feat: new workflow to build the iso image of the distro

omar-besbes · Sep 14, 2024 · ab5cc1a · ab5cc1a
1 parent baccd8d
commit ab5cc1a
Show file tree

Hide file tree

Showing 2 changed files with 242 additions and 0 deletions.
diff --git a/.github/workflows/build-iso.yaml b/.github/workflows/build-iso.yaml
@@ -0,0 +1,106 @@
+name: Build Remastered ISO
+
+on:
+  pull_request:
+  workflow_dispatch:
+    inputs:
+      iso_image_url:
+        description: 'URL of the Debian netinstall ISO'
+        type: string
+        required: false
+
+jobs:
+  desktop-debian-stable:
+    runs-on: ubuntu-latest
+    environment: build-iso-image
+
+    env:
+      ISO_IMAGE_URL: ${{ github.event.inputs.iso_image_url || vars.ISO_IMAGE_URL }}
+      REMASTERED_ISO_IMAGE: preseed-debian-netinst-amd64.iso
+      ORIGINAL_ISO_IMAGE: debian-netinst.iso
+      PRESEED_FILE_TEMPLATE: preseed.txt.template
+      PRESEED_FILE: preseed.txt
+      ISO_FILES_DIR: isofiles
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: |
+            ${{ env.PRESEED_FILE_TEMPLATE }}
+          sparse-checkout-cone-mode: false
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y cpio isolinux xorriso
+
+      - name: Download Debian netinstall ISO
+        run: |
+          curl -L ${{ env.ISO_IMAGE_URL }} -o ${{ env.ORIGINAL_ISO_IMAGE }}
+
+      - name: Extract ISO files
+        run: |
+          mkdir ${{ env.ISO_FILES_DIR }}
+          sudo xorriso -osirrox on -indev ${{ env.ORIGINAL_ISO_IMAGE }} -extract / /media/debian-netinst
+          cp -rT /media/debian-netinst ${{ env.ISO_FILES_DIR }}
+
+      - name: Generate preseed file
+        run: |
+          sed -e "s/\${ROOT_PASSWORD}/${{ secrets.ROOT_PASSWORD }}/g" \
+              -e "s/\${USER_FULLNAME}/${{ vars.USER_FULLNAME }}/g" \
+              -e "s/\${USERNAME}/${{ vars.USERNAME }}/g" \
+              -e "s/\${USER_PASSWORD}/${{ secrets.USER_PASSWORD }}/g" \
+              ${{ env.PRESEED_FILE_TEMPLATE }} > ${{ env.PRESEED_FILE }}
+
+      - name: Modify initrd and add preseed file
+        env:
+          INSTALL_DIR: ${{ env.ISO_FILES_DIR }}/install.amd
+        run: |
+          chmod +w -R ${{ env.INSTALL_DIR }}
+          gunzip ${{ env.INSTALL_DIR }}/initrd.gz
+          echo ${{ env.PRESEED_FILE }} | cpio -H newc -o -A -F ${{ env.INSTALL_DIR }}/initrd
+          gzip ${{ env.INSTALL_DIR }}/initrd
+          chmod -w -R ${{ env.INSTALL_DIR }}
+
+      - name: Regenerate md5sum.txt
+        working-directory: ${{ env.ISO_FILES_DIR }}
+        env:
+          CI: ""
+        run: |
+          chmod +w md5sum.txt
+          find -follow -type f ! -name md5sum.txt -print0 | xargs -0 md5sum > md5sum.txt
+          chmod -w md5sum.txt
+
+      - name: Create new bootable ISO
+        env:
+          ORIGINAL_ISO: ${{ env.ORIGINAL_ISO_IMAGE }}
+          NEW_FILES: ${{ env.ISO_FILES_DIR }}
+          NEW_ISO: ${{ env.REMASTERED_ISO_IMAGE }}
+          MBR_TEMPLATE: /usr/lib/ISOLINUX/isohdpfx.bin
+        run: |
+          # Extract MBR template file to disk
+          dd if=${{ env.ORIGINAL_ISO }} bs=1 count=432 of=${{ env.MBR_TEMPLATE }}
+
+          # Create the new ISO image
+          xorriso \
+            -as mkisofs \
+            -r -V 'Debian amd64' \
+            -o ${{ env.NEW_ISO }} \
+            -J -joliet-long -cache-inodes \
+            -isohybrid-mbr ${{ env.MBR_TEMPLATE }} \
+            -b isolinux/isolinux.bin \
+            -c isolinux/boot.cat \
+            -boot-load-size 4 -boot-info-table -no-emul-boot \
+            -eltorito-alt-boot \
+            -e boot/grub/efi.img \
+            -no-emul-boot -isohybrid-gpt-basdat -isohybrid-apm-hfsplus \
+            ${{ env.NEW_FILES }}
+
+      - name: Upload ISO artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: remastered-iso
+          path: ${{ env.REMASTERED_ISO_IMAGE }}
+          if-no-files-found: warn
+          retention-days: 7
diff --git a/preseed.txt.template b/preseed.txt.template
@@ -0,0 +1,136 @@
+#_preseed_V1
+#### Contents of the preconfiguration file (for bookworm)
+
+### Localization
+###########################################
+d-i debian-installer/language string en
+d-i debian-installer/country string TN
+d-i debian-installer/locale string en_GB.UTF-8
+
+# Keyboard selection.
+d-i keyboard-configuration/xkb-keymap select fr
+
+# Network configuration
+###########################################
+
+# netcfg will choose an interface that has link if possible. This makes it
+# skip displaying a list if there is more than one interface.
+d-i netcfg/choose_interface select auto
+
+# Any hostname and domain names assigned from dhcp take precedence over
+# values set here. However, setting the values still prevents the questions
+# from being shown, even if values come from dhcp.
+d-i netcfg/get_hostname string ${USERNAME}-pc
+d-i netcfg/get_domain string home
+
+# Disable that annoying WEP key dialog.
+d-i netcfg/wireless_wep string
+# The wacky dhcp hostname that some ISPs use as a password of sorts.
+#d-i netcfg/dhcp_hostname string radish
+
+# If non-free firmware is needed for the network or other hardware, you can
+# configure the installer to always try to load it, without prompting. Or
+# change to false to disable asking.
+#d-i hw-detect/load_firmware boolean true
+
+### Mirror settings
+###########################################
+
+# Mirror protocol:
+# If you select ftp, the mirror/country string does not need to be set.
+# Default value for the mirror protocol: http.
+#d-i mirror/protocol string ftp
+d-i mirror/country string manual
+d-i mirror/http/hostname string deb.debian.org
+d-i mirror/http/directory string /debian
+d-i mirror/http/proxy string
+
+### Account setup
+###########################################
+
+# Root password encrypted using a crypt(3) hash.
+# `mkpasswd -m sha-512` to generate a SHA-512 based crypt(3) hash for a password.
+d-i passwd/root-password-crypted password ${ROOT_PASSWORD}
+
+# To create a normal user account.
+d-i passwd/user-fullname string ${USER_FULLNAME}
+d-i passwd/username string ${USERNAME}
+# Root password encrypted using a crypt(3) hash.
+# `mkpasswd -m sha-512` to generate a SHA-512 based crypt(3) hash for a password.
+d-i passwd/user-password-crypted password ${USER_PASSWORD}
+
+### Clock and time zone setup
+###########################################
+
+# Controls whether or not the hardware clock is set to UTC.
+d-i clock-setup/utc boolean true
+
+# You may set this to any valid setting for $TZ; see the contents of
+# /usr/share/zoneinfo/ for valid values.
+d-i time/zone string Africa/Tunis
+
+# Controls whether to use NTP to set the clock during the install
+d-i clock-setup/ntp boolean true
+
+### Apt setup
+###########################################
+
+# You can choose to install non-free firmware.
+#d-i apt-setup/non-free-firmware boolean true
+# You can choose to install non-free and contrib software.
+#d-i apt-setup/non-free boolean true
+#d-i apt-setup/contrib boolean true
+# Select which update services to use; define the mirrors to be used.
+# Values shown below are the normal defaults.
+d-i apt-setup/services-select multiselect security, updates
+d-i apt-setup/security_host string security.debian.org
+
+### Package selection
+###########################################
+
+tasksel tasksel/first multiselect standard, gnome-desktop
+
+# Individual additional packages to install
+d-i pkgsel/include string sudo
+
+# You can choose, if your system will report back on what software you have
+# installed, and what software you use. The default is not to report back,
+# but sending reports helps the project determine what software is most
+# popular and should be included on the first CD/DVD.
+popularity-contest popularity-contest/participate boolean false
+
+### Boot loader installation
+###########################################
+# Grub is the boot loader (for x86).
+
+# This is fairly safe to set, it makes grub install automatically to the UEFI
+# partition/boot record if no other operating system is detected on the machine.
+d-i grub-installer/only_debian boolean true
+
+# This one makes grub-installer install to the UEFI partition/boot record, if
+# it also finds some other OS, which is less safe as it might not be able to
+# boot that other OS.
+d-i grub-installer/with_other_os boolean true
+
+### Finishing up the installation
+###########################################
+
+# Avoid that last message about the install being complete.
+d-i finish-install/reboot_in_progress note
+
+### Preseeding other packages
+###########################################
+
+# Depending on what software you choose to install, or if things go wrong
+# during the installation process, it's possible that other questions may
+# be asked. You can preseed those too, of course. To get a list of every
+# possible question that could be asked during an install, do an
+# installation, and then run these commands:
+#   debconf-get-selections --installer > file
+#   debconf-get-selections >> file
+
+#### Advanced options
+# This command installs sudo and adds user ${USERNAME} to the sudo group.
+d-i preseed/late_command string \
+    apt-install sudo; \
+    in-target usermod -aG sudo ${USERNAME}