Thu 02 of Sep, 2010 [15:28 UTC]  
Menu
 Home
 Contact us
 Stats
[-] Wiki [+]
 Wiki Home
 Last Changes
 Dump
 Rankings
 List pages
 Orphan pages
 Sandbox
 Print
[-] Articles [+]
 Articles home
 List articles
 Rankings
 Submit article
 View submissions
[-] File Galleries [+]
 List galleries
 Rankings
[-] FAQs [+]
 List FAQs

USBFlashMedia

Howto install Debian GNU/Linux onto USB Flash Media
 edit print PDF
Português Brasileiro

Howto install Debian GNU/Linux onto USB Flash Media

With everything but /boot encrypted

Author(s): Dave Vehrs - davev(at)ezrs.com

Index:


Background


This is a simple procedure for installing Debian GNU/Linux onto a USB key flash media. It includes several configuration changes but tries to stay as close to a default debian install as possible.

This was tested on Debian Sid and Knoppix 3.8 with the USB Keys listed below.

Tested Media:
  1. Transcend Jetflash 256MB ( only the base debootstrap install plus a few select packages ).
  2. Apacer Handy Steno HT203 1GB ( very fast, recommended ).
Other reviews of USB Flash media:
  1. ArsTechnica USB 2.0 Hi-Speed Flash Drive Roundup
  2. Arctic Armor
  3. Logo Design which can be classified as a high power USB port
  4. ArsTechnica Son of USB 2.0 Hi-Speed Flash Drive Roundup
  5. college admission essay
  6. equity release uk

Note on Devices: All device names and mappings are as they were detected and I used them on my system. You will need to substitute the correct device as it is detected on your system.

KNOPPIX NOTE: When you see these notes, there are special steps necessary for installing from Knoppix.

Installation Procedure


1. Shred the drive

shred -n 1 -z -v /dev/sdd

(One pass to shred, one pass to zero)

2. Create Partitions

We will create two partitions on the USB key, one for /boot and one for / (root). We do not create a swap partition because that would prematurely age the usb key. You may mount and use swap partitions from the local harddrives ala knoppix but that is up to you.

parted /dev/sdd "mklabel msdos mkpart primary 0 14 mkpart primary 15 -0"

3. Shred rootfs

shred -n 1 -v /dev/sdd2

(zero'd filesystems are bad for encrypted ones.)

4. Load modules if necessary

modprobe dm-crypt
modprobe aes

KNOPPIX NOTE: We need to install a few packages.
apt-get update
apt-get install cryptsetup dmsetup libdevmapper1.01

5. Created mapped crypt device for root

cryptsetup -y create rootfs /dev/sdd2

6. Format filesystems:

Since we can't use journaling filesystems on flash media (premature aging again), we fall back to good old ext2.

mkfs.ext2 /dev/mapper/rootfs
mkfs.ext2 /dev/sdd1
sync ; sync

7. Apply disk labels

We do this so that we can identify our drive when we boot on various systems. Using a strict device mapping often breaks if other usb or flash devices are detected before ours.

You may use any label that you like, but you will have to remember to update the initrd (file: /sbin/init)

e2label /dev/sdd1 PRIVDEB_BOOT

8. Make temporary mount points and mount

mkdir /mnt/buildroot/
mount /dev/mapper/rootfs /mnt/buildroot
mkdir /mnt/buildroot/boot
mount /dev/sdd1 /mnt/buildroot/boot

9. Install base files.

debootstrap --arch i386 sid /mnt/buildroot

Note: Installed size is about 160MB at this stage.

KNOPPIX NOTE: We need to copy a few extra devices over.
cp -ap /dev/ub[a-f]* /mnt/buildroot/dev/

10. Enter chroot jail to work on system.

chroot /mnt/buildroot/ /bin/su -

11. Build fstab and mount everything.

Create /etc/fstab file
#/etc/fstab: static file system information.
#<file system>     <mount>       <type>   <options>                 <dump><pass>
LABEL=PRIVDEB_BOOT  /boot          ext2    defaults,noatime                   0 2
/dev/mapper/rootfs  /              ext2    defaults,errors=remount-ro,noatime 0 1
proc                /proc          proc    defaults                           0 0
tmpfs               /etc/network/run tmpfs defaults,noatime                   0 0
tmpfs               /tmp           tmpfs   defaults,noatime                   0 0
tmpfs               /var/lock      tmpfs   defaults,noatime                   0 0
tmpfs               /var/log       tmpfs   defaults,noatime                   0 0
tmpfs               /var/run       tmpfs   defaults,noatime                   0 0
tmpfs               /var/tmp       tmpfs   defaults,noatime                   0 0
tmpfs               /home/<user>/Scratch tmpfs defaults,noatime               0 0

#Warning:  By mounting /var/log on tmpfs, logs will only be available for the current session.

Mount it all
mount -a

12. Build sources.list

Create /etc/apt/sources.list
deb http://mirrors.kernel.org/debian/ sid main non-free contrib
deb-src http://mirrors.kernel.org/debian/ sid main non-free contrib

deb http://ftp.uk.debian.org/debian-non-US/ sid non-US/main non-US/non-free non-US/contrib
deb-src http://ftp.uk.debian.org/debian-non-US/ sid non-US/main non-US/non-free non-US/contrib

# If you are using debian stable (woody) include the security updates.
# deb http://security.debian.org/ sid/updates main non-free contrib

Note: You can install and use apt-spy to test for the fastest downloading mirrors in your area.

13. System adjustments

blkid.tab: this file is cached as drives are scanned. Since the scan only takes a few seconds, you dont lose much by not caching or setting the default cache to /dev/null. This file generates an error on boot if the cache file has different device mappings than are currently detected. logo designBy removing the cache and forcing a fresh scan every time, the error is eliminated.
rm -f /etc/blkid.tab*
ln -s /dev/null /etc/blkid.tab

mtab: This file is written a lot and may prematurely age parts of the flash media and the information can simply be accessed from /proc directly.
rm -f /etc/mtab
ln -s /proc/mounts /etc/mtab

Set Hostname
vi /etc/hostname

Set /etc/hosts with localhost + hostname
vim /etc/hosts
127.0.0.1 localhost.localdoman localhost <hostname>

14. Install additional required packages

apt-get update
apt-get install cryptsetup dmsetup libdevmapper1.01
apt-get install discover1 libdiscover1
apt-get install module-init-tools equivs cramfsprogs
apt-get clean

15. Install custom mkinitrd script and equiv package

Download the custom mkinitrd file from the attachments to this page or view it at USBFlashMkInitrd.

mv mkinitrd.dmcrypt-usb /usr/local/sbin
chown root.root /usr/local/sbin/mkinitrd.dmcrypt-usb
chmod 750 /usr/local/sbin/mkinitrd.dmcrypt-usb
ln -s /usr/local/sbin/mkinitrd.dmcrypt-usb /usr/sbin/mkinitrd

Next we need to install an equivs package to let the package system know that we installed this ourselves and not to install initrd-tools

cd /tmp
equivs-control initrd-tools

Edit the generated template so that it looks like:

Section: misc
Priority: optional
Standards-Version: <version from template>
     
Package: initrd-tools

Build equivs package

equivs-build initrd-tools

Install the package

dpkg -i initrd-tools_1.0_all.deb

For more information about equivs, see the APT howto at: APT-Howto: Equivs

16. Remove unwanted locales

Be very careful configuring and running localepurge. It is very easy to delete too many locales.

apt-get install localepurge
localepurge
apt-get clean

For more information about localepurge, see the APT howto at: APT-Howto: localepurge

17. Install kernel

WARNING: Kernels prior to 2.6.10 had a bug in the dm_crypt modules that potentially could reveal data. Only use 2.6.10 or better.

apt-get install kernel-image-2.6.11-1-686
apt-get clean

Note: Install size is approximately 184MB now.

If you want to install a kernel built from source you can. After you install it, run /sbin/mkinitrd <kernel-version> to build the /boot/initrd file.

When you run /sbin/mkinitrd, it may print several FATAL errors regarding modules that it cannot find. If you built these modules into the kernel then you can ignore the error messages. If you omitted the modules, this is your warning to go build them as modules or into the kernel.

Required modules: dm_crypt, aes, ide_core, scsi_mod, sd_mod, ehci-hcd, ohci-hcd, uhci-hcd, sl811-hcd, usb-storage, usb-hid, dm_mod, cramfs

18. Install optional packages

apt-get install vim irsii-text mutt fetchmail antiword screen
apt-get install exuberant-ctags less procmail
apt-get install python2.3 python2.3-pexpect python2.3-fuse
apt-get install xserver-common xserver-xfree86 xbase-clients xfree86-common
apt-get install ion3 -or- blackbox -or- fluxbox -or- icewm
apt-get install xterm
apt-get install memtest86+

Note: All this is approximately 300mb installed (with dependencies).

19. Install grub

apt-get install grub
grub-install /dev/sdd
mkdir /boot/grub
grub
root (hd1,0)
setup (hd1)
quit

Create /boot/grub/menu.lst file
# default num
default         0

# timeout sec
timeout         5

# pretty colours
color green/black black/green

title   Debian GNU/Linux-2.6.11-1-686
root    (hd0,0)
kernel  /vmlinuz-2.6.11-1-686 root=/dev/ram0 init=/sbin/init vga=794
initrd  /initrd.img-2.6.11-1-686
savedefault
boot

title   Debian GNU/Linux-2.6.11-1-686 (Rescue/Single)
root    (hd0,0)
kernel  /vmlinuz-2.6.11-1-686 root=/dev/ram0 init=/sbin/init single
initrd  /initrd.img-2.6.11-1-686
boot
        
title   Memtest86+
root    (hd0,0)
kernel  /memtest86+.bin
boot

20. Add User accounts

Either:

Copy an existing /etc/group, /etc/passwd, and /etc/shadow file over from another system (this has to be done from outside the chroot directory).

Or:

Add users locally.

1. set root password
passwd root

2. add local user
useradd <name>
passwd <name>

3. repeat step 2 as necessary

21. Exit Jail

umount -a
umount /proc
exit

22. Unmount and remove crypt mapping

cd
umount /mnt/buildroot/
cryptsetup remove rootfs

23. Reboot to test media

Reboot Naked Chat Nude Chat Webcam Chat Online Chat Live Chat

MOUNTING ON ANOTHER LINUX SYSTEM


1. Make sure required modules are loaded.

modprobe dm_crypt
modprobe aes-i586
modprobe usb-storage

2. Insert USB key into port

3. Create device mapping and mount

cryptsetup create rootfs /dev/sdd2
mount /dev/mapper/rootfs /mnt/buildroot


Other resources:

1. Howto install a Debian GNU/Linux system onto a USB flash thumb drive with the root partition encrypted (using Yaird & DM-Crypt)
2. Howto Install a Debian GNU/Linux system onto a USB flash thumb drive
3. Linux distributions, focus on a 1gb flashdrive, not on a CD ISO - an part of a collection of crazy ideas, inventions, and links from Brad Templeton


Disclaimer

Any and all errors in this file are intentional and were put there to make you think.

Thats my story and i'm stickin to it.

Created by: DaveV last modification: Thursday 05 of August, 2010 [12:41:45 UTC] by Anonymous

edit
rename
history
similar
undo
slides
1 comment
1 file attached
translation
List of attached files
  name desc uploaded size >
1 : 6 icon mkinitrd.dmcrypt-usb Custom mkinitrd Fri 20 of May, 2005 [00:20 UTC] by DaveV 9.87 Kb 781

Posted messages

Top Hide all
author message
Hannah21
Re
on: Sat 19 of Dec, 2009 [11:17 UTC] score: 0.00
The dissertation service will provide people with the model dissertation but the supreme research about this good topic scholars would find on this page only.


Page: 1/1
1