Compare commits
1 Commits
main
...
ryan/updat
Author | SHA1 | Date |
---|---|---|
Ryan Heywood | e1504570e6 |
|
@ -1,2 +1 @@
|
|||
dist/*.iso filter=lfs diff=lfs merge=lfs -text
|
||||
dist/airgap.iso filter=lfs diff=lfs merge=lfs -text
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
cache/
|
||||
out/
|
||||
out*/
|
||||
.*
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
[submodule "src/toolchain"]
|
||||
path = src/toolchain
|
||||
url = https://codeberg.org/distrust/toolchain
|
236
Containerfile
236
Containerfile
|
@ -1,236 +0,0 @@
|
|||
FROM stagex/alsa-lib:sx2024.09.0@sha256:a41b481187f76c1e9ed4e237977f4892c1507a3b8f8f6736ff3fdd5144bd2afb AS alsa-lib
|
||||
FROM stagex/bash:sx2024.09.0@sha256:cb58f55d268fbe7ef629cda86e3a8af893066e4af7f26ef54748b6ad47bdaa66 AS bash
|
||||
FROM stagex/bc:sx2024.09.0@sha256:039cc5ac357a17d6374445fe4eed1dac15cc72f615bd9657c17e2c3904d42b62 AS bc
|
||||
FROM stagex/busybox:sx2024.09.0@sha256:d34bfa56566aa72d605d6cbdc154de8330cf426cfea1bc4ba8013abcac594395 AS busybox
|
||||
FROM stagex/ccid:sx2024.09.0@sha256:3225dc4a6a1af5f828854157a6b16eb09a0b0f7ebe9d9ee34030afe3966afad1 AS ccid
|
||||
FROM stagex/cpio:sx2024.09.0@sha256:abccb58edb5f1f31b3b9c8b61cffa10cd56de3307e337335927b8df4d9112d24 AS cpio
|
||||
FROM stagex/curl:sx2024.09.0@sha256:8e5705a77a76c92d058e016184dabd0c4fa2f6117021cc5ff55df35f654cb158 AS curl
|
||||
FROM stagex/dtc:sx2024.09.0@sha256:57f8aaa94059c43081b32fccb473ebd2c0cf16878dcf0e24e0e56c910467e93a AS dtc
|
||||
FROM stagex/eudev:sx2024.09.0@sha256:7da7aed7ea7eb73bda86e206e765bdc8e6367c2c2ae535ccd68c7c1b0a936611 AS eudev
|
||||
FROM stagex/flashtools:sx2024.09.0@sha256:4e61cc6f0af9aa6116bb93f048c20d00026d75c27dc52b7e8604f0e340c55b80 AS flashtools
|
||||
FROM stagex/gcc:sx2024.09.0@sha256:439bf36289ef036a934129d69dd6b4c196427e4f8e28bc1a3de5b9aab6e062f0 AS gcc
|
||||
FROM stagex/glib:sx2024.09.0@sha256:d280c18f8b52ce21a26924b0cb1bfb69ea6508b57db73efe22401572e71dbe84 AS glib
|
||||
FROM stagex/gpg:sx2024.09.0@sha256:f63555b39740db63b34c06894a4a9d5e125d04f5d51e799909d06c490e8ecd42 AS gpg
|
||||
FROM stagex/grub:sx2024.09.0@sha256:a14c60f152c759185e5702e910053cb5c0d9eee11f43d8d5d40a84123aece9fd AS grub
|
||||
FROM stagex/ipxe:sx2024.09.0@sha256:5791d9b42c7e9099a0180c4fe6cc4b8e9afc9e6b9ec392099c65c53b71db7908 AS ipxe
|
||||
FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq
|
||||
FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq
|
||||
FROM stagex/keyfork:sx2024.09.0@sha256:2288c1d769a0c3c535835019ad4919cc45b094492b5aa959a0eaf1e883a96214 AS keyfork
|
||||
FROM stagex/libaio:sx2024.09.0@sha256:c8d6dd6f3e6fbda73ac0620b2bc4b4cfe6fa504bf7a17eee3bb56e286c394b8b AS libaio
|
||||
FROM stagex/libassuan:sx2024.09.0@sha256:1f31e888ab3f02634009d1a38acca9f25deb827432eb91392e21fd75128a44aa AS libassuan
|
||||
FROM stagex/libffi:sx2024.09.0@sha256:ab647ebf8464e00cde623f86f716e7f50ce82c30eafde813b7977d917ff7143a AS libffi
|
||||
FROM stagex/libgcrypt:sx2024.09.0@sha256:49c84a586969ff625b3304dcf8905a98db0da36fb8704e3d7a0771d271509b68 AS libgcrypt
|
||||
FROM stagex/libgpg-error:sx2024.09.0@sha256:11c17c1ac41f36c85e538bd34a0095a9f17e116f61c38d560350c02a6929e55a AS libgpg-error
|
||||
FROM stagex/libksba:sx2024.09.0@sha256:2913b382fdb76f02f9d78ee162066e04953ba782b8f722145111617a842f40a3 AS libksba
|
||||
FROM stagex/libqrencode:sx2024.09.0@sha256:8c0f523bdf8d315e7b67cadd584e23d22a316dd1973232d49603e127717e4d1a AS libqrencode
|
||||
FROM stagex/libseccomp:sx2024.09.0@sha256:f48d783989da9d509cc6b4c12ec34e14074ffc1ab7a4f2d1e322c417d967e12f AS libseccomp
|
||||
FROM stagex/libslirp:sx2024.09.0@sha256:9dfb87e4a0adba80b862ce6b96112d96f509ffbca25bb71c60ba5bb5693b481d AS libslirp
|
||||
FROM stagex/libtpms:sx2024.09.0@sha256:d909a55137d0bf4a76331c2bf0358ee192d6c93ad77a5099af09ce1bcca2a6cd AS libtpms
|
||||
FROM stagex/libusb:sx2024.09.0@sha256:6c0dcf2b9519b1a41066ad71d3b597e9dae84fb73e5d031a3bdd2eb40f78ef94 AS libusb
|
||||
FROM stagex/libzstd:sx2024.09.0@sha256:a055f8cd6e11b0b8836b2e5e1d755f672edbd344a4f4b5aba94919a6511be4c3 AS libzstd
|
||||
FROM stagex/linux-airgap:sx2024.09.0@sha256:efb98b59ab37a7e33db423eda7a49bb7273b087838fda8098ce6736a0860fc73 AS linux-airgap
|
||||
FROM stagex/lzo:sx2024.09.0@sha256:09c60840e3e3e5835ec027c21283febc9f8cf53ab887576fbe9c38dbdbdfd571 AS lzo
|
||||
FROM stagex/mtools:sx2024.09.0@sha256:c83f7aebce9076903dbf1082aac981d3c0950d9e8952a900e5e072e2a811cda7 AS mtools
|
||||
FROM stagex/musl:sx2024.09.0@sha256:ad351b875f26294562d21740a3ee51c23609f15e6f9f0310e0994179c4231e1d AS musl
|
||||
FROM stagex/npth:sx2024.09.0@sha256:21d50ec1421fe75af4bea240d76022ddb8c114fd2805bfeb06fb938e5a58fc0d AS npth
|
||||
FROM stagex/numactl:sx2024.09.0@sha256:39e667b966a443f42e1c7a8c944203945bd1808ce759df1706bb3b93b0b674c2 AS numactl
|
||||
FROM stagex/openpgp-card-tools:sx2024.09.0@sha256:56d4696d111b309e536f1b70980db7098cd7823005432e4130432cb2f625cf9f AS openpgp-card-tools
|
||||
FROM stagex/opensc:sx2024.09.0@sha256:5117a9d39d3b77655b29bf661d9e04eea2001a5b033b2fd6b4297048330ff6e7 AS opensc
|
||||
FROM stagex/openssl:sx2024.09.0@sha256:2c1a9d8fcc6f52cb11a206f380b17d74c1079f04cbb08071a4176648b4df52c1 AS openssl
|
||||
FROM stagex/pcsc-lite:sx2024.09.0@sha256:4fe37671197ac768637e95f7395ae1a18412b3f42359d0c0aa9f4e7f684aef4e AS pcsc-lite
|
||||
FROM stagex/pcsc-tools:sx2024.09.0@sha256:05046ca5d41a09163eda26785563fd98f0cb1179030c3f4ee3243997a907bb96 AS pcsc-tools
|
||||
FROM stagex/qemu:sx2024.09.0@sha256:c9b099bc7d810a581e0e0f68061dd525d7efdb5334d119b4253249a459bd907e AS qemu
|
||||
FROM stagex/seabios:sx2024.09.0@sha256:f4e535fb1bfc2c7ae1756cdaa2404b1572f6ad195ceabba90d87ed0599fd97d7 AS seabios
|
||||
FROM stagex/sops:sx2024.09.0@sha256:c742fb1f0c5a4f9d9bc9afc37ba686b247d2b17d55d179409d33736b43c9aaa5 AS sops
|
||||
FROM stagex/swtpm:sx2024.09.0@sha256:c47fb2c4d8690936b4adef832a3f354231bb5a04206bf2fb565218034ce27792 AS swtpm
|
||||
FROM stagex/syslinux:sx2024.09.0@sha256:a41388558d7f6d9a29847ee2ff5507ab3100bfe9032ef3b99a3d783ad60ed390 AS syslinux
|
||||
FROM stagex/tpm2-tools:sx2024.09.0@sha256:c2fc693ec68a9d097151e5b3dd5b923f0dcc35fd4e0624b91ade3bf21367162c AS tpm2-tools
|
||||
FROM stagex/tpm2-tss:sx2024.09.0@sha256:a8bf8c0973e1b5ba62ce5034a6230684ebe5a142da275d09e81fa2f2f9c87411 AS tpm2-tss
|
||||
FROM stagex/util-linux:sx2024.09.0@sha256:7e3f3c1e748f5c216503e69b9f8f2e9f8084ec675fb29b23f3a6f0ed3b20c54a AS util-linux
|
||||
FROM stagex/xorriso:sx2024.09.0@sha256:2205a8f53d4fc569880c311061daa085f40c62b2fd94d556e72bd31b4df9e63a AS xorriso
|
||||
FROM stagex/xz:sx2024.09.0@sha256:b57c5e6144117bc0124855e9538e60c302cc7bf53fafb53e2eef3434015366f1 AS xz
|
||||
FROM stagex/yq:sx2024.09.0@sha256:bd6882f0f3ea664e9de6cf732cef2fa2781fc2852f5e6502a6aea1e63eb9708b AS yq
|
||||
FROM stagex/zlib:sx2024.09.0@sha256:96b4100550760026065dac57148d99e20a03d17e5ee20d6b32cbacd61125dbb6 AS zlib
|
||||
|
||||
FROM scratch AS base
|
||||
ARG VERSION development
|
||||
ARG GIT_TIMESTAMP null
|
||||
ARG GIT_AUTHOR null
|
||||
ARG GIT_REF null
|
||||
ARG GIT_PUBKEY null
|
||||
COPY --from=busybox . /
|
||||
COPY --from=musl . /
|
||||
COPY --from=xorriso . /
|
||||
COPY --from=cpio . /
|
||||
COPY --from=mtools . /
|
||||
COPY --from=xz . /
|
||||
COPY --from=grub . /
|
||||
|
||||
FROM base as dev
|
||||
COPY --from=gcc . /
|
||||
COPY --from=glib . /
|
||||
COPY --from=alsa-lib . /
|
||||
COPY --from=lzo . /
|
||||
COPY --from=dtc . /
|
||||
COPY --from=zlib . /
|
||||
COPY --from=numactl . /
|
||||
COPY --from=libaio . /
|
||||
COPY --from=libseccomp . /
|
||||
COPY --from=libffi . /
|
||||
COPY --from=libzstd . /
|
||||
COPY --from=libslirp . /
|
||||
COPY --from=seabios . /
|
||||
COPY --from=ipxe . /
|
||||
COPY --from=qemu . /
|
||||
COPY --from=swtpm . /
|
||||
COPY --from=openssl . /
|
||||
COPY --from=curl . /
|
||||
COPY --from=libtpms . /
|
||||
COPY --from=tpm2-tss . /
|
||||
COPY --from=tpm2-tools . /
|
||||
|
||||
FROM base AS build
|
||||
|
||||
## Kernel
|
||||
COPY --from=linux-airgap /bzImage iso/boot/vmlinuz
|
||||
|
||||
## Initramfs
|
||||
COPY --from=busybox . initramfs
|
||||
COPY --from=eudev . initramfs
|
||||
COPY --from=musl . initramfs
|
||||
COPY --from=zlib . initramfs
|
||||
COPY --from=npth . initramfs
|
||||
COPY --from=libksba . initramfs
|
||||
COPY --from=libgpg-error . initramfs
|
||||
COPY --from=libassuan . initramfs
|
||||
COPY --from=libgcrypt . initramfs
|
||||
COPY --from=keyfork . initramfs
|
||||
COPY --from=bash . initramfs
|
||||
COPY --from=gpg . initramfs
|
||||
COPY --from=jq . initramfs
|
||||
COPY --from=yq . initramfs
|
||||
COPY --from=bc . initramfs
|
||||
COPY --from=flashtools . initramfs
|
||||
COPY --from=curl . initramfs
|
||||
COPY --from=tpm2-tools . initramfs
|
||||
COPY --from=tpm2-tss . initramfs
|
||||
COPY --from=openssl . initramfs
|
||||
COPY --from=libusb . initramfs
|
||||
COPY --from=ccid . initramfs
|
||||
COPY --from=pcsc-lite . initramfs
|
||||
COPY --from=pcsc-tools . initramfs
|
||||
COPY --from=openpgp-card-tools . initramfs
|
||||
COPY --from=libqrencode . initramfs
|
||||
COPY --from=opensc . initramfs
|
||||
COPY --from=util-linux . initramfs
|
||||
COPY --from=sops . initramfs
|
||||
COPY rootfs/ initramfs
|
||||
COPY <<-EOF initramfs/etc/environment
|
||||
export VERSION="$VERSION"
|
||||
export GIT_TIMESTAMP="$GIT_TIMESTAMP"
|
||||
export GIT_AUTHOR="$GIT_AUTHOR"
|
||||
export GIT_REF="$GIT_REF"
|
||||
export GIT_PUBKEY="$GIT_PUBKEY"
|
||||
EOF
|
||||
RUN <<-EOF
|
||||
set -eux
|
||||
cd initramfs
|
||||
find . -exec touch -hcd "@0" "{}" +
|
||||
find . -print0 \
|
||||
| sort -z \
|
||||
| cpio \
|
||||
--null \
|
||||
--create \
|
||||
--verbose \
|
||||
--reproducible \
|
||||
--format=newc \
|
||||
| gzip --best \
|
||||
> ../iso/boot/initramfs
|
||||
EOF
|
||||
|
||||
## Grub (EFI Boot)
|
||||
COPY config/grub.cfg iso/boot/grub/grub.cfg
|
||||
COPY config/grub_early.cfg grub_early.cfg
|
||||
RUN <<-EOF
|
||||
set -eux
|
||||
mkdir -p efi/boot
|
||||
grub-mkimage \
|
||||
--config="grub_early.cfg" \
|
||||
--prefix="/boot/grub" \
|
||||
--output="efi/boot/bootx64.efi" \
|
||||
--format="x86_64-efi" \
|
||||
--compression="xz" \
|
||||
all_video \
|
||||
disk \
|
||||
part_gpt \
|
||||
part_msdos \
|
||||
linux \
|
||||
normal \
|
||||
configfile \
|
||||
search \
|
||||
search_label \
|
||||
efi_gop \
|
||||
fat \
|
||||
iso9660 \
|
||||
gzio \
|
||||
serial \
|
||||
terminal
|
||||
find efi -exec touch -hcd "@0" "{}" +
|
||||
mformat -i iso/boot/grub/efi.img -C -f 1440 -N 0 ::
|
||||
mcopy -i iso/boot/grub/efi.img -ms efi ::
|
||||
touch -md "@0" iso/boot/grub/efi.img
|
||||
EOF
|
||||
|
||||
## Syslinux (BIOS Boot)
|
||||
COPY config/syslinux.cfg iso/boot/syslinux/
|
||||
COPY --from=syslinux \
|
||||
/usr/share/syslinux/isohdpfx.bin \
|
||||
/usr/share/syslinux/isolinux.bin \
|
||||
/usr/share/syslinux/ldlinux.c32 \
|
||||
/usr/share/syslinux/libutil.c32 \
|
||||
/usr/share/syslinux/libcom32.c32 \
|
||||
/usr/share/syslinux/mboot.c32 \
|
||||
iso/boot/syslinux/
|
||||
|
||||
## Build Hybrid EFI/BIOS ISO
|
||||
FROM build AS install
|
||||
ENV SOURCE_DATE_EPOCH=1
|
||||
RUN <<-EOF
|
||||
set -eux
|
||||
dd if=/dev/zero bs=1M count=10 >> user.img
|
||||
mformat -v user -i user.img -N 0 ::
|
||||
find iso -exec touch -hcd "@0" "{}" +
|
||||
xorrisofs \
|
||||
-output airgap.iso \
|
||||
-full-iso9660-filenames \
|
||||
-joliet \
|
||||
-rational-rock \
|
||||
-sysid LINUX \
|
||||
-volid "airgap" \
|
||||
-isohybrid-mbr iso/boot/syslinux/isohdpfx.bin \
|
||||
-eltorito-boot boot/syslinux/isolinux.bin \
|
||||
-eltorito-catalog boot/syslinux/boot.cat \
|
||||
-no-emul-boot \
|
||||
-boot-load-size 4 \
|
||||
-boot-info-table \
|
||||
-eltorito-alt-boot \
|
||||
-e boot/grub/efi.img \
|
||||
-no-emul-boot \
|
||||
-isohybrid-gpt-basdat \
|
||||
-follow-links \
|
||||
-append_partition 3 0xb user.img \
|
||||
iso/
|
||||
EOF
|
||||
|
||||
## Minimal Autorun SD card image
|
||||
COPY sdcard sdcard
|
||||
RUN <<-EOF
|
||||
set -eux
|
||||
dd if=/dev/zero of=sdcard.img bs=1M count=32
|
||||
mformat -v external -i sdcard.img ::
|
||||
mcopy -i sdcard.img -s sdcard/* ::
|
||||
EOF
|
||||
|
||||
FROM scratch AS package
|
||||
COPY --from=install /sdcard.img /
|
||||
COPY --from=install /airgap.iso /
|
167
Makefile
167
Makefile
|
@ -1,86 +1,21 @@
|
|||
VERSION := development
|
||||
GIT_REF := $(shell git log -1 --format=%H)
|
||||
GIT_AUTHOR := $(shell git log -1 --format=%an)
|
||||
GIT_PUBKEY := $(shell git log -1 --format=%GP)
|
||||
GIT_TIMESTAMP := $(shell git log -1 --format=%cd --date=iso)
|
||||
export
|
||||
|
||||
## Use env vars from latest release when reproducing
|
||||
ifdef REPRODUCE
|
||||
include dist/release.env
|
||||
export
|
||||
endif
|
||||
ifdef NOCACHE
|
||||
NO_CACHE := --no-cache
|
||||
endif
|
||||
include $(PWD)/src/toolchain/Makefile
|
||||
|
||||
.DEFAULT_GOAL :=
|
||||
.PHONY: default
|
||||
default: \
|
||||
out/release.env \
|
||||
out/manifest.txt \
|
||||
out/airgap.iso
|
||||
|
||||
## Primary targets
|
||||
|
||||
out/airgap.iso: Containerfile $(shell git ls-files rootfs)
|
||||
SOURCE_DATE_EPOCH=1 \
|
||||
docker build \
|
||||
--progress=plain \
|
||||
--output type=local,rewrite-timestamp=true,dest=out \
|
||||
--build-arg SOURCE_DATE_EPOCH=1 \
|
||||
--build-arg VERSION="$(VERSION)" \
|
||||
--build-arg GIT_REF="$(GIT_REF)" \
|
||||
--build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \
|
||||
--build-arg GIT_PUBKEY="$(GIT_PUBKEY)" \
|
||||
--build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \
|
||||
$(NO_CACHE) \
|
||||
-f Containerfile \
|
||||
.
|
||||
|
||||
## Development Targets
|
||||
|
||||
out/dev-shell.digest: Containerfile | out
|
||||
docker build --target dev -f Containerfile -q . > $@
|
||||
|
||||
.PHONY: shell
|
||||
shell: out/dev-shell.digest
|
||||
docker run -it $(shell cat $<) /bin/sh
|
||||
|
||||
.PHONY: vm
|
||||
vm: out/dev-shell.digest out/airgap.iso out/sdcard.img
|
||||
docker run -it -v ./out:/out $(shell cat $<) sh -c "\
|
||||
swtpm socket \
|
||||
--tpmstate dir=. \
|
||||
--ctrl type=unixio,path=vtpm-sock \
|
||||
--tpm2 & \
|
||||
qemu-system-x86_64 \
|
||||
-m 4G \
|
||||
-machine pc \
|
||||
-chardev socket,id=chrtpm,path=vtpm-sock \
|
||||
-tpmdev emulator,id=tpm0,chardev=chrtpm \
|
||||
-device tpm-tis,tpmdev=tpm0 \
|
||||
-usb \
|
||||
-device sdhci-pci \
|
||||
-device sd-card,drive=external \
|
||||
-drive id=external,if=none,format=raw,file=out/sdcard.img \
|
||||
-device usb-storage,drive=usbdrive \
|
||||
-drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \
|
||||
-boot order=c \
|
||||
-nographic; \
|
||||
"
|
||||
|
||||
## Signing, Verification, and Release Targets
|
||||
toolchain \
|
||||
$(OUT_DIR)/airgap.iso \
|
||||
$(OUT_DIR)/release.env \
|
||||
$(OUT_DIR)/manifest.txt
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
rm -rf out
|
||||
|
||||
.PHONY: release
|
||||
release: clean
|
||||
$(MAKE) NOCACHE=1 VERSION=$(VERSION)
|
||||
rm -rf dist/*
|
||||
cp -R out/release.env out/airgap.iso out/manifest.txt dist/
|
||||
clean: toolchain
|
||||
rm -rf $(CACHE_DIR)/buildroot-ccache
|
||||
$(call toolchain,$(USER)," \
|
||||
cd $(FETCH_DIR)/buildroot; \
|
||||
make clean; \
|
||||
")
|
||||
$(MAKE) toolchain-clean
|
||||
|
||||
.PHONY: sign
|
||||
sign:
|
||||
|
@ -95,35 +30,67 @@ sign:
|
|||
); \
|
||||
gpg --armor \
|
||||
--detach-sig \
|
||||
--output dist/manifest.$${fingerprint}.asc \
|
||||
dist/manifest.txt
|
||||
--output $(DIST_DIR)/manifest.$${fingerprint}.asc \
|
||||
$(DIST_DIR)/manifest.txt
|
||||
|
||||
.PHONY: verify
|
||||
verify: | dist/manifest.txt
|
||||
verify: | $(DIST_DIR)/manifest.txt
|
||||
set -e; \
|
||||
for file in dist/manifest.*.asc; do \
|
||||
for file in $(DIST_DIR)/manifest.*.asc; do \
|
||||
echo "\nVerifying: $${file}\n"; \
|
||||
gpg --verify $${file} dist/manifest.txt; \
|
||||
gpg --verify $${file} $(DIST_DIR)/manifest.txt; \
|
||||
done;
|
||||
|
||||
.PHONY: reproduce
|
||||
reproduce: clean | out
|
||||
$(MAKE) REPRODUCE=true NOCACHE=1
|
||||
diff -q out/manifest.txt dist/manifest.txt;
|
||||
.PHONY: mrproper
|
||||
mrproper:
|
||||
docker image rm -f $(IMAGE)
|
||||
rm -rf $(CACHE_DIR) $(OUT_DIR)
|
||||
|
||||
out:
|
||||
mkdir -p $@
|
||||
.PHONY: menuconfig
|
||||
menuconfig: toolchain
|
||||
$(call toolchain,$(USER)," \
|
||||
cd $(FETCH_DIR)/buildroot; \
|
||||
make "airgap_$(TARGET)_defconfig"; \
|
||||
make menuconfig; \
|
||||
")
|
||||
cp $(FETCH_DIR)/buildroot/.config \
|
||||
"config/buildroot/configs/airgap_$(TARGET)_defconfig"
|
||||
|
||||
out/release.env: $(shell git ls-files) | out
|
||||
echo 'VERSION=$(VERSION)' > out/release.env
|
||||
echo 'GIT_REF=$(GIT_REF)' >> out/release.env
|
||||
echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> out/release.env
|
||||
echo 'GIT_PUBKEY=$(GIT_PUBKEY)' >> out/release.env
|
||||
echo 'GIT_TIMESTAMP=$(GIT_TIMESTAMP)' >> out/release.env
|
||||
.PHONY: linux-menuconfig
|
||||
linux-menuconfig: toolchain
|
||||
$(call toolchain,$(USER),"\
|
||||
cd $(FETCH_DIR)/buildroot; \
|
||||
make linux-menuconfig; \
|
||||
make linux-update-defconfig; \
|
||||
")
|
||||
|
||||
out/manifest.txt: out/airgap.iso out/release.env | out
|
||||
openssl sha256 -r \
|
||||
out/airgap.iso \
|
||||
out/release.env \
|
||||
| sed -e 's/ \*out\// /g' -e 's/ \.\// /g' \
|
||||
> $@
|
||||
.PHONY: vm
|
||||
vm: toolchain
|
||||
$(call toolchain,$(USER)," \
|
||||
qemu-system-i386 \
|
||||
-M pc \
|
||||
-nographic \
|
||||
-cdrom "$(OUT_DIR)/airgap.iso"; \
|
||||
")
|
||||
|
||||
.PHONY: release
|
||||
release: default
|
||||
rm -rf $(DIST_DIR)/*
|
||||
cp -R $(OUT_DIR)/* $(DIST_DIR)/
|
||||
|
||||
$(FETCH_DIR)/buildroot: toolchain
|
||||
$(call git_clone,$(FETCH_DIR)/buildroot,$(BUILDROOT_REPO),$(BUILDROOT_REF))
|
||||
|
||||
$(OUT_DIR)/airgap.iso: \
|
||||
$(FETCH_DIR)/buildroot \
|
||||
$(OUT_DIR)/release.env
|
||||
# $(call apply_patches,$(FETCH_DIR)/buildroot,$(CONFIG_DIR)/buildroot/patches)
|
||||
$(call toolchain,$(USER)," \
|
||||
cd $(FETCH_DIR)/buildroot; \
|
||||
make "airgap_$(TARGET)_defconfig"; \
|
||||
unset FAKETIME; \
|
||||
make source; \
|
||||
make; \
|
||||
")
|
||||
cp $(FETCH_DIR)/buildroot/output/images/rootfs.iso9660 \
|
||||
$(OUT_DIR)/airgap.iso
|
||||
|
|
49
README.md
49
README.md
|
@ -1,26 +1,24 @@
|
|||
# AirgapOS #
|
||||
|
||||
<https://git.distrust.co/public/airgap>
|
||||
<https://github.com/distrust-foundation/airgap>
|
||||
|
||||
## About ##
|
||||
|
||||
A full-source-bootstrapped, deterministic, minimal, immutable, and offline,
|
||||
workstation linux distribution designed for creating and managing secrets
|
||||
offline.
|
||||
A live buildroot based Liux distribution designed for managing secrets offline.
|
||||
|
||||
Built for those of us that want to be -really- sure our most important secrets
|
||||
are managed in a clean environment with an "air gap" between us and the
|
||||
internet with high integrity on the supply chain of the firmware and OS used.
|
||||
|
||||
## Uses ##
|
||||
* Generate PGP keychain
|
||||
* Generate GPG keychain
|
||||
* Store/Restore gpg keychain to security token such as a Yubikey or Nitrokey
|
||||
* Signing cryptocurrency transactions
|
||||
* Generate/backup BIP39 universal cryptocurrency wallet seed
|
||||
* Store/Restore BIP39 seed to a hardware wallet such as a Trezor or Ledger
|
||||
|
||||
## Features ##
|
||||
* Deterministic iso generation for multi-party code->binary verification
|
||||
* Determinsitic iso generation for multi-party code->binary verification
|
||||
* Small footprint (< 100MB)
|
||||
* Immutable and Diskless: runs from initramfs
|
||||
* Network support and most drivers removed to minimize exfiltration vectors
|
||||
|
@ -29,53 +27,36 @@ internet with high integrity on the supply chain of the firmware and OS used.
|
|||
|
||||
### Software ###
|
||||
|
||||
* docker 26+
|
||||
* docker 18+
|
||||
|
||||
### Hardware ###
|
||||
|
||||
* x86_64 PC or laptop
|
||||
* linuxboot/heads firmware supported and recommended for multi-use machine
|
||||
* Recommended: PC running coreboot-heads
|
||||
* Allows for signed builds, and verification of signed sd card payloads
|
||||
* Ensure any Wifi/Disk/Bluetooth/Audio devices are disabled/removed
|
||||
* Supported remote attestation key (Librem Key, Nitrokey, etc)
|
||||
* Supported GPG smartcard device (Yubikey, Ledger, Trezor, Librem Key, etc)
|
||||
* Blank flash drive
|
||||
* Blank SD card
|
||||
|
||||
## Build ##
|
||||
|
||||
### Update git submodules
|
||||
|
||||
```
|
||||
git submodule update --init --recursive
|
||||
```
|
||||
|
||||
### Build a new release
|
||||
|
||||
```
|
||||
make release
|
||||
```
|
||||
```
|
||||
make release
|
||||
```
|
||||
|
||||
### Reproduce an existing release
|
||||
|
||||
```
|
||||
make attest
|
||||
```
|
||||
```
|
||||
make attest
|
||||
```
|
||||
|
||||
### Sign an existing release
|
||||
|
||||
```
|
||||
make sign
|
||||
```
|
||||
|
||||
## Provisioning ##
|
||||
|
||||
1. Write airgap.iso to CD-ROM or SD Card
|
||||
a. `dd if=out/airgap.iso of=/dev/sda bs=1M conv=sync status=progress`
|
||||
b. `cdrecord out/airgap.iso`
|
||||
|
||||
2. Verify media still produces expected hash
|
||||
```
|
||||
sha256sum out/airgap.iso
|
||||
head -c $(stat -c '%s' airgap.iso) /dev/sda | sha256sum
|
||||
make sign
|
||||
```
|
||||
|
||||
## Setup ##
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
source "$BR2_EXTERNAL_Airgap_PATH/package/flashtools/Config.in"
|
|
@ -0,0 +1,27 @@
|
|||
set default="0"
|
||||
set timeout="10"
|
||||
|
||||
menuentry "AirgapOS (qwerty)" {
|
||||
linux /boot/bzImage root=/dev/sr0 keymap=qwerty/us
|
||||
initrd /boot/initrd
|
||||
}
|
||||
|
||||
menuentry "AirgapOS (dvorak)" {
|
||||
linux /boot/bzImage root=/dev/sr0 keymap=dvorak
|
||||
initrd /boot/initrd
|
||||
}
|
||||
|
||||
menuentry "AirgapOS (colemak)" {
|
||||
linux /boot/bzImage root=/dev/sr0 keymap=colemak/en-latin9
|
||||
initrd /boot/initrd
|
||||
}
|
||||
|
||||
menuentry "AirgapOS (qwertz)" {
|
||||
linux /boot/bzImage root=/dev/sr0 keymap=qwertz/de
|
||||
initrd /boot/initrd
|
||||
}
|
||||
|
||||
menuentry "AirgapOS (azerty)" {
|
||||
linux /boot/bzImage root=/dev/sr0 keymap=azerty/fr
|
||||
initrd /boot/initrd
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,17 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -u
|
||||
set -e
|
||||
set -x
|
||||
|
||||
BOARD_DIR="$(dirname $0)"
|
||||
|
||||
cp -f ${BOARD_DIR}/grub.cfg ${TARGET_DIR}/boot/grub/grub.cfg
|
||||
|
||||
echo "export VERSION=\"${VERSION}\"" > ${TARGET_DIR}/etc/environment
|
||||
echo "export GIT_REF=\"${GIT_REF}\"" >> ${TARGET_DIR}/etc/environment
|
||||
echo "export GIT_AUTHOR=\"${GIT_AUTHOR}\"" >> ${TARGET_DIR}/etc/environment
|
||||
echo "export GIT_KEY=\"${GIT_KEY}\"" >> ${TARGET_DIR}/etc/environment
|
||||
echo "export GIT_TIMESTAMP=\"${GIT_TIMESTAMP}\"" >> ${TARGET_DIR}/etc/environment
|
||||
|
||||
exit $?
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -u
|
||||
set -e
|
||||
|
||||
echo "post-image.sh was run"
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,2 @@
|
|||
name: Airgap
|
||||
desc: Linux distribution for offline cryptography use cases
|
|
@ -0,0 +1 @@
|
|||
include $(sort $(wildcard $(BR2_EXTERNAL_Airgap_PATH)/package/*/*.mk))
|
|
@ -0,0 +1,36 @@
|
|||
menu "Flashtools"
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS
|
||||
bool "flashtools"
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_FLASHTOOL
|
||||
bool "flashtool"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_PEEK
|
||||
bool "peek"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_POKE
|
||||
bool "poke"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_CBFS
|
||||
bool "cbfs"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_UEFI
|
||||
bool "uefi"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
endmenu
|
|
@ -0,0 +1,47 @@
|
|||
################################################################################
|
||||
#
|
||||
# flashtools
|
||||
#
|
||||
################################################################################
|
||||
|
||||
FLASHTOOLS_VERSION = 9acce09aeb635c5bef01843e495b95e75e8da135
|
||||
FLASHTOOLS_SITE = https://github.com/osresearch/flashtools.git
|
||||
FLASHTOOLS_SITE_METHOD = git
|
||||
FLASHTOOLS_LICENSE = GPL-2.0
|
||||
FLASHTOOLS_LICENSE_FILES = LICENSE
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_FLASHTOOL),y)
|
||||
FLASHTOOLS_TARGETS += flashtool
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_PEEK),y)
|
||||
FLASHTOOLS_TARGETS += peek
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_POKE),y)
|
||||
FLASHTOOLS_TARGETS += poke
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_CBFS),y)
|
||||
FLASHTOOLS_TARGETS += cbfs
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_UEFI),y)
|
||||
FLASHTOOLS_TARGETS += uefi
|
||||
endif
|
||||
|
||||
define FLASHTOOLS_BUILD_CMDS
|
||||
$(foreach t,$(FLASHTOOLS_TARGETS),\
|
||||
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \
|
||||
CFLAGS="$(TARGET_CFLAGS)" -C $(@D) $(t) \
|
||||
)
|
||||
endef
|
||||
|
||||
define FLASHTOOLS_INSTALL_TARGET_CMDS
|
||||
$(foreach t,$(FLASHTOOLS_TARGETS),\
|
||||
$(INSTALL) -D -m 0755 $(@D)/$(t) $(TARGET_DIR)/usr/bin/$(t)$(sep) \
|
||||
)
|
||||
endef
|
||||
|
||||
|
||||
$(eval $(generic-package))
|
|
@ -0,0 +1,39 @@
|
|||
diff --git a/fs/cpio/cpio.mk b/fs/cpio/cpio.mk
|
||||
index 81f8c393d1..72923ded47 100644
|
||||
--- a/fs/cpio/cpio.mk
|
||||
+++ b/fs/cpio/cpio.mk
|
||||
@@ -32,15 +32,16 @@ ROOTFS_CPIO_PRE_GEN_HOOKS += ROOTFS_CPIO_ADD_INIT
|
||||
# --reproducible option was introduced in cpio v2.12, which may not be
|
||||
# available in some old distributions, so we build host-cpio
|
||||
ifeq ($(BR2_REPRODUCIBLE),y)
|
||||
-ROOTFS_CPIO_DEPENDENCIES += host-cpio
|
||||
-ROOTFS_CPIO_OPTS += --reproducible
|
||||
+ROOTFS_CPIO_DEPENDENCIES += host-cpio host-libarchive
|
||||
endif
|
||||
|
||||
define ROOTFS_CPIO_CMD
|
||||
- cd $(TARGET_DIR) && \
|
||||
- find . \
|
||||
- | LC_ALL=C sort \
|
||||
- | cpio $(ROOTFS_CPIO_OPTS) --quiet -o -H newc \
|
||||
+ cd $(TARGET_DIR) \
|
||||
+ && find . -mindepth 1 -execdir touch -hcd "@0" "{}" + \
|
||||
+ && find . -mindepth 1 -printf '%P\0' \
|
||||
+ | sort -z \
|
||||
+ | LANG=C bsdtar --null -cnf - -T - \
|
||||
+ | LANG=C bsdtar --uid 0 --gid 0 --null -cf - --format=newc @- \
|
||||
> $@
|
||||
endef
|
||||
|
||||
diff --git a/package/libarchive/libarchive.mk b/package/libarchive/libarchive.mk
|
||||
index 708ce637c2..2ba8dcab2a 100644
|
||||
--- a/package/libarchive/libarchive.mk
|
||||
+++ b/package/libarchive/libarchive.mk
|
||||
@@ -135,7 +135,6 @@ endif
|
||||
# The only user of host-libarchive needs zlib support
|
||||
HOST_LIBARCHIVE_DEPENDENCIES = host-zlib
|
||||
HOST_LIBARCHIVE_CONF_OPTS = \
|
||||
- --disable-bsdtar \
|
||||
--disable-bsdcpio \
|
||||
--disable-bsdcat \
|
||||
--disable-acl \
|
|
@ -0,0 +1,28 @@
|
|||
diff --git a/fs/iso9660/iso9660.mk b/fs/iso9660/iso9660.mk
|
||||
index 0524f94c35..284c21f566 100644
|
||||
--- a/fs/iso9660/iso9660.mk
|
||||
+++ b/fs/iso9660/iso9660.mk
|
||||
@@ -157,7 +157,13 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD
|
||||
|
||||
endif # ROOTFS_ISO9660_USE_INITRD
|
||||
|
||||
-ROOTFS_ISO9660_OPTS += -J -R
|
||||
+ROOTFS_ISO9660_OPTS += \
|
||||
+ -volume_date all_file_dates "=$(SOURCE_DATE_EPOCH)" \
|
||||
+ -as mkisofs \
|
||||
+ -J \
|
||||
+ -R \
|
||||
+ -gid 0 \
|
||||
+ -uid 0
|
||||
|
||||
ROOTFS_ISO9660_OPTS_BIOS = \
|
||||
-b $(ROOTFS_ISO9660_BOOT_IMAGE) \
|
||||
@@ -181,7 +187,7 @@ ROOTFS_ISO9660_OPTS += $(ROOTFS_ISO9660_OPTS_EFI)
|
||||
endif
|
||||
|
||||
define ROOTFS_ISO9660_CMD
|
||||
- $(HOST_DIR)/bin/xorriso -as mkisofs \
|
||||
+ $(HOST_DIR)/bin/xorriso \
|
||||
$(ROOTFS_ISO9660_OPTS) \
|
||||
-o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR)
|
||||
endef
|
|
@ -1,5 +1,11 @@
|
|||
# /etc/inittab
|
||||
|
||||
#
|
||||
# Copyright (C) 2001 Erik Andersen <andersen@codepoet.org>
|
||||
#
|
||||
# Note: BusyBox init doesn't support runlevels. The runlevels field is
|
||||
# completely ignored by BusyBox init. If you want runlevels, use
|
||||
# sysvinit.
|
||||
#
|
||||
# Format for each entry: <id>:<runlevels>:<action>:<process>
|
||||
#
|
||||
# id == tty to run on, or empty for /dev/console
|
||||
|
@ -8,26 +14,27 @@
|
|||
# process == program to run
|
||||
|
||||
# Startup the system
|
||||
::sysinit:/bin/mount -t devtmpfs devtmpfs /dev
|
||||
::sysinit:/bin/mkdir -p /proc /run /dev/pts /dev/shm /sys
|
||||
::sysinit:/bin/mount -t sysfs sysfs /sys
|
||||
::sysinit:/bin/mount -t proc proc /proc
|
||||
::sysinit:/bin/mount -o remount,rw /
|
||||
::sysinit:/bin/mkdir -p /dev/pts /dev/shm
|
||||
::sysinit:/bin/mount -a
|
||||
::sysinit:/sbin/swapon -a
|
||||
null::sysinit:/bin/ln -sf /proc/self/fd /dev/fd
|
||||
null::sysinit:/bin/ln -sf /proc/self/fd/0 /dev/stdin
|
||||
null::sysinit:/bin/ln -sf /proc/self/fd/1 /dev/stdout
|
||||
null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr
|
||||
::sysinit:/bin/hostname -F /etc/hostname
|
||||
# now run any rc scripts
|
||||
::sysinit:/etc/init.d/rcS
|
||||
|
||||
# Put shells on the serial terminal and console
|
||||
console::respawn:-/bin/bash
|
||||
ttyS0::respawn:-/bin/bash
|
||||
# Put a getty on the serial port
|
||||
#console::respawn:/sbin/getty -L console 0 vt100 # GENERIC_SERIAL
|
||||
::respawn:-/bin/bash
|
||||
|
||||
# Stuff to do for the 3-finger salute
|
||||
::ctrlaltdel:/sbin/reboot
|
||||
#::ctrlaltdel:/sbin/reboot
|
||||
|
||||
# Stuff to do before rebooting
|
||||
::shutdown:/etc/init.d/rcK
|
||||
::shutdown:/sbin/swapoff -a
|
||||
::shutdown:/bin/umount -a -r
|
|
@ -3,7 +3,8 @@ export PATH="/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin"
|
|||
export PS1="[\h \t] \\$ "
|
||||
export GNUPGHOME=/.gnupg
|
||||
source /etc/environment
|
||||
cd /root
|
||||
|
||||
dmesg -n1
|
||||
clear
|
||||
cat << "EOF"
|
||||
_ _ ___ ____
|
||||
|
@ -18,5 +19,5 @@ echo " - Version: $VERSION"
|
|||
echo " - Date: $GIT_TIMESTAMP"
|
||||
echo " - Committer: $GIT_AUTHOR"
|
||||
echo " - Commit: $GIT_REF"
|
||||
echo " - Key: $GIT_PUBKEY"
|
||||
echo " - Key: $GIT_KEY"
|
||||
echo ""
|
|
@ -0,0 +1,12 @@
|
|||
KERNEL!="sd[a-z][0-9]", GOTO="sd_cards_auto_mount_end"
|
||||
|
||||
# Global mount options
|
||||
ACTION=="add", ENV{mount_options}="relatime"
|
||||
|
||||
# Filesystem specific options
|
||||
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
|
||||
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,flush,user,umask=0000"
|
||||
ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k"
|
||||
ACTION=="add", RUN+="/usr/local/bin/autorun /media/sd-%k"
|
||||
ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k"
|
||||
LABEL="sd_cards_auto_mount_end"
|
|
@ -0,0 +1,18 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
source /etc/profile
|
||||
|
||||
folder=${1?}
|
||||
|
||||
if [ -f "${folder}/autorun.sh.asc" ]; then
|
||||
echo "" >/dev/console
|
||||
echo "++ Autorun: Found ${folder}/autorun.sh" >/dev/console;
|
||||
gpg --verify "${folder}/autorun.sh.asc" >/dev/null 2>&1 || {
|
||||
echo "!! Autorun: Verification Failed for ${folder}/autorun.sh" \
|
||||
>/dev/console;
|
||||
exit 1;
|
||||
}
|
||||
echo "++ Autorun: Verified ${folder}/autorun.sh" >/dev/console
|
||||
echo "** Autorun: Executing ${folder}/autorun.sh" >/dev/console
|
||||
/bin/bash "${folder}/autorun.sh" >/dev/console
|
||||
fi
|
|
@ -0,0 +1,8 @@
|
|||
DEBIAN_HASH=48b28b354484a7f0e683e340fa0e6e4c4bce3dc3aa0146fc2f78f443fde2c55d
|
||||
# BUILDROOT_REF=ea51485ee9ab44f72f8b1cc019dcb17f276d1def
|
||||
BUILDROOT_REF=8526e60a1f09854b96016b03a2439fcb61200ee4
|
||||
HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f
|
||||
BUILDROOT_REPO=git://git.busybox.net/buildroot
|
||||
HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git
|
||||
BR2_EXTERNAL=/home/build/config/buildroot
|
||||
HEADS_EXTERNAL=/home/build/config/heads
|
|
@ -1,5 +0,0 @@
|
|||
set timeout=1
|
||||
menuentry "Linux Airgap" {
|
||||
linux /boot/vmlinuz init=/init console=ttyS0 console=tty0 ro
|
||||
initrd /boot/initramfs
|
||||
}
|
|
@ -1,2 +0,0 @@
|
|||
search --no-floppy --set=root --label "airgap"
|
||||
set prefix=($root)/boot/grub
|
|
@ -0,0 +1,160 @@
|
|||
diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
|
||||
index 1369ed1..f576a8e 100755
|
||||
--- a/initrd/bin/gui-init
|
||||
+++ b/initrd/bin/gui-init
|
||||
@@ -13,21 +13,26 @@ first_pass=true
|
||||
|
||||
mount_boot()
|
||||
{
|
||||
-
|
||||
+
|
||||
# Mount local disk if it is not already mounted
|
||||
while ! grep -q /boot /proc/mounts ; do
|
||||
+
|
||||
# try to mount if CONFIG_BOOT_DEV exists
|
||||
if [ -e "$CONFIG_BOOT_DEV" ]; then
|
||||
- mount -o ro $CONFIG_BOOT_DEV /boot
|
||||
+ mount -o ro $CONFIG_BOOT_DEV /boot
|
||||
[[ $? -eq 0 ]] && continue
|
||||
fi
|
||||
|
||||
- # CONFIG_BOOT_DEV doesn't exist or couldn't be mounted, so give user options
|
||||
+ # try to mount usb to /media and /boot if it exists
|
||||
+ mount-usb \
|
||||
+ && mount -o bind,ro /media /boot \
|
||||
+ && continue
|
||||
+
|
||||
+ # no boot device available, so give user options
|
||||
whiptail $BG_COLOR_ERROR --clear --title "ERROR: No Bootable OS Found!" \
|
||||
- --menu " No bootable OS was found on the default boot device $CONFIG_BOOT_DEV.
|
||||
+ --menu " No bootable OS was found at $CONFIG_BOOT_DEV or on USB.
|
||||
How would you like to proceed?" 30 90 4 \
|
||||
'b' ' Select a new boot device' \
|
||||
- 'u' ' Boot from USB' \
|
||||
'm' ' Continue to the main menu' \
|
||||
'x' ' Exit to recovery shell' \
|
||||
2>/tmp/whiptail || recovery "GUI menu failed"
|
||||
@@ -41,9 +46,6 @@ mount_boot()
|
||||
. /tmp/config
|
||||
fi
|
||||
;;
|
||||
- u )
|
||||
- exec /bin/usb-init
|
||||
- ;;
|
||||
m )
|
||||
break
|
||||
;;
|
||||
@@ -55,6 +57,11 @@ mount_boot()
|
||||
}
|
||||
verify_global_hashes()
|
||||
{
|
||||
+
|
||||
+ # If default boot device is not mounted, then there are no hashes to verify
|
||||
+ # User is likely usb booting.
|
||||
+ df $CONFIG_BOOT_DEV >/dev/null 2>&1 || return 0
|
||||
+
|
||||
# Check the hashes of all the files, ignoring signatures for now
|
||||
check_config /boot force
|
||||
TMP_HASH_FILE="/tmp/kexec/kexec_hashes.txt"
|
||||
@@ -458,6 +465,7 @@ while true; do
|
||||
if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
|
||||
# Try to boot the default
|
||||
mount_boot
|
||||
+
|
||||
verify_global_hashes
|
||||
if [ $? -ne 0 ]; then
|
||||
continue
|
||||
@@ -467,6 +475,7 @@ while true; do
|
||||
kexec-select-boot -b /boot -c "grub.cfg" -g \
|
||||
|| recovery "Failed default boot"
|
||||
else
|
||||
+ usb-init
|
||||
if (whiptail --title 'No Default Boot Option Configured' \
|
||||
--yesno "There is no default boot option configured yet.\nWould you like to load a menu of boot options?\nOtherwise you will return to the main menu." 16 90) then
|
||||
kexec-select-boot -m -b /boot -c "grub.cfg" -g
|
||||
diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb
|
||||
index a79dd66..8a8734c 100755
|
||||
--- a/initrd/bin/mount-usb
|
||||
+++ b/initrd/bin/mount-usb
|
||||
@@ -4,19 +4,6 @@
|
||||
|
||||
enable_usb
|
||||
|
||||
-if ! lsmod | grep -q usb_storage; then
|
||||
- count=$(ls /dev/sd* 2>/dev/null | wc -l)
|
||||
- timeout=0
|
||||
- echo "Scanning for USB storage devices..."
|
||||
- insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \
|
||||
- || die "usb_storage: module load failed"
|
||||
- while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do
|
||||
- [[ $timeout -ge 4 ]] && break
|
||||
- sleep 1
|
||||
- timeout=$(($timeout+1))
|
||||
- done
|
||||
-fi
|
||||
-
|
||||
if [ ! -d /media ]; then
|
||||
mkdir /media
|
||||
fi
|
||||
diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan
|
||||
index d9f26b0..b64f150 100755
|
||||
--- a/initrd/bin/usb-scan
|
||||
+++ b/initrd/bin/usb-scan
|
||||
@@ -5,12 +5,6 @@ set -e -o pipefail
|
||||
. /etc/gui_functions
|
||||
. /tmp/config
|
||||
|
||||
-# Unmount any previous boot device
|
||||
-if grep -q /boot /proc/mounts ; then
|
||||
- umount /boot \
|
||||
- || die "Unable to unmount /boot"
|
||||
-fi
|
||||
-
|
||||
# Mount the USB boot device
|
||||
mount_usb || die "Unable to mount /media"
|
||||
|
||||
@@ -29,12 +23,16 @@ get_menu_option() {
|
||||
MENU_OPTIONS="$MENU_OPTIONS $n ${option}"
|
||||
done < /tmp/iso_menu.txt
|
||||
|
||||
- whiptail --clear --title "Select your ISO boot option" \
|
||||
- --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
|
||||
- -- $MENU_OPTIONS \
|
||||
- 2>/tmp/whiptail || die "Aborting boot attempt"
|
||||
+ if [ "$n" -eq "1" ]; then
|
||||
+ option_index=1
|
||||
+ else
|
||||
+ whiptail --clear --title "Select your ISO boot option" \
|
||||
+ --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
|
||||
+ -- $MENU_OPTIONS \
|
||||
+ 2>/tmp/whiptail || die "Aborting boot attempt"
|
||||
|
||||
- option_index=$(cat /tmp/whiptail)
|
||||
+ option_index=$(cat /tmp/whiptail)
|
||||
+ fi
|
||||
else
|
||||
echo "+++ Select your ISO boot option:"
|
||||
n=0
|
||||
diff --git a/initrd/etc/functions b/initrd/etc/functions
|
||||
index dc0fbed..a083e17 100755
|
||||
--- a/initrd/etc/functions
|
||||
+++ b/initrd/etc/functions
|
||||
@@ -122,6 +122,18 @@ enable_usb()
|
||||
|| die "xhci_pci: module load failed"
|
||||
sleep 2
|
||||
fi
|
||||
+ if ! lsmod | grep -q usb_storage; then
|
||||
+ count=$(ls /dev/sd* 2>/dev/null | wc -l)
|
||||
+ timeout=0
|
||||
+ echo "Scanning for USB storage devices..."
|
||||
+ insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \
|
||||
+ || die "usb_storage: module load failed"
|
||||
+ while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do
|
||||
+ [[ $timeout -ge 4 ]] && break
|
||||
+ sleep 1
|
||||
+ timeout=$(($timeout+1))
|
||||
+ done
|
||||
+ fi
|
||||
}
|
||||
|
||||
confirm_gpg_card()
|
|
@ -1,8 +0,0 @@
|
|||
TIMEOUT 2
|
||||
PROMPT -1
|
||||
DEFAULT Airgap
|
||||
LABEL Airgap
|
||||
MENU LABEL Linux Airgap
|
||||
KERNEL /boot/vmlinuz
|
||||
INITRD /boot/initramfs
|
||||
APPEND init=/init console=ttyS0 console=tty0 ro
|
|
@ -0,0 +1,256 @@
|
|||
030db54f4d76cdfe2bf0e8eb5f9efea0233ab3c7aa942d672c7b63b52dbaf935 libpcre2-8-0_10.42-1_amd64.deb
|
||||
03326473eed54ffa27efae19aa5d6aeb402930968f869f318445513093691d55 libtirpc-dev_1.3.3+ds-1_amd64.deb
|
||||
03539fd30c509e27101d13a56e52eda9062bdf1aefe337c07ab56def25a13eab libmd0_1.0.4-2_amd64.deb
|
||||
03ebdf235600f4a8a6d4fbc7080de0a776b1a701f43c4e9697944757591d7809 libkrb5-3_1.20.1-2+deb12u1_amd64.deb
|
||||
072d908f38f51090ca28ca5afa3b46b2957dc61fe35094c0b851426859a49a51 libtinfo6_6.4-4_amd64.deb
|
||||
097a2cb520881c29afa97c1bb0c381ce008aef362df2779677416a0981bcf165 g++-12_12.2.0-14_amd64.deb
|
||||
0a43a9785f32d517a967d99e00d8e0a69edc0be09d4e63a08d7fd64466a11a0f gpgv_2.2.40-1.1_amd64.deb
|
||||
0ca5213c1ab67278cbfcec4cafccdb538c2e089718f4bddabe5a00145e5a21fb libdav1d6_1.0.0-2_amd64.deb
|
||||
11790842108768ec52432ea22e7b4f057232813b7c27ef6dfe1aba776a5cb90e sysvinit-utils_3.06-4_amd64.deb
|
||||
11ee190ad39f8d7af441d2c8347388b9449434c73acc67b4b372445ac4152efa libsasl2-2_2.1.28+dfsg-10_amd64.deb
|
||||
1379ab846489b322bb45602d34ca8e2791e1d342fd53d49143f6355430934efd libcc1-0_12.2.0-14_amd64.deb
|
||||
146ee93768433ac6a33edc8ae9248d8d619f10ef42c18b1212e0cb594ab9be3b libblkid1_2.38.1-5+b1_amd64.deb
|
||||
16ee38d374e064f534116dc442b086ef26f9831f1c0af7e5fb4fe4512e700649 libfontconfig1_2.14.1-4_amd64.deb
|
||||
177cacdfe9508448d84bf25534a87a7fcc058d8e2dcd422672851ea13f2115df sed_4.9-1_amd64.deb
|
||||
17d0341ca6ce604ce59c296780ac2c2a24141a769823c50669af942c025e6591 libaudit-common_1%3a3.0.9-1_all.deb
|
||||
17d9a2f3c05004499d80e180d2440fd716f84c32b65f09d96c9a024af4d1d0e7 hostname_3.23+nmu1_amd64.deb
|
||||
17fc3fb0897b9d26f779d60d056d9a1ce68af50208118c4277cf18a0496f36a8 openssh-client_1%3a9.2p1-2+deb12u2_amd64.deb
|
||||
187aedef2ed763f425c1e523753b9719677633c7eede660401739e9c893482bd libgmp10_2%3a6.2.1+dfsg1-1.1_amd64.deb
|
||||
194024e45303ed7e38f68e2e82c57b5d03a09822b6c3fcbf7865fea982e78914 mount_2.38.1-5+b1_amd64.deb
|
||||
194fd3750e6d647f300045a266c20cc3a3d47f84fd2fc8ff8830c55098b63c0d fakeroot_1.31-1.2_amd64.deb
|
||||
1a03df5a57833d65b5bb08cfa19d50e76f29088dc9e64fb934af42d9023a0807 gcc-12-base_12.2.0-14_amd64.deb
|
||||
1a394277e17426a10abdd9293e06fa0f8c31049fe73027608fe9363dda36f25b libc-dev-bin_2.36-9+deb12u3_amd64.deb
|
||||
1cdc3c6614ce1dd2486041bf8bbd86d7dda5c79bc72d3e78bb4abcb9468a85aa base-files_12.4+deb12u4_amd64.deb
|
||||
1cf14abf2716d3279db12d0657a5737cf70074a1e71d3bdf73206625e3c89ce6 libedit2_3.1-20221030-2_amd64.deb
|
||||
1dbc499d2055cb128fa4ed678a7adbcced3d882b3509e26d5aa3742a4b9e5b2f libgomp1_12.2.0-14_amd64.deb
|
||||
245f55e17d9ec050d9a1de80b35bc6b8f64f277b6f12183ff7769be5b3678eb8 logsave_1.47.0-2_amd64.deb
|
||||
251330faddbf013f060fcdb41f4b0c037c8a6e89ba7c09b04bfcc4e3f0807b22 libp11-kit0_0.24.1-2_amd64.deb
|
||||
2520093a31c082ace185a18ad6bdf860b13f32139977d1dfe1d52867c2e5df30 gpg-wks-client_2.2.40-1.1_amd64.deb
|
||||
26c451a660728cf7c15548a281e17eef2f36fab28499371e83fc2d3accb499d7 g++_4%3a12.2.0-3_amd64.deb
|
||||
26e174fb15af157b5d5698b5ccd9aafcdb084acdf74a5aa9aab6887c1f308f99 tzdata_2023c-5+deb12u1_all.deb
|
||||
27b3d102545f597df9e6dc5c7f6590a648de09b57debd6b05ad3d1189de428d5 pinentry-curses_1.2.1-1_amd64.deb
|
||||
281c66e46b95f045a0282a6c7a03b33de0e9a08d016897a759aaf4a04adfddbe fontconfig-config_2.14.1-4_amd64.deb
|
||||
29b23c48c0fe6f878e56c5ddc9f65d1c05d729360f3690a593a8c795031cd867 netbase_6.4_all.deb
|
||||
2a46d5a5e9486da11ffeff5740931740d6deae4f92cd6098df060dc5dff1e1c7 libtirpc3_1.3.3+ds-1_amd64.deb
|
||||
2ac1236547360284e9e154ad11a14564db65175bd4da393ec652ac1b2dc43571 libgpm2_1.20.7-10+b1_amd64.deb
|
||||
2ad228835756feb118bb131b32834bd23a09047e4de408cc5204cbb5dce0e4bb libncurses-dev_6.4-4_amd64.deb
|
||||
2b07f5287b9105f40158b56e4d70cc1652dac56a408f3507b4ab3d061eed425f libselinux1_3.4-1+b6_amd64.deb
|
||||
2c57221bf8cc0ff5d2295ececb9215cc1b9ff9040dacb152c385bba3087ab1df file_1%3a5.44-3_amd64.deb
|
||||
2d7ea8a570d768224d7f2424abbe6f373d2154865a1fa7f56c80d43ecf492521 binutils-x86-64-linux-gnu_2.40-2_amd64.deb
|
||||
30954df4b5a7c505661ba8ae5e6ea94f5805e408899fb400783bb166eb5ff306 libaudit1_1%3a3.0.9-1_amd64.deb
|
||||
30b4972cc88a4ff0fba9e08e6d476de13b109af9e4b826d130bdc72771d6e373 libasan8_12.2.0-14_amd64.deb
|
||||
30f9618670e686d781afbfc713eb0830c29d2819e9cb2a0488800dad6bb99faa python3-minimal_3.11.2-1+b1_amd64.deb
|
||||
31c77590324be46e1d1616df144a4f9002fb92b3252cce13f14f0612f97746e6 rsync_3.2.7-1_amd64.deb
|
||||
3264acea728df3c48a54f20e9291b965130e306b9d00adac76647049da7196df grep_3.8-5_amd64.deb
|
||||
32ac0692694f8a34cc90c895f4fc739680fb2ef0e2d4870a68833682bf1c81a3 rpcsvc-proto_1.4.3-1_amd64.deb
|
||||
32b60c039da18a2b17fdf4bc569d783fbb7a2fe634907eb239a380357eca4872 linux-libc-dev_6.1.69-1_amd64.deb
|
||||
339abb97957695134f9df48dfa3eb7df5f681c3aa76a53934133dee2f451d1e4 libsystemd0_252.19-1~deb12u1_amd64.deb
|
||||
33ea40061da2f1a861ec46212b2b6a34f0776a049b1a3f0abce2fb8cb994258f dash_0.5.12-2_amd64.deb
|
||||
33f6dafbd1a6902d9063172ec7dbd4b2225e12009e0d7ec5c933a72c2f5f3b74 python3_3.11.2-1+b1_amd64.deb
|
||||
34097adaf793f92cc93c8f07059d34766a6a8f2b1d0b1b74b9bb530516402642 git-man_1%3a2.39.2-1.1_all.deb
|
||||
343b60a755ceb2c3687f9a5c9c9dc00eea0e44a7de49a537c36df17894f784b3 passwd_1%3a4.13+dfsg1-1+b1_amd64.deb
|
||||
36a29db2aa4262bd02c23df42cd91cc709883fe52a517aa8a1b148039305eef0 tar_1.34+dfsg-1.2_amd64.deb
|
||||
36b6fc603efaa2bfd22cff3a7773590dd6774a5d0d9b0c23b73306f3f58cbc20 libavif15_0.11.1-1_amd64.deb
|
||||
37b7a2b4e78890b6a074777f27b96c84f58e81558ba08410c2b6c0ca4a4ad77b libmpfr6_4.2.0-1_amd64.deb
|
||||
37d5e8d44bb9729a89d747db15880f0f01e53101cc16f258087bb8b591017e76 gpgsm_2.2.40-1.1_amd64.deb
|
||||
37eaea795edc3bd2c5d43ab5a3a723859d851a9aff9d8d882eddb786047d7594 libc-devtools_2.36-9+deb12u3_amd64.deb
|
||||
396d6e453aee6d71b7141f0bfb333a6c08a44c64f77632bdf52894ccd123db46 ncurses-bin_6.4-4_amd64.deb
|
||||
3a8b61891f0ce9bd310088ce2d269d63b5afd88b9196fa4f046fd890faea4a17 libalgorithm-diff-perl_1.201-1_all.deb
|
||||
3ac4fd6cbe3b3b06e68d24b931bf3eb9385b42f15604a37ed25310e948ca0ee6 libsasl2-modules-db_2.1.28+dfsg-10_amd64.deb
|
||||
3d4b39f94317b64a860db8a7a8b581b555124cd461fe07ec0d347edbdb9f6683 libdeflate0_1.14-1_amd64.deb
|
||||
3e3ef129b4bf61513144236e15e1b4ec57fa5ae3dc8a72137abdbefb7a63af85 libtirpc-common_1.3.3+ds-1_all.deb
|
||||
3fb7b6f326be3fae4a87a3d33b9269bd06c1e4346a24bd737f265067e3b7427f libctf0_2.40-2_amd64.deb
|
||||
3fc9742f9f1a37bcb9931df6074b4d1483419ef832ad5349f47323e75fc27864 libjansson4_2.14-2_amd64.deb
|
||||
4018d17d6a44ffeb19c002dc9f721bf474e6879ad814f1bfcdd6666803e30178 e2fsprogs_1.47.0-2_amd64.deb
|
||||
438871b3f5c5c7a357a9840951dab9dab8db7eb1ff760a563226fafa111b99e5 bzip2_1.0.8-5+b1_amd64.deb
|
||||
43c90d45f7cf5584108964b919d6c728680d81af5fa70c8fb367d661cef54e8c libnpth0_1.6-3_amd64.deb
|
||||
43f19bcfdf5e1866c21d429d04403168ec4e19b3231de1eccef3e48160114591 util-linux_2.38.1-5+b1_amd64.deb
|
||||
45403a9d495cd41997f1358352d386cf0076c1c57790a44df10b0529393cd728 less_590-2_amd64.deb
|
||||
45922e6e289ffd92f0f92d2bb9159e84236ff202d552a461bf10e5335b3f0261 libnettle8_3.8.1-2_amd64.deb
|
||||
46dbe02369411b46f676ddb55fa8ee3a98f7a15607ddab785979c25bacb5d7db libalgorithm-merge-perl_0.08-5_all.deb
|
||||
48225793c486310600459d08a417dca0c28cbaf184047c09c82aff19107aa6f2 libyuv0_0.0~git20230123.b2528b0-1_amd64.deb
|
||||
4922b5ade6ab4018089e9725fac243c89365aca788bc399a87cfc88501aaeba7 libsmartcols1_2.38.1-5+b1_amd64.deb
|
||||
4af36a590b68d415a78d9238b932b6a4579f515ec8a8016597498acff5b515a4 libgdbm-compat4_1.23-3_amd64.deb
|
||||
4b48b8f0b06c2c667d52117edcef69af6896bcfe69a4f4bde47b89590b83875e libperl5.36_5.36.0-7+deb12u1_amd64.deb
|
||||
4b6c30f6554149c594628d945edc6003f0eea8d0cc1341638c0e71375db147ed libldap-2.5-0_2.5.13+dfsg-5_amd64.deb
|
||||
4cf64c4e1168f3c7e858bb4a71f2c5bea9a36dd448cdcc2154a551ac146e293b libgav1-1_0.18.0-1+b1_amd64.deb
|
||||
4e21728bbb1f170f35a5d60fe26adadb48c436f1b5fd977454e632668074169c libquadmath0_12.2.0-14_amd64.deb
|
||||
4e58891d5c951a1e360ed9eaa814413cb5e84deadce3f08e801ac680434c786e libpython3-stdlib_3.11.2-1+b1_amd64.deb
|
||||
4f0d35610204e4e754b057748719744114621f2f6f4202d846c314860a981afb libpsl5_0.21.2-1_amd64.deb
|
||||
504b7be9d7df4f6f4519e8dd4d6f9d03a9fb911a78530fa23a692fba3058cba6 libxext6_2%3a1.3.4-1+b1_amd64.deb
|
||||
505400598dcda712380f2e4a73b09b015a3fedf78bd874f6429622c448e249f9 libxpm4_1%3a3.5.12-1.1+deb12u1_amd64.deb
|
||||
5308b9bd88eebe2a48be3168cb3d87677aaec5da9c63ad0cf561a29b8219115c ca-certificates_20230311_all.deb
|
||||
5325e63acaecb37f6636990328370774995bd9b3dce10abd0366c8a06877bd0d bash_5.2.15-2+b2_amd64.deb
|
||||
539c1a013e6e90800b4c37877cf871e7583791b486a39e23f2466906bbe5061f libfakeroot_1.31-1.2_amd64.deb
|
||||
54149da3f44b22d523b26b692033b84503d822cc5122fed606ea69cc83ca5aeb libbz2-1.0_1.0.8-5+b1_amd64.deb
|
||||
54f7a9e77c6b12bafa07ffb1d4c42933a416748119f169514c1ed1119d51f4b3 gcc-12_12.2.0-14_amd64.deb
|
||||
55f951359670eb3236c9e2ccd5fac9ccb3db734f5a22aff21589e7a30aee48c9 debianutils_5.7-0.5~deb12u1_amd64.deb
|
||||
563b4caec1aa5e876bd3355b36e7a38e1484baf5a293b48d1e8bd22db786e4d7 libbrotli1_1.0.9-2+b6_amd64.deb
|
||||
57d6348f392c77ccc3fdc5874c527df18df8be702814b13d1151352b28e29145 xauth_1%3a1.1.2-1_amd64.deb
|
||||
5912430927da16ccc831459679207fdbb9dfc5a206f2bab8d6f36d5a1ab53e25 libassuan0_2.5.5-5_amd64.deb
|
||||
5a466348531b9c38c8e5ccb18c231f27a98b9fdab61b37ea22592553de5d2ced liberror-perl_0.17029-2_all.deb
|
||||
5dd86bd0af4aa73f067dfd6b8339dd868f2dd84056aa79db29d1206d4fbc5e04 findutils_4.9.0-4_amd64.deb
|
||||
5e1b647d802d9612596dfc6a546c0315f9d06843793aad66af2ad819c17c3e58 libaom3_3.6.0-1_amd64.deb
|
||||
5ef7e6c1cd6b165455466bbfa6c22d8f5b61109d29aeab906bd3406322f34b15 xz-utils_5.4.1-0.2_amd64.deb
|
||||
61038f857e346e8500adf53a2a0a20859f4d3a3b51570cc876b153a2d51a3091 coreutils_9.1-1_amd64.deb
|
||||
6156f5b9edc0de38755869e5bcbed0b65d48d2a5531ae2f0ff2c347a7882f402 gnupg-utils_2.2.40-1.1_amd64.deb
|
||||
619add379c606b3ac6c1a175853b918e6939598a83d8ebadf3bdfd50d10b3c8c libelf1_0.188-2.1_amd64.deb
|
||||
6315b5ac38b724a710fb96bf1042019398cb656718b1522279a5185ed39318fa libzstd1_1.5.4+dfsg2-5_amd64.deb
|
||||
639e1ab6bd66ead40db8a22c332d7199679fa22db261cac34444eb8eb4c17dda libnuma1_2.0.16-1_amd64.deb
|
||||
64c17a80dede46900f8baf4a20803323aa57dac7707b0a8dea4b266767878945 libdpkg-perl_1.21.22_all.deb
|
||||
64cde86cef1deaf828bd60297839b59710b5cd8dc50efd4f12643caaee9389d3 liblz4-1_1.9.4-1_amd64.deb
|
||||
6631304ce4b5b9ba0af3fdebf088a734aed2d28ffad2a03ba79e4fcb2e226dd6 libgssapi-krb5-2_1.20.1-2+deb12u1_amd64.deb
|
||||
665732aacbb8cb82cc5f33d0b6f31849001a02be074743fa5dd3ec218b95b48e util-linux-extra_2.38.1-5+b1_amd64.deb
|
||||
679db1c4579ec7c61079adeaae8528adeb2e4bf5465baa6c56233b995d714750 libxau6_1%3a1.0.9-1_amd64.deb
|
||||
67eec0eb4df58b93e1bf97c402c2cbeb361bf9c5af44fa3a02ff1c723c791ca2 libpython3.11-stdlib_3.11.2-6_amd64.deb
|
||||
68aa3b3bdac8b34802df7e2e950bae64c40aa6c2b24fed356b832968f8305aa0 libfile-fcntllock-perl_0.22-4+b1_amd64.deb
|
||||
69317523fe56429aa361545416ad339d138c1500e5a604856a80dd9074b4e35c readline-common_8.2-1.3_all.deb
|
||||
6995822451e1300baa41b953c19f1094640ad4237982612583e980d32e18eee5 wget_1.21.3-1+b2_amd64.deb
|
||||
6a91eee690e6ad2207df3a355fc329a58d8e31bf5ca9a9dd4de8f7a1c812ddc5 libk5crypto3_1.20.1-2+deb12u1_amd64.deb
|
||||
6b07c77b700a615642888a82ba92a7e7c429d04b9c8669c62b2263f15c4c4059 libjbig0_2.1-6.1_amd64.deb
|
||||
6c19a5d18c8350744581fbd25d5d29e2b7101053e25aafa4e1ffcc2b505b2f1c libxxhash0_0.8.1-1_amd64.deb
|
||||
6d9f6c25c30efccce6d4bceaa48ea86c329a3432abb360a141f76ac223a4c34a libffi8_3.4.4-1_amd64.deb
|
||||
6e129c5814812b3516a656ae5b664b9970e2f8823250cd5b98190f21c0de2bca libssl3_3.0.11-1~deb12u2_amd64.deb
|
||||
6ea03cbbc7a7bfcee601c9fb08d4e026fd522ede5350561f06867ad9c0a0fa6b apt_2.6.1_amd64.deb
|
||||
6f6fe95c43338db9887e52fe948228a779d3651fef1a975b62dfe891bb71fdc4 gnupg_2.2.40-1.1_all.deb
|
||||
6f8c90780705bb2434d02e2360881b581319307ccde43abcd1f781e05928db04 cpp-12_12.2.0-14_amd64.deb
|
||||
6f94b488255acd996254f775c77ff3956557c61f860a3c9caeaf65457554194f libpopt0_1.19+dfsg-1_amd64.deb
|
||||
6fc5ab5858781ab90c68b4deea09f21871fd7b55dc1a0764ad7116ac4c86574d libpython3.11-minimal_3.11.2-6_amd64.deb
|
||||
6ffd3721915c49580fc9bcf1ef06deab4ad59e99c52c9f349d03954642b97655 libgcc-12-dev_12.2.0-14_amd64.deb
|
||||
7038b4d856aff8b4054f879c488c1298db5a83ecfa6280f85706f20e2e1935f1 libalgorithm-diff-xs-perl_0.04-8+b1_amd64.deb
|
||||
70d356876847a9a540b5bebd02b2141f9de292e7ce17a596cafdecb15c39ba21 libisl23_0.25-1_amd64.deb
|
||||
72300f09f02669c06c99b641ea795d52300ec7eb65eaccddf7bc3b72934f0ef5 libncurses6_6.4-4_amd64.deb
|
||||
7259b7ce46444694ce536360ad53acb68eb3b47a7ff81d7b1b8a3939b2ac9918 libwebp7_1.2.4-0.2+deb12u1_amd64.deb
|
||||
72a6c113801a0f307f3a9ab9fe7a7f9559d9164af990494ed2c50617a0e20452 libldap-common_2.5.13+dfsg-5_all.deb
|
||||
72ef03236f1936e72a0faf86a547425b0eff3c5fd0b43f8669012182cf376354 libfreetype6_2.12.1+dfsg-5_amd64.deb
|
||||
73d4a22bdd7eb6be1e480d6884b103eb500cfd539cc20ae0f3e44dd8b0614798 cpio_2.13+dfsg-7.1_amd64.deb
|
||||
74ab14194a3762b2fc717917dcfda42929ab98e3c59295a063344dc551cd7cc8 debconf_1.5.82_all.deb
|
||||
7516082b33a0e3c76d6c18d67754d5f2ef2116255fac9897ff0eb2004aa8de8c gpg-wks-server_2.2.40-1.1_amd64.deb
|
||||
75bbf628518966bea04498df28391b5c070ccae110332302c52affcce8cb7b68 libss2_1.47.0-2_amd64.deb
|
||||
771f5c47ca69f24ca61e4be0c98c5912b182ce442f921697d17a472f3ded5c9c liblerc4_4.0.0+ds-2_amd64.deb
|
||||
7900a203b9b0e7db923882701e852e3c95a229a3bfb0b517531f6a679707e477 libtiff6_4.5.0-6+deb12u1_amd64.deb
|
||||
791c92c681a3cefcc9721445dc8a301a1a3cb3eef40ac2c16a4d9dd9ad5a42d7 publicsuffix_20230209.2326-1_all.deb
|
||||
79cb66b55021bd0130308369524bac5240d0b5463cb252cd44be6a1500fdebec libelf-dev_0.188-2.1_amd64.deb
|
||||
7d2b2b700bae0ba67a13655fabba6a98da3f6ce7dee43d1ee0ac433b7ca1d947 libdebconfclient0_0.270_amd64.deb
|
||||
7dc5127b8dd0da80e992ba594954c005ae4359d839a24eb65d0d8129b5235c84 libdb5.3_5.3.28+dfsg2-1_amd64.deb
|
||||
8010e4285276bb344c05ae780deae2fffb45e237116c3a78481365c5954125ec libcom-err2_1.47.0-2_amd64.deb
|
||||
8011853dcb09cd62d60fd95791eabba86df58d70b054f654f1bb51261b95cb98 libudev1_252.19-1~deb12u1_amd64.deb
|
||||
81ccd29130f75a9e3adabc80e61921abff42f76761e1f792fa2d1bb69af7f52f libcrypt-dev_1%3a4.4.33-2_amd64.deb
|
||||
835f806c21ae25e39053bd3057051640341b0cf08e1db9746fd82e370d82fa30 libsemanage-common_3.4-1_all.deb
|
||||
83c3e20b53e1fbd84d764c3ba27d26a0376e361ae5d7fb37120196934dd87424 binutils_2.40-2_amd64.deb
|
||||
851d270e36707787ab1cd269dbd9597864feaf3f8453ecd3c426caaa56142222 libpam-modules_1.5.2-6+deb12u1_amd64.deb
|
||||
86b1f3504cf50fd4873be364c8a4e49a8c28e3442b31963a98a758135283db9d login_1%3a4.13+dfsg1-1+b1_amd64.deb
|
||||
8892669e51aab4dc56682c8e39d8ddb7d70fad83c369344e1e240bf3ca22bb76 fonts-dejavu-core_2.37-6_all.deb
|
||||
89944ee11d7370ce6ef46fc52f094c4a6512eff8943ec4c6ebefeae6360ceada libgpg-error0_1.46-1_amd64.deb
|
||||
8a2f81076419cd6b0def5cd1fac98383c85ddec1a5c388f57e8e9e2fdf491ad9 libmount1_2.38.1-5+b1_amd64.deb
|
||||
8bdfedc14c1035e3750e9f055ac9c1ecd9b5d05d9e6dc6466c4e9237eef407dd diffutils_1%3a3.8-4_amd64.deb
|
||||
8be9df5795114bfe90e2be3d208ef47a5edd3fc7b3e20d387a597486d444e5e2 libacl1_2.3.1-3_amd64.deb
|
||||
8c6d49b771530dbe26d7bd060582dc7d2b4eeb603a20789debc1ef4bbbc4ef67 patch_2.7.6-7_amd64.deb
|
||||
8cbd111e1ad1c1357afb18f916c88c7ebb8cc860b8fac04ccc66a9eefe5a53af libcbor0.8_0.8.0-2+b1_amd64.deb
|
||||
908ca1b35125f49125ae56945a72bc11ce0fcec85a8d980d10d83bb3a610f518 base-passwd_3.6.1_amd64.deb
|
||||
95224197cc1275ee3e625be4522f9d03f8fea3bd7a5d7d8f1f55ab914736b404 perl_5.36.0-7+deb12u1_amd64.deb
|
||||
95ec30140789a342add8f8371ed018924de51b539056522b66f207b25cba9cad libjpeg62-turbo_1%3a2.1.5-2_amd64.deb
|
||||
95fe4a1336532450e67bd067892f46eaa484139919ea8d067a9ffcbf5a4bf883 libgdbm6_1.23-3_amd64.deb
|
||||
96c2d796a21fdc92b4d272a550841c208e89c91ab0d54514ac28ae92da64c2c7 libc6_2.36-9+deb12u3_amd64.deb
|
||||
96f55cb5e26231d5567c89b692bced63825a14a2d5bd18fdf16ea2ed44eb9838 manpages-dev_6.03-2_all.deb
|
||||
9751239757dcc218a3cd5a5772070e33d86a8a15506fe5af8a47793d61fa2abc libcurl3-gnutls_7.88.1-10+deb12u5_amd64.deb
|
||||
983ca41d506fa159536cd584118855748763f5f5a3b5949206bee4a62ec0cbf9 libxmuu1_2%3a1.1.3-3_amd64.deb
|
||||
9840ce93b42b66c784852df07ee9131b7acab886177794a5c9ba761da9463887 libc-bin_2.36-9+deb12u3_amd64.deb
|
||||
987a848aeb1c358e4186368871b0526f10bb14c6b53214ab3bf8b69abb830191 libx11-data_2%3a1.8.4-2+deb12u2_all.deb
|
||||
98fa7a53dc565a38b65fb70422ad08001bf5361d8fbc74255280c329996a6bec libncursesw6_6.4-4_amd64.deb
|
||||
993ea623ce5b42d67f653f2faaa7ef15e7c9d72bfcb93e22a1eaff7aa3532303 libpcre3_2%3a8.39-15_amd64.deb
|
||||
9b1b269020cec6aced3b39f096f7b67edd1f0d4ab24f412cb6506d0800e19cbf libstdc++6_12.2.0-14_amd64.deb
|
||||
9b8223674661ead1836ce21966f7e4511a3a943c1b87c02ea92ec17ed2c3f2cf perl-modules-5.36_5.36.0-7+deb12u1_all.deb
|
||||
9cd87d1b0c56f34f51bcbe8bdb55ebb45dd08ce6c0c6ff2dc77378bac3f64cc0 libx265-199_3.5-2+b1_amd64.deb
|
||||
9d1d4ba9ac38a7ae48567bfbd0bec88e02a5ccd941a48a76709a131197ea6570 python3.11_3.11.2-6_amd64.deb
|
||||
9d97f27d8a8a06dd4800e8e0291337ca02e11cdfd7df09a4566a982a6d9fe4c4 dpkg_1.21.22_amd64.deb
|
||||
9e46ced911ab34dee945fbcb2720b19eef39b0ac814583b9b7bb3a36f6179524 dpkg-dev_1.21.22_all.deb
|
||||
9e6305a100f5178cc321ee33b96933a6482d11fdc22b42c0e526d6151c0c6f0f libseccomp2_2.5.4-1+b3_amd64.deb
|
||||
a0f0f3fbeb661d9bda139a54f4bd1c30aa66cd55a8fa0beb0e6bc7946e243ca1 libstdc++-12-dev_12.2.0-14_amd64.deb
|
||||
a1a83af8cbd854af887b72ad196b1f4af58387815e21ced1000253a116a46e2a make_4.3-4.1_amd64.deb
|
||||
a241c2adc7438a7e217f32544028489981768a349d3e48673392703255c7b88e libmagic1_1%3a5.44-3_amd64.deb
|
||||
a35f744972476c4b425e006d5c0752d917f3a6f48ce1268723a29e65a65b78a6 libatomic1_12.2.0-14_amd64.deb
|
||||
a3c4092d84f19d13caf90f3c96eec53db8819f0e3a5247434944d71ed75fa53d libgprofng0_2.40-2_amd64.deb
|
||||
a4d4d44b996fbb4d7b43710ec42d6ed30deefac9ed62c32ddc95d38767717ae1 krb5-locales_1.20.1-2+deb12u1_all.deb
|
||||
a520264593224df5a4e98d9e95edffa4cf420dc3af7d609c2f5776e180dbc494 bsdutils_1%3a2.38.1-5+b1_amd64.deb
|
||||
a63db920f7aa1857a57beab185423deffb6111fa09437a99bbb4ef724fb7ba78 cpp_4%3a12.2.0-3_amd64.deb
|
||||
a6b79588938ef738fe6f03582b3ca0ed4fbd4a152dbe9f960e51a0355479a117 libitm1_12.2.0-14_amd64.deb
|
||||
a72247ba64bcd1d0ace2ea8eefd7bcfaca84204def9495269526c25dd9fddc0c python3.11-minimal_3.11.2-6_amd64.deb
|
||||
a8b11a1664a998cc2499fb04327d1f6c4e8f77b78ea8b6f8418d96fc54e3731f libsqlite3-0_3.40.1-2_amd64.deb
|
||||
aaa46dcb3b39948ae2e0fdb72cfcb2f48c0b59f19785a3da8045c05eb19955dd media-types_10.0.0_all.deb
|
||||
aaf001e0d4c68f995f9efbc551d54f213122fef99b3eaf9e28286bda6c03da73 libabsl20220623_20220623.1-1_amd64.deb
|
||||
ab314134f43a0891a48f69a9bc33d825da748fa5e0ba2bebb7a5c491b026f1a0 binutils-common_2.40-2_amd64.deb
|
||||
ac48d6bfac9298843355561a14047673a9361ecff7f24cfe1da119dbf1a037e9 gpg-agent_2.2.40-1.1_amd64.deb
|
||||
b09481e7690680966005330c3f907bba4b5eefc35e1faaea4783cc55655d1150 libfaketime_0.9.10-2.1_amd64.deb
|
||||
b10102de6c5f57bd040e9ee2a5fa9a5182a769ecb56a9ac09af4ab5f38131482 libc6-dev_2.36-9+deb12u3_amd64.deb
|
||||
b1966bea9832686a0fd5ddba9787dce5816ebe02218a4a8f7472a1628d73451b libsasl2-modules_2.1.28+dfsg-10_amd64.deb
|
||||
b36fefe9867f9e59b540f952e957a72ebdc241e997179d826da19a9511ade4a3 libcap2_1%3a2.66-4_amd64.deb
|
||||
b3a0cc418526e1f9ae90ed320714cbdcf28dc252e7b5dddbf885cbe4062b3c63 gpgconf_2.2.40-1.1_amd64.deb
|
||||
b3d9529c34382cc8d2e6cc8299a18536504edbc284b9133ffbe522704865068e unzip_6.0-28_amd64.deb
|
||||
b4327c2d8e2ca92402205ac6b5845b3110fa2a1d50925c0e61c39624583a8baf perl-base_5.36.0-7+deb12u1_amd64.deb
|
||||
b4b54769c77e4a71c8b33aee4d600ba28a9994a1c6f60d55d4ebe7fc44882e07 libcap-ng0_0.8.3-1+b3_amd64.deb
|
||||
b52ffe8f80020a0df90d5fc188561010042ee8a67aae6de463d141a5fc09e1bc libksba8_1.6.3-2_amd64.deb
|
||||
b81c29562345b88b809ee63acc6ef8bb7a1c0cbde2cf5959276da8dfdd3b9c26 libheif1_1.15.1-1_amd64.deb
|
||||
b998946bb9818a97b387a962826caae33bc7fdcb6d706b2782c0470510be6b48 libsepol2_3.4-2.1_amd64.deb
|
||||
b9c15ab69bb1408136f094e593bb9bedc1dec4a830519c412a191e4ca6d1a287 libgnutls30_3.7.9-2+deb12u1_amd64.deb
|
||||
baaa4e935c5e3bcd57d4f2f4e7a1ddc67bd4eb8629d98f97a696548849ae01ac bc_1.07.1-3+b1_amd64.deb
|
||||
bad01673ba5dfb9b5db4f3ae6a71f18d492cb6801eab45ad3c7d483c0a1f6ad2 libmagic-mgc_1%3a5.44-3_amd64.deb
|
||||
bb31cc8b40f962a85b2cec970f7f79cc704a1ae4bad24257a822055404b2c60b libbsd0_0.11.7-2_amd64.deb
|
||||
bb63b0fb2797e2a3a294dab8a02614930c557ec1f4ea96637c244b8b5f87e630 gcc_4%3a12.2.0-3_amd64.deb
|
||||
bb81a188c119cd7fdebae723cbc95887b6c549b2fe4fb7e268a9c8846444da99 libnsl-dev_1.3.0-2_amd64.deb
|
||||
bbfd38de41898a06326f2a6ce4cc43e8e399f5566381231065b01d70499d5ba5 build-essential_12.9_amd64.deb
|
||||
bc62f3b366042157e9a8d00d04f1bd2e2a05e37501fc9a821883f99aa282ed77 gnupg-l10n_2.2.40-1.1_all.deb
|
||||
bcbc83f391854ea9d50ce2a4101aacf330de3b8b71d81a798faadba14a157f78 mawk_1.3.4.20200120-3.1_amd64.deb
|
||||
bfd1d89f833c09a28b062ee916495cf69649ca2bf529532476c7b69d75d24909 ncurses-base_6.4-4_all.deb
|
||||
bffcac7e4f69e39d37d4a33e841d6371ac8b5aba6cd55546b385dc7ff6c702f5 libgcrypt20_1.10.1-3_amd64.deb
|
||||
c0d83437fdb016cb289436f49f28a36be44b3e8f1f2498c7e3a095f709c0d6f8 libnsl2_1.3.0-2_amd64.deb
|
||||
c1450e3afcb821645976b0c1dc06094195d7540ac2c811924ace472303290962 usr-is-merged_35_all.deb
|
||||
c158f1d854928a91ae0cfcfbf0653083624f73d6be94005d26358ecc8edc3173 libde265-0_1.0.11-1+deb12u1_amd64.deb
|
||||
c1bac61abefa0d957394d33c02b7bfb2a3ab3ce5e6d90617c4019ddea4bdbf63 debian-archive-keyring_2023.3+deb12u1_all.deb
|
||||
c24fe4eb8e60d8632d72ed104cce7c92cff200847c897dc8ba764b6c47b519e0 adduser_3.134_all.deb
|
||||
c266adb3545b0b8ff6450dbd09f85f19361bf5bc9290ddf2e869f040cb9725b7 librav1e0_0.5.1-6_amd64.deb
|
||||
c2b3ccade855de14c6ece893a0d2bec63b0a007cbc2970af8152cf06699ccd2a libuuid1_2.38.1-5+b1_amd64.deb
|
||||
c4945123d66d0503ba42e2fc0585abc76d0838978c6d277b9cc37a4da25d1a34 libattr1_1%3a2.5.1-4_amd64.deb
|
||||
c6a494d3605341a2c909e280f81fa015a4c8df2de8624c88a712a7f98a63f057 liblsan0_12.2.0-14_amd64.deb
|
||||
ccab743f6784b4cc7bd69e1810630edaf726cd69c1e735e39a16266d470bfdc0 libapt-pkg6.0_2.6.1_amd64.deb
|
||||
cfac89e6a7a54ff3c6a4f843310e25efeddaa771baeae470bd98bd588c373563 libkeyutils1_1.6.3-2_amd64.deb
|
||||
d20a3ee34fa84ad8bd381e8be6e9c2c2ea32347cff5e1169c10e978d43f54f24 libssh2-1_1.10.0-3+b1_amd64.deb
|
||||
d3564267cef9f0162ad21b73d34b6a4302ee3a84426188168d74be737b079647 libgd3_2.3.3-9_amd64.deb
|
||||
d466bbfe011d764d793c1d9d777cad9c7cf65b938e11598f27408171ad95a951 libunistring2_1.0-2_amd64.deb
|
||||
d4b7736e58512a2b047f9cb91b71db5a3cf9d3451192fc6da044c77bf51fe869 liblzma5_5.4.1-0.2_amd64.deb
|
||||
d50716d5824083d667427817d506b45d3f59dc77e1ca52de000f3f62d4918afa libidn2-0_2.3.3-1+b1_amd64.deb
|
||||
d66fd8d7dd21a98e6a5acaa8d3fcb80b30561bb20c8e635dd6e66873abd4d40d gpg_2.2.40-1.1_amd64.deb
|
||||
d7dd1d1411fedf27f5e27650a6eff20ef294077b568f4c8c5e51466dc7c08ce4 zlib1g_1%3a1.2.13.dfsg-1_amd64.deb
|
||||
d7f79544790e44f9b0c8cb9034a18c58d37f8702a15f32539050718679e52f80 libmpc3_1.3.1-1_amd64.deb
|
||||
d88c973e79fd9b65838d77624142952757e47a6eb1a58602acf0911cf35989f4 libx11-6_2%3a1.8.4-2+deb12u2_amd64.deb
|
||||
d8e04be2cd7f8299668020b1c2a13ce07a1b79e73c901338a6fabd77ccabf004 libtsan2_12.2.0-14_amd64.deb
|
||||
da03311a716bdcb73d1a93d322901ac46dce8eac67b5ccc95a6d8b776bfb4021 libpam-runtime_1.5.2-6+deb12u1_all.deb
|
||||
dba89cd91adcb886ce1972122e55768aa3652cb562a6b26c5983c2d482a30a1e libfido2-1_1.12.0-2+b1_amd64.deb
|
||||
dc32727dca9a87ba317da7989572011669f568d10159b9d8675ed7aedd26d686 libpng16-16_1.6.39-2_amd64.deb
|
||||
e02ebbd3701cf468dbf98d6d917fbe0325e881f07fe8b316150c8d2a64486e66 libreadline8_8.2-1.3_amd64.deb
|
||||
e0f6e357f327e80f26438dcda9c9304c43e2f3343359c6a5075d0b10ddfdb05d libsvtav1enc1_1.4.1+dfsg-1_amd64.deb
|
||||
e1f69020dc2c466e421ec6a58406b643be8b5c382abf0f8989011c1d3df91c87 librtmp1_2.4+20151223.gitfa8646d.1-2+b2_amd64.deb
|
||||
e28d141cebb72f1ac1f1d0ea6528b343e41287128db3d4b217ce7790a22352cf libext2fs2_1.47.0-2_amd64.deb
|
||||
e360be5f17f9c09c8f17bae809f6c6f091c5bb6ab1a44fc33e4fb86c5e5559df libpam0g_1.5.2-6+deb12u1_amd64.deb
|
||||
e3a8e56057592c60fd8db174968e9f232f07905b79544a9e477cd48f008326b2 dirmngr_2.2.40-1.1_amd64.deb
|
||||
e46fbb519b4342c114b2fa19bcdb736e294eadc769fae75d6bc2e94a4db67f15 libubsan1_12.2.0-14_amd64.deb
|
||||
e489a9282c4b765c29d9eda7c4747e1cb58be71161012c3a57e2a8bc63dc0f5a libkrb5support0_1.20.1-2+deb12u1_amd64.deb
|
||||
ea063646d4f70d15be5ed52b67b5ac95d68dda823c60d808c7c25439c6d14e4d openssl_3.0.11-1~deb12u2_amd64.deb
|
||||
eabec1dde2834f72540d7b93fc5df2625f52611c06d93d61f5cdb12480e0e6a3 gzip_1.12-1_amd64.deb
|
||||
ecb8536f5fb34543b55bb9dc5f5b14c9dbb4150a7bddb3f2287b7cab6e9d25ef libxdmcp6_1%3a1.1.2-3_amd64.deb
|
||||
ed8185c28b2cb519744a5a462dcd720d3b332c9b88a1d0002eac06dc8550cb94 libhogweed6_3.8.1-2_amd64.deb
|
||||
ee690db978151ae372dcede4bba26c299d985046e6dc708bb907961901b73b6a libnghttp2-14_1.52.0-1+deb12u1_amd64.deb
|
||||
eec4dc9d949d2c666b1da3fa762a340e8ba10c3a04d3eed32749a97695c15641 libtasn1-6_4.19.0-2_amd64.deb
|
||||
ef1dfcf22de41ea90ebd3d505447ccccd999e96b85aa777a1d7d981dc3b347aa libctf-nobfd0_2.40-2_amd64.deb
|
||||
efa1ba4cd19ad7baeae959c9209a7eb74be2ebb858bcabb412597bfc9f588c91 manpages_6.03-2_all.deb
|
||||
f3d1d48c0599aea85b7f2077a01d285badc42998c1a1e7473935d5cf995c8141 libgcc-s1_12.2.0-14_amd64.deb
|
||||
f5f60a5cdfd4e4eaa9438ade5078a57741a7a78d659fcb0c701204f523e8bd29 libcrypt1_1%3a4.4.33-2_amd64.deb
|
||||
f9ce24cbf69957dc1851fc55adba0a60b5bc617d51587b6478f2be64786442f1 init-system-helpers_1.65.2_all.deb
|
||||
f9ce531f60cbd5df37996af9370e0171be96902a17ec2bdbd8d62038c354094f zlib1g-dev_1%3a1.2.13.dfsg-1_amd64.deb
|
||||
fa5cd07754d9a4f93e2a6f54a5b1fa160230e312121d62c0c609b6701f9b93a3 git_1%3a2.39.2-1.1_amd64.deb
|
||||
fc6a692d2f399b83ef5a7f310883286a5e4326095812d8bb934925125002981c libpam-modules-bin_1.5.2-6+deb12u1_amd64.deb
|
||||
fcf55b99e5f8a78f3c8ce9b6957f1024f394cf20c196b100d308a57e43547710 libbinutils_2.40-2_amd64.deb
|
||||
fd36d0972866adde5a52269a309fcecd76a8e45e557dd0ecd33aa221cabc2a8c libsemanage2_3.4-1+b5_amd64.deb
|
||||
fdc61332a3892168f3cc9cfa1fe9cf11a91dc3e0acacbc47cbc50ebaa234cc71 libxcb1_1.15-1_amd64.deb
|
||||
fe36a7f35361fc40d0057ef447a7302fd41d51740d51c98fb3870bbed5b96e56 libexpat1_2.5.0-1_amd64.deb
|
||||
fe524a9de7ed6b2a1465693f12d5f7be2d2d9f6d6e6bf028f17109263e173dc8 liblocale-gettext-perl_1.07-5_amd64.deb
|
|
@ -0,0 +1,13 @@
|
|||
debian-archive-keyring
|
||||
build-essential
|
||||
git
|
||||
libfaketime
|
||||
file
|
||||
wget
|
||||
cpio
|
||||
unzip
|
||||
rsync
|
||||
bc
|
||||
libncurses-dev
|
||||
python3
|
||||
libelf-dev
|
|
@ -0,0 +1,256 @@
|
|||
adduser=3.134
|
||||
apt=2.6.1
|
||||
base-files=12.4+deb12u4
|
||||
base-passwd=3.6.1
|
||||
bash=5.2.15-2+b2
|
||||
bc=1.07.1-3+b1
|
||||
binutils-common=2.40-2
|
||||
binutils-x86-64-linux-gnu=2.40-2
|
||||
binutils=2.40-2
|
||||
bsdutils=1:2.38.1-5+b1
|
||||
build-essential=12.9
|
||||
bzip2=1.0.8-5+b1
|
||||
ca-certificates=20230311
|
||||
coreutils=9.1-1
|
||||
cpio=2.13+dfsg-7.1
|
||||
cpp-12=12.2.0-14
|
||||
cpp=4:12.2.0-3
|
||||
dash=0.5.12-2
|
||||
debconf=1.5.82
|
||||
debian-archive-keyring=2023.3+deb12u1
|
||||
debianutils=5.7-0.5~deb12u1
|
||||
diffutils=1:3.8-4
|
||||
dirmngr=2.2.40-1.1
|
||||
dpkg-dev=1.21.22
|
||||
dpkg=1.21.22
|
||||
e2fsprogs=1.47.0-2
|
||||
fakeroot=1.31-1.2
|
||||
file=1:5.44-3
|
||||
findutils=4.9.0-4
|
||||
fontconfig-config=2.14.1-4
|
||||
fonts-dejavu-core=2.37-6
|
||||
g++-12=12.2.0-14
|
||||
g++=4:12.2.0-3
|
||||
gcc-12-base=12.2.0-14
|
||||
gcc-12=12.2.0-14
|
||||
gcc=4:12.2.0-3
|
||||
git-man=1:2.39.2-1.1
|
||||
git=1:2.39.2-1.1
|
||||
gnupg-l10n=2.2.40-1.1
|
||||
gnupg-utils=2.2.40-1.1
|
||||
gnupg=2.2.40-1.1
|
||||
gpg-agent=2.2.40-1.1
|
||||
gpg-wks-client=2.2.40-1.1
|
||||
gpg-wks-server=2.2.40-1.1
|
||||
gpg=2.2.40-1.1
|
||||
gpgconf=2.2.40-1.1
|
||||
gpgsm=2.2.40-1.1
|
||||
gpgv=2.2.40-1.1
|
||||
grep=3.8-5
|
||||
gzip=1.12-1
|
||||
hostname=3.23+nmu1
|
||||
init-system-helpers=1.65.2
|
||||
krb5-locales=1.20.1-2+deb12u1
|
||||
less=590-2
|
||||
libabsl20220623=20220623.1-1
|
||||
libacl1=2.3.1-3
|
||||
libalgorithm-diff-perl=1.201-1
|
||||
libalgorithm-diff-xs-perl=0.04-8+b1
|
||||
libalgorithm-merge-perl=0.08-5
|
||||
libaom3=3.6.0-1
|
||||
libapt-pkg6.0=2.6.1
|
||||
libasan8=12.2.0-14
|
||||
libassuan0=2.5.5-5
|
||||
libatomic1=12.2.0-14
|
||||
libattr1=1:2.5.1-4
|
||||
libaudit-common=1:3.0.9-1
|
||||
libaudit1=1:3.0.9-1
|
||||
libavif15=0.11.1-1
|
||||
libbinutils=2.40-2
|
||||
libblkid1=2.38.1-5+b1
|
||||
libbrotli1=1.0.9-2+b6
|
||||
libbsd0=0.11.7-2
|
||||
libbz2-1.0=1.0.8-5+b1
|
||||
libc-bin=2.36-9+deb12u3
|
||||
libc-dev-bin=2.36-9+deb12u3
|
||||
libc-devtools=2.36-9+deb12u3
|
||||
libc6-dev=2.36-9+deb12u3
|
||||
libc6=2.36-9+deb12u3
|
||||
libcap-ng0=0.8.3-1+b3
|
||||
libcap2=1:2.66-4
|
||||
libcbor0.8=0.8.0-2+b1
|
||||
libcc1-0=12.2.0-14
|
||||
libcom-err2=1.47.0-2
|
||||
libcrypt-dev=1:4.4.33-2
|
||||
libcrypt1=1:4.4.33-2
|
||||
libctf-nobfd0=2.40-2
|
||||
libctf0=2.40-2
|
||||
libcurl3-gnutls=7.88.1-10+deb12u5
|
||||
libdav1d6=1.0.0-2
|
||||
libdb5.3=5.3.28+dfsg2-1
|
||||
libde265-0=1.0.11-1+deb12u1
|
||||
libdebconfclient0=0.270
|
||||
libdeflate0=1.14-1
|
||||
libdpkg-perl=1.21.22
|
||||
libedit2=3.1-20221030-2
|
||||
libelf-dev=0.188-2.1
|
||||
libelf1=0.188-2.1
|
||||
liberror-perl=0.17029-2
|
||||
libexpat1=2.5.0-1
|
||||
libext2fs2=1.47.0-2
|
||||
libfakeroot=1.31-1.2
|
||||
libfaketime=0.9.10-2.1
|
||||
libffi8=3.4.4-1
|
||||
libfido2-1=1.12.0-2+b1
|
||||
libfile-fcntllock-perl=0.22-4+b1
|
||||
libfontconfig1=2.14.1-4
|
||||
libfreetype6=2.12.1+dfsg-5
|
||||
libgav1-1=0.18.0-1+b1
|
||||
libgcc-12-dev=12.2.0-14
|
||||
libgcc-s1=12.2.0-14
|
||||
libgcrypt20=1.10.1-3
|
||||
libgd3=2.3.3-9
|
||||
libgdbm-compat4=1.23-3
|
||||
libgdbm6=1.23-3
|
||||
libgmp10=2:6.2.1+dfsg1-1.1
|
||||
libgnutls30=3.7.9-2+deb12u1
|
||||
libgomp1=12.2.0-14
|
||||
libgpg-error0=1.46-1
|
||||
libgpm2=1.20.7-10+b1
|
||||
libgprofng0=2.40-2
|
||||
libgssapi-krb5-2=1.20.1-2+deb12u1
|
||||
libheif1=1.15.1-1
|
||||
libhogweed6=3.8.1-2
|
||||
libidn2-0=2.3.3-1+b1
|
||||
libisl23=0.25-1
|
||||
libitm1=12.2.0-14
|
||||
libjansson4=2.14-2
|
||||
libjbig0=2.1-6.1
|
||||
libjpeg62-turbo=1:2.1.5-2
|
||||
libk5crypto3=1.20.1-2+deb12u1
|
||||
libkeyutils1=1.6.3-2
|
||||
libkrb5-3=1.20.1-2+deb12u1
|
||||
libkrb5support0=1.20.1-2+deb12u1
|
||||
libksba8=1.6.3-2
|
||||
libldap-2.5-0=2.5.13+dfsg-5
|
||||
libldap-common=2.5.13+dfsg-5
|
||||
liblerc4=4.0.0+ds-2
|
||||
liblocale-gettext-perl=1.07-5
|
||||
liblsan0=12.2.0-14
|
||||
liblz4-1=1.9.4-1
|
||||
liblzma5=5.4.1-0.2
|
||||
libmagic-mgc=1:5.44-3
|
||||
libmagic1=1:5.44-3
|
||||
libmd0=1.0.4-2
|
||||
libmount1=2.38.1-5+b1
|
||||
libmpc3=1.3.1-1
|
||||
libmpfr6=4.2.0-1
|
||||
libncurses-dev=6.4-4
|
||||
libncurses6=6.4-4
|
||||
libncursesw6=6.4-4
|
||||
libnettle8=3.8.1-2
|
||||
libnghttp2-14=1.52.0-1+deb12u1
|
||||
libnpth0=1.6-3
|
||||
libnsl-dev=1.3.0-2
|
||||
libnsl2=1.3.0-2
|
||||
libnuma1=2.0.16-1
|
||||
libp11-kit0=0.24.1-2
|
||||
libpam-modules-bin=1.5.2-6+deb12u1
|
||||
libpam-modules=1.5.2-6+deb12u1
|
||||
libpam-runtime=1.5.2-6+deb12u1
|
||||
libpam0g=1.5.2-6+deb12u1
|
||||
libpcre2-8-0=10.42-1
|
||||
libpcre3=2:8.39-15
|
||||
libperl5.36=5.36.0-7+deb12u1
|
||||
libpng16-16=1.6.39-2
|
||||
libpopt0=1.19+dfsg-1
|
||||
libpsl5=0.21.2-1
|
||||
libpython3-stdlib=3.11.2-1+b1
|
||||
libpython3.11-minimal=3.11.2-6
|
||||
libpython3.11-stdlib=3.11.2-6
|
||||
libquadmath0=12.2.0-14
|
||||
librav1e0=0.5.1-6
|
||||
libreadline8=8.2-1.3
|
||||
librtmp1=2.4+20151223.gitfa8646d.1-2+b2
|
||||
libsasl2-2=2.1.28+dfsg-10
|
||||
libsasl2-modules-db=2.1.28+dfsg-10
|
||||
libsasl2-modules=2.1.28+dfsg-10
|
||||
libseccomp2=2.5.4-1+b3
|
||||
libselinux1=3.4-1+b6
|
||||
libsemanage-common=3.4-1
|
||||
libsemanage2=3.4-1+b5
|
||||
libsepol2=3.4-2.1
|
||||
libsmartcols1=2.38.1-5+b1
|
||||
libsqlite3-0=3.40.1-2
|
||||
libss2=1.47.0-2
|
||||
libssh2-1=1.10.0-3+b1
|
||||
libssl3=3.0.11-1~deb12u2
|
||||
libstdc++-12-dev=12.2.0-14
|
||||
libstdc++6=12.2.0-14
|
||||
libsvtav1enc1=1.4.1+dfsg-1
|
||||
libsystemd0=252.19-1~deb12u1
|
||||
libtasn1-6=4.19.0-2
|
||||
libtiff6=4.5.0-6+deb12u1
|
||||
libtinfo6=6.4-4
|
||||
libtirpc-common=1.3.3+ds-1
|
||||
libtirpc-dev=1.3.3+ds-1
|
||||
libtirpc3=1.3.3+ds-1
|
||||
libtsan2=12.2.0-14
|
||||
libubsan1=12.2.0-14
|
||||
libudev1=252.19-1~deb12u1
|
||||
libunistring2=1.0-2
|
||||
libuuid1=2.38.1-5+b1
|
||||
libwebp7=1.2.4-0.2+deb12u1
|
||||
libx11-6=2:1.8.4-2+deb12u2
|
||||
libx11-data=2:1.8.4-2+deb12u2
|
||||
libx265-199=3.5-2+b1
|
||||
libxau6=1:1.0.9-1
|
||||
libxcb1=1.15-1
|
||||
libxdmcp6=1:1.1.2-3
|
||||
libxext6=2:1.3.4-1+b1
|
||||
libxmuu1=2:1.1.3-3
|
||||
libxpm4=1:3.5.12-1.1+deb12u1
|
||||
libxxhash0=0.8.1-1
|
||||
libyuv0=0.0~git20230123.b2528b0-1
|
||||
libzstd1=1.5.4+dfsg2-5
|
||||
linux-libc-dev=6.1.69-1
|
||||
login=1:4.13+dfsg1-1+b1
|
||||
logsave=1.47.0-2
|
||||
make=4.3-4.1
|
||||
manpages-dev=6.03-2
|
||||
manpages=6.03-2
|
||||
mawk=1.3.4.20200120-3.1
|
||||
media-types=10.0.0
|
||||
mount=2.38.1-5+b1
|
||||
ncurses-base=6.4-4
|
||||
ncurses-bin=6.4-4
|
||||
netbase=6.4
|
||||
openssh-client=1:9.2p1-2+deb12u2
|
||||
openssl=3.0.11-1~deb12u2
|
||||
passwd=1:4.13+dfsg1-1+b1
|
||||
patch=2.7.6-7
|
||||
perl-base=5.36.0-7+deb12u1
|
||||
perl-modules-5.36=5.36.0-7+deb12u1
|
||||
perl=5.36.0-7+deb12u1
|
||||
pinentry-curses=1.2.1-1
|
||||
publicsuffix=20230209.2326-1
|
||||
python3-minimal=3.11.2-1+b1
|
||||
python3.11-minimal=3.11.2-6
|
||||
python3.11=3.11.2-6
|
||||
python3=3.11.2-1+b1
|
||||
readline-common=8.2-1.3
|
||||
rpcsvc-proto=1.4.3-1
|
||||
rsync=3.2.7-1
|
||||
sed=4.9-1
|
||||
sysvinit-utils=3.06-4
|
||||
tar=1.34+dfsg-1.2
|
||||
tzdata=2023c-5+deb12u1
|
||||
unzip=6.0-28
|
||||
usr-is-merged=35
|
||||
util-linux-extra=2.38.1-5+b1
|
||||
util-linux=2.38.1-5+b1
|
||||
wget=1.21.3-1+b2
|
||||
xauth=1:1.1.2-1
|
||||
xz-utils=5.4.1-0.2
|
||||
zlib1g-dev=1:1.2.13.dfsg-1
|
||||
zlib1g=1:1.2.13.dfsg-1
|
|
@ -0,0 +1,6 @@
|
|||
deb http://deb.debian.org/debian bookworm main
|
||||
deb http://security.debian.org/debian-security bookworm-security main
|
||||
deb http://deb.debian.org/debian bookworm-updates main
|
||||
deb [trusted=yes] http://snapshot.debian.org/archive/debian/20240125T000000Z bookworm main
|
||||
deb [trusted=yes] http://snapshot.debian.org/archive/debian-security/20240125T000000Z bookworm-security main
|
||||
deb [trusted=yes] http://snapshot.debian.org/archive/debian/20240125T000000Z bookworm-updates main
|
Binary file not shown.
|
@ -0,0 +1,16 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEzAzToO3Ax9K7Run3B88Hlc0qV+sFAmP+XQ4ACgkQB88Hlc0q
|
||||
V+v1lg/9HxgMu/SLVcDlLEi0uz21693OwEBjcxL1rRca7y4/t/upGnhu53c0gM7W
|
||||
ws+voJWWi9d8wTeuwl9yxvajdAo8I3Jw78hjXZWvqTK0CmLSSfCBTH6e7uRpvzbC
|
||||
cJrc3QiErI84TpJde4NmZpMz6oGPzp+qdoAPCvsSiS2xy97+ZGB9OIfffjmlN86L
|
||||
ZIjKCB0K2+yijB3pa/faNHv3Jv4XKliUXP+AelT0Rsw2466Bndruh63mxNjqYZiC
|
||||
54hVd46ASwhS4YDNFZVrcYJNETr52328QjhtNlPsG83E2KGp2rl9mFaiXxLQsFD0
|
||||
7j0VPIFPAqDvD7ZhAf5oTZDmo2BJYZpGTmTjBAdKDKCWySbwIEoGC65UoOY8ROXV
|
||||
uGNqf9enFzWfnwLcDiujDo3e51Dag65FnEGkUDLUo/D/2B+r9vEzesVdTuGx3Szh
|
||||
OTldUZp0ls9bCqhO4cCllZheswREbTTUUSYMYGNsRF+j6VaBR8jYa9yM4AX/Qk4N
|
||||
9cokKyUD/ci49CH8R6THliD7FtF1G+LWvgHI4ZKzrEMJGyJVTiimHX4N2BJzZtUv
|
||||
ObfCcskscf6DZxDpiFG256t2FYL3zQzNCaLj7mBpwe9NRuLwiSuHgS3udP9qossn
|
||||
6Zew0D+a9wpst1MibKMx1G6eLn24Bjly81LDvIaKPn/yRIRrVzc=
|
||||
=RJE0
|
||||
-----END PGP SIGNATURE-----
|
|
@ -1,16 +1,16 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAma0fbsACgkQjkeh7DWh
|
||||
VR0lYBAAsjKcqgoSM73lck4gSga3CWtTfZ/k7azr98HnUw5InTyTwvna2sRGL3jb
|
||||
Q0pUhrPVQVmjXSyxD/hR/uLuiAfUn2Gyhp1MZS3C7jmFcRsxCJzNbByv/2bUS2+U
|
||||
5TaCoxmM8SdxTqcBIyYylKzZ4ub0t3bCWUt2uPqdSqslgEReeqbzzE3jpmiUfmHE
|
||||
daaZhZa3iPEr7vqq00jUGFuSEdxQCQkty0nZHzfGhHwbliiUGyH6/bb+u4v5eGYH
|
||||
VEyRq0CWFgw5sywpSf3UZjR0fkd0do9z6Li1ggN2GV63I4oT3L1LltcMXtgfMp+B
|
||||
SA3gz7/mJsMqM6H2ZWqUgJAZw/mZCGStftSnOTKdyEtpzagNNeePa5f4kM1ZuHF6
|
||||
ehSl1nbnCeCPfedS8+oUm3v8qWiFLXz4tmYvBnfDWaUXIYpNOrvJPtatdinTNRfl
|
||||
nglyEt6Olc+3vEqkrEl7JFu13Gl92mbuhhelKjM/VDheHBUZ6yrso1aLbyruO+wm
|
||||
RxL3pQSCNfAnIQpSdkXga5gVvbZDDISBast3qHFuZaZFbo2p24hw0HnLAfyCrxgF
|
||||
JnN3x2qqRlTzQSrVr4EEXUwUqpt5LlnQ3kDLNVYhXuqTdmyETj1YGnAXkqV/D+Z7
|
||||
B7hlDdddXI5d0yDoYPAmF9N7XJCasdfutnO/8IfZ/eE989jYybE=
|
||||
=eruT
|
||||
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAmP5OHwACgkQjkeh7DWh
|
||||
VR08/w//ScO/qM0a8JAAsCuCXEeZIJAhkICrxOCjMl6z9KP3lU8yVU6NL/ULF9P4
|
||||
0nW5A1jnZo9PKcabV1RKFkQ/UuJdmUOuupg5JkN5X99rR/SDZ6hrsVy/tS6kjKaU
|
||||
Z9qMGlsVRYVdbBb+VKtQB1gguj04QXVD9iAFIeAeaRRNMhtqo7gMHU1cdOkB86g2
|
||||
H4w25LuxkIfRtyGlUgtBMS3MqpRiNjUSunP357VlHFBEGv4yT7CcdLK68FFd6Qzp
|
||||
U1KJja5DG68aVTHdT47LvFCKRPjyFvheA1Ok1feSnYrOqPAhzYEFuWoE+f/+/nsI
|
||||
JLqGVvPO7g40p0YXZdPWjQON4ZpcRuWG9TRg85G4WV+sQfqnDpz1i2++pb2RrOMI
|
||||
SNwUIz8zdTaWo1G+AoNfaveybk7BOlAstjDwA5SzukFNrPvBSOQpe53i+NGyTAPS
|
||||
pbKnir6IAD1QwagZOzYac6tzE4ZX2F7zmjPrwCDHGYAYuaQV+1CWiIvnN5zCjHXe
|
||||
pvl22LKwr8BDRHzmVpctdVojlkb4llrbdzq3cMZgdXasXKORD9+yuGAK5+hfekmi
|
||||
vsUMROvIp27q/eFL5fLTIP3clOo5+foWdB4cqWoS0q+5qIG3Aa0YZp9HDeI9pdjH
|
||||
W11QFp4tlrDwA0lgHdUiF4vITxDk/+qz0Hi3gKCll87cmXUufRg=
|
||||
=wZZ6
|
||||
-----END PGP SIGNATURE-----
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEiII6deyqeGsP84sUjkAUeKP773IFAma0f0IACgkQjkAUeKP7
|
||||
73I33w//SaGbbM9z8SYsWhii1SBnfs6NVQSwdBoO20C4gFdmZkPVDak3QoCAioaC
|
||||
GjlEOEDb7SXfWi3n2z72P97dswN6dG1IxQKR1N913IWzUUEXGR0phaC+o0P1/f74
|
||||
MXrcUDLwwJwZsA/0zMV6gHvONEqwgmfEO4WrEB/Ty7ueoJjsmQ2oauWytlh8CVDR
|
||||
3HFwiVoAjRC2d0vKj0eL2n9pNQNEYKb+oJ/gq3sk2L8qPs1vThQguHADvqmi6V3w
|
||||
+4tZqviksPXb+sve3VTsKFDbd5AXvcRY4TbPawQ5W7Aa6iK9W/yA10+zXvcHoGrA
|
||||
6iMR94yI9eprBkqoeoxr2MHPk+8d9xXB16hY/h+OCPibkFFfPST9GDFcp0nk1JFH
|
||||
b0bbpanBsxwN3IxTAL0a7iD2nxftZHjgiZib1lhdhLg35o9iou1V0fRPwdjepS3o
|
||||
2TBvKhtNncUW/87ZhxhdkTI/iUvS0iem3KHUQXkM+ziOC5zGf+PYvMCuy2P0oSei
|
||||
731aVOgxKbpEZHY0pTkuqG7U4+RWZ+KJEnxETcZWoCeY9DW/u2Dx5hukeZJbvmUo
|
||||
111vBoziyocgKvKi5S3ctZaAwm2wNsE0TU/o5u9+Q5ST1wgsKJF+F0laCUQcDPwM
|
||||
UyM5VznH31pChrlzRiUcsm0lMvDkx+JfTSBPOgzABMAcQ3YuTSk=
|
||||
=e+q6
|
||||
-----END PGP SIGNATURE-----
|
|
@ -1,2 +1,2 @@
|
|||
fe92783ef775ccc5e32baefb26f951b7f37ed26ecbb4601a068e20b31bebadbb airgap.iso
|
||||
b714c963bd8b1f3a38295821f0a3521bc64f97c1023c49d22a2e7433385b1a09 release.env
|
||||
5b830f69691a96deb50caa68b69b7a6bb34a0af8c55a0d7dd21c1771683f96e1 airgap.iso
|
||||
89695f9584b98adea86887de56774b8747c4f36092611c31da367a63f072954d release.env
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
VERSION=2024.8.1
|
||||
GIT_REF=ea623cc147741b0a753ce4ea7aabe512df9a2ef9
|
||||
VERSION=2023.02.24
|
||||
GIT_REF=2376bc53dc4609ad0bff55e0b3365891db6fbeea
|
||||
GIT_AUTHOR=Lance R. Vick
|
||||
GIT_PUBKEY=6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||
GIT_TIMESTAMP=2024-08-08 00:34:41 -0700
|
||||
GIT_KEY=6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||
GIT_TIMESTAMP=2023-02-24 13:31:37 -0800
|
||||
|
|
|
@ -1,55 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
DAEMON="syslogd"
|
||||
PIDFILE="/var/run/$DAEMON.pid"
|
||||
|
||||
SYSLOGD_ARGS=""
|
||||
|
||||
# shellcheck source=/dev/null
|
||||
[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
|
||||
|
||||
# BusyBox' syslogd does not create a pidfile, so pass "-n" in the command line
|
||||
# and use "-m" to instruct start-stop-daemon to create one.
|
||||
start() {
|
||||
printf 'Starting %s: ' "$DAEMON"
|
||||
# shellcheck disable=SC2086 # we need the word splitting
|
||||
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/sbin/$DAEMON" \
|
||||
-- -n $SYSLOGD_ARGS
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
stop() {
|
||||
printf 'Stopping %s: ' "$DAEMON"
|
||||
start-stop-daemon -K -q -p "$PIDFILE"
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
rm -f "$PIDFILE"
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
sleep 1
|
||||
start
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start|stop|restart)
|
||||
"$1";;
|
||||
reload)
|
||||
# Restart, since there is no true "reload" feature.
|
||||
restart;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|reload}"
|
||||
exit 1
|
||||
esac
|
|
@ -1,55 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
DAEMON="klogd"
|
||||
PIDFILE="/var/run/$DAEMON.pid"
|
||||
|
||||
KLOGD_ARGS=""
|
||||
|
||||
# shellcheck source=/dev/null
|
||||
[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
|
||||
|
||||
# BusyBox' klogd does not create a pidfile, so pass "-n" in the command line
|
||||
# and use "-m" to instruct start-stop-daemon to create one.
|
||||
start() {
|
||||
printf 'Starting %s: ' "$DAEMON"
|
||||
# shellcheck disable=SC2086 # we need the word splitting
|
||||
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/sbin/$DAEMON" \
|
||||
-- -n $KLOGD_ARGS
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
stop() {
|
||||
printf 'Stopping %s: ' "$DAEMON"
|
||||
start-stop-daemon -K -q -p "$PIDFILE"
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
rm -f "$PIDFILE"
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
sleep 1
|
||||
start
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start|stop|restart)
|
||||
"$1";;
|
||||
reload)
|
||||
# Restart, since there is no true "reload" feature.
|
||||
restart;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|reload}"
|
||||
exit 1
|
||||
esac
|
|
@ -1,94 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# This script is used by busybox and procps-ng.
|
||||
#
|
||||
# With procps-ng, the "--system" option of sysctl also enables "--ignore", so
|
||||
# errors are not reported via syslog. Use the run_logger function to mimic the
|
||||
# --system behavior, still reporting errors via syslog. Users not interested
|
||||
# on error reports can add "-e" to SYSCTL_ARGS.
|
||||
#
|
||||
# busybox does not have a "--system" option neither reports errors via syslog,
|
||||
# so the scripting provides a consistent behavior between the implementations.
|
||||
# Testing the busybox sysctl exit code is fruitless, as at the moment, since
|
||||
# its exit status is zero even if errors happen. Hopefully this will be fixed
|
||||
# in a future busybox version.
|
||||
|
||||
PROGRAM="sysctl"
|
||||
|
||||
SYSCTL_ARGS=""
|
||||
|
||||
# shellcheck source=/dev/null
|
||||
[ -r "/etc/default/$PROGRAM" ] && . "/etc/default/$PROGRAM"
|
||||
|
||||
# Files are read from directories in the SYSCTL_SOURCES list, in the given
|
||||
# order. A file may be used more than once, since there can be multiple
|
||||
# symlinks to it. No attempt is made to prevent this.
|
||||
SYSCTL_SOURCES="/etc/sysctl.d/ /usr/local/lib/sysctl.d/ /usr/lib/sysctl.d/ /lib/sysctl.d/ /etc/sysctl.conf"
|
||||
|
||||
# If the logger utility is available all messages are sent to syslog, except
|
||||
# for the final status. The file redirections do the following:
|
||||
#
|
||||
# - stdout is redirected to syslog with facility.level "kern.info"
|
||||
# - stderr is redirected to syslog with facility.level "kern.err"
|
||||
# - file dscriptor 4 is used to pass the result to the "start" function.
|
||||
#
|
||||
run_logger() {
|
||||
# shellcheck disable=SC2086 # we need the word splitting
|
||||
find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \
|
||||
xargs -0 -r -n 1 readlink -f | {
|
||||
prog_status="OK"
|
||||
while :; do
|
||||
read -r file || {
|
||||
echo "$prog_status" >&4
|
||||
break
|
||||
}
|
||||
echo "* Applying $file ..."
|
||||
/sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL"
|
||||
done 2>&1 >&3 | /usr/bin/logger -t sysctl -p kern.err
|
||||
} 3>&1 | /usr/bin/logger -t sysctl -p kern.info
|
||||
}
|
||||
|
||||
# If logger is not available all messages are sent to stdout/stderr.
|
||||
run_std() {
|
||||
# shellcheck disable=SC2086 # we need the word splitting
|
||||
find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \
|
||||
xargs -0 -r -n 1 readlink -f | {
|
||||
prog_status="OK"
|
||||
while :; do
|
||||
read -r file || {
|
||||
echo "$prog_status" >&4
|
||||
break
|
||||
}
|
||||
echo "* Applying $file ..."
|
||||
/sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL"
|
||||
done
|
||||
}
|
||||
}
|
||||
|
||||
if [ -x /usr/bin/logger ]; then
|
||||
run_program="run_logger"
|
||||
else
|
||||
run_program="run_std"
|
||||
fi
|
||||
|
||||
start() {
|
||||
printf '%s %s: ' "$1" "$PROGRAM"
|
||||
status=$("$run_program" 4>&1)
|
||||
echo "$status"
|
||||
if [ "$status" = "OK" ]; then
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
start "Running";;
|
||||
restart|reload)
|
||||
start "Rerunning";;
|
||||
stop)
|
||||
:;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|reload}"
|
||||
exit 1
|
||||
esac
|
|
@ -1,24 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
printf "Populating %s using udev: " "${udev_root:-/dev}"
|
||||
[ -e /proc/sys/kernel/hotplug ] && printf '\000\000\000\000' > /proc/sys/kernel/hotplug
|
||||
/sbin/udevd -d || { echo "FAIL"; exit 1; }
|
||||
udevadm trigger --type=subsystems --action=add
|
||||
udevadm trigger --type=devices --action=add
|
||||
udevadm settle --timeout=30 || echo "udevadm settle failed"
|
||||
echo "done"
|
||||
;;
|
||||
stop)
|
||||
# Stop execution of events
|
||||
udevadm control --stop-exec-queue
|
||||
killall udevd
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
|
@ -1,20 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
/usr/sbin/pcscd -d || { echo "FAIL"; exit 1; }
|
||||
killall pcscd
|
||||
/usr/sbin/pcscd -d || { echo "FAIL"; exit 1; }
|
||||
echo "done"
|
||||
;;
|
||||
stop)
|
||||
# Stop execution of events
|
||||
killall pcscd
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
|
@ -1,70 +0,0 @@
|
|||
#! /bin/sh
|
||||
#
|
||||
# Preserve the random seed between reboots. See urandom(4).
|
||||
#
|
||||
|
||||
# Quietly do nothing if /dev/urandom does not exist
|
||||
[ -c /dev/urandom ] || exit 0
|
||||
|
||||
URANDOM_SEED="/var/lib/random-seed"
|
||||
|
||||
# shellcheck source=/dev/null
|
||||
[ -r "/etc/default/urandom" ] && . "/etc/default/urandom"
|
||||
|
||||
if pool_bits=$(cat /proc/sys/kernel/random/poolsize 2> /dev/null); then
|
||||
pool_size=$((pool_bits/8))
|
||||
else
|
||||
pool_size=512
|
||||
fi
|
||||
|
||||
init_rng() {
|
||||
[ -f "$URANDOM_SEED" ] || return 0
|
||||
printf 'Initializing random number generator: '
|
||||
dd if="$URANDOM_SEED" bs="$pool_size" of=/dev/urandom count=1 2> /dev/null
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
save_random_seed() {
|
||||
printf 'Saving random seed: '
|
||||
status=1
|
||||
if touch "$URANDOM_SEED.new" 2> /dev/null; then
|
||||
old_umask=$(umask)
|
||||
umask 077
|
||||
dd if=/dev/urandom of="$URANDOM_SEED.tmp" bs="$pool_size" count=1 2> /dev/null
|
||||
cat "$URANDOM_SEED" "$URANDOM_SEED.tmp" 2>/dev/null \
|
||||
| sha256sum \
|
||||
| cut -d ' ' -f 1 > "$URANDOM_SEED.new" && \
|
||||
mv "$URANDOM_SEED.new" "$URANDOM_SEED" && status=0
|
||||
rm -f "$URANDOM_SEED.tmp"
|
||||
umask "$old_umask"
|
||||
if [ "$status" -eq 0 ]; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
|
||||
else
|
||||
echo "SKIP (read-only file system detected)"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start|restart|reload)
|
||||
# Carry a random seed from start-up to start-up
|
||||
# Load and then save the whole entropy pool
|
||||
init_rng && save_random_seed;;
|
||||
stop)
|
||||
# Carry a random seed from shut-down to start-up
|
||||
# Save the whole entropy pool
|
||||
save_random_seed;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|reload}"
|
||||
exit 1
|
||||
esac
|
|
@ -1,27 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
|
||||
# Stop all init scripts in /etc/init.d
|
||||
# executing them in reversed numerical order.
|
||||
#
|
||||
for i in $(ls -r /etc/init.d/S??*) ;do
|
||||
|
||||
# Ignore dangling symlinks (if any).
|
||||
[ ! -f "$i" ] && continue
|
||||
|
||||
case "$i" in
|
||||
*.sh)
|
||||
# Source shell script for speed.
|
||||
(
|
||||
trap - INT QUIT TSTP
|
||||
set stop
|
||||
. $i
|
||||
)
|
||||
;;
|
||||
*)
|
||||
# No sh extension, so fork subprocess.
|
||||
$i stop
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
|
||||
# Start all init scripts in /etc/init.d
|
||||
# executing them in numerical order.
|
||||
#
|
||||
for i in /etc/init.d/S??* ;do
|
||||
|
||||
# Ignore dangling symlinks (if any).
|
||||
[ ! -f "$i" ] && continue
|
||||
|
||||
case "$i" in
|
||||
*.sh)
|
||||
# Source shell script for speed.
|
||||
(
|
||||
trap - INT QUIT TSTP
|
||||
set start
|
||||
. $i
|
||||
)
|
||||
;;
|
||||
*)
|
||||
# No sh extension, so fork subprocess.
|
||||
$i start
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
#!/bin/sh
|
||||
exec /bin/init
|
|
@ -1,15 +0,0 @@
|
|||
KERNEL!="mmcblk[0-9]p[0-9]|sd[a-z][0-9]", GOTO="automount_end"
|
||||
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="automount_end"
|
||||
IMPORT{program}="/sbin/blkid -o udev -p %N"
|
||||
|
||||
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"
|
||||
ENV{ID_FS_LABEL}=="", ENV{dir_name}="%k"
|
||||
|
||||
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
|
||||
ACTION=="add", ENV{ID_FS_TYPE}=="vfat", ENV{mount_options}="relatime,utf8,flush,user,umask=0000"
|
||||
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"
|
||||
ACTION=="add", RUN+="/usr/local/bin/autorun /media/%E{dir_name}"
|
||||
|
||||
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"
|
||||
|
||||
LABEL="automount_end"
|
|
@ -1,28 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
source /etc/profile
|
||||
|
||||
folder=${1?}
|
||||
|
||||
if [ "$folder" == "/media/USER" ] && [ -f "${folder}/autorun.sh" ]; then
|
||||
if touch "${folder}/.write_test" 2>/dev/null; then
|
||||
echo "!! Autorun: Read-only verification failed for /media/USER" >/dev/console
|
||||
exit 1;
|
||||
else
|
||||
echo "" >/dev/console
|
||||
echo "++ Autorun: Found /media/USER/autorun.sh" >/dev/console;
|
||||
echo "** Autorun: Executing /media/USER/autorun.sh" >/dev/console
|
||||
/bin/bash "/media/USER/autorun.sh" >/dev/console
|
||||
fi
|
||||
elif [ -f "${folder}/autorun.sh.asc" ]; then
|
||||
echo "" >/dev/console
|
||||
echo "++ Autorun: Found ${folder}/autorun.sh" >/dev/console;
|
||||
gpg --verify "${folder}/autorun.sh.asc" >/dev/null 2>&1 || {
|
||||
echo "!! Autorun: Verification Failed for ${folder}/autorun.sh" \
|
||||
>/dev/console;
|
||||
exit 1;
|
||||
}
|
||||
echo "++ Autorun: Verified ${folder}/autorun.sh" >/dev/console
|
||||
echo "** Autorun: Executing ${folder}/autorun.sh" >/dev/console
|
||||
/bin/bash "${folder}/autorun.sh" >/dev/console
|
||||
fi
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo "Autorun.sh executed"
|
|
@ -0,0 +1,65 @@
|
|||
#!/bin/bash
|
||||
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
|
||||
set -e; source environment
|
||||
|
||||
build_dir="${BUILD_DIR?}"
|
||||
audit_dir="${BUILD_DIR?}/audit"
|
||||
buildroot_dir="${build_dir}/buildroot"
|
||||
heads_dir="${build_dir}/heads"
|
||||
|
||||
mkdir -p ${audit_dir}
|
||||
|
||||
printf "Generating container package vulnerability stats... "
|
||||
debsecan \
|
||||
--suite $(lsb_release --codename --short) \
|
||||
--format detail \
|
||||
> ${audit_dir}/container_package_cves.txt
|
||||
container_package_cves="$( \
|
||||
cat ${audit_dir}/container_package_cves.txt | grep CVE | wc -l \
|
||||
)"
|
||||
echo "done"
|
||||
|
||||
printf "Generating target OS source tar hashes... "
|
||||
openssl sha256 -r ${buildroot_dir}/dl/*/*.tar.* \
|
||||
> ${audit_dir}/os_src_hashes.txt
|
||||
echo "done"
|
||||
|
||||
printf "Generating firmware source tar hashes... "
|
||||
openssl sha256 -r ${heads_dir}/packages/* \
|
||||
> ${audit_dir}/fw_src_hashes.txt
|
||||
echo "done"
|
||||
|
||||
printf "Generating combined/uniqued source tar hashes... "
|
||||
cat ${audit_dir}/os_src_hashes.txt \
|
||||
${audit_dir}/fw_src_hashes.txt \
|
||||
| sed 's/ .*\// /g' \
|
||||
| awk '{ t = $1; $1 = $2; $2 = t; print;}' \
|
||||
| sort \
|
||||
| uniq \
|
||||
> ${audit_dir}/all_hashes.txt
|
||||
echo "done"
|
||||
|
||||
printf "Generating buildroot package stats... "
|
||||
( cd ${buildroot_dir} \
|
||||
&& support/scripts/pkg-stats --json ${audit_dir}/pkg-stats.json \
|
||||
> /dev/null 2>&1
|
||||
)
|
||||
target_os_source_cves=$( \
|
||||
cat build/audit/pkg-stats.json | jq '.stats["total-cves"]' \
|
||||
)
|
||||
echo "done"
|
||||
|
||||
printf "Generating license usage reports... "
|
||||
( cd ${buildroot_dir} && make legal-info > /dev/null 2>&1 )
|
||||
cp -R ${buildroot_dir}/output/legal-info ${audit_dir}/legal-info
|
||||
echo "done"
|
||||
echo "------------------------------------------------"
|
||||
echo "Wrote: build/audit/container_package_cves.txt"
|
||||
echo "Wrote: build/audit/os_src_hashes.txt"
|
||||
echo "Wrote: build/audit/fw_src_hashes.txt"
|
||||
echo "Wrote: build/audit/all_hashes.txt"
|
||||
echo "Wrote: build/audit/pkg-stats.json"
|
||||
echo "Wrote: build/audit/legal-info"
|
||||
echo "------------------------------------------------"
|
||||
echo "Build container package CVEs: ${container_package_cves}"
|
||||
echo "Target OS source CVEs: ${target_os_source_cves}"
|
|
@ -0,0 +1 @@
|
|||
Subproject commit ca3e7960ea2abb9e448610c633dc92d7786ce8ab
|
Loading…
Reference in New Issue