forked from public/airgap
1
0
Fork 0

Compare commits

...

48 Commits

Author SHA1 Message Date
Sam Ebstein bb76f61615
Merge branch 'lance/fix-determinism' 2024-10-05 07:42:49 -07:00
Lance Vick 934fb903dd
fix: determinism on appended fat32 partition 2024-10-03 04:37:17 -07:00
Sam Ebstein 575967e5b4
Merge remote-tracking branch 'origin/tpm2vm' 2024-10-02 13:19:35 -07:00
Lance Vick 8db8dfc2a1
fix: build order in release 2024-10-02 13:12:10 -07:00
Lance Vick e75ac046e0
fix: stagex dep strings 2024-10-02 12:54:57 -07:00
Lance Vick d480d0a809
fix: make dep on out directory 2024-10-02 12:51:23 -07:00
Lance Vick 23cf93a8c2
maint: update stagex 2024-10-01 13:43:42 -07:00
Lance Vick 1f2abbaee9
feat: tpm2.0 support in 'make vm' 2024-09-28 12:25:12 -07:00
Lance Vick 6fa36e4e74
feat: 'make vm' runs in container 2024-09-28 04:52:27 -07:00
Lance Vick cac8bc947d
Merge remote-tracking branch 'origin/sam/add-user-partition' 2024-09-28 03:53:35 -07:00
Sam Ebstein d8dd960dd5
rootfs/usr/local/bin/autorun: adding autorun checks on new fat32 formatted USER partition 2024-09-25 10:16:34 -07:00
Sam Ebstein 8308101a35
Containerfile: creating a fat32 formatted third partition on airgap.iso
to allow for arbitrary user data.
2024-09-25 10:16:27 -07:00
Ryan Heywood 1f26de8fc1
Merge branch '2024.8.1' 2024-08-08 04:20:22 -04:00
Ryan Heywood 4ad5be07db
sign 2024.8.1 2024-08-08 04:18:41 -04:00
Lance Vick 657a3ff611
release: 2024.8.1 2024-08-08 01:13:02 -07:00
Lance Vick ea623cc147
Merge remote-tracking branch 'origin/ryansquared/bump-keyfork-v0.2.3' 2024-08-08 00:34:41 -07:00
Ryan Heywood 95ccf80fe8
Containerfile: bump stagex to include new keyfork version 2024-08-08 01:14:24 -04:00
Ryan Heywood 5904a22c80
add signatures for 2024.8.0 2024-08-04 20:16:21 -04:00
Anton Livaja 485fc58bfb
feat: add sig 2024-08-04 18:15:11 -04:00
Lance Vick e1c677bc06
add signature 2024-08-04 14:19:33 -07:00
Lance Vick dc8515ea02
release: 2024.8.0 2024-08-04 14:17:11 -07:00
Lance Vick 3cb460b72e
GIT_KEY GIT_PUBKEY 2024-08-04 13:29:39 -07:00
Lance Vick f1c0f2f8b5
working reproduction 2024-08-04 13:11:28 -07:00
Lance Vick 1f2ce99275
ignore additional folders 2024-08-04 13:10:24 -07:00
Lance Vick 721ffad1f0
cache/determinism fixes and doc updates 2024-08-03 15:52:30 -07:00
Lance Vick 74bf27bc66
Merge branch 'main' into stagex-rewrite 2024-08-02 22:15:34 -07:00
Lance Vick 44e18ea21b
fix default VERSION arg 2024-08-02 22:05:27 -07:00
Lance Vick a2a3cce64c
fix previous env import on reproduce 2024-08-02 21:58:30 -07:00
Lance Vick f0270a2862
default VERSION to development 2024-08-02 21:44:19 -07:00
Lance Vick 24725ea630
add initial release/reproduction/signing targets 2024-08-02 21:39:15 -07:00
Lance Vick 96ea9054f9
track dist/airgap.iso in lfs 2024-08-02 21:38:46 -07:00
Lance Vick 4676d9f889
hash lock all the things 2024-08-02 18:22:16 -07:00
Lance Vick d1707c48f1
docs: first pass of stagex doc fixes 2024-06-27 00:35:06 -07:00
Lance Vick 51ec4ca719
feat: working sd card automounting with via udev 2024-06-27 00:14:34 -07:00
Lance Vick f735b7e3af
Virtual sd card support 2024-06-26 00:46:56 -07:00
Lance Vick c20dedcc35
pcscd, udevd, and yubikeys working at boot 2024-06-20 20:42:57 -07:00
Lance Vick d737fce6ea
Working EFI/Bios Stagex boot 2024-06-18 01:45:21 -07:00
Lance Vick e886bc51fa
working vm-bios and vm-efi targets 2024-06-17 11:56:18 -07:00
Lance Vick fbdb919b7f
Second pass w/ hybrid grub/syslinux for efi/bios boot 2024-06-11 14:07:13 -07:00
Anton Livaja df223e6deb
fix: typo 2024-03-28 19:55:28 -04:00
Anton Livaja 1578b3c76d
chore: sign 2024.03.13 2024-03-28 18:56:12 -04:00
Anton Livaja 0af9d294a7
chore: clean up build section 2024-03-28 11:38:56 -04:00
Anton Livaja dc60d53fca
fix: typo 2024-03-28 11:28:27 -04:00
Ryan Heywood 16479807f1
sign 2024.03.13 2024-03-13 17:10:07 -04:00
Spencer Judd 38689b24b2
Release 2024.03.13 2024-03-13 14:32:10 -04:00
Lance Vick de0a962876
Merge remote-tracking branch 'origin/refs/pull/2/head' 2024-03-09 22:12:58 -08:00
Spencer Judd 7d9f87c976
Enable kernel webcam support
These four kernel config changes are sufficient to get the webcam
working on the Librem 14.
2024-03-09 22:55:26 -05:00
Lance Vick e723c545c9
refactor: replace buildroot/toolchain with stagex 2024-03-01 10:51:15 -08:00
57 changed files with 858 additions and 11346 deletions

1
.gitattributes vendored
View File

@ -1 +1,2 @@
dist/*.iso filter=lfs diff=lfs merge=lfs -text dist/*.iso filter=lfs diff=lfs merge=lfs -text
dist/airgap.iso filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
cache/ cache/
out/ out/
out*/
.* .*

3
.gitmodules vendored
View File

@ -1,3 +0,0 @@
[submodule "src/toolchain"]
path = src/toolchain
url = https://codeberg.org/distrust/toolchain

236
Containerfile Normal file
View File

@ -0,0 +1,236 @@
FROM stagex/alsa-lib:sx2024.09.0@sha256:a41b481187f76c1e9ed4e237977f4892c1507a3b8f8f6736ff3fdd5144bd2afb AS alsa-lib
FROM stagex/bash:sx2024.09.0@sha256:cb58f55d268fbe7ef629cda86e3a8af893066e4af7f26ef54748b6ad47bdaa66 AS bash
FROM stagex/bc:sx2024.09.0@sha256:039cc5ac357a17d6374445fe4eed1dac15cc72f615bd9657c17e2c3904d42b62 AS bc
FROM stagex/busybox:sx2024.09.0@sha256:d34bfa56566aa72d605d6cbdc154de8330cf426cfea1bc4ba8013abcac594395 AS busybox
FROM stagex/ccid:sx2024.09.0@sha256:3225dc4a6a1af5f828854157a6b16eb09a0b0f7ebe9d9ee34030afe3966afad1 AS ccid
FROM stagex/cpio:sx2024.09.0@sha256:abccb58edb5f1f31b3b9c8b61cffa10cd56de3307e337335927b8df4d9112d24 AS cpio
FROM stagex/curl:sx2024.09.0@sha256:8e5705a77a76c92d058e016184dabd0c4fa2f6117021cc5ff55df35f654cb158 AS curl
FROM stagex/dtc:sx2024.09.0@sha256:57f8aaa94059c43081b32fccb473ebd2c0cf16878dcf0e24e0e56c910467e93a AS dtc
FROM stagex/eudev:sx2024.09.0@sha256:7da7aed7ea7eb73bda86e206e765bdc8e6367c2c2ae535ccd68c7c1b0a936611 AS eudev
FROM stagex/flashtools:sx2024.09.0@sha256:4e61cc6f0af9aa6116bb93f048c20d00026d75c27dc52b7e8604f0e340c55b80 AS flashtools
FROM stagex/gcc:sx2024.09.0@sha256:439bf36289ef036a934129d69dd6b4c196427e4f8e28bc1a3de5b9aab6e062f0 AS gcc
FROM stagex/glib:sx2024.09.0@sha256:d280c18f8b52ce21a26924b0cb1bfb69ea6508b57db73efe22401572e71dbe84 AS glib
FROM stagex/gpg:sx2024.09.0@sha256:f63555b39740db63b34c06894a4a9d5e125d04f5d51e799909d06c490e8ecd42 AS gpg
FROM stagex/grub:sx2024.09.0@sha256:a14c60f152c759185e5702e910053cb5c0d9eee11f43d8d5d40a84123aece9fd AS grub
FROM stagex/ipxe:sx2024.09.0@sha256:5791d9b42c7e9099a0180c4fe6cc4b8e9afc9e6b9ec392099c65c53b71db7908 AS ipxe
FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq
FROM stagex/jq:sx2024.09.0@sha256:3e8b44aa54481bdd46406e9d3a63862f4216f81530a1898b3c144e1c38847a82 AS jq
FROM stagex/keyfork:sx2024.09.0@sha256:2288c1d769a0c3c535835019ad4919cc45b094492b5aa959a0eaf1e883a96214 AS keyfork
FROM stagex/libaio:sx2024.09.0@sha256:c8d6dd6f3e6fbda73ac0620b2bc4b4cfe6fa504bf7a17eee3bb56e286c394b8b AS libaio
FROM stagex/libassuan:sx2024.09.0@sha256:1f31e888ab3f02634009d1a38acca9f25deb827432eb91392e21fd75128a44aa AS libassuan
FROM stagex/libffi:sx2024.09.0@sha256:ab647ebf8464e00cde623f86f716e7f50ce82c30eafde813b7977d917ff7143a AS libffi
FROM stagex/libgcrypt:sx2024.09.0@sha256:49c84a586969ff625b3304dcf8905a98db0da36fb8704e3d7a0771d271509b68 AS libgcrypt
FROM stagex/libgpg-error:sx2024.09.0@sha256:11c17c1ac41f36c85e538bd34a0095a9f17e116f61c38d560350c02a6929e55a AS libgpg-error
FROM stagex/libksba:sx2024.09.0@sha256:2913b382fdb76f02f9d78ee162066e04953ba782b8f722145111617a842f40a3 AS libksba
FROM stagex/libqrencode:sx2024.09.0@sha256:8c0f523bdf8d315e7b67cadd584e23d22a316dd1973232d49603e127717e4d1a AS libqrencode
FROM stagex/libseccomp:sx2024.09.0@sha256:f48d783989da9d509cc6b4c12ec34e14074ffc1ab7a4f2d1e322c417d967e12f AS libseccomp
FROM stagex/libslirp:sx2024.09.0@sha256:9dfb87e4a0adba80b862ce6b96112d96f509ffbca25bb71c60ba5bb5693b481d AS libslirp
FROM stagex/libtpms:sx2024.09.0@sha256:d909a55137d0bf4a76331c2bf0358ee192d6c93ad77a5099af09ce1bcca2a6cd AS libtpms
FROM stagex/libusb:sx2024.09.0@sha256:6c0dcf2b9519b1a41066ad71d3b597e9dae84fb73e5d031a3bdd2eb40f78ef94 AS libusb
FROM stagex/libzstd:sx2024.09.0@sha256:a055f8cd6e11b0b8836b2e5e1d755f672edbd344a4f4b5aba94919a6511be4c3 AS libzstd
FROM stagex/linux-airgap:sx2024.09.0@sha256:efb98b59ab37a7e33db423eda7a49bb7273b087838fda8098ce6736a0860fc73 AS linux-airgap
FROM stagex/lzo:sx2024.09.0@sha256:09c60840e3e3e5835ec027c21283febc9f8cf53ab887576fbe9c38dbdbdfd571 AS lzo
FROM stagex/mtools:sx2024.09.0@sha256:c83f7aebce9076903dbf1082aac981d3c0950d9e8952a900e5e072e2a811cda7 AS mtools
FROM stagex/musl:sx2024.09.0@sha256:ad351b875f26294562d21740a3ee51c23609f15e6f9f0310e0994179c4231e1d AS musl
FROM stagex/npth:sx2024.09.0@sha256:21d50ec1421fe75af4bea240d76022ddb8c114fd2805bfeb06fb938e5a58fc0d AS npth
FROM stagex/numactl:sx2024.09.0@sha256:39e667b966a443f42e1c7a8c944203945bd1808ce759df1706bb3b93b0b674c2 AS numactl
FROM stagex/openpgp-card-tools:sx2024.09.0@sha256:56d4696d111b309e536f1b70980db7098cd7823005432e4130432cb2f625cf9f AS openpgp-card-tools
FROM stagex/opensc:sx2024.09.0@sha256:5117a9d39d3b77655b29bf661d9e04eea2001a5b033b2fd6b4297048330ff6e7 AS opensc
FROM stagex/openssl:sx2024.09.0@sha256:2c1a9d8fcc6f52cb11a206f380b17d74c1079f04cbb08071a4176648b4df52c1 AS openssl
FROM stagex/pcsc-lite:sx2024.09.0@sha256:4fe37671197ac768637e95f7395ae1a18412b3f42359d0c0aa9f4e7f684aef4e AS pcsc-lite
FROM stagex/pcsc-tools:sx2024.09.0@sha256:05046ca5d41a09163eda26785563fd98f0cb1179030c3f4ee3243997a907bb96 AS pcsc-tools
FROM stagex/qemu:sx2024.09.0@sha256:c9b099bc7d810a581e0e0f68061dd525d7efdb5334d119b4253249a459bd907e AS qemu
FROM stagex/seabios:sx2024.09.0@sha256:f4e535fb1bfc2c7ae1756cdaa2404b1572f6ad195ceabba90d87ed0599fd97d7 AS seabios
FROM stagex/sops:sx2024.09.0@sha256:c742fb1f0c5a4f9d9bc9afc37ba686b247d2b17d55d179409d33736b43c9aaa5 AS sops
FROM stagex/swtpm:sx2024.09.0@sha256:c47fb2c4d8690936b4adef832a3f354231bb5a04206bf2fb565218034ce27792 AS swtpm
FROM stagex/syslinux:sx2024.09.0@sha256:a41388558d7f6d9a29847ee2ff5507ab3100bfe9032ef3b99a3d783ad60ed390 AS syslinux
FROM stagex/tpm2-tools:sx2024.09.0@sha256:c2fc693ec68a9d097151e5b3dd5b923f0dcc35fd4e0624b91ade3bf21367162c AS tpm2-tools
FROM stagex/tpm2-tss:sx2024.09.0@sha256:a8bf8c0973e1b5ba62ce5034a6230684ebe5a142da275d09e81fa2f2f9c87411 AS tpm2-tss
FROM stagex/util-linux:sx2024.09.0@sha256:7e3f3c1e748f5c216503e69b9f8f2e9f8084ec675fb29b23f3a6f0ed3b20c54a AS util-linux
FROM stagex/xorriso:sx2024.09.0@sha256:2205a8f53d4fc569880c311061daa085f40c62b2fd94d556e72bd31b4df9e63a AS xorriso
FROM stagex/xz:sx2024.09.0@sha256:b57c5e6144117bc0124855e9538e60c302cc7bf53fafb53e2eef3434015366f1 AS xz
FROM stagex/yq:sx2024.09.0@sha256:bd6882f0f3ea664e9de6cf732cef2fa2781fc2852f5e6502a6aea1e63eb9708b AS yq
FROM stagex/zlib:sx2024.09.0@sha256:96b4100550760026065dac57148d99e20a03d17e5ee20d6b32cbacd61125dbb6 AS zlib
FROM scratch AS base
ARG VERSION development
ARG GIT_TIMESTAMP null
ARG GIT_AUTHOR null
ARG GIT_REF null
ARG GIT_PUBKEY null
COPY --from=busybox . /
COPY --from=musl . /
COPY --from=xorriso . /
COPY --from=cpio . /
COPY --from=mtools . /
COPY --from=xz . /
COPY --from=grub . /
FROM base as dev
COPY --from=gcc . /
COPY --from=glib . /
COPY --from=alsa-lib . /
COPY --from=lzo . /
COPY --from=dtc . /
COPY --from=zlib . /
COPY --from=numactl . /
COPY --from=libaio . /
COPY --from=libseccomp . /
COPY --from=libffi . /
COPY --from=libzstd . /
COPY --from=libslirp . /
COPY --from=seabios . /
COPY --from=ipxe . /
COPY --from=qemu . /
COPY --from=swtpm . /
COPY --from=openssl . /
COPY --from=curl . /
COPY --from=libtpms . /
COPY --from=tpm2-tss . /
COPY --from=tpm2-tools . /
FROM base AS build
## Kernel
COPY --from=linux-airgap /bzImage iso/boot/vmlinuz
## Initramfs
COPY --from=busybox . initramfs
COPY --from=eudev . initramfs
COPY --from=musl . initramfs
COPY --from=zlib . initramfs
COPY --from=npth . initramfs
COPY --from=libksba . initramfs
COPY --from=libgpg-error . initramfs
COPY --from=libassuan . initramfs
COPY --from=libgcrypt . initramfs
COPY --from=keyfork . initramfs
COPY --from=bash . initramfs
COPY --from=gpg . initramfs
COPY --from=jq . initramfs
COPY --from=yq . initramfs
COPY --from=bc . initramfs
COPY --from=flashtools . initramfs
COPY --from=curl . initramfs
COPY --from=tpm2-tools . initramfs
COPY --from=tpm2-tss . initramfs
COPY --from=openssl . initramfs
COPY --from=libusb . initramfs
COPY --from=ccid . initramfs
COPY --from=pcsc-lite . initramfs
COPY --from=pcsc-tools . initramfs
COPY --from=openpgp-card-tools . initramfs
COPY --from=libqrencode . initramfs
COPY --from=opensc . initramfs
COPY --from=util-linux . initramfs
COPY --from=sops . initramfs
COPY rootfs/ initramfs
COPY <<-EOF initramfs/etc/environment
export VERSION="$VERSION"
export GIT_TIMESTAMP="$GIT_TIMESTAMP"
export GIT_AUTHOR="$GIT_AUTHOR"
export GIT_REF="$GIT_REF"
export GIT_PUBKEY="$GIT_PUBKEY"
EOF
RUN <<-EOF
set -eux
cd initramfs
find . -exec touch -hcd "@0" "{}" +
find . -print0 \
| sort -z \
| cpio \
--null \
--create \
--verbose \
--reproducible \
--format=newc \
| gzip --best \
> ../iso/boot/initramfs
EOF
## Grub (EFI Boot)
COPY config/grub.cfg iso/boot/grub/grub.cfg
COPY config/grub_early.cfg grub_early.cfg
RUN <<-EOF
set -eux
mkdir -p efi/boot
grub-mkimage \
--config="grub_early.cfg" \
--prefix="/boot/grub" \
--output="efi/boot/bootx64.efi" \
--format="x86_64-efi" \
--compression="xz" \
all_video \
disk \
part_gpt \
part_msdos \
linux \
normal \
configfile \
search \
search_label \
efi_gop \
fat \
iso9660 \
gzio \
serial \
terminal
find efi -exec touch -hcd "@0" "{}" +
mformat -i iso/boot/grub/efi.img -C -f 1440 -N 0 ::
mcopy -i iso/boot/grub/efi.img -ms efi ::
touch -md "@0" iso/boot/grub/efi.img
EOF
## Syslinux (BIOS Boot)
COPY config/syslinux.cfg iso/boot/syslinux/
COPY --from=syslinux \
/usr/share/syslinux/isohdpfx.bin \
/usr/share/syslinux/isolinux.bin \
/usr/share/syslinux/ldlinux.c32 \
/usr/share/syslinux/libutil.c32 \
/usr/share/syslinux/libcom32.c32 \
/usr/share/syslinux/mboot.c32 \
iso/boot/syslinux/
## Build Hybrid EFI/BIOS ISO
FROM build AS install
ENV SOURCE_DATE_EPOCH=1
RUN <<-EOF
set -eux
dd if=/dev/zero bs=1M count=10 >> user.img
mformat -v user -i user.img -N 0 ::
find iso -exec touch -hcd "@0" "{}" +
xorrisofs \
-output airgap.iso \
-full-iso9660-filenames \
-joliet \
-rational-rock \
-sysid LINUX \
-volid "airgap" \
-isohybrid-mbr iso/boot/syslinux/isohdpfx.bin \
-eltorito-boot boot/syslinux/isolinux.bin \
-eltorito-catalog boot/syslinux/boot.cat \
-no-emul-boot \
-boot-load-size 4 \
-boot-info-table \
-eltorito-alt-boot \
-e boot/grub/efi.img \
-no-emul-boot \
-isohybrid-gpt-basdat \
-follow-links \
-append_partition 3 0xb user.img \
iso/
EOF
## Minimal Autorun SD card image
COPY sdcard sdcard
RUN <<-EOF
set -eux
dd if=/dev/zero of=sdcard.img bs=1M count=32
mformat -v external -i sdcard.img ::
mcopy -i sdcard.img -s sdcard/* ::
EOF
FROM scratch AS package
COPY --from=install /sdcard.img /
COPY --from=install /airgap.iso /

167
Makefile
View File

@ -1,21 +1,86 @@
include $(PWD)/src/toolchain/Makefile VERSION := development
GIT_REF := $(shell git log -1 --format=%H)
GIT_AUTHOR := $(shell git log -1 --format=%an)
GIT_PUBKEY := $(shell git log -1 --format=%GP)
GIT_TIMESTAMP := $(shell git log -1 --format=%cd --date=iso)
export
## Use env vars from latest release when reproducing
ifdef REPRODUCE
include dist/release.env
export
endif
ifdef NOCACHE
NO_CACHE := --no-cache
endif
.DEFAULT_GOAL := .DEFAULT_GOAL :=
.PHONY: default .PHONY: default
default: \ default: \
toolchain \ out/release.env \
$(OUT_DIR)/airgap.iso \ out/manifest.txt \
$(OUT_DIR)/release.env \ out/airgap.iso
$(OUT_DIR)/manifest.txt
## Primary targets
out/airgap.iso: Containerfile $(shell git ls-files rootfs)
SOURCE_DATE_EPOCH=1 \
docker build \
--progress=plain \
--output type=local,rewrite-timestamp=true,dest=out \
--build-arg SOURCE_DATE_EPOCH=1 \
--build-arg VERSION="$(VERSION)" \
--build-arg GIT_REF="$(GIT_REF)" \
--build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \
--build-arg GIT_PUBKEY="$(GIT_PUBKEY)" \
--build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \
$(NO_CACHE) \
-f Containerfile \
.
## Development Targets
out/dev-shell.digest: Containerfile | out
docker build --target dev -f Containerfile -q . > $@
.PHONY: shell
shell: out/dev-shell.digest
docker run -it $(shell cat $<) /bin/sh
.PHONY: vm
vm: out/dev-shell.digest out/airgap.iso out/sdcard.img
docker run -it -v ./out:/out $(shell cat $<) sh -c "\
swtpm socket \
--tpmstate dir=. \
--ctrl type=unixio,path=vtpm-sock \
--tpm2 & \
qemu-system-x86_64 \
-m 4G \
-machine pc \
-chardev socket,id=chrtpm,path=vtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis,tpmdev=tpm0 \
-usb \
-device sdhci-pci \
-device sd-card,drive=external \
-drive id=external,if=none,format=raw,file=out/sdcard.img \
-device usb-storage,drive=usbdrive \
-drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \
-boot order=c \
-nographic; \
"
## Signing, Verification, and Release Targets
.PHONY: clean .PHONY: clean
clean: toolchain clean:
rm -rf $(CACHE_DIR)/buildroot-ccache rm -rf out
$(call toolchain,$(USER)," \
cd $(FETCH_DIR)/buildroot; \ .PHONY: release
make clean; \ release: clean
") $(MAKE) NOCACHE=1 VERSION=$(VERSION)
$(MAKE) toolchain-clean rm -rf dist/*
cp -R out/release.env out/airgap.iso out/manifest.txt dist/
.PHONY: sign .PHONY: sign
sign: sign:
@ -30,67 +95,35 @@ sign:
); \ ); \
gpg --armor \ gpg --armor \
--detach-sig \ --detach-sig \
--output $(DIST_DIR)/manifest.$${fingerprint}.asc \ --output dist/manifest.$${fingerprint}.asc \
$(DIST_DIR)/manifest.txt dist/manifest.txt
.PHONY: verify .PHONY: verify
verify: | $(DIST_DIR)/manifest.txt verify: | dist/manifest.txt
set -e; \ set -e; \
for file in $(DIST_DIR)/manifest.*.asc; do \ for file in dist/manifest.*.asc; do \
echo "\nVerifying: $${file}\n"; \ echo "\nVerifying: $${file}\n"; \
gpg --verify $${file} $(DIST_DIR)/manifest.txt; \ gpg --verify $${file} dist/manifest.txt; \
done; done;
.PHONY: mrproper .PHONY: reproduce
mrproper: reproduce: clean | out
docker image rm -f $(IMAGE) $(MAKE) REPRODUCE=true NOCACHE=1
rm -rf $(CACHE_DIR) $(OUT_DIR) diff -q out/manifest.txt dist/manifest.txt;
.PHONY: menuconfig out:
menuconfig: toolchain mkdir -p $@
$(call toolchain,$(USER)," \
cd $(FETCH_DIR)/buildroot; \
make "airgap_$(TARGET)_defconfig"; \
make menuconfig; \
")
cp $(FETCH_DIR)/buildroot/.config \
"config/buildroot/configs/airgap_$(TARGET)_defconfig"
.PHONY: linux-menuconfig out/release.env: $(shell git ls-files) | out
linux-menuconfig: toolchain echo 'VERSION=$(VERSION)' > out/release.env
$(call toolchain,$(USER),"\ echo 'GIT_REF=$(GIT_REF)' >> out/release.env
cd $(FETCH_DIR)/buildroot; \ echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> out/release.env
make linux-menuconfig; \ echo 'GIT_PUBKEY=$(GIT_PUBKEY)' >> out/release.env
make linux-update-defconfig; \ echo 'GIT_TIMESTAMP=$(GIT_TIMESTAMP)' >> out/release.env
")
.PHONY: vm out/manifest.txt: out/airgap.iso out/release.env | out
vm: toolchain openssl sha256 -r \
$(call toolchain,$(USER)," \ out/airgap.iso \
qemu-system-i386 \ out/release.env \
-M pc \ | sed -e 's/ \*out\// /g' -e 's/ \.\// /g' \
-nographic \ > $@
-cdrom "$(OUT_DIR)/airgap.iso"; \
")
.PHONY: release
release: default
rm -rf $(DIST_DIR)/*
cp -R $(OUT_DIR)/* $(DIST_DIR)/
$(FETCH_DIR)/buildroot: toolchain
$(call git_clone,$(FETCH_DIR)/buildroot,$(BUILDROOT_REPO),$(BUILDROOT_REF))
$(OUT_DIR)/airgap.iso: \
$(FETCH_DIR)/buildroot \
$(OUT_DIR)/release.env
$(call apply_patches,$(FETCH_DIR)/buildroot,$(CONFIG_DIR)/buildroot/patches)
$(call toolchain,$(USER)," \
cd $(FETCH_DIR)/buildroot; \
make "airgap_$(TARGET)_defconfig"; \
unset FAKETIME; \
make source; \
make; \
")
cp $(FETCH_DIR)/buildroot/output/images/rootfs.iso9660 \
$(OUT_DIR)/airgap.iso

View File

@ -1,24 +1,26 @@
# AirgapOS # # AirgapOS #
<https://github.com/distrust-foundation/airgap> <https://git.distrust.co/public/airgap>
## About ## ## About ##
A live buildroot based Liux distribution designed for managing secrets offline. A full-source-bootstrapped, deterministic, minimal, immutable, and offline,
workstation linux distribution designed for creating and managing secrets
offline.
Built for those of us that want to be -really- sure our most important secrets Built for those of us that want to be -really- sure our most important secrets
are managed in a clean environment with an "air gap" between us and the are managed in a clean environment with an "air gap" between us and the
internet with high integrity on the supply chain of the firmware and OS used. internet with high integrity on the supply chain of the firmware and OS used.
## Uses ## ## Uses ##
* Generate GPG keychain * Generate PGP keychain
* Store/Restore gpg keychain to security token such as a Yubikey or Nitrokey * Store/Restore gpg keychain to security token such as a Yubikey or Nitrokey
* Signing cryptocurrency transactions * Signing cryptocurrency transactions
* Generate/backup BIP39 universal cryptocurrency wallet seed * Generate/backup BIP39 universal cryptocurrency wallet seed
* Store/Restore BIP39 seed to a hardware wallet such as a Trezor or Ledger * Store/Restore BIP39 seed to a hardware wallet such as a Trezor or Ledger
## Features ## ## Features ##
* Determinsitic iso generation for multi-party code->binary verification * Deterministic iso generation for multi-party code->binary verification
* Small footprint (< 100MB) * Small footprint (< 100MB)
* Immutable and Diskless: runs from initramfs * Immutable and Diskless: runs from initramfs
* Network support and most drivers removed to minimize exfiltration vectors * Network support and most drivers removed to minimize exfiltration vectors
@ -27,36 +29,53 @@ internet with high integrity on the supply chain of the firmware and OS used.
### Software ### ### Software ###
* docker 18+ * docker 26+
### Hardware ### ### Hardware ###
* Recommended: PC running coreboot-heads * x86_64 PC or laptop
* linuxboot/heads firmware supported and recommended for multi-use machine
* Allows for signed builds, and verification of signed sd card payloads * Allows for signed builds, and verification of signed sd card payloads
* Ensure any Wifi/Disk/Bluetooth/Audio devices are disabled/removed * Ensure any Wifi/Disk/Bluetooth/Audio devices are disabled/removed
* Supported remote attestation key (Librem Key, Nitrokey, etc)
* Supported GPG smartcard device (Yubikey, Ledger, Trezor, Librem Key, etc)
* Blank flash drive * Blank flash drive
* Blank SD card * Blank SD card
## Build ## ## Build ##
### Update git submodules
```
git submodule update --init --recursive
```
### Build a new release ### Build a new release
``` ```
make release make release
``` ```
### Reproduce an existing release ### Reproduce an existing release
``` ```
make attest make attest
``` ```
### Sign an existing release ### Sign an existing release
```
make sign
```
## Provisioning ##
1. Write airgap.iso to CD-ROM or SD Card
a. `dd if=out/airgap.iso of=/dev/sda bs=1M conv=sync status=progress`
b. `cdrecord out/airgap.iso`
2. Verify media still produces expected hash
``` ```
make sign sha256sum out/airgap.iso
head -c $(stat -c '%s' airgap.iso) /dev/sda | sha256sum
``` ```
## Setup ## ## Setup ##

View File

@ -1 +0,0 @@
source "$BR2_EXTERNAL_Airgap_PATH/package/flashtools/Config.in"

View File

@ -1,27 +0,0 @@
set default="0"
set timeout="10"
menuentry "AirgapOS (qwerty)" {
linux /boot/bzImage root=/dev/sr0 keymap=qwerty/us
initrd /boot/initrd
}
menuentry "AirgapOS (dvorak)" {
linux /boot/bzImage root=/dev/sr0 keymap=dvorak
initrd /boot/initrd
}
menuentry "AirgapOS (colemak)" {
linux /boot/bzImage root=/dev/sr0 keymap=colemak/en-latin9
initrd /boot/initrd
}
menuentry "AirgapOS (qwertz)" {
linux /boot/bzImage root=/dev/sr0 keymap=qwertz/de
initrd /boot/initrd
}
menuentry "AirgapOS (azerty)" {
linux /boot/bzImage root=/dev/sr0 keymap=azerty/fr
initrd /boot/initrd
}

File diff suppressed because it is too large Load Diff

View File

@ -1,17 +0,0 @@
#!/bin/sh
set -u
set -e
set -x
BOARD_DIR="$(dirname $0)"
cp -f ${BOARD_DIR}/grub.cfg ${TARGET_DIR}/boot/grub/grub.cfg
echo "export VERSION=\"${VERSION}\"" > ${TARGET_DIR}/etc/environment
echo "export GIT_REF=\"${GIT_REF}\"" >> ${TARGET_DIR}/etc/environment
echo "export GIT_AUTHOR=\"${GIT_AUTHOR}\"" >> ${TARGET_DIR}/etc/environment
echo "export GIT_KEY=\"${GIT_KEY}\"" >> ${TARGET_DIR}/etc/environment
echo "export GIT_TIMESTAMP=\"${GIT_TIMESTAMP}\"" >> ${TARGET_DIR}/etc/environment
exit $?

View File

@ -1,6 +0,0 @@
#!/bin/sh
set -u
set -e
echo "post-image.sh was run"

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -1,2 +0,0 @@
name: Airgap
desc: Linux distribution for offline cryptography use cases

View File

@ -1 +0,0 @@
include $(sort $(wildcard $(BR2_EXTERNAL_Airgap_PATH)/package/*/*.mk))

View File

@ -1,36 +0,0 @@
menu "Flashtools"
config BR2_PACKAGE_FLASHTOOLS
bool "flashtools"
config BR2_PACKAGE_FLASHTOOLS_FLASHTOOL
bool "flashtool"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_PEEK
bool "peek"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_POKE
bool "poke"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_CBFS
bool "cbfs"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
config BR2_PACKAGE_FLASHTOOLS_UEFI
bool "uefi"
select BR2_PACKAGE_FLASHTOOLS
help
Todo
endmenu

View File

@ -1,47 +0,0 @@
################################################################################
#
# flashtools
#
################################################################################
FLASHTOOLS_VERSION = 9acce09aeb635c5bef01843e495b95e75e8da135
FLASHTOOLS_SITE = https://github.com/osresearch/flashtools.git
FLASHTOOLS_SITE_METHOD = git
FLASHTOOLS_LICENSE = GPL-2.0
FLASHTOOLS_LICENSE_FILES = LICENSE
ifeq ($(BR2_PACKAGE_FLASHTOOLS_FLASHTOOL),y)
FLASHTOOLS_TARGETS += flashtool
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_PEEK),y)
FLASHTOOLS_TARGETS += peek
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_POKE),y)
FLASHTOOLS_TARGETS += poke
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_CBFS),y)
FLASHTOOLS_TARGETS += cbfs
endif
ifeq ($(BR2_PACKAGE_FLASHTOOLS_UEFI),y)
FLASHTOOLS_TARGETS += uefi
endif
define FLASHTOOLS_BUILD_CMDS
$(foreach t,$(FLASHTOOLS_TARGETS),\
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) \
CFLAGS="$(TARGET_CFLAGS)" -C $(@D) $(t) \
)
endef
define FLASHTOOLS_INSTALL_TARGET_CMDS
$(foreach t,$(FLASHTOOLS_TARGETS),\
$(INSTALL) -D -m 0755 $(@D)/$(t) $(TARGET_DIR)/usr/bin/$(t)$(sep) \
)
endef
$(eval $(generic-package))

View File

@ -1,39 +0,0 @@
diff --git a/fs/cpio/cpio.mk b/fs/cpio/cpio.mk
index 81f8c393d1..72923ded47 100644
--- a/fs/cpio/cpio.mk
+++ b/fs/cpio/cpio.mk
@@ -32,15 +32,16 @@ ROOTFS_CPIO_PRE_GEN_HOOKS += ROOTFS_CPIO_ADD_INIT
# --reproducible option was introduced in cpio v2.12, which may not be
# available in some old distributions, so we build host-cpio
ifeq ($(BR2_REPRODUCIBLE),y)
-ROOTFS_CPIO_DEPENDENCIES += host-cpio
-ROOTFS_CPIO_OPTS += --reproducible
+ROOTFS_CPIO_DEPENDENCIES += host-cpio host-libarchive
endif
define ROOTFS_CPIO_CMD
- cd $(TARGET_DIR) && \
- find . \
- | LC_ALL=C sort \
- | cpio $(ROOTFS_CPIO_OPTS) --quiet -o -H newc \
+ cd $(TARGET_DIR) \
+ && find . -mindepth 1 -execdir touch -hcd "@0" "{}" + \
+ && find . -mindepth 1 -printf '%P\0' \
+ | sort -z \
+ | LANG=C bsdtar --null -cnf - -T - \
+ | LANG=C bsdtar --uid 0 --gid 0 --null -cf - --format=newc @- \
> $@
endef
diff --git a/package/libarchive/libarchive.mk b/package/libarchive/libarchive.mk
index 708ce637c2..2ba8dcab2a 100644
--- a/package/libarchive/libarchive.mk
+++ b/package/libarchive/libarchive.mk
@@ -135,7 +135,6 @@ endif
# The only user of host-libarchive needs zlib support
HOST_LIBARCHIVE_DEPENDENCIES = host-zlib
HOST_LIBARCHIVE_CONF_OPTS = \
- --disable-bsdtar \
--disable-bsdcpio \
--disable-bsdcat \
--disable-acl \

View File

@ -1,28 +0,0 @@
diff --git a/fs/iso9660/iso9660.mk b/fs/iso9660/iso9660.mk
index 0524f94c35..284c21f566 100644
--- a/fs/iso9660/iso9660.mk
+++ b/fs/iso9660/iso9660.mk
@@ -157,7 +157,13 @@ ROOTFS_ISO9660_PRE_GEN_HOOKS += ROOTFS_ISO9660_DISABLE_EXTERNAL_INITRD
endif # ROOTFS_ISO9660_USE_INITRD
-ROOTFS_ISO9660_OPTS += -J -R
+ROOTFS_ISO9660_OPTS += \
+ -volume_date all_file_dates "=$(SOURCE_DATE_EPOCH)" \
+ -as mkisofs \
+ -J \
+ -R \
+ -gid 0 \
+ -uid 0
ROOTFS_ISO9660_OPTS_BIOS = \
-b $(ROOTFS_ISO9660_BOOT_IMAGE) \
@@ -181,7 +187,7 @@ ROOTFS_ISO9660_OPTS += $(ROOTFS_ISO9660_OPTS_EFI)
endif
define ROOTFS_ISO9660_CMD
- $(HOST_DIR)/bin/xorriso -as mkisofs \
+ $(HOST_DIR)/bin/xorriso \
$(ROOTFS_ISO9660_OPTS) \
-o $@ $(ROOTFS_ISO9660_TMP_TARGET_DIR)
endef

View File

@ -1,12 +0,0 @@
KERNEL!="sd[a-z][0-9]", GOTO="sd_cards_auto_mount_end"
# Global mount options
ACTION=="add", ENV{mount_options}="relatime"
# Filesystem specific options
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},utf8,flush,user,umask=0000"
ACTION=="add", RUN+="/bin/mkdir -p /media/sd-%k", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/sd-%k"
ACTION=="add", RUN+="/usr/local/bin/autorun /media/sd-%k"
ACTION=="remove", RUN+="/bin/umount -l /media/sd-%k", RUN+="/bin/rmdir /media/sd-%k"
LABEL="sd_cards_auto_mount_end"

View File

@ -1,18 +0,0 @@
#!/bin/bash
set -e
source /etc/profile
folder=${1?}
if [ -f "${folder}/autorun.sh.asc" ]; then
echo "" >/dev/console
echo "++ Autorun: Found ${folder}/autorun.sh" >/dev/console;
gpg --verify "${folder}/autorun.sh.asc" >/dev/null 2>&1 || {
echo "!! Autorun: Verification Failed for ${folder}/autorun.sh" \
>/dev/console;
exit 1;
}
echo "++ Autorun: Verified ${folder}/autorun.sh" >/dev/console
echo "** Autorun: Executing ${folder}/autorun.sh" >/dev/console
/bin/bash "${folder}/autorun.sh" >/dev/console
fi

View File

@ -1,7 +0,0 @@
DEBIAN_HASH=48b28b354484a7f0e683e340fa0e6e4c4bce3dc3aa0146fc2f78f443fde2c55d
BUILDROOT_REF=ea51485ee9ab44f72f8b1cc019dcb17f276d1def
HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f
BUILDROOT_REPO=git://git.busybox.net/buildroot
HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git
BR2_EXTERNAL=/home/build/config/buildroot
HEADS_EXTERNAL=/home/build/config/heads

5
config/grub.cfg Normal file
View File

@ -0,0 +1,5 @@
set timeout=1
menuentry "Linux Airgap" {
linux /boot/vmlinuz init=/init console=ttyS0 console=tty0 ro
initrd /boot/initramfs
}

2
config/grub_early.cfg Normal file
View File

@ -0,0 +1,2 @@
search --no-floppy --set=root --label "airgap"
set prefix=($root)/boot/grub

View File

@ -1,160 +0,0 @@
diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init
index 1369ed1..f576a8e 100755
--- a/initrd/bin/gui-init
+++ b/initrd/bin/gui-init
@@ -13,21 +13,26 @@ first_pass=true
mount_boot()
{
-
+
# Mount local disk if it is not already mounted
while ! grep -q /boot /proc/mounts ; do
+
# try to mount if CONFIG_BOOT_DEV exists
if [ -e "$CONFIG_BOOT_DEV" ]; then
- mount -o ro $CONFIG_BOOT_DEV /boot
+ mount -o ro $CONFIG_BOOT_DEV /boot
[[ $? -eq 0 ]] && continue
fi
- # CONFIG_BOOT_DEV doesn't exist or couldn't be mounted, so give user options
+ # try to mount usb to /media and /boot if it exists
+ mount-usb \
+ && mount -o bind,ro /media /boot \
+ && continue
+
+ # no boot device available, so give user options
whiptail $BG_COLOR_ERROR --clear --title "ERROR: No Bootable OS Found!" \
- --menu " No bootable OS was found on the default boot device $CONFIG_BOOT_DEV.
+ --menu " No bootable OS was found at $CONFIG_BOOT_DEV or on USB.
How would you like to proceed?" 30 90 4 \
'b' ' Select a new boot device' \
- 'u' ' Boot from USB' \
'm' ' Continue to the main menu' \
'x' ' Exit to recovery shell' \
2>/tmp/whiptail || recovery "GUI menu failed"
@@ -41,9 +46,6 @@ mount_boot()
. /tmp/config
fi
;;
- u )
- exec /bin/usb-init
- ;;
m )
break
;;
@@ -55,6 +57,11 @@ mount_boot()
}
verify_global_hashes()
{
+
+ # If default boot device is not mounted, then there are no hashes to verify
+ # User is likely usb booting.
+ df $CONFIG_BOOT_DEV >/dev/null 2>&1 || return 0
+
# Check the hashes of all the files, ignoring signatures for now
check_config /boot force
TMP_HASH_FILE="/tmp/kexec/kexec_hashes.txt"
@@ -458,6 +465,7 @@ while true; do
if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then
# Try to boot the default
mount_boot
+
verify_global_hashes
if [ $? -ne 0 ]; then
continue
@@ -467,6 +475,7 @@ while true; do
kexec-select-boot -b /boot -c "grub.cfg" -g \
|| recovery "Failed default boot"
else
+ usb-init
if (whiptail --title 'No Default Boot Option Configured' \
--yesno "There is no default boot option configured yet.\nWould you like to load a menu of boot options?\nOtherwise you will return to the main menu." 16 90) then
kexec-select-boot -m -b /boot -c "grub.cfg" -g
diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb
index a79dd66..8a8734c 100755
--- a/initrd/bin/mount-usb
+++ b/initrd/bin/mount-usb
@@ -4,19 +4,6 @@
enable_usb
-if ! lsmod | grep -q usb_storage; then
- count=$(ls /dev/sd* 2>/dev/null | wc -l)
- timeout=0
- echo "Scanning for USB storage devices..."
- insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \
- || die "usb_storage: module load failed"
- while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do
- [[ $timeout -ge 4 ]] && break
- sleep 1
- timeout=$(($timeout+1))
- done
-fi
-
if [ ! -d /media ]; then
mkdir /media
fi
diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan
index d9f26b0..b64f150 100755
--- a/initrd/bin/usb-scan
+++ b/initrd/bin/usb-scan
@@ -5,12 +5,6 @@ set -e -o pipefail
. /etc/gui_functions
. /tmp/config
-# Unmount any previous boot device
-if grep -q /boot /proc/mounts ; then
- umount /boot \
- || die "Unable to unmount /boot"
-fi
-
# Mount the USB boot device
mount_usb || die "Unable to mount /media"
@@ -29,12 +23,16 @@ get_menu_option() {
MENU_OPTIONS="$MENU_OPTIONS $n ${option}"
done < /tmp/iso_menu.txt
- whiptail --clear --title "Select your ISO boot option" \
- --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
- -- $MENU_OPTIONS \
- 2>/tmp/whiptail || die "Aborting boot attempt"
+ if [ "$n" -eq "1" ]; then
+ option_index=1
+ else
+ whiptail --clear --title "Select your ISO boot option" \
+ --menu "Choose the ISO boot option [1-$n, s for standard boot, a to abort]:" 20 120 8 \
+ -- $MENU_OPTIONS \
+ 2>/tmp/whiptail || die "Aborting boot attempt"
- option_index=$(cat /tmp/whiptail)
+ option_index=$(cat /tmp/whiptail)
+ fi
else
echo "+++ Select your ISO boot option:"
n=0
diff --git a/initrd/etc/functions b/initrd/etc/functions
index dc0fbed..a083e17 100755
--- a/initrd/etc/functions
+++ b/initrd/etc/functions
@@ -122,6 +122,18 @@ enable_usb()
|| die "xhci_pci: module load failed"
sleep 2
fi
+ if ! lsmod | grep -q usb_storage; then
+ count=$(ls /dev/sd* 2>/dev/null | wc -l)
+ timeout=0
+ echo "Scanning for USB storage devices..."
+ insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \
+ || die "usb_storage: module load failed"
+ while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do
+ [[ $timeout -ge 4 ]] && break
+ sleep 1
+ timeout=$(($timeout+1))
+ done
+ fi
}
confirm_gpg_card()

8
config/syslinux.cfg Normal file
View File

@ -0,0 +1,8 @@
TIMEOUT 2
PROMPT -1
DEFAULT Airgap
LABEL Airgap
MENU LABEL Linux Airgap
KERNEL /boot/vmlinuz
INITRD /boot/initramfs
APPEND init=/init console=ttyS0 console=tty0 ro

View File

@ -1,259 +0,0 @@
020fde90e2dfa260fdf2b47817d8b8fe0a60325d8bdb532aaaf625fa5bfd68be libdpkg-perl_1.21.12_all.deb
03326473eed54ffa27efae19aa5d6aeb402930968f869f318445513093691d55 libtirpc-dev_1.3.3+ds-1_amd64.deb
03539fd30c509e27101d13a56e52eda9062bdf1aefe337c07ab56def25a13eab libmd0_1.0.4-2_amd64.deb
097ce9220edee0de67c2d3304d075f2bf9e864e86801165b0e9d2d46991ee1ad libbrotli1_1.0.9-2+b5_amd64.deb
099a374ff3c84eaef4e75ff168d49155d83d22551b289ce1352c275fc5da78aa openssh-client_1%3a9.1p1-1_amd64.deb
0ba635faea2a9ce3947d3c7cdaef9f2c1691d4e4a18cf594f2d3d3cf5a100a27 python3.10_3.10.9-1_amd64.deb
0c827432e42c0601d8c109bc1b8799f82995e57bb15bed706e06862c25490885 gnupg-utils_2.2.40-1_amd64.deb
0c9bfb0b18ca015c81e7194f42c66b72ff099bbd55b9bbafe7cc924a0bd42379 gcc-12-base_12.2.0-10_amd64.deb
0ca5213c1ab67278cbfcec4cafccdb538c2e089718f4bddabe5a00145e5a21fb libdav1d6_1.0.0-2_amd64.deb
0e70491e7854c84a7450f7a536a00b336aa9d91380014861836346e31e7b9b20 libelf-dev_0.188-1_amd64.deb
0f95bc7c54810f358097f88a1e5d7d5718d72f3656c25489b8b6b281d9980b4c apt_2.5.4_amd64.deb
0fd9d625bff6044e2a8b96c18f1dc4b30a4fd54e2d543aa60e634e8d7df81739 findutils_4.9.0-3_amd64.deb
10fc29d791ec67a5ab46bccf648866d25ef5ca78c66adb85325e474c99772491 libaudit1_1%3a3.0.7-1.1+b2_amd64.deb
11ee190ad39f8d7af441d2c8347388b9449434c73acc67b4b372445ac4152efa libsasl2-2_2.1.28+dfsg-10_amd64.deb
129f34ac136fcf3ca7483398a54e3286bb9e195b82795d34e0f95f8788bd2976 libwebp7_1.2.2-2+b2_amd64.deb
158a0ccabb4706afe064af0ed627396267da8cdbdfe5808b6b892492051f458a libquadmath0_12.2.0-10_amd64.deb
16081fc71a3507102ad2f04535fb64883cb3519bf6e24e5e6a6ab2f98ac43044 git-man_1%3a2.35.1-1_all.deb
167ce30a04fdb6d87f1ac604644291b47b133e89df35374dd66d11731d6fc150 binutils-common_2.39.50.20221208-5_amd64.deb
187aedef2ed763f425c1e523753b9719677633c7eede660401739e9c893482bd libgmp10_2%3a6.2.1+dfsg1-1.1_amd64.deb
1bffdc3215c75477f09039e5063cd9f1be15ee917435a45b80aa0e8214b21f96 liblsan0_12.2.0-10_amd64.deb
1cf14abf2716d3279db12d0657a5737cf70074a1e71d3bdf73206625e3c89ce6 libedit2_3.1-20221030-2_amd64.deb
1d9ff5e334cde8639f3a3ea87c89829d20cc52750aa851d66511d90fc3fbfac2 libattr1_1%3a2.5.1-3_amd64.deb
1deb1d27bb088d68878e171585d62c96ad6b405b282271c4b82e04a2e2593318 libde265-0_1.0.9-1_amd64.deb
1e298c50f171e50a2dad95c61b044b271a16b6de591a0f9d03b4e67b4fe0874a libtsan2_12.2.0-10_amd64.deb
1f67421437b6eb18669d2868e3e02cb88668683d635198142f48aacc5b397118 fonts-dejavu-core_2.37-2_all.deb
20d20e2c3a428162aab61898b32af9db9e9bc24f127c724c9d9be18287f4a92c libgd3_2.3.3-7_amd64.deb
21078702ba6b34c092f93deff2e2777d22b107de9b2c69542bf5f5d82ab8e6ac libnuma1_2.0.15-1_amd64.deb
21eb8b3654dbc251c3f0cc4bd01cae67633443ea5094003379d23f7323eb1ef4 libp11-kit0_0.24.1-1_amd64.deb
26350da95f6bd2252c63758d854c90d6f9f241f2e323e8f50a143e9e705fbf4e fakeroot_1.29-1_amd64.deb
2697643f58af19d69efd824ec67d8ec78879c5822a5a8ac83dfe4a85a0c69158 libctf-nobfd0_2.39.50.20221208-5_amd64.deb
27b3d102545f597df9e6dc5c7f6590a648de09b57debd6b05ad3d1189de428d5 pinentry-curses_1.2.1-1_amd64.deb
29b23c48c0fe6f878e56c5ddc9f65d1c05d729360f3690a593a8c795031cd867 netbase_6.4_all.deb
2a46d5a5e9486da11ffeff5740931740d6deae4f92cd6098df060dc5dff1e1c7 libtirpc3_1.3.3+ds-1_amd64.deb
2ac1236547360284e9e154ad11a14564db65175bd4da393ec652ac1b2dc43571 libgpm2_1.20.7-10+b1_amd64.deb
2c17eaa4dfdd0ca5cc05b9ef56f7a3fc30e6af6040a66cefe4bacab275e88c83 libkrb5support0_1.20.1-1_amd64.deb
2ebb09e824b6eeb7e3d41cece8b090614d8b35df9296fb638b6ec65e63dddc3e g++-12_12.2.0-10_amd64.deb
2f736423dbe557a03e17cf1b122e90a1db4569407085fe215747b002bc36094e file_1%3a5.41-4_amd64.deb
30687cd51c3dbd02d51f58807a9b293035ef3e7776178acccda17ed37b510b5c libjpeg62-turbo_1%3a2.1.2-1+b1_amd64.deb
3079d34be974c3727757fd3c46ada03428a772c1af1f0f9fd3b2142da245b75f sysvinit-utils_3.05-7_amd64.deb
310f213b0e07c582a9e8d14f67856802da196b747cb0ee3ed8f07eb93063e0ee perl-modules-5.36_5.36.0-6_all.deb
3288cd76324fee7b1a34b97f6e6bcfc32a889f4f22002d0bd3788d8988eca791 hostname_3.23_amd64.deb
32ac0692694f8a34cc90c895f4fc739680fb2ef0e2d4870a68833682bf1c81a3 rpcsvc-proto_1.4.3-1_amd64.deb
32cb399d47b2dfcbd14216f1292dc32e00c025258e3512ed9f37b88cb07014c6 libcc1-0_12.2.0-10_amd64.deb
33d88e49bf052ed8f0679bdfa386ddf4cca0a58865db113658dc039a46a64353 bsdutils_1%3a2.38.1-4_amd64.deb
3530e0ddf6edc444b8d03b5566630d3c46c737f447e17e1cad48860cb160d307 libfido2-1_1.12.0-2_amd64.deb
359ed4b1413db4f19899d4e0ee519027fed6b9424b9101a8ab47b615db4aadc6 libubsan1_12.2.0-10_amd64.deb
362069a5f90fb6ca62b8d2ed2895bb6cd243c8ab1e1df8c3079b51ed91dd2836 dpkg_1.21.12_amd64.deb
362f0ac7d15015b6d4a97e634a39ded525650c9fbccb2f6967da20a54ec6f2a5 cpp-12_12.2.0-10_amd64.deb
36830a23700decc5d4b44d1bf95da30fbfd13bfa2a7cc81415fb62bc9ea38ce7 libpython3.10-minimal_3.10.9-1_amd64.deb
36b6fc603efaa2bfd22cff3a7773590dd6774a5d0d9b0c23b73306f3f58cbc20 libavif15_0.11.1-1_amd64.deb
372e28b68120da79b9eef0340e7d8480fb4503a85333d0afa6f3e27f13a58502 libc6-dev_2.36-6_amd64.deb
3771de1b0c70a480f2722de00df19a08557c27dda4fea905ac798050fd7ec702 librav1e0_0.5.1-5_amd64.deb
395448f62c350e6bd0a9e1030f6faebd80c02824f669deb62cef707bd8f6a9ce dpkg-dev_1.21.12_all.deb
3a8b61891f0ce9bd310088ce2d269d63b5afd88b9196fa4f046fd890faea4a17 libalgorithm-diff-perl_1.201-1_all.deb
3ac4fd6cbe3b3b06e68d24b931bf3eb9385b42f15604a37ed25310e948ca0ee6 libsasl2-modules-db_2.1.28+dfsg-10_amd64.deb
3b51dd882a3f08839537c5496442eb7e30a440e4be2f7397167502923bce7d43 perl-base_5.36.0-6_amd64.deb
3c8a97753835cb27d83efd4fa746d78c1c83a4980dc8cf3cc8b37cd5c28f3241 libdebconfclient0_0.265_amd64.deb
3c8b1eeb420337632d64f61495a81c9d975ffebeba8f303b7e71ee12ed85f08c libreadline8_8.2-1.2_amd64.deb
3d4b39f94317b64a860db8a7a8b581b555124cd461fe07ec0d347edbdb9f6683 libdeflate0_1.14-1_amd64.deb
3e2c8d2c1e0ef19659e447f53b6ef392dbbe24ac706a0f010bb15fa5c20d80f8 libc-dev-bin_2.36-6_amd64.deb
3e3ef129b4bf61513144236e15e1b4ec57fa5ae3dc8a72137abdbefb7a63af85 libtirpc-common_1.3.3+ds-1_all.deb
3f240b128963b65a5345f10c685407721336dd29e1a21685960d39d7e37a7537 libmpdec3_2.5.1-2_amd64.deb
3fc9742f9f1a37bcb9931df6074b4d1483419ef832ad5349f47323e75fc27864 libjansson4_2.14-2_amd64.deb
4044ed5b6a4e42bba42c087b35be02a8f0c3d63450977218cd497d552500202f libpam0g_1.5.2-5_amd64.deb
40e6d2cdd54c068c98dfd0f75d26a5795c37ee38c73468ca930e512569164ae1 libbsd0_0.11.7-1_amd64.deb
414cb803bbcf0850a629a95b69ea75d300c7d7d588a38c21a229f682926018cd sensible-utils_0.0.17_all.deb
421a2020132188fb1629716994a41c09153e04e5642850fa44600990b15342a1 libmagic-mgc_1%3a5.41-4_amd64.deb
429abbd86fef30596107b7327ff94856acf5b30477275b69a8c556417ebdeccd libblkid1_2.38.1-4_amd64.deb
438871b3f5c5c7a357a9840951dab9dab8db7eb1ff760a563226fafa111b99e5 bzip2_1.0.8-5+b1_amd64.deb
43c90d45f7cf5584108964b919d6c728680d81af5fa70c8fb367d661cef54e8c libnpth0_1.6-3_amd64.deb
4438d0bb9cf4a08bb2ae5a3ec59d23933584e964fc5ed550704d6f73d701636b media-types_8.0.0_all.deb
45922e6e289ffd92f0f92d2bb9159e84236ff202d552a461bf10e5335b3f0261 libnettle8_3.8.1-2_amd64.deb
4601e045d1f20da0f983b6c706169328e50cf219efd961f54095cf76d343dff8 libcrypt1_1%3a4.4.33-1_amd64.deb
4633d58ecf67ae2056530043065dee991492269467905c20884e285548e6277d libgcc-s1_12.2.0-10_amd64.deb
46dbe02369411b46f676ddb55fa8ee3a98f7a15607ddab785979c25bacb5d7db libalgorithm-merge-perl_0.08-5_all.deb
46dbf6a5097b7330848987636f302f270339e28be0bcc5f2dc39490621f56ee6 libsvtav1enc1_1.4.0+dfsg-1_amd64.deb
4914489233dbccf83139ee8bff065915982481aa44f3ffcde07a633db5908935 libzstd1_1.5.2+dfsg-1_amd64.deb
4950f88e69d601fcde4e548c7e72359fc992ed6daa5205d61acf4a16ef25fc02 rsync_3.2.6-4+b1_amd64.deb
49cfbe095c4bd03b10a242e0c1faa9fcd6b108953c62b28fc2025bfe5a47dccf e2fsprogs_1.46.6~rc1-1+b1_amd64.deb
49e64f0923cdecb2aaf6c93f176c25f63b841da2a501651ae23070f998967aa7 libxpm4_1%3a3.5.12-1_amd64.deb
4a2a8f92a9cf20acd9bdc7ae808e408d39bebc8c4c7a93419bbb4298288f203b libcrypt-dev_1%3a4.4.33-1_amd64.deb
4ac08d251e99812e90aca02d51b93f9dc6453d9403963733ac08c5f873732252 logsave_1.46.6~rc1-1+b1_amd64.deb
4af36a590b68d415a78d9238b932b6a4579f515ec8a8016597498acff5b515a4 libgdbm-compat4_1.23-3_amd64.deb
4c0af3e903ba0d374024865684d82bb08b2c3c78f49ca6c79c414a53041ef478 libss2_1.46.6~rc1-1+b1_amd64.deb
4cf64c4e1168f3c7e858bb4a71f2c5bea9a36dd448cdcc2154a551ac146e293b libgav1-1_0.18.0-1+b1_amd64.deb
4eaa56d2d0a0d648f8ecc65acb55a0f8463b695a528562f3608635f8359cd7a2 libkeyutils1_1.6.3-1_amd64.deb
504b7be9d7df4f6f4519e8dd4d6f9d03a9fb911a78530fa23a692fba3058cba6 libxext6_2%3a1.3.4-1+b1_amd64.deb
509f5260dcf607120694d5e1d9a6ca3ae07107fd1a52b603f6da97291642be90 libsepol2_3.4-2_amd64.deb
51c7fc3e9ae7a78fd7fe2994052cdaa62c68bb0a3ca58a74c588c01c4e8ac4bc libgprofng0_2.39.50.20221208-5_amd64.deb
5263737254410cbdb16c4c89a9a8027e92e37cc6517d500412bde8cc321733ef libcap-ng0_0.8.3-1+b2_amd64.deb
52d7d19964bb5e6aee946e540888890f0e9ae7dc5228e93f2505bdf8bc586396 manpages-dev_6.01-1_all.deb
5322e79ccfd14c22b55be391dcb03fbddae6e80b71af2de49afb4132867c32a2 git_1%3a2.35.1-1_amd64.deb
54149da3f44b22d523b26b692033b84503d822cc5122fed606ea69cc83ca5aeb libbz2-1.0_1.0.8-5+b1_amd64.deb
54e26547fb4f698843a8d504e31a6b9eae7137c5c65b9b0cc3aefcf6be3b7995 libctf0_2.39.50.20221208-5_amd64.deb
56beca470dcd9b6d7e6c3c9e9d702101e01e9467e62810a8c357bd7b9c26251d debian-archive-keyring_2021.1.1_all.deb
58d176ef84e4a0713f9d972af5aea07b992f2db396ac416012092cee4dafae73 libpam-runtime_1.5.2-5_all.deb
5912430927da16ccc831459679207fdbb9dfc5a206f2bab8d6f36d5a1ab53e25 libassuan0_2.5.5-5_amd64.deb
59c875947417a73f11e2bc2a7fcf12dac75b028109071365382b914b4effa9e0 readline-common_8.2-1.2_all.deb
5a466348531b9c38c8e5ccb18c231f27a98b9fdab61b37ea22592553de5d2ced liberror-perl_0.17029-2_all.deb
5b2d6325b76a18d8ed9a5b7e05479dd3f71eac3c0ddedbce60773140f7cfc594 libpython3-stdlib_3.10.6-1_amd64.deb
5b9c67e7b5d83584557b5e523149b0ab09a7597fbde97b85d6d4625f11f377dd libbinutils_2.39.50.20221208-5_amd64.deb
5ca9e86a3d144037a503d412dc464e6869e410a1c8685548bcd5bab6c01d3904 linux-libc-dev_6.0.12-1_amd64.deb
5d26306d12a45a8a03dca473490d56a765b58d61b53146c1c7784903cf59c45d libmpfr6_4.1.0-3_amd64.deb
6000ce7748ae79cb237c6c065e33a8f4976e518e95adba4bba0e591dc8698f75 util-linux_2.38.1-4_amd64.deb
608a01a26f2edaedc42d705e88fb5ec692462e1800954dea3a5e73900b477ab8 libfontconfig1_2.13.1-4.5_amd64.deb
61038f857e346e8500adf53a2a0a20859f4d3a3b51570cc876b153a2d51a3091 coreutils_9.1-1_amd64.deb
61a9c2989db7b699dc179bcaa7beadad9cbcff46cf5f43539769dc0c09aa401d sed_4.8-1_amd64.deb
62758cd5d9488139571f1b87d138abb8373f702cd528a23297cba27491364a62 dash_0.5.11+git20210903+057cd650a4ed-9_amd64.deb
64094f1345d904e3887983c9114c259952b6002e834063d8edad64728ad1fa4d binutils_2.39.50.20221208-5_amd64.deb
643df5f50c44e94fefdd157fee2f62e1914c037918674a267ec0571a8b5689e2 libacl1_2.3.1-2_amd64.deb
64cde86cef1deaf828bd60297839b59710b5cd8dc50efd4f12643caaee9389d3 liblz4-1_1.9.4-1_amd64.deb
6500982180b192f71acf4dfd22705d85c8344512090253b9fef8672db70e7d91 libperl5.36_5.36.0-6_amd64.deb
65f2e3ae1b233aa51caea2e9b9b06925311b486f5a1941e72523daa638824ecc libheif1_1.13.0-1_amd64.deb
66f8aedfb961b19852a8f0f8c9f5f6484a267ef6cc19552d7481333a1b963701 libuuid1_2.38.1-4_amd64.deb
679db1c4579ec7c61079adeaae8528adeb2e4bf5465baa6c56233b995d714750 libxau6_1%3a1.0.9-1_amd64.deb
68aa3b3bdac8b34802df7e2e950bae64c40aa6c2b24fed356b832968f8305aa0 libfile-fcntllock-perl_0.22-4+b1_amd64.deb
6995822451e1300baa41b953c19f1094640ad4237982612583e980d32e18eee5 wget_1.21.3-1+b2_amd64.deb
6b07c77b700a615642888a82ba92a7e7c429d04b9c8669c62b2263f15c4c4059 libjbig0_2.1-6.1_amd64.deb
6b149908d8f7c33806274ffed964008f73141ed17971666e9eb983571870c8e4 openssl_3.0.7-1_amd64.deb
6b32fa198ef48c19b28146b6f374625ae0a1d79dcc19bd65eb49f6a1594077bd passwd_1%3a4.13+dfsg1-1_amd64.deb
6c19a5d18c8350744581fbd25d5d29e2b7101053e25aafa4e1ffcc2b505b2f1c libxxhash0_0.8.1-1_amd64.deb
6d9f6c25c30efccce6d4bceaa48ea86c329a3432abb360a141f76ac223a4c34a libffi8_3.4.4-1_amd64.deb
6f94b488255acd996254f775c77ff3956557c61f860a3c9caeaf65457554194f libpopt0_1.19+dfsg-1_amd64.deb
702ab01235bffacab40eae14e96c66e92aec783ab7b3a418ee49dd6c8e5e1332 grep_3.8-3_amd64.deb
7038b4d856aff8b4054f879c488c1298db5a83ecfa6280f85706f20e2e1935f1 libalgorithm-diff-xs-perl_0.04-8+b1_amd64.deb
70d356876847a9a540b5bebd02b2141f9de292e7ce17a596cafdecb15c39ba21 libisl23_0.25-1_amd64.deb
70f79905c004691a74d2badbe3c69fce9e98833d7cd77bf3cb7f4fab5bd973a1 libkrb5-3_1.20.1-1_amd64.deb
737802943ba4ae9d3153b466ee20802f76d8a42492b430dc7bc2300fd0e9c96c libelf1_0.188-1_amd64.deb
73d4a22bdd7eb6be1e480d6884b103eb500cfd539cc20ae0f3e44dd8b0614798 cpio_2.13+dfsg-7.1_amd64.deb
74fc57a345749cce5ff879f119066eea075cebd98998cecfe70369d092e4912e libstdc++-12-dev_12.2.0-10_amd64.deb
770cb7513fc5370e841a10fe0385a52f892bb2f69ae8298f5569b1c2eb1787de libx11-6_2%3a1.8.1-2_amd64.deb
771f5c47ca69f24ca61e4be0c98c5912b182ce442f921697d17a472f3ded5c9c liblerc4_4.0.0+ds-2_amd64.deb
77bf08617463e8c5f8ecae1cbef1e9d0cee6d4c55662f59c4778d81d538250d7 login_1%3a4.13+dfsg1-1_amd64.deb
7a3ae3e97d0d403a4c54663c0bb48e9341d98822420a4ab808c6dc8e8474558f libcap2_1%3a2.44-1_amd64.deb
7b00efe3ec732cda15d49d5730a502194c6c6ec2520e47bef6a4bbfd3497aa86 libpcre2-8-0_10.40-3_amd64.deb
7b685f8294487d0573370a7040c4a811c67ac4641d50a0d010a2bb0fcb67eed5 libx11-data_2%3a1.8.1-2_all.deb
7b77cca4d7990fd4297570715a4138aabce7e4510163968cc83e0ad2726abc57 manpages_6.01-1_all.deb
7ca71c3ea78de3435f1e48d346e2502a8711795a23445ab693f134d21c727606 libncurses-dev_6.3+20220423-2_amd64.deb
7d7ce91b0397ef9d28525c79103f34d809ec691d56fc3744b44add10c87c9287 perl_5.36.0-6_amd64.deb
7d8c5add2cebc79c0bbd9d1380e85a2379409b8106fdd929032e8fe1307b4c5d bash_5.2-2+b1_amd64.deb
7e65be476b311eefed916f07576d59996a597359d7a25d7f40de6bd94d9a1277 python3_3.10.6-1_amd64.deb
835f806c21ae25e39053bd3057051640341b0cf08e1db9746fd82e370d82fa30 libsemanage-common_3.4-1_all.deb
83b44b9624711f954d91a4b0414b2f8d46fbc00a222e4c20614c16337a872762 libssl3_3.0.7-1_amd64.deb
8695fcedf470144d64dfc0123dc6821d2e72cb311225cea1e83d8b6e295722d0 libcurl3-gnutls_7.86.0-2_amd64.deb
89944ee11d7370ce6ef46fc52f094c4a6512eff8943ec4c6ebefeae6360ceada libgpg-error0_1.46-1_amd64.deb
89f79c82e9419dbd20b415e7610109cb4de4fc2cb750f1089209ee919f521be8 libldap-2.5-0_2.5.13+dfsg-2+b1_amd64.deb
8a80e834ebbfd1313d45a3d5a7d018680b943287f0fdd750ed2eddc90027fd6d libmpc3_1.2.1-2_amd64.deb
8a9d4d0a0459e86cd140c6ce63d71fa3ddb8425d82ab69f2876e3ebda3d88dc8 libasan8_12.2.0-10_amd64.deb
8c6d49b771530dbe26d7bd060582dc7d2b4eeb603a20789debc1ef4bbbc4ef67 patch_2.7.6-7_amd64.deb
8cbd111e1ad1c1357afb18f916c88c7ebb8cc860b8fac04ccc66a9eefe5a53af libcbor0.8_0.8.0-2+b1_amd64.deb
8f9196f7ac4487dd62ba7099e86bdfc6f17bf2d6c23f9f07022efbda502efdc4 libk5crypto3_1.20.1-1_amd64.deb
8fe1525f25334c3e9e1237cc6b8ba3b6b3089153d71d9f36b79ea46771939b1d publicsuffix_20220811.1734-1_all.deb
908ca1b35125f49125ae56945a72bc11ce0fcec85a8d980d10d83bb3a610f518 base-passwd_3.6.1_amd64.deb
90a2f213a2e730ca86a265ed58e99da621aa81f59d30c84fe7cdcfcdd2e95e2a dirmngr_2.2.40-1_amd64.deb
91e8961647518c06aed17920fb34ea8f0f92894d28149d94e2c324539853aaf4 libcom-err2_1.46.6~rc1-1+b1_amd64.deb
925f944100d399dd765ceb0de772cf747b92a311eae99d0a64008c2c92925cda gnupg_2.2.40-1_all.deb
92b94fe8bcf38803f0d953caf4f13bbb2f4f83f3c4b12ea3ae229d07ed248a79 libudev1_252.2-2_amd64.deb
941cf15477c0a2660864e1724e3738f869ee307587032a4dcc3f902d72b4ed57 libmagic1_1%3a5.41-4_amd64.deb
9559ab9601706910cff06144246471560a0e62cd3111b883fc902573a353feea liblzma5_5.2.9-0.0_amd64.deb
95fe4a1336532450e67bd067892f46eaa484139919ea8d067a9ffcbf5a4bf883 libgdbm6_1.23-3_amd64.deb
983ca41d506fa159536cd584118855748763f5f5a3b5949206bee4a62ec0cbf9 libxmuu1_2%3a1.1.3-3_amd64.deb
9c29e856bf381b25b0e5a429edfb925f89a5f910cb5ada8b01cd9b9ccfb49529 gpg-wks-client_2.2.40-1_amd64.deb
9cd87d1b0c56f34f51bcbe8bdb55ebb45dd08ce6c0c6ff2dc77378bac3f64cc0 libx265-199_3.5-2+b1_amd64.deb
9e6dfd1773d3486409116ea6571f6eeb1058b89ee33a56db52f584acfbd963db g++_4%3a12.2.0-1_amd64.deb
9f8985f120c7a6bd9abed8ac016dc29624f19f91f0699369e4d3940523675695 ncurses-base_6.3+20220423-2_all.deb
9fb65819e3d595d8a4325810788a8f7f9ca1cd3d0f2e0ca8816a2e2e2822cb8f libpython3.10-stdlib_3.10.9-1_amd64.deb
a0f4d9f42dcd12746f9aefbac32b9846aed45ad5fc532cecb0b83c518bf5d0bd libc-bin_2.36-6_amd64.deb
a1a83af8cbd854af887b72ad196b1f4af58387815e21ced1000253a116a46e2a make_4.3-4.1_amd64.deb
a36404e2b6e889d1c6e4f33a498a0413b766a3df558d1fe4ff4c33fa9ff4ce99 binutils-x86-64-linux-gnu_2.39.50.20221208-5_amd64.deb
a5f06cc885e0710c6ab4b82a293ae4412bf28ba7166ab6b844f55235c50089ed libgcc-12-dev_12.2.0-10_amd64.deb
a672bd3c22f639df30515b89cf9b86b2b887ffbdd1876737724d5515652ebd7c gcc_4%3a12.2.0-1_amd64.deb
aaf001e0d4c68f995f9efbc551d54f213122fef99b3eaf9e28286bda6c03da73 libabsl20220623_20220623.1-1_amd64.deb
ab9f503b5f22d3eeb89cb5927cb38d7b90c8088a6d658588aea1bd64e1d565b5 libldap-common_2.5.13+dfsg-2_all.deb
aca5921e0d1bd6611cd7f1ff9c4c8cbdc2fdfc340134a5a17e56e983ec7d56bb libc-devtools_2.36-6_amd64.deb
ae412490d277484dc79560b82023a656032dffa0d614316d1b0f4a58aa6c5ec9 gnupg-l10n_2.2.40-1_all.deb
ae924c4961cac4e450793f04301ff6d993569915ed87825b14af5d602d3c48bc libncursesw6_6.3+20220423-2_amd64.deb
af2957b92976a45dffa0f454fd2d8553e49a091f8702d510eda4374092d03fd4 cpp_4%3a12.2.0-1_amd64.deb
b09481e7690680966005330c3f907bba4b5eefc35e1faaea4783cc55655d1150 libfaketime_0.9.10-2.1_amd64.deb
b13b353b3655a800d63167e8741ae327cc3dd29729e69ee4b6f01ca6102b1d15 libselinux1_3.4-1+b3_amd64.deb
b1966bea9832686a0fd5ddba9787dce5816ebe02218a4a8f7472a1628d73451b libsasl2-modules_2.1.28+dfsg-10_amd64.deb
b1e8e1301552b2e27db6db28d652913cf7e836846fa9aa70c667b88436659b88 gpg_2.2.40-1_amd64.deb
b212c3c7bb16ae7b1896676b7ddf26f8fc6159e88998a253ccecd82a7fe0c42a libsystemd0_252.2-2_amd64.deb
b2af4cbcf7f407f2552f9f5ffbcb0edd32091fcf4a3909cbc3ad01e83e11c011 util-linux-extra_2.38.1-4_amd64.deb
b5bb46fa5a6322b76474167c0872a7c9a43a3dbacda33fb95a567f2910629d55 gpgv_2.2.40-1_amd64.deb
b983ab23743da7f3800b4218e852ff0140927d2fe75b70534ac03e196516aeda fontconfig-config_2.13.1-4.5_amd64.deb
ba2c5558c5c9323dc5ce0011157a72279789d1016bfadf18b6c3f5cda3099786 libyuv0_0.0~git20221118.ea26d7a-2_amd64.deb
baaa4e935c5e3bcd57d4f2f4e7a1ddc67bd4eb8629d98f97a696548849ae01ac bc_1.07.1-3+b1_amd64.deb
bb73e6e11dd177b249e8c74572a3f77737afe9c4e2218cece5175f42198fc0ea libfakeroot_1.29-1_amd64.deb
bb81a188c119cd7fdebae723cbc95887b6c549b2fe4fb7e268a9c8846444da99 libnsl-dev_1.3.0-2_amd64.deb
bbfd38de41898a06326f2a6ce4cc43e8e399f5566381231065b01d70499d5ba5 build-essential_12.9_amd64.deb
bcbc83f391854ea9d50ce2a4101aacf330de3b8b71d81a798faadba14a157f78 mawk_1.3.4.20200120-3.1_amd64.deb
bd8e963c6edcf1c806df97cd73560794c347aa94b9aaaf3b88eea585bb2d2f3c tar_1.34+dfsg-1_amd64.deb
beed9907afb85315ba2f5fc60fa09f0f9be2a409157cc2d45379b2e788698b0a libmount1_2.38.1-4_amd64.deb
bffcac7e4f69e39d37d4a33e841d6371ac8b5aba6cd55546b385dc7ff6c702f5 libgcrypt20_1.10.1-3_amd64.deb
c0161783577d1715c8a8ce101a8a513b14d141187ec3d05146721b0422ee9480 less_590-1_amd64.deb
c0d83437fdb016cb289436f49f28a36be44b3e8f1f2498c7e3a095f709c0d6f8 libnsl2_1.3.0-2_amd64.deb
c4e2eb142f8946b3a298bb807f41528332c6559691528ce547a409a7ca3ea7bc python3.10-minimal_3.10.9-1_amd64.deb
c6435f0dfbfaf7beb6dad9b98c92ab7b8569a0eaff78f40aa4a8a97faf407fa9 usr-is-merged_33_all.deb
c843bd13fde80bc21b178312059112cf5cfbcdb763e3f322f3fca0704d639815 libksba8_1.6.2-4_amd64.deb
c9a0cbb6c0c1a1b16179ac9027a0660da875a0fd52ef300d52bb73493d79138b libapt-pkg6.0_2.5.4_amd64.deb
caaec354f90fe671709b3fa2b969a9a618462fb2cc3fe03f8d28806f720a115f tzdata_2022f-1_all.deb
cbe97163f8d968b27ce68403787a32d0e1aa1e8bd1301a11ef20a7a5671adc4a diffutils_1%3a3.8-1_amd64.deb
cc0ffedcc1fb025a09dc3b7a62bac773d29c0a12bdcdd4fed2cfaa44520d132d gpg-agent_2.2.40-1_amd64.deb
cc6a8974d64157873030c7c61d7c872552ddadf31f6d35b9bc4d69c69eb72ba9 libpcre3_2%3a8.39-14_amd64.deb
cd4f20458589b515a1e39bf641e254d9e474e0d631d6eee5485cc1250a7a9808 mount_2.38.1-4_amd64.deb
cde841b275163fd0e5d742b61df46fd7eb6b7bfc8c44f8537124f61e6bcccacc libgomp1_12.2.0-10_amd64.deb
d095b7e3ff500f226cf752aeaced7df40e04682d34d4a1f7b0e47e92ffe6c079 libseccomp2_2.5.4-1+b2_amd64.deb
d202861c602f3719350d4aede3e4c65ea88d6529b2e1e7115f805091f624e7fa krb5-locales_1.20.1-1_all.deb
d20a3ee34fa84ad8bd381e8be6e9c2c2ea32347cff5e1169c10e978d43f54f24 libssh2-1_1.10.0-3+b1_amd64.deb
d25fb9a24b8037f7fb513cd1706e6f11122f2890f994ee321fe7988e10567878 libsemanage2_3.4-1+b3_amd64.deb
d466bbfe011d764d793c1d9d777cad9c7cf65b938e11598f27408171ad95a951 libunistring2_1.0-2_amd64.deb
d4c7b71ce8628e2baa6b1ef3dc3871fdeb5747ab12ff8dcda0c29c379da7d38b gcc-12_12.2.0-10_amd64.deb
d50716d5824083d667427817d506b45d3f59dc77e1ca52de000f3f62d4918afa libidn2-0_2.3.3-1+b1_amd64.deb
d62e8967437998b351daaaf69e8886592574725d7e88d525625d29fd2b961339 libgssapi-krb5-2_1.20.1-1_amd64.deb
d716f5b4346ec85bb728f4530abeb1da4a79f696c72d7f774c59ba127c202fa7 libpsl5_0.21.0-1.2_amd64.deb
d7abcfaa67bc16c4aed960c959ca62849102c8a0a61b9af9a23fcc870ebc3c57 ca-certificates_20211016_all.deb
d7dd1d1411fedf27f5e27650a6eff20ef294077b568f4c8c5e51466dc7c08ce4 zlib1g_1%3a1.2.13.dfsg-1_amd64.deb
d85f4d2f4f740d09d5f578cf15bbb9b6a912a849047cf807253605d4815745e8 libfreetype6_2.12.1+dfsg-3_amd64.deb
d8c263f47b03a942f2b807187dcc08286f8810c776f18e828dae0cc8b6375da5 libncurses6_6.3+20220423-2_amd64.deb
d98df4f21fc17d8436e230acb36acc8a53a74e3cbcfb13a96a9f823c32fda695 debianutils_5.7-0.4_amd64.deb
db2d207ae363db66000eec1367d87a5e88c638c5452738059c876580dcc2fc1a libgnutls30_3.7.8-4_amd64.deb
db7c6704938a114c3028dd5bb4c05daa390d340f57cd882345a3290f88911314 gpgconf_2.2.40-1_amd64.deb
dc32727dca9a87ba317da7989572011669f568d10159b9d8675ed7aedd26d686 libpng16-16_1.6.39-2_amd64.deb
dc846a0eb742ee2d269e2f32bb351865d8014b39f1b1352af1cb4243b84497ef libtiff5_4.4.0-6_amd64.deb
de2ae6cde14431c23b962246f0c304c526865a50c559edb30e9c056aa26a51e4 libpam-modules-bin_1.5.2-5_amd64.deb
de70f6f7625819163f23f139fe47696a7e6b6eb5dad3eb12d88bddf3fd088b98 unzip_6.0-27_amd64.deb
de7b7e4405d619241447144e88549c74abe4c5617b5b894821d975693209cefb debconf_1.5.80_all.deb
dfd4b424dca7349cbb474cca239ee54363d85fdb13462a05ebd8e35d42bd6232 base-files_12.3_amd64.deb
e0a108909fd3dae44e4a1cb3b91044012aea387b2734334ff816b6a78a0126ac libc6_2.36-6_amd64.deb
e1f69020dc2c466e421ec6a58406b643be8b5c382abf0f8989011c1d3df91c87 librtmp1_2.4+20151223.gitfa8646d.1-2+b2_amd64.deb
e3a156b87d37e8627a3a003c9a40d0e098bb1cec6938065b8c29dd844a1383b1 libdb5.3_5.3.28+dfsg1-0.10_amd64.deb
e3ddd34ed745867a628dbf413f271d6a7f8c5b0d5e01a4103d12240fc6a9d31a libstdc++6_12.2.0-10_amd64.deb
eabec1dde2834f72540d7b93fc5df2625f52611c06d93d61f5cdb12480e0e6a3 gzip_1.12-1_amd64.deb
ebb1e8a210f61f48d95baedb3b03f32996b7e0e0abad1e319075ae2da36e9c6b libtinfo6_6.3+20220423-2_amd64.deb
ebef6bcd777b5c0cc2699926f2159db08433aed07c50cb321fd828b28c5e8d53 ucf_3.0043_all.deb
ec6dcc8ba88087606e70f8ef2e80952974da60a9f2745cc5316a91c2f06951c8 libext2fs2_1.46.6~rc1-1+b1_amd64.deb
ecb8536f5fb34543b55bb9dc5f5b14c9dbb4150a7bddb3f2287b7cab6e9d25ef libxdmcp6_1%3a1.1.2-3_amd64.deb
ed2328befa036dcb0455deecb4787c91e48606ebbea28aa329bd2a10adb7b2aa python3-minimal_3.10.6-1_amd64.deb
ed43d96b4cae0ff0f2208456222151922ecd0bc1118f1e757ebe18206967a8ee libaom3_3.5.0-1_amd64.deb
ed8185c28b2cb519744a5a462dcd720d3b332c9b88a1d0002eac06dc8550cb94 libhogweed6_3.8.1-2_amd64.deb
eec4dc9d949d2c666b1da3fa762a340e8ba10c3a04d3eed32749a97695c15641 libtasn1-6_4.19.0-2_amd64.deb
f3928b657449bc65fb2e13f5a0370c6b30d6e57a9de2eb13ce2ef9f277c8dc0b xz-utils_5.2.9-0.0_amd64.deb
f79c858a5f9041fa7a836580816658a7cff16c562d32ae658347ae4a58b8ed75 adduser_3.129_all.deb
f827028f9abbf30a2a6a7fc550482ae7dc1386fc1e4bb0335d79d7d0cc9c4a7f libatomic1_12.2.0-10_amd64.deb
f9227bd91f834652cbb55c940cbc62f2230c1cfc649437a2efbca11767fd144b libitm1_12.2.0-10_amd64.deb
f9a0fa43e37e835d44a728eaca53fe4e33f53cd5490199444c0c7d48bf3df67a gpgsm_2.2.40-1_amd64.deb
f9ce24cbf69957dc1851fc55adba0a60b5bc617d51587b6478f2be64786442f1 init-system-helpers_1.65.2_all.deb
f9ce531f60cbd5df37996af9370e0171be96902a17ec2bdbd8d62038c354094f zlib1g-dev_1%3a1.2.13.dfsg-1_amd64.deb
fbdab45294d400a875d846da9a1da0b23854323fd03b5943bf54cd6125e41c96 libnghttp2-14_1.51.0-1_amd64.deb
fc39271fdb2bfc46531f8c156e9ea02dd40935e21eddccf0d8c29c58d97a1f93 libaudit-common_1%3a3.0.7-1.1_all.deb
fdc61332a3892168f3cc9cfa1fe9cf11a91dc3e0acacbc47cbc50ebaa234cc71 libxcb1_1.15-1_amd64.deb
fdd885dc27ec30f87312c959d1b44db6faffbc07b8eaec0d5a5e5b2fbcd79d46 libsqlite3-0_3.40.0-1_amd64.deb
fe36a7f35361fc40d0057ef447a7302fd41d51740d51c98fb3870bbed5b96e56 libexpat1_2.5.0-1_amd64.deb
fe524a9de7ed6b2a1465693f12d5f7be2d2d9f6d6e6bf028f17109263e173dc8 liblocale-gettext-perl_1.07-5_amd64.deb
feb6aaa0bd183246ca915b88825c68f3b5a6507bc70a8c2eb70d1e4cb9e83225 libsmartcols1_2.38.1-4_amd64.deb
ff12fc51e092aaae4992317c5f7f26d1e73e6fde4296a8cdfe1b739b51e4b0ab xauth_1%3a1.1.1-1_amd64.deb
ff1d5281131fb36c6da4f3c40a6b75010bf94f2b15fd3497500a1b056d01c63b ncurses-bin_6.3+20220423-2_amd64.deb
ff79706e87a63a34de6ade3632dc0855029ff7abb36ef9976d5e229887c836f9 gpg-wks-server_2.2.40-1_amd64.deb
ffd88ba260f07a50c33e849bce75895f17c993d8040397941c58703701d184c3 libpam-modules_1.5.2-5_amd64.deb

View File

@ -1,13 +0,0 @@
debian-archive-keyring
build-essential
git
libfaketime
file
wget
cpio
unzip
rsync
bc
libncurses-dev
python3
libelf-dev

View File

@ -1,259 +0,0 @@
adduser=3.129
apt=2.5.4
base-files=12.3
base-passwd=3.6.1
bash=5.2-2+b1
bc=1.07.1-3+b1
binutils-common=2.39.50.20221208-5
binutils-x86-64-linux-gnu=2.39.50.20221208-5
binutils=2.39.50.20221208-5
bsdutils=1:2.38.1-4
build-essential=12.9
bzip2=1.0.8-5+b1
ca-certificates=20211016
coreutils=9.1-1
cpio=2.13+dfsg-7.1
cpp-12=12.2.0-10
cpp=4:12.2.0-1
dash=0.5.11+git20210903+057cd650a4ed-9
debconf=1.5.80
debian-archive-keyring=2021.1.1
debianutils=5.7-0.4
diffutils=1:3.8-1
dirmngr=2.2.40-1
dpkg-dev=1.21.12
dpkg=1.21.12
e2fsprogs=1.46.6~rc1-1+b1
fakeroot=1.29-1
file=1:5.41-4
findutils=4.9.0-3
fontconfig-config=2.13.1-4.5
fonts-dejavu-core=2.37-2
g++-12=12.2.0-10
g++=4:12.2.0-1
gcc-12-base=12.2.0-10
gcc-12=12.2.0-10
gcc=4:12.2.0-1
git-man=1:2.35.1-1
git=1:2.35.1-1
gnupg-l10n=2.2.40-1
gnupg-utils=2.2.40-1
gnupg=2.2.40-1
gpg-agent=2.2.40-1
gpg-wks-client=2.2.40-1
gpg-wks-server=2.2.40-1
gpg=2.2.40-1
gpgconf=2.2.40-1
gpgsm=2.2.40-1
gpgv=2.2.40-1
grep=3.8-3
gzip=1.12-1
hostname=3.23
init-system-helpers=1.65.2
krb5-locales=1.20.1-1
less=590-1
libabsl20220623=20220623.1-1
libacl1=2.3.1-2
libalgorithm-diff-perl=1.201-1
libalgorithm-diff-xs-perl=0.04-8+b1
libalgorithm-merge-perl=0.08-5
libaom3=3.5.0-1
libapt-pkg6.0=2.5.4
libasan8=12.2.0-10
libassuan0=2.5.5-5
libatomic1=12.2.0-10
libattr1=1:2.5.1-3
libaudit-common=1:3.0.7-1.1
libaudit1=1:3.0.7-1.1+b2
libavif15=0.11.1-1
libbinutils=2.39.50.20221208-5
libblkid1=2.38.1-4
libbrotli1=1.0.9-2+b5
libbsd0=0.11.7-1
libbz2-1.0=1.0.8-5+b1
libc-bin=2.36-6
libc-dev-bin=2.36-6
libc-devtools=2.36-6
libc6-dev=2.36-6
libc6=2.36-6
libcap-ng0=0.8.3-1+b2
libcap2=1:2.44-1
libcbor0.8=0.8.0-2+b1
libcc1-0=12.2.0-10
libcom-err2=1.46.6~rc1-1+b1
libcrypt-dev=1:4.4.33-1
libcrypt1=1:4.4.33-1
libctf-nobfd0=2.39.50.20221208-5
libctf0=2.39.50.20221208-5
libcurl3-gnutls=7.86.0-2
libdav1d6=1.0.0-2
libdb5.3=5.3.28+dfsg1-0.10
libde265-0=1.0.9-1
libdebconfclient0=0.265
libdeflate0=1.14-1
libdpkg-perl=1.21.12
libedit2=3.1-20221030-2
libelf-dev=0.188-1
libelf1=0.188-1
liberror-perl=0.17029-2
libexpat1=2.5.0-1
libext2fs2=1.46.6~rc1-1+b1
libfakeroot=1.29-1
libfaketime=0.9.10-2.1
libffi8=3.4.4-1
libfido2-1=1.12.0-2
libfile-fcntllock-perl=0.22-4+b1
libfontconfig1=2.13.1-4.5
libfreetype6=2.12.1+dfsg-3
libgav1-1=0.18.0-1+b1
libgcc-12-dev=12.2.0-10
libgcc-s1=12.2.0-10
libgcrypt20=1.10.1-3
libgd3=2.3.3-7
libgdbm-compat4=1.23-3
libgdbm6=1.23-3
libgmp10=2:6.2.1+dfsg1-1.1
libgnutls30=3.7.8-4
libgomp1=12.2.0-10
libgpg-error0=1.46-1
libgpm2=1.20.7-10+b1
libgprofng0=2.39.50.20221208-5
libgssapi-krb5-2=1.20.1-1
libheif1=1.13.0-1
libhogweed6=3.8.1-2
libidn2-0=2.3.3-1+b1
libisl23=0.25-1
libitm1=12.2.0-10
libjansson4=2.14-2
libjbig0=2.1-6.1
libjpeg62-turbo=1:2.1.2-1+b1
libk5crypto3=1.20.1-1
libkeyutils1=1.6.3-1
libkrb5-3=1.20.1-1
libkrb5support0=1.20.1-1
libksba8=1.6.2-4
libldap-2.5-0=2.5.13+dfsg-2+b1
libldap-common=2.5.13+dfsg-2
liblerc4=4.0.0+ds-2
liblocale-gettext-perl=1.07-5
liblsan0=12.2.0-10
liblz4-1=1.9.4-1
liblzma5=5.2.9-0.0
libmagic-mgc=1:5.41-4
libmagic1=1:5.41-4
libmd0=1.0.4-2
libmount1=2.38.1-4
libmpc3=1.2.1-2
libmpdec3=2.5.1-2
libmpfr6=4.1.0-3
libncurses-dev=6.3+20220423-2
libncurses6=6.3+20220423-2
libncursesw6=6.3+20220423-2
libnettle8=3.8.1-2
libnghttp2-14=1.51.0-1
libnpth0=1.6-3
libnsl-dev=1.3.0-2
libnsl2=1.3.0-2
libnuma1=2.0.15-1
libp11-kit0=0.24.1-1
libpam-modules-bin=1.5.2-5
libpam-modules=1.5.2-5
libpam-runtime=1.5.2-5
libpam0g=1.5.2-5
libpcre2-8-0=10.40-3
libpcre3=2:8.39-14
libperl5.36=5.36.0-6
libpng16-16=1.6.39-2
libpopt0=1.19+dfsg-1
libpsl5=0.21.0-1.2
libpython3-stdlib=3.10.6-1
libpython3.10-minimal=3.10.9-1
libpython3.10-stdlib=3.10.9-1
libquadmath0=12.2.0-10
librav1e0=0.5.1-5
libreadline8=8.2-1.2
librtmp1=2.4+20151223.gitfa8646d.1-2+b2
libsasl2-2=2.1.28+dfsg-10
libsasl2-modules-db=2.1.28+dfsg-10
libsasl2-modules=2.1.28+dfsg-10
libseccomp2=2.5.4-1+b2
libselinux1=3.4-1+b3
libsemanage-common=3.4-1
libsemanage2=3.4-1+b3
libsepol2=3.4-2
libsmartcols1=2.38.1-4
libsqlite3-0=3.40.0-1
libss2=1.46.6~rc1-1+b1
libssh2-1=1.10.0-3+b1
libssl3=3.0.7-1
libstdc++-12-dev=12.2.0-10
libstdc++6=12.2.0-10
libsvtav1enc1=1.4.0+dfsg-1
libsystemd0=252.2-2
libtasn1-6=4.19.0-2
libtiff5=4.4.0-6
libtinfo6=6.3+20220423-2
libtirpc-common=1.3.3+ds-1
libtirpc-dev=1.3.3+ds-1
libtirpc3=1.3.3+ds-1
libtsan2=12.2.0-10
libubsan1=12.2.0-10
libudev1=252.2-2
libunistring2=1.0-2
libuuid1=2.38.1-4
libwebp7=1.2.2-2+b2
libx11-6=2:1.8.1-2
libx11-data=2:1.8.1-2
libx265-199=3.5-2+b1
libxau6=1:1.0.9-1
libxcb1=1.15-1
libxdmcp6=1:1.1.2-3
libxext6=2:1.3.4-1+b1
libxmuu1=2:1.1.3-3
libxpm4=1:3.5.12-1
libxxhash0=0.8.1-1
libyuv0=0.0~git20221118.ea26d7a-2
libzstd1=1.5.2+dfsg-1
linux-libc-dev=6.0.12-1
login=1:4.13+dfsg1-1
logsave=1.46.6~rc1-1+b1
make=4.3-4.1
manpages-dev=6.01-1
manpages=6.01-1
mawk=1.3.4.20200120-3.1
media-types=8.0.0
mount=2.38.1-4
ncurses-base=6.3+20220423-2
ncurses-bin=6.3+20220423-2
netbase=6.4
openssh-client=1:9.1p1-1
openssl=3.0.7-1
passwd=1:4.13+dfsg1-1
patch=2.7.6-7
perl-base=5.36.0-6
perl-modules-5.36=5.36.0-6
perl=5.36.0-6
pinentry-curses=1.2.1-1
publicsuffix=20220811.1734-1
python3-minimal=3.10.6-1
python3.10-minimal=3.10.9-1
python3.10=3.10.9-1
python3=3.10.6-1
readline-common=8.2-1.2
rpcsvc-proto=1.4.3-1
rsync=3.2.6-4+b1
sed=4.8-1
sensible-utils=0.0.17
sysvinit-utils=3.05-7
tar=1.34+dfsg-1
tzdata=2022f-1
ucf=3.0043
unzip=6.0-27
usr-is-merged=33
util-linux-extra=2.38.1-4
util-linux=2.38.1-4
wget=1.21.3-1+b2
xauth=1:1.1.1-1
xz-utils=5.2.9-0.0
zlib1g-dev=1:1.2.13.dfsg-1
zlib1g=1:1.2.13.dfsg-1

View File

@ -1,6 +0,0 @@
deb http://deb.debian.org/debian bookworm main
deb http://security.debian.org/debian-security bookworm-security main
deb http://deb.debian.org/debian bookworm-updates main
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20221220T000000Z bookworm main
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian-security/20221220T000000Z bookworm-security main
deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20221220T000000Z bookworm-updates main

BIN
dist/airgap.iso (Stored with Git LFS) vendored

Binary file not shown.

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEzAzToO3Ax9K7Run3B88Hlc0qV+sFAmP+XQ4ACgkQB88Hlc0q
V+v1lg/9HxgMu/SLVcDlLEi0uz21693OwEBjcxL1rRca7y4/t/upGnhu53c0gM7W
ws+voJWWi9d8wTeuwl9yxvajdAo8I3Jw78hjXZWvqTK0CmLSSfCBTH6e7uRpvzbC
cJrc3QiErI84TpJde4NmZpMz6oGPzp+qdoAPCvsSiS2xy97+ZGB9OIfffjmlN86L
ZIjKCB0K2+yijB3pa/faNHv3Jv4XKliUXP+AelT0Rsw2466Bndruh63mxNjqYZiC
54hVd46ASwhS4YDNFZVrcYJNETr52328QjhtNlPsG83E2KGp2rl9mFaiXxLQsFD0
7j0VPIFPAqDvD7ZhAf5oTZDmo2BJYZpGTmTjBAdKDKCWySbwIEoGC65UoOY8ROXV
uGNqf9enFzWfnwLcDiujDo3e51Dag65FnEGkUDLUo/D/2B+r9vEzesVdTuGx3Szh
OTldUZp0ls9bCqhO4cCllZheswREbTTUUSYMYGNsRF+j6VaBR8jYa9yM4AX/Qk4N
9cokKyUD/ci49CH8R6THliD7FtF1G+LWvgHI4ZKzrEMJGyJVTiimHX4N2BJzZtUv
ObfCcskscf6DZxDpiFG256t2FYL3zQzNCaLj7mBpwe9NRuLwiSuHgS3udP9qossn
6Zew0D+a9wpst1MibKMx1G6eLn24Bjly81LDvIaKPn/yRIRrVzc=
=RJE0
-----END PGP SIGNATURE-----

View File

@ -1,16 +1,16 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAmP5OHwACgkQjkeh7DWh iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAma0fbsACgkQjkeh7DWh
VR08/w//ScO/qM0a8JAAsCuCXEeZIJAhkICrxOCjMl6z9KP3lU8yVU6NL/ULF9P4 VR0lYBAAsjKcqgoSM73lck4gSga3CWtTfZ/k7azr98HnUw5InTyTwvna2sRGL3jb
0nW5A1jnZo9PKcabV1RKFkQ/UuJdmUOuupg5JkN5X99rR/SDZ6hrsVy/tS6kjKaU Q0pUhrPVQVmjXSyxD/hR/uLuiAfUn2Gyhp1MZS3C7jmFcRsxCJzNbByv/2bUS2+U
Z9qMGlsVRYVdbBb+VKtQB1gguj04QXVD9iAFIeAeaRRNMhtqo7gMHU1cdOkB86g2 5TaCoxmM8SdxTqcBIyYylKzZ4ub0t3bCWUt2uPqdSqslgEReeqbzzE3jpmiUfmHE
H4w25LuxkIfRtyGlUgtBMS3MqpRiNjUSunP357VlHFBEGv4yT7CcdLK68FFd6Qzp daaZhZa3iPEr7vqq00jUGFuSEdxQCQkty0nZHzfGhHwbliiUGyH6/bb+u4v5eGYH
U1KJja5DG68aVTHdT47LvFCKRPjyFvheA1Ok1feSnYrOqPAhzYEFuWoE+f/+/nsI VEyRq0CWFgw5sywpSf3UZjR0fkd0do9z6Li1ggN2GV63I4oT3L1LltcMXtgfMp+B
JLqGVvPO7g40p0YXZdPWjQON4ZpcRuWG9TRg85G4WV+sQfqnDpz1i2++pb2RrOMI SA3gz7/mJsMqM6H2ZWqUgJAZw/mZCGStftSnOTKdyEtpzagNNeePa5f4kM1ZuHF6
SNwUIz8zdTaWo1G+AoNfaveybk7BOlAstjDwA5SzukFNrPvBSOQpe53i+NGyTAPS ehSl1nbnCeCPfedS8+oUm3v8qWiFLXz4tmYvBnfDWaUXIYpNOrvJPtatdinTNRfl
pbKnir6IAD1QwagZOzYac6tzE4ZX2F7zmjPrwCDHGYAYuaQV+1CWiIvnN5zCjHXe nglyEt6Olc+3vEqkrEl7JFu13Gl92mbuhhelKjM/VDheHBUZ6yrso1aLbyruO+wm
pvl22LKwr8BDRHzmVpctdVojlkb4llrbdzq3cMZgdXasXKORD9+yuGAK5+hfekmi RxL3pQSCNfAnIQpSdkXga5gVvbZDDISBast3qHFuZaZFbo2p24hw0HnLAfyCrxgF
vsUMROvIp27q/eFL5fLTIP3clOo5+foWdB4cqWoS0q+5qIG3Aa0YZp9HDeI9pdjH JnN3x2qqRlTzQSrVr4EEXUwUqpt5LlnQ3kDLNVYhXuqTdmyETj1YGnAXkqV/D+Z7
W11QFp4tlrDwA0lgHdUiF4vITxDk/+qz0Hi3gKCll87cmXUufRg= B7hlDdddXI5d0yDoYPAmF9N7XJCasdfutnO/8IfZ/eE989jYybE=
=wZZ6 =eruT
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

16
dist/manifest.8E401478A3FBEF72.asc vendored Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEiII6deyqeGsP84sUjkAUeKP773IFAma0f0IACgkQjkAUeKP7
73I33w//SaGbbM9z8SYsWhii1SBnfs6NVQSwdBoO20C4gFdmZkPVDak3QoCAioaC
GjlEOEDb7SXfWi3n2z72P97dswN6dG1IxQKR1N913IWzUUEXGR0phaC+o0P1/f74
MXrcUDLwwJwZsA/0zMV6gHvONEqwgmfEO4WrEB/Ty7ueoJjsmQ2oauWytlh8CVDR
3HFwiVoAjRC2d0vKj0eL2n9pNQNEYKb+oJ/gq3sk2L8qPs1vThQguHADvqmi6V3w
+4tZqviksPXb+sve3VTsKFDbd5AXvcRY4TbPawQ5W7Aa6iK9W/yA10+zXvcHoGrA
6iMR94yI9eprBkqoeoxr2MHPk+8d9xXB16hY/h+OCPibkFFfPST9GDFcp0nk1JFH
b0bbpanBsxwN3IxTAL0a7iD2nxftZHjgiZib1lhdhLg35o9iou1V0fRPwdjepS3o
2TBvKhtNncUW/87ZhxhdkTI/iUvS0iem3KHUQXkM+ziOC5zGf+PYvMCuy2P0oSei
731aVOgxKbpEZHY0pTkuqG7U4+RWZ+KJEnxETcZWoCeY9DW/u2Dx5hukeZJbvmUo
111vBoziyocgKvKi5S3ctZaAwm2wNsE0TU/o5u9+Q5ST1wgsKJF+F0laCUQcDPwM
UyM5VznH31pChrlzRiUcsm0lMvDkx+JfTSBPOgzABMAcQ3YuTSk=
=e+q6
-----END PGP SIGNATURE-----

4
dist/manifest.txt vendored
View File

@ -1,2 +1,2 @@
5b830f69691a96deb50caa68b69b7a6bb34a0af8c55a0d7dd21c1771683f96e1 airgap.iso fe92783ef775ccc5e32baefb26f951b7f37ed26ecbb4601a068e20b31bebadbb airgap.iso
89695f9584b98adea86887de56774b8747c4f36092611c31da367a63f072954d release.env b714c963bd8b1f3a38295821f0a3521bc64f97c1023c49d22a2e7433385b1a09 release.env

8
dist/release.env vendored
View File

@ -1,5 +1,5 @@
VERSION=2023.02.24 VERSION=2024.8.1
GIT_REF=2376bc53dc4609ad0bff55e0b3365891db6fbeea GIT_REF=ea623cc147741b0a753ce4ea7aabe512df9a2ef9
GIT_AUTHOR=Lance R. Vick GIT_AUTHOR=Lance R. Vick
GIT_KEY=6B61ECD76088748C70590D55E90A401336C8AAA9 GIT_PUBKEY=6B61ECD76088748C70590D55E90A401336C8AAA9
GIT_TIMESTAMP=2023-02-24 13:31:37 -0800 GIT_TIMESTAMP=2024-08-08 00:34:41 -0700

55
rootfs/etc/init.d/S01syslogd Executable file
View File

@ -0,0 +1,55 @@
#!/bin/sh
DAEMON="syslogd"
PIDFILE="/var/run/$DAEMON.pid"
SYSLOGD_ARGS=""
# shellcheck source=/dev/null
[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
# BusyBox' syslogd does not create a pidfile, so pass "-n" in the command line
# and use "-m" to instruct start-stop-daemon to create one.
start() {
printf 'Starting %s: ' "$DAEMON"
# shellcheck disable=SC2086 # we need the word splitting
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/sbin/$DAEMON" \
-- -n $SYSLOGD_ARGS
status=$?
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
stop() {
printf 'Stopping %s: ' "$DAEMON"
start-stop-daemon -K -q -p "$PIDFILE"
status=$?
if [ "$status" -eq 0 ]; then
rm -f "$PIDFILE"
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
restart() {
stop
sleep 1
start
}
case "$1" in
start|stop|restart)
"$1";;
reload)
# Restart, since there is no true "reload" feature.
restart;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

55
rootfs/etc/init.d/S02klogd Executable file
View File

@ -0,0 +1,55 @@
#!/bin/sh
DAEMON="klogd"
PIDFILE="/var/run/$DAEMON.pid"
KLOGD_ARGS=""
# shellcheck source=/dev/null
[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
# BusyBox' klogd does not create a pidfile, so pass "-n" in the command line
# and use "-m" to instruct start-stop-daemon to create one.
start() {
printf 'Starting %s: ' "$DAEMON"
# shellcheck disable=SC2086 # we need the word splitting
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/sbin/$DAEMON" \
-- -n $KLOGD_ARGS
status=$?
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
stop() {
printf 'Stopping %s: ' "$DAEMON"
start-stop-daemon -K -q -p "$PIDFILE"
status=$?
if [ "$status" -eq 0 ]; then
rm -f "$PIDFILE"
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
restart() {
stop
sleep 1
start
}
case "$1" in
start|stop|restart)
"$1";;
reload)
# Restart, since there is no true "reload" feature.
restart;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

94
rootfs/etc/init.d/S02sysctl Executable file
View File

@ -0,0 +1,94 @@
#!/bin/sh
#
# This script is used by busybox and procps-ng.
#
# With procps-ng, the "--system" option of sysctl also enables "--ignore", so
# errors are not reported via syslog. Use the run_logger function to mimic the
# --system behavior, still reporting errors via syslog. Users not interested
# on error reports can add "-e" to SYSCTL_ARGS.
#
# busybox does not have a "--system" option neither reports errors via syslog,
# so the scripting provides a consistent behavior between the implementations.
# Testing the busybox sysctl exit code is fruitless, as at the moment, since
# its exit status is zero even if errors happen. Hopefully this will be fixed
# in a future busybox version.
PROGRAM="sysctl"
SYSCTL_ARGS=""
# shellcheck source=/dev/null
[ -r "/etc/default/$PROGRAM" ] && . "/etc/default/$PROGRAM"
# Files are read from directories in the SYSCTL_SOURCES list, in the given
# order. A file may be used more than once, since there can be multiple
# symlinks to it. No attempt is made to prevent this.
SYSCTL_SOURCES="/etc/sysctl.d/ /usr/local/lib/sysctl.d/ /usr/lib/sysctl.d/ /lib/sysctl.d/ /etc/sysctl.conf"
# If the logger utility is available all messages are sent to syslog, except
# for the final status. The file redirections do the following:
#
# - stdout is redirected to syslog with facility.level "kern.info"
# - stderr is redirected to syslog with facility.level "kern.err"
# - file dscriptor 4 is used to pass the result to the "start" function.
#
run_logger() {
# shellcheck disable=SC2086 # we need the word splitting
find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \
xargs -0 -r -n 1 readlink -f | {
prog_status="OK"
while :; do
read -r file || {
echo "$prog_status" >&4
break
}
echo "* Applying $file ..."
/sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL"
done 2>&1 >&3 | /usr/bin/logger -t sysctl -p kern.err
} 3>&1 | /usr/bin/logger -t sysctl -p kern.info
}
# If logger is not available all messages are sent to stdout/stderr.
run_std() {
# shellcheck disable=SC2086 # we need the word splitting
find $SYSCTL_SOURCES -maxdepth 1 -name '*.conf' -print0 2> /dev/null | \
xargs -0 -r -n 1 readlink -f | {
prog_status="OK"
while :; do
read -r file || {
echo "$prog_status" >&4
break
}
echo "* Applying $file ..."
/sbin/sysctl -p "$file" $SYSCTL_ARGS || prog_status="FAIL"
done
}
}
if [ -x /usr/bin/logger ]; then
run_program="run_logger"
else
run_program="run_std"
fi
start() {
printf '%s %s: ' "$1" "$PROGRAM"
status=$("$run_program" 4>&1)
echo "$status"
if [ "$status" = "OK" ]; then
return 0
fi
return 1
}
case "$1" in
start)
start "Running";;
restart|reload)
start "Rerunning";;
stop)
:;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

24
rootfs/etc/init.d/S10udev Executable file
View File

@ -0,0 +1,24 @@
#!/bin/sh
case "$1" in
start)
printf "Populating %s using udev: " "${udev_root:-/dev}"
[ -e /proc/sys/kernel/hotplug ] && printf '\000\000\000\000' > /proc/sys/kernel/hotplug
/sbin/udevd -d || { echo "FAIL"; exit 1; }
udevadm trigger --type=subsystems --action=add
udevadm trigger --type=devices --action=add
udevadm settle --timeout=30 || echo "udevadm settle failed"
echo "done"
;;
stop)
# Stop execution of events
udevadm control --stop-exec-queue
killall udevd
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0

20
rootfs/etc/init.d/S12pcscd Executable file
View File

@ -0,0 +1,20 @@
#!/bin/sh
case "$1" in
start)
/usr/sbin/pcscd -d || { echo "FAIL"; exit 1; }
killall pcscd
/usr/sbin/pcscd -d || { echo "FAIL"; exit 1; }
echo "done"
;;
stop)
# Stop execution of events
killall pcscd
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac
exit 0

70
rootfs/etc/init.d/S20urandom Executable file
View File

@ -0,0 +1,70 @@
#! /bin/sh
#
# Preserve the random seed between reboots. See urandom(4).
#
# Quietly do nothing if /dev/urandom does not exist
[ -c /dev/urandom ] || exit 0
URANDOM_SEED="/var/lib/random-seed"
# shellcheck source=/dev/null
[ -r "/etc/default/urandom" ] && . "/etc/default/urandom"
if pool_bits=$(cat /proc/sys/kernel/random/poolsize 2> /dev/null); then
pool_size=$((pool_bits/8))
else
pool_size=512
fi
init_rng() {
[ -f "$URANDOM_SEED" ] || return 0
printf 'Initializing random number generator: '
dd if="$URANDOM_SEED" bs="$pool_size" of=/dev/urandom count=1 2> /dev/null
status=$?
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
return "$status"
}
save_random_seed() {
printf 'Saving random seed: '
status=1
if touch "$URANDOM_SEED.new" 2> /dev/null; then
old_umask=$(umask)
umask 077
dd if=/dev/urandom of="$URANDOM_SEED.tmp" bs="$pool_size" count=1 2> /dev/null
cat "$URANDOM_SEED" "$URANDOM_SEED.tmp" 2>/dev/null \
| sha256sum \
| cut -d ' ' -f 1 > "$URANDOM_SEED.new" && \
mv "$URANDOM_SEED.new" "$URANDOM_SEED" && status=0
rm -f "$URANDOM_SEED.tmp"
umask "$old_umask"
if [ "$status" -eq 0 ]; then
echo "OK"
else
echo "FAIL"
fi
else
echo "SKIP (read-only file system detected)"
fi
return "$status"
}
case "$1" in
start|restart|reload)
# Carry a random seed from start-up to start-up
# Load and then save the whole entropy pool
init_rng && save_random_seed;;
stop)
# Carry a random seed from shut-down to start-up
# Save the whole entropy pool
save_random_seed;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac

27
rootfs/etc/init.d/rcK Executable file
View File

@ -0,0 +1,27 @@
#!/bin/sh
# Stop all init scripts in /etc/init.d
# executing them in reversed numerical order.
#
for i in $(ls -r /etc/init.d/S??*) ;do
# Ignore dangling symlinks (if any).
[ ! -f "$i" ] && continue
case "$i" in
*.sh)
# Source shell script for speed.
(
trap - INT QUIT TSTP
set stop
. $i
)
;;
*)
# No sh extension, so fork subprocess.
$i stop
;;
esac
done

27
rootfs/etc/init.d/rcS Executable file
View File

@ -0,0 +1,27 @@
#!/bin/sh
# Start all init scripts in /etc/init.d
# executing them in numerical order.
#
for i in /etc/init.d/S??* ;do
# Ignore dangling symlinks (if any).
[ ! -f "$i" ] && continue
case "$i" in
*.sh)
# Source shell script for speed.
(
trap - INT QUIT TSTP
set start
. $i
)
;;
*)
# No sh extension, so fork subprocess.
$i start
;;
esac
done

View File

@ -1,11 +1,5 @@
# /etc/inittab # /etc/inittab
#
# Copyright (C) 2001 Erik Andersen <andersen@codepoet.org>
#
# Note: BusyBox init doesn't support runlevels. The runlevels field is
# completely ignored by BusyBox init. If you want runlevels, use
# sysvinit.
#
# Format for each entry: <id>:<runlevels>:<action>:<process> # Format for each entry: <id>:<runlevels>:<action>:<process>
# #
# id == tty to run on, or empty for /dev/console # id == tty to run on, or empty for /dev/console
@ -14,27 +8,26 @@
# process == program to run # process == program to run
# Startup the system # Startup the system
::sysinit:/bin/mount -t devtmpfs devtmpfs /dev
::sysinit:/bin/mkdir -p /proc /run /dev/pts /dev/shm /sys
::sysinit:/bin/mount -t sysfs sysfs /sys
::sysinit:/bin/mount -t proc proc /proc ::sysinit:/bin/mount -t proc proc /proc
::sysinit:/bin/mount -o remount,rw / ::sysinit:/bin/mount -o remount,rw /
::sysinit:/bin/mkdir -p /dev/pts /dev/shm
::sysinit:/bin/mount -a
::sysinit:/sbin/swapon -a
null::sysinit:/bin/ln -sf /proc/self/fd /dev/fd null::sysinit:/bin/ln -sf /proc/self/fd /dev/fd
null::sysinit:/bin/ln -sf /proc/self/fd/0 /dev/stdin null::sysinit:/bin/ln -sf /proc/self/fd/0 /dev/stdin
null::sysinit:/bin/ln -sf /proc/self/fd/1 /dev/stdout null::sysinit:/bin/ln -sf /proc/self/fd/1 /dev/stdout
null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr null::sysinit:/bin/ln -sf /proc/self/fd/2 /dev/stderr
::sysinit:/bin/hostname -F /etc/hostname
# now run any rc scripts # now run any rc scripts
::sysinit:/etc/init.d/rcS ::sysinit:/etc/init.d/rcS
# Put a getty on the serial port # Put shells on the serial terminal and console
#console::respawn:/sbin/getty -L console 0 vt100 # GENERIC_SERIAL console::respawn:-/bin/bash
ttyS0::respawn:-/bin/bash
::respawn:-/bin/bash ::respawn:-/bin/bash
# Stuff to do for the 3-finger salute # Stuff to do for the 3-finger salute
#::ctrlaltdel:/sbin/reboot ::ctrlaltdel:/sbin/reboot
# Stuff to do before rebooting # Stuff to do before rebooting
::shutdown:/etc/init.d/rcK ::shutdown:/etc/init.d/rcK
::shutdown:/sbin/swapoff -a
::shutdown:/bin/umount -a -r ::shutdown:/bin/umount -a -r

View File

@ -3,8 +3,7 @@ export PATH="/usr/local/bin:/bin:/sbin:/usr/bin:/usr/sbin"
export PS1="[\h \t] \\$ " export PS1="[\h \t] \\$ "
export GNUPGHOME=/.gnupg export GNUPGHOME=/.gnupg
source /etc/environment source /etc/environment
cd /root
dmesg -n1
clear clear
cat << "EOF" cat << "EOF"
_ _ ___ ____ _ _ ___ ____
@ -19,5 +18,5 @@ echo " - Version: $VERSION"
echo " - Date: $GIT_TIMESTAMP" echo " - Date: $GIT_TIMESTAMP"
echo " - Committer: $GIT_AUTHOR" echo " - Committer: $GIT_AUTHOR"
echo " - Commit: $GIT_REF" echo " - Commit: $GIT_REF"
echo " - Key: $GIT_KEY" echo " - Key: $GIT_PUBKEY"
echo "" echo ""

2
rootfs/init Executable file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec /bin/init

View File

@ -0,0 +1,15 @@
KERNEL!="mmcblk[0-9]p[0-9]|sd[a-z][0-9]", GOTO="automount_end"
ACTION=="add", PROGRAM!="/sbin/blkid %N", GOTO="automount_end"
IMPORT{program}="/sbin/blkid -o udev -p %N"
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"
ENV{ID_FS_LABEL}=="", ENV{dir_name}="%k"
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
ACTION=="add", ENV{ID_FS_TYPE}=="vfat", ENV{mount_options}="relatime,utf8,flush,user,umask=0000"
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}", RUN+="/bin/mount -o $env{mount_options} /dev/%k /media/%E{dir_name}"
ACTION=="add", RUN+="/usr/local/bin/autorun /media/%E{dir_name}"
ACTION=="remove", ENV{dir_name}!="", RUN+="/bin/umount -l /media/%E{dir_name}", RUN+="/bin/rmdir /media/%E{dir_name}"
LABEL="automount_end"

28
rootfs/usr/local/bin/autorun Executable file
View File

@ -0,0 +1,28 @@
#!/bin/bash
set -e
source /etc/profile
folder=${1?}
if [ "$folder" == "/media/USER" ] && [ -f "${folder}/autorun.sh" ]; then
if touch "${folder}/.write_test" 2>/dev/null; then
echo "!! Autorun: Read-only verification failed for /media/USER" >/dev/console
exit 1;
else
echo "" >/dev/console
echo "++ Autorun: Found /media/USER/autorun.sh" >/dev/console;
echo "** Autorun: Executing /media/USER/autorun.sh" >/dev/console
/bin/bash "/media/USER/autorun.sh" >/dev/console
fi
elif [ -f "${folder}/autorun.sh.asc" ]; then
echo "" >/dev/console
echo "++ Autorun: Found ${folder}/autorun.sh" >/dev/console;
gpg --verify "${folder}/autorun.sh.asc" >/dev/null 2>&1 || {
echo "!! Autorun: Verification Failed for ${folder}/autorun.sh" \
>/dev/console;
exit 1;
}
echo "++ Autorun: Verified ${folder}/autorun.sh" >/dev/console
echo "** Autorun: Executing ${folder}/autorun.sh" >/dev/console
/bin/bash "${folder}/autorun.sh" >/dev/console
fi

3
sdcard/autorun.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/bash
echo "Autorun.sh executed"

View File

@ -1,65 +0,0 @@
#!/bin/bash
[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
set -e; source environment
build_dir="${BUILD_DIR?}"
audit_dir="${BUILD_DIR?}/audit"
buildroot_dir="${build_dir}/buildroot"
heads_dir="${build_dir}/heads"
mkdir -p ${audit_dir}
printf "Generating container package vulnerability stats... "
debsecan \
--suite $(lsb_release --codename --short) \
--format detail \
> ${audit_dir}/container_package_cves.txt
container_package_cves="$( \
cat ${audit_dir}/container_package_cves.txt | grep CVE | wc -l \
)"
echo "done"
printf "Generating target OS source tar hashes... "
openssl sha256 -r ${buildroot_dir}/dl/*/*.tar.* \
> ${audit_dir}/os_src_hashes.txt
echo "done"
printf "Generating firmware source tar hashes... "
openssl sha256 -r ${heads_dir}/packages/* \
> ${audit_dir}/fw_src_hashes.txt
echo "done"
printf "Generating combined/uniqued source tar hashes... "
cat ${audit_dir}/os_src_hashes.txt \
${audit_dir}/fw_src_hashes.txt \
| sed 's/ .*\// /g' \
| awk '{ t = $1; $1 = $2; $2 = t; print;}' \
| sort \
| uniq \
> ${audit_dir}/all_hashes.txt
echo "done"
printf "Generating buildroot package stats... "
( cd ${buildroot_dir} \
&& support/scripts/pkg-stats --json ${audit_dir}/pkg-stats.json \
> /dev/null 2>&1
)
target_os_source_cves=$( \
cat build/audit/pkg-stats.json | jq '.stats["total-cves"]' \
)
echo "done"
printf "Generating license usage reports... "
( cd ${buildroot_dir} && make legal-info > /dev/null 2>&1 )
cp -R ${buildroot_dir}/output/legal-info ${audit_dir}/legal-info
echo "done"
echo "------------------------------------------------"
echo "Wrote: build/audit/container_package_cves.txt"
echo "Wrote: build/audit/os_src_hashes.txt"
echo "Wrote: build/audit/fw_src_hashes.txt"
echo "Wrote: build/audit/all_hashes.txt"
echo "Wrote: build/audit/pkg-stats.json"
echo "Wrote: build/audit/legal-info"
echo "------------------------------------------------"
echo "Build container package CVEs: ${container_package_cves}"
echo "Target OS source CVEs: ${target_os_source_cves}"

@ -1 +0,0 @@
Subproject commit ca3e7960ea2abb9e448610c633dc92d7786ce8ab