MirOS News

Sponsored by
HostEurope Logo

MirOS News

All 1 2 3 4 5 6 7 8 9 10 11 12

“CPAN is the host for hundreds of Perl modules. Creating ports for these modules is often trivial but may still take some time. cpan2port is a new utility available in MirPorts, the MirOS ports framework, designed to facilitate this task. It should be easily adaptable for other platforms, e.g. pkgsrc®.

“The aim of this talk is to present the implementation and practical usage of the utility. Interested developers from other BSD projects are very welcome, some hints for porting the tool will be given.”

The slides for bsiegert@'s talk at FOSDEM 2009 are now available on slideshare. Please note they require a Macrobe Flash player.

MirOS-current (post FOSDEM) heads-up

09.02.2009 by tg@
Tags: security snapshot

Note: the /etc/security daily cronjob has been adjusted to no longer warn about empty passwords for the anoncvs and anonrsync users: “anoncvs”, “_anoncvs”, “rsync”, “_rsync”, and by chance, “__anoncvs” and other versions with more underscores, too.

Due to bug-hiding circumstances, this problem was only identified during FOSDEM Sunday afternoon. The first stage boot loader would overwrite itself trying to load the second stage boot loader, due to them sharing the same 16-bit (64 KiB) segment after the workaround for the Parallels bug. installboot(8/i386) would pass the sectors covered by filesystem blocks, which amounts up to multiples of 8 or 16 KiB, even though the last block was not entirely filled. Fix is to do bounds checking in the assembly code at boot time.

An updated fixes dist set is available for people doing a network installation anyway, or to extract later with
$ cd /
$ sudo tar xzphvvf /path/to/fixes10.ngz

If you do a CD installation, you have to do the following steps:

Location of sets? (cd disk ftp http shttp nfs or 'done') [done] shttp
HTTP/FTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] «Enter»
Server? (IP address, hostname or 'done') www.mirbsd.org
Server directory? [v10/i386] MirOS/current/older/i386



Set name? (or 'done') […] *

        [X] bsd
        [X] fixes10.ngz
Set name? (or 'done') […] done
Ready to install sets? [yes] «Enter»
 

This sequence will add the fixes set from network after finishing a disc installation, before the installboot(8/i386) part is run. Of course, you can substitute shttp with http too or specify a proxy to use.

If you have already installed, follow the above mentioned tar command to unpack the fixes set (in /mnt if you are still in the installer), then use the command:
$ sudo /usr/mdec/installboot -v /boot /usr/mdec/bootxx wd0
# /mnt/usr/mdec/installboot -v /mnt/boot /mnt/usr/mdec/bootxx sd0
(wd0 or sd0 depending on which is your root disc; the second line is for within the installer)

My (tg@) sincerest apologies for this bug, which was introduced during the Parallels Desktop BIOS bug workaround’s creation. Remember, if you already have an (unbootable) installation, you can do all this by booting from the CD again (into the installer/rescue kernel).

Update 11.04: changed link to fixes10.ngz to new location, now that a new snapshot is up.

Benny, read below before killing me.

AH=41h INT 13h is a function with which one can ask a BIOS if it supports LBA on a specific drive or not. The El Torito bootable CDs only function with LBA (EDD). A gzipped LBA test ISO is available for you to check your BIOS against it; I had not yet come across one which does not report it correctly.

Our new bootloader, instead of having separate copies for network boot, CD-ROMs, floppies and hard discs, asks the BIOS what type drive it is running on (both first and second stage). If we were to remove the check if LBA is supported on the boot drive from the first stage bootloader (the PBR, bootxx), it would no longer work on MFM HDDs, floppies, etc; besides, the second stage boot(8/i386) loader is still using it to distinguish CDs from hard discs.

Anyway: the Parallels BIOS fails the EDD installation check and, as such, does not conform to the El Torito standard. Our new bootloader just happens to expose that problem – try the ISO for yourself…

We hereby cease to support working around the brokenness in order to use one unified second stage boot(8) loader per platform for both local (HDD, CD) and network boot. Parallels should fix their BIOS.

As workaround you can make use of the functionality that MirOS ISOs can be dd(1)d to a hard disc and run from there. Just enter it as an additional hard disc drive instead of CD-ROM drive. Or use netboot (load b_i386.ldr and the bsd.rd kernel).

Update 31.01: tg@ has hacked a workaround – reporting this bug to Parallels is still recommended though.

It has come to our attention that a good share of the available binary packages for the last stable version have actually been accidentally built against a (very old) version of MirOS #10-current, thus demanding slightly newer libraries. We estimate this problem being resolved when the next batch of binary packages for #10-stable is built, although there is none scheduled as of yet, and a run for #10-current will probablt precede it. Sorry about that.

An analysis of the code in question however shows that it is almost certain to be safe – for the purpose of running the aforementioned binary packages only – to rename libc.so.41.0 to libc.so.41.1 to quell the warning encountered (or one of them, possibly, but the most frequent one at that). The addition of functions was almost certainly not relevant for MirPorts use.

We apologise about the inconvenience. If you run into any problems, please contact us on IRC or via the mailing list.

08.01.2009 by tg@

Tags: security

MirOS-current has security fixes for xterm (CVE-2006-7236, CVE-2008-2383) and OpenSSL (CVE-2008-5077) and updating from CVS is recommended.

On unrelated news, ports/net/irssi/files/randex.pl, the Irssi plugin for the MirOS RANDEX protocol to exchange entropy over IRC, has been updated as well.

New allegiances for mksh & Co.

08.01.2009 by tg@
Tags: grml mksh snapshot

mksh formed new allegiances: the Beastiebox Project (10x hubertf@TNF for mentioning) has added mksh(1) today, and the latest project of CcSsNET, CcSsLIVE (broken link removed 20100916), will include it soonish as well. Nicely, he already links to MirBSD, for he sits in our IRC channel usually and is one of the sparc users.

The next version of grml GNU/Linux might very well come not just with mksh(1) (except grml-small), but also with bootbsd.com née boot(8/i386) and bsd.rd (a slightly “tuned” version with added e3 editor and sans the Install/Upgrade/Shell prompt). On the contrary, I’m toying with the idea of adding a ports/sysutils/pxegrub for local boot along with a slightly tuned (add mksh at the very least) on the DuaLive ISOs if I find we have the space. We’ll have to work out something, licence and GPL-source-requirement wise, but we’re positive this would work out well. Considering just how good of a rescue system our bsd.rd kernel is, already, and what added benefit a minimal pretty standard Live Linux may provide.

The second-stage boot(8/i386) loader has gained several interesting new features:

  • When called as DOS .com programme, it defaults to DL=80h because no actual drive is passed from the BIOS
  • When named boot.com it can be run as SYSLINUX (ISOLINUX, PXELINUX, EXTLINUX) module and boot any OpenBSD/i386 and MirBSD/i386 kernels from local filesystems supported
  • In addition to 4.2FFS and ISO 9660, the code to support the FAT12, FAT16, and FAT28 filesystems works and is enabled now, for both booting and the “ls” command
  • If a hard disc has no type 27h partition, the disklabel is searched using the superfloppy approach (i.e., LBA sector #1)
  • If no disklabel can be found, one is spoofed with a somewhat reasonable ‘c’ slice, the four MBR primary partitions as slices ‘d’, ‘e’, ‘f’ and ‘g’, and an ‘a’ slice spanning either the partition passed from DS:SI via SYSLINUX, the first non-empty MBR partition, or the entire disc
  • The new command “cat” allows you to display files from within the bootloader, lest they be accessible
  • The new command “machine label [hd0a]” dumps the disklabel
  • You can place more than one command on the same input line, because ‘`’ now acts the same as ‘\n’ in the command parser; this is useful for instance if the serial console is not accessible from the boot loader, but required for the kernel, and using a boot.cfg is no option

The /usr/mdec/mbrldr, /usr/mdec/mbrmgr and the MBR built in fdisk(8/i386) have been upgraded to pass the partition data in DS:SI (or junk if reading from FDD or whole HDD)

*smile* Now we just need to make our bootloader multiboot-compliant…

If you want to track MirOS-current, be aware that /usr/libexec/cpp changed and /usr/bin/cpp is gone; you must compile and install a new cpp first, then stuff like rpcgen(1) and lint(1), then remove the /usr/bin/cpp script.

Furthermore, the gcc-provided shared libraries and items have moved from /usr/lib to /usr/lib/gcc/OStriplet/3.4.6 which you should add to shlib_dirs in /etc/rc.conf.local until you have rebuilt everything (base system and ports). Both mgcc and llvm-gcc add appropriate DT_RPATH to programmes and shared objects compiled with them and use their own crtstuff; mircvs://src/lib/csu/ now provides crtstuff for use with pcc(!) instead.

Expect a new i386 snapshot some time soon; sparc snapshots are planned more for the long term but could be compiled on request (ETA one week).

The C Præprocessor, cpp(1), in MirOS-current has changed.

/usr/bin/cpp is henceforth deprecated in MirOS-current as well as in MirOS-stable; it’s a shell script (overhead!) to call either mcpp(1) or Reiser CCCP. It will be removed in MirOS-current ASAP.

/usr/bin/mcpp calls GNU cpp directly. Its manual page used to be called cpp(1) and is now called mcpp(1). Since we are going towards a multi compiler system, people are expected to use “${CC} -E” as C Præprocessor in the future, instead of relying on an external cpp binary, when compiling. A cpp binary will still be provided for the X(7) Windowing System and similar uses. /usr/bin/mcpp will be removed some time before MirOS #11

/usr/libexec/cpp used to be Reiser CCCP without a manual page. It is now pcc cpp(1) with a manual page.

ahoka@ came up with the idea of using the (much faster) pcc cpp over the (rather slow) GNU cpp for purposes like Xresources, xdm configuration files, etc. Reiser CCCP could be used too, but it’s lacking in terms of standards and features. However, pcc cpp is under the Caldera licence, and thus, the following text must be reproduced in this announcement. (It’s still much more free than GNU cpp.)

This product includes software developed or owned by Caldera International, Inc.

Technical issues: pcc cpp uses getopt(3) and, as such, has a command line syntax which is totally different from the CPP standard. It also pre-defines neither any macros nor include paths. Be warned, and expect some breakage until everything is sorted out.

The MirOS Licence is now, after quite some years, OSI approved, which not only implies an official certification that it conforms to the Open Source Definition, but also allows mksh to be advertised as “OSI Certified Open Source Software”™, and has other benefits, for example qualifying for being hosted by certain projects, or fulfilling certain gouvernment restrictions.

While there has always been cōnsensus that The MirOS Licence is DFSG and OSD and, recently, OKD conformant, only some lists actually included it – the OKFN was quick to do so, but while it qualifies as both Free Software and Free Documentation licence as per the FSF definition, they have yet to respond to my enquiry, and the OSI list has only been updated last night (and could use some UTF-8 fixing, or, in this case certainly better, a downgrade to the ASCII version dubbed the licence template initially).

Still we’re glad that the OSI, although not encouraging people to actually use the licence, given their stance on “licence proliferation”, has done this step. It would be the first approved “copycenter” (as per Marshall Kirk McKusick’s definition) style licence with EU jurisdiction in mind while remaining generally usable.

We are proud to announce the migration of the httpd(8) vhost www.mirbsd.org to eurynome, the VM already mentioned in the Developers’ Weblog. The MirOS website is now accessible via HTTPS (this includes downloads in a secure fashion), using IPv4 or IPv6. Due to no longer being hosted on a foreign operating system, operation should be much more smooth. CVSweb, AnonCVS and AnonRSYNC are now provided from a central place, and you can even retrieve the full website via rsync.

The links in the mirbsd.de Zope kindly hosted by waldi also have been changed to use SSL now.

All links to the 66h.42h.de domain have also been changed to point to mirbsd.de or mirbsd.org, as the latter is now under sort of our control, and the former being phased out to reduce the possible points of failure.

All 1 2 3 4 5 6 7 8 9 10 11 12

MirOS Logo