NAME¶
bilibop - run Debian GNU/Linux from an external media
DESCRIPTION¶
A lot of GNU/Linux distributions - at least the most popular of them - provide
freely downloadable
.iso or
.img disk images that can be copied
on a USB memory stick (sometimes with just
cat(1) or
dd(1),
sometimes in a more complicated way) and immediatly usable 'as is'.
But such operating systems are not designed to be modified; they are read-only,
and even when they provide a 'persistent' feature, it is limited.
Additionally, they are currently unmaintainable, in the sense that rebuild the
complete image of the root filesystem is the only way to update the system or
modify its settings in depth. This is often a hard or heavy task that cannot
be done from the system itself: this needs a dedicated work space, outside of
the running system, and this often needs another operating system to replace
the disk image by the new one; and some of these tasks can be done only by
experienced users. Others have to wait for the next release, if it comes a
day.
Bilibop stands for '
Bilibop
Is
Live
Install
Boot
On
Pendrive'. This recursive acronym is now
obsolete, but the name has been kept. The
bilibop project is born as an
alternative to the
LiveUSB systems.
By performing a standard installation of Debian directly on a removable media
— currently a USB key or an external HDD — it is possible to use
it as a LiveUSB system, with the big difference that it behaves like any
installed Debian OS: it can be maintained, modified, updated, or even broken
by the root user at any time. In fact, without specific settings, it can be
broken by an unprivileged user at any time; but this is also the case of
LiveUSB systems.
So,
bilibop is a collection of scripts using or used by other programs
(
initramfs-tools(7),
udev(7),
aufs(5), or
GRUB2)
to help admins to maintain a
Debian GNU/Linux operating system
installed on a removable and writable media, even if some of these scripts may
also be used in other contexts. One of its main goals is to fix security
issues or harden standard rules and policies, to make the system more robust
in this particular situation. Instead of yet another new, living fast and
dying young, Debian based distribution, bilibop has been designed as a set of
few debian packages.
bilibop-lockfs may also be installed on a laptop
or on a public computer as an alternative to
fsprotect or
overlayroot, and
bilibop-udev (or
bilibop-rules)
should also be installed on a LiveUSB.
BILIBOP PACKAGES¶
- bilibop
- This is a meta package, depending on several other binary packages from
the same bilibop source package.
- bilibop-common
- It mainly provides shell functions and documentation. See
README.Debian in the documentation of the package for details about
these functions. It also includes the drivemap(1) command.
- bilibop-rules
- This package provides udev rules and helper scripts. Its main purpose is
to fix the external drive hosting the running system, and all its
partitions, as owned by the 'disk' group instead of
'floppy', as done by the common udev rules applied to removable
media. This is a workaround of the bug #645466. The udev rules
provided by this package work even when the root filesystem is on a
LUKS device, a LVM Logical Volume, a loop device or
is an aufs(5) mountpoint. bilibop-rules also includes the
lsbilibop(8) command, and some helper scripts in
/usr/share/bilibop, that can be executed manually or with
'dpkg-reconfigure bilibop-rules'. See README.Debian
in the documentation of the package for details.
- bilibop-udev
- This package is a kind of subset of bilibop-rules, and is more
suited for LiveUSB systems. It just makes that the drive hosting the
running system, and all its partitions, belong to the 'disk' group
instead of 'floppy'. Its udev rules also create a symlink
(/dev/bilibop) pointing to the drive name. See
README.Debian in the documentation of the package for details.
- bilibop-lockfs
- By using an initramfs script and a mount(8) helper script,
filesystems are mounted as readonly branches of aufs(5), the
corresponding writable branches being on temporary filesystems.
Additionally, block devices are set readonly too, avoiding low-level write
access on them, even by root. All this makes the operating system
unbreakable, unless with a hammer. See README.Debian in the
documentation of the package for details.
INSTALLATION¶
Debian can be installed on a removable drive as it is on an internal one,
except:
- •
- It is highly recommended to install a full encrypted system. Otherwise,
what can happen if the USB stick or the external HDD has been lost or
forgotten somewhere, or even thieft ? Unfortunately (but there are evident
security reasons), this can not be fully preseeded.
- •
- Due to write-cycles limits on flash memory, it is not recommended to use a
swap area on them: this can dramatically decrease the lifetime of the
drive.
- •
- Even if the amd64 is now the most common architecture on modern
Personal Computers, installation of a x86 system will
make it more versatile and work both on amd64 and i386 architectures (and
even on ia32, but this needs at least a specific partition scheme).
- •
- Take care, near the end of the installation, that the bootloader will be
installed on the MBR of the drive where the system has been freshly
installed: choosing the default 'install on MBR' will install it on the
Master Boot Record of the first disk !
- •
- Taking previous recommendations into account, choose 'Expert
Install' or 'Expert Graphical Install' in the
installer boot menu. if you have to install Debian on several devices,
don't perform an automated installation via the 'Auto
Install' option in the installer boot menu. If you really need to
automate this process to win time, use a preseed file instead.
SETTINGS AND CONFIGURATION¶
The main advantage of a standard installation over a Live system is that the
installed one can exactly answer your needs: if the needs change, the system
can be easily modified. It can be installed and configured to be used as/for:
• daily usage (this is my case)
• router and/or firewall for a LAN
• ftp and/or http server (this is my case)
• forensics and rescue system (this is may case)
• embedded Debian repository (this is my case)
• testing system
• educational purposes
• others
Because an operating system running from an external device is generally used on
different computers, with potentially different keyboards, architectures,
monitors, and so on, it could need some special settings to be as versatile as
possible. Maybe the field is too large to be covered into a single manual
page: see
/usr/share/doc/bilibop-common/misc/* for some tips and
tricks, details and suggestions about possible settings.
FILES¶
/usr/share/bilibop-common/README.Debian
/usr/share/bilibop-common/examples/bilibop.conf
/usr/share/bilibop-common/misc/*
/usr/share/bilibop-lockfs/README.Debian
/usr/share/bilibop-lockfs/examples/bilibop.conf
/usr/share/bilibop-rules/README.Debian
/usr/share/bilibop-rules/examples/bilibop.conf
SEE ALSO¶
bilibop.conf(5),
drivemap(1),
lsbilibop(8)
AUTHOR¶
This manual page has been written by Bilibop Project
<quidame@poivron.org>.