Menu

Disklessian fast track

Dirk Krause
← Previous ↑ Home ↑ Live Systems → Next

Disklessian fast track

The fast track to your own Disklessian.

Create VM or container

On your computer — referred to as “the virtualization host“ below — create a virtual machine or a container.

32 GiB disk space
Assign at least 32 GiB disk space to the virtual machine.
Formerly I recommended 48 GiB to build a customized kernel. This is no longer necessary.

Memory: 8 GiB or more
In former versions I recommended at least 4 GiB, but Debian 13 uses a tmpfs filesystem for the /tmp directory.

Debian GNU/Linux base system + ssh server
Install Debian @DEBIANVERSNO@ (@DEBIANVCODE@).
In the software selection dialog disable any options for a graphical desktop and enable the option to install the SSH server.

Unprivileged user and root user
During installation you have to specify full name and user name of an unprivileged user. A password is required too. I recommend to leave the users shell at the default value.
Another password is required for the root user.

Boot
At the end of the installation process you can boot the VM into the Debian system just installed.

Repository branches

All branches
If the live systems to build use WiFi or Bluetooth there is a good likelihood to need binary firmware files at boot time.
For licensing reasons some firmware packages can not be distributed together with a Linux kernel on same media, so they are in the contrib or non-free repository branches which are not enabled by default.
We have to enable access to these repository branches manually.

As root in the virtual machine edit the /etc/apt/sources.list file. In all non-comment lines replace “ main” by “ main non-free-firmware contrib non-free”. So a typical example line

deb http://deb.debian.org/debian/ @DEBIANVCODE@ main non-free-firmware

must be changed to:

deb http://deb.debian.org/debian/ @DEBIANVCODE@ main non-free-firmware contrib non-free

If your machine does not contain the /etc/apt/sources.list but a *.sources
file instead, do appropriate changes in the “Components:” lines.

Update and upgrades
Updates and upgrades may be available for some packages.
As root in the virtual machine run:

apt-get update && apt-get -y dist-upgrade

If any packages were installed or updated, reboot the virtual machine:

shutdown -r now

Additional packages

As root in the virtual machine run:

apt-get -y install net-tools sudo rsync gpg nfs-client

Allow sudo

As root in the virtual machine create a /etc/sudoers.d/user file containing a line

user    ALL=(ALL)       NOPASSWD: ALL

Replace “user” by the name of the unprivileged user.

Download and unpack dklivesys

Downloads directory
As unprivileged user in the virtual machine run:

cd
if [ ! -d Downloads ]
then
    mkdir Downloads
    chmod 755 Downloads
fi

Download sources
Download the dklivesys-@DEBIANVCODE@-1.0.23.tar.gz archive into the Downloads directory.
The downloads are available from the DK tools project page at SourceForge. In the “Files” area change into the “dklivesys” directory. From the subdirectory indicating the most recent version retrieve the dklivesys-debianversion-version.tar.gz archive.

Unpack sources
Unpack the source archive:

cd ~/Downloads
tar xzf dklivesys-@DEBIANVCODE@-1.0.23.tar.gz

Replace “1.0.23” by the version number of your downloaded file if necessary.

You can now either install the software into a subdirectory below /usr/local or build packages to install.

Installation to /usr/local/dklivesys-1.0.23 allows you to modify the dklivesys scripts if necessary. So this installation is recommended for those planning to contribute to the project. Probably some extra action is required to have the man pages available.

Installation
As root in the virtual machine run

mkdir -p /usr/local/dklivesys-1.0.23
cd ~user/Downloads/dklivesys-1.0.23
sbin/dklivesys-pkg-common
./configure --prefix=/usr/local/dklivesys-1.0.23
make
make install

Set PATH
As root in the virtual machine create or modify the /etc/profile.d/dklivesys.sh file:

:
DKLIVESYSVERS="1.0.23"
if [ -d /usr/local/dklivesys-${DKLIVESYSVERS}/sbin -a "X"`id -u` = "X0" ]
then
  export PATH="/usr/local/dklivesys-${DKLIVESYSVERS}/sbin:${PATH}"
fi

Make sure all users have read permission to the file

chmod 644 /etc/profile.d/dklivesys.sh

Finally log off and back on in the virtual machine as root and check the PATH.
For root, PATH should contain the /usr/local/dlivesys-1.0.23/sbin directory now.

Install packages required by dklivesys

As root in the virtual machine run

dklivesys-pkg-common

Create configuration directory

As unprivileged user in the virtual machine create a config-test1 directory in your home directory.

cd
if [ ! -d config-test1 ]
then
    mkdir -p ~/config-test1
    chmod 755 ~/config-test1
else
    echo 'E: Directory config-test1 already exists!'
fi

Create build directory

As unprivileged user in the virtual machine create the livesys1 directory in your home directory.
Create the “custom” subdirectory as symbolic link to the directory created above.

cd
if [ ! -d livesys1 ]
then
    mkdir -p livesys1
    chmod 755 livesys1
else
    echo 'E: Directory livesys1 already exists!'
fi

cd
cd livesys1
ln -s /home/user/config-test1 custom

Replace /home/user by the unprivileged users home directory.
Important: Use an absolute path name.

Create dklivesys.conf configuration file

Edit the custom/dklivesys.conf file:

DESKTOP=gnome
PUBLISHER=Joe Exampleman
BOOKMARKURLS=One Bank|https://www.one-bank.com/|Other Bank|https://www.other-bank.com/
ALLOWNONFREE=yes

Replace “Joe Exampleman” by your name.

In the BOOKMARKURLS line you see two banking websites. For each of them the bank name and an URL is specified, separated by “|”. You probably want to customize this line.

Build Disklessian

As root in the virtual machine change into the unprivileged users livesys1 directory and start the build process.

cd ~user/livesys1
dklivesys-build-livesys disklessian

The build results in a live-image-amd64.hybrid.iso file in the livesys subdirectory.

Transfer ISO file to virtualization host

As root on the virtualization host run:

cd
[ -d Downloads ] || mkdir Downloads
cd Downloads
scp root@vm:/home/user/livesys1/livesys/live-image-amd64.hybrid.iso .

Optional: Test live system in a VM

Provide ISO as USB stick, not as CD/DVD to the VM
In Disklessian access to disks is disabled by blacklisting and removing (S)ATA and NVME kernel modules.
To test Disklessian in a virtual machine, provide the boot image as USB drive.

Instead of

qemu-system-x86_64 ... -cdrom "${ISO}"

use

qemu-system-x86_64 ... -device usb-ehci,id=ehci -drive if=none,id=usbstick,format=raw,file="${ISO}" -device usb-storage,bus=ehci.0,drive=usbstick

Create network bridge
Prepare a network bridge (i.e. virbr0) manually and create a line in /etc/qemu/bridge.conf to allow the use of the bridge:

allow virbr0

Example script
The qemu-system-x86_64 command requires a lot of arguments. So I recommend to use a script to start the VM.

#! /bin/sh
ISO=/home/joe/Downloads/disklessian-@DEBIANVCODE@-testing-20230916-2254.iso

qemu-system-x86_64 -m 12288 -machine accel=kvm -cpu host -netdev bridge,br=virbr0,id=net0 -device virtio-net-pci,netdev=net0 -bios /usr/share/qemu/OVMF.fd -smp 4 -vga qxl -device usb-ehci,id=ehci -drive if=none,id=usbstick,format=raw,file="${ISO}" -device usb-storage,bus=ehci.0,drive=usbstick

Package to install live system on USB thumb

As root on the virtualization host run:

apt-get install core-utils udisks2

Install live system on USB thumb

WARNING: All data on the USB thumb will be lost!
Make sure there is no valuable data on the USB device.

Attach device
Attach the USB drive to the computer.

Device name
To find the device name, run

dmesg | tail -20

Example output like

[ 2062.580073] usb 7-1: new high-speed USB device number 5 using ehci-pci
[ 2062.713572] usb 7-1: New USB device found, idVendor=..., idProduct=...
[ 2062.713583] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2062.713590] usb 7-1: Product: ...
[ 2062.713596] usb 7-1: Manufacturer: ...
[ 2062.713601] usb 7-1: SerialNumber: ...
[ 2062.714565] usb-storage 7-1:1.0: USB Mass Storage device detected
[ 2062.715340] scsi7 : usb-storage 7-1:1.0
[ 2063.712971] scsi 7:0:0:0: Direct-Access                               0.00 PQ: 0 ANSI: 2
[ 2063.715009] sd 7:0:0:0: [sdb] 3947079 512-byte logical blocks: (2.02 GB/1.88 GiB)
[ 2063.715203] sd 7:0:0:0: Attached scsi generic sg2 type 0
[ 2063.715669] sd 7:0:0:0: [sdb] Write Protect is off
[ 2063.715678] sd 7:0:0:0: [sdb] Mode Sense: 00 00 00 00
[ 2063.718324] sd 7:0:0:0: [sdb] Asking for cache data failed
[ 2063.718335] sd 7:0:0:0: [sdb] Assuming drive cache: write through
[ 2063.864189]  sdb: sdb1
[ 2063.868175] sd 7:0:0:0: [sdb] Attached SCSI removable disk

indicates the name /dev/sdb for the device.
In the commands below, correct /dev/sdb to the device name for your device.

Unmount file systems
We have to make sure none of the file systems on /dev/sdb is currently mounted.
Run

mount | grep /dev/sdb

to check for mounted partitions.
For any mounted partition (/dev/sdb1 in the example) run:

umount /dev/sdb1

Install ISO
Run:

dd if=live-image-amd64.hybrid.iso of=/dev/sdb bs=1M conv=fdatasync

to write the ISO file to USB device.
When using a NAND FLASH device (i.e. USB thumb) the block size (bs option) must be a power-of-2 multiple of the devices erase block size. 1M (one mibibyte) should be sufficient for USB thumbs today (july 2023), may be larger sizes will be necessary later.
Wait until the activity LED on the device (if any) stops blinking.
Run

sync
sleep 5
sync

to ensure data is saved.
Wait until the activity LED on the device (if any) stops blinking again and the prompt appears.
Now run

udisksctl power-off --block-device /dev/sdb

to turn power off for the device.

Detach device
Now you can detach the USB device.

Write protection
Now you can enable hardware write protection (if any) for your USB device.

← Previous ↑ Home ↑ Live Systems → Next

Related

Wiki: Live Systems

MongoDB Logo MongoDB