Microsoft ya buga sabuntawa zuwa kayan rarraba CBL-Mariner 2.0.20221029 (Common Base Linux Mariner), wanda aka haɓaka azaman tushen tushen duniya don mahallin Linux da ake amfani da su a cikin kayan aikin girgije, tsarin gefe da sabis na Microsoft daban-daban. An yi aikin ne don haɗa hanyoyin magance Microsoft Linux da kuma sauƙaƙe kiyaye tsarin Linux don dalilai daban-daban har zuwa yau. Ana rarraba ci gaban aikin a ƙarƙashin lasisin MIT. An samar da fakiti don gine-ginen aarch64 da x86_64. Hoton ISO mai bootable wanda aka shirya (1.1 GB) don gine-ginen x86_64.
A cikin sabon sigar:
- Sigar fakitin da aka sabunta, gami da fitar da ƙirar Linux kernel 5.15.74, PHP 8.1.11, nodejs 16.17.1, cassandra 4.0.7, dbus 1.15.2, expat 2.5.0, mysql 8.0.31, terra.1.32.2, tidy5.8.0. 3.4.16, wayashark 1.22.1, nginx XNUMX.
- An ƙara sabbin fakiti cairomm 1.12.0, cpptest 1.1.2, k-exec-tools, kernel-drivers-gpu, libcroco 0.6.13, python-google-auth-oauthlib, sgx-baya-compatability.
- Haɗe da kayayyaki don canza tsarin sarrafa cunkoso na TCP (TCP Congestion).
- An matsar da gyare-gyaren rauni zuwa libtar, unbound, aspell, libtiff, redis, livepatch, libtasn1, PHP, nodejs, dbus, expat, mod_wsgi, wireshark, nginx, mysql, fakitin terraform.
Rarraba CBL-Mariner yana ba da ƙaramin daidaitaccen tsari na fakiti na asali waɗanda ke aiki azaman tushen duniya don ƙirƙirar abubuwan da ke cikin kwantena, mahalli da sabis da sabis waɗanda ke gudana a cikin kayan aikin girgije da na'urori masu gefe. Za a iya ƙirƙirar ƙarin hadaddun mafita da na musamman ta hanyar ƙara ƙarin fakiti a saman CBL-Mariner, amma tushen duk irin waɗannan tsarin ya kasance iri ɗaya, tabbatarwa da sabuntawa cikin sauƙi. Misali, ana amfani da CBL-Mariner a matsayin tushen rarraba WSLg, wanda ke ba da abubuwan haɗin zane-zane don gudanar da aikace-aikacen Linux GUI a cikin mahalli dangane da tsarin WSL2 (Windows Subsystem don Linux). Extended ayyuka a cikin WSLg ana samun su ta hanyar haɗa ƙarin fakiti tare da Weston Composite Server, XWayland, PulseAudio da FreeRDP.
Tsarin ginin CBL-Mariner yana ba ku damar samar da fakitin RPM guda biyu dangane da fayilolin SPEC da lambar tushe, da kuma hotunan tsarin monolithic da aka samar ta amfani da kayan aikin rpm-ostree kuma an sabunta su ta atomatik ba tare da raba cikin fakiti daban ba. Dangane da haka, ana tallafawa samfuran isar da sabuntawa guda biyu: ta hanyar sabunta fakiti guda ɗaya da ta sake ginawa da sabunta hoton tsarin gaba ɗaya. Akwai ma'aji na kusan fakitin RPM 3000 da aka riga aka ginawa waɗanda za ku iya amfani da su don gina naku hotunan dangane da fayil ɗin sanyi.
Rarraba ya ƙunshi kawai abubuwan da suka fi dacewa kuma an inganta shi don ƙarancin ƙwaƙwalwar ajiya da amfani da sarari diski, da kuma babban saurin lodawa. Rarraba kuma sananne ne don haɗa ƙarin hanyoyin haɓaka daban-daban don haɓaka tsaro. Aikin yana ɗaukar hanyar "mafi girman tsaro ta tsohuwa". Yana yiwuwa a tace kiran tsarin ta amfani da tsarin seccomp, ɓoye ɓangarori na diski, da kuma tabbatar da fakiti ta amfani da sa hannu na dijital.
Hanyoyin bazuwar adireshi da ke goyan bayan kernel na Linux ana kunna su, da kuma hanyoyin kariya daga harin symlink, mmap, /dev/mem da /dev/kmem. Wuraren ƙwaƙwalwar ajiya waɗanda ke ƙunshe da ɓangarori tare da bayanan kernel da bayanai an saita su zuwa yanayin karantawa kawai kuma an haramta aiwatar da lambar. Zaɓin zaɓi shine musaki kayan aikin kwaya bayan ƙaddamar da tsarin. Ana amfani da kayan aikin iptables don tace fakitin cibiyar sadarwa. A matakin ginawa, ana ba da kariya daga cunkoso mai yawa, buffer overflow, da matsalolin tsara kirtani ta tsohuwa (_FORTIFY_SOURCE, -fstack-protector, -Wformat-security, relro).
Ana amfani da tsarin sarrafa tsarin don sarrafa ayyuka da taya. Ana ba da masu sarrafa fakitin RPM da DNF don sarrafa fakitin. Ba a kunna uwar garken SSH ta tsohuwa ba. Don shigar da rarraba, an samar da mai sakawa wanda zai iya aiki a cikin duka rubutu da kuma yanayin hoto. Mai sakawa yana ba da zaɓi na shigarwa tare da cikakken ko ainihin saitin fakiti, kuma yana ba da damar dubawa don zaɓar ɓangaren diski, zaɓar sunan mai watsa shiri, da ƙirƙirar masu amfani.
source: budenet.ru