debootstick(8) Generate a bootable image from a Debian-based chroot environment


debootstick [options] SOURCE DEST


debootstick generates a bootable image (at DEST) from a Debian-based chroot environment (at SOURCE).

SOURCE must be a directory containing a standard Debian-based chroot environment (such as one generated with debootstrap(8)). The output image generated at DEST should then be copied to a USB stick or disk.

The embedded system is:
- ready to be used (no installation step)
- viable in the long-term, fully upgradable (kernel, bootloader included)
- compatible with BIOS and UEFI systems

debootstick can also generate installer media. See option --system-type below.


debootstick follows the usual GNU command line syntax, with long options starting with two dashes (`-'). A summary of options is included below.
-h, --help
Show summary of options.
-v, --version
Show version of program.
Describe which chroot environments are supported.
--system-type [live|installer]
Specify which kind of system is targeted. The default is live. When booting a system where installer was selected, the system will try to migrate to a larger device on first startup. If live was selected, or if no such option was specified, no migration will occur. See section INSTALLER MEDIA below.
--kernel-package PACKAGE_NAME
Specify the kernel that should be installed. Without this option, debootstick will install a common one (depending on the embedded distribution).
--config-hostname HOSTNAME
Specify the hostname the embedded system will have.
--config-kernel-bootargs BOOTARGS
Specify boot arguments to be added to the kernel. (You may specify several arguments, e.g. --config-kernel-bootargs "console=ttyS0 acpi=off".)
Prompt for the root password of the embedded system and set it accordingly.
Remove the root password of the embedded system (root login will not prompt any password).
Ask for the root password when the system will be booted for the first time.
Update grub configuration to show boot menu on serial line.


The most common workflow is the following.

1- Generate a chroot environment:
debootstrap --variant=minbase jessie /tmp/jessie_tree

2- (Optionaly) customize it:
chroot /tmp/jessie_tree; [...]; exit

3- Generate the bootable image:
debootstick --config-root-password-ask /tmp/jessie_tree /tmp/img.dd
Enter root password:
Enter root password again:

4- Test it with kvm.
cp /tmp/img.dd /tmp/img.dd-test # let's work on a copy, our test is destructive
truncate -s 2G /tmp/img.dd-test # simulate a copy on a 2G-large USB stick
kvm -hda /tmp/img.dd-test # the test itself (BIOS mode)

5- Copy the boot image to a USB stick or disk.
dd bs=10M if=/tmp/img.dd of=/dev/your-device

The USB device may now be booted on any BIOS or UEFI system.


debootstick expects a chroot environment built for amd64 or i386 systems. Of course, the resulting image will reflect this initial architecture, and thus it should be booted on a compatible system.
debootstick also needs that the host system is able to execute binaries in the chroot environment. For example, trying to run it with an amd64 chroot environment on an i386 host will fail.
debootstick will check this kind of things on startup.


When first booting a system built with the --system-type installer option, it will look for a larger disk and move to that disk. This operation does not require a reboot. Once done, the system will just continue its bootup procedure (and the initial device can be removed).
CAUTION: Any data on the target disk will be lost.
Also note that the system is moved, not copied. Thus the initial device cannot be used anymore after the migration, unless you copy an image again, of course.


It is also possible to test the UEFI boot with kvm, if you have the ovmf package installed, by adding -bios /path/to/OVMF.fd to the kvm command line.

Many Live distributions propose a highly compressed system based on a squashfs image. They handle writes using an overlay based on a filesystem union. While this allows the system to remain compact in the first times, this also has disavantages:
- Some important files remain read-only and cannot be upgraded (that is the case of the linux kernel and the bootloader) which quickly leads to security issues or upgrade problems.
- Storing modified files in an overlay and never releasing the room needed for the original versions in the squashfs image is counter-productive in the long term.
One of the objectives behind debootstick was to provide a viable long-term live system, therefore this kind of setup has been discarded.


Etienne Duble ([email protected])