From b82724875d0fff165a3c6c44ec7d19ea1562bd96 Mon Sep 17 00:00:00 2001 From: Jetoson Date: Sat, 16 Nov 2024 00:44:41 +0200 Subject: [PATCH 1/2] Added an entry for linux-meta and linux-signed --- docs/reference/glossary.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index a737e78..6e80e66 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -18,5 +18,11 @@ ABI ABI remains unchanged. linux-meta - Define linux-meta. + Refers to a set of meta-packages in Linux distributions like Ubuntu. These meta-packages + do not contain the kernel binaries or source code themselves but instead define dependencies + that point to the latest kernel packages. By installing a linux-meta package (e.g., linux-meta-generic), users can ensure they always receive the latest version of a specific kernel series through updates. + In the kernel development and Stable Release Update (SRU) lifecycle, linux-meta acts as a bridge between the release of new kernel versions and the package manager. When a new kernel version is released and marked stable, the linux-meta package is updated to reference the new version, allowing automatic upgrades. + +linux-signed + Refers to kernel packages that are cryptographically signed to ensure their integrity and authenticity. These signatures are crucial for secure boot environments, as they enable the system firmware to verify that the kernel has not been tampered with and is from a trusted source. In the kernel SRU lifecycle, linux-signed is created after the corresponding unsigned kernel (e.g., linux-image) has been built. The signing process is part of the release pipeline, ensuring compliance with secure boot requirements and enhancing security in the kernel deployment process. This package works in tandem with the linux-meta package to deliver signed kernel updates. ``` From 0fe1ffeb2f08de6fd2db15cf4b96428e166c4552 Mon Sep 17 00:00:00 2001 From: Jetoson Date: Sat, 16 Nov 2024 01:03:22 +0200 Subject: [PATCH 2/2] Added an entry for SRU --- docs/reference/glossary.md | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/docs/reference/glossary.md b/docs/reference/glossary.md index 6e80e66..f0ba241 100644 --- a/docs/reference/glossary.md +++ b/docs/reference/glossary.md @@ -18,11 +18,27 @@ ABI ABI remains unchanged. linux-meta - Refers to a set of meta-packages in Linux distributions like Ubuntu. These meta-packages - do not contain the kernel binaries or source code themselves but instead define dependencies - that point to the latest kernel packages. By installing a linux-meta package (e.g., linux-meta-generic), users can ensure they always receive the latest version of a specific kernel series through updates. - In the kernel development and Stable Release Update (SRU) lifecycle, linux-meta acts as a bridge between the release of new kernel versions and the package manager. When a new kernel version is released and marked stable, the linux-meta package is updated to reference the new version, allowing automatic upgrades. + Refers to a set of meta-packages in Linux distributions like Ubuntu. These meta-packages do not + contain the kernel binaries or source code themselves but instead define dependencies that point + to the latest kernel packages. By installing a linux-meta package (e.g. linux-generic), users can + ensure they always receive the latest version of a specific kernel series through updates. In + the kernel development and {term}`SRU` lifecycle, linux-meta acts as a bridge between the release + of new kernel versions and the package manager. When a new kernel version is releasedand marked + stable, the linux-meta package is updated to reference the new version, allowing automatic upgrades. linux-signed - Refers to kernel packages that are cryptographically signed to ensure their integrity and authenticity. These signatures are crucial for secure boot environments, as they enable the system firmware to verify that the kernel has not been tampered with and is from a trusted source. In the kernel SRU lifecycle, linux-signed is created after the corresponding unsigned kernel (e.g., linux-image) has been built. The signing process is part of the release pipeline, ensuring compliance with secure boot requirements and enhancing security in the kernel deployment process. This package works in tandem with the linux-meta package to deliver signed kernel updates. + Refers to kernel packages that are cryptographically signed to ensure their integrity and + authenticity. These signatures are crucial for secure boot environments, as they enable the + system firmware to verify that the kernel has not been tampered with and is from a trusted + source. In the kernel {term}`SRU` lifecycle, linux-signed is created after the corresponding + unsigned kernel (e.g. linux-image-unsigned-6.8.0-50-generic) has been built. The signing + process is part of the release pipeline, ensuring compliance with secure boot requirements + and enhancing security in the kernel deployment process. This package works in tandem with + the linux-meta package to deliver signed kernel updates. + +SRU + Stands for Stable Release Update, a process in distributions like Ubuntu used to provide important + updates to packages, including kernel packages, after the release of a stable version. SRUs deliver + fixes for critical bugs, security vulnerabilities, and hardware enablement while ensuring the stability + of the system. ```