zypher-systems/zypheros
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases 4 Packages Wiki Activity Actions
4 releases 11 tags
  • 0.3.0-Alpha 1016e583c8

    ZypherOS 0.3.0 Alpha Pre-release

    zypher released this 2026-03-16 01:58:23 +00:00 | 36 commits to main since this release

    ZypherOS 0.3.0 Alpha Release Notes

    Release Date: March 15, 2026
    Status: Alpha

    ZypherOS 0.3.0 is a massive architectural milestone. This release transforms the baseline installer into a hardened security fortress, introduces robust system rollback capabilities, and refines the default desktop experience for maximum stability across all hardware.

    Whether you are deploying to a bare-metal gaming rig or a datacenter hypervisor, 0.3.0 is designed to boot flawlessly and defend itself out of the box.

    Desktop & Terminal Evolution

    To ensure 100% boot success and stability across all physical hardware and virtual machines, we have updated the default terminal deployment:

    • Terminal Replacement: Opted to remove Ghostty as the default terminal, replacing it with a deeply customized version of Konsole. Konsole guarantees flawless Wayland and X11 rendering regardless of GPU hardware or virtualization layers.
    • The Zypher Aesthetic: Konsole has been pre-configured via /etc/skel to feature the highly requested Carbonfox color palette, 0.9 background opacity, and the MesloLGS Nerd Font.
    • Global Shell Configs (zypheros-shell-config): The custom fish shell and starship prompts have been broken out into their own independent package. They now deploy globally to /etc/fish/conf.d/, ensuring all users inherit the ZypherOS aesthetic while keeping their personal ~/.config directories safe during system updates.
    • Advanced Terminals: Ghostty and Alacritty have been moved to the official repo.zyphersystems.com repository for power users who prefer hardware-accelerated terminals.

    The Security Fortress

    The core kernel and network stacks have been aggressively hardened to mitigate modern attack vectors without sacrificing daily desktop usability.

    • AppArmor Enforced: The kernel now boots with AppArmor strictly enforced, actively confining system services and Flatpak sandboxes.
    • Kernel Network Hardening (sysctl):
      • Active TCP SYN Flood protection (SYN Cookies enabled).
      • Strict Reverse Path Filtering (Spoofing protection).
      • ICMP Redirects and Source Routing explicitly disabled to prevent MITM attacks.
      • Martian packet logging enabled for network auditing.
    • Attack Surface Reduction: Obscure network protocols (DCCP, SCTP, RDS, TIPC) are now explicitly blacklisted via modprobe.
    • Encrypted DNS: systemd-resolved now defaults to Opportunistic DNS-over-TLS (DoT), automatically encrypting DNS queries when supported by the network.
    • Strict Firewall: firewalld is enabled by default, dropping all unrequested external traffic while explicitly managing SSH access based on user installation choices.

    Filesystem & Recovery

    • BTRFS & Snapper Integration: Choosing BTRFS during installation now automatically configures an optimized subvolume layout (@, @home, @log, @pkg, @snapshots).
    • Automated Rollbacks: snapper and snap-pac are now fully integrated and configured offline during the chroot phase, enabling instant system rollbacks via the bootloader.

    Installer Quality of Life Improvements

    • Media Ejection Prompt: Added an active prompt to remove installation media (ISO/USB) prior to the final reboot sequence to prevent VM boot loops.
    • Resilient Chroot Execution: Fixed a critical bug where offline D-Bus calls would silently crash the deployment script.
    • Dynamic Memory: Added intuitive selection for ZRAM (50% or 100% of physical RAM) vs. traditional Swap partitions.
    Downloads