Doug Brown documents the long journey to fixing a bug in the GDebi utility for installing Debian packages. He first encountered the bug in Ubuntu MATE 18.04: "at the time I just ignored this issue. I didn't want to deal with it. I went off to the trusty Linux terminal and installed Chrome that way instead".

Two and a half years ago, I committed to doing more open-source contributions in my free time and was finally irritated enough about this problem to look into it. I searched around for more info. Lo and behold, lots of people were also affected and there was already an issue from 2019 on Ubuntu's bug tracker about it.

[...] As is commonly the case in software development, the difficult part of this fix had nothing to do with the code itself. All of my effort was spent figuring out Ubuntu's patch submission processes and advocating for my merge request. Nobody else seemed to be interested in doing the work to actually fix this bug that has been plaguing Ubuntu MATE and Xubuntu, not to mention some Debian users, for over 6 years. After dealing with the long process of getting my merge request approved, I think I'm starting to understand why!

Brown notes that the fix is now packaged for the upcoming Ubuntu 24.10 release, and should be backported to 22.04 and 24.04 eventually.

Fedora Atomic Desktop and Fedora IoT systems installed before Fedora 40 may fail to boot after an update if secure boot is enabled. Fedora Magazine has a post by Timothée Ravier about the problem, how users can work around it, and what the project is doing to avoid the similar problems in the future:

On Fedora Atomic Desktops and Fedora IoT systems, the components that are part of the boot chain (Shim, GRUB) are not (yet) automatically updated alongside the rest of the system. Thus, if you have installed a Fedora Atomic Desktop or a Fedora IoT system before Fedora 40, it uses an old versions of the Shim and bootloader binaries to boot your system.

When Secure Boot is enabled, the EFI firmware loads Shim first. Shim is signed by the Microsoft Third Party Certificate Authority so that it can be verified on most hardware out of the box. The Shim binary includes the Fedora certificates used to verify binaries signed by Fedora. Then Shim loads GRUB, which in turn loads the Linux kernel. Both are signed by Fedora.

Until recently, the kernel binaries where signed two times, with an older key and a newer one. With the 6.9 kernel update, the kernel is no longer signed with the old key. If GRUB or Shim is old enough and does not know about the new key, the signature verification fails.

At DevConf.cz 2024, Marta Lewandowska gave a talk to discuss a new approach for booting Linux systems, "No more boot loader: Please use the kernel instead". The talk, available on YouTube, introduced a new project called nmbl (for "no more bootloader", pronounced "nimble"). The idea is to get rid of bootloaders (e.g., GNU GRUB) with a Unified Kernel Image (UKI) that removes the need for a separate bootloader altogether. It is early days for nmbl, currently the project is only being tested for use with virtual machines, but the idea is compelling. If successful, nmbl could offer security, performance, and maintenance benefits compared to GRUB and other separate bootloaders.

Debian's proposed tag2upload service would be worthy of an article even if it wasn't so contentious; tag2upload promises a streamlined way for Debian developers using Git to upload packages to the Debian Archive. But tag2upload has been in limbo for years due to disagreement and a communication breakdown between the team behind tag2upload and the ftpmasters team. It took the threat of a General Resolution (GR), weeks of discussion, and more than 1,000 emails to finally move forward.

The Universal Blue project, which produces operating system images based on Fedora's Atomic Desktops, has issued an announcement that manual steps are required to continue receiving updates. Jorge Castro wrote:

If you use Bazzite, Bluefin, Aurora, or any other Universal Blue image (including our toolboxes) then you need to follow the instructions in this announcement in order to ensure that your device is getting updates. We were rotating our cosign keypairs this morning, which is the method that we use to sign our images.

During this process I made a critical error which has resulted in forcing you to take manual steps to migrate to our newly signed images.

This applies to all Universal Blue images released before July 2, 2024. See the full announcement for instructions. LWN covered Bluefin in December, 2023.

Version 4.10.0 of GNU findutils has been released. Notable changes include allowing find -name / as a valid pattern, and accepting larger UIDs/GIDs for find -user and find -group. It is also once again possible to build findutils on systems with musl-libc.

FreeDOS is an open-source operating system designed to be compatible with the now-defunct MS-DOS. Three decades have now passed since the FreeDOS project was first announced, and it is still alive and well with a small community of developers and users committed to running legacy DOS software, classic DOS games, and developing modern applications that extend its functionality well beyond the original MS-DOS. It may well be around in another 30 years.

The FreeBSD Foundation has published a set of reports from the May 2024 FreeBSD Developer Summit held in Ottawa, Canada. The topics include FreeBSD Core Team updates, FreeBSD 15 release planning, Integration with Rust, and OCI containers on FreeBSD:

Doug Rabson began by providing an overview of the current state of FreeBSD support for OCI containers, noting that while FreeBSD has long supported containers through its jail and vnet features, the ecosystem around OCI containers requires further development. "FreeBSD has been able to do containers for a long time, but we need to align better with OCI standards to make our containers more compatible and easier to use," Rabson remarked​​.

The Free Software Foundation (FSF) has announced the addition of three new members to its board: John Gilmore, Christina Haralanova, and Maria Chiara Pievatolo. This is part of FSF governance changes announced in January 2023. The next step is a review of current board members:

These three new members of the FSF's board of directors are the first to be appointed since 2020, when Odile Bénassy joined. Given the importance of the FSF to the free software movement, and the importance of its board to ensure preservation of the software freedom definition, the board has not taken its task lightly. Next, the FSF will evaluate current board members with the FSF's associate members in August, after which the voting members will review the feedback received and decide if each current board member should remain.

More information on the process, and a short biography of each new board member, is available in the full announcement.

An upgrade from Python 3.11 to 3.12 has led to the rejection of some Python apps by Apple's app stores. That led to Eric Froemling submitting a bug report against CPython. That, in turn, led to an interesting discussion among Python developers about how far the project was willing to go to accommodate app store review processes. Developers reached a quick consensus, and a solution that may arrive as soon as Python 3.13.

The 6.9.7, 6.6.36, and 6.1.96 stable kernel updates have been released; each contains an important set of fixes.

The openSUSE project has announced Leap Micro version 6.0. Leap Micro is an image-based, lightweight Linux distribution that is designed to run containerized and virtualized applications. It is based on SUSE Linux Enterprise (SLE) Micro. Changes in this release include the support for full-disk encryption, the addition of Cockpit for web-based system management, and an optional real-time kernel for x86_64. Boot support for legacy BIOS on x86_64 is deprecated with 6.0, and will be removed in a later release. See the SLE Micro release notes for more information.

Peter Hutterer has written a summary of "papercut fixes" for GNOME tablet support that are planned to ship with GNOME 47.

If you're an avid tablet user, you may have multiple stylus tools - but it's also likely that you have multiple tools of the same type which makes differentiating them in the GUI hard. Which is why they're highlighted now - if you bring the tool into proximity, the matching image is highlighted to make it easier to know which stylus you're about to configure. Oh, and in the process we added a new SVG for AES styli too to make the picture look more like the actual physical tool. The <blink> tag may no longer be cool but at least we can disco our way through the stylus configuration now.

Version 4.8.0 of the darktable photo editor has been released. Changes include performance improvements for large collections, addition of more EXIF fields in the image information module, and two new modules for image composition: Enlarge Canvas and Overlay. Enlarge Canvas allows adding areas to an image, while Overlay allows adding new content by overlaying pixels from the current image or another image. LWN last looked at darktable in 2022. Users are "strongly advised" to make a backup of their configuration and library before upgrading, as they will not be compatible with darktable 4.6.

Dan Walsh, Stef Walter, and Colin Walters all walk into a presentation and Walter asks, "why would you want to boot your containers?" This isn't the setup for some technology joke, this is part of the trio's keynote at DevConf.cz in Brno, Czech Republic on June 14 about bootable containers (bootc). The talk, which was streamed to YouTube for those of us who didn't attend DevConf.cz in person, provided a solid overview of bootc and the problems it is intended to solve. The idea behind bootc is to make creating operating-system images just as easy as creating application-container images while using the same tools.