Posted by inputs_marmalade on Fri 6 Mar 2009 at 09:27
Handling mostly old or problematic hardware and not always having a stable internet connection, I have been struggling to find a live-cd/usb-key system which is slim, easy and fast to customize, fully encryptable and includes the debian network installer.
The great work of the Debian Live team provided me finally with a suitable solution. Debian Live is easily customizable, it shortens the time needed to create an up-to-date version of your own live-system after each customization, it is 100% pure debian, has the possibility to integrate the latest debian-netinstall image and is fully encryptable by default.
Loop-AES encrypted, standard Debian Live in four moves
I reserve about 3 GB disk space for the Debian Live image creation.
1. Install the live helper package
root@host:~# apt-get install live-helper
2. Make a dedicated directory and enter in it
root@host:~# mkdir DebianLive root@host:~# cd DebianLive
3. Prepare the configuration of the live system
root@host:~/DebianLive# lh_config -b usb-hdd -d lenny -e aes256
4. Create the image
root@host:~/DebianLive# lh_build
This takes quite long, and, if nothing fails, will prompt twice for the encryption password.
The result will be a file called binary.img which you can then copy to a usb-key with dd (remember: dd will erase all data on the whole key! Double-check wherever your usb-key is really in /dev/sda and if you have important data in it!)
root@host:~/DebianLive# dd if=binary.img of=/dev/sda bs=1M
Customization of Debian Live
The lh_config command has plenty of appendable options: man lh_config describes most of them. These options change the default configuration files created in the config/ directory by live-helper, where you could also manually edit the files. There are plenty of possibilities to intervene in the process, but here I will only introduce the most obvious ones.
The lh_config command will create a directory tree, where the some of the notable directories are:
./ |-- config | |-- (...) | |-- chroot_local-includes | |-- chroot_local-packages | |-- chroot_local-packageslists | |-- (...) `-- scripts
You can add in here whatever you want to find in your final live system image:
You can make your own or find pre-made lists in /usr/share/live-helper/lists/
You must then advice live-helper to include your own list: lh_config --packages-lists "my_package_list"
As an example, if you want to add your modified /etc/privoxy/config file, copy it to config/chroot_local-includes/etc/privoxy/config
Note: more experienced users will notice that adding a directory tree in config/chroot_local-includes/ is not a very orthodox way to deal with directories like /home/user/ (I am not mentioning here the significance of /etc/skel/), but in my own experience it meets my requirements.
If the lh_build command fails at some point, lh_clean will clear everything but the config/ and cache/ directories. Anyway, in my experience, most failures at this point are apt-get related. Remember that you will have to run the lh_clean command before creating in a new image a directory structure that has been already used!
About sensitive data
You can either include all your private files, configuration files and secret keys in your Debian Live image or, as I personally prefer, you could store sensitive data (like /home/user/.gnupg/, /home/user/verysecret.txt or even /home/user/.mozilla/firefox/) in a loop-AES (or, depending on the encryption software you prefer, you can always include it in your packages list) encrypted container on the second partition of your usb-key. Later, either adding it manually or writing a script, you can use that sensitive data in your live system:
- syncronize this data between your home computer and the container
- copy your fresh made Debian Live binary image to a usb-key
- copy the encrypted container to the second partition of the usb-key
once you later boot from usb:
- mount the container from within the live-system
- make symbolic links of your sensitive data to the live-system (changes will be stored in your container)
Anyway, if you don't care about encryption, live-helper has an automatic function to store all the changes made in a live-session thanks to the "persistence" option.
Further informations about "persistence" and many more topics of live-helper can be found at the Debian Live homepage, notably in the Debian Live manual and in the Debian Live wiki.
Last but not least, here a very short reminder of some useful lh_config options:
-d lenny # choose the debian distribution to use [lenny|squeeze|sid] -b usb-hdd # define the image type to build [iso|net|tar|usb-hdd] -e aes256 # encrypt the root filesystem with loop-AES [aes128|aes192|aes256] --mirror-bootstrap http://192.168.100.1:3142/ftp.de.debian.org/mirror/debian/ # use your own apt-proxy/mirror/cacher --mirror-chroot http://192.168.100.1:3142/ftp.de.debian.org/mirror/debian/ # use your own apt-proxy/mirror/cacher --mirror-chroot-security http://192.168.100.1:3142/security.debian.org/ # use your own apt-proxy/mirror/cacher --mirror-binary http://ftp.de.debian.org/mirror/debian/ # added to the live system's /etc/apt/sources.list --mirror-binary-security http://security.debian.org/ # added to the live system's /etc/apt/sources.list --debian-installer enabled # include the debian network installer in your image --debian-installer-distribution lenny # choose the debian installer distribution to use [lenny|squeeze|sid] --packages-lists "my_package_list" # install the packages listed in config/chroot_locale-packageslist/my_package_list --bootstrap-flavour minimal --packages-lists "minimal" # the minimal flavour image will be about 100MB
This article can be found online at the Debian Administration website at the following bookmarkable URL (along with associated comments):
This article is copyright 2009 inputs_marmalade - please ask for permission to republish or translate.