From d4e544edac0b44160b42d7ce59e1f82a3d1ff8ad Mon Sep 17 00:00:00 2001 From: meliurwen Date: Tue, 17 Nov 2020 20:55:17 +0100 Subject: [PATCH] Initial commit --- LICENSE | 18 ++ README.md | 60 ++++ custom/install_base_packages.sh | 11 + custom/install_docker-compose.sh | 20 ++ custom/install_docker.sh | 64 +++++ custom/main.sh | 12 + preseed/preseed.cfg | 467 +++++++++++++++++++++++++++++++ preseed/remote.cfg | 20 ++ regeniso-sid.sh | 236 ++++++++++++++++ regeniso.sh | 35 +++ 10 files changed, 943 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100755 custom/install_base_packages.sh create mode 100755 custom/install_docker-compose.sh create mode 100755 custom/install_docker.sh create mode 100755 custom/main.sh create mode 100644 preseed/preseed.cfg create mode 100644 preseed/remote.cfg create mode 100755 regeniso-sid.sh create mode 100755 regeniso.sh diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..6619e8c --- /dev/null +++ b/LICENSE @@ -0,0 +1,18 @@ +The MIT-Zero License + +Copyright (c) 2020 Meliurwen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..6c996fa --- /dev/null +++ b/README.md @@ -0,0 +1,60 @@ + + +```sh +wget -O debian-netinst.iso http://ftp.debian.org/debian/dists/stable/main/installer-amd64/current/images/netboot/mini.iso +``` +```sh +wget -O debian-netinst.iso http://ftp.debian.org/debian/dists/sid/main/installer-amd64/current/images/netboot/mini.iso +``` + +wget -O debian-netinst.iso https://d-i.debian.org/daily-images/amd64/daily/netboot/mini.iso + +wget -O debian-netinst.iso http://ftp.debian.org/debian/dists/unstable/main/installer-amd64/current/images/netboot/mini.iso + + +``` +systemctl stop wpa_supplicant +systemctl disable wpa_supplicant +``` + +``` +systemctl disable wpa_supplicant && apt-get purge -qq dbus && apt-get autoremove --purge -qq && apt-get clean -qq +``` + +## Guides + ++ Unattended Install + + https://wiki.debian.org/DebianInstaller/Preseed/EditIso + + https://haydenjames.io/direct-install-debian-sid-rolling-release-using-mini-iso-w-screenshots/ + + https://nx3d.org/ubuntu-1804-preseed/ + + https://wiki.debian.org/DebianInstaller/Preseed + + https://wiki.debian.org/DebianInstaller/Remote + + https://gist.github.com/zuzzas/a1695344162ac7fa124e15855ce0768f + + https://wiki.debian.org/ManipulatingISOs#Remaster_an_Installation_Image + + https://www.debian.org/CD/faq/ + + https://github.com/thblt/dotfiles + + https://wiki.debian.org/ReduceDebian#Remove_unnecessary_kernel_modules + + https://www.debian.org/releases/stretch/amd64/ch05s03.html.en + + https://wiki.debian.org/KernelModuleBlacklisting + + https://linux-audit.com/kernel-hardening-disable-and-blacklist-linux-modules/ + + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931368 + + https://bugs.launchpad.net/ubuntu/+source/console-setup/+bug/1553147 + + https://wiki.debian.org/AutomatedInstallation + + https://wiki.debian.org/DebianInstaller/Preseed + + https://www.system-rescue.org/ + + https://www.debian.org/releases/jessie/amd64/ch05s03.html.en + + https://www.debian.org/releases/stretch/amd64/ch05s03.html.en + + https://wiki.debian.org/BootUsbWithGrubRescue#mini.iso + + https://unix.stackexchange.com/questions/219994/how-to-edit-debian-installer-boot-paramaters + + https://wiki.syslinux.org/wiki/index.php?title=Isolinux.cfg + + https://wiki.debian.org/DebianInstaller/Remote + + https://www.debian.org/doc/manuals/debian-handbook/sect.automated-installation.it.html ++ Minimal Install + + https://old.reddit.com/r/debian/comments/6zya8v/debian_without_the_bloat/dmz2uhz/ + + https://wiki.debian.org/Debootstrap + + http://forums.debian.net/viewtopic.php?f=5&t=96146 + + https://wiki.debian.org/Proposals/EssentialOnDiet + + https://wiki.debian.org/BusterPriorityRequalification + + https://wiki.debian.org/Teams/Dpkg/Spec/ProtectedField?action=show&redirect=Teams%2FDpkg%2FSpec%2FImportantField + + diff --git a/custom/install_base_packages.sh b/custom/install_base_packages.sh new file mode 100755 index 0000000..c8c83cc --- /dev/null +++ b/custom/install_base_packages.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +if [ $(id -u) -ne 0 ]; then + echo "This script should be run as root. Aborting..." > /dev/stderr + exit 1 +fi + +apt-get update + +apt-get install software-properties-common python3-pip + diff --git a/custom/install_docker-compose.sh b/custom/install_docker-compose.sh new file mode 100755 index 0000000..f2b7a50 --- /dev/null +++ b/custom/install_docker-compose.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +set -eu + +if [ $(id -u) -ne 0 ]; then + echo "This script should be run as root. Aborting..." > /dev/stderr + exit 1 +fi + +echo "Updating apt package index..." +apt-get update > /dev/null + +echo "Installing dependencies..." +apt-get -q -y -o Dpkg::Use-Pty=0 install python3-pip + +echo "Installing docker-compose via pip..." +pip3 install -q docker-compose + +echo "Done." +exit 0 diff --git a/custom/install_docker.sh b/custom/install_docker.sh new file mode 100755 index 0000000..e40c4a3 --- /dev/null +++ b/custom/install_docker.sh @@ -0,0 +1,64 @@ +#!/bin/sh + +set -eu + +if [ $(id -u) -ne 0 ]; then + echo "This script should be run as root. Aborting..." > /dev/stderr + exit 1 +fi + +SUPPORTED_ARCH="amd64 armhf arm64" +ARCH=$(dpkg --print-architecture) + +echo "Checking system architecture..." +if echo $SUPPORTED_ARCH | grep -w $ARCH > /dev/null; then + echo "Architecture ${ARCH} supported." +else + echo "Architecture ${ARCH} not supported! Aborting..." + exit 1 +fi + +# REPO SETUP + +# Update the apt package index and install packages to allow apt to use a +# repository over HTTPS: +echo "Updating apt package index..." +apt-get update > /dev/null + +echo "Installing prerequisites..." +apt-get -q -y -o Dpkg::Use-Pty=0 install \ + apt-transport-https \ + ca-certificates \ + curl \ + gnupg-agent \ + software-properties-common + +# Add Docker’s official GPG key: +echo "Adding Docker's repo key..." +curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - + +# Verify that you now have the key with the fingerprint +# 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88, by searching for the last +# 8 characters of the fingerprint. +apt-key fingerprint 0EBFCD88 + +# Use the following command to set up the stable repository. To add the +# nightly or test repository, add the word nightly or test (or both) after +# the word stable in the commands below. +echo "Adding Docker repo..." +add-apt-repository \ + "deb [arch=${ARCH}] https://download.docker.com/linux/debian \ + $(lsb_release -cs) \ + stable" + +# INSTALLATION + +# Update the apt package index, and install the latest version of Docker Engine +# and containerd, or go to the next step to install a specific version: +echo "Updating apt package index again..." +apt-get update > /dev/null +echo "Installing Docker..." +apt-get -q -y -o Dpkg::Use-Pty=0 install docker-ce docker-ce-cli containerd.io + +echo "Done." +exit 0 diff --git a/custom/main.sh b/custom/main.sh new file mode 100755 index 0000000..4104279 --- /dev/null +++ b/custom/main.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +if [ $(id -u) -ne 0 ]; then + echo "This script should be run as root. Aborting..." > /dev/stderr + exit 1 +fi + +SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" + +eval "${SCRIPTPATH}/install_packages.sh" +eval "${SCRIPTPATH}/install_docker.sh" +eval "${SCRIPTPATH}/install_docker_compose.sh" diff --git a/preseed/preseed.cfg b/preseed/preseed.cfg new file mode 100644 index 0000000..02c4fc1 --- /dev/null +++ b/preseed/preseed.cfg @@ -0,0 +1,467 @@ +#_preseed_V1 +#### Contents of the preconfiguration file (for buster) +### Localization +# Preseeding only locale sets language, country and locale. +#d-i debian-installer/locale string it_IT + +# The values can also be preseeded individually for greater flexibility. +d-i debian-installer/language string it +d-i debian-installer/country string IT +d-i debian-installer/locale string it_IT.UTF-8 +# Optionally specify additional locales to be generated. +#d-i localechooser/supported-locales multiselect en_US.UTF-8 + +# Keyboard selection. +# Usare Ctrl+Alt+Backspace per terminare il server X? +d-i keyboard-configuration/ctrl_alt_bksp boolean true + +d-i keyboard-configuration/modelcode string pc105 +d-i keyboard-configuration/toggle select No toggling +d-i keyboard-configuration/altgr select The default for the keyboard layout +d-i keyboard-configuration/layoutcode string it +d-i keyboard-configuration/variant select Italiana +d-i keyboard-configuration/compose select No compose key +d-i keyboard-configuration/switch select No temporary switch +d-i console-setup/variantcode string qwerty +d-i keyboard-configuration/model select Generic 105-key PC (intl.) +d-i keyboard-configuration/xkb-keymap select it + +# What a pain... after moths I have discevered that if you want this to work +# the packages "console-setup" and "keyboard-configuration" are mandatory. +# But I don't understand why since that with the manual install (with the +# preseed included) everything goes fine. +# Analyzing the `debconf-get-selections --installer` of my laptop which had +# a manual installation (without preseed included) I see this pattern that +# seems to reflect some sort of lazy hack to make only the manual install +# work as expected; basically these 4 lines below are littered around the +# preseed file in order to (I guess) to forcefully prevent the installer to +# roll back to the US layout. +d-i keyboard-configuration/unsupported_config_options boolean true +d-i keyboard-configuration/unsupported_config_layout boolean true +d-i keyboard-configuration/unsupported_layout boolean true +d-i keyboard-configuration/unsupported_options boolean true + +### Network configuration +# Disable network configuration entirely. This is useful for cdrom +# installations on non-networked devices where the network questions, +# warning and long timeouts are a nuisance. +#d-i netcfg/enable boolean false + +# netcfg will choose an interface that has link if possible. This makes it +# skip displaying a list if there is more than one interface. +d-i netcfg/choose_interface select auto + +# To pick a particular interface instead: +#d-i netcfg/choose_interface select eth1 + +# To set a different link detection timeout (default is 3 seconds). +# Values are interpreted as seconds. +#d-i netcfg/link_wait_timeout string 10 + +# If you have a slow dhcp server and the installer times out waiting for +# it, this might be useful. +#d-i netcfg/dhcp_timeout string 60 +#d-i netcfg/dhcpv6_timeout string 60 + +# If you prefer to configure the network manually, uncomment this line and +# the static network configuration below. +#d-i netcfg/disable_autoconfig boolean true + +# If you want the preconfiguration file to work on systems both with and +# without a dhcp server, uncomment these lines and the static network +# configuration below. +#d-i netcfg/dhcp_failed note +#d-i netcfg/dhcp_options select Configure network manually + +# Static network configuration. +# +# IPv4 example +#d-i netcfg/get_ipaddress string 192.168.1.42 +#d-i netcfg/get_netmask string 255.255.255.0 +#d-i netcfg/get_gateway string 192.168.1.1 +#d-i netcfg/get_nameservers string 192.168.1.1 +#d-i netcfg/confirm_static boolean true +# +# IPv6 example +#d-i netcfg/get_ipaddress string fc00::2 +#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff:: +#d-i netcfg/get_gateway string fc00::1 +#d-i netcfg/get_nameservers string fc00::1 +#d-i netcfg/confirm_static boolean true + +# Any hostname and domain names assigned from dhcp take precedence over +# values set here. However, setting the values still prevents the questions +# from being shown, even if values come from dhcp. +d-i netcfg/get_hostname string debian-test +d-i netcfg/get_domain string dominio-test + +# If you want to force a hostname, regardless of what either the DHCP +# server returns or what the reverse DNS entry for the IP is, uncomment +# and adjust the following line. +#d-i netcfg/hostname string somehost + +# Disable that annoying WEP key dialog. +d-i netcfg/wireless_wep string +# The wacky dhcp hostname that some ISPs use as a password of sorts. +#d-i netcfg/dhcp_hostname string radish + +# If non-free firmware is needed for the network or other hardware, you can +# configure the installer to always try to load it, without prompting. Or +# change to false to disable asking. +d-i hw-detect/load_firmware boolean true + +### Network console +# Use the following settings if you wish to make use of the network-console +# component for remote installation over SSH. This only makes sense if you +# intend to perform the remainder of the installation manually. +#d-i anna/choose_modules string network-console +#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key +#d-i network-console/password password r00tme +#d-i network-console/password-again password r00tme + +### Mirror settings +# If you select ftp, the mirror/country string does not need to be set. +#d-i mirror/protocol string ftp +d-i mirror/country string manual +d-i mirror/http/hostname string debian.mirror.garr.it +d-i mirror/http/directory string /debian +d-i mirror/http/proxy string + +# Suite to install. +#d-i mirror/suite string sid +# Suite to use for loading installer components (optional). +#d-i mirror/udeb/suite string sid + +### Account setup +# Skip creation of a root account (normal user account will be able to +# use sudo). +d-i passwd/root-login boolean false +# Alternatively, to skip creation of a normal user account. +#d-i passwd/make-user boolean false + +# Root password, either in clear text +#d-i passwd/root-password password r00tme +#d-i passwd/root-password-again password r00tme +# or encrypted using a crypt(3) hash. +#d-i passwd/root-password-crypted password [crypt(3) hash] + +# To create a normal user account. +d-i passwd/user-fullname string Meli +d-i passwd/username string meli +# Normal user's password, either in clear text +#d-i passwd/user-password password insecure +#d-i passwd/user-password-again password insecure +# or encrypted using a crypt(3) hash. +d-i passwd/user-password-crypted password $6$SmihMODnNymjr40/$YAkRABY.qE8tOjXmg0Z6X5e.mdLOUsUseNaPwaLyCjK17LzV/NLE3IfcmkQgwGjBeeQ7peGEfurqe.SBY7JHU1 +# Create the first user with the specified UID instead of the default. +#d-i passwd/user-uid string 1010 + +# The user account will be added to some standard initial groups. To +# override that, use this. +#d-i passwd/user-default-groups string audio cdrom video + +### Clock and time zone setup +# Controls whether or not the hardware clock is set to UTC. +d-i clock-setup/utc boolean true + +# You may set this to any valid setting for $TZ; see the contents of +# /usr/share/zoneinfo/ for valid values. +d-i time/zone string Europe/Rome + +# Controls whether to use NTP to set the clock during the install +d-i clock-setup/ntp boolean true +# NTP server to use. The default is almost always fine here. +#d-i clock-setup/ntp-server string ntp.example.com + +### Partitioning +## Partitioning example +# If the system has free space you can choose to only partition that space. +# This is only honoured if partman-auto/method (below) is not set. +#d-i partman-auto/init_automatically_partition select biggest_free + +# Alternatively, you may specify a disk to partition. If the system has only +# one disk the installer will default to using that, but otherwise the device +# name must be given in traditional, non-devfs format (so e.g. /dev/sda +# and not e.g. /dev/discs/disc0/disc). +# For example, to use the first SCSI/SATA hard disk: +#d-i partman-auto/disk string /dev/sda +# In addition, you'll need to specify the method to use. +# The presently available methods are: +# - regular: use the usual partition types for your architecture +# - lvm: use LVM to partition the disk +# - crypto: use LVM within an encrypted partition +d-i partman-auto/method string lvm + +# You can define the amount of space that will be used for the LVM volume +# group. It can either be a size with its unit (eg. 20 GB), a percentage of +# free space or the 'max' keyword. +d-i partman-auto-lvm/guided_size string max + +# If one of the disks that are going to be automatically partitioned +# contains an old LVM configuration, the user will normally receive a +# warning. This can be preseeded away... +d-i partman-lvm/device_remove_lvm boolean true +# The same applies to pre-existing software RAID array: +d-i partman-md/device_remove_md boolean true +# And the same goes for the confirmation to write the lvm partitions. +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +# You can choose one of the three predefined partitioning recipes: +# - atomic: all files in one partition +# - home: separate /home partition +# - multi: separate /home, /var, and /tmp partitions +d-i partman-auto/choose_recipe select atomic + +# Or provide a recipe of your own... +# If you have a way to get a recipe file into the d-i environment, you can +# just point at it. +#d-i partman-auto/expert_recipe_file string /hd-media/recipe + +# If not, you can put an entire recipe into the preconfiguration file in one +# (logical) line. This example creates a small /boot partition, suitable +# swap, and uses the rest of the space for the root partition: +#d-i partman-auto/expert_recipe string \ +# boot-root :: \ +# 40 50 100 ext3 \ +# $primary{ } $bootable{ } \ +# method{ format } format{ } \ +# use_filesystem{ } filesystem{ ext3 } \ +# mountpoint{ /boot } \ +# . \ +# 500 10000 1000000000 ext3 \ +# method{ format } format{ } \ +# use_filesystem{ } filesystem{ ext3 } \ +# mountpoint{ / } \ +# . \ +# 64 512 300% linux-swap \ +# method{ swap } format{ } \ +# . + +# The full recipe format is documented in the file partman-auto-recipe.txt +# included in the 'debian-installer' package or available from D-I source +# repository. This also documents how to specify settings such as file +# system labels, volume group names and which physical devices to include +# in a volume group. + +# This makes partman automatically partition without confirmation, provided +# that you told it what to do using one of the methods above. +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +# When disk encryption is enabled, skip wiping the partitions beforehand. +#d-i partman-auto-crypto/erase_disks boolean false + +## Partitioning using RAID +# The method should be set to "raid". +#d-i partman-auto/method string raid +# Specify the disks to be partitioned. They will all get the same layout, +# so this will only work if the disks are the same size. +#d-i partman-auto/disk string /dev/sda /dev/sdb + +# Next you need to specify the physical partitions that will be used. +#d-i partman-auto/expert_recipe string \ +# multiraid :: \ +# 1000 5000 4000 raid \ +# $primary{ } method{ raid } \ +# . \ +# 64 512 300% raid \ +# method{ raid } \ +# . \ +# 500 10000 1000000000 raid \ +# method{ raid } \ +# . + +# Last you need to specify how the previously defined partitions will be +# used in the RAID setup. Remember to use the correct partition numbers +# for logical partitions. RAID levels 0, 1, 5, 6 and 10 are supported; +# devices are separated using "#". +# Parameters are: +# \ +# + +#d-i partman-auto-raid/recipe string \ +# 1 2 0 ext3 / \ +# /dev/sda1#/dev/sdb1 \ +# . \ +# 1 2 0 swap - \ +# /dev/sda5#/dev/sdb5 \ +# . \ +# 0 2 0 ext3 /home \ +# /dev/sda6#/dev/sdb6 \ +# . + +# For additional information see the file partman-auto-raid-recipe.txt +# included in the 'debian-installer' package or available from D-I source +# repository. + +# This makes partman automatically partition without confirmation. +d-i partman-md/confirm boolean true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +## Controlling how partitions are mounted +# The default is to mount by UUID, but you can also choose "traditional" to +# use traditional device names, or "label" to try filesystem labels before +# falling back to UUIDs. +#d-i partman/mount_style select uuid + +### Base system installation +# Configure APT to not install recommended packages by default. Use of this +# option can result in an incomplete system and should only be used by very +# experienced users. +#d-i base-installer/install-recommends boolean false + +# The kernel image (meta) package to be installed; "none" can be used if no +# kernel is to be installed. +#d-i base-installer/kernel/image string linux-image-686 + +### Apt setup +# You can choose to install non-free and contrib software. +d-i apt-setup/non-free boolean true +d-i apt-setup/contrib boolean true +# Uncomment this if you don't want to use a network mirror. +#d-i apt-setup/use_mirror boolean false +# Select which update services to use; define the mirrors to be used. +# Values shown below are the normal defaults. +#d-i apt-setup/services-select multiselect security, updates +#d-i apt-setup/security_host string security.debian.org + +# Additional repositories, local[0-9] available +#d-i apt-setup/local0/repository string \ +# http://local.server/debian stable main +#d-i apt-setup/local0/comment string local server +# Enable deb-src lines +#d-i apt-setup/local0/source boolean true +# URL to the public key of the local repository; you must provide a key or +# apt will complain about the unauthenticated repository and so the +# sources.list line will be left commented out +#d-i apt-setup/local0/key string http://local.server/key + +# By default the installer requires that repositories be authenticated +# using a known gpg key. This setting can be used to disable that +# authentication. Warning: Insecure, not recommended. +#d-i debian-installer/allow_unauthenticated boolean true + +# Uncomment this to add multiarch configuration for i386 +#d-i apt-setup/multiarch string i386 + + +### Package selection +#tasksel tasksel/first multiselect standard, ssh-server +#tasksel tasksel/first multiselect minimal +tasksel tasksel/first multiselect none + +# Individual additional packages to install +# Note: "console-setup" and "keyboard-configuration" are foundamental for +# keyboard configuration +d-i pkgsel/include string nano wget openssh-server console-setup keyboard-configuration +# Whether to upgrade packages after debootstrap. +# Allowed values: none, safe-upgrade, full-upgrade +#d-i pkgsel/upgrade select none + +# Some versions of the installer can report back on what software you have +# installed, and what software you use. The default is not to report back, +# but sending reports helps the project determine what software is most +# popular and include it on CDs. +popularity-contest popularity-contest/participate boolean false + +### Boot loader installation +# Grub is the default boot loader (for x86). If you want lilo installed +# instead, uncomment this: +#d-i grub-installer/skip boolean true +# To also skip installing lilo, and install no bootloader, uncomment this +# too: +#d-i lilo-installer/skip boolean true + + +# This is fairly safe to set, it makes grub install automatically to the MBR +# if no other operating system is detected on the machine. +d-i grub-installer/only_debian boolean true + +# This one makes grub-installer install to the MBR if it also finds some other +# OS, which is less safe as it might not be able to boot that other OS. +d-i grub-installer/with_other_os boolean true + +# Due notably to potential USB sticks, the location of the MBR can not be +# determined safely in general, so this needs to be specified: +d-i grub-installer/bootdev string /dev/sda +# To install to the first device (assuming it is not a USB stick): +#d-i grub-installer/bootdev string default + +# Alternatively, if you want to install to a location other than the mbr, +# uncomment and edit these lines: +#d-i grub-installer/only_debian boolean false +#d-i grub-installer/with_other_os boolean false +#d-i grub-installer/bootdev string (hd0,1) +# To install grub to multiple disks: +#d-i grub-installer/bootdev string (hd0,1) (hd1,1) (hd2,1) + +# Optional password for grub, either in clear text +#d-i grub-installer/password password r00tme +#d-i grub-installer/password-again password r00tme +# or encrypted using an MD5 hash, see grub-md5-crypt(8). +#d-i grub-installer/password-crypted password [MD5 hash] + +# Use the following option to add additional boot parameters for the +# installed system (if supported by the bootloader installer). +# Note: options passed to the installer will be added automatically. +#d-i debian-installer/add-kernel-opts string nousb + +### Finishing up the installation +# During installations from serial console, the regular virtual consoles +# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next +# line to prevent this. +#d-i finish-install/keep-consoles boolean true + +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +# This will prevent the installer from ejecting the CD during the reboot, +# which is useful in some situations. +#d-i cdrom-detect/eject boolean false + +# This is how to make the installer shutdown when finished, but not +# reboot into the installed system. +#d-i debian-installer/exit/halt boolean true +# This will power off the machine instead of just halting it. +d-i debian-installer/exit/poweroff boolean true + +### Preseeding other packages +# Depending on what software you choose to install, or if things go wrong +# during the installation process, it's possible that other questions may +# be asked. You can preseed those too, of course. To get a list of every +# possible question that could be asked during an install, do an +# installation, and then run these commands: +# debconf-get-selections --installer > file +# debconf-get-selections >> file + + +#### Advanced options +### Running custom commands during the installation +# d-i preseeding is inherently not secure. Nothing in the installer checks +# for attempts at buffer overflows or other exploits of the values of a +# preconfiguration file like this one. Only use preconfiguration files from +# trusted locations! To drive that home, and because it's generally useful, +# here's a way to run any shell command you'd like inside the installer, +# automatically. + +# This first command is run as early as possible, just after +# preseeding is read. +#d-i preseed/early_command string anna-install some-udeb +# This command is run immediately before the partitioner starts. It may be +# useful to apply dynamic partitioner preseeding that depends on the state +# of the disks (which may not be visible when preseed/early_command runs). +#d-i partman/early_command \ +# string debconf-set partman-auto/disk "$(list-devices disk | head -n1)" +# This command is run just before the install finishes, but when there is +# still a usable /target directory. You can chroot to /target and use it +# directly, or use the apt-install and in-target commands to easily install +# packages and run commands in the target system. +#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh + +d-i preseed/late_command string cp -r /cdrom/custom /target/srv/custom || cp -r /hd-media/custom /target/srv/custom || echo "boop" > /target/srv/asd.txt diff --git a/preseed/remote.cfg b/preseed/remote.cfg new file mode 100644 index 0000000..53306d1 --- /dev/null +++ b/preseed/remote.cfg @@ -0,0 +1,20 @@ +#_preseed_V1 +#### Contents of the preconfiguration file (for buster) +d-i debian-installer/language string it +d-i debian-installer/country string IT +d-i debian-installer/locale string it_IT.UTF-8 +d-i localechooser/supported-locales multiselect en_US.UTF-8 +d-i keyboard-configuration/xkb-keymap select it + +d-i netcfg/choose_interface select auto + +d-i anna/choose_modules string network-console +#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key +d-i network-console/password password r00tme +d-i network-console/password-again password r00tme + +d-i mirror/country string manual +d-i mirror/http/hostname string debian.mirror.garr.it +d-i mirror/http/directory string /debian +d-i mirror/http/proxy string + diff --git a/regeniso-sid.sh b/regeniso-sid.sh new file mode 100755 index 0000000..c2278ef --- /dev/null +++ b/regeniso-sid.sh @@ -0,0 +1,236 @@ +#!/bin/bash + +set -eu + +if [ "$#" -lt 1 ]; then + echo 'Need at least 1 parameter' + echo '-h for help' + exit 1 +fi + +if [ "$1" = "-h" ]; then + echo ' [dist] [arch] [mode] [boot]' + echo '' + echo 'Parameters:' + echo 'seed preseed file.' + echo 'img preferred image.' + echo 'dist preferred distribution.' + echo 'arch preferred architecture.' + echo 'mode whitch mode you want to automatically launch the installer.' + echo 'boot kernel boot options' + echo '' + echo 'List of supported values for each parameter and their defaults (*):' + echo 'seed must be a valid path of an existsing file.' + echo 'img netinst, netinst-mini*.' + echo 'dist sid, stable*, unstable, stretch, testing.' + echo 'arch amd64*, arm64, armhf, i386.' + echo 'mode none*, auto, expert.' + echo 'boot must be a set of valid kernel boot options' + exit 0 +fi + +if [ -z "$1" ]; then + echo 'Parameter 1 should not be empty or not set!' + echo 'Issue a valid path of a preseed file. Aborting...' + exit 1 +else + PRESEED_PATH=$1 +fi + +if [ -z "$2" ]; then + IMAGE="netinst-mini" +fi + +if [ -z "$3" ]; then + DIST="stable" +fi + +if [ -z "$4" ]; then + ARCH="amd64" +fi + +if [ -z "$5" ]; then + MODE="none" +fi + +if [ -f "$PRESEED_PATH" ] +then + echo "Preseed file '${PRESEED_PATH}' found." +else + echo "Preseed file '${PRESEED_PATH}' not found. Aborting..." + exit 1 +fi + +SUPPORTED_IMAGES="netinst netinst-mini" +IMAGE=$2 + +if echo "${SUPPORTED_IMAGES}" | grep -w "${IMAGE}" > /dev/null; then + echo "Image '${IMAGE}' supported" +else + echo "Image '${IMAGE}' not supported! Aborting..." + exit 1 +fi + +SUPPORTED_DIST="sid stable unstable stretch testing" +DIST=$3 + +if echo "${SUPPORTED_DIST}" | grep -w "${DIST}" > /dev/null; then + echo "Dist '${DIST}' supported" +else + echo "Dist '${DIST}' not supported! Aborting..." + exit 1 +fi + +SUPPORTED_ARCH="amd64 armhf arm64" +ARCH=$4 + +if echo "${SUPPORTED_ARCH}" | grep -w "${ARCH}" > /dev/null; then + echo "Architecture '${ARCH}' supported" +else + echo "Architecture '${ARCH}' not supported! Aborting..." + exit 1 +fi + +MIRROR="http://debian.mirror.garr.it" + +if [ "$IMAGE" == "netinst-mini" ]; then + IMG_URL="${MIRROR}/debian/dists/${DIST}/main/installer-${ARCH}/current/images/netboot/mini.iso" +else + if [ "$IMAGE" == "netinst" ]; then + IMG_URL="${MIRROR}/debian-cd/current/${ARCH}/iso-cd/debian-10.6.0-${ARCH}-${IMAGE}.iso" + else + echo "An error occurred in selecting the proper image. Aborting..." + exit 1 + fi +fi + +FILE_ISO="debian-${DIST}-${ARCH}-${IMAGE}.iso" +if [ -f "${FILE_ISO}" ] +then + echo "${FILE_ISO} found." +else + echo "${FILE_ISO} not found." + echo "Downloading..." + wget -O "${FILE_ISO}" "${IMG_URL}" +fi + +SUPPORTED_MODE="none auto expert" +MODE=$5 + +if echo "${SUPPORTED_MODE}" | grep -w "${MODE}" > /dev/null; then + echo "Mode '${MODE}' supported" +else + echo "Mode '${MODE}' not supported! Aborting..." + exit 1 +fi + +echo "Extracting..." +7z x -oisofiles "${FILE_ISO}" + +# Adding a Preseed File to the Initrd: +# You now have the directory isofiles with all the ISO's files in it. Make +# initrd.gz writable by the user, uncompress it and append a preseed file to +# the initrd. Recompress the initrd and return initrd.gz to its original +# read-only state. + +#wget -O isofiles/linux https://d-i.debian.org/daily-images/amd64/daily/netboot/debian-installer/amd64/linux +#wget -O isofiles/initrd.gz https://d-i.debian.org/daily-images/amd64/daily/netboot/debian-installer/amd64/initrd.gz + +cp "$PRESEED_PATH" preseed.cfg + +if [ "$IMAGE" == "netinst-mini" ]; then + ISOLINUX_PATH="" + + echo "Patching initrd.gz..." + gunzip isofiles/initrd.gz + echo preseed.cfg | cpio -H newc -o -A -F isofiles/initrd + gzip isofiles/initrd + + # Boot Parameters + echo "Patching boot parameters..." + if [ "$MODE" != "none" ]; then + sed -i "/default/c\default $5" isofiles/isolinux.cfg + sed -i '/prompt/c\prompt 1' isofiles/isolinux.cfg + sed -i '/timeout/c\timeout 50' isofiles/isolinux.cfg + fi + sed -i "/append priority=low/c\ append priority=low vga=788 initrd=initrd.gz $5 --- " isofiles/adtxt.cfg + sed -i "/append auto=true/c\ append auto=true priority=critical vga=788 initrd=initrd.gz $5 --- quiet " isofiles/adtxt.cfg +else + if [ "$IMAGE" == "netinst" ]; then + ISOLINUX_PATH="isolinux" + + if [ "$ARCH" == "amd64" ]; then + BUILD_ARCH="amd" + else + if [ "$ARCH" == "i386" ]; then + BUILD_ARCH="386" + else + echo "Unsupported arch in the building process. Aborting..." + exit 1 + fi + fi + + echo "Patching initrd.gz..." + gunzip isofiles/install.${BUILD_ARCH}/initrd.gz + echo preseed.cfg | cpio -H newc -o -A -F isofiles/install.${BUILD_ARCH}/initrd + gzip isofiles/install.${BUILD_ARCH}/initrd + + # Boot Parameters + echo "Patching boot parameters..." + if [ "$MODE" != "none" ]; then + sed -i "/default/c\default $5" isofiles/isolinux/isolinux.cfg + sed -i '/prompt/c\prompt 1' isofiles/isolinux/isolinux.cfg + sed -i '/timeout/c\timeout 50' isofiles/isolinux/isolinux.cfg + fi + sed -i "/append priority=low/c\ append priority=low vga=788 initrd=/install.${BUILD_ARCH}/initrd.gz $5 --- " isofiles/isolinux/adtxt.cfg + sed -i "/append auto=true/c\ append auto=true priority=critical vga=788 initrd=/install.${BUILD_ARCH}/initrd.gz $5 --- quiet " isofiles/isolinux/adtxt.cfg + else + echo "An error occurred in selecting the proper image for build process. Aborting..." + exit 1 + fi +fi + +# Import custom files into the ISO +cp -ar custom isofiles/custom || echo "[WARNING] Cannot import 'custom' folder." + +# Creating a New Bootable ISO Image: +# The following instructions suffice for i386 and amd64 in legacy BIOS mode. + + +# The example names get mapped to their roles here +orig_iso="$FILE_ISO" +new_files=isofiles +new_iso="preseed-${FILE_ISO}" +mbr_template=isohdpfx.bin + +# Extract MBR template file to disk +dd if="$orig_iso" bs=1 count=432 of="$mbr_template" + +# Create the new ISO image +# https://wiki.debian.org/RepackBootableISO#What_is_a_bootable_ISO_9660_image_.3F +echo "Generating patched iso image..." +xorriso -as mkisofs \ + -r -V "Debian $ARCH n" \ + -o "$new_iso" \ + -J -J -joliet-long -cache-inodes \ + -isohybrid-mbr "$mbr_template" \ + -b "${ISOLINUX_PATH}/isolinux.bin" \ + -c boot.cat \ + -boot-load-size 4 -boot-info-table -no-emul-boot \ + -eltorito-alt-boot \ + -e boot/grub/efi.img \ + -no-emul-boot -isohybrid-gpt-basdat -isohybrid-apm-hfsplus \ + "$new_files" + +#echo "Generating patched iso image..." +#genisoimage -r -J -b isolinux.bin -c boot.cat \ +# -no-emul-boot -boot-load-size 4 -boot-info-table \ +# -o "preseed-${FILE_ISO}" isofiles + +echo "Cleaning temporary files..." +rm -rf isofiles/ +rm preseed.cfg +rm isohdpfx.bin + +echo "Done." +exit 0 diff --git a/regeniso.sh b/regeniso.sh new file mode 100755 index 0000000..6195ac2 --- /dev/null +++ b/regeniso.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +7z x -oisofiles $1 + +# Adding a Preseed File to the Initrd: +# You now have the directory isofiles with all the ISO's files in it. Make +# initrd.gz writable by the user, uncompress it and append a preseed file to +# the initrd. Recompress the initrd and return initrd.gz to its original +# read-only state. + +# 386, amd +ARCH='amd' + +gunzip isofiles/install.${ARCH}/initrd.gz +echo preseed.cfg | cpio -H newc -o -A -F isofiles/install.${ARCH}/initrd +gzip isofiles/install.${ARCH}/initrd + +# Regenerating md5sum.txt: +# Note: A warning will be issued because `./debian` is a symlink to `.`; +# The production of md5sum.txt is unaffected. + +cd isofiles +chmod +w md5sum.txt +find -follow -type f ! -name md5sum.txt -print0 | xargs -0 md5sum > md5sum.txt +chmod -w md5sum.txt +cd .. + +# Creating a New Bootable ISO Image: +# The following instructions suffice for i386 and amd64 in legacy BIOS mode. + +genisoimage -r -J -b isolinux/isolinux.bin -c isolinux/boot.cat \ + -no-emul-boot -boot-load-size 4 -boot-info-table \ + -o preseed-$1 isofiles + +rm -rf isofiles/