Jump to: navigation, search

Quick links:

[edit] Supported Releases

[edit] CD280

Released 03/12/10

CD280 is based on the current (4.6) release of OpenBSD and JVM 1.7.0.00b59p0. OpenBSD 4.6 provides improved support for recent hardware, see http://www.openbsd.org/i386.html. In addition to a range of minor bug fixes and stability improvements, CD280 features:

  • Support for sites where external Web access requires using a proxy.

With this release, we are ending support for CDs before CD273. LOCKSS boxes running CDs before CD273 will continue to function but will not receive any further daemon upgrades.

We strongly encourage everyone to upgrade to CD280. If you are running a CD before CD273 you should upgrade to CD280 without delay. In particular, please upgrade to CD280 before adding extra disks to your LOCKSS box.

[edit] CD273

Released 09/28/09

CD273 is based on the current (4.5) release of OpenBSD and JVM 1.6.0_03-p4. OpenBSD 4.5 also provides improved support for recent hardware, see http://www.openbsd.org/i386.html.

  • To reduce the impact of disk corruption, CD273 divides new disks bigger than 500GB into multiple partitions. When adding batches of new AUs the daemon will by default place them on the partition with the most free space. You may choose a different partition at that time if you wish.

With this release, we are ending support for CDs before CD267. The older CDs we have been supporting cannot run Java 1.6, which required us to build the daemon with an old version of Java, and prevented us from using current Java language features. LOCKSS boxes running CDs before CD267 will continue to function but will not receive any further daemon upgrades.

We strongly encourage everyone to upgrade to CD273. If you are running a CD before CD267 you should upgrade to CD273 without delay. In particular, please upgrade to CD273 before adding extra disks to your LOCKSS box.

[edit] CD267

Released 03/09/09

CD267 is based on the current (4.4) release of OpenBSD and JVM 1.6.0.03p2. The latest JVM should provide further significant improvements in the stability of the LOCKSS daemon. OpenBSD 4.4 also provides improved support for recent hardware, see http://www.openbsd.org/i386.html.

  • A bug affecting some large disks has been fixed. In previous versions the fsck file system check program could fail with disks containing more than about 600MB of content, preventing the machine from successfully recovering after unexpected shutdowns.
  • PLN administrators may create pre-configured CDs with the new reconfigure-CD script.
  • Passwords are encrypted with SHA-256.
  • Mail handling is improved.

CD267 has a bug in Demo mode, which causes it to pause with the message "Enabling swap: FAILS" and a # prompt. Type CTRL-D and Demo mode will resume. If asked, eject and replace the CD.

[edit] CD261

Released 06/17/08

CD261 is based on the current (4.3) release of OpenBSD and JVM 1.5.0_14-p8. We did not release a LOCKSS CD based on OpenBSD 4.2; we were waiting for fixes to some JVM problems that have now arrived. The latest JVM should provide significant improvements in the stability of the LOCKSS daemon. CD261 also contains various minor bug fixes. 4.3 OpenBSD also provides improved support for recent hardware, see http://www.openbsd.org/i386.html.

[edit] CD250/CD253

Released 07/06/07

With the release of CD250, based on the current (4.1) version of OpenBSD and JVM 1.5.0p28, you will notice some changes to the configuration dialog based on feedback we have received from various libraries using the LOCKSS system.

As part of our work with the Library of Congress the LOCKSS system will be undergoing a security audit. The criteria for this audit mandate several changes to the system. The first is password rotation. Each time you (re)configure your LOCKSS box you have to choose a password for the administration user interface, and a root password for the system. With CD250 the password for the administration user interface must be different from its predecessor. We will enforce the same restriction on the root password in a future release. Changing passwords regularly is always a hassle but it is important for good security.

The second major change to the configuration dialog is the introduction of the "Additional configuration" section. There were an increasing number of questions that were not relevant to most libraries' configuration. We have moved these to a separate section. You will be asked them only if you answer "Y" to the "Additional configuration" question. You need do so only if one or more of the following applies to you:

  • You are part of a Private LOCKSS Network.
  • You want to use ICP (Internet Cache Protocol)
  • You want to use a local NTP (Network Time Protocol) server to synchronize the LOCKSS box's clock instead of the default pool.ntp.org servers.
  • Your LOCKSS box is behind a NAT (Network Address Translator).
  • Your SMTP mail server requires a user name and password and/or TLS encrypted connections.

You will only notice the third improvement if your LOCKSS box has multiple network interfaces. This is an improvement to the dialog that allows you to choose the one that will be used. The dialog now displays the list of interface names and allows you to type one of them in rather than presenting them one at a time.

UPDATE: Some sites have reported a bug with CD250 that results in the daily security mail going to root at the mail hub (SMTP server) instead of to the LOCKSS system administrator e-mail address. We have fixed the problem via a download-able package. Please go ahead and install CD250. It should automatically download the fix within the first hour. You will get an e-mail when the fix has been downloaded asking you to reboot your LOCKSS box. The fix will be activated when your LOCKSS box comes back up. We apologize for any annoyance caused to you and your mail administrator.

CD253 was a bug-fix release for CD250.

[edit] Older Releases

LOCKSS boxes running older LOCKSS Platform CDs will continue to operate but will not receive new versions of the LOCKSS daemon. We urge operators of such LOCKSS boxes to upgrade to the latest version.

[edit] CD243

Released 1/24/07

  • New version of OpenBSD - 4.0
  • LOCKSS Features
    • Network Time Protocol now configurable
    • Upgrade to JVM 1.5.0p20
    • /sbin/shutdown command now available
    • Multiple ICP subnets now supported

[edit] CD230

Released 5/30/06

  • New version of OpenBSD - 3.9 (actually, the system is based on the OpenBSD -current branch somewhat after the official 3.9 release, allowing us to include some important recent fixes).
  • Features
    • Native SATA disk support.
    • Supports non-US keyboards.
    • Supports storing config on boot CD.
    • Improved support for storing config on USB dongle.
    • Accepts multiple admin subnets (for ssh access and initial UI access).
    • Supports ICP (opens port in packet filters).
    • Supports V3 polling (opens port in packet filters).
  • Bug fixes
    • Stopped unnecessary "find" process that ran daily over /cache partitions

[edit] CD182

Released 8/22/05

  • New version of OpenBSD - 3.7
  • Features
    • Highest daemon package version now determined by the same java code the daemon uses.
    • Better randomization daily package download time.
    • Daemon package can now set JVM memory limits, ulimit, etc.
    • NTPD updates system clock at boot time.
    • Error codes in install process now accompanied with brief description of what's wrong.
    • Passwords no longer echoed to the screen during configuration.
    • Initial support for USB dongles replacing config floppies.
    • New packages should automatically be downloaded on initial boot.
  • Clean up
    • Removed 1.3 emulated JVM

[edit] CD167

Released 3/16/05

  • New version of OpenBSD - 3.6
  • JVM:
    • Moved from JVM 1.3 running under Linux emulation to JVM 1.4 running natively on OpenBSD. This JVM includes a just-in-time compiler providing much better performance.
  • IP Packet filtering:
    • all unused TCP and UDP ports are blocked.
    • ssh access is limited to the administrative subnet specified at config time and, if LOCKSS team members are allowed to ssh in, some Stanford addresses.
  • Bug fixes:
    • tcpdump works again.
    • ./immediate_system_upgrade works even if the nightly package update hasn't yet run.
    • fixed an email loop that can happen in some rare circumstances.
  • Package download timing is properly randomized.
  • ntpdate runs at startup to synchronize the peer's clock with an NTP server.
  • Changed from md5 to sha1 for package hashing. MD5 is broken. Alas, just recently it has been rumored that that SHA1 is broken too. Neither break places LOCKSS peers at significant risk, but we will be changing hash algorithms again for the next release.
  • Improved handling of the group of test peers that we run internally.
Retrieved from "http://www.lockss.org/lockss/Platform_Release_Notes"