From 839b3cf02ad7e8900b3d685d54449f11e7b60b60 Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Wed, 17 Apr 2024 22:19:50 -0400
Subject: [PATCH 01/16] more complete copyright notices
---
README | 17 +++++++++++++++++
encrypt | 7 +++++++
encrypt.upstream | 4 ++++
fai/config/distro-install-common/devbyid | 16 ++++++++++++++++
myfai-chboot | 16 ++++++++++++++++
myfai-chboot-local | 17 +++++++++++++++++
mymk-basefile | 16 ++++++++++++++++
wrt-init | 17 +++++++++++++++++
wrt-setup-local | 4 ++--
9 files changed, 112 insertions(+), 2 deletions(-)
diff --git a/README b/README
index 5d8a7c2..da28e4e 100644
--- a/README
+++ b/README
@@ -1,3 +1,20 @@
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
PXE install w multi-boot, btrfs & Libreboot support
Some things are specific to my home network, and uses files with secrets
diff --git a/encrypt b/encrypt
index 89cc95f..9f80d34 100644
--- a/encrypt
+++ b/encrypt
@@ -1,4 +1,11 @@
#!/usr/bin/ash
+
+# This file is a modification of the file encrypt in cryptsetup package
+# in arch. The original version is encrypt.upstream in the repo at
+# https://iankelling.org/git/?p=automated-distro-installer. It did not
+# come with a license notice in the file, but I remember that it is
+# GPLv2-or-later.
+
run_hook() {
set -x
echo $0
diff --git a/encrypt.upstream b/encrypt.upstream
index 819c4cf..39c8f16 100644
--- a/encrypt.upstream
+++ b/encrypt.upstream
@@ -1,5 +1,9 @@
#!/usr/bin/ash
+# This file is from the cryptsetup package in arch. The only
+# modification is this comment. It did not come with a license notice in
+# the file, but I remember that it is GPLv2-or-later.
+
run_hook() {
modprobe -a -q dm-crypt >/dev/null 2>&1
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
diff --git a/fai/config/distro-install-common/devbyid b/fai/config/distro-install-common/devbyid
index af97643..733b840 100755
--- a/fai/config/distro-install-common/devbyid
+++ b/fai/config/distro-install-common/devbyid
@@ -1,4 +1,20 @@
#!/bin/bash
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# input eg: /dev/sda1 or /dev/sda
# output: /dev/disk/by-id/model+serial, or if no link exists, the same as input
diff --git a/myfai-chboot b/myfai-chboot
index 308b1c7..743859a 100755
--- a/myfai-chboot
+++ b/myfai-chboot
@@ -1,4 +1,20 @@
#!/bin/bash
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
diff --git a/myfai-chboot-local b/myfai-chboot-local
index c631d56..4cef9a5 100755
--- a/myfai-chboot-local
+++ b/myfai-chboot-local
@@ -1,4 +1,21 @@
#!/bin/bash
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
# note, this script gets piped to bash, so cant cd to current dir
[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
diff --git a/mymk-basefile b/mymk-basefile
index 3aef5b5..62f2924 100755
--- a/mymk-basefile
+++ b/mymk-basefile
@@ -1,4 +1,20 @@
#!/bin/bash
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
script_dir="${x%/*}"
diff --git a/wrt-init b/wrt-init
index c222a5c..45425b6 100755
--- a/wrt-init
+++ b/wrt-init
@@ -1,4 +1,21 @@
#!/bin/sh
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
set -xe
# librecmc 1.5.1 is missing nfs-kernel-server and screen
source /etc/os-release
diff --git a/wrt-setup-local b/wrt-setup-local
index d9f11ab..a5fd911 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -876,7 +876,7 @@ config redirect
option src wan
option src_dport 80
option dest lan
- option dest_ip $l.12
+ option dest_ip $l.7
option proto tcp
config rule
option src wan
@@ -889,7 +889,7 @@ config redirect
option src wan
option src_dport 443
option dest lan
- option dest_ip $l.12
+ option dest_ip $l.7
option proto tcp
config rule
option src wan
--
2.30.2
From 8bb06901ce000f76dafc73288e1fe47c3032e4af Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Wed, 17 Apr 2024 22:29:57 -0400
Subject: [PATCH 02/16] more complete copyright notices
---
fai/config/scripts/DEBIAN/11-iank | 16 ++++++++++++++++
fai/config/scripts/FSF/11-iank | 16 ++++++++++++++++
fai/config/scripts/IANK/11-iank | 16 ++++++++++++++++
3 files changed, 48 insertions(+)
diff --git a/fai/config/scripts/DEBIAN/11-iank b/fai/config/scripts/DEBIAN/11-iank
index 119f354..69b9afe 100755
--- a/fai/config/scripts/DEBIAN/11-iank
+++ b/fai/config/scripts/DEBIAN/11-iank
@@ -1,4 +1,20 @@
#!/bin/bash -x
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
diff --git a/fai/config/scripts/FSF/11-iank b/fai/config/scripts/FSF/11-iank
index 8a33d6f..08a7171 100755
--- a/fai/config/scripts/FSF/11-iank
+++ b/fai/config/scripts/FSF/11-iank
@@ -1,4 +1,20 @@
#!/bin/bash -x
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank
index 1aa9740..9879863 100755
--- a/fai/config/scripts/IANK/11-iank
+++ b/fai/config/scripts/IANK/11-iank
@@ -1,4 +1,20 @@
#!/bin/bash -x
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
--
2.30.2
From a15c2ba88789fd9a37bd5a860fda1b3877999421 Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Wed, 17 Apr 2024 22:58:40 -0400
Subject: [PATCH 03/16] split out stable kernel install into separate script
---
.../install-stable-kernel-debs | 56 +++++++++++++++++++
fai/config/scripts/IANK/11-iank | 36 ++----------
2 files changed, 61 insertions(+), 31 deletions(-)
create mode 100755 fai/config/distro-install-common/install-stable-kernel-debs
diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-stable-kernel-debs
new file mode 100755
index 0000000..8377490
--- /dev/null
+++ b/fai/config/distro-install-common/install-stable-kernel-debs
@@ -0,0 +1,56 @@
+#!/bin/bash -x
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+tmpdir=$(mktemp -d) || exit
+trap 'cd; rm -rf "$tmpdir"' EXIT
+cd $tmpdir
+
+# update ver= when we are ready to jump to a new stable kernel.
+# note: this is duplicated in 11-iank.
+# Stable kernels are listed here: https://www.kernel.org/category/releases.html
+ver='6\.6'
+va=$(curl -s https://kernel.ubuntu.com/mainline/ | \
+ sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
+ grep -v -- -rc | sed 's/^v//' | grep "^$ver" | sort -V | tail -n1)
+
+# note the wiki page about these says to install linux-headers.*generic.*amd64, but
+# as of 2024, they have a requirement of a very new glibc, and people report
+# that installing it is not needed.
+tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' )
+mapfile -t pkgs <<<"$tmpstr"
+
+if (( ${#pkgs[@]} != 3 )); then
+ echo "$0: error. expected to find 3 kernel packages, got: ${pkgs[*]}" >&2
+ exit 1
+fi
+
+urls=()
+for p in ${pkgs[@]}; do
+ if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p)
+ fi
+done
+if (( ${#urls[@]} >= 1 )); then
+ wget "${urls[@]}"
+ dpkg -i *.deb
+fi
diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank
index 9879863..6c9c9bf 100755
--- a/fai/config/scripts/IANK/11-iank
+++ b/fai/config/scripts/IANK/11-iank
@@ -225,38 +225,12 @@ EOF
fi
# for new btrfs features, get latest stable kernel and btrfs progs,
-# update ver= as needed.
+# update ver= when we are ready to jump to a new stable kernel.
+# note: this is duplicated in install-stable-kernel-debs.
+ver='6\.6'
case $HOSTNAME in
sy)
- mkdir -p $FAI_ROOT/tmp/kernel-debs
- files=($FAI_ROOT/tmp/kernel-debs/*)
- if (( ${#files[@]} >= 1 )); then
- rm -rf "${files[@]}"
- fi
- cd $FAI_ROOT/tmp/kernel-debs
- ver='6\.6'
- va=$(curl -s https://kernel.ubuntu.com/mainline/ | \
- sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
- grep -v -- -rc | sed 's/^v//' | grep "^$ver" | sort -V | tail -n1)
-
- # note the wiki page about these says to install linux-headers.*generic.*amd64, but
- # as of 2024, they have a requirement of a very new glibc, and people report
- # that installing it is not needed.
- pkgs=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' )
-
- urls=()
- for p in $pkgs; do
- if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
- urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p)
- fi
- done
- if (( ${#urls[@]} >= 1 )); then
- wget "${urls[@]}"
- $chroot bash </dev/null | awk '{print $2}') ||:
if [[ $ver != "$cur_ver" ]]; then
- if [[ $HOST2 == $HOSTNAME && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
+ if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
rm -rf $bprogs_dir
cd /tmp
wget $url
--
2.30.2
From 3689844021231feed124fc02f46d66f11e0e4a67 Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Thu, 18 Apr 2024 02:13:24 -0400
Subject: [PATCH 04/16] fix regression
---
fai/config/scripts/IANK/11-iank | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank
index 6c9c9bf..0c26e52 100755
--- a/fai/config/scripts/IANK/11-iank
+++ b/fai/config/scripts/IANK/11-iank
@@ -230,7 +230,7 @@ fi
ver='6\.6'
case $HOSTNAME in
sy)
- ./fai/config/distro-install-common/install-stable-kernel-debs
+ $FAI/distro-install-common/install-stable-kernel-debs
;;
*)
$chroot apt-get -y install linux-libre
--
2.30.2
From 8716af32fa1f2822286917a1acf399d80df824be Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Thu, 18 Apr 2024 08:12:32 -0400
Subject: [PATCH 05/16] use latest btrfs-progs to match linux-libre
---
.../distro-install-common/install-stable-kernel-debs | 9 ++++-----
fai/config/scripts/IANK/11-iank | 8 ++------
2 files changed, 6 insertions(+), 11 deletions(-)
diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-stable-kernel-debs
index 8377490..c024796 100755
--- a/fai/config/distro-install-common/install-stable-kernel-debs
+++ b/fai/config/distro-install-common/install-stable-kernel-debs
@@ -25,13 +25,12 @@ tmpdir=$(mktemp -d) || exit
trap 'cd; rm -rf "$tmpdir"' EXIT
cd $tmpdir
-# update ver= when we are ready to jump to a new stable kernel.
-# note: this is duplicated in 11-iank.
+# update stable_ver when we are ready to jump to a new stable kernel.
# Stable kernels are listed here: https://www.kernel.org/category/releases.html
-ver='6\.6'
+stable_ver='6\.6'
va=$(curl -s https://kernel.ubuntu.com/mainline/ | \
sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
- grep -v -- -rc | sed 's/^v//' | grep "^$ver" | sort -V | tail -n1)
+ grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1)
# note the wiki page about these says to install linux-headers.*generic.*amd64, but
# as of 2024, they have a requirement of a very new glibc, and people report
@@ -52,5 +51,5 @@ for p in ${pkgs[@]}; do
done
if (( ${#urls[@]} >= 1 )); then
wget "${urls[@]}"
- dpkg -i *.deb
+ dpkg -i ./*.deb
fi
diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank
index 0c26e52..6efc767 100755
--- a/fai/config/scripts/IANK/11-iank
+++ b/fai/config/scripts/IANK/11-iank
@@ -224,10 +224,6 @@ EOF
fi
-# for new btrfs features, get latest stable kernel and btrfs progs,
-# update ver= when we are ready to jump to a new stable kernel.
-# note: this is duplicated in install-stable-kernel-debs.
-ver='6\.6'
case $HOSTNAME in
sy)
$FAI/distro-install-common/install-stable-kernel-debs
@@ -239,10 +235,10 @@ esac
pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs
tarball=$(curl -s $pre/sha256sums.asc \
- | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v${ver}.*gz\$" | sort -V | tail -n1)
+ | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1)
url="$pre/$tarball"
dir=${tarball%.tar.gz}
-ver=${dir#btrfs-progs}
+ver=${dir#btrfs-progs-}
cur_ver=$(btrfs --version 2>/dev/null | awk '{print $2}') ||:
if [[ $ver != "$cur_ver" ]]; then
if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
--
2.30.2
From 55a745005e7af1e3633b286d5ac1a28ba4fac6ce Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Mon, 22 Apr 2024 00:28:22 -0400
Subject: [PATCH 06/16] unify dns related config, change some dns settings
---
wrt-setup | 2 +-
wrt-setup-local | 107 ++++--------------------------------------------
2 files changed, 10 insertions(+), 99 deletions(-)
diff --git a/wrt-setup b/wrt-setup
index 83b1c76..7b549ae 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -77,7 +77,7 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-loc
#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
- /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /b/ds/ptr-data /b/bash-bear-trap/bash-bear $h:
+ /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/ptr-data /p/dnsmasq-data /b/bash-bear-trap/bash-bear $h:
scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
diff --git a/wrt-setup-local b/wrt-setup-local
index a5fd911..aabfca3 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -684,20 +684,6 @@ config rule
option target ACCEPT
option dest_port 9091
-
-config redirect
- option name nagioskd
- option src wan
- option src_dport 3005
- option dest_port 3005
- option dest_ip $l.2
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 3005
-
-
config redirect
option name sshkd
option src wan
@@ -761,24 +747,12 @@ config rule
option target ACCEPT
option dest_port 2207
-config redirect
- option name sshtp
- option src wan
- option src_dport 2208
- option dest_port 22
- option dest_ip $l.8
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2208
-
config redirect
option name sshbb8
option src wan
option src_dport 2209
option dest_port 22
- option dest_ip $l.9
+ option dest_ip $l.32
option dest lan
config rule
option src wan
@@ -796,7 +770,7 @@ config redirect
config rule
option src wan
option target ACCEPT
- option dest_port 2228
+ option dest_port 2234
config redirect
@@ -1113,32 +1087,13 @@ EOF
# https dns will need to be blocked by ip in
# order to be comprehensive
+
cedit /etc/unbound/unbound_ext.conf <
Date: Mon, 22 Apr 2024 12:00:34 -0400
Subject: [PATCH 07/16] update file path
---
wrt-setup | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wrt-setup b/wrt-setup
index 7b549ae..ec91ed7 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -77,7 +77,7 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-loc
#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
- /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/ptr-data /p/dnsmasq-data /b/bash-bear-trap/bash-bear $h:
+ /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/dnsmasq-data /b/bash-bear-trap/bash-bear $h:
scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
--
2.30.2
From 314427781d140b925797ca3a85e7aebeb600f24d Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Mon, 22 Apr 2024 12:00:57 -0400
Subject: [PATCH 08/16] prepare for new host
---
fai/config/hooks/partition.DEFAULT | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index 9adaa76..63235f1 100755
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -180,7 +180,7 @@ bpart() { # btrfs a partition
zilap() {
case $HOSTNAME in
- sy|bo)
+ sy|bo|so)
return 0
;;
esac
--
2.30.2
From 936324619541130f4ab07bd4633f48eb81812613 Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Mon, 22 Apr 2024 12:01:10 -0400
Subject: [PATCH 09/16] further bookworm support
---
fai-revm | 2 +-
fai/config/class/FAIBASE.var | 2 +-
fai/config/distro-install-common/end | 2 +-
.../distro-install-common/libreboot_grub.cfg | 6 +-
.../files/etc/fai/nfsroot.conf/FAISERVER | 2 +-
.../faicheck.service/VOL_BOOKWORM_BOOTSTRAP | 1 +
.../root/fai-check/VOL_BOOKWORM_BOOTSTRAP | 128 +++++++++++++++++
.../root/fai-check/VOL_BULLSEYE_BOOTSTRAP | 129 +-----------------
fai/config/hooks/instsoft.DEFAULT | 2 +-
fai/config/hooks/partition.DEFAULT | 10 +-
fai/config/package_config/DEBIAN | 2 +-
fai/config/scripts/IANK/11-iank | 2 +-
faiserver-setup | 6 +-
mymk-basefile | 1 +
14 files changed, 150 insertions(+), 145 deletions(-)
create mode 120000 fai/config/files/etc/systemd/system/faicheck.service/VOL_BOOKWORM_BOOTSTRAP
create mode 100755 fai/config/files/root/fai-check/VOL_BOOKWORM_BOOTSTRAP
mode change 100755 => 120000 fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP
diff --git a/fai-revm b/fai-revm
index 8bfb970..050ecda 100755
--- a/fai-revm
+++ b/fai-revm
@@ -140,7 +140,7 @@ else
BASEFILE_DIR=/tmp
fi
isopath=$BASEFILE_DIR/$iso
- isosrc=$BASEFILE_DIR/BULLSEYE64.tar.gz
+ isosrc=$BASEFILE_DIR/BOOKWORM64.tar.gz
if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then
e fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath
fi
diff --git a/fai/config/class/FAIBASE.var b/fai/config/class/FAIBASE.var
index dabfb06..34d95ac 100644
--- a/fai/config/class/FAIBASE.var
+++ b/fai/config/class/FAIBASE.var
@@ -21,4 +21,4 @@ MAXPACKAGES=800
#USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
# set a default
-FAI_DEBOOTSTRAP="bullseye http://deb.debian.org/debian"
+FAI_DEBOOTSTRAP="bookworm http://deb.debian.org/debian"
diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end
index 8ad84c9..f9a0840 100755
--- a/fai/config/distro-install-common/end
+++ b/fai/config/distro-install-common/end
@@ -32,7 +32,7 @@ au() { # add user. i don't use adduser for portability
# only setup root pass for bootstrap vol
-if ifclass VOL_BULLSEYE_BOOTSTRAP; then
+if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then
exit 0
fi
diff --git a/fai/config/distro-install-common/libreboot_grub.cfg b/fai/config/distro-install-common/libreboot_grub.cfg
index d9dde28..5f4d722 100644
--- a/fai/config/distro-install-common/libreboot_grub.cfg
+++ b/fai/config/distro-install-common/libreboot_grub.cfg
@@ -14,7 +14,7 @@ function save_chosen {
}
# fai_check is so we can act like a pxe boot, but just for fai, and by
-# using /bullseye_bootstrap to do it. We toggle on and off the grub var
+# using /bookworm_bootstrap to do it. We toggle on and off the grub var
# did_fai_check so we can do the check every other boot. Then
# /debian_bootstrap checks for that var on boot and if we want to do a
# fai check, it does it, then reboots. But fai-check also sets
@@ -25,7 +25,7 @@ function save_chosen {
# We don't set this to fai check so we can't get into
# an infinite reboot cycle. We depend on the os to
# create the initial grubenv file.
-set default=/debianbullseye_bootstrap # could use 0 here.
+set default=/debianbookworm_bootstrap # could use 0 here.
set timeout=1
# grub_extn
@@ -44,7 +44,7 @@ done
did_fai_check=false
-bs_dir=/debianbullseye_bootstrap
+bs_dir=/debianbookworm_bootstrap
menuentry $bs_dir --id=$bs_dir {
# note, we might be able to use $chosen and avoid setting this here,
# and set it inside save_chosen. but I haven't tested it,
diff --git a/fai/config/files/etc/fai/nfsroot.conf/FAISERVER b/fai/config/files/etc/fai/nfsroot.conf/FAISERVER
index 72491fd..e176a6d 100644
--- a/fai/config/files/etc/fai/nfsroot.conf/FAISERVER
+++ b/fai/config/files/etc/fai/nfsroot.conf/FAISERVER
@@ -1,7 +1,7 @@
# For a detailed description see nfsroot.conf(5)
# " " for debootstrap
-FAI_DEBOOTSTRAP="bullseye http://deb.debian.org/debian"
+FAI_DEBOOTSTRAP="bookworm http://deb.debian.org/debian"
FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
NFSROOT=/srv/fai/nfsroot
diff --git a/fai/config/files/etc/systemd/system/faicheck.service/VOL_BOOKWORM_BOOTSTRAP b/fai/config/files/etc/systemd/system/faicheck.service/VOL_BOOKWORM_BOOTSTRAP
new file mode 120000
index 0000000..82dea76
--- /dev/null
+++ b/fai/config/files/etc/systemd/system/faicheck.service/VOL_BOOKWORM_BOOTSTRAP
@@ -0,0 +1 @@
+VOL_BULLSEYE_BOOTSTRAP
\ No newline at end of file
diff --git a/fai/config/files/root/fai-check/VOL_BOOKWORM_BOOTSTRAP b/fai/config/files/root/fai-check/VOL_BOOKWORM_BOOTSTRAP
new file mode 100755
index 0000000..ebbedbe
--- /dev/null
+++ b/fai/config/files/root/fai-check/VOL_BOOKWORM_BOOTSTRAP
@@ -0,0 +1,128 @@
+#!/bin/bash
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+#set -x
+
+usage() {
+ cat < deadline )); then
+ echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout"
+ return 0
+ fi
+ sleep 1
+ done
+ m pxe-kexec -n --ignore-whitelist -l fai-generated $faiserver ||:
+}
+
+force=false
+case $1 in
+ -h|--help)
+ usage
+ ;;
+ -f|--force)
+ force=true
+ shift
+ ;;
+esac
+
+faiserver=${1:-faiserver.b8.nz}
+
+
+if $force; then
+ try-kexec
+ exit
+fi
+
+# on one machine, I could do this:
+# dmidecode -t system | grep -F "Version: ThinkPad X200"
+# however, on another, the version field just says invalid data.
+# todo: figure out some better way to check if we are on
+# an x200.
+
+if ! dmidecode | grep -i thinkpad &>/dev/null; then
+ echo "not x200, exiting"
+ exit 0
+fi
+
+first=true
+for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \
+ |sort); do
+ echo dev=$dev
+ found=false
+ # Decide which is my grub_ext partition. see partition.DEFAULT file
+ # for details. currently it is 4
+ for (( i=4; i<=7; i++ )); do
+ if [[ $(blockdev --getsize64 ${dev}$i) == 8388608 ]]; then
+ grub_extn=${dev}$i
+ found=true
+ echo grub_extn=$grub_extn
+ break
+ fi
+ done
+ if ! $found; then
+ echo "$0: error: failed to find grub_ext partition."
+ exit 1
+ fi
+ m mount $grub_extn /mnt
+ if $first; then
+ if [[ -e /mnt/grubenv ]]; then
+ m grub-editenv /mnt/grubenv list
+ source <(grub-editenv /mnt/grubenv list)
+ fi
+ first=false
+ # we could just as well check if last_boot != /debianbullseye_bootstrap
+ # the intent with this one is just a little clearer.
+ if [[ $did_fai_check == true ]]; then
+ m grub-editenv /mnt/grubenv set did_fai_check=os_true
+ # our service does not wait for network-online.target,
+ # because it will wait for too long when we don't have a network
+ # connection. So, we wait for 10 seconds.
+ # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
+ try-kexec ||:
+ fi
+ else
+ # we make sure there is only 1 grubenv,
+ # so grub can just find the first one, in whatever order
+ # if looks at them, which may not be the same as us.
+ # If the disk dies, we just lose the default boot option,
+ # we will have to do manual steps to replace it anyways.
+ m rm -f /mnt/gruvenv
+ fi
+ m umount /mnt
+done
+
+# the check for last_boot is not needed afaik, just sanity check.
+case $did_fai_check in
+ true|os_true)
+ if [[ $last_boot != /debian*_bootstrap ]]; then
+ # no need to reboot if we actually want to boot into this os.
+ echo "last_boot=$last_boot not debian*_bootstrap, rebooting"
+ reboot
+ fi
+esac
diff --git a/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP b/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP
deleted file mode 100755
index 34f682f..0000000
--- a/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP
+++ /dev/null
@@ -1,128 +0,0 @@
-#!/bin/bash
-
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-
-#set -x
-
-usage() {
- cat < deadline )); then
- echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout"
- return 0
- fi
- sleep 1
- done
- m pxe-kexec -n --ignore-whitelist -l fai-generated $faiserver ||:
-}
-
-force=false
-case $1 in
- -h|--help)
- usage
- ;;
- -f|--force)
- force=true
- shift
- ;;
-esac
-
-faiserver=${1:-faiserver.b8.nz}
-
-
-if $force; then
- try-kexec
- exit
-fi
-
-# on one machine, I could do this:
-# dmidecode -t system | grep -F "Version: ThinkPad X200"
-# however, on another, the version field just says invalid data.
-# todo: figure out some better way to check if we are on
-# an x200.
-
-if ! dmidecode | grep -i thinkpad &>/dev/null; then
- echo "not x200, exiting"
- exit 0
-fi
-
-first=true
-for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \
- |sort); do
- echo dev=$dev
- found=false
- # Decide which is my grub_ext partition. see partition.DEFAULT file
- # for details. currently it is 4
- for (( i=4; i<=7; i++ )); do
- if [[ $(blockdev --getsize64 ${dev}$i) == 8388608 ]]; then
- grub_extn=${dev}$i
- found=true
- echo grub_extn=$grub_extn
- break
- fi
- done
- if ! $found; then
- echo "$0: error: failed to find grub_ext partition."
- exit 1
- fi
- m mount $grub_extn /mnt
- if $first; then
- if [[ -e /mnt/grubenv ]]; then
- m grub-editenv /mnt/grubenv list
- source <(grub-editenv /mnt/grubenv list)
- fi
- first=false
- # we could just as well check if last_boot != /debianbullseye_bootstrap
- # the intent with this one is just a little clearer.
- if [[ $did_fai_check == true ]]; then
- m grub-editenv /mnt/grubenv set did_fai_check=os_true
- # our service does not wait for network-online.target,
- # because it will wait for too long when we don't have a network
- # connection. So, we wait for 10 seconds.
- # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
- try-kexec ||:
- fi
- else
- # we make sure there is only 1 grubenv,
- # so grub can just find the first one, in whatever order
- # if looks at them, which may not be the same as us.
- # If the disk dies, we just lose the default boot option,
- # we will have to do manual steps to replace it anyways.
- m rm -f /mnt/gruvenv
- fi
- m umount /mnt
-done
-
-# the check for last_boot is not needed afaik, just sanity check.
-case $did_fai_check in
- true|os_true)
- if [[ $last_boot != /debianbullseye_bootstrap ]]; then
- # no need to reboot if we actually want to boot into this os.
- echo "last_boot not debianbullseye_bootstrap, rebooting"
- reboot
- fi
-esac
diff --git a/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP b/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP
new file mode 120000
index 0000000..18c54eb
--- /dev/null
+++ b/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP
@@ -0,0 +1 @@
+VOL_BOOKWORM_BOOTSTRAP
\ No newline at end of file
diff --git a/fai/config/hooks/instsoft.DEFAULT b/fai/config/hooks/instsoft.DEFAULT
index 3bf0f62..42f9739 100755
--- a/fai/config/hooks/instsoft.DEFAULT
+++ b/fai/config/hooks/instsoft.DEFAULT
@@ -3,7 +3,7 @@
# These are things we can do before package_config packages get installed.
# exit for any vm except demohost, or if we are doing a dirinstall
-if ifclass VM && ! ifclass demohost || ifclass VOL_BULLSEYE_BOOTSTRAP || [[ ! $FAI_ACTION || $FAI_ACTION = dirinstall ]]; then
+if ifclass VM && ! ifclass demohost || ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP || [[ ! $FAI_ACTION || $FAI_ACTION = dirinstall ]]; then
exit 0
fi
diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index 63235f1..18f5a23 100755
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -272,7 +272,7 @@ mktab() {
dev=${boot_devs[0]}
fstabstd="x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s"
- if [[ $DISTRO == debianbullseye_bootstrap ]]; then
+ if [[ $DISTRO == *_bootstrap ]]; then
cat > /tmp/fai/fstab <
Date: Wed, 24 Apr 2024 00:55:55 -0400
Subject: [PATCH 10/16] a bunch of fixes and improvements
---
README | 20 ++-
fai-redep | 7 +-
fai-revm | 2 +-
fai/config/distro-install-common/end | 5 +-
.../install-stable-kernel-debs | 31 +++-
fai/config/hooks/partition.DEFAULT | 4 +-
fai/config/hooks/updatebase.UBUNTU | 10 +-
fai/config/package_config/ARAMO.gpg | Bin 0 -> 3471 bytes
fai/config/package_config/NABIA.gpg | 1 +
fai/config/package_config/STANDARD | 6 +-
fai/config/package_config/readme | 2 +
fai/config/scripts/DEBIAN/11-iank | 30 +++-
fai/config/scripts/IANK/11-iank | 137 ++++++++++--------
faiserver-setup | 6 +-
mk-basefile-big | 2 +-
myfai-chboot | 18 ++-
myfai-chboot-local | 56 ++++---
17 files changed, 227 insertions(+), 110 deletions(-)
create mode 100644 fai/config/package_config/ARAMO.gpg
create mode 120000 fai/config/package_config/NABIA.gpg
create mode 100644 fai/config/package_config/readme
diff --git a/README b/README
index da28e4e..6d097f9 100644
--- a/README
+++ b/README
@@ -128,7 +128,7 @@ archlike-pxe # Setup pxe boot server from an archlike base image
fai-redep # Deploy fai configuration to host "faiserver"
faiserver-uninstall # uninstall fai-server
faiserver-setup # install fai-server on the current machine
-myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec
+myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec or booting from a fai-cd.
pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot
wrt-setup # setup my router in general: dhcp, dns, etc.
@@ -191,6 +191,24 @@ ERROR: Kernel modules directory /lib/modules/5.10.0-8-amd not available. Only fo
solution: if running from fai-cd, recreate autodiscover cd as noted above in setup.
+## Weird package dependency errors
+
+for example: in fai.log, within instsoft.DEBIAN
+```
+The following packages have unmet dependencies:
+ libc6 : Breaks: locales (< 2.36) but 2.35-0ubuntu3.7+11.0trisquel1 is to be installed
+```
+
+In this case, it was because the basefile was missing, and so instead
+fai decided to use the wrong basefile.
+
+for example: in fai.log, within instsoft.DEBIAN
+
+```
+ftar: No matching class found in /var/lib/fai/config/basefiles//
+ftar: extracting /var/tmp/base.tar.zst to /target/
+```
+
# What good logs look like:
logging nfs traffic from server
diff --git a/fai-redep b/fai-redep
index 5e08b2f..8e5919d 100755
--- a/fai-redep
+++ b/fai-redep
@@ -75,8 +75,7 @@ rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh
rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD
-
-m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /a/opt/btrfs-progs-release "${rpre[@]}"/srv
+m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "${rpre[@]}"/srv
# todo: automatically disable faiserver after a period so
# these files are not available.
@@ -102,6 +101,8 @@ else
rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common
fi
+rsync -rlpt --delete /a/opt/btrfs-progs-release "${rpre[@]}"/srv/fai/config/distro-install-common
+
dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
if [[ -e ${dirs[0]} ]]; then
rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common
@@ -114,4 +115,4 @@ printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
$faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe
-rsync -rplt --include '/*.gz' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/
+m rsync -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/
diff --git a/fai-revm b/fai-revm
index 050ecda..2ce0102 100755
--- a/fai-revm
+++ b/fai-revm
@@ -140,7 +140,7 @@ else
BASEFILE_DIR=/tmp
fi
isopath=$BASEFILE_DIR/$iso
- isosrc=$BASEFILE_DIR/BOOKWORM64.tar.gz
+ isosrc=$BASEFILE_DIR/BOOKWORM64.tar.zst
if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then
e fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath
fi
diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end
index f9a0840..2455ece 100755
--- a/fai/config/distro-install-common/end
+++ b/fai/config/distro-install-common/end
@@ -32,7 +32,9 @@ au() { # add user. i don't use adduser for portability
# only setup root pass for bootstrap vol
-if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then
+# for bootstrap vol, we only use root user
+if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
+ sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
exit 0
fi
@@ -74,6 +76,7 @@ if getent group sudo >/dev/null; then
$ROOTCMD usermod -aG sudo iank
fi
+mkdir -p $target/etc/sudoers.d
cat >$target/etc/sudoers.d/ianksudoers <<'EOF'
Defaults timestamp_timeout=1440
# used in bashrc
diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-stable-kernel-debs
index c024796..db7abcf 100755
--- a/fai/config/distro-install-common/install-stable-kernel-debs
+++ b/fai/config/distro-install-common/install-stable-kernel-debs
@@ -1,4 +1,4 @@
-#!/bin/bash -x
+#!/bin/bash
# This file is part of Ian Kelling's automated-distro-installer
# Copyright (C) 2024 Ian Kelling
@@ -21,13 +21,30 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-tmpdir=$(mktemp -d) || exit
-trap 'cd; rm -rf "$tmpdir"' EXIT
-cd $tmpdir
+set -x
+
+prereqs=()
+for p in wget curl; do
+ if ! type -p $p &>/dev/null; then
+ prereqs+=($p)
+ fi
+done
+if (( ${#prereqs[@]} >= 1 )); then
+ apt-get -y install ${prereqs[@]}
+fi
+
+
+tmpdir=$($ROOTCMD mktemp -d) || exit
+outertmp=$target/$tmpdir
+trap 'cd; rm -rf "$outertmp"' EXIT
+cd $outertmp
# update stable_ver when we are ready to jump to a new stable kernel.
# Stable kernels are listed here: https://www.kernel.org/category/releases.html
stable_ver='6\.6'
+# Actually, I dont want stable right now. comment this out to get stable
+# version.
+stable_ver='[1-9]'
va=$(curl -s https://kernel.ubuntu.com/mainline/ | \
sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1)
@@ -45,11 +62,11 @@ fi
urls=()
for p in ${pkgs[@]}; do
- if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ if ! $ROOTCMD dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p)
fi
done
if (( ${#urls[@]} >= 1 )); then
- wget "${urls[@]}"
- dpkg -i ./*.deb
+ wget -nv "${urls[@]}"
+ $ROOTCMD dpkg -i ${pkgs[@]/#/$tmpdir/}
fi
diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index 18f5a23..11a7ee5 100755
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -885,10 +885,10 @@ if $partition; then
# so use fixed sizes to allow both to grow
# 600 = uefi 512 + grubext 8 + bios grub 3 + some extra cuz this is lvm
#root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 ))
- o_mib=$(( 120 * 1000 ))
+ o_mib=$(( 180 * 1000 ))
# max minus o, minus a gig just for some extra space
max_root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 - o_mib - 1000 ))
- root_mib=$(( 1000 * 1000 )) # * 1000 to make it in gb.
+ root_mib=$(( 1700 * 1000 )) # * 1000 to make it in gb.
if (( max_root_mib < root_mib )); then
root_mib=$max_root_mib
fi
diff --git a/fai/config/hooks/updatebase.UBUNTU b/fai/config/hooks/updatebase.UBUNTU
index e5050cd..98f775f 100755
--- a/fai/config/hooks/updatebase.UBUNTU
+++ b/fai/config/hooks/updatebase.UBUNTU
@@ -1,5 +1,12 @@
#! /bin/bash
+# mk-basefile doesn't use the -updates suite, then we unpack it, then we
+# install sources.list that has -updates and we install random
+# packages. It might avoid a problem if we a dist-upgrade first.
+
+$ROOTCMD apt-get update
+$ROOTCMD apt-get -y dist-upgrade --purge --auto-remove
+
# https://lists.uni-koeln.de/pipermail/linux-fai/2016-July/011398.html
# In Ubuntu 16.04 (but not 14.04), the locales configuration mechanism has
# changed. There is a /var/lib/dpkg/info/locales.config file, which
@@ -9,8 +16,9 @@
# hook applies the debconf setting. It must run after FAI's debconf task
# but before dpkg gets a chance to clobber debconf with an empty setting.
+
if [ ! -f "$target/var/lib/locales/supported.d/local" ]; then
- $ROOTCMD debconf --owner=locales sh -c '
+ $ROOTCMD debconf --owner=locales sh -c '
. /usr/share/debconf/confmodule
db_version 2.0
db_get locales/locales_to_be_generated &&
diff --git a/fai/config/package_config/ARAMO.gpg b/fai/config/package_config/ARAMO.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..58057f6c8594d41c77bcbf17af40e5eca896e804
GIT binary patch
literal 3471
zcmai$S5y;-x`mTaLy<_YF?1M#(4{3bDbl4EMF`Rf#U%8OH0fO!29PE)2vVdfB1Mp*
zNR=dllpqL^-rJco_sqKY;jVlCw|~Fvm%YCA6@nNkZ36-*fDi!Q^y}mR#-T_pEUUoc
zW|I~NUpjCldy+(IDg2;x@@?Jr*ukMyqs7q);caCN*u67vigS5eWT3jU_DylzJx1;E
zc>ntv+FN&C$|Ti?q^4^_Zt*1X1+9pr7-BR|hL
zDOxMk64u|t=KsjBzRrwK(*TQG_VlDxzlmX~`1!^U6`qv*K(M#c;i|TFL6ut5t-^^n
z_J->?+2tZde6{3Li`d@oM*4{lfjT`aFR*m*%5j~J`*oMUKAZR=dYf>dp};N)&)j7Y
zA$Cy+ZFOFxh2oCxZyMR5N>lZlKgq`o*vD^ZoB*x^0l*d+%SWD=0Gz82OwYs$Zsh5U
z3x=s-|C32RbPaU%(fH?;^7M7{Lneb1DOrGY0Ddaazn28!p`fA%)6!5-vC)BP>8aQ$
zKtKQp3IuUP1L(kzMx|jL2CD1uwP~h9dD4`K0kr%`(K(RuYKUnQPmb&0U)}MO*E&2A
zeEG1xY}miQbZRwIs~N$=xCy>DioL&*7Mn3cp-_YL2tp`u{KmYT`>>TE7O{>a$VoP*
zkT*_h^$;?iq3Ey8&|eJsMkPhr;uj0iPLKaqPuWHq-6
zSv+;GjbnV(c-#A)f)`}|<#f%-i@T(EF|F`Cw(2CE2>V(RW%iyH=v=Jeaxr_8EI@N!6?9F1^&jWf$72
zYUPy4=p;gFC-(E0g58hCQbL0_8MBIgbY{%0JnJFFV^i}bKmi^c6E;Xh7K*x8093>v
zoV7U?NO5Ph%0SCBu;ahk^NKFLKl`=;XZk1u&x5^UF0osPh<#-`QU4z*CdQq1T>f-4
zAykGX7pYhFP5!>3fw4lcSCc|lsT#nQTuF8
zN|nEw>($FnpWR7t{IP^Tl2^TMLmJofPCdKN2h>wSSkJMBHcp@|hA`ySXx~UJPwg{|
z0jeg)Z8zPH`n#C==QvIIggP|=`J4m~=nj_G1X>&KC*7yn9ABS!OG9#1n;K15XGG}|
zNxLXq@FvL!
z4IZk`9`yU0J;|UOl$?Ko1pE(382%?PddHcrJk{?ozM=Y_4;x{XLT);2`^_JI)syEm
zeTq7ZElwEIY5Vg?g*Rki0Qpso@hq}0N=V%(fEf7ly7On9X}#w+aMX_o3qFLyf<@JK
zwr0_%pX0iIk7uWRDRgZlt-2T*nc8o_e|J>_-ZY957JK_fw6P{*qHj^M;-)hAI{eBF
zQjSvSIBht$S>`Aki}Na*)fR69=#vR
zLImo^4*Z|+B5RV#w%tlm5-okc*#{PZ;9q@-4r=<^C5?9>a^@X8R%fW4f>^_bcF0}8
zoS5EuK!PQ3GW1}UeR%*Dcr3NvuWjX487bbGeTdRF+~K*NI_Vmu^VQj{cKd!HtGYzK
z47zPR=__WIQ=8m-W!^5M1C^DHlipWPw-S(5bYvmzJM81l)um{cg5?@&oQ7YSX=Lcz
zyj8xOHmcEFSd{5;mUKp0M)ExE>R(TEE-dF4&VDYrS}~`n`?e5
zQWihlEIuvML+BA3(26McR+V!bD*THWE@rZ$f7!|lkB*Ur=QG1c?PCGMb@M%GA(3$f
z+z|{VDM<&7l_L?*BPefuXGby=b_ek+g}A|wBbnoiAS7R!ffF5@Ca84jm-l~Dwy
zB<1tk*f8$&uoN&VA@@lE0;6)~BKFs#oZP&4V%sj#gXF`F_D5{7ZB1)U@UU
zNz3zk=@nY+hIJ6SamByzMGzUQsezt?DNU)M*!?OOL|!?=_Dj8(Ml
z14$v~aZA_T9@1Rx`d~dvmWwRYpKz1MfOGc+cGVLg4fb+esAa?n-%%aqkSyUZ$>v@5Q)
zGn=A=u3m#2#S|lebu?aiT+%K0ia|Qbw>49_nj*OdYyVnyAP11URrTY^*{3p;ZDFTj
z=wx>@vPoIxbocf2b%z$aU&XTaz|)bMb>NiJd?#3T)h|xoh}a@
zvJ?3XVJ+`Fbu)`#)6%A?&G<5B*h6*0I0dEW<9PE}G8?aGOXSt={g!sTaqnJS*b-2Q
z25x-^wv%&tqC|K)o@sc|D_tS5TPMp+xv%#d0|)s~HirJ$xg-NuQUa&K#Tz?j_H*4|
zEl1tsd|y>IZz0szuAuTC1!iEG*Ok;X>B_M^8trQ7By)l946fJ!9oeknGpa{L{MmwM
z;cUrJ41-sa1JvUEbgOicb_yOI))z$#jK-AtYf=q*e(-qw-79L_#i(k$;{Y@0z(50u
z^e$c}e3F6*pDe>yeIxE7}9yvf`;pPdWM$z$ieG8Ex6;X}w|Nb7C3pExYVur#XTeK1WQ
zmQbIm%h$vzR-MzWVz+JtS`(C-2CVm-JLC)SYeI-^@r$7Rj(#SQi}}z9ttqOsM?V(D
zlV39yavC`~nhx?bGfs{duIoIHG(hJ)Zi8&^4D;zgv#q?$hIVN~Z{bJ(s8~{vm2T7Y
kDK58jDM_m@{W4`V&cSo>@T=Npjm1F5D{276Uqc4`3p!M6MF0Q*
literal 0
HcmV?d00001
diff --git a/fai/config/package_config/NABIA.gpg b/fai/config/package_config/NABIA.gpg
new file mode 120000
index 0000000..84bd61d
--- /dev/null
+++ b/fai/config/package_config/NABIA.gpg
@@ -0,0 +1 @@
+ARAMO.gpg
\ No newline at end of file
diff --git a/fai/config/package_config/STANDARD b/fai/config/package_config/STANDARD
index c0726e6..f55e664 100644
--- a/fai/config/package_config/STANDARD
+++ b/fai/config/package_config/STANDARD
@@ -21,9 +21,6 @@ ncurses-term
openssh-client
pciutils
perl
-# ian: newer distros dont have python, it gets naturally removed
-python
-python-minimal
python3
python3-minimal
reportbug
@@ -49,7 +46,6 @@ rsync
openssh-client openssh-server
time
procinfo
-locales
console-setup kbd
pciutils usbutils
unattended-upgrades
@@ -67,6 +63,8 @@ iso-codes
cryptsetup-initramfs
# for btrbk
zstd
+# for detecting wireless
+iw
# iank, copied from DEBIAN so it goes into ubuntu too
PACKAGES install GRUB_PC
diff --git a/fai/config/package_config/readme b/fai/config/package_config/readme
new file mode 100644
index 0000000..abb42b7
--- /dev/null
+++ b/fai/config/package_config/readme
@@ -0,0 +1,2 @@
+ian: Ya, for each trisquel release, we need a new key symlink link, or
+new file if the key has changed.
diff --git a/fai/config/scripts/DEBIAN/11-iank b/fai/config/scripts/DEBIAN/11-iank
index 69b9afe..130c7e9 100755
--- a/fai/config/scripts/DEBIAN/11-iank
+++ b/fai/config/scripts/DEBIAN/11-iank
@@ -24,12 +24,33 @@ if [[ $EUID != 0 ]]; then
exit 1
fi
+m() { printf "%s\n" "$*"; "$@"; }
+
+
fcopy -riB /root
+# in bullseye, installing systemd-resolved says: Converting
+# /etc/resolv.conf to a symlink to
+# /run/systemd/resolve/stub-resolv.conf... which breaks
+# resolution. This happens to be the first script we install a package
+# after that. This should do nothing in a fai-wrapper situation.
+if [[ ! -s $target/etc/resolv.conf ]]; then
+ m ls -la $target/etc/resolv.conf ||:
+ # Keep the symlink in place, systemd-resolved should change the file
+ # when it runs.
+ mkdir -p $target/run/systemd/resolve
+ if [[ ! -s /etc/resolv.conf ]] && ! host google.com; then
+ echo "ERROR: empty resolv.conf & failed dns resolution. exiting 1" >&2
+ exit 1
+ fi
+ cat /etc/resolv.conf >$target/etc/resolv.conf
+fi
+
+
#### misc configurations
chroot $FAI_ROOT bash <<'EOFOUTER'
-set -x
+set -xe
if getent group systemd-journal >/dev/null; then
# makes the journal be saved to disk.
mkdir -p /var/log/journal
@@ -38,7 +59,12 @@ fi
debconf-set-selections </dev/null; then
sudo apt-get -y install fai-client
fi
-if [[ -e /a/bin/fai/fai-wrapper ]]; then
- chroot() {
- shift
- "$@"
- }
-fi
-
-if [[ $FAI_ROOT == / ]]; then
- source /a/bin/bash_unpublished/source-state
- bprogs_dir=/a/opt/btrfs-progs-release
-else
- bprogs_dir=/srv/btrfs-progs-release
- chroot="chroot $FAI_ROOT"
-fi
-
# -r = recursive
# -i = ignore non-matching class warnings, always exit 0
# -B = no backup files
@@ -66,6 +51,8 @@ if [[ ! -e $dst && -e $src ]]; then
mount -o bind $src $dst
fi
+
+
$FAI/distro-install-common/end
@@ -75,13 +62,13 @@ $FAI/distro-install-common/end
# I run this as a single post-fai script to update things that have changed.
tmpfile1=$(mktemp)
# this can fail if we need an apt update
-$chroot /usr/bin/apt-cache policy >$tmpfile1 ||:
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile1 ||:
fcopy -riB /etc/apt
tmpfile2=$(mktemp)
-$chroot /usr/bin/apt-cache policy >$tmpfile2
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile2
if ! diff -q $tmpfile1 $tmpfile2; then
- $chroot /usr/bin/apt update
+ $ROOTCMD /usr/bin/apt update
fi
# outside of fai, this seems to regularly lead to
# E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
@@ -105,7 +92,6 @@ fi
#### misc configurations
-
if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then
if ifclass LINODE; then
speed=19200
@@ -131,7 +117,7 @@ TimeoutStartSec=20
WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device
EOF
- $chroot bash <<'EOFOUTER'
+ $ROOTCMD bash <<'EOFOUTER'
systemctl enable myncq.service
/usr/bin/myncq no-upgrub
EOFOUTER
@@ -180,8 +166,8 @@ EOF
fi
# use networkmanager if this host has wireless.
-if [[ $HOSTNAME == bo ]] || type -p iw &>/dev/null && [[ $(iw dev) ]]; then
- $chroot bash </dev/null | awk '{print $2}') ||:
-if [[ $ver != "$cur_ver" ]]; then
- if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
- rm -rf $bprogs_dir
- cd /tmp
- wget $url
- sudo -u iank tar xzf $tarball
- mv ${tarball%.tar.gz} $bprogs_dir
- cd $bprogs_dir
- apt-get -y build-dep btrfs-progs
- sudo -u iank ./configure --disable-documentation
- sudo -u iank make
- make install
- else
- $chroot bash -xe <$target/etc/initramfs-tools/conf.d/mine </dev/null | awk '{print $2}') ||:
+
+if [[ $FAI_ROOT == / ]]; then
+ bp_dir=/a/opt/btrfs-progs-release
+else
+ bp_dir=$FAI/distro-install-common/btrfs-progs-release
+fi
+if [[ $ver != "$cur_ver" ]]; then
+ if [[ $ver != "$($bp_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
+ cd $target/tmp
+ wget $url
+ tar xzf $tarball
+ $ROOTCMD apt-get -y build-dep btrfs-progs
+ # no docs cuz I didn't want to bother fixing error of missing docs dependencies
+ $ROOTCMD bash -xe <&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ $ROOTCMD apt-get -y install build-essential
+ fi
+
+ if [[ $FAI_ROOT == / ]]; then
+ cd /a/opt/btrfs-progs-release
+ make install
+ else
+ mkdir -p $target/tmp/bprogs
+ mount -o bind $bp_dir $target/tmp/bprogs
+ $ROOTCMD bash -xe < /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.gz
+tar --one-file-system -C $t -cf - . | zstd -9 > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.zst
cleanup
diff --git a/myfai-chboot b/myfai-chboot
index 743859a..a653ae6 100755
--- a/myfai-chboot
+++ b/myfai-chboot
@@ -31,18 +31,26 @@ If our kernel has no nfs support, uses apache intead of nfs, and depends
on another repo of Ian Kelling, basic-https-conf, where the file is at
/a/exe/web-conf.
-Usng this, you can boot into fai with pxe-kexec without changing
-the dhcp server.
+Using this, you can boot into fai with pxe-kexec without changing the
+dhcp server. Note, if you are booting using fai-cd, the pxe config does
+nothing, and only flags affecting FAI_ACTION will have any affect. You
+can change the fai flags in the grub config, for example in
+./grub.cfg.autodiscover, or at runtime by editing a grub menu option.
+We could probably also set FAI_FLAGS the same way we set FAI_ACTION,
+but I haven't tried it.
-Argument sets the host to enable it for. No argument disables pxe
-config for all hosts, but leaves nfs server alone. Use faiserver-disable
-to disable the nfs server.
+HOSTNAME|IP|default Sets the host to enable it for. No argument
+ disables pxe config for all hosts, but leaves nfs
+ server alone. Use faiserver-disable to disable the
+ nfs server.
-S sets FAI_ACTION=sysinfo, and remove fai flag reboot.
Usefull for doing a system recovery. It reboots automatically anyways :(
-k Add serial port output for kgped16
-i sets FAI_ACTION=inventory and remove fai flag reboot.
I'm not sure what this is usefull for.
+-b Setup bonded ethernet.
+--no-r Tell fai-chboot not to reboot when its done. This is implied by -i and -S.
-h|--help Print help and exit.
EOF
diff --git a/myfai-chboot-local b/myfai-chboot-local
index 4cef9a5..7dea8f2 100755
--- a/myfai-chboot-local
+++ b/myfai-chboot-local
@@ -16,54 +16,72 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-# note, this script gets piped to bash, so cant cd to current dir
-[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+set -x
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+pre="${0##*/}:"
+m() { printf "$pre %s\n" "$*"; "$@"; }
+e() { printf "$pre %s\n" "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
+
+usage() {
+ cat <&2; exit 1; }
+
+temp=$(getopt -l help,no-r hSi "$@") || usage 1
+eval set -- "$temp"
+while true; do
case $1 in
- -h|--help)
- echo "see help from myfai-chboot"
- exit 0
- ;;
-S)
fai_action=sysinfo
fai_reboot_arg=
- shift
;;
-i) #inventory
fai_action=inventory
fai_reboot_arg=
- shift
;;
-k)
kgped16=true
- shift
;;
-b)
bond=true
- shift
;;
--no-r)
fai_reboot_arg=
- shift
;;
+ -h|--help) usage ;;
+ --) shift; break ;;
+ *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;
esac
+ shift
done
-
-pre="${0##*/}:"
-m() { printf "$pre %s\n" "$*"; "$@"; }
-e() { printf "$pre %s\n" "$*"; }
-err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
-
-host=$1
+read -r host <<<"$@"
+readonly host
rm -f /srv/tftp/fai/pxelinux.cfg/*
--
2.30.2
From 5c8f49a1d5321a0d3f01284f0087740af070962b Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Wed, 24 Apr 2024 15:23:06 -0400
Subject: [PATCH 11/16] minor: docs
---
README | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README b/README
index 6d097f9..f9d0853 100644
--- a/README
+++ b/README
@@ -104,7 +104,7 @@ fai/config/distro-install-common/end
and which shadow file / luks file(s) to copy into the new machine depends
on fai-redep arguments.
-Also, setup dns in bind and wrt-setup-local.
+Also, setup dns in /p/c/host-info and firewall redirects in wrt-setup-local.
After install, btrbk to setup data, and then distro-begin && distro end.
See notes in distro-begin for other configuration.
--
2.30.2
From c5eccfae1f48f183af80847fcabcc35e3563469d Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Sat, 27 Apr 2024 17:03:04 -0400
Subject: [PATCH 12/16] handle ssh redirects programatically
---
wrt-setup | 2 +-
wrt-setup-local | 64 ++-----------------------------------------------
2 files changed, 3 insertions(+), 63 deletions(-)
diff --git a/wrt-setup b/wrt-setup
index ec91ed7..bce6a4a 100755
--- a/wrt-setup
+++ b/wrt-setup
@@ -77,7 +77,7 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-loc
#/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
- /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/dnsmasq-data /b/bash-bear-trap/bash-bear $h:
+ /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/{dnsmasq,cmc-firewall}-data /b/bash-bear-trap/bash-bear $h:
scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
diff --git a/wrt-setup-local b/wrt-setup-local
index aabfca3..3d2edb8 100755
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -666,6 +666,7 @@ config rule
option target REJECT
## end no external dns for ziva
+$(. /root/cmc-firewall-data)
config rule
option src wan
@@ -684,18 +685,6 @@ config rule
option target ACCEPT
option dest_port 9091
-config redirect
- option name sshkd
- option src wan
- option src_dport 2202
- option dest_port 22
- option dest_ip $l.2
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2202
-
# was working on an openvpn server, didn't finish
# config redirect
# option name vpnkd
@@ -723,55 +712,6 @@ config rule
option dest_port 8989
-config redirect
- option name sshx2
- option src wan
- option src_dport 2205
- option dest_port 22
- option dest_ip $l.5
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2205
-
-config redirect
- option name sshx3
- option src wan
- option src_dport 2207
- option dest_port 22
- option dest_ip $l.7
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2207
-
-config redirect
- option name sshbb8
- option src wan
- option src_dport 2209
- option dest_port 22
- option dest_ip $l.32
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2209
-
-
-config redirect
- option name sshfrodo
- option src wan
- option src_dport 2234
- option dest_port 34
- option dest_ip $l.34
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 2234
-
config redirect
option name icecast
@@ -822,7 +762,7 @@ config rule
option target ACCEPT
option dest_port 4533
-# So a client can just have i.b8.nz dns even when they
+# So a client can just have b8.nz dns even when they
# are on the lan.
#config redirect
# option name navidromelan
--
2.30.2
From a03d1a5cf4c6583c075a5b80e729f8f72ed0d338 Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Sun, 28 Apr 2024 09:31:36 -0400
Subject: [PATCH 13/16] static usb ethnet addresses
---
fai-redep | 6 +++++-
fai/config/scripts/IANK/11-iank | 10 ++++++++++
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/fai-redep b/fai-redep
index 8e5919d..b90b30a 100755
--- a/fai-redep
+++ b/fai-redep
@@ -80,6 +80,7 @@ m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "$
# todo: automatically disable faiserver after a period so
# these files are not available.
+
if [[ $target ]]; then
secret_files=(luks/$target luks/host-$target shadow/$target)
exists=false
@@ -101,7 +102,10 @@ else
rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common
fi
-rsync -rlpt --delete /a/opt/btrfs-progs-release "${rpre[@]}"/srv/fai/config/distro-install-common
+rsync -rlpt --delete /a/opt/btrfs-progs-release \
+ filesystem/usr/local/bin/ethusb-nm \
+ filesystem/usr/local/bin/ethusb-static \
+ "${rpre[@]}"/srv/fai/config/distro-install-common
dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
if [[ -e ${dirs[0]} ]]; then
diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank
index ce0be4b..54641b2 100755
--- a/fai/config/scripts/IANK/11-iank
+++ b/fai/config/scripts/IANK/11-iank
@@ -184,6 +184,16 @@ EOF
[main]
dns=systemd-resolved
EOF
+
+ $FAI/distro-install-common/ethusb-static
+ if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+ && ip n show 10.2.0.1 | grep . &>/dev/null; then
+ : # we are at home. note: logic duplicated in btrbk-run
+ else
+ $FAI/distro-install-common/ethusb-nm
+ fi
+
+
else
cat > $target/etc/network/interfaces <<-EOF
# generated by FAI
--
2.30.2
From a69dd442e7381deaec866989a4944efa4f73a8c3 Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Mon, 20 May 2024 16:13:19 -0400
Subject: [PATCH 14/16] fix bad merge of upstream config
---
fai/config/scripts/GRUB_PC/10-setup | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fai/config/scripts/GRUB_PC/10-setup b/fai/config/scripts/GRUB_PC/10-setup
index ed8d878..7ea23fd 100755
--- a/fai/config/scripts/GRUB_PC/10-setup
+++ b/fai/config/scripts/GRUB_PC/10-setup
@@ -84,10 +84,11 @@ if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then
else
for dev in $BOOT_DEVICE; do
mbrdev=$(get_stable_devname $dev)
- if [ -z "$mbrdevices" ]; then
+ if [ -z "$mbrdev" ]; then
# if we cannot find a persistent name (for e.g. in a VM) use old name
- mbrdevices+="$dev, "
+ mbrdev="$dev"
fi
+ mbrdevices+="$mbrdev, "
echo "Installing grub on $dev = $mbrdev"
$ROOTCMD grub-install --no-floppy "$mbrdev"
done
--
2.30.2
From fd75a734a7149cf203553d36270482af37e680da Mon Sep 17 00:00:00 2001
From: Ian Kelling
Date: Mon, 20 May 2024 17:57:49 -0400
Subject: [PATCH 15/16] various fixes, improvements, shellcheck
---
README | 9 +-
arch-init | 11 +-
arch-init-remote | 19 +-
bash-trace | 1 -
debian-pxe-preseed | 11 +-
fai-redep | 74 +++--
fai-revm | 44 +--
fai-wrapper | 20 +-
fai/config/class/DEFAULT.var | 5 +-
.../distro-install-common/ethusb-static | 201 ++++++++++++
...rnel-debs => install-mainline-kernel-debs} | 45 ++-
fai/config/files/boot/bash-trace/DEFAULT | 298 ------------------
fai/config/files/boot/chboot/DEFAULT | 20 +-
fai/config/hooks/partition.DEFAULT | 4 +
fai/config/package_config/STANDARD.gpg | Bin 20276 -> 0 bytes
fai/config/scripts/IANK/11-iank | 28 +-
faiserver-disable | 23 +-
faiserver-revm | 31 +-
faiserver-setup | 29 +-
faiserver-uninstall | 15 +-
fresize | 2 +-
grub.cfg.autodiscover | 14 +-
install-chboot | 14 +-
lk | 2 +-
mk-basefile-big | 13 +-
myfai-chboot | 16 +-
myfai-chboot-local | 10 +-
mymk-basefile | 17 +-
pxe-server | 12 +-
wrt-setup | 10 +-
wrt-setup-local | 65 ++--
31 files changed, 556 insertions(+), 507 deletions(-)
delete mode 120000 bash-trace
create mode 100755 fai/config/distro-install-common/ethusb-static
rename fai/config/distro-install-common/{install-stable-kernel-debs => install-mainline-kernel-debs} (58%)
delete mode 100644 fai/config/files/boot/bash-trace/DEFAULT
delete mode 100644 fai/config/package_config/STANDARD.gpg
diff --git a/README b/README
index f9d0853..5e01bb4 100644
--- a/README
+++ b/README
@@ -109,6 +109,13 @@ Also, setup dns in /p/c/host-info and firewall redirects in wrt-setup-local.
After install, btrbk to setup data, and then distro-begin && distro end.
See notes in distro-begin for other configuration.
+# Prerequesites:
+
+
+git clone https://git.savannah.nongnu.org/git/bash-bear-trap.git
+sudo install -T bash-bear-trap/bash-bear /usr/local/lib/bash-bear
+
+
# Scripts (meant to be used directly):
@@ -125,7 +132,7 @@ fai-redep -t TARGET_HOSTNAME && sudo fai-cd -M -g $PWD/grub.cfg.netinst-noreboot
mymk-basefile # Create basefiles for various distros
archlike-pxe # Setup pxe boot server from an archlike base image
-fai-redep # Deploy fai configuration to host "faiserver"
+fai-redep # Deploy fai configuration to host "faiserver.b8.nz"
faiserver-uninstall # uninstall fai-server
faiserver-setup # install fai-server on the current machine
myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec or booting from a fai-cd.
diff --git a/arch-init b/arch-init
index 2f14ad6..6a3786f 100755
--- a/arch-init
+++ b/arch-init
@@ -1,4 +1,4 @@
-#!/bin/bash -x
+#!/bin/bash
# Copyright (C) 2016 Ian Kelling
# This program is free software; you can redistribute it and/or
@@ -15,8 +15,13 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-cd ${x%/*}
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
+
+set -x
export HOSTNAME="$1"
mirror=$2
diff --git a/arch-init-remote b/arch-init-remote
index d8e4e29..66e19e2 100755
--- a/arch-init-remote
+++ b/arch-init-remote
@@ -1,6 +1,21 @@
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi
set -x
diff --git a/bash-trace b/bash-trace
deleted file mode 120000
index 015ae24..0000000
--- a/bash-trace
+++ /dev/null
@@ -1 +0,0 @@
-fai/config/files/boot/bash-trace/DEFAULT
\ No newline at end of file
diff --git a/debian-pxe-preseed b/debian-pxe-preseed
index aaef9a6..e2d401f 100755
--- a/debian-pxe-preseed
+++ b/debian-pxe-preseed
@@ -18,11 +18,12 @@
# WARNING: outdated! needs docs and update to debian-stretch
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-
[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
-src=$(readlink -f "${BASH_SOURCE%/*}")
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
e() { echo "$*"; "$@"; }
@@ -36,11 +37,11 @@ cd $mount_dir
e rm -rf debian-wheezy
mkdir debian-wheezy
cd debian-wheezy
-e $src/debian-preseed "$@" # my script
+e $this_dir/debian-preseed "$@" # my script
cd ..
e rm -f tftpboot
e ln -s debian-wheezy tftpboot
cd /
e umount $mount_dir
-e $src/pxe-server default plain # my script
+e $this_dir/pxe-server default plain # my script
diff --git a/fai-redep b/fai-redep
index b90b30a..250b458 100755
--- a/fai-redep
+++ b/fai-redep
@@ -1,18 +1,35 @@
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}"
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
-source bash-trace
usage() {
- cat <&2 ; usage 1 ;;
esac
shift
done
-host=${1:-faiserver}
+host=${1:-faiserver.b8.nz}
readonly host distro target
##### end command line parsing ########
-m() { printf "$pre %s\n" "$*"; "$@"; }
+m() { printf "fai-redep: %s\n" "$*"; "$@"; }
# i use faiserver as a dns alias, but ssh key is associated with
# a canonical hostname and we will have ssh warning spam unless we
@@ -63,8 +80,19 @@ faiserver_host=$(/a/exe/chost $host)
# faiserver_host=$host
faiserver_addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:)
+
+rsrv() {
+ local -a opts
+ while [[ $2 ]]; do
+ opts+=("$1")
+ shift
+ done
+ m rsync "${ropts[@]}" "${opts[@]}" "$rpath$1"
+}
+rpath=/srv
if ! ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then
- rpre=(-e "ssh -F $HOME/.ssh/confighome" root@$faiserver_host:)
+ ropts=(-e "ssh -F $HOME/.ssh/confighome")
+ rpath="root@$faiserver_host:/srv"
faiserver_shell="ssh -F $HOME/.ssh/confighome root@$faiserver_host"
fi
@@ -75,7 +103,7 @@ rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh
install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh
rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD
-m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "${rpre[@]}"/srv
+rsrv -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /
# todo: automatically disable faiserver after a period so
# these files are not available.
@@ -84,7 +112,6 @@ m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "$
if [[ $target ]]; then
secret_files=(luks/$target luks/host-$target shadow/$target)
exists=false
- secret_exists=()
for f in ${secret_files[@]}; do
if [[ -e /q/root/$f ]]; then
exists=true
@@ -96,27 +123,28 @@ if [[ $target ]]; then
for f in ${secrets_to_send[@]}; do
echo $f
done
- } | rsync -lpt --files-from=- /q/root "${rpre[@]}"/srv/fai/config/distro-install-common
+ } | rsrv -lpt --files-from=- /q/root /fai/config/distro-install-common
fi
else
- rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common
+ rsrv -rlpt /q/root/shadow /q/root/luks /fai/config/distro-install-common
fi
-rsync -rlpt --delete /a/opt/btrfs-progs-release \
- filesystem/usr/local/bin/ethusb-nm \
- filesystem/usr/local/bin/ethusb-static \
- "${rpre[@]}"/srv/fai/config/distro-install-common
+rsrv -rlpt --delete /a/opt/btrfs-progs-release /fai/config/distro-install-common
dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
if [[ -e ${dirs[0]} ]]; then
- rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common
+ rsrv -rlpt --delete --relative ${dirs[@]} /fai/config/distro-install-common
fi
. /a/bin/distro-setup/pkgs
-pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro))
+tmpstr=$(/a/bin/buildscripts/emacs -p && /a/bin/distro-setup/distro-pkgs $distro)
+declare -a pall
+for p in $tmpstr; do
+ pall+=($p)
+done
printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
$faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe
-m rsync -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/
+rsrv -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ /fai/config/basefiles/
diff --git a/fai-revm b/fai-revm
index 2ce0102..6bada5e 100755
--- a/fai-revm
+++ b/fai-revm
@@ -18,12 +18,12 @@
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
-script_dir="${this_file%/*}"
-# shellcheck source=./bash-trace
-source "${script_dir}/bash-trace"
-cd $script_dir
PATH="$PATH:$PWD"
e() { echo "$*"; "$@"; }
@@ -88,19 +88,24 @@ disk_count=1
rm -f /tmp/fai-revm-did-pxe
-if ! ip l show br0 &>/dev/null; then
- cat <<'EOF'
-fai-rvm error: no bridge detected. add one to interfaces like this:
-iface eth0 inet manual
-iface br0 inet dhcp
- bridge_ports eth0
- bridge_stp off
- bridge_maxwait 0
-EOF
- exit 1
+if ip l show br0 &>/dev/null; then
+ net_arg="-w bridge=br0,mac=52:54:00:9c:ef:ad"
+else
+ # if this computer has ethernet, we could setup a br0 like so:
+ # cat <<'EOF'
+ # fai-rvm error: no bridge detected. add one to interfaces like this:
+ # iface eth0 inet manual
+ # iface br0 inet dhcp
+ # bridge_ports eth0
+ # bridge_stp off
+ # bridge_maxwait 0
+ # EOF
+
+ # if we only have wifi, cant use eth0
+ net_arg="-w network=default,mac=52:54:00:9c:ef:ad"
fi
-if [[ $script_dir == /a/bin/* ]]; then
+if [[ $this_dir == /a/bin/* ]]; then
# Copy our script elsewhere so we can develop it
# and save it at the same time it's running
rm -rf /tmp/faifreeze
@@ -146,7 +151,7 @@ else
fi
boot_arg="--cdrom $isopath"
e fai-redep
- cat ~/.ssh/demo.pub | /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys
+ /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys <~/.ssh/demo.pub
e myfai-chboot default
fi
# I don't think these variants actually make a diff for us, but I
@@ -165,7 +170,7 @@ e virsh destroy $name ||:
e virsh undefine $name ||:
sleep 1
-
+## begin virtual disk creation ##
disk_arg=()
for ((i=1; i <= disk_count; i++)); do
f=/var/lib/libvirt/images/${name}$i
@@ -178,6 +183,7 @@ for ((i=1; i <= disk_count; i++)); do
e qemu-img create -o preallocation=metadata -f qcow2 $f 50G
fi
done
+## end virtual disk creation ##
if [[ $SSH_CLIENT ]]; then
console_arg=--noautoconsole
@@ -202,7 +208,7 @@ fi
e systemctl start libvirtd
e virt-install --rng /dev/urandom --os-variant $variant -n $name $boot_arg -r 2048 --vcpus $cpus \
- ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \
+ ${disk_arg[*]} $net_arg $reboot_arg \
--graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq &
diff --git a/fai-wrapper b/fai-wrapper
index 5efa7f1..b6a75d3 100644
--- a/fai-wrapper
+++ b/fai-wrapper
@@ -1,6 +1,20 @@
#!/bin/bash
-# Copyright (C) 2019 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
+# This file is part of Ian Kelling's automated-distro-installer
+# Copyright (C) 2024 Ian Kelling
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# For using some fai commands outside of fai.
# Usually this is sourced from another script. Note this has
@@ -11,7 +25,7 @@ export FAI_WRAPPER=true
ifclass() {
local var=${1/#/CLASS_}
- [[ $HOSTNAME == $1 || ${!var} ]]
+ [[ $HOSTNAME == "$1" || ${!var} ]]
}
fai-setclass() {
for class in "$@"; do
diff --git a/fai/config/class/DEFAULT.var b/fai/config/class/DEFAULT.var
index a999512..d574d7d 100644
--- a/fai/config/class/DEFAULT.var
+++ b/fai/config/class/DEFAULT.var
@@ -6,7 +6,10 @@ LOGUSER=fai
# when downloading from https intead of nfs, this is not set,
# it is used as the default for LOGSERVER, and for calling chboot.
# My faiserver's hostname is always faiserver, so just hardcoding it.
-SERVER=faiserver
+# I used bare host in the past, thinking that I could vary this
+# between different networks I was on, but it is simpler to just
+# user an internet domain that I control.
+SERVER=faiserver.b8.nz
# busted for debian, no time to troubleshoot atm
#APTPROXY=http://faiserver:3142
diff --git a/fai/config/distro-install-common/ethusb-static b/fai/config/distro-install-common/ethusb-static
new file mode 100755
index 0000000..f6cdd62
--- /dev/null
+++ b/fai/config/distro-install-common/ethusb-static
@@ -0,0 +1,201 @@
+#!/bin/bash
+# I, Ian Kelling, follow the GNU license recommendations at
+# https://www.gnu.org/licenses/license-recommendations.en.html. They
+# recommend that small programs, < 300 lines, be licensed under the
+# Apache License 2.0. This file contains or is part of one or more small
+# programs. If a small program grows beyond 300 lines, I plan to switch
+# its license to GPL.
+
+# Copyright 2024 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# usage $0 [-c] [off]
+# off: Turn off static ip.
+# -c config only, don't tell networkmanager to change anything
+# -f force interface reup
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+m() { printf "%s\n" "$*"; "$@"; }
+
+## begin arg parsing ##
+
+force=false
+conf_only=false
+comment='# iank file id: ethusb-dhcp-v1'
+off=false
+while [[ $1 ]]; do
+ case $1 in
+ -c)
+ conf_only=true
+ ;;
+ -f)
+ force=true
+ ;;
+ off)
+ off=true
+ comment='# iank file id: ethusb-static-v1'
+ ;;
+ *)
+ echo "$0: error unexpected argument: $1" >&2
+ exit 1
+ ;;
+ esac
+ shift
+done
+
+## end arg parsing ##
+
+
+shopt -s nullglob
+
+# we already configured the interface once, afterwards, comment and
+# uncomment to enable/disable. This makes it so we don't depend on /p
+# being mounted.
+
+conf=/etc/NetworkManager/system-connections/ethusb-static.nmconnection
+if ! $force && [[ -s $conf ]] && grep -qFx "$comment" $conf; then
+ # we already ran successfully in the past to set things this way, so
+ # do nothing.
+ exit 0
+fi
+
+
+if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+ && ip n show 10.2.0.1 | grep . &>/dev/null; then
+ # we are at_home=true
+
+ while read -r ip_suf host mac; do
+ if [[ $mac != usb ]]; then
+ continue
+ fi
+ if [[ $host == ${HOSTNAME}c ]]; then
+
+ net_info="address1=10.2.0.$ip_suf/16,10.2.0.1
+dns=8.8.8.4;8.8.8.8;"
+
+ break
+ fi
+ done
/dev/null | awk '$1 == "connection.uuid:" {print $2}' ||:)
+if [[ ! $uuid ]]; then
+ # just a uuid that nm generated for me at some point
+ uuid=0da4c614-6a3c-3ad2-8d4b-c6eebe0814c3
+fi
+
+
+# This template is the result of running, for example
+# nmcli con mod "Wired connection 1" \
+ # ipv4.addresses "10.2.0.23/24" \
+ # ipv4.gateway "10.2.0.1" \
+ # ipv4.dns "8.8.8.4,8.8.8.8"
+
+# which creates a fille named "Wired connection 1.nmconnection",
+# below. I see no reason to keep the same file name, or a bunch of
+# setting that seem irrelevant, and empty sections don't seem to do
+# anything according to the man page.
+
+# [connection]
+# id=Wired connection 2
+# uuid=b0fb7694-dfe6-31a1-81fa-7c17b61515a7
+# type=ethernet
+# interface-name=eth1
+# timestamp=1715728264
+
+# [ethernet]
+
+# [ipv4]
+# address1=10.2.0.23/16,10.2.0.1
+# dns=8.8.8.4;8.8.8.8;
+# method=manual
+
+# [ipv6]
+# addr-gen-mode=stable-privacy
+# method=auto
+
+# [proxy]
+
+{
+ cat </dev/null | awk '$1 == "GENERAL.STATE:" {print $2}' ||:)
+
+ reup=false
+ if [[ $state == activated ]]; then
+ reup=true
+ fi
+
+ m nmcli con reload
+
+ if $reup; then
+ m nmcli con down $uuid
+ m nmcli con up $uuid
+ fi
+fi
+
+if ! grep -F "$comment" $conf; then
+ printf "%s\n" "$comment" >>$conf
+fi
diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-mainline-kernel-debs
similarity index 58%
rename from fai/config/distro-install-common/install-stable-kernel-debs
rename to fai/config/distro-install-common/install-mainline-kernel-debs
index db7abcf..93f7c57 100755
--- a/fai/config/distro-install-common/install-stable-kernel-debs
+++ b/fai/config/distro-install-common/install-mainline-kernel-debs
@@ -21,7 +21,19 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-set -x
+# default
+kernel_ver='6\.6'
+case $1 in
+ stable)
+ # note: update kernel_ver when we are ready to jump to a new stable kernel.
+ # Stable kernels are listed here: https://www.kernel.org/category/releases.html
+ kernel_ver='6\.6'
+ ;;
+ unstable)
+ kernel_ver='[1-9]'
+ ;;
+esac
+
prereqs=()
for p in wget curl; do
@@ -35,25 +47,28 @@ fi
tmpdir=$($ROOTCMD mktemp -d) || exit
+# shellcheck disable=SC2154 # defined by fai
outertmp=$target/$tmpdir
trap 'cd; rm -rf "$outertmp"' EXIT
cd $outertmp
-# update stable_ver when we are ready to jump to a new stable kernel.
-# Stable kernels are listed here: https://www.kernel.org/category/releases.html
-stable_ver='6\.6'
-# Actually, I dont want stable right now. comment this out to get stable
-# version.
-stable_ver='[1-9]'
-va=$(curl -s https://kernel.ubuntu.com/mainline/ | \
- sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
- grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1)
+# We get 10 versions cuz maybe the latest directory (or few) get created but not populated.
+tmps=$(curl -s https://kernel.ubuntu.com/mainline/ | \
+ sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
+ grep -v -- -rc | sed 's/^v//' | grep "^$kernel_ver" | sort -Vr | head -n10)
+mapfile -t latest_versions <<<"$tmps"
-# note the wiki page about these says to install linux-headers.*generic.*amd64, but
-# as of 2024, they have a requirement of a very new glibc, and people report
-# that installing it is not needed.
-tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' )
-mapfile -t pkgs <<<"$tmpstr"
+for va in "${latest_versions[@]}"; do
+ sleep .2 # be nice
+ # note the wiki page about these says to install linux-headers.*generic.*amd64, but
+ # as of 2024, they have a requirement of a very new glibc, and people report
+ # that installing it is not needed.
+ tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | sed '/linux-headers.*generic.*amd64/d' )
+ if [[ $tmpstr ]]; then
+ mapfile -t pkgs <<<"$tmpstr"
+ break
+ fi
+done
if (( ${#pkgs[@]} != 3 )); then
echo "$0: error. expected to find 3 kernel packages, got: ${pkgs[*]}" >&2
diff --git a/fai/config/files/boot/bash-trace/DEFAULT b/fai/config/files/boot/bash-trace/DEFAULT
deleted file mode 100644
index 2a4077f..0000000
--- a/fai/config/files/boot/bash-trace/DEFAULT
+++ /dev/null
@@ -1,298 +0,0 @@
-#!/bin/bash
-# Bash Error Handler
-# Copyright (C) 2020 Ian Kelling
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-
-# This is a single file library, just source this file. When an error
-# happens, we print a stack trace then exit. In an interactive shell, we
-# return from functions instead of exiting. If err-cleanup is a command,
-# it runs before the stack trace. Functions are documented inline below
-# for additional use cases.
-#
-# Note: occasionally the line numbers are off a bit (at least in Bash
-# 5.0). This appears to be a bash bug. I plan to report it next time it
-# happens to me.
-#
-# Please email me if you use this or have anything to contribute. I'm
-# not aware of any users yet Ian Kelling .
-#
-# Tested on bash 4.4.20(1)-release (x86_64-pc-linux-gnu) and
-# 5.0.17(1)-release (x86_64-pc-linux-gnu).
-#
-# Related: see my bash script template repo at https://iankelling.org/git.
-
-
-# TODO: investigate to see if we can format output betting in case of
-# subshell failure. Right now, we get independent trace from inside and
-# outside of the subshell. Note, errexit + inherit_errexit doesn't have
-# any smarts around this either.
-
-if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
-
-#######################################
-# err-catch: Setup trap on ERR to print stack trace and exit (or return
-# if the shell is interactive). This is the most common use case so we
-# run it after defining it, you can call err-allow to undo that.
-#
-# This also sets pipefail because it's a good practice to catch more
-# errors.
-#
-# Note: In interactive shell, stack calling line number is not
-# available, so we print function definition lines.
-#
-# Note: This works like set -e, which has one unintuitive feature: If
-# you use a function as part of a conditional, eg: func && come_cmd, a
-# failed command within func won't trigger an error.
-#
-# Globals
-#
-# err_catch_ignore Array containing glob patterns to test against
-# filenames to ignore errors from in interactive
-# shell. Initialized to ignore bash-completion
-# scripts on debian based systems.
-#
-# err-cleanup If set, this command will run just before exiting.
-#
-# _err_func_last Used internally in err-bash-trace-interactive
-#
-#######################################
-err-catch() {
- set -E;
- if [[ $- == *i* ]]; then
- if ! test ${err_catch_ignore+defined}; then
- err_catch_ignore=(
- '/etc/bash_completion.d/*'
- '*/bash-completion/*'
- )
- fi
- declare -i _err_func_last=0
- if [[ $- != *c* ]]; then
- shopt -s extdebug
- fi
- # shellcheck disable=SC2154
- trap '_err-bash-trace-interactive $? "${PIPESTATUS[*]}" "$BASH_COMMAND" ${BASH_ARGC[0]} "${BASH_ARGV[@]}" || return $?' ERR
- else
- # Man bash on exdebug: "If set at shell invocation, arrange to
- # execute the debugger". We want to avoid that, but I want this file
- # to be sourceable from bash startup files. noninteractive ssh and
- # sources .bashrc on invocation. login_shell sources things on
- # invocation.
- #
- # extdebug allows us to print function arguments in our stack trace.
- if ! shopt login_shell >/dev/null && [[ ! $SSH_CONNECTION ]]; then
- shopt -s extdebug
- fi
- trap err-exit ERR
- fi
- set -o pipefail
-}
-# This is the most common use case so run it now.
-err-catch
-
-#######################################
-# Undo err-catch/err-catch-interactive
-#######################################
-err-allow() {
- shopt -u extdebug
- set +E +o pipefail
- trap ERR
-}
-
-#######################################
-# err-exit: Print stack trace and exit
-#
-# Use this instead of the exit command to be more informative.
-#
-# usage: err-exit [-EXIT_CODE] [MESSAGE]
-#
-# EXIT_CODE Default: $? if it is nonzero, otherwise 1.
-# MESSAGE Print MESSAGE to stderr. Default:
-# ${BASH_SOURCE[1]}:${BASH_LINENO[0]}: `$BASH_COMMAND' returned $?
-#
-# Globals
-#
-# err-cleanup If set, this command will run just before exiting.
-#
-#######################################
-err-exit() {
- # vars have _ prefix so that we can inspect existing set vars without
- # too much overwriting of them.
- local _err=$? _pipestatus="${_pipestatus[*]}"
-
- # This has to come before most things or vars get changed
- local _msg="${BASH_SOURCE[1]}:${BASH_LINENO[0]}: \`$BASH_COMMAND' returned $_err"
- local _cmdr="$BASH_COMMAND" # command right. we chop of the left, keep the right.
-
- if [[ $_pipestatus != "$_err" ]]; then
- _msg+=", PIPESTATUS: $_pipestatus"
- fi
- set +x
- if [[ $1 == -* ]]; then
- _err=${1#-}
- shift
- elif (( ! _err )); then
- _err=1
- fi
- if [[ $1 ]]; then
- _msg="$1"
- fi
-
- ## Begin printing vars from within BASH_COMMAND ##
- local _var _chars _l
- local -A _vars
- while [[ $_cmdr ]]; do
- _chars="${#_cmdr}"
- _cmdr="${_cmdr#*$}"
- _cmdr="${_cmdr#{}"
- if (( _chars == ${#_cmdr} )); then
- break
- fi
- _var="${_cmdr%%[^a-zA-Z0-9_]*}"
- if [[ ! $_var || $_var == [0-9]* ]]; then
- continue
- fi
- _vars[${_var}]=t
- done
- #echo "iank ${_vars[*]}"
- #set |& grep ^password
- # in my small test, this took 50% longer than piping to grep.
- # That seems a small enough penalty to stay in bash here.
- if (( ${#_vars[@]} )); then
- set |& while read -r _l; do
- for _var in "${!_vars[@]}"; do
- case $_l in
- ${_var}=*) printf "%s\n" "$_l" >&2 ;;
- esac
- done
- done
- fi
- ## End printing vars from within BASH_COMMAND ##
-
- printf "%s\n" "$_msg" >&2
- err-bash-trace 2
- set -e # err trap does not work within an error trap
- if type -t err-cleanup >/dev/null; then
- err-cleanup
- fi
- printf "%s: exiting with status %s\n" "$0" "$_err" >&2
- exit $_err
-}
-
-#######################################
-# Print stack trace
-#
-# usage: err-bash-trace [FRAME_START]
-#
-# This function is called by the other functions which print stack
-# traces.
-#
-# It does not show function args unless you first run:
-# shopt -s extdebug
-# which err-catch does for you.
-#
-# FRAME_START Optional variable to set before calling. The frame to
-# start printing on. default=1. If ${#FUNCNAME[@]} <=
-# FRAME_START + 1, don't print anything because we are at
-# the top level of the script and better off printing a
-# general message, for example see what our callers print.
-#
-#######################################
-err-bash-trace() {
- local -i argc_index=0 frame i frame_start=${1:-1}
- local source_loc
- if (( ${#FUNCNAME[@]} <= frame_start + 1 )); then
- return 0
- fi
- for ((frame=0; frame < ${#FUNCNAME[@]}; frame++)); do
- argc=${BASH_ARGC[frame]}
- argc_index+=$argc
- if ((frame < frame_start)); then continue; fi
- if (( ${#BASH_SOURCE[@]} > 1 )); then
- source_loc="${BASH_SOURCE[frame]}:${BASH_LINENO[frame-1]}:"
- fi
- printf " from %sin \`%s" "$source_loc" "${FUNCNAME[frame]}" >&2
- if shopt extdebug >/dev/null; then
- for ((i=argc_index-1; i >= argc_index-argc; i--)); do
- printf " %s" "${BASH_ARGV[i]}" >&2
- done
- fi
- echo \' >&2
- done
- return 0
-}
-
-#######################################
-# Internal function for err-catch. Prints stack trace from interactive
-# shell trap.
-#
-# Usage: see err-catch-interactive
-#######################################
-_err-bash-trace-interactive() {
- if (( ${#FUNCNAME[@]} <= 1 )); then
- return 0
- fi
-
- for pattern in "${err_catch_ignore[@]}"; do
- # shellcheck disable=SC2053
- if [[ ${BASH_SOURCE[1]} == $pattern ]]; then
- return 0
- fi
- done
-
- local ret bash_command argc pattern i last
- last=$_err_func_last
- _err_func_last=${#FUNCNAME[@]}
- # We have these passed to us because they are lost inside the
- # function.
- ret=$1
- pipestatus="$2"
- bash_command="$3"
- argc=$(( $4 - 1 ))
- shift 4
- argv=("$@")
- # The trap returns a nonzero, then gets called again. This condition
- # tells us if is that has happened by checking if we've gone down a
- # stack level.
- if (( _err_func_last >= last )); then
- printf "ERR: \`%s\' returned %s" "$bash_command" $ret >&2
- if [[ $pipestatus != "$ret" ]]; then
- printf ", PIPESTATUS: %s" "$pipestatus" >&2
- fi
- echo >&2
- fi
- printf " from \`%s" "${FUNCNAME[1]}" >&2
- if shopt extdebug >/dev/null; then
- for ((i=argc; i >= 0; i--)); do
- printf " %s" "${argv[i]}" >&2
- done
- fi
- printf "\' defined at %s:%s\n" "${BASH_SOURCE[1]}" "$(declare -F "${FUNCNAME[1]}"|awk "{print \$2}")" >&2
- if [[ -t 1 ]]; then
- return $ret
- else
- # Part of an outgoing pipe, avoid getting get us stuck in a weird
- # subshell if we returned nonzero, which would happen in a situation
- # like this:
- #
- # tf() { while read -r line; do :; done < <(asdf); };
- # tf
- #
- # Note: exit $ret also avoids the stuck subshell problem, and I
- # can't notice any difference, but this seems more proper.
- return 0
- fi
-}
diff --git a/fai/config/files/boot/chboot/DEFAULT b/fai/config/files/boot/chboot/DEFAULT
index adfbe1c..6b0e964 100755
--- a/fai/config/files/boot/chboot/DEFAULT
+++ b/fai/config/files/boot/chboot/DEFAULT
@@ -16,21 +16,17 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-x="$(readlink -f "$BASH_SOURCE")"
-f="${x%/*}/bash-trace"
-if [[ -e $f ]]; then
- source $f
-else
- source ${x%/*}/../bash-trace/DEFAULT
-fi
-
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
usage() {
- cat <-mx8M-m-GaM21PKm7g1bX-2$0}z3GVK}-QC?KNN@-cBv|++Sy^kZ
zbN2qu+2`En-XFK-(^YR*kE*U3{ZchXbu~#4&!Cj){aHY$K+9(|lF^WF9OB|bN%_*74Pl(DO($6-4lWK&
zR~}{)b*8w@BH-QZgS`-P(VvZRK|h9G)myN?n_-JR8*EfJo*VdL!-Wynd+{+`ceGlsmUQVS}19em(68E{XE+!L(^FNI!;i}+1^h}xO1W&WqA84
zdFJa7DDxj|%Dr=?PL1vI`qL2?>fuoI0g?(LY1fE&8n90DbxXAsy-Ipmg1D<~Fa1Vk
z(nH=5rik~=B?XFGrEU+gBp(~6LUEeK3N;~pzRSU}44ZYQEp
zOLl_^T(O(ii*CVkl24NYEUpH~3-Fq>TSsqVJGuB60W=T*szd?+GkY@-@GI2d${IM?
z*^;Q3SeugYTMApcIe`(AouirHZ$XGZ1VbR+Kw*Fo02v5;NN7ZOI9Nz%EChHsL}+XX
zNDu%)1cG?(3xNxwz%jS7cjA5V;wfRWx3jZma|+>KW1hZVuLn@sL-v8
z%41$b{Vx8g^8AJTLa#0UX`r2+Vjesi3FCTar?0o@Y=zQKQ0(<)+1s0FWNNm_>EJEb
zRP^cm9yC!sC^ZjM&dXX9s_m5(%#OjL7nIIza;*lDw^dlr(_D5uM~uIvLVY}^CQegy
zj#7Y)P8FETZ$iDjEs~OaWhgspiFngfR~u(y?|_fN@gvdb%T(%=SNGAu%PBLu+$yRs
zSua)F*~@&(m{k}Imv`Z{J5ySaYmpESJUWE3*xUA=nmC@^+4i-8dRDi@}cRUvDFg3gb
zO_m9c?23DgPzVpRgCWUi?ZPPItB$${$4e@`Vv5
zivOLJk?E*FG*n)+p8>8nAUGn`TBqMAad)dsUQe@gFAFk!5tUe8Ho3S-6ZS*y+=_%q
zwV>bC|Jmg`znmsz{u=uUMqT&=p*riuSmO*+XL)pY;bBrG8AropRhr`;8OfC<*u2PP
z3eT^aWU@qpU2$I_#8!odJijMgre^c8WgE-s)J$mwPIe2R4iy`&D}_AJQC`~yg(=dn
zlX(^^P3f?I_3Rg=JS@N4x1+jugJd7=V;7}rDU9^NmsUvN%JJZ(#hidPGqN8DxPilu
zF>{}Qy)-_CxS{LLcl&bVc%XxZ$8mh~2HoQ8byTi%b1Oe-$zI~j*e)Kgb@hAO_UE0R
zO@4g+dZc#serk0g+xe~1DJT914UBZ&3La%aZXw#Vq&tlF&>|S)NGtKOmtT?SqP8hM>Q`hC&6o?1H*UZ@CmL89uPn^L=&6wfETjW_on0ah7lt5K+
zzQMm(iT58^`7}xjo7ukomm}r>YlK9xMg>AiR0p-DAEFnAQXU{^gb6w?$#ZBG25K5^zMVdAwx5b0OprHk+WMcxR)Xc
zYRe3bLen1i`komW(gl%K3hl_G&qed>BQnNC+gL!*T(oil#%>xEeiVJs{@$ccGr>x3
zq_`qWs%^}!V&xV|)^b&Z=A4_v6x>wvt7FHis<1bd68dl2!)LQyK4ZkaM2KxKJNRnS
zUL`yiLayIZo+^57iUfAs+0u3uzxbW*;g_)G`7cNF`JysqW
zrr&N~$-*CDIra`^^UCq5r0F1v)1RybTFw!$e%y3~m+>2p`^ficG`omt{hd-0~>#nW&yq%xVb?qyD)TVO-#2MfOp6
zv-t*-g7O1F3DMAt5CbTqCA+Td1d-6*+5_RySy#Ul?cp01!^3rB7UZy(!pvtjJ|8<|
z$8`;s2Gl=CrwJs7K{b=`c&9tO8~T%wjsLLgI*WquUW5dqlnUvS^k7h>w|lD>CVOiP
z5acH7rV)3$5n}Sf%H+eusSgv)cdLAgOqM&I&`rvzNoJv|fH~IMPODFuWO(>MSEA)P
z6K&^wk1z8>3+db$JD3O#c1592tMdgDv-)nc>Gc1aIhY=M$FNUV$8dDk;^p<
zPZqETVZMJ^lBGrMQQA2>zS~_Aruf-kP$37wW%s;W*f~_&sqOLD5$g`JyXvCJr6Q9B
zIvG;#{zGke)CudnND~hia%I-}atI3Lb)ew1!uUp#_13F1xK);9?&=o9@ZvHh$r&bD{$?b2WR0#Tes%DpB!0}ihXk_&
z)L>lmzOj)(lvKaMR0nU;D>~!o0&_4y-n^v^VY6^)IFLsi_3}q6>?IHzuq>pDRBV=K
zkL!^~s^)}^~T^9mD421(W(BL8Pk$xFi;eVgXqQ0X%;JL)M
zqjQK4FTBHRreyL|&(p|CFqVpGT@0f?a}q1o3dBqAm{LSwY2;)X(>ONWwz(y&GK5}8
zB`_p!AKsT?UfB$rSzH_NWz&u`U&YRSG@ZLrr1FeT%n3}ius(*WCgULq(4pt+zm6*y
z5QYB;`oU0FQD*Hb-u2?9R#D&$CniVeH(k-n)7ak6sAKoTE`;@zDy*YQcL7K+1II6}
zo6rEcuf>hR(@jl^xG*1~nH^CbqISFw6lt=9;w*rK7e7_YSc~cz8RB+fC{0`i*%drS
zuuL=krH3JD!M$)DxC@pg~%$YNuN5if{DGI=7FR?Op-(sNarZ9Uj
z(_4Dnt`S@tY6b}Ytm)71k9G+RgIcs;i&1rHQfu#SRbl4tx##Ou`z&b}f}mPVS-tzI
zh^DnH#({z!cGb6iQXVD@pHf1!*nN4f#hSR9fa}1}?Tnx2Q9nBd-h@?Q-gqtsqJO?St+2^&XK~3CA1%c#@#ihM@okuLnNoqyrRqQoAOb5<7
zqMETf(40@rlJm{AD56)mGtBGbPgv2;rLUViB$QI}cZx4;qU1NyvLGIrf4HzT(mUJ-
z`ZRuc9sU93Wu1Z1ibIaK_Ao2W8HCt&sD%$L;_~cTIHD(uBFVY>=c|Ej)wq3~zGLAr
zO5Cz3+d^{dPeVHk;UT$KkJB+J6nbByNe8FgzB5ERm-f9M2(Muy4u$&(hAgCt_+3xtB
zQMSQIf+`>8mZN+hCzFW_8=o-t61|(`@~R4ZZz=&1UFPDtjQp
zQhgUI%qCiMI4@&emm5
zs8?@N8zqjf5{_2<+=t1I`y)9%=hd-cK1Y-`V$DbKgxLpu;ys7@dhavc8Y7^kv`8{t
zIYCTUfz1S63PSVIv#0o1l=>({JuJ?=(V3Qez26vhF$LS~{p)oxHDb;mC8S
zYq=L(8VSzaPJ6pS9Bh~H++*4W=6K^=tzwTr>&1>vX44PemdOs>QKz$tKK43J$^EMr
zG}Eu^X*KH?TOM(Cj2!8A)0?+cDEJm`4Ohkw(Nh{o4Ja=noK?qgmE+OgY@?BU$3Oup@blNd9t-?(V|RJ;(I1-B=2eA_LG@QlO0?-*vtN0}{UgkSg)#1xim
zu9cat5LT|M;TOuiPe9-B?r06I&d#rtb#aa-7*@;p
zZ8%IsV*Y}Yf2)cGZ6*rr#^&NJ4UhCFnH_^4K_^n94ZguQ<*uKi{@(()I%$WIj)OEw
zC?9HpoXB-qMN8ub=E$L`JSRJWbp2Q+9fV1#8Wv%SL=Hufc8ur;X7v`+tX&uiEd}+C
zRNCX`k3J_?w#E_eMmRScd}9;3g)cp-%g#=0^-Z?Qcfw6|W=y=#s|TDJRVTZ8xrMGi
zb9xG&a1@g?y>wJ~71@@dSxtfM<3_!BQ46`(7`cu5pl34?S}=3ir%mZTn;=Lt7{x5X
zAbhI%L)`{8H*d{vu%x24q&nGNJ>5Famjs%XG~8YoI#tId4n^(uIS0*~bL}5AKR;-;
z$*>Y^;0Xp|wo7OB<{-L^I7lLfxw{A=L?{mg+?Frcp#|4WjFUrCdVzc!%f~C;yaxPr
z9V_c0U^qt6UU-fZn$$N>x*!l;=<#?6W6LH}Gp6@N=>R^fLzCQ!El@DTab;9q*odn2
z(iutFg!KBx%M-)1=x
zF@3O>V!W{ai+SY##5`-aKd5KwWNK~j-?2^#^zX86<{afwa<9zTY{1uQ^cWSkYG2^-
zpvD#J4KPI0{Ge{K+f)7%Ze#JNX@=7TawONoVdpsJ;nDkz?%2z&^SQ5VkN4wj`+alA
zs|j)29f#IuFQhCf1~|gZIhIW?Il4=xCw$u8ixl!;wY7!!5+dl9#b}^ShO}m%ieq3J
z=}Eyp;-N#;eiowMawq6bLSNnI`M&lZjm419hP1>*#=YyMrfRFQf9$fo_;Ic;O)Q0t
zb;_~4A`Z7#&_Ufh&l??tk8dVqp)z4*W;a$zar$hY8zAjGd*9c~?zDQ~G6$-DlxjPO
zRR7v>VPMOuT$m$LBxi>p!MO6kg@UU^fsaV3$sZT;5cYlLXKE!Q#j;cLrvT@pEkd-u
z{>Sj@YIt;#Bx?cBXK`;daW_~M$gMIHf_Nk`ms^b$!{{~OAHQKhJbr0(h6zZ0JX~dF
zL?&a5XgD6Z>*pgmUXi*vBoVto9uHRLD<;LmoHZM0=5!Mn)2ldmHnV}FW_V5RnmG6@
zJ}+)Pfv-RH^~YEhljhe+j}wADHT@snTW}3fF^lUk2S&}k(eF4{oH#q
z-k{wVyRLn&TGM?bCg9{+eIJ>EH*7@He7Ga1?0{L?zu
z-^MyAihq}NnbIh?kdz$iRVCqNuU-6^9+50a;qQkV+iOuQv$yGd-t3kH1yOF!+1#>T
zO%mxt#F4GSWpZjp(OP1%YNed4j!-_L%WKbVdv0Ns1dHQLQPVMcXMRnm*nIN`gtojJH|(?t<%UxQvyw^kk1KK$^Pd315%
z$2zMsF6S;)G*k+2i}lfaGYO;~i-qXmO*gp|)oa%_a)v~dqBU(v~vNPdgiudCHlsqh?XmetNd1>^nZsWp`!F1qLP*q=T8=qog;v%f=R%d!tMc^TbE8OF
zb!Qo#I=&(pBB66KS1ryUeg3|PHgWEa-rT#|AZngBsTYyzcv<}jvV=0>Z7-5hl;rdB
z##12Kq=xC4-%f~ry_(ebjD>Ez_2Bh2S$L$$dx-D}JI%Q*-%a88=4M7U#1z;gj_9&r
zDEH3Swe&C6asKDAj>go^kwnzUh~#NKi^R^>+MSk!|2Gq@?Tiep&F!52dBOGXM4bJ1
ziHMaA9{$);Ug{87;1{VrgGg?=lYDO^*MK95+GHF1?y^%tlG=uzF6oS@If~O!m?i0v
zH%K{xb$@Mglaaukxs*d&dvv)#;>$hC<5IeWIkrEgKLG*~yme}v{bxQXnm`fSKl9r=VN3R0W*^E)XvCx7J^@HeKY53l>ue|moVm?(g
zor`~#)-EaE#L{fs_`Ot7%yz)nDm?pK2{JcjHbp2i(odm2Bxj*?6`PS?m)fVG%^JBQ
z3E8!s^~m5rR`PtO+$3_w$zt>YyejRh$#F46I`c1s?8riv?GU_`_l8HJ-d5FgG1WxB
z(6>VcmFCz|Zbd#M9J2@5#97+KZ2IzRWV)_7
zs^`VNs6^KXUP$P4mt`L#P^1&bdK%t##t1<#3D
z{fmfn|Cxw?kDP#Ab8fFG
ztOS*hgm%ZWAch9K-SiJJr>f;^$De{cBAwQ85RrL?H$pbKrWDrKpdEOOJ7Q5sMN
z<}f9ZjQtFmb^!XNDOGYG=V;2xRa1aV%alyyY^r6T&+}F@ld99o%c(UD
z_H&PWv{%xuN1d_EQ1zH!P{Wi_~
z?^17P4HXCoWei2O$xDyje9-w!flLag-ZeB?y}dDL4f(?ab9nc|MHg-~Zlcljr+xTN
zXW905g9S1pYsN1dH6h
zI{tFgL}iyZrD!9V*qo7%O0>&
zUu7OKE0oBq`qb>M&*=XCiy_;x_|?3$61H1BP~uHF$_OsfZHG}1RHBIU19YX~6`upB
zod~^#A566agFZAND<&2!ub*-h%~VXI~i{E=`um$q!6i`8<+m$!B_n&MIP&;=+5x#zVRO>
z&)|KyH@EzNq!&Fu^#t%LT^anPg9fwE_ssPT0JQ+Ib#dZ-(r0AfF+5;6E{PO$aXMzv
zu@M~xR3|z2>GEwc-~5#QB;egO&|&gus+i1$Q6k$wa>a-`C^Z+B%Y}2Wg`1?x>NJS|
zvJASzB|`sZ-d$yt)_2z({^B_Y>s&1s1>d}_UZS91-}c3Kb`wpEtPpPv1VZBoftMZM
zs+1q2lXd$CVnHt%iqp!e
z+&Qc=L5u(Uby>V&PQeweZ*A-%GFkHeqfFg92RSRQeckbAO?d+$%I2>~&$=4BW|7{}
z<(@+QM2hR0lJacvWpojERtXXMUk>!ttmW3!5lqdk(uk_G~H4Iby>T@5xP-)9#jqI9o#~e!y;bFK}pf~Qp
z+(|YC_4C6}ONkwFwvNqacv$JHw$+%_3=J*Ofg%S6E{)T0BttVykf>UZFY|fdi0HiF
zu%E@zes-6OgO!-9g`IHlp!#~J5x=vii)t>bW1}|VDUPI;t8bN1cp<7N>h70*e7-9F
z=O23|%}KS7ih~a|KYT5kce{zU6Sz!fLd~p+Ib2H7nWMDr;Zc-NxRAA56k}G)n3r=O&@>k=y+Us`~slL
zO3FxrFMt4P@DF(0z?PSAvoHk!85ueN4lIZWAcI%;NWdr-e4v0aG&rpSAE;pbB+&pq
z&_R&EQ{_(w9tiqZ+5yJ+zwrPV)BKis+EBs@E{h3HC%^{=#2;m!@-2d(ewBTS@_Jwa
z0&w0o_{ap`h~&QxfQq7m766E=h%vt6VSVb%ubTc$S(%wRd70UHSy)I|*?3twcsW>r
zSB@68&NA`6$zxwbL0r)_&{~!I31vf11H&zB?vfzKTm-;t;>K_md3qXMr
zW>!{a$ml=%_Zln@^&8uQF(~E_84$S75HWw$@Bbtdi}35-pxBf9RM50RSL><3w2S
zeSc$ruj|*kA2|1Vhko{7W~vf7Aoc1|a^1A^(P9{)V6Az_$US!G#%r$2)NR?Fs&TihhNMKfzz=
zQx3Sgr{+(BV`N~pB?t&aq6F-BpK`$)uzm$_ql-zwf(roPJ(~dh1oXXybCAmb;2{Hi
zU6vUL_J)>a)(-X#t$&i=?E~5XKX9d;;1h7u7X$$y0U&8-)&^fk1C;f87IMHjNq;Hr
zsSp5+0-=CCVEt4c1e^kZvcYS>tLHtqi41=T{EGFUdjLS^al+RgTTlN9{~1C#|3v?f
zQi=aXX?)>&z#BjUx7i->?gQ)>!9Q$aa78OCPLjY8Kmx!5JisfU9S{PTg5K5F_bQw!
zP)PN<@+g2gB6lTs1;sJ{ukQ=iIvwyDi1~wGP|%=PAXwlL1oC5euw(3I1XES9fdL@1&@>Co)gu>TNsM`9!3nXy(0BB{UjtOf5pFe@*6$L{2}p#gr9OLjxxtB{<;hX(@z5UU?TpaA_e$F
z6CAaI&qjOxgW&H%!r*#@!5D8$Ub{dSumz9cD5-U@1009gJhaf6%31Ob##u!@wpG1n7X%NO0-@MOc_xFxE@f+tKSl?$R^W
ztJG^;Xk1`g;8-YG7+45cPzG|K)uG8kS?we3Aw#1=gQ1(Cdq&+4M%81W-t4|Xrq)Zt
zFU4QMSHwrdufeCp7sr>vkHNRbN5;>@-^4!!|4x7$;djEd!fxII3-;dB!oDWIP}zlrvP!KE@u?
z{uV7V>Wy09s&UQ+nxXq
z)PLC}MDYKxODMqjU)d!L;QT-B5_T~DS9S?MI3EP@$2_S7#t^^p#qY8Ee{O34U~_93
z_yC|HA|WFopdvp*Mn^-%z@fpz!N$g6A*Upy;bjxx=V9aK5|-9c5Ej>v;NpH|qonc1
z(9GOSP~O4a-q=mY#LNhUhK`Pdh4TUr?}d>lH+bppe;OWpK-u8VL4$3+C$sN&02?Gw
z&@ixY;P+y&viikj!I6u8?!;1_
zJf&bWbo7TuzP#+``hy
z`K^nqo4d#R4*`Ke!6Bisaq$TsKP4t5XXoVR!y0f6-m4vA#7u2nC!D|4&C{ILAG-fcD(84dH_>FfUs+ySe
zE@JxowZ`VKq7wzvgp6f=l&&~47xZMSq-X-e1bEm;!365JKLSmS_lHDz>G`-m$1t=*w1hICvNy;wRX1D5WIj0=
zXZev{ve&rNXdU@;LD97Pa#=t@LOzkXFunIT57oQ1%Ou14X9}+Yb%Mf(^Sv*gbobppCmq*v$l$G7rpNDIW^mp5SvW1ETyUyS2TV2;&4%jhZXGK
z8@)@;AuHGATqs~?l%
zH%zHY^CyWGao^lLNN|sJ+fzmkN>rnf8Wy|Kyh+sma&|jwcVzJ%^}O%-j8k&%jh%y#
zM-Tcw7hSjQB8*3cWfG(977P{u+i6A}>a`!qV%}QuBtP9V^V4#%NG7OW~oDOF*Xjg$CgUx!Nq|4_Arz0h8a(C;bRTLw&{bC6qIZ
zxH~ZiW7T=Zg=3EO-e+dlN};}k&&NYW5Znh-8xV3<5h)!eZEijvPe5Izz5jHm##yT0
zl3PtwP(+pY36qz-!4ZdB?uvdXg)A{VrIICZvogYj)-ii62iw>bf!Wg2?dA6IN?D9Q
zTfYaL>b8dH=cISGbxygo8H|3U@0z?@8;g#AzCy{ffd5W0{2qJLiRGs03NveH3Cnzb
zVW);}+g@(CW6xu=pccO(2g-F!2myODw=mO+Wus|JUDl)^i{p|9F3SbO791$9XKpI
zUG;2#9>mGpN=W5!1c}MKCfE$M$P}gx^rg|$Gh!BXdf~MA?)G9?S{d`f=}-%wg4L1I
zzL>S=3ql1)UXOj%X9GO+j;t^5Z|58%E@_8)&=#bJ8}Z58c;_|j2xx7aRc+LYb7+RH
zsB&2Og)q6^ShbOUl*!YFaS9+TN*;+_S|#f`{?6oK59Z7EwuS&Vjm*MKtgx6Fzl&h}gJ1U7)9!-2w^{kZzT0s>lAH4fzutro*!KXI
zluBaiatV{(wqN$%5GyHQ^ms_Or@bzLo$2h2r5z{nr!5GbM2AQ=hoqZZkZhmJP3o~!
zlpRci(^g|y9&{Q0xFq|2AN-h#XU}tbqWV-}!IXuZNMG8Po*ILEc->Y)&iiOIg
z6=s)0YBU67%k2iV(T<-@S2)O$KX|CS>I;ZT1WJLyw?ombPvOl^nF
zC0n(0~J=M73(E#zja_DQl>6Fff-7*>lnGU-hcY
z9Brn5^I(R>v2)S}Pnw)k%Y@J^>RWWpQ7-%lpN=63{B$tl;u^Ctb;?o7NE_$`Z7n6)
zS7;AMnLormXmwuXld*MnN0jnS`}M5V?t<-l#>T5Ed`YyAu@~~U?(=S+MEdEdosR|cq?Ktzs{Z=94|H!E{=~
z)>IHFnGmT-s(ukjy7SA~a)xYLpWw-orVX`GCDRBhv!c=wT}qbw*yz!k0ZRaE>Q?Gc
z%ngd!p2?DY<~wQOT?b~D*=I7-1X
zgouy8-r^Hol=UHn^})LjZ>ek1Cigha!ra2GQe;vhHAbw>(uEXfR1fiLR$ik8zG9Vz
zBs{c`X|Ivh6E4T4?BN1)-O;t>##P%u%GkTH-G5YTYZGBC5Sv$GRZ^9XRW@-wlqvp!Vs09Flzgg5h;6>hFj?kY@5IBVb`v%Z30PJHA!2HV*0{cO*P*2OC;P5v`
zND0Hh0S1$d9P9|eg8c@p$un>X@cz~(KjaVLU-6Sy1%SYpXu)0x1PBTQ2?1V9{1w0}
z;AoIgV5f=)iR_Zx$@-jBOcFG`iZv2%;sq?#bo#qnDMVvhS8K3i<=M}q2;OP4
zg}*2>eyE>g$XL{RRy)H6Zz6G{fU}jMD9dsuX#mCS@dfwmuvIRbk4)VVYtWB~*P>2oD~Lc|Ax`U`evl
zPY~oW;we=qQM^~RxVZWfv&zWISF}EcJVHT};Y(gqVk?Ceui?rfqLl$+(V2|6APph>
zj?|ed7oKggUp_V)S=^wcy-=!3H!Vea7WsA`Ot;h~asK`{hR=vO{O0gyAyKEW$ljJ~
z-^Hd4bi$H|T}jAcg=#@1XUPqh*2-1B?_%hVUR)BQXr8j$A5spel2E-wIvwCS)axzi
z^oDL*KFn=Q5mFXMMPVX%u<#{1F*#s0w8f&i*U@4!s;_gWw8wNjQ8ZYqcI?Icgrq!6
zW=4R{v7!;h%43>4G?cx(Jjy6@A}TkSz{m_*Sj+(MH+gClV&uE*M3X4)tQk
z%>MU1lXrX+GUi9d!g|W~3Ox2D5gq3ww|G8W>IArH@q~Rl3h>}<6sBY1B&D)2jz4xI
zyFN^x*h*|fZre8C@GWd_RS?sS4JSy`ucKGypXj{y?47SQ6~m`^wH&N(y8V)HMEH&-
zvx1>wcdi^#GOYI0lzO8-`kM-sGIMzN6)e_w75|$VRsp&Rq>x$7@AMtSO7f4ub92F>
z&hzEEY~oi#Fq1S{`0U(E0UF%|&k5RQ2W=C-2o-?k+EtdP7zblr8&=B}6$
z2sei@0dM}|qpp?~Rh+#=oZJKEaK#!N+2w!%-B2A#Sl#ti0iC>tezvZUr0g*u#?*_<
zxA-{a65%`d(~WI%6)
zHiy;~uyC9RviZ&+;(fQpG1!y&Xm@!7y-`3EL48V5(nq(qx@BG^
zXYSRE#7^1#3H3W1wBkK~B4O3A{#pZk_f&)J*(c}l`MB$tg|*S}Fkmce)EmVn_1mVh
zUA@ZN`c`GRY?e~@he^YwRYY^H9*XcKmhDv*lTQ8PXFti~B~91O#;{lK2U?N_UMY8yzuv5Rr1C=|FNGbQWd{SkC#Nv#Io_Z(MU?2StZ!Zhl5*}(Qh7Obo<
zjc+)%OW#04`$9NTKGRFuug2?dMFMi50~~QC9qZu^@dsgKce@~SWBi?JxDmXNwtPbyY_%W@
z8yq1+kRRL^L6lFL%LelLdwUyR55sMtO7^Ccv)v
zcy;aQfNB%?v;UPa^Jp>%Dg;I#w*46lFIv+h=<5lp*n1}?)EIstJ;~_j%PZnu19X_3
z!zUXYS5~3zvk-^1&nlR9Hm}^nCYtidzD0G7s4UOK*oyX;3S~-LLq$A?d%hauQo64|
z1c`rJ!cOI0_*O=+R>Wld(SxTZ$;+qJOZUFLLiwQW3sLmMUbQo8VMa*%hsH#KM4ExA
zV!E6~{nf#Sc51r0v5PI2ZPgm~ksR;Jb#2eg2v7*MYhPwO+qd?HXt9LP-#NL~8V0-`
z*>4D3Ps42R6c&5+?Ha<|2Qs7E%G0UKdetxp49W=b!`q4zGPTQ!Pnayo4b>K()X6=<;D&3X&T0qvwEmq$#Ug
zKOm5KlVDTvt^nP?1G<8BN#+A$2bNiG;Co#6wK-H?Cbzm461t19(vBbZOJA5@Zsg10
zZ}iqv3|`02R)>^LXP+OEXYf69M0{cFVTE}E{UvtP=a_*o--RndK>r&Id)YJ#qcbH-
ze1rhX8_AY$ua4J#Aj{=ceG1gSs4BCZxvR4IY^9sJQ%LY$lZ+&?wJ>v_ep)S=RLVLM
z13|HlhkTr*fAW5v*vicz7$eqo{1wbs#+m(Ay}}Jx>d@<=$4~e#KpB5+!g=~|_V?#+
zmG*(cXe#2GdGJ2|iEY;*^fF$?<3jJOHEW35{90HdcX)7{0E_K_Gn~t{ai`qy-W^L*
zU&-E@<&`Bg@K*HieFTWCZ*GDN#&S5mMv@ej^gL|5RY{6ai=J-i(co)HU
ztzTghEZR7-LJcXS5e-!wwQ5|NV{Tqzbrg4<=UPtq#W}1A(>XItBc&&w-{nA^2?aP;
zK$(`5Z%G`IG)sAkP|IC9M#6J6X4P8;w#jWC_I`MWxe&;2xJK!I1luMj+~$;2Gvzw9
z5MH@DOzdUx#pC6cYj=S}XH0dvTZv*zfLr9fLTKnKo5s@kR0#}MDbkbxk#%0d?)i%K
zcykzdA_byb6`T(|JV;`Ug)oR&&=lK>;mKb+XBz5lyt5p=aLALOjNE>u>R-pp2?lCi&a&uzOtifSoZ^H15)7eY(qG=8
z2x;X1DKCgrtjr(@TYMVi`aVo4tyd?H3z0ctLNx%5wls2KHkvlTA3DVIl)V`SSCrU&
z>cEMDUs`FflDg5-0ONvT9?sDwRt#3W?TU{$Y<9h}CfyEEeaf?|$)7t3RZj75AI?Gm
z@J}BRNzj2mpZ)u{LYCF2z-O{n=QOuK)TpHw-pATDg@=B1f*(4$^!C_C77*^E)rcp5
zw$Q7*|Dap5yJ{Z6MTUm1)9?5-1K)_Y1Syy&cfMiCEF7gcKOi|K(p8SBy2`8Vxfn&``t@rP
zxSdE`T02(9wU_TLs#u}{|X_3k_FIP`;&J|*<3r6h_IUE?_sT_Pw)
zI2-F>#d8Fm3mmcm9(lwcd_p8THh3+r?O>?5wClU;@nW|{)|2fg?2z@=R-_O#vibr!9n=giUBl{y!q}M*O;0aXjKO~^vzr^>V+J)DGWZh
zQdy(+h*|&M-QMa;wIO$mBKMW!hUK@b&UoEI+gCenq#RB1dTS=8jaO
za?TTBk1l$&_NeHf_l%b*&Xytj^-o4a?KLU_Git>C;iaGx^rGbl6eweo?A>e|Mn)
z2U9ey@XV_Sk;1qC$Di|62#5^oY1b3@`)av(6Jcmb0R1iaO(Z<(C)9?NA&oMx0b|%l
zHFzdTr@WPMFXDI{_b6_0-ZkO2wFwUF;l?-zm1K=~&U?B?H22PUA()%!rZrAoWZNHpE}sQU1RLU}Zi1e<9%S%Boi*
z_-AEN)x!SdPUWkMTN<<&-n2T4Zl5_HjbeFuAE2XnIeIk2$5lDO;)X3mfOsye;yC+x
zb!B{TWQlE@Lt56cwa*fzBmfT=lCw1K<4@-g^BfSGRy5Crc3?Ls8AC{O!bD_%ilTjm
zRI=yfi_0Fb#2MYbHG68*BPZEx3KB2BB(xR}9Mj3|phY&xD2Wpt2$bbAo>aacz)Uln
z*IiP~4Hx!WR+|*y?MPMs$l?9@2UcfBmYH{M$w5fy(qv;EE4g-QMNB;@Tc&c3ErQ8;
zzXc8~(|}u`$a=il-i%h{sH9M|;!MgXMZ%~-bys>q7iqzaRi{3KOX!~ncr5zWIHp=d
z2c_w$pZ}Gz7K=6iSy|FZu#ZNLcpNuES6_w5+b&u(Gq%UX+^J$Yt}(31A0y?k++uw{
zW4iBHjrPX6NU9E~WY6YSiQ6g@ERMcaW+L3R_9EZn7gK~5Tv8Apsqc*!Obrk~K4QYV^
zS}O=GvW5H>U65)T>ei#wZf348t{kF0g#@lJM-P9L3V%G{m3_tG-H90de>UsIOpks!
z)6EyB#vR^#@3Z!|>wh!v#((U=5?H?HE*-)Qtg>V5fB2`}bE(wI>JM!%;q$AyY~d{=
zDi?lgyTo(3x&{MpcGaYdjrxiHY`rI^pRz=UF+5|CT#s^=NwGo=po5rF8x-`L%Yl<-)l~
ze;#@{i#_3i+=27!5Ac2#mc5==yYJ17*J0ABFE*w*?Vfn&*321tO#z=jr!Cuh(AIk4
zS9y{06&FHgaVtBqXj)!;#$-~w_ePJ~{}u65Di!Z)9G$!-rnb~S?#zsi!@qT(GB%%g
z_>^-}(1*X>^c;)P6ZZNFd6{A(#<#k
diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank
index 54641b2..99316b8 100755
--- a/fai/config/scripts/IANK/11-iank
+++ b/fai/config/scripts/IANK/11-iank
@@ -24,6 +24,9 @@ if [[ $EUID != 0 ]]; then
exit 1
fi
+# ignore this line. hack to make shellcheck ignore $target
+if [[ ! $target ]]; then target=; fi
+
if ! type -t fcopy &>/dev/null; then
sudo apt-get -y install fai-client
fi
@@ -185,12 +188,17 @@ EOF
dns=systemd-resolved
EOF
- $FAI/distro-install-common/ethusb-static
+
+ if [[ ! $FAI_WRAPPER || $SSH_CLIENT ]]; then
+ # for running from fai or remote connections, don't kill the internet
+ ethusb_arg=-c
+ fi
if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
&& ip n show 10.2.0.1 | grep . &>/dev/null; then
- : # we are at home. note: logic duplicated in btrbk-run
+ # we are at_home
+ $FAI/distro-install-common/ethusb-static $ethusb_arg
else
- $FAI/distro-install-common/ethusb-nm
+ $FAI/distro-install-common/ethusb-static off $ethusb_arg
fi
@@ -222,6 +230,7 @@ fi
if ifclass LINODE; then
mkdir -p $target/etc/initramfs-tools/conf.d
+ # shellcheck disable=SC2154 # comes with LINODE environment
cat >$target/etc/initramfs-tools/conf.d/mine <&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+ apt-get -y install wget
+ wget -O /target/tmp/x.deb https://linux-libre.fsfla.org/pub/linux-libre/freesh/pool/main/f/freesh-archive-keyring/freesh-archive-keyring_1.1_all.deb
+ $ROOTCMD dpkg -i /tmp/x.deb
+ $ROOTCMD apt-get update
+ $ROOTCMD apt-get -y install linux-libre
+ fi
;;
esac
diff --git a/faiserver-disable b/faiserver-disable
index 65e2aa8..74aaef8 100755
--- a/faiserver-disable
+++ b/faiserver-disable
@@ -1,16 +1,17 @@
#!/bin/bash
-readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
-script_dir="${this_file%/*}"
-# shellcheck source=./bash-trace
-source "${script_dir}/bash-trace"
-cd $script_dir
-source "${script_dir}/bash-trace"
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat </dev/null; then
echo "$0: disabling fai nfs exports or apache site"
./faiserver-disable-local
else
- echo "$0: sshing to $(chost faiserver) to disable fai nfs exports or apache site"
- ssh root@$(chost faiserver) bash >/srv/fai/nfsroot/root/.ssh/known_hosts
done
@@ -369,6 +362,6 @@ echo "c0:2345:respawn:/sbin/agetty 115200 ttyS0 linux" >>/srv/fai/nfsroot/etc/in
# the logsave prompted because the hostname faiserver was uknown.
# Here it was faiserver.lan when running from a faiserver vm.
# When running from a normal host with faiserver alias, it was the normal hosts name.
-$sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts
+$sed 's/(^[^,]+,)\S+/\1faiserver.b8.nz/' /srv/fai/nfsroot/root/.ssh/known_hosts
# ditch the logo banner up top which screws with less.
touch /srv/fai/nfsroot/.nocolorlogo
diff --git a/faiserver-uninstall b/faiserver-uninstall
index 71a4ea0..8392b35 100755
--- a/faiserver-uninstall
+++ b/faiserver-uninstall
@@ -15,20 +15,25 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
-[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
usage() {
- cat </dev/null || continue
if [[ -e $dir/boot ]]; then
dir=$dir/boot
fi
- e install -m 755 -o root -g root bash-trace $dir
e install -m 755 -o root -g root chboot $dir
done
e umount $mount_point
diff --git a/lk b/lk
index b757fcc..3364717 100755
--- a/lk
+++ b/lk
@@ -74,4 +74,4 @@ fi
# I don't know whats going on, but just running the same
# command again once it finishes works, and this is only
# rarely used and done manually anyways, so whatever.
-pxe-kexec -n --ignore-whitelist -l fai-generated faiserver
+pxe-kexec -n --ignore-whitelist -l fai-generated faiserver.b8.nz
diff --git a/mk-basefile-big b/mk-basefile-big
index 95d2e9f..1a6b6a9 100755
--- a/mk-basefile-big
+++ b/mk-basefile-big
@@ -16,11 +16,13 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+set -e; . /usr/local/lib/bash-bear; set +e
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-x="$(readlink -f -- "$BASH_SOURCE")"; PATH="${x%/*}:$PATH" # directory of this file
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+PATH="$this_dir:$PATH" # directory of this file
usage() {
cat < /srv/fai/config/class/51-multi-boot
rm -rf $t; mkdir -p $t
+# shellcheck disable=SC1007 # intentional
LANG= fai -N -u hostname_does_not_matter dirinstall $t
# Turn a dirinstall into a basefile. taken from mk-basefile
diff --git a/myfai-chboot b/myfai-chboot
index a653ae6..aa3c088 100755
--- a/myfai-chboot
+++ b/myfai-chboot
@@ -19,13 +19,15 @@
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-x=$(readlink -f "$BASH_SOURCE"); cd ${x%/*}
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat </dev/null; then
./myfai-chboot-local "$@"
else
diff --git a/myfai-chboot-local b/myfai-chboot-local
index 7dea8f2..ca4d32e 100755
--- a/myfai-chboot-local
+++ b/myfai-chboot-local
@@ -130,7 +130,7 @@ else
fi
if modprobe nfsd &>/dev/null; then
- std_arg="-u nfs://faiserver/srv/fai/config"
+ std_arg="-u nfs://faiserver.b8.nz/srv/fai/config"
# nfsv4 wont do rw with overlayfs yet
# https://lists.uni-koeln.de/pipermail/linux-fai/2017-March/011641.html
root_arg="$my_ip:/srv/fai/nfsroot:vers=3"
@@ -150,9 +150,9 @@ EOF
fi
systemctl start nfs-server # assumes recent os
else
- std_arg="-u http://faiserver:8080/config.tar.gz"
- root_arg="live:http://faiserver:8080/squash.img"
- /a/exe/web-conf -i -p 8080 - apache2 faiserver <
Deny from all
Allow from $ip
@@ -169,7 +169,7 @@ kernel=$(fai-chboot -L '^default$' | awk '{print $3}')
default_k_args=$(fai-chboot -L '^default$' | \
sed -r "s/^(\S+\s+){3}(.*)/\2/")
# example of default_k_args
-# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config FAI_ACTION=install
+# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config FAI_ACTION=install
# https://wiki.archlinux.org/index.php/Solid_state_drive#Resolving_NCQ_errors
# currently on needed on d16 samsung 870 qvo, but better to have this
diff --git a/mymk-basefile b/mymk-basefile
index 9dc7b14..1f32665 100755
--- a/mymk-basefile
+++ b/mymk-basefile
@@ -16,12 +16,15 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace"
-script_dir="${x%/*}"
+set -e; . /usr/local/lib/bash-bear; set +e
+
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <&2' ERR
[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
-x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*}
+this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"
+readonly this_file this_dir="${this_file%/*}"
+cd "$this_dir"
usage() {
- cat <&2;exit 1;}; . $f
+set -e; . /usr/local/lib/bash-bear; set +e
+
usage() {
cat < $(date +%s) )); then
+ if ! (( $(date -r ${f[0]} +%s) + 60*60*24 > $(date +%s) )); then
if ! opkg update; then
echo "$0: warning: opkg update failed" >&2
fi
@@ -157,7 +159,7 @@ pi() {
pmirror
fi
done
- if [[ $to_install ]]; then
+ if (( ${#to_install[@]} >= 1 )); then
opkg install ${to_install[@]}
fi
}
@@ -238,7 +240,7 @@ fi
if $secrets; then
key=${rkey[$h]}
fi
-: ${key:=pictionary49}
+: "${key:=pictionary49}"
mask=255.255.0.0
cidr=16
@@ -536,8 +538,7 @@ EOF
# option config /etc/openvpn/client.conf
# EOF
-wgip4=10.3.0.1/24
-wgip6=fdfd::1/64
+
wgport=26000
network_restart=false
@@ -577,10 +578,10 @@ if $network_restart; then
v /etc/init.d/network reload
fi
-firewall-cedit() {
- if $client; then
- cedit wific /etc/config/firewall <
Date: Tue, 21 May 2024 20:12:20 -0400
Subject: [PATCH 16/16] bug fix
---
fai/config/distro-install-common/ethusb-static | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fai/config/distro-install-common/ethusb-static b/fai/config/distro-install-common/ethusb-static
index f6cdd62..c55b93d 100755
--- a/fai/config/distro-install-common/ethusb-static
+++ b/fai/config/distro-install-common/ethusb-static
@@ -99,7 +99,10 @@ dns=8.8.8.4;8.8.8.8;"
exit 1
fi
else
- ip=$(getent ahostsv4 $HOSTNAME.office.fsf.org | awk '{ print $1 }' | head -n1)
+ if ! type -p dig &>/dev/null; then
+ apt-get install dig
+ fi
+ ip=$(dig +short @192.168.0.25 $HOSTNAME.office.fsf.org)
net_info="address1=$ip/24,192.168.0.1
dns=192.168.0.10;192.168.0.25;"
fi
--
2.30.2