Opened 8 years ago

Closed 8 years ago

#3401 closed task (fixed)

Script to install and configure Debian on the Torouter

Reported by: runa Owned by: runa
Priority: Medium Milestone:
Component: Archived/Torouter Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I created a wiki page explaining how to install Debian on the DreamPlug: https://trac.torproject.org/projects/tor/wiki/doc/DebianDreamPlug

The next step will be to write a script that can run from a USB stick and automatically install and configure Debian on the DreamPlug (will be very useful when we have 10 or so devices to prepare and ship to users).

http://www.newit.co.uk/forum/index.php?topic=2073.0 has a script that does a couple of things, such as perform a multistrap install of a basic Debian system and download pre-defined packages.

Child Tickets

Change History (9)

comment:1 Changed 8 years ago by ioerror

We need to install a real kernel that doesn't come from the vendor.

comment:2 Changed 8 years ago by ioerror

I really think that we should investigate building a kernel from the Marvell sources and we should integrate grsec.

comment:3 Changed 8 years ago by runa

Copy & paste from IRC:

< Runa> Linux version 2.6.33.6 (root@…) (gcc version 4.2.1) #1 PREEMPT Tue Feb 8 03:18:41 EST 2011
< ioerror> right, so that's the stock kernel, no?
< ioerror> Runa: mkdir /mnt/sda1 && mount -t vfat /dev/sda1 /mnt/sda1/
< ioerror> ls -al shows the kernel: -rwxr-xr-x 1 root root 2712400 Feb 24 13:52 uImage
< ioerror> so that's where your kernel needs to be for it to boot by default (you can change the default in uboot)

comment:4 Changed 8 years ago by ioerror

Is it possible to re-flash the internal SD cards? If so, I propose that we simply make a disk image and dd it over.

The unpacking and installing/configuring of stuff is pretty pointless if they're all going to be the same.

comment:5 Changed 8 years ago by ivansanchez

«The unpacking and installing/configuring of stuff is pretty pointless if they're all going to be the same.»

Thing is, they shouldn't be the same. I, for one, wouldn't like my SSH keys to be the same as any other tor relay out there.

That's the main reason I researched how to multistrap a Debian system in: so a set of fresh SSH keys would be generated, and signed Debian packages would be used.

«Is it possible to re-flash the internal SD cards?»

It is possible to:

  • Configure the dreamplug to boot off a secondary storage medium (a SD card or a usb stick), if the user has a JTAG
    • then run it off there, and
    • then overwrite the internal SD card data
  • Pry the dreamplug open (couple screws), get the microSD card out, multistrap it, put it in again.

comment:6 in reply to:  5 Changed 8 years ago by ioerror

Replying to ivansanchez:

«The unpacking and installing/configuring of stuff is pretty pointless if they're all going to be the same.»

Thing is, they shouldn't be the same. I, for one, wouldn't like my SSH keys to be the same as any other tor relay out there.

Uh - you're aware that we can flash the device without cryptographic keys, right?

I certainly wasn't suggesting that we set all of the keys on the device to one key pair or even a few per device!

comment:7 Changed 8 years ago by runa

For the September deadline, we should look at debtakeover. The debtakeover utility is used to replace the current running system with Debian.

comment:8 Changed 8 years ago by runa

I had a look at debtakeover last night. The software is outdated (possibly not maintained anymore either) and doesn't really work. The latest release didn't do much at all, the development version left my system in a broken state.

I noticed that someone put up a tarball and instructions on how to convert the DreamPlug from Ubuntu to Debian on https://code.google.com/p/dreamplug/downloads/list. It seems like this tarball is a modified version of what you'd run on a Sheevaplug, and it also includes way more stuff than we'd like to have on the DreamPlug.

comment:9 Changed 8 years ago by runa

Resolution: fixed
Status: newclosed

We are now using the freedom-maker script to replace the current running system with Debian, and we have some Debian packages that will turn the device into a Torouter.

Note: See TracTickets for help on using tickets.