profile
viewpoint
Dario Maiocchi MalloZup @SUSE Nice, France https://mallozup.github.io/ I like computers, software , humans , paintings and creativity. #opensource #linux #minimalism

dmacvicar/terraform-provider-libvirt 804

Terraform provider to provision infrastructure with Linux's KVM using libvirt

ClusterLabs/hawk 129

A web-based GUI for managing and monitoring the Pacemaker High-Availability cluster resource manager

clj-commons/iapetos 98

A Clojure Prometheus Client

ClusterLabs/ha_cluster_exporter 39

Prometheus exporter for Pacemaker based Linux HA clusters

ClusterLabs/hawk-apiserver 10

Next generation HA cluster interface

just-foss/community 7

The main repository for governance, community and meta discussion

ClusterLabs/go-pacemaker 4

Go API for the Pacemaker cluster resource manager

MalloZup/awesome-kubebuilder-operators 4

A curated list of awesomes k8s operators done with kubebuilder

MalloZup/arsenio 3

ping authors on issues/PR which got forgotten with arsenio bot

DarioMaiocchiArt/DarioMaiocchiArt.github.io 2

Drawing Painting website

PR opened SUSE/ha-sap-terraform-deployments

Reviewers
Output hana virtual ip

This value is consumed by blue-horizon to format the correct grafana iframe urls.

Here an example: http://%{bastion_ip}:3000/d/EcC4JDFWz2/sap-hana?orgId=1&var-DS_PROMETHEUS=Prometheus&var-node_name=hana01&var-node_ip=%{hana_ip}&var-sid=%{sid}&var-instance_number=00&var-database_name=%{sid}&kiosk

bastion_ip and sid can be already retrieved

+4 -0

0 comment

1 changed file

pr created time in 14 minutes

startedlibvirt/libvirt

started time in 16 minutes

issue closedauthselect/authselect

wrong project O.O sorry - deleteme

//

closed time in 42 minutes

elegos

issue openedauthselect/authselect

pam_u2f "sufficient" asks for password first nonetheless

hello!

I'm trying to configure the PAM's SDDM configuration to let a user enter without entering his/her password, if a U2F security key is inserted. So far I've succeeded making sudo and su act like that, but not sddm / kde (lock screen).

This is the configuration for SDDM:

auth     [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth        sufficient   pam_u2f.so
auth        substack      password-auth
#auth        sufficient    pam_u2f.so
-auth        optional      pam_gnome_keyring.so
-auth        optional      pam_kwallet5.so
-auth        optional      pam_kwallet.so
auth        include       postlogin

account     required      pam_nologin.so
account     include       password-auth

password    include       password-auth

session     required      pam_selinux.so close
session     required      pam_loginuid.so
-session    optional    pam_ck_connector.so
session     required      pam_selinux.so open
session     optional      pam_keyinit.so force revoke
session     required      pam_namespace.so
session     include       password-auth
-session     optional      pam_gnome_keyring.so auto_start
-session     optional      pam_kwallet5.so auto_start
-session     optional      pam_kwallet.so auto_start
session     include       postlogin

And this on is for KDE:

#%PAM-1.0
#auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       sufficient   pam_u2f.so
auth       substack     system-auth
auth       include      postlogin
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    include      postlogin
#-session   optional     pam_ck_connector.so

Should I place the pam_u2f.so line elsewhere maybe?

If I place the line after the substack system-auth line, the result will be the same.

Thanks :)

created time in an hour

Pull request review commentSUSE/blue-horizon

Refactor Terraform validation

   before do     allow(terra).to receive(:new).and_return(instance_terra)     allow(instance_terra).to receive(:validate)+    allow_any_instance_of(SourceValidator).to receive(:terraform).and_return(instance_terra)

This is the RSpec API for configuring stubs: here we stub the private terraform method on SourceValidator instances, so that it internally uses a double of the Terraform service, instead of the real one.

stefanotorresi

comment created time in an hour

push eventauthselect/authselect

Pavel Březina

commit sha b98e6cb82af4b5a1b0e0d55c156aa6a8e325c271

pot: update pot files

view details

push time in an hour

PR closed authselect/authselect

Reviewers
CI: Build fails under Fedora 33 container Accepted

Last fedora container doesn't run well under xenial (default). We have to move with our container to newer host (focal).

+4 -1

2 comments

1 changed file

thalman

pr closed time in an hour

pull request commentauthselect/authselect

CI: Build fails under Fedora 33 container

  • master
    • 48b926d06f0402806ca153388d2a67f2d1d73374 - CI: remove sudo from config
    • 5f445256d9b4f2e63b661cd732bd23f68b2702f4 - CI: Build fails under Fedora 33 container
    • 5224f905327c0b156efe40c8fdbc7ed6aa436b54 - CI: set language to shell
thalman

comment created time in an hour

push eventauthselect/authselect

Tomas Halman

commit sha 5224f905327c0b156efe40c8fdbc7ed6aa436b54

CI: set language to shell This setting affects the set of preinstalled software. Since we use docker, shell (minimal) set is fine for us

view details

Tomas Halman

commit sha 5f445256d9b4f2e63b661cd732bd23f68b2702f4

CI: Build fails under Fedora 33 container Last fedora container doesn't run well under xenial (default). We have to move with our container to newer host (focal).

view details

Tomas Halman

commit sha 48b926d06f0402806ca153388d2a67f2d1d73374

CI: remove sudo from config The sudo prameter is deprecated. It is not needed for our project.

view details

push time in an hour

pull request commentauthselect/authselect

CI: Build fails under Fedora 33 container

Thank you. Ack.

thalman

comment created time in an hour

PR closed authselect/authselect

profiles: add support for resolved Accepted

Resolved is enabled by default since Fedora 33 so we need to reflect this change in our profiles.

It should be OK to enabled it unconditionaly. The module is part of systemd so it basically can not be uninstalled and it can be safely disabled through systemctl disable --now systemd-resolved.service.

Resolves: https://github.com/authselect/authselect/issues/221

+2 -2

26 comments

2 changed files

pbrezina

pr closed time in an hour

PR closed authselect/authselect

profiles: remove umask argument from pam_oddjob_mkhomedir Accepted

The module does not support this argument. It is a left over from a time when pam_mkhomedir was used.

Resolves: https://github.com/authselect/authselect/issues/223

+12 -12

2 comments

12 changed files

pbrezina

pr closed time in an hour

PR closed authselect/authselect

profiles: add without-pam-u2f-nouserok Accepted

Resolves: https://github.com/authselect/authselect/issues/216

+29 -11

2 comments

9 changed files

pbrezina

pr closed time in an hour

PR closed authselect/authselect

spec: Add nss-altfiles on Silverblue Accepted

This module is required on Silverblue to resolve several system users. Systems gets broken if the module is not present in nsswitch.conf.

Resolves: https://github.com/authselect/authselect/issues/226

+8 -0

2 comments

1 changed file

pbrezina

pr closed time in an hour

PR closed authselect/authselect

lib: do not create symlink to non-existent files when creating new profile Accepted

Resolves: https://github.com/authselect/authselect/issues/228

+12 -1

2 comments

1 changed file

pbrezina

pr closed time in an hour

PR closed authselect/authselect

spec: own all files under /etc/authselect and make sure they are removed with the package Accepted

Resolves: https://github.com/authselect/authselect/issues/227

+168 -15

2 comments

15 changed files

pbrezina

pr closed time in an hour

issue commentauthselect/authselect

Add systemd-resolved support

  • master
    • c5294c508a940291440eb32d5d750f33baf1ae54 - profiles: add support for resolved
pbrezina

comment created time in an hour

issue commentauthselect/authselect

Remove umask option from pam_oddjodb_mkhomedir.so line

  • master
    • 9f9738737638e3cceb33659ab3e81e59dfb0b83c - profiles: remove umask argument from pam_oddjob_mkhomedir
abbra

comment created time in an hour

issue commentauthselect/authselect

Add without-pam-u2f-nouserok

  • master
    • db94f7c2902c87e6f637d29eccfd9a285fcb3783 - profiles: add without-pam-u2f-nouserok
dlippold

comment created time in an hour

issue commentauthselect/authselect

spec: add nss-altifiles to profiles on Silverblue

  • master
    • 9e14ff3cd1cb8a84561d1b8adeaf00c42c4ce5c4 - spec: Add nss-altfiles on Silverblue
pbrezina

comment created time in an hour

issue commentauthselect/authselect

create-profile: do not create broken symlinks to non existent files

  • master
    • 02a085d1fbfc8c36a21730e547962e933f322263 - lib: do not create symlink to non-existent files when creating new profile
pbrezina

comment created time in an hour

issue commentauthselect/authselect

spec: own all files under /etc/authselect and make sure they are removed with the package

  • master
    • cfd9a2caa3d097ec7f1e2e8651dd5cfc66cd219e - spec: own all /etc/authselect/* files
    • 5cc5c1ad865fdb40839bd6bd03100e8d98b915a5 - cli: add command to remove authselect symbolic links
    • 2ba60d30ca2c597c05ff922be96f97b14d8a1862 - lib: export function to remove authselect symbolic links
pbrezina

comment created time in an hour

pull request commentauthselect/authselect

profiles: add support for resolved

  • master
    • c5294c508a940291440eb32d5d750f33baf1ae54 - profiles: add support for resolved
pbrezina

comment created time in an hour

pull request commentauthselect/authselect

profiles: remove umask argument from pam_oddjob_mkhomedir

  • master
    • 9f9738737638e3cceb33659ab3e81e59dfb0b83c - profiles: remove umask argument from pam_oddjob_mkhomedir
pbrezina

comment created time in an hour

pull request commentauthselect/authselect

profiles: add without-pam-u2f-nouserok

  • master
    • db94f7c2902c87e6f637d29eccfd9a285fcb3783 - profiles: add without-pam-u2f-nouserok
pbrezina

comment created time in an hour

pull request commentauthselect/authselect

spec: Add nss-altfiles on Silverblue

  • master
    • 9e14ff3cd1cb8a84561d1b8adeaf00c42c4ce5c4 - spec: Add nss-altfiles on Silverblue
pbrezina

comment created time in an hour

pull request commentauthselect/authselect

lib: do not create symlink to non-existent files when creating new profile

  • master
    • 02a085d1fbfc8c36a21730e547962e933f322263 - lib: do not create symlink to non-existent files when creating new profile
pbrezina

comment created time in an hour

pull request commentauthselect/authselect

spec: own all files under /etc/authselect and make sure they are removed with the package

  • master
    • cfd9a2caa3d097ec7f1e2e8651dd5cfc66cd219e - spec: own all /etc/authselect/* files
    • 5cc5c1ad865fdb40839bd6bd03100e8d98b915a5 - cli: add command to remove authselect symbolic links
    • 2ba60d30ca2c597c05ff922be96f97b14d8a1862 - lib: export function to remove authselect symbolic links
pbrezina

comment created time in an hour

push eventauthselect/authselect

Pavel Březina

commit sha c5294c508a940291440eb32d5d750f33baf1ae54

profiles: add support for resolved Resolved is enabled by default since Fedora 33 so we need to reflect this change in our profiles. It should be OK to enabled it unconditionaly. The module is part of systemd so it basically can not be uninstalled and it can be safely disabled through `systemctl disable --now systemd-resolved.service`. Resolves: https://github.com/authselect/authselect/issues/221

view details

Pavel Březina

commit sha 9f9738737638e3cceb33659ab3e81e59dfb0b83c

profiles: remove umask argument from pam_oddjob_mkhomedir The module does not support this argument. It is a left over from a time when pam_mkhomedir was used. Resolves: https://github.com/authselect/authselect/issues/223

view details

Pavel Březina

commit sha db94f7c2902c87e6f637d29eccfd9a285fcb3783

profiles: add without-pam-u2f-nouserok Resolves: https://github.com/authselect/authselect/issues/216

view details

Pavel Březina

commit sha 9e14ff3cd1cb8a84561d1b8adeaf00c42c4ce5c4

spec: Add nss-altfiles on Silverblue This module is required on Silverblue to resolve several system users. Systems gets broken if the module is not present in nsswitch.conf. Resolves: https://github.com/authselect/authselect/issues/226

view details

Pavel Březina

commit sha 02a085d1fbfc8c36a21730e547962e933f322263

lib: do not create symlink to non-existent files when creating new profile Resolves: https://github.com/authselect/authselect/issues/228

view details

Pavel Březina

commit sha 2ba60d30ca2c597c05ff922be96f97b14d8a1862

lib: export function to remove authselect symbolic links Resolves: https://github.com/authselect/authselect/issues/227

view details

Pavel Březina

commit sha 5cc5c1ad865fdb40839bd6bd03100e8d98b915a5

cli: add command to remove authselect symbolic links This command is hidden and undocumented intentionally. It is not supposed to be called by the user but by package removal script. Resolves: https://github.com/authselect/authselect/issues/227

view details

Pavel Březina

commit sha cfd9a2caa3d097ec7f1e2e8651dd5cfc66cd219e

spec: own all /etc/authselect/* files Resolves: https://github.com/authselect/authselect/issues/227

view details

push time in an hour

issue closedauthselect/authselect

spec: own all files under /etc/authselect and make sure they are removed with the package

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1878752

Currently, if authselect is removed via dnf remove authselect we keep files under /etc/authselect to avoid breaking the system. We should remove the symlinks correctly so we can safely remove the directory.

closed time in an hour

pbrezina
more