This section provides documentation covering the implementation goals and strategies taken to enable features or functionality in Apertis.

For more detailed guidance on implementing or using specific functionality, please refer to the guides.

Contents

Software Bill of Materials

Posted on 2024-06-28

Software Bill of Materials Software Bill of Materials (SBOM) is an essential part in the supply chain management, especially for complex open source projects like Apertis. Indeed, Apertis combines components from different sources and with different licenses. This diversity could lead to license compliance failures and/or security failures without a strong automatic listing process. SBOM allows to overcome this situation by building an inventory of all components used in a product. [Read More]

Change History

Posted on 2024-01-24

Whenever daily builds of Apertis images are run, a set of changes from the release’s previous daily images is saved as a JSON file to https://images.apertis.org/daily/RELEASE/BUILD/meta/changes-since-PREVIOUS.json. Format The format of the changes JSON file is: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 { // Array array of images and their changes. [Read More]

License Scanning

Posted on 2022-07-26

The license is an important element in open source projects as the license define acceptable use cases, user rights, and contribution guidelines. There are different ways to identify the license from the project source code such as SPDX headers, the LICENSE file, and the COPYING file. However an open source project may contain files from other projects and may use different licenses for different files. Apertis has certain licensing expectations. In order to improve the accuracy of the licensing information, Apertis performs license scanning as part of it’s continuous integration process [Read More]

The Apertis Workflow

Posted on 2021-05-10

Apertis is primarily built from Debian source packages utilising optimised, automated workflows based on the processes used by Debian. The Debian sources were selected due to their high quality and modularity, them having no reliance on a single vendor and the large number of components already packaged. Apertis utilises the tools provided by the Debian community, combining these with other tools, such as GitLab and the Open Build Server (OBS) to create a more automated, optimised workflow. [Read More]

Infrastructure monitoring and testing

Posted on 2020-09-17

The Apertis infrastructure is itself a fundamental component of what Apertis delivers: its goal is to enable developers and product teams to work and collaborate efficiently, focusing on their value-add rather than starting from scratch. This document focuses on the components of the current infrastructure and their monitoring and testing requirements. The Apertis infrastructure The Apertis infrastructure is composed by a few high level components: GitLab OBS APT repository Artifacts hosting LAVA From the point of view of developers and product teams, GitLab is the main interface to Apertis. [Read More]

Encrypted updates

Posted on 2020-06-11

The encryption of the update file makes accessing its contents more difficult for bystanders, but doesn’t necessarily protect from more resourceful attackers that can extract the decryption key from the user-owned device. The bundle encryption is done using the loop device with standard/proven kernel facilities for de/encryption (e.g. dm-crypt/LUKS). This allows the mechanism to be system agnostic (not tied to OSTree bundles), and can be used to ship updates to multiple components at once by including multiple files in the bundle. [Read More]