Derivative-Maker - Debian based Linux Derivative Maker
< Dev
(Redirected from Dev/derivative-maker)Derivative-Maker can build Debian Derivatives such as Kicksecure and Whonix.
Introduction[edit]
- https://www.whonix.org/wiki/Dev/Porting#Porting_Simplicity
- https://www.whonix.org/wiki/Dev/Virtualization_Platform#Other_Virtualization_Platforms
Existing Derivative-Maker Features[edit]
Essential Derivative-Maker Features[edit]
- [functionality] build Kicksecure VM images
- [functionality] build Whonix-Gateway VM images
- [functionality] build Whonix-Workstation VM images
- [functionality] download newer packages from third-party repositories such as The Tor Project APT repository and the VirtualBox APT repository
- [functionality] install Tor Browser by default inside Whonix-Workstation
- [functionality] supports using APT Cache to speed up builds
- [functionality]
--target virtualbox
build VirtualBox ova images- [functionality] custom VirtualBox VM settings (
VBoxManage modifyvm "$VMNAME" --synthcpu on
etc.)
- [functionality] custom VirtualBox VM settings (
- [functionality]
--target qcow2
build KVM images- [functionality]
xz
archive creation - [functionality] adding
libvirt
xml
files to thexz
- [functionality]
- [functionality] default login user account creation, user
user
/ passwordchangeme
- [stability] exit code checking everywhere
- [security] does not use non-deterministic binary base boxes (VM images) (which if compromised would compromise the resulting VM image)
- [security] all digital software signatures are verified
- [future-proof] prospective support to create deterministic images (once this is generally possible, Derivative-Maker can also learn this)
Non-Essential Derivative-Maker Features[edit]
- [easy-of-development] step based, build steps case be run manually to speed up development
- [easy-of-development] injection of custom build steps
- [customization] building VM images that do not come with a desktop environment
- [customization] building VM images that do not come with derivative default applications
Undecided Priority Derivative-Maker Features[edit]
- [functionality] automatically installs all required build dependencies on the host system
- [functionality]
--arch
parameter support (--arch amd64
or--arch i386
) - [functionality]
--kernel
and--headers
parameter support (--kernel linux-image-amd64
--headers linux-headers-amd64
) - [functionality] install derivative packages from own custom remote repository
- [functionality] interactive error handler to repeat commands, open a shell or ignore them
- [functionality]
--target root
(for physical isolation) - [functionality]
--target raw
build raw images - [functionality] install different packages for VirtualBox (
virtualbox-guest-x11
) and kvm (spice...) - [functionality] Separate VirtualBox / KVM builds [1] using
--target virtualbox
or--target qcow2
. - [security] build from local self-built apt repository rather than from deterministic remote repository
- [security] creation of hash sum verification and gpg signatures
- [security] build images that never had the derivative's remote/binary repository enabled
- [security] build and install all derivative packages during derivative image build
- [security] use onion apt sources for building
- [stability] protection from bad build surprises
- [stability] break or do not break when uncommitted changes are found
- [stability] break or do not break from non-tag
- [customization]
--confdir /path/to/config/dir
- [customization]
--tb none|closed|open
- [customization] none: Do not install Tor Browser.
- [customization] closed: Fail closed if Tor Browser cannot be installed.
- [customization] open: Fail open if Tor Browser cannot and installed.
- [customization] custom VM settings during build (these can of course be manually changed by the user anyhow), supported parameters with examples:
- [customization]
--vmram 128
- [customization]
--vram 12
- [customization]
--vmsize 200G
- [customization]
- [easy-of-development] easy to implement creating other image types (raw images etc.)
- [easy-of-development] cleanup command removing temporary files and/or images
- [easy-of-development] optional build step skipping feature
Footnotes[edit]
Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

We believe security software like Kicksecure needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!