Build your own live USBs!

Have you ever wanted to build your ultimate live boot ISO. No bloat, no weird ui, just the functionality you want. In this article i go over making this dream a reality using archiso.

Setup

For this you will need an arch, or arch based system set up, either on bare metal or in a vm. I also recommend giving it a fair bit of ram, the more the better. Having an up to date cpu is also recommended but not required, but both having more ram and having a faster cpu will make building your ISO files much faster.

Package you will need: archiso

To setup and start working on our iso we will adapt a profile already prepared by arch creators, to do that:


								simsin@arch:~$ cp -r /usr/share/archiso/configs/relang /path/to/our/dir

Profile Structure

After opening the copied directory you will see the following:

Going from the left:

- airootfs - one of, if not the most important place for us, this directory is a reflection of our built system, any thing we place there will get copied to the ISO in the exact structure we give it.

- bootstrap_packages.x86_64 - self explanatory, we don't need to edit this.

- efiboot - systemd-boot configuration directory.

- grub - grub configuration directory.

- packages.x86_64 - config where we put all packages that we want in our ISO, you need to be careful, it doesn't allow for any white-space except for newlines.

- pacman.conf - configuration for pacman that will used to install packages and will be copied to the final build.

- profiledef.sh - file defining our profile, what bootloaders we use, and file permisions.

- syslinux - directory for the syslinux bootloader.

Making the ISO

First problem I've encountered was that systemd-sysusers was failing to launch on the created os. I'd assume that this would be solved with adding the necessary systemd accounts/groups into /etc/passwd, shadow, group and gshadow but the simpler solution that I found is just copying these files from the machine we are building the ISO from.

Copying configuration over worked flawlessly but i noticed some issues with how hyprland (on wayland) behaved when live booted on other machines. Without proper gpu drivers reaching the systemd's graphical target was really slow. On some hardware hyprland had severe graphical glitches making it unusable. Because of this experience for my live systems I've switched to X11, and i3-WM.

The other problem was LSPs for my neovim, there were multiple files that needed to be executable, and file permissions are not copied to the new system . I could list all of the files in profiledef.sh but a faster way for me, was to make a service that will tweak permissions at startup.

To do that, I created fix_perms.service in /etc/systemd/system of the airootfs, and put this into it:

							
								[Unit]

								Description=Fix File Permissions on Boot

								After=local-fs.target

								[Service]

								Type=oneshot

								ExecStart=/usr/local/bin/fix_perms.sh

								RemainAfterExit=true

								[Install]

								WantedBy=multi-user.target

Under the same directory there is another one called mutli-user.target.wants, there i created a sym link back to the file above.

As you see the service executes /usr/local/bin/fix_perms.sh on startup, there I put everything to fix permissions, in the same file i also run locale-gen, even though its not related to fixing permissions.

To make sound work on startup, I found ~/.config/systemd/user holding all services enabled to run under our user. I copied everything related to pipewire from there to our ISO.

Custom Software

Since we are building a custom ISO, we'd probably want software from outside the official repositories. Arch repos have surprisingly large amount of cybersec packages - the ones I'm interested in, but some are still absent, for example: burpsuite. To install it we will create a local repository. There are many sources we could take packages for our repo from, we could:

- build them ourselves

- build ones from AUR

- download already built ones from other repos

Since I'm a lazy mf, i decided to use the last option. Since I'm interested in cybersec packages, I can use blackarch repositories to get the packages.

To create this local repository, and add the packages, we run:


								simsin@arch:~$ repo-add localrepo.db.tar.gz *.pkg.tar.zst

To add the repositories to our ISO building process we add the following lines to pacman.conf in our profile:

							
								[localrepo]

								SigLevel = Optional TrustAll

								Server = file:///path/to/repo/

And we add the package names we want installed to packages.x86_64 file.

Building the image

Its just a simple command:

							
								simsin@arch:~$ sudo mkarchiso -w /tmp/workdir -o /path/to/output/
								/path/to/profile

Here we are placing the work directory in tmpfs for faster build time, you can change that, without the '-r' flag this directory will persist. You can delete it manually after build so it doesn't eat up your ram/disk space.

Have fun building your ISOs.