Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Release Notes

InterGenOS is built from source, on purpose, so that you run a machine you understand, can modify, and can trust. These release notes record what each version actually ships, so you can verify the system in front of you against a written record.

How release notes are structured

Each released version gets one section, organized the same way every time:

  • Highlights — the headline changes that define the release.
  • New components — packages, tools, and subsystems added since the previous version.
  • Breaking changes — anything that changes existing behavior, on-disk layout, signing trust, or upgrade path. Read this section before you upgrade.
  • Other — fixes, documentation, security hardening, and smaller changes that don’t fit the categories above.

InterGenOS follows Semantic Versioning once v1.0 ships. Until then, development tracks as an unreleased line against the master branch, and the items staged there ship together at the v1.0 tag.

Current version: 1.0-dev

The current development build identifies as v1.0-dev1. It is pre-release: the structure below describes what the build produces today. Final per-tier package counts, the canonical signing-key fingerprint, and the live mirror URL are fixed at the v1.0 tag, not before.

What the build produces

InterGenOS is assembled by a 20-phase from-source pipeline. The phases run in order:

validateverify-sourcessetuptoolchainchroot-prepchroot-toolscoreconfigcore-extrabasekerneldesktopaiextrabootloaderimagemanifestsquashfsukis-verityiso

A publish step to the binary mirror is optional and runs only on a complete, signed build.

Packages

Packages are organized into six tiers: toolchain, core, base, desktop, extra, and ai. As of June 2026 the development line carries roughly 857 packages across those tiers (toolchain ~28, core ~272, base ~23, desktop ~420, extra ~112, ai ~2). These counts are derived live from the package set and drift as the build evolves; treat them as a snapshot, not a fixed figure. The final per-tier numbers are recorded here at the v1.0 release.

What ships today

  • Desktop: GNOME 49 on Wayland.
  • Package manager: pkm, the InterGenOS package manager.
  • Installer: Forge, the native InterGenOS installer. See the Forge guide.
  • Trusted boot: a signed Secure Boot chain, dm-verity integrity over the read-only system image, and Unified Kernel Image (UKI) signing.
  • InterGen: a tiered, hardware-detected, offline-first local assistant built on Qwen models. It runs on the machine, with zero telemetry, and selects a model tier based on detected hardware.
  • InterGen Sentinel: a pluggable security scanner. The default configuration uses Local-Rules and a Local-Qwen model, fully on-device. Six cloud providers are available strictly opt-in: Claude (Anthropic), Gemini (Google), Copilot (Microsoft), ChatGPT (OpenAI), Grok (xAI), and DeepSeek. Routing a scan to a cloud provider is the “Phone-A-Friend” (Frontier/Cloud Escalation) path, and it never engages unless you choose it.

Planned, not yet shipped

The following are on the roadmap and are not part of the current build. They will appear in release notes only once they ship:

  • A KDE/Plasma (Qt6) desktop option and switchable desktops.
  • Curated application campaigns covering tools such as Kdenlive, OBS, Krita, Blender, FreeCAD, GnuCash, and Boxes.

Work remaining before the v1.0 tag

Tracked items still open ahead of the first tagged release:

  • Forge Secure Boot validation on the first bare-metal hardware target.
  • Microsoft shim-review submission.
  • pkm packaged as a system tool installable on a fresh target.
  • Source mirror completion, including the tarball upload path and an upstream version poller.
  • Live ISO infrastructure: custom initramfs, squashfs builder, and boot menu.
  • The Forge GUI frontend (GTK4 + libadwaita).
  • InterGen Tier 1 integration (intergen-console and intergen-daemon).
  • InterGen Sentinel scanning with the Local-Rules and Local-Qwen defaults.

Security and supply chain

The development line removed PyPI from the build path for the maturin and python-cryptography packages in response to a 2026 PyPI supply-chain attack window. Both now build from upstream source tarballs through a reproducible cargo-vendor pipeline. Vendored Rust crate archives were standardized on the POSIX pax format to eliminate a class of path-length failures.

When v1.0 ships

The 1.0.0 entry is finalized when v1.0 ships. It will record the complete from-source build chain, the first signed publish to the binary mirror, the signed Secure Boot chain (shim, boot loader, UKI, dm-verity), the local AI assistant (InterGen and InterGen Sentinel), the GNOME 49 Wayland desktop, and the Forge installer flow that the image ships.

Earlier history

Pre-2026 builds from 2015–2016 are archived under the InterGenOS GitHub organization. They are not covered by these release notes. The 2026 work is a from-scratch rewrite and shares no code with the original builds.

See also