mrrl

Minimal Reliable Reproducible Linux
git clone https://ccx.te2000.cz/git/mrrl
Log | Files | Refs | Submodules | README

README (6283B)

      1 Minimal Reliable Reproducible Linux
      2 ===================================
      3 
      4 Intent of this project is to build robust, minimal Linux-based system that is
      5 just enough to boot, start some containers (via s6 and busybox unshare),
      6 and also is able to rebuild itself.
      7 
      8 It should be fully compatible with installation as a software overlay over
      9 existing Linux distributions.
     10 
     11 The robustnes should come from two design decisions:
     12 * packaging simple software that does it's job right
     13 * using filesystem layout that supports fully parallel installation with atomic
     14   switchover, including configuration
     15 
     16 See:
     17 * https://ccx.te2000.cz/stagit/pthbs/ for package manager code
     18 * https://ccx.te2000.cz/stagit/pthbs_genpkgpy/ for package generator
     19 
     20 Requirements
     21 ------------
     22 
     23 The bootstrap is done by compiling musl-cross-make, GNU make and busybox.
     24 Eventual goal is not to need anything above requirements of these packages,
     25 however these non-critical components are not yet implemented in a
     26 bootstrapped fashion:
     27 
     28 Package generation
     29 ~~~~~~~~~~~~~~~~~~
     30 
     31 As of now package scripts are generated from Jinja2 templates and Python3.
     32 The pthbs_genpkgpy submodule will create venv for it's dependencies using current
     33 `python3` executable when missing.
     34 See `pthbs_genpkgpy/genpkgpy.mk` for details.
     35 This is not needed for package builds, but it's needed when any package is altered
     36 (including system configuration).
     37 
     38 Build sandbox
     39 ~~~~~~~~~~~~~
     40 
     41 * pthbs/sandbox/ns_sandbox.py (root)
     42 
     43   Isolates build using Linux namespaces.
     44   Requires Python3 (for now) and rootfs tarball.
     45 
     46 * pthbs/sandbox/ns_sandbox.py (user namespaces)
     47 
     48   As above, but can be run under regular user provided user namespaces are enabled.
     49 
     50 * syd-lock (unprivileged user with landlock)
     51 
     52   From https://gitlab.exherbo.org/sydbox/sydbox
     53   Isolates build using Landlock without remounting.
     54   Requires argv0exec trampoline at /bin/sh and /usr/bin/env.
     55 
     56 Work in progress
     57 ----------------
     58 
     59 * bootstrap argv0exec and sandbox chroot image
     60 * example versioned system configuration including init
     61 * TLS certificates (currently messy, do not trust it to be secure)
     62 * cgroup-tools (cgconfigparser)
     63 * adding acl and xattr support to rsync
     64 * remove non-upstream autotools output bundles if possible
     65 
     66 Packages
     67 --------
     68 
     69 first-party
     70 ~~~~~~~~~~~
     71 
     72  * aat | git submodule
     73  * alpine-keys | git submodule
     74  * applyuidgid-caps | bundled | files/applyuidgid-caps.c
     75  * ccx-utils | git submodule
     76  * confz | git submodule
     77  * container-bin-image | composition of other packages
     78  * containers | git submodule
     79  * fileset | git submodule
     80  * logincaps | git submodule
     81  * pthbs-banginstall | bundled | files/pthbs-banginstall
     82  * snaprep | git submodule
     83  * system-config | git submodule
     84  * system-config-scripts | git submodule
     85  * system-config-zsh | git submodule
     86  * user-env | bundled | files/user-env
     87 
     88 third-party
     89 ~~~~~~~~~~~
     90 
     91  * musl-cross-make | git | v0.9.10-19-g6f3701d
     92    * binutils-2.33.1.tar.xz
     93    * gcc-11.2.0.tar.xz
     94    * gmp-6.1.2.tar.bz2
     95    * linux-6.5.4.tar.xz
     96    * linux-6.5.4/0001-no-rsync-headers.diff
     97    * mpc-1.1.0.tar.gz
     98    * mpfr-4.0.2.tar.bz2
     99    * musl-1.2.5.tar.gz
    100 
    101  * acl | tar.gz | acl-2.3.2
    102  * acl | UNUSED
    103  * apk-tools | git | v2.14.10
    104  * argp-standalone | tar.gz (github tag) | argp-standalone-1.5.0
    105  * attr | tar.gz | attr-2.5.2
    106  * attr | UNUSED
    107  * bison | tar.xz | bison-3.8.2
    108  * busybox | git | 1_37_0-62-g887295686
    109    * subpackage: busybox-diffutils
    110    * subpackage: busybox-kbd | UNUSED
    111    * subpackage: busybox-login
    112  * ca-certificates-wip-donotuse | tar.bz2 (Alpine) | ca-certificates-20241121
    113  * certdata2pem
    114  * containers
    115  * curl | tar.xz | curl-8.6.0
    116  * diffutils | tar.xz | diffutils-3.10
    117  * easyseccomp | git | TODO
    118  * error-standalone | tar.gz | error-standalone-2.0
    119  * execline | git | v2.9.6.1-3-g7390d0e
    120  * fileset
    121  * flex | tar.gz | flex-2.6.4
    122  * getconf | https://dev.gentoo.org/~blueness/musl-misc/getconf.c
    123  * getent | https://gitlab.alpinelinux.org/alpine/aports/-/raw/93a08815f8598db442d8b766b463d0150ed8e2ab/main/musl/getent.c
    124  * git | git | v2.49.0
    125  * gnu-make | tar.gz | make-4.4.1
    126  * gperf | tar.gz | gperf-3.1
    127  * iconv | https://dev.gentoo.org/~blueness/musl-misc/iconv.c
    128  * kbd | tar.gz | kbd-2.6.4
    129  * libarchive | tar.xz | libarchive-3.7.2
    130  * libbsd | tar.xz | libbsd-0.11.8
    131  * libcap | git | cap/v1.2.76-rc3-1-g4425764
    132  * libcap | tar.xz | libcap-2.69
    133  * libcgroup | tar.gz | libcgroup-3.0.0
    134  * libcgroup | UNUSED
    135  * libelf | git | v0.193
    136  * libmd | tar.xz | libmd-1.1.0
    137  * libressl | tar.gz | libressl-3.8.2
    138  * libretls | UNUSED
    139  * libseccomp | tar.gz | libseccomp-2.6.0
    140  * libunwind | tar.gz | libunwind-1.8.1
    141  * linux kernel | linux-6.1.34 | TODO: build fully-featured kernel for real hardware
    142  * m4 | tar.gz | m4-1.4.19 --disable-nls
    143  * mdev-conf | git | 4.7-3-g3956343
    144  * mdev-scripts | TODO
    145  * mdevd | git | v0.1.6.5
    146  * musl-fts | tar.gz | musl-fts-1.2.7 | https://github.com/void-linux/musl-fts/archive/refs/tags/v1.2.7.tar.gz
    147  * musl-fts | UNUSED
    148  * netbsd-curses | git | v0.3.2-8-g51d179d
    149  * openssl | UNUSED
    150  * openssl | tar.gz | openssl-3.3.3
    151  * patch | tar.xz | patch-2.7.6
    152  * patchelf | git | 0.18.0-45-g523f401
    153  * pkgconf | tar.xz | pkgconf-2.1.1
    154    * subpackage: pkgconf-pkg-config
    155  * popt | tar.xz | popt-1.19
    156  * rsync | tar.gz | rsync-3.2.7 | TODO: add acl and xattr support
    157  * s6 | git | v2.13.1.0-1-g8e22cbe
    158  * s6-dns | git | v2.4.0.0-1-g2498773
    159  * s6-linux-init | git | v1.1.2.1
    160  * s6-linux-utils | git | v2.6.2.1
    161  * s6-networking | git | v2.7.0.4
    162  * s6-portable-utils | git | v2.3.0.4
    163  * s6-rc | git | v0.5.5.0-3-g8f29b68
    164  * skalibs | git | v2.14.3.0-2-g715b046
    165  * strace | tar.xz | strace-6.13
    166  * tcb | git | tcb-1.2-43-g0381211
    167  * xbps | tar.gz | xbps-0.59.2
    168  * zsh | git | zsh-5.9-532-g435cb1b74 | UNUSED
    169  * zsh | tar.gz | zsh-5.9 | TODO: statically link more modules
    170  * zstd | tar.gz | zstd-1.5.5
    171 
    172  * patchelf:bootstrap | UNUSED
    173  * busybox:bootstrap
    174  * gnu-make:bootstrap
    175  * musl-cross-make:bootstrap-0
    176    * binutils-2.33.1.tar.xz
    177    * gcc-9.4.0.tar.xz
    178    * gmp-6.1.2.tar.bz2
    179    * linux-headers-4.19.88-2.tar.xz
    180    * mpc-1.1.0.tar.gz
    181    * mpfr-4.0.2.tar.bz2
    182    * musl-1.2.5.tar.gz
    183  * musl-cross-make:bootstrap-1
    184    * binutils-2.33.1.tar.xz
    185    * gcc-11.2.0.tar.xz
    186    * gmp-6.1.2.tar.bz2
    187    * linux-headers-4.19.88-2.tar.xz
    188    * mpc-1.1.0.tar.gz
    189    * mpfr-4.0.2.tar.bz2
    190    * musl-1.2.5.tar.gz