OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-re Date: 17-Oct-2006 15:29:11
Branch: HEAD Handle: 2006101714291000
Modified files:
openpkg-re releasenotes.txt
Log:
New in OpenPKG-2-STABLE-20061018
Summary:
Revision Changes Path
1.27 +108 -5 openpkg-re/releasenotes.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-re/releasenotes.txt
============================================================================
$ cvs diff -u -r1.26 -r1.27 releasenotes.txt
--- openpkg-re/releasenotes.txt 30 Sep 2006 16:43:18 -0000 1.26
+++ openpkg-re/releasenotes.txt 17 Oct 2006 13:29:10 -0000 1.27
@@ -2,7 +2,7 @@
OpenPKG Release Notes
=====================
- o $Revision: 1.26 $. The most recent update of this file can be
+ o $Revision: 1.27 $. The most recent update of this file can be
downloaded from http://cvs.openpkg.org/openpkg-re/releasenotes.txt
The history of this document, specific versions and
differences between versions can be retrieved from
@@ -22,7 +22,9 @@
o Genealogy
1.0, 1.1, 1.2, 1.3, (1.9 available for upgrades from 1.x to 2.x)
- 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.20060622
+ 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.20060622, 2.20061018
+ 2 (STABLE)
+ CURRENT
o Avoid skipping a release when upgrading, especially the bootstrap.
@@ -66,15 +68,116 @@
package because the whole functionality is embedded in the bootstrap
anyway.
- New in CURRENT past OpenPKG-2-STABLE-20060622
+ New in CURRENT past OpenPKG-2-STABLE-20061018
=============================================
+ o nothing documented, yet
+
+ New in OpenPKG-2-STABLE-20061018
+ ================================
+
+ o Build Tool
+
+ The "openpkg install openpkg-tools" helper tool has been removed because
+ the real "openpkg build" tool is now integrated into the bootstrap.
+
+ o SetUID
+
+ The "openpkg" command is now a SUID executable, if the instance is
+ installed by root. If the instance is installed by an unprivileged user,
+ the functionality is not available. The new feature allows privilege
+ adjustments based on the task to be done. A new configuration file
+ %{l_prefix}/etc/openpkg/managers lists the users which may receive
+ additional privileges. If "openpkg" is run by an user not listed in the
+ managers file or the option --keep-privileges is specified, then the
+ command drops its accelerated privileges as early as possible. It also
+ drops the privileges for listed users which execute tasks that do not
+ require superuser permissions, e.g. "openpkg rpm --rebuild". Typical
+ tasks that do require additional permissions, e.g. "openpkg rpm -Uvh"
and
+ "openpkg rc", can be easily used by users listed as instance managers.
By
+ default, the "root" user and the instance management user are listed as
+ managers.
+
+ The management user is able to now really manage the complete
+ instance as it now is able to build and install packages, stop and
+ start services, etc. For instance if it runs "<prefix>/etc/openpkg
+ --rebuild ..." this is still done under his privileges, but the
+ following "<prefix>/etc/openpkg -Uvh ..." is done with root
+ privileges. This means no more "sudo" setups required for the
+ management user and especially the OpenPKG handling is much
+ simplified for the average user as he no longer has to think about
+ whether he has to switch to or from root for the next command all the
+ time.
+
+ The super user is now downgraded to the management user for
+ commands which do not require super user privileges. This especially
+ means that if the super user executes a "<prefix>/etc/openpkg
+ --rebuild ..." it automatically internally is executed under the
+ management user. This way no more packages _CAN_ be built under
+ root privileges. This is a further improvement in security and also
+ improves the OpenPKG "sane build environment" idea.
+
+ ----------+---------------+----------------
+ caller is | task requires | effective
+ "manager" | privileges | privileges
+ ----------+---------------+----------------
+ no | no | caller
+ no | yes | caller
+ yes | no | management user
+ yes | yes | super user
+ ----------+---------------+----------------
+
+ Note the default configuration prevents "root" from building packages
with
+ its inherent superuser privileges, instead they are dropped and mapped to
+ the management user. During transition from older releases which have
+ remaining files from failed builds in the %{l_prefix}/RPM/SRC or
+ %{l_prefix}/RPM/TMP and these files were written by root then they cannot
+ be removed by the new build process because of dropped privileges and the
+ buildl will fail. Simply remove them with standard Unix tools before
+ running "openpkg".
+
+ o SetUID on GNU/Linux
+
+ The glibc is known to exhibit a misbehavior that drops certain variables
+ from the environment when launching a SetUID executable. There is no way
+ for the application to recover the environment chucked out - a design
flaw
+ presumably conceived as security feature. The most annoying issue for
+ OpenPKG is probably the removal of TMPDIR, which leads to various
problems
+ with "openpkg dev" and surly for other tools. The workaround
+ for "openpkg dev" is to set OPENPKG_TEMP in ~/.openpkg/dev.rc directly
+ without deducing it from TMPDIR. Please consult the Linux documentation,
+ if any :-), to understand this deficiency.
+
o %{l_openpkg_release} rpmmacro
- CURRENT packages already have been modified to no longer use the outdated
- "-F %s" construct and compatibility has been dropped from the CURRENT
+ Packages already have been modified to no longer use the outdated
+ "-F %s" construct and compatibility has been dropped from the
bootstrap.
+ o X11 packages
+
+ OpenPKG focuses on the creation of reproducible server solutions. It can
+ be used to package desktop applications but we placed almost all of them
+ into the EVAL package class.
+
+ o EVAL packages
+
+ By popular demand, EVAL packages have been snapshotted, too. This doesn't
+ make them work better but it allows end users and developers to access
the
+ packages that belong to the timeframe of the snapshot even if CURRENT
+ development made them long gone.
+
+ o ISO images
+
+ No ISO images will be rolled for STABLE and snapshots.
+
+ o UPD folder
+
+ As a consequence of no longer providing ISO images, files can be changed
+ (00INDEX.rdf) and added (Updates) to the original location. The UPD
+ folder sibling to BIN and SRC has been removed. Updates will be placed
+ into the SRC folder directly.
+
New in OpenPKG-2-STABLE-20060622
================================
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
