1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
ProteanOS Development Kit version 2.0.0
---------------------------------------
Released: 2019-04-27
This major new release of prokit has been in development since
2014-10-13. Major new features include automatic block device mounting;
new "prokit installer-pc" and "prokit mkinitramfs" commands; downloading
and storing gzip-compressed package feed index files; verifying package
feed index file signatures against a validated archive certificate; and
fetching lists of ProteanOS architectures, platforms, and archive
mirrors.
Security fix:
* An unsafe "eval" command has been fixed. Running prokit's "install"
command with an untrusted "root" directory argument, as in the shell
command `prokit install dev/trunk "root'; echo hello #"`, allows
arbitrary code execution. This is fixed by Git commit 1ce4ec3.
This is considered a low-impact vulnerability, because running
prokit's "install" command with untrusted arguments is an unlikely
use case.
New dependencies:
* prokit now requires OpenWrt's usign utility, which verifies ed25519
signatures compatible with OpenBSD's signify utility. An embedded
copy of usign is included, which additionally requires CMake to
build, or a system copy can be used instead.
* prokit now requires gunzip, either sfdisk or fdisk, mke2fs, cpio,
and xz from XZ Utils.
Command-line interface:
* "prokit install", "prokit shell", "prokit opkg", and "prokit build"
now accept either a block device file name or a directory name
(previously only accepting the latter). A block device is
automatically mounted and unmounted on a mount point managed by
prokit.
* A new "prokit installer-pc" command has been added to install a PC
system onto a block device.
* A new "prokit mkinitramfs" command has been added to generate an
initramfs containing an installed system.
System installation changes:
* A basic "/etc/group" file is now generated on ProteanOS systems.
* "prokit install" in the ProteanOS profile now only copies
"/etc/resolv.conf" and "/etc/hostname" from the host system if the
platform is "dev". It also now does not enable system services on
the "dev" platform. On other platforms, it enables services and
sets the hostname to "proteanos".
* A list of valid ProteanOS architectures and platforms is no longer
hardcoded. This list could become outdated between prokit versions
or even ProteanOS suites.
* A list of ProteanOS package archive mirrors is no longer hardcoded.
Instead, the list is fetched from the ProteanOS files site as
needed.
* ProteanOS package feed index files are now downloaded and stored in
gzip-compressed form.
* ProteanOS package feed index file signatures are now verified
against the archive certificate, which in turn is validated against
the root archive key.
Bug fixes:
* "prokit install" now only throws a "Directory ... exists" error if
the specified root directory is not empty.
* Two bugs related to gzip-compressed package feed index files have
been fixed.
Build system and code quality:
* The build system now links all shell objects into the prokit
executable instead of distributing shell modules that are linked
into prokit at run time.
* Git commit information is now shown in "prokit version" output and
manual pages if built from a Git repository.
* Various error conditions are now handled more cleanly.
* Uses of the non-portable "%s" date format conversion specifier and
"expr" command have been replaced.
* The test suite is now based around the TAP protocol.
* Code quality has been improved: eval commands are now safer against
mistakes in input validation/escaping, echo commands have been
replaced, errors are handled (making the shell "-e" option safe), an
obselescent [ (test) command option has been removed, and commands
are protected from variable arguments beginning with "-".
ProteanOS Development Kit version 1.1.0
---------------------------------------
Released: 2014-10-08
Changes in this release:
* The previously missing prokit-install(8) manual page is now
distributed and installed.
* Some logic of "prokit install" has been simplified as ProteanOS
packages now have the necessary data files and control fields.
* "prokit build" now parses substvars files without errors.
* The current working directory is bind mounted within the isolated
file system environment and used as the working directory for the
"prokit shell" and "prokit opkg" commands.
* Compatibility with older versions of opkbuild has been dropped.
Before running "prokit build", make sure your ProteanOS system has
version 3.0.0~beta6-1 or later of the opkbuild package.
* The list of mirrors has been updated. Thanks to Morten 'Jobbe'
Jakobsen for providing another mirror.
* Session management has been added to allow multiple instances of
prokit to run simultaneously. The first instance started will mount
the basic file systems, and the last instance exited will unmount
them. A mutex is used to eliminate race conditions on changes to
the sessions pool.
* Whitespace in arguments to "prokit shell" and "prokit build" is now
preserved.
* Signals are handled during active sessions with callbacks for the
"prokit opkg" and "prokit build" commands, to ensure that the
isolated file system environment is left in a clean state when a
signal like SIGINT (Ctrl+C) is received.
ProteanOS Development Kit version 1.0.0
---------------------------------------
Released: 2014-09-02
Changes in this release:
* A new "prokit opkg" command has been added.
* A new "prokit build" command has been added.
* "prokit shell" now accepts optional command arguments.
* Manual pages for prokit commands that require superuser privileges
have been moved to section 8.
ProteanOS Development Kit version 0.1.0
---------------------------------------
Released: 2014-08-26
This is the initial release of the ProteanOS Development Kit, in
development since 2013-10-22.
This is a preview release for testing, providing only the "install" and
"shell" action commands. Currently, prokit approximately matches
miniprokit in features, though the latter is still recommended for
normal use.
Copyright Information
---------------------
Copyright (C) 2014, 2015, 2019 Patrick McDermott
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved. This file is offered as-is,
without any warranty.
|