Provided by: bilibop-common_0.6.3_amd64 
NAME
bilibop - run Debian GNU/Linux from an external media
DESCRIPTION
A lot of GNU/Linux distributions - at least the most popular of them - provide freely downloadable .iso
or .img disk images that can be copied on a USB memory stick (sometimes with just cat(1) or dd(1),
sometimes in a more complicated way) and immediately usable 'as is'.
But such operating systems are not designed to be modified; they are read-only, and even when they
provide a 'persistent' feature, it is limited. Additionally, they are currently unmaintainable, in the
sense that rebuild the complete image of the root filesystem is the only way to update the system or
modify its settings in depth. This is often a hard or heavy task that cannot be done from the system
itself: this needs a dedicated work space, outside of the running system, and this often needs another
operating system to replace the disk image by the new one; and some of these tasks can be done only by
experienced users. Others have to wait for the next release, if it comes a day.
Bilibop stands for 'Bilibop Is Live Install Boot On Pendrive'. This recursive acronym is now obsolete,
but the name has been kept. The bilibop project is born as an alternative to the LiveUSB systems.
By performing a standard installation of Debian directly on a removable media — currently a USB key or an
external HDD — it is possible to use it as a LiveUSB system, with the big difference that it behaves like
any installed Debian OS: it can be maintained, modified, updated, or even broken by the root user at any
time. In fact, without specific settings, it can be broken by an unprivileged user at any time; but this
is also the case of LiveUSB systems.
So, bilibop is a collection of scripts using or used by other programs (initramfs-tools(7), udev(7), or
GRUB2) to help admins to maintain a Debian GNU/Linux operating system installed on a removable and
writable media, even if some of these scripts may also be used in other contexts. One of its main goals
is to fix security issues or harden standard rules and policies, to make the system more robust in this
particular situation. Instead of yet another new, living fast and dying young, Debian based distribution,
bilibop has been designed as a set of few debian packages. bilibop-lockfs may also be installed on a
laptop or on a public computer as an alternative to fsprotect or overlayroot, and bilibop-udev (or
bilibop-rules) should also be installed on a LiveUSB.
BILIBOP PACKAGES
bilibop
This is a meta package, depending on several other binary packages from the same bilibop source
package.
bilibop-common
It mainly provides shell functions and documentation. See README.Debian in the documentation of the
package for details about these functions. It also includes the drivemap(1) command.
bilibop-rules
This package provides udev rules and helper scripts. Its main purpose is to fix the external drive
hosting the running system, and all its partitions, as owned by the 'disk' group instead of 'floppy',
as done by the common udev rules applied to removable media. This is a workaround of the bug #645466.
The udev rules provided by this package work even when the root filesystem is on a LUKS device, a LVM
Logical Volume, a loop device or is an aufs(5) or overlay mountpoint. bilibop-rules also includes the
lsbilibop(8) command, and some helper scripts in /usr/share/bilibop, that can be executed manually or
with 'dpkg-reconfigure bilibop-rules'. See README.Debian in the documentation of the package for
details.
bilibop-udev
This package is a kind of subset of bilibop-rules, and is more suited for LiveUSB systems. It just
makes that the drive hosting the running system, and all its partitions, belong to the 'disk' group
instead of 'floppy'. Its udev rules also create a symlink (/dev/bilibop) pointing to the drive name.
See README.Debian in the documentation of the package for details.
bilibop-lockfs
By using an initramfs script and a mount(8) helper script, filesystems are mounted as readonly branches
of a union filesystem (either aufs(5) or overlay) the corresponding writable branches being on
temporary filesystems. Additionally, block devices are set readonly too, avoiding low-level write
access on them, even by root. All this makes the operating system unbreakable, unless with a hammer.
See README.Debian in the documentation of the package for details.
INSTALLATION
Debian can be installed on a removable drive as it is on an internal one, except:
• It is highly recommended to install a full encrypted system. Otherwise, what can happen if the USB
stick or the external HDD has been lost or forgotten somewhere, or even thieft ? Unfortunately (but
there are evident security reasons), this can not be fully preseeded.
• Due to write-cycles limits on flash memory, it is not recommended to use a swap area on them: this can
dramatically decrease the lifetime of the drive.
• Even if the amd64 is now the most common architecture on modern Personal Computers, installation of a
x86 system will make it more versatile and work both on amd64 and i386 architectures (and even on ia32,
but this needs at least a specific partition scheme).
• Take care, near the end of the installation, that the bootloader will be installed on the MBR of the
drive where the system has been freshly installed: choosing the default 'install on MBR' will install
it on the Master Boot Record of the first disk !
• Taking previous recommendations into account, choose 'Expert Install' or 'Expert Graphical Install' in
the installer boot menu. if you have to install Debian on several devices, don't perform an automated
installation via the 'Auto Install' option in the installer boot menu. If you really need to automate
this process to win time, use a preseed file instead.
SETTINGS AND CONFIGURATION
The main advantage of a standard installation over a Live system is that the installed one can exactly
answer your needs: if the needs change, the system can be easily modified. It can be installed and
configured to be used as/for:
• daily usage (this is my case)
• router and/or firewall for a LAN
• ftp and/or http server (this is my case)
• forensics and rescue system (this is may case)
• embedded Debian repository (this is my case)
• testing system
• educational purposes
• others
Because an operating system running from an external device is generally used on different computers,
with potentially different keyboards, architectures, monitors, and so on, it could need some special
settings to be as versatile as possible. Maybe the field is too large to be covered into a single manual
page: see /usr/share/doc/bilibop-common/misc/* for some tips and tricks, details and suggestions about
possible settings.
FILES
/usr/share/bilibop-common/README.Debian
/usr/share/bilibop-common/examples/bilibop.conf
/usr/share/bilibop-common/misc/*
/usr/share/bilibop-lockfs/README.Debian
/usr/share/bilibop-lockfs/examples/bilibop.conf
/usr/share/bilibop-rules/README.Debian
/usr/share/bilibop-rules/examples/bilibop.conf
SEE ALSO
bilibop.conf(5), drivemap(1), lsbilibop(8)
AUTHOR
This manual page has been written by Bilibop Project <quidame@poivron.org>.
bilibop 2015-07-14 BILIBOP(7)