💾 Archived View for omg.pebcak.club › ~freezr › gemlog › stealthbox-setup.gmi captured on 2024-05-12 at 15:13:57. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-03-21)
➡️ Next capture (2024-08-18)
-=-=-=-=-=-=-
ISSUED: 2023-12-06 EDITED: 2024-02-16
At this point there isn't left much to do, but it is required you to have access to the network property of your Windows machine, if you can't the FAQ provides a viable alternative.
Make a StealthBox with Devuan and Libre Computer Renegade: FAQ
The Stealthbox is connected to the Windows machine through a cross cable:
This actually the same cable I use
đź’ˇ Be aware the color code for the ethernet crosscable is red đź”´
I recommend to start changing the settings on the board before.
sudo micro /etc/network/interfaces
The new settings:
auto lo iface lo inet loopback # eth0 auto allow-hotplug end0 iface eth0 inet static address 10.0.10.2 netmask 255.255.255.0 gateway 10.0.10.254
And this is done…
A nasty systemd-related issue prevents to unlock the board from SSH during the booting time. Spotting this out took a lot of time, and as usual OP2 helped me with a solution.
Open the file script:
sudo micro /usr/share/cryptsetup/initramfs/bin/cryptroot-unlock
Check for this block:
if [ ! -f "$TABFILE" ] || [ "$TABFILE" -ot "/proc/1" ]; then # Too early, init-top/cryptroot hasn't finished yet echo "Try again later" >&2 exit 1 fi
Modify it to:
if [ ! -f "$TABFILE" ] ; then # Too early, init-top/cryptroot hasn't finished yet echo "Try again later" >&2 exit 1 fi
⚠️ You need to fix this script every time the package dropbear-initramf gets any update.
sudo micro micro /etc/initramfs-tools/conf.d/IP
The new settings…
DEVICE=eth0 IP=10.0.10.2::255.255.255.0::10.0.10.254::
Next…
sudo update-initramfs -c
Power off the board.
sudo shutdown -h now
đź’ˇ shutdown turn off the OS gracefully instead of `sudo poweroff`
On Windows it easier doing the changes through GUI, please follow the images:
Now a pause on windows, I'll come back later on it.
Spies do their jobs without let them noticing. Mount your ethernet USB port on a USB3 back case ports, front case USB ports are known to be flaky, put the board where you can have easy access to it and where nobody can notice its presence, plug the red cable on USB ethernet and on the board, plug the mini usb ac and the power supply.
If you haven't made it yet, you have to create a pair of keys, check for the windows instructions on this related gemlog:
⚠️ Only for the creation of the keys section: "Loading the public key into Dropbear"
Setup Dropbear to unlock Debian on the Libre Computer "Renegade" over your Local Network
Now always from the Terminal run that command to unlock the board:
ssh -i .\.ssh\unlock_luks -O "HostKeyAlgorithms ssh-rsa" -p 222 YOUR-USER@10.0.10.2 -v
Wait some seconds and SSH into the board typing your password
ssh YOUR-USER@10.0.10.2
Now you are inside your Stealthbox, modify the network interfaces to use the tethering from your (Android) mobile:
⚠️ I don't use Apple devices, I used to do but I stopped more than twenty years ago. I am pretty sure that do not exist drivers for Linux and as well doesn't exist Termux on iPhone; sorry I couldn't help with this…
# usb0 allow-hotplug iface usb0 inet dhcp
to get internet working at full speed follow this tutorial:
# The day I boosted my tethering connection
OpenRC should be able to get the usb0 interfaces up even if you unplug and re-plug the cable cause you need the mobile, in that case you must re-run the DHCLIENT command:
sudo dhclient usb0 -v
⚠️ Sometimes that command isn't enough and you need to perform other operations that are described in the section "Caveats" at the bottom of this page.
I already talked about it in another gemlog, as you might figured out, each gemlog is the sum of the former experiences, this the pebcak's way!
sudo apt install tightvncserver
It will prompt to type a 8 character password and guess what?
R E N E G A D E 1 2 3 4 5 6 7 8
But you can use the one that you like the most.
It will ask also to create a "read-only" password, say no!
lastly It will prompt the command to run the vnc server, that will be:
vncserver :1
The next settings is to run the server anytime the board boot, before the systemd era those stuff were easy as:
crontab -e
And type:
@reboot USER="YOUR-USER" vncserver -geometry 1440x900 :1
❓ @reboot — It is a special macro that launches a command as soon as the boot stages are completed!.
đź’ˇ On my 2K Display I find very comfortable this resolution: 1440x900; perhaps with lower resolution 1366x768 should be fine.
Now it is possible reboot the board or testing the VNC server using the aforementioned command:
vncserver :1
I found convenient and practical download and using TigerVNC:
Download for Windows is available here:
https://sourceforge.net/projects/tigervnc/files/stable/
You must look for the latest stable and download the "tigervnc64-[LATEST-VERSION].exe"; for the time I am writing this gemlog the latest version is 1.13.1 therefore you should look for "tigervnc64-1.13.1.exe".
As I mentioned in the F.A.Q. you can download and extract that binary on a USB pendrive.
The setup is very basic I used the defaults without changes, just follow the the images:
When ready click OK and it will ask the password:
Type in and there you go!
If you haven't setup a graphic environment perhaps you are just looking to a big Xterm terminal. Electing a lightweight graphic environment is essential for a good experience.
In the *nix world we usually divide the graphic environment in two categories: Desktop Environments (DE) and Windows Managers (WM).
? Windows Managers have their own sub-categories: stacking and tiling.
The former are complete environment that offer a lot of functionalities, ad-hoc tools and rely on specific libraries, like for instance XFCE4 or KDE Plasma; the latter are generally lighter, with less functionality and with a minimum footprint, perfects to be used on a small single board computer like this one!
Wikipedia: Stacking window manager
Based of what available on the Debian/Devuan repository I recommend one of these three windows managers:
A WinXP-like stacking windows manager with a single panel, menu button and tray. Very intuitive, fully customizable, easy to setup and features reach!
sudo apt install icewm xorg
It is an amazing stacking windows manager with a total different paradigm but it is really complete and blazing fast. It allows you a variety of windows and tab combinations. This is not recommended for a standard desktop experience.
sudo apt install icewm xorg
This is my favorite and the one I am currently using. It was realized after the NeXTSTEP user interface. It is a Windows Manager but it is also complete as a real Desktop Environment with a lot of applets and extra settings. It does all the fancy stuff that modern DE like Gnome 3/4 states to have invented, its retro-look fit very well the small windows I assigned to my VNC session:
sudo apt install wmaker xorg
If you are a power user install one you like the most but I discourage the usage of any DE.
Here you have all the packages I've installed from the repository:
This section is pretty juicy so read it carefully!
What is launched at VNC session is defined in .vnc/xstartup inside your home!
This is mine setup:
#!/bin/sh # Load X resources (if any) if [ -e "$HOME/.Xresources" ] then xrdb "$HOME/.Xresources" fi # xsetroot -solid black xmodmap -e "keysym Alt_L = Multi_key" & x-terminal-emulator -geometry "80x24+10+10" -ls -title "$VNCDESKTOP Desktop" & x-window-manager & xautolock -time 1 -locker slock &
I disabled Ipv6 for the cable connection, this can be achieved with:
sudo sysctl -w net.ipv6.conf.eth0.disable_ipv6=1
To make effective the change:
sudo sysctl --system
Otherwise it will be applied next boot.
How to reload sysctl.conf variables in Linux
Netplug allows to reconnect automagically the network — even the SSH connection — if it drops, for instance by a unplugged cable, from my tests it works very well with the `eth0` interface:
sudo apt install netplug
Then:
sudo micro /etc/netplug/netplugd.conf
type in:
eth*
Now "allow-hotplug" must be commented in: /etc/network/interfaces
Below my full configuration:
# interfaces(5) file used by ifup(8) and ifdown(8) # Include files from /etc/network/interfaces.d: source /etc/network/interfaces.d/* auto lo iface lo inet loopback ## CROSS CABLE SETUP: eth0 auto eth0 #allow-hotplug eth0 # DISABLE THIS LINE iface eth0 inet static address 10.0.10.2/24 netmask 255.255.255.0 gateway 10.0.10.254 # DHCP SETUP: usb0 ## Won't be touched by netplug auto usb0 allow-hotplug usb0 iface usb0 inet dhcp
The daemon is already started after the installation, otherwise you can reboot the board!
LibreWolf is a heavily hacked and hardened Firefox fork, on aarch64 is available as appimage, you can download from it:
https://gitlab.com/librewolf-community/browser/appimage/-/releases
Create the directory and save the appimage file
sudo mkdir -p /opt/librewolf/ cd /opt/librewolf/ sudo wget https://gitlab.com/api/v4/projects/24386000/packages/generic/librewolf/120.0-2/LibreWolf.aarch64.AppImage
Or if you already boosted your tethering:
sudo curl --socks5-hostname 127.0.0.1:12000 https://gitlab.com/api/v4/projects/24386000/packages/generic/librewolf/120.0-2/LibreWolf.aarch64.AppImage -o LibreWolf.aarch64.AppImage
Create a symbolic link:
sudo ln -s /opt/librewolf/LibreWolf.aarch64.AppImage /opt/librewolf/librewolf
Update `www-browser` alternative:
sudo update-alternatives --install /usr/bin/www-browser www-browser /opt/librewolf/LibreWolf.aarch64.AppImage 50
Output:
update-alternatives: using /opt/librewolf/LibreWolf.aarch64.AppImage to provide /usr/bin/www-browser (www-browser) in auto mode
Update the `xdg-settings` ; if you check to which browser is the OS associated with, you'll see Firefox-esr:
xdg-settings get default-web-browser firefox-esr.desktop
To change to LibreWolf:
xdg-settings set default-web-browser librewolf.desktop
Checking again:
xdg-settings get default-web-browser librewolf.desktop
Eventually create the .desktop file:
sudo micro /usr/share/applications/librewolf.desktop
And paste:
[Desktop Entry] Name=LibreWolf Exec=/opt/librewolf/librewolf %u Icon=librewolf Type=Application MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;application/x-xpinstall;application/pdf;application/json; StartupWMClass=LibreWolf Categories=Network;WebBrowser; StartupNotify=true Terminal=false X-MultipleArgs=false Keywords=Internet;WWW;Browser;Web;Explorer; Actions=new-window;new-private-window;profilemanager; [Desktop Action new-window] Name=Open a New Window Exec=/opt/librewolf/librewolf %u [Desktop Action new-private-window] Name=Open a New Private Window Exec=/opt/librewolf/librewolf --private-window %u [Desktop Action profilemanager] Name=Open the Profile Manager Exec=/opt/librewolf/librewolf --ProfileManager %u
Now LibreWolf is officially the default browser anywhere!
I was stuck at this step for a eternity, an annoying pebcak prevented to use xscreensaver and many other lockers all for the exact same reason:
xscreensaver --no-splash xscreensaver: 12:09:54: XInput extension missing xtrlock -f xtrlock (version 2.15): No X Input extension
It came to my rescue a suit of fantastic software called: "Suckless Tools" ; the name is totally programatic and a guarantee! The locker shipped with the suckless tools, `SLOCK`, works without issues and without complaining!
However it is unable to trigger itself, it is required another packages that is monitoring the activity, to fill this gap I installed `XAUTOLOCK` as well.
sudo apt install suckless-tools xautolock
These packages are very light and do not requires tons of depedencies to work!
If you noticed it, the command to launch it at every session are already in the "Launch the WM automatically" section.
On my test with Debian systemd was able to handle better the usb0 connection with Devuan/OpenRC sometimes you have to go through a process to re-establish the tethering connection.
Sometimes the tethering drops even if it is running from TMUX; to check status you must go into the current TMUX session:
tmux attach-session
If you notice a lot of calls in idle, e.g.:
debug1: Connection to port 12000 forwarding to socks port 0 requested. debug1: channel 4: new dynamic-tcpip [dynamic-tcpip] (inactive timeout: 0) debug1: Connection to port 12000 forwarding to socks port 0 requested. debug1: channel 4: new dynamic-tcpip [dynamic-tcpip] (inactive timeout: 0) debug1: Connection to port 12000 forwarding to socks port 0 requested. debug1: channel 4: new dynamic-tcpip [dynamic-tcpip] (inactive timeout: 0) [...]
The connection is dropped, to come back the connection again you may try in order:
If for some reason you connect the board to a monitor while still taking the internet connection from any interface but eth0, you need to deactivate eth0 in order to make the other connection is the primary on, e.g.:
sudo ifdown eth0 sudo dhclient usb0 ping www.devuan.org
And if you want use the internet connection from your ethernet you must comment — comments start with # — the current settings and enable the following one:
sudo micro /etc/network/interfaces ## DHCP eth0 allow-hotplug eth0 ifce eth0 inet dhcp
I hope to have touched all the necessary points to convert your Libre Computer ROC-RK3328-CC with Devuan into a Stealthbox! Actually using Devuan is not required, besides preferring Devuan to Debian, I feel that any system without systemd is faster because systemd is essentially bloated, so my recommendation is to stick with Devuan.
As usual should you find something wrong please do to not hesitate to contact me!
Thanks… 🙏
────────────