The DECODE operating system is a brand new GNU+Linux distribution designed to run on servers, embedded computers and virtual machines to automatically connect micro-services to a private and anonymous peer-to-peer network cluster.
Features | Components |
---|---|
Wide compatibility with industry standards | GNU + Linux minimal base |
Anonimity and privacy by design | Tor hidden service family |
Very secure, restricted environment | grsec community fork |
Customisable to run different applications | Devuan GNU+Linux SDK |
Pluggable consensus algorithm | Redis based consensus broker |
Read-only and authenticated system | SquashFS + overlayfs + Btrfs |
Integrated updating mechanism | Roundshot initramfs |
Built-in Graphical dashboard | Netdata resource monitor |
Low power consumption, outdoor usage | Ports to embedded ARM boards |
Extensible platform support | Includes latest JDK, Golang, Python etc. |
Minimal resource consumption | Online with less than 64MB of RAM |
For stable releases see files.dyne.org/decode
For more information see the DECODE project
In particular, the following publications:
- Privacy Design Strategies for the DECODE Architecture
- Decode OS first release
- DECODE OS Software Development Kit (soon to be superseeded by the upcoming Devuan's Developer Manual)
DECODE OS comes in a variety of flavors:
- for ARM based boxes (embedded)
- for virtual machines (cloud)
- live desktop (boot from usb)
Running systems provide a dashboard by connecting using a browser using HTTP on port 19999.
The default username is decode
with password decode
The default root
password is toor
.
Developers of the Dyne.org foundation are available to support customisations and adaptations of this operating system for particular purposes in line with the foundation's goals.
You are welcome to contact us:
- #devuan-dev on freenode IRC (public, logged IPs)
- #dyne on irc.dyne.org (public and private, no IPs logged)
- E-mail [email protected]
This project is a work in progress proceeding along a clear roadmap agreed for the DECODE project. The DECODE OS stable release is planned for 1st quarter 2019.
This project is receiving funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement nr. 732546.
The following instructions illustrate how one can build DECODE OS from scratch, eventually adding software to it. This section is a work in progress.
Building can be done from any GNU+Linux distribution, it entails
bootstrapping a new Devuan base and then customising it via its SDK
using a "blend", root access is needed in order to operate in chroot
and in KVM accellerated qemu
.
More information on this process is provided by the "Devuan's Developers Manual", here is an outline on the steps to be taken.
A GNU/Linux system is required in order to build DECODE OS.
Here a list of package dependencies:
zsh sudo cgpt xz-utils qemu qemu-utils
To clone this repository:
git clone https://github.com/DECODEproject/os-build-system --recursive
To update the repository:
git pull origin master && git submodule update --init --recursive --checkout
A more detailed reference for the arm-sdk can be found here: https://git.devuan.org/sdk/arm-sdk
cd arm-sdk # (or vm-sdk or live-sdk depending from your target)
zsh -f
./init.sh # and when this is done, execute the command in the bottom of the output
source sdk
load devuan raspi3 decode # (replace "raspi3" with your board name, from the list below)
bootstrap_complete_base
Here is the list of the supported boxes: https://git.devuan.org/sdk/arm-sdk/blob/master/sdk
To enter the build console just run ./console.sh
.
To build a vagrant virtual machine, run build_vagrant_dist
.
To build a live iso image, run build_iso_dist
.
To build an ARM installer image, run build_image_dist
.
Here below the sequences of build steps executed by each target:
build_image_dist() {
bootstrap_complete_base
blend_preinst
image_prepare_raw
image_partition_raw_${parted_type}
build_kernel_${arch}
blend_postinst
rsync_to_raw_image
image_pack_dist
}
build_iso_dist() {
bootstrap_complete_base
blend_preinst
iso_prepare_strap
build_kernel_${arch}
iso_setup_isolinux
iso_write_isolinux_cfg
blend_postinst
fill_apt_cache
iso_squash_strap
iso_xorriso_build
}
build_vagrant_dist() {
image_${imageformat}_as_strapdir
bootstrap_complete_base
vm_inject_overrides
blend_preinst
vm_setup_grub
blend_postinst
vm_umount_${imageformat}
vm_vbox_setup
vm_vagrant_package
vm_pack_dist
}
The build_vagrant_dist
target is a helper that executes a sequence
of steps, some of them common to other helpers (hence
combinable). Here below the full list of build steps executed by
build_vagrant_dist
The bootstrap_complete_base
step creates a base system tarball that
can be reused by any target, it is found inside *_sdk/tmp
for each
sdk and to save time and computation it can be copied in place for
each sdk if the base system doesn't differ.
DECODE OS is Copyright (c) 2017-2018 by the Dyne.org Foundation
DECODE OS and its core components are designed, written and maintained by Denis Roio and Ivan J.
Devuan is a registered trademark of the Dyne.org foundation.
The Devuan SDK used to build the DECODE OS was originally conceived during a period of residency at the Schumacher college in Dartington, UK. Greatly inspired by the laborious and mindful atmosphere of its wonderful premises.
Devuan SDK components are designed, written and maintained by Denis Roio, Enzo Nicosia and Ivan J.
This source code is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this source code. If not, see http://www.gnu.org/licenses/.