Thursday 24 August 2017

Installing 'isorespin.sh' ISOs on Apollo Lake devices

UpdateThis work is superseded by a new release of my 'isorespin.sh' script which can respin an official ISO suitable for use on Intel Apollo devices. See 'Running and installing Ubuntu and Ubuntu flavours on Apollo Lake devices'.


Previously installation on Intel Apollo Lake devices without explicit Linux support in the BIOS required the rEFInd boot manager to be installed manually. Following a number of requests I've now updated my 'isorespin.sh' script to add this automatically to the respun ISO making it transparent duing the installation of the ISO.

I've also changed the script so that it no longer requires the removal of any 'isorespin.log' file first as it will now simply overwrite it. Instead the respun ISO now includes a README file which details how the ISO was spun.



Also the latest Ubuntu Artful 17.10 build includes an Ubuntu fork of the Dash to Dock extension as Ubuntu Dock. So I've respun the daily build from 21st August and added the v4.13-rc6 kernel and the rEFInd boot manager and anyone who want to see how it looks on an Apollo Lake device can download the ISO from here (ISO removed due to Lenovo BIOS issues) and the upgraded script can be downloaded from 'isorespin.sh'.

Please donate if you find the script useful using the following link http://goo.gl/nXWSGf.





Sunday 6 August 2017

Respinning security distros and upgrading packages

A while back I dropped Debian and Debian based ISO support from my 'isorespin.sh' script as the release of Debian 9 Stretch uses a v4.9 kernel rather than a v3.16 kernel meaning that the kernel cannot be upgraded with Canonical's HDMI and RTL8723BS DKMS support. I also dropped their support because I do not agree with using a kernel compiled for one distro's userland with a different distro's userland as for example in using an Ubuntu kernel to boot a Fedora ISO.

This meant no more respinning Kali ISOs but since I'm again receiving requests for its support it got me thinking about what Ubuntu-based security distros existed. So following some research I've added support for BackBox Linux a 'penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit'.


Respinning is simple using my latest version of 'isorespin.sh':

Script '/usr/local/bin/isorespin.sh' called with '-i backbox-5-amd64.iso --atom --update' ...
Work directory 'isorespin' used ...
ISO '/home/linuxium/backbox-5-amd64.iso' respun ...
Bootloader 'GRUB' added ...
Kernel updated with mainline kernel version '4.13.0-041300rc3-generic' ...
Local package '/home/linuxium/isorespin/rtl8723bs_4.12.0_amd64.deb' added ...
File '/home/linuxium/isorespin/linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/linuxium-install-broadcom-drivers.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-broadcom-drivers.sh' added ...
Command run ...
# wrapper-linuxium-install-UCM-files.sh
./linuxium-install-UCM-files.sh: Extracting UCM files ...
./linuxium-install-UCM-files.sh: Installing UCM files ...
./linuxium-install-UCM-files.sh: Reloading UCM driver ...
./linuxium-install-UCM-files.sh: Installation of UCM finished 
# wrapper-linuxium-install-broadcom-drivers.sh
./linuxium-install-broadcom-drivers.sh: Extracting Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Reloading Broadcom driver ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom bluetooth service ...
Created symlink /etc/systemd/system/multi-user.target.wants/brcmbt.service, pointing to /lib/systemd/system/brcmbt.service.
./linuxium-install-broadcom-drivers.sh: Starting Broadcom bluetooth service ...
Running in chroot, ignoring request.
./linuxium-install-broadcom-drivers.sh: Installation of Broadcom finished 
Respun ISO created as 'linuxium-v4.13-rc3-backbox-5-amd64.iso'.

I've also had another look at Kali as whilst their official ISOs use a Debian kernel they also offer Kali Metapackages which 'give you the flexibility to install specific subsets of tools based on your particular needs'. Following the documented instructions I looked at how I could update my script to allow the addition of these metapackages when respinning. As a result I've added a new option '--key' to add GPG keys to the APT keyring allowing packages to be downloaded from signed repositories. It is now possible to respin an Ubuntu ISO adding the packages:


There are some restrictions/limitations. Unity isn't supported and I've found adding a GPG key to a 17.04 or 17.10 release fails. Additionally adding the 'kali-linux-full' package results in dependency issues. However it is possible to respin the recently released Ubuntu GNOME 16.04.3 and add 'kali-linux' and 'kali-linux-top10':

Script '/usr/local/bin/isorespin.sh' called with '-i ubuntu-gnome-16.04.3-desktop-amd64.iso --atom -u --key adv --keyserver keyserver.ubuntu.com --recv-keys ED444FF07D8D0BF6 --repository deb http://http.kali.org/kali kali-rolling main contrib non-free -p kali-linux -p kali-linux-top10' ...
Work directory 'isorespin' used ...
ISO '/home/linuxium/ubuntu-gnome-16.04.3-desktop-amd64.iso' respun ...
Bootloader 'GRUB' added ...
Kernel updated with mainline kernel version '4.13.0-041300rc3-generic' ...
Key 'adv --keyserver keyserver.ubuntu.com --recv-keys ED444FF07D8D0BF6' added ...
Repository 'deb http://http.kali.org/kali kali-rolling main contrib non-free' added ...
Package 'kali-linux' added ...
Package 'kali-linux-top10' added ...
Local package '/home/linuxium/isorespin/rtl8723bs_4.12.0_amd64.deb' added ...
File '/home/linuxium/isorespin/linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/linuxium-install-broadcom-drivers.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-broadcom-drivers.sh' added ...
Command run ...
# wrapper-linuxium-install-UCM-files.sh
./linuxium-install-UCM-files.sh: Extracting UCM files ...
./linuxium-install-UCM-files.sh: Installing UCM files ...
./linuxium-install-UCM-files.sh: Reloading UCM driver ...
./linuxium-install-UCM-files.sh: Installation of UCM finished 
# wrapper-linuxium-install-broadcom-drivers.sh
./linuxium-install-broadcom-drivers.sh: Extracting Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Reloading Broadcom driver ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom bluetooth service ...
Created symlink /etc/systemd/system/multi-user.target.wants/brcmbt.service, pointing to /lib/systemd/system/brcmbt.service.
./linuxium-install-broadcom-drivers.sh: Starting Broadcom bluetooth service ...
Running in chroot, ignoring request.
./linuxium-install-broadcom-drivers.sh: Installation of Broadcom finished 
Respun ISO created as 'linuxium-v4.13-rc3-ubuntu-gnome-16.04.3-desktop-amd64.iso'.

Lubuntu is also supported:


and by adding 'kali-desktop-lxde' additional LXDE packages are included (note 'Other'):


Script '/usr/local/bin/isorespin.sh' called with '-i lubuntu-16.04.3-desktop-amd64.iso --atom -u --key adv --keyserver keyserver.ubuntu.com --recv-keys ED444FF07D8D0BF6 --repository deb http://http.kali.org/kali kali-rolling main contrib non-free -p kali-linux -p kali-desktop-lxde -p kali-linux-top10' ...
Work directory 'isorespin' used ...
ISO '/home/linuxium/lubuntu-16.04.3-desktop-amd64.iso' respun ...
Bootloader 'GRUB' added ...
Kernel updated with mainline kernel version '4.13.0-041300rc3-generic' ...
Key 'adv --keyserver keyserver.ubuntu.com --recv-keys ED444FF07D8D0BF6' added ...
Repository 'deb http://http.kali.org/kali kali-rolling main contrib non-free' added ...
Package 'kali-linux' added ...
Package 'kali-desktop-lxde' added ...
Package 'kali-linux-top10' added ...
Local package '/home/linuxium/isorespin/rtl8723bs_4.12.0_amd64.deb' added ...
File '/home/linuxium/isorespin/linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/linuxium-install-broadcom-drivers.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-broadcom-drivers.sh' added ...
Command run ...
# wrapper-linuxium-install-UCM-files.sh
./linuxium-install-UCM-files.sh: Extracting UCM files ...
./linuxium-install-UCM-files.sh: Installing UCM files ...
./linuxium-install-UCM-files.sh: Reloading UCM driver ...
./linuxium-install-UCM-files.sh: Installation of UCM finished 
# wrapper-linuxium-install-broadcom-drivers.sh
./linuxium-install-broadcom-drivers.sh: Extracting Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Reloading Broadcom driver ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom bluetooth service ...
Created symlink /etc/systemd/system/multi-user.target.wants/brcmbt.service, pointing to /lib/systemd/system/brcmbt.service.
./linuxium-install-broadcom-drivers.sh: Starting Broadcom bluetooth service ...
Running in chroot, ignoring request.
./linuxium-install-broadcom-drivers.sh: Installation of Broadcom finished 
Respun ISO created as 'linuxium-v4.13-rc3-lubuntu-16.04.3-desktop-amd64.iso'.

Finally I've added another option '--upgrade' which simply performs an 'apt-get upgrade' on the ISO's packages. So for example having downloaded an Artful daily ISO, I can respin it with the latest packages:


Script '/usr/local/bin/isorespin.sh' called with '-i 030817-artful-desktop-amd64.iso --upgrade --rolling-unstable --atom -s 200MB' ...
Work directory 'isorespin' used ...
ISO '/home/linuxium/030817-artful-desktop-amd64.iso' respun ...
Kernel boot parameters 'persistent' added ...
Bootmanager 'rEFInd' added ...
Distro upgraded ...
Package 'linux-headers-4.12.0-9 linux-headers-4.12.0-9-generic linux-image-4.12.0-9-generic linux-image-extra-4.12.0-9-generic' added ...
Local package '/home/linuxium/isorespin/rtl8723bt_4.12.0_amd64.deb' added ...
File '/home/linuxium/isorespin/linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-UCM-files.sh' added ...
File '/home/linuxium/isorespin/linuxium-install-broadcom-drivers.sh' added ...
File '/home/linuxium/isorespin/wrapper-linuxium-install-broadcom-drivers.sh' added ...
Command run ...
# wrapper-linuxium-install-UCM-files.sh
./linuxium-install-UCM-files.sh: Extracting UCM files ...
./linuxium-install-UCM-files.sh: Installing UCM files ...
./linuxium-install-UCM-files.sh: Reloading UCM driver ...
./linuxium-install-UCM-files.sh: Installation of UCM finished 
# wrapper-linuxium-install-broadcom-drivers.sh
./linuxium-install-broadcom-drivers.sh: Extracting Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom files ...
./linuxium-install-broadcom-drivers.sh: Reloading Broadcom driver ...
./linuxium-install-broadcom-drivers.sh: Installing Broadcom bluetooth service ...
Created symlink /etc/systemd/system/multi-user.target.wants/brcmbt.service -> /lib/systemd/system/brcmbt.service.
./linuxium-install-broadcom-drivers.sh: Starting Broadcom bluetooth service ...
Running in chroot, ignoring request.
./linuxium-install-broadcom-drivers.sh: Installation of Broadcom finished 
Persistence partition of '200MB' added ...
Respun ISO created as 'linuxium-persistence-030817-artful-desktop-amd64.iso'.

The new flags are only available from a CLI invocation:


and the upgraded script can be downloaded from 'isorespin.sh'.

Please donate if you find the script useful using the following link http://goo.gl/nXWSGf.