blog/soft/006-lix-os.md

# lix os

in order to have a system which both minimised trust dependencies and allowed me
to explore my ideas around securing my system unimpeded, i decided to design and
compile my own linux from source code.

i had done this before, years ago, by following the "linux from scratch" guide.
my goal now was to build a system i could use to birth my more-than-reasonably
secure digital identity.  the goal was a statically linked linux based on musl
and suckless tools.  i wanted an inflexible system that would do nothing without
my explicit, cryptographic permission, along with a tiny codebase that would be
easy to examine and modify.

my first attempt i named "mu linux," unaware that the name was already in use.
it was essentially a scripting of the linux from scratch approach, with a strict
"filesystem-as-database" approach.  every discrete field was a file, so nothing
more than "cat" was needed to read package details.  it had no ability to set
redundant urls for fetching source code, though, and no sandboxing at all.  the
whole thing was also written as one, tightly coupled piece.

having proven that it was possible to build a static suckless userland with musl
on my openpower computer, i decided to start using some fancier linux features
to create some separation of state and concerns.  i took note of what seemed to
me the discrete "units" of mu linux and began writing standalone utilities that
did only one thing each and which i hoped might prove useful to others tackling
the same problems.  i built a package manager that used overlayfs and chroots to
keep filesystem changes from the build process and from the installation process
in their own directories, facilitating insight into each step of package
development.

as i went, i started having to make compromises.  gnu tools were the first.
getting a c compiler toolset set up with musl proved difficult.  only two
compilers seemed to have support for the powerpc64le platform: gcc and clang.
clang took an age to compile and gave me some trouble early on.  musl-cross-make
provided a canonical set of patches for enabling muslc support, as well as some
other nice features.  autotools, gnu-sed, and gnu-grep followed soon after.

then dynamic linking began creeping in.  the first dynamically linked packages
were gpg and pcscd.  i needed smartcard support, and gpg uses dlopen to load
smartcard drivers dynamically.  rewriting portions of gpg would have resolved
the problem, but it seemed simpler to just allow this one package to use dynamic
linking.  i also ended up making exceptions for perl and python, as they needed
dynamic linking to be able to load certain modules.  i absolved myself by making
sure statically linked versions of those packages were the default.  those
compromises got me a console userland with tmux, tor, lynx, and the ability to
display images to the framebuffer.  

then i tried to start building an identity on tor and quickly discovered i had
no way to solve captchas!  i tried building a copy of netsurf targeting the
framebuffer and learned i had to choose either wayland or sdl2 as middleware.
i chose wayland, thinking i could just use michael forney's wld and swc, both of
which were built with static linking in mind, and get a desktop environment out
of the deal.  after quite some time wrestling with these packages, i ultimately
gave up: netsurf would launch, but then shortly thereafter lock up the whole
system, and i could not figure out why.  i was losing patience with the whole
endeavor, so i decided to just use more common components for my desktop and
revisit the problem later.

so i made another compromise and built an almost entirely dynamically-linked
desktop system: sway as the window manager, foot as the terminal emulator,
netsurf with gtk3 as the web browser, and webkit2gtk as an alternate web browser
for when netsurf wasn't cutting it.

along the way i tried to bootstrap rust using mrustc in order to get firefox
built and then the tor browser, but no luck there.  yet another problem to
revisit.  in the meantime i've come up with new ideas for a third linux
distribution better able to manage runtime dependencies, but lix os works and
has been working for me now for a couple months.

today i've released my work so far.  i have not yet purged the false starts and
half-working packages from their respective repositories, but at present it is
possible to set up the desktop system i have described here.  my work is spread
out across several repositories, but the entry point for lix os is
[here](http://git.fuwafuwaqtlkkxwc.onion/yafox/lix-os).
add soft blog entries 004 through 006. 2020-11-25 22:47:24 +01:00			`# lix os`

			`in order to have a system which both minimised trust dependencies and allowed me`
			`to explore my ideas around securing my system unimpeded, i decided to design and`
			`compile my own linux from source code.`

			`i had done this before, years ago, by following the "linux from scratch" guide.`
			`my goal now was to build a system i could use to birth my more-than-reasonably`
			`secure digital identity. the goal was a statically linked linux based on musl`
			`and suckless tools. i wanted an inflexible system that would do nothing without`
			`my explicit, cryptographic permission, along with a tiny codebase that would be`
			`easy to examine and modify.`

			`my first attempt i named "mu linux," unaware that the name was already in use.`
			`it was essentially a scripting of the linux from scratch approach, with a strict`
			`"filesystem-as-database" approach. every discrete field was a file, so nothing`
			`more than "cat" was needed to read package details. it had no ability to set`
			`redundant urls for fetching source code, though, and no sandboxing at all. the`
			`whole thing was also written as one, tightly coupled piece.`

			`having proven that it was possible to build a static suckless userland with musl`
			`on my openpower computer, i decided to start using some fancier linux features`
			`to create some separation of state and concerns. i took note of what seemed to`
			`me the discrete "units" of mu linux and began writing standalone utilities that`
			`did only one thing each and which i hoped might prove useful to others tackling`
			`the same problems. i built a package manager that used overlayfs and chroots to`
			`keep filesystem changes from the build process and from the installation process`
			`in their own directories, facilitating insight into each step of package`
			`development.`

			`as i went, i started having to make compromises. gnu tools were the first.`
			`getting a c compiler toolset set up with musl proved difficult. only two`
			`compilers seemed to have support for the powerpc64le platform: gcc and clang.`
			`clang took an age to compile and gave me some trouble early on. musl-cross-make`
			`provided a canonical set of patches for enabling muslc support, as well as some`
			`other nice features. autotools, gnu-sed, and gnu-grep followed soon after.`

			`then dynamic linking began creeping in. the first dynamically linked packages`
			`were gpg and pcscd. i needed smartcard support, and gpg uses dlopen to load`
			`smartcard drivers dynamically. rewriting portions of gpg would have resolved`
			`the problem, but it seemed simpler to just allow this one package to use dynamic`
			`linking. i also ended up making exceptions for perl and python, as they needed`
			`dynamic linking to be able to load certain modules. i absolved myself by making`
			`sure statically linked versions of those packages were the default. those`
			`compromises got me a console userland with tmux, tor, lynx, and the ability to`
			`display images to the framebuffer.`

			`then i tried to start building an identity on tor and quickly discovered i had`
			`no way to solve captchas! i tried building a copy of netsurf targeting the`
			`framebuffer and learned i had to choose either wayland or sdl2 as middleware.`
			`i chose wayland, thinking i could just use michael forney's wld and swc, both of`
			`which were built with static linking in mind, and get a desktop environment out`
			`of the deal. after quite some time wrestling with these packages, i ultimately`
			`gave up: netsurf would launch, but then shortly thereafter lock up the whole`
			`system, and i could not figure out why. i was losing patience with the whole`
			`endeavor, so i decided to just use more common components for my desktop and`
			`revisit the problem later.`

			`so i made another compromise and built an almost entirely dynamically-linked`
			`desktop system: sway as the window manager, foot as the terminal emulator,`
			`netsurf with gtk3 as the web browser, and webkit2gtk as an alternate web browser`
			`for when netsurf wasn't cutting it.`

			`along the way i tried to bootstrap rust using mrustc in order to get firefox`
			`built and then the tor browser, but no luck there. yet another problem to`
			`revisit. in the meantime i've come up with new ideas for a third linux`
			`distribution better able to manage runtime dependencies, but lix os works and`
			`has been working for me now for a couple months.`

			`today i've released my work so far. i have not yet purged the false starts and`
			`half-working packages from their respective repositories, but at present it is`
			`possible to set up the desktop system i have described here. my work is spread`
			`out across several repositories, but the entry point for lix os is`
			`[here](http://git.fuwafuwaqtlkkxwc.onion/yafox/lix-os).`