The Liberté build process is distribution-neutral, and is fully automated.
*_proxyenvironment variables are honored when set)
Let’s assume that the Liberté package is in
./liberte, and the build root
/tmp/livecd. Clone the git tree:
$ git clone https://github.com/mkdesu/liberte.git
You might want to adjust
liberte/conf/version (don’t use spaces).
The following command builds the image (execute as
$ liberte/build /tmp/livecd
Read the (straightforward)
build script to see how to customize the result
by manually performing the individual steps. Subsequent invocations of
build will perform an incremental build, unless the
fresh parameter is
supplied. After a successful build, follow the
In order to ensure that your custom build has kept the anonymity features
intact, it is necessary to perform some manual testing, which is most easily
done by running Liberté in a virtual machine. This easily allows for, e.g.,
network packets analysis by connecting Wireshark
to the VM’s network interface — an alternative to adding Wireshark to the
build. Events log is available in
httpports), contrast with the Unsafe Browser traffic.
Ctrl-Alt-Bksp) and VT Switch (
Ctrl-Alt-F*) key sequences are disabled, closing the laptop lid launches screen lock (and disables SysRq (
SysRq-*) and PowerOff buttons for its duration), booting with closed lid launches screen lock on X startup.
qemulate.shscript works as intended.
Bcc:, refusal to send if an address is incorrect), sending to/from Tor and I2P-based addresses, sending to node which is temporarily offline, reliability (boot media removal while nodes communicate, temporal substitution of wrong certificates for sender and recipient, etc.), timing out of unsent messages.
dmesg) and loaded modules list are not available,
rootpassword is disabled,
paxtestproduces correct output, hard drives are spun down after boot.
/mediafor USB/SD(HC)/CD/DVD media, all supported filesystems are recognized, hibernated NTFS partitions are available in read-only mode.
You can use Liberté’s build framework to master your own
Gentoo-based LiveUSBs/CDs. For a non-anonimity
oriented distribution, you will most likely want to at least turn off the
firewall (grep for
src/root/setup), disable forwarding of
all HTTP requests to Tor (see
src/etc/privoxy/config), and customize the
packages list in
src/var/lib/portage/world. Note that
src/root/setup-copy explicitly checks that Perl and Python have been
uninstalled — disable these checks if necessary. Use
enter script with the
single directory argument to work with the non-pruned distribution tree.
Since I don’t want to write extensive documentation for the build system, below is a brief comparison with larch v8, a live CD/DVD/USB-stick construction kit for Arch Linux, which does have such a documentation.
|Feature||Liberté build framework||larch|
|Build requirements||any Linux, POSIX shell||any Linux, Python|
|Build customization||monolithic||profile-based, multilayer|
|Initramfs scripts||custom, very fast and robust (no genkernel)||Arch’s mkinitcpio|
|Unification file system||overlayfs||aufs|
|Persistence||encrypted, archived changes upon shutdown, user configuration only||no encryption, write-through to live media layer, entire file system|
|Target platforms||i686 (x86_64 build host is fine)||i686 or x86_64|
|Installation from live media||not supported (live deployment only)||supported (e.g., install Arch on hard disk)|
|Auto-configuration||extensive support||regular Arch|