forked from livecd-tools/livecd-tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
228 lines (151 loc) · 8.22 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
The Fedora Live CD Tools
David Zeuthen <[email protected]>
Jeremy Katz <[email protected]>
Last Updated: October 2018
This project concerns tools to generate live CDs on Fedora based
systems including derived distributions such as RHEL, CentOS, and
others. See the project Wiki at
https://fedoraproject.org/wiki/FedoraLiveCD
for more details. Discussion of this project takes place at the
[email protected] mailing list
https://lists.fedoraproject.org/admin/lists/livecd.lists.fedoraproject.org/
This project and its source files are licensed under the GPLv2
license. See the file COPYING for details.
1. LIVE CD DESIGN GOALS
The live CD is designed in such a way that when running from a
live CD, the system should appear as much as possible as a standard
system with all that entails; e.g., read-write rootfs (achieved using
dm-snapshot or OverlayFS with the --flat-squashfs option), standard ext4 file
system (for extended attributes) or a direct SquashFS, and so on.
Another design goal is that the live CD should be ''installable'',
i.e., a user should be able to install the bits from the live CD onto
a hard disk without this process requiring network access or additional
media.
Finally, another design goal is that the tool set itself should be
separate from configuration; the same unmodified tool should be usable
for building various live CD flavors with vastly different
configurations, e.g., a GNOME live CD, a KDE live CD, a live CD with
music programs, and so on.
2. CREATING A LIVE CD
To create a live CD, the livecd-creator tool is used. Super user
privileges are needed. The tool is more or less self-documenting, use
the --help option to see options.
2.1 HOW THE LIVE CD CREATOR WORKS
In a nutshell, the livecd-creator program
o Sets up a file for the ext4 file system that will contain all the
data comprising the live CD
o Loop mounts that file into the file system so there is an
installation root
o Bind mounts certain kernel file systems (/dev, /dev/pts, /proc,
/sys, /selinux) inside the installation root
o Uses a configuration file to define the requested packages and
default configuration options. The format of this file is the same
as is used for installing a system via kickstart.
o Installs, using DNF, the requested packages into the installation
using the given repositories
o Optionally runs scripts as specified by the live CD configuration file.
o Relabels the entire installation root (for SELinux)
o Creates a live CD specific initramfs that matches the installed kernel
o Unmounts the kernel file systems mounted inside the installation root
o Unmounts the installation root
o Runs resize2fs to minimize and unminimize the ext4 file to remove data
from deleted files
o Runs resize2fs to minimize on a device-mapper snapshot, to generate a
small minimized delta image file which was historically used by anaconda to
reduce installation time by not copying unused data to disk
o Creates a SquashFS file system containing only the ext4 file (compression)
or directly from the installation root (for OverlayFS overlays)
o Configures the boot loader
o Creates an iso9660 bootable CD
2.2 EXAMPLE: A BAREBONES LIVE CD
The command
# livecd-creator \
--config=/usr/share/doc/livecd-tools/livecd-fedora-minimal.ks
will create a live CD that will boot to a login prompt. Note that in this
minimal example, since no configuration is done, the user will not be able to
login to the system as the root password is not set or cleared.
2.3 LIVE CD CONFIGURATION FILES
The configuration of the live CD is defined by a file that uses the
same format as installing a system via kickstart. They can include
some basic system configuration items, the package manifest and a
script to be run at the end of the build process.
For the Fedora project, there are currently a variety of different live CD
configuration files. The spin-kickstarts package includes all of the
kickstarts used to create the various spins. These include a minimal live image
(fedora-minimal-common.ks), a complete workstation image
(fedora-live-workstation.ks) and others.
2.4 EXAMPLE: SPINNING THE FEDORA WORKSTATION LIVE CD
Assuming that you use the fedora-live-workstation.ks configuration file,
then the following command
# livecd-creator \
--config=/usr/share/spin-kickstarts/fedora-live-workstation.ks \
--fslabel=Fedora-29-WS-Live-foo
will create a live CD called "Fedora-29-WS-Live-foo". The name
given by --fslabel is used.
o as a file system label on the ext4 and iso9660 file systems
(as such it's visible on the desktop as the CD name)
o in the isolinux boot loader
If you have the repositories available locally and don't want to wait
for the download of packages, just substitute the URLs listed in the
configuration file to point to your local repositories.
3. LIVE CD INSTALLS
As of Fedora 7, Anaconda has support for doing an installation
from a live CD. To use this, double click on the "Install to Hard
Drive" item on the desktop or run /usr/bin/liveinst if you don't have
such an icon.
4. LIVE CD MEDIA VERIFICATION
The live CD can incorporate functionality to verify itself. To do so,
you need to have isomd5sum installed both on the system used for creating
the image and installed into the image. This is so that the implantisomd5
and checkisomd5 utilities can be used. These utilities take advantage of
embedding an md5sum into the application area of the iso9660 image.
This then gets verified before mounting the real root filesystem.
These utilities used to be part of the anaconda-runtime package.
5. LOADING LIVE IMAGES ONTO USB MEDIA
USB sticks are becoming increasingly prevalent and are a nice way to
use live images. You can take a live CD iso image and transform it so
that it can be used on a USB stick. To do so, use the
livecd-iso-to-disk script, like the following:
livecd-iso-to-disk /path/to/live.iso /dev/sdb1
Replace the '/dev/sdb1' argument above with the (unmounted) partition where you
wish to load the live image. This is not a destructive process; any data you
currently have on your USB stick will be preserved.
Multiple images may be loaded onto a single USB stick.
See livecd-iso-to-disk --help for more options and instructions.
6. SECURE IMAGE GENERATION
Due to limitations in kickstart, the default invocation of livecd-creator
cannot verify RPM package signatures. Package signatures are an essential
security function which protects RPMs against tampering during storage or
transfer.
If possible, you should enable signature checks with the --repo option:
livecd-creator \
--config=/usr/share/doc/livecd-tools/livecd-fedora-minimal.ks \
--repo=/etc/yum.repos.d
--repo configures RPM sources using DNF ".repo" configuration files instead of
kickstart. If you are building a different distro than your host system, be sure
to use configuration files for that distro.
Your --repo file or directory can use any configuration options available to
DNF. The following options must be set in order to verify signatures:
gpgcheck=1
gpgkey=path/to/key.asc
file:///url/to/another/key.asc
In this mode, the %repo directive(s) in the kickstart file, if any,
are ignored.
Additionally, use --pkgverify-level=all to enforce valid, trusted
signatures on all packages installed.
7. MOUNTING LIVE IMAGES
A live CD .iso file or an installed live USB device may be mounted with the
liveimage-mount script to peer into the live OS filesystem, or even edit it on
a device loaded with a persistent storage overlay.
liveimage-mount /path/to/live[.iso|device|directory] <mountpoint>
See liveimage-mount --help for more options.
7. EDITING LIVE IMAGES
Live OS images may be edited using the editliveos script:
editliveos [options] <LiveOS_source>
This script may be used to merge a persistent overlay, run software updates
including kernel and initial RAM filesystem updates, insert files, clone a
customized instance, adjust the root or home filesystem or overlay sizes and
filesystem or overlay types, seclude private or user-specific files, rebuild
the image into a new .iso image distribution file, and refresh the source's
persistent filesystem overlay.
See editliveos --help for more options and instructions.