logo CoolAJ86

UBOS Linux on Raspberry Pi 3

Published 2016-10-03

I'm trying out UBOS Linux for the first time on a Raspberry Pi 3 and documenting my experience.

The official instructions are here.

And Johannes' screencast / video walkthrough is here

Downoading the Image

On the homepage I clicked "Getting Started" and downloaded the image for Raspberry Pi 2 and 3.

brew install xz
wget http://depot.ubos.net/yellow/armv7h/images/ubos_yellow-rpi2_LATEST.img.xz
unxz ubos_yellow-rpi2_LATEST.img.xz

Writing the Image to an SD Card

DANGER: The example below is a very simple summary for people who already know what they're doing.

For the explanation see How to Build an SD Card for Raspberry Pi on OS X

# Find the SD Card in the disk list
diskutil list

# Unmount
# diskutil unmountDisk /dev/
diskutil unmountDisk /dev/disk4

# Wipe the partition
# DANGER: replace disk4 with YOUR disk, or suffer the consequences
# sudo diskutil partitionDisk /dev/ 1 MBR "Free Space" "%noformat%" 100%
sudo diskutil partitionDisk /dev/disk4 1 MBR "Free Space" "%noformat%" 100%

# write img out to /dev/RDISKx
# sudo dd bs=1m if=/tmp/ubos_yellow-rpi2_LATEST.img of=/dev/
sudo dd bs=1m if=/tmp/ubos_yellow-rpi2_LATEST.img of=/dev/rdisk4

Creating a login "staff"

Now this is kinda cool:

A few days ago I was having this discussion about how to configure Hub simply and automatically if someone prefers to buy Hub for private use, but doesn't ever want to actually connect to rootprojects.org's servers at all, ever.

We were ideating around the idea of having the os look for and read a special text file on a USB key.

Well, that's exactly what UBOS does. Cool, huh?

So instead of the normal experience of having an insecure account on the network for a few minutes while you're setting it up, you just copy your account details to a usb key before you boot it up.

  1. Put a USB key in your USB port (must be fat32 formatted)
  2. Create an id_rsa.pub if you don't have one
  3. Rename the USB key to UBOS-STAFF
  4. Create the directory /shepherd/ssh
  5. Copy the id_rsa.pub to /shepherd/ssh/id_rsa.pub
cat ~/.ssh/id_rsa.pub || ssh-keygen

sudo diskutil rename USB\ KEY UBOS-STAFF

mkdir /Volumes/UBOS-STAFF/shepherd
mkdir /Volumes/UBOS-STAFF/shepherd/ssh

rsync -avL ~/.ssh/id_rsa.pub /Volumes/UBOS-STAFF/shepherd/ssh/

Note: You actually don't even have to create the id_rsa locally. UBOS will do it for you if you stick the USB key into it with just the folder.

And you're done! (I think)

Boot the Pi

Eject the SD card (from Finder or whatever) and put it into the Pi.

Eject the USB key and put it into the Pi

Connect the Pi to the network.

Power it on.

Connect to the Pi

You can try to connect two ways:

First

ssh -i ~/.ssh/id_rsa.pub shepherd@ubos-raspberry-pi2

Second

If that doesn't work, you can try by the IP address.

First I had to find it with arp (and iPhone has a nice app called Fing that can really help with that too).

arp -a

ssh -i ~/.ssh/id_rsa.pub shepherd@192.168.2.29

At this point you can't do just anything willy-nilly.

You're in a jail.

You can only run the admin commands listed in /etc/sudoers.d/shepherd, which happen to be:

/etc/sudoers.d/shepherd:

shepherd ALL = NOPASSWD: /usr/bin/ubos-admin *, /usr/bin/ubos-install *, /usr/bin/systemctl *, /usr/bin/journalctl *, /usr/bin/pacman *, /usr/bin/reboot *, /usr/bin/shutdown *, /usr/bin/mkdir *, /usr/bin/mount *, /usr/bin/umount *, /bin/bash *
  • ubos-admin
  • ubos-install
  • systemctl
  • journalctl
  • pacman
  • reboot
  • shutdown
  • mkdir
  • mount
  • umount
  • bash

The important one is bash, because that's the one that will let you do anything. :)

Making UBOS your Home

UBOS is running Arch linux.

So instead of sudo apt-get install <pkg> you use sudo pacman -S <pkg>.

sudo bash

# Disable passwords with 'PasswordAuthentication no'
vim /etc/ssh/sshd_config

# restart ssh
systemctl restart sshd

# add an admin user
useradd -m -g users -s /bin/bash boss
useradd -g wheel boss
passwd boss
visudo

# switch to that user
sudo su - boss

# enable login via ssh
ssh-keygen

# create and update authorized_keys with your id_rsa.pub used prior
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
nano ~/.ssh/authorized_keys

Now you can login as boss and start doing stuff.

# update stuff
sudo ubos-admin update

# update the system
pacman -Syu

By AJ ONeal

If you loved this and want more like it, sign up!


Did I make your day?
Buy me a coffeeBuy me a coffee  

(you can learn about the bigger picture I'm working towards on my patreon page )