Project:Hardened musl/Bluedragon

From Gentoo Wiki
Jump to: navigation, search

Bluedragon Gentoo, named after Glaucus Atanticus or The Blue Dragon Mollusk, is a security-enhanced, fully featured XFCE4 desktop, amd64 Gentoo system, built with musl as its C standard library. It is the musl equivalent of Lilblue which is built on uClibc. Both systems aim to be identical with respect to the packages they provide and their configuration, with the only difference being their libc.

Since both Bluedragon and Lilblue are "security-enhanced" and "fully featured" XFCE4 desktops, we refer you to Lilblue's page for a description of what this entails.

Installation

Installing Bluedragon is similar to installing Lilblue. It is a manual process where one basically extracts the distribution tarball on mounted pre-formatted partitions, chroots in, does some minor customizations (like editing fstab or lilo.conf), installs the bootloader and finally reboots. This is similar to a complete Gentoo installation as described in the Handbook, but much easier.

1. First prepare a boot device and boot into it. Download the install ISO image using

root #wget http://[mirror]/pub/linux/gentoo/releases/amd64/current-iso/install-amd64-minimal-[date].iso

Here [mirror] is any Gentoo mirror and [date] is whatever the date is of the latest release. This is just Gentoo's generic amd64 minimal install image. Its glibc based, but that's okay, it won't prevent chrooting into the musl chroot later on. If you are putting this on a physical box, then burn the ISO image to a CD/DVD. For a virtual machine, just aim its virtual CD/DVD device to the ISO file. Alternatively, you may want to boot from a USB drive. Gentoo's install ISO is not your only option. You may want to try SystemRescueCD, a Gentoo-derived distro with lots of uses. Or, if you already have a working Linux system and you want to install Bluedragon to another drive, just use your current system. Whatever your choice, boot off that device now.

2. Prepare root/boot/swap partitions, format and mount them. Using parted or fdisk, prepare at least three partitions. The following table gives you suggested sizes. /boot only has to hold a kernel or two, so you can get away with less, but the others are reasonable minima.

Partition Mount point Size
/dev/sda1 /boot 128 MB
/dev/sda2 swap >1 GB
/dev/sda3 / >4 GB

3. Format the partitions and mount them:

root #mke2fs /dev/sda1
root #mkswap /dev/sda2
root #mkfs.ext4 /dev/sda3
root #mkdir -p /mnt/gentoo
root #mount /dev/sda3 /mnt/gentoo
root #mkdir -p /mnt/gentoo/boot
root #mount /dev/sda1 /mnt/gentoo/boot

You don't have to use ext4 for the root partition. You can try btrfs or some other type if you like since the kernel can support most filesystems. But for /boot we recommend ext2.

4. Download and unpack the tarball image:

root #cd /mnt/gentoo
root #wget http://releases.freeharbor.net/desktop-amd64-musl-hardened-[date].tar.bz2
root #tar --xattrs -xvf desktop-amd64-musl-hardened-[date].tar.bz2

5. Prepare the chroot and chroot into it. Assuming you're still in the same directory as in the previous step, do

root #mount --bind /dev dev/
root #mount --bind /dev/pts dev/pts
root #mount --bind /proc proc/
root #mount --bind /sys sys/
root #chroot . /bin/bash -l
root #source /etc/profile
root #env-update
>>> Regenerating /etc/ld.so.cache...

[Aside: Ignore the output from env-update. musl doesn't use ld.so.cache and despite that message, no ld.so.cache was generated.]

If you changed any of the above values for /dev/sda*, or you're not installing onto sda, then edit /etc/lilo.conf and /etc/fstab accordingly. Finally, install lilo to your boot drive, exit the chroot and reboot:

root #lilo
root #exit
root #reboot
Added Gentoo  +  *

6. Log in and enjoy! You have one user account and root. You can only log into the desktop as user gentoo, but can sudo or su root.

Username Password
gentoo gentoo
root root

Maintaining a Bluedragon system

Bluedragon is Gentoo, not a separate distribution, so you can maintain it as you would any other Gentoo system as documented in the Handbook.

However, Bluedragon is built as a GRS system and so can be maintained using grsup as described in the GRS project page. The install image an binary packages are being distributed from http://releases.freeharbor.net.

Reporting bugs and feature requests

  • Submit bugs to: Gentoo's Bugzilla
  • Assign to: musl@gentoo.org
  • CC: gentoo-musl@lists.gentoo.org