configure.mdwn 12.2 KB
Newer Older
Tails developers's avatar
Tails developers committed
1
[[!meta title="Create & configure the persistent volume"]]
2
3
4

[[!inline pages="doc/first_steps/persistence.caution" raw="yes"]]

Tails developers's avatar
Tails developers committed
5
6
[[!toc levels=2]]

Tails developers's avatar
Tails developers committed
7
Start the persistent volume assistant
8
=====================================
9

10
To start the persistent volume assistant, choose
11
12
13
<span class="menuchoice">
  <span class="guimenu">Applications</span>&nbsp;▸
  <span class="guisubmenu">Tails</span>&nbsp;▸
Tails developers's avatar
Tails developers committed
14
  <span class="guimenuitem">Configure persistent volume</span></span>.
15

Tails developers's avatar
Tails developers committed
16
<div class="note">
17

Tails developers's avatar
Tails developers committed
18
19
The error message <span class="emphasis">Error, Persistence partition is not
unlocked.</span> means that the persistent volume was not enabled from
20
<span class="application">Tails Greeter</span>. So you can not configure it
Tails developers's avatar
Tails developers committed
21
but you can delete it and create a new one.
22

Tails developers's avatar
Tails developers committed
23
</div>
24

Tails developers's avatar
Tails developers committed
25
Creating the persistent volume
26
==============================
27
28

When run for the first time, or after [[deleting the persistent
29
volume|delete]], the assistant proposes to create a new persistent volume on
30
the device from which Tails is running.
31

32
1. The persistent volume is an encrypted partition protected by a passphrase.
33
34
35
36
37
38
39
40
41
Specify a passphrase of your choice in both the
<span class="guilabel">Passphrase</span> and <span class="guilabel">Verify
Passphrase</span> text boxes.

2. Click on the <span class="guilabel">Create</span> button.

3. Wait for the creation to finish.

<div class="bug">
42

43
<strong>If the creation is interrupted before it finishes</strong>, you may not
44
45
be able to start Tails from this device any more. This can happen if you
close the window of the wizard or unplug the USB stick or SD card during the creation of
46
47
the persistent volume. [[Delete|first_steps/reset]] and
[[reinstall|first_steps/installation]] Tails to fix this issue.
48

49
50
</div>

51
52
<a id="features"></a>

53
54
Persistence features
====================
55

56
When run from a Tails device that already has a persistent volume, the assistant
57
shows a list of the possible persistence features. Each feature corresponds to a
58
set a files to be saved in the persistent volume.
59
60

<div class="note">
61

62
63
<strong>Restart Tails to apply the changes</strong> after selecting or
unselecting one or several features.
64

65
66
67
</div>

<div class="bug">
68

Tails developers's avatar
Tails developers committed
69
70
If you unselect a feature that used to be activated, it will be
deactivated after restarting Tails but the corresponding files will
71
remain on the persistent volume.
72

73
74
</div>

Tails developers's avatar
Tails developers committed
75
76
<a id="personal_data"></a>

77
<div class="icon">
78
[[!img stock_folder.png link=no]]
Tails developers's avatar
Tails developers committed
79
<div class="text"><h2>Personal Data</h2></div>
80
81
82
83
84
85
86
87
88
</div>

When this feature is activated, you can save your personal files and working
documents in the <span class="filename">Persistent</span> folder.

To open the <span class="filename">Persistent</span> folder, choose
<span class="menuchoice">
  <span class="guimenu">Places</span>&nbsp;▸
  <span class="guimenuitem">Home Folder</span></span>, and open the <span
89
  class="guilabel">Persistent</span> folder.
90

Tails developers's avatar
Tails developers committed
91
92
<a id="gnupg"></a>

93
<div class="icon">
94
[[!img seahorse-key.png link=no]]
Tails developers's avatar
Tails developers committed
95
<div class="text"><h2>GnuPG</h2></div>
96
97
98
</div>

When this feature is activated, the OpenPGP keys that you create or import are
99
saved in the persistent volume.
100
101

<div class="caution">
102

Tails developers's avatar
Tails developers committed
103
104
105
If you manually edit or overwrite the
<span class="filename">~/.gnupg/gpg.conf</span> configuration file
you may lessen your anonymity,
106
weaken the encryption defaults or render GnuPG unusable.
107

108
109
</div>

Tails developers's avatar
Tails developers committed
110
111
<a id="ssh_client"></a>

112
<div class="icon">
113
[[!img seahorse-key-ssh.png link=no]]
Tails developers's avatar
Tails developers committed
114
<div class="text"><h2>SSH Client</h2></div>
115
116
117
</div>
    
When this feature is activated, all the files related to the secure-shell client
118
are saved in the persistent volume:
119
120
121
122
123
124

  - The SSH keys that you create or import
  - The public keys of the hosts you connect to
  - The SSH configuration file in <span class="filename">~/.ssh/config</span> 

<div class="caution">
125

Tails developers's avatar
Tails developers committed
126
127
128
129
If you manually edit the <span class="filename">~/.ssh/config</span>
configuration file, make sure not to overwrite the
default configuration from the
<span class="filename">/etc/ssh/ssh_config</span> file. Otherwise, you may weaken the
130
encryption defaults or render SSH unusable.
131

132
133
</div>

Tails developers's avatar
Tails developers committed
134
135
<a id="pidgin"></a>

136
<div class="icon">
137
[[!img pidgin.png link=no]]
Tails developers's avatar
Tails developers committed
138
<div class="text"><h2>Pidgin</h2></div>
139
140
141
</div>

When this feature is activated, all the configuration files of the
142
143
<span class="application">Pidgin</span> Internet messenger are saved in the
persistent volume:
144
145
146

  - The configuration of your accounts, buddies and chats.
  - Your OTR encryption keys and keyring.
Tails developers's avatar
Tails developers committed
147
  - The content of the discussions is not saved unless you configure
148
149
150
151
152
    <span class="application">Pidgin</span> to do so.

All the configuration options are available from the graphical interface. There
is no need to manually edit or overwrite the configuration files.

Tails developers's avatar
Tails developers committed
153
154
<a id="claws_mail"></a>

155
<div class="icon">
156
[[!img claws-mail.png link=no]]
Tails developers's avatar
Tails developers committed
157
<div class="text"><h2>Claws Mail</h2></div>
158
159
160
</div>

When this feature is activated, the configuration and emails stored locally by
161
162
the <span class="application">Claws Mail</span> email client are saved in the
persistent volume.
163
164
165
166

All the configuration options are available from the graphical interface. There
is no need to manually edit or overwrite the configuration files.

167
168
169
170
171
172
173
<div class="bug">

<p>The emails of a POP3 account created without using the configuration
assistant are not stored in the persistent volume by default.  For example,
when configuring a second email account.</p>

<p>To make it persistent choose
174
175
<span class="menuchoice">
  <span class="guimenu">File</span>&nbsp;▸
Tails developers's avatar
Tails developers committed
176
  <span class="guimenu">Add Mailbox</span>&nbsp;▸
177
178
179
  <span class="guimenuitem">MH...</span></span> and change the location of the mailbox
from <span class="filename">Mail</span> to <span class="filename">.claws-mail/Mail</span>.</p>

180
181
</div>

Tails developers's avatar
Tails developers committed
182
183
<a id="gnome_keyring"></a>

184
<div class="icon">
185
[[!img seahorse-key-personal.png link=no]]
Tails developers's avatar
Tails developers committed
186
<div class="text"><h2>GNOME Keyring</h2></div>
187
188
189
</div>

When this feature is activated, the secrets of
190
191
<span class="application">GNOME Keyring</span> are saved in the persistent
volume.
192
193
194
195
196
197

GNOME Keyring is a collection of components in GNOME that store secrets,
passwords, keys, certificates and make them available to applications.
For more information about <span class="application">GNOME Keyring</span> see
the [official documentation](http://live.gnome.org/GnomeKeyring).

198
<a id="network_connections"></a>
199
200

<div class="icon">
Tails developers's avatar
Tails developers committed
201
[[!img network-manager.png link=no]]
202
<div class="text"><h2>Network Connections</h2></div>
203
204
</div>

205
When this feature is activated, the configuration of the network devices
Tails developers's avatar
Tails developers committed
206
and connections is saved in the persistent volume.
207

208
209
210
To save passwords, for example the passwords of encrypted wireless connections,
the [[<span class="application">GNOME Keyring</span> persistence
feature|configure#gnome_keyring]] must also be activated.
211

Tails developers's avatar
Tails developers committed
212
213
<a id="apt_packages"></a>

214
<div class="icon">
215
[[!img synaptic.png link=no]]
Tails developers's avatar
Tails developers committed
216
<div class="text"><h2>APT Packages</h2></div>
217
218
219
220
</div>

When this feature is activated, the packages that you install using the
<span class="application">Synaptic</span> package manager or the
221
<span class="command">apt-get</span> command are saved in the persistent volume.
222

223
224
225
If you install additional programs, this feature allows you to download them
once and reinstall them during future working sessions, even offline.
Note that those packages are not automatically installed when restarting Tails.
226
227
228
229

If you activate this feature, it is recommended to activate the
<span class="guilabel">APT Lists</span> feature as well.

Tails developers's avatar
Tails developers committed
230
231
<a id="apt_lists"></a>

232
<div class="icon">
233
[[!img synaptic.png link=no]]
Tails developers's avatar
Tails developers committed
234
<div class="text"><h2>APT Lists</h2></div>
235
236
237
</div>

When this feature is activated, the lists of all the software packages available
238
for installation are saved in the persistent volume.
239
240
241
242
243
244
245

Those so called <span class="emphasis">APT lists</span> correspond to the files
downloaded while doing
<span class="guilabel">Reload</span> from the
<span class="application">Synaptic</span> package manager or issuing the
<span class="command">apt-get update</span> command.

246
247
248
249
The <span class="emphasis">APT lists</span> are needed to install additional
programs or explore the list of available software packages. This feature allows
you to reuse them during future working sessions, even offline.

250
251
252
<a id="browser_bookmarks"></a>

<div class="icon">
Tails developers's avatar
Tails developers committed
253
[[!img user-bookmarks.png link=no]]
254
255
256
257
<div class="text"><h2>Browser bookmarks</h2></div>
</div>

When this feature is activated, changes to the bookmarks in the
258
<span class="application">Tor Browser</span> are saved in the persistent
259
260
volume. This does not apply to the Unsafe web browser.

261
262
263
264
<a id="printers"></a>

<div class="icon">
[[!img printer.png link=no]]
Tails developers's avatar
Tails developers committed
265
<div class="text"><h2>Printers</h2></div>
266
267
</div>

Tails developers's avatar
Tails developers committed
268
When this feature is activated, the configuration of the printers is saved in the
269
270
persistent volume.

Tails developers's avatar
Tails developers committed
271
272
<a id="dotfiles"></a>

273
<div class="icon">
274
[[!img preferences-desktop.png link=no]]
Tails developers's avatar
Tails developers committed
275
<div class="text"><h2>Dotfiles</h2></div>
276
277
</div>

278
When this feature is activated, all the files in the <span
Tails developers's avatar
Tails developers committed
279
class="filename">/live/persistence/TailsData_unlocked/dotfiles</span> folder
280
are linked in the <span class="filename">Home</span> folder. Files in
281
282
subfolders of <span class="filename">dotfiles</span> are also linked
in the corresponding subfolder of your <span class="filename">Home
283
</span> folder.
284

285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
For example, having the following files in <span
class="filename">/live/persistence/TailsData_unlocked/dotfiles</span>:

    /live/persistence/TailsData_unlocked/dotfiles
    ├── file_a
    ├── folder
    │   ├── file_b
    │   └── subfolder
    │       └── file_c
    └── emptyfolder

Produces the following result in <span class="filename">/home/amnesia</span>:

    /home/amnesia
    ├── file_a → /live/persistence/TailsData_unlocked/dotfiles/file_a
    └── folder
        ├── file_b → /live/persistence/TailsData_unlocked/dotfiles/folder/file_b
        └── subfolder
            └── file_c → /live/persistence/TailsData_unlocked/dotfiles/folder/subfolder/file_c

305
306
307
308
This option is useful if you want to make some specific files
persistent, but not the folders they are stored in. A fine example are
the so called "dotfiles" (and hence the name of this feature), the
hidden configuration files in the root of your home directory, like
309
<span class="filename">~/.gitconfig</span> and <span
310
class="filename">~/.bashrc</span>.
311

312
313
314
315
As you can see in the previous example, empty folders are ignored. This feature
only links files, and not folders, from the persistent volume into the <span
class="filename">Home</span> folder.

316
<a id="additional_software"></a>
Tails developers's avatar
Tails developers committed
317

Tails developers's avatar
Tails developers committed
318
319
320
Additional software packages
----------------------------

Tails developers's avatar
Tails developers committed
321
<div class="note">
322

Tails developers's avatar
Tails developers committed
323
This is an experimental feature which does not appear in the assistant.
324

Tails developers's avatar
Tails developers committed
325
326
327
328
</div>

When this feature is enabled, a list of additional software of your
choice is automatically installed at the beginning of every working
329
session. The corresponding software packages are stored in the
Tails developers's avatar
Tails developers committed
330
331
persistent volume. They are automatically upgraded for security
after a network connection is established.
Tails developers's avatar
Tails developers committed
332
333
334
335
336

To use this feature you need to enable both the <span
class="guilabel">APT Lists</span> and <span class="guilabel">APT
Packages</span> features.

337
<div class="note">
338

339
340
341
If you are offline and your additional software packages don't install, it
might be caused by outdated APT Lists. The issue will be fixed next time you
connect Tails to Internet with persistence activated.
342

343
344
</div>

345
346
347
To choose the list of additional software, start Tails with an administrator
password and edit (as an administrator) the file called
`/live/persistence/TailsData_unlocked/live-additional-software.conf`.
348
Each line of this file must contain
Tails developers's avatar
Tails developers committed
349
350
351
352
the name of a Debian package to be installed as an additional software
package.

For example, to automatically install the `dia` software, a diagram
353
354
editor, and the `fontmatrix` software, a font manager, add the following
content to `live-additional-software.conf`:
Tails developers's avatar
Tails developers committed
355

Tails developers's avatar
Tails developers committed
356
357
    dia
    fontmatrix
Tails developers's avatar
Tails developers committed
358

Tails developers's avatar
Tails developers committed
359
360
To learn about the many software packages available in Debian, visit
<http://packages.debian.org/stable/>.
361
362

<div class="caution">
363
364
365

<strong>Installing additional software is at your own risk.</strong>
Most additional software requires extra configuration to be able to
366
connect to the network through Tor, and will not work otherwise. Some other software might, for
367
368
369
example, modify the firewall and break the security built in Tails.
Software not officially included in Tails is not tested for security.

370
</div>