Monday, 17 April 2017

Thinking of sharing your raspberry pi image, Save time by shrinking the image first (also some security tips)

Considering sharing a Raspberry Pi Image, or using one?

When you think you have a great Raspberry pi image and you want to share it to the world for testing and comments, there is nothing more frustrating that an oversized image which takes ages to download and even longer to install on the SD card.

First lets get rid of the packages we don't need and take up the most room from a default raspberry pi image

sudo apt-get remove --purge libreoffice-*
sudo apt-get remove --purge wolfram-engine

Now we need to make a copy of your SD card (image)

Credit to Andrew Oakley:

Making the Image

Let's start by making an image. Pop your SD card in your PC's card reader. Most likely the file manager will open a window or two. Close these windows if so.
Now find out where the card is mounted. Go to a terminal session and type:
df -h
You'll see something like:
/dev/sde1                   56M   20M   37M  36% /media/aoakley/boot1
/dev/sde2                  7.2G  3.8G  3.0G  56% /media/aoakley/ec2aa3d2-eee7-454e-8260-d145df5ddcba
The important thing is that you now know that your SD card is on /dev/sde . It has two partitions, /dev/sde1 and /dev/sde2.
Your system might mount the card somewhere else, such as /dev/sdg or even /dev/sdb. Make a note of where your card is mounted and use this wherever I use /dev/sde , /dev/sde1 or /dev/sde2.
Let's unmount this but leave the card in the card reader. This will let us take an image.
sudo umount /dev/sde1 /dev/sde2
Obviously if yours is on /dev/sdb or /dev/sdg or whatever, you'll need to type that in appropriately. It is highly unlikely that your SD card is on /dev/sda unless you're mad enough to do this entirely on a Raspberry Pi. Typically /dev/sda will be your hard disk or SSD, so don't mess with that.
sudo might ask for a password. Check that you really, really haven't typed /dev/sda unless you really, really know what you're doing, then enter your password.
I use dcfldd for making card images, which is a replacement for the old dd disk duplication program. dcfldd has a number of improvements, most notably a progress meter so you can see it working, and be confident that it hasn't crashed.
Install dcfldd if you haven't already got it (it won't hurt to try to install it again):
sudo apt-get update && sudo apt-get install dcfldd
Now take the image. Again, change /dev/sde to wherever your SD card is mounted.
sudo dcfldd if=/dev/sde of=imagename.img
You can change imagename to whatever you like - I use YYYYMMDD dates and names, so 20151009-tutorial.img for example.
The image will start to be taken, together with a nice progress counter (which you don't get with old-style dd ). When it finishes there may be a pause before you get the command line prompt back - give it a minute or two to flush the cache.
Once finished, you should force a synchronise of any outstanding input or output (there shouldn't be any, but just to be sure), then the card will be safe to remove.
sudo sync
You may now safely remove the card.
Next, let's change the ownership of the .img file. The image file will be owned by root (because we used sudo). It's probably a wise move to change the ownership to your user. For example, my username is james but you'll need to change this to your username:
sudo chown james.james imagename.img
We use james twice because we are changing both the ownership and the group.
Okay, you've got an image file; you have backed up your SD card. But it's probably quite a big file - as big as the SD card itself. Let's start making it smaller.

Using a simple script

next we need to copy a script and make it executable on our system.

Credit to Andrew Oakley here: 
as it is his script we will be using.

copy or download the script from this link:

create a new file in your home folder (on your linux box)

escape a (insert)
edit paste
escape : w q (escape save file and quit)
chmod 7777 (modify file to be executable)

Now test the file runs ok type: sudo ./
should get the following output:

To run the script simply type: sudo ./ image.img smallimage.img

Once it finishes running (minute or so) we get the following output

as you can see we now have  a new image which is .2GB smaller, results will vary, the above was just run on the standard Jessie image (without removing the office and other packages)

Security warning!!!!

A word about distributing images on the Internet.
Remember if you have used the image with any personal information (e-mail, web browsing, etc.) then all of this history will be in the image file. you e-mail account, any saved user names and passwords, this is quite scary.

Similarly, if you download a shared image be aware this could contain programs which collect and share your data. any old script could be running in the back ground and sharing all sorts of personal information back to the  distributor.

One very quick fix is to ensure the public and private SSH keys are changed so that no one can get access to your Raspberry Pi computer remotely.

  1. Become root, or append ‘sudo’ on the front of all the following commands.
  2. Delete old ssh host keys: rm /etc/ssh/ssh_host_*
  3. Reconfigure OpenSSH Server: dpkg-reconfigure openssh-server
  4. Update all ssh client(s) ~/.ssh/known_hosts files otherwise you’ll get the REMOTE HOST KEY HAS CHANGED error message.