Mindtwist.de

...let your mind twist!

How to create a custom Open BSD Live CD

This page describes the create-openbsd-livecd.sh shell script I wrote in June 2009. The script automatically fetches all necessary packages to create a minimal OpenBSD Live CD. During creation you get chrooted to a shell where you may further customize all installed packages and the configuration of the Live CD. Update August 2012: Got confirmation that the script still works with OpenBSD 5.1 32-bit.

Use Cases

The following scenarios describe some of the zillion possible use cases a customized Live CD has. But maybe you will find some inspiration in these scenarios...

Scenario 1

The administrator of a cybercafé wants to create a secure kiosk setup with immutable configuration. After a user session ends, the system should reset to a predefined and secure state.

Setup

After downloading the create-openbsd-livecd.sh, the administrator runs the script to download the latest OpenBSD packages from a local mirror. On the commandline the administrator selects a list of packages that should be added to the Live CD. During the creation process, the administrator gets chrooted to the Live CD environment and further configures the system. After the system runs as expected, the administrator exits the chroot environment and the whole setup gets written to an ISO file. The administrator burns the ISO file on a rewriteable disk and puts a CD in each client computer. After booting the ISO, the kiosk system securely runs as desired and may be reset anytime.

Scenario 2

The administrator of a secure internet server wants to make sure that the served content is immuteable and that nobody messes around with the servers configuration. Moreover the administrator wants to achieve that no log files are written to disk as this would be a security concern.

Setup

The administrator downloads the latest release of the create-openbsd-livecd.sh and runs it on an OpenBSD system. During the creation of the Live CD ISO, the administrator is put to a chrooted shell and copys the content to the environment. After configuring the server, the administrator leaves the chroot and the customized Live CD is created. After burning the data to disk, the administrator may boot any server with the bootable media. The administrator is assured that there are no log files that may survive the boot of the system.

Scenario 3

A teacher for information technology wants to create a custom *nix based environment for the students. The teacher wants to boot a Live CD environment over the net (PXE) so that after each boot, the students get a clean system for their work. Furthermore the teacher wants to explain deep *nix concepts so that the best and purest learning environment is based upon BSD instead of Linux.

Setup

After the download of the create-custom-livecd.sh script, the teacher runs it with the smallest set of packages so that the resulting ISO is small and boots fast over the net. Also the students are given only the tools they need for their work and no distracting utilities or even games. Within the chroot environment the teacher further tweaks the system for this special scenario. Within the presented shell the teacher tests all necessary applications and makes sure that all documentation is available and can be opened by the user accounts that the teacher creates for the students. After the teacher leaves the chroot shell, the remastered Live CD gets created. The teacher copies the Live CD to the PXE server of the classroom and knows that this setup will be reliable.

The Script

The script absolutely needs to be run from an OpenBSD system because you remaster the Live CD within a chrooted environment!

You may download the latest version of the script with the link below:

http://www.mindtwist.de/main/index.php?option=com_jdownloads&Itemid=999999&task=finish&cid=2&catid=3&m=0

Help

To get a sneak preview of the commandline options, have a look at the help:

# ./create-openbsd-livecd.sh -h                 

Usage: create-openbsd-livecd    [-A <arch>] [-h] [-M <major>] [-m <minor>] [-P <packages>]
                                [-S <sets>] [-T <timezone>] [-V] [-W <workdir>] [-U <url>]

This program creates an OpenBSD live cd and lets you customize it.
The software is released under BSD license. Use it at your own risk!
Copyright (c) 2009 Reiner Rottmann. Email: reiner[AT]rottmann.it

  -A :  select architecture (default: i386)
  -h :  give this help list
  -M :  select OpenBSD major version (default: 4)
  -m :  select OpenBSD minor version (default: 6)
  -P :  select additional packages to install
        (default: )
  -S :  select base sets (default: base etc man)
  -T :  select timezone (default: Europe/Berlin)
  -U :  select url of nearest OpenBSD mirror (default: http://ftp-stud.fht-esslingen.de/pub/OpenBSD/4.6/i386)
  -u :  select url of nearest OpenBSD from mirror list (requires wget)
  -V :  print version
  -W :  select working directory (default: /tmp/livecdx)

Example:
# create-openbsd-livecd -A i386 -M 4 -m 5 -W /tmp/livecd

Create a Custom Open BSD Live CD

The following example shows you how to use the create-openbsd-livecd.sh shell script to download all needed packages from the official OpenBSD mirrors and to customize your Live CD.

Please note that some output has been omitted.

# ./create-openbsd-livecd.sh -u -W /home/livecd
[*] OpenBSD LiveCD script
[*] This program creates an OpenBSD live cd and lets you customize it.
[*] The software is released under BSD license. Use it at your own risk!
[*] Copyright (c) 2009 Reiner Rottmann.
[*] This script is released under the BSD License.
OpenBSD openbsd.localdomain 4.6 GENERIC#58 i386
Mon Nov 30 19:05:34 CET 2009
[*] Setting up the build environment...
[*] Selecting OpenBSD mirror...
Please select mirror from the list below:
1. ftp://anga.funkfeuer.at/pub/OpenBSD
...
81. ftp://openbsd.ftp.fu-berlin.de/pub/OpenBSD
...
Your choice? : 81
ftp://openbsd.ftp.fu-berlin.de/pub/OpenBSD/4.6/i386
[*] Downloading files needed for CD Boot...
[*] Downloading file sets (base etc man)...
Connected to openbsd.ftp.fu-berlin.de.
220 OpenBSD.FTP.FU-Berlin.DE ready.
331 Anonymous login ok, send anything as password.
230 OpenBSD.FTP.FU-Berlin.DE login ok.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Type set to I
250 CWD command successful
Retrieving pub/OpenBSD/4.6/i386/base46.tgz
local: /home/livecd/base46.tgz remote: base46.tgz
150 Opening BINARY mode data connection for base46.tgz (48451674 bytes)
100% |*********************************************************************************************************************************************************************************| 47316 KB 00:40
226 Transfer complete.
48451674 bytes received in 40.67 seconds (1.14 MB/s)
221 Goodbye.
Connected to openbsd.ftp.fu-berlin.de.
220 OpenBSD.FTP.FU-Berlin.DE ready.
331 Anonymous login ok, send anything as password.
230 OpenBSD.FTP.FU-Berlin.DE login ok.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Type set to I
250 CWD command successful
Retrieving pub/OpenBSD/4.6/i386/etc46.tgz
local: /home/livecd/etc46.tgz remote: etc46.tgz
150 Opening BINARY mode data connection for etc46.tgz (515987 bytes)
100% |*********************************************************************************************************************************************************************************| 503 KB 00:00
226 Transfer complete.
515987 bytes received in 0.56 seconds (898.47 KB/s)
221 Goodbye.
Connected to openbsd.ftp.fu-berlin.de.
220 OpenBSD.FTP.FU-Berlin.DE ready.
331 Anonymous login ok, send anything as password.
230 OpenBSD.FTP.FU-Berlin.DE login ok.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Type set to I
250 CWD command successful
Retrieving pub/OpenBSD/4.6/i386/man46.tgz
local: /home/livecd/man46.tgz remote: man46.tgz
150 Opening BINARY mode data connection for man46.tgz (8240621 bytes)
100% |*********************************************************************************************************************************************************************************| 8047 KB 00:07
226 Transfer complete.
8240621 bytes received in 7.03 seconds (1.12 MB/s)
221 Goodbye.
[*] Extracting file sets (base etc man)...
[*] Deleting file set tarballs (base etc man)...
[*] Populating dynamic device directory...
[*] Creating boot configuration...
[*] Creating fstab entries...
[*] Creating motd file...
[*] Creating dhcp client configuration...
[*] Modifying rc.local...
[*] Modifying the library path...
livecd: ./create-openbsd-livecd.sh[487]: cannot create /home/livecd/etc/profile/.cshrc: No such file or directory
livecd: ./create-openbsd-livecd.sh[487]: cannot create /home/livecd/etc/profile/.profile: No such file or directory
[*] Using OpenDNS (208.67.220.220) in livecd environment...
[*] Installing additional packages...
[*] Entering livecd.
[*] Once you have finished your modifications, type "exit"
Tipps:
Packages can be managed easily with the help of several utilities, also referred to as the pkg* tools:
* pkg_add(1) - a utility for installing and upgrading software packages.
* pkg_delete(1) - a utility for deleting previously installed software packages.
* pkg_info(1) - a utility for displaying information about software packages.
* pkg_create(1) - a utility for creating software packages.
To fetch packages from the OpenBSD mirror, use the following command:
# export PKG_PATH=ftp://openbsd.ftp.fu-berlin.de/pub/OpenBSD/4.6/packages/i386
If you want to try out your software, you may encounter the following error message:
program: can't load library 'somelibrary'
To get rid of it, there is the following workaround:
export LD_LIBRARY_PATH=/usr/local/lib
/bin/ksh: No controlling tty (open /dev/tty: Device not configured)
/bin/ksh: warning: won't have full job control
# export PKG_PATH=ftp://openbsd.ftp.fu-berlin.de/pub/OpenBSD/4.6/packages/i386
# pkg_add thttpd
thttpd-2.25bp2: complete
# ^D
[*] Deleting sensitive information...
rm: root/.history: No such file or directory
rm: root/.viminfo: No such file or directory
rm: home/*/.history: No such file or directory
rm: home/*/.viminfo: No such file or directory
[*] Empty log files...
[*] Remove ports and src (only on live cd)...
[*] Removing ssh host keys...
rm: /home/livecd/etc/ssh/*key*: No such file or directory
[*] Saving creation timestamp...
[*] Saving default timezone...
ln: /home/livecd/etc/localtime: File exists
[*] Creating mfs-mount directories...
mkdir: /home/livecd/mfsdev: File exists
[*] Creating live-cd iso...
...
Size of boot image is 4 sectors -> No-emulation CD boot sector
1.97% done, estimate finish Mon Nov 30 19:28:02 2009
3.94% done, estimate finish Mon Nov 30 19:29:44 2009
...
98.45% done, estimate finish Mon Nov 30 19:31:34 2009
Total translation table size: 0
Total rockridge attributes bytes: 1758467
Total directory bytes: 5052416
Path table size(bytes): 22748
Max brk space used 0
253946 extents written (495 Mb)
[*] Your modified OpenBSD iso is in /home/livecd/livecd46-i386.iso
-rw-r--r-- 1 root wheel 496M Nov 30 19:31 /home/livecd/livecd46-i386.iso
[*] One final note: Please support the OpenBSD project by buying official cd sets or donating some money!
Mon Nov 30 19:31:37 CET 2009
[*] Done.


 

Linux Magazine

Linux Magazine News (path: lmi_news)