{"id":13659346,"url":"https://github.com/mesalock-linux/mesalock-distro","last_synced_at":"2026-03-17T23:47:39.499Z","repository":{"id":97068187,"uuid":"112812712","full_name":"mesalock-linux/mesalock-distro","owner":"mesalock-linux","description":"MesaLock Linux: a memory-safe Linux distribution.","archived":false,"fork":false,"pushed_at":"2018-11-12T21:30:00.000Z","size":170,"stargazers_count":372,"open_issues_count":2,"forks_count":35,"subscribers_count":20,"default_branch":"master","last_synced_at":"2024-11-10T13:36:28.634Z","etag":null,"topics":["docker-image","golang","linux","linux-distros","memory-safety","mesalock-linux","rust"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mesalock-linux.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-12-02T04:31:30.000Z","updated_at":"2024-10-07T05:44:31.000Z","dependencies_parsed_at":"2023-03-25T16:09:55.005Z","dependency_job_id":null,"html_url":"https://github.com/mesalock-linux/mesalock-distro","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mesalock-linux%2Fmesalock-distro","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mesalock-linux%2Fmesalock-distro/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mesalock-linux%2Fmesalock-distro/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mesalock-linux%2Fmesalock-distro/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mesalock-linux","download_url":"https://codeload.github.com/mesalock-linux/mesalock-distro/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250643678,"owners_count":21464218,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker-image","golang","linux","linux-distros","memory-safety","mesalock-linux","rust"],"created_at":"2024-08-02T05:01:07.753Z","updated_at":"2026-03-17T23:47:39.454Z","avatar_url":"https://github.com/mesalock-linux.png","language":"Shell","funding_links":[],"categories":["Shell (16)","Shell","Inactive","Uncategorized"],"sub_categories":["Custom","Uncategorized"],"readme":"\u003cp align=\"center\"\u003e\u003cimg src=\"img/logo.png\" height=\"86\" /\u003e\u003c/p\u003e\n\n# MesaLock Linux: A Memory-Safe Linux Distribution\n\n[![GitHub Release](https://img.shields.io/github/release/mesalock-linux/mesalock-distro.svg)](https://github.com/mesalock-linux/mesalock-distro/releases)\n[![Build Status](https://ci.mesalock-linux.org/api/badges/mesalock-linux/mesalock-distro/status.svg?branch=master)](https://ci.mesalock-linux.org/mesalock-linux/mesalock-distro)\n[![Docker Pulls](https://img.shields.io/docker/pulls/mesalocklinux/mesalock-linux.svg)](https://hub.docker.com/r/mesalocklinux/mesalock-linux/)\n[![Chat on Matrix](https://img.shields.io/badge/style-matrix-blue.svg?style=flat\u0026label=chat)](https://riot.im/app/#/room/#mesalock-linux:matrix.org)\n[![IRC: #rocket on chat.freenode.net](https://img.shields.io/badge/style-%23mesalock--linux-blue.svg?style=flat\u0026label=freenode)](https://kiwiirc.com/client/chat.freenode.net/#mesalock-linux)\n\nMesaLock Linux is a general purpose Linux distribution which aims to provide a\n*safe* and *secure* user space environment. To eliminate high-severe\nvulnerabilities caused by memory corruption, the whole user space applications\nare rewritten in *memory-safe* programming languages like Rust and Go.  This\nextremely reduces attack surfaces of an operating system exposed in the wild,\nleaving the remaining attack surfaces auditable and restricted. Therefore,\nMesaLock Linux can substantially improve the security of the Linux ecosystem.\nAdditionally, thanks to the Linux kernel, MesaLock Linux supports a broad\nhardware environment, making it deployable in many places.  Two main usage\nscenarios of MesaLock Linux are for containers and security-sensitive embedded\ndevices. With the growth of the ecosystem, MesaLock Linux would also be adopted\nin the server environment in the future.\n\nTo get better functionality along with strong security guarantees, MesaLock\nLinux follows the following rules-of-thumb for hybrid memory-safe architecture\ndesign proposed by the [Rust SGX SDK](https://github.com/baidu/rust-sgx-sdk)\nproject.\n\n1. Unsafe components must not taint safe components, especially for public APIs\n   and data structures.\n2. Unsafe components should be as small as possible and decoupled from safe\n   components.\n3. Unsafe components should be explicitly marked during deployment and ready to\n   upgrade.\n\n\n## Quick Start\n\nYou can quickly experience MesaLock Linux in the container environment using\nDocker.\n\n```sh\n$ docker run -it mesalocklinux/mesalock-linux\n```\n\n## Building\n\nCurrently, MesaLock Linux is provided in two versions: live ISO and rootfs. The\nlive ISO image can be used to create a bootable live USB, or boot in a virtual\nmachine. The rootfs (i.e., root file system) can be used as a minimal root\nimage for a container.\n\n### Requirements\n\n#### Clone MesaLock repository\n\nClone `mesalock-distro` and `packages` repositories.\n\n```sh\n$ mkdir mesalock-linux \u0026\u0026 cd mesalock-linux\n$ git clone https://github.com/mesalock-linux/mesalock-distro.git\n$ git clone https://github.com/mesalock-linux/packages.git\n$ cd mesalock-distro\n```\n\n#### Build in Docker\n\nWe provide a `Dockerfile` for building MesaLock Linux with all dependencies\ninstalled. You can build the docker image first and then in the\ncontainer build environment you can build packages, live ISO, and rootfs.\n\n```sh\n$ docker build --rm -t mesalocklinux/build-mesalock-linux -f Dockerfile.build .\n$ docker run -v $(dirname $(pwd)):/mesalock-linux -w /mesalock-linux/mesalock-distro \\\n    -it mesalocklinux/build-mesalock-linux /bin/bash\n```\n\nThe image of build environment is also provided from [Docker\nHub](https://hub.docker.com/r/mesalocklinux/build-mesalock-linux/). You can\npull and run the container with the repo name `mesalocklinux/build-mesalock-linux`.\n\n#### Build on Ubuntu\n\nYou can also build on Ubuntu machine. Please install these build dependencies\nfirst:\n\n```sh\n# install packages\n$ apt-get update \u0026\u0026 \\\n  apt-get install -q -y --no-install-recommends \\\n           curl \\\n           git \\\n           build-essential \\\n           cmake \\\n           wget \\\n           bc \\\n           gawk \\\n           parallel \\\n           pigz \\\n           cpio \\\n           xorriso \\\n           fakeroot \\\n           syslinux-utils \\\n           uuid-dev \\\n           libmpc-dev \\\n           libisl-dev \\\n           libz-dev \\\n\t   python-pip \\\n\t   python-setuptools \\\n           software-properties-common\n\n# install build dependencies for pypy\n$ apt-get install -q -y --no-install-recommends \\\n        pypy \\\n        gcc \\\n        make \\\n        libffi-dev \\\n        pkg-config \\\n        zlib1g-dev \\\n        libbz2-dev \\\n        libsqlite3-dev \\\n        libncurses5-dev \\\n        libexpat1-dev \\\n        libssl-dev \\\n        libgdbm-dev \\\n        tk-dev \\\n        libgc-dev \\\n        python-cffi \\\n        liblzma-dev \\\n        libncursesw5-dev\n\n# install wheel and sphinx\n$ pip install wheel\n$ pip install sphinx\n\n# install Go\n$ add-apt-repository -y ppa:gophers/archive \u0026\u0026 \\\n  apt-get update \u0026\u0026 \\\n  apt-get install -q -y --no-install-recommends \\\n           golang-1.9-go\n\n# install Rust\n$ curl https://sh.rustup.rs -sSf | sh -s -- -y\n$ rustup install nightly-2018-05-30 # we need this because some packages still depend on nightly\n$ rustup default 1.27.2\n\n# setup PATH\n$ export PATH=\"$HOME/.cargo/bin:/usr/lib/go-1.9/bin:$PATH\"\n```\n\n### Build packages, live ISO, and rootfs\n\nAfter installing build dependencies, you can run following commands to build\npackages, live ISO, and rootfs.\n\n  - First build all packages: `./mkpkg`\n  - Build the live ISO: `./mesalockiso`\n  - Build the container rootfs: `./mesalockrootfs`\n  - Build a specific package only: `./mkpkg \u003cpackage_name\u003e`\n\nThe live ISO (`mesalock-linux.iso`) and rootfs (`rootfs.tar.xz`) can be found\nin the `build` directory.\n\n## Trying\n\nMesaLock Linux can be run in real devices (e.g., boot from a Live USB), virtual\nmachines, and docker containers.\n\n### Virtual machine\n\nYou can try MesaLock Linux with Live ISO or in a docker container. Here are\nsteps to try MesaLock Linux in VirtualBox.\n\n  1. Open VirtualBox and \"New\" a VM.\n  2. In the VM settings, choose `mesalock-linux.iso` as \"Optical Drive\".\n  3. Start the VM and explore MesaLock Linux.\n\n### Docker container\n\nWe provide a simple `Dockerfile` for MesaLock Linux. Here are steps to try\nMesaLock Linux in a docker container.\n\n  1. Build packages and rootfs: `./mkpkg \u0026\u0026 ./mesalockrootfs`\n  2. Build the docker image: `docker build --rm -t mesalocklinux/mesalock-linux .`\n  3. Run the image and expeience MesaLock Linux: `docker run --rm -it mesalocklinux/mesalock-linux`\n\nThe latest rootfs image with all packages is pushed to [Docker\nHub](https://hub.docker.com/r/mesalocklinux/mesalock-linux/). You can also\ndirectly run the image with the repo name `mesalocklinux/mesalock-linux`.\n\n### Demos\n\n#### Hosting web servers\n\nThe `mesalock-demo` package provides several examples and will be installed\nunder the `/root/mesalock-demo` directory. For instance, we made several web\nserver demos written in [Rocket](https://github.com/SergioBenitez/Rocket/),\nwhich is a web framework written in Rust.  To try these demos in the VM, please\nfollow these instructions.\n\n  1. In the VM settings, select \"NAT\" for network adapter and use port\n     forwarding function in the advanced settings to bind host and guest\n     machines. Here we add a new rule to bind host IP (`127.0.0.1:8080`) with\n     guest IP (`10.0.2.15:8000`).\n  2. Start MesaLock Linux.\n  3. Bring up all network devices. Here we use `ip` command:\n\n    ```\n    $ ip link set lo up\n    $ ip link set eth0 up\n    ```\n\n  4. Setup IP address of the network devices.\n\n    ```\n    $ ip address add 10.0.2.15/24 dev eth0\n    ```\n\n  5. Run a web server.\n\n    ```\n    $ cd /root/mesalock-demo/rocket-hello-world \u0026\u0026 ./hello_world\n    # or\n    $ cd /root/mesalock-demo/rocket-tls \u0026\u0026 ./tls\n    ```\n\n  6. Finally, connect to the web server using a browser. In this example, type\n     in `http://127.0.0.1:8080` in the browser.\n\nYou can also try our demos in the docker image directly.\n\n  1. Run the MesaLock docker and export port 8000 to 8000: `docker run -it -p 8000:8000 mesalocklinux/mesalock-linux`\n  2. Run a web server in the `/root/mesalock-demo/` directory.\n  3. Visit the website in the browser.\n\n#### Working on machine learning tasks\n\n[Rusty-machine](https://github.com/AtheMathmo/rusty-machine) is a general\npurpose machine learning library implemented entirely in Rust. We put several\ndemo examples of machine learning tasks in the `mesalock-demo` package. You can\nfind them in the `/root/mesalock-demo/rusty-machine/` directory.\n\n## Packages\n\nMesaLock Linux provides many packages with memory safety in mind. All user\nspace applications are written in Rust and Go. Thanks to the open source\ncommunity, they have created many useful and high-quality tools. The number of\npackages will increase as the time goes on.\n\n  - `brotli`: compression tool written in Rust ([dropbox/rust-brotli](https://github.com/dropbox/rust-brotli))\n  - `busybox`: busybox tool set for testing only ([busybox](https://busybox.net))\n  - `exa`: replacement for ls written in Rust ([ogham/exa](https://the.exa.website))\n  - `fd-find`: simple, fast and user-friendly alternative to find ([sharkdp/fd](https://github.com/sharkdp/fd))\n  - `filesystem`: base filesystem layout (maintained by MesaLock Linux)\n  - `gcc-libs`: GCC library, only `libgcc_s.so` is used ([gcc](https://gcc.gnu.org/))\n  - `giproute2`: ip tool written in Go (maintained by MesaLock Linux)\n  - `glibc`: the GNU C library ([glibc](https://www.gnu.org/software/libc/))\n  - `init`: init script (maintained by MesaLock Linux)\n  - `ion-shell`: shell written in Rust ([redox-os/ion](https://github.com/redox-os/ion))\n  - `linux`: Linux kernel ([linux](https://www.kernel.org/))\n  - `mesalock-demo`: some demo projects (maintained by MesaLock Linux)\n  - `mgetty`: getty written in Rust (maintained by MesaLock Linux)\n  - `micro`: modern and intuitive terminal-based text editor written in Go ([zyedidia/micro](https://github.com/zyedidia/micro))\n  - `minit`: init written in Rust (maintained by MesaLock Linux)\n  - `ripgrep`: ripgrep combines the usability of The Silver Searcher with the raw\n    speed of grep, written in Rust ([BurntSushi/ripgrep](https://github.com/BurntSushi/ripgrep))\n  - `syslinux`: bootloader ([syslinux](http://www.syslinux.org/wiki/index.php?title=The_Syslinux_Project))\n  - `tokei`: count your code, quickly, in Rust ([Aaronepower/tokei](https://github.com/Aaronepower/tokei))\n  - `tzdata`: timezone data ([tzdata](https://www.iana.org/time-zones))\n  - `uutils-coreutils`: cross-platform Rust rewrite of the GNU coreutils ([uutils/coreutils](https://github.com/uutils/coreutils))\n  - `uutils-findutils`: rust implementation of findutils ([uutils/findutils](https://github.com/uutils/findutils))\n  - `xi-core`: a modern editor with a backend written in Rust ([google/xi-editor](https://github.com/google/xi-editor))\n  - `xi-term`: a terminal frontend for Xi ([xi-frontend/xi-term](https://github.com/xi-frontend/xi-term))\n  - more packages in the [MesaLock Linux Package](https://github.com/mesalock-linux/packages) project\n\n## Contributing\n\nMesaLock Linux is a very young and at an early stage. Some important components\nare still missing or work-in-progress. Building safe and secure Linux distro\nrelies on the whole community, and you are very welcome to contribute to the\nMesaLock Linux project.\n\nYou can get involved in various forms:\n\n  - Try to use MesaLock Linux, report issue, enhancement suggestions, etc\n  - Contribute to MesaLock Linux: optimize development process, improve\n    documents, close issues, etc\n  - Contribute to core packages of MesaLock Linux: improving `minit`, `mgetty`,\n    `giproute2`, etc\n  - Write applications using memory safe programming languages like Rust/Go,\n    and join the the MesaLock Linux packages\n  - Audit source code of the MesaLock Linux projects and related packages\n\nYou are welcome to send pull requests and report issues on GitHub. Note that\nthe MesaLock Linux project follows the [Git\nflow](http://nvie.com/posts/a-successful-git-branching-model/) development\nmodel.\n\n## Community\n\nIf you are interested in the MesaLock Linux project, please find us on the\n`#mesalock-linux` or `#mesalock-linux-cn` (in Chinese) IRC channels at the [freenode\nserver](irc://chat.freenode.net)\nand the bridged room on Matrix. If you're not familiar with IRC, we recommend\nchatting through [Matrix via\nRiot](https://riot.im/app/#/room/#mesalock-linux:matrix.org) or via the [Kiwi\nweb IRC client](https://kiwiirc.com/client/irc.mozilla.org/#mesalock-linux).\n\nList of our IRC channels:\n  - [#mesalock-linux](https://riot.im/app/#/room/#mesalock-linux:matrix.org): general discussion on MesaLock Linux\n  - [#mesalock-linux-cn](https://riot.im/app/#/room/#mesalock-linux-cn:matrix.org): discussion in Chinese\n  - [#medalock-linux-devel](https://riot.im/app/#/room/#mesalock-linux-devel:matrix.org): discussion on design and development\n\n## Maintainer\n\n  - Mingshen Sun `\u003cmssun@mesalock-linux.org\u003e` [@mssun](https://github.com/mssun)\n\n## Steering Committee\n\n  - Tao Wei\n  - Yulong Zhang\n\n## License\n\nMesaLock Linux is provided under the [BSD license](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmesalock-linux%2Fmesalock-distro","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmesalock-linux%2Fmesalock-distro","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmesalock-linux%2Fmesalock-distro/lists"}