{"id":19680007,"url":"https://github.com/charles25565/netherite","last_synced_at":"2025-04-29T04:30:58.741Z","repository":{"id":258640635,"uuid":"873906913","full_name":"charles25565/netherite","owner":"charles25565","description":"Secure bootc-based OS","archived":true,"fork":false,"pushed_at":"2024-12-04T19:33:23.000Z","size":135,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-14T20:40:00.938Z","etag":null,"topics":["almalinux","bootc","chromium","chrony","epel","grapheneos","hardened-malloc","kickstart","linux","openscap","podman","privacy","redhat","scap","security"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"0bsd","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/charles25565.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-16T23:36:05.000Z","updated_at":"2025-02-12T01:31:10.000Z","dependencies_parsed_at":"2025-03-14T20:40:18.756Z","dependency_job_id":"4d62e608-3e64-47a6-804d-3f3fa0762cfb","html_url":"https://github.com/charles25565/netherite","commit_stats":null,"previous_names":["charles8191/netherite","charles25565/netherite"],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/charles25565%2Fnetherite","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/charles25565%2Fnetherite/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/charles25565%2Fnetherite/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/charles25565%2Fnetherite/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/charles25565","download_url":"https://codeload.github.com/charles25565/netherite/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251432662,"owners_count":21588623,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["almalinux","bootc","chromium","chrony","epel","grapheneos","hardened-malloc","kickstart","linux","openscap","podman","privacy","redhat","scap","security"],"created_at":"2024-11-11T18:01:40.415Z","updated_at":"2025-04-29T04:30:58.736Z","avatar_url":"https://github.com/charles25565.png","language":"Dockerfile","readme":"# :pick: Netherite\n\nNetherite is a secure \u0026 private operating system based on [Calcite](https://github.com/charles8191/calcite), an AlmaLinux-based immutable OS. It fills the gap for a secure, private, user-data-persistent, secure boot-capable, desktop OS.\n\n\u003e [!IMPORTANT]\n\u003e We have changed to AlmaLinux, please reinstall.\n\n\u003e [!WARNING]\n\u003e Setting up an internet connection is mandatory, otherwise installation will fail. If you can't set up an internet connection, do not install this software.\n\n## Features\n\n- [hardened_malloc](https://github.com/GrapheneOS/hardened_malloc) using [weekly binaries](https://github.com/charles8191/hardened_malloc)\n- Some remediations from ANSSI-BP-028 Minimal\n- Replace Firefox with Chromium, [and some policies/extensions to make it more secure/private](browser.json)\n- [Custom chrony config (time.grapheneos.org)](chrony.conf)\n- [Custom kernel tunables](tunables.conf)\n- Modified `os-release` file\n- [Enhanced NetworkManager privacy](net-privacy.conf)\n- Count Me disabled\n- usbguard installed (but not enabled)\n\n## Installation\n\nYou can use the [ISO](https://github.com/charles8191/netherite/releases/latest/download/9.iso) (highly recommended), or use `bootc switch` if you are using Calcite or just plain AlmaLinux bootc:\n\n```bash\nbootc switch ghcr.io/charles8191/netherite/9\n```\n\n## FAQ\n\n### Why not use secureblue?\n\nI prefer RHEL-based distros over Fedora and secureblue doesn't support bootc yet either.\n\n### Why the name?\n\nThe name is a really hard material in the video game _Minecraft_, further suggesting that this is a hardened Linux distribution.\n\n### What device do you recommend for security?\n\nA device with Windows 11 from the factory is a good baseline. Secure Boot doesn't need to be disabled. Adding a BIOS password is recommended.\n\nAdvanced users can install [Mosby](https://github.com/pbatard/Mosby) (updates the certificates, and can generate one and add it automatically) using the UEFI shell, which goes hand-in-hand with Netherite.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcharles25565%2Fnetherite","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcharles25565%2Fnetherite","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcharles25565%2Fnetherite/lists"}