{"id":21531501,"url":"https://github.com/aguslr/bluerock","last_synced_at":"2025-09-01T07:32:54.117Z","repository":{"id":182855268,"uuid":"668846773","full_name":"aguslr/bluerock","owner":"aguslr","description":"A Fedora Silverblue image that has been hardened for extra security","archived":false,"fork":false,"pushed_at":"2025-03-27T23:33:50.000Z","size":99,"stargazers_count":4,"open_issues_count":2,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-06-18T11:52:15.279Z","etag":null,"topics":["fedora","fedora-silverblue","oci","ostree","security"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aguslr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-07-20T18:17:24.000Z","updated_at":"2025-03-27T23:33:53.000Z","dependencies_parsed_at":"2024-04-03T20:27:30.724Z","dependency_job_id":"836ee501-ff17-489b-9cd3-a8c3213cc77a","html_url":"https://github.com/aguslr/bluerock","commit_stats":null,"previous_names":["aguslr/bluerock"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aguslr/bluerock","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aguslr%2Fbluerock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aguslr%2Fbluerock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aguslr%2Fbluerock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aguslr%2Fbluerock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aguslr","download_url":"https://codeload.github.com/aguslr/bluerock/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aguslr%2Fbluerock/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273088753,"owners_count":25043556,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-01T02:00:09.058Z","response_time":120,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fedora","fedora-silverblue","oci","ostree","security"],"created_at":"2024-11-24T02:14:35.173Z","updated_at":"2025-09-01T07:32:54.017Z","avatar_url":"https://github.com/aguslr.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"[BlueRock][1]\n=============\n\n[![build-image](https://github.com/aguslr/bluerock/actions/workflows/build.yml/badge.svg)](https://github.com/aguslr/bluerock/actions/workflows/build.yml)\n\nA Fedora Silverblue image that has been hardened for extra security.\n\nUsage\n-----\n\n1. Rebase to an unsigned image to get proper signing keys:\n\n       rpm-ostree rebase -r ostree-unverified-registry:ghcr.io/aguslr/bluerock:stable\n\n2. Rebase to a signed image to finish the installation:\n\n       rpm-ostree rebase -r ostree-image-signed:docker://ghcr.io/aguslr/bluerock:stable\n\nAlternatively, an [ISO file for offline installation][5] can be generated with\nthe following command:\n\n    sudo podman run --rm --privileged \\\n        --volume .:/build-container-installer/build \\\n        --security-opt label=disable --pull=newer \\\n        ghcr.io/jasonn3/build-container-installer:latest \\\n        IMAGE_REPO=\"ghcr.io/aguslr\" \\\n        IMAGE_NAME=\"bluerock\" \\\n        IMAGE_TAG=\"latest\" \\\n        VARIANT=\"Silverblue\"\n\nFeatures\n--------\n\n- Start with a custom Fedora Silverblue image.\n- Set automatic updates for the system.\n- Set automatic updates for Flatpaks.\n- Set automatic updates for [Homebrew][6].\n- Set automatic updates for [Nix][7].\n- Set additional kernel boot parameters.\n- Set additional kernel runtime parameters.\n- Blacklist rarely used kernel modules.\n- Install Chromium.\n- Allow only verified Flathub apps.\n\nVerification\n------------\n\nThese images are signed with Sisgstore's [Cosign][4]. You can verify the\nsignature by downloading the `cosign.pub` key from this repo and running the\nfollowing command:\n\n    cosign verify --key cosign.pub ghcr.io/aguslr/bluerock\n\nReferences\n----------\n\n- [Linux Hardening Guide | Madaidan's Insecurities][2]\n- [Security - ArchWiki][3]\n\n\n[1]: https://github.com/aguslr/bluerock\n[2]: https://madaidans-insecurities.github.io/guides/linux-hardening.html\n[3]: https://wiki.archlinux.org/title/Security\n[4]: https://docs.sigstore.dev/cosign/overview/\n[5]: https://blue-build.org/learn/universal-blue/#fresh-install-from-an-iso\n[6]: https://brew.sh/\n[7]: https://nixos.org/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faguslr%2Fbluerock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faguslr%2Fbluerock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faguslr%2Fbluerock/lists"}