Just figured that some may be curious of how AOSC OS ports are done, so this particular transmission will be dedicated to this matter.
In case you haven't noticed yet (due to our puzzling download page), AOSC OS currently has 7 architectural ports under active development:
And by AOSC OS design, these ports are all capable of running on mainline kernels (well not yet for MIPS64el) and various desktop environments (while some simply can't be built on some architecture yet, for example, Enlightenment on PowerPC64 due to lack of LuaJIT support). But in most cases, all ports of AOSC OS can be used with the same level of functionality, but with varying performance outcomes. There are several reasons to this:
Onto the workflow then. There is a rule among AOSC OS developers that, "there shall be no port before devices exists" - some Linux distributions (go figure) has lots of architectural ports, but sometimes no device is available for some architectures. While it's all fine and good as a technical references on these ports (in fact, we have learned a lot from Fedora and Gentoo, thank you both), we as a tiny development effort simply can't afford to start a virtual port - or "theoretical" port, let's say - this is precisely the reason why we haven't jumped on to porting AOSC OS to RISC-V yet, but when the first boards of that architecture debut, we will crack on with it. But anyways, if there exists a device availabled for us to purchase by one of our developers, a port will be started. Junde Yhi, long time AOSC contributor started his first venture of porting AOSC OS with his purchase of a Loongson 3A R2 (3A2000C) desktop of MIPS64el (MIPS 64-bit, little-endian) architecture, and it's truly an interesting (and perhaps unfortunately, quirky) machine.
The porting starts without actually doing the build, but with making "specs" for the particular port. As AOSC OS, there isn't much room for varied system designs, the work mostly comes to the optimization parameters and configuration for the toolchain (we use GNU's tools, of course). In the case of MIPS64el, Yhi spent roughly two weeks reading Loongson's compiler and optimizations specifications - not that we are making a Loongson port, but SGI's workstations are just... too much. At the end of the reading, a series of optimization parameters, or flags are collected and put in as a part of some Autobuild3 updates.
The next step would be to start reading and build along with the guides at
Linux From Scratch. The only difference we
make here is to change the triple to ours (in the case of MIPS64el,
mips64el-aosc-linux-gnu), and incorporating package management (
dpkg in our
case) as soon as we could. With package management in place, it's time to start
building the Core (from
of course), and debug through issues, committing changes and incorporating them
into the next release. Then it just flows down the stream to our main
tree, where terrible stuff like
"stage-two-ing" (stripping out features for bootstrapping, and re-incorporating
new features when dependencies are available) and you guess it, more bugs, will
be found. But with enough packages available and tested, a new port of AOSC OS
will be available from the downloads page. This
process can take anywhere from weeks to months (our fastest growing ports yet
are the PowerPC 32/64-bit ports, thanks to a powerful PowerMac G5 Quad, taking
only 5 weeks to have the Base, MATE, and XFCE variants available), depending on
the difficulty and fluidity of the porters.
What's next then? Generally, maintaining and hoping for more. Maintaining ports
is a long enduring and often times tedious task. Given that our main port is
still the AMD64/x86_64 port, all new package updates will be built and tested
first on the AMD64 machines, pushed to the
staging branch, and merged to the
master branch before pushing the new updates to the
community repository. Then, the updates will be
organized into a task list and passed onto... usually me - owning machines from
most of the architectuers available, and having horribly strong patience (just
a boring personality, not praising myself by any means). Every week, ~500 new
package updates/fixes commits are committed to the
staging branch, and ~200
of them will be available to non-AMD64 ports (some simply can't be built, some
noarch data packages that do not need to be rebuilt). And yes, they take
around ~3 times more in time expense to build despite the smaller number of
tasks. And yes, these machines working together at the same time makes it a
great cure to the Wisconsin winter, and a great tool for my roommate Tianhao Chai
to heat his milk and such (package building for the ports generally happens in
the weekends, a "good" period of time in a week by our definition).
On the "hoping for more" part, we do accept device donations, and we (generally) make guarantees on porting AOSC OS onto them. Icenowy Zheng, our ARM maintainer, receives quite a quantity of devices from hardware manufactures due to her exemplary work in "mainlining" (merging device supports and fixes into the mainline Linux kernel) support for Allwinner (sunxi) devices - as you may have seen multiple times on our news. I myself received a Nokia N900 phone from a good friend of mine - knowing its potential and well maintainership by the mainline kernel, I should be able to get AOSC OS running - and of course, releasing images for it in a timely manner.
And that sums up how the ports happens, and happens to be in the context of AOSC OS development. If you are interested in donating devices or maintaining a new port for AOSC OS (that will be really could you know...), please do find us over at the #aosc IRC channel.
— Mingcong Bai
ACBS (Autobuild CI Build System), after several re-writes, is now available as a replacement to our old Autobuild manifest and configuration manager ABBS (AutoBuild Build Service). ACBS comes with enhanced functionality, improved reliability, and full compatibility with old ABBS trees:
Extra blings are also included:
The new set of tool is written in Python 3 (and you will need a version newer than 3.3), along with several essential dependencies - which are commonly found in any well built Linux distributions - ACBS is built for any Linux distribution eyeing on Autobuild for its packaging work.
New packages built for AOSC OS since today will be built with ACBS - just to give it more real-world and detailed testing - but as it stands today, it is already quite a bit more advanced than ABBS. Definitely a recommended upgrade.
Our AOSC OS packaging documentation "AOSC Cadet Training" is also updated for using ACBS - please note that ABBS is now marked deprecated, and you should not continue to use ABBS - we are not interested in fixing old and deprecated stuff, as we usually do.
Icenowy Zheng just made an update on the
wine package for ARMv7 (
armel), fixing some runtime issues introduced with an earlier commit. To prove its usability, she attempted to build a version of Notepad++ for her tablet running AOSC OS...
Along with the update, Zheng is currently marking all
optenv32, our i686/32-bit x86 runtime environment as architectural neutral packages - in the future, all of our AOSC OS ports will be able to run i686 applications (Wine or Linux Native) with the help of Qemu User Mode Emulation. Keep posted for updates!
Per users' requests, we have added the following packages to our community repository:
afflib- An open and extensible file format to store disk images and associated metadata.
afl- A security-oriented fuzzer.
averia-fonts- The Avería GWF font family.
construct- A powerful declarative parser/builder for binary data.
ctemplate- A library implementing a simple but powerful template language for C++.
dff- An Open Source computer forensics platform.
distorm- Powerful disassembler library for x86/AMD64.
et-xmlfile- A low memory library for creating large XML files.
fbset- Framebuffer setup utility.
jbig2dec- Decoder implementation of the JBIG2 image compression format.
jdcal- Julian dates, from proleptic Gregorian and Julian calendars.
jsmath-fonts- Font family for jsMath.
libbfio- A library to provide basic file input/output abstraction.
libewf- A library to access the Expert Witness Compression Format (EWF).
libfm-qt- Core library of PCManFM-Qt (Qt binding for libfm).
libforensic1394- Library for performing live memory forensics over the IEEE 1394 (FireWire) interface.
libglademm- C++ bindings for libglade.
libiodbc- Independent Open DataBase Connectivity driver library.
libpff- Library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format.
libvshadow- A library to access the Volume Shadow Snapshot (VSS) format.
lxqt-build-tools- Various packaging tools and scripts for LXQt applications.
muparser- A fast math parser library.
mysql-workbench- A cross-platform, visual database design tool developed by MySQL.
openpyxl- A Python library to read/write Excel 2007 xlsx/xlsm files.
paprefs- A simple GTK-based configuration dialog for PulseAudio.
pefile- A Python module to read and work with PE (Portable Executable) files.
ptunnel- A tool for reliably tunneling TCP connections over ICMP echo request and reply packets.
pyodbc- Python bindings for UnixODBC.
pyorbit- Python bindings for ORBit2.
reglookup- Utilities for direct analysis of Windows NT-based registry files.
scantailor- Interactive post-processing tool for scanned pages.
seahorse-nautilus- PGP encryption and signing for Nautilus (GNOME Files).
stunnel- A program that allows you to encrypt arbitrary TCP connections inside SSL.
system-config-lvm- A utility for graphical configuration of Logical Volumes.
thermald- The Linux Thermal Daemon program from 01.org.
tinyproxy- A light-weight HTTP proxy daemon for POSIX operating systems.
volatility- Advanced memory forensics framework.
xrdp- An open source remote desktop protocol (RDP) server.
yara-python- Python bindings for Yara.
yara- Tool aimed at helping malware researchers to identify and classify malware samples.
zathura-pdf-mupdf- PDF support for Zathura (MuPDF backend).
znc- An IRC bouncer with modules & scripts support.
To learn about how to request new packages for addition into our community repository, please check out our "pakreq" guide. Or simply shout out requests with
#pakreq hashtag on our #aosc IRC channel, or on our Telegram group (joining information available on IRC).
Please update your
curl+32 if using the AMD64/x86_64 port with optenv32 installed) to version
This security advisory discusses the security vulnerabilities addressed in 7.52.0 and followed by 7.52.1 as an emergency release - to fix a new security regression introduced with version 7.52.0.
Version 7.52.0 addressed the following security vulnerabilities:
Version 7.52.1 address a security vulnerability described as follows, however, no CVE was assigned at the time of writing:
"libcurl's (new) internal function that returns a good 32bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to.
"This random value is used to generate nonces for Digest and NTLM authentication, for generating boundary strings in HTTP formposts and more. Having a weak or virtually non-existent random there makes these operations vulnerable.
"This function is brand new in 7.52.0 and is the result of an overhaul to make sure libcurl uses strong random as much as possible - provided by the backend TLS crypto libraries when present. The faulty function was introduced in this commit."
Please update your
flightgear package to version
A fix was recently introduced to the source code for the FlightGear Flight Simulator to address the following security vulnerability:
"The FlightGear project fixed a security issue, allowing arbitrary file overwrites for files the user running FlightGear has write access to and could be taken advantage to for other impact as arbitrary code execution."
Please update your
exim package to version
A security vulnerability was recently disclosed that:
"Exim leaks the private DKIM signing key to the log files. Additionally,
if the build option
EXPERIMENTAL_DSN_INFO=yes is used, the key material
is included in the bounce message."
And was consequently assigned with CVE-2016-9963.