELinux enabled and 'mv' the content onto the system. The `mv` command actually maintains the SELinux label or lack thereof, when it moves files across file systems. If you use a `mv -Z`, the mv command will relabel the target content, or you can just use restorecon.

4 The forth way I can think of creating unlabeled_t files it to create a brand new file system on an SELinux system. When you create a new file system the kernel creates the "/" (root) of the file system without a label. So if you mound the file system on to a mount point, the directory where you mounted it will have no labels. If an unconfined domain creates files no this new file system, then it will also create unlabeled_t files since the default behaviour of the SELinux kernel is create content based on the parents directory, which in this case is labeled unlabeled_t. I recommend people run restorecon on the mount point as soon as you mount a new file system, to fix this behaviour. Or you can run `restorecon -R -v MOUNTPOINT ` to cleanup all the files.

Note: The unlabeled_t type can also show up on other objects besides file system objects. For example on labeled networks, but this blog is only concerned with file system objects.

Bottom Line:

Unlabeled file should always be cleaned up ASAP since they will cause confined domains lots of problems and restorecon is your friend.

12 Jul 2018 3:02pm GMT