From fd75a734a7149cf203553d36270482af37e680da Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 20 May 2024 17:57:49 -0400 Subject: [PATCH] various fixes, improvements, shellcheck --- README | 9 +- arch-init | 11 +- arch-init-remote | 19 +- bash-trace | 1 - debian-pxe-preseed | 11 +- fai-redep | 74 +++-- fai-revm | 44 +-- fai-wrapper | 20 +- fai/config/class/DEFAULT.var | 5 +- .../distro-install-common/ethusb-static | 201 ++++++++++++ ...rnel-debs => install-mainline-kernel-debs} | 45 ++- fai/config/files/boot/bash-trace/DEFAULT | 298 ------------------ fai/config/files/boot/chboot/DEFAULT | 20 +- fai/config/hooks/partition.DEFAULT | 4 + fai/config/package_config/STANDARD.gpg | Bin 20276 -> 0 bytes fai/config/scripts/IANK/11-iank | 28 +- faiserver-disable | 23 +- faiserver-revm | 31 +- faiserver-setup | 29 +- faiserver-uninstall | 15 +- fresize | 2 +- grub.cfg.autodiscover | 14 +- install-chboot | 14 +- lk | 2 +- mk-basefile-big | 13 +- myfai-chboot | 16 +- myfai-chboot-local | 10 +- mymk-basefile | 17 +- pxe-server | 12 +- wrt-setup | 10 +- wrt-setup-local | 65 ++-- 31 files changed, 556 insertions(+), 507 deletions(-) delete mode 120000 bash-trace create mode 100755 fai/config/distro-install-common/ethusb-static rename fai/config/distro-install-common/{install-stable-kernel-debs => install-mainline-kernel-debs} (58%) delete mode 100644 fai/config/files/boot/bash-trace/DEFAULT delete mode 100644 fai/config/package_config/STANDARD.gpg diff --git a/README b/README index f9d0853..5e01bb4 100644 --- a/README +++ b/README @@ -109,6 +109,13 @@ Also, setup dns in /p/c/host-info and firewall redirects in wrt-setup-local. After install, btrbk to setup data, and then distro-begin && distro end. See notes in distro-begin for other configuration. +# Prerequesites: + + +git clone https://git.savannah.nongnu.org/git/bash-bear-trap.git +sudo install -T bash-bear-trap/bash-bear /usr/local/lib/bash-bear + + # Scripts (meant to be used directly): @@ -125,7 +132,7 @@ fai-redep -t TARGET_HOSTNAME && sudo fai-cd -M -g $PWD/grub.cfg.netinst-noreboot mymk-basefile # Create basefiles for various distros archlike-pxe # Setup pxe boot server from an archlike base image -fai-redep # Deploy fai configuration to host "faiserver" +fai-redep # Deploy fai configuration to host "faiserver.b8.nz" faiserver-uninstall # uninstall fai-server faiserver-setup # install fai-server on the current machine myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec or booting from a fai-cd. diff --git a/arch-init b/arch-init index 2f14ad6..6a3786f 100755 --- a/arch-init +++ b/arch-init @@ -1,4 +1,4 @@ -#!/bin/bash -x +#!/bin/bash # Copyright (C) 2016 Ian Kelling # This program is free software; you can redistribute it and/or @@ -15,8 +15,13 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" -cd ${x%/*} +set -e; . /usr/local/lib/bash-bear; set +e + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" + +set -x export HOSTNAME="$1" mirror=$2 diff --git a/arch-init-remote b/arch-init-remote index d8e4e29..66e19e2 100755 --- a/arch-init-remote +++ b/arch-init-remote @@ -1,6 +1,21 @@ #!/bin/bash -# Copyright (C) 2019 Ian Kelling -# SPDX-License-Identifier: AGPL-3.0-or-later +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + if [[ -s ~/.bashrc ]];then . ~/.bashrc;fi set -x diff --git a/bash-trace b/bash-trace deleted file mode 120000 index 015ae24..0000000 --- a/bash-trace +++ /dev/null @@ -1 +0,0 @@ -fai/config/files/boot/bash-trace/DEFAULT \ No newline at end of file diff --git a/debian-pxe-preseed b/debian-pxe-preseed index aaef9a6..e2d401f 100755 --- a/debian-pxe-preseed +++ b/debian-pxe-preseed @@ -18,11 +18,12 @@ # WARNING: outdated! needs docs and update to debian-stretch -x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" - [[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@" -src=$(readlink -f "${BASH_SOURCE%/*}") +set -e; . /usr/local/lib/bash-bear; set +e + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" e() { echo "$*"; "$@"; } @@ -36,11 +37,11 @@ cd $mount_dir e rm -rf debian-wheezy mkdir debian-wheezy cd debian-wheezy -e $src/debian-preseed "$@" # my script +e $this_dir/debian-preseed "$@" # my script cd .. e rm -f tftpboot e ln -s debian-wheezy tftpboot cd / e umount $mount_dir -e $src/pxe-server default plain # my script +e $this_dir/pxe-server default plain # my script diff --git a/fai-redep b/fai-redep index b90b30a..250b458 100755 --- a/fai-redep +++ b/fai-redep @@ -1,18 +1,35 @@ #!/bin/bash -# Copyright (C) 2019 Ian Kelling -# SPDX-License-Identifier: AGPL-3.0-or-later -set -eE -o pipefail -trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" -readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")"; cd "${this_file%/*}" +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" -source bash-trace usage() { - cat <&2 ; usage 1 ;; esac shift done -host=${1:-faiserver} +host=${1:-faiserver.b8.nz} readonly host distro target ##### end command line parsing ######## -m() { printf "$pre %s\n" "$*"; "$@"; } +m() { printf "fai-redep: %s\n" "$*"; "$@"; } # i use faiserver as a dns alias, but ssh key is associated with # a canonical hostname and we will have ssh warning spam unless we @@ -63,8 +80,19 @@ faiserver_host=$(/a/exe/chost $host) # faiserver_host=$host faiserver_addr=$(host $host | sed -rn 's/^\S+ has address //p;T;q' ||:) + +rsrv() { + local -a opts + while [[ $2 ]]; do + opts+=("$1") + shift + done + m rsync "${ropts[@]}" "${opts[@]}" "$rpath$1" +} +rpath=/srv if ! ip a | grep "^ *inet.\? $faiserver_addr" &>/dev/null; then - rpre=(-e "ssh -F $HOME/.ssh/confighome" root@$faiserver_host:) + ropts=(-e "ssh -F $HOME/.ssh/confighome") + rpath="root@$faiserver_host:/srv" faiserver_shell="ssh -F $HOME/.ssh/confighome root@$faiserver_host" fi @@ -75,7 +103,7 @@ rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD -m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "${rpre[@]}"/srv +rsrv -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config / # todo: automatically disable faiserver after a period so # these files are not available. @@ -84,7 +112,6 @@ m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "$ if [[ $target ]]; then secret_files=(luks/$target luks/host-$target shadow/$target) exists=false - secret_exists=() for f in ${secret_files[@]}; do if [[ -e /q/root/$f ]]; then exists=true @@ -96,27 +123,28 @@ if [[ $target ]]; then for f in ${secrets_to_send[@]}; do echo $f done - } | rsync -lpt --files-from=- /q/root "${rpre[@]}"/srv/fai/config/distro-install-common + } | rsrv -lpt --files-from=- /q/root /fai/config/distro-install-common fi else - rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common + rsrv -rlpt /q/root/shadow /q/root/luks /fai/config/distro-install-common fi -rsync -rlpt --delete /a/opt/btrfs-progs-release \ - filesystem/usr/local/bin/ethusb-nm \ - filesystem/usr/local/bin/ethusb-static \ - "${rpre[@]}"/srv/fai/config/distro-install-common +rsrv -rlpt --delete /a/opt/btrfs-progs-release /fai/config/distro-install-common dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh) if [[ -e ${dirs[0]} ]]; then - rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common + rsrv -rlpt --delete --relative ${dirs[@]} /fai/config/distro-install-common fi . /a/bin/distro-setup/pkgs -pall+=($(/a/bin/buildscripts/emacs -p; /a/bin/distro-setup/distro-pkgs $distro)) +tmpstr=$(/a/bin/buildscripts/emacs -p && /a/bin/distro-setup/distro-pkgs $distro) +declare -a pall +for p in $tmpstr; do + pall+=($p) +done printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \ $faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe -m rsync -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/ +rsrv -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ /fai/config/basefiles/ diff --git a/fai-revm b/fai-revm index 2ce0102..6bada5e 100755 --- a/fai-revm +++ b/fai-revm @@ -18,12 +18,12 @@ [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" +set -e; . /usr/local/lib/bash-bear; set +e + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" -readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" -script_dir="${this_file%/*}" -# shellcheck source=./bash-trace -source "${script_dir}/bash-trace" -cd $script_dir PATH="$PATH:$PWD" e() { echo "$*"; "$@"; } @@ -88,19 +88,24 @@ disk_count=1 rm -f /tmp/fai-revm-did-pxe -if ! ip l show br0 &>/dev/null; then - cat <<'EOF' -fai-rvm error: no bridge detected. add one to interfaces like this: -iface eth0 inet manual -iface br0 inet dhcp - bridge_ports eth0 - bridge_stp off - bridge_maxwait 0 -EOF - exit 1 +if ip l show br0 &>/dev/null; then + net_arg="-w bridge=br0,mac=52:54:00:9c:ef:ad" +else + # if this computer has ethernet, we could setup a br0 like so: + # cat <<'EOF' + # fai-rvm error: no bridge detected. add one to interfaces like this: + # iface eth0 inet manual + # iface br0 inet dhcp + # bridge_ports eth0 + # bridge_stp off + # bridge_maxwait 0 + # EOF + + # if we only have wifi, cant use eth0 + net_arg="-w network=default,mac=52:54:00:9c:ef:ad" fi -if [[ $script_dir == /a/bin/* ]]; then +if [[ $this_dir == /a/bin/* ]]; then # Copy our script elsewhere so we can develop it # and save it at the same time it's running rm -rf /tmp/faifreeze @@ -146,7 +151,7 @@ else fi boot_arg="--cdrom $isopath" e fai-redep - cat ~/.ssh/demo.pub | /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys + /a/exe/cedit -s /srv/fai/nfsroot/root/.ssh/authorized_keys <~/.ssh/demo.pub e myfai-chboot default fi # I don't think these variants actually make a diff for us, but I @@ -165,7 +170,7 @@ e virsh destroy $name ||: e virsh undefine $name ||: sleep 1 - +## begin virtual disk creation ## disk_arg=() for ((i=1; i <= disk_count; i++)); do f=/var/lib/libvirt/images/${name}$i @@ -178,6 +183,7 @@ for ((i=1; i <= disk_count; i++)); do e qemu-img create -o preallocation=metadata -f qcow2 $f 50G fi done +## end virtual disk creation ## if [[ $SSH_CLIENT ]]; then console_arg=--noautoconsole @@ -202,7 +208,7 @@ fi e systemctl start libvirtd e virt-install --rng /dev/urandom --os-variant $variant -n $name $boot_arg -r 2048 --vcpus $cpus \ - ${disk_arg[*]} -w bridge=br0,mac=52:54:00:9c:ef:ad $reboot_arg \ + ${disk_arg[*]} $net_arg $reboot_arg \ --graphics spice,listen=0.0.0.0 $console_arg |& grep -v '^ *$' | uniq & diff --git a/fai-wrapper b/fai-wrapper index 5efa7f1..b6a75d3 100644 --- a/fai-wrapper +++ b/fai-wrapper @@ -1,6 +1,20 @@ #!/bin/bash -# Copyright (C) 2019 Ian Kelling -# SPDX-License-Identifier: AGPL-3.0-or-later +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # For using some fai commands outside of fai. # Usually this is sourced from another script. Note this has @@ -11,7 +25,7 @@ export FAI_WRAPPER=true ifclass() { local var=${1/#/CLASS_} - [[ $HOSTNAME == $1 || ${!var} ]] + [[ $HOSTNAME == "$1" || ${!var} ]] } fai-setclass() { for class in "$@"; do diff --git a/fai/config/class/DEFAULT.var b/fai/config/class/DEFAULT.var index a999512..d574d7d 100644 --- a/fai/config/class/DEFAULT.var +++ b/fai/config/class/DEFAULT.var @@ -6,7 +6,10 @@ LOGUSER=fai # when downloading from https intead of nfs, this is not set, # it is used as the default for LOGSERVER, and for calling chboot. # My faiserver's hostname is always faiserver, so just hardcoding it. -SERVER=faiserver +# I used bare host in the past, thinking that I could vary this +# between different networks I was on, but it is simpler to just +# user an internet domain that I control. +SERVER=faiserver.b8.nz # busted for debian, no time to troubleshoot atm #APTPROXY=http://faiserver:3142 diff --git a/fai/config/distro-install-common/ethusb-static b/fai/config/distro-install-common/ethusb-static new file mode 100755 index 0000000..f6cdd62 --- /dev/null +++ b/fai/config/distro-install-common/ethusb-static @@ -0,0 +1,201 @@ +#!/bin/bash +# I, Ian Kelling, follow the GNU license recommendations at +# https://www.gnu.org/licenses/license-recommendations.en.html. They +# recommend that small programs, < 300 lines, be licensed under the +# Apache License 2.0. This file contains or is part of one or more small +# programs. If a small program grows beyond 300 lines, I plan to switch +# its license to GPL. + +# Copyright 2024 Ian Kelling + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# usage $0 [-c] [off] +# off: Turn off static ip. +# -c config only, don't tell networkmanager to change anything +# -f force interface reup + +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + +m() { printf "%s\n" "$*"; "$@"; } + +## begin arg parsing ## + +force=false +conf_only=false +comment='# iank file id: ethusb-dhcp-v1' +off=false +while [[ $1 ]]; do + case $1 in + -c) + conf_only=true + ;; + -f) + force=true + ;; + off) + off=true + comment='# iank file id: ethusb-static-v1' + ;; + *) + echo "$0: error unexpected argument: $1" >&2 + exit 1 + ;; + esac + shift +done + +## end arg parsing ## + + +shopt -s nullglob + +# we already configured the interface once, afterwards, comment and +# uncomment to enable/disable. This makes it so we don't depend on /p +# being mounted. + +conf=/etc/NetworkManager/system-connections/ethusb-static.nmconnection +if ! $force && [[ -s $conf ]] && grep -qFx "$comment" $conf; then + # we already ran successfully in the past to set things this way, so + # do nothing. + exit 0 +fi + + +if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \ + && ip n show 10.2.0.1 | grep . &>/dev/null; then + # we are at_home=true + + while read -r ip_suf host mac; do + if [[ $mac != usb ]]; then + continue + fi + if [[ $host == ${HOSTNAME}c ]]; then + + net_info="address1=10.2.0.$ip_suf/16,10.2.0.1 +dns=8.8.8.4;8.8.8.8;" + + break + fi + done

/dev/null | awk '$1 == "connection.uuid:" {print $2}' ||:) +if [[ ! $uuid ]]; then + # just a uuid that nm generated for me at some point + uuid=0da4c614-6a3c-3ad2-8d4b-c6eebe0814c3 +fi + + +# This template is the result of running, for example +# nmcli con mod "Wired connection 1" \ + # ipv4.addresses "10.2.0.23/24" \ + # ipv4.gateway "10.2.0.1" \ + # ipv4.dns "8.8.8.4,8.8.8.8" + +# which creates a fille named "Wired connection 1.nmconnection", +# below. I see no reason to keep the same file name, or a bunch of +# setting that seem irrelevant, and empty sections don't seem to do +# anything according to the man page. + +# [connection] +# id=Wired connection 2 +# uuid=b0fb7694-dfe6-31a1-81fa-7c17b61515a7 +# type=ethernet +# interface-name=eth1 +# timestamp=1715728264 + +# [ethernet] + +# [ipv4] +# address1=10.2.0.23/16,10.2.0.1 +# dns=8.8.8.4;8.8.8.8; +# method=manual + +# [ipv6] +# addr-gen-mode=stable-privacy +# method=auto + +# [proxy] + +{ + cat </dev/null | awk '$1 == "GENERAL.STATE:" {print $2}' ||:) + + reup=false + if [[ $state == activated ]]; then + reup=true + fi + + m nmcli con reload + + if $reup; then + m nmcli con down $uuid + m nmcli con up $uuid + fi +fi + +if ! grep -F "$comment" $conf; then + printf "%s\n" "$comment" >>$conf +fi diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-mainline-kernel-debs similarity index 58% rename from fai/config/distro-install-common/install-stable-kernel-debs rename to fai/config/distro-install-common/install-mainline-kernel-debs index db7abcf..93f7c57 100755 --- a/fai/config/distro-install-common/install-stable-kernel-debs +++ b/fai/config/distro-install-common/install-mainline-kernel-debs @@ -21,7 +21,19 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" -set -x +# default +kernel_ver='6\.6' +case $1 in + stable) + # note: update kernel_ver when we are ready to jump to a new stable kernel. + # Stable kernels are listed here: https://www.kernel.org/category/releases.html + kernel_ver='6\.6' + ;; + unstable) + kernel_ver='[1-9]' + ;; +esac + prereqs=() for p in wget curl; do @@ -35,25 +47,28 @@ fi tmpdir=$($ROOTCMD mktemp -d) || exit +# shellcheck disable=SC2154 # defined by fai outertmp=$target/$tmpdir trap 'cd; rm -rf "$outertmp"' EXIT cd $outertmp -# update stable_ver when we are ready to jump to a new stable kernel. -# Stable kernels are listed here: https://www.kernel.org/category/releases.html -stable_ver='6\.6' -# Actually, I dont want stable right now. comment this out to get stable -# version. -stable_ver='[1-9]' -va=$(curl -s https://kernel.ubuntu.com/mainline/ | \ - sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ - grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1) +# We get 10 versions cuz maybe the latest directory (or few) get created but not populated. +tmps=$(curl -s https://kernel.ubuntu.com/mainline/ | \ + sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ + grep -v -- -rc | sed 's/^v//' | grep "^$kernel_ver" | sort -Vr | head -n10) +mapfile -t latest_versions <<<"$tmps" -# note the wiki page about these says to install linux-headers.*generic.*amd64, but -# as of 2024, they have a requirement of a very new glibc, and people report -# that installing it is not needed. -tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' ) -mapfile -t pkgs <<<"$tmpstr" +for va in "${latest_versions[@]}"; do + sleep .2 # be nice + # note the wiki page about these says to install linux-headers.*generic.*amd64, but + # as of 2024, they have a requirement of a very new glibc, and people report + # that installing it is not needed. + tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | sed '/linux-headers.*generic.*amd64/d' ) + if [[ $tmpstr ]]; then + mapfile -t pkgs <<<"$tmpstr" + break + fi +done if (( ${#pkgs[@]} != 3 )); then echo "$0: error. expected to find 3 kernel packages, got: ${pkgs[*]}" >&2 diff --git a/fai/config/files/boot/bash-trace/DEFAULT b/fai/config/files/boot/bash-trace/DEFAULT deleted file mode 100644 index 2a4077f..0000000 --- a/fai/config/files/boot/bash-trace/DEFAULT +++ /dev/null @@ -1,298 +0,0 @@ -#!/bin/bash -# Bash Error Handler -# Copyright (C) 2020 Ian Kelling -# SPDX-License-Identifier: GPL-3.0-or-later -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - - -# This is a single file library, just source this file. When an error -# happens, we print a stack trace then exit. In an interactive shell, we -# return from functions instead of exiting. If err-cleanup is a command, -# it runs before the stack trace. Functions are documented inline below -# for additional use cases. -# -# Note: occasionally the line numbers are off a bit (at least in Bash -# 5.0). This appears to be a bash bug. I plan to report it next time it -# happens to me. -# -# Please email me if you use this or have anything to contribute. I'm -# not aware of any users yet Ian Kelling . -# -# Tested on bash 4.4.20(1)-release (x86_64-pc-linux-gnu) and -# 5.0.17(1)-release (x86_64-pc-linux-gnu). -# -# Related: see my bash script template repo at https://iankelling.org/git. - - -# TODO: investigate to see if we can format output betting in case of -# subshell failure. Right now, we get independent trace from inside and -# outside of the subshell. Note, errexit + inherit_errexit doesn't have -# any smarts around this either. - -if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi - -####################################### -# err-catch: Setup trap on ERR to print stack trace and exit (or return -# if the shell is interactive). This is the most common use case so we -# run it after defining it, you can call err-allow to undo that. -# -# This also sets pipefail because it's a good practice to catch more -# errors. -# -# Note: In interactive shell, stack calling line number is not -# available, so we print function definition lines. -# -# Note: This works like set -e, which has one unintuitive feature: If -# you use a function as part of a conditional, eg: func && come_cmd, a -# failed command within func won't trigger an error. -# -# Globals -# -# err_catch_ignore Array containing glob patterns to test against -# filenames to ignore errors from in interactive -# shell. Initialized to ignore bash-completion -# scripts on debian based systems. -# -# err-cleanup If set, this command will run just before exiting. -# -# _err_func_last Used internally in err-bash-trace-interactive -# -####################################### -err-catch() { - set -E; - if [[ $- == *i* ]]; then - if ! test ${err_catch_ignore+defined}; then - err_catch_ignore=( - '/etc/bash_completion.d/*' - '*/bash-completion/*' - ) - fi - declare -i _err_func_last=0 - if [[ $- != *c* ]]; then - shopt -s extdebug - fi - # shellcheck disable=SC2154 - trap '_err-bash-trace-interactive $? "${PIPESTATUS[*]}" "$BASH_COMMAND" ${BASH_ARGC[0]} "${BASH_ARGV[@]}" || return $?' ERR - else - # Man bash on exdebug: "If set at shell invocation, arrange to - # execute the debugger". We want to avoid that, but I want this file - # to be sourceable from bash startup files. noninteractive ssh and - # sources .bashrc on invocation. login_shell sources things on - # invocation. - # - # extdebug allows us to print function arguments in our stack trace. - if ! shopt login_shell >/dev/null && [[ ! $SSH_CONNECTION ]]; then - shopt -s extdebug - fi - trap err-exit ERR - fi - set -o pipefail -} -# This is the most common use case so run it now. -err-catch - -####################################### -# Undo err-catch/err-catch-interactive -####################################### -err-allow() { - shopt -u extdebug - set +E +o pipefail - trap ERR -} - -####################################### -# err-exit: Print stack trace and exit -# -# Use this instead of the exit command to be more informative. -# -# usage: err-exit [-EXIT_CODE] [MESSAGE] -# -# EXIT_CODE Default: $? if it is nonzero, otherwise 1. -# MESSAGE Print MESSAGE to stderr. Default: -# ${BASH_SOURCE[1]}:${BASH_LINENO[0]}: `$BASH_COMMAND' returned $? -# -# Globals -# -# err-cleanup If set, this command will run just before exiting. -# -####################################### -err-exit() { - # vars have _ prefix so that we can inspect existing set vars without - # too much overwriting of them. - local _err=$? _pipestatus="${_pipestatus[*]}" - - # This has to come before most things or vars get changed - local _msg="${BASH_SOURCE[1]}:${BASH_LINENO[0]}: \`$BASH_COMMAND' returned $_err" - local _cmdr="$BASH_COMMAND" # command right. we chop of the left, keep the right. - - if [[ $_pipestatus != "$_err" ]]; then - _msg+=", PIPESTATUS: $_pipestatus" - fi - set +x - if [[ $1 == -* ]]; then - _err=${1#-} - shift - elif (( ! _err )); then - _err=1 - fi - if [[ $1 ]]; then - _msg="$1" - fi - - ## Begin printing vars from within BASH_COMMAND ## - local _var _chars _l - local -A _vars - while [[ $_cmdr ]]; do - _chars="${#_cmdr}" - _cmdr="${_cmdr#*$}" - _cmdr="${_cmdr#{}" - if (( _chars == ${#_cmdr} )); then - break - fi - _var="${_cmdr%%[^a-zA-Z0-9_]*}" - if [[ ! $_var || $_var == [0-9]* ]]; then - continue - fi - _vars[${_var}]=t - done - #echo "iank ${_vars[*]}" - #set |& grep ^password - # in my small test, this took 50% longer than piping to grep. - # That seems a small enough penalty to stay in bash here. - if (( ${#_vars[@]} )); then - set |& while read -r _l; do - for _var in "${!_vars[@]}"; do - case $_l in - ${_var}=*) printf "%s\n" "$_l" >&2 ;; - esac - done - done - fi - ## End printing vars from within BASH_COMMAND ## - - printf "%s\n" "$_msg" >&2 - err-bash-trace 2 - set -e # err trap does not work within an error trap - if type -t err-cleanup >/dev/null; then - err-cleanup - fi - printf "%s: exiting with status %s\n" "$0" "$_err" >&2 - exit $_err -} - -####################################### -# Print stack trace -# -# usage: err-bash-trace [FRAME_START] -# -# This function is called by the other functions which print stack -# traces. -# -# It does not show function args unless you first run: -# shopt -s extdebug -# which err-catch does for you. -# -# FRAME_START Optional variable to set before calling. The frame to -# start printing on. default=1. If ${#FUNCNAME[@]} <= -# FRAME_START + 1, don't print anything because we are at -# the top level of the script and better off printing a -# general message, for example see what our callers print. -# -####################################### -err-bash-trace() { - local -i argc_index=0 frame i frame_start=${1:-1} - local source_loc - if (( ${#FUNCNAME[@]} <= frame_start + 1 )); then - return 0 - fi - for ((frame=0; frame < ${#FUNCNAME[@]}; frame++)); do - argc=${BASH_ARGC[frame]} - argc_index+=$argc - if ((frame < frame_start)); then continue; fi - if (( ${#BASH_SOURCE[@]} > 1 )); then - source_loc="${BASH_SOURCE[frame]}:${BASH_LINENO[frame-1]}:" - fi - printf " from %sin \`%s" "$source_loc" "${FUNCNAME[frame]}" >&2 - if shopt extdebug >/dev/null; then - for ((i=argc_index-1; i >= argc_index-argc; i--)); do - printf " %s" "${BASH_ARGV[i]}" >&2 - done - fi - echo \' >&2 - done - return 0 -} - -####################################### -# Internal function for err-catch. Prints stack trace from interactive -# shell trap. -# -# Usage: see err-catch-interactive -####################################### -_err-bash-trace-interactive() { - if (( ${#FUNCNAME[@]} <= 1 )); then - return 0 - fi - - for pattern in "${err_catch_ignore[@]}"; do - # shellcheck disable=SC2053 - if [[ ${BASH_SOURCE[1]} == $pattern ]]; then - return 0 - fi - done - - local ret bash_command argc pattern i last - last=$_err_func_last - _err_func_last=${#FUNCNAME[@]} - # We have these passed to us because they are lost inside the - # function. - ret=$1 - pipestatus="$2" - bash_command="$3" - argc=$(( $4 - 1 )) - shift 4 - argv=("$@") - # The trap returns a nonzero, then gets called again. This condition - # tells us if is that has happened by checking if we've gone down a - # stack level. - if (( _err_func_last >= last )); then - printf "ERR: \`%s\' returned %s" "$bash_command" $ret >&2 - if [[ $pipestatus != "$ret" ]]; then - printf ", PIPESTATUS: %s" "$pipestatus" >&2 - fi - echo >&2 - fi - printf " from \`%s" "${FUNCNAME[1]}" >&2 - if shopt extdebug >/dev/null; then - for ((i=argc; i >= 0; i--)); do - printf " %s" "${argv[i]}" >&2 - done - fi - printf "\' defined at %s:%s\n" "${BASH_SOURCE[1]}" "$(declare -F "${FUNCNAME[1]}"|awk "{print \$2}")" >&2 - if [[ -t 1 ]]; then - return $ret - else - # Part of an outgoing pipe, avoid getting get us stuck in a weird - # subshell if we returned nonzero, which would happen in a situation - # like this: - # - # tf() { while read -r line; do :; done < <(asdf); }; - # tf - # - # Note: exit $ret also avoids the stuck subshell problem, and I - # can't notice any difference, but this seems more proper. - return 0 - fi -} diff --git a/fai/config/files/boot/chboot/DEFAULT b/fai/config/files/boot/chboot/DEFAULT index adfbe1c..6b0e964 100755 --- a/fai/config/files/boot/chboot/DEFAULT +++ b/fai/config/files/boot/chboot/DEFAULT @@ -16,21 +16,17 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -[[ $EUID == 0 ]] || exec sudo "$BASH_SOURCE" "$@" +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" -x="$(readlink -f "$BASH_SOURCE")" -f="${x%/*}/bash-trace" -if [[ -e $f ]]; then - source $f -else - source ${x%/*}/../bash-trace/DEFAULT -fi - +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR usage() { - cat <-mx8M-m-GaM21PKm7g1bX-2$0}z3GVK}-QC?KNN@-cBv|++Sy^kZ zbN2qu+2`En-XFK-(^YR*kE*U3{ZchXbu~#4&!Cj){aHY$K+9(|lF^WF9OB|bN%_*74Pl(DO($6-4lWK& zR~}{)b*8w@BH-QZgS`-P(VvZRK|h9G)myN?n_-JR8*EfJo*VdL!-Wynd+{+`ceGlsmUQVS}19em(68E{XE+!L(^FNI!;i}+1^h}xO1W&WqA84 zdFJa7DDxj|%Dr=?PL1vI`qL2?>fuoI0g?(LY1fE&8n90DbxXAsy-Ipmg1D<~Fa1Vk z(nH=5rik~=B?XFGrEU+gBp(~6LUEeK3N;~pzRSU}44ZYQEp zOLl_^T(O(ii*CVkl24NYEUpH~3-Fq>TSsqVJGuB60W=T*szd?+GkY@-@GI2d${IM? z*^;Q3SeugYTMApcIe`(AouirHZ$XGZ1VbR+Kw*Fo02v5;NN7ZOI9Nz%EChHsL}+XX zNDu%)1cG?(3xNxwz%jS7cjA5V;wfRWx3jZma|+>KW1hZVuLn@sL-v8 z%41$b{Vx8g^8AJTLa#0UX`r2+Vjesi3FCTar?0o@Y=zQKQ0(<)+1s0FWNNm_>EJEb zRP^cm9yC!sC^ZjM&dXX9s_m5(%#OjL7nIIza;*lDw^dlr(_D5uM~uIvLVY}^CQegy zj#7Y)P8FETZ$iDjEs~OaWhgspiFngfR~u(y?|_fN@gvdb%T(%=SNGAu%PBLu+$yRs zSua)F*~@&(m{k}Imv`Z{J5ySaYmpESJUWE3*xUA=nmC@^+4i-8dRDi@}cRUvDFg3gb zO_m9c?23DgPzVpRgCWUi?ZPPItB$${$4e@`Vv5 zivOLJk?E*FG*n)+p8>8nAUGn`TBqMAad)dsUQe@gFAFk!5tUe8Ho3S-6ZS*y+=_%q zwV>bC|Jmg`znmsz{u=uUMqT&=p*riuSmO*+XL)pY;bBrG8AropRhr`;8OfC<*u2PP z3eT^aWU@qpU2$I_#8!odJijMgre^c8WgE-s)J$mwPIe2R4iy`&D}_AJQC`~yg(=dn zlX(^^P3f?I_3Rg=JS@N4x1+jugJd7=V;7}rDU9^NmsUvN%JJZ(#hidPGqN8DxPilu zF>{}Qy)-_CxS{LLcl&bVc%XxZ$8mh~2HoQ8byTi%b1Oe-$zI~j*e)Kgb@hAO_UE0R zO@4g+dZc#serk0g+xe~1DJT914UBZ&3La%aZXw#Vq&tlF&>|S)NGtKOmtT?SqP8hM>Q`hC&6o?1H*UZ@CmL89uPn^L=&6wfETjW_on0ah7lt5K+ zzQMm(iT58^`7}xjo7ukomm}r>YlK9xMg>AiR0p-DAEFnAQXU{^gb6w?$#ZBG25K5^zMVdAwx5b0OprHk+WMcxR)Xc zYRe3bLen1i`komW(gl%K3hl_G&qed>BQnNC+gL!*T(oil#%>xEeiVJs{@$ccGr>x3 zq_`qWs%^}!V&xV|)^b&Z=A4_v6x>wvt7FHis<1bd68dl2!)LQyK4ZkaM2KxKJNRnS zUL`yiLayIZo+^57iUfAs+0u3uzxbW*;g_)G`7cNF`JysqW zrr&N~$-*CDIra`^^UCq5r0F1v)1RybTFw!$e%y3~m+>2p`^ficG`omt{hd-0~>#nW&yq%xVb?qyD)TVO-#2MfOp6 zv-t*-g7O1F3DMAt5CbTqCA+Td1d-6*+5_RySy#Ul?cp01!^3rB7UZy(!pvtjJ|8<| z$8`;s2Gl=CrwJs7K{b=`c&9tO8~T%wjsLLgI*WquUW5dqlnUvS^k7h>w|lD>CVOiP z5acH7rV)3$5n}Sf%H+eusSgv)cdLAgOqM&I&`rvzNoJv|fH~IMPODFuWO(>MSEA)P z6K&^wk1z8>3+db$JD3O#c1592tMdgDv-)nc>Gc1aIhY=M$FNUV$8dDk;^p< zPZqETVZMJ^lBGrMQQA2>zS~_Aruf-kP$37wW%s;W*f~_&sqOLD5$g`JyXvCJr6Q9B zIvG;#{zGke)CudnND~hia%I-}atI3Lb)ew1!uUp#_13F1xK);9?&=o9@ZvHh$r&bD{$?b2WR0#Tes%DpB!0}ihXk_& z)L>lmzOj)(lvKaMR0nU;D>~!o0&_4y-n^v^VY6^)IFLsi_3}q6>?IHzuq>pDRBV=K zkL!^~s^)}^~T^9mD421(W(BL8Pk$xFi;eVgXqQ0X%;JL)M zqjQK4FTBHRreyL|&(p|CFqVpGT@0f?a}q1o3dBqAm{LSwY2;)X(>ONWwz(y&GK5}8 zB`_p!AKsT?UfB$rSzH_NWz&u`U&YRSG@ZLrr1FeT%n3}ius(*WCgULq(4pt+zm6*y z5QYB;`oU0FQD*Hb-u2?9R#D&$CniVeH(k-n)7ak6sAKoTE`;@zDy*YQcL7K+1II6} zo6rEcuf>hR(@jl^xG*1~nH^CbqISFw6lt=9;w*rK7e7_YSc~cz8RB+fC{0`i*%drS zuuL=krH3JD!M$)DxC@pg~%$YNuN5if{DGI=7FR?Op-(sNarZ9Uj z(_4Dnt`S@tY6b}Ytm)71k9G+RgIcs;i&1rHQfu#SRbl4tx##Ou`z&b}f}mPVS-tzI zh^DnH#({z!cGb6iQXVD@pHf1!*nN4f#hSR9fa}1}?Tnx2Q9nBd-h@?Q-gqtsqJO?St+2^&XK~3CA1%c#@#ihM@okuLnNoqyrRqQoAOb5<7 zqMETf(40@rlJm{AD56)mGtBGbPgv2;rLUViB$QI}cZx4;qU1NyvLGIrf4HzT(mUJ- z`ZRuc9sU93Wu1Z1ibIaK_Ao2W8HCt&sD%$L;_~cTIHD(uBFVY>=c|Ej)wq3~zGLAr zO5Cz3+d^{dPeVHk;UT$KkJB+J6nbByNe8FgzB5ERm-f9M2(Muy4u$&(hAgCt_+3xtB zQMSQIf+`>8mZN+hCzFW_8=o-t61|(`@~R4ZZz=&1UFPDtjQp zQhgUI%qCiMI4@&emm5 zs8?@N8zqjf5{_2<+=t1I`y)9%=hd-cK1Y-`V$DbKgxLpu;ys7@dhavc8Y7^kv`8{t zIYCTUfz1S63PSVIv#0o1l=>({JuJ?=(V3Qez26vhF$LS~{p)oxHDb;mC8S zYq=L(8VSzaPJ6pS9Bh~H++*4W=6K^=tzwTr>&1>vX44PemdOs>QKz$tKK43J$^EMr zG}Eu^X*KH?TOM(Cj2!8A)0?+cDEJm`4Ohkw(Nh{o4Ja=noK?qgmE+OgY@?BU$3Oup@blNd9t-?(V|RJ;(I1-B=2eA_LG@QlO0?-*vtN0}{UgkSg)#1xim zu9cat5LT|M;TOuiPe9-B?r06I&d#rtb#aa-7*@;p zZ8%IsV*Y}Yf2)cGZ6*rr#^&NJ4UhCFnH_^4K_^n94ZguQ<*uKi{@(()I%$WIj)OEw zC?9HpoXB-qMN8ub=E$L`JSRJWbp2Q+9fV1#8Wv%SL=Hufc8ur;X7v`+tX&uiEd}+C zRNCX`k3J_?w#E_eMmRScd}9;3g)cp-%g#=0^-Z?Qcfw6|W=y=#s|TDJRVTZ8xrMGi zb9xG&a1@g?y>wJ~71@@dSxtfM<3_!BQ46`(7`cu5pl34?S}=3ir%mZTn;=Lt7{x5X zAbhI%L)`{8H*d{vu%x24q&nGNJ>5Famjs%XG~8YoI#tId4n^(uIS0*~bL}5AKR;-; z$*>Y^;0Xp|wo7OB<{-L^I7lLfxw{A=L?{mg+?Frcp#|4WjFUrCdVzc!%f~C;yaxPr z9V_c0U^qt6UU-fZn$$N>x*!l;=<#?6W6LH}Gp6@N=>R^fLzCQ!El@DTab;9q*odn2 z(iutFg!KBx%M-)1=x zF@3O>V!W{ai+SY##5`-aKd5KwWNK~j-?2^#^zX86<{afwa<9zTY{1uQ^cWSkYG2^- zpvD#J4KPI0{Ge{K+f)7%Ze#JNX@=7TawONoVdpsJ;nDkz?%2z&^SQ5VkN4wj`+alA zs|j)29f#IuFQhCf1~|gZIhIW?Il4=xCw$u8ixl!;wY7!!5+dl9#b}^ShO}m%ieq3J z=}Eyp;-N#;eiowMawq6bLSNnI`M&lZjm419hP1>*#=YyMrfRFQf9$fo_;Ic;O)Q0t zb;_~4A`Z7#&_Ufh&l??tk8dVqp)z4*W;a$zar$hY8zAjGd*9c~?zDQ~G6$-DlxjPO zRR7v>VPMOuT$m$LBxi>p!MO6kg@UU^fsaV3$sZT;5cYlLXKE!Q#j;cLrvT@pEkd-u z{>Sj@YIt;#Bx?cBXK`;daW_~M$gMIHf_Nk`ms^b$!{{~OAHQKhJbr0(h6zZ0JX~dF zL?&a5XgD6Z>*pgmUXi*vBoVto9uHRLD<;LmoHZM0=5!Mn)2ldmHnV}FW_V5RnmG6@ zJ}+)Pfv-RH^~YEhljhe+j}wADHT@snTW}3fF^lUk2S&}k(eF4{oH#q z-k{wVyRLn&TGM?bCg9{+eIJ>EH*7@He7Ga1?0{L?zu z-^MyAihq}NnbIh?kdz$iRVCqNuU-6^9+50a;qQkV+iOuQv$yGd-t3kH1yOF!+1#>T zO%mxt#F4GSWpZjp(OP1%YNed4j!-_L%WKbVdv0Ns1dHQLQPVMcXMRnm*nIN`gtojJH|(?t<%UxQvyw^kk1KK$^Pd315% z$2zMsF6S;)G*k+2i}lfaGYO;~i-qXmO*gp|)oa%_a)v~dqBU(v~vNPdgiudCHlsqh?XmetNd1>^nZsWp`!F1qLP*q=T8=qog;v%f=R%d!tMc^TbE8OF zb!Qo#I=&(pBB66KS1ryUeg3|PHgWEa-rT#|AZngBsTYyzcv<}jvV=0>Z7-5hl;rdB z##12Kq=xC4-%f~ry_(ebjD>Ez_2Bh2S$L$$dx-D}JI%Q*-%a88=4M7U#1z;gj_9&r zDEH3Swe&C6asKDAj>go^kwnzUh~#NKi^R^>+MSk!|2Gq@?Tiep&F!52dBOGXM4bJ1 ziHMaA9{$);Ug{87;1{VrgGg?=lYDO^*MK95+GHF1?y^%tlG=uzF6oS@If~O!m?i0v zH%K{xb$@Mglaaukxs*d&dvv)#;>$hC<5IeWIkrEgKLG*~yme}v{bxQXnm`fSKl9r=VN3R0W*^E)XvCx7J^@HeKY53l>ue|moVm?(g zor`~#)-EaE#L{fs_`Ot7%yz)nDm?pK2{JcjHbp2i(odm2Bxj*?6`PS?m)fVG%^JBQ z3E8!s^~m5rR`PtO+$3_w$zt>YyejRh$#F46I`c1s?8riv?GU_`_l8HJ-d5FgG1WxB z(6>VcmFCz|Zbd#M9J2@5#97+KZ2IzRWV)_7 zs^`VNs6^KXUP$P4mt`L#P^1&bdK%t##t1<#3D z{fmfn|Cxw?kDP#Ab8fFG ztOS*hgm%ZWAch9K-SiJJr>f;^$De{cBAwQ85RrL?H$pbKrWDrKpdEOOJ7Q5sMN z<}f9ZjQtFmb^!XNDOGYG=V;2xRa1aV%alyyY^r6T&+}F@ld99o%c(UD z_H&PWv{%xuN1d_EQ1zH!P{Wi_~ z?^17P4HXCoWei2O$xDyje9-w!flLag-ZeB?y}dDL4f(?ab9nc|MHg-~Zlcljr+xTN zXW905g9S1pYsN1dH6h zI{tFgL}iyZrD!9V*qo7%O0>& zUu7OKE0oBq`qb>M&*=XCiy_;x_|?3$61H1BP~uHF$_OsfZHG}1RHBIU19YX~6`upB zod~^#A566agFZAND<&2!ub*-h%~VXI~i{E=`um$q!6i`8<+m$!B_n&MIP&;=+5x#zVRO> z&)|KyH@EzNq!&Fu^#t%LT^anPg9fwE_ssPT0JQ+Ib#dZ-(r0AfF+5;6E{PO$aXMzv zu@M~xR3|z2>GEwc-~5#QB;egO&|&gus+i1$Q6k$wa>a-`C^Z+B%Y}2Wg`1?x>NJS| zvJASzB|`sZ-d$yt)_2z({^B_Y>s&1s1>d}_UZS91-}c3Kb`wpEtPpPv1VZBoftMZM zs+1q2lXd$CVnHt%iqp!e z+&Qc=L5u(Uby>V&PQeweZ*A-%GFkHeqfFg92RSRQeckbAO?d+$%I2>~&$=4BW|7{} z<(@+QM2hR0lJacvWpojERtXXMUk>!ttmW3!5lqdk(uk_G~H4Iby>T@5xP-)9#jqI9o#~e!y;bFK}pf~Qp z+(|YC_4C6}ONkwFwvNqacv$JHw$+%_3=J*Ofg%S6E{)T0BttVykf>UZFY|fdi0HiF zu%E@zes-6OgO!-9g`IHlp!#~J5x=vii)t>bW1}|VDUPI;t8bN1cp<7N>h70*e7-9F z=O23|%}KS7ih~a|KYT5kce{zU6Sz!fLd~p+Ib2H7nWMDr;Zc-NxRAA56k}G)n3r=O&@>k=y+Us`~slL zO3FxrFMt4P@DF(0z?PSAvoHk!85ueN4lIZWAcI%;NWdr-e4v0aG&rpSAE;pbB+&pq z&_R&EQ{_(w9tiqZ+5yJ+zwrPV)BKis+EBs@E{h3HC%^{=#2;m!@-2d(ewBTS@_Jwa z0&w0o_{ap`h~&QxfQq7m766E=h%vt6VSVb%ubTc$S(%wRd70UHSy)I|*?3twcsW>r zSB@68&NA`6$zxwbL0r)_&{~!I31vf11H&zB?vfzKTm-;t;>K_md3qXMr zW>!{a$ml=%_Zln@^&8uQF(~E_84$S75HWw$@Bbtdi}35-pxBf9RM50RSL><3w2S zeSc$ru&#j|*kA2|1Vhko{7W~vf7Aoc1|a^1A^(P9{)V6Az_$US!G#%r$2)NR?Fs&TihhNMKfzz= zQx3Sgr{+(BV`N~pB?t&aq6F-BpK`$)uzm$_ql-zwf(roPJ(~dh1oXXybCAmb;2{Hi zU6vUL_J)>a)(-X#t$&i=?E~5XKX9d;;1h7u7X$$y0U&8-)&^fk1C;f87IMHjNq;Hr zsSp5+0-=CCVEt4c1e^kZvcYS>tLHtqi41=T{EGFUdjLS^al+RgTTlN9{~1C#|3v?f zQi=aXX?)>&z#BjUx7i->?gQ)>!9Q$aa78OCPLjY8Kmx!5JisfU9S{PTg5K5F_bQw! zP)PN<@+g2gB6lTs1;sJ{ukQ=iIvwyDi1~wGP|%=PAXwlL1oC5euw(3I1XES9fdL@1&@>Co)gu>TNsM`9!3nXy(0BB{UjtOf5pFe@*6$L{2}p#gr9OLjxxtB{<;hX(@z5UU?TpaA_e$F z6CAaI&qjOxgW&H%!r*#@!5D8$Ub{dSumz9cD5-U@1009gJhaf6%31Ob##u!@wpG1n7X%NO0-@MOc_xFxE@f+tKSl?$R^W ztJG^;Xk1`g;8-YG7+45cPzG|K)uG8kS?we3Aw#1=gQ1(Cdq&+4M%81W-t4|Xrq)Zt zFU4QMSHwrdufeCp7sr>vkHNRbN5;>@-^4!!|4x7$;djEd!fxII3-;dB!oDWIP}zlrvP!KE@u? z{uV7V>Wy09s&UQ+nxXq z)PLC}MDYKxODMqjU)d!L;QT-B5_T~DS9S?MI3EP@$2_S7#t^^p#qY8Ee{O34U~_93 z_yC|HA|WFopdvp*Mn^-%z@fpz!N$g6A*Upy;bjxx=V9aK5|-9c5Ej>v;NpH|qonc1 z(9GOSP~O4a-q=mY#LNhUhK`Pdh4TUr?}d>lH+bppe;OWpK-u8VL4$3+C$sN&02?Gw z&@ixY;P+y&viikj!I6u8?!;1_ zJf&bWbo7TuzP#+``hy z`K^nqo4d#R4*`Ke!6Bisaq$TsKP4t5XXoVR!y0f6-m4vA#7u2nC!D|4&C{ILAG-fcD(84dH_>FfUs+ySe zE@JxowZ`VKq7wzvgp6f=l&&~47xZMSq-X-e1bEm;!365JKLSmS_lHDz>G`-m$1t=*w1hICvNy;wRX1D5WIj0= zXZev{ve&rNXdU@;LD97Pa#=t@LOzkXFunIT57oQ1%Ou14X9}+Yb%Mf(^Sv*gbobppCmq*v$l$G7rpNDIW^mp5SvW1ETyUyS2TV2;&4%jhZXGK z8@)@;AuHGATqs~?l% zH%zHY^CyWGao^lLNN|sJ+fzmkN>rnf8Wy|Kyh+sma&|jwcVzJ%^}O%-j8k&%jh%y# zM-Tcw7hSjQB8*3cWfG(977P{u+i6A}>a`!qV%}QuBtP9V^V4#%NG7OW~oDOF*Xjg$CgUx!Nq|4_Arz0h8a(C;bRTLw&{bC6qIZ zxH~ZiW7T=Zg=3EO-e+dlN};}k&&NYW5Znh-8xV3<5h)!eZEijvPe5Izz5jHm##yT0 zl3PtwP(+pY36qz-!4ZdB?uvdXg)A{VrIICZvogYj)-ii62iw>bf!Wg2?dA6IN?D9Q zTfYaL>b8dH=cISGbxygo8H|3U@0z?@8;g#AzCy{ffd5W0{2qJLiRGs03NveH3Cnzb zVW);}+g@(CW6xu=pccO(2g-F!2myODw=mO+Wus|JUDl)^i{p|9F3SbO791$9XKpI zUG;2#9>mGpN=W5!1c}MKCfE$M$P}gx^rg|$Gh!BXdf~MA?)G9?S{d`f=}-%wg4L1I zzL>S=3ql1)UXOj%X9GO+j;t^5Z|58%E@_8)&=#bJ8}Z58c;_|j2xx7aRc+LYb7+RH zsB&2Og)q6^ShbOUl*!YFaS9+TN*;+_S|#f`{?6oK59Z7EwuS&Vjm*MKtgx6Fzl&h}gJ1U7)9!-2w^{kZzT0s>lAH4fzutro*!KXI zluBaiatV{(wqN$%5GyHQ^ms_Or@bzLo$2h2r5z{nr!5GbM2AQ=hoqZZkZhmJP3o~! zlpRci(^g|y9&{Q0xFq|2AN-h#XU}tbqWV-}!IXuZNMG8Po*ILEc->Y)&iiOIg z6=s)0YBU67%k2iV(T<-@S2)O$KX|CS>I;ZT1WJLyw?ombPvOl^nF zC0n(0~J=M73(E#zja_DQl>6Fff-7*>lnGU-hcY z9Brn5^I(R>v2)S}Pnw)k%Y@J^>RWWpQ7-%lpN=63{B$tl;u^Ctb;?o7NE_$`Z7n6) zS7;AMnLormXmwuXld*MnN0jnS`}M5V?t<-l#>T5Ed`YyAu@~~U?(=S+MEdEdosR|cq?Ktzs{Z=94|H!E{=~ z)>IHFnGmT-s(ukjy7SA~a)xYLpWw-orVX`GCDRBhv!c=wT}qbw*yz!k0ZRaE>Q?Gc z%ngd!p2?DY<~wQOT?b~D*=I7-1X zgouy8-r^Hol=UHn^})LjZ>ek1Cigha!ra2GQe;vhHAbw>(uEXfR1fiLR$ik8zG9Vz zBs{c`X|Ivh6E4T4?BN1)-O;t>##P%u%GkTH-G5YTYZGBC5Sv$GRZ^9XRW@-wlqvp!Vs09Flzgg5h;6>hFj?kY@5IBVb`v%Z30PJHA!2HV*0{cO*P*2OC;P5v` zND0Hh0S1$d9P9|eg8c@p$un>X@cz~(KjaVLU-6Sy1%SYpXu)0x1PBTQ2?1V9{1w0} z;AoIgV5f=)iR_Zx$@-jBOcFG`iZv2%;sq?#bo#qnDMVvhS8K3i<=M}q2;OP4 zg}*2>eyE>g$XL{RRy)H6Zz6G{fU}jMD9dsuX#mCS@dfwmuvIRbk4)VVYtWB~*P>2oD~Lc|Ax`U`evl zPY~oW;we=qQM^~RxVZWfv&zWISF}EcJVHT};Y(gqVk?Ceui?rfqLl$+(V2|6APph> zj?|ed7oKggUp_V)S=^wcy-=!3H!Vea7WsA`Ot;h~asK`{hR=vO{O0gyAyKEW$ljJ~ z-^Hd4bi$H|T}jAcg=#@1XUPqh*2-1B?_%hVUR)BQXr8j$A5spel2E-wIvwCS)axzi z^oDL*KFn=Q5mFXMMPVX%u<#{1F*#s0w8f&i*U@4!s;_gWw8wNjQ8ZYqcI?Icgrq!6 zW=4R{v7!;h%43>4G?cx(Jjy6@A}TkSz{m_*Sj+(MH+gClV&uE*M3X4)tQk z%>MU1lXrX+GUi9d!g|W~3Ox2D5gq3ww|G8W>IArH@q~Rl3h>}<6sBY1B&D)2jz4xI zyFN^x*h*|fZre8C@GWd_RS?sS4JSy`ucKGypXj{y?47SQ6~m`^wH&N(y8V)HMEH&- zvx1>wcdi^#GOYI0lzO8-`kM-sGIMzN6)e_w75|$VRsp&Rq>x$7@AMtSO7f4ub92F> z&hzEEY~oi#Fq1S{`0U(E0UF%|&k5RQ2W=C-2o-?k+EtdP7zblr8&=B}6$ z2sei@0dM}|qpp?~Rh+#=oZJKEaK#!N+2w!%-B2A#Sl#ti0iC>tezvZUr0g*u#?*_< zxA-{a65%`d(~WI%6) zHiy;~uyC9RviZ&+;(fQpG1!y&Xm@!7y-`3EL48V5(nq(qx@BG^ zXYSRE#7^1#3H3W1wBkK~B4O3A{#pZk_f&)J*(c}l`MB$tg|*S}Fkmce)EmVn_1mVh zUA@ZN`c`GRY?e~@he^YwRYY^H9*XcKmhDv*lTQ8PXFti~B~91O#;{lK2U?N_UMY8yzuv5Rr1C=|FNGbQWd{SkC#Nv#Io_Z(MU?2StZ!Zhl5*}(Qh7Obo< zjc+)%OW#04`$9NTKGRFuug2?dMFMi50~~QC9qZu^@dsgKce@~SWBi?JxDmXNwtPbyY_%W@ z8yq1+kRRL^L6lFL%LelLdwUyR55sMtO7^Ccv)v zcy;aQfNB%?v;UPa^Jp>%Dg;I#w*46lFIv+h=<5lp*n1}?)EIstJ;~_j%PZnu19X_3 z!zUXYS5~3zvk-^1&nlR9Hm}^nCYtidzD0G7s4UOK*oyX;3S~-LLq$A?d%hauQo64| z1c`rJ!cOI0_*O=+R>Wld(SxTZ$;+qJOZUFLLiwQW3sLmMUbQo8VMa*%hsH#KM4ExA zV!E6~{nf#Sc51r0v5PI2ZPgm~ksR;Jb#2eg2v7*MYhPwO+qd?HXt9LP-#NL~8V0-` z*>4D3Ps42R6c&5+?Ha<|2Qs7E%G0UKdetxp49W=b!`q4zGPTQ!Pnayo4b>K()X6=<;D&3X&T0qvwEmq$#Ug zKOm5KlVDTvt^nP?1G<8BN#+A$2bNiG;Co#6wK-H?Cbzm461t19(vBbZOJA5@Zsg10 zZ}iqv3|`02R)>^LXP+OEXYf69M0{cFVTE}E{UvtP=a_*o--RndK>r&Id)YJ#qcbH- ze1rhX8_AY$ua4J#Aj{=ceG1gSs4BCZxvR4IY^9sJQ%LY$lZ+&?wJ>v_ep)S=RLVLM z13|HlhkTr*fAW5v*vicz7$eqo{1wbs#+m(Ay}}Jx>d@<=$4~e#KpB5+!g=~|_V?#+ zmG*(cXe#2GdGJ2|iEY;*^fF$?<3jJOHEW35{90HdcX)7{0E_K_Gn~t{ai`qy-W^L* zU&-E@<&`Bg@K*HieFTWCZ*GDN#&S5mMv@ej^gL|5RY{6ai=J-i(co)HU ztzTghEZR7-LJcXS5e-!wwQ5|NV{Tqzbrg4<=UPtq#W}1A(>XItBc&&w-{nA^2?aP; zK$(`5Z%G`IG)sAkP|IC9M#6J6X4P8;w#jWC_I`MWxe&;2xJK!I1luMj+~$;2Gvzw9 z5MH@DOzdUx#pC6cYj=S}XH0dvTZv*zfLr9fLTKnKo5s@kR0#}MDbkbxk#%0d?)i%K zcykzdA_byb6`T(|JV;`Ug)oR&&=lK>;mKb+XBz5lyt5p=aLALOjNE>u>R-pp2?lCi&a&uzOtifSoZ^H15)7eY(qG=8 z2x;X1DKCgrtjr(@TYMVi`aVo4tyd?H3z0ctLNx%5wls2KHkvlTA3DVIl)V`SSCrU& z>cEMDUs`FflDg5-0ONvT9?sDwRt#3W?TU{$Y<9h}CfyEEeaf?|$)7t3RZj75AI?Gm z@J}BRNzj2mpZ)u{LYCF2z-O{n=QOuK)TpHw-pATDg@=B1f*(4$^!C_C77*^E)rcp5 zw$Q7*|Dap5yJ{Z6MTUm1)9?5-1K)_Y1Syy&cfMiCEF7gcKOi|K(p8SBy2`8Vxfn&``t@rP zxSdE`T02(9wU_TLs#u}{|X_3k_FIP`;&J|*<3r6h_IUE?_sT_Pw) zI2-F>#d8Fm3mmcm9(lwcd_p8THh3+r?O>?5wClU;@nW|{)|2fg?2z@=R-_O#vibr!9n=giUBl{y!q}M*O;0aXjKO~^vzr^>V+J)DGWZh zQdy(+h*|&M-QMa;wIO$mBKMW!hUK@b&UoEI+gCenq#RB1dTS=8jaO za?TTBk1l$&_NeHf_l%b*&#&Xytj^-o4a?KLU_Git>C;iaGx^rGbl6eweo?A>e|Mn) z2U9ey@XV_Sk;1qC$Di|62#5^oY1b3@`)av(6Jcmb0R1iaO(Z<(C)9?NA&oMx0b|%l zHFzdTr@WPMFXDI{_b6_0-ZkO2wFwUF;l?-zm1K=~&U?B?H22PUA()%!rZrAoWZNHpE}sQU1RLU}Zi1e<9%S%Boi* z_-AEN)x!SdPUWkMTN<<&-n2T4Zl5_HjbeFuAE2XnIeIk2$5lDO;)X3mfOsye;yC+x zb!B{TWQlE@Lt56cwa*fzBmfT=lCw1K<4@-g^BfSGRy5Crc3?Ls8AC{O!bD_%ilTjm zRI=yfi_0Fb#2MYbHG68*BPZEx3KB2BB(xR}9Mj3|phY&xD2Wpt2$bbAo>aacz)Uln z*IiP~4Hx!WR+|*y?MPMs$l?9@2UcfBmYH{M$w5fy(qv;EE4g-QMNB;@Tc&c3ErQ8; zzXc8~(|}u`$a=il-i%h{sH9M|;!MgXMZ%~-bys>q7iqzaRi{3KOX!~ncr5zWIHp=d z2c_w$pZ}Gz7K=6iSy|FZu#ZNLcpNuES6_w5+b&u(Gq%UX+^J$Yt}(31A0y?k++uw{ zW4iBHjrPX6NU9E~WY6YSiQ6g@ERMcaW+L3R_9EZn7gK~5Tv8Apsqc*!Obrk~K4QYV^ zS}O=GvW5H>U65)T>ei#wZf348t{kF0g#@lJM-P9L3V%G{m3_tG-H90de>UsIOpks! z)6EyB#vR^#@3Z!|>wh!v#((U=5?H?HE*-)Qtg>V5fB2`}bE(wI>JM!%;q$AyY~d{= zDi?lgyTo(3x&{MpcGaYdjrxiHY`rI^pRz=UF+5|CT#s^=NwGo=po5rF8x-`L%Yl<-)l~ ze;#@{i#_3i+=27!5Ac2#mc5==yYJ17*J0ABFE*w*?Vfn&*321tO#z=jr!Cuh(AIk4 zS9y{06&FHgaVtBqXj)!;#$-~w_ePJ~{}u65Di!Z)9G$!-rnb~S?#zsi!@qT(GB%%g z_>^-}(1*X>^c;)P6ZZNFd6{A(#<#k diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index 54641b2..99316b8 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -24,6 +24,9 @@ if [[ $EUID != 0 ]]; then exit 1 fi +# ignore this line. hack to make shellcheck ignore $target +if [[ ! $target ]]; then target=; fi + if ! type -t fcopy &>/dev/null; then sudo apt-get -y install fai-client fi @@ -185,12 +188,17 @@ EOF dns=systemd-resolved EOF - $FAI/distro-install-common/ethusb-static + + if [[ ! $FAI_WRAPPER || $SSH_CLIENT ]]; then + # for running from fai or remote connections, don't kill the internet + ethusb_arg=-c + fi if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \ && ip n show 10.2.0.1 | grep . &>/dev/null; then - : # we are at home. note: logic duplicated in btrbk-run + # we are at_home + $FAI/distro-install-common/ethusb-static $ethusb_arg else - $FAI/distro-install-common/ethusb-nm + $FAI/distro-install-common/ethusb-static off $ethusb_arg fi @@ -222,6 +230,7 @@ fi if ifclass LINODE; then mkdir -p $target/etc/initramfs-tools/conf.d + # shellcheck disable=SC2154 # comes with LINODE environment cat >$target/etc/initramfs-tools/conf.d/mine <&1 | grep -Fx "Status: install ok installed" &>/dev/null; then + apt-get -y install wget + wget -O /target/tmp/x.deb https://linux-libre.fsfla.org/pub/linux-libre/freesh/pool/main/f/freesh-archive-keyring/freesh-archive-keyring_1.1_all.deb + $ROOTCMD dpkg -i /tmp/x.deb + $ROOTCMD apt-get update + $ROOTCMD apt-get -y install linux-libre + fi ;; esac diff --git a/faiserver-disable b/faiserver-disable index 65e2aa8..74aaef8 100755 --- a/faiserver-disable +++ b/faiserver-disable @@ -1,16 +1,17 @@ #!/bin/bash -readonly this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" -script_dir="${this_file%/*}" -# shellcheck source=./bash-trace -source "${script_dir}/bash-trace" -cd $script_dir -source "${script_dir}/bash-trace" +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" usage() { - cat </dev/null; then echo "$0: disabling fai nfs exports or apache site" ./faiserver-disable-local else - echo "$0: sshing to $(chost faiserver) to disable fai nfs exports or apache site" - ssh root@$(chost faiserver) bash >/srv/fai/nfsroot/root/.ssh/known_hosts done @@ -369,6 +362,6 @@ echo "c0:2345:respawn:/sbin/agetty 115200 ttyS0 linux" >>/srv/fai/nfsroot/etc/in # the logsave prompted because the hostname faiserver was uknown. # Here it was faiserver.lan when running from a faiserver vm. # When running from a normal host with faiserver alias, it was the normal hosts name. -$sed 's/(^[^,]+,)\S+/\1faiserver/' /srv/fai/nfsroot/root/.ssh/known_hosts +$sed 's/(^[^,]+,)\S+/\1faiserver.b8.nz/' /srv/fai/nfsroot/root/.ssh/known_hosts # ditch the logo banner up top which screws with less. touch /srv/fai/nfsroot/.nocolorlogo diff --git a/faiserver-uninstall b/faiserver-uninstall index 71a4ea0..8392b35 100755 --- a/faiserver-uninstall +++ b/faiserver-uninstall @@ -15,20 +15,25 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + +if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi +shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4 set -eE -o pipefail -trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR -[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@" usage() { - cat </dev/null || continue if [[ -e $dir/boot ]]; then dir=$dir/boot fi - e install -m 755 -o root -g root bash-trace $dir e install -m 755 -o root -g root chboot $dir done e umount $mount_point diff --git a/lk b/lk index b757fcc..3364717 100755 --- a/lk +++ b/lk @@ -74,4 +74,4 @@ fi # I don't know whats going on, but just running the same # command again once it finishes works, and this is only # rarely used and done manually anyways, so whatever. -pxe-kexec -n --ignore-whitelist -l fai-generated faiserver +pxe-kexec -n --ignore-whitelist -l fai-generated faiserver.b8.nz diff --git a/mk-basefile-big b/mk-basefile-big index 95d2e9f..1a6b6a9 100755 --- a/mk-basefile-big +++ b/mk-basefile-big @@ -16,11 +16,13 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -[[ $EUID == 0 ]] || exec sudo -E "$BASH_SOURCE" "$@" +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" +set -e; . /usr/local/lib/bash-bear; set +e -x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" -x="$(readlink -f -- "$BASH_SOURCE")"; PATH="${x%/*}:$PATH" # directory of this file +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +PATH="$this_dir:$PATH" # directory of this file usage() { cat < /srv/fai/config/class/51-multi-boot rm -rf $t; mkdir -p $t +# shellcheck disable=SC1007 # intentional LANG= fai -N -u hostname_does_not_matter dirinstall $t # Turn a dirinstall into a basefile. taken from mk-basefile diff --git a/myfai-chboot b/myfai-chboot index a653ae6..aa3c088 100755 --- a/myfai-chboot +++ b/myfai-chboot @@ -19,13 +19,15 @@ set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR -x=$(readlink -f "$BASH_SOURCE"); cd ${x%/*} +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" usage() { - cat </dev/null; then ./myfai-chboot-local "$@" else diff --git a/myfai-chboot-local b/myfai-chboot-local index 7dea8f2..ca4d32e 100755 --- a/myfai-chboot-local +++ b/myfai-chboot-local @@ -130,7 +130,7 @@ else fi if modprobe nfsd &>/dev/null; then - std_arg="-u nfs://faiserver/srv/fai/config" + std_arg="-u nfs://faiserver.b8.nz/srv/fai/config" # nfsv4 wont do rw with overlayfs yet # https://lists.uni-koeln.de/pipermail/linux-fai/2017-March/011641.html root_arg="$my_ip:/srv/fai/nfsroot:vers=3" @@ -150,9 +150,9 @@ EOF fi systemctl start nfs-server # assumes recent os else - std_arg="-u http://faiserver:8080/config.tar.gz" - root_arg="live:http://faiserver:8080/squash.img" - /a/exe/web-conf -i -p 8080 - apache2 faiserver < Deny from all Allow from $ip @@ -169,7 +169,7 @@ kernel=$(fai-chboot -L '^default$' | awk '{print $3}') default_k_args=$(fai-chboot -L '^default$' | \ sed -r "s/^(\S+\s+){3}(.*)/\2/") # example of default_k_args -# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver/srv/fai/config FAI_ACTION=install +# initrd=initrd.img-3.16.0-4-amd64 ip=dhcp root=192.168.1.3:/srv/fai/nfsroot FAI_CONFIG_SRC=nfs://faiserver.b8.nz/srv/fai/config FAI_ACTION=install # https://wiki.archlinux.org/index.php/Solid_state_drive#Resolving_NCQ_errors # currently on needed on d16 samsung 870 qvo, but better to have this diff --git a/mymk-basefile b/mymk-basefile index 9dc7b14..1f32665 100755 --- a/mymk-basefile +++ b/mymk-basefile @@ -16,12 +16,15 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" -script_dir="${x%/*}" +set -e; . /usr/local/lib/bash-bear; set +e + +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" usage() { - cat <&2' ERR [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" -x="$(readlink -f "$BASH_SOURCE")"; cd ${x%/*} +this_file="$(readlink -f -- "${BASH_SOURCE[0]}")" +readonly this_file this_dir="${this_file%/*}" +cd "$this_dir" usage() { - cat <&2;exit 1;}; . $f +set -e; . /usr/local/lib/bash-bear; set +e + usage() { cat < $(date +%s) )); then + if ! (( $(date -r ${f[0]} +%s) + 60*60*24 > $(date +%s) )); then if ! opkg update; then echo "$0: warning: opkg update failed" >&2 fi @@ -157,7 +159,7 @@ pi() { pmirror fi done - if [[ $to_install ]]; then + if (( ${#to_install[@]} >= 1 )); then opkg install ${to_install[@]} fi } @@ -238,7 +240,7 @@ fi if $secrets; then key=${rkey[$h]} fi -: ${key:=pictionary49} +: "${key:=pictionary49}" mask=255.255.0.0 cidr=16 @@ -536,8 +538,7 @@ EOF # option config /etc/openvpn/client.conf # EOF -wgip4=10.3.0.1/24 -wgip6=fdfd::1/64 + wgport=26000 network_restart=false @@ -577,10 +578,10 @@ if $network_restart; then v /etc/init.d/network reload fi -firewall-cedit() { - if $client; then - cedit wific /etc/config/firewall <