Debian 12 on Oracle Cloud (Free Tier) - (AMD64/ARM64)

README.md

Requirements:

⚠️ Only FRESH and CLEAN instances are supported. Ubuntu 22.04 (Minimal) images ONLY ⚠️

⚠️ Also you NEED to temporarily open the connection to the 1022 port in Security List / Ingress Rules for your VCN ⚠️

⚠️ After transformation YOU get a clean Debian 12 instance. All other data will be lost. ⚠️

The tmpfs partition is limited to 700m for x86_64 (free tier) compatibility.

Transformation from Ubuntu to Debian (x86_64/arm64) steps:

1. Download the script (to YOUR local machine with SSH (public key) access to a remote Oracle Cloud Instance)

wget https://gist.githubusercontent.com/ishad0w/10a536f82c79d3b890d04243634df806/raw/oci_ubuntu_to_debian.multiarch.sh

2. Make it executable.

chmod +x oci_ubuntu_to_debian.multiarch.sh

3. Replace '1.1.1.1' with your OCI Instance DNS name or IP address:

./oci_ubuntu_to_debian.multiarch.sh 1.1.1.1

4. Profit.

oci_ubuntu_to_debian.multiarch.sh

#!/bin/bash
trap "exit" INT
echo -e "\nHost:"
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -p 22 ubuntu@$1 \
    'uname -a && arch && uptime && sudo touch /home/ubuntu/.hushlogin /root/.hushlogin'

echo -e "\nAdding temporary SSH-key for Ubuntu root user..."
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -p 22 ubuntu@$1 \
    'sudo cat /home/ubuntu/.ssh/authorized_keys | sudo tee /root/.ssh/authorized_keys'

echo -e "\nSystem trimming..."
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -p 22 root@$1 -T <<'EOL'
export DEBIAN_FRONTEND=noninteractive
snap remove --purge oracle-cloud-agent && snap remove --purge core18
apt-get purge -y linux-* lxc* lxd* vim* snapd* python*
apt-get update && apt-get install -y lsof
apt-get -y autoremove --purge
apt-get -y autoclean
rm -rf /var/log/* /var/lib/apt/* /var/cache/apt/*
df -h
EOL
echo "Check free space! for "/" mountpoint. <=700mb"
waittime=15
while [ $waittime -gt 0 ]; do
   echo -ne "$waittime\033[0K\r"
   sleep 1
   : $((waittime--))
done

echo -e "\nPreparing system..."
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -p 22 root@$1 -T <<'EOL'
cd /
echo "Mounting tmpfs..."
mount -t tmpfs -o size=700m tmpfs mnt && tar --one-file-system -c . | tar -C /mnt -x
mount --make-private -o remount,rw /
mount --move dev mnt/dev && mount --move proc mnt/proc
mount --move run mnt/run && mount --move sys mnt/sys
sed -i "/^[^#]/d;" mnt/etc/fstab
echo "tmpfs / tmpfs defaults 0 0" >> mnt/etc/fstab
cd mnt && mkdir old_root
mount --make-private /
sleep 2

echo "Changing the root mount..."
unshare -m
pivot_root . old_root
sleep 5

echo "Starting SSH on 1022..."
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 1022 -j ACCEPT
nohup /usr/sbin/sshd -D -p 1022 > /dev/null 2>&1 &
EOL

echo -e "\nFlashing the Debian image..."
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -p 1022 root@$1 -T <<'EOL'
echo "Arch is $(arch)..."

IMAGEMIRROR="https://cloud.debian.org/images/cloud/bookworm"
IMAGEVERSION="debian-12-genericcloud"
IMAGEBUILD="20240701-1795"

for i in agetty dbus-daemon atd iscsid rpcbind unattended-upgrades; do pkill $i; done; kill 1; umount -l /dev/sda1
if [ $(arch) = "x86_64" ]
    then curl -L $IMAGEMIRROR/$IMAGEBUILD/$IMAGEVERSION-amd64-$IMAGEBUILD.tar.xz | tar -OJxvf - disk.raw | dd of=/dev/sda bs=1M; 
elif [ $(arch) = "aarch64" ]
    then curl -L $IMAGEMIRROR/$IMAGEBUILD/$IMAGEVERSION-arm64-$IMAGEBUILD.tar.xz | tar -OJxvf - disk.raw | dd of=/dev/sda bs=1M; 
else 
    echo Unsported architecture!
fi
sleep 5

echo "Syncing changes to the block storage..."
sync
sleep 5

echo "Rebooting into Debian!"
nohup sh -c 'echo "1" > /proc/sys/kernel/sysrq && sleep 5 && echo "b" > /proc/sysrq-trigger' > /dev/null 2>&1 &
EOL

echo -e "\nWaiting until Debian starts... (3 min)"
waittime=180
while [ $waittime -gt 0 ]; do
   echo -ne "$waittime\033[0K\r"
   sleep 1
   : $((waittime--))
done

echo -e "\nAdding temporary SSH-key for Debian root user..."
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -p 22 debian@$1 \
    'sudo cat /home/debian/.ssh/authorized_keys | sudo tee /root/.ssh/authorized_keys'

echo -e "\nDebian inititialisation..."
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -p 22 root@$1 -T <<'EOL'
export DEBIAN_FRONTEND=noninteractive
echo "deb http://deb.debian.org/debian/ bookworm main contrib non-free non-free-firmware
deb http://deb.debian.org/debian/ bookworm-updates main contrib non-free non-free-firmware
deb http://deb.debian.org/debian/ bookworm-backports main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware" > /etc/apt/sources.list
apt-get update && apt-get install -y locales-all
rm -rf /root/.ssh/
sync
reboot
EOL

sleep 10
echo -e "\nDone!"

with SSH (public key) access to a remote Oracle Cloud Instance

Where do I put the ssh key address while doing /oci_ubuntu_to_debian.multiarch.sh my_vps_ip_address ?

This doesn't work: /oci_ubuntu_to_debian.multiarch.sh my_vps_ip_address -i ~/some_folder/my_public_ssh_key.pub

edit: I was accidentally using pub key, also I added -i ~/some_folder/my_public_ssh_key manually into the file wherever we login

Same problem as afteroot, with a clean Canonical-Ubuntu-22.04-Minimal-aarch64-2023.04.18-0 Installation.

Also i get after the errors following:

Changing the root mount...
Starting SSH on 1022...

Flashing the Debian image...
ssh: connect to host 193.122.14.231 port 1022: No route to host

Waiting until Debian starts... (3 min)

Adding temporary SSH-key for Debian root user...
kex_exchange_identification: read: Connection reset by peer

Debian inititialisation...
kex_exchange_identification: read: Connection reset by peer

Done!

Note i`ve added the rule for the vcn.

I've got exactly the same result. Did you managed to open the port somehow in the Security List?

After applying the clean script and ubuntu-22.04-minimal--aarch64 image, I am unable to log in, but it appears the script was a success though. I tried using the debian user, ubuntu user, root user, or even a backdoor user that I tried to use, but debian keeps saying login incorrect or when sshing in, publickey denied when using the hostname for some reason?? I am not sure how to proceed. Not sure why the genericcloud/generic images for debian aren't working either

This worked perfectly for me, thank you so much.

@kokomo123: the debian user worked for me

Same problem as afteroot, with a clean Canonical-Ubuntu-22.04-Minimal-aarch64-2023.04.18-0 Installation.
Also i get after the errors following:

Changing the root mount...
Starting SSH on 1022...

Flashing the Debian image...
ssh: connect to host 193.122.14.231 port 1022: No route to host

Waiting until Debian starts... (3 min)

Adding temporary SSH-key for Debian root user...
kex_exchange_identification: read: Connection reset by peer

Debian inititialisation...
kex_exchange_identification: read: Connection reset by peer

Done!

Note i`ve added the rule for the vcn.

I've got exactly the same result. Did you managed to open the port somehow in the Security List?

@LIONNNNNN @Baterka or anyone passing by here, try to use the oldest version of Ubuntu 22.04 Minimal. I made it work with version 2024.08.27-0, but was failing on the lastest 2024.10.06-0

After applying the clean script and ubuntu-22.04-minimal--aarch64 image, I am unable to log in, but it appears the script was a success though. I tried using the debian user, ubuntu user, root user, or even a backdoor user that I tried to use, but debian keeps saying login incorrect or when sshing in, publickey denied when using the hostname for some reason?? I am not sure how to proceed. Not sure why the genericcloud/generic images for debian aren't working either

Same problem here.