Skip to content

Instantly share code, notes, and snippets.

@arachsys

arachsys/debian.md

Last active January 1, 2026 11:51
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save arachsys/16ffaff2570a6ce1b6d7f764e208f202 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save arachsys/16ffaff2570a6ce1b6d7f764e208f202 to your computer and use it in GitHub Desktop.
Download ZIP
Downloading a Debian root filesystem
Raw
debian.md

Downloading a Debian root filesystem

This note is mainly for my own benefit but might be handy for others too.

Whenever I want an ad hoc Debian root filesystem to build and test my software on a mainstream consumer Linux distribution, I am frustrated by my struggle to find and download one.

Search engines turn up lots of documentation, but everything seems to involve weird Debian-specific tooling like debootstrap. Please stop! I just want a hassle-free https URL with a simple tarball to download.

Luckily, Debian do generate such a rootfs.tar.xz when publishing their official Docker images, although it is somewhat hard to find. So, without further ado...

Fetching the image

To fetch and unpack a Debian filesystem image in rootfs/:

ARCH=amd64 # or arm64v8, riscv64, etc.
DIST=stable # or testing, unstable, trixie, etc.
REPO=https://github.com/debuerreotype/docker-debian-artifacts
ROOT=$REPO/raw/dist-$ARCH/$DIST/oci/blobs/rootfs.tar.gz
curl -L $ROOT | tar -x -f - -C rootfs --numeric-owner

The resulting "minibase" image is indeed quite minimal for a Debian system. You'll probably want to copy the host /etc/resolv.conf to rootfs/etc/resolv.conf, then once inside the chroot/container:

apt-get -U upgrade
apt-get -y install build-essential

Booting as a VM

To flesh out an image suitable for a Debian VM:

apt-get -U upgrade
apt-get -y install \~pimportant curl openssh-server rsync
apt-get -y --autoremove purge bsd-mailx exim4-\* xauth
sed -i /^Debian-exim:/d /etc/{group,gshadow,passwd,shadow}

ln -s ../sbin/init /etc/init
echo /dev/vda / auto discard,nodev 1 1 >/etc/fstab
systemctl enable systemd-networkd
systemctl mask serial-getty@hvc0 # if headless
networkctl mask 99-default.link

cat >/etc/systemd/network/10-eth0.network <<EOF
[Match]
Name=eth0

[Network]
Address=fe80::2
# Address=...

[Route]
Destination=0.0.0.0/0
Gateway=fe80::1

[Route]
Destination=::/0
Gateway=fe80::1
EOF

cat >/etc/ssh/sshd_config <<EOF
PermitRootLogin yes
Subsystem sftp internal-sftp
UsePAM yes
EOF

passwd root

The apt-get purge here is a sad demonstration of Debian's dependency incontinence. Installing cron fetches and launches a fully-fledged mail server, and installing sshd pulls in xauth and a bunch of X11 libraries. Not content with breaking poor Exim's configuration into a fragmented mess, the exim4 package maintainer has also infested your new system with a tasteful mixed-case Debian-exim user and group.

A short sshd_config is not idiomatic for Debian's /etc, so feel free to bury the active directives amongst hundreds of commented-out ones, then sprinkle liberally with inconsistencies, typos and pidgin English to taste.

Official cloud images

Searching for Debian images for virtual machines is likely to turn up Debian Official Cloud Images, but these are strictly worse than the minibase rootfs above and best avoided.

They are not distributed as a filesystem tarball or even as a clean ext4 image, but only as a partitioned disk image. The tempting tar.xz files are a trap, containing only a single disk.raw file.

They also have an unwanted kernel, bootloader, hard-coded partition IDs in /etc/fstab, and a strange non-standard netplan network configuration which apparently can't express v4-with-v6-next-hop routes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment