Merge branch 'upstream'
authorIan Kelling <iank@fsf.org>
Mon, 22 Apr 2024 16:48:59 +0000 (12:48 -0400)
committerIan Kelling <iank@fsf.org>
Mon, 22 Apr 2024 16:54:54 +0000 (12:54 -0400)
32 files changed:
1  2 
fai/config/basefiles/mk-basefile
fai/config/class/DEBIAN.var
fai/config/class/FAIBASE.var
fai/config/class/ROCKY.var
fai/config/class/UBUNTU.var
fai/config/disk_config/CLOUD_EFI
fai/config/disk_config/ROCKY
fai/config/files/etc/apt/sources.list/DEBIAN_DEFAULT
fai/config/files/etc/rc.local/LIVEISO
fai/config/files/etc/selinux/config/ROCKY
fai/config/hooks/debconf.ROCKY
fai/config/hooks/instsoft.DEBIAN
fai/config/hooks/repository.ROCKY
fai/config/hooks/subroutines
fai/config/hooks/updatebase.ROCKY
fai/config/package_config/DEBIAN
fai/config/package_config/ROCKY
fai/config/package_config/STANDARD
fai/config/package_config/UBUNTU
fai/config/scripts/DEBIAN/40-misc
fai/config/scripts/FAIBASE/15-root-ssh-key
fai/config/scripts/GRUB_PC/10-setup
fai/config/scripts/LAST/50-misc
fai/config/scripts/LIVEISO/20-initrd
fai/config/scripts/LIVEISO/90-cleanup
fai/config/scripts/ROCKY/10-security
fai/config/scripts/ROCKY/30-mkinitrd
fai/config/scripts/ROCKY/40-install-grub
fai/config/scripts/ROCKY/50-sysconfig
fai/config/scripts/ROCKY/60-network-scripts
fai/config/scripts/ROCKY/80-misc
fai/config/scripts/ROCKY/90-cleanup

index b81965fc2a01697fea48d3b82ba9a76757b52833,7ced32de1d248f0be63c48d04f1a02aed00ce423..d449c604f4268c132360da66eb16abd17f9f2df1
@@@ -1,7 -1,8 +1,7 @@@
  #! /bin/bash
 -
  # mk-basefile, create basefiles for some distributions
  #
- # Thomas Lange, Uni Koeln, 2011-2021
+ # Thomas Lange, Uni Koeln, 2011-2024
  # based on the Makefile implementation of Michael Goetze
  #
  # Usage example: mk-basefile -J STRETCH64
@@@ -32,18 -34,15 +34,20 @@@ EXCLUDE_BUSTER
  EXCLUDE_BULLSEYE=
  EXCLUDE_BOOKWORM=
  EXCLUDE_TRIXIE=
+ EXCLUDE_FORKY=
  EXCLUDE_SID=
  
 +EXCLUDE_BELENOS=dhcp3-client,dhcp3-common,info
  EXCLUDE_TRUSTY=dhcp3-client,dhcp3-common,info
  EXCLUDE_XENIAL=udhcpc,dibbler-client,info
 +EXCLUDE_FLIDAS=udhcpc,dibbler-client,info
  EXCLUDE_BIONIC=udhcpc,dibbler-client,info
 +EXCLUDE_ETIONA=udhcpc,dibbler-client,info
  EXCLUDE_FOCAL=udhcpc,dibbler-client,info
- EXCLUDE_JAMMY=
- EXCLUDE_ARAMO=
 +EXCLUDE_NABIA=udhcpc,dibbler-client,info
+ EXCLUDE_JAMMY=udhcpc,dibbler-client,info
++EXCLUDE_ARAMO=udhcpc,dibbler-client,info
+ EXCLUDE_NOBLE=udhcpc,dibbler-client,info
  
  # here you can add packages, that are needed very early
  INCLUDE_DEBIAN=
@@@ -229,13 -247,10 +261,14 @@@ prtdists() 
                   SLC7_64
      TRUSTY32     TRUSTY64
      XENIAL32     XENIAL64
 +                 FLIDAS64
                   BIONIC64
 +                 ETIONA64
                   FOCAL64
 +                 NABIA64
                   JAMMY64
 +                 ARAMO64
+                  NOBLE64
      SQUEEZE32    SQUEEZE64
      WHEEZY32     WHEEZY64
      JESSIE32     JESSIE64
@@@ -260,11 -276,9 +294,11 @@@ Usage: mk-basefile [OPTION] ... DISTRIB
     -s                   Show list of supported linux distributions
     -f ARCH              Build for foreign architecture ARCH.
     -d DIR               Use DIR for creating the temporary subtree structure.
-    -z                   Use gzip for compressing the tar file.
+    -z                   Use zstd for compressing the tar file.
     -J                   Use xz for compressing the tar file.
     -k                   Keep the temporary subtree structure, do not remove it.
 +   -x CMD               Run CMD in chroot. If CMD exists as a file, copy it and run it.
 +                        Debian based only
     -h                   Print help.
  
   Usage example: mk-basefile -J STRETCH64
@@@ -321,11 -337,9 +358,11 @@@ case "$target" i
      SLC6_32) slc i386 6 ;;
      SLC6_64) slc amd64 6 ;;
      SLC7_64) slc amd64 7 ;;
-     TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*)
 +    BELENOS*|FLIDAS*|ETIONA*|NABIA*|ARAMO*)
 +        debgeneric $target $MIRROR_TRISQUEL ;;
+     TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*|NOBLE*)
          debgeneric $target $MIRROR_UBUNTU ;;
-     SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*|BULLSEYE*|BOOKWORM*|TRIXIE*|SID*)
+     SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*|BULLSEYE*|BOOKWORM*|TRIXIE*|FORKY*|SID*)
          debgeneric $target $MIRROR_DEBIAN $ARCH;;
      *) echo "Unknown distribution. Aborting."
         prtdists
index a00d0f86720bdea4cef033144ea7965a1319b236,492d9950ab2fd4be399e9c302fdaec84fadbf8be..18b49b5022af6bea3fd5497983106163dd744b76
@@@ -1,7 -1,6 +1,7 @@@
 -release=bookworm
 -apt_cdn=http://deb.debian.org
 -security_cdn=http://security.debian.org
 +# ian, commented, sources are set with fcopy
- # release=bullseye
++# release=bookworm
 +# apt_cdn=http://deb.debian.org
 +# security_cdn=http://security.debian.org
  
  # since bullseye Debian changed the suite name for security
  if [ $release = buster ]; then
@@@ -21,8 -20,28 +21,29 @@@ MODULESLIST="usbhid psmouse
  
  # if you have enough RAM (>2GB) you may want to enable this line. It
  # also puts /var/cache into a ramdisk.
 -#FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
 +# ian: uncommented
 +FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
  
  # if you want to use the faiserver as APT proxy
- # APTPROXY=http://faiserver:3142
+ #APTPROXY=http://faiserver:3142
+ # The linux-image package has different names for Debian and Ubuntu
+ if ifclass UBUNTU; then
+     kernelname=linux-image-generic
+ elif ifclass I386; then
+    kernelname=linux-image-686-pae
+ elif ifclass AMD64; then
+    kernelname=linux-image-amd64
+ fi
+ if [ -z "kernelname" ]; then
+     _arch=$(dpkg --print-architecture 2>/dev/null)
+     case $_arch in
+         i386)
+             kernelname=linux-image-686-pae ;;
+         *)
+             kernelname=linux-image-$_arch
+     esac
+     unset _arch
+ fi
index 34d95ac80716d80adf6472490acdb76df4a11f3e,0e38a1ffb8683210d351a63a5b26faa290c6063f..2492defe138b8f7b85c6a4f7c7a8901413916d45
@@@ -16,9 -17,13 +16,13 @@@ STOP_ON_ERROR=70
  # set parameter for install_packages(8)
  MAXPACKAGES=800
  
+ # Account on the FAI server for saving log files and calling fai-chboot.
+ # Remove the hash character in the next line to activate this feature
+ #LOGUSER=fai
  # a user account will be created
 -username=demo
 -USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
 +#username=demo
 +#USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
  
  # set a default
  FAI_DEBOOTSTRAP="bookworm http://deb.debian.org/debian"
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..1ec7250dedf64c094fd98d8228479d7c756d0237
new file mode 100644 (file)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,9 @@@
++CONSOLEFONT=lat9v-16
++KEYMAP=us
++DEFAULTLOCALE=en_US.UTF-8
++SUPPORTEDLOCALE=en_US.UTF-8:en_US:en
++
++# if you install much software and have only few RAM, use the RAM disk
++# not for var/cache/yum
++#FAI_RAMDISKS="$target/var/lib/rpm $target/var/cache/yum"
++FAI_RAMDISKS="$target/var/lib/rpm"
index 6a424950755ff54561c16564363f1a673eb0ba9e,0f99b95788121e289626042302f48f3b89969dad..a453a885be52a284cc55966e1d3e23a781a34c95
@@@ -1,4 -1,2 +1,4 @@@
 -ubuntumirror=http://archive.ubuntu.com
 -ubuntudist=jammy
 +#iank, i define these by classes. commenting
 +# to make sure these arent used
 +#ubuntumirror=http://archive.ubuntu.com
- #ubuntudist=focal
++#ubuntudist=jammy
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..0e15072d434b680cddd7f9edcef56a3a6876cdff
new file mode 100644 (file)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,8 @@@
++# config for a disk image for a VM
++#
++# p=<partlabel> <mountpoint> <size>   <fs type> <mount options> <misc options>
++
++disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid align-at:1M
++
++p=efi  /boot/efi 64M   vfat  defaults  createopts="-F 32"
++p=root /         300-  ext4  rw,discard,barrier=0,noatime,errors=remount-ro tuneopts="-c 0 -i 0"
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..7b03a39c49eccd77a54fc826f63734e4a52466a6
new file mode 100644 (file)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,13 @@@
++# example of new config file for setup-storage
++#
++# <type> <mountpoint> <size>   <fs type> <mount options> <misc options>
++
++# you may want to add "-O ^metadata_csum_seed" to createopts if the target
++# system is older than bullseye. See #866603, #1031415, #1031416 for more info.
++
++disk_config disk1 disklabel:msdos bootable:1 fstabkey:label
++
++primary /      4G-50G    ext4  rw,noatime,errors=remount-ro createopts="-L ROOT"
++
++logical swap   200-10G  swap  sw                           createopts="-L SWAP"
++logical /home  100-     ext4  rw,noatime,nosuid,nodev      createopts="-L HOME -m 1" tuneopts="-c 0 -i 0"
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..74cec08fa40116a164b1542d6dc3d341fa06561c
new file mode 100644 (file)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,3 @@@
++deb {%apt_cdn%}/debian {%release%} main contrib non-free non-free-firmware
++deb {%security_cdn%}/debian-security {%secsuite%} main contrib non-free non-free-firmware
++deb {%apt_cdn%}/debian {%release%}-updates main contrib non-free non-free-firmware
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..22fbe754f15c733d649ede99dcab12da67ce027d
new file mode 120000 (symlink)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,1 @@@
++CLOUD
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..9878acbbdb66a706fc2d229be48d1ab6f3f8264f
new file mode 100644 (file)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,12 @@@
++# This file controls the state of SELinux on the system.
++# SELINUX= can take one of these three values:
++#       enforcing - SELinux security policy is enforced.
++#       permissive - SELinux prints warnings instead of enforcing.
++#       disabled - No SELinux policy is loaded.
++SELINUX=disabled
++# SELINUXTYPE= can take one of these two values:
++#       targeted - Only targeted network daemons are protected.
++#       strict - Full SELinux protection.
++#       mls - Multi Level Security protection.
++SELINUXTYPE=targeted
++# SETLOCALDEFS= Check local definition changes
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..f98becd2e021924cf3442161ab4e479c396dd0ea
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,3 @@@
++#! /bin/bash
++
++skiptask debconf
Simple merge
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..32e53c33015520a8be480c0cf78450f3932a9d28
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,27 @@@
++#! /bin/bash
++
++# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++if [ $FAI_ACTION = "install" ]; then
++    ctam
++    [ -L $target/etc/mtab ] || cp /etc/mtab $target/etc/mtab
++
++    cat > $target/etc/sysconfig/network <<-EOF
++              NETWORKING=yes
++              HOSTNAME=$HOSTNAME.$DOMAIN
++              EOF
++    echo "127.0.0.1 localhost" > $target/etc/hosts
++    ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME"
++    cp /etc/resolv.conf $target/etc
++fi
++
++fcopy -riv /etc/yum.repos.d/
++
++# disable the fastestmirror plugin
++#fai-sed 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
++
++skiptask repository
++
++exit $error
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..816ead131d9f948677f830de8b07e981826aa08a
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,31 @@@
++#! /bin/bash
++
++# This file is sourced during task_setup
++# you can define your own functions and use them later, for e.g.
++# in scripts/...
++
++
++cleanup_base() {
++
++    rm -f $target/etc/mailname \
++       $target/etc/machine-id \
++       $target/var/lib/dbus/machine-id \
++       $target/var/log/install_packages.list
++
++    > $target/etc/machine-id
++    shred --remove $target/etc/ssh/ssh_host_*
++}
++
++
++cleanup_dpkg_apt() {
++
++    rm -f  $target/var/log/alternatives.log \
++       $target/var/log/apt/* \
++       $target/var/log/bootstrap.log \
++       $target/var/log/dpkg.log
++
++    rm -rf $target/var/cache/apt/*
++    rm -rf $target/var/lib/apt/lists/*
++    rm -f $target/var/lib/dpkg/available*
++    rm -f -- $target/var/lib/dpkg/*-old
++}
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..dd418d885054bb5a37966a7f1542f8dbd04c2bd1
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,25 @@@
++#! /bin/bash
++
++if [ ! -f $target/etc/resolv.conf ]; then
++    cp /etc/resolv.conf $target/etc
++fi
++
++if [ X$verbose = X1 ]; then
++      echo "Updating base"
++      $ROOTCMD yum -y update |& tee -a $LOGDIR/software.log
++else
++      $ROOTCMD yum -y update >> $LOGDIR/software.log
++fi
++
++$ROOTCMD systemd-machine-id-setup
++
++cat > $target/etc/sysconfig/kernel <<EOF
++# UPDATEDEFAULT specifies if new-kernel-pkg should make
++# new kernels the default
++UPDATEDEFAULT=yes
++
++# DEFAULTKERNEL specifies the default kernel package type
++DEFAULTKERNEL=kernel-core
++EOF
++
++skiptask updatebase
index 6e43c2326e1e6f4d828180becf8e0c902a99bf93,bfa4a952bced600550e473aad350a406bb973078..e3ced93327a53856a85407bb328c7d9ccd005c8e
@@@ -15,31 -30,30 +16,33 @@@ firmware-netronome firmware-netxen firm
  firmware-cavium
  # firmware-ipw2x00 # needs a debconf question
  
- PACKAGES install I386
- linux-image-686-pae
+ # needed for a live ISO
+ PACKAGES install-norec LIVEISO
+ dracut dracut-live dracut-squash grub-pc grub-efi-amd64-bin
+ PACKAGES install-norec I386 AMD64
  memtest86+
  
- PACKAGES install CHROOT
+ PACKAGES install-norec CHROOT
  linux-image-686-pae-
  linux-image-amd64-
 +initramfs-tools-core-
 +dropbear-initramfs-
  
- PACKAGES install AMD64
- linux-image-amd64
+ PACKAGES install-norec AMD64
+ ${kernelname} # see class/DEBIAN.var
  memtest86+
  
- PACKAGES install ARM64
+ PACKAGES install-norec ARM64
+ ${kernelname} # see class/DEBIAN.var
  grub-efi-arm64
- linux-image-arm64
  
- # this is duplicate with STANDARD.
- #PACKAGES install GRUB_PC
 -PACKAGES install-norec GRUB_PC
 -grub-pc
++# iank this is duplicate with STANDARD.
++#PACKAGES install-norec GRUB_PC
 +#grub-pc
  
- #PACKAGES install GRUB_EFI
- #grub-efi
 -PACKAGES install-norec GRUB_EFI
 -grub-efi dosfstools
++#PACKAGES install-norec GRUB_EFI
++#grub-efi dosfstools
  
  PACKAGES install LVM
  lvm2
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..b0eaa8012936ad6877e8cac718fab8113f74446e
new file mode 100644 (file)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,38 @@@
++PACKAGES dnfgroup
++core
++minimal-environment
++#server-product-environment
++#headless-management
++
++PACKAGES dnfgroup XORG
++graphical-server-environment
++workstation-product-environment
++
++PACKAGES dnfi
++NetworkManager
++dbus-broker # needed by systemd
++chrony
++kernel
++dracut
++less
++openssh
++openssh-clients
++openssh-server
++vim-enhanced
++man
++curl
++unzip
++which
++ncurses ncurses-base
++coreutils-common
++libibverbs # needed for nc, but missing dependency
++
++PACKAGES dnfi GRUB_PC
++grub2-pc
++
++PACKAGES dnfi GRUB_EFI
++grub2-efi
++
++
++PACKAGES dnfi LVM
++lvm2
index 4404513cd4b60d68a67ce480fb5d34f501136e76,b515458c9b7c2f2bdd6a8a53b1a26a8be1d36eb8..c0726e67b696d928b082d1faaa5df3d5d751c340
@@@ -31,50 -27,5 +31,50 @@@ telne
  traceroute
  ucf
  xz-utils
 -python3
 -python3-minimal
 +# ian standard packages
 +# lsof is used in my btrfs util scritps.
 +# netcat is used for proxy.
 +lvm2
 +keyutils
 +cryptsetup
 +btrfs-progs
 +sudo
 +bridge-utils
 +netcat-openbsd
 +lsof
 +debconf-utils
 +file
 +less
 +rsync
 +openssh-client openssh-server
 +time
 +procinfo
 +locales
 +console-setup kbd
 +pciutils usbutils
 +unattended-upgrades
 +initramfs-tools-core
 +dropbear-initramfs
 +apt-transport-https
 +# ifupdown because etiona doesnt have it by default
 +# and fai scripts want to call ifquery.
 +ifupdown
 +netplan.io-
 +libnss-resolve
 +publicsuffix
 +iso-codes
 +# new package buster/nabia+
 +cryptsetup-initramfs
 +# for btrbk
 +zstd
 +
 +# iank, copied from DEBIAN so it goes into ubuntu too
 +PACKAGES install GRUB_PC
 +grub-pc
 +
 +PACKAGES install GRUB_EFI
 +# normally would have just grub-efi
 +# but theres a dependency problem with it in nabia: for some reason it depends on
 +# a version in security, but theres a later version in updates that the system
 +# really wants to install.
- grub-efi-amd64
++grub-efi-amd64 dosfstools
index e672026c2aefa42bc98d263d1fa75d9fe5ce7761,96533c4a28ec220d15e25edb6bc7e47af6d50e3e..ffc878ac651cfd17d363cfb72f0b8a83f3d796e8
@@@ -1,21 -1,18 +1,30 @@@
 -# the kernel is now defined in DEBIAN
 +PACKAGES install I386
 +linux-image-generic
 +memtest86+
  
 -PACKAGES install
 -ubuntu-minimal
 -ubuntu-server
 +PACKAGES install CHROOT
 +linux-image-generic-
 +
 +PACKAGES install AMD64
 +linux-image-generic
 +memtest86+
 +
 +PACKAGES install FLIDAS64 XENIAL64
 +linux-image-generic-hwe-8.0
 +
 +PACKAGES install NABIA64 FOCAL64
 +linux-image-generic-
 +linux-image-generic-hwe-20.04
  
+ PACKAGES install XORG
+ ubuntu-server-
+ ubuntu-standard
+ ubuntu-desktop
  PACKAGES install GERMAN
  language-pack-gnome-de
+ PACKAGES install CHROOT
+ # a chroot does not need a kernel.
+ # See class/DEBIAN.var for the exact package name
+ ${kernelname}-
Simple merge
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..db692ad6dde05babff14678b57531e367ecaadda
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,35 @@@
++#! /bin/bash
++
++# (c) Thomas Lange, 2022, lange@debian.org
++#
++# Add public ssh key for user root to get login access
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++SSHDIR=$target/root/.ssh
++AUKEY=$SSHDIR/authorized_keys
++
++# reverse order of classes
++for c in $classes; do
++    revclasses="$c $revclasses"
++done
++
++for c in $revclasses; do
++    if [ -f $FAI/files/root-ssh-key/$c ]; then
++        if [ -f $AUKEY ]; then
++            cmp -s $FAI/files/root-ssh-key/$c $AUKEY
++            if [ $? -eq 0 ]; then
++                exit
++            fi
++        fi
++        if [ ! -d $SSHDIR ]; then
++            mkdir -m 700 $SSHDIR
++        fi
++        cp -v $FAI/files/root-ssh-key/$c $AUKEY
++        chown root:root $AUKEY
++        chmod 700 $AUKEY
++        break
++    fi
++done
++
++exit $error
index 11535f11f5b2b4df0f6943a552c020523989842d,b23cf36cf243cc2a7ca8a82e75736eb6a50b15f2..ed8d878ae0395bee09028706c56e9a922fd26510
@@@ -3,7 -3,11 +3,12 @@@
  
  error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
  
 +set -x
+ # do only execute for Debian and similar distros
+ if ! ifclass DEBIAN ; then
+     exit 0
+ fi
  set -a
  
  # do not set up grub during dirinstall
index 831f15d6f288fdf380d23d30257c6101167fcec7,b80e846c5444d47adfe7bf0e84eb80371bc7d481..e7b9e6d8b5baf71764d40a0bf7d3996d23a4dd49
@@@ -15,15 -20,18 +20,19 @@@ els
      fi
    fi
  
-   # i use dm for crypt, not lvm, so this gives false positive. todo, send patch to remove this
-   # upstream.
-   # usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l)
-   # if [ $usedm -ne 0 ]; then
-   #   if [ ! -d $target/etc/lvm ]; then
-   #       echo ERROR: Found lvm devices, but the lvm2 package was not installed
-   #       error=1
-   #   fi
-   # fi
+   if [ -f $target/etc/crypttab ] && [ ! -f $target/sbin/cryptsetup ]; then
+       echo ERROR: Encrypted devices used, but the crypsetup package was not installed.
+       echo ERROR: You want to add cryptsetup-initramfs or dracut to some package_config file.
+   fi
++  # note, if we used dm for crypt, not lvm, so would givee false positive. todo, send patch to fix
+   usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l)
+   if [ $usedm -ne 0 ]; then
+     if [ ! -d $target/etc/lvm ]; then
+       echo ERROR: Found lvm devices, but the lvm2 package was not installed
+       error=1
+     fi
+   fi
  fi
  
  # remove backup files from cfengine, but only if cfengine is installed
@@@ -74,7 -82,7 +83,7 @@@ setrel() 
        return
      fi
  
-     dists="jessie stretch buster bullseye bookworm trixie jammy focal bionic xenial trusty aramo nabia etiona"
 -    dists="jessie stretch buster bullseye bookworm trixie forky noble jammy focal bionic xenial trusty"
++    dists="jessie stretch buster bullseye bookworm trixie forky noble jammy focal bionic xenial trusty aramo nabia etiona"
      for d in $dists; do
        if grep -iq $d $target/etc/os-release; then
            release=$d
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..4dcbc66fad52b4f1013fa0474f67eb3b624157f1
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,15 @@@
++#! /bin/bash
++
++# create an initrd for booting from ISO
++
++# get highest kernel version
++ver=$(ls -r1 $target/boot/initrd.img-*|tail -1| sed 's/.\+initrd.img-//')
++if [ -z "$ver" ]; then
++    echo "ERROR: no initrd found in $0"
++    exit 9
++fi
++
++rm $target/boot/initrd.img-$ver
++$ROOTCMD dracut -N --zstd --filesystems ext4 -a "dmsquash-live " -o"btrfs crypt dash lvm resume usrmount modsign mdraid shutdown virtfs" /boot/initrd.img-$ver $ver
++
++echo ISO initrd was created
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..08828d20dca145a89ffb1ecfe264b30ef794005a
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,7 @@@
++#! /bin/bash
++
++# this is defined in hooks/subroutines
++cleanup_dpkg_apt
++cleanup_base
++
++echo cleanup for live ISO done
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..566c3f4cc824ff210db439a8abfa271fd8a17662
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,14 @@@
++#! /bin/bash
++
++# (c) Michael Goetze, 2010-11, mgoetze@mgoetze.net
++# Thomas Lange, 2015-2020
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++$ROOTCMD usermod -p $ROOTPW root
++
++fcopy -v /etc/selinux/config
++$ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot
++chmod a+rx $target
++
++exit $error
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..4d86bec59b776e007335f1719a851455ef8b990f
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,25 @@@
++#! /bin/bash
++
++# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
++# (c) Thomas Lange, 2011, Uni Koeln
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++ainsl -v /etc/fstab "proc     /proc   proc    defaults        0 0"
++ainsl -v /etc/fstab "sysfs    /sys    sysfs   auto            0 0"
++
++version=$($ROOTCMD rpm -qv kernel | cut -d- -f2-)
++
++
++if [ -f $target/etc/lvm/lvm.conf ]; then
++     fai-sed 's/use_lvmetad = 1/use_lvmetad = 0/' /etc/lvm/lvm.conf
++     ainsl -av /etc/dracut.conf.d/fai.conf 'add_dracutmodules+=" lvm "'
++fi
++
++
++# add filesystem driver into initrd
++ainsl -av /etc/dracut.conf.d/fai.conf 'filesystems+=" ext4 "'
++$ROOTCMD dracut -v --kver $version --force
++
++
++exit $error
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..5590ded8b087f58f58c52c974332a9a26c900372
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,87 @@@
++#! /bin/bash
++
++# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
++# (c) Thomas Lange 2014
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++if [ -r $LOGDIR/disk_var.sh ] ; then
++      . $LOGDIR/disk_var.sh
++else
++      echo "disk_var.sh not found!"
++      exit 1
++fi
++
++
++# CentOS 7 does not have a device.map file, so generate one
++if [ -d $target/boot/grub2 -a ! -f $target/boot/grub2/device.map ]; then
++    echo "# Generated by FAI" >> $target/boot/grub2/device.map
++    centosdisks=$(awk '/[sv]d.$/ {print $4}' /proc/partitions | sort)
++    dcount=0
++    for d in $centosdisks; do
++        echo "(hd$dcount)    /dev/$d" >> $target/boot/grub2/device.map
++        dcount=$((dcount + 1))
++    done
++fi
++
++bootdev=$(device2grub $BOOT_DEVICE)
++bootpart=$(device2grub $BOOT_PARTITION)
++version=$($ROOTCMD rpm -qv kernel | cut -d- -f2-)
++
++if grep '[[:space:]]/boot[[:space:]]' $LOGDIR/fstab; then
++      bootdir=''
++else
++      bootdir='/boot'
++fi
++
++mount -o bind /dev $target/dev
++
++if [ -f $target/usr/sbin/grub2-install ]; then
++
++    # CentOS 7
++    $ROOTCMD grub2-install --no-floppy "$BOOT_DEVICE"
++    $ROOTCMD grub2-mkconfig --output=/boot/grub2/grub.cfg
++else
++
++$ROOTCMD grub-install --just-copy
++
++$ROOTCMD grub --device-map=/dev/null --no-floppy --batch <<-EOF
++      device $bootdev $BOOT_DEVICE
++      root $bootpart
++      setup $bootdev
++      quit
++      EOF
++
++ln -s ./menu.lst $target/boot/grub/grub.conf
++
++if [ -f $target/boot/grub/splash.xpm.gz ]; then
++      pretty="splashimage=$bootpart$bootdir/grub/splash.xpm.gz"
++else
++      pretty="color cyan/blue white/blue"
++fi
++
++title=$(head -1 $target/etc/redhat-release)
++
++cat > $target/boot/grub/grub.conf <<-EOF
++      timeout 5
++      default 0
++      $pretty
++      hiddenmenu
++      
++      title $title
++        root $bootpart
++        kernel $bootdir/vmlinuz-$version root=$ROOT_PARTITION ro
++        initrd $bootdir/initramfs-$version.img
++      EOF
++
++fi
++
++umount $target/dev
++
++echo ""
++echo "Grub installed on $BOOT_DEVICE = $bootdev"
++echo "Grub boot partition is $BOOT_PARTITION = $bootpart"
++echo "Root partition is $ROOT_PARTITION"
++echo "Boot kernel: $version"
++
++exit $error
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..e9054b6e4a9304f64cd7b1c17f06e799ae37a6a5
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,35 @@@
++#! /bin/bash
++
++# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
++
++error=0 ; trap "error=$((error|1))" ERR
++
++cat > $target/etc/sysconfig/clock <<-EOF
++      UTC=$UTC
++      ZONE=$TIMEZONE
++      EOF
++cat > $target/etc/sysconfig/i18n <<-EOF
++      LANG="$DEFAULTLOCALE"
++      SUPPORTED="$SUPPORTEDLOCALE"
++      SYSFONT="$CONSOLEFONT"
++      EOF
++cat > $target/etc/sysconfig/keyboard <<-EOF
++      KEYBOARDTYPE="pc"
++      KEYTABLE="$KEYMAP"
++      EOF
++
++# can not be used, because we still not use systemd in FAI
++# $ROOTCMD localectl set-locale LANG=$DEFAULTLOCALE
++
++cat > $target/etc/locale.conf <<-EOF
++      LANG="$DEFAULTLOCALE"
++      EOF
++if [ -f $target/usr/lib/locale/locale-archive.tmpl \
++     -a  ! -s $target/usr/lib/locale/locale-archive ]; then
++    mv $target/usr/lib/locale/locale-archive.tmpl $target/usr/lib/locale/locale-archive
++fi
++
++fcopy -iv /etc/sysconfig/i18n /etc/sysconfig/keyboard
++
++exit $error
++
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..97774185528fc6c3860458b042566d88d1fd943c
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,81 @@@
++#! /bin/bash
++
++error=0 ; trap "error=$((error|1))" ERR
++
++ifcfg_config() {
++
++    cat > $target/etc/sysconfig/network-scripts/ifcfg-$NIC1 <<-EOF
++              # generated by FAI
++              TYPE=Ethernet
++              PROXY_METHOD=none
++              BOOTPROTO=dhcp
++              DEFROUTE=yes
++              BROWSER_ONLY=no
++              IP4_FAILURE_FATAL=no
++              IPV6INIT=no
++              IPV6_AUTOCONF=no
++              NAME=$NIC1
++              DEVICE=$NIC1
++              ONBOOT=yes
++      EOF
++}
++
++nm_config() {
++
++    uuid=$(uuidgen)
++
++    cat > $target/etc/NetworkManager/system-connections/${NIC1}.nmconnection << EOF
++
++# generated by FAI
++[connection]
++id=$NIC1
++uuid=$uuid
++type=ethernet
++autoconnect-priority=-999
++interface-name=$NIC1
++
++[ethernet]
++
++[ipv4]
++method=auto
++
++[ipv6]
++addr-gen-mode=eui64
++method=auto
++
++[proxy]
++EOF
++
++    chmod 600 $target/etc/NetworkManager/system-connections/${NIC1}.nmconnection
++}
++
++
++
++# determine predictable network names
++fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH"
++for field in $fields; do
++    name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p")
++    if [[ $name ]]; then
++        NIC1=$name
++        break
++    fi
++done
++if [[ ! $name ]]; then
++    echo "$0: error: could not find systemd predictable network name. Using $NIC1."
++fi
++
++if [ $FAI_ACTION != "softupdate" ] && ifclass DHCPC; then
++    . $target/etc/os-release
++    major=$(echo ${VERSION_ID} | awk -F '.' '{ print $1 }')
++
++    if [ $major -lt 9 ]; then
++        ifcfg_config
++    else
++        nm_config
++    fi
++fi
++
++fcopy -iv /etc/sysconfig/network /etc/resolv.conf /etc/networks
++fcopy -ivr /etc/sysconfig/network-scripts
++
++exit $error
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..09c8d494a411fbef8527c85de865097129adf07d
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,21 @@@
++#! /bin/bash
++
++error=0 ; trap "error=$((error|1))" ERR
++
++# add a $username user account
++if [ -n "$username" ]; then
++    if ! $ROOTCMD getent passwd $username ; then
++      $ROOTCMD adduser -c "$username user" $username
++      $ROOTCMD usermod -p "$USERPW" $username
++    fi
++fi
++
++# enable graphical login screen, make run level 5 as default
++if [ -f $target/usr/sbin/gdm ]; then
++    fai-sed 's/id:3:initdefault:/id:5:initdefault:/' /etc/inittab
++    # do not run this tool
++    echo "RUN_FIRSTBOOT=NO" > $target/etc/sysconfig/firstboot
++fi
++
++exit $error
++
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..2eadacdb9f0384d82fddea2d0c39ff8bd639898f
new file mode 100755 (executable)
--- /dev/null
--- /dev/null
@@@ -1,0 -1,0 +1,3 @@@
++#! /bin/bash
++
++$ROOTCMD yum clean all