From 10fb0f427044122a345ab9c56ba3b0f07cb94ae6 Mon Sep 17 00:00:00 2001 From: hemiao Date: Wed, 2 Jul 2025 10:39:27 +0800 Subject: [PATCH 1/4] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E8=80=81pr?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../installation/installation_preparations.md | 8 ++++---- docs/zh/embedded/uniproton/overview.md | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/en/server/installation_upgrade/installation/installation_preparations.md b/docs/en/server/installation_upgrade/installation/installation_preparations.md index c251a394..7e3e10fe 100644 --- a/docs/en/server/installation_upgrade/installation/installation_preparations.md +++ b/docs/en/server/installation_upgrade/installation/installation_preparations.md @@ -63,9 +63,9 @@ To verify the file integrity, perform the following operations: If the verification values are consistent, the .iso file is not damaged. If they are inconsistent, you can confirm that the file is damaged and you need to obtain the file again. -## Installation Requirements for PMs +## Installation Requirements for Physical Machines (PMs) -To install the openEuler OS on a PM, the PM must meet the following requirements. +To install the openEuler OS on a PM, the PM must meet the following hardware compatibility and minimum hardware requirements. ### Hardware Compatibility @@ -96,9 +96,9 @@ You need to take hardware compatibility into account during openEuler installati | Memory | ≥ 4 GB (8 GB or higher recommended for better user experience) | | Hard disk | ≥ 32 GB (120 GB or higher recommended for better user experience) | -## Installation Requirements for VMs +## Installation Requirements for Virtual Machines (VMs) -To install the openEuler OS on a VM, the VM must meet the following requirements. +To install the FusionOS on a VM, the VM must meet the following hardware compatibility and minimum hardware requirements. ### Virtualization Platform Compatibility diff --git a/docs/zh/embedded/uniproton/overview.md b/docs/zh/embedded/uniproton/overview.md index 84d252fa..0ce6326a 100644 --- a/docs/zh/embedded/uniproton/overview.md +++ b/docs/zh/embedded/uniproton/overview.md @@ -8,4 +8,4 @@ UniProton是基于openEuler社区面向嵌入式场景的操作系统,旨在 ## 编译教程 -相关编译教程,可参考:。 +相关编译教程,可参考:[https://gitee.com/openeuler/UniProton/blob/master/doc/demo_guide/UniProton_build.md](https://gitee.com/openeuler/UniProton/blob/master/doc/demo_guide/UniProton_build.md/)。 -- Gitee From 139d13d4691af24cff92914c669fd9f4ff9fc5da Mon Sep 17 00:00:00 2001 From: hemiao Date: Wed, 2 Jul 2025 11:17:19 +0800 Subject: [PATCH 2/4] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E8=80=81pr?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../oeaware/oeaware_user_guide.md | 2 +- .../administrator/service_management.md | 2 +- .../sysboost/getting_to_know_sysboost.md | 4 +-- .../oeaware/oeaware_user_guide.md | 2 +- .../releasenotes/os_installation.md | 4 +-- .../shangmi/file_integrity_protection.md | 33 ++++++++++++++++--- 6 files changed, 35 insertions(+), 12 deletions(-) diff --git a/docs/en/server/performance/tuning_framework/oeaware/oeaware_user_guide.md b/docs/en/server/performance/tuning_framework/oeaware/oeaware_user_guide.md index 1373e1b4..45d128a3 100644 --- a/docs/en/server/performance/tuning_framework/oeaware/oeaware_user_guide.md +++ b/docs/en/server/performance/tuning_framework/oeaware/oeaware_user_guide.md @@ -24,7 +24,7 @@ Before running an instance, ensure that the dependency between the instances is ## Installation -Configure the openEuler Yum repository and run the `yum` commands to install oeAware. on openEuler 22.03 LTS SP4, oeAware has been installed by default. +Configure the openEuler Yum repository and run the `yum` commands to install oeAware. on openEuler 24.03 LTS SP1, oeAware has been installed by default. ```shell yum install oeAware-manager diff --git a/docs/zh/server/administration/administrator/service_management.md b/docs/zh/server/administration/administrator/service_management.md index 878d03eb..3a1f92e7 100644 --- a/docs/zh/server/administration/administrator/service_management.md +++ b/docs/zh/server/administration/administrator/service_management.md @@ -153,7 +153,7 @@ systemd可以提供按需启动的能力,只有在某个服务被真正请求 init系统的一个重要职责就是负责跟踪和管理服务进程的生命周期。它不仅可以启动一个服务,也能够停止服务。这看上去没有什么特别的,然而在真正用代码实现的时候,您或许会发现停止服务比一开始想的要困难。 -服务进程一般都会作为守护进程(daemon)在后台运行,为此服务程序有时候会派生(fork)两次。在UpStart中,需要在配置文件中正确地配置expect小节。这样UpStart通过对fork系统调用进行计数,从而获知真正的精灵进程的PID号。 +服务进程一般都会作为守护进程(daemon)在后台运行,为此服务程序有时候会派生(fork)两次。在UpStart中,需要在配置文件中正确地配置expect小节。这样UpStart通过对fork系统调用进行计数,从而获知真正的运行进程的PID号。 cgroup已经出现了很久,它主要用来实现系统资源配额管理。cgroup提供了类似文件系统的接口,使用方便。当进程创建子进程时,子进程会继承父进程的cgroup。因此无论服务如何启动新的子进程,所有的这些相关进程都会属于同一个cgroup,systemd只需要简单地遍历指定的cgroup即可正确地找到所有的相关进程,将它们逐一停止即可。 diff --git a/docs/zh/server/performance/cpu_optimization/sysboost/getting_to_know_sysboost.md b/docs/zh/server/performance/cpu_optimization/sysboost/getting_to_know_sysboost.md index 81fff106..fc6988b9 100644 --- a/docs/zh/server/performance/cpu_optimization/sysboost/getting_to_know_sysboost.md +++ b/docs/zh/server/performance/cpu_optimization/sysboost/getting_to_know_sysboost.md @@ -34,9 +34,9 @@ - 支持全静态合并场景:将应用与其依赖的动态库合并为一个二进制,并进行段级别的重排,将多个离散的代码段/数据段合并为一个,提升应用性能。 -- 自动对系统中的二进制进行优化:sysBoost守护进程读取配置文件获取需要优化的二进制以及对应的优化方式,按照用户的要求进行优化,并将优化好的二进制存储在.rto后缀的文件中。 +- 自动对系统中的二进制进行优化:sysBoost守护进程通过读取配置文件来获取需要优化的二进制以及对应的优化方式,按照用户的要求进行优化,并将优化好的二进制存储在.rto后缀的文件中。 -- 二进制代码段/数据段大页预加载:用户态页表映射物理内存时,使用大页(2M)映射可以提升性能,而当前openeuler不支持文件页的大页映射。sysBoost提供大页预加载的功能,在二进制优化完成后立即将其内容以大页形式加载到内核中,在应用启动时将预加载的内容批量映射到用户态页表,减少应用的缺页中断和访存延迟,提升启动速度和运行效率。 +- 二进制代码段/数据段大页预加载:用户态页表映射物理内存时,使用大页(2M)映射可以提升性能,而当前openeuler不支持文件页的大页映射。sysBoost提供大页预加载的功能,在二进制优化完成后立即将其内容以大页的形式加载到内核中,在应用启动时将预加载的内容批量映射到用户态页表,减少应用的缺页中断和访存延迟,提升启动速度和运行效率。 - 二进制异常监控:如果sysBoost生成的.rto二进制出现BUG,应用可能会crash。为了避免应用被反复拉起,反复crash等严重后果,防止故障扩散,sysBoost会对加载.rto二进制的进程进行监控。如果发现这样的进程发生了crash,sysBoost会回退优化,将该.rto文件和原应用文件的标记删除;同时也会将配置文件重命名,防止下次sysBoost服务重启后再次进行优化。 diff --git a/docs/zh/server/performance/tuning_framework/oeaware/oeaware_user_guide.md b/docs/zh/server/performance/tuning_framework/oeaware/oeaware_user_guide.md index 92bedd34..0ecf0f4b 100644 --- a/docs/zh/server/performance/tuning_framework/oeaware/oeaware_user_guide.md +++ b/docs/zh/server/performance/tuning_framework/oeaware/oeaware_user_guide.md @@ -6,7 +6,7 @@ oeAware是在openEuler上实现低负载采集感知调优的框架,目标是 ## 安装 -配置openEuler的yum源,使用yum命令安装。在openEuler-22.03-LTS-SP4版本中会默认安装。 +配置openEuler的yum源,使用yum命令安装。在openEuler-24.03-LTS-SP1版本中会默认安装。 ```shell yum install oeAware-manager diff --git a/docs/zh/server/releasenotes/releasenotes/os_installation.md b/docs/zh/server/releasenotes/releasenotes/os_installation.md index 92ee01d8..9c03db44 100644 --- a/docs/zh/server/releasenotes/releasenotes/os_installation.md +++ b/docs/zh/server/releasenotes/releasenotes/os_installation.md @@ -59,12 +59,12 @@ openEuler发布件包括[ISO发布包](https://www.openeuler.org/zh/download/arc

x86_64架构的边缘ISO,包含了运行最小系统的核心组件

-

openEuler-24.03-LTS-SP1-Desktop-aarch64-dvd.iso

+

openEuler-24.03-LTS-SP1-DevStation-aarch64-dvd.iso

AArch64架构的开发者桌面ISO,包含了运行开发桌面的最小软件集合

-

openEuler-24.03-LTS-SP1-Desktop-x86_64-dvd.iso

+

openEuler-24.03-LTS-SP1-DevStation-x86_64-dvd.iso

x86_64架构的开发者桌面ISO,包含了运行开发桌面的最小软件集合

diff --git a/docs/zh/server/security/shangmi/file_integrity_protection.md b/docs/zh/server/security/shangmi/file_integrity_protection.md index ba5628ed..8dbec60d 100644 --- a/docs/zh/server/security/shangmi/file_integrity_protection.md +++ b/docs/zh/server/security/shangmi/file_integrity_protection.md @@ -12,7 +12,7 @@ IMA全称Integrity Measurement Architecture,是Linux内核提供的强制访 3. 生成IMA校验证书(仅评估模式涉及): - ``` + ```sh # 生成证书配置文件(配置文件其他字段可按需定义) echo 'subjectKeyIdentifier=hash' > ima.cfg echo 'authorityKeyIdentifier=keyid,issuer' >> ima.cfg @@ -25,16 +25,39 @@ IMA全称Integrity Measurement Architecture,是Linux内核提供的强制访 # openssl x509 -req -days 3650 -extfile ima.cfg -signkey ima.key -in ima.csr -out ima.crt ``` -4. 将根证书放置到内核源码目录,并修改内核编译选项CONFIG_SYSTEM_TRUSTED_KEYS,将指定证书编译到内核TRUSTED密钥中(仅评估模式涉及): +4. 生成IMA二级证书: + + **创建证书配置文件** + + echo 'subjectKeyIdentifier=hash' > ima.cfg + echo 'authorityKeyIdentifier=keyid,issuer' >> ima.cfg + + **生成私钥** + + openssl ecparam -genkey -name SM2 -out ima.key + + **生成签名请求** + + openssl req -new -sm3 -key ima.key -out ima.csr + + **基于一级证书生成二级证书** + + openssl x509 -req -sm3 -CAcreateserial -CA ca.crt -CAkey ca.key -extfile ima.cfg -in ima.csr -out ima.crt + + **转换为DER格式** + + openssl x509 -outform DER -in ima.crt -out x509_ima.der0 + +5. 将根证书放置到内核源码目录,并修改内核编译选项CONFIG_SYSTEM_TRUSTED_KEYS,将指定证书编译到内核TRUSTED密钥中(仅评估模式涉及): ```sh # cp /path/to/ima.crt . - # make openeuler_defconfig - # cat .config | grep CONFIG_SYSTEM_TRUSTED_KEYS + $ make openeuler_defconfig + $ cat .config | grep CONFIG_SYSTEM_TRUSTED_KEYS CONFIG_SYSTEM_TRUSTED_KEYS="ima.crt" ``` -5. 编译并安装内核(仅评估模式涉及): +6. 编译并安装内核(仅评估模式涉及): ```sh make -j64 -- Gitee From 152d7731aabbba4cfe7a04b211041eb017d7f8ef Mon Sep 17 00:00:00 2001 From: hemiao Date: Wed, 2 Jul 2025 14:21:23 +0800 Subject: [PATCH 3/4] =?UTF-8?q?=E4=BF=AE=E6=94=B9markdownlint?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/zh/server/security/shangmi/file_integrity_protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/zh/server/security/shangmi/file_integrity_protection.md b/docs/zh/server/security/shangmi/file_integrity_protection.md index 8dbec60d..f5530298 100644 --- a/docs/zh/server/security/shangmi/file_integrity_protection.md +++ b/docs/zh/server/security/shangmi/file_integrity_protection.md @@ -281,7 +281,7 @@ DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256+sm3 ...... ``` -3. 初始化数据库,并保存数据库作为基准: +初始化数据库,并保存数据库作为基准: 初始化数据库 -- Gitee From 9df5dd20d2c6f28e9bfe4680d9738d25c7320492 Mon Sep 17 00:00:00 2001 From: hemiao Date: Wed, 2 Jul 2025 14:41:01 +0800 Subject: [PATCH 4/4] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=A0=BC=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../shangmi/file_integrity_protection.md | 25 +++++++------------ 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/docs/zh/server/security/shangmi/file_integrity_protection.md b/docs/zh/server/security/shangmi/file_integrity_protection.md index f5530298..2ec1cf66 100644 --- a/docs/zh/server/security/shangmi/file_integrity_protection.md +++ b/docs/zh/server/security/shangmi/file_integrity_protection.md @@ -27,31 +27,24 @@ IMA全称Integrity Measurement Architecture,是Linux内核提供的强制访 4. 生成IMA二级证书: - **创建证书配置文件** - + ```sh + # 创建证书配置文件. echo 'subjectKeyIdentifier=hash' > ima.cfg echo 'authorityKeyIdentifier=keyid,issuer' >> ima.cfg - - **生成私钥** - + # 生成私钥. openssl ecparam -genkey -name SM2 -out ima.key - - **生成签名请求** - + # 生成签名请求. openssl req -new -sm3 -key ima.key -out ima.csr - - **基于一级证书生成二级证书** - + # 基于一级证书生成二级证书. openssl x509 -req -sm3 -CAcreateserial -CA ca.crt -CAkey ca.key -extfile ima.cfg -in ima.csr -out ima.crt - - **转换为DER格式** - - openssl x509 -outform DER -in ima.crt -out x509_ima.der0 + # 转换为DER格式. + openssl x509 -outform DER -in ima.crt -out x509_ima.der + ``` 5. 将根证书放置到内核源码目录,并修改内核编译选项CONFIG_SYSTEM_TRUSTED_KEYS,将指定证书编译到内核TRUSTED密钥中(仅评估模式涉及): ```sh - # cp /path/to/ima.crt . + $ cp /path/to/ima.crt . $ make openeuler_defconfig $ cat .config | grep CONFIG_SYSTEM_TRUSTED_KEYS CONFIG_SYSTEM_TRUSTED_KEYS="ima.crt" -- Gitee