Home Home > 2018 > 04
Sign up | Login

Archive for April, 2018

syslog-ng vs. systemd’s journald

April 30th, 2018 by

This blog is part of a series of technical blogs leading up to the release of openSUSE Leap 15. All of the blogs provide a use case regarding openSUSE Leap and the packages available in the distribution. Happy reading.

 

Authored by Peter Czanik

People often ask me what to use: systemd’s journald or syslog-ng? The quick answer is that most likely both, but it depends on how you use your computer(s). If you have a single standalone machine, journald is probably enough. There is even a nice desktop application to view the logs in the journal. But once you have multiple machines to manage, using syslog-ng has many advantages.

Even if you use syslog-ng, local system logs are collected by journald. It is an integral part of systemd and cannot be uninstalled. Luckily, syslog-ng can read log messages from the journal. If journald stores additional name-value pairs about an event, syslog-ng can read those as well.

So, why install syslog-ng? The short answer is: central logging.

Why is the central collection of logs such a big deal? One reason is ease of use, as central logging creates a single place to check logs instead of tens or thousands of devices. Another reason is availability – you can check a device’s log messages even if the device itself is unavailable for any reason. A third reason is security; when your device is hacked, checking the logs can uncover traces of the hack.

journald also has some central logging capabilities, but syslog-ng provides a lot more features and better performance:

  • journald was originally designed for local logs on desktops – where there are not that many logs. On the other hand, syslog-ng was designed for high-performance central log collection from the ground up.
  • syslog-ng can collect logs from many more sources, including pipes, sockets, and files. File sources are especially important, as many applications – like web servers – log to files and do that at a rate that journald cannot handle.
  • syslog-ng does more than simple log storage. It can process log messages in many ways: parse them to create name-value pairs for easier alerting and reporting, enrich them with geographical information (GeoIP), rewrite them for anonymization (see PCI-DSS or GDPR), or reformat them according to the requirements of the destination.
  • Filtering in syslog-ng makes very precise log routing possible, ensuring that all logs reach the right destination.
  • Speaking of destinations: there are many possibilities for storing log messages, not just flat files or other syslog servers as it was the case many years ago. For example, you can store logs in SQL databases, send logs to Splunk for further analysis using HTTP, store name-value pairs parsed from logs in MongoDB, or send an email alert using the SMTP destination.

(more…)

Tumbleweed Gets New Mesa, KDE Frameworks, GNOME Packages

April 26th, 2018 by

A total of four openSUSE Tumbleweed snapshots were released this week that brought new updates for the Linux Kernel, Mesa and a major version update of libglvnd.

RADV received several fixes in snapshot 20180424 with the update to Mesa 18.0.1. Mesa core also had some patches to fix issues around overriding the OpenGL/ES supported version through environment variables, and a patch to fix an issue with texture samples found in “The Witness” through Wine. An updated description for the SSLProtocol option was made available with the apache2 2.4.33 package and apparmor 2.13 delivered a change of the (writeable) cache directory to /var/cache/apparmor/ with the new btrfs layout. The reason for using /var/lib/apparmor/cache/, which was “it’s part of the / subvolume”, is gone, and /var/cache makes more sense for the cache, according to the changelog. The cleanup process and behavior are a lot better with the update of ccache 3.4.2. Backup tool deja-dup 38.0 was a major update and exclude snap cache directories by default. GTK has a new ‘Widgetbowl‘ demo and the wayland backend now supports the stable xdg-shell protocol in gtk3 3.22.30. Linux Kernel 4.16.3 arrived in the snapshot and the GL Vendor-Neutral Dispatch library, libglvnd, was bumped to major version 1.0.0 thanks to EGL and GLX interfaces being defined and stable. The Tumbleweed rating tool is currently treading the snapshot as stable with an 88 rating.

Snapshot 20180420 is also treading at an 88 rating. The snapshot added btrfsprogs 4.16, which added the new LGPL library libbtrfsutil packages to wrap userspace functionality. KDE users will notice new features for the kmediaplayer package with Frameworks 5.45.0. Poppler 0.63.0, which is the utility library for rendering PDFs, had multiple fixes to include a fix for a new Object Application Programming Interface porting bug. The autocompletion and static analysis library for python, python-jedi 0.12.0, removes Python 2.6 support and provides better namespace completion.

(more…)

Request Travel Support for openSUSE Conference 2018

April 24th, 2018 by

The Travel Support Program (TSP) provides travel sponsorships to openSUSE community who want to attend the openSUSE conference and need financial assistance. The openSUSE conference 2018 will be in Prague, Czech Republic from May 25 to May 27.

The goal of the TSP is to help everybody in and around openSUSE to be able to attend the openSUSE Conference!

When and how

Requests for the TSP for this year’s openSUSE Conference have until April 29 to submit their request.

Remember: All requests will be managed through the TSP application at http://connect.opensuse.org/travel-support.

You will need an openSUSE Connect account in order to login to the application and apply for sponsorship. Please be sure to fulfill all of your personal details at openSUSE connect account to avoid delays or negative request. A good application with good information will be processed faster.

A few reminders

  • Please read the TSP page carefully before you apply.
  • Any information you send to the Travel Committee will be private.
  • We want everybody there! Even if you think you would not qualify for the travel support, just submit and make it worth! If you don’t try you won’t get!tips
  • If you submitted an abstract to be presented you should mention it in your application.
  • The Travel Committee can reimburse up to 80% of travel and/or lodging costs. That includes hotel, hostel, plane,train, bus, even gas for those willing to drive. Remember, no taxi!
    • Important: Food and all local expenses are on you!
  • We want to sponsor as many people as possible so please check the best deal.
  • The Travel Committee won’t be able to book or pay anything in advance. The reimbursement will be done after the event finishes and based on your expenses receipts.
  • no receipts = no money It is the rule! (Original receipts are required from German residences.)

If you have any question regarding your trip to the conference do not hesitate to ask the TSP or oSC18 organizers.

We hope to see you there!

Krita, Linux Kernel, KDEConnect Get Updated in Tumbleweed

April 20th, 2018 by

There have been a few openSUSE Tumbleweed snapshots released in the past two weeks that brought some new features and fixes to users.

This blog will go over the past two snapshots.

The last snapshot, 20180416, had several packages updated. The adobe-sourceserifpro-fonts package updated to version 2.000; with the change, the fonts were refined to make the Semibold and Bold heavier. Both dbus-1 and dbus-1-x11 were updated to 1.12.6, which fixed some regreations introduced in version 1.10.18 and 1.11.0. The gtk-vnc 0.7.2 package deprecated the manual python2 binding, which will be deleted in the next release, in favor of GObject introspection. Notifications that caused a crash were fixed in kdeconnect-kde 1.3.0. The 4.16.2 Linux Kernel made ip_tunnel, ipv6, ip6_gre, ip6_tunnel and vti6 better to validate user provided tunnel names. Due to a build system failure, not all 4.16.2 binaries were built correctly; this will be resolved in the 20180417 snapshot, which will be released shortly. Krita 4.0.1 had multiple fixes from its major version upgrade. The visual diff and merge tool meld 3.19.0 added new features like a new per-pane status bar with selectors for syntax highlighting and text encoding. Python Imaging Library python-Pillow 5.1.0 removed the freetype-2.9.patch and YaST had several packages with a version bump.

Snapshot 20180410 had less than a handful of packages updated. The Advanced Linux Sound Architecture package, alsa ,1.1.6 removed unused macros and added support for python3 and alsa-utils 1.1.6 removed some obsolete patches. GNU Compiler Collection 7 enabled a fix for aarch64 and the communication package rzsz had rebase patches with its release candidate in the 0.12.21 version.

The Tumbleweed rating tool is currently trending the past few snapshots as unstable, but the last snapshots rating is posting a false negative due to comments made on the openSUSE Factory Mailing thread about the 4.16.2 Linux Kernel.

openSUSE Heroes ♥ Let’s Encrypt™ – Expect certificate exchange

April 19th, 2018 by

openSUSE loves Let's Encrypt™

Maybe some of you noticed, that our certificate *.opensuse.org on many of services will expire soon (on 2018-04-23).

As we noticed that – as well – we decided to put a bit of work into this topic and we will use Let’s Encrypt certificates for the encrypted services of the openSUSE community.

This is just a short notice / announcement for all of you, that we are working on this topic at the moment. We will announce, together with the deployment of the new certificate, the regarding hashes and maybe some further information on our way of implementing things.

Just to give you a small number of services which will be affected, maybe you use one of the following list:

(This is a mixed list of services maintained by openSUSE Heroes and/or several SUSE teams for the openSUSE community – the certificate exchange will affect those services.)

  • build.opensuse.org
  • api.opensuse.org
  • openqa.opensuse.org
  • static.opensuse.org
  • ci.opensuse.org
  • svn.opensuse.org
  • software.opensuse.org
  • $LANG.opensuse.org for the several wiki instances
  • download.opensuse.org
  • keyserver.opensuse.org
  • …and many, many more :) – thanks to everybody in the openSUSE Heroes team for maintaining the zoo of services ;)

Thanks to the FLOSS & openSUSE community, we have full support of Let’s Encrypt certificates already on board our distribution.

As there are so many options to choose, we decided for the following tool to use Let’s Encrypt certificates:

  • dehydrated – as client with ACME v2 support – https://software.opensuse.org/package/dehydrated
    • with custom hook scripts, that will provide the wildcard-certificates to our proxy-infrastructure

Thanks to everybody involved in this task for getting the migration done.

Fun fact, as you might have noticed before, news.opensuse.org is not part of the openSUSE Heroes infrastructure (yet) and already got a new certificate from DigiCert.

Elections for openSUSE Board Run Until April 27

April 19th, 2018 by

The ballots for Elections to fill the three seats on the openSUSE Board are open until April 27.

The voting began April 15 and openSUSE Members are able to vote for the following candidates:

Gertjan Lettink ( Knurpht )

Simon Lees

Ana Martinez

Gerry Makaro ( Fraser_Bell )

Aaron Luna

openSUSE Members should have received an email from the openSUSE Election Officials with a link and Election Fingerprint to cast their ballot on April 15.

The platform gives three steps for voting like selecting the candidates, reviewing and confirming the voter’s choices for the board and the final step of submitting the encrypted ballot.

Those three candidates that are elected to the position will serve a 24-month term.

Visit the openSUSE wiki to understand more about the voting process.

openSUSE Leap 15 Release Scheduled for May 25

April 18th, 2018 by

The release of openSUSE Leap 15 is scheduled to be release during the first day of this year’s openSUSE Conference in Prague, Czech Republic on May 25.

The package submission deadline for non-bug fix package updates is April 24 as Leap enters the release candidate phase. The scheduled release for Leap 15 is May 25 at 12:00 UTC.

Leap has been using a rolling development model for building Leap 15 beta versions. Bug fixes and new packages have been released via snapshots to users testing the beta versions. The snapshots for the test version will stop and maintenance and security updates for Leap 15’s release will begin next month. Linux professionals and anyone looking to use Leap 15 are encouraged to test the beta versions as there is still snapshots being released and announced on the openSUSE Factory Mailing List. A list of items to test is available here.

The openSUSE project is pleased to announce that with Leap 15 Live images will again be available. Both KDE and GNOME can be tested without having to change your current system.

openSUSE Leap 15 shares a common core with SUSE Linux Enterprise (SLE) 15 sources and has thousands of community packages on top to meet the needs of professional and semi-professional users and their workloads.

The Kubic Project contributed a system role selection available with the release that offers two types of server roles; the classic server role and a Transactional Server role, which uses transactional updates and a Read-Only Root Filesystem. The release at the openSUSE Conference will give the openSUSE community and Free Open Source Software projects an opportunity to discuss plans for the openSUSE Leap 15 release, which will receive maintenance updates for at least three years.

Tumbleweed Starts Week with Plasma, DigiKam Updates

April 6th, 2018 by

KDE‘s newest point version of Plasma 5.12.4 was released in the first of five openSUSE Tumbleweed snapshots that were released this week.

The  most recent snapshot was 20180403 and it included several updates for gstreamer 1.12.5 packages. Multiple bugs were fixed for gstreamer-editing-services, gstreamer-plugins-libav and gstreamer-validate. The gstreamer-rtsp-server package update to 1.12.5 had to drop the pkgconfig(libcgroup) because of a clash with systemd that causes bug reports. The Lightweight Directory Access Protocol, openldap2 version 2.4.46, fixed a Transport Layer Security connection timeout and removed obsolete back-port patches. The python-cryptography package update from version 2.1.4 to 2.2.1 and allows for the loading of Digital Signature Algorithm Keys with 224 bit q size. The snapshot is currently trending at 91 rating on the rating tool.

The 1.12.5 gstreamer package arrived in snapshot 20180402. The new gstreamer package, which constructs the graphs of media-handling components, fixes the handling of encoded silence, the tagging of keyframes on output buffers and updates the internal copy to ffmpeg 3.3.6. The Generic Graphics Library gegl 0.3.30 now has a build requirement of GIMP 2.10.0 and had some complex changes in the NEWS file.

Snapshot 20180401 added Application Programming Interface support for Microsoft’s .NET 4.7.1 with the update of the mono-core package to version 5.8.1, and snapshot 20180331 update Mozilla Firefox to version 59.0.2. The new version of Firefox fixed more than a handful of bugs, added a couple patches and Common Vulnerabilities and Exposures CVE-2018-5148.

(more…)

Questions and Answers With Candidates for openSUSE Board Elections

April 3rd, 2018 by

Elections for the openSUSE Board have been postponed until mid-April. Until then, the community can familiarize themselves with the candidates who are running for three available seats on the board.

openSUSE Community Members can engage with the candidates directly or on the openSUSE-project mailing list if they have specific questions for a candidate(s).

Candidates running for the openSUSE Board were each presented with the following questions:

 

  • What do you think is the best thing about the Project at the moment?
  • What do you think is the worst thing in the Project?
  • If you are elected as a Board member how are you going to address it?
  • What is one thing community members are unlikely to know about you?
  • How do you feel about openSUSE collaborating with other FOSS projects and
    what would be your first act toward there if you get elected?

 

Their full responses to the questions are listed below under their name, which is linked to their blog: (more…)