Ever wanted to be able to boot Linux1 over the network using an Ethernet cable but without setting up a PXE? Now you only need a SMB server that can be installed anywhere!
SKUF Network Boot System allows you to boot the Arch Linux2 operating system on a computer connected to network via Ethernet using USB flash drive (150MB minimum) and a SMB file share.
Caution
The only supported distribution is Arch Linuxโข. Other shitty systems like Debian, Ubuntu, Manjaro, Fedora, openSUSE, etc. are NOT supported and NEVER WILL BE.
Two computers in the same network:
Server:
- Running SMB file server
- Your user on the SMB server has a password. Users without password or anonymous access are not supported
Client:
- Connected to network via Ethernet cable. Wireless is not supported.
- A temporary USB stick/CD/DVD with the
skuflinux
image (you can also use Ventoy) - Brain not poisoned with beer so you have enough brain cells to read this manual
Caution
Prebuilt binaries and ISO images will NEVER be available due to possible security risks. Read the build instructions carefully.
Note
The example illustrates how the server
and client
work together.
Server โ a computer with the SMB
server running.
Client โ a computer that will boot the system from the server
over the network using a cable
You have a USB flash drive/CD/DVD with an ISO image of skuflinux
on it. You have two PCs in your room/college/office. First one is the one you will be sitting at. The other one is running SMB server with a directory that you have write access to. That directory contains filesystem image with the Arch Linux distribution and the skuf
package installed on it.
After booting from USB drive with skuflinux
you will be prompted to enter SMB server address and port, user credentials and path to filesystem image (you can unplug your USB flash drive at this point). Now SKUF script will do the following:
- Obtain an IP address using
dhcpcd
- Mount the SMB directory (read-only)
- Mount the image volume with Arch Linux (read-only)
- Generate an encrypted string with your answers to the questions asked earlier
- Load kernel and initramfs from a previously mounted Arch Linux image into RAM
- Unmount SMB and image volume with Arch Linux
- Execute kexec
Now when the kernel and initramfs of your Arch Linux were loaded from SMB server, SKUF mounts system image again:
- The newly booted system obtaining IP address again
- The previously encrypted string contained your answers to the questions. It was passed to the kernel command line (
/proc/cmdline
) in encrypted form, and will now be decrypted, so you don't have to write it all over again. - Mounting the SMB directory again (read/write)
- Mounting the image with Arch Linux again (read/write)
- Once everything mounted, SKUF executes switch_root and system is booted. Congratulations!
See also: Arch Wiki article
Caution
The only supported distribution is Arch Linuxโข. Other shitty systems like Debian, Ubuntu, Manjaro, Fedora, openSUSE, etc. are NOT supported and NEVER WILL BE.
To build SKUF
on a non-Arch-based system, run Arch Linux, for example, in a docker
container:
docker run -it archlinux
arch-install-scripts
archiso
base
base-devel
binutils
clang
orgcc
musl
linux-api-headers
kernel-headers-musl
patch
(optional, forbuild_rootfs_tar.sh
, if patches present)
Clone this repository using git:
git clone https://github.com/BiteDasher/skuf
cd skuf
./switch-tag latest
Tune encryption obfuscation and encryption password (see Customization instructions):
vim tune.password
vim tune.crypt
Setup defaults for ISO
(optional):
vim defaults
Install required packages:
./install_deps.sh
Run configuraion sripts:
./tune_crypt.sh
./tune_password.sh
./setup_defaults.sh
Build SKUF:
./build_rootfs_tar.sh
./build_package.sh
./setup_repo.sh
./build_iso.sh
./create_image.sh SIZE_IN_GIGABYTES additional_packages
# For sparse file, use ./create_image.sh -s
Note
Basic installation of Arch Linux without GUI or any additional software takes about 1 GB.
Done! ๐ช๐ Now write skuflinux-smth.iso
to your USB drive, put arch.ext4
into your directory on SMB server and try SKUF Network Boot System.
String for /proc/cmdline
is encrypted using OpenSSL. You need to specify encryption password and number of iterations in the tune.password
file in following format:
ITERATIONS_COUNT PASSWORD
Note
For an example, see the tune.passwordX
file
String that is encrypted through OpenSSL is eventually turned into a base64 string. You can obfuscate this string by swapping these symbols. Write pairs of letters or numbers in the following format to the tune.crypt
file:
A B
X Y
I O
0 1
4 8
Note
For an example, see the tune.cryptX
file
When you booted up the skuflinux
ISO image from your media device, you will be asked questions like: SMB server address, SMB server port, SMB protocol version and so on. Edit the defaults
file if you want to preset them manually.
Table of main SKUF variables:
Variable | Meaning |
---|---|
SAMBA_USERNAME |
Username for the SMB server * |
SAMBA_PASSWORD |
User password for the SMB server * |
SAMBA_ADDRESS |
Address of the SMB server where the client directory with the Arch Linux image is located * |
SAMBA_PORT |
SMB server port |
SAMBA_VERSION |
SMB server protocol version |
SAMBA_DOMAIN |
Domain for the SMB server (default domain is WORKGROUP ) |
VOLUME_PATH |
Path to the directory on the SMB server where the client Arch Linux image volume and swap file are located(see Tips and Tricks) * |
VOLUME_FILENAME |
Arch Linux image volume name that is located in VOLUME_PATH * |
SWAP_FILENAME |
Swap file name that is located in VOLUME_PATH |
SAMBA_EXTRA_MOUNT_OPTS |
Additional SMB mount options. Applies to both step 1 and step 2 of SKUF boot process |
VOLUME_EXTRA_MOUNT_OPTS |
Additional client Arch Linux image volume mount options. Applies to both step 1 and step 2 of SKUF boot process |
CHECK_FS |
Whether to check the integrity of a file system image with Arch Linux. Accepts Yes or No . Applies only to step 2 |
EXTRA_KERNEL_OPTS |
Additional linux kernel options |
PATH_TO_NEW_KERNEL |
Path to the new kernel that will be loaded using kexec. The new kernel must be in the Arch Linux image that is lies on SMB server * |
PATH_TO_NEW_INITRAMFS |
Path to the new initramfs that will be loaded using kexec alongside kernel. The new initramfs must be in the Arch Linux image that is lies on SMB server * |
Table of auxiliary SKUF variables:
Variable | Meaning |
---|---|
MAX_SMB_RETRY_COUNT |
Maximum number of attempts to re-enter SMB credentials if the first mount attempt failed. Applies only to step 1 |
SKIP |
Automate the startup process. Set to 0 or nothing if you want to achieve the default behavior of having to enter answers to questions using keyboard. Set to 1 if you want the startup to proceed without your participation. Be sure you have set all the mandatory variables! Applies to step 1 |
Note
"Mandatory" variables are marked with an asterisk at the end.
Note
- Use
,,,
as a separator in extra mount options to specify additional mount options that will be concatenated and applied only to step 2 (i.e. mount options specified only before,,,
will be applied to step 1 and options specified both before and after,,,
will be applied to step 2). - Use
,,,|
as a separator in extra mount options to specify different mount options for step 1 and step 2 (i.e. everything before,,,|
will be applied only to step 1 and everything after,,,|
will be appled only to step 2).
If you need to change any presets before booting into SKUF, you can change the bootable kernel parameters through the bootloader. This can be useful when you have, for example, an iMac with a wireless keyboard that only works in EFI
applications.
The way to change kernel parameters depends on the bootloader:
syslinux
: hit Tab and start typinggrub2
: select entry in menu and click e to open editorsystemd-boot
: click e and start typing
You can specify presets using one or more kernel variables like this:
skuf.samba_username="Username with spaces"
skuf.SAMBA_PASSWORD='Password \' with \\ character escaping'
skuf.VOLUME_PATH=Path\ with\ spaces\ and\ \"quotes\'
skuf.skip=1
The syntax of the variable is as follows: skuf.
+ any variable from SKUF variable table in lower or upper case.
Note
- To escape
"
inside"double quotes"
, use\"
- To escape
'
inside'single quotes'
, use\'
- To escape
"
,'
,\"
,\'
,\
respectively - In all cases above, to escape
\
themselves, use\\
Important
Variables set via this method will be prioritized over every variable you specified in method โ1
Curly brackets allow you to set several variables at once:
{username;password;address;;;;volume\\path;volume \; file;;;;;;/kernel;/initramfs}
The syntax corresponds to the order of the main variables from the SKUF variable table separated from each other by semicolons.
Note
- To escape
;
, use\;
- To escape
\
themselves, use\\
Square brackets allow you to set only username and password at the same time:
[username;password;with;semicolons]
Note
Unlike curly brackets, there's no escaping required.
-
In case you did not specify
skuf.skip
in the kernel parameters, but used brackets or specified other kernel variables, script will attempt to applyskuf.skip=1
, but only if you have set (or have already set) the 7 mandatory variables listed above. -
Setting
skuf.skip=1
will omit all variable checks. -
The
skuf.skip
preset in the kernel parameters will have a higher priority than sameSKIP
preset set in thedefaults
file.
To update remote systems, use the update_remote_systems.sh
script from this repository. It should work on all linux systems with bash
and a couple of basic utilities installed. Short links: spoo.me/updskuf yaso.su/updskuf
Demonstration of the script running in tmux mode
Let's assume you have an SMB server mounted in /samba
:
/samba
โโโ John Doe
โ โโโ arch.ext4
โโโ Foo Bar
โ โโโ arch.ext4
โโโ Lady Muck
โโโ arch.ext4
And so, you need to run the following command to update these 3 systems:
./update_remote_systems.sh /samba/*/arch.ext4
Tip
To update SKUF and the system itself, put the package file somewhere and add -p /path/to/skuf.pkg.tar
to script arguments.
Note
To skip a specific system for update, create the /etc/skuf_disable_external_update
file on the client system.
-
It is highly recommended to have an individual folder with a volume file in it for each user on the SMB server. With this setup, there will be fewer possible caching issues (e.g.
cache=singleclient
). -
You can place a swap file next to the Arch Linux image volume so you can use it on your system. The swap file will be connected over the network as a loop device.
-
You can use Plymouth in step 2. Add
splash
toEXTRA_KERNEL_OPTS
to thedefaults
file, also don't forget to addHOOKS=(... plymouth ...)
to theskuf_src/mkinitcpio.conf
and installplymouth
package. -
In step 1, you can write
@u@
and@fu@
in the path to the client(your) directory, in the path to the image volume file and in the swap file. If you login asjohn@corp.domain
,@u@
will bejohn
and@fu@
will bejohn@corp.domain
. -
After building the ISO image and creating a file system image with Arch Linux you can execute
sudo ./clean.sh
to remove unnedeed files. -
You can execute custom post-install script/binary inside chroot during image creation via
./create_image.sh
. To do this, specify the file location via thePOST_INSTALL
environment variable. -
Password for
root
andtest
users inarch.ext4
is0000
-
If you enter something incorrectly while entering SMB address, kernel path, etc. at step 1 and fall into the interactive shell, write
reboot -f
. No, you cannot restart the script. Train your attention. -
If the client computer has
UEFI
, you can installSKUF
on aFAT32 EFI
partition so you don't have to use a USB flash drive/CD/DVD. To do this, mountskuflinux-smth.iso
somewhere (like /mnt), then copy/mnt/skuf/boot/x86_64/{vmlinuz-linux,initramfs-linux.img}
toFAT32 EFI
partition and executeefibootmgr -c -d /dev/sdX -p Y -u 'initrd=\initramfs-linux.img' -l '\vmlinuz-linux' -L 'SKUF'
where /dev/sdX is the target disk and Y is the targetFAT32 EFI
partition number.
skuf_demo.mp4
Huge thanks to the Arch Linux development team for their awesome distribution, archiso and mkinitcpio utilities. They made the creation of this project much easier.
Footnotes
-
The registered trademark Linuxยฎ is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis. โฉ
-
Copyright ยฉ 2002-2024 Judd Vinet, Aaron Griffin and Levente Polyรกk. The Arch Linux name and logo are recognized trademarks. Some rights reserved. โฉ