We're hiring!
*

Apertis v2024: the new Bookworm-based release for industrial embedded devices

Dylan Aïssi avatar

Dylan Aïssi
December 05, 2024

Share this post:

Reading time:

Apertis is a collaborative OS platform that includes an operating system, but also tools and cloud services to optimize development and increase reliability. Targeting industrial embedded devices, Apertis is used, for instance, in the Atari VCS game console and in the Bosch D-tect 200 wall/floor scanner. These are just a few examples among many other products. Thus, earlier this year, Apertis v2024 was released with its new features.

Apertis v2024 has been a big milestone since this is the first Apertis release based on Debian Bookworm instead of Debian Bullseye as the latest previous releases. This is the most visible change for the user since it refreshes all available package versions. The Debian release notes) provide additional information about the new package versions. Furthermore, Apertis v2024 comes with a Linux kernel based on the most recent LTS 6.6 branch rather than 6.1 as shipped with Bookworm, as defined in our release flow policy. This new Apertis release will be supported until the end of 2025. Moreover as described in the Apertis release policy, the v2024 stream will get 7-point releases (one every quarter) during its lifecycle. A point release includes the fixes for the latest security issues and high priority bugs.

What is Apertis?

Apertis is an Operating System for the x86-64, arm64, and arm32 architectures based on Debian. Most of the software it provides comes from the official Debian repositories, inheriting from Debian the guarantees of quality and compliance, integrated, tested, and regularly released to best address the needs of industrial use-cases.

Apertis relies on the Debian Free Software Guidelines to ensure all software shipped is open source or, in limited cases, at least freely distributable. However, for some customers this is not enough to be able to adopt OSS solutions as in their evaluations some provisions in common licenses like the GPL-3 are at odds with regulatory constraints they are subject to. Apertis does not set to solve this decades-long debate, and instead its goal is to increase the adoption of modern, maintained OSS solutions in markets where this has historically been a challenge. To enable this, Apertis supports avoiding the use of any software under some licenses (like the GPL v3.0 license family) on target images, while still making them fully available for development and for customers that do not share those licensing concerns. To avoid these licenses, Apertis uses more modern alternatives instead of relying on outdated and unmaintained pre-GPL-3 versions. For instance, coreutils and findutils (GPL-3+) are replaced in Apertis by rust-coreutils and rust-findutils. Another well known example is GnuPG (GPL-3+) which is replaced by Sequoia-PGP components (GPL-2+ and LGPL-2+).

To build the distribution, Apertis also defines a CI-based collaboration workflow built on top of a well-integrated set of cloud services:

  • GitLab (see the Apertis instance) to develop packages and images and to orchestrate the whole CI process
  • Open Build Service for package building
  • aptly to manage the APT repositories for package distribution
  • LAVA for continuous automated testing of images on the supported hardware targets

All packages, images, recipes, and tools are available in Git repositories and are built using GitLab CI pipelines. For instance, the pipeline responsible for building packages and pulling updates from Debian is defined in the ci-package-builder project and re-used by all the 5000+ source packages shipped in Apertis. The GitLab pipelines pack the contents of each git repository into a source package, using OCI containers to ensure the correct source build dependencies are specified and used. This enables enhanced debugging and build repeatability, as an identical build environment can easily be reproduced. Source packages are uploaded to OBS for building binary packages, which are then made available through APT repositories.


A useful feature of Apertis is the generation of various SBOM (Software Bill of Materials) reports for different purposes, as defined on the Apertis platform description page. The first report lists licenses of all source files used to build an image for legal purposes. This report also comes in a user-friendly format generated by the OSS Review Toolkit. From a security perspective, another report lists all packages with their version installed in an image to help identify CVE vulnerabilities.

Another advantage of Apertis is its intensive automatic testing. Apertis images are built with the latest development changes daily for all supported architectures and for each supported release stream. Once images are built, they are tested through Collabora's LAVA farm on the supported hardware targets as defined in the Apertis test strategy. All results are then reported in the QA report, allowing regressions or bugs in packages and images to be quickly detected.

An additional useful feature for developers is the ability to define package integration tests on merge requests, which can be executed early in the workflow as soon as a package change is proposed for inclusion. This optional feature allows developers to define an environment (image types, dependencies, etc) and commands to be executed for testing. The pipeline builds a new temporary package version with the proposed change, installs the produced binaries on an Apertis image, and performs integration tests on boards from the LAVA farm. This allows changes that introduce regressions to be blocked before they land in repositories.

For additional information, www.apertis.org contains a comprehensive description of Apertis and its architecture, concept designs, and policies. The website also provides useful guidelines on how to use and contribute to Apertis. Some talks given by members of the Apertis community are also available.

New features in Apertis v2024

Support for Podman

Since working with different container technologies provides extra flexibility to build products, Apertis added support for Podman to run OCI containers. Podman integrates nicer than Docker, for instance it allows regular users to run containers without needing to have root privileges or to interact with an orchestrating daemon. During this work, special care has been taken to ensure that this package and its dependencies match the Apertis license expectations.

Support for ONNX Runtime

In order to facilitate the use of Apertis in projects using machine learning, the cross-platform inference and training machine learning accelerator ONNX Runtime is now available in the Apertis package repositories. Currently, only the inference part is enabled; the training part will follow later.

ONNX Runtime inference can enable faster customer experiences and lower costs, supporting models from deep learning frameworks such as PyTorch and TensorFlow/Keras as well as classical machine learning libraries such as scikit-learn, LightGBM, XGBoost, etc. ONNX Runtime is compatible with different hardware, drivers, and operating systems and provides optimal performance by leveraging hardware accelerators where applicable alongside graph optimizations and transforms. ONNX Runtime training can accelerate the model training time on multi-node NVIDIA GPUs for transformer models with a one-line addition for existing PyTorch training scripts.

The onnxruntime package has also been contributed to Debian since it was a long-standing request from the community.

Improve support for OP-TEE

Apertis' support of OP-TEE (a Trusted Execution Environment isolated from the main system) has been improved with the integration of optee-os (OP-TEE Trusted OS), optee-client (OP-TEE Client API), and optee-test (OP-TEE Test suite). OP-TEE OS has been enabled for TI SK-AM62x and QEMU ARMv8.

Both packages optee-os and optee-test also have been contributed to Debian.

Support for new boards

Initial support for the TI SK-AM62 board has been added to Apertis v2024 with dedicated images.

The Apertis website now also provides a guide to add support for your own hardware. The How to Build an Image for Custom Hardware guide uses the Orange Pi Zero2 as an example to build an Apertis image. All steps from tweaking the packages arm-trusted-firmware, u-boot, and linux to customizing the image recipe are described.

Additional compiler warnings enabled by default

This new release includes an Apertis-specific profile for dpkg (Debian package management system) to enable additional compiler warnings. The use of these warnings can help to spot potential security issues in the packages being built, improving the quality of the system.

Improvements in Build and Integration processes

Images generation

  • Support for image change history: Apertis now provides Change History Generator, a tool that generates a changelog between images. Thanks to this tool, as part of daily builds, a changelog is created which helps developers to track changes across different images.

  • Include user friendly SBOM license reports for target images: As part of the evolution of Apertis, a new set of reports based on OSS Review Toolkit are included for every target image. These reports are human-friendly, allowing an easy review of the licenses used by Apertis images.

  • Include SBOM security reports: Following the idea of providing more Software Build of Materials (SBOM) resources, Apertis now provides a report for the build dependencies of every package in the target images, including its version. This information helps to easily track CVEs that might potentially affect Apertis packages.

  • Improved SBOM license report: Continuing with the work of improving the SBOM for licensing, now the report includes license and copyright information for non-binary files, such as scripts and configuration. With this new enhancement, Apertis' SBOM provides more accurate information about licensing for the standard images. The whole process of generating this report is described in the [Automated License Compliance](https://www.apertis.org/concepts/automated-license-compliance/) document.

Automatic testing

Automatic testing is an essential element in guaranteeing quality in Apertis as described in the Apertis test strategy, which is why continuous improvements keep being made and this release is no exception.

  • Support for package integration testing on Merge Requests: This release includes a new way for developers to include tests to run on a Merge Request. The package testing in LAVA allows writing tests as part of the standard packaging metadata, which our GitLab infrastructure uses to run LAVA tests. This ensures the proposed changes do not introduce any kind of regression on the supported hardware.

  • Test on Merge Requests configuration: Running tests on Merge Requests has shown to be a key new feature in Apertis, allowing both developers and maintainers to ensure the sanity of the changes before they land. Following this idea, different types of tests are available, such as package-centric, integration, and bootstrap tests. To improve readability and avoid misunderstandings, the configuration settings were adapted, becoming more natural.

  • Test on Merge Requests for Linux: Continuing with the trend of adding tests on Merge Requests, a set of custom tests have been implemented for the Linux kernel. As this is a very special package and one that is often taken from sources outside of the Debian repositories, additional checks are now performed to ensure that changes proposed by developers don't cause regression, which simplifies the review and test process.

QA Report

To ensure the quality of Apertis releases, we have implemented many automatic tests whose results are reported in the QA Report. During this development cycle, many improvements have been made, and the most important are listed below.

  • Improved QA Report App support for weekly images: Weekly Apertis images are tested with both automated and manual test cases as part of the QA process. The results from these tests are submitted to the QA Report and can now be easily seen on the main page, which provides a separate section for each type of image: releases, weeklies, and dailies.

  • Support for more fine-grained access roles in QA Report: With the goal of providing better access control to the QA Report App, now three different roles are defined to allow performing the following actions: view results, submit manual test results, and tag images. These changes should allow teams to better split responsibilities by only allowing the necessary access to specific users/groups.

  • Improve aptly integration and performance: After switching to aptly as the publisher for Apertis packages, several improvements have been made to the integration with OBS as well as the performance during publishing. As a result, the overhead in the process of creating and managing APT repositories has been dramatically reduced, both in the manual effort required and infrastructure resources used. For more information, see aptly-rest-tools.

Give it a try!

Apertis images are available on the Apertis.org download page. This page offers images for supported boards, but also an SDK image for use with VirtualBox. Alternatively, the Raspberry Pi Imager can be used to install Apertis on your Raspberry Pi 4.

If you are interested in Apertis for one of your products, don't hesitate to contact the Apertis community or the Apertis team directly at contact@apertis.org. We would be delighted to help you tailor Apertis to your needs.

See you early next year for the Apertis v2025 stream!

 

Comments (0)


Add a Comment






Allowed tags: <b><i><br>Add a new comment:


 

Search the newsroom

Latest News & Events

5 talks for FOSDEM 2025: BlueZ, GStreamer, Open Source AI models & more!

07/01/2025

A testament to its long standing community interest and devote volunteers, FOSDEM will be celebrating its 25th anniversary this year. Join…

Upstream support for Rockchip's RK3588: Progress and future plans

20/12/2024

The Rockchip RK3588 upstream support has progressed a lot over the last few years. As 2024 comes to a close, it is a great time to have…

Academically inclining at NeurIPS 2024

09/12/2024

Collabora will be at NeurIPs this week to dive into the latest academic findings in machine learning and research advancements that are…

Open Since 2005 logo

Our website only uses a strictly necessary session cookie provided by our CMS system. To find out more please follow this link.

Collabora Limited © 2005-2025. All rights reserved. Privacy Notice. Sitemap.