Hello TUXEDO Fans and Open-Source Enthusiasts!
The weather at the Penguin headquarters in Augsburg was stormy this week, but the developers' mood remained stable. A new kernel saw the light of day in the TUXEDO world. Our KDE app of the week is the office suite Calligra. The tip of the week explains that it doesn’t always has to be Sudo.
Enjoy reading,The TUXEDO OS Team
Note: We would like to keep you updated on the latest developments in TUXEDO OS with the TWIX series and introduce you to exciting applications as well as practical tips related to the KDE desktop and TUXEDO OS. However, this section should not be a one-way street: your feedback, ideas, and suggestions for improvement are very welcome! For this purpose, we have created a thread on Reddit, where you can reach us directly.
Updates TUXEDO OS
linux v6.11.0–118026.2624 .04.1tux1
Rebase to current Ubuntu kernel Integration of boot parameter fixes
KDE App of the Week: Office-Suite Calligra
This week’s KDE App of the Week focuses on office software. We present the Calligra Suite and compare it to LibreOffice.
LibreOffice
We ship TUXEDO OS with LibreOffice, which professionally supports all your office tasks. LibreOffice includes programs for word processing (Writer), spreadsheets (Calc), presentations (Impress), and drawing (Draw). In addition to versions for Linux, Windows, and macOS, there are also apps for Android and iOS smartphones and tablets, as well as an online version under the name LibreOffice Online available as a web app. A commercial edition of LibreOffice that can also be self-hosted is offered by Collabora Online .
LibreOffice is more comprehensive than the Calligra Suite and also targets professional users. The office suite provides a wide range of features and tools comparable to those of Microsoft Office. These include numerous extensions, add-ons, and a high level of customization. LibreOffice is regularly updated and benefits from a large developer community.
The Calligra Suite covers text, spreadsheets, presentations, and graphics
Calligra Suite
The Calligra Suite was created in 2010 as a fork of the original KOffice office software package and is aimed more at beginners and users with basic requirements. The suite offers essential applications for word processing, spreadsheets, presentations, and graphics. It is particularly user-friendly and clearly laid out, but provides significantly fewer features compared to LibreOffice. In more complex use cases—such as creating detailed organizational charts or performing advanced layout and automation tasks—Calligra reaches its limits. Like LibreOffice, Calligra is also cross-platform and available for Linux, macOS, and Windows.
Calligra Words combines word processing and desktop publishing
The difference between the two suites becomes apparent in terms of disk space usage. While LibreOffice takes up about 1.5 GB in a standard installation, Calligra makes do with 150 MB. It consists of the word processor Calligra Words, the spreadsheet application Calligra Sheets, the presentation software Calligra Stage, and the vector graphics program Karbon.
Calligra Sheets is a adequatly featured spreadsheet application
With Calligra 4.0, the suite was updated to Qt6 and KDE Frameworks 6. At the same time, the user interface was redesigned. Additionally, the database Kexi and the project management application Plan were separated from the suite and have since been released independently.
Calligra Stage is an easy to use, yet flexible presentation application
The Calligra Suite is suitable for classic office tasks in the areas of text, spreadsheets, and presentations, and covers the needs of private users and small businesses. In TUXEDO OS, LibreOffice was preinstalled because it meets the needs of a broader user base. However, Calligra can be installed via the Discover package manager or the command line.
TUXEDO OS Tipps & Tricks: It doesn’t always have to be sudo
We present an alternative and explain its installation and configuration.
Users working on the command line are familiar with the sudo command, which grants them the privileges of another user. In most cases, this means the role of the superuser root, which allows an unprivileged user to perform administrative tasks. This enables the user, among other things, to install updates via the package manager or modify files outside their own home directory.
Sudo
Sudo is a very powerful tool with many options and a highly detailed configuration file. However, inexperienced users can unknowingly weaken system security by making incorrect entries in the Sudoers configuration file . While sudo offers many advanced capabilities, most users only require a small subset of its features. What many users don’t know: there are lightweight alternatives to sudo that also allow users to assume the identity of another system user — but with significantly less code and a simpler configuration file.
One of these alternatives is called Doas, which can be loosely translated as “do it as.” Originally from OpenBSD, Doas has been ported to Linux in two versions. The corresponding packages are called doas and opendoas . This article refers to opendoas , which is considered the more secure variant.
In Comparison
Compared to the approximately 3.4 MB that Sudo takes up, OpenDoas is significantly smaller at just 40 KB. In terms of code, Sudo consists of 223,957 lines spread across more than 500 files, while OpenDoas is just around 400 lines total in a single file. The number of lines in a program is critical for code maintainability, potential bugs, and attack surface. Sudo has indeed been affected by security vulnerabilities multiple times over the years.
OpenDoas
During installation, opendoas is linked with the authentification modules of PAM , but no configuration file is created by default. You must create this file manually:
sudo nano /etc/doas.conf
To grant your user root privileges, insert the following line (replace USERNAME with your actual username):
permit USERNAME as root
If you want to configure opendoas for multiple users on your machine, those users must first be part of the wheel group. For example, to add the user tom :
sudo usermod -aG wheel tom
Then add the following line to the configuration file:
permit :wheel as root
If the same users previously allowed via sudo should now use doas , insert:
permit :sudo
Next, set appropriate file permissions so only root can read the configuration:
sudo chown root:root /etc/doas.conf
sudo chmod 0400 /etc/doas.conf
You can verify the correctness of your entries with:
sudo doas -C /etc/doas.conf
If everything is correct, the prompt will immediately return.
You can now begin using doas :
doas apt update
As expected, you will be asked for your password. However, doas can also be used without a password. Keep in mind that this would allow any user of your system to gain administrative privileges without authentication. If you still wish to use doas without a password, add the following line to the configuration:
permit nopass tom as root
This can also be applied to a group by including nopass in the corresponding line. You can further restrict passwordless usage to specific commands — for instance, for restarting the system:
permit nopass tom cmd /sbin/reboot
A more secure approach for systems with more than one user than using nopass is the persist option. This allows users to enter their password once and reuse it without re-authentication for the next five minutes.
A very useful feature is command auto-completion using the Tab key. While this works automatically with sudo, you need to manually enable it for Doas. Open the .bashrc file:
nano ~/.bashrc
and append the following lines to the end of the file:
if type _sudo &>/dev/null; then
complete -o default -o bashdefault -F _sudo doas
fi
Then reload the file:
source ~/.bashrc
Tab completion should now work. With that, doas is ready to replace sudo . Additional options can be found in the man page:
man doas.conf
Users who prefer to acquire elevated rights through systemd can take a look at run0 , an alternative introduced a year ago with systemd 256.
Ubuntu Security Updates
The security updates listed here from Ubuntu are directly integrated into TUXEDO OS:
USN-7558–1: GStreamer Bad Plugins vulnerabilities
USN-7556–1: Bootstrap vulnerabilities
USN-7555–1: Django vulnerability
USN-7551–1: libvpx vulnerability
USN-7549–1: Twig vulnerability
USN-7548–1: MariaDB vulnerabilities
USN-7547–1: Tornado vulnerability
Current BIOS/EC Versions
An EC/BIOS update affects key system components. Please ensure that you follow the instructions carefully and take your time. The process is usually completed quickly. If you have any doubts, our support team is happy to assist you. The following devices have BIOS/EC updates available:
Model
CPU
GPU
BIOS
EC
Aura 14 Gen 3 (PU2)
1.07.13RTR
1.07.05BTR4
Aura 14 Gen 3 (AU2)
1.07.12RTR
Aura 15 Gen 3 (PU)
1.07.13RTR
1.07.05TR5
Aura 15 Gen 3 (AU)
1.07.12RTR
1.07.04TR1
Gemini 17 Gen3
GeForce RTX 4060 /4070
1.07.04RTR1
1.07.05tTR1
