2021-04-08 build Vyos 1.4 from source

This document describes one mechanism to build a bootable Vyos iso from the Vyos github source code repository. This procedure adds a google-authenticator that is not in the official Vyos builds.

Start with a Centos 8 workstation with the virtualization package and tools. Really, anything that can do KVM virtualization should work.

Download debian-10.9.0-amd64-netinst.iso (sha256sum is 8660593d10de0ce7577c9de4dab886ff540bc9843659c8879d8eea0ab224c109) from https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.9.0-amd64-netinst.iso. Use that in virt-manager to create a VM.

2G memory, 20G disk
advanced, type KVM, arch x86_64
graphic install
install std system utilities, and ssh server

On your workstation as user root:

# define build machine

# copy ssh key
ssh-copy-id -i $target

# copy the script to your build machine
scp build.10.vyos $target:/tmp

# run the script
ssh -t -t $target bash /tmp/build.10.vyos >build.vyos.log 2>&1

# fetch the iso
scp $target:/root/vyos-build/vyos*iso .

build.10.vyos 2021-04-08


# https://docs.vyos.io/en/latest/contributing/build-vyos.html

function logger() {
    echo " "
    echo "*** $d $1"

function phase1 {
    # starting with debian-10.9.0-amd64-netinst.iso
    # sha256sum=8660593d10de0ce7577c9de4dab886ff540bc9843659c8879d8eea0ab224c109
    # gui install
    # languages = english
    # location = us
    # keyboard = english
    # host = hostnn - take the default
    # setup strong root and user passwords
    # set your timezone
    # software selection = ONLY ssh server and standard utilities
    # install grub on /dev/vda
    # reboot - disconnect cdrom, boot from vda
    # login as root
    # fn=/etc/ssh/sshd_config
    # sed -i -r -e 's/^(#|)PermitRootLogin.*$/PermitRootLogin yes/g' $fn
    # systemctl enable ssh.service
    # systemctl restart ssh.service

    # on host machine:
    #    h=host$n
    #    ssh-keygen -R $h
    #    ssh-copy-id -i root@$h
    #    ssh root@$h

    echo take a snapshot 'virgin' and restart here

    logger "running as root, install prerequisites"
    cd  # to /root
    apt-get update
    apt dist-upgrade -y
    apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common
    curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
    add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
    apt-get update
    apt-get install -y docker-ce

    logger "build the container"
    git clone -b current --single-branch https://github.com/vyos/vyos-build
    cd vyos-build
    docker build -t vyos/vyos-build:current docker

    logger "build vyos"
    docker run -i --privileged -v $(pwd):/vyos -w /vyos vyos/vyos-build:current bash <<EOF
        ./configure --architecture amd64 --build-by "carl@five-ten-sg.com" --debug --custom-package libpam-google-authenticator
        cat >data/live-build-config/hooks/live/99-google_authenticator.chroot <<XXX

echo I: setup google authenticator

sed -i -e '1iauth       required     pam_google_authenticator.so nullok' /etc/pam.d/sshd
sed -i -e 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config
sed -i -e 's/^PermitRootLogin no/PermitRootLogin yes/g'                                 /etc/ssh/sshd_config
sed -i -e 's/^ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /usr/share/vyos/templates/ssh/sshd_config.tmpl
sed -i -e 's/^PermitRootLogin no/PermitRootLogin yes/g'                                 /usr/share/vyos/templates/ssh/sshd_config.tmpl
        chmod 755 data/live-build-config/hooks/live/99-google_authenticator.chroot
        make iso