Finnix introduction, grub-loopback-iso RFS

[Ryan Finnie]

[Copying both debian-live and debian-derivatives, as while this is
mostly an introduction to debian-live, it's of interest to
debian-derivatives as well.]

Greetings!  I am the creator of Finnix, a sysadmin-focused console
utility LiveCD which has been around since 2000 (and based on Debian
since 2005), and today released Finnix 120[0] after a 5 year hiatus[1].

Previous versions of Finnix were based on a bespoke build system, but
for Finnix 120, I used live-build (specifically the updated version in
sid) with new inserted Finnix-specific hooks.  For example, for divert
e.g. os-release (though I understand there is work in progress to make
distro information in base-files programatic), to give a root getty
instead of a user, to build SSH keys when ssh.service is started as
opposed to on boot, etc.  But for the most part, it's live-build with a
custom package set and Finnix branding.

Anyway, after release, a friend came to me and asked if I planned on
updating grub-finnix, an old GRUB hook which allowed for Finnix ISO
booting.  I was about to reply that that's been obsolete for years and
that they should just use grub-loopback-iso since nearly everything
supports the loopback.cfg standard...  But then realized 1) I wrote
grub-loopback-iso as the successor to grub-finnix, and 2) for some
reason I never finished getting it upstreamed.

The original ITP, Bug #693774 has been unarchived and reopened[2], I've
updated grub-loopback-iso to remove some assumptions since 2012 (EFI!
Hybrid ISOs!) and brought up to modern lintian --pedantic[3], tested
(confirmed it works fine with all debian-live-based setups), and
uploaded to mentors.debian.net[4].

As I am a DM and not a full DD, would anybody be willing to sponsor
grub-loopback-iso?

Thanks,
Ryan Finnie

[0] https://blog.finnix.org/2020/05/14/finnix-120-released/
[1] Yes, I will update the Derivatives census before pabs yells at me. :)
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693774
[3] https://github.com/finnix/grub-loopback-iso-pkg
[4] https://mentors.debian.net/package/grub-loopback-iso



signature.asc
Description: OpenPGP digital signature

Debian utility live distribution (was Re: ThinkPad laptops preinstalled Linux)

[Ryan Finnie]

Quoth pabs:
> On Fri, Jun 5, 2020 at 7:46 PM Philip Hands wrote:
>
> > Of course, Grml isn't a direct output of the Debian project, so perhaps
> > people might take issue with having that as the "Debian Recovery
> > Option", but it is closely based on Debian, and includes a couple of
> > ways of installing vanilla Debian, having booted into Grml.
>
> Debian used to publish a "recovery" variant of Debian Live, but that
> was dropped due to lack of maintenance at one point. I note there are
> several Debian derivatives producing rescue/recovery live media (Grml,
> rescatux, Finnix come to mind), I wonder if any of them would be
> interested in forming a new Debian rescue/recovery team to publish
> console and GUI recovery variants of Debian Live images.

As the developer of Finnix, I'm open to a few ideas and this will be a
bit of a ramble going off in a few directions.  But first, a bit of an
introduction.  Finnix is a utility Live CD, in production since 2000[0].
 I recently released Finnix 120[1] after a 4+ year gap, but thanks to
the updated work of Debian's live-build by Lyndon Brown making it easier
to maintain a derivative[2], I've committed to regular releases again.

Finnix's goals are feed into one another:

- Text-based live distribution.
- Boot to root shell prompt as quickly as possible.
- As many system utilities as possible.
- Relatively small size.

Grml's goals are similar but we diverge on a couple of philosophies, but
that's perfectly fine.  To that end, I think a first-party (to Debian)
utility live distribution would be fine as well.

Let's say Debian wants to do a utility live distribution, using Finnix's
goals as a model.  So let's start with a package list, which is simple
to do based on Finnix's list[3], and could easily become e.g. a
live-task-utility metapackage to go along with the rest of the
live-task-* packages.  I would be willing to maintain such a
metapackage, to keep it from going stale.

Now, pretty much the only other thing the Finnix build repository[4]
does is execute some hooks; everything else is wrapping live-build.
Those hooks are[5]:

- systemd: Defines finnix.target.  Also disables as many services as
possible in the name of speed.  For example lm-sensors.service since
lm-sensors is installed; the service does nothing in Finnix, but these
take a bit of time to do nothing and add up.
- bash-profile: Makes a stylized PS1, couple other aliases/tweaks.
- distro: Standard derivative distro info diversions.
- getty: One of the largest changes IMHO.  Strips out the non-superuser
getty generator and puts in its own getty overrides to go straight to
root bash prompt.
- gpm: Sets up and enables a gpm service for useful console mouse access.
- live-config: Finnix-specific live-config defaults, and disables
openssh-server key generation (see below).
- remove-packages: Currently removes rsyslog in favor of having no
syslog (just systemd's journal).
- ssh: Overrides ssh.service so key generation is done if the user tries
to start ssh.service, as opposed to at boot time, saving seconds if the
user has no intention of starting an SSH server.  Also sets up a
per-user shared SSH agent, to be shared by the multiple VTYs.
- s390-kernel: Heh.  Currently a hack to get around s390x kernel + QEMU
currently being broken in sid[6], it manually downloads a vanilla-ish
kernel from Ubuntu.
- recompress: Something hacky that I'm quite proud of: it goes through
all .gz files in the chroot, decompresses them and recompresses them at
level 0 (gzip header + original data).  It also needs to mess around
with the dpkg md5sums as a result.  Why?  mksquashfs xz produces better
compression than stacked gz + mksquashfs xz, so a larger looking
internal chroot results in a smaller overall ISO.

Which of those hook modifications would be needed for a Debian utility
live distribution?  Arguably, none, as they all fall under 1) branding,
2) efficiency/speed, or 3) convenience.  IMHO they are all useful to
Finnix, but some of the features would be nice to upstream to Debian,
such as the recompression logic, shared console SSH agents, etc.  But I
imagine things such as an automatic root prompt would be a source of
contention for an official Debian image, so it would make more sense for
it to boot into the standard live user.

I would be willing to discuss a utility distribution with Debian Live.
One complication is the current live builds don't use live-build, but
instead live-wrapper which AIUI doesn't even use live-build at its core
anymore.  I certainly haven't had a chance to look at it, nonetheless.
Currently the sid live-build is the only system I "know", and if I were
to step up to maintaining a Debian utility live distribution (for
anything beyond a dependency metapackage), I would need to learn the
current system.


[0] Making it the oldest Live CD still in production, and one of the
first few full stop, after DemoLinux and LinuxCare's BBC off the top of
my head.  Maybe Yggdrasil's installer if you wa

Re: Replacing live-wrapper for live images by live-build?

[Ryan Finnie]

On 4/20/21 1:17 AM, Raphael Hertzog wrote:

live-build and its development community is in a relatively good shape but
we are lacking volunteers to care about the generation of release ISO for
the end users because all the current developers are using the tool for
their own need.


100% agree on this assessment. The work by the live-build devs over the 
last year or so (particularly by Roland, Raphaël, Luca and Lyndon) have 
been invaluable, and is the entire reason the Finnix project is still 
around (I was literally within a day of announcing the end of Finnix 
about a year ago, before I looked at live-build and went "I can work 
with this").


That being said, it's a tool which can be used to produce live media. 
It's so open-ended that there's an entire repository which is used to 
assemble the invocation of `lb` and configuration to build Finnix, and 
it currently has, umm, 23 additional Finnix-specific hooks[0].


This is not a problem with live-build -- the fact that live-build allows 
me to make produced images look and function exactly how I'd like is why 
I'm using it, as Raphaël points out, for my own need.



That kind of position with responsibilities requires some amount of trust
so it's not clear to me what are the requirements for the person that
would be volunteering (that is if she isn't a Debian developer already).


Yeah, the tool is in a decent place (minus the areas Roland pointed 
out), but needs one or more people with the organizational drive to use 
this tool (or another tool, for argument's sake) to manage the final 
output of Debian live media, and that seems to be what's been lacking 
over the years.


(Sadly, that person is not me, but if we get such a person, I'd be 
willing to help with an official Debian utility image.  This was 
actually one of the exit strategies I was considering last year w/r/t 
Finnix, before reading up and discovering this is a recurring 
discussion, e.g. this post by Steve McIntyre in 2018[1].  But even 
though Finnix is now live-build-based, I have no problem with also 
having a similar official Debian flavor.)



But maybe a call on d-d-a would be in order ?



[0] https://github.com/finnix/finnix-live-build
[1] https://lists.debian.org/debian-live/2018/11/msg00026.html



OpenPGP_signature
Description: OpenPGP digital signature