static usb ethnet addresses

diff --git a/README b/README
index da28e4e2f0a0ef933f72cc0949055eb864e0c208..f9d0853be6ac082422e7992a21ff8693f8503cff 100644 (file)
--- a/README
+++ b/README
@@ -104,7 +104,7 @@ fai/config/distro-install-common/end
 and which shadow file / luks file(s) to copy into the new machine depends
 on fai-redep arguments.
 
 and which shadow file / luks file(s) to copy into the new machine depends
 on fai-redep arguments.
 

-Also, setup dns in bind and wrt-setup-local.
+Also, setup dns in /p/c/host-info and firewall redirects in wrt-setup-local.

 
 After install, btrbk to setup data, and then distro-begin && distro end.
 See notes in distro-begin for other configuration.
 
 After install, btrbk to setup data, and then distro-begin && distro end.
 See notes in distro-begin for other configuration.


@@ -128,7 +128,7 @@ archlike-pxe # Setup pxe boot server from an archlike base image
 fai-redep # Deploy fai configuration to host "faiserver"
 faiserver-uninstall # uninstall fai-server
 faiserver-setup # install fai-server on the current machine
 fai-redep # Deploy fai configuration to host "faiserver"
 faiserver-uninstall # uninstall fai-server
 faiserver-setup # install fai-server on the current machine

-myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec
+myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec or booting from a fai-cd.

 pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot
 wrt-setup  # setup my router in general: dhcp, dns, etc.
 
 pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot
 wrt-setup  # setup my router in general: dhcp, dns, etc.
 


@@ -191,6 +191,24 @@ ERROR: Kernel modules directory /lib/modules/5.10.0-8-amd not available. Only fo
 
 solution: if running from fai-cd, recreate autodiscover cd as noted above in setup.
 
 
 solution: if running from fai-cd, recreate autodiscover cd as noted above in setup.
 

+## Weird package dependency errors
+
+for example: in fai.log, within instsoft.DEBIAN
+```
+The following packages have unmet dependencies:
+ libc6 : Breaks: locales (< 2.36) but 2.35-0ubuntu3.7+11.0trisquel1 is to be installed
+```
+
+In this case, it was because the basefile was missing, and so instead
+fai decided to use the wrong basefile.
+
+for example: in fai.log, within instsoft.DEBIAN
+
+```
+ftar: No matching class found in /var/lib/fai/config/basefiles//
+ftar: extracting /var/tmp/base.tar.zst to /target/
+```
+

 # What good logs look like:
 
 logging nfs traffic from server
 # What good logs look like:
 
 logging nfs traffic from server

diff --git a/fai-redep b/fai-redep
index 5e08b2f4b106329291c349b83b28607f60dccf3e..b90b30a285ca5d6654d8191428ec79d97c6f8392 100755 (executable)
--- a/fai-redep
+++ b/fai-redep
@@ -75,12 +75,12 @@ rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized
 install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh
 install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh
 rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD
 install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh
 install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh
 rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD

-
-m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /a/opt/btrfs-progs-release "${rpre[@]}"/srv
+m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "${rpre[@]}"/srv

 
 # todo: automatically disable faiserver after a period so
 # these files are not available.
 
 
 # todo: automatically disable faiserver after a period so
 # these files are not available.
 

+

 if [[ $target ]]; then
   secret_files=(luks/$target luks/host-$target shadow/$target)
   exists=false
 if [[ $target ]]; then
   secret_files=(luks/$target luks/host-$target shadow/$target)
   exists=false


@@ -102,6 +102,11 @@ else
   rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common
 fi
 
   rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common
 fi
 

+rsync -rlpt --delete /a/opt/btrfs-progs-release \
+      filesystem/usr/local/bin/ethusb-nm \
+      filesystem/usr/local/bin/ethusb-static \
+      "${rpre[@]}"/srv/fai/config/distro-install-common
+

 dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
 if [[ -e ${dirs[0]} ]]; then
   rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common
 dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh)
 if [[ -e ${dirs[0]} ]]; then
   rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common


@@ -114,4 +119,4 @@ printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \
   $faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe
 
 
   $faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe
 
 

-rsync -rplt --include '/*.gz' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/
+m rsync -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/

diff --git a/fai-revm b/fai-revm
index 050ecdaf90d1523891398ed4094396c1057fd934..2ce01027a58e63c2e3baa23de76f1c8ea9cf6d11 100755 (executable)
--- a/fai-revm
+++ b/fai-revm
@@ -140,7 +140,7 @@ else
       BASEFILE_DIR=/tmp
     fi
     isopath=$BASEFILE_DIR/$iso
       BASEFILE_DIR=/tmp
     fi
     isopath=$BASEFILE_DIR/$iso

-    isosrc=$BASEFILE_DIR/BOOKWORM64.tar.gz
+    isosrc=$BASEFILE_DIR/BOOKWORM64.tar.zst

     if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then
       e fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath
     fi
     if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then
       e fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath
     fi

diff --git a/fai/config/basefiles/mk-basefile b/fai/config/basefiles/mk-basefile
index b81965fc2a01697fea48d3b82ba9a76757b52833..d449c604f4268c132360da66eb16abd17f9f2df1 100755 (executable)
--- a/fai/config/basefiles/mk-basefile
+++ b/fai/config/basefiles/mk-basefile
@@ -1,15 +1,17 @@
 #! /bin/bash
 # mk-basefile, create basefiles for some distributions
 #
 #! /bin/bash
 # mk-basefile, create basefiles for some distributions
 #

-# Thomas Lange, Uni Koeln, 2011-2021
+# Thomas Lange, Uni Koeln, 2011-2024

 # based on the Makefile implementation of Michael Goetze
 #
 # Usage example: mk-basefile -J STRETCH64
 # This will create a STRETCH64.tar.xz basefile.
 
 # based on the Makefile implementation of Michael Goetze
 #
 # Usage example: mk-basefile -J STRETCH64
 # This will create a STRETCH64.tar.xz basefile.
 

-# Supported distributions (each i386/amd64):
+# Supported distributions (i386/amd64):

 # Debian GNU/Linux
 # Debian GNU/Linux

-# Ubuntu 14.04/16.04
+# Ubuntu 14.04/16.04/20.04/22.04
+# AlmaLinux 9
+# Rocky Linux 8/9

 # CentOS 5/6/7/8
 # Scientific Linux Cern 5/6
 #
 # CentOS 5/6/7/8
 # Scientific Linux Cern 5/6
 #


@@ -32,6 +34,7 @@ EXCLUDE_BUSTER=
 EXCLUDE_BULLSEYE=
 EXCLUDE_BOOKWORM=
 EXCLUDE_TRIXIE=
 EXCLUDE_BULLSEYE=
 EXCLUDE_BOOKWORM=
 EXCLUDE_TRIXIE=

+EXCLUDE_FORKY=

 EXCLUDE_SID=
 
 EXCLUDE_BELENOS=dhcp3-client,dhcp3-common,info
 EXCLUDE_SID=
 
 EXCLUDE_BELENOS=dhcp3-client,dhcp3-common,info


@@ -42,8 +45,9 @@ EXCLUDE_BIONIC=udhcpc,dibbler-client,info
 EXCLUDE_ETIONA=udhcpc,dibbler-client,info
 EXCLUDE_FOCAL=udhcpc,dibbler-client,info
 EXCLUDE_NABIA=udhcpc,dibbler-client,info
 EXCLUDE_ETIONA=udhcpc,dibbler-client,info
 EXCLUDE_FOCAL=udhcpc,dibbler-client,info
 EXCLUDE_NABIA=udhcpc,dibbler-client,info

-EXCLUDE_JAMMY=
-EXCLUDE_ARAMO=
+EXCLUDE_JAMMY=udhcpc,dibbler-client,info
+EXCLUDE_ARAMO=udhcpc,dibbler-client,info
+EXCLUDE_NOBLE=udhcpc,dibbler-client,info

 
 # here you can add packages, that are needed very early
 INCLUDE_DEBIAN=
 
 # here you can add packages, that are needed very early
 INCLUDE_DEBIAN=


@@ -127,7 +131,8 @@ cleanup-deb() {
     chroot $xtmp apt-get clean
     rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf \
           $xtmp/var/lib/apt/lists/*_* $xtmp/usr/bin/qemu-*-static \
     chroot $xtmp apt-get clean
     rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf \
           $xtmp/var/lib/apt/lists/*_* $xtmp/usr/bin/qemu-*-static \

-          $xtmp/etc/udev/rules.d/70-persistent-net.rules
+          $xtmp/etc/udev/rules.d/70-persistent-net.rules \
+          $xtmp/var/lib/dbus/machine-id

     > $xtmp/etc/machine-id
 }
 
     > $xtmp/etc/machine-id
 }
 


@@ -154,6 +159,30 @@ tarit() {
 }
 
 
 }
 
 

+rpmdist() {
+
+    local arch=$1
+    local vers=$2
+    local dist=$3
+    local domain=$(domainname)
+
+    check
+    setarch $arch
+    $l32 rinse --directory $xtmp --distribution $dist-$vers --arch $arch --before-post-install $xtmp/post
+    domainname $domain # workaround for #613377
+    cleanup-rinse
+    tarit
+}
+
+
+alma() {
+    rpmdist $1 $2 alma
+}
+
+rocky() {
+    rpmdist $1 $2 rocky
+}
+

 centos() {
 
     local arch=$1
 centos() {
 
     local arch=$1


@@ -220,6 +249,9 @@ prtdists() {
 
     echo "Available:
 
 
     echo "Available:
 

+    ALMA9_64
+    ROCKY8_64
+    ROCKY9_64

     CENTOS5_32   CENTOS5_64
     CENTOS6_32   CENTOS6_64
     CENTOS7_32   CENTOS7_64
     CENTOS5_32   CENTOS5_64
     CENTOS6_32   CENTOS6_64
     CENTOS7_32   CENTOS7_64


@@ -236,6 +268,7 @@ prtdists() {
                  NABIA64
                  JAMMY64
                  ARAMO64
                  NABIA64
                  JAMMY64
                  ARAMO64

+                 NOBLE64

     SQUEEZE32    SQUEEZE64
     WHEEZY32     WHEEZY64
     JESSIE32     JESSIE64
     SQUEEZE32    SQUEEZE64
     WHEEZY32     WHEEZY64
     JESSIE32     JESSIE64


@@ -244,6 +277,7 @@ prtdists() {
     BULLSEYE32   BULLSEYE64
     BOOKWORM32   BOOKWORM64
     TRIXIE32     TRIXIE64
     BULLSEYE32   BULLSEYE64
     BOOKWORM32   BOOKWORM64
     TRIXIE32     TRIXIE64

+    FORKY32      FORKY64

     SID32        SID64
 "
 }
     SID32        SID64
 "
 }


@@ -253,14 +287,14 @@ usage() {
     cat <<EOF
 mk-basefile, create minimal base files for a Linux distritubtion
 
     cat <<EOF
 mk-basefile, create minimal base files for a Linux distritubtion
 

-   Copyright (C) 2011-2020 by Thomas Lange
+   Copyright (C) 2011-2023 by Thomas Lange

 
 Usage: mk-basefile [OPTION] ... DISTRIBUTION
 
    -s                   Show list of supported linux distributions
    -f ARCH              Build for foreign architecture ARCH.
    -d DIR               Use DIR for creating the temporary subtree structure.
 
 Usage: mk-basefile [OPTION] ... DISTRIBUTION
 
    -s                   Show list of supported linux distributions
    -f ARCH              Build for foreign architecture ARCH.
    -d DIR               Use DIR for creating the temporary subtree structure.

-   -z                   Use gzip for compressing the tar file.
+   -z                   Use zstd for compressing the tar file.

    -J                   Use xz for compressing the tar file.
    -k                   Keep the temporary subtree structure, do not remove it.
    -x CMD               Run CMD in chroot. If CMD exists as a file, copy it and run it.
    -J                   Use xz for compressing the tar file.
    -k                   Keep the temporary subtree structure, do not remove it.
    -x CMD               Run CMD in chroot. If CMD exists as a file, copy it and run it.


@@ -287,7 +321,7 @@ while getopts ashzJd:kf:x: opt ; do
         a) echo "$0: Warning. -a is ignored, because xtattrs, acls and selinux are always added." ;;
         d) export TMPDIR=$OPTARG ;;
         f) export ARCH=$OPTARG ;;
         a) echo "$0: Warning. -a is ignored, because xtattrs, acls and selinux are always added." ;;
         d) export TMPDIR=$OPTARG ;;
         f) export ARCH=$OPTARG ;;

-        z) zip="gzip -9"; ext=tar.gz ;;
+        z) zip="zstd -9"; ext=tar.zst ;;

         J) zip="xz -8" ext=tar.xz ;;
         k) cleanup=0 ;;
         h) usage ;;
         J) zip="xz -8" ext=tar.xz ;;
         k) cleanup=0 ;;
         h) usage ;;


@@ -316,6 +350,9 @@ case "$target" in
     CENTOS7_32) centos i386 7 ;;
     CENTOS7_64) centos amd64 7 ;;
     CENTOS8_64) centos amd64 8 ;;
     CENTOS7_32) centos i386 7 ;;
     CENTOS7_64) centos amd64 7 ;;
     CENTOS8_64) centos amd64 8 ;;

+    ROCKY8_64) rocky amd64 8 ;;
+    ROCKY9_64) rocky amd64 9 ;;
+    ALMA9_64) alma amd64 9 ;;

     SLC5_32) slc i386 5 ;;
     SLC5_64) slc amd64 5 ;;
     SLC6_32) slc i386 6 ;;
     SLC5_32) slc i386 5 ;;
     SLC5_64) slc amd64 5 ;;
     SLC6_32) slc i386 6 ;;


@@ -323,9 +360,9 @@ case "$target" in
     SLC7_64) slc amd64 7 ;;
     BELENOS*|FLIDAS*|ETIONA*|NABIA*|ARAMO*)
         debgeneric $target $MIRROR_TRISQUEL ;;
     SLC7_64) slc amd64 7 ;;
     BELENOS*|FLIDAS*|ETIONA*|NABIA*|ARAMO*)
         debgeneric $target $MIRROR_TRISQUEL ;;

-    TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*)
+    TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*|NOBLE*)

         debgeneric $target $MIRROR_UBUNTU ;;
         debgeneric $target $MIRROR_UBUNTU ;;

-    SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*|BULLSEYE*|BOOKWORM*|TRIXIE*|SID*)
+    SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*|BULLSEYE*|BOOKWORM*|TRIXIE*|FORKY*|SID*)

         debgeneric $target $MIRROR_DEBIAN $ARCH;;
     *) echo "Unknown distribution. Aborting."
        prtdists
         debgeneric $target $MIRROR_DEBIAN $ARCH;;
     *) echo "Unknown distribution. Aborting."
        prtdists

diff --git a/fai/config/class/10-base-classes b/fai/config/class/10-base-classes
index d312a50fcb74f447a6d0b63d2da654686fb1107c..e4408b658070e2e7911be2164446cc3f46eba9de 100755 (executable)
--- a/fai/config/class/10-base-classes
+++ b/fai/config/class/10-base-classes
@@ -5,8 +5,7 @@ if [ X$FAI_ACTION = Xinstall -a $do_init_tasks -eq 0 ]; then
     exit 0
 fi
 
     exit 0
 fi
 

-# Echo architecture and OS name in uppercase. Do NOT remove these two lines.
-uname -s | tr '[:lower:]' '[:upper:]'
+# Echo architecture

 command -v dpkg >&/dev/null && dpkg --print-architecture | tr a-z A-Z
 
 # determin if we are a DHCP client or not
 command -v dpkg >&/dev/null && dpkg --print-architecture | tr a-z A-Z
 
 # determin if we are a DHCP client or not

diff --git a/fai/config/class/20-hwdetect.sh b/fai/config/class/20-hwdetect.sh
index 57374c8c9f1cb24b86cb9fd071e519e8b40c510c..b04a948986eff0e186af898f3467e2f7e11a8c2c 100755 (executable)
--- a/fai/config/class/20-hwdetect.sh
+++ b/fai/config/class/20-hwdetect.sh
@@ -1,6 +1,6 @@
 #! /bin/bash
 
 #! /bin/bash
 

-# (c) Thomas Lange, 2002-2013, lange@informatik.uni-koeln.de
+# (c) Thomas Lange, 2002-2013, lange@cs.uni-koeln.de

 
 # NOTE: Files named *.sh will be evaluated, but their output ignored.
 
 
 # NOTE: Files named *.sh will be evaluated, but their output ignored.
 


@@ -8,12 +8,11 @@
 
 echo 0 > /proc/sys/kernel/printk
 
 
 echo 0 > /proc/sys/kernel/printk
 

-#kernelmodules=
-# here, you can load modules depending on the kernel version
-case $(uname -r) in
-    2.6*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
-    [3456]*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
-esac
+# example how to load modules depending on the kernel version
+#case $(uname -r) in
+#    2.6*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
+#    [3456]*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;;
+#esac

 
 for mod in $kernelmodules; do
     [ X$verbose = X1 ] && echo Loading kernel module $mod
 
 for mod in $kernelmodules; do
     [ X$verbose = X1 ] && echo Loading kernel module $mod

diff --git a/fai/config/class/40-parse-profiles.sh b/fai/config/class/40-parse-profiles.sh
index 0fed6ee25c633e0d284ff5459874a11849033948..cb11c176f45a4c7f5474f41e81777e5ae2af69b3 100755 (executable)
--- a/fai/config/class/40-parse-profiles.sh
+++ b/fai/config/class/40-parse-profiles.sh
@@ -2,7 +2,7 @@
 
 # parse *.profile and build a curses menu, so the user can select a profile
 #
 
 # parse *.profile and build a curses menu, so the user can select a profile
 #

-# (c) 2015 by Thomas Lange, lange@informatik.uni-koeln.de
+# (c) 2015 by Thomas Lange, lange@cs.uni-koeln.de

 # Universitaet zu Koeln
 
 if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = Xdirinstall -o X$FAI_ACTION = X ]; then
 # Universitaet zu Koeln
 
 if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = Xdirinstall -o X$FAI_ACTION = X ]; then


@@ -14,6 +14,8 @@ fi
 [ "$flag_menu" ] || return 0
 
 out=$(tty)
 [ "$flag_menu" ] || return 0
 
 out=$(tty)

+# save stdout and redirect stdout to tty
+exec 4>&1 > $out

 tempfile=$(mktemp)
 tempfile2=$(mktemp)
 trap "rm -f $tempfile $tempfile2" EXIT INT QUIT
 tempfile=$(mktemp)
 tempfile2=$(mktemp)
 trap "rm -f $tempfile $tempfile2" EXIT INT QUIT


@@ -147,8 +149,7 @@ while true; do
     dialog --clear --item-help --title "FAI - Fully Automatic Installation" --help-button \
        --default-item "$default" \
        --menu "\nSelect your FAI profile\n\nThe profile will define a list of classes,\nwhich are used by FAI.\n\n\n"\
     dialog --clear --item-help --title "FAI - Fully Automatic Installation" --help-button \
        --default-item "$default" \
        --menu "\nSelect your FAI profile\n\nThe profile will define a list of classes,\nwhich are used by FAI.\n\n\n"\

-       15 70 0 "${par[@]}" 2> $tempfile  1> $out
-
+       15 70 0 "${par[@]}" 2> $tempfile

     _retval=$?
     case $_retval in
        0)
     _retval=$?
     case $_retval in
        0)


@@ -158,8 +159,10 @@ while true; do
            echo "No profile selected."
            break ;;
        2)
            echo "No profile selected."
            break ;;
        2)

-           dialog --title "Description of all profiles" --textbox $tempfile2 0 0 1> $out;;
+           dialog --title "Description of all profiles" --textbox $tempfile2 0 0 ;;

     esac
 
 done
 unset par ardesc arshort arlong arclasses list tempfile tempfile2 _parsed _retval line
     esac
 
 done
 unset par ardesc arshort arlong arclasses list tempfile tempfile2 _parsed _retval line

+
+exec 1>&4 # restore stdout

diff --git a/fai/config/class/41-warning.sh b/fai/config/class/41-warning.sh
index e9f9ec5b396bffc40147e1fed3ffde799e4dd947..f66085d52d40cb3a3a1053d3161e257e86827ca2 100755 (executable)
--- a/fai/config/class/41-warning.sh
+++ b/fai/config/class/41-warning.sh
@@ -13,11 +13,13 @@ grep -q INSTALL $LOGDIR/FAI_CLASSES || return 0
 [ "$flag_menu" ] || return 0
 
 out=$(tty)
 [ "$flag_menu" ] || return 0
 
 out=$(tty)

+# save stdout and redirect stdout to tty
+exec 4>&1 > $out

 red=$(mktemp)
 echo 'screen_color = (CYAN,RED,ON)' > $red
 
 DIALOGRC=$red dialog --colors --clear --aspect 6 --title "FAI - Fully Automatic Installation" --trim \
 red=$(mktemp)
 echo 'screen_color = (CYAN,RED,ON)' > $red
 
 DIALOGRC=$red dialog --colors --clear --aspect 6 --title "FAI - Fully Automatic Installation" --trim \

-               --msgbox "\n\n        If you continue,       \n   all your data on the disk   \n                               \n|\Zr\Z1       WILL BE DESTROYED     \Z0\Zn|\n\n" 0 0 1>$out
+               --msgbox "\n\n        If you continue,       \n   all your data on the disk   \n                               \n|\Zr\Z1       WILL BE DESTROYED     \Z0\Zn|\n\n" 0 0

 
 # stop on any error, or if ESC was hit
 if [ $? -ne 0 ]; then
 
 # stop on any error, or if ESC was hit
 if [ $? -ne 0 ]; then


@@ -26,3 +28,4 @@ fi
 
 rm $red
 unset red
 
 rm $red
 unset red

+exec 1>&4 # restore stdout

diff --git a/fai/config/class/60-misc b/fai/config/class/60-misc
index 1c3b4fd7a7bff31e1a9ec0aaf63303c6d3ea8f7f..01eb25214be4178f9f9b2dbfd620bcdceea435d5 100755 (executable)
--- a/fai/config/class/60-misc
+++ b/fai/config/class/60-misc
@@ -1,7 +1,5 @@
 #! /bin/bash
 
 #! /bin/bash
 

-ifclass -o CENTOS SLC && exit 0
-

 ifclass -o GRUB_PC GRUB_EFI && exit 0
 
 if [ -d /sys/firmware/efi ]; then
 ifclass -o GRUB_PC GRUB_EFI && exit 0
 
 if [ -d /sys/firmware/efi ]; then

diff --git a/fai/config/class/85-efi-classes b/fai/config/class/85-efi-classes
index 711b53479e623da3355248ee4580a898a569be6c..afe6f4927afce861637592d1369fa3e11373c123 100755 (executable)
--- a/fai/config/class/85-efi-classes
+++ b/fai/config/class/85-efi-classes
@@ -6,7 +6,7 @@ if [ ! -d /sys/firmware/efi ] || ifclass GRUB_PC; then
     exit 0
 fi
 
     exit 0
 fi
 

-for c in LVM FAISERVER FAIBASE; do
+for c in CLOUD LVM FAISERVER FAIBASE; do

     if ifclass $c; then
        echo ${c}_EFI
        break
     if ifclass $c; then
        echo ${c}_EFI
        break

diff --git a/fai/config/class/DEBIAN.var b/fai/config/class/DEBIAN.var
index a00d0f86720bdea4cef033144ea7965a1319b236..18b49b5022af6bea3fd5497983106163dd744b76 100644 (file)
--- a/fai/config/class/DEBIAN.var
+++ b/fai/config/class/DEBIAN.var
@@ -1,5 +1,5 @@
 # ian, commented, sources are set with fcopy
 # ian, commented, sources are set with fcopy

-# release=bullseye
+# release=bookworm

 # apt_cdn=http://deb.debian.org
 # security_cdn=http://security.debian.org
 
 # apt_cdn=http://deb.debian.org
 # security_cdn=http://security.debian.org
 


@@ -25,4 +25,25 @@ MODULESLIST="usbhid psmouse"
 FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
 
 # if you want to use the faiserver as APT proxy
 FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
 
 # if you want to use the faiserver as APT proxy

-# APTPROXY=http://faiserver:3142
+#APTPROXY=http://faiserver:3142
+
+
+# The linux-image package has different names for Debian and Ubuntu
+if ifclass UBUNTU; then
+    kernelname=linux-image-generic
+elif ifclass I386; then
+   kernelname=linux-image-686-pae
+elif ifclass AMD64; then
+   kernelname=linux-image-amd64
+fi
+
+if [ -z "kernelname" ]; then
+    _arch=$(dpkg --print-architecture 2>/dev/null)
+    case $_arch in
+        i386)
+            kernelname=linux-image-686-pae ;;
+        *)
+            kernelname=linux-image-$_arch
+    esac
+    unset _arch
+fi

diff --git a/fai/config/class/FAIBASE.var b/fai/config/class/FAIBASE.var
index 34d95ac80716d80adf6472490acdb76df4a11f3e..2492defe138b8f7b85c6a4f7c7a8901413916d45 100644 (file)
--- a/fai/config/class/FAIBASE.var
+++ b/fai/config/class/FAIBASE.var
@@ -16,6 +16,10 @@ STOP_ON_ERROR=700
 # set parameter for install_packages(8)
 MAXPACKAGES=800
 
 # set parameter for install_packages(8)
 MAXPACKAGES=800
 

+# Account on the FAI server for saving log files and calling fai-chboot.
+# Remove the hash character in the next line to activate this feature
+#LOGUSER=fai
+

 # a user account will be created
 #username=demo
 #USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
 # a user account will be created
 #username=demo
 #USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'

diff --git a/fai/config/class/ROCKY.var b/fai/config/class/ROCKY.var
new file mode 100644 (file)
index 0000000..1ec7250
--- /dev/null
+++ b/fai/config/class/ROCKY.var
@@ -0,0 +1,9 @@
+CONSOLEFONT=lat9v-16
+KEYMAP=us
+DEFAULTLOCALE=en_US.UTF-8
+SUPPORTEDLOCALE=en_US.UTF-8:en_US:en
+
+# if you install much software and have only few RAM, use the RAM disk
+# not for var/cache/yum
+#FAI_RAMDISKS="$target/var/lib/rpm $target/var/cache/yum"
+FAI_RAMDISKS="$target/var/lib/rpm"

diff --git a/fai/config/class/UBUNTU.var b/fai/config/class/UBUNTU.var
index 6a424950755ff54561c16564363f1a673eb0ba9e..a453a885be52a284cc55966e1d3e23a781a34c95 100644 (file)
--- a/fai/config/class/UBUNTU.var
+++ b/fai/config/class/UBUNTU.var
@@ -1,4 +1,4 @@
 #iank, i define these by classes. commenting
 # to make sure these arent used
 #ubuntumirror=http://archive.ubuntu.com
 #iank, i define these by classes. commenting
 # to make sure these arent used
 #ubuntumirror=http://archive.ubuntu.com

-#ubuntudist=focal
+#ubuntudist=jammy

diff --git a/fai/config/class/example.profile b/fai/config/class/example.profile
index cbcbf826afcabb33f9b2bab6979409ceafa5340e..c55a3ca6c37e8fb314f2962f969a6e5318a621df 100644 (file)
--- a/fai/config/class/example.profile
+++ b/fai/config/class/example.profile
@@ -25,21 +25,21 @@ You should have a fast network connection, because most packages are
 downloaded from the internet.
 Classes: INSTALL FAIBASE DEBIAN DEMO XORG GNOME
 
 downloaded from the internet.
 Classes: INSTALL FAIBASE DEBIAN DEMO XORG GNOME
 

-Name: CentOS 8
-Description: CentOS 8 with Xfce desktop
-Short: A normal Xfce desktop, running CentOS 8
-Long: We use the Debian nfsroot for installing the CentOS 8 OS.
+Name: Rocky Linux
+Description: Rocky Linux 9 with Xfce desktop
+Short: A normal Xfce desktop, running Rocky Linux 9
+Long: We use the Debian nfsroot for installing the Rocky Linux 9 OS.

 You should have a fast network connection, because most packages are
 downloaded from the internet.
 You should have a fast network connection, because most packages are
 downloaded from the internet.

-Classes: INSTALL FAIBASE CENTOS CENTOS8_64 XORG
+Classes: INSTALL FAIBASE ROCKY ROCKY9_64 XORG

 
 Name: Ubuntu
 
 Name: Ubuntu

-Description: Ubuntu 20.04 LTS desktop installation
+Description: Ubuntu 22.04 LTS desktop installation

 Short: Unity desktop
 Long: We use the Debian nfsroot for installing the Ubuntu OS.
 You should have a fast network connection, because most packages are
 downloaded from the internet.
 Short: Unity desktop
 Long: We use the Debian nfsroot for installing the Ubuntu OS.
 You should have a fast network connection, because most packages are
 downloaded from the internet.

-Classes: INSTALL FAIBASE DEMO DEBIAN UBUNTU FOCAL FOCAL64 XORG
+Classes: INSTALL FAIBASE DEMO DEBIAN UBUNTU JAMMY JAMMY64 XORG

 
 Name: Inventory
 Description: Show hardware info
 
 Name: Inventory
 Description: Show hardware info

diff --git a/fai/config/disk_config/CLOUD_EFI b/fai/config/disk_config/CLOUD_EFI
new file mode 100644 (file)
index 0000000..0e15072
--- /dev/null
+++ b/fai/config/disk_config/CLOUD_EFI
@@ -0,0 +1,8 @@
+# config for a disk image for a VM
+#
+# p=<partlabel> <mountpoint> <size>   <fs type> <mount options> <misc options>
+
+disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid align-at:1M
+
+p=efi  /boot/efi 64M   vfat  defaults  createopts="-F 32"
+p=root /         300-  ext4  rw,discard,barrier=0,noatime,errors=remount-ro tuneopts="-c 0 -i 0"

diff --git a/fai/config/disk_config/FAIBASE b/fai/config/disk_config/FAIBASE
index 0c66cbc03ee7a72c7f883716f78827d26c4dd1b1..bbcffe39fe7914f1480f80a5bf94938ff8cc3acd 100644 (file)
--- a/fai/config/disk_config/FAIBASE
+++ b/fai/config/disk_config/FAIBASE
@@ -2,6 +2,9 @@
 #
 # <type> <mountpoint> <size>   <fs type> <mount options> <misc options>
 
 #
 # <type> <mountpoint> <size>   <fs type> <mount options> <misc options>
 

+# you may want to add "-O ^metadata_csum_seed" to createopts if the target
+# system is older than bullseye. See #866603, #1031415, #1031416 for more info.
+

 disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid
 
 primary /      2G-50G   ext4  rw,noatime,errors=remount-ro
 disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid
 
 primary /      2G-50G   ext4  rw,noatime,errors=remount-ro

diff --git a/fai/config/disk_config/FAIBASE_EFI b/fai/config/disk_config/FAIBASE_EFI
index 8ff0e4bfb46067f160b3b6853b7b248dbf9f5b2a..cc2ed9ccf862f523fcd67acce4756a8dd045c9e9 100644 (file)
--- a/fai/config/disk_config/FAIBASE_EFI
+++ b/fai/config/disk_config/FAIBASE_EFI
@@ -1,10 +1,13 @@
 # example of new config file for setup-storage
 #
 # example of new config file for setup-storage
 #

-# <type> <mountpoint> <size>   <fs type> <mount options> <misc options>
+# p=<partlabel> <mountpoint> <size>   <fs type> <mount options> <misc options>
+
+# you may want to add "-O ^metadata_csum_seed" to createopts if the target
+# system is older than bullseye. See #866603, #1031415, #1031416 for more info.

 
 disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid
 
 
 disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid
 

-primary /boot/efi 512M  vfat  rw
-primary /      2G-50G   ext4  rw,noatime,errors=remount-ro
-primary swap   200-10G  swap  sw
-primary /home  100-     ext4  rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0"
+p=efi  /boot/efi 512M  vfat  rw
+p=root /      2G-50G   ext4  rw,noatime,errors=remount-ro
+p=     swap   200-10G  swap  sw
+p=home /home  100-     ext4  rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0"

diff --git a/fai/config/disk_config/FAISERVER_EFI b/fai/config/disk_config/FAISERVER_EFI
index 30adbe372d9d4997237eef5a742e8282f869b694..e11020cdf459c5f904a0003159e0f1daef5a5541 100644 (file)
--- a/fai/config/disk_config/FAISERVER_EFI
+++ b/fai/config/disk_config/FAISERVER_EFI
@@ -1,12 +1,12 @@
 # config file for an FAI install server
 #
 # config file for an FAI install server
 #

-# <type> <mountpoint> <size>   <fs type> <mount options> <misc options>
+# p=<partlabel> <mountpoint> <size>   <fs type> <mount options> <misc options>

 
 disk_config disk1 disklabel:gpt fstabkey:uuid
 
 
 disk_config disk1 disklabel:gpt fstabkey:uuid
 

-primary /boot/efi      512M       vfat   rw
-primary  /             2G-15G     ext4   rw,noatime,errors=remount-ro
-primary  swap          200-1000   swap   sw
-primary  /tmp          100-1000   ext4   rw,noatime,nosuid,nodev  createopts="-m 0" tuneopts="-c 0 -i 0"
-primary  /home         100-40%    ext4   rw,noatime,nosuid,nodev  createopts="-m 1" tuneopts="-c 0 -i 0"
-primary  /srv          1G-50%     ext4   rw,noatime               createopts="-m 1" tuneopts="-c 0 -i 0"
+p=efi     /boot/efi     512M       vfat   rw
+p=system  /             2G-15G     ext4   rw,noatime,errors=remount-ro
+p=swap    swap          200-1000   swap   sw
+p=        /tmp          100-1000   ext4   rw,noatime,nosuid,nodev  createopts="-m 0" tuneopts="-c 0 -i 0"
+p=home    /home         100-40%    ext4   rw,noatime,nosuid,nodev  createopts="-m 1" tuneopts="-c 0 -i 0"
+p=data    /srv          1G-50%     ext4   rw,noatime               createopts="-m 1" tuneopts="-c 0 -i 0"

diff --git a/fai/config/disk_config/LVM b/fai/config/disk_config/LVM
index 868970abdae595cb3243b0d5ebcf68a827bdac2f..71e55d366eb8973ae4df1609ad3345ad7efdb2dc 100644 (file)
--- a/fai/config/disk_config/LVM
+++ b/fai/config/disk_config/LVM
@@ -4,8 +4,8 @@
 
 disk_config disk1 fstabkey:uuid align-at:1M
 
 
 disk_config disk1 fstabkey:uuid align-at:1M
 

-primary /boot  200     ext2    rw,noatime
-primary -       4G-    -       -
+primary /boot   500     ext4    rw,noatime
+primary -       4G-     -       -

 
 disk_config lvm
 
 
 disk_config lvm
 

diff --git a/fai/config/disk_config/LVM_EFI b/fai/config/disk_config/LVM_EFI
index b2609a5d50a889371055b9eae279a51d046c30f2..037cb51255a36c35a9b70c94e99ca01d4b00c060 100644 (file)
--- a/fai/config/disk_config/LVM_EFI
+++ b/fai/config/disk_config/LVM_EFI
@@ -1,12 +1,12 @@
-# <type> <mountpoint> <size>   <fs type> <mount options> <misc options>
+# p=<partlabel> <mountpoint> <size>   <fs type> <mount options> <misc options>

 
 # entire disk with LVM, separate /home
 
 disk_config disk1 disklabel:gpt fstabkey:uuid align-at:1M
 
 
 # entire disk with LVM, separate /home
 
 disk_config disk1 disklabel:gpt fstabkey:uuid align-at:1M
 

-primary /boot/efi 512M  vfat    rw
-primary /boot  200     ext2    rw,noatime
-primary -       4G-    -       -
+p=efi     /boot/efi 512M  vfat  rw
+p=boot    /boot     500   ext4  rw,noatime
+p=system  -         4G-   -     -

 
 disk_config lvm
 
 
 disk_config lvm
 

diff --git a/fai/config/disk_config/ROCKY b/fai/config/disk_config/ROCKY
new file mode 100644 (file)
index 0000000..7b03a39
--- /dev/null
+++ b/fai/config/disk_config/ROCKY
@@ -0,0 +1,13 @@
+# example of new config file for setup-storage
+#
+# <type> <mountpoint> <size>   <fs type> <mount options> <misc options>
+
+# you may want to add "-O ^metadata_csum_seed" to createopts if the target
+# system is older than bullseye. See #866603, #1031415, #1031416 for more info.
+
+disk_config disk1 disklabel:msdos bootable:1 fstabkey:label
+
+primary /      4G-50G    ext4  rw,noatime,errors=remount-ro createopts="-L ROOT"
+
+logical swap   200-10G  swap  sw                           createopts="-L SWAP"
+logical /home  100-     ext4  rw,noatime,nosuid,nodev      createopts="-L HOME -m 1" tuneopts="-c 0 -i 0"

diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end
index f9a084030917a6ee4d6963b4d5a309dc47e7b46e..2455ece011a46266e2ce65e86abfbdf099e8bed2 100755 (executable)
--- a/fai/config/distro-install-common/end
+++ b/fai/config/distro-install-common/end
@@ -32,7 +32,9 @@ au() { # add user. i don't use adduser for portability
 
 
 # only setup root pass for bootstrap vol
 
 
 # only setup root pass for bootstrap vol

-if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then
+# for bootstrap vol, we only use root user
+if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
+  sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e

   exit 0
 fi
 
   exit 0
 fi
 


@@ -74,6 +76,7 @@ if getent group sudo >/dev/null; then
   $ROOTCMD usermod -aG sudo iank
 fi
 
   $ROOTCMD usermod -aG sudo iank
 fi
 

+mkdir -p $target/etc/sudoers.d

 cat >$target/etc/sudoers.d/ianksudoers <<'EOF'
 Defaults timestamp_timeout=1440
 # used in bashrc
 cat >$target/etc/sudoers.d/ianksudoers <<'EOF'
 Defaults timestamp_timeout=1440
 # used in bashrc

diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-stable-kernel-debs
index c0247969695e2bdb0d2ab9f13516432824eff05f..db7abcfc5d7af446118586ef4b707c10325df983 100755 (executable)
--- a/fai/config/distro-install-common/install-stable-kernel-debs
+++ b/fai/config/distro-install-common/install-stable-kernel-debs
@@ -1,4 +1,4 @@
-#!/bin/bash -x
+#!/bin/bash

 # This file is part of Ian Kelling's automated-distro-installer
 # Copyright (C) 2024 Ian Kelling
 
 # This file is part of Ian Kelling's automated-distro-installer
 # Copyright (C) 2024 Ian Kelling
 


@@ -21,13 +21,30 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 
 
 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
 

-tmpdir=$(mktemp -d) || exit
-trap 'cd; rm -rf "$tmpdir"' EXIT
-cd $tmpdir
+set -x
+
+prereqs=()
+for p in wget curl; do
+  if ! type -p $p &>/dev/null; then
+    prereqs+=($p)
+  fi
+done
+if (( ${#prereqs[@]} >= 1 )); then
+  apt-get -y install ${prereqs[@]}
+fi
+
+
+tmpdir=$($ROOTCMD mktemp -d) || exit
+outertmp=$target/$tmpdir
+trap 'cd; rm -rf "$outertmp"' EXIT
+cd $outertmp

 
 # update stable_ver when we are ready to jump to a new stable kernel.
 # Stable kernels are listed here: https://www.kernel.org/category/releases.html
 stable_ver='6\.6'
 
 # update stable_ver when we are ready to jump to a new stable kernel.
 # Stable kernels are listed here: https://www.kernel.org/category/releases.html
 stable_ver='6\.6'

+# Actually, I dont want stable right now. comment this out to get stable
+# version.
+stable_ver='[1-9]'

 va=$(curl -s https://kernel.ubuntu.com/mainline/ | \
        sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
        grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1)
 va=$(curl -s https://kernel.ubuntu.com/mainline/ | \
        sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \
        grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1)


@@ -45,11 +62,11 @@ fi
 
 urls=()
 for p in ${pkgs[@]}; do
 
 urls=()
 for p in ${pkgs[@]}; do

-  if ! dpkg -s -- "${p%%_*}"  2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+  if ! $ROOTCMD dpkg -s -- "${p%%_*}"  2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then

     urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p)
   fi
 done
 if (( ${#urls[@]} >= 1 )); then
     urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p)
   fi
 done
 if (( ${#urls[@]} >= 1 )); then

-  wget "${urls[@]}"
-  dpkg -i ./*.deb
+  wget -nv "${urls[@]}"
+  $ROOTCMD dpkg -i ${pkgs[@]/#/$tmpdir/}

 fi
 fi

diff --git a/fai/config/files/etc/apt/sources.list/DEBIAN_DEFAULT b/fai/config/files/etc/apt/sources.list/DEBIAN_DEFAULT
new file mode 100644 (file)
index 0000000..74cec08
--- /dev/null
+++ b/fai/config/files/etc/apt/sources.list/DEBIAN_DEFAULT
@@ -0,0 +1,3 @@
+deb {%apt_cdn%}/debian {%release%} main contrib non-free non-free-firmware
+deb {%security_cdn%}/debian-security {%secsuite%} main contrib non-free non-free-firmware
+deb {%apt_cdn%}/debian {%release%}-updates main contrib non-free non-free-firmware

diff --git a/fai/config/files/etc/rc.local/FAISERVER b/fai/config/files/etc/rc.local/FAISERVER
index 2c255cced71b0a12ee807b48ea7c75cdce854852..69a4ee03e47d5948b3247ecd37f493c11d0baab0 100755 (executable)
--- a/fai/config/files/etc/rc.local/FAISERVER
+++ b/fai/config/files/etc/rc.local/FAISERVER
@@ -20,7 +20,6 @@ if [ $? -ne 0 ]; then
     dpkg-reconfigure -fnoninteractive openssh-server
 fi
 sleep 8
     dpkg-reconfigure -fnoninteractive openssh-server
 fi
 sleep 8

-[ -x /etc/init.d/nscd ] && invoke-rc.d nscd restart

 
 echo "================================="
 echo "Setting up the FAI install server"
 
 echo "================================="
 echo "Setting up the FAI install server"


@@ -44,8 +43,11 @@ fi
 ainsl /etc/fai/fai.conf "^LOGUSER=fai"
 
 # make index, then import the packages from the CD mirror
 ainsl /etc/fai/fai.conf "^LOGUSER=fai"
 
 # make index, then import the packages from the CD mirror

+/etc/init.d/apt-cacher-ng restart

 apt-get update >/dev/null
 apt-get update >/dev/null

+echo "Importing local packages to apt cache"

 curl -fs 'http://127.0.0.1:3142/acng-report.html?doImport=Start+Import&calcSize=cs&asNeeded=an#bottom' >/dev/null
 curl -fs 'http://127.0.0.1:3142/acng-report.html?doImport=Start+Import&calcSize=cs&asNeeded=an#bottom' >/dev/null

+echo "Creating FAI Server setup"

 
 # setup the FAI server, including creating the nfsroot, use my own proxy
 export APTPROXY="http://127.0.0.1:3142"
 
 # setup the FAI server, including creating the nfsroot, use my own proxy
 export APTPROXY="http://127.0.0.1:3142"


@@ -67,9 +69,12 @@ else
     echo "=================================================="
     echo -e "${RED}ERROR${NORMAL}: Setting up the FAI install server ${RED}FAILED${NORMAL}!"
     echo "Read /var/log/fai/fai-setup.log for more debugging"
     echo "=================================================="
     echo -e "${RED}ERROR${NORMAL}: Setting up the FAI install server ${RED}FAILED${NORMAL}!"
     echo "Read /var/log/fai/fai-setup.log for more debugging"

+    echo "Setup script is now moved to /var/tmp/$0"

     echo "=================================================="
     echo ""
     echo "=================================================="
     echo ""

+    cp -p $0 /var/tmp

     sleep 10
     sleep 10

+    rm -f $0

     exit 99
 fi
 
     exit 99
 fi
 


@@ -83,7 +88,7 @@ EOF
 fai-chboot -o default
 
 # create a template for booting the installation
 fai-chboot -o default
 
 # create a template for booting the installation

-fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config bullseye.tmpl
+fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config bookworm.tmpl

 
 # Since we do not know the MAC address, our DHCP cannot provide the hostname.
 # Therefore we do explicitly set the hostname
 
 # Since we do not know the MAC address, our DHCP cannot provide the hostname.
 # Therefore we do explicitly set the hostname


@@ -96,7 +101,7 @@ done
 fai-monitor > /var/log/fai/fai-monitor.log &
 
 # move me away
 fai-monitor > /var/log/fai/fai-monitor.log &
 
 # move me away

-mv $0 /var/tmp
+cp -p $0 /var/tmp

 
 # create new rc.local for next reboot
 echo '#! /bin/bash' > /etc/rc.local
 
 # create new rc.local for next reboot
 echo '#! /bin/bash' > /etc/rc.local

diff --git a/fai/config/files/etc/rc.local/LIVEISO b/fai/config/files/etc/rc.local/LIVEISO
new file mode 120000 (symlink)
index 0000000..22fbe75
--- /dev/null
+++ b/fai/config/files/etc/rc.local/LIVEISO
@@ -0,0 +1 @@
+CLOUD
\ No newline at end of file

diff --git a/fai/config/files/etc/selinux/config/ROCKY b/fai/config/files/etc/selinux/config/ROCKY
new file mode 100644 (file)
index 0000000..9878acb
--- /dev/null
+++ b/fai/config/files/etc/selinux/config/ROCKY
@@ -0,0 +1,12 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+#       enforcing - SELinux security policy is enforced.
+#       permissive - SELinux prints warnings instead of enforcing.
+#       disabled - No SELinux policy is loaded.
+SELINUX=disabled
+# SELINUXTYPE= can take one of these two values:
+#       targeted - Only targeted network daemons are protected.
+#       strict - Full SELinux protection.
+#       mls - Multi Level Security protection.
+SELINUXTYPE=targeted
+# SETLOCALDEFS= Check local definition changes

diff --git a/fai/config/hooks/debconf.IMAGE b/fai/config/hooks/debconf.IMAGE
index c396636b1bd69c0c222304f802b29d09a03225e2..f91ae3f7c32b57d8bc34a565808e1cd3170ec81a 100755 (executable)
--- a/fai/config/hooks/debconf.IMAGE
+++ b/fai/config/hooks/debconf.IMAGE
@@ -3,7 +3,7 @@
 # hook for installing a file system image (tar file)
 # this works for Ubuntu 14.04
 #
 # hook for installing a file system image (tar file)
 # this works for Ubuntu 14.04
 #

-# Copyright (C) 2015 Thomas Lange, lange@informatik.uni-koeln.de
+# Copyright (C) 2015 Thomas Lange, lange@cs.uni-koeln.de

 
 
 # I use this tar command to create the image of an already running and configured machine
 
 
 # I use this tar command to create the image of an already running and configured machine


@@ -31,8 +31,8 @@ if [ -f $target/etc/debian_version ]; then
 fi
 if [ -f $target/etc/centos-release ]; then
     rm $target/etc/grub2/device.map
 fi
 if [ -f $target/etc/centos-release ]; then
     rm $target/etc/grub2/device.map

-    $FAI/scripts/CENTOS/40-install-grub
-    $FAI/scripts/CENTOS/30-mkinitrd
+    $FAI/scripts/ROCKY/40-install-grub
+    $FAI/scripts/ROCKY/30-mkinitrd

     $ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot
 fi
 
     $ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot
 fi
 

diff --git a/fai/config/hooks/debconf.ROCKY b/fai/config/hooks/debconf.ROCKY
new file mode 100755 (executable)
index 0000000..f98becd
--- /dev/null
+++ b/fai/config/hooks/debconf.ROCKY
@@ -0,0 +1,3 @@
+#! /bin/bash
+
+skiptask debconf

diff --git a/fai/config/hooks/instsoft.DEBIAN b/fai/config/hooks/instsoft.DEBIAN
index 34e6ebbfbc92764394109d684c6ffc27c3b2d0ed..d6f1ad1f5b9fcd8cd417292b8a90adac09f77e40 100755 (executable)
--- a/fai/config/hooks/instsoft.DEBIAN
+++ b/fai/config/hooks/instsoft.DEBIAN
@@ -23,3 +23,6 @@ if [ $? -eq 0 ]; then
        $ROOTCMD apt-get -y install locales > /dev/null
     fi
 fi
        $ROOTCMD apt-get -y install locales > /dev/null
     fi
 fi

+
+# use zstd for dracut initrd
+ainsl -av /etc/dracut.conf.d/11-debian.conf "compress=zstd"

diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index 18f5a23a39f453d152c34a1d555b20b0d720761d..11a7ee51f57839a01d04bc1436601b0c4e310d7b 100755 (executable)
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -885,10 +885,10 @@ if $partition; then
       # so use fixed sizes to allow both to grow
       # 600 = uefi 512 + grubext 8 + bios grub 3 + some extra cuz this is lvm
       #root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 ))
       # so use fixed sizes to allow both to grow
       # 600 = uefi 512 + grubext 8 + bios grub 3 + some extra cuz this is lvm
       #root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 ))

-      o_mib=$(( 120 * 1000 ))
+      o_mib=$(( 180 * 1000 ))

       # max minus o, minus a gig just for some extra space
       max_root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 - o_mib - 1000 ))
       # max minus o, minus a gig just for some extra space
       max_root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 - o_mib - 1000 ))

-      root_mib=$(( 1000 * 1000 )) # * 1000 to make it in gb.
+      root_mib=$(( 1700 * 1000 )) # * 1000 to make it in gb.

       if (( max_root_mib < root_mib )); then
         root_mib=$max_root_mib
       fi
       if (( max_root_mib < root_mib )); then
         root_mib=$max_root_mib
       fi

diff --git a/fai/config/hooks/repository.ROCKY b/fai/config/hooks/repository.ROCKY
new file mode 100755 (executable)
index 0000000..32e53c3
--- /dev/null
+++ b/fai/config/hooks/repository.ROCKY
@@ -0,0 +1,27 @@
+#! /bin/bash
+
+# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+if [ $FAI_ACTION = "install" ]; then
+    ctam
+    [ -L $target/etc/mtab ] || cp /etc/mtab $target/etc/mtab
+
+    cat > $target/etc/sysconfig/network <<-EOF
+               NETWORKING=yes
+               HOSTNAME=$HOSTNAME.$DOMAIN
+               EOF
+    echo "127.0.0.1 localhost" > $target/etc/hosts
+    ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME"
+    cp /etc/resolv.conf $target/etc
+fi
+
+fcopy -riv /etc/yum.repos.d/
+
+# disable the fastestmirror plugin
+#fai-sed 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
+
+skiptask repository
+
+exit $error

diff --git a/fai/config/hooks/savelog.LAST.sh b/fai/config/hooks/savelog.LAST.sh
index 65468144c6cb4168d5fb5fa32a23026f4c2bdcc3..ba04b9818a696fa6d877d712a7ca739ba0d33f30 100755 (executable)
--- a/fai/config/hooks/savelog.LAST.sh
+++ b/fai/config/hooks/savelog.LAST.sh
@@ -182,6 +182,8 @@ disabling ASPM
 data block query control method not found
 subprocess.py.\+RuntimeWarning: line buffering
 Resource conflict.\+ found
 data block query control method not found
 subprocess.py.\+RuntimeWarning: line buffering
 Resource conflict.\+ found

+os-prober will not be executed
+/sys/bus/usb/devices/\*:\*/bInterface

 update-rc.d: warning: start and stop actions are no longer supported"
 
 # add pattern on some conditions
 update-rc.d: warning: start and stop actions are no longer supported"
 
 # add pattern on some conditions


@@ -219,4 +221,5 @@ if [ -s $errfile ]; then
    echo "ERRORS found in log files. See $errfile" >&2
 else
    echo "Congratulations! No errors found in log files."
    echo "ERRORS found in log files. See $errfile" >&2
 else
    echo "Congratulations! No errors found in log files."

+#   export flag_reboot=1 # if you want to reboot if no errors are found

 fi
 fi

diff --git a/fai/config/hooks/subroutines b/fai/config/hooks/subroutines
new file mode 100755 (executable)
index 0000000..816ead1
--- /dev/null
+++ b/fai/config/hooks/subroutines
@@ -0,0 +1,31 @@
+#! /bin/bash
+
+# This file is sourced during task_setup
+# you can define your own functions and use them later, for e.g.
+# in scripts/...
+
+
+cleanup_base() {
+
+    rm -f $target/etc/mailname \
+       $target/etc/machine-id \
+       $target/var/lib/dbus/machine-id \
+       $target/var/log/install_packages.list
+
+    > $target/etc/machine-id
+    shred --remove $target/etc/ssh/ssh_host_*
+}
+
+
+cleanup_dpkg_apt() {
+
+    rm -f  $target/var/log/alternatives.log \
+       $target/var/log/apt/* \
+       $target/var/log/bootstrap.log \
+       $target/var/log/dpkg.log
+
+    rm -rf $target/var/cache/apt/*
+    rm -rf $target/var/lib/apt/lists/*
+    rm -f $target/var/lib/dpkg/available*
+    rm -f -- $target/var/lib/dpkg/*-old
+}

diff --git a/fai/config/hooks/updatebase.DEBIAN b/fai/config/hooks/updatebase.DEBIAN
index e828eefa86cf21f9ffaf3aaa2f21b8b4dec40369..8b5117fd670d81ece4d82b292dc0cffdde9bc3a9 100755 (executable)
--- a/fai/config/hooks/updatebase.DEBIAN
+++ b/fai/config/hooks/updatebase.DEBIAN
@@ -7,8 +7,3 @@ else
 fi
 
 echo force-unsafe-io > $target/etc/dpkg/dpkg.cfg.d/unsafe-io
 fi
 
 echo force-unsafe-io > $target/etc/dpkg/dpkg.cfg.d/unsafe-io

-
-# you may want to add i386 arch to amd64 hosts
-# if ifclass AMD64; then
-#     $ROOTCMD dpkg --add-architecture i386
-# fi

diff --git a/fai/config/hooks/updatebase.ROCKY b/fai/config/hooks/updatebase.ROCKY
new file mode 100755 (executable)
index 0000000..dd418d8
--- /dev/null
+++ b/fai/config/hooks/updatebase.ROCKY
@@ -0,0 +1,25 @@
+#! /bin/bash
+
+if [ ! -f $target/etc/resolv.conf ]; then
+    cp /etc/resolv.conf $target/etc
+fi
+
+if [ X$verbose = X1 ]; then
+       echo "Updating base"
+       $ROOTCMD yum -y update |& tee -a $LOGDIR/software.log
+else
+       $ROOTCMD yum -y update >> $LOGDIR/software.log
+fi
+
+$ROOTCMD systemd-machine-id-setup
+
+cat > $target/etc/sysconfig/kernel <<EOF
+# UPDATEDEFAULT specifies if new-kernel-pkg should make
+# new kernels the default
+UPDATEDEFAULT=yes
+
+# DEFAULTKERNEL specifies the default kernel package type
+DEFAULTKERNEL=kernel-core
+EOF
+
+skiptask updatebase

diff --git a/fai/config/hooks/updatebase.UBUNTU b/fai/config/hooks/updatebase.UBUNTU
index e5050cd12464bbfc6cbfa4d3fdb24715d39cd327..98f775f077c3d871191b9cb1a2bcae427ab5ff4e 100755 (executable)
--- a/fai/config/hooks/updatebase.UBUNTU
+++ b/fai/config/hooks/updatebase.UBUNTU
@@ -1,5 +1,12 @@
 #! /bin/bash
 
 #! /bin/bash
 

+# mk-basefile doesn't use the -updates suite, then we unpack it, then we
+# install sources.list that has -updates and we install random
+# packages. It might avoid a problem if we a dist-upgrade first.
+
+$ROOTCMD apt-get update
+$ROOTCMD apt-get -y dist-upgrade --purge --auto-remove
+

 # https://lists.uni-koeln.de/pipermail/linux-fai/2016-July/011398.html
 # In Ubuntu 16.04 (but not 14.04), the locales configuration mechanism has
 # changed.  There is a /var/lib/dpkg/info/locales.config file, which
 # https://lists.uni-koeln.de/pipermail/linux-fai/2016-July/011398.html
 # In Ubuntu 16.04 (but not 14.04), the locales configuration mechanism has
 # changed.  There is a /var/lib/dpkg/info/locales.config file, which


@@ -9,8 +16,9 @@
 # hook applies the debconf setting.  It must run after FAI's debconf task
 # but before dpkg gets a chance to clobber debconf with an empty setting.
 
 # hook applies the debconf setting.  It must run after FAI's debconf task
 # but before dpkg gets a chance to clobber debconf with an empty setting.
 

+

 if [ ! -f "$target/var/lib/locales/supported.d/local" ]; then
 if [ ! -f "$target/var/lib/locales/supported.d/local" ]; then

-    $ROOTCMD debconf --owner=locales sh -c '
+  $ROOTCMD debconf --owner=locales sh -c '

         . /usr/share/debconf/confmodule
         db_version 2.0
         db_get locales/locales_to_be_generated &&
         . /usr/share/debconf/confmodule
         db_version 2.0
         db_get locales/locales_to_be_generated &&

diff --git a/fai/config/package_config/ARAMO.gpg b/fai/config/package_config/ARAMO.gpg
new file mode 100644 (file)
index 0000000..58057f6
Binary files /dev/null and b/fai/config/package_config/ARAMO.gpg differ

diff --git a/fai/config/package_config/DEBIAN b/fai/config/package_config/DEBIAN
index 6e43c2326e1e6f4d828180becf8e0c902a99bf93..e3ced93327a53856a85407bb328c7d9ccd005c8e 100644 (file)
--- a/fai/config/package_config/DEBIAN
+++ b/fai/config/package_config/DEBIAN
@@ -8,38 +8,41 @@ PACKAGES install NONFREE
 firmware-bnx2 firmware-bnx2x firmware-realtek
 firmware-linux-nonfree
 # a list of firmware for wifi/wireless
 firmware-bnx2 firmware-bnx2x firmware-realtek
 firmware-linux-nonfree
 # a list of firmware for wifi/wireless

-atmel-firmware firmware-atheros firmware-brcm80211
-firmware-iwlwifi firmware-libertas firmware-ralink firmware-zd1211
+firmware-misc-nonfree
+atmel-firmware firmware-ath9k-htc firmware-brcm80211
+firmware-iwlwifi firmware-libertas firmware-zd1211

 firmware-brcm80211 firmware-ti-connectivity
 firmware-netronome firmware-netxen firmware-realtek
 firmware-cavium
 # firmware-ipw2x00 # needs a debconf question
 
 firmware-brcm80211 firmware-ti-connectivity
 firmware-netronome firmware-netxen firmware-realtek
 firmware-cavium
 # firmware-ipw2x00 # needs a debconf question
 

-PACKAGES install I386
-linux-image-686-pae
+# needed for a live ISO
+PACKAGES install-norec LIVEISO
+dracut dracut-live dracut-squash grub-pc grub-efi-amd64-bin
+
+PACKAGES install-norec I386 AMD64

 memtest86+
 
 memtest86+
 

-PACKAGES install CHROOT
+PACKAGES install-norec CHROOT

 linux-image-686-pae-
 linux-image-amd64-
 initramfs-tools-core-
 dropbear-initramfs-
 
 linux-image-686-pae-
 linux-image-amd64-
 initramfs-tools-core-
 dropbear-initramfs-
 

-PACKAGES install AMD64
-linux-image-amd64
+PACKAGES install-norec AMD64
+${kernelname} # see class/DEBIAN.var

 memtest86+
 
 memtest86+
 

-PACKAGES install ARM64
+PACKAGES install-norec ARM64
+${kernelname} # see class/DEBIAN.var

 grub-efi-arm64
 grub-efi-arm64

-linux-image-arm64

 
 

-# this is duplicate with STANDARD.
-#PACKAGES install GRUB_PC
+# iank this is duplicate with STANDARD.
+#PACKAGES install-norec GRUB_PC

 #grub-pc
 
 #grub-pc
 

-#PACKAGES install GRUB_EFI
-#grub-efi
-
+#PACKAGES install-norec GRUB_EFI
+#grub-efi dosfstools

 
 PACKAGES install LVM
 lvm2
 
 PACKAGES install LVM
 lvm2

diff --git a/fai/config/package_config/FAISERVER b/fai/config/package_config/FAISERVER
index 25672c8f4f6cd2431f71cbcd6bd4fa2d320d8edb..30cf0411a5940f4153a5a9f70eead96b09cb3bf4 100644 (file)
--- a/fai/config/package_config/FAISERVER
+++ b/fai/config/package_config/FAISERVER
@@ -2,12 +2,12 @@ PACKAGES install-norec
 fai-quickstart
 
 debmirror tcpdump
 fai-quickstart
 
 debmirror tcpdump

-xorriso grub-pc
+xorriso

 lftp curl
 netselect
 syslinux-common pxelinux
 apt-cacher-ng
 lftp curl
 netselect
 syslinux-common pxelinux
 apt-cacher-ng

-nscd psmisc
+psmisc

 bind9 dnsutils
 iptables-persistent
 zile
 bind9 dnsutils
 iptables-persistent
 zile

diff --git a/fai/config/package_config/GNOME b/fai/config/package_config/GNOME
index a7ac9088be125a2f5ec3149a641cd484dc1067f8..053d0220fa6d3c267b7ebad28f18ef2b91fe8499 100644 (file)
--- a/fai/config/package_config/GNOME
+++ b/fai/config/package_config/GNOME
@@ -1,5 +1,11 @@
-PACKAGES install-norec
+# enable following two lines to get full GNOME desktop
+#PACKAGES install
+#task-gnome-desktop
+

 
 

+# stripped down version of GNOME without libreoffice
+# upgrade to full desktop using: # apt install task-gnome-desktop
+PACKAGES install-norec

 firefox-esr
 #thunderbird
 menu gdm3
 firefox-esr
 #thunderbird
 menu gdm3

diff --git a/fai/config/package_config/NABIA.gpg b/fai/config/package_config/NABIA.gpg
new file mode 120000 (symlink)
index 0000000..84bd61d
--- /dev/null
+++ b/fai/config/package_config/NABIA.gpg
@@ -0,0 +1 @@
+ARAMO.gpg
\ No newline at end of file

diff --git a/fai/config/package_config/ROCKY b/fai/config/package_config/ROCKY
new file mode 100644 (file)
index 0000000..b0eaa80
--- /dev/null
+++ b/fai/config/package_config/ROCKY
@@ -0,0 +1,38 @@
+PACKAGES dnfgroup
+core
+minimal-environment
+#server-product-environment
+#headless-management
+
+PACKAGES dnfgroup XORG
+graphical-server-environment
+workstation-product-environment
+
+PACKAGES dnfi
+NetworkManager
+dbus-broker # needed by systemd
+chrony
+kernel
+dracut
+less
+openssh
+openssh-clients
+openssh-server
+vim-enhanced
+man
+curl
+unzip
+which
+ncurses ncurses-base
+coreutils-common
+libibverbs # needed for nc, but missing dependency
+
+PACKAGES dnfi GRUB_PC
+grub2-pc
+
+PACKAGES dnfi GRUB_EFI
+grub2-efi
+
+
+PACKAGES dnfi LVM
+lvm2

diff --git a/fai/config/package_config/STANDARD b/fai/config/package_config/STANDARD
index 4404513cd4b60d68a67ce480fb5d34f501136e76..f55e6640380513a0f39c4a7a31259bc382af62d1 100644 (file)
--- a/fai/config/package_config/STANDARD
+++ b/fai/config/package_config/STANDARD
@@ -21,9 +21,6 @@ ncurses-term
 openssh-client
 pciutils
 perl
 openssh-client
 pciutils
 perl

-# ian: newer distros dont have python, it gets naturally removed
-python
-python-minimal

 python3
 python3-minimal
 reportbug
 python3
 python3-minimal
 reportbug


@@ -49,7 +46,6 @@ rsync
 openssh-client openssh-server
 time
 procinfo
 openssh-client openssh-server
 time
 procinfo

-locales

 console-setup kbd
 pciutils usbutils
 unattended-upgrades
 console-setup kbd
 pciutils usbutils
 unattended-upgrades


@@ -67,6 +63,8 @@ iso-codes
 cryptsetup-initramfs
 # for btrbk
 zstd
 cryptsetup-initramfs
 # for btrbk
 zstd

+# for detecting wireless
+iw

 
 # iank, copied from DEBIAN so it goes into ubuntu too
 PACKAGES install GRUB_PC
 
 # iank, copied from DEBIAN so it goes into ubuntu too
 PACKAGES install GRUB_PC


@@ -77,4 +75,4 @@ PACKAGES install GRUB_EFI
 # but theres a dependency problem with it in nabia: for some reason it depends on
 # a version in security, but theres a later version in updates that the system
 # really wants to install.
 # but theres a dependency problem with it in nabia: for some reason it depends on
 # a version in security, but theres a later version in updates that the system
 # really wants to install.

-grub-efi-amd64
+grub-efi-amd64 dosfstools

diff --git a/fai/config/package_config/UBUNTU b/fai/config/package_config/UBUNTU
index e672026c2aefa42bc98d263d1fa75d9fe5ce7761..ffc878ac651cfd17d363cfb72f0b8a83f3d796e8 100644 (file)
--- a/fai/config/package_config/UBUNTU
+++ b/fai/config/package_config/UBUNTU
@@ -9,7 +9,6 @@ PACKAGES install AMD64
 linux-image-generic
 memtest86+
 
 linux-image-generic
 memtest86+
 

-

 PACKAGES install FLIDAS64 XENIAL64
 linux-image-generic-hwe-8.0
 
 PACKAGES install FLIDAS64 XENIAL64
 linux-image-generic-hwe-8.0
 


@@ -17,5 +16,15 @@ PACKAGES install NABIA64 FOCAL64
 linux-image-generic-
 linux-image-generic-hwe-20.04
 
 linux-image-generic-
 linux-image-generic-hwe-20.04
 

+PACKAGES install XORG
+ubuntu-server-
+ubuntu-standard
+ubuntu-desktop
+

 PACKAGES install GERMAN
 language-pack-gnome-de
 PACKAGES install GERMAN
 language-pack-gnome-de

+
+PACKAGES install CHROOT
+# a chroot does not need a kernel.
+# See class/DEBIAN.var for the exact package name
+${kernelname}-

diff --git a/fai/config/package_config/XFCE b/fai/config/package_config/XFCE
index 2e878d3726ad8ad6d6e0783bfc92cdbf896183da..257afb7b2e6917dd0e2c597dfebdbc2f69b352ce 100644 (file)
--- a/fai/config/package_config/XFCE
+++ b/fai/config/package_config/XFCE
@@ -1,6 +1,15 @@
+# enable following two lines to get full XFCE desktop
+#PACKAGES install
+#task-xfce-desktop
+
+# stripped down version of xfce4 without libreoffice
+# upgrade to full desktop using: # apt install task-xfce-desktop

 PACKAGES install-norec
 xfce4 # base system
 xfce4-goodies # additional tools
 PACKAGES install-norec
 xfce4 # base system
 xfce4-goodies # additional tools

+xfce4-power-manager
+light-locker

 lightdm
 lightdm

+synaptic

 firefox-esr
 network-manager-gnome
 firefox-esr
 network-manager-gnome

diff --git a/fai/config/package_config/readme b/fai/config/package_config/readme
new file mode 100644 (file)
index 0000000..abb42b7
--- /dev/null
+++ b/fai/config/package_config/readme
@@ -0,0 +1,2 @@
+ian: Ya, for each trisquel release, we need a new key symlink link, or
+new file if the key has changed.

diff --git a/fai/config/scripts/CLOUD/99-cleanup b/fai/config/scripts/CLOUD/99-cleanup
index 45809888573ebe16c051ae17b4d8f152c1facc21..3ffa00c655b7556c72be9bce6f66b7e9f719d01e 100755 (executable)
--- a/fai/config/scripts/CLOUD/99-cleanup
+++ b/fai/config/scripts/CLOUD/99-cleanup
@@ -1,27 +1,18 @@
 #! /bin/bash
 
 #! /bin/bash
 

-fcopy /etc/init.d/expand-root
-if [ -f $target/files/etc/init.d/expand-root ]; then
-    $ROOTCMD insserv --default expand-root
-fi
-
-sed -i "s/PermitRootLogin yes/PermitRootLogin without-password/" $target/etc/ssh/sshd_config
+fai-sed "s/PermitRootLogin yes/PermitRootLogin without-password/" /etc/ssh/sshd_config

 ainsl /etc/ssh/sshd_config 'ClientAliveInterval 120'
 
 ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist pcspkr'
 ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist floppy'
 
 ainsl /etc/ssh/sshd_config 'ClientAliveInterval 120'
 
 ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist pcspkr'
 ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist floppy'
 

+cleanup_base
+

 rm -f $target/etc/resolv.conf \
       $target/etc/udev/rules.d/70-persistent-net.rules \
 rm -f $target/etc/resolv.conf \
       $target/etc/udev/rules.d/70-persistent-net.rules \

-      $target/lib/udev/write_net_rules \
-      $target/etc/mailname \
-      $target/var/lib/dbus/machine-id
-
-> $target/etc/machine-id
-
-shred --remove $target/etc/ssh/ssh_host_*
+      $target/lib/udev/write_net_rules

 
 # FIXME: DHCP RFC3442 is used incorrect in Azure
 if [ -f $target/etc/dhcp/dhclient.conf ]; then
 
 # FIXME: DHCP RFC3442 is used incorrect in Azure
 if [ -f $target/etc/dhcp/dhclient.conf ]; then

-    sed -ie 's,rfc3442-classless-static-routes,disabled-\0,' $target/etc/dhcp/dhclient.conf
+    fai-sed 's,rfc3442-classless-static-routes,disabled-\0,' /etc/dhcp/dhclient.conf

 fi
 fi

diff --git a/fai/config/scripts/DEBIAN/11-iank b/fai/config/scripts/DEBIAN/11-iank
index 69b9afe7bc10c3f2d53a8999e2795ceb1439ca5c..130c7e95dc99ea9ffdab1d9cb094753a30053573 100755 (executable)
--- a/fai/config/scripts/DEBIAN/11-iank
+++ b/fai/config/scripts/DEBIAN/11-iank
@@ -24,12 +24,33 @@ if [[ $EUID != 0 ]]; then
   exit 1
 fi
 
   exit 1
 fi
 

+m() { printf "%s\n" "$*";  "$@"; }
+
+

 fcopy -riB /root
 
 fcopy -riB /root
 

+# in bullseye, installing systemd-resolved says: Converting
+# /etc/resolv.conf to a symlink to
+# /run/systemd/resolve/stub-resolv.conf...  which breaks
+# resolution. This happens to be the first script we install a package
+# after that. This should do nothing in a fai-wrapper situation.
+if [[ ! -s $target/etc/resolv.conf ]]; then
+  m ls -la $target/etc/resolv.conf ||:
+  # Keep the symlink in place, systemd-resolved should change the file
+  # when it runs.
+  mkdir -p $target/run/systemd/resolve
+  if [[ ! -s /etc/resolv.conf ]] && ! host google.com; then
+    echo "ERROR: empty resolv.conf & failed dns resolution. exiting 1" >&2
+    exit 1
+  fi
+  cat /etc/resolv.conf >$target/etc/resolv.conf
+fi
+
+

 
 #### misc configurations
 chroot $FAI_ROOT bash <<'EOFOUTER'
 
 #### misc configurations
 chroot $FAI_ROOT bash <<'EOFOUTER'

-set -x
+set -xe

 if getent group systemd-journal >/dev/null; then
   # makes the journal be saved to disk.
   mkdir -p /var/log/journal
 if getent group systemd-journal >/dev/null; then
   # makes the journal be saved to disk.
   mkdir -p /var/log/journal


@@ -38,7 +59,12 @@ fi
 debconf-set-selections <<EOF
 kexec-tools kexec-tools/load_kexec boolean false
 EOF
 debconf-set-selections <<EOF
 kexec-tools kexec-tools/load_kexec boolean false
 EOF

-apt-get install -y pxe-kexec
+
+# This used to be pxe-kexec. For some reason pxe-kexec is not in
+# bookworm. kexec-tools is
+# something pxe-kexec depended on and might be useful.
+# todo: figure out why and get it installed.
+apt-get install -y kexec-tools

 
 # this is usefull. Only thing reason I see this being disabled by default is
 # that a non-root user can disrupt the system, eg cause a reboot.
 
 # this is usefull. Only thing reason I see this being disabled by default is
 # that a non-root user can disrupt the system, eg cause a reboot.

diff --git a/fai/config/scripts/DEBIAN/40-misc b/fai/config/scripts/DEBIAN/40-misc
index 54ca499776933ec6df716178d5e8a1e772c05d6d..e52ebe9c8a4ad4749fa168f04085c0d5e9344311 100755 (executable)
--- a/fai/config/scripts/DEBIAN/40-misc
+++ b/fai/config/scripts/DEBIAN/40-misc
@@ -32,16 +32,16 @@ if [ ! -e $target/etc/adjtime ]; then
     printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime
 fi
 if [ "$UTC" = "yes" ]; then
     printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime
 fi
 if [ "$UTC" = "yes" ]; then

-    sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime
+    fai-sed 's:^LOCAL$:UTC:' /etc/adjtime

 else
 else

-    sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime
+    fai-sed 's:^UTC$:LOCAL:' /etc/adjtime

 fi
 
 # enable linuxlogo
 if [ -f $target/etc/inittab ]; then
 fi
 
 # enable linuxlogo
 if [ -f $target/etc/inittab ]; then

-    sed -i -e 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' ${target}/etc/inittab
+    fai-sed 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' /etc/inittab

 elif [ -f $target/lib/systemd/system/getty@.service ]; then
 elif [ -f $target/lib/systemd/system/getty@.service ]; then

-    sed -i -e 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' $target/lib/systemd/system/getty@.service
+    fai-sed 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' /lib/systemd/system/getty@.service

 fi
 
 # make sure a machine-id exists
 fi
 
 # make sure a machine-id exists


@@ -53,9 +53,9 @@ if [ X"$(stat -c '%s' $target/etc/machine-id 2>/dev/null)"  = X0 -a -f $target/b
     $ROOTCMD systemd-machine-id-setup
 fi
 
     $ROOTCMD systemd-machine-id-setup
 fi
 

-ln -fs /proc/mounts $target/etc/mtab
+fai-link /etc/mtab ../proc/self/mounts

 
 

-rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io
+rm -f $target/etc/dpkg/dpkg.cfg.d/unsafe-io

 
 if [ -d /etc/fai ]; then
     if ! fcopy -Mv /etc/fai/fai.conf; then
 
 if [ -d /etc/fai ]; then
     if ! fcopy -Mv /etc/fai/fai.conf; then

diff --git a/fai/config/scripts/FAIBASE/10-misc b/fai/config/scripts/FAIBASE/10-misc
index 7a0599dd727e86f54c8a7a775f8616f774e532fd..926b5f0275c50c223b2b55e84fa41a2abdc9603d 100755 (executable)
--- a/fai/config/scripts/FAIBASE/10-misc
+++ b/fai/config/scripts/FAIBASE/10-misc
@@ -6,7 +6,7 @@ error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
 
 echo $TIMEZONE    > $target/etc/timezone
 if [ -L $target/etc/localtime ]; then
 
 echo $TIMEZONE    > $target/etc/timezone
 if [ -L $target/etc/localtime ]; then

-    ln -sf /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime
+    fai-link /etc/localtime /usr/share/zoneinfo/${TIMEZONE}

 else
     cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime
 fi
 else
     cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime
 fi

diff --git a/fai/config/scripts/FAIBASE/15-root-ssh-key b/fai/config/scripts/FAIBASE/15-root-ssh-key
new file mode 100755 (executable)
index 0000000..db692ad
--- /dev/null
+++ b/fai/config/scripts/FAIBASE/15-root-ssh-key
@@ -0,0 +1,35 @@
+#! /bin/bash
+
+# (c) Thomas Lange, 2022, lange@debian.org
+#
+# Add public ssh key for user root to get login access
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+SSHDIR=$target/root/.ssh
+AUKEY=$SSHDIR/authorized_keys
+
+# reverse order of classes
+for c in $classes; do
+    revclasses="$c $revclasses"
+done
+
+for c in $revclasses; do
+    if [ -f $FAI/files/root-ssh-key/$c ]; then
+        if [ -f $AUKEY ]; then
+            cmp -s $FAI/files/root-ssh-key/$c $AUKEY
+            if [ $? -eq 0 ]; then
+                exit
+            fi
+        fi
+        if [ ! -d $SSHDIR ]; then
+            mkdir -m 700 $SSHDIR
+        fi
+        cp -v $FAI/files/root-ssh-key/$c $AUKEY
+        chown root:root $AUKEY
+        chmod 700 $AUKEY
+        break
+    fi
+done
+
+exit $error

diff --git a/fai/config/scripts/FAISERVER/10-conffiles b/fai/config/scripts/FAISERVER/10-conffiles
index 92b17fc87d6c40d3a2f90f7c8367db6b351494aa..e0a60ffd714f79a8e645898f92be717ae1762178 100755 (executable)
--- a/fai/config/scripts/FAISERVER/10-conffiles
+++ b/fai/config/scripts/FAISERVER/10-conffiles
@@ -27,8 +27,10 @@ if [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ] ; then
     # add entries for 10 hosts called client 01 .. 10
     perl -e 'for (1..10) {printf "192.168.33.%s client%02s\n",101+$_,$_;}' >> $target/etc/hosts
 
     # add entries for 10 hosts called client 01 .. 10
     perl -e 'for (1..10) {printf "192.168.33.%s client%02s\n",101+$_,$_;}' >> $target/etc/hosts
 

-    sed -i -e '/# ReuseConnections: 1/d' $target/etc/apt-cacher-ng/acng.conf
-    ainsl -v /etc/apt-cacher-ng/acng.conf "ReuseConnections: 0"
+    fai-sed '/# ReuseConnections: 1/d' /etc/apt-cacher-ng/acng.conf
+    ainsl -v /etc/apt-cacher-ng/acng.conf "ReuseConnections: 1"
+    ainsl -v /etc/apt-cacher-ng/acng.conf "PipelineDepth: 80"
+    ainsl -v /etc/apt-cacher-ng/acng.conf "DlMaxRetries: 6"

 
     # copy base file for faster building of nfsroot
     if [ -f /var/tmp/base.tar.xz ]; then
 
     # copy base file for faster building of nfsroot
     if [ -f /var/tmp/base.tar.xz ]; then


@@ -38,7 +40,7 @@ if [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ] ; then
     if [ -d /media/mirror/pool ]; then
        mkdir $target/var/cache/apt-cacher-ng/_import
        cp -p /media/mirror/pool/*/*/*/*.deb $target/var/cache/apt-cacher-ng/_import
     if [ -d /media/mirror/pool ]; then
        mkdir $target/var/cache/apt-cacher-ng/_import
        cp -p /media/mirror/pool/*/*/*/*.deb $target/var/cache/apt-cacher-ng/_import

-       $ROOTCMD chown -R apt-cacher-ng.apt-cacher-ng  /var/cache/apt-cacher-ng/_import
+       $ROOTCMD chown -R apt-cacher-ng:apt-cacher-ng  /var/cache/apt-cacher-ng/_import

     fi
 
     # copy basefiles from CD to config space
     fi
 
     # copy basefiles from CD to config space

diff --git a/fai/config/scripts/GRUB_EFI/10-setup b/fai/config/scripts/GRUB_EFI/10-setup
index 7dd92d4f000ebc8a44569cc4b7be5c11d66fb98a..24054e1727baf63a56c6c3cf87b853e432354cb1 100755 (executable)
--- a/fai/config/scripts/GRUB_EFI/10-setup
+++ b/fai/config/scripts/GRUB_EFI/10-setup
@@ -11,6 +11,11 @@ error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
 # installation into the removable media paths as well as the standard
 # debian path.
 
 # installation into the removable media paths as well as the standard
 # debian path.
 

+# do only execute for Debian and similar distros
+if ! ifclass DEBIAN ; then
+    exit 0
+fi
+

 set -a
 
 # do not set up grub during dirinstall
 set -a
 
 # do not set up grub during dirinstall


@@ -41,28 +46,35 @@ if [ "${_bdev%%-*}" = "/dev/dm" ]; then
   BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' )
 fi
 
   BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' )
 fi
 

+opts="--no-floppy --target=x86_64-efi --modules=part_gpt"
+

 # Check if RAID is used for the boot device
 if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then
     raiddev=${BOOT_DEVICE#/dev/}
     # install grub on all members of RAID
     for device in $(LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat); do
        echo Install grub on /dev/$device
 # Check if RAID is used for the boot device
 if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then
     raiddev=${BOOT_DEVICE#/dev/}
     # install grub on all members of RAID
     for device in $(LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat); do
        echo Install grub on /dev/$device

-       $ROOTCMD grub-install --no-floppy --force-extra-removable "/dev/$device"
+       $ROOTCMD grub-install $opts --force-extra-removable "/dev/$device"

     done
 
 elif [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then
     # do not update vmram when using a loop device
     done
 
 elif [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then
     # do not update vmram when using a loop device

-    $ROOTCMD grub-install --no-floppy --force-extra-removable --modules=part_gpt --no-nvram $BOOT_DEVICE
+    $ROOTCMD grub-install $opts --force-extra-removable  --no-nvram $BOOT_DEVICE

     if [ $? -eq 0 ]; then
         echo "Grub installed on hostdisk $BOOT_DEVICE"
     fi
 
 else
     if [ $? -eq 0 ]; then
         echo "Grub installed on hostdisk $BOOT_DEVICE"
     fi
 
 else

-    $ROOTCMD grub-install --no-floppy --modules=part_gpt "$GROOT"
+    $ROOTCMD grub-install $opts "$GROOT"

     if [ $? -eq 0 ]; then
         echo "Grub installed on $BOOT_DEVICE = $GROOT"
     fi
 fi
 $ROOTCMD update-grub
     if [ $? -eq 0 ]; then
         echo "Grub installed on $BOOT_DEVICE = $GROOT"
     fi
 fi
 $ROOTCMD update-grub

+if [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then
+    :
+else
+    efibootmgr -v
+fi

 
 exit $error
 
 exit $error

diff --git a/fai/config/scripts/GRUB_PC/10-setup b/fai/config/scripts/GRUB_PC/10-setup
index 11535f11f5b2b4df0f6943a552c020523989842d..ed8d878ae0395bee09028706c56e9a922fd26510 100755 (executable)
--- a/fai/config/scripts/GRUB_PC/10-setup
+++ b/fai/config/scripts/GRUB_PC/10-setup
@@ -4,6 +4,11 @@
 error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
 
 set -x
 error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
 
 set -x

+# do only execute for Debian and similar distros
+if ! ifclass DEBIAN ; then
+    exit 0
+fi
+

 set -a
 
 # do not set up grub during dirinstall
 set -a
 
 # do not set up grub during dirinstall


@@ -20,6 +25,11 @@ fi
 # disable os-prober because of #802717
 ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true'
 
 # disable os-prober because of #802717
 ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true'
 

+# efivars may still be mounted from the host system during fai-diskimage
+if [ -d $target/sys/firmware/efi/efivars ]; then
+    umount $target/sys/firmware/efi/efivars
+fi
+

 # skip the rest, if not an initial installation
 if [ $FAI_ACTION != "install" ]; then
     $ROOTCMD update-grub
 # skip the rest, if not an initial installation
 if [ $FAI_ACTION != "install" ]; then
     $ROOTCMD update-grub

diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank
index 63c85f96e992452999a349210252fd05af96595a..54641b237bcc10b15b30b90bb0f8b662253f8609 100755 (executable)
--- a/fai/config/scripts/IANK/11-iank
+++ b/fai/config/scripts/IANK/11-iank
@@ -28,21 +28,6 @@ if ! type -t fcopy &>/dev/null; then
   sudo apt-get -y install fai-client
 fi
 
   sudo apt-get -y install fai-client
 fi
 

-if [[ -e /a/bin/fai/fai-wrapper ]]; then
-  chroot() {
-    shift
-    "$@"
-  }
-fi
-
-if [[ $FAI_ROOT == / ]]; then
-  source /a/bin/bash_unpublished/source-state
-  bprogs_dir=/a/opt/btrfs-progs-release
-else
-  bprogs_dir=/srv/btrfs-progs-release
-  chroot="chroot $FAI_ROOT"
-fi
-

 # -r = recursive
 # -i = ignore non-matching class warnings, always exit 0
 # -B = no backup files
 # -r = recursive
 # -i = ignore non-matching class warnings, always exit 0
 # -B = no backup files


@@ -66,6 +51,8 @@ if [[ ! -e $dst && -e $src ]]; then
   mount -o bind $src $dst
 fi
 
   mount -o bind $src $dst
 fi
 

+
+

 $FAI/distro-install-common/end
 
 
 $FAI/distro-install-common/end
 
 


@@ -75,13 +62,13 @@ $FAI/distro-install-common/end
 # I run this as a single post-fai script to update things that have changed.
 tmpfile1=$(mktemp)
 # this can fail if we need an apt update
 # I run this as a single post-fai script to update things that have changed.
 tmpfile1=$(mktemp)
 # this can fail if we need an apt update

-$chroot /usr/bin/apt-cache policy >$tmpfile1 ||:
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile1 ||:

 fcopy -riB /etc/apt
 
 tmpfile2=$(mktemp)
 fcopy -riB /etc/apt
 
 tmpfile2=$(mktemp)

-$chroot /usr/bin/apt-cache policy >$tmpfile2
+$ROOTCMD /usr/bin/apt-cache policy >$tmpfile2

 if ! diff -q $tmpfile1 $tmpfile2; then
 if ! diff -q $tmpfile1 $tmpfile2; then

-  $chroot /usr/bin/apt update
+  $ROOTCMD /usr/bin/apt update

 fi
 # outside of fai, this seems to regularly lead to
 # E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
 fi
 # outside of fai, this seems to regularly lead to
 # E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)


@@ -105,7 +92,6 @@ fi
 
 #### misc configurations
 
 
 #### misc configurations
 

-

 if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then
   if ifclass LINODE; then
     speed=19200
 if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then
   if ifclass LINODE; then
     speed=19200


@@ -131,7 +117,7 @@ TimeoutStartSec=20
 WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device
 EOF
 
 WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device
 EOF
 

-        $chroot bash <<'EOFOUTER'
+        $ROOTCMD bash <<'EOFOUTER'

 systemctl enable myncq.service
 /usr/bin/myncq no-upgrub
 EOFOUTER
 systemctl enable myncq.service
 /usr/bin/myncq no-upgrub
 EOFOUTER


@@ -180,8 +166,8 @@ EOF
 fi
 
 # use networkmanager if this host has wireless.
 fi
 
 # use networkmanager if this host has wireless.

-if [[ $HOSTNAME == bo ]] || type -p iw &>/dev/null && [[ $(iw dev) ]]; then
-  $chroot bash <<EOF
+if [[ $(iw dev) ]]; then
+  $ROOTCMD bash -xe <<EOF

 apt-get -y install network-manager
 EOF
 
 apt-get -y install network-manager
 EOF
 


@@ -198,6 +184,16 @@ EOF
 [main]
 dns=systemd-resolved
 EOF
 [main]
 dns=systemd-resolved
 EOF

+
+  $FAI/distro-install-common/ethusb-static
+  if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \
+       && ip n show 10.2.0.1 | grep . &>/dev/null; then
+    : # we are at home. note: logic duplicated in btrbk-run
+  else
+    $FAI/distro-install-common/ethusb-nm
+  fi
+
+

 else
   cat > $target/etc/network/interfaces <<-EOF
 # generated by FAI
 else
   cat > $target/etc/network/interfaces <<-EOF
 # generated by FAI


@@ -224,42 +220,6 @@ EOF
 
 fi
 
 
 fi
 

-case $HOSTNAME in
-  sy)
-    $FAI/distro-install-common/install-stable-kernel-debs
-    ;;
-  *)
-    $chroot apt-get -y install linux-libre
-    ;;
-esac
-
-pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs
-tarball=$(curl -s $pre/sha256sums.asc \
-            | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1)
-url="$pre/$tarball"
-dir=${tarball%.tar.gz}
-ver=${dir#btrfs-progs-}
-cur_ver=$(btrfs --version 2>/dev/null | awk '{print $2}') ||:
-if [[ $ver != "$cur_ver" ]]; then
-  if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
-    rm -rf $bprogs_dir
-    cd /tmp
-    wget $url
-    sudo -u iank tar xzf $tarball
-    mv ${tarball%.tar.gz} $bprogs_dir
-    cd $bprogs_dir
-    apt-get -y build-dep btrfs-progs
-    sudo -u iank ./configure --disable-documentation
-    sudo -u iank make
-    make install
-  else
-    $chroot bash -xe <<EOF
-cd $bprogs_dir
-make install
-EOF
-  fi
-fi
-

 if ifclass LINODE; then
   mkdir -p $target/etc/initramfs-tools/conf.d
   cat >$target/etc/initramfs-tools/conf.d/mine <<EOF
 if ifclass LINODE; then
   mkdir -p $target/etc/initramfs-tools/conf.d
   cat >$target/etc/initramfs-tools/conf.d/mine <<EOF


@@ -300,7 +260,7 @@ fi
 
 if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
   fcopy /etc/systemd/system/faicheck.service
 
 if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then
   fcopy /etc/systemd/system/faicheck.service

-  $chroot bash <<'EOFOUTER'
+  $ROOTCMD bash <<'EOFOUTER'

 systemctl enable faicheck.service
 EOFOUTER
   exit 0 # avoid unnecessary stuff in bootstrap vol
 systemctl enable faicheck.service
 EOFOUTER
   exit 0 # avoid unnecessary stuff in bootstrap vol


@@ -308,7 +268,7 @@ fi
 
 
 ## misc settings
 
 
 ## misc settings

-$chroot bash <<'EOFOUTER'
+$ROOTCMD bash <<'EOFOUTER'

 #### begin .ssh setup ###
 set -x
 set -eE -o pipefail
 #### begin .ssh setup ###
 set -x
 set -eE -o pipefail


@@ -372,3 +332,70 @@ fi
 for g in plugdev audio video cdrom; do
   $ROOTCMD usermod -a -G $g user2
 done
 for g in plugdev audio video cdrom; do
   $ROOTCMD usermod -a -G $g user2
 done

+
+
+## begin get new kernel and btrfs-progs ##
+case $HOSTNAME in
+  sy|so)
+    $FAI/distro-install-common/install-stable-kernel-debs
+    ;;
+  *)
+    $ROOTCMD apt-get -y install linux-libre
+    ;;
+esac
+
+pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs
+tarball=$(curl -s $pre/sha256sums.asc \
+            | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1)
+url="$pre/$tarball"
+dir=${tarball%.tar.gz}
+ver=${dir#btrfs-progs-}
+cur_ver=$($ROOTCMD btrfs --version 2>/dev/null | awk '{print $2}') ||:
+
+if [[ $FAI_ROOT == / ]]; then
+  bp_dir=/a/opt/btrfs-progs-release
+else
+  bp_dir=$FAI/distro-install-common/btrfs-progs-release
+fi
+if [[ $ver != "$cur_ver" ]]; then
+  if [[ $ver != "$($bp_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then
+    cd $target/tmp
+    wget $url
+    tar xzf $tarball
+    $ROOTCMD apt-get -y build-dep btrfs-progs
+    # no docs cuz I didn't want to bother fixing error of missing docs dependencies
+    $ROOTCMD bash -xe <<EOF
+cd /tmp/${tarball%.tar.gz}
+./configure --disable-documentation
+make
+make install
+EOF
+    # If our desktop is HOST2, will we btrbk this latest bprogs to other
+    # machines.
+    if [[ -s /a/bin/bash_unpublished/source-state ]]; then
+      source /a/bin/bash_unpublished/source-state
+    fi
+    if [[ $HOST2 == "$HOSTNAME" && $FAI_ROOT != / ]]; then
+      rm -rf $bp_dir
+      chown -R iank:iank $target/tmp/${tarball%.tar.gz}
+      mv $target/tmp/${tarball%.tar.gz} $bp_dir
+    fi
+  else
+    if ! $ROOTCMD dpkg -s -- build-essential  2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then
+      $ROOTCMD apt-get -y install build-essential
+    fi
+
+    if [[ $FAI_ROOT == / ]]; then
+      cd /a/opt/btrfs-progs-release
+      make install
+    else
+      mkdir -p $target/tmp/bprogs
+      mount -o bind $bp_dir $target/tmp/bprogs
+      $ROOTCMD bash -xe <<EOF
+cd /tmp/bprogs
+make install
+EOF
+    fi
+  fi
+fi
+## end get new kernel and btrfs-progs ##

diff --git a/fai/config/scripts/LAST/50-misc b/fai/config/scripts/LAST/50-misc
index 831f15d6f288fdf380d23d30257c6101167fcec7..e7b9e6d8b5baf71764d40a0bf7d3996d23a4dd49 100755 (executable)
--- a/fai/config/scripts/LAST/50-misc
+++ b/fai/config/scripts/LAST/50-misc
@@ -4,6 +4,11 @@
 
 error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
 
 
 error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
 

+# remove crypt password from format.log
+if [ -f $LOGDIR/format.log ]; then
+    perl -i -pane "s/Executing: yes '.+?' \| cryptsetup/Executing: yes 'XXXXXXXXXXXXX' | cryptsetup/" $LOGDIR/format.log
+fi
+

 if [ "$FAI_ACTION" = "dirinstall" -o $do_init_tasks -eq 0 ] ; then
   :
 else
 if [ "$FAI_ACTION" = "dirinstall" -o $do_init_tasks -eq 0 ] ; then
   :
 else


@@ -15,15 +20,19 @@ else
     fi
   fi
 
     fi
   fi
 

-  # i use dm for crypt, not lvm, so this gives false positive. todo, send patch to remove this
-  # upstream.
-  # usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l)
-  # if [ $usedm -ne 0 ]; then
-  #   if [ ! -d $target/etc/lvm ]; then
-  #       echo ERROR: Found lvm devices, but the lvm2 package was not installed
-  #       error=1
-  #   fi
-  # fi
+  if [ -f $target/etc/crypttab ] && [ ! -f $target/sbin/cryptsetup ]; then
+      echo ERROR: Encrypted devices used, but the crypsetup package was not installed.
+      echo ERROR: You want to add cryptsetup-initramfs or dracut to some package_config file.
+  fi
+
+  # note, if we used dm for crypt, not lvm, so would givee false positive. todo, send patch to fix
+  usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l)
+  if [ $usedm -ne 0 ]; then
+    if [ ! -d $target/etc/lvm ]; then
+       echo ERROR: Found lvm devices, but the lvm2 package was not installed
+       error=1
+    fi
+  fi

 fi
 
 # remove backup files from cfengine, but only if cfengine is installed
 fi
 
 # remove backup files from cfengine, but only if cfengine is installed


@@ -74,7 +83,7 @@ setrel() {
        return
     fi
 
        return
     fi
 

-    dists="jessie stretch buster bullseye bookworm trixie jammy focal bionic xenial trusty aramo nabia etiona"
+    dists="jessie stretch buster bullseye bookworm trixie forky noble jammy focal bionic xenial trusty aramo nabia etiona"

     for d in $dists; do
        if grep -iq $d $target/etc/os-release; then
            release=$d
     for d in $dists; do
        if grep -iq $d $target/etc/os-release; then
            release=$d


@@ -85,18 +94,31 @@ setrel() {
 
 # if installation was done from CD, replace useless sources.list
 setrel
 
 # if installation was done from CD, replace useless sources.list
 setrel

-if [ -f $target/etc/apt/sources.list -a -n "$release" ]; then
-    grep -q 'file generated by fai-cd' $target/etc/apt/sources.list && cat <<EOF > $target/etc/apt/sources.list
-deb $apt_cdn/debian $release main contrib non-free
-deb $security_cdn/debian-security ${secsuite} main contrib non-free
+if [ -f $target/etc/apt/sources.list ] && [ -n "$release" ]; then
+    if grep -q 'file generated by fai-cd' $target/etc/apt/sources.list; then
+        echo "Create new sources.list for $release"
+        cat <<EOF > $target/etc/apt/sources.list
+deb $apt_cdn/debian $release main contrib non-free non-free-firmware
+deb $security_cdn/debian-security ${secsuite} main contrib non-free non-free-firmware

 #deb [trusted=yes] http://fai-project.org/download $release koeln
 EOF
 #deb [trusted=yes] http://fai-project.org/download $release koeln
 EOF

+    fi

     # if the package fai-server was installed, enable the project's repository
     if dpkg-query --admindir=$target/var/lib/dpkg -W fai-server >/dev/null 2>&1; then
     # if the package fai-server was installed, enable the project's repository
     if dpkg-query --admindir=$target/var/lib/dpkg -W fai-server >/dev/null 2>&1; then

-       sed -i -e '/fai-project.org/s/^#//' $target/etc/apt/sources.list
+       fai-sed '/fai-project.org/s/^#//' /etc/apt/sources.list

     fi
 fi
 
     fi
 fi
 

+# install default sources.list for Debian based distributions
+if [ -d $target/etc/apt ] && [ ! -f $target/etc/apt/sources.list ]; then
+    fcopy -Svc DEBIAN_DEFAULT /etc/apt/sources.list
+fi
+
+# older releases do not have the non-free-firmware section
+if [ -n "$release" ] && [[ "buster bullseye" =~ "$release" ]]; then
+    sed -i -e 's/non-free-firmware//g' $target/etc/apt/sources.list
+fi
+

 # for ARM architecture, we may need the kernel and initrd to boot or flash the device
 if ifclass ARM64; then
     cp -pv $target/boot/vmlinuz* $target/boot/initrd* $FAI_RUNDIR
 # for ARM architecture, we may need the kernel and initrd to boot or flash the device
 if ifclass ARM64; then
     cp -pv $target/boot/vmlinuz* $target/boot/initrd* $FAI_RUNDIR

diff --git a/fai/config/scripts/LIVEISO/20-initrd b/fai/config/scripts/LIVEISO/20-initrd
new file mode 100755 (executable)
index 0000000..4dcbc66
--- /dev/null
+++ b/fai/config/scripts/LIVEISO/20-initrd
@@ -0,0 +1,15 @@
+#! /bin/bash
+
+# create an initrd for booting from ISO
+
+# get highest kernel version
+ver=$(ls -r1 $target/boot/initrd.img-*|tail -1| sed 's/.\+initrd.img-//')
+if [ -z "$ver" ]; then
+    echo "ERROR: no initrd found in $0"
+    exit 9
+fi
+
+rm $target/boot/initrd.img-$ver
+$ROOTCMD dracut -N --zstd --filesystems ext4 -a "dmsquash-live " -o"btrfs crypt dash lvm resume usrmount modsign mdraid shutdown virtfs" /boot/initrd.img-$ver $ver
+
+echo ISO initrd was created

diff --git a/fai/config/scripts/LIVEISO/90-cleanup b/fai/config/scripts/LIVEISO/90-cleanup
new file mode 100755 (executable)
index 0000000..08828d2
--- /dev/null
+++ b/fai/config/scripts/LIVEISO/90-cleanup
@@ -0,0 +1,7 @@
+#! /bin/bash
+
+# this is defined in hooks/subroutines
+cleanup_dpkg_apt
+cleanup_base
+
+echo cleanup for live ISO done

diff --git a/fai/config/scripts/ROCKY/10-security b/fai/config/scripts/ROCKY/10-security
new file mode 100755 (executable)
index 0000000..566c3f4
--- /dev/null
+++ b/fai/config/scripts/ROCKY/10-security
@@ -0,0 +1,14 @@
+#! /bin/bash
+
+# (c) Michael Goetze, 2010-11, mgoetze@mgoetze.net
+# Thomas Lange, 2015-2020
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+$ROOTCMD usermod -p $ROOTPW root
+
+fcopy -v /etc/selinux/config
+$ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot
+chmod a+rx $target
+
+exit $error

diff --git a/fai/config/scripts/ROCKY/30-mkinitrd b/fai/config/scripts/ROCKY/30-mkinitrd
new file mode 100755 (executable)
index 0000000..4d86bec
--- /dev/null
+++ b/fai/config/scripts/ROCKY/30-mkinitrd
@@ -0,0 +1,25 @@
+#! /bin/bash
+
+# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
+# (c) Thomas Lange, 2011, Uni Koeln
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+ainsl -v /etc/fstab "proc      /proc   proc    defaults        0 0"
+ainsl -v /etc/fstab "sysfs     /sys    sysfs   auto            0 0"
+
+version=$($ROOTCMD rpm -qv kernel | cut -d- -f2-)
+
+
+if [ -f $target/etc/lvm/lvm.conf ]; then
+     fai-sed 's/use_lvmetad = 1/use_lvmetad = 0/' /etc/lvm/lvm.conf
+     ainsl -av /etc/dracut.conf.d/fai.conf 'add_dracutmodules+=" lvm "'
+fi
+
+
+# add filesystem driver into initrd
+ainsl -av /etc/dracut.conf.d/fai.conf 'filesystems+=" ext4 "'
+$ROOTCMD dracut -v --kver $version --force
+
+
+exit $error

diff --git a/fai/config/scripts/ROCKY/40-install-grub b/fai/config/scripts/ROCKY/40-install-grub
new file mode 100755 (executable)
index 0000000..5590ded
--- /dev/null
+++ b/fai/config/scripts/ROCKY/40-install-grub
@@ -0,0 +1,87 @@
+#! /bin/bash
+
+# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
+# (c) Thomas Lange 2014
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+if [ -r $LOGDIR/disk_var.sh ] ; then
+       . $LOGDIR/disk_var.sh
+else
+       echo "disk_var.sh not found!"
+       exit 1
+fi
+
+
+# CentOS 7 does not have a device.map file, so generate one
+if [ -d $target/boot/grub2 -a ! -f $target/boot/grub2/device.map ]; then
+    echo "# Generated by FAI" >> $target/boot/grub2/device.map
+    centosdisks=$(awk '/[sv]d.$/ {print $4}' /proc/partitions | sort)
+    dcount=0
+    for d in $centosdisks; do
+        echo "(hd$dcount)    /dev/$d" >> $target/boot/grub2/device.map
+        dcount=$((dcount + 1))
+    done
+fi
+
+bootdev=$(device2grub $BOOT_DEVICE)
+bootpart=$(device2grub $BOOT_PARTITION)
+version=$($ROOTCMD rpm -qv kernel | cut -d- -f2-)
+
+if grep '[[:space:]]/boot[[:space:]]' $LOGDIR/fstab; then
+       bootdir=''
+else
+       bootdir='/boot'
+fi
+
+mount -o bind /dev $target/dev
+
+if [ -f $target/usr/sbin/grub2-install ]; then
+
+    # CentOS 7
+    $ROOTCMD grub2-install --no-floppy "$BOOT_DEVICE"
+    $ROOTCMD grub2-mkconfig --output=/boot/grub2/grub.cfg
+else
+
+$ROOTCMD grub-install --just-copy
+
+$ROOTCMD grub --device-map=/dev/null --no-floppy --batch <<-EOF
+       device $bootdev $BOOT_DEVICE
+       root $bootpart
+       setup $bootdev
+       quit
+       EOF
+
+ln -s ./menu.lst $target/boot/grub/grub.conf
+
+if [ -f $target/boot/grub/splash.xpm.gz ]; then
+       pretty="splashimage=$bootpart$bootdir/grub/splash.xpm.gz"
+else
+       pretty="color cyan/blue white/blue"
+fi
+
+title=$(head -1 $target/etc/redhat-release)
+
+cat > $target/boot/grub/grub.conf <<-EOF
+       timeout 5
+       default 0
+       $pretty
+       hiddenmenu
+       
+       title $title
+         root $bootpart
+         kernel $bootdir/vmlinuz-$version root=$ROOT_PARTITION ro
+         initrd $bootdir/initramfs-$version.img
+       EOF
+
+fi
+
+umount $target/dev
+
+echo ""
+echo "Grub installed on $BOOT_DEVICE = $bootdev"
+echo "Grub boot partition is $BOOT_PARTITION = $bootpart"
+echo "Root partition is $ROOT_PARTITION"
+echo "Boot kernel: $version"
+
+exit $error

diff --git a/fai/config/scripts/ROCKY/50-sysconfig b/fai/config/scripts/ROCKY/50-sysconfig
new file mode 100755 (executable)
index 0000000..e9054b6
--- /dev/null
+++ b/fai/config/scripts/ROCKY/50-sysconfig
@@ -0,0 +1,35 @@
+#! /bin/bash
+
+# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
+
+error=0 ; trap "error=$((error|1))" ERR
+
+cat > $target/etc/sysconfig/clock <<-EOF
+       UTC=$UTC
+       ZONE=$TIMEZONE
+       EOF
+cat > $target/etc/sysconfig/i18n <<-EOF
+       LANG="$DEFAULTLOCALE"
+       SUPPORTED="$SUPPORTEDLOCALE"
+       SYSFONT="$CONSOLEFONT"
+       EOF
+cat > $target/etc/sysconfig/keyboard <<-EOF
+       KEYBOARDTYPE="pc"
+       KEYTABLE="$KEYMAP"
+       EOF
+
+# can not be used, because we still not use systemd in FAI
+# $ROOTCMD localectl set-locale LANG=$DEFAULTLOCALE
+
+cat > $target/etc/locale.conf <<-EOF
+       LANG="$DEFAULTLOCALE"
+       EOF
+if [ -f $target/usr/lib/locale/locale-archive.tmpl \
+     -a  ! -s $target/usr/lib/locale/locale-archive ]; then
+    mv $target/usr/lib/locale/locale-archive.tmpl $target/usr/lib/locale/locale-archive
+fi
+
+fcopy -iv /etc/sysconfig/i18n /etc/sysconfig/keyboard
+
+exit $error
+

diff --git a/fai/config/scripts/ROCKY/60-network-scripts b/fai/config/scripts/ROCKY/60-network-scripts
new file mode 100755 (executable)
index 0000000..9777418
--- /dev/null
+++ b/fai/config/scripts/ROCKY/60-network-scripts
@@ -0,0 +1,81 @@
+#! /bin/bash
+
+error=0 ; trap "error=$((error|1))" ERR
+
+ifcfg_config() {
+
+    cat > $target/etc/sysconfig/network-scripts/ifcfg-$NIC1 <<-EOF
+               # generated by FAI
+               TYPE=Ethernet
+               PROXY_METHOD=none
+               BOOTPROTO=dhcp
+               DEFROUTE=yes
+               BROWSER_ONLY=no
+               IP4_FAILURE_FATAL=no
+               IPV6INIT=no
+               IPV6_AUTOCONF=no
+               NAME=$NIC1
+               DEVICE=$NIC1
+               ONBOOT=yes
+       EOF
+}
+
+nm_config() {
+
+    uuid=$(uuidgen)
+
+    cat > $target/etc/NetworkManager/system-connections/${NIC1}.nmconnection << EOF
+
+# generated by FAI
+[connection]
+id=$NIC1
+uuid=$uuid
+type=ethernet
+autoconnect-priority=-999
+interface-name=$NIC1
+
+[ethernet]
+
+[ipv4]
+method=auto
+
+[ipv6]
+addr-gen-mode=eui64
+method=auto
+
+[proxy]
+EOF
+
+    chmod 600 $target/etc/NetworkManager/system-connections/${NIC1}.nmconnection
+}
+
+
+
+# determine predictable network names
+fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH"
+for field in $fields; do
+    name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p")
+    if [[ $name ]]; then
+        NIC1=$name
+        break
+    fi
+done
+if [[ ! $name ]]; then
+    echo "$0: error: could not find systemd predictable network name. Using $NIC1."
+fi
+
+if [ $FAI_ACTION != "softupdate" ] && ifclass DHCPC; then
+    . $target/etc/os-release
+    major=$(echo ${VERSION_ID} | awk -F '.' '{ print $1 }')
+
+    if [ $major -lt 9 ]; then
+        ifcfg_config
+    else
+        nm_config
+    fi
+fi
+
+fcopy -iv /etc/sysconfig/network /etc/resolv.conf /etc/networks
+fcopy -ivr /etc/sysconfig/network-scripts
+
+exit $error

diff --git a/fai/config/scripts/ROCKY/80-misc b/fai/config/scripts/ROCKY/80-misc
new file mode 100755 (executable)
index 0000000..09c8d49
--- /dev/null
+++ b/fai/config/scripts/ROCKY/80-misc
@@ -0,0 +1,21 @@
+#! /bin/bash
+
+error=0 ; trap "error=$((error|1))" ERR
+
+# add a $username user account
+if [ -n "$username" ]; then
+    if ! $ROOTCMD getent passwd $username ; then
+       $ROOTCMD adduser -c "$username user" $username
+       $ROOTCMD usermod -p "$USERPW" $username
+    fi
+fi
+
+# enable graphical login screen, make run level 5 as default
+if [ -f $target/usr/sbin/gdm ]; then
+    fai-sed 's/id:3:initdefault:/id:5:initdefault:/' /etc/inittab
+    # do not run this tool
+    echo "RUN_FIRSTBOOT=NO" > $target/etc/sysconfig/firstboot
+fi
+
+exit $error
+

diff --git a/fai/config/scripts/ROCKY/90-cleanup b/fai/config/scripts/ROCKY/90-cleanup
new file mode 100755 (executable)
index 0000000..2eadacd
--- /dev/null
+++ b/fai/config/scripts/ROCKY/90-cleanup
@@ -0,0 +1,3 @@
+#! /bin/bash
+
+$ROOTCMD yum clean all

diff --git a/fai/config/tests/Faitest.pm b/fai/config/tests/Faitest.pm
index 022b4075cd1cc71d6200ed2d6bb41e5a5e7f6064..b806599c2b1482dd7241f041180ecdf53b19f9a1 100644 (file)
--- a/fai/config/tests/Faitest.pm
+++ b/fai/config/tests/Faitest.pm
@@ -2,7 +2,7 @@
 
 # Subroutines for automatic tests
 #
 
 # Subroutines for automatic tests
 #

-# Copyright (C) 2009 Thomas Lange, lange@informatik.uni-koeln.de
+# Copyright (C) 2009 Thomas Lange, lange@cs.uni-koeln.de

 # Based on the first version by Sebastian Hetze, 08/2008
 
 package FAITEST;
 # Based on the first version by Sebastian Hetze, 08/2008
 
 package FAITEST;

diff --git a/faiserver-setup b/faiserver-setup
index 666774b7e8dff42dc32bc0341ec9b303db2e51b7..168dcda6d0518e09652ebfbb0c59fbbfcc4bd56d 100755 (executable)
--- a/faiserver-setup
+++ b/faiserver-setup
@@ -31,7 +31,7 @@ work.  Separate from running this, faiserver needs to be setup in dns to
 point to whatever host this is run on.
 
 Default BASE_CODENAME is bookworm. Default ARCH is 64. The script expects corresponding
 point to whatever host this is run on.
 
 Default BASE_CODENAME is bookworm. Default ARCH is 64. The script expects corresponding

-$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(gz|xz) to exist, and it must have been
+$BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(zst|xz) to exist, and it must have been

 generated around the same time as the nfsroot, at least so it has the
 same kernel version.
 
 generated around the same time as the nfsroot, at least so it has the
 same kernel version.
 


@@ -73,7 +73,7 @@ if [[ $base == [[:upper:]] ]]; then
   exit 1
 fi
 
   exit 1
 fi
 

-basefile=($BASEFILE_DIR/${base^^}${arch^^}.tar.gz)
+basefile=($BASEFILE_DIR/${base^^}${arch^^}.tar.zst)

 sed="sed -ri --follow-symlinks"
 
 if [[ ! -e $basefile ]]; then
 sed="sed -ri --follow-symlinks"
 
 if [[ ! -e $basefile ]]; then


@@ -97,7 +97,7 @@ armhf() {
 
 # fai on ubuntu only has official support using the universe repo, but newer
 # tends to have less bugs.
 
 # fai on ubuntu only has official support using the universe repo, but newer
 # tends to have less bugs.

-wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
+wget -O - https://fai-project.org/download/fai-project.gpg | sudo dd of=/etc/apt/trusted.gpg.d/fai-project.gpg

 
 update=false
 case $base in
 
 update=false
 case $base in

diff --git a/mk-basefile-big b/mk-basefile-big
index 873b7ffb24be2b76aa1c297b7fb7f8f057c69541..95d2e9f2cd51f1e9f086f5a29ed405be05ffffbd 100755 (executable)
--- a/mk-basefile-big
+++ b/mk-basefile-big
@@ -100,7 +100,7 @@ rm -f $t/etc/hostname $t/etc/resolv.conf \
    $t/var/lib/apt/lists/*_* $t/usr/bin/qemu-*-static \
    $t/etc/udev/rules.d/70-persistent-net.rules
 echo | dd of=$t/etc/machine-id
    $t/var/lib/apt/lists/*_* $t/usr/bin/qemu-*-static \
    $t/etc/udev/rules.d/70-persistent-net.rules
 echo | dd of=$t/etc/machine-id

-tar --one-file-system -C $t -cf - . | gzip > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.gz
+tar --one-file-system -C $t -cf - . | zstd -9 > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.zst

 
 
 cleanup
 
 
 cleanup

diff --git a/myfai-chboot b/myfai-chboot
index 743859abcf803d65c7495a4424de204ca94adf7f..a653ae6a020240208dbb20913d1bcf5b673762f1 100755 (executable)
--- a/myfai-chboot
+++ b/myfai-chboot
@@ -31,18 +31,26 @@ If our kernel has no nfs support, uses apache intead of nfs, and depends
 on another repo of Ian Kelling, basic-https-conf, where the file is at
 /a/exe/web-conf.
 
 on another repo of Ian Kelling, basic-https-conf, where the file is at
 /a/exe/web-conf.
 

-Usng this, you can boot into fai with pxe-kexec without changing
-the dhcp server.
+Using this, you can boot into fai with pxe-kexec without changing the
+dhcp server. Note, if you are booting using fai-cd, the pxe config does
+nothing, and only flags affecting FAI_ACTION will have any affect. You
+can change the fai flags in the grub config, for example in
+./grub.cfg.autodiscover, or at runtime by editing a grub menu option.
+We could probably also set FAI_FLAGS the same way we set FAI_ACTION,
+but I haven't tried it.

 
 

-Argument sets the host to enable it for.  No argument disables pxe
-config for all hosts, but leaves nfs server alone. Use faiserver-disable
-to disable the nfs server.
+HOSTNAME|IP|default  Sets the host to enable it for.  No argument
+                     disables pxe config for all hosts, but leaves nfs
+                     server alone. Use faiserver-disable to disable the
+                     nfs server.

 
 -S          sets FAI_ACTION=sysinfo, and remove fai flag reboot.
             Usefull for doing a system recovery. It reboots automatically anyways :(
 -k          Add serial port output for kgped16
 -i          sets FAI_ACTION=inventory and remove fai flag reboot.
             I'm not sure what this is usefull for.
 
 -S          sets FAI_ACTION=sysinfo, and remove fai flag reboot.
             Usefull for doing a system recovery. It reboots automatically anyways :(
 -k          Add serial port output for kgped16
 -i          sets FAI_ACTION=inventory and remove fai flag reboot.
             I'm not sure what this is usefull for.

+-b          Setup bonded ethernet.
+--no-r      Tell fai-chboot not to reboot when its done. This is implied by -i and -S.

 -h|--help   Print help and exit.
 
 EOF
 -h|--help   Print help and exit.
 
 EOF

diff --git a/myfai-chboot-local b/myfai-chboot-local
index 4cef9a59638e22c06d718acd9dbf39fb4d39c68f..7dea8f2dbd174130a68da62ae2a44446e88f6338 100755 (executable)
--- a/myfai-chboot-local
+++ b/myfai-chboot-local
@@ -16,54 +16,72 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 

-# note, this script gets piped to bash, so cant cd to current dir

 
 

-[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@"
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+set -x

 
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 
 set -eE -o pipefail
 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 

+pre="${0##*/}:"
+m() { printf "$pre %s\n"  "$*"; "$@"; }
+e() { printf "$pre %s\n"  "$*"; }
+err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
+
+usage() {
+  cat <<EOF
+Usage: call from myfai-chboot, see its help
+
+# note, this script gets piped to bash, so cant cd to current dir
+
+-h|--help  Print help and exit.
+
+Note: Uses util-linux getopt option parsing: spaces between args and
+options, short options can be combined, options before args.
+EOF
+  exit $1
+}
+
+

 kgped16=false
 bond=false
 fai_action=install
 fai_reboot_arg=,reboot
 kgped16=false
 bond=false
 fai_action=install
 fai_reboot_arg=,reboot

-while [[ $1 == -* ]]; do
+
+# ensure we can handle args with spaces or empty.
+ret=0; getopt -T || ret=$?
+[[ $ret == 4 ]] || { echo "Install util-linux for enhanced getopt" >&2; exit 1; }
+
+temp=$(getopt -l help,no-r hSi "$@") || usage 1
+eval set -- "$temp"
+while true; do

   case $1 in
   case $1 in

-    -h|--help)
-      echo "see help from myfai-chboot"
-      exit 0
-      ;;

     -S)
       fai_action=sysinfo
       fai_reboot_arg=
     -S)
       fai_action=sysinfo
       fai_reboot_arg=

-      shift

       ;;
     -i) #inventory
       fai_action=inventory
       fai_reboot_arg=
       ;;
     -i) #inventory
       fai_action=inventory
       fai_reboot_arg=

-      shift

       ;;
     -k)
       kgped16=true
       ;;
     -k)
       kgped16=true

-      shift

       ;;
     -b)
       bond=true
       ;;
     -b)
       bond=true

-      shift

       ;;
     --no-r)
       fai_reboot_arg=
       ;;
     --no-r)
       fai_reboot_arg=

-      shift

       ;;
       ;;

+    -h|--help) usage ;;
+    --) shift; break ;;
+    *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;;

   esac
   esac

+  shift

 done
 done

-
-pre="${0##*/}:"
-m() { printf "$pre %s\n"  "$*"; "$@"; }
-e() { printf "$pre %s\n"  "$*"; }
-err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; }
-
-host=$1
+read -r host <<<"$@"
+readonly host

 
 
 rm -f /srv/tftp/fai/pxelinux.cfg/*
 
 
 rm -f /srv/tftp/fai/pxelinux.cfg/*

diff --git a/wrt-setup b/wrt-setup
index ec91ed78debea5fc272b88d5c9674f3338d95799..bce6a4ad98668a88fa4909cdabd4502695470e32 100755 (executable)
--- a/wrt-setup
+++ b/wrt-setup
@@ -77,7 +77,7 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-loc
 #/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
 
 scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \
 #/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \
 
 scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \

-     /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/dnsmasq-data /b/bash-bear-trap/bash-bear $h:
+     /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/{dnsmasq,cmc-firewall}-data /b/bash-bear-trap/bash-bear $h:

 scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
 
 ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"
 scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys
 
 ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@"

diff --git a/wrt-setup-local b/wrt-setup-local
index aabfca3fb5c030be02a9de91f34454fa27399a8f..3d2edb85e513645d678aea7c236f69787b5d8afe 100755 (executable)
--- a/wrt-setup-local
+++ b/wrt-setup-local
@@ -666,6 +666,7 @@ config rule
  option target REJECT
 ## end no external dns for ziva
 
  option target REJECT
 ## end no external dns for ziva
 

+$(. /root/cmc-firewall-data)

 
 config rule
  option src              wan
 
 config rule
  option src              wan


@@ -684,18 +685,6 @@ config rule
  option target           ACCEPT
  option dest_port        9091
 
  option target           ACCEPT
  option dest_port        9091
 

-config redirect
- option name sshkd
- option src              wan
- option src_dport        2202
- option dest_port        22
- option dest_ip          $l.2
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2202
-

 # was working on an openvpn server, didn't finish
 # config redirect
 #  option name vpnkd
 # was working on an openvpn server, didn't finish
 # config redirect
 #  option name vpnkd


@@ -723,55 +712,6 @@ config rule
  option dest_port        8989
 
 
  option dest_port        8989
 
 

-config redirect
- option name sshx2
- option src              wan
- option src_dport        2205
- option dest_port        22
- option dest_ip          $l.5
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2205
-
-config redirect
- option name sshx3
- option src              wan
- option src_dport        2207
- option dest_port        22
- option dest_ip          $l.7
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2207
-
-config redirect
- option name sshbb8
- option src              wan
- option src_dport        2209
- option dest_port        22
- option dest_ip          $l.32
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2209
-
-
-config redirect
- option name sshfrodo
- option src              wan
- option src_dport        2234
- option dest_port        34
- option dest_ip          $l.34
- option dest             lan
-config rule
- option src              wan
- option target           ACCEPT
- option dest_port        2234
-

 
 config redirect
  option name icecast
 
 config redirect
  option name icecast


@@ -822,7 +762,7 @@ config rule
  option target           ACCEPT
  option dest_port        4533
 
  option target           ACCEPT
  option dest_port        4533
 

-# So a client can just have i.b8.nz dns even when they
+# So a client can just have b8.nz dns even when they

 # are on the lan.
 #config redirect
 # option name navidromelan
 # are on the lan.
 #config redirect
 # option name navidromelan