Friday, April 19, 2024
Monday, April 15, 2024
Saturday, April 6, 2024
Precautionary measures at Manjaro Testing Branch in context of CVE-2024-3094
UPDATE as of 04/19/2024 Current status of Manjaro Testing
Your installation should go through phase
core 147.7 KiB 444 KiB/s 00:00 [##################################] 100%
extra 8.7 MiB 6.76 MiB/s 00:01 [##################################] 100%
multilib 144.9 KiB 315 KiB/s 00:00 [##################################] 100%
:: Some packages should be upgraded first...
resolving dependencies...
looking for conflicting packages...
Packages (1) archlinux-keyring-20240313-1
Total Download Size: 1.16 MiB
Total Installed Size: 1.66 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] Y
. . . . . . .
:: Replace baloo5 with extra/baloo? [Y/n] Y
:: Replace breeze with extra/breeze5? [Y/n] Y
:: Replace ksysguard with extra/plasma-systemmonitor? [Y/n] Y
:: Replace kuserfeedback5 with extra/kuserfeedback? [Y/n] Y
:: Replace oxygen with extra/oxygen5? [Y/n] Y
:: Replace plasma-integration with extra/plasma5-integration? [Y/n] Y
:: Replace plasma-wayland-session with extra/plasma-workspace? [Y/n] Y
:: Replace plasma5-themes-breath with extra/plasma6-themes-breath? [Y/n] Y
:: Replace plasma5-themes-breath-migration with extra/plasma6-themes-breath-migration? [Y/n] Y
resolving dependencies...
:: There are 2 providers available for qt6-multimedia-backend:
:: Repository extra
1) qt6-multimedia-ffmpeg 2) qt6-multimedia-gstreamer
Enter a number (default=1): 1
END UPDATE
Per https://forum.manjaro.org/t/xz-package-contains-a-vulnerability/159028/26
Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command:
ldd "$(command -v sshd)"
However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.
– Arch Linux - News: The xz package has been backdoored
On Manjaro Testing I was able only downgrade (say) to xz-5.4.6-1 and lib32-xz-5.4.6-1
Running https://github.com/cyclone-github/scripts/blob/main/xz_cve-2... on Manjaro Testing :-
Per https://archlinux.org/news/the-xz-package-has-been-backdoored/
It is strongly advised to do a full system upgrade right away if your system currently has xz
version 5.6.0-1
or 5.6.1-1
installed:
$ pacman -Syu
After running
on Manjaro stable KDE as of 04/06/24
$ sudo pacman-mirrors --api --set-branch testing
$ sudo pacman-mirrors --fasttrack 5 && sudo pacman -Syu
I obtained
$ pacman -Ss xz
core/xz 5.6.1-3 [installed]
Library and command line tools for XZ and LZMA compressed files
extra/pixz 1.0.7-4
Parallel, indexed xz compressor
multilib/lib32-xz 5.6.1-3 [installed]
Library and command line tools for XZ and LZMA compressed files (32-bit)
$ pacman -Ss lib32-xz
multilib/lib32-xz 5.6.1-3 [installed]
Library and command line tools for XZ and LZMA compressed files (32-bit)
Per link above version 5.6.1-3 was already fixed . I'd just skipped this notice ( 5.6.1-2 had been already fixed ). See first paragraph. So, there is no need to downgrade xz-5.6.1-3 and lib32-xz-5.6.1-3 on Manjaro Testing .
The most recent version of xz released for Arch Linux
Sunday, March 31, 2024
Virt-manager && Deploying KVM Guests in UEFI mode on AlmaLinux 9.3
The main purpose of this post is to demonstrate that the cockpit.service is not required for deploying KVM guests in UEFI mode on AlmaLinux 9.3, which has binary-compatibility with RHEL. Linux bridge for VMs has been installed via nmcli to avoid any involvement of cockpit.service. See for detailis http://lxer.com/module/newswire/view/338368/index.html Everything works on AlmaLinux 9.3 as on openSUSE Tumbleweed. KVM Setup on AlmaLinux 9.(X) follows standard guide lines.
When installing virt-manager, the presence of the Cockpit web console becomes optional. It's a good idea to have Cockpit Web Console installed, but it's not required. The presence of edk2-ovmf is required. We have the same situation with Tumbleweed, Ubuntu 22.04, Debian12.(X), Manjaro Linux 23.1.3
Thursday, March 28, 2024
Virt-manager vs Cockpit Web Console on Fedoras 40 Beta,39,38 and other Linux Flavors
Having virt-manager installed makes presence of Cockpit Web Console optional . It's nice to have Cockpit Console installed, however it is not required. Presence edk2-ovmf is a must. Situation is the same on Tumbleweed, Ubuntu 22.04, Debian 12.(X), Manjaro Linux 23.1.3
Install Cockpit Flatpak Client on Fedora 40 KDE (NIghtly build 03/27/24)
CONNECT VIA SSH TO SERVERS WITH COCKPIT
Cockpit Client provides a graphical interface to your servers, containers, and virtual machines. Connections are made over SSH, using the SSH configuration of the local user (including aliases, known hosts, key files, hardware tokens, etc).
The server needs to have Cockpit installed, but the Cockpit webserver doesn't need to be enabled, and no extra ports need to be opened. The primary process in a Cockpit Linux session is called cockpit-bridge. It translates operating system interfaces to a JSON stream protocol, which is used by Cockpit browser pages.
boris@fedora:~$ neofetch
.',;::::;,'. boris@fedora
.';:cccccccccccc:;,. ------------
.;cccccccccccccccccccccc;. OS: Fedora Linux 40 (Forty Prerelease) x86_64
.:cccccccccccccccccccccccccc:. Host: KVM/QEMU (Standard PC (Q35 + ICH9, 2009) pc-q35-8.1)
.;ccccccccccccc;.:dddl:.;ccccccc;. Kernel: 6.8.2-300.fc40.x86_64
.:ccccccccccccc;OWMKOOXMWd;ccccccc:. Uptime: 26 mins
.:ccccccccccccc;KMMc;cc;xMMc:ccccccc:. Packages: 2213 (rpm), 5 (flatpak)
,cccccccccccccc;MMM.;cc;;WW::cccccccc, Shell: bash 5.2.26
:cccccccccccccc;MMM.;cccccccccccccccc: Resolution: 1280x944
:ccccccc;oxOOOo;MMM0OOk.;cccccccccccc: DE: Plasma 6.0.2
cccccc:0MMKxdd:;MMMkddc.;cccccccccccc; WM: kwin
ccccc:XM0';cccc;MMM.;cccccccccccccccc' Icons: breeze [GTK2/3]
ccccc;MMo;ccccc;MMW.;ccccccccccccccc; Terminal: konsole
ccccc;0MNc.ccc.xMMd:ccccccccccccccc; CPU: AMD Ryzen 7 3700X (8) @ 3.600GHz
cccccc;dNMWXXXWM0::cccccccccccccc:, GPU: 00:01.0 Red Hat, Inc. Virtio 1.0 GPU
cccccccc;.:odl:.;cccccccccccccc:,. Memory: 3260MiB / 15590MiB
:cccccccccccccccccccccccccccc:'.
.:cccccccccccccccccccccc:;,..
'::cccccccccccccc::;,.
boris@fedora:~$ flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
boris@fedora:~$ sudo flatpak install flathub org.cockpit_project.CockpitClient
Looking for matches…
Required runtime for org.cockpit_project.CockpitClient/x86_64/stable (runtime/org.gnome.Platform/x86_64/
45) found in remote flathub
Do you want to install it? [Y/n]: Y
org.cockpit_project.CockpitClient permissions:
ipc fallback-x11 wayland x11 dri
dbus access [1]
[1] org.freedesktop.Flatpak
ID Branch Op Remote Download
1. [✓] org.freedesktop.Platform.GL.default 23.08 i flathub 164.4 MB / 164.6 MB
2. [✓] org.freedesktop.Platform.GL.default 23.08-extra i flathub 18.5 MB / 164.6 MB
3. [✓] org.freedesktop.Platform.openh264 2.2.0 i flathub 886.7 kB / 944.3 kB
4. [✓] org.gnome.Platform.Locale 45 i flathub 18.1 kB / 369.6 MB
5. [✓] org.gnome.Platform 45 i flathub 316.4 MB / 378.2 MB
6. [✓] org.cockpit_project.CockpitClient stable i flathub 10.7 MB / 11.4 MB
Installation complete.
Initializing a connection with a remote virtual machine (via two Linux bridges)
boris@fedora:~$ flatpak run org.cockpit_project.CockpitClient
boris@fedora:~$ uname -a
Linux fedora 6.8.2-300.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 27 00:16:08 UTC 2024 x86_64 GNU/Linux
boris@fedora:~$ rpm -qa | grep plasma | grep discover
plasma-discover-libs-6.0.2-2.fc40.x86_64
plasma-discover-flatpak-6.0.2-2.fc40.x86_64
plasma-discover-offline-updates-6.0.2-2.fc40.x86_64
plasma-discover-6.0.2-2.fc40.x86_64
plasma-discover-packagekit-6.0.2-2.fc40.x86_64
plasma-discover-notifier-6.0.2-2.fc40.x86_64
Wednesday, March 27, 2024
Just one question regarding old post RDO Liberty / Mitaka Set up for three Nodes (Controller+Network+Compute) ML2&OVS&VXLAN on CentOS 7.2
As of now number of reads is equal 8274 . Since 2015 nine years have passed and I cannot unsterstand why people are still reading it . I mean this post https://dbaxps.blogspot.com/2015/10/rdo-liberty-set-up-for-three-nodes.html
How could packstack be interesting in meantime, unless RH brought it back to life ? I am not aware of Packstack's status this days.
Saturday, March 23, 2024
Fedora 40 KDE ( server-netinst-20240322.n.0) vs KDE Plasma 6.0.2 port to Manjaro 23.1
UPDATE as of 03/27/2024
The most radical means of solving all problems would be to switch to Fedora 40 Beta either openSUSE Tumbleweed
END UPDATE
UPDATE as of 03/25/2024
KDE Plasma 6.0.2 may be ported to Manjaro 23.1 by commands
$ sudo pacman-mirrors --api --set-branch testing
$ sudo pacman -Scc
$ sudo pacman-mirrors --fasttrack 5 && sudo pacman -Syu
If you are getting error :
error: failed to prepare transaction (could not satisfy dependencies)
:: installing pacman (6.1.0-4) breaks dependency 'libalpm.so=13-64' required by libpamac
Switch back to sudo pacman -Syyu . This error turns from random to regular for me. At the time of writing you are supposed to get message - Total (0/673) regarding number of packages ready to be installed .
Per advise of oioi@https://forum.manjaro.org/t/i-tested-kde-6-oh-my-oh-my-you-will-be-sorry-here-come-some-discoveries/158436/24 I issued `sudo pacman -S qt6-imageformats` :-
- webp :
qt5-imageformats
→qt6-imageformats
- gimp :
kimageformats5
→kimageformats
What actually is going on when this install happens on CachyOS 2024.3
$ sudo pacman -S qt6-imageformats
[sudo] password for boris:
resolving dependencies...
looking for conflicting packages...
Package (2) New Version Net Change Download Size
cachyos-extra-v3/libmng 2.0.3-3.1 0.75 MiB 0.21 MiB
cachyos-extra-v3/qt6-imageformats 6.6.2-1.1 0.30 MiB 0.06 MiB
Total Download Size: 0.27 MiB
Total Installed Size: 1.05 MiB
:: Proceed with installation? [Y/n] Y
It fixes the problem on Manjaro testing all the way around . VENV screenshot first
I also believe that explanation provided at https://unix.stackexchange.com/questions/762064/what-is-the-different-between-pacman-syu-syyu-and-syuu is correct
-yy
, it is generally not recommended. Use it only if you're having problems with your mirror. Unless your mirror is acting up and you want to switch mirrors, there is no reason to re-download every package DB file in its entirety every time you want to do an upgrade. You might want to use it when switching mirrors so that all your package DB files are consistent.END UPDATE
Porting KDE Plasma 6.0.2 to Manjaro 23.1 was performed by commands
$ sudo pacman-mirrors --api --set-branch testing
$ sudo pacman -Scc
$ sudo pacman-mirrors --fasttrack 5 && sudo pacman -Syyu
I may confirm the issue mentioned in https://forum.manjaro.org/t/i-tested-kde-6-oh-my-oh-my-you-will-be-sorry-here-come-some-discoveries/158436
Quoting the post on forum.mangaro.org above:
<<So after update (pacman -Syyu) you have no webp thumbnails in Dolphin and Gwenview cannot display those photos (webp). What will a typical user do? >>
I've also tested with no problems opening *.webp files via Dolphin on the most recent fedora 40 KDE nightly build. See snapshot :-
Attempt to open *.webp file via Dolphin KDE Plasma 6.0.2 port to Manjaro 23.1
Same test on openSUSE Tumbleweed
Same test on CachyOS 2024.3 (Arch Linux clone) and failure again. Clean KVM Guest was deployed , no user's porting
Neon KDE as of 03/21 performs just fine