Generate Debian 12 non-interactive ISO images with preseed.cfg
Forked from jboulard, which forked it from JaeGerW2016.
Changes in 2024: I reorganized the file hierarchy, separated configurations from partman recipes, implemented new CLI options and the late_command.sh script, modified the files included into the initdr.
Tools `cpio`, `gzip` and `xorriso` are required by `make-preseed-iso.sh` script.
sudo apt install gzip cpio xorriso./make-preseed-iso.sh --helpUsage: make-preseed-iso.sh path/to/debian.iso
-h|--help
Print this message.
-d|--debug
Enable debconf debugging log level in the generated iso.
-p|--preseed preseed.cfg|preseed_dir
Use this file as preseed.cfg, or a directory with preseed.cfg inside.
-o|--output preseed-debian-image.iso
Save ISO to this name, default is to prefix ISO source name with "preseed-".
-f|--force
Force overwriting output file. Default is to fail if output file exists.
-s|--static-network
Disable DHCP discovery
-i|--ip-address
Set the ip address
-n|--netmask
Set the netmask
-g|--gateway
Set the gateway
-N|--nameservers
Set the nameservers
-H|--hostname
Set the hostname
-D|--domain
Set the domain. If no domain is provided, no domain will be configured.
-u|--user
Set the username of the user created.
-w|--without-root
Weither or not setting a password on root user.
All options can be set via environment variables.
Notably root_sha512 and user_sha512 have no CLI flags but can be used as
crypted password information.
To generate them, use:
# openssl passwd -6
Quick instructions to create network installer ISO images with preseed files.
wget https://cdimage.debian.org/cdimage/release/current/amd64/iso-cd/debian-12.6.0-amd64-netinst.iso
wget https://cdimage.debian.org/cdimage/release/current/amd64/iso-cd/SHA256SUMS
wget https://cdimage.debian.org/cdimage/release/current/amd64/iso-cd/SHA256SUMS.signsha256sum -c SHA256SUMS --ignore-missingIf you do not have the signing key, you can import it with :
gpg --keyserver keyring.debian.org --recv DF9B9C49EAA9298432589D76DA87E80D6294BE9Bgpg --verify SHA256SUMS.sign SHA256SUMS./make-preseed-iso.sh --preseed vmware --output vm-debian-12.6.0-amd64-netinst.iso debian-12.6.0-amd64-netinst.iso
./make-preseed-iso.sh --preseed headless --output headless-debian-12.6.0-amd64-netinst.iso debian-12.6.0-amd64-netinst.iso
# Generate a qubes static netinst with '1234' password for root:
root_sha512='$6$0i3EFbGpyaYqA6Fa$83jUD3SppA1FFJC4AlvAx/saBjUD/CmupQH.P6wNt5yi9zXNo0fqO/rEqchUxYlRPKjvdbXmSFN7vq3AmzEYN1' \
./make-preseed-iso.sh --debug --force --preseed qubes/preseed.cfg \
--ip-address 10.137.0.130 --netmask 255.0.0.0 --gateway 10.138.30.105 \
--nameservers 10.139.1.1 --domain lan --hostname debian-12-preseed \
debian-12.5.0-amd64-netinst.isoNotice that late_command.sh will include the ./private/authorized_keys into the
~/.ssh of your user or root. It will also look for ./private/default/grub,
./private/default/keyboard, ./private/default/console-setup, drop them in
/etc/default/ and reconfigure the corresponding packages if necessary.
This is done to circumvent some pain points of locale configuration and to allow
better customization. But keep in mind that the configuration of your server
belongs moreover to proper tools such as Ansible, puppet, chef, saltstack, and
the preseed.cfg is rather about bootstrapping your partitions and ssh server.
All preseed.cfg options: https://preseed.debian.net/debian-preseed/.
A server with the partitioning recommended by the CIS, with a GPT table and with a ‘BIOS boot’ partition. It should work with BIOS or UEFI in legacy mode.
A server with the partitioning recommended by the CIS, with a GPT table and with
a /boot/EFI partition. It should work with UEFI. The main partitions are
encrypted and you will be prompted for the passphrase.
A simple GNOME desktop with encrypted multi partitioning, GPT, a /boot/EFI and
firmwares packages.
A test area for testing the recipes with QubesOS.