You are not logged in.
Pages: 1
Hey guys, I just have a quick question. I am sure someone here will know the answer rather quickly.
So, I am trying to customize the ISO to suite my needs during crunch time when I have a down system and I need to restore or need all the necessary tools be available on hand. This includes a lot of custom bash scripts, etc that I need to have on the ISO itself.
Make a long story short, I know how to modify it and add my own scripts so that they're available upon boot.
What I would also like to do is change grub.cfg in such a way that I don't have to pass kernel parameters such as "vga=" at boot time, but rather hardcode it.
I edited \boot\grub\grub.cfg, made a new ISO but the changes do not show when I boot from my new ISO.
It seems to me that the grub.cfg file is indeed ignored, or rather loaded from elsewhere.
Any help would be greatly appreciated.
Thank you all.
Offline
I think I just answered by own question. I did not realize my hardware was running in Legacy mode, not EFI, so changing the \boot\grub\grub.cfg file was never read.
If anyone runs into this, you have to go and change the \isolinux\isolinux.cfg file instead.
Offline
Thanks for the tips.
If anyone knows how to create an Iso in legacy bios that also boots in efi would be much appreciated.
Offline
I know two ways to make a live-iso that boots legacy bios or uefi.
1. live-sdk https://dev1galaxy.org/viewtopic.php?id=551
2. refractasnapshot https://refracta.org/docs/readme.refractasnapshot.txt
The latter is easier - it makes a bootable live-iso copy of your installed system. That could be a hardware install or a VM.
Offline
Hi fsmithred.
Thanks for this.
I managed to get a hybrid iso. Devuan detects that both grub-pc and grub-efi are needed and apt will keep both accordingly.
The install went smooth.
So the iso boots live in bios boot (grub-pc). But it identifies efi partitions and will actually with refracta installer preform both.
Prior when I booted in bios mode. efi grub would become un-needed and apt would want to remove it. Thus making a live iso from that running system would result in an ISO that only boots in bios mode. Where efi systems would be able to boot both so it was preferable when working on the live system to work on a UEFI system.
However, fortunately somehow the hybrid iso is working on a libreboot system. While doing efi installs is working quite well. So I endup with a live iso that can boot on almost any hardware without much issue. I can install grub-coreboot and it keeps grub-efi as well. You end up with a hybrid iso that can install MBR and GPT. on UEFI and legacy bios. Which is exactly what I was hoping to have.
Thank you fsmithred.
I stumbled onto encrypted persistence using snapshot tool. It made a iso that asked for luks password at boot but haven't ended up with once since. That'll be my next step when I get there! Also side note libreboot is adding luks2 support so it's getting a bit more versatile.
Also, adding XFS support on install is another feature I'd like to achieve with the live iso.
Last edited by czeekaj (2023-08-23 03:40:53)
Offline
czeekaj,
I recently changed something in refractasnapshot regarding encryption. In 10.3.0 (in daedalus) you can turn off the initrd check for encryption support because cryptsetup changed. There's no longer an option in /etc/initramfs-tools/initramfs.conf for CRYPTSETUP=y. I'm pretty sure this applies to Chimaera, too. Look in /etc/refractasnapshot.conf for more details.
Here's that section in the conf file:
# Change this to "no" (or comment it) to turn off all initrd checks.
# In Bookworm/Daedalus use this instead of initrd_crypt=yes
# if you want encrypted persistence. Make sure to have all necessary
# cryptsetup packages installed.
initramfs_checks="yes"
# Prepare the initrd to support encrypted volumes. Uncomment this
# if you plan to use the snapshot on a live usb with an encrypted
# persistent volume. This will edit /etc/cryptsetup-initramfs/conf-hook
# to set CRYPTSETUP=y (This does not work right in Bookworm/Daedalus)
#initrd_crypt="yes"
For xfs support you need to install something in the system, and it will be included in the snapshot. When it comes to installing with refractainstaller, pre-format your xfs partitions and tell the install not to format.
For multiple grub types, the way I deal with it is to have grub-efi-amd64 and efibootmgr installed, also all of the grub-*-bin packages installed, and then put the deb packages for grub-pc and grub-efi-ia32 in the root of the filesystem before you make the snapshot. If you boot in bios mode, the installer will ask if you want to copy grub-pc and install the bootloader. I don't know anything about grub-coreboot, but if it's a replacement for grub-pc, you could include the deb package and install it manually at the proper time or maybe edit the script to use it. (I'd have to look at my code to recall how/where to do that.)
Offline
Manually could I run while chrooted in for example:
dpkg -i /root/grub-coreboot.deb
grub-install /dev/sda
update-grub
Is that all it takes to do it manually? I believe grub-coreboot is just grub-pc but maybe just a few tweaks possibly maybe a few compatibility features. I am playing with a spare machine when I have time to work with everything at once.
In order to maybe implement grub-coreboot to automatically be used when coreboot is detected would take some some of check to verify the user is running coreboot bios. Which could require some creative check to see it. Might be simpler to just include the package in root directory. As grub-pc again works just fine to install. If there is an advantage to installing with grub-coreboot then manually might be quick enough anywho as it is very deliberate.
The required packages to have a encrypted snapshot? might be expected to work on a already encrypted system? Or specific packages needed for a live system to work? I don't know the specifics but I will play with it more when I get the chance.
I'll see how building an encrypted iso goes. I stumbled into it by accident in Ascii, My installer iso now is still on beowulf, but I did see the daedalus patch when I slowly try to upgrade. It takes time if I break something in upgrading to re-install of course.
Are you familiar with how the live ISO loads? As it's a hybrid iso with grub-efi and grub-pc installed. Does the bios decide which to boot than load grub essentially?
I am curious what modules the iso's grub might be loading by default if it differs on the live iso then the install or default devuan configuration. As libreboot will be removing several grub modules soon, I am curious what I would be looking to want loaded by default at a minimum from the normal devuan configuration file.
Apologies if it's a little off topic but I am curious how the live ISO sets up it's bootloader and if it's a typical grub config like a regular install? I noticed since chimaera os-prober is now disabled by default. Which is a good move.
Thanks again fsmithred
Last edited by czeekaj (2023-08-31 06:29:57)
Offline
Your grub-install code for grub-coreboot looks right. That's based on my reading the package description - it seems to be a replacement for grub-pc, grub-efi* and some others.
The motherboard settings (bios or uefi) determine what gets booted. If it's set for uefi, then it looks for a bootloader in the efi partition. If it's set for legacy bios, it looks at the mbr. In the case of the live-isos, there's an efi partition inside the iso with the uefi bootloader. For a bios boot, the live-isos use isolinux.
Here's a blend file for live-sdk. Starting on line 189 is the section that makes the uefi bootloader for the iso. There are a couple of places when grub modules get included.
https://git.devuan.org/devuan-sdk/live- … live.blend
The isolinux bootloader is configured in live-sdk/lib/libdevuansdk/zlibs/iso and adds (all?) modules from /usr/lib/syslinux/modules/bios.
You keep saying "encrypted snapshot" but I don't know if you can have the contents of the iso encrypted. You can have the iso ready to install an encrypted system, and you can have it ready to make a live-usb with encrypted persistence.
To install an encrypted system, you need cryptsetup, cryptsetup-bin, cryptsetup-run, cryptsetup-initramfs (that's the one that's usually missing) and whatever else comes in with those.
Offline
You keep saying "encrypted snapshot" but I don't know if you can have the contents of the iso encrypted. You can have the iso ready to install an encrypted system, and you can have it ready to make a live-usb with encrypted persistence.
To install an encrypted system, you need cryptsetup, cryptsetup-bin, cryptsetup-run, cryptsetup-initramfs (that's the one that's usually missing) and whatever else comes in with those.
I must of been talking about encrypted persistence on the live usb is all. Only use I see in it is maybe using GPG keys instead of passphrases. Then you can use a USB to decrypt your drive.
If you snapshot an encrypted system I see it saves fstab entries of Uuid of encrypted disk. So on boot it looks and trys to decrypt it. If it's there it will prompt for password in normal grub behavior. If you set gpg keys instead it would just unlock it. Maybe if it's setup right it'd work faster then decrypting it other ways.
Last edited by czeekaj (2023-09-17 09:27:56)
Offline
The use for encrypted persistence is so that nobody can steal your live-usb and read your personal files.
Using a usb to provide encryption keys for an installed system is a completely different but equally valid case.
Offline
So I have a live USB. It's an older system from beowulf 3.0
I am going to update it, but right now I can only install encrypted.
GRUB_ENABLE_CRYPTODISK=y
was set on original in /etc/default/grub. I tried setting to n and making a new iso from the live image but I think issue is initramfs is not updating when resquashing live image.
cryptsetup will wait for encrypted source device when I installed system unencrypted. I tried modifying grub defaults before installing but same behavior then it drops into initramfs. What would you recommend to solve this? I can work on liveiso. But in order to rebuild initramfs I'd need to have it installed and decrypted. Or get live-update-initramfs working. How to I make a usb read and write? Possibly add multiple OS support I saw is possible on one usb.
What is meant by nocrypt.sh script?
Last edited by czeekaj (2023-11-20 02:46:00)
Offline
Pages: 1