initial commit
This commit is contained in:
commit
a906a3c9f6
|
@ -0,0 +1 @@
|
|||
output
|
|
@ -0,0 +1,2 @@
|
|||
out
|
||||
*.swp
|
|
@ -0,0 +1,8 @@
|
|||
FROM archlinux
|
||||
|
||||
RUN pacman -Syu --noconfirm archiso
|
||||
ADD configs /configs
|
||||
WORKDIR /
|
||||
|
||||
ENTRYPOINT ["/usr/bin/bash", "-x", "/usr/bin/mkarchiso", "-v", "-w", "/work", "-o", "/out"]
|
||||
CMD "/usr/share/archiso/configs/baseline"
|
|
@ -0,0 +1,14 @@
|
|||
# Known configs:
|
||||
# * airgap
|
||||
|
||||
.PHONY: default
|
||||
default: out/archlinux-baseline-arch-airgap-x86_64.iso
|
||||
|
||||
out/archlinux-baseline-arch-%-x86_64.iso: configs/%
|
||||
$(MAKE) docker-airgap-builder
|
||||
mkdir -p out
|
||||
docker run --rm --privileged --volume "$(PWD)/out:/out" airgap-builder $<
|
||||
|
||||
.PHONY: docker-airgap-builder
|
||||
docker-airgap-builder:
|
||||
docker build -t airgap-builder .
|
|
@ -0,0 +1,32 @@
|
|||
# Airgap NG
|
||||
|
||||
A slim version of Arch Linux intended to run on airgapped (always-offline)
|
||||
systems. The builder runs in Docker using privileged mode.
|
||||
|
||||
## Building
|
||||
|
||||
Requirements:
|
||||
|
||||
* `docker`
|
||||
* `make`
|
||||
|
||||
The default target is the `airgap` image, but a different one can be specified.
|
||||
|
||||
```sh
|
||||
config="airgap"
|
||||
make "out/archlinux-baseline-arch-${config}-x86_64.iso"
|
||||
```
|
||||
|
||||
## Flashing
|
||||
|
||||
Assuming your block device is `/dev/sdb`:
|
||||
|
||||
```sh
|
||||
pv < out/archlinux-baseline-arch-airgap-x86_64.iso | sudo dd of=/dev/sdb
|
||||
```
|
||||
|
||||
Alternatively, if `pv` is not installed, the following can be run:
|
||||
|
||||
```sh
|
||||
sudo dd if=out/archlinux-baseline-arch-airgap-x86_64.iso of=/dev/sdb
|
||||
```
|
|
@ -0,0 +1 @@
|
|||
LANG=C.UTF-8
|
|
@ -0,0 +1 @@
|
|||
/usr/share/zoneinfo/UTC
|
|
@ -0,0 +1 @@
|
|||
HOOKS=(base udev modconf archiso block filesystems)
|
|
@ -0,0 +1,8 @@
|
|||
# mkinitcpio preset file for the 'linux' package on archiso
|
||||
|
||||
PRESETS=('archiso')
|
||||
|
||||
ALL_kver='/boot/vmlinuz-linux'
|
||||
archiso_config='/etc/mkinitcpio.conf.d/archiso.conf'
|
||||
|
||||
archiso_image="/boot/initramfs-linux.img"
|
|
@ -0,0 +1 @@
|
|||
root::14871::::::
|
|
@ -0,0 +1 @@
|
|||
kernel.printk = 0 0 0 0
|
|
@ -0,0 +1,2 @@
|
|||
[Network]
|
||||
IPv6PrivacyExtensions=yes
|
|
@ -0,0 +1,13 @@
|
|||
[Match]
|
||||
# Matching with "Type=ether" causes issues with containers because it also matches virtual Ethernet interfaces (veth*).
|
||||
# See https://bugs.archlinux.org/task/70892
|
||||
# Instead match by globbing the network interface name.
|
||||
Name=en*
|
||||
Name=eth*
|
||||
|
||||
[Link]
|
||||
RequiredForOnline=routable
|
||||
|
||||
[Network]
|
||||
DHCP=yes
|
||||
MulticastDNS=yes
|
|
@ -0,0 +1,4 @@
|
|||
# Default systemd-resolved configuration for archiso
|
||||
|
||||
[Resolve]
|
||||
MulticastDNS=yes
|
|
@ -0,0 +1 @@
|
|||
/dev/null
|
|
@ -0,0 +1 @@
|
|||
/usr/lib/systemd/system/systemd-networkd.service
|
|
@ -0,0 +1 @@
|
|||
/usr/lib/systemd/system/systemd-resolved.service
|
|
@ -0,0 +1 @@
|
|||
/usr/lib/systemd/system/systemd-networkd-wait-online.service
|
|
@ -0,0 +1 @@
|
|||
/usr/lib/systemd/system/systemd-networkd.socket
|
|
@ -0,0 +1,6 @@
|
|||
# Allow systemd-networkd-wait-online to succeed with one interface, otherwise, if multiple network interfaces exist,
|
||||
# network-online.target gets needlessly delayed.
|
||||
# See https://wiki.archlinux.org/title/systemd-networkd#systemd-networkd-wait-online
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=/usr/lib/systemd/systemd-networkd-wait-online --any
|
|
@ -0,0 +1,2 @@
|
|||
arch-install-scripts
|
||||
base
|
|
@ -0,0 +1,4 @@
|
|||
title Airgap Arch Linux (x86_64, UEFI)
|
||||
linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
|
||||
initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
|
||||
options archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID%
|
|
@ -0,0 +1,2 @@
|
|||
timeout 3
|
||||
default 01-archiso-x86_64-linux.conf
|
|
@ -0,0 +1,105 @@
|
|||
# Load partition table and file system modules
|
||||
insmod part_gpt
|
||||
insmod part_msdos
|
||||
insmod fat
|
||||
insmod iso9660
|
||||
insmod ntfs
|
||||
insmod ntfscomp
|
||||
insmod exfat
|
||||
insmod udf
|
||||
|
||||
# Use graphics-mode output
|
||||
if loadfont "${prefix}/fonts/unicode.pf2" ; then
|
||||
insmod all_video
|
||||
set gfxmode="auto"
|
||||
terminal_input console
|
||||
terminal_output console
|
||||
fi
|
||||
|
||||
# Enable serial console
|
||||
insmod serial
|
||||
insmod usbserial_common
|
||||
insmod usbserial_ftdi
|
||||
insmod usbserial_pl2303
|
||||
insmod usbserial_usbdebug
|
||||
if serial --unit=0 --speed=115200; then
|
||||
terminal_input --append serial
|
||||
terminal_output --append serial
|
||||
fi
|
||||
|
||||
# Search for the ISO volume
|
||||
if [ -z "${ARCHISO_UUID}" ]; then
|
||||
if [ -z "${ARCHISO_HINT}" ]; then
|
||||
regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}"
|
||||
fi
|
||||
search --no-floppy --set=root --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}"
|
||||
probe --set ARCHISO_UUID --fs-uuid "${root}"
|
||||
fi
|
||||
|
||||
# Get a human readable platform identifier
|
||||
if [ "${grub_platform}" == 'efi' ]; then
|
||||
archiso_platform='UEFI'
|
||||
if [ "${grub_cpu}" == 'x86_64' ]; then
|
||||
archiso_platform="x64 ${archiso_platform}"
|
||||
elif [ "${grub_cpu}" == 'i386' ]; then
|
||||
archiso_platform="IA32 ${archiso_platform}"
|
||||
else
|
||||
archiso_platform="${grub_cpu} ${archiso_platform}"
|
||||
fi
|
||||
elif [ "${grub_platform}" == 'pc' ]; then
|
||||
archiso_platform='BIOS'
|
||||
else
|
||||
archiso_platform="${grub_cpu} ${grub_platform}"
|
||||
fi
|
||||
|
||||
# Set default menu entry
|
||||
default=archlinux
|
||||
timeout=15
|
||||
timeout_style=menu
|
||||
|
||||
|
||||
# Menu entries
|
||||
|
||||
menuentry "Airgap Arch Linux (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' {
|
||||
set gfxpayload=keep
|
||||
linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID}
|
||||
initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
|
||||
}
|
||||
|
||||
if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then
|
||||
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool {
|
||||
set gfxpayload=800x600,1024x768
|
||||
linux /boot/memtest86+/memtest.efi
|
||||
}
|
||||
fi
|
||||
if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then
|
||||
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool {
|
||||
set gfxpayload=800x600,1024x768
|
||||
linux /boot/memtest86+/memtest
|
||||
}
|
||||
fi
|
||||
if [ "${grub_platform}" == 'efi' ]; then
|
||||
if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then
|
||||
menuentry 'UEFI Shell' {
|
||||
chainloader /shellx64.efi
|
||||
}
|
||||
elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then
|
||||
menuentry 'UEFI Shell' {
|
||||
chainloader /shellia32.efi
|
||||
}
|
||||
fi
|
||||
|
||||
menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' {
|
||||
fwsetup
|
||||
}
|
||||
fi
|
||||
|
||||
menuentry 'System shutdown' --class shutdown --class poweroff {
|
||||
echo 'System shutting down...'
|
||||
halt
|
||||
}
|
||||
|
||||
menuentry 'System restart' --class reboot --class restart {
|
||||
echo 'System rebooting...'
|
||||
reboot
|
||||
}
|
|
@ -0,0 +1,73 @@
|
|||
# https://www.supergrubdisk.org/wiki/Loopback.cfg
|
||||
|
||||
# Search for the ISO volume
|
||||
search --no-floppy --set=archiso_img_dev --file "${iso_path}"
|
||||
probe --set archiso_img_dev_uuid --fs-uuid "${archiso_img_dev}"
|
||||
|
||||
# Get a human readable platform identifier
|
||||
if [ "${grub_platform}" == 'efi' ]; then
|
||||
archiso_platform='UEFI'
|
||||
if [ "${grub_cpu}" == 'x86_64' ]; then
|
||||
archiso_platform="x64 ${archiso_platform}"
|
||||
elif [ "${grub_cpu}" == 'i386' ]; then
|
||||
archiso_platform="IA32 ${archiso_platform}"
|
||||
else
|
||||
archiso_platform="${grub_cpu} ${archiso_platform}"
|
||||
fi
|
||||
elif [ "${grub_platform}" == 'pc' ]; then
|
||||
archiso_platform='BIOS'
|
||||
else
|
||||
archiso_platform="${grub_cpu} ${grub_platform}"
|
||||
fi
|
||||
|
||||
# Set default menu entry
|
||||
default=archlinux
|
||||
timeout=15
|
||||
timeout_style=menu
|
||||
|
||||
|
||||
# Menu entries
|
||||
|
||||
menuentry "Airgap Arch Linux (%ARCH%, ${archiso_platform})" --class arch --class gnu-linux --class gnu --class os --id 'archlinux' {
|
||||
set gfxpayload=keep
|
||||
linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux archisobasedir=%INSTALL_DIR% img_dev=UUID=${archiso_img_dev_uuid} img_loop="${iso_path}"
|
||||
initrd /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
|
||||
}
|
||||
|
||||
if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then
|
||||
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool {
|
||||
set gfxpayload=800x600,1024x768
|
||||
linux /boot/memtest86+/memtest.efi
|
||||
}
|
||||
fi
|
||||
if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then
|
||||
menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class gnu --class tool {
|
||||
set gfxpayload=800x600,1024x768
|
||||
linux /boot/memtest86+/memtest
|
||||
}
|
||||
fi
|
||||
if [ "${grub_platform}" == 'efi' ]; then
|
||||
if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then
|
||||
menuentry 'UEFI Shell' {
|
||||
chainloader /shellx64.efi
|
||||
}
|
||||
elif [ "${grub_cpu}" == "i386" -a -f '/shellia32.efi' ]; then
|
||||
menuentry 'UEFI Shell' {
|
||||
chainloader /shellia32.efi
|
||||
}
|
||||
fi
|
||||
|
||||
menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' {
|
||||
fwsetup
|
||||
}
|
||||
fi
|
||||
|
||||
menuentry 'System shutdown' --class shutdown --class poweroff {
|
||||
echo 'System shutting down...'
|
||||
halt
|
||||
}
|
||||
|
||||
menuentry 'System restart' --class reboot --class restart {
|
||||
echo 'System rebooting...'
|
||||
reboot
|
||||
}
|
|
@ -0,0 +1,5 @@
|
|||
base
|
||||
linux
|
||||
mkinitcpio
|
||||
mkinitcpio-archiso
|
||||
syslinux
|
|
@ -0,0 +1,98 @@
|
|||
#
|
||||
# /etc/pacman.conf
|
||||
#
|
||||
# See the pacman.conf(5) manpage for option and repository directives
|
||||
|
||||
#
|
||||
# GENERAL OPTIONS
|
||||
#
|
||||
[options]
|
||||
# The following paths are commented out with their default values listed.
|
||||
# If you wish to use different paths, uncomment and update the paths.
|
||||
#RootDir = /
|
||||
#DBPath = /var/lib/pacman/
|
||||
#CacheDir = /var/cache/pacman/pkg/
|
||||
#LogFile = /var/log/pacman.log
|
||||
#GPGDir = /etc/pacman.d/gnupg/
|
||||
#HookDir = /etc/pacman.d/hooks/
|
||||
HoldPkg = pacman glibc
|
||||
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
|
||||
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
|
||||
#CleanMethod = KeepInstalled
|
||||
Architecture = auto
|
||||
|
||||
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
|
||||
#IgnorePkg =
|
||||
#IgnoreGroup =
|
||||
|
||||
#NoUpgrade =
|
||||
#NoExtract =
|
||||
|
||||
# Misc options
|
||||
#UseSyslog
|
||||
#Color
|
||||
#NoProgressBar
|
||||
# We cannot check disk space from within a chroot environment
|
||||
#CheckSpace
|
||||
#VerbosePkgLists
|
||||
ParallelDownloads = 5
|
||||
|
||||
# By default, pacman accepts packages signed by keys that its local keyring
|
||||
# trusts (see pacman-key and its man page), as well as unsigned packages.
|
||||
SigLevel = Required DatabaseOptional
|
||||
LocalFileSigLevel = Optional
|
||||
#RemoteFileSigLevel = Required
|
||||
|
||||
# NOTE: You must run `pacman-key --init` before first using pacman; the local
|
||||
# keyring can then be populated with the keys of all official Arch Linux
|
||||
# packagers with `pacman-key --populate archlinux`.
|
||||
|
||||
#
|
||||
# REPOSITORIES
|
||||
# - can be defined here or included from another file
|
||||
# - pacman will search repositories in the order defined here
|
||||
# - local/custom mirrors can be added here or in separate files
|
||||
# - repositories listed first will take precedence when packages
|
||||
# have identical names, regardless of version number
|
||||
# - URLs will have $repo replaced by the name of the current repo
|
||||
# - URLs will have $arch replaced by the name of the architecture
|
||||
#
|
||||
# Repository entries are of the format:
|
||||
# [repo-name]
|
||||
# Server = ServerName
|
||||
# Include = IncludePath
|
||||
#
|
||||
# The header [repo-name] is crucial - it must be present and
|
||||
# uncommented to enable the repo.
|
||||
#
|
||||
|
||||
# The testing repositories are disabled by default. To enable, uncomment the
|
||||
# repo name header and Include lines. You can add preferred servers immediately
|
||||
# after the header, and they will be used before the default mirrors.
|
||||
|
||||
#[core-testing]
|
||||
#Include = /etc/pacman.d/mirrorlist
|
||||
|
||||
[core]
|
||||
Include = /etc/pacman.d/mirrorlist
|
||||
|
||||
#[extra-testing]
|
||||
#Include = /etc/pacman.d/mirrorlist
|
||||
|
||||
[extra]
|
||||
Include = /etc/pacman.d/mirrorlist
|
||||
|
||||
# If you want to run 32 bit applications on your x86_64 system,
|
||||
# enable the multilib repositories as required here.
|
||||
|
||||
#[multilib-testing]
|
||||
#Include = /etc/pacman.d/mirrorlist
|
||||
|
||||
#[multilib]
|
||||
#Include = /etc/pacman.d/mirrorlist
|
||||
|
||||
# An example of a custom package repository. See the pacman manpage for
|
||||
# tips on creating your own repositories.
|
||||
#[custom]
|
||||
#SigLevel = Optional TrustAll
|
||||
#Server = file:///home/custompkgs
|
|
@ -0,0 +1,21 @@
|
|||
#!/usr/bin/env bash
|
||||
# shellcheck disable=SC2034
|
||||
|
||||
iso_name="archlinux-baseline"
|
||||
iso_label="AIRGAP"
|
||||
iso_publisher="Distrust."
|
||||
iso_application="Airgap Linux"
|
||||
iso_version="arch-airgap"
|
||||
install_dir="arch"
|
||||
buildmodes=('iso')
|
||||
bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito'
|
||||
'uefi-ia32.grub.esp' 'uefi-x64.grub.esp'
|
||||
'uefi-ia32.grub.eltorito' 'uefi-x64.grub.eltorito')
|
||||
arch="x86_64"
|
||||
pacman_conf="pacman.conf"
|
||||
airootfs_image_type="squashfs"
|
||||
# airootfs_image_tool_options=('-zlzma,109' -E 'ztailpacking,fragments,dedupe')
|
||||
# airootfs_image_tool_options=('-zlzma,109' -E 'ztailpacking,fragments,dedupe')
|
||||
file_permissions=(
|
||||
["/etc/shadow"]="0:0:400"
|
||||
)
|
|
@ -0,0 +1,5 @@
|
|||
LABEL arch
|
||||
MENU LABEL Airgap Arch Linux (x86_64, BIOS)
|
||||
LINUX /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux
|
||||
INITRD /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux.img
|
||||
APPEND archisobasedir=%INSTALL_DIR% archisodevice=UUID=%ARCHISO_UUID%
|
|
@ -0,0 +1,9 @@
|
|||
SERIAL 0 115200
|
||||
UI menu.c32
|
||||
MENU TITLE Airgap Arch Linux
|
||||
MENU CLEAR
|
||||
|
||||
DEFAULT arch
|
||||
TIMEOUT 30
|
||||
|
||||
INCLUDE syslinux-linux.cfg
|
Loading…
Reference in New Issue