Compare commits

..

No commits in common. "485fc58bfb1b4dc75a81138d93948385cc5bf600" and "df223e6deb2833a8160c836f435ee01f7b776e87" have entirely different histories.

57 changed files with 11335 additions and 769 deletions

1
.gitattributes vendored
View File

@ -1,2 +1 @@
dist/*.iso filter=lfs diff=lfs merge=lfs -text dist/*.iso filter=lfs diff=lfs merge=lfs -text
dist/airgap.iso filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored
View File

@ -1,4 +1,3 @@
cache/ cache/
out/ out/
out*/
.* .*

3
.gitmodules vendored
View File

@ -0,0 +1,3 @@
[submodule "src/toolchain"]
path = src/toolchain
url = https://codeberg.org/distrust/toolchain

View File

@ -1,193 +0,0 @@
FROM stagex/busybox:sx2024.08.0@sha256:8cb9360041cd17e8df33c5cbc6c223875045c0c249254367ed7e0eb445720757 AS busybox
FROM stagex/musl:sx2024.08.0@sha256:f888fcf45fabaaae3d0268bcec902ceb94edba7bf8d09ef6966ebb20e00b7127 AS musl
FROM stagex/xorriso:sx2024.08.0@sha256:9ab45852aee077b68ea101173025be6e1cdbde93692efa4ee198e1960f02ab52 AS xorriso
FROM stagex/syslinux:sx2024.08.0@sha256:909dcabcf13bd39b0138309f6efdeb780e01c00bf17cb1e7ee851e8b8be74d2b AS syslinux
FROM stagex/cpio:sx2024.08.0@sha256:25afad810fbb9b1d02762030c3e43e07259a79627dbea9b66ef7f797f8377a2a AS cpio
FROM stagex/linux-airgap:sx2024.08.0@sha256:a4fac3ca7795e171a4d1b3b634fdae1790d4f8d076f3c1ac8a38f3ece72e1ec5 AS linux-airgap
FROM stagex/mtools:sx2024.08.0@sha256:b6202dc29906ea8d7594bce604cb676f5335cc51e75e3f12b5f619e8fc27cc28 AS mtools
FROM stagex/xz:sx2024.08.0@sha256:f6ca72fc9096ef5f694b6b7f9b7ad323a571d9447eb5cc790042f72e69b9aad8 AS xz
FROM stagex/eudev:sx2024.08.0@sha256:66020d28246af1d1e5f8fe3b5bca3da3cbfbd1f89cc1c616b7f8d13f61419026 AS eudev
FROM stagex/ccid:sx2024.08.0@sha256:0f50ff4441d8b20ff73babab652fc0a563bce46385100240de4ae587012c9505 AS ccid
FROM stagex/libusb:sx2024.08.0@sha256:c67807377fb18d2a874d975b43e37056eb4067a5be74ebf8c1f5e5ec65ae5650 AS libusb
FROM stagex/keyfork:sx2024.08.0@sha256:1ace822e40987f94a442c76505fbbe7446da5481e57c7e57d5b51d5b8362d65a AS keyfork
FROM stagex/openpgp-card-tools:sx2024.08.0@sha256:088dbc336e34f16f7a8e323f114918468a7e4b13b190c43593ca7b0dffea54b4 AS openpgp-card-tools
FROM stagex/gpg:sx2024.08.0@sha256:b5b0726171f66da437dbd24d2398cd324b96f00115770767b4f72df2547c5323 AS gpg
FROM stagex/bash:sx2024.08.0@sha256:395e85b2f017c3fd30810d12eea5d59b015f6f5387f79bdec808ca01408cfe86 AS bash
FROM stagex/grub:sx2024.08.0@sha256:5f382615881470e0cf9c670bead785507545a2b829b391247313f516c63355e3 AS grub
FROM stagex/npth:sx2024.08.0@sha256:7899c399f2924c5ba0dfbce9ce6f8391e27ecd0564f0341fb85f83ba293e1ebe AS npth
FROM stagex/libksba:sx2024.08.0@sha256:a5aac434ffd8fca96c435756fac9e300b3d06e04a15c707d09e5e8a16c0bcd89 AS libksba
FROM stagex/libgpg-error:sx2024.08.0@sha256:e7e4797f38ba1a09ba700c91e2a5c99230f04f31e7961101a72d4e95f653f284 AS libgpg-error
FROM stagex/libassuan:sx2024.08.0@sha256:1267bb842bcb6e8bff56e2b72599357605a5e141f76629f7e96187ae85a07197 AS libassuan
FROM stagex/libgcrypt:sx2024.08.0@sha256:ea1906215d18688d96fc5329301af649834fe96c5eadda74c9d485623efb1f90 AS libgcrypt
FROM stagex/jq:sx2024.08.0@sha256:0297a099ae95eed13d48bce2d4d624544857680095b6201e9919e1d5da45a6cd AS jq
FROM stagex/yq:sx2024.08.0@sha256:10e80bd7cec3c6e0a7fd36c65bac13600368bff993ad42b03e3b787d2125e5f0 AS yq
FROM stagex/bc:sx2024.08.0@sha256:1ecf6029ceed91dd62b08c64e49f00518edcf6c10ac4ab2fe7e8f71943607eef AS bc
FROM stagex/zlib:sx2024.08.0@sha256:d0d6eef463a410191e086448c710441109ae72693cb074fe2b795ee033aa6c9d AS zlib
FROM stagex/tpm2-tools:sx2024.08.0@sha256:1693d4ef7e0b7df3e9bd60088588d94b7f5bf755fde0c1be695f3c2f00ec2897 AS tpm2-tools
FROM stagex/tpm2-tss:sx2024.08.0@sha256:5e362f43a5e0c49f774605a0e3e1b7523dc6bc775f537c206a3aaa8b8b733c93 AS tpm2-tss
FROM stagex/openssl:sx2024.08.0@sha256:9bd55ed05263a538e6a23c0262edc356c998a24674f3b8ad008a4b117a4cdf3b AS openssl
FROM stagex/sops:sx2024.08.0@sha256:7d8d51e41c7cab21b8ae75f557961f20405f727a21107d669080e3804d09665c AS sops
FROM stagex/pcsc-lite:sx2024.08.0@sha256:fd9b0600f7f73f87d9d678b8b8a7119e0f9b9314c9959bd0d180c31736cb97d6 AS pcsc-lite
FROM stagex/pcsc-tools:sx2024.08.0@sha256:d83997bda2b9500c8a4567df827a90d65efa842f9a2bb361b6f394589cf167d5 AS pcsc-tools
FROM stagex/flashtools:sx2024.08.0@sha256:e2ac807475e66201ad50eee09bf9625ad0e97dc136818ff11775cb13a54d764b AS flashtools
FROM stagex/libqrencode:sx2024.08.0@sha256:1927d17aaf1ad6a9910380714f0dd12c72c69f9ee1b19668bf4cc5f89cbc2b2d AS libqrencode
FROM stagex/util-linux:sx2024.08.0@sha256:41525597d1f5648dc2318da7779e3c5194b4e6d24cb07f2f616ac539bb094d04 AS util-linux
FROM stagex/opensc:sx2024.08.0@sha256:8da704d0078d445d3af0338764b9f3a87ba4841744c396c8eddef15466366553 AS opensc
FROM scratch AS base
ARG VERSION development
ARG GIT_TIMESTAMP null
ARG GIT_AUTHOR null
ARG GIT_REF null
ARG GIT_PUBKEY null
COPY --from=busybox . /
COPY --from=musl . /
COPY --from=xorriso . /
COPY --from=cpio . /
COPY --from=mtools . /
COPY --from=xz . /
COPY --from=grub . /
FROM base AS build
## Kernel
COPY --from=linux-airgap /bzImage iso/boot/vmlinuz
## Initramfs
COPY --from=busybox . initramfs
COPY --from=eudev . initramfs
COPY --from=musl . initramfs
COPY --from=zlib . initramfs
COPY --from=npth . initramfs
COPY --from=libksba . initramfs
COPY --from=libgpg-error . initramfs
COPY --from=libassuan . initramfs
COPY --from=libgcrypt . initramfs
COPY --from=keyfork . initramfs
COPY --from=bash . initramfs
COPY --from=gpg . initramfs
COPY --from=jq . initramfs
COPY --from=yq . initramfs
COPY --from=bc . initramfs
COPY --from=flashtools . initramfs
COPY --from=tpm2-tools . initramfs
COPY --from=tpm2-tss . initramfs
COPY --from=openssl . initramfs
COPY --from=libusb . initramfs
COPY --from=ccid . initramfs
COPY --from=pcsc-lite . initramfs
COPY --from=pcsc-tools . initramfs
COPY --from=openpgp-card-tools . initramfs
COPY --from=libqrencode . initramfs
COPY --from=opensc . initramfs
COPY --from=util-linux . initramfs
COPY --from=sops . initramfs
COPY rootfs/ initramfs
COPY <<-EOF initramfs/etc/environment
export VERSION="$VERSION"
export GIT_TIMESTAMP="$GIT_TIMESTAMP"
export GIT_AUTHOR="$GIT_AUTHOR"
export GIT_REF="$GIT_REF"
export GIT_PUBKEY="$GIT_PUBKEY"
EOF
RUN <<-EOF
set -eux
cd initramfs
find . -exec touch -hcd "@0" "{}" +
find . -print0 \
| sort -z \
| cpio \
--null \
--create \
--verbose \
--reproducible \
--format=newc \
| gzip --best \
> ../iso/boot/initramfs
EOF
## Grub (EFI Boot)
COPY config/grub.cfg iso/boot/grub/grub.cfg
COPY config/grub_early.cfg grub_early.cfg
RUN <<-EOF
set -eux
mkdir -p efi/boot
grub-mkimage \
--config="grub_early.cfg" \
--prefix="/boot/grub" \
--output="efi/boot/bootx64.efi" \
--format="x86_64-efi" \
--compression="xz" \
all_video \
disk \
part_gpt \
part_msdos \
linux \
normal \
configfile \
search \
search_label \
efi_gop \
fat \
iso9660 \
gzio \
serial \
terminal
find efi -exec touch -hcd "@0" "{}" +
mformat -i iso/boot/grub/efi.img -C -f 1440 -N 0 ::
mcopy -i iso/boot/grub/efi.img -ms efi ::
touch -md "@0" iso/boot/grub/efi.img
EOF
## Syslinux (BIOS Boot)
COPY config/syslinux.cfg iso/boot/syslinux/
COPY --from=syslinux \
/usr/share/syslinux/isohdpfx.bin \
/usr/share/syslinux/isolinux.bin \
/usr/share/syslinux/ldlinux.c32 \
/usr/share/syslinux/libutil.c32 \
/usr/share/syslinux/libcom32.c32 \
/usr/share/syslinux/mboot.c32 \
iso/boot/syslinux/
## Build Hybrid EFI/BIOS ISO
FROM build AS install
ENV SOURCE_DATE_EPOCH=1
# --set_all_file_dates='1'
# --modification-date='1970010100000000' \
RUN <<-EOF
set -eux
find iso -exec touch -hcd "@0" "{}" +
xorrisofs \
-output airgap.iso \
-full-iso9660-filenames \
-joliet \
-rational-rock \
-sysid LINUX \
-volid "airgap" \
-isohybrid-mbr iso/boot/syslinux/isohdpfx.bin \
-eltorito-boot boot/syslinux/isolinux.bin \
-eltorito-catalog boot/syslinux/boot.cat \
-no-emul-boot \
-boot-load-size 4 \
-boot-info-table \
-eltorito-alt-boot \
-e boot/grub/efi.img \
-no-emul-boot \
-isohybrid-gpt-basdat \
-follow-links \
iso/
EOF
## Minimal Autorun SD card image
COPY sdcard sdcard
RUN <<-EOF
set -eux
dd if=/dev/zero of=sdcard.img bs=1M count=32
mformat -v external -i sdcard.img ::
mcopy -i sdcard.img -s sdcard/* ::
EOF
FROM scratch AS package
COPY --from=install /sdcard.img /
COPY --from=install /airgap.iso /

169
Makefile
View File

@ -1,88 +1,21 @@
VERSION := development include $(PWD)/src/toolchain/Makefile
GIT_REF := $(shell git log -1 --format=%H)
GIT_AUTHOR := $(shell git log -1 --format=%an)
GIT_PUBKEY := $(shell git log -1 --format=%GP)
GIT_TIMESTAMP := $(shell git log -1 --format=%cd --date=iso)
export
## Use env vars from latest release when reproducing
ifdef REPRODUCE
include dist/release.env
export
endif
ifdef NOCACHE
NO_CACHE := --no-cache
endif
.DEFAULT_GOAL := .DEFAULT_GOAL :=
.PHONY: default .PHONY: default
default: \ default: \
out/release.env \ toolchain \
out/manifest.txt \ $(OUT_DIR)/airgap.iso \
out/airgap.iso $(OUT_DIR)/release.env \
$(OUT_DIR)/manifest.txt
## Primary targets
out/airgap.iso: Containerfile $(shell git ls-files rootfs)
SOURCE_DATE_EPOCH=1 \
docker build \
--progress=plain \
--output type=local,rewrite-timestamp=true,dest=out \
--build-arg SOURCE_DATE_EPOCH=1 \
--build-arg VERSION="$(VERSION)" \
--build-arg GIT_REF="$(GIT_REF)" \
--build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \
--build-arg GIT_PUBKEY="$(GIT_PUBKEY)" \
--build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \
$(NO_CACHE) \
-f Containerfile \
.
## Development Targets
.PHONY: vm
vm: vm-bios
.PHONY: vm-bios
vm-bios: out/airgap.iso
qemu-system-x86_64 \
-m 4G \
-machine pc \
-serial stdio \
-usb \
-device sdhci-pci \
-device sd-card,drive=external \
-usbdevice tablet \
-drive id=external,if=none,format=raw,file=out/sdcard.img \
-display gtk,show-menubar=off,zoom-to-fit=on \
-cdrom "out/airgap.iso"
.PHONY: vm-efi
vm-efi: out/airgap.iso
qemu-system-x86_64 \
-m 4G \
-machine pc \
-serial stdio \
-bios /usr/share/ovmf/OVMF.fd \
-usb \
-device sdhci-pci \
-device sd-card,drive=external \
-usbdevice tablet \
-drive id=external,if=none,format=raw,file=out/sdcard.img \
-display gtk,show-menubar=off,zoom-to-fit=on \
-cdrom "out/airgap.iso"
## Signing, Verification, and Release Targets
.PHONY: clean .PHONY: clean
clean: clean: toolchain
rm -rf out rm -rf $(CACHE_DIR)/buildroot-ccache
$(call toolchain,$(USER)," \
.PHONY: release cd $(FETCH_DIR)/buildroot; \
release: clean make clean; \
rm -rf dist/* ")
$(MAKE) NOCACHE=1 VERSION=$(VERSION) $(MAKE) toolchain-clean
cp -R out/release.env out/airgap.iso out/manifest.txt dist/
.PHONY: sign .PHONY: sign
sign: sign:
@ -97,35 +30,67 @@ sign:
); \ ); \
gpg --armor \ gpg --armor \
--detach-sig \ --detach-sig \
--output dist/manifest.$${fingerprint}.asc \ --output $(DIST_DIR)/manifest.$${fingerprint}.asc \
dist/manifest.txt $(DIST_DIR)/manifest.txt
.PHONY: verify .PHONY: verify
verify: | dist/manifest.txt verify: | $(DIST_DIR)/manifest.txt
set -e; \ set -e; \
for file in dist/manifest.*.asc; do \ for file in $(DIST_DIR)/manifest.*.asc; do \
echo "\nVerifying: $${file}\n"; \ echo "\nVerifying: $${file}\n"; \
gpg --verify $${file} dist/manifest.txt; \ gpg --verify $${file} $(DIST_DIR)/manifest.txt; \
done; done;
.PHONY: reproduce .PHONY: mrproper
reproduce: clean | out mrproper:
$(MAKE) REPRODUCE=true NOCACHE=1 docker image rm -f $(IMAGE)
diff -q out/manifest.txt dist/manifest.txt; rm -rf $(CACHE_DIR) $(OUT_DIR)
out: .PHONY: menuconfig
mkdir -p $@ menuconfig: toolchain
$(call toolchain,$(USER)," \
cd $(FETCH_DIR)/buildroot; \
make "airgap_$(TARGET)_defconfig"; \
make menuconfig; \
")
cp $(FETCH_DIR)/buildroot/.config \
"config/buildroot/configs/airgap_$(TARGET)_defconfig"
out/release.env: $(shell git ls-files) | out .PHONY: linux-menuconfig
echo 'VERSION=$(VERSION)' > out/release.env linux-menuconfig: toolchain
echo 'GIT_REF=$(GIT_REF)' >> out/release.env $(call toolchain,$(USER),"\
echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> out/release.env cd $(FETCH_DIR)/buildroot; \
echo 'GIT_PUBKEY=$(GIT_PUBKEY)' >> out/release.env make linux-menuconfig; \
echo 'GIT_TIMESTAMP=$(GIT_TIMESTAMP)' >> out/release.env make linux-update-defconfig; \
")
out/manifest.txt: out/airgap.iso out/release.env | out .PHONY: vm
openssl sha256 -r \ vm: toolchain
out/airgap.iso \ $(call toolchain,$(USER)," \
out/release.env \ qemu-system-i386 \
| sed -e 's/ \*out\// /g' -e 's/ \.\// /g' \ -M pc \
> $@ -nographic \
-cdrom "$(OUT_DIR)/airgap.iso"; \
")
.PHONY: release
release: default
rm -rf $(DIST_DIR)/*
cp -R $(OUT_DIR)/* $(DIST_DIR)/
$(FETCH_DIR)/buildroot: toolchain
$(call git_clone,$(FETCH_DIR)/buildroot,$(BUILDROOT_REPO),$(BUILDROOT_REF))
$(OUT_DIR)/airgap.iso: \
$(FETCH_DIR)/buildroot \
$(OUT_DIR)/release.env
$(call apply_patches,$(FETCH_DIR)/buildroot,$(CONFIG_DIR)/buildroot/patches)
$(call toolchain,$(USER)," \
cd $(FETCH_DIR)/buildroot; \
make "airgap_$(TARGET)_defconfig"; \
unset FAKETIME; \
make source; \
make; \
")
cp $(FETCH_DIR)/buildroot/output/images/rootfs.iso9660 \
$(OUT_DIR)/airgap.iso

View File

@ -1,19 +1,17 @@
# AirgapOS # # AirgapOS #
<https://git.distrust.co/public/airgap> <https://github.com/distrust-foundation/airgap>
## About ## ## About ##
A full-source-bootstrapped, deterministic, minimal, immutable, and offline, A live buildroot based Linux distribution designed for managing secrets offline.
workstation linux distribution designed for creating and managing secrets
offline.
Built for those of us that want to be -really- sure our most important secrets Built for those of us that want to be -really- sure our most important secrets
are managed in a clean environment with an "air gap" between us and the are managed in a clean environment with an "air gap" between us and the
internet with high integrity on the supply chain of the firmware and OS used. internet with high integrity on the supply chain of the firmware and OS used.
## Uses ## ## Uses ##
* Generate PGP keychain * Generate GPG keychain
* Store/Restore gpg keychain to security token such as a Yubikey or Nitrokey * Store/Restore gpg keychain to security token such as a Yubikey or Nitrokey
* Signing cryptocurrency transactions * Signing cryptocurrency transactions
* Generate/backup BIP39 universal cryptocurrency wallet seed * Generate/backup BIP39 universal cryptocurrency wallet seed
@ -29,14 +27,15 @@ internet with high integrity on the supply chain of the firmware and OS used.
### Software ### ### Software ###
* docker 26+ * docker 18+
### Hardware ### ### Hardware ###
* x86_64 PC or laptop * Recommended: PC running coreboot-heads
* linuxboot/heads firmware supported and recommended for multi-use machine
* Allows for signed builds, and verification of signed sd card payloads * Allows for signed builds, and verification of signed sd card payloads
* Ensure any Wifi/Disk/Bluetooth/Audio devices are disabled/removed * Ensure any Wifi/Disk/Bluetooth/Audio devices are disabled/removed
* Supported remote attestation key (Librem Key, Nitrokey, etc)
* Supported GPG smartcard device (Yubikey, Ledger, Trezor, Librem Key, etc)
* Blank flash drive * Blank flash drive
* Blank SD card * Blank SD card
@ -66,18 +65,6 @@ make attest
make sign make sign
``` ```
## Provisioning ##
1. Write airgap.iso to CD-ROM or SD Card
a. `dd if=out/airgap.iso of=/dev/sda bs=1M conv=sync status=progress`
b. `cdrecord out/airgap.iso`
2. Verify media still produces expected hash
```
sha256sum out/airgap.iso
head -c $(stat -c '%s' airgap.iso) /dev/sda | sha256sum
```
## Setup ## ## Setup ##
Assumes target is running Pureboot or Coreboot/heads Assumes target is running Pureboot or Coreboot/heads

View File

@ -0,0 +1 @@
source "$BR2_EXTERNAL_Airgap_PATH/package/flashtools/Config.in"

View File

@ -0,0 +1,27 @@
set default="0"
set timeout="10"
menuentry "AirgapOS (qwerty)" {
linux /boot/bzImage root=/dev/sr0 keymap=qwerty/us
initrd /boot/initrd
}
menuentry "AirgapOS (dvorak)" {
linux /boot/bzImage root=/dev/sr0 keymap=dvorak
initrd /boot/initrd
}
menuentry "AirgapOS (colemak)" {
linux /boot/bzImage root=/dev/sr0 keymap=colemak/en-latin9
initrd /boot/initrd
}
menuentry "AirgapOS (qwertz)" {
linux /boot/bzImage root=/dev/sr0 keymap=qwertz/de
initrd /boot/initrd
}
menuentry "AirgapOS (azerty)" {
linux /boot/bzImage root=/dev/sr0 keymap=azerty/fr
initrd /boot/initrd
}

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,17 @@
#!/bin/sh
set -u
set -e
set -x
BOARD_DIR="$(dirname $0)"
cp -f ${BOARD_DIR}/grub.cfg ${TARGET_DIR}/boot/grub/grub.cfg
echo "export VERSION=\"${VERSION}\"" > ${TARGET_DIR}/etc/environment
echo "export GIT_REF=\"${GIT_REF}\"" >> ${TARGET_DIR}/etc/environment
echo "export GIT_AUTHOR=\"${GIT_AUTHOR}\"" >> ${TARGET_DIR}/etc/environment
echo "export GIT_KEY=\"${GIT_KEY}\"" >> ${TARGET_DIR}/etc/environment
echo "export GIT_TIMESTAMP=\"${GIT_TIMESTAMP}\"" >> ${TARGET_DIR}/etc/environment
exit $?

View File

@ -0,0 +1,6 @@
#!/bin/sh
set -u
set -e
echo "post-image.sh was run"

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,2 @@
name: Airgap
desc: Linux distribution for offline cryptography use cases

View File

@ -0,0 +1 @@
include $(sort $(wildcard $(BR2_EXTERNAL_Airgap_PATH)/package/*/*.mk))

View File

@ -0,0 +1,36 @@
menu "Flashtools"
config BR2_PACKAGE_FLASHTOOLS
bool "flashtools"
config BR2_PACKAGE_FLASHTOOLS_FLASHTOOL
bool "flashtool"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_PEEK
bool "peek"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_POKE
bool "poke"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_CBFS
bool "cbfs"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_UEFI
bool "uefi"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
endmenu

View File

@ -0,0 +1,47 @@
################################################################################
#
# flashtools
#
################################################################################
FLASHTOOLS_VERSION = 9acce09aeb635c5bef01843e495b95e75e8da135
FLASHTOOLS_SITE = https://github.com/osresearch/flashtools.git
FLASHTOOLS_SITE_METHOD = git
FLASHTOOLS_LICENSE = GPL-2.0
FLASHTOOLS_LICENSE_FILES = LICENSE
ifeq ($(BR2_PACKAGE_FLASHTOOLS_FLASHTOOL),y)
FLASHTOOLS_TARGETS += flashtool
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_PEEK),y)
FLASHTOOLS_TARGETS += peek
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_POKE),y)
FLASHTOOLS_TARGETS += poke
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_CBFS),y)
FLASHTOOLS_TARGETS += cbfs
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_UEFI),y)
FLASHTOOLS_TARGETS += uefi
endif
define FLASHTOOLS_BUILD_CMDS
$(foreach t,$(FLASHTOOLS_TARGETS),\
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \
CFLAGS="$(TARGET_CFLAGS)" -C $(@D) $(t) \
)
endef
define FLASHTOOLS_INSTALL_TARGET_CMDS
$(foreach t,$(FLASHTOOLS_TARGETS),\
$(INSTALL) -D -m 0755 $(@D)/$(t) $(TARGET_DIR)/usr/bin/$(t)$(sep) \
)
endef
$(eval $(generic-package))

View File

@ -0,0 +1,39 @@
diff --git a/fs/cpio/cpio.mk b/fs/cpio/cpio.mk
index 81f8c393d1..72923ded47 100644
--- a/fs/cpio/cpio.mk
+++ b/fs/cpio/cpio.mk
@@ -32,15 +32,16 @@ ROOTFS_CPIO_PRE_GEN_HOOKS += ROOTFS_CPIO_ADD_INIT
# --reproducible option was introduced in cpio v2.12, which may not be
# available in some old distributions, so we build host-cpio
ifeq ($(BR2_REPRODUCIBLE),y)
-ROOTFS_CPIO_DEPENDENCIES += host-cpio
-ROOTFS_CPIO_OPTS += --reproducible
+ROOTFS_CPIO_DEPENDENCIES += host-cpio host-libarchive
endif
define ROOTFS_CPIO_CMD
- cd $(TARGET_DIR) && \
- find . \
- | LC_ALL=C sort \
- | cpio $(ROOTFS_CPIO_OPTS) --quiet -o -H newc \
+ cd $(TARGET_DIR) \
+ && find . -mindepth 1 -execdir touch -hcd "@0" "{}" + \
+ && find . -mindepth 1 -printf '%P\0' \
+ | sort -z \
+ | LANG=C bsdtar --null -cnf - -T - \
+ | LANG=C bsdtar --uid 0 --gid 0 --null -cf - --format=newc @- \
> $@
endef
diff --git a/package/libarchive/libarchive.mk b/package/libarchive/libarchive.mk
index 708ce637c2..2ba8dcab2a 100644
--- a/package/libarchive/libarchive.mk
+++ b/package/libarchive/libarchive.mk
@@ -135,7 +135,6 @@ endif
# The only user of host-libarchive needs zlib support
HOST_LIBARCHIVE_DEPENDENCIES = host-zlib
HOST_LIBARCHIVE_CONF_OPTS = \
- --disable-bsdtar \
--disable-bsdcpio \
--disable-bsdcat \
--disable-acl \

View File

@ -0,0 +1,28 @@
diff --git a/fs/iso9660/iso9660.mk b/fs/iso9660/iso9660.mk
index 0524f94c35..284c21f566 100644
--- a/fs/iso9660/iso9660.mk
+++ b/fs/iso9660/iso9660.mk
@@ -157,7 +157,13 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD
endif # ROOTFS_ISO9660_USE_INITRD
-ROOTFS_ISO9660_OPTS += -J -R
+ROOTFS_ISO9660_OPTS += \
+ -volume_date all_file_dates "=$(SOURCE_DATE_EPOCH)" \
+ -as mkisofs \
+ -J \
+ -R \
+ -gid 0 \
+ -uid 0
ROOTFS_ISO9660_OPTS_BIOS = \
-b $(ROOTFS_ISO9660_BOOT_IMAGE) \
@@ -181,7 +187,7 @@ ROOTFS_ISO9660_OPTS += $(ROOTFS_ISO9660_OPTS_EFI)
endif
define ROOTFS_ISO9660_CMD
- $(HOST_DIR)/bin/xorriso -as mkisofs \
+ $(HOST_DIR)/bin/xorriso \
$(ROOTFS_ISO9660_OPTS) \
-o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR)
endef

View File

@ -1,5 +1,11 @@
# /etc/inittab # /etc/inittab
#
# Copyright (C) 2001 Erik Andersen <andersen@codepoet.org>
#
# Note: BusyBox init doesn't support runlevels. The runlevels field is
# completely ignored by BusyBox init. If you want runlevels, use
# sysvinit.
#
# Format for each entry: <id>:<runlevels>:<action>:<process> # Format for each entry: <id>:<runlevels>:<action>:<process>
# #
# id == tty to run on, or empty for /dev/console # id == tty to run on, or empty for /dev/console
@ -8,15 +14,16 @@
# process == program to run # process == program to run
# Startup the system # Startup the system
::sysinit:/bin/mount -t devtmpfs devtmpfs /dev
::sysinit:/bin/mkdir -p /proc /run /dev/pts /dev/shm /sys
::sysinit:/bin/mount -t sysfs sysfs /sys
::sysinit:/bin/mount -t proc proc /proc ::sysinit:/bin/mount -t proc proc /proc
::sysinit:/bin/mount -o remount,rw / ::sysinit:/bin/mount -o remount,rw /
::sysinit:/bin/mkdir -p /dev/pts /dev/shm
::sysinit:/bin/mount -a
::sysinit:/sbin/swapon -a
null::sysinit:/bin/ln -sf /proc/self/fd /dev/fd null::sysinit:/bin/ln -sf /proc/self/fd /dev/fd
null::sysinit:/bin/ln -sf /proc/self/fd/0 /dev/stdin null::sysinit:/bin/ln -sf /proc/self/fd/0 /dev/stdin
null::sysinit:/bin/ln -sf /proc/self/fd/1 /dev/stdout null::sysinit:/bin/ln -sf /proc/self/fd/1 /dev/stdout
null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr
::sysinit:/bin/hostname -F /etc/hostname
# now run any rc scripts # now run any rc scripts
::sysinit:/etc/init.d/rcS ::sysinit:/etc/init.d/rcS
@ -29,4 +36,5 @@ null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr
# Stuff to do before rebooting # Stuff to do before rebooting
::shutdown:/etc/init.d/rcK ::shutdown:/etc/init.d/rcK
::shutdown:/sbin/swapoff -a
::shutdown:/bin/umount -a -r ::shutdown:/bin/umount -a -r

View File

@ -3,7 +3,8 @@ export PATH="/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin"
export PS1="[\h \t] \\$ " export PS1="[\h \t] \\$ "
export GNUPGHOME=/.gnupg export GNUPGHOME=/.gnupg
source /etc/environment source /etc/environment
cd /root
dmesg -n1
clear clear
cat << "EOF" cat << "EOF"
_ _ ___ ____ _ _ ___ ____
@ -18,5 +19,5 @@ echo " - Version: $VERSION"
echo " - Date: $GIT_TIMESTAMP" echo " - Date: $GIT_TIMESTAMP"
echo " - Committer: $GIT_AUTHOR" echo " - Committer: $GIT_AUTHOR"
echo " - Commit: $GIT_REF" echo " - Commit: $GIT_REF"
echo " - Key: $GIT_PUBKEY" echo " - Key: $GIT_KEY"
echo "" echo ""

View File

@ -0,0 +1,12 @@
KERNEL!="sd[a-z][0-9]", GOTO="sd_cards_auto_mount_end"
# Global mount options
ACTION=="add", ENV{mount_options}="relatime"
# Filesystem specific options
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,flush,user,umask=0000"
ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k"
ACTION=="add", RUN+="/usr/local/bin/autorun /media/sd-%k"
ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k"
LABEL="sd_cards_auto_mount_end"

7
config/global.env Normal file
View File

@ -0,0 +1,7 @@
DEBIAN_HASH=48b28b354484a7f0e683e340fa0e6e4c4bce3dc3aa0146fc2f78f443fde2c55d
BUILDROOT_REF=ea51485ee9ab44f72f8b1cc019dcb17f276d1def
HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f
BUILDROOT_REPO=git://git.busybox.net/buildroot
HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git
BR2_EXTERNAL=/home/build/config/buildroot
HEADS_EXTERNAL=/home/build/config/heads

View File

@ -1,5 +0,0 @@
set timeout=1
menuentry "Linux Airgap" {
linux /boot/vmlinuz init=/init console=ttyS0 console=tty0 ro
initrd /boot/initramfs
}

View File

@ -1,2 +0,0 @@
search --no-floppy --set=root --label "airgap"
set prefix=($root)/boot/grub

View File

@ -0,0 +1,160 @@
diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
index 1369ed1..f576a8e 100755
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@@ -13,21 +13,26 @@ first_pass=true
mount_boot()
{
-
+
# Mount local disk if it is not already mounted
while ! grep -q /boot /proc/mounts ; do
+
# try to mount if CONFIG_BOOT_DEV exists
if [ -e "$CONFIG_BOOT_DEV" ]; then
- mount -o ro $CONFIG_BOOT_DEV /boot
+ mount -o ro $CONFIG_BOOT_DEV /boot
[[ $? -eq 0 ]] && continue
fi
- # CONFIG_BOOT_DEV doesn't exist or couldn't be mounted, so give user options
+ # try to mount usb to /media and /boot if it exists
+ mount-usb \
+ && mount -o bind,ro /media /boot \
+ && continue
+
+ # no boot device available, so give user options
whiptail $BG_COLOR_ERROR --clear --title "ERROR: No Bootable OS Found!" \
- --menu " No bootable OS was found on the default boot device $CONFIG_BOOT_DEV.
+ --menu " No bootable OS was found at $CONFIG_BOOT_DEV or on USB.
How would you like to proceed?" 30 90 4 \
'b' ' Select a new boot device' \
- 'u' ' Boot from USB' \
'm' ' Continue to the main menu' \
'x' ' Exit to recovery shell' \
2>/tmp/whiptail || recovery "GUI menu failed"
@@ -41,9 +46,6 @@ mount_boot()
. /tmp/config
fi
;;
- u )
- exec /bin/usb-init
- ;;
m )
break
;;
@@ -55,6 +57,11 @@ mount_boot()
}
verify_global_hashes()
{
+
+ # If default boot device is not mounted, then there are no hashes to verify
+ # User is likely usb booting.
+ df $CONFIG_BOOT_DEV >/dev/null 2>&1 || return 0
+
# Check the hashes of all the files, ignoring signatures for now
check_config /boot force
TMP_HASH_FILE="/tmp/kexec/kexec_hashes.txt"
@@ -458,6 +465,7 @@ while true; do
if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
# Try to boot the default
mount_boot
+
verify_global_hashes
if [ $? -ne 0 ]; then
continue
@@ -467,6 +475,7 @@ while true; do
kexec-select-boot -b /boot -c "grub.cfg" -g \
|| recovery "Failed default boot"
else
+ usb-init
if (whiptail --title 'No Default Boot Option Configured' \
--yesno "There is no default boot option configured yet.\nWould you like to load a menu of boot options?\nOtherwise you will return to the main menu." 16 90) then
kexec-select-boot -m -b /boot -c "grub.cfg" -g
diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb
index a79dd66..8a8734c 100755
--- a/initrd/bin/mount-usb
+++ b/initrd/bin/mount-usb
@@ -4,19 +4,6 @@
enable_usb
-if ! lsmod | grep -q usb_storage; then
- count=$(ls /dev/sd* 2>/dev/null | wc -l)
- timeout=0
- echo "Scanning for USB storage devices..."
- insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \
- || die "usb_storage: module load failed"
- while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do
- [[ $timeout -ge 4 ]] && break
- sleep 1
- timeout=$(($timeout+1))
- done
-fi
-
if [ ! -d /media ]; then
mkdir /media
fi
diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan
index d9f26b0..b64f150 100755
--- a/initrd/bin/usb-scan
+++ b/initrd/bin/usb-scan
@@ -5,12 +5,6 @@ set -e -o pipefail
. /etc/gui_functions
. /tmp/config
-# Unmount any previous boot device
-if grep -q /boot /proc/mounts ; then
- umount /boot \
- || die "Unable to unmount /boot"
-fi
-
# Mount the USB boot device
mount_usb || die "Unable to mount /media"
@@ -29,12 +23,16 @@ get_menu_option() {
MENU_OPTIONS="$MENU_OPTIONS $n ${option}"
done < /tmp/iso_menu.txt
- whiptail --clear --title "Select your ISO boot option" \
- --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
- -- $MENU_OPTIONS \
- 2>/tmp/whiptail || die "Aborting boot attempt"
+ if [ "$n" -eq "1" ]; then
+ option_index=1
+ else
+ whiptail --clear --title "Select your ISO boot option" \
+ --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
+ -- $MENU_OPTIONS \
+ 2>/tmp/whiptail || die "Aborting boot attempt"
- option_index=$(cat /tmp/whiptail)
+ option_index=$(cat /tmp/whiptail)
+ fi
else
echo "+++ Select your ISO boot option:"
n=0
diff --git a/initrd/etc/functions b/initrd/etc/functions
index dc0fbed..a083e17 100755
--- a/initrd/etc/functions
+++ b/initrd/etc/functions
@@ -122,6 +122,18 @@ enable_usb()
|| die "xhci_pci: module load failed"
sleep 2
fi
+ if ! lsmod | grep -q usb_storage; then
+ count=$(ls /dev/sd* 2>/dev/null | wc -l)
+ timeout=0
+ echo "Scanning for USB storage devices..."
+ insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \
+ || die "usb_storage: module load failed"
+ while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do
+ [[ $timeout -ge 4 ]] && break
+ sleep 1
+ timeout=$(($timeout+1))
+ done
+ fi
}
confirm_gpg_card()

View File

@ -1,8 +0,0 @@
TIMEOUT 2
PROMPT -1
DEFAULT Airgap
LABEL Airgap
MENU LABEL Linux Airgap
KERNEL /boot/vmlinuz
INITRD /boot/initramfs
APPEND init=/init console=ttyS0 console=tty0 ro

View File

@ -0,0 +1,259 @@
020fde90e2dfa260fdf2b47817d8b8fe0a60325d8bdb532aaaf625fa5bfd68be libdpkg-perl_1.21.12_all.deb
03326473eed54ffa27efae19aa5d6aeb402930968f869f318445513093691d55 libtirpc-dev_1.3.3+ds-1_amd64.deb
03539fd30c509e27101d13a56e52eda9062bdf1aefe337c07ab56def25a13eab libmd0_1.0.4-2_amd64.deb
097ce9220edee0de67c2d3304d075f2bf9e864e86801165b0e9d2d46991ee1ad libbrotli1_1.0.9-2+b5_amd64.deb
099a374ff3c84eaef4e75ff168d49155d83d22551b289ce1352c275fc5da78aa openssh-client_1%3a9.1p1-1_amd64.deb
0ba635faea2a9ce3947d3c7cdaef9f2c1691d4e4a18cf594f2d3d3cf5a100a27 python3.10_3.10.9-1_amd64.deb
0c827432e42c0601d8c109bc1b8799f82995e57bb15bed706e06862c25490885 gnupg-utils_2.2.40-1_amd64.deb
0c9bfb0b18ca015c81e7194f42c66b72ff099bbd55b9bbafe7cc924a0bd42379 gcc-12-base_12.2.0-10_amd64.deb
0ca5213c1ab67278cbfcec4cafccdb538c2e089718f4bddabe5a00145e5a21fb libdav1d6_1.0.0-2_amd64.deb
0e70491e7854c84a7450f7a536a00b336aa9d91380014861836346e31e7b9b20 libelf-dev_0.188-1_amd64.deb
0f95bc7c54810f358097f88a1e5d7d5718d72f3656c25489b8b6b281d9980b4c apt_2.5.4_amd64.deb
0fd9d625bff6044e2a8b96c18f1dc4b30a4fd54e2d543aa60e634e8d7df81739 findutils_4.9.0-3_amd64.deb
10fc29d791ec67a5ab46bccf648866d25ef5ca78c66adb85325e474c99772491 libaudit1_1%3a3.0.7-1.1+b2_amd64.deb
11ee190ad39f8d7af441d2c8347388b9449434c73acc67b4b372445ac4152efa libsasl2-2_2.1.28+dfsg-10_amd64.deb
129f34ac136fcf3ca7483398a54e3286bb9e195b82795d34e0f95f8788bd2976 libwebp7_1.2.2-2+b2_amd64.deb
158a0ccabb4706afe064af0ed627396267da8cdbdfe5808b6b892492051f458a libquadmath0_12.2.0-10_amd64.deb
16081fc71a3507102ad2f04535fb64883cb3519bf6e24e5e6a6ab2f98ac43044 git-man_1%3a2.35.1-1_all.deb
167ce30a04fdb6d87f1ac604644291b47b133e89df35374dd66d11731d6fc150 binutils-common_2.39.50.20221208-5_amd64.deb
187aedef2ed763f425c1e523753b9719677633c7eede660401739e9c893482bd libgmp10_2%3a6.2.1+dfsg1-1.1_amd64.deb
1bffdc3215c75477f09039e5063cd9f1be15ee917435a45b80aa0e8214b21f96 liblsan0_12.2.0-10_amd64.deb
1cf14abf2716d3279db12d0657a5737cf70074a1e71d3bdf73206625e3c89ce6 libedit2_3.1-20221030-2_amd64.deb
1d9ff5e334cde8639f3a3ea87c89829d20cc52750aa851d66511d90fc3fbfac2 libattr1_1%3a2.5.1-3_amd64.deb
1deb1d27bb088d68878e171585d62c96ad6b405b282271c4b82e04a2e2593318 libde265-0_1.0.9-1_amd64.deb
1e298c50f171e50a2dad95c61b044b271a16b6de591a0f9d03b4e67b4fe0874a libtsan2_12.2.0-10_amd64.deb
1f67421437b6eb18669d2868e3e02cb88668683d635198142f48aacc5b397118 fonts-dejavu-core_2.37-2_all.deb
20d20e2c3a428162aab61898b32af9db9e9bc24f127c724c9d9be18287f4a92c libgd3_2.3.3-7_amd64.deb
21078702ba6b34c092f93deff2e2777d22b107de9b2c69542bf5f5d82ab8e6ac libnuma1_2.0.15-1_amd64.deb
21eb8b3654dbc251c3f0cc4bd01cae67633443ea5094003379d23f7323eb1ef4 libp11-kit0_0.24.1-1_amd64.deb
26350da95f6bd2252c63758d854c90d6f9f241f2e323e8f50a143e9e705fbf4e fakeroot_1.29-1_amd64.deb
2697643f58af19d69efd824ec67d8ec78879c5822a5a8ac83dfe4a85a0c69158 libctf-nobfd0_2.39.50.20221208-5_amd64.deb
27b3d102545f597df9e6dc5c7f6590a648de09b57debd6b05ad3d1189de428d5 pinentry-curses_1.2.1-1_amd64.deb
29b23c48c0fe6f878e56c5ddc9f65d1c05d729360f3690a593a8c795031cd867 netbase_6.4_all.deb
2a46d5a5e9486da11ffeff5740931740d6deae4f92cd6098df060dc5dff1e1c7 libtirpc3_1.3.3+ds-1_amd64.deb
2ac1236547360284e9e154ad11a14564db65175bd4da393ec652ac1b2dc43571 libgpm2_1.20.7-10+b1_amd64.deb
2c17eaa4dfdd0ca5cc05b9ef56f7a3fc30e6af6040a66cefe4bacab275e88c83 libkrb5support0_1.20.1-1_amd64.deb
2ebb09e824b6eeb7e3d41cece8b090614d8b35df9296fb638b6ec65e63dddc3e g++-12_12.2.0-10_amd64.deb
2f736423dbe557a03e17cf1b122e90a1db4569407085fe215747b002bc36094e file_1%3a5.41-4_amd64.deb
30687cd51c3dbd02d51f58807a9b293035ef3e7776178acccda17ed37b510b5c libjpeg62-turbo_1%3a2.1.2-1+b1_amd64.deb
3079d34be974c3727757fd3c46ada03428a772c1af1f0f9fd3b2142da245b75f sysvinit-utils_3.05-7_amd64.deb
310f213b0e07c582a9e8d14f67856802da196b747cb0ee3ed8f07eb93063e0ee perl-modules-5.36_5.36.0-6_all.deb
3288cd76324fee7b1a34b97f6e6bcfc32a889f4f22002d0bd3788d8988eca791 hostname_3.23_amd64.deb
32ac0692694f8a34cc90c895f4fc739680fb2ef0e2d4870a68833682bf1c81a3 rpcsvc-proto_1.4.3-1_amd64.deb
32cb399d47b2dfcbd14216f1292dc32e00c025258e3512ed9f37b88cb07014c6 libcc1-0_12.2.0-10_amd64.deb
33d88e49bf052ed8f0679bdfa386ddf4cca0a58865db113658dc039a46a64353 bsdutils_1%3a2.38.1-4_amd64.deb
3530e0ddf6edc444b8d03b5566630d3c46c737f447e17e1cad48860cb160d307 libfido2-1_1.12.0-2_amd64.deb
359ed4b1413db4f19899d4e0ee519027fed6b9424b9101a8ab47b615db4aadc6 libubsan1_12.2.0-10_amd64.deb
362069a5f90fb6ca62b8d2ed2895bb6cd243c8ab1e1df8c3079b51ed91dd2836 dpkg_1.21.12_amd64.deb
362f0ac7d15015b6d4a97e634a39ded525650c9fbccb2f6967da20a54ec6f2a5 cpp-12_12.2.0-10_amd64.deb
36830a23700decc5d4b44d1bf95da30fbfd13bfa2a7cc81415fb62bc9ea38ce7 libpython3.10-minimal_3.10.9-1_amd64.deb
36b6fc603efaa2bfd22cff3a7773590dd6774a5d0d9b0c23b73306f3f58cbc20 libavif15_0.11.1-1_amd64.deb
372e28b68120da79b9eef0340e7d8480fb4503a85333d0afa6f3e27f13a58502 libc6-dev_2.36-6_amd64.deb
3771de1b0c70a480f2722de00df19a08557c27dda4fea905ac798050fd7ec702 librav1e0_0.5.1-5_amd64.deb
395448f62c350e6bd0a9e1030f6faebd80c02824f669deb62cef707bd8f6a9ce dpkg-dev_1.21.12_all.deb
3a8b61891f0ce9bd310088ce2d269d63b5afd88b9196fa4f046fd890faea4a17 libalgorithm-diff-perl_1.201-1_all.deb
3ac4fd6cbe3b3b06e68d24b931bf3eb9385b42f15604a37ed25310e948ca0ee6 libsasl2-modules-db_2.1.28+dfsg-10_amd64.deb
3b51dd882a3f08839537c5496442eb7e30a440e4be2f7397167502923bce7d43 perl-base_5.36.0-6_amd64.deb
3c8a97753835cb27d83efd4fa746d78c1c83a4980dc8cf3cc8b37cd5c28f3241 libdebconfclient0_0.265_amd64.deb
3c8b1eeb420337632d64f61495a81c9d975ffebeba8f303b7e71ee12ed85f08c libreadline8_8.2-1.2_amd64.deb
3d4b39f94317b64a860db8a7a8b581b555124cd461fe07ec0d347edbdb9f6683 libdeflate0_1.14-1_amd64.deb
3e2c8d2c1e0ef19659e447f53b6ef392dbbe24ac706a0f010bb15fa5c20d80f8 libc-dev-bin_2.36-6_amd64.deb
3e3ef129b4bf61513144236e15e1b4ec57fa5ae3dc8a72137abdbefb7a63af85 libtirpc-common_1.3.3+ds-1_all.deb
3f240b128963b65a5345f10c685407721336dd29e1a21685960d39d7e37a7537 libmpdec3_2.5.1-2_amd64.deb
3fc9742f9f1a37bcb9931df6074b4d1483419ef832ad5349f47323e75fc27864 libjansson4_2.14-2_amd64.deb
4044ed5b6a4e42bba42c087b35be02a8f0c3d63450977218cd497d552500202f libpam0g_1.5.2-5_amd64.deb
40e6d2cdd54c068c98dfd0f75d26a5795c37ee38c73468ca930e512569164ae1 libbsd0_0.11.7-1_amd64.deb
414cb803bbcf0850a629a95b69ea75d300c7d7d588a38c21a229f682926018cd sensible-utils_0.0.17_all.deb
421a2020132188fb1629716994a41c09153e04e5642850fa44600990b15342a1 libmagic-mgc_1%3a5.41-4_amd64.deb
429abbd86fef30596107b7327ff94856acf5b30477275b69a8c556417ebdeccd libblkid1_2.38.1-4_amd64.deb
438871b3f5c5c7a357a9840951dab9dab8db7eb1ff760a563226fafa111b99e5 bzip2_1.0.8-5+b1_amd64.deb
43c90d45f7cf5584108964b919d6c728680d81af5fa70c8fb367d661cef54e8c libnpth0_1.6-3_amd64.deb
4438d0bb9cf4a08bb2ae5a3ec59d23933584e964fc5ed550704d6f73d701636b media-types_8.0.0_all.deb
45922e6e289ffd92f0f92d2bb9159e84236ff202d552a461bf10e5335b3f0261 libnettle8_3.8.1-2_amd64.deb
4601e045d1f20da0f983b6c706169328e50cf219efd961f54095cf76d343dff8 libcrypt1_1%3a4.4.33-1_amd64.deb
4633d58ecf67ae2056530043065dee991492269467905c20884e285548e6277d libgcc-s1_12.2.0-10_amd64.deb
46dbe02369411b46f676ddb55fa8ee3a98f7a15607ddab785979c25bacb5d7db libalgorithm-merge-perl_0.08-5_all.deb
46dbf6a5097b7330848987636f302f270339e28be0bcc5f2dc39490621f56ee6 libsvtav1enc1_1.4.0+dfsg-1_amd64.deb
4914489233dbccf83139ee8bff065915982481aa44f3ffcde07a633db5908935 libzstd1_1.5.2+dfsg-1_amd64.deb
4950f88e69d601fcde4e548c7e72359fc992ed6daa5205d61acf4a16ef25fc02 rsync_3.2.6-4+b1_amd64.deb
49cfbe095c4bd03b10a242e0c1faa9fcd6b108953c62b28fc2025bfe5a47dccf e2fsprogs_1.46.6~rc1-1+b1_amd64.deb
49e64f0923cdecb2aaf6c93f176c25f63b841da2a501651ae23070f998967aa7 libxpm4_1%3a3.5.12-1_amd64.deb
4a2a8f92a9cf20acd9bdc7ae808e408d39bebc8c4c7a93419bbb4298288f203b libcrypt-dev_1%3a4.4.33-1_amd64.deb
4ac08d251e99812e90aca02d51b93f9dc6453d9403963733ac08c5f873732252 logsave_1.46.6~rc1-1+b1_amd64.deb
4af36a590b68d415a78d9238b932b6a4579f515ec8a8016597498acff5b515a4 libgdbm-compat4_1.23-3_amd64.deb
4c0af3e903ba0d374024865684d82bb08b2c3c78f49ca6c79c414a53041ef478 libss2_1.46.6~rc1-1+b1_amd64.deb
4cf64c4e1168f3c7e858bb4a71f2c5bea9a36dd448cdcc2154a551ac146e293b libgav1-1_0.18.0-1+b1_amd64.deb
4eaa56d2d0a0d648f8ecc65acb55a0f8463b695a528562f3608635f8359cd7a2 libkeyutils1_1.6.3-1_amd64.deb
504b7be9d7df4f6f4519e8dd4d6f9d03a9fb911a78530fa23a692fba3058cba6 libxext6_2%3a1.3.4-1+b1_amd64.deb
509f5260dcf607120694d5e1d9a6ca3ae07107fd1a52b603f6da97291642be90 libsepol2_3.4-2_amd64.deb
51c7fc3e9ae7a78fd7fe2994052cdaa62c68bb0a3ca58a74c588c01c4e8ac4bc libgprofng0_2.39.50.20221208-5_amd64.deb
5263737254410cbdb16c4c89a9a8027e92e37cc6517d500412bde8cc321733ef libcap-ng0_0.8.3-1+b2_amd64.deb
52d7d19964bb5e6aee946e540888890f0e9ae7dc5228e93f2505bdf8bc586396 manpages-dev_6.01-1_all.deb
5322e79ccfd14c22b55be391dcb03fbddae6e80b71af2de49afb4132867c32a2 git_1%3a2.35.1-1_amd64.deb
54149da3f44b22d523b26b692033b84503d822cc5122fed606ea69cc83ca5aeb libbz2-1.0_1.0.8-5+b1_amd64.deb
54e26547fb4f698843a8d504e31a6b9eae7137c5c65b9b0cc3aefcf6be3b7995 libctf0_2.39.50.20221208-5_amd64.deb
56beca470dcd9b6d7e6c3c9e9d702101e01e9467e62810a8c357bd7b9c26251d debian-archive-keyring_2021.1.1_all.deb
58d176ef84e4a0713f9d972af5aea07b992f2db396ac416012092cee4dafae73 libpam-runtime_1.5.2-5_all.deb
5912430927da16ccc831459679207fdbb9dfc5a206f2bab8d6f36d5a1ab53e25 libassuan0_2.5.5-5_amd64.deb
59c875947417a73f11e2bc2a7fcf12dac75b028109071365382b914b4effa9e0 readline-common_8.2-1.2_all.deb
5a466348531b9c38c8e5ccb18c231f27a98b9fdab61b37ea22592553de5d2ced liberror-perl_0.17029-2_all.deb
5b2d6325b76a18d8ed9a5b7e05479dd3f71eac3c0ddedbce60773140f7cfc594 libpython3-stdlib_3.10.6-1_amd64.deb
5b9c67e7b5d83584557b5e523149b0ab09a7597fbde97b85d6d4625f11f377dd libbinutils_2.39.50.20221208-5_amd64.deb
5ca9e86a3d144037a503d412dc464e6869e410a1c8685548bcd5bab6c01d3904 linux-libc-dev_6.0.12-1_amd64.deb
5d26306d12a45a8a03dca473490d56a765b58d61b53146c1c7784903cf59c45d libmpfr6_4.1.0-3_amd64.deb
6000ce7748ae79cb237c6c065e33a8f4976e518e95adba4bba0e591dc8698f75 util-linux_2.38.1-4_amd64.deb
608a01a26f2edaedc42d705e88fb5ec692462e1800954dea3a5e73900b477ab8 libfontconfig1_2.13.1-4.5_amd64.deb
61038f857e346e8500adf53a2a0a20859f4d3a3b51570cc876b153a2d51a3091 coreutils_9.1-1_amd64.deb
61a9c2989db7b699dc179bcaa7beadad9cbcff46cf5f43539769dc0c09aa401d sed_4.8-1_amd64.deb
62758cd5d9488139571f1b87d138abb8373f702cd528a23297cba27491364a62 dash_0.5.11+git20210903+057cd650a4ed-9_amd64.deb
64094f1345d904e3887983c9114c259952b6002e834063d8edad64728ad1fa4d binutils_2.39.50.20221208-5_amd64.deb
643df5f50c44e94fefdd157fee2f62e1914c037918674a267ec0571a8b5689e2 libacl1_2.3.1-2_amd64.deb
64cde86cef1deaf828bd60297839b59710b5cd8dc50efd4f12643caaee9389d3 liblz4-1_1.9.4-1_amd64.deb
6500982180b192f71acf4dfd22705d85c8344512090253b9fef8672db70e7d91 libperl5.36_5.36.0-6_amd64.deb
65f2e3ae1b233aa51caea2e9b9b06925311b486f5a1941e72523daa638824ecc libheif1_1.13.0-1_amd64.deb
66f8aedfb961b19852a8f0f8c9f5f6484a267ef6cc19552d7481333a1b963701 libuuid1_2.38.1-4_amd64.deb
679db1c4579ec7c61079adeaae8528adeb2e4bf5465baa6c56233b995d714750 libxau6_1%3a1.0.9-1_amd64.deb
68aa3b3bdac8b34802df7e2e950bae64c40aa6c2b24fed356b832968f8305aa0 libfile-fcntllock-perl_0.22-4+b1_amd64.deb
6995822451e1300baa41b953c19f1094640ad4237982612583e980d32e18eee5 wget_1.21.3-1+b2_amd64.deb
6b07c77b700a615642888a82ba92a7e7c429d04b9c8669c62b2263f15c4c4059 libjbig0_2.1-6.1_amd64.deb
6b149908d8f7c33806274ffed964008f73141ed17971666e9eb983571870c8e4 openssl_3.0.7-1_amd64.deb
6b32fa198ef48c19b28146b6f374625ae0a1d79dcc19bd65eb49f6a1594077bd passwd_1%3a4.13+dfsg1-1_amd64.deb
6c19a5d18c8350744581fbd25d5d29e2b7101053e25aafa4e1ffcc2b505b2f1c libxxhash0_0.8.1-1_amd64.deb
6d9f6c25c30efccce6d4bceaa48ea86c329a3432abb360a141f76ac223a4c34a libffi8_3.4.4-1_amd64.deb
6f94b488255acd996254f775c77ff3956557c61f860a3c9caeaf65457554194f libpopt0_1.19+dfsg-1_amd64.deb
702ab01235bffacab40eae14e96c66e92aec783ab7b3a418ee49dd6c8e5e1332 grep_3.8-3_amd64.deb
7038b4d856aff8b4054f879c488c1298db5a83ecfa6280f85706f20e2e1935f1 libalgorithm-diff-xs-perl_0.04-8+b1_amd64.deb
70d356876847a9a540b5bebd02b2141f9de292e7ce17a596cafdecb15c39ba21 libisl23_0.25-1_amd64.deb
70f79905c004691a74d2badbe3c69fce9e98833d7cd77bf3cb7f4fab5bd973a1 libkrb5-3_1.20.1-1_amd64.deb
737802943ba4ae9d3153b466ee20802f76d8a42492b430dc7bc2300fd0e9c96c libelf1_0.188-1_amd64.deb
73d4a22bdd7eb6be1e480d6884b103eb500cfd539cc20ae0f3e44dd8b0614798 cpio_2.13+dfsg-7.1_amd64.deb
74fc57a345749cce5ff879f119066eea075cebd98998cecfe70369d092e4912e libstdc++-12-dev_12.2.0-10_amd64.deb
770cb7513fc5370e841a10fe0385a52f892bb2f69ae8298f5569b1c2eb1787de libx11-6_2%3a1.8.1-2_amd64.deb
771f5c47ca69f24ca61e4be0c98c5912b182ce442f921697d17a472f3ded5c9c liblerc4_4.0.0+ds-2_amd64.deb
77bf08617463e8c5f8ecae1cbef1e9d0cee6d4c55662f59c4778d81d538250d7 login_1%3a4.13+dfsg1-1_amd64.deb
7a3ae3e97d0d403a4c54663c0bb48e9341d98822420a4ab808c6dc8e8474558f libcap2_1%3a2.44-1_amd64.deb
7b00efe3ec732cda15d49d5730a502194c6c6ec2520e47bef6a4bbfd3497aa86 libpcre2-8-0_10.40-3_amd64.deb
7b685f8294487d0573370a7040c4a811c67ac4641d50a0d010a2bb0fcb67eed5 libx11-data_2%3a1.8.1-2_all.deb
7b77cca4d7990fd4297570715a4138aabce7e4510163968cc83e0ad2726abc57 manpages_6.01-1_all.deb
7ca71c3ea78de3435f1e48d346e2502a8711795a23445ab693f134d21c727606 libncurses-dev_6.3+20220423-2_amd64.deb
7d7ce91b0397ef9d28525c79103f34d809ec691d56fc3744b44add10c87c9287 perl_5.36.0-6_amd64.deb
7d8c5add2cebc79c0bbd9d1380e85a2379409b8106fdd929032e8fe1307b4c5d bash_5.2-2+b1_amd64.deb
7e65be476b311eefed916f07576d59996a597359d7a25d7f40de6bd94d9a1277 python3_3.10.6-1_amd64.deb
835f806c21ae25e39053bd3057051640341b0cf08e1db9746fd82e370d82fa30 libsemanage-common_3.4-1_all.deb
83b44b9624711f954d91a4b0414b2f8d46fbc00a222e4c20614c16337a872762 libssl3_3.0.7-1_amd64.deb
8695fcedf470144d64dfc0123dc6821d2e72cb311225cea1e83d8b6e295722d0 libcurl3-gnutls_7.86.0-2_amd64.deb
89944ee11d7370ce6ef46fc52f094c4a6512eff8943ec4c6ebefeae6360ceada libgpg-error0_1.46-1_amd64.deb
89f79c82e9419dbd20b415e7610109cb4de4fc2cb750f1089209ee919f521be8 libldap-2.5-0_2.5.13+dfsg-2+b1_amd64.deb
8a80e834ebbfd1313d45a3d5a7d018680b943287f0fdd750ed2eddc90027fd6d libmpc3_1.2.1-2_amd64.deb
8a9d4d0a0459e86cd140c6ce63d71fa3ddb8425d82ab69f2876e3ebda3d88dc8 libasan8_12.2.0-10_amd64.deb
8c6d49b771530dbe26d7bd060582dc7d2b4eeb603a20789debc1ef4bbbc4ef67 patch_2.7.6-7_amd64.deb
8cbd111e1ad1c1357afb18f916c88c7ebb8cc860b8fac04ccc66a9eefe5a53af libcbor0.8_0.8.0-2+b1_amd64.deb
8f9196f7ac4487dd62ba7099e86bdfc6f17bf2d6c23f9f07022efbda502efdc4 libk5crypto3_1.20.1-1_amd64.deb
8fe1525f25334c3e9e1237cc6b8ba3b6b3089153d71d9f36b79ea46771939b1d publicsuffix_20220811.1734-1_all.deb
908ca1b35125f49125ae56945a72bc11ce0fcec85a8d980d10d83bb3a610f518 base-passwd_3.6.1_amd64.deb
90a2f213a2e730ca86a265ed58e99da621aa81f59d30c84fe7cdcfcdd2e95e2a dirmngr_2.2.40-1_amd64.deb
91e8961647518c06aed17920fb34ea8f0f92894d28149d94e2c324539853aaf4 libcom-err2_1.46.6~rc1-1+b1_amd64.deb
925f944100d399dd765ceb0de772cf747b92a311eae99d0a64008c2c92925cda gnupg_2.2.40-1_all.deb
92b94fe8bcf38803f0d953caf4f13bbb2f4f83f3c4b12ea3ae229d07ed248a79 libudev1_252.2-2_amd64.deb
941cf15477c0a2660864e1724e3738f869ee307587032a4dcc3f902d72b4ed57 libmagic1_1%3a5.41-4_amd64.deb
9559ab9601706910cff06144246471560a0e62cd3111b883fc902573a353feea liblzma5_5.2.9-0.0_amd64.deb
95fe4a1336532450e67bd067892f46eaa484139919ea8d067a9ffcbf5a4bf883 libgdbm6_1.23-3_amd64.deb
983ca41d506fa159536cd584118855748763f5f5a3b5949206bee4a62ec0cbf9 libxmuu1_2%3a1.1.3-3_amd64.deb
9c29e856bf381b25b0e5a429edfb925f89a5f910cb5ada8b01cd9b9ccfb49529 gpg-wks-client_2.2.40-1_amd64.deb
9cd87d1b0c56f34f51bcbe8bdb55ebb45dd08ce6c0c6ff2dc77378bac3f64cc0 libx265-199_3.5-2+b1_amd64.deb
9e6dfd1773d3486409116ea6571f6eeb1058b89ee33a56db52f584acfbd963db g++_4%3a12.2.0-1_amd64.deb
9f8985f120c7a6bd9abed8ac016dc29624f19f91f0699369e4d3940523675695 ncurses-base_6.3+20220423-2_all.deb
9fb65819e3d595d8a4325810788a8f7f9ca1cd3d0f2e0ca8816a2e2e2822cb8f libpython3.10-stdlib_3.10.9-1_amd64.deb
a0f4d9f42dcd12746f9aefbac32b9846aed45ad5fc532cecb0b83c518bf5d0bd libc-bin_2.36-6_amd64.deb
a1a83af8cbd854af887b72ad196b1f4af58387815e21ced1000253a116a46e2a make_4.3-4.1_amd64.deb
a36404e2b6e889d1c6e4f33a498a0413b766a3df558d1fe4ff4c33fa9ff4ce99 binutils-x86-64-linux-gnu_2.39.50.20221208-5_amd64.deb
a5f06cc885e0710c6ab4b82a293ae4412bf28ba7166ab6b844f55235c50089ed libgcc-12-dev_12.2.0-10_amd64.deb
a672bd3c22f639df30515b89cf9b86b2b887ffbdd1876737724d5515652ebd7c gcc_4%3a12.2.0-1_amd64.deb
aaf001e0d4c68f995f9efbc551d54f213122fef99b3eaf9e28286bda6c03da73 libabsl20220623_20220623.1-1_amd64.deb
ab9f503b5f22d3eeb89cb5927cb38d7b90c8088a6d658588aea1bd64e1d565b5 libldap-common_2.5.13+dfsg-2_all.deb
aca5921e0d1bd6611cd7f1ff9c4c8cbdc2fdfc340134a5a17e56e983ec7d56bb libc-devtools_2.36-6_amd64.deb
ae412490d277484dc79560b82023a656032dffa0d614316d1b0f4a58aa6c5ec9 gnupg-l10n_2.2.40-1_all.deb
ae924c4961cac4e450793f04301ff6d993569915ed87825b14af5d602d3c48bc libncursesw6_6.3+20220423-2_amd64.deb
af2957b92976a45dffa0f454fd2d8553e49a091f8702d510eda4374092d03fd4 cpp_4%3a12.2.0-1_amd64.deb
b09481e7690680966005330c3f907bba4b5eefc35e1faaea4783cc55655d1150 libfaketime_0.9.10-2.1_amd64.deb
b13b353b3655a800d63167e8741ae327cc3dd29729e69ee4b6f01ca6102b1d15 libselinux1_3.4-1+b3_amd64.deb
b1966bea9832686a0fd5ddba9787dce5816ebe02218a4a8f7472a1628d73451b libsasl2-modules_2.1.28+dfsg-10_amd64.deb
b1e8e1301552b2e27db6db28d652913cf7e836846fa9aa70c667b88436659b88 gpg_2.2.40-1_amd64.deb
b212c3c7bb16ae7b1896676b7ddf26f8fc6159e88998a253ccecd82a7fe0c42a libsystemd0_252.2-2_amd64.deb
b2af4cbcf7f407f2552f9f5ffbcb0edd32091fcf4a3909cbc3ad01e83e11c011 util-linux-extra_2.38.1-4_amd64.deb
b5bb46fa5a6322b76474167c0872a7c9a43a3dbacda33fb95a567f2910629d55 gpgv_2.2.40-1_amd64.deb
b983ab23743da7f3800b4218e852ff0140927d2fe75b70534ac03e196516aeda fontconfig-config_2.13.1-4.5_amd64.deb
ba2c5558c5c9323dc5ce0011157a72279789d1016bfadf18b6c3f5cda3099786 libyuv0_0.0~git20221118.ea26d7a-2_amd64.deb
baaa4e935c5e3bcd57d4f2f4e7a1ddc67bd4eb8629d98f97a696548849ae01ac bc_1.07.1-3+b1_amd64.deb
bb73e6e11dd177b249e8c74572a3f77737afe9c4e2218cece5175f42198fc0ea libfakeroot_1.29-1_amd64.deb
bb81a188c119cd7fdebae723cbc95887b6c549b2fe4fb7e268a9c8846444da99 libnsl-dev_1.3.0-2_amd64.deb
bbfd38de41898a06326f2a6ce4cc43e8e399f5566381231065b01d70499d5ba5 build-essential_12.9_amd64.deb
bcbc83f391854ea9d50ce2a4101aacf330de3b8b71d81a798faadba14a157f78 mawk_1.3.4.20200120-3.1_amd64.deb
bd8e963c6edcf1c806df97cd73560794c347aa94b9aaaf3b88eea585bb2d2f3c tar_1.34+dfsg-1_amd64.deb
beed9907afb85315ba2f5fc60fa09f0f9be2a409157cc2d45379b2e788698b0a libmount1_2.38.1-4_amd64.deb
bffcac7e4f69e39d37d4a33e841d6371ac8b5aba6cd55546b385dc7ff6c702f5 libgcrypt20_1.10.1-3_amd64.deb
c0161783577d1715c8a8ce101a8a513b14d141187ec3d05146721b0422ee9480 less_590-1_amd64.deb
c0d83437fdb016cb289436f49f28a36be44b3e8f1f2498c7e3a095f709c0d6f8 libnsl2_1.3.0-2_amd64.deb
c4e2eb142f8946b3a298bb807f41528332c6559691528ce547a409a7ca3ea7bc python3.10-minimal_3.10.9-1_amd64.deb
c6435f0dfbfaf7beb6dad9b98c92ab7b8569a0eaff78f40aa4a8a97faf407fa9 usr-is-merged_33_all.deb
c843bd13fde80bc21b178312059112cf5cfbcdb763e3f322f3fca0704d639815 libksba8_1.6.2-4_amd64.deb
c9a0cbb6c0c1a1b16179ac9027a0660da875a0fd52ef300d52bb73493d79138b libapt-pkg6.0_2.5.4_amd64.deb
caaec354f90fe671709b3fa2b969a9a618462fb2cc3fe03f8d28806f720a115f tzdata_2022f-1_all.deb
cbe97163f8d968b27ce68403787a32d0e1aa1e8bd1301a11ef20a7a5671adc4a diffutils_1%3a3.8-1_amd64.deb
cc0ffedcc1fb025a09dc3b7a62bac773d29c0a12bdcdd4fed2cfaa44520d132d gpg-agent_2.2.40-1_amd64.deb
cc6a8974d64157873030c7c61d7c872552ddadf31f6d35b9bc4d69c69eb72ba9 libpcre3_2%3a8.39-14_amd64.deb
cd4f20458589b515a1e39bf641e254d9e474e0d631d6eee5485cc1250a7a9808 mount_2.38.1-4_amd64.deb
cde841b275163fd0e5d742b61df46fd7eb6b7bfc8c44f8537124f61e6bcccacc libgomp1_12.2.0-10_amd64.deb
d095b7e3ff500f226cf752aeaced7df40e04682d34d4a1f7b0e47e92ffe6c079 libseccomp2_2.5.4-1+b2_amd64.deb
d202861c602f3719350d4aede3e4c65ea88d6529b2e1e7115f805091f624e7fa krb5-locales_1.20.1-1_all.deb
d20a3ee34fa84ad8bd381e8be6e9c2c2ea32347cff5e1169c10e978d43f54f24 libssh2-1_1.10.0-3+b1_amd64.deb
d25fb9a24b8037f7fb513cd1706e6f11122f2890f994ee321fe7988e10567878 libsemanage2_3.4-1+b3_amd64.deb
d466bbfe011d764d793c1d9d777cad9c7cf65b938e11598f27408171ad95a951 libunistring2_1.0-2_amd64.deb
d4c7b71ce8628e2baa6b1ef3dc3871fdeb5747ab12ff8dcda0c29c379da7d38b gcc-12_12.2.0-10_amd64.deb
d50716d5824083d667427817d506b45d3f59dc77e1ca52de000f3f62d4918afa libidn2-0_2.3.3-1+b1_amd64.deb
d62e8967437998b351daaaf69e8886592574725d7e88d525625d29fd2b961339 libgssapi-krb5-2_1.20.1-1_amd64.deb
d716f5b4346ec85bb728f4530abeb1da4a79f696c72d7f774c59ba127c202fa7 libpsl5_0.21.0-1.2_amd64.deb
d7abcfaa67bc16c4aed960c959ca62849102c8a0a61b9af9a23fcc870ebc3c57 ca-certificates_20211016_all.deb
d7dd1d1411fedf27f5e27650a6eff20ef294077b568f4c8c5e51466dc7c08ce4 zlib1g_1%3a1.2.13.dfsg-1_amd64.deb
d85f4d2f4f740d09d5f578cf15bbb9b6a912a849047cf807253605d4815745e8 libfreetype6_2.12.1+dfsg-3_amd64.deb
d8c263f47b03a942f2b807187dcc08286f8810c776f18e828dae0cc8b6375da5 libncurses6_6.3+20220423-2_amd64.deb
d98df4f21fc17d8436e230acb36acc8a53a74e3cbcfb13a96a9f823c32fda695 debianutils_5.7-0.4_amd64.deb
db2d207ae363db66000eec1367d87a5e88c638c5452738059c876580dcc2fc1a libgnutls30_3.7.8-4_amd64.deb
db7c6704938a114c3028dd5bb4c05daa390d340f57cd882345a3290f88911314 gpgconf_2.2.40-1_amd64.deb
dc32727dca9a87ba317da7989572011669f568d10159b9d8675ed7aedd26d686 libpng16-16_1.6.39-2_amd64.deb
dc846a0eb742ee2d269e2f32bb351865d8014b39f1b1352af1cb4243b84497ef libtiff5_4.4.0-6_amd64.deb
de2ae6cde14431c23b962246f0c304c526865a50c559edb30e9c056aa26a51e4 libpam-modules-bin_1.5.2-5_amd64.deb
de70f6f7625819163f23f139fe47696a7e6b6eb5dad3eb12d88bddf3fd088b98 unzip_6.0-27_amd64.deb
de7b7e4405d619241447144e88549c74abe4c5617b5b894821d975693209cefb debconf_1.5.80_all.deb
dfd4b424dca7349cbb474cca239ee54363d85fdb13462a05ebd8e35d42bd6232 base-files_12.3_amd64.deb
e0a108909fd3dae44e4a1cb3b91044012aea387b2734334ff816b6a78a0126ac libc6_2.36-6_amd64.deb
e1f69020dc2c466e421ec6a58406b643be8b5c382abf0f8989011c1d3df91c87 librtmp1_2.4+20151223.gitfa8646d.1-2+b2_amd64.deb
e3a156b87d37e8627a3a003c9a40d0e098bb1cec6938065b8c29dd844a1383b1 libdb5.3_5.3.28+dfsg1-0.10_amd64.deb
e3ddd34ed745867a628dbf413f271d6a7f8c5b0d5e01a4103d12240fc6a9d31a libstdc++6_12.2.0-10_amd64.deb
eabec1dde2834f72540d7b93fc5df2625f52611c06d93d61f5cdb12480e0e6a3 gzip_1.12-1_amd64.deb
ebb1e8a210f61f48d95baedb3b03f32996b7e0e0abad1e319075ae2da36e9c6b libtinfo6_6.3+20220423-2_amd64.deb
ebef6bcd777b5c0cc2699926f2159db08433aed07c50cb321fd828b28c5e8d53 ucf_3.0043_all.deb
ec6dcc8ba88087606e70f8ef2e80952974da60a9f2745cc5316a91c2f06951c8 libext2fs2_1.46.6~rc1-1+b1_amd64.deb
ecb8536f5fb34543b55bb9dc5f5b14c9dbb4150a7bddb3f2287b7cab6e9d25ef libxdmcp6_1%3a1.1.2-3_amd64.deb
ed2328befa036dcb0455deecb4787c91e48606ebbea28aa329bd2a10adb7b2aa python3-minimal_3.10.6-1_amd64.deb
ed43d96b4cae0ff0f2208456222151922ecd0bc1118f1e757ebe18206967a8ee libaom3_3.5.0-1_amd64.deb
ed8185c28b2cb519744a5a462dcd720d3b332c9b88a1d0002eac06dc8550cb94 libhogweed6_3.8.1-2_amd64.deb
eec4dc9d949d2c666b1da3fa762a340e8ba10c3a04d3eed32749a97695c15641 libtasn1-6_4.19.0-2_amd64.deb
f3928b657449bc65fb2e13f5a0370c6b30d6e57a9de2eb13ce2ef9f277c8dc0b xz-utils_5.2.9-0.0_amd64.deb
f79c858a5f9041fa7a836580816658a7cff16c562d32ae658347ae4a58b8ed75 adduser_3.129_all.deb
f827028f9abbf30a2a6a7fc550482ae7dc1386fc1e4bb0335d79d7d0cc9c4a7f libatomic1_12.2.0-10_amd64.deb
f9227bd91f834652cbb55c940cbc62f2230c1cfc649437a2efbca11767fd144b libitm1_12.2.0-10_amd64.deb
f9a0fa43e37e835d44a728eaca53fe4e33f53cd5490199444c0c7d48bf3df67a gpgsm_2.2.40-1_amd64.deb
f9ce24cbf69957dc1851fc55adba0a60b5bc617d51587b6478f2be64786442f1 init-system-helpers_1.65.2_all.deb
f9ce531f60cbd5df37996af9370e0171be96902a17ec2bdbd8d62038c354094f zlib1g-dev_1%3a1.2.13.dfsg-1_amd64.deb
fbdab45294d400a875d846da9a1da0b23854323fd03b5943bf54cd6125e41c96 libnghttp2-14_1.51.0-1_amd64.deb
fc39271fdb2bfc46531f8c156e9ea02dd40935e21eddccf0d8c29c58d97a1f93 libaudit-common_1%3a3.0.7-1.1_all.deb
fdc61332a3892168f3cc9cfa1fe9cf11a91dc3e0acacbc47cbc50ebaa234cc71 libxcb1_1.15-1_amd64.deb
fdd885dc27ec30f87312c959d1b44db6faffbc07b8eaec0d5a5e5b2fbcd79d46 libsqlite3-0_3.40.0-1_amd64.deb
fe36a7f35361fc40d0057ef447a7302fd41d51740d51c98fb3870bbed5b96e56 libexpat1_2.5.0-1_amd64.deb
fe524a9de7ed6b2a1465693f12d5f7be2d2d9f6d6e6bf028f17109263e173dc8 liblocale-gettext-perl_1.07-5_amd64.deb
feb6aaa0bd183246ca915b88825c68f3b5a6507bc70a8c2eb70d1e4cb9e83225 libsmartcols1_2.38.1-4_amd64.deb
ff12fc51e092aaae4992317c5f7f26d1e73e6fde4296a8cdfe1b739b51e4b0ab xauth_1%3a1.1.1-1_amd64.deb
ff1d5281131fb36c6da4f3c40a6b75010bf94f2b15fd3497500a1b056d01c63b ncurses-bin_6.3+20220423-2_amd64.deb
ff79706e87a63a34de6ade3632dc0855029ff7abb36ef9976d5e229887c836f9 gpg-wks-server_2.2.40-1_amd64.deb
ffd88ba260f07a50c33e849bce75895f17c993d8040397941c58703701d184c3 libpam-modules_1.5.2-5_amd64.deb

View File

@ -0,0 +1,13 @@
debian-archive-keyring
build-essential
git
libfaketime
file
wget
cpio
unzip
rsync
bc
libncurses-dev
python3
libelf-dev

View File

@ -0,0 +1,259 @@
adduser=3.129
apt=2.5.4
base-files=12.3
base-passwd=3.6.1
bash=5.2-2+b1
bc=1.07.1-3+b1
binutils-common=2.39.50.20221208-5
binutils-x86-64-linux-gnu=2.39.50.20221208-5
binutils=2.39.50.20221208-5
bsdutils=1:2.38.1-4
build-essential=12.9
bzip2=1.0.8-5+b1
ca-certificates=20211016
coreutils=9.1-1
cpio=2.13+dfsg-7.1
cpp-12=12.2.0-10
cpp=4:12.2.0-1
dash=0.5.11+git20210903+057cd650a4ed-9
debconf=1.5.80
debian-archive-keyring=2021.1.1
debianutils=5.7-0.4
diffutils=1:3.8-1
dirmngr=2.2.40-1
dpkg-dev=1.21.12
dpkg=1.21.12
e2fsprogs=1.46.6~rc1-1+b1
fakeroot=1.29-1
file=1:5.41-4
findutils=4.9.0-3
fontconfig-config=2.13.1-4.5
fonts-dejavu-core=2.37-2
g++-12=12.2.0-10
g++=4:12.2.0-1
gcc-12-base=12.2.0-10
gcc-12=12.2.0-10
gcc=4:12.2.0-1
git-man=1:2.35.1-1
git=1:2.35.1-1
gnupg-l10n=2.2.40-1
gnupg-utils=2.2.40-1
gnupg=2.2.40-1
gpg-agent=2.2.40-1
gpg-wks-client=2.2.40-1
gpg-wks-server=2.2.40-1
gpg=2.2.40-1
gpgconf=2.2.40-1
gpgsm=2.2.40-1
gpgv=2.2.40-1
grep=3.8-3
gzip=1.12-1
hostname=3.23
init-system-helpers=1.65.2
krb5-locales=1.20.1-1
less=590-1
libabsl20220623=20220623.1-1
libacl1=2.3.1-2
libalgorithm-diff-perl=1.201-1
libalgorithm-diff-xs-perl=0.04-8+b1
libalgorithm-merge-perl=0.08-5
libaom3=3.5.0-1
libapt-pkg6.0=2.5.4
libasan8=12.2.0-10
libassuan0=2.5.5-5
libatomic1=12.2.0-10
libattr1=1:2.5.1-3
libaudit-common=1:3.0.7-1.1
libaudit1=1:3.0.7-1.1+b2
libavif15=0.11.1-1
libbinutils=2.39.50.20221208-5
libblkid1=2.38.1-4
libbrotli1=1.0.9-2+b5
libbsd0=0.11.7-1
libbz2-1.0=1.0.8-5+b1
libc-bin=2.36-6
libc-dev-bin=2.36-6
libc-devtools=2.36-6
libc6-dev=2.36-6
libc6=2.36-6
libcap-ng0=0.8.3-1+b2
libcap2=1:2.44-1
libcbor0.8=0.8.0-2+b1
libcc1-0=12.2.0-10
libcom-err2=1.46.6~rc1-1+b1
libcrypt-dev=1:4.4.33-1
libcrypt1=1:4.4.33-1
libctf-nobfd0=2.39.50.20221208-5
libctf0=2.39.50.20221208-5
libcurl3-gnutls=7.86.0-2
libdav1d6=1.0.0-2
libdb5.3=5.3.28+dfsg1-0.10
libde265-0=1.0.9-1
libdebconfclient0=0.265
libdeflate0=1.14-1
libdpkg-perl=1.21.12
libedit2=3.1-20221030-2
libelf-dev=0.188-1
libelf1=0.188-1
liberror-perl=0.17029-2
libexpat1=2.5.0-1
libext2fs2=1.46.6~rc1-1+b1
libfakeroot=1.29-1
libfaketime=0.9.10-2.1
libffi8=3.4.4-1
libfido2-1=1.12.0-2
libfile-fcntllock-perl=0.22-4+b1
libfontconfig1=2.13.1-4.5
libfreetype6=2.12.1+dfsg-3
libgav1-1=0.18.0-1+b1
libgcc-12-dev=12.2.0-10
libgcc-s1=12.2.0-10
libgcrypt20=1.10.1-3
libgd3=2.3.3-7
libgdbm-compat4=1.23-3
libgdbm6=1.23-3
libgmp10=2:6.2.1+dfsg1-1.1
libgnutls30=3.7.8-4
libgomp1=12.2.0-10
libgpg-error0=1.46-1
libgpm2=1.20.7-10+b1
libgprofng0=2.39.50.20221208-5
libgssapi-krb5-2=1.20.1-1
libheif1=1.13.0-1
libhogweed6=3.8.1-2
libidn2-0=2.3.3-1+b1
libisl23=0.25-1
libitm1=12.2.0-10
libjansson4=2.14-2
libjbig0=2.1-6.1
libjpeg62-turbo=1:2.1.2-1+b1
libk5crypto3=1.20.1-1
libkeyutils1=1.6.3-1
libkrb5-3=1.20.1-1
libkrb5support0=1.20.1-1
libksba8=1.6.2-4
libldap-2.5-0=2.5.13+dfsg-2+b1
libldap-common=2.5.13+dfsg-2
liblerc4=4.0.0+ds-2
liblocale-gettext-perl=1.07-5
liblsan0=12.2.0-10
liblz4-1=1.9.4-1
liblzma5=5.2.9-0.0
libmagic-mgc=1:5.41-4
libmagic1=1:5.41-4
libmd0=1.0.4-2
libmount1=2.38.1-4
libmpc3=1.2.1-2
libmpdec3=2.5.1-2
libmpfr6=4.1.0-3
libncurses-dev=6.3+20220423-2
libncurses6=6.3+20220423-2
libncursesw6=6.3+20220423-2
libnettle8=3.8.1-2
libnghttp2-14=1.51.0-1
libnpth0=1.6-3
libnsl-dev=1.3.0-2
libnsl2=1.3.0-2
libnuma1=2.0.15-1
libp11-kit0=0.24.1-1
libpam-modules-bin=1.5.2-5
libpam-modules=1.5.2-5
libpam-runtime=1.5.2-5
libpam0g=1.5.2-5
libpcre2-8-0=10.40-3
libpcre3=2:8.39-14
libperl5.36=5.36.0-6
libpng16-16=1.6.39-2
libpopt0=1.19+dfsg-1
libpsl5=0.21.0-1.2
libpython3-stdlib=3.10.6-1
libpython3.10-minimal=3.10.9-1
libpython3.10-stdlib=3.10.9-1
libquadmath0=12.2.0-10
librav1e0=0.5.1-5
libreadline8=8.2-1.2
librtmp1=2.4+20151223.gitfa8646d.1-2+b2
libsasl2-2=2.1.28+dfsg-10
libsasl2-modules-db=2.1.28+dfsg-10
libsasl2-modules=2.1.28+dfsg-10
libseccomp2=2.5.4-1+b2
libselinux1=3.4-1+b3
libsemanage-common=3.4-1
libsemanage2=3.4-1+b3
libsepol2=3.4-2
libsmartcols1=2.38.1-4
libsqlite3-0=3.40.0-1
libss2=1.46.6~rc1-1+b1
libssh2-1=1.10.0-3+b1
libssl3=3.0.7-1
libstdc++-12-dev=12.2.0-10
libstdc++6=12.2.0-10
libsvtav1enc1=1.4.0+dfsg-1
libsystemd0=252.2-2
libtasn1-6=4.19.0-2
libtiff5=4.4.0-6
libtinfo6=6.3+20220423-2
libtirpc-common=1.3.3+ds-1
libtirpc-dev=1.3.3+ds-1
libtirpc3=1.3.3+ds-1
libtsan2=12.2.0-10
libubsan1=12.2.0-10
libudev1=252.2-2
libunistring2=1.0-2
libuuid1=2.38.1-4
libwebp7=1.2.2-2+b2
libx11-6=2:1.8.1-2
libx11-data=2:1.8.1-2
libx265-199=3.5-2+b1
libxau6=1:1.0.9-1
libxcb1=1.15-1
libxdmcp6=1:1.1.2-3
libxext6=2:1.3.4-1+b1
libxmuu1=2:1.1.3-3
libxpm4=1:3.5.12-1
libxxhash0=0.8.1-1
libyuv0=0.0~git20221118.ea26d7a-2
libzstd1=1.5.2+dfsg-1
linux-libc-dev=6.0.12-1
login=1:4.13+dfsg1-1
logsave=1.46.6~rc1-1+b1
make=4.3-4.1
manpages-dev=6.01-1
manpages=6.01-1
mawk=1.3.4.20200120-3.1
media-types=8.0.0
mount=2.38.1-4
ncurses-base=6.3+20220423-2
ncurses-bin=6.3+20220423-2
netbase=6.4
openssh-client=1:9.1p1-1
openssl=3.0.7-1
passwd=1:4.13+dfsg1-1
patch=2.7.6-7
perl-base=5.36.0-6
perl-modules-5.36=5.36.0-6
perl=5.36.0-6
pinentry-curses=1.2.1-1
publicsuffix=20220811.1734-1
python3-minimal=3.10.6-1
python3.10-minimal=3.10.9-1
python3.10=3.10.9-1
python3=3.10.6-1
readline-common=8.2-1.2
rpcsvc-proto=1.4.3-1
rsync=3.2.6-4+b1
sed=4.8-1
sensible-utils=0.0.17
sysvinit-utils=3.05-7
tar=1.34+dfsg-1
tzdata=2022f-1
ucf=3.0043
unzip=6.0-27
usr-is-merged=33
util-linux-extra=2.38.1-4
util-linux=2.38.1-4
wget=1.21.3-1+b2
xauth=1:1.1.1-1
xz-utils=5.2.9-0.0
zlib1g-dev=1:1.2.13.dfsg-1
zlib1g=1:1.2.13.dfsg-1

View File

@ -0,0 +1,6 @@
deb http://deb.debian.org/debian bookworm main
deb http://security.debian.org/debian-security bookworm-security main
deb http://deb.debian.org/debian bookworm-updates main
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20221220T000000Z bookworm main
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian-security/20221220T000000Z bookworm-security main
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20221220T000000Z bookworm-updates main

BIN
dist/airgap.iso (Stored with Git LFS) vendored

Binary file not shown.

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAmav8FIACgkQjkeh7DWh
VR2ujw//c1eVHC92aVyVyqh5gXdm6JSioEdHRI8bELF47AkfMUgy6aJ2pOnofXA4
f9zSFOJLyxxEHbBhRBcAGP6RtpoY4z4gw/s+eAfklEe+BqQiYAKmllZu7ol3nFVD
07QmKgvHcqu1hU5kdK6ID9wpjS4/iR1IcNWRS/gfvHMKx3tLRjBP7p50gpF41LAo
tE3tcNhMabPqCDTQAZd5TNmimA6MeOhria40LJQkBHlygK/N1H+hdQJLgi1SOLvX
PBMjb+8Jm7d6PmjzGGvZXHWSy0+XUjgjkaU7C7+kZXQJ9KUO4eglVKvftolcR+KL
hv0efyYvzCqoaubAGgS5fyvO5Ab2AwF+4XuArWOFd9HyiiCp5R8Fx+YR6MjXg7J2
sokdFrDkOmwVTiLQ2ovz4XvDIM1lfgt4noMek96KRJzzzLlICuqi8I/VNS9qU9zN
BhZGtzNMXDHnf4qzlw6KoIR9Zru2UQcRLc2kEkFDd9ucRzpTPebNhRJW0El0+pzx
B/sThigYbsf+l3uaaDkQ60mCnvHkA/WX1lHdHnHnG6wUQSR2gom+C3wmNRUkG1Li
zWcqbImzRFptbOBcCgowNcAZ3qiyrZW0/Rra5rGnww290M42AQVdYabeWCFrP0TO
N19Qm1W6T6vzQyV9W5EeaHp0C/WrXdv2q1GXmM9C7+3vEKFsUJw=
=v/rK
-----END PGP SIGNATURE-----

16
dist/manifest.63F4039477D6CA8D.asc vendored Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEdNt7Hf0dLXYj6ptEh0mIPqwJz1YFAmXx8RoACgkQh0mIPqwJ
z1Zx+A/9Hrvlpveo3EhjRCPG59PFsaK5TK9YUfWvT4FbZCqPoXPjjBQttJrVZ8CE
+imBekXNj4/Z2rk40dbNEBGUWlFl5u0M8p4drYUCXs7i6FzAAwMsUvQCoPzV78nU
nTZz5VhWrLVQg00Z2oFJXJGZ5BffuhuYt9PzygZptPA2rfXZYRx0PlJRVn3GqFtn
52+pc7J7ZzOZKaO8Yoy4W/7K6KQZZ5VHnZzB2TvcTYWlA1EJ8+/tvScG2nC7m7gO
dJHDKiRZeuSFbiZaq7slea4XsBUPPycPjzxhZi8RCOlDpbjx2jRjjCE4iNpi1yum
WtQYS+dDj2apMS1C8ACAKHQHMTF4Hl1wGJgJcyl5qmyTu4sbx2gWmamGkqIWOeDu
ZuuQsXT1XeivotH+UoOLLTWu2I+be33iWPP6G21wylEZVmlaMJ7jpjN3xLgehSuG
qKlS8vnd2lkoq5FhhUJ9n+saV22M1NWNG/K2Zd0shTup67M0JZfHBc4OQd4hbLd4
KG6mz5IfBGFomVREzRwk/nc1xYlWJau24oMsE8rN237XoEj7Azu897iMYANje87a
MskZdH/L5NYKNRfa/2z15bwuHimXc/3i57HEMUe4bkCxKYslY+jfXKAn+8+Y6vgz
tU5ww3rkiumhQFAz5sX60dgKAA4lkJE4E0tgS3qOb2jbKDpdYcA=
=CCfu
-----END PGP SIGNATURE-----

16
dist/manifest.8E401478A3FBEF72.asc vendored Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiII6deyqeGsP84sUjkAUeKP773IFAmXyFhkACgkQjkAUeKP7
73KoAxAAoHeQo609CYbGHsOjSfuYsXv/QRv2OOdm7KlWEEbHRUs6JOZ4wlpU/uCL
L52klhpgQkI1C47WaMrfukQwy6AfIuB227WZ4DPRZcKXr36VqAV0acwfXoDyMwIn
LozD7Y8jpBSnDpXh26X38KeVvfFYYK9Tn8466uRVpM9aOiZtay0MmAtRLk9YIuLJ
1+k6IkKZPAUySATjKGCxKEuOGseHZ30tCJsxL0ScIrO15f+cJ1P771tb973g1iIC
fc2nxmtvTS7LkCxd21qzNR8t/gP/foRtxWj77O6P8bzz9oe1urrOWEDRWAUIZWk6
U/HIXVN8D8g4WSkJska5NzkGzYZ8TY6sPxt6c+mnWrRwu3lJUKPF35U9eGX+6FXh
8OLDYpFkRPchtFzF1E0FGi8WVxFWtZLIOatry9PoLimHariyvll5Yu+yhl+5unnw
o+bJ0m+pBtMhXRRIcfKkG/9UP/EATUEGCYSR+rpkTj//4edmCGZvK3nP10dn2weG
uO8WK6CZONvlhXAl5ck+eWEjEfM8+/5RHsxc94Tz+WByljhOhC5XWgyNJDgdnMsm
hNT0urk4XGqbHsWPev+F4hUlwYwFJ/T5Yg4SB+chXNGauFui1Qczx/RwbuzwGbz5
L4fgwHhpWXm+JBi6XvSZJ9/wdgVUdITG5YHp0YhaNjXUz+TNwdo=
=lANt
-----END PGP SIGNATURE-----

View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE4QZ4HgB6uRyYnbMyRKhs/x/fDoUFAmav/WEACgkQRKhs/x/f iQIzBAABCgAdFiEE4QZ4HgB6uRyYnbMyRKhs/x/fDoUFAmYF9TcACgkQRKhs/x/f
DoXo2w/+Kcf+6VJW0/dSda+acfXE2qCQogvpXoIe6W68kN1EWvhCl0uFc6ilmeUc DoWGxQ/+PUlyu0QVK6tZyKJDbND2zRZO+DO8gMaTdEElgieLyES/KsZlzbbflt+q
EhVC1opp98mlu30DtN7+ecjViDTPz8QQ/SSgHhGKHzYO4l6eHr0VMeNsTWpMhz6O kCCTClq4OhVwe2Wgj4O2eGCyMBkovA1sFMaBq6yxuIToLEwsXuuqg68Xqo7rOsJh
HaNARpXziu6ajiriWMIBXO6tIGmMBTv3fHFJctPtDwOqEK9rg/bfQS57WGw73SBE DIyWxWkIgROnf7F6NTGVH/7XlH0PjzqehDgtZyH5xmbwZMnq1YxjlkOObI9on1Ut
1xNW7rqrzsZpDwsLT4YH9U+fffKgW7DsU7RIgzFtQ+G0/MFke+OuKI5QXBZoSrUE H6q79StqRG7cFf4QylcdtnPnor+rOR8fl1/lpQ7GEWOJJTHpiN3Wk7syYN9c5jbD
Lj9qgcdu06SQ6fJnW35GfBkdn7egfiGroC2/5YovQzxU1qxhwaGGemtJlncqQjCE Zw2pQilQW1w9BDUpSCZqoPhiY+tdcgM4VmH1JEbgQVaNXMF7pZlR8lKWRVwXDF9g
LpiipRyJaNB09woj4dEC9KZx9rHDUWbl58iu7cK0W5E3WQs7phu3Yah+QgnWrZIJ Aey8Ftv+7hNnRk2Sid56Q7guCKxBReKWtd1gHdC6xWAdaFjLJpyrugzJ+eamciH7
SWMwGGlziZ5SfMw6GX46MHVPOIZVMm/FmKNlkJquJo6mH6cyesvvTq/hJ0nwV5uN h6RDC7WY0aQ0jlfHUD2l9Zc6JKRvHwSlMVlQMxiBnf60BcGui3XuXDrHaP7MekVP
Gqvmrd+lV/F2hks5R21cOno3REiNC3Ev2vnBXSa2OJltosFGco19GyJsyc5bjE33 1sAvDHoMgbON2RvfQ4u1xFr0EU4nXHo9IxLJgfmLPwmB5T1SMw7saVon8nmGKv18
6h378noFmxKYYABblpACegYaN7C1qeelzqQEzLs4jvliC0P8fRtvN0GSvCCpe40V CwahOdXvehN2/seiKbfs2xGOIroZT5l25RA4eL+343QmEjrR4M3T/SubR7UC8y3P
++8hlNQyp1UplStPt8v170BS4MJzo2Ls0OGK5CE+Cla+faEsieO6STSJ6l+Mj91y LL++4gJOGhPXVfttEBAV1GfBVmN/vRxRKjvgyNylJCXoLsqYaTdaPRJGAqrdfPGW
KLkQ10D7ZTu+8BIvzZn8tuxpA0MBlfKcrupLFWy3c2mgO8m5sZM= Mo/oGUY4EsESfVdPwNAieljIXxpov+okJUX+sAT6w4s0dfRjwRo=
=SH4O =JHKL
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

4
dist/manifest.txt vendored
View File

@ -1,2 +1,2 @@
a78a023a9532927f0e7af7ce1177b8286fdfa425670d166932f46ee90abcafe8 airgap.iso 55434c9496ab32ed21d244e1567f570442d59ee88cc9dafa13c2b75b31b8ade3 airgap.iso
bc742e2b08089bb2e685a71a45e1ab28d7bf6151bf06417e1bc729eb60353e0d release.env 89695f9584b98adea86887de56774b8747c4f36092611c31da367a63f072954d release.env

8
dist/release.env vendored
View File

@ -1,5 +1,5 @@
VERSION=2024.8.0 VERSION=2023.02.24
GIT_REF=3cb460b72ed3fb03ac98c737852e19a154e58a7c GIT_REF=2376bc53dc4609ad0bff55e0b3365891db6fbeea
GIT_AUTHOR=Lance R. Vick GIT_AUTHOR=Lance R. Vick
GIT_PUBKEY=6B61ECD76088748C70590D55E90A401336C8AAA9 GIT_KEY=6B61ECD76088748C70590D55E90A401336C8AAA9
GIT_TIMESTAMP=2024-08-04 13:29:39 -0700 GIT_TIMESTAMP=2023-02-24 13:31:37 -0800

View File

@ -1,55 +0,0 @@
#!/bin/sh
DAEMON="syslogd"
PIDFILE="/var/run/$DAEMON.pid"
SYSLOGD_ARGS=""
# shellcheck source=/dev/null
[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
# BusyBox' syslogd does not create a pidfile, so pass "-n" in the command line
# and use "-m" to instruct start-stop-daemon to create one.
start() {
printf 'Starting %s: ' "$DAEMON"
# shellcheck disable=SC2086 # we need the word splitting
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/sbin/$DAEMON" \
-- -n $SYSLOGD_ARGS
status=$?
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
stop() {
printf 'Stopping %s: ' "$DAEMON"
start-stop-daemon -K -q -p "$PIDFILE"
status=$?
if [ "$status" -eq 0 ]; then
rm -f "$PIDFILE"
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
restart() {
stop
sleep 1
start
}
case "$1" in
start|stop|restart)
"$1";;
reload)
# Restart, since there is no true "reload" feature.
restart;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

View File

@ -1,55 +0,0 @@
#!/bin/sh
DAEMON="klogd"
PIDFILE="/var/run/$DAEMON.pid"
KLOGD_ARGS=""
# shellcheck source=/dev/null
[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
# BusyBox' klogd does not create a pidfile, so pass "-n" in the command line
# and use "-m" to instruct start-stop-daemon to create one.
start() {
printf 'Starting %s: ' "$DAEMON"
# shellcheck disable=SC2086 # we need the word splitting
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/sbin/$DAEMON" \
-- -n $KLOGD_ARGS
status=$?
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
stop() {
printf 'Stopping %s: ' "$DAEMON"
start-stop-daemon -K -q -p "$PIDFILE"
status=$?
if [ "$status" -eq 0 ]; then
rm -f "$PIDFILE"
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
restart() {
stop
sleep 1
start
}
case "$1" in
start|stop|restart)
"$1";;
reload)
# Restart, since there is no true "reload" feature.
restart;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

View File

@ -1,94 +0,0 @@
#!/bin/sh
#
# This script is used by busybox and procps-ng.
#
# With procps-ng, the "--system" option of sysctl also enables "--ignore", so
# errors are not reported via syslog. Use the run_logger function to mimic the
# --system behavior, still reporting errors via syslog. Users not interested
# on error reports can add "-e" to SYSCTL_ARGS.
#
# busybox does not have a "--system" option neither reports errors via syslog,
# so the scripting provides a consistent behavior between the implementations.
# Testing the busybox sysctl exit code is fruitless, as at the moment, since
# its exit status is zero even if errors happen. Hopefully this will be fixed
# in a future busybox version.
PROGRAM="sysctl"
SYSCTL_ARGS=""
# shellcheck source=/dev/null
[ -r "/etc/default/$PROGRAM" ] && . "/etc/default/$PROGRAM"
# Files are read from directories in the SYSCTL_SOURCES list, in the given
# order. A file may be used more than once, since there can be multiple
# symlinks to it. No attempt is made to prevent this.
SYSCTL_SOURCES="/etc/sysctl.d/ /usr/local/lib/sysctl.d/ /usr/lib/sysctl.d/ /lib/sysctl.d/ /etc/sysctl.conf"
# If the logger utility is available all messages are sent to syslog, except
# for the final status. The file redirections do the following:
#
# - stdout is redirected to syslog with facility.level "kern.info"
# - stderr is redirected to syslog with facility.level "kern.err"
# - file dscriptor 4 is used to pass the result to the "start" function.
#
run_logger() {
# shellcheck disable=SC2086 # we need the word splitting
find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \
xargs -0 -r -n 1 readlink -f | {
prog_status="OK"
while :; do
read -r file || {
echo "$prog_status" >&4
break
}
echo "* Applying $file ..."
/sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL"
done 2>&1 >&3 | /usr/bin/logger -t sysctl -p kern.err
} 3>&1 | /usr/bin/logger -t sysctl -p kern.info
}
# If logger is not available all messages are sent to stdout/stderr.
run_std() {
# shellcheck disable=SC2086 # we need the word splitting
find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \
xargs -0 -r -n 1 readlink -f | {
prog_status="OK"
while :; do
read -r file || {
echo "$prog_status" >&4
break
}
echo "* Applying $file ..."
/sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL"
done
}
}
if [ -x /usr/bin/logger ]; then
run_program="run_logger"
else
run_program="run_std"
fi
start() {
printf '%s %s: ' "$1" "$PROGRAM"
status=$("$run_program" 4>&1)
echo "$status"
if [ "$status" = "OK" ]; then
return 0
fi
return 1
}
case "$1" in
start)
start "Running";;
restart|reload)
start "Rerunning";;
stop)
:;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

View File

@ -1,24 +0,0 @@
#!/bin/sh
case "$1" in
start)
printf "Populating %s using udev: " "${udev_root:-/dev}"
[ -e /proc/sys/kernel/hotplug ] && printf '\000\000\000\000' > /proc/sys/kernel/hotplug
/sbin/udevd -d || { echo "FAIL"; exit 1; }
udevadm trigger --type=subsystems --action=add
udevadm trigger --type=devices --action=add
udevadm settle --timeout=30 || echo "udevadm settle failed"
echo "done"
;;
stop)
# Stop execution of events
udevadm control --stop-exec-queue
killall udevd
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0

View File

@ -1,20 +0,0 @@
#!/bin/sh
case "$1" in
start)
/usr/sbin/pcscd -d || { echo "FAIL"; exit 1; }
killall pcscd
/usr/sbin/pcscd -d || { echo "FAIL"; exit 1; }
echo "done"
;;
stop)
# Stop execution of events
killall pcscd
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0

View File

@ -1,70 +0,0 @@
#! /bin/sh
#
# Preserve the random seed between reboots. See urandom(4).
#
# Quietly do nothing if /dev/urandom does not exist
[ -c /dev/urandom ] || exit 0
URANDOM_SEED="/var/lib/random-seed"
# shellcheck source=/dev/null
[ -r "/etc/default/urandom" ] && . "/etc/default/urandom"
if pool_bits=$(cat /proc/sys/kernel/random/poolsize 2> /dev/null); then
pool_size=$((pool_bits/8))
else
pool_size=512
fi
init_rng() {
[ -f "$URANDOM_SEED" ] || return 0
printf 'Initializing random number generator: '
dd if="$URANDOM_SEED" bs="$pool_size" of=/dev/urandom count=1 2> /dev/null
status=$?
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
save_random_seed() {
printf 'Saving random seed: '
status=1
if touch "$URANDOM_SEED.new" 2> /dev/null; then
old_umask=$(umask)
umask 077
dd if=/dev/urandom of="$URANDOM_SEED.tmp" bs="$pool_size" count=1 2> /dev/null
cat "$URANDOM_SEED" "$URANDOM_SEED.tmp" 2>/dev/null \
| sha256sum \
| cut -d ' ' -f 1 > "$URANDOM_SEED.new" && \
mv "$URANDOM_SEED.new" "$URANDOM_SEED" && status=0
rm -f "$URANDOM_SEED.tmp"
umask "$old_umask"
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
else
echo "SKIP (read-only file system detected)"
fi
return "$status"
}
case "$1" in
start|restart|reload)
# Carry a random seed from start-up to start-up
# Load and then save the whole entropy pool
init_rng && save_random_seed;;
stop)
# Carry a random seed from shut-down to start-up
# Save the whole entropy pool
save_random_seed;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

View File

@ -1,27 +0,0 @@
#!/bin/sh
# Stop all init scripts in /etc/init.d
# executing them in reversed numerical order.
#
for i in $(ls -r /etc/init.d/S??*) ;do
# Ignore dangling symlinks (if any).
[ ! -f "$i" ] && continue
case "$i" in
*.sh)
# Source shell script for speed.
(
trap - INT QUIT TSTP
set stop
. $i
)
;;
*)
# No sh extension, so fork subprocess.
$i stop
;;
esac
done

View File

@ -1,27 +0,0 @@
#!/bin/sh
# Start all init scripts in /etc/init.d
# executing them in numerical order.
#
for i in /etc/init.d/S??* ;do
# Ignore dangling symlinks (if any).
[ ! -f "$i" ] && continue
case "$i" in
*.sh)
# Source shell script for speed.
(
trap - INT QUIT TSTP
set start
. $i
)
;;
*)
# No sh extension, so fork subprocess.
$i start
;;
esac
done

View File

@ -1,2 +0,0 @@
#!/bin/sh
exec /bin/init

View File

@ -1,15 +0,0 @@
KERNEL!="mmcblk[0-9]p[0-9]|sd[a-z][0-9]", GOTO="automount_end"
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="automount_end"
IMPORT{program}="/sbin/blkid -o udev -p %N"
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"
ENV{ID_FS_LABEL}=="", ENV{dir_name}="%k"
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
ACTION=="add", ENV{ID_FS_TYPE}=="vfat", ENV{mount_options}="relatime,utf8,flush,user,umask=0000"
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"
ACTION=="add", RUN+="/usr/local/bin/autorun /media/%E{dir_name}"
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"
LABEL="automount_end"

View File

@ -1,3 +0,0 @@
#!/bin/bash
echo "Autorun.sh executed"

65
src/scripts/audit Executable file
View File

@ -0,0 +1,65 @@
#!/bin/bash
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
set -e; source environment
build_dir="${BUILD_DIR?}"
audit_dir="${BUILD_DIR?}/audit"
buildroot_dir="${build_dir}/buildroot"
heads_dir="${build_dir}/heads"
mkdir -p ${audit_dir}
printf "Generating container package vulnerability stats... "
debsecan \
--suite $(lsb_release --codename --short) \
--format detail \
> ${audit_dir}/container_package_cves.txt
container_package_cves="$( \
cat ${audit_dir}/container_package_cves.txt | grep CVE | wc -l \
)"
echo "done"
printf "Generating target OS source tar hashes... "
openssl sha256 -r ${buildroot_dir}/dl/*/*.tar.* \
> ${audit_dir}/os_src_hashes.txt
echo "done"
printf "Generating firmware source tar hashes... "
openssl sha256 -r ${heads_dir}/packages/* \
> ${audit_dir}/fw_src_hashes.txt
echo "done"
printf "Generating combined/uniqued source tar hashes... "
cat ${audit_dir}/os_src_hashes.txt \
${audit_dir}/fw_src_hashes.txt \
| sed 's/ .*\// /g' \
| awk '{ t = $1; $1 = $2; $2 = t; print;}' \
| sort \
| uniq \
> ${audit_dir}/all_hashes.txt
echo "done"
printf "Generating buildroot package stats... "
( cd ${buildroot_dir} \
&& support/scripts/pkg-stats --json ${audit_dir}/pkg-stats.json \
> /dev/null 2>&1
)
target_os_source_cves=$( \
cat build/audit/pkg-stats.json | jq '.stats["total-cves"]' \
)
echo "done"
printf "Generating license usage reports... "
( cd ${buildroot_dir} && make legal-info > /dev/null 2>&1 )
cp -R ${buildroot_dir}/output/legal-info ${audit_dir}/legal-info
echo "done"
echo "------------------------------------------------"
echo "Wrote: build/audit/container_package_cves.txt"
echo "Wrote: build/audit/os_src_hashes.txt"
echo "Wrote: build/audit/fw_src_hashes.txt"
echo "Wrote: build/audit/all_hashes.txt"
echo "Wrote: build/audit/pkg-stats.json"
echo "Wrote: build/audit/legal-info"
echo "------------------------------------------------"
echo "Build container package CVEs: ${container_package_cves}"
echo "Target OS source CVEs: ${target_os_source_cves}"

1
src/toolchain Submodule

@ -0,0 +1 @@
Subproject commit ca3e7960ea2abb9e448610c633dc92d7786ce8ab