This week sees a wide range of changes, many are related to our work on supporting servers running Ubuntu. Those following the Ubuntu INF kernel should note that their machines will request reboots after updating to this release. Here are all the details…

Kernel

The Ubuntu INF kernel has been updated to version 5.4.0-113.127 and the hardware enablement kernel has been updated to 5.13.0-44.49~20.04.1

On DICE systems the kernel.perf_event_paranoid sysctl has been set to 4 to mitigate CVE-2022-1729 – race condition in Linux perf subsystem leads to local privilege escalation.

XRDP

On Ubuntu the XRDP package has been updated to 0.9.19 and XORGXRDP to 0.2.18. See the upstream release notes for the details of all the changes.

Apache

There are various small tweaks to the Apache configuration on Ubuntu. The lcfg/options/apacheconf-php.h header now ensures that the prefork module is used. Note that this means the PHP module is incompatible with the qos (quality of service) module which requires the worker module.

The header for the security2 module now also includes the unique_id module which is a required dependency on Ubuntu.

There is a new header – lcfg/options/apache_packages.h – which makes it easier to include all the packages for Apache without enabling the service itself. On Ubuntu this presets the Systemd apache2 service to be disabled so that the daemon is not immediately started when the package is installed.

PHP

On DICE support for PHP 7.1 has been removed.

Routing

On Ubuntu we’re now trying a different approach using networkd-dispatcher to trigger a restart of the LCFG routing component (and thus rdisc) whenever the systemd-networkd service is restarted. The hope is that this will be much more robust than the previous approach and will ensure we never lose the default route.

apt component

The Systemd service file for the LCFG apt component has been tweaked to ensure it always starts after the local-fs.target has been reached. Also, if the LCFG dns component is enabled the apt component will now start after that to ensure named is correctly configured.

DNS

On Ubuntu the named service will now start after the network-online.target has been reached.

Ubuntu package options

There are new LCFG_OPTIONS_NAGIOS and LCFG_OPTIONS_OPENSCAD package options for Ubuntu. There was also further refactoring of a few options to specify more dependencies, that caused the locations of those options to change.

nagios

Work has begun on running the nagios monitoring service on Ubuntu. The locations of many important files and directories are considerably different which requires changes to both code and resources, at this stage there is still a lot of work to be done.

logserver

The LCFG logserver component has been updated on SL7 to, hopefully, silence some warning log messages regarding the use of undefined values.

Microsoft Edge browser

There is now support in the ed/options/aptly.h header for mirroring the Ubuntu package repository for the Microsoft Edge web browser. Just specify the APTLY_MIRROR_EDGE macro. The signing key is the same as for other Microsoft repositories (e.g. Teams and Skype) so you may not need to import it again.

On DICE Ubuntu this is available on request for inclusion on individual desktop machines, we do not intend to provide it by default on all machines.

Changes to headers and package lists

Members of the Informatics Computing team can browse all the changes to the headers and package lists.

Weekly Changes – 06/06/2022 / LCFG Project by blogadmin is licensed under a Creative Commons Attribution CC BY 3.0