Glossary

agent a persistent non-GUI process launched automatically at boot time, immediately after application installation or by D-Bus activation [defined by: Applications design document] application bundle, app bundle, bundle a group of functionally related components (be they services, data, or programs), installed as a unit. This matches the sense with which “app” is typically used on mobile platforms such as Android and iOS; for example, we would say that an Android . [Read More]

Attack detection

The platform should have a heuristic for detecting whether an app-bundle has been compromised or is malicious. This design document, which has not yet been written, will collect the various possible inputs to this heuristic, and the various actions that might be taken as a result of the heuristic deciding that an app-bundle's behaviour is potentially or probably malicious. Egress filtering is a potential input: if an application attempts to carry out Internet connections that are not allowed, this is suspicious behaviour. [Read More]

Modifying an AppArmor profile

Development environment Set up a development environment suitable for modifying AppArmor profiles sudo mount -o remount,rw / sudo apt-get install vim # or your favourite text editor sudo apt-get install apparmor-utils Add or modify the AppArmor profile Create or modify the profile in /etc/apparmor.d Profiles are named after the full path to the executable they confine, with / replaced by . See below for guidance on the profile language; if creating a profile from scratch, you could use aa-genprof to bootstrap it (again, see below) Test the profile’s syntax by parsing it: sudo apparmor_parser -r < /etc/apparmor. [Read More]

Building a Debian package

Create the development environment Set up a VirtualBox virtual machine and operate from it. Check out the package This example makes a small packaging change to the bluez package in the apertis:15.09:target project. This can all be done on a desktop machine — just make sure to download an ospack image with the appropriate architecture (probably amd64). Branch the package in OBS: osc branch apertis:15.09:target/bluez osc co home:$username:branches:apertis:15.09:target/bluez Apply changes Unpack the sources, make your changes and rebuild the source package [Read More]

Filesystem Layout

See Application Layout for more details of how store and built-in application bundles are arranged. Assumptions Store application bundles are arranged according to the Application Layout. Built-in application bundles are arranged according to the Application Layout. Platform upgrades are somewhat frequent, although not as frequent as store application bundle installation, upgrade or removal. Rollbacks are supported, but are relatively infrequent. Requirements Application bundles Suppose com.example.BuiltInApp is a built-in application bundle. [Read More]

Packages

This page lists some packages found in Apertis images, not all of which are present in typical Linux distributions. Standard Linux components such as D-Bus and systemd are also listed here if they are used extensively by Apertis. Many Apertis packages are named after sites in the UK where significant Roman archaeological hoards were found. Each of these packages is classified according to these properties: is it a system service (its scope is the whole system) or a user service (its scope is one specific user)? [Read More]