System wide Python is now 3.12.3 && QEMU upgraded up to 9.0.0 on Manjaro Testing branch
Openstack RDO && KVM Hypervisor
Wednesday, May 1, 2024
Friday, April 19, 2024
Monday, April 15, 2024
Saturday, April 6, 2024
Precautionary measures at Manjaro Testing Branch in context of CVE-2024-3094
UPDATE as of 04/19/2024 Current status of Manjaro Testing
Your installation should go through phase
core 147.7 KiB 444 KiB/s 00:00 [##################################] 100%
extra 8.7 MiB 6.76 MiB/s 00:01 [##################################] 100%
multilib 144.9 KiB 315 KiB/s 00:00 [##################################] 100%
:: Some packages should be upgraded first...
resolving dependencies...
looking for conflicting packages...
Packages (1) archlinux-keyring-20240313-1
Total Download Size: 1.16 MiB
Total Installed Size: 1.66 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] Y
. . . . . . .
:: Replace baloo5 with extra/baloo? [Y/n] Y
:: Replace breeze with extra/breeze5? [Y/n] Y
:: Replace ksysguard with extra/plasma-systemmonitor? [Y/n] Y
:: Replace kuserfeedback5 with extra/kuserfeedback? [Y/n] Y
:: Replace oxygen with extra/oxygen5? [Y/n] Y
:: Replace plasma-integration with extra/plasma5-integration? [Y/n] Y
:: Replace plasma-wayland-session with extra/plasma-workspace? [Y/n] Y
:: Replace plasma5-themes-breath with extra/plasma6-themes-breath? [Y/n] Y
:: Replace plasma5-themes-breath-migration with extra/plasma6-themes-breath-migration? [Y/n] Y
resolving dependencies...
:: There are 2 providers available for qt6-multimedia-backend:
:: Repository extra
1) qt6-multimedia-ffmpeg 2) qt6-multimedia-gstreamer
Enter a number (default=1): 1
END UPDATE
Per https://forum.manjaro.org/t/xz-package-contains-a-vulnerability/159028/26
Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command:
ldd "$(command -v sshd)"
However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.
– Arch Linux - News: The xz package has been backdoored
On Manjaro Testing I was able only downgrade (say) to xz-5.4.6-1 and lib32-xz-5.4.6-1
Running https://github.com/cyclone-github/scripts/blob/main/xz_cve-2... on Manjaro Testing :-
Per https://archlinux.org/news/the-xz-package-has-been-backdoored/
It is strongly advised to do a full system upgrade right away if your system currently has xz
version 5.6.0-1
or 5.6.1-1
installed:
$ pacman -Syu
After running
on Manjaro stable KDE as of 04/06/24
$ sudo pacman-mirrors --api --set-branch testing
$ sudo pacman-mirrors --fasttrack 5 && sudo pacman -Syu
I obtained
$ pacman -Ss xz
core/xz 5.6.1-3 [installed]
Library and command line tools for XZ and LZMA compressed files
extra/pixz 1.0.7-4
Parallel, indexed xz compressor
multilib/lib32-xz 5.6.1-3 [installed]
Library and command line tools for XZ and LZMA compressed files (32-bit)
$ pacman -Ss lib32-xz
multilib/lib32-xz 5.6.1-3 [installed]
Library and command line tools for XZ and LZMA compressed files (32-bit)
Per link above version 5.6.1-3 was already fixed . I'd just skipped this notice ( 5.6.1-2 had been already fixed ). See first paragraph. So, there is no need to downgrade xz-5.6.1-3 and lib32-xz-5.6.1-3 on Manjaro Testing .
The most recent version of xz released for Arch Linux
Sunday, March 31, 2024
Virt-manager && Deploying KVM Guests in UEFI mode on AlmaLinux 9.3
The main purpose of this post is to demonstrate that the cockpit.service is not required for deploying KVM guests in UEFI mode on AlmaLinux 9.3, which has binary-compatibility with RHEL. Linux bridge for VMs has been installed via nmcli to avoid any involvement of cockpit.service. See for detailis http://lxer.com/module/newswire/view/338368/index.html Everything works on AlmaLinux 9.3 as on openSUSE Tumbleweed. KVM Setup on AlmaLinux 9.(X) follows standard guide lines.
When installing virt-manager, the presence of the Cockpit web console becomes optional. It's a good idea to have Cockpit Web Console installed, but it's not required. The presence of edk2-ovmf is required. We have the same situation with Tumbleweed, Ubuntu 22.04, Debian12.(X), Manjaro Linux 23.1.3
Thursday, March 28, 2024
Virt-manager vs Cockpit Web Console on Fedoras 40 Beta,39,38 and other Linux Flavors
Having virt-manager installed makes presence of Cockpit Web Console optional . It's nice to have Cockpit Console installed, however it is not required. Presence edk2-ovmf is a must. Situation is the same on Tumbleweed, Ubuntu 22.04, Debian 12.(X), Manjaro Linux 23.1.3
Install Cockpit Flatpak Client on Fedora 40 KDE (NIghtly build 03/27/24)
CONNECT VIA SSH TO SERVERS WITH COCKPIT
Cockpit Client provides a graphical interface to your servers, containers, and virtual machines. Connections are made over SSH, using the SSH configuration of the local user (including aliases, known hosts, key files, hardware tokens, etc).
The server needs to have Cockpit installed, but the Cockpit webserver doesn't need to be enabled, and no extra ports need to be opened. The primary process in a Cockpit Linux session is called cockpit-bridge. It translates operating system interfaces to a JSON stream protocol, which is used by Cockpit browser pages.
boris@fedora:~$ neofetch
.',;::::;,'. boris@fedora
.';:cccccccccccc:;,. ------------
.;cccccccccccccccccccccc;. OS: Fedora Linux 40 (Forty Prerelease) x86_64
.:cccccccccccccccccccccccccc:. Host: KVM/QEMU (Standard PC (Q35 + ICH9, 2009) pc-q35-8.1)
.;ccccccccccccc;.:dddl:.;ccccccc;. Kernel: 6.8.2-300.fc40.x86_64
.:ccccccccccccc;OWMKOOXMWd;ccccccc:. Uptime: 26 mins
.:ccccccccccccc;KMMc;cc;xMMc:ccccccc:. Packages: 2213 (rpm), 5 (flatpak)
,cccccccccccccc;MMM.;cc;;WW::cccccccc, Shell: bash 5.2.26
:cccccccccccccc;MMM.;cccccccccccccccc: Resolution: 1280x944
:ccccccc;oxOOOo;MMM0OOk.;cccccccccccc: DE: Plasma 6.0.2
cccccc:0MMKxdd:;MMMkddc.;cccccccccccc; WM: kwin
ccccc:XM0';cccc;MMM.;cccccccccccccccc' Icons: breeze [GTK2/3]
ccccc;MMo;ccccc;MMW.;ccccccccccccccc; Terminal: konsole
ccccc;0MNc.ccc.xMMd:ccccccccccccccc; CPU: AMD Ryzen 7 3700X (8) @ 3.600GHz
cccccc;dNMWXXXWM0::cccccccccccccc:, GPU: 00:01.0 Red Hat, Inc. Virtio 1.0 GPU
cccccccc;.:odl:.;cccccccccccccc:,. Memory: 3260MiB / 15590MiB
:cccccccccccccccccccccccccccc:'.
.:cccccccccccccccccccccc:;,..
'::cccccccccccccc::;,.
boris@fedora:~$ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
boris@fedora:~$ sudo flatpak install flathub org.cockpit_project.CockpitClient
Looking for matches…
Required runtime for org.cockpit_project.CockpitClient/x86_64/stable (runtime/org.gnome.Platform/x86_64/
45) found in remote flathub
Do you want to install it? [Y/n]: Y
org.cockpit_project.CockpitClient permissions:
ipc fallback-x11 wayland x11 dri
dbus access [1]
[1] org.freedesktop.Flatpak
ID Branch Op Remote Download
1. [✓] org.freedesktop.Platform.GL.default 23.08 i flathub 164.4 MB / 164.6 MB
2. [✓] org.freedesktop.Platform.GL.default 23.08-extra i flathub 18.5 MB / 164.6 MB
3. [✓] org.freedesktop.Platform.openh264 2.2.0 i flathub 886.7 kB / 944.3 kB
4. [✓] org.gnome.Platform.Locale 45 i flathub 18.1 kB / 369.6 MB
5. [✓] org.gnome.Platform 45 i flathub 316.4 MB / 378.2 MB
6. [✓] org.cockpit_project.CockpitClient stable i flathub 10.7 MB / 11.4 MB
Installation complete.
Initializing a connection with a remote virtual machine (via two Linux bridges)
boris@fedora:~$ flatpak run org.cockpit_project.CockpitClient
boris@fedora:~$ uname -a
Linux fedora 6.8.2-300.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 27 00:16:08 UTC 2024 x86_64 GNU/Linux
boris@fedora:~$ rpm -qa | grep plasma | grep discover
plasma-discover-libs-6.0.2-2.fc40.x86_64
plasma-discover-flatpak-6.0.2-2.fc40.x86_64
plasma-discover-offline-updates-6.0.2-2.fc40.x86_64
plasma-discover-6.0.2-2.fc40.x86_64
plasma-discover-packagekit-6.0.2-2.fc40.x86_64
plasma-discover-notifier-6.0.2-2.fc40.x86_64