Automated installation, system verification
At the moment I got the task to build a firewall using Linux. As I am using
Debian for my desktop system for over an year, I want to use it for the
firewall-basic-system, too. But I have 2 problems:
1. I need an automated installation of the system. It is important that the
installation of the firewall can be done in less than a hour because the
system will be installed on a large number of computers. I will make .deb's for
every piece of additional software that I'm going to compile, configure or
install. Therefore I need something like RedHat's kickstart installation. Most
of the options specified during the install would get the same values for every
install (only the harddisk sizes, the ethernet modules to load and the network
configuration would differ). Is there any way to do this with the debian
2. I need something to verify the system. I know it can be done with tripwire
or something equal, but what I really want is to do it with dpkg (I'm thinking
of "rpm -Va"). Please correct me if I'm wrong, but as far as I know the
PGP-signatures for the .deb's are not included in the files, they are in the
.dsc's. The Packages.gz only provides the MD5-sums.
What I want is to check every file installed by a package for it's size, date,
MD5 and so on (as "rpm -Va" does). I know of a package named "dpkgcert" that
should do the trick, but it's only a proposal (according to it's - possibly
outdated - documentation). Can I do it with dpkg's database or do I have to use
tripwire (which is far to slow to run daily on a heavy-duty firewall) ?
In the last 2 months I installed and testet Debian an RedHat on my desktop
machine and now I have decided to use Debian, when I'm able to solve the
mentioned problems. This decision was mainly influenced by Debian's flexibility
and -more important- bullet-proof stability. RedHat is far away from Debian's
stability during run- and upgrade-time. I also like how dpkg is able to handle
whole system upgrades. But there are also a few points that rpm does better
than dpkg: I like the system verification and I think it's easier to build
rpm's than deb's (although I only read about doing it and never built any of
them for myself). I also do not know if dpkg-source-packages can take more than
one patch to be applied to the original source.
Please let me know if anybody has an idea on how to solve the problems.