Syllable Server change log ========================== Kaj de Vos 30 May 2010 http://syllable.org 0.4, 30 May 2010 ================ This release is dedicated to Bas de Lange, without whom it would not have been possible. This release focuses on maturing existing functionality, improving security, ongoing system restructuring, and making the system a suitable base for third-party package managers. The start and stop scripts for the system clock were activated, so that the system can now be correctly configured for running on a machine set to local time (instead of UTC). Package changes --------------- About half the packages in the system were updated, including key components such as the Linux kernel, UDev, the LFS init scripts, DirectFB, SDL, BASh, Packager, OpenSSH, REBOL/Core, the Cheyenne web server and CDRTools. Other important packages such as Ruby, Midnight Commander, Links and Transmission were also updated. A few packages were downgraded to keep them in sync with Syllable Desktop, where some packages need more effort to upgrade than on Linux. Keeping software versions the same between Syllable Desktop and Syllable Server eases development and testing. Boron, the successor to the ORCA programming language, was added. Syllable's system tools (such as Packager) haven't been migrated yet, so ORCA is still included as well. XZ-Utils was added, providing the same LZMA compression as in 7-Zip, but in a different format that is becoming popular, and is better integrated with POSIX systems. TAr was upgraded and this version has support for XZ-Utils. Compression of the main system and the development files pack was changed from 7-Zip to XZ format. The experimental Genode demo that was in Syllable Server 0.3 is not included anymore, because the new versions have become difficult to build on Syllable. The Linux kernel is now version 2.6.27.44, the current stable version. UDev is the most recent version that matches this and the included version of GLibC. This should result in improved hardware support. The upgraded version of CDRTools is supposed to have support for burning DVDs, according to its author, but we haven't tested this yet. The KQEmu module is now loaded automatically at system start, so acceleration is immediately available in QEmu on all systems. QEmu could not be upgraded, because newer versions fail to grab mouse control in the console. The latest development versions of Cheyenne and UniServe are included, which provide a new WebSockets framework for advanced persistent, full-duplex communication with the latest web browsers. They also have important bug fixes. A notable feature of the new version of Midnight Commander is a virtual file system for accessing Amazon S3. A default configuration for MCEdit is now included that sets tab size to four positions, the Syllable standard. The upgraded version of Ruby is not the latest 1.9 version of the language, but the latest version of the older 1.8 branch that works with most Ruby scripts (including Builder). System structure ---------------- The root of the file system was cleaned up, forcing Linux system packages to install into their own package subdirectories as much as possible. Almost only compatibility symlinks remain in the fixed places that third-party software needs. The GCC libraries in the system now have priority over a separately installed full GCC package. This protects system integrity while allowing to install versions of GCC older than the system libraries. This is a cleaner way than manipulating the GCC package, which was done before. Packager and Builder were further developed to improve the use of symlinking for package registration. The symlink pools were moved from /system/indexes/ and /resources/indexes/ to /system/index/ and /resources/index/ to shorten paths throughout the system. The pools now have extra symlinks to point to each package, so that paths can point to the main version of a package in /system/resources/ without including the version. This makes paths robust against version changes of packages. For example, the GrUB boot menu now doesn't include the Linux kernel version anymore, so it will always start the currently selected kernel, without the need to change the menu. The fact that these links are in the symlink pools - not in the package pools - means that different symlink pools could make different selections from the same packages pools, for example for different user accounts or software build environments. Builder now creates the compatibility symlinks throughout the system based on the default symlink pool of a package, instead of the package pool itself. This makes those links robust against changes of both the version and name of packages - which is especially important because these compatibility links are not managed within the package directory of a resource package. Packages are in the process of moving to clearer names for their main package directory. Instead of the traditional, short, lowercase names that are confusing to common people, common typographical standards are now being used. Resource packages have project names, which are proper names, so they are capitalised. Generic terms remain lowercased. When names consist of multiple words, CamelCase is used to avoid spaces. When uppercase abbreviations would lead to CamelCase being concatenated, hyphens are used for more clarity. Abbreviations are expanded when they don't take too much space; roughly twenty characters maximum. Exceptions can be made to keep names recognisable to people who already know the short names, and to keep them roughly in the same place in alphabetical order. Around half the resource packages in the system are currently renamed. The internal structure of resource packages has been heavily reorganised, doing away with the traditional Unix naming that is confusing and has lost its meaning over time. The structure of the symlink pools has changed accordingly. Subdirectories were moved and renamed thus: etc -> settings bin -> programs sbin -> system-programs libexec -> framework/executables lib -> framework/libraries include -> framework/headers share/aclocal -> framework/AutoConfigure share/pkgconfig -> framework/PackageConfigure lib/pkgconfig -> framework/PackageConfigure share -> data share/doc -> documentation man -> manuals share/man -> manuals info -> manuals/info share/info -> manuals/info Subdirectories that are not immediately meaningful to common users are tucked away in the framework subdirectory, a name which should at least signal to users that it should not be tampered with without appropriate knowledge. The documentation directories are split between an unmanaged and a managed (structured manuals) part, to make a distinction in how they should be used and the degree to which a user could tamper with them. Since there is no standard for the location of REBOL and Boron libraries, they can go into framework/REBOL. The Syllable-specific initialisation scripts were also consolidated into one subdirectory. This leaves room for adding the common Unix script classes for stop, reload, restart and status commands: early-init -> tasks/setup init -> tasks/start An extra subdirectory "applications" was introduced for resource packages that contain graphical programs that should appear in an applications menu. A few packages need extra, internal compatibility symlinks because they don't fully support this reorganisation. On the other hand, such links can also be used to solve interdependencies between packages. In such a way, several printing support packages that were previously merged into the CUPS package have now been properly separated. The symlink pool /resources/index/ and Packager have compatibility facilities to support most older binary packages. However, due to this heavy restructuring, several separately available packages don't work correctly anymore. Shortly after the release of Syllable Server 0.4, new versions will be published. To match the renaming within resource packages, the following system directory was also renamed: /system/bin -> /system/programs The system initialisation scripts were also given new names that should be more meaningful to common users: /system/user-early-init.sh -> /system/user-setup.sh /system/user-init.sh -> /system/user-start.sh Security -------- Security of user passwords was improved by enabling MD5 encryption. System configuration was improved to fully support switching between user accounts. Because Linux prevents passing the LD_LIBRARY_PATH environment variable that holds the library search path through SUDo, the system now comes with a preconfigured loader cache in /etc/ld.so.cache. Packager doesn't update this cache, so if you install extra software with libraries that you want to use through the sudo command, you should run the ldconfig command after installation. Due to Syllable's management of search paths, this is still not necessary in other cases. SUDo was configured to allow passing through several extra environment variables that Syllable uses. This is less secure, but makes it more feasible to work from user accounts other than the super-user account. The philosophy is that most systems nowadays are personal systems, where the function of SUDo is to protect yourself from your own mistakes. If you use Syllable Server as a multi-user system where you don't trust the other users but still want to give them (some) SUDo privileges, you should probably install a version of SUDo with its default configuration to protect it from cracking attempts. To make it easier to use sudo, a shell alias "s" was defined for it. The super-user account and super-user group were renamed from the traditional Unix name "root" to "system". This is more meaningful to common people and also increases security slightly by protecting against attacks by the user name "root" instead of user id 0. Now that SUDo is easier to use, log-in to the super-user account was disabled. A default user account named "administrator" was created to signal to the user that this is the account for doing system administration. This way, the roles of the super-user account for running system processes and for logging in to do administration tasks are clearly separated. The default password of the administrator account is "OpenSesame". Although this is a reasonably long password, making it safer when people fail to change it, of course it's a known password and you should change it. To make the administrator account suitable for doing system administration, it has unlimited SUDo privileges. Therefore, you should still create an extra user account for normal operation, to protect against malicious software and your own mistakes. To match the administrator user account, there is a new group named "administrators", which can be used to manage administrator privileges for other user accounts. 0.3, 30 August 2008 =================== This release focuses on making the system usable for running a number of standard servers, and several innovative REBOL servers. Many fixes were made, including more fixes for the CUPS print server and GhostScript. Creation of extra user accounts is possible now. In addition to the Syllable-specific early initialisation scripts (in the early-init subdirectory of packages), the late initialisation scripts (in the init subdirectory of packages) are now also executed. Several more initialisation scripts from Linux From Scratch were also added. Some servers can be started with the LFS scripts, others with the Syllable scripts (this will be unified in later releases). Configurations, including initialisation scripts, were added for the OpenSSH remote access server, the CUPS print server, the BIND domain name server, the Apache web server, the RSync file synchronisation server, the SaMBa Windows-compatible file server, the INetUtils FTP server and the VSFTP FTP server. Several of these are not included in the system, but need to be installed separately (the system is prepared for them). The sshd, cupsd and initd servers are started by default. Package changes --------------- Many packages were updated, including the Linux kernel, IPTables, the GCC libraries, OpenSSH, SDL and QEmu. DirectFB was not upgraded due to incompatibility with Links2. A collection of well-known root certificates from Certification Authorities was added to allow OpenSSL-based programs (such as OpenSSH) to establish the identity of destination points for network connections. A MIME-types database was added in /etc/mime.types that is used by many programs, such as web servers, to identify the MIME types of files based on their file name extensions. CDRTools were included for burning CDs, and the NetCat networking tool and the Transmission BitTorrent client were added. Several REBOL software stacks were added: - The REBOL/Services Service Oriented Architecture. - The UniServe network server framework. - The Cheyenne Apache-class web server. - A CAPTCHA library. - A MySQL network protocol. - The QuarterMaster web programming framework, based on a Model-View-Controller architecture. By default, it's configured to run on Cheyenne. - The TINY library for parsing text, abstracting data access and building templates of generic text formats (including HTML). This library is an original creation and targets both ORCA and REBOL. S3Cmd/S3Sync was included, a tool for accessing the Amazon Simple Storage Service (S3) and synchronising files with it. As a demo, the Genode operating system framework, its Nitpicker windowing server (built on SDL) and its demonstration programs were included. System structure ---------------- The development files of the system, program headers, static libraries and development documentation, were moved to a separate area in /system/development/ and are now shipped in a separate package. If you want to compile software on Syllable Server, you need to install and register this package. The development files need to match the system: you can't use a package of any other Syllable version. (You will also need to install the Developer's Delight package collection and possibly other packages.) User directories were moved from /home/ to /users/. Resource packages are in the process of moving from /usr/ to /resources/. /resources/ is currently a symbolic link to /usr/ so that resource packages will work from both places during the migration. Security -------- The OpenSSH server was configured and now runs by default. At the first system start, security keys are generated that identify the server. 0.2, 14 December 2007 ===================== A number of fixes were made. Most notably, terminal initialisation and printing were fixed. GhostScript is included now. Some of the Syllable-specific initialisation scripts are executed now. Package changes --------------- Many packages were updated, including GLibC, CoreUtils, BASh, ORCA and the printing packages. Several new packages were added. IPTables is included, so Syllable Server can be used to build a firewall. The Wireless Tools are included for configuring wireless networks. The ALSA userspace library and tools were added to provide full access to the audio system, instead of relying on OSS emulation. System structure ---------------- Organisation of packages in the system is greatly restructured. A new package pool was split off from the one in /usr/ and introduced under /system/resources/. The former pool retains its structure, but packages in the new system pool are versioned. This formalises the method of Syllable Desktop to ship older versions of libraries to retain compatibility with existing binary software, so we can also do this on Syllable Server in the future. Except for libraries, the versioned pool is not meant for installing multiple versions of the same package. As a note about software management on Syllable: all separate binary packages for Server 0.1 are still valid on Server 0.2. Despite the heavy restructuring and upgrades to the base system, there are no known cases of binary packages failing due to the upgrade. On Syllable, both Desktop and Server, binary compatibility is maintained as much as possible, and the restructuring itself improves our ability to keep this up in the future. 0.1, 6 October 2007 =================== Initial public release. This version has been a year in the making, all in all, and was already based on the build system of Syllable Desktop. It is a basic Linux system, enough to get it running plus the extra packages that are also included in Syllable Desktop, but without the native Syllable graphical environment. In addition, some goodies are included to make it a system that is already usable for some tasks. These include DirectFB and SDL subsystems for running some graphical applications, and QEmu and its accelerator kernel module for running other systems under virtualisation and emulation. Syllable Server itself is also a good target for running virtualised, due to its small size and complexity.