Making a Custom ArchLinux-based Live System

SergeantBiggs

system administrationlinuxarchlinuxcicddronetechnology

980 Words

2022-04-07 07:37 +0000


As some of you might know, I work as a system administrator. Currently, most of my job consists of rather typical “Client Management” support. I go out and fix peoples computers. This is something that I also do in my spare time, of course. One of my favorite tools to do that are live systems. They are very handy for all kinds of troubleshooting and problem solving. I use them for:

  • simple data rescue
  • forensics
  • creating backups
  • partitioning
  • unlocking computers

Obviously, they have many more use cases.

I’ve been such a big fan of them, that I have quite some collection of live distros and ISOs. This also shows my biggest problem: there are a lot of different options to choose from, and none of them do everything I want. A lot of them are infrequently updated, have very specific usages or are just a bit weird. There are some exceptions to this rule (looking at you, Parted Magic), but they do charge a subscription fee to use the software. So I decided to look into doing this myself.

I had been experimenting with Archiso for a while to create custom live systems. I even created some for previous employers. But the problem I was having was essentially the same as my collection of other ISOs: They were “lying around” everywhere. I had no centralized way of building/deploying them. With an ever growing collection of ISOs an ever growing mountain of flash drives emerged.

I decided to solve this problem by creating a single distro that I could use for everything. If I needed a new tool, I would just add it. I combined this with a flash drive that I keep on my key chain. I decided to do this with Archiso again, since I have some experience with it, and I like the build system. The two things that really tie everything together though, are Gitea (A self-hosted Git forge) and Drone (a self-hosted CI platform). This allows me to automate the building process.

NB: Setting up Archiso is out of the scope of this article. Please see this excellent article on the Arch Wiki to get started.

Building the ISO

Normally, we would just build the ISO locally with mkarchiso. With drone, we can automate this process. I will show my drone file as an example, but drone has a lot more options. Check out the documentation if I whet your appetite.

The drone workflow consists of one or more pipelines that each contain steps. Each step has a name, and one or more associated commands. Let’s go through the steps one by one.

kind: pipeline
type: exec
name: default

steps:
- name: create chroot
  commands:
  - mkdir /var/lib/drone-runner-exec/buildroot/
  - mkarchroot /var/lib/drone-runner-exec/buildroot/root base-devel

This command creates a chroot that we use to build our AUR packages in. For Archiso, we need to manually build AUR packages and add them to a local repository.

- name: download aur packages
  commands:
  - auracle download nwipe
  - auracle download unixbench
  - auracle download stress-ng

Here we download our aur packages using the excellent auracle

- name: build stress-ng
  commands:
  - cd stress-ng
  - makechrootpkg -c -r /var/lib/drone-runner-exec/buildroot/
- name: build unixbench
  commands:
  - cd unixbench
  - makechrootpkg -c -r /var/lib/drone-runner-exec/buildroot/ -- --syncdeps
- name: build nwipe
  commands:
  - cd nwipe
  - makechrootpkg -c -r /var/lib/drone-runner-exec/buildroot/
- name: build owper
  commands:
  - cd extra/owper/
  - makechrootpkg -c -r /var/lib/drone-runner-exec/buildroot/ -- --syncdeps

After that, we build the packages in a clean chroot.

- name: add packages to repo
  commands:
  - find . -name '*pkg.tar.zst' -exec cp '{}' /var/lib/drone-runner-exec/builds/spart/aur_repo \;
  - cd /var/lib/drone-runner-exec/builds/spart/aur_repo/
  - repo-add localaur.db.tar.gz *.pkg.tar.zst

We add the packages to our local repo that pacman can use.

- name: build iso
  commands:
  - sudo mkarchiso -v -w "/var/lib/drone-runner-exec/builds/spart/work" -o "/var/lib/drone-runner-exec/builds/spart/out" -A SPART -L SPART -P SergeantBiggs .

Building the ISO.

- name: chown iso
  commands:
  - sudo chown -R drone-runner-exec:builders "/var/lib/drone-runner-exec/builds/spart/out/"
- name: move iso
  commands:
  - mv /var/lib/drone-runner-exec/builds/spart/out/*.iso /var/www/open.sgnt.link/iso/spart.iso

After that, we move the ISO to a web server. We can then download it once it is finished.

- name: delete work directory, repo and chroot
  commands:
  - sudo rm -rf /var/lib/drone-runner-exec/builds/spart/work/
  - sudo rm -rf /var/lib/drone-runner-exec/buildroot/
  - rm -rf /var/lib/drone-runner-exec/builds/spart/aur_repo/*
  when:
    status:
    - failure
    - success

After everything is finished, we delete the work directory and the chroot. The “when” part makes sure that this command is always executed, even if the build fails.

Here is the complete file, for reference:

kind: pipeline
type: exec
name: default

steps:
- name: create chroot
  commands:
  - mkdir /var/lib/drone-runner-exec/buildroot/
  - mkarchroot /var/lib/drone-runner-exec/buildroot/root base-devel
- name: download aur packages
  commands:
  - auracle download nwipe
  - auracle download unixbench
  - auracle download stress-ng
- name: build stress-ng
  commands:
  - cd stress-ng
  - makechrootpkg -c -r /var/lib/drone-runner-exec/buildroot/
- name: build unixbench
  commands:
  - cd unixbench
  - makechrootpkg -c -r /var/lib/drone-runner-exec/buildroot/ -- --syncdeps
- name: build nwipe
  commands:
  - cd nwipe
  - makechrootpkg -c -r /var/lib/drone-runner-exec/buildroot/
- name: build owper
  commands:
  - cd extra/owper/
  - makechrootpkg -c -r /var/lib/drone-runner-exec/buildroot/ -- --syncdeps
- name: add packages to repo
  commands:
  - find . -name '*pkg.tar.zst' -exec cp '{}' /var/lib/drone-runner-exec/builds/spart/aur_repo \;
  - cd /var/lib/drone-runner-exec/builds/spart/aur_repo/
  - repo-add localaur.db.tar.gz *.pkg.tar.zst
- name: build iso
  commands:
  - sudo mkarchiso -v -w "/var/lib/drone-runner-exec/builds/spart/work" -o "/var/lib/drone-runner-exec/builds/spart/out" -A SPART -L SPART -P SergeantBiggs .
- name: chown iso
  commands:
  - sudo chown -R drone-runner-exec:builders "/var/lib/drone-runner-exec/builds/spart/out/"
- name: move iso
  commands:
  - mv /var/lib/drone-runner-exec/builds/spart/out/*.iso /var/www/open.sgnt.link/iso/spart.iso
- name: delete work directory, repo and chroot
  commands:
  - sudo rm -rf /var/lib/drone-runner-exec/builds/spart/work/
  - sudo rm -rf /var/lib/drone-runner-exec/buildroot/
  - rm -rf /var/lib/drone-runner-exec/builds/spart/aur_repo/*
  when:
    status:
    - failure
    - success

trigger:
  branch:
  - main

And that’s that. I really love this setup. It enables me to add new features (packages, settings, etc) to my live system and build the ISO automatically. Afterwards, I can just download the image and copy it to my flash drive.

I hope you enjoyed reading this article!

Articles from blogs I read

Anubis works

That meme is not an understatement, Anubis has been deployed by the United Nations. For your amusement, here is how the inner monologue of me finding out about this went: AoiWhat. You can't be serious, can you?CadeyIt's real.…

via Xe Iaso's blog April 12, 2025

A Firefox addon for putting prices into perspective

I had a fun idea for a small project this weekend, and so I quickly put it together over the couple of days. The result is Price Perspective. Humor me: have you ever bought something, considered the price, and wondered how that price would look to someone el…

via Drew DeVault's blog April 4, 2025

I don't really like OIDC

I will look into this single sign-on protocol and figure out why it is so darn complicated.

via Ξ January 7, 2025

Announcing systemd v257

Last week we released systemd v257 into the wild. In the weeks leading up to this release (and the week after) I have posted a series of serieses of posts to Mastodon about key new features in this release, under the #systemd257 hash tag. In case you aren'…

via Pid Eins December 17, 2024

Generated by openring