Project News

Fedora 27 Atomic Host January 18th Release

In this week’s release of Fedora Atomic Host we have an updated kernel (the spectre patches are slowly working their way out), and an updated docker with a security fix. We also are including firewalld in the ostree now, but we are not enabling it by default. I’ll post a follow up blog post on this topic in the next day or two.

The new Fedora Atomic Host update is available via an OSTree update:

Version: 27.61

  • Commit(x86_64): 772ab185b0752b0d6bc8b2096d08955660d80ed95579e13e136e6a54e3559ca9
  • Commit(aarch64): 598626fd61dc6ed4b702159e50b6029ee70a527e855fce7d8e61a870b141f893
  • Commit(ppc64le): 16ce78ee689066f582dbfc0672dab1706051fefab496fcebd8109d58738eb8fe

We are releasing images from multiple architectures but please note that x86_64 architecture is the only one that undergoes automated testing at this time.

Existing systems can be upgraded in place via e.g. atomic host upgrade or atomic host deploy. Systems on Fedora Atomic 26 can be upgraded using rpm-ostree rebase. Refer to the upgrade guide for more details.

Read More »

Buildah Blocks - OCI Shell Game

I’ve always been fascinated by the three shells and a pea game that street hustlers have used for years to make a bit of coin. I love watching a talented person running the game, but I know better than to bet on it! However, playing the game with Buildah leads to everyone being a winner.

I had a bit of time to play, so I tried out a variant of the shell game with Open Containers Initiative (OCI) containers. I made a quick example showing how you can create an OCI image with Buildah, saved the image to a repository on Docker Hub and then used both Docker and Buildah to run that image from Docker Hub. Nothing terribly fancy, but the video does illustrate that Buildah is OCI-compliant and the images it creates can be used by other OCI-compliant technologies.

Read More »

CentOS Atomic Host 7.1712 Available for Download

The CentOS Atomic SIG has released an updated version of CentOS Atomic Host (7.1712), a lean operating system designed to run Linux containers, built from standard CentOS 7 RPMs, and tracking the component versions included in Red Hat Enterprise Linux Atomic Host.

This release includes updated kernel, linux-firmware and microcode_ctl packages to address recent security advisories, alongside other minor updates that shipped during the month of December.

Read More »

Fedora 27 Atomic Host January 4th Security Release

A new Fedora Atomic Host update is available via an OSTree commit. This update contains an important security patch.

Version: 27.47
Commit(x86_64): 397e907961adafaeff11b807ceade8da5783134072406fcdba627f1195e0db76
Commit(aarch64): 25965b64256417d7dfed37511ffe0cf842ebe64bd6adc8c57a3c603dcfd79885
Commit(ppc64le): c0d0a28a01fd363dfc317e3418935efae6d728a718320dfb3709c4282160f20f

This is a security related release of Fedora Atomic Host to address CVE-2017-5754 (Meltdown). This release does not yet handle the Spectre vulnerabilities, CVE-2017-5753 and CVE-2017-5715. Those will come in a future update. For more information see the Red Hat knowledgebase article.

kernel-4.14.11-300.fc27.x86_64 fixes BZ1530826 related to CVE-2017-5754. It also fixes some other CVEs as well. See the attached bugs to the bodhi update for more information.

Read More »