Requirements
In this document, you can find a list of functions and constraints regarding RadishOS and RadishFactory. Usually, I write this information in a sheets document with at least four colums: “Function”, “Subfunction”, “Criterion”, and “Value”. This method ensures that – if applicable – functions are linked to a measurable value one can rely upon to guide them in their choice of solutions, as well as to help write tests and validate the product later on.
Files available for download
Problem breakdown
graph LR
root(Build Linux distro in homelab):::l0
root --> f(Factory: build binaries and ISOs in homelab):::l1
f --> f1(Provide binary packages):::l2
f --> f2(Provide installation media):::l2
f --> f3(Security constraints):::l2
root --> o(OS: Build a desktop Linux distro):::l1
o --> o1(Perform usual tasks):::l2
o --> o2(Manage the system):::l2
o --> o3(Install the OS):::l2
o --> o4(Manage the factory):::l2
o --> o5(Protect user data):::l2
o --> o6(Security constraints):::l2
o --> o7(Compatibility constraints):::l2
classDef l0 fill:#BFE5BF,stroke:black
classDef l1 fill:#FEF2C0,stroke:black
classDef l2 fill:#FAD8C7,stroke:black
RadishOS
Interactors
The following diagram shows what elements are involed in interactions with the Linux distribution; listing them helps think about functions and constraints.
mindmap
root((RadishOS))
(User)
(Hardware)
(Software)
(USB Peripherals)
(Displays/Graphics)
(Threats)
(RadishFactory)
(Network/Internet)
(Private Data)
Functional requirements
OF1: Perform usual tasks
| Subfunction | Criterion | Value | Criticity |
|---|---|---|---|
| Browse the Internet | Browser feature test* | 540+/588 | Must |
| View/edit documents | Formats | MS Office + ODS PDF, PNG, JPEG | Must |
| Edit code | Languages | C, C++, Rust, Go, Python, Bash/shell, Markup, and config formats | Must |
| Deploy containers | Technologies | Podman | Must |
| Deploy virtual machines | Technologies | QEMU/KVM | Must |
| VirtualBox | Should | ||
| Play games | Platform | Steam | Could |
| Epic Games | Could |
* browser test from https://html5test.teamdev.com
OF2: Configure the system
| Subfunction | Criterion | Value | Criticity |
|---|---|---|---|
| Install/update packages | Format | Binary archives | Must |
| Flatpak | Must | ||
| Sources | RadishFactory | Must | |
| Gentoo Official Binhost | Should | ||
| Security checks | GPG signature | Must | |
| Blake2B sums | Must | ||
| Manage app permissions | Type of permissions | Network, paths, ipc, etc. | Should |
| Configure displays | Must | ||
| Configure networks | Must | ||
| Configure users & groups | Must | ||
| Mount drives | Permission level | Non-root | Must |
OF3: Install the OS
| Subfunction | Criterion | Value | Criticity |
|---|---|---|---|
| Choose partition layout | Complexity | Easy mode + terminal access | Must |
| Partition types | LUKS, LVM, VFAT, EXT4, XFS | Must | |
| Swap | Should | ||
| Configure users | When | Before installation starts | Must |
| Choose OS features | When | Before installation starts | Could |
| Add dotfiles | When | Before installation starts | Must |
| Ask for confirmation | When | Before installation starts | Must |
OF4: Protect user data
| Subfunction | Criterion | Value | Criticity |
|---|---|---|---|
| Insure availability | Prevent data losses | Any non-user related | Must |
| Insure integrity | Prevent data losses | Any non-user related | Must |
| Insure confidentiality | VPN protocols | IPSec, Wireguard, OVPN | Must |
| Tracking protection | Ad blocking | Must | |
| Link tracker removal | Must | ||
| Insure traceability | Log rotation | 1 month | Should |
| Log retention | 1 year | Should |
OF5: Manage RadishFactory out-of-the-box
| Subfunction | Criterion | Value | Criticity |
|---|---|---|---|
| Login remotely | Protocol | SSH | Must |
| Web GUI | Must |
Non-functional requirements (constraints)
ON1: Hardening
| Subfunction | Criterion | Value | Criticity |
|---|---|---|---|
| Disk encryption | Encrypted partitions | Home and RootFS | Must |
| Standards | LUKS 2 | Must | |
| Decryption mechanisms | Passphrase | Must | |
| Decryption mechanisms | Yubikey/smartcard | Should | |
| Implement segmentation | Processes | Mandatory Access Control | Should |
| Containerized apps | Should | ||
| Users | No root | Must | |
| Casual | Must | ||
| Admin | Must | ||
| Filter network traffic | Implement a firewall | Should | |
| Comply with recomms. | Guidelines | ANSSI (MIRE level TBD) | Should |
| OpenSCAP (Score TBD) | Should |
ON2: Compatibility
| Subfunction | Criterion | Value | Criticity |
|---|
RadishFactory
Interactors
mindmap
((RadishFactory))
(RadishOS)
(Network/Internet)
(Gentoo/Guru ebuilds)
(Binary packages)
(Admin User)
(Threats)
(LDAP)
(Installation Media)
Functional requirements
Non-functional requirements (constraints)
Last updated on