ROSA Linux has no less than seven variants:
- ROSA Enterprise Desktop X 1 is recommended for use in a corporate environment and is designed to equip the workstations and servers without special requirements for information security;
- ROSA Enterprise Linux Server is, in fact, yet another clone of RHEL with some additions from the corporate variant of Mandriva;
- ROSA Desktop Fresh is the most recent distribution that contains the latest improvements from the developer;
- ROSA CHROME is a distribution certified by the Russian Federal Service for Technical and Export Control (FSTEC of Russia) and is designed for work with the state secrets;
- ROSA NICKEL has the similar purpose as the previous variant, but it is certified by the Russian Defense Ministry;
- ROSA COBALT is certified by FSTEC of Russia, including for the work with personal data.
Unfortunately, the last three distributions are not publicly available, and there is no point to talk about ROSA Enterprise Desktop and Server, so this article will focus on the recently released ROSA Desktop Fresh R5.
Here is a brief list of software included in this distribution:
- LTS kernel 3.14 with BFQ scheduler;
- Firefox, both version 32 and version ESR 24.8.0 available in the repository;
- LibreOffice 4.3.1;
- ‘contrib’ repository also contains the test assembly of Fresh Player Plugin which allows you to use Pepper Flash plugin from Chrome in Firefox and other browsers.
As its main desktop, the system uses KDE 4 with some additions from the developer. Of course, there is an option with LXDE, but we will not discuss it. The default file system is ‘ext4’, which, by modern standards, seems somewhat old-fashioned.
Recently, the developers of this distribution have switched to a 6-month release cycle. However, it’s time to start installing the system.
When you run the distribution, you can select between Live DVD and standard installation. We will discuss the standard installation and then go back to Live DVD mode. After you select the appropriate item and load the installer (while it is loading, the screen will display a nice-looking ROSA logo), you will be prompted to specify the language. This should not be a problem. After that, accept the license agreement. Here comes the first surprise. The installer has no ‘Back’ button. There are only ‘Cancel’ and ‘Next’. This looks like a really ridiculous error made by developers — there are situations when this button is vital.
Next, follow the steps for selecting keyboard, layout switch, time zone, there is nothing particularly notable here. But it is worth describing in more detail the manual partitioning of the disk. After you select ‘Manual partitioning’, the system will display a warning that you need to back up your data. This would be all right but this sentence in Russian looks strange and I had an impression that it was translated by an automatic translator.
In the manual partitioning mode, you have three available buttons: ‘Clear all’, ‘Place automatically’ (that too looks a bit odd — probably the word ‘place’ means ‘partition’) and ‘Expert Mode’. In the Expert Mode, you can select the file systems (by default, everything is formatted to ext4). The standard partitioning for a 32 GB disk is as follows: ‘root’ partition (16 GB), ‘swap’ (1.7 GB) and ‘/home’ for the rest. If you take a close look at the list of available file systems, you will notice that it is suspiciously extensive. However, if you look even closer, it turns out that this list is nothing but a reprint of file system types (without their codes) from the good old ‘fdisk’. This does no credit to the developers.
After this, the installation begins immediately, there are neither warnings, nor selection of packages. During the installation, you will have to watch some advertising. Fortunately, this does not take a long time. Next, you need to select the boot loader parameters. Once you have configured (and installed) it, you need to set the root password. Surprisingly, at this point, you can set a single-character password, the installer will just mark this with an open lock without any prompt.
The next step is to create a new user. It all seems OK… but during the installation, you can create only one user. Next, you can specify the host name. The last step before rebooting the system is to select services that run at startup. ‘Sshd’ is disabled by default. I wish that the developers provided a more clear description for the latter, since not all novice users may know what it is.
If you boot the system in Live DVD mode, the initial configuration steps (up to the time zone) will be absolutely identical. Next, after a short wait, you will see a pristine KDE desktop with the panel. Of course, it looks aesthetically pleasing but, good gracious, how a beginner user (and this distribution is designed for them, too) can guess that in order to install it, he/she needs to click the bottom left icon, select ‘Applications’ and find there ‘Live Installer’? Wouldn’t it be better to place it on the desktop, as in Ubuntu? In addition, when you run simultaneously, for example, the installer and the browser, the former will hang after a while.
And now let’s move from installation to the use.
First Start and Impressions
After reboot (it is worth noting that the DVD is not ejected automatically), the system will display the localized Grub 2, menu which, by the way, has no mention of any recovery mode — although this may be useful for beginners to Linux. It took about 23 seconds for the system to display the login screen. This screen looks pretty spectacular and, at the same time, not overloaded with unnecessary options.
After login into the system, you will discover that the desktop (just like in Live DVD mode) is absolutely clean — there are only a few icons huddled together in the lower corners. I would like to note that when you hover the mouse over most of the icons this will display a hint — but when you do this over ROSA icon, there is no hint whatsoever.
After you click this icon, the system displays Simple Welcome, a feature designed by ROSA team and which, according to the developers, is intended for convenient grouping of applications. In reality, this feature is suspiciously reminiscent of a similar tool in Ubuntu Unity — it has the same search box, the same arrangement of icons…
TimeFrame is another feature designed by developers’ team. This is a tool that allows you to keep track of when and what files you have opened. Also, it allows you to view video in a thumbnail and, for some reason, there is integration with social networks (including Vkontakte). It all looks pretty attractive, but if you use the distribution seriously, you will miss the ability to change time scale.
Another thing that hits you in the eye is that, occasionally, Simple Welcome would fail to show some of the applications installed in the system. This means that the procedure for starting an application, which is not available in the standard set provided by this launcher, may become a non-trivial task for beginners.
But then you see a red indicator light up in the right corner — new updates are available. When you click the icon, the system displays a box with a list of updates. The box is noteworthy by only one thing — its title (in particular, the button for closing the box) evokes the Windows (starting from Windows 7). Updating does not require any password and, if after its completion the system needs to restart, it will display a message indicating specific packages that require the reboot. You may need to update twice — the first time, it will affect the manager of repositories and packages, and the second time, all the rest.
The set of programs is standard for this kind of distributions and includes Firefox, LibreOffice and also k3b (given that ROSA is based on KDE). Firefox has no problem in handling Flash — the Flash Player (even though its version is quite old because of Adobe’s policy) is available in the system. If you need a more recent version of Flash Player, you can install a ‘freshplayerplugin’ package, which enables you to use the player included with Chromium.
LibreOffice takes about 7 seconds to start, which is a long time, if we compare it, for example, with Ubuntu. I didn’t notice any specific differences with ‘official’ LibreOffice. As its e-mail client, the system uses Thunderbird, which needs no special presentation.
As a PDF viewer, it uses Okular, which also allows you to view other formats such as FB2 (no doubt, this will please those who love reading on the computer).
The distribution is also good in terms of its multimedia capabilities, it has no problem in playing back the video and MP3 (in case of MP3, I didn’t notice any problem with encodings). This is not surprising, since the distribution is Russian and does not fall under the US patent restrictions.
As for the entertainment, the repositories have many games. There is even Doomsday, one of ported versions of Doom, which is pretty good and requires (like all other ported versions) the original WAD files. And, if you want to play some other retro game, the DOSBox is at your service.
As its BitTorrent client, the system uses Ktorrent. It opens automatically the torrent files downloaded by Firefox, as well as the magnet links. Ktorrent has many settings from bandwidth to encryption.
In this distribution, Dolphin, the KDE file manager, is above all praise. Not only does it look pretty good in the distribution, but it also has no problems in browsing the Windows network — and this is despite the fact that such problems occur in some distributions from major developers. Moreover, this is the first distribution, where I found ACL support in the standard file manager, although the distribution is not intended for corporate use. However, there is a fly in the ointment — when you install ACL, Dolphin does not check whether they are supported in this file system and, if there is no such support, it does not display any message about it.
As a front-end to Network Manager, the system uses Plasma NM, which supports many types of connections — from Wi-Fi to OpenVPN. By the way, in case of Wi-Fi, there is one particular aspect. If you connect directly from Plasma NM, the passwords are not stored. To store them, you need to specify the passwords in the settings. This can be useful if you travel a lot and don’t want to clutter up your laptop with unnecessary network settings.
[efspanel style=”” type=””]
Installing Skype in ROSA Linux
ROSA repositories also include Skype. To install it in 64-bit Linux distribution, execute the following commands:
# urpmi add32to64media
# urpmi --auto-update
# urpmi get-skype
# urpme add32to64media
Now, you can safely use it to make calls.
There are also the graphical configuration tools. However, for unknown reasons, most of them can be called only from the command line. Since the distribution is actually the successor of Mandriva (which, in turn, was the successor of Mandrake), all names of configuration tools begin with ‘drak’. For example, to start the configuration of certain things related to security, you need to enter ‘draksec’, and to search in logs, ‘drakkog’.
And now we are smoothly moving to internal workings of this distribution.
What is Inside?
Kernel and Initialization System
As its kernel, the system uses LTS 3.14. But the name of default kernel includes ‘nrj’. This means that the kernel is optimized — in particular it uses BFQ I/O Scheduler and operates in soft real-time. In addition, the desktops, laptops and netbooks use different kernels with various scheduler timings.
The repositories also have other kernels — both ‘plain vanilla’ and those for servers.
As the initialization system, this range of distributions uses ‘systemd’, which means abandoning old ‘service’ and ‘chkconfig’ utilities and switching to ‘journald’. At the same time, ‘drakxservices’, a GUI utility, still runs the old tools.
Here the distribution looks very standard — the interfaces have the same names as in the old days, and the connectivity is provided by the Network Manager. The only difference is that Shorewall is used as wrapper around ‘iptables’. It deserves a more detailed description.
Strictly speaking, this is the wrapper not only around ‘iptables’ but also around ‘tc’ and ‘ip’ utilities (included in ‘iproute2’). It supports many interesting features (such as Multi ISP when you have several providers, in case of conventional ‘iptables’, this may complicate the configuration), adds an abstraction level, is relatively easy to configure, and even allows to write your own modules.
As GUI, you can use ‘drakfirewall’, but this tool has a limited functionality, which does not even reflect a slight fraction of Shorewall features.
As a successor of Mandriva, the distribution uses ‘urpmi’, which supports the installation of packages both from external repositories and package files (in this case, unlike the usual ‘rpm’, it will attempt to resolve the dependencies).
For searching, you can use ‘urpmq’. In this case, please remember that, by default, when the package name matches the information specified in the search box, the system shows only that package. To display all packages, use ‘–fuzzy’ option. For example, the command
'# urpmq libreoffice'
will show only the package named ‘libreoffice’, but the command
'# urpmq --fuzzy libreoffice'
will show, among other things, the localized packages.
There is also a feature similar to recovery points in Windows. It is provided by the command ‘urpmi.recover’. In order to begin monitoring the status of the system, run the command:
# urpmi.recover --checkpoint
It tells the package management system to track the installed packages and, if necessary, place the old versions of packages in the directory ‘/var/spool/repackage’. To roll back, you can use the following command:
# urpmi.recover --rollback "2014-12-20 12:00:00"
By default, the system uses the number of seconds since the UNIX epoch, but you can also specify the time in the above format. You can even run the following command:
# urpmi.recover --rollback "1 day ago"
To disable tracking (and clean the package cache for downgrade), use the following command:
# urpmi.recover --disable
There is also ‘rurpmi’ command intended to run from a non-privileged user under ‘sudo’. It limits the installation only to signed packages, prevents the installation of local packages and also prohibits their forced installation.
As GUI, the system uses ‘drakrpm’, which by its minimalism is very reminiscent of PackageKit, a similar tool from Red Hat. It can be used to call the repositories management (in the terminology used by ROSA Linux, they are called ‘sources’). However, the implementation of search is rather unintuitive. To find a package, you must first specify ‘All’ as the search scope.
As its MAC, ROSA Linux (at least, its Fresh Desktop lineup) uses Tomoyo, a protection system, developed in Japan since 2003 under the direction of NTT DATA. Currently, it has two branches — 1.8 and 2.5. They differ quite significantly. The second branch uses standard LSM functions, which allowed to include it in the main branch of kernel. It is this second branch that is used in the distribution.
Unlike SELinux, Tomoyo does not use extended attributes of file system — all files accessed by the application should be specified in the policy files. And for each application, the system may apply an option set called the profile. It allows you to specify which security settings should be monitored.
In addition, Tomoyo has conditionals, though there are not so many test conditions. For example, the following lines in the policy editor indicate that for the process ‘/bin/dd’ running from ‘bash’, it is allowed to read block devices, if ‘uid’ is equal to ‘0’:
<kernel> /bin/bash /bin/dd file read /dev/* pathl.type=block task.uid=0
In addition, to facilitate the creation of policies, Tomoyo has a learning capability. That is, when you start the program, you can run it through the typical tasks and define the rules based on the log files.
The repositories have a graphical configuration utility, but it is unusable. There are no policy files in packages related to Tomoyo, even though the package is officially supported by ROSA team.
Among the instruments related to security, it is also worth mentioning the utility ‘draksec’, which sets the password rules for configuration tools.
Of course, it is absurd to compare the distribution from a Russian developer with such giants as RHEL, Ubuntu or SUSE (even though it is the successor to Mandriva). Nevertheless, it is quite suitable for a Russian user with average knowledge on how to configure Linux — it has an office suite and browser, and there is nothing else needed.
For other user categories, its deployment seems debatable. The distribution would suit a beginner, but… there are some minor drawbacks (for example, an absolutely clean desktop may confuse someone who wants to switch to Linux form another desktop OS). More experienced users may find some features of this distribution unusual.
This includes, of course, the manager of repositories. Once, when ‘yum’ was still in its infancy, and Ubuntu wasn’t even at the designing stage, ‘urpmi’ was a very useful utility. However, now it looks a bit archaic; besides, there are extremely few repositories that could be used with it. On the other hand, the distinctive feature of a modern distribution is the availability of its own repository. Otherwise, it is simply a clone.
Security leaves much to be desired. The choice of the little-known (though included in the kernel) LSM Tomoyo, which, in addition, has no predefined policies, looks at least strange. This can be attributed to the fact that this distribution is desktop-oriented but, in such case, including this package in the repository doesn’t make sense.
Summing up, ROSA Linux Fresh Desktop produces mixed feelings. It could be recommended to those who once worked with Mandriva or want to support domestic developers. Everyone else should treat it with caution.