Tor-ramdisk 20100115

About two weeks ago the tor team announce the release of tor- Since we had to update our images, we took this opportunity to incorporate a feature request that was made shortly after our last release. When we incorporated DHCP as an alternative means to set up networking, we accepted the IP address, router and DNS server handed out by the DHCP server. But Georg pointed out that the Danish ISPs implement DNS blocking. He wanted to be able to use his own DNS servers, like OpenDNS or the like, and not the ones handed to him by the ISP.

Tin Hat 20091218 is out!

This is primarily a maintenance release with minor bug fixes and lots of updates. The kernel was held steady at 2.6.28-r9, the tool chain was upgraded to gcc-4.4.2-r1, glibc-2.11-r1and binutils-2.20, and over 300 other packages were also upgraded. The tool chain provides all the usual nice hardening techniques, relro, ssp, nx, pie, and all our system binaries were compiled with these features, except for evolution which still requires -z,lazy because of its circular library dependencies.

Tor-ramdisk 20091123 (i686) and 20091124 (MIPS) released

The Tor team has been moving up the 0.2.1.x branch fixing bugs and stabilizing the code, and we're following closely behind. Recently the team announced the release of tor- Three major bugs were addressed, one of which is a memory leak, a sure kill for the tiny tor-ramdisk environment especially since it can be remotely triggered --- see Tor ChangeLog. Both the i686 and MIPS releases update tor to to incorporate these fixes.

Tin Hat 20091003 released!

In this release, we take the leap from our old toolchain and adopt Gentoo's hardened-dev overlay which includes all of the hardening features of the previous release, but implemented using the compiler specs rather than using make.conf and other unsavory hacks. The current toolchain is comprised of binutils-2.18-r3, glibc-2.9_p20081201-r4, and gcc-4.4.1-r2. The entire system build just fine with the exception of epiphany which still has to be linked using -z,lazy due to its ugly interrelated libraries.

Tor-ramdisk 20090926 (i686) and 20090927 (MIPS) released

Andrew Lewman of the tor project asked if some future version of tor-ramdisk could support DHCP. This was an easy enough request. About two weeks ago I edited the setup scripts to allow for one more menu item which invoked busybox's DHCP client, udhcpcd. After a round of debugging I had it ready for i686 and then for the MIPS port. After running on Simba for over a week, its time for their release: the i686 release is named 20090926 and the MIPS port is 20090927. Hmm ... perhaps I should use some other versioning scheme!

Tor-ramdisk MIPS 20090828

I'm a day late in announcing it, but here's the MIPS port of the 20090821 release. Tor and busybox were similarly updated but the kernel needed reconfiguring to allow for the FILE_LOCKING feature which the tor-0.2.1.x branch makes use of. This in turn required block devices to be enabled in the kernel which a pure ram image doesn't necessarily need, and we didn't have im place when we were working with the 0.2.0.x branch.

Both the little and big endian QEMU images were tested as well as atheros image. Tor node "mufusa" is currently running the later image on a Mikrotik 433AH board.

Announcing tor-ramdisk 20090821

The tor team recently moved their stable branch from tor 0.2.0.x to 0.2.1.x which introduced many feature improvements and bug fixes --- see their changelog. The new codebase, however, revealed a bug in the stack smashing protector (SSP) of gentoo's stock hardened compiler gcc-3.4.6 --- see tor bug #1060.

Tin Hat 20090727 is in the wild!

This is perhaps our tightest release yet. While the kernel remained stable at hardened-2.6.28 (a minor bump from -r7 to -r9), we concentrated further on improving the toolchain. After painstakingly wading through a sea of binaries, figuring out what breaks and what doesn't with various toolchain hardening, we able to apply -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -fPIE to cc1, and -pie, -now, -relro to the linker in producing all of our libraries and binaries. Trouble only came from glibc and evolution.

Tor-ramdisk MIPS 20090710 released

This release is the MIPS port equivalent of the 20090627 i686 release in which we updated tor to, the latest stable version sporting some major bug fixes. Updates and changes to busybox, ntpd and the setup scripts also came over with no differences and the build scripts only needed minor editing. We tested both little and big endian QEMU images for several days each (as node Mufasa) before switching to the Mikrotik rb433ah board.

Tor-ramdisk 20090627 is released!

Speak of the devil and he appears! When I last posted that stable tor has been sitting at since February, I had no idea was right around the corner! The announcement came on just the next day. It was a minor effort to edit the build script and incorporate the lastest stable version in the next release of tor-ramdisk.

Syndicate content