I-Microsoft ishicilele isibuyekezo sokusatshalaliswa kwe-CBL-Mariner 1.0.20210901 (Common Base Linux Mariner), esakhiwa njengenkundla eyisisekelo yendawo yonke yezindawo ze-Linux ezisetshenziswa kungqalasizinda yamafu, izinhlelo ezisemaphethelweni kanye nezinsiza ezihlukahlukene ze-Microsoft. Le phrojekthi ihloselwe ukuhlanganisa izixazululo ze-Microsoft Linux nokwenza lula ukugcinwa kwamasistimu e-Linux ngezinjongo ezihlukahlukene kusesikhathini samanje. Intuthuko yephrojekthi isatshalaliswa ngaphansi kwelayisensi ye-MIT.
Ekukhishweni okusha:
- Ukwakhiwa kwesithombe esiyisisekelo se-iso (700 MB) sekuqalile. Ekukhishweni kokuqala, izithombe ze-ISO ezenziwe ngomumo azizange zinikezwe; kwakucatshangwa ukuthi umsebenzisi angakha isithombe ngokugcwaliswa okudingekayo (iziqondiso zomhlangano zalungiselelwa Ubuntu 18.04).
- Ukusekelwa kwezibuyekezo zephakheji ezizenzakalelayo kuqalisiwe, lapho kufakwe khona uhlelo lwe-Dnf-Automatic.
- I-Linux kernel ibuyekezelwe kunguqulo 5.10.60.1. Izinguqulo zohlelo ezibuyekeziwe, okuhlanganisa i-openvswitch 2.15.1, golang 1.16.7, logrus 1.8.1, tcell 1.4.0, gonum 0.9.3, fakaza 1.7.0, crunchy 0.4.0, xz 0.5.10, swig 4.0.2. 4.4, squashfs-amathuluzi 8.0.26, mysql XNUMX.
- I-OpenSSL inikeza inketho yokubuyisela usekelo lwe-TLS 1 ne-TLS 1.1.
- Ukuhlola ikhodi yomthombo yekhithi yamathuluzi, insiza ye-sha256sum iyasetshenziswa.
- Amaphakheji amasha afakiwe: njlld-amathuluzi, i-cockpit, i-aide, i-fipscheck, i-tini.
- Izimpawu ze-brp-strip-debug-symbols, brp-strip-unneeded kanye namaphakheji we-ca-legacy asusiwe. Amafayela e-SPEC asusiwe e-Dotnet kanye namaphakheji e-aspnetcore, manje ahlanganiswa ithimba lokuthuthukiswa kwe-.NET eliyinhloko futhi abekwe endaweni yokugcina ehlukile.
- Ukulungiswa kokuba sengozini kuyiswe ezinguqulweni zephakheji ezisetshenzisiwe.
Masikhumbule ukuthi ukusatshalaliswa kwe-CBL-Mariner kunikeza isethi encane evamile yamaphakheji ayisisekelo asebenza njengesisekelo somhlaba wonke sokudala okuqukethwe kweziqukathi, izindawo zokusingatha kanye nezinsizakalo ezisebenza kungqalasizinda yamafu nakumadivayisi asemaphethelweni. Izixazululo eziyinkimbinkimbi nezikhethekile zingadalwa ngokungeza amaphakheji engeziwe phezu kwe-CBL-Mariner, kodwa isisekelo sazo zonke izinhlelo ezinjalo zihlala zifana, okwenza ukugcinwa nokuvuselela kube lula. Isibonelo, i-CBL-Mariner isetshenziswa njengesisekelo sokusabalalisa okuncane kwe-WSLg, ehlinzeka ngezingxenye zesitaki sezithombe zokuqalisa izinhlelo zokusebenza ze-Linux GUI endaweni esekelwe ohlelweni olungaphansi lwe-WSL2 (Windows Subsystem for Linux). Ukusebenza okunwetshiwe ku-WSLg kubonakala ngokufaka amaphakheji engeziwe ne-Weston Composite Server, i-XWayland, i-PulseAudio ne-FreeRDP.
Uhlelo lokwakha lwe-CBL-Mariner likuvumela ukuthi ukhiqize womabili amaphakheji e-RPM angawodwana asekelwe kumafayela e-SPEC nekhodi yomthombo, kanye nezithombe zesistimu ye-monolithic ezikhiqizwe kusetshenziswa ikhithi yamathuluzi ye-rpm-ostree futhi ibuyekezwa nge-athomu ngaphandle kokuhlukaniswa ngamaphakheji ahlukene. Ngokufanelekile, amamodeli amabili okulethwa kwesibuyekezo ayasekelwa: ngokubuyekeza amaphakheji angawodwana nangokwakha kabusha nokubuyekeza lonke isithombe sohlelo. Inqolobane yamaphakeji e-RPM akhiwe ngaphambilini angaba ngu-3000 ayatholakala ongawasebenzisa ukuze wakhe izithombe zakho ngokusekelwe kufayela lokumisa.
Ukusabalalisa kuhlanganisa kuphela izingxenye ezidingekayo kakhulu futhi kulungiselelwe inkumbulo encane kanye nokusetshenziswa kwesikhala sediski, kanye nesivinini esikhulu sokulayisha. Ukusatshalaliswa kuphinde kuphawuleke ngokufakwa kwezindlela ezahlukahlukene ezengeziwe zokuthuthukisa ezokuphepha. Iphrojekthi ithatha indlela "yokuphepha okuphezulu ngokuzenzakalelayo". Kungenzeka ukuhlunga amakholi wesistimu usebenzisa indlela ye-seccomp, ukubethela izingxenye zediski, futhi uqinisekise amaphakheji usebenzisa isiginesha yedijithali.
Amakheli we-space randomization mode asekelwa ku-Linux kernel ayasebenza, kanye nezindlela zokuvikela ekuhlaselweni kwe-symlink, mmap, /dev/mem kanye /dev/kmem. Izindawo zememori eziqukethe amasegmenti ane-kernel nedatha yemojuli zisethwe kumodi yokufunda kuphela futhi ukusebenzisa ikhodi kuvinjelwe. Ongakukhetha ukukhubaza ukulayisha amamojula e-kernel ngemva kokuqaliswa kwesistimu. Ikhithi yamathuluzi ye-iptables isetshenziselwa ukuhlunga amaphakethe enethiwekhi. Esigabeni sokwakha, ukuvikela ekuchichimeni kwesitaki, ukuchichima kwebhafa, nezinkinga zokufometha kweyunithi yezinhlamvu kunikwa amandla ngokuzenzakalela (_FORTIFY_SOURCE, -fstack-protector, -Wformat-security, relro).
I-systemd yomphathi wesistimu isetshenziselwa ukuphatha amasevisi nokuqalisa. Ngokuphathwa kwephakheji, abaphathi bephakheji i-RPM ne-DNF (okuhlukile kwe-tdnf kusuka ku-vmWare) bayanikezwa. Iseva ye-SSH ayivunyelwe ngokuzenzakalelayo. Ukuze ufake ukusatshalaliswa, kuhlinzekwa isifaki esingasebenza kuzo zombili izindlela zombhalo nezithombe. Isifaki sinikeza inketho yokufaka ngesethi egcwele noma eyisisekelo yamaphakheji, futhi sinikeza isixhumi esibonakalayo sokukhetha ukwahlukanisa kwediski, ukukhetha igama lomsingathi, nokudala abasebenzisi.
Source: opennet.ru