Building custom LiveUSB distributions

The Liberté build process is distribution-neutral, and is fully automated.

  • You do not need to be a Gentoo user — any modern x86 or x86-64 Linux distribution should suffice
  • A full build takes ~8.5 hours on dual-core 2.66 GHz Intel E8200
  • An incremental build with no package upgrades takes ~25 minutes
  • About 8 GiB of disk space is required
  • Filesystem must support security.* and user.* extended attributes
  • Outbound HTTP(S) connections must be allowed (the *_proxy environment variables are honored when set)

Let's assume that the Liberté package is in ./liberte, and the build root is /tmp/livecd. Clone the git tree:

  git clone

You might want to adjust liberte/conf/version (don't use spaces).
The following command builds the image (execute as root):

  liberte/build /tmp/livecd

Read the (straightforward) build script to see how to customize the result by manually performing the individual steps. Subsequent invocations of build will perform an incremental build, unless the fresh parameter is supplied. After a successful build, follow the installation instructions.

Post-build tests

In order to ensure that your custom build has kept the anonymity features intact, it is necessary to perform some manual testing, which is most easily done by running Liberté in a virtual machine. This easily allows for, e.g., network packets analysis by connecting Wireshark to the VM's network interface — an alternative to adding Wireshark to the build. Events log is available in /var/log/everything/current.

Network traffic
DHCP hostname not being sent (check all fields), absence of non-DHCP/Tor traffic (Tor uses https and http ports), contrast with the Unsafe Browser traffic.
X server screen locking
Zap (Ctrl-Alt-Bksp) and VT Switch (Ctrl-Alt-F*) key sequences are disabled, closing the laptop lid launches screen lock (and disables SysRq (SysRq-*) and PowerOff buttons for its duration), booting with closed lid launches screen lock on X startup.
Reboot and shutdown
Memory is wiped before reboot / shutdown (best seen with a memory dump in VM after creating a large file in Unionfs), memory is wiped on boot media extraction, script works as intended.
Web browsing and chat
Browsing privacy (Torification, UTC timezone), XChat privacy (using SSL connections for desired networks), Pidgin privacy (OTR plugin), Unsafe Browser partial privacy (no Torification, UTC timezone) and distinctive look-and-feel.
Cables communication
Identity is kept between reboots, sending to self, sending to another node (To:, Cc:, Bcc:, refusal to send if an address is incorrect), sending to/from Tor and I2P-based addresses, sending to node which is temporarily offline, reliability (boot media removal while nodes communicate, temporal substitution of wrong certificates for sender and recipient, etc.), timing out of unsent messages.
Other communication tasks
GnuPG keys search and retrieval, SSH connections (omitting username initially substitutes root).
Time synchronization
HTP synchronizes time and catches up with network interface changes, same for NTP (if enabled), Tor starts up when the clock is wrong (more than 1.5h into past / future).
System security
User sees only own processes, kernel log (dmesg) and loaded modules list are not available, root password is disabled, paxtest produces correct output, hard drives are spun down after boot.
Media automounting
Mountpoints are automatically added and removed under /media for USB/SD(HC)/CD/DVD media, all supported filesystems are recognized, hibernated NTFS partitions are available in read-only mode.
Automatic tests
All automatic tests (test-liberte) pass.

Live media framework

You can use Liberté's build framework to master your own Gentoo-based LiveUSBs/CDs. For a non-anonimity oriented distribution, you will most likely want to at least turn off the firewall (grep for iptables in src/root/setup), disable forwarding of all HTTP requests to Tor (see src/etc/privoxy/config), and customize the packages list in src/var/lib/portage/world. Note that src/root/setup-copy explicitly checks that Perl and Python have been uninstalled — disable these checks if necessary. Use enter script with the single directory argument to work with the non-pruned distribution tree.

Since I don't want to write extensive documentation for the build system, below is a brief comparison with larch v8, a live CD/DVD/USB-stick construction kit for Arch Linux, which does have such a documentation.

Feature Liberté build framework larch
Build requirements any Linux, POSIX shell any Linux, Python
Build customization monolithic profile-based, multilayer
Initramfs scripts custom, very fast and robust (no genkernel) Arch's mkinitcpio
Unification file system overlayfs aufs
Persistence encrypted, archived changes upon shutdown, user configuration only no encryption, write-through to live media layer, entire file system
Target platforms i686 (x86_64 build host is fine) i686 or x86_64
Installation from live media not supported (live deployment only) supported (e.g., install Arch on hard disk)
Auto-configuration extensive support regular Arch

Page last modified on 12-Feb-2013 20:51 MSK