Release (V2.0.0)

CHANGELOG.md

@@ -1,3 +1,36 @@
+# [v2.0.0-20240701](https://github.com/iana-org/coen/releases/tag/v2.0.0-20240701) coen-2.0.0-amd64.iso
+
+## Contains
+
+* Release v2.0.0
+* Based on Debian 12.6 bullseye from http://snapshot.debian.org date 20240701
+* EPOCH=1719792000
+* [Key Management Tools: Legacy](https://github.com/iana-org/dnssec-keytools-legacy)
+* [Key Management Tools](https://github.com/iana-org/dnssec-keytools)
+* AEP Keyper PKCS#11 library
+* Thales Luna USB HSM 7 PKCS#11 library and GemEngine
+* Assorted utilities
+* Minimized Xfce Desktop Environment
+
+## Improvements
+
+* Updated [Key Management Tools](https://github.com/iana-org/dnssec-keytools)
+* Changed terminal text and background colors for optimized printouts
+
+### Packages 
+
+* Removed exfat-fuse
+* Replaced exfat-utils with exfatprogs
+
+### Scripts 
+
+* None
+
+### New Features 
+
+* Added GemEngine
+
+
 # [v1.1.0-20230109](https://github.com/iana-org/coen/releases/tag/v1.1.0-20230109) coen-1.1.0-amd64.iso
 
 ## Contains

Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:bullseye-20230109-slim@sha256:1acb06a0c31fb467eb8327ad361f1091ab265e0bf26d452dea45dcb0c0ea5e75
+FROM debian:bookworm-20240701-slim@sha256:f528891ab1aa484bf7233dbcc84f3c806c3e427571d75510a9d74bb5ec535b33
 
 ENV DEBIAN_FRONTEND=noninteractive
 
@@ -10,12 +10,12 @@ COPY variables.sh .
 RUN sha256sum -c SHA256SUMS
 
 RUN . ./variables.sh && \
+    rm -f /etc/apt/sources.list.d/debian.sources && \
     rm -f /etc/apt/sources.list && \
     echo "deb http://snapshot.debian.org/archive/debian/$(date --date "$DATE" '+%Y%m%dT%H%M%SZ') "$DIST" main" >> /etc/apt/sources.list && \
     echo "deb http://snapshot.debian.org/archive/debian/$(date --date "$DATE" '+%Y%m%dT%H%M%SZ') "$DIST"-updates main" >> /etc/apt/sources.list && \
-    echo "deb http://snapshot.debian.org/archive/debian-security/$(date --date "$DATE" '+%Y%m%dT%H%M%SZ') "$DIST"-security main" >> /etc/apt/sources.list && \
-    echo "deb http://snapshot.debian.org/archive/debian/$(date --date "$DATE" '+%Y%m%dT%H%M%SZ') "$DIST_ADD" main" >> /etc/apt/sources.list 
-
+    echo "deb http://snapshot.debian.org/archive/debian-security/$(date --date "$DATE" '+%Y%m%dT%H%M%SZ') "$DIST"-security main" >> /etc/apt/sources.list 
+   
 RUN apt-get update -o Acquire::Check-Valid-Until=false
 
 RUN mkdir -p /var/cache/apt/archives/ && \
@@ -27,6 +27,6 @@ RUN apt-get install -o Acquire::Check-Valid-Until=false --no-install-recommends
     
 RUN rm -rf /var/lib/apt/lists/* \
 	&& localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
-ENV LANG en_US.utf8
+ENV LANG=en_US.utf8
 
 CMD ["/create-iso.sh"]

Makefile

@@ -1,4 +1,4 @@
-RELEASE = 1.1.0
+RELEASE = 2.0.0
 
 .PHONY: usage build podman-build remove podman-remove run podman-run copy podman-copy all podman-all default
 

README.md

@@ -6,7 +6,7 @@ COEN is a live operating system consisting of:
 - [Key Management Tools: Legacy](https://github.com/iana-org/dnssec-keytools-legacy)
 - [Key Management Tools](https://github.com/iana-org/dnssec-keytools) 
 - The AEP Keyper PKCS#11 library
-- The Thales Luna USB HSM 7 PKCS#11 library
+- The Thales Luna USB HSM 7 PKCS#11 library and GemEngine
 - Assorted utilities
 - Minimized Xfce Desktop Environment
 
@@ -82,22 +82,17 @@ If permission errors are encountered executing `make all` or `make podman-all` a
 Final hash result should match with the following:
 
 ```
-SHA-256:    2363d9c484e919b58bd45f413dedaed364712d72b3b7858c0fec5e3c529390d8
-PGP Words:  blowtorch Galveston sugar reproduce mural ultimate bedlamp positive obtuse souvenir eyetooth decadence commence unify robust sociable flytrap hideaway button holiness scallion processor music megaton artist unicorn eyeglass crossover Dupont molasses peachy stupendous
+SHA-256:    4d2d61b982550df637102701e73a14f292d51bf98b823fc9724e0d9a8e91cead
+PGP Words:  dreadful clergyman fallout proximate miser equipment ancient vocalist clamshell autopsy brackish adviser transit corrosion baboon vagabond physique specialist beeswax Waterloo obtuse Istanbul cowbell retrospect highchair distortion ancient newsletter orca miracle spyglass perceptive  
 ```
 
 ## Tested Platforms
 
 Testing has been performed in the following environments:
 
-|          OS          |            Docker            | Podman | SELinux  | AppArmor |
-| :------------------: | :--------------------------: | :----: | :------: | :------: |
-| Debian 11.6 bullseye |    23.0.1, build a5ee5b1     |   -    |    -     | Enabled  |
-|      Arch Linux      |   23.0.1, build a5ee5b1dfc   |   -    |    -     |    -     |
-|      Fedora 37       |    23.0.1, build a5ee5b1     | 4.4.2  | Disabled |    -     |
-|    AlmaLinux 9.1     |    23.0.1, build a5ee5b1     | 4.2.0  | Disabled |    -     |
-|   CentOS 7.9.2009    |    23.0.1, build a5ee5b1     |   -    | Disabled |    -     |
-| macOS Sonoma 14.3.1  |   25.0.3, build 4debf41      |   -    |    -     |    -     |
-| openSUSE Tumbleweed  | 20.10.23-ce, build 6051f1429 |   -    |    -     | Enabled  |
-|      Windows 10      |   20.10.22, build 32ac30b    |   -    |    -     |    -     |
-|  Ubuntu 22.04.2 LTS  |  20.10.17, build 100c70180f  |   -    |    -     | Enabled  |
+|           OS          |            Docker            | Podman | SELinux  | AppArmor |
+| :-------------------: | :--------------------------: | :----: | :------: | :------: |
+|     Debian 12.7       | 20.10.24+dfsg1, build 297e128|   -    |    -     | Enabled  |
+|     Debian 11.11      |    27.3.1, build ce12230     |   -    |    -     | Enabled  |
+|      macOS 14.6.1     |    27.2.0, build 3ab4256     |   -    |    -     |    -     |
+|       RHEL 9.4        |             -                | 4.4.1  | Disabled |    -     |

create-iso.sh

@@ -23,10 +23,10 @@ debuerreotype-chroot $WD/chroot DEBIAN_FRONTEND=noninteractive apt-get -o Acquir
     --no-install-recommends --yes \
     linux-image-$ARCH live-boot systemd-sysv \
     grub-common grub-pc-bin grub-efi-amd64-bin \
-    iproute2 ifupdown pciutils usbutils dosfstools eject exfat-utils \
+    iproute2 ifupdown pciutils usbutils dosfstools eject exfatprogs \
     vim links2 xpdf cups cups-bsd enscript libbsd-dev tree openssl less iputils-ping \
     xserver-xorg-core xserver-xorg xfce4 xfce4-terminal xfce4-panel lightdm system-config-printer \
-    xterm gvfs thunar-volman xfce4-power-manager xfce4-screenshooter ristretto tumbler exfat-fuse unzip locales \
+    xterm gvfs thunar-volman xfce4-power-manager xfce4-screenshooter ristretto tumbler unzip locales \
     xsltproc libxml2-utils \
     libengine-pkcs11-openssl opensc opensc-pkcs11 python3
 debuerreotype-apt-get $WD/chroot --yes --purge autoremove
@@ -156,17 +156,6 @@ chmod 644 $WD/image/live/filesystem.squashfs
 # Setting squashfs folder timestamps to SOURCE_DATE_EPOCH
 find "$WD/image/" -exec touch --no-dereference --date="@$SOURCE_DATE_EPOCH" '{}' +
 
-echo "Calculating SHA-256 HASH of the squashfs"
-SQUASHFSHASH=$(sha256sum < "${WD}"/image/live/filesystem.squashfs)
-  if [ "$SQUASHFSHASH" != "$SQUASHFS_SHASUM" ]
-    then
-      echo "ERROR: SHA-256 hashes do not match. Reproduction of the squashfs failed"
-      echo "Please check the README file, then try again"
-      exit 1
-  else
-      echo "Successfully reproduced squashfs"
-  fi
-
 # Creating the iso
 xorriso -as mkisofs -graft-points -b 'boot/grub/i386-pc/eltorito.img' -no-emul-boot -boot-load-size 4 -boot-info-table --grub2-boot-info --grub2-mbr "$WD/chroot/usr/lib/grub/i386-pc/boot_hybrid.img" --efi-boot 'boot/grub/efi.img' -efi-boot-part --efi-boot-image --protective-msdos-label -o "$ISONAME" -r "$WD/image" --sort-weight 0 '/' --sort-weight 1 '/boot'