First Hands On

Or how does the owner install her FreedomBox when just received.

There have been some discussions on the mailing list (links needed) brainstorming how a owner would receive and configure her brand new FreedomBox.

Rationale

When the owner receive her FreedomBox, she will have to make some preliminary configurations before being able to use it.

Some of the involved configurations will probably be setting up the timezone, locales...

More importantly, the owner will have to setup passwords for the administrative and basic account. This is the most tricky part. If the FreedomBox initial setup is made over a network connection, it might be difficult to protect against Man-In-The-Middle (MITM).

Things might also became a little more difficult if the FreedomBox project decides to use disk encryption...

Scenario 1: Using USB stick and preseeding

The FreedomBox is shipped with a USB stick which contains a debian installer, together with FreedomBox dedicated software.

(or images of the filesystem of this USB stick can be available to download, or a way to build the USB stick is packaged into Debian, or every one of this solutions...)

The dedicated software once started asks the owner for the different settings needed to setup the box.

Under the hood, this software will in fact write onto the USB stick a preseed file able to configure the debian installer. A tasksel-fb package could also be used in the installer so that owners would just have to check what kind of FreedomBox services they want during the taskel step of the installation so that it is automatically installed and configured.

Having answered a every questions, the owner would have to plug this stick into her FreedomBox and start it. The Debian installer would then use the preseed file on the USB stick and install a working Debian installation with all the needed software to run a FreedomBox depending on the owner's answers.

Then, once finished, the USB stick can be used by the FreedomBox to store backups of its configuration, in a way that it just has to be plugged into another FreedomBox to get the service running again in case the first one dies/disappears.

Scenario 2: Using the Web interface

Another way could be to ship a pre-installed FreedomBox, that would detect the first boot and issue a dpkg-reconfigure for base packages so that it asks for new passwords, basic services configuration, add the first (admin?) user, etc...

It could then issue a dpkg-reconfigure on a special tasksel package that would install the needed packages depending on the services the owner want to run, then use debconf questions on the way users want to configure them (See FreedomBox/Design/BoxConfiguration).

The interface would be provided over https (like using nginx to proxy the debconf web frontend), using a unique certificate generated for each FreedomBox during the pre-installation time.

To protect against MITM and ensure some kind of "secured" first login, the FreedomBox could be shipped together with a LiveCD on a USB stick (based on Debian Live, which would ease a lot its build without needing too much work) that would contain what's needed to authenticate the first time (mostly to verify the FreedomBox SSL certificate, and a default randomly generated password or a client certificate). This method would allow the owner to transparently authenticate to her brand new FreedomBox and then change the credentials.


Intro

Information

Support

Contribute

Reports

Promote

Vision

Hardware

Live Help

Where To Start

Translate

Calls

Talks

Overview

Download

Q&A

To Do

Design

Releases

Press

Features

Manual

Contributors

Code

Blog

FreedomBox for Communities

FreedomBox Developer Manual

HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Saturday, April 13 at 14:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox