Dylan Aïssi
December 05, 2024
Reading time:
Apertis is a collaborative OS platform that includes an operating system, but also tools and cloud services to optimize development and increase reliability. Targeting industrial embedded devices, Apertis is used, for instance, in the Atari VCS game console and in the Bosch D-tect 200 wall/floor scanner. These are just a few examples among many other products. Thus, earlier this year, Apertis v2024 was released with its new features.
Apertis v2024 has been a big milestone since this is the first Apertis release based on Debian Bookworm instead of Debian Bullseye as the latest previous releases. This is the most visible change for the user since it refreshes all available package versions. The Debian release notes) provide additional information about the new package versions. Furthermore, Apertis v2024 comes with a Linux kernel based on the most recent LTS 6.6 branch rather than 6.1 as shipped with Bookworm, as defined in our release flow policy. This new Apertis release will be supported until the end of 2025. Moreover as described in the Apertis release policy, the v2024 stream will get 7-point releases (one every quarter) during its lifecycle. A point release includes the fixes for the latest security issues and high priority bugs.
Apertis is an Operating System for the x86-64
, arm64
, and arm32
architectures based on Debian. Most of the software it provides comes from the official Debian repositories, inheriting from Debian the guarantees of quality and compliance, integrated, tested, and regularly released to best address the needs of industrial use-cases.
Apertis relies on the Debian Free Software Guidelines to ensure all software shipped is open source or, in limited cases, at least freely distributable. However, for some customers this is not enough to be able to adopt OSS solutions as in their evaluations some provisions in common licenses like the GPL-3 are at odds with regulatory constraints they are subject to. Apertis does not set to solve this decades-long debate, and instead its goal is to increase the adoption of modern, maintained OSS solutions in markets where this has historically been a challenge. To enable this, Apertis supports avoiding the use of any software under some licenses (like the GPL v3.0 license family) on target images, while still making them fully available for development and for customers that do not share those licensing concerns. To avoid these licenses, Apertis uses more modern alternatives instead of relying on outdated and unmaintained pre-GPL-3 versions. For instance, coreutils
and findutils
(GPL-3+) are replaced in Apertis by rust-coreutils and rust-findutils. Another well known example is GnuPG (GPL-3+) which is replaced by Sequoia-PGP components (GPL-2+ and LGPL-2+).
To build the distribution, Apertis also defines a CI-based collaboration workflow built on top of a well-integrated set of cloud services:
All packages, images, recipes, and tools are available in Git repositories and are built using GitLab CI pipelines. For instance, the pipeline responsible for building packages and pulling updates from Debian is defined in the ci-package-builder project and re-used by all the 5000+ source packages shipped in Apertis. The GitLab pipelines pack the contents of each git repository into a source package, using OCI containers to ensure the correct source build dependencies are specified and used. This enables enhanced debugging and build repeatability, as an identical build environment can easily be reproduced. Source packages are uploaded to OBS for building binary packages, which are then made available through APT repositories.
A useful feature of Apertis is the generation of various SBOM (Software Bill of Materials) reports for different purposes, as defined on the Apertis platform description page. The first report lists licenses of all source files used to build an image for legal purposes. This report also comes in a user-friendly format generated by the OSS Review Toolkit. From a security perspective, another report lists all packages with their version installed in an image to help identify CVE vulnerabilities.
Another advantage of Apertis is its intensive automatic testing. Apertis images are built with the latest development changes daily for all supported architectures and for each supported release stream. Once images are built, they are tested through Collabora's LAVA farm on the supported hardware targets as defined in the Apertis test strategy. All results are then reported in the QA report, allowing regressions or bugs in packages and images to be quickly detected.
An additional useful feature for developers is the ability to define package integration tests on merge requests, which can be executed early in the workflow as soon as a package change is proposed for inclusion. This optional feature allows developers to define an environment (image types, dependencies, etc) and commands to be executed for testing. The pipeline builds a new temporary package version with the proposed change, installs the produced binaries on an Apertis image, and performs integration tests on boards from the LAVA farm. This allows changes that introduce regressions to be blocked before they land in repositories.
For additional information, www.apertis.org contains a comprehensive description of Apertis and its architecture, concept designs, and policies. The website also provides useful guidelines on how to use and contribute to Apertis. Some talks given by members of the Apertis community are also available.
Since working with different container technologies provides extra flexibility to build products, Apertis added support for Podman to run OCI containers. Podman integrates nicer than Docker, for instance it allows regular users to run containers without needing to have root privileges or to interact with an orchestrating daemon. During this work, special care has been taken to ensure that this package and its dependencies match the Apertis license expectations.
In order to facilitate the use of Apertis in projects using machine learning, the cross-platform inference and training machine learning accelerator ONNX Runtime is now available in the Apertis package repositories. Currently, only the inference part is enabled; the training part will follow later.
ONNX Runtime inference can enable faster customer experiences and lower costs, supporting models from deep learning frameworks such as PyTorch and TensorFlow/Keras as well as classical machine learning libraries such as scikit-learn, LightGBM, XGBoost, etc. ONNX Runtime is compatible with different hardware, drivers, and operating systems and provides optimal performance by leveraging hardware accelerators where applicable alongside graph optimizations and transforms. ONNX Runtime training can accelerate the model training time on multi-node NVIDIA GPUs for transformer models with a one-line addition for existing PyTorch training scripts.
The onnxruntime package has also been contributed to Debian since it was a long-standing request from the community.
Apertis' support of OP-TEE (a Trusted Execution Environment
isolated from the main system) has been improved with the integration of optee-os (OP-TEE Trusted OS), optee-client (OP-TEE Client API), and optee-test (OP-TEE Test suite). OP-TEE OS has been enabled for TI SK-AM62x and QEMU ARMv8.
Both packages optee-os and optee-test also have been contributed to Debian.
Initial support for the TI SK-AM62 board has been added to Apertis v2024 with dedicated images.
The Apertis website now also provides a guide to add support for your own hardware. The How to Build an Image for Custom Hardware guide uses the Orange Pi Zero2 as an example to build an Apertis image. All steps from tweaking the packages arm-trusted-firmware
, u-boot
, and linux
to customizing the image recipe are described.
This new release includes an Apertis-specific profile for dpkg (Debian package management system) to enable additional compiler warnings. The use of these warnings can help to spot potential security issues in the packages being built, improving the quality of the system.
Automatic testing is an essential element in guaranteeing quality in Apertis as described in the Apertis test strategy, which is why continuous improvements keep being made and this release is no exception.
To ensure the quality of Apertis releases, we have implemented many automatic tests whose results are reported in the QA Report. During this development cycle, many improvements have been made, and the most important are listed below.
Apertis images are available on the Apertis.org download page. This page offers images for supported boards, but also an SDK image for use with VirtualBox. Alternatively, the Raspberry Pi Imager can be used to install Apertis on your Raspberry Pi 4.
If you are interested in Apertis for one of your products, don't hesitate to contact the Apertis community or the Apertis team directly at contact@apertis.org. We would be delighted to help you tailor Apertis to your needs.
See you early next year for the Apertis v2025 stream!
07/01/2025
A testament to its long standing community interest and devote volunteers, FOSDEM will be celebrating its 25th anniversary this year. Join…
20/12/2024
The Rockchip RK3588 upstream support has progressed a lot over the last few years. As 2024 comes to a close, it is a great time to have…
09/12/2024
Collabora will be at NeurIPs this week to dive into the latest academic findings in machine learning and research advancements that are…
Comments (0)
Add a Comment