Weekly changes – 09/11/2020
A much quieter week for changes to the Ubuntu platform. For SL7 with the release of 7.9 there are a considerable number of backported security updates for 7.8. Here’s a summary…
SL7 updates
With the release of SL7.9 a large number of security updates have been backported to SL7.8 and SL7.6. Depending on the size of the installation there is the potential for anything up to 900 updates on an SL7.8 machine, on a standard DICE desktop machine we see approximately 200 updates. There is also a new kernel – 3.10.0-1160.2.2.el7 – which can be tested by including the ed/options/kernel.h header and specifying the INF_TEST macro.
The number of updates is slightly larger on SL7.6, as Informatics no longer have the ability to test upgrades on the SL7.6 platform we have decided to stop providing these regular updates. We will now only provide updates to SL7.6 if a critical issue is discovered, we will continue to update the kernel and openafs packages for the INF kernel though.
LCFG alias component
A bug was fixed in the component code – bug#1256 – which prevented the sendmail newaliases tool being run after the aliases file was modified.
PDF support
An explicit mailcap entry was added for application/pdf to hopefully ensure that evince is always launched in preference to the gimp graphics software.
Network Configuration
Work continues on providing support for managing the network configuration on Ubuntu machines using the LCFG network component. Currently, there is support for simple DHCP and static addresses, as would normally be used for workstations, and also for bonding interfaces which is needed for servers. This week an annoying bug in the bonding support was resolved which had previously caused machines to get into endless reboot cycles. Also we no longer automatically enable the lcfg-network.service when the package is installed, this means it is safe to add the package and then enable it later, which is what will happen in a transition from an unmanaged to managed state at some point for DICE machines. Other minor changes include support for optional interfaces, changing the name of an interface and for specifying the gateway for an interface – see bug#1259 for details.
In the near future we will look into adding support for VLANs and bridging. The changes to the network schema are being kept to a minimum with the aim that wherever possible existing LCFG resource configurations from SL7 should “just work” with the new component. There will be extensive testing before the new network component is enabled by default, in the meantime you can use it by enabling the LCFG_NETWORK_USE_NETPLAN option at the beginning of an LCFG profile.
Ubuntu kernel
By default on Ubuntu we retain the previous kernel packages when a new one is installed. This allows us to revert to a known good kernel if problems occur. Sometimes, when space is tight, this can use up valuable disk space so we have made it possible to disable that feature. In your LCFG profile it can be disabled by removing LCFG_KERNEL_PREV from the list of required software recorded in the profile.pkgcppopts resource.
PostgreSQL updates
PostgreSQL databases were upgraded to the latest versions, see the postgresql announcement for full details.
DICE software changes
Along with the weekly security updates, the following packages were newly installed on DICE Ubuntu. Note that not all machines will carry all these packages:
- smbclient – for accessing files via samba (e.g. datastore)
- libdbi-perl – Access databases from Perl code
Recent comments