I-Microsoft ipapashe uhlaziyo lwe-CBL-Mariner distribution 1.0.20210901 (Common Base Linux Mariner), ephuhliswayo njengeqonga elisisiseko lehlabathi jikelele lemo engqongileyo ye-Linux esetyenziswa kwiziseko zamafu, iisistim zomphetho kunye neenkonzo ezahlukeneyo zikaMicrosoft. Le projekthi ijolise ekudibaniseni izisombululo zeMicrosoft Linux kunye nokwenza lula ugcino lweenkqubo zeLinux ngeenjongo ezahlukeneyo ukuya kutsho ngoku. Uphuhliso lweprojekthi lusasazwa phantsi kwelayisenisi ye-MIT.
Kukhupho olutsha:
- Ukuqulunqwa komfanekiso we-iso osisiseko (700 MB) uqalile. Ekukhutshweni kokuqala, imifanekiso ye-ISO esele ilungile ayizange inikezelwe; kwakucingelwa ukuba umsebenzisi unokudala umfanekiso ngokuzaliswa okuyimfuneko (imiyalelo yendibano yalungiselelwa Ubuntu 18.04).
- Inkxaso yokuhlaziywa kwephakheji ngokuzenzekelayo iphunyeziwe, apho isicelo se-Dnf-Automatic sibandakanyiwe.
- I-Linux kernel ihlaziywe kwinguqulo 5.10.60.1. Iinguqulelo zeprogram ezihlaziyiweyo, kuquka i-openvswitch 2.15.1, i-golang 1.16.7, i-logrus 1.8.1, i-tcell 1.4.0, i-gonum 0.9.3, ingqina 1.7.0, i-crunchy 0.4.0, xz 0.5.10, i-swig 4.0.2. 4.4, i-swig 8.0.26. squashfs-izixhobo XNUMX, mysql XNUMX.
- I-OpenSSL ibonelela ngokhetho lokubuyisela inkxaso ye-TLS 1 kunye ne-TLS 1.1.
- Ukujonga ikhowudi yomthombo wesixhobo, i-sha256sum utility isetyenziswa.
- Iipakethe ezintsha zibandakanyiwe: izixhobo ze- etcd, i-cockpit, i-aide, i-fipscheck, i-tini.
- Iimpawu ze-brp-strip-debug-symbols, brp-strip-unneeded kunye ne-ca-legacy packages zisusiwe. Iifayile ezisusiweyo ze-SPEC ze-Dotnet kunye neepakethe ze-aspnetcore, ezihlanganiswe ngoku liqela lophuhliso lwe-.NET kwaye zibekwe kwindawo yokugcina eyahlukileyo.
- Ulungiso lobuthathaka luye lwasiwa kwiinguqulelo zephakheji ezisetyenzisiweyo.
Masikhumbule ukuba ukuhanjiswa kwe-CBL-Mariner kubonelela ngemigangatho emincinci yeepakethi ezisisiseko ezisebenza njengesiseko sendalo yonke ekudaleni imixholo yezikhongozeli, iindawo zokuhlala kunye neenkonzo ezisebenza kwiziseko zefu kunye nezixhobo ezinqamlekileyo. Izisombululo eziyinkimbinkimbi kunye nezikhethekileyo zinokudalwa ngokongeza iipakethi ezongezelelweyo phezulu kwe-CBL-Mariner, kodwa isiseko sazo zonke iinkqubo ezinjalo zihlala zifana, ukwenza ukugcinwa kunye nokuhlaziywa kube lula. Umzekelo, i-CBL-Mariner isetyenziswa njengesiseko sosasazo oluncinci lwe-WSLg, olubonelela ngamacandelo estaki segrafiki sokuqhuba usetyenziso lwe-Linux GUI kwiimeko ezisekelwe kwi-WSL2 (i-Windows Subsystem ye-Linux). Ukusebenza okwandisiweyo kwi-WSLg kufezekiswa ngokubandakanywa kweepakethe ezongezelelweyo kunye ne-Weston Composite Server, i-XWayland, i-PulseAudio kunye ne-FreeRDP.
Inkqubo yokwakha ye-CBL-Mariner ikuvumela ukuba uvelise zombini iipakethe ze-RPM ezihlukeneyo ezisekelwe kwiifayile ze-SPEC kunye nemithombo, kunye nemifanekiso ye-monolithic ye-monolithic eyenziwe ngokusebenzisa i-toolkit ye-rpm-ostree kwaye ihlaziywe nge-atom ngaphandle kokuqhekeka kwiipakethe ezihlukeneyo. Ngokufanelekileyo, iimodeli ezimbini zokuhanjiswa kohlaziyo ziyaxhaswa: ngokuhlaziya iipakethe zomntu ngamnye kunye nokwakha kwakhona kunye nokuhlaziya yonke inkqubo yomfanekiso. Indawo yokugcina iyafumaneka malunga ne-3000 RPMs esele yakhiwe ongayisebenzisa ukwakha imifanekiso yakho ngokusekelwe kwifayile yoqwalaselo.
Ukuhanjiswa kubandakanya kuphela amacandelo ayimfuneko kwaye ilungiselelwe imemori encinci kunye nokusetyenziswa kwendawo yediski, kunye nesantya esiphezulu sokukhuphela. Ukuhanjiswa kukwaphawuleka ngokubandakanya iindlela ezahlukeneyo zokhuseleko ezongezelelweyo. Iprojekthi isebenzisa "ukhuseleko oluphezulu ngokungagqibekanga". Ibonelela ngesakhono sokucoca iifowuni zesixokelelwano usebenzisa i-seccomp mechanism, i-encrypt partitions zedisk, kwaye uqinisekise iipakethe ngotyikityo lwedijithali.
Iimowudi zedilesi ye-randomization exhaswa kwi-Linux kernel, kunye neendlela zokukhusela ngokuchasene nohlaselo olunxulumene noqhagamshelo lomfuziselo, mmap, /dev/mem kunye /dev/kmem, ziyasebenza. Kwiindawo zememori eziqulethe amacandelo ane-kernel kunye nedatha yemodyuli, imowudi isetelwe ukuba ifundeke kuphela kwaye ukuphunyezwa kwekhowudi akuvumelekanga. Okukhethiweyo kukukwazi ukukhubaza ukulayishwa kweemodyuli ze-kernel emva kokuqaliswa kwenkqubo. I-iptables toolkit isetyenziselwa ukuhluza iipakethi zenethiwekhi. Ngokungagqibekanga, ukupasa kokwakha kwenza iindlela zokukhusela ngokuchasene nokuphuphuma kwestaki, ukugcwala kwe-buffer, kunye neengxaki zokufomatha umtya (_FORTIFY_SOURCE, -fstack-protector, -Wformat-security, relro).
Inkqubo yomphathi wenkqubo isetyenziselwa ukulawula iinkonzo kunye nesiqalo. Kulawulo lwephakheji, abaphathi bephakheji i-RPM kunye ne-DNF (i-tdnf eyahlukileyo esuka kwi-vmWare) inikezelwe. Iseva ye-SSH ayenziwanga isebenze ngokungagqibekanga. Ukufakela ukuhanjiswa, isifakeli sinikezelwe esinokusebenza kuzo zombini iindlela zokubhaliweyo kunye negraphical. Umfakeli ubonelela ngokhetho lokufakela ngeseti epheleleyo okanye esisiseko yeepakethe, kwaye inikezela ngojongano lokukhetha isahlulelo sediski, ukukhetha igama lomkhosi, kunye nokudala abasebenzisi.
umthombo: opennet.ru