Copyright © 2006 © Frans Pop <fjp@debian.org>
Abstract
The Debian Installer is sometimes described as a mini Linux distribution which gives an indication of its complexity. This paper gives an introduction to the inner workings of the installer when it is running, its components (udebs) and its build system.
Table of Contents
The examples in this section reflect the current status of the Installer, the Etch Beta 2 release, and are based on the CD-ROM and netboot installation methods for i386. The choice for i386 was made as this is most familiar to most users, but installations for other architectures are not structurally different[1].
So what are the basic steps when the installer is run? In any installation five stages can be distinguished.
The first three stages are where the fundamental difference between installation methods can be seen. All components (udebs) used there need to be included in the initrd[2] with which the installer is booted.
The table below shows what components are involved in the first and second stage for the CD-ROM and netboot installation methods and also shows where these differ.
| Stage | CD-ROM | NETBOOT | Comments |
|---|---|---|---|
| - | initrd-preseed | Only if /preseed.cfg is present |
|
| 1 | localechooser | Language/country/locale selection | |
| 1 | kbd-chooser | Keyboard selection | |
| 1 | cdrom-detect | eth-detect | Hardware detection and setup |
| 1 | netcfg | Network configuration | |
| - | file-preseed | network-preseed | If selected at boot prompt |
| 2 | choose-mirror | Mirror selection | |
| 2 | load-cdrom (anna) | download-installer (anna) | Retrieve and unpack additional components |
| 3 | eth-detect | Hardware detection and setup | |
| 3 | netcfg | Network configuration | |
| 3 | choose-mirror | Mirror selection (sometimes needed for stage 4) | |
The remainder of the installation is basically the same for all installation methods.
| Stage | Comments | |
|---|---|---|
| 4 | hw-detect | Additional hardware detection |
| 4 | partman | Partitioning, file system creation and mount point selection |
| 5 | tzsetup | Time zone selection |
| 5 | clock-setup | Configure for hardware clock set to UTC or local time zone |
| 5 | user-setup | Set up root and normal user accounts |
| 5 | base-installer | Base system (debootstrap) & kernel installation |
| 5 | apt-setup | APT configuration in the target system (sources.list) |
| 5 | pkgsel | Select and install additional packages (tasksel) |
| 5 | grub/lilo-installer; nobootloader | Boot loader installation |
| 5 | finish-installa) | Finish up the installation and reboot |
a) Renamed from prebaseconfig after the Etch Beta 2 release because the package base-config was obsoleted.
The installer supports a lot of different installation methods and in some cases installation methods can be creatively combined. The definition of an installation method is based on the following questions.
The table below shows the answers to these questions for the most common installation methods.
| Method | Boot | Udebs | Base system | Tasks |
|---|---|---|---|---|
| netboot | network (TFTP server) | network | network | network |
| mini.iso | CD | network | network | network |
| businesscard CD | CD | CD | network | network |
| netinst CD | CD | CD | CD | network |
| full CD/DVD | CD | CD | CD | CD (+ network) |
| hd-mediab) | harddisk/USB stick | CD image | CD image/network | CD image/network |
| floppy (net) | boot/root/net-drivers | network | network | network |
| floppy (cd)b) | boot/root/cd-drivers | CD | CD/network | CD/network |
b) Whether packages for the base system and tasks are retrieved from CD (image) or the network depends on the type of CD used in combination with these boot methods.
The boot process for the installer is similar to the boot of a regular system. A bootloader (in some cases the system's firmware) is responsible for loading the kernel and loading the initrd after which init is started. The boot process can be debugged by adding the BOOT_DEBUG parameter.
It is possible to pass additional kernel and boot parameters. Kernel parameters are sometimes needed to get non-conformant hardware supported, or to install from serial console instead of an attached keyboard/display.
Boot parameters can also be used to influence the installer itself. More about this in the section on preseeding.
The boot process is currently quite complex as it needs to support several generations of linux:
The following enumeration gives an overview of the main steps in the boot process.
Sets up initial environment (/proc, /dev; run udev)
/etc/inittab is parsed; this contains:
::sysinit:/sbin/debian-installer-startup::respawn:/sbin/debian-installer/var/log/messages), VT4 (/var/log/syslog)
This is a run-parts like script that executes or sources scripts in /lib/debian-installer-startup.d. The main functions that are performed are:
devfs and sysfs if appropriate
<component>/<template>=<value>) and set these in the debconf database
This is a run-parts like script that sources scripts in /lib/debian-installer.d. The main functions that are performed are:
main-menu (see next section)
main-menu exits)
Scripts in /lib/debian-installer(-startup).d can be architecture specific.
The component main-menu drives the rest of the installation. It is responsible both for dynamically assembling the menu and for executing components when they are selected. Note that the menu is only actually visible when installing at low or medium debconf priority. At higher priorities it is still there, but it will automatically execute the next component without showing the menu to the user.
In some situations the debconf priority is automatically changed. It is reduced when the execution of a component fails, or when the user uses the <Go Back> button to back out all the way to the menu. In these cases it will also be increased back to the original level when the next component executed finishes successfully.
An important characteristic of udebs is that execution of their postinst scripts is delayed. On installation udebs are only unpacked; the execution of the postinst is done by main-menu and is actually what happens when a component is selected in the menu. In other words, main-menu can be said to be responsible for “configuring” the udeb.
For a component to be included in the menu, it needs to have an Installer-Menu-Item line in the dpkg status file (/var/lib/dpkg/status). The order of components in the menu is determined primarily by its dependencies; the menu item number is used only where the order for two or more components cannot be resolved by dependencies alone.
Provides can be used to define virtual states which other components can depend on, as shown in the next example.
Package: netcfg
Status: install ok installed
Version: 1.23
Provides: configured-network
Depends: libc6 (>= 2.3.5-1), libdebconfclient0, libdebian-installer4 (>= 0.37),
dhcp-client-udeb | dhcp3-client-udeb | pump-udeb, libiw28-udeb,
cdebconf-udeb, ethernet-card-detection
Description: Configure the network
Installer-Menu-Item: 18
Package: choose-mirror
Status: install ok unpacked
Version: 1.19
Depends: libc6 (>= 2.3.5-1), libdebconfclient0, libdebian-installer4 (>= 0.38),
configured-network
Description: Choose mirror to install from
Installer-Menu-Item: 23
This example also shows that netcfg has been run successfully (“installed”) while mirror selection has not yet taken place (“unpacked”).
Some components are included in the menu but are not run by default. These components have a menu number higher than finish-install. Examples are components that allow to change the debconf priority, to save debug logs, to check the integrity of a CD-ROM or to abort the installation.
At certain points in the installation, components provide run-parts like execution of scripts. This allows other components to just drop scripts there so that commands can be run at that point in the installation, even though the postinst for the component itself is run earlier or later (if the component even has a postinst).
The main hooks are:
/usr/lib/base-installer.dRun by base-installer before debootstrap is started.
/usr/lib/post-base-installer.dRun by base-installer just before kernel selection/installation.
/usr/lib/finish-install.dRun by finish-install.
Other, more special purpose hooks are /usr/lib/apt-setup/generators, /lib/main-menu.d and /lib/rescue.d.
Besides these general hooks, partman is basically structured as one big collection of hooks where partman components all drop their own scriptlets to extend partman's functionality. The most noteworthy of these hooks is /lib/partman/finish.d as some bootloaders drop scripts there to add checks that ensure the selected partitioning scheme conforms to their requirements.
The installer has some special commands which can be used in postinst or preseeding scripts:
Used to install additional, non-standard d-i components (udebs). It will check if anna has already been run. If it has, the component is unpacked immediately; if it has not, it will be scheduled for installation when anna is run.
Performs the same function for normal packages and installs them in the target system. Packages will either be installed immediately (if called after base-installer) or scheduled for installation as one of the “extra” packages installed near the end of base-installer's postinst script.
Allows to run a command and redirect its output (either stdout or stderr or both) to /var/log/syslog.
Allows to run a command in a chroot on /target with the chroot being set up for more demanding operations. For example, proc and sysfs are mounted and a policy-rc.d is created. Can obviously only be used after the base system has been set up.
There are three preconfiguration methods that are currently supported:
The preconfiguration file /preseed.cfg needs to be present in the initrd. It is read as part of the debian-installer-startup processing.
Triggered by the presence of the preseed/file boot parameter.
Triggered by the presence of the preseed/url boot parameter. In versions later than Etch Beta 2 it is also possible to trigger this from the DHCP server.
Which of these methods is available depends on the installation method.
The main purpose of preseeding is to set default values for debconf questions. Note that it makes no sense when using file or network preseeding to preseed values for questions that are asked before the preconfiguration file is parsed.
Besides offering the option to set default values for debconf questions, preseeding also makes it possible to run scripts at two distinct moments using preseed/early_command and preseed/late_command. The early_command is executed immediately after the preconfiguration file is parsed (only for file and network preseeding); the late_command is executed as part of the finish-install component.
These scripts can be made as complex as you like. One option is to use them to install additional packages on the target system (using apt-install). The early_command could be used to install additional d-i components (using anna-install) or to install scripts in the various hook script directories (if commands need to be executed at a specific point in the installation).
Additional information about preseeding is available in an appendix of the Installation Guide.
Because most of the installer is scripted, it is fairly easy to debug most problems by adding a set -x in the correct place. The obvious place to start is the postinst of the component you want to debug. The output will appear in /var/log/syslog, which can most easily be viewed by starting the internal webserver from the “Save debug logs” menu option (after the network has been configured).
For components written in C debugging is a bit harder. Options are to use the strace udeb (add it to a custom image if needed) or to create a custom version of a component with added debug statements in the source and use that.
For debugging, you will probably want to control when components are started. Booting the installer with install debconf/priority=medium is a good way to achieve that. It will make sure the menu is displayed before a new component is started.
If you boot the installer at medium priority, you will also be able to load the optional component open-ssh-client[4]. Loading this component will allow you to use scp to copy files from the system being installed to another computer and vice versa. Also useful for testing new versions of scripts or commands without rebuilding the udeb and image. The command nc from the netcat package is available by default in the installer.
A udeb (or micro-deb) is a special kind of Debian package. Technically udebs are very similar to regular packages: you can look at their contents using dpkg -c, and extract them using dpkg -x and dpkg -e.
The main difference is that a lot of policy requirements are waived. For example, a udeb does not contain a changelog, licence, manpages or md5sum[5]. The reason is to minimize size which is important as the installation completely takes place in RAM, with swap only becoming available after stage 4 of the installation (partitioning).
Another important difference is that udebs are not really meant to be uninstalled or upgraded.
The relaxed policy requirements are one of the reasons that udebs should not be installed on a normal system. The other reason being that it just doesn't make sense and it's likely to break things.
Two special classes of udebs should be mentioned here. However, covering these in detail is outside the scope of this paper.
Kernel udebs are built basically by repackaging a regular kernel-image package. Reason is again to reduce memory usage: not all modules included in a kernel-image package are needed during an installation. Also, different modules are needed in the initrd for different installation methods, remaining modules can either be loaded later or optionally (by manual selection or through dependencies). The package kernel-wedge contains the toolset used to reorganize a kernel-image package into multiple kernel (module) udebs.
Partman has a very specific structure and requires a fairly strict conformance to this structure for udebs that extend its functionality.
For components that are included in the main menu, the udeb will at least contain:
a postinst
a debconf template that contains the description for the main menu:
debian-installer/<component>/title Type: text _Description: <menu entry>
Other things like additional debconf templates, C programs, hook scripts can be added as needed.
A special type of control file worth mentioning is the .isinstallable file. If a script with this extension is present in /var/lib/dpkg/info for a component, the main menu will run this script and only include the component in the menu if the script exits 0.
Creating a udeb is not all that hard, especially if you use debhelper. debhelper knows the special properties of a udeb and will do the right thing by default at build time. That is, if you don't forget to tell it you are creating a udeb.
The example below shows the debian/control file for a udeb that is supposed to be included in the main menu. Note the special “debian-installer” section.
Source: kbd-chooser
Section: debian-installer
Priority: optional
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Uploaders: [...]
Build-Depends: debhelper (>= 5.0.22), libdebian-installer4-dev (>= 0.41), po-debconf (>= 0.5.0), flex | flex-old , bison, libdebconfclient0-dev (>= 0.49)
Package: kbd-chooser
Architecture: i386 amd64 powerpc alpha hppa sparc [...]
XC-Package-Type: udeb
Depends: ${shlibs:Depends}, ${misc:Depends}, console-keymaps
Description: Detect a keyboard and select layout
XB-Installer-Menu-Item: 12
The line XC-Package-Type tells debhelper to treat the package as a udeb. The XB-Installer-Menu-Item is added in the control file for the udeb and will eventually end up in the dpkg status file to help main-menu figure out that this udeb should be included in the menu and in what order[6].
Packaging a udeb becomes a bit harder if it is derived from a regular package but needs to be compiled with different compiler options (e.g. some features disabled or a different optimization).
The main thing to always keep in mind when creating a udeb is size. It is very important to keep size as minimal as possible. This includes using tabs instead of spaces when indenting in scripts and not being too verbose in comments.
A major recent improvement is the addition of “package type” support in shlibs files for libraries. This allows dpkg-dev and debhelper to automatically set correct dependencies on library udebs when a d-i component that depends on them is built.
For example, the regular binary package zlib1g now has the following lines in its shlibs control file:
libz 1 zlib1g (>= 1:1.2.1) udeb: libz 1 zlib1g-udeb (>= 1:1.2.1)
The second line is specific to the package type “udeb”. This alternative line is used when dpkg-shlibdeps is called with the -tudeb option; dh_shlibdeps will automatically add this option when processing a udeb.
Generating the extra udeb: lines is supported by dh_makeshlibs if the --add-udeb="<udeb name>" option is used. For example, the debian/rules file for libusb contains the following line:
dh_makeshlibs -V -s --add-udeb="libusb-0.1-udeb"
This paper will only provide an introduction to building installer images using existing definitions. The README in installer/build in the SVN repository contains more detailed information about the build system and how to modify existing or define new images.
An image consists of:
Most d-i images are “ready for use”. The exception are the cdrom images which form only the base (kernel and initrd) for creating the actual CD or DVD images. The package used for creating the CD/DVD images is debian-cd.
On some architectures there is one CD image that is ready for use: the mini.iso that is produced as a by-product of the netboot target. Reason is that this image does not really support installing from CD, it just allows booting from CD but retrieves all additional udebs and packages over the network.
It is important to distinguish between building images for release and building images for development/testing use.
A release build is done, as for other packages that are to be uploaded, from the installer directory using debian/rules. This will create a binary package (needed for uploading) containing some documentation, but the important bit is a tarball containing all installer images. After the upload this tarball needs BYHAND processing[7] by FTP-masters before the buildds will pick up the upload for other architectures.
Building images for development and testing is done from the installer/build directory[8] using fakeroot make <target>.
An important difference between release and development builds is that release builds will use udebs for the same suite as the target system being installed, while development builds will by default install testing, but use udebs from unstable[9]. This allows to mostly avoid the occasional breakage of the base system and tasks in unstable while using the most recent udebs.
For both release and development builds the build dependencies as listed in installer/debian/control need to be satisfied.
To build installer images from SVN trunk, your build machine needs to be running unstable or you need to set up a sid chroot to build in. (To build images from the sarge branch of the repository, the build machine needs to run Sarge.)
During the build, the needed udebs will be retrieved from a mirror. By default this mirror is based on your /etc/apt/sources.list (see the generated file build/sources.list.udeb). To use a different source, create a file sources.list.udeb.local.
To see which targets are available, run make. This will result in a list of some 130 targets, most of which are not really relevant. A more useful list can be obtained with make | grep ^build. The table below has the most often used targets for i386.
build_all |
Builds all images |
build_cdrom_isolinux |
Builds the cdrom images (both 2.4 and 2.6) |
build_netboot |
Builds the netboot images (both 2.4 and 2.6) and the mini.iso |
reallyclean |
Completely cleans the build environment |
The reallyclean target is often needed when changes are made between builds because otherwise udebs or information may be retrieved from temporary or cache directories and the changes will not take effect. The rebuild_* targets clean some of this, but not always enough.
The easiest way to start is with the purpose of the subdirectories in the installer/build directory.
config: defines the available targets (per architecture)
pkg-lists: defines which udebs are included in an image (per image type)
boot: contains configuration files and make targets used to make images bootable
localudebs: allows to use (versions of) udebs not available on the mirror you use
util: contains helper scripts called from the Makefile
Two files containing important configuration info are config/dir and config/common. However, normally there should be no need to modify any of the variables defined in these files.
Both the config and pkg-lists directories have a tree structure with general configuration defined in the root and more specific configuration defined in branches and leaves. Branches are defined in directories that have the same name as a config file on the higher level. The config directory contains makefile snippets.
For example, the definition for i386 images starts with config/i386.cfg which, besides the current kernel versions, defines the media supported with the line:
MEDIUM_SUPPORTED = cdrom netboot floppy hd-media
These media correspond to the main targets for i386 and are further defined in config/i386. The netboot.cfg file in that directory contains, amongst others, the following three lines:
FLAVOUR_SUPPORTED = "" 2.6 MEDIA_TYPE = netboot image EXTRATARGETS = build_netboot_2.6
This defines that the netboot image has two flavors: the default one (using a 2.4 kernel) and one using a 2.6 kernel, which is further defined in the config/i386/netboot/2.6.cfg file where the default values of the variables for the kernel version are overruled.
The files in config are processed recursively to dynamically generate the build targets, so in this example you get a netboot, a netboot_2.6 target and targets for the other media. Building is also recursive, so calling the netboot target will automatically build both the netboot and netboot_2.6 images.
The structure of the config files can get quite complex and it can be hard to keep track of the exact role of the different variables set in them.
The list of udebs to be included in an image is built by the util/pkg-list script based on definitions in the pkg-lists directory. Again, processing can be quite complex. Let's take the netboot target for i386 as an example to explain it.
First the file pkg-lists/netboot/i386.cfg is considered and all udebs listed in it are added. Some example lines from that file:
#include "discover"
console-keymaps-at
console-keymaps-usb
usb-discover [2.4]
socket-modules-${kernel:Version} ?
acpi-modules-${kernel:Version} [2.6]
The variable ${kernel:Version} is expanded to match the package name of the udeb based on the kernel version and flavor. If the name of a udeb is followed by “[2.4]” or “[2.6]”, it is only included if the kernel major version for the image being built matches. If it is followed by a question mark it is skipped if the package is not available (without the question mark an error would be generated).
The first line with the #include results in the file pkg-lists/discover being processed next in the same way.
The pkg-list script will also look for the presence of files named common and local and thus pkg-lists/netboot/common is processed next. This file exists and lists a number of udebs that belong in any netboot image, independent of the architecture. This file also contains two include directives:
#include "base" #include "kernel"
Thus, udebs listed in pkg-lists/base (containing udebs common to all images) and pkg-lists/kernel (included in all bootable images) are also processed.
The file pkg-lists/netboot/local does not normally exist as it is intended for the inclusion of non-standard udebs. It is also very useful for testing as it can be used to temporarily add udebs not normally included without the need to modify the regular files.
Finally, the script will check for pkg-lists/local and pkg-lists/exclude. The latter exists and contains some udebs otherwise pulled in by dependencies, but that should not be included because of library reduction, which is covered in the next section. Note that the exclusion if not triggered by the file name, but rather by the dash after the name of the udebs.
All dependencies of udebs listed in pkg-lists will also be automatically included in the image.
To see how the package list is built for a particular image, set my $debug=1; in the util/pkg-list script.
If the build is successful, you will find the images under the build/dest directory. Depending on the type of build you will also find manifest and log files there.
Before the image is created, its contents are assembled in the directory build/tmp/<. The target>tree subdirectory there contains the full contents of the initrd; other subdirectories are used for different purposes.
Library reduction (relinking a library leaving out unused symbols) is used as yet another method to minimize the size of initrds. The downside of library reduction is that this requires the dev and pic packages for the libraries to be reduced to be installed on the build system which also means that their version needs to match the version of the libraries in the udebs.
The size reduction is most significant for libc (40%) and libm (90%). Other libraries that are reduced include libresolv, libslang and libnewt. The reduction is done by calling mklibs from the main Makefile.
As only the executables that are included in an image are taken into account during the library reduction, we have provide for executables in components that are installed later as they would fail if they use symbols that have been taken out.
This is the reason that the udebs containing reduced libraries are excluded in pkg-lists/exclude which results in the udeb not being listed in the /var/lib/dpkg/status file in the intrd. If no udebs that are installed later depend on the library, all is well. If a udeb that does depend on it is installed later, anna (or rather udpkg) will see that the dependency is not satisfied, and will install the udeb so the unreduced library replaces the reduced version.
Note that library reduction is only done after unpacking udebs for inclusion in an image; the libraries included in udebs are never reduced.
The localudebs directory allows to use a different version of udebs than is available from the mirror you use. This can be used to test a new version of a udeb or to run the installer with a debug version of a udeb. It can also be used to build an image with a custom udeb.
To use a local udeb, just copy it into the directory. A Packages file will be generated automatically. Your udeb should have a version equal to or greater than the udeb currently on the mirror you use.
Note that local udebs will only be included in the image if the udeb would be included in a normal build too. So it has to be selected by the pkg-list script. Create a pkg-lists/local or pkg-lists/< to add udebs to the image that would not normally be included.
image>/local
Some things to keep in mind when using localudebs.
If you add an extra udeb, its dependencies will be included too. If those dependencies include virtual packages, the result is not always what you'd expect.
Adding extra udebs will increase the size of the initrd; some architectures have limits for initrd size.
If you use a sources.list.udeb.local, make sure to add as the first line:
deb copy:<path-from-root-to>/installer/build/ localudebs/
Don't forget to clean up after you're finished.
Hopefully this paper will help make Debian Installer more accessible to new developers. If you have any suggestions to improve this document, please mail them to the debian-boot list or the author. The intention of the author is to use this paper as the basis for a d-i developers reference.
For any kind of work on Debian Installer, you should check out the d-i SVN repository on alioth:
$ svn co svn+ssh://svn.debian.org/svn/d-i/trunk
Subscription to the debian-boot list is recommended. To request commit access to the repository, please send a mail to that list.
Some additional development oriented documentation can be found in the repository under installer/doc/devel or in README files included with the source for various components.
[1] Some architectures currently do not use partman for partitioning, file system creation and mount point selection but instead use other components. Some architectures also use specific additional components as part of their default installation. However, this does not make them structurally different.
[2] With one exception. In floppy disk based installations, the initrd does not contain all needed components for stage 2, but it does have the ability to load additional components that belong to stage 1 or are needed for stage 2 from additional floppy disks.
[3]
The last question can also be rephrased as “what source lines are set up in the /etc/apt/sources.list file for the target system”.
[4] If you want to load optional components when installing at the default priority, just back out to the menu and select the component that installs additional installer components.
[5] Of course, the source package for a udeb does need to contain a proper licence and changelog.
[6]
The file installer/doc/devel/menu-item-numbers.txt in the d-i SVN repository documents menu numbers currently in use.
[7] This entails unpacking the tarball into the correct location on the master mirror server and creating/updating the correct symlinks. See for example http://ftp.debian.org/debian/dists/sid/main/installer-i386/.
[8] This includes the daily built images available from http://www.debian.org/devel/debian-installer. These are generated and uploaded from machines run by d-i porters using the daily-build script.
[9]
This is accomplished by including the /installer/build/unstable.cfg preconfiguration file in the initrd.