_Originally created by @intrigeri on [#15349 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/15349)_ # Problem statement We use vmdebootstrap to build the VM image used for building Tails ISO images with Vagrant ([vagrant/definitions/tails-builder/generate-tails-builder-box.sh).](vagrant/definitions/tails-builder/generate-tails-builder-box.sh).) vmdebootstrap [barely made it in Buster](https://sources.debian.org/src/vmdebootstrap/1.9-1/debian/NEWS/) and will not be in Bullseye. # Work in progress Based on the `15349-vmdb2` branch: - [x] generate Vagrant box with vmdb2 that boots - [x] integrate into the build system so it's easy to test and work on - [x] ~~drop `--rootfs-tarball` and container image support~~ (apparently that option is still needed) - [x] build Tails images using that Vagrant box - [x] size: 2 vs. 20GB - [x] set -u - [x] clean up artifacts on error/exit - [x] get APT serials dynamically - [x] remove vmdebootstrap leftovers: `customize.sh`, `postinstall.sh` - [x] compare to our existing scripts, looking for missing or outdated bits - [x] make sure we pass `mitigations=off` to the kernel command-line - [x] update doc: `git grep vmdebootstrap` - [x] before merging, try to reproduce the latest Tails release (check out the tag, then apply this whole branch's diff without committing, edit `box_name()` in `vagrant/lib/tails_build_settings.rb` so it returns the vagrant box name that you want to try (i.e. one generated with this branch, possibly built with the same APT serials as the release we're trying to reproduce) and then build with the `ignorechanges` option) - [x] Bring back lost comments - [x] send heads up to tails-dev@ # Sources of inspiration - https://wiki.debian.org/SystemBuildTools - <https://salsa.debian.org/cloud-team/fai-cloud-images> - <https://salsa.debian.org/cloud-team/vagrant-boxes> - <https://salsa.debian.org/cloud-team/qemu-vm/> And wrt. replacing Vagrant altogether, see: - vagrant-libvirt [has no maintainer](https://github.com/vagrant-libvirt/vagrant-libvirt/issues/1069) as of 2020-02-14 - It would be nice, for long term perspectives, if our build system worked in a standard GitLab CI worker environment. Needing KVM support is probably an obstacle. - tails/tails#7580 and <https://tails.boum.org/blueprint/replace_vagrant/> - tails/tails#7530 and <https://tails.boum.org/blueprint/evaluate_Docker/> # Attachments * [0001-WIP.patch](https://redmine.tails.boum.org/code/attachments/download/2326/0001-WIP.patch) # Related issues - **Related to** tails/tails#7530 - **Related to** tails/tails#7580 - **Related to** tails/tails#15864 - **Related to** tails/tails#5691