Distros Custom Arch.....................
Don’t wait for disaster to strike. Mark Chisholm shows you how to make your own Arch Linux-based distribution for saving your data. Arch Linux Customise the distro so that it’s ready to bring your data back to life
Mark Chisholm shows you how to make your own Arch-based distribution for data recovery.
Judd Vinet, the creator of Arch Linux, famously said that Arch Linux is what you make of it. With this in mind, we think Arch Linux is the ideal foundation to start assembling your own custom distro.
This tutorial will be mainly focused on data recovery, because having a recovery disc will benefit both the average home user and the seasoned sysadmin, and nothing beats the feeling of knowing you built it. Along the way we’ll show you ways in which you can customise it further to suit almost any task, including pen testing.
Arch Linux might not be as customisable as a Gentoo install – where the source code is frequently fine tuned to the hardware – but it’s relatively straightforward to build a custom Arch Linux disc image.
The main part of this article is going to involve the use of the archiso package. This package is the same tool that’s used to create the official Arch Linux disc images, which you can get over at www.archlinux.org/download. There are a few caveats to using archiso, however. You must be running an x86_64 platform (32-bit is being phased out over the course of 2017). The second stipulation is that you run as root for all steps. It’s not often that you hear someone to tell you to run as root for everything in a guide here at LXF. However, failure to do so will result in false permissions being set and things won’t work as intended: everything from a failure to boot into your newly created ISO, to not being able to login as the user account. We’ll be talking a bit more about permissions and how to set them properly later on.
Before any of that happens you’ll need a working Arch Linux install. If this is your very first time doing this, we recommend a virtual machine. Qemu or VirtualBox will suffice for the task, depending on how stringent you are with FOSS being installed on your system. Arch Linux’s rolling release system moves fast with frequent updates, so we recommend that you take a few minutes to read up on the installation guide.
When setting up your virtual machine you’ll have to set aside space for your newly created ISO, so think carefully about the size of the packages that will be installed on the system. If your system enables extra cores to be used we recommend giving it as much as you feel comfortable with.
Giving the VM more cores will mean it takes less time to actually output the disc image file. For this task it’s best avoiding something like a fully fledged KDE install, because of its performance on some virtualised environments (although it’s getting better at handling this task) and for the size it would take up on the ISO.
Obtaining ArchISO
Archiso is a collection of bash shell scripts that might appear rather simplistic. How can something so small enable you to create a customised Arch Linux distro tailored to your needs? But in the spirit of Arch Linux, it’s actually all you need following Arch’s ‘keep it simple’ philosophy.
The bulk of what makes archiso work is mkarchiso. Once an Arch Linux virtual machine has been set up, the very first thing to do is open a terminal and enter the following command as root: # pacman -S archiso
Archiso comes with two profiles. The releng profile is what we’re going to use for customising the list of installed packages, while the baseline profile is for a minor customisation with no installed packages included on it. Next, we need to create a new directory to actually begin customising our new Arch Linux distro. So fire up the Terminal again or just enter this command if you still have it open: # mkdir ~/archlive
This will create the archlive directory. We need this directory so we can copy the profile over to it and begin customising it. Archiso installs to the /usr/share/ directory, and we need to copy the files from it over to ~/archlive. To do this we’ll enter this command: # cp -r /usr/share/archiso/configs/releng ~/archiso The -r flag recursively copies files and anything within the
/usr/share/archiso/configs/releng directory. Here’s a quick explanation of some of the directories within the releng profile. The airootfs directory is what’s going to become the root directory on the newly created disc image file. Anything on the current Arch system that you want copied over to the new disc image, such as /etc/dhcpd.conf for example, would get copied over to the ~/archlive/releng/airootfs/
etc/ directory. We’ll be copying some more files over later on. The
efiboot directory in the releng profile contains everything you’ll need for booting with UEFI systems, and we’re going to leave it as it is throughout this tutorial. The packages.both is for creating dual disc-image files, but because 32-bit support is being dropped we’ll leave this and the packages.i686 for now. We’re going to make use of the packages.x86_64, however. If you do use the packages.both then the build time to assemble the customised disc image will take longer, because it has to prepare the files for both 32- and 64-bit. The
pacman.conf will also be left as is. The build.sh is where it all happens, so feel free to take a look inside it with this command:
# nano ~/archlive/releng/build.sh
You can also use vim if using nano sends a shiver down your spine. Just be careful not to edit anything within the
build.sh file or things won’t go smoothly. Everything we’re doing here isn’t going to damage your existing Arch Linux install and is actually safer than it sounds. The worst-case scenario is you have a disc image file you can’t boot into.
Customising the distro
We’re now going to begin adding packages to the Arch system. We can then copy over to the packages.x86_64 list. While you can go in and edit them later, we’d advise against it unless you’re sure which package is a dependency for another package. The eagle-eyed reader will notice that when we installed archiso it also installed lynx, Personal preference mean we’re going to install elinks instead. You can actually install both because they’re lightweight and you’ll hardly notice them on your final image size. So enter the command: # pacman -S elinks This is where you can actually begin installing packages of your own choosing, but because this is about data recovery we’ll need to install some packages for data recovery, such as photorec, testdisk and ddrescue. We can install three packages with just one command: # pacman -S testdisk ddrescue
If you’re wondering why that’s only two packages, it’s because the testdisk package actually contains photorec as well. Testdisk is a GPL package that helps with partition recovery, making non-bootable devices bootable again by recovering partition tables that have been deleted either by hardware failure or human error.
Photorec, despite the name, is able to recover over 400 file types. You can see which ones are supported by visiting www.cgsecurity.org/wiki/File_Formats_ Recovered_By_PhotoRec. The ddrescue package repeatedly tries to recover data by reading the drive. It attempts to solve errors and keeps a log file for inspection later on if required. You can also refer back to LXF190 for Sean Conway’s splendid article on photorec.
Now let’s say you need some help with Arch Linux while booted into the live medium. To do that you’ll need an IRC client. There a few available, such as irssi and weechat. Both are command line packages and will work with or without a desktop environment. Remember that if you’re installing a desktop environment you must have the xorg-server package and the desktop environment installed along with its dependencies and appropriate graphic drivers.
Arch is mostly able to determine which one to use depending on the system, but to keep it lightweight you can omit the desktop environment altogether. To install irssi and
weechat enter this command: # pacman -S irssi weechat
Presumably you’d also be keen to perform network diagnosis using your customised Arch ISO. To do this we can install nmap ( zenmap being the GUI counterpart). Nmap is a free, open source utility for network diagnosis and performing a security audit. If you’re a pen tester you could even install the packages you need on a daily basis and use them in your own lightweight ISO, and carry it wherever you go either on disk or bootable USB stick. To do that enter this command:
# pacman -S nmap
Install the package extundelete, which is useful for data recovery. This is a Terminal-based tool that recovers from ext3 and ext4 filesystems. In order to use extundelete, however, the partitions must be unmounted. Any of the recovered files from extundelete are placed into the working directory in a folder called RECOVERED_FILES: # pacman -S extundelete
Note that these are merely suggestions. Feel free to now add any packages you want through pacman and truly customise it to your liking.
Prepare the build
Now it’s time to adding a list of installed packages and get ready to assemble the custom Arch distro. This is achieved by using the aforementioned packages.x86-64 file, and then adding the list of packages we want on the new distro is as simple as adding them to that file. To do that enter this command: # pacman -Qqe >> ~/archlive/releng/packages.x86-64
The >> puts the output of the command pacman -Qqe to the packages.x86-64 list. To take a look at the list of packages, enter the following: # nano ~/archlive/packages.x86-64
If you’re using a desktop environment with a graphical login manager you’ll also need to copy over the conf file. For lightdm this is found in /etc/lightdm , which enables you to copy the conf file and any others files that lightdm needs in order to function. Enter the following command: # cp -r /etc/lightdm/* ~/archlive/releng/airootfs/etc/
In addition, copy over the /etc/systemd/system/ display-manager.service file with the command: # cp /etc/systemd/system/display-manager.service ~/ archlive/releng/airootfs/etc
If you want the new distro to have the same users on the arch system that you’re using now, you need to copy the relevant files over as well with the command: # cp /etc/{shadow,passwd,group} ~/archlive/releng/airootfs/ etc/
If you’re using a desktop environment then you need to copy over the ~/.xinitrc and ~/.config files. It’s also a good idea to also copy the .bashrc file. However, first you create the directory in airootfs with the command: # mkdir ~/archlive/releng/airootfs/etc/skel
Once the directory is created you can then copy the ~/.xinitrc and the ~/.config files over with this command: # cp ~/.bashrc && cp ~/.config && cp ~/.xinitrc ~/archlive/ releng/airootfs/etc/skel
As mentioned previously, all of these steps need to be performed as root. However, it’s not a recommended approach to take for everyday use. So if you want to log in as the normal user and not the root user then you need to make a modification to the etc/systemd/system/getty@tty1. service.d/autologin.conf file. This is Arch after all, and manually editing config files is quite common here. Enter the following command: # nano ~/archlive/releng/airootfs/etc/systemd/system/getty@ tty1.service.d/autologin.conf You’ll see something like ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux and replace “root” with the name of your user. With all the configurations we’ve done so far you can’t be blamed for thinking that this is the final configuration we need to do. However, we still need to customise the airootfs which can be done with the customize_airootfs.sh file found in ~/archlive/
releng/airootfs/root. To edit the file enter the following: # nano ~/archlive/releng/airootfs/root/customize_airootfs.sh We’re just making a minor alteration to the customize_ airootfs.sh file, so go down to the bottom and make sure the following services are started: systemctl enable pacman-init.service choose-mirror.service systemctl set-default graphical.target systemctl enable graphical.target systemctl enable lightdm.service
And that’s it – the final configuration is all done! You’re all ready to go to the ~/archlive/releng directory and build the customised ISO with the command: # ./build.sh -v -N ExampleISO - V 0.1 -L ExampleISO_0.1
The -v tells the build.sh script to output in verbose mode so you can obtain more details on what’s going happening. The -N reveals what name to give the ISO, the -V is the version number and the -L gives a label to the ISO you build. The build process can take time and depends on the resources of the VM. Once the build process is done you’ll find the finished ISO in the ~/archlive/releng/out directory. LXF