From ArchWiki
Jump to navigation Jump to search

Archiso doesn't work on non stock kernel

I've been having on and off issues when building ISOs with archiso and the other day when I was working on one I did a pacman -Syu before working but didn't reboot. I was running on the stock kernel at that point because the linux-ck kernel had not updated yet. My ISO built fine. Later that day I rebooted and was now running on the updated linux-ck kernel and suddenly the build process would simply die without any errors, even with the -v option. Right after installing all the custom packages, a dd output appears and then a mkfs.vfat version message appears and that's where it dies. Rebooting back to the stock arch kernel fixed the issue. I'm guessing it has something to do with hardcoded names or something like that in the build scripts.

Is this normal behaviour? I don't mind using the stock kernel on the ISOs I build but I figured I'd at least be able to build them on a different one.

On that note, is it possible to use a kernel other than the stock one within the ISOs we build? Biltong (talk) Sun May 6 2012, 21:47 SAST

Estimating size? Starting over?

How do you best estimate the size?

How do you start over? Suppose just take `etc/`, delete the `releng/` directory recopy, put stuff back. Jasper1984 (talk) 13:46, 1 July 2013 (UTC)

Best way to start over is delete releng/{work,out} it keeps cached packages, and there is no need to do every step from the beginning. —This unsigned comment is by Jqvillanova (talk) 14:08, 5 October 2013‎. Please sign your posts with ~~~~!


  • with «cryptsetup», encrypt the file «airootfs.sfs» built with «mkarchiso» :
# cd /path/to/buildir/
# cd ./work/iso/arch/x86_64/
# cryptsetup --verify-passphrase plainOpen ./airootfs.sfs encrypt
# dd < ./airootfs.sfs > /dev/mapper/encrypt
# sync
# cryptsetup plainClose encrypt
# md5sum ./airootfs.sfs > ./airootfs.md5
# cd -

(note that you can't decrypt the encrypted file «airootfs.sfs» in the same «dd» way, instead use dd of=./airootfs.sfs conv=nocreat,notrunc < /dev/mapper/encrypt)

  • add the hook «encrypt» in «mkinitcpio.conf» :
# grep HOOKS ./work/airootfs/etc/mkinitcpio.conf
HOOKS="... encrypt"

  • insert these lines in «archiso» hook :
--- a/work/airootfs/usr/lib/initcpio/hooks/archiso
+++ b/work/airootfs/usr/lib/initcpio/hooks/archiso
@@ -65,6 +65,10 @@
     sfs_dev=$(losetup --find --show --read-only "${img}")
     echo ${sfs_dev} >> /run/archiso/used_block_devices
+    msg ":: Mapping encrypted squashfs..."
+    local map="${sfs_dev##*/}.map"
+    cryptsetup plainOpen "${sfs_dev}" "${map}"
+    sfs_dev="/dev/mapper/${map}"
     _mnt_dev "${sfs_dev}" "${mnt}" "-r" "defaults"

  • rebuild initramfs and iso with «mkarchiso» and test :
# mkarchiso -r "mkinitcpio -p linux" run
# mkarchiso iso encrypted.iso
# qemu ... ./out/encrypted.iso

Lacsap (talk) 21:51, 20 Feb 2016 (UTC)

Example configurations

Where should sets of ArchISO customizations go? Should there be an "Examples" header added to the bottom? Like for how to enable remote ssh login, boot with serial console support for headless systems, etc? Or a separate page? [Archiso offline] is a separate page, but it was marked for possible merging since it's an (out of date) clone of this page. Jamespharvey20 (talk) 02:38, 25 April 2019 (UTC)

I guess your changes (adding ssh configs) should be done airootfs directory. But I did not yet explored how to add another systemd services to archiso. Adding info about how to enable ssh login to this page seems useful for me. Ashark (talk) 17:42, 25 April 2019 (UTC)

ISO does not build with secure boot enabled

It seems that if you have secure boot enabled and have signed the Linux kernel, the ISO will fail to build, saying that /boot/vmlinuz-linux does not exist. However, once you disable secure boot, the ISO starts getting built again. Just tried this, and it appears to go back at least to archiso version 36.

Sunflsks (talk) 18:58, 26 May 2020 (UTC)

To clarify, I don't really know why it doesn't work. If possible, could someone else test this, to see if it's just a problem on my computer or more widespread. If so, then maybe we should add a warning to the wiki page.
Sunflsks (talk) 04:54, 27 May 2020 (UTC)
I don't use secure boot myself, so I don't know how it works. Since the linux package does not install the kernel to /boot/vmlinuz-linux, but to /usr/lib/modules/VERSION/vmlinuz and mkinitcpio's pacman hooks copy it to /boot/. If the kernel image is not getting copied somewhere in the ISO's chroot, maybe there is something wrong with the hooks... -- Lahwaacz (talk) 09:39, 30 May 2020 (UTC)

Please add a warning with regards to syncthing interoperability

When mkarchiso is executed to use a working directory (e.g. -w ./tmp) inside a folder that is observed by syncthing, there are 2 issues: mkarchiso will fail and a restart is required in order to be able to delete the working directory. As a simple workaround, the working directory can be added to the syncthing ignore patterns.

I do not know what causes these errors - especially since mkarchiso does not throw any error message. Deleting the working directory fails due to missing rights although it is run as root. After a restart the working directory can be deleted. ente (talk) 11:09, 17 September 2020 (UTC)