Ubuntu 9.10 技术概述:修订间差异
小 →20 |
|||
(未显示16个用户的76个中间版本) | |||
第3行: | 第3行: | ||
如果觉得太长,可以再加 ====。总之请翻译好一个段落。再次请求,请不要删除或覆盖英文原句。 | 如果觉得太长,可以再加 ====。总之请翻译好一个段落。再次请求,请不要删除或覆盖英文原句。 | ||
==== | 原文地址:http://www.ubuntu.com/testing/karmic/beta | ||
原 Wiki 地址:https://wiki.ubuntu.com/KarmicKoala/TechnicalOverview | |||
两次换行可以使得中英文不再'''”紧密相连“''' | |||
==1== | |||
9.10 Technical Overview | 9.10 Technical Overview | ||
第15行: | 第20行: | ||
The Ubuntu developers are moving quickly to bring you the latest and greatest software the Open Source Community has to offer. This is the Ubuntu 9.10 beta release, which brings a host of exciting new features. | The Ubuntu developers are moving quickly to bring you the latest and greatest software the Open Source Community has to offer. This is the Ubuntu 9.10 beta release, which brings a host of exciting new features. | ||
Ubuntu开发团队正以最快的速度为您带来开源软件社区提供的软件中最新最好的软件。本版本是 Ubuntu 9.10 beta 版,它带来了许多令人兴奋的新特性。 | |||
Note: This is a beta release. Do not install it on production machines. The final stable version will be released on October 29th, 2009. | Note: This is a beta release. Do not install it on production machines. The final stable version will be released on October 29th, 2009. | ||
注意: | 注意: 这是一个 beta 版本。请不要安装在用于出售的计算机上。最终稳定版本将会在2009年10月29日发布。 | ||
==== | ==2== | ||
Upgrading from Ubuntu 9.04 | |||
To upgrade from Ubuntu 9.04 on a desktop system, press Alt+F2 and type in "update-manager -d" (without the quotes) into the command box. Update Manager should open up and tell you: New distribution release '9.10' is available. Click Upgrade and follow the on-screen instructions. | To upgrade from Ubuntu 9.04 on a desktop system, press Alt+F2 and type in "update-manager -d" (without the quotes) into the command box. Update Manager should open up and tell you: New distribution release '9.10' is available. Click Upgrade and follow the on-screen instructions. | ||
第28行: | 第33行: | ||
To upgrade from Ubuntu 9.04 on a server system: install the update-manager-core package if it is not already installed; edit /etc/update-manager/release-upgrades and set Prompt=normal; launch the upgrade tool with the command sudo do-release-upgrade -d; and follow the on-screen instructions. | To upgrade from Ubuntu 9.04 on a server system: install the update-manager-core package if it is not already installed; edit /etc/update-manager/release-upgrades and set Prompt=normal; launch the upgrade tool with the command sudo do-release-upgrade -d; and follow the on-screen instructions. | ||
由Ubuntu 9.04 升级 | |||
==== | 如果你是从Ubuntu9.04桌面版升级:请按下Alt+F2并且在弹出的命令行中输入 "update-manager -d"(不包含引号),更新管理器将会启动并提示:新发行版 ‘9.10’ 可用。点击“更新”并按照屏幕上的指导操作即可。 | ||
如果你是从Ubuntu9.04服务器版升级:如果机器上还没有安装update-manager-core软件包,先安装该软件包;然后编辑/etc/update-manager/release-upgrades文件,设置Prompt=normal。执行“sudo do-release-upgrade -d”命令启动更新管理器,并按照屏幕上的指导操作即可。 | |||
==3== | |||
下载 | 下载 | ||
第120行: | 第128行: | ||
New features since Ubuntu 9.04 | New features since Ubuntu 9.04 | ||
自Ubuntu 9. | 自Ubuntu 9.04起的新特性 | ||
These features are showcased for your attention. Please test them and report any bugs you find: | These features are showcased for your attention. Please test them and report any bugs you find: | ||
下面是新特性简介,敬请关注。请对它们进行测试并按照下面的地址报告您发现的bugs: | |||
http://help.ubuntu.com/community/ReportingBugs | http://help.ubuntu.com/community/ReportingBugs | ||
==== | ==4== | ||
Upstart | Upstart | ||
As part of our boot performance work, we have now transitioned to Upstart. If you are testing on your primary machine, we strongly suggest having an Ubuntu 9.10 LiveCD available, or creating an Alpha 5 USB startup disk before doing an upgrade. This will allow us to help you recover in the case that something goes wrong during the boot of your system after upgrade. We request that all bugs affecting the performance or functionality of boot be tagged with ubuntu-boot in Launchpad.Boot Experience | As part of our boot performance work, we have now transitioned to Upstart. If you are testing on your primary machine, we strongly suggest having an Ubuntu 9.10 LiveCD available, or creating an Alpha 5 USB startup disk before doing an upgrade. This will allow us to help you recover in the case that something goes wrong during the boot of your system after upgrade. We request that all bugs affecting the performance or functionality of boot be tagged with ubuntu-boot in Launchpad. | ||
作为提高系统启动性能工作的一部分,目前我们已经过渡到 Upstart。如果您是在重要的机器上测试,我们强烈建议您在升级前准备一张 Ubuntu 9.10 LiveCD光盘,或者创建一个Alpha 5的USB启动盘。这将使我们能够在您升级之后启动系统过程中发生故障时帮助您恢复系统。我们要求把所有影响系统启动性能和启动功能的bug都用ubuntu-boot标记在Launchpad版面。 | |||
Boot Experience | |||
引导体验 | |||
We've done some work on improving the overall look and feel of booting the system. Please open bugs with the tag "ubuntu-boot-experience" on any messages you see flashed after grub loads and before the new Ubuntu Splash screen (xsplash) displays. If you have trouble catching them before the splash screen loads, you can also check vt1 or dmesg output for copies of these messages. We also accept photos or video attachments if that's easier, however please make sure the text is readable. | We've done some work on improving the overall look and feel of booting the system. Please open bugs with the tag "ubuntu-boot-experience" on any messages you see flashed after grub loads and before the new Ubuntu Splash screen (xsplash) displays. If you have trouble catching them before the splash screen loads, you can also check vt1 or dmesg output for copies of these messages. We also accept photos or video attachments if that's easier, however please make sure the text is readable. | ||
我们在改进系统整体观感方面做了一些工作。如果在grub加载之后,显示Ubuntu Splash Screen(xsplash)之前您看到任何的错误信息,请用“ubuntu-boot-experience"标签提供错误报告。如果您在splash画面加载之前无法捕获到这些消息,您还可以通过检查vt1或dmesg命令输出获得这些消息的副本。我们也接受图片或视频附件-如果您觉得那样更方便的话,不过,清确保文字部分能看得清。 | 我们在改进系统整体观感方面做了一些工作。如果在grub加载之后,显示Ubuntu Splash Screen(xsplash)之前您看到任何的错误信息,请用“ubuntu-boot-experience"标签提供错误报告。如果您在splash画面加载之前无法捕获到这些消息,您还可以通过检查vt1或dmesg命令输出获得这些消息的副本。我们也接受图片或视频附件-如果您觉得那样更方便的话,不过,清确保文字部分能看得清。 | ||
==5== | |||
Software Center | Software Center | ||
软件中心 | |||
Ubuntu 9.10 Beta includes the Ubuntu Software Center, replacing 'Add/Remove' in the Applications menu. We kindly request users to try it out, and report any bugs they find. | Ubuntu 9.10 Beta includes the Ubuntu Software Center, replacing 'Add/Remove' in the Applications menu. We kindly request users to try it out, and report any bugs they find. | ||
Ubuntu 9.10 Beta版包括Ubuntu Software Center( | Ubuntu 9.10 Beta版包括Ubuntu Software Center(Ubuntu软件中心),用以替代应用程序菜单中的'Add/Remove'(添加/删除)项。我们真诚的请求ubuntu用户试用这一新功能,并且报告发现的bug。 | ||
==== | ==6== | ||
GNOME | GNOME | ||
第152行: | 第168行: | ||
* Empathy has replaced Pidgin as the default instant messaging client, introducing the Telepathy framework. | * Empathy has replaced Pidgin as the default instant messaging client, introducing the Telepathy framework. | ||
* The gdm 2.28 login manager is a complete rewrite compared to the version in earlier Ubuntu releases, permitting a more integrated login experience. | * The gdm 2.28 login manager is a complete rewrite compared to the version in earlier Ubuntu releases, permitting a more integrated login experience. | ||
第160行: | 第177行: | ||
GNOME | GNOME | ||
ubuntu 9.10测式版包括了GNOME最新版本GNOME 2.28 桌面环境,此版本包含了许多非常先进的功能、特性。 | |||
* 引入了 Telepathy 架构的Empathy并替换Pidgin成为首选的即时通讯客户端。 | |||
* GDM2.28是完全改写了老版本的代码的新登录管理器,它将带给您更好的登录体验。 | |||
应用程序的快速开发 | |||
==== | 快速开发应用程序使得开发人员更容易为ubuntu开发出新的应用程序,并以 .deb包或私有档案包的形式和他人共享这些应用程序。 | ||
==7== | |||
Kubuntu | Kubuntu | ||
Kubuntu 9.10 includes the first Kubuntu Netbook release, Social from the Start and the latest KDE packages. See the Kubuntu technical overview. | Kubuntu 9.10 includes the first Kubuntu Netbook release, Social from the Start and the latest KDE packages. See the Kubuntu technical overview. | ||
Kubuntu 9.10包括了第一个Kubuntu上网本版本, 使用了最新的KDE包。 详情请看 [[UbuntuWiki:KarmicKoala/Beta/Kubuntu|Kubuntu技术概要]]。 | |||
==8== | |||
Ubuntu Enterprise Cloud Images | Ubuntu Enterprise Cloud Images | ||
Ubuntu 9.10 Beta includes images for common use on Ubuntu Enterprise Cloud (UEC) and Amazon's EC2. You can try out the latest Ubuntu 9.10 server image instantly on EC2 using a preconfigured AMI, or download an image and put it into your own Ubuntu Enterprise Cloud. For information on using UEC images on Amazon EC2, see the EC2 Starter's Guide. | Ubuntu 9.10 Beta includes images for common use on Ubuntu Enterprise Cloud (UEC) and Amazon's EC2. You can try out the latest Ubuntu 9.10 server image instantly on EC2 using a preconfigured AMI, or download an image and put it into your own Ubuntu Enterprise Cloud. For information on using UEC images on Amazon EC2, see the EC2 Starter's Guide. | ||
Ubuntu企业云系统镜像 | |||
Ubuntu 9.10 测试版包括了Ubuntu Enterprse Cloud(UEC,Ubuntu企业云系统)和Amazon的EC2普通功能的镜像。您可以直接在EC2上用预设的AMI直接使用最新的Ubuntu 9.10服务器镜像,或者下载一个镜像然后放进你自己的Ubuntu Enterprise Cloud。关于在 Amazon EC2 上使用 UEC 镜像的知识,请参考 EC2 新手指南。 | |||
==9== | |||
Ubuntu One file sharing | Ubuntu One file sharing | ||
Ubuntu 9.10 Beta ships the Ubuntu One file sharing service by default, providing tightly-integrated file synchronization of your computer with other computers and the Ubuntu One network storage service. | Ubuntu 9.10 Beta ships the Ubuntu One file sharing service by default, providing tightly-integrated file synchronization of your computer with other computers and the Ubuntu One network storage service. | ||
Ubuntu One 文件共享 | |||
Ubuntu 9.10 测试版默认集成了Ubuntu One文件共享服务, 提供系统和服务器间的高兼容的文件同步功能以及 Ubuntu One 网络存储服务。 | |||
==10== | |||
Linux kernel 2.6.31 | Linux kernel 2.6.31 | ||
Ubuntu 9.10 Beta includes the 2.6.31-11.36 kernel based on 2.6.31.1. The kernel ships with Kernel Mode Setting enabled for Intel graphics (see below). linux-restricted-modules is deprecated in favour of DKMS packages. | Ubuntu 9.10 Beta includes the 2.6.31-11.36 kernel based on 2.6.31.1. The kernel ships with Kernel Mode Setting enabled for Intel graphics (see below). linux-restricted-modules is deprecated in favour of DKMS packages. | ||
Ubuntu 9.10 Beta 包含了基于2.6.31.1的2.6.31-11.36的内核。该内核为Intel graphics 开启了随内核模式设置(参见下文)。linux-restricted-module 为支持 DKMS 封装而已淘汰。 | |||
hal deprecation | hal deprecation | ||
取消 hal (翻译为这个意思是否合适?)(或是hal被取消?) | |||
Ubuntu 9.10 Beta's underlying technology for power management, laptop hotkeys, and handling of storage devices and cameras maps has moved from "hal" (which is in the process of being deprecated) to "DeviceKit-power", "DeviceKit-disks" and "udev". When testing Ubuntu 9.10 Beta, please be alert for regressions in those areas and report any bugs you find. | Ubuntu 9.10 Beta's underlying technology for power management, laptop hotkeys, and handling of storage devices and cameras maps has moved from "hal" (which is in the process of being deprecated) to "DeviceKit-power", "DeviceKit-disks" and "udev". When testing Ubuntu 9.10 Beta, please be alert for regressions in those areas and report any bugs you find. | ||
Ubuntu 9.10 测试版的电源管理,笔记本快捷键,存储处理还有图像技术之类的基础技术已经从“hal”(将要去掉)转成“DeviceKit-power", "DeviceKit-disks"和"udev". 测试的时候请注意,这部分内容有可能会比以前退步,请报告你发现的bugs。 | |||
New Intel video driver architecture available for testing | New Intel video driver architecture available for testing | ||
The Intel video driver has switched from the "EXA" acceleration method to the new "UXA", solving major performance problems of Ubuntu 9.04. Ubuntu 9.10 Beta also features kernel mode setting by default on Intel hardware, which reduces boot-time flickering and dramatically speeds up suspend/resume. | The Intel video driver has switched from the "EXA" acceleration method to the new "UXA", solving major performance problems of Ubuntu 9.04. Ubuntu 9.10 Beta also features kernel mode setting by default on Intel hardware, which reduces boot-time flickering and dramatically speeds up suspend/resume. | ||
== | |||
新Intel视频驱动结构可以进行测试了 | |||
Intel显卡驱动从“Exa”加速模式转换成了"UXA", 解决了Ubuntu 9.04重要的性能问题, Ubuntu 9.10 beta 默认为Intel硬件启用了“内核模式”, 减少了系统启动时的闪烁并且加速了休眠/唤醒的速度。 | |||
==11== | |||
ext4 by default | ext4 by default | ||
默认使用 ext4 | |||
The new "ext4" filesystem is used by default for new installations with Ubuntu 9.10 Beta; of course, other filesystems are still available via the manual partitioner. Existing filesystems will not be upgraded. | The new "ext4" filesystem is used by default for new installations with Ubuntu 9.10 Beta; of course, other filesystems are still available via the manual partitioner. Existing filesystems will not be upgraded. | ||
新的 ext4 | 新的 ext4 文件系统已经默认成为 Ubuntu 9.10 beta安装文件系统;当然,其他文件系统在手工分区时依然可以使用。当前文件系统不会被升级。 | ||
If you have full backups and are confident, you can upgrade an existing ext3 filesystem to ext4 by following directions in the Ext4 Howto. (Note that the comments on that page at the time of writing about Ubuntu's use of vol_id vs. blkid are out of date and are not applicable to Ubuntu 9.10 Beta.) Maximum performance will typically only be achieved on new filesystems, not on filesystems that have been upgraded from ext3. | If you have full backups and are confident, you can upgrade an existing ext3 filesystem to ext4 by following directions in the Ext4 Howto. (Note that the comments on that page at the time of writing about Ubuntu's use of vol_id vs. blkid are out of date and are not applicable to Ubuntu 9.10 Beta.) Maximum performance will typically only be achieved on new filesystems, not on filesystems that have been upgraded from ext3. | ||
假如你已经做了完全备份,并且自信可以搞定未知问题,可以按照 Ext4 Howto 里的说明来升级当前的ext3到ext4。(注意:当时有关Ubuntu中使用vol_id vs. blkid的论述已经“过期”,并不适用于Ubuntu 9.10 Beta)不过,最佳性能只能由全新的ext4系统来体现,从ext3的升级并不能发挥ext4的全部性能。 | |||
==== | ==12== | ||
GRUB 2 by default | GRUB 2 by default | ||
第214行: | 第261行: | ||
GRUB2 已经成为默认配置。 | GRUB2 已经成为默认配置。 | ||
GRUB2已经成为Ubuntu9. | GRUB2已经成为Ubuntu9.10beta全新安装时默认的启动装载程序,代替了以前“旧的”GRUB引导程序。考虑到升级现有系统的引导装载程序有一定风险,所以这次不会自动升级您的引导装载程序。 | ||
如果 您希望升级到GRUB2,请您阅读GRUB2测试者网页来获得信息,此页面同时提供了手动升级指南。 | 如果 您希望升级到GRUB2,请您阅读GRUB2测试者网页来获得信息,此页面同时提供了手动升级指南。 | ||
跟以前的Grub相比,Grub 2还缺少部分功能。 值得一提的是少了加锁/密码支持, grub-reboot功能,还有虚拟机监视器的处理。 | |||
==== | ==13== | ||
iSCSI installation | iSCSI installation | ||
第233行: | 第280行: | ||
当前已支持将根文件系统放置在iSCSI设备上。 | 当前已支持将根文件系统放置在iSCSI设备上。 | ||
==== | ==14== | ||
AppArmor | AppArmor | ||
第242行: | 第289行: | ||
Ubuntu 9.10 Beta 中的AppArmor采用了一个改进的分析程序,它使用缓冲文件极大地加快了系统引导时AppArmor的初始化速度。AppArmor当前已支持'pux'选项,当此选项被设置后,表明该进程在运行期间能够切换到一个已有的配置,或者此进程的权限初始化为不受限制。 | Ubuntu 9.10 Beta 中的AppArmor采用了一个改进的分析程序,它使用缓冲文件极大地加快了系统引导时AppArmor的初始化速度。AppArmor当前已支持'pux'选项,当此选项被设置后,表明该进程在运行期间能够切换到一个已有的配置,或者此进程的权限初始化为不受限制。 | ||
==== | ==15== | ||
New profiles | New profiles | ||
新增配置文件 | |||
In addition to the above changes to AppArmor itself, several profiles were added. Enforcing profiles for ntpd, the GNOME document viewer (evince), and libvirt are enabled by default. Complain mode profiles for Dovecot are now available in the apparmor-profiles package. A new profile is provided for Firefox as well, though it is disabled by default. Users can enable AppArmor sandboxing of their browser by running: | In addition to the above changes to AppArmor itself, several profiles were added. Enforcing profiles for ntpd, the GNOME document viewer (evince), and libvirt are enabled by default. Complain mode profiles for Dovecot are now available in the apparmor-profiles package. A new profile is provided for Firefox as well, though it is disabled by default. Users can enable AppArmor sandboxing of their browser by running: | ||
除了 AppArmor 自身的上述变化外,新增了一些配置文件。 ntpd、GNOME 文档查看器(evince)和 libvirt 的强制性配置文件默认启用。在 apparmor-profiles 软件包中,Dovecot 的 Complain 模式配置文件是可用的。也提供了一个用于 Firefox 的新配置文件,虽然默认是禁用的。用户可以通过运行以下命令启用浏览器的 AppArmor sandboxing: | |||
$ sudo aa-enforce /etc/apparmor.d/usr.bin.firefox-3.5 | $ sudo aa-enforce /etc/apparmor.d/usr.bin.firefox-3.5 | ||
第251行: | 第302行: | ||
Please see the SecurityTeam/KnowledgeBase for a full listing of readily available profiles in Ubuntu. | Please see the SecurityTeam/KnowledgeBase for a full listing of readily available profiles in Ubuntu. | ||
==== | 请参阅 [[UbuntuWiki:SecurityTeam/KnowledgeBase|SecurityTeam/KnowledgeBase]]以获取在 Ubuntu 中现成的可用配置文件的完整列表。 | ||
==16== | |||
Libvirt | Libvirt | ||
libvirt | |||
Libvirt now contains AppArmor integration when using KVM or QEMU. Libvirtd is configured to launch virtual machines that are confined by uniquely restrictive AppArmor profiles. This feature significantly improves virtualisation in Ubuntu by providing user-space host protection as well as guest isolation. | Libvirt now contains AppArmor integration when using KVM or QEMU. Libvirtd is configured to launch virtual machines that are confined by uniquely restrictive AppArmor profiles. This feature significantly improves virtualisation in Ubuntu by providing user-space host protection as well as guest isolation. | ||
当使用 KVM 或 QEMU 时,Libvirt 现在包含了 AppArmor 集成。Libvirtd 被配置为运行由独特限制性 AppArmor 配置文件所局限的虚拟机。此功能通过提供用户区主机防护以及客人隔离,显著提高 Ubuntu 中的虚拟化。 | |||
Uncomplicated Firewall | Uncomplicated Firewall | ||
简单的防火墙 | |||
The Uncomplicated Firewall now has support for filtering by interface and egress filtering when using the ufw command. Documentation for ufw is also improved to help users better utilise the ufw framework and take full advantage of Linux netfilter's power and flexibility. See UbuntuFirewall#Features for a full list of features. | The Uncomplicated Firewall now has support for filtering by interface and egress filtering when using the ufw command. Documentation for ufw is also improved to help users better utilise the ufw framework and take full advantage of Linux netfilter's power and flexibility. See UbuntuFirewall#Features for a full list of features. | ||
==== | |||
简单的防火墙(UFW)现在已经支持通过界面操作进行过滤,并且可使用 ufw 命令过滤外出连接。改进了的 UFW 的相关文档帮助用户更好地利用 ufw 框架并充分发挥 Linux netfilter(网络过滤器)的强大而灵活的优势. 请参阅 [[UbuntuWiki:UbuntuFirewall#Features|UbuntuFirewall#Features]] ,以获知功能特性的完整列表。 | |||
==17== | |||
Non-eXecutable Emulation | Non-eXecutable Emulation | ||
不可执行内存保护模拟 | |||
Non-eXecutable (NX) memory protection, also known as eXecute-Disable (XD), has always been available in Ubuntu for any systems that had the hardware to support it and ran the 64-bit kernel or the 32-bit server kernel. The 32-bit PAE desktop kernel (linux-image-generic-pae) now also provides the PAE mode needed for hardware with the NX CPU feature. | Non-eXecutable (NX) memory protection, also known as eXecute-Disable (XD), has always been available in Ubuntu for any systems that had the hardware to support it and ran the 64-bit kernel or the 32-bit server kernel. The 32-bit PAE desktop kernel (linux-image-generic-pae) now also provides the PAE mode needed for hardware with the NX CPU feature. | ||
“不可执行内存保护“(英文缩写NX),也叫执行禁止(英文缩写XD),原来只有Ubuntu的64位内核、32位服务器内核具备,并且需要相应的系统硬件支持。现在,32位的PAE桌面内核也能够为那些具备NX特性的CPU提供支持。 | |||
For systems that lack NX hardware, the 32-bit kernels now provide an approximation of the NX CPU feature via software emulation that can help block many exploits an attacker might run from stack or heap memory. | For systems that lack NX hardware, the 32-bit kernels now provide an approximation of the NX CPU feature via software emulation that can help block many exploits an attacker might run from stack or heap memory. | ||
对于那些硬件上不具备NX特性的系统,该32位内核现在能通过软件模拟的方式提供近似功能,可以帮助锁定许多从内存栈(或堆)上运行的入侵行为。 | |||
Blocking Module Loading | Blocking Module Loading | ||
模块装载锁定 | |||
To block the loading of any further modules after boot (generally for servers with unchanging hardware), the /proc/sys/kernel/modules_disabled one-way sysctl flag now exists to add another layer of protections against attackers loading kernel rootkits. | To block the loading of any further modules after boot (generally for servers with unchanging hardware), the /proc/sys/kernel/modules_disabled one-way sysctl flag now exists to add another layer of protections against attackers loading kernel rootkits. | ||
==== | |||
可以锁定启动后装入的任何模块(通常用于硬件配置固定的服务器)。在/proc/sys/kernel/modules_disabled 中提供了单向 sysctl 标记,为防止攻击者加载内核rootkits又增加了一层防护。 | |||
==18== | |||
Position-Independent Executables | Position-Independent Executables | ||
Position-Independent 可执行文件 | |||
Building on the work done in Ubuntu 8.10 and 9.04 to proactively protect Ubuntu from unknown threats by using strict compiler flags, more applications have been built as Position-Independent Executables (PIE) to take advantage of the Address Space Layout Randomisation (ASLR) available in the Ubuntu kernel. | Building on the work done in Ubuntu 8.10 and 9.04 to proactively protect Ubuntu from unknown threats by using strict compiler flags, more applications have been built as Position-Independent Executables (PIE) to take advantage of the Address Space Layout Randomisation (ASLR) available in the Ubuntu kernel. | ||
通过使用严格的编译器标志,在 Ubuntu 8.10 和 9.04 上所做的构建工作可以主动保护 Ubuntu 远离未知的威胁,更多的应用程序被构建为 Position-Independent Executables (PIE),以便利用 Ubuntu 内核中现有的 Address Space Layout Randomisation (ASLR,地址空间布局随机化)。 | |||
In addition to the growing program list, PIE programs are now also built with the BIND_NOW linker flag to take full advantage of the existing RELRO linker flag. This results in PIE programs having fewer places in their memory that can be controlled to redirect program flow when an attacker attempts memory-corruption exploits. | In addition to the growing program list, PIE programs are now also built with the BIND_NOW linker flag to take full advantage of the existing RELRO linker flag. This results in PIE programs having fewer places in their memory that can be controlled to redirect program flow when an attacker attempts memory-corruption exploits. | ||
==== | |||
除不断扩大的程序列表外,PIE 程序现在也用 BIND_NOW 连接器标志构建,以充分利用现有的 RELRO 连接器标志。当攻击者尝试利用内存溢出,这会使 PIE 程序内存中可用来控制程序流重定向的余地更少。。 | |||
==19== | |||
Known issues | Known issues | ||
第280行: | 第362行: | ||
As is to be expected at this stage of the release process, there are several known bugs that users are likely to run into with Ubuntu 9.10 Beta. We have documented them here for your convenience along with any known workarounds, so that you don't need to spend time reporting these bugs again: | As is to be expected at this stage of the release process, there are several known bugs that users are likely to run into with Ubuntu 9.10 Beta. We have documented them here for your convenience along with any known workarounds, so that you don't need to spend time reporting these bugs again: | ||
正如预期的那样,发布进行到这个阶段时,用户在使用Ubuntu 9.10 beta中很有可能会遇到一些已知的 bugs。为了您的方便,在这里我们已经把它们写入文档并一道给出了一些已知的解决方法,这样您就不必要花费时间再次报告这些 bugs 了。 | |||
*Some users with Intel video chipsets will experience a black screen on reboot after install because the fbcon module is not being loaded. As a workaround, users can boot with the i915.modeset=0 option. Investigation of this issue is ongoing. (431812) | *Some users with Intel video chipsets will experience a black screen on reboot after install because the fbcon module is not being loaded. As a workaround, users can boot with the i915.modeset=0 option. Investigation of this issue is ongoing. (431812) | ||
*一些使用 Intel 视频芯片组的用户在安装完重启时会遇到黑屏,这是因为 fbcon | *一些使用 Intel 视频芯片组的用户在安装完重启时会遇到黑屏,这是因为 fbcon 模块没有被加载。一个可用的解决方案是,用户在启动系统时可以附加 i915.modeset=0 选项。对这个问题的调查仍在进行中。 | ||
*If a RAID partitioning scheme is used during installation the grub boot loader will only be installed on the first hard drive instead of all the drives. Booting the system if the first drive has failed will not work. As a workaround users can manually install grub to each disk in the array using the grub-install command (427048). | *If a RAID partitioning scheme is used during installation the grub boot loader will only be installed on the first hard drive instead of all the drives. Booting the system if the first drive has failed will not work. As a workaround users can manually install grub to each disk in the array using the grub-install command (427048). | ||
*安装系统时如果使用的是 RAID 分区模式, grup | *安装系统时如果使用的是 RAID 分区模式, grup 启动管理器将只会被安装在第一个硬盘,而不是所有的(硬盘)驱动器。如果第一个硬盘启动失败,将不能启动系统。一个可用的解决方案是,用户可以使用 grub-install 命令手动安装 grub 到磁盘阵列的每一个磁盘 | ||
*Some users report that, in connection with the conversion of the base system to native upstart jobs, the system will fail to boot if the root partition has errors. As a workaround for this problem, users can boot from external media and run fsck manually. Investigation of this issue is ongoing. (432237) | *Some users report that, in connection with the conversion of the base system to native upstart jobs, the system will fail to boot if the root partition has errors. As a workaround for this problem, users can boot from external media and run fsck manually. Investigation of this issue is ongoing. (432237) | ||
* | *一些用户报告说,在联接基本系统转换到本地 upstart 作业时,如果根分区出现错误,那么启动将会失败。这个问题的一个可用的解决方案是,用户可以从外部媒介启动系统,然后手动运行 fsck 命令。对于这个问题的调查仍在进行中。 | ||
*A bug in the boot-time ordering of NFS-related init scripts will prevent systems from booting if any "core" filesystems (including /usr or /home) are mounted over NFS. Users with such configurations are advised to wait for the Ubuntu 9.10 Release Candidate before ugrading. (431248) | *A bug in the boot-time ordering of NFS-related init scripts will prevent systems from booting if any "core" filesystems (including /usr or /home) are mounted over NFS. Users with such configurations are advised to wait for the Ubuntu 9.10 Release Candidate before ugrading. (431248) | ||
第299行: | 第381行: | ||
*When performing an Ubuntu Enterprise Cloud setup from the Server CD, Eucalyptus components fail to automatically register the components. To solve this, immediately upgrade to the latest Eucalyptus packages after installation, and sudo restart eucalyptus. (438602, 439251). | *When performing an Ubuntu Enterprise Cloud setup from the Server CD, Eucalyptus components fail to automatically register the components. To solve this, immediately upgrade to the latest Eucalyptus packages after installation, and sudo restart eucalyptus. (438602, 439251). | ||
*使用 Server CD来安装 Ubuntu Enterprise Cloud(Ubuntu 企业云系统)时,Eucalyptus 组件不能自动注册到组件。为了解决这个问题,安装完系统后直接升级 Eucalyptus 软件包到最新版本,然后运行 sudo restart eucalyptus 命令。 | |||
*In the Ubuntu Moblin Remix developer preview, the sources.list in the live image and installed systems will miss the ~moblin PPA; you can add it manually for now (420048). Also, the web browser does not function correctly in the released image; a fix for this bug is available in the ~moblin PPA (439677). | *In the Ubuntu Moblin Remix developer preview, the sources.list in the live image and installed systems will miss the ~moblin PPA; you can add it manually for now (420048). Also, the web browser does not function correctly in the released image; a fix for this bug is available in the ~moblin PPA (439677). | ||
==== | *在 Ubuntu Moblin Remix 开发者预览版中,live image 以及安装后的系统中的 sources.list(源列表)缺少 ~moblin PPA;现在你可以手动添加它。而且,在已发布的镜像中的 web 浏览器不能正常的工作,在 ~moblin PPA 中有这个bug的一个可用的修复。 | ||
==20== | |||
Reporting bugs | Reporting bugs | ||
第313行: | 第399行: | ||
If you want to help out with bugs, the Bug Squad is always looking for help. | If you want to help out with bugs, the Bug Squad is always looking for help. | ||
如果你想要帮助解决漏洞,漏洞小组一直在寻求您的帮助。 | |||
Participate in Ubuntu | Participate in Ubuntu | ||
第320行: | 第406行: | ||
If you would like to help shape Ubuntu, take a look at the list of ways you can participate at | If you would like to help shape Ubuntu, take a look at the list of ways you can participate at | ||
如果你希望帮助改进Ubuntu,到以下地址查看您可以参与的方式: | |||
http://www.ubuntu.com/community/participate/ | http://www.ubuntu.com/community/participate/ | ||
==== | ==21== | ||
More information | More information | ||
2009年12月7日 (一) 20:17的最新版本
请分段编辑,每人都轻松。 ,有空请翻译1-3段或者校对下别人的翻译,添加到中文翻译到每一个段落之后,不算很多; 如果觉得太长,可以再加 ====。总之请翻译好一个段落。再次请求,请不要删除或覆盖英文原句。
原文地址:http://www.ubuntu.com/testing/karmic/beta
原 Wiki 地址:https://wiki.ubuntu.com/KarmicKoala/TechnicalOverview
两次换行可以使得中英文不再”紧密相连“
1
9.10 Technical Overview
Ubuntu 9.10 技术概述
Introduction
引言
The Ubuntu developers are moving quickly to bring you the latest and greatest software the Open Source Community has to offer. This is the Ubuntu 9.10 beta release, which brings a host of exciting new features.
Ubuntu开发团队正以最快的速度为您带来开源软件社区提供的软件中最新最好的软件。本版本是 Ubuntu 9.10 beta 版,它带来了许多令人兴奋的新特性。
Note: This is a beta release. Do not install it on production machines. The final stable version will be released on October 29th, 2009.
注意: 这是一个 beta 版本。请不要安装在用于出售的计算机上。最终稳定版本将会在2009年10月29日发布。
2
Upgrading from Ubuntu 9.04
To upgrade from Ubuntu 9.04 on a desktop system, press Alt+F2 and type in "update-manager -d" (without the quotes) into the command box. Update Manager should open up and tell you: New distribution release '9.10' is available. Click Upgrade and follow the on-screen instructions.
To upgrade from Ubuntu 9.04 on a server system: install the update-manager-core package if it is not already installed; edit /etc/update-manager/release-upgrades and set Prompt=normal; launch the upgrade tool with the command sudo do-release-upgrade -d; and follow the on-screen instructions.
由Ubuntu 9.04 升级
如果你是从Ubuntu9.04桌面版升级:请按下Alt+F2并且在弹出的命令行中输入 "update-manager -d"(不包含引号),更新管理器将会启动并提示:新发行版 ‘9.10’ 可用。点击“更新”并按照屏幕上的指导操作即可。
如果你是从Ubuntu9.04服务器版升级:如果机器上还没有安装update-manager-core软件包,先安装该软件包;然后编辑/etc/update-manager/release-upgrades文件,设置Prompt=normal。执行“sudo do-release-upgrade -d”命令启动更新管理器,并按照屏幕上的指导操作即可。
3
下载
Get it while it's hot. ISOs and torrents are available at:
赶紧下载吧。镜像文件和种子文件可以从下面的地址获得:
http://releases.ubuntu.com/releases/9.10/ (Ubuntu Desktop, Server, and Netbook Remix) http://uec-images.ubuntu.com/releases/9.10/ (Ubuntu Server for UEC and EC2) http://releases.ubuntu.com/kubuntu/9.10/ (Kubuntu Desktop and Netbook) http://cdimage.ubuntu.com/xubuntu/releases/9.10/beta/ (Xubuntu) http://cdimage.ubuntu.com/ubuntustudio/releases/9.10/beta/ (UbuntuStudio) http://cdimage.ubuntu.com/mythbuntu/releases/9.10/beta/ (Mythbuntu) http://cdimage.ubuntu.com/edubuntu/releases/9.10/beta/ (Edubuntu)
Local mirrors are also available:
也可以使用下面的本地镜像
Africa
非洲
http://ubuntu.saix.net/ubuntu-releases/ (South Africa) http://bw.releases.ubuntu.com/ (Botswana) http://ls.releases.ubuntu.com/ (Lesotho) http://mz.releases.ubuntu.com/ (Mozambique) http://na.releases.ubuntu.com/ (Namibia) http://sz.releases.ubuntu.com/ (Swaziland)
Asia
亚洲
http://ftp.jaist.ac.jp/pub/Linux/ubuntu-releases/ (Japan) ftp://ftp.chu.edu.tw/Linux/Ubuntu/releases/ (Taiwan) ftp://ftp.corbina.net/pub/Linux/ubuntu-cd/ (Russian Federation) http://ftp.cs.pu.edu.tw/Linux/Ubuntu/ubuntu-cd/ (Taiwan) http://ftp.daum.net/ubuntu-releases/ (Korea, Republic of) http://ftp.ecc.u-tokyo.ac.jp/UBUNTU-CDS/ (Japan)
Europe
欧洲
http://de.archive.ubuntu.com/ubuntu-releases/ (Germany) http://ie.releases.ubuntu.com/ (Ireland) http://mirror.switch.ch/ftp/mirror/ubuntu-cdimage/ (Switzerland) http://releases.ubuntu.igor.onlinedirect.bg/ (Bulgaria) http://se.releases.ubuntu.com/ (Sweden) http://ubuntu.ipacct.com/releases/ (Bulgaria)
North America
北美
http://mirror.anl.gov/pub/ubuntu-iso/CDs/ (United States) http://mirror.csclub.uwaterloo.ca/ubuntu-releases/ (Canada) http://mirror.uoregon.edu/ubuntu/releases/ (United States) http://mirrors.cat.pdx.edu/ubuntu-releases/ (United States) http://mirrors.ccs.neu.edu/releases.ubuntu.com/ (United States) http://mirrors.easynews.com/linux/ubuntu-releases/ (United States)
Oceania/Australia
大洋洲/澳大利亚
http://ftp.citylink.co.nz/ubuntu-releases/ (New Zealand) http://ftp.iinet.net.au/pub/ubuntu-releases/ (Australia) http://mirror.aarnet.edu.au/pub/ubuntu/releases/ (Australia) http://nz2.releases.ubuntu.com/ (New Zealand) http://ubuntu-releases.optus.net/ (Australia) http://mirror.internode.on.net/pub/ubuntu/releases/ (Australia)
South America
南美
http://mirror.globo.com/ubuntu/releases/ (Brazil) http://mirror.pop-sc.rnp.br/mirror/ubuntu/ (Brazil) http://mirror.pop-sc.rnp.br/mirror/ubuntu-releases/ (Brazil) http://ubuntu.c3sl.ufpr.br/releases/ (Brazil) http://cl.releases.ubuntu.com/ (Chile) http://espelhos.edugraf.ufsc.br/ubuntu-releases/ (Brazil)
New features since Ubuntu 9.04
自Ubuntu 9.04起的新特性
These features are showcased for your attention. Please test them and report any bugs you find:
下面是新特性简介,敬请关注。请对它们进行测试并按照下面的地址报告您发现的bugs:
http://help.ubuntu.com/community/ReportingBugs
4
Upstart
As part of our boot performance work, we have now transitioned to Upstart. If you are testing on your primary machine, we strongly suggest having an Ubuntu 9.10 LiveCD available, or creating an Alpha 5 USB startup disk before doing an upgrade. This will allow us to help you recover in the case that something goes wrong during the boot of your system after upgrade. We request that all bugs affecting the performance or functionality of boot be tagged with ubuntu-boot in Launchpad.
作为提高系统启动性能工作的一部分,目前我们已经过渡到 Upstart。如果您是在重要的机器上测试,我们强烈建议您在升级前准备一张 Ubuntu 9.10 LiveCD光盘,或者创建一个Alpha 5的USB启动盘。这将使我们能够在您升级之后启动系统过程中发生故障时帮助您恢复系统。我们要求把所有影响系统启动性能和启动功能的bug都用ubuntu-boot标记在Launchpad版面。
Boot Experience
引导体验
We've done some work on improving the overall look and feel of booting the system. Please open bugs with the tag "ubuntu-boot-experience" on any messages you see flashed after grub loads and before the new Ubuntu Splash screen (xsplash) displays. If you have trouble catching them before the splash screen loads, you can also check vt1 or dmesg output for copies of these messages. We also accept photos or video attachments if that's easier, however please make sure the text is readable.
我们在改进系统整体观感方面做了一些工作。如果在grub加载之后,显示Ubuntu Splash Screen(xsplash)之前您看到任何的错误信息,请用“ubuntu-boot-experience"标签提供错误报告。如果您在splash画面加载之前无法捕获到这些消息,您还可以通过检查vt1或dmesg命令输出获得这些消息的副本。我们也接受图片或视频附件-如果您觉得那样更方便的话,不过,清确保文字部分能看得清。
5
Software Center
软件中心
Ubuntu 9.10 Beta includes the Ubuntu Software Center, replacing 'Add/Remove' in the Applications menu. We kindly request users to try it out, and report any bugs they find.
Ubuntu 9.10 Beta版包括Ubuntu Software Center(Ubuntu软件中心),用以替代应用程序菜单中的'Add/Remove'(添加/删除)项。我们真诚的请求ubuntu用户试用这一新功能,并且报告发现的bug。
6
GNOME
Ubuntu 9.10 Beta includes the latest GNOME 2.28 desktop environment with a number of great new features:
- Empathy has replaced Pidgin as the default instant messaging client, introducing the Telepathy framework.
- The gdm 2.28 login manager is a complete rewrite compared to the version in earlier Ubuntu releases, permitting a more integrated login experience.
Application development with Quickly
Quickly makes it easy for developers to make new applications for Ubuntu, and to share those application with other Ubuntu users via .deb packages or personal package archives.
GNOME
ubuntu 9.10测式版包括了GNOME最新版本GNOME 2.28 桌面环境,此版本包含了许多非常先进的功能、特性。
- 引入了 Telepathy 架构的Empathy并替换Pidgin成为首选的即时通讯客户端。
- GDM2.28是完全改写了老版本的代码的新登录管理器,它将带给您更好的登录体验。
应用程序的快速开发
快速开发应用程序使得开发人员更容易为ubuntu开发出新的应用程序,并以 .deb包或私有档案包的形式和他人共享这些应用程序。
7
Kubuntu
Kubuntu 9.10 includes the first Kubuntu Netbook release, Social from the Start and the latest KDE packages. See the Kubuntu technical overview.
Kubuntu 9.10包括了第一个Kubuntu上网本版本, 使用了最新的KDE包。 详情请看 Kubuntu技术概要。
8
Ubuntu Enterprise Cloud Images
Ubuntu 9.10 Beta includes images for common use on Ubuntu Enterprise Cloud (UEC) and Amazon's EC2. You can try out the latest Ubuntu 9.10 server image instantly on EC2 using a preconfigured AMI, or download an image and put it into your own Ubuntu Enterprise Cloud. For information on using UEC images on Amazon EC2, see the EC2 Starter's Guide.
Ubuntu企业云系统镜像
Ubuntu 9.10 测试版包括了Ubuntu Enterprse Cloud(UEC,Ubuntu企业云系统)和Amazon的EC2普通功能的镜像。您可以直接在EC2上用预设的AMI直接使用最新的Ubuntu 9.10服务器镜像,或者下载一个镜像然后放进你自己的Ubuntu Enterprise Cloud。关于在 Amazon EC2 上使用 UEC 镜像的知识,请参考 EC2 新手指南。
9
Ubuntu One file sharing
Ubuntu 9.10 Beta ships the Ubuntu One file sharing service by default, providing tightly-integrated file synchronization of your computer with other computers and the Ubuntu One network storage service.
Ubuntu One 文件共享
Ubuntu 9.10 测试版默认集成了Ubuntu One文件共享服务, 提供系统和服务器间的高兼容的文件同步功能以及 Ubuntu One 网络存储服务。
10
Linux kernel 2.6.31
Ubuntu 9.10 Beta includes the 2.6.31-11.36 kernel based on 2.6.31.1. The kernel ships with Kernel Mode Setting enabled for Intel graphics (see below). linux-restricted-modules is deprecated in favour of DKMS packages.
Ubuntu 9.10 Beta 包含了基于2.6.31.1的2.6.31-11.36的内核。该内核为Intel graphics 开启了随内核模式设置(参见下文)。linux-restricted-module 为支持 DKMS 封装而已淘汰。
hal deprecation
取消 hal (翻译为这个意思是否合适?)(或是hal被取消?)
Ubuntu 9.10 Beta's underlying technology for power management, laptop hotkeys, and handling of storage devices and cameras maps has moved from "hal" (which is in the process of being deprecated) to "DeviceKit-power", "DeviceKit-disks" and "udev". When testing Ubuntu 9.10 Beta, please be alert for regressions in those areas and report any bugs you find.
Ubuntu 9.10 测试版的电源管理,笔记本快捷键,存储处理还有图像技术之类的基础技术已经从“hal”(将要去掉)转成“DeviceKit-power", "DeviceKit-disks"和"udev". 测试的时候请注意,这部分内容有可能会比以前退步,请报告你发现的bugs。
New Intel video driver architecture available for testing
The Intel video driver has switched from the "EXA" acceleration method to the new "UXA", solving major performance problems of Ubuntu 9.04. Ubuntu 9.10 Beta also features kernel mode setting by default on Intel hardware, which reduces boot-time flickering and dramatically speeds up suspend/resume.
新Intel视频驱动结构可以进行测试了
Intel显卡驱动从“Exa”加速模式转换成了"UXA", 解决了Ubuntu 9.04重要的性能问题, Ubuntu 9.10 beta 默认为Intel硬件启用了“内核模式”, 减少了系统启动时的闪烁并且加速了休眠/唤醒的速度。
11
ext4 by default
默认使用 ext4
The new "ext4" filesystem is used by default for new installations with Ubuntu 9.10 Beta; of course, other filesystems are still available via the manual partitioner. Existing filesystems will not be upgraded.
新的 ext4 文件系统已经默认成为 Ubuntu 9.10 beta安装文件系统;当然,其他文件系统在手工分区时依然可以使用。当前文件系统不会被升级。
If you have full backups and are confident, you can upgrade an existing ext3 filesystem to ext4 by following directions in the Ext4 Howto. (Note that the comments on that page at the time of writing about Ubuntu's use of vol_id vs. blkid are out of date and are not applicable to Ubuntu 9.10 Beta.) Maximum performance will typically only be achieved on new filesystems, not on filesystems that have been upgraded from ext3.
假如你已经做了完全备份,并且自信可以搞定未知问题,可以按照 Ext4 Howto 里的说明来升级当前的ext3到ext4。(注意:当时有关Ubuntu中使用vol_id vs. blkid的论述已经“过期”,并不适用于Ubuntu 9.10 Beta)不过,最佳性能只能由全新的ext4系统来体现,从ext3的升级并不能发挥ext4的全部性能。
12
GRUB 2 by default
GRUB 2 is the default boot loader for new installations with Ubuntu 9.10 Beta, replacing the previous GRUB "Legacy" boot loader. Existing systems will not be upgraded to GRUB 2 at this time, as automatically reinstalling the boot loader is an inherently risky operation.
If you wish to upgrade your system to GRUB 2, then see the GRUB 2 testing page for instructions. See also the upstream draft manual.
Some features are still missing relative to GRUB Legacy. Notable among these are lock/password support, an equivalent of grub-reboot, and Xen handling.
GRUB2 已经成为默认配置。
GRUB2已经成为Ubuntu9.10beta全新安装时默认的启动装载程序,代替了以前“旧的”GRUB引导程序。考虑到升级现有系统的引导装载程序有一定风险,所以这次不会自动升级您的引导装载程序。
如果 您希望升级到GRUB2,请您阅读GRUB2测试者网页来获得信息,此页面同时提供了手动升级指南。
跟以前的Grub相比,Grub 2还缺少部分功能。 值得一提的是少了加锁/密码支持, grub-reboot功能,还有虚拟机监视器的处理。
13
iSCSI installation
The iSCSI installation process has been improved, and no longer requires iscsi=true as a boot parameter; the installer will offer you the option of logging into iSCSI targets if there are no local disks, or you can select "Configure iSCSI" in the manual partitioner.
Putting the root filesystem on iSCSI is now supported.
iSCSI 安装
iSCSI的安装过程已做了改进,不再需要设置引导参数iscsi=true。在没有本地盘的时候安装程序提供了登录iSCSI目标设备(target)的选项,或者你可以在手工分区的时候选择"Configure iSCSI"。
当前已支持将根文件系统放置在iSCSI设备上。
14
AppArmor
AppArmor in Ubuntu 9.10 Beta features an improved parser that uses cache files, greatly speeding up AppArmor initialisation on boot. AppArmor also now supports 'pux' which, when specified, means a process can transition to an existing profile if one exists or simply run unconfined if one does not.
AppArmor
Ubuntu 9.10 Beta 中的AppArmor采用了一个改进的分析程序,它使用缓冲文件极大地加快了系统引导时AppArmor的初始化速度。AppArmor当前已支持'pux'选项,当此选项被设置后,表明该进程在运行期间能够切换到一个已有的配置,或者此进程的权限初始化为不受限制。
15
New profiles
新增配置文件
In addition to the above changes to AppArmor itself, several profiles were added. Enforcing profiles for ntpd, the GNOME document viewer (evince), and libvirt are enabled by default. Complain mode profiles for Dovecot are now available in the apparmor-profiles package. A new profile is provided for Firefox as well, though it is disabled by default. Users can enable AppArmor sandboxing of their browser by running:
除了 AppArmor 自身的上述变化外,新增了一些配置文件。 ntpd、GNOME 文档查看器(evince)和 libvirt 的强制性配置文件默认启用。在 apparmor-profiles 软件包中,Dovecot 的 Complain 模式配置文件是可用的。也提供了一个用于 Firefox 的新配置文件,虽然默认是禁用的。用户可以通过运行以下命令启用浏览器的 AppArmor sandboxing:
$ sudo aa-enforce /etc/apparmor.d/usr.bin.firefox-3.5
Please see the SecurityTeam/KnowledgeBase for a full listing of readily available profiles in Ubuntu.
请参阅 SecurityTeam/KnowledgeBase以获取在 Ubuntu 中现成的可用配置文件的完整列表。
16
Libvirt
libvirt
Libvirt now contains AppArmor integration when using KVM or QEMU. Libvirtd is configured to launch virtual machines that are confined by uniquely restrictive AppArmor profiles. This feature significantly improves virtualisation in Ubuntu by providing user-space host protection as well as guest isolation.
当使用 KVM 或 QEMU 时,Libvirt 现在包含了 AppArmor 集成。Libvirtd 被配置为运行由独特限制性 AppArmor 配置文件所局限的虚拟机。此功能通过提供用户区主机防护以及客人隔离,显著提高 Ubuntu 中的虚拟化。
Uncomplicated Firewall
简单的防火墙
The Uncomplicated Firewall now has support for filtering by interface and egress filtering when using the ufw command. Documentation for ufw is also improved to help users better utilise the ufw framework and take full advantage of Linux netfilter's power and flexibility. See UbuntuFirewall#Features for a full list of features.
简单的防火墙(UFW)现在已经支持通过界面操作进行过滤,并且可使用 ufw 命令过滤外出连接。改进了的 UFW 的相关文档帮助用户更好地利用 ufw 框架并充分发挥 Linux netfilter(网络过滤器)的强大而灵活的优势. 请参阅 UbuntuFirewall#Features ,以获知功能特性的完整列表。
17
Non-eXecutable Emulation
不可执行内存保护模拟
Non-eXecutable (NX) memory protection, also known as eXecute-Disable (XD), has always been available in Ubuntu for any systems that had the hardware to support it and ran the 64-bit kernel or the 32-bit server kernel. The 32-bit PAE desktop kernel (linux-image-generic-pae) now also provides the PAE mode needed for hardware with the NX CPU feature.
“不可执行内存保护“(英文缩写NX),也叫执行禁止(英文缩写XD),原来只有Ubuntu的64位内核、32位服务器内核具备,并且需要相应的系统硬件支持。现在,32位的PAE桌面内核也能够为那些具备NX特性的CPU提供支持。
For systems that lack NX hardware, the 32-bit kernels now provide an approximation of the NX CPU feature via software emulation that can help block many exploits an attacker might run from stack or heap memory.
对于那些硬件上不具备NX特性的系统,该32位内核现在能通过软件模拟的方式提供近似功能,可以帮助锁定许多从内存栈(或堆)上运行的入侵行为。
Blocking Module Loading
模块装载锁定
To block the loading of any further modules after boot (generally for servers with unchanging hardware), the /proc/sys/kernel/modules_disabled one-way sysctl flag now exists to add another layer of protections against attackers loading kernel rootkits.
可以锁定启动后装入的任何模块(通常用于硬件配置固定的服务器)。在/proc/sys/kernel/modules_disabled 中提供了单向 sysctl 标记,为防止攻击者加载内核rootkits又增加了一层防护。
18
Position-Independent Executables
Position-Independent 可执行文件
Building on the work done in Ubuntu 8.10 and 9.04 to proactively protect Ubuntu from unknown threats by using strict compiler flags, more applications have been built as Position-Independent Executables (PIE) to take advantage of the Address Space Layout Randomisation (ASLR) available in the Ubuntu kernel.
通过使用严格的编译器标志,在 Ubuntu 8.10 和 9.04 上所做的构建工作可以主动保护 Ubuntu 远离未知的威胁,更多的应用程序被构建为 Position-Independent Executables (PIE),以便利用 Ubuntu 内核中现有的 Address Space Layout Randomisation (ASLR,地址空间布局随机化)。
In addition to the growing program list, PIE programs are now also built with the BIND_NOW linker flag to take full advantage of the existing RELRO linker flag. This results in PIE programs having fewer places in their memory that can be controlled to redirect program flow when an attacker attempts memory-corruption exploits.
除不断扩大的程序列表外,PIE 程序现在也用 BIND_NOW 连接器标志构建,以充分利用现有的 RELRO 连接器标志。当攻击者尝试利用内存溢出,这会使 PIE 程序内存中可用来控制程序流重定向的余地更少。。
19
Known issues
已知问题
As is to be expected at this stage of the release process, there are several known bugs that users are likely to run into with Ubuntu 9.10 Beta. We have documented them here for your convenience along with any known workarounds, so that you don't need to spend time reporting these bugs again:
正如预期的那样,发布进行到这个阶段时,用户在使用Ubuntu 9.10 beta中很有可能会遇到一些已知的 bugs。为了您的方便,在这里我们已经把它们写入文档并一道给出了一些已知的解决方法,这样您就不必要花费时间再次报告这些 bugs 了。
- Some users with Intel video chipsets will experience a black screen on reboot after install because the fbcon module is not being loaded. As a workaround, users can boot with the i915.modeset=0 option. Investigation of this issue is ongoing. (431812)
- 一些使用 Intel 视频芯片组的用户在安装完重启时会遇到黑屏,这是因为 fbcon 模块没有被加载。一个可用的解决方案是,用户在启动系统时可以附加 i915.modeset=0 选项。对这个问题的调查仍在进行中。
- If a RAID partitioning scheme is used during installation the grub boot loader will only be installed on the first hard drive instead of all the drives. Booting the system if the first drive has failed will not work. As a workaround users can manually install grub to each disk in the array using the grub-install command (427048).
- 安装系统时如果使用的是 RAID 分区模式, grup 启动管理器将只会被安装在第一个硬盘,而不是所有的(硬盘)驱动器。如果第一个硬盘启动失败,将不能启动系统。一个可用的解决方案是,用户可以使用 grub-install 命令手动安装 grub 到磁盘阵列的每一个磁盘
- Some users report that, in connection with the conversion of the base system to native upstart jobs, the system will fail to boot if the root partition has errors. As a workaround for this problem, users can boot from external media and run fsck manually. Investigation of this issue is ongoing. (432237)
- 一些用户报告说,在联接基本系统转换到本地 upstart 作业时,如果根分区出现错误,那么启动将会失败。这个问题的一个可用的解决方案是,用户可以从外部媒介启动系统,然后手动运行 fsck 命令。对于这个问题的调查仍在进行中。
- A bug in the boot-time ordering of NFS-related init scripts will prevent systems from booting if any "core" filesystems (including /usr or /home) are mounted over NFS. Users with such configurations are advised to wait for the Ubuntu 9.10 Release Candidate before ugrading. (431248)
- 任何的“核心”文件系统(包括 /usr 或 /home)如果是通过NFS的方式安装(挂载)的,在启动时排序与NFS相关的初始化脚本的一个bug将会阻止系统启动。建议有这样配置的用户等待 Ubuntu 9.10 候选版本发布后再升级。
- When performing an Ubuntu Enterprise Cloud setup from the Server CD, Eucalyptus components fail to automatically register the components. To solve this, immediately upgrade to the latest Eucalyptus packages after installation, and sudo restart eucalyptus. (438602, 439251).
- 使用 Server CD来安装 Ubuntu Enterprise Cloud(Ubuntu 企业云系统)时,Eucalyptus 组件不能自动注册到组件。为了解决这个问题,安装完系统后直接升级 Eucalyptus 软件包到最新版本,然后运行 sudo restart eucalyptus 命令。
- In the Ubuntu Moblin Remix developer preview, the sources.list in the live image and installed systems will miss the ~moblin PPA; you can add it manually for now (420048). Also, the web browser does not function correctly in the released image; a fix for this bug is available in the ~moblin PPA (439677).
- 在 Ubuntu Moblin Remix 开发者预览版中,live image 以及安装后的系统中的 sources.list(源列表)缺少 ~moblin PPA;现在你可以手动添加它。而且,在已发布的镜像中的 web 浏览器不能正常的工作,在 ~moblin PPA 中有这个bug的一个可用的修复。
20
Reporting bugs
报告漏洞
It should come as no surprise that this beta release of Karmic Koala contains other bugs. Your comments, bug reports, patches and suggestions will help fix bugs and improve future releases. Please report bugs using the tools provided.
Karmic Koala的Beta版中出现其他的漏洞应该是不值得惊奇的事。你的评论、漏洞报告、补丁和建议将会有助于修复漏洞并改进将来的版本。请用提供的工具报告漏洞。
If you want to help out with bugs, the Bug Squad is always looking for help.
如果你想要帮助解决漏洞,漏洞小组一直在寻求您的帮助。
Participate in Ubuntu 参与Ubuntu
If you would like to help shape Ubuntu, take a look at the list of ways you can participate at
如果你希望帮助改进Ubuntu,到以下地址查看您可以参与的方式:
http://www.ubuntu.com/community/participate/
21
More information
更多信息
You can find out more about Ubuntu on the Ubuntu website and Ubuntu wiki.
你可以在Ubuntu网站和Ubuntu wiki上找到更多关于Ubuntu的信息。
To sign up for future Ubuntu development announcements, please subscribe to Ubuntu's development announcement list at:
要接收将来的Ubuntu开发公告,请在以下地址订阅Ubuntu的开发公告。
http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-announce