The mempo-deb is a subproject of Mempo that has goal of bringing fast fixes and patches into Debian in topic of security and privacy.

The work is part of Debian community and FOSS development.

Patches/fixes will be easy to apply quickly:


All the source (2 packages fixes, as of 2014-03) are on github, git clone

Other architecture

Building for other architectures then the host, is done using #virtualized. Tested (as of 2014-03) on i386 for gnupg package, works fine.


There are several possible tools to build in "virtualized" environment (chroot, VM, LXC, and so on).

Currently we prefer: debootstrap (and soon we want to switch e.g. to pbuilder).


Used now as easy quick fix to e.g. support i386. We create build env and then chroot into it, and there use the normal method of building (e.g. even the simple type scripts will work).

This will create i386 env:

# as root (on host, outside chroot):

# create user "build", and his subdir /home/build/chroot
export http_proxy="http://proxy.l:3128/" # use your proxy - or use "" or skip this line

If you have /home mounted with option ''nodev'', remount it:
mount /home/ -o remount,dev
debootstrap --arch i386 wheezy /home/build/chroot
chroot /home/build/chroot

# now as the root in guest:
# re-create same user "build" with same UID and GID as it had on host

echo "Enter the UID (user) of the user build (as seen on host os). To find out, use command: id build - on the host"
read uid
echo "Enter the GID (group) of the user build (as seen on host os). To find out, use command: id build - on the host"
read gid

addgroup --gid $gid build  
adduser  --uid $uid --gid $gid build --disabled-password

# install general tools:

aptitude install mc vim gcc make cmake build-essential git faketime subversion

# done - now follow instruction for given package
# as root (here in chroot) install the package's dependencies
# su build - and then you are user build, but in chroot, e.g. you are in i386 environment

#Install all dependencies for package:
Add sources repository in /etc/apt/sources.list:
deb-src wheezy main

apt-get update
apt-get build-dep <package>


TODO: we need to use faketime for most packages, and set some env var for others too (like SameKernel). Idea: use hooks.

And create first our source-package with our patches applied.


In security&privacy project Mempo we assume you should always be vigilant, and it is wise to even verify this software (mempo-deb).

There are 2 ways for this.

Chain of trust for build-from-source:

Chain of trust for install-from-unofficial-deb:



We take and build

We used to patch it even more, however later it was not needed.

Needed for SameKernel and other ReproducibleBuilds.

libpoco (rename to libpoco?)

libpoco-dev 1.3.6p1-4+mempo1.2

Fixed poco library against the lib pcre related bug

Program FMS_application was not working (hang/slowdown - sometimes) 671477


Improve GnuPG with more paranoid options: extend max keylength x4, use stronger entropy (read eg twice as much entropy).

Work in progress (2013-12-13)

Pack with script that automatically builds gnupg (reproducible way) with longer key generation support:

Changes were necessary only in key-generator. Gnupg fully supports keys to 16k bits (tested).

We've been inspired by this post:

hardened kernel

Reproducible and hardened kernel - see SameKernel