forked from public/airgap
1
0
Fork 0

rename to airgap

This commit is contained in:
Lance Vick 2020-06-15 11:04:50 -07:00
parent f2ca7b8bc7
commit ca28e74062
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
4 changed files with 101 additions and 29 deletions

View File

@ -1,5 +1,5 @@
NAME := unilinux NAME := airgap
IMAGE := polychain/$(NAME):latest IMAGE := local/$(NAME):latest
TARGET := qemu TARGET := qemu
docker = docker docker = docker
executables = $(docker) executables = $(docker)
@ -22,7 +22,7 @@ image:
.PHONY: build .PHONY: build
build: build:
$(contain) build $(contain) build
cp -R build/buildroot/output/images/* release/ cp -R build/buildroot/output/images/bzImage release/
.PHONY: fetch .PHONY: fetch
fetch: fetch:

49
README.md Normal file
View File

@ -0,0 +1,49 @@
# Airgap #
<https://gitlab.com/pchq/airgap>
## About ##
A live buildroot based distribution designed for managing secrets offline.
Built for those of us that want to be -really- sure our most important secrets
are managed in a clean environment with an "air gap" between us and the
internet.
## Use Cases ##
- Generate GPG keychain
- Store/Restore gpg keychain to security token such as a Yubikey or Nitrokey
- Signing cryptocurrency transactions
- Generate/backup BIP39 universal cryptocurrency wallet seed
- Store/Restore BIP39 seed to a hardware wallet such as a Trezor or Ledger
## Requirements ##
### Software ###
* docker 18+
### Hardware ###
* Any x86_64 laptop known to support Linux should work.
* Ideally use a coreboot compatible machine with Heads for secure boot
* Ensure any Wifi/Bluetooth/Audio devices are removed
## Build ##
```
make all
```
## Install ##
TBD
## Development ##
### Boot image in qemu
```
make vm
```

View File

@ -3,7 +3,7 @@
# Buildroot 2020.05 Configuration # Buildroot 2020.05 Configuration
# #
BR2_HAVE_DOT_CONFIG=y BR2_HAVE_DOT_CONFIG=y
BR2_EXTERNAL_Unilinux_PATH="/home/build/config/buildroot" BR2_EXTERNAL_airgap_PATH="/home/build/config/buildroot"
BR2_HOST_GCC_AT_LEAST_4_9=y BR2_HOST_GCC_AT_LEAST_4_9=y
BR2_HOST_GCC_AT_LEAST_5=y BR2_HOST_GCC_AT_LEAST_5=y
BR2_HOST_GCC_AT_LEAST_6=y BR2_HOST_GCC_AT_LEAST_6=y
@ -116,7 +116,10 @@ BR2_GNU_MIRROR="http://ftpmirror.gnu.org"
BR2_LUAROCKS_MIRROR="http://rocks.moonscript.org" BR2_LUAROCKS_MIRROR="http://rocks.moonscript.org"
BR2_CPAN_MIRROR="http://cpan.metacpan.org" BR2_CPAN_MIRROR="http://cpan.metacpan.org"
BR2_JLEVEL=0 BR2_JLEVEL=0
# BR2_CCACHE is not set BR2_CCACHE=y
BR2_CCACHE_DIR="$(HOME)/build/buildroot-ccache"
BR2_CCACHE_INITIAL_SETUP=""
BR2_CCACHE_USE_BASEDIR=y
# BR2_ENABLE_DEBUG is not set # BR2_ENABLE_DEBUG is not set
BR2_STRIP_strip=y BR2_STRIP_strip=y
BR2_STRIP_EXCLUDE_FILES="" BR2_STRIP_EXCLUDE_FILES=""
@ -377,8 +380,8 @@ BR2_TOOLCHAIN_HAS_LIBQUADMATH=y
# #
BR2_ROOTFS_SKELETON_DEFAULT=y BR2_ROOTFS_SKELETON_DEFAULT=y
# BR2_ROOTFS_SKELETON_CUSTOM is not set # BR2_ROOTFS_SKELETON_CUSTOM is not set
BR2_TARGET_GENERIC_HOSTNAME="buildroot" BR2_TARGET_GENERIC_HOSTNAME="airgap"
BR2_TARGET_GENERIC_ISSUE="Welcome to Buildroot" BR2_TARGET_GENERIC_ISSUE="Welcome to Airgap"
BR2_TARGET_GENERIC_PASSWD_SHA256=y BR2_TARGET_GENERIC_PASSWD_SHA256=y
# BR2_TARGET_GENERIC_PASSWD_SHA512 is not set # BR2_TARGET_GENERIC_PASSWD_SHA512 is not set
BR2_TARGET_GENERIC_PASSWD_METHOD="sha-256" BR2_TARGET_GENERIC_PASSWD_METHOD="sha-256"
@ -401,7 +404,7 @@ BR2_ROOTFS_DEVICE_TABLE="system/device_table.txt"
# BR2_ROOTFS_DEVICE_TABLE_SUPPORTS_EXTENDED_ATTRIBUTES is not set # BR2_ROOTFS_DEVICE_TABLE_SUPPORTS_EXTENDED_ATTRIBUTES is not set
# BR2_ROOTFS_MERGED_USR is not set # BR2_ROOTFS_MERGED_USR is not set
BR2_TARGET_ENABLE_ROOT_LOGIN=y BR2_TARGET_ENABLE_ROOT_LOGIN=y
BR2_TARGET_GENERIC_ROOT_PASSWD="" BR2_TARGET_GENERIC_ROOT_PASSWD="build"
BR2_SYSTEM_BIN_SH_BUSYBOX=y BR2_SYSTEM_BIN_SH_BUSYBOX=y
# #
@ -420,7 +423,7 @@ BR2_TARGET_GENERIC_GETTY_BAUDRATE="0"
BR2_TARGET_GENERIC_GETTY_TERM="vt100" BR2_TARGET_GENERIC_GETTY_TERM="vt100"
BR2_TARGET_GENERIC_GETTY_OPTIONS="" BR2_TARGET_GENERIC_GETTY_OPTIONS=""
BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW=y BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW=y
BR2_SYSTEM_DHCP="eth0" BR2_SYSTEM_DHCP=""
BR2_SYSTEM_DEFAULT_PATH="/bin:/sbin:/usr/bin:/usr/sbin" BR2_SYSTEM_DEFAULT_PATH="/bin:/sbin:/usr/bin:/usr/sbin"
BR2_ENABLE_LOCALE_PURGE=y BR2_ENABLE_LOCALE_PURGE=y
BR2_ENABLE_LOCALE_WHITELIST="C en_US" BR2_ENABLE_LOCALE_WHITELIST="C en_US"
@ -638,7 +641,7 @@ BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC=y
# Compressors and decompressors # Compressors and decompressors
# #
# BR2_PACKAGE_BROTLI is not set # BR2_PACKAGE_BROTLI is not set
# BR2_PACKAGE_BZIP2 is not set BR2_PACKAGE_BZIP2=y
# #
# lrzip needs a toolchain w/ wchar, threads, C++ # lrzip needs a toolchain w/ wchar, threads, C++
@ -662,8 +665,8 @@ BR2_PACKAGE_PULSEAUDIO_HAS_ATOMIC=y
# #
# unrar needs a toolchain w/ C++, wchar, threads # unrar needs a toolchain w/ C++, wchar, threads
# #
# BR2_PACKAGE_XZ is not set BR2_PACKAGE_XZ=y
# BR2_PACKAGE_ZIP is not set BR2_PACKAGE_ZIP=y
# BR2_PACKAGE_ZSTD is not set # BR2_PACKAGE_ZSTD is not set
# #
@ -833,7 +836,7 @@ BR2_PACKAGE_PROVIDES_HOST_GETTEXT="host-gettext-tiny"
# gperf needs a toolchain w/ C++ # gperf needs a toolchain w/ C++
# #
# BR2_PACKAGE_JO is not set # BR2_PACKAGE_JO is not set
# BR2_PACKAGE_JQ is not set BR2_PACKAGE_JQ=y
# BR2_PACKAGE_LIBTOOL is not set # BR2_PACKAGE_LIBTOOL is not set
# BR2_PACKAGE_MAKE is not set # BR2_PACKAGE_MAKE is not set
# BR2_PACKAGE_PKGCONF is not set # BR2_PACKAGE_PKGCONF is not set
@ -1406,7 +1409,7 @@ BR2_PACKAGE_SEDUTIL_ARCH_SUPPORTS=y
# #
# wf111 needs a glibc toolchain # wf111 needs a glibc toolchain
# #
# BR2_PACKAGE_WIPE is not set BR2_PACKAGE_WIPE=y
# #
# xorriso needs a toolchain w/ wchar, threads # xorriso needs a toolchain w/ wchar, threads
@ -1601,7 +1604,11 @@ BR2_PACKAGE_WEBRTC_AUDIO_PROCESSING_ARCH_SUPPORTS=y
# #
# BR2_PACKAGE_SZIP is not set # BR2_PACKAGE_SZIP is not set
BR2_PACKAGE_ZLIB_NG_ARCH_SUPPORTS=y BR2_PACKAGE_ZLIB_NG_ARCH_SUPPORTS=y
# BR2_PACKAGE_ZLIB is not set BR2_PACKAGE_ZLIB=y
BR2_PACKAGE_LIBZLIB=y
# BR2_PACKAGE_ZLIB_NG is not set
BR2_PACKAGE_HAS_ZLIB=y
BR2_PACKAGE_PROVIDES_ZLIB="libzlib"
BR2_PACKAGE_PROVIDES_HOST_ZLIB="host-libzlib" BR2_PACKAGE_PROVIDES_HOST_ZLIB="host-libzlib"
# BR2_PACKAGE_ZZIPLIB is not set # BR2_PACKAGE_ZZIPLIB is not set
@ -1626,14 +1633,14 @@ BR2_PACKAGE_BOTAN_ARCH_SUPPORTS=y
# gnutls needs a toolchain w/ wchar, dynamic library # gnutls needs a toolchain w/ wchar, dynamic library
# #
# BR2_PACKAGE_LIBARGON2 is not set # BR2_PACKAGE_LIBARGON2 is not set
# BR2_PACKAGE_LIBASSUAN is not set BR2_PACKAGE_LIBASSUAN=y
# BR2_PACKAGE_LIBGCRYPT is not set BR2_PACKAGE_LIBGCRYPT=y
BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS=y BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS=y
# BR2_PACKAGE_LIBGPG_ERROR is not set BR2_PACKAGE_LIBGPG_ERROR=y
BR2_PACKAGE_LIBGPG_ERROR_SYSCFG="i686-pc-linux-gnu" BR2_PACKAGE_LIBGPG_ERROR_SYSCFG="i686-pc-linux-gnu"
# BR2_PACKAGE_LIBGPGME is not set # BR2_PACKAGE_LIBGPGME is not set
# BR2_PACKAGE_LIBKCAPI is not set # BR2_PACKAGE_LIBKCAPI is not set
# BR2_PACKAGE_LIBKSBA is not set BR2_PACKAGE_LIBKSBA=y
# BR2_PACKAGE_LIBMCRYPT is not set # BR2_PACKAGE_LIBMCRYPT is not set
# BR2_PACKAGE_LIBMHASH is not set # BR2_PACKAGE_LIBMHASH is not set
# BR2_PACKAGE_LIBNSS is not set # BR2_PACKAGE_LIBNSS is not set
@ -2717,7 +2724,7 @@ BR2_PACKAGE_LIBEASTL_ARCH_SUPPORTS=y
# #
# libloki needs a toolchain w/ C++, threads # libloki needs a toolchain w/ C++, threads
# #
# BR2_PACKAGE_LIBNPTH is not set BR2_PACKAGE_LIBNPTH=y
BR2_PACKAGE_LIBNSPR_ARCH_SUPPORT=y BR2_PACKAGE_LIBNSPR_ARCH_SUPPORT=y
# BR2_PACKAGE_LIBNSPR is not set # BR2_PACKAGE_LIBNSPR is not set
# BR2_PACKAGE_LIBPFM4 is not set # BR2_PACKAGE_LIBPFM4 is not set
@ -2860,13 +2867,16 @@ BR2_PACKAGE_PROTOBUF_ARCH_SUPPORTS=y
# BR2_PACKAGE_LIBENCA is not set # BR2_PACKAGE_LIBENCA is not set
# BR2_PACKAGE_LIBESTR is not set # BR2_PACKAGE_LIBESTR is not set
# BR2_PACKAGE_LIBFRIBIDI is not set # BR2_PACKAGE_LIBFRIBIDI is not set
# BR2_PACKAGE_LIBICONV is not set BR2_PACKAGE_LIBICONV=y
# BR2_PACKAGE_LIBICONV_EXTRA_ENCODINGS is not set
# #
# libunistring needs a toolchain w/ wchar # libunistring needs a toolchain w/ wchar
# #
# BR2_PACKAGE_LINENOISE is not set # BR2_PACKAGE_LINENOISE is not set
# BR2_PACKAGE_NCURSES is not set BR2_PACKAGE_NCURSES=y
# BR2_PACKAGE_NCURSES_TARGET_PROGS is not set
BR2_PACKAGE_NCURSES_ADDITIONAL_TERMINFO=""
# #
# newt needs a toolchain w/ wchar, dynamic library # newt needs a toolchain w/ wchar, dynamic library
@ -3498,8 +3508,8 @@ BR2_PACKAGE_XENOMAI_COBALT_ARCH_SUPPORTS=y
# BR2_PACKAGE_DTACH is not set # BR2_PACKAGE_DTACH is not set
# BR2_PACKAGE_EASY_RSA is not set # BR2_PACKAGE_EASY_RSA is not set
# BR2_PACKAGE_FILE is not set # BR2_PACKAGE_FILE is not set
# BR2_PACKAGE_GNUPG is not set BR2_PACKAGE_GNUPG2=y
# BR2_PACKAGE_GNUPG2 is not set BR2_PACKAGE_GNUPG2_GPGV=y
# BR2_PACKAGE_INOTIFY_TOOLS is not set # BR2_PACKAGE_INOTIFY_TOOLS is not set
# BR2_PACKAGE_LOCKFILE_PROGS is not set # BR2_PACKAGE_LOCKFILE_PROGS is not set
@ -3508,7 +3518,20 @@ BR2_PACKAGE_XENOMAI_COBALT_ARCH_SUPPORTS=y
# #
# BR2_PACKAGE_LOGSURFER is not set # BR2_PACKAGE_LOGSURFER is not set
# BR2_PACKAGE_PDMENU is not set # BR2_PACKAGE_PDMENU is not set
# BR2_PACKAGE_PINENTRY is not set BR2_PACKAGE_PINENTRY=y
#
# pinentry-fltk needs X and a toolchain w/ C++
#
BR2_PACKAGE_PINENTRY_NCURSES=y
#
# pinentry-gtk2 needs X and a toolchain w/ wchar, threads, C++, gcc >= 4.8
#
#
# pinentry-qt5 needs a toolchain w/ wchar, NPTL, gcc >= 5.0, C++, dynamic library
#
# #
# ranger needs a toolchain w/ wchar, threads, dynamic library # ranger needs a toolchain w/ wchar, threads, dynamic library
@ -3615,7 +3638,7 @@ BR2_PACKAGE_INITSCRIPTS=y
# polkit needs a glibc or musl toolchain with C++, wchar, dynamic library, NPTL, gcc >= 4.9 # polkit needs a glibc or musl toolchain with C++, wchar, dynamic library, NPTL, gcc >= 4.9
# #
# BR2_PACKAGE_PROCRANK_LINUX is not set # BR2_PACKAGE_PROCRANK_LINUX is not set
# BR2_PACKAGE_PWGEN is not set BR2_PACKAGE_PWGEN=y
# #
# quota needs a toolchain w/ wchar, threads # quota needs a toolchain w/ wchar, threads
@ -3772,7 +3795,7 @@ BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS=y
# BR2_PACKAGE_HOST_LPC3250LOADER is not set # BR2_PACKAGE_HOST_LPC3250LOADER is not set
# BR2_PACKAGE_HOST_LTTNG_BABELTRACE is not set # BR2_PACKAGE_HOST_LTTNG_BABELTRACE is not set
# BR2_PACKAGE_HOST_MENDER_ARTIFACT is not set # BR2_PACKAGE_HOST_MENDER_ARTIFACT is not set
# BR2_PACKAGE_HOST_MKPASSWD is not set BR2_PACKAGE_HOST_MKPASSWD=y
# BR2_PACKAGE_HOST_MTD is not set # BR2_PACKAGE_HOST_MTD is not set
# BR2_PACKAGE_HOST_MTOOLS is not set # BR2_PACKAGE_HOST_MTOOLS is not set
# BR2_PACKAGE_HOST_OPENOCD is not set # BR2_PACKAGE_HOST_OPENOCD is not set

View File

@ -1,2 +1,2 @@
name: Unilinux name: Airgap
desc: Linux Unikernel configs for high security use cases desc: Linux distribution for offline cryptography use cases