Artikel mit Tag opensuseVerwandte Tags apache blog linux apparmor berlin bug fun linuxtag mail openSUSE php postfixadmin script security server avm novell treiber foto landjugend neustadt schneewittchen s9y browser debian spam typo3 fasching insheim jquery keyboard gpg keysigning mysql patch2mail plesk postfix mediawiki multiboilerplate login phpmyadmin regexSonntag, 6. Januar 2019board_candidates++ - or: running for the openSUSE Board againAbout two years ago, I wrote a mail titled "Another openSUSE Board candidate". These two years passed quickly, and I really enjoyed being part of the Board and helping the community whenever needed. I'd like to continue this "job", and therefore decided to run for re-election. I use openSUSE since years (it was still named „SuSE Linux“ with lowercase „u“ back then) and started annoying people in bugzilla, err, started betatesting in the 9.2 beta phase. Since then, I reported more than 1300 bugs. Nowadays, OBS ruins my bugzilla statistics by introducing the option to send a SR ;-) One of my current activities in openSUSE is working in the Heroes team, where I started with moving and upgrading the wiki. I also help out on various *.opensuse.org servers since someone was evil enough to give me root permissions on lots of them ;-) (Transparency note: I helped to setup the elections.opensuse.org server before last year's elections - but will of course not touch it until the elections finish.) My other openSUSE hobbies ;-) are AppArmor and PostfixAdmin, where I'm active in upstream development and as packager. AppArmor also turned out to be a good opportunity for cross-distribution collaboration. You can find me on several mailinglists and on IRC (nickname "cboltz"), and of course I still scare people in bugzilla. I‘m also a regular visitor and speaker at the openSUSE Conference, and visit other conferences as time permits. My day job has nothing to do with computers. I produce something you can drink that is named after a software we ship in openSUSE ;-) Oh, and I collect funny quotes from various mailinglists, IRC, bugzilla etc. that then end up as random [1] signatures under my mails, so be careful what you write ;-) There are some things I‘ll never do (you might remember them from two years ago):
If you want to read more from or about me, have a look at
Tags für diesen Artikel: opensuse
Dienstag, 26. Dezember 2017AppArmor 2.12 - The Grinch is confined!There is this old quote from LKML:
The AppArmor developers followed this advise - John released AppArmor 2.12 yesterday (Dec 25), and I just submitted updated packages to openSUSE Tumbleweed (SR 560017). The most visible changes in 2.12 are support for "owner" rules in aa-logprof and upstreaming of the aa-logprof --json interface (used by YaST). Of course that's only the tip of the christmas cookie ;-) - see the Release Notes for all details. One important change in the openSUSE packages is that I intentionally broke "systemctl stop apparmor". The reason for this is "systemctl restart apparmor" - systemd maps this to stop, followed by start. This resulted in unloading all AppArmor profiles by the "stop" part and, even if they get loaded again a second later, running processes will stay unconfined unless you restart them. The systemd developers were unwilling to implement the proposed ExecRestart= option for unit files, therefore breaking "stop" is the best thing I can do. (See boo#996520 and boo#853019 for more details.) "systemctl reload apparmor" will continue to work and is still the recommended way to reload the AppArmor profiles, but accidently typing "restart" instead of "reload" can easily happen. Therefore I chose to break "stop" - that's annoying, but more secure than accidently removing the AppArmor confinement from running processes. If you really want to unload all AppArmor profiles, you can use the new "aa-teardown" command which does what "systemctl stop apparmor" did before - but who would do that? ;-) Note that the above (except the recommendation to use "reload") only applies to Tumbleweed and Leap 15. Sonntag, 18. Juni 2017Packaging MediaWiki extensionsAs part of the work for the openSUSE wiki upgrade and move, I had to package a bunch of MediaWiki extensions. We'll use the MediaWiki 1.27.x LTS release, which means the extensions need to work with this version. When it comes to packaging, there are three categories of extensions: The GoodThese extensions are hosted on phabricator.wikimedia.org, and you can easily download a tarball matching your MediaWiki version using the "Download snapshot" link on the extension page. Packaging these extensions is easy - just unpack the tarball and copy/package everything to the extension directory. These extensions are standardized enough to use a spec file template - usually I only had to adjust the extension name, tarball name and version. Speaking of the version - most extensions don't have explicit version numbers, so I decided to use the tarball date instead. An example for this category is Auth_remoteuser (extension page, package) which we use to keep the "nice" wiki login form. The BadThese extensions are hosted on GitHub and typically only have a "master" branch. They usually still work with MediaWiki 1.27.x, but there's a small risk that they require features added in newer MediaWiki versions, and this risk will grow over time. On the packaging side, they are as easy as the "good" extensions. An example is the ParamProcessor extension (extension page, package) which is needed by the Maps extension The UglyThese extensions can be hosted on phabricator.mediawiki.org or GitHub, so there are "god ugly" and "bad ugly" extensions ;-) The thing that makes packaging really ugly is that they don't include all the code they need. Instead, you have to download the missing parts with composer. composer works fine in a "real" system, but makes packaging hard. Running it from the spec will obviously fail because OBS doesn't allow network connections while building a package (and even if it's annoying in this case, not having network access during build is a good thing[tm]). My solution is a little script that unpacks the extension tarball and runs "composer install --no-dev" inside the extension directory. The most important part is the "--no-dev" parameter because that avoids lots of superfluous things. Afterwards, I build a tarball from the "vendor" directory and add it to the package. Yeah, I know that's not nice - guess why I named this section "The Ugly" ;-) One of the packages that need a "composer install" run is the GitHub extension (extension page, package including script to run composer). Luckily, "ugly" only applies to packaging. The extensions and their maintainers are for sure not ugly - for example, the maintainer of the GitHub extension was very fast in fixing a bug :-) Mittwoch, 1. Februar 2017AppArmor - or: Working for the enemy?Some weeks ago, someone asked on the opensuse-wiki mailinglist if it's acceptable to move documentation (in this case about Icecream) from the openSUSE wiki to the upstream repo on github. One of the arguments was:
While this sounds like a valid argument and for sure shows good intentions, I wrote a longish reply:
Since I talked a lot about AppArmor in the above text, let's see what's new there. You might have noticed that there were some AppArmor releases recently:
The rewrite of the file rule handling resulted in a nice series of 42 patches which replace 1600 lines of code using a deeply nested array with 1200 lines with the more readable and easier maintainable FileRule and FileRuleset classes (a total of 530 lines) and functions using these classes. Even with 400 lines less code, I added some small features (for example, rules with leading permissions like "r /etc/fstab," are now supported) and fixed some bugs along the way. The old code to handle file rules had very few unittests, which made this rewrite (and especially avoiding breakage and regressions) quite challenging. On the positive side, my patch series added full test coverage for the FileRule and FileRuleset classes, and also added unittests for most of the functions using FileRule and FileRuleset. (Unfortunately full test coverage isn't always easy, especially for the interactive parts of aa-logprof.) Those unittests add about 1400 lines of code, but as long as such additions happen in the tests directory, I'm more than happy about them ;-) Oh, and the final challenge hit the other AppArmor developers. AppArmor has the policy that all patches have to be reviewed, and reviewing the whole patch series (which summed up to +2600 -1628 lines) took some time ;-)
That all said, let's not forget to answer where the documentation should live:
BTW: The question "Am I working for the enemy?" was mostly meant as a rhetoric question - but if you want to answer nevertheless, please add a comment ;-) Samstag, 31. Dezember 2016
Geschrieben von Christian Boltz
in Computer, english, Linux
um
23:08
| Kommentare (0)
| Trackback (1)
Another openSUSE Board candidate ;-)I was nominated to run for the openSUSE Board, and finally decided to run ;-)
I use openSUSE since years (actually it was still „SuSE Linux“ with lowercase „u“ back then), started annoying people in bugzilla, err, started betatesting in the 9.2 beta phase. Since then, I reported more than 1200 bugs. Later, OBS ruined my bugzilla statistics by introducing the option to send a SR ;-) More recently, I helped in fighting the wiki spam, which also means I‘m admin on the english wiki since then, and had some fun[tm] with the current server admin. I‘m one of the founding members of the Heroes team (thanks to Sarah for getting the right people together at oSC16!) Currently, I work on the base server setup (using salt) for our new infrastructure and updating the wiki to an up-to-date MediaWiki version. You can find me on several mailinglists and on IRC, and of course I still scare people in bugzilla. I‘m also a regular visitor and speaker at the openSUSE Conference, and visit other conferences as time permits. Besides openSUSE, I work on AppArmor and PostfixAdmin – both upstream and as packager. Also, I‘m admin on several webservers (all running with Leap). My day job has nothing to do with computers. I produce something you can drink that is named after a software we ship in openSUSE ;-) Oh, and I collect funny quotes from various mailinglists, IRC, bugzilla etc. that then end up as random signatures under my mails, so be careful what you write ;-)
Issues I can see
Aims/Goals
Why you should vote for me?
Things I‘ll never do:
Contact Details:
I wish all candidates good luck, hope that we‘ll see lots of voters – and wish everybody all the best for 2017!
PS: Non-random signature (yes, I know it's unusual for a blog post to have a signature at all, so this will stay a rare exception) – and while I have serious doubts about the second paragraph, I‘m very sure about the first ;-) -- Tags für diesen Artikel: opensuse
Sonntag, 10. Juli 2016Jeopardy!About two weeks ago, some visitors of the openSUSE Conference enjoyed playing openSUSE Jeopardy. You might guess that there are some free implementations of the Jeopardy game out there. This is true, but everything I found didn't match my requirements (with varying reasons for each implementation I found). Therefore I decided to improve Ryan McDevitt's JavaScript Jeopardy and added quite some features I wanted to have available for running the openSUSE Jeopardy. Some technical details:
I'm happy to announce that I just released my Jeopardy implementation on github under the MIT licence. (Yes, I usually prefer GPL, but since both jQuery and Ryan's original implementation are MIT-licensed, I decided to keep it that way.) If you want to run a Jeopardy show (with whatever topics) yourself, I hope you find my implementation useful! I'd also like to thank Hakon from the Linux User Group Landau for soldering a Jeopardy controller using the controller of an old USB keyboard. If you want to do something like that yourself: Dismantle an old keyboard. You'll find a small controller board which is attached to two foils that reach out to the keys. The buzzing is done using the 1..9 keys, so find out which contacts are used for those keys and solder cables on them. Oh, and make sure the cables are long enough to reach out to your players ;-) Montag, 4. Juli 2016openSUSE Conference 2016A week ago, the openSUSE Conference 2016 ended, so it's time to finally upload my AppArmor Crash Course slides ;-) I enjoyed lots of good talks. There were too many to mention a favorite one, but I'll try nevertheless:
I also had lots of interesting discussions on the hallway track and learned something about Nürnberg in the city tour and the cellar tour. After the official part of oSC16 ended, we had a promising disussion about the (technical) future of the openSUSE wiki. If everything works out as planned, we'll get some shiny new hardware hosted in Provo that is only used for openSUSE - and the most important thing is that we'll have SSH access to it and can do whatever is needed without having to wait for the Provo admins. PS: You might have noticed that I didn't mention the openSUSE Jeopardy in this post - I'll do that in a separate post next week ;-) Montag, 3. Juni 2013
Geschrieben von Christian Boltz
in english, Linux, Reallife
um
00:27
| Kommentare (0)
| Trackbacks (0)
LinuxTagJos at Towel day (aren't you exaggerating a bit? ;-)
Vor gut einer Woche ging der LinuxTag zu Ende. Zeit, kurz darüber zu schreiben ;-) Ich war drei Tage in Berlin. Neben einigen interessanten Vorträgen war ich oft am openSUSE-Stand, um die Fragen der Besucher zu beantworten und habe mit 3 Runden openSUSE Jeopardy dafür gesorgt, das openSUSE-Motto "have a lot of fun" umzusetzen. Außerdem hatte ich mich mit PostfixAdmin am Stand "einquartiert". Das erwies sich als Vorteil, weil deutlich mehr PostfixAdmin-Benutzer und -Interessenten zu mir kamen als letztes Jahr am Project Meeting Point. An dieser Stelle vielen Dank an Bernhard, Jos und Sascha, die mit mir den openSUSE-Stand betreut haben, und ans Travel Support Programm für die Unterstützung bei den Reisekosten. LinuxTag ended about a week ago. Time to write about it ;-) I was in Berlin for three days. Besides listening to several interesting talks, I often was at the openSUSE booth, answered the visitor's questions and did 3 rounds of openSUSE Jeopardy to put the openSUSE motto "have a lot of fun" into practise. Besides that, I "accomodated" myself with PostfixAdmin at the openSUSE booth. This turned out to be an advantage because many more PostfixAdmin users and might-become-users came to me (compared to the Project Meeting Point last year). Thanks a lot to Bernhard, Jos and Sascha who manned the openSUSE booth together with me, and the travel support program for supporting me. Dienstag, 12. März 2013Diesen Mittwoch: openSUSE 12.3 - und die Release Party in Nürnberg(Kleine Werbeeinlage auf speziellen Wunsch von Michal Hrušecký ;-) Die meisten Leute wissen wahrscheinlich schon, dass openSUSE 12.3 diesen Mittwoch (also morgen) releast wird. Um das zu feiern, gibt es (ebenfalls am Mittwoch, also morgen) ab 19:00 Uhr eine Release Party im Artefakt in Nürnberg, bei der jeder willkommen ist. Dort kann man viele Geekos treffen, auch das openSUSE-Team von SUSE hat sich angekündigt und freut sich darauf, viele openSUSE-Begeisterte, Unterstützer und Benutzer zu sehen. Für Essen und openSUSE-Bier ist laut Michal gesorgt. Natürlich ist auch der Star des Tages da - openSUSE 12.3 wird auf einem Demo-Rechner gezeigt. Mit etwas Glück gibt es auch ein Google Hangout für alle, die nicht nach Nürnberg kommen können - Infos dazu auf der openSUSE G+-Seite. Ich selbst kann leider nicht zur Party kommen, wünsche aber allen viel Spaß ;-) Sonntag, 28. Oktober 2012
Geschrieben von Christian Boltz
in english, Linux, Reallife
um
22:17
| Kommentare (0)
| Trackbacks (0)
openSUSE conferenceLetztes Wochenende (bis Dienstag) war ich bei der openSUSE conference, die diesmal in der "goldenen Stadt" Prag stattfand. Die Konferenz war sehr interessant - zum Einen die Vorträge, zum Anderen der "hallway track", bei dem ich viele Leute persönlich traf, die ich sonst nur namentlich aus Mailinglisten oder Bugzilla kenne.
Mein Workshop zu AppArmor wurde von rund 15 Personen besucht, die jetzt mehr über AppArmor wissen. Es wurden auch Fragen zum Packaging von Profilen gestellt - mit etwas Glück bekommen also ein paar Programme ein AppArmor-Profil in ihr Paket oder das Profil wird upstream zur Aufnahme zu den Standard-Profilen vorgeschlagen. Die Folien zum Workshop gibt es am Ende dieses Eintrags. Zum openSUSE Jeopardy kamen nur 5 Personen. Diese haben aber alle mitgespielt und hatten sichtlich Spaß, die passenden Fragen zu meinen Antworten rund um Linux und openSUSE zu finden - vor allem Jan, der beide Runden (und somit zwei Flaschen Wein) gewann. Der IRC-basierte "Buzzer" hat dabei gut funktioniert und kommt mit etwas Glück beim nächsten LinuxTag nochmal zum Einsatz. Am Montag war ich einer der wenigen Teilnehmer der BoF zur openSUSE landing page, die wir spontan etwas verlängerten. Daher fiel die admin@-BoF mehr oder weniger aus, was mangels anwesender Admins auch nicht wirklich schlimm war. Danach wurde ich von Coolo noch zum Filmen freiwillig gemeldet ;-) - die schrecklichen Publikums-Bilder vom Montag Nachmittag (Project Meeting etc.) und Dienstag (hauptsächlich Raum Riker) stammen von mir ;-) Vielen Dank an alle, die zur openSUSE Conference beigetragen haben, and für die Unterstützung bei den Reisekosten! Last weekend (until tuesday) I visited the openSUSE conference which was in the "golden town" Prague this year. The conference was very interesting. One part are the talks, the other part is the "hallway track" where I met lots of people I only knew from mailinglists or bugzilla. About 15 persons took part in my AppArmor workshop, which means they now know more about AppArmor. Some also asked about packaging of AppArmor profiles. If we are lucky, some applications will receive a profile in their package, or their profile will be proposed for inclusion the the upstream set of default profiles. The slides I used in the workshop are available for download at the end of this post. Jürgen's UFO advertising openSUSE TV
Only 5 persons came to my openSUSE jeopardy, but they all played and had fun in finding the matching questions for my answers about Linux and openSUSE. Jan must have had most fun - he won both rounds (and two bottles of wine). The IRC based "buzzer" worked quite well and will probably be used again at next LinuxTag. On monday, I was one of the few participants of the BoF about the openSUSE landing page, which we extended time-wise. This also means the admin@ BoF was more or less dropped, which wasn't really bad because there weren't admins around. Afterwards, Coolo volunteered me ;-) to operate a video camera. The terrible pictures of the audience on monday afternoon (project meeting etc.) and tuesday (mostly room Riker) are from me ;-) Thanks to everybody who contributed to the openSUSE Conference, and for the travel support! Slides: Dienstag, 29. Mai 20121001 Bugs - oder: die goldenen Regeln für schlechte ProgrammierungMit meinem "1001 Bugs"-Vortrag habe ich die openSUSE Conference überlebt, obwohl mancher Entwickler vermutlich nicht ganz glücklich war, dass ich einen seiner peinlichen Bugs entdeckt hatte ;-) Daher hielt ich diesen Vortrag in leicht überarbeiteter Form und in deutsch auch auf dem LinuxTag. Den ca. 80-90 Zuhörern hat es scheinbar gefallen - neben einigen Lachern zwischendurch bekam die "spezielle Regel für openSUSE" sogar Szenenapplaus :-) Wer den Vortrag auf dem LinuxTag verpasst hat oder sich die Folien (incl. Notitzen) nochmal ansehen will - bitte schön: 1001 Bugs - oder: die goldenen Regeln für schlechte Programmierung als PDF Dienstag, 27. September 20111001 bugs - or: the golden rules of bad programmingIf you missed my talk at the openSUSE conference or want to see the slides (including notes) again - here we are: 1001 bugs - or: the golden rules of bad programming as PDF Sonntag, 28. August 20111001 bugs1001 bugs - das ist eins der Ergebnisse meiner Mitarbeit bei (open)SUSE: Ich habe vorhin meinen 1001. Bugreport eingereicht. Außerdem werde ich unter dem Motto "1001 bugs - or: the golden rules of bad programming" einen Vortrag auf der openSUSE conference halten. Die genaue Beschreibung meines Vortrags steht unter dem englischen Text. Ich habe schon eine ganze Reihe von Ideen für den Vortrag, bin aber für Vorschläge in den Kommentaren offen. Wer sich für meine Bugzilla-Statistik interessiert, findet unten den Screenshot. Man sieht deutlich, dass ich bei SUSE Linux 9.2 mit dem Betatesten angefangen habe und seitdem die Entwickler mit Bugreports zuschütte ;-) 1001 bugs - that's one of the results of my work on (open)SUSE: I just filed my 1001. bugreport. Besides that, I'll give a talk "1001 bugs - or: the golden rules of bad programming" at the openSUSE conference. I already have lots of ideas for my talk, however I'm open for proposals - just add a comment here. If you are interested in my bugzilla statistics, have a look at the screenshot below. You can clearly see that I started beta-testing with SUSE Linux 9.2 and since then overwhelm the developers with bugreports ;-) But first I'll give you the the detailed description of my talk: 1001 bugs - or: the golden rules of bad programming
Bugzilla report for "reporter contains @cboltz.de"
(the reports for 9.x and some other products are non-public, which means you'll probably get a lower number) Sonntag, 19. Juni 2011patch2mail 1.1(nur für Admins interessant, daher nur auf englisch) I just released patch2mail 1.1 which will send you a mail when updates are available for your openSUSE system. Changes:
You can download patch2mail from the openSUSE build service. I have also submitted the new version to Factory (SR 74130). Dienstag, 15. März 2011Releases!Gleich zwei Releases in einem Blog-Eintrag:
(Seite 1 von 3, insgesamt 38 Einträge)
» nächste Seite
|
ArchiveKategorienBlog abonnierenImpressum |
Kommentare