Difference between revisions of "Kicksecure"
JeremyRand (talk | contribs) (Signing key goes in /usr/share/keyrings/) |
JeremyRand (talk | contribs) (Split Kicksecure and Whonix repos) |
||
(8 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | [http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/ Kicksecure] ([https://www.kicksecure.com/ clearnet link]) can be installed on POWER. These instructions were tested with Kicksecure | + | [http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/ Kicksecure] ([https://www.kicksecure.com/ clearnet link]) can be installed on POWER. These instructions were tested with Kicksecure 17. |
− | First, install Debian | + | First, install Debian Bookworm or Sid for ppc64el or ppc64. If installing in a VM, set the Video Model to Virtio and the Display Type to Spice ([https://github.com/Kicksecure/libvirt-dist/blob/master/usr/share/libvirt-dist/xml/Kicksecure.xml source]). When installing Debian, do not create a separate root password, name the user <code>user</code>, and for desktop environment either pick XFCE or do not install one. Launch a shell. |
Import the Kicksecure signing key ([http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/wiki/Debian#Add_the_Kicksecure_%E2%84%A2_Signing_Key source]) ([https://www.kicksecure.com/wiki/Debian#Add_the_Kicksecure_%E2%84%A2_Signing_Key clearnet]): | Import the Kicksecure signing key ([http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/wiki/Debian#Add_the_Kicksecure_%E2%84%A2_Signing_Key source]) ([https://www.kicksecure.com/wiki/Debian#Add_the_Kicksecure_%E2%84%A2_Signing_Key clearnet]): | ||
Line 16: | Line 16: | ||
sudo adduser user console | sudo adduser user console | ||
− | Add the | + | Add the Kicksecure package repository ([http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/wiki/Debian#Add_the_Kicksecure_%E2%84%A2_Repository source]) ([https://www.kicksecure.com/wiki/Debian#Add_the_Kicksecure_%E2%84%A2_Repository clearnet]): |
sudo apt-get install apt-transport-tor | sudo apt-get install apt-transport-tor | ||
− | <nowiki>echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion | + | <nowiki>echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm main" | sudo tee /etc/apt/sources.list.d/derivative.list</nowiki> |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
sudo apt-get update | sudo apt-get update | ||
Line 53: | Line 40: | ||
If you get prompted with other questions during package installation, you can choose the defaults. | If you get prompted with other questions during package installation, you can choose the defaults. | ||
− | The Kicksecure packages will install their own <code>sources.list</code> data in <code>/etc/apt/sources.list.d/debian.list</code>. If you're using | + | The Kicksecure packages will install their own <code>sources.list</code> data in <code>/etc/apt/sources.list.d/debian.list</code>. If you're using Bookworm, that means you should clear the <code>sources.list</code> that Debian came with (in order to avoid warnings from <code>apt-get</code> about duplicated repos): |
sudo rm /etc/apt/sources.list | sudo rm /etc/apt/sources.list | ||
Line 59: | Line 46: | ||
sudo rm /etc/apt/sources.list.d/backports.list | sudo rm /etc/apt/sources.list.d/backports.list | ||
− | On | + | On Trixie or higher, the Kicksecure <code>sources.list</code> is nonfunctional, so you should clear it instead: |
sudo rm /etc/apt/sources.list.d/debian.list | sudo rm /etc/apt/sources.list.d/debian.list | ||
Line 68: | Line 55: | ||
sudo mkdir -p /etc/dist-base-files.d/ | sudo mkdir -p /etc/dist-base-files.d/ | ||
echo "set +e" | sudo tee /etc/dist-base-files.d/50_user.conf | echo "set +e" | sudo tee /etc/dist-base-files.d/50_user.conf | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Reboot the machine; Kicksecure installation is complete. | Reboot the machine; Kicksecure installation is complete. |
Latest revision as of 17:24, 7 August 2024
Kicksecure (clearnet link) can be installed on POWER. These instructions were tested with Kicksecure 17.
First, install Debian Bookworm or Sid for ppc64el or ppc64. If installing in a VM, set the Video Model to Virtio and the Display Type to Spice (source). When installing Debian, do not create a separate root password, name the user user
, and for desktop environment either pick XFCE or do not install one. Launch a shell.
Import the Kicksecure signing key (source) (clearnet):
sudo apt-get update sudo apt-get dist-upgrade sudo apt-get install --no-install-recommends curl gpg gpg-agent curl --tlsv1.3 --output ~/derivative.asc --url https://www.kicksecure.com/keys/derivative.asc sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc
Initialize the console
group (source) (clearnet):
sudo addgroup --system console sudo adduser user console
Add the Kicksecure package repository (source) (clearnet):
sudo apt-get install apt-transport-tor echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm main" | sudo tee /etc/apt/sources.list.d/derivative.list sudo apt-get update
Then, run one of the following, depending on whether you want Kicksecure to use XFCE or CLI-only, and whether you are installing Kicksecure in a VM or on the host:
sudo apt-get install --no-install-recommends kicksecure-xfce-host
sudo apt-get install --no-install-recommends kicksecure-xfce-vm
sudo apt-get install --no-install-recommends kicksecure-cli-host
sudo apt-get install --no-install-recommends kicksecure-cli-vm
If you get a package conflict error that mentions console-common
, run the following and then try again:
sudo apt-get install --no-install-recommends console-common
If you get prompted about choosing the default display manager during package installation, choose gdm3
(source) (clearnet).
If you get prompted with other questions during package installation, you can choose the defaults.
The Kicksecure packages will install their own sources.list
data in /etc/apt/sources.list.d/debian.list
. If you're using Bookworm, that means you should clear the sources.list
that Debian came with (in order to avoid warnings from apt-get
about duplicated repos):
sudo rm /etc/apt/sources.list sudo touch /etc/apt/sources.list sudo rm /etc/apt/sources.list.d/backports.list
On Trixie or higher, the Kicksecure sources.list
is nonfunctional, so you should clear it instead:
sudo rm /etc/apt/sources.list.d/debian.list sudo touch /etc/apt/sources.list.d/debian.list
Run the following to work around a bug that breaks subsequent package updates (source) (clearnet):
sudo mkdir -p /etc/dist-base-files.d/ echo "set +e" | sudo tee /etc/dist-base-files.d/50_user.conf
Reboot the machine; Kicksecure installation is complete.
Known Issues
None.