™

Download

Debian morph to Kicksecure (Hardware) Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) USB ISO (coming soon) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Free Plus Premium Contact

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Derivative-Maker can build Debian Derivatives such as Kicksecure and Whonix.

Introduction[edit]

• https://www.whonix.org/wiki/Dev/Porting#Porting_Simplicity
• https://www.whonix.org/wiki/Dev/Virtualization_Platform#Other_Virtualization_Platforms

Existing Derivative-Maker Features[edit]

Essential Derivative-Maker Features[edit]

• [functionality] build Kicksecure VM images
• [functionality] build Whonix-Gateway VM images
• [functionality] build Whonix-Workstation VM images
• [functionality] download newer packages from third-party repositories such as The Tor Project APT repository and the VirtualBox APT repository
• [functionality] install Tor Browser by default inside Whonix-Workstation
• [functionality] supports using APT Cache to speed up builds
• [functionality] --target virtualbox build VirtualBox ova images
  • [functionality] custom VirtualBox VM settings (VBoxManage modifyvm "$VMNAME" --synthcpu on etc.)
• [functionality] --target qcow2 build KVM images
  • [functionality] xz archive creation
  • [functionality] adding libvirt xml files to the xz
• [functionality] default login user account creation, user user / password changeme
• [stability] exit code checking everywhere
• [security] does not use non-deterministic binary base boxes (VM images) (which if compromised would compromise the resulting VM image)
• [security] all digital software signatures are verified
• [future-proof] prospective support to create deterministic images (once this is generally possible, Derivative-Maker can also learn this)

Non-Essential Derivative-Maker Features[edit]

• [easy-of-development] step based, build steps case be run manually to speed up development
• [easy-of-development] injection of custom build steps
• [customization] building VM images that do not come with a desktop environment
• [customization] building VM images that do not come with derivative default applications

Undecided Priority Derivative-Maker Features[edit]

• [functionality] automatically installs all required build dependencies on the host system
• [functionality] --arch parameter support (--arch amd64 or --arch i386)
• [functionality] --kernel and --headers parameter support (--kernel linux-image-amd64 --headers linux-headers-amd64)
• [functionality] install derivative packages from own custom remote repository
• [functionality] interactive error handler to repeat commands, open a shell or ignore them
• [functionality] --target root (for physical isolation)
• [functionality] --target raw build raw images
• [functionality] install different packages for VirtualBox (virtualbox-guest-x11) and kvm (spice...)
• [functionality] Separate VirtualBox / KVM builds ^[1] using --target virtualbox or --target qcow2.
• [security] build from local self-built apt repository rather than from deterministic remote repository
• [security] creation of hash sum verification and gpg signatures
• [security] build images that never had the derivative's remote/binary repository enabled
• [security] build and install all derivative packages during derivative image build
• [security] use onion apt sources for building
• [stability] protection from bad build surprises
  • [stability] break or do not break when uncommitted changes are found
  • [stability] break or do not break from non-tag
• [customization] --confdir /path/to/config/dir
• [customization] --tb none|closed|open
  • [customization] none: Do not install Tor Browser.
  • [customization] closed: Fail closed if Tor Browser cannot be installed.
  • [customization] open: Fail open if Tor Browser cannot and installed.
• [customization] custom VM settings during build (these can of course be manually changed by the user anyhow), supported parameters with examples:
  • [customization] --vmram 128
  • [customization] --vram 12
  • [customization] --vmsize 200G
• [easy-of-development] easy to implement creating other image types (raw images etc.)
• [easy-of-development] cleanup command removing temporary files and/or images
• [easy-of-development] optional build step skipping feature

Footnotes[edit]

---

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

FREE  ·  PLUS  ·  PREMIUM Support

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint Kicksecure ENCRYPTED SUPPORT LP, 2023

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!