diff options
Diffstat (limited to 'content')
-rw-r--r-- | content/post/we-released-a-thing-st-1.0.0.md | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/content/post/we-released-a-thing-st-1.0.0.md b/content/post/we-released-a-thing-st-1.0.0.md new file mode 100644 index 0000000..d4341b3 --- /dev/null +++ b/content/post/we-released-a-thing-st-1.0.0.md @@ -0,0 +1,81 @@ +--- +title: "We released a thing: st-1.0.0" +date: 2024-05-12 +--- +# We released a thing: st-1.0.0 +_Rasmus Dahlberg, 2024-05-12._ + +On Thursday this week, the [System Transparency project][] announced +[st-1.0.0][]. It is a collection of stable, tested, and documented components +the project supports: + + - [stboot][]: a bootloader that boots an operating system such as Debian 12. + One of the main features is network booting while enforcing m-of-n valid + signatures. + - [stprov][]: a provisioning tool that helps operators configure their + platforms for System Transparency booting. For example, a network + configuration and URLs for downloading the operating system can be + provisioned with few keystrokes. + - [stmgr][]: a tool that helps with formatting and signing of various images. + For example, the bootloader can be prepared for writing onto a USB stick. + - [docs][]: documentation meant for users and developers. Here you can find + getting started guides, reference documentation, and other useful content. + +[System Transparency project]: https://www.system-transparency.org/ +[st-1.0.0]: https://lists.system-transparency.org/mailman3/hyperkitty/list/st-announce@lists.system-transparency.org/thread/XAFMM554TUTDAWCCLWFPGTHTJTSWNLCI/ +[stboot]: https://docs.system-transparency.org/st-1.0.0/docs/reference/stboot-system/ +[stprov]: https://docs.system-transparency.org/st-1.0.0/docs/reference/stprov-system/ +[stmgr]: https://docs.system-transparency.org/st-1.0.0/docs/reference/stmgr-manual/ +[operating system package]: https://docs.system-transparency.org/st-1.0.0/docs/reference/os_package/ +[docs]: https://docs.system-transparency.org/st-1.0.0/ + +I'm unreasonably happy to have this release out the door. Not because System +Transparency is now done---it is far from done. I am happy because this makes +it a lot easier for us to iterate forward from a known state. For example, we +are finally in a position where it is possible to be intentional about what is +(not) going to break. What changed in order to make this happen? I'd say three +things: + + 1. The different _interfaces_ that may break on changes have been enumerated + and specified as reference documentation that our components implement. + 2. The test coverage of each component has been increased significantly, both + with unit tests, QEMU, and processes for testing on a Supermicro X11SCL-F. + 3. We committed to have a [semantically versioned][] collection of components + that work together. The [st-1.0.0][] collection is supported for at least + one year. + +[semantically versioned]: https://docs.system-transparency.org/st-1.0.0/docs/releases/collection-release/#semantic-versioning + +This concludes the first priority that Linus Nordberg, Niels Möller, and I set +out to achieve on [January 15, 2024][]. What happens next will probably be +hashed out in [this proposal][] sometime soon. Overall, I'd say the priorities +laid out in January still remain reasonable. The main open question is which +larger features to bring in and when the timing for them is right. Other than +considering the readiness of the various candidate features, we're also +splitting our time with the [Sigsum project][]. So, if we spend more time on +System Transparency we're spending less time on Sigsum. Until July, we're +picking up the pace in Sigsum. + +[January 15, 2024]: https://git.glasklar.is/system-transparency/project/documentation/-/blob/main/archive/2024-01-15-notes-on-near-term-focus.md +[this proposal]: https://git.glasklar.is/system-transparency/project/documentation/-/merge_requests/57 +[Sigsum project]: https://www.sigsum.org/ + +On a personal note, I'd be pretty excited to someday have a bootloader that +enforces transparency logging with Sigsum. I'd also like to experiment with an +immutable build of a reproducible [operating system package][], such that I can +meaningfully monitor exactly what is allowed to boot on my system. I think the +first step for me personally is to get better at the whole immutable builds +thing though. High up on my TODO list is to run System Transparency on +something I care about myself, then gradually making the deployment more +immutable. The good news is there is now a [build guide][] and a stable +[st-1.0.0][] release to start from. + +[build guide]: https://docs.system-transparency.org/st-1.0.0/docs/introduction/build/ +[operating system package]: https://docs.system-transparency.org/st-1.0.0/docs/reference/os_package/ + +Want to discuss System Transparency or the release further? Join the project's +[Matrix room][], which is bridged with `#system-transparency` on [OFTC.net][] +(IRC). + +[Matrix room]: https://matrix.to/#/#system-transparency:matrix.org +[OFTC.net]: https://www.oftc.net/ |