A secure, built-from git-controlled source Linux system that is fully auditable and runs solely from RAM.
Produces ready-to-run images that consist of just one file ready to be booted using grub, pxeboot or QEMU with an embedded copy of all required software inside a read-only init disk.
And, because it bootstraps itself from almost nothing, only a system C and C++ compiler, binutils and BusyBox are all that are needed to get started (although a wrapper script using an Alpine Linux chroot is usually more convenient).
This builds a full Libertine Linux image for a machine called example:-
git clone --depth 1 --recurse-submodules --shallow-submodules https://github.com/lemonrock/libertine.git
cd libertine
# This script tries to:-
# * Populate a packages git repository (not submodule)
# * Use ssh-keygen to generate RSA and ED25519 keys for the `example` machine.
./prepare-sample-configuration
# Wait a long time
# Run inside a known, good, versioned Alpine Linux v3.9 chroot (in the future, we'll use a known good Libertine Linux image; this is just a bootstrap).
./run-libertine-in-reproducible-chroot -v -v
# Output ready-to-run Linux image is in sample-configuration/output/machines/example/libertine-linux.vmlinuz
# Test using QEMU (requires qemu-system-x86_64 to be present)
old/test-with-qemu
# Now log on to the console with a root password of `helloworld`
To see what's going on, take a look at the files in sample-configuration/machines. If you copy the example machine folder, you can start work on your own. Machine names should be simple; DNS hostnames work best. There's a section below on understanding the configuration files that make up a machine. Machines are just a collection of packages, their configurations and any machine specific files. For example, the salted, hashed root password is stored in the file sample-configuration/machines/example/package-configurations/libertine_filesystem_root_password.config.
I like the idea of having one system, doing one thing well, that can be stored entirely in source control. That rebuilds as the same system every time from minimal dependencies. And that has zero administration. I want a system I control which version goes where. So that means no package manager arbitarily ----ing things up (eg when homebrew's switch of llvm version from 3.8 to 3.9 wasted me a day). Instead our packages are just folders in git, with submodules for the upstream sources.
I want a system I can just boot and use from RAM via PXE or QEMU / KVM. So I can deploy a large cluster, and upgrade machines by just rebooting. Reboot to upgrade means I don't have to think whether that CVE fix to glibc means I have to restart all services or just those services and in what order. If the Linux install is small and simple, this will actually be quicker - and it won`t need an admin logging onto boxes. That means having a kernel with a builtin initramfs and command line, so there are no external dependencies.
I want a system where I can patch a critical component - say the shell - by just a fork in git. That means avoiding release tarballs, and taking charge of the GNU Build System auto-guff. Making sure a bug in automake doesn't make a CVE in my OS. It means being able to rebuild the entire OS, and self-bootstrap, from almost nothing. Right now, Libertine Linux works with just a C/C++ system compiler (with associated binutils) and BusyBox. It doesnt even need make, perl or auto-shaft` (automake, autoconf, etc) installed. It builds its own toolchain from scratch (including core utils), and so captures all those subtle inputs that the build environment can influence in the output.
I also like simple DevOps, and the ability to make the OS and the software I deploy one and the same. The idea of taking an OS that really is effective for the desktop, and using it for a server, is not sensible; the recent debacle of systemd shows us how confusing that can become. Instead, the right place to look for low maintainance, secure systems is the embedded space and the supercomputing space. Many of the design decisions in Libertine Linux are from my experience of building internet-scale, large deployment clusters and high performance, reliable and robust software over the last twenty years.
Lastly, though, the development of Libertine Linux debunks the mantra that the bazaar is better than the cathedral; it`s not. The lack of coherent end-to-end thinking (from computer scientist with a clever algo, to system administrator patching security holes, via kernel and system and application software developers) is why we have complex, brittle and insecure systems today. Too few of us have enough experience or interest to see from one end to the other. And none have the time or finances to count. Too few place value on what they perceive as the little things - consistency, organization and communication - and instead retreat into jargon and flame wars. Until superb programming is equated more with fine art and the best examples of literature, and not historic and strange practices, security and integrity will suffer. I am as guilty as most; just look at some of my descriptions below!
- Recreate any server exactly from source control: Everything is built from source
- This allows total versioning - something not other system using a package manager can achieve
- Use source control administrative policies to control all server definitions in your estate
- Cryptographic hashes are used to determine if rebuilds are required (like NixOS, but without the package management)
- Sadly this is not true for anything using
npm; currently this is just grafana
- Everything runs from RAM; disk is only used for persistent data if configured
- All data is lost on power off
- No need for a initrd, disk, etc; everything is inside one linux kernel image
- Boots over the network using PXE
- Ideal for large server farms and clouds like Vultr.
- Upgrade by simply rebooting or by kexec
- True PXE - not just PXE for installation
- Boots in KVM and QEMU by just passing
qemu-system-x86_64 -kernel my-machine-kernel.vmlinuz- Kvm / Qemu settings can be managed as part of source control
- Empty drives for persistent storage can be created on first boot (see
montebianco/montebianco-qemu)
- Extremely Secure
- Kernel is built with PaX and grsecurity
- With full protections; for instance, the TCP stack always plays dead
- No loadable modules; highly resistant to module-based rootkit attacks
- No loadable firmware; all necessary firmware is compiled into the Kernel
CONFIG_EXTRA_FIRMWAREcan be set to the exact set required (egCONFIG_EXTRA_FIRMWARE="amd-ucode/microcode_amd_fam15h.bin")- We use a git-versioned source of firmware
Persistent storage uses encrypted ZFS- ZFS is currently broken for a grsecurity-patched Linux
- No package manager
- No way to install packages at runtime
- No unnecessary packages with an extremely small footprint
- Lets you audit and understand exactly what`s there
.so, (lib),man,info, headers, etc not installed- Uses busybox over GNU utilities; may switch to Toybox when that is viable in a couple of years
- Useless legacy cruft not installed (
su, floppy disk programs,chat,cal,ftp,telnetetc) - Only the desired timezone data (UTC by default) and keyboard maps and console fonts installed
- All libraries are statically linked; .so symlink attacks and
LD_PRELOADare impossible- With the exception of
nodejs, which simply doesnt work with common modules in this case (egnode-sass`) - With the exception of bespoke builds of
luajit, which need to usedlopen()
- With the exception of
- Compilation uses hardened settingd
- Full RELRO (
-Wl,-z,relro,-z,now) - Uses a strong stack smashing protector (
-fstack-protector-string) - Uses
_FORTIFY_SOURCE - Uses Position-Independent-Executables for statically linked binaries, aka
static PIEBreaks ZFS on Linux (egzed) and OpenSSH
- Full RELRO (
- Kernel auditing enabled
- Used by OpenSSH (which is an optional dependency)
- Used by Sudo (which is an optional dependency)
- Everything goes to syslog wherever and whenever possible
- Choose to have root with a password or not, but
- Root logins only possible on the console
- No suid binaries
- ping does not need to run as root
- except for
sudo- which is an optional dependency - There is no
su
- Login shells have an inactivity timeout enforced of 5 minutes
- Kernels can have built in command lines which can not be overridden on boot
- Use this to increase isolation from the pre-boot environment and bootloaders
- Inbound and Outbound firewalls are always on
- Syslogging uses TLS 1.2 over TCP with very modern cipher suites
- UDP is disabled except for localhost
- TCP is never used except with TLS 1.2
- By default, all logs are always shipped to a central syslog server; this could also be logstash or whatever
- Libressl is the preferred TLS library
- libressl (library and binary) and curl have been patched to have far more robust default ciphers
- Both have been patched to
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256 - This can be overriden by configuration
- This change affects all dependents, such as
git,syslog-ng, BusyBoxwgetand others - Previously libressl (both library and binary) was
ALL:!aNULL:!eNULL:!SSLv2 - Previously curl was
LL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
- Both have been patched to
- Only Perfect Forward Securcy ciphers are enabled wherever possible
- ChaCha20 is preferred with AES-GCM a close second
- This change leaves nodejs vulnerable, especially as npm (as it uses an internal ssl library)
- Likewise, go binaries are probably vulnerable
- nodejs is very vulnerable, because iy uses it`s own built-in openssl with features only supported by openssl
- And the attitude of the developers to recitfying this is poor: nodejs/node#428
- Many of Node JS`s CVEs are because of this
- Having built node.js, and had many issues with it and related tools, I have come to the conclusion that it`s garbage
- DO NOT USE UNLESS YOU HAVE TO
- libressl (library and binary) and curl have been patched to have far more robust default ciphers
- Kernel is built with PaX and grsecurity
- Custom kernels fully supported
- Build only the support in you need for maximum security
- No systemd
- All daemons start at init and stop at shutdown; no need for anything complex whatsoever
- All daemons run using source`d shell scripts
- Basic PID 1 init supplied by BusyBox
s robust, tried-and-testedinit` - No runlevels; they`re pointless
inittabused only for starting and stopping
- Essential daemons only run in the base build, but there`s no need to use them
- Simply define your own base build
- Daemons are not even included in the build if they
re disabled in busyboxs config
- No need for swap, encryption or complex mounts; no switch root or pivot or the like
- Many Network Features supported out-of-the-box
- Uses easy to work with
ifupdown - Traffic Shaping
- NIC Bonding (Teaming)
- VLANs
- MVLANs
- Bridges
- Static Routes
- Tunnels (TUN devices)
NFTables Firewalls(and hence legacy iftables)- To do
- By default, we use a large list of known spam, etc hosts and block them with duff entries in
/etc/hosts.
- Uses easy to work with
- The set of software packages and their configuration for a machine, are just plain text files and so are easy to store in source control
- All files like
/etc/hostsare created at compile time from snippets in folders like/etc/hosts.d/*.hosts- No need to ever edit them
- Different packages can contribute different snippets
- This allows configuration to be
built up - Same approach is used for
/etc/passwd,/etc/groupetc, allowing as much as possible to live in source control as plain text files.
- Downstream packages can override any snippet, if you don`t like it, just create a file with the same name
- The set of snippets to combine are extensible; just have your package drop a
my-package-name.combinefile in/etc/combine.d. - POSIX shell variables can be used in the snippets (which are effectively templates) to configure networking or architecture, using anything in
architecture.configornetworking.config. - Current snippeted features in the baseline filesystem (package
libertine_filesystem) include:-/etc/binfmt.d- used in shell glob sort order
/etc/combine.d- used in shell glob sort order to work out what to combine - this is the
masterlist
- used in shell glob sort order to work out what to combine - this is the
/etc/ethers.d/etc/filesystems.d- Used by
mountas an override to /proc/filesystems - Not created if contents would be empty
- Used by
/etc/fstab.d/etc/group.d- Currently does not correctly combine multiple group entries
/etc/gshadow.d- Not very useful
/etc/hosts.d/etc/issue.d/etc/mactab.d- used by
ifnamebefore bringing up an interface to rename it based on a MAC address
- used by
/etc/mdev.conf.d/etc/motd.d/etc/networks.d/etc/nologin.txt.d/etc/passwd.d/etc/protocols.d/etc/securetty.d/etc/services.d/etc/shadow.d/etc/shells.d/etc/sysctl.conf.d- used in shell glob sort order
/etc/iproute2/rt_dsfield.d/etc/iproute2/rt_protos.d/etc/iproute2/rt_realms.d/etc/iproute2/rt_scopes.d/etc/iproute2/rt_tables.d/etc/network/interfaces.d/etc/network/staticroutes.d/etc/network/traffic-control/class/add.d- Used by
tc
- Used by
/etc/network/traffic-control/filter/add.d- Used by
tc
- Used by
/etc/network/traffic-control/qdisc/add.d- Used by
tc
- Used by
/etc/profile.d(used uncombined)/etc/acpi.map.d(combined at daemon launch time)/etc/acpid.conf.d(combined at daemon launch time)/etc/ntp.conf.d(combined at daemon launch time)/etc/syslogd.conf.d(combined at daemon launch time)/etc/crontab.d(combined at daemon launch time)
- Additional snippets can be added by adding files to
/etc/combine.d- Each entry is a line denoting the root folder, the file to create, its permissions and the type of combining
/etc passwd 0600 passwordmeans look for combine files in/etc/passwd.dto create/etc/passwdas 0600 and combine them using thepasswdtype of combining- It also means that the files to be combined will have their permissions changed to 0600
- The types of combining are:-
nosort- just concatenate the files together in glob-search orderdefault- concatenate the files together with lines sortedhasfiles- only combine if at least one file is presentnocombine- do not combinepasswd- for the passwd file/etc/passwdshadow- for shadow files, such as/etc/shadowand/etc/gshadowgroup- for the group file/etc/group
- The following are used as snippets by native programs:-
/etc/network/if-pre-down.d/etc/network/if-down.d/etc/network/if-post-down.d/etc/network/if-pre-up.d/etc/network/if-up.d/etc/network/if-post-up.d/etc/network/ifplugd/link-down.d/etc/network/ifplugd/link-up.d/etc/network/ifplugd/link-error.d/etc/network/iproute2/rt_dsfield(note there is no trailing.d)/etc/network/iproute2/rt_realms(note there is no trailing.d)
- All files like
- Random entropy is increased at boot time by downloading (over https) from random.org
- Sadly currently not reliable
- We do not use Ubuntu`s pollinate service as it is far too Ubuntu-specific
- We would like to add support for tpm-tools
- Where possible, grsecurity is used to increase kernel entropy
- The
/procfilesystem is securely mounted.- The
hidepidmount option is set to2.
- The
- Language choices and preferences
- For today: C, or C++ if we have to
- For the future: Rust and, if we have to, Go
- For everthing requiring glue: POSIX sh (not bash)
- For complex or performant scripting: Lua (as LuaJIT)
- Just come with too many issues and complexity creating insecurity: Legacy cruft like Perl or M4, horrible like JavaScript or PHP, difficult to deploy like Python or just uggh, Ruby
- Note that perl and m4 are implicitly used becayse building Linux and anything using Autocruft needs them
- Real Time Clock (RTC) is always assumed to be UTC. Running a BIOS clock in local time is a great way to create problems.
A machine is simply a folder containing files that describe how it is to be configured and what software packages to build for it and how. These files and their permissions are used to create a cryptographic hash; consequently, if the configuration files change, the machine is considered to have changed and can be rebuilt.
The file system layout of these files is as follows:-
machines/
my_machine_name/
.gitignore
package-configurations/
<files ending .conf or .mkdir>
...
packages/ (usually a symlink)
settings/
architecture.config
networking.config
initramfs.contents
packages.list
compiler-flags/
build-c.compiler-flags
build-cxx.compiler-flags
host-c.compiler-flags
host-cxx.compiler-flags
initramfs/
<files and folders to copy onto the initial initramfs>
code-signing/
client-authentication/
qemu/
qemu-command-line.config
qemu-drives.config
qemu-drives.configAn optional file to ignore anything that should not go in source control, eg private keys stored intside the initramfs/ folder.
A small number of packages can be configured in different ways using one of two kinds of files: .config and .mk
These are named as <package>.config (where <package> is a software package name) and are shell script files which are source``d by when it is built. They typically contain shell script variables which can be set to different values to control the package output. If a.config file is missing, the packages build will use sensible defaults. Since these files are shell script, they can contain empty lines and comments starting with #.
These are used by a very small number of packages that use a linux-like makefile configuration system. Currently this is restricted to the packages build_busybox, busybox and linux_prep (The name used to separate builds of Linux source code from builds of the Linux kernel with an embedded initramfs disk). By default, these are relatively symlinked to default files supplied by the said packages, but can be overridden by local copies if desired.
This is usually a symlink to a git-controlled folder of packages, typically from https://github.com/libertine-linux/packages. However, this need not be the case.
This file contains a definition the architecture of the machine being built, eg libertine_architecture='x86_64'. At this time no other architectures have been successfully tested, although support for 64-bit ARM (aarch64) is desirable.
This file contains definitions for networking variables, which are used (as of the time of writing) to configure the Linux kernel, fill in some files in the initramfs (eg /etc/domainname, /etc/resolv.conf) and to populate static interface definitions for, say, eth0 (machines/example/settings/initramfs/etc/interfaces.d/eth0.dhcp.interfaces) and iPXE.
This file is a Linux kernel configuration file that changes the permissions and user and group ids (uid and gid) of files and special files (eg devices) that are present in the initramfs disk. It may contain comments lines starting with #. For example:-
file /etc/ssh/ssh_host_ecdsa_key initramfs/etc/ssh/ssh_host_ecdsa_key 0400 0 0
file /etc/ssh/ssh_host_ed25519_key initramfs/etc/ssh/ssh_host_ed25519_key 0400 0 0
file /etc/ssh/ssh_host_rsa_key initramfs/etc/ssh/ssh_host_rsa_key 0400 0 0
file /etc/ssh/sshd_authorized_keys/raph initramfs/etc/ssh/sshd_authorized_keys/raph 0400 0 0
dir /home/raph 0700 1000 1000
dir /srv/httpd/myhttpdsite 0500 89 89
# rcS will change the uid:gid to 89:89 as part of boot
file /srv/httpd/myhttpdsite/index.html initramfs/srv/httpd/myhttpdsite/index.html 0400 89 89
Individual packets may also generate similar files, and the resultant file given the to the Linux kernel build process is a composite.
This is a file listing the software packages (in packages/) to build and install. Blank lines are ignored, and lines may be commented by starting them with #.
This folder contains files used to make performance and other optimizations when compiling using the C and C++ compilers (and, in the future, possibly the Rust compiler).
All of the files here follow the same structure, and have one command line argument per line. For example, a typical file for controlling builds of code that will end up in the final initramfs disk image might be:-
-static
--static
-Wl,-Bstatic
-static-libgcc
-Werror=implicit-function-declaration
-Wl,-z,relro,-z,now
-fstack-protector-strong
-D_FORTIFY_SOURCE=2
-D_GNU_SOURCE
-D__gnu_linux__
-O3
-fno-asynchronous-unwind-tables
-fno-unwind-tables
-ffunction-sections
-fdata-sections
-Wl,--gc-sections
-fno-common
-fomit-frame-pointer
Blank lines and comments are not allowed and the final line must end with a line feed.
The files used are:-
build-c.compiler-flags: These are flags to be used by the C compiler used when building the initial bootstrap toolchain.build-cxx.compiler-flags: There are flags to be used by the C++ compiler used when building the initial bootstrap toolchain.host-c.compiler-flags: These are flags to be used by the C compiler when creating binary code to be used in the resultant Libertine Linux initramfs disk image; they should normally contain optimizations.host-cxx.compiler-flags: These are flags to be used by the C++ compiler when creating binary code to be used in the resultant Libertine Linux initramfs disk image; they should normally contain optimizations.
These are machine-specfic files to be put into the resultant Linux initramfs disk image. The folder structure inside this folder is preserved as-is, although permissions, user ids and group ids can be overridden using the initramfs.contents file. A typical thing to include might be SSH host private keys, machine specific configuration for syslog or sysctl, network interface configuration, static HTTP content to serve and the like. Nothing that requires a writable disk at runtime should be in here.
Content that should not end up in source control (git), eg SSH private keys, should be explicitly ignored using .gitignore, or a solution such as git-crypt used.
The files in here are used to sign the produced linux kernel (libertine-linux.vmlinuz). They are generated automatically during the build if not present. The files are standard OpenSSL PEM files containing:-
libertine-linux.vmlinuz.certificate.pem: a code signing certificate;libertine-linux.vmlinuz.key.pem: a RSA private key (currently 4096 bits)
The files in here are used to authenticate a iPXE client to a server when booting. They are generated automatically during the build if not present. The files are standard OpenSSL PEM files containing:-
client-authentication.certificate.pem: a code signing certificate;client-authentication.key.pem: a RSA private key (currently 4096 bits)
This is an optional folder for testing using QEMU using the test-under-qemu program.
This file contains QEMU command line switches. These may be on multiple lines. Empty lines and lines consisting entirely of whitespace are ignored. Lines starting with # are ignored. The command line switches are concatenated together using spaces before beingeval'd by the shell.
- The value
${SETTINGS_PATH}is replaced by the actual absolute path to the machine's QEMU settings (egmachines/<MACHINE_NAME>/qemu) folder; - The value
${MACHINE_PATH}is replaced by the actual absolute path to the machine's output (egoutput/machines/<MACHINE_NAME>) folder; - The value
${MACHINE_NAME}is replaced by the actual machine name.
This file does not need to be present.
This is a nearly standard QEMU INI-style device configuration file that is pre-preprocessed before being sent to QEMU:-
- The value
${SETTINGS_PATH}is replaced by the actual absolute path to the machine's QEMU settings (egmachines/<MACHINE_NAME>/qemu) folder; - The value
${MACHINE_PATH}is replaced by the actual absolute path to the machine's output (egoutput/machines/<MACHINE_NAME>) folder; - The value
${MACHINE_NAME}is replaced by the actual machine name; - Values unsuitable for Mac OS X are removed.
The QEMU device configuration file format is very poorly documented by QEMU. A good first place to start is to actually read the parse source at http://git.qemu.org/?p=qemu.git;a=blob;f=util/qemu-config.c and grep for things like QEMU_OPT_STRING, QEMU_OPT_SIZE, QEMU_OPT_BOOL or QEMU_OPT_NUMBER. Sadly the use of the configuration is scattered all over the code base.
This file does not need to be present.
This is .config shell script file in the style used for package-configurations/ that allows creation in advance of (disk) drives using a function, test_with_qemu_drive. For example test_with_qemu_drive 0 1G qcow2 lazy_refcounts adds a drive, number 0, with capacity 1G in format qcow2 with an option of lazy_refcounts. This function can be called more than once; it will create drive image files (using qemu-img) if they do not exist in the output/machines/<MACHINE_NAME> folder called drive.<N>.qcow2 where <N> is the drive number, eg 0.
- The value
${SETTINGS_PATH}is replaced by the actual absolute path to the machine's QEMU settings (egmachines/<MACHINE_NAME>/qemu) folder; - The value
${MACHINE_PATH}is replaced by the actual absolute path to the machine's output (egoutput/machines/<MACHINE_NAME>) folder; - The value
${MACHINE_NAME}is replaced by the actual machine name.
This file is source'd, and so can contain general POSIX shell script if desired to create additional files prior to execution of QEMU.
This file does not need to be present.
- Servers
- OpenLDAP
- OpenSMTPD
- DNS (dnsmasq and dnsd)
- MQTT
- Basic HTTP with shell scripting out of the box (note: basic sh, not bash, but not useful for more than basic infrastructure automation although it is also be possible to use Lua via LuaJIT)
- Embedded Devices
- Internet of Things Appliances
That`s it.
- A build of Libertine Linux can use Docker on Mac OS X, Windows and Linux.
- A build of Libertine Linux assumes a minimal Linux-orientated host system, and has only been tested on Alpine Linux 3.6 and 3.8:-
- To build on Alpine Linux, install the essential tools with
sudo apk add alpine-sdk - On a more traditional Linux system, you
ll needbinutils,gcc,g++,libc-dev,coreutils,findutils,sed(POSIX),grep(POSIX) andawk` (POSIX). - In theory, it should be possible to build on Mac OS X but someone needs to fix GNU binutils
ld(BFD variant) to compile on it and adjust the latest version of BusyBox
- To build on Alpine Linux, install the essential tools with
- A build does not need
make,bison,flex,yacc,lex,perl,autoconf,automake,m4orbash; we bootstrap these to known versions - We try to minimise use of the host
s C compiler toolchain, but gccs insane dependencies makes this hard - The build system self-bootstraps most of its dependencies, including GNU make and patch; it is independent of the host system except for a POSIX shell (
sh),/usr/bin/env
To build a replacement native build toolchain needed before running ./libertine the following are necessary
In general, a system C and C++ compiler, binutils and BusyBox are all that are needed to produce a native build toolchain.
- System Compiler and Binutils
ar- BusyBox
aris unlikely to work
- BusyBox
c++cc- Note that
ccandc++also require a linker, system headers and system libraries ccmust also be a preprocessor via the-Eswitch- In practice all modern C compilers (GCC, Clang) support these requirements
- Note that
ldobjdumpranlibreadelf
- Grep-Awk-Sed (all capable of being supplied by BusyBox)
awkgrepsed
- Find Utilities (all capable of being supplied by BusyBox)
findxargs
- POSIX shell (BusyBox ash works)
sh
- Common utilities (all capable of being supplied by BusyBox)
- Very Common
catchmodchowncpcutenvheadidlnlsmkdirmktempmvrmrmdirsleepstattailtr
- Very Common but could be done with shell script
basenamedirnameechotouch(only being used to create empty files)
- Common
base64installodsha256sum
- Comparison Utilities
cmp
- Sort Utilities
sortuniq
- Not Essential but used if present to avoid corner case bugs by
./libertinerealpathorreadlink
- Very Common
- Add support for ext4 encryption using https://github.com/gdelugre/ext4-crypt and
e2fsprogs. - Remove grsecurity support and update the kernel, potentially using the CLIP-OS branch.
- Creae a docker image from scratch for reproducible building eg
tar -C expanded-initramfs -c . | docker import --message "<machine_name>-hash" - <machine_name>ordocker loadordocker create - Add vagrant support
- We use the Busybox
init.- This uses the snippets in
filesystem/etc/inittab.d.
- This uses the snippets in
- Boot up is controlled by the init file
rcSin the packagelibertine_filesystem(seefilesystem/usr/sbin/rcS).- This can be overrideen by replacing the snippet
filesystem/etc/inittab.d/00.libertine_filesystem.inittabwith your own.
- This can be overrideen by replacing the snippet
- Shutdown down is controlled by the init file
rcKin the packagelibertine_filesystem(seefilesystem/usr/sbin/rcK).- This can be overrideen by replacing the snippet
filesystem/etc/inittab.d/00.libertine_filesystem.inittabwith your own.
- This can be overrideen by replacing the snippet
- Non-root-logins on the console can be prevented by creating the file
/etc/nologin; it can be empty. Line feeds in this file are automatically converted to CRLF sequences. This file can be created by a downstream package if desired. - Builds are not yet fully reproducible. Some GNU-inspired builds use tools like
hostname,dnsdomainname,uname,idanddate. The plan is to eventually eliminate these.- So far,
hostname,dnsdomainnameandunamehave been eliminated by using a fake that returns data we control.
- So far,
- We actually go as far as intercepting usages of
#!/bin/shand the like to try to force code to use our own, known-version, toolchain version of busybox sh, perl, etc. Sadly this isn`t perfect. - git is not required to build, but package versioning uses git hashes by interrogating
.gitfolders. If.gitfolders aren`t present, we default to a hash of all the files and folders and their permissions.
- Uses the conventional method from Debian et al, and is very similar to that in Alpine Linux
- Supports bonding
- Uses snippets in /etc/network/interfaces.d
- Traffic control is automatic
- Uses snippets in /etc/network/traffic-control//.d/*
- Snippets are prefixed with a variant and action, eg snippets in
/etc/network/traffic-control/qdisc/add.d, named*.add, will be invoked astc qdisc add <line>, where<line>is a line inside the snippet. A snippet can have one or more lines.
- Static routing
- Can use /etc/network/interfaces.d
- Can also use /etc/network/staticroutes.d
.DS_Store,.gitignore(but containing folders are),._*(a Mac OS X ism from using NFS)- Anything ending
.disabled READMEand anything matchingREADME.*
The following daemons provided in BusyBox are not supported because they are either insecure, obsolete or use inetd:-
tftpdftpdtelnetdfakeidentdinetdechodiscardtimedaytimechargen
The following unsupported daemons may be supported if a reasonable use case is found for them:-
tcpsvdudpsvd
The license for this project is MIT. Individual files and, of course, upstream sources and packages, may be covered by other (open source currently) licenses. Much gratitude is expressed for the authors of all the code contained in Libertine Linux, and particularly for the original work made by the authors of Alpine Linux, without known of whom this would have not been possible.
variantcopy_subsetlibertine_public_libtooldependsbuild_needsbuild_provides- Not checked until after build finished
libertine_compile_<packageName><packageName>must be A-Z a-Z 0-9 and underscore
- Layout, copying of files
miscinput-sysroot,initramfs,initramfs.contents
- Special handling of
build_packages - Function documentation
- How PATHS and ccache work
- Machine hashes
- Machine configuration (.config and .mk (menuconfig))
- Application of patches
- Circular dependencies (and not detected)
- Package conflicts (eg autoconf264 and autoconf)