debootstick - Generate a bootable image from a Debian-based chroot environment
] SOURCE DEST
generates a bootable image (at DEST
) from a
Debian-based chroot environment (at SOURCE
must be a directory containing a standard Debian-based chroot
environment (such as one generated with debootstrap
(8)). The output
image generated at DEST
should then be copied to a USB stick or disk.
The embedded system is:
- ready to be used (no installation step)
- viable in the long-term, fully upgradable (kernel, bootloader included)
- compatible with BIOS and UEFI systems
can also generate installer media. See option
follows the usual GNU command line syntax, with long options
starting with two dashes (`-'). A summary of options is included below.
- -h, --help
- Show summary of options.
- -v, --version
- Show version of program.
- Describe which chroot environments are supported.
- --system-type [live|installer]
- Specify which kind of system is targeted. The default is
live. When booting a system where installer was selected,
the system will try to migrate to a larger device on first startup. If
live was selected, or if no such option was specified, no migration
will occur. See section INSTALLER MEDIA below.
- --kernel-package PACKAGE_NAME
- Specify the kernel that should be installed. Without this
option, debootstick will install a common one (depending on the
- --config-hostname HOSTNAME
- Specify the hostname the embedded system will have.
- --config-kernel-bootargs BOOTARGS
- Specify boot arguments to be added to the kernel. (You may
specify several arguments, e.g. --config-kernel-bootargs
- Prompt for the root password of the embedded system and set
- Remove the root password of the embedded system (root login
will not prompt any password).
- Ask for the root password when the system will be booted
for the first time.
- Update grub configuration to show boot menu on serial line.
The most common workflow is the following.
Generate a chroot environment:
--variant=minbase jessie /tmp/jessie_tree
(Optionally) customize it:
/tmp/jessie_tree; [...]; exit
Generate the bootable image:
--config-root-password-ask /tmp/jessie_tree /tmp/img.dd
Enter root password:
Enter root password again:
Test it with kvm.
/tmp/img.dd /tmp/img.dd-test # let's work on a copy, our test is
-s 2G /tmp/img.dd-test # simulate a copy on a 2G-large USB stick
-hda /tmp/img.dd-test # the test itself (BIOS mode)
Copy the boot image to a USB stick or disk.
The USB device may now be booted on any BIOS or UEFI system.
expects a chroot environment built for amd64 or i386 systems.
Of course, the resulting image will reflect this initial architecture, and
thus it should be booted on a compatible system.
also needs that the host system is able to execute binaries
in the chroot environment. For example, trying to run it with an amd64 chroot
environment on an i386 host will fail.
will check this kind of things on startup.
When first booting a system built with the --system-type installer
option, it will look for a larger disk and move to that disk. This operation
does not require a reboot. Once done, the system will just continue its bootup
procedure (and the initial device can be removed).
Any data on the target disk will be lost.
Also note that the system is moved, not copied. Thus the initial device cannot
be used anymore after the migration, unless you copy an image again, of
It is also possible to test the UEFI boot with kvm
, if you have the
package installed, by adding -bios /path/to/OVMF.fd
Many Live distributions propose a highly compressed system based on a squashfs
image. They handle writes using an overlay based on a filesystem union. While
this allows the system to remain compact in the first times, this also has
- Some important files remain read-only and cannot be upgraded (that is the case
of the linux kernel and the bootloader) which quickly leads to security issues
or upgrade problems.
- Storing modified files in an overlay and never releasing the room needed for
the original versions in the squashfs image is counter-productive in the long
One of the objectives behind debootstick
was to provide a viable
long-term live system, therefore this kind of setup has been discarded.
Etienne Duble (firstname.lastname@example.org)