.. post:: 2019.08.10 :tags: howto,ubuntu,gnu/linux,installation :category: gnu/linux :author: vladan :location: Belgrade ========================= Custom Ubuntu Desktop ISO ========================= Last week I got a task to create an Ubuntu ISO installer that should install everything automatically, plus some other requirements listed below. This post contains the steps taken to create the Ubuntu 18.04.2 installer according to these requirements ... * `Only one domain is allowed`_ * `No print screen functionality`_ * `No usb memory functionality`_ * `No access to the filesystem`_ * `No apps except browser`_ Set up the build environment ============================ .. code-block:: bash mkdir disk sudo mount -o ubuntu-18.04.2-desktop-amd64.iso disk rsync --exclude=/casper/filesystem.squashfs -av disk/ livecd/ Set up the rootfs ================= Create an nspawn container from the rootfs. .. code-block:: bash unsquashfs disk/casper/filesystem.squashfs sudo systemd-nspawn \ --directory squashfs-root/ \ --bind ~/dev/automaticcrm/deb:/opt/deb \ --bind /etc/resolv.conf /bin/bash No print screen functionality ----------------------------- ... and other unneeded software. Once in the shell, run these commands to remove some extra software and install Chrome. .. code-block:: bash apt-get update apt-get -y purge \ alsa* \ cups* \ evince \ firefox* \ gedit \ gnome-screenshot \ libreoffice* \ remmina* \ rhythmbox* \ thunderbird* \ usb-creator-common \ usb-creator-gtk \ dpkg -i /opt/deb/google-chrome-stable_current_amd64.deb Only one domain is allowed -------------------------- To redirect all domains to localhost, except DOMAIN, create the file ``/etc/dnsmasq.d/autocrm.conf`` with these lines: .. code-block:: ini address=/#/127.0.0.1 server=/DOMAIN/8.8.8.8 Add this line to /etc/dnsmasq.conf .. code-block:: ini conf-dir=/etc/dnsmasq.d No usb memory functionality --------------------------- .. code-block:: bash printf "nblacklist uas\nblacklist usb_storage\n" >> /etc/modprobe.d/blacklist.conf No apps except browser ---------------------- Override the path for all users. Edit the desktop entry in ``/usr/share/xsessions/ubuntu.desktop`` so it starts Chrome in fullscreen mode: .. code-block:: ini [Desktop Entry] Name=Ubuntu Comment=This session logs you into Ubuntu Exec=env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/google-chrome --kiosk https://DOMAIN Type=Application DesktopNames=ubuntu:AutomaticCRM X-Ubuntu-Gettext-Domain=gnome-session-3.0 No access to the filesystem --------------------------- Chrome opens in kiosk mode right after login, so there's no access to anything whatsoever. Create the ISO ============== Pack the squashfs image and copy it to casper. .. code-block:: bash sudo mksquashfs squashfs-root/ livecd/casper/filesystem.squashfs Recreate installation files and pack the ISO. .. code-block:: bash printf $(sudo du -sx --block-size=1 squashfs-root | cut -f1) > livecd/casper/filesystem.size sudo systemd-nspawn --directory squashfs-root/ dpkg-query -W --showformat='${Package} ${Version}\n' > livecd/casper/filesystem.manifest sudo cp livecd/casper/filesystem.manifest{,-desktop} sudo rm livecd/md5sum.txt && sudo find livecd/ -type f -print0 | sudo xargs -0 md5sum | grep -v isolinux/boot.cat | sudo tee livecd/md5sum.txt mkisofs -r \ -V "AutomaticCRM Ubuntu Linux" \ -cache-inodes \ -J -l -b isolinux/isolinux.bin \ -c isolinux/boot.cat -no-emul-boot \ -boot-load-size 4 \ -boot-info-table \ -o automaticcrm-ubuntu-18.04.2.iso livecd/ Test the installation in a vm ============================= .. code-block:: bash rm -f ubuntu.qcow2 qemu-img create -f qcow2 ubuntu.qcow2 40G virsh define ./autocrm.xml && virsh start ubuntu18.04