From: Ian Kelling <iank@fsf.org>
Date: Mon, 22 Apr 2024 16:48:59 +0000 (-0400)
Subject: Merge branch 'upstream'
X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=edb1a99660561c51aa5c7803d978284c7b423842;hp=-c;p=automated-distro-installer

Merge branch 'upstream'
---

edb1a99660561c51aa5c7803d978284c7b423842
diff --combined fai/config/basefiles/mk-basefile
index b81965f,7ced32d..d449c60
--- a/fai/config/basefiles/mk-basefile
+++ b/fai/config/basefiles/mk-basefile
@@@ -1,15 -1,18 +1,17 @@@
  #! /bin/bash
 -
  # mk-basefile, create basefiles for some distributions
  #
- # Thomas Lange, Uni Koeln, 2011-2021
+ # Thomas Lange, Uni Koeln, 2011-2024
  # based on the Makefile implementation of Michael Goetze
  #
  # Usage example: mk-basefile -J STRETCH64
  # This will create a STRETCH64.tar.xz basefile.
  
- # Supported distributions (each i386/amd64):
+ # Supported distributions (i386/amd64):
  # Debian GNU/Linux
- # Ubuntu 14.04/16.04
+ # Ubuntu 14.04/16.04/20.04/22.04
+ # AlmaLinux 9
+ # Rocky Linux 8/9
  # CentOS 5/6/7/8
  # Scientific Linux Cern 5/6
  #
@@@ -21,7 -24,6 +23,7 @@@
  # For the first stage, set the CentOS/SLC mirror in /etc/rinse/rinse.conf
  MIRROR_DEBIAN=http://deb.debian.org/debian/
  MIRROR_UBUNTU=http://mirror.netcologne.de/ubuntu/
 +MIRROR_TRISQUEL=http://mirror.fsf.org/trisquel/
  MIRROR_CENTOS=http://mirror.netcologne.de/
  
  EXCLUDE_SQUEEZE=isc-dhcp-client,isc-dhcp-common,info
@@@ -32,24 -34,19 +34,26 @@@ EXCLUDE_BUSTER
  EXCLUDE_BULLSEYE=
  EXCLUDE_BOOKWORM=
  EXCLUDE_TRIXIE=
+ EXCLUDE_FORKY=
  EXCLUDE_SID=
  
 +EXCLUDE_BELENOS=dhcp3-client,dhcp3-common,info
  EXCLUDE_TRUSTY=dhcp3-client,dhcp3-common,info
  EXCLUDE_XENIAL=udhcpc,dibbler-client,info
 +EXCLUDE_FLIDAS=udhcpc,dibbler-client,info
  EXCLUDE_BIONIC=udhcpc,dibbler-client,info
 +EXCLUDE_ETIONA=udhcpc,dibbler-client,info
  EXCLUDE_FOCAL=udhcpc,dibbler-client,info
 +EXCLUDE_NABIA=udhcpc,dibbler-client,info
- EXCLUDE_JAMMY=
- EXCLUDE_ARAMO=
+ EXCLUDE_JAMMY=udhcpc,dibbler-client,info
++EXCLUDE_ARAMO=udhcpc,dibbler-client,info
+ EXCLUDE_NOBLE=udhcpc,dibbler-client,info
  
  # here you can add packages, that are needed very early
  INCLUDE_DEBIAN=
 -
 +INCLUDE_ETIONA=ifupdown
 +INCLUDE_NABIA=ifupdown
 +INCLUDE_ARAMO=ifupdown
  
  setarch() {
  
@@@ -116,18 -113,11 +120,19 @@@ EO
  
  cleanup-deb() {
  
 +    if [[ $cmd ]]; then
 +        if [[ -e $cmd ]]; then
 +            cp "$cmd" $xtmp/tmp
 +            chroot $xtmp "/tmp/$cmd"
 +        else
 +            chroot $xtmp $cmd
 +        fi
 +    fi
      chroot $xtmp apt-get clean
      rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf \
            $xtmp/var/lib/apt/lists/*_* $xtmp/usr/bin/qemu-*-static \
-           $xtmp/etc/udev/rules.d/70-persistent-net.rules
+           $xtmp/etc/udev/rules.d/70-persistent-net.rules \
+           $xtmp/var/lib/dbus/machine-id
      > $xtmp/etc/machine-id
  }
  
@@@ -154,6 -144,30 +159,30 @@@ tarit() 
  }
  
  
+ rpmdist() {
+ 
+     local arch=$1
+     local vers=$2
+     local dist=$3
+     local domain=$(domainname)
+ 
+     check
+     setarch $arch
+     $l32 rinse --directory $xtmp --distribution $dist-$vers --arch $arch --before-post-install $xtmp/post
+     domainname $domain # workaround for #613377
+     cleanup-rinse
+     tarit
+ }
+ 
+ 
+ alma() {
+     rpmdist $1 $2 alma
+ }
+ 
+ rocky() {
+     rpmdist $1 $2 rocky
+ }
+ 
  centos() {
  
      local arch=$1
@@@ -195,11 -209,12 +224,11 @@@ debgeneric() 
      dist=${DIST%%[0-9][0-9]}
      local exc="EXCLUDE_$dist"
      [ -n "${!exc}" ] && exc="--exclude=${!exc}" || unset exc
 +    local inc="INCLUDE_$dist"
 +    [ -n "${!inc}" ] && inc="--include=${!inc}" || unset inc
      dist=${dist,,}
  
      check
 -    if [ -n "$INCLUDE_DEBIAN" ]; then
 -	local inc="--include=$INCLUDE_DEBIAN"
 -    fi
  
      if [ -n "$arch" ]; then
  	qemu-debootstrap --arch $arch ${exc} $inc $dist $xtmp $mirror
@@@ -220,6 -235,9 +249,9 @@@ prtdists() 
  
      echo "Available:
  
+     ALMA9_64
+     ROCKY8_64
+     ROCKY9_64
      CENTOS5_32   CENTOS5_64
      CENTOS6_32   CENTOS6_64
      CENTOS7_32   CENTOS7_64
@@@ -229,13 -247,10 +261,14 @@@
                   SLC7_64
      TRUSTY32     TRUSTY64
      XENIAL32     XENIAL64
 +                 FLIDAS64
                   BIONIC64
 +                 ETIONA64
                   FOCAL64
 +                 NABIA64
                   JAMMY64
 +                 ARAMO64
+                  NOBLE64
      SQUEEZE32    SQUEEZE64
      WHEEZY32     WHEEZY64
      JESSIE32     JESSIE64
@@@ -244,6 -259,7 +277,7 @@@
      BULLSEYE32   BULLSEYE64
      BOOKWORM32   BOOKWORM64
      TRIXIE32     TRIXIE64
+     FORKY32      FORKY64
      SID32        SID64
  "
  }
@@@ -253,18 -269,16 +287,18 @@@ usage() 
      cat <<EOF
  mk-basefile, create minimal base files for a Linux distritubtion
  
-    Copyright (C) 2011-2020 by Thomas Lange
+    Copyright (C) 2011-2023 by Thomas Lange
  
  Usage: mk-basefile [OPTION] ... DISTRIBUTION
  
     -s                   Show list of supported linux distributions
     -f ARCH              Build for foreign architecture ARCH.
     -d DIR               Use DIR for creating the temporary subtree structure.
-    -z                   Use gzip for compressing the tar file.
+    -z                   Use zstd for compressing the tar file.
     -J                   Use xz for compressing the tar file.
     -k                   Keep the temporary subtree structure, do not remove it.
 +   -x CMD               Run CMD in chroot. If CMD exists as a file, copy it and run it.
 +                        Debian based only
     -h                   Print help.
  
   Usage example: mk-basefile -J STRETCH64
@@@ -282,17 -296,16 +316,17 @@@ attributes
  cleanup=1
  attributes="--xattrs --selinux --acls"
  
 -while getopts ashzJd:kf: opt ; do
 +while getopts ashzJd:kf:x: opt ; do
      case "$opt" in
          a) echo "$0: Warning. -a is ignored, because xtattrs, acls and selinux are always added." ;;
          d) export TMPDIR=$OPTARG ;;
          f) export ARCH=$OPTARG ;;
-         z) zip="gzip -9"; ext=tar.gz ;;
+         z) zip="zstd -9"; ext=tar.zst ;;
          J) zip="xz -8" ext=tar.xz ;;
          k) cleanup=0 ;;
          h) usage ;;
          s) prtdists ; exit 0;;
 +        x) cmd="$OPTARG" ;;
          ?) exit 3 ;; # error in option parsing
      esac
  done
@@@ -316,16 -329,17 +350,19 @@@ case "$target" i
      CENTOS7_32) centos i386 7 ;;
      CENTOS7_64) centos amd64 7 ;;
      CENTOS8_64) centos amd64 8 ;;
+     ROCKY8_64) rocky amd64 8 ;;
+     ROCKY9_64) rocky amd64 9 ;;
+     ALMA9_64) alma amd64 9 ;;
      SLC5_32) slc i386 5 ;;
      SLC5_64) slc amd64 5 ;;
      SLC6_32) slc i386 6 ;;
      SLC6_64) slc amd64 6 ;;
      SLC7_64) slc amd64 7 ;;
 +    BELENOS*|FLIDAS*|ETIONA*|NABIA*|ARAMO*)
 +        debgeneric $target $MIRROR_TRISQUEL ;;
-     TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*)
+     TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*|NOBLE*)
          debgeneric $target $MIRROR_UBUNTU ;;
-     SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*|BULLSEYE*|BOOKWORM*|TRIXIE*|SID*)
+     SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*|BULLSEYE*|BOOKWORM*|TRIXIE*|FORKY*|SID*)
          debgeneric $target $MIRROR_DEBIAN $ARCH;;
      *) echo "Unknown distribution. Aborting."
         prtdists
diff --combined fai/config/class/DEBIAN.var
index a00d0f8,492d995..18b49b5
--- a/fai/config/class/DEBIAN.var
+++ b/fai/config/class/DEBIAN.var
@@@ -1,7 -1,6 +1,7 @@@
 -release=bookworm
 -apt_cdn=http://deb.debian.org
 -security_cdn=http://security.debian.org
 +# ian, commented, sources are set with fcopy
- # release=bullseye
++# release=bookworm
 +# apt_cdn=http://deb.debian.org
 +# security_cdn=http://security.debian.org
  
  # since bullseye Debian changed the suite name for security
  if [ $release = buster ]; then
@@@ -21,8 -20,28 +21,29 @@@ MODULESLIST="usbhid psmouse
  
  # if you have enough RAM (>2GB) you may want to enable this line. It
  # also puts /var/cache into a ramdisk.
 -#FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
 +# ian: uncommented
 +FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
  
  # if you want to use the faiserver as APT proxy
- # APTPROXY=http://faiserver:3142
+ #APTPROXY=http://faiserver:3142
+ 
+ 
+ # The linux-image package has different names for Debian and Ubuntu
+ if ifclass UBUNTU; then
+     kernelname=linux-image-generic
+ elif ifclass I386; then
+    kernelname=linux-image-686-pae
+ elif ifclass AMD64; then
+    kernelname=linux-image-amd64
+ fi
+ 
+ if [ -z "kernelname" ]; then
+     _arch=$(dpkg --print-architecture 2>/dev/null)
+     case $_arch in
+         i386)
+             kernelname=linux-image-686-pae ;;
+         *)
+             kernelname=linux-image-$_arch
+     esac
+     unset _arch
+ fi
diff --combined fai/config/class/FAIBASE.var
index 34d95ac,0e38a1f..2492def
--- a/fai/config/class/FAIBASE.var
+++ b/fai/config/class/FAIBASE.var
@@@ -1,5 -1,3 +1,5 @@@
 +#### from upstream example config, except where noted
 +
  # default values for installation. You can override them in your *.var files
  
  # allow installation of packages from unsigned repositories
@@@ -7,8 -5,11 +7,8 @@@ FAI_ALLOW_UNSIGNED=
  
  # Set UTC=yes if your system clock is set to UTC (GMT), and UTC=no if not.
  UTC=yes
 -TIMEZONE=Europe/Berlin
 -
 -# the hash of the root password for the new installed linux system
 -# pw is "fai"
 -ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
 +## changed from upstream. found in /usr/share/zoneinfo/, via fai-guide
 +TIMEZONE=US/Eastern
  
  # errors in tasks greater than this value will cause the installation to stop
  STOP_ON_ERROR=700
@@@ -16,9 -17,13 +16,13 @@@
  # set parameter for install_packages(8)
  MAXPACKAGES=800
  
+ # Account on the FAI server for saving log files and calling fai-chboot.
+ # Remove the hash character in the next line to activate this feature
+ #LOGUSER=fai
+ 
  # a user account will be created
 -username=demo
 -USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
 +#username=demo
 +#USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
  
  # set a default
  FAI_DEBOOTSTRAP="bookworm http://deb.debian.org/debian"
diff --combined fai/config/class/ROCKY.var
index 0000000,0000000..1ec7250
new file mode 100644
--- /dev/null
+++ b/fai/config/class/ROCKY.var
@@@ -1,0 -1,0 +1,9 @@@
++CONSOLEFONT=lat9v-16
++KEYMAP=us
++DEFAULTLOCALE=en_US.UTF-8
++SUPPORTEDLOCALE=en_US.UTF-8:en_US:en
++
++# if you install much software and have only few RAM, use the RAM disk
++# not for var/cache/yum
++#FAI_RAMDISKS="$target/var/lib/rpm $target/var/cache/yum"
++FAI_RAMDISKS="$target/var/lib/rpm"
diff --combined fai/config/class/UBUNTU.var
index 6a42495,0f99b95..a453a88
--- a/fai/config/class/UBUNTU.var
+++ b/fai/config/class/UBUNTU.var
@@@ -1,4 -1,2 +1,4 @@@
 -ubuntumirror=http://archive.ubuntu.com
 -ubuntudist=jammy
 +#iank, i define these by classes. commenting
 +# to make sure these arent used
 +#ubuntumirror=http://archive.ubuntu.com
- #ubuntudist=focal
++#ubuntudist=jammy
diff --combined fai/config/disk_config/CLOUD_EFI
index 0000000,0000000..0e15072
new file mode 100644
--- /dev/null
+++ b/fai/config/disk_config/CLOUD_EFI
@@@ -1,0 -1,0 +1,8 @@@
++# config for a disk image for a VM
++#
++# p=<partlabel> <mountpoint> <size>   <fs type> <mount options> <misc options>
++
++disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid align-at:1M
++
++p=efi  /boot/efi 64M   vfat  defaults  createopts="-F 32"
++p=root /         300-  ext4  rw,discard,barrier=0,noatime,errors=remount-ro tuneopts="-c 0 -i 0"
diff --combined fai/config/disk_config/ROCKY
index 0000000,0000000..7b03a39
new file mode 100644
--- /dev/null
+++ b/fai/config/disk_config/ROCKY
@@@ -1,0 -1,0 +1,13 @@@
++# example of new config file for setup-storage
++#
++# <type> <mountpoint> <size>   <fs type> <mount options> <misc options>
++
++# you may want to add "-O ^metadata_csum_seed" to createopts if the target
++# system is older than bullseye. See #866603, #1031415, #1031416 for more info.
++
++disk_config disk1 disklabel:msdos bootable:1 fstabkey:label
++
++primary /      4G-50G    ext4  rw,noatime,errors=remount-ro createopts="-L ROOT"
++
++logical swap   200-10G  swap  sw                           createopts="-L SWAP"
++logical /home  100-     ext4  rw,noatime,nosuid,nodev      createopts="-L HOME -m 1" tuneopts="-c 0 -i 0"
diff --combined fai/config/files/etc/apt/sources.list/DEBIAN_DEFAULT
index 0000000,0000000..74cec08
new file mode 100644
--- /dev/null
+++ b/fai/config/files/etc/apt/sources.list/DEBIAN_DEFAULT
@@@ -1,0 -1,0 +1,3 @@@
++deb {%apt_cdn%}/debian {%release%} main contrib non-free non-free-firmware
++deb {%security_cdn%}/debian-security {%secsuite%} main contrib non-free non-free-firmware
++deb {%apt_cdn%}/debian {%release%}-updates main contrib non-free non-free-firmware
diff --combined fai/config/files/etc/rc.local/LIVEISO
index 0000000,0000000..22fbe75
new file mode 120000
--- /dev/null
+++ b/fai/config/files/etc/rc.local/LIVEISO
@@@ -1,0 -1,0 +1,1 @@@
++CLOUD
diff --combined fai/config/files/etc/selinux/config/ROCKY
index 0000000,0000000..9878acb
new file mode 100644
--- /dev/null
+++ b/fai/config/files/etc/selinux/config/ROCKY
@@@ -1,0 -1,0 +1,12 @@@
++# This file controls the state of SELinux on the system.
++# SELINUX= can take one of these three values:
++#       enforcing - SELinux security policy is enforced.
++#       permissive - SELinux prints warnings instead of enforcing.
++#       disabled - No SELinux policy is loaded.
++SELINUX=disabled
++# SELINUXTYPE= can take one of these two values:
++#       targeted - Only targeted network daemons are protected.
++#       strict - Full SELinux protection.
++#       mls - Multi Level Security protection.
++SELINUXTYPE=targeted
++# SETLOCALDEFS= Check local definition changes
diff --combined fai/config/hooks/debconf.ROCKY
index 0000000,0000000..f98becd
new file mode 100755
--- /dev/null
+++ b/fai/config/hooks/debconf.ROCKY
@@@ -1,0 -1,0 +1,3 @@@
++#! /bin/bash
++
++skiptask debconf
diff --combined fai/config/hooks/instsoft.DEBIAN
index 34e6ebb,747af59..d6f1ad1
--- a/fai/config/hooks/instsoft.DEBIAN
+++ b/fai/config/hooks/instsoft.DEBIAN
@@@ -1,6 -1,5 +1,6 @@@
  #! /bin/bash
  
 +set -x
  # if package locales will be installed, then install it early, before
  #  other packages
  if [ $FAI_ACTION != "install" -a $FAI_ACTION != "dirinstall" ]; then
@@@ -8,6 -7,7 +8,6 @@@
  fi
  
  fcopy -Bi /etc/apt/apt.conf.d/force_confdef
 -ainsl -a  /etc/ucf.conf "^conf_force_conffold=YES"
  
  # in case the locales are already included inside the base file (Ubuntu)
  if [ -f $target/usr/sbin/locale-gen ]; then
@@@ -23,3 -23,6 +23,6 @@@ if [ $? -eq 0 ]; the
  	$ROOTCMD apt-get -y install locales > /dev/null
      fi
  fi
+ 
+ # use zstd for dracut initrd
+ ainsl -av /etc/dracut.conf.d/11-debian.conf "compress=zstd"
diff --combined fai/config/hooks/repository.ROCKY
index 0000000,0000000..32e53c3
new file mode 100755
--- /dev/null
+++ b/fai/config/hooks/repository.ROCKY
@@@ -1,0 -1,0 +1,27 @@@
++#! /bin/bash
++
++# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++if [ $FAI_ACTION = "install" ]; then
++    ctam
++    [ -L $target/etc/mtab ] || cp /etc/mtab $target/etc/mtab
++
++    cat > $target/etc/sysconfig/network <<-EOF
++		NETWORKING=yes
++		HOSTNAME=$HOSTNAME.$DOMAIN
++		EOF
++    echo "127.0.0.1 localhost" > $target/etc/hosts
++    ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME"
++    cp /etc/resolv.conf $target/etc
++fi
++
++fcopy -riv /etc/yum.repos.d/
++
++# disable the fastestmirror plugin
++#fai-sed 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
++
++skiptask repository
++
++exit $error
diff --combined fai/config/hooks/subroutines
index 0000000,0000000..816ead1
new file mode 100755
--- /dev/null
+++ b/fai/config/hooks/subroutines
@@@ -1,0 -1,0 +1,31 @@@
++#! /bin/bash
++
++# This file is sourced during task_setup
++# you can define your own functions and use them later, for e.g.
++# in scripts/...
++
++
++cleanup_base() {
++
++    rm -f $target/etc/mailname \
++       $target/etc/machine-id \
++       $target/var/lib/dbus/machine-id \
++       $target/var/log/install_packages.list
++
++    > $target/etc/machine-id
++    shred --remove $target/etc/ssh/ssh_host_*
++}
++
++
++cleanup_dpkg_apt() {
++
++    rm -f  $target/var/log/alternatives.log \
++       $target/var/log/apt/* \
++       $target/var/log/bootstrap.log \
++       $target/var/log/dpkg.log
++
++    rm -rf $target/var/cache/apt/*
++    rm -rf $target/var/lib/apt/lists/*
++    rm -f $target/var/lib/dpkg/available*
++    rm -f -- $target/var/lib/dpkg/*-old
++}
diff --combined fai/config/hooks/updatebase.ROCKY
index 0000000,0000000..dd418d8
new file mode 100755
--- /dev/null
+++ b/fai/config/hooks/updatebase.ROCKY
@@@ -1,0 -1,0 +1,25 @@@
++#! /bin/bash
++
++if [ ! -f $target/etc/resolv.conf ]; then
++    cp /etc/resolv.conf $target/etc
++fi
++
++if [ X$verbose = X1 ]; then
++	echo "Updating base"
++	$ROOTCMD yum -y update |& tee -a $LOGDIR/software.log
++else
++	$ROOTCMD yum -y update >> $LOGDIR/software.log
++fi
++
++$ROOTCMD systemd-machine-id-setup
++
++cat > $target/etc/sysconfig/kernel <<EOF
++# UPDATEDEFAULT specifies if new-kernel-pkg should make
++# new kernels the default
++UPDATEDEFAULT=yes
++
++# DEFAULTKERNEL specifies the default kernel package type
++DEFAULTKERNEL=kernel-core
++EOF
++
++skiptask updatebase
diff --combined fai/config/package_config/DEBIAN
index 6e43c23,bfa4a95..e3ced93
--- a/fai/config/package_config/DEBIAN
+++ b/fai/config/package_config/DEBIAN
@@@ -1,45 -1,59 +1,48 @@@
 -PACKAGES install-norec
 -#cryptsetup-initramfs # needed if you use an encrypted partition
 -bash-completion
 -debconf-utils
 -file
 -zstd
 -less
 -linuxlogo
 -rsync
 -openssh-client openssh-server
 -time
 -procinfo
 -nullmailer
 -sudo
 -locales
 -console-setup kbd
 -pciutils usbutils
 -unattended-upgrades
 +# otherwise sshd takes like 10 seconds to start.
 +# not sure if this applies to bullseye or just buster, installing it so i dun have to worry.
 +PACKAGES install BUSTER BULLSEYE BOOKWORM
 +haveged
  
  PACKAGES install NONFREE
  # you may want these non-free kernel drivers
  firmware-bnx2 firmware-bnx2x firmware-realtek
  firmware-linux-nonfree
  # a list of firmware for wifi/wireless
- atmel-firmware firmware-atheros firmware-brcm80211
- firmware-iwlwifi firmware-libertas firmware-ralink firmware-zd1211
+ firmware-misc-nonfree
+ atmel-firmware firmware-ath9k-htc firmware-brcm80211
+ firmware-iwlwifi firmware-libertas firmware-zd1211
  firmware-brcm80211 firmware-ti-connectivity
  firmware-netronome firmware-netxen firmware-realtek
  firmware-cavium
  # firmware-ipw2x00 # needs a debconf question
  
- PACKAGES install I386
- linux-image-686-pae
+ # needed for a live ISO
+ PACKAGES install-norec LIVEISO
+ dracut dracut-live dracut-squash grub-pc grub-efi-amd64-bin
+ 
+ PACKAGES install-norec I386 AMD64
  memtest86+
  
- PACKAGES install CHROOT
+ PACKAGES install-norec CHROOT
  linux-image-686-pae-
  linux-image-amd64-
 +initramfs-tools-core-
 +dropbear-initramfs-
  
- PACKAGES install AMD64
- linux-image-amd64
+ PACKAGES install-norec AMD64
+ ${kernelname} # see class/DEBIAN.var
  memtest86+
  
- PACKAGES install ARM64
+ PACKAGES install-norec ARM64
+ ${kernelname} # see class/DEBIAN.var
  grub-efi-arm64
- linux-image-arm64
  
- # this is duplicate with STANDARD.
- #PACKAGES install GRUB_PC
 -PACKAGES install-norec GRUB_PC
 -grub-pc
++# iank this is duplicate with STANDARD.
++#PACKAGES install-norec GRUB_PC
 +#grub-pc
  
- #PACKAGES install GRUB_EFI
- #grub-efi
- 
 -PACKAGES install-norec GRUB_EFI
 -grub-efi dosfstools
++#PACKAGES install-norec GRUB_EFI
++#grub-efi dosfstools
  
  PACKAGES install LVM
  lvm2
diff --combined fai/config/package_config/ROCKY
index 0000000,0000000..b0eaa80
new file mode 100644
--- /dev/null
+++ b/fai/config/package_config/ROCKY
@@@ -1,0 -1,0 +1,38 @@@
++PACKAGES dnfgroup
++core
++minimal-environment
++#server-product-environment
++#headless-management
++
++PACKAGES dnfgroup XORG
++graphical-server-environment
++workstation-product-environment
++
++PACKAGES dnfi
++NetworkManager
++dbus-broker # needed by systemd
++chrony
++kernel
++dracut
++less
++openssh
++openssh-clients
++openssh-server
++vim-enhanced
++man
++curl
++unzip
++which
++ncurses ncurses-base
++coreutils-common
++libibverbs # needed for nc, but missing dependency
++
++PACKAGES dnfi GRUB_PC
++grub2-pc
++
++PACKAGES dnfi GRUB_EFI
++grub2-efi
++
++
++PACKAGES dnfi LVM
++lvm2
diff --combined fai/config/package_config/STANDARD
index 4404513,b515458..c0726e6
--- a/fai/config/package_config/STANDARD
+++ b/fai/config/package_config/STANDARD
@@@ -18,63 -18,14 +18,63 @@@ man-d
  manpages
  mime-support
  ncurses-term
 -netcat-traditional
  openssh-client
  pciutils
  perl
 +# ian: newer distros dont have python, it gets naturally removed
 +python
 +python-minimal
 +python3
 +python3-minimal
  reportbug
  telnet
  traceroute
  ucf
  xz-utils
 -python3
 -python3-minimal
 +# ian standard packages
 +# lsof is used in my btrfs util scritps.
 +# netcat is used for proxy.
 +lvm2
 +keyutils
 +cryptsetup
 +btrfs-progs
 +sudo
 +bridge-utils
 +netcat-openbsd
 +lsof
 +debconf-utils
 +file
 +less
 +rsync
 +openssh-client openssh-server
 +time
 +procinfo
 +locales
 +console-setup kbd
 +pciutils usbutils
 +unattended-upgrades
 +initramfs-tools-core
 +dropbear-initramfs
 +apt-transport-https
 +# ifupdown because etiona doesnt have it by default
 +# and fai scripts want to call ifquery.
 +ifupdown
 +netplan.io-
 +libnss-resolve
 +publicsuffix
 +iso-codes
 +# new package buster/nabia+
 +cryptsetup-initramfs
 +# for btrbk
 +zstd
 +
 +# iank, copied from DEBIAN so it goes into ubuntu too
 +PACKAGES install GRUB_PC
 +grub-pc
 +
 +PACKAGES install GRUB_EFI
 +# normally would have just grub-efi
 +# but theres a dependency problem with it in nabia: for some reason it depends on
 +# a version in security, but theres a later version in updates that the system
 +# really wants to install.
- grub-efi-amd64
++grub-efi-amd64 dosfstools
diff --combined fai/config/package_config/UBUNTU
index e672026,96533c4..ffc878a
--- a/fai/config/package_config/UBUNTU
+++ b/fai/config/package_config/UBUNTU
@@@ -1,21 -1,18 +1,30 @@@
 -# the kernel is now defined in DEBIAN
 +PACKAGES install I386
 +linux-image-generic
 +memtest86+
  
 -PACKAGES install
 -ubuntu-minimal
 -ubuntu-server
 +PACKAGES install CHROOT
 +linux-image-generic-
 +
 +PACKAGES install AMD64
 +linux-image-generic
 +memtest86+
 +
- 
 +PACKAGES install FLIDAS64 XENIAL64
 +linux-image-generic-hwe-8.0
 +
 +PACKAGES install NABIA64 FOCAL64
 +linux-image-generic-
 +linux-image-generic-hwe-20.04
  
+ PACKAGES install XORG
+ ubuntu-server-
+ ubuntu-standard
+ ubuntu-desktop
+ 
  PACKAGES install GERMAN
  language-pack-gnome-de
+ 
+ PACKAGES install CHROOT
+ # a chroot does not need a kernel.
+ # See class/DEBIAN.var for the exact package name
+ ${kernelname}-
diff --combined fai/config/scripts/DEBIAN/40-misc
index 54ca499,3742a41..e52ebe9
--- a/fai/config/scripts/DEBIAN/40-misc
+++ b/fai/config/scripts/DEBIAN/40-misc
@@@ -3,22 -3,6 +3,22 @@@
  # (c) Thomas Lange, 2001-2016, lange@debian.org
  # (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
  
 +
 +# on ubuntu 16.04 which didn't run this script, some things which didn't
 +# apply:
 +# /etc/dpkg/dpkg.cfg.d/fai didn't exist,
 +# machine-id was already setup.
 +
 +# on that system and a debian stretch system, after reboot,
 +# some things done here don't seem to persist:
 +# some thin/etc/mtab is symlink somewhere else,
 +# and mailname is $HOSTNAME.lan
 +
 +# the adjtime thing is to support changing the system clock
 +# from representing UTC (the default) to localtime (windows default).
 +
 +# afaik, the only useful thing here for me is setting /etc/hostname
 +
  error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
  
  # a list of modules which are loaded at boot time
@@@ -32,16 -16,16 +32,16 @@@ if [ ! -e $target/etc/adjtime ]; the
      printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime
  fi
  if [ "$UTC" = "yes" ]; then
-     sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime
+     fai-sed 's:^LOCAL$:UTC:' /etc/adjtime
  else
-     sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime
+     fai-sed 's:^UTC$:LOCAL:' /etc/adjtime
  fi
  
  # enable linuxlogo
  if [ -f $target/etc/inittab ]; then
-     sed -i -e 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' ${target}/etc/inittab
+     fai-sed 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' /etc/inittab
  elif [ -f $target/lib/systemd/system/getty@.service ]; then
-     sed -i -e 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' $target/lib/systemd/system/getty@.service
+     fai-sed 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' /lib/systemd/system/getty@.service
  fi
  
  # make sure a machine-id exists
@@@ -53,9 -37,9 +53,9 @@@ if [ X"$(stat -c '%s' $target/etc/machi
      $ROOTCMD systemd-machine-id-setup
  fi
  
- ln -fs /proc/mounts $target/etc/mtab
+ fai-link /etc/mtab ../proc/self/mounts
  
- rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io
+ rm -f $target/etc/dpkg/dpkg.cfg.d/unsafe-io
  
  if [ -d /etc/fai ]; then
      if ! fcopy -Mv /etc/fai/fai.conf; then
diff --combined fai/config/scripts/FAIBASE/15-root-ssh-key
index 0000000,0000000..db692ad
new file mode 100755
--- /dev/null
+++ b/fai/config/scripts/FAIBASE/15-root-ssh-key
@@@ -1,0 -1,0 +1,35 @@@
++#! /bin/bash
++
++# (c) Thomas Lange, 2022, lange@debian.org
++#
++# Add public ssh key for user root to get login access
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++SSHDIR=$target/root/.ssh
++AUKEY=$SSHDIR/authorized_keys
++
++# reverse order of classes
++for c in $classes; do
++    revclasses="$c $revclasses"
++done
++
++for c in $revclasses; do
++    if [ -f $FAI/files/root-ssh-key/$c ]; then
++        if [ -f $AUKEY ]; then
++            cmp -s $FAI/files/root-ssh-key/$c $AUKEY
++            if [ $? -eq 0 ]; then
++                exit
++            fi
++        fi
++        if [ ! -d $SSHDIR ]; then
++            mkdir -m 700 $SSHDIR
++        fi
++        cp -v $FAI/files/root-ssh-key/$c $AUKEY
++        chown root:root $AUKEY
++        chmod 700 $AUKEY
++        break
++    fi
++done
++
++exit $error
diff --combined fai/config/scripts/GRUB_PC/10-setup
index 11535f1,b23cf36..ed8d878
--- a/fai/config/scripts/GRUB_PC/10-setup
+++ b/fai/config/scripts/GRUB_PC/10-setup
@@@ -3,7 -3,11 +3,12 @@@
  
  error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
  
 +set -x
+ # do only execute for Debian and similar distros
+ if ! ifclass DEBIAN ; then
+     exit 0
+ fi
+ 
  set -a
  
  # do not set up grub during dirinstall
@@@ -20,6 -24,11 +25,11 @@@ f
  # disable os-prober because of #802717
  ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true'
  
+ # efivars may still be mounted from the host system during fai-diskimage
+ if [ -d $target/sys/firmware/efi/efivars ]; then
+     umount $target/sys/firmware/efi/efivars
+ fi
+ 
  # skip the rest, if not an initial installation
  if [ $FAI_ACTION != "install" ]; then
      $ROOTCMD update-grub
@@@ -56,7 -65,6 +66,7 @@@ f
  
  # Check if RAID is used for the boot device
  if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then
 +    GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE)
      raiddev=${BOOT_DEVICE#/dev/}
      # install grub on all members of RAID
      for device in $(LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; s/(nvme.+?)p/$1/g; print }' /proc/mdstat); do
@@@ -72,17 -80,13 +82,17 @@@
      # remove last ,
      mbrdevices=${mbrdevices%, }
  else
 -    mbrdevices=$(get_stable_devname $BOOT_DEVICE)
 +  for dev in $BOOT_DEVICE; do
 +    mbrdev=$(get_stable_devname $dev)
      if [ -z "$mbrdevices" ]; then
 -	# if we cannot find a persistent name (for e.g. in a VM) use old name
 -	mbrdevices=$BOOT_DEVICE
 +      # if we cannot find a persistent name (for e.g. in a VM) use old name
 +      mbrdevices+="$dev, "
      fi
 -    echo "Installing grub on $BOOT_DEVICE = $mbrdevices"
 -    $ROOTCMD grub-install --no-floppy "$mbrdevices"
 +    echo "Installing grub on $dev = $mbrdev"
 +    $ROOTCMD grub-install --no-floppy "$mbrdev"
 +  done
 +  # remove trailing ,
 +  mbrdevices=${mbrdevices%, }
  fi
  
  echo "grub-pc grub-pc/install_devices multiselect $mbrdevices" | $ROOTCMD debconf-set-selections
diff --combined fai/config/scripts/LAST/50-misc
index 831f15d,b80e846..e7b9e6d
--- a/fai/config/scripts/LAST/50-misc
+++ b/fai/config/scripts/LAST/50-misc
@@@ -4,6 -4,11 +4,11 @@@
  
  error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
  
+ # remove crypt password from format.log
+ if [ -f $LOGDIR/format.log ]; then
+     perl -i -pane "s/Executing: yes '.+?' \| cryptsetup/Executing: yes 'XXXXXXXXXXXXX' | cryptsetup/" $LOGDIR/format.log
+ fi
+ 
  if [ "$FAI_ACTION" = "dirinstall" -o $do_init_tasks -eq 0 ] ; then
    :
  else
@@@ -15,15 -20,18 +20,19 @@@
      fi
    fi
  
-   # i use dm for crypt, not lvm, so this gives false positive. todo, send patch to remove this
-   # upstream.
-   # usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l)
-   # if [ $usedm -ne 0 ]; then
-   #   if [ ! -d $target/etc/lvm ]; then
-   #       echo ERROR: Found lvm devices, but the lvm2 package was not installed
-   #       error=1
-   #   fi
-   # fi
+   if [ -f $target/etc/crypttab ] && [ ! -f $target/sbin/cryptsetup ]; then
+       echo ERROR: Encrypted devices used, but the crypsetup package was not installed.
+       echo ERROR: You want to add cryptsetup-initramfs or dracut to some package_config file.
+   fi
+ 
++  # note, if we used dm for crypt, not lvm, so would givee false positive. todo, send patch to fix
+   usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l)
+   if [ $usedm -ne 0 ]; then
+     if [ ! -d $target/etc/lvm ]; then
+ 	echo ERROR: Found lvm devices, but the lvm2 package was not installed
+ 	error=1
+     fi
+   fi
  fi
  
  # remove backup files from cfengine, but only if cfengine is installed
@@@ -47,7 -55,7 +56,7 @@@ if [ $do_init_tasks -eq 1 ] ; the
  fi
  
  # Make sure everything is configured properly
 -if ifclass DEBIAN ; then
 +if ifclass DEBIAN || ifclass UBUNTU; then
          $ROOTCMD apt-get -f install -y
  fi
  
@@@ -74,7 -82,7 +83,7 @@@ setrel() 
  	return
      fi
  
-     dists="jessie stretch buster bullseye bookworm trixie jammy focal bionic xenial trusty aramo nabia etiona"
 -    dists="jessie stretch buster bullseye bookworm trixie forky noble jammy focal bionic xenial trusty"
++    dists="jessie stretch buster bullseye bookworm trixie forky noble jammy focal bionic xenial trusty aramo nabia etiona"
      for d in $dists; do
  	if grep -iq $d $target/etc/os-release; then
  	    release=$d
@@@ -85,18 -93,31 +94,31 @@@
  
  # if installation was done from CD, replace useless sources.list
  setrel
- if [ -f $target/etc/apt/sources.list -a -n "$release" ]; then
-     grep -q 'file generated by fai-cd' $target/etc/apt/sources.list && cat <<EOF > $target/etc/apt/sources.list
- deb $apt_cdn/debian $release main contrib non-free
- deb $security_cdn/debian-security ${secsuite} main contrib non-free
+ if [ -f $target/etc/apt/sources.list ] && [ -n "$release" ]; then
+     if grep -q 'file generated by fai-cd' $target/etc/apt/sources.list; then
+         echo "Create new sources.list for $release"
+         cat <<EOF > $target/etc/apt/sources.list
+ deb $apt_cdn/debian $release main contrib non-free non-free-firmware
+ deb $security_cdn/debian-security ${secsuite} main contrib non-free non-free-firmware
  #deb [trusted=yes] http://fai-project.org/download $release koeln
  EOF
+     fi
      # if the package fai-server was installed, enable the project's repository
      if dpkg-query --admindir=$target/var/lib/dpkg -W fai-server >/dev/null 2>&1; then
- 	sed -i -e '/fai-project.org/s/^#//' $target/etc/apt/sources.list
+ 	fai-sed '/fai-project.org/s/^#//' /etc/apt/sources.list
      fi
  fi
  
+ # install default sources.list for Debian based distributions
+ if [ -d $target/etc/apt ] && [ ! -f $target/etc/apt/sources.list ]; then
+     fcopy -Svc DEBIAN_DEFAULT /etc/apt/sources.list
+ fi
+ 
+ # older releases do not have the non-free-firmware section
+ if [ -n "$release" ] && [[ "buster bullseye" =~ "$release" ]]; then
+     sed -i -e 's/non-free-firmware//g' $target/etc/apt/sources.list
+ fi
+ 
  # for ARM architecture, we may need the kernel and initrd to boot or flash the device
  if ifclass ARM64; then
      cp -pv $target/boot/vmlinuz* $target/boot/initrd* $FAI_RUNDIR
diff --combined fai/config/scripts/LIVEISO/20-initrd
index 0000000,0000000..4dcbc66
new file mode 100755
--- /dev/null
+++ b/fai/config/scripts/LIVEISO/20-initrd
@@@ -1,0 -1,0 +1,15 @@@
++#! /bin/bash
++
++# create an initrd for booting from ISO
++
++# get highest kernel version
++ver=$(ls -r1 $target/boot/initrd.img-*|tail -1| sed 's/.\+initrd.img-//')
++if [ -z "$ver" ]; then
++    echo "ERROR: no initrd found in $0"
++    exit 9
++fi
++
++rm $target/boot/initrd.img-$ver
++$ROOTCMD dracut -N --zstd --filesystems ext4 -a "dmsquash-live " -o"btrfs crypt dash lvm resume usrmount modsign mdraid shutdown virtfs" /boot/initrd.img-$ver $ver
++
++echo ISO initrd was created
diff --combined fai/config/scripts/LIVEISO/90-cleanup
index 0000000,0000000..08828d2
new file mode 100755
--- /dev/null
+++ b/fai/config/scripts/LIVEISO/90-cleanup
@@@ -1,0 -1,0 +1,7 @@@
++#! /bin/bash
++
++# this is defined in hooks/subroutines
++cleanup_dpkg_apt
++cleanup_base
++
++echo cleanup for live ISO done
diff --combined fai/config/scripts/ROCKY/10-security
index 0000000,0000000..566c3f4
new file mode 100755
--- /dev/null
+++ b/fai/config/scripts/ROCKY/10-security
@@@ -1,0 -1,0 +1,14 @@@
++#! /bin/bash
++
++# (c) Michael Goetze, 2010-11, mgoetze@mgoetze.net
++# Thomas Lange, 2015-2020
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++$ROOTCMD usermod -p $ROOTPW root
++
++fcopy -v /etc/selinux/config
++$ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot
++chmod a+rx $target
++
++exit $error
diff --combined fai/config/scripts/ROCKY/30-mkinitrd
index 0000000,0000000..4d86bec
new file mode 100755
--- /dev/null
+++ b/fai/config/scripts/ROCKY/30-mkinitrd
@@@ -1,0 -1,0 +1,25 @@@
++#! /bin/bash
++
++# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
++# (c) Thomas Lange, 2011, Uni Koeln
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++ainsl -v /etc/fstab "proc	/proc	proc	defaults	0 0"
++ainsl -v /etc/fstab "sysfs	/sys	sysfs	auto		0 0"
++
++version=$($ROOTCMD rpm -qv kernel | cut -d- -f2-)
++
++
++if [ -f $target/etc/lvm/lvm.conf ]; then
++     fai-sed 's/use_lvmetad = 1/use_lvmetad = 0/' /etc/lvm/lvm.conf
++     ainsl -av /etc/dracut.conf.d/fai.conf 'add_dracutmodules+=" lvm "'
++fi
++
++
++# add filesystem driver into initrd
++ainsl -av /etc/dracut.conf.d/fai.conf 'filesystems+=" ext4 "'
++$ROOTCMD dracut -v --kver $version --force
++
++
++exit $error
diff --combined fai/config/scripts/ROCKY/40-install-grub
index 0000000,0000000..5590ded
new file mode 100755
--- /dev/null
+++ b/fai/config/scripts/ROCKY/40-install-grub
@@@ -1,0 -1,0 +1,87 @@@
++#! /bin/bash
++
++# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
++# (c) Thomas Lange 2014
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++if [ -r $LOGDIR/disk_var.sh ] ; then
++	. $LOGDIR/disk_var.sh
++else
++	echo "disk_var.sh not found!"
++	exit 1
++fi
++
++
++# CentOS 7 does not have a device.map file, so generate one
++if [ -d $target/boot/grub2 -a ! -f $target/boot/grub2/device.map ]; then
++    echo "# Generated by FAI" >> $target/boot/grub2/device.map
++    centosdisks=$(awk '/[sv]d.$/ {print $4}' /proc/partitions | sort)
++    dcount=0
++    for d in $centosdisks; do
++        echo "(hd$dcount)    /dev/$d" >> $target/boot/grub2/device.map
++        dcount=$((dcount + 1))
++    done
++fi
++
++bootdev=$(device2grub $BOOT_DEVICE)
++bootpart=$(device2grub $BOOT_PARTITION)
++version=$($ROOTCMD rpm -qv kernel | cut -d- -f2-)
++
++if grep '[[:space:]]/boot[[:space:]]' $LOGDIR/fstab; then
++	bootdir=''
++else
++	bootdir='/boot'
++fi
++
++mount -o bind /dev $target/dev
++
++if [ -f $target/usr/sbin/grub2-install ]; then
++
++    # CentOS 7
++    $ROOTCMD grub2-install --no-floppy "$BOOT_DEVICE"
++    $ROOTCMD grub2-mkconfig --output=/boot/grub2/grub.cfg
++else
++
++$ROOTCMD grub-install --just-copy
++
++$ROOTCMD grub --device-map=/dev/null --no-floppy --batch <<-EOF
++	device $bootdev $BOOT_DEVICE
++	root $bootpart
++	setup $bootdev
++	quit
++	EOF
++
++ln -s ./menu.lst $target/boot/grub/grub.conf
++
++if [ -f $target/boot/grub/splash.xpm.gz ]; then
++	pretty="splashimage=$bootpart$bootdir/grub/splash.xpm.gz"
++else
++	pretty="color cyan/blue white/blue"
++fi
++
++title=$(head -1 $target/etc/redhat-release)
++
++cat > $target/boot/grub/grub.conf <<-EOF
++	timeout 5
++	default 0
++	$pretty
++	hiddenmenu
++	
++	title $title
++	  root $bootpart
++	  kernel $bootdir/vmlinuz-$version root=$ROOT_PARTITION ro
++	  initrd $bootdir/initramfs-$version.img
++	EOF
++
++fi
++
++umount $target/dev
++
++echo ""
++echo "Grub installed on $BOOT_DEVICE = $bootdev"
++echo "Grub boot partition is $BOOT_PARTITION = $bootpart"
++echo "Root partition is $ROOT_PARTITION"
++echo "Boot kernel: $version"
++
++exit $error
diff --combined fai/config/scripts/ROCKY/50-sysconfig
index 0000000,0000000..e9054b6
new file mode 100755
--- /dev/null
+++ b/fai/config/scripts/ROCKY/50-sysconfig
@@@ -1,0 -1,0 +1,35 @@@
++#! /bin/bash
++
++# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
++
++error=0 ; trap "error=$((error|1))" ERR
++
++cat > $target/etc/sysconfig/clock <<-EOF
++	UTC=$UTC
++	ZONE=$TIMEZONE
++	EOF
++cat > $target/etc/sysconfig/i18n <<-EOF
++	LANG="$DEFAULTLOCALE"
++	SUPPORTED="$SUPPORTEDLOCALE"
++	SYSFONT="$CONSOLEFONT"
++	EOF
++cat > $target/etc/sysconfig/keyboard <<-EOF
++	KEYBOARDTYPE="pc"
++	KEYTABLE="$KEYMAP"
++	EOF
++
++# can not be used, because we still not use systemd in FAI
++# $ROOTCMD localectl set-locale LANG=$DEFAULTLOCALE
++
++cat > $target/etc/locale.conf <<-EOF
++	LANG="$DEFAULTLOCALE"
++	EOF
++if [ -f $target/usr/lib/locale/locale-archive.tmpl \
++     -a  ! -s $target/usr/lib/locale/locale-archive ]; then
++    mv $target/usr/lib/locale/locale-archive.tmpl $target/usr/lib/locale/locale-archive
++fi
++
++fcopy -iv /etc/sysconfig/i18n /etc/sysconfig/keyboard
++
++exit $error
++
diff --combined fai/config/scripts/ROCKY/60-network-scripts
index 0000000,0000000..9777418
new file mode 100755
--- /dev/null
+++ b/fai/config/scripts/ROCKY/60-network-scripts
@@@ -1,0 -1,0 +1,81 @@@
++#! /bin/bash
++
++error=0 ; trap "error=$((error|1))" ERR
++
++ifcfg_config() {
++
++    cat > $target/etc/sysconfig/network-scripts/ifcfg-$NIC1 <<-EOF
++		# generated by FAI
++		TYPE=Ethernet
++		PROXY_METHOD=none
++		BOOTPROTO=dhcp
++		DEFROUTE=yes
++		BROWSER_ONLY=no
++		IP4_FAILURE_FATAL=no
++		IPV6INIT=no
++		IPV6_AUTOCONF=no
++		NAME=$NIC1
++		DEVICE=$NIC1
++		ONBOOT=yes
++	EOF
++}
++
++nm_config() {
++
++    uuid=$(uuidgen)
++
++    cat > $target/etc/NetworkManager/system-connections/${NIC1}.nmconnection << EOF
++
++# generated by FAI
++[connection]
++id=$NIC1
++uuid=$uuid
++type=ethernet
++autoconnect-priority=-999
++interface-name=$NIC1
++
++[ethernet]
++
++[ipv4]
++method=auto
++
++[ipv6]
++addr-gen-mode=eui64
++method=auto
++
++[proxy]
++EOF
++
++    chmod 600 $target/etc/NetworkManager/system-connections/${NIC1}.nmconnection
++}
++
++
++
++# determine predictable network names
++fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH"
++for field in $fields; do
++    name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p")
++    if [[ $name ]]; then
++        NIC1=$name
++        break
++    fi
++done
++if [[ ! $name ]]; then
++    echo "$0: error: could not find systemd predictable network name. Using $NIC1."
++fi
++
++if [ $FAI_ACTION != "softupdate" ] && ifclass DHCPC; then
++    . $target/etc/os-release
++    major=$(echo ${VERSION_ID} | awk -F '.' '{ print $1 }')
++
++    if [ $major -lt 9 ]; then
++        ifcfg_config
++    else
++        nm_config
++    fi
++fi
++
++fcopy -iv /etc/sysconfig/network /etc/resolv.conf /etc/networks
++fcopy -ivr /etc/sysconfig/network-scripts
++
++exit $error
diff --combined fai/config/scripts/ROCKY/80-misc
index 0000000,0000000..09c8d49
new file mode 100755
--- /dev/null
+++ b/fai/config/scripts/ROCKY/80-misc
@@@ -1,0 -1,0 +1,21 @@@
++#! /bin/bash
++
++error=0 ; trap "error=$((error|1))" ERR
++
++# add a $username user account
++if [ -n "$username" ]; then
++    if ! $ROOTCMD getent passwd $username ; then
++	$ROOTCMD adduser -c "$username user" $username
++	$ROOTCMD usermod -p "$USERPW" $username
++    fi
++fi
++
++# enable graphical login screen, make run level 5 as default
++if [ -f $target/usr/sbin/gdm ]; then
++    fai-sed 's/id:3:initdefault:/id:5:initdefault:/' /etc/inittab
++    # do not run this tool
++    echo "RUN_FIRSTBOOT=NO" > $target/etc/sysconfig/firstboot
++fi
++
++exit $error
++
diff --combined fai/config/scripts/ROCKY/90-cleanup
index 0000000,0000000..2eadacd
new file mode 100755
--- /dev/null
+++ b/fai/config/scripts/ROCKY/90-cleanup
@@@ -1,0 -1,0 +1,3 @@@
++#! /bin/bash
++
++$ROOTCMD yum clean all