Hello everyone! I'm admittedly quite new to *BSD (being a Linux user), so I hope I'm not asking something too obvious here. My question is really about all BSD variants, but if you need a specific one, I'd prefer OpenBSD.

My basic understanding is that to install BSD, you first download one of the ISO files. This ISO is distributed with a pre-compiled toolchain, kernel, etc. which is then used to compile the final BSD system (similarly to Linux From Scratch). What I'd like to do instead is get the source code that was used to create that original ISO file, and compile it myself with my own toolchain. Then, use that new system to install BSD as usual. Is this possible? Ideally, I'd like to do this compiling with a Linux rather than BSD system, but BSD may work as well.

Because I'm sure someone will ask "Why?", I will simply say that it has to do with "Fully Countering Trusting Trust", and that I have been working (successfully) on building a fully trusted system.

P.S.: I have seen this post here, but it is asking a different (though related) question.

Thank you for any information!

Ehm...no, that's not myu experience with BSD (FreeBSD, but nonetheless)...
Basically, the install is something like this...

- get n burn the ISO, make sure you have a long term install
- spin up the PC with it
- follow the install steps, they are pretty easy to follow - do test the keyboard, especially the num lock
- after the install, reboot and make sure the system boots from the drive, not the CDrom
- log in (as root)
- use Ctrl-Alt F1 tru F6 for the separate terminals
- in terminal 1 install MC (midnight commander) and nano

the system will tell you pkg is not installed and ask to install it, allow that
- then, install the fresh ports, this is BSD's idea of a repo, just the same and..pretty complete

- pretty lengthy, unless you have a thermos coffee, on to the second terminal - Ctrl-Alt F2
- login and start mc

- in the one pane make a folder for the downloads
- hit tab to hilite the other pane
- hit F9 and navigate to the FTP entry
- enter ftp.[bsd].org I use ftp.freebsd.org
- navigate to the folder for your version and download src.txz (hilite n hit F5)
- quit mc and navigate to the folder and enter this

- lengthy, so, on to console 3 - Ctrl-Alt F3
- login and install the base system, a suggestion, add anything else you'd like the manager will politely inform you of trouble...

- lengthy, on to console four - Ctrl-Alt F4
- login, and do the tweaks here
- start mc, go to folder /etc and open rc.conf (hit F4)
- add these three lines
- save (hit F2)
- leave mc (F10) and enter this to activate the XFCE

to be executed in the folder of the user you (wisely) made at install
- if you like the user to have the possibility yo do maintenance (be root once in a while) add her to the wheel group

- once all consoles have settled down (done downloading and unpacking) issue the magic command

you should enter the wonderfull world of...BSD...
-> enroll inthe appropriate forum...and..love long and prosper
Thor
(written of the top of my head...I may have missed a spot ...)

Hi Thor_2.0, thanks for the reply, but I don't see how it answers my actual question. You seem to have explained how to install FreeBSD (along with a few packages), but I'm asking about compiling the initial ISO image itself. It seems that you got confused by my second paragraph, so let me know if you think something there should be reworded. Unless, that is, that I've completely misunderstood your post, so let me know if that's the case.

reworking a BSD iso...ow...well
makes for the next step...as you have installed the ports (all source) you compile from there...the code is open for viewing...
Honestly, reworking the iso may not add more trust or so, but, that is my view...dotn kill me over it.
Basically, BSD (the one I worked with) goes in two ways: binary or source. In fact, source is the BSD way to go anyway...
You'd have a fully working system...with the viewable code...of course, you do have to install it...somehow, hence my post...

Ah, I see what you mean. Thank you.

To explain a bit more, there is an attack called the Trusting Trust attack. Basically, it infects a compiler, which in turn infects the rest of the system. It's a nasty attack that is also not detectable by normal means, and can only be countered by diverse double compiling. I have no reason to not trust the ISOs provided by BSD, but neither can it be proven to be safe. I've made a fully trusted Linux system (by diverse double compiling) that I would like to use to compile the BSD ISO, so that I can be sure that the image is safe.

This all seems a bit paranoid of course, but there has been news recently of the CIA successfully doing a similar attack on Apple's Xcode (though they couldn't distribute it), so I'm just being careful.

If you are that concerned, the only way you could be "completely safe" would be to build your own system. I cannot speak of other BSDs, but OpenBSD prides itself on security. Nothing is included in the base system, unless the code is supplied. So installing it and then doing your double-compiling should be safe. If you are still worried, would you not be able to re-install the system with the ISO you create?

That's certainly true, but the rabbit hole has to stop somewhere reasonable. I just thought that this was a good spot since doing this verification is pretty easy on Linux. The more I read though, the harder it sounds on *BSD because of the way it's set up.

I'm not trying to sound too stubborn or something here, but the point of this is that you cannot show that the binary corresponds to the code without double-compiling, which seems to be very difficult on BSD. In fact, Linux From Scratch seems to be the only project capable of doing it fully. If the ISO could be built manually though, BSD could be added to that list.

Still, thank you very much for the reply!

You do propose an interesting project. However, you would need to be able to provide proof to me that OpenBSD has been compromised in the way that you describe before I take it seriously. I'm not saying you're too paranoid, just that perhaps your project is over kill. I love and run OpenBSD. I think you'll love the BSDs if you take them for a spin. Have fun with your project.

1 members found this post helpful.

As with many Linux users your understanding of 'BSD' is incomplete.

You should improve your understanding of this before proceeding further.

OpenBSD is primarily a binary distribution. Compiling any part of the system from source is discouraged and unsupported with one exception. The only time you would absolutely need to build from source would be in applying patches.

You can however just obtain the sys, src, xenocara and ports tarballs and build the system from source, but the only supported method is from a running OpenBSD userland/toolchain.

http://www.openbsd.org/faq/faq5.html

1 members found this post helpful.

OpenBSD is secure, as the source code of the supplied O/S has been security checked, that is why they discourage rebuilding the base O/S from scratch.

From the base install you have the choice of compiling or installing binary packages.

Also note that OpenBSD is based in Canada not USA.

Sorry, I was thinking more of FreeBSD when I wrote that first bit, which seems to be more source based. But, this is very useful to me and puts me on the right track. Thank you!

Perhaps I should have written more in the OP to explain the attack. The reason I'm interested in OpenBSD is their auditing process, but the attack doesn't rely on source code security. Still, thank you.

Slightly off-topic but LFS uses the host system to compile the compiler so that isn't secure either.

That's why I've used two very different hosts to each make an LFS system. Then each created LFS system does it again and the end results should be identical (outside time stamps). With a few scripts, it didn't take too long, and I'm happy with the result.

1 members found this post helpful.

silently excusing himself from this thread...

If you wish to check the system for flaws, you can always reference the downloaded ISO file against it's GPG, md5, or sha1 checksum that is provided and then install the image.

There is no real way to tell a compiler is compromised until you build anything with it, honestly, but in reality, every package supplied by operating system developers is usually given a specific hash and the installation media or updater has a list of the files and their checksums, and if these fail, the system installation will either skip the bad file, or halt the installation.

Your worries have merit, but honestly, it's an attack that has a very low chance of occurance if you've acquired official packages from the system developers.