configure.mdwn 13.1 KB
Newer Older
Tails developers's avatar
Tails developers committed
1
[[!meta title="Create & configure the persistent volume"]]
2
3
4

[[!inline pages="doc/first_steps/persistence.caution" raw="yes"]]

Tails developers's avatar
Tails developers committed
5
6
[[!toc levels=2]]

Tails developers's avatar
Tails developers committed
7
Start the persistent volume assistant
8
=====================================
9

10
To start the persistent volume assistant, choose
11
12
13
<span class="menuchoice">
  <span class="guimenu">Applications</span>&nbsp;▸
  <span class="guisubmenu">Tails</span>&nbsp;▸
Tails developers's avatar
Tails developers committed
14
  <span class="guimenuitem">Configure persistent volume</span></span>.
15

Tails developers's avatar
Tails developers committed
16
<div class="note">
17

Tails developers's avatar
Tails developers committed
18
19
The error message <span class="emphasis">Error, Persistence partition is not
unlocked.</span> means that the persistent volume was not enabled from
20
<span class="application">Tails Greeter</span>. So you can not configure it
Tails developers's avatar
Tails developers committed
21
but you can delete it and create a new one.
22

Tails developers's avatar
Tails developers committed
23
</div>
24

Tails developers's avatar
Tails developers committed
25
Creating the persistent volume
26
==============================
27
28

When run for the first time, or after [[deleting the persistent
29
volume|delete]], the assistant proposes to create a new persistent volume on
30
the device from which Tails is running.
31

32
1. The persistent volume is an encrypted partition protected by a passphrase.
33
34
35
36
37
38
39
40
41
Specify a passphrase of your choice in both the
<span class="guilabel">Passphrase</span> and <span class="guilabel">Verify
Passphrase</span> text boxes.

2. Click on the <span class="guilabel">Create</span> button.

3. Wait for the creation to finish.

<div class="bug">
42

43
<strong>If the creation is interrupted before it finishes</strong>, you may not
44
45
be able to start Tails from this device any more. This can happen if you
close the window of the wizard or unplug the USB stick or SD card during the creation of
46
47
the persistent volume. [[Delete|first_steps/reset]] and
[[reinstall|first_steps/installation]] Tails to fix this issue.
48

49
50
</div>

51
52
<a id="features"></a>

53
54
Persistence features
====================
55

56
When run from a Tails device that already has a persistent volume, the assistant
57
shows a list of the possible persistence features. Each feature corresponds to a
58
set a files to be saved in the persistent volume.
59
60

<div class="note">
61

62
63
<strong>Restart Tails to apply the changes</strong> after selecting or
unselecting one or several features.
64

65
66
</div>

67
68
69
<div class="note">

Only features that are listed here can currently be made
70
persistent. Some other features have been asked and accepted, but are
intrigeri's avatar
intrigeri committed
71
waiting to be implemented: browser extensions,
BitingBird's avatar
BitingBird committed
72
73
74
[[!tails_ticket 7148 desc="wallpaper"]],
[[!tails_ticket 7625 desc="RSS feeds"]],
[[!tails_ticket 7246 desc="default sound card"]],
75
[[!tails_ticket 5979 desc="mouse and touchpad settings"]],
intrigeri's avatar
intrigeri committed
76
etc. See the
77
[[corresponding tickets|https://labs.riseup.net/code/projects/tails/issues?query_id=122]]
sajolida's avatar
sajolida committed
78
for more details.
79
80
81

</div>

82
<div class="bug">
83

Tails developers's avatar
Tails developers committed
84
85
If you unselect a feature that used to be activated, it will be
deactivated after restarting Tails but the corresponding files will
86
remain on the persistent volume.
87

88
89
</div>

Tails developers's avatar
Tails developers committed
90
91
<a id="personal_data"></a>

92
<div class="icon">
93
[[!img stock_folder.png link=no]]
Tails developers's avatar
Tails developers committed
94
<div class="text"><h2>Personal Data</h2></div>
95
96
97
98
99
100
101
102
</div>

When this feature is activated, you can save your personal files and working
documents in the <span class="filename">Persistent</span> folder.

To open the <span class="filename">Persistent</span> folder, choose
<span class="menuchoice">
  <span class="guimenu">Places</span>&nbsp;▸
103
  <span class="guimenuitem">Persistent</span></span>.
104

Tails developers's avatar
Tails developers committed
105
106
<a id="gnupg"></a>

107
<div class="icon">
108
[[!img seahorse-key.png link=no]]
Tails developers's avatar
Tails developers committed
109
<div class="text"><h2>GnuPG</h2></div>
110
111
112
</div>

When this feature is activated, the OpenPGP keys that you create or import are
113
saved in the persistent volume.
114
115

<div class="caution">
116

Tails developers's avatar
Tails developers committed
117
118
119
If you manually edit or overwrite the
<span class="filename">~/.gnupg/gpg.conf</span> configuration file
you may lessen your anonymity,
120
weaken the encryption defaults or render GnuPG unusable.
121

122
123
</div>

Tails developers's avatar
Tails developers committed
124
125
<a id="ssh_client"></a>

126
<div class="icon">
127
[[!img seahorse-key-ssh.png link=no]]
Tails developers's avatar
Tails developers committed
128
<div class="text"><h2>SSH Client</h2></div>
129
130
131
</div>
    
When this feature is activated, all the files related to the secure-shell client
132
are saved in the persistent volume:
133
134
135
136
137
138

  - The SSH keys that you create or import
  - The public keys of the hosts you connect to
  - The SSH configuration file in <span class="filename">~/.ssh/config</span> 

<div class="caution">
139

Tails developers's avatar
Tails developers committed
140
141
142
143
If you manually edit the <span class="filename">~/.ssh/config</span>
configuration file, make sure not to overwrite the
default configuration from the
<span class="filename">/etc/ssh/ssh_config</span> file. Otherwise, you may weaken the
144
encryption defaults or render SSH unusable.
145

146
147
</div>

Tails developers's avatar
Tails developers committed
148
149
<a id="pidgin"></a>

150
<div class="icon">
151
[[!img pidgin.png link=no]]
Tails developers's avatar
Tails developers committed
152
<div class="text"><h2>Pidgin</h2></div>
153
154
155
</div>

When this feature is activated, all the configuration files of the
156
157
[[<span class="application">Pidgin</span> Internet messenger|doc/anonymous_internet/pidgin]]
are saved in the persistent volume:
158
159
160

  - The configuration of your accounts, buddies and chats.
  - Your OTR encryption keys and keyring.
Tails developers's avatar
Tails developers committed
161
  - The content of the discussions is not saved unless you configure
162
163
164
165
166
    <span class="application">Pidgin</span> to do so.

All the configuration options are available from the graphical interface. There
is no need to manually edit or overwrite the configuration files.

167
168
<div class="bug">

169
<p>Pidgin fails to load any account if you enable persistence and
170
select the <span class="guilabel">Read-Only</span> check box as a startup option.</p>
171

172
<p>Don't use the <span class="guilabel">Read-Only</span> option if you want to use Pidgin. See
173
[[!tails_ticket 8465]].</p>
174
175
176

</div>

177
178
179
180
181
182
183
184
185
186
187
188
<a id="icedove"></a>

<div class="icon">
[[!img icedove.png link=no]]
<div class="text"><h2>Icedove</h2></div>
</div>

When this feature is activated, the configuration and emails stored
by the
[[<span class="application">Icedove</span> email client|doc/anonymous_internet/icedove]]
are saved in the persistent volume.

Tails developers's avatar
Tails developers committed
189
190
<a id="gnome_keyring"></a>

191
<div class="icon">
192
[[!img seahorse-key-personal.png link=no]]
Tails developers's avatar
Tails developers committed
193
<div class="text"><h2>GNOME Keyring</h2></div>
194
195
196
</div>

When this feature is activated, the secrets of
197
198
<span class="application">GNOME Keyring</span> are saved in the persistent
volume.
199
200
201
202
203
204

GNOME Keyring is a collection of components in GNOME that store secrets,
passwords, keys, certificates and make them available to applications.
For more information about <span class="application">GNOME Keyring</span> see
the [official documentation](http://live.gnome.org/GnomeKeyring).

205
<a id="network_connections"></a>
206
207

<div class="icon">
Tails developers's avatar
Tails developers committed
208
[[!img network-manager.png link=no]]
209
<div class="text"><h2>Network Connections</h2></div>
210
211
</div>

212
213
214
When this feature is activated, the
[[configuration of the network devices and connections|doc/anonymous_internet/networkmanager]]
is saved in the persistent volume.
215

216
217
218
To save passwords, for example the passwords of encrypted wireless connections,
the [[<span class="application">GNOME Keyring</span> persistence
feature|configure#gnome_keyring]] must also be activated.
219

220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
<a id="browser_bookmarks"></a>

<div class="icon">
[[!img user-bookmarks.png link=no]]
<div class="text"><h2>Browser bookmarks</h2></div>
</div>

When this feature is activated, changes to the bookmarks in
[[<span class="application">Tor Browser</span>|doc/anonymous_internet/Tor_Browser]]
are saved in the persistent volume. This does not apply to the
[[<span class="application">Unsafe Browser</span>|doc/anonymous_internet/unsafe_browser]].

<a id="printers"></a>

<div class="icon">
[[!img printer.png link=no]]
<div class="text"><h2>Printers</h2></div>
</div>

When this feature is activated, the
[[configuration of the printers|doc/sensitive_documents/printing_and_scanning]]
is saved in the persistent volume.

<a id="bitcoin"></a>

<div class="icon">
[[!img electrum.png link=no]]
<div class="text"><h2>Bitcoin Client</h2></div>
</div>

When this feature is activated, the bitcoin wallet and preferences of
the [[*Electrum* bitcoin client|anonymous_internet/electrum]] are saved in the
persistent volume.

Tails developers's avatar
Tails developers committed
254
255
<a id="apt_packages"></a>

256
<div class="icon">
257
[[!img synaptic.png link=no]]
Tails developers's avatar
Tails developers committed
258
<div class="text"><h2>APT Packages</h2></div>
259
260
261
262
</div>

When this feature is activated, the packages that you install using the
<span class="application">Synaptic</span> package manager or the
263
<span class="command">apt-get</span> command are saved in the persistent volume.
264

265
266
267
If you
[[install additional programs|doc/advanced_topics/additional_software]],
this feature allows you to download them once and reinstall them
sajolida's avatar
sajolida committed
268
269
270
271
272
during future working sessions, even offline.

To reinstall these packages automatically when restarting Tails, use the
[[<span class="guilabel">Additional software packages</span> persistence
feature|configure#additional_software]].
273

sajolida's avatar
sajolida committed
274
If you activate the <span class="guilabel">APT Packages</span> persistence feature,
275
it is recommended to activate the <span class="guilabel">APT Lists</span> feature as well.
276

Tails developers's avatar
Tails developers committed
277
278
<a id="apt_lists"></a>

279
<div class="icon">
280
[[!img synaptic.png link=no]]
Tails developers's avatar
Tails developers committed
281
<div class="text"><h2>APT Lists</h2></div>
282
283
284
</div>

When this feature is activated, the lists of all the software packages available
285
for installation are saved in the persistent volume.
286
287
288
289
290
291
292

Those so called <span class="emphasis">APT lists</span> correspond to the files
downloaded while doing
<span class="guilabel">Reload</span> from the
<span class="application">Synaptic</span> package manager or issuing the
<span class="command">apt-get update</span> command.

293
294
295
296
The <span class="emphasis">APT lists</span> are needed to
[[install additional programs|doc/advanced_topics/additional_software]]
or explore the list of available software packages. This feature
allows you to reuse them during future working sessions, even offline.
297

Tails developers's avatar
Tails developers committed
298
299
<a id="dotfiles"></a>

300
<div class="icon">
301
[[!img preferences-desktop.png link=no]]
Tails developers's avatar
Tails developers committed
302
<div class="text"><h2>Dotfiles</h2></div>
303
304
</div>

305
When this feature is activated, all the files in the <span
Tails developers's avatar
Tails developers committed
306
class="filename">/live/persistence/TailsData_unlocked/dotfiles</span> folder
307
are linked in the <span class="filename">Home</span> folder. Files in
308
309
subfolders of <span class="filename">dotfiles</span> are also linked
in the corresponding subfolder of your <span class="filename">Home
310
</span> folder.
311

312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
For example, having the following files in <span
class="filename">/live/persistence/TailsData_unlocked/dotfiles</span>:

    /live/persistence/TailsData_unlocked/dotfiles
    ├── file_a
    ├── folder
    │   ├── file_b
    │   └── subfolder
    │       └── file_c
    └── emptyfolder

Produces the following result in <span class="filename">/home/amnesia</span>:

    /home/amnesia
    ├── file_a → /live/persistence/TailsData_unlocked/dotfiles/file_a
    └── folder
        ├── file_b → /live/persistence/TailsData_unlocked/dotfiles/folder/file_b
        └── subfolder
            └── file_c → /live/persistence/TailsData_unlocked/dotfiles/folder/subfolder/file_c

332
333
334
335
This option is useful if you want to make some specific files
persistent, but not the folders they are stored in. A fine example are
the so called "dotfiles" (and hence the name of this feature), the
hidden configuration files in the root of your home directory, like
336
<span class="filename">~/.gitconfig</span> and <span
337
class="filename">~/.bashrc</span>.
338

339
340
341
342
As you can see in the previous example, empty folders are ignored. This feature
only links files, and not folders, from the persistent volume into the <span
class="filename">Home</span> folder.

343
<a id="additional_software"></a>
Tails developers's avatar
Tails developers committed
344

Tails developers's avatar
Tails developers committed
345
346
347
Additional software packages
----------------------------

Tails developers's avatar
Tails developers committed
348
<div class="note">
349

Tails developers's avatar
Tails developers committed
350
This is an experimental feature which does not appear in the assistant.
351

Tails developers's avatar
Tails developers committed
352
353
</div>

354
355
356
357
358
359
When this feature is enabled, a list of
[[additional software|doc/advanced_topics/additional_software]] of
your choice is automatically installed at the beginning of every
working session. The corresponding software packages are stored in the
persistent volume. They are automatically upgraded for security after
a network connection is established.
Tails developers's avatar
Tails developers committed
360
361
362
363
364

To use this feature you need to enable both the <span
class="guilabel">APT Lists</span> and <span class="guilabel">APT
Packages</span> features.

365
<div class="note">
366

367
368
369
If you are offline and your additional software packages don't install, it
might be caused by outdated APT Lists. The issue will be fixed next time you
connect Tails to Internet with persistence activated.
370

371
372
</div>

373
374
375
To choose the list of additional software, start Tails with an administrator
password and edit (as an administrator) the file called
`/live/persistence/TailsData_unlocked/live-additional-software.conf`.
376
Each line of this file must contain
Tails developers's avatar
Tails developers committed
377
378
379
380
the name of a Debian package to be installed as an additional software
package.

For example, to automatically install the `dia` software, a diagram
381
382
editor, and the `fontmatrix` software, a font manager, add the following
content to `live-additional-software.conf`:
Tails developers's avatar
Tails developers committed
383

Tails developers's avatar
Tails developers committed
384
385
    dia
    fontmatrix
Tails developers's avatar
Tails developers committed
386

Tails developers's avatar
Tails developers committed
387
388
To learn about the many software packages available in Debian, visit
<http://packages.debian.org/stable/>.
389
390

<div class="caution">
391
392
393

<strong>Installing additional software is at your own risk.</strong>
Most additional software requires extra configuration to be able to
394
connect to the network through Tor, and will not work otherwise. Some other software might, for
395
396
397
example, modify the firewall and break the security built in Tails.
Software not officially included in Tails is not tested for security.

398
</div>