Annvix
Personal tools
/Release Notes/1.2

From Annvix

Annvix 1.2-RELEASE Release Notes

WARNING: As always, please ensure to backup important data prior to upgrading, including dumping any databases (mysql, postgresql, openldap).

The 1.2-RELEASE release is a maintenance release and marks the end of the 1.x branch. Work will commence on 2.0-CURRENT shortly.

Contents

New Versions of Software

Annvix 1.2-RELEASE comes with several versions of new software. All of it can't possibly be listed, but the important ones to watch out for are listed. We highly recommend doing whatever backup you deem necessary in case anything goes wrong with the upgrade or your data isn't compatible with a new version of the software. Backup guidelines will be noted where applicable for particular pieces of software. The afterboot manpage also contains great information on backing up databases, etc.

The following table illustrates the major components of software that has been upgraded. You may wish to read up on the changes in the software from the individual vendor websites.

Annvix 1.1-RELEASE Annvix 1.2-RELEASE
OpenSSH 4.2p1 OpenSSH 4.3p2
runit 1.3.1 runit 1.3.3
PostgreSQL 8.0.4 PostgreSQL 8.0.7
PHP 4.4.1 PHP 4.4.2
Apache 2.0.54 Apache 2.0.55
nmap 3.81 nmap 4.00
Tripwire 2.3.1.2 AIDE 0.11-rc3

We have also included the following new programs:

  • nut 2.0.1
  • OpenVPN 2.0.5

Kernel Changes

The Annvix kernel is still 2.4-based. Work is ongoing to reintroduce RSBAC with the JAIL, DAZ, CAP, RES, and REG capabilities. The AUTH, RC, and ACL capabilities will be re-introduced for 2.0-CURRENT.

Installer Changes

The Annvix installer for 1.2-RELEASE is largely identical to the installer for previous versions with a few important enhancements:

  • reboot and halt now work as expected; at the end of an install you can now immediately reboot without physically having to reboot the system
  • exim is installed by default (urpmi used to pick postfix)
  • socklog is installed by default (sysklogd is available and can be installed post-install)
  • rsbac-admin is installed by default
  • openswan is no longer installed by default
  • smartctl is now available on the install CD (to help diagnose SMART problems with drives)
  • lvm is now available on the install CD
  • the default grub timeout is now 10s rather than 30s

Upgrading Notes

The upgrade from 1.1-RELEASE to 1.2-RELEASE is much easier to manage than the previous update. First you should remove the "rsbac_softmode" calls in /etc/grub/grub.conf as they do not need to be there (there is no reason to boot RSBAC in softmode). You can do this manually or via perl, and then follow the the instructions: 

# perl -pi -e 's|rsbac_softmode||g' /boot/grub/grub.conf
# urpmi.removemedia annvix
# urpmi.addmedia annvix ftp://[mirror]/releases/1.2-RELEASE/i586/main with media_info/hdlist.cz
# urpmi --auto-select
# urpmi kernel rsbac-admin
# rpm -e --noscripts librpm4.4-4.4.2-3avx

The librpm4.4 (for i586) and lib64rpm4.4 (for x86_64) package must be manually removed as noted above due to a packaging problem with the package as released with 1.1-RELEASE.

The kernel needs to be installed separately (it is never upgraded), and you should install the rsbac-admin tools even if you never plan to use RSBAC (the 1.2-RELEASE kernel is RSBAC-enabled).

NOTE: Due to a bug in the earlier version of srv, if you are running the smbd service, it will not restart gracefully and will put smbd into a "down" state. To correct this, simply issue a srv --up smbd prior to rebooting.

Be sure to update your tripwire or aide database (if you are using either) immediately after the upgrade. Not only is this important from a security standpoint, you will receive and extremely large email overnight if you don't.

Resources

Retrieved from "http://annvix.org/Release_Notes/1.2"



Sponsors: Flights - Credit Card Consolidation - Mobile Phones - Car Insurance