Microsoft yatulutsa zosintha za CBL-Mariner distribution 1.0.20210901 (Common Base Linux Mariner), yomwe ikupangidwa ngati nsanja yapadziko lonse lapansi yamalo a Linux omwe amagwiritsidwa ntchito mumtambo, machitidwe am'mphepete ndi ntchito zosiyanasiyana za Microsoft. Pulojekitiyi ikufuna kugwirizanitsa mayankho a Linux omwe amagwiritsidwa ntchito mu Microsoft komanso kufewetsa kasamalidwe ka Linux pazifukwa zosiyanasiyana mpaka pano. Zomwe polojekitiyi ikuchita zimagawidwa pansi pa layisensi ya MIT.
M'kutulutsa kwatsopano:
- Kupanga kwa chithunzi choyambirira cha iso (700 MB) kwayamba. Pakutulutsidwa koyamba, zithunzi za ISO zokonzeka sizinaperekedwe; zimaganiziridwa kuti wogwiritsa ntchito amatha kupanga chithunzi ndikudzaza kofunikira (malangizo a msonkhano adakonzedwa kwa Ubuntu 18.04).
- Thandizo losinthira phukusi lokha lakhazikitsidwa, pomwe pulogalamu ya Dnf-Automatic ikuphatikizidwa.
- Linux kernel yasinthidwa kukhala 5.10.60.1. Mabaibulo osinthidwa pulogalamu, kuphatikizapo openvswitch 2.15.1, golang 1.16.7, logrus 1.8.1, tcell 1.4.0, gonum 0.9.3, umboni 1.7.0, crunchy 0.4.0, xz 0.5.10, swig 4.0.2. 4.4, squashfs-zida 8.0.26, mysql XNUMX.
- OpenSSL imapereka mwayi wobwezera chithandizo cha TLS 1 ndi TLS 1.1.
- Kuti muwone magwero a zida, sha256sum imagwiritsidwa ntchito.
- Phukusi latsopano likuphatikizidwa: etcd-zida, cockpit, aide, fipscheck, tini.
- Zizindikiro za brp-strip-debug, brp-strip-unneeded and ca-legacy phukusi zachotsedwa. Mafayilo a SPEC achotsedwa a Dotnet ndi phukusi la aspnetcore, omwe tsopano akuphatikizidwa ndi gulu lachitukuko la .NET ndikuyikidwa m'malo osiyana.
- Zokonza pachiwopsezo zasunthidwa kumitundu yomwe yagwiritsidwa ntchito.
Tikumbukire kuti kugawa kwa CBL-Mariner kumapereka magawo ang'onoang'ono oyambira omwe amagwira ntchito ngati maziko opangira zomwe zili m'mitsuko, malo okhala ndi ntchito zomwe zikuyenda mumtambo komanso pazida zam'mphepete. Mayankho ovuta komanso apadera amatha kupangidwa powonjezera ma phukusi owonjezera pamwamba pa CBL-Mariner, koma maziko a machitidwe onsewa amakhalabe ofanana, kupanga kukonza ndi zosintha kukhala zosavuta. Mwachitsanzo, CBL-Mariner imagwiritsidwa ntchito ngati maziko a kagawidwe kakang'ono ka WSLg, komwe kamapereka magawo azithunzi ogwiritsira ntchito Linux GUI m'malo otengera WSL2 (Windows Subsystem for Linux). Kugwira ntchito kowonjezereka mu WSLg kumachitika kudzera pakuphatikizidwa kwa mapaketi owonjezera ndi Weston Composite Server, XWayland, PulseAudio ndi FreeRDP.
Makina omangira a CBL-Mariner amakulolani kupanga phukusi la RPM pawokha potengera mafayilo a SPEC ndi ma source code, komanso zithunzi zamtundu wa monolithic zomwe zimapangidwa pogwiritsa ntchito zida za rpm-ostree ndikusinthidwa ma atomu popanda kugawanika m'maphukusi osiyana. Chifukwa chake, mitundu iwiri yobweretsera zosinthika imathandizidwa: kudzera pakukonzanso phukusi layekha komanso pomanganso ndikusintha chithunzi chonse chadongosolo. Malo osungira pafupifupi 3000 omwe adamangidwa kale a RPM akupezeka omwe mungagwiritse ntchito kupanga zithunzi zanu potengera fayilo yosinthira.
Kugawa kumaphatikizapo zigawo zofunikira zokhazokha ndipo zimakonzedwa kuti zisamakumbukire pang'ono ndi kugwiritsa ntchito malo a disk, komanso kuthamanga kwambiri. Kugawirako kumawonekeranso pakuphatikizidwa kwa njira zina zowonjezera zowonjezera chitetezo. Pulojekitiyi imatenga njira ya "chitetezo chokwanira mwachisawawa". Ndizotheka kusefa mafoni amachitidwe pogwiritsa ntchito makina a seccomp, encrypt partitions disk, ndikutsimikizira phukusi pogwiritsa ntchito siginecha ya digito.
Njira zopangira ma adilesi zomwe zimathandizidwa mu kernel ya Linux zimayatsidwa, komanso njira zodzitetezera ku symlink, mmap, /dev/mem ndi /dev/kmem. Malo okumbukira omwe ali ndi magawo omwe ali ndi kernel ndi data ya module amayikidwa kuti awerenge-pokhapokha ndipo kupha ma code ndikoletsedwa. Njira ilipo yoletsa kutsitsa ma module a kernel pambuyo poyambitsa dongosolo. Iptables toolkit imagwiritsidwa ntchito kusefa mapaketi a netiweki. Pakumanga, chitetezo pakusefukira kwa stack, buffer kusefukira, ndi zovuta zamapangidwe a zingwe zimayatsidwa mwachisawawa (_FORTIFY_SOURCE, -fstack-protector, -Wformat-security, relro).
Systemd manager systemd imagwiritsidwa ntchito kuyang'anira ntchito ndi boot. Pakuwongolera phukusi, oyang'anira phukusi RPM ndi DNF (tdnf zosiyana kuchokera ku vmWare) amaperekedwa. Seva ya SSH siyiyatsidwa mwachisawawa. Kuti muyike kugawa, choyikiracho chimaperekedwa chomwe chingagwire ntchito m'mawu ndi ma graphical modes. Woyikayo amapereka mwayi woyika ndi phukusi lathunthu kapena loyambira, ndipo amapereka mawonekedwe osankha gawo la disk, kusankha dzina la alendo, ndikupanga ogwiritsa ntchito.
Source: opennet.ru