Compare commits
No commits in common. "main" and "main" have entirely different histories.
|
@ -1,2 +1 @@
|
|||
dist/*.iso filter=lfs diff=lfs merge=lfs -text
|
||||
dist/airgap.iso filter=lfs diff=lfs merge=lfs -text
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
cache/
|
||||
out/
|
||||
out*/
|
||||
.*
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
[submodule "src/toolchain"]
|
||||
path = src/toolchain
|
||||
url = https://codeberg.org/distrust/toolchain
|
236
Containerfile
236
Containerfile
|
@ -1,236 +0,0 @@
|
|||
FROM stagex/alsa-lib:sx2024.09.0@sha256:a41b481187f76c1e9ed4e237977f4892c1507a3b8f8f6736ff3fdd5144bd2afb AS alsa-lib
|
||||
FROM stagex/bash:sx2024.09.0@sha256:cb58f55d268fbe7ef629cda86e3a8af893066e4af7f26ef54748b6ad47bdaa66 AS bash
|
||||
FROM stagex/bc:sx2024.09.0@sha256:039cc5ac357a17d6374445fe4eed1dac15cc72f615bd9657c17e2c3904d42b62 AS bc
|
||||
FROM stagex/busybox:sx2024.09.0@sha256:d34bfa56566aa72d605d6cbdc154de8330cf426cfea1bc4ba8013abcac594395 AS busybox
|
||||
FROM stagex/ccid:sx2024.09.0@sha256:3225dc4a6a1af5f828854157a6b16eb09a0b0f7ebe9d9ee34030afe3966afad1 AS ccid
|
||||
FROM stagex/cpio:sx2024.09.0@sha256:abccb58edb5f1f31b3b9c8b61cffa10cd56de3307e337335927b8df4d9112d24 AS cpio
|
||||
FROM stagex/curl:sx2024.09.0@sha256:8e5705a77a76c92d058e016184dabd0c4fa2f6117021cc5ff55df35f654cb158 AS curl
|
||||
FROM stagex/dtc:sx2024.09.0@sha256:57f8aaa94059c43081b32fccb473ebd2c0cf16878dcf0e24e0e56c910467e93a AS dtc
|
||||
FROM stagex/eudev:sx2024.09.0@sha256:7da7aed7ea7eb73bda86e206e765bdc8e6367c2c2ae535ccd68c7c1b0a936611 AS eudev
|
||||
FROM stagex/flashtools:sx2024.09.0@sha256:4e61cc6f0af9aa6116bb93f048c20d00026d75c27dc52b7e8604f0e340c55b80 AS flashtools
|
||||
FROM stagex/gcc:sx2024.09.0@sha256:439bf36289ef036a934129d69dd6b4c196427e4f8e28bc1a3de5b9aab6e062f0 AS gcc
|
||||
FROM stagex/glib:sx2024.09.0@sha256:d280c18f8b52ce21a26924b0cb1bfb69ea6508b57db73efe22401572e71dbe84 AS glib
|
||||
FROM stagex/gpg:sx2024.09.0@sha256:f63555b39740db63b34c06894a4a9d5e125d04f5d51e799909d06c490e8ecd42 AS gpg
|
||||
FROM stagex/grub:sx2024.09.0@sha256:a14c60f152c759185e5702e910053cb5c0d9eee11f43d8d5d40a84123aece9fd AS grub
|
||||
FROM stagex/ipxe:sx2024.09.0@sha256:5791d9b42c7e9099a0180c4fe6cc4b8e9afc9e6b9ec392099c65c53b71db7908 AS ipxe
|
||||
FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq
|
||||
FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq
|
||||
FROM stagex/keyfork:sx2024.09.0@sha256:2288c1d769a0c3c535835019ad4919cc45b094492b5aa959a0eaf1e883a96214 AS keyfork
|
||||
FROM stagex/libaio:sx2024.09.0@sha256:c8d6dd6f3e6fbda73ac0620b2bc4b4cfe6fa504bf7a17eee3bb56e286c394b8b AS libaio
|
||||
FROM stagex/libassuan:sx2024.09.0@sha256:1f31e888ab3f02634009d1a38acca9f25deb827432eb91392e21fd75128a44aa AS libassuan
|
||||
FROM stagex/libffi:sx2024.09.0@sha256:ab647ebf8464e00cde623f86f716e7f50ce82c30eafde813b7977d917ff7143a AS libffi
|
||||
FROM stagex/libgcrypt:sx2024.09.0@sha256:49c84a586969ff625b3304dcf8905a98db0da36fb8704e3d7a0771d271509b68 AS libgcrypt
|
||||
FROM stagex/libgpg-error:sx2024.09.0@sha256:11c17c1ac41f36c85e538bd34a0095a9f17e116f61c38d560350c02a6929e55a AS libgpg-error
|
||||
FROM stagex/libksba:sx2024.09.0@sha256:2913b382fdb76f02f9d78ee162066e04953ba782b8f722145111617a842f40a3 AS libksba
|
||||
FROM stagex/libqrencode:sx2024.09.0@sha256:8c0f523bdf8d315e7b67cadd584e23d22a316dd1973232d49603e127717e4d1a AS libqrencode
|
||||
FROM stagex/libseccomp:sx2024.09.0@sha256:f48d783989da9d509cc6b4c12ec34e14074ffc1ab7a4f2d1e322c417d967e12f AS libseccomp
|
||||
FROM stagex/libslirp:sx2024.09.0@sha256:9dfb87e4a0adba80b862ce6b96112d96f509ffbca25bb71c60ba5bb5693b481d AS libslirp
|
||||
FROM stagex/libtpms:sx2024.09.0@sha256:d909a55137d0bf4a76331c2bf0358ee192d6c93ad77a5099af09ce1bcca2a6cd AS libtpms
|
||||
FROM stagex/libusb:sx2024.09.0@sha256:6c0dcf2b9519b1a41066ad71d3b597e9dae84fb73e5d031a3bdd2eb40f78ef94 AS libusb
|
||||
FROM stagex/libzstd:sx2024.09.0@sha256:a055f8cd6e11b0b8836b2e5e1d755f672edbd344a4f4b5aba94919a6511be4c3 AS libzstd
|
||||
FROM stagex/linux-airgap:sx2024.09.0@sha256:efb98b59ab37a7e33db423eda7a49bb7273b087838fda8098ce6736a0860fc73 AS linux-airgap
|
||||
FROM stagex/lzo:sx2024.09.0@sha256:09c60840e3e3e5835ec027c21283febc9f8cf53ab887576fbe9c38dbdbdfd571 AS lzo
|
||||
FROM stagex/mtools:sx2024.09.0@sha256:c83f7aebce9076903dbf1082aac981d3c0950d9e8952a900e5e072e2a811cda7 AS mtools
|
||||
FROM stagex/musl:sx2024.09.0@sha256:ad351b875f26294562d21740a3ee51c23609f15e6f9f0310e0994179c4231e1d AS musl
|
||||
FROM stagex/npth:sx2024.09.0@sha256:21d50ec1421fe75af4bea240d76022ddb8c114fd2805bfeb06fb938e5a58fc0d AS npth
|
||||
FROM stagex/numactl:sx2024.09.0@sha256:39e667b966a443f42e1c7a8c944203945bd1808ce759df1706bb3b93b0b674c2 AS numactl
|
||||
FROM stagex/openpgp-card-tools:sx2024.09.0@sha256:56d4696d111b309e536f1b70980db7098cd7823005432e4130432cb2f625cf9f AS openpgp-card-tools
|
||||
FROM stagex/opensc:sx2024.09.0@sha256:5117a9d39d3b77655b29bf661d9e04eea2001a5b033b2fd6b4297048330ff6e7 AS opensc
|
||||
FROM stagex/openssl:sx2024.09.0@sha256:2c1a9d8fcc6f52cb11a206f380b17d74c1079f04cbb08071a4176648b4df52c1 AS openssl
|
||||
FROM stagex/pcsc-lite:sx2024.09.0@sha256:4fe37671197ac768637e95f7395ae1a18412b3f42359d0c0aa9f4e7f684aef4e AS pcsc-lite
|
||||
FROM stagex/pcsc-tools:sx2024.09.0@sha256:05046ca5d41a09163eda26785563fd98f0cb1179030c3f4ee3243997a907bb96 AS pcsc-tools
|
||||
FROM stagex/qemu:sx2024.09.0@sha256:c9b099bc7d810a581e0e0f68061dd525d7efdb5334d119b4253249a459bd907e AS qemu
|
||||
FROM stagex/seabios:sx2024.09.0@sha256:f4e535fb1bfc2c7ae1756cdaa2404b1572f6ad195ceabba90d87ed0599fd97d7 AS seabios
|
||||
FROM stagex/sops:sx2024.09.0@sha256:c742fb1f0c5a4f9d9bc9afc37ba686b247d2b17d55d179409d33736b43c9aaa5 AS sops
|
||||
FROM stagex/swtpm:sx2024.09.0@sha256:c47fb2c4d8690936b4adef832a3f354231bb5a04206bf2fb565218034ce27792 AS swtpm
|
||||
FROM stagex/syslinux:sx2024.09.0@sha256:a41388558d7f6d9a29847ee2ff5507ab3100bfe9032ef3b99a3d783ad60ed390 AS syslinux
|
||||
FROM stagex/tpm2-tools:sx2024.09.0@sha256:c2fc693ec68a9d097151e5b3dd5b923f0dcc35fd4e0624b91ade3bf21367162c AS tpm2-tools
|
||||
FROM stagex/tpm2-tss:sx2024.09.0@sha256:a8bf8c0973e1b5ba62ce5034a6230684ebe5a142da275d09e81fa2f2f9c87411 AS tpm2-tss
|
||||
FROM stagex/util-linux:sx2024.09.0@sha256:7e3f3c1e748f5c216503e69b9f8f2e9f8084ec675fb29b23f3a6f0ed3b20c54a AS util-linux
|
||||
FROM stagex/xorriso:sx2024.09.0@sha256:2205a8f53d4fc569880c311061daa085f40c62b2fd94d556e72bd31b4df9e63a AS xorriso
|
||||
FROM stagex/xz:sx2024.09.0@sha256:b57c5e6144117bc0124855e9538e60c302cc7bf53fafb53e2eef3434015366f1 AS xz
|
||||
FROM stagex/yq:sx2024.09.0@sha256:bd6882f0f3ea664e9de6cf732cef2fa2781fc2852f5e6502a6aea1e63eb9708b AS yq
|
||||
FROM stagex/zlib:sx2024.09.0@sha256:96b4100550760026065dac57148d99e20a03d17e5ee20d6b32cbacd61125dbb6 AS zlib
|
||||
|
||||
FROM scratch AS base
|
||||
ARG VERSION development
|
||||
ARG GIT_TIMESTAMP null
|
||||
ARG GIT_AUTHOR null
|
||||
ARG GIT_REF null
|
||||
ARG GIT_PUBKEY null
|
||||
COPY --from=busybox . /
|
||||
COPY --from=musl . /
|
||||
COPY --from=xorriso . /
|
||||
COPY --from=cpio . /
|
||||
COPY --from=mtools . /
|
||||
COPY --from=xz . /
|
||||
COPY --from=grub . /
|
||||
|
||||
FROM base as dev
|
||||
COPY --from=gcc . /
|
||||
COPY --from=glib . /
|
||||
COPY --from=alsa-lib . /
|
||||
COPY --from=lzo . /
|
||||
COPY --from=dtc . /
|
||||
COPY --from=zlib . /
|
||||
COPY --from=numactl . /
|
||||
COPY --from=libaio . /
|
||||
COPY --from=libseccomp . /
|
||||
COPY --from=libffi . /
|
||||
COPY --from=libzstd . /
|
||||
COPY --from=libslirp . /
|
||||
COPY --from=seabios . /
|
||||
COPY --from=ipxe . /
|
||||
COPY --from=qemu . /
|
||||
COPY --from=swtpm . /
|
||||
COPY --from=openssl . /
|
||||
COPY --from=curl . /
|
||||
COPY --from=libtpms . /
|
||||
COPY --from=tpm2-tss . /
|
||||
COPY --from=tpm2-tools . /
|
||||
|
||||
FROM base AS build
|
||||
|
||||
## Kernel
|
||||
COPY --from=linux-airgap /bzImage iso/boot/vmlinuz
|
||||
|
||||
## Initramfs
|
||||
COPY --from=busybox . initramfs
|
||||
COPY --from=eudev . initramfs
|
||||
COPY --from=musl . initramfs
|
||||
COPY --from=zlib . initramfs
|
||||
COPY --from=npth . initramfs
|
||||
COPY --from=libksba . initramfs
|
||||
COPY --from=libgpg-error . initramfs
|
||||
COPY --from=libassuan . initramfs
|
||||
COPY --from=libgcrypt . initramfs
|
||||
COPY --from=keyfork . initramfs
|
||||
COPY --from=bash . initramfs
|
||||
COPY --from=gpg . initramfs
|
||||
COPY --from=jq . initramfs
|
||||
COPY --from=yq . initramfs
|
||||
COPY --from=bc . initramfs
|
||||
COPY --from=flashtools . initramfs
|
||||
COPY --from=curl . initramfs
|
||||
COPY --from=tpm2-tools . initramfs
|
||||
COPY --from=tpm2-tss . initramfs
|
||||
COPY --from=openssl . initramfs
|
||||
COPY --from=libusb . initramfs
|
||||
COPY --from=ccid . initramfs
|
||||
COPY --from=pcsc-lite . initramfs
|
||||
COPY --from=pcsc-tools . initramfs
|
||||
COPY --from=openpgp-card-tools . initramfs
|
||||
COPY --from=libqrencode . initramfs
|
||||
COPY --from=opensc . initramfs
|
||||
COPY --from=util-linux . initramfs
|
||||
COPY --from=sops . initramfs
|
||||
COPY rootfs/ initramfs
|
||||
COPY <<-EOF initramfs/etc/environment
|
||||
export VERSION="$VERSION"
|
||||
export GIT_TIMESTAMP="$GIT_TIMESTAMP"
|
||||
export GIT_AUTHOR="$GIT_AUTHOR"
|
||||
export GIT_REF="$GIT_REF"
|
||||
export GIT_PUBKEY="$GIT_PUBKEY"
|
||||
EOF
|
||||
RUN <<-EOF
|
||||
set -eux
|
||||
cd initramfs
|
||||
find . -exec touch -hcd "@0" "{}" +
|
||||
find . -print0 \
|
||||
| sort -z \
|
||||
| cpio \
|
||||
--null \
|
||||
--create \
|
||||
--verbose \
|
||||
--reproducible \
|
||||
--format=newc \
|
||||
| gzip --best \
|
||||
> ../iso/boot/initramfs
|
||||
EOF
|
||||
|
||||
## Grub (EFI Boot)
|
||||
COPY config/grub.cfg iso/boot/grub/grub.cfg
|
||||
COPY config/grub_early.cfg grub_early.cfg
|
||||
RUN <<-EOF
|
||||
set -eux
|
||||
mkdir -p efi/boot
|
||||
grub-mkimage \
|
||||
--config="grub_early.cfg" \
|
||||
--prefix="/boot/grub" \
|
||||
--output="efi/boot/bootx64.efi" \
|
||||
--format="x86_64-efi" \
|
||||
--compression="xz" \
|
||||
all_video \
|
||||
disk \
|
||||
part_gpt \
|
||||
part_msdos \
|
||||
linux \
|
||||
normal \
|
||||
configfile \
|
||||
search \
|
||||
search_label \
|
||||
efi_gop \
|
||||
fat \
|
||||
iso9660 \
|
||||
gzio \
|
||||
serial \
|
||||
terminal
|
||||
find efi -exec touch -hcd "@0" "{}" +
|
||||
mformat -i iso/boot/grub/efi.img -C -f 1440 -N 0 ::
|
||||
mcopy -i iso/boot/grub/efi.img -ms efi ::
|
||||
touch -md "@0" iso/boot/grub/efi.img
|
||||
EOF
|
||||
|
||||
## Syslinux (BIOS Boot)
|
||||
COPY config/syslinux.cfg iso/boot/syslinux/
|
||||
COPY --from=syslinux \
|
||||
/usr/share/syslinux/isohdpfx.bin \
|
||||
/usr/share/syslinux/isolinux.bin \
|
||||
/usr/share/syslinux/ldlinux.c32 \
|
||||
/usr/share/syslinux/libutil.c32 \
|
||||
/usr/share/syslinux/libcom32.c32 \
|
||||
/usr/share/syslinux/mboot.c32 \
|
||||
iso/boot/syslinux/
|
||||
|
||||
## Build Hybrid EFI/BIOS ISO
|
||||
FROM build AS install
|
||||
ENV SOURCE_DATE_EPOCH=1
|
||||
RUN <<-EOF
|
||||
set -eux
|
||||
dd if=/dev/zero bs=1M count=10 >> user.img
|
||||
mformat -v user -i user.img -N 0 ::
|
||||
find iso -exec touch -hcd "@0" "{}" +
|
||||
xorrisofs \
|
||||
-output airgap.iso \
|
||||
-full-iso9660-filenames \
|
||||
-joliet \
|
||||
-rational-rock \
|
||||
-sysid LINUX \
|
||||
-volid "airgap" \
|
||||
-isohybrid-mbr iso/boot/syslinux/isohdpfx.bin \
|
||||
-eltorito-boot boot/syslinux/isolinux.bin \
|
||||
-eltorito-catalog boot/syslinux/boot.cat \
|
||||
-no-emul-boot \
|
||||
-boot-load-size 4 \
|
||||
-boot-info-table \
|
||||
-eltorito-alt-boot \
|
||||
-e boot/grub/efi.img \
|
||||
-no-emul-boot \
|
||||
-isohybrid-gpt-basdat \
|
||||
-follow-links \
|
||||
-append_partition 3 0xb user.img \
|
||||
iso/
|
||||
EOF
|
||||
|
||||
## Minimal Autorun SD card image
|
||||
COPY sdcard sdcard
|
||||
RUN <<-EOF
|
||||
set -eux
|
||||
dd if=/dev/zero of=sdcard.img bs=1M count=32
|
||||
mformat -v external -i sdcard.img ::
|
||||
mcopy -i sdcard.img -s sdcard/* ::
|
||||
EOF
|
||||
|
||||
FROM scratch AS package
|
||||
COPY --from=install /sdcard.img /
|
||||
COPY --from=install /airgap.iso /
|
167
Makefile
167
Makefile
|
@ -1,86 +1,21 @@
|
|||
VERSION := development
|
||||
GIT_REF := $(shell git log -1 --format=%H)
|
||||
GIT_AUTHOR := $(shell git log -1 --format=%an)
|
||||
GIT_PUBKEY := $(shell git log -1 --format=%GP)
|
||||
GIT_TIMESTAMP := $(shell git log -1 --format=%cd --date=iso)
|
||||
export
|
||||
|
||||
## Use env vars from latest release when reproducing
|
||||
ifdef REPRODUCE
|
||||
include dist/release.env
|
||||
export
|
||||
endif
|
||||
ifdef NOCACHE
|
||||
NO_CACHE := --no-cache
|
||||
endif
|
||||
include $(PWD)/src/toolchain/Makefile
|
||||
|
||||
.DEFAULT_GOAL :=
|
||||
.PHONY: default
|
||||
default: \
|
||||
out/release.env \
|
||||
out/manifest.txt \
|
||||
out/airgap.iso
|
||||
|
||||
## Primary targets
|
||||
|
||||
out/airgap.iso: Containerfile $(shell git ls-files rootfs)
|
||||
SOURCE_DATE_EPOCH=1 \
|
||||
docker build \
|
||||
--progress=plain \
|
||||
--output type=local,rewrite-timestamp=true,dest=out \
|
||||
--build-arg SOURCE_DATE_EPOCH=1 \
|
||||
--build-arg VERSION="$(VERSION)" \
|
||||
--build-arg GIT_REF="$(GIT_REF)" \
|
||||
--build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \
|
||||
--build-arg GIT_PUBKEY="$(GIT_PUBKEY)" \
|
||||
--build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \
|
||||
$(NO_CACHE) \
|
||||
-f Containerfile \
|
||||
.
|
||||
|
||||
## Development Targets
|
||||
|
||||
out/dev-shell.digest: Containerfile | out
|
||||
docker build --target dev -f Containerfile -q . > $@
|
||||
|
||||
.PHONY: shell
|
||||
shell: out/dev-shell.digest
|
||||
docker run -it $(shell cat $<) /bin/sh
|
||||
|
||||
.PHONY: vm
|
||||
vm: out/dev-shell.digest out/airgap.iso out/sdcard.img
|
||||
docker run -it -v ./out:/out $(shell cat $<) sh -c "\
|
||||
swtpm socket \
|
||||
--tpmstate dir=. \
|
||||
--ctrl type=unixio,path=vtpm-sock \
|
||||
--tpm2 & \
|
||||
qemu-system-x86_64 \
|
||||
-m 4G \
|
||||
-machine pc \
|
||||
-chardev socket,id=chrtpm,path=vtpm-sock \
|
||||
-tpmdev emulator,id=tpm0,chardev=chrtpm \
|
||||
-device tpm-tis,tpmdev=tpm0 \
|
||||
-usb \
|
||||
-device sdhci-pci \
|
||||
-device sd-card,drive=external \
|
||||
-drive id=external,if=none,format=raw,file=out/sdcard.img \
|
||||
-device usb-storage,drive=usbdrive \
|
||||
-drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \
|
||||
-boot order=c \
|
||||
-nographic; \
|
||||
"
|
||||
|
||||
## Signing, Verification, and Release Targets
|
||||
toolchain \
|
||||
$(OUT_DIR)/airgap.iso \
|
||||
$(OUT_DIR)/release.env \
|
||||
$(OUT_DIR)/manifest.txt
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
rm -rf out
|
||||
|
||||
.PHONY: release
|
||||
release: clean
|
||||
$(MAKE) NOCACHE=1 VERSION=$(VERSION)
|
||||
rm -rf dist/*
|
||||
cp -R out/release.env out/airgap.iso out/manifest.txt dist/
|
||||
clean: toolchain
|
||||
rm -rf $(CACHE_DIR)/buildroot-ccache
|
||||
$(call toolchain,$(USER)," \
|
||||
cd $(FETCH_DIR)/buildroot; \
|
||||
make clean; \
|
||||
")
|
||||
$(MAKE) toolchain-clean
|
||||
|
||||
.PHONY: sign
|
||||
sign:
|
||||
|
@ -95,35 +30,67 @@ sign:
|
|||
); \
|
||||
gpg --armor \
|
||||
--detach-sig \
|
||||
--output dist/manifest.$${fingerprint}.asc \
|
||||
dist/manifest.txt
|
||||
--output $(DIST_DIR)/manifest.$${fingerprint}.asc \
|
||||
$(DIST_DIR)/manifest.txt
|
||||
|
||||
.PHONY: verify
|
||||
verify: | dist/manifest.txt
|
||||
verify: | $(DIST_DIR)/manifest.txt
|
||||
set -e; \
|
||||
for file in dist/manifest.*.asc; do \
|
||||
for file in $(DIST_DIR)/manifest.*.asc; do \
|
||||
echo "\nVerifying: $${file}\n"; \
|
||||
gpg --verify $${file} dist/manifest.txt; \
|
||||
gpg --verify $${file} $(DIST_DIR)/manifest.txt; \
|
||||
done;
|
||||
|
||||
.PHONY: reproduce
|
||||
reproduce: clean | out
|
||||
$(MAKE) REPRODUCE=true NOCACHE=1
|
||||
diff -q out/manifest.txt dist/manifest.txt;
|
||||
.PHONY: mrproper
|
||||
mrproper:
|
||||
docker image rm -f $(IMAGE)
|
||||
rm -rf $(CACHE_DIR) $(OUT_DIR)
|
||||
|
||||
out:
|
||||
mkdir -p $@
|
||||
.PHONY: menuconfig
|
||||
menuconfig: toolchain
|
||||
$(call toolchain,$(USER)," \
|
||||
cd $(FETCH_DIR)/buildroot; \
|
||||
make "airgap_$(TARGET)_defconfig"; \
|
||||
make menuconfig; \
|
||||
")
|
||||
cp $(FETCH_DIR)/buildroot/.config \
|
||||
"config/buildroot/configs/airgap_$(TARGET)_defconfig"
|
||||
|
||||
out/release.env: $(shell git ls-files) | out
|
||||
echo 'VERSION=$(VERSION)' > out/release.env
|
||||
echo 'GIT_REF=$(GIT_REF)' >> out/release.env
|
||||
echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> out/release.env
|
||||
echo 'GIT_PUBKEY=$(GIT_PUBKEY)' >> out/release.env
|
||||
echo 'GIT_TIMESTAMP=$(GIT_TIMESTAMP)' >> out/release.env
|
||||
.PHONY: linux-menuconfig
|
||||
linux-menuconfig: toolchain
|
||||
$(call toolchain,$(USER),"\
|
||||
cd $(FETCH_DIR)/buildroot; \
|
||||
make linux-menuconfig; \
|
||||
make linux-update-defconfig; \
|
||||
")
|
||||
|
||||
out/manifest.txt: out/airgap.iso out/release.env | out
|
||||
openssl sha256 -r \
|
||||
out/airgap.iso \
|
||||
out/release.env \
|
||||
| sed -e 's/ \*out\// /g' -e 's/ \.\// /g' \
|
||||
> $@
|
||||
.PHONY: vm
|
||||
vm: toolchain
|
||||
$(call toolchain,$(USER)," \
|
||||
qemu-system-i386 \
|
||||
-M pc \
|
||||
-nographic \
|
||||
-cdrom "$(OUT_DIR)/airgap.iso"; \
|
||||
")
|
||||
|
||||
.PHONY: release
|
||||
release: default
|
||||
rm -rf $(DIST_DIR)/*
|
||||
cp -R $(OUT_DIR)/* $(DIST_DIR)/
|
||||
|
||||
$(FETCH_DIR)/buildroot: toolchain
|
||||
$(call git_clone,$(FETCH_DIR)/buildroot,$(BUILDROOT_REPO),$(BUILDROOT_REF))
|
||||
|
||||
$(OUT_DIR)/airgap.iso: \
|
||||
$(FETCH_DIR)/buildroot \
|
||||
$(OUT_DIR)/release.env
|
||||
$(call apply_patches,$(FETCH_DIR)/buildroot,$(CONFIG_DIR)/buildroot/patches)
|
||||
$(call toolchain,$(USER)," \
|
||||
cd $(FETCH_DIR)/buildroot; \
|
||||
make "airgap_$(TARGET)_defconfig"; \
|
||||
unset FAKETIME; \
|
||||
make source; \
|
||||
make; \
|
||||
")
|
||||
cp $(FETCH_DIR)/buildroot/output/images/rootfs.iso9660 \
|
||||
$(OUT_DIR)/airgap.iso
|
||||
|
|
57
README.md
57
README.md
|
@ -1,26 +1,24 @@
|
|||
# AirgapOS #
|
||||
|
||||
<https://git.distrust.co/public/airgap>
|
||||
<https://github.com/distrust-foundation/airgap>
|
||||
|
||||
## About ##
|
||||
|
||||
A full-source-bootstrapped, deterministic, minimal, immutable, and offline,
|
||||
workstation linux distribution designed for creating and managing secrets
|
||||
offline.
|
||||
A live buildroot based Liux distribution designed for managing secrets offline.
|
||||
|
||||
Built for those of us that want to be -really- sure our most important secrets
|
||||
are managed in a clean environment with an "air gap" between us and the
|
||||
internet with high integrity on the supply chain of the firmware and OS used.
|
||||
|
||||
## Uses ##
|
||||
* Generate PGP keychain
|
||||
* Generate GPG keychain
|
||||
* Store/Restore gpg keychain to security token such as a Yubikey or Nitrokey
|
||||
* Signing cryptocurrency transactions
|
||||
* Generate/backup BIP39 universal cryptocurrency wallet seed
|
||||
* Store/Restore BIP39 seed to a hardware wallet such as a Trezor or Ledger
|
||||
|
||||
## Features ##
|
||||
* Deterministic iso generation for multi-party code->binary verification
|
||||
* Determinsitic iso generation for multi-party code->binary verification
|
||||
* Small footprint (< 100MB)
|
||||
* Immutable and Diskless: runs from initramfs
|
||||
* Network support and most drivers removed to minimize exfiltration vectors
|
||||
|
@ -29,54 +27,37 @@ internet with high integrity on the supply chain of the firmware and OS used.
|
|||
|
||||
### Software ###
|
||||
|
||||
* docker 26+
|
||||
* docker 18+
|
||||
|
||||
### Hardware ###
|
||||
|
||||
* x86_64 PC or laptop
|
||||
* linuxboot/heads firmware supported and recommended for multi-use machine
|
||||
* Allows for signed builds, and verification of signed sd card payloads
|
||||
* Ensure any Wifi/Disk/Bluetooth/Audio devices are disabled/removed
|
||||
* Recommended: PC running coreboot-heads
|
||||
* Allows for signed builds, and verification of signed sd card payloads
|
||||
* Ensure any Wifi/Disk/Bluetooth/Audio devices are disabled/removed
|
||||
* Supported remote attestation key (Librem Key, Nitrokey, etc)
|
||||
* Supported GPG smartcard device (Yubikey, Ledger, Trezor, Librem Key, etc)
|
||||
* Blank flash drive
|
||||
* Blank SD card
|
||||
|
||||
## Build ##
|
||||
|
||||
### Update git submodules
|
||||
|
||||
```
|
||||
git submodule update --init --recursive
|
||||
```
|
||||
|
||||
### Build a new release
|
||||
|
||||
```
|
||||
make release
|
||||
```
|
||||
```
|
||||
make release
|
||||
```
|
||||
|
||||
### Reproduce an existing release
|
||||
|
||||
```
|
||||
make attest
|
||||
```
|
||||
```
|
||||
make attest
|
||||
```
|
||||
|
||||
### Sign an existing release
|
||||
|
||||
```
|
||||
make sign
|
||||
```
|
||||
|
||||
## Provisioning ##
|
||||
|
||||
1. Write airgap.iso to CD-ROM or SD Card
|
||||
a. `dd if=out/airgap.iso of=/dev/sda bs=1M conv=sync status=progress`
|
||||
b. `cdrecord out/airgap.iso`
|
||||
|
||||
2. Verify media still produces expected hash
|
||||
```
|
||||
sha256sum out/airgap.iso
|
||||
head -c $(stat -c '%s' airgap.iso) /dev/sda | sha256sum
|
||||
```
|
||||
```
|
||||
make sign
|
||||
```
|
||||
|
||||
## Setup ##
|
||||
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
source "$BR2_EXTERNAL_Airgap_PATH/package/flashtools/Config.in"
|
|
@ -0,0 +1,27 @@
|
|||
set default="0"
|
||||
set timeout="10"
|
||||
|
||||
menuentry "AirgapOS (qwerty)" {
|
||||
linux /boot/bzImage root=/dev/sr0 keymap=qwerty/us
|
||||
initrd /boot/initrd
|
||||
}
|
||||
|
||||
menuentry "AirgapOS (dvorak)" {
|
||||
linux /boot/bzImage root=/dev/sr0 keymap=dvorak
|
||||
initrd /boot/initrd
|
||||
}
|
||||
|
||||
menuentry "AirgapOS (colemak)" {
|
||||
linux /boot/bzImage root=/dev/sr0 keymap=colemak/en-latin9
|
||||
initrd /boot/initrd
|
||||
}
|
||||
|
||||
menuentry "AirgapOS (qwertz)" {
|
||||
linux /boot/bzImage root=/dev/sr0 keymap=qwertz/de
|
||||
initrd /boot/initrd
|
||||
}
|
||||
|
||||
menuentry "AirgapOS (azerty)" {
|
||||
linux /boot/bzImage root=/dev/sr0 keymap=azerty/fr
|
||||
initrd /boot/initrd
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,17 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -u
|
||||
set -e
|
||||
set -x
|
||||
|
||||
BOARD_DIR="$(dirname $0)"
|
||||
|
||||
cp -f ${BOARD_DIR}/grub.cfg ${TARGET_DIR}/boot/grub/grub.cfg
|
||||
|
||||
echo "export VERSION=\"${VERSION}\"" > ${TARGET_DIR}/etc/environment
|
||||
echo "export GIT_REF=\"${GIT_REF}\"" >> ${TARGET_DIR}/etc/environment
|
||||
echo "export GIT_AUTHOR=\"${GIT_AUTHOR}\"" >> ${TARGET_DIR}/etc/environment
|
||||
echo "export GIT_KEY=\"${GIT_KEY}\"" >> ${TARGET_DIR}/etc/environment
|
||||
echo "export GIT_TIMESTAMP=\"${GIT_TIMESTAMP}\"" >> ${TARGET_DIR}/etc/environment
|
||||
|
||||
exit $?
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -u
|
||||
set -e
|
||||
|
||||
echo "post-image.sh was run"
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,2 @@
|
|||
name: Airgap
|
||||
desc: Linux distribution for offline cryptography use cases
|
|
@ -0,0 +1 @@
|
|||
include $(sort $(wildcard $(BR2_EXTERNAL_Airgap_PATH)/package/*/*.mk))
|
|
@ -0,0 +1,36 @@
|
|||
menu "Flashtools"
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS
|
||||
bool "flashtools"
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_FLASHTOOL
|
||||
bool "flashtool"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_PEEK
|
||||
bool "peek"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_POKE
|
||||
bool "poke"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_CBFS
|
||||
bool "cbfs"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
config BR2_PACKAGE_FLASHTOOLS_UEFI
|
||||
bool "uefi"
|
||||
select BR2_PACKAGE_FLASHTOOLS
|
||||
help
|
||||
Todo
|
||||
|
||||
endmenu
|
|
@ -0,0 +1,47 @@
|
|||
################################################################################
|
||||
#
|
||||
# flashtools
|
||||
#
|
||||
################################################################################
|
||||
|
||||
FLASHTOOLS_VERSION = 9acce09aeb635c5bef01843e495b95e75e8da135
|
||||
FLASHTOOLS_SITE = https://github.com/osresearch/flashtools.git
|
||||
FLASHTOOLS_SITE_METHOD = git
|
||||
FLASHTOOLS_LICENSE = GPL-2.0
|
||||
FLASHTOOLS_LICENSE_FILES = LICENSE
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_FLASHTOOL),y)
|
||||
FLASHTOOLS_TARGETS += flashtool
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_PEEK),y)
|
||||
FLASHTOOLS_TARGETS += peek
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_POKE),y)
|
||||
FLASHTOOLS_TARGETS += poke
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_CBFS),y)
|
||||
FLASHTOOLS_TARGETS += cbfs
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FLASHTOOLS_UEFI),y)
|
||||
FLASHTOOLS_TARGETS += uefi
|
||||
endif
|
||||
|
||||
define FLASHTOOLS_BUILD_CMDS
|
||||
$(foreach t,$(FLASHTOOLS_TARGETS),\
|
||||
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \
|
||||
CFLAGS="$(TARGET_CFLAGS)" -C $(@D) $(t) \
|
||||
)
|
||||
endef
|
||||
|
||||
define FLASHTOOLS_INSTALL_TARGET_CMDS
|
||||
$(foreach t,$(FLASHTOOLS_TARGETS),\
|
||||
$(INSTALL) -D -m 0755 $(@D)/$(t) $(TARGET_DIR)/usr/bin/$(t)$(sep) \
|
||||
)
|
||||
endef
|
||||
|
||||
|
||||
$(eval $(generic-package))
|
|
@ -0,0 +1,39 @@
|
|||
diff --git a/fs/cpio/cpio.mk b/fs/cpio/cpio.mk
|
||||
index 81f8c393d1..72923ded47 100644
|
||||
--- a/fs/cpio/cpio.mk
|
||||
+++ b/fs/cpio/cpio.mk
|
||||
@@ -32,15 +32,16 @@ ROOTFS_CPIO_PRE_GEN_HOOKS += ROOTFS_CPIO_ADD_INIT
|
||||
# --reproducible option was introduced in cpio v2.12, which may not be
|
||||
# available in some old distributions, so we build host-cpio
|
||||
ifeq ($(BR2_REPRODUCIBLE),y)
|
||||
-ROOTFS_CPIO_DEPENDENCIES += host-cpio
|
||||
-ROOTFS_CPIO_OPTS += --reproducible
|
||||
+ROOTFS_CPIO_DEPENDENCIES += host-cpio host-libarchive
|
||||
endif
|
||||
|
||||
define ROOTFS_CPIO_CMD
|
||||
- cd $(TARGET_DIR) && \
|
||||
- find . \
|
||||
- | LC_ALL=C sort \
|
||||
- | cpio $(ROOTFS_CPIO_OPTS) --quiet -o -H newc \
|
||||
+ cd $(TARGET_DIR) \
|
||||
+ && find . -mindepth 1 -execdir touch -hcd "@0" "{}" + \
|
||||
+ && find . -mindepth 1 -printf '%P\0' \
|
||||
+ | sort -z \
|
||||
+ | LANG=C bsdtar --null -cnf - -T - \
|
||||
+ | LANG=C bsdtar --uid 0 --gid 0 --null -cf - --format=newc @- \
|
||||
> $@
|
||||
endef
|
||||
|
||||
diff --git a/package/libarchive/libarchive.mk b/package/libarchive/libarchive.mk
|
||||
index 708ce637c2..2ba8dcab2a 100644
|
||||
--- a/package/libarchive/libarchive.mk
|
||||
+++ b/package/libarchive/libarchive.mk
|
||||
@@ -135,7 +135,6 @@ endif
|
||||
# The only user of host-libarchive needs zlib support
|
||||
HOST_LIBARCHIVE_DEPENDENCIES = host-zlib
|
||||
HOST_LIBARCHIVE_CONF_OPTS = \
|
||||
- --disable-bsdtar \
|
||||
--disable-bsdcpio \
|
||||
--disable-bsdcat \
|
||||
--disable-acl \
|
|
@ -0,0 +1,28 @@
|
|||
diff --git a/fs/iso9660/iso9660.mk b/fs/iso9660/iso9660.mk
|
||||
index 0524f94c35..284c21f566 100644
|
||||
--- a/fs/iso9660/iso9660.mk
|
||||
+++ b/fs/iso9660/iso9660.mk
|
||||
@@ -157,7 +157,13 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD
|
||||
|
||||
endif # ROOTFS_ISO9660_USE_INITRD
|
||||
|
||||
-ROOTFS_ISO9660_OPTS += -J -R
|
||||
+ROOTFS_ISO9660_OPTS += \
|
||||
+ -volume_date all_file_dates "=$(SOURCE_DATE_EPOCH)" \
|
||||
+ -as mkisofs \
|
||||
+ -J \
|
||||
+ -R \
|
||||
+ -gid 0 \
|
||||
+ -uid 0
|
||||
|
||||
ROOTFS_ISO9660_OPTS_BIOS = \
|
||||
-b $(ROOTFS_ISO9660_BOOT_IMAGE) \
|
||||
@@ -181,7 +187,7 @@ ROOTFS_ISO9660_OPTS += $(ROOTFS_ISO9660_OPTS_EFI)
|
||||
endif
|
||||
|
||||
define ROOTFS_ISO9660_CMD
|
||||
- $(HOST_DIR)/bin/xorriso -as mkisofs \
|
||||
+ $(HOST_DIR)/bin/xorriso \
|
||||
$(ROOTFS_ISO9660_OPTS) \
|
||||
-o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR)
|
||||
endef
|
|
@ -1,5 +1,11 @@
|
|||
# /etc/inittab
|
||||
|
||||
#
|
||||
# Copyright (C) 2001 Erik Andersen <andersen@codepoet.org>
|
||||
#
|
||||
# Note: BusyBox init doesn't support runlevels. The runlevels field is
|
||||
# completely ignored by BusyBox init. If you want runlevels, use
|
||||
# sysvinit.
|
||||
#
|
||||
# Format for each entry: <id>:<runlevels>:<action>:<process>
|
||||
#
|
||||
# id == tty to run on, or empty for /dev/console
|
||||
|
@ -8,26 +14,27 @@
|
|||
# process == program to run
|
||||
|
||||
# Startup the system
|
||||
::sysinit:/bin/mount -t devtmpfs devtmpfs /dev
|
||||
::sysinit:/bin/mkdir -p /proc /run /dev/pts /dev/shm /sys
|
||||
::sysinit:/bin/mount -t sysfs sysfs /sys
|
||||
::sysinit:/bin/mount -t proc proc /proc
|
||||
::sysinit:/bin/mount -o remount,rw /
|
||||
::sysinit:/bin/mkdir -p /dev/pts /dev/shm
|
||||
::sysinit:/bin/mount -a
|
||||
::sysinit:/sbin/swapon -a
|
||||
null::sysinit:/bin/ln -sf /proc/self/fd /dev/fd
|
||||
null::sysinit:/bin/ln -sf /proc/self/fd/0 /dev/stdin
|
||||
null::sysinit:/bin/ln -sf /proc/self/fd/1 /dev/stdout
|
||||
null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr
|
||||
::sysinit:/bin/hostname -F /etc/hostname
|
||||
# now run any rc scripts
|
||||
::sysinit:/etc/init.d/rcS
|
||||
|
||||
# Put shells on the serial terminal and console
|
||||
console::respawn:-/bin/bash
|
||||
ttyS0::respawn:-/bin/bash
|
||||
# Put a getty on the serial port
|
||||
#console::respawn:/sbin/getty -L console 0 vt100 # GENERIC_SERIAL
|
||||
::respawn:-/bin/bash
|
||||
|
||||
# Stuff to do for the 3-finger salute
|
||||
::ctrlaltdel:/sbin/reboot
|
||||
#::ctrlaltdel:/sbin/reboot
|
||||
|
||||
# Stuff to do before rebooting
|
||||
::shutdown:/etc/init.d/rcK
|
||||
::shutdown:/sbin/swapoff -a
|
||||
::shutdown:/bin/umount -a -r
|
|
@ -3,7 +3,8 @@ export PATH="/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin"
|
|||
export PS1="[\h \t] \\$ "
|
||||
export GNUPGHOME=/.gnupg
|
||||
source /etc/environment
|
||||
cd /root
|
||||
|
||||
dmesg -n1
|
||||
clear
|
||||
cat << "EOF"
|
||||
_ _ ___ ____
|
||||
|
@ -18,5 +19,5 @@ echo " - Version: $VERSION"
|
|||
echo " - Date: $GIT_TIMESTAMP"
|
||||
echo " - Committer: $GIT_AUTHOR"
|
||||
echo " - Commit: $GIT_REF"
|
||||
echo " - Key: $GIT_PUBKEY"
|
||||
echo " - Key: $GIT_KEY"
|
||||
echo ""
|
|
@ -0,0 +1,12 @@
|
|||
KERNEL!="sd[a-z][0-9]", GOTO="sd_cards_auto_mount_end"
|
||||
|
||||
# Global mount options
|
||||
ACTION=="add", ENV{mount_options}="relatime"
|
||||
|
||||
# Filesystem specific options
|
||||
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
|
||||
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,flush,user,umask=0000"
|
||||
ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k"
|
||||
ACTION=="add", RUN+="/usr/local/bin/autorun /media/sd-%k"
|
||||
ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k"
|
||||
LABEL="sd_cards_auto_mount_end"
|
|
@ -0,0 +1,18 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
source /etc/profile
|
||||
|
||||
folder=${1?}
|
||||
|
||||
if [ -f "${folder}/autorun.sh.asc" ]; then
|
||||
echo "" >/dev/console
|
||||
echo "++ Autorun: Found ${folder}/autorun.sh" >/dev/console;
|
||||
gpg --verify "${folder}/autorun.sh.asc" >/dev/null 2>&1 || {
|
||||
echo "!! Autorun: Verification Failed for ${folder}/autorun.sh" \
|
||||
>/dev/console;
|
||||
exit 1;
|
||||
}
|
||||
echo "++ Autorun: Verified ${folder}/autorun.sh" >/dev/console
|
||||
echo "** Autorun: Executing ${folder}/autorun.sh" >/dev/console
|
||||
/bin/bash "${folder}/autorun.sh" >/dev/console
|
||||
fi
|
|
@ -0,0 +1,7 @@
|
|||
DEBIAN_HASH=48b28b354484a7f0e683e340fa0e6e4c4bce3dc3aa0146fc2f78f443fde2c55d
|
||||
BUILDROOT_REF=ea51485ee9ab44f72f8b1cc019dcb17f276d1def
|
||||
HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f
|
||||
BUILDROOT_REPO=git://git.busybox.net/buildroot
|
||||
HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git
|
||||
BR2_EXTERNAL=/home/build/config/buildroot
|
||||
HEADS_EXTERNAL=/home/build/config/heads
|
|
@ -1,5 +0,0 @@
|
|||
set timeout=1
|
||||
menuentry "Linux Airgap" {
|
||||
linux /boot/vmlinuz init=/init console=ttyS0 console=tty0 ro
|
||||
initrd /boot/initramfs
|
||||
}
|
|
@ -1,2 +0,0 @@
|
|||
search --no-floppy --set=root --label "airgap"
|
||||
set prefix=($root)/boot/grub
|
|
@ -0,0 +1,160 @@
|
|||
diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
|
||||
index 1369ed1..f576a8e 100755
|
||||
--- a/initrd/bin/gui-init
|
||||
+++ b/initrd/bin/gui-init
|
||||
@@ -13,21 +13,26 @@ first_pass=true
|
||||
|
||||
mount_boot()
|
||||
{
|
||||
-
|
||||
+
|
||||
# Mount local disk if it is not already mounted
|
||||
while ! grep -q /boot /proc/mounts ; do
|
||||
+
|
||||
# try to mount if CONFIG_BOOT_DEV exists
|
||||
if [ -e "$CONFIG_BOOT_DEV" ]; then
|
||||
- mount -o ro $CONFIG_BOOT_DEV /boot
|
||||
+ mount -o ro $CONFIG_BOOT_DEV /boot
|
||||
[[ $? -eq 0 ]] && continue
|
||||
fi
|
||||
|
||||
- # CONFIG_BOOT_DEV doesn't exist or couldn't be mounted, so give user options
|
||||
+ # try to mount usb to /media and /boot if it exists
|
||||
+ mount-usb \
|
||||
+ && mount -o bind,ro /media /boot \
|
||||
+ && continue
|
||||
+
|
||||
+ # no boot device available, so give user options
|
||||
whiptail $BG_COLOR_ERROR --clear --title "ERROR: No Bootable OS Found!" \
|
||||
- --menu " No bootable OS was found on the default boot device $CONFIG_BOOT_DEV.
|
||||
+ --menu " No bootable OS was found at $CONFIG_BOOT_DEV or on USB.
|
||||
How would you like to proceed?" 30 90 4 \
|
||||
'b' ' Select a new boot device' \
|
||||
- 'u' ' Boot from USB' \
|
||||
'm' ' Continue to the main menu' \
|
||||
'x' ' Exit to recovery shell' \
|
||||
2>/tmp/whiptail || recovery "GUI menu failed"
|
||||
@@ -41,9 +46,6 @@ mount_boot()
|
||||
. /tmp/config
|
||||
fi
|
||||
;;
|
||||
- u )
|
||||
- exec /bin/usb-init
|
||||
- ;;
|
||||
m )
|
||||
break
|
||||
;;
|
||||
@@ -55,6 +57,11 @@ mount_boot()
|
||||
}
|
||||
verify_global_hashes()
|
||||
{
|
||||
+
|
||||
+ # If default boot device is not mounted, then there are no hashes to verify
|
||||
+ # User is likely usb booting.
|
||||
+ df $CONFIG_BOOT_DEV >/dev/null 2>&1 || return 0
|
||||
+
|
||||
# Check the hashes of all the files, ignoring signatures for now
|
||||
check_config /boot force
|
||||
TMP_HASH_FILE="/tmp/kexec/kexec_hashes.txt"
|
||||
@@ -458,6 +465,7 @@ while true; do
|
||||
if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
|
||||
# Try to boot the default
|
||||
mount_boot
|
||||
+
|
||||
verify_global_hashes
|
||||
if [ $? -ne 0 ]; then
|
||||
continue
|
||||
@@ -467,6 +475,7 @@ while true; do
|
||||
kexec-select-boot -b /boot -c "grub.cfg" -g \
|
||||
|| recovery "Failed default boot"
|
||||
else
|
||||
+ usb-init
|
||||
if (whiptail --title 'No Default Boot Option Configured' \
|
||||
--yesno "There is no default boot option configured yet.\nWould you like to load a menu of boot options?\nOtherwise you will return to the main menu." 16 90) then
|
||||
kexec-select-boot -m -b /boot -c "grub.cfg" -g
|
||||
diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb
|
||||
index a79dd66..8a8734c 100755
|
||||
--- a/initrd/bin/mount-usb
|
||||
+++ b/initrd/bin/mount-usb
|
||||
@@ -4,19 +4,6 @@
|
||||
|
||||
enable_usb
|
||||
|
||||
-if ! lsmod | grep -q usb_storage; then
|
||||
- count=$(ls /dev/sd* 2>/dev/null | wc -l)
|
||||
- timeout=0
|
||||
- echo "Scanning for USB storage devices..."
|
||||
- insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \
|
||||
- || die "usb_storage: module load failed"
|
||||
- while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do
|
||||
- [[ $timeout -ge 4 ]] && break
|
||||
- sleep 1
|
||||
- timeout=$(($timeout+1))
|
||||
- done
|
||||
-fi
|
||||
-
|
||||
if [ ! -d /media ]; then
|
||||
mkdir /media
|
||||
fi
|
||||
diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan
|
||||
index d9f26b0..b64f150 100755
|
||||
--- a/initrd/bin/usb-scan
|
||||
+++ b/initrd/bin/usb-scan
|
||||
@@ -5,12 +5,6 @@ set -e -o pipefail
|
||||
. /etc/gui_functions
|
||||
. /tmp/config
|
||||
|
||||
-# Unmount any previous boot device
|
||||
-if grep -q /boot /proc/mounts ; then
|
||||
- umount /boot \
|
||||
- || die "Unable to unmount /boot"
|
||||
-fi
|
||||
-
|
||||
# Mount the USB boot device
|
||||
mount_usb || die "Unable to mount /media"
|
||||
|
||||
@@ -29,12 +23,16 @@ get_menu_option() {
|
||||
MENU_OPTIONS="$MENU_OPTIONS $n ${option}"
|
||||
done < /tmp/iso_menu.txt
|
||||
|
||||
- whiptail --clear --title "Select your ISO boot option" \
|
||||
- --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
|
||||
- -- $MENU_OPTIONS \
|
||||
- 2>/tmp/whiptail || die "Aborting boot attempt"
|
||||
+ if [ "$n" -eq "1" ]; then
|
||||
+ option_index=1
|
||||
+ else
|
||||
+ whiptail --clear --title "Select your ISO boot option" \
|
||||
+ --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
|
||||
+ -- $MENU_OPTIONS \
|
||||
+ 2>/tmp/whiptail || die "Aborting boot attempt"
|
||||
|
||||
- option_index=$(cat /tmp/whiptail)
|
||||
+ option_index=$(cat /tmp/whiptail)
|
||||
+ fi
|
||||
else
|
||||
echo "+++ Select your ISO boot option:"
|
||||
n=0
|
||||
diff --git a/initrd/etc/functions b/initrd/etc/functions
|
||||
index dc0fbed..a083e17 100755
|
||||
--- a/initrd/etc/functions
|
||||
+++ b/initrd/etc/functions
|
||||
@@ -122,6 +122,18 @@ enable_usb()
|
||||
|| die "xhci_pci: module load failed"
|
||||
sleep 2
|
||||
fi
|
||||
+ if ! lsmod | grep -q usb_storage; then
|
||||
+ count=$(ls /dev/sd* 2>/dev/null | wc -l)
|
||||
+ timeout=0
|
||||
+ echo "Scanning for USB storage devices..."
|
||||
+ insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \
|
||||
+ || die "usb_storage: module load failed"
|
||||
+ while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do
|
||||
+ [[ $timeout -ge 4 ]] && break
|
||||
+ sleep 1
|
||||
+ timeout=$(($timeout+1))
|
||||
+ done
|
||||
+ fi
|
||||
}
|
||||
|
||||
confirm_gpg_card()
|
|
@ -1,8 +0,0 @@
|
|||
TIMEOUT 2
|
||||
PROMPT -1
|
||||
DEFAULT Airgap
|
||||
LABEL Airgap
|
||||
MENU LABEL Linux Airgap
|
||||
KERNEL /boot/vmlinuz
|
||||
INITRD /boot/initramfs
|
||||
APPEND init=/init console=ttyS0 console=tty0 ro
|
|
@ -0,0 +1,259 @@
|
|||
020fde90e2dfa260fdf2b47817d8b8fe0a60325d8bdb532aaaf625fa5bfd68be libdpkg-perl_1.21.12_all.deb
|
||||
03326473eed54ffa27efae19aa5d6aeb402930968f869f318445513093691d55 libtirpc-dev_1.3.3+ds-1_amd64.deb
|
||||
03539fd30c509e27101d13a56e52eda9062bdf1aefe337c07ab56def25a13eab libmd0_1.0.4-2_amd64.deb
|
||||
097ce9220edee0de67c2d3304d075f2bf9e864e86801165b0e9d2d46991ee1ad libbrotli1_1.0.9-2+b5_amd64.deb
|
||||
099a374ff3c84eaef4e75ff168d49155d83d22551b289ce1352c275fc5da78aa openssh-client_1%3a9.1p1-1_amd64.deb
|
||||
0ba635faea2a9ce3947d3c7cdaef9f2c1691d4e4a18cf594f2d3d3cf5a100a27 python3.10_3.10.9-1_amd64.deb
|
||||
0c827432e42c0601d8c109bc1b8799f82995e57bb15bed706e06862c25490885 gnupg-utils_2.2.40-1_amd64.deb
|
||||
0c9bfb0b18ca015c81e7194f42c66b72ff099bbd55b9bbafe7cc924a0bd42379 gcc-12-base_12.2.0-10_amd64.deb
|
||||
0ca5213c1ab67278cbfcec4cafccdb538c2e089718f4bddabe5a00145e5a21fb libdav1d6_1.0.0-2_amd64.deb
|
||||
0e70491e7854c84a7450f7a536a00b336aa9d91380014861836346e31e7b9b20 libelf-dev_0.188-1_amd64.deb
|
||||
0f95bc7c54810f358097f88a1e5d7d5718d72f3656c25489b8b6b281d9980b4c apt_2.5.4_amd64.deb
|
||||
0fd9d625bff6044e2a8b96c18f1dc4b30a4fd54e2d543aa60e634e8d7df81739 findutils_4.9.0-3_amd64.deb
|
||||
10fc29d791ec67a5ab46bccf648866d25ef5ca78c66adb85325e474c99772491 libaudit1_1%3a3.0.7-1.1+b2_amd64.deb
|
||||
11ee190ad39f8d7af441d2c8347388b9449434c73acc67b4b372445ac4152efa libsasl2-2_2.1.28+dfsg-10_amd64.deb
|
||||
129f34ac136fcf3ca7483398a54e3286bb9e195b82795d34e0f95f8788bd2976 libwebp7_1.2.2-2+b2_amd64.deb
|
||||
158a0ccabb4706afe064af0ed627396267da8cdbdfe5808b6b892492051f458a libquadmath0_12.2.0-10_amd64.deb
|
||||
16081fc71a3507102ad2f04535fb64883cb3519bf6e24e5e6a6ab2f98ac43044 git-man_1%3a2.35.1-1_all.deb
|
||||
167ce30a04fdb6d87f1ac604644291b47b133e89df35374dd66d11731d6fc150 binutils-common_2.39.50.20221208-5_amd64.deb
|
||||
187aedef2ed763f425c1e523753b9719677633c7eede660401739e9c893482bd libgmp10_2%3a6.2.1+dfsg1-1.1_amd64.deb
|
||||
1bffdc3215c75477f09039e5063cd9f1be15ee917435a45b80aa0e8214b21f96 liblsan0_12.2.0-10_amd64.deb
|
||||
1cf14abf2716d3279db12d0657a5737cf70074a1e71d3bdf73206625e3c89ce6 libedit2_3.1-20221030-2_amd64.deb
|
||||
1d9ff5e334cde8639f3a3ea87c89829d20cc52750aa851d66511d90fc3fbfac2 libattr1_1%3a2.5.1-3_amd64.deb
|
||||
1deb1d27bb088d68878e171585d62c96ad6b405b282271c4b82e04a2e2593318 libde265-0_1.0.9-1_amd64.deb
|
||||
1e298c50f171e50a2dad95c61b044b271a16b6de591a0f9d03b4e67b4fe0874a libtsan2_12.2.0-10_amd64.deb
|
||||
1f67421437b6eb18669d2868e3e02cb88668683d635198142f48aacc5b397118 fonts-dejavu-core_2.37-2_all.deb
|
||||
20d20e2c3a428162aab61898b32af9db9e9bc24f127c724c9d9be18287f4a92c libgd3_2.3.3-7_amd64.deb
|
||||
21078702ba6b34c092f93deff2e2777d22b107de9b2c69542bf5f5d82ab8e6ac libnuma1_2.0.15-1_amd64.deb
|
||||
21eb8b3654dbc251c3f0cc4bd01cae67633443ea5094003379d23f7323eb1ef4 libp11-kit0_0.24.1-1_amd64.deb
|
||||
26350da95f6bd2252c63758d854c90d6f9f241f2e323e8f50a143e9e705fbf4e fakeroot_1.29-1_amd64.deb
|
||||
2697643f58af19d69efd824ec67d8ec78879c5822a5a8ac83dfe4a85a0c69158 libctf-nobfd0_2.39.50.20221208-5_amd64.deb
|
||||
27b3d102545f597df9e6dc5c7f6590a648de09b57debd6b05ad3d1189de428d5 pinentry-curses_1.2.1-1_amd64.deb
|
||||
29b23c48c0fe6f878e56c5ddc9f65d1c05d729360f3690a593a8c795031cd867 netbase_6.4_all.deb
|
||||
2a46d5a5e9486da11ffeff5740931740d6deae4f92cd6098df060dc5dff1e1c7 libtirpc3_1.3.3+ds-1_amd64.deb
|
||||
2ac1236547360284e9e154ad11a14564db65175bd4da393ec652ac1b2dc43571 libgpm2_1.20.7-10+b1_amd64.deb
|
||||
2c17eaa4dfdd0ca5cc05b9ef56f7a3fc30e6af6040a66cefe4bacab275e88c83 libkrb5support0_1.20.1-1_amd64.deb
|
||||
2ebb09e824b6eeb7e3d41cece8b090614d8b35df9296fb638b6ec65e63dddc3e g++-12_12.2.0-10_amd64.deb
|
||||
2f736423dbe557a03e17cf1b122e90a1db4569407085fe215747b002bc36094e file_1%3a5.41-4_amd64.deb
|
||||
30687cd51c3dbd02d51f58807a9b293035ef3e7776178acccda17ed37b510b5c libjpeg62-turbo_1%3a2.1.2-1+b1_amd64.deb
|
||||
3079d34be974c3727757fd3c46ada03428a772c1af1f0f9fd3b2142da245b75f sysvinit-utils_3.05-7_amd64.deb
|
||||
310f213b0e07c582a9e8d14f67856802da196b747cb0ee3ed8f07eb93063e0ee perl-modules-5.36_5.36.0-6_all.deb
|
||||
3288cd76324fee7b1a34b97f6e6bcfc32a889f4f22002d0bd3788d8988eca791 hostname_3.23_amd64.deb
|
||||
32ac0692694f8a34cc90c895f4fc739680fb2ef0e2d4870a68833682bf1c81a3 rpcsvc-proto_1.4.3-1_amd64.deb
|
||||
32cb399d47b2dfcbd14216f1292dc32e00c025258e3512ed9f37b88cb07014c6 libcc1-0_12.2.0-10_amd64.deb
|
||||
33d88e49bf052ed8f0679bdfa386ddf4cca0a58865db113658dc039a46a64353 bsdutils_1%3a2.38.1-4_amd64.deb
|
||||
3530e0ddf6edc444b8d03b5566630d3c46c737f447e17e1cad48860cb160d307 libfido2-1_1.12.0-2_amd64.deb
|
||||
359ed4b1413db4f19899d4e0ee519027fed6b9424b9101a8ab47b615db4aadc6 libubsan1_12.2.0-10_amd64.deb
|
||||
362069a5f90fb6ca62b8d2ed2895bb6cd243c8ab1e1df8c3079b51ed91dd2836 dpkg_1.21.12_amd64.deb
|
||||
362f0ac7d15015b6d4a97e634a39ded525650c9fbccb2f6967da20a54ec6f2a5 cpp-12_12.2.0-10_amd64.deb
|
||||
36830a23700decc5d4b44d1bf95da30fbfd13bfa2a7cc81415fb62bc9ea38ce7 libpython3.10-minimal_3.10.9-1_amd64.deb
|
||||
36b6fc603efaa2bfd22cff3a7773590dd6774a5d0d9b0c23b73306f3f58cbc20 libavif15_0.11.1-1_amd64.deb
|
||||
372e28b68120da79b9eef0340e7d8480fb4503a85333d0afa6f3e27f13a58502 libc6-dev_2.36-6_amd64.deb
|
||||
3771de1b0c70a480f2722de00df19a08557c27dda4fea905ac798050fd7ec702 librav1e0_0.5.1-5_amd64.deb
|
||||
395448f62c350e6bd0a9e1030f6faebd80c02824f669deb62cef707bd8f6a9ce dpkg-dev_1.21.12_all.deb
|
||||
3a8b61891f0ce9bd310088ce2d269d63b5afd88b9196fa4f046fd890faea4a17 libalgorithm-diff-perl_1.201-1_all.deb
|
||||
3ac4fd6cbe3b3b06e68d24b931bf3eb9385b42f15604a37ed25310e948ca0ee6 libsasl2-modules-db_2.1.28+dfsg-10_amd64.deb
|
||||
3b51dd882a3f08839537c5496442eb7e30a440e4be2f7397167502923bce7d43 perl-base_5.36.0-6_amd64.deb
|
||||
3c8a97753835cb27d83efd4fa746d78c1c83a4980dc8cf3cc8b37cd5c28f3241 libdebconfclient0_0.265_amd64.deb
|
||||
3c8b1eeb420337632d64f61495a81c9d975ffebeba8f303b7e71ee12ed85f08c libreadline8_8.2-1.2_amd64.deb
|
||||
3d4b39f94317b64a860db8a7a8b581b555124cd461fe07ec0d347edbdb9f6683 libdeflate0_1.14-1_amd64.deb
|
||||
3e2c8d2c1e0ef19659e447f53b6ef392dbbe24ac706a0f010bb15fa5c20d80f8 libc-dev-bin_2.36-6_amd64.deb
|
||||
3e3ef129b4bf61513144236e15e1b4ec57fa5ae3dc8a72137abdbefb7a63af85 libtirpc-common_1.3.3+ds-1_all.deb
|
||||
3f240b128963b65a5345f10c685407721336dd29e1a21685960d39d7e37a7537 libmpdec3_2.5.1-2_amd64.deb
|
||||
3fc9742f9f1a37bcb9931df6074b4d1483419ef832ad5349f47323e75fc27864 libjansson4_2.14-2_amd64.deb
|
||||
4044ed5b6a4e42bba42c087b35be02a8f0c3d63450977218cd497d552500202f libpam0g_1.5.2-5_amd64.deb
|
||||
40e6d2cdd54c068c98dfd0f75d26a5795c37ee38c73468ca930e512569164ae1 libbsd0_0.11.7-1_amd64.deb
|
||||
414cb803bbcf0850a629a95b69ea75d300c7d7d588a38c21a229f682926018cd sensible-utils_0.0.17_all.deb
|
||||
421a2020132188fb1629716994a41c09153e04e5642850fa44600990b15342a1 libmagic-mgc_1%3a5.41-4_amd64.deb
|
||||
429abbd86fef30596107b7327ff94856acf5b30477275b69a8c556417ebdeccd libblkid1_2.38.1-4_amd64.deb
|
||||
438871b3f5c5c7a357a9840951dab9dab8db7eb1ff760a563226fafa111b99e5 bzip2_1.0.8-5+b1_amd64.deb
|
||||
43c90d45f7cf5584108964b919d6c728680d81af5fa70c8fb367d661cef54e8c libnpth0_1.6-3_amd64.deb
|
||||
4438d0bb9cf4a08bb2ae5a3ec59d23933584e964fc5ed550704d6f73d701636b media-types_8.0.0_all.deb
|
||||
45922e6e289ffd92f0f92d2bb9159e84236ff202d552a461bf10e5335b3f0261 libnettle8_3.8.1-2_amd64.deb
|
||||
4601e045d1f20da0f983b6c706169328e50cf219efd961f54095cf76d343dff8 libcrypt1_1%3a4.4.33-1_amd64.deb
|
||||
4633d58ecf67ae2056530043065dee991492269467905c20884e285548e6277d libgcc-s1_12.2.0-10_amd64.deb
|
||||
46dbe02369411b46f676ddb55fa8ee3a98f7a15607ddab785979c25bacb5d7db libalgorithm-merge-perl_0.08-5_all.deb
|
||||
46dbf6a5097b7330848987636f302f270339e28be0bcc5f2dc39490621f56ee6 libsvtav1enc1_1.4.0+dfsg-1_amd64.deb
|
||||
4914489233dbccf83139ee8bff065915982481aa44f3ffcde07a633db5908935 libzstd1_1.5.2+dfsg-1_amd64.deb
|
||||
4950f88e69d601fcde4e548c7e72359fc992ed6daa5205d61acf4a16ef25fc02 rsync_3.2.6-4+b1_amd64.deb
|
||||
49cfbe095c4bd03b10a242e0c1faa9fcd6b108953c62b28fc2025bfe5a47dccf e2fsprogs_1.46.6~rc1-1+b1_amd64.deb
|
||||
49e64f0923cdecb2aaf6c93f176c25f63b841da2a501651ae23070f998967aa7 libxpm4_1%3a3.5.12-1_amd64.deb
|
||||
4a2a8f92a9cf20acd9bdc7ae808e408d39bebc8c4c7a93419bbb4298288f203b libcrypt-dev_1%3a4.4.33-1_amd64.deb
|
||||
4ac08d251e99812e90aca02d51b93f9dc6453d9403963733ac08c5f873732252 logsave_1.46.6~rc1-1+b1_amd64.deb
|
||||
4af36a590b68d415a78d9238b932b6a4579f515ec8a8016597498acff5b515a4 libgdbm-compat4_1.23-3_amd64.deb
|
||||
4c0af3e903ba0d374024865684d82bb08b2c3c78f49ca6c79c414a53041ef478 libss2_1.46.6~rc1-1+b1_amd64.deb
|
||||
4cf64c4e1168f3c7e858bb4a71f2c5bea9a36dd448cdcc2154a551ac146e293b libgav1-1_0.18.0-1+b1_amd64.deb
|
||||
4eaa56d2d0a0d648f8ecc65acb55a0f8463b695a528562f3608635f8359cd7a2 libkeyutils1_1.6.3-1_amd64.deb
|
||||
504b7be9d7df4f6f4519e8dd4d6f9d03a9fb911a78530fa23a692fba3058cba6 libxext6_2%3a1.3.4-1+b1_amd64.deb
|
||||
509f5260dcf607120694d5e1d9a6ca3ae07107fd1a52b603f6da97291642be90 libsepol2_3.4-2_amd64.deb
|
||||
51c7fc3e9ae7a78fd7fe2994052cdaa62c68bb0a3ca58a74c588c01c4e8ac4bc libgprofng0_2.39.50.20221208-5_amd64.deb
|
||||
5263737254410cbdb16c4c89a9a8027e92e37cc6517d500412bde8cc321733ef libcap-ng0_0.8.3-1+b2_amd64.deb
|
||||
52d7d19964bb5e6aee946e540888890f0e9ae7dc5228e93f2505bdf8bc586396 manpages-dev_6.01-1_all.deb
|
||||
5322e79ccfd14c22b55be391dcb03fbddae6e80b71af2de49afb4132867c32a2 git_1%3a2.35.1-1_amd64.deb
|
||||
54149da3f44b22d523b26b692033b84503d822cc5122fed606ea69cc83ca5aeb libbz2-1.0_1.0.8-5+b1_amd64.deb
|
||||
54e26547fb4f698843a8d504e31a6b9eae7137c5c65b9b0cc3aefcf6be3b7995 libctf0_2.39.50.20221208-5_amd64.deb
|
||||
56beca470dcd9b6d7e6c3c9e9d702101e01e9467e62810a8c357bd7b9c26251d debian-archive-keyring_2021.1.1_all.deb
|
||||
58d176ef84e4a0713f9d972af5aea07b992f2db396ac416012092cee4dafae73 libpam-runtime_1.5.2-5_all.deb
|
||||
5912430927da16ccc831459679207fdbb9dfc5a206f2bab8d6f36d5a1ab53e25 libassuan0_2.5.5-5_amd64.deb
|
||||
59c875947417a73f11e2bc2a7fcf12dac75b028109071365382b914b4effa9e0 readline-common_8.2-1.2_all.deb
|
||||
5a466348531b9c38c8e5ccb18c231f27a98b9fdab61b37ea22592553de5d2ced liberror-perl_0.17029-2_all.deb
|
||||
5b2d6325b76a18d8ed9a5b7e05479dd3f71eac3c0ddedbce60773140f7cfc594 libpython3-stdlib_3.10.6-1_amd64.deb
|
||||
5b9c67e7b5d83584557b5e523149b0ab09a7597fbde97b85d6d4625f11f377dd libbinutils_2.39.50.20221208-5_amd64.deb
|
||||
5ca9e86a3d144037a503d412dc464e6869e410a1c8685548bcd5bab6c01d3904 linux-libc-dev_6.0.12-1_amd64.deb
|
||||
5d26306d12a45a8a03dca473490d56a765b58d61b53146c1c7784903cf59c45d libmpfr6_4.1.0-3_amd64.deb
|
||||
6000ce7748ae79cb237c6c065e33a8f4976e518e95adba4bba0e591dc8698f75 util-linux_2.38.1-4_amd64.deb
|
||||
608a01a26f2edaedc42d705e88fb5ec692462e1800954dea3a5e73900b477ab8 libfontconfig1_2.13.1-4.5_amd64.deb
|
||||
61038f857e346e8500adf53a2a0a20859f4d3a3b51570cc876b153a2d51a3091 coreutils_9.1-1_amd64.deb
|
||||
61a9c2989db7b699dc179bcaa7beadad9cbcff46cf5f43539769dc0c09aa401d sed_4.8-1_amd64.deb
|
||||
62758cd5d9488139571f1b87d138abb8373f702cd528a23297cba27491364a62 dash_0.5.11+git20210903+057cd650a4ed-9_amd64.deb
|
||||
64094f1345d904e3887983c9114c259952b6002e834063d8edad64728ad1fa4d binutils_2.39.50.20221208-5_amd64.deb
|
||||
643df5f50c44e94fefdd157fee2f62e1914c037918674a267ec0571a8b5689e2 libacl1_2.3.1-2_amd64.deb
|
||||
64cde86cef1deaf828bd60297839b59710b5cd8dc50efd4f12643caaee9389d3 liblz4-1_1.9.4-1_amd64.deb
|
||||
6500982180b192f71acf4dfd22705d85c8344512090253b9fef8672db70e7d91 libperl5.36_5.36.0-6_amd64.deb
|
||||
65f2e3ae1b233aa51caea2e9b9b06925311b486f5a1941e72523daa638824ecc libheif1_1.13.0-1_amd64.deb
|
||||
66f8aedfb961b19852a8f0f8c9f5f6484a267ef6cc19552d7481333a1b963701 libuuid1_2.38.1-4_amd64.deb
|
||||
679db1c4579ec7c61079adeaae8528adeb2e4bf5465baa6c56233b995d714750 libxau6_1%3a1.0.9-1_amd64.deb
|
||||
68aa3b3bdac8b34802df7e2e950bae64c40aa6c2b24fed356b832968f8305aa0 libfile-fcntllock-perl_0.22-4+b1_amd64.deb
|
||||
6995822451e1300baa41b953c19f1094640ad4237982612583e980d32e18eee5 wget_1.21.3-1+b2_amd64.deb
|
||||
6b07c77b700a615642888a82ba92a7e7c429d04b9c8669c62b2263f15c4c4059 libjbig0_2.1-6.1_amd64.deb
|
||||
6b149908d8f7c33806274ffed964008f73141ed17971666e9eb983571870c8e4 openssl_3.0.7-1_amd64.deb
|
||||
6b32fa198ef48c19b28146b6f374625ae0a1d79dcc19bd65eb49f6a1594077bd passwd_1%3a4.13+dfsg1-1_amd64.deb
|
||||
6c19a5d18c8350744581fbd25d5d29e2b7101053e25aafa4e1ffcc2b505b2f1c libxxhash0_0.8.1-1_amd64.deb
|
||||
6d9f6c25c30efccce6d4bceaa48ea86c329a3432abb360a141f76ac223a4c34a libffi8_3.4.4-1_amd64.deb
|
||||
6f94b488255acd996254f775c77ff3956557c61f860a3c9caeaf65457554194f libpopt0_1.19+dfsg-1_amd64.deb
|
||||
702ab01235bffacab40eae14e96c66e92aec783ab7b3a418ee49dd6c8e5e1332 grep_3.8-3_amd64.deb
|
||||
7038b4d856aff8b4054f879c488c1298db5a83ecfa6280f85706f20e2e1935f1 libalgorithm-diff-xs-perl_0.04-8+b1_amd64.deb
|
||||
70d356876847a9a540b5bebd02b2141f9de292e7ce17a596cafdecb15c39ba21 libisl23_0.25-1_amd64.deb
|
||||
70f79905c004691a74d2badbe3c69fce9e98833d7cd77bf3cb7f4fab5bd973a1 libkrb5-3_1.20.1-1_amd64.deb
|
||||
737802943ba4ae9d3153b466ee20802f76d8a42492b430dc7bc2300fd0e9c96c libelf1_0.188-1_amd64.deb
|
||||
73d4a22bdd7eb6be1e480d6884b103eb500cfd539cc20ae0f3e44dd8b0614798 cpio_2.13+dfsg-7.1_amd64.deb
|
||||
74fc57a345749cce5ff879f119066eea075cebd98998cecfe70369d092e4912e libstdc++-12-dev_12.2.0-10_amd64.deb
|
||||
770cb7513fc5370e841a10fe0385a52f892bb2f69ae8298f5569b1c2eb1787de libx11-6_2%3a1.8.1-2_amd64.deb
|
||||
771f5c47ca69f24ca61e4be0c98c5912b182ce442f921697d17a472f3ded5c9c liblerc4_4.0.0+ds-2_amd64.deb
|
||||
77bf08617463e8c5f8ecae1cbef1e9d0cee6d4c55662f59c4778d81d538250d7 login_1%3a4.13+dfsg1-1_amd64.deb
|
||||
7a3ae3e97d0d403a4c54663c0bb48e9341d98822420a4ab808c6dc8e8474558f libcap2_1%3a2.44-1_amd64.deb
|
||||
7b00efe3ec732cda15d49d5730a502194c6c6ec2520e47bef6a4bbfd3497aa86 libpcre2-8-0_10.40-3_amd64.deb
|
||||
7b685f8294487d0573370a7040c4a811c67ac4641d50a0d010a2bb0fcb67eed5 libx11-data_2%3a1.8.1-2_all.deb
|
||||
7b77cca4d7990fd4297570715a4138aabce7e4510163968cc83e0ad2726abc57 manpages_6.01-1_all.deb
|
||||
7ca71c3ea78de3435f1e48d346e2502a8711795a23445ab693f134d21c727606 libncurses-dev_6.3+20220423-2_amd64.deb
|
||||
7d7ce91b0397ef9d28525c79103f34d809ec691d56fc3744b44add10c87c9287 perl_5.36.0-6_amd64.deb
|
||||
7d8c5add2cebc79c0bbd9d1380e85a2379409b8106fdd929032e8fe1307b4c5d bash_5.2-2+b1_amd64.deb
|
||||
7e65be476b311eefed916f07576d59996a597359d7a25d7f40de6bd94d9a1277 python3_3.10.6-1_amd64.deb
|
||||
835f806c21ae25e39053bd3057051640341b0cf08e1db9746fd82e370d82fa30 libsemanage-common_3.4-1_all.deb
|
||||
83b44b9624711f954d91a4b0414b2f8d46fbc00a222e4c20614c16337a872762 libssl3_3.0.7-1_amd64.deb
|
||||
8695fcedf470144d64dfc0123dc6821d2e72cb311225cea1e83d8b6e295722d0 libcurl3-gnutls_7.86.0-2_amd64.deb
|
||||
89944ee11d7370ce6ef46fc52f094c4a6512eff8943ec4c6ebefeae6360ceada libgpg-error0_1.46-1_amd64.deb
|
||||
89f79c82e9419dbd20b415e7610109cb4de4fc2cb750f1089209ee919f521be8 libldap-2.5-0_2.5.13+dfsg-2+b1_amd64.deb
|
||||
8a80e834ebbfd1313d45a3d5a7d018680b943287f0fdd750ed2eddc90027fd6d libmpc3_1.2.1-2_amd64.deb
|
||||
8a9d4d0a0459e86cd140c6ce63d71fa3ddb8425d82ab69f2876e3ebda3d88dc8 libasan8_12.2.0-10_amd64.deb
|
||||
8c6d49b771530dbe26d7bd060582dc7d2b4eeb603a20789debc1ef4bbbc4ef67 patch_2.7.6-7_amd64.deb
|
||||
8cbd111e1ad1c1357afb18f916c88c7ebb8cc860b8fac04ccc66a9eefe5a53af libcbor0.8_0.8.0-2+b1_amd64.deb
|
||||
8f9196f7ac4487dd62ba7099e86bdfc6f17bf2d6c23f9f07022efbda502efdc4 libk5crypto3_1.20.1-1_amd64.deb
|
||||
8fe1525f25334c3e9e1237cc6b8ba3b6b3089153d71d9f36b79ea46771939b1d publicsuffix_20220811.1734-1_all.deb
|
||||
908ca1b35125f49125ae56945a72bc11ce0fcec85a8d980d10d83bb3a610f518 base-passwd_3.6.1_amd64.deb
|
||||
90a2f213a2e730ca86a265ed58e99da621aa81f59d30c84fe7cdcfcdd2e95e2a dirmngr_2.2.40-1_amd64.deb
|
||||
91e8961647518c06aed17920fb34ea8f0f92894d28149d94e2c324539853aaf4 libcom-err2_1.46.6~rc1-1+b1_amd64.deb
|
||||
925f944100d399dd765ceb0de772cf747b92a311eae99d0a64008c2c92925cda gnupg_2.2.40-1_all.deb
|
||||
92b94fe8bcf38803f0d953caf4f13bbb2f4f83f3c4b12ea3ae229d07ed248a79 libudev1_252.2-2_amd64.deb
|
||||
941cf15477c0a2660864e1724e3738f869ee307587032a4dcc3f902d72b4ed57 libmagic1_1%3a5.41-4_amd64.deb
|
||||
9559ab9601706910cff06144246471560a0e62cd3111b883fc902573a353feea liblzma5_5.2.9-0.0_amd64.deb
|
||||
95fe4a1336532450e67bd067892f46eaa484139919ea8d067a9ffcbf5a4bf883 libgdbm6_1.23-3_amd64.deb
|
||||
983ca41d506fa159536cd584118855748763f5f5a3b5949206bee4a62ec0cbf9 libxmuu1_2%3a1.1.3-3_amd64.deb
|
||||
9c29e856bf381b25b0e5a429edfb925f89a5f910cb5ada8b01cd9b9ccfb49529 gpg-wks-client_2.2.40-1_amd64.deb
|
||||
9cd87d1b0c56f34f51bcbe8bdb55ebb45dd08ce6c0c6ff2dc77378bac3f64cc0 libx265-199_3.5-2+b1_amd64.deb
|
||||
9e6dfd1773d3486409116ea6571f6eeb1058b89ee33a56db52f584acfbd963db g++_4%3a12.2.0-1_amd64.deb
|
||||
9f8985f120c7a6bd9abed8ac016dc29624f19f91f0699369e4d3940523675695 ncurses-base_6.3+20220423-2_all.deb
|
||||
9fb65819e3d595d8a4325810788a8f7f9ca1cd3d0f2e0ca8816a2e2e2822cb8f libpython3.10-stdlib_3.10.9-1_amd64.deb
|
||||
a0f4d9f42dcd12746f9aefbac32b9846aed45ad5fc532cecb0b83c518bf5d0bd libc-bin_2.36-6_amd64.deb
|
||||
a1a83af8cbd854af887b72ad196b1f4af58387815e21ced1000253a116a46e2a make_4.3-4.1_amd64.deb
|
||||
a36404e2b6e889d1c6e4f33a498a0413b766a3df558d1fe4ff4c33fa9ff4ce99 binutils-x86-64-linux-gnu_2.39.50.20221208-5_amd64.deb
|
||||
a5f06cc885e0710c6ab4b82a293ae4412bf28ba7166ab6b844f55235c50089ed libgcc-12-dev_12.2.0-10_amd64.deb
|
||||
a672bd3c22f639df30515b89cf9b86b2b887ffbdd1876737724d5515652ebd7c gcc_4%3a12.2.0-1_amd64.deb
|
||||
aaf001e0d4c68f995f9efbc551d54f213122fef99b3eaf9e28286bda6c03da73 libabsl20220623_20220623.1-1_amd64.deb
|
||||
ab9f503b5f22d3eeb89cb5927cb38d7b90c8088a6d658588aea1bd64e1d565b5 libldap-common_2.5.13+dfsg-2_all.deb
|
||||
aca5921e0d1bd6611cd7f1ff9c4c8cbdc2fdfc340134a5a17e56e983ec7d56bb libc-devtools_2.36-6_amd64.deb
|
||||
ae412490d277484dc79560b82023a656032dffa0d614316d1b0f4a58aa6c5ec9 gnupg-l10n_2.2.40-1_all.deb
|
||||
ae924c4961cac4e450793f04301ff6d993569915ed87825b14af5d602d3c48bc libncursesw6_6.3+20220423-2_amd64.deb
|
||||
af2957b92976a45dffa0f454fd2d8553e49a091f8702d510eda4374092d03fd4 cpp_4%3a12.2.0-1_amd64.deb
|
||||
b09481e7690680966005330c3f907bba4b5eefc35e1faaea4783cc55655d1150 libfaketime_0.9.10-2.1_amd64.deb
|
||||
b13b353b3655a800d63167e8741ae327cc3dd29729e69ee4b6f01ca6102b1d15 libselinux1_3.4-1+b3_amd64.deb
|
||||
b1966bea9832686a0fd5ddba9787dce5816ebe02218a4a8f7472a1628d73451b libsasl2-modules_2.1.28+dfsg-10_amd64.deb
|
||||
b1e8e1301552b2e27db6db28d652913cf7e836846fa9aa70c667b88436659b88 gpg_2.2.40-1_amd64.deb
|
||||
b212c3c7bb16ae7b1896676b7ddf26f8fc6159e88998a253ccecd82a7fe0c42a libsystemd0_252.2-2_amd64.deb
|
||||
b2af4cbcf7f407f2552f9f5ffbcb0edd32091fcf4a3909cbc3ad01e83e11c011 util-linux-extra_2.38.1-4_amd64.deb
|
||||
b5bb46fa5a6322b76474167c0872a7c9a43a3dbacda33fb95a567f2910629d55 gpgv_2.2.40-1_amd64.deb
|
||||
b983ab23743da7f3800b4218e852ff0140927d2fe75b70534ac03e196516aeda fontconfig-config_2.13.1-4.5_amd64.deb
|
||||
ba2c5558c5c9323dc5ce0011157a72279789d1016bfadf18b6c3f5cda3099786 libyuv0_0.0~git20221118.ea26d7a-2_amd64.deb
|
||||
baaa4e935c5e3bcd57d4f2f4e7a1ddc67bd4eb8629d98f97a696548849ae01ac bc_1.07.1-3+b1_amd64.deb
|
||||
bb73e6e11dd177b249e8c74572a3f77737afe9c4e2218cece5175f42198fc0ea libfakeroot_1.29-1_amd64.deb
|
||||
bb81a188c119cd7fdebae723cbc95887b6c549b2fe4fb7e268a9c8846444da99 libnsl-dev_1.3.0-2_amd64.deb
|
||||
bbfd38de41898a06326f2a6ce4cc43e8e399f5566381231065b01d70499d5ba5 build-essential_12.9_amd64.deb
|
||||
bcbc83f391854ea9d50ce2a4101aacf330de3b8b71d81a798faadba14a157f78 mawk_1.3.4.20200120-3.1_amd64.deb
|
||||
bd8e963c6edcf1c806df97cd73560794c347aa94b9aaaf3b88eea585bb2d2f3c tar_1.34+dfsg-1_amd64.deb
|
||||
beed9907afb85315ba2f5fc60fa09f0f9be2a409157cc2d45379b2e788698b0a libmount1_2.38.1-4_amd64.deb
|
||||
bffcac7e4f69e39d37d4a33e841d6371ac8b5aba6cd55546b385dc7ff6c702f5 libgcrypt20_1.10.1-3_amd64.deb
|
||||
c0161783577d1715c8a8ce101a8a513b14d141187ec3d05146721b0422ee9480 less_590-1_amd64.deb
|
||||
c0d83437fdb016cb289436f49f28a36be44b3e8f1f2498c7e3a095f709c0d6f8 libnsl2_1.3.0-2_amd64.deb
|
||||
c4e2eb142f8946b3a298bb807f41528332c6559691528ce547a409a7ca3ea7bc python3.10-minimal_3.10.9-1_amd64.deb
|
||||
c6435f0dfbfaf7beb6dad9b98c92ab7b8569a0eaff78f40aa4a8a97faf407fa9 usr-is-merged_33_all.deb
|
||||
c843bd13fde80bc21b178312059112cf5cfbcdb763e3f322f3fca0704d639815 libksba8_1.6.2-4_amd64.deb
|
||||
c9a0cbb6c0c1a1b16179ac9027a0660da875a0fd52ef300d52bb73493d79138b libapt-pkg6.0_2.5.4_amd64.deb
|
||||
caaec354f90fe671709b3fa2b969a9a618462fb2cc3fe03f8d28806f720a115f tzdata_2022f-1_all.deb
|
||||
cbe97163f8d968b27ce68403787a32d0e1aa1e8bd1301a11ef20a7a5671adc4a diffutils_1%3a3.8-1_amd64.deb
|
||||
cc0ffedcc1fb025a09dc3b7a62bac773d29c0a12bdcdd4fed2cfaa44520d132d gpg-agent_2.2.40-1_amd64.deb
|
||||
cc6a8974d64157873030c7c61d7c872552ddadf31f6d35b9bc4d69c69eb72ba9 libpcre3_2%3a8.39-14_amd64.deb
|
||||
cd4f20458589b515a1e39bf641e254d9e474e0d631d6eee5485cc1250a7a9808 mount_2.38.1-4_amd64.deb
|
||||
cde841b275163fd0e5d742b61df46fd7eb6b7bfc8c44f8537124f61e6bcccacc libgomp1_12.2.0-10_amd64.deb
|
||||
d095b7e3ff500f226cf752aeaced7df40e04682d34d4a1f7b0e47e92ffe6c079 libseccomp2_2.5.4-1+b2_amd64.deb
|
||||
d202861c602f3719350d4aede3e4c65ea88d6529b2e1e7115f805091f624e7fa krb5-locales_1.20.1-1_all.deb
|
||||
d20a3ee34fa84ad8bd381e8be6e9c2c2ea32347cff5e1169c10e978d43f54f24 libssh2-1_1.10.0-3+b1_amd64.deb
|
||||
d25fb9a24b8037f7fb513cd1706e6f11122f2890f994ee321fe7988e10567878 libsemanage2_3.4-1+b3_amd64.deb
|
||||
d466bbfe011d764d793c1d9d777cad9c7cf65b938e11598f27408171ad95a951 libunistring2_1.0-2_amd64.deb
|
||||
d4c7b71ce8628e2baa6b1ef3dc3871fdeb5747ab12ff8dcda0c29c379da7d38b gcc-12_12.2.0-10_amd64.deb
|
||||
d50716d5824083d667427817d506b45d3f59dc77e1ca52de000f3f62d4918afa libidn2-0_2.3.3-1+b1_amd64.deb
|
||||
d62e8967437998b351daaaf69e8886592574725d7e88d525625d29fd2b961339 libgssapi-krb5-2_1.20.1-1_amd64.deb
|
||||
d716f5b4346ec85bb728f4530abeb1da4a79f696c72d7f774c59ba127c202fa7 libpsl5_0.21.0-1.2_amd64.deb
|
||||
d7abcfaa67bc16c4aed960c959ca62849102c8a0a61b9af9a23fcc870ebc3c57 ca-certificates_20211016_all.deb
|
||||
d7dd1d1411fedf27f5e27650a6eff20ef294077b568f4c8c5e51466dc7c08ce4 zlib1g_1%3a1.2.13.dfsg-1_amd64.deb
|
||||
d85f4d2f4f740d09d5f578cf15bbb9b6a912a849047cf807253605d4815745e8 libfreetype6_2.12.1+dfsg-3_amd64.deb
|
||||
d8c263f47b03a942f2b807187dcc08286f8810c776f18e828dae0cc8b6375da5 libncurses6_6.3+20220423-2_amd64.deb
|
||||
d98df4f21fc17d8436e230acb36acc8a53a74e3cbcfb13a96a9f823c32fda695 debianutils_5.7-0.4_amd64.deb
|
||||
db2d207ae363db66000eec1367d87a5e88c638c5452738059c876580dcc2fc1a libgnutls30_3.7.8-4_amd64.deb
|
||||
db7c6704938a114c3028dd5bb4c05daa390d340f57cd882345a3290f88911314 gpgconf_2.2.40-1_amd64.deb
|
||||
dc32727dca9a87ba317da7989572011669f568d10159b9d8675ed7aedd26d686 libpng16-16_1.6.39-2_amd64.deb
|
||||
dc846a0eb742ee2d269e2f32bb351865d8014b39f1b1352af1cb4243b84497ef libtiff5_4.4.0-6_amd64.deb
|
||||
de2ae6cde14431c23b962246f0c304c526865a50c559edb30e9c056aa26a51e4 libpam-modules-bin_1.5.2-5_amd64.deb
|
||||
de70f6f7625819163f23f139fe47696a7e6b6eb5dad3eb12d88bddf3fd088b98 unzip_6.0-27_amd64.deb
|
||||
de7b7e4405d619241447144e88549c74abe4c5617b5b894821d975693209cefb debconf_1.5.80_all.deb
|
||||
dfd4b424dca7349cbb474cca239ee54363d85fdb13462a05ebd8e35d42bd6232 base-files_12.3_amd64.deb
|
||||
e0a108909fd3dae44e4a1cb3b91044012aea387b2734334ff816b6a78a0126ac libc6_2.36-6_amd64.deb
|
||||
e1f69020dc2c466e421ec6a58406b643be8b5c382abf0f8989011c1d3df91c87 librtmp1_2.4+20151223.gitfa8646d.1-2+b2_amd64.deb
|
||||
e3a156b87d37e8627a3a003c9a40d0e098bb1cec6938065b8c29dd844a1383b1 libdb5.3_5.3.28+dfsg1-0.10_amd64.deb
|
||||
e3ddd34ed745867a628dbf413f271d6a7f8c5b0d5e01a4103d12240fc6a9d31a libstdc++6_12.2.0-10_amd64.deb
|
||||
eabec1dde2834f72540d7b93fc5df2625f52611c06d93d61f5cdb12480e0e6a3 gzip_1.12-1_amd64.deb
|
||||
ebb1e8a210f61f48d95baedb3b03f32996b7e0e0abad1e319075ae2da36e9c6b libtinfo6_6.3+20220423-2_amd64.deb
|
||||
ebef6bcd777b5c0cc2699926f2159db08433aed07c50cb321fd828b28c5e8d53 ucf_3.0043_all.deb
|
||||
ec6dcc8ba88087606e70f8ef2e80952974da60a9f2745cc5316a91c2f06951c8 libext2fs2_1.46.6~rc1-1+b1_amd64.deb
|
||||
ecb8536f5fb34543b55bb9dc5f5b14c9dbb4150a7bddb3f2287b7cab6e9d25ef libxdmcp6_1%3a1.1.2-3_amd64.deb
|
||||
ed2328befa036dcb0455deecb4787c91e48606ebbea28aa329bd2a10adb7b2aa python3-minimal_3.10.6-1_amd64.deb
|
||||
ed43d96b4cae0ff0f2208456222151922ecd0bc1118f1e757ebe18206967a8ee libaom3_3.5.0-1_amd64.deb
|
||||
ed8185c28b2cb519744a5a462dcd720d3b332c9b88a1d0002eac06dc8550cb94 libhogweed6_3.8.1-2_amd64.deb
|
||||
eec4dc9d949d2c666b1da3fa762a340e8ba10c3a04d3eed32749a97695c15641 libtasn1-6_4.19.0-2_amd64.deb
|
||||
f3928b657449bc65fb2e13f5a0370c6b30d6e57a9de2eb13ce2ef9f277c8dc0b xz-utils_5.2.9-0.0_amd64.deb
|
||||
f79c858a5f9041fa7a836580816658a7cff16c562d32ae658347ae4a58b8ed75 adduser_3.129_all.deb
|
||||
f827028f9abbf30a2a6a7fc550482ae7dc1386fc1e4bb0335d79d7d0cc9c4a7f libatomic1_12.2.0-10_amd64.deb
|
||||
f9227bd91f834652cbb55c940cbc62f2230c1cfc649437a2efbca11767fd144b libitm1_12.2.0-10_amd64.deb
|
||||
f9a0fa43e37e835d44a728eaca53fe4e33f53cd5490199444c0c7d48bf3df67a gpgsm_2.2.40-1_amd64.deb
|
||||
f9ce24cbf69957dc1851fc55adba0a60b5bc617d51587b6478f2be64786442f1 init-system-helpers_1.65.2_all.deb
|
||||
f9ce531f60cbd5df37996af9370e0171be96902a17ec2bdbd8d62038c354094f zlib1g-dev_1%3a1.2.13.dfsg-1_amd64.deb
|
||||
fbdab45294d400a875d846da9a1da0b23854323fd03b5943bf54cd6125e41c96 libnghttp2-14_1.51.0-1_amd64.deb
|
||||
fc39271fdb2bfc46531f8c156e9ea02dd40935e21eddccf0d8c29c58d97a1f93 libaudit-common_1%3a3.0.7-1.1_all.deb
|
||||
fdc61332a3892168f3cc9cfa1fe9cf11a91dc3e0acacbc47cbc50ebaa234cc71 libxcb1_1.15-1_amd64.deb
|
||||
fdd885dc27ec30f87312c959d1b44db6faffbc07b8eaec0d5a5e5b2fbcd79d46 libsqlite3-0_3.40.0-1_amd64.deb
|
||||
fe36a7f35361fc40d0057ef447a7302fd41d51740d51c98fb3870bbed5b96e56 libexpat1_2.5.0-1_amd64.deb
|
||||
fe524a9de7ed6b2a1465693f12d5f7be2d2d9f6d6e6bf028f17109263e173dc8 liblocale-gettext-perl_1.07-5_amd64.deb
|
||||
feb6aaa0bd183246ca915b88825c68f3b5a6507bc70a8c2eb70d1e4cb9e83225 libsmartcols1_2.38.1-4_amd64.deb
|
||||
ff12fc51e092aaae4992317c5f7f26d1e73e6fde4296a8cdfe1b739b51e4b0ab xauth_1%3a1.1.1-1_amd64.deb
|
||||
ff1d5281131fb36c6da4f3c40a6b75010bf94f2b15fd3497500a1b056d01c63b ncurses-bin_6.3+20220423-2_amd64.deb
|
||||
ff79706e87a63a34de6ade3632dc0855029ff7abb36ef9976d5e229887c836f9 gpg-wks-server_2.2.40-1_amd64.deb
|
||||
ffd88ba260f07a50c33e849bce75895f17c993d8040397941c58703701d184c3 libpam-modules_1.5.2-5_amd64.deb
|
|
@ -0,0 +1,13 @@
|
|||
debian-archive-keyring
|
||||
build-essential
|
||||
git
|
||||
libfaketime
|
||||
file
|
||||
wget
|
||||
cpio
|
||||
unzip
|
||||
rsync
|
||||
bc
|
||||
libncurses-dev
|
||||
python3
|
||||
libelf-dev
|
|
@ -0,0 +1,259 @@
|
|||
adduser=3.129
|
||||
apt=2.5.4
|
||||
base-files=12.3
|
||||
base-passwd=3.6.1
|
||||
bash=5.2-2+b1
|
||||
bc=1.07.1-3+b1
|
||||
binutils-common=2.39.50.20221208-5
|
||||
binutils-x86-64-linux-gnu=2.39.50.20221208-5
|
||||
binutils=2.39.50.20221208-5
|
||||
bsdutils=1:2.38.1-4
|
||||
build-essential=12.9
|
||||
bzip2=1.0.8-5+b1
|
||||
ca-certificates=20211016
|
||||
coreutils=9.1-1
|
||||
cpio=2.13+dfsg-7.1
|
||||
cpp-12=12.2.0-10
|
||||
cpp=4:12.2.0-1
|
||||
dash=0.5.11+git20210903+057cd650a4ed-9
|
||||
debconf=1.5.80
|
||||
debian-archive-keyring=2021.1.1
|
||||
debianutils=5.7-0.4
|
||||
diffutils=1:3.8-1
|
||||
dirmngr=2.2.40-1
|
||||
dpkg-dev=1.21.12
|
||||
dpkg=1.21.12
|
||||
e2fsprogs=1.46.6~rc1-1+b1
|
||||
fakeroot=1.29-1
|
||||
file=1:5.41-4
|
||||
findutils=4.9.0-3
|
||||
fontconfig-config=2.13.1-4.5
|
||||
fonts-dejavu-core=2.37-2
|
||||
g++-12=12.2.0-10
|
||||
g++=4:12.2.0-1
|
||||
gcc-12-base=12.2.0-10
|
||||
gcc-12=12.2.0-10
|
||||
gcc=4:12.2.0-1
|
||||
git-man=1:2.35.1-1
|
||||
git=1:2.35.1-1
|
||||
gnupg-l10n=2.2.40-1
|
||||
gnupg-utils=2.2.40-1
|
||||
gnupg=2.2.40-1
|
||||
gpg-agent=2.2.40-1
|
||||
gpg-wks-client=2.2.40-1
|
||||
gpg-wks-server=2.2.40-1
|
||||
gpg=2.2.40-1
|
||||
gpgconf=2.2.40-1
|
||||
gpgsm=2.2.40-1
|
||||
gpgv=2.2.40-1
|
||||
grep=3.8-3
|
||||
gzip=1.12-1
|
||||
hostname=3.23
|
||||
init-system-helpers=1.65.2
|
||||
krb5-locales=1.20.1-1
|
||||
less=590-1
|
||||
libabsl20220623=20220623.1-1
|
||||
libacl1=2.3.1-2
|
||||
libalgorithm-diff-perl=1.201-1
|
||||
libalgorithm-diff-xs-perl=0.04-8+b1
|
||||
libalgorithm-merge-perl=0.08-5
|
||||
libaom3=3.5.0-1
|
||||
libapt-pkg6.0=2.5.4
|
||||
libasan8=12.2.0-10
|
||||
libassuan0=2.5.5-5
|
||||
libatomic1=12.2.0-10
|
||||
libattr1=1:2.5.1-3
|
||||
libaudit-common=1:3.0.7-1.1
|
||||
libaudit1=1:3.0.7-1.1+b2
|
||||
libavif15=0.11.1-1
|
||||
libbinutils=2.39.50.20221208-5
|
||||
libblkid1=2.38.1-4
|
||||
libbrotli1=1.0.9-2+b5
|
||||
libbsd0=0.11.7-1
|
||||
libbz2-1.0=1.0.8-5+b1
|
||||
libc-bin=2.36-6
|
||||
libc-dev-bin=2.36-6
|
||||
libc-devtools=2.36-6
|
||||
libc6-dev=2.36-6
|
||||
libc6=2.36-6
|
||||
libcap-ng0=0.8.3-1+b2
|
||||
libcap2=1:2.44-1
|
||||
libcbor0.8=0.8.0-2+b1
|
||||
libcc1-0=12.2.0-10
|
||||
libcom-err2=1.46.6~rc1-1+b1
|
||||
libcrypt-dev=1:4.4.33-1
|
||||
libcrypt1=1:4.4.33-1
|
||||
libctf-nobfd0=2.39.50.20221208-5
|
||||
libctf0=2.39.50.20221208-5
|
||||
libcurl3-gnutls=7.86.0-2
|
||||
libdav1d6=1.0.0-2
|
||||
libdb5.3=5.3.28+dfsg1-0.10
|
||||
libde265-0=1.0.9-1
|
||||
libdebconfclient0=0.265
|
||||
libdeflate0=1.14-1
|
||||
libdpkg-perl=1.21.12
|
||||
libedit2=3.1-20221030-2
|
||||
libelf-dev=0.188-1
|
||||
libelf1=0.188-1
|
||||
liberror-perl=0.17029-2
|
||||
libexpat1=2.5.0-1
|
||||
libext2fs2=1.46.6~rc1-1+b1
|
||||
libfakeroot=1.29-1
|
||||
libfaketime=0.9.10-2.1
|
||||
libffi8=3.4.4-1
|
||||
libfido2-1=1.12.0-2
|
||||
libfile-fcntllock-perl=0.22-4+b1
|
||||
libfontconfig1=2.13.1-4.5
|
||||
libfreetype6=2.12.1+dfsg-3
|
||||
libgav1-1=0.18.0-1+b1
|
||||
libgcc-12-dev=12.2.0-10
|
||||
libgcc-s1=12.2.0-10
|
||||
libgcrypt20=1.10.1-3
|
||||
libgd3=2.3.3-7
|
||||
libgdbm-compat4=1.23-3
|
||||
libgdbm6=1.23-3
|
||||
libgmp10=2:6.2.1+dfsg1-1.1
|
||||
libgnutls30=3.7.8-4
|
||||
libgomp1=12.2.0-10
|
||||
libgpg-error0=1.46-1
|
||||
libgpm2=1.20.7-10+b1
|
||||
libgprofng0=2.39.50.20221208-5
|
||||
libgssapi-krb5-2=1.20.1-1
|
||||
libheif1=1.13.0-1
|
||||
libhogweed6=3.8.1-2
|
||||
libidn2-0=2.3.3-1+b1
|
||||
libisl23=0.25-1
|
||||
libitm1=12.2.0-10
|
||||
libjansson4=2.14-2
|
||||
libjbig0=2.1-6.1
|
||||
libjpeg62-turbo=1:2.1.2-1+b1
|
||||
libk5crypto3=1.20.1-1
|
||||
libkeyutils1=1.6.3-1
|
||||
libkrb5-3=1.20.1-1
|
||||
libkrb5support0=1.20.1-1
|
||||
libksba8=1.6.2-4
|
||||
libldap-2.5-0=2.5.13+dfsg-2+b1
|
||||
libldap-common=2.5.13+dfsg-2
|
||||
liblerc4=4.0.0+ds-2
|
||||
liblocale-gettext-perl=1.07-5
|
||||
liblsan0=12.2.0-10
|
||||
liblz4-1=1.9.4-1
|
||||
liblzma5=5.2.9-0.0
|
||||
libmagic-mgc=1:5.41-4
|
||||
libmagic1=1:5.41-4
|
||||
libmd0=1.0.4-2
|
||||
libmount1=2.38.1-4
|
||||
libmpc3=1.2.1-2
|
||||
libmpdec3=2.5.1-2
|
||||
libmpfr6=4.1.0-3
|
||||
libncurses-dev=6.3+20220423-2
|
||||
libncurses6=6.3+20220423-2
|
||||
libncursesw6=6.3+20220423-2
|
||||
libnettle8=3.8.1-2
|
||||
libnghttp2-14=1.51.0-1
|
||||
libnpth0=1.6-3
|
||||
libnsl-dev=1.3.0-2
|
||||
libnsl2=1.3.0-2
|
||||
libnuma1=2.0.15-1
|
||||
libp11-kit0=0.24.1-1
|
||||
libpam-modules-bin=1.5.2-5
|
||||
libpam-modules=1.5.2-5
|
||||
libpam-runtime=1.5.2-5
|
||||
libpam0g=1.5.2-5
|
||||
libpcre2-8-0=10.40-3
|
||||
libpcre3=2:8.39-14
|
||||
libperl5.36=5.36.0-6
|
||||
libpng16-16=1.6.39-2
|
||||
libpopt0=1.19+dfsg-1
|
||||
libpsl5=0.21.0-1.2
|
||||
libpython3-stdlib=3.10.6-1
|
||||
libpython3.10-minimal=3.10.9-1
|
||||
libpython3.10-stdlib=3.10.9-1
|
||||
libquadmath0=12.2.0-10
|
||||
librav1e0=0.5.1-5
|
||||
libreadline8=8.2-1.2
|
||||
librtmp1=2.4+20151223.gitfa8646d.1-2+b2
|
||||
libsasl2-2=2.1.28+dfsg-10
|
||||
libsasl2-modules-db=2.1.28+dfsg-10
|
||||
libsasl2-modules=2.1.28+dfsg-10
|
||||
libseccomp2=2.5.4-1+b2
|
||||
libselinux1=3.4-1+b3
|
||||
libsemanage-common=3.4-1
|
||||
libsemanage2=3.4-1+b3
|
||||
libsepol2=3.4-2
|
||||
libsmartcols1=2.38.1-4
|
||||
libsqlite3-0=3.40.0-1
|
||||
libss2=1.46.6~rc1-1+b1
|
||||
libssh2-1=1.10.0-3+b1
|
||||
libssl3=3.0.7-1
|
||||
libstdc++-12-dev=12.2.0-10
|
||||
libstdc++6=12.2.0-10
|
||||
libsvtav1enc1=1.4.0+dfsg-1
|
||||
libsystemd0=252.2-2
|
||||
libtasn1-6=4.19.0-2
|
||||
libtiff5=4.4.0-6
|
||||
libtinfo6=6.3+20220423-2
|
||||
libtirpc-common=1.3.3+ds-1
|
||||
libtirpc-dev=1.3.3+ds-1
|
||||
libtirpc3=1.3.3+ds-1
|
||||
libtsan2=12.2.0-10
|
||||
libubsan1=12.2.0-10
|
||||
libudev1=252.2-2
|
||||
libunistring2=1.0-2
|
||||
libuuid1=2.38.1-4
|
||||
libwebp7=1.2.2-2+b2
|
||||
libx11-6=2:1.8.1-2
|
||||
libx11-data=2:1.8.1-2
|
||||
libx265-199=3.5-2+b1
|
||||
libxau6=1:1.0.9-1
|
||||
libxcb1=1.15-1
|
||||
libxdmcp6=1:1.1.2-3
|
||||
libxext6=2:1.3.4-1+b1
|
||||
libxmuu1=2:1.1.3-3
|
||||
libxpm4=1:3.5.12-1
|
||||
libxxhash0=0.8.1-1
|
||||
libyuv0=0.0~git20221118.ea26d7a-2
|
||||
libzstd1=1.5.2+dfsg-1
|
||||
linux-libc-dev=6.0.12-1
|
||||
login=1:4.13+dfsg1-1
|
||||
logsave=1.46.6~rc1-1+b1
|
||||
make=4.3-4.1
|
||||
manpages-dev=6.01-1
|
||||
manpages=6.01-1
|
||||
mawk=1.3.4.20200120-3.1
|
||||
media-types=8.0.0
|
||||
mount=2.38.1-4
|
||||
ncurses-base=6.3+20220423-2
|
||||
ncurses-bin=6.3+20220423-2
|
||||
netbase=6.4
|
||||
openssh-client=1:9.1p1-1
|
||||
openssl=3.0.7-1
|
||||
passwd=1:4.13+dfsg1-1
|
||||
patch=2.7.6-7
|
||||
perl-base=5.36.0-6
|
||||
perl-modules-5.36=5.36.0-6
|
||||
perl=5.36.0-6
|
||||
pinentry-curses=1.2.1-1
|
||||
publicsuffix=20220811.1734-1
|
||||
python3-minimal=3.10.6-1
|
||||
python3.10-minimal=3.10.9-1
|
||||
python3.10=3.10.9-1
|
||||
python3=3.10.6-1
|
||||
readline-common=8.2-1.2
|
||||
rpcsvc-proto=1.4.3-1
|
||||
rsync=3.2.6-4+b1
|
||||
sed=4.8-1
|
||||
sensible-utils=0.0.17
|
||||
sysvinit-utils=3.05-7
|
||||
tar=1.34+dfsg-1
|
||||
tzdata=2022f-1
|
||||
ucf=3.0043
|
||||
unzip=6.0-27
|
||||
usr-is-merged=33
|
||||
util-linux-extra=2.38.1-4
|
||||
util-linux=2.38.1-4
|
||||
wget=1.21.3-1+b2
|
||||
xauth=1:1.1.1-1
|
||||
xz-utils=5.2.9-0.0
|
||||
zlib1g-dev=1:1.2.13.dfsg-1
|
||||
zlib1g=1:1.2.13.dfsg-1
|
|
@ -0,0 +1,6 @@
|
|||
deb http://deb.debian.org/debian bookworm main
|
||||
deb http://security.debian.org/debian-security bookworm-security main
|
||||
deb http://deb.debian.org/debian bookworm-updates main
|
||||
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20221220T000000Z bookworm main
|
||||
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian-security/20221220T000000Z bookworm-security main
|
||||
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20221220T000000Z bookworm-updates main
|
Binary file not shown.
|
@ -0,0 +1,16 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEzAzToO3Ax9K7Run3B88Hlc0qV+sFAmP+XQ4ACgkQB88Hlc0q
|
||||
V+v1lg/9HxgMu/SLVcDlLEi0uz21693OwEBjcxL1rRca7y4/t/upGnhu53c0gM7W
|
||||
ws+voJWWi9d8wTeuwl9yxvajdAo8I3Jw78hjXZWvqTK0CmLSSfCBTH6e7uRpvzbC
|
||||
cJrc3QiErI84TpJde4NmZpMz6oGPzp+qdoAPCvsSiS2xy97+ZGB9OIfffjmlN86L
|
||||
ZIjKCB0K2+yijB3pa/faNHv3Jv4XKliUXP+AelT0Rsw2466Bndruh63mxNjqYZiC
|
||||
54hVd46ASwhS4YDNFZVrcYJNETr52328QjhtNlPsG83E2KGp2rl9mFaiXxLQsFD0
|
||||
7j0VPIFPAqDvD7ZhAf5oTZDmo2BJYZpGTmTjBAdKDKCWySbwIEoGC65UoOY8ROXV
|
||||
uGNqf9enFzWfnwLcDiujDo3e51Dag65FnEGkUDLUo/D/2B+r9vEzesVdTuGx3Szh
|
||||
OTldUZp0ls9bCqhO4cCllZheswREbTTUUSYMYGNsRF+j6VaBR8jYa9yM4AX/Qk4N
|
||||
9cokKyUD/ci49CH8R6THliD7FtF1G+LWvgHI4ZKzrEMJGyJVTiimHX4N2BJzZtUv
|
||||
ObfCcskscf6DZxDpiFG256t2FYL3zQzNCaLj7mBpwe9NRuLwiSuHgS3udP9qossn
|
||||
6Zew0D+a9wpst1MibKMx1G6eLn24Bjly81LDvIaKPn/yRIRrVzc=
|
||||
=RJE0
|
||||
-----END PGP SIGNATURE-----
|
|
@ -1,16 +1,16 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAma0fbsACgkQjkeh7DWh
|
||||
VR0lYBAAsjKcqgoSM73lck4gSga3CWtTfZ/k7azr98HnUw5InTyTwvna2sRGL3jb
|
||||
Q0pUhrPVQVmjXSyxD/hR/uLuiAfUn2Gyhp1MZS3C7jmFcRsxCJzNbByv/2bUS2+U
|
||||
5TaCoxmM8SdxTqcBIyYylKzZ4ub0t3bCWUt2uPqdSqslgEReeqbzzE3jpmiUfmHE
|
||||
daaZhZa3iPEr7vqq00jUGFuSEdxQCQkty0nZHzfGhHwbliiUGyH6/bb+u4v5eGYH
|
||||
VEyRq0CWFgw5sywpSf3UZjR0fkd0do9z6Li1ggN2GV63I4oT3L1LltcMXtgfMp+B
|
||||
SA3gz7/mJsMqM6H2ZWqUgJAZw/mZCGStftSnOTKdyEtpzagNNeePa5f4kM1ZuHF6
|
||||
ehSl1nbnCeCPfedS8+oUm3v8qWiFLXz4tmYvBnfDWaUXIYpNOrvJPtatdinTNRfl
|
||||
nglyEt6Olc+3vEqkrEl7JFu13Gl92mbuhhelKjM/VDheHBUZ6yrso1aLbyruO+wm
|
||||
RxL3pQSCNfAnIQpSdkXga5gVvbZDDISBast3qHFuZaZFbo2p24hw0HnLAfyCrxgF
|
||||
JnN3x2qqRlTzQSrVr4EEXUwUqpt5LlnQ3kDLNVYhXuqTdmyETj1YGnAXkqV/D+Z7
|
||||
B7hlDdddXI5d0yDoYPAmF9N7XJCasdfutnO/8IfZ/eE989jYybE=
|
||||
=eruT
|
||||
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAmP5OHwACgkQjkeh7DWh
|
||||
VR08/w//ScO/qM0a8JAAsCuCXEeZIJAhkICrxOCjMl6z9KP3lU8yVU6NL/ULF9P4
|
||||
0nW5A1jnZo9PKcabV1RKFkQ/UuJdmUOuupg5JkN5X99rR/SDZ6hrsVy/tS6kjKaU
|
||||
Z9qMGlsVRYVdbBb+VKtQB1gguj04QXVD9iAFIeAeaRRNMhtqo7gMHU1cdOkB86g2
|
||||
H4w25LuxkIfRtyGlUgtBMS3MqpRiNjUSunP357VlHFBEGv4yT7CcdLK68FFd6Qzp
|
||||
U1KJja5DG68aVTHdT47LvFCKRPjyFvheA1Ok1feSnYrOqPAhzYEFuWoE+f/+/nsI
|
||||
JLqGVvPO7g40p0YXZdPWjQON4ZpcRuWG9TRg85G4WV+sQfqnDpz1i2++pb2RrOMI
|
||||
SNwUIz8zdTaWo1G+AoNfaveybk7BOlAstjDwA5SzukFNrPvBSOQpe53i+NGyTAPS
|
||||
pbKnir6IAD1QwagZOzYac6tzE4ZX2F7zmjPrwCDHGYAYuaQV+1CWiIvnN5zCjHXe
|
||||
pvl22LKwr8BDRHzmVpctdVojlkb4llrbdzq3cMZgdXasXKORD9+yuGAK5+hfekmi
|
||||
vsUMROvIp27q/eFL5fLTIP3clOo5+foWdB4cqWoS0q+5qIG3Aa0YZp9HDeI9pdjH
|
||||
W11QFp4tlrDwA0lgHdUiF4vITxDk/+qz0Hi3gKCll87cmXUufRg=
|
||||
=wZZ6
|
||||
-----END PGP SIGNATURE-----
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEiII6deyqeGsP84sUjkAUeKP773IFAma0f0IACgkQjkAUeKP7
|
||||
73I33w//SaGbbM9z8SYsWhii1SBnfs6NVQSwdBoO20C4gFdmZkPVDak3QoCAioaC
|
||||
GjlEOEDb7SXfWi3n2z72P97dswN6dG1IxQKR1N913IWzUUEXGR0phaC+o0P1/f74
|
||||
MXrcUDLwwJwZsA/0zMV6gHvONEqwgmfEO4WrEB/Ty7ueoJjsmQ2oauWytlh8CVDR
|
||||
3HFwiVoAjRC2d0vKj0eL2n9pNQNEYKb+oJ/gq3sk2L8qPs1vThQguHADvqmi6V3w
|
||||
+4tZqviksPXb+sve3VTsKFDbd5AXvcRY4TbPawQ5W7Aa6iK9W/yA10+zXvcHoGrA
|
||||
6iMR94yI9eprBkqoeoxr2MHPk+8d9xXB16hY/h+OCPibkFFfPST9GDFcp0nk1JFH
|
||||
b0bbpanBsxwN3IxTAL0a7iD2nxftZHjgiZib1lhdhLg35o9iou1V0fRPwdjepS3o
|
||||
2TBvKhtNncUW/87ZhxhdkTI/iUvS0iem3KHUQXkM+ziOC5zGf+PYvMCuy2P0oSei
|
||||
731aVOgxKbpEZHY0pTkuqG7U4+RWZ+KJEnxETcZWoCeY9DW/u2Dx5hukeZJbvmUo
|
||||
111vBoziyocgKvKi5S3ctZaAwm2wNsE0TU/o5u9+Q5ST1wgsKJF+F0laCUQcDPwM
|
||||
UyM5VznH31pChrlzRiUcsm0lMvDkx+JfTSBPOgzABMAcQ3YuTSk=
|
||||
=e+q6
|
||||
-----END PGP SIGNATURE-----
|
|
@ -1,2 +1,2 @@
|
|||
fe92783ef775ccc5e32baefb26f951b7f37ed26ecbb4601a068e20b31bebadbb airgap.iso
|
||||
b714c963bd8b1f3a38295821f0a3521bc64f97c1023c49d22a2e7433385b1a09 release.env
|
||||
5b830f69691a96deb50caa68b69b7a6bb34a0af8c55a0d7dd21c1771683f96e1 airgap.iso
|
||||
89695f9584b98adea86887de56774b8747c4f36092611c31da367a63f072954d release.env
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
VERSION=2024.8.1
|
||||
GIT_REF=ea623cc147741b0a753ce4ea7aabe512df9a2ef9
|
||||
VERSION=2023.02.24
|
||||
GIT_REF=2376bc53dc4609ad0bff55e0b3365891db6fbeea
|
||||
GIT_AUTHOR=Lance R. Vick
|
||||
GIT_PUBKEY=6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||
GIT_TIMESTAMP=2024-08-08 00:34:41 -0700
|
||||
GIT_KEY=6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||
GIT_TIMESTAMP=2023-02-24 13:31:37 -0800
|
||||
|
|
|
@ -1,55 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
DAEMON="syslogd"
|
||||
PIDFILE="/var/run/$DAEMON.pid"
|
||||
|
||||
SYSLOGD_ARGS=""
|
||||
|
||||
# shellcheck source=/dev/null
|
||||
[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
|
||||
|
||||
# BusyBox' syslogd does not create a pidfile, so pass "-n" in the command line
|
||||
# and use "-m" to instruct start-stop-daemon to create one.
|
||||
start() {
|
||||
printf 'Starting %s: ' "$DAEMON"
|
||||
# shellcheck disable=SC2086 # we need the word splitting
|
||||
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/sbin/$DAEMON" \
|
||||
-- -n $SYSLOGD_ARGS
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
stop() {
|
||||
printf 'Stopping %s: ' "$DAEMON"
|
||||
start-stop-daemon -K -q -p "$PIDFILE"
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
rm -f "$PIDFILE"
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
sleep 1
|
||||
start
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start|stop|restart)
|
||||
"$1";;
|
||||
reload)
|
||||
# Restart, since there is no true "reload" feature.
|
||||
restart;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|reload}"
|
||||
exit 1
|
||||
esac
|
|
@ -1,55 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
DAEMON="klogd"
|
||||
PIDFILE="/var/run/$DAEMON.pid"
|
||||
|
||||
KLOGD_ARGS=""
|
||||
|
||||
# shellcheck source=/dev/null
|
||||
[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
|
||||
|
||||
# BusyBox' klogd does not create a pidfile, so pass "-n" in the command line
|
||||
# and use "-m" to instruct start-stop-daemon to create one.
|
||||
start() {
|
||||
printf 'Starting %s: ' "$DAEMON"
|
||||
# shellcheck disable=SC2086 # we need the word splitting
|
||||
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/sbin/$DAEMON" \
|
||||
-- -n $KLOGD_ARGS
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
stop() {
|
||||
printf 'Stopping %s: ' "$DAEMON"
|
||||
start-stop-daemon -K -q -p "$PIDFILE"
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
rm -f "$PIDFILE"
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
sleep 1
|
||||
start
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start|stop|restart)
|
||||
"$1";;
|
||||
reload)
|
||||
# Restart, since there is no true "reload" feature.
|
||||
restart;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|reload}"
|
||||
exit 1
|
||||
esac
|
|
@ -1,94 +0,0 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# This script is used by busybox and procps-ng.
|
||||
#
|
||||
# With procps-ng, the "--system" option of sysctl also enables "--ignore", so
|
||||
# errors are not reported via syslog. Use the run_logger function to mimic the
|
||||
# --system behavior, still reporting errors via syslog. Users not interested
|
||||
# on error reports can add "-e" to SYSCTL_ARGS.
|
||||
#
|
||||
# busybox does not have a "--system" option neither reports errors via syslog,
|
||||
# so the scripting provides a consistent behavior between the implementations.
|
||||
# Testing the busybox sysctl exit code is fruitless, as at the moment, since
|
||||
# its exit status is zero even if errors happen. Hopefully this will be fixed
|
||||
# in a future busybox version.
|
||||
|
||||
PROGRAM="sysctl"
|
||||
|
||||
SYSCTL_ARGS=""
|
||||
|
||||
# shellcheck source=/dev/null
|
||||
[ -r "/etc/default/$PROGRAM" ] && . "/etc/default/$PROGRAM"
|
||||
|
||||
# Files are read from directories in the SYSCTL_SOURCES list, in the given
|
||||
# order. A file may be used more than once, since there can be multiple
|
||||
# symlinks to it. No attempt is made to prevent this.
|
||||
SYSCTL_SOURCES="/etc/sysctl.d/ /usr/local/lib/sysctl.d/ /usr/lib/sysctl.d/ /lib/sysctl.d/ /etc/sysctl.conf"
|
||||
|
||||
# If the logger utility is available all messages are sent to syslog, except
|
||||
# for the final status. The file redirections do the following:
|
||||
#
|
||||
# - stdout is redirected to syslog with facility.level "kern.info"
|
||||
# - stderr is redirected to syslog with facility.level "kern.err"
|
||||
# - file dscriptor 4 is used to pass the result to the "start" function.
|
||||
#
|
||||
run_logger() {
|
||||
# shellcheck disable=SC2086 # we need the word splitting
|
||||
find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \
|
||||
xargs -0 -r -n 1 readlink -f | {
|
||||
prog_status="OK"
|
||||
while :; do
|
||||
read -r file || {
|
||||
echo "$prog_status" >&4
|
||||
break
|
||||
}
|
||||
echo "* Applying $file ..."
|
||||
/sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL"
|
||||
done 2>&1 >&3 | /usr/bin/logger -t sysctl -p kern.err
|
||||
} 3>&1 | /usr/bin/logger -t sysctl -p kern.info
|
||||
}
|
||||
|
||||
# If logger is not available all messages are sent to stdout/stderr.
|
||||
run_std() {
|
||||
# shellcheck disable=SC2086 # we need the word splitting
|
||||
find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \
|
||||
xargs -0 -r -n 1 readlink -f | {
|
||||
prog_status="OK"
|
||||
while :; do
|
||||
read -r file || {
|
||||
echo "$prog_status" >&4
|
||||
break
|
||||
}
|
||||
echo "* Applying $file ..."
|
||||
/sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL"
|
||||
done
|
||||
}
|
||||
}
|
||||
|
||||
if [ -x /usr/bin/logger ]; then
|
||||
run_program="run_logger"
|
||||
else
|
||||
run_program="run_std"
|
||||
fi
|
||||
|
||||
start() {
|
||||
printf '%s %s: ' "$1" "$PROGRAM"
|
||||
status=$("$run_program" 4>&1)
|
||||
echo "$status"
|
||||
if [ "$status" = "OK" ]; then
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
start "Running";;
|
||||
restart|reload)
|
||||
start "Rerunning";;
|
||||
stop)
|
||||
:;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|reload}"
|
||||
exit 1
|
||||
esac
|
|
@ -1,24 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
printf "Populating %s using udev: " "${udev_root:-/dev}"
|
||||
[ -e /proc/sys/kernel/hotplug ] && printf '\000\000\000\000' > /proc/sys/kernel/hotplug
|
||||
/sbin/udevd -d || { echo "FAIL"; exit 1; }
|
||||
udevadm trigger --type=subsystems --action=add
|
||||
udevadm trigger --type=devices --action=add
|
||||
udevadm settle --timeout=30 || echo "udevadm settle failed"
|
||||
echo "done"
|
||||
;;
|
||||
stop)
|
||||
# Stop execution of events
|
||||
udevadm control --stop-exec-queue
|
||||
killall udevd
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
|
@ -1,20 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
/usr/sbin/pcscd -d || { echo "FAIL"; exit 1; }
|
||||
killall pcscd
|
||||
/usr/sbin/pcscd -d || { echo "FAIL"; exit 1; }
|
||||
echo "done"
|
||||
;;
|
||||
stop)
|
||||
# Stop execution of events
|
||||
killall pcscd
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
|
@ -1,70 +0,0 @@
|
|||
#! /bin/sh
|
||||
#
|
||||
# Preserve the random seed between reboots. See urandom(4).
|
||||
#
|
||||
|
||||
# Quietly do nothing if /dev/urandom does not exist
|
||||
[ -c /dev/urandom ] || exit 0
|
||||
|
||||
URANDOM_SEED="/var/lib/random-seed"
|
||||
|
||||
# shellcheck source=/dev/null
|
||||
[ -r "/etc/default/urandom" ] && . "/etc/default/urandom"
|
||||
|
||||
if pool_bits=$(cat /proc/sys/kernel/random/poolsize 2> /dev/null); then
|
||||
pool_size=$((pool_bits/8))
|
||||
else
|
||||
pool_size=512
|
||||
fi
|
||||
|
||||
init_rng() {
|
||||
[ -f "$URANDOM_SEED" ] || return 0
|
||||
printf 'Initializing random number generator: '
|
||||
dd if="$URANDOM_SEED" bs="$pool_size" of=/dev/urandom count=1 2> /dev/null
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
save_random_seed() {
|
||||
printf 'Saving random seed: '
|
||||
status=1
|
||||
if touch "$URANDOM_SEED.new" 2> /dev/null; then
|
||||
old_umask=$(umask)
|
||||
umask 077
|
||||
dd if=/dev/urandom of="$URANDOM_SEED.tmp" bs="$pool_size" count=1 2> /dev/null
|
||||
cat "$URANDOM_SEED" "$URANDOM_SEED.tmp" 2>/dev/null \
|
||||
| sha256sum \
|
||||
| cut -d ' ' -f 1 > "$URANDOM_SEED.new" && \
|
||||
mv "$URANDOM_SEED.new" "$URANDOM_SEED" && status=0
|
||||
rm -f "$URANDOM_SEED.tmp"
|
||||
umask "$old_umask"
|
||||
if [ "$status" -eq 0 ]; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
|
||||
else
|
||||
echo "SKIP (read-only file system detected)"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start|restart|reload)
|
||||
# Carry a random seed from start-up to start-up
|
||||
# Load and then save the whole entropy pool
|
||||
init_rng && save_random_seed;;
|
||||
stop)
|
||||
# Carry a random seed from shut-down to start-up
|
||||
# Save the whole entropy pool
|
||||
save_random_seed;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|reload}"
|
||||
exit 1
|
||||
esac
|
|
@ -1,27 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
|
||||
# Stop all init scripts in /etc/init.d
|
||||
# executing them in reversed numerical order.
|
||||
#
|
||||
for i in $(ls -r /etc/init.d/S??*) ;do
|
||||
|
||||
# Ignore dangling symlinks (if any).
|
||||
[ ! -f "$i" ] && continue
|
||||
|
||||
case "$i" in
|
||||
*.sh)
|
||||
# Source shell script for speed.
|
||||
(
|
||||
trap - INT QUIT TSTP
|
||||
set stop
|
||||
. $i
|
||||
)
|
||||
;;
|
||||
*)
|
||||
# No sh extension, so fork subprocess.
|
||||
$i stop
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
|
||||
# Start all init scripts in /etc/init.d
|
||||
# executing them in numerical order.
|
||||
#
|
||||
for i in /etc/init.d/S??* ;do
|
||||
|
||||
# Ignore dangling symlinks (if any).
|
||||
[ ! -f "$i" ] && continue
|
||||
|
||||
case "$i" in
|
||||
*.sh)
|
||||
# Source shell script for speed.
|
||||
(
|
||||
trap - INT QUIT TSTP
|
||||
set start
|
||||
. $i
|
||||
)
|
||||
;;
|
||||
*)
|
||||
# No sh extension, so fork subprocess.
|
||||
$i start
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
#!/bin/sh
|
||||
exec /bin/init
|
|
@ -1,15 +0,0 @@
|
|||
KERNEL!="mmcblk[0-9]p[0-9]|sd[a-z][0-9]", GOTO="automount_end"
|
||||
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="automount_end"
|
||||
IMPORT{program}="/sbin/blkid -o udev -p %N"
|
||||
|
||||
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"
|
||||
ENV{ID_FS_LABEL}=="", ENV{dir_name}="%k"
|
||||
|
||||
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
|
||||
ACTION=="add", ENV{ID_FS_TYPE}=="vfat", ENV{mount_options}="relatime,utf8,flush,user,umask=0000"
|
||||
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"
|
||||
ACTION=="add", RUN+="/usr/local/bin/autorun /media/%E{dir_name}"
|
||||
|
||||
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"
|
||||
|
||||
LABEL="automount_end"
|
|
@ -1,28 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
source /etc/profile
|
||||
|
||||
folder=${1?}
|
||||
|
||||
if [ "$folder" == "/media/USER" ] && [ -f "${folder}/autorun.sh" ]; then
|
||||
if touch "${folder}/.write_test" 2>/dev/null; then
|
||||
echo "!! Autorun: Read-only verification failed for /media/USER" >/dev/console
|
||||
exit 1;
|
||||
else
|
||||
echo "" >/dev/console
|
||||
echo "++ Autorun: Found /media/USER/autorun.sh" >/dev/console;
|
||||
echo "** Autorun: Executing /media/USER/autorun.sh" >/dev/console
|
||||
/bin/bash "/media/USER/autorun.sh" >/dev/console
|
||||
fi
|
||||
elif [ -f "${folder}/autorun.sh.asc" ]; then
|
||||
echo "" >/dev/console
|
||||
echo "++ Autorun: Found ${folder}/autorun.sh" >/dev/console;
|
||||
gpg --verify "${folder}/autorun.sh.asc" >/dev/null 2>&1 || {
|
||||
echo "!! Autorun: Verification Failed for ${folder}/autorun.sh" \
|
||||
>/dev/console;
|
||||
exit 1;
|
||||
}
|
||||
echo "++ Autorun: Verified ${folder}/autorun.sh" >/dev/console
|
||||
echo "** Autorun: Executing ${folder}/autorun.sh" >/dev/console
|
||||
/bin/bash "${folder}/autorun.sh" >/dev/console
|
||||
fi
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo "Autorun.sh executed"
|
|
@ -0,0 +1,65 @@
|
|||
#!/bin/bash
|
||||
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
|
||||
set -e; source environment
|
||||
|
||||
build_dir="${BUILD_DIR?}"
|
||||
audit_dir="${BUILD_DIR?}/audit"
|
||||
buildroot_dir="${build_dir}/buildroot"
|
||||
heads_dir="${build_dir}/heads"
|
||||
|
||||
mkdir -p ${audit_dir}
|
||||
|
||||
printf "Generating container package vulnerability stats... "
|
||||
debsecan \
|
||||
--suite $(lsb_release --codename --short) \
|
||||
--format detail \
|
||||
> ${audit_dir}/container_package_cves.txt
|
||||
container_package_cves="$( \
|
||||
cat ${audit_dir}/container_package_cves.txt | grep CVE | wc -l \
|
||||
)"
|
||||
echo "done"
|
||||
|
||||
printf "Generating target OS source tar hashes... "
|
||||
openssl sha256 -r ${buildroot_dir}/dl/*/*.tar.* \
|
||||
> ${audit_dir}/os_src_hashes.txt
|
||||
echo "done"
|
||||
|
||||
printf "Generating firmware source tar hashes... "
|
||||
openssl sha256 -r ${heads_dir}/packages/* \
|
||||
> ${audit_dir}/fw_src_hashes.txt
|
||||
echo "done"
|
||||
|
||||
printf "Generating combined/uniqued source tar hashes... "
|
||||
cat ${audit_dir}/os_src_hashes.txt \
|
||||
${audit_dir}/fw_src_hashes.txt \
|
||||
| sed 's/ .*\// /g' \
|
||||
| awk '{ t = $1; $1 = $2; $2 = t; print;}' \
|
||||
| sort \
|
||||
| uniq \
|
||||
> ${audit_dir}/all_hashes.txt
|
||||
echo "done"
|
||||
|
||||
printf "Generating buildroot package stats... "
|
||||
( cd ${buildroot_dir} \
|
||||
&& support/scripts/pkg-stats --json ${audit_dir}/pkg-stats.json \
|
||||
> /dev/null 2>&1
|
||||
)
|
||||
target_os_source_cves=$( \
|
||||
cat build/audit/pkg-stats.json | jq '.stats["total-cves"]' \
|
||||
)
|
||||
echo "done"
|
||||
|
||||
printf "Generating license usage reports... "
|
||||
( cd ${buildroot_dir} && make legal-info > /dev/null 2>&1 )
|
||||
cp -R ${buildroot_dir}/output/legal-info ${audit_dir}/legal-info
|
||||
echo "done"
|
||||
echo "------------------------------------------------"
|
||||
echo "Wrote: build/audit/container_package_cves.txt"
|
||||
echo "Wrote: build/audit/os_src_hashes.txt"
|
||||
echo "Wrote: build/audit/fw_src_hashes.txt"
|
||||
echo "Wrote: build/audit/all_hashes.txt"
|
||||
echo "Wrote: build/audit/pkg-stats.json"
|
||||
echo "Wrote: build/audit/legal-info"
|
||||
echo "------------------------------------------------"
|
||||
echo "Build container package CVEs: ${container_package_cves}"
|
||||
echo "Target OS source CVEs: ${target_os_source_cves}"
|
|
@ -0,0 +1 @@
|
|||
Subproject commit ca3e7960ea2abb9e448610c633dc92d7786ce8ab
|
Loading…
Reference in New Issue