March 29, 2015

Maximale Aufnahmedauer des Gnome-Screencasters erhöhen
Bitte beachtet auch die Anmerkungen zu den HowTos!

Die Gnome-Shell verfügt seit Version 3.2 über einen eingebauten Screencaster, der jedoch nur maximal 30 Sekunden lange Aufnahmen erlaubt.

Wer mehr möchte, muss dazu lediglich im Terminal oder dem Ausführen-Dialog (ALT+F2) folgenden Befehl ausführen

gsettings set max-screencast-length value

Will man beispielsweise die maximale Aufnahmedauer auf 10 Minuten (mehr geht AFAIK nicht) verlängern, lautet der Befehl

gsettings set max-screencast-length 600

Die Änderungen sind sofort wirksam.

Im Original von iddnna

Die Aufnahme des Screencasters wird mittles STRG+ALT+SHiFT+R gestartet und beendet. Das eine Aufnahme läuft, erkennt man an einem roten Punkt in der oberen rechten Ecke der Gnome-Shell.
How to change the duration of screencast in Gnome 3.16

The screencast tool of gnome is great ! but this have a little restriction ( the duration of screencast ) cuz’ the default value is just 30 seconds so, if we need make a screencast with a duration > 30 seconds this will be impossible. :(

But we change the default value using GSettings  for make the screencast to much longe.

1. Type Alt + F2 ( you see this prompt )

<figure data-orig-height="381" data-orig-width="604"></figure>

2. Here we run this command

gsettings set max-screencast-length value

Where value will be the duration in seconds of own screencast, so if we want make screencast with a max length of 10 minutes, the value will be 600. then the command it would be

gsettings set max-screencast-length 600

<figure data-orig-height="358" data-orig-width="648"></figure>

It’s all !!!, with this the restriction is out, now you can make screencast too much longer :)

un abrazo


Como cambiar la duración del screencast en Gnome 3.16

En esta versión de Gnome 3.16 el valor por default del screencast es de 30 segundos, por lo que si queremos hacer un screencast de una mayor duración no será posible. :( una pena pero bue…

Vamos a cambiar los valores usando el GSettings de Gnome.

1. Presiona Alt + F2 ( Esto abrirá este prompt)

<figure data-orig-height="381" data-orig-width="604">image</figure>

2. Ahí vamos a escribir el siguiente comando

gsettings set max-screencast-length value

En donde value será el valor máximo de nuestra grabación en segundos, así que si por ejemplo quisieramos un screencast máximo de 10 minutos, el valor seria 600. Quedando de la siguiente manera

gsettings set max-screencast-length 600

<figure data-orig-height="358" data-orig-width="648">image</figure>

Y Listo !! ya con eso no tendrán la restricción en la duración de su screencast.

Es todo, un abrazo


March 28, 2015

Testing Design Suite on Asus X550ZE
I recently bought an ASUS X550ZE to replace the venerable Sony VAIO N250E laptop. The reason of choosing an AMD powered laptop is for long term support i.e. the use of Vulkan API in future AMD GPU driver. In summary, here is the ASUS X550ZE specification taken from ASUS website:
  • Processor
    AMD® APU A10-7400P /A8-7200P/FX-7600P Processor
  • Chipset
    AMD A76M FCH
  • Memory
    DDR3L 1600 MHz SDRAM, 8 GB
  • Display
    15.6" 16:9 /Full HD (1920x1080)
  • Graphic
    AMD Radeon® R5 M230 + Radeon® R7 M265 DX Dual Graphics with 2GB DDR3 VRAM Built-in A10-7400P
  • Storage
    2.5" 9.5mm SATA
    1TB 5400/7200 RPM
  • Optical Drive
    Super-Multi DVD
  • Card Reader
    2 -in-1 card reader ( SD/ SDHC/ MMC)
  • Camera
    VGA Web Camera
  • Networking
    Integrated 802.11 b/g/n
    Built-in Bluetooth™ V4.0 (Optional)
    10/100/1000/Gigabits Base T
  • Interface
    1 x COMBO audio jack
    1 x VGA port/Mini D-sub 15-pin for external monitor
    2 x USB 3.0 port(s)
    1 x RJ45 LAN Jack for LAN insert
    1 x HDMI

  • Audio
    Built-in Speakers And Microphone
  • Battery
    4Cells 44 Whrs
  • Power Adapter
    Output :
    19 V DC, 4.74 A, 90 W
    Input :
    100 -240 V AC, 50/60 Hz universal
Booting Fedora Design Suite 22 Beta TC5 went well except a bug on Radeon driver prompting to set "nomodeset" on boot configuration. Once at the desktop session, ithe following issues are:
  • Fn buttons from backlight to volume not functional
  • Touchpad not functional. Not sure if it is related on the xorg-x11-drv-libinput or xorg-x11-drv-synaptics and possible the laptop is new.
  • High power consumption. With only the generic graphical driver (llvmpipe), the battery longevity is only two hours without proper power management
  • Because of use of generic graphical driver , neither Cheese nor Video works without crashing. Attempting to use Wayland will cause fallback to login screen.

On the positive side:
  • Bluetooth is functional
  • Display is set at high setting i.e. Full HD (1920x1080)
  • Applications like Gimp, Inkscape takes advantage of the quad-core feature.
Despite the shortcoming due to driver issues, the laptop is still useful for work usage. Perhaps a kernel update will address the problem.

After removing "nomodeset" from boot parameter, the login screen displayed under Wayland. The default Gnome session crashed but the Gnome on Wayland runs smoothly aside some known issues.


server {
    listen          [::]:80 default_server ipv6only=off;
    rewrite ^/(.*)$$1 permanent;

另外值得注意的是,根据的说法,只要内核的net.ipv6.bindv6only设置为0,配置文件中的listen [::]:80会同时监听IPv4和IPv6地址。



Add Atomic host to Jenkins Slave
For past few days I am creating some docker images for simple tools (will publish soon) like pylint, unittest (py2.6 / py2.7) and wanted to run those images as container to project atomic because it's designed to do so. Project atomic is using ostree to manage bootable, immutable, versioned filesystem trees. 

To add it as Jenkins slave it require java to be installed but unfortunately it is not there by default and I didn't find any ostree repo for it (if you know please comment, I will update same). Now to resolve java dependency issue I took latest version of java binary (jdk-6u45-linux-x64.bin) from oracle and did below steps to install it on target slave.

1. In slave configuration I mentioned 'Remote Root Directory : /var/lib/jenkins' (make sure user which you are using for connecting it as slave have required permission for this directory)

2. When we connect a slave then Jenkins looks for java binary at below paths.
* /var/lib/jenkins/jdk/bin/java 

I used jenkins path (star one) to put java runtime binary file and extracted/copied runtime java files  using below command-

mv jre1.6.0_45/* jdk/ 
rm jre1.6.0_45/ -fr  

Now when you try to reconnect Atomic slave it will find required binary and start sftp client to copy required jar files and connect to the slave. Hope this will help to someone who is trying same and If you have some better solution for I really want to hear it.

March 27, 2015

All systems go
Service 'Ask Fedora' now has status: good: Everything seems to be working.
Today's WTF Moment: A Competing HEVC Licensing Pool

Had this happened next week, I'd have thought it was an April Fools' joke.

Out of nowhere, a new patent licensing group just announced it has formed a second, competing patent pool for HEVC that is independent of MPEG LA. And they apparently haven't decided what their pricing will be... maybe they'll have a fee structure ready in a few months.

Video on the Net (and let's be clear-- video's future is the Net) already suffers endless technology licensing problems. And the industry's solution is apparently even more licensing.

In case you've been living in a cave, Google has been trying to establish VP9 as a royalty- and strings-free alternative (new version release candidate just out this week!), and NetVC, our own next-next-generation royalty-free video codec, was just conditionally approved as an IETF working group on Tuesday and we'll be submitting our Daala codec as an input to the standardization process. The biggest practical question surrounding both efforts is 'how can you possibly keep up with the MPEG behemoth'?

Apparently all we have to do is stand back and let the dominant players commit suicide while they dance around Schroedinger's Cash Box.

Major service disruption
Service 'Ask Fedora' now has status: major: upgrade in progress
Copr statistics

Today I needed to generate some statistics of Copr. And they are quite interresting, so I decided to publish it:

  • avg. 230,804 files are served each day.
  • avg. 87 GB of data served per day.
  • avg. 5274 users download rpm package(s) from Copr every day.
  • 523 GB in yum repos right now (180GB on 2014-06-19, 100GB on 2014-03-10)
  • 2,945 projects
  • 1,995 active projects (with at least one build).
  • 148 projects shared by more then one member (likely team nightly repos).
  • 11,242 chroots (eg. el5, el6, fc21...).
  • 44,503 builds or src.rpm.
  • currently hosting 28,805 binary rpm packages (mind last successful build is preserved, build which are not latest are deleted fter 14 days).
  • 8982 - builds since 2015-01-01 (86 days)
  • 104 builds per day - however we are very limited by OpenStack performance and I asked several people to postpone their actions until new OpenStack instance is ready (Apr-2015). [EDIT: it is 104 tasks per day, which is then split to build according to associated chroots, so it is about 600-800 builds per day).

This is impressive to me. And I'm realy looking for next month. New Fedora OpenStack instance is ready and we are working on migration of our VM instances to this new OpenStack instance. Accumulated summary is 288 VCPUs and 686 GB RAM. It is not just for Copr, but Copr will use most of those resources. So we will be able to run more builders and encourage you to use Copr even more.

Jim Whitehurst CubeMadness 2015

Did you know that Jim Whitehurst the CEO of Redhat was part of CUBEmadness 2015, if you don’t know what I’m referring to, then check it out here –

He’s made it to the last 16, can you all take him further. #cubemadness #GetJimToFinalFour :)

March 26, 2015

WebRTC: DruCall in Google Summer of Code 2015?

I've offered to help mentor a Google Summer of Code student to work on DruCall. Here is a link to the project details.

The original DruCall was based on SIPml5 and released in 2013 as a proof-of-concept.

It was later adapted to use JSCommunicator as the webphone implementation. JSCommunicator itself was updated by another GSoC student, Juliana Louback, in 2014.

It would be great to take DruCall further in 2015, here are some of the possibilities that are achievable in GSoC:

  • Updating it for Drupal 8
  • Support for logged-in users (currently it just makes anonymous calls, like a phone box)
  • Support for relaying shopping cart or other session cookie details to the call center operative who accepts the call

Help needed: could you be a co-mentor?

My background is in real-time and server-side infrastructure and I'm providing all the WebRTC SIP infrastructure that the student may need. However, for the project to have the most impact, it would also be helpful to have some input from a second mentor who knows about UI design, the Drupal way of doing things and maybe some Drupal 8 experience. Please contact me ASAP if you would be keen to participate either as a mentor or as a student. The deadline for student applications is just hours away but there is still more time for potential co-mentors to join in.

WebRTC at mini-DebConf Lyon in April

The next mini-DebConf takes place in Lyon, France on April 11 and 12. On the Saturday morning, there will be a brief WebRTC demo and there will be other opportunities to demo or test it and ask questions throughout the day. If you are interested in trying to get WebRTC into your web site, with or without Drupal, please see the RTC Quick Start guide.

How create a Fedora account

Are you a fedora user and would like collaborate with the project ( translating, testing, tagging, more.. ) cool so the only thing that you need is a fedora account .

Let go !!!

First go to FAS page => FAS2

we see the form login

<figure data-orig-height="559" data-orig-width="880"></figure>

Just need complete with your data, resolve the mathematical operation and click in the “Sign Up” button, Later this you will receive a welcome message in your email account beside the generic password for login ( later you will need change this ) 

Now go to login

<figure data-orig-height="384" data-orig-width="726"></figure>

Don’t forget accept the CLA agreement and it’s all now you can use all Fedora tools

<figure data-orig-height="529" data-orig-width="621"></figure>

Finally you will receive this badge

<figure data-orig-height="256" data-orig-width="256"></figure>

Cool !!!

Un abrazo !!!


Workaround: Google-Kalender mit Evolution 3.16 abonnieren
Bitte beachtet auch die Anmerkungen zu den HowTos!

Evolution Version 3.16 wird allem Anschein nach wohl nicht in der Lage sein, Google-Kalender direkt aus Evolution heraus zu abonnieren.

Es gibt jedoch einen relativ einfachen Workaround, um auch mit Evolution 3.16 Google-Kalender zu abonnieren:

  1. Man besorgt sich die Kalender-IDs aller Kalender, die man abonnieren möchte, aus der Google-Kalender Weboberfläche, indem man dort die Einstellungen öffnet, in den Reiter “Kalender” wechselt und dort die Details der jeweiligen Kalender aufruft.
  2. In den Details findet man die Kalender-ID im Bereich “Kalenderadresse” neben den Buttons für XML, ICAL und HTML.
  3. Nun wechselt man in Evolution in das Kalender-Modul und legt einen neuen CalDAV-Kalender an.
  4. Als URL für den Kalender gibt man[Kalender-ID ]/events/ ein und als Benutzername den Google-Benutzernamen ohne Suffix

Die oben genannten Schritte 3 und 4 widerholt man für jeden Google-Kalender, den man mit Evoluton abonnieren möchte.

NetVC BoF and a roundup of things IETF

In case folks hadn't heard the good news from IETF92 in Dallas, hums from the NetVC BoF indicated consensus for forming a NetVC working group. It's now up to the IESG to formally approve or nack formation. Should the working group be formally approved, we'll obviously submit Daala as one of the inputs to the development and standardization process.

The articles above are a good summary if a bit overly Daala-centric. It's unlikely that the final codec will be 'Daala', much as the IETF work on Opus drew from our codec CELT, but also drew from other contributors, most notably the SILK codec from Skype. We hope and expect to see substantial input from other participants (such as Cisco and Google).

As a parting mention, any IETF followers or insiders who haven't yet seen ietfmemes are missing their recommended daily allowance of realtime insider process backchannel snark :-)

OpenStack keeps resetting my hostname

No matter what I changed, something kept setting the hostname on my vm to Even forcing the /etc/hostname file to be uneditable did not prevent this change. Hunting this down took far too long, and here is the result of my journey.

Old Approach

A few releases ago, I had a shell script for spinning up new virtual machines that dealt with dhclient resetting values by putting overrides into /etc/dhclient.conf.  Find this file was a moving target.  First it moved into


Then to a file inside


And so on.  The change I wanted to make was to do two things:

  1.  set the hostname explicitly and keep it that way
  2. Use my own dnsserver, not the dhcp managed one

Recently, I started working on a RHEL 7.1 system running on our local cloud.  No matter what I did, I could not fix the host name.  Here are some  of the things I tried:

  1. Setting the value in /etc/hostname
  2. running hostnamectl set-hostname
  3. Using nmcli to set the properties for the connections ipv4 configuration
  4. Explicitly Setting it in /etc/sysconfig/network-scripts/ifcfg-eth0
  5. Setting the value in /etc/hostname and making hostname immutable with chattr +i /etc/hostname

Finally, Dan Williams (dcbw) suggested I look in the journal to see what was going on with the host name.  I ran journalctl -b and did a grep for hostname.  Everything looked right until…

Mar 26 14:01:10 cloud-init[1914]: [CLOUDINIT][DEBUG]: Running module set_hostname (<module 'cloudinit.config.cc_set_hostname' from '/usr/lib/python2.7/site-packages/cloudinit...


But…I thought that was only supposed to be run when the VM was first created? So, regardless of the intention, it was no longer helping me.

yum erase cloud-init

And now the hostname that I set in /etc/hostname survives a reboot. I’ll post more when I figure out why cloud-init is still running after initialization.

No tienes cuenta en Fedora ? Entra aquí

Si eres un usuario de Fedora y te gustaría cooperar en la comunidad lo puedes de hacer de muchas maneras ( traduciendo, probando paquetes, etc) 

Solo necesitas tu cuenta FAS, así que aquí veremos como crearla :)

* Debemos ir a la web de FAS de fedora => FAS2

Una vez ahí veremos el formulario de logeo

<figure data-orig-height="559" data-orig-width="880">image</figure>

Solo tienen que llenarlo con sus datos, resolver la operación matemática  y darle click al boton “Sign Up”, luego de esto les llegará un mensaje de bienvenida a su correo y el password genérico el cual les servirá para ingresar por primera vez ( luego tienen que cambiarlo ).

Ahora lo siguiente será ingresar por primera vez al sistema

<figure data-orig-height="384" data-orig-width="726">image</figure>

No olviden de aceptar la cláusula CLA y listo, básicamente eso es todo, ahora ya podrán usar todas las herramientas que nos ofrece Fedora

<figure data-orig-height="529" data-orig-width="621">image</figure>

Finalizando, ya como regalo tendrán este nuevo badge :)

<figure data-orig-height="256" data-orig-width="256">image</figure>

Genial, no ?

Un abrazo !!!


Daala Blog-Like Update: Bug or feature? [or, the law of Unintentionally Intentional Behaviors]

Codec development is often an exercise in tracking down examples of "that's funny... why is it doing that?" The usual hope is that unexpected behaviors spring from a simple bug, and finding bugs is like finding free performance. Fix the bug, and things usually work better.

Often, though, hunting down the 'bug' is a frustrating exercise in finding that the code is not misbehaving at all; it's functioning exactly as designed. Then the question becomes a thornier issue of determining if the design is broken, and if so, how to fix it. If it's fixable. And the fix is worth it.

[continue reading at Xiph.Org....]

pghmcfc pushed to perl-Text-Hunspell (perl-Text-Hunspell-2.10-1.fc22). "Update to 2.10 (..more)"
pghmcfc pushed to perl-Text-Hunspell (perl-Text-Hunspell-2.10-1.fc23). "Update to 2.10 (..more)"
pghmcfc pushed to perl-Text-Hunspell (perl-Text-Hunspell-2.10-1.fc23). "Update to 2.10 (..more)"
pghmcfc pushed to perl-Text-Hunspell (perl-Text-Hunspell-2.10-1.fc22). "Update to 2.10 (..more)"
For discussion: Orphaned package in Fedora

The Fedora Security Team (FST) has uncovered an interesting problem.  Many packages in Fedora aren’t being actively maintained meaning they are unofficially orphaned.  This is likely not a problem since at least some of these packages will happily sit there and be well behaved.  The ones we worry about are the ones that pick up CVEs along the way, warning of unscrupulous behaviour.

The FST has been plugging away at trying to help maintainers update their packages when security flaws are known to exist.  So far we’ve almost hit the 250 bug level.  Unfortunately we forced a policy that still isn’t perfect.  What do you do with a package that is no longer is supported and has a known vulnerability in it?  Unless you can recruit someone to adopt the package the only responsible choice you have is to retire the package and remove it from the repositories.

This, of course, leads to other problems, specifically that someone has that package installed and they know not that the package is no longer supported nor do they know it contains a security vulnerability.  This morning, during the FST meeting, we discussed the problem a bit and I had an idea that I’ll share here in hopes of starting a discussion.

The Idea

Create a file containing all the packages that have been retired from a repository and perhaps a short reason for why this package has been retired.  Then have yum/dnf consume this information regularly and notify the user/admin when a package that is installed is added to this list.  This allows the system admin to become aware of the unsupported nature of the package and allows them to make a decision as to whether or not to keep the package on the system.

Okay, discuss…

gtk3 vclplug, some more gesture support

Now gtk3 long-press support to go with swipe

With the demo that a long-press in presentation mode will bring up the context menu for switching between using the pointer for draw-on-slide vs normal slide navigation.
Planet Fedora

Feed test, please ignore.

mingw-bundledlls – Automatically bundle DLLs for Windows deployment

Download the script –

I recently had to build an application with mingw32 on Fedora 21 and then prepare the binaries for usage on Windows without any external dependencies.

In the past I used to look at the list of dependencies using depends32.exe or similar tools on Windows and then copy all the DLLs manually. Needless to say that is very repetitive work and gets annoying quickly. Googling for existing solutions did not yield any useful results so I decided to solve this myself.

The solution I came up with is a small Python 3 script that uses objdump  to recursively gather all dependencies of an executable file (WinPE EXE) or a dynamic loaded library (DLL). I published the script on GitHub –

The script can be run from Linux and only depends on python3 and objdump from binutils. It is very convenient to just run:

mingw32-configure && make && mingw-bundle-dlls --copy $EXE

After this invocation all the necessary DLLs will be right next to the EXE so you can just pack it all up and upload the release.

Practical example

I will show how I build SCAP Workbench for Windows from scratch on Fedora 21.

git clone
cd scap-workbench
mkdir build
cd build
mingw32-cmake ../
make -j 4

After the previous command finishes build/scap-workbench contains all the necessary resources including scap-workbench.exe. You however cannot run it on Windows without getting an error message about missing DLLs. Let us now run the script to solve that :-)

$ mingw-bundledlls ./scap-workbench/scap-workbench.exe

Found the following dependencies:


After confirming that the script did not find anything crazy we can proceed to copy the dependencies next to the exe. Use –copy as an option to accomplish that.

$ mingw-bundledlls --copy ./scap-workbench/scap-workbench.exe

Copying enabled, will now copy all dependencies next to the exe_file.

Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libidn-11.dll' to './scap-workbench/libidn-11.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libssh2-1.dll' to './scap-workbench/libssh2-1.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libwinpthread-1.dll' to './scap-workbench/libwinpthread-1.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libxml2-2.dll' to './scap-workbench/libxml2-2.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/QtNetwork4.dll' to './scap-workbench/QtNetwork4.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libstdc++-6.dll' to './scap-workbench/libstdc++-6.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/zlib1.dll' to './scap-workbench/zlib1.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libopenscap-8.dll' to './scap-workbench/libopenscap-8.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libpcre-1.dll' to './scap-workbench/libpcre-1.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libgcc_s_sjlj-1.dll' to './scap-workbench/libgcc_s_sjlj-1.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/QtXmlPatterns4.dll' to './scap-workbench/QtXmlPatterns4.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libexslt-0.dll' to './scap-workbench/libexslt-0.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libcurl-4.dll' to './scap-workbench/libcurl-4.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libpng16-16.dll' to './scap-workbench/libpng16-16.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/QtCore4.dll' to './scap-workbench/QtCore4.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libssl-10.dll' to './scap-workbench/libssl-10.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libxslt-1.dll' to './scap-workbench/libxslt-1.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libcrypto-10.dll' to './scap-workbench/libcrypto-10.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/QtGui4.dll' to './scap-workbench/QtGui4.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/iconv.dll' to './scap-workbench/iconv.dll'
Copying '/usr/i686-w64-mingw32/sys-root/mingw/bin/libintl-8.dll' to './scap-workbench/libintl-8.dll'

The script also runs upx on all the binaries if –upx is supplied. That is useful for minimizing installed size of your application.

At this point I just zip build/scap-workbench and test it on Windows.

Runtime loaded DLLs

The script will not find any runtime loaded dependencies. Doing that would be possible by looking for LoadLibrary, LoadLibraryEx, … calls but probably not worth it. Bundling runtime loaded DLLs is a potential nightmare depending on whether relative or absolute paths are used when calling LoadLibrary. Inevitably the script would have to alter the EXE itself or any of the DLLs that is calling LoadLibrary.

Since I did not need this I decided to ignore this issue :-)

Hunting down a fd closing bug in Samba

In Samba I had a failing test suite. I have nss_wrapper compiled with debug messages turned on, so it showed me the following line:

NWRAP_ERROR(23052) - nwrap_he_parse_line: 3 Invalid line[TDB]: 'DB'

The file should parse a hosts file like /etc/hosts, but the debug line showed that it tried to parse a TDB (Trivial Database) file, Samba database backend. I’ve started to investigate it and wondered what was going on. This morning I called Michael Adam and we looked into the issue together. It was obvious that something closed the file descriptor for the hosts file of nss_wrapper and it was by Samba to open other files. The big question was, what the heck closes the fd. As socket_wrapper was loaded and it wraps the open() and close() call we started to add debug to the socket_wrapper code.

So first we added debug statements to the open() and close() calls to see when the fd was opened and closed. After that we wanted to see a stacktrace at the close() call to see what is the code path were it happens. Here is the code how to do this:

commit 6c632a4419b6712f975db390145419b008442865
Author:     Andreas Schneider <asn>
AuthorDate: Thu Mar 26 11:07:38 2015 +0100
Commit:     Andreas Schneider <asn>
CommitDate: Thu Mar 26 11:07:59 2015 +0100

    DEBUG stacktrace
 src/socket_wrapper.c | 37 +++++++++++++++++++++++++++++++++----
 1 file changed, 33 insertions(+), 4 deletions(-)

diff --git a/src/socket_wrapper.c b/src/socket_wrapper.c
index 1188c4e..cb73cf2 100644
--- a/src/socket_wrapper.c
+++ b/src/socket_wrapper.c
@@ -80,6 +80,8 @@
 #include <rpc/rpc.h>
+#include <execinfo.h>
 enum swrap_dbglvl_e {
@@ -303,8 +305,8 @@ static void swrap_log(enum swrap_dbglvl_e dbglvl,
 		switch (dbglvl) {
-					"SWRAP_ERROR(%d) - %s: %s\n",
-					(int)getpid(), func, buffer);
+					"SWRAP_ERROR(ppid=%d,pid=%d) - %s: %s\n",
+					(int)getppid(), (int)getpid(), func, buffer);
 			case SWRAP_LOG_WARN:
@@ -565,10 +567,35 @@ static int libc_bind(int sockfd,
 	return swrap.fns.libc_bind(sockfd, addr, addrlen);
 static int libc_close(int fd)
 	swrap_load_lib_function(SWRAP_LIBC, close);
+	if (fd == 21) {
+		void *backtrace_stack[BACKTRACE_STACK_SIZE];
+		size_t backtrace_size;
+		char **backtrace_strings;
+		SWRAP_LOG(SWRAP_LOG_ERROR, "fd=%d", fd);
+		backtrace_size = backtrace(backtrace_stack,BACKTRACE_STACK_SIZE);
+		backtrace_strings = backtrace_symbols(backtrace_stack, backtrace_size);
+			  "BACKTRACE %lu stackframes",
+			  (unsigned long)backtrace_size);
+		if (backtrace_strings) {
+			size_t i;
+			for (i = 0; i < backtrace_size; i++) {
+					" #%lu %s", i, backtrace_strings[i]);
+			}
+		}
+	}
 	return swrap.fns.libc_close(fd);
@@ -704,6 +731,8 @@ static int libc_vopen(const char *pathname, int flags, va_list ap)
 	fd = swrap.fns.libc_open(pathname, flags, (mode_t)mode);
+	SWRAP_LOG(SWRAP_LOG_ERROR, "path=%s, fd=%d", pathname, fd);
 	return fd;

We found out that the code responsible for this created a pipe() to communitcate with the child and then forked. The child called close() on the second pipe file descriptor. So when another fork happend in the child, the close() on the pipe file descriptor was called again and we closed a fd of the process to a tdb, connection or something like that. So initializing the pipe fd array with -1 and only calling close() if we have a file description which is not -1, fixed the problem.

If you need a better stacktrace you should use libunwind. However socket_wrapper can be a nice little helper to find bugs with file descriptors ;)

BUG: Samba standard process model closes random files when forking more than once

flattr this!

Creating a bridge for virtual machines using systemd-networkd

There are plenty of guides out there for making ethernet bridges in Linux to support virtual machines using built-in network scripts or NetworkManager. I decided to try my hand with creating a bridge using only systemd-networkd and it was surprisingly easy.

First off, you’ll need a version of systemd with networkd support. Fedora 20 and 21 will work just fine. RHEL/CentOS 7 and Arch Linux should also work. Much of the networkd support has been in systemd for quite a while, but if you’re looking for fancier network settings, like bonding, you’ll want at least systemd 216.

Getting our daemons in order

Before we get started, ensure that systemd-networkd will run on a reboot and NetworkManager is disabled. We also need to make a config file director for systemd-networkd if it doesn’t exist already. In addition, let’s enable the caching resolver and make a symlink to systemd’s resolv.conf:

systemctl enable systemd-networkd
systemctl disable NetworkManager
systemctl enable systemd-resolved
ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
mkdir /etc/systemd/network

Configure the physical network adapter

In my case, the network adapter connected to my external network is enp4s0 but yours will vary. Run ip addr to get a list of your network cards. Let’s create /etc/systemd/network/ and put the following in it:


I’m telling systemd to look for a device called enp4s0 and then add it to a bridge called br0 that we haven’t configured yet. Be sure to change enp4s0 to match your ethernet card.

Make the bridge

We need to tell systemd about our new bridge network device and we also need to specify the IP configuration for it. We start by creating /etc/systemd/network/br0.netdev to specify the device:


This file is fairly self-explanatory. We’re telling systemd that we want a device called br0 that functions as an ethernet bridge. Now create /etc/systemd/network/ to specify the IP configuration for the br0 interface:


This file tells systemd that we want to apply a simple static network configuration to br0 with a single IPv4 address. If you want to add additional DNS servers or IPv4/IPv6 addresses, just add more DNS= and Address lines right below the ones you see above. Yes, it’s just that easy.

Let’s do this

Some folks are brave enough to stop NetworkManager and start all of the systemd services here but I prefer to reboot so that everything comes up cleanly. That will also allow you to verify that future reboots will cause the server to come back online with the right configuration. After the reboot, run networkctl and you’ll get something like this (with color):

networkctl screenshot

Here’s what’s in the screenshot:

IDX LINK             TYPE               OPERATIONAL SETUP     
  1 lo               loopback           carrier     unmanaged 
  2 enp2s0           ether              off         unmanaged 
  3 enp3s0           ether              off         unmanaged 
  4 enp4s0           ether              degraded    configured
  5 enp5s0           ether              off         unmanaged 
  6 br0              ether              routable    configured
  7 virbr0           ether              no-carrier  unmanaged 
7 links listed.

My ethernet card has four ports and only enp4s0 is in use. It has a degraded status because there is no IP address assigned to enp4s0. You can ignore that for now but it would be nice to see this made more clear in a future systemd release.

Look at br0 and you’ll notice that it’s configured and routable. That’s the best status you can get for an interface. You’ll also see that my other ethernet devices are in the unmanaged state. I could easily add more .network files to /etc/systemd/network to configure those interfaces later.

Further reading

As usual, the Arch Linux wiki page on systemd-networkd is a phenomenal resource. There’s a detailed overview of all of the available systemd-networkd configuration file options over at systemd’s documentation site.

The post Creating a bridge for virtual machines using systemd-networkd appeared first on

gtk3 vclplug, basic gesture support
gtk3's gesture support is the functionality I'm actually interested in, so now that presentations work in full-screen mode, I've added basic GtkGestureSwipe support to LibreOffice (for gtk3 >= 3.14) and hooked it up the slideshow, so now swiping towards the left advances to the next slide, to the right for the the previous slide.
My activities at FOSSASIA 2015
This blog in continuation to my earlier blog on "FOSSASIA 2015 Highlights noticed by me"

Group Photo

Talk on Glibc Unicode 7 update:

        Glibc is an important component of operating systems. Recently we upgraded Glibc Unicode support from 5.1 to 7.0. This was major update after 4-5 years. It usually remains unnoticed, i wanted to highlight. Even though i work for redhat still it took around 7-8 month to get patch finally in glibc upstream. Around 25-30 audience was there in talk and it was well taken. Slides for my talks are available at slideshare.


        We kept Fedora DVD's and stickers At Red Hat booth. Was at booth 2-3pm first day and distributed dvd's to attendees. Also got a chance to meet Harish, Izhar, Prima Yogi, Aditya patawari, and Kushal. I proposed Fedora badge for people attending fossasia and asked participant to add name in piratepad.  Unfortunately it got rejected due to not planned in advance :(

        Fedora Breakout session. This was planned by Praveen Kumar, we gathered there, not many attendees were there but we got a chance to interact with "Hamara Linux" representative Aarti Dwivedi and Samyak Datta,LifeNectar explained them regarding Fedora, Fedora.Next and also on widely used Fedora remixes.

FUDCon APAC 2015:

        Being one of the member of organizing committee thought its good time to discuss on FUDCon APAC 2015 with people mostly participate remotely. We planned BoF, decided to do it in lunch time since most of the time people were busy doing other stuff. Updated group on number of papers received, planning happened till date, BarCamp style track, lightening talks.
<script async="" charset="utf-8" src=""></script>

Represented Red Hat Globalization team:

        Working in this domain almost 8+years and worked on almost all complex scripts including Indic, Arabic.  APAC is more characterized by non-english speaking countries and fossasia was the perfect place to interact with users for globalization needs. Interacted with couple of people for what languages they used on Fedora.
<script async="" charset="utf-8" src=""></script>

I attended almost all talks in OpenTech track and provided feedback to speakers. Had a good time interacting with most of the attendees over the lunch, socializing events. We had a nice hangout of brewerkz with Anish, Kushal, Praveen Kumar, Lennart Poettering and Rémi Denis-Courmont. 

Thank you fossasia organizers Hong Phuc Dang, Mario Behling, Harish Pillay, Roland Turner, Justin Lee and Darwin Gosal looking forward to attend next year as well. :)

March 25, 2015

Python for remote reconfiguration of server firmware
One project I've worked on at Nebula is a Python module for remote configuration of server hardware. You can find it here, but there's a few caveats:
  1. It's not hugely well tested on a wide range of hardware
  2. The interface is not yet guaranteed to be stable
  3. You'll also need this module if you want to deal with IBM (well, Lenovo now) servers
  4. The IBM support is based on reverse engineering rather than documentation, so who really knows how good it is

There's documentation in the README, and I'm sorry for the API being kind of awful (it suffers rather heavily from me writing Python while knowing basically no Python). Still, it ought to work. I'm interested in hearing from anybody with problems, anybody who's interested in getting it on Pypi and anybody who's willing to add support for new HP systems.

comment count unavailable comments
Winner Wallpaper for Fedora 22

The 5 days the Fedora contributors had to choose there favorites amongst the submissions for Fedora 22 Supplemental Wallpaper are over and here is the result:

Congratulation to all winners, and for the not chosen one, there will be definitely a Fedora 23 contest. Where your picture ended up and also some statistics you can find at nuancier.

Fedora conferences this summer, writing release notes, brainstorming a better onramp, and a GSOC reminder

Fedora is a big project, and it’s hard to keep up with everything. This series highlights interesting happenings in five different areas every week. It isn’t comprehensive news coverage — just quick summaries with links to each. Here are the five things for March 25th, 2015:

Join us at Flock (and book your hotel now)

Every year, we have a big planning and developers’ conference, Flock. It alternates between Europe and North America, and this time around will be at the Rochester Institute of Technology in Rochester, New York, from August 12th to 15th. Flock organizers just announced that hotel reservations are open, as are talk submission. If you’re an active contributor or are interested in becoming one, start planning your trip now!

Or, come to FUDCon in Pune, India

In addition to Flock, we also hold annual gatherings in the Asia/Pacific (APAC) and Latin America (LATAM) regions. These are FUDCons — Fedora User and Developer Conferences. This year’s APAC FUDCon will be held in Pune, India from June 26th to 28th.

Talk submissions for this conference are closed and the selection committee working on choosing the best from over 140 submissions. There will also be a BarCamp-style track, where sessions will be chosen by attendees at the conference.

A limited amount of money is available for travel subsidies. See the FUDCon planning wiki for details.

Help with the F22 release notes

Fedora 22 is almost at the beta stage, with the final release slated for May. That means it’s time to start writing the release notes, and Fedora Documentation Project Lead Pete Travis put out a call for volunteers on the Fedora Join List. As Pete notes, this is a great, low-barrier way to get involved in Fedora — you don’t need a lot of prior knowledge, just a little bit of interest in some piece of software we include.

A more friendly ‘net presence for Fedora

This morning, Máirín Duffy led a brainstorming session on the topic of enabling new contributors, with the eventual goal of developing a modern Web interface to all aspects of the project for contributors, both new and already deeply involved. Mo wrote a great summary blog post afterward, and I highly recommend reading it if you’re interested in bringing more contributors to Fedora — or just improving your own workflows and interactions.

Google Summer of Code

And finally, a reminder that Fedora is participating in the Google Summer of Code. The application deadline is March 27 at 19:00 UTC; please check out Fedora’s GSOC 2015 page if you’re interested in being involved.

Summary of Enabling New Contributors Brainstorm Session

Photo of Video Chat

So today we had a pretty successful brainstorm about enabling new contributors in Fedora! Thank you to everyone who responded my call for volunteers yesterday – we were at max capacity within an hour or two of the post! :) It just goes to show this is a topic a lot of folks are passionate about!

Here is a quick run-down of how it went down:

Video Conference Dance

We tried to use OpenTokRTC but had some technical issues (we were hitting an upper limit and people were getting booted, and some folks could see/hear some but not others. So we moved onto the backup plan – BlueJeans – and that worked decently.

Roleplay Exercise: Pretend You’re A Newbie!

Watch this part of the session starting here!

For about the first 30 minutes, we brainstormed using a technique called Understanding Chain to roleplay as if we were new contributors trying to get started in Fedora and noting all of the issues we would run into. We started thinking about how would we even begin to contribute, and then we started thinking about what barriers we might run up against as we continued on. Each idea / thought / concept got its own “sticky note” (thanks to Ryan Lerch for grabbing some paper and making some large scale stickies,) I would write the note out, Ryan would tack it up, and Stephen would transcribe it into the meeting piratepad.

Photo of the whiteboard with all of the sticky notes taped to it.

Walkthrough of the Design Hubs Concept Thus Far

Watch this part of the session starting here!

Next, I walked everyone through the design hubs concept and full set of mockups. You can read up more on the idea at the original blog post explaining the idea from last year. (Or poke through the mockups on your own.)

Screenshot of video chat: Mo explaining the Design Hubs Concept

Comparing Newbie Issues to Fedora Hubs Offering

Watch this part of the session starting here!

We spent the remainder of our time wakling through the list of newbie issues we’d generated during the first exercise and comparing them to the Fedora Hubs concept. For each issue, we asked these sorts of questions:

  • Is this issue addressed by the Fedora Hubs design? How?
  • Are there enhancements / new features / modifications we could make to the Fedora Hubs design to better address this issue?
  • Does Fedora Hubs relate to this issue at all?

We came up with so many awesome ideas during this part of the discussion. We had ideas inline with the issues that we’d come up with during the first exercise, and we also had random ideas come up that we put in their own little section on the piratepad (the “Idea Parking Lot.”)

Here’s a little sampling of ideas we had:

  • Fedorans with the most cookies are widely helpful figures within Fedora, so maybe their profiles in hubs could be marked with some special thing (a “cookie monster” emblem???) so that new users can find folks with a track record of being helpful more easily. (A problem we’d discussed was new contributors having a hard time tracking down folks to help them.)
  • User hub profiles can serve as the centralized, canonical user profile for them across Fedora. No more outdated info on wiki user pages. No more having to log into FAS to look up information on someone. (A problem we’d discussed was multiple sources for the same info and sometimes irrelvant / outdated information.)
  • The web IRC client we could build into hubs could have a neat affordance of letting you map an IRC nick to a real life name / email address with a hover tool tip thingy. (A problem we’d discussed was difficulty in finding people / meeting people.)
  • Posts to a particular hub on Fedora hubs are really just content aggregated from many different data sources / feeds. If a piece of data goes by that proves to be particularly helpful, the hub admins can “pin” it to a special “Resources” area attached to the hub. So if there’s great tutorials or howtos or general information that is good for group members to know, they can access it on the team resource page. (A problem we’d discussed was bootstrapping newbies and giving them helpful and curated content to get started.)
  • Static information posted to the hub (e.g. basic team metadata, etc.) could have a set “best by” date and some kind of automation could email the hub admins every so often (every 6 months?) and ask them to re-read the info and verify if it’s still good or update it if not. (The problem we’d discussed here was out-of-date wiki pages.)
  • Having a brief ‘intake questionnaire’ for folks creating a new FAS account to get an idea of their interests and to be able to suggest / recommend hubs they might want to follow. (Problem-to-solve: a lot of new contributors join ambassadors and aren’t aware of what other teams exist that could be a good place for them.)

There’s a lot more – you can read through the full piratepad log to see everything we came up with.

Screenshot of video chat discussion

Next Steps

Watch this part of the session starting here!

Here’s the next steps we talked about at the end of the meeting. If you have ideas for others or would like to claim some of these items to work on, please let me know in the comments!

  1. We’re going to have an in-person meetup / hackfest in early June in the Red Hat Westford office. (mizmo will plan agenda, could use help)
  2. We need a prioritized requirements list of all of the features. (mizmo will work on this, but could use help if anybody is interested!)
  3. The Fedora apps team will go through the prioritized requirements list when it’s ready and give items an implementation difficult rating.
  4. We should do some resarch on the OpenSuSE Connect system and how it works, and Elgg, the system they are using for the site. (needs a volunteer!)
  5. We should take a look at the profile design updates to StackExchange and see if there’s any lessons to be learned there for hubs. (mizmo will do this but would love other opinions on it.)
  6. We talked about potentially doing another video chat like this in late April or early May, before the hackfest in June.
  7. MOAR mockups! (mizmo will do, but would love help :))

How to Get Involved / Resources

So we have a few todos listed above that could use a volunteer or that I could use help with. Here’s the places to hang out / the things to read to learn more about this project and to get involved:

Please let us know what you think in the comments! :)

LibreOffice online announced by Collabora

Collabora just announced that they are working on LibreOffice online, an online document editing application that will provide an Open Source alternative to Google Docs and Office 365. Collabora — a leading contributor to the LibreOffice upstream — is teaming up with collaboration software provider IceWarp to work on this much needed addition to the LibreOffice suite.

The work that Collabora and IceWarp intend to complete will build on the online rendering engine that the LibreOffice community started development on in 2011, and the two companies intend to collaborate closely with the upstream LibreOffice project:

IceWarp and Collabora will work alongside over a thousand existing LibreOffice contributors to implement the whole online editing portion of the software, including the server-side provided by LibreOffice, and the client front-end based on HTML5 technology. The result will be a fully mature server solution, which any other provider, individual or project in the community can utilize for their applications and services

It seems it is early days for this promising project, but you can view this sneak peak of LibreOffice Online in action in this short screencast:

<iframe allowfullscreen="allowfullscreen" frameborder="0" height="380" src="" width="676"></iframe>

For full details on the announcement, check out the press release from Collabora.

Fedora 22: Lazarus derzeit nicht benutzbar

Wer selber Software mit Hilfe der Entwicklungsumgebung Lazarus entwickelt, sollte einstweilen von einem Upgrade auf Fedora 22 absehen, da Lazarus und auch damit compilierte Anwendungen derzeit unter Fedora 22 nicht benutzbar sind (Bugreport).


Troubleshooting Keystone in a New Install

Recently heard complaints:

I’ve done a deployment , and every time I try to log in to the dashboard, I get “An error occurred authenticating. Please try again later.” Somewhat surprisingly, the only log that I’m noticing showing anything of note is the Apache error log, which reports ‘Login failed for user “admin”‘. I’ve bumped keystone — where I’d assume the error is happening — to DEBUG, but it’s showing exactly zero activity. How do I go about debugging this?’

Trying to enable LDAP with OpenStack/keystone in Juno release. All the horizon users return error “You are not authorized for any projects.” Similarly, all the OpenStack services are reported not to be authorized.’
What is supposed to happen:

  1. You Login to Horizon using admin and the correct password
  2. Horizon passes that to Keystone in a token request
  3. Keystone uses that information to create a token. If the user has a default project set, the token is scoped to the default proejct
  4. token is returned to Horizon

Let’s take a deeper look at step 3.
In order to perform an operation on a resource in a project, a user needs to be assigned a role in a project. So the failure could happen at a couple steps.

  1. The user does not exist in the identity backend
  2. The user has the wrong password
  3. The user has no role assignments
  4. The user has a default project assigned, but does not have a role assignment for that project

The Keystone configuration file

Most deployments run with Keystone reading its configuration values from /etc/keystone/keystone.conf. It is an ini file, with section headers.
In Juno and Icehouse, the storage is split into two pieces: Identity and Assignment. Identity holds users and groups. Assignment holds roles, role assignments, projects and domains. Let’s start with the simplest scenario.
Identity in SQL, Assignments in SQL:
This is what you get from devstack if you make no customizations. To confirm that you are running this way, look in your Keystone.conf file for the sections that starts with
and look for the value driver. In a Devstack deployment that I just ran, I have

driver = keystone.identity.backends.sql.Identity

Which confirms I am running witht he SQL driver for identity, and

driver = keystone.assignment.backends.sql.Assignment

Which confirms I am running with the SQL driver for Assignment
First steps
For Devstack, I get my environment variables set using

. openrc
and this will set:

To change to the admin user:

$ export OS_USERNAME=admin
$ export OS_PASSWORD=FreeIPA4All

While we are trying to get people to move to the common CLI, older deployments may only have the keystone CLI to work with. I’m going to start with that.

$ keystone --debug token-get
DEBUG:keystoneclient.auth.identity.v2:Making authentication request to
INFO:requests.packages.urllib3.connectionpool:Starting new HTTP connection (1):
DEBUG:requests.packages.urllib3.connectionpool:"POST /v2.0/tokens HTTP/1.1" 200 3783
| Property | Value |
| expires | 2015-03-25T16:03:25Z |
| id | ec7c2d1f07c5414499c3cbaf7c59d4be |
| tenant_id | 69ff732083a64a1a8e34fc4d2ea178dd |
| user_id | 042b50edf70f484dab1f14e893a73ea8 |

OK, what happens when I do keystone token-get? The CLI uses the information I provide to try and get a token;

$ echo $OS_AUTH_URL

OK…It is going to go to a V2 specific URL. And, to confirm:



We are using Version 2.0
The username, password and tenant used are


Let’s assume that running keystone token-get fails for you. Let’s try to isolate the issue to the role assignments by getting an unscoped token:


That should return a blank line. Now:

$ keystone token-get
| Property | Value |
| expires | 2015-03-25T16:14:28Z |
| id | 2a3ce489422342f2b6616016cb43ebc2 |
| user_id | 042b50edf70f484dab1f14e893a73ea8 |

If this fails, it could be one of a few things:

  1. User does not exist
  2. Password is wrong
  3. User has a default tenant that is invalid

How can we check:

Using Admin Token

Bootstrapping the Keystone install requires putting users in the database before there are any users defined. Most installers take advantage of an alternate mechanism called the ADMIN_TOKEN or SERVICE_TOKEN. To see the value for this, look in keystone.conf section:
for a value like this:
#admin_token = ADMIN
Note that devstack follows the best practice of disabling the admin token by commenting it out. This password is very powerful and should be disabled in common usage, but is very powerful for fixing broken systems. To enable it, uncomment the value, and restart Keystone.

Using the Common CLI

The keystone command line has been deprecated with an eye toward using the openstack client. Since you might be deploying an old version of Openstack that has different library dependencies, you might not be able to install the latest version on your server, but you can (and should) run an updated version on your workstation which will then be capable of talking to older versions of keystone.
To perform operations using the common cli you need to pass the endpoint and admin_token as command line parameters.

The os-url needs to be the publicly routed URL to the admin interface. The firewall port for that URL needs to be Open.

$ openstack --os-token ADMIN --os-url user list
| ID | Name |
| 042b50edf70f484dab1f14e893a73ea8 | admin |
| eb0d4dc081f442dd85573740cfbecfae | demo |
$ openstack --os-token ADMIN --os-url role list
| ID | Name |
| 1f069342be2348ed894ea686706446f2 | admin |
| 2bf27e756ff34024a5a9bae269410f44 | service |
| dc4e9608b6e64ee1a918030f23397ae1 | Member |
$ openstack --os-token ADMIN --os-url project list
| ID | Name |
| 69ff732083a64a1a8e34fc4d2ea178dd | demo |
| 7030f12f6cb4443cbab8f0d040ff023b | admin |

Now, to check to see if the admin user has a role on the admin project:

$ openstack --os-token ADMIN --os-url user role list --project admin admin

| ID | Name | Project | User |
| 1f069342be2348ed894ea686706446f2 | admin | admin | admin |

If this returns nothing, you probably have found the root of your problem. Add the assignment with
$ openstack --os-token ADMIN --os-url role add --project admin --user admin admin
| Field | Value |
| id | 1f069342be2348ed894ea686706446f2 |
| name | admin |
PHP 7.0 as Software Collection

RPM of upcoming major version of PHP 7.0, are available in remi repository for Fedora 20, 21, 22 and Enterprise Linux 6, 7 (RHEL, CentOS, ...) in a fresh new Software Collection (php70) allowing its installation beside the system version.

As I strongly believe in SCL potential to provide a simple way to allow installation of various versions simultaneously, and as I think it is useful to offer this feature to allow developers to test their applications, to allow sysadmin to prepare a migration or simply to use this version for some specific application, I decide to create this new SCL.

Installation :

yum --enablerepo=remi,remi-test install php70

emblem-important-2-24.pngTo be noticed:

  • the SCL is independant from the system, and doesn't alter it
  • this SCL is available in remi-test repository
  • installation is under the /opt/remi tree
  • the Apache module, php70-php, is available, but of course, only one mod_php can be used (so you have to disable or uninstall any other, the one provided by the default "php" package still have priority)
  • the FPM service (php70-php-fpm) is available, it listens on default port 9000, so you have to change the configuration if you want to use various FPM services simultaneously.
  • the php70 command give a simple access to this new version, however the scl command is still the recommended way (or the module command).
  • for now, the collection provides 7.0.0-dev, but alpha/beta version should be released soon
  • more PECL extensions will be progressively also available
  • only x86_64, no plan for other arch.

emblem-notice-24.pngAlso read other entries about SCL.

$ scl enable php70 'php -v'
PHP 7.0.0-dev (cli) (built: Mar 25 2015 14:40:01) 
Copyright (c) 1997-2015 The PHP Group
Zend Engine v3.0.0-dev, Copyright (c) 1998-2015 Zend Technologies
    with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2015, by Zend Technologies

As always, your feedback is welcome, a SCL dedicated forum is open.

Edit UEFI varstores

See end of post for an important update

UEFI firmware has a concept of persistent variables. They are used to control the boot order amongst other things. They are stored in non-volatile RAM on the system board, or for virtual machines in a host file.

When a UEFI machine is running you can edit these variables using various tools, such as Peter Jones’s efivar library, or the efibootmgr program.

These programs don’t actually edit the varstore directly. They access the kernel /sys/firmware/efi interface, but even the kernel doesn’t edit the varstore. It just redirects to the UEFI runtime “Variable Services”, so what is really running is UEFI code (possibly proprietary, but more usually from the open source TianoCore project).

So how can you edit varstores offline? The NVRAM file format is peculiar to say the least, and the only real specification is the code that writes it from Tianocore. So somehow you must reuse that code. To make it more complicated, the varstore NVRAM format is tied to the specific firmware that uses it, so varstores used on aarch64 aren’t compatible with those on x86-64, nor are SecureBoot varstores compatible with normal ones.

virt-efivars is an attempt to do that. It’s rather “meta”. You write a small editor program (an example is included), and virt-efivars compiles it into a tiny appliance. You then boot the appliance using qemu + UEFI firmware + varstore combination, the editor program runs and edits the varstore, using the UEFI code.

It works .. at least on aarch64 which is the only convenient machine I have that has virtualized UEFI.

Git repo:;a=summary


After studying this problem some more, Laszlo Ersek came up with a different and better plan:

  1. Boot qemu with only the OVMF code & varstore attached. No OS or appliance.
  2. This should drop you into a UEFI shell which is accessible over qemu’s serial port.
  3. Send appropriate setvar commands to update the variables. Using expect this should be automatable.

GNOME 3.16 is out!
Did you see?

It will obviously be in Fedora 22 Beta very shortly.

What happened since 3.14? Quite a bit, and a number of unfinished projects will hopefully come to fruition in the coming months.

Hardware support

After quite a bit of back and forth, automatic rotation for tablets will not be included directly in systemd/udev, but instead in a separate D-Bus daemon. The daemon has support for other sensor types, Ambient Light Sensors (ColorHug ALS amongst others) being the first ones. I hope we have compass support soon too.

Support for the Onda v975w's touchscreen and accelerometer are now upstream. Work is on-going for the Wi-Fi driver.

I've started some work on supporting the much hated Adaptive keyboard on the X1 Carbon 2nd generation.

Technical debt

In the last cycle, I've worked on triaging gnome-screensaver, gnome-shell and gdk-pixbuf bugs.

The first got merged into the second, the second got plenty of outdated bugs closed, and priorities re-evaluated as a result.

I wrangled old patches and cleaned up gdk-pixbuf. We still have architectural problems in the library for huge images, but at least we're up to a state where we know what the problems are, not being buried in Bugzilla.

Foundation building

A couple of projects got started that didn't reached maturation yet. I'm pretty happy that we're able to use gnome-books (part of gnome-documents) today to read Comic books. ePub support is coming!

Grilo saw plenty of activity. The oft requested "properties" page in Totem is closer than ever, so is series grouping.

In December, Allan and I met with the ABRT team, and we've landed some changes we discussed there, including a simple "Report bugs" toggle in the Privacy settings, with a link to the OS' privacy policy. The gnome-abrt application had a facelift, but we got somewhat stuck on technical problems, which should get solved in the next cycle. The notifications were also streamlined and simplified.

I'm a fan

Of the new overlay scrollbars, and the new gnome-shell notification handling. And I'm cheering on co-new app in 3.16, GNOME Calendar.

There's plenty more new and interesting stuff in the release, but I would just be duplicating much of the GNOME 3.16 release notes.
Fedora 22: Abonnieren von Google Kalendern funktioniert nicht mehr

In der Evolution Version 3.16 scheint es nicht mehr möglich zu sein, Google Kalender zu abonnieren, da man lediglich eine leere Liste der Kalender angezeigt bekommt (Bugreport).

Das Problem scheint jedoch bereits im Code-Zweig für Evolution 3.18 korrigiert worden zu sein. Da dafür jedoch Änderungen an der API notwendig waren, können die Änderungen nicht nach Evolution 3.16 zurück portiert werden.

Ein möglicher Workaround (der zumindest bei mir nicht funktionierte) ist, wie folgt vorzugehen:

Einrichtung eines CalDAV-Kalenders in Evolution

Einrichtung eines CalDAV-Kalenders in Evolution

  • Einen neuen CalDAV-Kalender anlegen
  • Als URL für den Kalender verwenden
  • Als Benutzer-Namen den Google-Benutzernamen ohne das Suffix angeben
  • Auf “Kalender suchen” klicken

Wenn alles geklappt hat, sollte man jetzt eine Liste seiner Kalender angezeigt bekommen.

Not using IPv6? Are you sure?
World IPv6 Launch logo

CC-BY World IPv6 Launch

Internet Protocol version 6 (IPv6) has been around for many years and was first supported in Red Hat Enterprise Linux 6 in 2010.  Designed to provide, among other things, additional address space on the ever-growing Internet, IPv6 has only recently become a priority for ISPs and businesses.

On February 3, 2011, ICANN announced that the available pool of unallocated IPv4 addresses had been completely emptied and urged network operators and server owners to implement IPv6 if they had not already done so.  Unfortunately, many networks still do not support IPv6 and many system and network administrators don’t understand the security risks associated with not having some sort of IPv6 control within their networks setup even if IPv6 is not supported.  The common thought of not having to worry about IPv6 since it’s not supported on a network is a false one.

The Threat

On many operating systems, Red Hat Enterprise Linux and Fedora included, IPv6 is preferred over IPv4.  A DNS lookup will search first for an IPv6 address and then an IPv4 address.  A system requesting a DHCP allocation will, by default, attempt to obtain both addresses as well.  When a network does not support IPv6 it leaves open the possibility of rouge IPv6 DHCP and DNS servers coming online to redirect traffic either around current network restrictions or through a specific choke point where traffic can be inspected or both.  Basically, if you aren’t offering up IPv6 within your network someone else could.

Just like on an IPv4 network, monitoring IPv6 on the internal network is crucial for security, especially if you don’t have IPv6 rolled out.  Without proper monitoring, an attacker, or poorly configured server, could start providing a path way out of your network, bypassing all established safety mechanisms to keep your data under control.

Implementing IPv6

There are several methods for protecting systems and networks from attacks revolving around IPv6.  The simplest, and most preferred method, is to simply start using IPv6.  It becomes much more difficult for rouge DNS and DHCP servers to be implemented on a functioning IPv6 network.  Implementing IPv6 isn’t particularly difficult either.

Unfortunately IPv6 isn’t all the simple to implement either.  As UNC‘s Dr. Joni Julian spoke about in her SouthEast LinuxFest presentation on IPv6 Security, many of the tools administrators use to manage network connections have been rewritten, and thus renamed, to support IPv6.  This adds to the confusion when other tools, such as iptables, require different rules to be written to support IPv6.  Carnegie Mellon University’s CERT addresses many different facets of implementing IPv6 including ip6tables rules.  There are many resources available to help system and network administrators setup IPv6 on their systems and networks and by doing so networks will automatically be available to IPv6-only networks of the future present.

Blocking and Disabling IPv6

If setting up IPv6 isn’t possible the next best thing is disabling, blocking, and monitoring for IPv6 on the network.  This means disabling IPv6 in the network stack and blocking IPv6 in ip6tables.

# Set DROP as default policy to INPUT, OUTPUT, and FORWARD chains.
ip6tables -P INPUT DROP
ip6tables -P OUTPUT DROP
ip6tables -P FORWARD DROP

# Set DROP as a rule to INPUT and OUTPUT chains.
ip6tables -I INPUT -p all -j DROP
ip6tables -I OUTPUT -p all -j DROP

Because it can never known that every system on a network will be properly locked down, monitoring for IPv6 packets on the network is important.  Many IDSs can be configured to alert on such activity but configuration is key.

A few final words

IPv6 doesn’t have to be scary but if you want to maintain a secure network a certain amount of respect is required.  With proper monitoring IPv6 can be an easily manageable “threat”.  Of course the best way to mitigate the risks is to embrace IPv6.  Rolling it out and using it prevents many of the risks already discussed and it could already be an availability issue if serving up information over the Internet is important.

Fedora 22: flackernder GDM-Login Bildschirm

Beim unter Fedora 22 verwendeten GDM 3.16 kann es in Verbindung mit Intel-GPUs dazu kommen, das der Login-Bildschirm stark flackert, sobald die Maus oder Tastatur benutzt (Fehlerberichte hier und hier). Einige Anwender berichten jedoch, das es sich hierbei wohl eher um ein Problem mit dem Kernel 4.0 zu handeln scheint, da das Problem mit einem Kernel <= 3.19 nicht auftreten scheint.

Der derzeit einzige Workaround für das Problem ist, den GDM Login-Bildschirm wieder unter dem X-Server ausführen zu lassen (HowTo).

فيدورا 22 التجريبية (الفا) ما الجديد ؟
Fedora 22 Alpha

Fedora 22 Alpha

الاسبوع الماضي صدرت النسخة التجريبية الاولى (الفا) من فيدورا 22 تعالوا لنخذ نظرة خاطفة على احدث التقنيات الحرة في فيدورا 22 !

جاءت الاصدارة الجديدة بثلاث نسخ كما هو معروف: النسخة السحابية ونسخة السيرفر ونسخة المستخدم العادي Workstation نتحدث هنا عن اهم المميزات الجديدة في فيدورا 22 وخاصة ما يخص نسخة Workstation !

اهم الاضافات والتحسينات كانت كالتالي:

  • اعادة تصميم نظام الاشعارات في جنوم شيل ودمجه مع التقويم
  • اشعار جديد لاخبارك باكتمال العمليات في الطرفية
  • شاشة تسجيل الدخول تستخدم Wayland افتراضيا بدلX
  • تحسينات واضافات جديدة على مدير الملفات نوتلس لتجربة افضل واكثر اتساقا
  • تحسينات جديدة على جنوم شيل خاصة ما يتعلق بالشكل والثيمات
  • وغيرها الكثير من التحسينات


واليكم مجموعة من الصور من فيدروا 22

شاشة تسجيل الدخول باستخدام Wayland (قد لا يشعر المستخدم بهذا التغير مطلقا)


فيدروا 22 مع Wayland

نظام الاشعارات الجديد

نظام الاشعارات الجديد

نظام الاشعارات الجديد في التقويم

نظام الاشعارات الجديد

نظام الاشعارات الجديد صورة من الاشعار

اخطار لاكتمال العمليات في الطرفية


اشعارات الطرفية عند اكتمال المهمة


اشعارات الطرفية عند اكتمال المهمة


الحصول على النسخة التجريبة الفا:

يمكن تحميل فيدروا 22 الفا من الموقع الرسمي عبر الرابط

ومن المقرر اصدار النسخة التجريبة الثانية بيتا في 14 ابريل 2015 لتكون النسخة النهائية في 19 مايو 2015

Release State Release Date
Alpha Release Public Availability Tue 10 Mar 2015
Beta Release Public Availability Tue 14 Apr 2015
Final Release Public Availability (GA) Tue 19 May 2015


كونوا في انتظار النسخة الجديدة ولا تنسو مشاركة هذه التحديثات مع اصدقائكم ….

التدوينة فيدورا 22 التجريبية (الفا) ما الجديد ؟ ظهرت أولاً على غزاوي آي تي.

Progit is dead, long live pagure

You may have heard of a little pet project I have been working on recently, I called it progit but there already a more well-known project named progit (the pro git book).

So, after long deliberations, we decided to rename the project: pagure.

What is Pagure?

Pagure is a small git-centered forge project. You can host your code, your documentation, your tickets and have people contribute to the project by forking it and opening pull-requests.

All the information about the project is hosted in different git repositories, the code of course, but also the documentation as well as the metadata (discussion) of tickets and pull-requests. The idea being that one could host a project in multiples instances of pagure and keep them in sync.

What about the name?

Pagure is the generic (French) name for animals of the Paguroidea family which includes the well known Pagurus bernhardus. This little crab moves from shell to shell as it grows up. I found it was a nice analogy with this forge where project can move from place to place.

Where can I see it?

Pagure is still under development and pretty much changes every day. However, you can already see it, test it and poke at it via the dev instance we have running.

As you will see, pagure itself is being developed there, so feel free to open a ticket if pagure does not do something you would like (or does something you do not like).

Lohit Devanagari 2.95.1 release
Done with 2.95.1 release. This release in continuation with 2.95.0 release, basically to resolves issues raised in it ;)

Noticed issue while Fedora 22 testing from Bhushan. While analyzing it found it is due to autohinting in Lohit fontconfig file.

We are now using ttfautohint while building ttf file and on this hinted font again using autohint. This does not working very nice as reported in bugzilla.

From bug #1203996
There was couple of more issues i noticed on Fedora 22. These all are fixed now. Soon building 2.95.1 version for Fedora 22. Will be available in Fedora 22 Beta release.

Announced in lohit-devel list

March 24, 2015

How to turn the Chromebook Pixel into a proper developer laptop

Recently I spent about a day installing Fedora 22 + jhbuild on a Chromebook and left it unplugged overnight. The next day I turned it on with a flat battery, grabbed the charger, and the coreboot bios would not let me do the usual ctrl+L boot-to-SeaBIOS trick. I had to download the ChromeOS image to an SD card, reflash the ChromeOS image and thet left me without any of my Fedora workstation I’d so lovingly created the day before. This turned a $1500 laptop with a gorgeous screen into a liability that I couldn’t take anywhere for fear of losing all my work, again. The need to do CTRL+L every time I rebooted was just crazy.

I didn’t give up that easily; I need to test various bits of GNOME on a proper HiDPI screen and having a loan machine sitting in a bag wasn’t going to help anyone. So I reflashed the BIOS, and now have a machine that boots straight into Fedora 22 without any of the other Chrome stuff getting in the way.

Reflashing a BIOS on a Chromebook Pixel isn’t for the feignt of heart, but this is the list of materials you’ll need:

  • Set of watchmakers screwdrivers
  • Thin plastic shim (optional)
  • At least 1Gb USB flash drive
  • An original Chromebook Pixel
  • A BIOS from here for the Pixel
  • A great big dollop of courage

This does involve deleting the entire contents of your Pixel, so back anything up you care about before you start, unless it’s hosted online. I’m also not going to help you if you brick your machine, cateat emptor and all that. So, lets get cracking:

  • Boot chromebook into Recovery Mode (escape+refresh at startup) then do Control+D, then Enter, wait for ~5 mins while the Pixel reflashes itself
  • Power down the machine, remove AC power
  • Remove the rubber pads from the underside of the Pixel, remove all 4 screws
  • Gently remove the adhesive from around the edges, and use the smallest shim or screwdriver you have to release the 4 metal catches from the front and sides. You can leave the glue on the rear as this will form a hinge you can use. Hint: The tabs have to be released inwards, although do be aware there are 4 nice lithium batteries that might kinda explode if you slip and stab them hard with a screwdriver.
  • Remove the BIOS write protect screw AND the copper washer that sits between the USB drives and the power connector. Put it somewhere safe.
  • Gently close the bottom panel, but not enough for the clips to pop in. Turn over the machine and boot it.
  • Do enough of the registration so you can logon. Then logout.
  • Do the CTRL+ALT+[->] (really F2) trick to get to a proper shell and login as the chromos user (no password required). If you try to do it while logged in via the GUI it will not work.
  • On a different computer, format the USB drive as EXT4 and copy the squashfs.img, vmlinuz and initrd.img files there from your nearest Fedora mirror.
  • Also copy the correct firmware file from
  • Unmount the USB drive and remove
  • Insert the USB drive in the Pixel and mount it to /mnt
  • Make a backup of the firmware using /usr/sbin/flashrom -r /mnt/backup.rom
  • Flash the new firmware using /usr/sbin/flashrom -w /mnt/the_name_of_firmware.rom
  • IMPORTANT: If there are any warnings or errors you should reflash with the backup; if you reboot now you’ll have a $1500 brick. If you want to go back to the backup copy just use /usr/sbin/flashrom -w /mnt/backup.rom, but lets just assume it went well for now.
  • /sbin/shutdown -h now, then remove power again
  • Re-open the bottom panel, which should be a lot easier this time, and re-insert the BIOS write washer and screw, but don’t over-tighten.
  • Close the bottom panel and insert the clips carefully
  • Insert the 4 screws and tighten carefully, then convince the sticky feet to get back into the holes. You can use a small screwdriver to convince them a little more.
    Power the machine back on and it will automatically boot to the BIOS. Woo! But not done yet.
  • It will by default boot into JELTKA which is “just enough Linux to kexec another”.
  • When it looks like it’s hung, enter “root” then enter and it’ll log into a root prompt.
  • Mount the USB drive into /mnt again
  • Do something like kexec -l /mnt/vmlinuz --initrd=/mnt/initrd.img --append=stage2=hd:/dev/sdb1:/squashfs.img
  • Wait for the Fedora installer to start, then configure a network mirror where you can download packages. You’ll have to set up Wifi before you can download package lists.

This was all done from memory, so feel free to comment if you try it and I’ll fix things up as needed.

Fedora Design Team Update

Fedora Design Team Logo

Fedora Design Team Meeting 24 March 2015

Completed Tickets

Ticket 361: Fedora Reflective Bracelet

This ticket involved a simple design for a reflective bracelet for bike riders to help them be more visible at night. The imprint area was quite small and the ink only one color, so this was fairly simple.

Tickets Open For You to Take!

One of the things we required to join the design team is that you take and complete a ticket. We have one ticket currently open and awaiting you to claim it and contribute some design work for Fedora :):


Fedora 22 Supplemental Wallpapers Vote Closes Tomorrow!

Tomorrow (Wednesday, March 25) is the last day to get in your votes for Fedora 22’s supplemental wallpapers! Vote now! (All Fedora contributors are eligible to vote.)

(Oh yeah, don’t forget – You’ll get a special Fedora badge just for voting!)

Fedora 22 Default Wallpaper Plan

A question came up what our plan was with the Fedora 22 wallpaper – Ryan Lerch created the mockups that we shipped / will ship in the alpha and beta and the feedback we’ve got on these is positive thus far so we’ll likely not change direction for Fedora 22’s default wallpaper. The pattern is based on the pattern Ryan designed for the product artwork featured on

However, it is never too early to think about F23 wallpaper. If you have some ideas to share, please share them on the design team list!

2015 Flock Call for Papers is Open!

Flock is going to be at the Hyatt Regency in Rochester, New York. The dates are August 12 to August 15.

Gnokii proposed that we figure out which design team members are intending to go, and perhaps we could plan out different sessions for a design track. Some of the sessions we talked about:

  • Design Clinic – bring your UI or artwork or unfiled design team ticket to an open “office hours” session with design team members and get feedback / critique / help.
  • Wallpaper Hunt – design team members with cameras could plan a group photoshoot to get nice pictures that could make good wallpapers for F23 (rietcatnor suggested Highland Park as a good potential place to go.
  • Badge Design Workshop – riecatnor is going to propose this talk!

I started a basic wiki page to track the Design Team Flock 2015 presence – add your name if you’re intending to go and your ideas for talk proposals so we can coordinate!

(I will message the design-team list with this idea too!)

See you next time?

Our meetings are every 2 weeks; we send reminders to the design-team mailing list and you can also find out if there is a meeting by checking out the design team category on FedoCal.

Pulp 2.6.0 is available!

The Pulp team is very happy to announce the release of Pulp 2.6.0!


  • Full support for managing docker repositories and images
  • Full support for RabbitMQ as a message broker
  • Many other improvements and bug fixes

Release notes:

Thank you to everyone who helped test the betas and release candidates.

Server SIG Weekly Meeting Minutes (2015-04-24)

<html> <head> <meta content="text/html;charset=UTF-8" http-equiv="Content-type"/>
<style type="text/css"> /* This is for the .html in the HTML2 writer */ body { font-family: Helvetica, sans-serif; font-size:14px; } h1 { text-align: center; } a { color:navy; text-decoration: none; border-bottom:1px dotted navy; } a:hover { text-decoration:none; border-bottom: 0; color:#0000B9; } hr { border: 1px solid #ccc; } /* The (nick, time) item pairs, and other body text things. */ .details { font-size: 12px; font-weight:bold; } /* The 'AGREED:', 'IDEA', etc, prefix to lines. */ .itemtype { font-style: normal; /* un-italics it */ font-weight: bold; } /* Example: change single item types. Capitalized command name. /* .TOPIC { color:navy; } */ /* .AGREED { color:lime; } */ </style>

</head> <body>

#fedora-meeting-1: Server SIG Weekly Meeting (2015-03-24)

Meeting started by sgallagh at 15:00:30 UTC (full logs).

Meeting summary

  1. roll call (sgallagh, 15:00:31)
  2. Agenda (sgallagh, 15:03:18)
    1. Agenda Item: Anaconda Password Policy (sgallagh, 15:03:30)

  3. Anaconda Password Policy (sgallagh, 15:05:48)
    1. (sgallagh, 15:06:06)
    2. ACTION: adamw to email other products to try to unify the pwpolicy change (sgallagh, 15:16:17)
    3. (nirik, 15:21:36)
    4. (adamw, 15:38:09)
    5. AGREED: The password policy will be “–nostrict –minlen=6 –minquality=50 –nochanges –emptyok” for root, user and luks (sgallagh, 15:39:12)
    6. ACTION: sgallagh to update fedora-productimg-server with the agreed defaults. (sgallagh, 15:42:08)

  4. Open Floor (sgallagh, 15:42:57)
    1. (sgallagh, 15:44:40)
    2. Help needed in reviewing rolekit database server patches (sgallagh, 15:44:53)
    3. ACTION: adamw and danofsatx to review the database server patches at their convenience (sgallagh, 15:47:27)

Meeting ended at 15:49:32 UTC (full logs).

Action items

  1. adamw to email other products to try to unify the pwpolicy change
  2. sgallagh to update fedora-productimg-server with the agreed defaults.
  3. adamw and danofsatx to review the database server patches at their convenience

Action items, by person

  1. adamw
    1. adamw to email other products to try to unify the pwpolicy change
    2. adamw and danofsatx to review the database server patches at their convenience
  2. danofsatx
    1. adamw and danofsatx to review the database server patches at their convenience
  3. sgallagh
    1. sgallagh to update fedora-productimg-server with the agreed defaults.

People present (lines said)

  1. sgallagh (99)
  2. mizmo (47)
  3. adamw (45)
  4. simo (38)
  5. nirik (37)
  6. danofsatx (14)
  7. zodbot (10)
  8. stefw (7)
  9. junland (3)
  10. masta (1)
  11. mitr (0)
  12. tuanta (0)

Generated by MeetBot 0.1.4. </body></html>