Stasis is an experimental GNU/Linux source distribution, setting sail by the skarnet lighthouse, built in the KISS tradition, navigating by Lua charts toward the far shore of Oasis.

Compass

Simplicity

Static musl C binaries. Source-based builds. No package manager. No systemd. No logind. No udev. No D-Bus. No polkit. No PAM. No desktop environments.

Sovereignty

Make drastic tradeoffs until ownership of understanding is obtained. Trade features and complexity for understanding and control. One person should be able to grok the whole system.

Decentralization and Resilience

Email, IRC, Git, and BitTorrent won because they are decentralized protocols. i2p and similar protocols must be adopted and normalized for added resilience. Distros must ship tooling to fetch, manage, and serve local copies of all sources required to do a self-hosted bootstrap and rebuild from source in airgapped environments. Every system is an island unto itself.

Pragmatism

GNU/Linux on x86_64 only. That covers > 90% of all desktops, laptops, and servers worldwide. Limiting scope gains focus. Linux because Linus himself is the most famously pragmatic developer alive. GNU coreutils may be bloated but they are the most commonly found and familiar tools on the planet. GRUB because nothing else boots more hardware. Easy access to binary blobs for hardware support is also pragmatism.

Versatility

A general purpose system. C/C++ toolchain with Bash and Lua for scripting ships in the base system. Every system is a development environment.

Software

Every binary is statically linked against musl. These are the defaults. What actually ships in your rootfs tarball is configurable via config.lua, where you can include software from extra, exclude from base, and configure hostname, timezone, locale, keymap, root password, kernel params, kernel .config, filesystem, networking, wifi, DNS, services, TTYs, CFLAGS, LTO, etc.

Base
Boot / Kernel / Init
rootfs-layoutgrublinuxskalibsexeclines6s6-linux-inits6-rcs6-boots6-linux-utilss6-portable-utils
Services
mdevddhcpcdeiwdacpidopenntpddcrondropbear
Toolchain
musl-cross-makemakem4flexbisonbcelfutils
Userland
bashcoreutilssedgnugrepfindutilsgawkdiffutilspatchwhichfilelessmandocprocps-ngshadowutil-linuxe2fsprogskbdiproute2iwiptablesgnu-netcatinetutilscurlgitrsyncgtarbzip2xzlzippigzedmgvislualibresslzlibcertsncurseslibc-toolslibcaplibnllibtermkeylpegtzdata
Extra
darkhttpdnginxsocatwireguard-toolsunboundnsdi2pdcatgirlneomuttw3mscreentmuxneovimemacsunzipcmakesamurailuajitboostgdbstraceefivarefibootmgrbtrfs-progsgmpmpfrnettlelibtasn1gnutlsexpatlibxml2libeventboehm-gclibdrmfreetypefribidilibasslibplaceboalsa-libalsa-utilsffmpegmpvlibtorrentrtorrent
/sucks

Non-static software available in ./tools/extra, installs to /sucks

jre-bin, i2p-bin, yt-dlp-bin

Are we desktop yet?

Not yet. Current focus is TTY and CLI based workflows while getting the core tooling and system to stable. Text editors, browsers, IRC, email, and framebuffer video playback *should* all work today.

README

STASIS
======


BUILDING
========

Copy the templates and edit them.

        cp config.lua.example config.lua
        cp default.lua.example default.lua

Run the pipeline.

        make build                  # build packages, assemble rootfs into workspace/preview
        make tests                  # audit the rootfs for linkage, permissions, purity
        make release                # two stage chroot rebuild, tarball to workspace-release-stage-b/dist

make build writes workspace/preview. make release writes
workspace-release-stage-a/preview and workspace-release-stage-b/preview,
then produces the release tarball at workspace-release-stage-b/dist.

Think of the three workspaces as dev, staging, and production.

        workspace                    dev
        workspace-release-stage-a    staging
        workspace-release-stage-b    production

Each stage proves one thing.

Dev proves the graph bootstraps from source on your current machine.
On a glibc host, only the minimal profile is trusted for make build.
Staging proves the system rebuilds in musl chroot without host leakage.
Production proves the rebuilt system can rebuild itself again from a
clean workspace.

In practice you rarely need to look inside these directories. Edit
config.lua, default.lua, or system/*/pkg.lua and run through the make
commands. All workspace directories are gitignored. rm -rf workspace*
gives a clean slate.

make build is cached. Only packages whose inputs changed get rebuilt,
so iterating on a single recipe is fast. Editing config.lua or
stasis.lua invalidates the cache for every package, because build
flags or engine behavior could affect any output. After a trivial
edit like fixing a comment, run lua tools/rekey-cache.lua before the
next build to skip the full rebuild.

Both release stages clear build and preview on each run. Source tarballs
stay cached.

Release needs root for mount, chroot, and finalization. It escalates via
su and reads STASIS_ROOT_PASSWORD from .env.

        echo 'STASIS_ROOT_PASSWORD=yourpassword' > .env

.env is gitignored.


UPGRADING
=========

Stasis upgrades by rebuilding from source.

        git pull
        diff config.lua config.lua.example
        diff default.lua default.lua.example
        make build
        make tests
        make release

Install the new release on target as a manual sysadmin step. More
tooling is needed here and is planned, to make this safer.


FIRST TIME INSTALL
==================

Start from a running Linux system. A musl Linux distro is recommended.
If using a glibc distro, only the minimal profile is known to work with
make build, due to host contamination. The goal is to get a minimal
make build and make release working, migrate that to a real disk, then
add more packages and iterate further on the running stasis system.

        1. Clone the repo.
        2. Edit config.lua and default.lua.
        3. Set kernelConfig in config.lua for your hardware.
        4. make build
        5. make tests
        6. make release
        7. Extract the release tarball to target disk.
        8. Chroot in and setup GRUB.
        9. Reboot.

Lineage

With respect and thanks to the projects and traditions that made this possible.

sta.li / suckless / KISS / Oasis / skarnet / musl / GNU / Linux

These projects have all influenced this project in one way or another.

Community

#stasislinux on EFnet. No ChanServ. No NickServ. Just old school wild west IRC.

No mailing lists, no forums, no pull requests, no issue trackers, no infrastructure, no devops. IRC or email direct is enough.

Patches: patch@stasislinux.org

Security disclosures: security@stasislinux.org

General inquiries: general@stasislinux.org

Alternate i2p access is planned via a bridged IRC channel, official i2p git repo (codeberg becomes mirror), stasis upstream source tarballs served over i2p torrents, and eepsite. Consider using @i2pmail.org and i2p's SusiMail to reclaim control of the email protocols.

i2p will become the primary network for this project. Dystopian surveillance and censorship are on the rise. Clearnet access stays available but is not primary.

Stasis is a source distribution and build system. It is not a binary distribution, finished operating system, installer, hosted service, platform, product, or app store.

Stasis is a customizable blueprint, kit, and cookbook from which an operator may build a system to their own specifications. It provides upstream source code and build logic, not a consumer-ready deliverable.

If the internet is a highway, Stasis is not a car ready for the road. It is a parts list, a workshop, and a manual for building one. The operator assembles and deploys the system to their own specification, for their own lawful requirements, in their own jurisdiction.

Compliance obligations belong to whoever packages, distributes, hosts, sells, or operates a finished product or service built from this codebase. This includes age verification, identity requirements, app store rules, telecom obligations, consumer protection, and regional distribution requirements.

This codebase is provided for research, study, and experimentation under the MIT License, as is, without warranty. To the fullest extent permitted by law, it is also published as expressive source code.

Stasis is the work of one guy in a garage.

MIT License

MIT

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.