adding files to git
[eostre.git] / files / RELEASE
CommitLineData
1c66ee26 1IR/AE v0.0.7.1
2
3Amendment: actually we're not doing that whole thing with locked down mounts
4I'm keeping the fstab around for future use, but for now that technology is not easily achievable
5
6---
7
8IR/AE v0.0.7
9
10Remember in v0.0.2 when we made ALL of /etc and /var have rw+exec+suid?
11This update reverts that behaviour, because it was a security vulnerability.
12
13Instead, we do something much more paranoid - we draw inspiration from OpenBSD's pledge syscall, but kinda in reverse.
14With pledge, you signal what behaviours you need as your program starts up, gradually dropping privs as they are no longer required.
15With the IRAE startup sequence, we start with the bare minimum of privs - root has noexec,nodev,nosuid - and then give exec/dev/suid privs where needed.
16In our case, only the directories /etc/runit,/usr/bin,/usr/lib,/usr/libexec get exec, and even then they don't get suid.
17Among the few programs that do request suid privs in a base Linux install, about a quarter get denied those privs because those programs are either outdated or have other ways to be run with modified privs.
18
19Something pledge does have that IRAE doesn't is the ability to lock the program from making any more pledge calls, stopping a potentially compromised program from modifying its privs.
20We could accomplish this by stopping the kernel from mounting ANY new filesystems, but this obviously gets in the way of day-to-day tasks like mounting USB drives, or setting up containers.
21
22I'm not sure how to address this behaviour.
23As far as I know, Linux has no way to restrict mounts to *only* a particular part of the filesystem - ideally we would only allow new mounts in /mnt and /home - which might be possible with a highly custom SELinux module but is currently too complicated for now.
24
25The other big thing we did was fully add our initrd infra - codenamed init3 to the base IRAE image.
26init3 can be found in the directory /initrd
27
28---
29
30IR/Abigail Everlasting v0.0.6 Second Edition
31
32Building a kernel and initrd required to boot the system is now considered within the scope of IRAE, expect infra in the next update
33
34Added packages:
35* pax-utils - provides the lddtree utility, which is used for our intrd infrastructure
36* busybox - general shell for initrd
37
38We REPLACED ConsoleKit2 with elogind, because CK2 hasn't been maintained since 2017
39
40---
41
42Abigail Everlasting v0.0.6 First Edition
43
44Added the following packages to a default install:
45* vsv - a simple runit service manager, similar to systemctl on systemd
46* NetworkManager-{openconnect,openvpn,strongswan,pptp} - support for VPNs in NetworkManager
47* gnome-ssh-askpass - a simple GTK askpass program, meant so that people using encfs can get a nicer password dialog
48* podman - Container manager
49
50PodMan is the big package there - it should allow unprivileged containers, opposed to a traditional chroot, which requires root privs to bind-mount appropriate filesystems and exec the chroot syscall.
51Unprivileged containers are needed because some software should not necesarilly be flatpak'ed - common command line tools, or virtual machine managers (libvirt), or software that needs suid.
52Flatpak is a wonderful application format, but not a catch-all solution.
53By leveraging podman, we can set up an unprivileged traditional package-based Linux environment while keeping the host system immutable.
54
55This release is also the first to use the 20191109 tarball
56
57---
58
59Abigail v0.0.5.9
60
61Few major changes since 0052
62Last update before 006
63
64---
65
66Abigail v0.0.5.2
67
68Added xtools for if some folx want to build Void packages
69Might use this to transition mtowards using our own custom-built pkges
70
71---
72
73Abigail v0.0.5.1
74
75Added lvm2 to pkgs because I have the big dumb
76
77---
78
79Abigail v0.0.5
80
81Refined the build system a little bit, so that /rw would be automatically created, and also (hopefully) got LightDM to work on startup
82
83---
84
85Abigail v0.0.4.9
86
87Updated version of 0.0.4
88Mostly involved adding some stuff for pulseaudio, no major changes
89
90---
91
92Abigail v0.0.4
93
94Went back to using Void as a base system, and kept the /.pkgs /.svcs files from 0.0.2
95The build process was further automated by the file /.build, and patches were added to the directory /.patches
96
97An xfce4 desktop was packaged in this release, but users are free to compile other desktops as they like
98
99The biggest change was that we reverted to using glibc over musl. musl presented some interesting challenges, and hohnestly there's not much reason to use it anyways.
100
101---
102
103Abby v0.0.3-kiss
104
105Third prototype.
106Experimented with using KISS Linux as a base instead of Void.
107Kiss retained many of the benefits of Gentoo, without the USE-based dependency hell that bootstrapping from Gentoo (which I tried originally) involved.
108Kiss was dropped due to having too few packages in its repos, and due to Flatpak failing to compile.
109
110This release was relatively insignifigant.
111
112---
113
114Abyssal Penguin v0.0.2
115
116Second prototype!
117The previous version booted fine, but NetworkManager failed to work and xorg (granted, I'm testing this on a nvidia system) would always do the black-screen-no-response-cursor thingy
118
119The build process was improved, I added the files /.pkgs and /.svcs, which describe the packages used to build the base system, and the services enabled in the base system, respectively
120As such, most of the build process consists of two bash for-loops.
121
122The file /etc/runit/core-services/03-filesystems.sh still needs fixing.
123I opened an issue with upstream Void
124
125We switched to using musl-based Void
126
127Finally, the biggest change is that the entirety of /etc and /var is now mutable.
128This was decided after I took a look at how Fedora Silverblue was doing their OS; it should hopefully result in less fuckery, and means I won't have to rebuild the rootfs every time I find /another/ directory that needs rw
129From a security standpoint, this opens up a few new theoretical attack vectors, but given that you still need root to write to /etc or /var, it shouldn't be too big a deal
130
131---
132
133Abyssal Penguin v0.0.1
134
135Prototype!
136I think I have a working rootfs now
137
138TODO: automate the build process
139
140BUILD:
141extract voidstrap tarball
142update it
143install: NetworkManager acpi acpid encfs gpm base-devel linux lm_sensors openntpd xz xorg xdm wget ecryptfs-utils btrfs-progs e2fsprogs hfsprogs reiserfs-progs reiser4-progs xfs-progs
144enable: NetworkManager acpid gpm ldm sshd openntpd xdm
145!!fix /etc/runit/core-services/03-filesystems.sh to not panic on a readonly root