customise the ubuntu installer
<div id=“dw”>
The Plan.
to remaster the Hardy Heron netboot mini.iso so it will do the following.
-
install everything i want without asking any questions.
-
install the packages i want including some custom made.
-
authenticate users against LDAP.
-
mount the /home directories on the server.
The Problem.
-
horrible lack of documentation available, it is either outdated, scathered or simply not there.
-
the number of available chickens to sacrifice is limited.
The Challenge.
figure this out and document it.
meta-packages
desktop package
its fairly easy to create your own meta-packages since it is basically an empty package with a list of dependencies in a text file.
the main meta package would be as follows for a Xfce based system, below is heavily borrowed from xubuntu as a starting point.
mkdir laoshu-desktop_8.04.1_i386 mkdir laoshu-desktop_8.04.1_i386/DEBIAN nano laoshu-desktop_8.04.1_i386/DEBIAN/control
Package: laoshu-desktop Source: laoshu-meta Version: 1.0 Architecture: i386 Maintainer: randall <randall@songshu.org> Installed-Size: 40 Depends: acpi, acpi-support, acpid, alsa-base, alsa-utils, anacron, mozilla-plugin-vlc, apmd, avahi-daemon, bc, ca-certificates, cupsys, cupsys-bsd, cupsys-client, cupsys-driver-gutenprint, dbus, dc, doc-base, foomatic-db, foomatic-db-engine, foomatic-filters, gdebi, gdm, genisoimage, ghostscript-x, gnome-app-install, gnome-mount, gnome-system-tools, gtk2-engines, gtk2-engines-murrine, gtk2-engines-pixbuf, gtk2-engines-ubuntulooks, gtk2-engines-xfce, hal, hotkey-setup, language-selector, lftp, libgl1-mesa-glx, libglib2.0-data, libglut3, libsasl2-modules, libxp6, openprinting-ppds, pnm2ppa, powermanagement-interface, readahead, screen, scrollkeeper, smbclient, software-properties-gtk, synaptic, tango-icon-theme, tango-icon-theme-common, thunar, thunar-archive-plugin, thunar-media-tags-plugin, thunar-thumbnailers, thunar-volman, ttf-bitstream-vera, ttf-dejavu-core, ttf-freefont, ubuntu-artwork, unzip, update-manager, usplash, vim-runtime, x-ttcidfont-conf, xfce4-mcs-plugins, xfce4-mcs-plugins-extra, xfce4-mixer, xfce4-panel, xfce4-session, xfce4-terminal, xfce4-utils, xfdesktop4, xfwm4, xfwm4-themes, xkb-data, xorg, xterm, zenity, zip, app-install-data-commercial, apport-gtk, avahi-autoipd, bluez-cups, bluez-utils, bogofilter, brasero, cdparanoia, cups-pdf, displayconfig-gtk, dvd+rw-tools, file-roller, firefox, foo2zjs, foomatic-db-hpijs, fortune-mod, gcalctool, gcc, gimp, gnome-accessibility-themes, gnome-games, gnome-power-manager, gnome-screensaver, gnome-system-monitor, gucharmap, hal-cups-utils, hplip, jockey-gtk, laptop-detect, libgl1-mesa-dri, libgnome2-perl, libgoffice-gtk-0-6, libnss-mdns, linux-headers-generic, make, min12xxw, mousepad, mozilla-thunderbird, network-manager-gnome, notification-daemon, onboard, orage, pidgin, pidgin-otr, powernowd, pxljr, python-exo, gthumb, scim, scim-gtk2-immodule, scim-tables-additional, screensaver-default-images, splix, system-config-printer-gnome, transmission-gtk, ttf-arabeyes, ttf-arphic-uming, ttf-indic-fonts-core, ttf-kochi-gothic, ttf-kochi-mincho, ttf-lao, ttf-malayalam-fonts, ttf-thai-tlwg, ttf-unfonts-core, ubufox, update-notifier, wodim, wvdial, xcursor-themes, xdg-utils, xfce4-appfinder, xfce4-battery-plugin, xfce4-clipman-plugin, xfce4-cpugraph-plugin, xfce4-dict-plugin, xfce4-fsguard-plugin, xfce4-governor-plugin, xfce4-mailwatch-plugin, xfce4-mount-plugin, xfce4-netload-plugin, xfce4-notes-plugin, xfce4-places-plugin, xfce4-quicklauncher-plugin, xfce4-screenshooter-plugin, xfce4-smartbookmark-plugin, xfce4-systemload-plugin, xfce4-verve-plugin, xfce4-weather-plugin, xfce4-xkb-plugin, xfprint4, xscreensaver-data, xscreensaver-gl, openoffice.org, openoffice.org-gtk, openoffice.org-style-tango, lightning-extension, ekiga, inkscape, gftp, exaile, catfish Section: metapackages Priority: optional Description: LaoShu desktop system This package depends on all of the packages in the LaoShu desktop system . It is safe to remove this package if some of the desktop system packages are not desired.
once the control file is in place you can create the package as follows
dpkg -b laoshu-desktop_8.04.1_i386
restricted packages
this one would require the multiverse and medibuntu repositories
mkdir laoshu-restricted-extras_8.04.1_i386 mkdir laoshu-restricted-extras_8.04.1_i386/DEBIAN nano laoshu-restricted-extras_8.04.1_i386/DEBIAN/control
Package: laoshu-restricted-extras Source: laoshu-restricted-extras Version: 1.0 Architecture: i386 Maintainer: randall <randall@songshu.org> Installed-Size: 32 Depends: flashplugin-nonfree, icedtea-gcjwebplugin, libdvdread3, liblame0, libxine1-ffmpeg, msttcorefonts, unrar, sun-java6-jre, sun-java6-fonts, acroread, acroread-escript, acroread-plugins, mozilla-acroread, skype, non-free-codecs, libdvdcss2 Section: metapackages Priority: optional Description: Commonly used restricted packages This package depends on some commonly used packages in the multiverse and medibuntu repository. . Installing this package will pull in support for MP3 playback and decoding, Java runtime environment, Microsoft fonts, Flash plugin, DVD playback, and LAME (to create compressed audio files). . Please note that packages from multiverse and medibuntu.org are restricted by copyright or legal issues in some countries. See http://www.ubuntu.com/ubuntu/licensing for more information.
dpkg -b restricted-extras_8.04.1_i386
artwork packages
usually the artwork is the last thing i touch if at all, but as said earlier i used xubuntu as a starting point and in my humble opinion the gdm theme and wallpaper in this hardy version are more ugly then ever, and since the ubuntu artwork overhaul is not as promised either, i will give it a swirl to do something about it.
the default ubuntu wallpaper is nevertheless is fascinating so lets try to start it from there.
while we are at it we might as well thank Julien for this one
i still need some splash!!!
?????something like this????
default settings
Hacking the installer
first we need to get the mini.iso from here https://help.ubuntu.com/community/Installation/MinimalCD
no need to burn it to cd first, just mount it
mount -o loop /path/to/iso /some/mountpoint
after its mounted, copy the content to a folder
mkdir -p /opt/cd-image rsync -av /some/mountpoint/ /opt/cd-image
since the content of is now copied to /opt/cd-image this would be the place to make the needed changes.
nano /opt/cd-image/isolinux.cfg
all i've added is the laoshu part
DISPLAY boot.txt F1 f1.txt F2 f2.txt F3 f3.txt F4 f4.txt F5 f5.txt F6 f6.txt F7 f7.txt F8 f8.txt F9 f9.txt F0 f10.txt DEFAULT laoshu LABEL laoshu kernel linux append vga=normal debian-installer/locale=en_US console-setup/layoutcode=us netcfg/get_hostname=unassigned-hostname preseed/url=http://192.168.1.12/laoshu-preseed.cfg initrd=initrd.gz -- LABEL install kernel linux append vga=normal initrd=initrd.gz -- LABEL linux kernel linux append vga=normal initrd=initrd.gz -- LABEL cli kernel linux append tasks=standard pkgsel/language-pack-patterns= pkgsel/install-language-support=false vga=normal initrd=initrd.gz -- LABEL expert kernel linux append priority=low vga=normal initrd=initrd.gz -- LABEL cli-expert kernel linux append tasks=standard pkgsel/language-pack-patterns= pkgsel/install-language-support=false priority=low vga=normal initrd=initrd.gz -- LABEL rescue kernel linux append vga=normal initrd=initrd.gz rescue/enable=true -- PROMPT 1 TIMEOUT 0
after the changes are made we can make a fresh new .iso image
IMAGE=laoshu.iso
BUILD=/opt/cd-image
mkisofs -r -V "LaoShu Install CD" \
-cache-inodes \
-J -l -b isolinux.bin \
-c boot.cat -no-emul-boot \
-boot-load-size 4 -boot-info-table \
-o $IMAGE $BUILD
please note, the location of isolinux.bin and boot.cat differ with the normal install cd's, so just adjust the paths if needed.
the answer file for the installer, lets see how far we get after making some changes to this post
http://ubuntuforums.org/archive/index.php/t-434405.html
and place the preseed file on the apt-cacher we already have in place ( http://192.168.1.88/doku/doku.php?id=apt.cipar.net) as
http://192.168.1.12/laoshu-preseed.cfg
d-i debian-installer/locale string en_US i console-keymaps-at/keymap select us d-i netcfg/choose_interface select auto d-i netcfg/get_hostname string set-me-please d-i netcfg/get_domain string unassigned-domain d-i netcfg/wireless_wep string d-i mirror/country string enter information manually #d-i mirror/http/hostname string d-i mirror/http/hostname string 192.168.1.12:3142 d-i mirror/http/directory string /apt-cacher/nl3.archive.ubuntu.com/ubuntu d-i mirror/http/proxy string d-i partman-auto/disk string /dev/?da d-i partman-auto/method string regular d-i partman-auto/purge_lvm_from_device boolean true d-i partman-lvm/confirm boolean true d-i partman-auto/choose_recipe select All files in one partition (recommended for new users) d-i partman/confirm_write_new_label boolean true d-i partman/choose_partition select Finish partitioning and write changes to disk d-i partman/confirm boolean true d-i clock-setup/utc boolean true d-i time/zone string Europe/Amsterdam # Controls whether to use NTP to set the clock during the install d-i clock-setup/ntp boolean true # NTP server to use. The default is almost always fine here. d-i clock-setup/ntp-server 192.168.0.1 d-i apt-setup/restricted boolean true d-i apt-setup/universe boolean true d-i apt-setup/multiverse boolean true d-i apt-setup/local0/comment string Medibuntu - http://www.medibuntu.org d-i apt-setup/local0/repository string http://192.168.1.12:3142/packages.medibuntu.org hardy free non-free d-i apt-setup/local0/source boolean true d-i apt-setup/local0/key string http://packages.medibuntu.org/medibuntu-key.gpg d-i apt-setup/local1/comment string LaoShu d-i apt-setup/local1/repository string http://192.168.1.12/custom hardy main d-i apt-setup/local1/source boolean false d-i debian-installer/allow_unauthenticated string true d-i passwd/root-login boolean false d-i passwd/user-fullname string user d-i passwd/username string user # Normal user's password, either in clear text d-i passwd/user-password password user d-i passwd/user-password-again password user # or encrypted using an MD5 hash. #d-i passwd/user-password-crypted password [MD5 hash] d-i grub-installer/only_debian boolean true d-i grub-installer/with_other_os boolean true tasksel tasksel/first multiselect ubuntu-standard, d-i pkgsel/include string acpi acpi-support acpid alsa-base alsa-utils anacron mozilla-plugin-vlc apmd avahi-daemon bc ca-certificates cupsys cupsys-bsd cupsys-client cupsys-driver-gutenprint dbus dc doc-base foomatic-db foomatic-db-engine foomatic-filters gdebi gdm genisoimage ghostscript-x gnome-app-install gnome-mount gnome-system-tools gtk2-engines gtk2-engines-murrine gtk2-engines-pixbuf gtk2-engines-ubuntulooks gtk2-engines-xfce hal hotkey-setup language-selector lftp libgl1-mesa-glx libglib2.0-data libglut3 libsasl2-modules libxp6 openprinting-ppds pnm2ppa powermanagement-interface readahead screen scrollkeeper smbclient software-properties-gtk synaptic tango-icon-theme tango-icon-theme-common thunar thunar-archive-plugin thunar-media-tags-plugin thunar-thumbnailers thunar-volman ttf-bitstream-vera ttf-dejavu-core ttf-freefont unzip update-manager usplash vim-runtime x-ttcidfont-conf xfce4-mcs-plugins xfce4-mcs-plugins-extra xfce4-mixer xfce4-panel xfce4-session xfce4-terminal xfce4-utils xfdesktop4 xfwm4 xfwm4-themes xkb-data xorg xterm zenity zip app-install-data-commercial apport-gtk avahi-autoipd bluez-cups bluez-utils bogofilter brasero cdparanoia cups-pdf displayconfig-gtk dvd+rw-tools file-roller firefox foo2zjs foomatic-db-hpijs fortune-mod gcalctool gcc gimp gnome-accessibility-themes gnome-games gnome-screensaver gnome-system-monitor gucharmap hal-cups-utils hplip jockey-gtk libgl1-mesa-dri libgnome2-perl libgoffice-gtk-0-6 libnss-mdns linux-headers-generic make min12xxw mousepad mozilla-thunderbird notification-daemon onboard orage pidgin pidgin-otr powernowd pxljr python-exo gthumb scim scim-gtk2-immodule scim-tables-additional screensaver-default-images splix system-config-printer-gnome ttf-arabeyes ttf-arphic-uming ttf-indic-fonts-core ttf-kochi-gothic ttf-kochi-mincho ttf-lao ttf-malayalam-fonts ttf-thai-tlwg ttf-unfonts-core ubufox update-notifier wodim wvdial xcursor-themes xdg-utils xfce4-appfinder xfce4-battery-plugin xfce4-clipman-plugin xfce4-cpugraph-plugin xfce4-dict-plugin xfce4-fsguard-plugin xfce4-governor-plugin xfce4-mailwatch-plugin xfce4-mount-plugin xfce4-netload-plugin xfce4-notes-plugin xfce4-places-plugin xfce4-quicklauncher-plugin xfce4-screenshooter-plugin xfce4-smartbookmark-plugin xfce4-systemload-plugin xfce4-verve-plugin xfce4-weather-plugin xfce4-xkb-plugin xfprint4 xscreensaver-data xscreensaver-gl openoffice.org openoffice.org-gtk openoffice.org-style-tango lightning-extension flashplugin-nonfree icedtea-gcjwebplugin libdvdread3 numlockx liblame0 libxine1-ffmpeg msttcorefonts unrar sun-java6-jre sun-java6-fonts acroread acroread-escript acroread-plugins exaile mozilla-acroread skype non-free-codecs libdvdcss2 dmz-cursor-theme ntp #d-i preseed/late_command string wget -q -O - http://192.168.1.12/laoshu_installscript | chroot /target /bin/bash popularity-contest popularity-contest/participate boolean false d-i finish-install/reboot_in_progress note xserver-xorg xserver-xorg/autodetect_monitor boolean true # Uncomment if you have an LCD display. #xserver-xorg xserver-xorg/config/monitor/lcd boolean true xserver-xorg xserver-xorg/config/monitor/selection-method \ select medium xserver-xorg xserver-xorg/config/monitor/mode-list \ select 1024x768 @ 60 Hz sun-java6-jre shared/accepted-sun-dlj-v1-1 boolean true msttcorefonts msttcorefonts/defoma note
Making a local repository
we need a local repo for our custom packages, a complete mirror is not needed since we use apt-cacher..
reprepro seems to do the trick nicely
http://www.debian-administration.org/articles/286
on the apt-cacher box we do the following.
apt-get install reprepro
mkdir -p /var/www/custom mkdir -p /var/www/custom/conf mkdir -p /var/www/custom/incoming
nano /var/www/custom/conf/distributions
Origin: randall Label: LaoShu Suite: hardy Codename: hardy Version: 8.04 Architectures: i386 all source Components: main Description: custom repo
and then to include our custom made package we do the following.
reprepro -Vb . includedeb hardy laoshu-desktop_8.04.1_i386.deb
Sacrifice the chicken
Before we start with OpenLDAP we need some more divined guidance, so this would be a good moment to sacrifice the chicken.
Normally i'm used to the debian way that demands that the chicken be tied to a stake driven into the earth, doused with an accelerant and set ablaze.
amused by the way the flaming chicken scrambles about, clucking its hellish shrieks before its eyes pop out of its tiny skull and boiling blood oozes from the sockets.
but i found that when dealing with ubuntu a slightly different approach is needed, not sure if this change came from upstream or if it is a propriety spec by cannonical.
i followed the technical details provided by Jaden from here
http://steamykitchen.com/blog/2007/06/28/szechuan-peppercorn-roasted-chicken/
-
1 chicken, organic (I like using a small 3 1/2 pound bird)
-
1/2 orange
-
2-3 stalks of scallions, cut into 3” sections
-
4 long, thin slices of ginger
-
2 tablespoons Szechuan Peppercorn Salt + more to serve as dipping salt
-
2 tablespoons oil
Preheat oven to 200°c set for convection.
Wash chicken and pat very dry.
Tie legs together with kitchen twine, tuck wings in.
Generously season chicken inside and out with the Szechuan Peppercorn Flavored Salt.
If you look at my photo, I use quite a bit of seasoning, which I think is one of the secrets to delicious tasting roast chicken. The roasting mellows out the salt – so don't be afraid to have a heavy-hand in seasoning.
Stuff bird with ginger, scallions and orange.
Place bird breast-side down in roasting pan.
Brush 1 tablespoon oil all over the top of the bird (which is the thigh side).
Roast chicken breast-side down for 30 minutes.
Turn breast side up. Brush breast side with oil.
Continue roasting until thickest part of thigh reaches temperature of 175F and breast is 160F. Generally, this will take another 20 minutes for a 3 1/2 lb bird. If using larger bird, add 7 more minutes for every add'l pound.
Remove from oven and let rest for 10-15 minutes.
Carve and serve with more Szechuan Peppercorn Salt on side for dipping.
OpenLDAP
Thank Jaden for the Steamy Chicken, it actually paid off, below is a working draft, still need to configure it properly.
https://help.ubuntu.com/community/OpenLDAPServer
https://help.ubuntu.com/community/LDAPClientAuthentication
http://ubuntuforums.org/showthread.php?t=597056
SERVER PART 192.168.1.118
apt-get install slapd ldap-utils db4.2-util
it asked for the ldap rootpw only, i did dpkg-reconfigure to provoke more questions
nano /etc/ldap/slapd.conf
# Make sure you edit or add these directives after the first 'database' directive.
suffix "dc=cipar,dc=net"
directory "/var/lib/ldap"
rootdn "cn=admin,dc=cipar,dc=net"
rootpw {SSHA}d2BamRTgBuhC6SxC0vFGWol31ki8iq5m
slappaswd for the passwords
nano /etc/ldap/ldap.conf
BASE dc=cipar,dc=net
/etc/init.d/slapd restart
cd /usr/src
nano init.ldif
dn: dc=cipar,dc=net
objectClass: dcObject
objectClass: organizationalUnit
dc: cipar
ou: Cipar Dot Net
dn: cn=admin,dc=cipar,dc=net
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: {SSHA}QWIws37cSnf6Rd0uOTk8HZiByQlyiTBL
dn: ou=people,dc=cipar,dc=net
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=cipar,dc=net
objectClass: organizationalUnit
ou: groups
dn: uid=lionel,ou=people,dc=cipar,dc=net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: lionel
sn: Porcheron
givenName: Lionel
cn: Lionel Porcheron
displayName: Lionel Porcheron
uidNumber: 1000
gidNumber: 10000
userPassword: {SSHA}DAeW6w7yn1PBHBiT5IUgMM+O/0OO1qqn
gecos: Lionel Porcheron
loginShell: /bin/bash
homeDirectory: /home/lionel
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: lionel.porcheron@example.com
postalCode: 31000
l: Toulouse
o: Example
mobile: +33 (0)6 xx xx xx xx
homePhone: +33 (0)5 xx xx xx xx
title: System Administrator
postalAddress:
initials: LP
dn: cn=cipar,ou=groups,dc=cipar,dc=net
objectClass: posixGroup
cn: cipar
gidNumber: 10000
dn: cn=cipar2,ou=groups,dc=cipar,dc=net
objectClass: posixGroup
cn: cipar2
memberUid: lionel
gidNumber: 10001
slappaswd for the passwords
/etc/init.d/slapd stop
rm -rf /var/lib/ldap/*
slapadd -l init.ldif
chown -R openldap:openldap /var/lib/ldap
/etc/init.d/slapd start
client
apt-get install ldap-auth-client
there was a typo in the original howto i think
it said URI → ldapi:///LDAP_SERVER_IP instead of URI → ldapi://LDAP_SERVER_IP
Should use debconf -> YES URI -> ldapi://192.168.1.118 DISTINGUISHED NAME -> dc=cipar,dc=net LDAP VERS -> 3 LOCAL ROOT DB ADMIN -> YES DOES DB REQ LOGIN -> NO LDAP A/C -> cn=admin,dc=cipar,dc=net LDAP root a/c password -> PASSWORD
nano /etc/ldap.conf
host 192.168.1.118 base = dc=cipar,dc=net bind_policy=soft
cp /etc/ldap/ldap.conf /etc/ldap/ldap.conf.bak cp /etc/ldap.conf /etc/ldap/ldap.conf
nano /etc/auth-client-config/profile.d/open_ldap
[open_ldap]
nss_passwd=passwd: ldap files
nss_group=group: ldap files
nss_shadow=shadow: ldap files
pam_auth=auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
pam_account=account sufficient pam_unix.so
account sufficient pam_ldap.so
account required pam_deny.so
pam_password=password sufficient pam_unix.so nullok md5 shadow use_authtok
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so
pam_session=session required pam_limits.so
session required pam_mkhomedir.so skel=/etc/skel/
session required pam_unix.so
session optional pam_ldap.so
auth-client-config -a -p open_ldap
</div>