We are proud to announce the migration of the httpd(8) vhost www.mirbsd.org to eurynome, the VM already mentioned in the Developers’ Weblog. The MirOS website is now accessible via HTTPS (this includes downloads in a secure fashion), using IPv4 or IPv6. Due to no longer being hosted on a foreign operating system, operation should be much more smooth. CVSweb, AnonCVS and AnonRSYNC are now provided from a central place, and you can even retrieve the full website via rsync.
The links in the mirbsd.de Zope kindly hosted by waldi also have been changed to use SSL now.
All links to the 66h.42h.de domain have also been changed to point to mirbsd.de or mirbsd.org, as the latter is now under sort of our control, and the former being phased out to reduce the possible points of failure.
The 2008-11-06 snapshot of MirOS BSD/i386 #10-current has been released as a new-style dualive CD image (BaseLive + Install CD for i386, Install CD for sparc, build logs) on the usual BitTorrent tracker, multi-tracked with a major BT site for these who pick it up there.
Today, a new snapshot of MirOS-current has been uploaded into the NetInstall area. The cdrom10.iso image is, as usually, a manifold-boot ISO 9660 filesystem which starts on i386 via El Torito, on i386 via MBR (if dd(1)’d onto a hard disc, USB stick, CompactFlash card, etc.), and on sparc via OpenBOOT. It also contains floppy images for i386 (one normal and three for serial console at COM1/tty00 at 9600, 38400 and 115200 bps, 8N1) and sparc. There are also CD images for serial console boot with the same parametres.
The MirPorts Framework snapshot, ports10.ngz, has also been updated. Note that we are still seeking port maintainers (our current policy is to update ports we use, which are often used, or we notice, or these someone asks us to, because we are understaffed), as well as people who use the MirPorts Framework on MidnightBSD and OpenBSD (and, to a lesser extend, Mac OSX). Furthermore, the pkgsrc10.ngz snapshot has been untouched since July 2007; if someone would like to improve the situation, for example by talking to the pkgsrc® developers responsible for stalling the integration, talk to ahoka@ (replaced in IRC).
This snapshot does not come as a DuaLive CD due to issues with both J�rg Schilling’s mkisofs(8), which has since been removed from the base system source tree, and NetBSD® makefs(8). However, we are trying to solve these and will produce one as soon as possible.
As of now, there are no binary packages compiled specifically for this snapshot; however, binary packages for older snapshots and even MirOS #10 RELEASE generally work.
RMD160 (paxmirabilis-20081030.cpio.gz) = 34c9a5913c9e69c8451d27d6ceeaa07cce6d3fef
Everyone who has been using the portable version of the MirBSD cpio(1), pax(1), tar(1) combined utility should upgrade, as the new version not only allows the executables to be called, for example, mirtar (to avoid breaking tools such as dpkg-source and lintian when they are in the $PATH), but also contains fixes regarding certain types of broken archives, such as these found in the Fedora Core 4 RPMs, which do not store the data content of hard-linked files packed with the first archive member but a later (the last). Furthermore, the ‘-v’ option may now be given multiple times to the cpio and pax, not only tar, frontend.
paxmirabilis is used, among others, in MirOS BSD, the MirPorts Framework, FreeWRT Embedded GNU/Linux ADK.
- Digital UNIX (DEC OSF/1) V2.0 (MIPS) is now supported using the DEC C and ucode toolchain. (We could not run the testsuite, though.)
- The ‘-Q’ option to Build.sh is gone without replacement.
- A new option can be enabled by adding -DMKSH_BINSHREDUCED to $CPPFLAGS, intended mostly for Debian. This option adds extra code to determine whether mksh(1) is called as sh or -sh and switch to “set -o posix” mode if so, disabling brace expansion and some security features, because legacy scripts, such as debconf, depend on such reduced functionality /bin/shs.
- Input lines beginning with an IFS character of IFS white space are no longer pushed into the history. Some other, less surprising, changes were also made to both Emacs and Vi command line editing modes.
- The arc4random.c contributed file is now stored with the RCS version number appended, and has been updated.
This is a major update with improved stability and compatibility, and as such recommended in general. It has undergone more extensive testing than mksh R35; if there still be bugs, please report to us. Note that some sorts of behaviour are not considered bugs but expected, sometimes due to historical, sometimes compatibility reasons.
Request for Assistance: We are still looking for an OpenBSD committer to import mksh into the ports tree. Furthermore, a Slackware GNU/Linux package is still missing, as well as a PC-BSD PBI, and Macports (former Darwinports) do not carry mksh either. My earlier Minix 3 problem persists, as do the Plan 9 and Syllable Desktop ones.
The following bugs are known in the MirOS #10-current snapshot, dated 2008-07-22:
- The user shell for the default “live” user is /usr/dbin/mksh, which however has been optimised away. This is a bug in the production of this one snapshot and easy to fix in future issues. Workaround: while the rc.netselect script runs, choose ‘9’ to escape to a shell, and change the “live” user’s shell using vipw(8) – chsh -s /bin/mksh live might also work, but has not been tested.
- Running “startx” does not work because /usr/X11R6/bin/X is no symbolic link but a copy of the XFree86® server itself (on other baselive CDs it was a hard link instead of a copy; the change is due to production differences, but both break startx(1) and xinit(1)). Workaround is to use xdm(1) instead or try: startx -- /usr/X11R6/bin/XFree86 :0
- The X11 server may not switch to graphics mode on the ALIX.1c board.
We apologise for the inconvenience caused, and will try to solve these issues in the next development snapshot.
The MirOS Project will show up with both developers to run a booth at FrOSCon; we will be giving away Live CDs (either #10-stable or #10-current) and flyers. You will be able to meet us and a few helpers (known from IRC and mailing lists) there, chat about mksh, have a beer, fun, whatever.
This year, one of the two XFree86® developers will also attend; you can probably meet him at our booth.
The 2008-07-22 snapshot of MirOS BSD/i386 #10-current has been released as a new-style dualive CD image (BaseLive + Install CD for i386, Install CD for sparc, build logs, a selected few binary packages and their distfiles, but nothing fancy) on the usual BitTorrent tracker, multi-tracked with a major BT site for these who pick it up there.
It's also available for NetInstall on both architectures. Note that /MirOS/ has been cleaned up a little: some old NetInstall or upgrade packages are removed.
The MirBSD Korn Shell R35 has just been released; as per the Changelog this is a major update with some bugfixes, a lot of new features, and licence simplification (the advertising clause is gone). This version was not tested on AIX, BSD/OS, Interix, IRIX, GNU/kFreeBSD, UWIN, the Intel compiler, but we expect no regressions on these platforms either. New supported platforms include dietlibc, LLVM. Platforms already working continue to be MirOS BSD, DragonFly BSD, FreeBSD, MidnightBSD, NetBSD, OpenBSD, DEC ULTRIX, Mac OSX, HP Tru64, HP-UX, Solaris, Debian GNU/HURD, Cygwin, and various GNU/Linux systems; using gcc, pcc, SUNWcc, llvm-gcc, Compaq C, HP aCC, TenDRA; on a variety of hardware architectures.
Update 18.07.2008 – mksh R35b is out, with major bug fixes, read the changelog.
As mentioned on the Downloads page, the naming scheme of the anoncvs mirrors changed. We now have:
- master system, restricted access, ssh, rsync + cvs:
- offering: /MirOS /Pkgs /cvs /ncvs /ocvs
- firstname.lastname@example.org (private, IPv4 + IPv6)
- email@example.com (private, IPv4 + IPv6)
- primary mirror, ssh, rsync + cvs, currently the same as 2.anoncvs:
- firstname.lastname@example.org (public, IPv4 + IPv6)
- email@example.com (public, IPv4 only)
- firstname.lastname@example.org (public, IPv6 only)
- hephaistos (unixforge.de), Germany, ssh, rsync + cvs:
- ‣ sshd(8) [old broken link removed] host keys
- offering: /MirOS /Pkgs /cvs
- email@example.com (public, IPv4 + IPv6)
- firstname.lastname@example.org (public, IPv4 only)
- email@example.com (public, IPv6 only)
- eurynome (VMware instance), Germany, ssh, rsync + cvs:
- ‣ sshd(8) [old broken link removed] host key
- offering: /MirOS /Pkgs /cvs (/Distfiles /www not yet)
- firstname.lastname@example.org (public, IPv4 + IPv6)
- email@example.com (public, IPv4 only)
- firstname.lastname@example.org (public, IPv6 only)
- allbsd.org, Japan, IPv4 + IPv6, rsync only:
- offering: /MirOS /cvs
- rsync://rsync.allbsd.org/miros-cvs/ = /cvs
- rsync://rsync.allbsd.org/miros-ftp/ = /MirOS
We are in the process of setting up eurynome (see above) to take over most functions from www.mirbsd.org and mirror everything, but, as this is a new system and VMware has issues, this will probably take a while. However, all data should be available from some place anytime.
Update 20.07.2008: moved SSH host keys from this page, to keep width inside some reasonable bounds, 10x gecko2@ for noticing in MobileSafari
The CVE-2008-1447 does not, according to various sources, affect systems that randomise their source port. MirOS libc’s integrated resolver, according to some OpenBSD developers, does this, as does DJBDNS. The net/bind mirport is affected, but by using pf(4) to NAT yourself (thanks to Vutral for the suggestion), you can randomise these ports too. According to RUS-CERT, only using DNSSEC is a fix… I wonder if this is truth or advertising for a technique without wide-spread use.
The fixes10.ngz set, of course gzsig(1)d, contains an updated mksh binary and dot.mkshrc as well as /.profile (root) and /etc/profile (user) files, which speed up logins, as well as an updated /etc/ssh/ssh_known_hosts file. It can be directly applied from the installer, or untarred in / (do not forget the 'h' and 'p' options to tar(1)). Note that this will overwrite any existing changes to these files:
Use this for integrity checking:
RMD160 (fixes10.ngz) = 6c85c3e8eb4a5046b5b45373a0996cee2a3208b7