2024-05-09 22:45:53 +02:00
|
|
|
# OS build system
|
|
|
|
|
|
|
|
This is a system for building a customized OS for SOI, based on [Debian Live].
|
|
|
|
|
|
|
|
[Debian Live]: https://live-team.pages.debian.net/live-manual/html/live-manual/index.en.html
|
|
|
|
|
|
|
|
## Variants
|
|
|
|
|
|
|
|
There are multiple variants of the OS for different use cases.
|
|
|
|
|
|
|
|
- `training-live` is a live system for training.
|
|
|
|
- `training-installer` is an installer, which writes the OS to disk instead of running it directly.
|
|
|
|
This is intended for installing the laptops owned by SOI only.
|
|
|
|
Installation is offline and mostly automated.
|
|
|
|
- `contestant` is a live system for contests.
|
|
|
|
It has additional configuration useful for contests.
|
|
|
|
|
|
|
|
The live systems copy the entire OS to RAM while booting, so you can remove the USB stick after booting is finished.
|
|
|
|
That way, you only need a small number of USB sticks for booting many computers.
|
|
|
|
|
|
|
|
All variants support Secure Boot.
|
|
|
|
However, VirtualBox (contained in the installer variant) only works with Secure Boot disabled.
|
|
|
|
|
|
|
|
## How to build an ISO
|
|
|
|
|
|
|
|
We run the build inside a Docker container, so you need Docker installed on your host.
|
|
|
|
Building works on Linux hosts, other OSes are untested.
|
|
|
|
|
|
|
|
First, obtain the configuration files and put them in the folder `config`.
|
|
|
|
These files contain secrets and are thus not committed to the repository.
|
|
|
|
If you want to create your own config, see the folder `config-example` for examples.
|
|
|
|
|
|
|
|
Run the following commands in the repository root folder.
|
|
|
|
The `--privileged` flag is needed for mounting `/proc` and similar in the target system root.
|
|
|
|
|
|
|
|
```bash
|
|
|
|
mkdir -p osbuild/build
|
|
|
|
sudo docker pull debian:bookworm
|
|
|
|
sudo docker run --rm -it --privileged --mount type=bind,source="$(pwd)",target=/work --workdir /work debian:bookworm
|
|
|
|
```
|
|
|
|
|
|
|
|
Inside the container, run the following commands.
|
|
|
|
Replace `training-live` with the variant you want to build.
|
|
|
|
|
|
|
|
```bash
|
|
|
|
apt-get update
|
|
|
|
# python3: for build script
|
|
|
|
# ca-certificates: for downloading files over https
|
|
|
|
# rsync, cpio: used by live-build
|
|
|
|
# unzip: for codeblocks plugin
|
|
|
|
# build-essential, debhelper: for building custom udeb
|
|
|
|
apt-get install --no-install-recommends python3 ca-certificates live-build rsync cpio unzip build-essential debhelper
|
|
|
|
cd osbuild/build
|
|
|
|
python3 ../../os/build.py training-live
|
|
|
|
```
|
|
|
|
|
|
|
|
Once the build is finished, you will find the ISO at `osbuild/build/live-image-amd64.hybrid.iso`.
|
|
|
|
|
|
|
|
## Testing in a VM
|
|
|
|
|
|
|
|
During development, it's convenient to test the OS in a virtual machine.
|
|
|
|
Install QEMU on your host.
|
|
|
|
The following commands should be run outside the docker container.
|
|
|
|
|
|
|
|
```bash
|
|
|
|
# training-live, legacy and EFI boot:
|
|
|
|
kvm -m 8G -smp 4 -vga virtio -cdrom training-live.iso
|
|
|
|
kvm -m 8G -smp 4 -vga virtio -cdrom training-live.iso -bios /usr/share/ovmf/OVMF.fd
|
|
|
|
|
|
|
|
# training-installer:
|
|
|
|
qemu-img create -f qcow2 installtarget.qcow2 20G
|
|
|
|
kvm -m 8G -smp 4 -vga virtio -drive file=training-installer.iso,if=virtio,format=raw,readonly=on -drive file=installtarget.qcow2,if=virtio -bios /usr/share/ovmf/OVMF.fd -smbios type=1,serial=DEMO123
|
|
|
|
|
|
|
|
# contestant:
|
|
|
|
# Add your ssh key to os/config/contestant_authorized_keys
|
|
|
|
kvm -m 8G -smp 4 -vga virtio -cdrom contestant.iso -bios /usr/share/ovmf/OVMF.fd -nic user,model=virtio-net-pci,hostfwd=tcp:127.0.0.1:2222-:22
|
|
|
|
ssh -o "UserKnownHostsFile ./local.known_hosts" -p 2222 root@localhost
|
|
|
|
```
|
|
|
|
|
|
|
|
## Features
|
|
|
|
|
|
|
|
The configuration is split into layers, which are applied depending on the variant.
|
|
|
|
Here is a list of features.
|
|
|
|
|
|
|
|
- `participant` (all variants)
|
|
|
|
- various code editors and other tools
|
|
|
|
- VS Code extensions
|
|
|
|
- SOI header
|
|
|
|
- Code::Blocks template
|
|
|
|
- wallpaper
|
|
|
|
- default favorite apps
|
|
|
|
- default list of keyboard layouts
|
|
|
|
- timezone
|
|
|
|
- list of locales
|
|
|
|
- bootloader background image
|
2024-05-11 14:45:55 +02:00
|
|
|
- `live` (all live variants)
|
2024-05-09 22:45:53 +02:00
|
|
|
- disable lock on blank screen
|
|
|
|
- disable software update notifications
|
2024-05-11 14:45:55 +02:00
|
|
|
- `training-live`
|
2024-05-09 22:45:53 +02:00
|
|
|
- automatic login
|
|
|
|
- sudo without password
|
|
|
|
- `training-installer`
|
|
|
|
- disable network detection to speed up install
|
|
|
|
- preseed most installer questions
|
|
|
|
- look up hostname in inventory file from serial number (inventory-hostname udeb)
|
|
|
|
- login screen logo
|
|
|
|
- login without password for `noauth` group
|
|
|
|
- create an admin user with sudo rights and password
|
|
|
|
- create a participant user without password
|
|
|
|
- install packages for firmware updates and power manager
|
|
|
|
- install Gnome Boxes and VirtualBox for running virtual machines
|
|
|
|
- `contestant`
|
|
|
|
- disable bluetooth
|
|
|
|
- disable sleep
|
|
|
|
- disable some panels in gnome-control-center
|
|
|
|
- disable automatic mounting of storage media
|
|
|
|
- polkit rules which block changing network settings and mounting storage media (it prompts for the root password)
|
|
|
|
- configure NTP
|
|
|
|
- install and configure ssh server
|
|
|
|
- set root password
|
|
|
|
- set `authorized_keys` for root
|
2024-05-13 22:59:31 +02:00
|
|
|
- contest WiFi connection
|
2024-05-09 22:45:53 +02:00
|
|
|
- automatic login
|
|
|
|
- set browser homepage and bookmarks to https://contest.soi.ch
|
|
|
|
- Gnome Shell extension which displays the user name in the top bar
|
|
|
|
- contest lock Gnome Shell extension
|
|
|
|
- some management scripts to be run via ssh
|
|
|
|
- some packages for contest admin
|