User Tools

Site Tools


porteus-kiosk

This is an old revision of the document!


It is possible to run Porteus-Kiosk on machines with no local storage, booting via PXE. Config is retrieved from the pxe server over http during bootup. This is NOT possible using the official remote management feature, as detailed below.

Creating a porteus kiosk config

  • Create a new VM with 2G memory and a small hard disk (4G?),
  • boot the iso,
  • run through the wizard - install porteus to the hard disk
  • boot knoppix or similar
  • mount the “ISO” partition (sda2) and extract via scp the docs/kiosk.sgn encrypted settings file.

Porteus customisation and boot methods primer

How porteus kiosk official remote management operation works

This requires local storage (a hard disk in the client machine)

  • The client boots from local media
  • reads remote config URL setting from it's locally stored kiosk.sgn (encrypted config)
  • it then retrieves the remote url and compares the config. If there's a change it encrypts the new config and stores the the sgn file in it's local config, then reboots.

For this reason the remote management feature in porteus kiosk wont work on PXE - there's no way for the client to “reburn” it's configuration once it checks for remote management, as it has no local storage.

How porteus-kiosk works from PXE
  • The kernel, initrd and initrd.xz and initrdpxe.xz (network modules) need loading via pxelinux.
  • The initrd script initialises network, then downloads via http the docs/kiosk.sgn (encrypted config) and xzm modules (see kernel parameters for location).
  • Boot continues normally (xzm modules unpacked and overlaid etc)

Porteus-Kiosk settings are stored in the docs/kiosk.sgn file which is encrypted with an unknown private key. This was briefly investigated but the developer appears to have made the questionable decision to obscure this method. A head start to further investigations would be a string search for “first_run”, “/opt/scripts/extras” and the /opt/scripts directory in general.

Porteus-Kiosk encrypted config file kiosk.sgn details

This file is generated by the kiosk wizard that runs when the original ISO is booted. This welcome wizard then generates an ISO file with the kiosk.sgn burnt in, which can optionally be “installed” on local storage or saved for transfer to the PXE server. To extract the kiosk.sgn file after “installing” porteus, simply boot up an alternate live distro, mount the second partition, and take a copy of /docs/kiosk.sgn This should then be copying into the http structure of the PXE server.

Implementation notes

  • The http component should be served from a custom port on the web server (eg 8088) as the document root. This should contain the file structure from the iso, with replaced kiosk.sgn and any additional xzm modules required.
  • The tftp portion for pxe boot should be served from a directory under the tftproot. An additional initrd file is required for pxe booting and the pxelinux config should look something like this:
KERNEL /opac-porteus-4.5.0/vmlinuz
APPEND initrd=/opac-porteus-4.5.0/initrd.xz,/opac-porteus-4.5.0/initrdpxe.xz http_server=10.2.100.32:8088
  • A custom splash screen can be created in docs/default.jpg on the web server
porteus-kiosk.1505897595.txt.gz · Last modified: 2017/09/20 16:53 by snarg