October 2016 - Dev - lists.clearlinux.org

[PATCH clr-bundles] Update OpenStack bundle consolidation

by William Douglas

Since most of the components needing shared OpenStack common had been removed, the bundle can be reworked to include just the joint parts of openstack-identity and openstack-python-clients instead. --- bundles/openstack-common | 30 ++++++++++++++++++++++++ bundles/openstack-identity | 49 +++++++++++++++++++++++++++++++++++++++- bundles/openstack-python-clients | 14 ++++++++++++ 3 files changed, 92 insertions(+), 1 deletion(-) diff --git a/bundles/openstack-common b/bundles/openstack-common index 960b10f..f69b6be 100644 --- a/bundles/openstack-common +++ b/bundles/openstack-common @@ -4,3 +4,33 @@ # [CAPABILITIES]: # [MAINTAINER]: Obed Munoz <obed.n.munoz(a)intel.com> include(python-basic) +Babel +debtcollector +funcsigs +functools32 +futures +iso8601 +jsonschema +keystoneauth1 +monotonic +msgpack-python +netaddr +netifaces +ordereddict +oslo.config +oslo.context +oslo.i18n +oslo.log +oslo.serialization +oslo.utils +pbr +positional +prettytable +pyinotify +python-dateutil +python-keystoneclient +pytz +requests +setuptools +six +stevedore diff --git a/bundles/openstack-identity b/bundles/openstack-identity index 2a770d3..080f09d 100644 --- a/bundles/openstack-identity +++ b/bundles/openstack-identity @@ -4,25 +4,72 @@ # [CAPABILITIES]: # [MAINTAINER]: Obed Munoz <obed.n.munoz(a)intel.com> include(openstack-common) +Jinja2 +Mako +MarkupSafe +MySQL-python +Paste +PasteDeploy +PyMySQL +PyYAML +Routes +SQLAlchemy +Tempita +WebOb +alembic +amqp +anyjson +cachetools +cffi +contextlib2 +crudini cryptography +decorator dogpile.cache dogpile.core +enum34 +eventlet +fasteners +futurist +greenlet idna +iniparse ipaddress keystone +keystonemiddleware +kombu ldappool +librabbitmq memcached -mariadb-server nginx oauthlib openssl oslo.cache +oslo.concurrency +oslo.db +oslo.messaging +oslo.middleware +oslo.policy +oslo.service +osprofiler passlib +pika +pika-pool pyOpenSSL +pyasn1 +pycadf +pycparser +pycrypto pymongo pysaml2 +python-editor python-ldap python-memcached +repoze.lru repoze.who +retrying +sqlalchemy-migrate +sqlparse uwsgi +wrapt zope.interface diff --git a/bundles/openstack-python-clients b/bundles/openstack-python-clients index 5cb4180..97659a4 100644 --- a/bundles/openstack-python-clients +++ b/bundles/openstack-python-clients @@ -4,17 +4,31 @@ # [CAPABILITIES]: # [MAINTAINER]: Obed Munoz <obed.n.munoz(a)intel.com> include(openstack-common) +PyYAML appdirs +cliff clr-python-timestamp +cmd2 +jsonpatch +jsonpointer openstacksdk os-client-config pip +pyparsing +python-barbicanclient python-ceilometerclient python-cinderclient python-designateclient +python-glanceclient python-heatclient python-neutronclient +python-novaclient python-openstackclient python-saharaclient +python-swiftclient python-troveclient requestsexceptions +simplejson +unicodecsv +warlock +wrapt -- 2.10.1

6 years, 6 months

1
0
0 0

[PATCH openssh] Add patch for default server keep alive

by William Douglas

Update the ssh client default configuration to send a keep alive message to the server every 120s in order to avoid disconnects due to NAT or firewall timeouts. --- 0001-Set-default-server-keep-alive.patch | 25 +++++++++++++++++++++++++ openssh.spec | 4 +++- release | 2 +- series | 1 + 4 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 0001-Set-default-server-keep-alive.patch diff --git a/0001-Set-default-server-keep-alive.patch b/0001-Set-default-server-keep-alive.patch new file mode 100644 index 0000000..79b598c --- /dev/null +++ b/0001-Set-default-server-keep-alive.patch @@ -0,0 +1,25 @@ +From cdd3b0a6bf7400932271e0a5e8b36cb1f780712c Mon Sep 17 00:00:00 2001 +From: William Douglas <william.douglas(a)intel.com> +Date: Thu, 27 Oct 2016 18:21:20 +0000 +Subject: [PATCH] Set default server keep alive + +--- + readconf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/readconf.c b/readconf.c +index c177202..eecaa48 100644 +--- a/readconf.c ++++ b/readconf.c +@@ -2006,7 +2006,7 @@ fill_default_options(Options * options) + if (options->verify_host_key_dns == -1) + options->verify_host_key_dns = 0; + if (options->server_alive_interval == -1) +- options->server_alive_interval = 0; ++ options->server_alive_interval = 120; + if (options->server_alive_count_max == -1) + options->server_alive_count_max = 3; + if (options->control_master == -1) +-- +2.10.1 + diff --git a/openssh.spec b/openssh.spec index c8db1bf..f9575ef 100644 --- a/openssh.spec +++ b/openssh.spec @@ -4,7 +4,7 @@ # Name : openssh Version : 7.3p1 -Release : 42 +Release : 43 URL : http://openbsd.c3sl.ufpr.br/pub/OpenBSD/OpenSSH/portable/openssh-7.3p1.tar.… Source0 : http://openbsd.c3sl.ufpr.br/pub/OpenBSD/OpenSSH/portable/openssh-7.3p1.tar.… Source1 : openssh.tmpfiles @@ -29,6 +29,7 @@ Patch2: moduli-lookup.patch Patch3: ciphers.patch Patch4: default-ciphers-configuration.patch Patch5: default-enable-pam.patch +Patch6: 0001-Set-default-server-keep-alive.patch %description Ssh (Secure Shell) is a program for logging into a remote machine and for @@ -93,6 +94,7 @@ extras components for the openssh package. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %build export LANG=C diff --git a/release b/release index d81cc07..920a139 100644 --- a/release +++ b/release @@ -1 +1 @@ -42 +43 diff --git a/series b/series index 43c0089..75a6961 100644 --- a/series +++ b/series @@ -3,3 +3,4 @@ moduli-lookup.patch ciphers.patch default-ciphers-configuration.patch default-enable-pam.patch +0001-Set-default-server-keep-alive.patch -- 2.10.1

6 years, 7 months

3
2
0 0

[PATCH clr-bundles] Update os-clr-on-clr after auto doc removal

by William Douglas

Remove doc bundles from os-clr-on-clr and in their place add the base bundle when it wasn't included before (since these were previously auto included by the doc bundle). --- bundles/os-clr-on-clr | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/bundles/os-clr-on-clr b/bundles/os-clr-on-clr index 8e5d242..ea4be5a 100644 --- a/bundles/os-clr-on-clr +++ b/bundles/os-clr-on-clr @@ -4,27 +4,27 @@ # [CAPABILITIES]: # [MAINTAINER]: William Douglas <william.douglas(a)intel.com> include(c-basic) +include(dev-utils) include(dev-utils-dev) -include(dev-utils-doc) -include(editors-doc) +include(editors) include(go-basic) include(koji) include(kvm-host) include(mail-utils) include(mail-utils-dev) include(mixer) +include(network-basic) include(network-basic-dev) -include(network-basic-doc) include(openssh-server) +include(os-core) include(os-core-dev) -include(os-core-doc) include(os-core-update-dev) include(perl-basic) include(python-basic) +include(storage-utils) include(storage-utils-dev) -# needs autodoc first include(storage-utils-doc) +include(sysadmin-basic) include(sysadmin-basic-dev) -include(sysadmin-basic-doc) Mako-python catkin catkin_pkg -- 2.10.1

6 years, 7 months

1
0
0 0

[PATCH clr-bundles] Deprecate auto doc bundles

by William Douglas

Since autospec'd packages contain the doc bundle and most bundles list the main package instead of subpackages auto doc bundles didn't turn out to be as useful as first thought. The major change here is the addition of os-core packages in sysadmin-basic to pull in the doc subpackages. --- auto.docbundles | 6 ------ bundles/dev-utils-doc | 11 +++-------- bundles/editors-doc | 11 +++-------- bundles/network-basic | 2 +- bundles/network-basic-doc | 12 +++--------- bundles/os-core-doc | 10 +++------- bundles/storage-utils | 1 + bundles/sysadmin-basic | 22 +++++++++++++++++++--- bundles/sysadmin-basic-doc | 16 ++++------------ 9 files changed, 37 insertions(+), 54 deletions(-) delete mode 100644 auto.docbundles diff --git a/auto.docbundles b/auto.docbundles deleted file mode 100644 index 80a49a1..0000000 --- a/auto.docbundles +++ /dev/null @@ -1,6 +0,0 @@ -dev-utils -editors -network-basic -os-core -storage-utils -sysadmin-basic diff --git a/bundles/dev-utils-doc b/bundles/dev-utils-doc index 79f5a8a..8fd03e6 100644 --- a/bundles/dev-utils-doc +++ b/bundles/dev-utils-doc @@ -1,11 +1,6 @@ # [TITLE]: dev-utils-doc # [DESCRIPTION]: Provides documentation and manpages for dev-utils -# [STATUS]: ACTIVE -# [CAPABILITIES]: +# [STATUS]: Deprecated +# [CAPABILITIES]: # [MAINTAINER]: William Douglas <william.douglas(a)intel.com> -include(dev-utils) -cgdb-doc -gdb-doc -strace-doc -valgrind-doc -lcov-doc +filesystem diff --git a/bundles/editors-doc b/bundles/editors-doc index 3fbc4dd..9123daa 100644 --- a/bundles/editors-doc +++ b/bundles/editors-doc @@ -1,11 +1,6 @@ # [TITLE]: editors-doc # [DESCRIPTION]: Provides documentation and manpages for editors -# [STATUS]: ACTIVE -# [CAPABILITIES]: +# [STATUS]: Deprecated +# [CAPABILITIES]: # [MAINTAINER]: William Douglas <william.douglas(a)intel.com> -include(editors) -joe-doc -emacs-doc -ctags-doc -vim-doc -nano-doc +filesystem diff --git a/bundles/network-basic b/bundles/network-basic index 7383f41..47686c1 100644 --- a/bundles/network-basic +++ b/bundles/network-basic @@ -12,7 +12,7 @@ bind-utils bridge-utils connman conntrack-tools -curl-bin +curl dpdk ebtables ethtool diff --git a/bundles/network-basic-doc b/bundles/network-basic-doc index 8a1a4d5..2e91751 100644 --- a/bundles/network-basic-doc +++ b/bundles/network-basic-doc @@ -1,12 +1,6 @@ # [TITLE]: network-basic-doc # [DESCRIPTION]: Provides documentation and manpages for network-basic -# [STATUS]: ACTIVE -# [CAPABILITIES]: +# [STATUS]: Deprecated +# [CAPABILITIES]: # [MAINTAINER]: William Douglas <william.douglas(a)intel.com> -include(network-basic) -openssh-doc -openssh-extras -tcpdump-doc -net-tools-doc -rsync-doc -ethtool-doc +filesystem diff --git a/bundles/os-core-doc b/bundles/os-core-doc index ac04dae..ef44aa9 100644 --- a/bundles/os-core-doc +++ b/bundles/os-core-doc @@ -1,10 +1,6 @@ # [TITLE]: os-core-doc # [DESCRIPTION]: Provides documentation and manpages for os-core -# [STATUS]: ACTIVE -# [CAPABILITIES]: +# [STATUS]: Deprecated +# [CAPABILITIES]: # [MAINTAINER]: William Douglas <william.douglas(a)intel.com> -include(os-core) -systemd-doc -systemd-extras -shadow-doc -clr-systemd-config-extras +filesystem diff --git a/bundles/storage-utils b/bundles/storage-utils index 5a3c866..b189d63 100644 --- a/bundles/storage-utils +++ b/bundles/storage-utils @@ -7,6 +7,7 @@ LVM2 LVM2-extras btrfs-progs dosfstools +e2fsprogs e2fsprogs-extras gptfdisk ibutils diff --git a/bundles/sysadmin-basic b/bundles/sysadmin-basic index b7dd763..164aa2a 100644 --- a/bundles/sysadmin-basic +++ b/bundles/sysadmin-basic @@ -3,16 +3,27 @@ # [STATUS]: Active # [CAPABILITIES]: # [MAINTAINER]: William Douglas <william.douglas(a)intel.com> +# pciutils is not autospeced and so -data and -doc are specified manually +# This bundle specificly contains all -doc bundles for os-core as well due +# to size constraints for os-core. bzip2 clr-hardware-files collectl +coreutils cpuid +dbus dos2unix +e2fsprogs file findutils +gawk gawk-extras +grep +hostname htop +iproute2 kbd +kmod less libc-bin lsacpi @@ -21,6 +32,7 @@ man-db man-pages mc mosh +motd-update parallel pciutils pciutils-data @@ -28,13 +40,17 @@ pciutils-doc powertop procps-ng psmisc +sed +shadow sharutils -sudo strace -systemd-doc +sudo +systemd +systemd-bootchart +systemd-extras tmux tree unzip usbutils +util-linux which -motd-update diff --git a/bundles/sysadmin-basic-doc b/bundles/sysadmin-basic-doc index 2312a82..d776e43 100644 --- a/bundles/sysadmin-basic-doc +++ b/bundles/sysadmin-basic-doc @@ -1,14 +1,6 @@ # [TITLE]: sysadmin-basic-doc # [DESCRIPTION]: Provides documentation and manpages for sysadmin-basic -# [STATUS]: ACTIVE -# [CAPABILITIES]: -# [MAINTAINER]: Jim Chamings <jim.chamings(a)intel.com> -include(sysadmin-basic) -powertop-doc -pciutils-doc -strace-doc -usbutils-doc -collectl-doc -htop-doc -mosh-doc -cpuid-doc +# [STATUS]: Deprecated +# [CAPABILITIES]: +# [MAINTAINER]: William Douglas <william.douglas(a)intel.com> +filesystem -- 2.10.1

6 years, 7 months

1
0
0 0

Clear Linux Highlights #4

by Hutanu

[cid:image001.png(a)01D22877.4BB57C50] Summary: The latest release includes the potential for considerable performance boost for Python components in Clear Linux. It also adds several GNOME 3.22 components and continues to track the latest Linux kernel very closely. Key component updates kernel 4.8.1 systemd 231 nodejs 6.8 vim 8.0 emacs 25.1 Key new components Apache Maven GNOME 3.22 components Wayland 1.12 Noteworthy items Key Python components of the OS, like NumPy, SciPy, and scikit-learn, can now get a measurable performance gain on systems with an Intel(r) Advanced Vector Extensions 2 (Intel AVX2) capable processor. Some performance sensitive Python modules include compiled C code in the form of shared libraries. Typically, these shared libraries are compiled for the same CPU as the OS and do not use Intel AVX2 instructions. Python in Clear Linux now has two versions of these shared libraries pre-installed automatically, one without and one with the Intel AVX2 instructions enabled. At runtime, the Python interpreter picks the suitable version for the system's CPU. The Clear Linux installer (Ister) now finds cloud-init configuration data during the install and uses micro config drive (ucf) to configure the host as directed by the cloud-init configuration file, allowing for customized and automated installation with the same configuration format for bare metal that is used for cloud provisioning. Performance on Clear Linux maintains its advantage in several areas, including the latest tests from Phoronix showing our graphics performance advantage over Ubuntu, see the details here<http://www.phoronix.com/scan.php?page=article&item=clr-ubuntu-yak&num=1>.

6 years, 7 months

1
0
0 0

Systemd 231 & tmux

by Miguel Bernal Marin

Hi, Clear Linux recently updated systemd to 231 release. This update brings some changes on how systemd-logind handle the remained process after a user logs out (see CHANGES WITH 230). To back to the previous behavior (do not kill tmux when exit), you can configure logind.conf system-wide to not kill user process after log out. #. Create logind.conf directory mkdir -p /etc/systemd/logind.conf.d #. Set KilluserProcesses to no echo -e "[Login]\nKillUserProcesses=no" > /etc/systemd/logind.conf.d/notkilluserprocesses.conf #. Restart systemd-logind service systemctl restart systemd-logind Furthermore you can use a lists of usernames to override the KillUserProcesses= settings, by using KillOnlyUsers=, KillExcludeUsers= (see man logind.conf(5)). An other workaround is explained in [1]. From systemd NEWS file: CHANGES WITH 230: * systemd-logind will now by default terminate user processes that are part of the user session scope unit (session-XX.scope) when the user logs out. This behavior is controlled by the KillUserProcesses= setting in logind.conf, and the previous default of "no" is now changed to "yes". This means that user sessions will be properly cleaned up after, but additional steps are necessary to allow intentionally long-running processes to survive logout. CHANGES WITH 231: * systemd will now log about all service processes it kills forcibly (using SIGKILL) because they remained after the clean shutdown phase of the service completed. This should help identifying services that shut down uncleanly. Moreover if KillUserProcesses= is enabled in systemd-logind's configuration a similar log message is generated for processes killed at the end of each session due to this setting. [1] https://github.com/tmux/tmux/issues/428 -- Regards, Miguel Bernal Marin Open Source Technology Center https://clearlinux.org Intel Corporation

6 years, 7 months

1
0
0 0

Re: [Clr-dev] Documentation issues report

by Miguel Bernal Marin

Hi Alessio, Thanks for you findings, the Clear Linux team was working on your feedback. On 10/12/2016 5:21 AM, Alessio Igor Bogani wrote: > Hi all, > > 1) https://clearlinux.org/documentation/vm-virtualbox.html stated that > the right command to start GUI is startx but AFAIK the right command > is startxfce4 > This is already fixed and soon you will see it online. > 2) https://clearlinux.org/documentation/bundles_overview.html#to-see-a-list-of… > stated that to see the list of installed bundles an user can execute > 'swupd bundle-add --list' or 'ls /usr/share/clear/bundles'. > Unfortunetely the first one list ALL bundles (not the only installed > ones). > This is already fixed and soon you will see it online. > 3) https://clearlinux.org/documentation/vm-virtualbox.html stated that > for install Virtual Box guest addition an user should execute > 'install-vbox-lga'. Unfortunately that script requires 'which' that it > doesn't installed so it fails. I installed sysadmin-basic bundle and > now it works. > This is already fixed and soon you will see it online. > When do you will provide a public bug tracking system? > So far, Clear Linux will use the mailing list (ML) to do *bug report*, *request for improvements*, and *user support*. Thanks, for all your inputs, and when a bug is showed in the ML, all the Clear Linux team will work to get a solution. > Ciao, > Alessio -- Regards, Miguel Bernal Marin Open Source Technology Center https://clearlinux.org Intel Corporation

6 years, 7 months

1
0
0 0

Re: [Clr-dev] Clear Containers Queries

by Arjan van de Ven

On 10/11/2016 11:55 PM, Manideep Konakandla wrote: > Hey Team, > > This is Manideep from Carnegie Mellon University. I am doing research on container security from quite some time (results about which will be published sometime mid-March > or later). I came across clear containers recently and started exploring more on that. Would need some confirmations from your side so that I can proceed exploring more and > include about your work in my research. Please let me know if I get any of the below statements wrong. > > 1. When I use clear containers, there will be no necessity for namespaces and cgroups anymore. technically not, but we use some of them in our solution anyway for optimal compatibility with the traditional docker model > > 2. Clear containers will have their own kernel which is clear linux's kernel. They get it as a part of clear containers installation. Though it is solving the core security > problem of shared kernel in containers environment , the concept of space wastage (having multiple) kernels on the same host is still in place. do you mean disk space? yes some disk space is wasted. 20 megabytes or so.... disks are like 1Tb or so nowadays..... (if you meant memory, then most of this memory is shared between the various containers, and is not very big either, we did quite a bit of work to minimize this to a relatively small number) > > 3. Do the concept of KGT etc. comes in-built with Clear Linux? KGT? > > Also, I am assuming that TPM/TCB for containers (where docker daemon is also included in the process of boot verification process) is just an extension to already > existing TPM chip and has no relation to clear linux project. TPM can be used to further enhance the security of Clear Linux. correct > > 4. It would be of great help if you can let me know what all packages does Clear Linux comes up with? Does it trim most of the packages from Ubuntu or else keeps all of > them and then highly optimizes them? How does it work? Clear Linux (as in, the mini OS inside the clear container to bootstrap) is not based on Ubuntu, but is its own linux distribution. We've spent quite a bit of time to get that to be a very minimal install so that it starts fast and does not take up a lot of space. > > > -- > Regards, > * > * > *Manideep K* > *www.manideepk.com <http://www.manideepk.com>* > > > _______________________________________________ > Dev mailing list > Dev(a)lists.clearlinux.org > https://lists.clearlinux.org/mailman/listinfo/dev >

6 years, 7 months

2
1
0 0

Documentation issues report

by Alessio Igor Bogani

Hi all, 1) https://clearlinux.org/documentation/vm-virtualbox.html stated that the right command to start GUI is startx but AFAIK the right command is startxfce4 2) https://clearlinux.org/documentation/bundles_overview.html#to-see-a-list-of… stated that to see the list of installed bundles an user can execute 'swupd bundle-add --list' or 'ls /usr/share/clear/bundles'. Unfortunetely the first one list ALL bundles (not the only installed ones). 3) https://clearlinux.org/documentation/vm-virtualbox.html stated that for install Virtual Box guest addition an user should execute 'install-vbox-lga'. Unfortunately that script requires 'which' that it doesn't installed so it fails. I installed sysadmin-basic bundle and now it works. When do you will provide a public bug tracking system? Ciao, Alessio

6 years, 7 months

1
0
0 0

Clear Containers Queries

by Manideep Konakandla

Hey Team, This is Manideep from Carnegie Mellon University. I am doing research on container security from quite some time (results about which will be published sometime mid-March or later). I came across clear containers recently and started exploring more on that. Would need some confirmations from your side so that I can proceed exploring more and include about your work in my research. Please let me know if I get any of the below statements wrong. 1. When I use clear containers, there will be no necessity for namespaces and cgroups anymore. 2. Clear containers will have their own kernel which is clear linux's kernel. They get it as a part of clear containers installation. Though it is solving the core security problem of shared kernel in containers environment , the concept of space wastage (having multiple) kernels on the same host is still in place. 3. Do the concept of KGT etc. comes in-built with Clear Linux? Also, I am assuming that TPM/TCB for containers (where docker daemon is also included in the process of boot verification process) is just an extension to already existing TPM chip and has no relation to clear linux project. TPM can be used to further enhance the security of Clear Linux. 4. It would be of great help if you can let me know what all packages does Clear Linux comes up with? Does it trim most of the packages from Ubuntu or else keeps all of them and then highly optimizes them? How does it work? -- Regards, *Manideep K* *www.manideepk.com <http://www.manideepk.com>*

6 years, 7 months

1
0
0 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

Dev October 2016