Brief items
Kernel development
Kernel release status
The current development kernel is 5.13-rc7, released on June 20. Linus proclaimed: "So there's not a huge number of patches in here, and most of the patches are pretty small too. A fair number of one-liners and 'few-liners'. Which is just how I like it."
Stable updates: 5.12.12, 5.10.45, and 5.4.127 were released on June 18, followed by 5.12.13, 5.10.46, and 5.4.128 on June 23.
Note that 5.12.13 and 5.10.46 contain a fix for a significant Spectre vulnerability; stay tuned to LWN for details.
Supporting Miguel Ojeda’s Work on Rust in the Linux Kernel (Prossimo blog)
The Prossimo project has announced that it has contracted with Miguel Ojeda to work on Rust in the Linux kernel for the next year. Prossimo is a new name for the memory-safety projects being run by the Internet Security Research Group (ISRG), which is the organization behind the Let's Encrypt certificate authority (CA) project. Google provided the funds to enable Ojeda to work full-time on the project starting back in April.
The Linux kernel is at the heart of the modern Internet, from servers to client devices. It’s on the front line for processing network data and other forms of input. As such, vulnerabilities in the Linux kernel can have a wide-ranging impact, putting security and privacy for people, organizations, and devices at risk. Since it’s written largely in the C language, which is not memory-safe, memory safety vulnerabilities such as buffer overflows and use-after-frees are a constant concern. By making it possible to write parts of the Linux kernel in Rust, which is memory-safe, we can entirely eliminate memory safety vulnerabilities from certain components, such as drivers.
We have previously covered another Prossimo project, which provides funding for Rustls development, as well as Ojeda's work on Rust in the kernel.
A review of the kernel's release-signing practices
At the behest of the Linux Foundation, a security-oriented review of the kernel project's release-signing and key-management practices was done; the report from this work has now been published.
This review resulted in seven recommendations that can help improve the robustness of the security and use of the signing keys for the Linux Kernel. Additionally, Trail of Bits suggested that more comprehensive and up to date documentation on the current procedures and policies are needed to help organizations around the world to best understand the current stratagem.
See the full report for the details.
Distributions
Rocky Linux 8.4
Rocky Linux is a community enterprise operating system, created by Gregory Kurtzer, founder of the CentOS project. Rocky Linux 8.4 has been released for x86-64 and aarch64. "Sufficient testing has been performed such that we have confidence in its stability for production systems."
SUSE Linux Enterprise 15 SP3
SUSE Linux Enterprise (SLE) 15 SP3 has been released.
With the release of SLES 15 SP3 we now have 100% binary compatibility with openSUSE Leap 15.3 (our developer platform). That means that you can smoothly move workloads from development to production environments that run SLE 15 SP3 – and back again – with assured application compatibility.
See the release notes for additional information.
Development
Louis: PipeWire under the hood
For those wanting lots of grungy details about how the PipeWire system works, this blog entry from Patrick Louis should be of interest.
The session manager is the piece of software that is responsible for the policy: to find and configure devices, attach them appropriately to the graph, set and restore their properties if needed, route streams to the right device, set their volume, and more. It can create it’s own objects in the PipeWire graph related to session management such as endpoints and links between them, a sort of abstraction on top of PipeWire nodes. There are currently two implementations of the session manager: pipewire-media session and WirePlumber.
Development quotes of the week
Ideally, the project goals of an open source project like Rust are simply the combination of personal goals of everyone working on it. And this is tricky. Because when a new person shows up, we don’t assign them a task that fits with our goals. Instead, this person comes with their own goals and ideas, adding to an already quite diverse set of potentially conflicting goals.— Mara BosAnd this is why an open source project run by volunteers needs a management structure. You can’t just put together a hundred people with each their own goals, and hope it all works out.
So, weirdly, the first piece of software cannot be software. It’s going to be much more akin to hardware. Taken to the extreme, it could literally be made out of wires hooked together in the right way, or a string of core rope memory that twiddles the electrons just so. The idea is going to have to leap from our brain into the physical world, without going through a software intermediate stage.— David Anderson (Thanks to Paul Wise)This feels like a bit of a mystical experience that I think we’ve lost in modern computing. These days, if you have a new platform you want to bootstrap, you have an existing computer that you use to puppet the new hardware. You cross-compile software for the new target, flash its storage through a USB programmer, and you’re done. It’s way less tedious than bootstrapping from scratch, but it obscures that crucial transition from a purely hardware world into the universe of software. Every time that transition happens, it’s a kind of Big Bang for a new universe of runnable ideas. I think it’s a pity that we’ve optimized bringup to the point where few people get to experience that first leap between worlds.
Page editor: Jake Edge
Next page:
Announcements>>