Skip to content

Instantly share code, notes, and snippets.

@ecnepsnai

ecnepsnai/vyos.md

Last active November 10, 2022 04:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ecnepsnai/401feede2146459dce5477c6d9dcb51e to your computer and use it in GitHub Desktop.
Save ecnepsnai/401feede2146459dce5477c6d9dcb51e to your computer and use it in GitHub Desktop.
Download ZIP
Build VyOS with custom package
Raw
vyos.md

Build VyOS with Custom Packages

VyOS allows you to include custom packages when an image is built.

Requirements

  • Debian packages compiled for the correct kernel release matching the VyOS release (I.E. don't use Ubuntu packages)
  • A GPG key. Any old key will do, because just like GPG itself - it doesn't really matter.

Sign and serve the packages

Sign the packages and generate release files, and sign those as well.

debsigs --sign=origin -k ${KEY_ID} foo.deb
apt-ftparchive packages . > Packages
apt-ftparchive release . > Release
gpg -a --yes --clearsign --output InRelease --detach-sign Release

Because of how VyOS is built in a chrooted environment, it's easier to just spin up a local webserver that serves your packages.

python3 -m http.server 8080 &

Build the Image

When configuring the build, you need to provide a path to a file containing the public key of the gpg key that signed the packages.

You can specify --custom-package multiple times to install multiple custom packages.

sudo ./build-vyos-image --architecture amd64 \
    --build-by foo@bar.com \
    --custom-apt-entry 'deb [truested=yes] http://localhost:8080 ./' \
    --custom-apt-key ${PATH_TO_PUBLIC_KEY_FILE} \
    --custom-package ${PACKAGE_NAME} \
    iso
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment