Dwarves is a set of tools that use the debugging information inserted in ELF binaries by compilers such as GCC, used by well known debuggers such as GDB.

Utilities in the Dwarves suite include pahole, that can be used to find alignment holes in structures and classes in languages such as C, C++, but not limited to these. These tools can also be used to encode and read the BTF type information format used with the kernel Linux bpf syscall.

The codiff command can be used to compare the effects changes in source code generate on the resulting binaries.

The pfunct command can be used to find all sorts of information about functions, inlines, decisions made by the compiler about inlining, etc.

The pahole command can be used to use all this type information to pretty print raw data according to command line directions.

Headers can have its data format described from debugging info and offsets from it can be used to further format a number of records.

Finally, the btfdiff command can be used to compare the output of pahole from BTF and DWARF, to make sure they produce the same results.

Libcxi provides applications with a low-level interface to the Cray/HPE Cassini high-speed NIC, also known as Slingshot.

The libnl suite is a collection of libraries providing APIs to netlink protocol based Linux kernel interfaces. Netlink is an IPC mechanism primarily between the kernel and user space processes. It was designed to be a more flexible successor to ioctl to provide mainly networking related kernel configuration and monitoring interfaces.

LVM2 is the logical volume management tool set for Linux-based systems. This package includes the user-space libraries and tools, including the device mapper. Kernel components are part of Linux-libre.

FuseISO is a FUSE module to mount ISO file system images (.iso, .nrg, .bin, .mdf and .img files). It supports plain ISO9660 Level 1 and 2, Rock Ridge, Joliet, and zisofs.

UnionFS-FUSE is a flexible union file system implementation in user space, using the FUSE library. Mounting a union file system allows you to "aggregate" the contents of several directories into a single mount point. UnionFS-FUSE additionally supports copy-on-write.

Keyd is a keyboard remapping utility with intuitive ini configuration file format. Keyd has several features, many of which are traditionally only found in custom keyboard firmware like QMK.

Control groups is Linux kernel method for process resource restriction, permission handling and more. This package provides userspace interface to this kernel feature.

This is the Linux kernel ACPI platform driver for the EC firmware on Purism Librem laptop computers. It allows user-space control over the battery charging thresholds, keyboard backlight, fans and thermal monitors, and the notification, WiFi, and Bluetooth LED.

Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. The software includes sandbox profiles for a number of common Linux programs. Firejail should be added to the list of setuid programs in the system configuration to work properly. Builded with --disable-sandbox-check, which is only intended for development.

GNU Linux-Libre is a free (as in freedom) variant of the Linux kernel. It has been modified to remove all non-free binary blobs.

NTFS-3G provides read-write access to NTFS file systems, which are commonly found on Microsoft Windows. It is implemented as a FUSE file system. The package provides additional NTFS tools.

This package provides hardware definitions and C headers for use by the Linux driver and by user-space applications for the Cassini/Slingshot high-speed network interconnect made by HPE (formerly Cray). User-land software uses cxi_prov_hw.h from this package.

Blktrace is a block layer IO tracing mechanism which provides detailed information about request queue operations to user space. It extracts event traces from the kernel (via the relaying through the debug file system).

This simple tool injects fake MCEs into a running Linux kernel, to debug or test the kernel's EDAC-handling code specific to x86 and x86_64 platforms.

Real MCEs are internal CPU errors. Handling them correctly can be important to system stability and even prevent physical damage. In contrast, simulated MCEs produced by mce-inject are purely synthetic: injection happens only at the software level, inside the kernel, and is not visible to the platform hardware or firmware.

A convenient feature of mce-inject is that the input language used to describe MCEs is similar to the format used in Linux panic messages, with a few extensions. In general, you should be able to pipe in any logged MCE panic to simulate that same MCE.

The target kernel must have the CONFIG_X86_MCE_INJECT option enabled and the mce-inject module loaded if it exists.

Early OOM is a minimalist out of memory (OOM) daemon that runs in user space and provides a more responsive and configurable alternative to the in-kernel OOM killer.

x86_energy_perf_policy displays and updates energy-performance policy settings specific to Intel Architecture Processors. Settings are accessed via Model Specific Register (MSR) updates, no matter if the Linux cpufreq sub-system is enabled or not.

Headers of the Linux-Libre kernel.

The USB/IP protocol enables to pass USB device from a server to a client over the network. The server is a machine which shares an USB device and the client is a machine which uses USB device provided by a server over the network. The USB device may be either physical device connected to a server or software entity created on a server using USB gadget subsystem. The usbip-utils are userspace tools to used to handle connection and management on both side. The client needs the vhci-hcd Linux kernel module and the server needs the usbip_host Linux kernel module.

kernel-hardening-checker is a tool for checking the security hardening options of the Linux kernel. Provided preferences are based on suggestions from various sources, including:

• KSPP recommended settings

• CLIP OS kernel configuration

• Last public grsecurity patch (options which they disable)

• SECURITY_LOCKDOWN_LSM patchset

• Direct feedback from the Linux kernel maintainers

This tool supports checking Kconfig options and kernel cmdline parameters.

PipeWire is a project that aims to greatly improve handling of audio and video under Linux. It aims to support the usecases currently handled by both PulseAudio and Jack and at the same time provide same level of powerful handling of Video input and output. It also introduces a security model that makes interacting with audio and video devices from containerized applications easy, with supporting Flatpak applications being the primary goal. Alongside Wayland and Flatpak we expect PipeWire to provide a core building block for the future of Linux application development.

GNU Linux-Libre is a free (as in freedom) variant of the Linux kernel. It has been modified to remove all non-free binary blobs.

LVM2 is the logical volume management tool set for Linux-based systems. This package includes the user-space libraries and tools, including the device mapper. Kernel components are part of Linux-libre.

This simple daemon feeds entropy from the CPU Jitter RNG core to the kernel Linux's entropy estimator. This prevents the /dev/random device from blocking and should benefit users of the preferred /dev/urandom and getrandom() interfaces too.

The CPU Jitter RNG itself is part of the kernel and claims to provide good entropy by collecting and magnifying differences in CPU execution time as measured by the high-resolution timer built into modern CPUs. It requires no additional hardware or external entropy source.

The random bit stream generated by jitterentropy-rngd is not processed by a cryptographically secure whitening function. Nonetheless, its authors believe it to be a suitable source of cryptographically secure key material or other cryptographically sensitive data.

If you agree with them, start this daemon as early as possible to provide properly seeded random numbers to services like SSH or those using TLS during early boot when entropy may be low, especially in virtualised environments.