SilverLABS/SilverMetal

Fork 0

Files

History

SysAdmin 303f602d38

Build SilverMetal Linux ISO (reproducibility-gated) / builder-image (push) Successful in 1s

Details

Build SilverMetal Linux ISO (reproducibility-gated) / build-and-verify (push) Successful in 35m9s

Details

fix(linux/build): keep file handle open through TF patch loop (M1.1 iter38)

Run #4285 hit:

    Traceback (most recent call last):
      File "<stdin>", line 26, in <module>
    ValueError: seek of closed file

iter37's Python heredoc had the search/seek/write loop OUTSIDE the
`with open(...) as f:` block — the file closes when the `with` body
finishes, and `data = f.read()` was the only statement inside it.
Indent the loop inside the with-suite. No semantic changes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-08 16:06:45 +01:00

build

fix(linux/build): keep file handle open through TF patch loop (M1.1 iter38)

2026-05-08 16:06:45 +01:00

README.md

docs(naming): adopt OS / Enhanced product-line framing + align with existing repos

2026-04-25 03:30:45 +01:00

README.md

SilverMetal OS — Linux

Status: Phase 1 (planning) → moving to milestone 1.1 (reproducible Kicksecure fork build)

🔒 SilverMetal OS product line — we ship the operating system.

The reference SilverMetal flavour. Tier A — full kernel-level hardening, verified boot we control, Debian/Kicksecure-based.

Scope (v1)

See ../docs/roadmap.md Phase 1.

Hardening must-haves

Kicksecure base (Debian-derived, hardened upstream)
linux-hardened kernel + KSPP sysctl/build flags
Secure Boot with our shim/MOK
TPM2 PCR-bound LUKS2 unlock (Argon2id), full-disk encryption mandatory
AppArmor strict profiles for browsers, mail, viewers, networked daemons
GrapheneOS hardened_malloc as system allocator
bubblewrap + Flatpak primary; firejail for legacy .deb
nftables default-deny inbound, encrypted DNS, SilverVPN always-on default
Zero upstream telemetry — verified by integration test
SilverBrowser default (ungoogled-chromium-rebranded v1)
SilverVPN integrated from existing SilverLABS/SilverVPN (Linux client + tunnel service)
SilverSync v1 (Nextcloud-backed, client-side encryption)
A/B updates with rollback, signed by our keys
Optional amnesic session mode

Out of scope (v1)

Atomic / immutable root (v1.1 — ostree experiment)
dm-verity on / (v1.1)
ARM64 / Apple Silicon (v2)
Tor-by-default variant (sibling product later)

Directory layout

linux/
├── build/             # live-build pipeline, reproducible-build config
├── kernel/            # config fragments, linux-hardened pinning
├── overlay/           # /etc + /usr/share/silvermetal + skel hardening overlay
├── packages/
│   ├── include.list   # what's installed
│   └── exclude.list   # what's purged (snap, telemetry, etc.)
├── apparmor/          # custom strict profiles
├── nftables/          # default ruleset
├── installer/         # Calamares branding + hardened defaults
├── update-server/     # signing + repo hosting (infra-as-code)
└── tests/
    ├── lynis-baseline/
    ├── kspp-check/
    └── telemetry-leak/

Verification gates (must pass before public alpha)

Two clean builds from same commit → identical SHA256
kconfig-hardened-check passes
Lynis hardening score ≥ 90
30-min idle telemetry capture: zero packets to MS/Google/Apple/Mozilla/Canonical/Debian/analytics
TPM tamper test: LUKS correctly falls back to passphrase
AppArmor: every networked binary confined or documented
Independent privacy-engineering review

Upstream we depend on

Kicksecure — fork base
linux-hardened — kernel patchset
GrapheneOS hardened_malloc — allocator
KSPP — kernel config authority
secureblue — reference for v1.1 immutable design
SilverLABS/SilverVPN — VPN client + tunnel service (existing, integrated)