From fdac0545acc9a6c07b88191247c4e5094035b43e Mon Sep 17 00:00:00 2001 From: lukeify <5379845+lukeify@users.noreply.github.com> Date: Mon, 5 Aug 2024 22:27:53 +1200 Subject: [PATCH 1/4] feat(linux/debian): initial commit --- Linux/Debian.md | 67 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 Linux/Debian.md diff --git a/Linux/Debian.md b/Linux/Debian.md new file mode 100644 index 0000000..b5193a1 --- /dev/null +++ b/Linux/Debian.md @@ -0,0 +1,67 @@ +# Debian + +Goal of debian is to provide a highly stable, "free" operating system (the user is however able to install non-free components). +[Debian provides their own definition of "free"][1], which seems mostly compatible with the [GNU definition of "free"][2]. +]Debian provides its own list of reasons to use][3]. + +`bookworm` is the current release ("stable")—also called Debian 12, which was released on 10 June 2023. +The latest point release from `bookworm` is Debian 12.6, released on 29 June 2024. +`trixie` is the next release ("testing"), and will be Debian 13. +It does not yet have a scheduled release date. +Packages that have been backported from `trixie` to `bookworm` are available on what's referred to as "backports", which can be added as a separate package source in `/etc/apt/sources.list`. + +Being a highly stable OS, many newly-released devices with new chipsets or internal products may be "too new" to run Debian stable without modification. +This happens to be the case with the Lenovo ThinkPad X1 Carbon (12th gen) laptop. + +## Debian-Kernel package matrix + +Debian 12 currently ships with Linux Kernel 6.1.99 (`linux-image-6.1.99-amd64`). +Debian 12 `backports` contains Linux Kernel 6.9.7 (`linux-image-6.9.7+bpo-amd64`). https://packages.debian.org/source/bookworm-backports/linux-signed-amd64 +Debian `trixie` contains Linux Kernel 6.9.12 (`linux-image-6.9.12-amd64`). https://packages.debian.org/source/trixie/linux-signed-amd64 + +TODO: + +- What is a metapackage? + +## Images + +https://www.debian.org/releases/bookworm/debian-installer/ + +### netinst images + +### CD/DVD Images + +These images are a metaphor for when users would literally insert a CD or DVD into their optical disk to boot and install Debian, and as such are capacity-limited to those storage mediums. +The DVD images usually contain enough packages for + +## Apt preferences + +https://wiki.debian.org/SourcesList +https://wiki.debian.org/AptConfiguration + +## GNOME vs XFCE? + +Desktop environments. +Both can be installed simultaneously. + +## Goal: Run Debian 12 on a Lenovo ThinkPad X1 Carbon (12th gen) + +### Debian 12 Stable Vanilla + +An initial attempt ino + +https://forums.debian.net/viewtopic.php?t=158270 + +#### Intel WiFi Microcode + +#### Sof-sound + +### Kernel Support + +### Compiling an ISO image (Live Builds?) + +https://live-team.pages.debian.net/live-manual/html/live-manual/index.en.html + +[1]: https://www.debian.org/intro/free +[2]: https://www.gnu.org/philosophy/free-sw.html +[3]: https://www.debian.org/intro/why_debian From fc59e6f779b4503404a662b6b47fbefccebb1194 Mon Sep 17 00:00:00 2001 From: lukeify <5379845+lukeify@users.noreply.github.com> Date: Sat, 10 Aug 2024 11:29:38 +1200 Subject: [PATCH 2/4] docs: deb lb notes --- Linux/Debian.md | 143 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 139 insertions(+), 4 deletions(-) diff --git a/Linux/Debian.md b/Linux/Debian.md index b5193a1..7becff0 100644 --- a/Linux/Debian.md +++ b/Linux/Debian.md @@ -46,22 +46,157 @@ Both can be installed simultaneously. ## Goal: Run Debian 12 on a Lenovo ThinkPad X1 Carbon (12th gen) -### Debian 12 Stable Vanilla +This laptop is too new to run Debian 12 vanilla in an acceptable way without modification. +Some of the issues encountered: -An initial attempt ino +* The kernel was not up to date enough, and `6.9` is needed (Intel docs suggest `6.10` is needed?) +* Firmware to use the Wi-Fi 6E AX211 card was not present (and was asking for microcode files), so installing `firmware-iwlwifi` at version `20240709` was needed. + https://www.intel.com/content/www/us/en/products/sku/204837/intel-wifi-6e-ax211-gig/specifications.html +* No sound was available, as an update to `firmware-sof-signed` to `xxx` was needed. https://forums.debian.net/viewtopic.php?t=158270 -#### Intel WiFi Microcode +Remember to install linux headers! -#### Sof-sound +``` +sudo apt -t bookworm-backports install linux-headers-amd64 +``` + +#### Kernel (`linux-image-6.9.7+bpo-amd64`) + +#### Intel WiFi Microcode (`firmware-iwlwifi_20240709-1`) + +Maybe not needed if kernel update is provided? + +#### Sof-sound (`firmware-sof-signed_`) ### Kernel Support +### Kernel Modules + +Tools: + +* modprobe +* lsmod +* insmod +* rmmod + ### Compiling an ISO image (Live Builds?) +Initial guide followed: https://ianlecorbeau.github.io/blog/debian-live-build.html + +```sh +#!/bin/sh +lb config -d bookworm --backports true --debian-installer live \ + --debian-installer-distribution bookworm \ + --archive-areas "main contrib non-free non-free-firmware" \ + --debootstrap-options "--variant=minbase" \ + --linux-packages "linux-image-6.9.7+bpo" + +# Define where to fetch the kernel from +# https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-package-installation.en.html#429 +echo "deb http://deb.debian.org/debian/ bookworm-backports main" > config/archives/bookworm-backports.list.chroot + +# TODO: +# Ensure that recommended packages we actually want to install are present +# Not probably needed if apt-recommends is true +# https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-package-installation.en.html +# echo "user-setup sudo" > config/package-lists/recommends.list.chroot + +# Define packages to install +cat <> config/package-lists/pkgs.list.chroot + firefox-esr + firmware-iwlwifi + firmware-sof-signed + git + iputils-ping + network-manager + network-manager-gnome + vim + xfce + xfce-goodies + yt-dlp +EOF + +# TODO: +# Define the Pin-Priority of the packages we want. +# We need this to ensure packages are installed with the correct version. +# https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-package-installation.en.html#389 +cat <> TODO: +EOF + +# Compiling `tirdad` kernel module by merging in the single change from the upstream `0xsirus` remote that wasn't included in Kicksecure. +# TODO: Need to set git config +git clone --depth 1 https://github.com/Kicksecure/tirdad.git +git remote add original https://github.com/0xsirus/tirdad.git +git fetch original +git merge original/master + +# Need to provide dummy `tirdad` and `tirdad-dkms` package so kicksecure does not attempt to install. +sudo apt install equiv (whatever its called) + +# `xfce4` auto-configuration +mdkir -p config/includes.chroot/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/ +cat <> config/includes.chroot/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml + + + + +EOF +``` + +Speed up live builds by using `apt-cacher-ng` + +TODO: how to test? +Answer: live boot USB? Guide about how to use KVM in live build manual + +#### `tirdad` stuff +I had to symlink in the linux-headers directory into `/lib/modules/$(uname -r)/build` as well? + +``` +ln -sf /usr/lib/$(uname -r)/* /lib/modules/$(uname -r)/build +``` + +Once built, install via: + +``` +install -D -m 644 tirdad.ko /lib/modules/$(uname -r)/extra/tirdad.ko +depmod -a $(uname -r) +``` + +then verify the module exists: + +``` +modprobe tirdad +``` + +insmod tirdad gives a segmentation fault at `cet.c` + +Maybe try setting ibt=off? + +##### `xfce4` configuration + +Configuring XFCE4 window appearance: + +Copy files into `config/includes.chroot` into the right subdirectory from there. + +TODO: + +Try setting: `firmware=never live-installer/enable=false` as boot parameters +https://wiki.debian.org/Firmware +https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-installer.en.html + https://live-team.pages.debian.net/live-manual/html/live-manual/index.en.html +## Whonix installation + +Install in KVM + +https://old.reddit.com/r/Whonix/comments/1721pnw/how_can_i_combine_the_antiforensics_benefits_from/ +https://unix.stackexchange.com/questions/779663/how-to-load-firmware-for-wifi-ax211-in-debian-trixie/779664#779664 +https://unix.stackexchange.com/questions/676105/missing-non-free-firmware-during-debian-installation +https://community.intel.com/t5/Wireless/AX211-160MHz-wifi-problem-on-proxmox-pve-debian/m-p/1562446 + [1]: https://www.debian.org/intro/free [2]: https://www.gnu.org/philosophy/free-sw.html [3]: https://www.debian.org/intro/why_debian From f981a000e6ff7d8f6bf6f98db451044da7e28686 Mon Sep 17 00:00:00 2001 From: lukeify <5379845+lukeify@users.noreply.github.com> Date: Sat, 24 Aug 2024 10:50:39 +1200 Subject: [PATCH 3/4] chore: wip --- Linux/Debian (Take 2).md | 46 ++++++++++++++++++++++++++++++++++++++++ Linux/Debian.md | 3 ++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 Linux/Debian (Take 2).md diff --git a/Linux/Debian (Take 2).md b/Linux/Debian (Take 2).md new file mode 100644 index 0000000..3c07a9c --- /dev/null +++ b/Linux/Debian (Take 2).md @@ -0,0 +1,46 @@ +# Debian (Take 2) + +## Semi-livable base system to use live-build from + +Installed `debian-12.6.0-amd64-DVD-1.iso` via Graphical Installation (Expert) + +Added user to root using `usermod -a -G sudo luke`. + +Installed `linux-image-6.10.4-amd64` debian package manually via `dpkg -i` (from `trixie`). + +- This gave me trackpad support. + +Installed `firmware-iwlwifi-20240709-1` debian package manually via `dpkg -i` (from `trixie`). + +- This gave me WiFi support. + +Updated `/etc/apt/sources.list` away from the DVD installation to the standard bookworm+backports source list. + +Ran `sudo apt update` & `sudo apt upgrade`. This reinstalled the original linux kernel (6.1) + +Added `trixie` to `sources.list`. + +Added a `preferences.d/testing` setting all packages to priority 100, then `linux-image-*` and `linux-headers-*` to 1001. + +Installed both with `apt-get install -t testing` + +Installed `vim`. + +Added a Pin-Priority of 1001 for `firmware-misc-nonfree` to install `20240709` to solve missing i915 drivers. + +- This may also install firmware to resolve sound? +- This may install too much firmware? I don't need mediatek or nvidia drivers. + +Installed `git` and `live-build` + +Installed `speedtest-cli` + +Installed `Bitwarden.appimage` and moved to `~/Applications` + +Added GPG key to git. + +Install `qemu-kvm` `qemu-utils` for the purposes of live-build testing. + +Installed and configured `apt-cacher-ng` + +## live-build specific configuration diff --git a/Linux/Debian.md b/Linux/Debian.md index 7becff0..0f4d821 100644 --- a/Linux/Debian.md +++ b/Linux/Debian.md @@ -87,7 +87,8 @@ Initial guide followed: https://ianlecorbeau.github.io/blog/debian-live-build.ht ```sh #!/bin/sh -lb config -d bookworm --backports true --debian-installer live \ +lb config -d bookworm --backports true \ + --debian-installer live \ --debian-installer-distribution bookworm \ --archive-areas "main contrib non-free non-free-firmware" \ --debootstrap-options "--variant=minbase" \ From 11e1bd24c70681ac6764de87df6faa9d41893e03 Mon Sep 17 00:00:00 2001 From: lukeify <5379845+lukeify@users.noreply.github.com> Date: Sat, 24 Aug 2024 16:38:27 +1200 Subject: [PATCH 4/4] chore: live-build notes --- Linux/Debian (Take 2).md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Linux/Debian (Take 2).md b/Linux/Debian (Take 2).md index 3c07a9c..0fc7c6c 100644 --- a/Linux/Debian (Take 2).md +++ b/Linux/Debian (Take 2).md @@ -44,3 +44,6 @@ Install `qemu-kvm` `qemu-utils` for the purposes of live-build testing. Installed and configured `apt-cacher-ng` ## live-build specific configuration + +Create a fake "disk" for live-build to install to with `qemu-img create -f disk_image.qcow2 12G` +Attempted to test the live-build with `kvm -m 2048M -cdrom live-image-amd64.hybrid.iso -hda disk_image.qcow2 -boot d`