Hey,
Short of running pikvm-update every day, what are my options to check and get notified if there are security updates available?
To think about it, how do I even check what version of software I’m running? Is it displayed somewhere?
Thanks.
2 Likes
Hi!
All updates you can find in discord server news and blog in docs Blog - PiKVM Handbook
Current version can be found in web ui in kvm window (bottom left) and “about” menu (in system) in “Version” tab.
You can also use the REST API and the get_info endpoint with the system parameter.
curl -k -u admin:admin https://<your-pikvm-ip>/api/info?fields=system
1 Like
Is it possible to add an RSS feed to the blog? Pretty please with cherry on top?
Brilliant, thank you.
Waitaminute! my system → about → version tab says KVMD: 4.94, but Blog - PiKVM Handbook has 4.76 as the latest version. What is going on here?
Blog has big update news, PiKVM is evolving all the time, lot of different fixes.
Setting aside kvmd itself, there’s a whole underlying OS upstream. I’m not an expert in Arch, so I googled up how to get security notifications, and it came up with arch-audit. Now, there’s a big fly in the ointment:
# pacman -Syu
[...]
# pacman -S arch-audit
resolving dependencies...
warning: cannot resolve "libalpm.so=13-64", a dependency of "arch-audit"
:: The following package cannot be upgraded due to unresolvable dependencies:
arch-audit
:: Do you want to skip the above package for this upgrade? [y/N]
error: failed to prepare transaction (could not satisfy dependencies)
:: unable to satisfy dependency 'libalpm.so=13-64' required by arch-audit
Any other arch tools available that do the job and are actually installable on PiKVM?
You’re right, PiKVM is build on top of Arch Linux, and we maintain it according to PiKVM software needs. The most part of other software is out of our focus. Maybe Arch forum will be more helpful for this kind of issue? https://archlinuxarm.org/forum/
There’s the /usr/bin/checkupdates script available from the pacman-contribpackage, although it just lists all available updates (of which can be plenty in a rolling release distro) and does not differentiate security:
[root@pikvm ~]# checkupdates
cryptsetup 2.8.0-1 -> 2.8.1-1
gdbm 1.25-1 -> 1.26-1
harfbuzz 11.4.1-1 -> 11.4.2-1
Thanks, but that’s not quite what I wanted, the output of checkupdates is indeed very contaminated by various version bumps.
I did some digging on arch-audit. The version of this package in the aarch64 repo is ancient:
[root@pikvm lib]# pacman -S -i arch-audit
Repository : extra
Name : arch-audit
Version : 0.1.20-2
Description : A utility like pkg-audit based on Arch Security Team data
Architecture : aarch64
URL : https://gitlab.com/ilpianista/arch-audit
Licenses : MIT
Groups : None
Provides : None
Depends On : glibc gcc-libs curl libalpm.so=13-64
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 1618.71 KiB
Installed Size : 4399.39 KiB
Packager : Arch Linux ARM Build System <builder+n1@archlinuxarm.org>
Build Date : Sun Jan 7 12:53:18 2024
Validated By : MD5 Sum SHA-256 Sum Signature
The mainline x86_64 repo has arch-audit 0.2.0-3 which depends on the present day libalpm.so=15-64.
Whom do I have to bug to have arch-audit updated in aarch64?
1 Like
Their forum registration is broken. It tries to load a captcha from https://backs.keycaptcha.com/swfs/cap.js which fails due to Error code: SSL_ERROR_BAD_CERT_DOMAIN. And a 404 on top of that.
There is the way to report forum issue over IRC https://web.libera.chat/ #archlinuxarm