liminix/README.md

# Liminix

Līminis + Nix

* Līminis : Latin, genitive declension of limen. "Of the threshold"
* Nix :  a tool for reproducible and declarative configuration management
* Liminix : a Nix-based system for configuring consumer wifi routers

## What is this?

This is a Nix-based collection of software tailored for domestic wifi
router or IoT device devices, of the kind that OpenWrt or DD-WRT or
Gargoyle or Tomato run on. It's a reboot/restart/rewrite of NixWRT.

This is not NixOS-on-your-router: it's aimed at devices that are
underpowered for the full NixOS experience. It uses busybox tools,
musl instead of GNU libc, and s6-rc instead of systemd.


## Building

These instructions assume you have nixpkgs checked out in a peer
directory of this one.

You need a `configuration.nix` file pointed to by `<liminix-config>`, a
hardware device definition as argument `device`, and to choose an
appropriate output attribute depending on what your device is and how
you plan to install onto it. For example:

    NIX_PATH=nixpkgs=../nixpkgs:$NIX_PATH NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1 nix-build -I liminix-config=./tests/smoke/configuration.nix --arg device "import ./devices/qemu.nix" -A outputs.default

`outputs.default` is intended to do something appropriate for the
device, whatever that is. For the qemu device, it creates a directory
containing a squashfs root image and a kernel, with which you could
then run

    ./run-qemu.sh result/vmlinux result/squashfs


## Running tests

Assuming you have nixpkgs checked out in a peer directory of this one,

    NIX_PATH=nixpkgs=../nixpkgs:$NIX_PATH ./run-tests.sh


## Articles of interest

* [Build Safety of Software in 28 Popular Home Routers](https://cyber-itl.org/assets/papers/2018/build_safety_of_software_in_28_popular_home_routers.pdf):
   "of the access points and routers we reviewed, not a single one
took full advantage of the basic application armoring features
provided by the operating system. Indeed, only one or two models even
came close, and no brand did well consistently across all models
tested"
placeholder readme 2022-09-20 14:46:42 +00:00			`# Liminix`

			`Līminis + Nix`

			`* Līminis : Latin, genitive declension of limen. "Of the threshold"`
			`* Nix : a tool for reproducible and declarative configuration management`
			`* Liminix : a Nix-based system for configuring consumer wifi routers`

			`## What is this?`

boots to userland and runs busybox init 2022-09-20 22:04:08 +00:00			`This is a Nix-based collection of software tailored for domestic wifi`
			`router or IoT device devices, of the kind that OpenWrt or DD-WRT or`
			`Gargoyle or Tomato run on. It's a reboot/restart/rewrite of NixWRT.`
placeholder readme 2022-09-20 14:46:42 +00:00
			`This is not NixOS-on-your-router: it's aimed at devices that are`
boots to userland and runs busybox init 2022-09-20 22:04:08 +00:00			`underpowered for the full NixOS experience. It uses busybox tools,`
			`musl instead of GNU libc, and s6-rc instead of systemd.`


			`## Building`

			`These instructions assume you have nixpkgs checked out in a peer`
			`directory of this one.`

			You need a `configuration.nix` file pointed to by `<liminix-config>`, a
			hardware device definition as argument `device`, and to choose an
			`appropriate output attribute depending on what your device is and how`
			`you plan to install onto it. For example:`

			`NIX_PATH=nixpkgs=../nixpkgs:$NIX_PATH NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1 nix-build -I liminix-config=./tests/smoke/configuration.nix --arg device "import ./devices/qemu.nix" -A outputs.default`

			`outputs.default` is intended to do something appropriate for the
			`device, whatever that is. For the qemu device, it creates a directory`
			`containing a squashfs root image and a kernel, with which you could`
			`then run`

			`./run-qemu.sh result/vmlinux result/squashfs`

placeholder readme 2022-09-20 14:46:42 +00:00
			`## Running tests`

link to CITL mips security paper 2022-09-20 17:24:27 +00:00			`Assuming you have nixpkgs checked out in a peer directory of this one,`
placeholder readme 2022-09-20 14:46:42 +00:00
			`NIX_PATH=nixpkgs=../nixpkgs:$NIX_PATH ./run-tests.sh`
link to CITL mips security paper 2022-09-20 17:24:27 +00:00

			`## Articles of interest`

			`* [Build Safety of Software in 28 Popular Home Routers](https://cyber-itl.org/assets/papers/2018/build_safety_of_software_in_28_popular_home_routers.pdf):`
			`"of the access points and routers we reviewed, not a single one`
			`took full advantage of the basic application armoring features`
			`provided by the operating system. Indeed, only one or two models even`
			`came close, and no brand did well consistently across all models`
			`tested"`