x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-[[ $EUID == 0 ]] || exec sudo -i "${BASH_SOURCE}" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+LC_USEBASHRC=t; . ~/.bashrc
usage() {
cat <<EOF
generated around the same time as the nfsroot, at least so it has the
same kernel version.
+
+Note: there is a bug in 5.9.4, fixed by adding
+ sleep 2
+
+Note: in t9, there is a bug in recent fai packages (eg 2021+), where
+ unshare uses a too new argument. I was able to fix it by
+ just going to the site of the error and changing unshare to
+ chroot like it used to be, but I'm not bothering to make
+ any persistent fix, since I'm now on t10. If it ever came
+ up again, using an old fai package would also work.
+
+/usr/sbin/fai-make-nfsroot:503, before apt-get update
+
+
EOF
exit $1
}
base=${1:-buster}
arch=${2:-64}
+
+if [[ $base == [[:upper:]] ]]; then
+ echo $0: error: use lowercase base
+ exit 1
+fi
+
basefile=($BASEFILE_DIR/${base^^}${arch^^}.tar.gz)
sed="sed -ri --follow-symlinks"
[[ $(dpkg --print-architecture) == armhf ]]
}
-if grep -xFq 'VERSION="8 (jessie)"' /etc/os-release; then
- gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
- cat >/etc/apt/sources.list.d/fai.list <<'EOF'
-deb https://fai-project.org/download jessie koeln
-EOF
-elif grep -iE 'VERSION=.*(stretch|flidas|xenail|buster|etiona)' /etc/os-release; then
- # fai on ubuntu only has official support using the universe repo, but newer
- # tends to have less bugs.
- wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
-
- case $base in
- stretch)
- cat >/etc/apt/sources.list.d/fai.list <<'EOF'
-deb https://fai-project.org/download stretch koeln
-EOF
- ;;
- buster)
- cat >/etc/apt/sources.list.d/fai.list <<'EOF'
-deb https://fai-project.org/download buster koeln
+# fai on ubuntu only has official support using the universe repo, but newer
+# tends to have less bugs.
+wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
+
+update=false
+case $base in
+ stretch|buster|bullseye)
+ if ! grep -qFx "deb https://fai-project.org/download $base koeln" /etc/apt/sources.list.d/fai.list; then
+ update=true
+ fi
+ cat >/etc/apt/sources.list.d/fai.list <<EOF
+deb https://fai-project.org/download $base koeln
EOF
- ;;
- esac
-else
- rm -f /etc/apt/sources.list.d/fai.list
+ ;;
+ *)
+ echo "$0: error: script needs updating for new base" >&2
+ exit 1
+ ;;
+esac
+
+f=/var/cache/apt/pkgcache.bin;
+if [[ -r $f ]]; then
+ cachetime=$(stat -c %Y $f );
+ now=$(date +%s)
+ limittime=$(( now - 60*60*2 ))
+ if (( cachtime > limittime )); then
+ update=true
+ fi
fi
-apt-get update
+if $update; then
+ apt-get update
+fi
# Relevant packages from fai-quickstart depends and fai-server recommends.
# I especially do not wait isc-dhcp-server or an inetd. Also excludes
# kernel, or the ability to install it.
# xorriso is for running fai-cd -a, not strictly need for fai-server
# perl-tk is for fai-monitor-gui
-pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso)
+pkgs=(fai-doc tftpd-hpa tar reprepro squashfs-tools binutils xorriso perl-tk)
if modprobe nfsd &>/dev/null; then
pkgs+=(nfs-kernel-server)
else
# like default, but scrap httpredir, and nonfree.
# All my systems should be able to get along without nonfree
# for a base working system afaik.
+
cat >/etc/fai/apt/sources.list <<EOF
deb $r $base main contrib
-deb http://security.debian.org/debian-security $base/updates main contrib
EOF
-
+### begin setup security repo ###
case $base in
- jessie|stretch|buster)
+ stretch|buster)
cat >>/etc/fai/apt/sources.list <<EOF
-# use fai repo. it's commented in the defaults. it's got bug fixes.
-# and may contain newer packages.
-deb http://fai-project.org/download $base koeln
+deb http://security.debian.org/debian-security $base/updates main contrib
EOF
;;
+ *)
+ # new naming convention
+ cat >>/etc/fai/apt/sources.list <<EOF
+deb http://security.debian.org/debian-security $base-security main contrib
+EOF
esac
+### end setup security repo ###
-if [[ $base == jessie ]]; then
- cat >>/etc/fai/apt/sources.list <<'EOF'
-# fix tar https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
-deb http://ftp.debian.org/debian jessie-backports main
-EOF
- # note, fai doesn\'t look at /etc/fai/apt/preferences.d
- cat >/etc/fai/apt/preferences <<'EOF'
-Package: tar
-Pin: release a=jessie-backports
-Pin-Priority: 500
+
+cat >>/etc/fai/apt/sources.list <<EOF
+# use fai repo. it's commented in the defaults. it's got bug fixes.
+# and may contain newer packages.
+deb http://fai-project.org/download $base koeln
EOF
-fi
+
+## Get latest kernel and btrfs for dealing with btrfs issues.
+# if [[ $base == buster ]]; then
+# cat >>/etc/fai/apt/sources.list <<'EOF'
+# deb http://ftp.debian.org/debian buster-backports main
+# EOF
+# # note, fai doesn\'t look at /etc/fai/apt/preferences.d
+# cat >/etc/fai/apt/preferences <<'EOF'
+# Package: linux-* firmware-linux-free btrfs-progs
+# Pin: release a=buster-backports
+# Pin-Priority: 500
+# EOF
+# fi
$sed -f - /etc/fai/nfsroot.conf <<EOF
# tftp environment
local pxebin
- # wheezy path
- if [ -f $NFSROOT/usr/lib/PXELINUX/pxelinux.0 ]; then
- pxebin=$NFSROOT/usr/lib/PXELINUX/pxelinux.0
- else
- # jessie+ path
- pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
- fi
+ # jessie+ path
+ pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
rm -f $NFSROOT/boot/*.bak
mkdir -p $TFTPROOT/pxelinux.cfg
fi
rm -f /srv/fai/nfsroot/root/.ssh/known_hosts
-key=$(ssh-keyscan localhost |& grep -o "ecdsa-sha2-nistp256.*")
+if [[ $HOSTNAME == kd ]]; then
+ keyscan_arg="-p 8989"
+ fi
+key=$(ssh-keyscan $keyscan_arg localhost |& grep -o "ecdsa-sha2-nistp256.*")
for ip in faiserver $(ip addr show up| grep -w '^ *inet' | awk '{print $2}'| cut -d / -f 1 | grep -vF 127.0.0.1); do
echo "$ip $key" >>/srv/fai/nfsroot/root/.ssh/known_hosts
done