Compare commits

..

No commits in common. "main" and "main" have entirely different histories.
main ... main

57 changed files with 11346 additions and 858 deletions

1
.gitattributes vendored
View File

@ -1,2 +1 @@
dist/*.iso filter=lfs diff=lfs merge=lfs -text
dist/airgap.iso filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored
View File

@ -1,4 +1,3 @@
cache/
out/
out*/
.*

3
.gitmodules vendored
View File

@ -0,0 +1,3 @@
[submodule "src/toolchain"]
path = src/toolchain
url = https://codeberg.org/distrust/toolchain

View File

@ -1,236 +0,0 @@
FROM stagex/alsa-lib:sx2024.09.0@sha256:a41b481187f76c1e9ed4e237977f4892c1507a3b8f8f6736ff3fdd5144bd2afb AS alsa-lib
FROM stagex/bash:sx2024.09.0@sha256:cb58f55d268fbe7ef629cda86e3a8af893066e4af7f26ef54748b6ad47bdaa66 AS bash
FROM stagex/bc:sx2024.09.0@sha256:039cc5ac357a17d6374445fe4eed1dac15cc72f615bd9657c17e2c3904d42b62 AS bc
FROM stagex/busybox:sx2024.09.0@sha256:d34bfa56566aa72d605d6cbdc154de8330cf426cfea1bc4ba8013abcac594395 AS busybox
FROM stagex/ccid:sx2024.09.0@sha256:3225dc4a6a1af5f828854157a6b16eb09a0b0f7ebe9d9ee34030afe3966afad1 AS ccid
FROM stagex/cpio:sx2024.09.0@sha256:abccb58edb5f1f31b3b9c8b61cffa10cd56de3307e337335927b8df4d9112d24 AS cpio
FROM stagex/curl:sx2024.09.0@sha256:8e5705a77a76c92d058e016184dabd0c4fa2f6117021cc5ff55df35f654cb158 AS curl
FROM stagex/dtc:sx2024.09.0@sha256:57f8aaa94059c43081b32fccb473ebd2c0cf16878dcf0e24e0e56c910467e93a AS dtc
FROM stagex/eudev:sx2024.09.0@sha256:7da7aed7ea7eb73bda86e206e765bdc8e6367c2c2ae535ccd68c7c1b0a936611 AS eudev
FROM stagex/flashtools:sx2024.09.0@sha256:4e61cc6f0af9aa6116bb93f048c20d00026d75c27dc52b7e8604f0e340c55b80 AS flashtools
FROM stagex/gcc:sx2024.09.0@sha256:439bf36289ef036a934129d69dd6b4c196427e4f8e28bc1a3de5b9aab6e062f0 AS gcc
FROM stagex/glib:sx2024.09.0@sha256:d280c18f8b52ce21a26924b0cb1bfb69ea6508b57db73efe22401572e71dbe84 AS glib
FROM stagex/gpg:sx2024.09.0@sha256:f63555b39740db63b34c06894a4a9d5e125d04f5d51e799909d06c490e8ecd42 AS gpg
FROM stagex/grub:sx2024.09.0@sha256:a14c60f152c759185e5702e910053cb5c0d9eee11f43d8d5d40a84123aece9fd AS grub
FROM stagex/ipxe:sx2024.09.0@sha256:5791d9b42c7e9099a0180c4fe6cc4b8e9afc9e6b9ec392099c65c53b71db7908 AS ipxe
FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq
FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq
FROM stagex/keyfork:sx2024.09.0@sha256:2288c1d769a0c3c535835019ad4919cc45b094492b5aa959a0eaf1e883a96214 AS keyfork
FROM stagex/libaio:sx2024.09.0@sha256:c8d6dd6f3e6fbda73ac0620b2bc4b4cfe6fa504bf7a17eee3bb56e286c394b8b AS libaio
FROM stagex/libassuan:sx2024.09.0@sha256:1f31e888ab3f02634009d1a38acca9f25deb827432eb91392e21fd75128a44aa AS libassuan
FROM stagex/libffi:sx2024.09.0@sha256:ab647ebf8464e00cde623f86f716e7f50ce82c30eafde813b7977d917ff7143a AS libffi
FROM stagex/libgcrypt:sx2024.09.0@sha256:49c84a586969ff625b3304dcf8905a98db0da36fb8704e3d7a0771d271509b68 AS libgcrypt
FROM stagex/libgpg-error:sx2024.09.0@sha256:11c17c1ac41f36c85e538bd34a0095a9f17e116f61c38d560350c02a6929e55a AS libgpg-error
FROM stagex/libksba:sx2024.09.0@sha256:2913b382fdb76f02f9d78ee162066e04953ba782b8f722145111617a842f40a3 AS libksba
FROM stagex/libqrencode:sx2024.09.0@sha256:8c0f523bdf8d315e7b67cadd584e23d22a316dd1973232d49603e127717e4d1a AS libqrencode
FROM stagex/libseccomp:sx2024.09.0@sha256:f48d783989da9d509cc6b4c12ec34e14074ffc1ab7a4f2d1e322c417d967e12f AS libseccomp
FROM stagex/libslirp:sx2024.09.0@sha256:9dfb87e4a0adba80b862ce6b96112d96f509ffbca25bb71c60ba5bb5693b481d AS libslirp
FROM stagex/libtpms:sx2024.09.0@sha256:d909a55137d0bf4a76331c2bf0358ee192d6c93ad77a5099af09ce1bcca2a6cd AS libtpms
FROM stagex/libusb:sx2024.09.0@sha256:6c0dcf2b9519b1a41066ad71d3b597e9dae84fb73e5d031a3bdd2eb40f78ef94 AS libusb
FROM stagex/libzstd:sx2024.09.0@sha256:a055f8cd6e11b0b8836b2e5e1d755f672edbd344a4f4b5aba94919a6511be4c3 AS libzstd
FROM stagex/linux-airgap:sx2024.09.0@sha256:efb98b59ab37a7e33db423eda7a49bb7273b087838fda8098ce6736a0860fc73 AS linux-airgap
FROM stagex/lzo:sx2024.09.0@sha256:09c60840e3e3e5835ec027c21283febc9f8cf53ab887576fbe9c38dbdbdfd571 AS lzo
FROM stagex/mtools:sx2024.09.0@sha256:c83f7aebce9076903dbf1082aac981d3c0950d9e8952a900e5e072e2a811cda7 AS mtools
FROM stagex/musl:sx2024.09.0@sha256:ad351b875f26294562d21740a3ee51c23609f15e6f9f0310e0994179c4231e1d AS musl
FROM stagex/npth:sx2024.09.0@sha256:21d50ec1421fe75af4bea240d76022ddb8c114fd2805bfeb06fb938e5a58fc0d AS npth
FROM stagex/numactl:sx2024.09.0@sha256:39e667b966a443f42e1c7a8c944203945bd1808ce759df1706bb3b93b0b674c2 AS numactl
FROM stagex/openpgp-card-tools:sx2024.09.0@sha256:56d4696d111b309e536f1b70980db7098cd7823005432e4130432cb2f625cf9f AS openpgp-card-tools
FROM stagex/opensc:sx2024.09.0@sha256:5117a9d39d3b77655b29bf661d9e04eea2001a5b033b2fd6b4297048330ff6e7 AS opensc
FROM stagex/openssl:sx2024.09.0@sha256:2c1a9d8fcc6f52cb11a206f380b17d74c1079f04cbb08071a4176648b4df52c1 AS openssl
FROM stagex/pcsc-lite:sx2024.09.0@sha256:4fe37671197ac768637e95f7395ae1a18412b3f42359d0c0aa9f4e7f684aef4e AS pcsc-lite
FROM stagex/pcsc-tools:sx2024.09.0@sha256:05046ca5d41a09163eda26785563fd98f0cb1179030c3f4ee3243997a907bb96 AS pcsc-tools
FROM stagex/qemu:sx2024.09.0@sha256:c9b099bc7d810a581e0e0f68061dd525d7efdb5334d119b4253249a459bd907e AS qemu
FROM stagex/seabios:sx2024.09.0@sha256:f4e535fb1bfc2c7ae1756cdaa2404b1572f6ad195ceabba90d87ed0599fd97d7 AS seabios
FROM stagex/sops:sx2024.09.0@sha256:c742fb1f0c5a4f9d9bc9afc37ba686b247d2b17d55d179409d33736b43c9aaa5 AS sops
FROM stagex/swtpm:sx2024.09.0@sha256:c47fb2c4d8690936b4adef832a3f354231bb5a04206bf2fb565218034ce27792 AS swtpm
FROM stagex/syslinux:sx2024.09.0@sha256:a41388558d7f6d9a29847ee2ff5507ab3100bfe9032ef3b99a3d783ad60ed390 AS syslinux
FROM stagex/tpm2-tools:sx2024.09.0@sha256:c2fc693ec68a9d097151e5b3dd5b923f0dcc35fd4e0624b91ade3bf21367162c AS tpm2-tools
FROM stagex/tpm2-tss:sx2024.09.0@sha256:a8bf8c0973e1b5ba62ce5034a6230684ebe5a142da275d09e81fa2f2f9c87411 AS tpm2-tss
FROM stagex/util-linux:sx2024.09.0@sha256:7e3f3c1e748f5c216503e69b9f8f2e9f8084ec675fb29b23f3a6f0ed3b20c54a AS util-linux
FROM stagex/xorriso:sx2024.09.0@sha256:2205a8f53d4fc569880c311061daa085f40c62b2fd94d556e72bd31b4df9e63a AS xorriso
FROM stagex/xz:sx2024.09.0@sha256:b57c5e6144117bc0124855e9538e60c302cc7bf53fafb53e2eef3434015366f1 AS xz
FROM stagex/yq:sx2024.09.0@sha256:bd6882f0f3ea664e9de6cf732cef2fa2781fc2852f5e6502a6aea1e63eb9708b AS yq
FROM stagex/zlib:sx2024.09.0@sha256:96b4100550760026065dac57148d99e20a03d17e5ee20d6b32cbacd61125dbb6 AS zlib
FROM scratch AS base
ARG VERSION development
ARG GIT_TIMESTAMP null
ARG GIT_AUTHOR null
ARG GIT_REF null
ARG GIT_PUBKEY null
COPY --from=busybox . /
COPY --from=musl . /
COPY --from=xorriso . /
COPY --from=cpio . /
COPY --from=mtools . /
COPY --from=xz . /
COPY --from=grub . /
FROM base as dev
COPY --from=gcc . /
COPY --from=glib . /
COPY --from=alsa-lib . /
COPY --from=lzo . /
COPY --from=dtc . /
COPY --from=zlib . /
COPY --from=numactl . /
COPY --from=libaio . /
COPY --from=libseccomp . /
COPY --from=libffi . /
COPY --from=libzstd . /
COPY --from=libslirp . /
COPY --from=seabios . /
COPY --from=ipxe . /
COPY --from=qemu . /
COPY --from=swtpm . /
COPY --from=openssl . /
COPY --from=curl . /
COPY --from=libtpms . /
COPY --from=tpm2-tss . /
COPY --from=tpm2-tools . /
FROM base AS build
## Kernel
COPY --from=linux-airgap /bzImage iso/boot/vmlinuz
## Initramfs
COPY --from=busybox . initramfs
COPY --from=eudev . initramfs
COPY --from=musl . initramfs
COPY --from=zlib . initramfs
COPY --from=npth . initramfs
COPY --from=libksba . initramfs
COPY --from=libgpg-error . initramfs
COPY --from=libassuan . initramfs
COPY --from=libgcrypt . initramfs
COPY --from=keyfork . initramfs
COPY --from=bash . initramfs
COPY --from=gpg . initramfs
COPY --from=jq . initramfs
COPY --from=yq . initramfs
COPY --from=bc . initramfs
COPY --from=flashtools . initramfs
COPY --from=curl . initramfs
COPY --from=tpm2-tools . initramfs
COPY --from=tpm2-tss . initramfs
COPY --from=openssl . initramfs
COPY --from=libusb . initramfs
COPY --from=ccid . initramfs
COPY --from=pcsc-lite . initramfs
COPY --from=pcsc-tools . initramfs
COPY --from=openpgp-card-tools . initramfs
COPY --from=libqrencode . initramfs
COPY --from=opensc . initramfs
COPY --from=util-linux . initramfs
COPY --from=sops . initramfs
COPY rootfs/ initramfs
COPY <<-EOF initramfs/etc/environment
export VERSION="$VERSION"
export GIT_TIMESTAMP="$GIT_TIMESTAMP"
export GIT_AUTHOR="$GIT_AUTHOR"
export GIT_REF="$GIT_REF"
export GIT_PUBKEY="$GIT_PUBKEY"
EOF
RUN <<-EOF
set -eux
cd initramfs
find . -exec touch -hcd "@0" "{}" +
find . -print0 \
| sort -z \
| cpio \
--null \
--create \
--verbose \
--reproducible \
--format=newc \
| gzip --best \
> ../iso/boot/initramfs
EOF
## Grub (EFI Boot)
COPY config/grub.cfg iso/boot/grub/grub.cfg
COPY config/grub_early.cfg grub_early.cfg
RUN <<-EOF
set -eux
mkdir -p efi/boot
grub-mkimage \
--config="grub_early.cfg" \
--prefix="/boot/grub" \
--output="efi/boot/bootx64.efi" \
--format="x86_64-efi" \
--compression="xz" \
all_video \
disk \
part_gpt \
part_msdos \
linux \
normal \
configfile \
search \
search_label \
efi_gop \
fat \
iso9660 \
gzio \
serial \
terminal
find efi -exec touch -hcd "@0" "{}" +
mformat -i iso/boot/grub/efi.img -C -f 1440 -N 0 ::
mcopy -i iso/boot/grub/efi.img -ms efi ::
touch -md "@0" iso/boot/grub/efi.img
EOF
## Syslinux (BIOS Boot)
COPY config/syslinux.cfg iso/boot/syslinux/
COPY --from=syslinux \
/usr/share/syslinux/isohdpfx.bin \
/usr/share/syslinux/isolinux.bin \
/usr/share/syslinux/ldlinux.c32 \
/usr/share/syslinux/libutil.c32 \
/usr/share/syslinux/libcom32.c32 \
/usr/share/syslinux/mboot.c32 \
iso/boot/syslinux/
## Build Hybrid EFI/BIOS ISO
FROM build AS install
ENV SOURCE_DATE_EPOCH=1
RUN <<-EOF
set -eux
dd if=/dev/zero bs=1M count=10 >> user.img
mformat -v user -i user.img -N 0 ::
find iso -exec touch -hcd "@0" "{}" +
xorrisofs \
-output airgap.iso \
-full-iso9660-filenames \
-joliet \
-rational-rock \
-sysid LINUX \
-volid "airgap" \
-isohybrid-mbr iso/boot/syslinux/isohdpfx.bin \
-eltorito-boot boot/syslinux/isolinux.bin \
-eltorito-catalog boot/syslinux/boot.cat \
-no-emul-boot \
-boot-load-size 4 \
-boot-info-table \
-eltorito-alt-boot \
-e boot/grub/efi.img \
-no-emul-boot \
-isohybrid-gpt-basdat \
-follow-links \
-append_partition 3 0xb user.img \
iso/
EOF
## Minimal Autorun SD card image
COPY sdcard sdcard
RUN <<-EOF
set -eux
dd if=/dev/zero of=sdcard.img bs=1M count=32
mformat -v external -i sdcard.img ::
mcopy -i sdcard.img -s sdcard/* ::
EOF
FROM scratch AS package
COPY --from=install /sdcard.img /
COPY --from=install /airgap.iso /

167
Makefile
View File

@ -1,86 +1,21 @@
VERSION := development
GIT_REF := $(shell git log -1 --format=%H)
GIT_AUTHOR := $(shell git log -1 --format=%an)
GIT_PUBKEY := $(shell git log -1 --format=%GP)
GIT_TIMESTAMP := $(shell git log -1 --format=%cd --date=iso)
export
## Use env vars from latest release when reproducing
ifdef REPRODUCE
include dist/release.env
export
endif
ifdef NOCACHE
NO_CACHE := --no-cache
endif
include $(PWD)/src/toolchain/Makefile
.DEFAULT_GOAL :=
.PHONY: default
default: \
out/release.env \
out/manifest.txt \
out/airgap.iso
## Primary targets
out/airgap.iso: Containerfile $(shell git ls-files rootfs)
SOURCE_DATE_EPOCH=1 \
docker build \
--progress=plain \
--output type=local,rewrite-timestamp=true,dest=out \
--build-arg SOURCE_DATE_EPOCH=1 \
--build-arg VERSION="$(VERSION)" \
--build-arg GIT_REF="$(GIT_REF)" \
--build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \
--build-arg GIT_PUBKEY="$(GIT_PUBKEY)" \
--build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \
$(NO_CACHE) \
-f Containerfile \
.
## Development Targets
out/dev-shell.digest: Containerfile | out
docker build --target dev -f Containerfile -q . > $@
.PHONY: shell
shell: out/dev-shell.digest
docker run -it $(shell cat $<) /bin/sh
.PHONY: vm
vm: out/dev-shell.digest out/airgap.iso out/sdcard.img
docker run -it -v ./out:/out $(shell cat $<) sh -c "\
swtpm socket \
--tpmstate dir=. \
--ctrl type=unixio,path=vtpm-sock \
--tpm2 & \
qemu-system-x86_64 \
-m 4G \
-machine pc \
-chardev socket,id=chrtpm,path=vtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis,tpmdev=tpm0 \
-usb \
-device sdhci-pci \
-device sd-card,drive=external \
-drive id=external,if=none,format=raw,file=out/sdcard.img \
-device usb-storage,drive=usbdrive \
-drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \
-boot order=c \
-nographic; \
"
## Signing, Verification, and Release Targets
toolchain \
$(OUT_DIR)/airgap.iso \
$(OUT_DIR)/release.env \
$(OUT_DIR)/manifest.txt
.PHONY: clean
clean:
rm -rf out
.PHONY: release
release: clean
$(MAKE) NOCACHE=1 VERSION=$(VERSION)
rm -rf dist/*
cp -R out/release.env out/airgap.iso out/manifest.txt dist/
clean: toolchain
rm -rf $(CACHE_DIR)/buildroot-ccache
$(call toolchain,$(USER)," \
cd $(FETCH_DIR)/buildroot; \
make clean; \
")
$(MAKE) toolchain-clean
.PHONY: sign
sign:
@ -95,35 +30,67 @@ sign:
); \
gpg --armor \
--detach-sig \
--output dist/manifest.$${fingerprint}.asc \
dist/manifest.txt
--output $(DIST_DIR)/manifest.$${fingerprint}.asc \
$(DIST_DIR)/manifest.txt
.PHONY: verify
verify: | dist/manifest.txt
verify: | $(DIST_DIR)/manifest.txt
set -e; \
for file in dist/manifest.*.asc; do \
for file in $(DIST_DIR)/manifest.*.asc; do \
echo "\nVerifying: $${file}\n"; \
gpg --verify $${file} dist/manifest.txt; \
gpg --verify $${file} $(DIST_DIR)/manifest.txt; \
done;
.PHONY: reproduce
reproduce: clean | out
$(MAKE) REPRODUCE=true NOCACHE=1
diff -q out/manifest.txt dist/manifest.txt;
.PHONY: mrproper
mrproper:
docker image rm -f $(IMAGE)
rm -rf $(CACHE_DIR) $(OUT_DIR)
out:
mkdir -p $@
.PHONY: menuconfig
menuconfig: toolchain
$(call toolchain,$(USER)," \
cd $(FETCH_DIR)/buildroot; \
make "airgap_$(TARGET)_defconfig"; \
make menuconfig; \
")
cp $(FETCH_DIR)/buildroot/.config \
"config/buildroot/configs/airgap_$(TARGET)_defconfig"
out/release.env: $(shell git ls-files) | out
echo 'VERSION=$(VERSION)' > out/release.env
echo 'GIT_REF=$(GIT_REF)' >> out/release.env
echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> out/release.env
echo 'GIT_PUBKEY=$(GIT_PUBKEY)' >> out/release.env
echo 'GIT_TIMESTAMP=$(GIT_TIMESTAMP)' >> out/release.env
.PHONY: linux-menuconfig
linux-menuconfig: toolchain
$(call toolchain,$(USER),"\
cd $(FETCH_DIR)/buildroot; \
make linux-menuconfig; \
make linux-update-defconfig; \
")
out/manifest.txt: out/airgap.iso out/release.env | out
openssl sha256 -r \
out/airgap.iso \
out/release.env \
| sed -e 's/ \*out\// /g' -e 's/ \.\// /g' \
> $@
.PHONY: vm
vm: toolchain
$(call toolchain,$(USER)," \
qemu-system-i386 \
-M pc \
-nographic \
-cdrom "$(OUT_DIR)/airgap.iso"; \
")
.PHONY: release
release: default
rm -rf $(DIST_DIR)/*
cp -R $(OUT_DIR)/* $(DIST_DIR)/
$(FETCH_DIR)/buildroot: toolchain
$(call git_clone,$(FETCH_DIR)/buildroot,$(BUILDROOT_REPO),$(BUILDROOT_REF))
$(OUT_DIR)/airgap.iso: \
$(FETCH_DIR)/buildroot \
$(OUT_DIR)/release.env
$(call apply_patches,$(FETCH_DIR)/buildroot,$(CONFIG_DIR)/buildroot/patches)
$(call toolchain,$(USER)," \
cd $(FETCH_DIR)/buildroot; \
make "airgap_$(TARGET)_defconfig"; \
unset FAKETIME; \
make source; \
make; \
")
cp $(FETCH_DIR)/buildroot/output/images/rootfs.iso9660 \
$(OUT_DIR)/airgap.iso

View File

@ -1,26 +1,24 @@
# AirgapOS #
<https://git.distrust.co/public/airgap>
<https://github.com/distrust-foundation/airgap>
## About ##
A full-source-bootstrapped, deterministic, minimal, immutable, and offline,
workstation linux distribution designed for creating and managing secrets
offline.
A live buildroot based Liux distribution designed for managing secrets offline.
Built for those of us that want to be -really- sure our most important secrets
are managed in a clean environment with an "air gap" between us and the
internet with high integrity on the supply chain of the firmware and OS used.
## Uses ##
* Generate PGP keychain
* Generate GPG keychain
* Store/Restore gpg keychain to security token such as a Yubikey or Nitrokey
* Signing cryptocurrency transactions
* Generate/backup BIP39 universal cryptocurrency wallet seed
* Store/Restore BIP39 seed to a hardware wallet such as a Trezor or Ledger
## Features ##
* Deterministic iso generation for multi-party code->binary verification
* Determinsitic iso generation for multi-party code->binary verification
* Small footprint (< 100MB)
* Immutable and Diskless: runs from initramfs
* Network support and most drivers removed to minimize exfiltration vectors
@ -29,54 +27,37 @@ internet with high integrity on the supply chain of the firmware and OS used.
### Software ###
* docker 26+
* docker 18+
### Hardware ###
* x86_64 PC or laptop
* linuxboot/heads firmware supported and recommended for multi-use machine
* Allows for signed builds, and verification of signed sd card payloads
* Ensure any Wifi/Disk/Bluetooth/Audio devices are disabled/removed
* Recommended: PC running coreboot-heads
* Allows for signed builds, and verification of signed sd card payloads
* Ensure any Wifi/Disk/Bluetooth/Audio devices are disabled/removed
* Supported remote attestation key (Librem Key, Nitrokey, etc)
* Supported GPG smartcard device (Yubikey, Ledger, Trezor, Librem Key, etc)
* Blank flash drive
* Blank SD card
## Build ##
### Update git submodules
```
git submodule update --init --recursive
```
### Build a new release
```
make release
```
```
make release
```
### Reproduce an existing release
```
make attest
```
```
make attest
```
### Sign an existing release
```
make sign
```
## Provisioning ##
1. Write airgap.iso to CD-ROM or SD Card
a. `dd if=out/airgap.iso of=/dev/sda bs=1M conv=sync status=progress`
b. `cdrecord out/airgap.iso`
2. Verify media still produces expected hash
```
sha256sum out/airgap.iso
head -c $(stat -c '%s' airgap.iso) /dev/sda | sha256sum
```
```
make sign
```
## Setup ##

View File

@ -0,0 +1 @@
source "$BR2_EXTERNAL_Airgap_PATH/package/flashtools/Config.in"

View File

@ -0,0 +1,27 @@
set default="0"
set timeout="10"
menuentry "AirgapOS (qwerty)" {
linux /boot/bzImage root=/dev/sr0 keymap=qwerty/us
initrd /boot/initrd
}
menuentry "AirgapOS (dvorak)" {
linux /boot/bzImage root=/dev/sr0 keymap=dvorak
initrd /boot/initrd
}
menuentry "AirgapOS (colemak)" {
linux /boot/bzImage root=/dev/sr0 keymap=colemak/en-latin9
initrd /boot/initrd
}
menuentry "AirgapOS (qwertz)" {
linux /boot/bzImage root=/dev/sr0 keymap=qwertz/de
initrd /boot/initrd
}
menuentry "AirgapOS (azerty)" {
linux /boot/bzImage root=/dev/sr0 keymap=azerty/fr
initrd /boot/initrd
}

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,17 @@
#!/bin/sh
set -u
set -e
set -x
BOARD_DIR="$(dirname $0)"
cp -f ${BOARD_DIR}/grub.cfg ${TARGET_DIR}/boot/grub/grub.cfg
echo "export VERSION=\"${VERSION}\"" > ${TARGET_DIR}/etc/environment
echo "export GIT_REF=\"${GIT_REF}\"" >> ${TARGET_DIR}/etc/environment
echo "export GIT_AUTHOR=\"${GIT_AUTHOR}\"" >> ${TARGET_DIR}/etc/environment
echo "export GIT_KEY=\"${GIT_KEY}\"" >> ${TARGET_DIR}/etc/environment
echo "export GIT_TIMESTAMP=\"${GIT_TIMESTAMP}\"" >> ${TARGET_DIR}/etc/environment
exit $?

View File

@ -0,0 +1,6 @@
#!/bin/sh
set -u
set -e
echo "post-image.sh was run"

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,2 @@
name: Airgap
desc: Linux distribution for offline cryptography use cases

View File

@ -0,0 +1 @@
include $(sort $(wildcard $(BR2_EXTERNAL_Airgap_PATH)/package/*/*.mk))

View File

@ -0,0 +1,36 @@
menu "Flashtools"
config BR2_PACKAGE_FLASHTOOLS
bool "flashtools"
config BR2_PACKAGE_FLASHTOOLS_FLASHTOOL
bool "flashtool"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_PEEK
bool "peek"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_POKE
bool "poke"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_CBFS
bool "cbfs"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_UEFI
bool "uefi"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
endmenu

View File

@ -0,0 +1,47 @@
################################################################################
#
# flashtools
#
################################################################################
FLASHTOOLS_VERSION = 9acce09aeb635c5bef01843e495b95e75e8da135
FLASHTOOLS_SITE = https://github.com/osresearch/flashtools.git
FLASHTOOLS_SITE_METHOD = git
FLASHTOOLS_LICENSE = GPL-2.0
FLASHTOOLS_LICENSE_FILES = LICENSE
ifeq ($(BR2_PACKAGE_FLASHTOOLS_FLASHTOOL),y)
FLASHTOOLS_TARGETS += flashtool
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_PEEK),y)
FLASHTOOLS_TARGETS += peek
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_POKE),y)
FLASHTOOLS_TARGETS += poke
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_CBFS),y)
FLASHTOOLS_TARGETS += cbfs
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_UEFI),y)
FLASHTOOLS_TARGETS += uefi
endif
define FLASHTOOLS_BUILD_CMDS
$(foreach t,$(FLASHTOOLS_TARGETS),\
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \
CFLAGS="$(TARGET_CFLAGS)" -C $(@D) $(t) \
)
endef
define FLASHTOOLS_INSTALL_TARGET_CMDS
$(foreach t,$(FLASHTOOLS_TARGETS),\
$(INSTALL) -D -m 0755 $(@D)/$(t) $(TARGET_DIR)/usr/bin/$(t)$(sep) \
)
endef
$(eval $(generic-package))

View File

@ -0,0 +1,39 @@
diff --git a/fs/cpio/cpio.mk b/fs/cpio/cpio.mk
index 81f8c393d1..72923ded47 100644
--- a/fs/cpio/cpio.mk
+++ b/fs/cpio/cpio.mk
@@ -32,15 +32,16 @@ ROOTFS_CPIO_PRE_GEN_HOOKS += ROOTFS_CPIO_ADD_INIT
# --reproducible option was introduced in cpio v2.12, which may not be
# available in some old distributions, so we build host-cpio
ifeq ($(BR2_REPRODUCIBLE),y)
-ROOTFS_CPIO_DEPENDENCIES += host-cpio
-ROOTFS_CPIO_OPTS += --reproducible
+ROOTFS_CPIO_DEPENDENCIES += host-cpio host-libarchive
endif
define ROOTFS_CPIO_CMD
- cd $(TARGET_DIR) && \
- find . \
- | LC_ALL=C sort \
- | cpio $(ROOTFS_CPIO_OPTS) --quiet -o -H newc \
+ cd $(TARGET_DIR) \
+ && find . -mindepth 1 -execdir touch -hcd "@0" "{}" + \
+ && find . -mindepth 1 -printf '%P\0' \
+ | sort -z \
+ | LANG=C bsdtar --null -cnf - -T - \
+ | LANG=C bsdtar --uid 0 --gid 0 --null -cf - --format=newc @- \
> $@
endef
diff --git a/package/libarchive/libarchive.mk b/package/libarchive/libarchive.mk
index 708ce637c2..2ba8dcab2a 100644
--- a/package/libarchive/libarchive.mk
+++ b/package/libarchive/libarchive.mk
@@ -135,7 +135,6 @@ endif
# The only user of host-libarchive needs zlib support
HOST_LIBARCHIVE_DEPENDENCIES = host-zlib
HOST_LIBARCHIVE_CONF_OPTS = \
- --disable-bsdtar \
--disable-bsdcpio \
--disable-bsdcat \
--disable-acl \

View File

@ -0,0 +1,28 @@
diff --git a/fs/iso9660/iso9660.mk b/fs/iso9660/iso9660.mk
index 0524f94c35..284c21f566 100644
--- a/fs/iso9660/iso9660.mk
+++ b/fs/iso9660/iso9660.mk
@@ -157,7 +157,13 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD
endif # ROOTFS_ISO9660_USE_INITRD
-ROOTFS_ISO9660_OPTS += -J -R
+ROOTFS_ISO9660_OPTS += \
+ -volume_date all_file_dates "=$(SOURCE_DATE_EPOCH)" \
+ -as mkisofs \
+ -J \
+ -R \
+ -gid 0 \
+ -uid 0
ROOTFS_ISO9660_OPTS_BIOS = \
-b $(ROOTFS_ISO9660_BOOT_IMAGE) \
@@ -181,7 +187,7 @@ ROOTFS_ISO9660_OPTS += $(ROOTFS_ISO9660_OPTS_EFI)
endif
define ROOTFS_ISO9660_CMD
- $(HOST_DIR)/bin/xorriso -as mkisofs \
+ $(HOST_DIR)/bin/xorriso \
$(ROOTFS_ISO9660_OPTS) \
-o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR)
endef

View File

@ -1,5 +1,11 @@
# /etc/inittab
#
# Copyright (C) 2001 Erik Andersen <andersen@codepoet.org>
#
# Note: BusyBox init doesn't support runlevels. The runlevels field is
# completely ignored by BusyBox init. If you want runlevels, use
# sysvinit.
#
# Format for each entry: <id>:<runlevels>:<action>:<process>
#
# id == tty to run on, or empty for /dev/console
@ -8,26 +14,27 @@
# process == program to run
# Startup the system
::sysinit:/bin/mount -t devtmpfs devtmpfs /dev
::sysinit:/bin/mkdir -p /proc /run /dev/pts /dev/shm /sys
::sysinit:/bin/mount -t sysfs sysfs /sys
::sysinit:/bin/mount -t proc proc /proc
::sysinit:/bin/mount -o remount,rw /
::sysinit:/bin/mkdir -p /dev/pts /dev/shm
::sysinit:/bin/mount -a
::sysinit:/sbin/swapon -a
null::sysinit:/bin/ln -sf /proc/self/fd /dev/fd
null::sysinit:/bin/ln -sf /proc/self/fd/0 /dev/stdin
null::sysinit:/bin/ln -sf /proc/self/fd/1 /dev/stdout
null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr
::sysinit:/bin/hostname -F /etc/hostname
# now run any rc scripts
::sysinit:/etc/init.d/rcS
# Put shells on the serial terminal and console
console::respawn:-/bin/bash
ttyS0::respawn:-/bin/bash
# Put a getty on the serial port
#console::respawn:/sbin/getty -L console 0 vt100 # GENERIC_SERIAL
::respawn:-/bin/bash
# Stuff to do for the 3-finger salute
::ctrlaltdel:/sbin/reboot
#::ctrlaltdel:/sbin/reboot
# Stuff to do before rebooting
::shutdown:/etc/init.d/rcK
::shutdown:/sbin/swapoff -a
::shutdown:/bin/umount -a -r

View File

@ -3,7 +3,8 @@ export PATH="/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin"
export PS1="[\h \t] \\$ "
export GNUPGHOME=/.gnupg
source /etc/environment
cd /root
dmesg -n1
clear
cat << "EOF"
_ _ ___ ____
@ -18,5 +19,5 @@ echo " - Version: $VERSION"
echo " - Date: $GIT_TIMESTAMP"
echo " - Committer: $GIT_AUTHOR"
echo " - Commit: $GIT_REF"
echo " - Key: $GIT_PUBKEY"
echo " - Key: $GIT_KEY"
echo ""

View File

@ -0,0 +1,12 @@
KERNEL!="sd[a-z][0-9]", GOTO="sd_cards_auto_mount_end"
# Global mount options
ACTION=="add", ENV{mount_options}="relatime"
# Filesystem specific options
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,flush,user,umask=0000"
ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k"
ACTION=="add", RUN+="/usr/local/bin/autorun /media/sd-%k"
ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k"
LABEL="sd_cards_auto_mount_end"

View File

@ -0,0 +1,18 @@
#!/bin/bash
set -e
source /etc/profile
folder=${1?}
if [ -f "${folder}/autorun.sh.asc" ]; then
echo "" >/dev/console
echo "++ Autorun: Found ${folder}/autorun.sh" >/dev/console;
gpg --verify "${folder}/autorun.sh.asc" >/dev/null 2>&1 || {
echo "!! Autorun: Verification Failed for ${folder}/autorun.sh" \
>/dev/console;
exit 1;
}
echo "++ Autorun: Verified ${folder}/autorun.sh" >/dev/console
echo "** Autorun: Executing ${folder}/autorun.sh" >/dev/console
/bin/bash "${folder}/autorun.sh" >/dev/console
fi

7
config/global.env Normal file
View File

@ -0,0 +1,7 @@
DEBIAN_HASH=48b28b354484a7f0e683e340fa0e6e4c4bce3dc3aa0146fc2f78f443fde2c55d
BUILDROOT_REF=ea51485ee9ab44f72f8b1cc019dcb17f276d1def
HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f
BUILDROOT_REPO=git://git.busybox.net/buildroot
HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git
BR2_EXTERNAL=/home/build/config/buildroot
HEADS_EXTERNAL=/home/build/config/heads

View File

@ -1,5 +0,0 @@
set timeout=1
menuentry "Linux Airgap" {
linux /boot/vmlinuz init=/init console=ttyS0 console=tty0 ro
initrd /boot/initramfs
}

View File

@ -1,2 +0,0 @@
search --no-floppy --set=root --label "airgap"
set prefix=($root)/boot/grub

View File

@ -0,0 +1,160 @@
diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
index 1369ed1..f576a8e 100755
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@@ -13,21 +13,26 @@ first_pass=true
mount_boot()
{
-
+
# Mount local disk if it is not already mounted
while ! grep -q /boot /proc/mounts ; do
+
# try to mount if CONFIG_BOOT_DEV exists
if [ -e "$CONFIG_BOOT_DEV" ]; then
- mount -o ro $CONFIG_BOOT_DEV /boot
+ mount -o ro $CONFIG_BOOT_DEV /boot
[[ $? -eq 0 ]] && continue
fi
- # CONFIG_BOOT_DEV doesn't exist or couldn't be mounted, so give user options
+ # try to mount usb to /media and /boot if it exists
+ mount-usb \
+ && mount -o bind,ro /media /boot \
+ && continue
+
+ # no boot device available, so give user options
whiptail $BG_COLOR_ERROR --clear --title "ERROR: No Bootable OS Found!" \
- --menu " No bootable OS was found on the default boot device $CONFIG_BOOT_DEV.
+ --menu " No bootable OS was found at $CONFIG_BOOT_DEV or on USB.
How would you like to proceed?" 30 90 4 \
'b' ' Select a new boot device' \
- 'u' ' Boot from USB' \
'm' ' Continue to the main menu' \
'x' ' Exit to recovery shell' \
2>/tmp/whiptail || recovery "GUI menu failed"
@@ -41,9 +46,6 @@ mount_boot()
. /tmp/config
fi
;;
- u )
- exec /bin/usb-init
- ;;
m )
break
;;
@@ -55,6 +57,11 @@ mount_boot()
}
verify_global_hashes()
{
+
+ # If default boot device is not mounted, then there are no hashes to verify
+ # User is likely usb booting.
+ df $CONFIG_BOOT_DEV >/dev/null 2>&1 || return 0
+
# Check the hashes of all the files, ignoring signatures for now
check_config /boot force
TMP_HASH_FILE="/tmp/kexec/kexec_hashes.txt"
@@ -458,6 +465,7 @@ while true; do
if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
# Try to boot the default
mount_boot
+
verify_global_hashes
if [ $? -ne 0 ]; then
continue
@@ -467,6 +475,7 @@ while true; do
kexec-select-boot -b /boot -c "grub.cfg" -g \
|| recovery "Failed default boot"
else
+ usb-init
if (whiptail --title 'No Default Boot Option Configured' \
--yesno "There is no default boot option configured yet.\nWould you like to load a menu of boot options?\nOtherwise you will return to the main menu." 16 90) then
kexec-select-boot -m -b /boot -c "grub.cfg" -g
diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb
index a79dd66..8a8734c 100755
--- a/initrd/bin/mount-usb
+++ b/initrd/bin/mount-usb
@@ -4,19 +4,6 @@
enable_usb
-if ! lsmod | grep -q usb_storage; then
- count=$(ls /dev/sd* 2>/dev/null | wc -l)
- timeout=0
- echo "Scanning for USB storage devices..."
- insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \
- || die "usb_storage: module load failed"
- while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do
- [[ $timeout -ge 4 ]] && break
- sleep 1
- timeout=$(($timeout+1))
- done
-fi
-
if [ ! -d /media ]; then
mkdir /media
fi
diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan
index d9f26b0..b64f150 100755
--- a/initrd/bin/usb-scan
+++ b/initrd/bin/usb-scan
@@ -5,12 +5,6 @@ set -e -o pipefail
. /etc/gui_functions
. /tmp/config
-# Unmount any previous boot device
-if grep -q /boot /proc/mounts ; then
- umount /boot \
- || die "Unable to unmount /boot"
-fi
-
# Mount the USB boot device
mount_usb || die "Unable to mount /media"
@@ -29,12 +23,16 @@ get_menu_option() {
MENU_OPTIONS="$MENU_OPTIONS $n ${option}"
done < /tmp/iso_menu.txt
- whiptail --clear --title "Select your ISO boot option" \
- --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
- -- $MENU_OPTIONS \
- 2>/tmp/whiptail || die "Aborting boot attempt"
+ if [ "$n" -eq "1" ]; then
+ option_index=1
+ else
+ whiptail --clear --title "Select your ISO boot option" \
+ --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
+ -- $MENU_OPTIONS \
+ 2>/tmp/whiptail || die "Aborting boot attempt"
- option_index=$(cat /tmp/whiptail)
+ option_index=$(cat /tmp/whiptail)
+ fi
else
echo "+++ Select your ISO boot option:"
n=0
diff --git a/initrd/etc/functions b/initrd/etc/functions
index dc0fbed..a083e17 100755
--- a/initrd/etc/functions
+++ b/initrd/etc/functions
@@ -122,6 +122,18 @@ enable_usb()
|| die "xhci_pci: module load failed"
sleep 2
fi
+ if ! lsmod | grep -q usb_storage; then
+ count=$(ls /dev/sd* 2>/dev/null | wc -l)
+ timeout=0
+ echo "Scanning for USB storage devices..."
+ insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \
+ || die "usb_storage: module load failed"
+ while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do
+ [[ $timeout -ge 4 ]] && break
+ sleep 1
+ timeout=$(($timeout+1))
+ done
+ fi
}
confirm_gpg_card()

View File

@ -1,8 +0,0 @@
TIMEOUT 2
PROMPT -1
DEFAULT Airgap
LABEL Airgap
MENU LABEL Linux Airgap
KERNEL /boot/vmlinuz
INITRD /boot/initramfs
APPEND init=/init console=ttyS0 console=tty0 ro

View File

@ -0,0 +1,259 @@
020fde90e2dfa260fdf2b47817d8b8fe0a60325d8bdb532aaaf625fa5bfd68be libdpkg-perl_1.21.12_all.deb
03326473eed54ffa27efae19aa5d6aeb402930968f869f318445513093691d55 libtirpc-dev_1.3.3+ds-1_amd64.deb
03539fd30c509e27101d13a56e52eda9062bdf1aefe337c07ab56def25a13eab libmd0_1.0.4-2_amd64.deb
097ce9220edee0de67c2d3304d075f2bf9e864e86801165b0e9d2d46991ee1ad libbrotli1_1.0.9-2+b5_amd64.deb
099a374ff3c84eaef4e75ff168d49155d83d22551b289ce1352c275fc5da78aa openssh-client_1%3a9.1p1-1_amd64.deb
0ba635faea2a9ce3947d3c7cdaef9f2c1691d4e4a18cf594f2d3d3cf5a100a27 python3.10_3.10.9-1_amd64.deb
0c827432e42c0601d8c109bc1b8799f82995e57bb15bed706e06862c25490885 gnupg-utils_2.2.40-1_amd64.deb
0c9bfb0b18ca015c81e7194f42c66b72ff099bbd55b9bbafe7cc924a0bd42379 gcc-12-base_12.2.0-10_amd64.deb
0ca5213c1ab67278cbfcec4cafccdb538c2e089718f4bddabe5a00145e5a21fb libdav1d6_1.0.0-2_amd64.deb
0e70491e7854c84a7450f7a536a00b336aa9d91380014861836346e31e7b9b20 libelf-dev_0.188-1_amd64.deb
0f95bc7c54810f358097f88a1e5d7d5718d72f3656c25489b8b6b281d9980b4c apt_2.5.4_amd64.deb
0fd9d625bff6044e2a8b96c18f1dc4b30a4fd54e2d543aa60e634e8d7df81739 findutils_4.9.0-3_amd64.deb
10fc29d791ec67a5ab46bccf648866d25ef5ca78c66adb85325e474c99772491 libaudit1_1%3a3.0.7-1.1+b2_amd64.deb
11ee190ad39f8d7af441d2c8347388b9449434c73acc67b4b372445ac4152efa libsasl2-2_2.1.28+dfsg-10_amd64.deb
129f34ac136fcf3ca7483398a54e3286bb9e195b82795d34e0f95f8788bd2976 libwebp7_1.2.2-2+b2_amd64.deb
158a0ccabb4706afe064af0ed627396267da8cdbdfe5808b6b892492051f458a libquadmath0_12.2.0-10_amd64.deb
16081fc71a3507102ad2f04535fb64883cb3519bf6e24e5e6a6ab2f98ac43044 git-man_1%3a2.35.1-1_all.deb
167ce30a04fdb6d87f1ac604644291b47b133e89df35374dd66d11731d6fc150 binutils-common_2.39.50.20221208-5_amd64.deb
187aedef2ed763f425c1e523753b9719677633c7eede660401739e9c893482bd libgmp10_2%3a6.2.1+dfsg1-1.1_amd64.deb
1bffdc3215c75477f09039e5063cd9f1be15ee917435a45b80aa0e8214b21f96 liblsan0_12.2.0-10_amd64.deb
1cf14abf2716d3279db12d0657a5737cf70074a1e71d3bdf73206625e3c89ce6 libedit2_3.1-20221030-2_amd64.deb
1d9ff5e334cde8639f3a3ea87c89829d20cc52750aa851d66511d90fc3fbfac2 libattr1_1%3a2.5.1-3_amd64.deb
1deb1d27bb088d68878e171585d62c96ad6b405b282271c4b82e04a2e2593318 libde265-0_1.0.9-1_amd64.deb
1e298c50f171e50a2dad95c61b044b271a16b6de591a0f9d03b4e67b4fe0874a libtsan2_12.2.0-10_amd64.deb
1f67421437b6eb18669d2868e3e02cb88668683d635198142f48aacc5b397118 fonts-dejavu-core_2.37-2_all.deb
20d20e2c3a428162aab61898b32af9db9e9bc24f127c724c9d9be18287f4a92c libgd3_2.3.3-7_amd64.deb
21078702ba6b34c092f93deff2e2777d22b107de9b2c69542bf5f5d82ab8e6ac libnuma1_2.0.15-1_amd64.deb
21eb8b3654dbc251c3f0cc4bd01cae67633443ea5094003379d23f7323eb1ef4 libp11-kit0_0.24.1-1_amd64.deb
26350da95f6bd2252c63758d854c90d6f9f241f2e323e8f50a143e9e705fbf4e fakeroot_1.29-1_amd64.deb
2697643f58af19d69efd824ec67d8ec78879c5822a5a8ac83dfe4a85a0c69158 libctf-nobfd0_2.39.50.20221208-5_amd64.deb
27b3d102545f597df9e6dc5c7f6590a648de09b57debd6b05ad3d1189de428d5 pinentry-curses_1.2.1-1_amd64.deb
29b23c48c0fe6f878e56c5ddc9f65d1c05d729360f3690a593a8c795031cd867 netbase_6.4_all.deb
2a46d5a5e9486da11ffeff5740931740d6deae4f92cd6098df060dc5dff1e1c7 libtirpc3_1.3.3+ds-1_amd64.deb
2ac1236547360284e9e154ad11a14564db65175bd4da393ec652ac1b2dc43571 libgpm2_1.20.7-10+b1_amd64.deb
2c17eaa4dfdd0ca5cc05b9ef56f7a3fc30e6af6040a66cefe4bacab275e88c83 libkrb5support0_1.20.1-1_amd64.deb
2ebb09e824b6eeb7e3d41cece8b090614d8b35df9296fb638b6ec65e63dddc3e g++-12_12.2.0-10_amd64.deb
2f736423dbe557a03e17cf1b122e90a1db4569407085fe215747b002bc36094e file_1%3a5.41-4_amd64.deb
30687cd51c3dbd02d51f58807a9b293035ef3e7776178acccda17ed37b510b5c libjpeg62-turbo_1%3a2.1.2-1+b1_amd64.deb
3079d34be974c3727757fd3c46ada03428a772c1af1f0f9fd3b2142da245b75f sysvinit-utils_3.05-7_amd64.deb
310f213b0e07c582a9e8d14f67856802da196b747cb0ee3ed8f07eb93063e0ee perl-modules-5.36_5.36.0-6_all.deb
3288cd76324fee7b1a34b97f6e6bcfc32a889f4f22002d0bd3788d8988eca791 hostname_3.23_amd64.deb
32ac0692694f8a34cc90c895f4fc739680fb2ef0e2d4870a68833682bf1c81a3 rpcsvc-proto_1.4.3-1_amd64.deb
32cb399d47b2dfcbd14216f1292dc32e00c025258e3512ed9f37b88cb07014c6 libcc1-0_12.2.0-10_amd64.deb
33d88e49bf052ed8f0679bdfa386ddf4cca0a58865db113658dc039a46a64353 bsdutils_1%3a2.38.1-4_amd64.deb
3530e0ddf6edc444b8d03b5566630d3c46c737f447e17e1cad48860cb160d307 libfido2-1_1.12.0-2_amd64.deb
359ed4b1413db4f19899d4e0ee519027fed6b9424b9101a8ab47b615db4aadc6 libubsan1_12.2.0-10_amd64.deb
362069a5f90fb6ca62b8d2ed2895bb6cd243c8ab1e1df8c3079b51ed91dd2836 dpkg_1.21.12_amd64.deb
362f0ac7d15015b6d4a97e634a39ded525650c9fbccb2f6967da20a54ec6f2a5 cpp-12_12.2.0-10_amd64.deb
36830a23700decc5d4b44d1bf95da30fbfd13bfa2a7cc81415fb62bc9ea38ce7 libpython3.10-minimal_3.10.9-1_amd64.deb
36b6fc603efaa2bfd22cff3a7773590dd6774a5d0d9b0c23b73306f3f58cbc20 libavif15_0.11.1-1_amd64.deb
372e28b68120da79b9eef0340e7d8480fb4503a85333d0afa6f3e27f13a58502 libc6-dev_2.36-6_amd64.deb
3771de1b0c70a480f2722de00df19a08557c27dda4fea905ac798050fd7ec702 librav1e0_0.5.1-5_amd64.deb
395448f62c350e6bd0a9e1030f6faebd80c02824f669deb62cef707bd8f6a9ce dpkg-dev_1.21.12_all.deb
3a8b61891f0ce9bd310088ce2d269d63b5afd88b9196fa4f046fd890faea4a17 libalgorithm-diff-perl_1.201-1_all.deb
3ac4fd6cbe3b3b06e68d24b931bf3eb9385b42f15604a37ed25310e948ca0ee6 libsasl2-modules-db_2.1.28+dfsg-10_amd64.deb
3b51dd882a3f08839537c5496442eb7e30a440e4be2f7397167502923bce7d43 perl-base_5.36.0-6_amd64.deb
3c8a97753835cb27d83efd4fa746d78c1c83a4980dc8cf3cc8b37cd5c28f3241 libdebconfclient0_0.265_amd64.deb
3c8b1eeb420337632d64f61495a81c9d975ffebeba8f303b7e71ee12ed85f08c libreadline8_8.2-1.2_amd64.deb
3d4b39f94317b64a860db8a7a8b581b555124cd461fe07ec0d347edbdb9f6683 libdeflate0_1.14-1_amd64.deb
3e2c8d2c1e0ef19659e447f53b6ef392dbbe24ac706a0f010bb15fa5c20d80f8 libc-dev-bin_2.36-6_amd64.deb
3e3ef129b4bf61513144236e15e1b4ec57fa5ae3dc8a72137abdbefb7a63af85 libtirpc-common_1.3.3+ds-1_all.deb
3f240b128963b65a5345f10c685407721336dd29e1a21685960d39d7e37a7537 libmpdec3_2.5.1-2_amd64.deb
3fc9742f9f1a37bcb9931df6074b4d1483419ef832ad5349f47323e75fc27864 libjansson4_2.14-2_amd64.deb
4044ed5b6a4e42bba42c087b35be02a8f0c3d63450977218cd497d552500202f libpam0g_1.5.2-5_amd64.deb
40e6d2cdd54c068c98dfd0f75d26a5795c37ee38c73468ca930e512569164ae1 libbsd0_0.11.7-1_amd64.deb
414cb803bbcf0850a629a95b69ea75d300c7d7d588a38c21a229f682926018cd sensible-utils_0.0.17_all.deb
421a2020132188fb1629716994a41c09153e04e5642850fa44600990b15342a1 libmagic-mgc_1%3a5.41-4_amd64.deb
429abbd86fef30596107b7327ff94856acf5b30477275b69a8c556417ebdeccd libblkid1_2.38.1-4_amd64.deb
438871b3f5c5c7a357a9840951dab9dab8db7eb1ff760a563226fafa111b99e5 bzip2_1.0.8-5+b1_amd64.deb
43c90d45f7cf5584108964b919d6c728680d81af5fa70c8fb367d661cef54e8c libnpth0_1.6-3_amd64.deb
4438d0bb9cf4a08bb2ae5a3ec59d23933584e964fc5ed550704d6f73d701636b media-types_8.0.0_all.deb
45922e6e289ffd92f0f92d2bb9159e84236ff202d552a461bf10e5335b3f0261 libnettle8_3.8.1-2_amd64.deb
4601e045d1f20da0f983b6c706169328e50cf219efd961f54095cf76d343dff8 libcrypt1_1%3a4.4.33-1_amd64.deb
4633d58ecf67ae2056530043065dee991492269467905c20884e285548e6277d libgcc-s1_12.2.0-10_amd64.deb
46dbe02369411b46f676ddb55fa8ee3a98f7a15607ddab785979c25bacb5d7db libalgorithm-merge-perl_0.08-5_all.deb
46dbf6a5097b7330848987636f302f270339e28be0bcc5f2dc39490621f56ee6 libsvtav1enc1_1.4.0+dfsg-1_amd64.deb
4914489233dbccf83139ee8bff065915982481aa44f3ffcde07a633db5908935 libzstd1_1.5.2+dfsg-1_amd64.deb
4950f88e69d601fcde4e548c7e72359fc992ed6daa5205d61acf4a16ef25fc02 rsync_3.2.6-4+b1_amd64.deb
49cfbe095c4bd03b10a242e0c1faa9fcd6b108953c62b28fc2025bfe5a47dccf e2fsprogs_1.46.6~rc1-1+b1_amd64.deb
49e64f0923cdecb2aaf6c93f176c25f63b841da2a501651ae23070f998967aa7 libxpm4_1%3a3.5.12-1_amd64.deb
4a2a8f92a9cf20acd9bdc7ae808e408d39bebc8c4c7a93419bbb4298288f203b libcrypt-dev_1%3a4.4.33-1_amd64.deb
4ac08d251e99812e90aca02d51b93f9dc6453d9403963733ac08c5f873732252 logsave_1.46.6~rc1-1+b1_amd64.deb
4af36a590b68d415a78d9238b932b6a4579f515ec8a8016597498acff5b515a4 libgdbm-compat4_1.23-3_amd64.deb
4c0af3e903ba0d374024865684d82bb08b2c3c78f49ca6c79c414a53041ef478 libss2_1.46.6~rc1-1+b1_amd64.deb
4cf64c4e1168f3c7e858bb4a71f2c5bea9a36dd448cdcc2154a551ac146e293b libgav1-1_0.18.0-1+b1_amd64.deb
4eaa56d2d0a0d648f8ecc65acb55a0f8463b695a528562f3608635f8359cd7a2 libkeyutils1_1.6.3-1_amd64.deb
504b7be9d7df4f6f4519e8dd4d6f9d03a9fb911a78530fa23a692fba3058cba6 libxext6_2%3a1.3.4-1+b1_amd64.deb
509f5260dcf607120694d5e1d9a6ca3ae07107fd1a52b603f6da97291642be90 libsepol2_3.4-2_amd64.deb
51c7fc3e9ae7a78fd7fe2994052cdaa62c68bb0a3ca58a74c588c01c4e8ac4bc libgprofng0_2.39.50.20221208-5_amd64.deb
5263737254410cbdb16c4c89a9a8027e92e37cc6517d500412bde8cc321733ef libcap-ng0_0.8.3-1+b2_amd64.deb
52d7d19964bb5e6aee946e540888890f0e9ae7dc5228e93f2505bdf8bc586396 manpages-dev_6.01-1_all.deb
5322e79ccfd14c22b55be391dcb03fbddae6e80b71af2de49afb4132867c32a2 git_1%3a2.35.1-1_amd64.deb
54149da3f44b22d523b26b692033b84503d822cc5122fed606ea69cc83ca5aeb libbz2-1.0_1.0.8-5+b1_amd64.deb
54e26547fb4f698843a8d504e31a6b9eae7137c5c65b9b0cc3aefcf6be3b7995 libctf0_2.39.50.20221208-5_amd64.deb
56beca470dcd9b6d7e6c3c9e9d702101e01e9467e62810a8c357bd7b9c26251d debian-archive-keyring_2021.1.1_all.deb
58d176ef84e4a0713f9d972af5aea07b992f2db396ac416012092cee4dafae73 libpam-runtime_1.5.2-5_all.deb
5912430927da16ccc831459679207fdbb9dfc5a206f2bab8d6f36d5a1ab53e25 libassuan0_2.5.5-5_amd64.deb
59c875947417a73f11e2bc2a7fcf12dac75b028109071365382b914b4effa9e0 readline-common_8.2-1.2_all.deb
5a466348531b9c38c8e5ccb18c231f27a98b9fdab61b37ea22592553de5d2ced liberror-perl_0.17029-2_all.deb
5b2d6325b76a18d8ed9a5b7e05479dd3f71eac3c0ddedbce60773140f7cfc594 libpython3-stdlib_3.10.6-1_amd64.deb
5b9c67e7b5d83584557b5e523149b0ab09a7597fbde97b85d6d4625f11f377dd libbinutils_2.39.50.20221208-5_amd64.deb
5ca9e86a3d144037a503d412dc464e6869e410a1c8685548bcd5bab6c01d3904 linux-libc-dev_6.0.12-1_amd64.deb
5d26306d12a45a8a03dca473490d56a765b58d61b53146c1c7784903cf59c45d libmpfr6_4.1.0-3_amd64.deb
6000ce7748ae79cb237c6c065e33a8f4976e518e95adba4bba0e591dc8698f75 util-linux_2.38.1-4_amd64.deb
608a01a26f2edaedc42d705e88fb5ec692462e1800954dea3a5e73900b477ab8 libfontconfig1_2.13.1-4.5_amd64.deb
61038f857e346e8500adf53a2a0a20859f4d3a3b51570cc876b153a2d51a3091 coreutils_9.1-1_amd64.deb
61a9c2989db7b699dc179bcaa7beadad9cbcff46cf5f43539769dc0c09aa401d sed_4.8-1_amd64.deb
62758cd5d9488139571f1b87d138abb8373f702cd528a23297cba27491364a62 dash_0.5.11+git20210903+057cd650a4ed-9_amd64.deb
64094f1345d904e3887983c9114c259952b6002e834063d8edad64728ad1fa4d binutils_2.39.50.20221208-5_amd64.deb
643df5f50c44e94fefdd157fee2f62e1914c037918674a267ec0571a8b5689e2 libacl1_2.3.1-2_amd64.deb
64cde86cef1deaf828bd60297839b59710b5cd8dc50efd4f12643caaee9389d3 liblz4-1_1.9.4-1_amd64.deb
6500982180b192f71acf4dfd22705d85c8344512090253b9fef8672db70e7d91 libperl5.36_5.36.0-6_amd64.deb
65f2e3ae1b233aa51caea2e9b9b06925311b486f5a1941e72523daa638824ecc libheif1_1.13.0-1_amd64.deb
66f8aedfb961b19852a8f0f8c9f5f6484a267ef6cc19552d7481333a1b963701 libuuid1_2.38.1-4_amd64.deb
679db1c4579ec7c61079adeaae8528adeb2e4bf5465baa6c56233b995d714750 libxau6_1%3a1.0.9-1_amd64.deb
68aa3b3bdac8b34802df7e2e950bae64c40aa6c2b24fed356b832968f8305aa0 libfile-fcntllock-perl_0.22-4+b1_amd64.deb
6995822451e1300baa41b953c19f1094640ad4237982612583e980d32e18eee5 wget_1.21.3-1+b2_amd64.deb
6b07c77b700a615642888a82ba92a7e7c429d04b9c8669c62b2263f15c4c4059 libjbig0_2.1-6.1_amd64.deb
6b149908d8f7c33806274ffed964008f73141ed17971666e9eb983571870c8e4 openssl_3.0.7-1_amd64.deb
6b32fa198ef48c19b28146b6f374625ae0a1d79dcc19bd65eb49f6a1594077bd passwd_1%3a4.13+dfsg1-1_amd64.deb
6c19a5d18c8350744581fbd25d5d29e2b7101053e25aafa4e1ffcc2b505b2f1c libxxhash0_0.8.1-1_amd64.deb
6d9f6c25c30efccce6d4bceaa48ea86c329a3432abb360a141f76ac223a4c34a libffi8_3.4.4-1_amd64.deb
6f94b488255acd996254f775c77ff3956557c61f860a3c9caeaf65457554194f libpopt0_1.19+dfsg-1_amd64.deb
702ab01235bffacab40eae14e96c66e92aec783ab7b3a418ee49dd6c8e5e1332 grep_3.8-3_amd64.deb
7038b4d856aff8b4054f879c488c1298db5a83ecfa6280f85706f20e2e1935f1 libalgorithm-diff-xs-perl_0.04-8+b1_amd64.deb
70d356876847a9a540b5bebd02b2141f9de292e7ce17a596cafdecb15c39ba21 libisl23_0.25-1_amd64.deb
70f79905c004691a74d2badbe3c69fce9e98833d7cd77bf3cb7f4fab5bd973a1 libkrb5-3_1.20.1-1_amd64.deb
737802943ba4ae9d3153b466ee20802f76d8a42492b430dc7bc2300fd0e9c96c libelf1_0.188-1_amd64.deb
73d4a22bdd7eb6be1e480d6884b103eb500cfd539cc20ae0f3e44dd8b0614798 cpio_2.13+dfsg-7.1_amd64.deb
74fc57a345749cce5ff879f119066eea075cebd98998cecfe70369d092e4912e libstdc++-12-dev_12.2.0-10_amd64.deb
770cb7513fc5370e841a10fe0385a52f892bb2f69ae8298f5569b1c2eb1787de libx11-6_2%3a1.8.1-2_amd64.deb
771f5c47ca69f24ca61e4be0c98c5912b182ce442f921697d17a472f3ded5c9c liblerc4_4.0.0+ds-2_amd64.deb
77bf08617463e8c5f8ecae1cbef1e9d0cee6d4c55662f59c4778d81d538250d7 login_1%3a4.13+dfsg1-1_amd64.deb
7a3ae3e97d0d403a4c54663c0bb48e9341d98822420a4ab808c6dc8e8474558f libcap2_1%3a2.44-1_amd64.deb
7b00efe3ec732cda15d49d5730a502194c6c6ec2520e47bef6a4bbfd3497aa86 libpcre2-8-0_10.40-3_amd64.deb
7b685f8294487d0573370a7040c4a811c67ac4641d50a0d010a2bb0fcb67eed5 libx11-data_2%3a1.8.1-2_all.deb
7b77cca4d7990fd4297570715a4138aabce7e4510163968cc83e0ad2726abc57 manpages_6.01-1_all.deb
7ca71c3ea78de3435f1e48d346e2502a8711795a23445ab693f134d21c727606 libncurses-dev_6.3+20220423-2_amd64.deb
7d7ce91b0397ef9d28525c79103f34d809ec691d56fc3744b44add10c87c9287 perl_5.36.0-6_amd64.deb
7d8c5add2cebc79c0bbd9d1380e85a2379409b8106fdd929032e8fe1307b4c5d bash_5.2-2+b1_amd64.deb
7e65be476b311eefed916f07576d59996a597359d7a25d7f40de6bd94d9a1277 python3_3.10.6-1_amd64.deb
835f806c21ae25e39053bd3057051640341b0cf08e1db9746fd82e370d82fa30 libsemanage-common_3.4-1_all.deb
83b44b9624711f954d91a4b0414b2f8d46fbc00a222e4c20614c16337a872762 libssl3_3.0.7-1_amd64.deb
8695fcedf470144d64dfc0123dc6821d2e72cb311225cea1e83d8b6e295722d0 libcurl3-gnutls_7.86.0-2_amd64.deb
89944ee11d7370ce6ef46fc52f094c4a6512eff8943ec4c6ebefeae6360ceada libgpg-error0_1.46-1_amd64.deb
89f79c82e9419dbd20b415e7610109cb4de4fc2cb750f1089209ee919f521be8 libldap-2.5-0_2.5.13+dfsg-2+b1_amd64.deb
8a80e834ebbfd1313d45a3d5a7d018680b943287f0fdd750ed2eddc90027fd6d libmpc3_1.2.1-2_amd64.deb
8a9d4d0a0459e86cd140c6ce63d71fa3ddb8425d82ab69f2876e3ebda3d88dc8 libasan8_12.2.0-10_amd64.deb
8c6d49b771530dbe26d7bd060582dc7d2b4eeb603a20789debc1ef4bbbc4ef67 patch_2.7.6-7_amd64.deb
8cbd111e1ad1c1357afb18f916c88c7ebb8cc860b8fac04ccc66a9eefe5a53af libcbor0.8_0.8.0-2+b1_amd64.deb
8f9196f7ac4487dd62ba7099e86bdfc6f17bf2d6c23f9f07022efbda502efdc4 libk5crypto3_1.20.1-1_amd64.deb
8fe1525f25334c3e9e1237cc6b8ba3b6b3089153d71d9f36b79ea46771939b1d publicsuffix_20220811.1734-1_all.deb
908ca1b35125f49125ae56945a72bc11ce0fcec85a8d980d10d83bb3a610f518 base-passwd_3.6.1_amd64.deb
90a2f213a2e730ca86a265ed58e99da621aa81f59d30c84fe7cdcfcdd2e95e2a dirmngr_2.2.40-1_amd64.deb
91e8961647518c06aed17920fb34ea8f0f92894d28149d94e2c324539853aaf4 libcom-err2_1.46.6~rc1-1+b1_amd64.deb
925f944100d399dd765ceb0de772cf747b92a311eae99d0a64008c2c92925cda gnupg_2.2.40-1_all.deb
92b94fe8bcf38803f0d953caf4f13bbb2f4f83f3c4b12ea3ae229d07ed248a79 libudev1_252.2-2_amd64.deb
941cf15477c0a2660864e1724e3738f869ee307587032a4dcc3f902d72b4ed57 libmagic1_1%3a5.41-4_amd64.deb
9559ab9601706910cff06144246471560a0e62cd3111b883fc902573a353feea liblzma5_5.2.9-0.0_amd64.deb
95fe4a1336532450e67bd067892f46eaa484139919ea8d067a9ffcbf5a4bf883 libgdbm6_1.23-3_amd64.deb
983ca41d506fa159536cd584118855748763f5f5a3b5949206bee4a62ec0cbf9 libxmuu1_2%3a1.1.3-3_amd64.deb
9c29e856bf381b25b0e5a429edfb925f89a5f910cb5ada8b01cd9b9ccfb49529 gpg-wks-client_2.2.40-1_amd64.deb
9cd87d1b0c56f34f51bcbe8bdb55ebb45dd08ce6c0c6ff2dc77378bac3f64cc0 libx265-199_3.5-2+b1_amd64.deb
9e6dfd1773d3486409116ea6571f6eeb1058b89ee33a56db52f584acfbd963db g++_4%3a12.2.0-1_amd64.deb
9f8985f120c7a6bd9abed8ac016dc29624f19f91f0699369e4d3940523675695 ncurses-base_6.3+20220423-2_all.deb
9fb65819e3d595d8a4325810788a8f7f9ca1cd3d0f2e0ca8816a2e2e2822cb8f libpython3.10-stdlib_3.10.9-1_amd64.deb
a0f4d9f42dcd12746f9aefbac32b9846aed45ad5fc532cecb0b83c518bf5d0bd libc-bin_2.36-6_amd64.deb
a1a83af8cbd854af887b72ad196b1f4af58387815e21ced1000253a116a46e2a make_4.3-4.1_amd64.deb
a36404e2b6e889d1c6e4f33a498a0413b766a3df558d1fe4ff4c33fa9ff4ce99 binutils-x86-64-linux-gnu_2.39.50.20221208-5_amd64.deb
a5f06cc885e0710c6ab4b82a293ae4412bf28ba7166ab6b844f55235c50089ed libgcc-12-dev_12.2.0-10_amd64.deb
a672bd3c22f639df30515b89cf9b86b2b887ffbdd1876737724d5515652ebd7c gcc_4%3a12.2.0-1_amd64.deb
aaf001e0d4c68f995f9efbc551d54f213122fef99b3eaf9e28286bda6c03da73 libabsl20220623_20220623.1-1_amd64.deb
ab9f503b5f22d3eeb89cb5927cb38d7b90c8088a6d658588aea1bd64e1d565b5 libldap-common_2.5.13+dfsg-2_all.deb
aca5921e0d1bd6611cd7f1ff9c4c8cbdc2fdfc340134a5a17e56e983ec7d56bb libc-devtools_2.36-6_amd64.deb
ae412490d277484dc79560b82023a656032dffa0d614316d1b0f4a58aa6c5ec9 gnupg-l10n_2.2.40-1_all.deb
ae924c4961cac4e450793f04301ff6d993569915ed87825b14af5d602d3c48bc libncursesw6_6.3+20220423-2_amd64.deb
af2957b92976a45dffa0f454fd2d8553e49a091f8702d510eda4374092d03fd4 cpp_4%3a12.2.0-1_amd64.deb
b09481e7690680966005330c3f907bba4b5eefc35e1faaea4783cc55655d1150 libfaketime_0.9.10-2.1_amd64.deb
b13b353b3655a800d63167e8741ae327cc3dd29729e69ee4b6f01ca6102b1d15 libselinux1_3.4-1+b3_amd64.deb
b1966bea9832686a0fd5ddba9787dce5816ebe02218a4a8f7472a1628d73451b libsasl2-modules_2.1.28+dfsg-10_amd64.deb
b1e8e1301552b2e27db6db28d652913cf7e836846fa9aa70c667b88436659b88 gpg_2.2.40-1_amd64.deb
b212c3c7bb16ae7b1896676b7ddf26f8fc6159e88998a253ccecd82a7fe0c42a libsystemd0_252.2-2_amd64.deb
b2af4cbcf7f407f2552f9f5ffbcb0edd32091fcf4a3909cbc3ad01e83e11c011 util-linux-extra_2.38.1-4_amd64.deb
b5bb46fa5a6322b76474167c0872a7c9a43a3dbacda33fb95a567f2910629d55 gpgv_2.2.40-1_amd64.deb
b983ab23743da7f3800b4218e852ff0140927d2fe75b70534ac03e196516aeda fontconfig-config_2.13.1-4.5_amd64.deb
ba2c5558c5c9323dc5ce0011157a72279789d1016bfadf18b6c3f5cda3099786 libyuv0_0.0~git20221118.ea26d7a-2_amd64.deb
baaa4e935c5e3bcd57d4f2f4e7a1ddc67bd4eb8629d98f97a696548849ae01ac bc_1.07.1-3+b1_amd64.deb
bb73e6e11dd177b249e8c74572a3f77737afe9c4e2218cece5175f42198fc0ea libfakeroot_1.29-1_amd64.deb
bb81a188c119cd7fdebae723cbc95887b6c549b2fe4fb7e268a9c8846444da99 libnsl-dev_1.3.0-2_amd64.deb
bbfd38de41898a06326f2a6ce4cc43e8e399f5566381231065b01d70499d5ba5 build-essential_12.9_amd64.deb
bcbc83f391854ea9d50ce2a4101aacf330de3b8b71d81a798faadba14a157f78 mawk_1.3.4.20200120-3.1_amd64.deb
bd8e963c6edcf1c806df97cd73560794c347aa94b9aaaf3b88eea585bb2d2f3c tar_1.34+dfsg-1_amd64.deb
beed9907afb85315ba2f5fc60fa09f0f9be2a409157cc2d45379b2e788698b0a libmount1_2.38.1-4_amd64.deb
bffcac7e4f69e39d37d4a33e841d6371ac8b5aba6cd55546b385dc7ff6c702f5 libgcrypt20_1.10.1-3_amd64.deb
c0161783577d1715c8a8ce101a8a513b14d141187ec3d05146721b0422ee9480 less_590-1_amd64.deb
c0d83437fdb016cb289436f49f28a36be44b3e8f1f2498c7e3a095f709c0d6f8 libnsl2_1.3.0-2_amd64.deb
c4e2eb142f8946b3a298bb807f41528332c6559691528ce547a409a7ca3ea7bc python3.10-minimal_3.10.9-1_amd64.deb
c6435f0dfbfaf7beb6dad9b98c92ab7b8569a0eaff78f40aa4a8a97faf407fa9 usr-is-merged_33_all.deb
c843bd13fde80bc21b178312059112cf5cfbcdb763e3f322f3fca0704d639815 libksba8_1.6.2-4_amd64.deb
c9a0cbb6c0c1a1b16179ac9027a0660da875a0fd52ef300d52bb73493d79138b libapt-pkg6.0_2.5.4_amd64.deb
caaec354f90fe671709b3fa2b969a9a618462fb2cc3fe03f8d28806f720a115f tzdata_2022f-1_all.deb
cbe97163f8d968b27ce68403787a32d0e1aa1e8bd1301a11ef20a7a5671adc4a diffutils_1%3a3.8-1_amd64.deb
cc0ffedcc1fb025a09dc3b7a62bac773d29c0a12bdcdd4fed2cfaa44520d132d gpg-agent_2.2.40-1_amd64.deb
cc6a8974d64157873030c7c61d7c872552ddadf31f6d35b9bc4d69c69eb72ba9 libpcre3_2%3a8.39-14_amd64.deb
cd4f20458589b515a1e39bf641e254d9e474e0d631d6eee5485cc1250a7a9808 mount_2.38.1-4_amd64.deb
cde841b275163fd0e5d742b61df46fd7eb6b7bfc8c44f8537124f61e6bcccacc libgomp1_12.2.0-10_amd64.deb
d095b7e3ff500f226cf752aeaced7df40e04682d34d4a1f7b0e47e92ffe6c079 libseccomp2_2.5.4-1+b2_amd64.deb
d202861c602f3719350d4aede3e4c65ea88d6529b2e1e7115f805091f624e7fa krb5-locales_1.20.1-1_all.deb
d20a3ee34fa84ad8bd381e8be6e9c2c2ea32347cff5e1169c10e978d43f54f24 libssh2-1_1.10.0-3+b1_amd64.deb
d25fb9a24b8037f7fb513cd1706e6f11122f2890f994ee321fe7988e10567878 libsemanage2_3.4-1+b3_amd64.deb
d466bbfe011d764d793c1d9d777cad9c7cf65b938e11598f27408171ad95a951 libunistring2_1.0-2_amd64.deb
d4c7b71ce8628e2baa6b1ef3dc3871fdeb5747ab12ff8dcda0c29c379da7d38b gcc-12_12.2.0-10_amd64.deb
d50716d5824083d667427817d506b45d3f59dc77e1ca52de000f3f62d4918afa libidn2-0_2.3.3-1+b1_amd64.deb
d62e8967437998b351daaaf69e8886592574725d7e88d525625d29fd2b961339 libgssapi-krb5-2_1.20.1-1_amd64.deb
d716f5b4346ec85bb728f4530abeb1da4a79f696c72d7f774c59ba127c202fa7 libpsl5_0.21.0-1.2_amd64.deb
d7abcfaa67bc16c4aed960c959ca62849102c8a0a61b9af9a23fcc870ebc3c57 ca-certificates_20211016_all.deb
d7dd1d1411fedf27f5e27650a6eff20ef294077b568f4c8c5e51466dc7c08ce4 zlib1g_1%3a1.2.13.dfsg-1_amd64.deb
d85f4d2f4f740d09d5f578cf15bbb9b6a912a849047cf807253605d4815745e8 libfreetype6_2.12.1+dfsg-3_amd64.deb
d8c263f47b03a942f2b807187dcc08286f8810c776f18e828dae0cc8b6375da5 libncurses6_6.3+20220423-2_amd64.deb
d98df4f21fc17d8436e230acb36acc8a53a74e3cbcfb13a96a9f823c32fda695 debianutils_5.7-0.4_amd64.deb
db2d207ae363db66000eec1367d87a5e88c638c5452738059c876580dcc2fc1a libgnutls30_3.7.8-4_amd64.deb
db7c6704938a114c3028dd5bb4c05daa390d340f57cd882345a3290f88911314 gpgconf_2.2.40-1_amd64.deb
dc32727dca9a87ba317da7989572011669f568d10159b9d8675ed7aedd26d686 libpng16-16_1.6.39-2_amd64.deb
dc846a0eb742ee2d269e2f32bb351865d8014b39f1b1352af1cb4243b84497ef libtiff5_4.4.0-6_amd64.deb
de2ae6cde14431c23b962246f0c304c526865a50c559edb30e9c056aa26a51e4 libpam-modules-bin_1.5.2-5_amd64.deb
de70f6f7625819163f23f139fe47696a7e6b6eb5dad3eb12d88bddf3fd088b98 unzip_6.0-27_amd64.deb
de7b7e4405d619241447144e88549c74abe4c5617b5b894821d975693209cefb debconf_1.5.80_all.deb
dfd4b424dca7349cbb474cca239ee54363d85fdb13462a05ebd8e35d42bd6232 base-files_12.3_amd64.deb
e0a108909fd3dae44e4a1cb3b91044012aea387b2734334ff816b6a78a0126ac libc6_2.36-6_amd64.deb
e1f69020dc2c466e421ec6a58406b643be8b5c382abf0f8989011c1d3df91c87 librtmp1_2.4+20151223.gitfa8646d.1-2+b2_amd64.deb
e3a156b87d37e8627a3a003c9a40d0e098bb1cec6938065b8c29dd844a1383b1 libdb5.3_5.3.28+dfsg1-0.10_amd64.deb
e3ddd34ed745867a628dbf413f271d6a7f8c5b0d5e01a4103d12240fc6a9d31a libstdc++6_12.2.0-10_amd64.deb
eabec1dde2834f72540d7b93fc5df2625f52611c06d93d61f5cdb12480e0e6a3 gzip_1.12-1_amd64.deb
ebb1e8a210f61f48d95baedb3b03f32996b7e0e0abad1e319075ae2da36e9c6b libtinfo6_6.3+20220423-2_amd64.deb
ebef6bcd777b5c0cc2699926f2159db08433aed07c50cb321fd828b28c5e8d53 ucf_3.0043_all.deb
ec6dcc8ba88087606e70f8ef2e80952974da60a9f2745cc5316a91c2f06951c8 libext2fs2_1.46.6~rc1-1+b1_amd64.deb
ecb8536f5fb34543b55bb9dc5f5b14c9dbb4150a7bddb3f2287b7cab6e9d25ef libxdmcp6_1%3a1.1.2-3_amd64.deb
ed2328befa036dcb0455deecb4787c91e48606ebbea28aa329bd2a10adb7b2aa python3-minimal_3.10.6-1_amd64.deb
ed43d96b4cae0ff0f2208456222151922ecd0bc1118f1e757ebe18206967a8ee libaom3_3.5.0-1_amd64.deb
ed8185c28b2cb519744a5a462dcd720d3b332c9b88a1d0002eac06dc8550cb94 libhogweed6_3.8.1-2_amd64.deb
eec4dc9d949d2c666b1da3fa762a340e8ba10c3a04d3eed32749a97695c15641 libtasn1-6_4.19.0-2_amd64.deb
f3928b657449bc65fb2e13f5a0370c6b30d6e57a9de2eb13ce2ef9f277c8dc0b xz-utils_5.2.9-0.0_amd64.deb
f79c858a5f9041fa7a836580816658a7cff16c562d32ae658347ae4a58b8ed75 adduser_3.129_all.deb
f827028f9abbf30a2a6a7fc550482ae7dc1386fc1e4bb0335d79d7d0cc9c4a7f libatomic1_12.2.0-10_amd64.deb
f9227bd91f834652cbb55c940cbc62f2230c1cfc649437a2efbca11767fd144b libitm1_12.2.0-10_amd64.deb
f9a0fa43e37e835d44a728eaca53fe4e33f53cd5490199444c0c7d48bf3df67a gpgsm_2.2.40-1_amd64.deb
f9ce24cbf69957dc1851fc55adba0a60b5bc617d51587b6478f2be64786442f1 init-system-helpers_1.65.2_all.deb
f9ce531f60cbd5df37996af9370e0171be96902a17ec2bdbd8d62038c354094f zlib1g-dev_1%3a1.2.13.dfsg-1_amd64.deb
fbdab45294d400a875d846da9a1da0b23854323fd03b5943bf54cd6125e41c96 libnghttp2-14_1.51.0-1_amd64.deb
fc39271fdb2bfc46531f8c156e9ea02dd40935e21eddccf0d8c29c58d97a1f93 libaudit-common_1%3a3.0.7-1.1_all.deb
fdc61332a3892168f3cc9cfa1fe9cf11a91dc3e0acacbc47cbc50ebaa234cc71 libxcb1_1.15-1_amd64.deb
fdd885dc27ec30f87312c959d1b44db6faffbc07b8eaec0d5a5e5b2fbcd79d46 libsqlite3-0_3.40.0-1_amd64.deb
fe36a7f35361fc40d0057ef447a7302fd41d51740d51c98fb3870bbed5b96e56 libexpat1_2.5.0-1_amd64.deb
fe524a9de7ed6b2a1465693f12d5f7be2d2d9f6d6e6bf028f17109263e173dc8 liblocale-gettext-perl_1.07-5_amd64.deb
feb6aaa0bd183246ca915b88825c68f3b5a6507bc70a8c2eb70d1e4cb9e83225 libsmartcols1_2.38.1-4_amd64.deb
ff12fc51e092aaae4992317c5f7f26d1e73e6fde4296a8cdfe1b739b51e4b0ab xauth_1%3a1.1.1-1_amd64.deb
ff1d5281131fb36c6da4f3c40a6b75010bf94f2b15fd3497500a1b056d01c63b ncurses-bin_6.3+20220423-2_amd64.deb
ff79706e87a63a34de6ade3632dc0855029ff7abb36ef9976d5e229887c836f9 gpg-wks-server_2.2.40-1_amd64.deb
ffd88ba260f07a50c33e849bce75895f17c993d8040397941c58703701d184c3 libpam-modules_1.5.2-5_amd64.deb

View File

@ -0,0 +1,13 @@
debian-archive-keyring
build-essential
git
libfaketime
file
wget
cpio
unzip
rsync
bc
libncurses-dev
python3
libelf-dev

View File

@ -0,0 +1,259 @@
adduser=3.129
apt=2.5.4
base-files=12.3
base-passwd=3.6.1
bash=5.2-2+b1
bc=1.07.1-3+b1
binutils-common=2.39.50.20221208-5
binutils-x86-64-linux-gnu=2.39.50.20221208-5
binutils=2.39.50.20221208-5
bsdutils=1:2.38.1-4
build-essential=12.9
bzip2=1.0.8-5+b1
ca-certificates=20211016
coreutils=9.1-1
cpio=2.13+dfsg-7.1
cpp-12=12.2.0-10
cpp=4:12.2.0-1
dash=0.5.11+git20210903+057cd650a4ed-9
debconf=1.5.80
debian-archive-keyring=2021.1.1
debianutils=5.7-0.4
diffutils=1:3.8-1
dirmngr=2.2.40-1
dpkg-dev=1.21.12
dpkg=1.21.12
e2fsprogs=1.46.6~rc1-1+b1
fakeroot=1.29-1
file=1:5.41-4
findutils=4.9.0-3
fontconfig-config=2.13.1-4.5
fonts-dejavu-core=2.37-2
g++-12=12.2.0-10
g++=4:12.2.0-1
gcc-12-base=12.2.0-10
gcc-12=12.2.0-10
gcc=4:12.2.0-1
git-man=1:2.35.1-1
git=1:2.35.1-1
gnupg-l10n=2.2.40-1
gnupg-utils=2.2.40-1
gnupg=2.2.40-1
gpg-agent=2.2.40-1
gpg-wks-client=2.2.40-1
gpg-wks-server=2.2.40-1
gpg=2.2.40-1
gpgconf=2.2.40-1
gpgsm=2.2.40-1
gpgv=2.2.40-1
grep=3.8-3
gzip=1.12-1
hostname=3.23
init-system-helpers=1.65.2
krb5-locales=1.20.1-1
less=590-1
libabsl20220623=20220623.1-1
libacl1=2.3.1-2
libalgorithm-diff-perl=1.201-1
libalgorithm-diff-xs-perl=0.04-8+b1
libalgorithm-merge-perl=0.08-5
libaom3=3.5.0-1
libapt-pkg6.0=2.5.4
libasan8=12.2.0-10
libassuan0=2.5.5-5
libatomic1=12.2.0-10
libattr1=1:2.5.1-3
libaudit-common=1:3.0.7-1.1
libaudit1=1:3.0.7-1.1+b2
libavif15=0.11.1-1
libbinutils=2.39.50.20221208-5
libblkid1=2.38.1-4
libbrotli1=1.0.9-2+b5
libbsd0=0.11.7-1
libbz2-1.0=1.0.8-5+b1
libc-bin=2.36-6
libc-dev-bin=2.36-6
libc-devtools=2.36-6
libc6-dev=2.36-6
libc6=2.36-6
libcap-ng0=0.8.3-1+b2
libcap2=1:2.44-1
libcbor0.8=0.8.0-2+b1
libcc1-0=12.2.0-10
libcom-err2=1.46.6~rc1-1+b1
libcrypt-dev=1:4.4.33-1
libcrypt1=1:4.4.33-1
libctf-nobfd0=2.39.50.20221208-5
libctf0=2.39.50.20221208-5
libcurl3-gnutls=7.86.0-2
libdav1d6=1.0.0-2
libdb5.3=5.3.28+dfsg1-0.10
libde265-0=1.0.9-1
libdebconfclient0=0.265
libdeflate0=1.14-1
libdpkg-perl=1.21.12
libedit2=3.1-20221030-2
libelf-dev=0.188-1
libelf1=0.188-1
liberror-perl=0.17029-2
libexpat1=2.5.0-1
libext2fs2=1.46.6~rc1-1+b1
libfakeroot=1.29-1
libfaketime=0.9.10-2.1
libffi8=3.4.4-1
libfido2-1=1.12.0-2
libfile-fcntllock-perl=0.22-4+b1
libfontconfig1=2.13.1-4.5
libfreetype6=2.12.1+dfsg-3
libgav1-1=0.18.0-1+b1
libgcc-12-dev=12.2.0-10
libgcc-s1=12.2.0-10
libgcrypt20=1.10.1-3
libgd3=2.3.3-7
libgdbm-compat4=1.23-3
libgdbm6=1.23-3
libgmp10=2:6.2.1+dfsg1-1.1
libgnutls30=3.7.8-4
libgomp1=12.2.0-10
libgpg-error0=1.46-1
libgpm2=1.20.7-10+b1
libgprofng0=2.39.50.20221208-5
libgssapi-krb5-2=1.20.1-1
libheif1=1.13.0-1
libhogweed6=3.8.1-2
libidn2-0=2.3.3-1+b1
libisl23=0.25-1
libitm1=12.2.0-10
libjansson4=2.14-2
libjbig0=2.1-6.1
libjpeg62-turbo=1:2.1.2-1+b1
libk5crypto3=1.20.1-1
libkeyutils1=1.6.3-1
libkrb5-3=1.20.1-1
libkrb5support0=1.20.1-1
libksba8=1.6.2-4
libldap-2.5-0=2.5.13+dfsg-2+b1
libldap-common=2.5.13+dfsg-2
liblerc4=4.0.0+ds-2
liblocale-gettext-perl=1.07-5
liblsan0=12.2.0-10
liblz4-1=1.9.4-1
liblzma5=5.2.9-0.0
libmagic-mgc=1:5.41-4
libmagic1=1:5.41-4
libmd0=1.0.4-2
libmount1=2.38.1-4
libmpc3=1.2.1-2
libmpdec3=2.5.1-2
libmpfr6=4.1.0-3
libncurses-dev=6.3+20220423-2
libncurses6=6.3+20220423-2
libncursesw6=6.3+20220423-2
libnettle8=3.8.1-2
libnghttp2-14=1.51.0-1
libnpth0=1.6-3
libnsl-dev=1.3.0-2
libnsl2=1.3.0-2
libnuma1=2.0.15-1
libp11-kit0=0.24.1-1
libpam-modules-bin=1.5.2-5
libpam-modules=1.5.2-5
libpam-runtime=1.5.2-5
libpam0g=1.5.2-5
libpcre2-8-0=10.40-3
libpcre3=2:8.39-14
libperl5.36=5.36.0-6
libpng16-16=1.6.39-2
libpopt0=1.19+dfsg-1
libpsl5=0.21.0-1.2
libpython3-stdlib=3.10.6-1
libpython3.10-minimal=3.10.9-1
libpython3.10-stdlib=3.10.9-1
libquadmath0=12.2.0-10
librav1e0=0.5.1-5
libreadline8=8.2-1.2
librtmp1=2.4+20151223.gitfa8646d.1-2+b2
libsasl2-2=2.1.28+dfsg-10
libsasl2-modules-db=2.1.28+dfsg-10
libsasl2-modules=2.1.28+dfsg-10
libseccomp2=2.5.4-1+b2
libselinux1=3.4-1+b3
libsemanage-common=3.4-1
libsemanage2=3.4-1+b3
libsepol2=3.4-2
libsmartcols1=2.38.1-4
libsqlite3-0=3.40.0-1
libss2=1.46.6~rc1-1+b1
libssh2-1=1.10.0-3+b1
libssl3=3.0.7-1
libstdc++-12-dev=12.2.0-10
libstdc++6=12.2.0-10
libsvtav1enc1=1.4.0+dfsg-1
libsystemd0=252.2-2
libtasn1-6=4.19.0-2
libtiff5=4.4.0-6
libtinfo6=6.3+20220423-2
libtirpc-common=1.3.3+ds-1
libtirpc-dev=1.3.3+ds-1
libtirpc3=1.3.3+ds-1
libtsan2=12.2.0-10
libubsan1=12.2.0-10
libudev1=252.2-2
libunistring2=1.0-2
libuuid1=2.38.1-4
libwebp7=1.2.2-2+b2
libx11-6=2:1.8.1-2
libx11-data=2:1.8.1-2
libx265-199=3.5-2+b1
libxau6=1:1.0.9-1
libxcb1=1.15-1
libxdmcp6=1:1.1.2-3
libxext6=2:1.3.4-1+b1
libxmuu1=2:1.1.3-3
libxpm4=1:3.5.12-1
libxxhash0=0.8.1-1
libyuv0=0.0~git20221118.ea26d7a-2
libzstd1=1.5.2+dfsg-1
linux-libc-dev=6.0.12-1
login=1:4.13+dfsg1-1
logsave=1.46.6~rc1-1+b1
make=4.3-4.1
manpages-dev=6.01-1
manpages=6.01-1
mawk=1.3.4.20200120-3.1
media-types=8.0.0
mount=2.38.1-4
ncurses-base=6.3+20220423-2
ncurses-bin=6.3+20220423-2
netbase=6.4
openssh-client=1:9.1p1-1
openssl=3.0.7-1
passwd=1:4.13+dfsg1-1
patch=2.7.6-7
perl-base=5.36.0-6
perl-modules-5.36=5.36.0-6
perl=5.36.0-6
pinentry-curses=1.2.1-1
publicsuffix=20220811.1734-1
python3-minimal=3.10.6-1
python3.10-minimal=3.10.9-1
python3.10=3.10.9-1
python3=3.10.6-1
readline-common=8.2-1.2
rpcsvc-proto=1.4.3-1
rsync=3.2.6-4+b1
sed=4.8-1
sensible-utils=0.0.17
sysvinit-utils=3.05-7
tar=1.34+dfsg-1
tzdata=2022f-1
ucf=3.0043
unzip=6.0-27
usr-is-merged=33
util-linux-extra=2.38.1-4
util-linux=2.38.1-4
wget=1.21.3-1+b2
xauth=1:1.1.1-1
xz-utils=5.2.9-0.0
zlib1g-dev=1:1.2.13.dfsg-1
zlib1g=1:1.2.13.dfsg-1

View File

@ -0,0 +1,6 @@
deb http://deb.debian.org/debian bookworm main
deb http://security.debian.org/debian-security bookworm-security main
deb http://deb.debian.org/debian bookworm-updates main
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20221220T000000Z bookworm main
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian-security/20221220T000000Z bookworm-security main
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20221220T000000Z bookworm-updates main

BIN
dist/airgap.iso (Stored with Git LFS) vendored

Binary file not shown.

16
dist/manifest.2BDE9CDB6D0FAD15.asc vendored Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzAzToO3Ax9K7Run3B88Hlc0qV+sFAmP+XQ4ACgkQB88Hlc0q
V+v1lg/9HxgMu/SLVcDlLEi0uz21693OwEBjcxL1rRca7y4/t/upGnhu53c0gM7W
ws+voJWWi9d8wTeuwl9yxvajdAo8I3Jw78hjXZWvqTK0CmLSSfCBTH6e7uRpvzbC
cJrc3QiErI84TpJde4NmZpMz6oGPzp+qdoAPCvsSiS2xy97+ZGB9OIfffjmlN86L
ZIjKCB0K2+yijB3pa/faNHv3Jv4XKliUXP+AelT0Rsw2466Bndruh63mxNjqYZiC
54hVd46ASwhS4YDNFZVrcYJNETr52328QjhtNlPsG83E2KGp2rl9mFaiXxLQsFD0
7j0VPIFPAqDvD7ZhAf5oTZDmo2BJYZpGTmTjBAdKDKCWySbwIEoGC65UoOY8ROXV
uGNqf9enFzWfnwLcDiujDo3e51Dag65FnEGkUDLUo/D/2B+r9vEzesVdTuGx3Szh
OTldUZp0ls9bCqhO4cCllZheswREbTTUUSYMYGNsRF+j6VaBR8jYa9yM4AX/Qk4N
9cokKyUD/ci49CH8R6THliD7FtF1G+LWvgHI4ZKzrEMJGyJVTiimHX4N2BJzZtUv
ObfCcskscf6DZxDpiFG256t2FYL3zQzNCaLj7mBpwe9NRuLwiSuHgS3udP9qossn
6Zew0D+a9wpst1MibKMx1G6eLn24Bjly81LDvIaKPn/yRIRrVzc=
=RJE0
-----END PGP SIGNATURE-----

View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAma0fbsACgkQjkeh7DWh
VR0lYBAAsjKcqgoSM73lck4gSga3CWtTfZ/k7azr98HnUw5InTyTwvna2sRGL3jb
Q0pUhrPVQVmjXSyxD/hR/uLuiAfUn2Gyhp1MZS3C7jmFcRsxCJzNbByv/2bUS2+U
5TaCoxmM8SdxTqcBIyYylKzZ4ub0t3bCWUt2uPqdSqslgEReeqbzzE3jpmiUfmHE
daaZhZa3iPEr7vqq00jUGFuSEdxQCQkty0nZHzfGhHwbliiUGyH6/bb+u4v5eGYH
VEyRq0CWFgw5sywpSf3UZjR0fkd0do9z6Li1ggN2GV63I4oT3L1LltcMXtgfMp+B
SA3gz7/mJsMqM6H2ZWqUgJAZw/mZCGStftSnOTKdyEtpzagNNeePa5f4kM1ZuHF6
ehSl1nbnCeCPfedS8+oUm3v8qWiFLXz4tmYvBnfDWaUXIYpNOrvJPtatdinTNRfl
nglyEt6Olc+3vEqkrEl7JFu13Gl92mbuhhelKjM/VDheHBUZ6yrso1aLbyruO+wm
RxL3pQSCNfAnIQpSdkXga5gVvbZDDISBast3qHFuZaZFbo2p24hw0HnLAfyCrxgF
JnN3x2qqRlTzQSrVr4EEXUwUqpt5LlnQ3kDLNVYhXuqTdmyETj1YGnAXkqV/D+Z7
B7hlDdddXI5d0yDoYPAmF9N7XJCasdfutnO/8IfZ/eE989jYybE=
=eruT
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAmP5OHwACgkQjkeh7DWh
VR08/w//ScO/qM0a8JAAsCuCXEeZIJAhkICrxOCjMl6z9KP3lU8yVU6NL/ULF9P4
0nW5A1jnZo9PKcabV1RKFkQ/UuJdmUOuupg5JkN5X99rR/SDZ6hrsVy/tS6kjKaU
Z9qMGlsVRYVdbBb+VKtQB1gguj04QXVD9iAFIeAeaRRNMhtqo7gMHU1cdOkB86g2
H4w25LuxkIfRtyGlUgtBMS3MqpRiNjUSunP357VlHFBEGv4yT7CcdLK68FFd6Qzp
U1KJja5DG68aVTHdT47LvFCKRPjyFvheA1Ok1feSnYrOqPAhzYEFuWoE+f/+/nsI
JLqGVvPO7g40p0YXZdPWjQON4ZpcRuWG9TRg85G4WV+sQfqnDpz1i2++pb2RrOMI
SNwUIz8zdTaWo1G+AoNfaveybk7BOlAstjDwA5SzukFNrPvBSOQpe53i+NGyTAPS
pbKnir6IAD1QwagZOzYac6tzE4ZX2F7zmjPrwCDHGYAYuaQV+1CWiIvnN5zCjHXe
pvl22LKwr8BDRHzmVpctdVojlkb4llrbdzq3cMZgdXasXKORD9+yuGAK5+hfekmi
vsUMROvIp27q/eFL5fLTIP3clOo5+foWdB4cqWoS0q+5qIG3Aa0YZp9HDeI9pdjH
W11QFp4tlrDwA0lgHdUiF4vITxDk/+qz0Hi3gKCll87cmXUufRg=
=wZZ6
-----END PGP SIGNATURE-----

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiII6deyqeGsP84sUjkAUeKP773IFAma0f0IACgkQjkAUeKP7
73I33w//SaGbbM9z8SYsWhii1SBnfs6NVQSwdBoO20C4gFdmZkPVDak3QoCAioaC
GjlEOEDb7SXfWi3n2z72P97dswN6dG1IxQKR1N913IWzUUEXGR0phaC+o0P1/f74
MXrcUDLwwJwZsA/0zMV6gHvONEqwgmfEO4WrEB/Ty7ueoJjsmQ2oauWytlh8CVDR
3HFwiVoAjRC2d0vKj0eL2n9pNQNEYKb+oJ/gq3sk2L8qPs1vThQguHADvqmi6V3w
+4tZqviksPXb+sve3VTsKFDbd5AXvcRY4TbPawQ5W7Aa6iK9W/yA10+zXvcHoGrA
6iMR94yI9eprBkqoeoxr2MHPk+8d9xXB16hY/h+OCPibkFFfPST9GDFcp0nk1JFH
b0bbpanBsxwN3IxTAL0a7iD2nxftZHjgiZib1lhdhLg35o9iou1V0fRPwdjepS3o
2TBvKhtNncUW/87ZhxhdkTI/iUvS0iem3KHUQXkM+ziOC5zGf+PYvMCuy2P0oSei
731aVOgxKbpEZHY0pTkuqG7U4+RWZ+KJEnxETcZWoCeY9DW/u2Dx5hukeZJbvmUo
111vBoziyocgKvKi5S3ctZaAwm2wNsE0TU/o5u9+Q5ST1wgsKJF+F0laCUQcDPwM
UyM5VznH31pChrlzRiUcsm0lMvDkx+JfTSBPOgzABMAcQ3YuTSk=
=e+q6
-----END PGP SIGNATURE-----

4
dist/manifest.txt vendored
View File

@ -1,2 +1,2 @@
fe92783ef775ccc5e32baefb26f951b7f37ed26ecbb4601a068e20b31bebadbb airgap.iso
b714c963bd8b1f3a38295821f0a3521bc64f97c1023c49d22a2e7433385b1a09 release.env
5b830f69691a96deb50caa68b69b7a6bb34a0af8c55a0d7dd21c1771683f96e1 airgap.iso
89695f9584b98adea86887de56774b8747c4f36092611c31da367a63f072954d release.env

8
dist/release.env vendored
View File

@ -1,5 +1,5 @@
VERSION=2024.8.1
GIT_REF=ea623cc147741b0a753ce4ea7aabe512df9a2ef9
VERSION=2023.02.24
GIT_REF=2376bc53dc4609ad0bff55e0b3365891db6fbeea
GIT_AUTHOR=Lance R. Vick
GIT_PUBKEY=6B61ECD76088748C70590D55E90A401336C8AAA9
GIT_TIMESTAMP=2024-08-08 00:34:41 -0700
GIT_KEY=6B61ECD76088748C70590D55E90A401336C8AAA9
GIT_TIMESTAMP=2023-02-24 13:31:37 -0800

View File

@ -1,55 +0,0 @@
#!/bin/sh
DAEMON="syslogd"
PIDFILE="/var/run/$DAEMON.pid"
SYSLOGD_ARGS=""
# shellcheck source=/dev/null
[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
# BusyBox' syslogd does not create a pidfile, so pass "-n" in the command line
# and use "-m" to instruct start-stop-daemon to create one.
start() {
printf 'Starting %s: ' "$DAEMON"
# shellcheck disable=SC2086 # we need the word splitting
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/sbin/$DAEMON" \
-- -n $SYSLOGD_ARGS
status=$?
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
stop() {
printf 'Stopping %s: ' "$DAEMON"
start-stop-daemon -K -q -p "$PIDFILE"
status=$?
if [ "$status" -eq 0 ]; then
rm -f "$PIDFILE"
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
restart() {
stop
sleep 1
start
}
case "$1" in
start|stop|restart)
"$1";;
reload)
# Restart, since there is no true "reload" feature.
restart;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

View File

@ -1,55 +0,0 @@
#!/bin/sh
DAEMON="klogd"
PIDFILE="/var/run/$DAEMON.pid"
KLOGD_ARGS=""
# shellcheck source=/dev/null
[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
# BusyBox' klogd does not create a pidfile, so pass "-n" in the command line
# and use "-m" to instruct start-stop-daemon to create one.
start() {
printf 'Starting %s: ' "$DAEMON"
# shellcheck disable=SC2086 # we need the word splitting
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/sbin/$DAEMON" \
-- -n $KLOGD_ARGS
status=$?
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
stop() {
printf 'Stopping %s: ' "$DAEMON"
start-stop-daemon -K -q -p "$PIDFILE"
status=$?
if [ "$status" -eq 0 ]; then
rm -f "$PIDFILE"
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
restart() {
stop
sleep 1
start
}
case "$1" in
start|stop|restart)
"$1";;
reload)
# Restart, since there is no true "reload" feature.
restart;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

View File

@ -1,94 +0,0 @@
#!/bin/sh
#
# This script is used by busybox and procps-ng.
#
# With procps-ng, the "--system" option of sysctl also enables "--ignore", so
# errors are not reported via syslog. Use the run_logger function to mimic the
# --system behavior, still reporting errors via syslog. Users not interested
# on error reports can add "-e" to SYSCTL_ARGS.
#
# busybox does not have a "--system" option neither reports errors via syslog,
# so the scripting provides a consistent behavior between the implementations.
# Testing the busybox sysctl exit code is fruitless, as at the moment, since
# its exit status is zero even if errors happen. Hopefully this will be fixed
# in a future busybox version.
PROGRAM="sysctl"
SYSCTL_ARGS=""
# shellcheck source=/dev/null
[ -r "/etc/default/$PROGRAM" ] && . "/etc/default/$PROGRAM"
# Files are read from directories in the SYSCTL_SOURCES list, in the given
# order. A file may be used more than once, since there can be multiple
# symlinks to it. No attempt is made to prevent this.
SYSCTL_SOURCES="/etc/sysctl.d/ /usr/local/lib/sysctl.d/ /usr/lib/sysctl.d/ /lib/sysctl.d/ /etc/sysctl.conf"
# If the logger utility is available all messages are sent to syslog, except
# for the final status. The file redirections do the following:
#
# - stdout is redirected to syslog with facility.level "kern.info"
# - stderr is redirected to syslog with facility.level "kern.err"
# - file dscriptor 4 is used to pass the result to the "start" function.
#
run_logger() {
# shellcheck disable=SC2086 # we need the word splitting
find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \
xargs -0 -r -n 1 readlink -f | {
prog_status="OK"
while :; do
read -r file || {
echo "$prog_status" >&4
break
}
echo "* Applying $file ..."
/sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL"
done 2>&1 >&3 | /usr/bin/logger -t sysctl -p kern.err
} 3>&1 | /usr/bin/logger -t sysctl -p kern.info
}
# If logger is not available all messages are sent to stdout/stderr.
run_std() {
# shellcheck disable=SC2086 # we need the word splitting
find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \
xargs -0 -r -n 1 readlink -f | {
prog_status="OK"
while :; do
read -r file || {
echo "$prog_status" >&4
break
}
echo "* Applying $file ..."
/sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL"
done
}
}
if [ -x /usr/bin/logger ]; then
run_program="run_logger"
else
run_program="run_std"
fi
start() {
printf '%s %s: ' "$1" "$PROGRAM"
status=$("$run_program" 4>&1)
echo "$status"
if [ "$status" = "OK" ]; then
return 0
fi
return 1
}
case "$1" in
start)
start "Running";;
restart|reload)
start "Rerunning";;
stop)
:;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

View File

@ -1,24 +0,0 @@
#!/bin/sh
case "$1" in
start)
printf "Populating %s using udev: " "${udev_root:-/dev}"
[ -e /proc/sys/kernel/hotplug ] && printf '\000\000\000\000' > /proc/sys/kernel/hotplug
/sbin/udevd -d || { echo "FAIL"; exit 1; }
udevadm trigger --type=subsystems --action=add
udevadm trigger --type=devices --action=add
udevadm settle --timeout=30 || echo "udevadm settle failed"
echo "done"
;;
stop)
# Stop execution of events
udevadm control --stop-exec-queue
killall udevd
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0

View File

@ -1,20 +0,0 @@
#!/bin/sh
case "$1" in
start)
/usr/sbin/pcscd -d || { echo "FAIL"; exit 1; }
killall pcscd
/usr/sbin/pcscd -d || { echo "FAIL"; exit 1; }
echo "done"
;;
stop)
# Stop execution of events
killall pcscd
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0

View File

@ -1,70 +0,0 @@
#! /bin/sh
#
# Preserve the random seed between reboots. See urandom(4).
#
# Quietly do nothing if /dev/urandom does not exist
[ -c /dev/urandom ] || exit 0
URANDOM_SEED="/var/lib/random-seed"
# shellcheck source=/dev/null
[ -r "/etc/default/urandom" ] && . "/etc/default/urandom"
if pool_bits=$(cat /proc/sys/kernel/random/poolsize 2> /dev/null); then
pool_size=$((pool_bits/8))
else
pool_size=512
fi
init_rng() {
[ -f "$URANDOM_SEED" ] || return 0
printf 'Initializing random number generator: '
dd if="$URANDOM_SEED" bs="$pool_size" of=/dev/urandom count=1 2> /dev/null
status=$?
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
save_random_seed() {
printf 'Saving random seed: '
status=1
if touch "$URANDOM_SEED.new" 2> /dev/null; then
old_umask=$(umask)
umask 077
dd if=/dev/urandom of="$URANDOM_SEED.tmp" bs="$pool_size" count=1 2> /dev/null
cat "$URANDOM_SEED" "$URANDOM_SEED.tmp" 2>/dev/null \
| sha256sum \
| cut -d ' ' -f 1 > "$URANDOM_SEED.new" && \
mv "$URANDOM_SEED.new" "$URANDOM_SEED" && status=0
rm -f "$URANDOM_SEED.tmp"
umask "$old_umask"
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
else
echo "SKIP (read-only file system detected)"
fi
return "$status"
}
case "$1" in
start|restart|reload)
# Carry a random seed from start-up to start-up
# Load and then save the whole entropy pool
init_rng && save_random_seed;;
stop)
# Carry a random seed from shut-down to start-up
# Save the whole entropy pool
save_random_seed;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

View File

@ -1,27 +0,0 @@
#!/bin/sh
# Stop all init scripts in /etc/init.d
# executing them in reversed numerical order.
#
for i in $(ls -r /etc/init.d/S??*) ;do
# Ignore dangling symlinks (if any).
[ ! -f "$i" ] && continue
case "$i" in
*.sh)
# Source shell script for speed.
(
trap - INT QUIT TSTP
set stop
. $i
)
;;
*)
# No sh extension, so fork subprocess.
$i stop
;;
esac
done

View File

@ -1,27 +0,0 @@
#!/bin/sh
# Start all init scripts in /etc/init.d
# executing them in numerical order.
#
for i in /etc/init.d/S??* ;do
# Ignore dangling symlinks (if any).
[ ! -f "$i" ] && continue
case "$i" in
*.sh)
# Source shell script for speed.
(
trap - INT QUIT TSTP
set start
. $i
)
;;
*)
# No sh extension, so fork subprocess.
$i start
;;
esac
done

View File

@ -1,2 +0,0 @@
#!/bin/sh
exec /bin/init

View File

@ -1,15 +0,0 @@
KERNEL!="mmcblk[0-9]p[0-9]|sd[a-z][0-9]", GOTO="automount_end"
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="automount_end"
IMPORT{program}="/sbin/blkid -o udev -p %N"
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"
ENV{ID_FS_LABEL}=="", ENV{dir_name}="%k"
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
ACTION=="add", ENV{ID_FS_TYPE}=="vfat", ENV{mount_options}="relatime,utf8,flush,user,umask=0000"
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"
ACTION=="add", RUN+="/usr/local/bin/autorun /media/%E{dir_name}"
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"
LABEL="automount_end"

View File

@ -1,28 +0,0 @@
#!/bin/bash
set -e
source /etc/profile
folder=${1?}
if [ "$folder" == "/media/USER" ] && [ -f "${folder}/autorun.sh" ]; then
if touch "${folder}/.write_test" 2>/dev/null; then
echo "!! Autorun: Read-only verification failed for /media/USER" >/dev/console
exit 1;
else
echo "" >/dev/console
echo "++ Autorun: Found /media/USER/autorun.sh" >/dev/console;
echo "** Autorun: Executing /media/USER/autorun.sh" >/dev/console
/bin/bash "/media/USER/autorun.sh" >/dev/console
fi
elif [ -f "${folder}/autorun.sh.asc" ]; then
echo "" >/dev/console
echo "++ Autorun: Found ${folder}/autorun.sh" >/dev/console;
gpg --verify "${folder}/autorun.sh.asc" >/dev/null 2>&1 || {
echo "!! Autorun: Verification Failed for ${folder}/autorun.sh" \
>/dev/console;
exit 1;
}
echo "++ Autorun: Verified ${folder}/autorun.sh" >/dev/console
echo "** Autorun: Executing ${folder}/autorun.sh" >/dev/console
/bin/bash "${folder}/autorun.sh" >/dev/console
fi

View File

@ -1,3 +0,0 @@
#!/bin/bash
echo "Autorun.sh executed"

65
src/scripts/audit Executable file
View File

@ -0,0 +1,65 @@
#!/bin/bash
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
set -e; source environment
build_dir="${BUILD_DIR?}"
audit_dir="${BUILD_DIR?}/audit"
buildroot_dir="${build_dir}/buildroot"
heads_dir="${build_dir}/heads"
mkdir -p ${audit_dir}
printf "Generating container package vulnerability stats... "
debsecan \
--suite $(lsb_release --codename --short) \
--format detail \
> ${audit_dir}/container_package_cves.txt
container_package_cves="$( \
cat ${audit_dir}/container_package_cves.txt | grep CVE | wc -l \
)"
echo "done"
printf "Generating target OS source tar hashes... "
openssl sha256 -r ${buildroot_dir}/dl/*/*.tar.* \
> ${audit_dir}/os_src_hashes.txt
echo "done"
printf "Generating firmware source tar hashes... "
openssl sha256 -r ${heads_dir}/packages/* \
> ${audit_dir}/fw_src_hashes.txt
echo "done"
printf "Generating combined/uniqued source tar hashes... "
cat ${audit_dir}/os_src_hashes.txt \
${audit_dir}/fw_src_hashes.txt \
| sed 's/ .*\// /g' \
| awk '{ t = $1; $1 = $2; $2 = t; print;}' \
| sort \
| uniq \
> ${audit_dir}/all_hashes.txt
echo "done"
printf "Generating buildroot package stats... "
( cd ${buildroot_dir} \
&& support/scripts/pkg-stats --json ${audit_dir}/pkg-stats.json \
> /dev/null 2>&1
)
target_os_source_cves=$( \
cat build/audit/pkg-stats.json | jq '.stats["total-cves"]' \
)
echo "done"
printf "Generating license usage reports... "
( cd ${buildroot_dir} && make legal-info > /dev/null 2>&1 )
cp -R ${buildroot_dir}/output/legal-info ${audit_dir}/legal-info
echo "done"
echo "------------------------------------------------"
echo "Wrote: build/audit/container_package_cves.txt"
echo "Wrote: build/audit/os_src_hashes.txt"
echo "Wrote: build/audit/fw_src_hashes.txt"
echo "Wrote: build/audit/all_hashes.txt"
echo "Wrote: build/audit/pkg-stats.json"
echo "Wrote: build/audit/legal-info"
echo "------------------------------------------------"
echo "Build container package CVEs: ${container_package_cves}"
echo "Target OS source CVEs: ${target_os_source_cves}"

1
src/toolchain Submodule

@ -0,0 +1 @@
Subproject commit ca3e7960ea2abb9e448610c633dc92d7786ce8ab