xenial (7) bilibop.7.gz

Provided by: bilibop-common_0.5.0_amd64 bug

NAME
       bilibop - run Debian GNU/Linux from an external media


DESCRIPTION
       A  lot  of GNU/Linux distributions - at least the most popular of them - provide freely downloadable .iso
       or .img disk images that can be copied on a USB memory  stick  (sometimes  with  just  cat(1)  or  dd(1),
       sometimes in a more complicated way) and immediatly usable 'as is'.

       But  such  operating  systems  are  not  designed  to be modified; they are read-only, and even when they
       provide a 'persistent' feature, it is limited. Additionally, they are currently  unmaintainable,  in  the
       sense  that  rebuild  the  complete  image of the root filesystem is the only way to update the system or
       modify its settings in depth. This is often a hard or heavy task that cannot  be  done  from  the  system
       itself:  this  needs  a dedicated work space, outside of the running system, and this often needs another
       operating system to replace the disk image by the new one; and some of these tasks can be  done  only  by
       experienced users.  Others have to wait for the next release, if it comes a day.

       Bilibop  stands  for 'Bilibop Is Live Install Boot On Pendrive'.  This recursive acronym is now obsolete,
       but the name has been kept. The bilibop project is born as an alternative to the LiveUSB systems.

       By performing a standard installation of Debian directly on a removable media — currently a USB key or an
       external HDD — it is possible to use it as a LiveUSB system, with the big difference that it behaves like
       any installed Debian OS: it can be maintained, modified, updated, or even broken by the root user at  any
       time.  In fact, without specific settings, it can be broken by an unprivileged user at any time; but this
       is also the case of LiveUSB systems.

       So, bilibop is a collection of scripts using or used by other programs (initramfs-tools(7),  udev(7),  or
       GRUB2)  to  help  admins  to  maintain  a  Debian GNU/Linux operating system installed on a removable and
       writable media, even if some of these scripts may also be used in other contexts. One of its  main  goals
       is  to  fix security issues or harden standard rules and policies, to make the system more robust in this
       particular situation. Instead of yet another new, living fast and dying young, Debian based distribution,
       bilibop  has  been  designed  as a set of few debian packages.  bilibop-lockfs may also be installed on a
       laptop or on a public computer as an alternative  to  fsprotect  or  overlayroot,  and  bilibop-udev  (or
       bilibop-rules) should also be installed on a LiveUSB.


BILIBOP PACKAGES
       bilibop
         This  is  a  meta  package,  depending  on  several  other binary packages from the same bilibop source
         package.

       bilibop-common
         It mainly provides shell functions and documentation. See README.Debian in  the  documentation  of  the
         package for details about these functions.  It also includes the drivemap(1) command.

       bilibop-rules
         This  package  provides  udev  rules  and helper scripts. Its main purpose is to fix the external drive
         hosting the running system, and all its partitions, as owned by the 'disk' group instead  of  'floppy',
         as  done  by the common udev rules applied to removable media. This is a workaround of the bug #645466.
         The udev rules provided by this package work even when the root filesystem is on a LUKS device,  a  LVM
         Logical  Volume, a loop device or is an aufs(5) or overlay mountpoint.  bilibop-rules also includes the
         lsbilibop(8) command, and some helper scripts in /usr/share/bilibop, that can be executed  manually  or
         with  'dpkg-reconfigure  bilibop-rules'.   See  README.Debian  in  the documentation of the package for
         details.

       bilibop-udev
         This package is a kind of subset of bilibop-rules, and is more suited  for  LiveUSB  systems.  It  just
         makes  that  the  drive  hosting the running system, and all its partitions, belong to the 'disk' group
         instead of 'floppy'.  Its udev rules also create a symlink (/dev/bilibop) pointing to the  drive  name.
         See README.Debian in the documentation of the package for details.

       bilibop-lockfs
         By using an initramfs script and a mount(8) helper script, filesystems are mounted as readonly branches
         of a union filesystem (either  aufs(5)  or  overlay)  the  corresponding  writable  branches  being  on
         temporary  filesystems.   Additionally,  block  devices  are set readonly too, avoiding low-level write
         access on them, even by root. All this makes the operating system unbreakable, unless  with  a  hammer.
         See README.Debian in the documentation of the package for details.


INSTALLATION
       Debian can be installed on a removable drive as it is on an internal one, except:

       • It  is  highly  recommended  to  install a full encrypted system. Otherwise, what can happen if the USB
         stick or the external HDD has been lost or forgotten somewhere, or even  thieft  ?  Unfortunately  (but
         there are evident security reasons), this can not be fully preseeded.

       • Due  to write-cycles limits on flash memory, it is not recommended to use a swap area on them: this can
         dramatically decrease the lifetime of the drive.

       • Even if the amd64 is now the most common architecture on modern Personal Computers, installation  of  a
         x86 system will make it more versatile and work both on amd64 and i386 architectures (and even on ia32,
         but this needs at least a specific partition scheme).

       • Take care, near the end of the installation, that the bootloader will be installed on the  MBR  of  the
         drive  where  the system has been freshly installed: choosing the default 'install on MBR' will install
         it on the Master Boot Record of the first disk !

       • Taking previous recommendations into account, choose 'Expert Install' or 'Expert Graphical Install'  in
         the  installer  boot menu. if you have to install Debian on several devices, don't perform an automated
         installation via the 'Auto Install' option in the installer boot menu. If you really need  to  automate
         this process to win time, use a preseed file instead.


SETTINGS AND CONFIGURATION
       The  main  advantage  of a standard installation over a Live system is that the installed one can exactly
       answer your needs: if the needs change, the system can be  easily  modified.  It  can  be  installed  and
       configured to be used as/for:

       • daily usage (this is my case)
       • router and/or firewall for a LAN
       • ftp and/or http server (this is my case)
       • forensics and rescue system (this is may case)
       • embedded Debian repository (this is my case)
       • testing system
       • educational purposes
       • others

       Because  an  operating  system  running from an external device is generally used on different computers,
       with potentially different keyboards, architectures, monitors, and so on,  it  could  need  some  special
       settings  to be as versatile as possible. Maybe the field is too large to be covered into a single manual
       page: see /usr/share/doc/bilibop-common/misc/* for some tips and tricks, details  and  suggestions  about
       possible settings.


FILES
       /usr/share/bilibop-common/README.Debian
       /usr/share/bilibop-common/examples/bilibop.conf
       /usr/share/bilibop-common/misc/*
       /usr/share/bilibop-lockfs/README.Debian
       /usr/share/bilibop-lockfs/examples/bilibop.conf
       /usr/share/bilibop-rules/README.Debian
       /usr/share/bilibop-rules/examples/bilibop.conf


SEE ALSO
       bilibop.conf(5), drivemap(1), lsbilibop(8)


AUTHOR
       This manual page has been written by Bilibop Project <quidame@poivron.org>.