From beta-programs at lists.suse.com Thu Jul 6 09:04:53 2017 From: beta-programs at lists.suse.com (SUSE Beta Program) Date: Thu, 06 Jul 2017 17:04:53 +0200 Subject: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! Message-ID: <595e51951bd7e_4fcb3f31c76775@boucane.mail> We have released an important patch for the Linux Kernel (Drivers and Security patches) in our SLES12-SP3-Updates Beta Channel. The SUSE Linux Enterprise 12 SP3 Kernel has been updated to version 4.4.75 and fixes several bugs and security-issues. Please apply this patch for your thorough beta testing! More informations How to get access to SLE 12 SP3 Beta Online channels? Please refer to our FAQ at https://www.suse.com/betaprogram/sle-beta/#faq-reg! How to get information on the patch for the Linux Kernel? Please use this command to list all changes included in the patch SUSE-SLE-SERVER-12-SP3-2017-1112. Get information on a patch (zypper info -t patch or zypper if ): $ sudo zypper info -t patch SUSE-SLE-SERVER-12-SP3-2017-1112 Refreshing service 'SUSE_Linux_Enterprise_Server_12_SP3_x86_64'. Loading repository data... Reading installed packages... Information for patch SUSE-SLE-SERVER-12-SP3-2017-1112: ------------------------------------------------------- Repository : SLES12-SP3-Updates Name : SUSE-SLE-SERVER-12-SP3-2017-1112 Version : 1 Arch : noarch Vendor : maint-coord at suse.de Status : needed Category : security Severity : important Created On : Thu 06 Jul 2017 09:39:43 AM CEST Interactive : reboot Summary : Security update for the Linux Kernel Description : The SUSE Linux Enterprise 12 SP3 Kernel has been updated to version 4.4.75 and fixes several bugs and security-issues. The following security issues have been fixed: - kvm/x86: Fix singlestepping over syscall. (bsc#1045922, CVE-2017-7518) - fs/exec.c: Account for argv/envp pointers. (bsc#1039354, CVE-2017-1000365) Additionally, the following bugs have been fixed: - Add Windstorm Peak WiFi support. (fate#323335, fate#321353) - alsa/hda: Fix endless loop of codec configure. (bsc#1031717) [...] How to list all available patches? List all applicable patches (zypper list-patches or zypper lp): $ sudo zypper lp Refreshing service 'SUSE_Linux_Enterprise_Server_12_SP3_x86_64'. Loading repository data... Reading installed packages... Repository | Name | Category | Severity | Interactive | Status | Summary -------------------+----------------------------------+----------+-----------+-------------+--------+------------------------------------- SLES12-SP3-Updates | SUSE-SLE-SERVER-12-SP3-2017-1112 | security | important | reboot | needed | Security update for the Linux Kernel Found 1 applicable patch: 1 patch needed (1 security patch) How to list all packages in the SLES12-SP3-Updates Beta Channel? List all packages in a given repository (zypper packages -r or zypper pa -r ) $ sudo zypper pa -r SLES12-SP3-Updates Refreshing service 'SUSE_Linux_Enterprise_Server_12_SP3_x86_64'. Loading repository data... Reading installed packages... S | Repository | Name | Version | Arch ---+--------------------+-------------------------------------+------------------------------+------- i | SLES12-SP3-Updates | crash | 7.1.8-7.2 | x86_64 v | SLES12-SP3-Updates | crash | 7.1.8-4.1 | x86_64 v | SLES12-SP3-Updates | crash-kmp-default | 7.1.8_k4.4.71_1-7.2 | x86_64 v | SLES12-SP3-Updates | crash-kmp-default | 7.1.8_k4.4.70_3-4.1 | x86_64 v | SLES12-SP3-Updates | hwinfo | 21.44-3.1 | x86_64 v | SLES12-SP3-Updates | kdump | 0.8.16-3.1 | x86_64 | SLES12-SP3-Updates | kdumpid | 1.2-3.1 | x86_64 v | SLES12-SP3-Updates | kernel-default | 4.4.75-8.1 | x86_64 i+ | SLES12-SP3-Updates | kernel-default | 4.4.73-3.1 | x86_64 [?] | SLES12-SP3-Updates | update-test-security | 5-5.45.1 | x86_64 | SLES12-SP3-Updates | update-test-security | 5-5.21.1 | x86_64 | SLES12-SP3-Updates | update-test-trival | 5-5.30.2 | x86_64 | SLES12-SP3-Updates | update-test-trival | 5-5.6.1 | x86_64 More information on ?zypper pa? with "zypper pa -h?. You should see in the first column the status of the package, i.e ?i? for installed, ?v? when a different version is installed Question? Do not hesitate to ask your technical question to our Public SLE Beta Mailing List: sle-beta at lists.suse.com Your SUSE Linux Enterprise Team -------------- next part -------------- An HTML attachment was scrubbed... URL: From Dick.Waite at softwareag.com Sat Jul 8 01:12:10 2017 From: Dick.Waite at softwareag.com (Waite, Dick (External)) Date: Sat, 8 Jul 2017 07:12:10 +0000 Subject: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! In-Reply-To: <595e51951bd7e_4fcb3f31c76775@boucane.mail> References: <595e51951bd7e_4fcb3f31c76775@boucane.mail> Message-ID: <46AC8C81C10B8C48820201DF2AE1D76D010E8B5591@daeexmbx1.eur.ad.sag> Grand Sunny Saturday, While going through my Beta machines applying this security update I had some time to update some of the LEAP42 machines used by staff who like to use KDE... The old kernel of SLES12 SP-3 RC-2 is 4.4.73 and the security patch updates it to 4.4.75. The kernel on LEAP42 is 4.4.73 but there is no security patch available to keep these machines safe, well not at I can see. My Beta machines are all on internal networks, so a security hack is not very likely, but the patch is being applied. The LEAP42 machines are on both internal and external networks, so this security patch would apply more to these than my pottering along Beta test machines. Just seem a little odd that a Beta test version is getting an update before the public version which I would have thought much more venerable. I thought the idea was Weed would tumble along out at point and find the new way. LEAP42 would filter out the good stuff and this would pass into the Beta's of the main applications of SUSE . Now we have a security patch update, which seems could not wait for the next update, but this is not available to the public version yet. Not sure of other beta testers machine but I would have thought most would be either internal networks or behind well protected firewalls, seems the cart has got in front of the horse... Thoughts and comments anyone ? __R Software AG ? Sitz/Registered office: Uhlandstra?e 12, 64297 Darmstadt, Germany ? Registergericht/Commercial register: Darmstadt HRB 1562 - Vorstand/Management Board: Karl-Heinz Streibich (Vorsitzender/Chairman), Eric Duffaut, Dr. Wolfram Jost, Arnd Zinnhardt, Dr. Stefan Sigg; - Aufsichtsratsvorsitzender/Chairman of the Supervisory Board: Dr. Andreas Bereczky - http://www.softwareag.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From vetter at physik.uni-wuerzburg.de Sat Jul 8 01:56:51 2017 From: vetter at physik.uni-wuerzburg.de (vetter at physik.uni-wuerzburg.de) Date: Sat, 8 Jul 2017 09:56:51 +0200 Subject: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! In-Reply-To: <46AC8C81C10B8C48820201DF2AE1D76D010E8B5591@daeexmbx1.eur.ad.sag> Message-ID: There is a newer kernel in update-test for 42.2. And there was an announcement on the opensuse-security list. Sorry can't find it at the moment. Mit freundlichen Gr??en, Andreas Vetter Waite, Dick (External) --- Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! --- Von:"Waite, Dick (External)" An:sle-beta at lists.suse.comDatum:Sa. 08.07.2017 09:12Betreff:Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! Grand Sunny Saturday, While going through my Beta machines applying this security update I had some time to update some of the LEAP42 machines used by staff who like to use KDE... The old kernel of SLES12 SP-3 RC-2 is 4.4.73 and the security patch updates it to 4.4.75. The kernel on LEAP42 is 4.4.73 but there is no security patch available to keep these machines safe, well not at I can see. My Beta machines are all on internal networks, so a security hack is not very likely, but the patch is being applied. The LEAP42 machines are on both internal and external networks, so this security patch would apply more to these than my pottering along Beta test machines. Just seem a little odd that a Beta test version is getting an update before the public version which I would have thought much more venerable. I thought the idea was Weed would tumble along out at point and find the new way. LEAP42 would filter out the good stuff and this would pass into the Beta's of the main applications of SUSE . Now we have a security patch update, which seems could not wait for the next update, but this is not available to the public version yet. Not sure of other beta testers machine but I would have thought most would be either internal networks or behind well protected firewalls, seems the cart has got in front of the horse... Thoughts and comments anyone ? __R Software AG ? Sitz/Registered office: Uhlandstra?e 12, 64297 Darmstadt, Germany ? Registergericht/Commercial register: Darmstadt HRB 1562 - Vorstand/Management Board: Karl-Heinz Streibich (Vorsitzender/Chairman), Eric Duffaut, Dr. Wolfram Jost, Arnd Zinnhardt, Dr. Stefan Sigg; - Aufsichtsratsvorsitzender/Chairman of the Supervisory Board: Dr. Andreas Bereczky - http://www.softwareag.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From meissner at suse.de Sat Jul 8 03:18:49 2017 From: meissner at suse.de (Marcus Meissner) Date: Sat, 8 Jul 2017 11:18:49 +0200 Subject: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! In-Reply-To: <46AC8C81C10B8C48820201DF2AE1D76D010E8B6622@daeexmbx1.eur.ad.sag> References: <46AC8C81C10B8C48820201DF2AE1D76D010E8B5591@daeexmbx1.eur.ad.sag> <46AC8C81C10B8C48820201DF2AE1D76D010E8B6622@daeexmbx1.eur.ad.sag> Message-ID: <20170708091849.GB11790@suse.de> Hi, FWIW, I just released the Leap 42.2 kernel update. It is 4.4.74 though, but of course future updates will bring 4.4.75 or newer versions. Ciao, Marcus On Sat, Jul 08, 2017 at 08:35:09AM +0000, Waite, Dick (External) wrote: > Grand Morning Andreas, > > Many thanks for the update. I use "zypper lu or lp" on 42-2 and as of this time it's says there are no updates. So could you show me the command I should use to show/install this kernel in update-test please. > > Wishing you a grand weekend. > > __R > ________________________________ > From: vetter at physik.uni-wuerzburg.de [vetter at physik.uni-wuerzburg.de] > Sent: 08 July 2017 09:56 > To: Waite, Dick (External) > Cc: sle-beta at lists.suse.com > Subject: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! > > There is a newer kernel in update-test for 42.2. > > And there was an announcement on the opensuse-security list. Sorry can't find it at the moment. > > Mit freundlichen Gr??en, Andreas Vetter > > Waite, Dick (External) --- Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! --- > > Von: "Waite, Dick (External)" > An: sle-beta at lists.suse.com > Datum: Sa. 08.07.2017 09:12 > Betreff: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! > ________________________________ > > Grand Sunny Saturday, > > While going through my Beta machines applying this security update I had some time to update some of the LEAP42 machines used by staff who like to use KDE... > > The old kernel of SLES12 SP-3 RC-2 is 4.4.73 and the security patch updates it to 4.4.75. The kernel on LEAP42 is 4.4.73 but there is no security patch available to keep these machines safe, well not at I can see. > > My Beta machines are all on internal networks, so a security hack is not very likely, but the patch is being applied. The LEAP42 machines are on both internal and external networks, so this security patch would apply more to these than my pottering along Beta test machines. > > Just seem a little odd that a Beta test version is getting an update before the public version which I would have thought much more venerable. I thought the idea was Weed would tumble along out at point and find the new way. LEAP42 would filter out the good stuff and this would pass into the Beta's of the main applications of SUSE . Now we have a security patch update, which seems could not wait for the next update, but this is not available to the public version yet. > > Not sure of other beta testers machine but I would have thought most would be either internal networks or behind well protected firewalls, seems the cart has got in front of the horse... > > Thoughts and comments anyone ? > > __R > > Software AG ? Sitz/Registered office: Uhlandstra?e 12, 64297 Darmstadt, Germany ? Registergericht/Commercial register: Darmstadt HRB 1562 - Vorstand/Management Board: Karl-Heinz Streibich (Vorsitzender/Chairman), Eric Duffaut, Dr. Wolfram Jost, Arnd Zinnhardt, Dr. Stefan Sigg; - Aufsichtsratsvorsitzender/Chairman of the Supervisory Board: Dr. Andreas Bereczky - http://www.softwareag.com > > _______________________________________________ > sle-beta mailing list > sle-beta at lists.suse.com > http://lists.suse.com/mailman/listinfo/sle-beta -- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real From vetter at physik.uni-wuerzburg.de Sat Jul 8 03:49:31 2017 From: vetter at physik.uni-wuerzburg.de (vetter at physik.uni-wuerzburg.de) Date: Sat, 8 Jul 2017 11:49:31 +0200 Subject: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! In-Reply-To: <20170708091849.GB11790@suse.de> Message-ID: The update-test repo is here: http://download.opensuse.org/update/leap/42.2-test/openSUSE:Maintenance:Test:Leap_42.2.repo Mit freundlichen Gr??en, Andreas Vetter Marcus Meissner --- Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! --- Von:"Marcus Meissner" An:"Waite, Dick (External)" Kopie:vetter at physik.uni-wuerzburg.de, sle-beta at lists.suse.comDatum:Sa. 08.07.2017 11:18Betreff:Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! Hi,FWIW, I just released the Leap 42.2 kernel update. It is 4.4.74 though, but of course futureupdates will bring 4.4.75 or newer versions.Ciao, MarcusOn Sat, Jul 08, 2017 at 08:35:09AM +0000, Waite, Dick (External) wrote:> Grand Morning Andreas,> > Many thanks for the update. I use "zypper lu or lp" on 42-2 and as of this time it's says there are no updates. So could you show me the command I should use to show/install this kernel in update-test please.> > Wishing you a grand weekend.> > __R> ________________________________> From: vetter at physik.uni-wuerzburg.de [vetter at physik.uni-wuerzburg.de]> Sent: 08 July 2017 09:56> To: Waite, Dick (External)> Cc: sle-beta at lists.suse.com> Subject: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3!> > There is a newer kernel in update-test for 42.2.> > And there was an announcement on the opensuse-security list. Sorry can't find it at the moment.> > Mit freundlichen Gr??en, Andreas Vetter> > Waite, Dick (External) --- Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! ---> > Von: "Waite, Dick (External)" > An: sle-beta at lists.suse.com> Datum: Sa. 08.07.2017 09:12> Betreff: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3!> ________________________________> > Grand Sunny Saturday,> > While going through my Beta machines applying this security update I had some time to update some of the LEAP42 machines used by staff who like to use KDE...> > The old kernel of SLES12 SP-3 RC-2 is 4.4.73 and the security patch updates it to 4.4.75. The kernel on LEAP42 is 4.4.73 but there is no security patch available to keep these machines safe, well not at I can see.> > My Beta machines are all on internal networks, so a security hack is not very likely, but the patch is being applied. The LEAP42 machines are on both internal and external networks, so this security patch would apply more to these than my pottering along Beta test machines.> > Just seem a little odd that a Beta test version is getting an update before the public version which I would have thought much more venerable. I thought the idea was Weed would tumble along out at point and find the new way. LEAP42 would filter out the good stuff and this would pass into the Beta's of the main applications of SUSE . Now we have a security patch update, which seems could not wait for the next update, but this is not available to the public version yet.> > Not sure of other beta testers machine but I would have thought most would be either internal networks or behind well protected firewalls, seems the cart has got in front of the horse...> > Thoughts and comments anyone ?> > __R> > Software AG ? Sitz/Registered office: Uhlandstra?e 12, 64297 Darmstadt, Germany ? Registergericht/Commercial register: Darmstadt HRB 1562 - Vorstand/Management Board: Karl-Heinz Streibich (Vorsitzender/Chairman), Eric Duffaut, Dr. Wolfram Jost, Arnd Zinnhardt, Dr. Stefan Sigg; - Aufsichtsratsvorsitzender/Chairman of the Supervisory Board: Dr. Andreas Bereczky - http://www.softwareag.com> > _______________________________________________> sle-beta mailing list> sle-beta at lists.suse.com> http://lists.suse.com/mailman/listinfo/sle-beta-- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real -------------- next part -------------- An HTML attachment was scrubbed... URL: From Dick.Waite at softwareag.com Sat Jul 8 04:19:37 2017 From: Dick.Waite at softwareag.com (Waite, Dick (External)) Date: Sat, 8 Jul 2017 10:19:37 +0000 Subject: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! In-Reply-To: <20170708091849.GB11790@suse.de> References: <46AC8C81C10B8C48820201DF2AE1D76D010E8B5591@daeexmbx1.eur.ad.sag> <46AC8C81C10B8C48820201DF2AE1D76D010E8B6622@daeexmbx1.eur.ad.sag>, <20170708091849.GB11790@suse.de> Message-ID: <46AC8C81C10B8C48820201DF2AE1D76D010E8B66DF@daeexmbx1.eur.ad.sag> What a grand morning, New Zealand 15 - 15 Lions and VET beats HAM in P3 to make Q very interesting ;o) Many Thanks Marcus, I'm updating LEAP42 in the home_office and sles12 in SAG_office, looking grand. It's going to be a grand Saturday. __R ________________________________________ From: Marcus Meissner [meissner at suse.de] Sent: 08 July 2017 11:18 To: Waite, Dick (External) Cc: vetter at physik.uni-wuerzburg.de; sle-beta at lists.suse.com Subject: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! Hi, FWIW, I just released the Leap 42.2 kernel update. It is 4.4.74 though, but of course future updates will bring 4.4.75 or newer versions. Ciao, Marcus On Sat, Jul 08, 2017 at 08:35:09AM +0000, Waite, Dick (External) wrote: > Grand Morning Andreas, > > Many thanks for the update. I use "zypper lu or lp" on 42-2 and as of this time it's says there are no updates. So could you show me the command I should use to show/install this kernel in update-test please. > > Wishing you a grand weekend. > > __R > ________________________________ > From: vetter at physik.uni-wuerzburg.de [vetter at physik.uni-wuerzburg.de] > Sent: 08 July 2017 09:56 > To: Waite, Dick (External) > Cc: sle-beta at lists.suse.com > Subject: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! > > There is a newer kernel in update-test for 42.2. > > And there was an announcement on the opensuse-security list. Sorry can't find it at the moment. > > Mit freundlichen Gr??en, Andreas Vetter > > Waite, Dick (External) --- Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! --- > > Von: "Waite, Dick (External)" > An: sle-beta at lists.suse.com > Datum: Sa. 08.07.2017 09:12 > Betreff: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! > ________________________________ > > Grand Sunny Saturday, > > While going through my Beta machines applying this security update I had some time to update some of the LEAP42 machines used by staff who like to use KDE... > > The old kernel of SLES12 SP-3 RC-2 is 4.4.73 and the security patch updates it to 4.4.75. The kernel on LEAP42 is 4.4.73 but there is no security patch available to keep these machines safe, well not at I can see. > > My Beta machines are all on internal networks, so a security hack is not very likely, but the patch is being applied. The LEAP42 machines are on both internal and external networks, so this security patch would apply more to these than my pottering along Beta test machines. > > Just seem a little odd that a Beta test version is getting an update before the public version which I would have thought much more venerable. I thought the idea was Weed would tumble along out at point and find the new way. LEAP42 would filter out the good stuff and this would pass into the Beta's of the main applications of SUSE . Now we have a security patch update, which seems could not wait for the next update, but this is not available to the public version yet. > > Not sure of other beta testers machine but I would have thought most would be either internal networks or behind well protected firewalls, seems the cart has got in front of the horse... > > Thoughts and comments anyone ? > > __R > > Software AG ? Sitz/Registered office: Uhlandstra?e 12, 64297 Darmstadt, Germany ? Registergericht/Commercial register: Darmstadt HRB 1562 - Vorstand/Management Board: Karl-Heinz Streibich (Vorsitzender/Chairman), Eric Duffaut, Dr. Wolfram Jost, Arnd Zinnhardt, Dr. Stefan Sigg; - Aufsichtsratsvorsitzender/Chairman of the Supervisory Board: Dr. Andreas Bereczky - http://www.softwareag.com > > _______________________________________________ > sle-beta mailing list > sle-beta at lists.suse.com > http://lists.suse.com/mailman/listinfo/sle-beta -- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real From rbrown at suse.de Sat Jul 8 07:46:32 2017 From: rbrown at suse.de (Richard Brown) Date: Sat, 8 Jul 2017 15:46:32 +0200 Subject: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! In-Reply-To: <46AC8C81C10B8C48820201DF2AE1D76D010E8B66DF@daeexmbx1.eur.ad.sag> References: <46AC8C81C10B8C48820201DF2AE1D76D010E8B5591@daeexmbx1.eur.ad.sag> <46AC8C81C10B8C48820201DF2AE1D76D010E8B6622@daeexmbx1.eur.ad.sag> <20170708091849.GB11790@suse.de> <46AC8C81C10B8C48820201DF2AE1D76D010E8B66DF@daeexmbx1.eur.ad.sag> Message-ID: Grand afternoon Dick, Just an aside about Leap and SLE patches - Leap has a symbiotic relationship with SLE; for those packages which are shared with SLE, openSUSE is in a position to build its patches only after they're available to SLE customers. (Unlike other enterprise-derived community distros) there is no artificial delay between SLE patch availability and openSUSE Leaps opportunity to make use of the same sources, so in many cases the different in release time is minor or imperceptible, but you shouldn't expect Leap to be getting maintenance updates first out of those two seperate (but related) distributions. Hope this clears that up. - Richard Brown openSUSE Chairman > On 8. Jul 2017, at 12:19, Waite, Dick (External) wrote: > > What a grand morning, > > New Zealand 15 - 15 Lions and VET beats HAM in P3 to make Q very interesting ;o) > > Many Thanks Marcus, I'm updating LEAP42 in the home_office and sles12 in SAG_office, looking grand. > > It's going to be a grand Saturday. > > __R > ________________________________________ > From: Marcus Meissner [meissner at suse.de] > Sent: 08 July 2017 11:18 > To: Waite, Dick (External) > Cc: vetter at physik.uni-wuerzburg.de; sle-beta at lists.suse.com > Subject: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! > > Hi, > > FWIW, I just released the Leap 42.2 kernel update. It is 4.4.74 though, but of course future > updates will bring 4.4.75 or newer versions. > > Ciao, Marcus >> On Sat, Jul 08, 2017 at 08:35:09AM +0000, Waite, Dick (External) wrote: >> Grand Morning Andreas, >> >> Many thanks for the update. I use "zypper lu or lp" on 42-2 and as of this time it's says there are no updates. So could you show me the command I should use to show/install this kernel in update-test please. >> >> Wishing you a grand weekend. >> >> __R >> ________________________________ >> From: vetter at physik.uni-wuerzburg.de [vetter at physik.uni-wuerzburg.de] >> Sent: 08 July 2017 09:56 >> To: Waite, Dick (External) >> Cc: sle-beta at lists.suse.com >> Subject: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! >> >> There is a newer kernel in update-test for 42.2. >> >> And there was an announcement on the opensuse-security list. Sorry can't find it at the moment. >> >> Mit freundlichen Gr??en, Andreas Vetter >> >> Waite, Dick (External) --- Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! --- >> >> Von: "Waite, Dick (External)" >> An: sle-beta at lists.suse.com >> Datum: Sa. 08.07.2017 09:12 >> Betreff: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! >> ________________________________ >> >> Grand Sunny Saturday, >> >> While going through my Beta machines applying this security update I had some time to update some of the LEAP42 machines used by staff who like to use KDE... >> >> The old kernel of SLES12 SP-3 RC-2 is 4.4.73 and the security patch updates it to 4.4.75. The kernel on LEAP42 is 4.4.73 but there is no security patch available to keep these machines safe, well not at I can see. >> >> My Beta machines are all on internal networks, so a security hack is not very likely, but the patch is being applied. The LEAP42 machines are on both internal and external networks, so this security patch would apply more to these than my pottering along Beta test machines. >> >> Just seem a little odd that a Beta test version is getting an update before the public version which I would have thought much more venerable. I thought the idea was Weed would tumble along out at point and find the new way. LEAP42 would filter out the good stuff and this would pass into the Beta's of the main applications of SUSE . Now we have a security patch update, which seems could not wait for the next update, but this is not available to the public version yet. >> >> Not sure of other beta testers machine but I would have thought most would be either internal networks or behind well protected firewalls, seems the cart has got in front of the horse... >> >> Thoughts and comments anyone ? >> >> __R >> >> Software AG ? Sitz/Registered office: Uhlandstra?e 12, 64297 Darmstadt, Germany ? Registergericht/Commercial register: Darmstadt HRB 1562 - Vorstand/Management Board: Karl-Heinz Streibich (Vorsitzender/Chairman), Eric Duffaut, Dr. Wolfram Jost, Arnd Zinnhardt, Dr. Stefan Sigg; - Aufsichtsratsvorsitzender/Chairman of the Supervisory Board: Dr. Andreas Bereczky - http://www.softwareag.com >> > >> _______________________________________________ >> sle-beta mailing list >> sle-beta at lists.suse.com >> http://lists.suse.com/mailman/listinfo/sle-beta > > > -- > Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real > _______________________________________________ > sle-beta mailing list > sle-beta at lists.suse.com > http://lists.suse.com/mailman/listinfo/sle-beta From Dick.Waite at softwareag.com Mon Jul 10 05:57:42 2017 From: Dick.Waite at softwareag.com (Waite, Dick (External)) Date: Mon, 10 Jul 2017 11:57:42 +0000 Subject: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! In-Reply-To: References: <46AC8C81C10B8C48820201DF2AE1D76D010E8B5591@daeexmbx1.eur.ad.sag> <46AC8C81C10B8C48820201DF2AE1D76D010E8B6622@daeexmbx1.eur.ad.sag> <20170708091849.GB11790@suse.de> <46AC8C81C10B8C48820201DF2AE1D76D010E8B66DF@daeexmbx1.eur.ad.sag>, Message-ID: <46AC8C81C10B8C48820201DF2AE1D76D010E8B7D28@daeexmbx1.eur.ad.sag> Grand Day Richard, Many thanks for the very clear explanation, it does clear up some of my misunderstandings. I was always a little worried by using LEAP we were a little in front of SLE and could get issues before it was seen by SLE. This is now clear, the horse is in front of the cart, which is great. We all know why LEAP42 is very popular with both our developers and many customers but to know for non-KDE issues SLE is batting first is grand news. I have a customer who likes 05:00 CET/DST chats, on a Friday and Saturday they are very often very short, just contractor to contractor, so Saturday was a good time to kick on with some more RC2+ updates, and I thought update some LEAP42 servers to cover the security issue. Now if I had started on a Monday to do this the good Marcus would have been in and out and I would still be none the wiser. But I am wiser, and happier that SLE is leading LEAP42, I did worry that would day we would hit an issue not seen on SLE, but now I know better. In future I'll not make noise early on Saturday or Sundays and as Monday is my day of rest I'm sure all will be well by Tuesdays ;o) Many Thanks again Richard. __R ________________________________________ From: Richard Brown [rbrown at suse.de] Sent: 08 July 2017 15:46 To: Waite, Dick (External) Cc: sle-beta at lists.suse.com Subject: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! Grand afternoon Dick, Just an aside about Leap and SLE patches - Leap has a symbiotic relationship with SLE; for those packages which are shared with SLE, openSUSE is in a position to build its patches only after they're available to SLE customers. (Unlike other enterprise-derived community distros) there is no artificial delay between SLE patch availability and openSUSE Leaps opportunity to make use of the same sources, so in many cases the different in release time is minor or imperceptible, but you shouldn't expect Leap to be getting maintenance updates first out of those two seperate (but related) distributions. Hope this clears that up. - Richard Brown openSUSE Chairman > On 8. Jul 2017, at 12:19, Waite, Dick (External) wrote: > > What a grand morning, > > New Zealand 15 - 15 Lions and VET beats HAM in P3 to make Q very interesting ;o) > > Many Thanks Marcus, I'm updating LEAP42 in the home_office and sles12 in SAG_office, looking grand. > > It's going to be a grand Saturday. > > __R > ________________________________________ > From: Marcus Meissner [meissner at suse.de] > Sent: 08 July 2017 11:18 > To: Waite, Dick (External) > Cc: vetter at physik.uni-wuerzburg.de; sle-beta at lists.suse.com > Subject: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! > > Hi, > > FWIW, I just released the Leap 42.2 kernel update. It is 4.4.74 though, but of course future > updates will bring 4.4.75 or newer versions. > > Ciao, Marcus >> On Sat, Jul 08, 2017 at 08:35:09AM +0000, Waite, Dick (External) wrote: >> Grand Morning Andreas, >> >> Many thanks for the update. I use "zypper lu or lp" on 42-2 and as of this time it's says there are no updates. So could you show me the command I should use to show/install this kernel in update-test please. >> >> Wishing you a grand weekend. >> >> __R >> ________________________________ >> From: vetter at physik.uni-wuerzburg.de [vetter at physik.uni-wuerzburg.de] >> Sent: 08 July 2017 09:56 >> To: Waite, Dick (External) >> Cc: sle-beta at lists.suse.com >> Subject: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! >> >> There is a newer kernel in update-test for 42.2. >> >> And there was an announcement on the opensuse-security list. Sorry can't find it at the moment. >> >> Mit freundlichen Gr??en, Andreas Vetter >> >> Waite, Dick (External) --- Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! --- >> >> Von: "Waite, Dick (External)" >> An: sle-beta at lists.suse.com >> Datum: Sa. 08.07.2017 09:12 >> Betreff: Re: [sle-beta] Important update of the Linux Kernel for SLE 12 SP3! >> ________________________________ >> >> Grand Sunny Saturday, >> >> While going through my Beta machines applying this security update I had some time to update some of the LEAP42 machines used by staff who like to use KDE... >> >> The old kernel of SLES12 SP-3 RC-2 is 4.4.73 and the security patch updates it to 4.4.75. The kernel on LEAP42 is 4.4.73 but there is no security patch available to keep these machines safe, well not at I can see. >> >> My Beta machines are all on internal networks, so a security hack is not very likely, but the patch is being applied. The LEAP42 machines are on both internal and external networks, so this security patch would apply more to these than my pottering along Beta test machines. >> >> Just seem a little odd that a Beta test version is getting an update before the public version which I would have thought much more venerable. I thought the idea was Weed would tumble along out at point and find the new way. LEAP42 would filter out the good stuff and this would pass into the Beta's of the main applications of SUSE . Now we have a security patch update, which seems could not wait for the next update, but this is not available to the public version yet. >> >> Not sure of other beta testers machine but I would have thought most would be either internal networks or behind well protected firewalls, seems the cart has got in front of the horse... >> >> Thoughts and comments anyone ? >> >> __R >> >> Software AG ? Sitz/Registered office: Uhlandstra?e 12, 64297 Darmstadt, Germany ? Registergericht/Commercial register: Darmstadt HRB 1562 - Vorstand/Management Board: Karl-Heinz Streibich (Vorsitzender/Chairman), Eric Duffaut, Dr. Wolfram Jost, Arnd Zinnhardt, Dr. Stefan Sigg; - Aufsichtsratsvorsitzender/Chairman of the Supervisory Board: Dr. Andreas Bereczky - http://www.softwareag.com >> > >> _______________________________________________ >> sle-beta mailing list >> sle-beta at lists.suse.com >> http://lists.suse.com/mailman/listinfo/sle-beta > > > -- > Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real > _______________________________________________ > sle-beta mailing list > sle-beta at lists.suse.com > http://lists.suse.com/mailman/listinfo/sle-beta From beta-programs at lists.suse.com Thu Jul 13 16:06:19 2017 From: beta-programs at lists.suse.com (SUSE Beta Program) Date: Fri, 14 Jul 2017 00:06:19 +0200 Subject: [sle-beta] [ANNOUNCE] SUSE Linux Enterprise 12 SP3 GMC is available! Message-ID: <5967eedbabe72_3013e2d31c1664@boucane.mail> We are happy to announce SUSE Linux Enterprise 12 SP3 GMC: SUSE Linux Enterprise Server (SLES), SUSE Linux Enterprise Just Enough Operating System (JeOS), SUSE Linux Enterprise Desktop (SLED), SUSE Linux Enterprise High Availability (SLE-HA), SUSE Linux Enterprise Workstation Extension (SLE-WE), and SUSE Linux Enterprise Software Development Kit (SLE-SDK). Download[1] This Gold Master Candidate should be the last iso images shared for the SLE 12 SP3 Public Beta Program. So after the GMC, the next step for us is to release the final and official SLE 12 SP3 images in early September. Keep in mind that the our GMC images are still under the SUSE Beta EULA[2] and should not be use in a commercial or production system. == More informations SLE Beta Page[3] Release Notes[4] Known Issues[5] Have fun beta testing! Your SUSE Linux Enterprise Team Please refer to our dedicated SLE Beta Program webpage[1] for any general information. However, do not hesitate to contact us at beta-programs at lists.suse.com if you have any questions. You received this email because you're signed up to get updates from us. Please send an email to beta-programs at lists.suse.com if you want to unsubscribe. [1] https://www.suse.com/betaprogram/sle-beta/#download [2] https://www.suse.com/documentation/beta/eula/suse_beta_eula.html [3] https://www.suse.com/betaprogram/sle-beta/ [4] https://www.suse.com/betaprogram/sle-beta/#releasenotes [5] https://www.suse.com/betaprogram/sle-beta/#knownissues -------------- next part -------------- An HTML attachment was scrubbed... URL: From bpesavento at infinito.it Mon Jul 17 08:10:44 2017 From: bpesavento at infinito.it (B Pesavento) Date: Mon, 17 Jul 2017 16:10:44 +0200 Subject: [sle-beta] SLED Beta (GMC) installer offers to copy users only from the first Linux partition on disk Message-ID: <1500300644.5747.10.camel@infinito.it> Installing SLED 12 SP3 GMC over RC1 I was not able to copy users from the previous installation since it was not located on the first Linux partition on disk: the installer only offered to copy users from my main LEAP 42.2 on sda3, while SLED Beta was on sda5. I understand this is usual, maybe even intentional, so I'm not going to raise a bug report about it. This is just to highlight this odd (to me) behavior to other testers. Have a nice day, Bruno From fcrozat at suse.com Mon Jul 17 08:31:41 2017 From: fcrozat at suse.com (Frederic Crozat) Date: Mon, 17 Jul 2017 16:31:41 +0200 Subject: [sle-beta] SLED Beta (GMC) installer offers to copy users only from the first Linux partition on disk In-Reply-To: <1500300644.5747.10.camel@infinito.it> References: <1500300644.5747.10.camel@infinito.it> Message-ID: <1500301901.7040.90.camel@suse.com> Le lundi 17 juillet 2017 ? 16:10 +0200, B Pesavento a ?crit?: > Installing SLED 12 SP3 GMC over RC1 I was not able to copy users from > the previous installation since it was not located on the first Linux > partition on disk: the installer only offered to copy users from my > main LEAP 42.2 on sda3, while SLED Beta was on sda5. > I understand this is usual, maybe even intentional, so I'm not going > to > raise a bug report about it. This is just to highlight this odd (to > me) > behavior to other testers. Please open a bug report. While it will not be fixed for GM, it might be fixed for future products. Thanks ! -- Frederic Crozat Enterprise Desktop Release Manager SUSE From bpesavento at infinito.it Mon Jul 17 09:38:11 2017 From: bpesavento at infinito.it (B Pesavento) Date: Mon, 17 Jul 2017 17:38:11 +0200 Subject: [sle-beta] SLED Beta (GMC) installer offers to copy users only from the first Linux partition on disk In-Reply-To: <1500301901.7040.90.camel@suse.com> References: <1500300644.5747.10.camel@infinito.it> <1500301901.7040.90.camel@suse.com> Message-ID: <1500305891.5747.12.camel@infinito.it> On lun, 2017-07-17 at 16:31 +0200, Frederic Crozat wrote: > Le lundi 17 juillet 2017 ? 16:10 +0200, B Pesavento a ?crit?: > > > > Installing SLED 12 SP3 GMC over RC1 I was not able to copy users > > from > > the previous installation... > > Please open a bug report. While it will not be fixed for GM, it might > be fixed for future products. > > Thanks ! OK Frederic, here it is: https://bugzilla.suse.com/show_bug.cgi?id=1048983 From peter.czanik at balabit.com Thu Jul 20 05:30:51 2017 From: peter.czanik at balabit.com (=?UTF-8?B?Q3phbmlrLCBQw6l0ZXI=?=) Date: Thu, 20 Jul 2017 13:30:51 +0200 Subject: [sle-beta] gmc install on aarch64 Message-ID: Hi, When trying to install GMC on an Aarch64 machine, it fails when there is an existing OS on HDD. I had this problem both when I was trying to replace Leap with SLES and the other way around. The error message is below. Installation to an empty HDD works fine. ?????????????????????????????????????????????????????????????? ? ? ? Failure occurred during the following action: ? ? ? ? Formatting partition /dev/sdb1 (156.00 MiB) with vfat ? ? ? ? ? ? ? ? ? VOLUME_FORMAT_FAILED ? ? ? ? ? ? ? ? ? ? System error code was: -3008 ? ? ? ? ? ? ? ? ? ? /sbin/mkdosfs '/dev/sdb1': ? ? ? ? ? mkdosfs: unable to open /dev/sdb1: Device or resource busy ? ? ? ? ? ? ? ? i ? Continue despite the error? ? ? ? ? ? ? ? ? [Continue] [Abort] ? ? ? ? ?????????????????????????????????????????????????????????????? ? ? ? ? Peter Czanik (CzP) Balabit / syslog-ng upstream https://www.balabit.com/blog/author/peterczanik/ https://twitter.com/PCzanik -------------- next part -------------- An HTML attachment was scrubbed... URL: From rbrown at suse.de Thu Jul 20 06:12:23 2017 From: rbrown at suse.de (Richard Brown) Date: Thu, 20 Jul 2017 14:12:23 +0200 Subject: [sle-beta] gmc install on aarch64 In-Reply-To: References: Message-ID: <1500552743.13510.15.camel@suse.de> Hi Peter, What make/model/spec is your aarch64 machine? What was the existing OS on the HDD and what was it using /dev/sdb1 for? Regards, Richard On Thu, 2017-07-20 at 13:30 +0200, Czanik, P?ter wrote: > Hi, > > When trying to install GMC on an Aarch64 machine, it fails when there is an existing OS on HDD. I had this problem both when I was trying to replace Leap with SLES and the other way around. The error message is below. Installation to an empty HDD works fine. > > ?????????????????????????????????????????????????????????????? ? ? > ? Failure occurred during the following action: ? ? ? ? Formatting partition /dev/sdb1 (156.00 MiB) with vfat ? ? ? ? ? ? ? ? > ? VOLUME_FORMAT_FAILED ? ? ? ? > ? ? ? ? ? > ? System error code was: -3008 ? ? ? ? > ? ? ? ? ? > ? /sbin/mkdosfs '/dev/sdb1': ? ? ? ? > ? mkdosfs: unable to open /dev/sdb1: Device or resource busy ? ? ? ? > ? ? ? ? i ? Continue despite the error? ? ? ? > ? ? ? ? > ? [Continue] [Abort] ? ? ? ? > ?????????????????????????????????????????????????????????????? ? ? ? ? > > > Peter Czanik (CzP) > Balabit / syslog-ng upstream > https://www.balabit.com/blog/author/peterczanik/ > https://twitter.com/PCzanik > _______________________________________________ > sle-beta mailing list > sle-beta at lists.suse.com > http://lists.suse.com/mailman/listinfo/sle-beta -- Richard Brown Technical Lead - openQA openSUSE Chairman Phone +4991174053-361 SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Felix Imend?rffer, Jane Smithard, Graham Norton, HRB 21284 (AG N?rnberg) From peter.czanik at balabit.com Thu Jul 20 06:22:29 2017 From: peter.czanik at balabit.com (=?UTF-8?B?Q3phbmlrLCBQw6l0ZXI=?=) Date: Thu, 20 Jul 2017 14:22:29 +0200 Subject: [sle-beta] gmc install on aarch64 In-Reply-To: <1500552743.13510.15.camel@suse.de> References: <1500552743.13510.15.camel@suse.de> Message-ID: Hi, It's a SoftIron Overdrive 1000 (http://softiron.com/products/overdrive-1000/) which arrived with Leap 42.2. I just deleted partitions to be able to do a fresh install, so can't tell you the content of the partition right now. I'll let you know what is on that partition once the next install is ready. I plan to install Leap 43.3 now, but the bug seems to be shared between Leap and SLES... Bye, Peter Czanik (CzP) Balabit / syslog-ng upstream https://www.balabit.com/blog/author/peterczanik/ https://twitter.com/PCzanik On Thu, Jul 20, 2017 at 2:12 PM, Richard Brown wrote: > Hi Peter, > > What make/model/spec is your aarch64 machine? > What was the existing OS on the HDD and what was it using /dev/sdb1 for? > > Regards, > > Richard > > On Thu, 2017-07-20 at 13:30 +0200, Czanik, P?ter wrote: > > Hi, > > > > When trying to install GMC on an Aarch64 machine, it fails when there is > an existing OS on HDD. I had this problem both when I was trying to replace > Leap with SLES and the other way around. The error message is below. > Installation to an empty HDD works fine. > > > > > ?????????????????????????????????????????????????????????????? > ? ? > > > ? Failure occurred during the following action: ? > ? ? > ? Formatting > partition /dev/sdb1 (156.00 MiB) with vfat ? > ? ? > ? > ? > ? ? ? > > > ? VOLUME_FORMAT_FAILED ? > ? ? ? > > > ? ? > ? ? ? > > > ? System error code was: -3008 ? > ? ? ? > > > ? ? > ? ? ? > > > ? /sbin/mkdosfs '/dev/sdb1': ? > ? ? ? > > > ? mkdosfs: unable to open /dev/sdb1: Device or resource busy ? > ? ? ? > > > ? ? > ? ? i > ? Continue > despite the error? ? > ? ? > > > ? ? > ? ? > > > ? [Continue] [Abort] ? > ? ? ? > > > ?????????????????????????????????????????????????????????????? > ? ? > > > ? ? > > > > > > Peter Czanik (CzP) > > Balabit / syslog-ng upstream > > https://www.balabit.com/blog/author/peterczanik/ > > https://twitter.com/PCzanik > > _______________________________________________ > > sle-beta mailing list > > sle-beta at lists.suse.com > > http://lists.suse.com/mailman/listinfo/sle-beta > > -- > Richard Brown > Technical Lead - openQA > openSUSE Chairman > > Phone +4991174053-361 > SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg > GF: Felix Imend?rffer, Jane Smithard, Graham Norton, > HRB 21284 (AG N?rnberg) > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter.czanik at balabit.com Thu Jul 20 07:32:16 2017 From: peter.czanik at balabit.com (=?UTF-8?B?Q3phbmlrLCBQw6l0ZXI=?=) Date: Thu, 20 Jul 2017 15:32:16 +0200 Subject: [sle-beta] gmc install on aarch64 In-Reply-To: References: <1500552743.13510.15.camel@suse.de> Message-ID: Hi, Looking at the installation messages (installing through serial console, so I can't switch) sdb1 seems to belong to the USB stick containing. "sdb1" seems to belong to the USB stick I use for installation. The problem did not come up with the Leap 42.3 installer, so I'll try to reproduce it again with the SLES 12 SP3 GMC installer. Bye, Peter Czanik (CzP) Balabit / syslog-ng upstream https://www.balabit.com/blog/author/peterczanik/ https://twitter.com/PCzanik On Thu, Jul 20, 2017 at 2:22 PM, Czanik, P?ter wrote: > Hi, > > It's a SoftIron Overdrive 1000 (http://softiron.com/products/ > overdrive-1000/) which arrived with Leap 42.2. I just deleted partitions > to be able to do a fresh install, so can't tell you the content of the > partition right now. I'll let you know what is on that partition once the > next install is ready. I plan to install Leap 43.3 now, but the bug seems > to be shared between Leap and SLES... > > Bye, > > Peter Czanik (CzP) > Balabit / syslog-ng upstream > https://www.balabit.com/blog/author/peterczanik/ > https://twitter.com/PCzanik > > On Thu, Jul 20, 2017 at 2:12 PM, Richard Brown wrote: > >> Hi Peter, >> >> What make/model/spec is your aarch64 machine? >> What was the existing OS on the HDD and what was it using /dev/sdb1 for? >> >> Regards, >> >> Richard >> >> On Thu, 2017-07-20 at 13:30 +0200, Czanik, P?ter wrote: >> > Hi, >> > >> > When trying to install GMC on an Aarch64 machine, it fails when there >> is an existing OS on HDD. I had this problem both when I was trying to >> replace Leap with SLES and the other way around. The error message is >> below. Installation to an empty HDD works fine. >> > >> > >> ?????????????????????????????????????????????????????????????? >> ? ? >> > >> ? Failure occurred during the following action: ? >> ? ? >> ? >> Formatting partition /dev/sdb1 (156.00 MiB) with vfat ? >> ? ? >> ? >> ? >> ? ? ? >> > >> ? VOLUME_FORMAT_FAILED ? >> ? ? ? >> > >> ? ? >> ? ? ? >> > >> ? System error code was: -3008 ? >> ? ? ? >> > >> ? ? >> ? ? ? >> > >> ? /sbin/mkdosfs '/dev/sdb1': ? >> ? ? ? >> > >> ? mkdosfs: unable to open /dev/sdb1: Device or resource busy ? >> ? ? ? >> > >> ? ? >> ? ? i >> ? Continue >> despite the error? ? >> ? ? >> > >> ? ? >> ? ? >> > >> ? [Continue] [Abort] ? >> ? ? ? >> > >> ?????????????????????????????????????????????????????????????? >> ? ? >> >> >> ? ? >> > >> > >> > Peter Czanik (CzP) >> > Balabit / syslog-ng upstream >> > https://www.balabit.com/blog/author/peterczanik/ >> > https://twitter.com/PCzanik >> > _______________________________________________ >> > sle-beta mailing list >> > sle-beta at lists.suse.com >> > http://lists.suse.com/mailman/listinfo/sle-beta >> >> -- >> Richard Brown >> Technical Lead - openQA >> openSUSE Chairman >> >> Phone +4991174053-361 >> SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg >> GF: Felix Imend?rffer, Jane Smithard, Graham Norton, >> HRB 21284 (AG N?rnberg) >> >> >> >> >> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From peter.czanik at balabit.com Thu Jul 20 09:25:57 2017 From: peter.czanik at balabit.com (=?UTF-8?B?Q3phbmlrLCBQw6l0ZXI=?=) Date: Thu, 20 Jul 2017 17:25:57 +0200 Subject: [sle-beta] gmc install on aarch64 In-Reply-To: References: <1500552743.13510.15.camel@suse.de>

Message-ID: OK, problem found. If I change anything in the partitioning proposal (no /home or different filesystem), it silently changes the target from sda (the HDD) to sdb (the USB stick with the installer). Bye, Peter Czanik (CzP) Balabit / syslog-ng upstream https://www.balabit.com/blog/author/peterczanik/ https://twitter.com/PCzanik On Thu, Jul 20, 2017 at 3:32 PM, Czanik, P?ter wrote: > Hi, > > Looking at the installation messages (installing through serial console, > so I can't switch) sdb1 seems to belong to the USB stick containing. "sdb1" > seems to belong to the USB stick I use for installation. The problem did > not come up with the Leap 42.3 installer, so I'll try to reproduce it again > with the SLES 12 SP3 GMC installer. > > Bye, > > Peter Czanik (CzP) > Balabit / syslog-ng upstream > https://www.balabit.com/blog/author/peterczanik/ > https://twitter.com/PCzanik > > On Thu, Jul 20, 2017 at 2:22 PM, Czanik, P?ter > wrote: > >> Hi, >> >> It's a SoftIron Overdrive 1000 (http://softiron.com/products/ >> overdrive-1000/) which arrived with Leap 42.2. I just deleted partitions >> to be able to do a fresh install, so can't tell you the content of the >> partition right now. I'll let you know what is on that partition once the >> next install is ready. I plan to install Leap 43.3 now, but the bug seems >> to be shared between Leap and SLES... >> >> Bye, >> >> Peter Czanik (CzP) >> Balabit / syslog-ng upstream >> https://www.balabit.com/blog/author/peterczanik/ >> https://twitter.com/PCzanik >> >> On Thu, Jul 20, 2017 at 2:12 PM, Richard Brown wrote: >> >>> Hi Peter, >>> >>> What make/model/spec is your aarch64 machine? >>> What was the existing OS on the HDD and what was it using /dev/sdb1 for? >>> >>> Regards, >>> >>> Richard >>> >>> On Thu, 2017-07-20 at 13:30 +0200, Czanik, P?ter wrote: >>> > Hi, >>> > >>> > When trying to install GMC on an Aarch64 machine, it fails when there >>> is an existing OS on HDD. I had this problem both when I was trying to >>> replace Leap with SLES and the other way around. The error message is >>> below. Installation to an empty HDD works fine. >>> > >>> > >>> ?????????????????????????????????????????????????????????????? >>> ? ? >>> > >>> ? Failure occurred during the following action: ? >>> ? ? >>> ? >>> Formatting partition /dev/sdb1 (156.00 MiB) with vfat ? >>> ? ? >>> ? >>> ? >>> ? ? ? >>> > >>> ? VOLUME_FORMAT_FAILED ? >>> ? ? ? >>> > >>> ? ? >>> ? ? ? >>> > >>> ? System error code was: -3008 ? >>> ? ? ? >>> > >>> ? ? >>> ? ? ? >>> > >>> ? /sbin/mkdosfs '/dev/sdb1': ? >>> ? ? ? >>> > >>> ? mkdosfs: unable to open /dev/sdb1: Device or resource busy ? >>> ? ? ? >>> > >>> ? ? >>> ? ? i >>> ? Continue >>> despite the error? ? >>> ? ? >>> > >>> ? ? >>> ? ? >>> > >>> ? [Continue] [Abort] ? >>> ? ? ? >>> > >>> ?????????????????????????????????????????????????????????????? >>> ? ? >>> >>> >>> ? ? >>> > >>> > >>> > Peter Czanik (CzP) >>> > Balabit / syslog-ng upstream >>> > https://www.balabit.com/blog/author/peterczanik/ >>> > https://twitter.com/PCzanik >>> > _______________________________________________ >>> > sle-beta mailing list >>> > sle-beta at lists.suse.com >>> > http://lists.suse.com/mailman/listinfo/sle-beta >>> >>> -- >>> Richard Brown >>> Technical Lead - openQA >>> openSUSE Chairman >>> >>> Phone +4991174053-361 >>> SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg >>> GF: Felix Imend?rffer, Jane Smithard, Graham Norton, >>> HRB 21284 (AG N?rnberg) >>> >>> >>> >>> >>> >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From beta-programs at lists.suse.com Thu Jul 20 10:22:20 2017 From: beta-programs at lists.suse.com (SUSE Beta Program) Date: Thu, 20 Jul 2017 18:22:20 +0200 Subject: [sle-beta] [ANNOUNCE] SUSE Linux Enterprise 12 SP3 is now Gold Master! Message-ID: <5970d8bc878a1_ccdb5331c98224@boucane.mail> We are happy to announce that after the final validation and acceptance phase we have internal SUSE Linux Enterprise 12 SP3 GM for: SUSE Linux Enterprise Server (SLES), SUSE Linux Enterprise Just Enough Operating System (JeOS), SUSE Linux Enterprise Desktop (SLED), SUSE Linux Enterprise High Availability (SLEHA), SUSE Linux Enterprise Workstation Extension (SLEWE), and SUSE Linux Enterprise Software Development Kit (SLESDK). For you information, Gold Master isos are identical to GMC isos. The official and final release (FCS) of SLE 12 SP3 is scheduled for beginning of September 2017. Download[1] == Beta Program We have intended to close the SLE 12 SP3 Public Beta Program at 3rd August 2017, which allow you to report and discuss issue 2 weeks after the GM announcement. More information regarding the end of SLE 12 SP3 Public Beta Program will be send soon. Keep in mind that our GMC images are still under the SUSE Beta EULA[2], and should not be use in a commercial or production system. Thank you all for your contributions!You help us make the best SLE Service Pack to date. Your SUSE Linux Enterprise Team Please refer to our dedicated SLE Beta Program webpage[1] for any general information. However, do not hesitate to contact us at beta-programs at lists.suse.com if you have any questions. You received this email because you're signed up to get updates from us. Please send an email to beta-programs at lists.suse.com if you want to unsubscribe. [1]https://www.suse.com/betaprogram/sle-beta/#download [2]https://www.suse.com/documentation/beta/eula/suse_beta_eula.html -------------- next part -------------- An HTML attachment was scrubbed... URL: From tomaz.borstnar at softergee.si Fri Jul 21 13:01:50 2017 From: tomaz.borstnar at softergee.si (=?UTF-8?B?VG9tYcW+IEJvcsWhdG5hciwgU29mdGVyZ2Vl?=) Date: Fri, 21 Jul 2017 21:01:50 +0200 Subject: [sle-beta] gmc install on aarch64 In-Reply-To: <1500552743.13510.15.camel@suse.de> References: <1500552743.13510.15.camel@suse.de> Message-ID: <1796ebae-d6d5-60ef-2d4f-792071523762@softergee.si> There must be something in SP3/Leap 42.3 regarding partitioning. I had Leap 42.3 installed with LVM, but without encryption. Later I wanted to reinstall the maachine with encrypted LVM and got the similar error (3000 something) saying that I did not provide proper keys! Which is weird, because it was not encrypted in the first place. Finally I deleted all LVM stuff and created one simple partition without LVM, started install and then reinstall it with proper encrypted LVM and it worked! I will test with SP3 installer as well. Richard Brown je 20. 07. 2017 ob 14:12 napisal: > Hi Peter, > > What make/model/spec is your aarch64 machine? > What was the existing OS on the HDD and what was it using /dev/sdb1 for? > > Regards, > > Richard > > On Thu, 2017-07-20 at 13:30 +0200, Czanik, P?ter wrote: >> Hi, >> >> When trying to install GMC on an Aarch64 machine, it fails when there is an existing OS on HDD. I had this problem both when I was trying to replace Leap with SLES and the other way around. The error message is below. Installation to an empty HDD works fine. >> >> ?????????????????????????????????????????????????????????????? ? ? >> ? Failure occurred during the following action: ? ? ? ? Formatting partition /dev/sdb1 (156.00 MiB) with vfat ? ? ? ? ? ? ? ? >> ? VOLUME_FORMAT_FAILED ? ? ? ? >> ? ? ? ? ? >> ? System error code was: -3008 ? ? ? ? >> ? ? ? ? ? >> ? /sbin/mkdosfs '/dev/sdb1': ? ? ? ? >> ? mkdosfs: unable to open /dev/sdb1: Device or resource busy ? ? ? ? >> ? ? ? ? i ? Continue despite the error? ? ? ? >> ? ? ? ? >> ? [Continue] [Abort] ? ? ? ? >> ?????????????????????????????????????????????????????????????? ? ? ? ? >> >> >> Peter Czanik (CzP) >> Balabit / syslog-ng upstream >> https://www.balabit.com/blog/author/peterczanik/ >> https://twitter.com/PCzanik >> _______________________________________________ >> sle-beta mailing list >> sle-beta at lists.suse.com >> http://lists.suse.com/mailman/listinfo/sle-beta From tomaz.borstnar at softergee.si Fri Jul 21 15:20:59 2017 From: tomaz.borstnar at softergee.si (=?UTF-8?B?VG9tYcW+IEJvcsWhdG5hciwgU29mdGVyZ2Vl?=) Date: Fri, 21 Jul 2017 23:20:59 +0200 Subject: [sle-beta] gmc install on aarch64 In-Reply-To: <1796ebae-d6d5-60ef-2d4f-792071523762@softergee.si> References: <1500552743.13510.15.camel@suse.de> <1796ebae-d6d5-60ef-2d4f-792071523762@softergee.si> Message-ID: <537cca76-c8e7-ba80-547b-0f0703aebc86@softergee.si> OK, installed SP3 GMC with LVM (no encryption). Then I tried to reinstall it with Encrypted LVM and I get error -3014 like encryption was not set up properly and reason was perhaps wrong password. The same as on LEAP 42.3. This is on Lenovo X230 and x64 codebase. Toma? Bor?tnar, Softergee je 21. 07. 2017 ob 21:01 napisal: > There must be something in SP3/Leap 42.3 regarding partitioning. I had > Leap 42.3 installed with LVM, but without encryption. Later I wanted to > reinstall the maachine with encrypted LVM and got the similar error > (3000 something) saying that I did not provide proper keys! Which is > weird, because it was not encrypted in the first place. Finally I > deleted all LVM stuff and created one simple partition without LVM, > started install and then reinstall it with proper encrypted LVM and it > worked! I will test with SP3 installer as well. > > > Richard Brown je 20. 07. 2017 ob 14:12 napisal: >> Hi Peter, >> >> What make/model/spec is your aarch64 machine? >> What was the existing OS on the HDD and what was it using /dev/sdb1 for? >> >> Regards, >> >> Richard >> >> On Thu, 2017-07-20 at 13:30 +0200, Czanik, P?ter wrote: >>> Hi, >>> >>> When trying to install GMC on an Aarch64 machine, it fails when there is an existing OS on HDD. I had this problem both when I was trying to replace Leap with SLES and the other way around. The error message is below. Installation to an empty HDD works fine. >>> >>> ?????????????????????????????????????????????????????????????? ? ? >>> ? Failure occurred during the following action: ? ? ? ? Formatting partition /dev/sdb1 (156.00 MiB) with vfat ? ? ? ? ? ? ? ? >>> ? VOLUME_FORMAT_FAILED ? ? ? ? >>> ? ? ? ? ? >>> ? System error code was: -3008 ? ? ? ? >>> ? ? ? ? ? >>> ? /sbin/mkdosfs '/dev/sdb1': ? ? ? ? >>> ? mkdosfs: unable to open /dev/sdb1: Device or resource busy ? ? ? ? >>> ? ? ? ? i ? Continue despite the error? ? ? ? >>> ? ? ? ? >>> ? [Continue] [Abort] ? ? ? ? >>> ?????????????????????????????????????????????????????????????? ? ? ? ? >>> >>> >>> Peter Czanik (CzP) >>> Balabit / syslog-ng upstream >>> https://www.balabit.com/blog/author/peterczanik/ >>> https://twitter.com/PCzanik >>> _______________________________________________ >>> sle-beta mailing list >>> sle-beta at lists.suse.com >>> http://lists.suse.com/mailman/listinfo/sle-beta > _______________________________________________ > sle-beta mailing list > sle-beta at lists.suse.com > http://lists.suse.com/mailman/listinfo/sle-beta From tomaz.borstnar at softergee.si Sat Jul 22 04:42:16 2017 From: tomaz.borstnar at softergee.si (=?UTF-8?B?VG9tYcW+IEJvcsWhdG5hciwgU29mdGVyZ2Vl?=) Date: Sat, 22 Jul 2017 12:42:16 +0200 Subject: [sle-beta] gmc install on aarch64 In-Reply-To: <1505283.Z30eGLap2i@linux-28d6.suse> References: <1796ebae-d6d5-60ef-2d4f-792071523762@softergee.si> <537cca76-c8e7-ba80-547b-0f0703aebc86@softergee.si> <1505283.Z30eGLap2i@linux-28d6.suse> Message-ID: Yes, this is it. This bug is present on Leap 42.3 and SLES 12 SP3 GMC. Oliver Kurz je 22. 07. 2017 ob 09:16 napisal: > On Friday, 21 July 2017 23:20:59 CEST Toma? Bor?tnar, Softergee wrote: >> OK, installed SP3 GMC with LVM (no encryption). Then I tried to >> reinstall it with Encrypted LVM and I get error -3014 like encryption >> was not set up properly and reason was perhaps wrong password. The same >> as on LEAP 42.3. >> >> This is on Lenovo X230 and x64 codebase. >> >> Toma? Bor?tnar, Softergee je 21. 07. 2017 ob 21:01 napisal: >>> There must be something in SP3/Leap 42.3 regarding partitioning. I had >>> Leap 42.3 installed with LVM, but without encryption. Later I wanted to >>> reinstall the maachine with encrypted LVM and got the similar error >>> (3000 something) saying that I did not provide proper keys! Which is >>> weird, because it was not encrypted in the first place. Finally I >>> deleted all LVM stuff and created one simple partition without LVM, >>> started install and then reinstall it with proper encrypted LVM and it >>> worked! I will test with SP3 installer as well. > This sounds like it is related to > https://bugzilla.suse.com/show_bug.cgi?id=987184 > There seems to be problems when trying to install a cryptlvm installation on > an old non-encrypted LVM. > > Regards, > Oliver From Thomas.Eggers at araneaCONSULT.de Sun Jul 23 04:57:04 2017 From: Thomas.Eggers at araneaCONSULT.de (Thomas Eggers) Date: Sun, 23 Jul 2017 12:57:04 +0200 Subject: [sle-beta] sssd configuration via autoast References: <590B5A610200009000001189@smtp.araneaconsult.de> <59189E53020000610000FB64@smtp.araneaconsult.de> <59197B08020000610000FB6E@smtp.araneaconsult.de> <597481000200006100010268@smtp.araneaconsult.de> Message-ID: <597481000200006100010268@smtp.araneaconsult.de> Hi, nothing has changed since SLES 12 SP3 Beta 1. It is still not possible to configure the user authentication service sssd via autoyast. ;) Thomas since SLES 12 SP2 I'm not be able to configure the sssd service over autoyast. In SLES 12 SP1 it was a separate point in yast and with SLES 12 SP2 it moves to user and authentication. I think that broke autoyast. Only with I get is: false true yast2-auth-client sssd sssd-tools sssd-ldap 100 /home -1 true /bin/bash /etc/skel 022 All the options about ldap server and other settings are gone, Thomas -- araneaCONSULT GmbH, Rudolf-Breitscheid-Stra?e 185-189, 14482 Potsdam E-Mail: info at araneaCONSULT.de Internet: www.araneaCONSULT.de Gesch?ftsf?hrer: Martina Huster, Gerald Bock, Dirk Feddersen, Thomas Eggers Telefon: +49 331 55035-0, Telefax: +49 331 55035-29 Deutsche Bank, BLZ 120 700 24, Kto. 4978284 Amtsgericht Potsdam, HRB 21666 P, USt-IdNr. DE 2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From okurz at suse.de Sat Jul 22 01:16:05 2017 From: okurz at suse.de (Oliver Kurz) Date: Sat, 22 Jul 2017 09:16:05 +0200 Subject: [sle-beta] gmc install on aarch64 In-Reply-To: <537cca76-c8e7-ba80-547b-0f0703aebc86@softergee.si> References: <1796ebae-d6d5-60ef-2d4f-792071523762@softergee.si> <537cca76-c8e7-ba80-547b-0f0703aebc86@softergee.si> Message-ID: <1505283.Z30eGLap2i@linux-28d6.suse> On Friday, 21 July 2017 23:20:59 CEST Toma? Bor?tnar, Softergee wrote: > OK, installed SP3 GMC with LVM (no encryption). Then I tried to > reinstall it with Encrypted LVM and I get error -3014 like encryption > was not set up properly and reason was perhaps wrong password. The same > as on LEAP 42.3. > > This is on Lenovo X230 and x64 codebase. > > Toma? Bor?tnar, Softergee je 21. 07. 2017 ob 21:01 napisal: > > There must be something in SP3/Leap 42.3 regarding partitioning. I had > > Leap 42.3 installed with LVM, but without encryption. Later I wanted to > > reinstall the maachine with encrypted LVM and got the similar error > > (3000 something) saying that I did not provide proper keys! Which is > > weird, because it was not encrypted in the first place. Finally I > > deleted all LVM stuff and created one simple partition without LVM, > > started install and then reinstall it with proper encrypted LVM and it > > worked! I will test with SP3 installer as well. This sounds like it is related to https://bugzilla.suse.com/show_bug.cgi?id=987184 There seems to be problems when trying to install a cryptlvm installation on an old non-encrypted LVM. Regards, Oliver From hguo at suse.com Mon Jul 24 01:53:05 2017 From: hguo at suse.com (Howard Guo) Date: Mon, 24 Jul 2017 09:53:05 +0200 (CEST) Subject: [sle-beta] [Fwd: sssd configuration via autoast] In-Reply-To: <1500832688.2800.9.camel@suse.com> References: <597481000200006100010268@smtp.araneaconsult.de> <1500832688.2800.9.camel@suse.com> Message-ID: Hello Thomas & Peter. You are correct in saying that the entry point to SSSD configuration has moved to "User logon management". If you launch autoyast's GUI configuration program (called "autoinstallation"), you will find a graphical tool behind "user logon management" that grants you full customisability. After you have configured SSSD according to your needs, run "File -> Save" and the final autoyast XML file will be ready. Notice that SSSD configuration is written in JSON rather than XML elements in the result XML file, this is the new format since SP2. Kind regards, Howard On Sun, 23 Jul 2017, Peter Varkoly wrote: > Please have a look at it!!!! > -- > Peter Varkoly > > > Sr. Developer SUSE Linux Enterprise Applications > > SUSE LINUX GmbH > Maxfeldstra?e 5 > 90409 N?rnberg > Germany > GF: SUSE Linux GmbH, GF: Felix Imend?rffer, Jane Smithard, Dilip? > Upmanyu, Graham Norton, HRB 21284 (AG N?rnberg) Date: Sun, 23 Jul 2017 12:57:04 +0200 From: Thomas Eggers To: sle-beta at lists.suse.com Subject: [sle-beta] sssd configuration via autoast [ Part 2.1.2: "HTML" ] Hi, nothing has changed since SLES 12 SP3 Beta 1. It is still not possible to configure the user authentication service sssd via autoyast. ;) Thomas since SLES 12 SP2 I'm not be able to configure the sssd service over autoyast. In SLES 12 SP1 it was a separate point in yast and with SLES 12 SP2 it moves to user and authentication. I think that broke autoyast. Only with I get is: false true yast2-auth-client sssd sssd-tools sssd-ldap 100 /home -1 true /bin/bash /etc/skel 022 All the options about ldap server and other settings are gone, Thomas -- araneaCONSULT GmbH, Rudolf-Breitscheid-Stra?e 185-189, 14482 Potsdam E-Mail: info at araneaCONSULT.de Internet: www.araneaCONSULT.de Gesch?ftsf?hrer: Martina Huster, Gerald Bock, Dirk Feddersen, Thomas Eggers Telefon: +49 331 55035-0, Telefax: +49 331 55035-29 Deutsche Bank, BLZ 120 700 24, Kto. 4978284 Amtsgericht Potsdam, HRB 21666 P, USt-IdNr. DE 263309519 From Thomas.Eggers at araneaCONSULT.de Mon Jul 24 14:00:00 2017 From: Thomas.Eggers at araneaCONSULT.de (Thomas Eggers) Date: Mon, 24 Jul 2017 22:00:00 +0200 Subject: [sle-beta] Antw: Re: [Fwd: sssd configuration via autoast] In-Reply-To: References: <597481000200006100010268@smtp.araneaconsult.de> <1500832688.2800.9.camel@suse.com> Message-ID: <597651C002000061000102A0@smtp.araneaconsult.de> Hi Howard, I started yast2 and select "Autoinstallation Configuration" -> Security and Users -> User and Group Management -> Authentication Settings. I configured a "LDAP Domain" and saved the file. This is the result, all LDAP configurations are gone. # cat sssd.xml false true yast2-auth-client sssd sssd-tools sssd-ldap 100 /home -1 true /bin/bash /etc/skel 022 Thomas Thomas Eggers Gesch?ftsf?hrer -------------------------------------- araneaCONSULT GmbH Rudolf-Breitscheid-Stra?e 185-189 14482 Potsdam Tel: +49 331 55035-0 (-21) Mobil: +49 173 7274181 Fax: +49 331 55035-29 Mail: Thomas.Eggers at araneaconsult.de Web: www.araneaconsult.de -------------------------------------- >>> Howard Guo 24.07.17 9.53 Uhr >>> Hello Thomas & Peter. You are correct in saying that the entry point to SSSD configuration has moved to "User logon management". If you launch autoyast's GUI configuration program (called "autoinstallation"), you will find a graphical tool behind "user logon management" that grants you full customisability. After you have configured SSSD according to your needs, run "File -> Save" and the final autoyast XML file will be ready. Notice that SSSD configuration is written in JSON rather than XML elements in the result XML file, this is the new format since SP2. Kind regards, Howard On Sun, 23 Jul 2017, Peter Varkoly wrote: > Please have a look at it!!!! > -- > Peter Varkoly > > > Sr. Developer SUSE Linux Enterprise Applications > > SUSE LINUX GmbH > Maxfeldstra?e 5 > 90409 N?rnberg > Germany > GF: SUSE Linux GmbH, GF: Felix Imend?rffer, Jane Smithard, Dilip > Upmanyu, Graham Norton, HRB 21284 (AG N?rnberg) Date: Sun, 23 Jul 2017 12:57:04 +0200 From: Thomas Eggers To: sle-beta at lists.suse.com Subject: [sle-beta] sssd configuration via autoast [ Part 2.1.2: "HTML" ] Hi, nothing has changed since SLES 12 SP3 Beta 1. It is still not possible to configure the user authentication service sssd via autoyast. ;) Thomas since SLES 12 SP2 I'm not be able to configure the sssd service over autoyast. In SLES 12 SP1 it was a separate point in yast and with SLES 12 SP2 it moves to user and authentication. I think that broke autoyast. Only with I get is: false true yast2-auth-client sssd sssd-tools sssd-ldap 100 /home -1 true /bin/bash /etc/skel 022 From mge at suse.com Mon Jul 24 15:48:20 2017 From: mge at suse.com (Matthias G. Eckermann) Date: Mon, 24 Jul 2017 23:48:20 +0200 Subject: [sle-beta] [sles-beta] StrongSWAN... In-Reply-To: References: Message-ID: <20170724214820.4d7awmfbsgzqojhg@suse.com> Hello Joel and all, thanks for your recommendation. As you are working in the FIPS context, you are aware of the quite rigid requirements with respect to code updates, the time a FIPS validation needs, and the efforts associated with this. That said, the plan for re-validating our SLE 12 SP2 and SP3 security modules for FIPS 140-2 is already in process, and thus your are not only "late", but really "too late", I am afraid. Your recommendation is valid for the upcoming SLE 15 though. Kind regards - So long - MgE On 2017-07-24 T 15:35 -0500 Joel Barbieri wrote: > > > > Yes...I'm late...but everything has been working spectacularly...until I > needed to implement a new security requirement for our product...which > currently is best resolved with a newer strongswan...version 5.3.3 or > newer. I am needing to guarantee that all [backend] traffic between hosts > in our clustered application is encrypted. As a cheat, I think VPN...and I > tried the strongswan "trap-any" configuration. This does not work with > 5.1...and has a few bug reports indicating it is broken until 5.3.3. It's > such a horribly simple and elegant solution too... I tried the tumbleweed > package [based on 5.3.5], and it brings up tunnels just as I want it too, > where 5.1 simply thinks there is nothing to be done. Of course, the 5.3.5 > from tumbleweed doesn't work in FIPS mode [or at least when compiled to be > more native to SLES12SP3 it experiences a failure in drbg.c line 1841 > _gcry_drbg_randomize: No output buffer provided], which means I still have > work to do....but that could just be having a non-FIPS option specified in > my configuration...PSK seems a little questionable for FIPS. > > Would anyone else second having a more up to date strongswan that worked in > FIPS mode and could provide VPN encryption automatically between hosts they > deployed in the cloud? > > I mean really, would you want to turn your back on something where your > solution was simply: > > # ipsec.conf - strongSwan IPsec configuration file > > config setup > charondebug="knl 2" > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > > conn trap-any > right=%any > leftsubnet=192.168.234.0/26 > rightsubnet=192.168.234.0/26 > type=transport > authby=psk > auto=route > > versus having to get into something far more chaotic? > > -Joel > _______________________________________________ > sle-beta mailing list > sle-beta at lists.suse.com > http://lists.suse.com/mailman/listinfo/sle-beta -- Matthias G. Eckermann, Director Product Management SUSE Linux Enterprise SUSE Linux GmbH, GF: Felix Imend?rffer, Jane Smithard, Graham Norton, HRB 21284 (AG N?rnberg) From hguo at suse.com Tue Jul 25 02:37:54 2017 From: hguo at suse.com (Howard Guo) Date: Tue, 25 Jul 2017 10:37:54 +0200 (CEST) Subject: [sle-beta] Antw: Re: [Fwd: sssd configuration via autoast] In-Reply-To: <597651C002000061000102A0@smtp.araneaconsult.de> References: <597481000200006100010268@smtp.araneaconsult.de> <1500832688.2800.9.camel@suse.com> <597651C002000061000102A0@smtp.araneaconsult.de> Message-ID: Hello Thomas. Please try invoking SSSD configuration program via Network Services -> User Login Management, and proceed to make SSSD configuration from there. Afterwards, the result XML file should contain a section that looks like: {"sssd":{"conf":{"sssd":{"config_file_version":"2","services":["pam","nss"],"domains":["ldapexample.net"]},"nss":{},"pam":{},"domain/ldapexample.net":{"id_provider":"ldap","auth_provider":"ldap","ldap_schema":"rfc2307bis","enumerate":"false","cache_credentials":"true","case_sensitive":"true","ldap_use_tokengroups":"false","ldap_uri":"ldap://example.net","ldap_search_base":"dc=example,dc=net","ldap_tls_reqcert":"never"}},"pam":true,"nss":["passwd","group"],"enabled":true},"ldap":{"conf":{"host":"127.0.0.1","base":"dc=example,dc=com","bind_policy":"soft","pam_lookup_policy":"yes","pam_password":"exop","nss_initgroups_ignoreusers":"root,ldap","nss_schema":"rfc2307bis","nss_map_attribute":"uniqueMember member","ssl":"start_tls"},"pam":false,"nss":[]},"krb":{"conf":{"include":[],"libdefaults":{},"realms":{},"domain_realms":{},"logging":{"kdc":"FILE:/var/log/krb5/krb5kdc.log","admin_server":"FILE:/var/log/krb5/kadmind.log","default":"SYSLOG:NOTICE:DAEMON"}},"pam":false},"aux":{"autofs":false,"nscd":false,"mkhomedir":false},"ad":{"domain":"","user":"","ou":"","pass":"","overwrite_smb_conf":false,"update_dns":true}} Kind regards, Howard On Mon, 24 Jul 2017, Thomas Eggers wrote: > Hi Howard, > > I started yast2 and select "Autoinstallation Configuration"? -> Security and Users -> > User and Group Management -> Authentication Settings. > > I configured a "LDAP Domain" and saved the file. > > This is the result, all LDAP configurations are gone. > > # cat sssd.xml > > > > ? > ??? false > ? > ? > ? > ? > ??? > ??? true > ??? > ??? > ????? yast2-auth-client > ????? sssd > ????? sssd-tools > ????? sssd-ldap > ??? > ? > ? > ??? > ??? 100 > ??? > ??? /home > ??? -1 > ??? true > ??? /bin/bash > ??? /etc/skel > ??? 022 > ? > ? > > > > Thomas > > ? > > > ?Thomas Eggers > Gesch?ftsf?hrer > -------------------------------------- > araneaCONSULT GmbH > Rudolf-Breitscheid-Stra?e 185-189 > 14482 Potsdam > Tel: +49 331 55035-0 (-21) > Mobil: +49 173 7274181 > Fax: +49 331 55035-29 > Mail: Thomas.Eggers at araneaconsult.de > Web: www.araneaconsult.de > -------------------------------------- > > > >>> Howard?Guo? 24.07.17 9.53 Uhr >>> > Hello Thomas & Peter. > > You are correct in saying that the entry point to SSSD configuration has moved to "User logon management". If you launch autoyast's GUI configuration program (called "autoinstallation"), you will find a graphical tool behind "user logon management" that grants you full customisability. > > After you have configured SSSD according to your needs, run "File -> Save" and the final autoyast XML file will be ready. > > Notice that SSSD configuration is written in JSON rather than XML elements in the result XML file, this is the new format since SP2. > > Kind regards, > Howard > > On Sun, 23 Jul 2017, Peter Varkoly wrote: > > > Please have a look at it!!!! > > -- > > Peter Varkoly > > > > > > Sr. Developer SUSE Linux Enterprise Applications > > > > SUSE LINUX GmbH > > Maxfeldstra?e 5 > > 90409 N?rnberg > > Germany > > GF: SUSE Linux GmbH, GF: Felix Imend?rffer, Jane Smithard, Dilip > > Upmanyu, Graham Norton, HRB 21284 (AG N?rnberg) > > Date: Sun, 23 Jul 2017 12:57:04 +0200 > From: Thomas Eggers > To: sle-beta at lists.suse.com > Subject: [sle-beta] sssd configuration via autoast > > > > [ Part 2.1.2: "HTML" ] > > Hi, > > nothing has changed since SLES 12 SP3 Beta 1. > It is still not possible to configure the user authentication service sssd via autoyast. > > ;) > > Thomas > > > since SLES 12 SP2 I'm not be able to configure the sssd service over autoyast. > > In SLES 12 SP1 it was a separate point in yast and with SLES 12 SP2 it moves to user and > authentication. > I think that broke autoyast. > > Only with I get is: > > > > > > false > > > > > > true > > > yast2-auth-client > sssd > sssd-tools > sssd-ldap > > > > > 100 > > /home > -1 > true > /bin/bash > /etc/skel > 022 > > > > > All the options about ldap server and other settings are gone, > > Thomas > > > -- > araneaCONSULT GmbH, > Rudolf-Breitscheid-Stra?e 185-189, 14482 Potsdam > E-Mail: info at araneaCONSULT.de > Internet: www.araneaCONSULT.de > Gesch?ftsf?hrer: Martina Huster, Gerald Bock, > Dirk Feddersen, Thomas Eggers > Telefon: +49 331 55035-0, Telefax: +49 331 55035-29 > Deutsche Bank, BLZ 120 700 24, Kto. 4978284 > Amtsgericht Potsdam, HRB 21666 P, USt-IdNr. DE 263309519 > > > -- > araneaCONSULT GmbH, > Rudolf-Breitscheid-Stra?e 185-189, 14482 Potsdam > E-Mail: info at araneaCONSULT.de > Internet: www.araneaCONSULT.de > Gesch?ftsf?hrer: Martina Huster, Gerald Bock, > Dirk Feddersen, Thomas Eggers > Telefon: +49 331 55035-0, Telefax: +49 331 55035-29 > Deutsche Bank, BLZ 120 700 24, Kto. 4978284 > Amtsgericht Potsdam, HRB 21666 P, USt-IdNr. DE 263309519 > > > From hguo at suse.com Tue Jul 25 02:40:25 2017 From: hguo at suse.com (Howard Guo) Date: Tue, 25 Jul 2017 10:40:25 +0200 (CEST) Subject: [sle-beta] Antw: Re: [Fwd: sssd configuration via autoast] Message-ID: Hello Thomas. Please try invoking SSSD configuration program via Network Services -> User Login Management, and proceed to make SSSD configuration from there. Afterwards, the result XML file should contain a section that looks like: JSON TEXT Kind regards, Howard On Mon, 24 Jul 2017, Thomas Eggers wrote: > Hi Howard, > > I started yast2 and select "Autoinstallation Configuration"? -> Security and > Users -> > User and Group Management -> Authentication Settings. > > I configured a "LDAP Domain" and saved the file. > > This is the result, all LDAP configurations are gone. > > # cat sssd.xml > > > xmlns:config="http://www.suse.com/1.0/configns"> > ? > ??? false > ? > ? > ? > ? > ??? > ??? true > ??? > ??? > ????? yast2-auth-client > ????? sssd > ????? sssd-tools > ????? sssd-ldap > ??? > ? > ? > ??? > ??? 100 > ??? > ??? /home > ??? -1 > ??? true > ??? /bin/bash > ??? /etc/skel > ??? 022 > ? > ? > > > > Thomas > > ? > > > ?Thomas Eggers > Gesch?ftsf?hrer > -------------------------------------- > araneaCONSULT GmbH > Rudolf-Breitscheid-Stra?e 185-189 > 14482 Potsdam > Tel: +49 331 55035-0 (-21) > Mobil: +49 173 7274181 > Fax: +49 331 55035-29 > Mail: Thomas.Eggers at araneaconsult.de > Web: www.araneaconsult.de > -------------------------------------- > > > >>> Howard?Guo? 24.07.17 9.53 Uhr >>> > Hello Thomas & Peter. > > You are correct in saying that the entry point to SSSD configuration has > moved to "User logon management". If you launch autoyast's GUI configuration > program (called "autoinstallation"), you will find a graphical tool behind > "user logon management" that grants you full customisability. > > After you have configured SSSD according to your needs, run "File -> Save" > and the final autoyast XML file will be ready. > > Notice that SSSD configuration is written in JSON rather than XML elements > in the result XML file, this is the new format since SP2. > > Kind regards, > Howard > > On Sun, 23 Jul 2017, Peter Varkoly wrote: > > > Please have a look at it!!!! > > -- > > Peter Varkoly > > > > > > Sr. Developer SUSE Linux Enterprise Applications > > > > SUSE LINUX GmbH > > Maxfeldstra?e 5 > > 90409 N?rnberg > > Germany > > GF: SUSE Linux GmbH, GF: Felix Imend?rffer, Jane Smithard, Dilip > > Upmanyu, Graham Norton, HRB 21284 (AG N?rnberg) > > Date: Sun, 23 Jul 2017 12:57:04 +0200 > From: Thomas Eggers > To: sle-beta at lists.suse.com > Subject: [sle-beta] sssd configuration via autoast > > > > [ Part 2.1.2: "HTML" ] > > Hi, > > nothing has changed since SLES 12 SP3 Beta 1. > It is still not possible to configure the user authentication service sssd > via autoyast. > > ;) > > Thomas > > > since SLES 12 SP2 I'm not be able to configure the sssd service over > autoyast. > > In SLES 12 SP1 it was a separate point in yast and with SLES 12 SP2 it moves > to user and > authentication. > I think that broke autoyast. > > Only with I get is: > > > > xmlns:config="http://www.suse.com/1.0/configns"> > > false > > > > > > true > > > yast2-auth-client > sssd > sssd-tools > sssd-ldap > > > > > 100 > > /home > -1 > true > /bin/bash > /etc/skel > 022 > > > > > All the options about ldap server and other settings are gone, > > Thomas > > > -- > araneaCONSULT GmbH, > Rudolf-Breitscheid-Stra?e 185-189, 14482 Potsdam > E-Mail: info at araneaCONSULT.de > Internet: www.araneaCONSULT.de > Gesch?ftsf?hrer: Martina Huster, Gerald Bock, > Dirk Feddersen, Thomas Eggers > Telefon: +49 331 55035-0, Telefax: +49 331 55035-29 > Deutsche Bank, BLZ 120 700 24, Kto. 4978284 > Amtsgericht Potsdam, HRB 21666 P, USt-IdNr. DE 263309519 > > > -- > araneaCONSULT GmbH, > Rudolf-Breitscheid-Stra?e 185-189, 14482 Potsdam > E-Mail: info at araneaCONSULT.de > Internet: www.araneaCONSULT.de > Gesch?ftsf?hrer: Martina Huster, Gerald Bock, > Dirk Feddersen, Thomas Eggers > Telefon: +49 331 55035-0, Telefax: +49 331 55035-29 > Deutsche Bank, BLZ 120 700 24, Kto. 4978284 > Amtsgericht Potsdam, HRB 21666 P, USt-IdNr. DE 263309519 > > > From mawerner at suse.com Wed Jul 26 01:29:01 2017 From: mawerner at suse.com (Marita Werner) Date: Wed, 26 Jul 2017 09:29:01 +0200 Subject: [sle-beta] Request for Autoyast profiles - improve our test coverage for SLE 15 Message-ID: <01168648-2340-81e1-4e09-4362bb90e2e7@suse.com> Hello Beta testers, We, the SUSE SLE QA department which is responsible for the Quality of SLE would like to improve our test coverage and extend our automated Test infrastructure openQA (http://open.qa) for the upcoming SLE 15. One area that we plan to look into is the Autoyast testcoverage. For that we would like to learn how you, beta testers, use Autoyast and would like to ask you to share your Autoyast profiles so that we can review them and add what could be interesting to our Tests. So if possible, please reply to this email with a short description on how you use your Autoyast profile for beta testing and attach it to your email. If you do not want to share this information please reply only to me or send it to beta-programs at lists.suse.com Thanks a lot for your help. Looking forward to hearing from you! Best regards, Marita Werner -- Marita Werner, Project Manager QA Phone +49 911 74053-222, eMail: mawerner at suse.com SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Felix Imend?rffer, Jane Smithard, Graham Norton, HRB 21284 (AG N?rnberg) From Thomas.Eggers at araneaCONSULT.de Thu Jul 27 02:09:10 2017 From: Thomas.Eggers at araneaCONSULT.de (Thomas Eggers) Date: Thu, 27 Jul 2017 10:09:10 +0200 Subject: [sle-beta] Antw: Re: [Fwd: sssd configuration via autoast] In-Reply-To: References: Message-ID: <59799FA602000061000102FB@smtp.araneaconsult.de> Thank you Howard, that works perfect. Thomas -- araneaCONSULT GmbH, Rudolf-Breitscheid-Stra?e 185-189, 14482 Potsdam E-Mail: info at araneaCONSULT.de Internet: www.araneaCONSULT.de Gesch?ftsf?hrer: Martina Huster, Gerald Bock, Dirk Feddersen, Thomas Eggers Telefon: +49 331 55035-0, Telefax: +49 331 55035-29 Deutsche Bank, BLZ 120 700 24, Kto. 4978284 Amtsgericht Potsdam, HRB 21666 P, USt-IdNr. DE 2 >>> Howard Guo 25.07.2017 10:40 >>> Hello Thomas. Please try invoking SSSD configuration program via Network Services -> User Login Management, and proceed to make SSSD configuration from there. Afterwards, the result XML file should contain a section that looks like: JSON TEXT Kind regards, Howard On Mon, 24 Jul 2017, Thomas Eggers wrote: > Hi Howard, > > I started yast2 and select "Autoinstallation Configuration" -> Security and > Users -> > User and Group Management -> Authentication Settings. > > I configured a "LDAP Domain" and saved the file. > > This is the result, all LDAP configurations are gone. > > # cat sssd.xml > > > xmlns:config="http://www.suse.com/1.0/configns"> > > false > > > > > > true > > > yast2-auth-client > sssd > sssd-tools > sssd-ldap > > > > > 100 > > /home > -1 > true > /bin/bash > /etc/skel > 022 > > > > > > Thomas > > > > > Thomas Eggers > Gesch?ftsf?hrer > -------------------------------------- > araneaCONSULT GmbH > Rudolf-Breitscheid-Stra?e 185-189 > 14482 Potsdam > Tel: +49 331 55035-0 (-21) > Mobil: +49 173 7274181 > Fax: +49 331 55035-29 > Mail: Thomas.Eggers at araneaconsult.de > Web: www.araneaconsult.de > -------------------------------------- > > > >>> Howard Guo 24.07.17 9.53 Uhr >>> > Hello Thomas & Peter. > > You are correct in saying that the entry point to SSSD configuration has > moved to "User logon management". If you launch autoyast's GUI configuration > program (called "autoinstallation"), you will find a graphical tool behind > "user logon management" that grants you full customisability. > > After you have configured SSSD according to your needs, run "File -> Save" > and the final autoyast XML file will be ready. > > Notice that SSSD configuration is written in JSON rather than XML elements > in the result XML file, this is the new format since SP2. > > Kind regards, > Howard > > On Sun, 23 Jul 2017, Peter Varkoly wrote: > > > Please have a look at it!!!! > > -- > > Peter Varkoly > > > > > > Sr. Developer SUSE Linux Enterprise Applications > > > > SUSE LINUX GmbH > > Maxfeldstra?e 5 > > 90409 N?rnberg > > Germany > > GF: SUSE Linux GmbH, GF: Felix Imend?rffer, Jane Smithard, Dilip > > Upmanyu, Graham Norton, HRB 21284 (AG N?rnberg) > > Date: Sun, 23 Jul 2017 12:57:04 +0200 > From: Thomas Eggers > To: sle-beta at lists.suse.com > Subject: [sle-beta] sssd configuration via autoast > > > > [ Part 2.1.2: "HTML" ] > > Hi, > > nothing has chang ed since SLES 12 SP3 Beta 1. > It is still not possible to configure the user authentication service sssd > via autoyast. > > ;) > > Thomas > > > since SLES 12 SP2 I'm not be able to configure the sssd service over > autoyast. > > In SLES 12 SP1 it was a separate point in yast and with SLES 12 SP2 it moves > to user and > authentication. > I think that broke autoyast. > > Only with I get is: > > > > xmlns:config="http://www.suse.com/1.0/configns"> > > false > > > > > > true > > > yast2-auth-client > sssd > sssd-tools > sssd-ldap > > > > > 100 > > /home > -1 > true > /bin/bash > /etc/skel > 022 > > > > > All the options about ldap server and other settings are gone, > > Thomas > > > -- > araneaCONSULT GmbH, > Rudolf-Breitscheid-Stra?e 185-189, 14482 Potsdam > E-Mail: info at araneaCONSULT.de > Internet: www.araneaCONSULT.de > Gesch?ftsf?hrer: Martina Huster, Gerald Bock, > Dirk Feddersen, Thomas Eggers > Telefon: +49 331 55035-0, Telefax: +49 331 55035-29 > Deutsche Bank, BLZ 120 700 24, Kto. 4978284 > Amtsgericht Potsdam, HRB 21666 P, USt-IdNr. DE 263309519 > > > -- > araneaCONSULT GmbH, > Rudolf-Breitscheid-Stra?e 185-189, 14482 Potsdam > E-Mail: info at araneaCONSULT.de > Internet: www.araneaCONSULT.de > Gesch?ftsf?hrer: Martina Huster, Gerald Bock, > Dirk Feddersen, Thomas Eggers > Telefon: +49 331 55035-0, Telefax: +49 331 55035-29 > Deutsche Bank, BLZ 120 700 24, Kto. 4978284 > Amtsgericht Potsdam, HRB 21666 P, USt-IdNr. DE 263309519 > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vmoutoussamy at suse.com Thu Jul 27 03:04:18 2017 From: vmoutoussamy at suse.com (Vincent Moutoussamy) Date: Thu, 27 Jul 2017 11:04:18 +0200 Subject: [sle-beta] Request for Autoyast profiles - improve our test coverage for SLE 15 In-Reply-To: <01168648-2340-81e1-4e09-4362bb90e2e7@suse.com> References: <01168648-2340-81e1-4e09-4362bb90e2e7@suse.com> Message-ID: <2B9A4A07-CB84-4CFF-9925-AF4BB14304B0@suse.com> Hi, If this is more convenient for you, you can also use the tool supportconfig[1] to retrieve the autoyast configuration files. Then you can just share your supportconfig tarball. From the supportconfig source code: /sbin/supportconfig: > yast_files() { > # This is a minimum required function, do not exclude > printlog "YaST Files..." > test $MIN_OPTION_YAST -eq 0 && { echolog EXCLUDED; return 1; } > hppsp_info > # YaST files > OF=y2log.txt > addHeaderFile $OF > rpm_verify $OF yast2-packager > rpm_verify $OF yast2-packagemanager > if rpm -q perl-Bootloader &> /dev/null; then > rpm_verify $OF perl-Bootloader > fi > test -d /var/log/YaST2 && FILES=$(find -L /var/log/YaST2/ -type f | egrep -v "_dev_|\.tbz$|\.tgz$|\.gz$|\.bz2$|\.zip$") || unset FILES > conf_files $OF /etc/youservers /etc/sysconfig/onlineupdate /etc/wgetrc > log_files $OF 0 /var/log/pbl.log > (( ADD_OPTION_MAXYAST > 0 )) && log_files $OF 0 $FILES || log_files $OF $VAR_OPTION_LINE_COUNT $FILES > [[ -s /root/autoupg.xml ]] && FILES="/root/autoupg*xml" || FILES='' > conf_files $OF /root/autoinst.xml $FILES /var/adm/autoinstall/cache/installedSystem.xml > sed -i -e 's!.*!*REMOVED BY SUPPORTCONFIG*!g' $LOG/$OF > echolog Done > } As you can see, any password hashes will be automatically removed from the autoyast profile. Regards, [1] https://www.suse.com/betaprogram/beta-guidelines/#q15 -- Vincent Moutoussamy SUSE Beta Program and SDK Project Manager > On 26 Jul 2017, at 09:29, Marita Werner wrote: > > Hello Beta testers, > > We, the SUSE SLE QA department which is responsible for the Quality of SLE would like to improve our test coverage and extend our automated Test infrastructure openQA (http://open.qa) for the upcoming SLE 15. > > One area that we plan to look into is the Autoyast testcoverage. For that we would like to learn how you, beta testers, use Autoyast and would like to ask you to share your Autoyast profiles so that we can review them and add what could be interesting to our Tests. > > So if possible, please reply to this email with a short description on how you use your Autoyast profile for beta testing and attach it to your email. If you do not want to share this information please reply only to me or send it to beta-programs at lists.suse.com > > Thanks a lot for your help. Looking forward to hearing from you! > > Best regards, > > Marita Werner > > > -- > Marita Werner, Project Manager QA > Phone +49 911 74053-222, eMail: mawerner at suse.com > SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg > GF: Felix Imend?rffer, Jane Smithard, Graham Norton, > HRB 21284 (AG N?rnberg) > _______________________________________________ > sle-beta mailing list > sle-beta at lists.suse.com > http://lists.suse.com/mailman/listinfo/sle-beta