Genodepkgs - Extending Nixpkgs/NixOS to Genode

During the 20.03 to 20.09 release period two new platforms were added to Nixpkg, Genode followed by Redox. Both are modern, microkernel-based operating systems designed for security and reliability.

I pleased to announce that NLnet will be funding the developing of support for Genode via the Genodepkgs project. This effort will focus on packaging and configuring Genode native software, building existing packages against the Genode POSIX library, and using Genode as a hypervisor for hosting NixOS guest VMs. The project is planned to run for the remainder of this year.

The goal is basically to build systems using the same methodology as NixOS, but to reduce the attack surface and technical debit of the base system by orders of magnitude.

This project will be limited initially to the realm of building server systems and will not extend to the desktop. If you are interesting in a secure NixOS desktop, then SpectrumOS is the project to contribute to (also funded by NGI0).

For the next month or so I will be focused on the configuration abstractions, so there will not be much visible activity until that is resolved.

For more information on Genode I recommend reading the foundations book, or watching some of the FOSDEM talks.

The NGI Zero Privacy & Trust Enhancing Technologies fund: https://nlnet.nl/PET/
The project repository: https://git.sr.ht/~ehmry/genodepkgs

If you have questions, want to talk about Redox, or need help porting nixpkgs to other exotic OSes, the IRC channel is irc://freenode.net/#nixos-exotic

8 Likes