IR/AE v0.0.7.1 Amendment: actually we're not doing that whole thing with locked down mounts I'm keeping the fstab around for future use, but for now that technology is not easily achievable --- IR/AE v0.0.7 Remember in v0.0.2 when we made ALL of /etc and /var have rw+exec+suid? This update reverts that behaviour, because it was a security vulnerability. Instead, we do something much more paranoid - we draw inspiration from OpenBSD's pledge syscall, but kinda in reverse. With pledge, you signal what behaviours you need as your program starts up, gradually dropping privs as they are no longer required. With the IRAE startup sequence, we start with the bare minimum of privs - root has noexec,nodev,nosuid - and then give exec/dev/suid privs where needed. In our case, only the directories /etc/runit,/usr/bin,/usr/lib,/usr/libexec get exec, and even then they don't get suid. Among the few programs that do request suid privs in a base Linux install, about a quarter get denied those privs because those programs are either outdated or have other ways to be run with modified privs. Something pledge does have that IRAE doesn't is the ability to lock the program from making any more pledge calls, stopping a potentially compromised program from modifying its privs. We could accomplish this by stopping the kernel from mounting ANY new filesystems, but this obviously gets in the way of day-to-day tasks like mounting USB drives, or setting up containers. I'm not sure how to address this behaviour. As far as I know, Linux has no way to restrict mounts to *only* a particular part of the filesystem - ideally we would only allow new mounts in /mnt and /home - which might be possible with a highly custom SELinux module but is currently too complicated for now. The other big thing we did was fully add our initrd infra - codenamed init3 to the base IRAE image. init3 can be found in the directory /initrd --- IR/Abigail Everlasting v0.0.6 Second Edition Building a kernel and initrd required to boot the system is now considered within the scope of IRAE, expect infra in the next update Added packages: * pax-utils - provides the lddtree utility, which is used for our intrd infrastructure * busybox - general shell for initrd We REPLACED ConsoleKit2 with elogind, because CK2 hasn't been maintained since 2017 --- Abigail Everlasting v0.0.6 First Edition Added the following packages to a default install: * vsv - a simple runit service manager, similar to systemctl on systemd * NetworkManager-{openconnect,openvpn,strongswan,pptp} - support for VPNs in NetworkManager * gnome-ssh-askpass - a simple GTK askpass program, meant so that people using encfs can get a nicer password dialog * podman - Container manager PodMan is the big package there - it should allow unprivileged containers, opposed to a traditional chroot, which requires root privs to bind-mount appropriate filesystems and exec the chroot syscall. Unprivileged containers are needed because some software should not necesarilly be flatpak'ed - common command line tools, or virtual machine managers (libvirt), or software that needs suid. Flatpak is a wonderful application format, but not a catch-all solution. By leveraging podman, we can set up an unprivileged traditional package-based Linux environment while keeping the host system immutable. This release is also the first to use the 20191109 tarball --- Abigail v0.0.5.9 Few major changes since 0052 Last update before 006 --- Abigail v0.0.5.2 Added xtools for if some folx want to build Void packages Might use this to transition mtowards using our own custom-built pkges --- Abigail v0.0.5.1 Added lvm2 to pkgs because I have the big dumb --- Abigail v0.0.5 Refined the build system a little bit, so that /rw would be automatically created, and also (hopefully) got LightDM to work on startup --- Abigail v0.0.4.9 Updated version of 0.0.4 Mostly involved adding some stuff for pulseaudio, no major changes --- Abigail v0.0.4 Went back to using Void as a base system, and kept the /.pkgs /.svcs files from 0.0.2 The build process was further automated by the file /.build, and patches were added to the directory /.patches An xfce4 desktop was packaged in this release, but users are free to compile other desktops as they like The biggest change was that we reverted to using glibc over musl. musl presented some interesting challenges, and hohnestly there's not much reason to use it anyways. --- Abby v0.0.3-kiss Third prototype. Experimented with using KISS Linux as a base instead of Void. Kiss retained many of the benefits of Gentoo, without the USE-based dependency hell that bootstrapping from Gentoo (which I tried originally) involved. Kiss was dropped due to having too few packages in its repos, and due to Flatpak failing to compile. This release was relatively insignifigant. --- Abyssal Penguin v0.0.2 Second prototype! The previous version booted fine, but NetworkManager failed to work and xorg (granted, I'm testing this on a nvidia system) would always do the black-screen-no-response-cursor thingy The build process was improved, I added the files /.pkgs and /.svcs, which describe the packages used to build the base system, and the services enabled in the base system, respectively As such, most of the build process consists of two bash for-loops. The file /etc/runit/core-services/03-filesystems.sh still needs fixing. I opened an issue with upstream Void We switched to using musl-based Void Finally, the biggest change is that the entirety of /etc and /var is now mutable. This was decided after I took a look at how Fedora Silverblue was doing their OS; it should hopefully result in less fuckery, and means I won't have to rebuild the rootfs every time I find /another/ directory that needs rw From a security standpoint, this opens up a few new theoretical attack vectors, but given that you still need root to write to /etc or /var, it shouldn't be too big a deal --- Abyssal Penguin v0.0.1 Prototype! I think I have a working rootfs now TODO: automate the build process BUILD: extract voidstrap tarball update it install: NetworkManager acpi acpid encfs gpm base-devel linux lm_sensors openntpd xz xorg xdm wget ecryptfs-utils btrfs-progs e2fsprogs hfsprogs reiserfs-progs reiser4-progs xfs-progs enable: NetworkManager acpid gpm ldm sshd openntpd xdm !!fix /etc/runit/core-services/03-filesystems.sh to not panic on a readonly root