X-Git-Url: https://vcs.fsf.org/?p=eostre.git;a=blobdiff_plain;f=dbd-autobuild%2Ffiles%2FRELEASE;h=e69de29bb2d1d6434b8b29ae775ad8c2e48c5391;hp=c1ad363daebab55d4efb067d0ffecafc4f427fdf;hb=157b3d4d9dd1bf2d7550f247ba5b4c22ef38fed2;hpb=d50e8d4bcfe8b05171ffcc9a6af9ecedfbe9df8d;ds=sidebyside diff --git a/dbd-autobuild/files/RELEASE b/dbd-autobuild/files/RELEASE index c1ad363..e69de29 100644 --- a/dbd-autobuild/files/RELEASE +++ b/dbd-autobuild/files/RELEASE @@ -1,145 +0,0 @@ -IR/AE v0.0.7.1 - -Amendment: actually we're not doing that whole thing with locked down mounts -I'm keeping the fstab around for future use, but for now that technology is not easily achievable - ---- - -IR/AE v0.0.7 - -Remember in v0.0.2 when we made ALL of /etc and /var have rw+exec+suid? -This update reverts that behaviour, because it was a security vulnerability. - -Instead, we do something much more paranoid - we draw inspiration from OpenBSD's pledge syscall, but kinda in reverse. -With pledge, you signal what behaviours you need as your program starts up, gradually dropping privs as they are no longer required. -With the IRAE startup sequence, we start with the bare minimum of privs - root has noexec,nodev,nosuid - and then give exec/dev/suid privs where needed. -In our case, only the directories /etc/runit,/usr/bin,/usr/lib,/usr/libexec get exec, and even then they don't get suid. -Among the few programs that do request suid privs in a base Linux install, about a quarter get denied those privs because those programs are either outdated or have other ways to be run with modified privs. - -Something pledge does have that IRAE doesn't is the ability to lock the program from making any more pledge calls, stopping a potentially compromised program from modifying its privs. -We could accomplish this by stopping the kernel from mounting ANY new filesystems, but this obviously gets in the way of day-to-day tasks like mounting USB drives, or setting up containers. - -I'm not sure how to address this behaviour. -As far as I know, Linux has no way to restrict mounts to *only* a particular part of the filesystem - ideally we would only allow new mounts in /mnt and /home - which might be possible with a highly custom SELinux module but is currently too complicated for now. - -The other big thing we did was fully add our initrd infra - codenamed init3 to the base IRAE image. -init3 can be found in the directory /initrd - ---- - -IR/Abigail Everlasting v0.0.6 Second Edition - -Building a kernel and initrd required to boot the system is now considered within the scope of IRAE, expect infra in the next update - -Added packages: -* pax-utils - provides the lddtree utility, which is used for our intrd infrastructure -* busybox - general shell for initrd - -We REPLACED ConsoleKit2 with elogind, because CK2 hasn't been maintained since 2017 - ---- - -Abigail Everlasting v0.0.6 First Edition - -Added the following packages to a default install: -* vsv - a simple runit service manager, similar to systemctl on systemd -* NetworkManager-{openconnect,openvpn,strongswan,pptp} - support for VPNs in NetworkManager -* gnome-ssh-askpass - a simple GTK askpass program, meant so that people using encfs can get a nicer password dialog -* podman - Container manager - -PodMan is the big package there - it should allow unprivileged containers, opposed to a traditional chroot, which requires root privs to bind-mount appropriate filesystems and exec the chroot syscall. -Unprivileged containers are needed because some software should not necesarilly be flatpak'ed - common command line tools, or virtual machine managers (libvirt), or software that needs suid. -Flatpak is a wonderful application format, but not a catch-all solution. -By leveraging podman, we can set up an unprivileged traditional package-based Linux environment while keeping the host system immutable. - -This release is also the first to use the 20191109 tarball - ---- - -Abigail v0.0.5.9 - -Few major changes since 0052 -Last update before 006 - ---- - -Abigail v0.0.5.2 - -Added xtools for if some folx want to build Void packages -Might use this to transition mtowards using our own custom-built pkges - ---- - -Abigail v0.0.5.1 - -Added lvm2 to pkgs because I have the big dumb - ---- - -Abigail v0.0.5 - -Refined the build system a little bit, so that /rw would be automatically created, and also (hopefully) got LightDM to work on startup - ---- - -Abigail v0.0.4.9 - -Updated version of 0.0.4 -Mostly involved adding some stuff for pulseaudio, no major changes - ---- - -Abigail v0.0.4 - -Went back to using Void as a base system, and kept the /.pkgs /.svcs files from 0.0.2 -The build process was further automated by the file /.build, and patches were added to the directory /.patches - -An xfce4 desktop was packaged in this release, but users are free to compile other desktops as they like - -The biggest change was that we reverted to using glibc over musl. musl presented some interesting challenges, and hohnestly there's not much reason to use it anyways. - ---- - -Abby v0.0.3-kiss - -Third prototype. -Experimented with using KISS Linux as a base instead of Void. -Kiss retained many of the benefits of Gentoo, without the USE-based dependency hell that bootstrapping from Gentoo (which I tried originally) involved. -Kiss was dropped due to having too few packages in its repos, and due to Flatpak failing to compile. - -This release was relatively insignifigant. - ---- - -Abyssal Penguin v0.0.2 - -Second prototype! -The previous version booted fine, but NetworkManager failed to work and xorg (granted, I'm testing this on a nvidia system) would always do the black-screen-no-response-cursor thingy - -The build process was improved, I added the files /.pkgs and /.svcs, which describe the packages used to build the base system, and the services enabled in the base system, respectively -As such, most of the build process consists of two bash for-loops. - -The file /etc/runit/core-services/03-filesystems.sh still needs fixing. -I opened an issue with upstream Void - -We switched to using musl-based Void - -Finally, the biggest change is that the entirety of /etc and /var is now mutable. -This was decided after I took a look at how Fedora Silverblue was doing their OS; it should hopefully result in less fuckery, and means I won't have to rebuild the rootfs every time I find /another/ directory that needs rw -From a security standpoint, this opens up a few new theoretical attack vectors, but given that you still need root to write to /etc or /var, it shouldn't be too big a deal - ---- - -Abyssal Penguin v0.0.1 - -Prototype! -I think I have a working rootfs now - -TODO: automate the build process - -BUILD: -extract voidstrap tarball -update it -install: NetworkManager acpi acpid encfs gpm base-devel linux lm_sensors openntpd xz xorg xdm wget ecryptfs-utils btrfs-progs e2fsprogs hfsprogs reiserfs-progs reiser4-progs xfs-progs -enable: NetworkManager acpid gpm ldm sshd openntpd xdm -!!fix /etc/runit/core-services/03-filesystems.sh to not panic on a readonly root