Apertis is a Debian derivative distribution geared towards the creation of product-specific images for ARM (both the 32bit ARMv7 and 64-bit ARMv8 versions using the hardfloat ABI) and Intel x86-64 (64-bit) systems.

Apertis v2021.1 is the second stable release of the Apertis v2021 stable release flow. Apertis is committed to maintaining the v2021 release stream up to the end of 2022.

This Apertis release is built on top of Debian Buster with several customisations and the Linux kernel 5.10.x LTS series.

Test results for the v2021.1 release are available in the following test reports:

Point releases including all the security fixes accumulated will be published quarterly, up to v2021.7.

Release flow

  • 2019 Q4: v2021dev0
  • 2020 Q1: v2021dev1
  • 2020 Q2: v2021dev2
  • 2020 Q3: v2021dev3
  • 2020 Q4: v2021pre
  • 2021 Q1: v2021.0
  • 2021 Q2: v2021.1
  • 2021 Q3: v2021.2
  • 2021 Q4: v2021.3
  • 2022 Q1: v2021.4
  • 2022 Q2: v2021.5
  • 2022 Q3: v2021.6
  • 2022 Q4: v2021.7

Release downloads

Apertis v2021 images
Intel 64-bit minimal target base SDK SDK
ARM 32-bit (U-Boot) minimal target
ARM 64-bit (U-Boot) minimal
ARM 64-bit (Raspberry Pi) minimal target

The Intel minimal and target images are tested on the reference hardware (MinnowBoard Turbot Dual-Core), but they can run on any UEFI-based x86-64 system. The sdk image is tested under VirtualBox.

Apertis v2021 package list

Apertis v2021 repositories

deb https://repositories.apertis.org/apertis/ v2021 target development sdk hmi
deb https://repositories.apertis.org/apertis/ v2021-security target development sdk hmi

Changes

This is a point release in the stable cycle, only security fixes and small changes are appropriate for this release stream.

This release includes the security updates from Debian Buster and the latest LTS Linux kernel on the 5.10.x series.

Deprecations

No new deprecations or ABI breaks are part of this release.

ABI/API breaks

Position Independent Executables are now the default in GCC

During a security audit it was found that due to a limitation in the upstream Debian packaging rules in the gcc package the default was not to produce Position Independent Executables (PIE).

With this release the default has been tweaked to ensure that the address space layout randomization (ASLR) technique can be effective in mitigating attacks.

This is a pretty safe change, but may still cause unintended effects: affected packages can opt-out using export DEB_BUILD_MAINT_OPTIONS=hardening=-pie in their debian/rules.

The archive has not been re-built yet to apply new default to all the binary packages, with the rebuild being scheduled for the v2021.2 release.

Infrastructure

Apertis Docker images

The Apertis Docker images provide a unified and easily reproducible build environment for developers and services.

As of today, this includes the apertis-base, apertis-image-builder, apertis-package-source-builder, apertis-flatdeb-builder, apertis-documentation-builder, and apertis-testcases-builder, Docker images.

Apertis infrastructure tools

The Apertis v2021 infrastructure repository provides packages for the required versions of ostree-push and ostree for Debian Buster:

deb https://repositories.apertis.org/infrastructure-v2021/ buster infrastructure

Images

Image daily builds, as well as release builds can be found at https://images.apertis.org/

Image build tools can be found in the Apertis tools repositories.

Infrastructure overview

The Image build infrastructure document provides an overview of the image building process and the involved services.

Known issues

High (8)

  • T7781 aum-ota-api: test failed due to new bootcount test needing a newer uboot
  • T7802 flatpak install -y org.apertis.mildenhall.Platform org.apertis.mildenhall.Sdk
  • T7879 sdk-debos-image-building: test failed
  • T7984 Rhosydd test shows status as incomplete on v2021 images
  • T8019 License information generated by ci-license-scan is not deterministic
  • T8029 Unable to apply few of the gitlab-rulez for projects hosted on Gitlab

Normal (67)

  • T8042 bluez-setup test is failing in v2021 BaseSDK
  • T2896 Crash when initialising egl on ARM target
  • T2930 Develop test case for out of screen events in Wayland images
  • T3210 Fix Tracker testcase to not download media files from random HTTP user folders
  • T3233 Ribchester: deadlock when calling RemoveApp() right after RollBack()
  • T3321 libgles2-vivante-dev is not installable
  • T3920 arm-linux-gnueabihf-pkg-config does not work with sysroots installed by ade
  • T4092 Containers fail to load on Gen4 host
  • T4293 Preseed action is needed for Debos
  • T4307 ribchester-core causes apparmor denies on non-btrfs minimal image
  • T4422 do-branching fails at a late stage cloning OBS binary repos
  • T4444 A 2-3 second lag between the speakers is observed when a hfp connection is made over bluetooth
  • T4693 Not able to create namespace for AppArmor container on the internal mx6qsabrelite images with proprietary kernel
  • T5487 Wi-Fi search button is missing in wifi application
  • T5748 System users are shipped in /usr/etc/passwd instead of /lib/passwd
  • T5863 Songs/Videos don’t play on i.MX6 with Frampton on internal images
  • T5896 sdk-dbus-tools-bustle testcase is failing
  • T5897 apparmor-ofono test fails
  • T5900 evolution-sync-bluetooth test fails
  • T5931 connman-usb-tethering test fails
  • T6024 folks-inspect: command not found
  • T6077 youtube Videos are not playing on upstream webkit2GTK
  • T6078 Page scroll is lagging in Minibrowser on upstream webkit2GTK
  • T6111 traprain: 7_traprain test failed
  • T6243 AppArmor ubercache support is no longer enabled after 18.12
  • T6291 Generated lavaphabbridge error report email provides wrong link for full report link
  • T6292 gettext-i18n: test failed
  • T6349 sdk-code-analysis-tools-splint: 3_sdk-code-analysis-tools-splint test failed
  • T6366 sdk-cross-compilation: 10_sdk-cross-compilation test failed
  • T6446 aum-update-rollback-tests/amd64: DNS not available in LAVA tests after reboot
  • T6620 Repeatedly plugging and unplugging a USB flash drive on i.MX6 (Sabrelite) results in USB failure
  • T6727 FTBFS: Apertis v2020pre package build failures
  • T6768 Fix the kernel command line generation in OSTRee for FIT image
  • T6773 HAB testing: the unsigned image may pass validation in several circumstances
  • T6783 Kernel trace on armhf board with attached screen
  • T6795 SabreLite failing to boot due to failing “to start udev Coldplug all Devices”
  • T6806 HAB on SabreLite in open state accepts any signed kernel regardless of the signing key
  • T6885 gitlab-rulez fails to set location of the gitlab-ci.yaml on first run
  • T6961 audio-backhandling feature fails
  • T7000 DNS resolution does not work in Debos on some setups
  • T7012 Apparmor Denied session logs keep popping up on the terminal while executing tests
  • T7016 network proxy for browser application is not resolving on mildenhall-compositor
  • T7127 apparmor-functional-demo: test fails on internal images
  • T7128 apparmor-session-lockdown-no-deny
  • T7129 apparmor-tumbler: test failed
  • T7333 apparmor-geoclue: test failed
  • T7512 debos sometimes fails to mount things
  • T7530 ADE can’t download amd64 sysroot.
  • T7617 frome: test failed
  • T7721 Fakemachine in debos immediately powers off and hangs in v2021 and v2022dev1 when using UML on the runners
  • T7776 On executing system-update test on hawkbit-agent wrong delta is selected
  • T7785 DNS over TLS does not work on systemd-resolve
  • T7815 ci-license-scan fails to detect (L)GPL-3 code in util-linux
  • T7817 rhosydd: test failed
  • T7819 newport: test failed
  • T7826 Kernel panic logs seen on apertis-update-manager-usb-unplug test on v2019/r-car with u-boot from v2021
  • T7827 When creaing new test repositories common-subtree.sh add gets confused if the checked out branch does not exists in tests/common
  • T7843 Package node-grunt-legacy-log fails to build in OBS due to environment variables
  • T7849 Error building package po4a in OBS
  • T7852 v2022dev2: Investigate test failure TestGetSourceMount
  • T7854 v2022dev2: FTBFS for package clisp in test streams.tst
  • T7859 spymemcached: Investigate failing test due to hostname mismatch
  • T7872 Error building package ruby-redis on OBS
  • T7923 Gitlab pipeline OBS job reported “success” but OBS build was “unresolvable”
  • T7985 Errors are encountered when trying to install the ssl-cert & postfix packages for Rhoyssd test
  • T8039 scan-copyrights fails on packages with non ASCII information in package.json
  • T8058 Rhosydd test fails to launch rhosydd-speedo-backend.service