[Help] Add kernel option
by J D
Hello,
I have CLR bare metal & clr-boot-manager.
What i can do to add "vsyscall=emulate" in kernel option all the time ?
I dont find where is grub :s
Thx guy.
3 years, 9 months
Thoughts on using GNOME extensions?
by Jorge Castro
Hi everyone,
I initially discovered clearlinux as a good way to try clear containers
with kubernetes, etc. and it's been great for that. As it turns the combo
of cloud bundles makes it an ideal desktop for me. I usually need the
latest version of cloud native tools and having a matching set on my laptop
as well as my servers is nice. I am not sure if I'm an edge case yet or
not. :D
I've been exploring a few ways to use GNOME extensions on my client
machines for quality-of-life and thought I'd share some thoughts.
<https://extensions.gnome.org/>
<https://extensions.gnome.org/>
https://extensions.gnome.org/ has the index of extensions. Installation of
the extension[1] for Firefox works, but there's a connector[2], which
builds fine but I can't seem to get it to work.
Another method is just building an extension locally. This tends to be hit
or miss, some of them are well documented and build easily, while some are
just dumped onto github.
In the latest Fedora Atomic I noticed that they had the GNOME extensions
just listed in a section of gnome-software, which means I didn't need to
bother with a browser extension or connector shim. Then I was thinking, if
you have that, you might as well include flathub.org for
gnome-software/flatpak as well and then that probably is a rabbit hole
towards a generic distribution so I'm not sure if that level of integration
is a goal for clearlinux.
So are people generally happy with the vanilla gnome experience or is
anyone else also building and playing around with extensions? The idea
being is if I can just get a few UI niggles out of the way with extensions
then I can just use the same distro across everything and not have version
drift. Thanks for your time!
[1]: https://addons.mozilla.org/en-US/firefox/addon/gnome-shell-integration/
[2]: https://wiki.gnome.org/Projects/GnomeShellIntegrationForChrome
/Installation
3 years, 9 months
Re: [Clr-dev] [PATCH clrtrust] Add clrtrust basic man page (1).
by Auke Kok
On 12/20/2017 01:02 PM, Arzhan Kinzhalin wrote:
> Thank you, Auke! I will add this to https://github.com/clearlinux/clrtrust .
>
> I was about to release a new version, so this comes in a convenient time.
> Thanks! My only concern is that it duplicates a lot of what is in README.md. So
> I think this needs to be a PR to https://github.com/clearlinux/clrtrust and
> clrtrust.1.md and README.md should be merged into one and fed to ronn.
>
Yes, we certainly can.
I would propose to keep the readme, but make it a document that covers
angles that the manual page doesn't cover:
- license statement
- some documentation on the internals on how it works (man pages are
generally opaque - they describe what it does, but generally not how)
- some simple use cases and things you can do with it
Then the readme can become the start of a webpage on the clearlinux.org
website, as well, and these documents work together better and can refer
to eachother.
Auke
3 years, 10 months
[PATCH clrtrust] Add clrtrust basic man page (1).
by Auke Kok
This basic .md formatted text serves as a starter UNIX man
page that covers the basics of `clrtrust` and covers the currently
implemented functionality. It borrows from the README.md where
appropriate.
The Makefile includes a necessary rule to create the roff formatted
output. Since we don't want to run `ronn` during packaging, we
ship the compiled output file as well. Developers modifying the
man page need to regenrate the output file by running `make`.
---
Makefile | 6 ++-
clrtrust.1 | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
clrtrust.1.md | 116 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 236 insertions(+), 1 deletion(-)
create mode 100644 clrtrust.1
create mode 100644 clrtrust.1.md
diff --git a/Makefile b/Makefile
index b976ebd..70b9e45 100644
--- a/Makefile
+++ b/Makefile
@@ -1,9 +1,13 @@
# Copyright 2017 Intel Corporation.
-all:
+all: clrtrust.1
@true
+clrtrust.1: clrtrust.1.md
+ ronn -r --pipe < clrtrust.1.md > clrtrust.1
+
install:
install -D --mode=0755 clrtrust ${INSTALL_ROOT}/usr/bin/clrtrust
+ install -D --mode=0644 clrtrust.1 ${INSTALL_ROOT}/usr/share/man/man1/clrtrust.1
check:
bats -t test
diff --git a/clrtrust.1 b/clrtrust.1
new file mode 100644
index 0000000..dec6707
--- /dev/null
+++ b/clrtrust.1
@@ -0,0 +1,115 @@
+.\" generated with Ronn/v0.7.3
+.\" http://github.com/rtomayko/ronn/tree/0.7.3
+.
+.TH "CLRTRUST" "1" "December 2017" "" ""
+.
+.SH "NAME"
+\fBclrtrust\fR \- The Clear Trust Store Management tool
+.
+.SH "SYNOPSIS"
+\fB/usr/bin/clrtrust\fR
+.
+.P
+\fBclrtrust\fR [OPTIONS\.\.\.] [COMMAND] [PARAMETERS\.\.\.]
+.
+.P
+\fB/var/cache/ca\-certs\fR
+.
+.SH "DESCRIPTION"
+Clear Linux* for Intel® Architecture implements a centralized TLS Trust Store for all its packages which use Transport Layer Security\. The trust store contains a set of trusted Root Certificate Authorities (CAs) which Clear Linux* should trust\. \fBclrtrust\fR tool provides a front\-end for the trust store management: it allows viewing, adding (trusting), removing (distrusting) CAs\. It also provides some maitenance commands such as re\-generating the trust store and checking its consistency\.
+.
+.SH "OPTIONS"
+The following options are understood:
+.
+.TP
+\fB\-\-help\fR, \fB\-h\fR:
+.
+.IP
+Prints a help message\.
+.
+.TP
+\fB\-\-verbose\fR, \fB\-v\fR:
+.
+.IP
+Verbose output of actions performed\.
+.
+.TP
+\fB\-\-force\fR, \fB\-f\fR:
+.
+.IP
+Overrides basic sanity checks and forces the command to complete even if these checks fail\.
+.
+.SH "COMMANDS"
+.
+.TP
+\fBadd\fR [FILENAME]:
+.
+.IP
+Add trust to the trust store for the provided Root CA\. The file must be a certificate file in the PEM\-encoded format, and have one certificate only\.
+.
+.IP
+If the filename is in a different format, you should convert the certificate into the PEM format with e\.g\. the openssl tool:
+.
+.IP
+\fBopenssl x509 \-in file\.cer \-inform der \-out file\.pem \-outform pem\fR
+.
+.TP
+\fBremove\fR [FILENAME|ID]:
+.
+.IP
+Removes trust for the provided Root CA\. The Root CA may be provided as the file (PEM\-encoded) as it was provided when it was added to the trust store, or it can be provided by the ID of the Root CA\. Use the \fBlist\fR command to find the ID of the Root CA\.
+.
+.TP
+\fBgenerate\fR:
+.
+.IP
+Regenerates the trust store\. Normally, this is not needed to be executed by users directly, as the distribution and the \fBadd\fR and \fBremove\fR commands already indirectly perform this action\. Use this command to ensure that the trust store is in a consistent state\.
+.
+.TP
+\fBlist\fR:
+.
+.IP
+Lists the contents of the trust store\. The command will output a brief summary of each certificate contained in the store, which looks as follows:
+.
+.IP
+\fBid: <fingerprint>\fR \fBFile: <path>\fR \fBAuthority: <authority section>\fR \fBExpires: <expiry date>\fR
+.
+.IP
+The \fBid\fR fingerprint uniquely identifies the certificate\. It can be passed to \fBclrtrust remove\fR as an argument to remove trust for a certificate\.
+.
+.IP
+The \fBFile\fR provides the exact file on disk where the certificate is stored as part of the trust store\. This is provided so that one may inspect the certificate in more detail with tools like \fBopenssl\fR:
+.
+.IP
+\fBopenssl x509 <path> \-noout \-text\fR
+.
+.IP
+The Authority field describes the Issuing party of the certificate, and contains the Name and Organization of the issuer\.
+.
+.IP
+The Expires field contains the date when the certificate expires\. After this date, the certificate will no longer be valid and will not be used to grant trust\.
+.
+.SH "EXIT STATUS"
+On success, 0 is returned, a non\-zero failure code otherwise\.
+.
+.SH "COPYRIGHT"
+.
+.IP "\(bu" 4
+Copyright (C) 2017 Intel Corporation, License: CC\-BY\-SA\-3\.0
+.
+.IP "" 0
+.
+.SH "SEE ALSO"
+\fBopenssl\fR(1)
+.
+.SH "BUGS"
+Report bugs to: \fBdev(a)lists\.clearlinux\.org\fR or visit \fBhttps://github\.com/clearlinux/clrtrust/issues\fR
+.
+.SH "NOTES"
+Creative Commons Attribution\-ShareAlike 3\.0 Unported
+.
+.IP "\(bu" 4
+http://creativecommons\.org/licenses/by\-sa/3\.0/
+.
+.IP "" 0
+
diff --git a/clrtrust.1.md b/clrtrust.1.md
new file mode 100644
index 0000000..364ff6d
--- /dev/null
+++ b/clrtrust.1.md
@@ -0,0 +1,116 @@
+clrtrust(1) -- The Clear Trust Store Management tool
+====================================================
+
+## SYNOPSIS
+
+`/usr/bin/clrtrust`
+
+`clrtrust` [OPTIONS...] [COMMAND] [PARAMETERS...]
+
+`/var/cache/ca-certs`
+
+## DESCRIPTION
+
+Clear Linux\* for Intel® Architecture implements a centralized
+TLS Trust Store for all its packages which use Transport Layer
+Security. The trust store contains a set of trusted Root Certificate
+Authorities (CAs) which Clear Linux\* should trust. `clrtrust` tool
+provides a front-end for the trust store management: it allows viewing,
+adding (trusting), removing (distrusting) CAs. It also provides some
+maitenance commands such as re-generating the trust store and checking
+its consistency.
+
+## OPTIONS
+
+The following options are understood:
+
+ * `--help`, `-h`:
+
+ Prints a help message.
+
+ * `--verbose`, `-v`:
+
+ Verbose output of actions performed.
+
+ * `--force`, `-f`:
+
+ Overrides basic sanity checks and forces the command to complete
+ even if these checks fail.
+
+## COMMANDS
+
+ * `add` [FILENAME]:
+
+ Add trust to the trust store for the provided Root CA. The file
+ must be a certificate file in the PEM-encoded format, and have one
+ certificate only.
+
+ If the filename is in a different format, you should convert the
+ certificate into the PEM format with e.g. the openssl tool:
+
+ `openssl x509 -in file.cer -inform der -out file.pem -outform pem`
+
+ * `remove` [FILENAME|ID]:
+
+ Removes trust for the provided Root CA. The Root CA may be provided as
+ the file (PEM-encoded) as it was provided when it was added to the trust
+ store, or it can be provided by the ID of the Root CA. Use the `list`
+ command to find the ID of the Root CA.
+
+ * `generate`:
+
+ Regenerates the trust store. Normally, this is not needed to be
+ executed by users directly, as the distribution and the `add` and
+ `remove` commands already indirectly perform this action. Use this
+ command to ensure that the trust store is in a consistent state.
+
+ * `list`:
+
+ Lists the contents of the trust store. The command will output a
+ brief summary of each certificate contained in the store, which
+ looks as follows:
+
+ `id: <fingerprint>`
+ ` File: <path>`
+ ` Authority: <authority section>`
+ ` Expires: <expiry date>`
+
+ The `id` fingerprint uniquely identifies the certificate. It can
+ be passed to `clrtrust remove` as an argument to remove trust for
+ a certificate.
+
+ The `File` provides the exact file on disk where the certificate
+ is stored as part of the trust store. This is provided so that one
+ may inspect the certificate in more detail with tools like `openssl`:
+
+ `openssl x509 <path> -noout -text`
+
+ The Authority field describes the Issuing party of the certificate,
+ and contains the Name and Organization of the issuer.
+
+ The Expires field contains the date when the certificate expires.
+ After this date, the certificate will no longer be valid and will
+ not be used to grant trust.
+
+## EXIT STATUS
+
+On success, 0 is returned, a non-zero failure code otherwise.
+
+## COPYRIGHT
+
+ * Copyright (C) 2017 Intel Corporation, License: CC-BY-SA-3.0
+
+## SEE ALSO
+
+`openssl`(1)
+
+## BUGS
+
+Report bugs to: `dev(a)lists.clearlinux.org` or visit
+`https://github.com/clearlinux/clrtrust/issues`
+
+## NOTES
+
+Creative Commons Attribution-ShareAlike 3.0 Unported
+
+ * http://creativecommons.org/licenses/by-sa/3.0/
--
2.15.1
3 years, 10 months
Redesigned clearlinux.org website
by Hutchinson, Ianeta
Hi Everyone,
The redesigned clearlinux.org<http://clearlinux.org/> website is live! This new website boasts the following improvements:
* Consolidates Clear Linux website content and the documentation coming from GitHub to double search engine ranking and improve the in-site searching experience
* Removes the last of any outdated/inaccurate Clear Containers and Ciao content
* Boasts a new “community” section to direct eager contributors or folks with questions
* Simplifies the Clear Linux content submission process for all contributors, widening the pipeline for fresh content.
* Implements Drupal 8 web components, enabling layout changes without web development expertise so we can completely redesign in minutes if we so choose.
* Provides a way to highlight content without duplicating it.
Please join me in thanking some of the folks responsible for these great changes:
Sphinx to Drupal and documentation consolidation approach – Rodrigo Caballero and Daniel Serna
Web architecture, Backend development, release management, infra first response – Daniel Serna
UX, imagery, and mockups – Jimena Flores
Frontend development - Noelia Nunez
Frontend style guides – Julio Rivera
Editors tutorial and content migration – Daniel Chacon
QA – Tom Leavitt
Server setup, install and config services, pre-prod testing & the move to production – Dave Hewitt
We greatly appreciate your work!
Please don’t hesitate to contact me with any questions or comments regarding the redesign. I have been noting minor bugs to be fixed in our first iteration coming very soon :)
Thanks!
Ianeta
3 years, 10 months
[PATCH clr-bundles] network-basic: add `iw`
by Auke Kok
iw is needed to enable some special bits on wireless interfaces from
the command line, as well as perform basic wireless configuration
actions.
---
bundles/network-basic | 1 +
1 file changed, 1 insertion(+)
diff --git a/bundles/network-basic b/bundles/network-basic
index 84d29d5..ee0550c 100644
--- a/bundles/network-basic
+++ b/bundles/network-basic
@@ -20,6 +20,7 @@ ipset
iptables
iptraf
iputils
+iw
irssi
links
net-tools
--
2.15.1
3 years, 10 months
[PATCH clr-bundles V3] add udisks2 to desktop bundle
by Leandro Dorileo
Gvfs will use its udisks2 monitor to handle automount.
---
bundles/desktop | 1 +
1 file changed, 1 insertion(+)
diff --git a/bundles/desktop b/bundles/desktop
index 6509b77..5a1c0df 100644
--- a/bundles/desktop
+++ b/bundles/desktop
@@ -70,6 +70,7 @@ pulseaudio
openconnect
systemd-hwdb
systemd-polkit
+udisks2
upower
which
wpa_supplicant
--
2.15.1
3 years, 10 months
[PATCH clr-bundles V2] add udisks2 to desktop bundle
by Leandro Dorileo
Gvfs will use its udisks2 monitor to handle automount.
---
bundles/desktop | 3 +++
1 file changed, 3 insertions(+)
diff --git a/bundles/desktop b/bundles/desktop
index 6509b77..d888962 100644
--- a/bundles/desktop
+++ b/bundles/desktop
@@ -119,6 +119,9 @@ nautilus
cups
thermal_daemon
+# volume/storage
+udisks2
+
# x.org bits
mesa
xf86-input-libinput
--
2.15.1
3 years, 10 months
[PATCH clr-bundles] dev-utils: add inotify-tools
by Matthew Johnson
inotify-tools provides a C library and a set of command-line programs
that provides a simple interface to inotify. These programs can be used
to monitory and act upon filesystem events.
Signed-off-by: Matthew Johnson <matthew.johnson(a)intel.com>
---
bundles/dev-utils | 1 +
1 file changed, 1 insertion(+)
diff --git a/bundles/dev-utils b/bundles/dev-utils
index 50dac9f..606dd7c 100644
--- a/bundles/dev-utils
+++ b/bundles/dev-utils
@@ -21,6 +21,7 @@ gdb
git
hub
icdiff
+inotify-tools
lcov
glibc-bin
linux-tools
--
2.15.1
3 years, 10 months
