commit 0535ccbe6385cc8ec22c6f5d6a9e72b2cd6be027 Author: purplerain Date: Tue Jan 9 03:00:05 2024 +0000 SecBSD's current website code diff --git a/amd64.html b/amd64.html new file mode 100644 index 0000000..72596cf --- /dev/null +++ b/amd64.html @@ -0,0 +1,101 @@ + + + + + SecBSD amd64 + + + + + + +
+ +
+
+
SECBSD
+
AMD64
+
+ Supported architecture +
+

SecBSD/amd64 runs on AMD's Athlon-64 family + of processors in 64-bit mode. + It also runs on processors made by other manufacturers which + have cloned the AMD64 extensions. +

+

X Window System support is available for most + graphics cards, using the X.Org server. As with other free + operating systems it is highly recommended that Nvidia cards + are avoided since this vendor continues to show tremendous + resistance towards releasing information that would allow X.Org + to support their hardware properly. +

+

Current status:

+ The only major shortcoming at this time is that the kernel + debugger ddb + is somewhat poor. +

Supported hardware:

+

Processors

+

+ All versions of the AMD Athlon 64 processors and their clones + are supported. +

Graphics Support

+

+ Basic graphics support should support most hardware, but some + features like video or 3D acceleration require additional + driver support. Unsupported devices will typically still work + in VESA or EFIFB mode. +

+

+ AMD devices use a confusing mix of code names and rebadging. + Some devices expected to work: +

    +
  • Products using "Northern Islands," "Southern Islands," + or "Sea Islands" graphics cores. +
  • AMD Radeon 5000 series +
  • Earlier AMD and ATI models are expected to work as well. +
+

+ Intel devices can be confusing as well. Some devices expected + to work: +

    +
  • Intel Kaby Lake (found on i-7xxx CPU) +
  • Intel Skylake (found on i-6xxx CPU) +
  • Intel Broadwell (found on i-5xxx CPU) +
  • Intel Broxton/Apollo Lake +
  • Intel Amber Lake +
  • Intel Gemini Lake +
  • Intel Coffee Lake +
  • Intel Whiskey Lake +
  • Earlier Intel models and revisions are expected to work + as well. +
  • The PowerVR graphics found on some Atom CPUs are not + supported. +
+

Unsupported Hardware:

+

+ New hardware is constantly being released, some of which may + lack support. + Your donation, + hardware, or + documentation can accelerate + this support! +

+
+
+ + diff --git a/ddb.html b/ddb.html new file mode 100644 index 0000000..f002ab8 --- /dev/null +++ b/ddb.html @@ -0,0 +1,210 @@ + + + + + + + SecBSD: Crash Reports + + + + + + +
+ +
+
+ + SecBSD: Crash Reports

+ Minimum information for kernel problems +

Familiarize yourself with the general bug + reporting procedures first. + All of that will apply. + When reporting a kernel panic or crash, please remember: +

+ +

+ Reports without the above information are useless. + This is the minimum we need to be able to track down the issue. +

+ Additional information you can send +

+ In some situations more information is desirable. + Below are outlined some additional steps you can take in certain situations: +

+ Lost the panic message? +

+ Under some circumstances, you may lose the very first message of a panic, + stating the reason for the panic. +

+ 
+ddb> show panic
+0:      kernel: page fault trap, code=0
+ddb>
+
+ Note for SMP systems +

+ You should get a trace from each processor as part of your report: +

+ 
+ddb{0}> trace
+pool_get(d05e7c20,0,dab19ef8,d0169414,80) at pool_get+0x226
+fxp_add_rfabuf(d0a62000,d3c12b00,dab19f10,dab19f10) at fxp_add_rfabuf+0xa5
+fxp_intr(d0a62000) at fxp_intr+0x1e7
+Xintr_ioapic0() at Xintr_ioapic0+0x6d
+--- interrupt ---
+idle_loop+0x21:
+ddb{0}> machine ddbcpu 1
+Stopped at      Debugger+0x4:   leave
+ddb{1}> trace
+Debugger(d0319e28,d05ff5a0,dab1bee8,d031cc6e,d0a61800) at Debugger+0x4
+i386_ipi_db(d0a61800,d05ff5a0,dab1bef8,d01eb997) at i386_ipi_db+0xb
+i386_ipi_handler(b0,d05f0058,dab10010,d01d0010,dab10010) at i386_ipi_handler+0x
+4a
+Xintripi() at Xintripi+0x47
+--- interrupt ---
+i386_softintlock(0,58,dab10010,dab10010,d01e0010) at i386_softintlock+0x37
+Xintrltimer() at Xintrltimer+0x47
+--- interrupt ---
+idle_loop+0x21:
+ddb{1}>
+
+

+ Repeat the machine ddbcpu x followed by trace for each + processor in your machine. +

+ How do I gather further information from a kernel crash? +

+ A typical kernel crash on SecBSD might look like this: + 

+kernel: page fault trap, code=0
+Stopped at    pf_route+0x263:        mov     0x40(%edi),%edx
+ddb>
+
+

+ This crash happened at offset 0x263 in the function pf_route. +

+

+ The first command to run from the + ddb(4) prompt is trace: + 

+ddb> trace
+pf_route(e28cb7e4,e28bc978,2,1fad,d0b8b120) at pf_route+0x263
+pf_test(2,1f4ad,e28cb7e4,b4c1) at pf_test+0x706
+pf_route(e28cbb00,e28bc978,2,d0a65440,d0b8b120) at pf_route+0x207
+pf_test(2,d0a65440,e28cbb00,d023c282) at pf_test+0x706
+ip_output(d0b6a200,0,0,0,0) at ip_output+0xb67
+icmp_send(d0b6a200,0,1,a012) at icmp_send+0x57
+icmp_reflect(d0b6a200,0,1,0,3) at icmp_reflect+0x26b
+icmp_input(d0b6a200,14,0,0,d0b6a200) at icmp_input+0x42c
+ipv4_input(d0b6a200,e289f140,d0a489e0,e289f140) at ipv4_input+0x6eb
+ipintr(10,10,e289f140,e289f140,e28cbd38) at ipintr+0x8d
+Bad frame pointer: 0xe28cbcac
+ddb>
+
+

+ This tells us what function calls lead to the crash. +

+

+ To find out the particular line of C code that caused the crash, you can + do the following: +

+

+ Find the source file where the crashing function is defined. + In this example, that would be pf_route() in /sys/net/pf.c. + Use objdump(1) to get the + disassembly: + 

+$ cd /sys/arch/$(uname -m)/compile/GENERIC
+$ objdump -dlr obj/pf.o >/tmp/pf.dis
+
+

+ In the output, grep for the function name: + 

+$ grep "<pf_route>:" /tmp/pf.dis
+00007d88 <pf_route>:
+
+

+ Take this first hex number 7d88 and add the offset 0x263 from + the Stopped at line: + 

+$ printf '%x\n' $((0x7d88 + 0x263))
+7feb
+
+

+ Scroll down to the line 7feb. + The assembler instruction should match the one quoted in the Stopped at + line. + Then scroll up to the nearest C line number: + 

+$ more /tmp/pf.dis
+/sys/net/pf.c:3872
+    7fe7:       0f b7 43 02             movzwl 0x2(%ebx),%eax
+    7feb:       8b 57 40                mov    0x40(%edi),%edx
+    7fee:       39 d0                   cmp    %edx,%eax
+    7ff0:       0f 87 92 00 00 00       ja     8088 <pf_route+0x300>
+
+

+ So, it's precisely line 3872 of pf.c that crashes: + 

+$ nl -ba /sys/net/pf.c | sed -n 3872p
+  3872		if ((u_int16_t)ip->ip_len <= ifp->if_mtu) {
+
+

+ The kernel that produced the crash output and the object file for objdump must + be compiled from the exact same source file, otherwise the offsets won't match. +

+

+ If you provide both the ddb trace output and the relevant objdump section, + that's very helpful. +

+
+ + + diff --git a/docs.html b/docs.html new file mode 100644 index 0000000..85a9c5d --- /dev/null +++ b/docs.html @@ -0,0 +1,1046 @@ + + + + + SecBSD Docs + + + + + + + +
+ +
+
+

Documentation

+ +

Code of Conduct

+

+ SecBSD is inclusive. We want SecBSD to be a space where people of all + backgrounds can collaborate to create the best OS for hackers known + to mankind, crafted by a strong and florishing community. Our core + values extend beyond just the development, but encompass SecBSD + as a whole.

+ Diversity is a huge strength and is critical to the long term success + of SecBSD. To that end we have a few ground rules that we ask people + to adhere to. This code applies equally to everyone representing the + SecBSD project. in any way, from new members, to committers, to the core + team itself. These rules are intended to ensure a safe, harassment-free + environment for all and to ensure that everyone feels welcome both + working within, and interacting with, the project.

+ This document is not an exhaustive list of things that you should not + do. Rather, consider it a guide to make it easier to enrich all of us + and the technical communities in which we participate. + This code of conduct applies to all spaces used by the SecBSD project; + online and offline.

+ Respect the opinion, attitude, background, preferences, traits + and human aspects of others.

+ Do not discriminate others, based on any and all aspects - whether + negative or positive.

+ SecBSD is about collaborating, the community and developing + a unix operating system, hacking and share. + The project is not - in any way - a platform to harass others, + including but not limited to unwanted attention, intimidation, + stalking, trolling, sexual attention, etc.

+ Try to substantiate shared information and opinions rather than stating + your opinion as-if it were a fact. +

+

Contributing

+

+ Contribute your expertise and hacking skills by using the + -current branch of + SecBSD.
+ Whether you contribute to the code base or port development, + make sure to use -current.
+

Requirements

+

+ 1. A computer running the last snapshot of SecBSD: + amd64 + | arm64

+ 2. A code editor of your liking (ed, vi, vim, emacs, nano, etc)

+ 3. If an port does not exist for SecBSD. The first thing to do + is ask to Purple Rain + or h3artbl33d + if anyone is working on the port -- there may be one in progress. + If no such port exists, then you may be the maintainer.

+ 4. (Optional) clone the repository that best fits your idea. + You might want to look at the FreeBSD ports + or NetBSD pkgsrc + for inspiration.

+ 5. Submit your work by contacting a core member. We do require + at least one core member signing off commits. +

+

Things worth noting

+

+ We respect your privacy. It is up to you whether you want to disclose + any personal details. If you want to be solely known by your nickname, + you might want to create an identity dedicated to the SecBSD project + (nickname, emailaddress and GPG key). Be sure to route your traffic + over a pseudo-anonymous VPN network or via Tor.

+ While we require a core member signing your contributions, + you and only you are responsible and remain responsible for your + contributions. Eg, if you are contributing a port: keep it up to date + with upstream. If not kept up-to-date, we might consider the port + to be obsolete and eventually remove it.

+ Currently, we do not have an established means of communication, + like IRC/XMPP or a forum. As soon as anything is setup, we'll update + this document accordingly. +

+

+ Overview of the Installation Procedure +

+

+ The SecBSD installer uses a special ramdisk kernel (bsd.rd) + that spawns a live environment running entirely in memory. + It contains the install script and a small number of utilities needed + to perform a complete installation. + These utilities can also be useful for disaster recovery. +

+

+ The ramdisk kernel can be booted from a number of different sources: +

+ CD/DVD
+ USB drive
+ An existing partition
+ Over the network
+ (PXE or other + network boot options)
+ Floppy disk
+ Not every platform supports all of these options. +

+

+ If you have a running SecBSD system, bsd.rd is all you need to + reinstall or upgrade to a newer version. + To do so, + download and verify the new bsd.rd, + place it on an existing filesystem, and boot from it. + The general method of booting bsd.rd is to change your boot kernel + from /bsd to /bsd.rd through whatever means used on + your platform. +

+

+ Booting from bsd.rd on an amd64 system can be done like so:

+ 

+Using drive 0, partition 3.
+Loading......
+probing: pc0 com0 com1 mem[638K 1918M a20=on]
+disk: hd0+ hd1+
+>> SecBSD/amd64 BOOT 3.33
+boot> bsd.rd
+
+

+ This will boot the kernel named bsd.rd from the first partition + of the first recognized hard disk.

+ If you need to specify a different drive or partition, just prefix the + kernel name with its location. + The following example would boot from the fourth partition of the second + hard drive:

+ 

+Using drive 0, partition 3.
+Loading......
+probing: pc0 com0 com1 mem[638K 1918M a20=on]
+disk: hd0+ hd1+
+>> SecBSD/amd64 BOOT 3.33
+boot> boot hd1d:/bsd.rd
+
+

+ SecBSD boot loaders are documented in the architecture-specific + boot(8) man pages. +

+

Pre-installation + Checklist +

+

+ Before you start, you should have some idea what you want to end up with. + A few things worth considering beforehand: +

+

+ Machine name.
+ Hardware installed and available:

+ Verify compatibility with your hardware. + You may want to consult the platform-specific installation notes, + especially if you're using one of the non-x86 CPU architectures. + They contain detailed instructions and any possible caveats: +

+ [amd64] +

If wireless internet is your only option, does your card require + additional firmware + If so, you'll need to manually download it to a USB drive or similar + device, then use the + fw_update(1) tool to + enable it after SecBSD is installed. +

+

Install method to be used.
+ Desired disk layout:
+

+

+ Network settings, if not using DHCP: +

+

+ Downloading SecBSD +

+

+ The following installation images are available: +

+

+ An SHA256 file containing checksums can be found in the same + directory as the installation files. + You can confirm that none of the downloaded files were mangled in transit + using the sha256(1) command. +

+

+ 

+$ sha256 -C SHA256 miniroot*.img
+(SHA256) minirootXX.img: OK
+
+

Or, if you're using an OS with the GNU coreutils:

+ 
+$ sha256sum -c --ignore-missing SHA256
+minirootXX.img: OK
+
+

However, this only checks for accidental corruption. + You can use signify(1) and the + SHA256.sig file to cryptographically verify the downloaded image. +

+ 
+$ signify -Cp /etc/signify/secbsd-14-base.pub -x SHA256.sig install14.img
+Signature Verified
+install14.img: OK
+
+

+ Note that the signify package on other operating systems may not include the + required + public key, or it may be installed in another location. +

+

The installXX.iso and installXX.img images do not + contain an SHA256.sig file, so the installer will complain that + it can't check the signature of the included sets: +

+ 
+Directory does not contain SHA256.sig. Continue without verification? [no]
+
+

+ This is because it would make no sense for the installer to verify them. + If someone were to make a rogue installation image, they could certainly + change the installer to say the files were legitimate.

+ If the image's signature has been verified beforehand, it is safe to answer + "yes" at that prompt. +

+

Creating Install + Media +

+

Flash Drive

+

+ A bootable USB flash drive can be created by attaching the target device and + copying over the image with dd(1). +

+

+ Using SecBSD, assuming the device was recognized as sd1: +

+ 
+# dd if=install14.img of=/dev/rsd1c bs=1m
+
+

+ Note that the raw I/O device is used, rsd1c rather than + sd1c. +

+

+ Details of this will vary on other platforms. + The GNU version of dd will require bs=1M + (note the capital M) + instead. + If you're using a different OS, be sure to select the appropriate device + name: /dev/sdX on Linux or /dev/rdiskX on macOS + for example. +

+

CD-ROMs

+

+ You can create a bootable CD-ROM on SecBSD by using + cdio(1). + 

+# cdio tao cd*.iso
+
+

Performing + a Simple Install +

+

+ The installer is designed to install SecBSD in a very usable default + configuration with a minimum of user intervention. + In fact, you can often just hit <Enter> to get + a good SecBSD install, moving your hands to the rest of the keyboard + only to enter the root password. +

+

+ After the dmesg(8) is shown, + you will see the first installer question: + 

+...
+root on rd0a swap on rd0b dump on rd0b
+erase ^?, werase ^W, kill ^U, intr ^C, status ^T
+
+Welcome to the SecBSD/amd64 X.X installation program.
+(I)nstall, (U)pgrade, (A)utoinstall or (S)hell?
+
+

+ Choose (I)nstall and follow the instructions. +

+

+

File Sets

+
+
bsd +
The kernel (required) +
bsd.mp +
The multi-processor kernel (only on some platforms) +
bsd.rd +
The ramdisk kernel +
baseXX.tgz +
The base system (required) +
compXX.tgz +
The compiler collection, headers and libraries +
manXX.tgz +
Manual pages +
gameXX.tgz +
Text-based games +
xbaseXX.tgz +
Base libraries and utilities for X11 + (requires xshareXX.tgz) +
xfontXX.tgz +
Fonts used by X11 +
xservXX.tgz +
X11's X servers +
xshareXX.tgz +
X11's man pages, locale settings and includes +
+ New users are recommended to install all of them. +

+ Some libraries from xbaseXX.tgz, like freetype or fontconfig, can + be used outside of X by programs that manipulate text or graphics. + Such programs will usually need fonts, either from xfontXX.tgz or + font packages. + For the sake of simplicity, the developers decided against maintaining a minimal + xbaseXX.tgz set that would allow most non-X ports to run. +

+

Performing + a Full Disk Encryption Install +

+

+ Much like RAID, full disk encryption in SecBSD is handled by the + softraid(4) subsystem and + bioctl(8) command. + This section covers installing SecBSD to a single encrypted disk, and is a + very similar process to the previous one. + Note that "stacking" softraid modes (mirrored drives and encryption, for + example) is not supported at this time. +

+

+ Select (S)hell at the initial prompt. + 

+Welcome to the SecBSD/amd64 1.3 installation program.
+(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s
+
+

+ From here, you'll be given a shell within the live environment to manipulate + the disks. + For this example, we will install to the sd0 SATA drive, erasing + all of its previous contents. +

+ Since the installer does not have many device nodes by default, make + sure the /dev/sd0 device exists: + 

+# cd /dev && sh MAKEDEV sd0
+
+

+ You may want to write random data to the drive first with something like the + following: + 

+# dd if=/dev/urandom of=/dev/rsd0c bs=1m
+
+ This can be a very time-consuming process, depending on the speed of your + CPU and disk, as well as the size of the disk. + If you don't write random data to the whole device, it may be possible for an + adversary to deduce how much space is actually being used. +

+ Next, initialize the disk with + fdisk(8) and create the softraid + partition with disklabel(8). +

+

+ If you're booting from MBR, do: + 

+# fdisk -iy sd0
+
+

+ If you use GPT for UEFI booting, do: + 

+# fdisk -iy -g -b 960 sd0
+
+

+ Next, create the partition layout: + 

+# disklabel -E sd0
+Label editor (enter '?' for help at any prompt)
+sd0> a a
+offset: [64]
+size: [39825135] *
+FS type: [4.2BSD] RAID
+sd0*> w
+sd0> q
+No label changes.
+
+ We'll use the entire disk, but note that the encrypted device can be + split up into multiple partitions as if it were a regular hard drive. +

+ Now we can build the encrypted device on our "a" partition. + 

+# bioctl -c C -l sd0a softraid0
+New passphrase:
+Re-type passphrase:
+sd1 at scsibus2 targ 1 lun 0: <SECBSD, SR CRYPTO, 005> SCSI2 0/direct fixed
+sd1: 19445MB, 512 bytes/sector, 39824607 sectors
+softraid0: CRYPTO volume attached as sd1
+
+

+ Instead of a passphrase, you may want to + use a keydisk.
+ Make sure the /dev/sd1 device is accounted for: + 

+# cd /dev && sh MAKEDEV sd1
+
+

+ All data written to sd1 will now be encrypted with AES in XTS mode. +

+ As in the previous example, we'll overwrite the first megabyte of our new + pseudo-device. + 

+# dd if=/dev/zero of=/dev/rsd1c bs=1m count=1
+
+

+ Type exit to return to the main installer, then choose this new + device as the one for your installation. + 

+[...]
+Available disks are: sd0 sd1.
+Which disk is the root disk? ('?' for details) [sd0] sd1
+
+

+ You will be prompted for the passphrase on startup, but all other operations + should be handled transparently. +

Using a Keydisk

+

As an alternative to using a passphrase, it's possible to use a key + stored on a separate device (e.g. a USB stick) to unlock your encrypted disk. +

+

Initialize your keydisk with + fdisk(8), then use + disklabel(8) + to create a 1 MB RAID partition for the key data. + If your keydisk is sd1 and the drive you want to encrypt is + sd0, the output will look something like this: + 

+# bioctl -c C -k sd1a -l sd0a softraid0
+sd2 at scsibus3 targ 1 lun 0: <SECBSD, SR CRYPTO, 005> SCSI2 0/direct fixed
+sd2: 19445MB, 512 bytes/sector, 39824607 sectors
+softraid0: CRYPTO volume attached as sd2
+
+

+ You won't be prompted to enter a passphrase because you used a keydisk instead. + The keydisk must be inserted at startup time. +

You can backup and restore your keydisk using + dd(1): + 

+# dd bs=8192 skip=1 if=/dev/rsd1a of=backup-keydisk.img
+# dd bs=8192 seek=1 if=backup-keydisk.img of=/dev/rsd1a
+
+

Security Updates

+

+ When a critical bug is found, the fix will be committed to the -current tree + (and made available in snapshot builds) + as soon as possible. + From that point on, things are handled differently depending on whether the + problem was in the SecBSD base system or a third party package. + This section details how to keep your system up to date between releases. +

+ For the SecBSD base system, security fixes are normally applied to the + two most recent releases. + There are four options: +

+

+

+

+ For third party software installed via packages, + fixes are normally only applied to the most recent release. + There are three options: +

+

Executing Commands + as Another User +

+

+ The doas(1) tool lets a system + administrator permit certain users to run specific commands as another user. + Regular users can run administrative commands, only being required to + authenticate as themselves, without the need for the root password. +

+

+ For example, if appropriately configured, the following command would display + root's crontab(5) file: + 

+$ doas -u root crontab -l
+
+

+ Commands invoked by doas(1) + are logged to /var/log/secure by default. + Check the doas.conf(5) manual + for configuration examples. +

Introduction

+

+ There are many applications one might want to use on an SecBSD system. + To make this software easier to install and manage, it is ported + to SecBSD and packaged. + The aim of the package system is to keep track of which software gets + installed, so that it may be easily updated or removed. + In minutes, a large number of packages can be fetched and installed, with + everything put in the right place. +

+

+ The ports collection does not go through the same thorough security + audit that is performed on the SecBSD base system. + Although we strive to keep the quality of the packages high, we just do not + have enough resources to ensure the same level of robustness and security. +

+

+ The SecBSD ports team considers packages to be the goal of their porting + work, not the ports themselves. + In general, you are advised to use packages over building an application + from ports. +

+

+ Packages can be easily managed with the help of several utilities: +

+

+ In order to run properly, application X may require that other applications + Y and Z be installed. + Application X is said to be dependent on these other applications, which is + why Y and Z are called dependencies of X. + In turn, Y may require other applications P and Q, and Z may require + application R to function properly. + This way, a whole dependency tree is formed.

+ Packages look like simple .tgz bundles. Basically they are just that, + but there is one crucial difference: they contain some extra packing + information. This information is used by pkg_add(1) for several purposes: +

+

+

+

Installing Packages

+

+ The pkg_add(1) utility is used + to install packages. + If multiple flavors of a package exist, you will be prompted to choose which + one you want to install. + 

+# pkg_add rsync
+Ambiguous: choose package for rsync
+a       0: <None>
+        1: rsync-3.1.2p0
+        2: rsync-3.1.2p0-iconv
+Your choice:
+
+

+ Here you would select 1 if you want the standard package or 2 + if you need iconv support. + You can also choose the flavor directly on the command line by using + pkg_add rsync-- (for the default) or + pkg_add rsync--iconv (for the iconv flavor). +

+

+ It is possible to specify multiple package names on one line, which then + all get installed at once, along with their dependencies. + You may also specify the absolute location of a package, be it a local + file or remote URL. + Supported URL prefixes are http, https, ftp and scp. +

+

+ For some packages, important additional information will be given about + the configuration or use of the application. + 

+# pkg_add jove
+jove-4.16.0.73p0: ok
+--- +jove-4.16.0.73p0 -------------------
+See /usr/local/share/jove/README about changes to /etc/rc or
+/etc/rc.local so that the system recovers jove files
+on reboot after a system crash
+
+ Additionally, some packages provide configuration and other information + in a file located in /usr/local/share/doc/pkg-readmes. +

+ For your safety, if you are installing a package which you had installed + earlier and removed, configuration files which have been modified will + not be overwritten. + The same is true for when you upgrade a package. +

+

+ Sometimes you may encounter an error like the one in the following example: + 

+# pkg_add xv
+quirks-2.367 signed on 2017-10-03T11:21:28Z
+xv-3.10ap4:jpeg-6bp3: ok
+xv-3.10ap4:png-1.2.14p0: ok
+xv-3.10ap4:tiff-3.8.2p0: ok
+Can't install xv-3.10ap15 because of libraries
+|library X11.16.1 not found
+| not found anywhere
+Direct dependencies for xv-3.10ap15 resolve to png-1.6.31 jasper-1.900.1p5 tiff-4.0.8p1 jpeg-1.5.1p0v0
+Full dependency tree is png-1.6.31 tiff-4.0.8p1 jasper-1.900.1p5 jpeg-1.5.1p0v0
+
+

+ The packing information bundled in the package includes information + about shared libraries that the package expects to be installed. + If one of the required libraries can't be found, the package is not + installed because it would not function anyway. +

+

+ There are several things to check: +

+

Updating Packages

+

+ Let's say you had an older version of unzip installed before upgrading this + box to the latest SecBSD release. + You can easily upgrade the package to the newer version like this: + 

+# pkg_add -u unzip
+unzip-5.52->unzip-5.52p0: ok
+Read shared items: ok
+
+

+ When a package has dependencies, they are also examined for updates. + Invoking pkg_add(1) with + only the -u flag will try to update all installed packages. + This is highly recommended over updating individual packages on their own. +

+

Removing Packages

+

+ To remove a package, simply take the name of the package and use + pkg_delete(1). + 

+# pkg_delete screen
+screen-4.0.3p6: ok
+Read shared items: ok
+
+ Again, modified configuration files will not be removed. + Unneeded dependencies can be trimmed by running pkg_delete -a + at any time. +

Network Configuration

+

+ Network configuration in SecBSD is done with text files in /etc. + Typically, these settings are initially configured during the + installation process. +

Identifying and Setting Up Your Network Interfaces

+

+ Interfaces are named by the type of card, not the type of connection. + For example, here's a dmesg(8) + snippet for an Intel Fast Ethernet network card: + 

+fxp0 at pci0 dev 10 function 0 "Intel 82557" rev 0x0c: irq 5, address 00:02:b3:2b:10:f7
+inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
+
+

+ This device uses the fxp(4) driver + and is assigned the number 0 here. +

+ You can find out what network interfaces have been identified by using the + ifconfig(8) utility. + The following command will show all network interfaces on a system. + 

+$ ifconfig
+lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33200
+        index 3 priority 0 llprio 3
+        groups: lo
+        inet 127.0.0.1 netmask 0xff000000
+fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
+        lladdr 00:02:b3:2b:10:f7
+        index 1 priority 0 llprio 3
+        media: Ethernet autoselect (100baseTX full-duplex)
+        status: active
+        inet 10.0.0.38 netmask 0xffffff00 broadcast 10.0.0.255
+enc0: flags=0<>
+        index 2 priority 0 llprio 3
+        groups: enc
+        status: active
+pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200
+        index 4 priority 0 llprio 3
+        groups: pflog
+
+ This sample shows only one physical Ethernet interface: fxp0. + An IP is configured on it, hence the values + inet 10.0.0.38 netmask 0xffffff00 broadcast 10.0.0.255. + The UP and RUNNING flags are also set on it. +

+ The netstart(8) script configures + network interfaces at boot time using + hostname.if(5) files, where + "if" is replaced by the full name of each interface. + The example above would use the file /etc/hostname.fxp0, containing + the following options: + 

+inet 10.0.0.38 255.255.255.0
+
+

+ This hostname.fxp0 file also has an interactive equivalent: + 

+# ifconfig fxp0 10.0.0.38 255.255.255.0
+
+

+ Finally, you will notice several other interfaces come enabled by default. + These are virtual interfaces that serve various functions. + The following manual pages describe them: +

+

+ Other virtual interfaces can be added with + ifconfig(8)'s create + subcommand. +

Wireless Networking

+

+ SecBSD has support for + a number of + wireless chipsets. + Further supported devices can be found in + usb(4) and + pci(4). + The precise extent of their support is described in the driver man pages. +

+

+ The following cards support Host-based Access Point (HostAP) mode, permitting + them to be used as a wireless access point: +

+

+ The ifconfig(8) + media subcommand shows media capabilities of network interfaces. + For wireless devices, it displays supported 802.11a/b/g/n media modes and the + supported operating modes (hostap, ibss, + monitor). + For example, to see media capabilities of interface ath0, type: + 

+$ ifconfig ath0 media
+
+

+ In order to use some wireless cards, you will need to acquire firmware files + with fw_update(1). + Some manufacturers refuse to allow free + distribution of their firmware, so it can't be included with SecBSD. +

+ Another option to consider: use a conventional NIC and an external bridging + wireless access point for your SecBSD-based firewall. + This has the added advantage of letting you easily position the antenna where it + is most effective, which is often not directly on the back of your firewall. +

+

Configuring Your Wireless Adapter

+

+ Adapters based on supported chips can be used like any other network interface. + To connect an SecBSD system to an existing wireless network, use the + ifconfig(8) utility. +

+

+ An example of a hostname.if(5) + file for a wireless client might be: + 

+nwid puffyuberalles wpakey passwordhere
+dhcp
+
+

+ Or, for multiple access points: + 

+join home-net wpakey passwordhere
+join work-net wpakey passwordhere
+join cafe-wifi
+dhcp
+
+

+ Note that the dhcp keyword should be after the other configuration + lines, as the network adapter will not be able to send a DHCP request until + it is configured. +

+

Trunking Your Wireless Adapter

+

+ Trunks are virtual interfaces consisting of one or more network interfaces. + In this section, our example will be a laptop with a wired + bge0 interface and a wireless + iwn0 interface. + We will build a trunk(4) interface + using both of them. +

+

+ To do this, we first activate the two physical ports, then assign them to + trunk0. + 

+# echo up > /etc/hostname.bge0
+
+

+ The wireless interface, however, needs a bit more configuration. + It will need to attach to our wireless WPA-protected network: + 

+$ cat /etc/hostname.iwn0
+nwid puffynet wpakey mysecretkey
+up
+
+

+ Now, our trunk interface is defined like this: + 

+$ cat /etc/hostname.trunk0
+trunkproto failover trunkport bge0
+trunkport iwn0
+dhcp
+
+ The trunk is set up in failover mode, + so either interface can be used. + If both are available, it will prefer the bge0 port, + since that is the first one added to the trunk device. +

Installation and configuration XFCE.

+ By 0xdarkpadr3 +

Setting doas

+

+ Login as root and create doas.conf file. +

+ 
+# echo "permit keepenv :wheel" > /etc/doas.conf
+
+

+ Logout and then login as a user. +

+

Installing Xfce

+ 
+$ doas pkg_add -v xfce xfce-extras consolekit2
+$ vi ~/.xsession and uncomment the line 14 exec /usr/local/bin/startxfce4 --with-ck-launch
+$ save and quit :wq!
+
+

+

Enable and start daemons

+ 
+$ doas rcctl enable messagebus xenodm
+$ doas rcctl start messagebus xenodm
+$ doas reboot
+
+

+ It is recommended to run X with the xenodm display manager, once it offers + some important security benefits over the traditional startx command. +

+ + If you find any problems, read the .xsession-errors file log. +

See also

+ +
+ + diff --git a/download.html b/download.html new file mode 100644 index 0000000..c6501ef --- /dev/null +++ b/download.html @@ -0,0 +1,153 @@ + + + + + Download SecBSD & Create Bootable OS Image + + + + + + +
+ +
+
+

Download SecBSD & Create Bootable OS Image

+

+ Installation images .img and .iso are available on main SecBSD mirror:

+ + https://mirror.secbsd.org/pub/SecBSD/snapshots/amd64/

+ + Laylo mirror, Netherlands:

+ + https://mirror.laylo.nl/pub/SecBSD/snapshots/amd64/

+ + Tor Onion service by Laylo:

+ + http://zqsjg25lnx7zratmne3dhbcqt5paehitom3qp2rjmwttuy7gzbzqwayd.onion/pub/SecBSD/

+ To install SecBSD from either an USB flash drive download install14.img
+ If you want to install SecBSD from either an optic medium as CD-ROM / DVD + download install14.iso +

+

Prepare a bootable USB flash drive with SecBSD Installer

+

From:

+

+

+

+ SecBSD / OpenBSD +

+

+ 

+$ cd /tmp
+$ ftp https://mirror.secbsd.org/pub/SecBSD/snapshots/secbsd-14-base.pub
+$ ftp https://mirror.secbsd.org/pub/SecBSD/snapshots/amd64/{install14.img,SHA256.sig}
+$ signify -Cp secbsd-14-base.pub -x SHA256.sig install14.img
+Signature Verified
+install14.img: OK
+
+

Plug in an usb flash drive.

+ 
+$ sysctl hw.disknames
+hw.disknames=sd0:xxxxxxxxxxxxxxxx,sd1:xxxxxxxxxxxxxxxx
+
+

Assuming the device was recognized as sd1:

+ 
+$ doas dd if=install14.img of=/dev/rsd1c bs=1m
+664+1 records in
+664+1 records out
+696745984 bytes transferred in 72.198 secs (9650464 bytes/sec)
+
+ You are now ready to start installing SecBSD.
+

+ Now boot on usb flash drive created and perform a install.
+

+ How to install XFCE Desktop on SecBSD. + +

+ HardenedBSD / FreeBSD +

+

+ 

+$ cd /tmp
+$ curl -O https://mirror.secbsd.org/pub/SecBSD/snapshots/secbsd-14-base.pub
+$ curl -O https://mirror.secbsd.org/pub/SecBSD/snapshots/amd64/{install14.img,SHA256.sig}
+$ signify -Cp secbsd-14-base.pub -x SHA256.sig install14.img
+
+

Plug in an usb flash drive.

+ 
+$ su
+root@hardenedbsd:~ # camcontrol devlist
+SanDisk Cruzer Blade 1.26        at scbus5 target 0 lun 0 (da0,pass1)
+
+

+ Assuming your usb device was recognized as da0: + 

+root@hardenedbsd:~ # dd if=install14.img of=/dev/da0 bs=1M conv=sync
+665+0 records in
+665+0 records out
+697303040 bytes transferred in 83.083902 secs (8392757 bytes/sec)
+root@hardenedbsd:~ #
+
+ You are now ready to start installing SecBSD.
+

+ Now boot on usb flash drive created and perform a install.
+

+ How to install XFCE Desktop on SecBSD. + +

+ NetBSD +

+

+ 

+$ cd /tmp
+$ ftp https://mirror.secbsd.org/pub/SecBSD/snapshots/amd64/install14.img
+
+

Plug in an usb flash drive.

+ 
+$ su
+dd if=install14.img of=/dev/rsd0d bs=1m
+
+

In the previous command we have used rsd0d in order to refer to the whole sd0 disk.

+ You are now ready to start installing SecBSD.
+ +

+ Now boot on usb flash drive created and perform a install.
+

+ How to install XFCE Desktop on SecBSD. +

+ Mac +

+

Please create the SecBSD installation guide for Mac and send it to purplerain@secbsd.org

+

+ Windows +

+

Please create the SecBSD installation guide for Windows and send it to purplerain@secbsd.org

+

+ GNU/Linux +

+

Please create the SecBSD installation guide for GNU/Linux and send it to purplerain@secbsd.org

+
+ + diff --git a/faq.html b/faq.html new file mode 100644 index 0000000..b3fa5a6 --- /dev/null +++ b/faq.html @@ -0,0 +1,110 @@ + + + + + SecBSD F.A.Q. + + + + + + +
+ +
+
+ + Frequently Asked Questions +
+

What is the current state of the project?

+

SecBSD 1.4-f669713 is 100% functional. + Detailed explanations for installation can be found in + Docs +

+

How do I contribute to SecBSD?

+

We are currently looking for Unix + wizards, C, Perl, Python, Go, Rust and Ruby + programmers. +

+

How do I get the source code?

+

src https://code.laylo.cloud/SecBSD/src
+

ports https://code.laylo.cloud/SecBSD/ports
+

xenocara https://code.laylo.cloud/SecBSD/xenocara
+

www https://code.laylo.cloud/SecBSD/www
+ +

+

I want to help, but I'm not a programmer. How can I support?

+

This is a list + of hardware that could help our project. +

+

How is the installation process?

+

Simple text mode installer, SecBSD + installs in less than 5 minutes. Despite we not are + desktop fans to ensure that new users of SecBSD use as a + desktop daily driver, we added an easy desktop flavor + installer for XFCE4, Mate, Gnome, i3, Lumina, LXQt + and others. See + screenshots. +

+

Where i can download .img or .iso?

+

The most up-to-date file can be found at + https://mirror.secbsd.org/pub/SecBSD + See mirrors. +

+

Supported architectures?

+

SecBSD runs on AMD's Athlon-64 family + of processors in 64-bit mode. It also runs on processors + made by other manufacturers which have cloned the AMD64 + extensions. More info. +

+

How can I trust SecBSD?

+ +

How can I donate to SecBSD?

+

We don't take donations. SecBSD is a + starting project, building forth and depending upon the + awesome work of the OpenBSD project. This, we kindly ask + you to donate to the + OpenBSD + Foundation instead. That is - indirectly - also a + donation to SecBSD but goes a much longer way. +

+

Who design the website and SecBSD stuff?

+

The best artist + we known: Banshee. +

+

How can I contact SecBSD?

+

Through email: + purplerain@secbsd.org or + h3artbl33d@secbsd.org +

+

License

+

See License +

+

Last updated date of SecBSD website?

+

Tue Jan 9 02:09:32 CET 2024. +

+
+ + diff --git a/hardware.html b/hardware.html new file mode 100644 index 0000000..43a7a5b --- /dev/null +++ b/hardware.html @@ -0,0 +1,66 @@ + + + + + Hardware Donation + + + + + + +
+ +
+
+
HARD
+
WARE
+
+ Interested in supporting us? +
+

Hardware wanted:

+
    +
  • Laptop or Desktop: mint condition is desirable. +
    • +
  • SSDs: For test machines and backup. Every + disk is appreciated. +
    • +
  • Devices: WiFi Pineapple, HackRF One, Proxmark3, LAN Turtle, + LAN Tap Pro, Packet Squirrel, Chameleon Tiny Pro. +
    • +
  • Boards: Raspberry Pi 3/4, BeagleBone, APU, NanoPi A64, + Raspberry Pi Zero, Orange Pi. +
    • +
+

You don't have hardware but you still want to help us?

+
    +
  • Spread the word in your social media. #SecBSD
    • +
  • Be a SecBSD advocate. We need hackers sharing ideas all over + the world. +
    • +
  • Prepare an Write-Up using SecBSD and share your knowledge + and hacking skills to the community. +
    • +
  • Attend our hackathons. We want to solve big problems and + hack everything. +
    • +
+
+
+
+ + diff --git a/img/0xdarkpadr3.png b/img/0xdarkpadr3.png new file mode 100644 index 0000000..c9a51c4 Binary files /dev/null and b/img/0xdarkpadr3.png differ diff --git a/img/0xdeadbea7.png b/img/0xdeadbea7.png new file mode 100644 index 0000000..6ccd2da Binary files /dev/null and b/img/0xdeadbea7.png differ diff --git a/img/about.png b/img/about.png new file mode 100644 index 0000000..4795d8e Binary files /dev/null and b/img/about.png differ diff --git a/img/arthome.png b/img/arthome.png new file mode 100644 index 0000000..b6eb8b5 Binary files /dev/null and b/img/arthome.png differ diff --git a/img/banshee.png b/img/banshee.png new file mode 100644 index 0000000..330b8c6 Binary files /dev/null and b/img/banshee.png differ diff --git a/img/bg.png b/img/bg.png new file mode 100644 index 0000000..cda578a Binary files /dev/null and b/img/bg.png differ diff --git a/img/bsdbandit.png b/img/bsdbandit.png new file mode 100644 index 0000000..4b02712 Binary files /dev/null and b/img/bsdbandit.png differ diff --git a/img/cwm.png b/img/cwm.png new file mode 100644 index 0000000..efe4e60 Binary files /dev/null and b/img/cwm.png differ diff --git a/img/git-laylo.png b/img/git-laylo.png new file mode 100644 index 0000000..6f016cb Binary files /dev/null and b/img/git-laylo.png differ diff --git a/img/h3artbl33d.png b/img/h3artbl33d.png new file mode 100644 index 0000000..aea29f2 Binary files /dev/null and b/img/h3artbl33d.png differ diff --git a/img/logo.png b/img/logo.png new file mode 100644 index 0000000..1af62c3 Binary files /dev/null and b/img/logo.png differ diff --git a/img/mastodon.png b/img/mastodon.png new file mode 100644 index 0000000..a90b5e3 Binary files /dev/null and b/img/mastodon.png differ diff --git a/img/purplerain.png b/img/purplerain.png new file mode 100644 index 0000000..5aa9ec0 Binary files /dev/null and b/img/purplerain.png differ diff --git a/img/secbsd-core-team.png b/img/secbsd-core-team.png new file mode 100644 index 0000000..2a6cf65 Binary files /dev/null and b/img/secbsd-core-team.png differ diff --git a/img/secbsd-mate.jpg b/img/secbsd-mate.jpg new file mode 100644 index 0000000..7c6106e Binary files /dev/null and b/img/secbsd-mate.jpg differ diff --git a/img/secbsd-xfce.jpg b/img/secbsd-xfce.jpg new file mode 100644 index 0000000..b6fc8af Binary files /dev/null and b/img/secbsd-xfce.jpg differ diff --git a/img/twitter.png b/img/twitter.png new file mode 100644 index 0000000..6291254 Binary files /dev/null and b/img/twitter.png differ diff --git a/index.html b/index.html new file mode 100644 index 0000000..4b0708c --- /dev/null +++ b/index.html @@ -0,0 +1,59 @@ + + + + + SecBSD + + + + + + +
+ +
+
+

SecBSD

+

+ Welcome to our passionate community-driven project!

+ We're dedicated to developing a security-focused UNIX-like + operating system based on the renowned OpenBSD.

+ SecBSD is designed to meet the needs of security researchers, + pentesters, bug hunters, cybersecurity professionals, hacktivists, + and privacy-conscious individuals. +

+

+ At the core of our development process is the same philosophy as OpenBSD, + emphasizing robust security, privacy protection, and strong cryptography by + default. +

+

+ Join a vibrant community of like-minded individuals and gain valuable insights + from BSD users through our collaborative forum. Our commitment to open source + principles ensures transparency, fostering innovation and shared learning. +

+
2024
+
+
+ [Artwork] +
+
+ +
+ + diff --git a/license.html b/license.html new file mode 100644 index 0000000..8ea9775 --- /dev/null +++ b/license.html @@ -0,0 +1,49 @@ + + + + + SecBSD License + + + + + + +
+ +
+
+ + License
+ 
+Copyright (c) 2018-2024 Purple Rain purplerain@secbsd.org
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+
+ + diff --git a/license.template b/license.template new file mode 100644 index 0000000..c2af99e --- /dev/null +++ b/license.template @@ -0,0 +1,25 @@ +Below is an example license to be used for new code in SecBSD, +modeled after the ISC license. + +It is important to specify the year of the copyright. Additional years +should be separated by a comma, e.g. + Copyright (c) 2020, 2023 + +If you add extra text to the body of the license, be careful not to +add further restrictions. + +/* + * Copyright (c) YYYY YOUR NAME HERE + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ diff --git a/mirrors.html b/mirrors.html new file mode 100644 index 0000000..aa06bd3 --- /dev/null +++ b/mirrors.html @@ -0,0 +1,86 @@ + + + + + SecBSD Mirrors + + + + + + +
+ +
+
+ + SecBSD Mirrors

+

Download via HTTPS. +

+

SecBSD can be obtained via HTTPS. + Typically you only need a single small piece of boot media and then the rest + of the files can be installed from a number of locations, including directly + off the internet. + Consult the installation guide for details. +

+

Choose a mirror near you from the following list of mirrors + which provide SecBSD. +

+ Netherlands: +
    +
  • https://mirror.secbsd.org/pub/SecBSD
    + Location: Amsterdam.
    + Maintained by Purple Rain.
    + Protocols: https.

    +
    • +
  • https://mirror.laylo.nl/pub/SecBSD
    + Location: Amsterdam.
    + Maintained by h3artbl33d.
    + Protocols: https.
    + Updated hourly from mirror.secbsd.org

    +
    • +
+

Information for prospective mirrors

+

To be listed on this page we require mirrors + to be fast, up to date, capable, and well-connected to networks + in the region in which they serve. +

+

Mirrors must carry the following:

+

OS and packages for all architectures supported + by SecBSD. +

+

As of Jan 2024, the minimum space required is approximately + 250GB. +

+

However, to reduce problems for users when snapshot + packages are updated, + it is strongly recommended to use the rsync options + --delete-delay --delay-updates which requires additional space + during updates. + --fuzzy may also be helpful to reduce the amount of data transferred + when updating snapshot packages. Depending on the disk space + available, mirrors may provide more contents, such as older releases, + current source tree, etc. +

+

Operators of mirrors who are interested in having their site added + to the list on this page should contact purplerain@secbsd.org with + further details about their site, including network connectivity, + geographic location, and general information. +

+
+ + diff --git a/policy.html b/policy.html new file mode 100644 index 0000000..b523373 --- /dev/null +++ b/policy.html @@ -0,0 +1,410 @@ + + + + + SecBSD: Copyright Policy + + + + + + +
+ +
+
+ + SecBSD Copyright Policy

+

Goal. +

+

+Copyright law is complex, SecBSD policy is simple — SecBSD strives to +provide code that can be freely used, copied, modified, and distributed +by anyone and for any purpose. This maintains the spirit of the original +Berkeley Software Distribution. The preferred wording of a license to be +applied to new code can be found in the +license template. +

+

+SecBSD can exist as it does today because of the example set by the +Computer Systems Research Group at Berkeley and the battles which they +and others fought to create a Unix source distribution un-encumbered +by proprietary code and commercial licensing. +

+

+The ability of a freely redistributable "Berkeley" Unix +to move forward on a competitive basis with other operating systems depends +on the willingness of the various development groups to exchange code amongst +themselves and with other projects. +Understanding the legal issues surrounding copyright is fundamental to +the ability to exchange and re-distribute code, while honoring the spirit of +the copyright and concept of attribution is fundamental to promoting the +cooperation of the people involved. +

+

The Berkeley Copyright

+

+The original Berkeley copyright poses no restrictions on private or commercial +use of the software and imposes only simple and uniform requirements +for maintaining copyright notices in redistributed versions and +crediting the originator of the material only in +advertising. +

+

For instance:

+

+

+ * Copyright (c) 1982, 1986, 1990, 1991, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+
+

+Berkeley rescinded the 3rd term (the advertising term) on 22 July 1999. +Verbatim copies of the Berkeley license in the SecBSD tree have that +term removed. In addition, many 3rd-party BSD-style licenses consist +solely of the first two terms. +

+

+Because the SecBSD copyright imposes no conditions beyond those +imposed by the Berkeley copyright, SecBSD can hope to share the same +wide distribution and applicability as the Berkeley distributions. +It follows however, that SecBSD cannot include material which +includes copyrights which are more restrictive than the Berkeley +copyright, or must relegate this material to a secondary status, +i.e. SecBSD as a whole is freely redistributable, but some optional +components may not be. +

+

Copyright Law

+

+While the overall subject of copyright law is far beyond the scope of +this document, some basics are in order. Under the current copyright law, +copyrights are implicit in the creation of a new work and reside with +the creator. In general the copyright applies +only to the new work, not the material the work was derived from, nor +those portions of the derivative material included in the new work. +

+

+Copyright law admits to three general categories of works: +

+
Original Work +
A new work that is not derived from an existing work. +
Derivative Work +
Work that is derived from, includes or amends existing works. +
Compilation +
A work that is a compilation of existing new and derivative works. +
+

+The fundamental concept is that there is primacy of the copyright, that +is a copyright of a derivative work does not affect the rights held by +the owner of the copyright of the original work, rather only the part +added. Likewise the copyright of a compilation does not affect the rights +of the owner of the included works, only the compilation as an entity. +

+

+It is vitally important to understand that copyrights are broad protections +as defined by national and international copyright law. The "copyright +notices" usually included in source files are not copyrights, but rather +notices that a party asserts that they hold copyright to the material or +to part of the material. Typically these notices are associated with +license terms which grant permissions subject to copyright law and with +disclaimers that state the position of the copyright holder/distributor +with respect to liability surrounding use of the material. +

+

+By international law, specifically the Berne Convention for the +Protection of Literary and Artistic Works, part of the author's +copyright, the so-called moral rights, are inalienable. This +includes the author's right "to claim authorship of the work and +to object to any distortion, mutilation or other modification of, +or other derogatory action in relation to, the said work, which +would be prejudicial to his honor or reputation". In some countries, +the law reserves additional inalienable moral rights to the author. +On the other hand, the author is free to transfer other parts +of his copyright, the so-called economic rights, in particular the +rights to use, copy, modify, distribute, and license the work. +

+

Permissions — the flip side

+

+Because copyrights arise from the creation of a work, rather than through +a registration process, there needs to be a practical way to extend +permission to use a work beyond what might be allowed by "fair use" +provisions of the copyright laws. +

+

+This permission typically takes the form of a "release" or "license" +included in the work, which grants the additional uses beyond those +granted by copyright law, usually subject to a variety of conditions. +At one extreme sits "public domain" where the originator asserts that +he imposes no restrictions on use of the material, at the other +restrictive clauses that actually grant no additional rights or impose +restrictive, discriminatory or impractical conditions on use of the work. +

+

+Note that a license is not to be confused with a copyright transfer. +While a transfer would give the new copyright holder exclusive +rights to use the code and take these rights away from the author, +a license typically grants additional people non-exclusive +rights to use the code, while the authors retain all their rights. +

+

+The above observations regarding moral rights imply that putting +code under an ISC or two-clause BSD license essentially makes the +code as free as it can possibly get. Modifying the wording of these +licenses can only result in one of the three following effects: + +

    +
  • making the code less free by adding additional restrictions +regarding its use, copying, modification or distribution; +
  • or effectively not changing anything by merely changing the wording, +but not changing anything substantial regarding the legal content; +
  • or making the license illegal by attempting to deprive the +authors of rights they cannot legally give away. +
+

+Again, an important point to note is that the release and conditions can +only apply to the portion of the work that was originated by the copyright +holder—the holder of a copyright on a derivative work can neither +grant additional permissions for use of the original work, nor impose more +restrictive conditions for use of that work. +

+

+Because copyright arises from the creation of a work and not the text +or a registration process, removing or altering a copyright notice or +associated release terms has no bearing on the existence of the copyright, +rather all that is accomplished is to cast doubt upon whatever rights the +person making the modifications had to use the material in the first place. +Likewise, adding terms and conditions in conflict with the original terms +and conditions does not supersede them, rather it casts doubts on the rights +of the person making the amendments to use the material and creates confusion +as to whether anyone can use the amended version or derivatives thereof. +

+

+Finally, releases are generally binding on the material that they +are distributed with. This means that if the originator of a work distributes +that work with a release granting certain permissions, those permissions +apply as stated, without discrimination, to all persons legitimately +possessing a copy of the work. That means that having granted a permission, +the copyright holder can not retroactively say that an individual or class +of individuals are no longer granted those permissions. Likewise should +the copyright holder decide to "go commercial" he can not revoke permissions +already granted for the use of the work as distributed, though he may impose +more restrictive permissions in his future distributions of that work. +

+

Specific Cases

+

+This section attempts to summarize the position of SecBSD relative to +some commonly encountered copyrights. +

+

+Again, an important point to note is that the release and conditions can +only apply to the portion of the work that was originated by the copyright +holder—the holder of a copyright on a derivative work can neither +grant additional permissions for use of the original work, nor impose more +restrictive conditions for use of that work. +

+
Berkeley
+

+The Berkeley copyright is the model for the SecBSD copyright. It retains +the rights of the copyright holder, while imposing minimal conditions on +the use of the copyrighted material. Material with Berkeley copyrights, +or copyrights closely adhering to the Berkeley model can generally be +included in SecBSD. +

+ +
AT&T

+As part of its settlement with AT&T, Berkeley included an +AT&T copyright notice on some of the files in 4.4BSD lite and lite2. +The terms of this license are identical to the standard Berkeley license. +

+

+Additionally, SecBSD includes some other AT&T code with non-restrictive +copyrights, such as the reference implementation of +awk. +

+
Caldera

+The original Unix code (AT&T versions 1 through 7 UNIX, including 32V) +was freed by Caldera, Inc. on 23 January 2002 and is now available under a +4-term BSD-style license. +As a result, it would theoretically be possible to incorporate original +Unix code into SecBSD. However, that code is now so old that it does not +satisfy today's interface and quality standards. +

+
DEC, Sun, other manufacturers/software houses.

+In general SecBSD does not include material copyrighted by manufacturers +or software houses. Material may be included where the copyright owner has +granted general permission for reuse without conditions, with terms similar +to the Berkeley copyright, or where the material is the product of an +employee and the employer's copyright notice effectively releases any +rights they might have to the work. +

+
Carnegie-Mellon (CMU, Mach)

+The Carnegie-Mellon copyright is similar to the Berkeley copyright, except +that it requests that derivative works be made available to Carnegie-Mellon. +Because this is only a request and not a condition, such material can still +be included in SecBSD. It should be noted that existing versions of Mach +are still subject to AT&T copyrights, which prevents the general +distribution of Mach sources. +

+
Apache

+The original Apache license was similar to the Berkeley license, +but source code published under version 2 of the Apache license is +subject to additional restrictions and cannot be included into SecBSD. +In particular, if you use code under the Apache 2 license, some of +your rights will terminate if you claim in court that the code +violates a patent. +

+

+A license can only be considered fully permissive if it allows use +by anyone for all the future without giving up any of their rights. +If there are conditions that might terminate any rights in the +future, or if you have to give up a right that you would otherwise +have, even if exercising that right could reasonably be regarded +as morally objectionable, the code is not free. +

+

+Again, an important point to note is that the release and conditions can +only apply to the portion of the work that was originated by the copyright +holder—the holder of a copyright on a derivative work can neither +grant additional permissions for use of the original work, nor impose more +restrictive conditions for use of that work. +

+

+In addition, the clause about the patent license is problematic because +a patent license cannot be granted under Copyright law, but only under +contract law, which drags the whole license into the domain of contract +law. But while Copyright law is somewhat standardized by international +agreements, contract law differs wildly among jurisdictions. So what +the license means in different jurisdictions may vary and is hard to +predict. +

+
ISC

+The ISC copyright is functionally equivalent to a two-term BSD +copyright with language removed that is made unnecessary by the +Berne convention. This is the preferred license for new code +incorporated into SecBSD. A sample license is available in the file +license.template. +

+
GNU General Public License, GPL, LGPL, copyleft, etc.

+The GNU Public License and licenses modeled on it impose the restriction +that source code must be distributed or made available for all works that +are derivatives of the GNU copyrighted code. +

+

+While this may superficially look like a noble strategy, it is a +condition that is typically unacceptable for commercial use of software. +So in practice, it usually ends up hindering free sharing and reuse +of code and ideas rather than encouraging it. +As a consequence, no additional software bound by the GPL terms +will be considered for inclusion into the SecBSD base system. +

+

+For historical reasons, the SecBSD base system still includes the +following GPL-licensed components: the GNU compiler collection (GCC) +with supporting binutils and libraries, GNU CVS, GNU texinfo, +the mkhybrid file system creation tool, and the +readline library. Replacement by equivalent, more freely licensed +tools is a long-term desideratum. +

+
OpenBSD

+SecBSD is fully based on and evolved from OpenBSD. +The general OpenBSD license terms permit such use, copy, modify, +and distribute this software for any purpose. +OpenBSD license can generally be included in SecBSD. +

NetBSD

+Much of OpenBSD is originally based on and evolved from NetBSD, since some +of the OpenBSD developers were involved in the NetBSD project. The general +NetBSD license terms are compatible with the Berkeley license and permit +such use. Material subject only to the general NetBSD +license can generally be included in SecBSD. +

+
FreeBSD

+Most of FreeBSD is also based on Berkeley licensed material or includes +copyright notices based on the Berkeley model. Such material can be +included in SecBSD, while those parts that are subject to GPL or +various individual copyright terms that are at odds with the SecBSD license +can not be included in SecBSD. +

+
Linux

+Most of Linux is subject to GPL style licensing terms and therefore +can not be included in SecBSD. Individual components may be eligible, +subject to the terms of the originator's copyright notices. Note that +Linux "distributions" may also be subject to additional copyright claims +of the distributing organization, either as a compilation or on material +included that is not part of the Linux core. +

+
X.Org

+The X.Org Foundation maintains and distributes the X Window System +under a modified MIT license, which is quite similar to the BSD +license and additionally allows sublicensing. Under the name of +Xenocara, the SecBSD base system includes an improved and actively +maintained version of the X.Org code. +

+
Shareware, Charityware, Freeware, etc.

+Most "shareware" copyright notices impose conditions for redistribution, +use or visibility that are at conflict with the SecBSD project goals. +Review on a case-by-case basis is required as to whether the wording +of the conditions is acceptable in terms of conditions being requested vs. +demanded and whether the spirit of the conditions is compatible with +goals of the SecBSD project. +

+
Public Domain

+While material that is truly entered into the "public domain" can be +included in SecBSD, review is required on a case by case basis. +Frequently the "public domain" assertion is made by someone who does +not really hold all rights under copyright law to grant that status or +there are a variety of conditions imposed on use. For a work to be +truly in the "public domain" all rights are abandoned and the material +is offered without restrictions. +

+

+In some jurisdictions, it is doubtful whether voluntarily placing +one's own work into the public domain is legally possible. +For that reason, to make any substantial body of code free, +it is preferable to state the copyright and put it under an ISC +or BSD license instead of attempting to release it into the public +domain. +

+
+
+ + diff --git a/screenshots.html b/screenshots.html new file mode 100644 index 0000000..91f2555 --- /dev/null +++ b/screenshots.html @@ -0,0 +1,60 @@ + + + + + SecBSD Screenshots + + + + + + + +
+ +
+
+ + Screenshots
+
+
+
+

+ + SecBSD xfce +

+
+

+ + SecBSD mate +

+
+

+ + SecBSD cwm +

+
+
+
+ + diff --git a/secbsd.css b/secbsd.css new file mode 100644 index 0000000..d4f8a96 --- /dev/null +++ b/secbsd.css @@ -0,0 +1,418 @@ +@font-face { + font-family: 'Spleen'; + src: url('spleen.otf') format('opentype'); +} + +body { + background: url(img/bg.png) no-repeat fixed black; + color: #97fd00; + display: flex; + flex-direction: column; + font-family: 'Spleen'; + font-size: 1em; + margin: 0; + padding: 0; +} + +/* main style */ + +a { + color: #97fd00; + text-decoration: none; +} + +h2 { + color: #97fd00; + display: block; + font-weight: bold; + margin: 0.67em; +} + +h3 { + color: #5852fb; + display: block; + margin: 0.67em; +} + +.green { + color: #97fd00; +} + +.purple { + color: #5852fb; +} + +.year { + font-size: 4em; + margin: 0; + padding: 0; + text-align: center; +} + +.title { + display: block; + font-weight: bold; + margin: 2.5em 0 0 2.5em; +} + +.subtitle { + color: #5852fb; + display: block; + font-weight: bold; + margin: 0 0 0 2.5em; +} + +/* box */ + +.box { + background-color: black; + margin: 10px auto; + opacity: 0.9; + padding: 0.5em; + width: 800px; +} + +.team { + margin: 10px auto; + padding: 0.5em; +} + +/* txt section */ + +.txt { + height: auto; + left: 100px; + position: relative; + top: -20px; + width: 600px; +} + +/* navigation */ + +nav { + background: none; + display: flex; + flex-wrap: wrap; + justify-content: space-between; +} + +nav ul { + align-items: center; + background: none; + display: flex; + list-style: none; + padding: 0 15em 0 0; +} + +nav .active { + color: #5852fb; +} + +/* arthome */ + +.arthome img { + position: absolute; + right: 0; + top: 0; + width: 93%; + z-index: -8; +} + +/* team */ + +.item { + align-items: center; + display: flex; + flex-direction: column; + justify-content: center; +} + +.artwork img { + max-width: 100%; + height: auto; +} + +.row { + margin-bottom: 1.5rem; +} + +/* logo */ + +nav div:first-child { + margin: 0 0; + padding: 1rem; + text-align: center; +} + +nav div:first-child img { + height: 40px; +} + +nav ul li { + border-bottom: none; + flex: 1 0 auto; + position: relative; +} + +nav ul li a { + color: #97fd00; + display: block; + letter-spacing: 0.31em; + line-height: 1; + padding: 0.8rem 1rem; + text-decoration: none; + text-transform: uppercase; +} + +ul.list { + list-style: none; +} + +ul.list li::before { + content: "\2023"; + color: #5852fb; + display: inline-block; + width: 1em; + margin-left: -1em; +} + +/* welcome */ + +.welcome { + border-radius: 20px; + left: 100px; + line-height: 1.2; + position: absolute; + top: 100px; + width: 560px; +} + +/* docs */ + +.docs { + left: 550px; + top: 100px; +} + +code { + white-space: nowrap; +} + +dt { + float: left; + margin-left: 40px; +} + +dd { + margin: 0 0 0 10em; +} + +.cmdbox { + border: 1px solid #97fd00; + color: #97fd00; + overflow: auto; + padding: 10px; +} + +/* roadmap */ + +.roadmap { + border: 2px solid #97fd00; + width: 1400px; +} + +.roadmaptxt { + height: auto; + left: 150px; + position: relative; + top: -20px; + width: 1000px; +} + +.tables { + margin: 1.5em; + position: relative; + top: -50px; +} + +hr { + border: 2px solid #97fd00; + margin: 35px 0 35px 0; +} + +table { + border-collapse: collapse; + margin: 0; + padding: 0; + width: 100%; +} + +table caption { + color: #97fd00; + font-size: 1.5em; + margin: 0.5em 0 0.75em; +} + +table tr { + padding: 0.35em; +} + +table th, +table td { + padding: 0.625em; + text-align: left; +} + +table th { + border: 1px solid #97fd00; + border-left: transparent; + border-top-color: transparent; + font-size: 0.85em; + letter-spacing: 0.1em; +} + +thead, +tfoot { + color: #97fd00; +} + +/* footer */ + +.footer { + bottom: 20px; + left: 70px; + position: absolute; +} + +/* contact */ + +.contact li { + align-items: center; + display: inline-block; + list-style-type: none; + margin-right: 15px; +} + +/* mobile devices */ + +@media only screen and (max-width: 30em) { + nav { + flex-direction: column; + } + + nav div:first-child { + justify-content: center; + line-height: 0; + text-align: center; + } + + nav ul { + background: none; + flex-direction: column; + list-style: none; + padding: 0; + } + + nav ul li a { + display: block; + line-height: 1; + padding: 0.8rem 1rem; + text-decoration: none; + } + + /* box */ + + .box { + width: 380px; + } + + /* txt section */ + + .txt { + height: auto; + left: 0; + top: 20px; + width: auto; + } + + /* welcome */ + + .welcome { + left: 10px; + top: 550px; + } + + .arthome img { + display: none; + } + + /* roadmap */ + + .roadmap { + width: auto; + } + + .roadmaptxt { + left: 15px; + top: 15px; + width: auto; + } + + /* roadmap tables */ + + table { + border: 0; + } + + table caption { + font-size: 1.3em; + } + + table thead { + border: none; + clip: rect(0 0 0 0); + height: 1px; + margin: -1px; + overflow: hidden; + padding: 0; + position: absolute; + width: 1px; + } + + table tr { + display: block; + margin-bottom: 0.625em; + } + + table td { + display: block; + font-size: 0.8em; + text-align: right; + } + + table td::before { + content: attr(data-label); + float: left; + font-weight: bold; + } + + table td:last-child { + border-bottom: 0; + } + + /* team */ + + .team { + width: 380px; + } + + .team img { + width: 100%; + } + + /* footer */ + + .footer { + display: none; + } +} diff --git a/spleen.otf b/spleen.otf new file mode 100644 index 0000000..d600e98 Binary files /dev/null and b/spleen.otf differ diff --git a/sponsors.html b/sponsors.html new file mode 100644 index 0000000..49db415 --- /dev/null +++ b/sponsors.html @@ -0,0 +1,63 @@ + + + + + SecBSD Sponsors + + + + + + +
+ +
+
+
SPON
+
SORS
+
+ + Why need sponsors? +
+

SecBSD is developed entirely by volunteers. The project development + environment and upcoming hackathons will be funded through contributions from + sponsors, people and organizations who wants help us.
+
The contributions ensure that SecBSD is a free and open operating system. +

+

The following is a list of people and organizations who + contributed direct to SecBSD. +

+
    +
  • OpenBSD Amsterdam
    • +
  • LAYLO
    • +
  • Mischa Peters
    • +
  • Jeroen Janssen.
    • +
  • 0xdeadbea7.
    • +
  • Brian Martin.
    • +
  • Philip Jocks.
    • +
  • William Knowles.
    • +
  • Trevot Pott.
    • +
  • Rudi Coetzee.
    • +
  • Marius Ciepluch.
    • +
  • Eddie Vega.
    • +
  • Charles Shirer.
    • +
  • 0xdarkpadr3.
    • +
  • Twosevenzero.
    • +
+
+
+
+ + diff --git a/team.html b/team.html new file mode 100644 index 0000000..0821c77 --- /dev/null +++ b/team.html @@ -0,0 +1,62 @@ + + + + + SecBSD Team + + + + + + +
+ +
+
+
+
+

+ SecBSD Core Team +

+
+

+ Purple Rain +

+
+

+ Banshee +

+
+

+ H3artbl33d +

+
+

+ BSDbandit +

+
+

+ 0xdarkpadr3 +

+
+

+ 0xdeadbea7 +

+
+
+ +