Void is a general purpose operating system, based on the monolithic Linux® kernel. Its package system allows you to quickly install, update and remove software; software is provided in binary packages or can be built directly from sources with the help of the XBPS source packages collection.
It is available for the Intel x86®, ARM® and MIPS® processor architectures; Software packages can be built natively or cross compiling through the XBPS source packages collection.
Void Linux is an independent distribution, developed entirely by volunteers.
Unlike trillions of other existing distros, Void is not a modification of an existing distribution. Void's package manager and build system have been written from scratch.
Install once, update daily. Your system will always be up-to-date.
Thanks to our continuous build system, new software is built into binary packages as soon as the changes are pushed to the void-packages repository.
We were the first distribution to switch to LibreSSL by default, replacing OpenSSL.
xbps is the native system package manager, written from scratch with a 2-clause BSD license.
xbps allows you to quickly install/update/remove software in your system and features detection of incompatible shared libraries and dependencies while updating or removing packages (among others). See the usage page for a brief introduction.
xbps-src is the xbps package builder, written from scratch with a 2-clause BSD license.
This builds the software in containers through the use of Linux namespaces, providing isolation of processes and bind mounts (among others). No root required!
Additionally xbps-src can build natively or cross compile for the target machine, and supports multiple C libraries (glibc and musl currently).
If you stay up late working on packages and system security patches, you may notice after a while your eyes start to hurt. This is likely due to too much blue light at night, which studies have shown can cause eye strain. While glasses and monitors that can filter this light out are one solution, you can also adjust values in software to account for this blue light at night.
Doing this by hand is obviously tedious, so there’s an excellent software package called “redshift” which does this adjustment for you.
Once installed from the repos (
xbps-install redshift) create a file
like so that configures it:
[redshift] temp-day=5700 temp-night=3200 gamma=0.8 location-provider=manual elevation-high=24.69 [manual] lat=39.109489 lon=-76.772980
This file should be in ~/.config/redshift.conf
The fields are pretty self explanatory, with the exception of elevation-high which is the solar elevation in degrees before its considered to be daytime. All temperatures are provided in Kelvin, and the wikipedia page on color temperature has a nice chart showing different values against the common sources of light that produce them.
From here, just start redshift with your session (
you have an environment that can autostart
.desktop files) to enjoy
color filtered light at night!
One very important aspect of our work, until a fully passwordless future can be
upon us, is password management. Some people choose to use tools like LastPass,
or other online password management schemes. But what do you do if you are
really paranoid? Enter,
pass, and it’s written-in-go companion with more
We can start our journey with the help of a wizard.
[nakasone@gibson ~]$ gopass It seems you are new to gopass. Do you want to run the onboarding wizard? [Y/n/q]: [init] No useable crypto keys. Generating new key pair [init] [crypto] Key generation may take up to a few minutes [init] [crypto] Creating key pair ... [init] [crypto] WARNING: We are about to generate some GPG keys. [init] [crypto] However, the GPG program can sometimes lock up, displaying the following: "We need to generate a lot of random bytes." If this happens, please see the following tips: https://github.com/gopasspw/gopass/blob/master/docs/entropy.md Continue? [Y/n/q]: gpg (GnuPG) 2.2.11; Copyright (C) 2018 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Note: Use "gpg2 --full-generate-key" for a full featured key generation dialog. GnuPG needs to construct a user ID to identify your key. Real name: John Smith Email address: John.Smith@example.com You selected this USER-ID: "John Smith <John.Smith@example.com>" Change (N)ame, (E)mail, or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: key F90F4F27E8F3BCBE marked as ultimately trusted gpg: directory '/home/nakasone/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/home/nakasone/.gnupg/openpgp-revocs.d/1D9F3C091EB8211439B9F80BF90F4F27E8F3BCBE.rev' public and secret key created and signed. pub rsa2048 2018-12-11 [SC] [expires: 2020-12-10] 1D9F3C091EB8211439B9F80BF90F4F27E8F3BCBE uid John Smith <John.Smith@example.com> sub rsa2048 2018-12-11 [E] [expires: 2020-12-10] -> OK Error: failed to run onboarding wizard: failed to create new private key: failed to create a useable key pair [nakasone@gibson ~]$
Well, that was weird. But I can do this, let’s try again.
[nakasone@gibson ~]$ gopass init [init] Initializing a new password store ... Please select a private key for encrypting secrets:  gpg - 0x6EB42A8FCB19121B - John Smith <John.Smith@example.com> Please enter the number of a key (0-0, [q]uit) : [init] Initializing git repository (gitcli) ... Use John Smith (John.Smith@example.com) for password store git config? [Y/n/q]: [init] Git initialized [init] Password store /home/nakasone/.password-store initialized for: [init] 0x6EB42A8FCB19121B - John Smith <John.Smith@example.com> [nakasone@gibson ~]$
Now that we have a password store, let’s look at this.
[nakasone@gibson ~]$ gopass gopass
Anti-climactic to be sure, but let’s try using it a bit. We have a front gate, let’s put in my code.
[nakasone@gibson ~]$ gopass insert front-gate Enter password for front-gate: Retype password for front-gate: Warning: Password is too short
Well, duh, I’ve been telling the guards that 1234 is not a reasonable code! But we have a back gate too.
[nakasone@gibson ~]$ gopass insert back-gate Enter password for back-gate: Retype password for back-gate: Warning: Password is too short
Yes, it’s not acceptable. Cry me a river.
[nakasone@gibson ~]$ gopass gopass ├── back-gate └── front-gate [nakasone@gibson ~]$ gopass audit Auditing passwords for common flaws ... Checking 2 secrets. This may take some time ... 2 of 2 secrets checked [################################################] 100.00% Detected a shared secret for: - back-gate - front-gate Password is too short: - back-gate - front-gate 2018/12/11 00:16:28 found weak passwords or duplicates [nakasone@gibson ~]$
We need a better gate code. Let’s get one. Security says we can’t have more than 5 characters…
[nakasone@gibson ~]$ gopass generate new-front-gate How long should the password be? : 5 Do you have strict rules to include different character classes? [y/N/q]: [nakasone@gibson ~]$ gopass gopass ├── back-gate ├── front-gate └── new-front-gate [nakasone@gibson ~]$ gopass show new-front-gate nMzke [nakasone@gibson ~]$
Well, that should do. We don’t have any time based logins, so we can’t generate otp or totp or hotp tokens to show you, but that’s what there is.
[nakasone@gibson ~]$ gopass rm back-gate Are you sure you would like to delete back-gate? [y/N/q]: y [nakasone@gibson ~]$ gopass mv new-front-gate front-gate front-gate already exists. Overwrite it? [y/N/q]: y Warning: git has no remote. Ignoring auto-push option Run: gopass git remote add origin ... [nakasone@gibson ~]$ gopass gopass └── front-gate
As you can see, gopass reminds us our password store isn’t backed up. Well, let’s do that really quickly.
[nakasone@gibson ~]$ gopass git remote add origin firstname.lastname@example.org:void-linux/fortress-pws.git [nakasone@gibson ~]$ git sync Sync starting ... [<root>] git pull and push ... All done [nakasone@gibson ~]$
Maybe we can also record some of those useful passwords we have learned.
[nakasone@gibson ~]$ gopass insert github/torvalds Enter password for github/torvalds: Retype password for github/torvalds: [nakasone@gibson ~]$ gopass insert github/bob-beck Enter password for github/bob-beck: Retype password for github/bob-beck: [nakasone@gibson ~]$ gopass gopass ├── github │ ├── bob-beck │ └── torvalds └── front-gate [nakasone@gibson ~]$ gopass sync Sync starting ... [<root>] git pull and push ... All done [nakasone@gibson ~]$
Tada, we have now created some passwords, and syncronized them with a backup! Like all the people with LastPass, our passwords are safe from a destruction of our computer, and protected with the finest gpg has to offer! So fine, in fact, we can push valuable assets to github, and be assured they will not be read. Of course, the names of those assets, and our organization of them, is still publicly visible:
[nakasone@gibson ~]$ find .password-store .password-store/.git/ # snip .password-store/front-gate.gpg .password-store/github/ .password-store/github/jeremy.gpg .password-store/github/torvalds.gpg .password-store/.gpg-id .password-store/.public-keys .password-store/.public-keys/0x6EB42A8FCB19121B
Obviously, it might be best to store usernames on one line, and passwords on the second (you can have multiline secrets in gopass). In such a scheme, the identity of the assets or usernames you hold can be better protected. But all of that can be handled with gopass, on your computer, trusting nobody else, and can be scripted however you please. There are gopass plugins for firefox and chrome, but the author has not had any success with testing those.
gopass: With a little bit more work, you can be paranoid and have a password