Recipes catalog and calculator in Rails 8 by gfilippetti

My wife needs a website to catalog and sell the products of her upcoming bakery, and I need to learn and practice modern Rails. So I'm using this Hack Week to build a modern store using the latest Ruby on Rails best practices, ideally up to the deployment.

TO DO

• Index page
• Product page
• Admin area -- Supplies calculator based on orders -- Orders notification
• Authentication
• Payment
• Deployment

Day 1

As my Rails knowledge was pretty outdated and I had 0 experience with Turbo (wich I want to use in the app), I started following a turbo-rails course. I completed 5 of 11 chapters.

Day 2

Continued the course until chapter 8 and added live updates & an empty state to the app. I should finish the course on day 3 and start my own project with the knowledge from it.

Hackweek 24

For this Hackweek I'll continue this project, focusing on a Catalog/Calculator for my wife's recipes so she can use for her Café.

Day 1

---

Fix RSpec tests in order to replace the ruby-ldap rubygem in OBS by enavarro_suse

Description

"LDAP mode is not official supported by OBS!". See: config/options.yml.example#L100-L102

However, there is an RSpec file which tests LDAP mode in OBS. These tests use the ruby-ldap rubygem, mocking the results returned by a LDAP server.

The ruby-ldap rubygem seems no longer maintaned, and also prevents from updating to a more recent Ruby version. A good alternative is to replace it with the net-ldap rubygem.

Before replacing the ruby-ldap rubygem, we should modify the tests so the don't mock the responses of a LDAP server. Instead, we should modify the tests and run them against a real LDAP server.

Goals

Goals of this project:

• Modify the RSpec tests and run them against a real LDAP server
• Replace the net-ldap rubygem with the ruby-ldap rubygem

Achieving the above mentioned goals will:

• Permit upgrading OBS from Ruby 3.1 to Ruby 3.2
• Make a step towards officially supporting LDAP in OBS.

Resources

• Replace ruby-ldap rubygem with net-ldap

---

ddflare: (Dynamic)DNS management via Cloudflare API in Kubernetes by fgiudici

Description

ddflare is a project started a couple of weeks ago to provide DDNS management using v4 Cloudflare APIs: Cloudflare offers management via APIs and access tokens, so it is possible to register a domain and implement a DynDNS client without any other external service but their API.

Since ddflare allows to set any IP to any domain name, one could manage multiple A and ALIAS domain records. Wouldn't be cool to allow full DNS control from the project and integrate it with your Kubernetes cluster?

Goals

Main goals are:

1. add containerized image for ddflare
2. extend ddflare to be able to add and remove DNS records (and not just update existing ones)
3. add documentation, covering also a sample pod deployment for Kubernetes
4. write a ddflare Kubernetes operator to enable domain management via Kubernetes resources (using kubebuilder)

Available tasks and improvements tracked on ddflare github.

Resources

• https://github.com/fgiudici/ddflare
• https://developers.cloudflare.com/api/
• https://book.kubebuilder.io

---

Automate PR process by idplscalabrini

Description

This project is to streamline and enhance the pr review process by adding automation for identifying some issues like missing comments, identifying sensitive information in the PRs like credentials. etc. By leveraging GitHub Actions and golang hooks we can focus more on high-level reviews

Goals

• Automate lints and code validations on Github actions
• Automate code validation on hook
• Implement a bot to pre-review the PRs

Resources

Golang hooks and Github actions

---

Hack on rich terminal user interfaces by amanzini

Description

TUIs (Textual User Interface) are a big classic of our daily workflow. Many linux users 'live' in the terminal and modern implementations have a lot to offer : unicode fonts, 24 bit colors etc.

Goals

• Explore the current available solution on modern languages and implement a PoC , for example a small maze generator, porting of a classic game or just display the HackWeek cute logo.
• Practice some Go / Rust coding and programming patterns
• Fiddle around, hack, learn, have fun
• keep a development diary, practice on project documentation

Follow this link for source code repository

• includes development diary

Some ideas for inspiration:

• https://github.com/coding-horror/basic-computer-games
• https://git.imzadi.de/acn/vt100-games
• https://github.com/skx/lighthouse-of-doom
• https://github.com/rothgar/awesome-tuis
• https://www.zq1.de/~bernhard/images/share/geeko/logo.txt

Related projects:

• https://hackweek.opensuse.org/24/projects/suse-rancher-supportconfig from @eminguez

Resources

• Python:

  • https://github.com/Textualize/rich

• Go:

  • https://charm.sh/
  • https://github.com/JoelOtter/termloop
  • https://github.com/gdamore/tcell
  • https://earthly.dev/blog/tui-app-with-go/
  • https://www.inngest.com/blog/interactive-clis-with-bubbletea
  • https://m.youtube.com/watch?v=uJ2egAkSkjg

• Rust:

  • https://ratatui.rs/
  • https://github.com/lemunozm/ruscii
  • https://gitlab.com/thustle/thardians-rs
  • https://www.youtube.com/live/qaaHhfPGde0

• Misc:

  • Book about programming mazes

---

A CLI for Harvester by mohamed.belgaied

[comment]: # Harvester does not officially come with a CLI tool, the user is supposed to interact with Harvester mostly through the UI [comment]: # Though it is theoretically possible to use kubectl to interact with Harvester, the manipulation of Kubevirt YAML objects is absolutely not user friendly. [comment]: # Inspired by tools like multipass from Canonical to easily and rapidly create one of multiple VMs, I began the development of Harvester CLI. Currently, it works but Harvester CLI needs some love to be up-to-date with Harvester v1.0.2 and needs some bug fixes and improvements as well.

Project Description

Harvester CLI is a command line interface tool written in Go, designed to simplify interfacing with a Harvester cluster as a user. It is especially useful for testing purposes as you can easily and rapidly create VMs in Harvester by providing a simple command such as: harvester vm create my-vm --count 5 to create 5 VMs named my-vm-01 to my-vm-05.

Harvester CLI is functional but needs a number of improvements: up-to-date functionality with Harvester v1.0.2 (some minor issues right now), modifying the default behaviour to create an opensuse VM instead of an ubuntu VM, solve some bugs, etc.

Github Repo for Harvester CLI: https://github.com/belgaied2/harvester-cli

Done in previous Hackweeks

• Create a Github actions pipeline to automatically integrate Harvester CLI to Homebrew repositories: DONE
• Automatically package Harvester CLI for OpenSUSE / Redhat RPMs or DEBs: DONE

Goal for this Hackweek

The goal for this Hackweek is to bring Harvester CLI up-to-speed with latest Harvester versions (v1.3.X and v1.4.X), and improve the code quality as well as implement some simple features and bug fixes.

Some nice additions might be: * Improve handling of namespaced objects * Add features, such as network management or Load Balancer creation ? * Add more unit tests and, why not, e2e tests * Improve CI * Improve the overall code quality * Test the program and create issues for it

Issue list is here: https://github.com/belgaied2/harvester-cli/issues

Resources

The project is written in Go, and using client-go the Kubernetes Go Client libraries to communicate with the Harvester API (which is Kubernetes in fact). Welcome contributions are:

• Testing it and creating issues
• Documentation
• Go code improvement

What you might learn

Harvester CLI might be interesting to you if you want to learn more about:

• GitHub Actions
• Harvester as a SUSE Product
• Go programming language
• Kubernetes API

---

toptop - a top clone written in Go by dshah

Description

toptop is a clone of Linux's top CLI tool, but written in Go.

Goals

Learn more about Go (mainly bubbletea) and Linux

Resources

GitHub

---

Contributing to Linux Kernel security by pperego

Description

A couple of weeks ago, I found this blog post by Gustavo Silva, a Linux Kernel contributor.

I always strived to start again into hacking the Linux Kernel, so I asked Coverity scan dashboard access and I want to contribute to Linux Kernel by fixing some minor issues.

I want also to create a Linux Kernel fuzzing lab using qemu and syzkaller

Goals

1. Fix at least 2 security bugs
2. Create the fuzzing lab and having it running

The story so far

• Day 1: setting up a virtual machine for kernel development using Tumbleweed. Reading a lot of documentation, taking confidence with Coverity dashboard and with procedures to submit a kernel patch
• Day 2: I read really a lot of documentation and I triaged some findings on Coverity SAST dashboard. I have to confirm that SAST tool are great false positives generator, even for low hanging fruits.
• Day 3: Working on trivial changes after I read this blog post: https://www.toblux.com/posts/2024/02/linux-kernel-patches.html. I have to take confidence with the patch preparation and submit process yet.
  • First trivial patch sent: using strtruefalse() macro instead of hard-coded strings in a staging driver for a lcd display
  • Fix for a dereference before null check issue discovered by Coverity (CID 1601566) https://scan7.scan.coverity.com/#/project-view/52110/11354?selectedIssue=1601566
• Day 4: Triaging more issues found by Coverity.
  • The patch for CID 1601566 was refused. The check against the NULL pointer was pointless so I prepared a version 2 of the patch removing the check.
  • Fixed another dereference before NULL check in iwlmvmparsewowlaninfo_notif() routine (CID 1601547). This one was already submitted by another kernel hacker :(
• Day 5: Wrapping up. I had to do some minor rework on patch for CID 1601566. I found a stalker bothering me in private emails and people I interacted with me, advised he is a well known bothering person. Markus Elfring for the record.

• Wrapping up: being back doing kernel hacking is amazing and I don't want to stop it. My battery pack is completely drained but changing the scope gave me a great twist and I really want to feel this energy not doing a single task for months.

  I failed in setting up a fuzzing lab but I was too optimistic for the patch submission process.

The patches

1

---

OIDC Loginproxy by toe

Description

Reverse proxies can be a useful option to separate authentication logic from application logic. SUSE and openSUSE use "loginproxies" as an authentication layer in front of several services.

Currently, loginproxies exist which support LDAP authentication or SAML authentication.

Goals

The goal of this Hack Week project is, to create another loginproxy which supports OpenID Connect authentication which can then act as a drop-in replacement for the existing LDAP or SAML loginproxies.

Testing is intended to focus on the integration with OIDC IDPs from Okta, KanIDM and Authentik.

Resources

• #122254: Migrate away from login proxies to SSO

---

Model checking the BPF verifier by shunghsiyu

Project Description

BPF verifier plays a crucial role in securing the system (though less so now that unprivileged BPF is disabled by default in both upstream and SLES), and bugs in the verifier has lead to privilege escalation vulnerabilities in the past (e.g. CVE-2021-3490).

One way to check whether the verifer has bugs to use model checking (a formal verification technique), in other words, build a abstract model of how the verifier operates, and then see if certain condition can occur (e.g. incorrect calculation during value tracking of registers) by giving both the model and condition to a solver.

For the solver I will be using the Z3 SMT solver to do the checking since it provide a Python binding that's relatively easy to use.

Goal for this Hackweek

Learn how to use the Z3 Python binding (i.e. Z3Py) to build a model of (part of) the BPF verifier, probably the part that's related to value tracking using tristate numbers (aka tnum), and then check that the algorithm work as intended.

Resources

• Formal Methods for the Informal Engineer: Tutorial #1 - The Z3 Theorem Prover and its accompanying notebook is a great introduction into Z3
  • Has a section specifically on model checking
• Software Verification and Analysis Using Z3 a great example of using Z3 for model checking
• Sound, Precise, and Fast Abstract Interpretation with Tristate Numbers - existing work that use formal verification to prove that the multiplication helper used for value tracking work as intended
• [PATCH v5 net-next 00/12] bpf: rewrite value tracking in verifier - initial patch set that adds tristate number to the verifier

---

Kanidm: A safe and modern IDM system by firstyear

Kanidm is an IDM system written in Rust for modern systems authentication. The github repo has a detailed "getting started" on the readme.

Kanidm Github

In addition Kanidm has spawn a number of adjacent projects in the Rust ecosystem such as LDAP, Kerberos, Webauthn, and cryptography libraries.

In this hack week, we'll be working on Quokca, a certificate authority that supports PKCS11/TPM storage of keys, issuance of PIV certificates, and ACME without the feature gatekeeping implemented by other CA's like smallstep.

For anyone who wants to participate in Kanidm, we have documentation and developer guides which can help.

I'm happy to help and share more, so please get in touch!

---

VulnHeap by r1chard-lyu

Description

The VulnHeap project is dedicated to the in-depth analysis and exploitation of vulnerabilities within heap memory management. It focuses on understanding the intricate workflow of heap allocation, chunk structures, and bin management, which are essential to identifying and mitigating security risks.

Goals

• Familiarize with heap
  • Heap workflow
  • Chunk and bin structure
  • Vulnerabilities
• Vulnerability
  • Use after free (UAF)
  • Heap overflow
  • Double free
• Use Docker to create a vulnerable environment and apply techniques to exploit it

Resources

• https://heap-exploitation.dhavalkapil.com/divingintoglibc_heap
• https://raw.githubusercontent.com/cloudburst/libheap/master/heap.png
• https://github.com/shellphish/how2heap?tab=readme-ov-file

---

Create an Android app for Syncthing as part of the Syncthing Tray project by mkittler

Description

There's already an app but code/features already in Syncthing Tray could be reused to create a nicer app with additional features like managing ignore patterns more easily. The additional UI code for the app could then in turn be re-used by other parts of Syncthing Tray, e.g. to implement further steps in the wizard as requested by some users. This way one "UI wrapper codebase" could serve GNU/Linux, Windows and Android (and in theory MacOS) at the same time which is kind of neat.

Goals

• DONE: Learn more about development for Android and development of UIs with Qt Quick
• DONE: Create an experimental app reusing as much existing Syncthing Tray code as possible
• DONE: Build Syncthing as a library also for Android and use it in the app (already done but needs further testing and integration with the rest of the app configuration)
• DONE: Update the Syncthing Tray website, documentation
• Extend the app so it has at least a start page and an import that can cope with an export of the other app
• Update forum thread
• Upload an experimental build on GitHub
• Extend the Syncthing API to download single files on demand (instead of having to sync the whole directory or use ignore patterns)

Resources

• Android SDK/NDK and emulator
• Qt Quick

---

YQPkg - Bringing the Single Package Selection Back to Life by shundhammer

tl;dr

Rip out the high-level YQPackageSelector widget from YaST and make it a standalone Qt program without any YaST dependencies.

See section "Result" at the bottom for the current status after the hack week.

Current Status

See the development status issue at the GitHub repo.

tl;dr: It's usable now with all the key features.

It does real package installation / removal / update with reasonable user feedback.

The Past and the Present

We used to have and still have a powerful software selection with the YaST sw_single module (and the YaST patterns counterpart): You can select software down to the package level, you can easily select one of many available package versions, you can select entire patterns - or just view them and pick individual packages from patterns.

You can search packages based on name, description, "requires" or "provides" level, and many more things.

The Future

YaST is on its way out, to be replaced by the new Agama installer and Cockpit for system administration. Those tools can do many things, but fine-grained package selection is not among them. And there are also no other Open Source tools available for that purpose that even come close to the YaST package selection.

Many aspects of YaST have become obsolete over the years; many subsystems now come with a good default configuration, or they can configure themselves automatically. Just think about sound or X11 configuration; when did you last need to touch them?

For others, the desktops bring their own tools (e.g. printers), or there are FOSS configuration tools (NetworkManager, BlueMan). Most YaST modules are no longer needed, and for many others there is a replacement in tools like Cockpit.

But no longer having a powerful fine-grained package selection like in YaST sw_single will hurt. Big time. At least until there is an adequate replacement, many users will want to keep it.

The Idea

YaST sw_single always revolved around a powerful high-level widget on the abstract UI level. Libyui has low-level widgets like YPushButton, YCheckBox, YInputField, more advanced ones like YTable, YTree; and some few very high-level ones like YPackageSelector and YPatternSelector that do the whole package selection thing alone, working just on the libzypp level and changing the status of packages or patterns there.

For the YaST Qt UI, the YQPackageSelector / YQPatternSelector widgets work purely on the Qt and libzypp level; no other YaST infrastructure involved, in particular no Ruby (or formerly YCP) interpreter, no libyui-level widgets, no bindings between Qt / C++ and Ruby / YaST-core, nothing. So it's not too hard to rip all that part out of YaST and create a standalone program from it.

For the NCurses UI, the NCPackageSelector / NCPatternSelector create a lot of libyui widgets (inheriting YWidget / NCWidget) and use a lot of libyui calls to glue them together; and all that of course still needs a lot of YaST / libyui / libyui-ncurses infrastructure. So NCurses is out of scope here.

Preparatory Work: Initializing the Package Subsystem

To see if this is feasible at all, the existing UI examples needed some fixing to check what is needed on that level. That was the make-or-break decision: Would it be realistically possible to set the needed environment in libzypp up (without being stranded in the middle of that task alone at the end of the hack week)?

Yes, it is: That part is already working:

https://github.com/yast/yast-ycp-ui-bindings/pull/71

---