Cleanroom is a way to build immutable Linux distribution images backed by strong cryptography. Any change to the image will be detected.
This is the second iteration written in Rust: The first was written in Python and can be found in the cleanroom repository
Cleanroom is linux only and will not work on any other OS at this time
You will need to have the following binaries on the system you run cleanroom on:
-
The
cleanroomcommand defined in this repository -
/usr/bin/systemd-nspawnto set up containers with -
busyboxas a statically compiled binary as a OS agnostic run environment inside and outside of containers.Binaries can be downloaded from here: https://busybox.net/downloads/binaries/ Most distributions have
busyboxpackages, that work just as well. -
direnvhelps but is not strictly necessary. Without it you will need to source a.envrcfile to configure your shell forcleanroom.
Everything else is done in containers managed or built by cleanroom.
Cleanroom consists of one binary called cleanroom and configuration for the
systems you want to create. Binary builds are available on
Github.
Alternatively you can clone this repository and run
cargo run --release -p cli -- <arguments>
Run cleanroom initialize in an empty directory to get an arch linux based
playground project to experiment with.
cleanroom initialize takes the following arguments for a more tailored
start:
--distributionto use as a base. This defaults toarch--busybox-binarypointing to the busybox binary- the directory to set up camp in (defaults to
.) as its only positional argument
This will set up a playground for you to experiment in:-)
Once cleanroom initialize is done check the generated .envrc file and source
it into your running shell (source .envrc in bash).