Operating System for Private and Anonymous Computation Clusters
The DECODE operating system is a brand new GNU+Linux distribution designed to run on servers, embedded computers and virtual machines to automatically connect micro-services to a private and anonymous peer-to-peer network cluster.
Features | Components |
---|---|
Wide compatibility with industry standards | GNU + Linux minimal base |
Anonimity and privacy by design | Tor hidden service family |
Very secure, restricted environment | grsec community fork |
Customisable to run different applications | Devuan GNU+Linux SDK |
Pluggable consensus algorithm | Redis based consensus broker |
Read-only and authenticated system | SquashFS + overlayfs + Btrfs |
Integrated updating mechanism | Roundshot initramfs |
Low power consumption, outdoor usage | Ports to embedded ARM boards |
Extensible platform support | Includes latest JDK, Golang, Python etc. |
Minimal resource consumption | Online with less than 64MB of RAM |
For stable releases see files.dyne.org/decode
For more information see the DECODE project
In particular, the following publications:
- Privacy Design Strategies for the DECODE Architecture
- Decode OS first release
- DECODE OS Software Development Kit (soon to be superseeded by the upcoming Devuan’s Developer Manual)
Usage instructions
DECODE OS comes in a variety of flavors:
- for ARM based boxes (embedded)
- for virtual machines (cloud)
- live desktop (boot from usb)
Running systems provide a dashboard by connecting using a browser using HTTP on port 19999.
The default username is decode
with password decode
The default root
password is toor
.
Get in touch!
Developers of the Dyne.org foundation are available to support customisations and adaptations of this operating system for particular purposes in line with the foundation’s goals.
You are welcome to contact us:
- #devuan-dev on freenode IRC (public, logged IPs)
- #dyne on irc.dyne.org (public and private, no IPs logged)
- E-mail info@dyne.org
This project is a work in progress proceeding along a clear roadmap agreed for the DECODE project. The DECODE OS stable release is planned for 1st quarter 2019.
This project is receiving funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement nr. 732546.
Build from source
The following instructions illustrate how one can build DECODE OS from scratch, eventually adding software to it. This section is a work in progress.
Building can be done from any GNU+Linux distribution, it entails bootstrapping a new Devuan base and then customising it via its SDK using a “blend”, root access is needed in order to operate in chroot
and in KVM accellerated qemu
.
More information on this process is provided by the “Devuan’s Developers Manual”, here is an outline on the steps to be taken.
System requirements
A GNU/Linux system is required in order to build DECODE OS.
Here a list of package dependencies:
zsh sudo cgpt xz-utils qemu qemu-utils
To clone this repository:
git clone https://github.com/DECODEproject/os-build-system --recursive
To update the repository:
git pull origin master && git submodule update --init --recursive --checkout
Building for ARM targets
cd arm-sdk # (or vm-sdk or live-sdk depending from your target)
source sdk
load devuan sunxi decode # (specific to the arm-sdk)
bootstrap_complete_base
Building for VM targets
To enter the build console just run ./console.sh
.
To build a vagrant virtual machine, run build_vagrant_dist
.
To build a live iso image, run build_iso_dist
.
To build an ARM installer image, run build_image_dist
.
Here below the sequences of build steps executed by each target:
build_image_dist() {
bootstrap_complete_base
blend_preinst
image_prepare_raw
image_partition_raw_${parted_type}
build_kernel_${arch}
blend_postinst
rsync_to_raw_image
image_pack_dist
}
build_iso_dist() {
bootstrap_complete_base
blend_preinst
iso_prepare_strap
build_kernel_${arch}
iso_setup_isolinux
iso_write_isolinux_cfg
blend_postinst
fill_apt_cache
iso_squash_strap
iso_xorriso_build
}
build_vagrant_dist() {
image_${imageformat}_as_strapdir
bootstrap_complete_base
vm_inject_overrides
blend_preinst
vm_setup_grub
blend_postinst
vm_umount_${imageformat}
vm_vbox_setup
vm_vagrant_package
vm_pack_dist
}
The build_vagrant_dist
target is a helper that executes a sequence of steps, some of them common to other helpers (hence combinable). Here below the full list of build steps executed by build_vagrant_dist
The bootstrap_complete_base
step creates a base system tarball that can be reused by any target, it is found inside *_sdk/tmp
for each sdk and to save time and computation it can be copied in place for each sdk if the base system doesn’t differ.
Acknowledgments
DECODE OS is Copyright (c) 2017-2018 by the Dyne.org Foundation
DECODE OS and its core components are designed, written and maintained by Denis Roio and Ivan J.
Devuan is a registered trademark of the Dyne.org foundation.
The Devuan SDK used to build the DECODE OS was originally conceived during a period of residency at the Schumacher college in Dartington, UK. Greatly inspired by the laborious and mindful atmosphere of its wonderful premises.
Devuan SDK components are designed, written and maintained by Denis Roio, Enzo Nicosia and Ivan J.
This source code is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this source code. If not, see http://www.gnu.org/licenses/.