Undead USB Install

From Funtoo
Revision as of 08:24, December 5, 2020 by Pnoecker (talk | contribs) (uefi secure boot: make my speech less autistic AF)
Jump to: navigation, search

A linux nomadbsd alternative

This is an install strategy to target a USB flash stick as / instead of a traditional hard drive or internal solid state drive. this isn't a live cd, this is a persistent root funtoo install that changes will keep living on. Since were treating a USB stick as a root partition, it requires much more space than a live usb like area31. 32gb minimum for gnome, 16gb are ok for xfce, lxde, lxqt, & server only type builds. get a fast usb3 drive even if you don't have usb3 ports as the flash memory on them is much faster than the flash memory on usb2 keys which will improve usability. This is a speed run of the official install x86_64 no swap & add JFS but does not intend to replace the official install. this is to make a more flexible, and robust install boot media than area31. undead usb can be used to build undead usb also.

  • identify the drive for installing:
root # lsblk -o name,size,label,partlabel
  • insert the usb drive, and run the above command again.

the first rule of funtoo is funtoo rules

set udev rules to make the drive you're installing to accessible at /dev/funtoo and partitions accessible at /dev/funtoo1 /dev/funtoo2 so on.

  • ide drive 3 example:
root # echo 'KERNEL=="hdd*", SYMLINK+="funtoo%n"' > /etc/udev/rules.d/01-funtoo.rules
  • sata drive 2 example:
root # echo 'KERNEL=="sdc*", SYMLINK+="funtoo%n"' > /etc/udev/rules.d/01-funtoo.rules
  • nvme nvme drive 1 example:
root # echo 'KERNEL=="nvme1n1", SYMLINK+="funtoo"' > /etc/udev/rules.d/01-funtoo.rules
root # echo 'KERNEL=="nvme1n1p*", SYMLINK+="funtoo%n"' >> /etc/udev/rules.d/01-funtoo.rules
  • mmc drive 0 example:
root # echo 'KERNEL=="mmcblk0", SYMLINK+="funtoo"' > /etc/udev/rules.d/01-funtoo.rules
root # echo 'KERNEL=="mmcblk0p*", SYMLINK+="funtoo%n"' >> /etc/udev/rules.d/01-funtoo.rules
  • activate rules:
  • display what /dev/funtoo is tied to:
root # rc-service udev-trigger restart
root # ls -al /dev/funtoo

Partition

root # cgdisk /dev/funtoo
   Note

if cgdisk doesn't work load gdisk or fdisk to wipe out bad gpt tables, and then run cfdisk or cgdisk again.

delete everything.

Command:  new ↵
First sector: 
Last sector: +1M ↵
Hex Code: EF02 ↵
Enter name: BIOS Boot ↵

scroll down to large chunk of free space:

Command: new ↵
First sector: 
Last sector: +128M ↵
Hex Code: EF00 ↵
Enter name: BOOT ↵

scroll down to large chunk of free space:

Command: new ↵
First sector: 
Last sector: 
Hex Code:  8304 ↵
Enter name: FUNTOO ↵
Disk Drive: /dev/sdc
                            Size: 62333952, 29.7 GiB

Part. #     Size        Partition Type            Partition Name
----------------------------------------------------------------
            1007.0 KiB  free space
   1        1024.0 KiB  BIOS boot partition	  BIOS Boot
   2        256.0 MiB   EFI System                BOOT
   3        29.5 GiB    Linux x86-64 root (/)     FUNTOO
Command: write ↵
Command: quit ↵
root # mkfs.vfat -F 32 /dev/funtoo2
root # fatlabel /dev/funtoo2 "BOOT"
root # mkfs.jfs /dev/funtoo3
root # jfs_tune -L "FUNTOO" /dev/funtoo3

Mount

root # mount /dev/funtoo3 /mnt/funtoo
root # mkdir /mnt/funtoo/boot
root # mount /dev/funtoo2 /mnt/funtoo/boot
  • if you're doing a permanent install mount any additional drives to /mnt/funtoo/var or /mnt/funtoo/home now.

Get Funtoo

You can pull your Subarches gnome tarball if you're installing to specific hardware, not moving the disk between systems, or installing to a SSD/nvme. Use generic 64 so your USB os can roam on strange hardware.

root # cd /mnt/funtoo
root # wget https://build.funtoo.org/1.4-release-std/x86-64bit/generic_64/gnome-latest.tar.xz
root # tar --numeric-owner --xattrs --xattrs-include='*' -xpf *gnome* && rm -f *gnome*

Load Funtoo

  • expand your run tmpfs to be half of your ram:
root # mount -t tmpfs tmpfs /run
  • mount up:
root # cd /mnt/funtoo && mount -t proc none proc
mount --rbind /sys sys
mount --rbind /dev dev
mount --rbind /run run
  • chroot in:
root # cd /mnt/funtoo && env -i HOME=/root TERM=$TERM chroot . bash -l
  • Set yo password:
  • Set yo name:
  • set cloudflare dns resolution for installing:
  • Set yo time zone:
  • Set yo clock:
root # passwd
root # echo 'hostname="undead"' > /etc/conf.d/hostname
root # echo "nameserver 1.1.1.1" > /etc/resolv.conf
root # ln -sf /usr/share/zoneinfo/America/Detroit /etc/localtime
root # rc-service busybox-ntpd restart
root # mkdir /mnt/funtoo
  • Deploy your fstab:
root # cat > /etc/fstab << "EOF"
LABEL=BOOT /boot vfat noauto,noatime 1 2
LABEL=FUNTOO / jfs noatime 0 1
tmpfs /run tmpfs rw,nodev,nosuid 0 0
EOF
  • compile in ram:
root # echo 'PORTAGE_TMPDIR="/run"' > /etc/portage/make.conf
  • merge stuff:
root # echo "sys-kernel/linux-firmware initramfs" >> /etc/portage/package.use
root # ego sync && emerge sys-boot/shim jfsutils grub haveged intel-microcode linux-firmware eix discord-bin firefox-bin media-fonts/noto

you can also install Package:Brave or other browsers.

  • funtoo's official chat:

https://discord.gg/BNUSpUU

  • Set your startup services:
root # rc-update del swap boot && rc-update add haveged && rc-update add busybox-ntpd && rc-update add gpm

GRUB

  • Install grub in legacy mode:
root # grub-install --target=i386-pc /dev/funtoo 
root # ego boot update

EFI from EFI

root #mount -o remount,rw /sys/firmware/efi/efivars
root #grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id="FUNTOO" --recheck /dev/funtoo
root #ego boot update

EFI from Legacy

  • If the first EFI install attempt failed try this:
root # mkdir /boot/EFI
root # grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id="FUNTOO" /boot/EFI
   Warning

this is hacky, but known to work. if the first two EFI install commands failed to install do this as your last ditch effort to install uefi. avoid the 3rd uefi install method if possible.

  • remount /dev/funtoo2 to /boot/EFI:
  • install efi images:
root # mount /dev/funtoo2 /boot/EFI
root # grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id="FUNTOO" /boot/EFI
  • install fedora's shim
root # cp /usr/share/shim/* /boot/EFI/FUNTOO/

this produces a hybrid GPT install that will boot on legacy computers, and uefi computers when secure boot is disabled in bios.

Now is a good time to install Package:Fchroot & etcher so you can install to raspberry pi's from your undead media when you reboot into it.

final install size is around 14,500MB gnome can fit in a 16gb usb stick, but it's a tight squeeze and unix file systems degrade in performance at around 80%-90% full. 32gb keys are good, 64gb are excellent, 128gb keys can emerge the world.

rebuild the kernel video drivers modules.

root # emerge -1 x11-drivers/nvidia-kernel-modules

DONE!

If you used a generic stage3 now would be a good time to merge in a DE: Install/Stage3_Desktop

clean dismount

root # exit
root # cd .. && sync 
root # umount -lR funtoo

uefi secure boot

  • press the f1 f2 f8 f9 f10 esc or delete to load bios.
  • set bios to load uefi usb devices first, disable secure boot, and enable legacy mode. save settings and exit.
  • press the f1 f2 f8 f9 f10 esc or delete to load your boot selection menu.
  • load EFI from file, point to /boot/EFI/FUNTOO/shim
  • shim will greet you with access violation warnings.
  • fiddle around to get mok manager to load up.
  • select add key
  • point to /boot/EFI/FUNTOO/grubx86.efi
  • press the f1 f2 f8 f9 f10 esc or delete key to load your boot selection menu.
  • load EFI from file, and again point to /boot/EFI/FUNTOO/shim which will now load funtoo under secure boot.

tweeks

to not run nvidia:

root # ego profile mix-in gfxcard-nouveau
root # ego profile mix-in -gfxcard-nvidia

remove the nouveau blacklist so it grabs the screen.

root # rm /etc/modprobe.d/nouveau*
root # rm /etc/modprobe.d/nvidia*

If you're having problems with nouveau not playing sound over HDMI restart pulse audio:

root # pkill pulseaudio

The magic words to update:

root # emerge -avuND @world 
root # emerge -av --depclean
root # ego boot update

every so often you will want to purge sources to keep the stick as low memory usage as possible

root # rm /var/cache/portage/distfiles/*.tar.bz2
root # rm /var/cache/portage/distfiles/*.tar.xz
root # rm /var/cache/portage/distfiles/*.tar.gz

further securing

i use Package:Sudo, and disable root login.

i use Package:Dnsmasq to block advertising, and cache DNS traffic to accelerate web browsing.

i use Package:Dnscrypt to encrypt all dns requests so the vast majority of the web traffic from my undead usb is encrypted.

Admining

use Package:Eix to browse portage to see packages you can emerge.

use Package:Eselect to set various system options.

Branding

root # echo "www.funtoo.org" > /etc/motd

add fortunes piped through cowsay to the shells

root # emerge fortune-mod cowsay
root # cd && echo "fortune | cowsay" >> .bashrc

Disable DPMS

dpms disrespects screen blanking settings, so you can't watch movies in VLC without the screen turning off.

root # xset s off -dpms
root # cat > /etc/X11/xorg.conf.d/10-monitor.conf << "EOF"
Section "Extensions"
    Option      "DPMS" "Disable"
EndSection
EOF

Alternate Drives

   Warning

avoid adding fstab entries for drives that will not be present on other computers. JFS will mount read only if fsck fails!

I have a jfs home drive labeled HOME. This is the fstab entry to have funtoo use my rotating hard drive as /home

root # echo "LABEL=HOME /home jfs noatime 0 2" >> /etc/fstab

Swapping by file

For a swap file on $HOME:

root # dd if=/dev/zero of=/home/swapfile bs=1M count=4096 status=progress
chmod 600 /home/swapfile
mkswap /home/swapfile
swapon /home/swapfile
echo "/home/swapfile none swap defaults 0 0" >> /etc/fstab
rc-update add swap boot
echo 'rc_need="localmount"' >> /etc/conf.d/swap

For a swap file on $VAR:

root # dd if=/dev/zero of=/var/swapfile bs=1M count=4096 status=progress
chmod 600 /var/swapfile
mkswap /var/swapfile
swapon /var/swapfile
echo "/var/swapfile none swap defaults 0 0" >> /etc/fstab
rc-update add swap boot
echo 'rc_need="localmount"' >> /etc/conf.d/swap

windows 10 utc

if you're running ntp on undead usb you will want to set any dual booting windows clocks to be universal. in an administrator run command prompt run this:

reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation" /v RealTimeIsUniversal /d 1 /t REG_QWORD /f

Remote Help

Package:Logmein-hamachi is a easy to setup VPN allowing friends easy access to SSH should you run into trouble.

Install Video

coming soon.