Tomb hardened userspace bundle

[jaromil]

It would be nice to have a build environment for a static build of Tomb's userspace tools, for instance using musl-libc for all dependencies. It could be a set of script in extras that build this and we may distribute pre-compiled binaries for x86.

[parazyd]

Do you only have kdf-keys in mind or more?

Perhaps my last two commits can give you some insight: https://github.com/parazyd/Tomb/commits/master

[jaromil]

Well done with that commit! I do have in mind an easy way to build all dependencies to the maximum possible extent. I suggest we keep bootstrap-musl.sh as a name for such scripts all across subdirs implementing this.

[parazyd]

Yes. Let's figure out gtk-tray and qt-tray so we find a common ground whenever you have time :)

I misunderstood your commend. Indeed yes, it is quite possible to have a static cryptsetup and such. I already have most of the workflow ready for coffin. One thing you can forget about is gtk/qt though. Those will not be possible to statically link. pinentry-curses is not a problem.

[parazyd]

OK, just to leave notes. I have managed to link everything statically on my Gentoo system.

[x] pinentry-curses
[x] gpg2
[x] cryptsetup
[x] e2fsprogs
[x] kdf-keys

sudo should stay system-wide. qrencode I can try to figure out (libpng). steghide is C++ and doesn't like being compiled for static linking.

[jaromil]

ACK, Good job! Pity for steghide, I shall have a look into it sometimes. Qrencode is not so important as its only for exporting keys to backup them. I hope is easy to isolate the build procedure into an extras/ subdir?