Glossary
This glossary provides definitions for Garden Linux-specific terminology. If you would like to contribute additional terms or improve existing definitions, please visit our contributing guide.
Jump to: A · B · C · D · E · F · G · I · K · L · M · N · O · P · R · S · T · U · V
A
ADR (Architecture Decision Record)
A document that captures an important architectural decision made about the Garden Linux system. ADRs provide context, rationale, and consequences of decisions. Garden Linux stores ADRs in the reference/adr section. See ADR-0001 for more background on why Garden Linux uses ADRs, and Documenting Architecture Decisions by Michael Nygard for the original concept.
Architecture
The processor architecture for which a Garden Linux image is built. Supported architectures include amd64 (x86-64) and arm64 (ARM 64-bit). The architecture can be specified as the last component of a build flavor string, e.g., kvm-python-amd64. See Architecture documentation for details on Garden Linux system design.
AWS
Amazon Web Services. One of the major cloud platforms supported by Garden Linux. Garden Linux provides AWS-specific images through the aws platform feature with cloud-init integration and AWS-specific kernel modules. See AWS platform guide and AWS first boot tutorial for usage details.
Azure
Microsoft Azure. A major cloud platform supported by Garden Linux through the azure platform feature with platform-specific image configurations and optimizations. See Azure platform guide and Azure first boot tutorial for usage details.
B
Bare Metal
A platform target for Garden Linux images designed to run directly on physical hardware without a hypervisor through the baremetal platform feature. Also referred to as metal in build configurations. See Bare Metal platform guide and Bare Metal first boot tutorial for usage details.
Builder
The gardenlinux/builder component that creates customized Linux distributions. The builder is a separate project maintained by the Garden Linux team and is used to build Garden Linux images with specific flavors and features. See Building Images documentation for practical guidance, ADR-0020 for details on platform enforcement in the builder, and ADR-0031 for the builder-GLCI interface design.
Build Flavor String
The hyphenated string used with the ./build command that specifies the platform, features, and optionally the architecture for a Garden Linux image. Format: ${platform}-${feature1}-${feature2}-${arch}. Examples: kvm-python_dev, aws-gardener_prod-amd64. See Building Flavors guide for detailed instructions.
C
CIS (Center for Internet Security)
A framework providing security configuration benchmarks. Garden Linux offers optional CIS compliance through the cis feature and related sub-features (cisAudit, cisModprobe, cisOS, cisPackages, cisPartition, cisSshd, cisSysctl). See ADR-0017 for details on the CIS feature implementation and ADR-0029 regarding SELinux in permissive mode for CIS compliance.
Cloud Image
A Garden Linux image optimized for cloud platforms (AWS, Azure, GCP, etc.) with cloud-init support and platform-specific configurations. See Image Types documentation and Image Formats reference for more details.
Container Image
A Garden Linux image packaged for use with container runtimes. Available through GitHub Packages at ghcr.io/gardenlinux/gardenlinux. See Image Types documentation for more details.
D
Debian
The upstream Linux distribution on which Garden Linux is based. Garden Linux is a Debian GNU/Linux derivative that provides customized, auditable images with a focus on cloud and security features.
Dependabot
GitHub's automated dependency update tool. See ADR-0003 (later reverted by ADR-0018) for the history of Dependabot usage in the builder project.
Distribution
Refers to a Garden Linux release or version. See ADR-0002 which establishes that distributions can never change retroactively, ensuring stability and reproducibility.
dracut
The initramfs infrastructure used by Garden Linux to generate the initial RAM filesystem. Garden Linux uses dracut-generated initramfs instead of initramfs-tools used by standard Debian.
E
Ephemeral
Refers to the _ephemeral feature that configures Garden Linux for stateless operation where no persistent state is maintained between reboots.
F
Feature
A modular component that adds specific functionality to a Garden Linux image. Features are defined in the features/ directory. Features prefixed with an underscore (_) are internal/private (e.g., _secureboot, _dev), while features without a prefix are public (e.g., cis, gardener, python). See Flavors and Features documentation for an overview, and ADR-0032 for details on feature test coverage analysis.
FedRAMP
Federal Risk and Authorization Management Program. Garden Linux provides an optional fedramp feature for US federal compliance requirements.
FIPS
Federal Information Processing Standards. The _fips feature enables FIPS 140-2/140-3 cryptographic module compliance in Garden Linux.
Firecracker
A lightweight virtual machine monitor (VMM) for running microVMs. Garden Linux historically supported Firecracker as a platform. See ADR-0012 for details on why Firecracker support was discontinued.
Flavor
A specific combination of a platform and one or more features that defines a complete Garden Linux image configuration. Flavors are expressed as hyphen-separated strings, e.g., kvm-python_dev or aws-gardener_prod-amd64. The platform must come first, and the architecture (if specified) must come last. See Flavors and Features documentation, Choosing Flavors guide, and Flavor Matrix reference for more details.
G
Garden Linux
A Debian GNU/Linux derivative designed to provide small, auditable Linux images for cloud providers and bare-metal machines. Garden Linux is optimized for Gardener nodes and provides extensive customization through features. See Design Decisions, Use Cases, and Security Posture for more information.
Gardener
Gardener is a Kubernetes-based platform for managing clusters across multiple cloud providers. Garden Linux is the recommended operating system for Gardener worker nodes through the gardener feature. See Gardener platform guide for integration details.
GCP
Google Cloud Platform. A major cloud platform supported by Garden Linux through the gcp platform feature with platform-specific configurations. See GCP platform guide and GCP first boot tutorial for usage details.
GitHub Actions
GitHub's continuous integration and deployment platform. Garden Linux uses GitHub Actions for automated testing and building. See ADR-0028 for the decision to pin GitHub Actions to specific SHA hashes for security and reproducibility.
GLCI
Garden Linux Continuous Integration. See ADR-0031 for details on the builder-GLCI interface design.
GLVD
Garden Linux Vulnerability Database. A system for tracking and managing security vulnerabilities in Garden Linux packages and images.
Go Dependencies
Garden Linux uses Go for various tools and components. See ADR-0004 for the decision to vendor Go dependencies.
I
Image Type
The format and target deployment method for a Garden Linux image, such as cloud images, container images, virtual machine images, or bare-metal images. See Image Types documentation and Image Formats reference for detailed information.
Immutable
Refers to the optional immutable image feature where the root filesystem is read-only to prevent modifications and ensure system integrity.
initramfs
Initial RAM filesystem. Garden Linux uses dracut to generate the initramfs, which is loaded by the kernel during the boot process before mounting the root filesystem.
K
Kernel
Garden Linux runs the latest Long Term Support (LTS) kernel from the Linux kernel project, providing up-to-date hardware support and security patches.
KVM
Kernel-based Virtual Machine. A Linux kernel module that provides hardware virtualization capabilities. The kvm platform feature is a common target for Garden Linux images used in virtualized environments.
L
Lima (Linux Machines)
A tool for running Linux virtual machines on macOS and Linux hosts. Garden Linux provides official Lima images that can be launched with limactl. See ADR-0023 for details on Lima image download mechanisms and ADR-0024 for the decision to promote Lima images to official status. Also see Lima documentation for more details.
LTS Kernel
Long Term Support kernel. Garden Linux uses LTS kernel versions that receive extended security updates and bug fixes from the Linux kernel maintainers.
M
Major Version
The first number in Garden Linux's semantic versioning scheme (e.g., the "2017" in "2017.0.0"). Major versions may include breaking changes or significant architectural shifts. See ADR-0011 for the complete versioning strategy.
Metal
See Bare Metal.
Minor Version
The second number in Garden Linux's semantic versioning scheme (e.g., the "0" in "2017.0.0"). Minor versions typically add features or improvements in a backwards-compatible manner. See ADR-0011 for details.
N
Nightly Release
Automated builds of Garden Linux that occur on a regular schedule from the latest development code. Nightly releases are tagged as nightly and do not include maintenance commitments or updates. They are intended for testing and feedback, not production use.
O
OCI
Oracle Cloud Infrastructure. A supported cloud platform for Garden Linux.
OpenSSL
The cryptographic library used by Garden Linux. Garden Linux uses OpenSSL 3.5 by default.
OpenStack
An open-source cloud computing platform. Garden Linux provides OpenStack-specific images through the openstack platform feature.
P
Patch Version
The third number in Garden Linux's semantic versioning scheme (e.g., the "0" in "2017.0.0"). Patch versions contain backwards-compatible bug fixes and security updates. See ADR-0011 for details.
Platform
The target deployment environment for a Garden Linux image. Platforms include cloud providers (AWS, Azure, GCP), virtualization technologies (KVM, VMware), and physical hardware (bare metal). The platform is always the first component in a build flavor string. See ADR-0020 for details on platform enforcement.
Podman
A daemonless container engine for developing, managing, and running OCI containers. Garden Linux uses rootless Podman by default for building images, though other container engines can be used with the --container-engine flag.
PR References
Pull Request references in commit messages. See ADR-0014 for the requirement to enforce PR references in commits.
python-gardenlinux-lib
The python-gardenlinux-lib repository containing Python libraries and utilities for working with Garden Linux. See ADR-0030 for the architectural decision to create this library.
R
Release
A stable, versioned distribution of Garden Linux following semantic versioning. Releases are published on GitHub Releases and GitHub Packages. See ADR-0011 for the versioning strategy and ADR-0015 for the policy on backports from stable branches.
Rootless Podman
Running Podman without requiring root privileges. Garden Linux builds use rootless Podman by default, enhancing security by avoiding privileged operations during the build process.
S
Secure Boot
A security feature that ensures only trusted software can boot on a system by verifying digital signatures. Garden Linux supports Secure Boot through the _secureboot feature. See ADR-0005 for details on Secure Boot keys in GLCI, and the Secure Boot documentation for usage details.
SELinux
Security-Enhanced Linux. An optional security feature available through the _selinux feature that provides mandatory access control (MAC) security mechanisms. See ADR-0029 for the decision regarding SELinux in permissive mode for CIS compliance.
Semver
Semantic Versioning. Garden Linux follows the semver specification (MAJOR.MINOR.PATCH) starting with version 2017.0.0. See ADR-0011 for the complete versioning strategy and semver.org for the specification.
STIG
Security Technical Implementation Guide. Garden Linux provides optional STIG compliance through the stig and stigDev features, based on DISA (Defense Information Systems Agency) security standards.
systemd
The system and service manager used by Garden Linux. Garden Linux is purely systemd-based, using systemd-networkd for networking, systemd for service management, and other systemd components. See ADR-0019 for the decision to standardize on systemd timers, and ADR-0027 regarding the removal of systemd-rc.
T
test-ng
The testing framework used by Garden Linux for comprehensive system testing. See ADR-0006 (new test framework), ADR-0007 (non-invasive testing), ADR-0008 (unified test logic), ADR-0010 (incremental migration), ADR-0016 (minimal host dependencies), ADR-0021 (tiger tool usage), ADR-0022 (system state diffing), and ADR-0026 (when-to parsers) for comprehensive details on the test-ng architecture and design decisions.
TPM2
Trusted Platform Module 2.0. A hardware-based security feature that can be enabled with the _tpm2 feature for secure key storage and system integrity verification.
Trusted Boot
An extension to Secure Boot that provides additional system integrity verification throughout the boot process. Garden Linux supports Trusted Boot through the _trustedboot feature.
U
Unit Tests
Automated tests that validate the correct functionality of a Garden Linux image after it's created. Unit tests verify that the image contains expected packages, configurations, and behaviors. See ADR-0013 for the decision to discontinue certain package must-have tests, and ADR-0025 for the decision to disable debsums tests.
V
Virtual Machine Image
A Garden Linux image formatted for use with hypervisors like KVM, VMware, or cloud platform virtualization systems.
VMware
A virtualization platform supported by Garden Linux. Garden Linux provides VMware-specific images through the vmware platform feature, including support for OVA (Open Virtual Appliance) format.