ProHoster > Ibhulogi > iindaba ze-intanethi > I-NICE.OS yindlela encinci yokusasaza eyakhiwe ukusuka ekuqaleni kwaye yenzelwe izikhongozeli.

I-NICE.OS yindlela encinci yokusasaza eyakhiwe ukusuka ekuqaleni kwaye yenzelwe izikhongozeli.

Iprojekthi ye-NAYS.OS iphuhliswa ngokuzimeleyo Linux- usasazo olwakhiwe ukusuka ekuqaleni kwikhowudi yomthombo kwaye lugcina isiseko salo sephakheji, olungaboleki izikripthi zokwakha iiphakheji kwezinye izisasazo. Le projekthi iphuhlisa izixhobo zayo, iseti yepetshi, kunye nomgaqo-nkqubo wokwakha. Umfanekiso we-ISO (603 MB) owenzelwe ukufakwa kwiimashini ezibonakalayo (i-KVM, i-Proxmox, i-VMware, i-VirtualBox, njl.njl.) uyafumaneka ukuze ukhutshelwe.

Ukusasazwa kufumaneka simahla ukuze kusetyenziswe ngasese nakwezorhwebo, ngaphandle kwemida yesixhobo. Isivumelwano selayisensi siyakwalela "ukutshintsha, ukulungisa, ukuguqula, ukwahlula, ukwahlula, okanye ukuzama ukufumana ikhowudi yomthombo, ngaphandle kokuba kuvunyelwe ngokucacileyo ngumthetho osebenzayo okanye iilayisenisi zomthombo ovulekileyo." Kwakhona siyakwalela "ukudlulisela, ukuthengisa, ukuqeshisa, ukuboleka, ukupapasha, okanye ukusasaza isoftware ngaphandle kwemvume ebhaliweyo yomnini welungelo lokushicilela."

I-NICE.OS ibekwe njengenkqubo yeseva yenkxaso yexesha elide (LTS) elungiselelwe oomatshini bokwenene, iinkqubo zelifu, kunye nee-edge nodes. I-kernel, ii-compiler, ii-core libraries, kunye ne-crypto stack zonke zihlanganiswe ukuze zihlangabezane neemfuno ezifanayo zokuphinda zivelise kunye nokhuseleko. Le projekthi ifakiwe kwirejista yesoftware yaseRashiya (ubhaliso luthetha ukuba lunokuhlangabezana neemfuno "zesoftware yasekhaya" kwicandelo likarhulumente kunye nabanye abathengi beenkampani).

Iindlela ezimbini zixhaswa: ukuhlaziywa kwe-atomically (okungaguqukiyo, okusekelwe kwi-OSTree) kunye ne-classic RPM (dnf/dnf5). Kwindlela yokuhlaziywa kwe-atomically, i-/usr partition ifakwe kwi-read-only, uhlaziyo lusetyenziswa kwinkqubo yonke, ii-Btrfs snapshots zisetyenziselwa ukubuyisela uhlaziyo oluhlulekileyo, kwaye iinguqulelo zenkqubo yesiseko ziphathwa njengezinto zakudala ezinokulawulwa kwaye zithunyelwe kwiindawo nge-OSTree repository. Indlela ye-classic RPM isebenzisa ulawulo lwephakheji nge-dnf kunye ne-dnf5, ixhasa uhlaziyo lwesandla kunye nolwe-automatic, kwaye ibonelela nge-console installer, "niceos-installer."

Olu sasazo lubonelela ngesiseko esincinci nesinokuqikelelwa kwiikhonteyina, apho kungekho ndawo inemifanekiso, kuqaliswa iinkonzo ezisisiseko kuphela (i-systemd, ii-network utilities, i-SSH, i-firewall kwi-nftables/firewalld, ii-basic monitoring utilities), kwaye zonke iisoftware zesicelo zicetywayo ukuba zifakwe kwiikhonteyina (i-Docker/Podman/Kubernetes) okanye njengeenkonzo ezahlukeneyo phezu kwesiseko.

Imifanekiso esemthethweni yesikhongozeli iyafumaneka kwiDocker Hub. Le mifanekiso yakhiwe kwiNiceOS Base enye encinci, isebenza njengomsebenzisi ongenamalungelo, ibandakanya i-SBOM eyakhelwe ngaphakathi (iCycloneDX/SPDX) kunye nengxelo yobuthathaka (iTrivy, iGrype), kwaye ixhotyiswe ngeengxelo ezakhelwe ngaphakathi zokuhlolwa ngaphandle kweintanethi ngqo ngaphakathi kwesikhongozeli.

Kukho inkxaso ye-cryptography yasekhaya (i-stack ehlanganiswe kwangaphambili kwaye ivavanyiwe kwabo bafuna iimfuno ze-GOST kunye nokuhlolwa):

  • I-GnuPG ene-GOST (GOST R 34.10-2012 kunye ne-GOST R 34.11-2012), kubandakanya utyikityo, ukubethela kunye nokuqinisekiswa;
  • I-OpenSSL ene-GOST - TLS kunye ne-CLI enezinto ze-cryptography ze-GOST;
  • libksba/nettle — inkxaso ye-GOST kwi-CMS kunye ne-X.509;
  • OpenVPN nge-GOST - iseva esele yenziwe ngeekhowudi ze-GOST, kukho iskripthi esisebenzisayo VPN (i-PKI, i-firewall, ukubeka esweni, ukuhlanganiswa ne-Prometheus) kwimizuzu embalwa;
  • Izixhobo zokulawula ukuthembeka kwee-hashes ze-GOST (i-gost12sum, iiprofayili kwi-openssl dgst, njl.njl.).

Amathuba okuphucula ukhuseleko:

  • SELinux inikwe amandla ngokuzenzekelayo;
  • Kusetyenziswa iiflegi zokukhusela izakhiwo eziqhelekileyo (i-PIE, i-RELRO, i-SSP, i-FORTIFY_SOURCE, njl.njl.);
  • Kuye kwasetyenziswa iimeko zolawulo lokuthembeka (i-Secure Boot, i-IMA, i-AID ene-algorithms ze-GOST);
  • Iphakheji nganye ye-RPM isayiniwe, kukho imodeli ye-Zero-Trust PKI: ngokuzenzekelayo, nantoni na engadlulanga ekuqinisekisweni ayithenjwa;
  • Iingxelo ze-SBOM kunye nezobuthathaka zenziwa kwiipakeji kunye nemifanekiso.

Iimpawu zeenkqubo ezibonakalayo kunye nelifu:

  • Inkxaso yeematshini ezibonakalayo ezibuthathaka (i-AMD SEV-SNP, i-Intel TDX) ibhengeziwe. Izixhobo zokuqinisekisa iimashini ezibonakalayo kwiimeko ezinjalo ziyafumaneka.
  • Umfanekiso osemthethweni we-NICE.OS 5.2 uyafumaneka kwiYandex Cloud Marketplace njengomatshini obonakalayo, osele uquka iDocker, iglibc, kunye nePython 3.12; usasazo luphawulwe njengolukwirejista yesoftware yaseRashiya;
  • Kwindawo yeMarike yeCloud.ru, usasazo luchazwa njenge "i-OS encinci yaseRashiya yeekhonteyina. Umfanekiso weeVM, iiDocker, kunye neeKubernetes."
  • Uhlelo olwahlukileyo lweNiceOS V lulungiselelwe ii-hypervisors (iProxmox, iVMware ESXi, iKVM/QEMU, iAWS/Yandex Cloud/iGoogle Cloud, njl.njl.), kunye neseti encinci yeenkonzo kunye nogxininiso ekufakweni okuzenzakalelayo ngeKickstart/JSON.

Phakathi kweenguqulelo ezisetyenzisiweyo:

  • Linux 6.13.x,
  • I-GCC 14.3, iGlibc 2.41,
  • I-OpenSSL 3.5.1 (enezandiso phantsi kwe-GOST),
  • i-systemd 257, i-coreutils 9.6.

umthombo: opennet.ru

Thenga ukusingathwa okuthembekileyo kwiindawo ezinokhuseleko lweDDoS, iiseva zeVPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekileyo ngokhuseleko lwe-DDoS, iiseva zeVPS VDS | ProHoster