[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
slackware:liveslak [2021/01/21 18:41 (UTC)] – Update the README.txt to match liveslak-1.3.9 alienbobslackware:liveslak [2021/11/24 06:14 (UTC)] – Updated the rsync URI for slackware.uk alienbob
Line 47: Line 47:
  
 Common download locations are: Common download locations are:
-  * Primary site: http://slackware.nl/slackware-live/ (%%rsync://slackware.nl/mirrors/slackware-live/%%) +  * Primary site: http://download.liveslak.org/ (%%rsync://liveslak.org/liveslak/%%) 
-  * Darren's http://slackware.uk/people/alien-slacklive/ (%%rsync://slackware.uk/people/alien-slacklive/%%)+  * Darren's http://slackware.uk/people/alien-slacklive/ (%%rsync://slackware.uk/liveslak%%)
   * Willy's http://repo.ukdw.ac.id/slackware-live/   * Willy's http://repo.ukdw.ac.id/slackware-live/
   * Shasta's http://ftp.slackware.pl/pub/slackware-live/ (%%rsync://ftp.slackware.pl/slackware-live/%%)   * Shasta's http://ftp.slackware.pl/pub/slackware-live/ (%%rsync://ftp.slackware.pl/slackware-live/%%)
Line 99: Line 99:
  
 Another difference between Syslinux and Grub2 menus: in Grub2 you can select a non-US keyboard, language and/or timezone and you will return to the main menu every time.  You still have to select "Start SLACKWARE Live" to boot the computer.  In the Syslinux menu, only the keyboard selection menu will return you to the main menu.  Any non-US *language* selection on the other hand will boot you into Slackware Live immediately; without returning to the main menu.  This is a limitation of syslinux which would require exponentially more menu files to construct a menu with more choices.  Grub2 supports variables which make it easy to modify a menu entry's characteristics. Another difference between Syslinux and Grub2 menus: in Grub2 you can select a non-US keyboard, language and/or timezone and you will return to the main menu every time.  You still have to select "Start SLACKWARE Live" to boot the computer.  In the Syslinux menu, only the keyboard selection menu will return you to the main menu.  Any non-US *language* selection on the other hand will boot you into Slackware Live immediately; without returning to the main menu.  This is a limitation of syslinux which would require exponentially more menu files to construct a menu with more choices.  Grub2 supports variables which make it easy to modify a menu entry's characteristics.
 +
 +
 +=== UEFI Secure Boot ===
 +
 +
 +On computers with Secure Boot enabled, extra measures may be required to boot an Operating System.  Slackware for instance, is unable to boot on a computer that has Secure Boot enabled. Historic liveslak based ISOs are also not able to boot there. From liveslak-1.5.0 and onwards, Secure Boot is supported for the 64-bit ISO images.
 +
 +Secure Boot enforces that the first-stage bootloader is signed with an encryption key known to Microsoft.  For Linux based Operating Systems, the most widely used solution is to place an small single-purpose bootloader before the regular Linux bootloader.  This EFI bootloader is called 'shim' Shim must be cryptographically signed by Microsoft for it to successfully boot a computer.  This is not a trivial process, Microsoft is very strict about the signing process because in essence your signed bootloader will boot anything on a Secure Boot enabled computer, including malware if that was signed by your 'distro key' That would create a huge security hole and defy the purpose of Secure Boot.
 +
 +Signing your Grub bootloader and your kernel also becomes mandatory, because the 'shim' refuses to load un-signed binaries.  This complicates the process of upgrading to a new kernel further.
 +
 +The Slackware Live OS boots on a Secure Boot enabled computer if created with liveslak-1.5.0 or newer, and only for the 64-bit liveslak ISO images.  The Slackware Linux distro does not ship a 'shim' which is signed by Microsoft, so how to get around the dilemma of requiring a signed 'shim'?
 +
 +To realize this, the Slackware Live ISO 'borrows' a 3rd-party 'shim'. The binaryis actually called ''bootx64.efi'' in the ''/EFI/BOOT/'' directory and has been extracted from another distro's officially signed 'shim' package; Fedora by default but the Debian and openSUSE shim are also supported by the ''make_slackware_live.sh'' script.  This 3rd-party 'shim' binary has been signed by 'Microsoft UEFI CA' which will allow it to boot on any computer. We just need to tell it that is OK to load Slackware's Grub and kernel into memory.
 +
 +A distro 'shim' like Fedora's contains an embedded distro SSL certificate and 'shim' will trust the signature of any binary (grub, kernel, etc) which has been signed using that certificate. Of course, 3rd-party 'shim' binaries do not embed a Slackware SSL certificate. Therefore, another means must be used to establish trust.  Secure Boot recognizes additional SSL certificates in the computer's MOK (Machine Owner Key) database as valid.  The 'shim' trusts custom SSL vertificates of signed binaries, if they are present in the MOK database.  It is up to the user (the Machine Owner) to enroll a custom SSL certificate into that database.
 +
 +The Grub and kernel images of Slackware Live Edition are signed with an 'Alien BOB' SSL certificate and private key.  This SSL certificate needs to be added to the MOK database of your Secure Boot enabled computer.  All liveslak ISOs use this specific certificate plus its associated private key. The private key will of course never be distributed but a 'DER-encoded' version of the public certificate is distributed as part of the ISO.  You can find it as ''/EFI/BOOT/liveslak.der'' inside the ISO. On a persistent USB stick which you created from the ISO, this will be on the second partition (the ESP).
 +
 +== Add the ''liveslak.der'' certificate to the MOK database ==
 +
 +There are two ways to add or enroll this certificate.
 +  * When you boot a Secure Boot enabled liveslak ISO for the first time, the 'shim' will fail to validate the certificate of liveslak's Grub. It will then start the 'MokManager' showing you a nice blue screen with a dialog requesting you to enroll a public key (aka the SSL certificate) from disk. You can use the file selector to browse to the 'efi' partition and there to the ''./EFI/BOOT/'' directory. Select the ''liveslak.der'' and confirm that this is the correct certificate. The computer will then reboot and after reboot, you will automatically end up in the Grub boot menu without any further intervention.
 +  * If you already have a Linux OS up and running on that computer, you can use the program ''mokutil'' to enroll the key before you boot a liveslak ISO:<code>
 +# mokutil --import liveslak.der</code> This command will schedule a request to shim, and the first time you boot a liveslak ISO the MokManager will ask confirmation to enroll the scheduled key.  In other words, you won't have to 'enroll from disk'.
 +
 +Note that MOK key enrollment is a one-time action for the official liveslak based ISOs.  All future liveslak ISOs will also be signed using this ''liveslak.der'' certificate and as long as it stays in your computer's MOK database, the 'shim' will load Grub and the kernel without complaint.
 +
 +Note that you can create your own SSL certificate plus private key and use those to generate custom liveslak ISO images with Secure Boot support.  All you need to do is to enroll the public key (the DER-encoded version of your SSL certificate) into the MOK database of your computer.  The MOK database has room for multiple keys so yours as well as liveslak's keys (and more) will fit there.
 +
 +
 +=== Boot from an ISO file on disk ===
 +
 +
 +If you downloaded a liveslak ISO file and want to boot that ISO directly from its location on your computer's hard drive, you can use this Grub configuration block and add it to your ''/boot/grub/grub.cfg'':<code>
 +menuentry "LIVESLAK ISO" --class gnu-linux --class os --class icon-linux {
 +  set iso='/data/ISOS/slackware64-live-xfce-current.iso'
 +  set bootparms='load_ramdisk=1 prompt_ramdisk=0 rw printk.time=0 kbd=us tz=Europe/Amsterdam lang=nl'
 + 
 +  search -f $iso --set=root
 +  loopback loop $iso
 +  linux (loop)/boot/generic livemedia=scandev:$iso $bootparms
 +  initrd (loop)/boot/initrd.img
 +}</code>
 +
 +This example will add a 'LIVESLAK ISO' menu entry to your local computer's boot menu, through which you can start a downloaded XFCE Live ISO pre-configured for a US keyboard, Dutch language and Amsterdam timezone.
  
  
Line 120: Line 166:
   -o|--outdev <filename>     The device name of your USB drive.   -o|--outdev <filename>     The device name of your USB drive.
   -p|--persistence <name>    Custom name of the 'persistence' directory/file.   -p|--persistence <name>    Custom name of the 'persistence' directory/file.
 +                             If it does not exist yet, create it manually.
   -r|--refresh               Refresh the USB stick with the ISO content.   -r|--refresh               Refresh the USB stick with the ISO content.
                              No formatting, do not touch user content.                              No formatting, do not touch user content.
Line 403: Line 450:
   Use this if you are using a different   Use this if you are using a different
   directory/file than "persistence" for storing persistent data.   directory/file than "persistence" for storing persistent data.
 +
 +persistence=/dev/sdX:/path/to/mypersistence
 +persistence=scandev:/path/to/mypersistence =>
 +  Use this if the persistence directory or container is not located on
 +  the USB stick, but on a local hard disk partition.
 +  Useful for network (PXE) boot where you still want to offer users persistence.
  
 toram => toram =>
Line 749: Line 802:
  -O <outfile>       Custom filename for the ISO.  -O <outfile>       Custom filename for the ISO.
  -R <runlevel>      Runlevel to boot into (default: 4).  -R <runlevel>      Runlevel to boot into (default: 4).
 + -S privkey:cert    Enable SecureBoot support and sign binaries
 +                    using the full path to colon-separated
 +                    private key and certificate files.
  -X                 Use xorriso instead of mkisofs/isohybrid.  -X                 Use xorriso instead of mkisofs/isohybrid.
 </code> </code>
Line 760: Line 816:
 Another example which creates a MATE variant, configuring runlevel '3' as default and specifying a custom path for the Slackware package repository root (note that the script will look for a subdirectory "slackware64-current" below this directory if you are generating this ISO for slackware64-current): Another example which creates a MATE variant, configuring runlevel '3' as default and specifying a custom path for the Slackware package repository root (note that the script will look for a subdirectory "slackware64-current" below this directory if you are generating this ISO for slackware64-current):
   # ./make_slackware_live.sh -d MATE -R 3 -s ~ftp/pub/Slackware   # ./make_slackware_live.sh -d MATE -R 3 -s ~ftp/pub/Slackware
 +
 +An example on how to create a DAW Live ISO which supports UEFI SecureBoot (since liveslak 1.5.0 and only for 64-bit), is compressed using 'zstd' instead of the default 'xz' and is generated using xorriso instead of mkisofs. You need to provide the full path to a SSL private key and certificate file:
 +  # ./make_slackware_live.sh -d DAW -c zstd -X -S /root/liveslak.key:/root/liveslak.pem
  
 If you want to know what package sets are included in any of these Desktop Environments, run the following command: If you want to know what package sets are included in any of these Desktop Environments, run the following command:
Line 868: Line 927:
   * The filesystem of the Live media is made available to the user of the Live OS as "/mnt/livemedia" If the media is a USB stick then you will have write access to "/mnt/livemedia".   * The filesystem of the Live media is made available to the user of the Live OS as "/mnt/livemedia" If the media is a USB stick then you will have write access to "/mnt/livemedia".
   * With the root filesystem assembled, the Live OS is configured before it actually boots:   * With the root filesystem assembled, the Live OS is configured before it actually boots:
 +    * if a OS-specific configuration file (by default ''/liveslak/slackware_os.cfg'') exists, its contents will be parsed.  Values of the variables defined in this file overrule any default //liveslak// or boot command-line values.
     * if you specified "swap" on the boot commandline, any available swap partition will be added to "/etc/fstab" in the Live OS.     * if you specified "swap" on the boot commandline, any available swap partition will be added to "/etc/fstab" in the Live OS.
     * if you specified a custom keyboard layout for the console (and optionally another for X) by using the "kbd" and "xkb" boot parameters then these will be confifured in "/etc/rc.d/rc.keymap" and "/etc/X11/xorg.conf.d/30-keyboard.conf" in the Live OS.     * if you specified a custom keyboard layout for the console (and optionally another for X) by using the "kbd" and "xkb" boot parameters then these will be confifured in "/etc/rc.d/rc.keymap" and "/etc/X11/xorg.conf.d/30-keyboard.conf" in the Live OS.
Line 880: Line 940:
     * The init script will end by telling the kernel to swith to our new root filesystem (the overlay) and start the Slackware init program (PID 1, /sbin/init).     * The init script will end by telling the kernel to swith to our new root filesystem (the overlay) and start the Slackware init program (PID 1, /sbin/init).
   * From this moment onward, you are booting a 'normal' Slackware system and the fact that this is actually running in RAM and not from your local harddisk is not noticeable.   * From this moment onward, you are booting a 'normal' Slackware system and the fact that this is actually running in RAM and not from your local harddisk is not noticeable.
 +
 +
 +=== OS configuration file for persistent media ===
 +
 +If present, the liveslak init will load a OS config file from a persistent Live medium such as a USB stick.  In the case of //Slackware Live Edition// this file is called ''/liveslak/slackware_os.cfg'' - i.e. is placed in the "''liveslak''" directory of your USB drive.  For custom non-Slackware Live OS-es based on liveslak, the filename may be different.\\ This file contains one or more "VARIABLE=value" lines, where VARIABLE is one of the following variables that are used in the live init script:
 +  * BLACKLIST, KEYMAP, LIVE_HOSTNAME, LOAD, LOCALE, LUKSVOL, NOLOAD, RUNLEVEL, TWEAKS, TZ, XKB.
 +Values for the variables defined in this configuration file override the values already set via liveslak's own defaults or via boot-up command-line parameters.
 +
 +When booting your persistent //Slackware Live Edition//, the optional boot-time parameter "cfg" deals with this OS configuration file. The "cfg" parameter understands two possible argument values:
 +  * "cfg=write" will (over)write the OS configuration file to your USB drive, using the values for all of the above variables that are valid for that particular boot. So if your timezone is "''PST''" then one of the lines in that file will read "''TZ=PST''".
 +  * "cfg=skip" will skip processing of an existing "''/liveslak/slackware_os.cfg''" file.
 +
 +The OS configuration file is not present by default. You either create it at boot-time using "''cfg=write''" (which is a persistent change) or you create it manually using an ASCII text editor, after mounting the USB partition on a computer.  As an example, here is the content of "''/liveslak/slackware_os.cfg''" on my own USB stick: <code>
 +KEYMAP=nl
 +LIVE_HOSTNAME=zelazny
 +LOCALE=nl_NL.utf8
 +TWEAKS=tpb,syn
 +TZ=Europe/Amsterdam</code>
  
  
Line 956: Line 1034:
 Slackware Live Edition is created by the 'liveslak' scripts developed and maintained by Eric Hameleers aka Alien BOB [[alien@slackware.com]]. Slackware Live Edition is created by the 'liveslak' scripts developed and maintained by Eric Hameleers aka Alien BOB [[alien@slackware.com]].
  
-  * Git repository: %%git://liveslak.org/liveslak.git%% +  * Git repository: %%git://git.liveslak.org/liveslak.git%% 
-  * Git repository (browsable): http://liveslak.org/liveslak/+  * Git repository (browsable): http://git.liveslak.org/liveslak/
   * Download mirror: http://www.slackware.com/~alien/liveslak/   * Download mirror: http://www.slackware.com/~alien/liveslak/
  
 slackware:liveslak ()