Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian Development (http://www.linux-archive.org/debian-development/)
-   -   support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images) (http://www.linux-archive.org/debian-development/557087-support-installing-unconfigured-systems-vm-images-debian-live-images-preinstalled-mobile-tablet-images.html)

Paul Wise 07-26-2011 10:03 AM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
Hi all,

One big problem with existing live images, VM images, "cloud" images
and images for mobile/tablet devices outside of Debian has been the
provision of OpenSSH private keys within the image file. Obviously
this is a huge fail.

I was talking with Daniel Baumann about how Debian Live approaches
this problem and I think he said Debian Live has some scripts to
remove them after installation.

We were thinking that it might be nice to add support to
openssh-server for installing the package, not generating the host
keys and then generating them on first boot. debconf pre-seeding could
be one way to do that, but it would be quite specific and a more
general solution might be desirable.

So, I was wondering if anyone has any ideas on this topic?

On a related note, an "OEM" mode for d-i is something I believe we
currently lack. Requirements for this would be the above "unconfigured
systems" idea plus some on-boot UI to configure the system (timezone,
users, etc).

--
bye,
pabs

http://wiki.debian.org/PaulWise


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAKTje6H3_Rvxkt226zJBqzGZBhZRP2GAHry0nFSvWyes=Q3gY w@mail.gmail.com">http://lists.debian.org/CAKTje6H3_Rvxkt226zJBqzGZBhZRP2GAHry0nFSvWyes=Q3gY w@mail.gmail.com

Jonas Smedegaard 07-26-2011 10:18 AM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
On 11-07-26 at 12:03pm, Paul Wise wrote:
> One big problem with existing live images, VM images, "cloud" images
> and images for mobile/tablet devices outside of Debian has been the
> provision of OpenSSH private keys within the image file. Obviously
> this is a huge fail.
>
> I was talking with Daniel Baumann about how Debian Live approaches
> this problem and I think he said Debian Live has some scripts to
> remove them after installation.
>
> We were thinking that it might be nice to add support to
> openssh-server for installing the package, not generating the host
> keys and then generating them on first boot. debconf pre-seeding could
> be one way to do that, but it would be quite specific and a more
> general solution might be desirable.
>
> So, I was wondering if anyone has any ideas on this topic?

Uhm, I did have an idea for this, but have forgotten it again now.

Cc'ing Hector who might recall our discussion on this exact issue a few
weeks ago...


- Jonas

--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/

[x] quote me freely [ ] ask before reusing [ ] keep private

Moritz Mühlenhoff 07-26-2011 10:23 AM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
Paul Wise <pabs@debian.org> schrieb:
> So, I was wondering if anyone has any ideas on this topic?

I would suggest a package such as "debian-oem-prep", which
contains an init script, which tests a file such a
/etc/wipe-all-traces-on-next-boot. If that files exists, all
sensitive host data like existing SSH hosts is being removed,
and debconf being fired up to configure a new host and domain
name. Also, it could execute script files from
/etc/debian-oem-prep.d (which allow additional site-specific
OEM customisation). Once debian-oem-prep is done, the
/etc/wipe-all-traces-on-next-boot is removed.

If anyone wants to prepare a OEM image, he would simply
install debian-oem-prep, touch /etc/wipe-all-traces-on-next-boot
and shutdown the virtual machine.

Cheers,
Moritz



--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: slrnj2t5dg.ah1.jmm@inutil.org">http://lists.debian.org/slrnj2t5dg.ah1.jmm@inutil.org

Daniel Baumann 07-26-2011 10:28 AM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
On 07/26/2011 12:03 PM, Paul Wise wrote:
> I was talking with Daniel Baumann about how Debian Live approaches
> this problem and I think he said Debian Live has some scripts to
> remove them after installation.

no rocket science involved, we simply just remove them during build
(live-build) and create them during bootup (live-config).

although it would be nice if openssh would offer a way to skip the key
creation in postinst, in an ideal world, we would have a generic way of
skipping anything not suitable for such situations by exporting some
variable that would skip these things or only run these things
(depending on if you're building or running the system).

since the only way to do this is a policy change/addition/$whatever, i'd
be very happy to use this, but i've no energy to drive it.

--
Address: Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email: daniel.baumann@progress-technologies.net
Internet: http://people.progress-technologies.net/~daniel.baumann/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4E2E96C7.2090201@progress-technologies.net">http://lists.debian.org/4E2E96C7.2090201@progress-technologies.net

Daniel Baumann 07-26-2011 10:30 AM

support for installing unconfigured systems (VM images, Debian Live images, preinstalled mobile/tablet images)
 
On 07/26/2011 12:23 PM, Moritz Mühlenhoff wrote:
> I would suggest a package such as "debian-oem-prep", which
> contains an init script, which tests a file such a
> /etc/wipe-all-traces-on-next-boot. If that files exists, all
> sensitive host data like existing SSH hosts is being removed,
> and debconf being fired up to configure a new host and domain
> name.

this is re-inventing the wheel; the stuff should not be generated in the
first place by the package, and the best way to decide which stuff
shouldn't be generated is to have the maintainer of the package care
about this in the very same package (see my other mail).

--
Address: Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email: daniel.baumann@progress-technologies.net
Internet: http://people.progress-technologies.net/~daniel.baumann/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4E2E9745.8090904@progress-technologies.net">http://lists.debian.org/4E2E9745.8090904@progress-technologies.net


All times are GMT. The time now is 11:40 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.