From 2773c14668a490a1254a63541e1ef9fd3377104b Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Sun, 8 Oct 2017 09:59:28 -0700
Subject: [PATCH] update to 5.4

---
 fai/config/basefiles/mk-basefile              | 62 ++++++++++++-------
 fai/config/class/01-classes                   |  2 +-
 fai/config/class/40-parse-profiles.sh         |  1 -
 fai/config/class/CLOUD.var                    |  1 +
 fai/config/class/DEBIAN.var                   |  2 +
 fai/config/disk_config/CLOUD                  |  2 +-
 fai/config/disk_config/XENIAL                 | 13 ++++
 fai/config/files/etc/apt/sources.list/GCE     |  6 +-
 fai/config/files/etc/apt/sources.list/GNOME   |  4 +-
 fai/config/files/etc/apt/sources.list/preinst | 12 +++-
 .../10_cloud_disable_net.ifnames.cfg/CLOUD    |  6 ++
 .../files/etc/fai/apt/sources.list/FAISERVER  |  4 +-
 .../files/etc/fai/nfsroot.conf/FAISERVER      |  2 +-
 fai/config/files/etc/rc.local/CLOUD           |  2 +-
 fai/config/files/etc/rc.local/FAISERVER       |  4 +-
 fai/config/hooks/savelog.LAST.sh              |  3 +
 fai/config/package_config/DEBIAN              | 10 +++
 fai/config/package_config/FAIBASE             |  2 +
 fai/config/package_config/GCE                 |  4 +-
 fai/config/package_config/GNOME               |  4 +-
 fai/config/package_config/XFCE                |  2 +-
 fai/config/package_config/XORG                |  3 -
 fai/config/scripts/CLOUD/10-network           | 11 ++++
 fai/config/scripts/CLOUD/99-cleanup           |  9 ++-
 fai/config/scripts/DEBIAN/40-misc             |  7 ++-
 fai/config/scripts/GRUB_EFI/10-setup          |  5 --
 fai/config/scripts/GRUB_PC/10-setup           |  5 --
 fai/config/scripts/LAST/50-misc               | 16 +++--
 28 files changed, 140 insertions(+), 64 deletions(-)
 create mode 100644 fai/config/class/CLOUD.var
 create mode 100644 fai/config/disk_config/XENIAL
 create mode 100644 fai/config/files/etc/default/grub.d/10_cloud_disable_net.ifnames.cfg/CLOUD
 create mode 100755 fai/config/scripts/CLOUD/10-network

diff --git a/fai/config/basefiles/mk-basefile b/fai/config/basefiles/mk-basefile
index ebbe3d9..b93831c 100755
--- a/fai/config/basefiles/mk-basefile
+++ b/fai/config/basefiles/mk-basefile
@@ -4,6 +4,9 @@
 #
 # Thomas Lange, Uni Koeln, 2011-2017
 # based on the Makefile implementation of Michael Goetze
+#
+# Usage example: mk-basefile -J STRETCH64
+# This will create a STRETCH64.tar.xz basefile.
 
 # Supported distributions (each i386/amd64):
 # Debian GNU/Linux
@@ -17,18 +20,20 @@
 
 # Define your local mirros here
 # For the first stage, set the CentOS/SLC mirror in /etc/rinse/rinse.conf
-MIRROR_DEBIAN=http://httpredir.debian.org/debian/
+MIRROR_DEBIAN=http://deb.debian.org/debian/
 MIRROR_UBUNTU=http://mirror.netcologne.de/ubuntu/
 MIRROR_CENTOS=http://mirror.netcologne.de/
 
 EXCLUDE_SQUEEZE=isc-dhcp-client,isc-dhcp-common,info,tasksel,tasksel-data
 EXCLUDE_WHEEZY=info,tasksel,tasksel-data
-EXCLUDE_JESSIE=tasksel,tasksel-data
-EXCLUDE_STRETCH=tasksel,tasksel-data
+EXCLUDE_JESSIE=info,tasksel,tasksel-data
+EXCLUDE_STRETCH=info,tasksel,tasksel-data
+EXCLUDE_BUSTER=tasksel,tasksel-data
 
 EXCLUDE_TRUSTY=dhcp3-client,dhcp3-common,info
-EXCLUDE_XENIAL=tasksel,tasksel-data
+EXCLUDE_XENIAL=udhcpc,dibbler-client,info,tasksel,tasksel-data
 
+# we need aptitude in the base file, since users may want to use it for installing packages
 INCLUDE_DEBIAN=aptitude
 
 
@@ -66,6 +71,7 @@ check() {
 
 mkpost-centos() {
 
+    # set local mirror for rinse post script
     [ -z "$MIRROR_CENTOS" ] && return
     cat <<EOM > $xtmp/post
 #! /bin/sh
@@ -79,6 +85,7 @@ EOM
 
 mkpost-slc() {
 
+    # set local mirror for rinse post script
     ver=$1
     [ -z "$MIRROR_SLC" ] && return
     cat <<EOM > $xtmp/post
@@ -95,10 +102,11 @@ EOM
 
 cleanup-deb() {
 
-    chroot $xtmp aptitude clean
-    rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf $xtmp/etc/machine-id
-    rm $xtmp/var/lib/apt/lists/*_*
-    rm -f $xtmp/etc/udev/rules.d/70-persistent-net.rules
+    chroot $xtmp apt-get clean
+    rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf \
+          $xtmp/var/lib/apt/lists/*_* $xtmp/usr/bin/qemu-*-static \
+          $xtmp/etc/udev/rules.d/70-persistent-net.rules
+    > $xtmp/etc/machine-id
 }
 
 
@@ -159,19 +167,25 @@ debgeneric() {
     local DIST=$1
     shift
     local mirror=$1
+    shift
+    local arch=$1
 
-    if [[ $DIST =~ 64 ]]; then
-        arch=amd64
-    else
-        arch=i386
-    fi
-
-    DIST=${DIST%%??}
-    dist=${DIST,,}
+    dist=${DIST%%[0-9][0-9]}
+    local exc="EXCLUDE_$dist"
+    dist=${dist,,}
 
-    local exc="EXCLUDE_$DIST"
     check
-    debootstrap --arch $arch --exclude=${!exc} --include=${INCLUDE_DEBIAN} $dist $xtmp $mirror
+    if [ -n "$arch" ]; then
+	qemu-debootstrap --arch $arch --exclude=${!exc} --include=${INCLUDE_DEBIAN} $dist $xtmp $mirror
+	target="${target}_${arch^^}"
+    else
+	if [[ $DIST =~ 64 ]]; then
+            arch=amd64
+	else
+            arch=i386
+	fi
+	debootstrap --arch $arch --exclude=${!exc} --include=${INCLUDE_DEBIAN} $dist $xtmp $mirror
+    fi
     cleanup-deb
     tarit
 }
@@ -192,6 +206,7 @@ prtdists() {
     WHEEZY32     WHEEZY64
     JESSIE32     JESSIE64
     STRETCH32    STRETCH64
+    BUSTER32     BUSTER64
 "
 }
 
@@ -200,12 +215,13 @@ usage() {
     cat <<EOF
 mk-basefile, create minimal base files for a Linux distritubtion
 
-   Copyright (C) 2011-2016 by Thomas Lange
+   Copyright (C) 2011-2017 by Thomas Lange
 
 Usage: mk-basefile [OPTION] ... DISTRIBUTION
 
    -s                   Show list of supported linux distributions
    -a                   Add xtattrs, acl and selinux properties to the tar file.
+   -f ARCH              Build for foreign architecture ARCH.
    -d DIR               Use DIR for creating the temporary subtree structure.
    -z                   Use gzip for compressing the tar file.
    -J                   Use xz for compressing the tar file.
@@ -226,10 +242,11 @@ zip=cat
 attributes=
 cleanup=1
 
-while getopts ashzJd:k opt ; do
+while getopts ashzJd:kf: opt ; do
     case "$opt" in
         a) attributes="--xattrs --selinux --acl" ;;
         d) export TMPDIR=$OPTARG ;;
+        f) export ARCH=$OPTARG ;;
         z) zip="gzip -9"; ext=tar.gz ;;
         J) zip="xz -8" ext=tar.xz ;;
         k) cleanup=0 ;;
@@ -249,6 +266,7 @@ chmod 755 $xtmp
 
 target=$1 # also the name of the output file
 
+[ -z "$target" ] && usage
 case "$target" in
     CENTOS5_32) centos i386 5 ;;
     CENTOS5_64) centos amd64 5 ;;
@@ -263,8 +281,8 @@ case "$target" in
     SLC7_64) slc amd64 7 ;;
     TRUSTY*|XENIAL*)
         debgeneric $target $MIRROR_UBUNTU ;;
-    SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*)
-        debgeneric $target $MIRROR_DEBIAN ;;
+    SQUEEZE*|WHEEZY*|JESSIE*|STRETCH*|BUSTER*)
+        debgeneric $target $MIRROR_DEBIAN $ARCH;;
     *) echo "Unknown distribution. Aborting."
        prtdists
        exit 99 ;;
diff --git a/fai/config/class/01-classes b/fai/config/class/01-classes
index 159af3b..a435e05 100755
--- a/fai/config/class/01-classes
+++ b/fai/config/class/01-classes
@@ -2,7 +2,7 @@
 
 [ "$cmdlineclasses" ] || exit 0
 
-# define the classes given on the cmdline (suing -c) very early
+# define the classes given on the cmdline (using -c) very early
 echo $cmdlineclasses
 
 exit 0
diff --git a/fai/config/class/40-parse-profiles.sh b/fai/config/class/40-parse-profiles.sh
index 2e58bc3..15eb030 100755
--- a/fai/config/class/40-parse-profiles.sh
+++ b/fai/config/class/40-parse-profiles.sh
@@ -1,4 +1,3 @@
-
 #! /bin/bash
 
 # parse *.profile and build a curses menu, so the user can select a profile
diff --git a/fai/config/class/CLOUD.var b/fai/config/class/CLOUD.var
new file mode 100644
index 0000000..f4cb485
--- /dev/null
+++ b/fai/config/class/CLOUD.var
@@ -0,0 +1 @@
+NIC1=eth0
diff --git a/fai/config/class/DEBIAN.var b/fai/config/class/DEBIAN.var
index a6fb66b..8f00bb9 100644
--- a/fai/config/class/DEBIAN.var
+++ b/fai/config/class/DEBIAN.var
@@ -13,3 +13,5 @@ MODULESLIST="usbhid psmouse"
 
 # if you want to use the faiserver as APT proxy
 #APTPROXY=http://faiserver:3142
+
+apt_cdn=http://deb.debian.org
diff --git a/fai/config/disk_config/CLOUD b/fai/config/disk_config/CLOUD
index afac4d2..cd03652 100644
--- a/fai/config/disk_config/CLOUD
+++ b/fai/config/disk_config/CLOUD
@@ -4,4 +4,4 @@
 
 disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid align-at:1M
 
-primary /      300-      ext4  rw,nobarrier,noatime,errors=remount-ro tuneopts="-c 0 -i 0"
+primary /      300-      ext4  rw,barrier=0,noatime,errors=remount-ro tuneopts="-c 0 -i 0"
diff --git a/fai/config/disk_config/XENIAL b/fai/config/disk_config/XENIAL
new file mode 100644
index 0000000..13b5102
--- /dev/null
+++ b/fai/config/disk_config/XENIAL
@@ -0,0 +1,13 @@
+# example of new config file for setup-storage
+#
+# <type> <mountpoint> <size>   <fs type> <mount options> <misc options>
+
+# this is a copy of FAIBASE, but with metadata_csum disabled.
+# Ubuntu XENIAL does not yet suport this option
+
+disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid
+
+primary /      2G-15G   ext4  rw,noatime,errors=remount-ro createopts="-O ^metadata_csum"
+logical swap   200-1G   swap  sw
+logical /tmp   100-1G   ext4  rw,noatime,nosuid,nodev createopts="-L tmp -m 0 -O ^metadata_csum" tuneopts="-c 0 -i 0"
+logical /home  100-50%  ext4  rw,noatime,nosuid,nodev createopts="-L home -m 1 -O ^metadata_csum" tuneopts="-c 0 -i 0"
diff --git a/fai/config/files/etc/apt/sources.list/GCE b/fai/config/files/etc/apt/sources.list/GCE
index 98533ab..ce2f0db 100644
--- a/fai/config/files/etc/apt/sources.list/GCE
+++ b/fai/config/files/etc/apt/sources.list/GCE
@@ -1,6 +1,6 @@
-deb http://httpredir.debian.org/debian {release} main contrib non-free
-deb http://httpredir.debian.org/debian {release}-backports main
-deb http://security.debian.org/debian-security {release}/updates main contrib non-free
+deb {apt_cdn}/debian {release} main contrib non-free
+deb {apt_cdn}/debian {release}-backports main
+deb {apt_cdn}/debian-security {release}/updates main contrib non-free
 
 deb http://packages.cloud.google.com/apt cloud-sdk-{release} main
 deb http://packages.cloud.google.com/apt google-cloud-packages-archive-keyring-{release} main
diff --git a/fai/config/files/etc/apt/sources.list/GNOME b/fai/config/files/etc/apt/sources.list/GNOME
index 3f8c4da..75e9537 100644
--- a/fai/config/files/etc/apt/sources.list/GNOME
+++ b/fai/config/files/etc/apt/sources.list/GNOME
@@ -1,2 +1,2 @@
-deb http://httpredir.debian.org/debian stretch main contrib non-free
-deb http://httpredir.debian.org/debian-security stretch/updates main contrib non-free
+deb {apt_cdn}/debian stretch main contrib non-free
+deb {apt_cdn}/debian-security stretch/updates main contrib non-free
diff --git a/fai/config/files/etc/apt/sources.list/preinst b/fai/config/files/etc/apt/sources.list/preinst
index e9f0623..f67d8d9 100755
--- a/fai/config/files/etc/apt/sources.list/preinst
+++ b/fai/config/files/etc/apt/sources.list/preinst
@@ -1,7 +1,7 @@
 #! /bin/bash
 
 # replace {release} in a sources.list template with the value of $release
-
+# replace {apt_cdn} with the value of $apt_cdn
 
 # $1 is the class name used
 # $2 is the path to the file copied
@@ -11,7 +11,13 @@ grep -q '{' $2 || exit 0
 
 if [ -z "$release" ]; then
     echo "\$release is undefined. No substitution performed in $2."
-   exit 0
+else
+    sed -i -e "s/{release}/$release/g" $2
+fi
+
+if [ -z "$apt_cdn" ]; then
+    echo "\$apt_cdn not defined. not substituting in $2."
+else
+    sed -i -e "s#{apt_cdn}#$apt_cdn#g" $2
 fi
 
-sed -i -e "s/{release}/$release/g" $2
diff --git a/fai/config/files/etc/default/grub.d/10_cloud_disable_net.ifnames.cfg/CLOUD b/fai/config/files/etc/default/grub.d/10_cloud_disable_net.ifnames.cfg/CLOUD
new file mode 100644
index 0000000..ad11d23
--- /dev/null
+++ b/fai/config/files/etc/default/grub.d/10_cloud_disable_net.ifnames.cfg/CLOUD
@@ -0,0 +1,6 @@
+# Disable systemd's network interface name management.
+# References:
+#   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863385
+#   https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
+
+GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT net.ifnames=0"
diff --git a/fai/config/files/etc/fai/apt/sources.list/FAISERVER b/fai/config/files/etc/fai/apt/sources.list/FAISERVER
index b9be0aa..4f9f2c8 100644
--- a/fai/config/files/etc/fai/apt/sources.list/FAISERVER
+++ b/fai/config/files/etc/fai/apt/sources.list/FAISERVER
@@ -1,5 +1,5 @@
-deb http://httpredir.debian.org/debian stretch main contrib non-free
-deb http://security.debian.org/debian-security stretch/updates main contrib non-free
+deb http://deb.debian.org/debian stretch main contrib non-free
+deb http://deb.debian.org/debian-security stretch/updates main contrib non-free
 
 # repository that may contain newer fai packages for stretch
 deb [trusted=yes] http://fai-project.org/download stretch koeln
diff --git a/fai/config/files/etc/fai/nfsroot.conf/FAISERVER b/fai/config/files/etc/fai/nfsroot.conf/FAISERVER
index 5d93749..13c22fb 100644
--- a/fai/config/files/etc/fai/nfsroot.conf/FAISERVER
+++ b/fai/config/files/etc/fai/nfsroot.conf/FAISERVER
@@ -1,7 +1,7 @@
 # For a detailed description see nfsroot.conf(5)
 
 # "<suite> <mirror>" for debootstrap
-FAI_DEBOOTSTRAP="stretch http://httpredir.debian.org/debian"
+FAI_DEBOOTSTRAP="stretch http://deb.debian.org/debian"
 FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1'
 
 NFSROOT=/srv/fai/nfsroot
diff --git a/fai/config/files/etc/rc.local/CLOUD b/fai/config/files/etc/rc.local/CLOUD
index a80ac39..6c2a800 100755
--- a/fai/config/files/etc/rc.local/CLOUD
+++ b/fai/config/files/etc/rc.local/CLOUD
@@ -1,7 +1,7 @@
 #! /bin/bash
 
 # regenerate ssh_host keys
-ls /etc/ssh/ssh_host_* > /dev/null
+ls /etc/ssh/ssh_host_* >/dev/null 2>&1
 if [ $? -ne 0 ]; then
     dpkg-reconfigure -fnoninteractive openssh-server
 fi
diff --git a/fai/config/files/etc/rc.local/FAISERVER b/fai/config/files/etc/rc.local/FAISERVER
index 8bbfd29..4b7b4a2 100755
--- a/fai/config/files/etc/rc.local/FAISERVER
+++ b/fai/config/files/etc/rc.local/FAISERVER
@@ -10,7 +10,7 @@ GREEN='\E[32m'
 set -o pipefail
 
 # setup network
-nic=$(grep iface /etc/network/interfaces| awk '{print $2}'|egrep -v ^lo)
+nic=$(awk '/iface/ {print $2}' /etc/network/interfaces |egrep -v ^lo)
 ifup $nic
 # regenerate ssh_host keys
 ls /etc/ssh/ssh_host_* > /dev/null
@@ -18,7 +18,7 @@ if [ $? -ne 0 ]; then
     dpkg-reconfigure -fnoninteractive openssh-server
 fi
 sleep 8
-[ -x /etc/init.d/nscd ] && /etc/init.d/nscd restart
+[ -x /etc/init.d/nscd ] && invoke-rc.d nscd restart
 
 echo "================================="
 echo "Setting up the FAI install server"
diff --git a/fai/config/hooks/savelog.LAST.sh b/fai/config/hooks/savelog.LAST.sh
index 20d41b4..0867631 100755
--- a/fai/config/hooks/savelog.LAST.sh
+++ b/fai/config/hooks/savelog.LAST.sh
@@ -118,6 +118,7 @@ asking for cache data failed
 However, I can not read the target:
 Warning: The partition table looks like it was made
 task_error=0
+task_local_error=0
 ^info: Trying to set
 warning: /usr/lib/X11/fonts
 can't read /etc/udev/rules.d/z25_persistent-net.rules
@@ -150,6 +151,7 @@ can't initialize iptables table
 can't initialize ip6tables table
 Authentication warning overridden
 41-warning.sh
+Download is performed unsandboxed as root as file
 update-alternatives: warning: skip creation of
 loop: module verification failed: signature
 Warning: apt-key output should not be parsed
@@ -160,6 +162,7 @@ update-rc.d: warning: start and stop actions are no longer supported"
 if [ -n $FAI_ALLOW_UNSIGNED ] ; then
    globalignorepatterns="$globalignorepatterns
 WARNING: untrusted versions
+WARNING: The following packages cannot be authenticated
 Ignoring these trust violations"
 fi
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
diff --git a/fai/config/package_config/DEBIAN b/fai/config/package_config/DEBIAN
index bdec0d6..d8be34d 100644
--- a/fai/config/package_config/DEBIAN
+++ b/fai/config/package_config/DEBIAN
@@ -1,3 +1,8 @@
+PACKAGES install
+# you may want these non-free kernel drivers
+#firmware-bnx2 firmware-bnx2x firmware-realtek
+#firmware-linux
+
 PACKAGES install I386
 linux-image-686-pae initramfs-tools
 memtest86+
@@ -10,6 +15,10 @@ PACKAGES install AMD64
 linux-image-amd64 initramfs-tools
 memtest86+
 
+PACKAGES install ARM64
+grub-efi-arm64
+linux-image-arm64
+
 PACKAGES install DHCPC
 isc-dhcp-client
 
@@ -24,3 +33,4 @@ lvm2
 
 PACKAGES install CLOUD
 locales-all
+unattended-upgrades
diff --git a/fai/config/package_config/FAIBASE b/fai/config/package_config/FAIBASE
index e4851b1..5b1f9b8 100644
--- a/fai/config/package_config/FAIBASE
+++ b/fai/config/package_config/FAIBASE
@@ -1,4 +1,5 @@
 PACKAGES install-norec DEBIAN
+apt-transport-https
 fai-client
 debconf-utils
 file
@@ -14,3 +15,4 @@ eject
 locales
 console-setup kbd
 pciutils usbutils
+unattended-upgrades
diff --git a/fai/config/package_config/GCE b/fai/config/package_config/GCE
index 3620ab1..14ca617 100644
--- a/fai/config/package_config/GCE
+++ b/fai/config/package_config/GCE
@@ -1,12 +1,12 @@
 PACKAGES install
 google-cloud-packages-archive-keyring
 cloud-initramfs-growroot
-cloud-utils/$release-backports
+cloud-utils
 google-cloud-sdk
 google-compute-engine-$release
 google-compute-engine-init-$release
 google-config-$release
-python-crcmod/$release-backports
+python-crcmod
 screen
 vim
 
diff --git a/fai/config/package_config/GNOME b/fai/config/package_config/GNOME
index 375aac8..df6d0a3 100644
--- a/fai/config/package_config/GNOME
+++ b/fai/config/package_config/GNOME
@@ -1,7 +1,7 @@
 PACKAGES install-norec
 
-iceweasel
-#icedove
+firefox-esr
+#thunderbird
 menu gdm3
 gnome-core
 gconf-editor
diff --git a/fai/config/package_config/XFCE b/fai/config/package_config/XFCE
index 4c32cd6..28cade9 100644
--- a/fai/config/package_config/XFCE
+++ b/fai/config/package_config/XFCE
@@ -2,4 +2,4 @@ PACKAGES install-norec
 xfce4 # base system
 xfce4-goodies # additional tools
 lightdm
-iceweasel
+firefox-esr
diff --git a/fai/config/package_config/XORG b/fai/config/package_config/XORG
index e9d68df..0dcc624 100644
--- a/fai/config/package_config/XORG
+++ b/fai/config/package_config/XORG
@@ -5,6 +5,3 @@ xscreensaver
 xscreensaver-gl
 xterm
 desktop-base
-
-# add free and non-free firmware
-#firmware-linux
diff --git a/fai/config/scripts/CLOUD/10-network b/fai/config/scripts/CLOUD/10-network
new file mode 100755
index 0000000..3406ccc
--- /dev/null
+++ b/fai/config/scripts/CLOUD/10-network
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
+
+# Disable systemd's network interface name management.
+# References:
+#   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863385
+#   https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
+
+fcopy -M /etc/default/grub.d/10_cloud_disable_net.ifnames.cfg
+$ROOTCMD update-grub
diff --git a/fai/config/scripts/CLOUD/99-cleanup b/fai/config/scripts/CLOUD/99-cleanup
index 35a104c..4580988 100755
--- a/fai/config/scripts/CLOUD/99-cleanup
+++ b/fai/config/scripts/CLOUD/99-cleanup
@@ -11,7 +11,14 @@ ainsl /etc/ssh/sshd_config 'ClientAliveInterval 120'
 ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist pcspkr'
 ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist floppy'
 
-rm -f $target/etc/resolv.conf $target/etc/udev/rules.d/70-persistent-net.rules $target/lib/udev/write_net_rules
+rm -f $target/etc/resolv.conf \
+      $target/etc/udev/rules.d/70-persistent-net.rules \
+      $target/lib/udev/write_net_rules \
+      $target/etc/mailname \
+      $target/var/lib/dbus/machine-id
+
+> $target/etc/machine-id
+
 shred --remove $target/etc/ssh/ssh_host_*
 
 # FIXME: DHCP RFC3442 is used incorrect in Azure
diff --git a/fai/config/scripts/DEBIAN/40-misc b/fai/config/scripts/DEBIAN/40-misc
index 8308bbe..78773f3 100755
--- a/fai/config/scripts/DEBIAN/40-misc
+++ b/fai/config/scripts/DEBIAN/40-misc
@@ -28,7 +28,12 @@ elif [ -f $target/lib/systemd/system/getty@.service ]; then
     sed -i -e 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' $target/lib/systemd/system/getty@.service
 fi
 
-if [ ! -f $target/etc/machine-id -a -f $target/bin/systemd-machine-id-setup ]; then
+# make sure a machine-id exists
+if [ ! -f $target/etc/machine-id ]; then
+    > $target/etc/machine-id
+fi
+# recreate machine-id if the file is empty
+if [ X"$(stat -c '%s' $target/etc/machine-id 2>/dev/null)"  = X0 -a -f /bin/systemd-machine-id-setup ]; then
     $ROOTCMD systemd-machine-id-setup
 fi
 
diff --git a/fai/config/scripts/GRUB_EFI/10-setup b/fai/config/scripts/GRUB_EFI/10-setup
index 2e39e2f..3e610ad 100755
--- a/fai/config/scripts/GRUB_EFI/10-setup
+++ b/fai/config/scripts/GRUB_EFI/10-setup
@@ -33,7 +33,6 @@ if [ $FAI_ACTION != "install" ]; then
     exit $error
 fi
 
-$ROOTCMD grub-mkdevicemap --no-floppy
 GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE)
 
 
@@ -47,14 +46,10 @@ if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then
     done
 
 elif [[ $GROOT =~ 'hostdisk' ]]; then
-    cat > $target/boot/grub/device.map <<EOF
-(hd0)   $BOOT_DEVICE
-EOF
     $ROOTCMD grub-install --no-floppy --force-extra-removable --modules=part_gpt --no-nvram $BOOT_DEVICE
     if [ $? -eq 0 ]; then
         echo "Grub installed on hostdisk $BOOT_DEVICE"
     fi
-    rm $target/boot/grub/device.map
 
 else
     $ROOTCMD grub-install --no-floppy --modules=part_gpt "$GROOT"
diff --git a/fai/config/scripts/GRUB_PC/10-setup b/fai/config/scripts/GRUB_PC/10-setup
index 7a04760..c19d4fa 100755
--- a/fai/config/scripts/GRUB_PC/10-setup
+++ b/fai/config/scripts/GRUB_PC/10-setup
@@ -25,7 +25,6 @@ if [ $FAI_ACTION != "install" ]; then
     exit $error
 fi
 
-$ROOTCMD grub-mkdevicemap --no-floppy
 GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE)
 
 
@@ -39,14 +38,10 @@ if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then
     done
 
 elif [[ $GROOT =~ 'hostdisk' ]]; then
-    cat > $target/boot/grub/device.map <<EOF
-(hd0)   $BOOT_DEVICE
-EOF
     $ROOTCMD grub-install --no-floppy --modules=part_msdos $BOOT_DEVICE
     if [ $? -eq 0 ]; then
         echo "Grub installed on hostdisk $BOOT_DEVICE"
     fi
-    rm $target/boot/grub/device.map
 
 else
     $ROOTCMD grub-install --no-floppy "$GROOT"
diff --git a/fai/config/scripts/LAST/50-misc b/fai/config/scripts/LAST/50-misc
index aa4c198..8ae015c 100755
--- a/fai/config/scripts/LAST/50-misc
+++ b/fai/config/scripts/LAST/50-misc
@@ -46,13 +46,15 @@ fi
 
 # Make sure everything is configured properly
 if ifclass DEBIAN ; then
-        echo "Running \"apt-get -f install\" for the last time."
         $ROOTCMD apt-get -f install
 fi
 
 if [ $FAI_ACTION = "install" ]; then
     lskernels=$(echo $target/boot/vmlinu*)
-    [ -f ${lskernels%% *} ] || echo "ERROR: No kernel was installed. Have a look at shell.log" >&2
+    if [ ! -f ${lskernels%% *} ]; then
+	echo "ERROR: No kernel was installed. Have a look at shell.log" >&2
+	error=1
+    fi
 fi
 
 # copy sources.list
@@ -77,17 +79,21 @@ setrel() {
 	    break
 	fi
     done
-    echo "\$release set to $release"
 }
 
 # if installation was done from CD, replace useless sources.list
 setrel
 if [ -f $target/etc/apt/sources.list -a -n "$release" ]; then
     grep -q 'file generated by fai-cd' $target/etc/apt/sources.list && cat <<EOF > $target/etc/apt/sources.list
-deb http://httpredir.debian.org/debian $release main contrib non-free
-deb http://httpredir.debian.org/debian-security $release/updates main contrib non-free
+deb $apt_cdn/debian $release main contrib non-free
+deb $apt_cdn/debian-security $release/updates main contrib non-free
 deb [trusted=yes] http://fai-project.org/download $release koeln
 EOF
 fi
 
+# for ARM architecture, we may need the kernel and initrd to boot or flash the device
+if ifclass ARM64; then
+    cp -pv $target/boot/vmlinuz* $target/boot/initrd* $LOGDIR
+fi
+
 exit $error
-- 
2.30.2