Skip to content

Instantly share code, notes, and snippets.

@sigmaris
Last active August 9, 2024 13:41
Show Gist options
  • Save sigmaris/dc1883f782d1ff5d74252bebf852ec50 to your computer and use it in GitHub Desktop.
Save sigmaris/dc1883f782d1ff5d74252bebf852ec50 to your computer and use it in GitHub Desktop.
Automate the installation of Debian Buster on a x86_64 QEMU 4.0.0 VM hosted on macOS
#!/bin/bash -e
if [ "$(uname -s)" != "Darwin" ]
then
echo "This script is for building a Debian x86_64 image to use on MacOS"
exit 1
fi
TEMP="$(mktemp -d build.XXXXX)"
cp preseed.cfg $TEMP
pushd $TEMP
AUTHORIZED_KEYS="$(ssh-add -L)"
if [ -n "$AUTHORIZED_KEYS" ]
then
echo "Pre-populating authorized_keys for image"
echo "$AUTHORIZED_KEYS" > authorized_keys
fi
ROOT_PASSWORD="$(openssl rand -base64 18)"
echo "vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv"
echo "==> Randomised root password is: $ROOT_PASSWORD <=="
echo "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"
CRYPTED_PASSWORD="$(openssl passwd -1 -salt xyz $ROOT_PASSWORD)"
echo "Running simple webserver on port 4321 for host files..."
PYTHON_PID=$(sh -c 'echo $$ ; exec >/dev/null 2>&1 ; exec python -m SimpleHTTPServer 4321' &)
echo "Running netcat to capture syslogs..."
NC_PID=$(sh -c 'echo $$ ; exec > ../installer.log 2>&1 ; exec nc -ul 10514' &)
echo "Downloading Debian Buster x86_64 netboot installer..."
curl --location --output netboot.tar.gz https://deb.debian.org/debian/dists/buster/main/installer-amd64/current/images/netboot/netboot.tar.gz
mkdir -p tftpserver
pushd tftpserver
tar xzvf ../netboot.tar.gz
echo "Customising network boot parameters..."
cat > debian-installer/amd64/pxelinux.cfg/default <<EOF
serial 0
prompt 0
default autoinst
label autoinst
kernel debian-installer/amd64/linux
append initrd=debian-installer/amd64/initrd.gz auto=true priority=critical passwd/root-password-crypted=$CRYPTED_PASSWORD DEBIAN_FRONTEND=text url=http://10.0.2.2:4321/preseed.cfg log_host=10.0.2.2 log_port=10514 --- console=ttyS0
EOF
popd
echo "Creating disk image for Debian Buster x86_64..."
qemu-img create -f qcow2 ../debian.qcow 4G
echo "Running Debian Installer..."
qemu-system-x86_64 \
-machine accel=hvf \
-cpu host \
-hda ../debian.qcow \
-netdev user,id=net0,net=10.0.2.0/24,hostname=bustervm,domainname=localdomain,tftp=tftpserver,bootfile=/pxelinux.0 \
-device e1000,netdev=net0,mac=52:54:98:76:54:32 \
-boot once=n \
-m 512 \
-nographic
echo "Removing temporary directory $TEMP ..."
popd
rm -rf $TEMP
echo "Cleaning up processes..."
kill $PYTHON_PID
kill $NC_PID
#_preseed_V1
#### Contents of the preconfiguration file (for buster)
### Localization
# Preseeding only locale sets language, country and locale.
d-i debian-installer/locale string en_US
# Keyboard selection.
d-i keyboard-configuration/xkb-keymap select us
# d-i keyboard-configuration/toggle select No toggling
# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select auto
# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string bustervm
d-i netcfg/get_domain string localdomain
### Mirror settings
# If you select ftp, the mirror/country string does not need to be set.
#d-i mirror/protocol string ftp
d-i mirror/country string manual
d-i mirror/http/hostname string http.us.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
# Suite to install.
d-i mirror/suite string buster
### Account setup
# Skip creation of a root account (normal user account will be able to
# use sudo).
#d-i passwd/root-login boolean false
# Alternatively, to skip creation of a normal user account.
d-i passwd/make-user boolean false
### Clock and time zone setup
# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true
# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string Europe/London
# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
# NTP server to use. The default is almost always fine here.
#d-i clock-setup/ntp-server string ntp.example.com
### Partitioning
## Partitioning example
# Alternatively, you may specify a disk to partition. If the system has only
# one disk the installer will default to using that, but otherwise the device
# name must be given in traditional, non-devfs format (so e.g. /dev/sda
# and not e.g. /dev/discs/disc0/disc).
# For example, to use the first SCSI/SATA hard disk:
d-i partman-auto/disk string /dev/sda
# In addition, you'll need to specify the method to use.
# The presently available methods are:
# - regular: use the usual partition types for your architecture
# - lvm: use LVM to partition the disk
# - crypto: use LVM within an encrypted partition
d-i partman-auto/method string regular
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...
d-i partman-lvm/device_remove_lvm boolean true
# The same applies to pre-existing software RAID array:
d-i partman-md/device_remove_md boolean true
# And the same goes for the confirmation to write the lvm partitions.
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home: separate /home partition
# - multi: separate /home, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic
# This makes partman automatically partition without confirmation.
d-i partman-md/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
### Apt setup
# You can choose to install non-free and contrib software.
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
### Package selection
# Individual additional packages to install, customise this for your needs
d-i pkgsel/include string binfmt-support build-essential debian-keyring debootstrap git openssh-server qemu-user-static parted vim
### Boot loader installation
# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
d-i grub-installer/only_debian boolean true
# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
d-i grub-installer/with_other_os boolean true
# Due notably to potential USB sticks, the location of the MBR can not be
# determined safely in general, so this needs to be specified:
d-i grub-installer/bootdev string /dev/sda
# To install to the first device (assuming it is not a USB stick):
#d-i grub-installer/bootdev string default
### Finishing up the installation
# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note
# This is how to make the installer shutdown when finished, but not
# reboot into the installed system.
#d-i debian-installer/exit/halt boolean true
# This will power off the machine instead of just halting it.
d-i debian-installer/exit/poweroff boolean true
### Preseeding other packages
# Linux default command line:
grub-pc grub2/linux_cmdline_default string
# GRUB timeout; for internal use
grub-pc grub-pc/timeout string 1
#### Advanced options
### Running custom commands during the installation
# d-i preseeding is inherently not secure. Nothing in the installer checks
# for attempts at buffer overflows or other exploits of the values of a
# preconfiguration file like this one. Only use preconfiguration files from
# trusted locations! To drive that home, and because it's generally useful,
# here's a way to run any shell command you'd like inside the installer,
# automatically.
# This first command is run as early as possible, just after
# preseeding is read.
#d-i preseed/early_command string anna-install some-udeb
# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
#d-i partman/early_command \
# string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
d-i preseed/late_command string in-target mkdir /root/.ssh ; in-target chmod 0700 /root/.ssh ; in-target wget -O /root/.ssh/authorized_keys http://10.0.2.2:4321/authorized_keys
@createyourpersonalaccount

Thanks for this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment