Yet again: It's been a while
Okay, some news, short and sweet: EasyLFS is not moving.
Although I registered easylfs.net, and still have it, I do not have that VPS anymore.
Reasons are various, a major factor is that as a father I just prefer to spend the time with my son than with tweaking the server and setting things up for collaboration.
And even though it may look like it, EasyLFS is far from dead. Just tonight I have updated 100+ packages, which are more than 50%, and currently a test build is running.
So, summing up: EasyLFS is not moving (for now, we'll see what the future holds) and EasyLFS is still being developed.
Any schedule for a new release? No. Especially after upgrading lots of packages, many of them very important (GCC, GLibC, the Linux kernel, ...), it's impossible to foresee any release.
I may actually switch to releasing unstable releases that can build, but may have certain caveats (like a messed up SELinux policy, certain packages not working, or stuff like that), just in order to get something out after more than 2 years without any release.
But who knows... I guess time will tell.
EasyLFS is migrating.
Not because the service here would be bad. It's not at all.
I am very thankful that I have received free hosting at this address, but I have decided that EasyLFS needs more in order to move on.
What it needs more is a proper domain-name, an open development-model and a few other details.
Thus I have register easylfs.net and rented a VPS that will become the new home of EasyLFS.
The first job right now is migrating my local codebase to Subversion-repositories.
Thus the development will (hopefully) open up, as I am not the only person with access to the latest code.
It has been a great time here with Nuxified.com. Thank you for generously helping out my little project in a time of need.
Currently this site is undergoing quite some changes.
Most of what's happening will not be visible to the user, but some changes will have a visual effect.
Also it is planned that this site finally gets a design, but this is not the priority.
Welcome to the EasyLFS project management site.
Project News - EasyLFS
I finally got around updating the package-list. Haven't done this in a long time, so there were a lot of changes.
I'll try to keep it more updated in future. It's just annoying having to keep track of versions in 3 places...
Well, in April I have posted that I am looking into a multilib-EasyLFS. For now I have abandoned this idea in order to focus on the current development.
Recently I had quite a few problems with ext3 and ext4, which were impossible to use when installing from CD. Reason was AUFS, which somehow didn't want to work properly with kernel 2.6.29. Switching the CD to use UnionFS instead of AUFS solved the problem.
Currently I am working on many things. Test are run frequently to check the changes.
Overall I am happy with the progress on EasyLFS. It already looks like quite a nice system, but I don't feel it's quite ready yet. There are a few things here and there which I still want to fix before pushing it out to the public.
Still I am confident that the new EasyLFS will be a very good system, a lot better than EasyLFS 0.4, which in my opinion already was quite good.
Updates here and there and all over the place
I did quite a bit of updating here and there. Including the latest kernel (2.6.29), which brought a few changes.
Kernel 2.6.29 includes SquashFS. This does make it easier for me to create the LiveCD, but some changes were necessary here and there.
The biggest change resulting from this is a jump in ISO-sizes, as currently LZMA-compression is not available.
If this doesn't change the next version of EasyLFS will be quite a bit bigger. One reason is that there are more packages, the other reason, as mentioned, missing LZMA-support.
But as I am still working on many parts of the system the release will still take some time (but is supposed to happen this year) and maybe I can get LZMA back in.
Also other packages have been updates. Also I added htop, removed the device-mapper (is it's now part of the LVM-package) and am currently looking into creating a multi-lib version of EasyLFS.
If this multi-lib-EasyLFS will be available when it's time to release I cannot say yet, right now I'm merely playing around and testing.
Progress all over the place
It's been about a month since the last update and a lot of work has been done.
All the packages have been updated, a few useless packages have been kicked out and others have been added.
dcron is likely to be replaced by cronie soon and for SMP-systems I am working on speeding up the installation by using the parameter -j of make to specify the number of parallel jobs.
For the 32-bit version I already have a new LiveCD, after adjusting my build-scripts, kernel-config and the Linux Live-Scripts according to my needs and the changes I have made to EasyLFS.
The next version of EasyLFS also won't offer the choice between a SMP- and a non-SMP-kernel on bootup, there's only be the SMP-kernel and the kernel-patch for SMP will be applied depending on the number of CPUs found in the system.
ADA-support is also finished, while working on this I split up LFS_GCC_COMPLETE into separate options for the available languages. Also LFS_INSTALL_ALL_FSUTILS has been split up.
A lot has been changed all over the place, in order to make the next release a lot better than EasyLFS 0.4.
Another big change, which still requires some work is changing EasyLFS64 to install all libraries into /lib64 and /usr/lib64, and not touch /lib or /usr/lib. This work is being done so that one day maybe a multi-lib version of EasyLFS may become possible.
It's been a while
Yes, it really has been a while since the last update.
The reason was that first I had a problem with my hardware (my monitor broke down and rendered my dev-machine blind) and then I moved.
Well, now everything is sorted and I'm back working on EasyLFS.
Obviously there will be no release this year, but I hope to get an all fresh release done within the first quarter of 2009.
As usual getting back to work involved updating of packages and countless test-builds, which more or less is the current stage of development.
Also I had a few ideas for the next release, but these I'm going to talk about another time.
More progress on SELinux
In order to deliver even better SELinux-support than I offered in EasyLFS 0.4 (which now I think wasn't very good, but hey, it's evolving, right?) I have joined the SELinux-mailing-list.
Thanks to the folks there I have now been able to fix one big show-stopper, a problem with newrole caused by simply installing something in the wrong place...
Well, thanks guys, I am sure there will be more questions coming your way.
And I hope that one day I'll be able to contribute to SELinux.
Progress on security
My work with the POSIX-capabilities starts to show some results.
By now I have freed passwd, su and ping/ping6 from their SetUID-bit. Thus these programs do not run with full root-permissions anymore.
Next I'll look for other SetUID-programs and try to replace the bit with capabilities.
Also the development of the SELinux-policy is progressing quite nicely.
I have changed quite a few bits of the referency policy and some more adjustments are likely to follow.
Overall I am quite happy with the progress I have made during the limited time available to me.
And another one for SELinux
As you may have noticed I am working hard on the integration of SELinux, which is supposed to be the best EasyLFS has seen so far.
Although I have made quite some progress I still had certain problems with the login.
This has been solved now by installing and using mingetty instead of agetty.
That's another package that's required to make SELinux work smoothly.
More additions for SELinux
In order to meet a few more dependencies for SELinux I have added libuser and sepolgen to the list of packages.
No ReiserFS with SELinux
After reading around a bit I have found that ReiserFS does not support the security-labels required for SELinux.
It can hold them while the filesystem is mounted (they probably reside in memory only) but after unmounting and remounting they are lost.
Since I think that this isn't a big enough reason to completely kick ReiserFS out of EasyLFS (and it isn't default anyway) I have added an error-message in case the user decides to install SELinux and wants to use ReiserFS.
This comes early in the process, actually before anything is done, and thus it still is easy to change to another filesystem (or to decide not to use SELinux).
Central location for EasyLFS-news
This now is the central location for updates on EasyLFS.
Before I used to spread news all over the place.
I posted some stuff in my German blog (http://www.tutorials.de/blog/dennis-wronkas-blog-6278/), my English blog (http://www.nuxified.org/blog/reptiler), a project topic (http://www.tutorials.de/forum/linux-unix/265368-easylfs-projektthread.html) on the forum where also my German blog is hosted and on my personal website (http://www.reptilenet.de).
As it's quite a headache to take care of posting news everywhere and translating it from one language to the other I have decided that it's really time to get all the information over here.
Old information will most probably not be ported over (maybe some of it, if it's relevant), but all the hot new info will be here. At least it'll be here first, as sometimes I might decide to also post certain bits in one of the other places. But nothing should be there and not here.
As I currently testing a build (32 bit) with the new version of the SELinux-tools and libraries I had to add uStr so that libsemanage compiles.
That's the way it goes.
You change something and suddenly there are more changes to be done all over the place.
Well, it's always interesting, and you keep learning through it.
The next step: 0.4.4
Today I have increased the version-number from 0.4.3 to 0.4.4.
The reason is that now everything seems to compile as planned and thus I will now proceed to the security-features.
In order to use the new referency-policy I will have to upgrade the SELinux-tools, which means another compile-test with x86 and x86_64, but as this is directly related to the security-features of EasyLFS I think 0.4.4, which represents a state where the packages are known to compile on x86 and and x86_64 and now I go towards the big work with the policy.
Plans for the next release
Aside from the support for ADA mentioned in the previous news there are also other improvements coming in the next release.
Of course there have been lots of updates and some packages have been added, as you can see in the dev-section of the project, but also there will be some changes that mostly affect security.
For the next release passwords will not be hashed with MD5 anymore but with SHA512.
POSIX capabilities will be used to, as far as it is possible (for me), replace the SUID-bit.
Aside from these there will also be SELinux again, and I hope to have an even better policy with the coming release.
I do not know yet when it will be ready. The work on EasyLFS always takes a lot of time.
But now I am in a stage where a lot of dull development (updating stuff, checking that the new versions compile, ...) is nearly done. After that it's time for the SELinux-policy and the POSIX-capabilities.
Also the first tests with the latest version of the Linux-Live-Scripts will be made as these always have to be adjusted a bit to fit EasyLFS.
The next release of EasyLFS will finally get the complete support of GCC that the option LFS_GCC_COMPLETE suggests. Support for ADA will be added.
It's been a bit of work, and it involved a few changes, but it's nearly done.