From: Ian Kelling
Date: Fri, 7 Jun 2024 04:46:48 +0000 (-0400)
Subject: enable ecne and noble
X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;ds=sidebyside;h=HEAD;hp=edb1a99660561c51aa5c7803d978284c7b423842;p=automated-distro-installer
enable ecne and noble
---
diff --git a/README b/README
index da28e4e..5e01bb4 100644
--- a/README
+++ b/README
@@ -104,11 +104,18 @@ fai/config/distro-install-common/end
and which shadow file / luks file(s) to copy into the new machine depends
on fai-redep arguments.
-Also, setup dns in bind and wrt-setup-local.
+Also, setup dns in /p/c/host-info and firewall redirects in wrt-setup-local.
After install, btrbk to setup data, and then distro-begin && distro end.
See notes in distro-begin for other configuration.
+# Prerequesites:
+
+
+git clone https://git.savannah.nongnu.org/git/bash-bear-trap.git
+sudo install -T bash-bear-trap/bash-bear /usr/local/lib/bash-bear
+
+
# Scripts (meant to be used directly):
@@ -125,10 +132,10 @@ fai-redep -t TARGET_HOSTNAME && sudo fai-cd -M -g $PWD/grub.cfg.netinst-noreboot
mymk-basefile # Create basefiles for various distros
archlike-pxe # Setup pxe boot server from an archlike base image
-fai-redep # Deploy fai configuration to host "faiserver"
+fai-redep # Deploy fai configuration to host "faiserver.b8.nz"
faiserver-uninstall # uninstall fai-server
faiserver-setup # install fai-server on the current machine
-myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec
+myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec or booting from a fai-cd.
pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot
wrt-setup # setup my router in general: dhcp, dns, etc.
@@ -191,6 +198,24 @@ ERROR: Kernel modules directory /lib/modules/5.10.0-8-amd not available. Only fo
solution: if running from fai-cd, recreate autodiscover cd as noted above in setup.
+## Weird package dependency errors
+
+for example: in fai.log, within instsoft.DEBIAN
+```
+The following packages have unmet dependencies:
+ libc6 : Breaks: locales (< 2.36) but 2.35-0ubuntu3.7+11.0trisquel1 is to be installed
+```
+
+In this case, it was because the basefile was missing, and so instead
+fai decided to use the wrong basefile.
+
+for example: in fai.log, within instsoft.DEBIAN
+
+```
+ftar: No matching class found in /var/lib/fai/config/basefiles//
+ftar: extracting /var/tmp/base.tar.zst to /target/
+```
+
# What good logs look like:
logging nfs traffic from server
diff --git a/arch-init b/arch-init
index 2f14ad6..6a3786f 100755
--- a/arch-init
+++ b/arch-init
@@ -1,4 +1,4 @@
-#!/bin/bash -x
+#!/bin/bash
# Copyright (C) 2016 Ian Kelling
# This program is free software; you can redistribute it and/or
@@ -15,8 +15,13 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-cd ${x%/*}
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
+
+set -x
export HOSTNAME="$1"
mirror=$2
diff --git a/arch-init-remote b/arch-init-remote
index d8e4e29..66e19e2 100755
--- a/arch-init-remote
+++ b/arch-init-remote
@@ -1,6 +1,21 @@
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi
set -x
diff --git a/bash-trace b/bash-trace
deleted file mode 120000
index 015ae24..0000000
--- a/bash-trace
+++ /dev/null
@@ -1 +0,0 @@
-fai/config/files/boot/bash-trace/DEFAULT
\ No newline at end of file
diff --git a/debian-pxe-preseed b/debian-pxe-preseed
index aaef9a6..e2d401f 100755
--- a/debian-pxe-preseed
+++ b/debian-pxe-preseed
@@ -18,11 +18,12 @@
# WARNING: outdated! needs docs and update to debian-stretch
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-
[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
-src=$(readlink -f "${BASH_SOURCE%/*}")
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
e() { echo "$*"; "$@"; }
@@ -36,11 +37,11 @@ cd $mount_dir
e rm -rf debian-wheezy
mkdir debian-wheezy
cd debian-wheezy
-e $src/debian-preseed "$@" # my script
+e $this_dir/debian-preseed "$@" # my script
cd ..
e rm -f tftpboot
e ln -s debian-wheezy tftpboot
cd /
e umount $mount_dir
-e $src/pxe-server default plain # my script
+e $this_dir/pxe-server default plain # my script
diff --git a/fai-redep b/fai-redep
index 5e08b2f..250b458 100755
--- a/fai-redep
+++ b/fai-redep
@@ -1,18 +1,35 @@
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}"
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
-source bash-trace
usage() {
- cat <&2 ; usage 1 ;;
esac
shift
done
-host=${1:-faiserver}
+host=${1:-faiserver.b8.nz}
readonly host distro target
##### end command line parsing ########
-m() { printf "$pre %s\n" "$*"; "$@"; }
+m() { printf "fai-redep: %s\n" "$*"; "$@"; }
# i use faiserver as a dns alias, but ssh key is associated with
# a canonical hostname and we will have ssh warning spam unless we
@@ -63,8 +80,19 @@ faiserver_host=$(/a/exe/chost $host)
# faiserver_host=$host
faiserver_addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:)
+
+rsrv() {
+ local -a opts
+ while [[ $2 ]]; do
+ opts+=("$1")
+ shift
+ done
+ m rsync "${ropts[@]}" "${opts[@]}" "$rpath$1"
+}
+rpath=/srv
if ! ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then
- rpre=(-e "ssh -F $HOME/.ssh/confighome" root@$faiserver_host:)
+ ropts=(-e "ssh -F $HOME/.ssh/confighome")
+ rpath="root@$faiserver_host:/srv"
faiserver_shell="ssh -F $HOME/.ssh/confighome root@$faiserver_host"
fi
@@ -75,16 +103,15 @@ rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh
rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD
-
-m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /a/opt/btrfs-progs-release "${rpre[@]}"/srv
+rsrv -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /
# todo: automatically disable faiserver after a period so
# these files are not available.
+
if [[ $target ]]; then
secret_files=(luks/$target luks/host-$target shadow/$target)
exists=false
- secret_exists=()
for f in ${secret_files[@]}; do
if [[ -e /q/root/$f ]]; then
exists=true
@@ -96,22 +123,28 @@ if [[ $target ]]; then
for f in ${secrets_to_send[@]}; do
echo $f
done
- } | rsync -lpt --files-from=- /q/root "${rpre[@]}"/srv/fai/config/distro-install-common
+ } | rsrv -lpt --files-from=- /q/root /fai/config/distro-install-common
fi
else
- rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common
+ rsrv -rlpt /q/root/shadow /q/root/luks /fai/config/distro-install-common
fi
+rsrv -rlpt --delete /a/opt/btrfs-progs-release /fai/config/distro-install-common
+
dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
if [[ -e ${dirs[0]} ]]; then
- rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common
+ rsrv -rlpt --delete --relative ${dirs[@]} /fai/config/distro-install-common
fi
. /a/bin/distro-setup/pkgs
-pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro))
+tmpstr=$(/a/bin/buildscripts/emacs -p && /a/bin/distro-setup/distro-pkgs $distro)
+declare -a pall
+for p in $tmpstr; do
+ pall+=($p)
+done
printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
$faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe
-rsync -rplt --include '/*.gz' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/
+rsrv -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ /fai/config/basefiles/
diff --git a/fai-revm b/fai-revm
index 050ecda..6bada5e 100755
--- a/fai-revm
+++ b/fai-revm
@@ -18,12 +18,12 @@
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
-script_dir="${this_file%/*}"
-# shellcheck source=./bash-trace
-source "${script_dir}/bash-trace"
-cd $script_dir
PATH="$PATH:$PWD"
e() { echo "$*"; "$@"; }
@@ -88,19 +88,24 @@ disk_count=1
rm -f /tmp/fai-revm-did-pxe
-if ! ip l show br0 &>/dev/null; then
- cat <<'EOF'
-fai-rvm error: no bridge detected. add one to interfaces like this:
-iface eth0 inet manual
-iface br0 inet dhcp
- bridge_ports eth0
- bridge_stp off
- bridge_maxwait 0
-EOF
- exit 1
+if ip l show br0 &>/dev/null; then
+ net_arg="-w bridge=br0,mac=52:54:00:9c:ef:ad"
+else
+ # if this computer has ethernet, we could setup a br0 like so:
+ # cat <<'EOF'
+ # fai-rvm error: no bridge detected. add one to interfaces like this:
+ # iface eth0 inet manual
+ # iface br0 inet dhcp
+ # bridge_ports eth0
+ # bridge_stp off
+ # bridge_maxwait 0
+ # EOF
+
+ # if we only have wifi, cant use eth0
+ net_arg="-w network=default,mac=52:54:00:9c:ef:ad"
fi
-if [[ $script_dir == /a/bin/* ]]; then
+if [[ $this_dir == /a/bin/* ]]; then
# Copy our script elsewhere so we can develop it
# and save it at the same time it's running
rm -rf /tmp/faifreeze
@@ -140,13 +145,13 @@ else
BASEFILE_DIR=/tmp
fi
isopath=$BASEFILE_DIR/$iso
- isosrc=$BASEFILE_DIR/BOOKWORM64.tar.gz
+ isosrc=$BASEFILE_DIR/BOOKWORM64.tar.zst
if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then
e fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath
fi
boot_arg="--cdrom $isopath"
e fai-redep
- cat ~/.ssh/demo.pub | /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys
+ /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys <~/.ssh/demo.pub
e myfai-chboot default
fi
# I don't think these variants actually make a diff for us, but I
@@ -165,7 +170,7 @@ e virsh destroy $name ||:
e virsh undefine $name ||:
sleep 1
-
+## begin virtual disk creation ##
disk_arg=()
for ((i=1; i <= disk_count; i++)); do
f=/var/lib/libvirt/images/${name}$i
@@ -178,6 +183,7 @@ for ((i=1; i <= disk_count; i++)); do
e qemu-img create -o preallocation=metadata -f qcow2 $f 50G
fi
done
+## end virtual disk creation ##
if [[ $SSH_CLIENT ]]; then
console_arg=--noautoconsole
@@ -202,7 +208,7 @@ fi
e systemctl start libvirtd
e virt-install --rng /dev/urandom --os-variant $variant -n $name $boot_arg -r 2048 --vcpus $cpus \
- ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
+ ${disk_arg[*]} $net_arg $reboot_arg \
--graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
diff --git a/fai-wrapper b/fai-wrapper
index 5efa7f1..b6a75d3 100644
--- a/fai-wrapper
+++ b/fai-wrapper
@@ -1,6 +1,20 @@
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# For using some fai commands outside of fai.
# Usually this is sourced from another script. Note this has
@@ -11,7 +25,7 @@ export FAI_WRAPPER=true
ifclass() {
local var=${1/#/CLASS_}
- [[ $HOSTNAME == $1 || ${!var} ]]
+ [[ $HOSTNAME == "$1" || ${!var} ]]
}
fai-setclass() {
for class in "$@"; do
diff --git a/fai/config/basefiles/mk-basefile b/fai/config/basefiles/mk-basefile
index d449c60..91c4ea3 100755
--- a/fai/config/basefiles/mk-basefile
+++ b/fai/config/basefiles/mk-basefile
@@ -48,6 +48,7 @@ EXCLUDE_NABIA=udhcpc,dibbler-client,info
EXCLUDE_JAMMY=udhcpc,dibbler-client,info
EXCLUDE_ARAMO=udhcpc,dibbler-client,info
EXCLUDE_NOBLE=udhcpc,dibbler-client,info
+EXCLUDE_ECNE=udhcpc,dibbler-client,info
# here you can add packages, that are needed very early
INCLUDE_DEBIAN=
@@ -269,6 +270,7 @@ prtdists() {
JAMMY64
ARAMO64
NOBLE64
+ ECNE64
SQUEEZE32 SQUEEZE64
WHEEZY32 WHEEZY64
JESSIE32 JESSIE64
@@ -358,7 +360,7 @@ case "$target" in
SLC6_32) slc i386 6 ;;
SLC6_64) slc amd64 6 ;;
SLC7_64) slc amd64 7 ;;
- BELENOS*|FLIDAS*|ETIONA*|NABIA*|ARAMO*)
+ BELENOS*|FLIDAS*|ETIONA*|NABIA*|ARAMO*|ECNE*)
debgeneric $target $MIRROR_TRISQUEL ;;
TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*|NOBLE*)
debgeneric $target $MIRROR_UBUNTU ;;
diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index 600fd1a..25567e5 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -31,14 +31,14 @@ echo FAIBASE STANDARD DEBIAN
# things installed, to speed up installation.
#
# STRETCH64, BUSTER64, BULLSEYE64, BOOKWORM64
-# FLIDAS64, FLIDAS64BIG, ETIONA64, NABIA64, ARAMO64
+# FLIDAS64, FLIDAS64BIG, ETIONA64, NABIA64, ARAMO64, ECNE64
# XENIAL64, BIONIC64, FOCAL64,
#
# The distro subvol name, we can add as many of these as we want:
# VOL_TESTING, VOL_STRETCH, VOL_BUSTER, VOL_BULLSEYE, VOL_BOOKWORM
-# VOL_FLIDAS, VOL_ETIONA, VOL_NABIA, VOL_ARAMO
-# VOL_XENIAL, VOL_BIONIC VOL_FOCAL
-# VOL_BUSTER_BOOTSTRAP.
+# VOL_FLIDAS, VOL_ETIONA, VOL_NABIA, VOL_ARAMO, VOL_ECNE
+# VOL_XENIAL, VOL_BIONIC, VOL_FOCAL, VOL_JAMMY, VOL_NOBLE
+# VOL_BULLSEYE_BOOTSTRAP, VOL_BOOKWORM_BOOTSTRAP.
# Using VOL_BUSTER_BOOTSTRAP sets up the install to act like a pxe rom if
# grub sets a specific var.
#
@@ -48,7 +48,7 @@ echo FAIBASE STANDARD DEBIAN
# BULLSEYE_FREE, BULLSEYE_NONFREE
# BOOKWORM_FREE, BOOKWORM_NONFREE
# TESTING_FREE, TESTING_NONFREE,
-# XENIAL_FREE, BIONIC, FOCAL, FLIDAS, ETIONA, NABIA, ARAMO.
+# XENIAL_FREE, BIONIC, FOCAL, FLIDAS, ETIONA, NABIA, ARAMO, ECNE.
#
# It's all a little redundant in some cases, but it keeps things
# simpler.
@@ -135,6 +135,8 @@ exit 0
#echo FSF
if [[ ! -e /a/bin/fai/fai-wrapper || $FAI_ACTION == dirinstall ]]; then
case $HOSTNAME in
+ # bullseye based minimal recovery / bootstraping os:
+ _) echo BOOKWORM64 VOL_BOOKWORM_BOOTSTRAP BOOKWORM_FREE ;;
# bullseye based minimal recovery / bootstraping os:
_) echo BULLSEYE64 VOL_BULLSEYE_BOOTSTRAP BULLSEYE_FREE ;;
# flidas
@@ -142,9 +144,11 @@ if [[ ! -e /a/bin/fai/fai-wrapper || $FAI_ACTION == dirinstall ]]; then
# etiona
_) echo UBUNTU ETIONA64 VOL_ETIONA ETIONA ;;
# nabia
- _) echo UBUNTU NABIA64 VOL_NABIA NABIA NABIA_EXTRA ;;
+ _) echo UBUNTU NABIA64 VOL_NABIA NABIA ;;
# aramo
- _) echo UBUNTU ARAMO64 VOL_ARAMO ARAMO ARAMO_EXTRA ;;
+ _) echo UBUNTU ARAMO64 VOL_ARAMO ARAMO ARAMO_EXTRA JAMMY_FIRMWARE ;;
+ # ecne
+ _) echo UBUNTU ECNE64 VOL_ECNE ECNE ECNE_EXTRA NOBLE_FIRMWARE ;;
# stretch
_) echo STRETCH64 VOL_STRETCH STRETCH_NONFREE ;;
# buster
@@ -163,6 +167,8 @@ if [[ ! -e /a/bin/fai/fai-wrapper || $FAI_ACTION == dirinstall ]]; then
_) echo UBUNTU FOCAL64 VOL_FOCAL FOCAL ;;
# jammy
_) echo UBUNTU JAMMY64 VOL_JAMMY JAMMY ;;
+ # NOBLE
+ _) echo UBUNTU NOBLE64 VOL_NOBLE NOBLE ;;
esac
fi
###### end Template for 51-multi-boot ######
diff --git a/fai/config/class/DEFAULT.var b/fai/config/class/DEFAULT.var
index a999512..d574d7d 100644
--- a/fai/config/class/DEFAULT.var
+++ b/fai/config/class/DEFAULT.var
@@ -6,7 +6,10 @@ LOGUSER=fai
# when downloading from https intead of nfs, this is not set,
# it is used as the default for LOGSERVER, and for calling chboot.
# My faiserver's hostname is always faiserver, so just hardcoding it.
-SERVER=faiserver
+# I used bare host in the past, thinking that I could vary this
+# between different networks I was on, but it is simpler to just
+# user an internet domain that I control.
+SERVER=faiserver.b8.nz
# busted for debian, no time to troubleshoot atm
#APTPROXY=http://faiserver:3142
diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end
index f9a0840..2455ece 100755
--- a/fai/config/distro-install-common/end
+++ b/fai/config/distro-install-common/end
@@ -32,7 +32,9 @@ au() { # add user. i don't use adduser for portability
# only setup root pass for bootstrap vol
-if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then
+# for bootstrap vol, we only use root user
+if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
+ sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
exit 0
fi
@@ -74,6 +76,7 @@ if getent group sudo >/dev/null; then
$ROOTCMD usermod -aG sudo iank
fi
+mkdir -p $target/etc/sudoers.d
cat >$target/etc/sudoers.d/ianksudoers <<'EOF'
Defaults timestamp_timeout=1440
# used in bashrc
diff --git a/fai/config/distro-install-common/ethusb-static b/fai/config/distro-install-common/ethusb-static
new file mode 100755
index 0000000..0a6d1ae
--- /dev/null
+++ b/fai/config/distro-install-common/ethusb-static
@@ -0,0 +1,283 @@
+#!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
+
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# usage $0 [-c] [off]
+# off: Turn off static ip.
+# -c config only, don't tell networkmanager to change anything
+# -f force interface reup
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+m() { printf "%s\n" "$*"; "$@"; }
+
+
+set-dynamic() {
+
+ reup=false
+ if [[ $cur_state == activated ]]; then
+ reup=true
+ fi
+
+ if [[ $cur_method != auto ]]; then
+ args+=(ipv4.method auto)
+ fi
+ if [[ $cur_ip != -- ]]; then
+ args+=(-ipv4.addresses "$ipv4_addresses")
+ fi
+ if [[ $cur_dns != -- ]]; then
+ args+=(-ipv4.dns "$ipv4_dns")
+ fi
+ if [[ $cur_gateway != -- ]]; then
+ # undocumented in t11 man nmcli. guessed randomly
+ args+=(ipv4.gateway 0.0.0.0)
+ fi
+ if (( ${#args[@]} >= 1 )); then
+ m nmcli con mod "$nm_con" "${args[@]}"
+ if $reup; then
+ m nmcli con up "$nm_con"
+ fi
+ else
+ echo "$0: found expected state, nothing to do."
+ fi
+ exit 0
+ set-nm
+}
+
+detect-net() {
+
+ # this assumes we have wifi up
+ if [[ $(timeout 1 dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+ && ip n show 10.2.0.1 | grep . &>/dev/null; then
+ net=home
+ elif ip r show default | grep 'via 10.0.3.1 dev wlan0' &>/dev/null && [[ $(timeout 1 dig +short @10.0.3.1 -x 10.0.3.1) == cmc1.lan. ]]; then
+ net=work
+ else
+ echo "$0: error could not detect network"
+ exit 1
+ fi
+
+}
+
+set-nm() {
+ m nmcli con mod "$nm_con" ipv4.method manual ipv4.addresses $ip ipv4.gateway $gateway ipv4.dns $dns
+ state=$(nmcli con show "$nm_con" 2>/dev/null | awk '$1 == "GENERAL.STATE:" {print $2}')
+ if [[ $state == activated ]]; then
+ m nmcli con up "$nm_con"
+ fi
+
+}
+
+get-ip() {
+
+ case $net in
+ home)
+
+ while read -r ip_suf host mac; do
+ if [[ ! $ip_suf || $ip_suf == \#* ]]; then
+ continue
+ fi
+ if [[ $mac != usb ]]; then
+ continue
+ fi
+ if [[ $host == ${HOSTNAME}c ]]; then
+
+ ip=10.2.0.$ip_suf/16
+ gateway=10.2.0.1
+ dns=8.8.8.4,8.8.8.8
+ break
+ fi
+ done
/dev/null; then
+ if [[ $cur_method != manual ]]; then
+ echo "$0: error. Need to be on wired network to get our ip"
+ exit 1
+ fi
+ set-dynamic
+ sleep 10
+ fi
+ myip=$(timeout 1 dig +short @192.168.0.25 $HOSTNAME.office.fsf.org)
+ if [[ ! $myip ]]; then
+ echo "$0: error: didnt detect home network and failed to get office ip"
+ exit 1
+ fi
+ dns=192.168.0.10,192.168.0.25
+ gateway=192.168.0.1
+ ip=$myip/24
+
+ ;;
+ esac
+}
+
+
+get-cur-val() {
+ local key
+ key=$1
+ printf "%s\n" "$tmpstr" | awk '$1 == "'$key':" {print $2}'
+}
+
+get-cur() {
+ tmpstr=$(nmcli con show "$nm_con" 2>/dev/null)
+
+ cur_method=$(get-cur-val ipv4.method)
+ cur_ip=$(get-cur-val ipv4.addresses)
+ cur_gateway=$(get-cur-val ipv4.gateway)
+ cur_dns=$(get-cur-val ipv4.dns)
+ cur_state=$(get-cur-val GENERAL.STATE)
+}
+
+
+## begin arg parsing ##
+
+force=false
+off=false
+while [[ $1 ]]; do
+ case $1 in
+ -f)
+ force=true
+ ;;
+ off)
+ off=true
+ ;;
+ *)
+ echo "$0: error unexpected argument: $1" >&2
+ exit 1
+ ;;
+ esac
+ shift
+done
+
+## end arg parsing ##
+
+## begin common setup / detection ##
+shopt -s nullglob
+
+wiredx=1
+declare -a args
+
+# device that has an eth0, but we aren't using it because it is
+# broken. We could just hardcode a mac comparison with `cat
+# /sys/class/net/eth0/address` but this is cooler.
+if [[ -e /sys/class/net/eth0 ]]; then
+ bus_info=$(ethtool -i eth0 | awk '$1 == "bus-info:" { print $2 }')
+ if [[ $bus_info != usb* ]]; then
+ wiredx=2
+ fi
+fi
+
+eth_dev=eth$(( wiredx - 1 ))
+
+nm_con=$(nmcli device show $eth_dev | \
+ awk '$1 == "GENERAL.CONNECTION:" {out=$2; for(i=3;i<=NF;i++){out=out" "$i}; print out}' ||:)
+
+if [[ ! $nm_con || $nm_con == -- ]]; then
+ nm_con="Wired connection $wiredx"
+fi
+
+if ! nmcli con | grep -q "^$nm_con " &>/dev/null; then
+ # Note: we could support creation through a file or via
+ # nmcli, but right now I'm ok with just having plugged in a device once
+ # since this os was installed.
+ echo "error: no existing connection: $nm_con found in output of nmcli con"
+ exit 0
+fi
+
+
+if ! type -p dig &>/dev/null; then
+ apt-get install dig
+fi
+
+get-cur
+## end common setup / detection ##
+
+if $off; then
+ set-dynamic
+ exit 0
+fi
+
+detect-net
+get-ip
+
+if ! $force && [[ "$cur_method $cur_gateway $cur_dns $cur_ip" == "manual $gateway $dns $ip" ]]; then
+ echo "$0: found expected state, nothing to do."
+ exit 0
+fi
+
+set-nm
+
+
+
+# example of down cli
+#nmcli con mod 'Wired connection 1' ipv4.method auto -ipv4.addresses 10.2.0.9/16 ipv4.gateway 0.0.0.0 -ipv4.dns "8.8.8.4,8.8.8.8"
+
+
+# FYI: the result of running, for example
+# nmcli con mod "Wired connection 1" \
+ # ipv4.method manual \
+ # ipv4.addresses "10.2.0.23/24" \
+ # ipv4.gateway "10.2.0.1" \
+ # ipv4.dns "8.8.8.4,8.8.8.8"
+
+# creates a fille named "/etc/NetworkManager/system-connections/Wired connection 1.nmconnection",
+# below.
+#
+# The nmcli man page says you should just edit files in that dir and
+# then run nmcli con reload to reread them all to load your changes, but
+# I've found that to be unreliable, the systemd journal would say
+# something like "reload happened" then nothing would change in the
+# connect that the file clearly modifies, so I switched over to using
+# the command line and just ignoring those files.
+#
+# I see no reason to keep the same file name, or a bunch of
+# setting that seem irrelevant, and empty sections don't seem to do
+# anything according to the man page.
+#
+
+# [connection]
+# id=Wired connection 1
+# uuid=b0fb7694-dfe6-31a1-81fa-7c17b61515a7
+# type=ethernet
+# interface-name=eth1
+# timestamp=1715728264
+
+# [ethernet]
+
+# [ipv4]
+# address1=10.2.0.23/16,10.2.0.1
+# dns=8.8.8.4;8.8.8.8;
+# method=manual
+
+# [ipv6]
+# addr-gen-mode=stable-privacy
+# method=auto
+
+# [proxy]
diff --git a/fai/config/distro-install-common/install-mainline-kernel-debs b/fai/config/distro-install-common/install-mainline-kernel-debs
new file mode 100755
index 0000000..93f7c57
--- /dev/null
+++ b/fai/config/distro-install-common/install-mainline-kernel-debs
@@ -0,0 +1,87 @@
+#!/bin/bash
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+# default
+kernel_ver='6\.6'
+case $1 in
+ stable)
+ # note: update kernel_ver when we are ready to jump to a new stable kernel.
+ # Stable kernels are listed here: https://www.kernel.org/category/releases.html
+ kernel_ver='6\.6'
+ ;;
+ unstable)
+ kernel_ver='[1-9]'
+ ;;
+esac
+
+
+prereqs=()
+for p in wget curl; do
+ if ! type -p $p &>/dev/null; then
+ prereqs+=($p)
+ fi
+done
+if (( ${#prereqs[@]} >= 1 )); then
+ apt-get -y install ${prereqs[@]}
+fi
+
+
+tmpdir=$($ROOTCMD mktemp -d) || exit
+# shellcheck disable=SC2154 # defined by fai
+outertmp=$target/$tmpdir
+trap 'cd; rm -rf "$outertmp"' EXIT
+cd $outertmp
+
+# We get 10 versions cuz maybe the latest directory (or few) get created but not populated.
+tmps=$(curl -s https://kernel.ubuntu.com/mainline/ | \
+ sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
+ grep -v -- -rc | sed 's/^v//' | grep "^$kernel_ver" | sort -Vr | head -n10)
+mapfile -t latest_versions <<<"$tmps"
+
+for va in "${latest_versions[@]}"; do
+ sleep .2 # be nice
+ # note the wiki page about these says to install linux-headers.*generic.*amd64, but
+ # as of 2024, they have a requirement of a very new glibc, and people report
+ # that installing it is not needed.
+ tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | sed '/linux-headers.*generic.*amd64/d' )
+ if [[ $tmpstr ]]; then
+ mapfile -t pkgs <<<"$tmpstr"
+ break
+ fi
+done
+
+if (( ${#pkgs[@]} != 3 )); then
+ echo "$0: error. expected to find 3 kernel packages, got: ${pkgs[*]}" >&2
+ exit 1
+fi
+
+urls=()
+for p in ${pkgs[@]}; do
+ if ! $ROOTCMD dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p)
+ fi
+done
+if (( ${#urls[@]} >= 1 )); then
+ wget -nv "${urls[@]}"
+ $ROOTCMD dpkg -i ${pkgs[@]/#/$tmpdir/}
+fi
diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-stable-kernel-debs
deleted file mode 100755
index c024796..0000000
--- a/fai/config/distro-install-common/install-stable-kernel-debs
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/bash -x
-# This file is part of Ian Kelling's automated-distro-installer
-# Copyright (C) 2024 Ian Kelling
-
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-
-tmpdir=$(mktemp -d) || exit
-trap 'cd; rm -rf "$tmpdir"' EXIT
-cd $tmpdir
-
-# update stable_ver when we are ready to jump to a new stable kernel.
-# Stable kernels are listed here: https://www.kernel.org/category/releases.html
-stable_ver='6\.6'
-va=$(curl -s https://kernel.ubuntu.com/mainline/ | \
- sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
- grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1)
-
-# note the wiki page about these says to install linux-headers.*generic.*amd64, but
-# as of 2024, they have a requirement of a very new glibc, and people report
-# that installing it is not needed.
-tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' )
-mapfile -t pkgs <<<"$tmpstr"
-
-if (( ${#pkgs[@]} != 3 )); then
- echo "$0: error. expected to find 3 kernel packages, got: ${pkgs[*]}" >&2
- exit 1
-fi
-
-urls=()
-for p in ${pkgs[@]}; do
- if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
- urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p)
- fi
-done
-if (( ${#urls[@]} >= 1 )); then
- wget "${urls[@]}"
- dpkg -i ./*.deb
-fi
diff --git a/fai/config/files/boot/bash-trace/DEFAULT b/fai/config/files/boot/bash-trace/DEFAULT
deleted file mode 100644
index 2a4077f..0000000
--- a/fai/config/files/boot/bash-trace/DEFAULT
+++ /dev/null
@@ -1,298 +0,0 @@
-#!/bin/bash
-# Bash Error Handler
-# Copyright (C) 2020 Ian Kelling
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-
-# This is a single file library, just source this file. When an error
-# happens, we print a stack trace then exit. In an interactive shell, we
-# return from functions instead of exiting. If err-cleanup is a command,
-# it runs before the stack trace. Functions are documented inline below
-# for additional use cases.
-#
-# Note: occasionally the line numbers are off a bit (at least in Bash
-# 5.0). This appears to be a bash bug. I plan to report it next time it
-# happens to me.
-#
-# Please email me if you use this or have anything to contribute. I'm
-# not aware of any users yet Ian Kelling .
-#
-# Tested on bash 4.4.20(1)-release (x86_64-pc-linux-gnu) and
-# 5.0.17(1)-release (x86_64-pc-linux-gnu).
-#
-# Related: see my bash script template repo at https://iankelling.org/git.
-
-
-# TODO: investigate to see if we can format output betting in case of
-# subshell failure. Right now, we get independent trace from inside and
-# outside of the subshell. Note, errexit + inherit_errexit doesn't have
-# any smarts around this either.
-
-if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
-
-#######################################
-# err-catch: Setup trap on ERR to print stack trace and exit (or return
-# if the shell is interactive). This is the most common use case so we
-# run it after defining it, you can call err-allow to undo that.
-#
-# This also sets pipefail because it's a good practice to catch more
-# errors.
-#
-# Note: In interactive shell, stack calling line number is not
-# available, so we print function definition lines.
-#
-# Note: This works like set -e, which has one unintuitive feature: If
-# you use a function as part of a conditional, eg: func && come_cmd, a
-# failed command within func won't trigger an error.
-#
-# Globals
-#
-# err_catch_ignore Array containing glob patterns to test against
-# filenames to ignore errors from in interactive
-# shell. Initialized to ignore bash-completion
-# scripts on debian based systems.
-#
-# err-cleanup If set, this command will run just before exiting.
-#
-# _err_func_last Used internally in err-bash-trace-interactive
-#
-#######################################
-err-catch() {
- set -E;
- if [[ $- == *i* ]]; then
- if ! test ${err_catch_ignore+defined}; then
- err_catch_ignore=(
- '/etc/bash_completion.d/*'
- '*/bash-completion/*'
- )
- fi
- declare -i _err_func_last=0
- if [[ $- != *c* ]]; then
- shopt -s extdebug
- fi
- # shellcheck disable=SC2154
- trap '_err-bash-trace-interactive $? "${PIPESTATUS[*]}" "$BASH_COMMAND" ${BASH_ARGC[0]} "${BASH_ARGV[@]}" || return $?' ERR
- else
- # Man bash on exdebug: "If set at shell invocation, arrange to
- # execute the debugger". We want to avoid that, but I want this file
- # to be sourceable from bash startup files. noninteractive ssh and
- # sources .bashrc on invocation. login_shell sources things on
- # invocation.
- #
- # extdebug allows us to print function arguments in our stack trace.
- if ! shopt login_shell >/dev/null && [[ ! $SSH_CONNECTION ]]; then
- shopt -s extdebug
- fi
- trap err-exit ERR
- fi
- set -o pipefail
-}
-# This is the most common use case so run it now.
-err-catch
-
-#######################################
-# Undo err-catch/err-catch-interactive
-#######################################
-err-allow() {
- shopt -u extdebug
- set +E +o pipefail
- trap ERR
-}
-
-#######################################
-# err-exit: Print stack trace and exit
-#
-# Use this instead of the exit command to be more informative.
-#
-# usage: err-exit [-EXIT_CODE] [MESSAGE]
-#
-# EXIT_CODE Default: $? if it is nonzero, otherwise 1.
-# MESSAGE Print MESSAGE to stderr. Default:
-# ${BASH_SOURCE[1]}:${BASH_LINENO[0]}: `$BASH_COMMAND' returned $?
-#
-# Globals
-#
-# err-cleanup If set, this command will run just before exiting.
-#
-#######################################
-err-exit() {
- # vars have _ prefix so that we can inspect existing set vars without
- # too much overwriting of them.
- local _err=$? _pipestatus="${_pipestatus[*]}"
-
- # This has to come before most things or vars get changed
- local _msg="${BASH_SOURCE[1]}:${BASH_LINENO[0]}: \`$BASH_COMMAND' returned $_err"
- local _cmdr="$BASH_COMMAND" # command right. we chop of the left, keep the right.
-
- if [[ $_pipestatus != "$_err" ]]; then
- _msg+=", PIPESTATUS: $_pipestatus"
- fi
- set +x
- if [[ $1 == -* ]]; then
- _err=${1#-}
- shift
- elif (( ! _err )); then
- _err=1
- fi
- if [[ $1 ]]; then
- _msg="$1"
- fi
-
- ## Begin printing vars from within BASH_COMMAND ##
- local _var _chars _l
- local -A _vars
- while [[ $_cmdr ]]; do
- _chars="${#_cmdr}"
- _cmdr="${_cmdr#*$}"
- _cmdr="${_cmdr#{}"
- if (( _chars == ${#_cmdr} )); then
- break
- fi
- _var="${_cmdr%%[^a-zA-Z0-9_]*}"
- if [[ ! $_var || $_var == [0-9]* ]]; then
- continue
- fi
- _vars[${_var}]=t
- done
- #echo "iank ${_vars[*]}"
- #set |& grep ^password
- # in my small test, this took 50% longer than piping to grep.
- # That seems a small enough penalty to stay in bash here.
- if (( ${#_vars[@]} )); then
- set |& while read -r _l; do
- for _var in "${!_vars[@]}"; do
- case $_l in
- ${_var}=*) printf "%s\n" "$_l" >&2 ;;
- esac
- done
- done
- fi
- ## End printing vars from within BASH_COMMAND ##
-
- printf "%s\n" "$_msg" >&2
- err-bash-trace 2
- set -e # err trap does not work within an error trap
- if type -t err-cleanup >/dev/null; then
- err-cleanup
- fi
- printf "%s: exiting with status %s\n" "$0" "$_err" >&2
- exit $_err
-}
-
-#######################################
-# Print stack trace
-#
-# usage: err-bash-trace [FRAME_START]
-#
-# This function is called by the other functions which print stack
-# traces.
-#
-# It does not show function args unless you first run:
-# shopt -s extdebug
-# which err-catch does for you.
-#
-# FRAME_START Optional variable to set before calling. The frame to
-# start printing on. default=1. If ${#FUNCNAME[@]} <=
-# FRAME_START + 1, don't print anything because we are at
-# the top level of the script and better off printing a
-# general message, for example see what our callers print.
-#
-#######################################
-err-bash-trace() {
- local -i argc_index=0 frame i frame_start=${1:-1}
- local source_loc
- if (( ${#FUNCNAME[@]} <= frame_start + 1 )); then
- return 0
- fi
- for ((frame=0; frame < ${#FUNCNAME[@]}; frame++)); do
- argc=${BASH_ARGC[frame]}
- argc_index+=$argc
- if ((frame < frame_start)); then continue; fi
- if (( ${#BASH_SOURCE[@]} > 1 )); then
- source_loc="${BASH_SOURCE[frame]}:${BASH_LINENO[frame-1]}:"
- fi
- printf " from %sin \`%s" "$source_loc" "${FUNCNAME[frame]}" >&2
- if shopt extdebug >/dev/null; then
- for ((i=argc_index-1; i >= argc_index-argc; i--)); do
- printf " %s" "${BASH_ARGV[i]}" >&2
- done
- fi
- echo \' >&2
- done
- return 0
-}
-
-#######################################
-# Internal function for err-catch. Prints stack trace from interactive
-# shell trap.
-#
-# Usage: see err-catch-interactive
-#######################################
-_err-bash-trace-interactive() {
- if (( ${#FUNCNAME[@]} <= 1 )); then
- return 0
- fi
-
- for pattern in "${err_catch_ignore[@]}"; do
- # shellcheck disable=SC2053
- if [[ ${BASH_SOURCE[1]} == $pattern ]]; then
- return 0
- fi
- done
-
- local ret bash_command argc pattern i last
- last=$_err_func_last
- _err_func_last=${#FUNCNAME[@]}
- # We have these passed to us because they are lost inside the
- # function.
- ret=$1
- pipestatus="$2"
- bash_command="$3"
- argc=$(( $4 - 1 ))
- shift 4
- argv=("$@")
- # The trap returns a nonzero, then gets called again. This condition
- # tells us if is that has happened by checking if we've gone down a
- # stack level.
- if (( _err_func_last >= last )); then
- printf "ERR: \`%s\' returned %s" "$bash_command" $ret >&2
- if [[ $pipestatus != "$ret" ]]; then
- printf ", PIPESTATUS: %s" "$pipestatus" >&2
- fi
- echo >&2
- fi
- printf " from \`%s" "${FUNCNAME[1]}" >&2
- if shopt extdebug >/dev/null; then
- for ((i=argc; i >= 0; i--)); do
- printf " %s" "${argv[i]}" >&2
- done
- fi
- printf "\' defined at %s:%s\n" "${BASH_SOURCE[1]}" "$(declare -F "${FUNCNAME[1]}"|awk "{print \$2}")" >&2
- if [[ -t 1 ]]; then
- return $ret
- else
- # Part of an outgoing pipe, avoid getting get us stuck in a weird
- # subshell if we returned nonzero, which would happen in a situation
- # like this:
- #
- # tf() { while read -r line; do :; done < <(asdf); };
- # tf
- #
- # Note: exit $ret also avoids the stuck subshell problem, and I
- # can't notice any difference, but this seems more proper.
- return 0
- fi
-}
diff --git a/fai/config/files/boot/chboot/DEFAULT b/fai/config/files/boot/chboot/DEFAULT
index adfbe1c..6b0e964 100755
--- a/fai/config/files/boot/chboot/DEFAULT
+++ b/fai/config/files/boot/chboot/DEFAULT
@@ -16,21 +16,17 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-x="$(readlink -f "$BASH_SOURCE")"
-f="${x%/*}/bash-trace"
-if [[ -e $f ]]; then
- source $f
-else
- source ${x%/*}/../bash-trace/DEFAULT
-fi
-
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
usage() {
- cat <&2
+ exit 1
+ fi
+ cat /etc/resolv.conf >$target/etc/resolv.conf
+fi
+
+
#### misc configurations
chroot $FAI_ROOT bash <<'EOFOUTER'
-set -x
+set -xe
if getent group systemd-journal >/dev/null; then
# makes the journal be saved to disk.
mkdir -p /var/log/journal
@@ -38,7 +59,12 @@ fi
debconf-set-selections </dev/null; then
sudo apt-get -y install fai-client
fi
-if [[ -e /a/bin/fai/fai-wrapper ]]; then
- chroot() {
- shift
- "$@"
- }
-fi
-
-if [[ $FAI_ROOT == / ]]; then
- source /a/bin/bash_unpublished/source-state
- bprogs_dir=/a/opt/btrfs-progs-release
-else
- bprogs_dir=/srv/btrfs-progs-release
- chroot="chroot $FAI_ROOT"
-fi
-
# -r = recursive
# -i = ignore non-matching class warnings, always exit 0
# -B = no backup files
@@ -66,6 +54,8 @@ if [[ ! -e $dst && -e $src ]]; then
mount -o bind $src $dst
fi
+
+
$FAI/distro-install-common/end
@@ -75,13 +65,13 @@ $FAI/distro-install-common/end
# I run this as a single post-fai script to update things that have changed.
tmpfile1=$(mktemp)
# this can fail if we need an apt update
-$chroot /usr/bin/apt-cache policy >$tmpfile1 ||:
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile1 ||:
fcopy -riB /etc/apt
tmpfile2=$(mktemp)
-$chroot /usr/bin/apt-cache policy >$tmpfile2
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile2
if ! diff -q $tmpfile1 $tmpfile2; then
- $chroot /usr/bin/apt update
+ $ROOTCMD /usr/bin/apt update
fi
# outside of fai, this seems to regularly lead to
# E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
@@ -105,7 +95,6 @@ fi
#### misc configurations
-
if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then
if ifclass LINODE; then
speed=19200
@@ -131,7 +120,7 @@ TimeoutStartSec=20
WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device
EOF
- $chroot bash <<'EOFOUTER'
+ $ROOTCMD bash <<'EOFOUTER'
systemctl enable myncq.service
/usr/bin/myncq no-upgrub
EOFOUTER
@@ -180,8 +169,8 @@ EOF
fi
# use networkmanager if this host has wireless.
-if [[ $HOSTNAME == bo ]] || type -p iw &>/dev/null && [[ $(iw dev) ]]; then
- $chroot bash <&1 ||:) == kd.b8.nz. ]] \
+ && ip n show 10.2.0.1 | grep . &>/dev/null; then
+ # we are at_home
+ $FAI/distro-install-common/ethusb-static $ethusb_arg
+ else
+ $FAI/distro-install-common/ethusb-static off $ethusb_arg
+ fi
+
+
else
cat > $target/etc/network/interfaces <<-EOF
# generated by FAI
@@ -224,44 +228,9 @@ EOF
fi
-case $HOSTNAME in
- sy)
- $FAI/distro-install-common/install-stable-kernel-debs
- ;;
- *)
- $chroot apt-get -y install linux-libre
- ;;
-esac
-
-pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs
-tarball=$(curl -s $pre/sha256sums.asc \
- | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1)
-url="$pre/$tarball"
-dir=${tarball%.tar.gz}
-ver=${dir#btrfs-progs-}
-cur_ver=$(btrfs --version 2>/dev/null | awk '{print $2}') ||:
-if [[ $ver != "$cur_ver" ]]; then
- if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
- rm -rf $bprogs_dir
- cd /tmp
- wget $url
- sudo -u iank tar xzf $tarball
- mv ${tarball%.tar.gz} $bprogs_dir
- cd $bprogs_dir
- apt-get -y build-dep btrfs-progs
- sudo -u iank ./configure --disable-documentation
- sudo -u iank make
- make install
- else
- $chroot bash -xe <$target/etc/initramfs-tools/conf.d/mine <&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ apt-get -y install wget
+ wget -O /target/tmp/x.deb https://linux-libre.fsfla.org/pub/linux-libre/freesh/pool/main/f/freesh-archive-keyring/freesh-archive-keyring_1.1_all.deb
+ $ROOTCMD dpkg -i /tmp/x.deb
+ $ROOTCMD apt-get update
+ $ROOTCMD apt-get -y install linux-libre
+ fi
+ ;;
+esac
+
+pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs
+tarball=$(curl -s $pre/sha256sums.asc \
+ | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1)
+url="$pre/$tarball"
+dir=${tarball%.tar.gz}
+ver=${dir#btrfs-progs-}
+cur_ver=$($ROOTCMD btrfs --version 2>/dev/null | awk '{print $2}') ||:
+
+if [[ $FAI_ROOT == / ]]; then
+ bp_dir=/a/opt/btrfs-progs-release
+else
+ bp_dir=$FAI/distro-install-common/btrfs-progs-release
+fi
+if [[ $ver != "$cur_ver" ]]; then
+ if [[ $ver != "$($bp_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
+ cd $target/tmp
+ wget $url
+ tar xzf $tarball
+ $ROOTCMD apt-get -y build-dep btrfs-progs
+ # no docs cuz I didn't want to bother fixing error of missing docs dependencies
+ $ROOTCMD bash -xe <&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ $ROOTCMD apt-get -y install build-essential
+ fi
+
+ if [[ $FAI_ROOT == / ]]; then
+ cd /a/opt/btrfs-progs-release
+ make install
+ else
+ mkdir -p $target/tmp/bprogs
+ mount -o bind $bp_dir $target/tmp/bprogs
+ $ROOTCMD bash -xe <&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat </dev/null; then
echo "$0: disabling fai nfs exports or apache site"
./faiserver-disable-local
else
- echo "$0: sshing to $(chost faiserver) to disable fai nfs exports or apache site"
- ssh root@$(chost faiserver) bash >/srv/fai/nfsroot/root/.ssh/known_hosts
done
@@ -369,6 +362,6 @@ echo "c0:2345:respawn:/sbin/agetty 115200 ttyS0 linux" >>/srv/fai/nfsroot/etc/in
# the logsave prompted because the hostname faiserver was uknown.
# Here it was faiserver.lan when running from a faiserver vm.
# When running from a normal host with faiserver alias, it was the normal hosts name.
-$sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts
+$sed 's/(^[^,]+,)\S+/\1faiserver.b8.nz/' /srv/fai/nfsroot/root/.ssh/known_hosts
# ditch the logo banner up top which screws with less.
touch /srv/fai/nfsroot/.nocolorlogo
diff --git a/faiserver-uninstall b/faiserver-uninstall
index 71a4ea0..8392b35 100755
--- a/faiserver-uninstall
+++ b/faiserver-uninstall
@@ -15,20 +15,25 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
-[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
usage() {
- cat </dev/null || continue
if [[ -e $dir/boot ]]; then
dir=$dir/boot
fi
- e install -m 755 -o root -g root bash-trace $dir
e install -m 755 -o root -g root chboot $dir
done
e umount $mount_point
diff --git a/lk b/lk
index b757fcc..3364717 100755
--- a/lk
+++ b/lk
@@ -74,4 +74,4 @@ fi
# I don't know whats going on, but just running the same
# command again once it finishes works, and this is only
# rarely used and done manually anyways, so whatever.
-pxe-kexec -n --ignore-whitelist -l fai-generated faiserver
+pxe-kexec -n --ignore-whitelist -l fai-generated faiserver.b8.nz
diff --git a/mk-basefile-big b/mk-basefile-big
index 873b7ff..1a6b6a9 100755
--- a/mk-basefile-big
+++ b/mk-basefile-big
@@ -16,11 +16,13 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+set -e; . /usr/local/lib/bash-bear; set +e
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-x="$(readlink -f -- "$BASH_SOURCE")"; PATH="${x%/*}:$PATH" # directory of this file
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+PATH="$this_dir:$PATH" # directory of this file
usage() {
cat < /srv/fai/config/class/51-multi-boot
rm -rf $t; mkdir -p $t
+# shellcheck disable=SC1007 # intentional
LANG= fai -N -u hostname_does_not_matter dirinstall $t
# Turn a dirinstall into a basefile. taken from mk-basefile
@@ -100,7 +103,7 @@ rm -f $t/etc/hostname $t/etc/resolv.conf \
$t/var/lib/apt/lists/*_* $t/usr/bin/qemu-*-static \
$t/etc/udev/rules.d/70-persistent-net.rules
echo | dd of=$t/etc/machine-id
-tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.gz
+tar --one-file-system -C $t -cf - . | zstd -9 > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.zst
cleanup
diff --git a/myfai-chboot b/myfai-chboot
index 743859a..aa3c088 100755
--- a/myfai-chboot
+++ b/myfai-chboot
@@ -19,42 +19,52 @@
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-x=$(readlink -f "$BASH_SOURCE"); cd ${x%/*}
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat </dev/null; then
./myfai-chboot-local "$@"
else
diff --git a/myfai-chboot-local b/myfai-chboot-local
index 4cef9a5..ca4d32e 100755
--- a/myfai-chboot-local
+++ b/myfai-chboot-local
@@ -16,54 +16,72 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-# note, this script gets piped to bash, so cant cd to current dir
-[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+set -x
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+pre="${0##*/}:"
+m() { printf "$pre %s\n" "$*"; "$@"; }
+e() { printf "$pre %s\n" "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
+
+usage() {
+ cat <&2; exit 1; }
+
+temp=$(getopt -l help,no-r hSi "$@") || usage 1
+eval set -- "$temp"
+while true; do
case $1 in
- -h|--help)
- echo "see help from myfai-chboot"
- exit 0
- ;;
-S)
fai_action=sysinfo
fai_reboot_arg=
- shift
;;
-i) #inventory
fai_action=inventory
fai_reboot_arg=
- shift
;;
-k)
kgped16=true
- shift
;;
-b)
bond=true
- shift
;;
--no-r)
fai_reboot_arg=
- shift
;;
+ -h|--help) usage ;;
+ --) shift; break ;;
+ *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
esac
+ shift
done
-
-pre="${0##*/}:"
-m() { printf "$pre %s\n" "$*"; "$@"; }
-e() { printf "$pre %s\n" "$*"; }
-err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
-
-host=$1
+read -r host <<<"$@"
+readonly host
rm -f /srv/tftp/fai/pxelinux.cfg/*
@@ -112,7 +130,7 @@ else
fi
if modprobe nfsd &>/dev/null; then
- std_arg="-u nfs://faiserver/srv/fai/config"
+ std_arg="-u nfs://faiserver.b8.nz/srv/fai/config"
# nfsv4 wont do rw with overlayfs yet
# https://lists.uni-koeln.de/pipermail/linux-fai/2017-March/011641.html
root_arg="$my_ip:/srv/fai/nfsroot:vers=3"
@@ -132,9 +150,9 @@ EOF
fi
systemctl start nfs-server # assumes recent os
else
- std_arg="-u http://faiserver:8080/config.tar.gz"
- root_arg="live:http://faiserver:8080/squash.img"
- /a/exe/web-conf -i -p 8080 - apache2 faiserver <
Deny from all
Allow from $ip
@@ -151,7 +169,7 @@ kernel=$(fai-chboot -L '^default$' | awk '{print $3}')
default_k_args=$(fai-chboot -L '^default$' | \
sed -r "s/^(\S+\s+){3}(.*)/\2/")
# example of default_k_args
-# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config FAI_ACTION=install
+# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config FAI_ACTION=install
# https://wiki.archlinux.org/index.php/Solid_state_drive#Resolving_NCQ_errors
# currently on needed on d16 samsung 870 qvo, but better to have this
diff --git a/mymk-basefile b/mymk-basefile
index 9dc7b14..03ef01e 100755
--- a/mymk-basefile
+++ b/mymk-basefile
@@ -16,12 +16,15 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-script_dir="${x%/*}"
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <&2' ERR
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <&2;exit 1;}; . $f
+set -e; . /usr/local/lib/bash-bear; set +e
+
usage() {
cat < $(date +%s) )); then
+ if ! (( $(date -r ${f[0]} +%s) + 60*60*24 > $(date +%s) )); then
if ! opkg update; then
echo "$0: warning: opkg update failed" >&2
fi
@@ -157,7 +159,7 @@ pi() {
pmirror
fi
done
- if [[ $to_install ]]; then
+ if (( ${#to_install[@]} >= 1 )); then
opkg install ${to_install[@]}
fi
}
@@ -238,7 +240,7 @@ fi
if $secrets; then
key=${rkey[$h]}
fi
-: ${key:=pictionary49}
+: "${key:=pictionary49}"
mask=255.255.0.0
cidr=16
@@ -536,8 +538,7 @@ EOF
# option config /etc/openvpn/client.conf
# EOF
-wgip4=10.3.0.1/24
-wgip6=fdfd::1/64
+
wgport=26000
network_restart=false
@@ -577,10 +578,10 @@ if $network_restart; then
v /etc/init.d/network reload
fi
-firewall-cedit() {
- if $client; then
- cedit wific /etc/config/firewall <