Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 12:32:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Extending T-Pot ISO Creator by ARM64 architecture

Browse source 
Still needs some finetuning, though :)
This commit is contained in:
t3chn0m4g3 2022-02-01 23:16:59 +00:00
parent b37178ba98
commit 6aa69e82aa
3 changed files with 154 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
iso/preseed/tpot.seed → iso/preseed/tpot_amd64.seed
View file

106
iso/preseed/tpot_arm64.seed Executable file
View file

@ -0,0 +1,106 @@
##############################################
### T-Pot Preseed Configuration File by mo ###
##############################################
####################
### Locale Selection
####################
#d-i debian-installer/country string DE
d-i debian-installer/language string en
d-i debian-installer/locale string en_US.UTF-8
d-i localechooser/preferred-locale string en_US.UTF-8
######################
### Keyboard Selection
######################
d-i console-setup/ask_detect boolean true
#d-i keyboard-configuration/layoutcode string de
d-i console-setup/detected note
#############################
### Unmount Active Partitions
#############################
#d-i preseed/early_command string umount /media || :
#########################
### Network Configuration
#########################
d-i netcfg/choose_interface select auto
d-i netcfg/dhcp_timeout string 60
d-i netcfg/get_hostname string t-pot
d-i netcfg/get_domain string
######################
### User Configuration
######################
d-i passwd/root-login boolean false
d-i passwd/make-user boolean true
d-i passwd/user-fullname string tsec
d-i passwd/username string tsec
d-i passwd/user-password-crypted password $1$jAw1TW8v$a2WFamxQJfpPYZmn4qJT71
d-i user-setup/encrypt-home boolean false
########################################
### Country Mirror & Proxy Configuration
########################################
#d-i mirror/country string manual
#d-i mirror/http/hostname string deb.debian.org
#d-i mirror/http/directory string /debian
#d-i mirror/http/proxy string
###################
# Suite to install
###################
#d-i mirror/suite string unstable
#d-i mirror/suite string testing
#d-i mirror/udeb/suite string testing
######################
### Time Configuration
######################
#d-i time/zone string Europe/Berlin
d-i clock-setup/utc boolean true
d-i time/zone string UTC
d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string debian.pool.ntp.org
##################
### Package Groups
##################
tasksel tasksel/first multiselect ssh-server
########################
### Package Installation
########################
d-i pkgsel/include string apache2-utils cracklib-runtime curl dialog figlet git grc libcrack2 libpq-dev lsb-release net-tools software-properties-common toilet
popularity-contest popularity-contest/participate boolean false
#################
### Update Policy
#################
d-i pkgsel/update-policy select unattended-upgrades
###############
### Boot Splash
###############
d-i debian-installer/quiet boolean false
d-i debian-installer/splash boolean false
#########################################
### Post install (Grub & T-Pot Installer)
#########################################
d-i preseed/late_command string \
### DEV
in-target git clone --depth=1 https://github.com/telekom-security/tpotce -b 22.x /opt/tpot; \
in-target sed -i 's/allow-hotplug/auto/g' /etc/network/interfaces; \
#in-target apt-get -y remove exim4-base; \
#in-target apt-get -y autoremove; \
cp /target/opt/tpot/iso/installer/rc.local.install /target/etc/rc.local; \
cp /target/opt/tpot/iso/installer -R /target/root/;
##########
### Reboot
##########
d-i nobootloader/confirmation_common note
d-i finish-install/reboot_in_progress note
d-i cdrom-detect/eject boolean true

70
makeiso.sh
View file

@ -5,15 +5,7 @@ export TERM=linux
# Let's define some global vars # Let's define some global vars
myBACKTITLE="T-Pot - ISO Creator" myBACKTITLE="T-Pot - ISO Creator"
#myMINIISOLINK="http://ftp.debian.org/debian/dists/testing/main/installer-amd64/current/images/netboot/mini.iso"
#myMINIISOLINK="https://d-i.debian.org/daily-images/amd64/daily/netboot/mini.iso"
# For stability reasons Debian Sid installation is built on a stable installer
### DEV ### DEV
#myMINIISOLINK="http://ftp.debian.org/debian/dists/buster/main/installer-amd64/current/images/netboot/mini.iso"
myMINIISOLINK="http://ftp.debian.org/debian/dists/bullseye/main/installer-amd64/current/images/netboot/mini.iso"
#myMINIISOLINK="http://ftp.debian.org/debian/dists/bullseye/main/installer-arm64/current/images/netboot/mini.iso"
myMINIISO="mini.iso"
myTPOTISO="tpot.iso"
myTPOTDIR="tpotiso" myTPOTDIR="tpotiso"
myTPOTSEED="iso/preseed/tpot.seed" myTPOTSEED="iso/preseed/tpot.seed"
myPACKAGES="dialog genisoimage syslinux syslinux-utils pv rsync udisks2 xorriso" myPACKAGES="dialog genisoimage syslinux syslinux-utils pv rsync udisks2 xorriso"
@ -80,13 +72,15 @@ function valid_ip()
return $stat return $stat
} }
# Let's ask if the user wants to run the script ... # Let's ask for the architecture and set VARs accordingly...
dialog --backtitle "$myBACKTITLE" --title "[ Continue? ]" --yesno "\nDownload latest supported Debian Mini ISO and build the T-Pot Install Image." 8 50 myARCH=$(dialog --backtitle "$myBACKTITLE" --title "[ Architecture ]" --menu "Please choose." 9 60 2 "amd64" "For x64 AMD / Intel CPUs" "arm64" "For Apple Silicon, 64 Bit ARM based CPUs" 3>&1 1>&2 2>&3 3>&-)
mySTART=$? if [ "$myARCH" == "" ];
if [ "$mySTART" = "1" ];
then then
exit exit
fi fi
myMINIISOLINK="http://ftp.debian.org/debian/dists/bullseye/main/installer-$myARCH/current/images/netboot/mini.iso"
myMINIISO="mini_$myARCH.iso"
myTPOTISO="tpot_$myARCH.iso"
# Let's load the default config file # Let's load the default config file
if [ -f $myCONF_DEFAULT_FILE ]; if [ -f $myCONF_DEFAULT_FILE ];
@ -210,19 +204,18 @@ fi
# Let's download Debian Minimal ISO # Let's download Debian Minimal ISO
if [ ! -f $myMINIISO ] if [ ! -f $myMINIISO ]
then then
wget $myMINIISOLINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian ... ]" --gauge "" 5 70; wget $myMINIISOLINK --progress=dot 2>&1 | awk '{print $7+0} fflush()' | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian for $myARCH ]" --gauge "" 5 70;
echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian ... Done! ]" --gauge "" 5 70; echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Downloading Debian for $myARCH ... Done! ]" --gauge "" 5 70;
# Need to rename after download or progresss bar does not work.
mv mini.iso $myMINIISO
else else
dialog --infobox "Using previously downloaded .iso ..." 3 50; dialog --infobox "Using previously downloaded .iso ..." 3 50;
fi fi
# Let's loop mount it and copy all contents # Let's extract ISO contents (using / to extract all from ISO root)
mkdir -p $myTMP $myTPOTDIR xorriso -osirrox on -indev $myMINIISO -extract / $myTPOTDIR
mount -o loop $myMINIISO $myTMP
rsync -a $myTMP/ $myTPOTDIR
umount $myTMP
# Let's modify initrd # Let's modify initrd and create a tmp for the initrd filesystem we need to modify
gunzip $myTPOTDIR/initrd.gz gunzip $myTPOTDIR/initrd.gz
mkdir $myTPOTDIR/tmp mkdir $myTPOTDIR/tmp
cd $myTPOTDIR/tmp cd $myTPOTDIR/tmp
@ -234,8 +227,15 @@ cd ..
# Let's add the files for the automated install # Let's add the files for the automated install
mkdir -p $myTPOTDIR/tmp/opt/ mkdir -p $myTPOTDIR/tmp/opt/
cp iso/installer -R $myTPOTDIR/tmp/opt/ cp iso/installer -R $myTPOTDIR/tmp/opt/
# Isolinux is only necessary for AMD64
if [ "$myARCH" = "amd64" ];
then
cp iso/isolinux/* $myTPOTDIR/ cp iso/isolinux/* $myTPOTDIR/
cp iso/preseed/tpot.seed $myTPOTDIR/tmp/preseed.cfg else
sed -i "s#menuentry 'Install'#menuentry 'Install T-Pot 22.x (ARM64)'#g" $myTPOTDIR/boot/grub/grub.cfg
fi
# For now we need architecture based preseeds
cp iso/preseed/tpot_$myARCH.seed $myTPOTDIR/tmp/preseed.cfg
# Let's create the new initrd # Let's create the new initrd
cd $myTPOTDIR/tmp cd $myTPOTDIR/tmp
@ -245,13 +245,33 @@ gzip initrd
rm -rf tmp rm -rf tmp
cd .. cd ..
# Let's create the new .iso # Since ARM64 needs EFI we need different methods to build the ISO
cd $myTPOTDIR cd $myTPOTDIR
xorrisofs -gui -D -r -V "T-Pot" -cache-inodes -J -l -b isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -o ../$myTPOTISO ../$myTPOTDIR 2>&1 | awk '{print $1+0} fflush()' | cut -f1 -d"." | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot .iso ... ]" --gauge "" 5 70 0 if [ "$myARCH" == "amd64" ];
echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot .iso ... Done! ]" --gauge "" 5 70 then
# Create AMD64 .iso
xorrisofs -gui -D -r -V "T-Pot $myARCH" \
-cache-inodes -J -l -b isolinux.bin \
-c boot.cat -no-emul-boot -boot-load-size 4 \
-boot-info-table \
-o ../"$myTPOTISO" ../"$myTPOTDIR" 2>&1 | awk '{print $1+0} fflush()' | cut -f1 -d"." | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot $myARCH .iso ... ]" --gauge "" 5 70 0
echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot $myARCH .iso ... Done! ]" --gauge "" 5 70
cd .. cd ..
isohybrid $myTPOTISO isohybrid $myTPOTISO
sha256sum $myTPOTISO > tpot.sha256 else
# Create ARM64 .iso
xorriso -as mkisofs -r -V "T-Pot $myARCH" \
-J -joliet-long -cache-inodes \
-e boot/grub/efi.img \
-no-emul-boot \
-append_partition 2 0xef boot/grub/efi.img \
-partition_cyl_align all \
-o ../"$myTPOTISO" \
../"$myTPOTDIR"
echo 100 | dialog --backtitle "$myBACKTITLE" --title "[ Building T-Pot $myARCH .iso ... Done! ]" --gauge "" 5 70
cd ..
fi
sha256sum $myTPOTISO > "tpot_$myARCH.sha256"
# Let's write the image # Let's write the image
while true; while true;