[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: make-pgp-clean-room suggestions / patches

(continued from https://lists.debian.org/debian-security/2017/11/msg00009.html )

I seem to be banned from contacting Daniel Pocock by his spam filter, so I decided to write my own scripts, which turned into a rather bigger project than I'd planned on.

Note that while this takes no code from his version, I am *not* trying to start an ongoing independent project: in addition to the generic fragmenting-effort-is-bad reasons, I don't want to be a repository owner of something this sensitive.

- Image creation first creates a local mirror of the needed packages then runs live-build without networking, to work around #718225 (live-build not always authenticating its downloads) and allow building an image from within the liveCD. - Key media can be USB sticks or CDs/DVDs (using the toram parameter to allow removing the boot liveCD). They are kept in sync by startup/shutdown scripts (i.e. _not_ RAIDed).
- Plays an anti-acoustic-cryptanalysis sound during passphrase entry.
- RAM wiping, by either a "fill memory" option of the shutdown script, or memtest86+ (more thorough, but requires BIOS (not EFI) boot and remembering to reboot into it). - Integrity check of the main system: check that file contents are what the packages say they should be. (Unlike tiger's deb_checkmd5sums, if you have the package file in the APT cache this verifies the whole chain back to the liveCD's debian-archive-keyring.)

Known issues:
- Originally designed for my own use: has hardcoded assumptions that are not appropriate for general use. (As it stands, it probably won't even build on systems other than mine, due to the usernames/paths in reproduce.sh / mirror_check_update.py ) - Less focused on ease of use than the original proposal: lacks a menu system.

Networking and Bluetooth are currently hard-disabled by simply omitting the relevant kernel modules from the liveCD (because I didn't fancy an hours-long kernel recompile): this seems to work, but it might be better to do this in a more official way.

Attachment: gpglive.tar.xz
Description: application/xz

Attachment: gpglive.tar.xz.sig
Description: PGP signature

Reply to: