The following CentOS Updates have been announced in the past week:

For timely notifications of releases, updates, and security advisories, subscribe to the CentOS-announce mailing list.

A few weeks ago, Fabian passed me the torch in our quest for a fully working EPEL rebuild for armhfp, that included access to the builders, the build system manager and a blind, unfunded trust that I wasn't going to break anything.

The plan up to that point was, "if it builds, great, if it doesn't, someone will have to fix it". Enter someone (me) completely clueless of what needed to be done and what I needed to know to actually do it.

Having absolutely no idea where to start, I decided to use repodiff against x86_64, to see if something really jumped at me and said "START HERE!!!!", but all it did was inform me of the hard truth, there were approximately 600 packages that were failing. I needed a quick win and an ego boost, and seeing that cinnamon was only missing a few rpms, I decided to start there.

A few days go by, the list keeps shrinking, I get a brutal fight to the death trying to bootstrap ghc, and finally I see the light at the end of the tunnel. With about 100 packages remaining, I start thinking that our plan wasn't that crazy after all.

Now, the list is 10 rpms long, and it is time to start testing everything. Since I have absolutely no idea what most of the packages that were built actually do, I have no way of testing, so please, install, test, break, fix and, most of all, report back.

If you already installed CentOS (and activated EPEL) using the instructions here, you should have everything you need to start hacking!!

Thanks for testing!
Pablo.

On February 1, 2019, we'll be holding our annual CentOS Dojo in Brussels, on the day before FOSDEM starts.

FOSDEM, as you probably know, is the annual Free and Open Source Developers European Meeting in Brussels - two days of presentations, projects, and hallway meetings with new and old friends.

For the last several years, CentOS has held a small meetup on the Friday before FOSDEM, and this year we'll once again be at the Marriott Grand Place, just a 3 minute walk from Grand Place in central Brussels. We'll have two tracks of CentOS-related content, and lots of space and time to meet other people in the CentOS community.

If you'd like to be on stage at this event, consider submitting a presentation here: https://goo.gl/forms/XkXbC2AZBgKvfDNF2

The call for presentations closes October 15th, 9am Eastern US time.

(A note from Brian Stinson, from the CI team.)

Some of you may know that the CentOS Community Build System, and CentOS CI Infrastructures are hosted in Raleigh, North Carolina.

I wanted to take this opportunity to let all of you know that outages are possible (but not expected) in the coming days as Hurricane Florence makes its way toward the US East coast. We are confident in the precautions taken by our datacenter vendor, and in the preparedness plans by our DC operations team.

If there happen to be outages, we will work to get things back as soon as we can.

Cheers!

Dear CentOS enthusiast,

Here's what's been happening in the past month at CentOS

Releases and Updates

The following releases and updates happened in August. For each update, the given URL provides the upstream notes about the change.

Releases

We're pleased to announce the following releases in August:

Errata and Enhancements Advisories

We issued the following CEEAs (CentOS Errata and Enhancement Advisory) during August:

Errata and Security Advisories

We issued the following CESAs (CentOS Errata and Security Advisory) during August:

Errata and Bugfix Advisories

We issued the following CEBAs (CentOS Errata and Bugfix Advisory) during August:

SIG Updates

SIGs - Special Interest Groups - are where people work on the stuff that runs on top of CentOS. Here's some of the highlights from a few of our SIGs from the past month

Platform as a Service (PaaS) SIG

  • Origin 3.10 released, work on 3.11 is in progress
  • Introducing fkluknav as new SIG member
  • Discussing consuming Ansible RPMs from the Config Management SIG
  • Ricardo Martinelli presented at the CentOS Dojo at DevConf.us (video, slides)

NFV SIG

  • dpdk 17.11 is in buildlogs
  • vpp 17.10 is in buildlogs
  • OpenVswitch 2.9.2 is in buildlogs

Virtualization SIG

  • Switching to Xen 4.8
  • Xen 4.10 is available in testing

SIG Reporting

If your SIG wants a report to appear in the newsletter, send your report to the centos-devel mailing list with a subject line containing "XYZ SIG Report" (where "XYZ" is the name of your SIG), and we'll include it in upcoming newsletters.

SIG meeting minutes may be read in full in the MeetBot IRC archive.

Events

CentOS participates in many events, in various capacities, in order to build our local communities all over the world.

Recent

In August, we were at three large events:

On August 4th through 5th, DevConf.in was held in Bengaluru, India, and CentOS was there, sharing space with Fedora. DevConf is an annual developers conference which is held in three different locations around the world.

Speaking of which, later in the month we also were at DevConf.US in Boston. This was the first DevConf in North America, and we were delighted to be there.

In addition to the main event, we ran a Dojo on the day before, with presentations covering a wide range of topics. The videos from all of the presentations at the event are now on our YouTube channel.

And, in the last week of August, we were at Open Source Summit North America in Vancouver. OSSummit is a great event in that we get a lot of people that may be either new to Linux, or at least to CentOS, and so we have the chance to teach them. But there's also representation from a huge range of industries, and so we get to learn about how CentOS is being used in many different applications.

(If you have photos from any of these events, please consider adding them to the CentOS group on Flickr.)

Upcoming

September looks pretty quiet on the events front (please tell me if you know of any relevant events!), but in October we have two great events.

First, we have the CentOS Dojo at CERN, on October 19th. This is a full day of CentOS technical talks at the legendary CERN facility in Meyrin, Switzerland. Like last year, there's an emphasis on cloud computing, but other topics are also covered. The schedule is published, and registration is open!

The following week, we'll be in Edinburgh for the Open Source Summit Europe. That's a week-long event covering a wide range of technical content around Linux and open source.

We hope to see you there!

Contributing to CentOS Pulse

We are always on the look-out for people who are interested in helping to:

  • report on CentOS community activity
  • provide a report from the SIG on which you participate
  • maintain a (sub-)section of the newsletter
  • write an article on an interesting person or topic
  • provide the hint, tip or trick of the month

Please see the page with further information about contributing. You can also contact the Promotion SIG, or just email Rich directly (rbowen@centosproject.org) with ideas or articles that you'd like to see in the next newsletter.

 

When we consolidated all CentOS Distro builders in a new centralized setup, covering all arches (so basically x86_64, i386, ppc64le, ppc64, aarch64 and armhfp those days), we wanted also to add redundancy where it was possible to.

The interesting "SecureBoot" corner case came on the table and we had to find a different way to build the following packages:

  •  shim (both signed and unsigned
  • grub2
  • fwupdate
  • kernel

The other reason why we considered rebuilding it is that the cert we were using has expired :

curl --location --silent https://github.com/CentOS/sig-core-SecureBoot/raw/master/CentOS_7/kernel/SOURCES/centos.cer | openssl x509 -inform der -text -noout|grep -A2 Validity

While technically it doesn't really matter for Secureboot itself, it was better to get a new key/cert rolled-in and use the new one for new builds.

That's where it's interesting as because shim embeds the certs in the Machine Owner Key (MOK), and that each other component used in the boot chain is validated against that (so grub2 first, then kernel and kernel modules) that means that once deployed , the new shim would not be able to boot previous grub2/kernel.

But there is a solution for that : instead of "embedding" only the new cert, we can have both the old one and new one, permitting us to still boot older kernels but also the new ones we'll build/push soon (built on the new build system), and that's what we used for that new shim package.

That's where we'd like you (SecureBoot users) to give us feedback about that new shim pkg. It was already validated on some hardware nodes, passed some QA tests, but we'd prefer to have more feedback.

Worth noting that such rebuild has also a patch that should fix an issue we had with shim not allowing to import key in MOK through mokutil (see https://bugs.centos.org/view.php?id=14050)

How can you test ?

If you're using UEFI with SecureBoot enabled , we have signed/pushed those pkgs to the CR repository (see https://wiki.centos.org/AdditionalResources/Repositories/CR)

That repo is by default disabled, but following command would let you update shim :

yum update shim --enablerepo=cr

Then reboot and it should work like before, so validating the boot chain (while still using grub2/kernel packages signed with previous key)

We'd appreciate feedback on this list, or #centos-devel on irc.freenode.net

I'd like to thank Patrick Uiterwijk and Peter Jones for their help for
the patch and validation for that shim

This Thursday we held our first Dojo at DevConf.us in Boston. We had about 40 people in attendance, and had 9 presenters on a variety of topics.

I want to particularly draw attention to our keynote, by Brendan Conoboy, who discussed the relationship - past and future - between Fedora, CentOS, and RHEL, which is more complicated than many people understand. But we're working on simplifying those relationships, and Brendan does a great job of explaining where we're headed, and why.

The details of this event are in the CentOS Wiki and are being updated with slides and videos as they become available. All of the videos are in the event playlist on Youtube - check back over the coming week as we upload the remainder of the talks.

Our next event will be held at CERN in Meyrin, Switzerland, in October. Details are available at cern.ch/centos and we expect to post the schedule in the coming week.

The CentOS Atomic SIG has released an updated version of CentOS Atomic Host (7.1807), an operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

CentOS Atomic Host includes these core component versions:

  • atomic-1.22.1-22.git5a342e3.el7.x86_64
  • cloud-init-0.7.9-24.el7.centos.1.x86_64
  • docker-1.13.1-68.gitdded712.el7.centos.x86_64
  • etcd-3.2.22-1.el7.x86_64
  • flannel-0.7.1-4.el7.x86_64
  • kernel-3.10.0-862.11.6.el7.x86_64
  • ostree-2018.5-1.el7.x86_64
  • rpm-ostree-client-2018.5-1.atomic.el7.x86_64

Download CentOS Atomic Host

CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. For links to media, see the CentOS wiki.

Upgrading

If you’re running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:

# atomic host upgrade

Release Cycle

The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they’re rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.

Getting Involved

CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. If you’d like to work on testing images, help with packaging, documentation – join us!

You’ll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you’d like to discuss the direction of Project Atomic, its components, or have other questions.

Getting Help

If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.

Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.

Save the date! February 1 in Brussels!

As we do each year, we are once again planning to host a CentOS Dojo in Brussels on Friday, February 1st, the day before FOSDEM 2019. Details about this event are on the CentOS wiki, and more details are being added all the time.

The Call for Presentations for this event is now open, and will be open until October 15th, 2018.

CentOS Dojos are one-day (or, occasionally, two-day) events that bring together people from the CentOS community to talk about systems administration, best practices, and emerging technologies, and bring the community closer together.

It's time for another community newsletter. As always, we have lots of
information about upcoming events, recent releases, and what our SIGs
(Special Interest Groups) are working on.

You can read the newsletter at https://wiki.centos.org/Newsletter/1803

Past editions of the newsletter, as well as information about how you
can contribute, is available at http://wiki.centos.org/Newsletter

In the coming months, we'd like to feature articles from you, the users
of CentOS, about what you're doing on top of this great platform.

Talk to you next month!

Rich, for the CentOS Newsletter team