
Product
Rubygems Ecosystem Support Now Generally Available
Socket's Rubygems ecosystem support is moving from beta to GA, featuring enhanced security scanning to detect supply chain threats beyond traditional CVEs in your Ruby dependencies.
Documentation - Repository - Issues
TuxRun, by Linaro, is a command line tool for testing Linux on the following virtual devices, using curated test suites.
TuxRun is a part of TuxSuite, a suite of tools and services to help with Linux kernel development.
[[TOC]]
Testing the Linux kernel is as simple as using QEMU but it gets complicated when you want to support the following combinations:
Architectures (arm64, armv5, armv7, i386, mips32, mips32el, mips64, mips64el, ppc32, ppc64, ppc64le, riscv64, s390, sh4, sparc64, x86_64)
Emulation systems (QEMU or FVP or AVH)
Tests (every test suite has dependencies on the rootfs)
Each of those items requires specific configuration and root file systems. In order to allow for reproducible tests, TuxRun uses containers runtimes (Docker or Podman).
There are several options for installing TuxRun:
To use TuxRun, compile your own linux kernel for arm64, for example using TuxMake.
Then call tuxrun:
tuxrun --device qemu-arm64 --kernel /path/to/Image
TuxRun will automatically start qemu-system with the right arguments and the right root filesystem.
TuxRun uses TuxLAVA library to generate LAVA job definition files.
Known issues when booting on different virtual platforms.
Boot test a mipsel kernel at https://mykernel.org/vmlinux:
tuxrun --device qemu-mips32el \
--kernel https://mykernel.org/vmlinux
Running ltp-smoke:
tuxrun --device qemu-mips32el \
--kernel https://mykernel.org/vmlinux \
--test ltp-smoke
Using a custom root file system
tuxrun --device qemu-mips32el \
--kernel https://mykernel.org/vmlinux \
--rootfs https://mykernel.org/rootfs.tar.xz
FAQs
Command line tool for testing Linux under QEMU
We found that tuxrun demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket's Rubygems ecosystem support is moving from beta to GA, featuring enhanced security scanning to detect supply chain threats beyond traditional CVEs in your Ruby dependencies.
Research
The Socket Research Team investigates a malicious npm package that appears to be an Advcash integration but triggers a reverse shell during payment success, targeting servers handling transactions.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.