Weekly Changes – 06/03/2023
Again we have a large number of changes related to the work for Ubuntu Jammy this week. Intermingled with all that churn there are quite a lot of other varied changes. Here are all the notable details…
Kernel
The INF
kernel for SL7 has been updated to 3.10.0-1160.83.1.el7
.
XRDP
Ubuntu now has the latest versions of the xrdp (0.9.21) and xorgxrdp (0.9.19) packages. For details of all the changes, see the release notes for xrdp and xorgxrdp. When the session manager restarts it loses track of existing sessions so, to avoid zombie sessions and annoyed users, the packages are marked for upgrade at boot time only.
PostgreSQL
Updates are available for PostgreSQL – 15.2, 14.7, 13.10, 12.14, and 11.19 – see the news article for full details. Note that not all PostgreSQL versions are supported on all platforms.
SSH Service
There is a new ed-level header – ed/options/ssh-server.h – which aims to implement configuration to match the policy provided in the SSH Best Practices document developed by the CSE Security working group. The hope is that this header can form the basis for standard secure SSH servers in the college. It contains sensible defaults along with many useful features which may be enabled to suit your local requirements. Thanks to Matthew Richardson for providing this header. Suggestions for tweaks or additional features are very welcome.
GNU Awk
The Ubuntu base package lists for Focal and Jammy have been tweaked to include GNU Awk (gawk) rather than the minimalist mawk which is standard. Any LCFG code that calls awk will have been written in the expectation that it’s using gawk and various upstream packages specifically depend on features of gawk.
Ubuntu Installer
The lcfg-builddebroot script now gets the apt repository information needed to build an ISO from the installroot profile. This avoids hardwiring into the code all the repository information which may differ between platforms.
fail2ban
The LCFG fail2ban component has been updated to support blocking connections using iptables on Ubuntu.
Rust programming language
The Rust packages on Ubuntu Focal have been updated to version 1.65. Given the way the packages are named, this required a change to the postship package list and it may also be necessary to tweak your local package lists.
Package Mirroring
The upstream repositories used in the default pkglist-tools configuration for EL7 epel, software collections and centosvirt have been switched from Bytemark to mirrorservice as Bytemark no longer supports rsync.
Package Caching
The headers for LCFG rpmaccel component (which supports caching packages for both Redhat and Debian) have gained a new RPMACCEL_NOCACHE
macro to make it easier to disable caching for a files matching a pattern. For example:
RPMACCEL_NOCACHE(debmeta1,'\/(Packages|Sources)(|\.bz2|\.gz|\.xz)$')
Note that the pattern must be contained within single-quotes. There is also a new option – LCFG_OPTIONS_DEBACCEL
– which may be defined prior to including the header to disable caching on all Debian repository metadata files.
To reduce the load on the DICE package server we are planning to change the apt config for all Ubuntu machines to use the cache servers (which matches with SL7). We are currently in the process of testing this change, to help with testing the package cache on DICE Ubuntu you can define the DICE_OPTIONS_PKGCACHE_TEST
macro at the top of an LCFG profile.
Changes to headers and package lists
Members of the Informatics Computing team can browse all the changes to the headers and package lists.
Recent comments