First Hands On

Or how does the owner install her FreedomBox when just received.

There have been some discussions on the mailing list (links needed) brainstorming how a owner would receive and configure her brand new FreedomBox.

Rationale

When the owner receive her FreedomBox, she will have to make some preliminary configurations before being able to use it.

Some of the involved configurations will probably be setting up the timezone, locales...

More importantly, the owner will have to setup passwords for the administrative and basic account. This is the most tricky part. If the FreedomBox initial setup is made over a network connection, it might be difficult to protect against Man-In-The-Middle (MITM).

Things might also became a little more difficult if the FreedomBox project decides to use disk encryption...

Scenario 1: Using USB stick and preseeding

The FreedomBox is shipped with a USB stick which contains a debian installer, together with FreedomBox dedicated software.

(or images of the filesystem of this USB stick can be available to download, or a way to build the USB stick is packaged into Debian, or every one of this solutions...)

The dedicated software once started asks the owner for the different settings needed to setup the box.

Under the hood, this software will in fact write onto the USB stick a preseed file able to configure the debian installer. A tasksel-fb package could also be used in the installer so that owners would just have to check what kind of FreedomBox services they want during the taskel step of the installation so that it is automatically installed and configured.

Having answered a every questions, the owner would have to plug this stick into her FreedomBox and start it. The Debian installer would then use the preseed file on the USB stick and install a working Debian installation with all the needed software to run a FreedomBox depending on the owner's answers.

Then, once finished, the USB stick can be used by the FreedomBox to store backups of its configuration, in a way that it just has to be plugged into another FreedomBox to get the service running again in case the first one dies/disappears.

Scenario 2: Using the Web interface

Another way could be to ship a pre-installed FreedomBox, that would detect the first boot and issue a dpkg-reconfigure for base packages so that it asks for new passwords, basic services configuration, add the first (admin?) user, etc...

It could then issue a dpkg-reconfigure on a special tasksel package that would install the needed packages depending on the services the owner want to run, then use debconf questions on the way users want to configure them (See FreedomBox/BoxConfiguration).

The interface would be provided over https (like using nginx to proxy the debconf web frontend), using a unique certificate generated for each FreedomBox during the pre-installation time.

To protect against MITM and ensure some kind of "secured" first login, the FreedomBox could be shipped together with a LiveCD on a USB stick (based on Debian Live, which would ease a lot its build without needing too much work) that would contain what's needed to authenticate the first time (mostly to verify the FreedomBox SSL certificate, and a default randomly generated password or a client certificate). This method would allow the owner to transparently authenticate to her brand new FreedomBox and then change the credentials.


CategoryFreedomBox