Getting an SSL certificate for your web server has traditionally been a something of an effort. You need to correctly generate a weird thing called a certificate signing request (CSR), submit it to the web page of your chosen Certificate Authority (CA), wait for them to sign and generate a certificate, work out where to put the certificate to configure it for your web server—making sure you also configure any required intermediate CA certificates—and then restart the web server. If you got all that right, you then need to enter a calendar entry so you’ll remember to go through the process again in (say) a year’s time. Even some of the biggest names in IT can mess up this process.
With new CAs like Let’s Encrypt, along with some supporting software, the rigmarole around SSL certificates becomes a thing of the past. The technology behind this revolution is Automatic Certificate Management Environment (ACME), a new IETF standard (RFC 8555) client/server protocol which allows TLS certificates to be automatically obtained, deployed, and renewed. In this protocol, an “agent” running on the server that needs an SSL certificate will talk to to the CA’s ACME server over HTTP.
A popular method for using ACME on your Red Hat Enterprise Linux 7 server is certbot. Certbot is a standalone ACME agent that is configured out-of-the-box to work with Let’s Encrypt and can work with Apache httpd, Nginx, and a wide variety of other web (and non-web!) servers. The certbot authors have an excellent guide describing how to set up certbot with httpd on RHEL7.
In this tutorial, I’ll show an alternative method—the mod_md module—which is an ACME agent implemented as a module for Apache httpd, tightly integrated with mod_ssl, and is supported today in Red Hat Enterprise Linux 7. The mod_md module was implemented by Stefan Eissing—a prolific developer who also added HTTP/2 support to httpd—and contributed to the Apache Software Foundation, becoming a standard part of any new installation since httpd version 2.4.30.
Continue reading “Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7”
With the release of Red Hat Enterprise Linux 8, I’m pleased to introduce our new RHEL 8 cheat sheet for developers. This version has been updated from the beta version to reflect the final updates in RHEL 8. This document is intended for those of you who are:
- Already familiar with Red Hat Enterprise Linux, but you want a quick reference for new RHEL 8 commands.
- New to Red Hat Enterprise Linux and want to start exploring RHEL 8.
Here’s a sample of some of the common module commands you’ll find in this cheat sheet.
Continue reading “Red Hat Enterprise Linux 8 developer cheat sheet”
I think Red Hat Enterprise Linux 8 is the most developer-friendly Red Hat Enterprise Linux that we’ve delivered, and I hope you agree. Let’s get down to business, or rather coding, so you can see for yourself. You can read the Red Hat corporate press release.
For this article, I’ll quickly recap Red Hat Enterprise Linux 8 features (architecture, containers), introduce the very new and cool Red Hat Universal Base Image (UBI), and provide a handy list of developer resources to get you started on Red Hat Enterprise Linux 8.
Download RHEL 8 now
Download RHEL 8 image
Continue reading “Red Hat Enterprise Linux 8 now generally available”
The concept of RPM packaging can be overwhelming for first-timers because of the impression a steep learning curve is involved. In this article, I will demonstrate that building an RPM with minimal knowledge and experience is possible. Note that this article is meant as a starting point, not a complete guide to RPM packaging.
Continue reading “RPM packaging: A simplified guide to creating your first RPM”
Have you tried the Red Hat Enterprise Linux 8 (RHEL8) Beta yet? Read on to learn how to stand up a LAMP stack on top of RHEL8 Beta quickly, and play around with new features built into the operating system.
A LAMP stack is made up out of four main components, and some glue. The first main component in a LAMP stack is Linux. In my example, I’m using Red Hat Enterprise Linux 8 Beta for that, which gives me a secure operating system, a modern programming environment, and user-friendly set of tools to control it.
Continue reading “How to set up a LAMP stack quickly on Red Hat Enterprise Linux 8 Beta”
This article is for people interested in the long-term maintenance of software systems that expose application binary interfaces (a.k.a. ABIs) to other systems. That long-term maintenance involves detecting and analyzing inevitable changes in the ABIs and assessing whether these changes allow the maintained systems to stay compatible with the components with which they interact.
In this article, I describe what happened to the ABI change analysis framework that I worked on during 2018: the Abigail library (Libabigail) and its associated set of tools. The goal is not to list the myriad changes that happened throughout releases 1.2, 1.3, 1.4, and 1.5 that occurred during that year, but I will walk you through the main changes that happened and put them in perspective.
Continue reading “Changes made to the Libabigail ABI change analysis framework in 2018”
“Fuzzing” an application is a great way to find bugs that may be missed by other testing methods. Fuzzers test programs by generating random string inputs and feeding them into an application. Any program that accepts arbitrary inputs from its users is a good candidate for fuzzing. This includes compilers, interpreters, web applications, JSON or YAML parsers, and many more types of programs.
libFuzzer is a library to assist with the fuzzing of applications and libraries. It is integrated into the Clang C compiler and can be enabled for your application with the addition of a compile flag and by adding a fuzzing target to your code. libFuzzer has been used successfully to find bugs in many programs, and in this article, I will show how you can integrate libFuzzer into your own applications.
Continue reading “Introduction to using libFuzzer with llvm-toolset”
There has been a lot of work to improve C/C++ compilers in recent years. A number of articles have been posted by Red Hat engineers working on the compilers themselves covering usability improvements, features to detect possible bugs, and security issues in your code.
Red Hat Enterprise Linux 8 Beta ships with GCC 8 as the default compiler. This article shows you how to install GCC 8 as well as Clang/LLVM 6 on Red Hat Enterprise Linux 7. You’ll be able to use the same updated (and supported) compilers from Red Hat on both RHEL 7 and 8.
If you want your default
gcc to always be GCC 8, or you want
clang to always be in your path, this article shows how to permanently enable a software collection by adding it to the profile (dot files) for your user account. A number of common questions about software collections are also answered.
Continue reading “How to install GCC 8 and Clang/LLVM 6 on Red Hat Enterprise Linux 7”
A Java runtime environment should be able to run compiled source code, whereas a development kit, for example, OpenJDK, would include all the libraries/binaries to compile and run the source code. Essentially the latter is a superset of the runtime environment. More details on OpenJDK support and lifecycle can be found here.
Red Hat ships and supports container images with OpenJDK for both Java 8 and 11. More details are here. If you are using Red Hat Middleware, the s2i images shipped are also useful to deploy, for example, on Red Hat Openshift Container Platform.
Note that Red Hat only provides OpenJDK-based Java 8 and 11 images. With that said, there will certainly be situations where developers would like to create their own Java runtime images. For example, there could be reasons such as minimizing storage to run a runtime image. On the other hand, a lot of manual work around libraries such as Jolokio or Hawkular and even security parameters would need to be set up as well. If you’d prefer not to get into those details, I would recommend using the container images for OpenJDK shipped by Red Hat.
In this article we will:
- Build an image with Docker as well as Buildah.
- We will run that image with Docker as well as Podman on localhost.
- We will push our image to Quay.
- Finally, we will run our app by importing a stream into OpenShift.
This article was written for both OpenShift 3.11 and 4.0 beta. Let’s jump right into it.
Continue reading “Creating and deploying a Java 8 runtime container image”
Red Hat Enterprise Linux (RHEL) needs time zone information in order for all applications in the operating system to correctly print local time. The GNU C Library (
glibc) makes use of the
tzdata package in order to make APIs such as
strftime() work correctly, while applications such as
/usr/bin/date make use of this information to print the local date.
tzdata package contains the data files documenting both current and historic transitions for various time zones around the world. This data represents changes required by local government bodies or by time zone boundary changes, as well as changes to UTC offsets and daylight saving time (DST).
This article describes three variants of the
tzdata time zone data format that were introduced in 2018 and how tzdata changes will be made in Red Hat Enterprise Linux.
Continue reading “Time zone data (tzdata): 2018 data format changes and Red Hat Enterprise Linux”