Skip to main content
Welcome guest. | Register | Login | Post

Back to business - The road to EasyLFS 0.5

It has been a bit more than half a year since I last did an installation of EasyLFS.
And although I do not have much time, having a baby at home really cuts into your PC-time (not that this would be a bad thing), I felt an itch that made me pick up where I left at the end of last year and start preparing the next steps.

There already is a short list of tools that I want to add to the next release, aside from updating existing packages to the latest versions.
As said, the list of additions (so far) is pretty short, so here it is:

  • bridge-utils
    To enable the user to set up virtual devices that work as bridges between devices. This for example is used quite a lot in virtualization, each VM gets it's own device and these are bundled into one device.
  • quota
    To limit the number of bytes and/or inodes a user/group can use on a partition.
  • gpm
    The mouse-server for the shell might be useful as EasyLFS does not include X.
  • cdrkit
    To enable the user to create CD-images and record CDs.
  • jwhois
    Because whois-queries sometimes can be useful.

All of those tools of course will be optional.

The changes made in the latest version of GCC, 4.3, require to more additions, GMP and MPFR, which of course will not be optional as they are required to make GCC work.

Updates of course include the upgrade to the latest kernel, GlibC 2.8, PAM 1.0 and the latest reference-policy for SELinux.

When will it be released? When it's ready! Work has just begun, and last time it already took quite a while, and that was still before the baby.

Comments

Today the first build of

 

Today the first build of the current development-version, 0.4.1, has been more or less successfully finished.
More or less because parted and thus also HAL did not compile, but as these are optional I decided to skip them.
A few scripts had to be updated to make things work. Udev doesn't bring udevstart anymore, thus I had to write a wrapper-script which emulates the behavior during installation and also in the InitRamFs used for system-boot.

I found a patch for parted already and from now on that should be solved. The next step will be moving on to 0.4.2, which will integrate the IP-Utils, which are supposed to replace the Inet-Utils, add libcap, for support of POSIX-capabilities (more about this in another post, probably tomorrow) and replace version 6.2 of the LFS-bootscripts with version 6.3.

0.4.3 is supposed to upgrade all the rest of the current packages, as currently not all used packages have been checked for updates yet. Also that version will probably include the new packages listed in the first post. If not this will be done in 0.4.4.

Afterwards I will probably start working on the security-features, which means the new reference policy for SELinux and trying to get rid of the SUID-bit by replacing it with POSIX-capabilities..

Okay, there's been a slight

 

Okay, there's been a slight change of plans.
Today I have been looking for new version of the so far unchecked packages. I'm through the whole list now and downloaded quite some packages that new updating. These packages for example include HAL, PartImage and Bind, to name just a few.

At first I planned a small step to 0.4.2, but as this step (just integrating the IP-Utils and updating the bootscripts) seems too small I decided to add the step of 0.4.3 to it, updating all packages.
Right now I'm running another test-build of 0.4.1, which includes the patches created last time. That way I should get confirmation if the current state works or not.
As it should work I will then be able to move on towards 0.4.2, which will see upgrades of all packages where upgrades are available, and the integration of the IP-Utils, as replacement of the InetUtils.

The new packages will then be added for 0.4.3.

Afterwards the distro will be more or less finished, except for the SELinux-policy, which like before probably will consume a lot of work and time. But as I am now a bit more experienced with this work I think it should be finished faster than before.

In addition to the SELinux-policy I will also try to get rid of the SUID-bit and replace them with POSIX-capabilities. (yes, I still have to write the post about this...).

Also testing will need to be done for the 64-bit-version, as currently all the work I'm doing is 32-bit. But I don't expect any big problems.

After 0.4.3 there will probably be one release for the migration away from SUID towards POSIX-capabilities, and after that there might be other releases, depending on what I found still needs to be done, or in case I find new features I want to add.

Okay, yesterday has seen

 

Okay, yesterday has seen the first complete test-build of 0.4.2.
During that build a few problems have been discovered (mostly small stuff) and resolved, so that the current state is a (mostly?) stable 0.4.2. As said, this update has seen the updates of a lot of packages, including big stuff like RPM.

So, I now have a "fully" (I didn't compile the complete GCC and the system has no SELinux-support) installed system and so far everything runs quite nicely.
I have been trying around a bit with the capabilities, but without success. Will have to see what's the trouble. The kernel should support it.

Just played around with it some more (yes, between the last paragraph and this there's a gap of about 1 hour) and now I seem to be making progress, which is nice. Don't know the exact reason yet though.

Well, I'll be moving on toward 0.4.3 now (but not tonight), which is adding all the hot new stuff. In the meantime I have also added 2 or 3 more packages to the list of packages to add, mostly for better support for HAL.

Okay, it's 2:30 in the

 

Okay, it's 2:30 in the morning and actually I should be sleeping, but hey, I got work to do...

I have progressed now to 0.4.3. Scripts have been written, archives have been downloaded and moved around, and this weekend it'll be time to test.
I am quite confident that this test should run smoothly, as I compiled all packages on the current 0.4.2-installation already to check out config-options and stuff like that.

There's also been a few additions to the new packages, PolicyKit now is there too. HAL has it as optional dependency, and I guess it can't hurt (it comes with a PAM-module, so it might hurt if wrongly configured... ;-) ).

During my everlasting strive for more security also one more thing will change with the next release. Up to now passwords were stored as MD5-hashes, as it still seems to be quite common. The next version of EasyLFS will store passwords as SHA512-hashes, which are quite a bit longer and thus more secure.

My work with POSIX-capabilities also brought a little light into the dark areas of security, but there still is some work to do before I really understand what I need to do for this.
Anyway, security-features will start trickling in with 0.4.4.

Some time in between I will probably start testing the current state with 64 bits, and I also need to redo the kernel-config (which always is big fun, as I provide one basic config and then lots of patches that are applied based on the configuration); well, the new kernel runs with the old config, so currently I'm still fine.

Then I also should start working on the new LiveCD, as it's important that the system can build itself. All current builds of the development-version have been done from a modified 0.4-CD. Modified means that I added a module containing MPFR and GMP, as these are required for the new GCC.
That means dissecting the current version of the Live-Scripts, more kernel-configuration, patching and other funny activities.

If anybody still has any ideas for features and/or packages that could be included, feel free to post or PM (better post, I like keeping this development-process public).
Better sooner than later, this time I might actually decide to call feature-/version-freeze once a certain level is reached (not sure about that though; after all, I want to deliver fresh software).

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.