lainOS/lainOS-layer-02
lainOS/lainOS-layer-02
2
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
A systemd-free Arch Linux derivative built with OpenRC as PID 1, offering full ABI compatibility for systemd-linked software via the Protocol 7 compatibility architecture. https://lainos.net
5 commits 1 branch 1 tag 54 KiB
Find a file
Exact
amnesia a1d2a9078f Update README.md
2026-06-22 23:55:28 +02:00
README.md Update README.md 2026-06-22 23:55:28 +02:00

README.md

lainOS layer 02

A systemd-free Arch Linux derivative built with OpenRC as PID 1, offering full ABI compatibility for systemd-linked software via the Protocol 7 compatibility architecture.

License: GPL v3 Architecture Init

Table of Contents

Overview

LainOS Layer 02 is a custom Arch Linux-based distribution built on a clean Arch base using archiso. It replaces systemd with OpenRC as PID 1, while maintaining ABI compatibility with software that dynamically links against systemd's client libraries through the Protocol 7 compatibility layer.

The ISO boots into a graphical live environment offering a choice between:

  • Sway (Wayland) — A tiling Wayland compositor for the installed system preview
  • Openbox (X11) — A lightweight stacking window manager running the Calamares installer

This is not merely a themed Arch respin — it is a genuine init-system replacement project with custom C daemons handling responsibilities that systemd would otherwise own.

Architecture

Layer Component Role
Boot GRUB/Syslinux/EFI → Dracut UEFI/BIOS boot, initramfs with dmsquash-live
Init /sbin/openrc-init PID 1, explicit kernel cmdline
Live Session greetd + tuigreet TUI login manager on TTY1
Wayland Sway + i3status-rs Tiling compositor, autotiling, themed status bar
X11 Openbox + tint2 Stacking WM, live installer environment
Installer Calamares Graphical system installer
Compatibility protocol7-core systemd ABI surface, D-Bus facade, session management

Boot Chain

BIOS/UEFI → GRUB/Syslinux → kernel + initramfs
  └─ Dracut: dmsquash-live mounts squashfs, execs /sbin/openrc-init
     └─ OpenRC sysinit: cgroup-delegate, dbus, lainos-ghost-units, lainos-notifyd, lainos-machine-id
        └─ OpenRC default: seatd, lainos-dbus-bridge, iwd, greetd, chrony, nftables, polkit
           └─ greetd → tuigreet → session selection
              ├─ Sway: lainos-session-sway → lainos-init → Sway
              └─ Openbox: lainos-session-openbox → xinit → Xorg → lainos-init → Openbox

Key Features

System

  • systemd-free — OpenRC as PID 1 with no systemd binary present
  • Protocol 7 — Custom compatibility layer providing libsystemd.so.0 ABI via real systemd-libs (not mocks)
  • Live ISO — Fully bootable live environment with Calamares installer
  • Dual-session — Choose Sway (Wayland) or Openbox (X11) at login
  • Dracut initramfs — Modern initramfs with live boot support

Desktop (Sway/Wayland)

  • Sway 1.12+ tiling compositor with custom keybindings
  • i3status-rs themed status bar (replaced waybar)
  • wofi application launcher
  • alacritty terminal emulator
  • dunst notification daemon
  • swaybg static wallpaper
  • Autotiling automatic window tiling
  • Powerlevel10k zsh prompt
  • CoplandOS-GTK dark theme with StarLabs cursor

Desktop (Openbox/X11)

  • Openbox lightweight stacking window manager
  • tint2 panel/taskbar
  • Calamares graphical system installer
  • hsetroot wallpaper setter

System Hardening

  • IPv6 disabled by default (prevents VPN leaks)
  • SYN flood protection, ICMP redirect rejection, reverse path filtering
  • Kernel pointer restriction (kptr_restrict=2)
  • dmesg restricted to root only
  • Magic SysRq disabled
  • CPU RNG not unconditionally trusted (random.trust_cpu=off)
  • Ephemeral machine-id — regenerated on every boot
  • iwd MAC randomization — new MAC address per boot
  • nftables firewall — default-deny with established/related allowed

Networking

  • iwd for WiFi (replacing wpa_supplicant/NetworkManager)
  • dhcpcd + openresolv for wired DHCP
  • chrony for NTP time synchronization
  • nftables for firewall management
  • No NetworkManager, no systemd-networkd, no systemd-resolved

System Requirements

Minimum

  • 64-bit x86_64 processor
  • 2 GB RAM
  • 4 GB USB drive or free disk space
  • UEFI or BIOS boot support

Recommended

  • 4+ GB RAM
  • GPU with Mesa drivers (Intel/AMD recommended; software rendering fallback available)
  • USB 3.0 for live boot

Tested Hardware

  • QEMU/KVM with Virtio GPU (primary development environment)
  • ThinkPad T480 (target real hardware — pending test)

Building

Prerequisites

Build Host: Arch Linux or Artix Linux (OpenRC) with identical repository configuration

Required packages on build host:

sudo pacman -S archiso base-devel git

Build Steps

  1. Clone the repository:
git clone https://github.com/The-LainOS-Project/lainos-layer-02.git
cd lainos-layer-02
  1. Build the ISO:
./build_lainOS.sh

Or manually:

sudo rm -rf ~/lainos-work ~/lainos-out
mkdir -p ~/lainos-work ~/lainos-out
yes "" | sudo mkarchiso -v -w ~/lainos-work -o ~/lainos-out protocol7-profile 2>&1 | tee ~/lainos-build.log
  1. Verify the build:
grep -i "protocol7-core" ~/lainos-build.log | tail -5
ls -la ~/lainos-out/LainOS-*.iso

The resulting ISO will be at ~/lainos-out/LainOS-YYYY.MM.DD-x86_64.iso.

Custom Repository

LainOS Layer 02 requires two custom repositories hosted on GitLab:

protocol_7_repo

Contains Protocol 7 compatibility packages:

Package Type Purpose
protocol7-core Real Main compatibility layer, init scripts, session daemons
dbus-openrc Real OpenRC service script for D-Bus
eudev Real udevadm, udevd (no libudev conflict)
libudev Dummy Satisfies libudev dependency chain
systemd Dummy No files, satisfies pacman dep
systemd-sysvcompat Dummy Blocks real sysvcompat
elogind Dummy Blocks real elogind
mkinitcpio Dummy Blocks real mkinitcpio
initramfs Dummy Blocks mkinitcpio hooks

lainos_repo

Contains Calamares installer packages:

Package Purpose
lainos-calamares-dracut Calamares binary (services-openrc enabled)
lainos-calamares-config-layer-02 Calamares configuration and branding

Rebuilding Protocol7-Core

cd ~/protocol-7-core-sdl/protocol7-core-systemd-libs
rm -f protocol7-core-*.pkg.tar.zst
makepkg -f
cp protocol7-core-*.pkg.tar.zst ~/your-repo-path/
cd ~/your-repo-path
repo-add protocol_7_repo.db.tar.gz protocol7-core-*.pkg.tar.zst

Rebuilding Calamares Binary

cd ~/lainos-calamares-dracut/calamares-3.3.15.250221-01/
makepkg -sf    # -s syncs build deps, -f forces rebuild
# Push resulting package to lainos_repo

Clearing Package Cache

sudo rm -f /var/cache/pacman/pkg/protocol7-core-*.pkg.tar.zst
sudo rm -f /var/cache/pacman/pkg/lainos-calamares-*.pkg.tar.zst
sudo rm -f /var/cache/pacman/pkg/polkit-*.pkg.tar.zst
sudo pacman -Syy --config ~/p7--iso-openbox-sway/p7--iso-openbox-sway/protocol7-profile/pacman.conf

Installation(UNDER CONSTRUCTION)

Live Boot

  1. Write the ISO to a USB drive:
sudo dd if=~/lainos-out/LainOS-*.iso of=/dev/sdX bs=4M status=progress

  1. Boot from USB and select LainOS Layer 02 from the bootloader.

  2. At the tuigreet login screen:

    • Select Sway or Openbox X11 session
    • Login as liveuser (no password required)
    • Or login as root with password lain

Installing to Disk

From the Openbox (X11) session, Calamares launches automatically:

  1. Follow the Calamares installer wizard
  2. The installed system will use greetd + tuigreet with Sway as the default session
  3. Reboot into your new LainOS installation

Calamares Launch (Sway session)

doas env WAYLAND_DISPLAY=$WAYLAND_DISPLAY \
         XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \
         QT_QPA_PLATFORM=wayland \
         calamares

Or via polkit:

calamares_polkit

Session Types

Sway (Wayland)

The primary desktop session. A tiling Wayland compositor with:

Keybindings:

Key Action
Mod4+Return Open terminal (alacritty)
Mod4+d Open application launcher (wofi)
Mod4+Shift+q Close focused window
Mod4+1-9 Switch to workspace
Mod4+Shift+1-9 Move window to workspace
Mod4+h/j/k/l Focus left/down/up/right
Mod4+Shift+h/j/k/l Move window left/down/up/right
Ctrl+Alt+l Log out

Bar: CoplandOS-themed i3status-rs with system info, network, battery, clock

Theme: CoplandOS-GTK dark theme with StarLabs cursor

Wallpaper: Static image via swaybg

Openbox (X11)

The live installer session. A lightweight stacking window manager:

  • Right-click for root menu
  • Calamares installer auto-starts
  • tint2 panel with task list and system tray

Protocol 7 Compatibility Layer

Protocol 7 is the architectural foundation that enables systemd-free operation while maintaining compatibility with software expecting systemd interfaces.

Philosophy

Use real systemd-libs for ABI compatibility — the client libraries function fine without systemd running as PID 1. No mock or stub reimplementations are needed.

Core Components

Component Binary Role
lainos-init /usr/libexec/lainos/lainos-init Session initializer — detects X11/Wayland, sets environment, execs compositor/WM
lainos-dbus-bridge /usr/libexec/lainos/lainos-dbus-bridge org.freedesktop.login1 D-Bus facade — creates /run/user/$UID, manages sessions
lainos-notifyd /usr/libexec/lainos/lainos-notifyd sd_notify socket sink at /run/systemd/notify
lainos-ghost-units /usr/libexec/lainos/lainos-ghost-units Creates /run/systemd/* ghost directories
lainos-audio-init /usr/libexec/lainos/lainos-audio-init ALSA orchestration
lainos-net-init /usr/libexec/lainos/lainos-net-init Network hardening
lainos-machine-id /etc/init.d/lainos-machine-id Generates random /etc/machine-id on every boot
cgroup-delegate /etc/init.d/cgroup-delegate cgroup2 mount + controller delegation

D-Bus Policy

The org.freedesktop.login1 bus name requires explicit D-Bus policy permission. LainOS ships:

<!-- /usr/share/dbus-1/system.d/org.freedesktop.login1.conf -->
<policy user="root">
  <allow own="org.freedesktop.login1"/>
  <allow send_destination="org.freedesktop.login1"/>
  <allow receive_sender="org.freedesktop.login1"/>
</policy>

Design Decisions

Decision Rationale
Real systemd-libs, not mocks Simpler ABI compatibility; mocks are inert backup only
dbus in sysinit runlevel Ensures D-Bus starts before all dependents
seatd instead of logind Minimalist seat management, no polkit dependency
doas instead of sudo Smaller attack surface, no sudo daemon
No customize_airootfs.sh Use airootfs/ overlay (modern archiso practice)

System Hardening

Kernel Parameters

All bootloader configs include:

root=live:CDLABEL=LAINOS init=/sbin/openrc-init rd.live.image rd.live.dir=%INSTALL_DIR% rd.live.squashimg=x86_64/airootfs.sfs rd.live.waitdev=5 random.trust_cpu=off

sysctl Configuration

/etc/sysctl.d/99-lainos-hardening.conf:

  • IPv6 completely disabled (net.ipv6.conf.all.disable_ipv6=1)
  • SYN cookies, reverse path filtering
  • ICMP redirect rejection
  • Kernel pointer and dmesg restriction
  • Magic SysRq disabled

Privacy Features

  • Ephemeral machine-id — regenerated every boot via lainos-machine-id service
  • MAC randomization — iwd randomizes WiFi MAC per boot (AddressRandomization=once)
  • No systemd-resolved — no DNS caching/tracking by default

Network Configuration

WiFi (iwd)

Quick start:

iwctl
[iwd]# device list
[iwd]# station wlan0 scan
[iwd]# station wlan0 get-networks
[iwd]# station wlan0 connect SSID
[iwd]# quit

MAC randomization is enabled by default.

Wired (dhcpcd)

Automatic on boot via dhcpcd in the default runlevel.

Firewall (nftables)

Default ruleset:

  • Input/forward: drop
  • Established/related: accept
  • Loopback: accept
  • ICMP: rate-limited
  • SSH inbound: allowed
  • Outbound: unrestricted

Troubleshooting

Calamares Debugging

# Launch with debug output
doas env WAYLAND_DISPLAY=$WAYLAND_DISPLAY \
         XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \
         QT_QPA_PLATFORM=wayland \
         calamares -D 8 2>&1 | tee /tmp/calamares-debug.log

# Check for storage/polkit issues
grep -iE "storage|disk|kpm|partition|root|polkit" /tmp/calamares-debug.log

Build Issues

Stale package cache:

sudo rm -f /var/cache/pacman/pkg/protocol7-core-*.pkg.tar.zst
sudo pacman -Syy

agetty.tty1 conflict with greetd:

  • Fixed via NoExtract = etc/runlevels/default/agetty.tty1 in pacman.conf
  • Verify after build: ls /tmp/archiso-work/x86_64/airootfs/etc/runlevels/default/ | grep agetty

Project Structure

lainos-layer-02/
├── protocol7-profile/              # ISO build profile
│   ├── airootfs/                   # Overlay files → ISO chroot
│   │   ├── etc/
│   │   │   ├── init.d/             # OpenRC init scripts
│   │   │   ├── runlevels/          # Service runlevel symlinks
│   │   │   ├── greetd/
│   │   │   ├── pam.d/
│   │   │   ├── sysctl.d/
│   │   │   ├── skel/               # Default user configs
│   │   │   ├── iwd/
│   │   │   ├── syslog-ng/
│   │   │   ├── dbus-1/system.d/
│   │   │   ├── pacman.conf         # Runtime pacman config
│   │   │   └── ...
│   │   ├── usr/
│   │   │   ├── local/bin/          # Session wrappers
│   │   │   └── share/
│   │   │       ├── wayland-sessions/
│   │   │       ├── xsessions/
│   │   │       └── lainos/wallpapers/
│   │   └── var/lib/                # chrony, nftables state
│   ├── packages.x86_64             # Package list
│   ├── pacman.conf                 # Build-time pacman config
│   ├── profiledef.sh               # ISO metadata, permissions
│   ├── airootfs.sh                 # pacman-key init during build
│   └── build_lainOS.sh             # Build script
│
├── protocol7-core-systemd-libs/    # Protocol 7 source
│   ├── lainos-init.c               # Session initializer
│   ├── lainos-dbus-bridge.c        # login1 D-Bus facade
│   ├── lainos-notifyd.c            # sd_notify sink
│   ├── lainos-ghost-units.c        # systemd ghost dirs
│   ├── lainos-net-init.c           # Network hardening
│   ├── lainos-audio-init.c         # ALSA orchestration
│   ├── *.initd                     # OpenRC service scripts
│   └── PKGBUILD
│
├── lainos-calamares-dracut/        # Calamares binary source
│   └── calamares-3.3.15.250221-01/
│
└── lainos-calamares-config-layer-02/  # Calamares config source
    └── PKGBUILD

Key Files

File Purpose
protocol7-profile/airootfs/etc/skel/.config/sway/config Sway user configuration
protocol7-profile/airootfs/usr/local/bin/lainos-session-sway Wayland session wrapper
protocol7-profile/airootfs/usr/local/bin/lainos-session-openbox X11 session wrapper
protocol7-core-systemd-libs/lainos-init.c Session initialization logic
protocol7-core-systemd-libs/lainos-dbus-bridge.c D-Bus login1 facade
protocol7-profile/pacman.conf Build-time repository configuration

Contributing

LainOS is developed by Grayson Giles and the LainOS community.

Reporting Issues

Please include:

  • ISO version/date
  • Hardware/VM configuration
  • rc-status output
  • Relevant logs from /var/log/everything.log or dmesg

License

LainOS Layer 02 and the Protocol 7 compatibility layer are released under the GNU General Public License v3.0.

Individual components (Sway, Openbox, OpenRC, Calamares, etc.) retain their respective licenses.

Acknowledgments

  • Arch Linux — The foundation everything is built on
  • Artix Linux — OpenRC packaging and development environment
  • OpenRC — Reliable, predictable init system
  • Sway/wlroots — Modern Wayland compositor ecosystem
  • Calamares — User-friendly system installer

Last updated: 2026-06-19 Current package: protocol7-core-5.4-12 Status: Core daemons working, Calamares in active debugging, awaiting real hardware test