Siosm's blog

Some thoughts about security, Arch Linux, KDE, music...

Repositories

Warning

Those packages are distributed in the hope that they will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

I did not make those softwares and I do not own any copyright related to them. If you think I’m infringing some laws/copyright, please contact me (tim@siosm.fr) and I will remove the package.

Repository content

Most of the packages available are simply PKGBUILD coming from the AUR with some minor tweaks, and some of them are hacking/security related tools:

  • siosm-aur: packages comming from the Arch User Repository with minor fixes;
  • siosm-selinux: SELinux packages comming from the AUR with minor fixes too;
  • arch-hardened: Hardened core packages for the Arch Linux Hardened project. See the Arch Hardened section.

If you find an outdated package in this repo, please send a mail to tim@siosm.fr with the following object: [repo] <package_name> is outdated. I will update it as soon as I can.

I provide only x86_64bit packages as I only use this arch and i686 security stuff doesn’t make sense anyway (You should use i686 only if your processor is too old and can’t handle 64bits). If you don’t understand why i686 is not ok anymore, have a look at bruteforce attacks, ASLR…

Configuration

Add those lines at the end of pacman configuration file /etc/pacman.conf:

1
2
3
4
5
6
7
8
9

[siosm-aur]
Server = http://repo.siosm.fr/$repo/

[siosm-selinux]
Server = http://repo.siosm.fr/$repo/

# Empty, coming soon!
#[arch-hardened]
#Server = http://repo.siosm.fr/$repo/

GPG key/signature

All my packages are signed with my GPG key. To import the key, run those commands as root :

1
2

pacman-key --add siosm_gpg.pub
pacman-key --edit-key siosm

Use lsign, trust and save. Check this Arch Wiki page or this blog post by Jason Ryan for more information.

PKGBUILD and source files for other projects

A git repository (and the cgit web interface) hosting the PKGBUILD files is available at git.siosm.fr. You can retrieve them using one of those commands:

1
2
3

git clone git://git.siosm.fr/<repo-name>
git clone http://git.siosm.fr/<repo-name>
git clone https://git.siosm.fr/<repo-name>

Why should you trust me?

Short answer: YOU SHOULD NOT.

Long answer: You can and should check everything by yourself, and then decide if I may be worthy of your trust. Here is how you should proceed:

  • Check and download the PKGBUILD corresponding to the package you want to use;
  • Build them by yourself (see the Arch Wiki if you run into troubles);
  • Compare the sha256sum of the content in your package against mine. If it does not match, please send me a mail, there might have been a new version of gcc/glibc available since I last build the package (I don’t yet rebuild all of my packages for each new version of gcc).