The officially official Devuan Forum!

You are not logged in.

#1 2017-03-25 12:34:37

miroR
Member
From: Zagreb, Croatia
Registered: 2016-11-30
Posts: 217  
Website

Heads, the libre privacy distro, some basic usage

This is, word by word, verbatim, what you can view in:

Heads, the grsec-hardened Devuan based Fork of Tails (14)
https://www.croatiafidelis.hr/foss/cap/ … uan-14.php

i.e. in the screencast at:
https://www.croatiafidelis.hr/foss/cap/ … #t=0:00:06

It will be much easier to follow with the instructions in written, and in action in the screencast!

================
I plan to make a wiki page out of this text/material on Gentoo Wiki, and a
page on dev1galaxy.org. Heads looks *very* promising!

This is, as Head developers say, _not_ yet all checked and secure! I too use
it for testing purposes only.

As root:

# dd if=/dev/zero bs=1M count=4000 of=usb_disk02.img
# mke2fs -t ext4  usb_disk02.img
# chown miro:miro usb_disk02.img

Check it up as normal user (or with just ls -l):

$ ls -ABRgo usb_disk02.img
-rw-r--r-- 1 4194304000 2017-03-24 20:38 usb_disk02.img
$ ls -ABRgoh usb_disk02.img
-rw-r--r-- 1 4.0G 2017-03-24 20:38 usb_disk02.img
$

Also check that you can mount it on the host, and write to it.

And I'll run this script (I have TPE --trusted path execution-- configured in
my grsecurity-hardened kernel in Gentoo, so I can't just run from anywhere,
but am, of course, safer):

# cat /usr/local/bin/HeadsVM_usb_prep02.sh
#!/bin/sh
exec qemu-system-x86_64 \
		-machine type=q35,accel=kvm \
		-enable-kvm \
		-cpu host \
		-usb -usbdevice disk:format=raw:usb_disk02.img \
		-device virtio-net,netdev=internet \
		-netdev \
			bridge,br=br0,id=internet,helper=/usr/libexec/qemu-bridge-helper \
		-m 4196M \
		-monitor stdio \
		-display gtk \
		-name "Tails_usb_prep" \
		$@
		# add:
		# -cdrom heads-0.1-amd64-live.iso 
		#
		# once Tails installed in usb try:
		# TailsVM_usb_run.sh
		# or actually this same one w/o adding anything

And now let's do it!
================

Pls. let me know if anything is missing for this to work for you.

I know Tomb will be used, of course, and it will be true and encrypted storage, but, if you look over at:

    » Issues
    » Filesystem persistence
https://dev1galaxy.org/viewtopic.php?pid=969#p969

it may not be ready yet.

I hope I'll be able to find more time and try and improve this tip.
--- /Cmn/mr/Dev1_170404_heads.txt    2017-04-05 01:14:05.690329181 +0200
+++ /Cmn/mr/Dev1_170404_headsR.txt    2017-04-05 01:14:47.326331732 +0200
@@ -18,7 +18,7 @@
As root:

EDIT on 2017-04-05 01:17+02:00:

-# dd if=/dev/zero bs=1M of=usb_disk02.img
+# dd if=/dev/zero bs=1M count=4000 of=usb_disk02.img
 # mke2fs -t ext4  usb_disk02.img
 # chown miro:miro usb_disk02.img
 

( Sorry! BTW, I've used Heads some more, but was simply engrossed in the freedom that anonymity gives you... and could't test, but probably this experiment it not of much use anymore, I bet Tomb-provided persistence now works... )

Last edited by miroR (2017-04-04 23:19:40)


Devs/testers/users of FOSS, what might be ahead for GNU/Linux after we lost PaX Team and spender? spender wrote:
https://forums.grsecurity.net/viewtopic … 699#p17127
Google made the choice to engage in underhanded competition against us with our own code...
grsecurity ripoff by Google, w/ Linus approval https://lists.dyne.org/lurker/message/2 … 4b.en.html

Offline

#2 2017-03-25 14:03:28

golinux
Administrator
Registered: 2016-11-25
Posts: 3,317  

Re: Heads, the libre privacy distro, some basic usage

@miroR . . . your enthusiasm for heads is much appreciated.  I know that security has been a concern of yours for many years. Could you please enclose the commands in your post(s) in  tags.  It makes it easier for the eye to find them.  smile   Thanks.

Offline

#3 2017-03-30 10:23:41

miroR
Member
From: Zagreb, Croatia
Registered: 2016-11-30
Posts: 217  
Website

Re: Heads, the libre privacy distro, some basic usage

golinux wrote:

@miroR . . . your enthusiasm for heads is much appreciated.  I know that security has been a concern of yours for many years.

[1]

Could you please enclose the commands in your post(s) in  tags.  It makes it easier for the eye to find them.  smile   Thanks.

Done! (I was used to forums where the commands available are exposed...) [2]

BTW. I thought subscriptions to topic were automatic for one's own posts. I only noticed you replied to this via PM... For these five days I believed it wasn't replied to, and it was, and five days ago, on the day that I posted it. [3]

---
[1] You very likely remember:
Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php?f=16&t=108616
but that's not really a developer's work... It was simply missing for newbies... And I still dream of learning the internals of Devuan and be able to teach newbies grsecurity-hardening in their Devuan machines smile  But, as many others, I lost interest in Debian because of systemDestruction:

http://troubleshooters.com/linux/debian_escapees.html
23. Miroslav Rovis: to Devuan, Refracta and Heads

Fascinating that that topic is still growing!
LATER NOTE: Not, it's not growing, but it is still being read! Some, very roughly, I didn't keep the tab on it, 20,000 views in a few months. Now is at 66738 view.
But it's Corsac's grsecurity packages (almost or truly) official in Devuan. Wasn't ready yet when I started that topic...

[2] I decided to open a new topic about formatting where is more fitting to write about it in more detail:
How to do some formatting little things in Dev1galaxy Forums
https://dev1galaxy.org/viewtopic.php?id=532

[3] Pls. note that I'm not objecting, I very happy with all things Devuan, and I'm always in pain if something is lost on the way, or if someone does something wrong, or is hurt for some reason, anyone of the good bunch of people involved here...
And I wish I could help too, but I am, mostly, too slow to figure things out...

Last edited by miroR (2017-03-30 11:13:52)


Devs/testers/users of FOSS, what might be ahead for GNU/Linux after we lost PaX Team and spender? spender wrote:
https://forums.grsecurity.net/viewtopic … 699#p17127
Google made the choice to engage in underhanded competition against us with our own code...
grsecurity ripoff by Google, w/ Linus approval https://lists.dyne.org/lurker/message/2 … 4b.en.html

Offline

Board footer