Kay's pages

Logbook

Finally, I managed to create a first beta image of efaLive for the Raspberry Pi. I have tested it on a Raspberry Pi 1B. It more or less works as described in the efaLive documentation. Besides the users efa and root, you have the default pi user. The language and keyboard layout is English per default. Feel free to test the image. For more information check the efaLive page.

Yesterday there have been many mails on the debian-live mailing list. A few people entered a bug that announced a new piece of software called 'live-build-ng'. The author of 'live-build', Daniel, complained about the name, because it is very close to the name of his package. Then the people behind the new package explained that 'live-build-ng' will replace 'live-build' in the near future, as the name already suggests. This disappointed Daniel so much, that he announced the end of the 'live-build' project. You can find his full post on the mailing list (or in his temporary blog).

I would like to say thank you to Daniel, who made a great job in inventing and developing 'live-build'! I feel very sad, that a few people attack a project leader who spent a huge amount of time to develop 'live-build' in such a way. They have no right to do that and there is no reason to choose a package name like 'live-build-ng' instead of attacking Daniel.

We will see what tool chain I will use for efaLive in the future. Maybe there will be a fork of the original 'live-build' project.

I wish all the best to Daniel. I hope you recover from this demotivating situation soon. Thank you!

Finally I found the time to try to run efaLive on a Raspberry Pi. It was less effort than expected. You just need a Raspbian installation that you upgrade from Wheezy to Jessie. This can be done by exchanging "wheezy" by "jessie" in the /etc/apt/sources.list. Then run "apt-get update" and "apt-get dist-upgrade". This will take a lot of time, but at the end you have a Debian Jessie based installation. Now add "deb http://efalive.hannay.de/debian jessie main" to /etc/apt/sources.list and run "apt-get updat"e and "apt-get install efalive" (ignore the missing GPG key for now). Many dependencies are installed now. At the end everything is ready to run efaLive. Just configure raspi-config to boot into the GUI and put the following lines into a file /home/efa/.xsessionrc:

#!/bin/bash
exec ~/.xinitrc

Now you have to change the autologin user from "pi" to "efa" in /etc/lightdm/lightdm.conf. From now on, the efaLive Kiosk environment should start automatically.

Maybe I can provide a complete image for the Raspberry Pi in the future, we will see.

Finding a secure and compatible Apache configuration that is dealing with all the nice vulnerabilities in SSL and TLS handling is not an easy task. I always try to use an optimal configuration for my Apache 2.2. There are many threads in the Internet, but often the recommendations there don't work, because they are for Apache 2.4 or outdated. Often it is hard to find out, which version of Apache is dealt with in such a thread. Anyway, it might be helpful for others, so here is my configuration that gets an A+ at SSL Labs. It works with Apache 2.2.29.

LoadModule headers_module modules/mod_headers.so
SSLProtocol all -SSLv2 -SSLv3
SSLCompression Off
SSLInsecureRenegotiation Off
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
SSLCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!EDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"

I now have uploaded efaLive 2.3 to the server. The main difference is that this version is now based on the new stable Debian release "Jessie" 8.0. Besides that there is a small watchdog that restarts the PC in case of a X-server crash. For more details have a look to the efaLive page.

Unfortunately the image size has grown over 700 MB. So you can not burn the image to a standard CD. You need an oversize CD oder a DVD. However, I recommend to use a USB stick, anyway.