1. Forum
  2. Usenet
  3. LINUX.DEBIAN.MAINT.BOOT

  • preseed to fetch custom/updated UDEB

    From Aaron Goulding@21:1/5 to All on Fri Sep 1 01:30:01 2023
    Hello everyone!

    I am currently trying to test some changes to a UDEB package (specifically
    a modified version of partman-auto-crypto). My hope is to integrate this
    change with our PXE and preseed environment to perform automatic encrypted
    OS installation without the LVM requirement.

    I'd like to see if I can make use of preseed/early_command to pull this
    UDEB in from an (internal) web server and install it in place of the
    standard package. The goal is to avoid having to rebuild the entire
    installer each time.

    Unfortunately I haven't had much luck finding info on how to do this. I
    believe it'd be using anna-install but I can't find the correct syntax.

    Of note, I do hope to eventually provide a PR for these changes upstream if they work out in our environment, but testing beforehand is important. :)

    Thanks!

    - Aaron

    --
    This email, including its contents and any attachment(s), may contain confidential and/or proprietary information and is solely for the review
    and use of the intended recipient(s). If you have received this email in
    error, please notify the sender and permanently delete this email, its
    content, and any attachment(s). Any disclosure, copying, or taking of any action in reliance on an email received in error is strictly prohibited.

    <div dir="ltr">Hello everyone!<div><br></div><div>I am currently trying to test some changes to a UDEB package (specifically a modified version of partman-auto-crypto). My hope is to integrate this change with our PXE and preseed environment to perform
    automatic encrypted OS installation without the LVM requirement.</div><div><br></div><div>I&#39;d like to see if I can make use of preseed/early_command to pull this UDEB in from an (internal) web server and install it in place of the standard package.
    The goal is to avoid having to rebuild the entire installer each time.</div><div><br></div><div>Unfortunately I haven&#39;t had much luck finding info on how to do this. I believe it&#39;d be using anna-install but I can&#39;t find the correct syntax.</
    <div><br></div><div>Of note, I do hope to eventually provide a PR for these changes upstream if they work out in our environment, but testing beforehand is important. :)</div><div><br></div><div>Thanks! </div><div><br></div><div>- Aaron</div></div>


    <span style="white-space:pre-wrap"><font size="2" color="#808080">This email, including its contents and any attachment(s), may contain confidential and/or proprietary information and is solely for the review and use of the intended recipient(s). If you
    have received this email in error, please notify the sender and permanently delete this email, its content, and any attachment(s). Any disclosure, copying, or taking of any action in reliance on an email received in error is strictly prohibited.</font></
    span><br>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Philip Hands@21:1/5 to Aaron Goulding on Fri Sep 1 08:40:01 2023
    Aaron Goulding <[email protected]> writes:

    Hello everyone!

    I am currently trying to test some changes to a UDEB package (specifically
    a modified version of partman-auto-crypto). My hope is to integrate this change with our PXE and preseed environment to perform automatic encrypted
    OS installation without the LVM requirement.

    I'd like to see if I can make use of preseed/early_command to pull this
    UDEB in from an (internal) web server and install it in place of the
    standard package. The goal is to avoid having to rebuild the entire
    installer each time.

    It is possible to setup an APT repository (using aptly, reprepro,
    etc.) containing your modified udeb, and then preseed:

    apt-setup/_DEVEL_/repository

    in order to use it (which is a special case of the local[0-9] repository settings that anna & net-retriever can use as an additional source for
    udebs)

    This is a recent NOT INTENDED FOR PRODUCTION[1] addition to D-I, and
    isn't really documented, and also is a little bit fiddly to setup, but
    you're in luck because I just recently finished getting the our salsa-CI pipeline to support it, so if you want to set it up locally you can look
    at the scripting for that.

    However, if you don't mind experimenting in public, there's a _much_
    easier way.

    Just fork the project on salsa.debian.org, and whenever you push changes
    to it you should get a pipeline like this:

    https://salsa.debian.org/installer-team/partman-auto-crypto/-/pipelines/572984

    in which you'll see that there's an `aptly` job, which if you explore
    that, you'll find has artifacts that include the newly built udeb, and
    the keys for the repo:

    https://salsa.debian.org/installer-team/partman-auto-crypto/-/jobs/4638083/artifacts/browse/aptly/pool/main/p/partman-auto-crypto/
    https://installer-team.pages.debian.net/-/partman-auto-crypto/-/jobs/4638083/artifacts/aptly/index.html

    Towards the right of the pipeline (in the `D-I` Downstream child --
    click on the `>`) you'll see a `mini-ISO` job, which has a mini.iso as
    one of it's artifacts:
    https://salsa.debian.org/installer-team/partman-auto-crypto/-/jobs/4638103/artifacts/file/debian/output/debian-202306XX+salsaci+20230901+6-amd64-gtkmini.iso

    (you can get to that via the Artifacts: Browse on the right of the jobs
    page, and following about 5 more links).

    That mini.iso has been configured to include a /preseed.cfg that points
    it back to the `aptly` repo, so that it'll automatically get the udeb
    from that pipeline (or at least it will until a new release of partman-auto-crypto happens, which would be version '36' and so would
    supersede the `35+salsaci+20230901+5` version of this package)

    You can of course do all that in-house, but there are quite a few moving
    parts to make all that happen, so if the mini.iso would be enough to
    satisfy your needs, I'd use it -- if not, you could at least look at how
    that works, and then build your own.

    The bit that does the magic in debian-installer is here:

    https://salsa.debian.org/installer-team/debian-installer/-/blob/b2328bbbb5d5a712adb1c11e91e675c2a82c915d/debian/salsa-ci.yml#L78-L105

    the thing that sets up an aptly repo is mostly here:

    https://salsa.debian.org/salsa-ci-team/pipeline/-/blob/master/salsa-ci.yml#L750

    and the glue that sticks them together is here:

    https://salsa.debian.org/philh/branch2repo

    Cheers, Phil.

    [1] it's a somewhat evil hack, subject to change whenever a better way
    of doing it is thought up.
    --
    Philip Hands -- https://hands.com/~phil

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEE3/FBWs4yJ/zyBwfW0EujoAEl1cAFAmTxhQkACgkQ0EujoAEl 1cBEhg/+PLVMPDdZ3ZgTu5NGiLiSoqOI3TgwHDKTIigq8nB/8yu5Z23RoBJawWMJ ZmzBB3kCep7/UDSenS53ySdD1UhKt2quCH6/XLIidpZUGAL5xAoknVY7MlkTGscF Wob7/W3DI4gK7/8gkOevTV6Q8k6jKTMrTJ1KVoJXFwBdwsk/0ZCy24XMEoLQJVQV jz18xUgotQ+PKy/yliAHSmH4uQ29dnlxvvi75EmAMZaee0WUcMcFie9pst91OztJ NT6P+uSGla0Fh4FomeHBbPwJHVZd+XpJrjQG6KJ7nHr9n/HNDCA2wzlYyqIqQW3m pN46ZTernXCIHzc4Qq8Uf/61H+uJ/I8IiTpWbKD3chdP1bSZU7Gfw/JB4VRAIC5K X2M1KA3MU6O6VfjM83LuUWxw3kFPUBN//Tyb2QbgyCOaW/BD7nCgNPQqDIvzfLhv mdZy4R8p8Vns5MjaimWaGLwBidsTkT8IL++3wJmARfXurbqAOr+ErAPfl/hlPzQf h103JHda+Ttbchxkaj4xGl1/UQ+gbgRrPffDlnHJ1wzUAA+CfR7MoXdVL9Ufl+CO lM8tNzdz2WdgKx/iN/l22NCi6eeMIDC/U/VwQjxJfBKVySAD0193szMOKt1vvfDW xtZtulmhhX1MLb0JYZ1CwRYZr5Z60dVHsGwZQ9kY/9wS2rUQ10U=GJKn
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gatewa