To install Obscurix, download the latest iso from here. It is highly recommended to verify the iso to make sure it has not been tampered with. If the iso was verified, it does not matter where it was downloaded from or what connection it was downloaded over as it is signed personally by me.
To verify the iso you will need GPG. Import my public key with:
Verify the fingerprint by running:
It should say:
pub rsa4096 2019-08-30 [SC] [expires: 2020-08-29]
3A04 0937 9893 F1A3 3FBF FFA8 800E B910 E7BA 944F
uid [ultimate] Obscurix <Obscurix@protonmail.ch>
sub rsa4096 2019-08-30 [E] [expires: 2020-08-29]
Now download the signature from here.
Verify the iso by running:
It should say:
gpg: Signature made Fri 03 Jan 2020 23:19:41 UTC
gpg: using RSA key 3A0409379893F1A33FBFFFA8800EB910E7BA944F
gpg: Good signature from "Obscurix >Obscurix@protonmail.ch<" [ultimate]
If it says it is a valid signature then the iso you have downloaded has not been tampered with.
To install Obscurix you will need at least a 4GB USB stick.
To install it on Linux, BSD or MacOS plug in your USB and find the drive name. It will be something like /dev/sdb if on Linux, /dev/ada0 if on BSD and /dev/disk2 if on MacOS.
Now run:
Replace "/dev/sdX" with your USB's drive name. It will now flash the iso to the USB stick.
Not documented yet.
See Usage for information on how to use Obscurix.
Users with high security needs may want to build the iso from source code. This allows them to manually audit the OS before installing. Only advanced users should do this as you can mess something up.
Building the iso requires you to be on an Arch Linux system (if it isn't your host, it can be done in a VM or live USB). Building it on the linux-hardened kernel may not work due to an unfixed bug.
Note: Building the iso needs to be done as root. If it isn't done as root, all files in the iso will be owned by an ordinary user rather than the root user which will break a lot of things.
You will need to install git and archiso from the Arch repositories before building. To do this, run:
Get the source code by running:
Navigate to the Obscurix folder:
This part is optional but highly recommended. Obscurix uses signed commits so you can verify each commit with my GPG key to ensure they were created by me.
Import the signing key by running:
Verify the fingerprint by running:
It should say:
pub rsa4096 2019-08-30 [SC] [expires: 2020-08-29]
3A04 0937 9893 F1A3 3FBF FFA8 800E B910 E7BA 944F
uid [ultimate] Obscurix <Obscurix@protonmail.ch>
sub rsa4096 2019-08-30 [E] [expires: 2020-08-29]
Now check the signature:
It should say:
gpg: Signature made
gpg: using RSA key 3A0409379893F1A33FBFFFA8800EB910E7BA944F
gpg: Good signature from "Obscurix <Obscurix@protonmail.ch>" [ultimate]
If it does not say that then the source code may be corrupted and you should seek help on Github.
If it does say that, you can continue building the iso.
Build the iso by running:
Depending on your system's resources, this can take a long time.
Ommitting the -v flag when building will cause the build script to be less verbose. This is unrecommended as it will hide many errors that would otherwise be useful for debugging if something goes wrong.