Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Pirate Linux 2.0 alpha
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
akarmn
n00b
n00b


Joined: 08 May 2012
Posts: 8

PostPosted: Thu Apr 03, 2014 7:22 pm    Post subject: Pirate Linux 2.0 alpha Reply with quote

Hi,

Just released this distro. I have been working on something similar since over 2 years, but it started out as an Ubuntu based distro, and now it is fully transitioned into Gentoo. The goal is enhance privacy and transparency, and route around censorship. Being a source based (meta) distro, Gentoo definitely helps with the transparency aspect of it.

For now it's a Live DVD, but as a next step, I want to create an installer that automatically emerges all the packages to create the distro, starting from just the stage 3 tarball. Compiling from source like this is not just to optimize the performance or speed of the operating system, but to minimize the amount of binary programs that a user must trust. It is virtually impossible to audit binary programs for backdoors (intentional or accidental), or just in general, to make sure that they do what they're supposed to do. Whenever you install a binary program, you are trusting the person who (cryptographically) signed the package that it does what the source code says it does. Compiling from source (the Gentoo way) helps to remove this requirement of trust. Even if you do not read the source code yourself, there are many people around the world who can read the source code and verify its correctness. There is still of course, the problem of trusting the compiler and the stage 3 tarball, but at least we are moving in the right direction.

I am currently the only developer of this software, and have other full time commitments, so development is quite slow. So it would help to have more people contributing. If you would like to contribute, please contact me.

Link for more information: https://piratelinux.org/?p=567

Thanks,
Andrew
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 33262
Location: 56N 3W

PostPosted: Thu Apr 03, 2014 8:31 pm    Post subject: Reply with quote

akarmn,

You do not need to trust the stage3, just a few of its components.
The stage3 can be used to do a stage1 install.

You can also install packages into a $ROOT of your choosing, so you build everything. It all depends on your level of paranoia.
crossdev and gentoo-prefix both do this.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
krinn
Advocate
Advocate


Joined: 02 May 2003
Posts: 4704

PostPosted: Thu Apr 03, 2014 9:27 pm    Post subject: Reply with quote

I can't say i get it...


If goal was to transform ubuntu into a source base distro, a kind of "unbentoo" to make sure you won't provide binary but compile them. I think i get the picture.

But swapping ubuntu base for gentoo base, the goal is now : transform gentoo to be... "gentoo" ???
Back to top
View user's profile Send private message
khayyam
Advocate
Advocate


Joined: 07 Jun 2012
Posts: 2949

PostPosted: Thu Apr 03, 2014 11:34 pm    Post subject: Reply with quote

krinn wrote:
I can't say i get it...

krinn ... the idea, I think, is to provide a CD bootable OS with certain security inhancements, I assume somewhat similar to Tails, or Tin Hat Linux.

I think you're completely misunderstanding the comment re Ubuntu, what is ment is that the project started out based on Ubuntu, but is now Gentoo based ... at least thats how I read the statement.

best ... khay
Back to top
View user's profile Send private message
krinn
Advocate
Advocate


Joined: 02 May 2003
Posts: 4704

PostPosted: Fri Apr 04, 2014 12:13 am    Post subject: Reply with quote

khayyam wrote:
I think you're completely misunderstanding

I've been honest saying : I can't say i get it... :)
Back to top
View user's profile Send private message
akarmn
n00b
n00b


Joined: 08 May 2012
Posts: 8

PostPosted: Fri Apr 04, 2014 6:47 pm    Post subject: Reply with quote

NeddySeagoon: Yes I am aware, but I'm trying to keep it simple for now, and in general, follow the Gentoo handbook as much as possible (I don't think stage1 install is supported now). My dream would be to bootstrap everything from source, perhaps with a compiler written in assembly language that compiles GCC, which then compiles the kernel and toolchain...Something like TCCBOOT (http://bellard.org/tcc/tccboot.html‎) gives me hope. I haven't heard of crossdev or gentoo-prefix before, so I will have to take a look. Thanks.

krinn: As khayyam said, the name "Pirate Linux" used to refer to an Ubuntu based distro, but now it is a Gentoo based distro. I try to follow the official Gentoo handbook and wiki as much as possible to install a standard Gentoo system, and the only packages not from the official Gentoo ebuild repository are the ones from the repository I made for this project (https://github.com/piratelinux/piratepack-overlay-testing). So it's basically Gentoo + PiratePack, and you can always refer to the the official Gentoo documentation as a source of documentation for the distro.

khayyam: It is made more for general purpose use than those distros you mentioned, and it is not just security enhancements, it is also privacy,transparency,anti-censorship enhancements. The live DVD is just a way to preview how it should look. The end goal is to make a distro that installs on your hard drive (encrypted).
Back to top
View user's profile Send private message
khayyam
Advocate
Advocate


Joined: 07 Jun 2012
Posts: 2949

PostPosted: Fri Apr 04, 2014 10:17 pm    Post subject: Reply with quote

akarmn wrote:
My dream would be to bootstrap everything from source, perhaps with a compiler written in assembly language that compiles GCC, which then compiles the kernel and toolchain...

akarmn ... Aboriginal Linux immediately comes to mind (... "a shell script that builds the smallest/simplest linux system capable of rebuilding itself from source code"). Though I think perhaps this idea will not necessarily integrate well with gentoo's build process. A stage1 (or emerge --emptytree on a stage3) may well be a better. Actually, automating the process (particularly if trying to bootstrap from another build system and/or compiler) may not work out well for your installer ... there are just *too many* things that can go wrong.

akarmn wrote:
khayyam: It is made more for general purpose use than those distros you mentioned, and it is not just security enhancements, it is also privacy,transparency,anti-censorship enhancements. The live DVD is just a way to preview how it should look. The end goal is to make a distro that installs on your hard drive (encrypted).

Well, "privacy, etc" is pretty much what Tails is aiming at ... anyhow, I was just making a comparison with something krinn might be familiar with, and having read the "Features" page that comparison was an easy one to make.

The penny dropped and I now think I understand what krinn was pointing at ... given that gentoo is a meta-distribution, and that any ebuild not available via portage can be installed via your overlay, this (your distribution) could very well be done as a gentoo install. So, really your intent is to make this more of an install method (which is fair enough) but like any "security, privacy, etc" feature, this is not something people interested in these things generally want to outsource, if only as they want to be sure its done properly. For instance, encrypting the hardisk, will your installer wipe the disk and/or write random data to it before initialising the dm-crypt? This will be a looooong process (dependent on disk size it could take upwards of 24hrs), and it somewhat goes against the very idea of an "easy install" (at least the expectation of time required). Similarly, if you intend to bootstrap the entire system, its time consuming, and installers are notoriously intolerant of errors, and other unforeseen events. Another factor here is the choices you've made as to what should be installed (UI, etc) ... its these choices that users generally turn to gentoo for. I could go on but I think you get the general gist of what I'm aiming at ... your somewhat taking the user out of the equation, and this (the trade off between "ease", etc, and the requirements made by a technical understanding of the problem) makes for a situation in which two separate concerns are pulling in two different directions.

For a liveDVD/USB this issue isn't so prevalent, its pretty much a static release with all the choices made ... but as a distribution you're somewhat overlooking the way in which gentoo is different from other distributions (its not, as is heard often, just about compiling/optimising the code) ... its the fact that the user is able to make all those choices that the distribution generally makes.

I don't mean any of this as a criticism, or to knock your effort, its just that even the idea of an installer is a majorly complex task (search the forum for various examples of this from the past) and if you are to support it, and your users, its going to be quite labour intensive. A LiveDVD/USB on the other hand is fairly straightforward release wise, but if you look at a project like sysrescuecd (gentoo based) it still requires some considerable work to keep on top of bugs, make improvements, etc (see their bugtracker and user forum).

So, while there is a definite need of such a focus ("privacy, transparency, anti-censorship", etc) it may be something that is really hard to deliver, particularly if the user is somewhat disconnected from the process. Gentoo, as you no doubt know, has the user as a central hub around which the various technical questions revolve ... and a security/privacy/etc enhanced install is one possible use case. Without the user (and a development/user community to turn to for advice, etc) such a use case becomes less viable, both in terms of the technical decisions, and the level of work required to provide it.

best ... khay
Back to top
View user's profile Send private message
akarmn
n00b
n00b


Joined: 08 May 2012
Posts: 8

PostPosted: Sat Apr 05, 2014 12:41 am    Post subject: Reply with quote

khayyam wrote:

akarmn ... Aboriginal Linux immediately comes to mind (... "a shell script that builds the smallest/simplest linux system capable of rebuilding itself from source code"). Though I think perhaps this idea will not necessarily integrate well with gentoo's build process. A stage1 (or emerge --emptytree on a stage3) may well be a better. Actually, automating the process (particularly if trying to bootstrap from another build system and/or compiler) may not work out well for your installer ... there are just *too many* things that can go wrong.


Thanks for the link to Aboriginal Linux. It is the first time I've seen it.

khayyam wrote:

The penny dropped and I now think I understand what krinn was pointing at ... given that gentoo is a meta-distribution, and that any ebuild not available via portage can be installed via your overlay, this (your distribution) could very well be done as a gentoo install. So, really your intent is to make this more of an install method (which is fair enough) but like any "security, privacy, etc" feature, this is not something people interested in these things generally want to outsource, if only as they want to be sure its done properly. For instance, encrypting the hardisk, will your installer wipe the disk and/or write random data to it before initialising the dm-crypt? This will be a looooong process (dependent on disk size it could take upwards of 24hrs), and it somewhat goes against the very idea of an "easy install" (at least the expectation of time required). Similarly, if you intend to bootstrap the entire system, its time consuming, and installers are notoriously intolerant of errors, and other unforeseen events. Another factor here is the choices you've made as to what should be installed (UI, etc) ... its these choices that users generally turn to gentoo for. I could go on but I think you get the general gist of what I'm aiming at ... your somewhat taking the user out of the equation, and this (the trade off between "ease", etc, and the requirements made by a technical understanding of the problem) makes for a situation in which two separate concerns are pulling in two different directions.


For the encryption, the plan is to use LUKS/dm-crypt, and no wiping the disk before hand. Yes I understand errors can occur during the compilation process, and this is what I will try to minimize. If the installation halts and the user can't manually get it working, then at least there will be the live DVD for them to use. Yes, I know Gentoo is designed for maximum choice and customization, but I think it would still work well for some users if the installation is automated with standard defaults. Not many people have the patience or ability to install Gentoo from stage3, so it can bring more of these people into using it. Later, if they wish they can emerge/unmerge what they don't want. I'm not sure what you mean by "taking the user out of the equation". The main goal is to empower users, and not just the technically able, but also those who are less experienced in this area.

But yes, making the OS easy to use for regular people is a difficult problem, but something that I think is worth pursuing. If I'm the only developer, then it will probably just continue being my hobby and I will keep releasing what I do once in a while. But if a few more (motivated) people are interested in contributing then I think we can make a big impact. And if you regularly use Gentoo, then it should be quite easy to get involved.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum