MirOS News

Sponsored by
HostEurope Logo

MirOS News

All 1 2 3 4 5 6 7 8 9 10 11 12

mksh R39b released

29.01.2010 by tg@
Tags: mksh

The MirBSD Korn Shell R39b has been released. This upgrade is strongly recommended for everyone. While being a stable series release there are, due to standards compliance and bug fixes, a number of caveats users should be aware of when upgrading; these shall be documented on the webpage RSN. (In fact I simply do not have the time to do so now, but will do it later.)

Beware, the Objective-C and C++ header files (includes) will, as the libraries have already, move to compiler-specific directories, so that llvm-gcc4.2 and gcc-4.4.2 can use their own ones exclusively, and Clang will get a wrapper asking its CCLD which ones it prefers.

New MirBSD/i386 snapshots

15.11.2009 by tg@
Tags: news security snapshot

I have compiled a new snapshot (i386 only) and uploaded the following flavours: MirOS bsd4grml, MirOS bsd4me-current (Live OS), MirBSD-current netboot (NetInstall for i386), the Midi-ISO (bi-arch manifold NetInstall), and the checksums.

The /MirOS/current/older/ subdirectory containing partial and incremental upgrades for older MirBSD-current snapshots is gone for now. The 20091115 (i386) snapshot is a security upgrade (contains the OpenSSL panic patch in its second version), bugfix (all errata mentioned in the “wtf ist hallowe’en” announcement are fixed if applicable), and feature upgrade: the installer and first boot recognise a Simtec Entropy Key if plugged in (for the installer, break into a shell and run /usr/libexec/ekeyrng if plugging it in later) for increased entropy generation; after first-time installation and reboot, the user is supposed to install ports/security/ekeyd and use that (for which there are binary packages as well).

The MirOS Project’s servers are or will be upgraded as well; please bear in mind this implies short outages of service. Furthermore, due to the TLS protocol design error, some things may not work any more, since we applied the OpenSSL “panic patch”, which disables all renegotiation, but allows applications to re-enable it, if they knew about that possibility at compile time, by setting a run-time flag before initiating the connection. (None we know of does, though.)

New MirOS snapshots (BSD, CVS, grml, ISO)

31.10.2009 by tg@
Tags: bug event grml release security snapshot

wtf ist hallowe’en

Gee...  I don’t know what “hallowe’en” means…

Does this match what you’re thinking? Well, there is a new MirOS snapshot, with several components, (as usual) out on BitTorrent. It was also distributed on CDs at OpenRheinRuhr 2009, and will be (by formorer) at 26C3 in Berlin.

This is the combination of an ISO 9660 filesystem image with the “Samhain” edition of MirBSD and the “Hello, Wien!” edition of grml GNU/Linux, Triforce (as usual), and the „Allerheiligen“ CVS snapshot. And a tribute to UF.

Update 01.11. – This is tagged 「event」 because I intend on distributing this snapshot on CDs at OpenRheinRuhr next weekend, and maybe Benny on bootable tapes at 26C3…

MirGRML “Hello, Wien!” 2009.10

MirGRML 2009.10 is based on grml-small 2009.10-rc3 and contains a couple more programmes, and, as usual, is fitted to match the rest of The MirOS Project’s offers, for instance by not using a framebuffer by default, having mksh as login shell, etc.
This time, all (required) source code is available either from our CVS or from sources.grml.org.

The Squash-and-Steffl background comes from Christoph Prokop, and was used in our desktop wallpaper with permission from Mika.

Update 01.11. – The GRUB2 「memtest86+」 bootmenu option does not work because nobody told the Grml team that it must now be booted with 「linux16」 ipv 「linux」 – fix is to type ‘e’ to edit the entry, move right, type the “16” and hit ^X to boot.

Note: This is “MirGRML”, a mini-Grml coming with MirBSD. There is also “MirOS bsd4grml”, a mini-MirBSD coming with Grml. This should clear up any possible confusion. (This snapshot contains a full MirOS BSD, i386 and sparc, no MirOS bsd4grml, plus MirGRML, but no Grml. The Grml 2009.10 release contains a full/medium/small Grml, no MirGRML, plus MirOS bsd4grml (the small one).

MirBSD „Samhain“ 2009-10-31

MirOS BSD, both i486 and sparc architectures. Most recent snapshot, compiled 2009-10-30, with an updated kernel for a security fix from 2009-10-31 we urge people to upgrade to, even if running older versions. Hence, MirOS-current snapshots are now recommended over MirOS #10-RELEASE, updates for which we have been unable to provide regularily due to lack of time. (Sorry.) This snapshot could have been released as MirOS #11 if it were not for our release plans (so please consider it a new stable release, albeit one without intentions to release binary incremental security updates, but then, we can’t do so for #10 either, so you still win).

MirBSD/i386 is called MirOS BSD/i486 above. We might produce a MirOS BSD/i386 platform with user-space soft-float (like ARM), for a SoC device, if we want and have the time to play with such platforms. What is currently MirBSD/i386 requires an Intel 80486DX or compatible, such as a Cyrix 80486DLC (the one in nwt, see my wlog entries for details). Neither 80386 compatibles nor FPU-less systems will work with this release.
MirBSD/sparc is still compiled for v8 CPUs, with optimisation for HyperSPARC turned on. It is possible to compile your own variant for a v7 CPU (sun4 or sun4c system), though.

This Live CD comes with IceWM, Dillo 2 and a couple of other tools installed and partially preconfigured (you can even run MirBSD inside MirBSD, as qemu is shipped). Enjoy!

Update 02.11. – The /etc/rc shipped breaks pflogd(8) and hence spamlogd(8) – part of the spamd(8) suite – please update this file from the etc10.ngz set manually to cvs(1) revision 1.107 if you are running a spamfilter scenario. Our apologies.

Update 08.11. – Append the following line: CHARACTER_SET:utf-8 to /etc/lynx.cfg or re-enable locale-based charset setting.

Allerheiligen 2009-11-01

Once this release is done, I will create a cpio-with-crc-ball of the CVS repository again, for initial extraction purposes, to speed up an rsync mirror process. It will be available from our usual web mirrors. (Link)

You can also pull /cvs directly, and /MirOS and /Pkgs. We plan to make all distfiles used to build MirPorts packages available as well, but currently lack disc space on some of the boxen involved (they are still usually available from the original mirrors, as well as on request directly from bsiegert@/tg@, plus we fully intend on making binary packages the viable option).

New MirMake (mandatory update)

20.10.2009 by tg@
Tags: bug mksh

Due to a bug mksh fixed after inheriting it from pdksh via OpenBSD ksh (oksh), which probably got it from AT&T ksh88 (ksh93 exhibits the correct behaviour, as does posh), coupled with the unfortunate lines

	CC=${CC:Q} ${MKDEP_SH} -a ${MKDEP} ${CFLAGS:M-[ID]*} \
	    ${CPPFLAGS} $$files; \

in <bsd.dep.mk, where ${MKDEP} can be the mkdep(1) option -p as well as additional CPPFLAGS like -I... (which I actually found in our tree), you absolutely must upgrade your MirMake package, as well as mkdep(1) in the base system, before upgrading to mksh-20091015 or newer. (Note that R40, which will carry the breaking fix, has not been released yet, but FreeWRT uses an mksh-current snapshot bearing it with still major 39 enacted.) It is actually pretty hard to work around, see the mkdep source code for details. There are basically two things to take care of:

  • For each x in getopts "...x..." c, make sure you not only case (x) ... ;; but also either case (+x) ... ;; or have a (*) ... ;; default trailing block, because mksh(1) getopts will also catch foo -x +y -z sanely. This is, in contrast to oksh, not disablable with a shell option.
  • If you case (\?) cmds ;; (either explicitly or via a default block), special rules apply: if you do anything other than exiting from there (e.g. via usage), $OPTIND will differ: newer shells count this option, olders don't.

The new distfile {RMD160 (/MirOS/dist/mir/make/mirmake-20091020.cpio.gz) = b9ac1258bc66b3d0d63537cc82d02c91408d1ba8} has been uploaded for your convenience already and will be integrated (after testing) into both The MirPorts Framework and FreeWRT as soon as we get to it, probably tomorrow.

Website has been unavailable, fixed

07.09.2009 by tg@
Tags: bug

We would like to apologise for the unavailability of our main website, and in general HTTPS access to everything hosted on eurynome, during today, Monday. It turns out that our hoster accidentally botched up a Linux netfilter prerouting table at about Sunday 01:00 UTC (i.e. Saturday evening, way past midnight, local time) affecting the IPv4 address set aside for eurynome. We believe IPv6 services were not affected. Our hoster would like to apologise and comment that he is, after all, a human being as well.

Please note that X.509v3 SSL certificate validation will have prevented you from connecting to the wrong server, as this ended up like a MITM (man-in-the-middle) attack.

MirOS bsd4me – Sane OS on netboot.me ☺

30.08.2009 by tg@
Tags: news snapshot

Christian Hofstaedtler «ch:#grml» pointed me to an article about netboot.me, a service providing bootable Live and Install variants of some OSes over the Internet (via gPXE and HTTP transport, mostly). They offer a bootable floppy/disc, USB stick, and El Torito ISO image. One gets a graphical menu if not careful, out of which there is no escape, and which isn’t compatible with most graphics cards, but if ^B is pressed quickly enough, there will be a usable command line.

An experimental MirOS bsd4me bootable image is available as well:

gPXE> autoboot
gPXE> chain http://netboot.me/2032

This will be loaded via plain, unencrypted HTTP from our main webserver. It’s the usual <5 MiB Mini-ISO for the i386 architecture and contains a full installer, as well as e3 and tinyirc known from MirOS bsd4grml. Source code of the GPL’d parts and overall licencing information is also included inside the ISO image. Please remember this is for beta testing only. We do not support MEMDISK boot methods with our second stage boot(8/i386) loader, as these are not reliable.

On an unrelated side note: dutch Windows XP Professional is weird. Translations were laughed at by several dutch-speaking people in the mksh IRC channel, but I was able to disable Blåtand on “blau” (the new IBM X40, successor of “bleu”). And it works!

A more related side note: when virtualising MirBSD, do not use VirtualBox. If you do have Vanderpool/Pacifica available and enabled, both the OSE and the full edition may be viable, but kvm is the better option. If VT-x/HVM is not used, it does not emulate the i386 architecture properly. Use qemu, kqemu, kvm, bochs, VMware Server 2 (not 1 – timekeeping is broken in there), Microsoft® VirtualPC 2004, Parallels Desktop, VMware Fusion for Macintosh, … instead.

Tonight and the last few days have seen several releases of things like MirMake, the package tools, etc. You might want to upgrade your MirPorts Framework checkout. (We now have enough Lua tools to access the Simtec eKey, I just need to order one. We’re currently at 2¾ interested people, not quite enough to make sense.)

arandom(4) is a high quality SRNG (stretched RNG). It passes these test suites quite well on bleu (IBM X40, without TPM support). I also took 128 MiB samples from the same /dev/arandom, as well as from tear (Via C7), herc (P-233MMX), ss5, eurynome. The results are similar to each other (some of the tests rewind the input file a lot of times, so there are of course differences to the test using the arandom(4) stream directly – but the results are as good as can be expected, and tests that happen to fail (which is expected too, as it’s random after all) pass quite well with other runs). Another 128 MiB snippet of the TPM output looks to be as good as the arandom one, which doesn’t infer that it’s a TRNG, but it’ll at least help; the C7 xstore-rng output however looks rather bad in some tests (such as the Chi square test); apparently, the kernel initialises it with not optimum values (which may even be correct, as we use the RNG from kernel space, so a bias doesn’t matter, whereas Von Neumann bias correction would eat up very many bits; additionally, it’s designed to work from VIA C3 onwards).

I think the Entropy Key will have even better results. It’s still a thermal noise (or Johnson noise?) type, not a “real” QRNG (using photons and a mirror, or radioactive material and a Geiger counter), unless the one from fourmilab.ch (I’d insert a link here, but John Walker’s site appears to be down). Personally, I use the use-many-sources and mix approach, getting “best” entropy from external sources, including fourmilab’s (via https), “good” from myself (VIA C7, IBM TPM, soon eKey); “medium”, “regular” and “bad” from myself, where most of these are non-interceptible – the RANDOM.SYS for DOS author says every bit counts, and I think so too. cprng(8) is an example of “medium” (or “bad” if you lack the appropriate hardware) source; keyboard/mouse are “regular”, disc/net I/O are “bad” but available. The four-pool mixing helps, and the results show. Hell, even nwt has good entropy. And the RANDEX protocol helps some, too. Untrusted, but potentially good bits; wrandom(4) pool.

Karolina Lesińska writes: “We have placed the first 3 issue of BSDmagazine on our website as free downloads. The issues are:

  1. FreeBSD Ins & Outs
  2. OpenBSD in the Limelight
  3. Explore NetBSD

“The link is: http://bsdmag.org/prt/view/pdf-articles.html

My comment: The BSD magazine is a rather interesting piece of print, which already carried a small article about MirBSD. We have, I admit, been offered to write more which would get published, but, I am ashamed, haven’t quite gotten around to doing so.

Today, it's only been 29°C, and I died. What will I do tomorrow, where it is supposed to climb up to 35°C over today's 32°C?

ext2fs support unbroken in -current

09.08.2009 by tg@
Tags: bug

MirOS #10uAA addresses the mount_ext2fs(8) bug mentioned in an advisory: the symlink(7) bug was fixed by pulling up more recent code from OpenBSD, and 256 byte inode support works as well (other sizes may or may not work; support is only barely tested).

We now also have a wake(8) utility courtesy of Marc Balmer from OpenBSD, no ÆrieBSD, no NetBSD® to Wake-on-LAN other computers.

I took the weekend to release a couple of things… MirBSD™ base code stuff and base releases (printf.c for mksh in Debian; arc4random.c for Win32 and other non-BSD OSes, now with a HKCU key used in addition to the HKLM seed key which may not be writable; MirMake; MirPorts Package Tools; mirdate – rdate(8)), jupp, mksh including a new PDF manpage, KWalletCLI, and the RANDEX plugin for XChat (Win32, BSD and *nix). I also prepared for the inclusion of more Debian source packages in my CVS “home subtree” and creation of SRPMs for more software (not in CVS though). I cleaned up the mess that were the X11 dist sets in base, cleaned up compiler warnings on half a dozen or more platforms in several parts of the code, fixed bugs in a lot of subprojects, integrated things better, updated the BSD::arc4random MirPort as well as TinyIRC, MirSirc, the irssi and XChat RANDEX plugins to include better version reporting and, for XChat, seedfile support and better responsibility. Now all I need to do is build more binaries and ports (DEB RPM OpenBSD FreeWRT etc.) of the subprojects, update Lynx in base and ports (there is a new major release out, even), update MirGRML, fix the HDD in my sparc, compile stuff, … you see I’m busy.

Here’s a “checksum and link collection” for today’s finest:

  • Simple CVS file drops
  • RMD160 (printf.c.1.10) = 8e8b88401a04474db973be07540a79b129919ff5
  • TIGER (printf.c.1.10) = 3cec4bc24074e88c7889143d19f7659ced17482115ea5afb
  • 3098389975 10575 /MirOS/dist/hosted/other/printf.c.1.10
  • MD5 (printf.c.1.10) = d09ae97aebac104f834d3d3ddd1702ca
  • RMD160 (arc4random.c.1.16) = b0caa3509d2cade6d86cb2c13e6b8817ced2d9a9
  • TIGER (arc4random.c.1.16) = ef6d7a281d451e28434b0e003990eebb47edd0cd4d899fd1
  • 2199066621 12558 /MirOS/dist/hosted/other/arc4random.c.1.16
  • MD5 (arc4random.c.1.16) = e8376a9b51c0ce08f5ed20722b05cad3
  • Simple subproject checkouts
  • RMD160 (mirmake-20090801.cpio.gz) = 79e0d15aab4c7a05690e66769c12dbeb3d99daa1
  • TIGER (mirmake-20090801.cpio.gz) = 2c6642b9515f38e736386945e72c06f402134ebf898613de
  • 788720631 372063 /MirOS/dist/mir/make/mirmake-20090801.cpio.gz
  • MD5 (mirmake-20090801.cpio.gz) = 47c63503210054d86db80040474f1f71
  • RMD160 (pkgtools-20090801.mcz) = 482dcf4b915a10bb6b76859f0c1755b67d6343bb
  • TIGER (pkgtools-20090801.mcz) = 3a622ac3c895c4af9df719dd30cfd3fe45e6d719cc34db5e
  • 2864495035 180188 /MirOS/dist/mir/pkgtools/pkgtools-20090801.mcz
  • MD5 (pkgtools-20090801.mcz) = 87378c95bde1c219d4a09e6bb8ccb897
  • RMD160 (rdate-20090802.tar.gz) = abac9ae8a08ac566d6c0396d39cd5d2cd724f7b0
  • TIGER (rdate-20090802.tar.gz) = f38a164e9d77412203349f79e8033c413335dd6f43a5cbf5
  • 3840714105 11987 /MirOS/dist/mir/rdate/rdate-20090802.tar.gz
  • MD5 (rdate-20090802.tar.gz) = a8fa4550b5a77cff6db1ed0a9d8aa357
  • JUPP (including Win32 binary)
  • PDF manpage
  • HTML manpage
  • RMD160 (joe-3.1jupp11.cpio.gz) = 7ade55cb8511600b3a9d77f37bc581b2d09ab2aa
  • TIGER (joe-3.1jupp11.cpio.gz) = b7bb4aa464b705e697ab2a52ad75fc8755a5817bfb83e09a
  • 805235529 419484 /MirOS/dist/jupp/joe-3.1jupp11.cpio.gz
  • MD5 (joe-3.1jupp11.cpio.gz) = 1e2f21a6fdebe678b125e96806267f33
  • RMD160 (JWIN31B.EXE) = f9eb9f6b3bd2a1bb5874e36d2dcc6dbdaabf75cc
  • TIGER (JWIN31B.EXE) = 771461b752114978ed64f67c01e3ef22a9a9cdf76fda6b11
  • 674256238 948176 /MirOS/dist/jupp/JWIN31B.EXE
  • MD5 (JWIN31B.EXE) = b2d3f1044221fdea76f15621e94e1ae4
  • mksh (including Cygwin package)
  • PDF manpage
  • RMD160 (mksh-R39.cpio.gz) = 5a5bcbe288e722f9772e27d2fdc36eee174bbb7b
  • TIGER (mksh-R39.cpio.gz) = 2a2c08ccf5e27365aa652663629789ade93b3d30c0d1d51f
  • 4103085544 278476 /MirOS/dist/mir/mksh/mksh-R39.cpio.gz
  • MD5 (mksh-R39.cpio.gz) = b2eeb4fe4ccac2704e1440e53cd2672c
  • RMD160 (mksh-39.1-cygwin.tgz) = 0cecd4ffb72f2d51a5c935da58e67350fab10e81
  • TIGER (mksh-39.1-cygwin.tgz) = 3157abadc40696bcb8df1d3574df571b728bef3d4d2ac2f2
  • 2818578374 144625 mksh R39 for Cygwin
  • MD5 (mksh-39.1-cygwin.tgz) = ca949841e39721be666e6a82803e7769
  • KWalletCLI
  • RMD160 (kwalletcli-1.00.tar.gz) = f04ebd39e9714212a915b6d7d4524c8cc2daaee7
  • TIGER (kwalletcli-1.00.tar.gz) = 0fc673c0c813608f0f0d863dfd924a6d62a8507c7bdf361b
  • 2355082724 11524 /MirOS/dist/hosted/kwalletcli/kwalletcli-1.00.tar.gz
  • MD5 (kwalletcli-1.00.tar.gz) = 76ef3c1d611a11ea13dc805d67d82208
  • RANDEX plugin for XChar (including Win32 binary)
  • RMD160 (xchat-randex-1.10.tar.gz) = fd61babbf4e5189f69dae8eb664ee2780433bf4b
  • TIGER (xchat-randex-1.10.tar.gz) = 6bd888b157fcd931e54b71e9778950cbfa675ae6b784ddd5
  • 2651117045 8702 /MirOS/dist/hosted/xchat-randex/xchat-randex-1.10.tar.gz
  • MD5 (xchat-randex-1.10.tar.gz) = d1585c5fae3ee531deeffc8314910553
  • RMD160 (randex.dll.gz.1.10) = a4aaa67cfdad1f9a1bcdc3eea797aff3a30703c4
  • TIGER (randex.dll.gz.1.10) = 55b2dcd7d790d28944d7424121cf5c6d4d386a99751fb556
  • 972086546 23998 /MirOS/dist/hosted/xchat-randex/randex.dll.gz.1.10
  • MD5 (randex.dll.gz.1.10) = 793ce548256efc6a23f7a37dde9215a2

An observation… mksh “print $RANDOM” on Cygwin is very slow, and the HKCU seed changes each time. This should be debugged, it shan’t unless RANDOM is being written to or 400k calls are done.

jupp development has been split into two active development lines: jupp for DOS (based on joe 2.8) and jupp for Unix (based on joe 3.x).

There are binaries for both DOS (jupp for DOS) and Win32 (jupp for Unix, via Cygwin) available.

The jupp for DOS development line incorporates only minor patches relative to the original source code (it wasn’t that buggy as the sourceforge development made the code later…) and a jupprc file tuned for it but feature-complete with joe-3.1jupp10’s one.

The jupp for Unix development line incorporates all of the very extensive patches to the binary, and an enriched jupprc with, due to popular demand, syntax highlighting enabled by default – even though I still loathe it personally, and feel with Rob Pike when he questions the use of pretty printers. It will also try to correctly guess CR-LF vs LF-only line endings, indentation, and terminal colour. Furthermore, the language selection of the jupp flavour is now en par with that of the joe flavour, and the Python variants honour the standard coding style of theirs (needed that by the third quarter of last year, remember?). Autoindent is still off, by default, though – with reason.

Now give it a try. Hint: ^J (Ctrl-J) invokes the help.

All 1 2 3 4 5 6 7 8 9 10 11 12

MirOS Logo