SilverLABS/SilverMetal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
84179b3642507802d68b7e4aa6f075736f654945
SilverMetal/linux
History
SysAdmin 84179b3642
Some checks failed
Build SilverMetal Linux ISO (reproducibility-gated) / builder-image (push) Successful in 1s
Details
Build SilverMetal Linux ISO (reproducibility-gated) / build-and-verify (push) Failing after 37m27s
Details
fix(linux/build): xorriso -return_with SORRY 0 to tolerate MBR size warning (M1.1 iter30) 
iter29 wired up the chroot scrub + squashfs rebuild + ISO patch.
Run #4277 confirmed every actual operation succeeded:

    Updating '/tmp/silvermetal-rebuilt-MFqm7S.squashfs' to '/live/filesystem.squashfs'
    xorriso : UPDATE : Added/overwrote '/live/filesystem.squashfs'  (899m)
    Differences detected and updated. (runtime 0.5 s)
    xorriso : NOTE : Keeping boot image unchanged
    ISO image produced: 506049 sectors
    Writing to '...silvermetal-clean.iso' completed successfully.

…then xorriso re-assessed the freshly-written ISO and raised:

    libburn : SORRY : Read start address 525977s larger than
      number of readable blocks 506240
    libisofs: NOTE : Found Protective MBR with size range larger
      than the medium capacity
    xorriso : NOTE : Tolerated problem event of severity 'SORRY'
    xorriso : NOTE : -return_with SORRY 32 triggered by problem
      severity SORRY

That's the protective MBR header recording the *original* ISO size
(525977 sectors) but our replaced squashfs is smaller, so the new ISO
totals 506240 sectors. The protective MBR is purely a compatibility
shim for tools that don't understand GPT — bootloaders consult the
GPT and El Torito tables, both of which are self-consistent in the
new ISO. The diagnostic is genuinely benign.

xorriso's default `-return_with SORRY 32` made it exit 32, which `set
-e` in build-inner.sh propagated up, killing the build. Add
`-return_with SORRY 0` to the post-process xorriso invocation: keep
the warning visible in the log but accept a SORRY as exit-zero given
the operation reported `completed successfully` for the write itself.

Note: this scoping is *only* on the post-process xorriso. Anywhere
else upstream in derivative-maker can still use xorriso's default
strictness.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-07 22:09:55 +01:00
..
build
fix(linux/build): xorriso -return_with SORRY 0 to tolerate MBR size warning (M1.1 iter30)
2026-05-07 22:09:55 +01:00
README.md
docs(naming): adopt OS / Enhanced product-line framing + align with existing repos
2026-04-25 03:30:45 +01:00

README.md

SilverMetal OS — Linux

Status: Phase 1 (planning) → moving to milestone 1.1 (reproducible Kicksecure fork build)

🔒 SilverMetal OS product line — we ship the operating system.

The reference SilverMetal flavour. Tier A — full kernel-level hardening, verified boot we control, Debian/Kicksecure-based.

Scope (v1)

See ../docs/roadmap.md Phase 1.

Hardening must-haves

  • Kicksecure base (Debian-derived, hardened upstream)
  • linux-hardened kernel + KSPP sysctl/build flags
  • Secure Boot with our shim/MOK
  • TPM2 PCR-bound LUKS2 unlock (Argon2id), full-disk encryption mandatory
  • AppArmor strict profiles for browsers, mail, viewers, networked daemons
  • GrapheneOS hardened_malloc as system allocator
  • bubblewrap + Flatpak primary; firejail for legacy .deb
  • nftables default-deny inbound, encrypted DNS, SilverVPN always-on default
  • Zero upstream telemetry — verified by integration test
  • SilverBrowser default (ungoogled-chromium-rebranded v1)
  • SilverVPN integrated from existing SilverLABS/SilverVPN (Linux client + tunnel service)
  • SilverSync v1 (Nextcloud-backed, client-side encryption)
  • A/B updates with rollback, signed by our keys
  • Optional amnesic session mode

Out of scope (v1)

  • Atomic / immutable root (v1.1 — ostree experiment)
  • dm-verity on / (v1.1)
  • ARM64 / Apple Silicon (v2)
  • Tor-by-default variant (sibling product later)

Directory layout

linux/
├── build/             # live-build pipeline, reproducible-build config
├── kernel/            # config fragments, linux-hardened pinning
├── overlay/           # /etc + /usr/share/silvermetal + skel hardening overlay
├── packages/
│   ├── include.list   # what's installed
│   └── exclude.list   # what's purged (snap, telemetry, etc.)
├── apparmor/          # custom strict profiles
├── nftables/          # default ruleset
├── installer/         # Calamares branding + hardened defaults
├── update-server/     # signing + repo hosting (infra-as-code)
└── tests/
    ├── lynis-baseline/
    ├── kspp-check/
    └── telemetry-leak/

Verification gates (must pass before public alpha)

  • Two clean builds from same commit → identical SHA256
  • kconfig-hardened-check passes
  • Lynis hardening score ≥ 90
  • 30-min idle telemetry capture: zero packets to MS/Google/Apple/Mozilla/Canonical/Debian/analytics
  • TPM tamper test: LUKS correctly falls back to passphrase
  • AppArmor: every networked binary confined or documented
  • Independent privacy-engineering review

Upstream we depend on

  • Kicksecure — fork base
  • linux-hardened — kernel patchset
  • GrapheneOS hardened_malloc — allocator
  • KSPP — kernel config authority
  • secureblue — reference for v1.1 immutable design
  • SilverLABS/SilverVPN — VPN client + tunnel service (existing, integrated)
Reference in New Issue View Git Blame Copy Permalink