Notes on remastering an Ubuntu CD

Why would you want to do this?

I want to take the Hoary CD, remove all the graphical stuff, install a preseed ("answers") file for the installer, add some components from universe, and have a nice neat firewall-on-a-CD.

Procedure

Copy the CD to your hard drive. Important: Remember there is a folder called .disk in the root of the CD, which you will miss copying if you use 'cp /cdrom/*', as bash(1) will expand it without the dotfile.

Changing the logo

You can replace the splash screen (in isolinux/) with a LSS-format file; the best way is to start with a GIF and read the syslinux splash screen HOWTO.

Create a preseed file

Start at the Ubuntu Installation Guide for how to preseed your install.

Ask less questions at the installer phase

In the isolinux.cfg file in isolinux/, add a line somewhat like

LABEL firewall
  kernel /install/vmlinuz
  append preseed/file=/cdrom/preseed/firewall.seed preseed/locale=en_NZ kbd-chooser/method=us \
  vga=normal initrd=/install/initrd.gz ramdisk_size=12288 root=/dev/rd/0 rw --

Three important additions tell debian-installer how to behave:

preseed/file=/cdrom/preseed/firewall.seed

Load debconf information from this seed file

preseed/locale=en_NZ

Specify language and country

kbd-chooser/method=us

Specify keyboard mapping (note - this is different in Ubuntu to what's published about sarge)

Changing the packages on the CD

This is the trickiest part, as everything is GPG signed, and your GPG key isn't installed by default. So, to change any of the data on the CD (ie to add your own packages or to remove packages from main), you need to:

• create your own GPG key
• (optional) import the ubuntu-archive keyring
• export your keyring
• replace the ubuntu-archive keyring with yours
• recompile the ubuntu-keyring package
• put it on the CD

You have two options; either do your edits in the 'main' respository on the CD, or create an 'extras' repository. Either way, you will have to create your own ubuntu-keyring package; if you use an 'extras' repository then you can just put a higher numbered version in there, which the installer will prefer.

If you want to remove packages from the CD (for a firewall I don't need Xorg or GNOME), you can remove the files; apt uses the Packages file for its cache, and not the files on the disc, so assuming you don't try and install Xorg or GNOME, you'll be OK. In my case, immediately upon installation, the sources.list file will change not to refer to the CD, so I could safely delete packages and ignore that the Packages file thinks they're there. It's not the best practice however, so you might want to consider creating a new Packages file and updating the Release file for main (see below).

Putting your packages in the pool directory structure

I preloaded a machine with everything extra I wanted, so all the packages were in /var/cache/apt/archive.

You can use mini-dinstall, apt-move(8) or apt-ftparchive(1) to move these into a pool/ directory structure - none of them are simple, and I've only found out so far how to use apt-move into a 'fake repository', where I just copy the structure. Some input can be found here. I'll update this as I have information.

Put your pool directory structure in pool/extra/.

Create an Extras component

If you're using amd64 or powerpc, replace 'i386' with the correct platform name in this and all relevant instructions.

In dists/, mkdir extras and extras/binary-i386. Each component must have a Release file telling apt which component this is. copy main/binary-i386/Release to extras/binary-i386/Release and edit it to refer to Component: extras instead of main.

Creating Packages file for your components

apt-ftparchive(1) packages will generate a Packages file. Use apt-ftparchive packages pool/main/ > dists/hoary/main/binary-i386/Packages - this has to be done from the root of the CD image, so paths are relative to that (ie pool/main/l/linux-source/linux-image-i386.foo.deb). Scanning packages can take some time.

You can gzip the file to create a Packages.gz, but this is only for speed when doing an apt-get update, so you might not bother on a CD.

Creating a Release file

In dists/hoary you need to have a Release file, which refers to all the other Packages/Release files in the repository. The file also contains the SHA1 and MD5 sums for each file. You generate this (from dists/hoary) with apt-ftparchive release .

Looking at the original Release file, you see there there are lots of other fields set. To set these, create a config file for apt-ftparchive, which includes each word with APT::FTPArchive::Release:: prepended. I generated mine with head -9 Release | grep -v ^Date | sed 's/: / "/' | sed 's/^/APT::FTPArchive::Release::/' | sed 's/$/";/' > apt.conf and you add it into the apt-ftparchive commandline with -c apt.conf

Create a signature for the Release file

You need to create an Release.gpg file, with an ASCII armoured signature for the master Release file in dists/hoary. Use gpg --output Release.gpg -ba Release and sign with the signing key you created earlier.

Build your CD

• b/-c paths are relative to your filepath (in my case, firewall-image contains my Ubuntu CD image): mkisofs -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -J -hide-rr-moved -o firewall-2.0.iso -R firewall-image/

Burn your CD

Record the ISO with your method of choice; I record to an IDE CD writer with a 10x rewritable (I burn over this a lot. :), so I use the commandline cdrecord dev=ATA:0,1,0 --blank=fast --speed=10 -tao firewall-2.0.iso

Boot off it and test

Now you're at the end of the process; you should have a bootable CD, which will ask you less questions, and only install a minimal system.

TODO: add commands for installing other packages/link to preseed file