Customizing SLAX may be the way to do this. It appears to have a method for modifying a start up script which will allow first time boots to create an encrypted primary partition with info from the user (luks password, possibly also prompting them to change the password on second boot or something), then The config info for the network can be pivoted in (along with all of the startup scripts and applications for testing the net).

Another thing to look for here is forcing the programs to auto-update (this may be built in). I think some testing needs to be done of this distro.

I looked a bit more into SLAX which seems well suited for creating a customized easily deployable live distro. In addition to that it seems even better suited to being a live distro that can create other live distros. One downside is that there are not currently any asterisk modules, this has to be built in after the fact. One distro, Slast supposedly was a Slax asterisk live distro that comes with the Digium Asterisk GUI which I had never seen before, but plan on evaluating. I will update as I test this all out.

Slax it is.

Slax may not be the best choice because of difficulties with getting a asterisk module in there. It is too difficult to built in support for this, plus we loose all the benefits of modern distributions security teams and updates. I have started some work with using (Ubuntu LiveCDs)[https://help.ubuntu.com/community/LiveCDCustomization].

2011-03-07

• Build in asterisk, compile statically

  • asterisk build options --prefix=/opt/asterisk-1.8.2.4 --disable-xmldoc LDFLAGS=-static this is harder then expected. It appears you need the development libs but even then there seems to be problems. I can not find anything decent on the net about other people doing this either. Started thinking that the SLAX idea needs to get abandoned for Ubuntu live usb.

• AsteriskNOW is just a customized Cent0S install.

• There is a live distro called ubuntu privacy remix that seems to have the base of what we want, but it has no networking capabilities??? https://www.privacy-cd.org/

• There is also Ubuntu Mini Remix, which can then later be customized with uck or reconstructor. UCK only works with desktop versions , but has backend scripts for building isos (this seems like the easiest way to script the building of the distro), and reconstructor is a pay for service that lets you customize the ubuntu distro from their site. All of this can be accomplished manually with: https://help.ubuntu.com/community/LiveCDCustomizationFromScratch or https://help.ubuntu.com/community/LiveCDCustomization, https://help.ubuntu.com/community/LiveCD/Persistence

  • After reading through the documentation it looks like preparing the cd is pretty easy. Coupled with the tools from uck this should all be able to be scripted pretty easy. Is this what upr did? Or did they roll up their own uck functionality?

  • The steps pretty much look like: uck-remaster-unpack-iso - to unpack the desktop/mini to a work space modify the background: https://help.ubuntu.com/community/LiveCDCustomization#Custom%20Backgroun... upgrade all packages install new packages: openvpn, the sip client can we steal some of the code from UPR for building truecrypt? (later version) add the custom config pack the iso install truecrypt to usb key install customized os to outer volume and mini to the hidden, or just put junk here?

  • using uck-gui with a desktop edition did not produce a bootable iso. In both qemu and vmware we got the following message on boot: Initializing gfxcode graphics initialization failed Error setting up gfxboot boot:

2011-02-24

• Started looking into creating a custom build for an asterisk module. Also looked at the sollutions provided by Slast and AsteriskNow.

  • asterisk build options --prefix=/opt/asterisk-1.8.2.4 --disable-xmldoc
  • built this into a lzm and got it on the boot disk, but it never got unpacked? It unpacked after boot with lzm2dir, but did not start because it was missing some dependencies: libcrypt0.so.0.9.8, libssl.so.0.9.8, and libc.so.6 (GLIBC_2.8). I am not sure how likely it is to get these dependencies met. Can we build statically?

• slast-1.4.2-beta1 overview:

  • based on an older version of slax that uses .mo modules that requires linuxlive scripts that I dont have on my system and don't appear to be in the package repos.
  • Asterisk functionality is split into a few seperate modules: a modified kernel, festival, asterisk-1.4.2, asterisk-addons, asterisk-core-sounds, asterisk-gui (the web application frontend for asterisk configuration), libpri, and sox.
  • It has a utility for saving changes made to the system with configsave and configrestore. Theses may comein handy later if we don't use the persistent FS option with slax.
  • A real simple network configuration script.
  • X does not work out of the box
  • This could be easily customized.

• slast-1.4.18.1-2 overview:

  • No nice hints on boot up.
  • X works out of the box with a nicely configured desktop
  • asterisk 1.4.18.1
  • uses the Debian live system, which does seem to have active support: http://live.debian.net

2011-02-23

• The IDE disk idea does not seem to be working. Slax just hangs when it gets to a certain point in booting the system. For some reason this worked with a scsi disk that was created by vmware. Additionally tested modifying the lilo splash screen to get the system automatically into X when booting using the make_usb.sh utility. Made a fix to the make_usb.sh script where it wasn't using the image specified by the user.

2011-02-20

• pushed changes to the server

• Did a little more research on virtual disk creation. There is no way to boot off a usb drive natively in vmware (unsure how this would be done in KVM/Qemu as well). There is a tool for creating disk images, qemu-img, but there is no way to build a fs on it (though I think there is with esx server). USB drives can be booted off when they are specified as physical disk drives. Alternatively, you can create a disk image, boot from the iso (as cdrom), then use the tools from the OS to create a partition and FS (mkdosfs) on the image that is attached as a HD. From there vmware-mount can be used to work with the drive on the host OS.

  • Got the script copying the new slax files to the vmdk device, but I can't seem to boot it?? what gives? I may have been forgetting to boot this to persistent storage.

• Using this technique is totally the way to test dev on usb. In addition these steps when automated are very similar to what will need to be done for creating client usb keys from the manager app. There is a slax module called "Install SLAX on USB" that is a shell script for automating the process of setting up a usb drive and getting slax on it.

2011-02-19

• Realized the reason we are having those issues is cause we are using a virtual iso, which is ro in its nature. I don't really get how to use a disk image as a usb device in vmware, but we should be ableto use a actual device.

• Spent a little bit of time trying to get this working in KVM, but I am new there too and I think this is a one off scenario.

2011-02-18

• Continued working on persistent storage

  • Look into what comprises the module. This is just a bunch of symbolic links and a startup script. I added bash debugging so we can see what is going on. The module is configured by adding overrides to /etc/persistent.conf Turns out the system does not know about ext4 FS. There was also a complaint about this being a readonly fs. Not sure why this is happening, but I changed the uid/gid of the file to be 0/0. There was an issue where the loop devices are configured to be read only. Im not sure why this is, but I modified the persistent script to make the loopdevice rw. There is still some issue that is causing this to revert to a RO fs. Now that I think about it, this probably has something to do with the fact that we are testing on a virtual cdrom and should be testing on a virtual usbstick.

  • Can we get this working with the changes cheatcode?

2011-02-17

• Figure out a way to get persistent storage with SLAX

  • http://live-developers.sourceforge.net/tools/persistent/
  • How does this work with encrypted root?
  • I think there is a way to embed the slax os in a truecrypt partition. This may be the simple-ist solution.
  • downloaded and installed the persistent module, but have yet to get it to work. I may have to dig deeper into it

• Got a custom splash page up and running. Still need to change the menu font on this as it is a bit difficult to read. But maybe this is unimportant because we will have one recomended way of booting into the system.

2011-03-08

• Booted the live ubuntudisk, could not determined the neither asterisk, or openvpn are installed

• It looks like the options can be updated by modifying the iso and re-running grub.

2011-03-09

• Looked through the instructions again: https://help.ubuntu.com/community/LiveCDCustomization,

• Work on making a small change and testing

  • apt-get update/upgrade, install openvpn and asterisk

  • Do we need to rebuild the initrd after building the dkms kernel driver???

  • Used uck-gui to build in support for openvpn, but we will still have to customize the whole mess to get asterisk support in there. When doing this the universe repos have to be enabled via the command line. Then asterisk can be installed. After installation go pack to the command line and kill asterisk, then complete the installation.

  • used the uck example scripts to automate what we are trying to do here, but it complains when trying to find the initrd. Submitted a question for this: https://answers.launchpad.net/uck/+question/148497

  • Should have read all the way through the documentation. It looks like we can not create a squashfs (the fs used for the live files system) for 10.10 on 10.04 as the kernel needs to be the same. We have two solutions to this We can do all work from a virtual machine of 10.10, we can back port the livecd to 10.04, or we can upgrade our laptop to 10.10.

  • restarted with 10.04.2 desktop

  • There was an issue with upgrading the packages on the rootfs from a chroot in that it needed its own instance of dbus, but this was already running on the host operating system. This was taken care of by stopping dbus and doing it from the command line. I wonder how this is handled by the uck scripts?

  • Installing asterisk requires enabling the universe repository. Then installation of the dkms kernel driver fails because it tries to build the modules against the kernel of the host operating systeminstead of the kernel of the target OS. This was resolved by setting the KVERS environment variable in the shell.

  • Copied over the new kernel and initrd to the iso from the rootfs

• How will we do encrypted storage? Truecrypt? It looks like encrypted rootfs is not possible with truecrypt. This is better done anyhow with luks on the persistent storage. Luks instructions: http://steve-parker.org/articles/luks/ Persistance: https://help.ubuntu.com/community/LiveCD/Persistence

• Looked at how the ubuntu rescue disk is made and see if I can customize that?

• Work on making a small change and testing

  • remaster the remaster-root dir with /usr/bin/uck-remaster-pack-rootfs.
    This performs all of the operations here.
  • Remaster the iso with uck-remaster-pack-iso
  • The live system had both openvpn and asterisk on it, but I think that
    the asterisk kernel modules were not loaded/installed.
  • There was an additional step that needed to be performed which was copying the kernel and initrd from remaster-rootfs/boot to remaster-iso/casper.
  • Read up on some docs for creating persistent encrypted storage.
  • I was advised to upgrade the uck version I am using to get better reliability.

• Submitted a question to the uck team regarding the issue I had yesterday where the uck-gui process failed after asterisk was installed

• test scripts with newest version of uck

  • Installed uck 2.4.3
  • Noticed that running as root gives the error message that I had earlier reported here
  • The customization script should modify the syslinux boot files to customize for OD

• Get persistent storage in OD working, this is working but as a labeled vmware disk

  • Can we get this working with the iso? No, because vmware treats the iso as a cdrom. It seems that we lost the changes made to the rootfs in this process as well. Full encrypted persistent storage for the OD-server may be difficult to achieve (as it will require some juggling around on boot), but this will not be a problem for the clients as they will be created by the OD-server.

  • A few ideas

  • Create the image on a partition from Live CD from Scratch Docs
  • Build out the root-fs (tmp/remaster-root)
  • Create squashfs-root and copy to the iso dir sudo mksquashfs tmp/remaster-root/ tmp/remaster-iso/casper/filesystem.squashfs -e boot (cd image && find . -type f -print0 | xargs -0 md5sum | grep -v "./md5sum.txt" > md5sum.txt)
  • copy custom kerenel, initrd, and modify casper as needed actually not sure if this is necesary
  • copy the iso dir to the usb sudo cp -a tmp/remaster-iso/* /mnt/usb/ cd /mnt/usb sudo mkdir boot sudo mv isolinux boot/extlinux sudo mv boot/extlinux/isolinux.cfg boot/extlinux/extlinux.conf sudo extlinux --install boot/extlinux/ cd ..

  • make the usb bootable

  • Add a casper-rw file. This is our ideal situation. Does this go in the squash fs, or on the iso? This def doesn't work on a virtual cdrom and on a disk image I can't even get it to boot. Does this boot and / or work from an actual usb device?

  • label the usb partition as casper-rw
  • While looking around at the casper initrd scripts I noticed a few things that will help us out furthur down the line. scripts/casper specifies the name of the persistent-root (casper-rw), persistent-home (home-rw), username to autologin as (casper), line 430 is right around where we would patch to support luks on a file.+ Add a second partition for casper-rw

• Here is a neat trick for testing a usb device without rebooting linux:

kvm -drive file=/dev/sdc,boot=on

This gets us to the boot screen, but does not actually get us booting the system (after hitting enter for OD we just get two dots). But this may work after we get the kinks worked out.

• Continue working on persistent storage for bootable media

  • We can't seem to get a vm instance working for persistent storage
  • Can we get an actual usb stick working? How?

  • I tried this with a SanDisk u3 device and it did not work, though extlinux seemed to come up, but it never found the kernel to boot. This may be helpful in getting u3 devices booting

  • Thinking that this might be an issue with our version of OD, I tried just using usb-cdcreator-gtk which worked fine including persistent storage, but I am not sure if the persistent storage that worked was the storage I built into OD or if it was the storage built in by usb-creator-gtk. This stick ended up dieing shortly after this.

  • We need to figure out the difference between the steps taken by USBC and the manual steps from here

    • USBC implements usb persistence in method install::create_persistence from file /usr/share/pyshared/usbcreator/install.py. After adding some debug statements to determine the exaxct dd and mfs commands used I discovered that this makes a file in the root directory of the usb disk:

  dd if=/dev/zero bs=1M of=/media/093E-7CC8/casper-rw count=128

  then makes and ext3 filesystem on it:

  mkfs.ext3 -F /media/093E-7CC8/casper-rw

  But how is this different then us putting the casper-rw file directly onto the iso then copying the files to the usb??? Im realizing that the problem may not be with creating the persistent storage but with how the bootloader is installed. The bootloader is installed on linux via a D-Bus service implemented in /usr/share/usb-creator/usb-creator-helper by a method called USBCreator::InstallBootloader by executing the commands:

  
    dd if=/usr/lib/syslinux/mbr.bin bs=446 count=1 of=/dev/sdc conv=sync
    /sbin/parted /dev/sdc set 1 boot on
    

  on windows I guess this executes

  
    syslinux -fma /dev/sdc1
    

  which uses flags that don't exist on linux

  There is also a method called mangle_syslinux that appears to be doing some work.

  • test manual creation out again
    • doing this with the steps above caused the usb system to display

  
      Disk I/O Error Replace the disk and then press any key
      

  After replacing the disk and pressingany key I got

  
      Err2Err3
      

  • using the syslinux technique got me the syslinux prompt without the OD kernel.

  • copying all the isolinux files as per the instructions on the live cd from scratch docs then running isolinux on the usb device gets the proper bootscreen but then after boot the os never loads. We get dropped to initramfs from busybox with the following message: Unable to find medium containing a live filesystem. Is this an error with persistent storage? I think this is very clearly an issue of the isolinux trying to boot from a cdrom. This is possibly an issue of the cd kernel not having the drivers it needs.

• Continued work on customizing the bootscreen

  • Created a HB boot splash and merged the boot configuration we were using in the slax version. None of these worked except for the isolinux.txt addition. We still got the same ol ubuntu boot animation (no HB slash!). This is really all handled by gfxboot, and this is a can of worms I am not looking forward to opening.

  • changed syslinux/syslinux.cfg: default vesamenu.c32 to default live which did not work.

  • changed syslinux/splash.pcx to the HB logo which did not work

  • It's almost certain that these changes need to get integrated into the bootlogo file.

• Go through the creation of a bootable USB manually again. -swapped 4 and 3 by accident, but dont think it should matter

  • Still getting the initramfs "unable to find medium containing filesystem" message.

• Check out /usr/share/pyshared/usbcreator/install.py:install for algorithim.

  • remove a bunch of pre-existing files
  • remove_extras()

  • install_bootloader(): This operates via the D-Bus mechanisim:

    dd if=/usr/lib/syslinux/mbr.bin bs=446 count=1 of=/dev/sdc conv=sync
    /sbin/parted /dev/sdc set 1 boot on
    

  • Copy all files from source to destination

  • mangle_syslinux():

    mv isolinux syslinux
    mv syslinux/isolinux.cfg syslinux/syslinux.cfg
    

  Read in all lines of all files ending in syslinux/*cfg except for gfxboot.cfg and insert "persistent cdrom-detect/try-usb=true noprompt" to appropriate i boot lines

  • create_persistence(): as per

    dd if=/dev/zero bs=1M of=/media/093E-7CC8/casper-rw count=128
    mkfs.ext3 -F /media/093E-7CC8/casper-rw
    

This is kind of set in stone now. OD will be an ubuntu remix...yay!

The notes above were just added cause I did not know where else to put them