SysAdmin
4aa59ba633
Run #4260 cleared every harness layer and ran for 18 minutes — past sanity-tests, prepare-build-machine, cowbuilder-setup, local-deps — into 2100_create-debian-packages, where it died on: Could not check validity of signature with '92978A6E195E4921825F7FF0F34F09744E9F5DD9' in '/home/user/derivative-binary/temp_packages_debian_sid/virtualbox_7.2.8-dfsg-1.dsc' as public key missing! …and then *also* hung the runner indefinitely because, on any error, derivative-maker's exception_handler_general detected a TTY (we passed `docker run -t`) and dropped into an interactive `read -p 'Answer? '` prompt that nothing was ever going to answer. The orphan docker run in turn orphaned the act_runner job container, blocking the runner until manual cleanup. Three coordinated fixes, validated end-to-end with docker-side smoke tests on 10.0.0.51: 1. **Non-interactive mode without losing output visibility.** The original architectural goal: keep derivative-maker out of interactive mode (`[ -t 0 ]` must be false) AND keep the build log visible to docker run / Gitea Actions (PTY needed somewhere). Resolution: - `docker run -t` is kept (required for /dev/console to be a real PTY back to docker), but no `-i`, so fd 0 stays /dev/null. - docker-entrypoint.service: `StandardInput=tty-force` → `StandardInput=null` so the service's fd 0 is /dev/null too. Verified inside the container: `[ -t 0 ]` returns false. - entrypoint.sh now wraps the user command with an explicit `> /dev/console 2>&1` redirect before writing it to /etc/docker-entrypoint-cmd. systemd's `StandardOutput=inherit` does NOT propagate PID-1's stdout to services in this PID-1- systemd-in-container topology — the service log was going nowhere visible. /dev/console under `docker run -t` IS the allocated PTY back to docker, so the redirect surfaces the log to the act_runner / Gitea Actions log. - entrypoint.sh's `[ ! -t 0 ] && exit 1` guard removed (it would now always trigger). 2. **debian-keyring for reprepro source-package signature checks.** 2100_create-debian-packages calls dm-reprepro-wrapper includedsc on every .dsc in temp_packages_debian_sid (including virtualbox_*.dsc, even for `--target iso` — see line 114 of that build step). reprepro verifies the dsc signature against the user's GPG keyring; without the maintainer keys it fails. Adds `debian-keyring` to Dockerfile.builder. build-inner.sh now imports debian-keyring.gpg / debian-maintainers.gpg / debian-nonupload.gpg into the user's keyring before running derivative-maker. 3. **BUILDER_IMAGE digest re-pinned.** Built natively on 10.0.0.51 (per memory: never on WSL/aarch64). New digest: sha256:2f680c96…f0db. Smoke-test results (against this exact image): ==> START ← user output reaches docker stdout (keyring present) ← debian-keyring imported successfully STDIN_NOT_TTY ← derivative-maker WILL stay non-interactive ==> END ← clean shutdown docker run exit: 42 ← exit code propagates correctly on failure Files: Dockerfile.builder, systemd-entrypoint/entrypoint.sh, systemd-entrypoint/docker-entrypoint.service, scripts/build.sh, scripts/build-inner.sh. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
SilverMetal
Privacy-hardened devices for users who want their privacy back — on whatever platform they have.
SilverMetal is SilverLABS' cross-platform privacy-hardening program. We don't believe in "one true OS" — we meet users on the platform they actually use, and give them the strongest hardening that platform physically allows. Honestly labelled, no marketing fluff.
Two product lines
The SilverMetal program ships two distinct product lines, named to make their scope obvious to buyers:
🔒 SilverMetal OS
We ship the operating system or ROM. Full kernel-level control, our verified-boot key, our update channel. Strongest possible hardening.
- SilverMetal OS — Linux (Debian/Kicksecure-based ISO) — Tier A
- SilverMetal OS — Pixel (GrapheneOS-fork ROM) — Tier B
- SilverMetal OS — Samsung (LineageOS-fork ROM, unlocked-bootloader models) — Tier C
- SilverMetal OS — Motorola (DivestOS/LineageOS-fork ROM) — Tier C
🛡️ SilverMetal Enhanced
We harden the OS your device already runs. Configuration profiles, hardening installers, the SilverLABS Application Stack. For users who can't or won't replace their OS.
- SilverMetal Enhanced — Windows (LTSC IoT installer + hardening + Stack) — Tier C
- SilverMetal Enhanced — macOS (signed config profile + setup script + Stack) — Tier C-D
- SilverMetal Enhanced — iOS (MDM profile + Stack) — Tier D
- SilverMetal Enhanced — Android (generic profile + Stack on existing Android) — Tier D
Tiers explained in docs/platform-matrix.md.
What every SilverMetal device gets
Both lines ship the SilverLABS Application Stack — a suite of cross-platform privacy apps that replace the cloud services your device normally talks to (Google, Apple, Microsoft):
| Component | Status | Purpose |
|---|---|---|
| SilverBrowser | v1 (Linux MVP) | De-Googled, telemetry-free, fingerprint-resistant browser |
| SilverVPN | Existing — see SilverLABS/SilverVPN |
Always-on, no-logs VPN with our own infrastructure |
| SilverSync | v1 (Linux MVP) | Private replacement for iCloud / Google Drive / OneDrive |
| SilverChat | Existing — SilverVPN.Client.Chat, Signal Protocol over VPN transport. Promoted from v1.1 to v1 |
E2EE messenger |
| SilverDuress | v1.1 | Duress password / panic-wipe / anti-coercion |
| SilverKeys | v1.1 | Zero-knowledge password + 2FA manager |
Two ways to get SilverMetal
Every flavour — OS or Enhanced — supports both buyer modes:
"I'm choosing a new device"
Buy a preflashed SilverMetal SKU. We've done all the work; it arrives ready.
"I already own a device and want to harden it"
Download the free SilverLABS Stack + the SilverMetal OS or Enhanced package for your platform. Apply it yourself. Same software, same hardening, no hardware lock-in.
Status
| Component | Status |
|---|---|
| Documentation + roadmap | Initial scaffold complete |
| SilverMetal OS — Linux v1 | Phase 1 — moving to milestone 1.1 (build pipeline) |
| SilverLABS Stack v1 (Browser + Sync) | Planning |
| SilverVPN | Existing product, integration into v1 ISO planned |
| SilverChat | Existing product (SilverVPN.Client.Chat); promoted to v1, integration into v1 ISO planned |
| Other OS/Enhanced flavours | Planning, post-Linux v1 |
See docs/roadmap.md for the milestone-driven plan.
Related repositories
| Repo | Relationship |
|---|---|
SilverLABS/SilverVPN |
The VPN component of the SilverLABS Stack — already in production. SilverMetal integrates it; does not re-implement it |
SilverLABS/SilverApple |
Deprecated. Earlier iOS-hardening prototype, superseded by SilverMetal Enhanced — iOS |
SilverLABS/SilverDROID |
Unrelated (SilverSHELL AppStore Android client). Name is similar but scope is different |
Documentation
docs/threat-model.md— who we defend against, who we don'tdocs/design-principles.md— privacy-by-default, verifiability, honestydocs/platform-matrix.md— full per-platform pros/consdocs/roadmap.md— milestones, ship order, scopedocs/trust-model.md— signing keys, reproducible builds, governance
License
Components carry their own licenses (most are GPL/MIT/Apache-derived from upstream forks). Original SilverLABS-authored glue code is AGPL-3.0-or-later. See LICENSE.
SilverLABS
SilverMetal is built by SilverLABS — privacy-first infrastructure and applications.