SysAdmin
38ac4f8a96
Run #4258 cleared the systemctl shim only to die two seconds later on the *next* expectation derivative-maker has of a real systemd host: its sources.list points at http://127.0.0.1:9977/debian (the approx package-cache socket-activated by systemd) and apt-get update could not reach the daemon because nothing was actually started by the no-op shim: Err:1 http://127.0.0.1:9977/debian trixie InRelease Could not connect to 127.0.0.1:9977 (127.0.0.1). - connect (111: Connection refused) Whack-a-mole'ing each service derivative-maker tries to start (approx today, then journald, then systemd-logind, then who-knows-what tomorrow) is going to keep failing for a while — derivative-maker is fundamentally designed for a real systemd-managed Debian host. The container pattern upstream itself ships (linux/build/derivative-maker/docker/) runs systemd as PID 1 inside the container; this commit adopts that approach. Architecture: - PID 1 in the build container is now systemd. Upstream's vendored entrypoint.sh records the user-supplied command into /etc/docker-entrypoint-cmd, captures env into /etc/docker-entrypoint-env, masks irrelevant units, and execs systemd. systemd boots, docker-entrypoint.service runs the command, docker-entrypoint-stop.sh propagates the exit code via `systemctl exit <code>` so the container exits with the right status. - The four entrypoint files (entrypoint.sh, docker-entrypoint.service / .target, docker-entrypoint-stop.sh) are vendored at linux/build/docker/systemd-entrypoint/ rather than COPY'd from the submodule path — Docker build context can only reach below itself, and bumping is tracked in that dir's README. - Container runtime now requires --cgroupns=host, --tmpfs /run, --tmpfs /run/lock, and -v /sys/fs/cgroup:/sys/fs/cgroup:rw so systemd can manage cgroups properly. -t allocates a TTY, satisfying entrypoint.sh's `[ ! -t 0 ] && exit 1` check in CI where stdin is otherwise /dev/null. - User renamed builder → user (uid 1000, passwordless sudo) to match upstream's USER=user / HOME=/home/user convention. chown in build.sh now uses uid 1000:1000 so it's name-agnostic. - Image package list grew to match upstream's derivative-maker-docker-setup (sq stack + dbus + approx + the rest) plus our ISO toolchain (live-build / debootstrap / xorriso / squashfs-tools / etc.). Snapshot.debian.org pinning is preserved (same APT_SNAPSHOT_URL, two-phase install pattern). Verified: Smoke test on 10.0.0.51 — `docker run --rm --privileged --cgroupns=host --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:...:rw -t <image> /bin/bash -c 'echo OK'` — booted systemd, ran the command via docker-entrypoint.service, captured the output, shut down filesystems and exited cleanly. build.sh BUILDER_IMAGE pin → sha256:dc9dd29d…8811. Image rebuilt natively on 10.0.0.51, pushed to docker-registry.silverlabs.uk. The systemctl shim is removed by virtue of the Dockerfile rewrite — real systemd makes it unnecessary. The previous "iter6 / iter7" intermediate digests stay in the registry until we GC; the live one is m1.1-iter8-systemd. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
SilverMetal
Privacy-hardened devices for users who want their privacy back — on whatever platform they have.
SilverMetal is SilverLABS' cross-platform privacy-hardening program. We don't believe in "one true OS" — we meet users on the platform they actually use, and give them the strongest hardening that platform physically allows. Honestly labelled, no marketing fluff.
Two product lines
The SilverMetal program ships two distinct product lines, named to make their scope obvious to buyers:
🔒 SilverMetal OS
We ship the operating system or ROM. Full kernel-level control, our verified-boot key, our update channel. Strongest possible hardening.
- SilverMetal OS — Linux (Debian/Kicksecure-based ISO) — Tier A
- SilverMetal OS — Pixel (GrapheneOS-fork ROM) — Tier B
- SilverMetal OS — Samsung (LineageOS-fork ROM, unlocked-bootloader models) — Tier C
- SilverMetal OS — Motorola (DivestOS/LineageOS-fork ROM) — Tier C
🛡️ SilverMetal Enhanced
We harden the OS your device already runs. Configuration profiles, hardening installers, the SilverLABS Application Stack. For users who can't or won't replace their OS.
- SilverMetal Enhanced — Windows (LTSC IoT installer + hardening + Stack) — Tier C
- SilverMetal Enhanced — macOS (signed config profile + setup script + Stack) — Tier C-D
- SilverMetal Enhanced — iOS (MDM profile + Stack) — Tier D
- SilverMetal Enhanced — Android (generic profile + Stack on existing Android) — Tier D
Tiers explained in docs/platform-matrix.md.
What every SilverMetal device gets
Both lines ship the SilverLABS Application Stack — a suite of cross-platform privacy apps that replace the cloud services your device normally talks to (Google, Apple, Microsoft):
| Component | Status | Purpose |
|---|---|---|
| SilverBrowser | v1 (Linux MVP) | De-Googled, telemetry-free, fingerprint-resistant browser |
| SilverVPN | Existing — see SilverLABS/SilverVPN |
Always-on, no-logs VPN with our own infrastructure |
| SilverSync | v1 (Linux MVP) | Private replacement for iCloud / Google Drive / OneDrive |
| SilverChat | Existing — SilverVPN.Client.Chat, Signal Protocol over VPN transport. Promoted from v1.1 to v1 |
E2EE messenger |
| SilverDuress | v1.1 | Duress password / panic-wipe / anti-coercion |
| SilverKeys | v1.1 | Zero-knowledge password + 2FA manager |
Two ways to get SilverMetal
Every flavour — OS or Enhanced — supports both buyer modes:
"I'm choosing a new device"
Buy a preflashed SilverMetal SKU. We've done all the work; it arrives ready.
"I already own a device and want to harden it"
Download the free SilverLABS Stack + the SilverMetal OS or Enhanced package for your platform. Apply it yourself. Same software, same hardening, no hardware lock-in.
Status
| Component | Status |
|---|---|
| Documentation + roadmap | Initial scaffold complete |
| SilverMetal OS — Linux v1 | Phase 1 — moving to milestone 1.1 (build pipeline) |
| SilverLABS Stack v1 (Browser + Sync) | Planning |
| SilverVPN | Existing product, integration into v1 ISO planned |
| SilverChat | Existing product (SilverVPN.Client.Chat); promoted to v1, integration into v1 ISO planned |
| Other OS/Enhanced flavours | Planning, post-Linux v1 |
See docs/roadmap.md for the milestone-driven plan.
Related repositories
| Repo | Relationship |
|---|---|
SilverLABS/SilverVPN |
The VPN component of the SilverLABS Stack — already in production. SilverMetal integrates it; does not re-implement it |
SilverLABS/SilverApple |
Deprecated. Earlier iOS-hardening prototype, superseded by SilverMetal Enhanced — iOS |
SilverLABS/SilverDROID |
Unrelated (SilverSHELL AppStore Android client). Name is similar but scope is different |
Documentation
docs/threat-model.md— who we defend against, who we don'tdocs/design-principles.md— privacy-by-default, verifiability, honestydocs/platform-matrix.md— full per-platform pros/consdocs/roadmap.md— milestones, ship order, scopedocs/trust-model.md— signing keys, reproducible builds, governance
License
Components carry their own licenses (most are GPL/MIT/Apache-derived from upstream forks). Original SilverLABS-authored glue code is AGPL-3.0-or-later. See LICENSE.
SilverLABS
SilverMetal is built by SilverLABS — privacy-first infrastructure and applications.