MirOS News

Sponsored by
HostEurope Logo

MirOS News

All 1 2 3 4 5 6 7 8 9 10 11 12 13

The Command-Line Interface for the KDE Wallet, Version 2.02, has been released and dput into Debian unstable. (The lenny-backports version will follow.) It took me quite a while to reproduce, then track down, the bug; having unrelated problems at the same time didn’t help either…

mksh R39c released

25.02.2010 by tg@
Tags: mksh

The MirBSD Korn Shell R39c has been released. This upgrade is strongly recommended for everyone. Focus is on minor but important bug fixes. The recently introduced list of caveats contains language-relevant user-visible changes.

We are proud to announce that the android-x86 project's /bin/sh is now an mksh(1) as well.

Please update MirPorts Framework infrastructure

Tags: bug snapshot

If you installed the FOSDEM 2010 snapshot, you will run into a number of issues with ports. Please run cvs -qz3 up -PAd in the /usr/ports/infrastructure directory to get later versions, which fixed these. (Half of the problems were inherited from OpenBSD, whose use of a Bourne shell construct predates POSIX/SUSv4.)

The MirBSD Korn Shell R39b has been released. This upgrade is strongly recommended for everyone. While being a stable series release there are, due to standards compliance and bug fixes, a number of caveats users should be aware of when upgrading. Also new, the list of full terms and conditions applying to it. Users (and distributors intending to support mksh for their own customers) should definitively read the caveats, although only corner cases are incompatible (ask for details).

The arc4random.c page now at least has some content, and a lot of links, too.

The kwalletcli page has been completely written by now. I'm proud to announce the availability of the CLI for the KDE Wallet, as distfile, as Debian squeeze/sid package (it's already in testing, yes), and as Debian lenny package, soon to be in backports (currently only in my own play repo, as I'm waiting for bpo upload rights – apparently, my PGP key wrecked the software).

I would like to apologise for the delay; I've been more-than-busy at first (preparing MirBSD for FOSDEM), then in foreign countries where people talk in weird tongues, then ill. I'm still not totally recovered, and there is also much catching-up work to do.

mksh R39b released

29.01.2010 by tg@
Tags: mksh

The MirBSD Korn Shell R39b has been released. This upgrade is strongly recommended for everyone. While being a stable series release there are, due to standards compliance and bug fixes, a number of caveats users should be aware of when upgrading; these shall be documented on the webpage RSN. (In fact I simply do not have the time to do so now, but will do it later.)

Beware, the Objective-C and C++ header files (includes) will, as the libraries have already, move to compiler-specific directories, so that llvm-gcc4.2 and gcc-4.4.2 can use their own ones exclusively, and Clang will get a wrapper asking its CCLD which ones it prefers.

New MirBSD/i386 snapshots

15.11.2009 by tg@
Tags: news security snapshot

I have compiled a new snapshot (i386 only) and uploaded the following flavours: MirOS bsd4grml, MirOS bsd4me-current (Live OS), MirBSD-current netboot (NetInstall for i386), the Midi-ISO (bi-arch manifold NetInstall), and the checksums.

The /MirOS/current/older/ subdirectory containing partial and incremental upgrades for older MirBSD-current snapshots is gone for now. The 20091115 (i386) snapshot is a security upgrade (contains the OpenSSL panic patch in its second version), bugfix (all errata mentioned in the “wtf ist hallowe’en” announcement are fixed if applicable), and feature upgrade: the installer and first boot recognise a Simtec Entropy Key if plugged in (for the installer, break into a shell and run /usr/libexec/ekeyrng if plugging it in later) for increased entropy generation; after first-time installation and reboot, the user is supposed to install ports/security/ekeyd and use that (for which there are binary packages as well).

The MirOS Project’s servers are or will be upgraded as well; please bear in mind this implies short outages of service. Furthermore, due to the TLS protocol design error, some things may not work any more, since we applied the OpenSSL “panic patch”, which disables all renegotiation, but allows applications to re-enable it, if they knew about that possibility at compile time, by setting a run-time flag before initiating the connection. (None we know of does, though.)

New MirOS snapshots (BSD, CVS, grml, ISO)

31.10.2009 by tg@
Tags: bug event grml release security snapshot

Gee...  I don’t know what “hallowe’en” means…

Does this match what you’re thinking? Well, there is a new MirOS snapshot, with several components, (as usual) out on BitTorrent. It was also distributed on CDs at OpenRheinRuhr 2009, and will be (by formorer) at 26C3 in Berlin.

This is the combination of an ISO 9660 filesystem image with the “Samhain” edition of MirBSD and the “Hello, Wien!” edition of grml GNU/Linux, Triforce (as usual), and the „Allerheiligen“ CVS snapshot. And a tribute to UF.

Update 01.11. – This is tagged 「event」 because I intend on distributing this snapshot on CDs at OpenRheinRuhr next weekend, and maybe Benny on bootable tapes at 26C3…

MirGRML 2009.10 is based on grml-small 2009.10-rc3 and contains a couple more programmes, and, as usual, is fitted to match the rest of The MirOS Project’s offers, for instance by not using a framebuffer by default, having mksh as login shell, etc.
This time, all (required) source code is available either from our CVS or from sources.grml.org.

The Squash-and-Steffl background comes from Christoph Prokop, and was used in our desktop wallpaper with permission from Mika.

Update 01.11. – The GRUB2 「memtest86+」 bootmenu option does not work because nobody told the Grml team that it must now be booted with 「linux16」 ipv 「linux」 – fix is to type ‘e’ to edit the entry, move right, type the “16” and hit ^X to boot.

Note: This is “MirGRML”, a mini-Grml coming with MirBSD. There is also “MirOS bsd4grml”, a mini-MirBSD coming with Grml. This should clear up any possible confusion. (This snapshot contains a full MirOS BSD, i386 and sparc, no MirOS bsd4grml, plus MirGRML, but no Grml. The Grml 2009.10 release contains a full/medium/small Grml, no MirGRML, plus MirOS bsd4grml (the small one).

MirOS BSD, both i486 and sparc architectures. Most recent snapshot, compiled 2009-10-30, with an updated kernel for a security fix from 2009-10-31 we urge people to upgrade to, even if running older versions. Hence, MirOS-current snapshots are now recommended over MirOS #10-RELEASE, updates for which we have been unable to provide regularily due to lack of time. (Sorry.) This snapshot could have been released as MirOS #11 if it were not for our release plans (so please consider it a new stable release, albeit one without intentions to release binary incremental security updates, but then, we can’t do so for #10 either, so you still win).

MirBSD/i386 is called MirOS BSD/i486 above. We might produce a MirOS BSD/i386 platform with user-space soft-float (like ARM), for a SoC device, if we want and have the time to play with such platforms. What is currently MirBSD/i386 requires an Intel 80486DX or compatible, such as a Cyrix 80486DLC (the one in nwt, see my wlog entries for details). Neither 80386 compatibles nor FPU-less systems will work with this release.
MirBSD/sparc is still compiled for v8 CPUs, with optimisation for HyperSPARC turned on. It is possible to compile your own variant for a v7 CPU (sun4 or sun4c system), though.

This Live CD comes with IceWM, Dillo 2 and a couple of other tools installed and partially preconfigured (you can even run MirBSD inside MirBSD, as qemu is shipped). Enjoy!

Update 02.11. – The /etc/rc shipped breaks pflogd(8) and hence spamlogd(8) – part of the spamd(8) suite – please update this file from the etc10.ngz set manually to cvs(1) revision 1.107 if you are running a spamfilter scenario. Our apologies.

Update 08.11. – Append the following line: CHARACTER_SET:utf-8 to /etc/lynx.cfg or re-enable locale-based charset setting.

Once this release is done, I will create a cpio-with-crc-ball of the CVS repository again, for initial extraction purposes, to speed up an rsync mirror process. It will be available from our usual web mirrors.

You can also pull /cvs directly, and /MirOS and /Pkgs. We plan to make all distfiles used to build MirPorts packages available as well, but currently lack disc space on some of the boxen involved (they are still usually available from the original mirrors, as well as on request directly from bsiegert@/tg@, plus we fully intend on making binary packages the viable option).

New MirMake (mandatory update)

20.10.2009 by tg@
Tags: bug mksh

Due to a bug mksh fixed after inheriting it from pdksh via OpenBSD ksh (oksh), which probably got it from AT&T ksh88 (ksh93 exhibits the correct behaviour, as does posh), coupled with the unfortunate lines

	CC=${CC:Q} ${MKDEP_SH} -a ${MKDEP} ${CFLAGS:M-[ID]*} \
	    ${CPPFLAGS} $$files; \

in <bsd.dep.mk, where ${MKDEP} can be the mkdep(1) option -p as well as additional CPPFLAGS like -I... (which I actually found in our tree), you absolutely must upgrade your MirMake package, as well as mkdep(1) in the base system, before upgrading to mksh-20091015 or newer. (Note that R40, which will carry the breaking fix, has not been released yet, but FreeWRT uses an mksh-current snapshot bearing it with still major 39 enacted.) It is actually pretty hard to work around, see the mkdep source code for details. There are basically two things to take care of:

  • For each x in getopts "...x..." c, make sure you not only case (x) ... ;; but also either case (+x) ... ;; or have a (*) ... ;; default trailing block, because mksh(1) getopts will also catch foo -x +y -z sanely. This is, in contrast to oksh, not disablable with a shell option.
  • If you case (\?) cmds ;; (either explicitly or via a default block), special rules apply: if you do anything other than exiting from there (e.g. via usage), $OPTIND will differ: newer shells count this option, olders don't.

The new distfile {RMD160 (/MirOS/dist/mir/make/mirmake-20091020.cpio.gz) = b9ac1258bc66b3d0d63537cc82d02c91408d1ba8} has been uploaded for your convenience already and will be integrated (after testing) into both The MirPorts Framework and FreeWRT as soon as we get to it, probably tomorrow.

Website has been unavailable, fixed

07.09.2009 by tg@
Tags: bug

We would like to apologise for the unavailability of our main website, and in general HTTPS access to everything hosted on eurynome, during today, Monday. It turns out that our hoster accidentally botched up a Linux netfilter prerouting table at about Sunday 01:00 UTC (i.e. Saturday evening, way past midnight, local time) affecting the IPv4 address set aside for eurynome. We believe IPv6 services were not affected. Our hoster would like to apologise and comment that he is, after all, a human being as well.

Please note that X.509v3 SSL certificate validation will have prevented you from connecting to the wrong server, as this ended up like a MITM (man-in-the-middle) attack.

MirOS bsd4me – Sane OS on netboot.me ☺

30.08.2009 by tg@
Tags: news snapshot

Christian Hofstaedtler «ch:#grml» pointed me to an article about netboot.me, a service providing bootable Live and Install variants of some OSes over the Internet (via gPXE and HTTP transport, mostly). They offer a bootable floppy/disc, USB stick, and El Torito ISO image. One gets a graphical menu if not careful, out of which there is no escape, and which isn’t compatible with most graphics cards, but if ^B is pressed quickly enough, there will be a usable command line.

An experimental MirOS bsd4me bootable image is available as well:

gPXE> autoboot
gPXE> chain http://netboot.me/2032

This will be loaded via plain, unencrypted HTTP from our main webserver. It’s the usual <5 MiB Mini-ISO for the i386 architecture and contains a full installer, as well as e3 and tinyirc known from MirOS bsd4grml. Source code of the GPL’d parts and overall licencing information is also included inside the ISO image. Please remember this is for beta testing only. We do not support MEMDISK boot methods with our second stage boot(8/i386) loader, as these are not reliable.

On an unrelated side note: dutch Windows XP Professional is weird. Translations were laughed at by several dutch-speaking people in the mksh IRC channel, but I was able to disable Blåtand on “blau” (the new IBM X40, successor of “bleu”). And it works!

A more related side note: when virtualising MirBSD, do not use VirtualBox. If you do have Vanderpool/Pacifica available and enabled, both the OSE and the full edition may be viable, but kvm is the better option. If VT-x/HVM is not used, it does not emulate the i386 architecture properly. Use qemu, kqemu, kvm, bochs, VMware Server 2 (not 1 – timekeeping is broken in there), Microsoft® VirtualPC 2004, Parallels Desktop, VMware Fusion for Macintosh, … instead.

Tonight and the last few days have seen several releases of things like MirMake, the package tools, etc. You might want to upgrade your MirPorts Framework checkout. (We now have enough Lua tools to access the Simtec eKey, I just need to order one. We’re currently at 2¾ interested people, not quite enough to make sense.)

arandom(4) is a high quality SRNG (stretched RNG). It passes these test suites quite well on bleu (IBM X40, without TPM support). I also took 128 MiB samples from the same /dev/arandom, as well as from tear (Via C7), herc (P-233MMX), ss5, eurynome. The results are similar to each other (some of the tests rewind the input file a lot of times, so there are of course differences to the test using the arandom(4) stream directly – but the results are as good as can be expected, and tests that happen to fail (which is expected too, as it’s random after all) pass quite well with other runs). Another 128 MiB snippet of the TPM output looks to be as good as the arandom one, which doesn’t infer that it’s a TRNG, but it’ll at least help; the C7 xstore-rng output however looks rather bad in some tests (such as the Chi square test); apparently, the kernel initialises it with not optimum values (which may even be correct, as we use the RNG from kernel space, so a bias doesn’t matter, whereas Von Neumann bias correction would eat up very many bits; additionally, it’s designed to work from VIA C3 onwards).

I think the Entropy Key will have even better results. It’s still a thermal noise (or Johnson noise?) type, not a “real” QRNG (using photons and a mirror, or radioactive material and a Geiger counter), unless the one from fourmilab.ch (I’d insert a link here, but John Walker’s site appears to be down). Personally, I use the use-many-sources and mix approach, getting “best” entropy from external sources, including fourmilab’s (via https), “good” from myself (VIA C7, IBM TPM, soon eKey); “medium”, “regular” and “bad” from myself, where most of these are non-interceptible – the RANDOM.SYS for DOS author says every bit counts, and I think so too. cprng(8) is an example of “medium” (or “bad” if you lack the appropriate hardware) source; keyboard/mouse are “regular”, disc/net I/O are “bad” but available. The four-pool mixing helps, and the results show. Hell, even nwt has good entropy. And the RANDEX protocol helps some, too. Untrusted, but potentially good bits; wrandom(4) pool.

All 1 2 3 4 5 6 7 8 9 10 11 12 13

MirOS Logo