Debian on a USB stick

From sheep
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

The same principles can be used to create a minimal debian install without encryption.

This is similar in size yet more up to date than DSL.

http://feraga.com/project/deb2flash

note use --help for options - has single partition unencrypted, two partitions, one encrypted...

historic info - useful if feraga is down

Content from Feraga with some minor tweeks for testing - lenny 


apt-get install cryptsetup dmsetup parted debootstrap grub

sda1 unencrypted boot partion sda2 root filesystem

mkfs.ext2 /dev/sda1
tune2fs -c0 -i0 /dev/sda1 # optionally turn off filesystem checks

cryptsetup luksFormat /dev/sda2 Note YES in captials
cryptsetup luksOpen /dev/sda2 rootfs

mkfs.ext2 /dev/mapper/rootfs 
tune2fs -c0 -i0 /dev/mapper/rootfs # optionally turn off filesystem checks

mkdir /mnt/buildroot 
mount -t ext2 /dev/mapper/rootfs /mnt/buildroot 

mkdir /mnt/buildroot/boot 
mount /dev/sda1 /mnt/buildroot/boot

debootstrap --arch i386 lenny /mnt/buildroot

mount -o bind /dev/ /mnt/buildroot/dev 
mount -o bind /dev/pts /mnt/buildroot/dev/pts 
mount -o bind /sys /mnt/buildroot/sys

/lib/udev/vol_id -u /dev/sda1 
/lib/udev/vol_id -u /dev/sda2

chroot /mnt/buildroot /bin/su -l

Create /etc/fstab with the below: 

#/etc/fstab: static file system information.
#
/dev/mapper/rootfs  /          ext2    defaults,errors=remount-ro,noatime 0 1
UUID=<uuid for sda1> /boot ext2 defaults,noatime,ro  0 1
none            /proc          proc    defaults                           0 0
tmpfs           /tmp           tmpfs   defaults,noatime                   0 0
tmpfs           /var/lock      tmpfs   defaults,noatime                   0 0
tmpfs           /var/log       tmpfs   defaults,noatime                   0 0
tmpfs           /var/run       tmpfs   defaults,noatime                   0 0

/etc/apt/apt.conf.d/30remount_readwrite 

DPkg
{
    Pre-Invoke {
        "mount -o remount,rw /boot;" }
    Post-Invoke {
        "mount -o remount,ro /boot;" }
}

mount -a

Change flash to your hostname:

/etc/hosts

127.0.0.1 localhost.localdoman localhost flash

/etc/hostname

flash

/etc/apt/sources.list

deb http://ftp.debian.org/debian sid main non-free contrib

create script for log directory structure:

/etc/rcS.d/S37feraga-init.sh. 

#!/bin/sh

case "$1" in
    start)
        echo
        echo "Feraga"
        echo "-Recreating required subdirectories on /var/log (tmpfs)"

        # /var/log subdirectories.
        mkdir -p /var/log/fsck
        mkdir -p /var/log/ksymoops
        mkdir -p /var/log/news

        # Example for the mixmaster anonymous remailer
        if [ -f /usr/bin/mixmaster ] ; then
            mkdir -p /var/log/mixmaster
        fi

        # Example for the Tor proxy
        if [ -f /usr/sbin/tor ] ; then
            mkdir -p /var/log/tor
        fi

        # Example for Privoxy
        if [ -f /usr/sbin/privoxy ] ; then
            mkdir -p /var/log/privoxy
        fi

        # Apt archive subdirectories.
        mkdir -p /var/cache/apt/archives/partial

        echo "-done."
        echo
        ;;
    stop)
        echo "Feraga shutting down."
        # Add anything that needs to happen at shutdown here.
        echo
        ;;
    *)
        echo "Usage: cryptdisks {start|stop}"
        exit 1
        ;;
esac

apt-get update

apt-get install initramfs-tools
<pre>
usbcore
ehci-hcd
ohci-hcd
uhci-hcd
usbhid
ide-core
scsi_mod
usb-storage
mbcache
ext2
ide-cd
ide-disk
ide-generic
sd_mod

Configure /etc/initramfs-tools/initramfs.conf 

# initramfs.conf
# Configuration file for mkinitramfs(8). See initramfs.conf(5).
MODULES=most
BUSYBOX=y
BOOT=local
DEVICE=eth0
NFSROOT=auto

apt-get install cryptsetup dmsetup hashalot
cp /usr/share/initramfs-tools/hooks/cryptroot /etc/initramfs-tools/hooks/
cp /usr/share/initramfs-tools/scripts/local-top/cryptroot /etc/initramfs-tools/scripts/local-top/

/etc/crypttab: replace the <uuid for sda2> with your uuid 

# <target name> <source device> <key file> <options>
rootfs /dev/disk/by-uuid/<uuid for sda2> none luks


edit /etc/initramfs-tools/scripts/local-top/cryptroot to allow for USB detection. 

    modprobe -q dm_crypt  ## After this line add the following.

    # Add delay
    message "Sleeping for 5 seconds to allow USB detection."
    sleep 5
    message "Awake, attempting to mount encrypted partitions."

in chroot shell 

mount -o remount,rw /boot
apt-get install grub

Next from outside the chroot: 

grub-install --recheck --root-directory=/mnt/buildroot /dev/sda

/boot/grub/menu.lst and add this simplified configuration: 

# default num
default         0

# timeout sec
timeout         5

# pretty colours
color green/black black/green

### BEGIN AUTOMAGIC KERNELS LIST

## ## Start Default Options ##

# kopt=root=/dev/mapper/rootfs ro\n")
# groot=(hd0,0)
# alternative=true
# lockalternative=false
# defoptions=
# lockold=false
# howmany=all
# memtest86=true
# updatedefaultentry=false

## ## End Default Options ##

### END DEBIAN AUTOMAGIC KERNELS LIST

grub
root (hd1,0)
setup (hd1)
quit

rm -f /boot/grub/device.map

/etc/kernel-img.conf 

do_symlinks = yes
relative_links = yes
do_bootloader = no
do_bootfloppy = no
do_initrd = yes        ## <--- Verify this line
link_in_boot = yes
postinst_hook = /sbin/update-grub
postrm_hook   = /sbin/update-grub

apt-get install linux-image-686

apt-get remove linux-image-686

apt-get clean

passwd

umount -a


to update the scripts in initramfs:

update-initramfs -u

Retrieved from ‘https://luminoussheep.net/mediawiki/index.php?title=Debian_on_a_USB_stick&oldid=5