Some ideas for an i2p usbstick/distro + HowTo

HowTos, FAQs, Tips & Tricks, & Guides
Post Reply
robabok978
Posts: 36
Joined: 12 Feb 2022 02:58

Some ideas for an i2p usbstick/distro + HowTo

Post by robabok978 »

Got some ideas for an i2p usbstick/distro

It should have multiply usecases for it.

Usable as bootable live system with router capabilities or remote ssh port forwarding from remote i2prouter

Usable as storage for independent linux /home/i2p with i2p user. Run with an installed linux distro with the usbstick provide home i2p user.

Encrypted storage for everyday use or dedicated to i2p content usable on Linux/Mac/Windows



USB Partitionlayout

Bootable with live iso image

Truecrypt Partition

luks encrypted /home/i2p

live iso image


There is a problem that i have to make the usbstick boot with the iso and then move the partition to the end of the stick. The reason for this and that the truecryptpartition has to be the first partition, is that windows otherwise wlil not see it , if you plug it in. This would not alow the use as an encrypted storage other than on linux.

Truecrypt-partition for storing downloaded files within the i2p-session and general encrypted storage

Why the luks home?
Here were store our application for i2p we like to use. It has all the config files. We just need the home/i2p dir and have what we need.

The live iso is not so important i think. I will concentrate myself on LinuxMint and their live install iso. Maybne others, like slax work too, but i will use mint/ubuntu. They are also capable to copy2ram which could be interesting.


What do i think it can be used for and how it would work from point of view:

I only do really need the home directory i thought.


So lets boot from our usbstick with the layout as above.
The live os boots up and we have the Linux Mate Desktop on the screen.
We put in our usbstick. 3 Partitions appear. We click or get prompted for a password and decrypt the home partition on the usbstick.

Now we create a new user i2p and hardlink home/i2p to the home/i2p on the usbstick.
We gave the needed rights.
If haven*t got any browser or need some programs we could install them now and maybe update the core packages.
Or we could use self compiled tor-i2p-browsers or compile them. Every config on the usbstick should be usable with the standard version delivered by the system. Our config and caches are also like everything else we need for persistence in our home dir.

Find a way to switch to our new user. Maybe you just can use the desktop mate and change the user, so we will have our own user desktop with our home i2p dir. Other option would be to start a new xorg server on an other terminal with startx :1, or so.

When we are on our desktop, we can use the system as we are used to. Start the i2prouter.. Everything we configured in firefox should be still there. Or we run our own compiled browser for i2p. Everything we need is in our home.

That's my general approach on this. we only need home.


There are other cases:

If the user wants to use his stick and as so his configuration, on his desktop, but without running it directly on it. He can use virtual machines with the usbstick. If the vm is capable of booting from a passthru usbstik on the host, he just to use a little help and could start the system even on windows. If the system is not capable of booting from usbstick, than you could just download the iso from mint and run it the vmware with your usbstick passthru. THe procedure than is same as above.

When people are getting more used to have the i2p online all the time as an gateway to the i2p network the remote access functionality comes with benefits. You can access a well established router and the user who normally just fire i2p up and then try to browse, have a better experience with 24/7 routers, better system performance and it's better for the network to have more routers.

Maybe the android i2p app will be capable in the future, to have an ssh server which is capable of port forwarding, so that you could use your old android devices or the more powerful androidtvboxes as i2p gateways and snarkplugin etc. for other devices in your homenet.

It also thinkable to use a local native linux. adding a user and after work delete him. Maybe put /tmp /var/tmp temporary on tmpfs and later back, so that the system don't get dirty.


The scripting does not seem to difficult, but i have just a small experience to make it good and if you want it more automatic without an linux user with some knowledge using it, the usbstick pattioning, encrypting is such a part, which other have scripted better before and for sure more secure. But the mount,switching should not be the problem, i think.

I don't know if you get more users to try it out with the USBSTICK. Maybe the vm part for faster testing/using/encStorage and the combining of remote access to i2prouters as androidapps on android devices could be some plus for some people. Or maybe usbsticks as giveaways on political campaigns, chinese tourists and so on :)

What i also like, is that it is not a real distro. There is no real maintaining or support. The live distros comes for free and if somebody use it on their linux there are most of the time ready to chose what is good for their system and whats better seperated and windowsusers will try it.

What is your opinion?
Thanks
Last edited by robabok978 on 19 Feb 2022 22:43, edited 1 time in total.
robabok978
Posts: 36
Joined: 12 Feb 2022 02:58

Re: Some ideas for an i2p usbstick/distro

Post by robabok978 »

I have tried it. Works.

HowTo:

The partitiions:

Use gparted to create following partitions:

1. NTFS
Create a ntfs part. We will later create a truecrypt image for using with windows and maybe android. It need to be the first partition on the stick otherwise windows will not see it. The image will store the data you will downlod or whatever has to be archived in your sessions. You will be able to mount the ntfs partition in windows and use truecrypt or veracrypt to access your data. It will take the role of a general encrypted storage. In this role it will take most of the space on the stick.

2. VFAT
This is the partition which will hold our live image of the Linux Mint installer iso. Size has to be according to your image. Like 3++ GB. Could be done in extfs too if the image gets bigger than 4GB, but i will stay with vfat.

3. luks encrypt/ext4
With gparted we will create an unformated partition at the end of the usbstick. This is for our with luks encrypted home folder with our user i2p. We will do this later in the live session with the volumemanager Disks. Size? This is your home folder. We will download and run apps from here, so i wouldn't be to cheap here. Ext4 is used because of security, rebustness and to keep the permissions.

Now we need to install the live system and make the usbstick bootable. We download the Linux Mint Mate iso image from the Linux Mint site. After this we need unetbootin for making the stick bootable and to install the live system. Install it. In the GUI choose the mint image. Look for the device name to install to. This should be the vfat partition on your stick. Install the live system.

After that, boot up the live system. You should see a blueish bootmenu screen. Here we could use editing by tab for the boot parameters and could add toram as parameter to archieve CopytoRam to load the complete live system into ram.

In the live session will use preferences - disks to encrypt the 3. partition and format it with ext4.

Now we should have 3 partition. Launching caja we should see the ntfs and the encrypted partition still unencrypted. If you boot the system without any disk inside the devices, the partitions of the usbstick should be sda1,sda2,sda3.

After that we create our user and link the home folder to the encrypted usb partion sda3. Open up te terminal.

First the user:

sudo adduser --no-create-home i2p
sudo usermod -a -G users,sudo,video,audio,disk i2p

who has no home folder. We will mount the enc part and link the folder on the enc part to home.
There is also the possibility to create the user at the first time without linking it first. You would switch later to the new user i2p, work on the session and after that copy as root the home i2p user folder to the enc partition.

Make a folder, mount the enc partition and link the folder:

sudo cryptsetup luksOpen /dev/sda3 mobhome

sudo mkdir /mnt/mobhome

sudo mount /dev/mapper/mobhome /mnt/mobhome

sudo ln -s /mnt/mobhome/i2p /home/i2p

There could be permisson problems here or not. I used to change the permissions to work, but i don't know. If you used a folder created by the system permissions should be ok.

This is it. Now click logoff and switch to the user i2p. Everything should be ok. Update firefox and install needed apps as you used to. I tried muwire, i2pplus, jdownloader and for clearnet browser ungoogled-chromum as appimage. Everything went fine and performed well for this device.

I ran it on an old athlon x2 64 notebook with 4GB ram and an old usb 2.0 stick. Booting time is ok, not bad actually. If you copy to ram it will boot for a longer time. Almost 400MB of ram is used and with toram 2++GB. With firefox updated and running, i got 1.8 -2 GB use of ram.

Watching nmon i didn't see any big writing on the stick, so i guess it harmless for the stick. BraveBrowser used to be happy to write, but i didn't installed it.

For the truecrypt-container i used zulucrypt and created a ntfs truecrypt container image with a little lesser size than the partition. The ntfs partition is mountable by caja and the user and can use zulu gui to mount the image. I used the ntfs partition for some infos and scripts commands. Maybe it is the right place for that. I can imagine having multiply scripts for installing other apps like brave, firefox esr, which have a slightly complicated installation. These and a general script for installing and updating is doable and would speed up these things a lot, even if the commands are not too many.

Change Keyboard layout:
Mint-> menu-> Preferences -> Keyboard -> Layout choose your one
Stays persistent.

Copy to RAM with a kernel parameter. In the boot menu press tab and edit end of the line: linux....quiet with an appended 'toram'.


I see nno reason, why this not will work in vbox or vmware. I haven't tested yet, but if the vm allows usb passthru, it should work like the way above mentioned. Windows user can do this too. Install vm, download iso, mount as dvd in vm,stick usbstick in, boot.

At the end we have an encrypted stick with truecrypt accessable from windows
A portable encrypted customized home partition for a user running various applications on possible different linux systems or live linux systems.
A system capable of running in virtual machines with the same purpose and handling.
Easy update with original live install. Just use unetbootin again. Should work with other live distros too.

It is easy to maintain and does its part better than i expected. I don't know if this is what people expect for an i2p distro, maybe someone will try it on older machines or in the vm. Or somebody will do a combination of the live iso with a disk image with home in the configuration above. The home would have i2prouter, i2pwebaddon i2pbrowser with build env configured and ready to use i2p. That would be download iso, download homeimage.img, install vmware, run it with iso and img as disk, use the scripts. Could be easier for people.

Also it is a full system and installer, so it doesn't have to stop with i2p here.

One thing i haven't tried too, is to install the vbox guest extensions. I think they need a reboot or a manual modprobe.


I hope i have explained well enough for you to try it or think about this concept for using it with other applications.
I would be really nice if some has some script approach to automate more and give lesser knowledgable people a chance to try this, even in the function of an encrypted usbstick with weird blue computer virus, if the usbstick stuck in the slot while rebooting :)
Post Reply