entrusted-0.3.1
The main objective is to start generating all releases artifacts from the GitHub infrastructure going forward.
Overall changes
- Security
- Implement gVisor as container security platform on the Live CD
- Enhancements
- Web User Interface: Add tabs to mimic more closely the Desktop interface appearance
- Desktop User Interface: Add hyperlinks for opening directly PDF results
- Maintenance
- Update from Debian Bullseye to Debian Bookworm (Live CD and sandbox container image)
- On Mac OS, only support Docker Desktop as container solution to avoid Apple sandbox issues
- Trim the Live CD image size by roughly 12% (
~800 MB
to~700 MB
)- Boot manager: Use only Grub as boot manager for both
UEFI
andBIOS
(removal of SysLinux) - SSH server: Replace OpenSSH with DropBear
- Container solution: Replace the default Debian Podman version with podman-static
- Linux kernel: Compile custom kernel (
6.1.42
) for removing non-essential modules
- Boot manager: Use only Grub as boot manager for both
- Address potential conversion crashes with the Live CD (disable Hardened malloc CPU optimizations)
- Build and releases via GitHub Actions
- Integrate local shell scripts with GitHub Actions workflows
- Generate all release artifacts from GitHub (on-demand), instead of from a local virtual machine
- Publish the "container sandbox" image to Docker Hub (on-demand)
- Scan for container vulnerabilities in the sandbox container image (on-demand)
- Run minimal functional test (on-demand)
- Prepare basic technical underpinnings for allowing other "sandboxing" mechanisms in the future