Hi there 👋

Basic Config [Distribution] Distribution=ubuntu [Output] Format=disk [Content] Packages= apt cloud-init dbus grub-efi-amd64-signed iproute2 linux-virtual netplan.io openssh-server openssl shim-signed ssh-import-id sudo systemd systemd-resolved udev vim Bootloader=grub ShimBootloader=signed BiosBootloader=none Bootable=true RootPassword=ubuntu KernelCommandLine=console=ttyS0 Hostname=ubuntu Then simply run mkosi. Boot the image Use this script (use –no-snapshot to make the changes persist): ./start-vm.sh ./image.raw To go further At the moment, mkosi only supports producing raw disk images. To convert the image to qcow2: qemu-img convert -f raw -O qcow2 /tmp/image.raw /tmp/ubuntu.img And to make it (virtually) bigger: ...

Boot process - context In general, the boot process looks like this: ROM | DISK Pre-EFI initialization -> EFI firwmare -|> shim -> grub -> Linux The pre-efi initialization is about initializing CPU and devices. Especially, it is responsible for initializing the DRAM controller on the CPU. Before this step the system is in a very precurious state and can only use its cache as memory (aka Cache as RAM). ...

systemd-tmpfiles /tmp and other temporary directories and files are now managed by systemd and are not tmpfs. sytemd-tmpfiles gives to the user the ability to choose what they want to do with temporary directories/files. There are a ton of options that the user can choose from and everything is managed though config files (see man tmpfiles.d). Create a temporary directory in your HOME folder Using the global /tmp directory can be security issue as anyone can read this directory. If the user is not very carefull with the permissions they set on their files, confidential information might leak. Also, programs packaged with snap cannot access the global temporary directory /tmp by default. ...

Genesis a CLI project written in Python. It can build Ubuntu images from scratch. The tool is named genesis (because you start from nothing). And is available as a python package: https://github.com/gjolly/genesis (it’s also packaged as a deb in a PPA. A basic example We are going to create a very minimal image of Ubuntu 23.04 (Lunar Lobster) and try to boot from it using qemu. Creating a base image First you want to start by bootstrapping a basic filesystem: ...

The flow In order to decrypt the root filesystem, the kernel uses a initial ram disk (initramfs). The initramfs provides an temporary filesystem from which extra kernel modules can be loaded, it also contains a set of scripts used to boot the system including scripts to decrypt the user’s root filesystem. This initramfs image is a file stored un-encrypted next to the kernel image. However, unlike the kernel image, it is not signed by the kernel publisher as the iniramfs is generated locally and can be modified by the user. Thus, anyone with physical access to the user’s drive can inject a malicious initramfs that would log the user’s passphrase and thus make FDE useless. ...

To boot the Linux Kernel, most distro use a bootloader and one of the most popular is GRUB. But did you know you can directly boot the Kernel without using a bootloader? DISCLAIMER: This is only for fun and learning, I do not advise anyone to do that on their main system. Be safe, use a VM. VM setup Just a quick recap of what is needed (mostely stolen from powersj’s excelent blog post). ...

The basics https://powersj.io/posts/ubuntu-qemu-cli/ Mount disk images It is ofter very convenient to mount a FS locally to be able to debug and/or fix a problem with a broken disk. Pre-requisite to everything: mkdir /tmp/rootfs To know the format of your disk: qemu-img info disk.img (note that qemu-img can output JSON to automate your stuff) Raw disk images losetup -f -P disk.img losetup -l | grep -v snap # to find the loop device you just created and yeah those snaps.... mount /dev/loopXpX /tmp/rootfs For anything else (QCOW2, VHD/VPC, etc…) modprobe nbd qemu-nbd --connect=/dev/nbd0 disk.img fdisk /dev/nbd0 -l # to find your partition mount /dev/nbd0pX /tmp/rootfs

I recently enabled the Firewall on my desktop on Ubuntu. I probably did a quick lookup online to find out that sudo ufw enable was enough to enable it. I entered the command and forgot about it. $ sudo ufw enable Firewall is active and enabled on system startup Obviously, (and to be honest I was waiting for it), it didn’t take long for things to go bad. A few weeks later, while I was not at home and wanted to SSH on my machine via tailscale, I realized that I couldn’t and quickly remember about the Firewall. ...

While working on a completely different project, I started to ask myself how the who command was working under the hood. In the end, I thought it was a good topic for a blog post. Who is who Let’s start with the basics. the who command allows you to list the users currently logged on the system. For example, on my machine: $ who gauthier tty2 2020-08-30 15:06 (tty2) gauthier pts/1 2020-08-30 15:06 (tmux(1555).%0) gauthier pts/2 2020-08-30 16:41 (tmux(1555).%6) gauthier pts/4 2020-08-30 15:57 (tmux(1555).%3) It tells me that I am logged on the “physical” terminal tty2 and on three pseudo terminals. Indeed my current session of Gnome Shell is running on tty2 and I have 3 tmux windows open. ...