NayuOS
NayuOS is an ongoing project at Nexedi: since we mainly use Chromebooks as part of our development tools, we want to have more customizable, secure and privacy-compliant devices. We only create Free Software (see our full stack) so we want to have a Free alternative for Chrome OS which fits our needs.
Why choosing Chromebooks with Chrom* OS instead of another GNU/Linux distribution?
- Security: Chrome and Chromium OS have a specific security policy, using sandboxes as a security mechanism to isolate different processes and don't let them access the file system from inside a sandbox, not having packet installation because there are web application to answer all the user's need, encrypting each user's partition independently, ... .
- Price: Chromebooks are very cheap devices! The cheapest one is around $150.
- Freedom: There is no tying: you won't pay a Windows license and most of them are using Coreboot instead of a proprietary BIOS! But Chrome OS's sources are not open, and that is why we prefer Chromium OS.
- Speed: Chromebooks boot fast (you will mostly use the web, so there is not much on your computer anyway).
- Learning: Because you have to find how to do things on the web instead of finding a command in your terminal, it is a nice way to learn modern web and become up to date on web technologies.
For whom is Chromium OS?
For developers
Chromium OS is much more developer-friendly, since there is a large range of tools for development (Python2.7, gdb, ...) and networking (tcpdump, rsync, ...) which are not available in Chrome OS. Having Python2 means that it is easy to run an HTTP server on the local network and develop web applications!
For people who care about privacy
Chromium OS is fully Open Source. This is necessary for better privacy and security: you don't have to trust Google, you can look at the code and ensure that the software does what you expect from it! However, it requires you to switch to developer mode, which is by default less secure (no more boot verification, shell in the browser and VT2 access, available root access with no password, ssh daemon running, ...) but allows you to use your device without restriction.
Of course, you still have to be careful with the location of the storage of your personal data (file system, Google's servers or your own, ...).
What is NayuOS and what are the benefits?
NayuOS is a customization of Chromium OS which is currently used by Nexedi's developers and that we want to share because it can be useful to others.
We want to improve the development environment, the usability and configuration of the system and the privacy of the users. Right now, our technical goal is to:
- ✓ stop the SSH daemon running by default in Chromium OS,
- ✓ add git because we don't know any good web-based git utility allowing usual interactive commands (such as
git rebase -i
)
- ✓ remove Google login: we prefer guest mode (this is done by default when building ChromiumOS),
- ✓ add re6st connectivity (follow instructions while running
sudo grandenet
in the terminal, registry to get a token),
- ~ add possibility to access and customize the writeable parts of the file system with JavaScript applications (based on jIO) by running a WebDAV server (source code),
- ✗ add Zeroconf over Babel and configure firewall to easily reach another device on a local network which runs an HTTP Server,
- ✗ add GPG command line utility.
License
NayuOS is Free Software, licensed under the terms of the GNU GPL v3 (or later). For details, please see Nexedi licensing.
Install NayuOS
First, Find your codename of the board for your machine. If we do not support your board you can always try a generic image amd64-generic.
Second, download (and verify) the image from our repository. New builds can be found in Build Releases with links to their repositories.
Third, we provide a guide on how to Install the image on your Chromebook.
Find your codename
Build releases
Release 79
Built on 2020-01-23 / hashes
Notes
Release 77
Built on 2019-08-08 / hashes
Notes
- Re6st is installable via chromebrew
- Remove quota limitation in guest mode
Release 68
Built on 2018-08-24 / hashes
Notes
- Remove default builtin packages
- Include quick way to install chromebrew
- Added NayuOS branding
- Material Design Secondary UI changes
- Many stability and security improvements
- ctrl-w keybinding now works in fullscreen terminal windows
- Re6st is not yet functional at launch
Release 62
Built on 2017-10-05
Notes
- New build for ASUS Flip C302 (board cave)
- Script grandenet does not work
- Audio issue for Acer 14 For Work (board lars) still present
Release 61
Built on 2017-07-14
Notes
- Script grandenet does not work
- Audio issue for Acer 14 For Work (board lars) still present
Release 60
Built on 2017-07-08
Notes
- Generic image amd64-generic is being built from now on
- New build for Acer 14 For Work (board lars) but currently with audio issues.
- New build for Google ChromeBook Pixel 2013 (board link)
- Board samus was omitted in this build
- Script grandenet ceased to work - investigation in progress.
Verify the image
Verify the hash by checking in the hash.txt file of the extracted image, and compare with the value of the freshly downloaded image.
zcat your_board.nayuos.img.gz | sha512sum
The values should be the same.
Install the image on your Chromebook
Before doing anything, it is safer to make a recovery USB stick, just in case...
In order to install Chromium OS on you Chromebook, you will have to create a bootable USB stick. To do this, you can use:
Once you have your image, you need to activate the developer mode on your device: generally, you have to turn your Chromebook off and hit ESC
+ F3
(the "reload" key) + POWER
button.
You should then get a screen saying that "Chrome OS is missing or damaged", this is just an dissuasive message, hit CTRL
+ D
and confirm by hitting ENTER
that you want to enable the developer mode.
Choose to "Browse as guest" by clicking on the button in the bottom left corner of the login page.
Then, you need to allow your device to boot on USB. For that, get a shell:
- by typing
CTRL
+ ALT
+ T
in the browser to access to the "crosh" terminal, and writing the command shell
- by hitting
CTRL
+ ALT
+ F2
(the "next" key), either as root
or chronos
and type:
sudo crossystem dev_boot_usb=1 dev_boot_signed_only=0
Reboot and press CTRL
+ U
at boot time to boot on USB.
Welcome into your live-USB NayuOS
You will be on a live Chromium OS system. If you want to install it for real, open a terminal (as described above with CTRL + ALT + T and "crosh" terminal) and type:
sudo /usr/sbin/chromeos-install
After installation is done, you can follow the instructions in order to boot into installed NayuOS.
Important notes
After that, don't try to turn the developer mode off (hitting SPACE
at boot time), or you will have to reinstall the original Chrome OS!
If it does not boot on the live system...
If you were in developer mode under Chrome OS, you may have to switch back to normal mode (hitting space at boot time). Then, you can follow the instructions above.
Build your own image
The build process based on Buildout in our decentralized cloud technology SlapOS makes possible to build many images of NayuOS for specific boards based on the latest releases of Chromium OS.
Some other useful information:
Known issues
Some issues which may be fixed in the next versions.
- There is no dev server running on the official release, which could be used for packages update or installation using
gmerge
and over the air update.
- Some packages are looking for binaries/libraries in
/usr/
instead of /usr/local/
:
npm
is looking for node binary in /usr/bin/
instead of /usr/local/bin
.
- Obviously, there is no Adobe Flash, which is proprietary (and there is no gnash neither), but who cares about Flash?
- There is no way to upgrade just by typing a command, re-flashing the device is needed to get a new version of NayuOS.
Tips and tricks
- extend the
/etc/hosts
(which is read-only) using the HOSTALIASES environment variable to have per-user customized IP/name conversions
- In case you get the "Chrome OS is missing or damaged" error at boot time or if you just want to go back to your original system, it is easy to make a recovery image of your original system, with the dedicated application.
- having
re6st
, to get IPv6 over an IPv4 network, is easy: follow instructions with the script sudo grandenet
- use the command
sudo chromeos-setdevpasswd
to change chronos
user's password so that password is asked when using sudo and passwordless root
console login is disabled.
- unzip with Python using the command:
python -m zipfile -e myfile.zip outputpath
- create and manage LUKS-encrypted partition (change
partition
by the actual partition or device in /dev/
):
sudo cryptsetup luksOpen /dev/partition mydevice sudo mkdir /media/removable/somewhere sudo mount -o rw,nosuid,nodev,noexec /dev/mapper/mydevice /media/removable/somewhere
On R54 and later, you can use the encmount command to mount one LUKS-encrypted device: encmount mydevice
.
- change the timezone by changing the symlink at
/var/lib/timezone/localtime
- some more information on Chromium OS website
FAQ
Q: I want to run it on a normal PC laptop. When will this option be available?
A: Some of us tried to run a "generic" version of Chromium OS on their laptop. It was not reliable because of problems due to unsupported hardware (such as trackpad issues, ...).
Q: I do not understand why do you need to make separate images for all the x86-based Chromebooks?
A: Chromium OS is optimized for each device: because the Chromium OS team know what are the hardware specifications for every board, they choose not to add such driver, ... . This is why sleep mode, sound, wifi, and so on, always work well on these devices (that you sometimes experience when using a generic GNU/Linux distribution on an ordinary laptop).
Q: What does NayuOS looks like?
A: We took a screenshot for you
Q: What can I do with NayuOS?
A: You can:
- use the crosh terminal,
- access your IPV6 network from anywhere, even on IPv4-only networks,
- read encrypted SD-card, USB sticks,
- use an online open source ERP,
- access remote server with ssh command as usual,
- run Python, create Flask applications, test and use them locally, ...
- use or write JavaScript applications for everything else!
Q: What can't I do with NayuOS?
A: You can't:
- store documents on your Chromebook (use external devices),
- use Adobe Flash or proprietary codecs for multimedia (mp3, ...),
- install packages (same as Chrome OS),
- execute custom binary anywhere (most of the file system is mounted noexec),
- use Chrome extensions and Google account for logging in.
Q: How Free are NayuOS users? Do you think someday it might be free enough to be submitted to the FSF as an approved distro?
A: Our intention is to have a fully Free (so FSF-compliant) device and Chromebooks running NayuOS or Chromium OS are relatively close to it, but:
- there are unfortunately necessary microcode for the CPU, that are non-Free,
- we did not recompile Coreboot, neither flashed the read-only part of the Chromebook's firmware (at least, we have not tried yet),
- for ARM-flavoured boards, when compiling Chromium OS, accepting GPU drivers are required (this is why we don't redistribute NayuOS images for ARM devices),
- we don't have the resources to audit the full code to find whether there are non-free pieces of software,
- more?
About the kernel on my own Chromebook ("swanky"):
cat /proc/sys/kernel/tainted 1536
This means:
512 - A kernel warning has occurred. 1024 - A module from drivers/staging was loaded.
There are no non-GPL-licensed module loaded! These flags can be explained by warnings from Intel drivers:
dmesg | grep -i warn [...] WARNING: at /mnt/host/source/src/third_party/kernel/v3.10/drivers/gpu/drm/i915/intel_display.c:759 intel_wait_for_vblank+0xdb/0x1c3() [...] WARNING: at /mnt/host/source/src/third_party/kernel/v3.10/drivers/gpu/drm/i915/intel_display.c:854 intel_wait_for_pipe_off+0x14d/0x154() [...]
and zram being still in staging (in other words, it is/was not considered ready yet and on the way to become a official Linux kernel module)
dmesg | grep -i staging zram: module is from the staging directory, the quality is unknown, you have been warned.
Q: I am interested on how I can manage to add my private ssh keys to NayuOS.
A: I am using NayuOS daily, with a USB stick (some use SD cards) on which I have all the data I want to keep locally. My ssh private key is stored on it, so I just need to copy it to ~/.ssh
when I need it. The device can be encrypted using cryptsetup cli.
In the news
English
French
German
Spanish
Italian
Chinese
Indonesian
References