SysAdmin
e260fe1c81
Two coupled changes that unblock the M1.1 iter loop. Both belong in CI;
iter1-15 was wrong to require human-in-the-loop steps to make progress.
1. **CI now builds Dockerfile.builder.**
`.gitea/workflows/build-iso-linux.yaml` grows a `builder-image` job
that runs ahead of `build-and-verify`. It rebuilds the silvermetal-
builder image from `linux/build/docker/Dockerfile.builder`, pushes it
to `docker-registry.silverlabs.uk/silvermetal-builder:m1.1-<sha>` (and
`:latest`), reads the resulting digest off `docker inspect`, and
feeds it forward as a job output. `build-and-verify` consumes that
digest as the `BUILDER_IMAGE` env override that `build.sh` already
honours (and validates is digest-form on line ~37).
That kills the old workflow where every Dockerfile.builder change
required a human to `docker build` + `docker push` on 10.0.0.51 by
hand and then bump the digest in `build.sh` in lockstep. The crash
that triggered this (exit 126 mid-iter16 build run) was a symptom of
that off-CI step still existing.
Both jobs run on the existing `silvermetal-builder` runner; the host
docker daemon is shared via DooD and is already authenticated to
`docker-registry.silverlabs.uk` (linux/build/runner/docker-compose.yml
mounts `/root/.docker:/root/.docker:ro`), so no extra login step.
The hardcoded `BUILDER_IMAGE` digest in `build.sh` stays as the
local-developer / offline-rebuild fallback. Comments updated in
`build.sh`, `Dockerfile.builder`, and `linux/build/README.md` to
match the new flow.
2. **reprepro wrapper for the benign "No priority for X" case.**
Pinned derivative-maker's `2100_create-debian-packages` (with
--target iso) re-imports source packages from snapshot.debian.org
into a local apt repo via `reprepro --basedir … includedsc local
<foo>.dsc`. The local repo's `conf/distributions` ships no
`DscOverride` entries, so any source package whose `.dsc` lacks an
explicit Priority field trips:
No priority for 'X', skipping.
There have been errors!
…and reprepro exits 255. dm-reprepro-wrapper bubbles that up,
2100_create-debian-packages aborts. The current offender is
`virtualbox_*.dsc` (key import is now fine — debian-keyring landed in
commit 4aa59ba — but the priority field gap remains). VirtualBox is
not in SilverMetal's `--target iso` set, so the sane behaviour is
"log it, continue".
New `linux/build/docker/silvermetal-reprepro-wrap.sh` shadows
`/usr/bin/reprepro` at `/usr/local/bin/reprepro` (PATH precedence).
It runs the real reprepro, captures merged stdout+stderr, and:
- if rc != 0 AND every non-blank output line matches one of the
known-benign patterns ("No priority for 'X', skipping." plus the
trailing "There have been errors!"), emits the output, logs one
line of explanation to stderr, and exits 0;
- otherwise emits the output and propagates rc unchanged.
Any *other* reprepro error path stays fatal — only the specific
"No priority for X" pattern is neutralised. `dm-reprepro-wrapper`
resolves `reprepro` via `\$PATH` so it picks up the wrapper
transparently.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
SilverMetal
Privacy-hardened devices for users who want their privacy back — on whatever platform they have.
SilverMetal is SilverLABS' cross-platform privacy-hardening program. We don't believe in "one true OS" — we meet users on the platform they actually use, and give them the strongest hardening that platform physically allows. Honestly labelled, no marketing fluff.
Two product lines
The SilverMetal program ships two distinct product lines, named to make their scope obvious to buyers:
🔒 SilverMetal OS
We ship the operating system or ROM. Full kernel-level control, our verified-boot key, our update channel. Strongest possible hardening.
- SilverMetal OS — Linux (Debian/Kicksecure-based ISO) — Tier A
- SilverMetal OS — Pixel (GrapheneOS-fork ROM) — Tier B
- SilverMetal OS — Samsung (LineageOS-fork ROM, unlocked-bootloader models) — Tier C
- SilverMetal OS — Motorola (DivestOS/LineageOS-fork ROM) — Tier C
🛡️ SilverMetal Enhanced
We harden the OS your device already runs. Configuration profiles, hardening installers, the SilverLABS Application Stack. For users who can't or won't replace their OS.
- SilverMetal Enhanced — Windows (LTSC IoT installer + hardening + Stack) — Tier C
- SilverMetal Enhanced — macOS (signed config profile + setup script + Stack) — Tier C-D
- SilverMetal Enhanced — iOS (MDM profile + Stack) — Tier D
- SilverMetal Enhanced — Android (generic profile + Stack on existing Android) — Tier D
Tiers explained in docs/platform-matrix.md.
What every SilverMetal device gets
Both lines ship the SilverLABS Application Stack — a suite of cross-platform privacy apps that replace the cloud services your device normally talks to (Google, Apple, Microsoft):
| Component | Status | Purpose |
|---|---|---|
| SilverBrowser | v1 (Linux MVP) | De-Googled, telemetry-free, fingerprint-resistant browser |
| SilverVPN | Existing — see SilverLABS/SilverVPN |
Always-on, no-logs VPN with our own infrastructure |
| SilverSync | v1 (Linux MVP) | Private replacement for iCloud / Google Drive / OneDrive |
| SilverChat | Existing — SilverVPN.Client.Chat, Signal Protocol over VPN transport. Promoted from v1.1 to v1 |
E2EE messenger |
| SilverDuress | v1.1 | Duress password / panic-wipe / anti-coercion |
| SilverKeys | v1.1 | Zero-knowledge password + 2FA manager |
Two ways to get SilverMetal
Every flavour — OS or Enhanced — supports both buyer modes:
"I'm choosing a new device"
Buy a preflashed SilverMetal SKU. We've done all the work; it arrives ready.
"I already own a device and want to harden it"
Download the free SilverLABS Stack + the SilverMetal OS or Enhanced package for your platform. Apply it yourself. Same software, same hardening, no hardware lock-in.
Status
| Component | Status |
|---|---|
| Documentation + roadmap | Initial scaffold complete |
| SilverMetal OS — Linux v1 | Phase 1 — moving to milestone 1.1 (build pipeline) |
| SilverLABS Stack v1 (Browser + Sync) | Planning |
| SilverVPN | Existing product, integration into v1 ISO planned |
| SilverChat | Existing product (SilverVPN.Client.Chat); promoted to v1, integration into v1 ISO planned |
| Other OS/Enhanced flavours | Planning, post-Linux v1 |
See docs/roadmap.md for the milestone-driven plan.
Related repositories
| Repo | Relationship |
|---|---|
SilverLABS/SilverVPN |
The VPN component of the SilverLABS Stack — already in production. SilverMetal integrates it; does not re-implement it |
SilverLABS/SilverApple |
Deprecated. Earlier iOS-hardening prototype, superseded by SilverMetal Enhanced — iOS |
SilverLABS/SilverDROID |
Unrelated (SilverSHELL AppStore Android client). Name is similar but scope is different |
Documentation
docs/threat-model.md— who we defend against, who we don'tdocs/design-principles.md— privacy-by-default, verifiability, honestydocs/platform-matrix.md— full per-platform pros/consdocs/roadmap.md— milestones, ship order, scopedocs/trust-model.md— signing keys, reproducible builds, governance
License
Components carry their own licenses (most are GPL/MIT/Apache-derived from upstream forks). Original SilverLABS-authored glue code is AGPL-3.0-or-later. See LICENSE.
SilverLABS
SilverMetal is built by SilverLABS — privacy-first infrastructure and applications.