User Controls

Building a Distro, that builds Distros | FULL AUTO

  1. #1
    Sophie Pedophile Tech Support
    Full auto in the sense that you will only need to fill in some values, save it to your config file, and have the rest pretty much automated. Pretty neat huh? Guess what i am building? A Distro that does just that. Now you might be wondering to yourself: Soph, why would you want to make a Distro which builds other Distros? Well i am glad you asked.

    I've been getting into Distro Dev and general OS/Kernel/System stuff both as it pertains to regular and embedded systems, Rasberry Pi Arduino, and even some of the more exotic architectures. I put OS in there because i got access to tooling that allows me to configure custom Windows builds, as well as Linux Distros and OSX.

    Since i got my data center/VM-Lab up and running i've been a little annoyed with setting anything up that isn't meant to be a server, or a standard ass Win10 install, or just a simple Ubuntu or Debian box. Bootstrapping utilities are a thing, but i want to be able to have config files that set everything i need for whatever scenario i can think of, Including Special Windows Builds. I also want to have almost all of this automated for convenience and to give myself room to scale up, which is absolutely possible.


    Win Builds

    Some details on the tooling involved and general info.

    I have a special set of Windows Kits and associated tools that i run on Win2k16, they include the SDK, ADK, EWDK, and the Windows Hardware Lab.

    They do a lot of things but one thing the ADK and EWDK are used for is Enterprise Level Windows deployment. Say a company might have 100 people in the sales department that need their workstations configured in a way that is most conducive to the execution of their duties, and has pre-configured security policies. Because everyone knows, the people over at sales are the god damn people always opening MalDocs and getting ransomware all over the servers. In that scenario an Enterprise would use the same kind of setup i have access to in order to churn out those 100 workstation deploys with the better security policies.

    All you need to do is set up a master server, provisioning server and build targets.

    Basically with this tooling i could make Win10 Builds designed for Development, Debugging, and Kernel Debugging/Research. Or I could turn off Telemetry, Event Logging, Security Logging and Windows defender components.

    Alternatively i could make a custom build that actually respects your privacy.

    If you are familiar with Commando or FLARE by FireEye, those builds were made with the tooling that i have access to as well. Difference is i have a secret weapon that FireEye can't use for legal reasons that allows me to make installation media for custom build distribution, suited for VM, bare-metal, anything really. Without the need for the end user to activate the

    If you are unfamiliar with FLARE and Commando and/or would like to get an idea of what i am talking about or perhaps use those VMs(They're great btw, definitely recommend) Check them out below.

    FLARE: Windows Based RevEng VM
    COMMANDO VM: Windows Based Complete OffSec Suite VM

    Pretty neat right?

    *Nix

    Debootstrap, QEMU-Debootstrap, Debootstick, QEMU-KVM, Docker and LXC allow me to easily set up a rootfs, kernel and Package manager. QEMU components support exotic architectures too.

    QEMU-KVM or LXC in combination with the snap application manager from the fine folks over at Canonical are useful for getting minimal Ubuntu LTS set up, customized and virtualized. These can be debootstrapped, and used to create vmdk files or images on installation media. Very handy for creating highly specialized and smol custom Distros based on Ubuntu. You can do the same with Docker and Docker Images. The beauty of which is that there are many Docker images available, even if you don't have a Docker Hub making a Dockerfile to your exact specifications is trivial.

    For ARM architecture a tool-chain by the name of BuildRoot is available too. The cool thing about which is that you can build a Distro from the literal ground up.

    I will be looking into Kubernetes and Packer.io as well, but i am less familiar with those solutions at present.



    The distro i am building for this purpose is Debian based, is getting all the toolchains and virtualization frameworks and will ship with a custom windows build, either as an IMG, ISO, or VMDK. The Build will have all telemetry and logging disabled at the kernel level, and come pre-installed with everything you need(including a custom tool that will make our lives a lot easier while doing so.) in order to start churning out pre-activated custom builds



    Besides the one you can see above i will be writing more tools mostly for automation purposes. It's going to be the one stop shop for all our OS and distro needs.


    Comments?
    Criticism?
    Corrections?
  2. #2
    Sophie Pedophile Tech Support
    I have a prototype set up in VM, it's based off a mini.iso for Ubuntu 20 LTS, it has Packer.io, Docker, Multipass, SBuild, Vagrant, VMWare-ISO tools, QEMU-KVM, QEMU-IMG, QEMU-Debootstrap for x64, x86, ARM, and more exotic architectures. Normal Debootstrap, Debootstick, a static binary for bootstrapping apt packages, and LXC, LXD, Snap, and cloud-init, to initialize installs for VMs for local cloud and remote cloud usage. Packer, also has the ability to initialize AWS instances.

    All i need to do now is check out Kubernetes and see how that might fit within the design parameters of the OS-Building Distro. I might also add Build-Root which is a toolchain specifically designed for ARM and a couple other embedded device architectures, which will allow the user to basically build a mini OS for an Arduino or Raspberry Pi.


    First i will test all the tooling, write some automation implementations for it, and build a Docker Image if everything turns out to be working as intended, the Docker IMG will be made available at Docker Hub. Then i either SBuild/Debootstrap or Debootstick the Docker Image, and turn it into a rootfs, mounted to be written to a USB stick for Live Boot, or Installation.


    Pretty pleased with my progress so far. If you have anythingtoadd, comments and/or criticism, please feel free to post your thoughts.
Jump to Top