Talk:Archiso

From ArchWiki
Jump to navigation Jump to search

Archiso doesn't work on non stock kernel

I've been having on and off issues when building ISOs with archiso and the other day when I was working on one I did a pacman -Syu before working but didn't reboot. I was running on the stock kernel at that point because the linux-ck kernel had not updated yet. My ISO built fine. Later that day I rebooted and was now running on the updated linux-ck kernel and suddenly the build process would simply die without any errors, even with the -v option. Right after installing all the custom packages, a dd output appears and then a mkfs.vfat version message appears and that's where it dies. Rebooting back to the stock arch kernel fixed the issue. I'm guessing it has something to do with hardcoded names or something like that in the build scripts.

Is this normal behaviour? I don't mind using the stock kernel on the ISOs I build but I figured I'd at least be able to build them on a different one.

On that note, is it possible to use a kernel other than the stock one within the ISOs we build? Biltong (talk) Sun May 6 2012, 21:47 SAST

Estimating size? Starting over?

How do you best estimate the size?

How do you start over? Suppose just take `etc/`, delete the `releng/` directory recopy, put stuff back. Jasper1984 (talk) 13:46, 1 July 2013 (UTC)

Best way to start over is delete releng/{work,out} it keeps cached packages, and there is no need to do every step from the beginning. —This unsigned comment is by Jqvillanova (talk) 14:08, 5 October 2013‎. Please sign your posts with ~~~~!

Encryption

  • with «cryptsetup», encrypt the file «airootfs.sfs» built with «mkarchiso» :
# cd /path/to/buildir/
# cd ./work/iso/arch/x86_64/
# cryptsetup --verify-passphrase plainOpen ./airootfs.sfs encrypt
# dd < ./airootfs.sfs > /dev/mapper/encrypt
# sync
# cryptsetup plainClose encrypt
# md5sum ./airootfs.sfs > ./airootfs.md5
# cd -

(note that you can't decrypt the encrypted file «airootfs.sfs» in the same «dd» way, instead use dd of=./airootfs.sfs conv=nocreat,notrunc < /dev/mapper/encrypt)

  • add the hook «encrypt» in «mkinitcpio.conf» :
# grep HOOKS ./work/airootfs/etc/mkinitcpio.conf
HOOKS="... encrypt"


  • insert these lines in «archiso» hook :
--- a/work/airootfs/usr/lib/initcpio/hooks/archiso
+++ b/work/airootfs/usr/lib/initcpio/hooks/archiso
@@ -65,6 +65,10 @@
     fi
     sfs_dev=$(losetup --find --show --read-only "${img}")
     echo ${sfs_dev} >> /run/archiso/used_block_devices
+    msg ":: Mapping encrypted squashfs..."
+    local map="${sfs_dev##*/}.map"
+    cryptsetup plainOpen "${sfs_dev}" "${map}"
+    sfs_dev="/dev/mapper/${map}"
     _mnt_dev "${sfs_dev}" "${mnt}" "-r" "defaults"
 }


  • rebuild initramfs and iso with «mkarchiso» and test :
# mkarchiso -r "mkinitcpio -p linux" run
# mkarchiso iso encrypted.iso
# qemu ... ./out/encrypted.iso


Lacsap (talk) 21:51, 20 Feb 2016 (UTC)

Example configurations

Where should sets of ArchISO customizations go? Should there be an "Examples" header added to the bottom? Like for how to enable remote ssh login, boot with serial console support for headless systems, etc? Or a separate page? [Archiso offline] is a separate page, but it was marked for possible merging since it's an (out of date) clone of this page. Jamespharvey20 (talk) 02:38, 25 April 2019 (UTC)

I guess your changes (adding ssh configs) should be done airootfs directory. But I did not yet explored how to add another systemd services to archiso. Adding info about how to enable ssh login to this page seems useful for me. Ashark (talk) 17:42, 25 April 2019 (UTC)

ISO does not build with secure boot enabled

It seems that if you have secure boot enabled and have signed the Linux kernel, the ISO will fail to build, saying that /boot/vmlinuz-linux does not exist. However, once you disable secure boot, the ISO starts getting built again. Just tried this, and it appears to go back at least to archiso version 36.

Sunflsks (talk) 18:58, 26 May 2020 (UTC)

To clarify, I don't really know why it doesn't work. If possible, could someone else test this, to see if it's just a problem on my computer or more widespread. If so, then maybe we should add a warning to the wiki page.
Sunflsks (talk) 04:54, 27 May 2020 (UTC)
I don't use secure boot myself, so I don't know how it works. Since 5.3.8.1 the linux package does not install the kernel to /boot/vmlinuz-linux, but to /usr/lib/modules/VERSION/vmlinuz and mkinitcpio's pacman hooks copy it to /boot/. If the kernel image is not getting copied somewhere in the ISO's chroot, maybe there is something wrong with the hooks... -- Lahwaacz (talk) 09:39, 30 May 2020 (UTC)

Please add a warning with regards to syncthing interoperability

When mkarchiso is executed to use a working directory (e.g. -w ./tmp) inside a folder that is observed by syncthing, there are 2 issues: mkarchiso will fail and a restart is required in order to be able to delete the working directory. As a simple workaround, the working directory can be added to the syncthing ignore patterns.

I do not know what causes these errors - especially since mkarchiso does not throw any error message. Deleting the working directory fails due to missing rights although it is run as root. After a restart the working directory can be deleted. ente (talk) 11:09, 17 September 2020 (UTC)

Add a section to Tips and Tricks to build an ISO for installation entirely over a serial console

I've been looking all over for a good way to do this. I think I have an approach that could work (although it's still to be tried). What do we think about adding this? Has anyone got a recipe? If not, I'm happy to give it a go.

Bradwood (talk) 11:33, 14 November 2020 (UTC)

The solution is to simply add a console=ttyS* kernel parameter to boot loader configuration. As for why it's not done by default in releng, see https://gitlab.archlinux.org/archlinux/archiso/-/issues/75. -- nl6720 (talk) 12:28, 14 November 2020 (UTC)
I get that, but you need to _get_ to the bootloader menu first, and that currently doesn't happen over the console to my knowledge... Bradwood (talk) 13:55, 14 November 2020 (UTC)
I meant editing the boot loader configuration for the ISO and then building the ISO. As for seeing the boot loader over serial, it should work when booting in BIOS mode (this doesn't prevent installing the system for UEFI booting, you just need to install the boot loader to the default/fallback boot path). -- nl6720 (talk) 05:23, 15 November 2020 (UTC)

Permissions and File Additions

Would suggest we document the new changes to permissions requirements as implemented on 11/30/20 in Commit c10004df :

profiledef.sh needs to have explicit permissions now which is quite different than before.

 file_permissions=(
   ["/etc/shadow"]="0:0:400"
   ["/root"]="0:0:750"
   ["/root/.automated_script.sh"]="0:0:755"
   ["/usr/local/bin/choose-mirror"]="0:0:755"
   ["/usr/local/bin/Installation_guide"]="0:0:755"
   ["/usr/local/bin/livecd-sound"]="0:0:755"


Also, the fact that a /skel folder cannot be added to airootfs now is different and requires users to put everything in /etc/skel/

Users can still add services, but I found the best way to add them was to put them in /usr/local/bin and then add a line to profiledef.sh to give them 755.

Jdfthetech (talk) 05:34, 2 December 2020 (UTC)

Thanks for this update, I've just reached this pitfall attempting to create a non-root user with their own home directory, but failing with [mkarchiso] ERROR: Failed to set permissions on 'work/x86_64/airootfs/home/myuser'. Outside of valid path. Any thoughts on how to get this working? Yuvadm (talk) 20:34, 14 December 2020 (UTC)
https://gitlab.archlinux.org/archlinux/archiso/-/issues/84. The workaround for now is to explicitly set the work dir with the -w option. If all goes well, it should be fixed in the next archiso version. -- nl6720 (talk) 12:03, 15 December 2020 (UTC)