The build process is broken.

[ghost]

It's too much required to ask to have Vagrant and VirtualBox in your host in order to build an OS image. At least on my Ubuntu 16.04 desktop vagrant plugin install libvirt refused to work. In addition, it is extremely bad idea to use Debian and pull all sorts of tools that you don't need with it to the OS image.

It would be better to use Yocto or BuildRoot as basis and build OS image from sources that only includes the essential stuff needed. It would better also in order to foster outside contributors so that you don't need to have complicated software packages on your host just to build an OS image.

For example, with BuildRoot that I casually use for kernel development it is just "git clone + make" and the build process will boot strap the tool chain etc. No heavy weight features like virtualization is needed.

I tried to do some minor research on some things on the generated OS image but gave up because I failed to get Vagrant working properly with libvirt. I want to be able to builds myself even if there was prebuilt images available.

[ghost]

I don't want to sound mean, I really don't, but if you think about it you could make a post to thedailywtf.com by putting "Building a Linux distribution using Vagrant" as the title and copy-pasting the Makefile there. I'm saying this just to sharpen my point.

The problem is not only that it is hard to build an image but it is hard audit what goes into the image because there is no any kind of declarative description how it is built. Instead there is a huge pile of "ssh -c" spells that are not nice to decipher unless you have wrote them in the first place.

[jarkkojs]

One way the improve the current situation would be to convert on using debootstrap. That is probably the shortest delta from the current infrastructure.

[kyyberi]

Might be a good idea to have at least online session about the subject. Digabi would invite @jsakkine and alike to participate to include their extensive experience. This might lead to contributions which are now impossible due to broken build process.

[mplattu]

@jsakkine-intel, @jsakkine,

thanks for the feedback. We've chosen Vagrant as the build tool for mainly two reasons:

1. As you must have noticed the test taker's workstation is not "a hardened browser" but rather "a re-branded live". Instead of building the complete operation system, we use Debian Live as a starting point. Our customization installs some packages & dependencies, alternative kernel and rewritten boot system (legacy & signed Secure Boot).
2. Debian Live build system runs most reliably on a Debian build machine, so we've chosen to abstract the build environment with a virtual machine. As an additional benefit, this allows us also to use any platforms (i.e. even macOS or Windows) for development.

In other words, our goal is to ship a slightly modified live OS. We’re not in the business of inventing new operating system or even new derivate of Jessie.

As you have noticed the build system does not work out of the box since the custom kernel and boot-related stuff are not present in the public repo. At the moment we've decided not to open source the software written in the project. However, the distributables can be found at http://www.abitti.fi/fi/ohjeet/usb-tikkujen-kopiointi/. The direct URLs of the raw images can be found from the bottom of the page.

[jarkkojs]

Even if the build process was done with debootstrap or Yocto you still would have a maintained upstream for binary packages or Yocto recipes. If someone is interested on building images, probably wiring up a VM for running a build is not a major technical obstacle. The requirements that you are putting for infrastructure just do not justify the cause. I think this kind of projects that are paid by the tax payers should be made as robust, transparent and hackable as possible :)