Create Minimal Debian Upstream Images with Debos and Armbian – CNX Software

CNX Software – Embedded Systems News
Reviews, tutorials and the latest news about embedded systems, IoT, open-source hardware, SBC's, microcontrollers, processors, and more
[Update June 28: Post updated with correct procedure thanks to Collabora help]
Armbian provides lightweight Debian or Ubuntu images for various Arm Linux SBC, and over the years has become the recommended source for stable firmware images for boards part of Orange Pi & Banana Pi families, and others.
Uncompressed images are still over 1GB and come with Armbian-specific tools, kernel and bootloader. If you’d like to leverage Armbian images, but instead create a Debian upstream image with only the packages you intend to use, Collabora explains how to do just that with Orange Pi Zero +2 H5 and Libre Computer AML-S905X-CC (aka Le Potato) boards using Debos Debian OS builder.
Debos Armbian Debian Orange Pi Zero Plus 2 H5
I’ve decided to give a try at the instructions for Orange Pi Zero Plus2 H5 in my laptop running Ubuntu 18.04 to better understand how this all works.
I’ll assume you’ve already installed Docker, and made sure you’ve got it working as a non-root user, so we can install Debos as follows:

Configuration for Debos is made through a YAML files. Collabora has already provided such file for Orange Pi Zero 2+ board: orangepi0p2.yaml. You’ll need to modify it to your version of Armbian as I did below. Note getting the latest version number for Armbian is critical, or the script will fail with something like:

I’ve also added comments explaining a bit more about each sections:

The next command requires KVM for QEMU, and we should run it as normal user:

Logout and login again. Now in theory this command should create  our image:

But sadly, I’ve run into permissions errors, I’ve been unable to fix after a couple of hours:

My username is part of kvm and docker groups:

and the KVM modules are indeed loaded:

I got stuck here, but with Frédéric Danis’ help (see comments below), I could solve the permission issue:

The /recipes/scripts directory is however missing, and that’s because I wrongly assume debos would just need to be feed the yaml file. Instead we also need to get scripts and overlays directories from gitlab, and copy our updated yaml file into debos-armbian2debian/1-ArmbianKernel directory:

Now we can enter the directory, and run the previous command to generate the minimal image:

After a few minutes, the image should be generated:

You’ll find it in the working directory:

Now you can flash the image to your SD card as follows:

Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via PayPal or cryptocurrencies, become a Patron on Patreon, or buy review samples

Related posts:
> Uncompressed images are still over 1GB and come with Armbian-specific tools, kernel and bootloader. To save a lot of space for the uncompressed image with Armbian simply choose btrfs instead of ext4 at image creation time. You can also save additional space by using Armbian’s customization features and skip most of if not all packages referenced in the $PACKAGE_LIST_ADDITIONAL variable. And by skipping ‘Armbian-specific tools’ you choose both lower performance and less reliability. I really wonder whether those people obsessed by small image sizes and ‘Debian upstream’ ever did performance comparisons or checked what Armbian does to increase life… Read more »
I consider armbian to be the Ubuntu of the embedded SoCs. Is the center of the distros universe for many reasons. Nevertheless, I like to see other alternatives from time to time, because the more the better in terms of choices for different use cases. Also people learn by doing those things. So I’m glad seeing new stuff and people try to do whatever they like to do.
> I consider armbian to be the Ubuntu of the embedded SoCs. Is the center of the distros universe for many reasons. I couldn’t agree less since for me Armbian is not even a distro 🙂 It’s a flexible build system able to generate bootable Linux images from scratch in various flavors: 3 x Debian and 3 x Ubuntu. Majority of work deals with collecting and consolidating kernel patches (and as such Armbian is often months or even years ahead of ‘upstream Debian’ wrt hardware support for vast majority of interesting boards). The other important part is SBC specific tweaks… Read more »
You’re right! I’ve miss-used the word distro. Of course it’s a build system. I do the same mistake often for SBC and BSP. Since I’m building quite a lot of distros (I mean proper distros this time :p) for different architectures like ARM and x86, I’ve had to build distros that were a few MBs in size that the only thinks they did was just to run a single process in the initramfs, up to distros of 10ths of GBs that were running a huge application framework on top. This is why I’ve said there’s room for everything. Whatever the… Read more »
> Armbian … made from people that are aware of the embedded domain Don’t think so. Armbian’s origins are ‘energy efficient and inexpensive server stuff’… on ARM since ~5 years ago something like a Cubieboard, Cubietruck, CuBox i4 or a BananaPi seemed like an ideal choice for small servers due to ‘native SATA’ and so on while x86 offers were way more expensive and wasted a lot more energy. Project matured, in early 2016 we started to support H3 boards (most probably the biggest mistake in the project’s history) but still the focus was on server, NAS, now also Linux… Read more »
why h3 boards support was a mistake?
As tkaiser pointed out, if you want to get this “into the bushes” on making your own image, the Armbian build system supports doing just about anything you could hope for. And, skipping the Armbian utilities/bsp packages would be disastrous on several boards, and at the very least ill-advised on the rest.
Hi, I am Gustavo Padovan, from Collabora. Thanks for trying this out, most of the time our people are using Debian to run debos (I usually do it from Fedora). This issue is new to us, can you confirm that your user has access to /dev/kvm? A ‘ls /dev/kvm’ will tell us that.
I’m trying to understand where in the stack this bug is so I can work with the team here to fix this if it happens to be in debos itself. I’ll be happy if you can check that for us.
Here’s the output:

The user (jaufranc) is part of kvm group, so it should have read/write access.
The user inside the container will need access to /dev/kvm, so it needs to be part of kvm group.
Could you try to add “–group-add $(getent group kvm | cut -d: -f3)” to docker command, i.e.

Thanks that did the trick for the permission issue, but there’s another problem: docker run –rm –interactive –tty –device /dev/kvm –group-add $(getent group kvm | cut -d: -f3) –user $(id -u) –workdir /recipes –mount “type=bind,source=$(pwd),destination=/recipes” –security-opt label=disable godebos/debos orangepi0p2.yaml qemu-system-x86_64: -virtfs local,mount_tag=virtfs-5,path=/recipes/scripts,security_model=none: cannot initialize fsdev ‘virtfs-5’: failed to open ‘/recipes/scripts’: No such file or directory open /tmp/fakemachine-686249639/result: no such file or directory 123 docker run –rm –interactive –tty –device /dev/kvm –group-add $(getent group kvm | cut -d: -f3) –user $(id -u) –workdir /recipes –mount “type=bind,source=$(pwd),destination=/recipes” –security-opt label=disable godebos/debos orangepi0p2.yamlqemu-system-x86_64: -virtfs local,mount_tag=virtfs-5,path=/recipes/scripts,security_model=none: cannot initialize fsdev ‘virtfs-5’: failed to open ‘/recipes/scripts’: No… Read more »
Do you have scripts and overlays directories in the orangepi0p2.yaml directory?
orangepi0p2.yaml relies on some scripts and overlays.
You can retrieve them from
Oops. OK I missed that part. I through debos would just automatically retrieve anything it wanted. That works now. I’ll edit the post accordingly.
It did not complete successfully. 2019/06/28 09:30:43 ==== Update U-Boot menu ==== 2019/06/28 09:30:44 u-boot-update | P: Checking for EXTLINUX directory… found. 2019/06/28 09:30:44 u-boot-update | P: Writing config for vmlinuz-4.19.38-sunxi64… 2019/06/28 09:30:44 u-boot-update | P: Updating /boot/extlinux/extlinux.conf… 2019/06/28 09:30:44 ==== raw ==== 2019/06/28 09:30:44 Action <code>raw</code> failed at stage Run, error: Failed to read /scratch/mnt/usr/lib/linux-u-boot-next-orangepizeroplus2-h5_5.83_arm64/sunxi-spl.bin Powering off. 1234567 2019/06/28 09:30:43 ==== Update U-Boot menu ====2019/06/28 09:30:44 u-boot-update | P: Checking for EXTLINUX directory… found.2019/06/28 09:30:44 u-boot-update | P: Writing config for vmlinuz-4.19.38-sunxi64…2019/06/28 09:30:44 u-boot-update | P: Updating /boot/extlinux/extlinux.conf…2019/06/28 09:30:44 ==== raw ====2019/06/28 09:30:44 Action <code>raw</code> failed at stage Run,… Read more »
Armbian encode a version number in path to u-boot binaries, from your pastedbin the version currently installed is 5.85.
So, you should replace 5.83 by 5.85 in raw actions, lines 75 and 80 of your recipe.
Thank you. All good now!
I’m not sure how exactly debos works in Docker, but to get it going on your Ubuntu you need to create empty files at the locations it expects (i.e. kernel modules). Ubuntu has those modules compiled into the kernel while Debian ships them as modules, and it seems debos at the moment verifies the file is there before doing a modprobe call.
I have to clarify this only applies to running debos outside of the docker image and directly in the host Ubuntu system.
Recently I took a different approach to accomplish more or less the same to get Ubuntu 18.04 minimal onto an Allwinner board. Instead of running a builder I just downloaded the ARM (netboot) installation initrd from Ubuntu and ran it using qemu emulating the full ARM processor itself. It is quite slow to run the installer this way but in the end you’ll have the same Ubuntu installation as you’d have running the installer on general i386/AMD64 architectures which I find quite favorable because the resulting base installation is exactly as I have on my PC. I used ‘’ as… Read more »


We will be happy to hear your thoughts

Leave a reply

Compare items
  • Total (0)