sigmaris/build_qemu_debian_image.sh

## build_qemu_debian_image.sh
#!/bin/bash -e

if [ "$(uname -s)" != "Darwin" ]
then
	echo "This script is for building a Debian x86_64 image to use on MacOS"
	exit 1
fi

TEMP="$(mktemp -d build.XXXXX)"
cp preseed.cfg $TEMP
pushd $TEMP

AUTHORIZED_KEYS="$(ssh-add -L)"
if [ -n "$AUTHORIZED_KEYS" ]
then
	echo "Pre-populating authorized_keys for image"
	echo "$AUTHORIZED_KEYS" > authorized_keys
fi

ROOT_PASSWORD="$(openssl rand -base64 18)"
echo "vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv"
echo "==> Randomised root password is: $ROOT_PASSWORD <=="
echo "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"
CRYPTED_PASSWORD="$(openssl passwd -1 -salt xyz $ROOT_PASSWORD)"

echo "Running simple webserver on port 4321 for host files..."
PYTHON_PID=$(sh -c 'echo $$ ; exec >/dev/null 2>&1 ; exec python -m SimpleHTTPServer 4321' &)

echo "Running netcat to capture syslogs..."
NC_PID=$(sh -c 'echo $$ ; exec > ../installer.log 2>&1 ; exec nc -ul 10514' &)

echo "Downloading Debian Buster x86_64 netboot installer..."
curl --location --output netboot.tar.gz https://deb.debian.org/debian/dists/buster/main/installer-amd64/current/images/netboot/netboot.tar.gz
mkdir -p tftpserver
pushd tftpserver
tar xzvf ../netboot.tar.gz

echo "Customising network boot parameters..."
cat > debian-installer/amd64/pxelinux.cfg/default <<EOF
serial 0
prompt 0
default autoinst
label autoinst
kernel debian-installer/amd64/linux
append initrd=debian-installer/amd64/initrd.gz auto=true priority=critical passwd/root-password-crypted=$CRYPTED_PASSWORD DEBIAN_FRONTEND=text url=http://10.0.2.2:4321/preseed.cfg log_host=10.0.2.2 log_port=10514 --- console=ttyS0
EOF
popd

echo "Creating disk image for Debian Buster x86_64..."
qemu-img create -f qcow2 ../debian.qcow 4G

echo "Running Debian Installer..."
qemu-system-x86_64 \
	-machine accel=hvf \
	-cpu host \
	-hda ../debian.qcow \
	-netdev user,id=net0,net=10.0.2.0/24,hostname=bustervm,domainname=localdomain,tftp=tftpserver,bootfile=/pxelinux.0 \
	-device e1000,netdev=net0,mac=52:54:98:76:54:32 \
	-boot once=n \
	-m 512 \
	-nographic

echo "Removing temporary directory $TEMP ..."
popd
rm -rf $TEMP

echo "Cleaning up processes..."
kill $PYTHON_PID
kill $NC_PID

## preseed.cfg
#_preseed_V1
#### Contents of the preconfiguration file (for buster)
### Localization
# Preseeding only locale sets language, country and locale.
d-i debian-installer/locale string en_US

# Keyboard selection.
d-i keyboard-configuration/xkb-keymap select us
# d-i keyboard-configuration/toggle select No toggling

# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select auto

# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string bustervm
d-i netcfg/get_domain string localdomain

### Mirror settings
# If you select ftp, the mirror/country string does not need to be set.
#d-i mirror/protocol string ftp
d-i mirror/country string manual
d-i mirror/http/hostname string http.us.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string

# Suite to install.
d-i mirror/suite string buster

### Account setup
# Skip creation of a root account (normal user account will be able to
# use sudo).
#d-i passwd/root-login boolean false
# Alternatively, to skip creation of a normal user account.
d-i passwd/make-user boolean false

### Clock and time zone setup
# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true

# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string Europe/London

# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
# NTP server to use. The default is almost always fine here.
#d-i clock-setup/ntp-server string ntp.example.com

### Partitioning
## Partitioning example

# Alternatively, you may specify a disk to partition. If the system has only
# one disk the installer will default to using that, but otherwise the device
# name must be given in traditional, non-devfs format (so e.g. /dev/sda
# and not e.g. /dev/discs/disc0/disc).
# For example, to use the first SCSI/SATA hard disk:
d-i partman-auto/disk string /dev/sda
# In addition, you'll need to specify the method to use.
# The presently available methods are:
# - regular: use the usual partition types for your architecture
# - lvm:     use LVM to partition the disk
# - crypto:  use LVM within an encrypted partition
d-i partman-auto/method string regular

# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...
d-i partman-lvm/device_remove_lvm boolean true
# The same applies to pre-existing software RAID array:
d-i partman-md/device_remove_md boolean true
# And the same goes for the confirmation to write the lvm partitions.
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true

# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home:   separate /home partition
# - multi:  separate /home, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic

# This makes partman automatically partition without confirmation.
d-i partman-md/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true

### Apt setup
# You can choose to install non-free and contrib software.
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true

### Package selection

# Individual additional packages to install, customise this for your needs
d-i pkgsel/include string binfmt-support build-essential debian-keyring debootstrap git openssh-server qemu-user-static parted vim

### Boot loader installation

# This is fairly safe to set, it makes grub install automatically to the MBR
# if no other operating system is detected on the machine.
d-i grub-installer/only_debian boolean true

# This one makes grub-installer install to the MBR if it also finds some other
# OS, which is less safe as it might not be able to boot that other OS.
d-i grub-installer/with_other_os boolean true

# Due notably to potential USB sticks, the location of the MBR can not be
# determined safely in general, so this needs to be specified:
d-i grub-installer/bootdev  string /dev/sda
# To install to the first device (assuming it is not a USB stick):
#d-i grub-installer/bootdev  string default

### Finishing up the installation

# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note

# This is how to make the installer shutdown when finished, but not
# reboot into the installed system.
#d-i debian-installer/exit/halt boolean true
# This will power off the machine instead of just halting it.
d-i debian-installer/exit/poweroff boolean true

### Preseeding other packages

# Linux default command line:
grub-pc grub2/linux_cmdline_default string
# GRUB timeout; for internal use
grub-pc grub-pc/timeout string 1

#### Advanced options
### Running custom commands during the installation
# d-i preseeding is inherently not secure. Nothing in the installer checks
# for attempts at buffer overflows or other exploits of the values of a
# preconfiguration file like this one. Only use preconfiguration files from
# trusted locations! To drive that home, and because it's generally useful,
# here's a way to run any shell command you'd like inside the installer,
# automatically.

# This first command is run as early as possible, just after
# preseeding is read.
#d-i preseed/early_command string anna-install some-udeb
# This command is run immediately before the partitioner starts. It may be
# useful to apply dynamic partitioner preseeding that depends on the state
# of the disks (which may not be visible when preseed/early_command runs).
#d-i partman/early_command \
#       string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
# This command is run just before the install finishes, but when there is
# still a usable /target directory. You can chroot to /target and use it
# directly, or use the apt-install and in-target commands to easily install
# packages and run commands in the target system.
d-i preseed/late_command string in-target mkdir /root/.ssh ; in-target chmod 0700 /root/.ssh ; in-target wget -O /root/.ssh/authorized_keys http://10.0.2.2:4321/authorized_keys
	#!/bin/bash -e

	if [ "$(uname -s)" != "Darwin" ]
	then
	echo "This script is for building a Debian x86_64 image to use on MacOS"
	exit 1
	fi

	TEMP="$(mktemp -d build.XXXXX)"
	cp preseed.cfg $TEMP
	pushd $TEMP

	AUTHORIZED_KEYS="$(ssh-add -L)"
	if [ -n "$AUTHORIZED_KEYS" ]
	then
	echo "Pre-populating authorized_keys for image"
	echo "$AUTHORIZED_KEYS" > authorized_keys
	fi

	ROOT_PASSWORD="$(openssl rand -base64 18)"
	echo "vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv"
	echo "==> Randomised root password is: $ROOT_PASSWORD <=="
	echo "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"
	CRYPTED_PASSWORD="$(openssl passwd -1 -salt xyz $ROOT_PASSWORD)"

	echo "Running simple webserver on port 4321 for host files..."
	PYTHON_PID=$(sh -c 'echo $$ ; exec >/dev/null 2>&1 ; exec python -m SimpleHTTPServer 4321' &)

	echo "Running netcat to capture syslogs..."
	NC_PID=$(sh -c 'echo $$ ; exec > ../installer.log 2>&1 ; exec nc -ul 10514' &)

	echo "Downloading Debian Buster x86_64 netboot installer..."
	curl --location --output netboot.tar.gz https://deb.debian.org/debian/dists/buster/main/installer-amd64/current/images/netboot/netboot.tar.gz
	mkdir -p tftpserver
	pushd tftpserver
	tar xzvf ../netboot.tar.gz

	echo "Customising network boot parameters..."
	cat > debian-installer/amd64/pxelinux.cfg/default <<EOF
	serial 0
	prompt 0
	default autoinst
	label autoinst
	kernel debian-installer/amd64/linux
	append initrd=debian-installer/amd64/initrd.gz auto=true priority=critical passwd/root-password-crypted=$CRYPTED_PASSWORD DEBIAN_FRONTEND=text url=http://10.0.2.2:4321/preseed.cfg log_host=10.0.2.2 log_port=10514 --- console=ttyS0
	EOF
	popd

	echo "Creating disk image for Debian Buster x86_64..."
	qemu-img create -f qcow2 ../debian.qcow 4G

	echo "Running Debian Installer..."
	qemu-system-x86_64 \
	-machine accel=hvf \
	-cpu host \
	-hda ../debian.qcow \
	-netdev user,id=net0,net=10.0.2.0/24,hostname=bustervm,domainname=localdomain,tftp=tftpserver,bootfile=/pxelinux.0 \
	-device e1000,netdev=net0,mac=52:54:98:76:54:32 \
	-boot once=n \
	-m 512 \
	-nographic

	echo "Removing temporary directory $TEMP ..."
	popd
	rm -rf $TEMP

	echo "Cleaning up processes..."
	kill $PYTHON_PID
	kill $NC_PID
	#_preseed_V1
	#### Contents of the preconfiguration file (for buster)
	### Localization
	# Preseeding only locale sets language, country and locale.
	d-i debian-installer/locale string en_US

	# Keyboard selection.
	d-i keyboard-configuration/xkb-keymap select us
	# d-i keyboard-configuration/toggle select No toggling

	# netcfg will choose an interface that has link if possible. This makes it
	# skip displaying a list if there is more than one interface.
	d-i netcfg/choose_interface select auto

	# Any hostname and domain names assigned from dhcp take precedence over
	# values set here. However, setting the values still prevents the questions
	# from being shown, even if values come from dhcp.
	d-i netcfg/get_hostname string bustervm
	d-i netcfg/get_domain string localdomain

	### Mirror settings
	# If you select ftp, the mirror/country string does not need to be set.
	#d-i mirror/protocol string ftp
	d-i mirror/country string manual
	d-i mirror/http/hostname string http.us.debian.org
	d-i mirror/http/directory string /debian
	d-i mirror/http/proxy string

	# Suite to install.
	d-i mirror/suite string buster

	### Account setup
	# Skip creation of a root account (normal user account will be able to
	# use sudo).
	#d-i passwd/root-login boolean false
	# Alternatively, to skip creation of a normal user account.
	d-i passwd/make-user boolean false

	### Clock and time zone setup
	# Controls whether or not the hardware clock is set to UTC.
	d-i clock-setup/utc boolean true

	# You may set this to any valid setting for $TZ; see the contents of
	# /usr/share/zoneinfo/ for valid values.
	d-i time/zone string Europe/London

	# Controls whether to use NTP to set the clock during the install
	d-i clock-setup/ntp boolean true
	# NTP server to use. The default is almost always fine here.
	#d-i clock-setup/ntp-server string ntp.example.com

	### Partitioning
	## Partitioning example

	# Alternatively, you may specify a disk to partition. If the system has only
	# one disk the installer will default to using that, but otherwise the device
	# name must be given in traditional, non-devfs format (so e.g. /dev/sda
	# and not e.g. /dev/discs/disc0/disc).
	# For example, to use the first SCSI/SATA hard disk:
	d-i partman-auto/disk string /dev/sda
	# In addition, you'll need to specify the method to use.
	# The presently available methods are:
	# - regular: use the usual partition types for your architecture
	# - lvm: use LVM to partition the disk
	# - crypto: use LVM within an encrypted partition
	d-i partman-auto/method string regular

	# If one of the disks that are going to be automatically partitioned
	# contains an old LVM configuration, the user will normally receive a
	# warning. This can be preseeded away...
	d-i partman-lvm/device_remove_lvm boolean true
	# The same applies to pre-existing software RAID array:
	d-i partman-md/device_remove_md boolean true
	# And the same goes for the confirmation to write the lvm partitions.
	d-i partman-lvm/confirm boolean true
	d-i partman-lvm/confirm_nooverwrite boolean true

	# You can choose one of the three predefined partitioning recipes:
	# - atomic: all files in one partition
	# - home: separate /home partition
	# - multi: separate /home, /var, and /tmp partitions
	d-i partman-auto/choose_recipe select atomic

	# This makes partman automatically partition without confirmation.
	d-i partman-md/confirm boolean true
	d-i partman-partitioning/confirm_write_new_label boolean true
	d-i partman/choose_partition select finish
	d-i partman/confirm boolean true
	d-i partman/confirm_nooverwrite boolean true

	### Apt setup
	# You can choose to install non-free and contrib software.
	d-i apt-setup/non-free boolean true
	d-i apt-setup/contrib boolean true

	### Package selection

	# Individual additional packages to install, customise this for your needs
	d-i pkgsel/include string binfmt-support build-essential debian-keyring debootstrap git openssh-server qemu-user-static parted vim

	### Boot loader installation

	# This is fairly safe to set, it makes grub install automatically to the MBR
	# if no other operating system is detected on the machine.
	d-i grub-installer/only_debian boolean true

	# This one makes grub-installer install to the MBR if it also finds some other
	# OS, which is less safe as it might not be able to boot that other OS.
	d-i grub-installer/with_other_os boolean true

	# Due notably to potential USB sticks, the location of the MBR can not be
	# determined safely in general, so this needs to be specified:
	d-i grub-installer/bootdev string /dev/sda
	# To install to the first device (assuming it is not a USB stick):
	#d-i grub-installer/bootdev string default

	### Finishing up the installation

	# Avoid that last message about the install being complete.
	d-i finish-install/reboot_in_progress note

	# This is how to make the installer shutdown when finished, but not
	# reboot into the installed system.
	#d-i debian-installer/exit/halt boolean true
	# This will power off the machine instead of just halting it.
	d-i debian-installer/exit/poweroff boolean true

	### Preseeding other packages

	# Linux default command line:
	grub-pc grub2/linux_cmdline_default string
	# GRUB timeout; for internal use
	grub-pc grub-pc/timeout string 1

	#### Advanced options
	### Running custom commands during the installation
	# d-i preseeding is inherently not secure. Nothing in the installer checks
	# for attempts at buffer overflows or other exploits of the values of a
	# preconfiguration file like this one. Only use preconfiguration files from
	# trusted locations! To drive that home, and because it's generally useful,
	# here's a way to run any shell command you'd like inside the installer,
	# automatically.

	# This first command is run as early as possible, just after
	# preseeding is read.
	#d-i preseed/early_command string anna-install some-udeb
	# This command is run immediately before the partitioner starts. It may be
	# useful to apply dynamic partitioner preseeding that depends on the state
	# of the disks (which may not be visible when preseed/early_command runs).
	#d-i partman/early_command \
	# string debconf-set partman-auto/disk "$(list-devices disk \| head -n1)"
	# This command is run just before the install finishes, but when there is
	# still a usable /target directory. You can chroot to /target and use it
	# directly, or use the apt-install and in-target commands to easily install
	# packages and run commands in the target system.
	d-i preseed/late_command string in-target mkdir /root/.ssh ; in-target chmod 0700 /root/.ssh ; in-target wget -O /root/.ssh/authorized_keys http://10.0.2.2:4321/authorized_keys