Fedora test days are events where anyone can help make sure changes in Fedora work well in an upcoming release. Fedora community members often participate, and the public is welcome at these events. If you’ve never contributed to Fedora before, this is a perfect way to get started.
There are two upcoming test days this week. The first, on Tuesday March 12, is to test the Kernel 5.0. Wednesday March 13, the test day is focusing on Fedora IoT Edition. Come and test with us to make the upcoming Fedora 30 even better.
Kernel test day
The kernel team is working on final integration for kernel 5.0. This version was just recently released and will arrive soon in Fedora. This version will also be the shipping kernel for Fedora 30. As a result, the Fedora kernel and QA teams have organized a test day for Tuesday, March 12. Refer to the wiki page for links to the test images you’ll need to participate.
Fedora IoT Edition test day
Fedora Internet of Things is a variant of Fedora focused on IoT ecosystems. Whether you’re working on a home assistant, industrial gateways, or data storage and analytics, Fedora IoT provides a trusted open source platform to build on. Fedora IoT produces a monthly rolling release to help you keep your ecosystem up-to-date. The IoT and QA teams will have this test day for on Wednesday, March 13. Refer to the wiki page for links and resources to test the IoT Edition.
How do test days work?
A test day is an event where anyone can help make sure changes in Fedora work well in an upcoming release. Fedora community members often participate, and the public is welcome at these events. If you’ve never contributed before, this is a perfect way to get started.
To contribute, you only need to be able to download test materials (which include some large files) and then read and follow directions step by step.
Detailed information about both test days are on the wiki pages above. If you’re available on or around the days of the events, please do some testing and report your results.
Do you love to cook? Looking for a better way to manage your recipes using Fedora? GNOME Recipes is an awesome application available to install in Fedora to store and organize your recipe collection.
GNOME Recipes is an recipe management tool from the GNOME project. It has the visual style of a modern GNOME style application, and feels similar to GNOME Software, but for food.
Installing GNOME Recipes
Recipes is available to install from the 3rd party Flathub repositories. If you have never installed an application from Flathub before, set it up using the following guide:
After correctly setting up Flathub as a software source, you will be able to search for and install Recipes via GNOME Software.
Recipe management
Recipes allows you to manually add your own collection of recipes, including photos, ingredients, directions, as well as extra metadata like preparation time, cuisine style, and spiciness.
When entering in a new item, GNOME Recipes there are a range of different measurement units to choose from, as well as special tags for items like temperature, allowing you to easily switch units.
Community recipes
In addition to manually entering in your favourite dishes for your own use, it also allows you to find, use, and contribute recipes to the community. Additionally, you can mark your favourites, and search the collection by the myriad of metadata available for each recipe.
Step by step guidance
One of the awesome little features in GNOME Recipes is the step by step fullscreen mode. When you are ready to cook, simply activate this mode, move you laptop to the kitchen, and you will have a full screen display of the current step in the cooking method. Futhermore, you can set up the recipes to have timers displayed on this mode when something is in the oven.
JDK Mission Control (JMC) is now available as a module in Fedora 29. JDK Mission Control is a powerful profiling application for HotSpot JVMs. It has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder (JFR). JMC requires JDK 8 or later.
JFR is part of the JVM, and is available in OpenJDK 11 or Oracle JDK 7u4 or later. Therefore, to generate a flight recording to be loaded into JMC for analysis, the target application needs to run on OpenJDK 11 or OracleJDK 7u4 or later.
This article is a guide to install and run JMC on Fedora 29 Workstation. Then you’ll learn how to use it to solve a common problem with Java programs called hot methods.
Installing JMC on Fedora 29
Using Java 11 will allow JMC to record JFR data for itself. Install Java 11 via:
$ sudo dnf install java-11-openjdk
Enable and install the JMC module with the default profile via:
$ sudo dnf module install jmc:latest/default
Run JMC targeting the Java 11 JRE via:
$ jmc -vm /usr/lib/jvm/jre-11/bin
Using JMC and JFR to explore hot methods
JDK Mission Control can be used to deeply analyze Java applications. In this example, we will take a look at hot methods. Hot methods are methods where a high proportion of time is spent during execution. These are good places to start investigating when trying to reduce overall execution time.
To demonstrate, here is a portion of code for a Java application.
Initiator Sample Code
In practice, there are multiple methods of analyzing Java applications in JDK Mission Control. As an example, you can run the application with Flight Recording enabled and set to dump on JVM exit. This generates a Flight Recording (.jfr) file when the application exits, which can be opened by JDK Mission Control. Note that Flight Recorder is available in OpenJDK 11+ and OracleJDK 7u4+.
For example, for OpenJDK 11+ use this command to run the class with Flight Recorder:
After the application has completed execution, open the resulting Flight Recording with JMC. Below is the automated analysis results.
Automated Analysis Results
The automated Method Profiling analysis already indicates a potential optimization area in the calls to Integer.equals(Object). Going to the Method Profiling tab, select that method and check the Stack Trace for it as shown below.
Method Profiling View
In this Stack Trace, you can follow the calls to the method Initiator.countIntersection(Initiator). Checking the Initiator class, shown below, note that counting intersections between two Integer collections would be better done using HashSet collections instead of LinkedLists collections.
The Before and After Code
After making this change, you can see the execution improve in the follow-up Flight Recording.
Method Profiling View of ‘After’ Code
JDK Mission Control and JDK Flight Recorder gives you a highly detailed view of your Java application behavior. You can use it to diagnose issues with hot methods, deadlocks, lock contention, memory leaks and more. Try it out via the JMC module in Fedora 29!
Every day there seems to be a security breach reported in the news where our data is at risk. Despite the fact that SSH is a secure way to connect remotely to a system, you can still make it even more secure. This article will show you how.
That’s where two-factor authentication (2FA) comes in. Even if you disable passwords and only allow SSH connections using public and private keys, an unauthorized user could still gain access to your system if they steal your keys.
With two-factor authentication, you can’t connect to a server with just your SSH keys. You also need to provide the randomly generated number displayed by an authenticator application on a mobile phone.
The Time-based One-time Password algorithm (TOTP) is the method shown in this article. Google Authenticator is used as the server application. Google Authenticator is available by default in Fedora.
For your mobile phone, you can use any two-way authentication application that is compatible with TOTP. There are numerous free applications for Android or IOS that work with TOTP and Google Authenticator. This article uses FreeOTP as an example.
Install and set up Google Authenticator
First, install the Google Authenticator package on your server.
$ sudo dnf install -y google-authenticator
Run the application.
$ google-authenticator
The application presents you with a series of questions. The snippets below show you how to answer for a reasonably secure setup.
Do you want authentication tokens to be time-based (y/n) y Do you want me to update your "/home/user/.google_authenticator" file (y/n)? y
The app provides you with a secret key, verification code, and recovery codes. Keep these in a secure, safe location. The recovery codes are the only way to access your server if you lose your mobile phone.
Set up mobile phone authentication
Install the authenticator application (FreeOTP) on your mobile phone. You can find it in Google Play if you have an Android phone, or in the iTunes store for an Apple iPhone.
A QR code is displayed on the screen. Open up the FreeOTP app on your mobile phone. To add a new account, select the QR code shaped tool at the top on the app, and then scan the QR code. After the setup is complete, you’ll have to provide the random number generated by the authenticator application every time you connect to your server remotely.
Finish configuration
The application asks further questions. The example below shows you how to answer to set up a reasonably secure configuration.
Do you want to disallow multiple uses of the same authentication token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in-the-middle attacks (y/n) y By default, tokens are good for 30 seconds. In order to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. If you experience problems with poor time synchronization, you can increase the window from its default size of +-1min (window size of 3) to about +-4min (window size of 17 acceptable tokens). Do you want to do so? (y/n) n If the computer that you are logging into isn't hardened against brute-force login attempts, you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attempts every 30s. Do you want to enable rate-limiting (y/n) y
Now you have to set up SSH to take advantage of the new two-way authentication.
Configure SSH
Before completing this step, make sure you’ve already established a working SSH connection using public SSH keys, since we’ll be disabling password connections. If there is a problem or mistake, having a connection will allow you to fix the problem.
On your server, use sudo to edit the /etc/pam.d/sshd file.
$ sudo vi /etc/pam.d/ssh
Comment out the auth substack password-auth line:
#auth substack password-auth
Add the following line to the bottom of the file.
auth sufficient pam_google_authenticator.so
Save and close the file. Next, edit the /etc/ssh/sshd_config file.
$ sudo vi /etc/ssh/sshd_config
Look for the ChallengeResponseAuthentication line and change it to yes.
ChallengeResponseAuthentication yes
Look for the PasswordAuthentication line and change it to no.
The verification code is randomly generated by your authenticator application on your mobile phone. Since this number changes every few seconds, you need to enter it before it changes.
If you do not enter the verification code, you won’t be able to access the system, and you’ll get a permission denied error:
If you are developing software using Fedora Silverblue, and especially if what you are developing is a Gnome application, Gnome Builder 3.30.3 feels like an obvious choice of IDE.
In this article, I will show you how you can create a simple Gnome application, and how to build it and install it as a Flatpak app on your system.
Gnome and Flatpak applications
Builder has been a part of Gnome for a long time. It is a very mature IDE to me in terms of consistency and completeness.
The Gnome Builder project website offers extensive documentation regarding Gnome application development — I highly recommend spending some time there to anyone interested.
Editor’s note: Getting Builder
Because the initial Fedora Silverblue installation doesn’t include Builder, let’s walk through the installation process first.
Starting with a freshly installed system, the first thing you’ll need to do is to enable a repository providing Builder as a Flatpak — we’ll use Flathub which is a popular 3rd-party repository with many desktop apps.
To enable Flathub on your system, download the repository file from the Fedora Quick Setup page, and double-click it which opens Gnome Software asking you to enable this repository on your system.
After you’re done with that, you can search for Builder in Gnome Software and install it.
Creating a new project
So let’s walk through the creation of a new project for our Gnome app. When you start Gnome Builder, the first display is oriented towards project management.
To create a new project, I clicked on the New… button at the top-left corner which showed me the following view.
You’ll need to fill out the project name, choose your preferred language (I chose C, but other languages will work for this example as well), and the license. Leave the version control on, and select Gnome Application as your template.
I chose gbfprtfsb as the name of my project which means Hello from Gnome 3 on Fedora SilverBlue.
The IDE creates and opens the project once you press create.
Tweaking our new project
The newly created project is opened in the Builder IDE and on my system looks like the following.
This project could be run from within the IDE right now and would give you the ever popular “Hello World!” titled gnome windowed application with a label that says, yup “Hello World!”.
Let’s get a little disruptive and mess up the title and greeting a bit. Complacency leads to mediocrity which leads to entropy overcoming chaos to enforce order, stasis, then finally it all just comes to a halt. It’s therefore our duty to shake it up at every opportunity, if only to knock out any latent entropy that may have accumulated in our systems. Towards such lofty goals, we only need to change two lines of one file, and the file isn’t even a C language file, it’s an XML file used to describe the GUI named gbfprtfsb-window.ui. All we have to do is open it and edit the title and label text, save and then build our masterpiece!
Looking at the screenshot below, I have circled the text we are going to replace. The window is a GtkApplicationWindow, and uses a GtkHeaderBar and GtkLabel to display the text we are changing. In the GtkHeaderBar we will type GBFPRTFSB for the title property. In the GtkLabel we will type Hello from Gnome 3 on Fedora SilverBlue in the label property. Now save the file to record our changes.
Building the project
Well, we have made our changes, and expressed our individualism (cough) at the same time. All that is left is to build it and see what it looks like. The build panel is located near the top of the IDE, middle right, and is represented by the icon that appears to be a brick wall being built as shown on the following picture.
Press the button, and the build process completes. You can also preview your application by clicking on the “play” button next to it.
Building a Flatpak
When we’re happy with our creation, the next step will be building it as a Flatpak. To do that, click on the title in the middle of the top bar, and then on the Export Bundle button.
Once the export has successfully completed, Gnome Builder will open a Nautilus file browser window showing the export directory, with the Flatpak bundle already selected.
To install the app on your system, simply double-click the icon which opens Gnome Software allowing you to install the app. On my system I had to enter my user password twice, which I take to be due to the fact we had no configured GPG key for the project. After it was installed, the application was shown alongside all of the other applications on my system. It can be seen running below.
I think this has successfully shown how easy it is to deploy an application as a Flatpak bundle for Gnome using Builder, and then running it on Fedora Silverblue.
Do you want to know when a new version of your favorite project is released? Do you want to make your job as packager easier? If so, this article is for you. It introduces you to the world of release-monitoring.org. You’ll see how it can help you catch up with upstream releases.
What is release-monitoring.org?
The release-monitoring.org is a combination of two applications: Anitya and the-new-hotness.
Anitya is what you can see when visiting release-monitoring.org. You can use it to add and manage your projects. Anitya also checks for new releases periodically.
The-new-hotness is an application that catches the messages emitted by Anitya. It creates a Bugzilla issue if the project is mapped to a Fedora package.
How to use release-monitoring.org
Now that you know how it works, let’s focus on how you can use it.
Index page of release-monitoring.org
First think you need to do is to log in. Anitya provides a few options you can use to log in, including the Fedora Account System (FAS), Yahoo!, or a custom OpenID server.
Login page
When you’re logged in, you’ll see new options in the top panel.
Anitya top panel
Add a new project
Now you can add a new project. It’s always good to check whether the project is already added.
Add project form
Next, fill in the information about the project:
Project name – Use the upstream project name
Homepage – Homepage of the project
Backend – Backend is simply the web hosting where the project is hosted. Anitya offers many backends you can chose from. If you can’t find a backend for your project, you can use the custom backend. Every backend has its own additional fields. For example, BitBucket has you specify owner/project.
Version scheme – This is used to sort received versions. Right now, Anitya only supports RPM version scheme.
Version prefix – This is the prefix that is stripped from any received version. For example, if the tag on GitHub is version_1.2.3, you would use version_ as version prefix. The version will then be presented as 1.2.3. The version prefix v is stripped automatically.
Check latest release on submit – If you check this, Anitya will do an initial check on the project when submitted.
Distro – The distribution in which this project is used. This could be also added later.
Package – The project’s packaged name in the distribution. This is required when the Distro field is filled in.
When you’re happy with the project, submit it. Below you can see how your project may look after you submit.
Project page
Add a new distribution mapping
If you want to map the project to a package on a specific distribution, open up the project page first and then click on Add new distribution mapping.
Add distribution mapping form
Here you can chose any distribution already available in Anitya, fill in the package name, and submit it. The new mapping will show up on the project page.
Automatic filing of Bugzilla issues
Now you created a new project and created a mapping for it. This is nice, but how does this help you as a packager? This is where the-new-hotness comes into play.
Every time the-new-hotness sees a new update or new mapping message emitted by Anitya, it checks whether this project is mapped to a package in Fedora. For this to work, the project must have a mapping to Fedora added in Anitya.
If the package is known, the-new-hotness checks the notification setting for this package. That setting can be changed here. The last check the-new-hotness does is whether the version reported by Anitya is newer than the current version of this package in Fedora Rawhide.
If all those checks are positive, the new Bugzilla issue is filed and a Koji scratch build started. After the Koji build is finished, the Bugzilla is updated with output.
Future plans for release-monitoring.org
The release-monitoring.org system is pretty amazing, isn’t it? But this isn’t all. There are plenty of things planned for both Anitya and the-new-hotness. Here’s a short list of future plans:
Anitya
Add libraries.io consumer – automatically check for new releases on libraries.io, create projects in Anitya and emit messages about updates
Use Fedora package database to automatically guess the package name in Fedora based on the project name and backend
Change current cron job to service: Anitya checks for new versions periodically using a cron job. The plan is to change this to a service that checks projects using queues.
Support for more than one version prefix
the-new-hotness
File Github issues for Flathub projects when a new version comes out
Create pull requests in Pagure instead of filing a Bugzilla issue
Move to OpenShift – this should make deployment much easier than how it is now
Convert to Python 3 (mostly done)
Both
Conversion to fedora-messaging – This is already in progress and should make communication between Anitya and the-new-hotness more reliable.
The Python developers have released the first alpha of Python 3.8.0 and you can already try it out in Fedora! Test your Python code with 3.8 early to avoid surprises once the final 3.8.0 is out in October.
Install Python 3.8 on Fedora
If you have Fedora 29 or newer, you can install Python 3.8 from the official software repository with dnf:
$ sudo dnf install python38
As more alphas, betas and release candidates of Python 3.8 will be released, the Fedora package will receive updates. No need to compile your own development version of Python, just install it and have it up to date. New features will be added until the first beta.
Test your projects with Python 3.8
Run the python3.8 command to use Python 3.8 or create virtual environments with the builtin venv module, tox or with pipenv. For example:
$ git clone https://github.com/benjaminp/six.git Cloning into 'six'... $ cd six/ $ tox -e py38 py38 runtests: commands[0] | python -m pytest -rfsxX ================== test session starts =================== platform linux -- Python 3.8.0a1, pytest-4.2.1, py-1.7.0, pluggy-0.8.1 collected 195 items
$ python3.8 Python 3.8.0a1 (default, Feb 7 2019, 08:07:33) [GCC 8.2.1 20181215 (Red Hat 8.2.1-6)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> while not (answer := input('Say something: ')): ... print("I don't like empty answers, try again...") ... Say something: I don't like empty answers, try again... Say something: Fedora >>>
The current Fedora Logo has been used by Fedora and the Fedora Community since 2005. However, over the past few months, Máirín Duffy and the Fedora Design team, along with the wider Fedora community have been working on redesigning the Fedora logo.
Far from being just an arbitrary logo change, this process is being undertaken to solve a number of issues encountered with the current logo. Some of the issues with the current logo include the lack of a single colour variant, and, consequently the logo not working well on dark backgrounds. Other challenges with the current logo is confusion with other well-known brands, and the use of a proprietary font.
The new Fedora Logo design process
Last month, Máirín posted an amazing article about the history of the Fedora logo, a detailed analysis of the challenges with the current logo, and a proposal of two candidates. A wide ranging discussion with the Fedora community followed, including input from Matt Muñoz, the designer of the current Fedora logo. After the discussions, the following candidate was chosen for further iteration:
In a follow-up post this week, Máirín summarizes the discussions and critiques that took place around the initial proposal, and details the iterations that took place as a result.
After all the discussions and iterations, the following 3 candidates are where the team is currently at:
Fedora Classroom sessions continue with two introductory sessions, on using Fedora Silverblue (February 7), and creating Fedora badges designs (February 10). The general schedule for sessions is availble on the wiki, along with resources and recordings from previous sessions. Details on both these upcoming sessions follow.
Topic: Fedora Silverblue
Fedora Silverblue is a variant of Fedora Workstation that is composed and delivered using ostree technology. It uses some of the same RPMs found in Fedora Workstation but delivers them in a way that produces an “immutable host” for the end user. This provides atomic upgrades for end users and allows users to move to a fully containerized environment using traditional containers and flatpaks.
This session is aimed at users who want to learn more about Fedora Silverblue,
ostree, rpm-ostree, containers, and Flatpaks. It is expected that attendees have some basic Linux knowledge.
The following topics will be covered:
What’s an immutable host?
How is Fedora Silverblue different from Fedora Workstation?
Micah Abbott is a Principal Quality Engineer working for Red Hat. He remembers his first introduction to Linux was during university when someone showed him Red Hat Linux running on a DEC Alpha Workstation. He’s dabbled with various distributions in the following years, but has always had a soft spot for Fedora. Micah has recently been contributing towards the development of Fedora/Red Hat CoreOS and before that Project Atomic. He enjoys engaging with the community to help solve problems that users are facing and has most recently been spending a lot of time involved with the Fedora Silverblue community.
Topic: Creating Fedora Badges Designs
Fedora Badges is a gamification system created around the hard work of the Fedora community on the various aspects of the Fedora Project. The Badges project helps to drive and motivate Fedora contributors to participate in all different parts of Fedora development, quality, content, events, and stay active in community initiatives. This classroom will explain the process of creating a design for a Fedora Badge.
Marie Nordin is a graphic designer and fine artist, with a day job as a Assistant Purchasing Manager in Rochester, NY. Marie began working on the Fedora Badges project and the Fedora Design Team in 2013 through an internship with the Outreachy program. She has maintained the design side of the Fedora Badges project for four years, as well as running workshops and teaching others how to contribute designs to Badges.
The default desktop of Fedora Workstation — GNOME Shell — is known and loved by many users for its minimal, clutter-free user interface. It is also known for the ability to add to the stock interface using extensions. In this article, we cover 3 simple, and useful extensions for GNOME Shell. These three extensions provide a simple extra behaviour to your desktop; simple tasks that you might do every day.
Installing Extensions
The quickest and easiest way to install GNOME Shell extensions is with the Software Application. Check out the previous post here on the Magazine for more details:
First up is the Removable Drive Menu extension. It is a simple tool that adds a small widget in the system tray if you have a removable drive inserted into your computer. This allows you easy access to open Files for your removable drive, or quickly and easily eject the drive for safe removal of the device.
Removable Drive Menu in the Software application
Extensions Extension.
The Extensions extension is super useful if you are always installing and trying out new extensions. It provides a list of all the installed extensions, allowing you to enable or disable them. Additionally, if an extension has settings, it allows quick access to the settings dialog for each one.
the Extensions extension in the Software application
Frippery Move Clock
Finally, there is the simplest extension in the list. Frippery Move Clock, simply moves the position of the clock from the center of the top bar to the right, next to the status area.
