Creating the environment
In my example, I will be building on Debian 9, but I have also tested this and works fine in Ubuntu 16.04 and KDE Neon, so I am sure any Debian based distro will do just fine.
Start off by creating a fresh new folder to setup your build environment. We’ll call this folder “live-image”. Inside this folder you will need two folders, “chroot” for our chroot environment and “image” where we will create our ISO image later on.
$ mkdir live-image
$ mkdir live-image/chroot
$ mkdir live-image/image
In my case, I’m creating the folders in my home directory, but you can create them wherever you have read/write access.
Let’s now grab our tools. I’ll be using apt. If you’re trying with another distro, such as CentOS, you’ll need to refer to your packages of the same tools by a different name.
$ sudo apt install debootstrap syslinux isolinux squashfs-tools genisoimage
Often you see in these types of guides, you’re told to just install packages and go on, but I want to leave you in the dark too much here. If you’re a pro you can skip these package breakdowns, but if you want more info on what you’re doing, I’ll try to break down what each of these things will do for you.
Once you have the tools installed, we can move on to creating the Debian file system.
Debian 9 Stretch will be used, and I will be going for a 64bit architecture. You may want or need to use a 32bit (in that case you’ll use arch=i386), but for this example I’ll be building this 64bit.
This example assumes you are in your home directory where your live-image directory exists. If you see a ~ symbol in the path, that is referring to your home directory.
$ sudo debootstrap --arch=amd64 --variant=minbase stretch ~/live-image/chroot http://ftp.us.debian.org/debian/
This will take a little bit as it downloads all your packages and creates the filesystem in your live-image/chroot directory.
Once finished, you’ll be able to see the familiar GNU filesystem in your chroot directory.
Now we can chroot into your “chroot” directory and get to setting up the image basics and installing a kernel for the system.
Start by chrooting into the system.
$ cd ~/live-image
$ sudo chroot chroot/
In the Debian dungeon with chroot
You are now root of your new Debian minimal OS and you will see “root@debian:/#” Going forward, all commands used in chroot will be shown using the # instead of the $
Let’s set up a hostname for our new image.
# echo “vdi-live” > /etc/hostname
And lets install a Linux kernel so we can give our image a brain. You can search for available kernels using the apt search command.
# apt search linux-image
Choose a standard kernel. You can use the image metapackage to choose the latest standard kernel: linux-image-arm64
Let’s install that kernel and generate our initramfs.
# apt install --no-install-recommends linux-image-amd64
Next, we’ll need to install-boot and the systemd system links package.
# apt install live-boot systemd-sysv
Now we need to install the rest of our tools. We aren’t building a general utility-like live image here so we only need what’s necessary for video, internet, and a few minor tools if we do happen to need them in a live disk to troubleshoot VDI.
For this live image’s window manager, I’m going with OpenBox for it’s Kiosk like abilities without having to lock much down.
# apt install --no-install-recommends network-manager net-tools wireless-tools wpagui openbox xserver-xorg-core xserver-xorg xinit xterm pciutils usbutils ntfs-3g hfsprogs dosfstools syslinux nano wget
During install, you might be prompted to choose your keyboard layout. This is normal and just press the key to the keyboard layout you wish. 1 is for standard US/English.
We'll need to have a user for our image to log into that's not root, so let’s create a new user called “live-user”.
# adduser live-user
Enter in a password when prompted, one you will know. Don’t worry, you wont need to give it out to anyone and this user won't have sudo permissions anyway. Just continue pressing enter or filling out the info if you like until the user is fully created after pressing “y” at the end.
Now let’s set the systems root password. Again, you need to remember this password, but don’t give it out to anyone you don't want to be able to break out of your kiosk.
# passwd root
At this point, if we finalized and created our boot media, we’d see a lot of Linux boot text scrolling along as it boots. A lot of modern distros have a splash screen. Lets make a clean boot and install Plymouth for that polished feel with a boot splash screen system.
# apt install --no-install-recommends plymouth plymouth-themes
Now, we won’t install VMware quite just yet, we are going to need a few packages to install since VMware doesn’t have a debian package and uses a giant .bundle file that uses python 2.7. I’ll break down these requirements into two sections. So let’s install our requirements for installing.
# apt install --no-install-recommends python
For this live image we will want to install VMware Horizon View Client with as many options as possible, but there are going to be two options I’m going to leave out for this project.
- Client Drive Redirection : There’s no use for a shared network drive on a read-only image, so we won’t waste the time installing it. It will still be possible to share files via USB drive.
- Pack for Skype for Business : Not useful unless you actually NEED this feature. For the scope of this project, I will not be showing how to source the requirements for this feature.
All the other VMware options, we are going to have the libraries for as Debian is pretty darn good at having the requirements already there. But there are two essential packages that do need a little bit of work to get working: Multimedia Redirection (MMR) and Real-Time Audio-Video (The ability to use your webcam and stream audio for things like a conference call, that’s not Skype apparently)
For Multimedia Redirection, which is essential for HTML5 and flash video redirection (video processes on the client hardware rather than the VM) for watching smooth YouTube video, you’ll need to install the libgstreamer0.10 package and the libgstreamer-plugins-base0.10 package. But here’s the kicker, these have been removed from Debian 9 and Ubuntu 16.04 base images and are not in APT! These will need to be manually downloaded and installed from the Debian 8 packages.
We are going to temporarily download these packages, so lets go to the root folder to use as scratch space.
# cd /root
# wget http://ftp.br.debian.org/debian/pool/main/g/gstreamer0.10/libgstreamer0.10-0_0.10.36-1.5_amd64.deb
# wget http://ftp.br.debian.org/debian/pool/main/g/gst-plugins-base0.10/libgstreamer-plugins-base0.10-0_0.10.36-2_amd64.deb
And we’ll now need to install them using dpkg, the deb package installer.
# dpkg -i libgstreamer0.10-0_0.10.36-1.5_amd64.deb
# dpkg -i libgstreamer-plugins-base0.10-0_0.10.36-2_amd64.deb
# apt --fix-broken install
This will install iso-codes and liborc-0.4-0 (our missing dependency) and will finish by installing our libgstreamer-plugins package automatically
Next, for support of our Real-Time Video and Audio support (yeah, I know… what about libgstreamer? Ask VMware…), we’ll install libv4l-0 and libspeexdsp1, which luckily are in apt.
# apt install --no-install-recommends libv4l-0 libspeexdsp1
Next before we install VMware, I’m going to very highly suggest you install the chromium browser. One reason is because it provides a good browser to use for local non-VDI inernet if needed, but another is because it will install every package needed with the exception to the above for VMware Horizon Client to run.
# apt install --no-install-recommends chromium
Finally to VMware. Now we should be set to download the Vmware-Horizon-Client installer bundle. While still in the /root directory in your chroot.
# wget http://download3.vmware.com/software/view/viewclients/CART18FQ4/VMware-Horizon-Client-4.7.0-7395152.x64.bundle
Your package won’t be executable, so we’ll need to modify that.
# chmod +x VMware-Horizon-Client-4.7.0-7395152.x64.bundle
Now we can install. Note that this installer will be text based. If you have installed this before, you’ll probably be expecting a GUI. Nope, not in this chroot buddy! Never fear, I’ll guide you along.
Installing VMware Horizon Client 4.7.0 into the CHROOT Debian 9
- You’ll be asked to accept a License Agreement. Just press Enter.
- If you don’t want to read the license (hoping there’s no HumancentIpad clause) you can go ahead and press the q key and type “yes” and hit enter.
- Client Drive Redirection. We won’t have the libraries or the ability so type “No” and press enter.
- Multimedia Redirection. We want that. Default answer is Yes so just press enter.
- Smart Card. You never know, and we have the libraries so hit enter to choose Yes.
- Real-Time Audio-Video. You went to all that work! Hit enter to choose Yes.
- VMware Horizon(R) Virtualization Pack for Skype for Business. For issues beyond libraries, this is not supported in the scope of this project. Type “No” and hit enter.
- USB Redirection. VDI without USB Redirection is just sad. Hit enter to choose Yes.
- Virtual Printing (AKA ThinPrint) this is only really useful if CUPS is installed, but it doesn’t hurt to just install it anyway. Hit enter to choose yes.
- Hit enter again to continue to install.
- You will want to Register and start the install services, so type “Yes” and hit enter.
- Here’s were we will ENSURE that all the libraries were found. Type “Yes” to scan. I highly recommend you do this to see if everything installed properly.
Hopefully after your scan you should see this:
VMware Horizon Multimedia Redirection (MMR) Success VMware Horizon Smart Card Success VMware Horizon Real-Time Audio-Video Success VMware Horizon PCoIP Success VMware Horizon USB Redirection Success VMware Horizon Virtual Printing Success VMware Horizon Client Success
If not, take note of the missing .so files it lists and look them up to see what packages they belong to. Feel free to post your problems here and we can find if there’s a new requirement or package change.
Now, I’m sure you’re getting antsy to test this live image already, but as it is right now, you wont see anything if you tried it. We’re going to need to finish configuring Debian to properly boot and to automatically log in as a live user for the disk. We will also need to make the experience a little more like a Kiosk.
Let’s start by getting autologin to work. Let’s navigate to the systemd system directory.
# cd /etc/systemd/system
Here we will want to create a new folder. The name is a bit easy to typo, so pay close attention to avoid troubleshooting issues later. Ensure you do use the @ sign in the name.
Now we’ll need to make a configuration file that automatically logs our user in
This will bring you into the Nano text editor. If you never used it, its a easy text editor that lets you get in and out quick. (If you have used it, and prefer vi, good luck and have fun, and I hope you exit someday.)
In our file, make sure you have the follow exactly as shown, including the double ExecStart lines.
Press Ctrl-x, then y and enter to save.
You now have your user we created “live-user” automatically logging into the main terminal window, but we still wont have any GUI.
Next, we’ll create the startup scripts for getting your GUI up. We’ll set this up only for the live-user so that the root account can do what it needs to without anything automatically starting up.
# cd /home/live-user/
Now we’ll edit a hidden file here called .profile and add a line to start the xwindow system.
# nano .profile
At the very bottom of the file, append this line.
Ctrl-x, y and enter to save and quit.
Now we need to tell OpenBox to autostart VMware once the user logs in.
From the /home/live-user directory we’ll need to create the .config directory and the openbox directory , which doesn’t exist, and change the owner to the live-user
# mkdir .config
# mkdir .config/openbox
# chown -R live-user .config/
Now we’ll go into the openbox directory and create a new file for autostarting VMware.
# cd .config/openbox
# nano autostart
Enter in the following line of text
Ctrl-x, y and enter to save and quit.
There are more things we can do for OpenBox, customize menues and themes but for the scope of just getting this up and functional, we’ll skip and I’ll add it on at a later time. Before we go into the creation of the image, we should create a policy file for VMware that really finalizes that Kiosk experience.
Navigate to the /etc/vmware folder and create a new file called view-mandatory-config.
This is the file that controls vmware’s options so that the user cannot change them. You can restrict this as much as needed. Vmware’s documentation can go further into all the possible options but I’ll just touch on a few of the basics.
# cd /etc/vmware
# nano view-mandatory-config
Enter in the following text:
If you have a default VDI server that you want to lock the user into you may add it to the file like so (IP or FQDN can be used):
Ctrl-x, y and enter to save and exit.
Now, lets make that live disk! Let’s clean up apt to make sure our filesize is small and exit chroot.
# apt clean
Setting up the Live Image ISO and SquashFS
Now that we're out of the chroot dungeon, we can start by going back to our live-image directory to get ready to start putting together the files needed for creating our filesystem and ISO.
$ cd ~/live-image/image
Here, we’ll create two new folders.
$ mkdir live
$ mkdir isolinux
In our live folder, we’ll need to copy our Linux kernel and Initramfs file from the chroot folder.
$ cp ~/live-image/chroot/boot/vmlinuz-4.9.0-4-amd64 ~/live-image/image/live/vmlinuz1
$ cp ~/live-image/chroot/boot/initrd.img-4.9.0-4-amd64 ~/live-image/image/live/initrd1
vmlinuz1 and initrd1 in the live folder are the Linux kernel and Initramfs from our image, but we need them to boot the disk as well. They will be copied to the live folder to help bootstrap the image.
Now we’ll need to create our menu for our boot. I’m going to make ours very simple but you can add more options later on for things like memtest86+ (A system memory checker)
$ nano ~/live-image/image/isolinux/isolinux.cfg
In this file, add the following text:
Ctrl-x, y and enter to save and exit.
The title’s and labels may be customized to your liking, but you may want to leave as it is for now to give this a try. Rebuilding at this point will be quick and easy down the road.
To finish setting up isolinux, we’ll need to copy some files into the isolinux directory
$ cp /usr/lib/ISOLINUX/isolinux.bin ~/live-image/image/isolinux/
$ cp /usr/lib/syslinux/modules/bios/menu.c32 ~/live-image/image/isolinux/
$ cp /usr/lib/syslinux/modules/bios/hdt.c32 ~/live-image/image/isolinux/
$ cp /usr/lib/syslinux/modules/bios/ldlinux.c32 ~/live-image/image/isolinux/
$ cp /usr/lib/syslinux/modules/bios/libmenu.c32 ~/live-image/image/isolinux/
$ cp /usr/lib/syslinux/modules/bios/libcom32.c32 ~/live-image/image/isolinux/
$ cp /usr/lib/syslinux/modules/bios/libgpl.c32 ~/live-image/image/isolinux/
$ cp /usr/share/misc/pci.ids ~/live-image/image/isolinux/
That’s it! Now we can create our squashfs filesystem for our disk.
This part needs to be run as sudo.
This part needs to be run as sudo.
$ sudo mksquashfs ~/live-image/chroot ~/live-image/image/live/filesystem.squashfs -e boot
This will take a bit of time, but won’t take too long. Once it’s finished we’ll finally be ready to create that ISO file and start testing! It should be around the filesize of 462MB (give or take based on the packages installed)! That’s pretty amazing considering your uncompressed linux image is actually around 1.1GB at this point!
Now we’ll create that ISO file.
$ sudo genisoimage -rational-rock -volid "VDI LIVE" -cache-inodes -joliet -hfs -full-iso9660-filenames -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -output ~/live-image/vdi-live.iso ~/live-image/image
That’s it! Your iso file should be named “vdi-live.iso” and sitting in your live-image directory.
If you’re familiar with qemu, you can try testing it there. If you have VirtualBox, VMware Workstation, ect boot up your ISO and see your creation!
For further customization, themes, colors, mouse pointers, scripts, ect I’ll add on another post. At this point, you should have what you need to start playing on your own.