Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Mar 2012 17:28:57 +0400
From: gremlin@...mlin.ru
To: owl-users@...ts.openwall.com
Subject: Re: Customizing Owl to fit in a small sized USB Stick or CF

On 28-Mar-2012 08:48:04 +0000, Zenny wrote:

 > > > > > Gremlin had patches to add a new make target that would
 > > > > > generate flash images instead of ISOs. I think those were
 > > > > > primarily intended for installing systems from, and they
 > > > > > were for larger flash devices (1 GB being considered the
 > > > > > minimum anyone would likely happen to have handy anyway).
 > > > > Great info. Do you mean this one:
 > > > > ftp://ftp.gremlin.people.openwall.com/pub/linux/Owl/INSTALL/?
 > > > Almost. IIRC, Gremlin also produced a patch to our Owl/build/
 > > > tree to automatically generate flash images like that.
 > > Not yet. There was only /etc/lilo-flash.conf file for booting
 > > from a flash device.
 > It would be awesome if you could create a wiki page about the way
 > that you manage your compilation in flash. ;-) Appreciate that if
 > you could manage to post a small documentation, subject to your
 > convenience.

I hope I'll find some time for that... For now, here's brief recipe:

0. Run `qemu -hda flash1gb.image -cdrom owl-install.iso -boot d`
1. Intall the system to one single root partition
2. Exit to shell instead of rebooting
3. Copy the /usr/src to /owl/usr/src
4. Create /owl/etc/lilo-flash.conf
5. Run `chroot /owl lilo -C /etc/lilo-flash.conf -b /dev/hda`
6. Shut down the Qemu VM
7. Run `dd bs=1M if=flash1gb.image of=/dev/sdX`
8. Try booting physical machine from freshly created flash drive

I remember some issues with /etc/fstab when flash is recognized
with different device name, so one single root partition and
`mount / -o remount,rw` works that around.

 > > > Owl already supports encryption for loopback devices, so
 > > > you can use an encrypted ext4 filesystem with it currently
 > > > (with our pre-built kernels and tools).
 > > Yes, `losetup -e twofish -k 256 /dev/loop0 /dev/md0` works
 > > just fine.
 > Thanks for the hint ;-)

That wasn't the hint - the hint is "don't forget to destroy the key
when feds appear at your door" :-)


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin
<gremlin ПРИ gremlin ТЧК ru>
GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net
GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.