Quick Start
Follow instructions in the kas-sulka repository to install and activate kas.
Clone the
kas-sulkarepository to build Sulka with kas:git clone https://codeberg.org/AltidSec/kas-sulka.git cd kas-sulka
Generate a password for the service user that can be used to log in.
mkpasswd -m yescrypt -s -R 8 <SECRET_PASSWORD>
When you update your password, the system requires that it be at least 14 characters long and include at least one character from at least three of the following four character classes: lowercase letters, uppercase letters, digits, and special characters. It is recommended that your initial password meets these requirements.
For assigning the resulting encrypted password to a variable in a Yocto-style build, dollar signs have to be escaped with
\. This can be combined with the password creation process:mkpasswd -m yescrypt -s -R 8 test | sed 's/\$/\\$/g'
This hashes the password “test” and prepares the resulting hash for pasting into a Yocto configuration file.
Add the password to
kas-sulka-configuration.yml. Escape the four dollar signs in hash with\if not done already:SULKA_SERVICEUSER_PASSWORD = "<HASH_FROM_PREVIOUS COMMAND>"
(Optional) Change the default service user username
serviceuserto something else by adding it tokas-sulka-configuration.yml:SULKA_SERVICEUSER_USERNAME = "<USERNAME>"
(Optional) Enable the graphics support if your device requires it:
SULKA_DISABLE_GRAPHICS = "0"
(Optional) If editing the files in
meta-sulka-distro, checkout the meta-layers first:kas checkout kas-sulka.yml
(Optional) Edit the firewall template in
meta-sulka-distro/recipes-filter/nftables-configuration/files/nftables-drop-everything.conf, or select one of the other templates withSULKA_NFTABLES_CONFconfiguration variable.(Optional) Edit the sudo configuration for the service user in
meta-sulka-distro/recipes-extended/sudo/files/serviceuser.confto enable sudo.Build the image:
kas build kas-sulka.yml
Run the image, and login as the service user using the password defined earlier