Compare commits

..

1 Commits

Author SHA1 Message Date
Ryan Heywood e1504570e6
update buildroot: first steps, WIP 2024-01-25 03:38:12 -05:00
57 changed files with 11767 additions and 858 deletions

1
.gitattributes vendored
View File

@ -1,2 +1 @@
dist/*.iso filter=lfs diff=lfs merge=lfs -text
dist/airgap.iso filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored
View File

@ -1,4 +1,3 @@
cache/
out/
out*/
.*

3
.gitmodules vendored
View File

@ -0,0 +1,3 @@
[submodule "src/toolchain"]
path = src/toolchain
url = https://codeberg.org/distrust/toolchain

View File

@ -1,236 +0,0 @@
FROM stagex/alsa-lib:sx2024.09.0@sha256:a41b481187f76c1e9ed4e237977f4892c1507a3b8f8f6736ff3fdd5144bd2afb AS alsa-lib
FROM stagex/bash:sx2024.09.0@sha256:cb58f55d268fbe7ef629cda86e3a8af893066e4af7f26ef54748b6ad47bdaa66 AS bash
FROM stagex/bc:sx2024.09.0@sha256:039cc5ac357a17d6374445fe4eed1dac15cc72f615bd9657c17e2c3904d42b62 AS bc
FROM stagex/busybox:sx2024.09.0@sha256:d34bfa56566aa72d605d6cbdc154de8330cf426cfea1bc4ba8013abcac594395 AS busybox
FROM stagex/ccid:sx2024.09.0@sha256:3225dc4a6a1af5f828854157a6b16eb09a0b0f7ebe9d9ee34030afe3966afad1 AS ccid
FROM stagex/cpio:sx2024.09.0@sha256:abccb58edb5f1f31b3b9c8b61cffa10cd56de3307e337335927b8df4d9112d24 AS cpio
FROM stagex/curl:sx2024.09.0@sha256:8e5705a77a76c92d058e016184dabd0c4fa2f6117021cc5ff55df35f654cb158 AS curl
FROM stagex/dtc:sx2024.09.0@sha256:57f8aaa94059c43081b32fccb473ebd2c0cf16878dcf0e24e0e56c910467e93a AS dtc
FROM stagex/eudev:sx2024.09.0@sha256:7da7aed7ea7eb73bda86e206e765bdc8e6367c2c2ae535ccd68c7c1b0a936611 AS eudev
FROM stagex/flashtools:sx2024.09.0@sha256:4e61cc6f0af9aa6116bb93f048c20d00026d75c27dc52b7e8604f0e340c55b80 AS flashtools
FROM stagex/gcc:sx2024.09.0@sha256:439bf36289ef036a934129d69dd6b4c196427e4f8e28bc1a3de5b9aab6e062f0 AS gcc
FROM stagex/glib:sx2024.09.0@sha256:d280c18f8b52ce21a26924b0cb1bfb69ea6508b57db73efe22401572e71dbe84 AS glib
FROM stagex/gpg:sx2024.09.0@sha256:f63555b39740db63b34c06894a4a9d5e125d04f5d51e799909d06c490e8ecd42 AS gpg
FROM stagex/grub:sx2024.09.0@sha256:a14c60f152c759185e5702e910053cb5c0d9eee11f43d8d5d40a84123aece9fd AS grub
FROM stagex/ipxe:sx2024.09.0@sha256:5791d9b42c7e9099a0180c4fe6cc4b8e9afc9e6b9ec392099c65c53b71db7908 AS ipxe
FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq
FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq
FROM stagex/keyfork:sx2024.09.0@sha256:2288c1d769a0c3c535835019ad4919cc45b094492b5aa959a0eaf1e883a96214 AS keyfork
FROM stagex/libaio:sx2024.09.0@sha256:c8d6dd6f3e6fbda73ac0620b2bc4b4cfe6fa504bf7a17eee3bb56e286c394b8b AS libaio
FROM stagex/libassuan:sx2024.09.0@sha256:1f31e888ab3f02634009d1a38acca9f25deb827432eb91392e21fd75128a44aa AS libassuan
FROM stagex/libffi:sx2024.09.0@sha256:ab647ebf8464e00cde623f86f716e7f50ce82c30eafde813b7977d917ff7143a AS libffi
FROM stagex/libgcrypt:sx2024.09.0@sha256:49c84a586969ff625b3304dcf8905a98db0da36fb8704e3d7a0771d271509b68 AS libgcrypt
FROM stagex/libgpg-error:sx2024.09.0@sha256:11c17c1ac41f36c85e538bd34a0095a9f17e116f61c38d560350c02a6929e55a AS libgpg-error
FROM stagex/libksba:sx2024.09.0@sha256:2913b382fdb76f02f9d78ee162066e04953ba782b8f722145111617a842f40a3 AS libksba
FROM stagex/libqrencode:sx2024.09.0@sha256:8c0f523bdf8d315e7b67cadd584e23d22a316dd1973232d49603e127717e4d1a AS libqrencode
FROM stagex/libseccomp:sx2024.09.0@sha256:f48d783989da9d509cc6b4c12ec34e14074ffc1ab7a4f2d1e322c417d967e12f AS libseccomp
FROM stagex/libslirp:sx2024.09.0@sha256:9dfb87e4a0adba80b862ce6b96112d96f509ffbca25bb71c60ba5bb5693b481d AS libslirp
FROM stagex/libtpms:sx2024.09.0@sha256:d909a55137d0bf4a76331c2bf0358ee192d6c93ad77a5099af09ce1bcca2a6cd AS libtpms
FROM stagex/libusb:sx2024.09.0@sha256:6c0dcf2b9519b1a41066ad71d3b597e9dae84fb73e5d031a3bdd2eb40f78ef94 AS libusb
FROM stagex/libzstd:sx2024.09.0@sha256:a055f8cd6e11b0b8836b2e5e1d755f672edbd344a4f4b5aba94919a6511be4c3 AS libzstd
FROM stagex/linux-airgap:sx2024.09.0@sha256:efb98b59ab37a7e33db423eda7a49bb7273b087838fda8098ce6736a0860fc73 AS linux-airgap
FROM stagex/lzo:sx2024.09.0@sha256:09c60840e3e3e5835ec027c21283febc9f8cf53ab887576fbe9c38dbdbdfd571 AS lzo
FROM stagex/mtools:sx2024.09.0@sha256:c83f7aebce9076903dbf1082aac981d3c0950d9e8952a900e5e072e2a811cda7 AS mtools
FROM stagex/musl:sx2024.09.0@sha256:ad351b875f26294562d21740a3ee51c23609f15e6f9f0310e0994179c4231e1d AS musl
FROM stagex/npth:sx2024.09.0@sha256:21d50ec1421fe75af4bea240d76022ddb8c114fd2805bfeb06fb938e5a58fc0d AS npth
FROM stagex/numactl:sx2024.09.0@sha256:39e667b966a443f42e1c7a8c944203945bd1808ce759df1706bb3b93b0b674c2 AS numactl
FROM stagex/openpgp-card-tools:sx2024.09.0@sha256:56d4696d111b309e536f1b70980db7098cd7823005432e4130432cb2f625cf9f AS openpgp-card-tools
FROM stagex/opensc:sx2024.09.0@sha256:5117a9d39d3b77655b29bf661d9e04eea2001a5b033b2fd6b4297048330ff6e7 AS opensc
FROM stagex/openssl:sx2024.09.0@sha256:2c1a9d8fcc6f52cb11a206f380b17d74c1079f04cbb08071a4176648b4df52c1 AS openssl
FROM stagex/pcsc-lite:sx2024.09.0@sha256:4fe37671197ac768637e95f7395ae1a18412b3f42359d0c0aa9f4e7f684aef4e AS pcsc-lite
FROM stagex/pcsc-tools:sx2024.09.0@sha256:05046ca5d41a09163eda26785563fd98f0cb1179030c3f4ee3243997a907bb96 AS pcsc-tools
FROM stagex/qemu:sx2024.09.0@sha256:c9b099bc7d810a581e0e0f68061dd525d7efdb5334d119b4253249a459bd907e AS qemu
FROM stagex/seabios:sx2024.09.0@sha256:f4e535fb1bfc2c7ae1756cdaa2404b1572f6ad195ceabba90d87ed0599fd97d7 AS seabios
FROM stagex/sops:sx2024.09.0@sha256:c742fb1f0c5a4f9d9bc9afc37ba686b247d2b17d55d179409d33736b43c9aaa5 AS sops
FROM stagex/swtpm:sx2024.09.0@sha256:c47fb2c4d8690936b4adef832a3f354231bb5a04206bf2fb565218034ce27792 AS swtpm
FROM stagex/syslinux:sx2024.09.0@sha256:a41388558d7f6d9a29847ee2ff5507ab3100bfe9032ef3b99a3d783ad60ed390 AS syslinux
FROM stagex/tpm2-tools:sx2024.09.0@sha256:c2fc693ec68a9d097151e5b3dd5b923f0dcc35fd4e0624b91ade3bf21367162c AS tpm2-tools
FROM stagex/tpm2-tss:sx2024.09.0@sha256:a8bf8c0973e1b5ba62ce5034a6230684ebe5a142da275d09e81fa2f2f9c87411 AS tpm2-tss
FROM stagex/util-linux:sx2024.09.0@sha256:7e3f3c1e748f5c216503e69b9f8f2e9f8084ec675fb29b23f3a6f0ed3b20c54a AS util-linux
FROM stagex/xorriso:sx2024.09.0@sha256:2205a8f53d4fc569880c311061daa085f40c62b2fd94d556e72bd31b4df9e63a AS xorriso
FROM stagex/xz:sx2024.09.0@sha256:b57c5e6144117bc0124855e9538e60c302cc7bf53fafb53e2eef3434015366f1 AS xz
FROM stagex/yq:sx2024.09.0@sha256:bd6882f0f3ea664e9de6cf732cef2fa2781fc2852f5e6502a6aea1e63eb9708b AS yq
FROM stagex/zlib:sx2024.09.0@sha256:96b4100550760026065dac57148d99e20a03d17e5ee20d6b32cbacd61125dbb6 AS zlib
FROM scratch AS base
ARG VERSION development
ARG GIT_TIMESTAMP null
ARG GIT_AUTHOR null
ARG GIT_REF null
ARG GIT_PUBKEY null
COPY --from=busybox . /
COPY --from=musl . /
COPY --from=xorriso . /
COPY --from=cpio . /
COPY --from=mtools . /
COPY --from=xz . /
COPY --from=grub . /
FROM base as dev
COPY --from=gcc . /
COPY --from=glib . /
COPY --from=alsa-lib . /
COPY --from=lzo . /
COPY --from=dtc . /
COPY --from=zlib . /
COPY --from=numactl . /
COPY --from=libaio . /
COPY --from=libseccomp . /
COPY --from=libffi . /
COPY --from=libzstd . /
COPY --from=libslirp . /
COPY --from=seabios . /
COPY --from=ipxe . /
COPY --from=qemu . /
COPY --from=swtpm . /
COPY --from=openssl . /
COPY --from=curl . /
COPY --from=libtpms . /
COPY --from=tpm2-tss . /
COPY --from=tpm2-tools . /
FROM base AS build
## Kernel
COPY --from=linux-airgap /bzImage iso/boot/vmlinuz
## Initramfs
COPY --from=busybox . initramfs
COPY --from=eudev . initramfs
COPY --from=musl . initramfs
COPY --from=zlib . initramfs
COPY --from=npth . initramfs
COPY --from=libksba . initramfs
COPY --from=libgpg-error . initramfs
COPY --from=libassuan . initramfs
COPY --from=libgcrypt . initramfs
COPY --from=keyfork . initramfs
COPY --from=bash . initramfs
COPY --from=gpg . initramfs
COPY --from=jq . initramfs
COPY --from=yq . initramfs
COPY --from=bc . initramfs
COPY --from=flashtools . initramfs
COPY --from=curl . initramfs
COPY --from=tpm2-tools . initramfs
COPY --from=tpm2-tss . initramfs
COPY --from=openssl . initramfs
COPY --from=libusb . initramfs
COPY --from=ccid . initramfs
COPY --from=pcsc-lite . initramfs
COPY --from=pcsc-tools . initramfs
COPY --from=openpgp-card-tools . initramfs
COPY --from=libqrencode . initramfs
COPY --from=opensc . initramfs
COPY --from=util-linux . initramfs
COPY --from=sops . initramfs
COPY rootfs/ initramfs
COPY <<-EOF initramfs/etc/environment
export VERSION="$VERSION"
export GIT_TIMESTAMP="$GIT_TIMESTAMP"
export GIT_AUTHOR="$GIT_AUTHOR"
export GIT_REF="$GIT_REF"
export GIT_PUBKEY="$GIT_PUBKEY"
EOF
RUN <<-EOF
set -eux
cd initramfs
find . -exec touch -hcd "@0" "{}" +
find . -print0 \
| sort -z \
| cpio \
--null \
--create \
--verbose \
--reproducible \
--format=newc \
| gzip --best \
> ../iso/boot/initramfs
EOF
## Grub (EFI Boot)
COPY config/grub.cfg iso/boot/grub/grub.cfg
COPY config/grub_early.cfg grub_early.cfg
RUN <<-EOF
set -eux
mkdir -p efi/boot
grub-mkimage \
--config="grub_early.cfg" \
--prefix="/boot/grub" \
--output="efi/boot/bootx64.efi" \
--format="x86_64-efi" \
--compression="xz" \
all_video \
disk \
part_gpt \
part_msdos \
linux \
normal \
configfile \
search \
search_label \
efi_gop \
fat \
iso9660 \
gzio \
serial \
terminal
find efi -exec touch -hcd "@0" "{}" +
mformat -i iso/boot/grub/efi.img -C -f 1440 -N 0 ::
mcopy -i iso/boot/grub/efi.img -ms efi ::
touch -md "@0" iso/boot/grub/efi.img
EOF
## Syslinux (BIOS Boot)
COPY config/syslinux.cfg iso/boot/syslinux/
COPY --from=syslinux \
/usr/share/syslinux/isohdpfx.bin \
/usr/share/syslinux/isolinux.bin \
/usr/share/syslinux/ldlinux.c32 \
/usr/share/syslinux/libutil.c32 \
/usr/share/syslinux/libcom32.c32 \
/usr/share/syslinux/mboot.c32 \
iso/boot/syslinux/
## Build Hybrid EFI/BIOS ISO
FROM build AS install
ENV SOURCE_DATE_EPOCH=1
RUN <<-EOF
set -eux
dd if=/dev/zero bs=1M count=10 >> user.img
mformat -v user -i user.img -N 0 ::
find iso -exec touch -hcd "@0" "{}" +
xorrisofs \
-output airgap.iso \
-full-iso9660-filenames \
-joliet \
-rational-rock \
-sysid LINUX \
-volid "airgap" \
-isohybrid-mbr iso/boot/syslinux/isohdpfx.bin \
-eltorito-boot boot/syslinux/isolinux.bin \
-eltorito-catalog boot/syslinux/boot.cat \
-no-emul-boot \
-boot-load-size 4 \
-boot-info-table \
-eltorito-alt-boot \
-e boot/grub/efi.img \
-no-emul-boot \
-isohybrid-gpt-basdat \
-follow-links \
-append_partition 3 0xb user.img \
iso/
EOF
## Minimal Autorun SD card image
COPY sdcard sdcard
RUN <<-EOF
set -eux
dd if=/dev/zero of=sdcard.img bs=1M count=32
mformat -v external -i sdcard.img ::
mcopy -i sdcard.img -s sdcard/* ::
EOF
FROM scratch AS package
COPY --from=install /sdcard.img /
COPY --from=install /airgap.iso /

167
Makefile
View File

@ -1,86 +1,21 @@
VERSION := development
GIT_REF := $(shell git log -1 --format=%H)
GIT_AUTHOR := $(shell git log -1 --format=%an)
GIT_PUBKEY := $(shell git log -1 --format=%GP)
GIT_TIMESTAMP := $(shell git log -1 --format=%cd --date=iso)
export
## Use env vars from latest release when reproducing
ifdef REPRODUCE
include dist/release.env
export
endif
ifdef NOCACHE
NO_CACHE := --no-cache
endif
include $(PWD)/src/toolchain/Makefile
.DEFAULT_GOAL :=
.PHONY: default
default: \
out/release.env \
out/manifest.txt \
out/airgap.iso
## Primary targets
out/airgap.iso: Containerfile $(shell git ls-files rootfs)
SOURCE_DATE_EPOCH=1 \
docker build \
--progress=plain \
--output type=local,rewrite-timestamp=true,dest=out \
--build-arg SOURCE_DATE_EPOCH=1 \
--build-arg VERSION="$(VERSION)" \
--build-arg GIT_REF="$(GIT_REF)" \
--build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \
--build-arg GIT_PUBKEY="$(GIT_PUBKEY)" \
--build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \
$(NO_CACHE) \
-f Containerfile \
.
## Development Targets
out/dev-shell.digest: Containerfile | out
docker build --target dev -f Containerfile -q . > $@
.PHONY: shell
shell: out/dev-shell.digest
docker run -it $(shell cat $<) /bin/sh
.PHONY: vm
vm: out/dev-shell.digest out/airgap.iso out/sdcard.img
docker run -it -v ./out:/out $(shell cat $<) sh -c "\
swtpm socket \
--tpmstate dir=. \
--ctrl type=unixio,path=vtpm-sock \
--tpm2 & \
qemu-system-x86_64 \
-m 4G \
-machine pc \
-chardev socket,id=chrtpm,path=vtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis,tpmdev=tpm0 \
-usb \
-device sdhci-pci \
-device sd-card,drive=external \
-drive id=external,if=none,format=raw,file=out/sdcard.img \
-device usb-storage,drive=usbdrive \
-drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \
-boot order=c \
-nographic; \
"
## Signing, Verification, and Release Targets
toolchain \
$(OUT_DIR)/airgap.iso \
$(OUT_DIR)/release.env \
$(OUT_DIR)/manifest.txt
.PHONY: clean
clean:
rm -rf out
.PHONY: release
release: clean
$(MAKE) NOCACHE=1 VERSION=$(VERSION)
rm -rf dist/*
cp -R out/release.env out/airgap.iso out/manifest.txt dist/
clean: toolchain
rm -rf $(CACHE_DIR)/buildroot-ccache
$(call toolchain,$(USER)," \
cd $(FETCH_DIR)/buildroot; \
make clean; \
")
$(MAKE) toolchain-clean
.PHONY: sign
sign:
@ -95,35 +30,67 @@ sign:
); \
gpg --armor \
--detach-sig \
--output dist/manifest.$${fingerprint}.asc \
dist/manifest.txt
--output $(DIST_DIR)/manifest.$${fingerprint}.asc \
$(DIST_DIR)/manifest.txt
.PHONY: verify
verify: | dist/manifest.txt
verify: | $(DIST_DIR)/manifest.txt
set -e; \
for file in dist/manifest.*.asc; do \
for file in $(DIST_DIR)/manifest.*.asc; do \
echo "\nVerifying: $${file}\n"; \
gpg --verify $${file} dist/manifest.txt; \
gpg --verify $${file} $(DIST_DIR)/manifest.txt; \
done;
.PHONY: reproduce
reproduce: clean | out
$(MAKE) REPRODUCE=true NOCACHE=1
diff -q out/manifest.txt dist/manifest.txt;
.PHONY: mrproper
mrproper:
docker image rm -f $(IMAGE)
rm -rf $(CACHE_DIR) $(OUT_DIR)
out:
mkdir -p $@
.PHONY: menuconfig
menuconfig: toolchain
$(call toolchain,$(USER)," \
cd $(FETCH_DIR)/buildroot; \
make "airgap_$(TARGET)_defconfig"; \
make menuconfig; \
")
cp $(FETCH_DIR)/buildroot/.config \
"config/buildroot/configs/airgap_$(TARGET)_defconfig"
out/release.env: $(shell git ls-files) | out
echo 'VERSION=$(VERSION)' > out/release.env
echo 'GIT_REF=$(GIT_REF)' >> out/release.env
echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> out/release.env
echo 'GIT_PUBKEY=$(GIT_PUBKEY)' >> out/release.env
echo 'GIT_TIMESTAMP=$(GIT_TIMESTAMP)' >> out/release.env
.PHONY: linux-menuconfig
linux-menuconfig: toolchain
$(call toolchain,$(USER),"\
cd $(FETCH_DIR)/buildroot; \
make linux-menuconfig; \
make linux-update-defconfig; \
")
out/manifest.txt: out/airgap.iso out/release.env | out
openssl sha256 -r \
out/airgap.iso \
out/release.env \
| sed -e 's/ \*out\// /g' -e 's/ \.\// /g' \
> $@
.PHONY: vm
vm: toolchain
$(call toolchain,$(USER)," \
qemu-system-i386 \
-M pc \
-nographic \
-cdrom "$(OUT_DIR)/airgap.iso"; \
")
.PHONY: release
release: default
rm -rf $(DIST_DIR)/*
cp -R $(OUT_DIR)/* $(DIST_DIR)/
$(FETCH_DIR)/buildroot: toolchain
$(call git_clone,$(FETCH_DIR)/buildroot,$(BUILDROOT_REPO),$(BUILDROOT_REF))
$(OUT_DIR)/airgap.iso: \
$(FETCH_DIR)/buildroot \
$(OUT_DIR)/release.env
# $(call apply_patches,$(FETCH_DIR)/buildroot,$(CONFIG_DIR)/buildroot/patches)
$(call toolchain,$(USER)," \
cd $(FETCH_DIR)/buildroot; \
make "airgap_$(TARGET)_defconfig"; \
unset FAKETIME; \
make source; \
make; \
")
cp $(FETCH_DIR)/buildroot/output/images/rootfs.iso9660 \
$(OUT_DIR)/airgap.iso

View File

@ -1,26 +1,24 @@
# AirgapOS #
<https://git.distrust.co/public/airgap>
<https://github.com/distrust-foundation/airgap>
## About ##
A full-source-bootstrapped, deterministic, minimal, immutable, and offline,
workstation linux distribution designed for creating and managing secrets
offline.
A live buildroot based Liux distribution designed for managing secrets offline.
Built for those of us that want to be -really- sure our most important secrets
are managed in a clean environment with an "air gap" between us and the
internet with high integrity on the supply chain of the firmware and OS used.
## Uses ##
* Generate PGP keychain
* Generate GPG keychain
* Store/Restore gpg keychain to security token such as a Yubikey or Nitrokey
* Signing cryptocurrency transactions
* Generate/backup BIP39 universal cryptocurrency wallet seed
* Store/Restore BIP39 seed to a hardware wallet such as a Trezor or Ledger
## Features ##
* Deterministic iso generation for multi-party code->binary verification
* Determinsitic iso generation for multi-party code->binary verification
* Small footprint (< 100MB)
* Immutable and Diskless: runs from initramfs
* Network support and most drivers removed to minimize exfiltration vectors
@ -29,54 +27,37 @@ internet with high integrity on the supply chain of the firmware and OS used.
### Software ###
* docker 26+
* docker 18+
### Hardware ###
* x86_64 PC or laptop
* linuxboot/heads firmware supported and recommended for multi-use machine
* Allows for signed builds, and verification of signed sd card payloads
* Ensure any Wifi/Disk/Bluetooth/Audio devices are disabled/removed
* Recommended: PC running coreboot-heads
* Allows for signed builds, and verification of signed sd card payloads
* Ensure any Wifi/Disk/Bluetooth/Audio devices are disabled/removed
* Supported remote attestation key (Librem Key, Nitrokey, etc)
* Supported GPG smartcard device (Yubikey, Ledger, Trezor, Librem Key, etc)
* Blank flash drive
* Blank SD card
## Build ##
### Update git submodules
```
git submodule update --init --recursive
```
### Build a new release
```
make release
```
```
make release
```
### Reproduce an existing release
```
make attest
```
```
make attest
```
### Sign an existing release
```
make sign
```
## Provisioning ##
1. Write airgap.iso to CD-ROM or SD Card
a. `dd if=out/airgap.iso of=/dev/sda bs=1M conv=sync status=progress`
b. `cdrecord out/airgap.iso`
2. Verify media still produces expected hash
```
sha256sum out/airgap.iso
head -c $(stat -c '%s' airgap.iso) /dev/sda | sha256sum
```
```
make sign
```
## Setup ##

View File

@ -0,0 +1 @@
source "$BR2_EXTERNAL_Airgap_PATH/package/flashtools/Config.in"

View File

@ -0,0 +1,27 @@
set default="0"
set timeout="10"
menuentry "AirgapOS (qwerty)" {
linux /boot/bzImage root=/dev/sr0 keymap=qwerty/us
initrd /boot/initrd
}
menuentry "AirgapOS (dvorak)" {
linux /boot/bzImage root=/dev/sr0 keymap=dvorak
initrd /boot/initrd
}
menuentry "AirgapOS (colemak)" {
linux /boot/bzImage root=/dev/sr0 keymap=colemak/en-latin9
initrd /boot/initrd
}
menuentry "AirgapOS (qwertz)" {
linux /boot/bzImage root=/dev/sr0 keymap=qwertz/de
initrd /boot/initrd
}
menuentry "AirgapOS (azerty)" {
linux /boot/bzImage root=/dev/sr0 keymap=azerty/fr
initrd /boot/initrd
}

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,17 @@
#!/bin/sh
set -u
set -e
set -x
BOARD_DIR="$(dirname $0)"
cp -f ${BOARD_DIR}/grub.cfg ${TARGET_DIR}/boot/grub/grub.cfg
echo "export VERSION=\"${VERSION}\"" > ${TARGET_DIR}/etc/environment
echo "export GIT_REF=\"${GIT_REF}\"" >> ${TARGET_DIR}/etc/environment
echo "export GIT_AUTHOR=\"${GIT_AUTHOR}\"" >> ${TARGET_DIR}/etc/environment
echo "export GIT_KEY=\"${GIT_KEY}\"" >> ${TARGET_DIR}/etc/environment
echo "export GIT_TIMESTAMP=\"${GIT_TIMESTAMP}\"" >> ${TARGET_DIR}/etc/environment
exit $?

View File

@ -0,0 +1,6 @@
#!/bin/sh
set -u
set -e
echo "post-image.sh was run"

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,2 @@
name: Airgap
desc: Linux distribution for offline cryptography use cases

View File

@ -0,0 +1 @@
include $(sort $(wildcard $(BR2_EXTERNAL_Airgap_PATH)/package/*/*.mk))

View File

@ -0,0 +1,36 @@
menu "Flashtools"
config BR2_PACKAGE_FLASHTOOLS
bool "flashtools"
config BR2_PACKAGE_FLASHTOOLS_FLASHTOOL
bool "flashtool"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_PEEK
bool "peek"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_POKE
bool "poke"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_CBFS
bool "cbfs"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_UEFI
bool "uefi"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
endmenu

View File

@ -0,0 +1,47 @@
################################################################################
#
# flashtools
#
################################################################################
FLASHTOOLS_VERSION = 9acce09aeb635c5bef01843e495b95e75e8da135
FLASHTOOLS_SITE = https://github.com/osresearch/flashtools.git
FLASHTOOLS_SITE_METHOD = git
FLASHTOOLS_LICENSE = GPL-2.0
FLASHTOOLS_LICENSE_FILES = LICENSE
ifeq ($(BR2_PACKAGE_FLASHTOOLS_FLASHTOOL),y)
FLASHTOOLS_TARGETS += flashtool
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_PEEK),y)
FLASHTOOLS_TARGETS += peek
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_POKE),y)
FLASHTOOLS_TARGETS += poke
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_CBFS),y)
FLASHTOOLS_TARGETS += cbfs
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_UEFI),y)
FLASHTOOLS_TARGETS += uefi
endif
define FLASHTOOLS_BUILD_CMDS
$(foreach t,$(FLASHTOOLS_TARGETS),\
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \
CFLAGS="$(TARGET_CFLAGS)" -C $(@D) $(t) \
)
endef
define FLASHTOOLS_INSTALL_TARGET_CMDS
$(foreach t,$(FLASHTOOLS_TARGETS),\
$(INSTALL) -D -m 0755 $(@D)/$(t) $(TARGET_DIR)/usr/bin/$(t)$(sep) \
)
endef
$(eval $(generic-package))

View File

@ -0,0 +1,39 @@
diff --git a/fs/cpio/cpio.mk b/fs/cpio/cpio.mk
index 81f8c393d1..72923ded47 100644
--- a/fs/cpio/cpio.mk
+++ b/fs/cpio/cpio.mk
@@ -32,15 +32,16 @@ ROOTFS_CPIO_PRE_GEN_HOOKS += ROOTFS_CPIO_ADD_INIT
# --reproducible option was introduced in cpio v2.12, which may not be
# available in some old distributions, so we build host-cpio
ifeq ($(BR2_REPRODUCIBLE),y)
-ROOTFS_CPIO_DEPENDENCIES += host-cpio
-ROOTFS_CPIO_OPTS += --reproducible
+ROOTFS_CPIO_DEPENDENCIES += host-cpio host-libarchive
endif
define ROOTFS_CPIO_CMD
- cd $(TARGET_DIR) && \
- find . \
- | LC_ALL=C sort \
- | cpio $(ROOTFS_CPIO_OPTS) --quiet -o -H newc \
+ cd $(TARGET_DIR) \
+ && find . -mindepth 1 -execdir touch -hcd "@0" "{}" + \
+ && find . -mindepth 1 -printf '%P\0' \
+ | sort -z \
+ | LANG=C bsdtar --null -cnf - -T - \
+ | LANG=C bsdtar --uid 0 --gid 0 --null -cf - --format=newc @- \
> $@
endef
diff --git a/package/libarchive/libarchive.mk b/package/libarchive/libarchive.mk
index 708ce637c2..2ba8dcab2a 100644
--- a/package/libarchive/libarchive.mk
+++ b/package/libarchive/libarchive.mk
@@ -135,7 +135,6 @@ endif
# The only user of host-libarchive needs zlib support
HOST_LIBARCHIVE_DEPENDENCIES = host-zlib
HOST_LIBARCHIVE_CONF_OPTS = \
- --disable-bsdtar \
--disable-bsdcpio \
--disable-bsdcat \
--disable-acl \

View File

@ -0,0 +1,28 @@
diff --git a/fs/iso9660/iso9660.mk b/fs/iso9660/iso9660.mk
index 0524f94c35..284c21f566 100644
--- a/fs/iso9660/iso9660.mk
+++ b/fs/iso9660/iso9660.mk
@@ -157,7 +157,13 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD
endif # ROOTFS_ISO9660_USE_INITRD
-ROOTFS_ISO9660_OPTS += -J -R
+ROOTFS_ISO9660_OPTS += \
+ -volume_date all_file_dates "=$(SOURCE_DATE_EPOCH)" \
+ -as mkisofs \
+ -J \
+ -R \
+ -gid 0 \
+ -uid 0
ROOTFS_ISO9660_OPTS_BIOS = \
-b $(ROOTFS_ISO9660_BOOT_IMAGE) \
@@ -181,7 +187,7 @@ ROOTFS_ISO9660_OPTS += $(ROOTFS_ISO9660_OPTS_EFI)
endif
define ROOTFS_ISO9660_CMD
- $(HOST_DIR)/bin/xorriso -as mkisofs \
+ $(HOST_DIR)/bin/xorriso \
$(ROOTFS_ISO9660_OPTS) \
-o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR)
endef

View File

@ -1,5 +1,11 @@
# /etc/inittab
#
# Copyright (C) 2001 Erik Andersen <andersen@codepoet.org>
#
# Note: BusyBox init doesn't support runlevels. The runlevels field is
# completely ignored by BusyBox init. If you want runlevels, use
# sysvinit.
#
# Format for each entry: <id>:<runlevels>:<action>:<process>
#
# id == tty to run on, or empty for /dev/console
@ -8,26 +14,27 @@
# process == program to run
# Startup the system
::sysinit:/bin/mount -t devtmpfs devtmpfs /dev
::sysinit:/bin/mkdir -p /proc /run /dev/pts /dev/shm /sys
::sysinit:/bin/mount -t sysfs sysfs /sys
::sysinit:/bin/mount -t proc proc /proc
::sysinit:/bin/mount -o remount,rw /
::sysinit:/bin/mkdir -p /dev/pts /dev/shm
::sysinit:/bin/mount -a
::sysinit:/sbin/swapon -a
null::sysinit:/bin/ln -sf /proc/self/fd /dev/fd
null::sysinit:/bin/ln -sf /proc/self/fd/0 /dev/stdin
null::sysinit:/bin/ln -sf /proc/self/fd/1 /dev/stdout
null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr
::sysinit:/bin/hostname -F /etc/hostname
# now run any rc scripts
::sysinit:/etc/init.d/rcS
# Put shells on the serial terminal and console
console::respawn:-/bin/bash
ttyS0::respawn:-/bin/bash
# Put a getty on the serial port
#console::respawn:/sbin/getty -L console 0 vt100 # GENERIC_SERIAL
::respawn:-/bin/bash
# Stuff to do for the 3-finger salute
::ctrlaltdel:/sbin/reboot
#::ctrlaltdel:/sbin/reboot
# Stuff to do before rebooting
::shutdown:/etc/init.d/rcK
::shutdown:/sbin/swapoff -a
::shutdown:/bin/umount -a -r

View File

@ -3,7 +3,8 @@ export PATH="/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin"
export PS1="[\h \t] \\$ "
export GNUPGHOME=/.gnupg
source /etc/environment
cd /root
dmesg -n1
clear
cat << "EOF"
_ _ ___ ____
@ -18,5 +19,5 @@ echo " - Version: $VERSION"
echo " - Date: $GIT_TIMESTAMP"
echo " - Committer: $GIT_AUTHOR"
echo " - Commit: $GIT_REF"
echo " - Key: $GIT_PUBKEY"
echo " - Key: $GIT_KEY"
echo ""

View File

@ -0,0 +1,12 @@
KERNEL!="sd[a-z][0-9]", GOTO="sd_cards_auto_mount_end"
# Global mount options
ACTION=="add", ENV{mount_options}="relatime"
# Filesystem specific options
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,flush,user,umask=0000"
ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k"
ACTION=="add", RUN+="/usr/local/bin/autorun /media/sd-%k"
ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k"
LABEL="sd_cards_auto_mount_end"

View File

@ -0,0 +1,18 @@
#!/bin/bash
set -e
source /etc/profile
folder=${1?}
if [ -f "${folder}/autorun.sh.asc" ]; then
echo "" >/dev/console
echo "++ Autorun: Found ${folder}/autorun.sh" >/dev/console;
gpg --verify "${folder}/autorun.sh.asc" >/dev/null 2>&1 || {
echo "!! Autorun: Verification Failed for ${folder}/autorun.sh" \
>/dev/console;
exit 1;
}
echo "++ Autorun: Verified ${folder}/autorun.sh" >/dev/console
echo "** Autorun: Executing ${folder}/autorun.sh" >/dev/console
/bin/bash "${folder}/autorun.sh" >/dev/console
fi

8
config/global.env Normal file
View File

@ -0,0 +1,8 @@
DEBIAN_HASH=48b28b354484a7f0e683e340fa0e6e4c4bce3dc3aa0146fc2f78f443fde2c55d
# BUILDROOT_REF=ea51485ee9ab44f72f8b1cc019dcb17f276d1def
BUILDROOT_REF=8526e60a1f09854b96016b03a2439fcb61200ee4
HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f
BUILDROOT_REPO=git://git.busybox.net/buildroot
HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git
BR2_EXTERNAL=/home/build/config/buildroot
HEADS_EXTERNAL=/home/build/config/heads

View File

@ -1,5 +0,0 @@
set timeout=1
menuentry "Linux Airgap" {
linux /boot/vmlinuz init=/init console=ttyS0 console=tty0 ro
initrd /boot/initramfs
}

View File

@ -1,2 +0,0 @@
search --no-floppy --set=root --label "airgap"
set prefix=($root)/boot/grub

View File

@ -0,0 +1,160 @@
diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
index 1369ed1..f576a8e 100755
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@@ -13,21 +13,26 @@ first_pass=true
mount_boot()
{
-
+
# Mount local disk if it is not already mounted
while ! grep -q /boot /proc/mounts ; do
+
# try to mount if CONFIG_BOOT_DEV exists
if [ -e "$CONFIG_BOOT_DEV" ]; then
- mount -o ro $CONFIG_BOOT_DEV /boot
+ mount -o ro $CONFIG_BOOT_DEV /boot
[[ $? -eq 0 ]] && continue
fi
- # CONFIG_BOOT_DEV doesn't exist or couldn't be mounted, so give user options
+ # try to mount usb to /media and /boot if it exists
+ mount-usb \
+ && mount -o bind,ro /media /boot \
+ && continue
+
+ # no boot device available, so give user options
whiptail $BG_COLOR_ERROR --clear --title "ERROR: No Bootable OS Found!" \
- --menu " No bootable OS was found on the default boot device $CONFIG_BOOT_DEV.
+ --menu " No bootable OS was found at $CONFIG_BOOT_DEV or on USB.
How would you like to proceed?" 30 90 4 \
'b' ' Select a new boot device' \
- 'u' ' Boot from USB' \
'm' ' Continue to the main menu' \
'x' ' Exit to recovery shell' \
2>/tmp/whiptail || recovery "GUI menu failed"
@@ -41,9 +46,6 @@ mount_boot()
. /tmp/config
fi
;;
- u )
- exec /bin/usb-init
- ;;
m )
break
;;
@@ -55,6 +57,11 @@ mount_boot()
}
verify_global_hashes()
{
+
+ # If default boot device is not mounted, then there are no hashes to verify
+ # User is likely usb booting.
+ df $CONFIG_BOOT_DEV >/dev/null 2>&1 || return 0
+
# Check the hashes of all the files, ignoring signatures for now
check_config /boot force
TMP_HASH_FILE="/tmp/kexec/kexec_hashes.txt"
@@ -458,6 +465,7 @@ while true; do
if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
# Try to boot the default
mount_boot
+
verify_global_hashes
if [ $? -ne 0 ]; then
continue
@@ -467,6 +475,7 @@ while true; do
kexec-select-boot -b /boot -c "grub.cfg" -g \
|| recovery "Failed default boot"
else
+ usb-init
if (whiptail --title 'No Default Boot Option Configured' \
--yesno "There is no default boot option configured yet.\nWould you like to load a menu of boot options?\nOtherwise you will return to the main menu." 16 90) then
kexec-select-boot -m -b /boot -c "grub.cfg" -g
diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb
index a79dd66..8a8734c 100755
--- a/initrd/bin/mount-usb
+++ b/initrd/bin/mount-usb
@@ -4,19 +4,6 @@
enable_usb
-if ! lsmod | grep -q usb_storage; then
- count=$(ls /dev/sd* 2>/dev/null | wc -l)
- timeout=0
- echo "Scanning for USB storage devices..."
- insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \
- || die "usb_storage: module load failed"
- while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do
- [[ $timeout -ge 4 ]] && break
- sleep 1
- timeout=$(($timeout+1))
- done
-fi
-
if [ ! -d /media ]; then
mkdir /media
fi
diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan
index d9f26b0..b64f150 100755
--- a/initrd/bin/usb-scan
+++ b/initrd/bin/usb-scan
@@ -5,12 +5,6 @@ set -e -o pipefail
. /etc/gui_functions
. /tmp/config
-# Unmount any previous boot device
-if grep -q /boot /proc/mounts ; then
- umount /boot \
- || die "Unable to unmount /boot"
-fi
-
# Mount the USB boot device
mount_usb || die "Unable to mount /media"
@@ -29,12 +23,16 @@ get_menu_option() {
MENU_OPTIONS="$MENU_OPTIONS $n ${option}"
done < /tmp/iso_menu.txt
- whiptail --clear --title "Select your ISO boot option" \
- --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
- -- $MENU_OPTIONS \
- 2>/tmp/whiptail || die "Aborting boot attempt"
+ if [ "$n" -eq "1" ]; then
+ option_index=1
+ else
+ whiptail --clear --title "Select your ISO boot option" \
+ --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
+ -- $MENU_OPTIONS \
+ 2>/tmp/whiptail || die "Aborting boot attempt"
- option_index=$(cat /tmp/whiptail)
+ option_index=$(cat /tmp/whiptail)
+ fi
else
echo "+++ Select your ISO boot option:"
n=0
diff --git a/initrd/etc/functions b/initrd/etc/functions
index dc0fbed..a083e17 100755
--- a/initrd/etc/functions
+++ b/initrd/etc/functions
@@ -122,6 +122,18 @@ enable_usb()
|| die "xhci_pci: module load failed"
sleep 2
fi
+ if ! lsmod | grep -q usb_storage; then
+ count=$(ls /dev/sd* 2>/dev/null | wc -l)
+ timeout=0
+ echo "Scanning for USB storage devices..."
+ insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \
+ || die "usb_storage: module load failed"
+ while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do
+ [[ $timeout -ge 4 ]] && break
+ sleep 1
+ timeout=$(($timeout+1))
+ done
+ fi
}
confirm_gpg_card()

View File

@ -1,8 +0,0 @@
TIMEOUT 2
PROMPT -1
DEFAULT Airgap
LABEL Airgap
MENU LABEL Linux Airgap
KERNEL /boot/vmlinuz
INITRD /boot/initramfs
APPEND init=/init console=ttyS0 console=tty0 ro

View File

@ -0,0 +1,256 @@
030db54f4d76cdfe2bf0e8eb5f9efea0233ab3c7aa942d672c7b63b52dbaf935 libpcre2-8-0_10.42-1_amd64.deb
03326473eed54ffa27efae19aa5d6aeb402930968f869f318445513093691d55 libtirpc-dev_1.3.3+ds-1_amd64.deb
03539fd30c509e27101d13a56e52eda9062bdf1aefe337c07ab56def25a13eab libmd0_1.0.4-2_amd64.deb
03ebdf235600f4a8a6d4fbc7080de0a776b1a701f43c4e9697944757591d7809 libkrb5-3_1.20.1-2+deb12u1_amd64.deb
072d908f38f51090ca28ca5afa3b46b2957dc61fe35094c0b851426859a49a51 libtinfo6_6.4-4_amd64.deb
097a2cb520881c29afa97c1bb0c381ce008aef362df2779677416a0981bcf165 g++-12_12.2.0-14_amd64.deb
0a43a9785f32d517a967d99e00d8e0a69edc0be09d4e63a08d7fd64466a11a0f gpgv_2.2.40-1.1_amd64.deb
0ca5213c1ab67278cbfcec4cafccdb538c2e089718f4bddabe5a00145e5a21fb libdav1d6_1.0.0-2_amd64.deb
11790842108768ec52432ea22e7b4f057232813b7c27ef6dfe1aba776a5cb90e sysvinit-utils_3.06-4_amd64.deb
11ee190ad39f8d7af441d2c8347388b9449434c73acc67b4b372445ac4152efa libsasl2-2_2.1.28+dfsg-10_amd64.deb
1379ab846489b322bb45602d34ca8e2791e1d342fd53d49143f6355430934efd libcc1-0_12.2.0-14_amd64.deb
146ee93768433ac6a33edc8ae9248d8d619f10ef42c18b1212e0cb594ab9be3b libblkid1_2.38.1-5+b1_amd64.deb
16ee38d374e064f534116dc442b086ef26f9831f1c0af7e5fb4fe4512e700649 libfontconfig1_2.14.1-4_amd64.deb
177cacdfe9508448d84bf25534a87a7fcc058d8e2dcd422672851ea13f2115df sed_4.9-1_amd64.deb
17d0341ca6ce604ce59c296780ac2c2a24141a769823c50669af942c025e6591 libaudit-common_1%3a3.0.9-1_all.deb
17d9a2f3c05004499d80e180d2440fd716f84c32b65f09d96c9a024af4d1d0e7 hostname_3.23+nmu1_amd64.deb
17fc3fb0897b9d26f779d60d056d9a1ce68af50208118c4277cf18a0496f36a8 openssh-client_1%3a9.2p1-2+deb12u2_amd64.deb
187aedef2ed763f425c1e523753b9719677633c7eede660401739e9c893482bd libgmp10_2%3a6.2.1+dfsg1-1.1_amd64.deb
194024e45303ed7e38f68e2e82c57b5d03a09822b6c3fcbf7865fea982e78914 mount_2.38.1-5+b1_amd64.deb
194fd3750e6d647f300045a266c20cc3a3d47f84fd2fc8ff8830c55098b63c0d fakeroot_1.31-1.2_amd64.deb
1a03df5a57833d65b5bb08cfa19d50e76f29088dc9e64fb934af42d9023a0807 gcc-12-base_12.2.0-14_amd64.deb
1a394277e17426a10abdd9293e06fa0f8c31049fe73027608fe9363dda36f25b libc-dev-bin_2.36-9+deb12u3_amd64.deb
1cdc3c6614ce1dd2486041bf8bbd86d7dda5c79bc72d3e78bb4abcb9468a85aa base-files_12.4+deb12u4_amd64.deb
1cf14abf2716d3279db12d0657a5737cf70074a1e71d3bdf73206625e3c89ce6 libedit2_3.1-20221030-2_amd64.deb
1dbc499d2055cb128fa4ed678a7adbcced3d882b3509e26d5aa3742a4b9e5b2f libgomp1_12.2.0-14_amd64.deb
245f55e17d9ec050d9a1de80b35bc6b8f64f277b6f12183ff7769be5b3678eb8 logsave_1.47.0-2_amd64.deb
251330faddbf013f060fcdb41f4b0c037c8a6e89ba7c09b04bfcc4e3f0807b22 libp11-kit0_0.24.1-2_amd64.deb
2520093a31c082ace185a18ad6bdf860b13f32139977d1dfe1d52867c2e5df30 gpg-wks-client_2.2.40-1.1_amd64.deb
26c451a660728cf7c15548a281e17eef2f36fab28499371e83fc2d3accb499d7 g++_4%3a12.2.0-3_amd64.deb
26e174fb15af157b5d5698b5ccd9aafcdb084acdf74a5aa9aab6887c1f308f99 tzdata_2023c-5+deb12u1_all.deb
27b3d102545f597df9e6dc5c7f6590a648de09b57debd6b05ad3d1189de428d5 pinentry-curses_1.2.1-1_amd64.deb
281c66e46b95f045a0282a6c7a03b33de0e9a08d016897a759aaf4a04adfddbe fontconfig-config_2.14.1-4_amd64.deb
29b23c48c0fe6f878e56c5ddc9f65d1c05d729360f3690a593a8c795031cd867 netbase_6.4_all.deb
2a46d5a5e9486da11ffeff5740931740d6deae4f92cd6098df060dc5dff1e1c7 libtirpc3_1.3.3+ds-1_amd64.deb
2ac1236547360284e9e154ad11a14564db65175bd4da393ec652ac1b2dc43571 libgpm2_1.20.7-10+b1_amd64.deb
2ad228835756feb118bb131b32834bd23a09047e4de408cc5204cbb5dce0e4bb libncurses-dev_6.4-4_amd64.deb
2b07f5287b9105f40158b56e4d70cc1652dac56a408f3507b4ab3d061eed425f libselinux1_3.4-1+b6_amd64.deb
2c57221bf8cc0ff5d2295ececb9215cc1b9ff9040dacb152c385bba3087ab1df file_1%3a5.44-3_amd64.deb
2d7ea8a570d768224d7f2424abbe6f373d2154865a1fa7f56c80d43ecf492521 binutils-x86-64-linux-gnu_2.40-2_amd64.deb
30954df4b5a7c505661ba8ae5e6ea94f5805e408899fb400783bb166eb5ff306 libaudit1_1%3a3.0.9-1_amd64.deb
30b4972cc88a4ff0fba9e08e6d476de13b109af9e4b826d130bdc72771d6e373 libasan8_12.2.0-14_amd64.deb
30f9618670e686d781afbfc713eb0830c29d2819e9cb2a0488800dad6bb99faa python3-minimal_3.11.2-1+b1_amd64.deb
31c77590324be46e1d1616df144a4f9002fb92b3252cce13f14f0612f97746e6 rsync_3.2.7-1_amd64.deb
3264acea728df3c48a54f20e9291b965130e306b9d00adac76647049da7196df grep_3.8-5_amd64.deb
32ac0692694f8a34cc90c895f4fc739680fb2ef0e2d4870a68833682bf1c81a3 rpcsvc-proto_1.4.3-1_amd64.deb
32b60c039da18a2b17fdf4bc569d783fbb7a2fe634907eb239a380357eca4872 linux-libc-dev_6.1.69-1_amd64.deb
339abb97957695134f9df48dfa3eb7df5f681c3aa76a53934133dee2f451d1e4 libsystemd0_252.19-1~deb12u1_amd64.deb
33ea40061da2f1a861ec46212b2b6a34f0776a049b1a3f0abce2fb8cb994258f dash_0.5.12-2_amd64.deb
33f6dafbd1a6902d9063172ec7dbd4b2225e12009e0d7ec5c933a72c2f5f3b74 python3_3.11.2-1+b1_amd64.deb
34097adaf793f92cc93c8f07059d34766a6a8f2b1d0b1b74b9bb530516402642 git-man_1%3a2.39.2-1.1_all.deb
343b60a755ceb2c3687f9a5c9c9dc00eea0e44a7de49a537c36df17894f784b3 passwd_1%3a4.13+dfsg1-1+b1_amd64.deb
36a29db2aa4262bd02c23df42cd91cc709883fe52a517aa8a1b148039305eef0 tar_1.34+dfsg-1.2_amd64.deb
36b6fc603efaa2bfd22cff3a7773590dd6774a5d0d9b0c23b73306f3f58cbc20 libavif15_0.11.1-1_amd64.deb
37b7a2b4e78890b6a074777f27b96c84f58e81558ba08410c2b6c0ca4a4ad77b libmpfr6_4.2.0-1_amd64.deb
37d5e8d44bb9729a89d747db15880f0f01e53101cc16f258087bb8b591017e76 gpgsm_2.2.40-1.1_amd64.deb
37eaea795edc3bd2c5d43ab5a3a723859d851a9aff9d8d882eddb786047d7594 libc-devtools_2.36-9+deb12u3_amd64.deb
396d6e453aee6d71b7141f0bfb333a6c08a44c64f77632bdf52894ccd123db46 ncurses-bin_6.4-4_amd64.deb
3a8b61891f0ce9bd310088ce2d269d63b5afd88b9196fa4f046fd890faea4a17 libalgorithm-diff-perl_1.201-1_all.deb
3ac4fd6cbe3b3b06e68d24b931bf3eb9385b42f15604a37ed25310e948ca0ee6 libsasl2-modules-db_2.1.28+dfsg-10_amd64.deb
3d4b39f94317b64a860db8a7a8b581b555124cd461fe07ec0d347edbdb9f6683 libdeflate0_1.14-1_amd64.deb
3e3ef129b4bf61513144236e15e1b4ec57fa5ae3dc8a72137abdbefb7a63af85 libtirpc-common_1.3.3+ds-1_all.deb
3fb7b6f326be3fae4a87a3d33b9269bd06c1e4346a24bd737f265067e3b7427f libctf0_2.40-2_amd64.deb
3fc9742f9f1a37bcb9931df6074b4d1483419ef832ad5349f47323e75fc27864 libjansson4_2.14-2_amd64.deb
4018d17d6a44ffeb19c002dc9f721bf474e6879ad814f1bfcdd6666803e30178 e2fsprogs_1.47.0-2_amd64.deb
438871b3f5c5c7a357a9840951dab9dab8db7eb1ff760a563226fafa111b99e5 bzip2_1.0.8-5+b1_amd64.deb
43c90d45f7cf5584108964b919d6c728680d81af5fa70c8fb367d661cef54e8c libnpth0_1.6-3_amd64.deb
43f19bcfdf5e1866c21d429d04403168ec4e19b3231de1eccef3e48160114591 util-linux_2.38.1-5+b1_amd64.deb
45403a9d495cd41997f1358352d386cf0076c1c57790a44df10b0529393cd728 less_590-2_amd64.deb
45922e6e289ffd92f0f92d2bb9159e84236ff202d552a461bf10e5335b3f0261 libnettle8_3.8.1-2_amd64.deb
46dbe02369411b46f676ddb55fa8ee3a98f7a15607ddab785979c25bacb5d7db libalgorithm-merge-perl_0.08-5_all.deb
48225793c486310600459d08a417dca0c28cbaf184047c09c82aff19107aa6f2 libyuv0_0.0~git20230123.b2528b0-1_amd64.deb
4922b5ade6ab4018089e9725fac243c89365aca788bc399a87cfc88501aaeba7 libsmartcols1_2.38.1-5+b1_amd64.deb
4af36a590b68d415a78d9238b932b6a4579f515ec8a8016597498acff5b515a4 libgdbm-compat4_1.23-3_amd64.deb
4b48b8f0b06c2c667d52117edcef69af6896bcfe69a4f4bde47b89590b83875e libperl5.36_5.36.0-7+deb12u1_amd64.deb
4b6c30f6554149c594628d945edc6003f0eea8d0cc1341638c0e71375db147ed libldap-2.5-0_2.5.13+dfsg-5_amd64.deb
4cf64c4e1168f3c7e858bb4a71f2c5bea9a36dd448cdcc2154a551ac146e293b libgav1-1_0.18.0-1+b1_amd64.deb
4e21728bbb1f170f35a5d60fe26adadb48c436f1b5fd977454e632668074169c libquadmath0_12.2.0-14_amd64.deb
4e58891d5c951a1e360ed9eaa814413cb5e84deadce3f08e801ac680434c786e libpython3-stdlib_3.11.2-1+b1_amd64.deb
4f0d35610204e4e754b057748719744114621f2f6f4202d846c314860a981afb libpsl5_0.21.2-1_amd64.deb
504b7be9d7df4f6f4519e8dd4d6f9d03a9fb911a78530fa23a692fba3058cba6 libxext6_2%3a1.3.4-1+b1_amd64.deb
505400598dcda712380f2e4a73b09b015a3fedf78bd874f6429622c448e249f9 libxpm4_1%3a3.5.12-1.1+deb12u1_amd64.deb
5308b9bd88eebe2a48be3168cb3d87677aaec5da9c63ad0cf561a29b8219115c ca-certificates_20230311_all.deb
5325e63acaecb37f6636990328370774995bd9b3dce10abd0366c8a06877bd0d bash_5.2.15-2+b2_amd64.deb
539c1a013e6e90800b4c37877cf871e7583791b486a39e23f2466906bbe5061f libfakeroot_1.31-1.2_amd64.deb
54149da3f44b22d523b26b692033b84503d822cc5122fed606ea69cc83ca5aeb libbz2-1.0_1.0.8-5+b1_amd64.deb
54f7a9e77c6b12bafa07ffb1d4c42933a416748119f169514c1ed1119d51f4b3 gcc-12_12.2.0-14_amd64.deb
55f951359670eb3236c9e2ccd5fac9ccb3db734f5a22aff21589e7a30aee48c9 debianutils_5.7-0.5~deb12u1_amd64.deb
563b4caec1aa5e876bd3355b36e7a38e1484baf5a293b48d1e8bd22db786e4d7 libbrotli1_1.0.9-2+b6_amd64.deb
57d6348f392c77ccc3fdc5874c527df18df8be702814b13d1151352b28e29145 xauth_1%3a1.1.2-1_amd64.deb
5912430927da16ccc831459679207fdbb9dfc5a206f2bab8d6f36d5a1ab53e25 libassuan0_2.5.5-5_amd64.deb
5a466348531b9c38c8e5ccb18c231f27a98b9fdab61b37ea22592553de5d2ced liberror-perl_0.17029-2_all.deb
5dd86bd0af4aa73f067dfd6b8339dd868f2dd84056aa79db29d1206d4fbc5e04 findutils_4.9.0-4_amd64.deb
5e1b647d802d9612596dfc6a546c0315f9d06843793aad66af2ad819c17c3e58 libaom3_3.6.0-1_amd64.deb
5ef7e6c1cd6b165455466bbfa6c22d8f5b61109d29aeab906bd3406322f34b15 xz-utils_5.4.1-0.2_amd64.deb
61038f857e346e8500adf53a2a0a20859f4d3a3b51570cc876b153a2d51a3091 coreutils_9.1-1_amd64.deb
6156f5b9edc0de38755869e5bcbed0b65d48d2a5531ae2f0ff2c347a7882f402 gnupg-utils_2.2.40-1.1_amd64.deb
619add379c606b3ac6c1a175853b918e6939598a83d8ebadf3bdfd50d10b3c8c libelf1_0.188-2.1_amd64.deb
6315b5ac38b724a710fb96bf1042019398cb656718b1522279a5185ed39318fa libzstd1_1.5.4+dfsg2-5_amd64.deb
639e1ab6bd66ead40db8a22c332d7199679fa22db261cac34444eb8eb4c17dda libnuma1_2.0.16-1_amd64.deb
64c17a80dede46900f8baf4a20803323aa57dac7707b0a8dea4b266767878945 libdpkg-perl_1.21.22_all.deb
64cde86cef1deaf828bd60297839b59710b5cd8dc50efd4f12643caaee9389d3 liblz4-1_1.9.4-1_amd64.deb
6631304ce4b5b9ba0af3fdebf088a734aed2d28ffad2a03ba79e4fcb2e226dd6 libgssapi-krb5-2_1.20.1-2+deb12u1_amd64.deb
665732aacbb8cb82cc5f33d0b6f31849001a02be074743fa5dd3ec218b95b48e util-linux-extra_2.38.1-5+b1_amd64.deb
679db1c4579ec7c61079adeaae8528adeb2e4bf5465baa6c56233b995d714750 libxau6_1%3a1.0.9-1_amd64.deb
67eec0eb4df58b93e1bf97c402c2cbeb361bf9c5af44fa3a02ff1c723c791ca2 libpython3.11-stdlib_3.11.2-6_amd64.deb
68aa3b3bdac8b34802df7e2e950bae64c40aa6c2b24fed356b832968f8305aa0 libfile-fcntllock-perl_0.22-4+b1_amd64.deb
69317523fe56429aa361545416ad339d138c1500e5a604856a80dd9074b4e35c readline-common_8.2-1.3_all.deb
6995822451e1300baa41b953c19f1094640ad4237982612583e980d32e18eee5 wget_1.21.3-1+b2_amd64.deb
6a91eee690e6ad2207df3a355fc329a58d8e31bf5ca9a9dd4de8f7a1c812ddc5 libk5crypto3_1.20.1-2+deb12u1_amd64.deb
6b07c77b700a615642888a82ba92a7e7c429d04b9c8669c62b2263f15c4c4059 libjbig0_2.1-6.1_amd64.deb
6c19a5d18c8350744581fbd25d5d29e2b7101053e25aafa4e1ffcc2b505b2f1c libxxhash0_0.8.1-1_amd64.deb
6d9f6c25c30efccce6d4bceaa48ea86c329a3432abb360a141f76ac223a4c34a libffi8_3.4.4-1_amd64.deb
6e129c5814812b3516a656ae5b664b9970e2f8823250cd5b98190f21c0de2bca libssl3_3.0.11-1~deb12u2_amd64.deb
6ea03cbbc7a7bfcee601c9fb08d4e026fd522ede5350561f06867ad9c0a0fa6b apt_2.6.1_amd64.deb
6f6fe95c43338db9887e52fe948228a779d3651fef1a975b62dfe891bb71fdc4 gnupg_2.2.40-1.1_all.deb
6f8c90780705bb2434d02e2360881b581319307ccde43abcd1f781e05928db04 cpp-12_12.2.0-14_amd64.deb
6f94b488255acd996254f775c77ff3956557c61f860a3c9caeaf65457554194f libpopt0_1.19+dfsg-1_amd64.deb
6fc5ab5858781ab90c68b4deea09f21871fd7b55dc1a0764ad7116ac4c86574d libpython3.11-minimal_3.11.2-6_amd64.deb
6ffd3721915c49580fc9bcf1ef06deab4ad59e99c52c9f349d03954642b97655 libgcc-12-dev_12.2.0-14_amd64.deb
7038b4d856aff8b4054f879c488c1298db5a83ecfa6280f85706f20e2e1935f1 libalgorithm-diff-xs-perl_0.04-8+b1_amd64.deb
70d356876847a9a540b5bebd02b2141f9de292e7ce17a596cafdecb15c39ba21 libisl23_0.25-1_amd64.deb
72300f09f02669c06c99b641ea795d52300ec7eb65eaccddf7bc3b72934f0ef5 libncurses6_6.4-4_amd64.deb
7259b7ce46444694ce536360ad53acb68eb3b47a7ff81d7b1b8a3939b2ac9918 libwebp7_1.2.4-0.2+deb12u1_amd64.deb
72a6c113801a0f307f3a9ab9fe7a7f9559d9164af990494ed2c50617a0e20452 libldap-common_2.5.13+dfsg-5_all.deb
72ef03236f1936e72a0faf86a547425b0eff3c5fd0b43f8669012182cf376354 libfreetype6_2.12.1+dfsg-5_amd64.deb
73d4a22bdd7eb6be1e480d6884b103eb500cfd539cc20ae0f3e44dd8b0614798 cpio_2.13+dfsg-7.1_amd64.deb
74ab14194a3762b2fc717917dcfda42929ab98e3c59295a063344dc551cd7cc8 debconf_1.5.82_all.deb
7516082b33a0e3c76d6c18d67754d5f2ef2116255fac9897ff0eb2004aa8de8c gpg-wks-server_2.2.40-1.1_amd64.deb
75bbf628518966bea04498df28391b5c070ccae110332302c52affcce8cb7b68 libss2_1.47.0-2_amd64.deb
771f5c47ca69f24ca61e4be0c98c5912b182ce442f921697d17a472f3ded5c9c liblerc4_4.0.0+ds-2_amd64.deb
7900a203b9b0e7db923882701e852e3c95a229a3bfb0b517531f6a679707e477 libtiff6_4.5.0-6+deb12u1_amd64.deb
791c92c681a3cefcc9721445dc8a301a1a3cb3eef40ac2c16a4d9dd9ad5a42d7 publicsuffix_20230209.2326-1_all.deb
79cb66b55021bd0130308369524bac5240d0b5463cb252cd44be6a1500fdebec libelf-dev_0.188-2.1_amd64.deb
7d2b2b700bae0ba67a13655fabba6a98da3f6ce7dee43d1ee0ac433b7ca1d947 libdebconfclient0_0.270_amd64.deb
7dc5127b8dd0da80e992ba594954c005ae4359d839a24eb65d0d8129b5235c84 libdb5.3_5.3.28+dfsg2-1_amd64.deb
8010e4285276bb344c05ae780deae2fffb45e237116c3a78481365c5954125ec libcom-err2_1.47.0-2_amd64.deb
8011853dcb09cd62d60fd95791eabba86df58d70b054f654f1bb51261b95cb98 libudev1_252.19-1~deb12u1_amd64.deb
81ccd29130f75a9e3adabc80e61921abff42f76761e1f792fa2d1bb69af7f52f libcrypt-dev_1%3a4.4.33-2_amd64.deb
835f806c21ae25e39053bd3057051640341b0cf08e1db9746fd82e370d82fa30 libsemanage-common_3.4-1_all.deb
83c3e20b53e1fbd84d764c3ba27d26a0376e361ae5d7fb37120196934dd87424 binutils_2.40-2_amd64.deb
851d270e36707787ab1cd269dbd9597864feaf3f8453ecd3c426caaa56142222 libpam-modules_1.5.2-6+deb12u1_amd64.deb
86b1f3504cf50fd4873be364c8a4e49a8c28e3442b31963a98a758135283db9d login_1%3a4.13+dfsg1-1+b1_amd64.deb
8892669e51aab4dc56682c8e39d8ddb7d70fad83c369344e1e240bf3ca22bb76 fonts-dejavu-core_2.37-6_all.deb
89944ee11d7370ce6ef46fc52f094c4a6512eff8943ec4c6ebefeae6360ceada libgpg-error0_1.46-1_amd64.deb
8a2f81076419cd6b0def5cd1fac98383c85ddec1a5c388f57e8e9e2fdf491ad9 libmount1_2.38.1-5+b1_amd64.deb
8bdfedc14c1035e3750e9f055ac9c1ecd9b5d05d9e6dc6466c4e9237eef407dd diffutils_1%3a3.8-4_amd64.deb
8be9df5795114bfe90e2be3d208ef47a5edd3fc7b3e20d387a597486d444e5e2 libacl1_2.3.1-3_amd64.deb
8c6d49b771530dbe26d7bd060582dc7d2b4eeb603a20789debc1ef4bbbc4ef67 patch_2.7.6-7_amd64.deb
8cbd111e1ad1c1357afb18f916c88c7ebb8cc860b8fac04ccc66a9eefe5a53af libcbor0.8_0.8.0-2+b1_amd64.deb
908ca1b35125f49125ae56945a72bc11ce0fcec85a8d980d10d83bb3a610f518 base-passwd_3.6.1_amd64.deb
95224197cc1275ee3e625be4522f9d03f8fea3bd7a5d7d8f1f55ab914736b404 perl_5.36.0-7+deb12u1_amd64.deb
95ec30140789a342add8f8371ed018924de51b539056522b66f207b25cba9cad libjpeg62-turbo_1%3a2.1.5-2_amd64.deb
95fe4a1336532450e67bd067892f46eaa484139919ea8d067a9ffcbf5a4bf883 libgdbm6_1.23-3_amd64.deb
96c2d796a21fdc92b4d272a550841c208e89c91ab0d54514ac28ae92da64c2c7 libc6_2.36-9+deb12u3_amd64.deb
96f55cb5e26231d5567c89b692bced63825a14a2d5bd18fdf16ea2ed44eb9838 manpages-dev_6.03-2_all.deb
9751239757dcc218a3cd5a5772070e33d86a8a15506fe5af8a47793d61fa2abc libcurl3-gnutls_7.88.1-10+deb12u5_amd64.deb
983ca41d506fa159536cd584118855748763f5f5a3b5949206bee4a62ec0cbf9 libxmuu1_2%3a1.1.3-3_amd64.deb
9840ce93b42b66c784852df07ee9131b7acab886177794a5c9ba761da9463887 libc-bin_2.36-9+deb12u3_amd64.deb
987a848aeb1c358e4186368871b0526f10bb14c6b53214ab3bf8b69abb830191 libx11-data_2%3a1.8.4-2+deb12u2_all.deb
98fa7a53dc565a38b65fb70422ad08001bf5361d8fbc74255280c329996a6bec libncursesw6_6.4-4_amd64.deb
993ea623ce5b42d67f653f2faaa7ef15e7c9d72bfcb93e22a1eaff7aa3532303 libpcre3_2%3a8.39-15_amd64.deb
9b1b269020cec6aced3b39f096f7b67edd1f0d4ab24f412cb6506d0800e19cbf libstdc++6_12.2.0-14_amd64.deb
9b8223674661ead1836ce21966f7e4511a3a943c1b87c02ea92ec17ed2c3f2cf perl-modules-5.36_5.36.0-7+deb12u1_all.deb
9cd87d1b0c56f34f51bcbe8bdb55ebb45dd08ce6c0c6ff2dc77378bac3f64cc0 libx265-199_3.5-2+b1_amd64.deb
9d1d4ba9ac38a7ae48567bfbd0bec88e02a5ccd941a48a76709a131197ea6570 python3.11_3.11.2-6_amd64.deb
9d97f27d8a8a06dd4800e8e0291337ca02e11cdfd7df09a4566a982a6d9fe4c4 dpkg_1.21.22_amd64.deb
9e46ced911ab34dee945fbcb2720b19eef39b0ac814583b9b7bb3a36f6179524 dpkg-dev_1.21.22_all.deb
9e6305a100f5178cc321ee33b96933a6482d11fdc22b42c0e526d6151c0c6f0f libseccomp2_2.5.4-1+b3_amd64.deb
a0f0f3fbeb661d9bda139a54f4bd1c30aa66cd55a8fa0beb0e6bc7946e243ca1 libstdc++-12-dev_12.2.0-14_amd64.deb
a1a83af8cbd854af887b72ad196b1f4af58387815e21ced1000253a116a46e2a make_4.3-4.1_amd64.deb
a241c2adc7438a7e217f32544028489981768a349d3e48673392703255c7b88e libmagic1_1%3a5.44-3_amd64.deb
a35f744972476c4b425e006d5c0752d917f3a6f48ce1268723a29e65a65b78a6 libatomic1_12.2.0-14_amd64.deb
a3c4092d84f19d13caf90f3c96eec53db8819f0e3a5247434944d71ed75fa53d libgprofng0_2.40-2_amd64.deb
a4d4d44b996fbb4d7b43710ec42d6ed30deefac9ed62c32ddc95d38767717ae1 krb5-locales_1.20.1-2+deb12u1_all.deb
a520264593224df5a4e98d9e95edffa4cf420dc3af7d609c2f5776e180dbc494 bsdutils_1%3a2.38.1-5+b1_amd64.deb
a63db920f7aa1857a57beab185423deffb6111fa09437a99bbb4ef724fb7ba78 cpp_4%3a12.2.0-3_amd64.deb
a6b79588938ef738fe6f03582b3ca0ed4fbd4a152dbe9f960e51a0355479a117 libitm1_12.2.0-14_amd64.deb
a72247ba64bcd1d0ace2ea8eefd7bcfaca84204def9495269526c25dd9fddc0c python3.11-minimal_3.11.2-6_amd64.deb
a8b11a1664a998cc2499fb04327d1f6c4e8f77b78ea8b6f8418d96fc54e3731f libsqlite3-0_3.40.1-2_amd64.deb
aaa46dcb3b39948ae2e0fdb72cfcb2f48c0b59f19785a3da8045c05eb19955dd media-types_10.0.0_all.deb
aaf001e0d4c68f995f9efbc551d54f213122fef99b3eaf9e28286bda6c03da73 libabsl20220623_20220623.1-1_amd64.deb
ab314134f43a0891a48f69a9bc33d825da748fa5e0ba2bebb7a5c491b026f1a0 binutils-common_2.40-2_amd64.deb
ac48d6bfac9298843355561a14047673a9361ecff7f24cfe1da119dbf1a037e9 gpg-agent_2.2.40-1.1_amd64.deb
b09481e7690680966005330c3f907bba4b5eefc35e1faaea4783cc55655d1150 libfaketime_0.9.10-2.1_amd64.deb
b10102de6c5f57bd040e9ee2a5fa9a5182a769ecb56a9ac09af4ab5f38131482 libc6-dev_2.36-9+deb12u3_amd64.deb
b1966bea9832686a0fd5ddba9787dce5816ebe02218a4a8f7472a1628d73451b libsasl2-modules_2.1.28+dfsg-10_amd64.deb
b36fefe9867f9e59b540f952e957a72ebdc241e997179d826da19a9511ade4a3 libcap2_1%3a2.66-4_amd64.deb
b3a0cc418526e1f9ae90ed320714cbdcf28dc252e7b5dddbf885cbe4062b3c63 gpgconf_2.2.40-1.1_amd64.deb
b3d9529c34382cc8d2e6cc8299a18536504edbc284b9133ffbe522704865068e unzip_6.0-28_amd64.deb
b4327c2d8e2ca92402205ac6b5845b3110fa2a1d50925c0e61c39624583a8baf perl-base_5.36.0-7+deb12u1_amd64.deb
b4b54769c77e4a71c8b33aee4d600ba28a9994a1c6f60d55d4ebe7fc44882e07 libcap-ng0_0.8.3-1+b3_amd64.deb
b52ffe8f80020a0df90d5fc188561010042ee8a67aae6de463d141a5fc09e1bc libksba8_1.6.3-2_amd64.deb
b81c29562345b88b809ee63acc6ef8bb7a1c0cbde2cf5959276da8dfdd3b9c26 libheif1_1.15.1-1_amd64.deb
b998946bb9818a97b387a962826caae33bc7fdcb6d706b2782c0470510be6b48 libsepol2_3.4-2.1_amd64.deb
b9c15ab69bb1408136f094e593bb9bedc1dec4a830519c412a191e4ca6d1a287 libgnutls30_3.7.9-2+deb12u1_amd64.deb
baaa4e935c5e3bcd57d4f2f4e7a1ddc67bd4eb8629d98f97a696548849ae01ac bc_1.07.1-3+b1_amd64.deb
bad01673ba5dfb9b5db4f3ae6a71f18d492cb6801eab45ad3c7d483c0a1f6ad2 libmagic-mgc_1%3a5.44-3_amd64.deb
bb31cc8b40f962a85b2cec970f7f79cc704a1ae4bad24257a822055404b2c60b libbsd0_0.11.7-2_amd64.deb
bb63b0fb2797e2a3a294dab8a02614930c557ec1f4ea96637c244b8b5f87e630 gcc_4%3a12.2.0-3_amd64.deb
bb81a188c119cd7fdebae723cbc95887b6c549b2fe4fb7e268a9c8846444da99 libnsl-dev_1.3.0-2_amd64.deb
bbfd38de41898a06326f2a6ce4cc43e8e399f5566381231065b01d70499d5ba5 build-essential_12.9_amd64.deb
bc62f3b366042157e9a8d00d04f1bd2e2a05e37501fc9a821883f99aa282ed77 gnupg-l10n_2.2.40-1.1_all.deb
bcbc83f391854ea9d50ce2a4101aacf330de3b8b71d81a798faadba14a157f78 mawk_1.3.4.20200120-3.1_amd64.deb
bfd1d89f833c09a28b062ee916495cf69649ca2bf529532476c7b69d75d24909 ncurses-base_6.4-4_all.deb
bffcac7e4f69e39d37d4a33e841d6371ac8b5aba6cd55546b385dc7ff6c702f5 libgcrypt20_1.10.1-3_amd64.deb
c0d83437fdb016cb289436f49f28a36be44b3e8f1f2498c7e3a095f709c0d6f8 libnsl2_1.3.0-2_amd64.deb
c1450e3afcb821645976b0c1dc06094195d7540ac2c811924ace472303290962 usr-is-merged_35_all.deb
c158f1d854928a91ae0cfcfbf0653083624f73d6be94005d26358ecc8edc3173 libde265-0_1.0.11-1+deb12u1_amd64.deb
c1bac61abefa0d957394d33c02b7bfb2a3ab3ce5e6d90617c4019ddea4bdbf63 debian-archive-keyring_2023.3+deb12u1_all.deb
c24fe4eb8e60d8632d72ed104cce7c92cff200847c897dc8ba764b6c47b519e0 adduser_3.134_all.deb
c266adb3545b0b8ff6450dbd09f85f19361bf5bc9290ddf2e869f040cb9725b7 librav1e0_0.5.1-6_amd64.deb
c2b3ccade855de14c6ece893a0d2bec63b0a007cbc2970af8152cf06699ccd2a libuuid1_2.38.1-5+b1_amd64.deb
c4945123d66d0503ba42e2fc0585abc76d0838978c6d277b9cc37a4da25d1a34 libattr1_1%3a2.5.1-4_amd64.deb
c6a494d3605341a2c909e280f81fa015a4c8df2de8624c88a712a7f98a63f057 liblsan0_12.2.0-14_amd64.deb
ccab743f6784b4cc7bd69e1810630edaf726cd69c1e735e39a16266d470bfdc0 libapt-pkg6.0_2.6.1_amd64.deb
cfac89e6a7a54ff3c6a4f843310e25efeddaa771baeae470bd98bd588c373563 libkeyutils1_1.6.3-2_amd64.deb
d20a3ee34fa84ad8bd381e8be6e9c2c2ea32347cff5e1169c10e978d43f54f24 libssh2-1_1.10.0-3+b1_amd64.deb
d3564267cef9f0162ad21b73d34b6a4302ee3a84426188168d74be737b079647 libgd3_2.3.3-9_amd64.deb
d466bbfe011d764d793c1d9d777cad9c7cf65b938e11598f27408171ad95a951 libunistring2_1.0-2_amd64.deb
d4b7736e58512a2b047f9cb91b71db5a3cf9d3451192fc6da044c77bf51fe869 liblzma5_5.4.1-0.2_amd64.deb
d50716d5824083d667427817d506b45d3f59dc77e1ca52de000f3f62d4918afa libidn2-0_2.3.3-1+b1_amd64.deb
d66fd8d7dd21a98e6a5acaa8d3fcb80b30561bb20c8e635dd6e66873abd4d40d gpg_2.2.40-1.1_amd64.deb
d7dd1d1411fedf27f5e27650a6eff20ef294077b568f4c8c5e51466dc7c08ce4 zlib1g_1%3a1.2.13.dfsg-1_amd64.deb
d7f79544790e44f9b0c8cb9034a18c58d37f8702a15f32539050718679e52f80 libmpc3_1.3.1-1_amd64.deb
d88c973e79fd9b65838d77624142952757e47a6eb1a58602acf0911cf35989f4 libx11-6_2%3a1.8.4-2+deb12u2_amd64.deb
d8e04be2cd7f8299668020b1c2a13ce07a1b79e73c901338a6fabd77ccabf004 libtsan2_12.2.0-14_amd64.deb
da03311a716bdcb73d1a93d322901ac46dce8eac67b5ccc95a6d8b776bfb4021 libpam-runtime_1.5.2-6+deb12u1_all.deb
dba89cd91adcb886ce1972122e55768aa3652cb562a6b26c5983c2d482a30a1e libfido2-1_1.12.0-2+b1_amd64.deb
dc32727dca9a87ba317da7989572011669f568d10159b9d8675ed7aedd26d686 libpng16-16_1.6.39-2_amd64.deb
e02ebbd3701cf468dbf98d6d917fbe0325e881f07fe8b316150c8d2a64486e66 libreadline8_8.2-1.3_amd64.deb
e0f6e357f327e80f26438dcda9c9304c43e2f3343359c6a5075d0b10ddfdb05d libsvtav1enc1_1.4.1+dfsg-1_amd64.deb
e1f69020dc2c466e421ec6a58406b643be8b5c382abf0f8989011c1d3df91c87 librtmp1_2.4+20151223.gitfa8646d.1-2+b2_amd64.deb
e28d141cebb72f1ac1f1d0ea6528b343e41287128db3d4b217ce7790a22352cf libext2fs2_1.47.0-2_amd64.deb
e360be5f17f9c09c8f17bae809f6c6f091c5bb6ab1a44fc33e4fb86c5e5559df libpam0g_1.5.2-6+deb12u1_amd64.deb
e3a8e56057592c60fd8db174968e9f232f07905b79544a9e477cd48f008326b2 dirmngr_2.2.40-1.1_amd64.deb
e46fbb519b4342c114b2fa19bcdb736e294eadc769fae75d6bc2e94a4db67f15 libubsan1_12.2.0-14_amd64.deb
e489a9282c4b765c29d9eda7c4747e1cb58be71161012c3a57e2a8bc63dc0f5a libkrb5support0_1.20.1-2+deb12u1_amd64.deb
ea063646d4f70d15be5ed52b67b5ac95d68dda823c60d808c7c25439c6d14e4d openssl_3.0.11-1~deb12u2_amd64.deb
eabec1dde2834f72540d7b93fc5df2625f52611c06d93d61f5cdb12480e0e6a3 gzip_1.12-1_amd64.deb
ecb8536f5fb34543b55bb9dc5f5b14c9dbb4150a7bddb3f2287b7cab6e9d25ef libxdmcp6_1%3a1.1.2-3_amd64.deb
ed8185c28b2cb519744a5a462dcd720d3b332c9b88a1d0002eac06dc8550cb94 libhogweed6_3.8.1-2_amd64.deb
ee690db978151ae372dcede4bba26c299d985046e6dc708bb907961901b73b6a libnghttp2-14_1.52.0-1+deb12u1_amd64.deb
eec4dc9d949d2c666b1da3fa762a340e8ba10c3a04d3eed32749a97695c15641 libtasn1-6_4.19.0-2_amd64.deb
ef1dfcf22de41ea90ebd3d505447ccccd999e96b85aa777a1d7d981dc3b347aa libctf-nobfd0_2.40-2_amd64.deb
efa1ba4cd19ad7baeae959c9209a7eb74be2ebb858bcabb412597bfc9f588c91 manpages_6.03-2_all.deb
f3d1d48c0599aea85b7f2077a01d285badc42998c1a1e7473935d5cf995c8141 libgcc-s1_12.2.0-14_amd64.deb
f5f60a5cdfd4e4eaa9438ade5078a57741a7a78d659fcb0c701204f523e8bd29 libcrypt1_1%3a4.4.33-2_amd64.deb
f9ce24cbf69957dc1851fc55adba0a60b5bc617d51587b6478f2be64786442f1 init-system-helpers_1.65.2_all.deb
f9ce531f60cbd5df37996af9370e0171be96902a17ec2bdbd8d62038c354094f zlib1g-dev_1%3a1.2.13.dfsg-1_amd64.deb
fa5cd07754d9a4f93e2a6f54a5b1fa160230e312121d62c0c609b6701f9b93a3 git_1%3a2.39.2-1.1_amd64.deb
fc6a692d2f399b83ef5a7f310883286a5e4326095812d8bb934925125002981c libpam-modules-bin_1.5.2-6+deb12u1_amd64.deb
fcf55b99e5f8a78f3c8ce9b6957f1024f394cf20c196b100d308a57e43547710 libbinutils_2.40-2_amd64.deb
fd36d0972866adde5a52269a309fcecd76a8e45e557dd0ecd33aa221cabc2a8c libsemanage2_3.4-1+b5_amd64.deb
fdc61332a3892168f3cc9cfa1fe9cf11a91dc3e0acacbc47cbc50ebaa234cc71 libxcb1_1.15-1_amd64.deb
fe36a7f35361fc40d0057ef447a7302fd41d51740d51c98fb3870bbed5b96e56 libexpat1_2.5.0-1_amd64.deb
fe524a9de7ed6b2a1465693f12d5f7be2d2d9f6d6e6bf028f17109263e173dc8 liblocale-gettext-perl_1.07-5_amd64.deb

View File

@ -0,0 +1,13 @@
debian-archive-keyring
build-essential
git
libfaketime
file
wget
cpio
unzip
rsync
bc
libncurses-dev
python3
libelf-dev

View File

@ -0,0 +1,256 @@
adduser=3.134
apt=2.6.1
base-files=12.4+deb12u4
base-passwd=3.6.1
bash=5.2.15-2+b2
bc=1.07.1-3+b1
binutils-common=2.40-2
binutils-x86-64-linux-gnu=2.40-2
binutils=2.40-2
bsdutils=1:2.38.1-5+b1
build-essential=12.9
bzip2=1.0.8-5+b1
ca-certificates=20230311
coreutils=9.1-1
cpio=2.13+dfsg-7.1
cpp-12=12.2.0-14
cpp=4:12.2.0-3
dash=0.5.12-2
debconf=1.5.82
debian-archive-keyring=2023.3+deb12u1
debianutils=5.7-0.5~deb12u1
diffutils=1:3.8-4
dirmngr=2.2.40-1.1
dpkg-dev=1.21.22
dpkg=1.21.22
e2fsprogs=1.47.0-2
fakeroot=1.31-1.2
file=1:5.44-3
findutils=4.9.0-4
fontconfig-config=2.14.1-4
fonts-dejavu-core=2.37-6
g++-12=12.2.0-14
g++=4:12.2.0-3
gcc-12-base=12.2.0-14
gcc-12=12.2.0-14
gcc=4:12.2.0-3
git-man=1:2.39.2-1.1
git=1:2.39.2-1.1
gnupg-l10n=2.2.40-1.1
gnupg-utils=2.2.40-1.1
gnupg=2.2.40-1.1
gpg-agent=2.2.40-1.1
gpg-wks-client=2.2.40-1.1
gpg-wks-server=2.2.40-1.1
gpg=2.2.40-1.1
gpgconf=2.2.40-1.1
gpgsm=2.2.40-1.1
gpgv=2.2.40-1.1
grep=3.8-5
gzip=1.12-1
hostname=3.23+nmu1
init-system-helpers=1.65.2
krb5-locales=1.20.1-2+deb12u1
less=590-2
libabsl20220623=20220623.1-1
libacl1=2.3.1-3
libalgorithm-diff-perl=1.201-1
libalgorithm-diff-xs-perl=0.04-8+b1
libalgorithm-merge-perl=0.08-5
libaom3=3.6.0-1
libapt-pkg6.0=2.6.1
libasan8=12.2.0-14
libassuan0=2.5.5-5
libatomic1=12.2.0-14
libattr1=1:2.5.1-4
libaudit-common=1:3.0.9-1
libaudit1=1:3.0.9-1
libavif15=0.11.1-1
libbinutils=2.40-2
libblkid1=2.38.1-5+b1
libbrotli1=1.0.9-2+b6
libbsd0=0.11.7-2
libbz2-1.0=1.0.8-5+b1
libc-bin=2.36-9+deb12u3
libc-dev-bin=2.36-9+deb12u3
libc-devtools=2.36-9+deb12u3
libc6-dev=2.36-9+deb12u3
libc6=2.36-9+deb12u3
libcap-ng0=0.8.3-1+b3
libcap2=1:2.66-4
libcbor0.8=0.8.0-2+b1
libcc1-0=12.2.0-14
libcom-err2=1.47.0-2
libcrypt-dev=1:4.4.33-2
libcrypt1=1:4.4.33-2
libctf-nobfd0=2.40-2
libctf0=2.40-2
libcurl3-gnutls=7.88.1-10+deb12u5
libdav1d6=1.0.0-2
libdb5.3=5.3.28+dfsg2-1
libde265-0=1.0.11-1+deb12u1
libdebconfclient0=0.270
libdeflate0=1.14-1
libdpkg-perl=1.21.22
libedit2=3.1-20221030-2
libelf-dev=0.188-2.1
libelf1=0.188-2.1
liberror-perl=0.17029-2
libexpat1=2.5.0-1
libext2fs2=1.47.0-2
libfakeroot=1.31-1.2
libfaketime=0.9.10-2.1
libffi8=3.4.4-1
libfido2-1=1.12.0-2+b1
libfile-fcntllock-perl=0.22-4+b1
libfontconfig1=2.14.1-4
libfreetype6=2.12.1+dfsg-5
libgav1-1=0.18.0-1+b1
libgcc-12-dev=12.2.0-14
libgcc-s1=12.2.0-14
libgcrypt20=1.10.1-3
libgd3=2.3.3-9
libgdbm-compat4=1.23-3
libgdbm6=1.23-3
libgmp10=2:6.2.1+dfsg1-1.1
libgnutls30=3.7.9-2+deb12u1
libgomp1=12.2.0-14
libgpg-error0=1.46-1
libgpm2=1.20.7-10+b1
libgprofng0=2.40-2
libgssapi-krb5-2=1.20.1-2+deb12u1
libheif1=1.15.1-1
libhogweed6=3.8.1-2
libidn2-0=2.3.3-1+b1
libisl23=0.25-1
libitm1=12.2.0-14
libjansson4=2.14-2
libjbig0=2.1-6.1
libjpeg62-turbo=1:2.1.5-2
libk5crypto3=1.20.1-2+deb12u1
libkeyutils1=1.6.3-2
libkrb5-3=1.20.1-2+deb12u1
libkrb5support0=1.20.1-2+deb12u1
libksba8=1.6.3-2
libldap-2.5-0=2.5.13+dfsg-5
libldap-common=2.5.13+dfsg-5
liblerc4=4.0.0+ds-2
liblocale-gettext-perl=1.07-5
liblsan0=12.2.0-14
liblz4-1=1.9.4-1
liblzma5=5.4.1-0.2
libmagic-mgc=1:5.44-3
libmagic1=1:5.44-3
libmd0=1.0.4-2
libmount1=2.38.1-5+b1
libmpc3=1.3.1-1
libmpfr6=4.2.0-1
libncurses-dev=6.4-4
libncurses6=6.4-4
libncursesw6=6.4-4
libnettle8=3.8.1-2
libnghttp2-14=1.52.0-1+deb12u1
libnpth0=1.6-3
libnsl-dev=1.3.0-2
libnsl2=1.3.0-2
libnuma1=2.0.16-1
libp11-kit0=0.24.1-2
libpam-modules-bin=1.5.2-6+deb12u1
libpam-modules=1.5.2-6+deb12u1
libpam-runtime=1.5.2-6+deb12u1
libpam0g=1.5.2-6+deb12u1
libpcre2-8-0=10.42-1
libpcre3=2:8.39-15
libperl5.36=5.36.0-7+deb12u1
libpng16-16=1.6.39-2
libpopt0=1.19+dfsg-1
libpsl5=0.21.2-1
libpython3-stdlib=3.11.2-1+b1
libpython3.11-minimal=3.11.2-6
libpython3.11-stdlib=3.11.2-6
libquadmath0=12.2.0-14
librav1e0=0.5.1-6
libreadline8=8.2-1.3
librtmp1=2.4+20151223.gitfa8646d.1-2+b2
libsasl2-2=2.1.28+dfsg-10
libsasl2-modules-db=2.1.28+dfsg-10
libsasl2-modules=2.1.28+dfsg-10
libseccomp2=2.5.4-1+b3
libselinux1=3.4-1+b6
libsemanage-common=3.4-1
libsemanage2=3.4-1+b5
libsepol2=3.4-2.1
libsmartcols1=2.38.1-5+b1
libsqlite3-0=3.40.1-2
libss2=1.47.0-2
libssh2-1=1.10.0-3+b1
libssl3=3.0.11-1~deb12u2
libstdc++-12-dev=12.2.0-14
libstdc++6=12.2.0-14
libsvtav1enc1=1.4.1+dfsg-1
libsystemd0=252.19-1~deb12u1
libtasn1-6=4.19.0-2
libtiff6=4.5.0-6+deb12u1
libtinfo6=6.4-4
libtirpc-common=1.3.3+ds-1
libtirpc-dev=1.3.3+ds-1
libtirpc3=1.3.3+ds-1
libtsan2=12.2.0-14
libubsan1=12.2.0-14
libudev1=252.19-1~deb12u1
libunistring2=1.0-2
libuuid1=2.38.1-5+b1
libwebp7=1.2.4-0.2+deb12u1
libx11-6=2:1.8.4-2+deb12u2
libx11-data=2:1.8.4-2+deb12u2
libx265-199=3.5-2+b1
libxau6=1:1.0.9-1
libxcb1=1.15-1
libxdmcp6=1:1.1.2-3
libxext6=2:1.3.4-1+b1
libxmuu1=2:1.1.3-3
libxpm4=1:3.5.12-1.1+deb12u1
libxxhash0=0.8.1-1
libyuv0=0.0~git20230123.b2528b0-1
libzstd1=1.5.4+dfsg2-5
linux-libc-dev=6.1.69-1
login=1:4.13+dfsg1-1+b1
logsave=1.47.0-2
make=4.3-4.1
manpages-dev=6.03-2
manpages=6.03-2
mawk=1.3.4.20200120-3.1
media-types=10.0.0
mount=2.38.1-5+b1
ncurses-base=6.4-4
ncurses-bin=6.4-4
netbase=6.4
openssh-client=1:9.2p1-2+deb12u2
openssl=3.0.11-1~deb12u2
passwd=1:4.13+dfsg1-1+b1
patch=2.7.6-7
perl-base=5.36.0-7+deb12u1
perl-modules-5.36=5.36.0-7+deb12u1
perl=5.36.0-7+deb12u1
pinentry-curses=1.2.1-1
publicsuffix=20230209.2326-1
python3-minimal=3.11.2-1+b1
python3.11-minimal=3.11.2-6
python3.11=3.11.2-6
python3=3.11.2-1+b1
readline-common=8.2-1.3
rpcsvc-proto=1.4.3-1
rsync=3.2.7-1
sed=4.9-1
sysvinit-utils=3.06-4
tar=1.34+dfsg-1.2
tzdata=2023c-5+deb12u1
unzip=6.0-28
usr-is-merged=35
util-linux-extra=2.38.1-5+b1
util-linux=2.38.1-5+b1
wget=1.21.3-1+b2
xauth=1:1.1.2-1
xz-utils=5.4.1-0.2
zlib1g-dev=1:1.2.13.dfsg-1
zlib1g=1:1.2.13.dfsg-1

View File

@ -0,0 +1,6 @@
deb http://deb.debian.org/debian bookworm main
deb http://security.debian.org/debian-security bookworm-security main
deb http://deb.debian.org/debian bookworm-updates main
deb [trusted=yes] http://snapshot.debian.org/archive/debian/20240125T000000Z bookworm main
deb [trusted=yes] http://snapshot.debian.org/archive/debian-security/20240125T000000Z bookworm-security main
deb [trusted=yes] http://snapshot.debian.org/archive/debian/20240125T000000Z bookworm-updates main

BIN
dist/airgap.iso (Stored with Git LFS) vendored

Binary file not shown.

16
dist/manifest.2BDE9CDB6D0FAD15.asc vendored Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzAzToO3Ax9K7Run3B88Hlc0qV+sFAmP+XQ4ACgkQB88Hlc0q
V+v1lg/9HxgMu/SLVcDlLEi0uz21693OwEBjcxL1rRca7y4/t/upGnhu53c0gM7W
ws+voJWWi9d8wTeuwl9yxvajdAo8I3Jw78hjXZWvqTK0CmLSSfCBTH6e7uRpvzbC
cJrc3QiErI84TpJde4NmZpMz6oGPzp+qdoAPCvsSiS2xy97+ZGB9OIfffjmlN86L
ZIjKCB0K2+yijB3pa/faNHv3Jv4XKliUXP+AelT0Rsw2466Bndruh63mxNjqYZiC
54hVd46ASwhS4YDNFZVrcYJNETr52328QjhtNlPsG83E2KGp2rl9mFaiXxLQsFD0
7j0VPIFPAqDvD7ZhAf5oTZDmo2BJYZpGTmTjBAdKDKCWySbwIEoGC65UoOY8ROXV
uGNqf9enFzWfnwLcDiujDo3e51Dag65FnEGkUDLUo/D/2B+r9vEzesVdTuGx3Szh
OTldUZp0ls9bCqhO4cCllZheswREbTTUUSYMYGNsRF+j6VaBR8jYa9yM4AX/Qk4N
9cokKyUD/ci49CH8R6THliD7FtF1G+LWvgHI4ZKzrEMJGyJVTiimHX4N2BJzZtUv
ObfCcskscf6DZxDpiFG256t2FYL3zQzNCaLj7mBpwe9NRuLwiSuHgS3udP9qossn
6Zew0D+a9wpst1MibKMx1G6eLn24Bjly81LDvIaKPn/yRIRrVzc=
=RJE0
-----END PGP SIGNATURE-----

View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAma0fbsACgkQjkeh7DWh
VR0lYBAAsjKcqgoSM73lck4gSga3CWtTfZ/k7azr98HnUw5InTyTwvna2sRGL3jb
Q0pUhrPVQVmjXSyxD/hR/uLuiAfUn2Gyhp1MZS3C7jmFcRsxCJzNbByv/2bUS2+U
5TaCoxmM8SdxTqcBIyYylKzZ4ub0t3bCWUt2uPqdSqslgEReeqbzzE3jpmiUfmHE
daaZhZa3iPEr7vqq00jUGFuSEdxQCQkty0nZHzfGhHwbliiUGyH6/bb+u4v5eGYH
VEyRq0CWFgw5sywpSf3UZjR0fkd0do9z6Li1ggN2GV63I4oT3L1LltcMXtgfMp+B
SA3gz7/mJsMqM6H2ZWqUgJAZw/mZCGStftSnOTKdyEtpzagNNeePa5f4kM1ZuHF6
ehSl1nbnCeCPfedS8+oUm3v8qWiFLXz4tmYvBnfDWaUXIYpNOrvJPtatdinTNRfl
nglyEt6Olc+3vEqkrEl7JFu13Gl92mbuhhelKjM/VDheHBUZ6yrso1aLbyruO+wm
RxL3pQSCNfAnIQpSdkXga5gVvbZDDISBast3qHFuZaZFbo2p24hw0HnLAfyCrxgF
JnN3x2qqRlTzQSrVr4EEXUwUqpt5LlnQ3kDLNVYhXuqTdmyETj1YGnAXkqV/D+Z7
B7hlDdddXI5d0yDoYPAmF9N7XJCasdfutnO/8IfZ/eE989jYybE=
=eruT
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAmP5OHwACgkQjkeh7DWh
VR08/w//ScO/qM0a8JAAsCuCXEeZIJAhkICrxOCjMl6z9KP3lU8yVU6NL/ULF9P4
0nW5A1jnZo9PKcabV1RKFkQ/UuJdmUOuupg5JkN5X99rR/SDZ6hrsVy/tS6kjKaU
Z9qMGlsVRYVdbBb+VKtQB1gguj04QXVD9iAFIeAeaRRNMhtqo7gMHU1cdOkB86g2
H4w25LuxkIfRtyGlUgtBMS3MqpRiNjUSunP357VlHFBEGv4yT7CcdLK68FFd6Qzp
U1KJja5DG68aVTHdT47LvFCKRPjyFvheA1Ok1feSnYrOqPAhzYEFuWoE+f/+/nsI
JLqGVvPO7g40p0YXZdPWjQON4ZpcRuWG9TRg85G4WV+sQfqnDpz1i2++pb2RrOMI
SNwUIz8zdTaWo1G+AoNfaveybk7BOlAstjDwA5SzukFNrPvBSOQpe53i+NGyTAPS
pbKnir6IAD1QwagZOzYac6tzE4ZX2F7zmjPrwCDHGYAYuaQV+1CWiIvnN5zCjHXe
pvl22LKwr8BDRHzmVpctdVojlkb4llrbdzq3cMZgdXasXKORD9+yuGAK5+hfekmi
vsUMROvIp27q/eFL5fLTIP3clOo5+foWdB4cqWoS0q+5qIG3Aa0YZp9HDeI9pdjH
W11QFp4tlrDwA0lgHdUiF4vITxDk/+qz0Hi3gKCll87cmXUufRg=
=wZZ6
-----END PGP SIGNATURE-----

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiII6deyqeGsP84sUjkAUeKP773IFAma0f0IACgkQjkAUeKP7
73I33w//SaGbbM9z8SYsWhii1SBnfs6NVQSwdBoO20C4gFdmZkPVDak3QoCAioaC
GjlEOEDb7SXfWi3n2z72P97dswN6dG1IxQKR1N913IWzUUEXGR0phaC+o0P1/f74
MXrcUDLwwJwZsA/0zMV6gHvONEqwgmfEO4WrEB/Ty7ueoJjsmQ2oauWytlh8CVDR
3HFwiVoAjRC2d0vKj0eL2n9pNQNEYKb+oJ/gq3sk2L8qPs1vThQguHADvqmi6V3w
+4tZqviksPXb+sve3VTsKFDbd5AXvcRY4TbPawQ5W7Aa6iK9W/yA10+zXvcHoGrA
6iMR94yI9eprBkqoeoxr2MHPk+8d9xXB16hY/h+OCPibkFFfPST9GDFcp0nk1JFH
b0bbpanBsxwN3IxTAL0a7iD2nxftZHjgiZib1lhdhLg35o9iou1V0fRPwdjepS3o
2TBvKhtNncUW/87ZhxhdkTI/iUvS0iem3KHUQXkM+ziOC5zGf+PYvMCuy2P0oSei
731aVOgxKbpEZHY0pTkuqG7U4+RWZ+KJEnxETcZWoCeY9DW/u2Dx5hukeZJbvmUo
111vBoziyocgKvKi5S3ctZaAwm2wNsE0TU/o5u9+Q5ST1wgsKJF+F0laCUQcDPwM
UyM5VznH31pChrlzRiUcsm0lMvDkx+JfTSBPOgzABMAcQ3YuTSk=
=e+q6
-----END PGP SIGNATURE-----

4
dist/manifest.txt vendored
View File

@ -1,2 +1,2 @@
fe92783ef775ccc5e32baefb26f951b7f37ed26ecbb4601a068e20b31bebadbb airgap.iso
b714c963bd8b1f3a38295821f0a3521bc64f97c1023c49d22a2e7433385b1a09 release.env
5b830f69691a96deb50caa68b69b7a6bb34a0af8c55a0d7dd21c1771683f96e1 airgap.iso
89695f9584b98adea86887de56774b8747c4f36092611c31da367a63f072954d release.env

8
dist/release.env vendored
View File

@ -1,5 +1,5 @@
VERSION=2024.8.1
GIT_REF=ea623cc147741b0a753ce4ea7aabe512df9a2ef9
VERSION=2023.02.24
GIT_REF=2376bc53dc4609ad0bff55e0b3365891db6fbeea
GIT_AUTHOR=Lance R. Vick
GIT_PUBKEY=6B61ECD76088748C70590D55E90A401336C8AAA9
GIT_TIMESTAMP=2024-08-08 00:34:41 -0700
GIT_KEY=6B61ECD76088748C70590D55E90A401336C8AAA9
GIT_TIMESTAMP=2023-02-24 13:31:37 -0800

View File

@ -1,55 +0,0 @@
#!/bin/sh
DAEMON="syslogd"
PIDFILE="/var/run/$DAEMON.pid"
SYSLOGD_ARGS=""
# shellcheck source=/dev/null
[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
# BusyBox' syslogd does not create a pidfile, so pass "-n" in the command line
# and use "-m" to instruct start-stop-daemon to create one.
start() {
printf 'Starting %s: ' "$DAEMON"
# shellcheck disable=SC2086 # we need the word splitting
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/sbin/$DAEMON" \
-- -n $SYSLOGD_ARGS
status=$?
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
stop() {
printf 'Stopping %s: ' "$DAEMON"
start-stop-daemon -K -q -p "$PIDFILE"
status=$?
if [ "$status" -eq 0 ]; then
rm -f "$PIDFILE"
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
restart() {
stop
sleep 1
start
}
case "$1" in
start|stop|restart)
"$1";;
reload)
# Restart, since there is no true "reload" feature.
restart;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

View File

@ -1,55 +0,0 @@
#!/bin/sh
DAEMON="klogd"
PIDFILE="/var/run/$DAEMON.pid"
KLOGD_ARGS=""
# shellcheck source=/dev/null
[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
# BusyBox' klogd does not create a pidfile, so pass "-n" in the command line
# and use "-m" to instruct start-stop-daemon to create one.
start() {
printf 'Starting %s: ' "$DAEMON"
# shellcheck disable=SC2086 # we need the word splitting
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/sbin/$DAEMON" \
-- -n $KLOGD_ARGS
status=$?
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
stop() {
printf 'Stopping %s: ' "$DAEMON"
start-stop-daemon -K -q -p "$PIDFILE"
status=$?
if [ "$status" -eq 0 ]; then
rm -f "$PIDFILE"
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
restart() {
stop
sleep 1
start
}
case "$1" in
start|stop|restart)
"$1";;
reload)
# Restart, since there is no true "reload" feature.
restart;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

View File

@ -1,94 +0,0 @@
#!/bin/sh
#
# This script is used by busybox and procps-ng.
#
# With procps-ng, the "--system" option of sysctl also enables "--ignore", so
# errors are not reported via syslog. Use the run_logger function to mimic the
# --system behavior, still reporting errors via syslog. Users not interested
# on error reports can add "-e" to SYSCTL_ARGS.
#
# busybox does not have a "--system" option neither reports errors via syslog,
# so the scripting provides a consistent behavior between the implementations.
# Testing the busybox sysctl exit code is fruitless, as at the moment, since
# its exit status is zero even if errors happen. Hopefully this will be fixed
# in a future busybox version.
PROGRAM="sysctl"
SYSCTL_ARGS=""
# shellcheck source=/dev/null
[ -r "/etc/default/$PROGRAM" ] && . "/etc/default/$PROGRAM"
# Files are read from directories in the SYSCTL_SOURCES list, in the given
# order. A file may be used more than once, since there can be multiple
# symlinks to it. No attempt is made to prevent this.
SYSCTL_SOURCES="/etc/sysctl.d/ /usr/local/lib/sysctl.d/ /usr/lib/sysctl.d/ /lib/sysctl.d/ /etc/sysctl.conf"
# If the logger utility is available all messages are sent to syslog, except
# for the final status. The file redirections do the following:
#
# - stdout is redirected to syslog with facility.level "kern.info"
# - stderr is redirected to syslog with facility.level "kern.err"
# - file dscriptor 4 is used to pass the result to the "start" function.
#
run_logger() {
# shellcheck disable=SC2086 # we need the word splitting
find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \
xargs -0 -r -n 1 readlink -f | {
prog_status="OK"
while :; do
read -r file || {
echo "$prog_status" >&4
break
}
echo "* Applying $file ..."
/sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL"
done 2>&1 >&3 | /usr/bin/logger -t sysctl -p kern.err
} 3>&1 | /usr/bin/logger -t sysctl -p kern.info
}
# If logger is not available all messages are sent to stdout/stderr.
run_std() {
# shellcheck disable=SC2086 # we need the word splitting
find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \
xargs -0 -r -n 1 readlink -f | {
prog_status="OK"
while :; do
read -r file || {
echo "$prog_status" >&4
break
}
echo "* Applying $file ..."
/sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL"
done
}
}
if [ -x /usr/bin/logger ]; then
run_program="run_logger"
else
run_program="run_std"
fi
start() {
printf '%s %s: ' "$1" "$PROGRAM"
status=$("$run_program" 4>&1)
echo "$status"
if [ "$status" = "OK" ]; then
return 0
fi
return 1
}
case "$1" in
start)
start "Running";;
restart|reload)
start "Rerunning";;
stop)
:;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

View File

@ -1,24 +0,0 @@
#!/bin/sh
case "$1" in
start)
printf "Populating %s using udev: " "${udev_root:-/dev}"
[ -e /proc/sys/kernel/hotplug ] && printf '\000\000\000\000' > /proc/sys/kernel/hotplug
/sbin/udevd -d || { echo "FAIL"; exit 1; }
udevadm trigger --type=subsystems --action=add
udevadm trigger --type=devices --action=add
udevadm settle --timeout=30 || echo "udevadm settle failed"
echo "done"
;;
stop)
# Stop execution of events
udevadm control --stop-exec-queue
killall udevd
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0

View File

@ -1,20 +0,0 @@
#!/bin/sh
case "$1" in
start)
/usr/sbin/pcscd -d || { echo "FAIL"; exit 1; }
killall pcscd
/usr/sbin/pcscd -d || { echo "FAIL"; exit 1; }
echo "done"
;;
stop)
# Stop execution of events
killall pcscd
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0

View File

@ -1,70 +0,0 @@
#! /bin/sh
#
# Preserve the random seed between reboots. See urandom(4).
#
# Quietly do nothing if /dev/urandom does not exist
[ -c /dev/urandom ] || exit 0
URANDOM_SEED="/var/lib/random-seed"
# shellcheck source=/dev/null
[ -r "/etc/default/urandom" ] && . "/etc/default/urandom"
if pool_bits=$(cat /proc/sys/kernel/random/poolsize 2> /dev/null); then
pool_size=$((pool_bits/8))
else
pool_size=512
fi
init_rng() {
[ -f "$URANDOM_SEED" ] || return 0
printf 'Initializing random number generator: '
dd if="$URANDOM_SEED" bs="$pool_size" of=/dev/urandom count=1 2> /dev/null
status=$?
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
save_random_seed() {
printf 'Saving random seed: '
status=1
if touch "$URANDOM_SEED.new" 2> /dev/null; then
old_umask=$(umask)
umask 077
dd if=/dev/urandom of="$URANDOM_SEED.tmp" bs="$pool_size" count=1 2> /dev/null
cat "$URANDOM_SEED" "$URANDOM_SEED.tmp" 2>/dev/null \
| sha256sum \
| cut -d ' ' -f 1 > "$URANDOM_SEED.new" && \
mv "$URANDOM_SEED.new" "$URANDOM_SEED" && status=0
rm -f "$URANDOM_SEED.tmp"
umask "$old_umask"
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
else
echo "SKIP (read-only file system detected)"
fi
return "$status"
}
case "$1" in
start|restart|reload)
# Carry a random seed from start-up to start-up
# Load and then save the whole entropy pool
init_rng && save_random_seed;;
stop)
# Carry a random seed from shut-down to start-up
# Save the whole entropy pool
save_random_seed;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

View File

@ -1,27 +0,0 @@
#!/bin/sh
# Stop all init scripts in /etc/init.d
# executing them in reversed numerical order.
#
for i in $(ls -r /etc/init.d/S??*) ;do
# Ignore dangling symlinks (if any).
[ ! -f "$i" ] && continue
case "$i" in
*.sh)
# Source shell script for speed.
(
trap - INT QUIT TSTP
set stop
. $i
)
;;
*)
# No sh extension, so fork subprocess.
$i stop
;;
esac
done

View File

@ -1,27 +0,0 @@
#!/bin/sh
# Start all init scripts in /etc/init.d
# executing them in numerical order.
#
for i in /etc/init.d/S??* ;do
# Ignore dangling symlinks (if any).
[ ! -f "$i" ] && continue
case "$i" in
*.sh)
# Source shell script for speed.
(
trap - INT QUIT TSTP
set start
. $i
)
;;
*)
# No sh extension, so fork subprocess.
$i start
;;
esac
done

View File

@ -1,2 +0,0 @@
#!/bin/sh
exec /bin/init

View File

@ -1,15 +0,0 @@
KERNEL!="mmcblk[0-9]p[0-9]|sd[a-z][0-9]", GOTO="automount_end"
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="automount_end"
IMPORT{program}="/sbin/blkid -o udev -p %N"
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"
ENV{ID_FS_LABEL}=="", ENV{dir_name}="%k"
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
ACTION=="add", ENV{ID_FS_TYPE}=="vfat", ENV{mount_options}="relatime,utf8,flush,user,umask=0000"
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"
ACTION=="add", RUN+="/usr/local/bin/autorun /media/%E{dir_name}"
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"
LABEL="automount_end"

View File

@ -1,28 +0,0 @@
#!/bin/bash
set -e
source /etc/profile
folder=${1?}
if [ "$folder" == "/media/USER" ] && [ -f "${folder}/autorun.sh" ]; then
if touch "${folder}/.write_test" 2>/dev/null; then
echo "!! Autorun: Read-only verification failed for /media/USER" >/dev/console
exit 1;
else
echo "" >/dev/console
echo "++ Autorun: Found /media/USER/autorun.sh" >/dev/console;
echo "** Autorun: Executing /media/USER/autorun.sh" >/dev/console
/bin/bash "/media/USER/autorun.sh" >/dev/console
fi
elif [ -f "${folder}/autorun.sh.asc" ]; then
echo "" >/dev/console
echo "++ Autorun: Found ${folder}/autorun.sh" >/dev/console;
gpg --verify "${folder}/autorun.sh.asc" >/dev/null 2>&1 || {
echo "!! Autorun: Verification Failed for ${folder}/autorun.sh" \
>/dev/console;
exit 1;
}
echo "++ Autorun: Verified ${folder}/autorun.sh" >/dev/console
echo "** Autorun: Executing ${folder}/autorun.sh" >/dev/console
/bin/bash "${folder}/autorun.sh" >/dev/console
fi

View File

@ -1,3 +0,0 @@
#!/bin/bash
echo "Autorun.sh executed"

65
src/scripts/audit Executable file
View File

@ -0,0 +1,65 @@
#!/bin/bash
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
set -e; source environment
build_dir="${BUILD_DIR?}"
audit_dir="${BUILD_DIR?}/audit"
buildroot_dir="${build_dir}/buildroot"
heads_dir="${build_dir}/heads"
mkdir -p ${audit_dir}
printf "Generating container package vulnerability stats... "
debsecan \
--suite $(lsb_release --codename --short) \
--format detail \
> ${audit_dir}/container_package_cves.txt
container_package_cves="$( \
cat ${audit_dir}/container_package_cves.txt | grep CVE | wc -l \
)"
echo "done"
printf "Generating target OS source tar hashes... "
openssl sha256 -r ${buildroot_dir}/dl/*/*.tar.* \
> ${audit_dir}/os_src_hashes.txt
echo "done"
printf "Generating firmware source tar hashes... "
openssl sha256 -r ${heads_dir}/packages/* \
> ${audit_dir}/fw_src_hashes.txt
echo "done"
printf "Generating combined/uniqued source tar hashes... "
cat ${audit_dir}/os_src_hashes.txt \
${audit_dir}/fw_src_hashes.txt \
| sed 's/ .*\// /g' \
| awk '{ t = $1; $1 = $2; $2 = t; print;}' \
| sort \
| uniq \
> ${audit_dir}/all_hashes.txt
echo "done"
printf "Generating buildroot package stats... "
( cd ${buildroot_dir} \
&& support/scripts/pkg-stats --json ${audit_dir}/pkg-stats.json \
> /dev/null 2>&1
)
target_os_source_cves=$( \
cat build/audit/pkg-stats.json | jq '.stats["total-cves"]' \
)
echo "done"
printf "Generating license usage reports... "
( cd ${buildroot_dir} && make legal-info > /dev/null 2>&1 )
cp -R ${buildroot_dir}/output/legal-info ${audit_dir}/legal-info
echo "done"
echo "------------------------------------------------"
echo "Wrote: build/audit/container_package_cves.txt"
echo "Wrote: build/audit/os_src_hashes.txt"
echo "Wrote: build/audit/fw_src_hashes.txt"
echo "Wrote: build/audit/all_hashes.txt"
echo "Wrote: build/audit/pkg-stats.json"
echo "Wrote: build/audit/legal-info"
echo "------------------------------------------------"
echo "Build container package CVEs: ${container_package_cves}"
echo "Target OS source CVEs: ${target_os_source_cves}"

1
src/toolchain Submodule

@ -0,0 +1 @@
Subproject commit ca3e7960ea2abb9e448610c633dc92d7786ce8ab