-
Overview
-
redpesk OS releases
-
Security updates
-
Application Framework Manager
-
Application Framework Binder
-
APIs & Services
-
Security manager
-
Trusted Boot
-
Recovery features
-
redpak
-
Minimal image
- Reduce image size
- Optimizing boot time
-
kernel fragments description
- Introduction to Linux Kernel Configuration
- 01 Disable IPC, Timers and Audit
- 02 Disable Kconfig, Scheduler and Initrd
- 03 Disable Perf, Profiling and Errata
- 04 Disable EFI, Power Management Debug and Energy Model
- 05 Disable Schedutil, CPUFreq Governors and Virtualization
- 06 Disable Kprobes and Jump Labels
- 07 Disable GCC Plugins and Function Alignment
- 08 Disable Partition Parsers
- 09 Enable Inline Spinlocks and Kernel Operations
- 10 Disable Swap, Memory Hotplug and KSM
- 11 Disable Networking IPv4, IPv6, Netfilter
- 12 Disable SCTP, VLAN, TIPC, BATMAN
- 13 Disable Wireless, Bluetooth, CAN and RFKILL
- 14 Disable PCI and Firmware
- 15 Disable GNSS and ProcEvents
- 16 Disable Block Storage NBD and AoE
- 17 Disable EEPROM and Misc Drivers
- 18 Disable Network Device Drivers
- 19 Disable PHY Drivers
- 20 Disable PPP, WLAN Coexistence, and Failover
- 21 Disable Input Devices
- 22 Disable Serial, TTY and TPM
- 23 Disable I2C, Power and Sensor Drivers
- 24 Disable MFD, Display and Media Drivers
- 25 Disable USB, Sound, RTC and VirtIO
- 26 Disable Filesystem Encodings and Compatibility
- 27 Enable Minimal Cryptographic Core with SHA3 and XTS
- 28 Disable Hardware Cryptography, Keep DRBG and Jitter Entropy
- 29 Disable Kernel Debugging Features
- 30 Disable Filesystem Verity and SecurityFS
-
Zephyr in Redpesk
-
Mender redpesk (OTA)
-
Hardware support
- Download images
- Image metrics
- Trusted Boot
- Boards - ARM64
- Boards - x86_64
- Boards - Virtual
- Miscs
Installation within redpesk for dnf, RPM and redpak
Runtime installation
Installation for the framework is made during normal installation using dnf.
When installing or uninstalling:
-
use
dnf
orrpm
(possibly as simple user within rednode) -
the RPM plugin for redpesk checks and detects if the (un)installed package is integrated in the framework (it detects files
config.xml
or.rpconfig/manifest.yml
) -
if it is a package managed by the framework, the RPM plugin for redpesk contacts the daemon afmpkg-installerd (service afmpkg-installer)
-
afmpkg-installerd
scan the manifest files in order to set or remove service files, permissions and security items -
afmpkg-installerd
contactssec-lsm-manager
to setup security items and permissions
Before calling rpm
or dnf
, the following environment variables
can be set. They will be passed to afmpkg-installerd
:
-
AFMPKG_REDPAKID: this is transmitted to configuration setup in order to correctly set the services
-
AFMPKG_TRANSID: this identifies the transaction. Set it if you want to get a real (un)installation status using
afmpkg-status
.
Buildtime installation
When installation occurs during image construction, there is no framework that can be contacted by network.
This issue is not resolved at the moment, so installation must occur at first boot.