feat: enable secureboot

mvallim · Sep 8, 2024 · 61ca760 · 61ca760
1 parent c9709f6
commit 61ca760
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 35 deletions.
diff --git a/README.md b/README.md
@@ -34,10 +34,9 @@ Install packages we need in the `build system` required by our scripts.
 
 ```shell
 sudo apt-get install \
-    binutils \
-    debootstrap \
-    squashfs-tools \
-    xorriso
+   debootstrap \
+   squashfs-tools \
+   xorriso
 ```
 
 ```shell
@@ -799,6 +798,7 @@ After everything has been installed and preconfigured in the **chrooted** enviro
 
    ```shell
    cd $HOME/live-ubuntu-from-scratch/image
+   ```
 
 2. Create iso from the image directory using the command-line
 
@@ -807,25 +807,26 @@ After everything has been installed and preconfigured in the **chrooted** enviro
       -as mkisofs \
       -iso-level 3 \
       -full-iso9660-filenames \
+      -J -J -joliet-long \
       -volid "Ubuntu from scratch" \
       -output "../ubuntu-from-scratch.iso" \
-      -eltorito-boot boot/grub/bios.img \
-         -no-emul-boot \
-         -boot-load-size 4 \
-         -boot-info-table \
-         --eltorito-catalog boot/grub/boot.cat \
-         --grub2-boot-info \
-         --grub2-mbr ../chroot/usr/lib/grub/i386-pc/boot_hybrid.img \
-      -eltorito-alt-boot \
-         -e EFI/efiboot.img \
-         -no-emul-boot \
+     -eltorito-boot boot/grub/bios.img \
+      -no-emul-boot \
+      -boot-load-size 4 \
+      -boot-info-table \
+      --eltorito-catalog boot/grub/boot.cat \
+      --grub2-boot-info \
+      --grub2-mbr ../chroot/usr/lib/grub/i386-pc/boot_hybrid.img \
+     -eltorito-alt-boot \
+      -e EFI/efiboot.img \
+      -no-emul-boot \
       -append_partition 2 0xef isolinux/efiboot.img \
       -m "isolinux/efiboot.img" \
       -m "isolinux/bios.img" \
-      -graft-points \
-         "/EFI/efiboot.img=isolinux/efiboot.img" \
-         "/boot/grub/bios.img=isolinux/bios.img" \
-         "."
+     -graft-points \
+      "/EFI/efiboot.img=isolinux/efiboot.img" \
+      "/boot/grub/bios.img=isolinux/bios.img" \
+      "."
    ```
 
 ## Alternative way, if previous one fails, create an Hybrid ISO
@@ -868,17 +869,24 @@ After everything has been installed and preconfigured in the **chrooted** enviro
 
    ```shell
    apt install -y syslinux-common && \
-   cp /usr/lib/ISOLINUX/isolinux.bin isolinux/ && \
-   cp /usr/lib/syslinux/modules/bios/* isolinux/
+   cp /usr/lib/ISOLINUX/isolinux.bin image/isolinux/ && \
+   cp /usr/lib/syslinux/modules/bios/* image/isolinux/
+   ```
+
+3. Access build directory
+
+   ```shell
+   cd $HOME/live-ubuntu-from-scratch/image
    ```
 
-3. Create iso from the image directory
+4. Create iso from the image directory
 
    ```shell
    sudo xorriso \
       -as mkisofs \
       -iso-level 3 \
       -full-iso9660-filenames \
+      -J -J -joliet-long \
       -volid "Ubuntu from scratch" \
       -output "../ubuntu-from-scratch.iso" \
     -isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin \

diff --git a/scripts/build.sh b/scripts/build.sh
@@ -3,7 +3,6 @@
 set -e                  # exit on error
 set -o pipefail         # exit on pipeline error
 set -u                  # treat unset variable as error
-#set -x
 
 SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
 
@@ -99,7 +98,7 @@ function check_config() {
 function setup_host() {
     echo "=====> running setup_host ..."
     sudo apt update
-    sudo apt install -y binutils debootstrap squashfs-tools xorriso dosfstools unzip
+    sudo apt install -y debootstrap squashfs-tools xorriso
     sudo mkdir -p chroot
 }
 
@@ -160,25 +159,26 @@ function build_iso() {
         -as mkisofs \
         -iso-level 3 \
         -full-iso9660-filenames \
+        -J -J -joliet-long \
         -volid "$TARGET_NAME" \
-        -eltorito-boot boot/grub/bios.img \
+        -output "$SCRIPT_DIR/$TARGET_NAME.iso" \
+      -eltorito-boot boot/grub/bios.img \
         -no-emul-boot \
         -boot-load-size 4 \
         -boot-info-table \
         --eltorito-catalog boot/grub/boot.cat \
         --grub2-boot-info \
         --grub2-mbr ../chroot/usr/lib/grub/i386-pc/boot_hybrid.img \
-        -eltorito-alt-boot \
+      -eltorito-alt-boot \
         -e EFI/efiboot.img \
         -no-emul-boot \
         -append_partition 2 0xef isolinux/efiboot.img \
-        -output "$SCRIPT_DIR/$TARGET_NAME.iso" \
         -m "isolinux/efiboot.img" \
         -m "isolinux/bios.img" \
-        -graft-points \
-           "/EFI/efiboot.img=isolinux/efiboot.img" \
-           "/boot/grub/bios.img=isolinux/bios.img" \
-           "."
+      -graft-points \
+         "/EFI/efiboot.img=isolinux/efiboot.img" \
+         "/boot/grub/bios.img=isolinux/bios.img" \
+         "."
 
     popd
 }

diff --git a/scripts/chroot_build.sh b/scripts/chroot_build.sh
@@ -3,7 +3,6 @@
 set -e                  # exit on error
 set -o pipefail         # exit on pipeline error
 set -u                  # treat unset variable as error
-#set -x
 
 SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
 
@@ -107,7 +106,6 @@ function install_pkg() {
         laptop-detect \
         os-prober \
         network-manager \
-        resolvconf \
         net-tools \
         wireless-tools \
         wpagui \
@@ -150,14 +148,13 @@ function install_pkg() {
 
     # final touch
     dpkg-reconfigure locales
-    dpkg-reconfigure resolvconf
 
     # network manager
     cat <<EOF > /etc/NetworkManager/NetworkManager.conf
 [main]
-rc-manager=resolvconf
+rc-manager=none
 plugins=ifupdown,keyfile
-dns=dnsmasq
+dns=systemd-resolved
 
 [ifupdown]
 managed=false