Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Jul 25, 2013
  1. Daniel Pittman

    Merge pull request #77 from alexkonradi/add-import-deb-packages

    daniel-pittman authored
    Add ability to import deb packages while building the image
  2. Daniel Pittman

    Merge pull request #76 from alexkonradi/fix_mirror-gem_ruby_2.0_compa…

    daniel-pittman authored
    …tibility
    
    Make mirror-gem Ruby 2.0 compatible
Commits on Jul 15, 2013
  1. Daniel Pittman

    Import "The road forward for Razor" as the primary readme

    daniel-pittman authored
    This brings information about what is going on with Razor into the forefront
    of visibility.  Old information is still preserved in a separate file.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
Commits on Feb 26, 2013
  1. Daniel Pittman

    Merge pull request #69 from daniel-pittman/feature/master/68-move-ope…

    daniel-pittman authored
    …n-vm-tools-to-our-downloads-site
    
    (#68) Move open-vm-tools binary package to downloads.puppetlabs.com
  2. Daniel Pittman

    (#68) Move open-vm-tools binary package to downloads.puppetlabs.com

    daniel-pittman authored
    This updates the default location for the OpenVM tools binary package to
    downloads.puppetlabs.com, reflecting the move away from the (now removed)
    GitHub downloads feature.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
Commits on Feb 22, 2013
  1. Daniel Pittman

    Merge pull request #66 from daniel-pittman/feature/master/65-remove-u…

    daniel-pittman authored
    …nused-stomp-gem
    
    The stomp gem was only used to support MCollective
Commits on Feb 20, 2013
  1. Daniel Pittman

    Remove the dangerous "reuse previous download" option

    daniel-pittman authored
    The script that collected data together for the Microkernel image had a "reuse
    previous download" option that triggered a particularly dangerous set of
    behaviours:
    
    When enabled it assumed that it should simply use the existing build directory
    as-is, and should avoid fetching content that already existed in
    that directory.
    
    This seems innocuous enough - an optimization you might choose to use during
    development - but actually masks a dangerous failure mode.  If we eliminate
    something from the build, like we did the stomp gem, it may still be built
    into the final image when reusing the downloaded content, because it happens
    to sit in the build directory.
    
    A correct version of this would use a cache that sits aside from the build
    directory, and only put in place files that would actually be used.
    
    That is more complex to develop, and doesn't really add value compared to
    using a simple squid proxy server to cache the downloaded files, so I have
    simply expunged the reuse facility.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  2. Daniel Pittman

    The stomp gem was only used to support MCollective

    daniel-pittman authored
    We only included the stomp gem in the system to support MCollective, which is
    now gone from the Microkernel.  This removes the gem as well, for a marginal
    reduction in size, and less things to care about when figuring out what works
    or not in the MK image.
    
    This closes #65.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
Commits on Feb 15, 2013
  1. Daniel Pittman

    Merge pull request #64 from daniel-pittman/bug/master/63-set-defaut-p…

    daniel-pittman authored
    …assword-explicitly
    
    The build process expects a default password, but does not bother to set...
  2. Daniel Pittman

    The build process expects a default password, but does not bother to …

    daniel-pittman authored
    …set it
    
    The build process expects a fixed default password in the development and
    debug builds, but does not bother to set that. This leads to users, and our CI
    system, unexpectedly building ISO images that don't allow login as expected.
    
    Since this is a fixed, documented, default password there is no more security
    exposure to be putting it in as the default in the scripts than it does to
    manually enter it on every automated, central build.
    
    Ultimately this should probably be eliminated entirely, because it has zero
    security value: any attacker can simply read our documentation, and any
    automated tool can add whatever password we pick, but for now this improves
    utility without surprising our existing users.
    
    This closes #63.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  3. Daniel Pittman

    Merge pull request #62 from tjmcs/tb/fix-gem-list-parse-error

    daniel-pittman authored
    Modified gem controller to support new gem.list file format (Fixes #61)
Commits on Feb 12, 2013
  1. Daniel Pittman

    Merge pull request #60 from daniel-pittman/feature/master/59-version-…

    daniel-pittman authored
    …specification-for-gem-mirroring
    
    version specification for gem mirroring
  2. Daniel Pittman

    CVE-2013-0269 Denial of Service and Unsafe Object Creation Vulnerabil…

    daniel-pittman authored
    …ity in JSON
    
    Ruby JSON parsing gems were vulnerable to denial of service and unsafe object
    creation attacks when used on user controlled data.  These could be used to
    create objects in unexpected ways, as well as to consume memory through
    persistent object creation.
    
    This updates our JSON gem to version 1.7.7, a version that is no longer
    vulnerable to those attacks, mitigating this risk in the Microkernel.
    
    This is the only mitigation required, as the Microkernel already correctly
    uses `JSON.parse` - a safe API for untrusted input - rather than `JSON.load`
    or other vulnerable inputs.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  3. Daniel Pittman

    Allow reading gem list from a file during mirroring

    daniel-pittman authored
    This extends the gem mirroring script to support reading from a file, as well
    as the command line, to find out which set of gems to mirror.
    
    This allows an extended input format in the file, where we specify version
    constraints, which resolves #59, a need to specify version constraints.
    Now we have a clean mechanism for specifying them.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
Commits on Feb 7, 2013
  1. Daniel Pittman

    Merge pull request #55 from daniel-pittman/feature/master/better-fake…

    daniel-pittman authored
    …root-safety-checks
    
    Inform users and abort when we can't unpack the ISO image
Commits on Jan 25, 2013
  1. Daniel Pittman

    Merge pull request #56 from tjmcs/tb/fixes_razor_issue_297

    daniel-pittman authored
    Fixes Razor issue 297; MK now uses 'lshw -disable dmi' under kvm
Commits on Jan 17, 2013
  1. Daniel Pittman

    Explain why a subset of util-linux is extracted

    daniel-pittman authored
    This adds a copy of the explanation from TJMCS about why only a
    subset of the `util-linux` package is installed, as per #45, so that
    the next engineer along doesn't wonder at that.
Commits on Jan 15, 2013
  1. Daniel Pittman

    Inform users and abort when we can't unpack the ISO image

    daniel-pittman authored
    When running under fakeroot(1), we would try and loopback mount the ISO image
    to unpack it despite knowing that could never work. That was a poor user
    experience, and we can absolutely do better than that.
    
    This updates the script to check if we are running under fakeroot and skip the
    attempt to use mount in favour of informing the user about what they should do
    to successfully build.
    
    This closes issue #54.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
Commits on Jan 8, 2013
  1. Daniel Pittman

    Merge pull request #41 from daniel-pittman/feature/master/better-iso-…

    daniel-pittman authored
    …file-metadata
    
    Make the `preparer` details work correctly
  2. Daniel Pittman

    Make the `preparer` details work correctly

    daniel-pittman authored
    I managed to miss that the preparer code was not filling in the string, which
    is not in any way fatal, but also doesn't help get the data I wanted embedded
    in the final ISO.
    
    This fixes that by using sensible bash syntax to build the variable.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  3. Daniel Pittman

    Merge pull request #40 from daniel-pittman/feature/master/better-iso-…

    daniel-pittman authored
    …file-metadata
    
    Push the working version of the license code.
  4. Daniel Pittman

    Push the working version of the license code.

    daniel-pittman authored
    The great thing about git is that it is happy to push commits from a dirty
    working directory.  The bad thing about git is that willingness means I can
    push up the older, broken version of a script from before I actually tested
    that it worked and not notice.
    
    This moves the copy of the COPYING and LICENSE files to the appropriate part
    of the build script, resulting in an end-to-end successful build, rather than
    the nasty failure we got with the merged version.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  5. Daniel Pittman

    Merge pull request #39 from daniel-pittman/feature/master/better-iso-…

    daniel-pittman authored
    …file-metadata
    
    Better iso file metadata
  6. Daniel Pittman

    Install, and reference, LICENSE and COPYING in the ISO image

    daniel-pittman authored
    This puts the LICENSE and COPYING files, which define the software license
    terms, in the ISO image.  That helps users understand the terms that they are
    receiving this software under.
    
    It also references that file from the ISO9660 metadata, because why not?
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  7. Daniel Pittman

    Include more useful metadata in the ISO image

    daniel-pittman authored
    This updates the ISO image build to include some extra metadata:
    
     * set the Application ID
     * set the System ID to 'LINUX' to match other distros
     * set the Preparer ID to include useful information
     * set the Volume ID to include a meaningful, versioned name
    
    This results in an ISO file that can be more easily classified without needing
    to peek inside the box.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  8. Daniel Pittman

    Merge pull request #37 from daniel-pittman/feature/master/silence-is-…

    daniel-pittman authored
    …the-element-from-which-great-things-fashion-themselves
    
    Silence the build process
Commits on Dec 28, 2012
  1. Daniel Pittman

    Silence the bundle build process

    daniel-pittman authored
    Now that we are automating the build process, having verbose and human-focused
    progress messages from downloads and tar creating result in a much more
    difficult to debug build - the errors get drowned in a sea of progress that
    nobody watches.
    
    This silences the various tools used to rebuild the ISO image.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
Commits on Dec 20, 2012
  1. Daniel Pittman

    Merge pull request #38 from daniel-pittman/bug/master/busybox-vs-dire…

    daniel-pittman authored
    …ctories-with-spaces
    
    Shell interpolation is hard, let's use a function!
  2. Daniel Pittman

    Shell interpolation is hard, let's use a function!

    daniel-pittman authored
    Trying to get shell interpolation of a multi-word command to work when faced
    with some parts of that having spaces is madness.  We did that with busybox
    execution using the guest tools, though, since it worked OK in simple cases.
    
    This replaces that with a function that encapsulates the same behaviour in a
    much saner fashion.  Now you can run the guest busybox from a 64-bit host
    while in a working directory that contains spaces.
    
    Tomorrow the world!
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  3. Daniel Pittman

    Merge pull request #36 from daniel-pittman/bug/master/supporting-dire…

    daniel-pittman authored
    …ctory-names-with-spaces-for-fun-and-profit
    
    Be robust about spaces in the current directory tree
  4. Daniel Pittman

    Be robust about spaces in the current directory tree

    daniel-pittman authored
    Building with Jenkins CI tends to put spaces in the path to the workspace,
    which is great - and reveals the sort of bugs where we have not correctly
    handled the need to quote values in shell scripts.
    
    Now we do...
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  5. Daniel Pittman

    Merge pull request #34 from daniel-pittman/bug/master/support-ruby-18…

    daniel-pittman authored
    …7-gems
    
    Manually load the `rubygems` library for Ruby 187
  6. Daniel Pittman

    Manually load the `rubygems` library for Ruby 187

    daniel-pittman authored
    I did my build testing with Ruby 193, and that has RubyGEMS in core.  Our CI
    builders only have Ruby 187 and reveal that I forgot to manually load it into
    the gem mirror script.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  7. Daniel Pittman

    Ensure the boot scripts are executable

    daniel-pittman authored
    Rather than depending on git semantics around the execute bit, which can be
    quirky on different platforms, we are safer manually ensuring that scripts
    are executable.
    
    This updates the bundle builder to manually set the execute bits on the target
    boot scripts.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
  8. Daniel Pittman

    Avoid chroot when running the guest busybox

    daniel-pittman authored
    Using the guest busybox is nice, but it is easier if we don't need to run it
    through chroot - especially when building under a fakeroot style environment.
    
    It already supports rebuilding a directory without having to chroot into it
    using the standard "alternate base" -b argument.
    
    The TCL guest busybox is a 32-bit, dynamically linked executable.  This causes
    some problems when built on a 64-bit box that doesn't have the 32-bit glibc
    installed - typically, a failure to execute with `No such file or directory`.
    
    This uses the guest libraries to execute the process, rather than sticking
    with the parent.
    
    Signed-off-by: Daniel Pittman <daniel@rimspace.net>
Something went wrong with that request. Please try again.