signalapp/SecureValueRecovery2
signalapp/SecureValueRecovery2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
81b01da957
SecureValueRecovery2/trustedimage/debian1.json

62 lines
2.4 KiB
JSON
Raw Blame History

# Copyright 2024 Signal Messenger, LLC
# SPDX-License-Identifier: AGPL-3.0-only
# Builds our first image, which is just a default Debian image
# with some pre-installed packages etc. to make things easier for
# us. Most of the work here is done in the `debian1/preseed.txt`
# file. Packer serves that up via HTTP and passes it to the Debian
# installer for an "unattended install".
{
"builders": [
{
"type": "qemu",
"format": "raw",
"headless": "false",
"communicator": "ssh",
"disk_size": "5G",
"memory": 4096, # Using the default amount of memory will crash, we need more.
# Use UEFI so our install can be more easily modified for secure-boot.
"efi_boot": "true",
"efi_firmware_code": "/usr/share/OVMF/OVMF_CODE_4M.ms.fd",
"efi_firmware_vars": "/usr/share/OVMF/OVMF_VARS_4M.ms.fd",
"machine_type": "q35",
"accelerator": "kvm",
"vm_name": "disk.raw",
"net_device": "virtio-net",
"disk_interface": "virtio",
"output_directory": "build/debian1.out",
"shutdown_command": "sudo shutdown -h now",
"http_directory": "debian1",
"ssh_username": "svr3",
"ssh_password": "svr3", # Super secret, don't tell anyone.
"ssh_timeout": "15m",
"iso_url": "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.4.0-amd64-netinst.iso",
"iso_checksum": "64d727dd5785ae5fcfd3ae8ffbede5f40cca96f1580aaa2820e8b99dae989d94",
# Our 'boot_steps' do all the actual work here.
"boot_wait": "2s",
"boot_key_interval": "10ms",
"boot_steps": [
# These steps interact with the MSFT UEFI firmware and tell it
# "don't boot into the UEFI shell, we actually want to boot to our disk".
# It appears that as of 2024/02/16, the firmware may have updated
# to no longer require this.
# "<enter>",
# "bcfg boot rm 0<enter>",
# "bcfg boot rm 0<enter>",
# "reset<enter>",
# "<wait5>",
# Now we're in the Debian installer UI. We select "advanced", then
# tell it to use a preseed, then once it's ready, we give it the URL
# we're serving up over HTTP for the 'debian1/preseed.txt' file.
"<down><down><enter><wait>",
"<down><down><down><down><down><enter><wait45>",
"http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.txt<enter>"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink