Kicksecure 17.2.7.8 - Point Release!

Download

(What is a point release?)


Upgrade

Alternatively, an in-place release upgrade is possible using the Kicksecure repository.


This release would not have been possible without the numerous supporters of Kicksecure!


Please Donate!


Please Contribute!


Major Changes

  • Updated packages
  • BTRFS now available as an option during Kicksecure Calamares ISO Installer
  • Ported to Debian live-build to improve the boot compatibility of Kicksecure ISO
  • Added GRUB bootloader themes
  • Swap-file-creator improvements
  • Progress towards ARM64 support
  • Improved theoretical multiple architecture (untested) for builds from source code
  • Miscellaneous hardening, improvements, maintenance, and fixes

Changelog

  • grub-live:
    • Avoid unnecessary kernel parameters: set dracut-specific kernel parameters only when dracut is detected
    • Avoid unnecessary kernel parameters: set initramfs-tools-specific kernel parameters only when initramfs-tools is detected
  • helper-scripts:
  • kicksecure-base-files:
    • Create GRUB themes for BIOS and UEFI systems (Thanks to @ArrayBolt3!)
  • kicksecure-meta-packages:
  • libvirt-dist:
    • Fixed plist.template compatibility with CLI version (Thanks to Ian C!)
  • live-config-dist:
    • Offer BTRFS as a usable filesystem (Thanks to @ArrayBolt3!)
    • Shrink welcome image and don’t scale it up (Thanks to @ArrayBolt3!)
    • fixconkeys_part1: Only take into account the first loaded keyboard layout (Thanks to @ArrayBolt3!)
  • msgcollector:
    • Permission hardening
  • rads:
    • Fix typo in configuration and variable name: rads_no_swtich_vtrads_no_switch_vt
    • Fix: set rads_minimum_ram to 500
  • sdwdate:
    • Remove unneeded group nopasswd exception from sudoers config (Thanks to @ArrayBolt3!)
    • Tidy up and harden url_to_unixtime, adjust remote_times.py for API change (Thanks to @ArrayBolt3!)
    • Remove non-working onion mirrors (Thanks to @nurmagoz!)
  • security-misc:
  • setup-dist:
    • Renamed: usr/sbin/setup-dist → usr/bin/setup-dist because no longer running as root
  • swap-file-creator:
    • Pass disk size to calculate-swap-size (Thanks to @ArrayBolt3!)
    • No longer consider hibernation by default to have a smaller default swap file because hibernation is not yet compatible with Secure Boot
  • systemcheck:
  • tb-starter:
  • tb-updater:
    • Harden JSON parsing (Thanks to @ArrayBolt3!)
    • Tor Browser ARM64 download: source code now supports OSCP, therefore added --cert-status option to curl
    • Add dependency on libdbus-glib-1-2 to fix error:
  • tirdad:
    • Return random 32-bit numbers in ISN generation routines (Thanks to @ArrayBolt3!)
    • Hardening, refactoring. Use kernel live patching API (Thanks to @ArrayBolt3!)
    • Update for newer kernels (Thanks to Sirus Shahini!)
  • usability-misc:
    • Add /usr/bin/passwordless-root, a tool for root to easily set up passwordless sudo for user user
  • derivative-maker:
    • Implemented --dry-run
    • Fixed --fast 2
    • Improved support for non-amd64 architectures (Thanks to @ArrayBolt3!)
    • Add support for arm64 builds and cross-builds of Kicksecure’s ISO (Thanks to @ArrayBolt3!)
    • Delete no longer needed raw image to save disk space during the build process
    • Add dist_build_version and target_architecture_pretty_name to image names for:
      • ova
      • iso
      • raw xz
      • qcow xz
      • source xz
    • Create /etc/hosts and /etc/hostname for live-build ISO builds (Thanks to @ArrayBolt3!)
    • Use grml-debootstrap upstream version v0.110
    • Use security.debian.org during bootstrapping of the live-build chroot (Thanks to @ArrayBolt3!)
    • Autodetect kernel architecture for ISOs based on build system architecture (Thanks to @ArrayBolt3!)
    • Avoid ISO build crash caused by /home being mounted with nodev (Thanks to @ArrayBolt3!)
    • No longer depend on apt-transport-https because it is a dummy transitional package nowadays
    • Fix boot failure due to misnamed ISO volume (Thanks to @ArrayBolt3!)
    • Adjust for repository-dist systemd config (Thanks to @ArrayBolt3!)
    • CI: Rework build-from-tag and build-from-commit scripts (Thanks to Rob!)
    • Build the Kicksecure ISO with live-build (Thanks to @ArrayBolt3!)
  • developer-meta-files:
    • Save disk space. Delete raw and ova images in ${dist_binary_build_folder} after xz archive has been created.
    • Save disk space. Delete temporary VirtualBox VMs in temporary VM user build folder to save disk space during the build process.
    • Make compatible with hardened JSON parsing code in tb-updater, harden Tor Browser ARM64 JSON parsing (Thanks to @ArrayBolt3!)
    • Add wiki-vbox-version-update script (Thanks to @ArrayBolt3!)

Full Difference of All Changes

View Full Diff

2 Likes