blog/soft/006-lix-os.md

lix os

in order to have a system which both minimised trust dependencies and allowed me to explore my ideas around securing my system unimpeded, i decided to design and compile my own linux from source code.

i had done this before, years ago, by following the "linux from scratch" guide. my goal now was to build a system i could use to birth my more-than-reasonably secure digital identity. the goal was a statically linked linux based on musl and suckless tools. i wanted an inflexible system that would do nothing without my explicit, cryptographic permission, along with a tiny codebase that would be easy to examine and modify.

my first attempt i named "mu linux," unaware that the name was already in use. it was essentially a scripting of the linux from scratch approach, with a strict "filesystem-as-database" approach. every discrete field was a file, so nothing more than "cat" was needed to read package details. it had no ability to set redundant urls for fetching source code, though, and no sandboxing at all. the whole thing was also written as one, tightly coupled piece.

having proven that it was possible to build a static suckless userland with musl on my openpower computer, i decided to start using some fancier linux features to create some separation of state and concerns. i took note of what seemed to me the discrete "units" of mu linux and began writing standalone utilities that did only one thing each and which i hoped might prove useful to others tackling the same problems. i built a package manager that used overlayfs and chroots to keep filesystem changes from the build process and from the installation process in their own directories, facilitating insight into each step of package development.

as i went, i started having to make compromises. gnu tools were the first. getting a c compiler toolset set up with musl proved difficult. only two compilers seemed to have support for the powerpc64le platform: gcc and clang. clang took an age to compile and gave me some trouble early on. musl-cross-make provided a canonical set of patches for enabling muslc support, as well as some other nice features. autotools, gnu-sed, and gnu-grep followed soon after.

then dynamic linking began creeping in. the first dynamically linked packages were gpg and pcscd. i needed smartcard support, and gpg uses dlopen to load smartcard drivers dynamically. rewriting portions of gpg would have resolved the problem, but it seemed simpler to just allow this one package to use dynamic linking. i also ended up making exceptions for perl and python, as they needed dynamic linking to be able to load certain modules. i absolved myself by making sure statically linked versions of those packages were the default. those compromises got me a console userland with tmux, tor, lynx, and the ability to display images to the framebuffer.

then i tried to start building an identity on tor and quickly discovered i had no way to solve captchas! i tried building a copy of netsurf targeting the framebuffer and learned i had to choose either wayland or sdl2 as middleware. i chose wayland, thinking i could just use michael forney's wld and swc, both of which were built with static linking in mind, and get a desktop environment out of the deal. after quite some time wrestling with these packages, i ultimately gave up: netsurf would launch, but then shortly thereafter lock up the whole system, and i could not figure out why. i was losing patience with the whole endeavor, so i decided to just use more common components for my desktop and revisit the problem later.

so i made another compromise and built an almost entirely dynamically-linked desktop system: sway as the window manager, foot as the terminal emulator, netsurf with gtk3 as the web browser, and webkit2gtk as an alternate web browser for when netsurf wasn't cutting it.

along the way i tried to bootstrap rust using mrustc in order to get firefox built and then the tor browser, but no luck there. yet another problem to revisit. in the meantime i've come up with new ideas for a third linux distribution better able to manage runtime dependencies, but lix os works and has been working for me now for a couple months.

today i've released my work so far. i have not yet purged the false starts and half-working packages from their respective repositories, but at present it is possible to set up the desktop system i have described here. my work is spread out across several repositories, but the entry point for lix os is here.