#! /bin/bash
-
# mk-basefile, create basefiles for some distributions
#
- # Thomas Lange, Uni Koeln, 2011-2021
+ # Thomas Lange, Uni Koeln, 2011-2024
# based on the Makefile implementation of Michael Goetze
#
# Usage example: mk-basefile -J STRETCH64
# This will create a STRETCH64.tar.xz basefile.
- # Supported distributions (each i386/amd64):
+ # Supported distributions (i386/amd64):
# Debian GNU/Linux
- # Ubuntu 14.04/16.04
+ # Ubuntu 14.04/16.04/20.04/22.04
+ # AlmaLinux 9
+ # Rocky Linux 8/9
# CentOS 5/6/7/8
# Scientific Linux Cern 5/6
#
# For the first stage, set the CentOS/SLC mirror in /etc/rinse/rinse.conf
MIRROR_DEBIAN=http://deb.debian.org/debian/
MIRROR_UBUNTU=http://mirror.netcologne.de/ubuntu/
+MIRROR_TRISQUEL=http://mirror.fsf.org/trisquel/
MIRROR_CENTOS=http://mirror.netcologne.de/
EXCLUDE_SQUEEZE=isc-dhcp-client,isc-dhcp-common,info
EXCLUDE_BULLSEYE=
EXCLUDE_BOOKWORM=
EXCLUDE_TRIXIE=
+ EXCLUDE_FORKY=
EXCLUDE_SID=
+EXCLUDE_BELENOS=dhcp3-client,dhcp3-common,info
EXCLUDE_TRUSTY=dhcp3-client,dhcp3-common,info
EXCLUDE_XENIAL=udhcpc,dibbler-client,info
+EXCLUDE_FLIDAS=udhcpc,dibbler-client,info
EXCLUDE_BIONIC=udhcpc,dibbler-client,info
+EXCLUDE_ETIONA=udhcpc,dibbler-client,info
EXCLUDE_FOCAL=udhcpc,dibbler-client,info
- EXCLUDE_JAMMY=
- EXCLUDE_ARAMO=
+EXCLUDE_NABIA=udhcpc,dibbler-client,info
+ EXCLUDE_JAMMY=udhcpc,dibbler-client,info
++EXCLUDE_ARAMO=udhcpc,dibbler-client,info
+ EXCLUDE_NOBLE=udhcpc,dibbler-client,info
# here you can add packages, that are needed very early
INCLUDE_DEBIAN=
-
+INCLUDE_ETIONA=ifupdown
+INCLUDE_NABIA=ifupdown
+INCLUDE_ARAMO=ifupdown
setarch() {
cleanup-deb() {
+ if [[ $cmd ]]; then
+ if [[ -e $cmd ]]; then
+ cp "$cmd" $xtmp/tmp
+ chroot $xtmp "/tmp/$cmd"
+ else
+ chroot $xtmp $cmd
+ fi
+ fi
chroot $xtmp apt-get clean
rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf \
$xtmp/var/lib/apt/lists/*_* $xtmp/usr/bin/qemu-*-static \
- $xtmp/etc/udev/rules.d/70-persistent-net.rules
+ $xtmp/etc/udev/rules.d/70-persistent-net.rules \
+ $xtmp/var/lib/dbus/machine-id
> $xtmp/etc/machine-id
}
}
+ rpmdist() {
+
+ local arch=$1
+ local vers=$2
+ local dist=$3
+ local domain=$(domainname)
+
+ check
+ setarch $arch
+ $l32 rinse --directory $xtmp --distribution $dist-$vers --arch $arch --before-post-install $xtmp/post
+ domainname $domain # workaround for #613377
+ cleanup-rinse
+ tarit
+ }
+
+
+ alma() {
+ rpmdist $1 $2 alma
+ }
+
+ rocky() {
+ rpmdist $1 $2 rocky
+ }
+
centos() {
local arch=$1
dist=${DIST%%[0-9][0-9]}
local exc="EXCLUDE_$dist"
[ -n "${!exc}" ] && exc="--exclude=${!exc}" || unset exc
+ local inc="INCLUDE_$dist"
+ [ -n "${!inc}" ] && inc="--include=${!inc}" || unset inc
dist=${dist,,}
check
- if [ -n "$INCLUDE_DEBIAN" ]; then
- local inc="--include=$INCLUDE_DEBIAN"
- fi
if [ -n "$arch" ]; then
qemu-debootstrap --arch $arch ${exc} $inc $dist $xtmp $mirror
echo "Available:
+ ALMA9_64
+ ROCKY8_64
+ ROCKY9_64
CENTOS5_32 CENTOS5_64
CENTOS6_32 CENTOS6_64
CENTOS7_32 CENTOS7_64
SLC7_64
TRUSTY32 TRUSTY64
XENIAL32 XENIAL64
+ FLIDAS64
BIONIC64
+ ETIONA64
FOCAL64
+ NABIA64
JAMMY64
+ ARAMO64
+ NOBLE64
SQUEEZE32 SQUEEZE64
WHEEZY32 WHEEZY64
JESSIE32 JESSIE64
BULLSEYE32 BULLSEYE64
BOOKWORM32 BOOKWORM64
TRIXIE32 TRIXIE64
+ FORKY32 FORKY64
SID32 SID64
"
}
cat <<EOF
mk-basefile, create minimal base files for a Linux distritubtion
- Copyright (C) 2011-2020 by Thomas Lange
+ Copyright (C) 2011-2023 by Thomas Lange
Usage: mk-basefile [OPTION] ... DISTRIBUTION
-s Show list of supported linux distributions
-f ARCH Build for foreign architecture ARCH.
-d DIR Use DIR for creating the temporary subtree structure.
- -z Use gzip for compressing the tar file.
+ -z Use zstd for compressing the tar file.
-J Use xz for compressing the tar file.
-k Keep the temporary subtree structure, do not remove it.
+ -x CMD Run CMD in chroot. If CMD exists as a file, copy it and run it.
+ Debian based only
-h Print help.
Usage example: mk-basefile -J STRETCH64
cleanup=1
attributes="--xattrs --selinux --acls"
-while getopts ashzJd:kf: opt ; do
+while getopts ashzJd:kf:x: opt ; do
case "$opt" in
a) echo "$0: Warning. -a is ignored, because xtattrs, acls and selinux are always added." ;;
d) export TMPDIR=$OPTARG ;;
f) export ARCH=$OPTARG ;;
- z) zip="gzip -9"; ext=tar.gz ;;
+ z) zip="zstd -9"; ext=tar.zst ;;
J) zip="xz -8" ext=tar.xz ;;
k) cleanup=0 ;;
h) usage ;;
s) prtdists ; exit 0;;
+ x) cmd="$OPTARG" ;;
?) exit 3 ;; # error in option parsing
esac
done
CENTOS7_32) centos i386 7 ;;
CENTOS7_64) centos amd64 7 ;;
CENTOS8_64) centos amd64 8 ;;
+ ROCKY8_64) rocky amd64 8 ;;
+ ROCKY9_64) rocky amd64 9 ;;
+ ALMA9_64) alma amd64 9 ;;
SLC5_32) slc i386 5 ;;
SLC5_64) slc amd64 5 ;;
SLC6_32) slc i386 6 ;;
SLC6_64) slc amd64 6 ;;
SLC7_64) slc amd64 7 ;;
- TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*)
+ BELENOS*|FLIDAS*|ETIONA*|NABIA*|ARAMO*)
+ debgeneric $target $MIRROR_TRISQUEL ;;
+ TRUSTY*|XENIAL*|BIONIC*|FOCAL*|JAMMY*|NOBLE*)
debgeneric $target $MIRROR_UBUNTU ;;
- SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*|BULLSEYE*|BOOKWORM*|TRIXIE*|SID*)
+ SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*|BULLSEYE*|BOOKWORM*|TRIXIE*|FORKY*|SID*)
debgeneric $target $MIRROR_DEBIAN $ARCH;;
*) echo "Unknown distribution. Aborting."
prtdists
-release=bookworm
-apt_cdn=http://deb.debian.org
-security_cdn=http://security.debian.org
+# ian, commented, sources are set with fcopy
- # release=bullseye
++# release=bookworm
+# apt_cdn=http://deb.debian.org
+# security_cdn=http://security.debian.org
# since bullseye Debian changed the suite name for security
if [ $release = buster ]; then
# if you have enough RAM (>2GB) you may want to enable this line. It
# also puts /var/cache into a ramdisk.
-#FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
+# ian: uncommented
+FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
# if you want to use the faiserver as APT proxy
- # APTPROXY=http://faiserver:3142
+ #APTPROXY=http://faiserver:3142
+
+
+ # The linux-image package has different names for Debian and Ubuntu
+ if ifclass UBUNTU; then
+ kernelname=linux-image-generic
+ elif ifclass I386; then
+ kernelname=linux-image-686-pae
+ elif ifclass AMD64; then
+ kernelname=linux-image-amd64
+ fi
+
+ if [ -z "kernelname" ]; then
+ _arch=$(dpkg --print-architecture 2>/dev/null)
+ case $_arch in
+ i386)
+ kernelname=linux-image-686-pae ;;
+ *)
+ kernelname=linux-image-$_arch
+ esac
+ unset _arch
+ fi
+#### from upstream example config, except where noted
+
# default values for installation. You can override them in your *.var files
# allow installation of packages from unsigned repositories
# Set UTC=yes if your system clock is set to UTC (GMT), and UTC=no if not.
UTC=yes
-TIMEZONE=Europe/Berlin
-
-# the hash of the root password for the new installed linux system
-# pw is "fai"
-ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
+## changed from upstream. found in /usr/share/zoneinfo/, via fai-guide
+TIMEZONE=US/Eastern
# errors in tasks greater than this value will cause the installation to stop
STOP_ON_ERROR=700
# set parameter for install_packages(8)
MAXPACKAGES=800
+ # Account on the FAI server for saving log files and calling fai-chboot.
+ # Remove the hash character in the next line to activate this feature
+ #LOGUSER=fai
+
# a user account will be created
-username=demo
-USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
+#username=demo
+#USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
# set a default
FAI_DEBOOTSTRAP="bookworm http://deb.debian.org/debian"
--- /dev/null
--- /dev/null
++CONSOLEFONT=lat9v-16
++KEYMAP=us
++DEFAULTLOCALE=en_US.UTF-8
++SUPPORTEDLOCALE=en_US.UTF-8:en_US:en
++
++# if you install much software and have only few RAM, use the RAM disk
++# not for var/cache/yum
++#FAI_RAMDISKS="$target/var/lib/rpm $target/var/cache/yum"
++FAI_RAMDISKS="$target/var/lib/rpm"
-ubuntumirror=http://archive.ubuntu.com
-ubuntudist=jammy
+#iank, i define these by classes. commenting
+# to make sure these arent used
+#ubuntumirror=http://archive.ubuntu.com
- #ubuntudist=focal
++#ubuntudist=jammy
--- /dev/null
--- /dev/null
++# config for a disk image for a VM
++#
++# p=<partlabel> <mountpoint> <size> <fs type> <mount options> <misc options>
++
++disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid align-at:1M
++
++p=efi /boot/efi 64M vfat defaults createopts="-F 32"
++p=root / 300- ext4 rw,discard,barrier=0,noatime,errors=remount-ro tuneopts="-c 0 -i 0"
--- /dev/null
--- /dev/null
++# example of new config file for setup-storage
++#
++# <type> <mountpoint> <size> <fs type> <mount options> <misc options>
++
++# you may want to add "-O ^metadata_csum_seed" to createopts if the target
++# system is older than bullseye. See #866603, #1031415, #1031416 for more info.
++
++disk_config disk1 disklabel:msdos bootable:1 fstabkey:label
++
++primary / 4G-50G ext4 rw,noatime,errors=remount-ro createopts="-L ROOT"
++
++logical swap 200-10G swap sw createopts="-L SWAP"
++logical /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L HOME -m 1" tuneopts="-c 0 -i 0"
--- /dev/null
--- /dev/null
++deb {%apt_cdn%}/debian {%release%} main contrib non-free non-free-firmware
++deb {%security_cdn%}/debian-security {%secsuite%} main contrib non-free non-free-firmware
++deb {%apt_cdn%}/debian {%release%}-updates main contrib non-free non-free-firmware
--- /dev/null
--- /dev/null
++CLOUD
--- /dev/null
--- /dev/null
++# This file controls the state of SELinux on the system.
++# SELINUX= can take one of these three values:
++# enforcing - SELinux security policy is enforced.
++# permissive - SELinux prints warnings instead of enforcing.
++# disabled - No SELinux policy is loaded.
++SELINUX=disabled
++# SELINUXTYPE= can take one of these two values:
++# targeted - Only targeted network daemons are protected.
++# strict - Full SELinux protection.
++# mls - Multi Level Security protection.
++SELINUXTYPE=targeted
++# SETLOCALDEFS= Check local definition changes
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++skiptask debconf
#! /bin/bash
+set -x
# if package locales will be installed, then install it early, before
# other packages
if [ $FAI_ACTION != "install" -a $FAI_ACTION != "dirinstall" ]; then
fi
fcopy -Bi /etc/apt/apt.conf.d/force_confdef
-ainsl -a /etc/ucf.conf "^conf_force_conffold=YES"
# in case the locales are already included inside the base file (Ubuntu)
if [ -f $target/usr/sbin/locale-gen ]; then
$ROOTCMD apt-get -y install locales > /dev/null
fi
fi
+
+ # use zstd for dracut initrd
+ ainsl -av /etc/dracut.conf.d/11-debian.conf "compress=zstd"
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++if [ $FAI_ACTION = "install" ]; then
++ ctam
++ [ -L $target/etc/mtab ] || cp /etc/mtab $target/etc/mtab
++
++ cat > $target/etc/sysconfig/network <<-EOF
++ NETWORKING=yes
++ HOSTNAME=$HOSTNAME.$DOMAIN
++ EOF
++ echo "127.0.0.1 localhost" > $target/etc/hosts
++ ifclass DHCPC || ainsl -s /etc/hosts "$IPADDR $HOSTNAME.$DOMAIN $HOSTNAME"
++ cp /etc/resolv.conf $target/etc
++fi
++
++fcopy -riv /etc/yum.repos.d/
++
++# disable the fastestmirror plugin
++#fai-sed 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
++
++skiptask repository
++
++exit $error
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++# This file is sourced during task_setup
++# you can define your own functions and use them later, for e.g.
++# in scripts/...
++
++
++cleanup_base() {
++
++ rm -f $target/etc/mailname \
++ $target/etc/machine-id \
++ $target/var/lib/dbus/machine-id \
++ $target/var/log/install_packages.list
++
++ > $target/etc/machine-id
++ shred --remove $target/etc/ssh/ssh_host_*
++}
++
++
++cleanup_dpkg_apt() {
++
++ rm -f $target/var/log/alternatives.log \
++ $target/var/log/apt/* \
++ $target/var/log/bootstrap.log \
++ $target/var/log/dpkg.log
++
++ rm -rf $target/var/cache/apt/*
++ rm -rf $target/var/lib/apt/lists/*
++ rm -f $target/var/lib/dpkg/available*
++ rm -f -- $target/var/lib/dpkg/*-old
++}
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++if [ ! -f $target/etc/resolv.conf ]; then
++ cp /etc/resolv.conf $target/etc
++fi
++
++if [ X$verbose = X1 ]; then
++ echo "Updating base"
++ $ROOTCMD yum -y update |& tee -a $LOGDIR/software.log
++else
++ $ROOTCMD yum -y update >> $LOGDIR/software.log
++fi
++
++$ROOTCMD systemd-machine-id-setup
++
++cat > $target/etc/sysconfig/kernel <<EOF
++# UPDATEDEFAULT specifies if new-kernel-pkg should make
++# new kernels the default
++UPDATEDEFAULT=yes
++
++# DEFAULTKERNEL specifies the default kernel package type
++DEFAULTKERNEL=kernel-core
++EOF
++
++skiptask updatebase
-PACKAGES install-norec
-#cryptsetup-initramfs # needed if you use an encrypted partition
-bash-completion
-debconf-utils
-file
-zstd
-less
-linuxlogo
-rsync
-openssh-client openssh-server
-time
-procinfo
-nullmailer
-sudo
-locales
-console-setup kbd
-pciutils usbutils
-unattended-upgrades
+# otherwise sshd takes like 10 seconds to start.
+# not sure if this applies to bullseye or just buster, installing it so i dun have to worry.
+PACKAGES install BUSTER BULLSEYE BOOKWORM
+haveged
PACKAGES install NONFREE
# you may want these non-free kernel drivers
firmware-bnx2 firmware-bnx2x firmware-realtek
firmware-linux-nonfree
# a list of firmware for wifi/wireless
- atmel-firmware firmware-atheros firmware-brcm80211
- firmware-iwlwifi firmware-libertas firmware-ralink firmware-zd1211
+ firmware-misc-nonfree
+ atmel-firmware firmware-ath9k-htc firmware-brcm80211
+ firmware-iwlwifi firmware-libertas firmware-zd1211
firmware-brcm80211 firmware-ti-connectivity
firmware-netronome firmware-netxen firmware-realtek
firmware-cavium
# firmware-ipw2x00 # needs a debconf question
- PACKAGES install I386
- linux-image-686-pae
+ # needed for a live ISO
+ PACKAGES install-norec LIVEISO
+ dracut dracut-live dracut-squash grub-pc grub-efi-amd64-bin
+
+ PACKAGES install-norec I386 AMD64
memtest86+
- PACKAGES install CHROOT
+ PACKAGES install-norec CHROOT
linux-image-686-pae-
linux-image-amd64-
+initramfs-tools-core-
+dropbear-initramfs-
- PACKAGES install AMD64
- linux-image-amd64
+ PACKAGES install-norec AMD64
+ ${kernelname} # see class/DEBIAN.var
memtest86+
- PACKAGES install ARM64
+ PACKAGES install-norec ARM64
+ ${kernelname} # see class/DEBIAN.var
grub-efi-arm64
- linux-image-arm64
- # this is duplicate with STANDARD.
- #PACKAGES install GRUB_PC
-PACKAGES install-norec GRUB_PC
-grub-pc
++# iank this is duplicate with STANDARD.
++#PACKAGES install-norec GRUB_PC
+#grub-pc
- #PACKAGES install GRUB_EFI
- #grub-efi
-
-PACKAGES install-norec GRUB_EFI
-grub-efi dosfstools
++#PACKAGES install-norec GRUB_EFI
++#grub-efi dosfstools
PACKAGES install LVM
lvm2
--- /dev/null
--- /dev/null
++PACKAGES dnfgroup
++core
++minimal-environment
++#server-product-environment
++#headless-management
++
++PACKAGES dnfgroup XORG
++graphical-server-environment
++workstation-product-environment
++
++PACKAGES dnfi
++NetworkManager
++dbus-broker # needed by systemd
++chrony
++kernel
++dracut
++less
++openssh
++openssh-clients
++openssh-server
++vim-enhanced
++man
++curl
++unzip
++which
++ncurses ncurses-base
++coreutils-common
++libibverbs # needed for nc, but missing dependency
++
++PACKAGES dnfi GRUB_PC
++grub2-pc
++
++PACKAGES dnfi GRUB_EFI
++grub2-efi
++
++
++PACKAGES dnfi LVM
++lvm2
manpages
mime-support
ncurses-term
-netcat-traditional
openssh-client
pciutils
perl
+# ian: newer distros dont have python, it gets naturally removed
+python
+python-minimal
+python3
+python3-minimal
reportbug
telnet
traceroute
ucf
xz-utils
-python3
-python3-minimal
+# ian standard packages
+# lsof is used in my btrfs util scritps.
+# netcat is used for proxy.
+lvm2
+keyutils
+cryptsetup
+btrfs-progs
+sudo
+bridge-utils
+netcat-openbsd
+lsof
+debconf-utils
+file
+less
+rsync
+openssh-client openssh-server
+time
+procinfo
+locales
+console-setup kbd
+pciutils usbutils
+unattended-upgrades
+initramfs-tools-core
+dropbear-initramfs
+apt-transport-https
+# ifupdown because etiona doesnt have it by default
+# and fai scripts want to call ifquery.
+ifupdown
+netplan.io-
+libnss-resolve
+publicsuffix
+iso-codes
+# new package buster/nabia+
+cryptsetup-initramfs
+# for btrbk
+zstd
+
+# iank, copied from DEBIAN so it goes into ubuntu too
+PACKAGES install GRUB_PC
+grub-pc
+
+PACKAGES install GRUB_EFI
+# normally would have just grub-efi
+# but theres a dependency problem with it in nabia: for some reason it depends on
+# a version in security, but theres a later version in updates that the system
+# really wants to install.
- grub-efi-amd64
++grub-efi-amd64 dosfstools
-# the kernel is now defined in DEBIAN
+PACKAGES install I386
+linux-image-generic
+memtest86+
-PACKAGES install
-ubuntu-minimal
-ubuntu-server
+PACKAGES install CHROOT
+linux-image-generic-
+
+PACKAGES install AMD64
+linux-image-generic
+memtest86+
+
-
+PACKAGES install FLIDAS64 XENIAL64
+linux-image-generic-hwe-8.0
+
+PACKAGES install NABIA64 FOCAL64
+linux-image-generic-
+linux-image-generic-hwe-20.04
+ PACKAGES install XORG
+ ubuntu-server-
+ ubuntu-standard
+ ubuntu-desktop
+
PACKAGES install GERMAN
language-pack-gnome-de
+
+ PACKAGES install CHROOT
+ # a chroot does not need a kernel.
+ # See class/DEBIAN.var for the exact package name
+ ${kernelname}-
# (c) Thomas Lange, 2001-2016, lange@debian.org
# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
+
+# on ubuntu 16.04 which didn't run this script, some things which didn't
+# apply:
+# /etc/dpkg/dpkg.cfg.d/fai didn't exist,
+# machine-id was already setup.
+
+# on that system and a debian stretch system, after reboot,
+# some things done here don't seem to persist:
+# some thin/etc/mtab is symlink somewhere else,
+# and mailname is $HOSTNAME.lan
+
+# the adjtime thing is to support changing the system clock
+# from representing UTC (the default) to localtime (windows default).
+
+# afaik, the only useful thing here for me is setting /etc/hostname
+
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
# a list of modules which are loaded at boot time
printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime
fi
if [ "$UTC" = "yes" ]; then
- sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime
+ fai-sed 's:^LOCAL$:UTC:' /etc/adjtime
else
- sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime
+ fai-sed 's:^UTC$:LOCAL:' /etc/adjtime
fi
# enable linuxlogo
if [ -f $target/etc/inittab ]; then
- sed -i -e 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' ${target}/etc/inittab
+ fai-sed 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' /etc/inittab
elif [ -f $target/lib/systemd/system/getty@.service ]; then
- sed -i -e 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' $target/lib/systemd/system/getty@.service
+ fai-sed 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' /lib/systemd/system/getty@.service
fi
# make sure a machine-id exists
$ROOTCMD systemd-machine-id-setup
fi
- ln -fs /proc/mounts $target/etc/mtab
+ fai-link /etc/mtab ../proc/self/mounts
- rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io
+ rm -f $target/etc/dpkg/dpkg.cfg.d/unsafe-io
if [ -d /etc/fai ]; then
if ! fcopy -Mv /etc/fai/fai.conf; then
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++# (c) Thomas Lange, 2022, lange@debian.org
++#
++# Add public ssh key for user root to get login access
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++SSHDIR=$target/root/.ssh
++AUKEY=$SSHDIR/authorized_keys
++
++# reverse order of classes
++for c in $classes; do
++ revclasses="$c $revclasses"
++done
++
++for c in $revclasses; do
++ if [ -f $FAI/files/root-ssh-key/$c ]; then
++ if [ -f $AUKEY ]; then
++ cmp -s $FAI/files/root-ssh-key/$c $AUKEY
++ if [ $? -eq 0 ]; then
++ exit
++ fi
++ fi
++ if [ ! -d $SSHDIR ]; then
++ mkdir -m 700 $SSHDIR
++ fi
++ cp -v $FAI/files/root-ssh-key/$c $AUKEY
++ chown root:root $AUKEY
++ chmod 700 $AUKEY
++ break
++ fi
++done
++
++exit $error
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+set -x
+ # do only execute for Debian and similar distros
+ if ! ifclass DEBIAN ; then
+ exit 0
+ fi
+
set -a
# do not set up grub during dirinstall
# disable os-prober because of #802717
ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true'
+ # efivars may still be mounted from the host system during fai-diskimage
+ if [ -d $target/sys/firmware/efi/efivars ]; then
+ umount $target/sys/firmware/efi/efivars
+ fi
+
# skip the rest, if not an initial installation
if [ $FAI_ACTION != "install" ]; then
$ROOTCMD update-grub
# Check if RAID is used for the boot device
if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then
+ GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE)
raiddev=${BOOT_DEVICE#/dev/}
# install grub on all members of RAID
for device in $(LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; s/(nvme.+?)p/$1/g; print }' /proc/mdstat); do
# remove last ,
mbrdevices=${mbrdevices%, }
else
- mbrdevices=$(get_stable_devname $BOOT_DEVICE)
+ for dev in $BOOT_DEVICE; do
+ mbrdev=$(get_stable_devname $dev)
if [ -z "$mbrdevices" ]; then
- # if we cannot find a persistent name (for e.g. in a VM) use old name
- mbrdevices=$BOOT_DEVICE
+ # if we cannot find a persistent name (for e.g. in a VM) use old name
+ mbrdevices+="$dev, "
fi
- echo "Installing grub on $BOOT_DEVICE = $mbrdevices"
- $ROOTCMD grub-install --no-floppy "$mbrdevices"
+ echo "Installing grub on $dev = $mbrdev"
+ $ROOTCMD grub-install --no-floppy "$mbrdev"
+ done
+ # remove trailing ,
+ mbrdevices=${mbrdevices%, }
fi
echo "grub-pc grub-pc/install_devices multiselect $mbrdevices" | $ROOTCMD debconf-set-selections
error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+ # remove crypt password from format.log
+ if [ -f $LOGDIR/format.log ]; then
+ perl -i -pane "s/Executing: yes '.+?' \| cryptsetup/Executing: yes 'XXXXXXXXXXXXX' | cryptsetup/" $LOGDIR/format.log
+ fi
+
if [ "$FAI_ACTION" = "dirinstall" -o $do_init_tasks -eq 0 ] ; then
:
else
fi
fi
- # i use dm for crypt, not lvm, so this gives false positive. todo, send patch to remove this
- # upstream.
- # usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l)
- # if [ $usedm -ne 0 ]; then
- # if [ ! -d $target/etc/lvm ]; then
- # echo ERROR: Found lvm devices, but the lvm2 package was not installed
- # error=1
- # fi
- # fi
+ if [ -f $target/etc/crypttab ] && [ ! -f $target/sbin/cryptsetup ]; then
+ echo ERROR: Encrypted devices used, but the crypsetup package was not installed.
+ echo ERROR: You want to add cryptsetup-initramfs or dracut to some package_config file.
+ fi
+
++ # note, if we used dm for crypt, not lvm, so would givee false positive. todo, send patch to fix
+ usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l)
+ if [ $usedm -ne 0 ]; then
+ if [ ! -d $target/etc/lvm ]; then
+ echo ERROR: Found lvm devices, but the lvm2 package was not installed
+ error=1
+ fi
+ fi
fi
# remove backup files from cfengine, but only if cfengine is installed
fi
# Make sure everything is configured properly
-if ifclass DEBIAN ; then
+if ifclass DEBIAN || ifclass UBUNTU; then
$ROOTCMD apt-get -f install -y
fi
return
fi
- dists="jessie stretch buster bullseye bookworm trixie jammy focal bionic xenial trusty aramo nabia etiona"
- dists="jessie stretch buster bullseye bookworm trixie forky noble jammy focal bionic xenial trusty"
++ dists="jessie stretch buster bullseye bookworm trixie forky noble jammy focal bionic xenial trusty aramo nabia etiona"
for d in $dists; do
if grep -iq $d $target/etc/os-release; then
release=$d
# if installation was done from CD, replace useless sources.list
setrel
- if [ -f $target/etc/apt/sources.list -a -n "$release" ]; then
- grep -q 'file generated by fai-cd' $target/etc/apt/sources.list && cat <<EOF > $target/etc/apt/sources.list
- deb $apt_cdn/debian $release main contrib non-free
- deb $security_cdn/debian-security ${secsuite} main contrib non-free
+ if [ -f $target/etc/apt/sources.list ] && [ -n "$release" ]; then
+ if grep -q 'file generated by fai-cd' $target/etc/apt/sources.list; then
+ echo "Create new sources.list for $release"
+ cat <<EOF > $target/etc/apt/sources.list
+ deb $apt_cdn/debian $release main contrib non-free non-free-firmware
+ deb $security_cdn/debian-security ${secsuite} main contrib non-free non-free-firmware
#deb [trusted=yes] http://fai-project.org/download $release koeln
EOF
+ fi
# if the package fai-server was installed, enable the project's repository
if dpkg-query --admindir=$target/var/lib/dpkg -W fai-server >/dev/null 2>&1; then
- sed -i -e '/fai-project.org/s/^#//' $target/etc/apt/sources.list
+ fai-sed '/fai-project.org/s/^#//' /etc/apt/sources.list
fi
fi
+ # install default sources.list for Debian based distributions
+ if [ -d $target/etc/apt ] && [ ! -f $target/etc/apt/sources.list ]; then
+ fcopy -Svc DEBIAN_DEFAULT /etc/apt/sources.list
+ fi
+
+ # older releases do not have the non-free-firmware section
+ if [ -n "$release" ] && [[ "buster bullseye" =~ "$release" ]]; then
+ sed -i -e 's/non-free-firmware//g' $target/etc/apt/sources.list
+ fi
+
# for ARM architecture, we may need the kernel and initrd to boot or flash the device
if ifclass ARM64; then
cp -pv $target/boot/vmlinuz* $target/boot/initrd* $FAI_RUNDIR
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++# create an initrd for booting from ISO
++
++# get highest kernel version
++ver=$(ls -r1 $target/boot/initrd.img-*|tail -1| sed 's/.\+initrd.img-//')
++if [ -z "$ver" ]; then
++ echo "ERROR: no initrd found in $0"
++ exit 9
++fi
++
++rm $target/boot/initrd.img-$ver
++$ROOTCMD dracut -N --zstd --filesystems ext4 -a "dmsquash-live " -o"btrfs crypt dash lvm resume usrmount modsign mdraid shutdown virtfs" /boot/initrd.img-$ver $ver
++
++echo ISO initrd was created
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++# this is defined in hooks/subroutines
++cleanup_dpkg_apt
++cleanup_base
++
++echo cleanup for live ISO done
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++# (c) Michael Goetze, 2010-11, mgoetze@mgoetze.net
++# Thomas Lange, 2015-2020
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++$ROOTCMD usermod -p $ROOTPW root
++
++fcopy -v /etc/selinux/config
++$ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot
++chmod a+rx $target
++
++exit $error
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net
++# (c) Thomas Lange, 2011, Uni Koeln
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++ainsl -v /etc/fstab "proc /proc proc defaults 0 0"
++ainsl -v /etc/fstab "sysfs /sys sysfs auto 0 0"
++
++version=$($ROOTCMD rpm -qv kernel | cut -d- -f2-)
++
++
++if [ -f $target/etc/lvm/lvm.conf ]; then
++ fai-sed 's/use_lvmetad = 1/use_lvmetad = 0/' /etc/lvm/lvm.conf
++ ainsl -av /etc/dracut.conf.d/fai.conf 'add_dracutmodules+=" lvm "'
++fi
++
++
++# add filesystem driver into initrd
++ainsl -av /etc/dracut.conf.d/fai.conf 'filesystems+=" ext4 "'
++$ROOTCMD dracut -v --kver $version --force
++
++
++exit $error
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
++# (c) Thomas Lange 2014
++
++error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
++
++if [ -r $LOGDIR/disk_var.sh ] ; then
++ . $LOGDIR/disk_var.sh
++else
++ echo "disk_var.sh not found!"
++ exit 1
++fi
++
++
++# CentOS 7 does not have a device.map file, so generate one
++if [ -d $target/boot/grub2 -a ! -f $target/boot/grub2/device.map ]; then
++ echo "# Generated by FAI" >> $target/boot/grub2/device.map
++ centosdisks=$(awk '/[sv]d.$/ {print $4}' /proc/partitions | sort)
++ dcount=0
++ for d in $centosdisks; do
++ echo "(hd$dcount) /dev/$d" >> $target/boot/grub2/device.map
++ dcount=$((dcount + 1))
++ done
++fi
++
++bootdev=$(device2grub $BOOT_DEVICE)
++bootpart=$(device2grub $BOOT_PARTITION)
++version=$($ROOTCMD rpm -qv kernel | cut -d- -f2-)
++
++if grep '[[:space:]]/boot[[:space:]]' $LOGDIR/fstab; then
++ bootdir=''
++else
++ bootdir='/boot'
++fi
++
++mount -o bind /dev $target/dev
++
++if [ -f $target/usr/sbin/grub2-install ]; then
++
++ # CentOS 7
++ $ROOTCMD grub2-install --no-floppy "$BOOT_DEVICE"
++ $ROOTCMD grub2-mkconfig --output=/boot/grub2/grub.cfg
++else
++
++$ROOTCMD grub-install --just-copy
++
++$ROOTCMD grub --device-map=/dev/null --no-floppy --batch <<-EOF
++ device $bootdev $BOOT_DEVICE
++ root $bootpart
++ setup $bootdev
++ quit
++ EOF
++
++ln -s ./menu.lst $target/boot/grub/grub.conf
++
++if [ -f $target/boot/grub/splash.xpm.gz ]; then
++ pretty="splashimage=$bootpart$bootdir/grub/splash.xpm.gz"
++else
++ pretty="color cyan/blue white/blue"
++fi
++
++title=$(head -1 $target/etc/redhat-release)
++
++cat > $target/boot/grub/grub.conf <<-EOF
++ timeout 5
++ default 0
++ $pretty
++ hiddenmenu
++
++ title $title
++ root $bootpart
++ kernel $bootdir/vmlinuz-$version root=$ROOT_PARTITION ro
++ initrd $bootdir/initramfs-$version.img
++ EOF
++
++fi
++
++umount $target/dev
++
++echo ""
++echo "Grub installed on $BOOT_DEVICE = $bootdev"
++echo "Grub boot partition is $BOOT_PARTITION = $bootpart"
++echo "Root partition is $ROOT_PARTITION"
++echo "Boot kernel: $version"
++
++exit $error
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++# (c) Michael Goetze, 2011, mgoetze@mgoetze.net
++
++error=0 ; trap "error=$((error|1))" ERR
++
++cat > $target/etc/sysconfig/clock <<-EOF
++ UTC=$UTC
++ ZONE=$TIMEZONE
++ EOF
++cat > $target/etc/sysconfig/i18n <<-EOF
++ LANG="$DEFAULTLOCALE"
++ SUPPORTED="$SUPPORTEDLOCALE"
++ SYSFONT="$CONSOLEFONT"
++ EOF
++cat > $target/etc/sysconfig/keyboard <<-EOF
++ KEYBOARDTYPE="pc"
++ KEYTABLE="$KEYMAP"
++ EOF
++
++# can not be used, because we still not use systemd in FAI
++# $ROOTCMD localectl set-locale LANG=$DEFAULTLOCALE
++
++cat > $target/etc/locale.conf <<-EOF
++ LANG="$DEFAULTLOCALE"
++ EOF
++if [ -f $target/usr/lib/locale/locale-archive.tmpl \
++ -a ! -s $target/usr/lib/locale/locale-archive ]; then
++ mv $target/usr/lib/locale/locale-archive.tmpl $target/usr/lib/locale/locale-archive
++fi
++
++fcopy -iv /etc/sysconfig/i18n /etc/sysconfig/keyboard
++
++exit $error
++
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++error=0 ; trap "error=$((error|1))" ERR
++
++ifcfg_config() {
++
++ cat > $target/etc/sysconfig/network-scripts/ifcfg-$NIC1 <<-EOF
++ # generated by FAI
++ TYPE=Ethernet
++ PROXY_METHOD=none
++ BOOTPROTO=dhcp
++ DEFROUTE=yes
++ BROWSER_ONLY=no
++ IP4_FAILURE_FATAL=no
++ IPV6INIT=no
++ IPV6_AUTOCONF=no
++ NAME=$NIC1
++ DEVICE=$NIC1
++ ONBOOT=yes
++ EOF
++}
++
++nm_config() {
++
++ uuid=$(uuidgen)
++
++ cat > $target/etc/NetworkManager/system-connections/${NIC1}.nmconnection << EOF
++
++# generated by FAI
++[connection]
++id=$NIC1
++uuid=$uuid
++type=ethernet
++autoconnect-priority=-999
++interface-name=$NIC1
++
++[ethernet]
++
++[ipv4]
++method=auto
++
++[ipv6]
++addr-gen-mode=eui64
++method=auto
++
++[proxy]
++EOF
++
++ chmod 600 $target/etc/NetworkManager/system-connections/${NIC1}.nmconnection
++}
++
++
++
++# determine predictable network names
++fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH"
++for field in $fields; do
++ name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p")
++ if [[ $name ]]; then
++ NIC1=$name
++ break
++ fi
++done
++if [[ ! $name ]]; then
++ echo "$0: error: could not find systemd predictable network name. Using $NIC1."
++fi
++
++if [ $FAI_ACTION != "softupdate" ] && ifclass DHCPC; then
++ . $target/etc/os-release
++ major=$(echo ${VERSION_ID} | awk -F '.' '{ print $1 }')
++
++ if [ $major -lt 9 ]; then
++ ifcfg_config
++ else
++ nm_config
++ fi
++fi
++
++fcopy -iv /etc/sysconfig/network /etc/resolv.conf /etc/networks
++fcopy -ivr /etc/sysconfig/network-scripts
++
++exit $error
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++error=0 ; trap "error=$((error|1))" ERR
++
++# add a $username user account
++if [ -n "$username" ]; then
++ if ! $ROOTCMD getent passwd $username ; then
++ $ROOTCMD adduser -c "$username user" $username
++ $ROOTCMD usermod -p "$USERPW" $username
++ fi
++fi
++
++# enable graphical login screen, make run level 5 as default
++if [ -f $target/usr/sbin/gdm ]; then
++ fai-sed 's/id:3:initdefault:/id:5:initdefault:/' /etc/inittab
++ # do not run this tool
++ echo "RUN_FIRSTBOOT=NO" > $target/etc/sysconfig/firstboot
++fi
++
++exit $error
++
--- /dev/null
--- /dev/null
++#! /bin/bash
++
++$ROOTCMD yum clean all