entrusted-0.3.1

The main objective is to start generating all releases artifacts from the GitHub infrastructure going forward.

Overall changes

• Security
  • Implement gVisor as container security platform on the Live CD
• Enhancements
  • Web User Interface: Add tabs to mimic more closely the Desktop interface appearance
  • Desktop User Interface: Add hyperlinks for opening directly PDF results
• Maintenance
  • Update from Debian Bullseye to Debian Bookworm (Live CD and sandbox container image)
  • On Mac OS, only support Docker Desktop as container solution to avoid Apple sandbox issues
  • Trim the Live CD image size by roughly 12% (~800 MB to ~700 MB)
    • Boot manager: Use only Grub as boot manager for both UEFI and BIOS (removal of SysLinux)
    • SSH server: Replace OpenSSH with DropBear
    • Container solution: Replace the default Debian Podman version with podman-static
    • Linux kernel: Compile custom kernel (6.1.42) for removing non-essential modules
  • Address potential conversion crashes with the Live CD (disable Hardened malloc CPU optimizations)
  • Build and releases via GitHub Actions
    • Integrate local shell scripts with GitHub Actions workflows
    • Generate all release artifacts from GitHub (on-demand), instead of from a local virtual machine
    • Publish the "container sandbox" image to Docker Hub (on-demand)
    • Scan for container vulnerabilities in the sandbox container image (on-demand)
    • Run minimal functional test (on-demand)
  • Prepare basic technical underpinnings for allowing other "sandboxing" mechanisms in the future

General notes

• The installers or binaries are not signed for Mac OS or Windows, please ignore any warnings
• On Linux, the graphical interface is an AppImage artifact: it requires Fuse to run
• For the Live CD ISO image, you need at least 1 GB of RAM