X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;ds=inline;f=fai%2Fconfig%2Fscripts%2FIANK%2F11-iank;h=54641b237bcc10b15b30b90bb0f8b662253f8609;hb=HEAD;hp=47b97ad98720d08c4d48338369b413929180bbf5;hpb=051fc89e27bd812a1a45292f6d2a18803ce6f394;p=automated-distro-installer

diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank
index 47b97ad..a10a5bb 100755
--- a/fai/config/scripts/IANK/11-iank
+++ b/fai/config/scripts/IANK/11-iank
@@ -1,4 +1,20 @@
 #!/bin/bash -x
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
@@ -8,31 +24,26 @@ if [[ $EUID != 0 ]]; then
   exit 1
 fi
 
+# ignore this line. hack to make shellcheck ignore $target
+if [[ ! $target ]]; then target=; fi
+
 if ! type -t fcopy &>/dev/null; then
   sudo apt-get -y install fai-client
 fi
 
-if [[ -e /a/bin/fai/fai-wrapper ]]; then
-  chroot() {
-    shift
-    "$@"
-  }
-fi
-
-
-
 # -r = recursive
 # -i = ignore non-matching class warnings, always exit 0
 # -B = no backup files
-fcopy -riBM /boot
+fcopy -riB /boot
 # this is also done by FAIBASE/10-misc by default (without B)
-fcopy -riBM /root
-fcopy -riBM /usr/local/bin
+fcopy -riB /usr/local/bin
+
+fcopy -riB /etc/apt/logind.conf.d
 
 # this gets done by fai, but just happens too often that
 # I add sources due to new distros, whatever.
-fcopy -riBM /etc/apt/preferences.d
-fcopy -riBM /etc/apt/sources.list.d
+fcopy -riB /etc/apt/preferences.d
+fcopy -riB /etc/apt/sources.list.d
 
 
 src=$FAI/distro-install-common/shadow
@@ -43,6 +54,8 @@ if [[ ! -e $dst && -e $src ]]; then
   mount -o bind $src $dst
 fi
 
+
+
 $FAI/distro-install-common/end
 
 
@@ -52,16 +65,13 @@ $FAI/distro-install-common/end
 # I run this as a single post-fai script to update things that have changed.
 tmpfile1=$(mktemp)
 # this can fail if we need an apt update
-chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile1 ||:
-fcopy -riBM /etc/apt
-
-# get ubuntu key, for running from fai wrapper.
-apt-key add $FAI/package_config/UBUNTU.asc
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile1 ||:
+fcopy -riB /etc/apt
 
 tmpfile2=$(mktemp)
-chroot $FAI_ROOT /usr/bin/apt-cache policy >$tmpfile2
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile2
 if ! diff -q $tmpfile1 $tmpfile2; then
-  chroot $FAI_ROOT /usr/bin/apt update
+  $ROOTCMD /usr/bin/apt update
 fi
 # outside of fai, this seems to regularly lead to
 # E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
@@ -84,29 +94,8 @@ fi
 
 
 #### misc configurations
-chroot $FAI_ROOT bash <<'EOFOUTER'
-if getent group systemd-journal >/dev/null; then
-  # makes the journal be saved to disk.
-  mkdir -p /var/log/journal
-  chmod 755 /var/log/journal
-fi
-debconf-set-selections <<EOF
-kexec-tools kexec-tools/load_kexec boolean false
-EOF
-apt-get install -y pxe-kexec
-
-# this is usefull. Only thing reason I see this being disabled by default is
-# that a normal user can disrupt the system, eg cause a reboot.
-sed -i '$a kernel.sysrq=1
-/^kernel.sysrq=/d' /etc/sysctl.conf
-
-EOFOUTER
-
 
 if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then
-  # luks options, see man systemd-cryptsetup-generator
-  # all i know is that with luks.crypttab=no, swap still timed out on boot.
-  # and with rd.luks.crypttab=no, it works.
   if ifclass LINODE; then
     speed=19200
     cmdline="rd.luks.crypttab=no net.ifnames=0 console=ttyS0,${speed}n8"
@@ -131,63 +120,17 @@ TimeoutStartSec=20
 WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device
 EOF
 
-        chroot $FAI_ROOT bash <<'EOFOUTER'
+        $ROOTCMD bash <<'EOFOUTER'
 systemctl enable myncq.service
 /usr/bin/myncq no-upgrub
 EOFOUTER
 
-        ;;
+        ;;&
       # per rubens suggestion to make a d16 more stable
       kd|kw) cmdline+=" pci=realloc=off" ;;
     esac
   fi
 
-  cat >$FAI_ROOT/etc/grub.d/40_custom <<EOF
-#!/bin/sh
-exec tail -n +3 \$0
-# This file provides an easy way to add custom menu entries.  Simply type the
-# menu entries you want to add after this comment.  Be careful not to change
-# the 'exec tail' line above.
-
-# https://www.coreboot.org/Serial_console # tty
-# but removed unneeded stuff
-
-serial --speed=$speed
-terminal_input --append  serial
-terminal_output --append serial
-EOF
-
-
-  chroot $FAI_ROOT bash <<EOF
-set -eE -o pipefail
-# https://askubuntu.com/questions/33416/how-do-i-disable-the-boot-splash-screen-and-only-show-kernel-and-boot-text-inst
-
-sed -ri 's/(^GRUB_CMDLINE_LINUX_DEFAULT=")quiet/\1/;s/^(GRUB_CMDLINE_LINUX_DEFAULT=".*) quiet([ "])/\1\2/' /etc/default/grub
-sed -ri 's/(^GRUB_CMDLINE_LINUX_DEFAULT=")splash/\1/;s/^(GRUB_CMDLINE_LINUX_DEFAULT=".*) splash([ "])/\1\2/' /etc/default/grub
-
-for arg in $cmdline; do
-  if ! grep "^GRUB_CMDLINE_LINUX_DEFAULT=.*[\" ]${arg//./\\.}[\" ]" /etc/default/grub; then
-    sed -ri "s/^GRUB_CMDLINE_LINUX_DEFAULT=\"(.*)/GRUB_CMDLINE_LINUX_DEFAULT=\"$arg \1/" /etc/default/grub
-  fi
-done
-
-if grep -qF "$cmdline" /etc/default/grub; then
-  # already set things, exit
-  exit 0
-fi
-sed -ri 's/^ *GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="$cmdline"/' /etc/default/grub
-# on xenial, no grub is displayed at all. fix that.
-# found just by noticing this in the config file, and a
-# warning about it in error.log
-sed -i '/^ *GRUB_HIDDEN_TIMEOUT/d' /etc/default/grub
-
-if type -P update-grub2 &>/dev/null; then
-  update-grub2
-else
-  update-grub
-fi
-
-EOF
 fi ##### end != dirinstall && != NOCRYPT
 
 
@@ -213,7 +156,9 @@ esac
 # xorg stopped load nouveau
 #  https://www.linuxquestions.org/questions/slackware-14/kernel-modules-conflicting-with-nouveau-driver-4175623867/
 # https://nouveau.freedesktop.org/InstallNouveau.html
-if lspci|grep -q 'GeForce GTX 6[0-9][0-9]\]'; then
+# And now in t11, things got worse with a newer card also not loading
+# nouveau when it did in t10.
+if lspci|grep -q 'VGA compatible controller: NVIDIA'; then
   mkdir -p $target/etc/X11/xorg.conf.d/
   cat >$target/etc/X11/xorg.conf.d/10-nouveau.conf <<'EOF'
 Section "Device"
@@ -224,14 +169,32 @@ EOF
 fi
 
 # use networkmanager if this host has wireless.
-if [[ $HOSTNAME == bo ]] || type -p iw &>/dev/null && [[ $(iw dev) ]]; then
-  chroot $FAI_ROOT bash <<EOF
+if [[ $(iw dev) || $HOSTNAME == so ]]; then
+  $ROOTCMD bash -xe <<EOF
 apt-get -y install network-manager
 EOF
 
   # allow networkmanager to manage interfaces
   #https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1638842
-  touch $target/etc/NetworkManager/conf.d/10-globally-managed-devices.conf
+  # touch $target/etc/NetworkManager/conf.d/10-globally-managed-devices.conf
+  #
+  # in 24.04, netplan takes over and nm won't automatically connect any
+  # ethernet devices. Ya, man NetworkManager helpfully suggests the
+  # config setting device*.managed=1, but of course that isn't REAL
+  # setting, you go to man NetworkManager.conf and find that every
+  # setting has a section.  So what section is that setting in? It
+  # doesn't tell you. You have to figure out that it is implied that a
+  # setting x.y means section x, setting y.  Ok, but what section is
+  # device*? that isn't documented in the man page either (at least not
+  # properly). But if you read closely, you can intuit that device* is
+  # likely a valid section and then try it. Might as use this same magic
+  # config file name since it is supposed to exist, but I have no idea
+  # if it is still magic. note: In figuring this out, I also removed
+  # /etc/netplan/*, which seemed to have no effect. dunno if it matters.
+  cat >$target/etc/NetworkManager/conf.d/10-globally-managed-devices.conf <<'EOF'
+[device*]
+managed=1
+EOF
   # in a default desktop install, it looks like netplan creates this file under
   # run/NetworkManager/conf.d in early boot.
 
@@ -242,18 +205,21 @@ EOF
 [main]
 dns=systemd-resolved
 EOF
-  if [[ $HOSTNAME == frodo ]]; then
-    cat > $target/etc/network/interfaces <<-EOF
-# generated by FAI
-auto lo eth0
-iface lo inet loopback
-iface eth0 inet static
-address 10.3.0.2/16
 
-source-directory /etc/network/interfaces.d
-EOF
+
+  if [[ ! $FAI_WRAPPER || $SSH_CLIENT ]]; then
+    # for running from fai or remote connections, don't kill the internet
+    ethusb_arg=-c
+  fi
+  if [[ $(timeout 1 dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+       && ip n show 10.2.0.1 | grep . &>/dev/null; then
+    # we are at_home
+    $FAI/distro-install-common/ethusb-static $ethusb_arg
+  else
+    $FAI/distro-install-common/ethusb-static off $ethusb_arg
   fi
 
+
 else
   cat > $target/etc/network/interfaces <<-EOF
 # generated by FAI
@@ -282,6 +248,7 @@ fi
 
 if ifclass LINODE; then
   mkdir -p $target/etc/initramfs-tools/conf.d
+  # shellcheck disable=SC2154 # comes with LINODE environment
   cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
 # dhcp in initramfs doesn't work on linode. i dunno why, whatever.
 # man 5 initramfs.conf
@@ -292,7 +259,6 @@ EOF
 
 
   if [[ $HOSTNAME == li ]]; then
-
     cat > $target/etc/network/interfaces <<-EOF
 # generated by FAI
 auto lo eth0
@@ -315,19 +281,13 @@ EOF
   fi
 fi
 
-# I prefer to stick with ifup/down for now. a. networkd is not in its
-# own package, so cant use in other init systems. b. it works fine.
-chroot $FAI_ROOT bash <<EOF
-systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
-systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher systemd-networkd-wait-online
-EOF
 
 ##### end network setup  #####
 
 
-if ifclass VOL_BULLSEYE_BOOTSTRAP; then
+if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
   fcopy /etc/systemd/system/faicheck.service
-  chroot $FAI_ROOT bash <<'EOFOUTER'
+  $ROOTCMD bash <<'EOFOUTER'
 systemctl enable faicheck.service
 EOFOUTER
   exit 0 # avoid unnecessary stuff in bootstrap vol
@@ -335,7 +295,7 @@ fi
 
 
 ## misc settings
-chroot $FAI_ROOT bash <<'EOFOUTER'
+$ROOTCMD bash <<'EOFOUTER'
 #### begin .ssh setup ###
 set -x
 set -eE -o pipefail
@@ -360,7 +320,6 @@ fi
 # but that made a service that started too soon and didn't pick up our
 # x env vars. instead, copy from the root ssh-agent just the
 # appropriate things into a new service.
-rm -f /home/iank/.config/systemd/user/default.target.wants/ssh-agent.service
 
 rm -f /home/iank/.local/share/systemd/user/sshaiank.service \
   /home/iank/.config/systemd/user/default.target.wants/sshaiank.service
@@ -400,3 +359,138 @@ fi
 for g in plugdev audio video cdrom; do
   $ROOTCMD usermod -a -G $g user2
 done
+
+
+# on server, we don't use btrfs, don't need a new kernel afaik.
+if [[ $HOSTNAME == li ]]; then
+  exit 0
+fi
+
+## begin get new kernel and btrfs-progs ##
+case $HOSTNAME in
+  sy|so)
+    # note, on sy t11, severe wifi degredation on mainline 6.8
+    $ROOTCMD apt-get -y install linux-image-generic
+    ;;
+  *)
+    if ! $ROOTCMD dpkg -s -- freesh-archive-keyring  2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+      apt-get -y install wget
+      wget -O $target/tmp/x.deb https://linux-libre.fsfla.org/pub/linux-libre/freesh/pool/main/f/freesh-archive-keyring/freesh-archive-keyring_1.1_all.deb
+      $ROOTCMD dpkg -i /tmp/x.deb
+      $ROOTCMD apt-get update
+      $ROOTCMD apt-get -y install linux-libre
+    fi
+    ;;
+esac
+
+
+#### begin btrfs-progs
+
+# we want these files from the package:
+# /usr/share/initramfs-tools/hooks/btrfs
+# /usr/share/initramfs-tools/scripts/local-premount/btrfs
+# everything else, seems better to take from upstream package.
+for f in $(dpkg-query -L btrfs-progs | gr '/man/|^/s?bin/|^/usr/lib/udev') ; do
+  if [[ ! -f $f ]]; then
+    continue
+  fi
+  # use --no-rename so that I don't need to track whether this was the first
+  # btrfs-progs install.
+  $ROOTCMD dpkg-divert --no-rename --local --add $f
+done
+
+## using dev version for bug fix temporarily. when done, set this to false,
+## and we can stop copying it in fai-redep.
+static_ver=true
+if $static_ver; then
+  # The version with the bug fix is really some git version, but this is
+  # what it outputs for --version.
+  ver=6.10
+  bp_dirname=btrfs-progs
+  if grep -F 'VERSION_CODENAME="aramo"' /etc/os-release; then
+    bp_dirname=btrfs-progs-t11
+  fi
+else
+  bp_dirname=btrfs-progs-release
+  # latest released version.
+  pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs
+  tarball=$(curl -s $pre/sha256sums.asc \
+              | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1)
+  url="$pre/$tarball"
+  dir=${tarball%.tar.gz}
+  ver=${dir#btrfs-progs-}
+fi
+cur_ver=$($ROOTCMD btrfs --version 2>/dev/null | head -n1 | awk '{print $2}') ||:
+
+if [[ $FAI_ROOT == / ]]; then
+  bp_dir=/a/opt/$bp_dirname
+else
+  bp_dir=$FAI/distro-install-common/$bp_dirname
+fi
+
+last_built_ver=$($bp_dir/btrfs --version 2>/dev/null | head -n1 | awk '{print $2}')
+
+if [[ $ver != "$cur_ver" ]]; then
+  # Assume we've build the static_ver version.
+  if $static_ver || [[ $ver == "$last_built_ver" ]]; then
+    if ! $ROOTCMD dpkg -s -- build-essential  2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+      $ROOTCMD apt-get -y install build-essential
+    fi
+
+    if [[ $FAI_ROOT == / ]]; then
+      cd $bp_dir
+      make install
+      mv /usr/bin/{fsck,mkfs}.btfs /usr/sbin/
+    else
+      mkdir -p $target/tmp/bprogs
+      mount -o bind $bp_dir $target/tmp/bprogs
+      # pre-build. in t11:
+      # ./autogen.sh && ./configure --disable-documentation --prefix=/usr && make
+      # in t12, we have the docs prerequisites, so enabled documentation.
+      # We won't have the latest docs in t11, i could install them from the t12
+      # build dir, but meh.
+      $ROOTCMD bash -xe <<EOF
+cd /tmp/bprogs
+make install
+mv /usr/bin/{fsck,mkfs}.btfs /usr/sbin/
+EOF
+    fi
+  else
+    cd $target/tmp
+    wget $url
+    tar xzf $tarball
+    # if we are in a full install, gotta prevent build-dep from
+    # using repos that are pinned negative, and pulling in uninstallable
+    # packages.
+    #
+    # todo: this isn't considering the chroot.
+    if [[ -e /b/distro-functions/src/package-manager-abstractions ]]; then
+      . /b/distro-functions/src/package-manager-abstractions
+      p build-dep btrfs-progs/$(debian-codename) -y
+    else
+      $ROOTCMD apt-get -y build-dep btrfs-progs
+    fi
+    # note: docs requirements are installed when we have a full distro, so
+    # at some point, fix the build for early distro.
+    $ROOTCMD bash -xe <<EOF
+cd /tmp/${tarball%.tar.gz}
+./configure --prefix=/usr
+make
+make install
+mv /usr/bin/{fsck,mkfs}.btfs /usr/sbin/
+EOF
+    # If our desktop is HOST2, will we btrbk this latest bprogs to other
+    # machines.
+    if [[ -s /a/bin/bash_unpublished/source-state ]]; then
+      source /a/bin/bash_unpublished/source-state
+    fi
+    if [[ $HOST2 == "$HOSTNAME" && $FAI_ROOT != / ]]; then
+      rm -rf $bp_dir
+      chown -R iank:iank $target/tmp/${tarball%.tar.gz}
+      mv $target/tmp/${tarball%.tar.gz} $bp_dir
+    fi
+
+
+  fi
+fi
+## end get new kernel and btrfs-progs ##