notes/source/blog/automaticcrm-iso.rst

165 lines
4.2 KiB
ReStructuredText

.. post:: 2019.08.10
:tags: howto,ubuntu,gnu/linux,installation
:category: gnu/linux
:author: vladan
:location: Belgrade
=========================
Custom Ubuntu Desktop ISO
=========================
Last week I got a task to create an Ubuntu ISO installer that should install
everything automatically, plus some other requirements listed below. This post
contains the steps taken to create the Ubuntu 18.04.2 installer according to
these requirements ...
* `Only one domain is allowed`_
* `No print screen functionality`_
* `No usb memory functionality`_
* `No access to the filesystem`_
* `No apps except browser`_
Set up the build environment
============================
.. code-block:: bash
mkdir disk
sudo mount -o ubuntu-18.04.2-desktop-amd64.iso disk
rsync --exclude=/casper/filesystem.squashfs -av disk/ livecd/
Set up the rootfs
=================
Create an nspawn container from the rootfs.
.. code-block:: bash
unsquashfs disk/casper/filesystem.squashfs
sudo systemd-nspawn \
--directory squashfs-root/ \
--bind ~/dev/automaticcrm/deb:/opt/deb \
--bind /etc/resolv.conf /bin/bash
No print screen functionality
-----------------------------
... and other unneeded software.
Once in the shell, run these commands to remove some extra software and install
Chrome.
.. code-block:: bash
apt-get update
apt-get -y purge \
usb-creator-common \
usb-creator-gtk \
thunderbird-gnome-support \
thunderbird \
remmina-common \
remmina \
remmina-plugin-rdp \
remmina-plugin-vnc \
firefox* \
libreoffice* \
alsa* \
cups* \
gnome-screenshot \
evince \
gedit
dpkg -i /opt/deb/google-chrome-stable_current_amd64.deb
Only one domain is allowed
--------------------------
To redirect all domains to localhost, except dev.automaticcrm.ai, create the
file ``/etc/dnsmasq.d/autocrm.conf`` with these lines:
.. code-block:: ini
address=/#/127.0.0.1
server=/DOMAIN/8.8.8.8
Add this line to /etc/dnsmasq.conf
.. code-block:: ini
conf-dir=/etc/dnsmasq.d
No usb memory functionality
---------------------------
.. code-block:: bash
printf "nblacklist uas\nblacklist usb_storage\n" >> /etc/modprobe.d/blacklist.conf
No apps except browser
----------------------
Override the path for all users.
Edit the desktop entry in ``/usr/share/xsessions/ubuntu.desktop`` so it starts
Chrome in fullscreen mode:
.. code-block:: ini
[Desktop Entry]
Name=Ubuntu
Comment=This session logs you into Ubuntu
Exec=env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/google-chrome --kiosk https://DOMAIN
Type=Application
DesktopNames=ubuntu:AutomaticCRM
X-Ubuntu-Gettext-Domain=gnome-session-3.0
.. note::
If you want to change the domain, edit this file and also enable it in the
dnsmqsq config above.
No access to the filesystem
---------------------------
Chrome opens in kiosk mode right after login, so there's no access to anything
whatsoever.
Create the ISO
==============
Pack the squashfs image and copy it to casper.
.. code-block:: bash
sudo mksquashfs squashfs-root/ livecd/casper/filesystem.squashfs
Recreate installation files and pack the ISO.
.. code-block:: bash
printf $(sudo du -sx --block-size=1 squashfs-root | cut -f1) > livecd/casper/filesystem.size
sudo systemd-nspawn --directory squashfs-root/ dpkg-query -W --showformat='${Package} ${Version}\n' > livecd/casper/filesystem.manifest
sudo cp livecd/casper/filesystem.manifest{,-desktop}
sudo rm livecd/md5sum.txt && sudo find livecd/ -type f -print0 | sudo xargs -0 md5sum | grep -v isolinux/boot.cat | sudo tee livecd/md5sum.txt
mkisofs -r \
-V "AutomaticCRM Ubuntu Linux" \
-cache-inodes \
-J -l -b isolinux/isolinux.bin \
-c isolinux/boot.cat -no-emul-boot \
-boot-load-size 4 \
-boot-info-table \
-o automaticcrm-ubuntu-18.04.2.iso livecd/
Test the installation in a vm
=============================
.. code-block:: bash
rm -f ubuntu.qcow2
qemu-img create -f qcow2 ubuntu.qcow2 40G
virsh define ./autocrm.xml && virsh start ubuntu18.04