Tiny Core Base > Release Candidate Testing
Core v6.2rc2
nitram:
Thanks for the reponses.
--- Quote ---gerald_clark wrote:
One can always add a check of the md5sum files to bootsync.sh.
However, once access is obtained, there is no security.
--- End quote ---
An occasional manual md5sum check via Apps is good enough for me, but as outlined the check is only valid if the .tcz extension has an associated md5.txt file. So in that sense it is really only a partial and incomplete check. Why run a checker if it only performs a partial job. Of course once access is obtained security is compromised, but providing awareness of missing md5.txt files could help detect possible intrusion/corruption.
--- Quote ---bmarkus wrote:
I do not see why and how a missing md5 is imposing a security risk.
--- End quote ---
Well to me the purpose of an md5 check is not only to confirm an accurate download, but also to help ensure there is no curruption in the system post-install, which could be secondary to a security violation. Does that not make sense?
--- Quote ---gerald_clark wrote:
Core is a toolkit, not a distro.
You can add a simple script to md5sum the whole optional directory at boot.
If you can't, why are you using core instead of a distro targeted for the end user?
--- End quote ---
BusyBox is a toolkit, TinyCore is a distribution.
If not, maybe someone should notify distrowatch and update the TinyCore website:
--- Quote ---About Our Project
Our goal is the creation of a nomadic ultra small graphical desktop operating system capable of booting from cdrom, pendrive, or frugally from a hard drive.
--- End quote ---
http://distro.ibiblio.org/tinycorelinux/
As already outlined, a simple script to md5sum check the optional directory at boot is futile if .tcz extensions in the optional folder are missing an associated md5.txt file. They don't get flagged or checked.
--- Quote ---coreplayer2 wrote:
This is deliberate. At a minimum it's a means to prevent auto-update and accidental removal of modded or personal extensions. I do have a solution and have been using it for a year or more, just need to submit it (wasn't sure if anyone would be interested..).
--- End quote ---
Sorry i don't buy that, Apps > md5 Checking is not designed to update or remove any extensions, modded or personal, it's simply an automated way to complete an md5 check - no system changes. And in it's present state the md5 check is incomplete. Although i appear to be a minority, i would definitely be interested in your solution.
Still can't understand the resistance to flagging missing md5.txt files. How could incorporating this feature be a bad thing? Why should a user need to manually scroll through an optional folder to check for missing md5.txt files when a computer can check so much quicker and reliably.
gerald_clark:
Core Concepts
On behalf of the Tiny Core Team, welcome. Please take the time to read this document and understand the philosophies behind Tiny Core.
One quick user beware: Tiny Core is not a turn-key operating system. At least initially, almost all users will require internet access to the online repository.
--------------
Downloaded programs WILL have an md5 file.
There is nothing preventing you from keeping your own md5sum file of all the tcz files in the optional directory.
Then a simple md5sum -c command will verify all packages at boot.
Core is NOT a secure system. All security must be added by the user.
Once an outsider gains access, no program can be trusted. All the features you think would add security could be faked.
The installation from scratch concept of loading everything anew on each boot does allow you the ability to check the authenticity of your extensions,
but only if you keep the sums on separate storage. If you suspect an intrusion occurred, you would need to boot from a secured thumbdrive and verify the checksums on your persistent storage. Once verified, you could then do your normal boot.
Juanito:
--- Quote from: beerstein on April 29, 2015, 11:35:05 AM ---Tested install again. When I installed leafpad the wbar also disappeared. Then I brought back the wbar using the control panel and tcWbarConf --Apply.
Then installed Firefox and wbar was gone again. After installing several more extensions all of the sudden the wbar did not disappear after an install. Strange?
BTW: I was using CorePlus in cloud mode.
--- End quote ---
I just downloaded CorePlus-6.2rc2.iso, burnt it to CD and booted from the CD using flwm classic.
Downloading and loading firefox and leafpad did not make wbar disappear for me...
Juanito:
The tinycorepure64 legacy-bios/(u)efi multiboot iso has been further slimmed down and is available here:
http://tinycorelinux.net/6.x/x86_64/release_candidates/TinyCorePure64_mb-6.2rc2.iso
The iso is now "only" 3.2mb bigger than the standard version (including 2.4mb of efi fonts).
Most, if not all, (u)efi boot machines appear to be able boot legacy-bios cd/dvd, but there may be advantages to using (u)efi boot:
* drivers may boot up in a faster mode (this was the case with the hd controller in my last laptop)
* there are less non-critical errors reported on boot (manufacturers giving priority to (u)efi boot)
* displays over 1024x768 work at native resolution with Xfbdev
..and this is an easy way to check if your machine will (u)efi boot...
Note that on my hardware with a usb cd/drive and uefi boot, it takes +/- 12s for anything to happen after selecting the tcw (tc waitusb) menu entry.
nitram:
--- Quote from: beerstein on April 29, 2015, 11:35:05 AM ---Tested install again. When I installed leafpad the wbar also disappeared. Then I brought back the wbar using the control panel and tcWbarConf --Apply.
Then installed Firefox and wbar was gone again. After installing several more extensions all of the sudden the wbar did not disappear after an install. Strange?
--- End quote ---
I've had similar experiences with wbar using Firefox, could have been other applications too, using TC6.0 at the time. As i find wbar buggy, on my recent TC installs i now promptly remove wbar and switch to JWM. Since TC aims to provide lean releases, query why it is provided by default in TinyCore, as clicking the FLTK desktop provides all necessary functionality to get started.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version