From 2583093ef54aec321dc0dddad0876f2d664af2c9 Mon Sep 17 00:00:00 2001
From: tesuji <taolzu@gmail.com>
Date: Wed, 12 Nov 2025 04:24:02 +0000
Subject: [PATCH 1/3] add a Dockerfile to build the disk image

Also use the archive link for `debootstrap` to avoid EOL links.
---
 scripts/create-image/Dockerfile      | 36 ++++++++++++++++
 scripts/create-image/configure.sh    | 64 ++++++++++++++++++++++++++++
 scripts/create-image/create-image.sh | 63 ++-------------------------
 scripts/create-image/debootstrap.sh  | 13 ++++++
 4 files changed, 117 insertions(+), 59 deletions(-)
 create mode 100644 scripts/create-image/Dockerfile
 create mode 100755 scripts/create-image/configure.sh
 create mode 100755 scripts/create-image/debootstrap.sh

diff --git a/scripts/create-image/Dockerfile b/scripts/create-image/Dockerfile
new file mode 100644
index 0000000..cbb570d
--- /dev/null
+++ b/scripts/create-image/Dockerfile
@@ -0,0 +1,36 @@
+FROM ubuntu:24.04 AS base
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+SHELL ["/bin/bash", "-c"]
+
+RUN <<EOF
+apt-get update
+apt-get install -y \
+    ssh \
+    debootstrap \
+    e2fsprogs \
+    $NULL
+apt-get clean
+ln -sf /bin/env /bin/sudo
+EOF
+
+ENV DIR=chroot
+ENV RELEASE=trixie
+ENV PREINSTALL_PKGS=openssh-server,curl,tar,gcc,libc6-dev,time,strace,sudo,less,psmisc,selinux-utils,policycoreutils,checkpolicy,selinux-policy-default,wget
+ENV ADD_PACKAGE="make,sysbench,git,vim,tmux,usbutils,tcpdump,net-tools"
+
+ENV FEATURE=minimal
+ENV SEEK=2047
+ENV PERF=false
+ENV IN_DOCKER=true
+
+# Use COPY after agt-get to allow caching apt
+WORKDIR /src
+COPY --chmod=0755 debootstrap.sh /src/
+RUN ./debootstrap.sh
+
+# will copy the img file to /mnt. Need --privilege flag for docker run.
+COPY --chmod=0755 configure.sh /src/
+CMD ["bash", "-x", "./configure.sh"]
+
diff --git a/scripts/create-image/configure.sh b/scripts/create-image/configure.sh
new file mode 100755
index 0000000..385b2aa
--- /dev/null
+++ b/scripts/create-image/configure.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+# Copyright 2025 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+# Set some defaults and enable promtless ssh to the machine for root.
+sudo sed -i '/^root/ { s/:x:/::/ }' $DIR/etc/passwd
+echo 'T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100' | sudo tee -a $DIR/etc/inittab
+mkdir -p $DIR/etc/network
+printf '\nauto eth0\niface eth0 inet dhcp\n' | sudo tee -a $DIR/etc/network/interfaces
+echo '/dev/root / ext4 defaults 0 0' | sudo tee -a $DIR/etc/fstab
+echo 'debugfs /sys/kernel/debug debugfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
+#echo 'securityfs /sys/kernel/security securityfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
+#echo 'configfs /sys/kernel/config/ configfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
+echo 'binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc defaults 0 0' | sudo tee -a $DIR/etc/fstab
+echo "kernel.printk = 7 4 1 3" | sudo tee -a $DIR/etc/sysctl.conf
+echo 'debug.exception-trace = 0' | sudo tee -a $DIR/etc/sysctl.conf
+echo "net.core.bpf_jit_enable = 1" | sudo tee -a $DIR/etc/sysctl.conf
+echo "net.core.bpf_jit_kallsyms = 1" | sudo tee -a $DIR/etc/sysctl.conf
+echo "net.core.bpf_jit_harden = 0" | sudo tee -a $DIR/etc/sysctl.conf
+echo "kernel.softlockup_all_cpu_backtrace = 1" | sudo tee -a $DIR/etc/sysctl.conf
+echo "kernel.kptr_restrict = 0" | sudo tee -a $DIR/etc/sysctl.conf
+echo "kernel.watchdog_thresh = 60" | sudo tee -a $DIR/etc/sysctl.conf
+echo "net.ipv4.ping_group_range = 0 65535" | sudo tee -a $DIR/etc/sysctl.conf
+echo -en "127.0.0.1\tlocalhost\n" | sudo tee $DIR/etc/hosts
+echo "nameserver 8.8.8.8" | sudo tee -a $DIR/etc/resolve.conf
+echo "pwn" | sudo tee $DIR/etc/hostname
+
+# Add perf support
+if [ "$PERF" == "true" ]; then
+    cp -r $KERNEL $DIR/tmp/
+    sudo chroot $DIR /bin/bash -c "apt-get update; apt-get install -y flex bison python-dev libelf-dev libunwind8-dev libaudit-dev libslang2-dev libperl-dev binutils-dev liblzma-dev libnuma-dev"
+    sudo chroot $DIR /bin/bash -c "cd /tmp/linux/tools/perf/; make"
+    sudo chroot $DIR /bin/bash -c "cp /tmp/linux/tools/perf/perf /usr/bin/"
+    rm -r $DIR/tmp/linux
+fi
+
+# create a default user called user
+echo "user::1000:1000:user:/home/user:/bin/bash" | sudo tee -a $DIR/etc/passwd
+echo "user:x:1000:" | sudo tee -a $DIR/etc/group
+sudo mkdir -p $DIR/home/user/.ssh
+sudo chown -R 1000:1000 $DIR/home/user
+
+# install python3
+sudo chroot $DIR /bin/bash -c "apt-get update"
+sudo chroot $DIR /bin/bash -c "apt-get install -y python3 && ln -s /usr/bin/python3 /usr/bin/python"
+
+# create ssh key and save it
+ssh-keygen -f $RELEASE.id_rsa -t rsa -N ''
+sudo mkdir -p $DIR/root/.ssh/
+cat $RELEASE.id_rsa.pub | sudo tee $DIR/root/.ssh/authorized_keys
+cat $RELEASE.id_rsa.pub | sudo tee $DIR/home/user/.ssh/authorized_keys
+sudo chown -R 1000:1000 $DIR/home/user
+
+# Build a disk image
+dd if=/dev/zero of=$RELEASE.img bs=1M seek=$SEEK count=1
+sudo mkfs.ext4 -F $RELEASE.img
+sudo mkdir -p /fs/$DIR /mnt
+sudo mount -o loop $RELEASE.img /fs/$DIR
+sudo cp -a $DIR/. /fs/$DIR/.
+sudo umount /fs/$DIR
+
+if [ "$IN_DOCKER" = true ]; then
+    cp $RELEASE.* /mnt
+fi
diff --git a/scripts/create-image/create-image.sh b/scripts/create-image/create-image.sh
index e585af1..e504684 100755
--- a/scripts/create-image/create-image.sh
+++ b/scripts/create-image/create-image.sh
@@ -20,6 +20,7 @@ RELEASE=trixie
 FEATURE=minimal
 SEEK=2047
 PERF=false
+IN_DOCKER=false
 
 # Display help function
 display_help() {
@@ -77,66 +78,10 @@ if [ $PERF = "true" ] && [ -z ${KERNEL+x} ]; then
 fi
 
 # If full feature is chosen, install more packages
-if [ $FEATURE = "full" ]; then
+if [ "$FEATURE" = "full" ]; then
     PREINSTALL_PKGS=$PREINSTALL_PKGS","$ADD_PACKAGE
 fi
 
-sudo rm -rf $DIR
-mkdir -p $DIR
-sudo debootstrap --include=$PREINSTALL_PKGS $RELEASE $DIR
+source ./debootstrap.sh
+source ./configure.sh
 
-# Set some defaults and enable promtless ssh to the machine for root.
-sudo sed -i '/^root/ { s/:x:/::/ }' $DIR/etc/passwd
-echo 'T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100' | sudo tee -a $DIR/etc/inittab
-printf '\nauto eth0\niface eth0 inet dhcp\n' | sudo tee -a $DIR/etc/network/interfaces
-echo '/dev/root / ext4 defaults 0 0' | sudo tee -a $DIR/etc/fstab
-echo 'debugfs /sys/kernel/debug debugfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
-#echo 'securityfs /sys/kernel/security securityfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
-#echo 'configfs /sys/kernel/config/ configfs defaults 0 0' | sudo tee -a $DIR/etc/fstab
-echo 'binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc defaults 0 0' | sudo tee -a $DIR/etc/fstab
-echo "kernel.printk = 7 4 1 3" | sudo tee -a $DIR/etc/sysctl.conf
-echo 'debug.exception-trace = 0' | sudo tee -a $DIR/etc/sysctl.conf
-echo "net.core.bpf_jit_enable = 1" | sudo tee -a $DIR/etc/sysctl.conf
-echo "net.core.bpf_jit_kallsyms = 1" | sudo tee -a $DIR/etc/sysctl.conf
-echo "net.core.bpf_jit_harden = 0" | sudo tee -a $DIR/etc/sysctl.conf
-echo "kernel.softlockup_all_cpu_backtrace = 1" | sudo tee -a $DIR/etc/sysctl.conf
-echo "kernel.kptr_restrict = 0" | sudo tee -a $DIR/etc/sysctl.conf
-echo "kernel.watchdog_thresh = 60" | sudo tee -a $DIR/etc/sysctl.conf
-echo "net.ipv4.ping_group_range = 0 65535" | sudo tee -a $DIR/etc/sysctl.conf
-echo -en "127.0.0.1\tlocalhost\n" | sudo tee $DIR/etc/hosts
-echo "nameserver 8.8.8.8" | sudo tee -a $DIR/etc/resolve.conf
-echo "pwn" | sudo tee $DIR/etc/hostname
-
-# Add perf support
-if [ $PERF = "true" ]; then
-    cp -r $KERNEL $DIR/tmp/
-    sudo chroot $DIR /bin/bash -c "apt-get update; apt-get install -y flex bison python-dev libelf-dev libunwind8-dev libaudit-dev libslang2-dev libperl-dev binutils-dev liblzma-dev libnuma-dev"
-    sudo chroot $DIR /bin/bash -c "cd /tmp/linux/tools/perf/; make"
-    sudo chroot $DIR /bin/bash -c "cp /tmp/linux/tools/perf/perf /usr/bin/"
-    rm -r $DIR/tmp/linux
-fi
-
-# create a default user called user
-echo "user::1000:1000:user:/home/user:/bin/bash" | sudo tee -a $DIR/etc/passwd
-echo "user:x:1000:" | sudo tee -a $DIR/etc/group
-sudo mkdir -p $DIR/home/user/.ssh
-sudo chown -R 1000:1000 $DIR/home/user
-
-# install python3
-sudo chroot $DIR /bin/bash -c "apt-get update"
-sudo chroot $DIR /bin/bash -c "apt-get install -y python3 && ln -s /usr/bin/python3 /usr/bin/python"
-
-# create ssh key and save it
-ssh-keygen -f $RELEASE.id_rsa -t rsa -N ''
-sudo mkdir -p $DIR/root/.ssh/
-cat $RELEASE.id_rsa.pub | sudo tee $DIR/root/.ssh/authorized_keys
-cat $RELEASE.id_rsa.pub | sudo tee $DIR/home/user/.ssh/authorized_keys
-sudo chown -R 1000:1000 $DIR/home/user
-
-# Build a disk image
-dd if=/dev/zero of=$RELEASE.img bs=1M seek=$SEEK count=1
-sudo mkfs.ext4 -F $RELEASE.img
-sudo mkdir -p /mnt/$DIR
-sudo mount -o loop $RELEASE.img /mnt/$DIR
-sudo cp -a $DIR/. /mnt/$DIR/.
-sudo umount /mnt/$DIR
diff --git a/scripts/create-image/debootstrap.sh b/scripts/create-image/debootstrap.sh
new file mode 100755
index 0000000..fb6f945
--- /dev/null
+++ b/scripts/create-image/debootstrap.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+# Copyright 2025 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+sudo rm -rf $DIR
+mkdir -p $DIR
+
+if ! \
+  sudo debootstrap --include=$PREINSTALL_PKGS $RELEASE $DIR; \
+then
+  sudo debootstrap --no-check-gpg --include=$PREINSTALL_PKGS $RELEASE $DIR \
+    http://archive.debian.org/debian
+fi

From 32097fa0eb4399284ff58675a52acbc93929ff3a Mon Sep 17 00:00:00 2001
From: tesuji <taolzu@gmail.com>
Date: Thu, 13 Nov 2025 10:06:48 +0000
Subject: [PATCH 2/3] prevent using ./configure.sh directly which could brick

users' host machines.
---
 README.md                           |  9 +++++++++
 scripts/create-image/Dockerfile     |  2 +-
 scripts/create-image/configure.sh   | 14 ++++++++++++++
 scripts/create-image/debootstrap.sh |  0
 4 files changed, 24 insertions(+), 1 deletion(-)
 mode change 100755 => 100644 scripts/create-image/configure.sh
 mode change 100755 => 100644 scripts/create-image/debootstrap.sh

diff --git a/README.md b/README.md
index 8482cd4..fca9d6c 100644
--- a/README.md
+++ b/README.md
@@ -79,6 +79,15 @@ mkdir qemu/build && cd qemu/build && ../configure --target-list=x86_64-softmmu -
 cd scripts/create-image/ && ./create-image.sh && cd ../..
 ~~~
 
+Or if you prefer using docker to build your image:
+~~~
+cd scripts/create-image/
+docker build -t img .
+docker run -v $(pwd):/mnt --privileged --rm img
+~~~
+
+Notice that `privileged` is necessary because we want to use `/dev/loop*` inside docker.
+
 ### Step 4: Install uv
 ~~~
 pip install uv
diff --git a/scripts/create-image/Dockerfile b/scripts/create-image/Dockerfile
index cbb570d..8778b11 100644
--- a/scripts/create-image/Dockerfile
+++ b/scripts/create-image/Dockerfile
@@ -32,5 +32,5 @@ RUN ./debootstrap.sh
 
 # will copy the img file to /mnt. Need --privilege flag for docker run.
 COPY --chmod=0755 configure.sh /src/
-CMD ["bash", "-x", "./configure.sh"]
+CMD ["bash", "-c", "set -ex; source ./configure.sh"]
 
diff --git a/scripts/create-image/configure.sh b/scripts/create-image/configure.sh
old mode 100755
new mode 100644
index 385b2aa..5b71d7d
--- a/scripts/create-image/configure.sh
+++ b/scripts/create-image/configure.sh
@@ -2,6 +2,20 @@
 # Copyright 2025 syzkaller project authors. All rights reserved.
 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
 
+usage() {
+    echo "Please use the ./create-image.sh instead." >&2
+    exit 1
+}
+
+# Prevent execution if not sourced
+(return 0 2>/dev/null) || {
+    usage
+}
+
+if [ -z "$DIR" ] || [ "$(realpath "$DIR")" = / ]; then
+    usage
+fi
+
 # Set some defaults and enable promtless ssh to the machine for root.
 sudo sed -i '/^root/ { s/:x:/::/ }' $DIR/etc/passwd
 echo 'T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100' | sudo tee -a $DIR/etc/inittab
diff --git a/scripts/create-image/debootstrap.sh b/scripts/create-image/debootstrap.sh
old mode 100755
new mode 100644

From a57a368ee336488c7f916db0c188633042666dac Mon Sep 17 00:00:00 2001
From: tesuji <taolzu@gmail.com>
Date: Thu, 13 Nov 2025 10:24:11 +0000
Subject: [PATCH 3/3] fix typos and prefer coreutils readlink

---
 README.md                         | 2 +-
 scripts/create-image/Dockerfile   | 4 ++--
 scripts/create-image/configure.sh | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index fca9d6c..9b9c266 100644
--- a/README.md
+++ b/README.md
@@ -83,7 +83,7 @@ Or if you prefer using docker to build your image:
 ~~~
 cd scripts/create-image/
 docker build -t img .
-docker run -v $(pwd):/mnt --privileged --rm img
+docker run -v "$(pwd)":/mnt --privileged --rm img
 ~~~
 
 Notice that `privileged` is necessary because we want to use `/dev/loop*` inside docker.
diff --git a/scripts/create-image/Dockerfile b/scripts/create-image/Dockerfile
index 8778b11..0a51c96 100644
--- a/scripts/create-image/Dockerfile
+++ b/scripts/create-image/Dockerfile
@@ -30,7 +30,7 @@ WORKDIR /src
 COPY --chmod=0755 debootstrap.sh /src/
 RUN ./debootstrap.sh
 
-# will copy the img file to /mnt. Need --privilege flag for docker run.
+# will copy the img file to /mnt. Need --privileged flag for docker run.
 COPY --chmod=0755 configure.sh /src/
-CMD ["bash", "-c", "set -ex; source ./configure.sh"]
+CMD ["bash", "-c", "set -ex; source /src/configure.sh"]
 
diff --git a/scripts/create-image/configure.sh b/scripts/create-image/configure.sh
index 5b71d7d..6ceba96 100644
--- a/scripts/create-image/configure.sh
+++ b/scripts/create-image/configure.sh
@@ -3,7 +3,7 @@
 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
 
 usage() {
-    echo "Please use the ./create-image.sh instead." >&2
+    echo "Please use ./create-image.sh instead." >&2
     exit 1
 }
 
@@ -12,7 +12,7 @@ usage() {
     usage
 }
 
-if [ -z "$DIR" ] || [ "$(realpath "$DIR")" = / ]; then
+if [ -z "$DIR" ] || [ "$(readlink -f "$DIR")" = / ]; then
     usage
 fi