Derivative-Maker - Debian based Linux Derivative Maker

From Kicksecure
< Dev
Jump to navigation Jump to search can build Debian Derivatives such as Kicksecure and Whonix.


Existing Derivative-Maker Features[edit]

Essential Derivative-Maker Features[edit]

  • [functionality] build Kicksecure VM images
  • [functionality] build Whonix-Gateway VM images
  • [functionality] build Whonix-Workstation VM images
  • [functionality] download newer packages from third-party repositories such as The Tor Project APT repository and the VirtualBox APT repository
  • [functionality] install Tor Browser by default inside Whonix-Workstation
  • [functionality] supports using APT Cache to speed up builds
  • [functionality] --target virtualbox build VirtualBox ova images
    • [functionality] custom VirtualBox VM settings (VBoxManage modifyvm "$VMNAME" --synthcpu on etc.)
  • [functionality] --target qcow2 build KVM images
    • [functionality] xz archive creation
    • [functionality] adding libvirt xml files to the xz
  • [functionality] default login user account creation, user user / password changeme
  • [stability] exit code checking everywhere
  • [security] does not use non-deterministic binary base boxes (VM images) (which if compromised would compromise the resulting VM image)
  • [security] all digital software signatures are verified
  • [future-proof] prospective support to create deterministic images (once this is generally possible, Derivative-Maker can also learn this)

Non-Essential Derivative-Maker Features[edit]

  • [easy-of-development] step based, build steps case be run manually to speed up development
  • [easy-of-development] injection of custom build steps
  • [customization] building VM images that do not come with a desktop environment
  • [customization] building VM images that do not come with derivative default applications

Undecided Priority Derivative-Maker Features[edit]

  • [functionality] automatically installs all required build dependencies on the host system
  • [functionality] --arch parameter support (--arch amd64 or --arch i386)
  • [functionality] --kernel and --headers parameter support (--kernel linux-image-amd64 --headers linux-headers-amd64)
  • [functionality] install derivative packages from own custom remote repository
  • [functionality] interactive error handler to repeat commands, open a shell or ignore them
  • [functionality] --target root (for physical isolation)
  • [functionality] --target raw build raw images
  • [functionality] install different packages for VirtualBox (virtualbox-guest-x11) and kvm (spice...)
  • [functionality] Separate VirtualBox / KVM builds [1] using --target virtualbox or --target qcow2.
  • [security] build from local self-built apt repository rather than from deterministic remote repository
  • [security] creation of hash sum verification and gpg signatures
  • [security] build images that never had the derivative's remote/binary repository enabled
  • [security] build and install all derivative packages during derivative image build
  • [security] use onion apt sources for building
  • [stability] protection from bad build surprises
    • [stability] break or do not break when uncommitted changes are found
    • [stability] break or do not break from non-tag
  • [customization] --confdir /path/to/config/dir
  • [customization] --tb none|closed|open
    • [customization] none: Do not install Tor Browser.
    • [customization] closed: Fail closed if Tor Browser cannot be installed.
    • [customization] open: Fail open if Tor Browser cannot and installed.
  • [customization] custom VM settings during build (these can of course be manually changed by the user anyhow), supported parameters with examples:
    • [customization] --vmram 128
    • [customization] --vram 12
    • [customization] --vmsize 200G
  • [easy-of-development] easy to implement creating other image types (raw images etc.)
  • [easy-of-development] cleanup command removing temporary files and/or images
  • [easy-of-development] optional build step skipping feature


Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

We believe security software like Kicksecure needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!