Skip to content
Commits on Feb 15, 2013
  1. @daniel-pittman

    Merge pull request #64 from daniel-pittman/bug/master/63-set-defaut-p…

    daniel-pittman committed
    …assword-explicitly
    
    The build process expects a default password, but does not bother to set...
  2. @daniel-pittman

    The build process expects a default password, but does not bother to …

    daniel-pittman committed
    …set it
    
    The build process expects a fixed default password in the development and
    debug builds, but does not bother to set that. This leads to users, and our CI
    system, unexpectedly building ISO images that don't allow login as expected.
    
    Since this is a fixed, documented, default password there is no more security
    exposure to be putting it in as the default in the scripts than it does to
    manually enter it on every automated, central build.
    
    Ultimately this should probably be eliminated entirely, because it has zero
    security value: any attacker can simply read our documentation, and any
    automated tool can add whatever password we pick, but for now this improves
    utility without surprising our existing users.
    
    This closes #63.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  3. @daniel-pittman

    Merge pull request #62 from tjmcs/tb/fix-gem-list-parse-error

    daniel-pittman committed
    Modified gem controller to support new gem.list file format (Fixes #61)
Commits on Feb 14, 2013
  1. modified gem controller to parse new format for gem.list file correctly

    Tom McSweeney committed
    (it now takes the first field from each line as the gem name and ignores
    any extra fields that may appear in the gem.list file after that gem name)
Commits on Feb 12, 2013
  1. @daniel-pittman

    Merge pull request #60 from daniel-pittman/feature/master/59-version-…

    daniel-pittman committed
    …specification-for-gem-mirroring
    
    version specification for gem mirroring
  2. @daniel-pittman

    CVE-2013-0269 Denial of Service and Unsafe Object Creation Vulnerabil…

    daniel-pittman committed
    …ity in JSON
    
    Ruby JSON parsing gems were vulnerable to denial of service and unsafe object
    creation attacks when used on user controlled data.  These could be used to
    create objects in unexpected ways, as well as to consume memory through
    persistent object creation.
    
    This updates our JSON gem to version 1.7.7, a version that is no longer
    vulnerable to those attacks, mitigating this risk in the Microkernel.
    
    This is the only mitigation required, as the Microkernel already correctly
    uses `JSON.parse` - a safe API for untrusted input - rather than `JSON.load`
    or other vulnerable inputs.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  3. @daniel-pittman

    Allow reading gem list from a file during mirroring

    daniel-pittman committed
    This extends the gem mirroring script to support reading from a file, as well
    as the command line, to find out which set of gems to mirror.
    
    This allows an extended input format in the file, where we specify version
    constraints, which resolves #59, a need to specify version constraints.
    Now we have a clean mechanism for specifying them.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
Commits on Feb 8, 2013
  1. Merge pull request #58 from tjmcs/tb/fix-default-version-format

    tjmcs committed
    (#57) Strips leading `v` from generated version numbers
  2. Fixes issue #57 (generated version numbers have wrong format); with t…

    Tom McSweeney committed
    …he change in this commit the build-bundle-file.sh script constructs a shell that parses the git version numbers a bit differently so that auto-generated version numbers for the Microkernel ISO are more consistent with the version numbers that were used in numbering our Razor Microkernel ISOs previously (versions like "0.9.3.0" instead of "v0.9.3.0").
Commits on Feb 7, 2013
  1. @daniel-pittman

    Merge pull request #55 from daniel-pittman/feature/master/better-fake…

    daniel-pittman committed
    …root-safety-checks
    
    Inform users and abort when we can't unpack the ISO image
Commits on Feb 6, 2013
  1. @thallgren @daniel-pittman

    Limits the services on port 2156 and 2157 to localhost.

    thallgren committed with daniel-pittman
    The Microkernel exposes two services on ports 2156 and 2157
    as part of Tiny Core Linux. The service available on port 2156
    handles configuration of the running Microkernel image. It is
    unauthenticated, and allows users to load kernel modules and add
    new extensions to TCL. The service on 2157 provides information
    about the running system.
    
    This commit limits those services to localhost, thus preventing
    anyone from accessing them remotely.
  2. @thallgren @daniel-pittman

    Adds built artifacts to the .gitignore

    thallgren committed with daniel-pittman
    Some folders are created during a build. This commit adds
    then to the .gitignore to ensure that they are not commited
    by mistake.
  3. @thallgren @daniel-pittman

    Removes MCollective from the Razor Micro Kernel

    thallgren committed with daniel-pittman
    MCollective was running as an external service. It used a
    static configuration accessible to anyone who accessed
    the source, and which could connect to an external master.
    This was considered a security threat in the security
    evaluation.
    
    This commit removes MCollective completely. The impact of
    doing this should be zero since it wasn't currently used.
Commits on Jan 25, 2013
  1. @daniel-pittman

    Merge pull request #56 from tjmcs/tb/fixes_razor_issue_297

    daniel-pittman committed
    Fixes Razor issue 297; MK now uses 'lshw -disable dmi' under kvm
Commits on Jan 23, 2013
  1. This change should fix issue 297 on the Razor issue list

    Tom McSweeney committed
Commits on Jan 17, 2013
  1. @daniel-pittman

    Explain why a subset of util-linux is extracted

    daniel-pittman committed
    This adds a copy of the explanation from TJMCS about why only a
    subset of the `util-linux` package is installed, as per #45, so that
    the next engineer along doesn't wonder at that.
Commits on Jan 15, 2013
  1. @daniel-pittman

    Inform users and abort when we can't unpack the ISO image

    daniel-pittman committed
    When running under fakeroot(1), we would try and loopback mount the ISO image
    to unpack it despite knowing that could never work. That was a poor user
    experience, and we can absolutely do better than that.
    
    This updates the script to check if we are running under fakeroot and skip the
    attempt to use mount in favour of informing the user about what they should do
    to successfully build.
    
    This closes issue #54.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
Commits on Jan 8, 2013
  1. @daniel-pittman

    Merge pull request #41 from daniel-pittman/feature/master/better-iso-…

    daniel-pittman committed
    …file-metadata
    
    Make the `preparer` details work correctly
  2. @daniel-pittman

    Make the `preparer` details work correctly

    daniel-pittman committed
    I managed to miss that the preparer code was not filling in the string, which
    is not in any way fatal, but also doesn't help get the data I wanted embedded
    in the final ISO.
    
    This fixes that by using sensible bash syntax to build the variable.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  3. @daniel-pittman

    Merge pull request #40 from daniel-pittman/feature/master/better-iso-…

    daniel-pittman committed
    …file-metadata
    
    Push the working version of the license code.
  4. @daniel-pittman

    Push the working version of the license code.

    daniel-pittman committed
    The great thing about git is that it is happy to push commits from a dirty
    working directory.  The bad thing about git is that willingness means I can
    push up the older, broken version of a script from before I actually tested
    that it worked and not notice.
    
    This moves the copy of the COPYING and LICENSE files to the appropriate part
    of the build script, resulting in an end-to-end successful build, rather than
    the nasty failure we got with the merged version.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  5. @daniel-pittman

    Merge pull request #39 from daniel-pittman/feature/master/better-iso-…

    daniel-pittman committed
    …file-metadata
    
    Better iso file metadata
  6. @daniel-pittman

    Install, and reference, LICENSE and COPYING in the ISO image

    daniel-pittman committed
    This puts the LICENSE and COPYING files, which define the software license
    terms, in the ISO image.  That helps users understand the terms that they are
    receiving this software under.
    
    It also references that file from the ISO9660 metadata, because why not?
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  7. @daniel-pittman

    Include more useful metadata in the ISO image

    daniel-pittman committed
    This updates the ISO image build to include some extra metadata:
    
     * set the Application ID
     * set the System ID to 'LINUX' to match other distros
     * set the Preparer ID to include useful information
     * set the Volume ID to include a meaningful, versioned name
    
    This results in an ISO file that can be more easily classified without needing
    to peek inside the box.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  8. @daniel-pittman

    Merge pull request #37 from daniel-pittman/feature/master/silence-is-…

    daniel-pittman committed
    …the-element-from-which-great-things-fashion-themselves
    
    Silence the build process
Commits on Dec 28, 2012
  1. @daniel-pittman

    Silence the bundle build process

    daniel-pittman committed
    Now that we are automating the build process, having verbose and human-focused
    progress messages from downloads and tar creating result in a much more
    difficult to debug build - the errors get drowned in a sea of progress that
    nobody watches.
    
    This silences the various tools used to rebuild the ISO image.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
Commits on Dec 20, 2012
  1. @daniel-pittman

    Merge pull request #38 from daniel-pittman/bug/master/busybox-vs-dire…

    daniel-pittman committed
    …ctories-with-spaces
    
    Shell interpolation is hard, let's use a function!
  2. @daniel-pittman

    Shell interpolation is hard, let's use a function!

    daniel-pittman committed
    Trying to get shell interpolation of a multi-word command to work when faced
    with some parts of that having spaces is madness.  We did that with busybox
    execution using the guest tools, though, since it worked OK in simple cases.
    
    This replaces that with a function that encapsulates the same behaviour in a
    much saner fashion.  Now you can run the guest busybox from a 64-bit host
    while in a working directory that contains spaces.
    
    Tomorrow the world!
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  3. @daniel-pittman

    Merge pull request #36 from daniel-pittman/bug/master/supporting-dire…

    daniel-pittman committed
    …ctory-names-with-spaces-for-fun-and-profit
    
    Be robust about spaces in the current directory tree
  4. @daniel-pittman

    Be robust about spaces in the current directory tree

    daniel-pittman committed
    Building with Jenkins CI tends to put spaces in the path to the workspace,
    which is great - and reveals the sort of bugs where we have not correctly
    handled the need to quote values in shell scripts.
    
    Now we do...
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  5. Merge pull request #33 from daniel-pittman/bug/master/missing-opt-gem…

    tjmcs committed
    …s-after-#21
    
    Fix missing bootsync.sh and gem.list files
  6. @daniel-pittman

    Merge pull request #34 from daniel-pittman/bug/master/support-ruby-18…

    daniel-pittman committed
    …7-gems
    
    Manually load the `rubygems` library for Ruby 187
  7. @daniel-pittman

    Manually load the `rubygems` library for Ruby 187

    daniel-pittman committed
    I did my build testing with Ruby 193, and that has RubyGEMS in core.  Our CI
    builders only have Ruby 187 and reveal that I forgot to manually load it into
    the gem mirror script.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  8. Merge pull request #31 from daniel-pittman/feature/master/prefer-host…

    tjmcs committed
    …-busybox-to-guest-busybox
    
    Avoid chroot when running the guest busybox
  9. @daniel-pittman

    Ensure the boot scripts are executable

    daniel-pittman committed
    Rather than depending on git semantics around the execute bit, which can be
    quirky on different platforms, we are safer manually ensuring that scripts
    are executable.
    
    This updates the bundle builder to manually set the execute bits on the target
    boot scripts.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
Something went wrong with that request. Please try again.