Home Technology News Today Calamares 2.4.5 Installer Fixes Security Issue with Unencryp…

Calamares 2.4.5 Installer Fixes Security Issue with Unencryp…

252

Today, November 25, 2016, Calamares, the open-source distribution-independent system installer framework, received a new maintenance update, versioned 2.4.5.

Calamares 2.4.5 is here three weeks after the previous point release, namely Calamares 2.4.4, to add quite a bunch of bug fixes, but also manages to sneak in some fairly useful features, such as a new setup in automated install modes for Btrfs subvolumes for @ and @home, despite the fact that Btrfs subvolumes aren’t yet supported during manual partitioning.

Among the improvements introduced by Calamares 2.4.5, we can mention that deployments of the GRUB bootloader with 32-bit UEFI firmware should work correctly now, even on 64-bit systems that use 32-bit UEFI firmware, the Internet connection check in the welcome module received various reliability enhancements and fixes, and operating system detection has been improved for automatic dual boot setup in GRUB.

Security issue with encrypted root partitions addressed

Another interesting change implemented in Calamares 2.4.5 is a patch for a security issue that could allow the creation of unencrypted, separate /boot partitions when attempting to manually set up a system with an encrypted root partition. As such, system integrators are urged to test various scenarios with both unencrypted and encrypted /boot partitions on systems using Debian-initramfs or Dracut.

“With Calamares 2.4.5 it is still possible for a user to set up encrypted / with unencrypted /boot, but such a setup is not recommended and obsolete for most use cases since GRUB supports booting from an encrypted /boot partition or directory,” explain the Calamares developers in today’s announcement, from where you can download the latest Calamares 2.4.5 source archive.

Last but not least, Calamares 2.4.5 addresses a path handling issue that might occur when attempting to reuse an existing EFI system partition. For GRUB bootloader’s os-prober instance to no longer fail when trying to detect an installed OS on the target PC, it is advisable to update any modified mount.conf files you might ship for your system to bind-mount /run/udev similarly to what the upstream mount.conf does.

Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here