| 1c66ee26 |
1 | IR/AE v0.0.7.1 |
| 2 | |
| 3 | Amendment: actually we're not doing that whole thing with locked down mounts |
| 4 | I'm keeping the fstab around for future use, but for now that technology is not easily achievable |
| 5 | |
| 6 | --- |
| 7 | |
| 8 | IR/AE v0.0.7 |
| 9 | |
| 10 | Remember in v0.0.2 when we made ALL of /etc and /var have rw+exec+suid? |
| 11 | This update reverts that behaviour, because it was a security vulnerability. |
| 12 | |
| 13 | Instead, we do something much more paranoid - we draw inspiration from OpenBSD's pledge syscall, but kinda in reverse. |
| 14 | With pledge, you signal what behaviours you need as your program starts up, gradually dropping privs as they are no longer required. |
| 15 | With the IRAE startup sequence, we start with the bare minimum of privs - root has noexec,nodev,nosuid - and then give exec/dev/suid privs where needed. |
| 16 | In our case, only the directories /etc/runit,/usr/bin,/usr/lib,/usr/libexec get exec, and even then they don't get suid. |
| 17 | Among the few programs that do request suid privs in a base Linux install, about a quarter get denied those privs because those programs are either outdated or have other ways to be run with modified privs. |
| 18 | |
| 19 | Something pledge does have that IRAE doesn't is the ability to lock the program from making any more pledge calls, stopping a potentially compromised program from modifying its privs. |
| 20 | We could accomplish this by stopping the kernel from mounting ANY new filesystems, but this obviously gets in the way of day-to-day tasks like mounting USB drives, or setting up containers. |
| 21 | |
| 22 | I'm not sure how to address this behaviour. |
| 23 | As far as I know, Linux has no way to restrict mounts to *only* a particular part of the filesystem - ideally we would only allow new mounts in /mnt and /home - which might be possible with a highly custom SELinux module but is currently too complicated for now. |
| 24 | |
| 25 | The other big thing we did was fully add our initrd infra - codenamed init3 to the base IRAE image. |
| 26 | init3 can be found in the directory /initrd |
| 27 | |
| 28 | --- |
| 29 | |
| 30 | IR/Abigail Everlasting v0.0.6 Second Edition |
| 31 | |
| 32 | Building a kernel and initrd required to boot the system is now considered within the scope of IRAE, expect infra in the next update |
| 33 | |
| 34 | Added packages: |
| 35 | * pax-utils - provides the lddtree utility, which is used for our intrd infrastructure |
| 36 | * busybox - general shell for initrd |
| 37 | |
| 38 | We REPLACED ConsoleKit2 with elogind, because CK2 hasn't been maintained since 2017 |
| 39 | |
| 40 | --- |
| 41 | |
| 42 | Abigail Everlasting v0.0.6 First Edition |
| 43 | |
| 44 | Added the following packages to a default install: |
| 45 | * vsv - a simple runit service manager, similar to systemctl on systemd |
| 46 | * NetworkManager-{openconnect,openvpn,strongswan,pptp} - support for VPNs in NetworkManager |
| 47 | * gnome-ssh-askpass - a simple GTK askpass program, meant so that people using encfs can get a nicer password dialog |
| 48 | * podman - Container manager |
| 49 | |
| 50 | PodMan is the big package there - it should allow unprivileged containers, opposed to a traditional chroot, which requires root privs to bind-mount appropriate filesystems and exec the chroot syscall. |
| 51 | Unprivileged containers are needed because some software should not necesarilly be flatpak'ed - common command line tools, or virtual machine managers (libvirt), or software that needs suid. |
| 52 | Flatpak is a wonderful application format, but not a catch-all solution. |
| 53 | By leveraging podman, we can set up an unprivileged traditional package-based Linux environment while keeping the host system immutable. |
| 54 | |
| 55 | This release is also the first to use the 20191109 tarball |
| 56 | |
| 57 | --- |
| 58 | |
| 59 | Abigail v0.0.5.9 |
| 60 | |
| 61 | Few major changes since 0052 |
| 62 | Last update before 006 |
| 63 | |
| 64 | --- |
| 65 | |
| 66 | Abigail v0.0.5.2 |
| 67 | |
| 68 | Added xtools for if some folx want to build Void packages |
| 69 | Might use this to transition mtowards using our own custom-built pkges |
| 70 | |
| 71 | --- |
| 72 | |
| 73 | Abigail v0.0.5.1 |
| 74 | |
| 75 | Added lvm2 to pkgs because I have the big dumb |
| 76 | |
| 77 | --- |
| 78 | |
| 79 | Abigail v0.0.5 |
| 80 | |
| 81 | Refined the build system a little bit, so that /rw would be automatically created, and also (hopefully) got LightDM to work on startup |
| 82 | |
| 83 | --- |
| 84 | |
| 85 | Abigail v0.0.4.9 |
| 86 | |
| 87 | Updated version of 0.0.4 |
| 88 | Mostly involved adding some stuff for pulseaudio, no major changes |
| 89 | |
| 90 | --- |
| 91 | |
| 92 | Abigail v0.0.4 |
| 93 | |
| 94 | Went back to using Void as a base system, and kept the /.pkgs /.svcs files from 0.0.2 |
| 95 | The build process was further automated by the file /.build, and patches were added to the directory /.patches |
| 96 | |
| 97 | An xfce4 desktop was packaged in this release, but users are free to compile other desktops as they like |
| 98 | |
| 99 | The biggest change was that we reverted to using glibc over musl. musl presented some interesting challenges, and hohnestly there's not much reason to use it anyways. |
| 100 | |
| 101 | --- |
| 102 | |
| 103 | Abby v0.0.3-kiss |
| 104 | |
| 105 | Third prototype. |
| 106 | Experimented with using KISS Linux as a base instead of Void. |
| 107 | Kiss retained many of the benefits of Gentoo, without the USE-based dependency hell that bootstrapping from Gentoo (which I tried originally) involved. |
| 108 | Kiss was dropped due to having too few packages in its repos, and due to Flatpak failing to compile. |
| 109 | |
| 110 | This release was relatively insignifigant. |
| 111 | |
| 112 | --- |
| 113 | |
| 114 | Abyssal Penguin v0.0.2 |
| 115 | |
| 116 | Second prototype! |
| 117 | The previous version booted fine, but NetworkManager failed to work and xorg (granted, I'm testing this on a nvidia system) would always do the black-screen-no-response-cursor thingy |
| 118 | |
| 119 | The build process was improved, I added the files /.pkgs and /.svcs, which describe the packages used to build the base system, and the services enabled in the base system, respectively |
| 120 | As such, most of the build process consists of two bash for-loops. |
| 121 | |
| 122 | The file /etc/runit/core-services/03-filesystems.sh still needs fixing. |
| 123 | I opened an issue with upstream Void |
| 124 | |
| 125 | We switched to using musl-based Void |
| 126 | |
| 127 | Finally, the biggest change is that the entirety of /etc and /var is now mutable. |
| 128 | This was decided after I took a look at how Fedora Silverblue was doing their OS; it should hopefully result in less fuckery, and means I won't have to rebuild the rootfs every time I find /another/ directory that needs rw |
| 129 | From a security standpoint, this opens up a few new theoretical attack vectors, but given that you still need root to write to /etc or /var, it shouldn't be too big a deal |
| 130 | |
| 131 | --- |
| 132 | |
| 133 | Abyssal Penguin v0.0.1 |
| 134 | |
| 135 | Prototype! |
| 136 | I think I have a working rootfs now |
| 137 | |
| 138 | TODO: automate the build process |
| 139 | |
| 140 | BUILD: |
| 141 | extract voidstrap tarball |
| 142 | update it |
| 143 | install: NetworkManager acpi acpid encfs gpm base-devel linux lm_sensors openntpd xz xorg xdm wget ecryptfs-utils btrfs-progs e2fsprogs hfsprogs reiserfs-progs reiser4-progs xfs-progs |
| 144 | enable: NetworkManager acpid gpm ldm sshd openntpd xdm |
| 145 | !!fix /etc/runit/core-services/03-filesystems.sh to not panic on a readonly root |
projects / eostre.git / blame