Annvix Development Blog

On it’s way up to the mirrors now are the ISOs for beta2. This is quite a bit later than I expected, but due to circumstances largely out of my control, this is as quick as I could get it up there.

Not much has changed in the installer other than some cosmetics and you no longer need to run net-setup separately before executing install-pkgs. install-pkgs will now offer to help setup your network (by calling net-setup for each found device). Beyond that, there’s no real changes. I’ve tested this in vmware (both i586 and x86_64) so it should work for folks where the beta1 ISOs didn’t.

I’m very close to my package freeze as well. The only thing remaining to stuff in there for version upgrades is courier-imap. I meant to do that today, but monkeying with the installer sucked up quite a bit of time (as well as tracking down all the bits to make the new subversion compile properly). There’s been a massive flurry of updates over the last 2-3 days; lots of stuff to test. I still plan to do a bit of packaging, but it won’t be new versions of anything, what you see is what you get (minus any found/reported bugs, of course).

*Please* provide feedback! Not only on the installer but on 2.0 in general (even compared to 1.2). A lot of hard work has gone into this release over the last 10 months and there are some pretty significant changes. The more hands-on testers, the better.

As for the kernel, looks like we’re stuck with RSBAC for the time being. I’ve emailed Brad about a grsecurity patch for a 2.6.16 kernel but no response from him whatsoever. A little disappointing, but maybe he doesn’t keep older patches kicking around, and porting the 2.6.19 patch back to 2.6.16 looks to be far too much work to do. Things may change for 2.1, but it’s too close to the “end-game” to fight with it now.

It’s been a while since I’ve had any time to really devote to Annvix, what with the holidays coming up, a major project to restructure and convert the Mandriva TWiki to a MediaWiki install instead, and a few web design projects I picked up on the side. Between all of that, the last two months have left me almost no time for Annvix.

But, I’ve got a roadmap in place which will aim for Jan 31st to be the release of 2.0-RELEASE. The first beta will be set for Dec 22nd, the second beta for Dec 31st, and the release candidate for Jan 11, at which point no new packages will be introduced. I aim to get all new versions of stuff that are wanted in place before the 22nd, and then after that it’ll just be bug fixing. So if you know of any outstanding bugs that you’ve come across, now is the time to file them in Bugzilla.

Also, I’m interested in knowing whether or not anyone has even used in the MAC or other access-control features of RSBAC. If not, I’m considering pulling RSBAC out and leaving AppArmor and replacing RSBAC with grsecurity. It’s pretty obvious that in the absence of an official kernel maintainer for Annvix (one who actually knows the in’s and out’s of the kernel) we’re a bit stuck in that I don’t have the skills to backport current RSBAC to the kernel we’re using. I also don’t want to move to 2.6.17 or later, and I’m hoping (although I haven’t tried yet) that backporting whatever needs to be backported for grsecurity to work with 2.6.16 will be a lot easier than backporting RSBAC.

I also think that having RSBAC in the kernel, with no one really taking advantage of it, makes it a lot of maintenance for little benefit. RSBAC has been in the kernel since 1.0-RELEASE and no default policies have been written for it and no easy way to configure it (or even document it) has happened which makes me wonder if pursuing RSBAC is even worth it.

Feel free to discuss on the dev@ mailing list. =)