From Apertis
Jump to: navigation, search


Apertis 17.06 Release

17.06 is the current stable development release of Apertis, a Debian/Ubuntu derivative distribution geared towards the creation of product-specific images for ARM (both in the 32bit ARMv7 version using the hardfloat ABI and in the 64-bit ARMv8 version) and Intel x86-64 (64-bit) systems.

This Apertis release is based on top of the Ubuntu 16.04 (Xenial) LTS release with several customization. Test results of the 17.06 release are available in the 17.06 test report.

Release downloads

Apertis 17.06 images
Intel 64-bit Intel 64 bit Minimal Image Intel 64 bit Target Image Intel 64 bit Development Image Intel 64 bit SDK Image

The minimal, target and development images are tested on the reference hardware (MinnowBoard MAX), but they can run on any UEFI-based x86-64 system. The sdk image is tested under VirtualBox.

Apertis 17.06 repositories

 $ deb https://repositories.apertis.org/apertis/ 17.06 target helper-libs development sdk hmi

New features

Application framework for headless setups

The current application framework provides several hooks for full graphical environments that are not needed on systems not connected to a display. In this cycle leaner, simpler versions of the Canterbury session manager and of the Ribchester installation manager have been factored out of their respective codebases, to address the headless use-case in the most efficient and flexible way.

As a by-product of this effort, even the full versions of Canterbury and Ribchester saw a great number of cleanups and fixes.

Apertis running in a container

The work to be able to run Apertis in a Linux container has begun in this cycle, albeit it has not been fully landed in the release. Apertis can now be set up to run under LXC with some simple instructions, using nested AppArmor profiles to constrain app bundles and a global AppArmor profile to constrain the whole container. The work to free the application framework from the dependency on Btrfs subvolumes which make it not well suited to be run in a container has been completed just after the freeze for the 17.06 release, so it will be part of the 17.09 release. Work will continue on full system upgrades in container setups and the interactions of AppArmor with user namespaces.

Sample app-bundles

Three new application bundles have been added to demonstrate how to use simple web APIs over HTTPS, how to use platform services like Newport and how to make app-bundles shipping an agent with no UI.

The first example application connects to the ifconfig.co web service to show the current public IP websites will see when you connect to them, plus some information about the country and city associated with that IP.

The second example uses the Newport D-Bus API to download two images from the Internet and continuosly cycle between them.

The third example demonstrates how to define an agent that implements a simple D-Bus API, plus a test client to exercise such API.

The SDK images now also ship repositories for all the sample app bundles with all their code, to let you start hacking immediately.


AppArmor in full enforcing mode on headless images

AppArmor protection is now completely enforced on the minimal images for headless setups. Several AppArmor profiles and abstractions have been documented, cleaned up, and fixed to reach this goal.

Some of the older and less useful abstractions have been deprecated, see the section below.

ARM64 support in development tools

An ARM64 cross-compiler is now available in the Apertis 17.06 SDK images, ready to be used with the Apertis Development Tool and the pre-generated ARM64 sysroots published on the Apertis web server, enabling full app-bundle development for ARM64 targets from the Apertis SDK.


Inter-domain communications

The focus of this release has been put on topics affecting the inter-domain communication design. In particular the design has been expanded to cover container-based setups in addition to setups based on separate boards and virtual machines, to provide more explicit provisions for domains not running Linux or not running a dbus-daemon, to clearly describe how domains can dynamically discover where services are hosted on setups with multiple Consumer Electronics domains, and how audio and video streams can be shared across the domain boundaries, in a effort to isolate the privileged domains from the attack surface of demuxers and decoders.

Deprecations and ABI/API breaks


During this release cycle we have continued to mark obsolete or problematic APIs with the ABI break tag as a way to clear technical debt in future.

All features deprecated during previous release cycles remain deprecated. Some of them are repeated here for better visibility.

T3852: Prestwood D-Bus APIs and libprestwoodiface are deprecated in favour of GVolumeMonitor
The Prestwood daemon uses UPnP and GVolumeMonitor to monitor UPnP shares and removable volumes, and offers a D-Bus API for the removable volumes, with a thin library wrapper in libprestwoodiface. This API is not really simpler for an API user than if the API user used UPnP and GVolumeMonitor directly, so we recommend removing these APIs.

T3830: Canterbury's old audio manager implementation remains deprecated
The current AudioMgr interface breaks the app-bundle confidentiality security requirement and must be changed incompatibly or replaced to resolve that. It was deprecated in 17.03, remains deprecated, and will be removed in a future Canterbury version. T3507 and T2677 track related work.

Syntactically invalid entry point IDs remain deprecated in favour of syntactically valid entry point IDs
Canterbury still accepts entry point IDs in built-in app-bundles that do not match the syntax in the app-bundle specification. This was deprecated in 17.03, remains deprecated, and will be removed in a future Canterbury version. This will require changing the current special-cases for an app-bundle named exactly Launcher so that instead they apply to an app-bundle named exactly org.apertis.Launcher, or removing those special cases altogether. T2709 is related.

Syntactically invalid bundle IDs for built-in app-bundles remain deprecated in favour of syntactically valid bundle IDs
When loading built-in app-bundles, Canterbury still accepts bundle IDs that do not match the syntax in the app-bundle specification. This was deprecated in 17.03, remains deprecated, and will be removed in a future Canterbury version. The function cby_is_bundle_id() can be used to validate bundle IDs. The syntax rules are identical to D-Bus interface names: see the Apertis Application Bundle Specification for details. T2709 is related.

T3391: Launcher.CurrentActiveMenuEntry is deprecated with no replacement
The Launcher.CurrentActiveMenuEntry property was scheduled to be removed in 17.06, but could not be removed because the Mildenhall Launcher still uses it. It remains deprecated and will be removed in a future Canterbury version.

T3358: Mildenhall widgets not listed here are subject to change and unsuitable for third-party applications
The ABI for the widgets listed below is considered stable, other widgets are to be considered obsoleted or otherwise subject to ABI breaks:

  • MildenhallBottomBar - set of buttons intended to carry some actions, for example, shuffle, play, pause, next,previous, display time, etc.
  • MildenhallButtonDrawer - combobox button
  • MildenhallButtonSpeller - speller button
  • MildenhallCabinetItem - item for MildenhallCabinetRoller
  • MildenhallCabinetRoller - file browser roller
  • MildenhallContextDrawer - menu bar
  • MildenhallDetailRoller - list item for the roller widget
  • MildenhallDrawerBase - base for drawers like MildenhallContextDrawer and MildenhallViewsDrawer
  • MildenhallInfoRoller - used to display metadata information of any given file
  • MildenhallLbsBottomBar - bottom bar for location-based applications, displays distances in km and meters
  • MildenhallLoadingBar - loading bar
  • MildenhallMapWidget - geographical map
  • MildenhallMediaOverlay - semi-transparent play/pause icon to be used in multimedia applications
  • MildenhallMetaInfoFooter - similar to MildenhallMetaInfoHeader but placed at bottom
  • MildenhallMetaInfoHeader - header with icon and text
  • MildenhallNaviDrawer - combobox button to navigate from one view to another
  • MildenhallNaviDrawer - specialized combobox for navigation
  • MildenhallOverlay - widget displaying a .png with a custom alpha value over the stage
  • MildenhallPopup - popup intended for confirmation, alert, information dialogs
  • MildenhallProgressBar - progress bar
  • MildenhallPullupRoller - like info roller but with upward animation
  • MildenhallRadioButton - radio button
  • MildenhallRatingBottomBar - rating bar
  • MildenhallRollerContainer - Container for list and roller widgets
  • MildenhallScroller - scrolling widget used in the virtual keyboard
  • MildenhallSelectionPopupItem - item for MildenhallSelectionPopup
  • MildenhallSelectionPopup - popup widget which can have multiple selection options
  • MildenhallSortRoller - roller widget that keeps items sorted
  • MildenhallSpeller - virtual keyboard
  • MildenhallSpellerMultiLineEntry, MildenhallSpellerThreeToggleEntry - support widgets for the virtual keyboard
  • MildenhallTextBoxEntry - text box widget
  • MildenhallToggleButton - toggle button
  • MildenhallViewsDrawer - combobox button
  • MildenhallWidgetContainer - container with horizaontal placing and some padding value.


Application framework

T3657 Ribchester support for GSettings-schema-based entry points removed in favour of AppStream XML and CbyComponentIndex

Ribchester had code for mounting app-bundles that are represented by GSettings schemas, which was deprecated in 17.03. This was no longer useful after Canterbury stopped reading those GSettings schemas in 17.03 (T2707). Use AppStream XML to describe application bundles, as described in the Apertis Application Bundle Specification.

T1445 /Applications/$bundle/{app-data,users} compat symlinks removed in favour of cby_get_persistence_path()
Canterbury no longer creates the /var/Applications/${bundle_id}/app-data directory, and the app-data and users symlinks in the bundle installation directory in /Applications.

Applications should use the cby_get_persistence_path() function to get the per-bundle, per-user writable data location, or rely on the freedesktop.org environment variables XDG_CACHE_HOME, XDG_CONFIG_HOME and XDG_DATA_HOME respectively for temporary data, configuration data and general data storage.

T3816: app-name and menu-entry in command-line arguments are no longer special
Canterbury previously had special handling for the command-line arguments of certain ways to launch entry points. If an argument was named exactly app-name, the next argument is replaced by the entry point ID; if an argument was named exactly menu-entry, the next argument is replaced by the display name in the form used by the Mildenhall reference UX (in all-caps with S P A C E S I N S E R T E D).

This feature was not compatible with D-Bus activation, which is not argv-based (T2700), and was unnecessary since 17.03, because entry points are now always launched with the same entry point ID and display name (having removed the special cases that would have used different values for those arguments in T3486). This rewriting behaviour was deprecated in 17.03 and removed in 17.06. Command-line arguments with those names are no longer considered special.

T2709: Entry point IDs in store app-bundles must be syntactically valid
Canterbury previously accepted entry point IDs in store app-bundles that do not match the syntax in the app-bundle specification. This was deprecated in 17.03 and removed in 17.06. The function cby_is_entry_point_id() can be used to validate entry point IDs. The syntax rules are identical to D-Bus interface names: see the Apertis Application Bundle Specification for details.

T2709: Bundle IDs in store app-bundles must be syntactically valid
In some circumstances, Canterbury previously accepted bundle IDs in store app-bundles that do not match the syntax in the app-bundle specification. This was deprecated in 17.03 and removed in 17.06. The function cby_is_bundle_id() can be used to validate bundle IDs. The syntax rules are identical to D-Bus interface names: see the Apertis Application Bundle Specification for details.

T3391: Launcher.SetCurrentCategory, Launcher.InformAppLaunchStatus, AppManager.GetGlobalSearchApps removed
These unused APIs were deprecated in 17.03, and removed from Canterbury in 17.06. Launcher.CurrentActiveMenuEntry was also scheduled for deletion, but unfortunately is still used by the Mildenhall Launcher: it remains deprecated.

T1170: AppDbHandler.LaunchNewApp() removed
This method is redundant with the higher-level API cby_entry_point_open_uri_async() introduced in 17.03, and its only known user (the Didcot content handover service) has been converted to use that mechanism. It was deprecated in 17.03 and removed in 17.06.

Canterbury SONAME change
The ABI version suffix of libcanterbury-gdbus was changed to reflect the fact that ABIs were removed. Applications that use the remaining D-Bus APIs must be recompiled against Canterbury 0.1706.x. The canterbury-0 and canterbury-platform-0 libraries are unaffected.


T3629: tunables/chaiwala/chaiwala-user AppArmor tunables removed
The tunables/chaiwala/chaiwala-user AppArmor profile snippet described a filesystem layout that has not existed for some time. It was deprecated in 17.03 and removed in 17.06.

T3628: abstractions/chaiwala-helpers AppArmor abstraction removed
The abstractions/chaiwala-helpers AppArmor abstraction had undesirable security properties. It was deprecated in 17.03 and removed in 17.06.

T3612: @{XDGRUNTIMEDIR} AppArmor variable removed in favour of /run/user/[0-9]*
Apertis' modified AppArmor tunables previously defined a variable named @{XDGRUNTIMEDIR} which is not present in upstream AppArmor, hindering portability of AppArmor profiles between distributions. This was deprecated in 17.03 and removed in 17.06. Please replace all instances of @{XDGRUNTIMEDIR} in profiles with /run/user/[0-9]*.

T3604: chaiwala-apparmor-session-lockdown package obsoleted
The purpose of the chaiwala-apparmor-session-lockdown package was not clear. It was deprecated in 17.03 and converted into an empty transitional package in 17.06, and should be removed altogether in 17.09.

T3601: abstractions/dbus-daemon AppArmor abstraction removed
The abstractions/dbus-daemon AppArmor abstraction did not appear to be useful, because every dbus-daemon on Apertis is part of the trusted computing base and part of the platform infrastructure, so a dbus-daemon is not a useful thing for third-party code to be launching. It was deprecated in 17.03 and removed in 17.06.

T3600: abstractions/chaiwala-user-write AppArmor abstraction removed
The abstractions/chaiwala-user-write AppArmor abstraction was too broad to be useful, and granted the confined process enough privileges to escape from its confinement by executing arbitrary unconfined code. It also did not appear to be used in Apertis. It was deprecated in 17.03 and removed in 17.06.

T3599: abstractions/chaiwala-user-read AppArmor abstraction removed
The abstractions/chaiwala-user-read AppArmor abstraction was too broad to be useful, and granted the confined process read access to the entire home directory. It was deprecated in 17.03 and removed in 17.06.

T3592: abstractions/chaiwala-execution is removed in favour of not doing anything
The abstractions/chaiwala-execution AppArmor abstraction was empty. It was deprecated in 17.03 and removed in 17.06.

T3586: abstractions/chaiwala-cameras removed with no immediate replacement
The abstractions/chaiwala-cameras AppArmor abstraction did not have the effect that its documentation suggested. It was deprecated in 17.03 and removed in 17.06. T3515 tracks design work on similar concepts.


Apertis infrastructure tools

For Debian Jessie based systems:

 $ deb https://repositories.apertis.org/debian/ jessie tools

For Ubuntu Trusty based systems:

 $ deb https://repositories.apertis.org/ubuntu/ trusty tools


Image daily builds, as well as release builds can be found at:


Image build tools can be found in the Apertis tools repositories.

Known issues

High (5)

  • T4068 GApplication are not visible after they are relaunched.
  • T2704 The video player window is split into 2 frames in default view
  • T4060 ARM64 board fails to boot minimal Apertis images
  • T4049 Kernel panic when using ARM64 board as build server
  • T3856 Applications don't launch when clicked from quick launcher instead a Blank screen is seen

Normal (127)

  • T4067 libjackson-json-java fails to build from source
  • T4066 libreoffice fails to build from source on aarch64
  • T4065 subversion fails to build from source on aarch64 and armv7hl
  • T4064 serf fails to build from source on some x86_64
  • T4063 Observing multiple service instances in all 17.06 SDK images
  • T4061 ade: Fails to install multiple sysroots
  • T4056 Frampton application doesn't load when we re-launch them after clicking the back button
  • T4052 Rendering issue observed on websites like http://www.moneycontrol.com
  • T4050 Render theme buttons are not updating with respect to different zoom levels
  • T4048 HTML5 demo video's appear flipped when played on webkit2 based browser app
  • T4047 Broken HTML generation in Backworth for the developers portal website
  • T4046 Page rendering is not smooth in sites like www.yahoo.com
  • T4031 Mildenhall should install themes in the standard xdg data dirs
  • T4027 webkit2GTK crash observed flicking on webview from other widget
  • T4023 Failed to load Captcha in Apertis developer portal
  • T4011 webkit-ac-3d-rendering test case fails
  • T4005 Newport test fails on minimal images
  • T3996 Avoid unconstrained dbus AppArmor rules in frome
  • T3992 Steps like pattern is seen in the background in songs application
  • T3991 virtual keyboard is not showing for password input field of any webpage
  • T3983 u-boot: Unable to find the device tree for R-car starter kit H3UCLB
  • T3980 Shutdown not working properly in virtualbox
  • T3973 bredon-0-launcher should be shipped in its own package, not in libbredon-0-1
  • T3972 webview-test should be shipped in libbredon-0-tests instead of libbredon-0-1
  • T3971 libbredon/seed uninstallable on target as they depend on libraries in :development
  • T3970 Mismatching gvfs/gvfs-common and libatk1.0-0/libatk1.0-data package versions in the archive
  • T3969 MildenhallSelPopupItem model should be changed to accept only gchar * instead of MildenhallSelPopupItemIconDetail for icons
  • T3965 Rhosydd service crashes when client exits on some special usecases (Refer description for it)
  • T3955 rhosydd-client crashes when displaying vehicle properties for mock backend
  • T3940 libmildenhall-0-0 contains files that would conflict with a future libmildenhall-0-1
  • T3939 libshoreham packaging bugs
  • T3920 arm-linux-gnueabihf-pkg-config does not work with sysroots installed by `ade`
  • T3909 MildenhallSelectionPopupItem doesn't take ownership when set properties
  • T2367 Videos are hidden when Eye is launched
  • T3771 Roller problem in settings application
  • T3798 In mildenhall, URL history speller implementation is incomplete.
  • T3797 Variable roller is not working
  • T3770 Songs do not start playing from the beginning but instead start a little ahead
  • T3769 Blank screen seen in Songs application on re-entry
  • T3763 Compositor hides the other screens
  • T3759 Status bar is not getting updated with the current song/video being played
  • T3730 canterbury: Most of the tests fail
  • T3729 ribchester: gnome-desktop-testing test times out
  • T3728 rhosydd: integration test fails
  • T3727 didcot-client: autopkgtest fails with org.apertis.Didcot.Error.NoApplicationFound and "Unit didcot.service could not be found"
  • T3724 GtkClutterLauncher: Segfaults with mouse right-clicking
  • T3694 Cross debugging through GDB and GDBserver Not possible.
  • T3687 Voice/Audio is not heard for the Bluez-hfp profile in i.MX6
  • T3647 The web runtime doesn't set the related view when opening new windows
  • T3631 Segmentation fault when disposing test executable of mildenhall
  • T3588 <abstractions/chaiwala-base> gives privileges that not every app-bundle should have
  • T3580 Canterbury entry-point launching hides global popups, but only sometimes
  • T3569 Album art is missing in one of the rows of the songs application
  • T3568 folks: random tests fail
  • T3564 GLib, GIO Reference Manual links are incorrectly swapped
  • T3563 GObject Generator link throws 404 error
  • T3552 Search feature doesn't work correctly for appdev portal located at https://appdev.apertis.org/documentation/index.html
  • T3537 cgroups-resource-control: test network-cgroup-prio-class failed
  • T3517 webview Y offset not considered to place, full screen video on youtube webpage
  • T3506 Confirm dialog status updated before selecting the confirm option YES/NO
  • T3474 gupnp-services tests test_service_browsing and test_service_introspection fail on target-arm image
  • T3433 Resizing the window causes page corruption
  • T3431 Content on a webpage doesn't load in sync with the scroll bar
  • T3332 Compositor seems to hide the bottom menu of a webpage
  • T3331 telepathy-gabble-tests should depend on python-dbus
  • T3321 libgles2-vivante-dev is not installable
  • T3319 mx6qsabrelite: linking issue with libgstimxeglvivsink.so and libgstimxvpu.so gstreamer plugins
  • T3292 apparmor-folks: unable to link contacts to test unlinking
  • T3291 tracker tests: Error creating thumbnails: No poster key found in metadata
  • T3280 Cannot open links within website like yahoo.com
  • T3278 mildenhall_launcher process needs to be killed in order to view browser using webkit2 GtkClutterLauncher
  • T3276 Not enough space in /opt to download and install sysroot
  • T3248 polkit-parsing: TEST_RESULT:fail
  • T3237 make check fails on libbredon package for wayland warnings
  • T3233 Ribchester: deadlock when calling RemoveApp() right after RollBack()
  • T3219 Canterbury messes up kerning when .desktop uses unicode chars
  • T3218 VirtualBox freezes using 100% CPU when resuming the host from suspend
  • T3217 VirtualBox display freezes when creating multiple notifications at once and interacting (hover and click) with them
  • T3189 apparmor-tracker: underlying_tests failed
  • T3187 tracker-indexing-local-storage: Stopping tracker-store services
  • T3174 Clang package fails to install appropriate egg-info needed by hotdoc
  • T3171 Unusable header in Traprain section in Devhelp
  • T3164 Album Art Thumbnail missing in Thumb view in ARTIST Application
  • T3161 If 2 drawers are activated, the most recent one hides behind the older one, instead of coming on top of older one.
  • T3121 Test apps are failing in Liblightwood with the use of GTest
  • T2995 Focus in launcher rollers broken because of copy/paste errors
  • T2986 Mismatch between server version file and sysroot version
  • T2946 Pulse Audio volume control doesn't launch as a separate window on SDK
  • T2917 Images for the video links are not shown in news.google.com on GtkClutterLauncher
  • T2896 Crash when initialising egl on ARM target
  • T2890 Zoom in feature does not work on google maps
  • T2889 Cannot open/view pdf documents in browser (GtkClutterLauncher)
  • T2885 Drop down lists are not working on a site like facebook
  • T2861 gupnp-services: test service failed
  • T2858 shapwick reads /etc/nsswitch.conf and /etc/passwd, and writes /var/root/.cache/dconf/
  • T2857 factory reset with a different image's rootfs.tar.gz results in emergency mode
  • T2853 GStreamer playbin prioritises imxeglvivsink over clutterautovideosink
  • T2850 Fix folks EDS tests to not be racy
  • T2833 Interaction with PulseAudio not allowed by its AppArmor profile
  • T2790 Background video is not played in some website with GtkClutterLauncher
  • T2788 Share links to facebook, twitter are nbt working in browser (GtkClutterLauncher)
  • T2785 The background HMI is blank on clicking the button for Power OFF
  • T2782 libsoup-unit: ssl-test failed for ARM
  • T2781 Horizontal scroll is not shown on GtkClutterLauncher
  • T2718 telepathy-gabble: Several tests failed
  • T2690 Investigate why development ARM image fails to generate
  • T2635 minimal image: DISPLAY sanity check tests failed
  • T2593 Unsupported language text is not shown on the page in GtkClutterLauncher
  • T2560 Back option is missing as part of the tool tip
  • T2550 Target doesn't reboot after system update
  • T2501 Bluetooth pairing option not working as expected
  • T2483 Video doesn't play when toggling from full screen to detail view
  • T2475 Theme ,any F node which is a child of an E node is not working for Apertis widgets.
  • T2474 cgroups-resource-control: blkio-weights tests failed
  • T2318 mildenhall-settings: does not generate localization files from source
  • T2317 libgrassmoor: executes tracker-control binary
  • T2299 Clutter_text_set_text API redraws entire clutterstage
  • T2239 factory-reset-tool TC: flagcheck messages are hidden by Plymouth
  • T2235 mxkineticscrollview-smooth-pan:Free scroll doesn't work
  • T2226 Network search pop-up isn't coming up in wi-fi settings
  • T2224 apparmor-libreoffice: libreoffice.normal.expected fails: ods_to_pdf: fail [Bugzilla bug #331]
  • T2149 apparmor-pulseaudio: ARM Failed to drain stream: Timeout
  • T2142 Power button appers to be disabled on target
  • T2028 Documentation is not available from the main folder
  • T2787 Only half of the hmi is covered when opening gnome.org
  • T1556 No connectivity Popup is not seen when the internet is disconnected.
  • T1361 Not able to load heavy sites on GtkClutterLauncher

Low (10)

  • T3595 qemu-arm-static not found in the pre installed qemu-user-static package
  • T3430 Spacing issues between text and selection box in website like amazon
  • T3183 gstreamer1-0-decode: Failed to load plugin warning
  • T3008 beep audio decoder gives errors continously
  • T2905 Context drawer displced when switching to fullscreen in browser app
  • T2498 Simulator screen is not in center but left aligned
  • T2332 bluetooth device pair failing with "Invalid arguments in method call"
  • T2110 webkit-clutter-javascriptcore: run-javascriptcore-tests fails
  • T1964 Mildenhall compositor crops windows
  • T1809 Upstream: linux-tools-generic should depend on lsb-release
Personal tools