Merge branch 'stretch' of https://github.com/bashrc/freedombone
This commit is contained in:
commit
ca865e6ba1
|
@ -23,7 +23,7 @@ If you have a single board ARM computer which isn't one of the supported ones th
|
|||
Download the Armbian image for your board. It must be version 9 (Stretch), otherwise it won't work. Extract the image from its archive, then copy it to a microSD card:
|
||||
|
||||
#+begin_src bash
|
||||
sudo dd bs=32M if=[Armbian .img file] of=/dev/sdX conv=fdatasync
|
||||
sudo dd bs=32M if=[Armbian .img file] of=/dev/sdX conv=fdatasync,sync,noerror
|
||||
#+end_src
|
||||
|
||||
Where */dev/sdX* is the path for the microSD drive on your system.
|
||||
|
|
|
@ -70,7 +70,7 @@ You can now copy the image to the USB thumb drive, replacing *sdX* with the iden
|
|||
|
||||
#+begin_src bash
|
||||
dd if=/dev/zero of=/dev/sdX bs=32M count=8
|
||||
dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync
|
||||
dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync,sync,noerror
|
||||
#+end_src
|
||||
|
||||
And wait. Again it will take a while to copy over. When that's done plug it into the laptop or netbook which you want to use as a server, power on and set the BIOS to boot from the USB stick.
|
||||
|
|
|
@ -129,7 +129,7 @@ unxz filename.img.xz
|
|||
Then copy it to a microSD card. Depending on your system you may need an adaptor to be able to do that.
|
||||
|
||||
#+BEGIN_SRC bash
|
||||
sudo dd bs=32M if=filename.img of=/dev/sdX conv=fdatasync
|
||||
sudo dd bs=32M if=filename.img of=/dev/sdX conv=fdatasync,sync,noerror
|
||||
#+END_SRC
|
||||
|
||||
Where *sdX* is the microSD drive. You can check which drive is the microSD drive using:
|
||||
|
|
|
@ -42,7 +42,7 @@ wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz.si
|
|||
gpg --verify freedombone-meshclient-i386.img.xz.sig
|
||||
unxz freedombone-meshclient-i386.img.xz
|
||||
sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
|
||||
sudo dd bs=32M if=freedombone-meshclient-i386.img of=/dev/sdX conv=fdatasync
|
||||
sudo dd bs=32M if=freedombone-meshclient-i386.img of=/dev/sdX conv=fdatasync,sync,noerror
|
||||
#+end_src
|
||||
|
||||
To get a number of systems onto the mesh repeat the /dd/ command to create however many bootable USB drives you need.
|
||||
|
@ -56,7 +56,7 @@ wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.
|
|||
gpg --verify freedombone-meshclient-insecure-i386.img.xz.sig
|
||||
unxz freedombone-meshclient-insecure-i386.img.xz
|
||||
sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
|
||||
sudo dd bs=32M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdatasync
|
||||
sudo dd bs=32M if=freedombone-meshclient-insecure-i386.img of=/dev/sdX conv=fdatasync,sync,noerror
|
||||
#+end_src
|
||||
|
||||
** Router images
|
||||
|
@ -75,7 +75,7 @@ gpg --verify freedombone-mesh_beaglebone-armhf.img.xz.sig
|
|||
sha256sum freedombone-mesh_beaglebone-armhf.img.xz
|
||||
ad8f22c0d46c98a80aa47b5809402971cf5cf26ebf587c59a667307b2386c3d2
|
||||
unxz freedombone-mesh_beaglebone-armhf.img.xz
|
||||
sudo dd bs=32M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
|
||||
sudo dd bs=32M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync,sync,noerror
|
||||
#+end_src
|
||||
|
||||
If you have a few Beaglebone Blacks to use as routers then repeat the /dd/ command to create however many microSD cards you need.
|
||||
|
@ -120,7 +120,7 @@ You can now copy the image to the USB thumb drive, replacing *sdX* with the iden
|
|||
|
||||
#+begin_src bash
|
||||
sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
|
||||
sudo dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync
|
||||
sudo dd bs=32M if=myimagefile.img of=/dev/sdX conv=fdatasync,sync,noerror
|
||||
#+end_src
|
||||
|
||||
And wait. Again it will take a while to copy over. When that's done plug it into the laptop or netbook which you want to use on the mesh, power on and set the BIOS to boot from the USB stick.
|
||||
|
|
|
@ -31,7 +31,7 @@ Copy the image to a microSD card or USB thumb drive, replacing sdX with the iden
|
|||
|
||||
#+BEGIN_SRC bash
|
||||
unxz downloadedimagefile.img.xz
|
||||
dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
|
||||
dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync,sync,noerror
|
||||
#+END_SRC
|
||||
|
||||
And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.
|
||||
|
|
|
@ -39,7 +39,7 @@ Copy the image to a microSD card or USB thumb drive, replacing sdX with the iden
|
|||
|
||||
#+BEGIN_SRC bash
|
||||
unxz downloadedimagefile.img.xz
|
||||
dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync
|
||||
dd bs=32M if=downloadedimagefile.img of=/dev/sdX conv=fdatasync,sync,noerror
|
||||
#+END_SRC
|
||||
|
||||
And wait. It will take a while to copy over. When that's done you might want to increase the partition size on the drive, using a tool such as [[http://gparted.org][Gparted]]. Whether you need to do that will depend upon how many apps you intend to install and how much data they will store.
|
||||
|
|
|
@ -32,7 +32,7 @@ wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz.sig
|
|||
gpg --verify freedombone-pleroma-amd64.img.xz.sig
|
||||
unxz freedombone-pleroma-amd64.img.xz
|
||||
sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8
|
||||
sudo dd bs=32M if=freedombone-pleroma-amd64.img of=/dev/sdX conv=fdatasync
|
||||
sudo dd bs=32M if=freedombone-pleroma-amd64.img of=/dev/sdX conv=fdatasync,sync,noerror
|
||||
#+end_src
|
||||
|
||||
Also note that if the laptop has a removable SSD drive it's possible to copy the image directly to that if you have enough equipment.
|
||||
|
|
|
@ -105,6 +105,12 @@ function mesh_install_batman {
|
|||
if ! grep -q "batman_adv" "$rootdir/etc/modules"; then
|
||||
echo 'batman_adv' >> "$rootdir/etc/modules"
|
||||
fi
|
||||
if ! grep -q "tunnel6" "$rootdir/etc/modules"; then
|
||||
echo 'tunnel6' >> "$rootdir/etc/modules"
|
||||
fi
|
||||
if ! grep -q "ip6_tunnel" "$rootdir/etc/modules"; then
|
||||
echo 'ip6_tunnel' >> "$rootdir/etc/modules"
|
||||
fi
|
||||
|
||||
BATMAN_SCRIPT=$rootdir/var/lib/batman
|
||||
|
||||
|
|
|
@ -6,6 +6,14 @@
|
|||
#
|
||||
# Freedom in the Cloud
|
||||
#
|
||||
# This is an optional command for setting up a client machine
|
||||
# to then be able to log into a server. It installs a few packages
|
||||
# for things like IRC and twiddles crypto settings.
|
||||
#
|
||||
# It may not be necessary to run this on client machines, and
|
||||
# is provided for some extra convenience on a Debian or Arch
|
||||
# based system.
|
||||
#
|
||||
# License
|
||||
# =======
|
||||
#
|
||||
|
|
|
@ -74,7 +74,7 @@ IMAGE_NAME='full'
|
|||
USERNAME="$USER"
|
||||
PASSWORD=
|
||||
|
||||
CONTINUOUS_INTEGRATION=
|
||||
CONTINUOUS_INTEGRATION=""
|
||||
|
||||
# IP address of the router (gateway)
|
||||
ROUTER_IP_ADDRESS="192.168.1.254"
|
||||
|
@ -719,7 +719,7 @@ if [[ $IMAGE_TYPE != "qemu"* ]]; then
|
|||
echo ''
|
||||
echo " unxz -k ${PROJECT_NAME}*.img.xz"
|
||||
echo ' sudo dd if=/dev/zero of=/dev/sdX bs=32M count=8'
|
||||
echo " sudo dd bs=32M if=${PROJECT_NAME}*.img of=/dev/sdX conv=fdatasync"
|
||||
echo " sudo dd bs=32M if=${PROJECT_NAME}*.img of=/dev/sdX conv=fdatasync,sync,noerror"
|
||||
echo ''
|
||||
fi
|
||||
|
||||
|
|
|
@ -137,7 +137,7 @@ BMX6_REPO="https://github.com/bmx-routing/bmx6"
|
|||
BMX6_COMMIT='39dd1f2d99ac5a3fa28e92f8173c15039132e181'
|
||||
|
||||
BMX7_REPO="https://github.com/bmx-routing/bmx7"
|
||||
BMX7_COMMIT='0a82c7c10fef44b259b35e77ab33632aa132d219'
|
||||
BMX7_COMMIT='66c853f529662873d1420d39461c75be6eb88b45'
|
||||
|
||||
CONTINUOUS_INTEGRATION=
|
||||
|
||||
|
@ -945,7 +945,7 @@ initialise_mesh() {
|
|||
install_avahi
|
||||
install_batman
|
||||
install_bmx6
|
||||
#install_bmx7
|
||||
install_bmx7
|
||||
install_olsr2
|
||||
install_babel
|
||||
mesh_shutdown_script
|
||||
|
|
|
@ -259,6 +259,7 @@ sudo -H \
|
|||
SOURCE="$SOURCE" \
|
||||
CUSTOM_SETUP="$CUSTOM_SETUP" \
|
||||
EXTERNAL_DRIVE="$EXTERNAL_DRIVE" \
|
||||
CONTINUOUS_INTEGRATION="$CONTINUOUS_INTEGRATION" \
|
||||
$VMDEBOOTSTRAP \
|
||||
--log "$(dirname "$IMAGE")/${PROJECT_NAME}.log" \
|
||||
--log-level debug \
|
||||
|
|
|
@ -41,7 +41,7 @@ IMAGE = $(NAME).img
|
|||
ARCHIVE = $(IMAGE).xz
|
||||
SIGNATURE = $(ARCHIVE).sig
|
||||
OWNER = 1000
|
||||
ifeq ("$CONTINUOUS_INTEGRATION", "")
|
||||
ifeq ($(CONTINUOUS_INTEGRATION), "")
|
||||
XZ = xz --no-warn --verbose --keep --threads=0 -3 $(IMAGE)
|
||||
SIGN = -gpg --output $(SIGNATURE) --detach-sig $(ARCHIVE)
|
||||
else
|
||||
|
|
|
@ -212,6 +212,7 @@ function start {
|
|||
sed -i 's|use-ipv4=.*|use-ipv4=no|g' /etc/avahi/avahi-daemon.conf
|
||||
sed -i 's|use-ipv6=.*|use-ipv6=yes|g' /etc/avahi/avahi-daemon.conf
|
||||
|
||||
# set the wifi interface for layer 3 routing
|
||||
sed -i "s|ExecStart=.*|ExecStart=/usr/sbin/bmx6 dev=${IFACE}|g" /etc/systemd/system/bmx6.service
|
||||
sed -i "s|ExecStart=.*|ExecStart=/usr/sbin/bmx7 dev=${IFACE}|g" /etc/systemd/system/bmx7.service
|
||||
sed -i "s|ExecStart=.*|ExecStart=/usr/local/sbin/olsrd2_static ${IFACE}|g" /etc/systemd/system/olsr2.service
|
||||
|
@ -238,6 +239,7 @@ function start {
|
|||
ifconfig "$EIFACE" up promisc
|
||||
echo $'End of internet bridge'
|
||||
|
||||
# set the wifi interfaces for layer 3 routing
|
||||
sed -i "s|ExecStart=.*|ExecStart=/usr/sbin/bmx6 dev=${IFACE} dev=${EIFACE}|g" /etc/systemd/system/bmx6.service
|
||||
sed -i "s|ExecStart=.*|ExecStart=/usr/sbin/bmx7 dev=${IFACE} dev=${EIFACE}|g" /etc/systemd/system/bmx7.service
|
||||
sed -i "s|ExecStart=.*|ExecStart=/usr/local/sbin/olsrd2_static ${IFACE} ${EIFACE}|g" /etc/systemd/system/olsr2.service
|
||||
|
|
|
@ -139,8 +139,14 @@ function install_batman {
|
|||
$CHROOT_PREFIX apt-get -yq install python-dev libevent-dev ebtables python-pip git
|
||||
$CHROOT_PREFIX apt-get -yq install wireless-tools rfkill
|
||||
|
||||
if ! grep -q "batman_adv" $rootdir/etc/modules; then
|
||||
echo 'batman_adv' >> $rootdir/etc/modules
|
||||
if ! grep -q "batman_adv" "$rootdir/etc/modules"; then
|
||||
echo 'batman_adv' >> "$rootdir/etc/modules"
|
||||
fi
|
||||
if ! grep -q "tunnel6" "$rootdir/etc/modules"; then
|
||||
echo 'tunnel6' >> "$rootdir/etc/modules"
|
||||
fi
|
||||
if ! grep -q "ip6_tunnel" "$rootdir/etc/modules"; then
|
||||
echo 'ip6_tunnel' >> "$rootdir/etc/modules"
|
||||
fi
|
||||
|
||||
BATMAN_SCRIPT=$rootdir/var/lib/batman
|
||||
|
|
|
@ -48,6 +48,11 @@ echo ''
|
|||
echo $'Scanning for BMX6 protocol...'
|
||||
bmx6_peers=$(avahi-browse -at | grep routing | grep -c bmx6)
|
||||
|
||||
clear
|
||||
echo ''
|
||||
echo $'Scanning for BMX7 protocol...'
|
||||
bmx7_peers=$(avahi-browse -at | grep routing | grep -c bmx7)
|
||||
|
||||
clear
|
||||
echo ''
|
||||
echo $'Scanning for OLSR2 protocol...'
|
||||
|
@ -60,7 +65,7 @@ babel_peers=$(avahi-browse -at | grep routing | grep -c babel)
|
|||
|
||||
clear
|
||||
|
||||
data=$(zenity --list 1 $"BMX6 ($bmx6_peers)" 2 $"OLSR2 ($olsr2_peers)" 3 $"Babel ($babel_peers)" $"Select Mesh Protocol" --column="id" --title $"Mesh Protocol" --column=$"Choose the mesh protocol:" --hide-column=1 --print-column=1 --height=150)
|
||||
data=$(zenity --list 1 $"BMX6 ($bmx6_peers)" 2 $"BMX7 Experimental ($bmx7_peers)" 3 $"OLSR2 ($olsr2_peers)" 4 $"Babel ($babel_peers)" $"Select Mesh Protocol" --column="id" --title $"Mesh Protocol" --column=$"Choose the mesh protocol:" --hide-column=1 --print-column=1 --height=220)
|
||||
|
||||
sel=$?
|
||||
case $sel in
|
||||
|
@ -109,7 +114,18 @@ case $data in
|
|||
echo $'Starting BMX6...'
|
||||
sudo systemctl start bmx6
|
||||
;;
|
||||
2) sudo "$temp_script" 'olsr2'
|
||||
2) sudo "$temp_script" 'bmx7'
|
||||
mesh_stop_daemon 'bmx6'
|
||||
mesh_stop_daemon 'olsr2'
|
||||
mesh_stop_daemon 'babel'
|
||||
clear
|
||||
echo ''
|
||||
echo $'Enabling BMX7...'
|
||||
sudo systemctl enable bmx7
|
||||
echo $'Starting BMX7...'
|
||||
sudo systemctl start bmx7
|
||||
;;
|
||||
3) sudo "$temp_script" 'olsr2'
|
||||
mesh_stop_daemon 'bmx6'
|
||||
mesh_stop_daemon 'bmx7'
|
||||
mesh_stop_daemon 'babel'
|
||||
|
@ -120,7 +136,7 @@ case $data in
|
|||
echo $'Starting OLSR2...'
|
||||
sudo systemctl start olsr2
|
||||
;;
|
||||
3) sudo "$temp_script" 'babel'
|
||||
4) sudo "$temp_script" 'babel'
|
||||
mesh_stop_daemon 'bmx6'
|
||||
mesh_stop_daemon 'bmx7'
|
||||
mesh_stop_daemon 'olsr2'
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
<head>
|
||||
<!-- 2018-04-21 Sat 14:58 -->
|
||||
<!-- 2018-05-10 Thu 11:47 -->
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title>‎</title>
|
||||
|
@ -260,7 +260,7 @@ Download the Armbian image for your board. It must be version 9 (Stretch), other
|
|||
</p>
|
||||
|
||||
<div class="org-src-container">
|
||||
<pre class="src src-bash">sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=[Armbian .img file] <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
|
||||
<pre class="src src-bash">sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=[Armbian .img file] <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync,sync,noerror
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
<head>
|
||||
<!-- 2018-04-24 Tue 18:17 -->
|
||||
<!-- 2018-05-10 Thu 11:47 -->
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title>‎</title>
|
||||
|
@ -243,9 +243,9 @@ for the JavaScript code in this tag.
|
|||
</div>
|
||||
|
||||
|
||||
<div id="outline-container-org3d2bd4a" class="outline-2">
|
||||
<h2 id="org3d2bd4a">Home Server</h2>
|
||||
<div class="outline-text-2" id="text-org3d2bd4a">
|
||||
<div id="outline-container-orgddbcade" class="outline-2">
|
||||
<h2 id="orgddbcade">Home Server</h2>
|
||||
<div class="outline-text-2" id="text-orgddbcade">
|
||||
<p>
|
||||
The quickest way to get started is as follows. You will need to be running a Debian based system (version 8 or later), have an old but still working laptop or netbook which you can use as a server, and 8GB or larger USB thumb drive and an ethernet cable to connect the laptop to your internet router.
|
||||
</p>
|
||||
|
@ -336,7 +336,7 @@ You can now copy the image to the USB thumb drive, replacing <b>sdX</b> with the
|
|||
|
||||
<div class="org-src-container">
|
||||
<pre class="src src-bash">dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
|
||||
dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=myimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
|
||||
dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=myimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync,sync,noerror
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
<head>
|
||||
<!-- 2018-04-21 Sat 14:58 -->
|
||||
<!-- 2018-05-10 Thu 11:48 -->
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title>‎</title>
|
||||
|
@ -242,9 +242,9 @@ for the JavaScript code in this tag.
|
|||
</p>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgaaffe7e" class="outline-2">
|
||||
<h2 id="orgaaffe7e">Installation</h2>
|
||||
<div class="outline-text-2" id="text-orgaaffe7e">
|
||||
<div id="outline-container-org0b64622" class="outline-2">
|
||||
<h2 id="org0b64622">Installation</h2>
|
||||
<div class="outline-text-2" id="text-org0b64622">
|
||||
<table border="2" cellspacing="0" cellpadding="6" rules="groups" frame="hsides">
|
||||
|
||||
|
||||
|
@ -253,11 +253,11 @@ for the JavaScript code in this tag.
|
|||
</colgroup>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td class="org-left"><a href="#org85992f0">Building an image for a Single Board Computer or Virtual Machine</a></td>
|
||||
<td class="org-left"><a href="#org25d1365">Building an image for a Single Board Computer or Virtual Machine</a></td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class="org-left"><a href="#orga435974">Checklist</a></td>
|
||||
<td class="org-left"><a href="#org6e8f4d2">Checklist</a></td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
|
@ -265,36 +265,36 @@ for the JavaScript code in this tag.
|
|||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class="org-left"><a href="#orgaaffe7e">Installation</a></td>
|
||||
<td class="org-left"><a href="#org0b64622">Installation</a></td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class="org-left"><a href="#orgdbb804d">Social Key Management - the 'Unforgettable Key'</a></td>
|
||||
<td class="org-left"><a href="#org000b565">Social Key Management - the 'Unforgettable Key'</a></td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class="org-left"><a href="#orgc7f7e79">Final Setup</a></td>
|
||||
<td class="org-left"><a href="#orgc5a4a1b">Final Setup</a></td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class="org-left"><a href="#org5c56524">Keydrives</a></td>
|
||||
<td class="org-left"><a href="#org39a9487">Keydrives</a></td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class="org-left"><a href="#org27e42b6">On Client Machines</a></td>
|
||||
<td class="org-left"><a href="#orgfe68233">On Client Machines</a></td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td class="org-left"><a href="#org24fb926">Administering the system</a></td>
|
||||
<td class="org-left"><a href="#org00cf2bc">Administering the system</a></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org85992f0" class="outline-2">
|
||||
<h2 id="org85992f0">Building an image for a Single Board Computer or Virtual Machine</h2>
|
||||
<div class="outline-text-2" id="text-org85992f0">
|
||||
<div id="outline-container-org25d1365" class="outline-2">
|
||||
<h2 id="org25d1365">Building an image for a Single Board Computer or Virtual Machine</h2>
|
||||
<div class="outline-text-2" id="text-org25d1365">
|
||||
<p>
|
||||
You don't have to trust images downloaded from random internet locations signed with untrusted keys. You can build one from scratch yourself, and this is the recommended procedure for maximum security. For guidance on how to build images see the manpage for the <b>freedombone-image</b> command.
|
||||
</p>
|
||||
|
@ -372,9 +372,9 @@ If the image build fails with an error such as "<i>Error reading from server. Re
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orga435974" class="outline-2">
|
||||
<h2 id="orga435974">Checklist</h2>
|
||||
<div class="outline-text-2" id="text-orga435974">
|
||||
<div id="outline-container-org6e8f4d2" class="outline-2">
|
||||
<h2 id="org6e8f4d2">Checklist</h2>
|
||||
<div class="outline-text-2" id="text-org6e8f4d2">
|
||||
<p>
|
||||
Before installing Freedombone you will need a few things.
|
||||
</p>
|
||||
|
@ -388,17 +388,17 @@ Before installing Freedombone you will need a few things.
|
|||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<div id="outline-container-org81afcd3" class="outline-2">
|
||||
<h2 id="org81afcd3">Installation</h2>
|
||||
<div class="outline-text-2" id="text-org81afcd3">
|
||||
<div id="outline-container-org9c73f16" class="outline-2">
|
||||
<h2 id="org9c73f16">Installation</h2>
|
||||
<div class="outline-text-2" id="text-org9c73f16">
|
||||
<p>
|
||||
There are three install options: Laptop/Desktop/Netbook, SBC and Virtual Machine.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org8cf2237" class="outline-3">
|
||||
<h3 id="org8cf2237">On a Laptop, Netbook or Desktop machine</h3>
|
||||
<div class="outline-text-3" id="text-org8cf2237">
|
||||
<div id="outline-container-org94f9c89" class="outline-3">
|
||||
<h3 id="org94f9c89">On a Laptop, Netbook or Desktop machine</h3>
|
||||
<div class="outline-text-3" id="text-org94f9c89">
|
||||
<p>
|
||||
If you have an existing system, such as an old laptop or netbook which you can leave running as a server, then install a new version of Debian Stretch onto it. During the Debian install you won't need the print server or the desktop environment, and unchecking those will reduce the attack surface. Once Debian enter the following commands:
|
||||
</p>
|
||||
|
@ -417,9 +417,9 @@ freedombone menuconfig
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orge5e5408" class="outline-3">
|
||||
<h3 id="orge5e5408">On a single board computer (SBC)</h3>
|
||||
<div class="outline-text-3" id="text-orge5e5408">
|
||||
<div id="outline-container-org9b005d5" class="outline-3">
|
||||
<h3 id="org9b005d5">On a single board computer (SBC)</h3>
|
||||
<div class="outline-text-3" id="text-org9b005d5">
|
||||
<p>
|
||||
Currently the following boards are supported:
|
||||
</p>
|
||||
|
@ -466,7 +466,7 @@ Then copy it to a microSD card. Depending on your system you may need an adaptor
|
|||
</p>
|
||||
|
||||
<div class="org-src-container">
|
||||
<pre class="src src-bash">sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=filename.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
|
||||
<pre class="src src-bash">sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=filename.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync,sync,noerror
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
|
@ -498,9 +498,9 @@ Using the password 'freedombone'. Take a note of the new login password and then
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org9ae9946" class="outline-3">
|
||||
<h3 id="org9ae9946">As a Virtual Machine</h3>
|
||||
<div class="outline-text-3" id="text-org9ae9946">
|
||||
<div id="outline-container-orgc53af7b" class="outline-3">
|
||||
<h3 id="orgc53af7b">As a Virtual Machine</h3>
|
||||
<div class="outline-text-3" id="text-orgc53af7b">
|
||||
<p>
|
||||
Qemu is currently supported, since it's s fully free software system. You can run a 64 bit Qemu image with:
|
||||
</p>
|
||||
|
@ -517,42 +517,42 @@ The default login will be username 'fbone' and password 'freedombone'. Take a no
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgdbb804d" class="outline-2">
|
||||
<h2 id="orgdbb804d">Social Key Management - the 'Unforgettable Key'</h2>
|
||||
<div class="outline-text-2" id="text-orgdbb804d">
|
||||
<div id="outline-container-org000b565" class="outline-2">
|
||||
<h2 id="org000b565">Social Key Management - the 'Unforgettable Key'</h2>
|
||||
<div class="outline-text-2" id="text-org000b565">
|
||||
<p>
|
||||
During the install procedure you will be asked if you wish to import GPG keys. If you don't already possess GPG keys then just select "Ok" and they will be generated during the install. If you do already have GPG keys then there are a few possibilities
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgea070ec" class="outline-3">
|
||||
<h3 id="orgea070ec">You have the gnupg keyring on an encrypted USB drive</h3>
|
||||
<div class="outline-text-3" id="text-orgea070ec">
|
||||
<div id="outline-container-org3dd5e36" class="outline-3">
|
||||
<h3 id="org3dd5e36">You have the gnupg keyring on an encrypted USB drive</h3>
|
||||
<div class="outline-text-3" id="text-org3dd5e36">
|
||||
<p>
|
||||
If you previously made a master keydrive containing the full keyring (the .gnupg directory). This is the most straightforward case, but not as secure as splitting the key into fragments.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div id="outline-container-org08d572c" class="outline-3">
|
||||
<h3 id="org08d572c">You have a number of key fragments on USB drives retrieved from friends</h3>
|
||||
<div class="outline-text-3" id="text-org08d572c">
|
||||
<div id="outline-container-orga01493d" class="outline-3">
|
||||
<h3 id="orga01493d">You have a number of key fragments on USB drives retrieved from friends</h3>
|
||||
<div class="outline-text-3" id="text-orga01493d">
|
||||
<p>
|
||||
If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more <a href="#org5c56524">Keydrives</a>.
|
||||
If you previously made some USB drives containing key fragments then retrieve them from your friends and plug them in one after the other. After the last drive has been read then remove it and just select "Ok". The system will then try to reconstruct the key. For this to work you will need to have previously made three or more <a href="#org39a9487">Keydrives</a>.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div id="outline-container-orgf13618c" class="outline-3">
|
||||
<h3 id="orgf13618c">You can specify some ssh login details for friends servers containing key fragments</h3>
|
||||
<div class="outline-text-3" id="text-orgf13618c">
|
||||
<div id="outline-container-org7fee2fd" class="outline-3">
|
||||
<h3 id="org7fee2fd">You can specify some ssh login details for friends servers containing key fragments</h3>
|
||||
<div class="outline-text-3" id="text-org7fee2fd">
|
||||
<p>
|
||||
Enter three or more sets of login details and the installer will try to retrieve key fragments and then assemble them into the full key. This only works if you previously were using remote backups and had social key management enabled.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div id="outline-container-orgc7f7e79" class="outline-2">
|
||||
<h2 id="orgc7f7e79">Final Setup</h2>
|
||||
<div class="outline-text-2" id="text-orgc7f7e79">
|
||||
<div id="outline-container-orgc5a4a1b" class="outline-2">
|
||||
<h2 id="orgc5a4a1b">Final Setup</h2>
|
||||
<div class="outline-text-2" id="text-orgc5a4a1b">
|
||||
<p>
|
||||
Any manual post-installation setup instructions or passwords can be found in /home/username/README.
|
||||
</p>
|
||||
|
@ -670,16 +670,16 @@ On your internet router, typically under firewall settings, open the following p
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org5c56524" class="outline-2">
|
||||
<h2 id="org5c56524">Keydrives</h2>
|
||||
<div class="outline-text-2" id="text-org5c56524">
|
||||
<div id="outline-container-org39a9487" class="outline-2">
|
||||
<h2 id="org39a9487">Keydrives</h2>
|
||||
<div class="outline-text-2" id="text-org39a9487">
|
||||
<p>
|
||||
After installing for the first time it's a good idea to create some keydrives. These will store your gpg key so that if all else fails you will still be able to restore from backup. There are two ways to do this:
|
||||
</p>
|
||||
</div>
|
||||
<div id="outline-container-orga8df9a9" class="outline-3">
|
||||
<h3 id="orga8df9a9">Master Keydrive</h3>
|
||||
<div class="outline-text-3" id="text-orga8df9a9">
|
||||
<div id="outline-container-org9168e0e" class="outline-3">
|
||||
<h3 id="org9168e0e">Master Keydrive</h3>
|
||||
<div class="outline-text-3" id="text-org9168e0e">
|
||||
<p>
|
||||
This is the traditional security model in which you carry your full keyring on an encrypted USB drive. To make a master keydrive first format a USB drive as a LUKS encrypted drive. In Ubuntu this can be <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">done from the <i>Disk Utility</i> application</a>. Then plug it into the Freedombone system, then from your local machine run:
|
||||
</p>
|
||||
|
@ -694,9 +694,9 @@ Select <i>Administrator controls</i> then <i>Backup and Restore</i> then <i>Back
|
|||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div id="outline-container-orgfbd6e5b" class="outline-3">
|
||||
<h3 id="orgfbd6e5b">Fragment keydrives</h3>
|
||||
<div class="outline-text-3" id="text-orgfbd6e5b">
|
||||
<div id="outline-container-org6b684d8" class="outline-3">
|
||||
<h3 id="org6b684d8">Fragment keydrives</h3>
|
||||
<div class="outline-text-3" id="text-org6b684d8">
|
||||
<p>
|
||||
This breaks your GPG key into a number of fragments and randomly selects one to add to the USB drive. First format a USB drive as a LUKS encrypted drive. In Ubuntu this <a href="https://help.ubuntu.com/community/EncryptedFilesystemsOnRemovableStorage">can be done from the <i>Disk Utility</i> application</a>. Plug it into the Freedombone system then from your local machine run the following commands:
|
||||
</p>
|
||||
|
@ -716,9 +716,9 @@ Fragments are randomly assigned and so you will need at least three or four keyd
|
|||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div id="outline-container-org27e42b6" class="outline-2">
|
||||
<h2 id="org27e42b6">On Client Machines</h2>
|
||||
<div class="outline-text-2" id="text-org27e42b6">
|
||||
<div id="outline-container-orgfe68233" class="outline-2">
|
||||
<h2 id="orgfe68233">On Client Machines</h2>
|
||||
<div class="outline-text-2" id="text-orgfe68233">
|
||||
<p>
|
||||
You can configure laptops or desktop machines which connect to the Freedombone server in the following way. This alters encryption settings to improve overall security.
|
||||
</p>
|
||||
|
@ -736,9 +736,9 @@ freedombone-client
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org24fb926" class="outline-2">
|
||||
<h2 id="org24fb926">Administering the system</h2>
|
||||
<div class="outline-text-2" id="text-org24fb926">
|
||||
<div id="outline-container-org00cf2bc" class="outline-2">
|
||||
<h2 id="org00cf2bc">Administering the system</h2>
|
||||
<div class="outline-text-2" id="text-org00cf2bc">
|
||||
<p>
|
||||
To administer the system after installation log in via ssh, become the root user and then launch the control panel.
|
||||
</p>
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
<head>
|
||||
<!-- 2018-04-21 Sat 14:59 -->
|
||||
<!-- 2018-05-10 Thu 11:48 -->
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title>‎</title>
|
||||
|
@ -242,17 +242,17 @@ for the JavaScript code in this tag.
|
|||
</p>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org86cebe1" class="outline-2">
|
||||
<h2 id="org86cebe1">Mesh Network: Images</h2>
|
||||
<div id="outline-container-org4a6d63d" class="outline-2">
|
||||
<h2 id="org4a6d63d">Mesh Network: Images</h2>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org144a10d" class="outline-2">
|
||||
<h2 id="org144a10d">Pre-built Disk Images</h2>
|
||||
<div class="outline-text-2" id="text-org144a10d">
|
||||
<div id="outline-container-org0b5ce82" class="outline-2">
|
||||
<h2 id="org0b5ce82">Pre-built Disk Images</h2>
|
||||
<div class="outline-text-2" id="text-org0b5ce82">
|
||||
</div>
|
||||
<div id="outline-container-org4231464" class="outline-3">
|
||||
<h3 id="org4231464">Writing many images quickly</h3>
|
||||
<div class="outline-text-3" id="text-org4231464">
|
||||
<div id="outline-container-org3c967ad" class="outline-3">
|
||||
<h3 id="org3c967ad">Writing many images quickly</h3>
|
||||
<div class="outline-text-3" id="text-org3c967ad">
|
||||
<p>
|
||||
There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the <b>dd</b> command is used for writing to the target drive, but to write to multiple drives you can use a tool such as <a href="https://wiki.gnome.org/Apps/MultiWriter">GNOME MultiWriter</a>.
|
||||
</p>
|
||||
|
@ -280,9 +280,9 @@ The MultiWriter tool is also available within mesh client images, so that you ca
|
|||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div id="outline-container-org47d0e94" class="outline-3">
|
||||
<h3 id="org47d0e94">Client images</h3>
|
||||
<div class="outline-text-3" id="text-org47d0e94">
|
||||
<div id="outline-container-orge9f8bf4" class="outline-3">
|
||||
<h3 id="orge9f8bf4">Client images</h3>
|
||||
<div class="outline-text-3" id="text-orge9f8bf4">
|
||||
|
||||
<div class="figure">
|
||||
<p><img src="images/mesh_netbook.jpg" alt="mesh_netbook.jpg" width="100%" align="center" />
|
||||
|
@ -300,7 +300,7 @@ wget https://freedombone.net/downloads/v31/freedombone-meshclient-i386.img.xz.si
|
|||
gpg --verify freedombone-meshclient-i386.img.xz.sig
|
||||
unxz freedombone-meshclient-i386.img.xz
|
||||
sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
|
||||
sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-meshclient-i386.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
|
||||
sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-meshclient-i386.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync,sync,noerror
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
|
@ -319,22 +319,22 @@ wget https://freedombone.net/downloads/v31/freedombone-meshclient-insecure-i386.
|
|||
gpg --verify freedombone-meshclient-insecure-i386.img.xz.sig
|
||||
unxz freedombone-meshclient-insecure-i386.img.xz
|
||||
sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
|
||||
sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-meshclient-insecure-i386.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
|
||||
sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-meshclient-insecure-i386.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync,sync,noerror
|
||||
</pre>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orge2c765f" class="outline-3">
|
||||
<h3 id="orge2c765f">Router images</h3>
|
||||
<div class="outline-text-3" id="text-orge2c765f">
|
||||
<div id="outline-container-org82896b1" class="outline-3">
|
||||
<h3 id="org82896b1">Router images</h3>
|
||||
<div class="outline-text-3" id="text-org82896b1">
|
||||
<p>
|
||||
Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do.
|
||||
</p>
|
||||
</div>
|
||||
<div id="outline-container-org0194fde" class="outline-4">
|
||||
<h4 id="org0194fde">Beaglebone Black</h4>
|
||||
<div class="outline-text-4" id="text-org0194fde">
|
||||
<div id="outline-container-org874f9bb" class="outline-4">
|
||||
<h4 id="org874f9bb">Beaglebone Black</h4>
|
||||
<div class="outline-text-4" id="text-org874f9bb">
|
||||
|
||||
<div class="figure">
|
||||
<p><img src="images/mesh_router.jpg" alt="mesh_router.jpg" width="50%" align="center" />
|
||||
|
@ -353,7 +353,7 @@ gpg --verify freedombone-mesh_beaglebone-armhf.img.xz.sig
|
|||
sha256sum freedombone-mesh_beaglebone-armhf.img.xz
|
||||
ad8f22c0d46c98a80aa47b5809402971cf5cf26ebf587c59a667307b2386c3d2
|
||||
unxz freedombone-mesh_beaglebone-armhf.img.xz
|
||||
sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-mesh_beaglebone-armhf.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
|
||||
sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-mesh_beaglebone-armhf.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync,sync,noerror
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
|
@ -369,9 +369,9 @@ There is still a software freedom issue with the Beaglebone Black, but it doesn'
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgfcd1440" class="outline-2">
|
||||
<h2 id="orgfcd1440">Building Disk Images</h2>
|
||||
<div class="outline-text-2" id="text-orgfcd1440">
|
||||
<div id="outline-container-orgda68996" class="outline-2">
|
||||
<h2 id="orgda68996">Building Disk Images</h2>
|
||||
<div class="outline-text-2" id="text-orgda68996">
|
||||
<p>
|
||||
It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
|
||||
</p>
|
||||
|
@ -426,7 +426,7 @@ You can now copy the image to the USB thumb drive, replacing <b>sdX</b> with the
|
|||
|
||||
<div class="org-src-container">
|
||||
<pre class="src src-bash">sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
|
||||
sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=myimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
|
||||
sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=myimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync,sync,noerror
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
<head>
|
||||
<!-- 2018-04-24 Tue 16:29 -->
|
||||
<!-- 2018-05-06 Sun 12:52 -->
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title>‎</title>
|
||||
|
@ -246,9 +246,9 @@ for the JavaScript code in this tag.
|
|||
Mobile phones are insecure devices, but they're regarded as being so essential to modern life that telling people not to use them isn't a viable option. Here are some recommendations on setting up a mobile phone (aka "smartphone") to work with Freedombone.
|
||||
</p>
|
||||
|
||||
<div id="outline-container-orgc9f2368" class="outline-2">
|
||||
<h2 id="orgc9f2368">Open</h2>
|
||||
<div class="outline-text-2" id="text-orgc9f2368">
|
||||
<div id="outline-container-org9dc2155" class="outline-2">
|
||||
<h2 id="org9dc2155">Open</h2>
|
||||
<div class="outline-text-2" id="text-org9dc2155">
|
||||
<p>
|
||||
Use a Linux based phone operating system. Typically this will mean Android, but could also mean LineageOS or Replicant. LineageOS is the most preferable, because you can usually get an up to date image with a recent kernel which will give you better security against exploits. If you're buying a phone then look for a model which is supported by LineageOS. Replicant is the most free (as in freedom) but only runs on a small number of phone models. If you have a phone which runs a full GNU/Linux system then that's fantastic, and you can probably use it in much the same way as a desktop system and the rest of the advice on this page won't apply. If you don't have a phone capable of running a Linux based operating system then consider selling, giving away or bartering your existing one.
|
||||
</p>
|
||||
|
@ -263,27 +263,27 @@ In the end it comes down to the fact that <i>if the source code for the device c
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org1da5240" class="outline-2">
|
||||
<h2 id="org1da5240">Remove</h2>
|
||||
<div class="outline-text-2" id="text-org1da5240">
|
||||
<div id="outline-container-org7c6d63e" class="outline-2">
|
||||
<h2 id="org7c6d63e">Remove</h2>
|
||||
<div class="outline-text-2" id="text-org7c6d63e">
|
||||
<p>
|
||||
So maybe you're running Android and the phone came with some apps already installed. Almost certainly they'll be proprietary. Go to Settings/Apps and then uninstall or deactivate any apps which you really don't need. Mostly preinstalled apps are intended to send your data to companies who will then sell it to advertisers or governments under the business model of <i>surveillance capital</i>. It's not a good idea to get caught up in that, and to avoid becoming addicted to apps which are surveilling you without consent or installing spyware in the background without your knowledge.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orge6cd0f0" class="outline-2">
|
||||
<h2 id="orge6cd0f0">Encrypt</h2>
|
||||
<div class="outline-text-2" id="text-orge6cd0f0">
|
||||
<div id="outline-container-orgab4c572" class="outline-2">
|
||||
<h2 id="orgab4c572">Encrypt</h2>
|
||||
<div class="outline-text-2" id="text-orgab4c572">
|
||||
<p>
|
||||
Encrypt your phone. This can usually be done via <b>Settings/Security</b> and you may need to fully charge the phone first. Encryption means that if you lose your phone or it gets stolen then there is less chance that anyone who picks it up will get access to your data, photos and so on.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org149be87" class="outline-2">
|
||||
<h2 id="org149be87">Apps</h2>
|
||||
<div class="outline-text-2" id="text-org149be87">
|
||||
<div id="outline-container-orgdfcb9ed" class="outline-2">
|
||||
<h2 id="orgdfcb9ed">Apps</h2>
|
||||
<div class="outline-text-2" id="text-orgdfcb9ed">
|
||||
<p>
|
||||
Installing <b>F-droid</b> and only adding any new apps via F-droid will ensure that you are always using free and open source software. Open source is not a panacea, since bugs can and do still occur, but it will help you to avoid the worst security and privacy pitfalls.
|
||||
</p>
|
||||
|
@ -294,18 +294,18 @@ Avoid using the Open Whisper Systems Signal app if you can, no matter what "expe
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgd1ea4fa" class="outline-2">
|
||||
<h2 id="orgd1ea4fa">Lock</h2>
|
||||
<div class="outline-text-2" id="text-orgd1ea4fa">
|
||||
<div id="outline-container-orgb5c91b6" class="outline-2">
|
||||
<h2 id="orgb5c91b6">Lock</h2>
|
||||
<div class="outline-text-2" id="text-orgb5c91b6">
|
||||
<p>
|
||||
Add a lock screen, preferably with a password which is not easy for other people to guess or for quicker access with a PIN number. Install an app called <b>Locker</b>, activate it and set the maximum number of password guesses to ten (or whatever you feel comfortable with). If bad people get hold of your phone then they may try to brute force your lock screen password or PIN (i.e. automatically trying millions of common word and number combinations) and the locker app will prevent them from succeeding by resetting the phone back to its factory default condition and wiping the data.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org98e33e6" class="outline-2">
|
||||
<h2 id="org98e33e6">Onion</h2>
|
||||
<div class="outline-text-2" id="text-org98e33e6">
|
||||
<div id="outline-container-org5f95f04" class="outline-2">
|
||||
<h2 id="org5f95f04">Onion</h2>
|
||||
<div class="outline-text-2" id="text-org5f95f04">
|
||||
<p>
|
||||
Both governments and corporations want to compile matadata dossiers about you. Who you communicated with, when and how often. They want this so that they can data mine, simulate, predict and then ultimately influence (sometimes also called "nudge") your actions and preferences in the directions they prefer. By routing your connections through a number of proxy servers (Tor routers) you can make it perhaps not <i>theoretically</i> impossible but at least <i>very hard</i> for them to have a complete and accurate list of who your friends are, your religion, politics, likely health issues, sexual orientation and what news sites or books you read.
|
||||
</p>
|
||||
|
@ -316,26 +316,26 @@ In F-droid under the <b>repositories</b> menu you can enable the <b>guardian pro
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org0b855a4" class="outline-2">
|
||||
<h2 id="org0b855a4">Email</h2>
|
||||
<div class="outline-text-2" id="text-org0b855a4">
|
||||
<div id="outline-container-orge1a5092" class="outline-2">
|
||||
<h2 id="orge1a5092">Email</h2>
|
||||
<div class="outline-text-2" id="text-orge1a5092">
|
||||
<p>
|
||||
The easiest way to access email is by installing the <a href="./app_mailpile.html">Mailpile</a> app. This keeps your GPG keys off of possibly insecure mobile devices but still enables encrypted email communications in an easy way. You can use K9 mail if you prefer, but that will require installing OpenKeychain and having your GPG keys on the device, which is a lot more risky.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div id="outline-container-org4eecc0f" class="outline-2">
|
||||
<h2 id="org4eecc0f">Services</h2>
|
||||
<div class="outline-text-2" id="text-org4eecc0f">
|
||||
<div id="outline-container-org0baa293" class="outline-2">
|
||||
<h2 id="org0baa293">Services</h2>
|
||||
<div class="outline-text-2" id="text-org0baa293">
|
||||
<p>
|
||||
For information on configuring various apps to work with Freedombone see the <a href="./apps.html">apps section</a>. Also see advice on chat apps in the <a href="./faq.html">FAQ</a>.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org0f96cf1" class="outline-2">
|
||||
<h2 id="org0f96cf1">Battery</h2>
|
||||
<div class="outline-text-2" id="text-org0f96cf1">
|
||||
<div id="outline-container-org1db3043" class="outline-2">
|
||||
<h2 id="org1db3043">Battery</h2>
|
||||
<div class="outline-text-2" id="text-org1db3043">
|
||||
<p>
|
||||
Even with free software apps it's not difficult to get into a situation where your battery doesn't last for long. To maximize battery life access RSS feeds via the onion-based mobile reader within a Tor-compatible browser and not from a locally installed RSS app.
|
||||
</p>
|
||||
|
@ -354,9 +354,9 @@ It's also recommended to disable battery optimisations for Conversations and Orb
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgb6d0da7" class="outline-2">
|
||||
<h2 id="orgb6d0da7">Blocking bad domains</h2>
|
||||
<div class="outline-text-2" id="text-orgb6d0da7">
|
||||
<div id="outline-container-org9f7fc2d" class="outline-2">
|
||||
<h2 id="org9f7fc2d">Blocking bad domains</h2>
|
||||
<div class="outline-text-2" id="text-org9f7fc2d">
|
||||
<p>
|
||||
You can block known bad domains by editing the <b>/system/etc/hosts</b> file on your device. It is possible to use extensive ad-blocking hosts files used by other ad-blocking systems such as pi-hole, but merely blocking Facebook and Google Analytics will protect you against much of the corporate surveillance which goes on. Even if you don't have a Facebook account this may still be useful since they will still try to create a "ghost profile" of you, so the less data they have the better.
|
||||
</p>
|
||||
|
@ -410,6 +410,8 @@ Now edit the hosts file which was pulled and append:
|
|||
127.0.0.1 www.google-analytics.com
|
||||
127.0.0.1 google-analytics.com
|
||||
127.0.0.1 ssl.google-analytics.com
|
||||
127.0.0.1 telemetry.mozilla.org
|
||||
127.0.0.1 incoming.telemetry.mozilla.org
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
<head>
|
||||
<!-- 2018-04-21 Sat 14:59 -->
|
||||
<!-- 2018-05-10 Thu 11:42 -->
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title>‎</title>
|
||||
|
@ -242,9 +242,9 @@ for the JavaScript code in this tag.
|
|||
</p>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org9121f8f" class="outline-2">
|
||||
<h2 id="org9121f8f">Building an internet run by the users, for the users</h2>
|
||||
<div class="outline-text-2" id="text-org9121f8f">
|
||||
<div id="outline-container-org2899a71" class="outline-2">
|
||||
<h2 id="org2899a71">Building an internet run by the users, for the users</h2>
|
||||
<div class="outline-text-2" id="text-org2899a71">
|
||||
<p>
|
||||
The internet may still be mostly in the clutches of a few giant megacorporations and dubious governments with sketchy agendas, but it doesn't have to remain that way. With the third version of the Freedombone system there is now more scope than before to take back your privacy, have ownership of personal data and run your own online communities without undesirable intermediaries.
|
||||
</p>
|
||||
|
@ -265,9 +265,9 @@ Freedombone version 3 is based on Debian 9 (Stretch). It was released in July 20
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org68d06a3" class="outline-2">
|
||||
<h2 id="org68d06a3">Installation</h2>
|
||||
<div class="outline-text-2" id="text-org68d06a3">
|
||||
<div id="outline-container-org7b166be" class="outline-2">
|
||||
<h2 id="org7b166be">Installation</h2>
|
||||
<div class="outline-text-2" id="text-org7b166be">
|
||||
<p>
|
||||
The simplest way to install is from a pre-made disk image. Images can be <a href="https://freedombone.net/downloads/v3">downloaded here</a>. You will need to have previously obtained a domain name and have a dynamic DNS account somewhere.
|
||||
</p>
|
||||
|
@ -278,7 +278,7 @@ Copy the image to a microSD card or USB thumb drive, replacing sdX with the iden
|
|||
|
||||
<div class="org-src-container">
|
||||
<pre class="src src-bash">unxz downloadedimagefile.img.xz
|
||||
dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=downloadedimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
|
||||
dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=downloadedimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync,noerror
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
|
@ -323,9 +323,9 @@ More detailed installation instructions are linked from <a href="./index.html">t
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org976059e" class="outline-2">
|
||||
<h2 id="org976059e">Upgrading from a previous install</h2>
|
||||
<div class="outline-text-2" id="text-org976059e">
|
||||
<div id="outline-container-org9e708b0" class="outline-2">
|
||||
<h2 id="org9e708b0">Upgrading from a previous install</h2>
|
||||
<div class="outline-text-2" id="text-org9e708b0">
|
||||
<p>
|
||||
To upgrade from the Debian Jessie version first create a master keydrive. Go to the <b>Administrator control panel</b> and select <b>Backup and restore</b> then <b>Backup GPG key to USB (master keydrive)</b>. Insert a LUKS encrypted USB drive. When that is done Create a full backup by selecting <b>Backup data to USB drive</b> and using another LUKS encrypted USB drive.
|
||||
</p>
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
<head>
|
||||
<!-- 2018-04-21 Sat 15:00 -->
|
||||
<!-- 2018-05-10 Thu 11:49 -->
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title>‎</title>
|
||||
|
@ -242,9 +242,9 @@ for the JavaScript code in this tag.
|
|||
</p>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org562f1b2" class="outline-2">
|
||||
<h2 id="org562f1b2"><b>Version 3.1, 2018-04-15</b></h2>
|
||||
<div class="outline-text-2" id="text-org562f1b2">
|
||||
<div id="outline-container-org91557ca" class="outline-2">
|
||||
<h2 id="org91557ca"><b>Version 3.1, 2018-04-15</b></h2>
|
||||
<div class="outline-text-2" id="text-org91557ca">
|
||||
<p>
|
||||
Newer and shinier than before, <a href="./index.html">Freedombone</a> 3.1 rests upon the solid foundation of Debian stable and delivers major new self-hosted apps, improved mesh networking and a new logo. It supports version 3 onion addresses and the ability to use <a href="./usage_email.html">email with onion and I2P addresses</a>. New apps are:
|
||||
</p>
|
||||
|
@ -281,9 +281,9 @@ The future is decentralized.
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org0f2b77a" class="outline-2">
|
||||
<h2 id="org0f2b77a">Installation</h2>
|
||||
<div class="outline-text-2" id="text-org0f2b77a">
|
||||
<div id="outline-container-org8bab5d6" class="outline-2">
|
||||
<h2 id="org8bab5d6">Installation</h2>
|
||||
<div class="outline-text-2" id="text-org8bab5d6">
|
||||
<p>
|
||||
The simplest way to install is from a pre-made disk image. Images can be <a href="https://freedombone.net/downloads/v31">downloaded here</a>. You will need to have previously obtained a domain name and have a dynamic DNS account somewhere. Or if you don't need clearnet domains and will be using Tor compatible browsers then you can use the "onion only" images where apps will be accessible via an onion address.
|
||||
</p>
|
||||
|
@ -294,7 +294,7 @@ Copy the image to a microSD card or USB thumb drive, replacing sdX with the iden
|
|||
|
||||
<div class="org-src-container">
|
||||
<pre class="src src-bash">unxz downloadedimagefile.img.xz
|
||||
dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=downloadedimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
|
||||
dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=downloadedimagefile.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync,sync,noerror
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
|
@ -339,9 +339,9 @@ More detailed installation instructions are linked from <a href="./installmethod
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgf8d3f00" class="outline-2">
|
||||
<h2 id="orgf8d3f00">Upgrading from a previous install</h2>
|
||||
<div class="outline-text-2" id="text-orgf8d3f00">
|
||||
<div id="outline-container-org2293b57" class="outline-2">
|
||||
<h2 id="org2293b57">Upgrading from a previous install</h2>
|
||||
<div class="outline-text-2" id="text-org2293b57">
|
||||
<p>
|
||||
To upgrade from version 3 just go to the <b>administrator control panel</b> and select <b>check for updates</b>.
|
||||
</p>
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||
<head>
|
||||
<!-- 2018-04-21 Sat 15:00 -->
|
||||
<!-- 2018-05-10 Thu 11:49 -->
|
||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<title>‎</title>
|
||||
|
@ -242,9 +242,9 @@ for the JavaScript code in this tag.
|
|||
</p>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org7227583" class="outline-2">
|
||||
<h2 id="org7227583">Social Instance</h2>
|
||||
<div class="outline-text-2" id="text-org7227583">
|
||||
<div id="outline-container-org1c80367" class="outline-2">
|
||||
<h2 id="org1c80367">Social Instance</h2>
|
||||
<div class="outline-text-2" id="text-org1c80367">
|
||||
<p>
|
||||
A social instance image allows you to easily set up a fediverse server, which federates using the OStatus or ActivityPub protocol. You will need:
|
||||
</p>
|
||||
|
@ -263,9 +263,9 @@ The installation process is the same as usual, with the only difference being th
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org1d12ef2" class="outline-2">
|
||||
<h2 id="org1d12ef2">Copy the image to the USB drive</h2>
|
||||
<div class="outline-text-2" id="text-org1d12ef2">
|
||||
<div id="outline-container-org2c69e3d" class="outline-2">
|
||||
<h2 id="org2c69e3d">Copy the image to the USB drive</h2>
|
||||
<div class="outline-text-2" id="text-org2c69e3d">
|
||||
<p>
|
||||
Substitute <b>sdX</b> with the device name for your USB drive.
|
||||
</p>
|
||||
|
@ -277,7 +277,7 @@ wget https://freedombone.net/downloads/v31/freedombone-pleroma-amd64.img.xz.sig
|
|||
gpg --verify freedombone-pleroma-amd64.img.xz.sig
|
||||
unxz freedombone-pleroma-amd64.img.xz
|
||||
sudo dd <span class="org-variable-name">if</span>=/dev/zero <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">count</span>=8
|
||||
sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-pleroma-amd64.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync
|
||||
sudo dd <span class="org-variable-name">bs</span>=32M <span class="org-variable-name">if</span>=freedombone-pleroma-amd64.img <span class="org-variable-name">of</span>=/dev/sdX <span class="org-variable-name">conv</span>=fdatasync,sync,noerror
|
||||
</pre>
|
||||
</div>
|
||||
|
||||
|
@ -287,9 +287,9 @@ Also note that if the laptop has a removable SSD drive it's possible to copy the
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org1acc3f8" class="outline-2">
|
||||
<h2 id="org1acc3f8">Connect the laptop to your internet router</h2>
|
||||
<div class="outline-text-2" id="text-org1acc3f8">
|
||||
<div id="outline-container-org94c2081" class="outline-2">
|
||||
<h2 id="org94c2081">Connect the laptop to your internet router</h2>
|
||||
<div class="outline-text-2" id="text-org94c2081">
|
||||
<p>
|
||||
Plug the USB drive into the laptop and connect it to your internet router with the ethernet cable.
|
||||
</p>
|
||||
|
@ -302,9 +302,9 @@ Plug the USB drive into the laptop and connect it to your internet router with t
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgc06c32b" class="outline-2">
|
||||
<h2 id="orgc06c32b">Boot the laptop from the USB drive</h2>
|
||||
<div class="outline-text-2" id="text-orgc06c32b">
|
||||
<div id="outline-container-orgfdae149" class="outline-2">
|
||||
<h2 id="orgfdae149">Boot the laptop from the USB drive</h2>
|
||||
<div class="outline-text-2" id="text-orgfdae149">
|
||||
<p>
|
||||
You may need to alter the BIOS settings to get this to work reliably.
|
||||
</p>
|
||||
|
@ -317,9 +317,9 @@ You may need to alter the BIOS settings to get this to work reliably.
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgbe57b0d" class="outline-2">
|
||||
<h2 id="orgbe57b0d">Forward ports 80 (HTTP) and 443 (HTTPS) from your internet router to the laptop</h2>
|
||||
<div class="outline-text-2" id="text-orgbe57b0d">
|
||||
<div id="outline-container-org6226cc3" class="outline-2">
|
||||
<h2 id="org6226cc3">Forward ports 80 (HTTP) and 443 (HTTPS) from your internet router to the laptop</h2>
|
||||
<div class="outline-text-2" id="text-org6226cc3">
|
||||
<p>
|
||||
Log into your internet router using a non-Tor browser (usually it's on an address like 192.168.1.1 or 192.168.1.254). Often port forwarding settings are together with firewall settings.
|
||||
</p>
|
||||
|
@ -332,9 +332,9 @@ Log into your internet router using a non-Tor browser (usually it's on an addres
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-org61c8baa" class="outline-2">
|
||||
<h2 id="org61c8baa">From another machine ssh into the laptop</h2>
|
||||
<div class="outline-text-2" id="text-org61c8baa">
|
||||
<div id="outline-container-org66f3f3c" class="outline-2">
|
||||
<h2 id="org66f3f3c">From another machine ssh into the laptop</h2>
|
||||
<div class="outline-text-2" id="text-org66f3f3c">
|
||||
<div class="org-src-container">
|
||||
<pre class="src src-bash">ssh fbone@freedombone.local -p 2222
|
||||
</pre>
|
||||
|
@ -346,18 +346,18 @@ Or alternatively you can log in directly on the laptop. The initial username is
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgaaaf930" class="outline-2">
|
||||
<h2 id="orgaaaf930">Follow the setup procedure</h2>
|
||||
<div class="outline-text-2" id="text-orgaaaf930">
|
||||
<div id="outline-container-org1e1acec" class="outline-2">
|
||||
<h2 id="org1e1acec">Follow the setup procedure</h2>
|
||||
<div class="outline-text-2" id="text-org1e1acec">
|
||||
<p>
|
||||
Enter your user details, domain name and dynamic DNS settings.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="outline-container-orgbd9fe95" class="outline-2">
|
||||
<h2 id="orgbd9fe95">When installation is complete</h2>
|
||||
<div class="outline-text-2" id="text-orgbd9fe95">
|
||||
<div id="outline-container-org95d2fea" class="outline-2">
|
||||
<h2 id="org95d2fea">When installation is complete</h2>
|
||||
<div class="outline-text-2" id="text-org95d2fea">
|
||||
<p>
|
||||
Navigate to your domain and register a new user.
|
||||
</p>
|
||||
|
|
Loading…
Reference in New Issue