ProteanOS Development Kit 2.0.0 released


This is prokit, the ProteanOS Development Kit.

prokit can install a ProteanOS system, run a ProteanOS shell and other
commands, manage software packages in an installed ProteanOS system, and
build packages for ProteanOS (with build dependencies automatically
installed and removed).

prokit is similar in function to the debootstrap, pbuilder, and sbuild
programs of Debian and derivatives.

Here is the Web page for the ProteanOS Development Kit:


Source archives are available from the files site by HTTP or FTP:

Here are the MD5 checksums:

    fff58882380a0f68de0156f0e7fd9e0e  prokit-2.0.0.tar.gz
    ee3070af03f958f6787608ff967b172b  prokit-2.0.0.tar.bz2
    03afe06c62cadf444abd25db7bf6fd99  prokit-2.0.0.tar.xz

Here are the SHA-256 checksums:

    63348c7947d8947aa850e6910bd357c04e33bb0ee271ca3a226e48efa1adaabd  prokit-2.0.0.tar.gz
    43fca35293f23ed067dafa6ae444e14c52fb8ef3fb29da495b7fff441e933376  prokit-2.0.0.tar.bz2
    2ac7e194e76e8839c5cf6c73ca5d60060260430273ac3642c3b11a6305e10f93  prokit-2.0.0.tar.xz

The sources are maintained in a Git repository:

This release is marked by the "prokit/2.0.0" tag.

NEWS for Version 2.0.0

This major new release of prokit has been in development since
2014-10-13.  Major new features include automatic block device mounting;
new "prokit installer-pc" and "prokit mkinitramfs" commands; downloading
and storing gzip-compressed package feed index files; verifying package
feed index file signatures against a validated archive certificate; and
fetching lists of ProteanOS architectures, platforms, and archive

Security fix:

  * An unsafe "eval" command has been fixed.  Running prokit's "install"
    command with an untrusted "root" directory argument, as in the shell
    command `prokit install dev/trunk "root'; echo hello #"`, allows
    arbitrary code execution.  This is fixed by Git commit 1ce4ec3.
    This is considered a low-impact vulnerability, because running
    prokit's "install" command with untrusted arguments is an unlikely
    use case.

New dependencies:

  * prokit now requires OpenWrt's usign utility, which verifies ed25519
    signatures compatible with OpenBSD's signify utility.  An embedded
    copy of usign is included, which additionally requires CMake to
    build, or a system copy can be used instead.
  * prokit now requires gunzip, either sfdisk or fdisk, mke2fs, cpio,
    and xz from XZ Utils.

Command-line interface:

  * "prokit install", "prokit shell", "prokit opkg", and "prokit build"
    now accept either a block device file name or a directory name
    (previously only accepting the latter).  A block device is
    automatically mounted and unmounted on a mount point managed by
  * A new "prokit installer-pc" command has been added to install a PC
    system onto a block device.
  * A new "prokit mkinitramfs" command has been added to generate an
    initramfs containing an installed system.

System installation changes:

  * A basic "/etc/group" file is now generated on ProteanOS systems.
  * "prokit install" in the ProteanOS profile now only copies
    "/etc/resolv.conf" and "/etc/hostname" from the host system if the
    platform is "dev".  It also now does not enable system services on
    the "dev" platform.  On other platforms, it enables services and
    sets the hostname to "proteanos".
  * A list of valid ProteanOS architectures and platforms is no longer
    hardcoded.  This list could become outdated between prokit versions
    or even ProteanOS suites.
  * A list of ProteanOS package archive mirrors is no longer hardcoded.
    Instead, the list is fetched from the ProteanOS files site as
  * ProteanOS package feed index files are now downloaded and stored in
    gzip-compressed form.
  * ProteanOS package feed index file signatures are now verified
    against the archive certificate, which in turn is validated against
    the root archive key.

Bug fixes:

  * "prokit install" now only throws a "Directory ... exists" error if
    the specified root directory is not empty.
  * Two bugs related to gzip-compressed package feed index files have
    been fixed.

Build system and code quality:

  * The build system now links all shell objects into the prokit
    executable instead of distributing shell modules that are linked
    into prokit at run time.
  * Git commit information is now shown in "prokit version" output and
    manual pages if built from a Git repository.
  * Various error conditions are now handled more cleanly.
  * Uses of the non-portable "%s" date format conversion specifier and
    "expr" command have been replaced.
  * The test suite is now based around the TAP protocol.
  * Code quality has been improved: eval commands are now safer against
    mistakes in input validation/escaping, echo commands have been
    replaced, errors are handled (making the shell "-e" option safe), an
    obselescent [ (test) command option has been removed, and commands
    are protected from variable arguments beginning with "-".

Shortlog of Changes Since Version 1.1.0

   304	P. J. McDermott
   182	Patrick McDermott

Commit descriptions suppressed for brevity.  To see a log summary with
descriptions, run:

    $ git shortlog prokit/1.1.0..prokit/2.0.0

Diffstat of Changes Since Version 1.1.0

 84 files changed, 5359 insertions(+), 2123 deletions(-)

Difference statistics truncated for brevity.  To see full statistics,

    $ git diff --stat --find-renames=50% \
    > prokit/1.1.0..prokit/2.0.0

Patrick McDermott, CEO
Putting customers in control of high-quality technologies

Attachment: pgpvsOEtotZe0.pgp
Description: OpenPGP digital signature