Weekly Changes – 06/06/2022
This week sees a wide range of changes, many are related to our work on supporting servers running Ubuntu. Those following the Ubuntu INF
kernel should note that their machines will request reboots after updating to this release. Here are all the details…
Kernel
The Ubuntu INF
kernel has been updated to version 5.4.0-113.127 and the hardware enablement kernel has been updated to 5.13.0-44.49~20.04.1
On DICE systems the kernel.perf_event_paranoid
sysctl has been set to 4 to mitigate CVE-2022-1729 – race condition in Linux perf subsystem leads to local privilege escalation.
XRDP
On Ubuntu the XRDP package has been updated to 0.9.19 and XORGXRDP to 0.2.18. See the upstream release notes for the details of all the changes.
Apache
There are various small tweaks to the Apache configuration on Ubuntu. The lcfg/options/apacheconf-php.h
header now ensures that the prefork module is used. Note that this means the PHP module is incompatible with the qos (quality of service) module which requires the worker module.
The header for the security2 module now also includes the unique_id module which is a required dependency on Ubuntu.
There is a new header – lcfg/options/apache_packages.h
– which makes it easier to include all the packages for Apache without enabling the service itself. On Ubuntu this presets the Systemd apache2 service to be disabled so that the daemon is not immediately started when the package is installed.
PHP
On DICE support for PHP 7.1 has been removed.
Routing
On Ubuntu we’re now trying a different approach using networkd-dispatcher to trigger a restart of the LCFG routing component (and thus rdisc) whenever the systemd-networkd service is restarted. The hope is that this will be much more robust than the previous approach and will ensure we never lose the default route.
apt component
The Systemd service file for the LCFG apt component has been tweaked to ensure it always starts after the local-fs.target
has been reached. Also, if the LCFG dns component is enabled the apt component will now start after that to ensure named is correctly configured.
DNS
On Ubuntu the named service will now start after the network-online.target
has been reached.
Ubuntu package options
There are new LCFG_OPTIONS_NAGIOS
and LCFG_OPTIONS_OPENSCAD
package options for Ubuntu. There was also further refactoring of a few options to specify more dependencies, that caused the locations of those options to change.
nagios
Work has begun on running the nagios monitoring service on Ubuntu. The locations of many important files and directories are considerably different which requires changes to both code and resources, at this stage there is still a lot of work to be done.
logserver
The LCFG logserver component has been updated on SL7 to, hopefully, silence some warning log messages regarding the use of undefined values.
Microsoft Edge browser
There is now support in the ed/options/aptly.h
header for mirroring the Ubuntu package repository for the Microsoft Edge web browser. Just specify the APTLY_MIRROR_EDGE
macro. The signing key is the same as for other Microsoft repositories (e.g. Teams and Skype) so you may not need to import it again.
On DICE Ubuntu this is available on request for inclusion on individual desktop machines, we do not intend to provide it by default on all machines.
Changes to headers and package lists
Members of the Informatics Computing team can browse all the changes to the headers and package lists.
Recent comments