From 0947190df0781e70eb1c5b6d98529a4caa96f095 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Wed, 27 Dec 2023 16:13:27 -0500 Subject: [PATCH 01/16] file rename --- wrt-init | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wrt-init b/wrt-init index 0df2e12..c222a5c 100755 --- a/wrt-init +++ b/wrt-init @@ -14,9 +14,9 @@ if ! opkg list-installed|grep bash; then opkg install bash fi -if [ -f /root/err ]; then +if [ -f /root/bash-bear ]; then mkdir -p /usr/local/lib - mv /root/err /usr/local/lib + mv /root/bash-bear /usr/local/lib fi # this isnt used anymore -- 2.30.2 From d8024901625ccaec69197c28a7c6db34cc7ce616 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Sun, 14 Apr 2024 16:54:40 -0400 Subject: [PATCH 02/16] ip config changes, do kernel upgrades --- fai-redep | 2 +- fai/config/scripts/IANK/11-iank | 72 ++++++++++++++++++++++++--------- wrt-setup-local | 26 ++++++++---- 3 files changed, 73 insertions(+), 27 deletions(-) diff --git a/fai-redep b/fai-redep index de195d5..5e08b2f 100755 --- a/fai-redep +++ b/fai-redep @@ -76,7 +76,7 @@ install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD -m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /a/opt/btrfs-progs-release/btrfs-progs-v6.3.2 "${rpre[@]}"/srv +m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /a/opt/btrfs-progs-release "${rpre[@]}"/srv # todo: automatically disable faiserver after a period so # these files are not available. diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index 0b8d6c5..1aa9740 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -19,8 +19,11 @@ if [[ -e /a/bin/fai/fai-wrapper ]]; then } fi -if [[ $FAI_ROOT != / ]]; then - bprogs_pre=/srv +if [[ $FAI_ROOT == / ]]; then + source /a/bin/bash_unpublished/source-state + bprogs_dir=/a/opt/btrfs-progs-release +else + bprogs_dir=/srv/btrfs-progs-release chroot="chroot $FAI_ROOT" fi @@ -117,7 +120,7 @@ systemctl enable myncq.service /usr/bin/myncq no-upgrub EOFOUTER - ;; + ;;& # per rubens suggestion to make a d16 more stable kd|kw) cmdline+=" pci=realloc=off" ;; esac @@ -205,21 +208,33 @@ EOF fi -# for btrfs bug reporting, install latest kernel and btrfs progs, as of -# 2023-07-21 +# for new btrfs features, get latest stable kernel and btrfs progs, +# update ver= as needed. case $HOSTNAME in sy) mkdir -p $FAI_ROOT/tmp/kernel-debs + files=($FAI_ROOT/tmp/kernel-debs/*) + if (( ${#files[@]} >= 1 )); then + rm -rf "${files[@]}" + fi cd $FAI_ROOT/tmp/kernel-debs - va=6.4.3 - vb=$va-060403 - vc=${vb}.202307110536 - pre="https://kernel.ubuntu.com/~kernel-ppa/mainline/v$va/amd64/linux-" - if ! dpkg -s -- linux-headers-${vb} 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then - urls=( - ${pre}headers-${vb}_${vc}_all.deb - ${pre}{headers,image-unsigned,modules}-${vb}-generic_${vc}_amd64.deb - ) + ver='6\.6' + va=$(curl -s https://kernel.ubuntu.com/mainline/ | \ + sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ + grep -v -- -rc | sed 's/^v//' | grep "^$ver" | sort -V | tail -n1) + + # note the wiki page about these says to install linux-headers.*generic.*amd64, but + # as of 2024, they have a requirement of a very new glibc, and people report + # that installing it is not needed. + pkgs=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' ) + + urls=() + for p in $pkgs; do + if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then + urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p) + fi + done + if (( ${#urls[@]} >= 1 )); then wget "${urls[@]}" $chroot bash </dev/null | awk '{print $2}') ||: +if [[ $ver != "$cur_ver" ]]; then + if [[ $HOST2 == $HOSTNAME && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then + rm -rf $bprogs_dir + cd /tmp + wget $url + sudo -u iank tar xzf $tarball + mv ${tarball%.tar.gz} $bprogs_dir + cd $bprogs_dir + apt-get -y build-dep btrfs-progs + sudo -u iank ./configure --disable-documentation + sudo -u iank make + make install + else + $chroot bash -xe < Date: Sun, 14 Apr 2024 16:55:03 -0400 Subject: [PATCH 03/16] add new deb sources --- .../bookworm.list/BOOKWORM_NONFREE | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 fai/config/files/etc/apt/sources.list.d/bookworm.list/BOOKWORM_NONFREE diff --git a/fai/config/files/etc/apt/sources.list.d/bookworm.list/BOOKWORM_NONFREE b/fai/config/files/etc/apt/sources.list.d/bookworm.list/BOOKWORM_NONFREE new file mode 100644 index 0000000..4c15072 --- /dev/null +++ b/fai/config/files/etc/apt/sources.list.d/bookworm.list/BOOKWORM_NONFREE @@ -0,0 +1,17 @@ +deb http://http.us.debian.org/debian bookworm main contrib non-free +deb-src http://http.us.debian.org/debian bookworm main contrib non-free + +deb http://security.debian.org/ bookworm-security main contrib non-free +deb-src http://security.debian.org/ bookworm-security main contrib non-free + +deb http://http.us.debian.org/debian bookworm-updates main contrib non-free +deb-src http://http.us.debian.org/debian bookworm-updates main contrib non-free + +deb http://http.debian.net/debian bookworm-backports main contrib non-free +deb-src http://http.debian.net/debian bookworm-backports main contrib non-free + +deb http://http.us.debian.org/debian unstable main contrib non-free +deb-src http://http.us.debian.org/debian unstable main contrib non-free + +deb http://http.us.debian.org/debian experimental main +deb-src http://http.us.debian.org/debian experimental main -- 2.30.2 From 839b3cf02ad7e8900b3d685d54449f11e7b60b60 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Wed, 17 Apr 2024 22:19:50 -0400 Subject: [PATCH 04/16] more complete copyright notices --- README | 17 +++++++++++++++++ encrypt | 7 +++++++ encrypt.upstream | 4 ++++ fai/config/distro-install-common/devbyid | 16 ++++++++++++++++ myfai-chboot | 16 ++++++++++++++++ myfai-chboot-local | 17 +++++++++++++++++ mymk-basefile | 16 ++++++++++++++++ wrt-init | 17 +++++++++++++++++ wrt-setup-local | 4 ++-- 9 files changed, 112 insertions(+), 2 deletions(-) diff --git a/README b/README index 5d8a7c2..da28e4e 100644 --- a/README +++ b/README @@ -1,3 +1,20 @@ +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + PXE install w multi-boot, btrfs & Libreboot support Some things are specific to my home network, and uses files with secrets diff --git a/encrypt b/encrypt index 89cc95f..9f80d34 100644 --- a/encrypt +++ b/encrypt @@ -1,4 +1,11 @@ #!/usr/bin/ash + +# This file is a modification of the file encrypt in cryptsetup package +# in arch. The original version is encrypt.upstream in the repo at +# https://iankelling.org/git/?p=automated-distro-installer. It did not +# come with a license notice in the file, but I remember that it is +# GPLv2-or-later. + run_hook() { set -x echo $0 diff --git a/encrypt.upstream b/encrypt.upstream index 819c4cf..39c8f16 100644 --- a/encrypt.upstream +++ b/encrypt.upstream @@ -1,5 +1,9 @@ #!/usr/bin/ash +# This file is from the cryptsetup package in arch. The only +# modification is this comment. It did not come with a license notice in +# the file, but I remember that it is GPLv2-or-later. + run_hook() { modprobe -a -q dm-crypt >/dev/null 2>&1 [ "${quiet}" = "y" ] && CSQUIET=">/dev/null" diff --git a/fai/config/distro-install-common/devbyid b/fai/config/distro-install-common/devbyid index af97643..733b840 100755 --- a/fai/config/distro-install-common/devbyid +++ b/fai/config/distro-install-common/devbyid @@ -1,4 +1,20 @@ #!/bin/bash +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # input eg: /dev/sda1 or /dev/sda # output: /dev/disk/by-id/model+serial, or if no link exists, the same as input diff --git a/myfai-chboot b/myfai-chboot index 308b1c7..743859a 100755 --- a/myfai-chboot +++ b/myfai-chboot @@ -1,4 +1,20 @@ #!/bin/bash +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR diff --git a/myfai-chboot-local b/myfai-chboot-local index c631d56..4cef9a5 100755 --- a/myfai-chboot-local +++ b/myfai-chboot-local @@ -1,4 +1,21 @@ #!/bin/bash +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + # note, this script gets piped to bash, so cant cd to current dir [[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@" diff --git a/mymk-basefile b/mymk-basefile index 3aef5b5..62f2924 100755 --- a/mymk-basefile +++ b/mymk-basefile @@ -1,4 +1,20 @@ #!/bin/bash +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. x="$(readlink -f "$BASH_SOURCE")"; source "${x%/*}/bash-trace" script_dir="${x%/*}" diff --git a/wrt-init b/wrt-init index c222a5c..45425b6 100755 --- a/wrt-init +++ b/wrt-init @@ -1,4 +1,21 @@ #!/bin/sh +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + set -xe # librecmc 1.5.1 is missing nfs-kernel-server and screen source /etc/os-release diff --git a/wrt-setup-local b/wrt-setup-local index d9f11ab..a5fd911 100755 --- a/wrt-setup-local +++ b/wrt-setup-local @@ -876,7 +876,7 @@ config redirect option src wan option src_dport 80 option dest lan - option dest_ip $l.12 + option dest_ip $l.7 option proto tcp config rule option src wan @@ -889,7 +889,7 @@ config redirect option src wan option src_dport 443 option dest lan - option dest_ip $l.12 + option dest_ip $l.7 option proto tcp config rule option src wan -- 2.30.2 From 8bb06901ce000f76dafc73288e1fe47c3032e4af Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Wed, 17 Apr 2024 22:29:57 -0400 Subject: [PATCH 05/16] more complete copyright notices --- fai/config/scripts/DEBIAN/11-iank | 16 ++++++++++++++++ fai/config/scripts/FSF/11-iank | 16 ++++++++++++++++ fai/config/scripts/IANK/11-iank | 16 ++++++++++++++++ 3 files changed, 48 insertions(+) diff --git a/fai/config/scripts/DEBIAN/11-iank b/fai/config/scripts/DEBIAN/11-iank index 119f354..69b9afe 100755 --- a/fai/config/scripts/DEBIAN/11-iank +++ b/fai/config/scripts/DEBIAN/11-iank @@ -1,4 +1,20 @@ #!/bin/bash -x +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR diff --git a/fai/config/scripts/FSF/11-iank b/fai/config/scripts/FSF/11-iank index 8a33d6f..08a7171 100755 --- a/fai/config/scripts/FSF/11-iank +++ b/fai/config/scripts/FSF/11-iank @@ -1,4 +1,20 @@ #!/bin/bash -x +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index 1aa9740..9879863 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -1,4 +1,20 @@ #!/bin/bash -x +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR -- 2.30.2 From a15c2ba88789fd9a37bd5a860fda1b3877999421 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Wed, 17 Apr 2024 22:58:40 -0400 Subject: [PATCH 06/16] split out stable kernel install into separate script --- .../install-stable-kernel-debs | 56 +++++++++++++++++++ fai/config/scripts/IANK/11-iank | 36 ++---------- 2 files changed, 61 insertions(+), 31 deletions(-) create mode 100755 fai/config/distro-install-common/install-stable-kernel-debs diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-stable-kernel-debs new file mode 100755 index 0000000..8377490 --- /dev/null +++ b/fai/config/distro-install-common/install-stable-kernel-debs @@ -0,0 +1,56 @@ +#!/bin/bash -x +# This file is part of Ian Kelling's automated-distro-installer +# Copyright (C) 2024 Ian Kelling + +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + +tmpdir=$(mktemp -d) || exit +trap 'cd; rm -rf "$tmpdir"' EXIT +cd $tmpdir + +# update ver= when we are ready to jump to a new stable kernel. +# note: this is duplicated in 11-iank. +# Stable kernels are listed here: https://www.kernel.org/category/releases.html +ver='6\.6' +va=$(curl -s https://kernel.ubuntu.com/mainline/ | \ + sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ + grep -v -- -rc | sed 's/^v//' | grep "^$ver" | sort -V | tail -n1) + +# note the wiki page about these says to install linux-headers.*generic.*amd64, but +# as of 2024, they have a requirement of a very new glibc, and people report +# that installing it is not needed. +tmpstr=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' ) +mapfile -t pkgs <<<"$tmpstr" + +if (( ${#pkgs[@]} != 3 )); then + echo "$0: error. expected to find 3 kernel packages, got: ${pkgs[*]}" >&2 + exit 1 +fi + +urls=() +for p in ${pkgs[@]}; do + if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then + urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p) + fi +done +if (( ${#urls[@]} >= 1 )); then + wget "${urls[@]}" + dpkg -i *.deb +fi diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index 9879863..6c9c9bf 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -225,38 +225,12 @@ EOF fi # for new btrfs features, get latest stable kernel and btrfs progs, -# update ver= as needed. +# update ver= when we are ready to jump to a new stable kernel. +# note: this is duplicated in install-stable-kernel-debs. +ver='6\.6' case $HOSTNAME in sy) - mkdir -p $FAI_ROOT/tmp/kernel-debs - files=($FAI_ROOT/tmp/kernel-debs/*) - if (( ${#files[@]} >= 1 )); then - rm -rf "${files[@]}" - fi - cd $FAI_ROOT/tmp/kernel-debs - ver='6\.6' - va=$(curl -s https://kernel.ubuntu.com/mainline/ | \ - sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ - grep -v -- -rc | sed 's/^v//' | grep "^$ver" | sort -V | tail -n1) - - # note the wiki page about these says to install linux-headers.*generic.*amd64, but - # as of 2024, they have a requirement of a very new glibc, and people report - # that installing it is not needed. - pkgs=$(curl -s https://kernel.ubuntu.com/mainline/v$va/amd64/CHECKSUMS | awk '$2 ~ /^linux-/ { print $2 }' | sort -u | grep -iv 'linux-headers.*generic.*amd64' ) - - urls=() - for p in $pkgs; do - if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then - urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p) - fi - done - if (( ${#urls[@]} >= 1 )); then - wget "${urls[@]}" - $chroot bash </dev/null | awk '{print $2}') ||: if [[ $ver != "$cur_ver" ]]; then - if [[ $HOST2 == $HOSTNAME && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then + if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then rm -rf $bprogs_dir cd /tmp wget $url -- 2.30.2 From 3689844021231feed124fc02f46d66f11e0e4a67 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Thu, 18 Apr 2024 02:13:24 -0400 Subject: [PATCH 07/16] fix regression --- fai/config/scripts/IANK/11-iank | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index 6c9c9bf..0c26e52 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -230,7 +230,7 @@ fi ver='6\.6' case $HOSTNAME in sy) - ./fai/config/distro-install-common/install-stable-kernel-debs + $FAI/distro-install-common/install-stable-kernel-debs ;; *) $chroot apt-get -y install linux-libre -- 2.30.2 From 8716af32fa1f2822286917a1acf399d80df824be Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Thu, 18 Apr 2024 08:12:32 -0400 Subject: [PATCH 08/16] use latest btrfs-progs to match linux-libre --- .../distro-install-common/install-stable-kernel-debs | 9 ++++----- fai/config/scripts/IANK/11-iank | 8 ++------ 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-stable-kernel-debs index 8377490..c024796 100755 --- a/fai/config/distro-install-common/install-stable-kernel-debs +++ b/fai/config/distro-install-common/install-stable-kernel-debs @@ -25,13 +25,12 @@ tmpdir=$(mktemp -d) || exit trap 'cd; rm -rf "$tmpdir"' EXIT cd $tmpdir -# update ver= when we are ready to jump to a new stable kernel. -# note: this is duplicated in 11-iank. +# update stable_ver when we are ready to jump to a new stable kernel. # Stable kernels are listed here: https://www.kernel.org/category/releases.html -ver='6\.6' +stable_ver='6\.6' va=$(curl -s https://kernel.ubuntu.com/mainline/ | \ sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ - grep -v -- -rc | sed 's/^v//' | grep "^$ver" | sort -V | tail -n1) + grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1) # note the wiki page about these says to install linux-headers.*generic.*amd64, but # as of 2024, they have a requirement of a very new glibc, and people report @@ -52,5 +51,5 @@ for p in ${pkgs[@]}; do done if (( ${#urls[@]} >= 1 )); then wget "${urls[@]}" - dpkg -i *.deb + dpkg -i ./*.deb fi diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index 0c26e52..6efc767 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -224,10 +224,6 @@ EOF fi -# for new btrfs features, get latest stable kernel and btrfs progs, -# update ver= when we are ready to jump to a new stable kernel. -# note: this is duplicated in install-stable-kernel-debs. -ver='6\.6' case $HOSTNAME in sy) $FAI/distro-install-common/install-stable-kernel-debs @@ -239,10 +235,10 @@ esac pre=https://mirrors.edge.kernel.org/pub/linux/kernel/people/kdave/btrfs-progs tarball=$(curl -s $pre/sha256sums.asc \ - | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v${ver}.*gz\$" | sort -V | tail -n1) + | awk '$2 ~ /^btrfs-progs-v/ { print $2 }' | grep -v -- -rc | grep "^btrfs-progs-v.*gz\$" | sort -V | tail -n1) url="$pre/$tarball" dir=${tarball%.tar.gz} -ver=${dir#btrfs-progs} +ver=${dir#btrfs-progs-} cur_ver=$(btrfs --version 2>/dev/null | awk '{print $2}') ||: if [[ $ver != "$cur_ver" ]]; then if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then -- 2.30.2 From 55a745005e7af1e3633b286d5ac1a28ba4fac6ce Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 22 Apr 2024 00:28:22 -0400 Subject: [PATCH 09/16] unify dns related config, change some dns settings --- wrt-setup | 2 +- wrt-setup-local | 107 ++++-------------------------------------------- 2 files changed, 10 insertions(+), 99 deletions(-) diff --git a/wrt-setup b/wrt-setup index 83b1c76..7b549ae 100755 --- a/wrt-setup +++ b/wrt-setup @@ -77,7 +77,7 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-loc #/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \ scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \ - /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /b/ds/ptr-data /b/bash-bear-trap/bash-bear $h: + /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/ptr-data /p/dnsmasq-data /b/bash-bear-trap/bash-bear $h: scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@" diff --git a/wrt-setup-local b/wrt-setup-local index a5fd911..aabfca3 100755 --- a/wrt-setup-local +++ b/wrt-setup-local @@ -684,20 +684,6 @@ config rule option target ACCEPT option dest_port 9091 - -config redirect - option name nagioskd - option src wan - option src_dport 3005 - option dest_port 3005 - option dest_ip $l.2 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 3005 - - config redirect option name sshkd option src wan @@ -761,24 +747,12 @@ config rule option target ACCEPT option dest_port 2207 -config redirect - option name sshtp - option src wan - option src_dport 2208 - option dest_port 22 - option dest_ip $l.8 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 2208 - config redirect option name sshbb8 option src wan option src_dport 2209 option dest_port 22 - option dest_ip $l.9 + option dest_ip $l.32 option dest lan config rule option src wan @@ -796,7 +770,7 @@ config redirect config rule option src wan option target ACCEPT - option dest_port 2228 + option dest_port 2234 config redirect @@ -1113,32 +1087,13 @@ EOF # https dns will need to be blocked by ip in # order to be comprehensive + cedit /etc/unbound/unbound_ext.conf < Date: Mon, 22 Apr 2024 12:00:34 -0400 Subject: [PATCH 10/16] update file path --- wrt-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wrt-setup b/wrt-setup index 7b549ae..ec91ed7 100755 --- a/wrt-setup +++ b/wrt-setup @@ -77,7 +77,7 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-loc #/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \ scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \ - /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/ptr-data /p/dnsmasq-data /b/bash-bear-trap/bash-bear $h: + /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/dnsmasq-data /b/bash-bear-trap/bash-bear $h: scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@" -- 2.30.2 From 314427781d140b925797ca3a85e7aebeb600f24d Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 22 Apr 2024 12:00:57 -0400 Subject: [PATCH 11/16] prepare for new host --- fai/config/hooks/partition.DEFAULT | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT index 9adaa76..63235f1 100755 --- a/fai/config/hooks/partition.DEFAULT +++ b/fai/config/hooks/partition.DEFAULT @@ -180,7 +180,7 @@ bpart() { # btrfs a partition zilap() { case $HOSTNAME in - sy|bo) + sy|bo|so) return 0 ;; esac -- 2.30.2 From 936324619541130f4ab07bd4633f48eb81812613 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 22 Apr 2024 12:01:10 -0400 Subject: [PATCH 12/16] further bookworm support --- fai-revm | 2 +- fai/config/class/FAIBASE.var | 2 +- fai/config/distro-install-common/end | 2 +- .../distro-install-common/libreboot_grub.cfg | 6 +- .../files/etc/fai/nfsroot.conf/FAISERVER | 2 +- .../faicheck.service/VOL_BOOKWORM_BOOTSTRAP | 1 + .../root/fai-check/VOL_BOOKWORM_BOOTSTRAP | 128 +++++++++++++++++ .../root/fai-check/VOL_BULLSEYE_BOOTSTRAP | 129 +----------------- fai/config/hooks/instsoft.DEFAULT | 2 +- fai/config/hooks/partition.DEFAULT | 10 +- fai/config/package_config/DEBIAN | 2 +- fai/config/scripts/IANK/11-iank | 2 +- faiserver-setup | 6 +- mymk-basefile | 1 + 14 files changed, 150 insertions(+), 145 deletions(-) create mode 120000 fai/config/files/etc/systemd/system/faicheck.service/VOL_BOOKWORM_BOOTSTRAP create mode 100755 fai/config/files/root/fai-check/VOL_BOOKWORM_BOOTSTRAP mode change 100755 => 120000 fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP diff --git a/fai-revm b/fai-revm index 8bfb970..050ecda 100755 --- a/fai-revm +++ b/fai-revm @@ -140,7 +140,7 @@ else BASEFILE_DIR=/tmp fi isopath=$BASEFILE_DIR/$iso - isosrc=$BASEFILE_DIR/BULLSEYE64.tar.gz + isosrc=$BASEFILE_DIR/BOOKWORM64.tar.gz if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then e fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath fi diff --git a/fai/config/class/FAIBASE.var b/fai/config/class/FAIBASE.var index dabfb06..34d95ac 100644 --- a/fai/config/class/FAIBASE.var +++ b/fai/config/class/FAIBASE.var @@ -21,4 +21,4 @@ MAXPACKAGES=800 #USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' # set a default -FAI_DEBOOTSTRAP="bullseye http://deb.debian.org/debian" +FAI_DEBOOTSTRAP="bookworm http://deb.debian.org/debian" diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index 8ad84c9..f9a0840 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -32,7 +32,7 @@ au() { # add user. i don't use adduser for portability # only setup root pass for bootstrap vol -if ifclass VOL_BULLSEYE_BOOTSTRAP; then +if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then exit 0 fi diff --git a/fai/config/distro-install-common/libreboot_grub.cfg b/fai/config/distro-install-common/libreboot_grub.cfg index d9dde28..5f4d722 100644 --- a/fai/config/distro-install-common/libreboot_grub.cfg +++ b/fai/config/distro-install-common/libreboot_grub.cfg @@ -14,7 +14,7 @@ function save_chosen { } # fai_check is so we can act like a pxe boot, but just for fai, and by -# using /bullseye_bootstrap to do it. We toggle on and off the grub var +# using /bookworm_bootstrap to do it. We toggle on and off the grub var # did_fai_check so we can do the check every other boot. Then # /debian_bootstrap checks for that var on boot and if we want to do a # fai check, it does it, then reboots. But fai-check also sets @@ -25,7 +25,7 @@ function save_chosen { # We don't set this to fai check so we can't get into # an infinite reboot cycle. We depend on the os to # create the initial grubenv file. -set default=/debianbullseye_bootstrap # could use 0 here. +set default=/debianbookworm_bootstrap # could use 0 here. set timeout=1 # grub_extn @@ -44,7 +44,7 @@ done did_fai_check=false -bs_dir=/debianbullseye_bootstrap +bs_dir=/debianbookworm_bootstrap menuentry $bs_dir --id=$bs_dir { # note, we might be able to use $chosen and avoid setting this here, # and set it inside save_chosen. but I haven't tested it, diff --git a/fai/config/files/etc/fai/nfsroot.conf/FAISERVER b/fai/config/files/etc/fai/nfsroot.conf/FAISERVER index 72491fd..e176a6d 100644 --- a/fai/config/files/etc/fai/nfsroot.conf/FAISERVER +++ b/fai/config/files/etc/fai/nfsroot.conf/FAISERVER @@ -1,7 +1,7 @@ # For a detailed description see nfsroot.conf(5) # " " for debootstrap -FAI_DEBOOTSTRAP="bullseye http://deb.debian.org/debian" +FAI_DEBOOTSTRAP="bookworm http://deb.debian.org/debian" FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' NFSROOT=/srv/fai/nfsroot diff --git a/fai/config/files/etc/systemd/system/faicheck.service/VOL_BOOKWORM_BOOTSTRAP b/fai/config/files/etc/systemd/system/faicheck.service/VOL_BOOKWORM_BOOTSTRAP new file mode 120000 index 0000000..82dea76 --- /dev/null +++ b/fai/config/files/etc/systemd/system/faicheck.service/VOL_BOOKWORM_BOOTSTRAP @@ -0,0 +1 @@ +VOL_BULLSEYE_BOOTSTRAP \ No newline at end of file diff --git a/fai/config/files/root/fai-check/VOL_BOOKWORM_BOOTSTRAP b/fai/config/files/root/fai-check/VOL_BOOKWORM_BOOTSTRAP new file mode 100755 index 0000000..ebbedbe --- /dev/null +++ b/fai/config/files/root/fai-check/VOL_BOOKWORM_BOOTSTRAP @@ -0,0 +1,128 @@ +#!/bin/bash + +set -eE -o pipefail +trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR + +#set -x + +usage() { + cat < deadline )); then + echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout" + return 0 + fi + sleep 1 + done + m pxe-kexec -n --ignore-whitelist -l fai-generated $faiserver ||: +} + +force=false +case $1 in + -h|--help) + usage + ;; + -f|--force) + force=true + shift + ;; +esac + +faiserver=${1:-faiserver.b8.nz} + + +if $force; then + try-kexec + exit +fi + +# on one machine, I could do this: +# dmidecode -t system | grep -F "Version: ThinkPad X200" +# however, on another, the version field just says invalid data. +# todo: figure out some better way to check if we are on +# an x200. + +if ! dmidecode | grep -i thinkpad &>/dev/null; then + echo "not x200, exiting" + exit 0 +fi + +first=true +for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \ + |sort); do + echo dev=$dev + found=false + # Decide which is my grub_ext partition. see partition.DEFAULT file + # for details. currently it is 4 + for (( i=4; i<=7; i++ )); do + if [[ $(blockdev --getsize64 ${dev}$i) == 8388608 ]]; then + grub_extn=${dev}$i + found=true + echo grub_extn=$grub_extn + break + fi + done + if ! $found; then + echo "$0: error: failed to find grub_ext partition." + exit 1 + fi + m mount $grub_extn /mnt + if $first; then + if [[ -e /mnt/grubenv ]]; then + m grub-editenv /mnt/grubenv list + source <(grub-editenv /mnt/grubenv list) + fi + first=false + # we could just as well check if last_boot != /debianbullseye_bootstrap + # the intent with this one is just a little clearer. + if [[ $did_fai_check == true ]]; then + m grub-editenv /mnt/grubenv set did_fai_check=os_true + # our service does not wait for network-online.target, + # because it will wait for too long when we don't have a network + # connection. So, we wait for 10 seconds. + # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ + try-kexec ||: + fi + else + # we make sure there is only 1 grubenv, + # so grub can just find the first one, in whatever order + # if looks at them, which may not be the same as us. + # If the disk dies, we just lose the default boot option, + # we will have to do manual steps to replace it anyways. + m rm -f /mnt/gruvenv + fi + m umount /mnt +done + +# the check for last_boot is not needed afaik, just sanity check. +case $did_fai_check in + true|os_true) + if [[ $last_boot != /debian*_bootstrap ]]; then + # no need to reboot if we actually want to boot into this os. + echo "last_boot=$last_boot not debian*_bootstrap, rebooting" + reboot + fi +esac diff --git a/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP b/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP deleted file mode 100755 index 34f682f..0000000 --- a/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP +++ /dev/null @@ -1,128 +0,0 @@ -#!/bin/bash - -set -eE -o pipefail -trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR - -#set -x - -usage() { - cat < deadline )); then - echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout" - return 0 - fi - sleep 1 - done - m pxe-kexec -n --ignore-whitelist -l fai-generated $faiserver ||: -} - -force=false -case $1 in - -h|--help) - usage - ;; - -f|--force) - force=true - shift - ;; -esac - -faiserver=${1:-faiserver.b8.nz} - - -if $force; then - try-kexec - exit -fi - -# on one machine, I could do this: -# dmidecode -t system | grep -F "Version: ThinkPad X200" -# however, on another, the version field just says invalid data. -# todo: figure out some better way to check if we are on -# an x200. - -if ! dmidecode | grep -i thinkpad &>/dev/null; then - echo "not x200, exiting" - exit 0 -fi - -first=true -for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \ - |sort); do - echo dev=$dev - found=false - # Decide which is my grub_ext partition. see partition.DEFAULT file - # for details. currently it is 4 - for (( i=4; i<=7; i++ )); do - if [[ $(blockdev --getsize64 ${dev}$i) == 8388608 ]]; then - grub_extn=${dev}$i - found=true - echo grub_extn=$grub_extn - break - fi - done - if ! $found; then - echo "$0: error: failed to find grub_ext partition." - exit 1 - fi - m mount $grub_extn /mnt - if $first; then - if [[ -e /mnt/grubenv ]]; then - m grub-editenv /mnt/grubenv list - source <(grub-editenv /mnt/grubenv list) - fi - first=false - # we could just as well check if last_boot != /debianbullseye_bootstrap - # the intent with this one is just a little clearer. - if [[ $did_fai_check == true ]]; then - m grub-editenv /mnt/grubenv set did_fai_check=os_true - # our service does not wait for network-online.target, - # because it will wait for too long when we don't have a network - # connection. So, we wait for 10 seconds. - # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ - try-kexec ||: - fi - else - # we make sure there is only 1 grubenv, - # so grub can just find the first one, in whatever order - # if looks at them, which may not be the same as us. - # If the disk dies, we just lose the default boot option, - # we will have to do manual steps to replace it anyways. - m rm -f /mnt/gruvenv - fi - m umount /mnt -done - -# the check for last_boot is not needed afaik, just sanity check. -case $did_fai_check in - true|os_true) - if [[ $last_boot != /debianbullseye_bootstrap ]]; then - # no need to reboot if we actually want to boot into this os. - echo "last_boot not debianbullseye_bootstrap, rebooting" - reboot - fi -esac diff --git a/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP b/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP new file mode 120000 index 0000000..18c54eb --- /dev/null +++ b/fai/config/files/root/fai-check/VOL_BULLSEYE_BOOTSTRAP @@ -0,0 +1 @@ +VOL_BOOKWORM_BOOTSTRAP \ No newline at end of file diff --git a/fai/config/hooks/instsoft.DEFAULT b/fai/config/hooks/instsoft.DEFAULT index 3bf0f62..42f9739 100755 --- a/fai/config/hooks/instsoft.DEFAULT +++ b/fai/config/hooks/instsoft.DEFAULT @@ -3,7 +3,7 @@ # These are things we can do before package_config packages get installed. # exit for any vm except demohost, or if we are doing a dirinstall -if ifclass VM && ! ifclass demohost || ifclass VOL_BULLSEYE_BOOTSTRAP || [[ ! $FAI_ACTION || $FAI_ACTION = dirinstall ]]; then +if ifclass VM && ! ifclass demohost || ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP || [[ ! $FAI_ACTION || $FAI_ACTION = dirinstall ]]; then exit 0 fi diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT index 63235f1..18f5a23 100755 --- a/fai/config/hooks/partition.DEFAULT +++ b/fai/config/hooks/partition.DEFAULT @@ -272,7 +272,7 @@ mktab() { dev=${boot_devs[0]} fstabstd="x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s" - if [[ $DISTRO == debianbullseye_bootstrap ]]; then + if [[ $DISTRO == *_bootstrap ]]; then cat > /tmp/fai/fstab < Date: Wed, 24 Apr 2024 00:55:55 -0400 Subject: [PATCH 13/16] a bunch of fixes and improvements --- README | 20 ++- fai-redep | 7 +- fai-revm | 2 +- fai/config/distro-install-common/end | 5 +- .../install-stable-kernel-debs | 31 +++- fai/config/hooks/partition.DEFAULT | 4 +- fai/config/hooks/updatebase.UBUNTU | 10 +- fai/config/package_config/ARAMO.gpg | Bin 0 -> 3471 bytes fai/config/package_config/NABIA.gpg | 1 + fai/config/package_config/STANDARD | 6 +- fai/config/package_config/readme | 2 + fai/config/scripts/DEBIAN/11-iank | 30 +++- fai/config/scripts/IANK/11-iank | 137 ++++++++++-------- faiserver-setup | 6 +- mk-basefile-big | 2 +- myfai-chboot | 18 ++- myfai-chboot-local | 56 ++++--- 17 files changed, 227 insertions(+), 110 deletions(-) create mode 100644 fai/config/package_config/ARAMO.gpg create mode 120000 fai/config/package_config/NABIA.gpg create mode 100644 fai/config/package_config/readme diff --git a/README b/README index da28e4e..6d097f9 100644 --- a/README +++ b/README @@ -128,7 +128,7 @@ archlike-pxe # Setup pxe boot server from an archlike base image fai-redep # Deploy fai configuration to host "faiserver" faiserver-uninstall # uninstall fai-server faiserver-setup # install fai-server on the current machine -myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec +myfai-chboot # setup fai tftp and nfs. useful for doing pxe-kexec or booting from a fai-cd. pxe-server # disable/enable pxe dhcp, tfp, and nfs. calls myfai-chboot wrt-setup # setup my router in general: dhcp, dns, etc. @@ -191,6 +191,24 @@ ERROR: Kernel modules directory /lib/modules/5.10.0-8-amd not available. Only fo solution: if running from fai-cd, recreate autodiscover cd as noted above in setup. +## Weird package dependency errors + +for example: in fai.log, within instsoft.DEBIAN +``` +The following packages have unmet dependencies: + libc6 : Breaks: locales (< 2.36) but 2.35-0ubuntu3.7+11.0trisquel1 is to be installed +``` + +In this case, it was because the basefile was missing, and so instead +fai decided to use the wrong basefile. + +for example: in fai.log, within instsoft.DEBIAN + +``` +ftar: No matching class found in /var/lib/fai/config/basefiles// +ftar: extracting /var/tmp/base.tar.zst to /target/ +``` + # What good logs look like: logging nfs traffic from server diff --git a/fai-redep b/fai-redep index 5e08b2f..8e5919d 100755 --- a/fai-redep +++ b/fai-redep @@ -75,8 +75,7 @@ rsync -atL /home/iank/.ssh/authorized_keys fai/config/files/root/.ssh/authorized install --owner=iank --group=iank -d fai/config/files/usr/local/bin/hssh install --owner=iank --group=iank -d fai/config/files/usr/local/bin/ssh_filter_btrbk.sh rsync -atL /a/opt/btrbk/ssh_filter_btrbk.sh fai/config/files/usr/local/bin/ssh_filter_btrbk.sh/STANDARD - -m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config /a/opt/btrfs-progs-release "${rpre[@]}"/srv +m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "${rpre[@]}"/srv # todo: automatically disable faiserver after a period so # these files are not available. @@ -102,6 +101,8 @@ else rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common fi +rsync -rlpt --delete /a/opt/btrfs-progs-release "${rpre[@]}"/srv/fai/config/distro-install-common + dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh) if [[ -e ${dirs[0]} ]]; then rsync -rlpt --delete --relative ${dirs[@]} "${rpre[@]}"/srv/fai/config/distro-install-common @@ -114,4 +115,4 @@ printf "%s\n%s\n" "PACKAGES install" ${pall[*]} | \ $faiserver_shell dd of=/srv/fai/config/package_config/DESKTOP status=none ||: # broken pipe -rsync -rplt --include '/*.gz' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/ +m rsync -rplt --include '/*.zst' --exclude '/**' --delete-excluded $BASEFILE_DIR/ "${rpre[@]}"/srv/fai/config/basefiles/ diff --git a/fai-revm b/fai-revm index 050ecda..2ce0102 100755 --- a/fai-revm +++ b/fai-revm @@ -140,7 +140,7 @@ else BASEFILE_DIR=/tmp fi isopath=$BASEFILE_DIR/$iso - isosrc=$BASEFILE_DIR/BOOKWORM64.tar.gz + isosrc=$BASEFILE_DIR/BOOKWORM64.tar.zst if [[ ! -e $isopath || $(stat -c %Y $isopath) -lt $(stat -c %Y $isosrc) ]]; then e fai-cd -g $(readlink -f grub.cfg.${iso%%.*}) -f -A $isopath fi diff --git a/fai/config/distro-install-common/end b/fai/config/distro-install-common/end index f9a0840..2455ece 100755 --- a/fai/config/distro-install-common/end +++ b/fai/config/distro-install-common/end @@ -32,7 +32,9 @@ au() { # add user. i don't use adduser for portability # only setup root pass for bootstrap vol -if ifclass VOL_BULLSEYE_BOOTSTRAP || VOL_BOOKWORM_BOOTSTRAP; then +# for bootstrap vol, we only use root user +if ifclass VOL_BULLSEYE_BOOTSTRAP || ifclass VOL_BOOKWORM_BOOTSTRAP; then + sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e exit 0 fi @@ -74,6 +76,7 @@ if getent group sudo >/dev/null; then $ROOTCMD usermod -aG sudo iank fi +mkdir -p $target/etc/sudoers.d cat >$target/etc/sudoers.d/ianksudoers <<'EOF' Defaults timestamp_timeout=1440 # used in bashrc diff --git a/fai/config/distro-install-common/install-stable-kernel-debs b/fai/config/distro-install-common/install-stable-kernel-debs index c024796..db7abcf 100755 --- a/fai/config/distro-install-common/install-stable-kernel-debs +++ b/fai/config/distro-install-common/install-stable-kernel-debs @@ -1,4 +1,4 @@ -#!/bin/bash -x +#!/bin/bash # This file is part of Ian Kelling's automated-distro-installer # Copyright (C) 2024 Ian Kelling @@ -21,13 +21,30 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" -tmpdir=$(mktemp -d) || exit -trap 'cd; rm -rf "$tmpdir"' EXIT -cd $tmpdir +set -x + +prereqs=() +for p in wget curl; do + if ! type -p $p &>/dev/null; then + prereqs+=($p) + fi +done +if (( ${#prereqs[@]} >= 1 )); then + apt-get -y install ${prereqs[@]} +fi + + +tmpdir=$($ROOTCMD mktemp -d) || exit +outertmp=$target/$tmpdir +trap 'cd; rm -rf "$outertmp"' EXIT +cd $outertmp # update stable_ver when we are ready to jump to a new stable kernel. # Stable kernels are listed here: https://www.kernel.org/category/releases.html stable_ver='6\.6' +# Actually, I dont want stable right now. comment this out to get stable +# version. +stable_ver='[1-9]' va=$(curl -s https://kernel.ubuntu.com/mainline/ | \ sed -rn 's,.*alt="\[DIR\]".*href="([^/]+).*,\1,p' | \ grep -v -- -rc | sed 's/^v//' | grep "^$stable_ver" | sort -V | tail -n1) @@ -45,11 +62,11 @@ fi urls=() for p in ${pkgs[@]}; do - if ! dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then + if ! $ROOTCMD dpkg -s -- "${p%%_*}" 2>&1 | grep -Fx "Status: install ok installed" &>/dev/null; then urls+=(https://kernel.ubuntu.com/mainline/v$va/amd64/$p) fi done if (( ${#urls[@]} >= 1 )); then - wget "${urls[@]}" - dpkg -i ./*.deb + wget -nv "${urls[@]}" + $ROOTCMD dpkg -i ${pkgs[@]/#/$tmpdir/} fi diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT index 18f5a23..11a7ee5 100755 --- a/fai/config/hooks/partition.DEFAULT +++ b/fai/config/hooks/partition.DEFAULT @@ -885,10 +885,10 @@ if $partition; then # so use fixed sizes to allow both to grow # 600 = uefi 512 + grubext 8 + bios grub 3 + some extra cuz this is lvm #root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 )) - o_mib=$(( 120 * 1000 )) + o_mib=$(( 180 * 1000 )) # max minus o, minus a gig just for some extra space max_root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 - o_mib - 1000 )) - root_mib=$(( 1000 * 1000 )) # * 1000 to make it in gb. + root_mib=$(( 1700 * 1000 )) # * 1000 to make it in gb. if (( max_root_mib < root_mib )); then root_mib=$max_root_mib fi diff --git a/fai/config/hooks/updatebase.UBUNTU b/fai/config/hooks/updatebase.UBUNTU index e5050cd..98f775f 100755 --- a/fai/config/hooks/updatebase.UBUNTU +++ b/fai/config/hooks/updatebase.UBUNTU @@ -1,5 +1,12 @@ #! /bin/bash +# mk-basefile doesn't use the -updates suite, then we unpack it, then we +# install sources.list that has -updates and we install random +# packages. It might avoid a problem if we a dist-upgrade first. + +$ROOTCMD apt-get update +$ROOTCMD apt-get -y dist-upgrade --purge --auto-remove + # https://lists.uni-koeln.de/pipermail/linux-fai/2016-July/011398.html # In Ubuntu 16.04 (but not 14.04), the locales configuration mechanism has # changed. There is a /var/lib/dpkg/info/locales.config file, which @@ -9,8 +16,9 @@ # hook applies the debconf setting. It must run after FAI's debconf task # but before dpkg gets a chance to clobber debconf with an empty setting. + if [ ! -f "$target/var/lib/locales/supported.d/local" ]; then - $ROOTCMD debconf --owner=locales sh -c ' + $ROOTCMD debconf --owner=locales sh -c ' . /usr/share/debconf/confmodule db_version 2.0 db_get locales/locales_to_be_generated && diff --git a/fai/config/package_config/ARAMO.gpg b/fai/config/package_config/ARAMO.gpg new file mode 100644 index 0000000000000000000000000000000000000000..58057f6c8594d41c77bcbf17af40e5eca896e804 GIT binary patch literal 3471 zcmai$S5y;-x`mTaLy<_YF?1M#(4{3bDbl4EMF`Rf#U%8OH0fO!29PE)2vVdfB1Mp* zNR=dllpqL^-rJco_sqKY;jVlCw|~Fvm%YCA6@nNkZ36-*fDi!Q^y}mR#-T_pEUUoc zW|I~NUpjCldy+(IDg2;x@@?Jr*ukMyqs7q);caCN*u67vigS5eWT3jU_DylzJx1;E zc>ntv+FN&C$|Ti?q^4^_Zt*1X1+9pr7-BR|hL zDOxMk64u|t=KsjBzRrwK(*TQG_VlDxzlmX~`1!^U6`qv*K(M#c;i|TFL6ut5t-^^n z_J->?+2tZde6{3Li`d@oM*4{lfjT`aFR*m*%5j~J`*oMUKAZR=dYf>dp};N)&)j7Y zA$Cy+ZFOFxh2oCxZyMR5N>lZlKgq`o*vD^ZoB*x^0l*d+%SWD=0Gz82OwYs$Zsh5U z3x=s-|C32RbPaU%(fH?;^7M7{Lneb1DOrGY0Ddaazn28!p`fA%)6!5-vC)BP>8aQ$ zKtKQp3IuUP1L(kzMx|jL2CD1uwP~h9dD4`K0kr%`(K(RuYKUnQPmb&0U)}MO*E&2A zeEG1xY}miQbZRwIs~N$=xCy>DioL&*7Mn3cp-_YL2tp`u{KmYT`>>TE7O{>a$VoP* zkT*_h^$;?iq3Ey8&|eJsMkPhr;uj0iPLKaqPuWHq-6 zSv+;GjbnV(c-#A)f)`}|<#f%-i@T(EF|F`Cw(2CE2>V(RW%iyH=v=Jeaxr_8EI@N!6?9F1^&jWf$72 zYUPy4=p;gFC-(E0g58hCQbL0_8MBIgbY{%0JnJFFV^i}bKmi^c6E;Xh7K*x8093>v zoV7U?NO5Ph%0SCBu;ahk^NKFLKl`=;XZk1u&x5^UF0osPh<#-`QU4z*CdQq1T>f-4 zAykGX7pYhFP5!>3fw4lcSCc|lsT#nQTuF8 zN|nEw>($FnpWR7t{IP^Tl2^TMLmJofPCdKN2h>wSSkJMBHcp@|hA`ySXx~UJPwg{| z0jeg)Z8zPH`n#C==QvIIggP|=`J4m~=nj_G1X>&KC*7yn9ABS!OG9#1n;K15XGG}| zNxLXq@FvL! z4IZk`9`yU0J;|UOl$?Ko1pE(382%?PddHcrJk{?ozM=Y_4;x{XLT);2`^_JI)syEm zeTq7ZElwEIY5Vg?g*Rki0Qpso@hq}0N=V%(fEf7ly7On9X}#w+aMX_o3qFLyf<@JK zwr0_%pX0iIk7uWRDRgZlt-2T*nc8o_e|J>_-ZY957JK_fw6P{*qHj^M;-)hAI{eBF zQjSvSIBht$S>`Aki}Na*)fR69=#vR zLImo^4*Z|+B5RV#w%tlm5-okc*#{PZ;9q@-4r=<^C5?9>a^@X8R%fW4f>^_bcF0}8 zoS5EuK!PQ3GW1}UeR%*Dcr3NvuWjX487bbGeTdRF+~K*NI_Vmu^VQj{cKd!HtGYzK z47zPR=__WIQ=8m-W!^5M1C^DHlipWPw-S(5bYvmzJM81l)um{cg5?@&oQ7YSX=Lcz zyj8xOHmcEFSd{5;mUKp0M)ExE>R(TEE-dF4&VDYrS}~`n`?e5 zQWihlEIuvML+BA3(26McR+V!bD*THWE@rZ$f7!|lkB*Ur=QG1c?PCGMb@M%GA(3$f z+z|{VDM<&7l_L?*BPefuXGby=b_ek+g}A|wBbnoiAS7R!ffF5@Ca84jm-l~Dwy zB<1tk*f8$&uoN&VA@@lE0;6)~BKFs#oZP&4V%sj#gXF`F_D5{7ZB1)U@UU zNz3zk=@nY+hIJ6SamByzMGzUQsezt?DNU)M*!?OOL|!?=_Dj8(Ml z14$v~aZA_T9@1Rx`d~dvmWwRYpKz1MfOGc+cGVLg4fb+esAa?n-%%aqkSyUZ$>v@5Q) zGn=A=u3m#2#S|lebu?aiT+%K0ia|Qbw>49_nj*OdYyVnyAP11URrTY^*{3p;ZDFTj z=wx>@vPoIxbocf2b%z$aU&XTaz|)bMb>NiJd?#3T)h|xoh}a@ zvJ?3XVJ+`Fbu)`#)6%A?&G<5B*h6*0I0dEW<9PE}G8?aGOXSt={g!sTaqnJS*b-2Q z25x-^wv%&tqC|K)o@sc|D_tS5TPMp+xv%#d0|)s~HirJ$xg-NuQUa&K#Tz?j_H*4| zEl1tsd|y>IZz0szuAuTC1!iEG*Ok;X>B_M^8trQ7By)l946fJ!9oeknGpa{L{MmwM z;cUrJ41-sa1JvUEbgOicb_yOI))z$#jK-AtYf=q*e(-qw-79L_#i(k$;{Y@0z(50u z^e$c}e3F6*pDe>yeIxE7}9yvf`;pPdWM$z$ieG8Ex6;X}w|Nb7C3pExYVur#XTeK1WQ zmQbIm%h$vzR-MzWVz+JtS`(C-2CVm-JLC)SYeI-^@r$7Rj(#SQi}}z9ttqOsM?V(D zlV39yavC`~nhx?bGfs{duIoIHG(hJ)Zi8&^4D;zgv#q?$hIVN~Z{bJ(s8~{vm2T7Y kDK58jDM_m@{W4`V&cSo>@T=Npjm1F5D{276Uqc4`3p!M6MF0Q* literal 0 HcmV?d00001 diff --git a/fai/config/package_config/NABIA.gpg b/fai/config/package_config/NABIA.gpg new file mode 120000 index 0000000..84bd61d --- /dev/null +++ b/fai/config/package_config/NABIA.gpg @@ -0,0 +1 @@ +ARAMO.gpg \ No newline at end of file diff --git a/fai/config/package_config/STANDARD b/fai/config/package_config/STANDARD index c0726e6..f55e664 100644 --- a/fai/config/package_config/STANDARD +++ b/fai/config/package_config/STANDARD @@ -21,9 +21,6 @@ ncurses-term openssh-client pciutils perl -# ian: newer distros dont have python, it gets naturally removed -python -python-minimal python3 python3-minimal reportbug @@ -49,7 +46,6 @@ rsync openssh-client openssh-server time procinfo -locales console-setup kbd pciutils usbutils unattended-upgrades @@ -67,6 +63,8 @@ iso-codes cryptsetup-initramfs # for btrbk zstd +# for detecting wireless +iw # iank, copied from DEBIAN so it goes into ubuntu too PACKAGES install GRUB_PC diff --git a/fai/config/package_config/readme b/fai/config/package_config/readme new file mode 100644 index 0000000..abb42b7 --- /dev/null +++ b/fai/config/package_config/readme @@ -0,0 +1,2 @@ +ian: Ya, for each trisquel release, we need a new key symlink link, or +new file if the key has changed. diff --git a/fai/config/scripts/DEBIAN/11-iank b/fai/config/scripts/DEBIAN/11-iank index 69b9afe..130c7e9 100755 --- a/fai/config/scripts/DEBIAN/11-iank +++ b/fai/config/scripts/DEBIAN/11-iank @@ -24,12 +24,33 @@ if [[ $EUID != 0 ]]; then exit 1 fi +m() { printf "%s\n" "$*"; "$@"; } + + fcopy -riB /root +# in bullseye, installing systemd-resolved says: Converting +# /etc/resolv.conf to a symlink to +# /run/systemd/resolve/stub-resolv.conf... which breaks +# resolution. This happens to be the first script we install a package +# after that. This should do nothing in a fai-wrapper situation. +if [[ ! -s $target/etc/resolv.conf ]]; then + m ls -la $target/etc/resolv.conf ||: + # Keep the symlink in place, systemd-resolved should change the file + # when it runs. + mkdir -p $target/run/systemd/resolve + if [[ ! -s /etc/resolv.conf ]] && ! host google.com; then + echo "ERROR: empty resolv.conf & failed dns resolution. exiting 1" >&2 + exit 1 + fi + cat /etc/resolv.conf >$target/etc/resolv.conf +fi + + #### misc configurations chroot $FAI_ROOT bash <<'EOFOUTER' -set -x +set -xe if getent group systemd-journal >/dev/null; then # makes the journal be saved to disk. mkdir -p /var/log/journal @@ -38,7 +59,12 @@ fi debconf-set-selections </dev/null; then sudo apt-get -y install fai-client fi -if [[ -e /a/bin/fai/fai-wrapper ]]; then - chroot() { - shift - "$@" - } -fi - -if [[ $FAI_ROOT == / ]]; then - source /a/bin/bash_unpublished/source-state - bprogs_dir=/a/opt/btrfs-progs-release -else - bprogs_dir=/srv/btrfs-progs-release - chroot="chroot $FAI_ROOT" -fi - # -r = recursive # -i = ignore non-matching class warnings, always exit 0 # -B = no backup files @@ -66,6 +51,8 @@ if [[ ! -e $dst && -e $src ]]; then mount -o bind $src $dst fi + + $FAI/distro-install-common/end @@ -75,13 +62,13 @@ $FAI/distro-install-common/end # I run this as a single post-fai script to update things that have changed. tmpfile1=$(mktemp) # this can fail if we need an apt update -$chroot /usr/bin/apt-cache policy >$tmpfile1 ||: +$ROOTCMD /usr/bin/apt-cache policy >$tmpfile1 ||: fcopy -riB /etc/apt tmpfile2=$(mktemp) -$chroot /usr/bin/apt-cache policy >$tmpfile2 +$ROOTCMD /usr/bin/apt-cache policy >$tmpfile2 if ! diff -q $tmpfile1 $tmpfile2; then - $chroot /usr/bin/apt update + $ROOTCMD /usr/bin/apt update fi # outside of fai, this seems to regularly lead to # E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable) @@ -105,7 +92,6 @@ fi #### misc configurations - if [[ $FAI_ACTION != dirinstall ]] && ! ifclass NOCRYPT; then if ifclass LINODE; then speed=19200 @@ -131,7 +117,7 @@ TimeoutStartSec=20 WantedBy=dev-disk-by\x2did-ata\x2dSamsung_SSD_870_QVO_8TB_S5VUNG0N900656V.device EOF - $chroot bash <<'EOFOUTER' + $ROOTCMD bash <<'EOFOUTER' systemctl enable myncq.service /usr/bin/myncq no-upgrub EOFOUTER @@ -180,8 +166,8 @@ EOF fi # use networkmanager if this host has wireless. -if [[ $HOSTNAME == bo ]] || type -p iw &>/dev/null && [[ $(iw dev) ]]; then - $chroot bash </dev/null | awk '{print $2}') ||: -if [[ $ver != "$cur_ver" ]]; then - if [[ $HOST2 == "$HOSTNAME" && $ver != "$($bprogs_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then - rm -rf $bprogs_dir - cd /tmp - wget $url - sudo -u iank tar xzf $tarball - mv ${tarball%.tar.gz} $bprogs_dir - cd $bprogs_dir - apt-get -y build-dep btrfs-progs - sudo -u iank ./configure --disable-documentation - sudo -u iank make - make install - else - $chroot bash -xe <$target/etc/initramfs-tools/conf.d/mine </dev/null | awk '{print $2}') ||: + +if [[ $FAI_ROOT == / ]]; then + bp_dir=/a/opt/btrfs-progs-release +else + bp_dir=$FAI/distro-install-common/btrfs-progs-release +fi +if [[ $ver != "$cur_ver" ]]; then + if [[ $ver != "$($bp_dir/btrfs --version 2>/dev/null | awk '{print $2}')" ]]; then + cd $target/tmp + wget $url + tar xzf $tarball + $ROOTCMD apt-get -y build-dep btrfs-progs + # no docs cuz I didn't want to bother fixing error of missing docs dependencies + $ROOTCMD bash -xe <&1 | grep -Fx "Status: install ok installed" &>/dev/null; then + $ROOTCMD apt-get -y install build-essential + fi + + if [[ $FAI_ROOT == / ]]; then + cd /a/opt/btrfs-progs-release + make install + else + mkdir -p $target/tmp/bprogs + mount -o bind $bp_dir $target/tmp/bprogs + $ROOTCMD bash -xe < /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.gz +tar --one-file-system -C $t -cf - . | zstd -9 > /a/bin/fai-basefiles/basefiles/${distver^^}64BIG.tar.zst cleanup diff --git a/myfai-chboot b/myfai-chboot index 743859a..a653ae6 100755 --- a/myfai-chboot +++ b/myfai-chboot @@ -31,18 +31,26 @@ If our kernel has no nfs support, uses apache intead of nfs, and depends on another repo of Ian Kelling, basic-https-conf, where the file is at /a/exe/web-conf. -Usng this, you can boot into fai with pxe-kexec without changing -the dhcp server. +Using this, you can boot into fai with pxe-kexec without changing the +dhcp server. Note, if you are booting using fai-cd, the pxe config does +nothing, and only flags affecting FAI_ACTION will have any affect. You +can change the fai flags in the grub config, for example in +./grub.cfg.autodiscover, or at runtime by editing a grub menu option. +We could probably also set FAI_FLAGS the same way we set FAI_ACTION, +but I haven't tried it. -Argument sets the host to enable it for. No argument disables pxe -config for all hosts, but leaves nfs server alone. Use faiserver-disable -to disable the nfs server. +HOSTNAME|IP|default Sets the host to enable it for. No argument + disables pxe config for all hosts, but leaves nfs + server alone. Use faiserver-disable to disable the + nfs server. -S sets FAI_ACTION=sysinfo, and remove fai flag reboot. Usefull for doing a system recovery. It reboots automatically anyways :( -k Add serial port output for kgped16 -i sets FAI_ACTION=inventory and remove fai flag reboot. I'm not sure what this is usefull for. +-b Setup bonded ethernet. +--no-r Tell fai-chboot not to reboot when its done. This is implied by -i and -S. -h|--help Print help and exit. EOF diff --git a/myfai-chboot-local b/myfai-chboot-local index 4cef9a5..7dea8f2 100755 --- a/myfai-chboot-local +++ b/myfai-chboot-local @@ -16,54 +16,72 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -# note, this script gets piped to bash, so cant cd to current dir -[[ $EUID == 0 ]] || exec sudo "${BASH_SOURCE}" "$@" +[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@" + +set -x set -eE -o pipefail trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR +pre="${0##*/}:" +m() { printf "$pre %s\n" "$*"; "$@"; } +e() { printf "$pre %s\n" "$*"; } +err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; } + +usage() { + cat <&2; exit 1; } + +temp=$(getopt -l help,no-r hSi "$@") || usage 1 +eval set -- "$temp" +while true; do case $1 in - -h|--help) - echo "see help from myfai-chboot" - exit 0 - ;; -S) fai_action=sysinfo fai_reboot_arg= - shift ;; -i) #inventory fai_action=inventory fai_reboot_arg= - shift ;; -k) kgped16=true - shift ;; -b) bond=true - shift ;; --no-r) fai_reboot_arg= - shift ;; + -h|--help) usage ;; + --) shift; break ;; + *) echo "$0: unexpected args: $*" >&2 ; usage 1 ;; esac + shift done - -pre="${0##*/}:" -m() { printf "$pre %s\n" "$*"; "$@"; } -e() { printf "$pre %s\n" "$*"; } -err() { echo "[$(date +'%Y-%m-%d %H:%M:%S%z')]: $pre: $*" >&2; } - -host=$1 +read -r host <<<"$@" +readonly host rm -f /srv/tftp/fai/pxelinux.cfg/* -- 2.30.2 From 5c8f49a1d5321a0d3f01284f0087740af070962b Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Wed, 24 Apr 2024 15:23:06 -0400 Subject: [PATCH 14/16] minor: docs --- README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README b/README index 6d097f9..f9d0853 100644 --- a/README +++ b/README @@ -104,7 +104,7 @@ fai/config/distro-install-common/end and which shadow file / luks file(s) to copy into the new machine depends on fai-redep arguments. -Also, setup dns in bind and wrt-setup-local. +Also, setup dns in /p/c/host-info and firewall redirects in wrt-setup-local. After install, btrbk to setup data, and then distro-begin && distro end. See notes in distro-begin for other configuration. -- 2.30.2 From c5eccfae1f48f183af80847fcabcc35e3563469d Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Sat, 27 Apr 2024 17:03:04 -0400 Subject: [PATCH 15/16] handle ssh redirects programatically --- wrt-setup | 2 +- wrt-setup-local | 64 ++----------------------------------------------- 2 files changed, 3 insertions(+), 63 deletions(-) diff --git a/wrt-setup b/wrt-setup index ec91ed7..bce6a4a 100755 --- a/wrt-setup +++ b/wrt-setup @@ -77,7 +77,7 @@ scp /a/work/libremanage/libremanage /a/bin/fai/wrt-init /a/bin/fai/wrt-setup-loc #/a/opt/openwrt/source/bin/packages/mips_24kc/mypackages/relay_1.0-1_mips_24kc.ipk \ scp /q/root/shadow/router /p/c/machine_specific/wrt/etc/dropbear/dropbear_rsa_host_key \ - /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/dnsmasq-data /b/bash-bear-trap/bash-bear $h: + /p/router-secrets /p/c/machine_specific/wrt/etc/wg.{key,psk} /p/c/ptr-data /p/c/{dnsmasq,cmc-firewall}-data /b/bash-bear-trap/bash-bear $h: scp ../openwrtkeyring/usign/* $h:/etc/opkg/keys ssh $h wrt-init ${HOME_DOMAIN:-b8.nz} "$@" diff --git a/wrt-setup-local b/wrt-setup-local index aabfca3..3d2edb8 100755 --- a/wrt-setup-local +++ b/wrt-setup-local @@ -666,6 +666,7 @@ config rule option target REJECT ## end no external dns for ziva +$(. /root/cmc-firewall-data) config rule option src wan @@ -684,18 +685,6 @@ config rule option target ACCEPT option dest_port 9091 -config redirect - option name sshkd - option src wan - option src_dport 2202 - option dest_port 22 - option dest_ip $l.2 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 2202 - # was working on an openvpn server, didn't finish # config redirect # option name vpnkd @@ -723,55 +712,6 @@ config rule option dest_port 8989 -config redirect - option name sshx2 - option src wan - option src_dport 2205 - option dest_port 22 - option dest_ip $l.5 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 2205 - -config redirect - option name sshx3 - option src wan - option src_dport 2207 - option dest_port 22 - option dest_ip $l.7 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 2207 - -config redirect - option name sshbb8 - option src wan - option src_dport 2209 - option dest_port 22 - option dest_ip $l.32 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 2209 - - -config redirect - option name sshfrodo - option src wan - option src_dport 2234 - option dest_port 34 - option dest_ip $l.34 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 2234 - config redirect option name icecast @@ -822,7 +762,7 @@ config rule option target ACCEPT option dest_port 4533 -# So a client can just have i.b8.nz dns even when they +# So a client can just have b8.nz dns even when they # are on the lan. #config redirect # option name navidromelan -- 2.30.2 From a03d1a5cf4c6583c075a5b80e729f8f72ed0d338 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Sun, 28 Apr 2024 09:31:36 -0400 Subject: [PATCH 16/16] static usb ethnet addresses --- fai-redep | 6 +++++- fai/config/scripts/IANK/11-iank | 10 ++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/fai-redep b/fai-redep index 8e5919d..b90b30a 100755 --- a/fai-redep +++ b/fai-redep @@ -80,6 +80,7 @@ m rsync -rlpt --delete --relative --exclude /fai/config/basefiles/ fai/config "$ # todo: automatically disable faiserver after a period so # these files are not available. + if [[ $target ]]; then secret_files=(luks/$target luks/host-$target shadow/$target) exists=false @@ -101,7 +102,10 @@ else rsync -rlpt /q/root/shadow /q/root/luks "${rpre[@]}"/srv/fai/config/distro-install-common fi -rsync -rlpt --delete /a/opt/btrfs-progs-release "${rpre[@]}"/srv/fai/config/distro-install-common +rsync -rlpt --delete /a/opt/btrfs-progs-release \ + filesystem/usr/local/bin/ethusb-nm \ + filesystem/usr/local/bin/ethusb-static \ + "${rpre[@]}"/srv/fai/config/distro-install-common dirs=(/p/c/machine_specific/${target:-*}/filesystem/etc/ssh) if [[ -e ${dirs[0]} ]]; then diff --git a/fai/config/scripts/IANK/11-iank b/fai/config/scripts/IANK/11-iank index ce0be4b..54641b2 100755 --- a/fai/config/scripts/IANK/11-iank +++ b/fai/config/scripts/IANK/11-iank @@ -184,6 +184,16 @@ EOF [main] dns=systemd-resolved EOF + + $FAI/distro-install-common/ethusb-static + if [[ $(dig +short @10.2.0.1 -x 10.2.0.2 2>&1 ||:) == kd.b8.nz. ]] \ + && ip n show 10.2.0.1 | grep . &>/dev/null; then + : # we are at home. note: logic duplicated in btrbk-run + else + $FAI/distro-install-common/ethusb-nm + fi + + else cat > $target/etc/network/interfaces <<-EOF # generated by FAI -- 2.30.2