JeOS = "Just enough Operating System"
The Orange JeOS Project Manifesto 1.3 21 Dec 2008
1. Use Stock RPMs
2. Support Limited Stock Repositories
3. Use a Stock Kernel
4. Support Limited Networking
5. Limited Drivers
6. Limited Services
7. SELinux Support
8. Improved Security
9. RPM and Yum Support
10. Python and Bash Included
11. Minimal Hardware Requirements
12. Installable from a CD-ROM
13. No Fluff
We believe that Orange JeOS ("Juice") should provide just enough of a foundation to allow the software or hardware appliance maker the necessary core Linux services and drivers to power their appliance.
This includes a stock CentOS Linux 2.6.x Kernel core, core CentOS functionality (such as yum /RPM support, python 2.4, lvm2, bash, ext3 filesystem support, SELinux and iptables).
Ethernet networking and a limited set of NIC drivers will be supported, as well as IDE, SATA and SCSI bus support. Bluetooth, Wireless, and IRda are not supported.
Vim is supported as the default system editor and cron and NTP are supported for consistancy.
Secure computing is supported with SELinux, iptables, sudo, sshd, and limited IPv4 support.
Security is a huge issue for Orange JeOS and one of the major security enhancements is the reduced OS footprint, which results in a reduced attack surface. Another factor in the Orange JeOS security lockdown is the support of the NSA SNAC Security Guidelines via the NSA-lockdown tool (see the coverage table). Much of this additional security coverage is due to the limitation of packages installed and the modification of default configuration settings.
Appliances do not usually need dialup or Bluetooth or audio/voice support, so all of these have been removed. Also removed have been RAID, G2FS, NTFS, RiserFS, SMB, hal, IPv6, system documentation, dbus, Avahi, DHCP, printing & CUPS, scanner support, NetworkManager, NFS, VNC, NIS, telnet, FTP, HTTP, Wireless, SNMP, irda, java, iSCSI, and smart card support.
Orange JeOS has been designed so that any package or functionality required by the applicance builder (and currently supported by CentOS) will be available to customize a standard Orange JeOS install/image usinge standard yum/rpm tools and repositories.
Appliance building consists of the following phases:
(this is where Orange JeOS comes in!)
These should be in RPM format and installable from a local or public repository.
We again recommend RPM package format for any custom packages/applications that need to be installed.
Minimal hardware:
Appliances should be able to operate on minimal hardware. Orange JeOS Core is designed to run on a Intel Pentium (x686) with 128 MB RAM and a 1 GB IDE hard disk.
This will allow support for Solid State Disk (SSD) storage and the ability to run a low power appliance without moving parts.
USB HIDD devices (like keyboards and mouses/mice) will be supported but USB storage or networking devices will not be supported.
A primary requirement is that the install image (with appliance additions) be able to fit on and install from a single boot CD-ROM.
We are in the planning stages to support the PowerPC (ppc) and MIPS CPUs in the future.
All Orange JeOS images and build tools are open source software distributed under the terms of the GNU General Public License.
