From dcc5f68f7fbe9aa86cb3c7402ba4429bd70b369d Mon Sep 17 00:00:00 2001
From: Ian Kelling <iank@fsf.org>
Date: Sat, 20 Feb 2021 02:21:28 -0500
Subject: [PATCH] fixes and remove some jessie stuff

---
 README                                        | 15 ++-
 .../files/root/fai-check/VOL_BUSTER_BOOTSTRAP | 92 +++++++++---------
 fai/config/hooks/partition.DEFAULT            | 44 ++++-----
 faiserver-setup                               | 96 +++++++++++--------
 4 files changed, 134 insertions(+), 113 deletions(-)

diff --git a/README b/README
index 5f78075..95eca1d 100644
--- a/README
+++ b/README
@@ -76,7 +76,7 @@ fai/config/class/50-host-classes.
 Before doing a fai install, you will need to populate /q/root/luks and
 /q/root/shadow, see their references. You might also want to copy
 existing /etc/ssh/*host* to
-/p/c/machine_specific/HOST/filesystem/etc/ssh.
+/p/c/machine_specific/HOST/filesystem/etc/ssh
 
 host-* luks keyfiles generated like:
 head -c 2048 /dev/urandom | od | s dd of=/q/root/luks/host-demohost
@@ -186,6 +186,19 @@ a superflous upstream bug based on reading the post install script:
 addgroup: The group `systemd-journal' already exists as a system group. Exiting.
 Operation failed: No such file or directory
 
+On nabia/newer, python is removed, now its python3,
+and its easier to just let the package get removed than
+do host class package config.
+fai.log:WARNING: These unknown packages are removed from the installation list: python python-minimal
+
+Similar to python, linux-image-amd64 is the debian package name
+for the kernel, linux-image-generic is for ubuntu, but the
+DEBIAN class is defined on ubuntu and its easier to just let
+the package get removed with this warning:
+fai.log:WARNING: These unknown packages are removed from the installation list: linux-image-amd64
+Also, cryptsetup-initramfs is new to buster/nabia, it gets removed
+on earlier versions.
+
 
 # linode notes
 
diff --git a/fai/config/files/root/fai-check/VOL_BUSTER_BOOTSTRAP b/fai/config/files/root/fai-check/VOL_BUSTER_BOOTSTRAP
index e96879a..283bbf6 100755
--- a/fai/config/files/root/fai-check/VOL_BUSTER_BOOTSTRAP
+++ b/fai/config/files/root/fai-check/VOL_BUSTER_BOOTSTRAP
@@ -6,7 +6,7 @@ trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
 
 
 usage() {
-    cat <<EOF
+  cat <<EOF
 Usage: ${0##*/} [OPTION]
 If grub var set, act like pxe rom and pxe-kexec to faiserver
 
@@ -15,7 +15,7 @@ If grub var set, act like pxe rom and pxe-kexec to faiserver
 
 Note: Uses GNU getopt options parsing style
 EOF
-    exit $1
+  exit $1
 }
 
 
@@ -29,59 +29,59 @@ did_fai_check=false
 m() { printf "%s\n" "$*";  "$@"; }
 
 try-kexec() {
-    deadline=$(( `date +%s` + NETWORK_TIMOUT_SECS ))
-    while ! nc -zu faiserver 69; do
-        if (( `date +%s` > deadline )); then
-            echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout"
-            return 0
-        fi
-        sleep 1
-    done
-    m pxe-kexec -n --ignore-whitelist -l fai-generated faiserver ||:
+  deadline=$(( `date +%s` + NETWORK_TIMOUT_SECS ))
+  while ! timeout -s 9 3 nc -zu faiserver 69; do
+    if (( `date +%s` > deadline )); then
+      echo "fai-check: hit $NETWORK_TIMOUT_SECS s tftp server timeout"
+      return 0
+    fi
+    sleep 1
+  done
+  m pxe-kexec -n --ignore-whitelist -l fai-generated faiserver ||:
 }
 
 case $1 in
-    -f|--force)
-        try-kexec
-        exit
-        ;;
+  -f|--force)
+    try-kexec
+    exit
+    ;;
 esac
 
 first=true
 for dev in $(btrfs fi show / | sed -rn 's#^\s*devid\s.*\s([^0-9 ]+)\S+$#\1#p' \
-                 |sort); do
-    dev+=4
-    mount $dev /mnt
-    if $first; then
-        if [[ -e /mnt/grubenv ]]; then
-            set -x
-            source <(grub-editenv /mnt/grubenv list)
-            set +x
-        fi
-        first=false
-        # we could just as well check if last_boot != /debianbuster_boostrap
-        # the intent with this one is just a little clearer.
-        if [[ $did_fai_check == true ]]; then
-            grub-editenv /mnt/grubenv set did_fai_check=os_true
-            # our service does not wait for network-online.target,
-            # because it will wait for too long when we don't have a network
-            # connection. So, we wait for 10 seconds.
-            # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
-            try-kexec ||:
-        fi
-    else
-        # we make sure there is only 1 grubenv,
-        # so grub can just find the first one, in whatever order
-        # if looks at them, which may not be the same as us.
-        # If the disk dies, we just lose the default boot option,
-        # we will have to do manual steps to replace it anyways.
-        rm -f /mnt/gruvenv
+               |sort); do
+  dev+=4
+  mount $dev /mnt
+  if $first; then
+    if [[ -e /mnt/grubenv ]]; then
+      set -x
+      source <(grub-editenv /mnt/grubenv list)
+      set +x
+    fi
+    first=false
+    # we could just as well check if last_boot != /debianbuster_boostrap
+    # the intent with this one is just a little clearer.
+    if [[ $did_fai_check == true ]]; then
+      grub-editenv /mnt/grubenv set did_fai_check=os_true
+      # our service does not wait for network-online.target,
+      # because it will wait for too long when we don't have a network
+      # connection. So, we wait for 10 seconds.
+      # ref: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
+      try-kexec ||:
     fi
-    umount /mnt
+  else
+    # we make sure there is only 1 grubenv,
+    # so grub can just find the first one, in whatever order
+    # if looks at them, which may not be the same as us.
+    # If the disk dies, we just lose the default boot option,
+    # we will have to do manual steps to replace it anyways.
+    rm -f /mnt/gruvenv
+  fi
+  umount /mnt
 done
 
 # the check for last_boot is not needed afaik, just sanity check.
-if [[ $did_fai_check == true && $last_boot != /debianstable_boostrap ]]; then
-    # no need to reboot if we actually want to boot into this os.
-    reboot
+if [[ $did_fai_check == true && $last_boot != /debianbuster_boostrap ]]; then
+  # no need to reboot if we actually want to boot into this os.
+  reboot
 fi
diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index 4646e56..988ce06 100755
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -120,12 +120,7 @@ add-part() { # add partition suffix to $dev
     d=$1
     part=$2
   fi
-  if [[ $d == /dev/disk/by-id/* ]]; then
-    ret=$d-part$part
-  else
-    ret=$d$part
-  fi
-  echo $ret
+  echo $d-part$part
 }
 
 bootdev() { add-part $@ $bootn; }
@@ -142,6 +137,11 @@ swap-cryptdev() { crypt-dev $(swapdev $@); }
 root-cryptname() { crypt-name $(rootdev $@); }
 swap-cryptname() { crypt-name $(swapdev $@); }
 
+dev-mib() {
+  echo $(( $(parted -m $dev unit MiB print | \
+               sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
+}
+
 ##### end function defs
 
 if ifclass REPARTITION; then
@@ -203,11 +203,10 @@ fi
 for dev in ${short_devs[@]}; do
   if $partition; then break; fi
   y=$(readlink -f $dev)
-  arr=($y[0-9])
-  [[ ${#arr[@]}  == "$lastn" ]] || partition=true
-  for (( i=1; i <= lastn; i++ )); do
-    [[ -e ${dev}$i ]] || partition=true
-  done
+  arr=($y?*)
+  if (( ${#arr[@]}  != lastn )); then
+    partition=true
+  fi
   # On one system, blkid is missing some partitions.
   # maybe we need a flag, like FUZZY_BLKID or something, so we
   # can check that at least some exist.
@@ -233,7 +232,7 @@ if [[ ! ${devs[0]} ]]; then
 fi
 
 boot_space=0
-first=false
+first=true
 boot_devs=()
 for dev in ${devs[@]}; do
   if ifclass frodo; then
@@ -266,12 +265,13 @@ for dev in ${devs[@]}; do
                                     sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
     boot_devs+=($(bootdev))
   fi
-  if [[ $boot_devs && $first ]]; then
+  if $first && [[ $boot_devs ]]; then
     first_efi=$(efidev)
     first_grub_extdev=$(grub_extdev)
     first=false
   fi
 done
+first_boot_dev=${boot_devs[0]}
 
 even_raid=false
 if ifclass RAID0 || (( ${#boot_devs[@]} == 1 )); then
@@ -339,7 +339,6 @@ if [[ ! $DISTRO ]]; then
     exit 1
   fi
 fi
-first_boot_dev=${boot_devs[0]}
 
 
 bpart() { # btrfs a partition
@@ -399,7 +398,7 @@ if $partition; then
       # if we repartition to the same as an old partition,
       # we don't want any old fses hanging around.
       for (( i=1; i <= lastn; i++ )); do
-        x=$(add-part $dev $i)
+        x=$(add-part $i)
         [[ -e $x ]] || continue
         count_down=10
         # wipefs has failed, manual run works, google suggests timing issue
@@ -416,10 +415,9 @@ if $partition; then
 
   if $even_raid; then
     for dev in ${devs[@]}; do
-      disk_mib=$(( $(parted -m $dev unit MiB print | \
-                       sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
-      if [[ ! min_disk_mib ]] || (( disk_mib < min_disk_mib )); then
-        min_disk_mib=$disk_mib
+      cur_mib=$(dev-mib)
+      if [[ ! $disk_mib ]] || (( cur_mib < disk_mib )); then
+        disk_mib=$cur_mib
       fi
     done
   fi
@@ -435,11 +433,8 @@ if $partition; then
     #
     # Note: parted print error output is expected. example:
     # Error: /dev/vda: unrecognised disk label
-    if $even_raid; then
-      disk_mib=$min_disk_mib
-    else
-      disk_mib=$(( $(parted -m $dev unit MiB print | \
-                       sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
+    if ! $even_raid; then
+      disk_mib=$(dev-mib)
     fi
     root_end=$(( disk_mib - swap_mib - boot_mib /  ${#boot_devs[@]} ))
     swap_end=$(( root_end + swap_mib))
@@ -614,6 +609,7 @@ umount /mnt
 if [[ $DISTRO == debianbuster_bootstrap ]]; then
   cat > /tmp/fai/fstab <<EOF
 $first_boot_dev  /  btrfs  noatime,subvol=$boot_vol  0 0
+$first_efi  /boot/efi  vfat          nofail  0 0
 EOF
   cat >/tmp/fai/disk_var.sh <<EOF
 BOOT_DEVICE="${short_devs[@]}"
diff --git a/faiserver-setup b/faiserver-setup
index bce13d2..ccff894 100755
--- a/faiserver-setup
+++ b/faiserver-setup
@@ -36,6 +36,13 @@ $BASEFILE_DIR/${UPCASED_BASE_CODENAME}${ARCH}.tar.(gz|xz) to exist, and it must
 generated around the same time as the nfsroot, at least so it has the
 same kernel version.
 
+
+Note: there is a bug in 5.9.4, fixed by adding
+    sleep 2
+
+/usr/sbin/fai-make-nfsroot:503, before apt-get update
+
+
 EOF
   exit $1
 }
@@ -77,32 +84,39 @@ armhf() {
   [[ $(dpkg --print-architecture) == armhf ]]
 }
 
-if grep -xFq 'VERSION="8 (jessie)"' /etc/os-release; then
-  gpg -a --recv-keys 2BF8D9FE074BCDE4; gpg -a --export 2BF8D9FE074BCDE4 | apt-key add -
-  cat >/etc/apt/sources.list.d/fai.list <<'EOF'
-deb https://fai-project.org/download jessie koeln
-EOF
-elif grep -iE 'VERSION=.*(stretch|flidas|xenail|buster|bullseye|etiona|nabia)' /etc/os-release; then
-  # fai on ubuntu only has official support using the universe repo, but newer
-  # tends to have less bugs.
-  wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
-
-  case $base in
-    stretch|buster|bullseye)
-      cat >/etc/apt/sources.list.d/fai.list <<EOF
+# fai on ubuntu only has official support using the universe repo, but newer
+# tends to have less bugs.
+wget -O - https://fai-project.org/download/2BF8D9FE074BCDE4.asc | apt-key add -
+
+update=false
+case $base in
+  stretch|buster|bullseye)
+    if ! grep -qFx "deb https://fai-project.org/download $base koeln" /etc/apt/sources.list.d/fai.list; then
+      update=true
+    fi
+    cat >/etc/apt/sources.list.d/fai.list <<EOF
 deb https://fai-project.org/download $base koeln
 EOF
-      ;;
-    *)
-      echo "$0: error: script needs updating for new base" >&2
-      exit 1
-      ;;
-  esac
-else
-  rm -f /etc/apt/sources.list.d/fai.list
+    ;;
+  *)
+    echo "$0: error: script needs updating for new base" >&2
+    exit 1
+    ;;
+esac
+
+f=/var/cache/apt/pkgcache.bin;
+if [[ -r $f ]]; then
+  cachetime=$(stat -c %Y $f );
+  now=$(date +%s)
+  limittime=$(( now - 60*60*2 ))
+  if (( cachtime > limittime )); then
+    update=true
+  fi
 fi
 
-apt-get update
+if $update; then
+  apt-get update
+fi
 
 # Relevant packages from fai-quickstart depends and fai-server recommends.
 # I especially do not wait isc-dhcp-server or an inetd. Also excludes
@@ -131,8 +145,10 @@ r=http://http.us.debian.org/debian
 cat >/etc/fai/apt/sources.list <<EOF
 deb $r $base main contrib
 EOF
+
+### begin setup security repo ###
 case $base in
-  jessie|stretch|buster)
+  stretch|buster)
     cat >>/etc/fai/apt/sources.list <<EOF
 deb http://security.debian.org/debian-security $base/updates main contrib
 EOF
@@ -143,6 +159,7 @@ EOF
 deb http://security.debian.org/debian-security $base-security main contrib
 EOF
 esac
+### end setup security repo ###
 
 
 cat >>/etc/fai/apt/sources.list <<EOF
@@ -151,18 +168,18 @@ cat >>/etc/fai/apt/sources.list <<EOF
 deb http://fai-project.org/download $base koeln
 EOF
 
-if [[ $base == jessie ]]; then
-  cat >>/etc/fai/apt/sources.list <<'EOF'
-# fix tar https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
-deb http://ftp.debian.org/debian jessie-backports main
-EOF
-  # note, fai doesn\'t look at /etc/fai/apt/preferences.d
-  cat >/etc/fai/apt/preferences <<'EOF'
-Package: tar
-Pin: release a=jessie-backports
-Pin-Priority: 500
-EOF
-fi
+## Get latest kernel and btrfs for dealing with btrfs issues.
+# if [[ $base == buster ]]; then
+#   cat >>/etc/fai/apt/sources.list <<'EOF'
+# deb http://ftp.debian.org/debian buster-backports main
+# EOF
+#   # note, fai doesn\'t look at /etc/fai/apt/preferences.d
+#   cat >/etc/fai/apt/preferences <<'EOF'
+# Package: linux-* firmware-linux-free btrfs-progs
+# Pin: release a=buster-backports
+# Pin-Priority: 500
+# EOF
+# fi
 
 
 $sed -f - /etc/fai/nfsroot.conf <<EOF
@@ -225,13 +242,8 @@ if armhf; then
     # tftp environment
     local pxebin
 
-    # wheezy path
-    if [ -f $NFSROOT/usr/lib/PXELINUX/pxelinux.0 ]; then
-      pxebin=$NFSROOT/usr/lib/PXELINUX/pxelinux.0
-    else
-      # jessie+ path
-      pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
-    fi
+    # jessie+ path
+    pxebin=$NFSROOT/usr/lib/syslinux/pxelinux.0
 
     rm -f $NFSROOT/boot/*.bak
     mkdir -p $TFTPROOT/pxelinux.cfg
-- 
2.30.2