Build a customized bootable image of Debian GNU/Linux

Thursday, May 27, 2010 | 3 minute read | Updated at Thursday, May 27, 2010

Build a customized bootable image of Debian GNU/Linux

Recently, I was given a laptop on which I couldn’t install any software on the hard drive. Fortunately, this laptop has the ability to boot on USB devices and I happened to have a 8GB USB flash drive (which is, for the records, largely enough to install a Linux Live system on). To add extra complexity, I was required to use a tool (namely a patched version of NTT Docomo’s SEND implementation (that you can find here)) that is provided by Debian packages (.deb) for the SID version of Debian.

To sum up my requirements, I needed:

  • bootable system (on a USB flash drive)
  • Debian Linux (SID version)
  • possibility to store modifications to the system (persistence of the data)
Luckily, there was already a tool that does just that. Its name: Live Helper. Note that Live Helper does a lot of things. Among them, it can produce:
  • bootable ISO
  • netboot image
  • bootable USB image (which is what I'm interested in here)
A bunch of documentation is available here. Just so you see how simple it is to make funny thing (which is the whole point of this post). Here is what I typed to make my custom USB image: 
$ lh_config -b usb-hdd --mirror-bootstrap "http://debian.mymirror.tld/debian"\
-p gnome --packages "nfqueue-bindings-python libnetfilter-queue1 iceweasel
radvd sshfs less wireshark vim xterm socat" -d sid --bootappend-live "keyb=fr"
$ lh_build
Pretty short, isn't it ? Let us decompose the lh_config command here:
  • -b: selects the type of bootable image. USB image, net bootable image, ISO, etc.
  • --mirror-bootstrap: points to the debian repository where required packages should be fetched.
  • -p: defines a meta-set of packages. In practice, it is more collection of packages for a specific desktop environment. For example, gnome, kde, xfce, etc.
  • --packages: lists the extra packages you want to include in your image. Here, I needed some dependencies for NTT Docomo's SEND implementation.
  • -d: defines the distribution name, which influence the version of the packages. Here, sid refers to the bleeding-edge version of Debian.
Last important step for me: I wanted to install some software that were not in the Debian. I could just have them installed during the build process of the image, but I wanted to keep things simple and easy to manage. So I used the persistance function. Everything you need to know about this function is very well explained here. In case you are lazy, I will detail it here for you:
  • Your flash drive must be partionned (you can use gparted if you are not used to partionning) at least in two partitions. The first one is the place you will dd the newly build USB image. The second one is where your persistent data will be stored.
  • Anytime you want a live image of the filesystem state in your running USB image, you type live-snapshot. A gzipped cpio archive will be created on your system (the command will tell you where) and you will have to copy it to your second partition.
  • Next time you boot, just happen persistent to the kernel parameter (in your ISOLinux prompt), and it will automatically load the archive, thus restoring the filesystem to its saved state.

That’s it!

P.-S.: in case you need more magic, check out Live-Magic. Installing it is as easy as: 

$ aptitude install live-magic

© 2021 - 2026 Tony's blog

🌱 Powered by Hugo with theme Dream.

Everything about $me

My name is Tony Cheneau and I’m currently a devops (catchy title) at ANSSI.

I was previously occupying a postdoc position at the National Institute of Standards and Technology (also known as NIST), in the Advanced Network Technologies Division . This was a really entertaining job where my main research interests are focused on wireless applications over the Smart Grid and defining new security solution for these applications.

If you are interested in my education (or in hiring me), you can check out my very formal (and not so up to date) resume.pdf .

How you can contact me

My previous projects

  • SimpleRPL : an implementation of the Routing Protocol for Low-Power and Lossy Networks (RFC 6550)
  • NDprotector : an implementation of the Cryptographically Generated Addresses (RFC 3972) and the Secure Neighbor Discovery Protocol (RFC 3971)
  • and more on my GitHub page

Former research interest

During my PhD, I studied several aspects of the Link-Layer security. through the extended use of the Secure Neighbor Discovery protocol (RFC 3971 and RFC 3972 ).

Other of my previous research interests included MANEMO. MANEMO is the combination of multiple research areas:

  • MANET (Mobile Ad-Hoc Network) specifies how new dynamic routing protocols enable mobile node to route packets over Mobile Ad-Hoc Networks.
  • NEMO (Network Mobility or Network that Moves) defines a protocol similar to Mobile IP where a whole network is moving.
  • AUTOCONF defines an addressing scheme and corresponding solutions to allocate addresses inside a MANET.

Publications

Thesis

  • Tony Cheneau, « Amélioration des adresses CGA et du protocole SEND pour un meilleur support de la mobilité et de nouveaux services de sécurité (Enhancing CGA addresses and the SEND protocol for a better support of mobility application and new security services) », January 2011 manuscript slides

Journals

  • Tony Cheneau, Aymen Boudguiga, Maryline Laurent, « Significantly improved performances of the cryptographically generated addresses thanks to ECC and GPGPU », Computers & Security journal, Elsevier, Volume 29, pages 419-431, June 2010. pdf

Conferences

  • Tony Cheneau, Ranganathan Mudumbai, « Adaptive key management for wireless sensor networks », IEEE Global Communications Conference (GLOBECOM), Atlanta, USA, December 2013.
  • Tony Cheneau, Andrei V. Sambra, Maryline Laurent, « A Trustful Authentication and Key Exchange Scheme (TAKES) for Ad Hoc Networks », 5th International Conference on Network and System Security (NSS), Milan, Italy, September 2011. pdf
  • Tony Cheneau, Maryline Laurent, « Using SEND Signature Algorithm Agility and Multiple-Key CGA to Secure Proxy Neighbor Discovery and Anycast Addressing », 6th Conference on Network Architectures and Information Systems Security, La Rochelle, France, May 2011. pdf slides
  • Tony Cheneau, Maryline Laurent, « Étude des solutions de proxy Neighbor Discovery sécurisées et proposition basée sur la Signature Agility » (a study of secure proxy Neighbor Discovery solutions and proposition of a Signature Algorithm Agility based solution) , 5ème Conférence sur la Sécurité des Architectures Réseaux et des Systèmes d’Information, Menton , France, May 2010. pdf slides
  • Tony Cheneau, Aymen Boudguiga, Maryline Laurent-Maknavicius, « Amélioration des performances des adresses CGA et du protocole SEND: étude comparée de RSA et d’ECC/ECDSA » (Improving the CGA and SEND protocol performances: a comparative study of RSA and ECC/ECDSA), 4ème Conférence sur la Sécurité des Architectures Réseaux et des Systèmes d’Information, Luchon, France, (best student paper award), pages 139-156, in proceedings (SAR-SSI 2009) (ISBN: 978-2-7483-4833-0), June 2009. pdf proceedings slides
  • Tony Cheneau, Jean-Michel Combes, Une attaque par rejeu sur le protocole SEND » (A replay attack on the SEND protocol), 3ème Conférence sur la Sécurité des Architectures Réseaux et des Systèmes d’Information, Loctudy, France, pages 289-300, in proceedings (SAR-SSI 2008) (ISBN: 978-2-7483-3289-2), October 2008. pdf proceedings slides

Research Report

  • Aymen Boudguiga, Tony Cheneau, Maryline Laurent-Maknavicius, « Usage and Performance of Cryptographically Generated Addresses » TELECOM and Management SudParis, 08-014 LOR, 2008. zip

Internet Drafts

Back in time, I made some propositions inside the CGA and SEND maIntenance working (CSI) group:

  • draft-cheneau-csi-send-sig-agility-02 proposes a Signature Agility Solution to the SEND protocol (RFC3971 ). link
  • draft-cheneau-csi-ecc-sig-agility-02 on the previous draft and proposes to use Elliptic Curve Cryptography in CGA (RFC 3972 ) and SEND (RFC 3971 ). link

Teachings

During my PhD, I happened to give some lecture:

  • Data network (ingénieurs 1ère année)
  • Virtual Private Network (Master 2 CCN, Master spécialisé SSR et ingénieurs 3ème année)

Education

  • 2007-2011: PhD held at the Institut Télécom SudParis under the direction of Maryline Laurent . This PhD was funded by a grant of the ANR for the MobiSEND project.
  • 2007: Master 2 SSI (sécurité des systèmes informatiques), University of Paris XII, obtained with mention bien
  • 2006: Master 1 d’informatique (STIC - F3I), University of Poitiers, obtained with mention bien
  • 2005: Licence 3 d’informatique (TIS - parcours des réseaux), University of Poitiers, obtained with mention bien
  • 2004: DEUG MIAS (mathématiques et informatique en application en science), University of Poitiers
  • 2002: Baccalauréat S Sciences de l’Ingénieur, lycée E. Branly de Châtellerault (Poitiers academy), obtained with mention assez bien
Copyright

Copyright by Tony Cheneau