Compiling BSD ISO files from scratch?
Hello everyone! I'm admittedly quite new to *BSD (being a Linux user), so I hope I'm not asking something too obvious here. My question is really about all BSD variants, but if you need a specific one, I'd prefer OpenBSD.
My basic understanding is that to install BSD, you first download one of the ISO files. This ISO is distributed with a pre-compiled toolchain, kernel, etc. which is then used to compile the final BSD system (similarly to Linux From Scratch). What I'd like to do instead is get the source code that was used to create that original ISO file, and compile it myself with my own toolchain. Then, use that new system to install BSD as usual. Is this possible? Ideally, I'd like to do this compiling with a Linux rather than BSD system, but BSD may work as well. Because I'm sure someone will ask "Why?", I will simply say that it has to do with "Fully Countering Trusting Trust", and that I have been working (successfully) on building a fully trusted system. P.S.: I have seen this post here, but it is asking a different (though related) question. Thank you for any information! |
Ehm...no, that's not myu experience with BSD (FreeBSD, but nonetheless)...
Basically, the install is something like this... - get n burn the ISO, make sure you have a long term install - spin up the PC with it - follow the install steps, they are pretty easy to follow - do test the keyboard, especially the num lock - after the install, reboot and make sure the system boots from the drive, not the CDrom - log in (as root) - use Ctrl-Alt F1 tru F6 for the separate terminals - in terminal 1 install MC (midnight commander) and nano Code:
pkg install mc nano - then, install the fresh ports, this is BSD's idea of a repo, just the same and..pretty complete Code:
portsnap fetch - login and start mc Code:
mc - hit tab to hilite the other pane - hit F9 and navigate to the FTP entry - enter ftp.[bsd].org I use ftp.freebsd.org - navigate to the folder for your version and download src.txz (hilite n hit F5) - quit mc and navigate to the folder and enter this Code:
tar -C / -xvzf src.txz - login and install the base system, a suggestion, add anything else you'd like the manager will politely inform you of trouble... Code:
pkg install xorg xfce slim firefox thunderbird - login, and do the tweaks here - start mc, go to folder /etc and open rc.conf (hit F4) - add these three lines Code:
hald_enable="YES" - leave mc (F10) and enter this to activate the XFCE Code:
echo "exec /usr/local/bin/startxfce4" > .xinitrc - if you like the user to have the possibility yo do maintenance (be root once in a while) add her to the wheel group Code:
pw usermod [username -G wheel Code:
reboot -> enroll inthe appropriate forum...and..love long and prosper :) Thor (written of the top of my head...I may have missed a spot :) ...) |
Hi Thor_2.0, thanks for the reply, but I don't see how it answers my actual question. You seem to have explained how to install FreeBSD (along with a few packages), but I'm asking about compiling the initial ISO image itself. It seems that you got confused by my second paragraph, so let me know if you think something there should be reworded. Unless, that is, that I've completely misunderstood your post, so let me know if that's the case.
|
reworking a BSD iso...ow...well
Quote:
Honestly, reworking the iso may not add more trust or so, but, that is my view...dotn kill me over it. Basically, BSD (the one I worked with) goes in two ways: binary or source. In fact, source is the BSD way to go anyway... You'd have a fully working system...with the viewable code...of course, you do have to install it...somehow, hence my post... |
Ah, I see what you mean. Thank you.
To explain a bit more, there is an attack called the Trusting Trust attack. Basically, it infects a compiler, which in turn infects the rest of the system. It's a nasty attack that is also not detectable by normal means, and can only be countered by diverse double compiling. I have no reason to not trust the ISOs provided by BSD, but neither can it be proven to be safe. I've made a fully trusted Linux system (by diverse double compiling) that I would like to use to compile the BSD ISO, so that I can be sure that the image is safe. This all seems a bit paranoid of course, but there has been news recently of the CIA successfully doing a similar attack on Apple's Xcode (though they couldn't distribute it), so I'm just being careful. :) |
Quote:
|
Quote:
Quote:
Still, thank you very much for the reply! |
Quote:
|
Quote:
You should improve your understanding of this before proceeding further. OpenBSD is primarily a binary distribution. Compiling any part of the system from source is discouraged and unsupported with one exception. The only time you would absolutely need to build from source would be in applying patches. You can however just obtain the sys, src, xenocara and ports tarballs and build the system from source, but the only supported method is from a running OpenBSD userland/toolchain. http://www.openbsd.org/faq/faq5.html |
OpenBSD is secure, as the source code of the supplied O/S has been security checked, that is why they discourage rebuilding the base O/S from scratch.
From the base install you have the choice of compiling or installing binary packages. Also note that OpenBSD is based in Canada not USA. |
Quote:
Quote:
|
Quote:
|
Quote:
|
silently excusing himself from this thread...
|
If you wish to check the system for flaws, you can always reference the downloaded ISO file against it's GPG, md5, or sha1 checksum that is provided and then install the image.
There is no real way to tell a compiler is compromised until you build anything with it, honestly, but in reality, every package supplied by operating system developers is usually given a specific hash and the installation media or updater has a list of the files and their checksums, and if these fail, the system installation will either skip the bad file, or halt the installation. Your worries have merit, but honestly, it's an attack that has a very low chance of occurance if you've acquired official packages from the system developers. |
All times are GMT -5. The time now is 01:12 PM. |