The official Debian packages are already broken up into "main", "contrib", and "non-free" groups, which means that there is no single source of even 'official' packages. This patch adds support for using multiple package lists in place of a single one. Note: the order in which lists are specified DOES MATTER. If the same package is available in multiple repositories, the repository listed first will take precedence.
Debian packages can be added to the same mirror-extensions.lst and builtin-extensions.lst, and are identified by a .deb extension. They are then downloaded by bin/download-deb-pkg and converted by bin/deb2tcz.sh. In the case of builtin extensions, the name is appended to onboot.lst.
Downloads .deb package files from a debian mirror of your choice given the package name and the file list downloaded by download-deb-pkg-list. The parameters are listed in the file, but there is no help text for manual usage (since this is supposed to be invoked by build-bundle-file.sh)
This script downloads a gzip-ed debian package list; default is from TC5: http://distro.ibiblio.org/tinycorelinux/5.x/x86/debian_wheezy_main_i386_Packages.gz The list is downloaded and gunzip-ed, then stripped of everything except package names and download paths. The resulting output file looks something like this: libaac-tactics-ocaml pool/main/a/aac-tactics/libaac-tactics-ocaml_0.2.pl2-7_i386.deb libaac-tactics-ocaml-dev pool/main/a/aac-tactics/libaac-tactics-ocaml-dev_0.2.pl2-7_i386.deb python-aafigure pool/main/a/aafigure/python-aafigure_0.5-3_all.deb libaa-bin pool/main/a/aalib/libaa-bin_1.4p5-40_i386.deb libaa1 pool/main/a/aalib/libaa1_1.4p5-40_i386.deb Each package name is followed by a space, then a relative path for a debian mirror server. The resulting file can be quickly searched by grep.
This adds checks before making Gem::SpecFinder calls to prevent errors while using Ruby 2.0. Gem::SpecFetcher#fetch_with_errors has been replaced by Gem::SpecFetcher#spec_for_dependency. Additionally, #spec_for_dependency returns a Gem::Source object where #fetch_with_errors returned a String.
This brings information about what is going on with Razor into the forefront of visibility. Old information is still preserved in a separate file. Signed-off-by: Daniel Pittman <firstname.lastname@example.org>
This updates the default location for the OpenVM tools binary package to downloads.puppetlabs.com, reflecting the move away from the (now removed) GitHub downloads feature. Signed-off-by: Daniel Pittman <email@example.com>
The script that collected data together for the Microkernel image had a "reuse previous download" option that triggered a particularly dangerous set of behaviours: When enabled it assumed that it should simply use the existing build directory as-is, and should avoid fetching content that already existed in that directory. This seems innocuous enough - an optimization you might choose to use during development - but actually masks a dangerous failure mode. If we eliminate something from the build, like we did the stomp gem, it may still be built into the final image when reusing the downloaded content, because it happens to sit in the build directory. A correct version of this would use a cache that sits aside from the build directory, and only put in place files that would actually be used. That is more complex to develop, and doesn't really add value compared to using a simple squid proxy server to cache the downloaded files, so I have simply expunged the reuse facility. Signed-off-by: Daniel Pittman <firstname.lastname@example.org>
We only included the stomp gem in the system to support MCollective, which is now gone from the Microkernel. This removes the gem as well, for a marginal reduction in size, and less things to care about when figuring out what works or not in the MK image. This closes #65. Signed-off-by: Daniel Pittman <email@example.com>
…set it The build process expects a fixed default password in the development and debug builds, but does not bother to set that. This leads to users, and our CI system, unexpectedly building ISO images that don't allow login as expected. Since this is a fixed, documented, default password there is no more security exposure to be putting it in as the default in the scripts than it does to manually enter it on every automated, central build. Ultimately this should probably be eliminated entirely, because it has zero security value: any attacker can simply read our documentation, and any automated tool can add whatever password we pick, but for now this improves utility without surprising our existing users. This closes #63. Signed-off-by: Daniel Pittman <firstname.lastname@example.org>
(it now takes the first field from each line as the gem name and ignores any extra fields that may appear in the gem.list file after that gem name)
…ity in JSON Ruby JSON parsing gems were vulnerable to denial of service and unsafe object creation attacks when used on user controlled data. These could be used to create objects in unexpected ways, as well as to consume memory through persistent object creation. This updates our JSON gem to version 1.7.7, a version that is no longer vulnerable to those attacks, mitigating this risk in the Microkernel. This is the only mitigation required, as the Microkernel already correctly uses `JSON.parse` - a safe API for untrusted input - rather than `JSON.load` or other vulnerable inputs. Signed-off-by: Daniel Pittman <email@example.com>
This extends the gem mirroring script to support reading from a file, as well as the command line, to find out which set of gems to mirror. This allows an extended input format in the file, where we specify version constraints, which resolves #59, a need to specify version constraints. Now we have a clean mechanism for specifying them. Signed-off-by: Daniel Pittman <firstname.lastname@example.org>
…he change in this commit the build-bundle-file.sh script constructs a shell that parses the git version numbers a bit differently so that auto-generated version numbers for the Microkernel ISO are more consistent with the version numbers that were used in numbering our Razor Microkernel ISOs previously (versions like "0.9.3.0" instead of "v0.9.3.0").
The Microkernel exposes two services on ports 2156 and 2157 as part of Tiny Core Linux. The service available on port 2156 handles configuration of the running Microkernel image. It is unauthenticated, and allows users to load kernel modules and add new extensions to TCL. The service on 2157 provides information about the running system. This commit limits those services to localhost, thus preventing anyone from accessing them remotely.
MCollective was running as an external service. It used a static configuration accessible to anyone who accessed the source, and which could connect to an external master. This was considered a security threat in the security evaluation. This commit removes MCollective completely. The impact of doing this should be zero since it wasn't currently used.