The Linux kernel already has cryptographic support for signature verification on data. This is used to digitally sign kernel modules at build time, and verify integrity and provenance at load time. Likewise the 802.11 subsystem on the Linux kernel had historically in parallel prior to Linux's own kernel signing facility implemented and integrated support to verify file integrity and provenance for use on the Linux regulatory database. The 802.11 subsystem's components that provide this facility are CRDA and wireless-regdb. CRDA and wireless-regdb technically are split up as two separate trees for development, wireless-regdb helps provide the 802.11 regulatory database while CRDA exists as a udev helper to feed to the Linux kernel a regulatory domain when needed. By using a regulatory database in userspace the Linux kernel is able to get updates for regulatory rules without requiring a rebuild. Linux distributions need the digitally signed regulatory.bin file from wireless-regdb tree and the CRDA binary from the CRDA tree. Linux distributions often combine both into one package, some distributions separate the two. The regulatory database is digitally signed by the wireless-regdb maintainer, and distributions that have have compiled in support for digital signature support on CRDA verify the integrity of the file before feeding a regulatory domain to the Linux kernel. Since the kernel module signing facility was merged upstream on Linux we could replace both CRDA and wireless-regdb distribution mechanism by adding cryptographic file signature verification support on Linux on the firmware_class module which provides the APIs to load firmware, and having the regulatory.bin file merged and updated through the linux-firmware tree. Adding cryptographic signature verification support on the firmware APIs on Linux is the first step to replace CRDA and wireless-regdb's own signature functionality. The second step is to extend the firmware APIs to enable subsystems to customize cryptographic requirements.

I think AppArmor is a great tool to add an additional layer of security without much effort. While it is normally easy to create a profile for a simple server program it is much more complex in case of desktop applications. The most vulnerable desktop application is the browser so it would be great to have an AppArmor profile for it.

Package open source tools used for radio controled models. Some of them needs patching, since they rely on pre-build binary blobs of open source tools. Also many of them bring the same libraries again. Known candidates for this are:

Create a openSUSE 13.2 Live CD. As enlightenment doesn't fit on the standard openSUSE CD I'd like to create a Image with it.

Write an Android app for children between 5 and 7 years. The app contains a story that the child can read and interact with.

We will have a series of short lightning talks to present what we have accomplished at Hack Week 12. In Nürnberg this will happen on Friday 17th Apr at 12:30 as part of the lunch session in the all-hands area. Lunch is served at 12:00, so you have a bit of time to settle in and satisfy your immediate needs before we go into presentation mode. If you would like to tell a bit about what you did at Hack Week 12, please leave a comment (preferably with a link to your projects), and I'll add you to the schedule.

A new web UI for saltstack, possibly the future of systems management. The official salt UI halite is now officially retired and saltpad is still very young and in alpha state. In addition to the creation of a new frontend to salt, the goal could be to work towards a full replacement for existing systems management solutions like spacewalk, including the migration (minionification) of systems from there.

OBS source services can currenlty run on the developer workstation and some of them also on the OBS server side. The goal of this project is to allow everybody running source services as part of their build job. Therefore we will introduce a new "buildtime" mode. The OBS server will pull in the needed service packages and run them before calling rpmbuild or friends.

In previous Hackweeks, we've gone to warp speed in our virtualization CI testing through: - Porting libvirt-tck to SUSE environments

Create packages for SLES 12 s390x in obs. The problem is, that we do not have the native build power on our s390x system.

Scaleway is a newly opened Cloud based in France (for now) offering ARM based servers. Those are BareMetal SSD cloud servers. They offer a range of operating systems to pick from (Debian, Ubuntu, ArchLinux...) as well as 'application images' (Docker, ownCloud...) but no openSUSE image yet.

Or at least, test as many of them as possible.

As a part of this hackweek, I'd like to take a look at Clojure and use it to solve as many problems as possible from the project euler.

Discourse is a really great opensource forum, written in Ruby on Rails and Ember.js. We should try to use it to complement mailing lists and IRC in internal communication, when we need persistent, searchable discussions (with helpful links to the outside world) for a broad and offtopicky subjects.

Needing to learn git, I thought it would be a good time to clean up the code and create a git project for it.

Record two songs by the end of the week.

The docker way of updating containers is to build a new image with the updated binaries and files, which creates a security concern. The docker way is not anymore running "zypper update" in the containment but to update the whole image in the image registry (hub docker if we are talking about public registry) and then pull the image update from there, stop the outdated containments and replace them by starting new containments based on the new image.

<p>kGraft allows to patch kernel at runtime. It implements a consistency model that allows to modify semantic of functions. e.g. fix lock order. For this, we need to find a safe place when a process/thread might start using the new code.</p> <p>Userspace tasks are switched on the kernel boundary when syscall is called/returns or when a signal is proceed.</p>

I am a beginner: I have read 1½ books on Haskell. I want to practice. Haskell is a purely functional, lazily evaluated, strongly typed (with

Ionic + AngularJS + Node.js (http://ionicframework.com/) staff.suse.de: demo

For development purpose, it is very useful to have an infrastructure that can spot regressions based on commit base. Currently, our existing infrastructure runs mainly SPEC benchmark and is cumbersome from perspective of any further development. I would like to build a replacement that will combine buildbot framework with a custom web project (based on Django framework). The web project will be used both for submitting reports coming from a buildbot slave and for UI which will serve plots and data. If you want to inspire a bit more, please visit Chrome Performance Dashboard or Mozilla telemetry. I hope I can make a simple extendable project that is going to eventually replace existing implementation.

Squeezeboxserver

Elasto is a cloud storage client project that has been developed across a number of SUSE Hack Weeks.<br /> It currently supports Amazon S3 and Microsoft Azure REST storage protocols, and includes a POSIX like file API.<br />

open-sTeam is a platform for cooperative work and cooperative learning developed at the university of paderborn in germany. the platform is being used at http://societyserver.org/ and is being developed further.

<p> The user space interface of evdev is pretty generic. All hardware abstraction is done in the kernel driver, device properties are mapped to a set of generic properties. The properties can be queried thru a generic interface only very few parameters are set from user space. In user space the evdev API is used by Xorg's evdev driver and libinput.

Apache Maven is a build tool used by many Java projects, which is incompatible with OBS in that it tries to download binary dependencies from the Internet. Several people have in the past years tried to somehow bootstrap Maven and failed. My new proposed approach is a Maven, patched to obtain packages from a filesystem location, and packages with .jar based -bootstrap.spec variant plus source-based build for properly modeling dependencies in OBS. Unlike the SUSE Manager team's work I am trying to rebuild those .jars from sources. Where necessary I am patching dependency versions to the latest sources/jars packaged.

I'd like to learn how to use Robot Framework for doing Acceptance Tests of a cli application: Machinery.

Goal #1

<p>PXE boot is a quick and easy way to install any SUSE/openSUSE product on a machine. It doesn't require any boot media and today virtually any system is capable of booting using PXE. </p> <p>The architecture team maintains a tftp server with boot loaders, boot loader configurations and installation images for a variety of architectures and products. Currently in the Nuernberg office this PXE boot service is only available in the network of the architecture team. Since tftp is unicast, the server should be reachable from anywhere in the internal network. What is missing is the information about the address of the tftp server and the image to boot from this server.

Paul McKenney's blog article inspired me to try apply his approach to kernel's memory allocation flags (gfp_flags) and how their combinations affect the decisions and actions taken during page allocation. Recent upstream development around these flags leads me to believe that the complexity is too high for me to reason about them and change the code without unintended changes in semantics. So it might be worth to let the computer do the hard work. If it works out, the approach should allow to verify that changing the code doesn't result in corner cases where some flag combinations don't work as intended. Then we can attempt to e.g. reduce the number of flags and perform other cleanups without fear of breaking everything.

Continue development of generic job server in haskell with primary focus on continuous integration and later possibly as support tool for data analysis in semantic file storage server, software configuration engine, etc Project hosted at https://github.com/yaccz/yac-build-server

While in the past MIPS boards were either low-end PIC32 or found in routers running OpenWRT at most, Imagination themselves have recently released the Creator CI20 board (Ingenic, MIPS32) running Debian. And the Shield Pro (previously iGuardian) kickstarter project (Octeon-III, MIPS64) promises to become a playground for testing KVM hardware virtualization. Porting openSUSE to MIPS will involve setting up an OBS instance linked to Factory (update: done) and cross-compiling a set of packages for an initial bootstrap (update: in progress). Maybe this can be scripted to some degree, as there will be some overlap with the ARM ILP32 port project.

This project will focus mostly on getting to know the Clojure and ClojureScript ecosystem. As part of this project I want to see how good the integration with the respective hostplatform is and how easy it is to use libraries for e.g. JavaScript in ClojureScript.

The trend of adopting Web technology in Desktop is ubiquitous these days. Both as a learning project and a proof of concept, we'd like to

Try some things about Docker and Understanding Linux Network Internals Links:

I previously created a semi-auto test script() for MOK. The script controls the QEMU virtual machine a pre-setup image and performs two simple test cases. It's tedious to setup the images for every SLE and openSUSE. My goal is to write a script to automatically set up the virtual machines and images and do a full test. I would also like to set up a test for weekly-built OVMF. openQA might be a good reference. () https://github.com/lcp/mok-autotest

The zypprepo was written around 3 years ago, and was based on the yumrepo built-in type/provider. Nowadays zypprepo misses a lot of functionality, which will be automatically inherited if it gets rewritten to be in sync with the current code of yumrepo (as also discussed in its issues #5 and #9). If time permits, solving issue #4 would be also really useful.

A new Puppet Master will be set up for the openSUSE and public SUSE infrastructure. We will need to move the puppet code from the old server to a new Gitlab instance, deploy it to the new box with r10k, and perform syntax, validation and RSpec testing through ci.opensuse.org

A frame work for automatically analysis the result of the performance test. The tool can be used manully as well as used throught openAPI.

ARM64 is become more popular on different markets, but obviously lots of pepople didn't have the hardware platform, and fastmodel is helpful for people to play with ARM64 environment, furthermore, we can run different software platform on it, such as Cloud, HA, Virt and OpenStack.

Introduction:
We are doing virtualization related tasks, How can we still not know how

Now we are lack of using internal wiki page to solve problem. One of the reason is that we don't know if it contain the solution we need, and it's not convenient to search it manually in wiki page. It's much more slower than using google. In one group, we are most likely facing the same problem during work. So keeping the best solution, which we got from searching engine, in internal wiki is an efficiency way to collect standard workflow.

Today OpenQA mostly runs on virtual machines, but it can get really tricky to find bugs triggered by real hardware. There are only few interfaces required to interact with a machine though: 1) HDMI<br>

The disassembly in gdb is not ideal. The binding with source code lines is weird (even crash, which does use gdb beneath, does that better), I don't see the jump targets; furthermore, there's a lot more informations hidden in the DWARF2 which may be of some interest - like which code is inlined, or which register/stack address should contain some variable. My goal is to search for a way how to improve that.

VNC protocol transfers key symbols (= basically characters), not key codes (= "coordinates" on keyboard). Therefore pressing the same keys may result in sending different commands over VNC depending on the keyboard layout and state of modifiers on the client side. The server however can not directly send the key symbol to the application, it must instead find or create key code that will translate to that symbol and send that. This is hard to implement correctly and there was already several bugs about it.

We from the public cloud dev team regularly upload generic and product images to be available in public cloud systems like Amazon EC2, Google Compute Engine or Microsoft Azure. The task of uploading stuff there is not only about having the tools it's also about having the right environment which provides account credentials as well as access to the image when they are built in the buildservice. Also the location from where the upload happens can make a difference in performance. Therefore a framework to combine all this into a more clean process should be developed. The basic parts of the project consists of:

goals

• learn general information about them

I have an IRC tab open in pidgin and an adjacent XMPP tab; the latter one displayed with focus. When a new XMPP tab opens in background (with a message incoming), the IRC tab steals the focus but not the display. It brings annoying situations when I sometimes send something accidentally to the IRC instead of XMPP, not noticing that I don't have focus. Wanna hunt and fix this bug.

We currently work on a consistency model for upstream livepatching infrastructure. We use something called a fake signal to speed up a finalization of the patching process. I'll port the implementation to kGraft in SLES which should allow to remove immediate patching since it has recently proved to be problematic...

There is a ramdisk block device (brd), and there is a null multiqueue device (nullblk). The one can do I/O, but doesn't use multiqueue, and the other does multiqueue but cannot do I/O. So the idea is to have a new multiqueue ramdisk block device (ramblk?), which can do both. Would be most useful for testing multiqueue.

DRBD refers to block devices designed as a building block to form high availability (HA) clusters.Also possible to combine multiple devices driver for Linux(MD) and the network block device(NBD) to achieve similar functionality. DRBD is done by mirroring a whole block device via an assigned network. DRBD can be understood as network based raid-1. Only two nodes are supported in 8.4.x. For the drbd9(dev in RC phase), multiple nodes can be supported as well. Diving into it and do hacks.

dropwatch is a utility which can help you to see if data is been dropped in linux network stack. The plan is to learn what actually dropwath can do and learn how does dropwatch work? and also learn how to use dropwatch? I'd like to get it working on openSUSE 13.2.

Air Pollution Forecast

Summary

whenenv is designed to keep the branching involved in build and functional test scripts from growing out of control. You specify a list of environment variables and whenenv will then try and reuse existing scrimps to process the request.

Using dynaname it is already possible to securely auto-update DNS records in a bind9, but this still needs a linux machine. This project is about building a CGI frontend for it that makes it a replacement for the discontinued dyndns.org service.

this work has experimented with zeromq sqlalchamy and multithreading in python to make a rich tool for syncronisation of your music collection with media devices. This project will attempt to pull all this research into a product.

Our books are also available as regular software packages such as 'sles-manuals_en'. There is a semi-private script that I use to generate the requisites (fetch the old version from the BS, tar the XML sources with daps, update .spec and .changes, etc.) and to submit the results to the BS.

My home server, and my other box hosting https://sysrich.co.uk are both in need of a bit of a refresh While I could be nice and conservative and pick an openSUSE regular release, I'm actually considering using openSUSE Tumbleweed, and fully embracing the 'Servers as Cattle' concept

Rust, the new language from Mozilla Foundation, is a modern systems programming language focusing on safety and speed. It accomplishes these goals by being memory safe without using garbage collection. Go, D and Nim have GC integrated into the language and the standard libraries. The GC in Rust is integrated as an external library.

Get openSUSE running in parallel to Android on a regular and rooted Android Smartphone. On top of this try to get a graphical desktop running using Xvnc available for Android.

Cover more cornercases for spec-cleaner to allow the swap of formatspecfile due to its bugginess in comparsion.

Continue on the started CHDK (Canon Hack Developer Kit) for libgphoto2 support. Work on various other libgphoto2 camera things over the week too.

We have some internal systems for videoconferencing like Big Blue Button or OpenMeetings. But in my experience none of them can compare to Google Hangouts, which is still the best free (as in free beer) alternative for videoconferencing with integrated screen sharing. While implementing an alternative to Sqwiggle on previous hackweek, I discovered Janus, a lightweight WebRTC gateway that proved to be a quite capable tool to implement video applications.

In the YaST installer, make disk encryption method, mode, key strength, random source etc configurable. The rationale is that user requirements may differ, and we would like to offer some advanced options instead of changing defaults.

Create a user interface useable with a see through head mounted display. The display was created from some Chinese video glasses and has a low resolution (320x240) which requires a optimized user interface that also is useful when using it hands free. The existing Head mounted display: https://jamballa.wordpress.com/2015/01/26/steampunked-hmd-1st-iteration/

Using an arduino nano, a rf23b (http://www.hoperf.com/rf/fsk_module/RFM23BP.htm) wireless module (or anything like it) and a solar panel to build a mesh network node that can be used to quickly deploy wireless networks. The connection between the nodes will be serial, a endpoint will have an additional wlan module connected so it will be possible to use the mesh network for normal wlan enabled devices.

netfilter.org states that "nftables is the project that aims to replace the existing {ip,ip6,arp,eb}tables framework." The nftables kernel code was merged into the mainline kernel in January 2014. So it's time to get started with the <b>new</b> Linux firewall framework on openSUSE. <ul>

Displays your openQA instance status, the feature/behavior should had at least like the list below,

Option page

Occasionally, new versions of openQA break things. How do you stop that? MORE TESTING! Testing openQA by using openQA to ensure the new versions don't break should be a good example of how openQA can test everything and anything, even itself.

I would like to learn Salt by converting ansible scripts to salt states. Current ansible scripts do some QA tasks on cloud nodes, so i thought it would be a good idea to convert them to salt after reading salt tutorial.

The webVTT standard (nearly the same as the older SRT subtitles) allows to add subtitles to a video. We could use this in openQA to show which keys were pressed at that point in the video, in which line of code we were or on what event we waited. This could make debugging easier and might be instructive to users, too.

While auto-mounting a VFAT volume in a desktop environment, there is no way to select required mount options for the particular volume. But there is no combination of options that will fit to all purposes. Without being able to choose mount options, some tasks work in an inferior way.

In https://github.com/SUSE-Cloud/automation/ we already have mkcloud, which can setup a whole SUSE Cloud on a single host for testing. However, it would be cool, if (instead of a single machine) we could use cloud.suse.de with its capability to add extra networks as requested. This can be pretty easy, as much of the mkcloud code is about making libvirt do the right thing

posixovl is a FUSE based successor of the old UMSDOS. It has a goal to provide POSIX file system functionality on top of vfat. Its code is nice and well written, but its feature set is not complete yet. It just supports: POSIX modes and user/group, hard and symbolic links, device nodes and named pipes. Much more can be done: