After many years of excellent service by the Oregon State University Open Source Lab the CentOS Project has decided to migrate our web-based pastebin instance to a self-hosted platform running on our infrastructure. This has provided us the opportunity to move to a different solution based on the Stikked pastebin server which is a more modern solution with a number of features we felt would best benefit our user communities:
The web interface is available at https://paste.centos.org and from there you can paste content directly into the provided web form and optionally add your name or a paste title and even select the language of the paste if you wish the contents to be syntactically colored when displayed. You are able to select a number of time periods for the paste's lifetime from the dropdown selection and may opt to have the paste delete itself on view, so called "burn on view". The option also exists to encrypt your paste if you wish. After you submit the form you can share the resulting URL with others.
Additionally we've made a command line client, cpaste, available to enable pasting directly from your servers / desktops to our pastebin instance. This client is based on the Stikkit client by Petr Bena. This package is in our "extras" repository and can be installed with:
yum --enablerepo=extras install cpaste
Usage information can be retrieved with:
Examples illustrating how to how the command line client:
Paste a file directly to our server:
Paste a python code snippet with a title of "code snippet" and an author name of "John Q. Public"
cpaste -l python -t "code snippet" -a "John Q. Public" -i ~/src/project/code.py
Paste the standard output of a process and return only the paste's url:
~/bin/process | cpaste -s
One notable difference between the new and old instances is that the new instance supports paste lifetimes of up to one day only.
We hope you find the new service useful.
We would also like to thank OSUOSL for providing the old pastebin instance for the past many years.
The following CentOS Updates have been announced in the past week:
For timely notifications of releases, updates, and security advisories, subscribe to the CentOS-announce mailing list.
A few weeks ago, Fabian passed me the torch in our quest for a fully working EPEL rebuild for armhfp, that included access to the builders, the build system manager and a blind, unfunded trust that I wasn't going to break anything.
The plan up to that point was, "if it builds, great, if it doesn't, someone will have to fix it". Enter someone (me) completely clueless of what needed to be done and what I needed to know to actually do it.
Having absolutely no idea where to start, I decided to use repodiff against x86_64, to see if something really jumped at me and said "START HERE!!!!", but all it did was inform me of the hard truth, there were approximately 600 packages that were failing. I needed a quick win and an ego boost, and seeing that cinnamon was only missing a few rpms, I decided to start there.
A few days go by, the list keeps shrinking, I get a brutal fight to the death trying to bootstrap ghc, and finally I see the light at the end of the tunnel. With about 100 packages remaining, I start thinking that our plan wasn't that crazy after all.
Now, the list is 10 rpms long, and it is time to start testing everything. Since I have absolutely no idea what most of the packages that were built actually do, I have no way of testing, so please, install, test, break, fix and, most of all, report back.
If you already installed CentOS (and activated EPEL) using the instructions here, you should have everything you need to start hacking!!
Thanks for testing!
On February 1, 2019, we'll be holding our annual CentOS Dojo in Brussels, on the day before FOSDEM starts.
FOSDEM, as you probably know, is the annual Free and Open Source Developers European Meeting in Brussels - two days of presentations, projects, and hallway meetings with new and old friends.
For the last several years, CentOS has held a small meetup on the Friday before FOSDEM, and this year we'll once again be at the Marriott Grand Place, just a 3 minute walk from Grand Place in central Brussels. We'll have two tracks of CentOS-related content, and lots of space and time to meet other people in the CentOS community.
If you'd like to be on stage at this event, consider submitting a presentation here: https://goo.gl/forms/XkXbC2AZBgKvfDNF2
The call for presentations closes October 15th, 9am Eastern US time.
(A note from Brian Stinson, from the CI team.)
Some of you may know that the CentOS Community Build System, and CentOS CI Infrastructures are hosted in Raleigh, North Carolina.
I wanted to take this opportunity to let all of you know that outages are possible (but not expected) in the coming days as Hurricane Florence makes its way toward the US East coast. We are confident in the precautions taken by our datacenter vendor, and in the preparedness plans by our DC operations team.
If there happen to be outages, we will work to get things back as soon as we can.
When we consolidated all CentOS Distro builders in a new centralized setup, covering all arches (so basically x86_64, i386, ppc64le, ppc64, aarch64 and armhfp those days), we wanted also to add redundancy where it was possible to.
The interesting "SecureBoot" corner case came on the table and we had to find a different way to build the following packages:
The other reason why we considered rebuilding it is that the cert we were using has expired :
curl --location --silent https://github.com/CentOS/sig-core-SecureBoot/raw/master/CentOS_7/kernel/SOURCES/centos.cer | openssl x509 -inform der -text -noout|grep -A2 Validity
While technically it doesn't really matter for Secureboot itself, it was better to get a new key/cert rolled-in and use the new one for new builds.
That's where it's interesting as because shim embeds the certs in the Machine Owner Key (MOK), and that each other component used in the boot chain is validated against that (so grub2 first, then kernel and kernel modules) that means that once deployed , the new shim would not be able to boot previous grub2/kernel.
But there is a solution for that : instead of "embedding" only the new cert, we can have both the old one and new one, permitting us to still boot older kernels but also the new ones we'll build/push soon (built on the new build system), and that's what we used for that new shim package.
That's where we'd like you (SecureBoot users) to give us feedback about that new shim pkg. It was already validated on some hardware nodes, passed some QA tests, but we'd prefer to have more feedback.
Worth noting that such rebuild has also a patch that should fix an issue we had with shim not allowing to import key in MOK through mokutil (see https://bugs.centos.org/view.php?id=14050)
How can you test ?
If you're using UEFI with SecureBoot enabled , we have signed/pushed those pkgs to the CR repository (see https://wiki.centos.org/AdditionalResources/Repositories/CR)
That repo is by default disabled, but following command would let you update shim :
yum update shim --enablerepo=cr
Then reboot and it should work like before, so validating the boot chain (while still using grub2/kernel packages signed with previous key)
We'd appreciate feedback on this list, or #centos-devel on irc.freenode.net
I'd like to thank Patrick Uiterwijk and Peter Jones for their help for
the patch and validation for that shim
This Thursday we held our first Dojo at DevConf.us in Boston. We had about 40 people in attendance, and had 9 presenters on a variety of topics.
I want to particularly draw attention to our keynote, by Brendan Conoboy, who discussed the relationship - past and future - between Fedora, CentOS, and RHEL, which is more complicated than many people understand. But we're working on simplifying those relationships, and Brendan does a great job of explaining where we're headed, and why.
The details of this event are in the CentOS Wiki and are being updated with slides and videos as they become available. All of the videos are in the event playlist on Youtube - check back over the coming week as we upload the remainder of the talks.
Our next event will be held at CERN in Meyrin, Switzerland, in October. Details are available at cern.ch/centos and we expect to post the schedule in the coming week.
The CentOS Atomic SIG has released an updated version of CentOS Atomic Host (7.1807), an operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.
CentOS Atomic Host includes these core component versions:
CentOS Atomic Host is available as a VirtualBox or libvirt-formatted Vagrant box, or as an installable ISO, qcow2 or Amazon Machine image. For links to media, see the CentOS wiki.
If you’re running a previous version of CentOS Atomic Host, you can upgrade to the current image by running the following command:
The CentOS Atomic Host image follows the upstream Red Hat Enterprise Linux Atomic Host cadence. After sources are released, they’re rebuilt and included in new images. After the images are tested by the SIG and deemed ready, we announce them.
You’ll often find us in #atomic and/or #centos-devel if you have questions. You can also join the atomic-devel mailing list if you’d like to discuss the direction of Project Atomic, its components, or have other questions.
If you run into any problems with the images or components, feel free to ask on the centos-devel mailing list.
Have questions about using Atomic? See the atomic mailing list or find us in the #atomic channel on Freenode.
Save the date! February 1 in Brussels!
As we do each year, we are once again planning to host a CentOS Dojo in Brussels on Friday, February 1st, the day before FOSDEM 2019. Details about this event are on the CentOS wiki, and more details are being added all the time.
The Call for Presentations for this event is now open, and will be open until October 15th, 2018.
CentOS Dojos are one-day (or, occasionally, two-day) events that bring together people from the CentOS community to talk about systems administration, best practices, and emerging technologies, and bring the community closer together.