文档章节

英特尔 Clear Linux OS 操作系统的更新原理

chipo
 chipo
发布于 08/14 15:58
字数 3690
阅读 37
收藏 0

Clear Linux OS 中的系统更新命令:

sudo swupd update

swupd将Clear Linux OS安装与上游更新和软件相链接。

  描述

  它是如何工作的

  例子

  快速参考

  相关主题

一、描述

swupd有两个主要功能:

通过安装bundle软件包而不是package软件包来管理软件,并替换APT或YUM。

1、检查系统更新并安装它们。

swupd在后台管理重叠的依赖关系,确保所有软件在整个系统中兼容。它可用于验证操作系统、清理缓存文件和修复问题。

bundle包里包含交付软件功能所需的一切。它们是由透明Linux操作系统管理的最小粒度组件。当安装一个软件时,一个包带有它的所有依赖项,而不是下载一系列包依赖项。

2、版本控制

使用包管理器来监控软件版本的兼容性,或者用来比较很多Linux发行版上的多个系统,可能很麻烦。

使用Clear Linux操作系统swupd,版本控制发生在单个文件级别。这意味着Clear Linux操作系统会生成一个全新的操作系统版本,对系统进行任何软件更改,包括软件降级或删除。这种滚动发布版本模型,类似于git内部版本跟踪,其中跟踪任何单个文件提交,并在更改时向前移动指针。

代表操作系统当前版本的数字,描述了操作系统上所有软件的版本。每个构建都由一组特定的包组成,这些包由特定版本的包组成。在日常工作中,这对于系统管理员来说很重要,比如需要确定哪些系统没有最新的安全补丁,或者哪些软件组合已经过测试。相同数量的每一个版本都保证包含相同版本的软件,因此运行相同版本的Clear Linux操作系统的两个系统之间没有歧义。

3、更新

Clear Linux操作系统默认情况下会强制定期更新操作系统,并根据版本服务器自动检查更新。内容服务器为所有版本提供文件和元数据内容,并且可以与版本服务器相同。内容url服务器以清单的形式提供元数据,清单列出并描述文件内容、符号链接和目录。此外,实际内容以归档文件的形式提供给客户端。 使用Clear Linux操作系统的软件更新也很有效。与基于包的发行版不同,swupd只更新已更改的文件,而不是整个包。例如,操作系统安全补丁小到15 KB是很常见的。使用二进制增量,Clear Linux操作系统只能应用所需的内容。 有关如何为Clear Linux操作系统生成更新内容的详细信息,请参见混合工具。

二、它是如何工作的

1、先决条件

该设备位于连接良好的网络上。 该设备能够连接到更新服务器。默认服务器是:http://update.clearlinux.org

2、更新

默认情况下,Clear Linux操作系统更新是自动的,但是只能根据需要进行设置。swupd确保定期更新简单安全。它还可以检查当前安装的文件和软件的有效性,并可以纠正任何问题。

3、清单

Clear Linux操作系统软件更新内容由数据和元数据组成。数据是最终保存在操作系统中的文件。元数据包含向操作系统文件系统正确提供数据以及更新系统和向操作系统添加或删除附加内容的相关信息。 清单大多是描述内容的散列列表。每个包都有自己的清单文件。有一个描述所有清单的主清单文件,将所有清单联系在一起。

4、完整文件、packs包和增量packs包

为了加快更新和优化内容传递,通过以下方法之一获得提供给系统的更新数据:

在每个版本中,总是为每个文件生成完整文件。这允许任何Clear Linux操作系统直接获得每个版本的内容的精确副本。例如,如果操作系统验证需要替换单个文件,则使用该选项。

有些版本提供packs包。它们结合了许多文件,以加快安装媒体和大型更新的创建。

增量packs包是只包含更新(二进制差异)的packs包的优化版本。没有原始文件内容就不能使用它们。

5、bundle包搜索

swupd在下载清单数据中搜索与术语匹配的bundle包。每次搜索只输入一个术语或带连字符的术语。使用命令man swupd了解更多信息。

只返回基本bundle包。bundle包可以通过includes包含来容纳其他bundle包。有关更多详细信息,请参见bundle包定义文件及其子目录包。 已经安装的包会在搜索结果中标记(已安装)。 或者,您可以在GitHub*上查看我们的捆绑包。

三、例子

示例1:禁用和启用自动更新

默认情况下,Clear Linux操作系统更新是自动的,但是只能根据需要进行设置。

验证您当前的自动更新设置。

sudo swupd autoupdate

输出:

enabled

禁用自动更新。

sudo swupd autoupdate --disable

输出:

Warning: disabling automatic updates may take you out of compliance with your IT policy

(警告:禁用自动更新可能会使您不符合您的信息技术策略)

Running systemctl to disable updates

(运行systemctl禁用更新)

Created symlink /etc/systemd/system/swupd-update.service → /dev/null.

Created symlink /etc/systemd/system/swupd-update.timer → /dev/null.

手动检查更新。

sudo swupd check-update

确定您需要的更新后,安装一个更新。

sudo swupd update --version <version number>

重新启用自动安装。

sudo swupd autoupdate --enable

示例2:查找并安装Kata容器*

Kata容器是一种流行的容器实现。与其他容器实现不同,每个Kata容器都有自己的内核实例,并在自己的虚拟机上运行,以提高安全性。Clear Linux操作系统使安装变得非常容易,因为您只需要添加一个包来使用Kata容器:容器-virt,尽管有许多依赖关系。另外,看看我们的教程:Kata容器*。

找到正确的包。

要返回搜索字符串的所有可能匹配项,请输入swupd搜索,然后输入“kata”: sudo swupd search kata

输出应该类似于:

Bundle with the best search result:

containers-virt - Run container applications from Dockerhub in lightweight virtual machines

This bundle can be installed with:

swupd bundle-add containers-virt

Alternative bundle options are

cloud-native-basic - Contains ClearLinux native software for Cloud

注意

如果您的搜索没有产生特定术语的结果,请缩短搜索术语。例如,用kube代替kubernetes。

添加捆绑包。

sudo swupd bundle-add containers-virt

注意

要添加多个包,请添加一个空格,后跟包名。 成功安装的输出应该类似于:

Downloading packs...

Extracting containers-virt pack for version 24430

...50%

Extracting kernel-container pack for version 24430

...100%

Starting download of remaining update content. This may take a while...

...100%

Finishing download of update content...

Installing bundle(s) files...

...100%

Calling post-update helper scripts.

Successfully installed 1 bundle

示例3:验证并纠正系统文件不匹配

swupd可以确定系统目录和文件是否已被添加、覆盖、删除或修改(例如,权限)。

sudo swupd diagnose

swupd监视的所有目录都根据清单数据进行验证。哈希不匹配标记如下:

Verifying version 23300

Verifying files

...0%

Hash mismatch for file: /usr/bin/chardetect

...

...

Hash mismatch for file: /usr/lib/python3.6/site-packages/urllib3/util/wait.py

...100%

Inspected 237180 files

423 files did not match

Verify successful

在这种情况下,安装在默认安装之上的Python*包被标记为不匹配。swupd可以根据命令行选项来忽略或修复问题。

swupd可以纠正它检测到的任何问题。可以添加附加指令,包括要忽略的目录的白名单。

以下命令修复问题,删除未知项目,并忽略匹配/usr/lib/python的文件或目录:

sudo swupd repair --picky --picky-whitelist=/usr/lib/python

四、快速参考

swupd info

返回当前安装的版本和更新服务器。

swupd update <version number>

特定版本的更新或最新版本的更新(如果不使用参数)。

swupd bundle-list [–all]

列出已安装的包。

swupd bundle <search term>

查找包含您的搜索词的包。

swupd bundle-add <bundle name>

添加一个包。

swupd bundle-remove <bundle name>

移除包。

swupd –help

列出其他swupd命令。

man swupd

打开swupd手册页。

有关更多详细信息,请参考GitHub上的swupd源文档。 相关主题 autospec 搅拌器 可用捆绑包

 

以下为英文原文

swupd

swupd links a Clear Linux* OS installation with upstream updates and software.

Description

swupd has two main functions:

  1. Manage software and replace APT or YUM, by installing bundles rather than packages.
  2. Check for system updates and install them.

swupd manages overlapping dependencies behind the scenes, ensuring that all software is compatible across the system. It can be used to verify the OS, clean cached files, and fix issues.

Bundles contain everything needed to deliver a software capability. They are the smallest granularity component that is managed by Clear Linux OS. A bundle comes with all of its dependencies rather than downloading a cascade of package dependencies when installing a piece of software.

Versioning

Using package managers to monitor software version compatibility or compare multiple systems on many Linux distributions can be cumbersome.

With Clear Linux OS swupd, versioning happens at the individual file level. This means Clear Linux OS generates an entirely new OS version with any set of software changes to the system, including software downgrades or removals. This rolling release versioning model is similar to git internal version tracking, where any of the individual file commits are tracked and move the pointer forward when changed.

A number that represents the current release of the OS describes the versions of all the software on the OS. Each build is composed of a specific set of bundles made from a particular version of packages. On a daily basis, this matters to system administrators who need to determine which of their systems do not have the latest security fixes, or which combinations of software have been tested. Every release of the same number is guaranteed to contain the same versions of software, so there’s no ambiguity between two systems running the same version of Clear Linux OS.

Updating

Clear Linux OS enforces regular updating of the OS by default and automatically checks for updates against a version server. The content server provides the file and metadata content for all versions and can be the same as the version server. The content url server provides metadata in the form of manifests, which list and describe file contents, symlinks, and directories. Additionally, the actual content is provided to clients in the form of archive files.

Software updates with Clear Linux OS are also efficient. Unlike package-based distributions, swupd only updates files that have changed, rather than entire packages. For example, it is quite common for an OS security patch to be as small as 15 KB. Using binary deltas, Clear Linux OS is able to apply only what is needed.

For details on how to generate update content for Clear Linux OS, see the mixer tool.

How it works

Prerequisites

  • The device is on a well-connected network.
  • The device is able to connect to an update server. The default server is: http://update.clearlinux.org

Updates

Clear Linux OS updates are automatic by default, but can be set to occur only on demand. swupd makes sure that regular updates are simple and secure. It can also check the validity of currently installed files and software, and can correct any problems.

Manifests

The Clear Linux OS software update content consists of data and metadata. The data is the files that end up in the OS. The metadata contains relevant information to properly provision the data to the OS file system, as well as update the system and add or remove additional content to the OS.

The manifests are mostly long lists of hashes that describe content. Each bundle gets its own manifest file. There is a master manifest file that describes all manifests to tie it all together.

Fullfiles, packs, and delta packs

To speed up updates and optimize content delivery, update data provisioned to a system is obtained by one of the following methods:

  • Fullfiles are always generated for every file in every release. This allows any Clear Linux OS to obtain the exact copy of the content for each version directly. This is used if the OS verification needs to replace a single file, for instance.
  • Packs are available for some releases. They combine many files to speed up the creation of installation media and large updates.
  • Delta packs are an optimized version of packs that only contain updates (binary diffs). They cannot be used without having the original file content.

Bundle search

swupd searches download manifest data for bundles that match the term. Enter only one term, or hyphenated term, per search. Use the command man swupd to learn more.

Only the base bundle is returned. Bundles can contain other bundles via includes. For more details, see Bundle Definition Files and its subdirectory bundles.

Bundles that are already installed are marked (installed) in search results.

Optionally, you can review our bundles on GitHub*.

Examples

Example 1: Disable and enable automatic updates

Clear Linux OS updates are automatic by default, but can be set to occur only on demand.

  1. Verify your current auto-update setting.

    sudo swupd autoupdate

    Output:

    Enabled
  2. Disable automatic updates.

    sudo swupd autoupdate --disable

    Output:

    Warning: disabling automatic updates may take you out of compliance with your IT policy
    
    Running systemctl to disable updates
    Created symlink /etc/systemd/system/swupd-update.service → /dev/null.
    Created symlink /etc/systemd/system/swupd-update.timer → /dev/null.
  3. Check manually for updates.

    sudo swupd check-update
  4. Install an update after identifying one that you need.

    sudo swupd update --version <version number>
  5. Re-enable automatic installs.

    sudo swupd autoupdate --enable

Example 2: Find and install Kata Containers*

Kata Containers is a popular container implementation. Unlike other container implementations, each Kata Container has its own kernel instance and runs on its own VM for improved security.

Clear Linux OS makes it very easy to install, since you only need to add one bundle to use Kata Containers: containers-virt, despite a number of dependencies. Also, check out our tutorial: Kata Containers*.

  1. Find the correct bundle.

    To return all possible matches for the search string, enter swupd search, followed by ‘kata’:

    sudo swupd search kata

    The output should be similar to:

    Bundle with the best search result:
    
    containers-virt - Run container applications from Dockerhub in
    lightweight virtual machines
    
    This bundle can be installed with:
    
         swupd bundle-add  containers-virt
    
    Alternative bundle options are
    
         cloud-native-basic - Contains ClearLinux native software for Cloud

    Note

    If your search does not produce results with a specific term, shorten the search term. For example, use kube instead of kubernetes.

  2. Add the bundle.

    sudo swupd bundle-add containers-virt

    Note

    To add multiple bundles, add a space followed by the bundle name.

    The output of a successful installation should be similar to:

    Downloading packs...
    
    Extracting containers-virt pack for version 24430
        ...50%
    Extracting kernel-container pack for version 24430
        ...100%
    Starting download of remaining update content. This may take a while...
        ...100%
    Finishing download of update content...
    Installing bundle(s) files...
        ...100%
    Calling post-update helper scripts.
    Successfully installed 1 bundle

Example 3: Verify and correct system file mismatch

swupd can determine whether system directories and files have been added to, overwritten, removed, or modified (e.g., permissions).

sudo swupd diagnose

All directories that are watched by swupd are verified according to the manifest data. Hash mismatches are flagged as follows:

Verifying version 23300
Verifying files
   ...0%
Hash mismatch for file: /usr/bin/chardetect
...
...
Hash mismatch for file: /usr/lib/python3.6/site-packages/urllib3/util/wait.py
   ...100%
Inspected 237180 files
   423 files did not match
Verify successful

In this case, Python* packages that were installed on top of the default install were flagged as mismatched. swupd can be directed to ignore or fix issues based on command line options.

swupd can correct any issues it detects. Additional directives can be added including a white list of directories to be ignored.

The following command repairs issues, removes unknown items, and ignores files or directories matching /usr/lib/python:

sudo swupd repair --picky --picky-whitelist=/usr/lib/python

Quick reference

swupd info

Returns the currently installed version and update servers.

swupd update <version number>

Updates to a specific version or updates to latest version if no arguments are used.

swupd bundle-list [–all]

Lists installed bundles.

swupd bundle <search term>

Finds a bundle that contains your search term.

swupd bundle-add <bundle name>

Adds a bundle.

swupd bundle-remove <bundle name>

Removes a bundle.

swupd –help

Lists additional swupd commands.

man swupd

Opens the swupd man page.

Refer to swupd source documentation on GitHub for more details.

https://docs.01.org/clearlinux/latest/guides/clear/swupd.html?highlight=update%20command

© 著作权归作者所有

下一篇: longson GNOME input
chipo
粉丝 11
博文 105
码字总数 51131
作品 0
天津
私信 提问
主打安全性和兼容性,英特尔正开发新的 Linux 发行版

英特尔公司软件与服务事业部(SSG)副总裁、开源技术中心总经理 Imad Sousou 近日发布了一篇名为“致业界的一封信”的文章,主要内容是宣布英特尔开发安全关键(Safety Critical)Linux 发行版...

王练
2018/08/31
2.3K
3
Linux应用可通过USB访问Android设备-Chrome OS 75版发布

对于大多数Chromebook设备,Chrome OS 75已升级为稳定版本,版本为75.0.3770.102(平台版本:12105.75.0)。此版本引入了一项新的家长控制功能,可让家长限制孩子在Chrome操作系统设备上花费...

linux-tao
07/22
29
0
英特尔修复 Linux CPU 漏洞:19 年前的奔腾3也支持

Intel CPU 处理器曝出的 Spectre、Meltdown 漏洞事件闹得沸沸扬扬,但其实英特尔早就在进行修复了,CEO 柯再奇也公开承诺会在月底前完成所有漏洞修复工作。 现在,英特尔发布了面向 Linux 系...

局长
2018/01/11
2.1K
20
CityEngine系统支持以及软硬件要求

1 支持的操作系统 支持的操作系统 最低版本 最高版本 Linux x86 (64位) - - Mac OS X 10.5 (Leopard) (64位), intel处理器 - - Mac OS X 10.6 (Snow Leopard) (64 )位, intel处理器 - - Wind...

长平狐
2012/11/28
1K
0
解密 ACRN:一个专为物联网而设计的 Hypervisor

ACRN 是一个灵活的、轻量级的 hypervisor,以实时性和安全性为设计出发点。 本文由 Linux 基金会撰写,其中部分内容由英特尔开源中心首席工程师 Eddie Dong 提供。 随着物联网规模呈指数级增...

43%
2018/06/19
0
0

没有更多内容

加载失败,请刷新页面

加载更多

02.日志系统:一条SQL更新语句是如何执行的?

我们还是从一个表的一条更新语句说起,我们创建下面一张表: create table T(ID int primary key, c int); 如果要将ID=2这一行c的值加1,SQL可以这么写: update T set c=c+1 where ID=2; 前...

scgaopan
今天
7
0
【五分钟系列】掌握vscode调试技巧

调试前端js 准备一个前端项目 index.html <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1......

aoping
今天
6
0
PhotoShop 高级应用:USM锐化/S锐化/防抖

、 高反差锐化+混合模式:叠加模式 【将更多的边缘细节添加到图像中】

东方墨天
今天
7
0
Python数据可视化之matplotlib

常用模块导入 import numpy as npimport matplotlibimport matplotlib.mlab as mlabimport matplotlib.pyplot as pltimport matplotlib.font_manager as fmfrom mpl_toolkits.mplot3d i......

松鼠大帝
昨天
5
0
我用Bash编写了一个扫雷游戏

我在编程教学方面不是专家,但当我想更好掌握某一样东西时,会试着找出让自己乐在其中的方法。比方说,当我想在 shell 编程方面更进一步时,我决定用 Bash 编写一个扫雷游戏来加以练习。 我在...

老孟的Linux私房菜
昨天
11
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部