The generic lepidopter image build script using the vmdebootstap method. The image provides a ready to run ooniprobe powered Debian jessie distribution.
Upon copying the image to the SD card, plugging it in and connecting the Raspberry Pi to the network, power and waiting some minutes for it to boot up, you should be able to view ooniprobe's graphical user interface by visiting this URL: http://lepidopter.local
User documentation and detailed image installation instructions can be found here.
.
├── ChangeLog.md
├── conf
│ ├── lepidopter-image.conf
│ └── tor-pt.conf Tor bridges and pluggable transports configuration file
├── customize customize script used to customize lepidopter image
├── images where the build Lepidopter images created
├── lepidopter-fh Lepidopter image filesystem hierarchy
│ ├── boot
│ │ └── config.txt
│ ├── cleanup.sh cleanup script
│ ├── configure.sh
│ ├── etc
│ │ ├── apt
│ │ │ └── apt.conf.d
│ │ │ └── 02compress-indexes
│ │ ├── avahi
│ │ │ └── services
│ │ │ ├── ooniprobe.service
│ │ │ └── ssh.service
│ │ ├── cron.daily daily cronjobs
│ │ │ └── remove_old_logs
│ │ ├── crontab
│ │ ├── default
│ │ │ ├── hwclock
│ │ │ └── rcS
│ │ ├── dpkg
│ │ │ └── dpkg.cfg.d
│ │ │ └── 01_nodoc
│ │ ├── init.d
│ │ │ └── regenerate_ssh_host_keys
│ │ ├── lepidopter-update
│ │ │ └── version
│ │ ├── lepidopter_version
│ │ ├── logrotate.d
│ │ │ ├── lepidopter-update
│ │ │ └── ooniprobe
│ │ ├── motd.head Lepidopter MOTD ASCII logo
│ │ ├── ooniprobe
│ │ │ └── ooniconfig.sh
│ │ ├── ooniprobe.conf
│ │ ├── sudoers
│ │ ├── systemd
│ │ │ └── system
│ │ │ ├── lepidopter-update.service
│ │ │ └── ooniprobe.service
│ │ ├── update-motd.d
│ │ │ └── 50-lepidopter
│ │ └── watchdog.conf
│ ├── opt
│ │ └── ooni
│ │ ├── lepidopter-update
│ │ │ ├── public.asc
│ │ │ ├── updater.py
│ │ │ └── versions
│ │ │ ├── update-1.py
│ │ │ ├── update-1.py.asc
│ │ │ ├── update-2.py
│ │ │ ├── update-2.py.asc
│ │ │ ├── update-3.py
│ │ │ ├── update-3.py.asc
│ │ │ ├── update-4.py
│ │ │ ├── update-4.py.asc
│ │ │ ├── update-5.py
│ │ │ ├── update-5.py.asc
│ │ │ ├── update-6.py
│ │ │ ├── update-6.py.asc
│ │ │ ├── update-7.py
│ │ │ └── update-7.py.asc
│ │ └── tor_data_dir
│ ├── persistent-data
│ ├── remove_ssh_host_keys.sh
│ ├── setup-ooniprobe.sh
│ ├── usr
│ │ └── share
│ │ └── ooni
│ │ └── decks-available
│ └── var
│ ├── lib
│ │ └── ooni
│ │ └── decks-enabled
│ └── log
│ └── ooni
├── lepidopter-vmdebootstrap_build.sh main lepidopter vmdebootstrap script
├── LICENSE.md
├── pkglist list of package in lepidopter image
├── README.md you are currently reading it
├── scripts external scripts
├── lepidopter-sign.sh
├── release
└── setup.sh install dependencies needed to create and build the image
The image is targeted for the Raspberry Pi devices. Lepidopter supports all Raspberry Pi hardware variants that use the armel architecture). It should be fairly easy to create the same image for different architectures, and OS distributions.
Supported (tested) devices:
- Raspberry Pi 1 Model B
- Raspberry Pi 1 Model B+
- Raspberry Pi 2 Model B
- Raspberry Pi 3 Model B
Clone lepidopter git repository::
git clone https://github.com/TheTorProject/lepidopter
The latest version of vmdebootstrap package is required. Currently (as of today 0.11-1) from Debian sid repository is needed.
Optionally you could install lepidopter dependencies via the setup script
./scripts/setup.sh
To compress the image with XZ you should use::
./scripts/setup.sh -c xz
To perform an unattended lepidopter image build you could use this in Debian::
DEBIAN_FRONTEND=noninteractive ./scripts/setup.sh
Run the main build script::
./lepidopter-vmdebootstrap_build.sh
bmaptool way (much faster!)::
bmaptool copy --nobmap lepidopter-Z-armel.img.xz /dev/diskX
Note: bmaptool can copy compressed images to SD card without the need to decompress first!
The image is compressed with XZ. By default xz make the file sparse if the decompressed data contains long sequences of binary zeros. We need to disable the creation of sparse file since dd needs the leading to create a bootable image. You can extract the image file with:
xz --decompress --verbose --no-sparse lepidopter-Z-armel.img.xz
dd way::
dd if=lepidopter-Z-armel.img of=/dev/diskX bs=1m
Detailed documentation on how to flash/copy lepidopter Raspberry Pi image to your SD card from different OS.
Upon copying the image and successfully booting the Raspberry Pi with the lepidopter image you should be able to access ooniprobe's web user interface and go through the setup wizard at: http://lepidopter.local
Additionally you can connect to the SSH running at lepidopter by using the
hostname: lepidopter.local
Alternatively you can use the hostname lepidopter
(http://lepidopter or lepidopter's IP address in case
lepidopter.local
is not accesible.
The default lepidopter image credentials are:
username: lepidopter
password: lepidopter
Warning Note: Make sure that upon first login you should change the default username/password
.. ..
Requires a kernel image, build your [own] (http://www.cnx-software.com/2011/10/18/raspberry-pi-emulator-in-ubuntu-with-qemu) or use qemu-rpi-kernel image [kernel-qemu-4.1.7-jessie] (https://github.com/dhruvvyas90/qemu-rpi-kernel/)
-
Remove all entries except root (/) in
/etc/fstab
. You can achieve this by mounting the image and editing/etc/fstab
or in QEMU by appending a kernel command lineinit=/bin/bash
. -
Run lepidopter image in QEMU and redirect SSH connections from localhost port 2222 to SSH port of the guest:
qemu-system-arm -M versatilepb -cpu arm1136-r2 \
-kernel kernel-qemu-4.1.7-jessie \
-hda lepidopter-armel.img -m 256 \
-append "root=/dev/sda2 rootfstype=ext4 rw" \
-net nic -net user,hostfwd=tcp::2222-:22,hostfwd=tcp::8080-:80
- You can now connect to:
- Lepidopter SSH (default password is
lepidopter
):
ssh -P 2222 lepidopter@localhost
- Connect to ooniprobe's Web User Interface (in a web browser open): http://localhost:8080
Running ooniprobe is a potentially risky activity. This greatly depends on the jurisdiction in which you are in and which test you are running. It is technically possible for a person observing your internet connection to be aware of the fact that you are running ooniprobe. This means that if running network measurement tests is something considered to be illegal in your country then you could be spotted.
Furthermore, ooniprobe takes no precautions to protect the install target machine from forensics analysis. If the fact that you have installed or used ooniprobe is a liability for you, please be aware of this risk.