In the previous two posts I covered setting up a gentoo server. Today I will show a method to reduce a Gentoo image - including a full Xorg installation and a web browser to the point where it will easily fit on a 2Gb USB stick.
This image allows the entire system to be encrypted - unlike many 'secure' linux distributions. Furthermore it writes all changes to the filesystem to RAM first. This system, unlike others, employs the zram module to compress the RAM to which filesystem changes are written. Hence it uses far less memory than most livecds.
Provided at the bottom of the page is a VirtualBox image. You can write this to disk using the following set of commands,
assuming you have qemu installed, and the module nbd enabled in your kernel.
$qemu-nbd -c /dev/nbd0 Gentoo.vdi
$dd if=/dev/nbd0 of=/dev/sdX bs=1M
And, if your disk is smaller than the network block device, do not panic, a 2gb usb stick is plenty to house this distribution. You will just need to resize partition 2, using the command:
With this image, changes to the filesystem are saved only when the operator chooses to write the filesystem to disk. This is done using the script commit_filesystem found under the /root/ folder. There are advantages, and disadvantages to this method. It allows one to operate cleanly, and without leaving evidence on the host machine. However when carrying this around on an USB stick, and developing on it on the move, rewriting the entire filesystem each time is slow. Furthermore since flash memory has limited write cycles, it will wear out USB sticks quickly. After writing the filesystem to disk, a hard reboot is necessary, preventing frequent saves of created work.
It is however always possible to create another partition at the end of an USB stick to store files that are often changed and edited, and for which changes do not need to reside in RAM. For this purpose, I recommend a third, encrypted partition with f2fs as it's filesystem. Do keep in mind that this distribution's disk image is written raw to the encrypted disk, so leave room between the second and third partition accordingly.
Package dependencies, and script explanations are much the same as in the previous posts, so I will not cover much of them here. Even the root login, with the password toor, is the same. There are however a few differences.I will explain these differences below, starting with the startup procedure, proceeding to graphical operation.
When first booting, one should pass "encrypt" as the parameter , this allows the image to encrypt itself. It is highly recommended to encrypt it right away - so that personalized changes are protected. After this, the system will need a reboot. Each new boot, the network and xorg will be automatically configured. The scripts included for this image will work for most video drivers and network cards.
You can now login as root, using the password toor. To go graphical, type startx. A minimal window manager, DWM, will start. The configuration files of which are included in the root user's home directory. These configurations include keybindings. For this setup, press Windows+d to show dmenu. You can type a command in dmenu, like firefox, and it will run. Windows + q quits an application. You can use Windows+F[1-6] to switch between virtual desktops. F7 lowers the system volume, F8 increases the system volume.
Now that you have the hang of the system, it is recommended you add a regular user, and copy the file .xinitrc over from /root/ to that user's home directory.
As a final note, it is important, when updating a kernel, to enable the following modules: squashfs, aufs, and zram. And of course to make backups of your image.