From 839b3cf02ad7e8900b3d685d54449f11e7b60b60 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Wed, 17 Apr 2024 22:19:50 -0400 Subject: [PATCH 01/16] more complete copyright notices --- README | 17 +++++++++++++++++ encrypt | 7 +++++++ encrypt.upstream | 4 ++++ fai/config/distro-install-common/devbyid | 16 ++++++++++++++++ myfai-chboot | 16 ++++++++++++++++ myfai-chboot-local | 17 +++++++++++++++++ mymk-basefile | 16 ++++++++++++++++ wrt-init | 17 +++++++++++++++++ wrt-setup-local | 4 ++-- 9 files changed, 112 insertions(+), 2 deletions(-) diff --git a/README b/README index 5d8a7c2..da28e4e 100644 --- a/README +++ b/README @@ -1,3 +1,20 @@ +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + PXE install w multi-boot, btrfs & Libreboot support Some things are specific to my home network, and uses files with secrets diff --git a/encrypt b/encrypt index 89cc95f..9f80d34 100644 --- a/encrypt +++ b/encrypt @@ -1,4 +1,11 @@ #!/usr/bin/ash + +# This file is a modification of the file encrypt in cryptsetup package +# in arch. The original version is encrypt.upstream in the repo at +# https://iankelling.org/git/?p=automated-distro-installer. It did not +# come with a license notice in the file, but I remember that it is +# GPLv2-or-later. + run_hook() { set -x echo $0 diff --git a/encrypt.upstream b/encrypt.upstream index 819c4cf..39c8f16 100644 --- a/encrypt.upstream +++ b/encrypt.upstream @@ -1,5 +1,9 @@ #!/usr/bin/ash +# This file is from the cryptsetup package in arch. The only +# modification is this comment. It did not come with a license notice in +# the file, but I remember that it is GPLv2-or-later. + run_hook() { modprobe -a -q dm-crypt >/dev/null 2>&1 [ "${quiet}" = "y" ] && CSQUIET=">/dev/null" diff --git a/fai/config/distro-install-common/devbyid b/fai/config/distro-install-common/devbyid index af97643..733b840 100755 --- a/fai/config/distro-install-common/devbyid +++ b/fai/config/distro-install-common/devbyid @@ -1,4 +1,20 @@ #!/bin/bash +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # input eg: /dev/sda1 or /dev/sda # output: /dev/disk/by-id/model+serial, or if no link exists, the same as input diff --git a/myfai-chboot b/myfai-chboot index 308b1c7..743859a 100755 --- a/myfai-chboot +++ b/myfai-chboot @@ -1,4 +1,20 @@ #!/bin/bash +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR diff --git a/myfai-chboot-local b/myfai-chboot-local index c631d56..4cef9a5 100755 --- a/myfai-chboot-local +++ b/myfai-chboot-local @@ -1,4 +1,21 @@ #!/bin/bash +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + # note, this script gets piped to bash, so cant cd to current dir [[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@" diff --git a/mymk-basefile b/mymk-basefile index 3aef5b5..62f2924 100755 --- a/mymk-basefile +++ b/mymk-basefile @@ -1,4 +1,20 @@ #!/bin/bash +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" script_dir="${x%/*}" diff --git a/wrt-init b/wrt-init index c222a5c..45425b6 100755 --- a/wrt-init +++ b/wrt-init @@ -1,4 +1,21 @@ #!/bin/sh +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + set -xe # librecmc 1.5.1 is missing nfs-kernel-server and screen source /etc/os-release diff --git a/wrt-setup-local b/wrt-setup-local index d9f11ab..a5fd911 100755 --- a/wrt-setup-local +++ b/wrt-setup-local @@ -876,7 +876,7 @@ config redirect option src wan option src_dport 80 option dest lan - option dest_ip $l.12 + option dest_ip $l.7 option proto tcp config rule option src wan @@ -889,7 +889,7 @@ config redirect option src wan option src_dport 443 option dest lan - option dest_ip $l.12 + option dest_ip $l.7 option proto tcp config rule option src wan -- 2.30.2 From 8bb06901ce000f76dafc73288e1fe47c3032e4af Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Wed, 17 Apr 2024 22:29:57 -0400 Subject: [PATCH 02/16] more complete copyright notices --- fai/config/scripts/DEBIAN/11-iank | 16 ++++++++++++++++ fai/config/scripts/FSF/11-iank | 16 ++++++++++++++++ fai/config/scripts/IANK/11-iank | 16 ++++++++++++++++ 3 files changed, 48 insertions(+) diff --git a/fai/config/scripts/DEBIAN/11-iank b/fai/config/scripts/DEBIAN/11-iank index 119f354..69b9afe 100755 --- a/fai/config/scripts/DEBIAN/11-iank +++ b/fai/config/scripts/DEBIAN/11-iank @@ -1,4 +1,20 @@ #!/bin/bash -x +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR diff --git a/fai/config/scripts/FSF/11-iank b/fai/config/scripts/FSF/11-iank index 8a33d6f..08a7171 100755 --- a/fai/config/scripts/FSF/11-iank +++ b/fai/config/scripts/FSF/11-iank @@ -1,4 +1,20 @@ #!/bin/bash -x +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index 1aa9740..9879863 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -1,4 +1,20 @@ #!/bin/bash -x +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR -- 2.30.2 From a15c2ba88789fd9a37bd5a860fda1b3877999421 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Wed, 17 Apr 2024 22:58:40 -0400 Subject: [PATCH 03/16] split out stable kernel install into separate script --- .../install-stable-kernel-debs | 56 +++++++++++++++++++ fai/config/scripts/IANK/11-iank | 36 ++---------- 2 files changed, 61 insertions(+), 31 deletions(-) create mode 100755 fai/config/distro-install-common/install-stable-kernel-debs diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-stable-kernel-debs new file mode 100755 index 0000000..8377490 --- /dev/null +++ b/fai/config/distro-install-common/install-stable-kernel-debs @@ -0,0 +1,56 @@ +#!/bin/bash -x +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + +tmpdir=$(mktemp -d) || exit +trap 'cd; rm -rf "$tmpdir"' EXIT +cd $tmpdir + +# update ver= when we are ready to jump to a new stable kernel. +# note: this is duplicated in 11-iank. +# Stable kernels are listed here: https://www.kernel.org/category/releases.html +ver='6\.6' +va=$(curl -s https://kernel.ubuntu.com/mainline/ | \ + sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ + grep -v -- -rc | sed 's/^v//' | grep "^$ver" | sort -V | tail -n1) + +# note the wiki page about these says to install linux-headers.*generic.*amd64, but +# as of 2024, they have a requirement of a very new glibc, and people report +# that installing it is not needed. +tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' ) +mapfile -t pkgs <<<"$tmpstr" + +if (( ${#pkgs[@]} != 3 )); then + echo "$0: error. expected to find 3 kernel packages, got: ${pkgs[*]}" >&2 + exit 1 +fi + +urls=() +for p in ${pkgs[@]}; do + if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then + urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p) + fi +done +if (( ${#urls[@]} >= 1 )); then + wget "${urls[@]}" + dpkg -i *.deb +fi diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index 9879863..6c9c9bf 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -225,38 +225,12 @@ EOF fi # for new btrfs features, get latest stable kernel and btrfs progs, -# update ver= as needed. +# update ver= when we are ready to jump to a new stable kernel. +# note: this is duplicated in install-stable-kernel-debs. +ver='6\.6' case $HOSTNAME in sy) - mkdir -p $FAI_ROOT/tmp/kernel-debs - files=($FAI_ROOT/tmp/kernel-debs/*) - if (( ${#files[@]} >= 1 )); then - rm -rf "${files[@]}" - fi - cd $FAI_ROOT/tmp/kernel-debs - ver='6\.6' - va=$(curl -s https://kernel.ubuntu.com/mainline/ | \ - sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ - grep -v -- -rc | sed 's/^v//' | grep "^$ver" | sort -V | tail -n1) - - # note the wiki page about these says to install linux-headers.*generic.*amd64, but - # as of 2024, they have a requirement of a very new glibc, and people report - # that installing it is not needed. - pkgs=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' ) - - urls=() - for p in $pkgs; do - if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then - urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p) - fi - done - if (( ${#urls[@]} >= 1 )); then - wget "${urls[@]}" - $chroot bash </dev/null | awk '{print $2}') ||: if [[ $ver != "$cur_ver" ]]; then - if [[ $HOST2 == $HOSTNAME && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then + if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then rm -rf $bprogs_dir cd /tmp wget $url -- 2.30.2 From 3689844021231feed124fc02f46d66f11e0e4a67 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Thu, 18 Apr 2024 02:13:24 -0400 Subject: [PATCH 04/16] fix regression --- fai/config/scripts/IANK/11-iank | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index 6c9c9bf..0c26e52 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -230,7 +230,7 @@ fi ver='6\.6' case $HOSTNAME in sy) - ./fai/config/distro-install-common/install-stable-kernel-debs + $FAI/distro-install-common/install-stable-kernel-debs ;; *) $chroot apt-get -y install linux-libre -- 2.30.2 From 8716af32fa1f2822286917a1acf399d80df824be Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Thu, 18 Apr 2024 08:12:32 -0400 Subject: [PATCH 05/16] use latest btrfs-progs to match linux-libre --- .../distro-install-common/install-stable-kernel-debs | 9 ++++----- fai/config/scripts/IANK/11-iank | 8 ++------ 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-stable-kernel-debs index 8377490..c024796 100755 --- a/fai/config/distro-install-common/install-stable-kernel-debs +++ b/fai/config/distro-install-common/install-stable-kernel-debs @@ -25,13 +25,12 @@ tmpdir=$(mktemp -d) || exit trap 'cd; rm -rf "$tmpdir"' EXIT cd $tmpdir -# update ver= when we are ready to jump to a new stable kernel. -# note: this is duplicated in 11-iank. +# update stable_ver when we are ready to jump to a new stable kernel. # Stable kernels are listed here: https://www.kernel.org/category/releases.html -ver='6\.6' +stable_ver='6\.6' va=$(curl -s https://kernel.ubuntu.com/mainline/ | \ sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ - grep -v -- -rc | sed 's/^v//' | grep "^$ver" | sort -V | tail -n1) + grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1) # note the wiki page about these says to install linux-headers.*generic.*amd64, but # as of 2024, they have a requirement of a very new glibc, and people report @@ -52,5 +51,5 @@ for p in ${pkgs[@]}; do done if (( ${#urls[@]} >= 1 )); then wget "${urls[@]}" - dpkg -i *.deb + dpkg -i ./*.deb fi diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index 0c26e52..6efc767 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -224,10 +224,6 @@ EOF fi -# for new btrfs features, get latest stable kernel and btrfs progs, -# update ver= when we are ready to jump to a new stable kernel. -# note: this is duplicated in install-stable-kernel-debs. -ver='6\.6' case $HOSTNAME in sy) $FAI/distro-install-common/install-stable-kernel-debs @@ -239,10 +235,10 @@ esac pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs tarball=$(curl -s $pre/sha256sums.asc \ - | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v${ver}.*gz\$" | sort -V | tail -n1) + | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1) url="$pre/$tarball" dir=${tarball%.tar.gz} -ver=${dir#btrfs-progs} +ver=${dir#btrfs-progs-} cur_ver=$(btrfs --version 2>/dev/null | awk '{print $2}') ||: if [[ $ver != "$cur_ver" ]]; then if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then -- 2.30.2 From 55a745005e7af1e3633b286d5ac1a28ba4fac6ce Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 22 Apr 2024 00:28:22 -0400 Subject: [PATCH 06/16] unify dns related config, change some dns settings --- wrt-setup | 2 +- wrt-setup-local | 107 ++++-------------------------------------------- 2 files changed, 10 insertions(+), 99 deletions(-) diff --git a/wrt-setup b/wrt-setup index 83b1c76..7b549ae 100755 --- a/wrt-setup +++ b/wrt-setup @@ -77,7 +77,7 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-loc #/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \ scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \ - /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /b/ds/ptr-data /b/bash-bear-trap/bash-bear $h: + /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/ptr-data /p/dnsmasq-data /b/bash-bear-trap/bash-bear $h: scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@" diff --git a/wrt-setup-local b/wrt-setup-local index a5fd911..aabfca3 100755 --- a/wrt-setup-local +++ b/wrt-setup-local @@ -684,20 +684,6 @@ config rule option target ACCEPT option dest_port 9091 - -config redirect - option name nagioskd - option src wan - option src_dport 3005 - option dest_port 3005 - option dest_ip $l.2 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 3005 - - config redirect option name sshkd option src wan @@ -761,24 +747,12 @@ config rule option target ACCEPT option dest_port 2207 -config redirect - option name sshtp - option src wan - option src_dport 2208 - option dest_port 22 - option dest_ip $l.8 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 2208 - config redirect option name sshbb8 option src wan option src_dport 2209 option dest_port 22 - option dest_ip $l.9 + option dest_ip $l.32 option dest lan config rule option src wan @@ -796,7 +770,7 @@ config redirect config rule option src wan option target ACCEPT - option dest_port 2228 + option dest_port 2234 config redirect @@ -1113,32 +1087,13 @@ EOF # https dns will need to be blocked by ip in # order to be comprehensive + cedit /etc/unbound/unbound_ext.conf < Date: Mon, 22 Apr 2024 12:00:34 -0400 Subject: [PATCH 07/16] update file path --- wrt-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wrt-setup b/wrt-setup index 7b549ae..ec91ed7 100755 --- a/wrt-setup +++ b/wrt-setup @@ -77,7 +77,7 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-loc #/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \ scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \ - /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/ptr-data /p/dnsmasq-data /b/bash-bear-trap/bash-bear $h: + /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/dnsmasq-data /b/bash-bear-trap/bash-bear $h: scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@" -- 2.30.2 From 314427781d140b925797ca3a85e7aebeb600f24d Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 22 Apr 2024 12:00:57 -0400 Subject: [PATCH 08/16] prepare for new host --- fai/config/hooks/partition.DEFAULT | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT index 9adaa76..63235f1 100755 --- a/fai/config/hooks/partition.DEFAULT +++ b/fai/config/hooks/partition.DEFAULT @@ -180,7 +180,7 @@ bpart() { # btrfs a partition zilap() { case $HOSTNAME in - sy|bo) + sy|bo|so) return 0 ;; esac -- 2.30.2 From 936324619541130f4ab07bd4633f48eb81812613 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 22 Apr 2024 12:01:10 -0400 Subject: [PATCH 09/16] further bookworm support --- fai-revm | 2 +- fai/config/class/FAIBASE.var | 2 +- fai/config/distro-install-common/end | 2 +- .../distro-install-common/libreboot_grub.cfg | 6 +- .../files/etc/fai/nfsroot.conf/FAISERVER | 2 +- .../faicheck.service/VOL_BOOKWORM_BOOTSTRAP | 1 + .../root/fai-check/VOL_BOOKWORM_BOOTSTRAP | 128 +++++++++++++++++ .../root/fai-check/VOL_BULLSEYE_BOOTSTRAP | 129 +----------------- fai/config/hooks/instsoft.DEFAULT | 2 +- fai/config/hooks/partition.DEFAULT | 10 +- fai/config/package_config/DEBIAN | 2 +- fai/config/scripts/IANK/11-iank | 2 +- faiserver-setup | 6 +- mymk-basefile | 1 + 14 files changed, 150 insertions(+), 145 deletions(-) create mode 120000 fai/config/files/etc/systemd/system/faicheck.service/VOL_BOOKWORM_BOOTSTRAP create mode 100755 fai/config/files/root/fai-check/VOL_BOOKWORM_BOOTSTRAP mode change 100755 => 120000 fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP diff --git a/fai-revm b/fai-revm index 8bfb970..050ecda 100755 --- a/fai-revm +++ b/fai-revm @@ -140,7 +140,7 @@ else BASEFILE_DIR=/tmp fi isopath=$BASEFILE_DIR/$iso - isosrc=$BASEFILE_DIR/BULLSEYE64.tar.gz + isosrc=$BASEFILE_DIR/BOOKWORM64.tar.gz if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then e fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath fi diff --git a/fai/config/class/FAIBASE.var b/fai/config/class/FAIBASE.var index dabfb06..34d95ac 100644 --- a/fai/config/class/FAIBASE.var +++ b/fai/config/class/FAIBASE.var @@ -21,4 +21,4 @@ MAXPACKAGES=800 #USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' # set a default -FAI_DEBOOTSTRAP="bullseye http://deb.debian.org/debian" +FAI_DEBOOTSTRAP="bookworm http://deb.debian.org/debian" diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index 8ad84c9..f9a0840 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -32,7 +32,7 @@ au() { # add user. i don't use adduser for portability # only setup root pass for bootstrap vol -if ifclass VOL_BULLSEYE_BOOTSTRAP; then +if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then exit 0 fi diff --git a/fai/config/distro-install-common/libreboot_grub.cfg b/fai/config/distro-install-common/libreboot_grub.cfg index d9dde28..5f4d722 100644 --- a/fai/config/distro-install-common/libreboot_grub.cfg +++ b/fai/config/distro-install-common/libreboot_grub.cfg @@ -14,7 +14,7 @@ function save_chosen { } # fai_check is so we can act like a pxe boot, but just for fai, and by -# using /bullseye_bootstrap to do it. We toggle on and off the grub var +# using /bookworm_bootstrap to do it. We toggle on and off the grub var # did_fai_check so we can do the check every other boot. Then # /debian_bootstrap checks for that var on boot and if we want to do a # fai check, it does it, then reboots. But fai-check also sets @@ -25,7 +25,7 @@ function save_chosen { # We don't set this to fai check so we can't get into # an infinite reboot cycle. We depend on the os to # create the initial grubenv file. -set default=/debianbullseye_bootstrap # could use 0 here. +set default=/debianbookworm_bootstrap # could use 0 here. set timeout=1 # grub_extn @@ -44,7 +44,7 @@ done did_fai_check=false -bs_dir=/debianbullseye_bootstrap +bs_dir=/debianbookworm_bootstrap menuentry $bs_dir --id=$bs_dir { # note, we might be able to use $chosen and avoid setting this here, # and set it inside save_chosen. but I haven't tested it, diff --git a/fai/config/files/etc/fai/nfsroot.conf/FAISERVER b/fai/config/files/etc/fai/nfsroot.conf/FAISERVER index 72491fd..e176a6d 100644 --- a/fai/config/files/etc/fai/nfsroot.conf/FAISERVER +++ b/fai/config/files/etc/fai/nfsroot.conf/FAISERVER @@ -1,7 +1,7 @@ # For a detailed description see nfsroot.conf(5) # " " for debootstrap -FAI_DEBOOTSTRAP="bullseye http://deb.debian.org/debian" +FAI_DEBOOTSTRAP="bookworm http://deb.debian.org/debian" FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' NFSROOT=/srv/fai/nfsroot diff --git a/fai/config/files/etc/systemd/system/faicheck.service/VOL_BOOKWORM_BOOTSTRAP b/fai/config/files/etc/systemd/system/faicheck.service/VOL_BOOKWORM_BOOTSTRAP new file mode 120000 index 0000000..82dea76 --- /dev/null +++ b/fai/config/files/etc/systemd/system/faicheck.service/VOL_BOOKWORM_BOOTSTRAP @@ -0,0 +1 @@ +VOL_BULLSEYE_BOOTSTRAP \ No newline at end of file diff --git a/fai/config/files/root/fai-check/VOL_BOOKWORM_BOOTSTRAP b/fai/config/files/root/fai-check/VOL_BOOKWORM_BOOTSTRAP new file mode 100755 index 0000000..ebbedbe --- /dev/null +++ b/fai/config/files/root/fai-check/VOL_BOOKWORM_BOOTSTRAP @@ -0,0 +1,128 @@ +#!/bin/bash + +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + +#set -x + +usage() { + cat < deadline )); then + echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout" + return 0 + fi + sleep 1 + done + m pxe-kexec -n --ignore-whitelist -l fai-generated $faiserver ||: +} + +force=false +case $1 in + -h|--help) + usage + ;; + -f|--force) + force=true + shift + ;; +esac + +faiserver=${1:-faiserver.b8.nz} + + +if $force; then + try-kexec + exit +fi + +# on one machine, I could do this: +# dmidecode -t system | grep -F "Version: ThinkPad X200" +# however, on another, the version field just says invalid data. +# todo: figure out some better way to check if we are on +# an x200. + +if ! dmidecode | grep -i thinkpad &>/dev/null; then + echo "not x200, exiting" + exit 0 +fi + +first=true +for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \ + |sort); do + echo dev=$dev + found=false + # Decide which is my grub_ext partition. see partition.DEFAULT file + # for details. currently it is 4 + for (( i=4; i<=7; i++ )); do + if [[ $(blockdev --getsize64 ${dev}$i) == 8388608 ]]; then + grub_extn=${dev}$i + found=true + echo grub_extn=$grub_extn + break + fi + done + if ! $found; then + echo "$0: error: failed to find grub_ext partition." + exit 1 + fi + m mount $grub_extn /mnt + if $first; then + if [[ -e /mnt/grubenv ]]; then + m grub-editenv /mnt/grubenv list + source <(grub-editenv /mnt/grubenv list) + fi + first=false + # we could just as well check if last_boot != /debianbullseye_bootstrap + # the intent with this one is just a little clearer. + if [[ $did_fai_check == true ]]; then + m grub-editenv /mnt/grubenv set did_fai_check=os_true + # our service does not wait for network-online.target, + # because it will wait for too long when we don't have a network + # connection. So, we wait for 10 seconds. + # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ + try-kexec ||: + fi + else + # we make sure there is only 1 grubenv, + # so grub can just find the first one, in whatever order + # if looks at them, which may not be the same as us. + # If the disk dies, we just lose the default boot option, + # we will have to do manual steps to replace it anyways. + m rm -f /mnt/gruvenv + fi + m umount /mnt +done + +# the check for last_boot is not needed afaik, just sanity check. +case $did_fai_check in + true|os_true) + if [[ $last_boot != /debian*_bootstrap ]]; then + # no need to reboot if we actually want to boot into this os. + echo "last_boot=$last_boot not debian*_bootstrap, rebooting" + reboot + fi +esac diff --git a/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP b/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP deleted file mode 100755 index 34f682f..0000000 --- a/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP +++ /dev/null @@ -1,128 +0,0 @@ -#!/bin/bash - -set -eE -o pipefail -trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR - -#set -x - -usage() { - cat < deadline )); then - echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout" - return 0 - fi - sleep 1 - done - m pxe-kexec -n --ignore-whitelist -l fai-generated $faiserver ||: -} - -force=false -case $1 in - -h|--help) - usage - ;; - -f|--force) - force=true - shift - ;; -esac - -faiserver=${1:-faiserver.b8.nz} - - -if $force; then - try-kexec - exit -fi - -# on one machine, I could do this: -# dmidecode -t system | grep -F "Version: ThinkPad X200" -# however, on another, the version field just says invalid data. -# todo: figure out some better way to check if we are on -# an x200. - -if ! dmidecode | grep -i thinkpad &>/dev/null; then - echo "not x200, exiting" - exit 0 -fi - -first=true -for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \ - |sort); do - echo dev=$dev - found=false - # Decide which is my grub_ext partition. see partition.DEFAULT file - # for details. currently it is 4 - for (( i=4; i<=7; i++ )); do - if [[ $(blockdev --getsize64 ${dev}$i) == 8388608 ]]; then - grub_extn=${dev}$i - found=true - echo grub_extn=$grub_extn - break - fi - done - if ! $found; then - echo "$0: error: failed to find grub_ext partition." - exit 1 - fi - m mount $grub_extn /mnt - if $first; then - if [[ -e /mnt/grubenv ]]; then - m grub-editenv /mnt/grubenv list - source <(grub-editenv /mnt/grubenv list) - fi - first=false - # we could just as well check if last_boot != /debianbullseye_bootstrap - # the intent with this one is just a little clearer. - if [[ $did_fai_check == true ]]; then - m grub-editenv /mnt/grubenv set did_fai_check=os_true - # our service does not wait for network-online.target, - # because it will wait for too long when we don't have a network - # connection. So, we wait for 10 seconds. - # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ - try-kexec ||: - fi - else - # we make sure there is only 1 grubenv, - # so grub can just find the first one, in whatever order - # if looks at them, which may not be the same as us. - # If the disk dies, we just lose the default boot option, - # we will have to do manual steps to replace it anyways. - m rm -f /mnt/gruvenv - fi - m umount /mnt -done - -# the check for last_boot is not needed afaik, just sanity check. -case $did_fai_check in - true|os_true) - if [[ $last_boot != /debianbullseye_bootstrap ]]; then - # no need to reboot if we actually want to boot into this os. - echo "last_boot not debianbullseye_bootstrap, rebooting" - reboot - fi -esac diff --git a/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP b/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP new file mode 120000 index 0000000..18c54eb --- /dev/null +++ b/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP @@ -0,0 +1 @@ +VOL_BOOKWORM_BOOTSTRAP \ No newline at end of file diff --git a/fai/config/hooks/instsoft.DEFAULT b/fai/config/hooks/instsoft.DEFAULT index 3bf0f62..42f9739 100755 --- a/fai/config/hooks/instsoft.DEFAULT +++ b/fai/config/hooks/instsoft.DEFAULT @@ -3,7 +3,7 @@ # These are things we can do before package_config packages get installed. # exit for any vm except demohost, or if we are doing a dirinstall -if ifclass VM && ! ifclass demohost || ifclass VOL_BULLSEYE_BOOTSTRAP || [[ ! $FAI_ACTION || $FAI_ACTION = dirinstall ]]; then +if ifclass VM && ! ifclass demohost || ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP || [[ ! $FAI_ACTION || $FAI_ACTION = dirinstall ]]; then exit 0 fi diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT index 63235f1..18f5a23 100755 --- a/fai/config/hooks/partition.DEFAULT +++ b/fai/config/hooks/partition.DEFAULT @@ -272,7 +272,7 @@ mktab() { dev=${boot_devs[0]} fstabstd="x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s" - if [[ $DISTRO == debianbullseye_bootstrap ]]; then + if [[ $DISTRO == *_bootstrap ]]; then cat > /tmp/fai/fstab < Date: Wed, 24 Apr 2024 00:55:55 -0400 Subject: [PATCH 10/16] a bunch of fixes and improvements --- README | 20 ++- fai-redep | 7 +- fai-revm | 2 +- fai/config/distro-install-common/end | 5 +- .../install-stable-kernel-debs | 31 +++- fai/config/hooks/partition.DEFAULT | 4 +- fai/config/hooks/updatebase.UBUNTU | 10 +- fai/config/package_config/ARAMO.gpg | Bin 0 -> 3471 bytes fai/config/package_config/NABIA.gpg | 1 + fai/config/package_config/STANDARD | 6 +- fai/config/package_config/readme | 2 + fai/config/scripts/DEBIAN/11-iank | 30 +++- fai/config/scripts/IANK/11-iank | 137 ++++++++++-------- faiserver-setup | 6 +- mk-basefile-big | 2 +- myfai-chboot | 18 ++- myfai-chboot-local | 56 ++++--- 17 files changed, 227 insertions(+), 110 deletions(-) create mode 100644 fai/config/package_config/ARAMO.gpg create mode 120000 fai/config/package_config/NABIA.gpg create mode 100644 fai/config/package_config/readme diff --git a/README b/README index da28e4e..6d097f9 100644 --- a/README +++ b/README @@ -128,7 +128,7 @@ archlike-pxe # Setup pxe boot server from an archlike base image fai-redep # Deploy fai configuration to host "faiserver" faiserver-uninstall # uninstall fai-server faiserver-setup # install fai-server on the current machine -myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec +myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec or booting from a fai-cd. pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot wrt-setup # setup my router in general: dhcp, dns, etc. @@ -191,6 +191,24 @@ ERROR: Kernel modules directory /lib/modules/5.10.0-8-amd not available. Only fo solution: if running from fai-cd, recreate autodiscover cd as noted above in setup. +## Weird package dependency errors + +for example: in fai.log, within instsoft.DEBIAN +``` +The following packages have unmet dependencies: + libc6 : Breaks: locales (< 2.36) but 2.35-0ubuntu3.7+11.0trisquel1 is to be installed +``` + +In this case, it was because the basefile was missing, and so instead +fai decided to use the wrong basefile. + +for example: in fai.log, within instsoft.DEBIAN + +``` +ftar: No matching class found in /var/lib/fai/config/basefiles// +ftar: extracting /var/tmp/base.tar.zst to /target/ +``` + # What good logs look like: logging nfs traffic from server diff --git a/fai-redep b/fai-redep index 5e08b2f..8e5919d 100755 --- a/fai-redep +++ b/fai-redep @@ -75,8 +75,7 @@ rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD - -m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /a/opt/btrfs-progs-release "${rpre[@]}"/srv +m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "${rpre[@]}"/srv # todo: automatically disable faiserver after a period so # these files are not available. @@ -102,6 +101,8 @@ else rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common fi +rsync -rlpt --delete /a/opt/btrfs-progs-release "${rpre[@]}"/srv/fai/config/distro-install-common + dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh) if [[ -e ${dirs[0]} ]]; then rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common @@ -114,4 +115,4 @@ printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \ $faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe -rsync -rplt --include '/*.gz' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/ +m rsync -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/ diff --git a/fai-revm b/fai-revm index 050ecda..2ce0102 100755 --- a/fai-revm +++ b/fai-revm @@ -140,7 +140,7 @@ else BASEFILE_DIR=/tmp fi isopath=$BASEFILE_DIR/$iso - isosrc=$BASEFILE_DIR/BOOKWORM64.tar.gz + isosrc=$BASEFILE_DIR/BOOKWORM64.tar.zst if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then e fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath fi diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index f9a0840..2455ece 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -32,7 +32,9 @@ au() { # add user. i don't use adduser for portability # only setup root pass for bootstrap vol -if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then +# for bootstrap vol, we only use root user +if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then + sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e exit 0 fi @@ -74,6 +76,7 @@ if getent group sudo >/dev/null; then $ROOTCMD usermod -aG sudo iank fi +mkdir -p $target/etc/sudoers.d cat >$target/etc/sudoers.d/ianksudoers <<'EOF' Defaults timestamp_timeout=1440 # used in bashrc diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-stable-kernel-debs index c024796..db7abcf 100755 --- a/fai/config/distro-install-common/install-stable-kernel-debs +++ b/fai/config/distro-install-common/install-stable-kernel-debs @@ -1,4 +1,4 @@ -#!/bin/bash -x +#!/bin/bash # This file is part of Ian Kelling's automated-distro-installer # Copyright (C) 2024 Ian Kelling @@ -21,13 +21,30 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" -tmpdir=$(mktemp -d) || exit -trap 'cd; rm -rf "$tmpdir"' EXIT -cd $tmpdir +set -x + +prereqs=() +for p in wget curl; do + if ! type -p $p &>/dev/null; then + prereqs+=($p) + fi +done +if (( ${#prereqs[@]} >= 1 )); then + apt-get -y install ${prereqs[@]} +fi + + +tmpdir=$($ROOTCMD mktemp -d) || exit +outertmp=$target/$tmpdir +trap 'cd; rm -rf "$outertmp"' EXIT +cd $outertmp # update stable_ver when we are ready to jump to a new stable kernel. # Stable kernels are listed here: https://www.kernel.org/category/releases.html stable_ver='6\.6' +# Actually, I dont want stable right now. comment this out to get stable +# version. +stable_ver='[1-9]' va=$(curl -s https://kernel.ubuntu.com/mainline/ | \ sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1) @@ -45,11 +62,11 @@ fi urls=() for p in ${pkgs[@]}; do - if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then + if ! $ROOTCMD dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p) fi done if (( ${#urls[@]} >= 1 )); then - wget "${urls[@]}" - dpkg -i ./*.deb + wget -nv "${urls[@]}" + $ROOTCMD dpkg -i ${pkgs[@]/#/$tmpdir/} fi diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT index 18f5a23..11a7ee5 100755 --- a/fai/config/hooks/partition.DEFAULT +++ b/fai/config/hooks/partition.DEFAULT @@ -885,10 +885,10 @@ if $partition; then # so use fixed sizes to allow both to grow # 600 = uefi 512 + grubext 8 + bios grub 3 + some extra cuz this is lvm #root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 )) - o_mib=$(( 120 * 1000 )) + o_mib=$(( 180 * 1000 )) # max minus o, minus a gig just for some extra space max_root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 - o_mib - 1000 )) - root_mib=$(( 1000 * 1000 )) # * 1000 to make it in gb. + root_mib=$(( 1700 * 1000 )) # * 1000 to make it in gb. if (( max_root_mib < root_mib )); then root_mib=$max_root_mib fi diff --git a/fai/config/hooks/updatebase.UBUNTU b/fai/config/hooks/updatebase.UBUNTU index e5050cd..98f775f 100755 --- a/fai/config/hooks/updatebase.UBUNTU +++ b/fai/config/hooks/updatebase.UBUNTU @@ -1,5 +1,12 @@ #! /bin/bash +# mk-basefile doesn't use the -updates suite, then we unpack it, then we +# install sources.list that has -updates and we install random +# packages. It might avoid a problem if we a dist-upgrade first. + +$ROOTCMD apt-get update +$ROOTCMD apt-get -y dist-upgrade --purge --auto-remove + # https://lists.uni-koeln.de/pipermail/linux-fai/2016-July/011398.html # In Ubuntu 16.04 (but not 14.04), the locales configuration mechanism has # changed. There is a /var/lib/dpkg/info/locales.config file, which @@ -9,8 +16,9 @@ # hook applies the debconf setting. It must run after FAI's debconf task # but before dpkg gets a chance to clobber debconf with an empty setting. + if [ ! -f "$target/var/lib/locales/supported.d/local" ]; then - $ROOTCMD debconf --owner=locales sh -c ' + $ROOTCMD debconf --owner=locales sh -c ' . /usr/share/debconf/confmodule db_version 2.0 db_get locales/locales_to_be_generated && diff --git a/fai/config/package_config/ARAMO.gpg b/fai/config/package_config/ARAMO.gpg new file mode 100644 index 0000000000000000000000000000000000000000..58057f6c8594d41c77bcbf17af40e5eca896e804 GIT binary patch literal 3471 zcmai$S5y;-x`mTaLy<_YF?1M#(4{3bDbl4EMF`Rf#U%8OH0fO!29PE)2vVdfB1Mp* zNR=dllpqL^-rJco_sqKY;jVlCw|~Fvm%YCA6@nNkZ36-*fDi!Q^y}mR#-T_pEUUoc zW|I~NUpjCldy+(IDg2;x@@?Jr*ukMyqs7q);caCN*u67vigS5eWT3jU_DylzJx1;E zc>ntv+FN&C$|Ti?q^4^_Zt*1X1+9pr7-BR|hL zDOxMk64u|t=KsjBzRrwK(*TQG_VlDxzlmX~`1!^U6`qv*K(M#c;i|TFL6ut5t-^^n z_J->?+2tZde6{3Li`d@oM*4{lfjT`aFR*m*%5j~J`*oMUKAZR=dYf>dp};N)&)j7Y zA$Cy+ZFOFxh2oCxZyMR5N>lZlKgq`o*vD^ZoB*x^0l*d+%SWD=0Gz82OwYs$Zsh5U z3x=s-|C32RbPaU%(fH?;^7M7{Lneb1DOrGY0Ddaazn28!p`fA%)6!5-vC)BP>8aQ$ zKtKQp3IuUP1L(kzMx|jL2CD1uwP~h9dD4`K0kr%`(K(RuYKUnQPmb&0U)}MO*E&2A zeEG1xY}miQbZRwIs~N$=xCy>DioL&*7Mn3cp-_YL2tp`u{KmYT`>>TE7O{>a$VoP* zkT*_h^$;?iq3Ey8&|eJsMkPhr;uj0iPLKaqPuWHq-6 zSv+;GjbnV(c-#A)f)`}|<#f%-i@T(EF|F`Cw(2CE2>V(RW%iyH=v=Jeaxr_8EI@N!6?9F1^&jWf$72 zYUPy4=p;gFC-(E0g58hCQbL0_8MBIgbY{%0JnJFFV^i}bKmi^c6E;Xh7K*x8093>v zoV7U?NO5Ph%0SCBu;ahk^NKFLKl`=;XZk1u&x5^UF0osPh<#-`QU4z*CdQq1T>f-4 zAykGX7pYhFP5!>3fw4lcSCc|lsT#nQTuF8 zN|nEw>($FnpWR7t{IP^Tl2^TMLmJofPCdKN2h>wSSkJMBHcp@|hA`ySXx~UJPwg{| z0jeg)Z8zPH`n#C==QvIIggP|=`J4m~=nj_G1X>&KC*7yn9ABS!OG9#1n;K15XGG}| zNxLXq@FvL! z4IZk`9`yU0J;|UOl$?Ko1pE(382%?PddHcrJk{?ozM=Y_4;x{XLT);2`^_JI)syEm zeTq7ZElwEIY5Vg?g*Rki0Qpso@hq}0N=V%(fEf7ly7On9X}#w+aMX_o3qFLyf<@JK zwr0_%pX0iIk7uWRDRgZlt-2T*nc8o_e|J>_-ZY957JK_fw6P{*qHj^M;-)hAI{eBF zQjSvSIBht$S>`Aki}Na*)fR69=#vR zLImo^4*Z|+B5RV#w%tlm5-okc*#{PZ;9q@-4r=<^C5?9>a^@X8R%fW4f>^_bcF0}8 zoS5EuK!PQ3GW1}UeR%*Dcr3NvuWjX487bbGeTdRF+~K*NI_Vmu^VQj{cKd!HtGYzK z47zPR=__WIQ=8m-W!^5M1C^DHlipWPw-S(5bYvmzJM81l)um{cg5?@&oQ7YSX=Lcz zyj8xOHmcEFSd{5;mUKp0M)ExE>R(TEE-dF4&VDYrS}~`n`?e5 zQWihlEIuvML+BA3(26McR+V!bD*THWE@rZ$f7!|lkB*Ur=QG1c?PCGMb@M%GA(3$f z+z|{VDM<&7l_L?*BPefuXGby=b_ek+g}A|wBbnoiAS7R!ffF5@Ca84jm-l~Dwy zB<1tk*f8$&uoN&VA@@lE0;6)~BKFs#oZP&4V%sj#gXF`F_D5{7ZB1)U@UU zNz3zk=@nY+hIJ6SamByzMGzUQsezt?DNU)M*!?OOL|!?=_Dj8(Ml z14$v~aZA_T9@1Rx`d~dvmWwRYpKz1MfOGc+cGVLg4fb+esAa?n-%%aqkSyUZ$>v@5Q) zGn=A=u3m#2#S|lebu?aiT+%K0ia|Qbw>49_nj*OdYyVnyAP11URrTY^*{3p;ZDFTj z=wx>@vPoIxbocf2b%z$aU&XTaz|)bMb>NiJd?#3T)h|xoh}a@ zvJ?3XVJ+`Fbu)`#)6%A?&G<5B*h6*0I0dEW<9PE}G8?aGOXSt={g!sTaqnJS*b-2Q z25x-^wv%&tqC|K)o@sc|D_tS5TPMp+xv%#d0|)s~HirJ$xg-NuQUa&K#Tz?j_H*4| zEl1tsd|y>IZz0szuAuTC1!iEG*Ok;X>B_M^8trQ7By)l946fJ!9oeknGpa{L{MmwM z;cUrJ41-sa1JvUEbgOicb_yOI))z$#jK-AtYf=q*e(-qw-79L_#i(k$;{Y@0z(50u z^e$c}e3F6*pDe>yeIxE7}9yvf`;pPdWM$z$ieG8Ex6;X}w|Nb7C3pExYVur#XTeK1WQ zmQbIm%h$vzR-MzWVz+JtS`(C-2CVm-JLC)SYeI-^@r$7Rj(#SQi}}z9ttqOsM?V(D zlV39yavC`~nhx?bGfs{duIoIHG(hJ)Zi8&^4D;zgv#q?$hIVN~Z{bJ(s8~{vm2T7Y kDK58jDM_m@{W4`V&cSo>@T=Npjm1F5D{276Uqc4`3p!M6MF0Q* literal 0 HcmV?d00001 diff --git a/fai/config/package_config/NABIA.gpg b/fai/config/package_config/NABIA.gpg new file mode 120000 index 0000000..84bd61d --- /dev/null +++ b/fai/config/package_config/NABIA.gpg @@ -0,0 +1 @@ +ARAMO.gpg \ No newline at end of file diff --git a/fai/config/package_config/STANDARD b/fai/config/package_config/STANDARD index c0726e6..f55e664 100644 --- a/fai/config/package_config/STANDARD +++ b/fai/config/package_config/STANDARD @@ -21,9 +21,6 @@ ncurses-term openssh-client pciutils perl -# ian: newer distros dont have python, it gets naturally removed -python -python-minimal python3 python3-minimal reportbug @@ -49,7 +46,6 @@ rsync openssh-client openssh-server time procinfo -locales console-setup kbd pciutils usbutils unattended-upgrades @@ -67,6 +63,8 @@ iso-codes cryptsetup-initramfs # for btrbk zstd +# for detecting wireless +iw # iank, copied from DEBIAN so it goes into ubuntu too PACKAGES install GRUB_PC diff --git a/fai/config/package_config/readme b/fai/config/package_config/readme new file mode 100644 index 0000000..abb42b7 --- /dev/null +++ b/fai/config/package_config/readme @@ -0,0 +1,2 @@ +ian: Ya, for each trisquel release, we need a new key symlink link, or +new file if the key has changed. diff --git a/fai/config/scripts/DEBIAN/11-iank b/fai/config/scripts/DEBIAN/11-iank index 69b9afe..130c7e9 100755 --- a/fai/config/scripts/DEBIAN/11-iank +++ b/fai/config/scripts/DEBIAN/11-iank @@ -24,12 +24,33 @@ if [[ $EUID != 0 ]]; then exit 1 fi +m() { printf "%s\n" "$*"; "$@"; } + + fcopy -riB /root +# in bullseye, installing systemd-resolved says: Converting +# /etc/resolv.conf to a symlink to +# /run/systemd/resolve/stub-resolv.conf... which breaks +# resolution. This happens to be the first script we install a package +# after that. This should do nothing in a fai-wrapper situation. +if [[ ! -s $target/etc/resolv.conf ]]; then + m ls -la $target/etc/resolv.conf ||: + # Keep the symlink in place, systemd-resolved should change the file + # when it runs. + mkdir -p $target/run/systemd/resolve + if [[ ! -s /etc/resolv.conf ]] && ! host google.com; then + echo "ERROR: empty resolv.conf & failed dns resolution. exiting 1" >&2 + exit 1 + fi + cat /etc/resolv.conf >$target/etc/resolv.conf +fi + + #### misc configurations chroot $FAI_ROOT bash <<'EOFOUTER' -set -x +set -xe if getent group systemd-journal >/dev/null; then # makes the journal be saved to disk. mkdir -p /var/log/journal @@ -38,7 +59,12 @@ fi debconf-set-selections </dev/null; then sudo apt-get -y install fai-client fi -if [[ -e /a/bin/fai/fai-wrapper ]]; then - chroot() { - shift - "$@" - } -fi - -if [[ $FAI_ROOT == / ]]; then - source /a/bin/bash_unpublished/source-state - bprogs_dir=/a/opt/btrfs-progs-release -else - bprogs_dir=/srv/btrfs-progs-release - chroot="chroot $FAI_ROOT" -fi - # -r = recursive # -i = ignore non-matching class warnings, always exit 0 # -B = no backup files @@ -66,6 +51,8 @@ if [[ ! -e $dst && -e $src ]]; then mount -o bind $src $dst fi + + $FAI/distro-install-common/end @@ -75,13 +62,13 @@ $FAI/distro-install-common/end # I run this as a single post-fai script to update things that have changed. tmpfile1=$(mktemp) # this can fail if we need an apt update -$chroot /usr/bin/apt-cache policy >$tmpfile1 ||: +$ROOTCMD /usr/bin/apt-cache policy >$tmpfile1 ||: fcopy -riB /etc/apt tmpfile2=$(mktemp) -$chroot /usr/bin/apt-cache policy >$tmpfile2 +$ROOTCMD /usr/bin/apt-cache policy >$tmpfile2 if ! diff -q $tmpfile1 $tmpfile2; then - $chroot /usr/bin/apt update + $ROOTCMD /usr/bin/apt update fi # outside of fai, this seems to regularly lead to # E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable) @@ -105,7 +92,6 @@ fi #### misc configurations - if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then if ifclass LINODE; then speed=19200 @@ -131,7 +117,7 @@ TimeoutStartSec=20 WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device EOF - $chroot bash <<'EOFOUTER' + $ROOTCMD bash <<'EOFOUTER' systemctl enable myncq.service /usr/bin/myncq no-upgrub EOFOUTER @@ -180,8 +166,8 @@ EOF fi # use networkmanager if this host has wireless. -if [[ $HOSTNAME == bo ]] || type -p iw &>/dev/null && [[ $(iw dev) ]]; then - $chroot bash </dev/null | awk '{print $2}') ||: -if [[ $ver != "$cur_ver" ]]; then - if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then - rm -rf $bprogs_dir - cd /tmp - wget $url - sudo -u iank tar xzf $tarball - mv ${tarball%.tar.gz} $bprogs_dir - cd $bprogs_dir - apt-get -y build-dep btrfs-progs - sudo -u iank ./configure --disable-documentation - sudo -u iank make - make install - else - $chroot bash -xe <$target/etc/initramfs-tools/conf.d/mine </dev/null | awk '{print $2}') ||: + +if [[ $FAI_ROOT == / ]]; then + bp_dir=/a/opt/btrfs-progs-release +else + bp_dir=$FAI/distro-install-common/btrfs-progs-release +fi +if [[ $ver != "$cur_ver" ]]; then + if [[ $ver != "$($bp_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then + cd $target/tmp + wget $url + tar xzf $tarball + $ROOTCMD apt-get -y build-dep btrfs-progs + # no docs cuz I didn't want to bother fixing error of missing docs dependencies + $ROOTCMD bash -xe <&1 | grep -Fx "Status: install ok installed" &>/dev/null; then + $ROOTCMD apt-get -y install build-essential + fi + + if [[ $FAI_ROOT == / ]]; then + cd /a/opt/btrfs-progs-release + make install + else + mkdir -p $target/tmp/bprogs + mount -o bind $bp_dir $target/tmp/bprogs + $ROOTCMD bash -xe < /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.gz +tar --one-file-system -C $t -cf - . | zstd -9 > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.zst cleanup diff --git a/myfai-chboot b/myfai-chboot index 743859a..a653ae6 100755 --- a/myfai-chboot +++ b/myfai-chboot @@ -31,18 +31,26 @@ If our kernel has no nfs support, uses apache intead of nfs, and depends on another repo of Ian Kelling, basic-https-conf, where the file is at /a/exe/web-conf. -Usng this, you can boot into fai with pxe-kexec without changing -the dhcp server. +Using this, you can boot into fai with pxe-kexec without changing the +dhcp server. Note, if you are booting using fai-cd, the pxe config does +nothing, and only flags affecting FAI_ACTION will have any affect. You +can change the fai flags in the grub config, for example in +./grub.cfg.autodiscover, or at runtime by editing a grub menu option. +We could probably also set FAI_FLAGS the same way we set FAI_ACTION, +but I haven't tried it. -Argument sets the host to enable it for. No argument disables pxe -config for all hosts, but leaves nfs server alone. Use faiserver-disable -to disable the nfs server. +HOSTNAME|IP|default Sets the host to enable it for. No argument + disables pxe config for all hosts, but leaves nfs + server alone. Use faiserver-disable to disable the + nfs server. -S sets FAI_ACTION=sysinfo, and remove fai flag reboot. Usefull for doing a system recovery. It reboots automatically anyways :( -k Add serial port output for kgped16 -i sets FAI_ACTION=inventory and remove fai flag reboot. I'm not sure what this is usefull for. +-b Setup bonded ethernet. +--no-r Tell fai-chboot not to reboot when its done. This is implied by -i and -S. -h|--help Print help and exit. EOF diff --git a/myfai-chboot-local b/myfai-chboot-local index 4cef9a5..7dea8f2 100755 --- a/myfai-chboot-local +++ b/myfai-chboot-local @@ -16,54 +16,72 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# note, this script gets piped to bash, so cant cd to current dir -[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@" +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + +set -x set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR +pre="${0##*/}:" +m() { printf "$pre %s\n" "$*"; "$@"; } +e() { printf "$pre %s\n" "$*"; } +err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; } + +usage() { + cat <&2; exit 1; } + +temp=$(getopt -l help,no-r hSi "$@") || usage 1 +eval set -- "$temp" +while true; do case $1 in - -h|--help) - echo "see help from myfai-chboot" - exit 0 - ;; -S) fai_action=sysinfo fai_reboot_arg= - shift ;; -i) #inventory fai_action=inventory fai_reboot_arg= - shift ;; -k) kgped16=true - shift ;; -b) bond=true - shift ;; --no-r) fai_reboot_arg= - shift ;; + -h|--help) usage ;; + --) shift; break ;; + *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;; esac + shift done - -pre="${0##*/}:" -m() { printf "$pre %s\n" "$*"; "$@"; } -e() { printf "$pre %s\n" "$*"; } -err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; } - -host=$1 +read -r host <<<"$@" +readonly host rm -f /srv/tftp/fai/pxelinux.cfg/* -- 2.30.2 From 5c8f49a1d5321a0d3f01284f0087740af070962b Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Wed, 24 Apr 2024 15:23:06 -0400 Subject: [PATCH 11/16] minor: docs --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 6d097f9..f9d0853 100644 --- a/README +++ b/README @@ -104,7 +104,7 @@ fai/config/distro-install-common/end and which shadow file / luks file(s) to copy into the new machine depends on fai-redep arguments. -Also, setup dns in bind and wrt-setup-local. +Also, setup dns in /p/c/host-info and firewall redirects in wrt-setup-local. After install, btrbk to setup data, and then distro-begin && distro end. See notes in distro-begin for other configuration. -- 2.30.2 From c5eccfae1f48f183af80847fcabcc35e3563469d Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Sat, 27 Apr 2024 17:03:04 -0400 Subject: [PATCH 12/16] handle ssh redirects programatically --- wrt-setup | 2 +- wrt-setup-local | 64 ++----------------------------------------------- 2 files changed, 3 insertions(+), 63 deletions(-) diff --git a/wrt-setup b/wrt-setup index ec91ed7..bce6a4a 100755 --- a/wrt-setup +++ b/wrt-setup @@ -77,7 +77,7 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-loc #/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \ scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \ - /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/dnsmasq-data /b/bash-bear-trap/bash-bear $h: + /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/{dnsmasq,cmc-firewall}-data /b/bash-bear-trap/bash-bear $h: scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@" diff --git a/wrt-setup-local b/wrt-setup-local index aabfca3..3d2edb8 100755 --- a/wrt-setup-local +++ b/wrt-setup-local @@ -666,6 +666,7 @@ config rule option target REJECT ## end no external dns for ziva +$(. /root/cmc-firewall-data) config rule option src wan @@ -684,18 +685,6 @@ config rule option target ACCEPT option dest_port 9091 -config redirect - option name sshkd - option src wan - option src_dport 2202 - option dest_port 22 - option dest_ip $l.2 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 2202 - # was working on an openvpn server, didn't finish # config redirect # option name vpnkd @@ -723,55 +712,6 @@ config rule option dest_port 8989 -config redirect - option name sshx2 - option src wan - option src_dport 2205 - option dest_port 22 - option dest_ip $l.5 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 2205 - -config redirect - option name sshx3 - option src wan - option src_dport 2207 - option dest_port 22 - option dest_ip $l.7 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 2207 - -config redirect - option name sshbb8 - option src wan - option src_dport 2209 - option dest_port 22 - option dest_ip $l.32 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 2209 - - -config redirect - option name sshfrodo - option src wan - option src_dport 2234 - option dest_port 34 - option dest_ip $l.34 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 2234 - config redirect option name icecast @@ -822,7 +762,7 @@ config rule option target ACCEPT option dest_port 4533 -# So a client can just have i.b8.nz dns even when they +# So a client can just have b8.nz dns even when they # are on the lan. #config redirect # option name navidromelan -- 2.30.2 From a03d1a5cf4c6583c075a5b80e729f8f72ed0d338 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Sun, 28 Apr 2024 09:31:36 -0400 Subject: [PATCH 13/16] static usb ethnet addresses --- fai-redep | 6 +++++- fai/config/scripts/IANK/11-iank | 10 ++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/fai-redep b/fai-redep index 8e5919d..b90b30a 100755 --- a/fai-redep +++ b/fai-redep @@ -80,6 +80,7 @@ m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "$ # todo: automatically disable faiserver after a period so # these files are not available. + if [[ $target ]]; then secret_files=(luks/$target luks/host-$target shadow/$target) exists=false @@ -101,7 +102,10 @@ else rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common fi -rsync -rlpt --delete /a/opt/btrfs-progs-release "${rpre[@]}"/srv/fai/config/distro-install-common +rsync -rlpt --delete /a/opt/btrfs-progs-release \ + filesystem/usr/local/bin/ethusb-nm \ + filesystem/usr/local/bin/ethusb-static \ + "${rpre[@]}"/srv/fai/config/distro-install-common dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh) if [[ -e ${dirs[0]} ]]; then diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index ce0be4b..54641b2 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -184,6 +184,16 @@ EOF [main] dns=systemd-resolved EOF + + $FAI/distro-install-common/ethusb-static + if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \ + && ip n show 10.2.0.1 | grep . &>/dev/null; then + : # we are at home. note: logic duplicated in btrbk-run + else + $FAI/distro-install-common/ethusb-nm + fi + + else cat > $target/etc/network/interfaces <<-EOF # generated by FAI -- 2.30.2 From a69dd442e7381deaec866989a4944efa4f73a8c3 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 20 May 2024 16:13:19 -0400 Subject: [PATCH 14/16] fix bad merge of upstream config --- fai/config/scripts/GRUB_PC/10-setup | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fai/config/scripts/GRUB_PC/10-setup b/fai/config/scripts/GRUB_PC/10-setup index ed8d878..7ea23fd 100755 --- a/fai/config/scripts/GRUB_PC/10-setup +++ b/fai/config/scripts/GRUB_PC/10-setup @@ -84,10 +84,11 @@ if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then else for dev in $BOOT_DEVICE; do mbrdev=$(get_stable_devname $dev) - if [ -z "$mbrdevices" ]; then + if [ -z "$mbrdev" ]; then # if we cannot find a persistent name (for e.g. in a VM) use old name - mbrdevices+="$dev, " + mbrdev="$dev" fi + mbrdevices+="$mbrdev, " echo "Installing grub on $dev = $mbrdev" $ROOTCMD grub-install --no-floppy "$mbrdev" done -- 2.30.2 From fd75a734a7149cf203553d36270482af37e680da Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 20 May 2024 17:57:49 -0400 Subject: [PATCH 15/16] various fixes, improvements, shellcheck --- README | 9 +- arch-init | 11 +- arch-init-remote | 19 +- bash-trace | 1 - debian-pxe-preseed | 11 +- fai-redep | 74 +++-- fai-revm | 44 +-- fai-wrapper | 20 +- fai/config/class/DEFAULT.var | 5 +- .../distro-install-common/ethusb-static | 201 ++++++++++++ ...rnel-debs => install-mainline-kernel-debs} | 45 ++- fai/config/files/boot/bash-trace/DEFAULT | 298 ------------------ fai/config/files/boot/chboot/DEFAULT | 20 +- fai/config/hooks/partition.DEFAULT | 4 + fai/config/package_config/STANDARD.gpg | Bin 20276 -> 0 bytes fai/config/scripts/IANK/11-iank | 28 +- faiserver-disable | 23 +- faiserver-revm | 31 +- faiserver-setup | 29 +- faiserver-uninstall | 15 +- fresize | 2 +- grub.cfg.autodiscover | 14 +- install-chboot | 14 +- lk | 2 +- mk-basefile-big | 13 +- myfai-chboot | 16 +- myfai-chboot-local | 10 +- mymk-basefile | 17 +- pxe-server | 12 +- wrt-setup | 10 +- wrt-setup-local | 65 ++-- 31 files changed, 556 insertions(+), 507 deletions(-) delete mode 120000 bash-trace create mode 100755 fai/config/distro-install-common/ethusb-static rename fai/config/distro-install-common/{install-stable-kernel-debs => install-mainline-kernel-debs} (58%) delete mode 100644 fai/config/files/boot/bash-trace/DEFAULT delete mode 100644 fai/config/package_config/STANDARD.gpg diff --git a/README b/README index f9d0853..5e01bb4 100644 --- a/README +++ b/README @@ -109,6 +109,13 @@ Also, setup dns in /p/c/host-info and firewall redirects in wrt-setup-local. After install, btrbk to setup data, and then distro-begin && distro end. See notes in distro-begin for other configuration. +# Prerequesites: + + +git clone https://git.savannah.nongnu.org/git/bash-bear-trap.git +sudo install -T bash-bear-trap/bash-bear /usr/local/lib/bash-bear + + # Scripts (meant to be used directly): @@ -125,7 +132,7 @@ fai-redep -t TARGET_HOSTNAME && sudo fai-cd -M -g $PWD/grub.cfg.netinst-noreboot mymk-basefile # Create basefiles for various distros archlike-pxe # Setup pxe boot server from an archlike base image -fai-redep # Deploy fai configuration to host "faiserver" +fai-redep # Deploy fai configuration to host "faiserver.b8.nz" faiserver-uninstall # uninstall fai-server faiserver-setup # install fai-server on the current machine myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec or booting from a fai-cd. diff --git a/arch-init b/arch-init index 2f14ad6..6a3786f 100755 --- a/arch-init +++ b/arch-init @@ -1,4 +1,4 @@ -#!/bin/bash -x +#!/bin/bash # Copyright (C) 2016 Ian Kelling # This program is free software; you can redistribute it and/or @@ -15,8 +15,13 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" -cd ${x%/*} +set -e; . /usr/local/lib/bash-bear; set +e + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" + +set -x export HOSTNAME="$1" mirror=$2 diff --git a/arch-init-remote b/arch-init-remote index d8e4e29..66e19e2 100755 --- a/arch-init-remote +++ b/arch-init-remote @@ -1,6 +1,21 @@ #!/bin/bash -# Copyright (C) 2019 Ian Kelling -# SPDX-License-Identifier: AGPL-3.0-or-later +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi set -x diff --git a/bash-trace b/bash-trace deleted file mode 120000 index 015ae24..0000000 --- a/bash-trace +++ /dev/null @@ -1 +0,0 @@ -fai/config/files/boot/bash-trace/DEFAULT \ No newline at end of file diff --git a/debian-pxe-preseed b/debian-pxe-preseed index aaef9a6..e2d401f 100755 --- a/debian-pxe-preseed +++ b/debian-pxe-preseed @@ -18,11 +18,12 @@ # WARNING: outdated! needs docs and update to debian-stretch -x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" - [[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@" -src=$(readlink -f "${BASH_SOURCE%/*}") +set -e; . /usr/local/lib/bash-bear; set +e + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" e() { echo "$*"; "$@"; } @@ -36,11 +37,11 @@ cd $mount_dir e rm -rf debian-wheezy mkdir debian-wheezy cd debian-wheezy -e $src/debian-preseed "$@" # my script +e $this_dir/debian-preseed "$@" # my script cd .. e rm -f tftpboot e ln -s debian-wheezy tftpboot cd / e umount $mount_dir -e $src/pxe-server default plain # my script +e $this_dir/pxe-server default plain # my script diff --git a/fai-redep b/fai-redep index b90b30a..250b458 100755 --- a/fai-redep +++ b/fai-redep @@ -1,18 +1,35 @@ #!/bin/bash -# Copyright (C) 2019 Ian Kelling -# SPDX-License-Identifier: AGPL-3.0-or-later -set -eE -o pipefail -trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" -readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}" +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" -source bash-trace usage() { - cat <&2 ; usage 1 ;; esac shift done -host=${1:-faiserver} +host=${1:-faiserver.b8.nz} readonly host distro target ##### end command line parsing ######## -m() { printf "$pre %s\n" "$*"; "$@"; } +m() { printf "fai-redep: %s\n" "$*"; "$@"; } # i use faiserver as a dns alias, but ssh key is associated with # a canonical hostname and we will have ssh warning spam unless we @@ -63,8 +80,19 @@ faiserver_host=$(/a/exe/chost $host) # faiserver_host=$host faiserver_addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:) + +rsrv() { + local -a opts + while [[ $2 ]]; do + opts+=("$1") + shift + done + m rsync "${ropts[@]}" "${opts[@]}" "$rpath$1" +} +rpath=/srv if ! ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then - rpre=(-e "ssh -F $HOME/.ssh/confighome" root@$faiserver_host:) + ropts=(-e "ssh -F $HOME/.ssh/confighome") + rpath="root@$faiserver_host:/srv" faiserver_shell="ssh -F $HOME/.ssh/confighome root@$faiserver_host" fi @@ -75,7 +103,7 @@ rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD -m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "${rpre[@]}"/srv +rsrv -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config / # todo: automatically disable faiserver after a period so # these files are not available. @@ -84,7 +112,6 @@ m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "$ if [[ $target ]]; then secret_files=(luks/$target luks/host-$target shadow/$target) exists=false - secret_exists=() for f in ${secret_files[@]}; do if [[ -e /q/root/$f ]]; then exists=true @@ -96,27 +123,28 @@ if [[ $target ]]; then for f in ${secrets_to_send[@]}; do echo $f done - } | rsync -lpt --files-from=- /q/root "${rpre[@]}"/srv/fai/config/distro-install-common + } | rsrv -lpt --files-from=- /q/root /fai/config/distro-install-common fi else - rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common + rsrv -rlpt /q/root/shadow /q/root/luks /fai/config/distro-install-common fi -rsync -rlpt --delete /a/opt/btrfs-progs-release \ - filesystem/usr/local/bin/ethusb-nm \ - filesystem/usr/local/bin/ethusb-static \ - "${rpre[@]}"/srv/fai/config/distro-install-common +rsrv -rlpt --delete /a/opt/btrfs-progs-release /fai/config/distro-install-common dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh) if [[ -e ${dirs[0]} ]]; then - rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common + rsrv -rlpt --delete --relative ${dirs[@]} /fai/config/distro-install-common fi . /a/bin/distro-setup/pkgs -pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro)) +tmpstr=$(/a/bin/buildscripts/emacs -p && /a/bin/distro-setup/distro-pkgs $distro) +declare -a pall +for p in $tmpstr; do + pall+=($p) +done printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \ $faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe -m rsync -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/ +rsrv -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ /fai/config/basefiles/ diff --git a/fai-revm b/fai-revm index 2ce0102..6bada5e 100755 --- a/fai-revm +++ b/fai-revm @@ -18,12 +18,12 @@ [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" +set -e; . /usr/local/lib/bash-bear; set +e + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" -readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" -script_dir="${this_file%/*}" -# shellcheck source=./bash-trace -source "${script_dir}/bash-trace" -cd $script_dir PATH="$PATH:$PWD" e() { echo "$*"; "$@"; } @@ -88,19 +88,24 @@ disk_count=1 rm -f /tmp/fai-revm-did-pxe -if ! ip l show br0 &>/dev/null; then - cat <<'EOF' -fai-rvm error: no bridge detected. add one to interfaces like this: -iface eth0 inet manual -iface br0 inet dhcp - bridge_ports eth0 - bridge_stp off - bridge_maxwait 0 -EOF - exit 1 +if ip l show br0 &>/dev/null; then + net_arg="-w bridge=br0,mac=52:54:00:9c:ef:ad" +else + # if this computer has ethernet, we could setup a br0 like so: + # cat <<'EOF' + # fai-rvm error: no bridge detected. add one to interfaces like this: + # iface eth0 inet manual + # iface br0 inet dhcp + # bridge_ports eth0 + # bridge_stp off + # bridge_maxwait 0 + # EOF + + # if we only have wifi, cant use eth0 + net_arg="-w network=default,mac=52:54:00:9c:ef:ad" fi -if [[ $script_dir == /a/bin/* ]]; then +if [[ $this_dir == /a/bin/* ]]; then # Copy our script elsewhere so we can develop it # and save it at the same time it's running rm -rf /tmp/faifreeze @@ -146,7 +151,7 @@ else fi boot_arg="--cdrom $isopath" e fai-redep - cat ~/.ssh/demo.pub | /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys + /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys <~/.ssh/demo.pub e myfai-chboot default fi # I don't think these variants actually make a diff for us, but I @@ -165,7 +170,7 @@ e virsh destroy $name ||: e virsh undefine $name ||: sleep 1 - +## begin virtual disk creation ## disk_arg=() for ((i=1; i <= disk_count; i++)); do f=/var/lib/libvirt/images/${name}$i @@ -178,6 +183,7 @@ for ((i=1; i <= disk_count; i++)); do e qemu-img create -o preallocation=metadata -f qcow2 $f 50G fi done +## end virtual disk creation ## if [[ $SSH_CLIENT ]]; then console_arg=--noautoconsole @@ -202,7 +208,7 @@ fi e systemctl start libvirtd e virt-install --rng /dev/urandom --os-variant $variant -n $name $boot_arg -r 2048 --vcpus $cpus \ - ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \ + ${disk_arg[*]} $net_arg $reboot_arg \ --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq & diff --git a/fai-wrapper b/fai-wrapper index 5efa7f1..b6a75d3 100644 --- a/fai-wrapper +++ b/fai-wrapper @@ -1,6 +1,20 @@ #!/bin/bash -# Copyright (C) 2019 Ian Kelling -# SPDX-License-Identifier: AGPL-3.0-or-later +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # For using some fai commands outside of fai. # Usually this is sourced from another script. Note this has @@ -11,7 +25,7 @@ export FAI_WRAPPER=true ifclass() { local var=${1/#/CLASS_} - [[ $HOSTNAME == $1 || ${!var} ]] + [[ $HOSTNAME == "$1" || ${!var} ]] } fai-setclass() { for class in "$@"; do diff --git a/fai/config/class/DEFAULT.var b/fai/config/class/DEFAULT.var index a999512..d574d7d 100644 --- a/fai/config/class/DEFAULT.var +++ b/fai/config/class/DEFAULT.var @@ -6,7 +6,10 @@ LOGUSER=fai # when downloading from https intead of nfs, this is not set, # it is used as the default for LOGSERVER, and for calling chboot. # My faiserver's hostname is always faiserver, so just hardcoding it. -SERVER=faiserver +# I used bare host in the past, thinking that I could vary this +# between different networks I was on, but it is simpler to just +# user an internet domain that I control. +SERVER=faiserver.b8.nz # busted for debian, no time to troubleshoot atm #APTPROXY=http://faiserver:3142 diff --git a/fai/config/distro-install-common/ethusb-static b/fai/config/distro-install-common/ethusb-static new file mode 100755 index 0000000..f6cdd62 --- /dev/null +++ b/fai/config/distro-install-common/ethusb-static @@ -0,0 +1,201 @@ +#!/bin/bash +# I, Ian Kelling, follow the GNU license recommendations at +# https://www.gnu.org/licenses/license-recommendations.en.html. They +# recommend that small programs, < 300 lines, be licensed under the +# Apache License 2.0. This file contains or is part of one or more small +# programs. If a small program grows beyond 300 lines, I plan to switch +# its license to GPL. + +# Copyright 2024 Ian Kelling + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# usage $0 [-c] [off] +# off: Turn off static ip. +# -c config only, don't tell networkmanager to change anything +# -f force interface reup + +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + +m() { printf "%s\n" "$*"; "$@"; } + +## begin arg parsing ## + +force=false +conf_only=false +comment='# iank file id: ethusb-dhcp-v1' +off=false +while [[ $1 ]]; do + case $1 in + -c) + conf_only=true + ;; + -f) + force=true + ;; + off) + off=true + comment='# iank file id: ethusb-static-v1' + ;; + *) + echo "$0: error unexpected argument: $1" >&2 + exit 1 + ;; + esac + shift +done + +## end arg parsing ## + + +shopt -s nullglob + +# we already configured the interface once, afterwards, comment and +# uncomment to enable/disable. This makes it so we don't depend on /p +# being mounted. + +conf=/etc/NetworkManager/system-connections/ethusb-static.nmconnection +if ! $force && [[ -s $conf ]] && grep -qFx "$comment" $conf; then + # we already ran successfully in the past to set things this way, so + # do nothing. + exit 0 +fi + + +if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \ + && ip n show 10.2.0.1 | grep . &>/dev/null; then + # we are at_home=true + + while read -r ip_suf host mac; do + if [[ $mac != usb ]]; then + continue + fi + if [[ $host == ${HOSTNAME}c ]]; then + + net_info="address1=10.2.0.$ip_suf/16,10.2.0.1 +dns=8.8.8.4;8.8.8.8;" + + break + fi + done

/dev/null | awk '$1 == "connection.uuid:" {print $2}' ||:) +if [[ ! $uuid ]]; then + # just a uuid that nm generated for me at some point + uuid=0da4c614-6a3c-3ad2-8d4b-c6eebe0814c3 +fi + + +# This template is the result of running, for example +# nmcli con mod "Wired connection 1" \ + # ipv4.addresses "10.2.0.23/24" \ + # ipv4.gateway "10.2.0.1" \ + # ipv4.dns "8.8.8.4,8.8.8.8" + +# which creates a fille named "Wired connection 1.nmconnection", +# below. I see no reason to keep the same file name, or a bunch of +# setting that seem irrelevant, and empty sections don't seem to do +# anything according to the man page. + +# [connection] +# id=Wired connection 2 +# uuid=b0fb7694-dfe6-31a1-81fa-7c17b61515a7 +# type=ethernet +# interface-name=eth1 +# timestamp=1715728264 + +# [ethernet] + +# [ipv4] +# address1=10.2.0.23/16,10.2.0.1 +# dns=8.8.8.4;8.8.8.8; +# method=manual + +# [ipv6] +# addr-gen-mode=stable-privacy +# method=auto + +# [proxy] + +{ + cat </dev/null | awk '$1 == "GENERAL.STATE:" {print $2}' ||:) + + reup=false + if [[ $state == activated ]]; then + reup=true + fi + + m nmcli con reload + + if $reup; then + m nmcli con down $uuid + m nmcli con up $uuid + fi +fi + +if ! grep -F "$comment" $conf; then + printf "%s\n" "$comment" >>$conf +fi diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-mainline-kernel-debs similarity index 58% rename from fai/config/distro-install-common/install-stable-kernel-debs rename to fai/config/distro-install-common/install-mainline-kernel-debs index db7abcf..93f7c57 100755 --- a/fai/config/distro-install-common/install-stable-kernel-debs +++ b/fai/config/distro-install-common/install-mainline-kernel-debs @@ -21,7 +21,19 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" -set -x +# default +kernel_ver='6\.6' +case $1 in + stable) + # note: update kernel_ver when we are ready to jump to a new stable kernel. + # Stable kernels are listed here: https://www.kernel.org/category/releases.html + kernel_ver='6\.6' + ;; + unstable) + kernel_ver='[1-9]' + ;; +esac + prereqs=() for p in wget curl; do @@ -35,25 +47,28 @@ fi tmpdir=$($ROOTCMD mktemp -d) || exit +# shellcheck disable=SC2154 # defined by fai outertmp=$target/$tmpdir trap 'cd; rm -rf "$outertmp"' EXIT cd $outertmp -# update stable_ver when we are ready to jump to a new stable kernel. -# Stable kernels are listed here: https://www.kernel.org/category/releases.html -stable_ver='6\.6' -# Actually, I dont want stable right now. comment this out to get stable -# version. -stable_ver='[1-9]' -va=$(curl -s https://kernel.ubuntu.com/mainline/ | \ - sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ - grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1) +# We get 10 versions cuz maybe the latest directory (or few) get created but not populated. +tmps=$(curl -s https://kernel.ubuntu.com/mainline/ | \ + sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ + grep -v -- -rc | sed 's/^v//' | grep "^$kernel_ver" | sort -Vr | head -n10) +mapfile -t latest_versions <<<"$tmps" -# note the wiki page about these says to install linux-headers.*generic.*amd64, but -# as of 2024, they have a requirement of a very new glibc, and people report -# that installing it is not needed. -tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' ) -mapfile -t pkgs <<<"$tmpstr" +for va in "${latest_versions[@]}"; do + sleep .2 # be nice + # note the wiki page about these says to install linux-headers.*generic.*amd64, but + # as of 2024, they have a requirement of a very new glibc, and people report + # that installing it is not needed. + tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | sed '/linux-headers.*generic.*amd64/d' ) + if [[ $tmpstr ]]; then + mapfile -t pkgs <<<"$tmpstr" + break + fi +done if (( ${#pkgs[@]} != 3 )); then echo "$0: error. expected to find 3 kernel packages, got: ${pkgs[*]}" >&2 diff --git a/fai/config/files/boot/bash-trace/DEFAULT b/fai/config/files/boot/bash-trace/DEFAULT deleted file mode 100644 index 2a4077f..0000000 --- a/fai/config/files/boot/bash-trace/DEFAULT +++ /dev/null @@ -1,298 +0,0 @@ -#!/bin/bash -# Bash Error Handler -# Copyright (C) 2020 Ian Kelling -# SPDX-License-Identifier: GPL-3.0-or-later -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - - -# This is a single file library, just source this file. When an error -# happens, we print a stack trace then exit. In an interactive shell, we -# return from functions instead of exiting. If err-cleanup is a command, -# it runs before the stack trace. Functions are documented inline below -# for additional use cases. -# -# Note: occasionally the line numbers are off a bit (at least in Bash -# 5.0). This appears to be a bash bug. I plan to report it next time it -# happens to me. -# -# Please email me if you use this or have anything to contribute. I'm -# not aware of any users yet Ian Kelling . -# -# Tested on bash 4.4.20(1)-release (x86_64-pc-linux-gnu) and -# 5.0.17(1)-release (x86_64-pc-linux-gnu). -# -# Related: see my bash script template repo at https://iankelling.org/git. - - -# TODO: investigate to see if we can format output betting in case of -# subshell failure. Right now, we get independent trace from inside and -# outside of the subshell. Note, errexit + inherit_errexit doesn't have -# any smarts around this either. - -if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi - -####################################### -# err-catch: Setup trap on ERR to print stack trace and exit (or return -# if the shell is interactive). This is the most common use case so we -# run it after defining it, you can call err-allow to undo that. -# -# This also sets pipefail because it's a good practice to catch more -# errors. -# -# Note: In interactive shell, stack calling line number is not -# available, so we print function definition lines. -# -# Note: This works like set -e, which has one unintuitive feature: If -# you use a function as part of a conditional, eg: func && come_cmd, a -# failed command within func won't trigger an error. -# -# Globals -# -# err_catch_ignore Array containing glob patterns to test against -# filenames to ignore errors from in interactive -# shell. Initialized to ignore bash-completion -# scripts on debian based systems. -# -# err-cleanup If set, this command will run just before exiting. -# -# _err_func_last Used internally in err-bash-trace-interactive -# -####################################### -err-catch() { - set -E; - if [[ $- == *i* ]]; then - if ! test ${err_catch_ignore+defined}; then - err_catch_ignore=( - '/etc/bash_completion.d/*' - '*/bash-completion/*' - ) - fi - declare -i _err_func_last=0 - if [[ $- != *c* ]]; then - shopt -s extdebug - fi - # shellcheck disable=SC2154 - trap '_err-bash-trace-interactive $? "${PIPESTATUS[*]}" "$BASH_COMMAND" ${BASH_ARGC[0]} "${BASH_ARGV[@]}" || return $?' ERR - else - # Man bash on exdebug: "If set at shell invocation, arrange to - # execute the debugger". We want to avoid that, but I want this file - # to be sourceable from bash startup files. noninteractive ssh and - # sources .bashrc on invocation. login_shell sources things on - # invocation. - # - # extdebug allows us to print function arguments in our stack trace. - if ! shopt login_shell >/dev/null && [[ ! $SSH_CONNECTION ]]; then - shopt -s extdebug - fi - trap err-exit ERR - fi - set -o pipefail -} -# This is the most common use case so run it now. -err-catch - -####################################### -# Undo err-catch/err-catch-interactive -####################################### -err-allow() { - shopt -u extdebug - set +E +o pipefail - trap ERR -} - -####################################### -# err-exit: Print stack trace and exit -# -# Use this instead of the exit command to be more informative. -# -# usage: err-exit [-EXIT_CODE] [MESSAGE] -# -# EXIT_CODE Default: $? if it is nonzero, otherwise 1. -# MESSAGE Print MESSAGE to stderr. Default: -# ${BASH_SOURCE[1]}:${BASH_LINENO[0]}: `$BASH_COMMAND' returned $? -# -# Globals -# -# err-cleanup If set, this command will run just before exiting. -# -####################################### -err-exit() { - # vars have _ prefix so that we can inspect existing set vars without - # too much overwriting of them. - local _err=$? _pipestatus="${_pipestatus[*]}" - - # This has to come before most things or vars get changed - local _msg="${BASH_SOURCE[1]}:${BASH_LINENO[0]}: \`$BASH_COMMAND' returned $_err" - local _cmdr="$BASH_COMMAND" # command right. we chop of the left, keep the right. - - if [[ $_pipestatus != "$_err" ]]; then - _msg+=", PIPESTATUS: $_pipestatus" - fi - set +x - if [[ $1 == -* ]]; then - _err=${1#-} - shift - elif (( ! _err )); then - _err=1 - fi - if [[ $1 ]]; then - _msg="$1" - fi - - ## Begin printing vars from within BASH_COMMAND ## - local _var _chars _l - local -A _vars - while [[ $_cmdr ]]; do - _chars="${#_cmdr}" - _cmdr="${_cmdr#*$}" - _cmdr="${_cmdr#{}" - if (( _chars == ${#_cmdr} )); then - break - fi - _var="${_cmdr%%[^a-zA-Z0-9_]*}" - if [[ ! $_var || $_var == [0-9]* ]]; then - continue - fi - _vars[${_var}]=t - done - #echo "iank ${_vars[*]}" - #set |& grep ^password - # in my small test, this took 50% longer than piping to grep. - # That seems a small enough penalty to stay in bash here. - if (( ${#_vars[@]} )); then - set |& while read -r _l; do - for _var in "${!_vars[@]}"; do - case $_l in - ${_var}=*) printf "%s\n" "$_l" >&2 ;; - esac - done - done - fi - ## End printing vars from within BASH_COMMAND ## - - printf "%s\n" "$_msg" >&2 - err-bash-trace 2 - set -e # err trap does not work within an error trap - if type -t err-cleanup >/dev/null; then - err-cleanup - fi - printf "%s: exiting with status %s\n" "$0" "$_err" >&2 - exit $_err -} - -####################################### -# Print stack trace -# -# usage: err-bash-trace [FRAME_START] -# -# This function is called by the other functions which print stack -# traces. -# -# It does not show function args unless you first run: -# shopt -s extdebug -# which err-catch does for you. -# -# FRAME_START Optional variable to set before calling. The frame to -# start printing on. default=1. If ${#FUNCNAME[@]} <= -# FRAME_START + 1, don't print anything because we are at -# the top level of the script and better off printing a -# general message, for example see what our callers print. -# -####################################### -err-bash-trace() { - local -i argc_index=0 frame i frame_start=${1:-1} - local source_loc - if (( ${#FUNCNAME[@]} <= frame_start + 1 )); then - return 0 - fi - for ((frame=0; frame < ${#FUNCNAME[@]}; frame++)); do - argc=${BASH_ARGC[frame]} - argc_index+=$argc - if ((frame < frame_start)); then continue; fi - if (( ${#BASH_SOURCE[@]} > 1 )); then - source_loc="${BASH_SOURCE[frame]}:${BASH_LINENO[frame-1]}:" - fi - printf " from %sin \`%s" "$source_loc" "${FUNCNAME[frame]}" >&2 - if shopt extdebug >/dev/null; then - for ((i=argc_index-1; i >= argc_index-argc; i--)); do - printf " %s" "${BASH_ARGV[i]}" >&2 - done - fi - echo \' >&2 - done - return 0 -} - -####################################### -# Internal function for err-catch. Prints stack trace from interactive -# shell trap. -# -# Usage: see err-catch-interactive -####################################### -_err-bash-trace-interactive() { - if (( ${#FUNCNAME[@]} <= 1 )); then - return 0 - fi - - for pattern in "${err_catch_ignore[@]}"; do - # shellcheck disable=SC2053 - if [[ ${BASH_SOURCE[1]} == $pattern ]]; then - return 0 - fi - done - - local ret bash_command argc pattern i last - last=$_err_func_last - _err_func_last=${#FUNCNAME[@]} - # We have these passed to us because they are lost inside the - # function. - ret=$1 - pipestatus="$2" - bash_command="$3" - argc=$(( $4 - 1 )) - shift 4 - argv=("$@") - # The trap returns a nonzero, then gets called again. This condition - # tells us if is that has happened by checking if we've gone down a - # stack level. - if (( _err_func_last >= last )); then - printf "ERR: \`%s\' returned %s" "$bash_command" $ret >&2 - if [[ $pipestatus != "$ret" ]]; then - printf ", PIPESTATUS: %s" "$pipestatus" >&2 - fi - echo >&2 - fi - printf " from \`%s" "${FUNCNAME[1]}" >&2 - if shopt extdebug >/dev/null; then - for ((i=argc; i >= 0; i--)); do - printf " %s" "${argv[i]}" >&2 - done - fi - printf "\' defined at %s:%s\n" "${BASH_SOURCE[1]}" "$(declare -F "${FUNCNAME[1]}"|awk "{print \$2}")" >&2 - if [[ -t 1 ]]; then - return $ret - else - # Part of an outgoing pipe, avoid getting get us stuck in a weird - # subshell if we returned nonzero, which would happen in a situation - # like this: - # - # tf() { while read -r line; do :; done < <(asdf); }; - # tf - # - # Note: exit $ret also avoids the stuck subshell problem, and I - # can't notice any difference, but this seems more proper. - return 0 - fi -} diff --git a/fai/config/files/boot/chboot/DEFAULT b/fai/config/files/boot/chboot/DEFAULT index adfbe1c..6b0e964 100755 --- a/fai/config/files/boot/chboot/DEFAULT +++ b/fai/config/files/boot/chboot/DEFAULT @@ -16,21 +16,17 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@" +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" -x="$(readlink -f "$BASH_SOURCE")" -f="${x%/*}/bash-trace" -if [[ -e $f ]]; then - source $f -else - source ${x%/*}/../bash-trace/DEFAULT -fi - +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR usage() { - cat <-mx8M-m-GaM21PKm7g1bX-2$0}z3GVK}-QC?KNN@-cBv|++Sy^kZ zbN2qu+2`En-XFK-(^YR*kE*U3{ZchXbu~#4&!Cj){aHY$K+9(|lF^WF9OB|bN%_*74Pl(DO($6-4lWK& zR~}{)b*8w@BH-QZgS`-P(VvZRK|h9G)myN?n_-JR8*EfJo*VdL!-Wynd+{+`ceGlsmUQVS}19em(68E{XE+!L(^FNI!;i}+1^h}xO1W&WqA84 zdFJa7DDxj|%Dr=?PL1vI`qL2?>fuoI0g?(LY1fE&8n90DbxXAsy-Ipmg1D<~Fa1Vk z(nH=5rik~=B?XFGrEU+gBp(~6LUEeK3N;~pzRSU}44ZYQEp zOLl_^T(O(ii*CVkl24NYEUpH~3-Fq>TSsqVJGuB60W=T*szd?+GkY@-@GI2d${IM? z*^;Q3SeugYTMApcIe`(AouirHZ$XGZ1VbR+Kw*Fo02v5;NN7ZOI9Nz%EChHsL}+XX zNDu%)1cG?(3xNxwz%jS7cjA5V;wfRWx3jZma|+>KW1hZVuLn@sL-v8 z%41$b{Vx8g^8AJTLa#0UX`r2+Vjesi3FCTar?0o@Y=zQKQ0(<)+1s0FWNNm_>EJEb zRP^cm9yC!sC^ZjM&dXX9s_m5(%#OjL7nIIza;*lDw^dlr(_D5uM~uIvLVY}^CQegy zj#7Y)P8FETZ$iDjEs~OaWhgspiFngfR~u(y?|_fN@gvdb%T(%=SNGAu%PBLu+$yRs zSua)F*~@&(m{k}Imv`Z{J5ySaYmpESJUWE3*xUA=nmC@^+4i-8dRDi@}cRUvDFg3gb zO_m9c?23DgPzVpRgCWUi?ZPPItB$${$4e@`Vv5 zivOLJk?E*FG*n)+p8>8nAUGn`TBqMAad)dsUQe@gFAFk!5tUe8Ho3S-6ZS*y+=_%q zwV>bC|Jmg`znmsz{u=uUMqT&=p*riuSmO*+XL)pY;bBrG8AropRhr`;8OfC<*u2PP z3eT^aWU@qpU2$I_#8!odJijMgre^c8WgE-s)J$mwPIe2R4iy`&D}_AJQC`~yg(=dn zlX(^^P3f?I_3Rg=JS@N4x1+jugJd7=V;7}rDU9^NmsUvN%JJZ(#hidPGqN8DxPilu zF>{}Qy)-_CxS{LLcl&bVc%XxZ$8mh~2HoQ8byTi%b1Oe-$zI~j*e)Kgb@hAO_UE0R zO@4g+dZc#serk0g+xe~1DJT914UBZ&3La%aZXw#Vq&tlF&>|S)NGtKOmtT?SqP8hM>Q`hC&6o?1H*UZ@CmL89uPn^L=&6wfETjW_on0ah7lt5K+ zzQMm(iT58^`7}xjo7ukomm}r>YlK9xMg>AiR0p-DAEFnAQXU{^gb6w?$#ZBG25K5^zMVdAwx5b0OprHk+WMcxR)Xc zYRe3bLen1i`komW(gl%K3hl_G&qed>BQnNC+gL!*T(oil#%>xEeiVJs{@$ccGr>x3 zq_`qWs%^}!V&xV|)^b&Z=A4_v6x>wvt7FHis<1bd68dl2!)LQyK4ZkaM2KxKJNRnS zUL`yiLayIZo+^57iUfAs+0u3uzxbW*;g_)G`7cNF`JysqW zrr&N~$-*CDIra`^^UCq5r0F1v)1RybTFw!$e%y3~m+>2p`^ficG`omt{hd-0~>#nW&yq%xVb?qyD)TVO-#2MfOp6 zv-t*-g7O1F3DMAt5CbTqCA+Td1d-6*+5_RySy#Ul?cp01!^3rB7UZy(!pvtjJ|8<| z$8`;s2Gl=CrwJs7K{b=`c&9tO8~T%wjsLLgI*WquUW5dqlnUvS^k7h>w|lD>CVOiP z5acH7rV)3$5n}Sf%H+eusSgv)cdLAgOqM&I&`rvzNoJv|fH~IMPODFuWO(>MSEA)P z6K&^wk1z8>3+db$JD3O#c1592tMdgDv-)nc>Gc1aIhY=M$FNUV$8dDk;^p< zPZqETVZMJ^lBGrMQQA2>zS~_Aruf-kP$37wW%s;W*f~_&sqOLD5$g`JyXvCJr6Q9B zIvG;#{zGke)CudnND~hia%I-}atI3Lb)ew1!uUp#_13F1xK);9?&=o9@ZvHh$r&bD{$?b2WR0#Tes%DpB!0}ihXk_& z)L>lmzOj)(lvKaMR0nU;D>~!o0&_4y-n^v^VY6^)IFLsi_3}q6>?IHzuq>pDRBV=K zkL!^~s^)}^~T^9mD421(W(BL8Pk$xFi;eVgXqQ0X%;JL)M zqjQK4FTBHRreyL|&(p|CFqVpGT@0f?a}q1o3dBqAm{LSwY2;)X(>ONWwz(y&GK5}8 zB`_p!AKsT?UfB$rSzH_NWz&u`U&YRSG@ZLrr1FeT%n3}ius(*WCgULq(4pt+zm6*y z5QYB;`oU0FQD*Hb-u2?9R#D&$CniVeH(k-n)7ak6sAKoTE`;@zDy*YQcL7K+1II6} zo6rEcuf>hR(@jl^xG*1~nH^CbqISFw6lt=9;w*rK7e7_YSc~cz8RB+fC{0`i*%drS zuuL=krH3JD!M$)DxC@pg~%$YNuN5if{DGI=7FR?Op-(sNarZ9Uj z(_4Dnt`S@tY6b}Ytm)71k9G+RgIcs;i&1rHQfu#SRbl4tx##Ou`z&b}f}mPVS-tzI zh^DnH#({z!cGb6iQXVD@pHf1!*nN4f#hSR9fa}1}?Tnx2Q9nBd-h@?Q-gqtsqJO?St+2^&XK~3CA1%c#@#ihM@okuLnNoqyrRqQoAOb5<7 zqMETf(40@rlJm{AD56)mGtBGbPgv2;rLUViB$QI}cZx4;qU1NyvLGIrf4HzT(mUJ- z`ZRuc9sU93Wu1Z1ibIaK_Ao2W8HCt&sD%$L;_~cTIHD(uBFVY>=c|Ej)wq3~zGLAr zO5Cz3+d^{dPeVHk;UT$KkJB+J6nbByNe8FgzB5ERm-f9M2(Muy4u$&(hAgCt_+3xtB zQMSQIf+`>8mZN+hCzFW_8=o-t61|(`@~R4ZZz=&1UFPDtjQp zQhgUI%qCiMI4@&emm5 zs8?@N8zqjf5{_2<+=t1I`y)9%=hd-cK1Y-`V$DbKgxLpu;ys7@dhavc8Y7^kv`8{t zIYCTUfz1S63PSVIv#0o1l=>({JuJ?=(V3Qez26vhF$LS~{p)oxHDb;mC8S zYq=L(8VSzaPJ6pS9Bh~H++*4W=6K^=tzwTr>&1>vX44PemdOs>QKz$tKK43J$^EMr zG}Eu^X*KH?TOM(Cj2!8A)0?+cDEJm`4Ohkw(Nh{o4Ja=noK?qgmE+OgY@?BU$3Oup@blNd9t-?(V|RJ;(I1-B=2eA_LG@QlO0?-*vtN0}{UgkSg)#1xim zu9cat5LT|M;TOuiPe9-B?r06I&d#rtb#aa-7*@;p zZ8%IsV*Y}Yf2)cGZ6*rr#^&NJ4UhCFnH_^4K_^n94ZguQ<*uKi{@(()I%$WIj)OEw zC?9HpoXB-qMN8ub=E$L`JSRJWbp2Q+9fV1#8Wv%SL=Hufc8ur;X7v`+tX&uiEd}+C zRNCX`k3J_?w#E_eMmRScd}9;3g)cp-%g#=0^-Z?Qcfw6|W=y=#s|TDJRVTZ8xrMGi zb9xG&a1@g?y>wJ~71@@dSxtfM<3_!BQ46`(7`cu5pl34?S}=3ir%mZTn;=Lt7{x5X zAbhI%L)`{8H*d{vu%x24q&nGNJ>5Famjs%XG~8YoI#tId4n^(uIS0*~bL}5AKR;-; z$*>Y^;0Xp|wo7OB<{-L^I7lLfxw{A=L?{mg+?Frcp#|4WjFUrCdVzc!%f~C;yaxPr z9V_c0U^qt6UU-fZn$$N>x*!l;=<#?6W6LH}Gp6@N=>R^fLzCQ!El@DTab;9q*odn2 z(iutFg!KBx%M-)1=x zF@3O>V!W{ai+SY##5`-aKd5KwWNK~j-?2^#^zX86<{afwa<9zTY{1uQ^cWSkYG2^- zpvD#J4KPI0{Ge{K+f)7%Ze#JNX@=7TawONoVdpsJ;nDkz?%2z&^SQ5VkN4wj`+alA zs|j)29f#IuFQhCf1~|gZIhIW?Il4=xCw$u8ixl!;wY7!!5+dl9#b}^ShO}m%ieq3J z=}Eyp;-N#;eiowMawq6bLSNnI`M&lZjm419hP1>*#=YyMrfRFQf9$fo_;Ic;O)Q0t zb;_~4A`Z7#&_Ufh&l??tk8dVqp)z4*W;a$zar$hY8zAjGd*9c~?zDQ~G6$-DlxjPO zRR7v>VPMOuT$m$LBxi>p!MO6kg@UU^fsaV3$sZT;5cYlLXKE!Q#j;cLrvT@pEkd-u z{>Sj@YIt;#Bx?cBXK`;daW_~M$gMIHf_Nk`ms^b$!{{~OAHQKhJbr0(h6zZ0JX~dF zL?&a5XgD6Z>*pgmUXi*vBoVto9uHRLD<;LmoHZM0=5!Mn)2ldmHnV}FW_V5RnmG6@ zJ}+)Pfv-RH^~YEhljhe+j}wADHT@snTW}3fF^lUk2S&}k(eF4{oH#q z-k{wVyRLn&TGM?bCg9{+eIJ>EH*7@He7Ga1?0{L?zu z-^MyAihq}NnbIh?kdz$iRVCqNuU-6^9+50a;qQkV+iOuQv$yGd-t3kH1yOF!+1#>T zO%mxt#F4GSWpZjp(OP1%YNed4j!-_L%WKbVdv0Ns1dHQLQPVMcXMRnm*nIN`gtojJH|(?t<%UxQvyw^kk1KK$^Pd315% z$2zMsF6S;)G*k+2i}lfaGYO;~i-qXmO*gp|)oa%_a)v~dqBU(v~vNPdgiudCHlsqh?XmetNd1>^nZsWp`!F1qLP*q=T8=qog;v%f=R%d!tMc^TbE8OF zb!Qo#I=&(pBB66KS1ryUeg3|PHgWEa-rT#|AZngBsTYyzcv<}jvV=0>Z7-5hl;rdB z##12Kq=xC4-%f~ry_(ebjD>Ez_2Bh2S$L$$dx-D}JI%Q*-%a88=4M7U#1z;gj_9&r zDEH3Swe&C6asKDAj>go^kwnzUh~#NKi^R^>+MSk!|2Gq@?Tiep&F!52dBOGXM4bJ1 ziHMaA9{$);Ug{87;1{VrgGg?=lYDO^*MK95+GHF1?y^%tlG=uzF6oS@If~O!m?i0v zH%K{xb$@Mglaaukxs*d&dvv)#;>$hC<5IeWIkrEgKLG*~yme}v{bxQXnm`fSKl9r=VN3R0W*^E)XvCx7J^@HeKY53l>ue|moVm?(g zor`~#)-EaE#L{fs_`Ot7%yz)nDm?pK2{JcjHbp2i(odm2Bxj*?6`PS?m)fVG%^JBQ z3E8!s^~m5rR`PtO+$3_w$zt>YyejRh$#F46I`c1s?8riv?GU_`_l8HJ-d5FgG1WxB z(6>VcmFCz|Zbd#M9J2@5#97+KZ2IzRWV)_7 zs^`VNs6^KXUP$P4mt`L#P^1&bdK%t##t1<#3D z{fmfn|Cxw?kDP#Ab8fFG ztOS*hgm%ZWAch9K-SiJJr>f;^$De{cBAwQ85RrL?H$pbKrWDrKpdEOOJ7Q5sMN z<}f9ZjQtFmb^!XNDOGYG=V;2xRa1aV%alyyY^r6T&+}F@ld99o%c(UD z_H&PWv{%xuN1d_EQ1zH!P{Wi_~ z?^17P4HXCoWei2O$xDyje9-w!flLag-ZeB?y}dDL4f(?ab9nc|MHg-~Zlcljr+xTN zXW905g9S1pYsN1dH6h zI{tFgL}iyZrD!9V*qo7%O0>& zUu7OKE0oBq`qb>M&*=XCiy_;x_|?3$61H1BP~uHF$_OsfZHG}1RHBIU19YX~6`upB zod~^#A566agFZAND<&2!ub*-h%~VXI~i{E=`um$q!6i`8<+m$!B_n&MIP&;=+5x#zVRO> z&)|KyH@EzNq!&Fu^#t%LT^anPg9fwE_ssPT0JQ+Ib#dZ-(r0AfF+5;6E{PO$aXMzv zu@M~xR3|z2>GEwc-~5#QB;egO&|&gus+i1$Q6k$wa>a-`C^Z+B%Y}2Wg`1?x>NJS| zvJASzB|`sZ-d$yt)_2z({^B_Y>s&1s1>d}_UZS91-}c3Kb`wpEtPpPv1VZBoftMZM zs+1q2lXd$CVnHt%iqp!e z+&Qc=L5u(Uby>V&PQeweZ*A-%GFkHeqfFg92RSRQeckbAO?d+$%I2>~&$=4BW|7{} z<(@+QM2hR0lJacvWpojERtXXMUk>!ttmW3!5lqdk(uk_G~H4Iby>T@5xP-)9#jqI9o#~e!y;bFK}pf~Qp z+(|YC_4C6}ONkwFwvNqacv$JHw$+%_3=J*Ofg%S6E{)T0BttVykf>UZFY|fdi0HiF zu%E@zes-6OgO!-9g`IHlp!#~J5x=vii)t>bW1}|VDUPI;t8bN1cp<7N>h70*e7-9F z=O23|%}KS7ih~a|KYT5kce{zU6Sz!fLd~p+Ib2H7nWMDr;Zc-NxRAA56k}G)n3r=O&@>k=y+Us`~slL zO3FxrFMt4P@DF(0z?PSAvoHk!85ueN4lIZWAcI%;NWdr-e4v0aG&rpSAE;pbB+&pq z&_R&EQ{_(w9tiqZ+5yJ+zwrPV)BKis+EBs@E{h3HC%^{=#2;m!@-2d(ewBTS@_Jwa z0&w0o_{ap`h~&QxfQq7m766E=h%vt6VSVb%ubTc$S(%wRd70UHSy)I|*?3twcsW>r zSB@68&NA`6$zxwbL0r)_&{~!I31vf11H&zB?vfzKTm-;t;>K_md3qXMr zW>!{a$ml=%_Zln@^&8uQF(~E_84$S75HWw$@Bbtdi}35-pxBf9RM50RSL><3w2S zeSc$ru&#j|*kA2|1Vhko{7W~vf7Aoc1|a^1A^(P9{)V6Az_$US!G#%r$2)NR?Fs&TihhNMKfzz= zQx3Sgr{+(BV`N~pB?t&aq6F-BpK`$)uzm$_ql-zwf(roPJ(~dh1oXXybCAmb;2{Hi zU6vUL_J)>a)(-X#t$&i=?E~5XKX9d;;1h7u7X$$y0U&8-)&^fk1C;f87IMHjNq;Hr zsSp5+0-=CCVEt4c1e^kZvcYS>tLHtqi41=T{EGFUdjLS^al+RgTTlN9{~1C#|3v?f zQi=aXX?)>&z#BjUx7i->?gQ)>!9Q$aa78OCPLjY8Kmx!5JisfU9S{PTg5K5F_bQw! zP)PN<@+g2gB6lTs1;sJ{ukQ=iIvwyDi1~wGP|%=PAXwlL1oC5euw(3I1XES9fdL@1&@>Co)gu>TNsM`9!3nXy(0BB{UjtOf5pFe@*6$L{2}p#gr9OLjxxtB{<;hX(@z5UU?TpaA_e$F z6CAaI&qjOxgW&H%!r*#@!5D8$Ub{dSumz9cD5-U@1009gJhaf6%31Ob##u!@wpG1n7X%NO0-@MOc_xFxE@f+tKSl?$R^W ztJG^;Xk1`g;8-YG7+45cPzG|K)uG8kS?we3Aw#1=gQ1(Cdq&+4M%81W-t4|Xrq)Zt zFU4QMSHwrdufeCp7sr>vkHNRbN5;>@-^4!!|4x7$;djEd!fxII3-;dB!oDWIP}zlrvP!KE@u? z{uV7V>Wy09s&UQ+nxXq z)PLC}MDYKxODMqjU)d!L;QT-B5_T~DS9S?MI3EP@$2_S7#t^^p#qY8Ee{O34U~_93 z_yC|HA|WFopdvp*Mn^-%z@fpz!N$g6A*Upy;bjxx=V9aK5|-9c5Ej>v;NpH|qonc1 z(9GOSP~O4a-q=mY#LNhUhK`Pdh4TUr?}d>lH+bppe;OWpK-u8VL4$3+C$sN&02?Gw z&@ixY;P+y&viikj!I6u8?!;1_ zJf&bWbo7TuzP#+``hy z`K^nqo4d#R4*`Ke!6Bisaq$TsKP4t5XXoVR!y0f6-m4vA#7u2nC!D|4&C{ILAG-fcD(84dH_>FfUs+ySe zE@JxowZ`VKq7wzvgp6f=l&&~47xZMSq-X-e1bEm;!365JKLSmS_lHDz>G`-m$1t=*w1hICvNy;wRX1D5WIj0= zXZev{ve&rNXdU@;LD97Pa#=t@LOzkXFunIT57oQ1%Ou14X9}+Yb%Mf(^Sv*gbobppCmq*v$l$G7rpNDIW^mp5SvW1ETyUyS2TV2;&4%jhZXGK z8@)@;AuHGATqs~?l% zH%zHY^CyWGao^lLNN|sJ+fzmkN>rnf8Wy|Kyh+sma&|jwcVzJ%^}O%-j8k&%jh%y# zM-Tcw7hSjQB8*3cWfG(977P{u+i6A}>a`!qV%}QuBtP9V^V4#%NG7OW~oDOF*Xjg$CgUx!Nq|4_Arz0h8a(C;bRTLw&{bC6qIZ zxH~ZiW7T=Zg=3EO-e+dlN};}k&&NYW5Znh-8xV3<5h)!eZEijvPe5Izz5jHm##yT0 zl3PtwP(+pY36qz-!4ZdB?uvdXg)A{VrIICZvogYj)-ii62iw>bf!Wg2?dA6IN?D9Q zTfYaL>b8dH=cISGbxygo8H|3U@0z?@8;g#AzCy{ffd5W0{2qJLiRGs03NveH3Cnzb zVW);}+g@(CW6xu=pccO(2g-F!2myODw=mO+Wus|JUDl)^i{p|9F3SbO791$9XKpI zUG;2#9>mGpN=W5!1c}MKCfE$M$P}gx^rg|$Gh!BXdf~MA?)G9?S{d`f=}-%wg4L1I zzL>S=3ql1)UXOj%X9GO+j;t^5Z|58%E@_8)&=#bJ8}Z58c;_|j2xx7aRc+LYb7+RH zsB&2Og)q6^ShbOUl*!YFaS9+TN*;+_S|#f`{?6oK59Z7EwuS&Vjm*MKtgx6Fzl&h}gJ1U7)9!-2w^{kZzT0s>lAH4fzutro*!KXI zluBaiatV{(wqN$%5GyHQ^ms_Or@bzLo$2h2r5z{nr!5GbM2AQ=hoqZZkZhmJP3o~! zlpRci(^g|y9&{Q0xFq|2AN-h#XU}tbqWV-}!IXuZNMG8Po*ILEc->Y)&iiOIg z6=s)0YBU67%k2iV(T<-@S2)O$KX|CS>I;ZT1WJLyw?ombPvOl^nF zC0n(0~J=M73(E#zja_DQl>6Fff-7*>lnGU-hcY z9Brn5^I(R>v2)S}Pnw)k%Y@J^>RWWpQ7-%lpN=63{B$tl;u^Ctb;?o7NE_$`Z7n6) zS7;AMnLormXmwuXld*MnN0jnS`}M5V?t<-l#>T5Ed`YyAu@~~U?(=S+MEdEdosR|cq?Ktzs{Z=94|H!E{=~ z)>IHFnGmT-s(ukjy7SA~a)xYLpWw-orVX`GCDRBhv!c=wT}qbw*yz!k0ZRaE>Q?Gc z%ngd!p2?DY<~wQOT?b~D*=I7-1X zgouy8-r^Hol=UHn^})LjZ>ek1Cigha!ra2GQe;vhHAbw>(uEXfR1fiLR$ik8zG9Vz zBs{c`X|Ivh6E4T4?BN1)-O;t>##P%u%GkTH-G5YTYZGBC5Sv$GRZ^9XRW@-wlqvp!Vs09Flzgg5h;6>hFj?kY@5IBVb`v%Z30PJHA!2HV*0{cO*P*2OC;P5v` zND0Hh0S1$d9P9|eg8c@p$un>X@cz~(KjaVLU-6Sy1%SYpXu)0x1PBTQ2?1V9{1w0} z;AoIgV5f=)iR_Zx$@-jBOcFG`iZv2%;sq?#bo#qnDMVvhS8K3i<=M}q2;OP4 zg}*2>eyE>g$XL{RRy)H6Zz6G{fU}jMD9dsuX#mCS@dfwmuvIRbk4)VVYtWB~*P>2oD~Lc|Ax`U`evl zPY~oW;we=qQM^~RxVZWfv&zWISF}EcJVHT};Y(gqVk?Ceui?rfqLl$+(V2|6APph> zj?|ed7oKggUp_V)S=^wcy-=!3H!Vea7WsA`Ot;h~asK`{hR=vO{O0gyAyKEW$ljJ~ z-^Hd4bi$H|T}jAcg=#@1XUPqh*2-1B?_%hVUR)BQXr8j$A5spel2E-wIvwCS)axzi z^oDL*KFn=Q5mFXMMPVX%u<#{1F*#s0w8f&i*U@4!s;_gWw8wNjQ8ZYqcI?Icgrq!6 zW=4R{v7!;h%43>4G?cx(Jjy6@A}TkSz{m_*Sj+(MH+gClV&uE*M3X4)tQk z%>MU1lXrX+GUi9d!g|W~3Ox2D5gq3ww|G8W>IArH@q~Rl3h>}<6sBY1B&D)2jz4xI zyFN^x*h*|fZre8C@GWd_RS?sS4JSy`ucKGypXj{y?47SQ6~m`^wH&N(y8V)HMEH&- zvx1>wcdi^#GOYI0lzO8-`kM-sGIMzN6)e_w75|$VRsp&Rq>x$7@AMtSO7f4ub92F> z&hzEEY~oi#Fq1S{`0U(E0UF%|&k5RQ2W=C-2o-?k+EtdP7zblr8&=B}6$ z2sei@0dM}|qpp?~Rh+#=oZJKEaK#!N+2w!%-B2A#Sl#ti0iC>tezvZUr0g*u#?*_< zxA-{a65%`d(~WI%6) zHiy;~uyC9RviZ&+;(fQpG1!y&Xm@!7y-`3EL48V5(nq(qx@BG^ zXYSRE#7^1#3H3W1wBkK~B4O3A{#pZk_f&)J*(c}l`MB$tg|*S}Fkmce)EmVn_1mVh zUA@ZN`c`GRY?e~@he^YwRYY^H9*XcKmhDv*lTQ8PXFti~B~91O#;{lK2U?N_UMY8yzuv5Rr1C=|FNGbQWd{SkC#Nv#Io_Z(MU?2StZ!Zhl5*}(Qh7Obo< zjc+)%OW#04`$9NTKGRFuug2?dMFMi50~~QC9qZu^@dsgKce@~SWBi?JxDmXNwtPbyY_%W@ z8yq1+kRRL^L6lFL%LelLdwUyR55sMtO7^Ccv)v zcy;aQfNB%?v;UPa^Jp>%Dg;I#w*46lFIv+h=<5lp*n1}?)EIstJ;~_j%PZnu19X_3 z!zUXYS5~3zvk-^1&nlR9Hm}^nCYtidzD0G7s4UOK*oyX;3S~-LLq$A?d%hauQo64| z1c`rJ!cOI0_*O=+R>Wld(SxTZ$;+qJOZUFLLiwQW3sLmMUbQo8VMa*%hsH#KM4ExA zV!E6~{nf#Sc51r0v5PI2ZPgm~ksR;Jb#2eg2v7*MYhPwO+qd?HXt9LP-#NL~8V0-` z*>4D3Ps42R6c&5+?Ha<|2Qs7E%G0UKdetxp49W=b!`q4zGPTQ!Pnayo4b>K()X6=<;D&3X&T0qvwEmq$#Ug zKOm5KlVDTvt^nP?1G<8BN#+A$2bNiG;Co#6wK-H?Cbzm461t19(vBbZOJA5@Zsg10 zZ}iqv3|`02R)>^LXP+OEXYf69M0{cFVTE}E{UvtP=a_*o--RndK>r&Id)YJ#qcbH- ze1rhX8_AY$ua4J#Aj{=ceG1gSs4BCZxvR4IY^9sJQ%LY$lZ+&?wJ>v_ep)S=RLVLM z13|HlhkTr*fAW5v*vicz7$eqo{1wbs#+m(Ay}}Jx>d@<=$4~e#KpB5+!g=~|_V?#+ zmG*(cXe#2GdGJ2|iEY;*^fF$?<3jJOHEW35{90HdcX)7{0E_K_Gn~t{ai`qy-W^L* zU&-E@<&`Bg@K*HieFTWCZ*GDN#&S5mMv@ej^gL|5RY{6ai=J-i(co)HU ztzTghEZR7-LJcXS5e-!wwQ5|NV{Tqzbrg4<=UPtq#W}1A(>XItBc&&w-{nA^2?aP; zK$(`5Z%G`IG)sAkP|IC9M#6J6X4P8;w#jWC_I`MWxe&;2xJK!I1luMj+~$;2Gvzw9 z5MH@DOzdUx#pC6cYj=S}XH0dvTZv*zfLr9fLTKnKo5s@kR0#}MDbkbxk#%0d?)i%K zcykzdA_byb6`T(|JV;`Ug)oR&&=lK>;mKb+XBz5lyt5p=aLALOjNE>u>R-pp2?lCi&a&uzOtifSoZ^H15)7eY(qG=8 z2x;X1DKCgrtjr(@TYMVi`aVo4tyd?H3z0ctLNx%5wls2KHkvlTA3DVIl)V`SSCrU& z>cEMDUs`FflDg5-0ONvT9?sDwRt#3W?TU{$Y<9h}CfyEEeaf?|$)7t3RZj75AI?Gm z@J}BRNzj2mpZ)u{LYCF2z-O{n=QOuK)TpHw-pATDg@=B1f*(4$^!C_C77*^E)rcp5 zw$Q7*|Dap5yJ{Z6MTUm1)9?5-1K)_Y1Syy&cfMiCEF7gcKOi|K(p8SBy2`8Vxfn&``t@rP zxSdE`T02(9wU_TLs#u}{|X_3k_FIP`;&J|*<3r6h_IUE?_sT_Pw) zI2-F>#d8Fm3mmcm9(lwcd_p8THh3+r?O>?5wClU;@nW|{)|2fg?2z@=R-_O#vibr!9n=giUBl{y!q}M*O;0aXjKO~^vzr^>V+J)DGWZh zQdy(+h*|&M-QMa;wIO$mBKMW!hUK@b&UoEI+gCenq#RB1dTS=8jaO za?TTBk1l$&_NeHf_l%b*&#&Xytj^-o4a?KLU_Git>C;iaGx^rGbl6eweo?A>e|Mn) z2U9ey@XV_Sk;1qC$Di|62#5^oY1b3@`)av(6Jcmb0R1iaO(Z<(C)9?NA&oMx0b|%l zHFzdTr@WPMFXDI{_b6_0-ZkO2wFwUF;l?-zm1K=~&U?B?H22PUA()%!rZrAoWZNHpE}sQU1RLU}Zi1e<9%S%Boi* z_-AEN)x!SdPUWkMTN<<&-n2T4Zl5_HjbeFuAE2XnIeIk2$5lDO;)X3mfOsye;yC+x zb!B{TWQlE@Lt56cwa*fzBmfT=lCw1K<4@-g^BfSGRy5Crc3?Ls8AC{O!bD_%ilTjm zRI=yfi_0Fb#2MYbHG68*BPZEx3KB2BB(xR}9Mj3|phY&xD2Wpt2$bbAo>aacz)Uln z*IiP~4Hx!WR+|*y?MPMs$l?9@2UcfBmYH{M$w5fy(qv;EE4g-QMNB;@Tc&c3ErQ8; zzXc8~(|}u`$a=il-i%h{sH9M|;!MgXMZ%~-bys>q7iqzaRi{3KOX!~ncr5zWIHp=d z2c_w$pZ}Gz7K=6iSy|FZu#ZNLcpNuES6_w5+b&u(Gq%UX+^J$Yt}(31A0y?k++uw{ zW4iBHjrPX6NU9E~WY6YSiQ6g@ERMcaW+L3R_9EZn7gK~5Tv8Apsqc*!Obrk~K4QYV^ zS}O=GvW5H>U65)T>ei#wZf348t{kF0g#@lJM-P9L3V%G{m3_tG-H90de>UsIOpks! z)6EyB#vR^#@3Z!|>wh!v#((U=5?H?HE*-)Qtg>V5fB2`}bE(wI>JM!%;q$AyY~d{= zDi?lgyTo(3x&{MpcGaYdjrxiHY`rI^pRz=UF+5|CT#s^=NwGo=po5rF8x-`L%Yl<-)l~ ze;#@{i#_3i+=27!5Ac2#mc5==yYJ17*J0ABFE*w*?Vfn&*321tO#z=jr!Cuh(AIk4 zS9y{06&FHgaVtBqXj)!;#$-~w_ePJ~{}u65Di!Z)9G$!-rnb~S?#zsi!@qT(GB%%g z_>^-}(1*X>^c;)P6ZZNFd6{A(#<#k diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index 54641b2..99316b8 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -24,6 +24,9 @@ if [[ $EUID != 0 ]]; then exit 1 fi +# ignore this line. hack to make shellcheck ignore $target +if [[ ! $target ]]; then target=; fi + if ! type -t fcopy &>/dev/null; then sudo apt-get -y install fai-client fi @@ -185,12 +188,17 @@ EOF dns=systemd-resolved EOF - $FAI/distro-install-common/ethusb-static + + if [[ ! $FAI_WRAPPER || $SSH_CLIENT ]]; then + # for running from fai or remote connections, don't kill the internet + ethusb_arg=-c + fi if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \ && ip n show 10.2.0.1 | grep . &>/dev/null; then - : # we are at home. note: logic duplicated in btrbk-run + # we are at_home + $FAI/distro-install-common/ethusb-static $ethusb_arg else - $FAI/distro-install-common/ethusb-nm + $FAI/distro-install-common/ethusb-static off $ethusb_arg fi @@ -222,6 +230,7 @@ fi if ifclass LINODE; then mkdir -p $target/etc/initramfs-tools/conf.d + # shellcheck disable=SC2154 # comes with LINODE environment cat >$target/etc/initramfs-tools/conf.d/mine <&1 | grep -Fx "Status: install ok installed" &>/dev/null; then + apt-get -y install wget + wget -O /target/tmp/x.deb https://linux-libre.fsfla.org/pub/linux-libre/freesh/pool/main/f/freesh-archive-keyring/freesh-archive-keyring_1.1_all.deb + $ROOTCMD dpkg -i /tmp/x.deb + $ROOTCMD apt-get update + $ROOTCMD apt-get -y install linux-libre + fi ;; esac diff --git a/faiserver-disable b/faiserver-disable index 65e2aa8..74aaef8 100755 --- a/faiserver-disable +++ b/faiserver-disable @@ -1,16 +1,17 @@ #!/bin/bash -readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" -script_dir="${this_file%/*}" -# shellcheck source=./bash-trace -source "${script_dir}/bash-trace" -cd $script_dir -source "${script_dir}/bash-trace" +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" usage() { - cat </dev/null; then echo "$0: disabling fai nfs exports or apache site" ./faiserver-disable-local else - echo "$0: sshing to $(chost faiserver) to disable fai nfs exports or apache site" - ssh root@$(chost faiserver) bash >/srv/fai/nfsroot/root/.ssh/known_hosts done @@ -369,6 +362,6 @@ echo "c0:2345:respawn:/sbin/agetty 115200 ttyS0 linux" >>/srv/fai/nfsroot/etc/in # the logsave prompted because the hostname faiserver was uknown. # Here it was faiserver.lan when running from a faiserver vm. # When running from a normal host with faiserver alias, it was the normal hosts name. -$sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts +$sed 's/(^[^,]+,)\S+/\1faiserver.b8.nz/' /srv/fai/nfsroot/root/.ssh/known_hosts # ditch the logo banner up top which screws with less. touch /srv/fai/nfsroot/.nocolorlogo diff --git a/faiserver-uninstall b/faiserver-uninstall index 71a4ea0..8392b35 100755 --- a/faiserver-uninstall +++ b/faiserver-uninstall @@ -15,20 +15,25 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 set -eE -o pipefail -trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR -[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@" usage() { - cat </dev/null || continue if [[ -e $dir/boot ]]; then dir=$dir/boot fi - e install -m 755 -o root -g root bash-trace $dir e install -m 755 -o root -g root chboot $dir done e umount $mount_point diff --git a/lk b/lk index b757fcc..3364717 100755 --- a/lk +++ b/lk @@ -74,4 +74,4 @@ fi # I don't know whats going on, but just running the same # command again once it finishes works, and this is only # rarely used and done manually anyways, so whatever. -pxe-kexec -n --ignore-whitelist -l fai-generated faiserver +pxe-kexec -n --ignore-whitelist -l fai-generated faiserver.b8.nz diff --git a/mk-basefile-big b/mk-basefile-big index 95d2e9f..1a6b6a9 100755 --- a/mk-basefile-big +++ b/mk-basefile-big @@ -16,11 +16,13 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@" +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" +set -e; . /usr/local/lib/bash-bear; set +e -x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" -x="$(readlink -f -- "$BASH_SOURCE")"; PATH="${x%/*}:$PATH" # directory of this file +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +PATH="$this_dir:$PATH" # directory of this file usage() { cat < /srv/fai/config/class/51-multi-boot rm -rf $t; mkdir -p $t +# shellcheck disable=SC1007 # intentional LANG= fai -N -u hostname_does_not_matter dirinstall $t # Turn a dirinstall into a basefile. taken from mk-basefile diff --git a/myfai-chboot b/myfai-chboot index a653ae6..aa3c088 100755 --- a/myfai-chboot +++ b/myfai-chboot @@ -19,13 +19,15 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR -x=$(readlink -f "$BASH_SOURCE"); cd ${x%/*} +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" usage() { - cat </dev/null; then ./myfai-chboot-local "$@" else diff --git a/myfai-chboot-local b/myfai-chboot-local index 7dea8f2..ca4d32e 100755 --- a/myfai-chboot-local +++ b/myfai-chboot-local @@ -130,7 +130,7 @@ else fi if modprobe nfsd &>/dev/null; then - std_arg="-u nfs://faiserver/srv/fai/config" + std_arg="-u nfs://faiserver.b8.nz/srv/fai/config" # nfsv4 wont do rw with overlayfs yet # https://lists.uni-koeln.de/pipermail/linux-fai/2017-March/011641.html root_arg="$my_ip:/srv/fai/nfsroot:vers=3" @@ -150,9 +150,9 @@ EOF fi systemctl start nfs-server # assumes recent os else - std_arg="-u http://faiserver:8080/config.tar.gz" - root_arg="live:http://faiserver:8080/squash.img" - /a/exe/web-conf -i -p 8080 - apache2 faiserver < Deny from all Allow from $ip @@ -169,7 +169,7 @@ kernel=$(fai-chboot -L '^default$' | awk '{print $3}') default_k_args=$(fai-chboot -L '^default$' | \ sed -r "s/^(\S+\s+){3}(.*)/\2/") # example of default_k_args -# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config FAI_ACTION=install +# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config FAI_ACTION=install # https://wiki.archlinux.org/index.php/Solid_state_drive#Resolving_NCQ_errors # currently on needed on d16 samsung 870 qvo, but better to have this diff --git a/mymk-basefile b/mymk-basefile index 9dc7b14..1f32665 100755 --- a/mymk-basefile +++ b/mymk-basefile @@ -16,12 +16,15 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" -script_dir="${x%/*}" +set -e; . /usr/local/lib/bash-bear; set +e + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" usage() { - cat <&2' ERR [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" -x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*} +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" usage() { - cat <&2;exit 1;}; . $f +set -e; . /usr/local/lib/bash-bear; set +e + usage() { cat < $(date +%s) )); then + if ! (( $(date -r ${f[0]} +%s) + 60*60*24 > $(date +%s) )); then if ! opkg update; then echo "$0: warning: opkg update failed" >&2 fi @@ -157,7 +159,7 @@ pi() { pmirror fi done - if [[ $to_install ]]; then + if (( ${#to_install[@]} >= 1 )); then opkg install ${to_install[@]} fi } @@ -238,7 +240,7 @@ fi if $secrets; then key=${rkey[$h]} fi -: ${key:=pictionary49} +: "${key:=pictionary49}" mask=255.255.0.0 cidr=16 @@ -536,8 +538,7 @@ EOF # option config /etc/openvpn/client.conf # EOF -wgip4=10.3.0.1/24 -wgip6=fdfd::1/64 + wgport=26000 network_restart=false @@ -577,10 +578,10 @@ if $network_restart; then v /etc/init.d/network reload fi -firewall-cedit() { - if $client; then - cedit wific /etc/config/firewall < Date: Tue, 21 May 2024 20:12:20 -0400 Subject: [PATCH 16/16] bug fix --- fai/config/distro-install-common/ethusb-static | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fai/config/distro-install-common/ethusb-static b/fai/config/distro-install-common/ethusb-static index f6cdd62..c55b93d 100755 --- a/fai/config/distro-install-common/ethusb-static +++ b/fai/config/distro-install-common/ethusb-static @@ -99,7 +99,10 @@ dns=8.8.8.4;8.8.8.8;" exit 1 fi else - ip=$(getent ahostsv4 $HOSTNAME.office.fsf.org | awk '{ print $1 }' | head -n1) + if ! type -p dig &>/dev/null; then + apt-get install dig + fi + ip=$(dig +short @192.168.0.25 $HOSTNAME.office.fsf.org) net_info="address1=$ip/24,192.168.0.1 dns=192.168.0.10;192.168.0.25;" fi -- 2.30.2