Microsoft has recently announced developments related to the Azure Linux 4 distribution, marking a significant departure from the previous Azure Linux 3 branch. Azure Linux 4 has been redesigned and now utilizes packages from the Fedora 43 distribution kit, as opposed to its own package base. While Azure Linux was previously positioned as a platform for Linux environments in cloud infrastructure and other Microsoft services, the new Azure Linux 4 is being presented as a secure and reliable general-purpose operating system optimized for the Azure cloud. It can be used in various environments such as virtual machines, containers, WSL environments (Windows Subsystem Linux), and even as the main OS on computers.
Although Azure Linux 4 is still under development, it is advised to use the Azure Linux 3 branch for production implementations. While ready-made builds are not yet available, instructions for assembly can be found here. Distribution-specific changes are provided under the MIT license.
One of the notable changes in the creation of Azure Linux 4 is the shift from forking Fedora to a declarative approach. This approach involves rebuilding RPM packages with necessary changes and settings from the standard Fedora repositories using TOML format configuration files. Additional functionality is defined in overlays, which specify Azure Linux-specific package spec files based on SRPM packages from Fedora Linux.
The package unit in Azure Linux 4 is the “components,” which are imported from Fedora and can generate one or more RPM packages. All components are built from source code to ensure security and reliability. To generate the resulting RPM packages, the azldev toolkit, written in Go language, is used.
Azure Linux 4 boasts a range of features, including a Linux kernel with optimizations, protection against attacks through dependencies, predictable support and update cycles, built-in integration with Azure cloud, and enhanced security measures. The build system of Azure Linux 4 allows for the generation of installation environments with RPM packages and monolithic system images using the rpm-ostree toolkit. Two update delivery models are supported: updating individual packages or rebuilding and updating the entire system image.
Regarding security measures, Azure Linux incorporates various strategies such as filtering system calls using the seccomp mechanism, encryption of disk partitions, and package verification using digital signatures.