Home Home > Distribution
Sign up | Login

Deprecation notice: openSUSE Lizards user blog platform is deprecated, and will remain read only for the time being. Learn more...

Archive for the ‘Distribution’ Category

Newer Entries »

LRL UK 08 – Not The Last

July 21st, 2008 by

So LUG Radio Live UK is over for another year, yes the event will be back next year but not the podcast.  openSUSE were represented by yours truly and Roger Whittaker (also representing the Big N), and to be honest I didn’t have to get my baseball bat out once to get people to come by – I was slightly disappointed with that as knocking some sense into some of those Ubuntu zombies would have been fun 😛  Part of the reason may have been the fact that the Furry Geekos were out in force

March of the Geekos

Roger also did a sterling job of getting the new openSUSE 11.0 Live/Installable DVD into almost all the “NutSacks” (The bags attendees received when entering the event).  Those that didn’t get one in there pretty quickly came over to ensure they did get one.  Everyone agreed that we had the best mascot and the best swag, talking of which can anyone guess what this is?

Mystery Swag

Only a few folk were lucky enough to get one, and to be honest it is a much better one than what RedHat/Fedora were dishing out.  It is of course a USB stick

Mystery Swag Revealed

Another piece of openSUSE swag that was being dished out but not by us was the Linux Magazine openSUSE 11.0 Special.  This is actually quite a good issue and is a great companion for anyone new to the distro.  I have a couple that I can send to people (UK/Europe preferably due to cost) if requested.  The issue was created aimed predominantly at the US market where Linux Magazine is trying to get a foot hold:

Linux Magazine openSUSE 11.0 Special Edition

Wandering around, I spoke to quite a lot of people about Linux in general and openSUSE and the feedback from people was tremendous.  Those that have actually tried 11.0 really really like it, and those that haven’t were adamant that they would.  So much so that one rather intimidating chap mentioned that “A friend of mine needed to re-install her machine and she was very scared of the process, I gave her a DVD of 10.3 and told her to ring me if she was stuck.  She rang me a short while later and exclaimed at how easy and straight forward it was.  She hasn’t looked back since!” The praise also came from a fair few die hards of other distros, which was pleasant to see and hear.  There was a friendly swag exchange with RedHat and Fedora, although their offering was pretty poor in comparison but still better than Ubuntu who had nothing but a type of crummy sticker and a million and one CDs of assorted variants of the same crud 🙂  The Fedora guys took it upon themselves to try and sully the image and spirit of our beloved Geeko by hanging it by one of their lanyards

Hung Geeko

Thankfully the kind chaps from Debian rescued it, although I’m pretty sure it was for their own gains.  The atmosphere was light hearted and pleasent with no trolls in sight or in earshot.  This even extended to my lightning talk which was pretty well attended, around 30 people almost none of which were involved with openSUSE in any way.  You can get my slides here, and there will be a video of it shortly.

All in all it was a fairly good weekend, and from an openSUSE perspective a very productive one 😉  I would like to thank Roger for his hard work in doing the stand, helping out and support as well as for the photos (some of which I used here).  I would also like to thank Zonker and Novell for arranging for the brilliant swag and DVDs, without which we could have looked like dull dorks.  Till next year!

Tags: ,
Posted in Distribution, Events, Marketing | 5 Comments »

openSUSE Gets the JeOS

July 16th, 2008 by

openSUSE is great for the desktop, great for the server, and now it’s ready to take on appliances — and we don’t mean toasters and blenders. No, we’re talking about software appliances — virtual machine images that come pre-configured with the application you want to use, without any of the hassle normally associated with installing an application.

If you’re interested in building a virtual appliance, or have another use for a minimal operating system, read on to learn about openSUSE LimeJeOS.

What is LimeJeOS?

LimeJeOS is the openSUSE version of JeOS. The term JeOS (“Just enough Operating System”) refers to a customized operating system that precisely fits the needs of a particular application. LimeJeOS includes only the pieces of an operating system required to support a particular application and any other third-party components contained in the appliance. This makes the appliance smaller, more efficient, more secure, and offers better performance than an application running under a full, general-purpose operating system.

As the name suggests, “LimeJeOS” itself is not an appliance or an operating system; it is just the base for various possible appliances. LimeJeOS contains just the very basic parts of an operating system. The major goal is to make the system as small as possible while providing the possibility to install additional software. A LimeJeOS system itself is not very useful without additional packages. Besides an editor (a stripped version of vi) it just contains a package manager that allows the actual applications to be installed. Of course all the usual repositories can be used for that purpose; just with a regular, full-size Linux distribution.

What is the difference between SLE JeOS and LimeJeOS?

SUSE Linux Enterprise JeOS relates to LimeJeOS just like openSUSE relates to SLES. In fact, SLE JeOS is built from the latest version of SLES while LimeJeOS is built from the latest version of openSUSE. While LimeJeOS provides the latest state of the openSUSE distribution, SLE JeOS will offer all the services and support that is also available for SLES.

Which one should you use? If you’re working on a virtual appliance for a project that won’t require commercial support, and you want to track the latest in open source, openSUSE is the version for you.

If you’re working on a project that’s likely to need support, then you probably want to go with SUSE Linux Enterprise JeOS.

Where can I get LimeJeOS?

LimeJeOS is built using kiwi. The configuration files are managed via Subversion and are available at: https://forgesvn1.novell.com/svn/opensuse/trunk/distribution/images/LimeJeOS/

In the future we plan to create a regular package (RPM) and add it to the openSUSE build service, so that the latest version is always created automatically with the latest software versions in openSuSE.

How to build LimeJeOS?

Check out the current version of LimeJeOS using the following commands:

svn co https://forgesvn1.novell.com/svn/opensuse/trunk/distribution/images/LimeJeOS

Make sure you have the needed kiwi packages installed. You will need at least: kiwi, kiwi-tools and kiwi-desc-vmxboot and/or kiwi-desc-xenboot from http://download.opensuse.org/repositories/openSUSE:/Tools/. When those conditions are met, building the openJeOS images is accomplished by just running the “./build.sh” script from the LimeJeOS repository.

./build.sh

Please note that the build process will need at least twice as much diskspace as the final images, so you’ll need around 2 GB of free disk space at this time to build Lime JeOS.

After you have booted the virtual system, log in as user “root” with password “linux”.

Posted in Distribution, Server, Virtualization | 5 Comments »

Package Management Security on openSUSE

July 16th, 2008 by

There has been a report (with further information at this page and at the FAQ) looking at package management security on various distributions that IMO was rather condensed in its summary report and therefore raised some false alarms for various distributions including openSUSE.

Ludwig, one of our security experts, sent out a mail with a reaction to the report and I’d like to point out some of the things from the report and how it’s handled in the openSUSE 11.0 distribution.

Let me state first the major lines of defense that openSUSE uses:

  • Package downgrade is not possible, YaST will not do this automatically and therefore many of the attacks (installing an old and vulnerable package) are not possible.
  • The openSUSE download redirector serves the metadata from a known and trusted source.  I advise everybody to use the download redirector via http://download.opensuse.org.
  • The openSUSE updates have both cryptographically signed packages and cryptographically signed meta data – and YaST check these signatures and reject files that do not match the signature.

The described attacks are:

  • “Replay Attack: Metadata Replay”: Not possible since the openSUSE download redirector serves the metadata from a central location.  The only chance here would be a man-in-the-middle attack but this would not help since YaST will not do a package downgrade.
  • “Replay Attack:Mirror Control”: Yes, it’s easy to become an openSUSE mirror but this will not degrade your security since the metadata comes from the download redirector and we only redirect to mirrors that contain the right version of a package – and the redirector monitors that the mirrors contain the right files.  YaST is designed with mirrors going out of date or getting corrupted in mind.
  • Attacks called “Extraneous Dependencies”, “Unsatisfiable Dependencies”, “Provides Everything” on the other attacks page: Let me cite the page where it mentions protection against these attack: “The easiest way is to use a package manager that signs the repository metadata (like APT or YaST)”.
  • “Endless Data Attack”: This is basically a denial of service attack which the admin will soon notice and can then take appropriate action.  It cannot happen for metadata since those come from the download redirector but it could happen with openSUSE for packages since we do download the complete file and do not use the file size information contained in the metadata yet.  This is something we plan to address for our next release.

Note that when I speak about YaST I mean everything that uses the openSUSE package management library libzypp which includes YaST, zypper and the updater applets.

Note also that the FAQ has a question about the download redirector: “Q: What about OpenSUSE’s download redirector? Does it increase or decrease my security? A: OpenSUSE’s download redirector increases the user’s security…”.  I’d like to thank Christoph Thiel, Marcus Rückert and Peter Pöml for their work over the years on the redirector.  Peter is the current maintainer and did the last rewrite including the serving of metadata.

Note: if you use SUSE Linux enterprise products, then only servers owned by Novell are used via secure https connections which avoid all these attacks.

Our package management and security experts have been reviewing and improving the security aspects of the package management stack continuously – and the report shows that they were successfull.

Posted in Distribution, Security, Software Management, YaST | Comments Off on Package Management Security on openSUSE

Moving Forward with openSUSE 11.1

July 4th, 2008 by

Since both Coolo and Michl are on vacation for two weeks, I’m a bit more involved with the openSUSE distribution.  Besides announcing the openSUSE 11.1 roadmap, I was busy to stabilize the factory trees and get an installable distribution  after quite some major changes have been checked into factory. The goal was to have a snapshot of factory as internal Alpha0 release to see what’s working and what’s broken.

Factory has received the following visible major updates after 11.0:

  • The GNOME team prepares for GNOME 2.24 and updated to the development release GNOME 2.23.4
  • Similarly, the KDE team prepares for KDE4.1 and updated to KDE 4.0.84 (4.0.83 was KDE 4.1 beta2, not sure what .84 corresponds exactly to)
  • Installation-Images now have support for IPv6 so that you can install with IPv6 remote hosts

Besides that a large number of packages were updated, renamed, or removed.  In our effort to create small JeOS images, cracklib now uses compressed passwords to save space.

A number of updates are already queued but did not go into factory yet since they missed the deadline for Alpha0, I’d like to point out the following:

  • OpenOffice.Org 3.0 Alpha2 – in preparation for the OpenOffice.Org 3.0 release
  • NetworkManager update to current svn

Alpha0 is not yet released, we’re still hunting some bugs but I hope the above gives some impression where openSUSE 11.1 will go.

Have a lot of fun!

Andreas

Posted in Distribution | 2 Comments »

Newer Entries »