I-Wolfi OS: i-distro eyenzelwe iziqukathi kanye ne-supply chain

wolfi os

I-Wolfi iwukusabalalisa kwesoftware ye-GNU engasindi eyakhelwe ukuzungeza i-minimalism, iyenze ifanele izindawo ezifakwe iziqukathi.

Uma ungomunye walabo abasebenza kakhulu ngeziqukathi, ngingancoma ukufunda i-athikili elandelayo lapho sizokhuluma khona nge-Wolfi OS, okuwukusabalalisa kweLinux yomphakathi omusha okuhlanganisa izici ezinhle kakhulu zezithombe ezikhona zesisekelo sesitsha esinezinyathelo zokuphepha ezizenzakalelayo. ukuthi Zizofaka amasignesha esofthiwe enikwe amandla yi-Sigstore, i-provenance, nama-BOM esofthiwe.

I-Wolfi OS ukusatshalaliswa okukhishiwe okwenzelwe inkathi yomdabu wamafu. Ayinayo i-kernel eyedwa, kodwa kunalokho incike endaweni (efana nesikhathi sokusebenza kwesiqukathi) ukuze inikeze eyodwa. Lokhu kwehlukaniswa kokukhathazeka eWolfi kusho ukuthi ivumelana nezimo ezihlukahlukene.

Mayelana ne-Wolvi OS

Endaweni yayo yokugcina ku-GitHub singathola ukuthi:

U-Chainguard uqale iphrojekthi ye-Wolvi ukuze unike amandla ukudalwa kwe-Chainguard Images, iqoqo lethu lezithombe ezikhethiwe ezingasatshalaliswa ezihlangabezana nezimfuneko zochungechunge oluvikelekile lokuhlinzeka ngesofthiwe. Lokhu kwakudinga ukusatshalaliswa kwe-Linux okunezingxenye kumbudumbudu efanele kanye nokusekelwa kwakho kokubili i-glibc ne-musl , into engatholakali okwamanje ku-ecosystem ye-Linux ye-cloud-native.

Kuphinde kukhulunywe ukuthi uWolvi, ogama lakhe liphefumulelwe yi- Ingwane encane kunazo zonke emhlabeni, inezici ezithile ezibalulekile Yini eyenza ihluke kwamanye ama-distros agxile endaweni yamafu/yesitsha:

  • Ihlinzeka ngekhwalithi ephezulu yesikhathi sokuhlanganisa i-SBOM njengokujwayelekile kwawo wonke amaphakheji
  • Amaphakheji adizayinelwe ukuthi abe yimbudumbudu futhi aziqukathe, ukusekela izithombe ezincane
  • Isebenzisa ifomethi yephakheji ye-apk ezanyiwe nethembekile
  • Isistimu yokwakha ememezelayo ngokugcwele futhi ekhiqizekayo
  • Idizayinelwe ukusekela i-glibc ne-musl

Kuyafaneleka ukusho lokho I-Wolfi OS ukusatshalaliswa kweLinux yakhelwe kusukela ekuqaleni, okungukuthi, ayisekelwe kunoma yikuphi okunye ukusatshalaliswa okukhona futhi ihloselwe ukusekela ama-paradigm ekhompyutha amasha, njengeziqukathi.

Nakuba Wolfi inezimiso zokuklama ezifanayo ne-Alpine (njengokusebenzisa i-apk), i-distro ehlukile egxile ekuvikelekeni kwe-supply chain. Ngokungafani ne-Alpine, i-Wolvi okwamanje akazakhi i-Linux kernel yayo, kodwa esikhundleni salokho incike endaweni yokusingatha (isibonelo, isikhathi sokusebenza kwesiqukathi) ukuze inikeze eyodwa.

Futhi kungenxa yokuthi kumdali we-Wolfi ukuphepha kwe-software supply chain kuyingqayizivele, ngoba iveza ukuthi inezinhlobo eziningi ezahlukene zokuhlasela ezingakhomba amaphuzu amaningi ahlukene emjikelezweni wokuphila wesofthiwe. Awukwazi ukuthatha ucezu lwesofthiwe yezokuphepha, uyivule, futhi uzivikele kukho konke.

“Sibiza i-Wolvi njenge-undistro ngoba ayikona ukusatshalaliswa kwe-Linux okugcwele okuklanyelwe ukusebenza ngensimbi engenalutho, kodwa kunalokho ukusatshalaliswa okukhishiwe okwenzelwe inkathi yamafu. Okuphawuleka kakhulu, asizange siyifake i-Linux kernel, kodwa esikhundleni salokho sithembele endaweni ezungezile (njengesikhathi sokusebenza kwamakhonteyna) ukuthi siyinikeze,” kusho uDan Lorenc, oyi-CEO yakwaChainguard.

“Ngaphezu kwalokho, ukusatshalaliswa kweLinux ngokwayo kuvame ukukhulula izinguqulo ezizinzile zesofthiwe isikhathi eside, kuyilapho onjiniyela abafaka isofthiwe (futhi) benza ukufakwa mathupha ukuze bathole izinguqulo zakamuva, noma zakamuva. Ngenxa yalokho, kunokunqamuka okukhulu phakathi kwalokho okutholwa yizikena ngama-CVE okuphepha ochungechungeni lokuhlinzekwa kwesofthiwe kanye nalokho okukhona ngempela endaweni evamile.

U-Wolfi uthatha izithombe ezivuselelwe njalo zeziqukathi eziyisisekelo lokho kukhomba ubuthakathaka obaziwayo, Ukuqeda lokhu kubambezeleka phakathi kokusabalalisa okuvamile nezithombe zesiqukathi, nabasebenzisi abasebenzisa izithombe ezinobungozi obaziwayo. impisi vala lesi sikhala ukuqinisekisa ukuthi izithombe zesiqukathi zinolwazi lwemvelaphi (lapho izithombe zivela khona futhi ziqinisekisa ukuthi aziphazanyiswa) futhi yenza isizukulwane se-SBOM sibe into engenzeka phakathi nenqubo yokwakha, futhi hhayi ekugcineni.

ekugcineni uma ukhona unentshisekelo yokwazi okwengeziwe ngayo mayelana nalokhu kukhishwa okusha, ungabheka imininingwane ku- isixhumanisi esilandelayo.


Yiba ngowokuqala ukuphawula

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.