today's howtos
Linux Memory Statistics – Dropbear
Memory sits in the first row after the headers then we have the swap statistics. Most of the numbers are directly fetched from the procfs file /proc/meminfo which are scaled and presented to the user. A good example of a “simple” stat is total, which is just the MemTotal row located in that file. For the rest of this post, I’ll make the rows from /proc/meminfo have an amber background.
Resolving Domain Names with dig Command on Linux
This tutorial shows how to resolve domain names on the Linux shell and how to query a name server for various kinds of DNS records like A, MX and NS records. To resolve a domain name on the shell, we will use the command dig.
Daniel P. Berrangé » Blog Archive » Trying sd-boot and unified kernel images in a KVM virtual machine
A recent thread on the Fedora development list about unified kernel images co-incided with work I’m involved in wrt confidential computing (AMD SEV[-SNP], Intel TDX, etc). In exploring the different options for booting virtual machines in a confidential computing environment, one of the problems that keeps coming up is that of validating the boot measurements of the initrd and kernel command line. The initrd is currently generated on the fly at the time the kernel is installed on a host, while the command line typically contains host specific UUIDs for filesystems or LUKS volumes. Before even dealing with those problems, grub2‘s support for TPMs causes pain due to its need to measure every single grub.conf configuration line that is executed into a PCR. Even with the most minimal grub.conf using autodiscovery based on the boot loader spec, the grub.conf boot measurements are horribly cumbersome to deal with.
With this in mind, in working on confidential virtualization, we’re exploring options for simplifying the boot process by eliminating any per-host variable measurements. A promising way of achieving this is to make use of sd-boot instead of grub2, and using unified kernel images pre-built and signed by the OS vendor. I don’t have enough familiarity with this area of Linux, so I’ve been spending time trying out the different options available to better understand their operation. What follows is a short description of how i took an existing Fedora 36 virtual machine and converted it to sd-boot with a unified kernel image.
First of all, I’m assuming that the virtual machine has been installed using UEFI (EDK2’s OOVMF build) as the firmware, rather than legacy BIOS (aka SeaBIOS). This is not the default with virt-manager/virt-install, but an opt-in is possible at time of provisioning the guest. Similarly it is possible to opt-in to adding a virtual TPM to the guest, for the purpose of receiving boot measurements. Latest upstream code for virt-manager/virt-install will always add a vTPM if UEFI is requested.
DDC as a KVM Switch « etbe - Russell Coker
With the recent resurgence in Covid19 I’ve been working from home a lot and using both my work laptop and personal PC on the same monitor. HDMI KVM switches start at $150 and I didn’t feel like buying one. So I wrote a script to change inputs on my monitor. The following script locks the session on the local machine and switches the monitor’s input to the other machine. I ran the command “ddcutil vcpinfo| grep Input” which shows that (on my monitor at least) 60 is the VCP for input. Then I ran the command “ddcutil getvcp 60” to get the current value and tried setting values sequentially to find the value for the other port.
Secure Kubernetes certificates with cert-manager and Dekorate | Red Hat Developer
Cert-manager is a cloud-native certificate management service for Kubernetes and Red Hat OpenShift. To configure cert-manager, you need to install several resources using custom resource definitions (CRDs). Depending on the issuer type and the certificate you need, creating these custom resources can become complex. This article introduces Dekorate as an easier way to generate the cert-manager custom resources. We will also provide an example Java application based on Spring Boot that uses the certificate generated by cert-manager.
Security Patches and GPS Fiasco
MicroOS Desktop Use to Help with ALP Feedback
Participants from the openSUSE community working on the upcoming release of the Adaptable Linux Platform (ALP) encourage people to try openSUSE MicroOS Desktop to gain user perspectives on its applicability. Users are encouraged to try out MicroOS Desktop by installing it and using it on a laptop or workstation for a week or so. By doing this, users develop a frame of reference for how ALP can progress; the community wants to gain feedback about what users think about ALP’s usability, how it fits user workflows and more. The community would like to see critiques and evaluations that work for users. People are encouraged to send feedback to the ALP-community-wg mailing list. The temporary use of the MicroOS Desktop will help developers assess how to move forward with ALP’s Proof of Concept (PoC). Currently MicroOS Desktop has both GNOME and KDE’s Plasma as an option. Also: YaST Development Report - Chapter 5 of 2022 | YaST
Fedora / Red Hat Leftovers
