summaryrefslogtreecommitdiffstats
path: root/NEWS
blob: f49acef999c4fa7e57ff5828ab9bf696be6137cb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
ProteanOS Development Kit version 2.0.1
---------------------------------------

Released: ????-??-??

Bug fixes and minor changes:

  * An expansion of an undefined variable in a function called during
    "prokit build" has been fixed.
  * opkg-cert (executed by "prokit install" and "prokit installer-pc")
    no longer prints a wrong and confusing "Clock incorrect" message
    after the "Invalid certificate" message when a mirror has an expired
    certificate.
  * "prokit install" and "prokit installer-pc" in the ProteanOS profile
    now support FTP mirrors.

ProteanOS Development Kit version 2.0.0
---------------------------------------

Released: 2019-04-27

This major new release of prokit has been in development since
2014-10-13.  Major new features include automatic block device mounting;
new "prokit installer-pc" and "prokit mkinitramfs" commands; downloading
and storing gzip-compressed package feed index files; verifying package
feed index file signatures against a validated archive certificate; and
fetching lists of ProteanOS architectures, platforms, and archive
mirrors.

Security fix:

  * An unsafe "eval" command has been fixed.  Running prokit's "install"
    command with an untrusted "root" directory argument, as in the shell
    command `prokit install dev/trunk "root'; echo hello #"`, allows
    arbitrary code execution.  This is fixed by Git commit 1ce4ec3.
    This is considered a low-impact vulnerability, because running
    prokit's "install" command with untrusted arguments is an unlikely
    use case.

New dependencies:

  * prokit now requires OpenWrt's usign utility, which verifies ed25519
    signatures compatible with OpenBSD's signify utility.  An embedded
    copy of usign is included, which additionally requires CMake to
    build, or a system copy can be used instead.
  * prokit now requires gunzip, either sfdisk or fdisk, mke2fs, cpio,
    and xz from XZ Utils.

Command-line interface:

  * "prokit install", "prokit shell", "prokit opkg", and "prokit build"
    now accept either a block device file name or a directory name
    (previously only accepting the latter).  A block device is
    automatically mounted and unmounted on a mount point managed by
    prokit.
  * A new "prokit installer-pc" command has been added to install a PC
    system onto a block device.
  * A new "prokit mkinitramfs" command has been added to generate an
    initramfs containing an installed system.

System installation changes:

  * A basic "/etc/group" file is now generated on ProteanOS systems.
  * "prokit install" in the ProteanOS profile now only copies
    "/etc/resolv.conf" and "/etc/hostname" from the host system if the
    platform is "dev".  It also now does not enable system services on
    the "dev" platform.  On other platforms, it enables services and
    sets the hostname to "proteanos".
  * A list of valid ProteanOS architectures and platforms is no longer
    hardcoded.  This list could become outdated between prokit versions
    or even ProteanOS suites.
  * A list of ProteanOS package archive mirrors is no longer hardcoded.
    Instead, the list is fetched from the ProteanOS files site as
    needed.
  * ProteanOS package feed index files are now downloaded and stored in
    gzip-compressed form.
  * ProteanOS package feed index file signatures are now verified
    against the archive certificate, which in turn is validated against
    the root archive key.

Bug fixes:

  * "prokit install" now only throws a "Directory ... exists" error if
    the specified root directory is not empty.
  * Two bugs related to gzip-compressed package feed index files have
    been fixed.

Build system and code quality:

  * The build system now links all shell objects into the prokit
    executable instead of distributing shell modules that are linked
    into prokit at run time.
  * Git commit information is now shown in "prokit version" output and
    manual pages if built from a Git repository.
  * Various error conditions are now handled more cleanly.
  * Uses of the non-portable "%s" date format conversion specifier and
    "expr" command have been replaced.
  * The test suite is now based around the TAP protocol.
  * Code quality has been improved: eval commands are now safer against
    mistakes in input validation/escaping, echo commands have been
    replaced, errors are handled (making the shell "-e" option safe), an
    obselescent [ (test) command option has been removed, and commands
    are protected from variable arguments beginning with "-".

ProteanOS Development Kit version 1.1.0
---------------------------------------

Released: 2014-10-08

Changes in this release:

  * The previously missing prokit-install(8) manual page is now
    distributed and installed.
  * Some logic of "prokit install" has been simplified as ProteanOS
    packages now have the necessary data files and control fields.
  * "prokit build" now parses substvars files without errors.
  * The current working directory is bind mounted within the isolated
    file system environment and used as the working directory for the
    "prokit shell" and "prokit opkg" commands.
  * Compatibility with older versions of opkbuild has been dropped.
    Before running "prokit build", make sure your ProteanOS system has
    version 3.0.0~beta6-1 or later of the opkbuild package.
  * The list of mirrors has been updated.  Thanks to Morten 'Jobbe'
    Jakobsen for providing another mirror.
  * Session management has been added to allow multiple instances of
    prokit to run simultaneously.  The first instance started will mount
    the basic file systems, and the last instance exited will unmount
    them.  A mutex is used to eliminate race conditions on changes to
    the sessions pool.
  * Whitespace in arguments to "prokit shell" and "prokit build" is now
    preserved.
  * Signals are handled during active sessions with callbacks for the
    "prokit opkg" and "prokit build" commands, to ensure that the
    isolated file system environment is left in a clean state when a
    signal like SIGINT (Ctrl+C) is received.

ProteanOS Development Kit version 1.0.0
---------------------------------------

Released: 2014-09-02

Changes in this release:

  * A new "prokit opkg" command has been added.
  * A new "prokit build" command has been added.
  * "prokit shell" now accepts optional command arguments.
  * Manual pages for prokit commands that require superuser privileges
    have been moved to section 8.

ProteanOS Development Kit version 0.1.0
---------------------------------------

Released: 2014-08-26

This is the initial release of the ProteanOS Development Kit, in
development since 2013-10-22.

This is a preview release for testing, providing only the "install" and
"shell" action commands.  Currently, prokit approximately matches
miniprokit in features, though the latter is still recommended for
normal use.

Copyright Information
---------------------

Copyright (C) 2014, 2015, 2019  Patrick McDermott

Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.  This file is offered as-is,
without any warranty.