'Re: [Secure Desktops] How to build subgraph from source code?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secure-desktops
Subject:    Re: [Secure Desktops] How to build subgraph from source code?
From:       David McKinney <mckinney () subgraph ! com>
Date:       2016-05-17 21:31:01
Message-ID: 20160517213101.GA4751 () subgraph
[Download RAW message or body]

On Wed, May 04, 2016 at 06:23:54PM +0000, Patrick Schleizer wrote:
> David McKinney:
> > Subgraph OS ISOs are built using Debian live-build.                                      
> >                                                                                    
> > The live-config is here:                                                           
> > https://github.com/subgraph/subgraph_desktop_stretch                               
> >                                                                                    
> > However, at the moment just running this in live-build will not be sufficient   
> > to create an ISO. A few extra things are required:                                 
> > 1. Kernel packages must be dropped into the live-build and the config must         
> > specify the correct kernel version                                                 
> > 
> > 2. Live-build must be patched, see:                                                
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816204                    
> > 
> > 3. Occasionally other Debian packages must be dropped into the live config to   
> > fix dependencies if packages get removed from testing or are broken.               
> > 
> > 4. A few live-config variables are set dynamically at runtime (for staging and 
> > testing different build scenarios, pointing to an apt-cache, dealing with
> > occasional debian-installer probz, etc.)    
> 
> This sounds rather difficult.

It is more difficult for others to build than for us but we do plan to
address this.

> Did you consider being based on Debian stable?

We considered it and decided against it.

> Otherwise stability to build released versions can be gained by using
> http://snapshot.debian.org. They are providing frozen states of the
> Debian testing repository and more. So if you released a version that
> was build using snapshot.debian.org, then issues like 3. should not
> happen at all. snapshot.debian.org is also a prerequisite for
> deterministic builds.

We're setting up our own repos that will allow us to stage stuff from
testing and provide snapsnots. It will also make it easier to live-build
Subgraph OS as the patched version can be obtained from our repository.

_______________________________________________
Desktops mailing list
Desktops@secure-os.org
https://secure-os.org/cgi-bin/mailman/listinfo/desktops

[prev in list] [next in list] [prev in thread] [next in thread] 