rename to airgap

Makefile

@@ -1,5 +1,5 @@
-NAME := unilinux
+NAME := airgap
-IMAGE := polychain/$(NAME):latest
+IMAGE := local/$(NAME):latest
 TARGET := qemu
 docker = docker
 executables = $(docker)
@@ -22,7 +22,7 @@ image:
 .PHONY: build
 build:
 	$(contain) build
-	cp -R build/buildroot/output/images/* release/
+	cp -R build/buildroot/output/images/bzImage release/
 
 .PHONY: fetch
 fetch:

README.md

@@ -0,0 +1,49 @@
+# Airgap #
+
+<https://gitlab.com/pchq/airgap>
+
+## About ##
+
+A live buildroot based distribution designed for managing secrets offline.
+
+Built for those of us that want to be -really- sure our most important secrets
+are managed in a clean environment with an "air gap" between us and the
+internet.
+
+## Use Cases ##
+
+- Generate GPG keychain
+- Store/Restore gpg keychain to security token such as a Yubikey or Nitrokey
+- Signing cryptocurrency transactions
+- Generate/backup BIP39 universal cryptocurrency wallet seed
+- Store/Restore BIP39 seed to a hardware wallet such as a Trezor or Ledger
+
+## Requirements ##
+
+### Software ###
+
+* docker 18+
+
+### Hardware ###
+
+* Any x86_64 laptop known to support Linux should work.
+* Ideally use a coreboot compatible machine with Heads for secure boot
+* Ensure any Wifi/Bluetooth/Audio devices are removed
+
+## Build ##
+
+```
+make all
+```
+
+## Install ##
+
+TBD
+
+## Development ##
+
+### Boot image in qemu
+
+```
+make vm
+```

config/buildroot/configs/airgap_qemu_defconfig

@@ -3,7 +3,7 @@
 # Buildroot 2020.05 Configuration
 #
 BR2_HAVE_DOT_CONFIG=y
-BR2_EXTERNAL_Unilinux_PATH="/home/build/config/buildroot"
+BR2_EXTERNAL_airgap_PATH="/home/build/config/buildroot"
 BR2_HOST_GCC_AT_LEAST_4_9=y
 BR2_HOST_GCC_AT_LEAST_5=y
 BR2_HOST_GCC_AT_LEAST_6=y
@@ -116,7 +116,10 @@ BR2_GNU_MIRROR="http://ftpmirror.gnu.org"
 BR2_LUAROCKS_MIRROR="http://rocks.moonscript.org"
 BR2_CPAN_MIRROR="http://cpan.metacpan.org"
 BR2_JLEVEL=0
-# BR2_CCACHE is not set
+BR2_CCACHE=y
+BR2_CCACHE_DIR="$(HOME)/build/buildroot-ccache"
+BR2_CCACHE_INITIAL_SETUP=""
+BR2_CCACHE_USE_BASEDIR=y
 # BR2_ENABLE_DEBUG is not set
 BR2_STRIP_strip=y
 BR2_STRIP_EXCLUDE_FILES=""
@@ -377,8 +380,8 @@ BR2_TOOLCHAIN_HAS_LIBQUADMATH=y
 #
 BR2_ROOTFS_SKELETON_DEFAULT=y
 # BR2_ROOTFS_SKELETON_CUSTOM is not set
-BR2_TARGET_GENERIC_HOSTNAME="buildroot"
+BR2_TARGET_GENERIC_HOSTNAME="airgap"
-BR2_TARGET_GENERIC_ISSUE="Welcome to Buildroot"
+BR2_TARGET_GENERIC_ISSUE="Welcome to Airgap"
 BR2_TARGET_GENERIC_PASSWD_SHA256=y
 # BR2_TARGET_GENERIC_PASSWD_SHA512 is not set
 BR2_TARGET_GENERIC_PASSWD_METHOD="sha-256"
@@ -401,7 +404,7 @@ BR2_ROOTFS_DEVICE_TABLE="system/device_table.txt"
 # BR2_ROOTFS_DEVICE_TABLE_SUPPORTS_EXTENDED_ATTRIBUTES is not set
 # BR2_ROOTFS_MERGED_USR is not set
 BR2_TARGET_ENABLE_ROOT_LOGIN=y
-BR2_TARGET_GENERIC_ROOT_PASSWD=""
+BR2_TARGET_GENERIC_ROOT_PASSWD="build"
 BR2_SYSTEM_BIN_SH_BUSYBOX=y
 
 #
@@ -420,7 +423,7 @@ BR2_TARGET_GENERIC_GETTY_BAUDRATE="0"
 BR2_TARGET_GENERIC_GETTY_TERM="vt100"
 BR2_TARGET_GENERIC_GETTY_OPTIONS=""
 BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW=y
-BR2_SYSTEM_DHCP="eth0"
+BR2_SYSTEM_DHCP=""
 BR2_SYSTEM_DEFAULT_PATH="/bin:/sbin:/usr/bin:/usr/sbin"
 BR2_ENABLE_LOCALE_PURGE=y
 BR2_ENABLE_LOCALE_WHITELIST="C en_US"
@@ -638,7 +641,7 @@ BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC=y
 # Compressors and decompressors
 #
 # BR2_PACKAGE_BROTLI is not set
-# BR2_PACKAGE_BZIP2 is not set
+BR2_PACKAGE_BZIP2=y
 
 #
 # lrzip needs a toolchain w/ wchar, threads, C++
@@ -662,8 +665,8 @@ BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC=y
 #
 # unrar needs a toolchain w/ C++, wchar, threads
 #
-# BR2_PACKAGE_XZ is not set
+BR2_PACKAGE_XZ=y
-# BR2_PACKAGE_ZIP is not set
+BR2_PACKAGE_ZIP=y
 # BR2_PACKAGE_ZSTD is not set
 
 #
@@ -833,7 +836,7 @@ BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny"
 # gperf needs a toolchain w/ C++
 #
 # BR2_PACKAGE_JO is not set
-# BR2_PACKAGE_JQ is not set
+BR2_PACKAGE_JQ=y
 # BR2_PACKAGE_LIBTOOL is not set
 # BR2_PACKAGE_MAKE is not set
 # BR2_PACKAGE_PKGCONF is not set
@@ -1406,7 +1409,7 @@ BR2_PACKAGE_SEDUTIL_ARCH_SUPPORTS=y
 #
 # wf111 needs a glibc toolchain
 #
-# BR2_PACKAGE_WIPE is not set
+BR2_PACKAGE_WIPE=y
 
 #
 # xorriso needs a toolchain w/ wchar, threads
@@ -1601,7 +1604,11 @@ BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING_ARCH_SUPPORTS=y
 #
 # BR2_PACKAGE_SZIP is not set
 BR2_PACKAGE_ZLIB_NG_ARCH_SUPPORTS=y
-# BR2_PACKAGE_ZLIB is not set
+BR2_PACKAGE_ZLIB=y
+BR2_PACKAGE_LIBZLIB=y
+# BR2_PACKAGE_ZLIB_NG is not set
+BR2_PACKAGE_HAS_ZLIB=y
+BR2_PACKAGE_PROVIDES_ZLIB="libzlib"
 BR2_PACKAGE_PROVIDES_HOST_ZLIB="host-libzlib"
 # BR2_PACKAGE_ZZIPLIB is not set
 
@@ -1626,14 +1633,14 @@ BR2_PACKAGE_BOTAN_ARCH_SUPPORTS=y
 # gnutls needs a toolchain w/ wchar, dynamic library
 #
 # BR2_PACKAGE_LIBARGON2 is not set
-# BR2_PACKAGE_LIBASSUAN is not set
+BR2_PACKAGE_LIBASSUAN=y
-# BR2_PACKAGE_LIBGCRYPT is not set
+BR2_PACKAGE_LIBGCRYPT=y
 BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS=y
-# BR2_PACKAGE_LIBGPG_ERROR is not set
+BR2_PACKAGE_LIBGPG_ERROR=y
 BR2_PACKAGE_LIBGPG_ERROR_SYSCFG="i686-pc-linux-gnu"
 # BR2_PACKAGE_LIBGPGME is not set
 # BR2_PACKAGE_LIBKCAPI is not set
-# BR2_PACKAGE_LIBKSBA is not set
+BR2_PACKAGE_LIBKSBA=y
 # BR2_PACKAGE_LIBMCRYPT is not set
 # BR2_PACKAGE_LIBMHASH is not set
 # BR2_PACKAGE_LIBNSS is not set
@@ -2717,7 +2724,7 @@ BR2_PACKAGE_LIBEASTL_ARCH_SUPPORTS=y
 #
 # libloki needs a toolchain w/ C++, threads
 #
-# BR2_PACKAGE_LIBNPTH is not set
+BR2_PACKAGE_LIBNPTH=y
 BR2_PACKAGE_LIBNSPR_ARCH_SUPPORT=y
 # BR2_PACKAGE_LIBNSPR is not set
 # BR2_PACKAGE_LIBPFM4 is not set
@@ -2860,13 +2867,16 @@ BR2_PACKAGE_PROTOBUF_ARCH_SUPPORTS=y
 # BR2_PACKAGE_LIBENCA is not set
 # BR2_PACKAGE_LIBESTR is not set
 # BR2_PACKAGE_LIBFRIBIDI is not set
-# BR2_PACKAGE_LIBICONV is not set
+BR2_PACKAGE_LIBICONV=y
+# BR2_PACKAGE_LIBICONV_EXTRA_ENCODINGS is not set
 
 #
 # libunistring needs a toolchain w/ wchar
 #
 # BR2_PACKAGE_LINENOISE is not set
-# BR2_PACKAGE_NCURSES is not set
+BR2_PACKAGE_NCURSES=y
+# BR2_PACKAGE_NCURSES_TARGET_PROGS is not set
+BR2_PACKAGE_NCURSES_ADDITIONAL_TERMINFO=""
 
 #
 # newt needs a toolchain w/ wchar, dynamic library
@@ -3498,8 +3508,8 @@ BR2_PACKAGE_XENOMAI_COBALT_ARCH_SUPPORTS=y
 # BR2_PACKAGE_DTACH is not set
 # BR2_PACKAGE_EASY_RSA is not set
 # BR2_PACKAGE_FILE is not set
-# BR2_PACKAGE_GNUPG is not set
+BR2_PACKAGE_GNUPG2=y
-# BR2_PACKAGE_GNUPG2 is not set
+BR2_PACKAGE_GNUPG2_GPGV=y
 # BR2_PACKAGE_INOTIFY_TOOLS is not set
 # BR2_PACKAGE_LOCKFILE_PROGS is not set
 
@@ -3508,7 +3518,20 @@ BR2_PACKAGE_XENOMAI_COBALT_ARCH_SUPPORTS=y
 #
 # BR2_PACKAGE_LOGSURFER is not set
 # BR2_PACKAGE_PDMENU is not set
-# BR2_PACKAGE_PINENTRY is not set
+BR2_PACKAGE_PINENTRY=y
+
+#
+# pinentry-fltk needs X and a toolchain w/ C++
+#
+BR2_PACKAGE_PINENTRY_NCURSES=y
+
+#
+# pinentry-gtk2 needs X and a toolchain w/ wchar, threads, C++, gcc >= 4.8
+#
+
+#
+# pinentry-qt5 needs a toolchain w/ wchar, NPTL, gcc >= 5.0, C++, dynamic library
+#
 
 #
 # ranger needs a toolchain w/ wchar, threads, dynamic library
@@ -3615,7 +3638,7 @@ BR2_PACKAGE_INITSCRIPTS=y
 # polkit needs a glibc or musl toolchain with C++, wchar, dynamic library, NPTL, gcc >= 4.9
 #
 # BR2_PACKAGE_PROCRANK_LINUX is not set
-# BR2_PACKAGE_PWGEN is not set
+BR2_PACKAGE_PWGEN=y
 
 #
 # quota needs a toolchain w/ wchar, threads
@@ -3772,7 +3795,7 @@ BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS=y
 # BR2_PACKAGE_HOST_LPC3250LOADER is not set
 # BR2_PACKAGE_HOST_LTTNG_BABELTRACE is not set
 # BR2_PACKAGE_HOST_MENDER_ARTIFACT is not set
-# BR2_PACKAGE_HOST_MKPASSWD is not set
+BR2_PACKAGE_HOST_MKPASSWD=y
 # BR2_PACKAGE_HOST_MTD is not set
 # BR2_PACKAGE_HOST_MTOOLS is not set
 # BR2_PACKAGE_HOST_OPENOCD is not set

config/buildroot/external.desc

@@ -1,2 +1,2 @@
-name: Unilinux
+name: Airgap
-desc: Linux Unikernel configs for high security use cases
+desc: Linux distribution for offline cryptography use cases