For the past several days we have been continuing our work on the mitigation of “Meltdown” and “Spectre” - though at this point, we are focusing on the latter.
One of the more important progress is the release of AOSC OS Core 5.1.1, while containing some bugfixes and updates, comes with an updated GCC (GNU Compiler Collection) containing Clear Linux’s implementation/backport of Retpoline patch set to the 7.2 branch (which we are currently shipping). The patch set has the target to avoid “generating code which contains an indirect branch that could have its prediction poisoned by an attacker” - as described by an LLVM contributor. While it could take some serious reading to fully understand what is going on, this is a step towards a more complete mitigation of possible impacts of the “Spectre” vulnerability.
Apart from that, we have the following updates since our last report:
That’s all for now. We’ll continue the progress reports in the coming weeks, possibly.
— Mingcong Bai
Here’s a follow up to yesterday’s Progress Report on the fixing of “Meltdown” and “Spectre” for AOSC OS. Several events have taken place in the past 24 hours:
"Current stable versions of Chrome include an optional feature called Site Isolation which can be enabled to provide mitigation by isolating websites into separate address spaces. Learn more about Site Isolation and how to take action to enable it [from this link].
“Chrome 64, due to be released on January 23, will contain mitigations to protect against exploitation.”
At this moment, no other progress has been made on other issues stated on the last report.
— Mingcong Bai
It’s been more than 24 hours since our last post, and I would like to offer an as-is progress report on our fixes for the “Meltdown” and “Spectre” bug, affecting Intel - potentially AMD and some ARM processors. To make this easy to read, I’ll list everything known at this point in bullet points:
objtool. The issue with 4.14 is known to be a result of an added feature between 4.14.7 and 4.14.11 (for some reason, on a patch channel?), and we are currently working on a finalised solution.
At this point, only the Firefox 57.0.4 update has been pushed to the stable repository. I will post another news article here on the Portal tomorrow with (hopefully) some progress.
Please update your AOSC OS at your earliest convenience, and adjust your software selection (highly recommended).
— Mingcong Bai
First of all, a late Happy New Year…
So, after two months of radio silence, here’s a (huge) batch of updates for AOSC OS - again, now for AMD64, and later for other ports. We have two major objectives for this wave of updates:
And indeed… We are able to push through with the two objectives:
EDIT: One of our community members pointed out that also as a part of this Wave of updates, a large collection of GIS (Geographic Information System/Science) software packages. All names of the packages added could be found here.
AOSC OS running the Deepin Desktop Environment!
I’m currently on a New Year’s trip so I will spare you of long paragraphs of details!
For the rest of January, we will continue to work on synchronising updates on all our ports (apart from the MIPS ports, for their still questionable state), and to produce a new wave of tarball releases - it’s been almost one year since the last batch and it’s getting increasingly unpractical to download and update with.
Apart from that I would like to drop a note about the recent Intel (and possibly AMD and ARM) Kernel/Compiler security issue, “Meltdown” and “Spectre”. Kernel updates are currently in the works, and will be pushed to the stable channel in 24 hours, as for compilers, they will be made available in roughly the same time frame (LLVM), and parts of them in the upcoming Core 5.1 update (probably the day after).
I will leave a list of recommended sources for you to read up about the details. But for now, enjoy the updates and thank you for your continued support for AOSC OS!
— Mingcong Bai
Once again it is December 1st, 6 years since the night when an idea sparked between two of my friends and I in a middle school dormitory - to make something of our own, something we could be proud of. It started as a “designed in China, and for China” Linux distribution project based on openSUSE: AnthonOS（安同 OS）. Six years since that night our project still stands, bearing the name of AOSC OS - a Linux distribution which targets general usage (your desktop, server, laptop, tablets, etc.), and a strong emphasis on multilingual support and community interaction.
Six years we have stood mostly in silence (well before I elaborate on a hype, partly due to our inability to self-advertise, giggles) - though our existence, much like an old Chinese poem, we come down like rains riding the winds of spring, “Silent and soft, it moistens everything”. Our contributors, as passionate as they have been to projects of our community, contributions are made to upstream projects either on behalf of the community or on individual basis. Icenowy Zheng is now a long term contributor to the mainlining effort for Allwinner-based ARM devices; Zixing Liu, and many others (me included) continue to provide Simplified Chinese translation enhancements to projects like MATE Desktop, GNOME, and WineHQ; along with multitudes of loose patches to over 50 projects as we push on with the development of AOSC OS. Our year since December of 2016 has been mostly normal, as we continued to embrace the upstream projects which made our work towards AOSC OS possible.
That said, it doesn’t mean that we have kept to the old occupations and standards for another year. In our 6th year, we have pushed heavily on the standardisation of our development routines, and a harder push towards quality assurance. The introduction of Ciel and ACID marked the first step toward reproducible builds and continuous integration - while Ciel provides a tool to initialise, update, and rollback environments, ACID invokes Ciel to continuously create these build environments to build every single one of the packages available, and to find all those which failed to build or those in violation of a set of quality assurance requirements defined in Autobuild3 - our package building toolkit since 2014.
Along with that, with help from Dingyuan Wang and Zero King who helped to provide integration of AOSC OS’ package catalogue with Repology, so that we could better track our updates - and to reference with other distributions, regarding their build configuration, and in some cases, fixes needed to complete a build, or to produce a working package.
Community interaction has also seen improvements, introduction of new types of requests,
optreq (Optimisation Request),
updreq (Update Request), upon the original
pakreq (Package Request) - users of AOSC OS could now shape the distribution they came to love with suggestions and requests, and we, as packagers/developers, could build AOSC OS to their needs and wishes.
Looking forward, the 7th year presents quite some challenges for our fellow contributors. Since the introduction of monthly update cycles, we have been able to establish a dual-track system of feature-based updates and security/bug-fix updates - however, we have not been able to release monthly wave on time as often as we wished. In addition, our architecture ports (ARM, MIPS, PowerPC alike) had struggled to go in sync with AMD64 since the introduction of this monthly update pattern due to lack of computing power. We will, in the coming year, continue to find the solutions to the issue - as corporate as this sounds, we have yet to have the opportunity to look deeper into this issue.
There are issues we are looking to fix before the end of 2017 though. For example, our system releases have not been updated since February, but we plan on releasing a new wave of system releases later in December - after November’s updates are ready (they will come in the first half of December), and that updates are synced among our architectures - unlikely for MIPS 32/64 bits, unfortunately.
With all that in mind, I wish all my friends of the community a happy anniversary - don’t overwork yourselves (says man sitting in front his Playstation while writing his post)!
— Mingcong Bai
We are happy to announce that our October Wave of updates is now ready for AMD64 users of AOSC OS! We are late for this wave due to the quantity of updates, which are applied to over 500 packages provided for AOSC OS - that is ~20% of all packages available.
Anyways, let’s kick this announcement off with a new wallpaper made available to all AOSC OS users, as part of the default collection of wallpapers.
This wallpaper is made by Tianhao Chai - our resident Wine, NVIDIA, Linux Kernel package maintainer, and Blender enthusiast. This wallpaper is rendered with no other software than Blender, took almost two days to render on his own desktop computer (LOL). Blender project file for this wallpaper is available here, if you would like to make any changes/improvements to this wallpaper, or simply to warm up your room in the coming winter!
Now, to some of the major updates made available in this wave of updates…
Released earlier in September, is now packaged and tested for users of AOSC OS.
GNOME 3.26 contains a large amount of changes made to further polish user experience. For example, the newly designed GNOME Control Center provides a pane-based layout which eases navigation, as opposed to the old icon-and-page-based design.
HiDPI support also sees great improvement, the feature to set DPI scaling on a “fraction scale”, instead of jumping from 1x to 2x, etc. This should offer better flexibility for 2K/3K/4K/… owners.
With the last months spent on “special” operations like ACID, our KDE/Plasma desktop stack was left outdated, with the October wave of updates, users of KDE/Plasma Desktop could enjoy the newest and (hopefully) greatest on offer by the KDE Community…
This section is dedicated to show our gratitude to Zero King, our new friend and collegue in the AOSC OS development effort. With great knowledge and diligent focus on security updates and announcements, Zero King reported security issues and offered update/patching advices to our ABBS Tree and Core Tree on a near-daily basis.
Since his involvement with AOSC OS development, over 100 security advisories was announced in our security mailing list - virtually matching the total amount of advisories announced in 2016! If you haven’t subscribed to that mailling list yet, please do so here to keep yourselves informed with latest security updates made available to AOSC OS, and other security-related suggestions to better protect your privacy and data safety.
However, some updates are delayed due to the lack of time with our developers who work on a volunteer basis, making time out of their own busy lives and academic/work occupations…
Due to the lack of man power and device resources, in combination with the problematic implementation of MIPS ISA found in Loongson/Godson processors - our main maintainer of MIPS 32/64-bit ports, Junde Yhi finds it increasingly difficult to maintain these ports, letting alone keeping up with the large amount of updates.
Therefore, he has proposed to reboot the MIPS 64-bit port with better adaptation to Loongson/Godson platforms - which realistically, are the only personally purchasable devices by our community members and developers. In addition, the MIPS-II port, targetting legacy MIPS 32-bit devices like the YeeLoong 8089D, is also under consideration to be dropped.
For more details on the ongoing discussion, please refer to here.
We would like to dedicate this news post to our new mirror sponsor KoDDoS - a hosting service with a strong focus on anti-DDoS and other cyber attacks. With the new mirror, we have got another mirror in Netherland, serving regions of Europe and the Americas.
Again, our sincere gratitude to KoDDoS for generously providing a mirror for our repository and downloads!
Due to recent flooding of messages from various @qq.com (bots?) to our “discussions” list, we have currently taken emergency - and temporary - measure against all posts from @qq.com e-mail addresses.
If you own such e-mail account and wish to post on our mailing lists, we do apologise for your inconvenience. Please, for now, switch to another e-mail account - or create one elsewhere - for posting on our lists.
We will keep you updated if we are ready with a more scientific and appropriate solution.
We are happy to report that the August-September Wave of updates are now made available for AMD64 users of AOSC OS - along with AOSC OS Core 5 component updates, eMMC is here!
First of all, let’s take a glance at the August-September Wave.
The majority of our work in these two months has been focused upon fixing broken packages (build-time) by ACID, an idea brought up by Lion Yang to spawn “clean”, BuildKit containers and perform a coverage testing with our ABBS tree - putting Ciel to use.
As a result, hundreds of packages - old and new - were marked as broken. ~99% of them has been fixed now. Apart from the effects of fixing these tatty packages (that they should work better than before with less bugs), is the inspiration for us to further enhance the quality assurance modules and error handling of Autobuild3 - our automatic packaging toolkit.
As noted from Mingcong Bai’s last update, we have failed to sync up package updates for our non-AMD64 AOSC OS ports: PowerPC 32/64-bit Big Endian, ARMv7, AArch64, and MIPS 32/64-bit. However…
testingrepositories (except MIPS 32/64-bit)
bugfixupdates are made available (thus no security concerns as of yet).
We will continue to work on catching up with these ports.
Now, onto the exciting stuff, Core 5 “eMMC” is now made available to AOSC OS users as…
As how major (+1.0) Core updates go for AOSC OS, Core 5 includes more extensive updates over the Core 4 series - of course, from the GNU C Library at the bottom, to your GNU Compiler Collection (GCC) - are all updated to the newest versions.
Though no new architectural port is brought to the table for this year, we have worked on improving, and fixing up system application and development experiences.
For example, our compiler/linker hardening spec files were included within Autobuild3 - while some packages, like Python and Qt, records build-time compiler/linker flags, which references to the spec file included within Autobuild3’s installation directory - making developments using tools provided by these packages practically impossible without installing Autobuild3, which is absurd. In Core 5, we have moved these files to the
gcc package, working around this potential issue.
AArch64 should also be able to run applications more reliably with latest fixes in GCC and Binutils - a lot of applications that used to exit with a Segmentation Fault should work properly now. Though by our observation this should be a gradual process.
As one of the major changes to be brought by Core 5, we are introducing the Overlays system to AMD64 users in the coming month or two.
The Overlays system provides binary packages optimised for newer processors - and in AMD64’s case, processors with AVX2 instruction set support - to squeeze out extra performance potentially obtainable by enabling new instructional optimisation flags. For example, instruction-aware packages like GNU C Library, FFmpeg, Mesa, etc. should see observable performance gain than packages built with our standard compilation configurations - for example, all AMD64 packages are built with instruction set support up to SSE3.
Changes were required for Autobuild3 and
apt-gen-list to make it work smoothly for our developers and users, respectively. Autobuild3 now includes “sub-architectural” support, for example, setting
amd64/haswell+ will enable configurations to build packages for the Haswell+ (AVX2) Overlay, while generating packages for the
amd64 architecture in general.
Then, the new implementation of
apt-gen-list detects processor capability when generating APT repository configurations so that, say, users with their computer running Intel’s 5th generation Core processors, when running
apt-gen-list -e "40-source", should result in an APT configuration using the source repository with the
haswell+ Overlay repository automatically enabled - so that they could take advantage of their processors newer instruction sets, thus higher application performance.
October will be a good time to make up package updates left behind in the past two months due to our focus on ACID. Major desktop updates like GNOME 3.26, KDE Applications 16.08 will roll out by the end of October - along with many more applications and component updates to improve your experience with AOSC OS. What’s more…
On a personal note, I do apologise for the lack of update for the past month - as my friend Junde Yhi and I went on a 2-week trip to parts of Russia - and now it’s the beginning of the school season so time management was a great struggle.
Anyways, lets go on with the update. I’m happy to report that Core 5.0 is now in the final testing phase (Release Candidate 4), and should hit the stable repository by the end of the month - yes, with the Joint-August-and-September Wave of updates (and for the same reason mentioned above, we were unable to release the August wave, need more packagers!).
We have now finished preparing a semi-final set (well, final if we didn’t find anything stupid) of Core 5 wallpapers with a completely new style, here’s a small banner to be used in the Core 5 announcement to give you some ideas…
If you want, the full set is already available at the aosc-os-artworks repository, and will be made available to users of the Testing repositories in ~6 hours.
Apart from the wallpaper change, we have made quite some changes to the Core, including…
But I’m not going to share them all just yet, as in the Release Candidate phase, things can still change… a little bit. We will post another update on the actual date-of-release.
Another thing worth looking forward to in September or October is the inclusion of the first wave of “Overlay” packages for AMD64 (x86_64). We are currently making some final touches to the Autobuild3 build toolkit and apt-gen-list - which when done, Overlay repositories should be enabled based on your processor’s capabilities.
More on that later (it’s still crazy busy here so I do apologise for repeated delays).
As for non-AMD64 (ARMv7, AArch64, PowerPC 32-bit, PowerPC 64-bit, MIPS 32-bit, MIPS 64-bit) ports of AOSC OS, we are currently working to synchronise all updates with the ABBS Tree - we can’t guarantee a date of completion just yet, but here are the two things we are sure about…
bugfixupdates (and that includes all security fixes).
bugfixupdates will be synchronised immediately, while “normal updates” from the
stagingbranch will settle in the forseable future.
New AOSC OS tarballs and images will roll out in October (probably by the end of the month) with the Core 5 updates - but again, for non-AMD64 ports, this will not necessarily include all the feature updates from the main tree - we do apologise for that.
— Mingcong Bai