Provided by: bilibop-common_0.5.0_i386 bug

NAME

       bilibop - run Debian GNU/Linux from an external media

DESCRIPTION

       A  lot of GNU/Linux distributions - at least the most popular of them -
       provide freely downloadable .iso or .img disk images that can be copied
       on  a  USB memory stick (sometimes with just cat(1) or dd(1), sometimes
       in a more complicated way) and immediatly usable 'as is'.

       But such operating systems are not designed to be  modified;  they  are
       read-only,  and  even  when  they provide a 'persistent' feature, it is
       limited. Additionally, they are currently unmaintainable, in the  sense
       that  rebuild the complete image of the root filesystem is the only way
       to update the system or modify its settings in depth. This is  often  a
       hard  or  heavy  task  that cannot be done from the system itself: this
       needs a dedicated work space, outside of the running system,  and  this
       often  needs  another operating system to replace the disk image by the
       new one; and some of these tasks can be done only by experienced users.
       Others have to wait for the next release, if it comes a day.

       Bilibop  stands  for  'Bilibop Is Live Install Boot On Pendrive'.  This
       recursive acronym is now obsolete, but the  name  has  been  kept.  The
       bilibop project is born as an alternative to the LiveUSB systems.

       By performing a standard installation of Debian directly on a removable
       media — currently a USB key or an external HDD — it is possible to  use
       it  as  a  LiveUSB system, with the big difference that it behaves like
       any installed Debian OS: it can be maintained,  modified,  updated,  or
       even  broken  by  the  root user at any time. In fact, without specific
       settings, it can be broken by an unprivileged user  at  any  time;  but
       this is also the case of LiveUSB systems.

       So,  bilibop is a collection of scripts using or used by other programs
       (initramfs-tools(7), udev(7), or GRUB2) to help admins  to  maintain  a
       Debian GNU/Linux operating system installed on a removable and writable
       media, even if some  of  these  scripts  may  also  be  used  in  other
       contexts.  One  of  its  main goals is to fix security issues or harden
       standard rules and policies, to make the system  more  robust  in  this
       particular situation. Instead of yet another new, living fast and dying
       young, Debian based distribution, bilibop has been designed as a set of
       few  debian packages.  bilibop-lockfs may also be installed on a laptop
       or on a public computer as an alternative to fsprotect or  overlayroot,
       and  bilibop-udev  (or  bilibop-rules)  should  also  be installed on a
       LiveUSB.

BILIBOP PACKAGES

       bilibop
         This is a meta package, depending on several  other  binary  packages
         from the same bilibop source package.

       bilibop-common
         It   mainly   provides   shell   functions   and  documentation.  See
         README.Debian in the documentation of the package for  details  about
         these functions.  It also includes the drivemap(1) command.

       bilibop-rules
         This package provides udev rules and helper scripts. Its main purpose
         is to fix the external drive hosting the running system, and all  its
         partitions, as owned by the 'disk' group instead of 'floppy', as done
         by the common udev rules  applied  to  removable  media.  This  is  a
         workaround  of  the  bug  #645466.   The  udev rules provided by this
         package work even when the root filesystem is on a LUKS device, a LVM
         Logical Volume, a loop device or is an aufs(5) or overlay mountpoint.
         bilibop-rules also includes the lsbilibop(8) command, and some helper
         scripts  in /usr/share/bilibop, that can be executed manually or with
         'dpkg-reconfigure   bilibop-rules'.    See   README.Debian   in   the
         documentation of the package for details.

       bilibop-udev
         This package is a kind of subset of bilibop-rules, and is more suited
         for LiveUSB systems. It just makes that the drive hosting the running
         system, and all its partitions, belong to the 'disk' group instead of
         'floppy'.  Its  udev  rules  also  create  a  symlink  (/dev/bilibop)
         pointing to the drive name. See README.Debian in the documentation of
         the package for details.

       bilibop-lockfs
         By  using  an  initramfs  script  and  a  mount(8)   helper   script,
         filesystems  are  mounted  as readonly branches of a union filesystem
         (either aufs(5) or overlay) the corresponding writable branches being
         on  temporary  filesystems.   Additionally,  block  devices  are  set
         readonly too, avoiding low-level write access on them, even by  root.
         All  this  makes  the  operating  system  unbreakable,  unless with a
         hammer. See README.Debian in the documentation  of  the  package  for
         details.

INSTALLATION

       Debian  can  be  installed on a removable drive as it is on an internal
       one, except:

       · It  is  highly  recommended  to  install  a  full  encrypted  system.
         Otherwise,  what  can happen if the USB stick or the external HDD has
         been lost or forgotten somewhere, or even thieft ? Unfortunately (but
         there are evident security reasons), this can not be fully preseeded.

       · Due  to write-cycles limits on flash memory, it is not recommended to
         use a swap area on them: this can dramatically decrease the  lifetime
         of the drive.

       · Even  if  the  amd64  is  now  the most common architecture on modern
         Personal Computers, installation of a x86 system will  make  it  more
         versatile  and work both on amd64 and i386 architectures (and even on
         ia32, but this needs at least a specific partition scheme).

       · Take care, near the end of the installation, that the bootloader will
         be  installed  on  the  MBR  of  the  drive where the system has been
         freshly installed: choosing the default 'install on MBR' will install
         it on the Master Boot Record of the first disk !

       · Taking previous recommendations into account, choose 'Expert Install'
         or 'Expert Graphical Install' in the installer boot menu. if you have
         to  install  Debian  on  several  devices, don't perform an automated
         installation via the 'Auto Install'  option  in  the  installer  boot
         menu.  If you really need to automate this process to win time, use a
         preseed file instead.

SETTINGS AND CONFIGURATION

       The main advantage of a standard installation over  a  Live  system  is
       that  the  installed  one  can  exactly answer your needs: if the needs
       change, the system can be easily modified.  It  can  be  installed  and
       configured to be used as/for:

       · daily usage (this is my case)
       · router and/or firewall for a LAN
       · ftp and/or http server (this is my case)
       · forensics and rescue system (this is may case)
       · embedded Debian repository (this is my case)
       · testing system
       · educational purposes
       · others

       Because  an  operating  system  running  from  an  external  device  is
       generally used  on  different  computers,  with  potentially  different
       keyboards,  architectures,  monitors,  and  so  on,  it could need some
       special settings to be as versatile as possible. Maybe the field is too
       large    to    be    covered   into   a   single   manual   page:   see
       /usr/share/doc/bilibop-common/misc/* for some tips and tricks,  details
       and suggestions about possible settings.

FILES

       /usr/share/bilibop-common/README.Debian
       /usr/share/bilibop-common/examples/bilibop.conf
       /usr/share/bilibop-common/misc/*
       /usr/share/bilibop-lockfs/README.Debian
       /usr/share/bilibop-lockfs/examples/bilibop.conf
       /usr/share/bilibop-rules/README.Debian
       /usr/share/bilibop-rules/examples/bilibop.conf

SEE ALSO

       bilibop.conf(5), drivemap(1), lsbilibop(8)

AUTHOR

       This    manual    page    has   been   written   by   Bilibop   Project
       <quidame@poivron.org>.