From 723056c40d38694c14d9bcb6b4a3108f7054a2a1 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Mon, 22 Apr 2024 12:13:13 -0400 Subject: [PATCH] update upstream to 9084a3cbc0a55422beea4a55b530c1f03a910617 feb 2024 --- fai/config/basefiles/mk-basefile | 57 ++++++++++++++++--- fai/config/class/10-base-classes | 3 +- fai/config/class/20-hwdetect.sh | 13 ++--- fai/config/class/40-parse-profiles.sh | 11 ++-- fai/config/class/41-warning.sh | 5 +- fai/config/class/50-host-classes | 14 ++--- fai/config/class/60-misc | 2 - fai/config/class/85-efi-classes | 2 +- fai/config/class/DEBIAN.var | 23 +++++++- fai/config/class/FAIBASE.var | 6 +- fai/config/class/UBUNTU.var | 2 +- fai/config/class/example.profile | 14 ++--- fai/config/disk_config/FAIBASE | 3 + fai/config/disk_config/FAIBASE_EFI | 13 +++-- fai/config/disk_config/FAISERVER_EFI | 14 ++--- fai/config/disk_config/LVM | 4 +- fai/config/disk_config/LVM_EFI | 8 +-- .../files/etc/fai/nfsroot.conf/FAISERVER | 2 +- fai/config/files/etc/rc.local/FAISERVER | 11 +++- fai/config/hooks/debconf.IMAGE | 6 +- fai/config/hooks/instsoft.DEBIAN | 3 + fai/config/hooks/savelog.LAST.sh | 3 + fai/config/hooks/updatebase.DEBIAN | 5 -- fai/config/package_config/DEBIAN | 34 ++++++----- fai/config/package_config/FAISERVER | 4 +- fai/config/package_config/GNOME | 8 ++- fai/config/package_config/STANDARD | 6 -- fai/config/package_config/UBUNTU | 24 ++++---- fai/config/package_config/XFCE | 9 +++ fai/config/scripts/CLOUD/99-cleanup | 19 ++----- fai/config/scripts/DEBIAN/30-interface | 1 - fai/config/scripts/DEBIAN/40-misc | 12 ++-- fai/config/scripts/DEMO/10-misc | 4 +- fai/config/scripts/FAIBASE/10-misc | 2 +- fai/config/scripts/FAISERVER/10-conffiles | 8 ++- fai/config/scripts/GRUB_EFI/10-setup | 18 +++++- fai/config/scripts/GRUB_PC/10-setup | 10 ++++ fai/config/scripts/LAST/50-misc | 35 ++++++++++-- fai/config/tests/Faitest.pm | 2 +- 39 files changed, 271 insertions(+), 149 deletions(-) diff --git a/fai/config/basefiles/mk-basefile b/fai/config/basefiles/mk-basefile index 085b9a4..7ced32d 100755 --- a/fai/config/basefiles/mk-basefile +++ b/fai/config/basefiles/mk-basefile @@ -2,15 +2,17 @@ # mk-basefile, create basefiles for some distributions # -# Thomas Lange, Uni Koeln, 2011-2021 +# Thomas Lange, Uni Koeln, 2011-2024 # based on the Makefile implementation of Michael Goetze # # Usage example: mk-basefile -J STRETCH64 # This will create a STRETCH64.tar.xz basefile. -# Supported distributions (each i386/amd64): +# Supported distributions (i386/amd64): # Debian GNU/Linux -# Ubuntu 14.04/16.04 +# Ubuntu 14.04/16.04/20.04/22.04 +# AlmaLinux 9 +# Rocky Linux 8/9 # CentOS 5/6/7/8 # Scientific Linux Cern 5/6 # @@ -32,12 +34,15 @@ EXCLUDE_BUSTER= EXCLUDE_BULLSEYE= EXCLUDE_BOOKWORM= EXCLUDE_TRIXIE= +EXCLUDE_FORKY= EXCLUDE_SID= EXCLUDE_TRUSTY=dhcp3-client,dhcp3-common,info EXCLUDE_XENIAL=udhcpc,dibbler-client,info EXCLUDE_BIONIC=udhcpc,dibbler-client,info EXCLUDE_FOCAL=udhcpc,dibbler-client,info +EXCLUDE_JAMMY=udhcpc,dibbler-client,info +EXCLUDE_NOBLE=udhcpc,dibbler-client,info # here you can add packages, that are needed very early INCLUDE_DEBIAN= @@ -111,7 +116,8 @@ cleanup-deb() { chroot $xtmp apt-get clean rm -f $xtmp/etc/hostname $xtmp/etc/resolv.conf \ $xtmp/var/lib/apt/lists/*_* $xtmp/usr/bin/qemu-*-static \ - $xtmp/etc/udev/rules.d/70-persistent-net.rules + $xtmp/etc/udev/rules.d/70-persistent-net.rules \ + $xtmp/var/lib/dbus/machine-id > $xtmp/etc/machine-id } @@ -138,6 +144,30 @@ tarit() { } +rpmdist() { + + local arch=$1 + local vers=$2 + local dist=$3 + local domain=$(domainname) + + check + setarch $arch + $l32 rinse --directory $xtmp --distribution $dist-$vers --arch $arch --before-post-install $xtmp/post + domainname $domain # workaround for #613377 + cleanup-rinse + tarit +} + + +alma() { + rpmdist $1 $2 alma +} + +rocky() { + rpmdist $1 $2 rocky +} + centos() { local arch=$1 @@ -205,6 +235,9 @@ prtdists() { echo "Available: + ALMA9_64 + ROCKY8_64 + ROCKY9_64 CENTOS5_32 CENTOS5_64 CENTOS6_32 CENTOS6_64 CENTOS7_32 CENTOS7_64 @@ -216,6 +249,8 @@ prtdists() { XENIAL32 XENIAL64 BIONIC64 FOCAL64 + JAMMY64 + NOBLE64 SQUEEZE32 SQUEEZE64 WHEEZY32 WHEEZY64 JESSIE32 JESSIE64 @@ -224,6 +259,7 @@ prtdists() { BULLSEYE32 BULLSEYE64 BOOKWORM32 BOOKWORM64 TRIXIE32 TRIXIE64 + FORKY32 FORKY64 SID32 SID64 " } @@ -233,14 +269,14 @@ usage() { cat <&/dev/null && dpkg --print-architecture | tr a-z A-Z # determin if we are a DHCP client or not diff --git a/fai/config/class/20-hwdetect.sh b/fai/config/class/20-hwdetect.sh index 57374c8..b04a948 100755 --- a/fai/config/class/20-hwdetect.sh +++ b/fai/config/class/20-hwdetect.sh @@ -1,6 +1,6 @@ #! /bin/bash -# (c) Thomas Lange, 2002-2013, lange@informatik.uni-koeln.de +# (c) Thomas Lange, 2002-2013, lange@cs.uni-koeln.de # NOTE: Files named *.sh will be evaluated, but their output ignored. @@ -8,12 +8,11 @@ echo 0 > /proc/sys/kernel/printk -#kernelmodules= -# here, you can load modules depending on the kernel version -case $(uname -r) in - 2.6*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;; - [3456]*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;; -esac +# example how to load modules depending on the kernel version +#case $(uname -r) in +# 2.6*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;; +# [3456]*) kernelmodules="$kernelmodules mptspi dm-mod md-mod aes dm-crypt" ;; +#esac for mod in $kernelmodules; do [ X$verbose = X1 ] && echo Loading kernel module $mod diff --git a/fai/config/class/40-parse-profiles.sh b/fai/config/class/40-parse-profiles.sh index 0fed6ee..cb11c17 100755 --- a/fai/config/class/40-parse-profiles.sh +++ b/fai/config/class/40-parse-profiles.sh @@ -2,7 +2,7 @@ # parse *.profile and build a curses menu, so the user can select a profile # -# (c) 2015 by Thomas Lange, lange@informatik.uni-koeln.de +# (c) 2015 by Thomas Lange, lange@cs.uni-koeln.de # Universitaet zu Koeln if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = Xdirinstall -o X$FAI_ACTION = X ]; then @@ -14,6 +14,8 @@ fi [ "$flag_menu" ] || return 0 out=$(tty) +# save stdout and redirect stdout to tty +exec 4>&1 > $out tempfile=$(mktemp) tempfile2=$(mktemp) trap "rm -f $tempfile $tempfile2" EXIT INT QUIT @@ -147,8 +149,7 @@ while true; do dialog --clear --item-help --title "FAI - Fully Automatic Installation" --help-button \ --default-item "$default" \ --menu "\nSelect your FAI profile\n\nThe profile will define a list of classes,\nwhich are used by FAI.\n\n\n"\ - 15 70 0 "${par[@]}" 2> $tempfile 1> $out - + 15 70 0 "${par[@]}" 2> $tempfile _retval=$? case $_retval in 0) @@ -158,8 +159,10 @@ while true; do echo "No profile selected." break ;; 2) - dialog --title "Description of all profiles" --textbox $tempfile2 0 0 1> $out;; + dialog --title "Description of all profiles" --textbox $tempfile2 0 0 ;; esac done unset par ardesc arshort arlong arclasses list tempfile tempfile2 _parsed _retval line + +exec 1>&4 # restore stdout diff --git a/fai/config/class/41-warning.sh b/fai/config/class/41-warning.sh index e9f9ec5..f66085d 100755 --- a/fai/config/class/41-warning.sh +++ b/fai/config/class/41-warning.sh @@ -13,11 +13,13 @@ grep -q INSTALL $LOGDIR/FAI_CLASSES || return 0 [ "$flag_menu" ] || return 0 out=$(tty) +# save stdout and redirect stdout to tty +exec 4>&1 > $out red=$(mktemp) echo 'screen_color = (CYAN,RED,ON)' > $red DIALOGRC=$red dialog --colors --clear --aspect 6 --title "FAI - Fully Automatic Installation" --trim \ - --msgbox "\n\n If you continue, \n all your data on the disk \n \n|\Zr\Z1 WILL BE DESTROYED \Z0\Zn|\n\n" 0 0 1>$out + --msgbox "\n\n If you continue, \n all your data on the disk \n \n|\Zr\Z1 WILL BE DESTROYED \Z0\Zn|\n\n" 0 0 # stop on any error, or if ESC was hit if [ $? -ne 0 ]; then @@ -26,3 +28,4 @@ fi rm $red unset red +exec 1>&4 # restore stdout diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes index df38b88..d8ba897 100755 --- a/fai/config/class/50-host-classes +++ b/fai/config/class/50-host-classes @@ -16,16 +16,10 @@ case $HOSTNAME in gnomehost) echo "FAIBASE DEBIAN DEMO XORG GNOME";; ubuntuhost) - echo "FAIBASE DEBIAN DEMO UBUNTU FOCAL FOCAL64 XORG";; - centos) - echo "FAIBASE CENTOS" # you may want to add class XORG here - ifclass AMD64 && echo CENTOS8_64 - ;; - slchost) - # Scientific Linux Cern, is very similar to CentOS. SLC should alsways use the class CENTOS - echo "FAIBASE CENTOS SLC" # you may want to add class XORG here - ifclass I386 && echo SLC7_32 - ifclass AMD64 && echo SLC7_64 + echo "FAIBASE DEBIAN DEMO UBUNTU JAMMY JAMMY64 XORG";; + rocky) + echo "FAIBASE ROCKY" # you may want to add class XORG here + ifclass AMD64 && echo ROCKY9_64 ;; *) echo "FAIBASE DEBIAN DEMO" ;; diff --git a/fai/config/class/60-misc b/fai/config/class/60-misc index 1c3b4fd..01eb252 100755 --- a/fai/config/class/60-misc +++ b/fai/config/class/60-misc @@ -1,7 +1,5 @@ #! /bin/bash -ifclass -o CENTOS SLC && exit 0 - ifclass -o GRUB_PC GRUB_EFI && exit 0 if [ -d /sys/firmware/efi ]; then diff --git a/fai/config/class/85-efi-classes b/fai/config/class/85-efi-classes index 711b534..afe6f49 100755 --- a/fai/config/class/85-efi-classes +++ b/fai/config/class/85-efi-classes @@ -6,7 +6,7 @@ if [ ! -d /sys/firmware/efi ] || ifclass GRUB_PC; then exit 0 fi -for c in LVM FAISERVER FAIBASE; do +for c in CLOUD LVM FAISERVER FAIBASE; do if ifclass $c; then echo ${c}_EFI break diff --git a/fai/config/class/DEBIAN.var b/fai/config/class/DEBIAN.var index dc133a5..492d995 100644 --- a/fai/config/class/DEBIAN.var +++ b/fai/config/class/DEBIAN.var @@ -1,4 +1,4 @@ -release=bullseye +release=bookworm apt_cdn=http://deb.debian.org security_cdn=http://security.debian.org @@ -24,3 +24,24 @@ MODULESLIST="usbhid psmouse" # if you want to use the faiserver as APT proxy #APTPROXY=http://faiserver:3142 + + +# The linux-image package has different names for Debian and Ubuntu +if ifclass UBUNTU; then + kernelname=linux-image-generic +elif ifclass I386; then + kernelname=linux-image-686-pae +elif ifclass AMD64; then + kernelname=linux-image-amd64 +fi + +if [ -z "kernelname" ]; then + _arch=$(dpkg --print-architecture 2>/dev/null) + case $_arch in + i386) + kernelname=linux-image-686-pae ;; + *) + kernelname=linux-image-$_arch + esac + unset _arch +fi diff --git a/fai/config/class/FAIBASE.var b/fai/config/class/FAIBASE.var index 72d38f2..0e38a1f 100644 --- a/fai/config/class/FAIBASE.var +++ b/fai/config/class/FAIBASE.var @@ -17,9 +17,13 @@ STOP_ON_ERROR=700 # set parameter for install_packages(8) MAXPACKAGES=800 +# Account on the FAI server for saving log files and calling fai-chboot. +# Remove the hash character in the next line to activate this feature +#LOGUSER=fai + # a user account will be created username=demo USERPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' # set a default -FAI_DEBOOTSTRAP="bullseye http://deb.debian.org/debian" +FAI_DEBOOTSTRAP="bookworm http://deb.debian.org/debian" diff --git a/fai/config/class/UBUNTU.var b/fai/config/class/UBUNTU.var index a258b6a..0f99b95 100644 --- a/fai/config/class/UBUNTU.var +++ b/fai/config/class/UBUNTU.var @@ -1,2 +1,2 @@ ubuntumirror=http://archive.ubuntu.com -ubuntudist=focal +ubuntudist=jammy diff --git a/fai/config/class/example.profile b/fai/config/class/example.profile index cbcbf82..c55a3ca 100644 --- a/fai/config/class/example.profile +++ b/fai/config/class/example.profile @@ -25,21 +25,21 @@ You should have a fast network connection, because most packages are downloaded from the internet. Classes: INSTALL FAIBASE DEBIAN DEMO XORG GNOME -Name: CentOS 8 -Description: CentOS 8 with Xfce desktop -Short: A normal Xfce desktop, running CentOS 8 -Long: We use the Debian nfsroot for installing the CentOS 8 OS. +Name: Rocky Linux +Description: Rocky Linux 9 with Xfce desktop +Short: A normal Xfce desktop, running Rocky Linux 9 +Long: We use the Debian nfsroot for installing the Rocky Linux 9 OS. You should have a fast network connection, because most packages are downloaded from the internet. -Classes: INSTALL FAIBASE CENTOS CENTOS8_64 XORG +Classes: INSTALL FAIBASE ROCKY ROCKY9_64 XORG Name: Ubuntu -Description: Ubuntu 20.04 LTS desktop installation +Description: Ubuntu 22.04 LTS desktop installation Short: Unity desktop Long: We use the Debian nfsroot for installing the Ubuntu OS. You should have a fast network connection, because most packages are downloaded from the internet. -Classes: INSTALL FAIBASE DEMO DEBIAN UBUNTU FOCAL FOCAL64 XORG +Classes: INSTALL FAIBASE DEMO DEBIAN UBUNTU JAMMY JAMMY64 XORG Name: Inventory Description: Show hardware info diff --git a/fai/config/disk_config/FAIBASE b/fai/config/disk_config/FAIBASE index 0c66cbc..bbcffe3 100644 --- a/fai/config/disk_config/FAIBASE +++ b/fai/config/disk_config/FAIBASE @@ -2,6 +2,9 @@ # # +# you may want to add "-O ^metadata_csum_seed" to createopts if the target +# system is older than bullseye. See #866603, #1031415, #1031416 for more info. + disk_config disk1 disklabel:msdos bootable:1 fstabkey:uuid primary / 2G-50G ext4 rw,noatime,errors=remount-ro diff --git a/fai/config/disk_config/FAIBASE_EFI b/fai/config/disk_config/FAIBASE_EFI index 8ff0e4b..cc2ed9c 100644 --- a/fai/config/disk_config/FAIBASE_EFI +++ b/fai/config/disk_config/FAIBASE_EFI @@ -1,10 +1,13 @@ # example of new config file for setup-storage # -# +# p= + +# you may want to add "-O ^metadata_csum_seed" to createopts if the target +# system is older than bullseye. See #866603, #1031415, #1031416 for more info. disk_config disk1 disklabel:gpt bootable:1 fstabkey:uuid -primary /boot/efi 512M vfat rw -primary / 2G-50G ext4 rw,noatime,errors=remount-ro -primary swap 200-10G swap sw -primary /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" +p=efi /boot/efi 512M vfat rw +p=root / 2G-50G ext4 rw,noatime,errors=remount-ro +p= swap 200-10G swap sw +p=home /home 100- ext4 rw,noatime,nosuid,nodev createopts="-L home -m 1" tuneopts="-c 0 -i 0" diff --git a/fai/config/disk_config/FAISERVER_EFI b/fai/config/disk_config/FAISERVER_EFI index 30adbe3..e11020c 100644 --- a/fai/config/disk_config/FAISERVER_EFI +++ b/fai/config/disk_config/FAISERVER_EFI @@ -1,12 +1,12 @@ # config file for an FAI install server # -# +# p= disk_config disk1 disklabel:gpt fstabkey:uuid -primary /boot/efi 512M vfat rw -primary / 2G-15G ext4 rw,noatime,errors=remount-ro -primary swap 200-1000 swap sw -primary /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0" -primary /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0" -primary /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0" +p=efi /boot/efi 512M vfat rw +p=system / 2G-15G ext4 rw,noatime,errors=remount-ro +p=swap swap 200-1000 swap sw +p= /tmp 100-1000 ext4 rw,noatime,nosuid,nodev createopts="-m 0" tuneopts="-c 0 -i 0" +p=home /home 100-40% ext4 rw,noatime,nosuid,nodev createopts="-m 1" tuneopts="-c 0 -i 0" +p=data /srv 1G-50% ext4 rw,noatime createopts="-m 1" tuneopts="-c 0 -i 0" diff --git a/fai/config/disk_config/LVM b/fai/config/disk_config/LVM index 868970a..71e55d3 100644 --- a/fai/config/disk_config/LVM +++ b/fai/config/disk_config/LVM @@ -4,8 +4,8 @@ disk_config disk1 fstabkey:uuid align-at:1M -primary /boot 200 ext2 rw,noatime -primary - 4G- - - +primary /boot 500 ext4 rw,noatime +primary - 4G- - - disk_config lvm diff --git a/fai/config/disk_config/LVM_EFI b/fai/config/disk_config/LVM_EFI index b2609a5..037cb51 100644 --- a/fai/config/disk_config/LVM_EFI +++ b/fai/config/disk_config/LVM_EFI @@ -1,12 +1,12 @@ -# +# p= # entire disk with LVM, separate /home disk_config disk1 disklabel:gpt fstabkey:uuid align-at:1M -primary /boot/efi 512M vfat rw -primary /boot 200 ext2 rw,noatime -primary - 4G- - - +p=efi /boot/efi 512M vfat rw +p=boot /boot 500 ext4 rw,noatime +p=system - 4G- - - disk_config lvm diff --git a/fai/config/files/etc/fai/nfsroot.conf/FAISERVER b/fai/config/files/etc/fai/nfsroot.conf/FAISERVER index 72491fd..e176a6d 100644 --- a/fai/config/files/etc/fai/nfsroot.conf/FAISERVER +++ b/fai/config/files/etc/fai/nfsroot.conf/FAISERVER @@ -1,7 +1,7 @@ # For a detailed description see nfsroot.conf(5) # " " for debootstrap -FAI_DEBOOTSTRAP="bullseye http://deb.debian.org/debian" +FAI_DEBOOTSTRAP="bookworm http://deb.debian.org/debian" FAI_ROOTPW='$1$kBnWcO.E$djxB128U7dMkrltJHPf6d1' NFSROOT=/srv/fai/nfsroot diff --git a/fai/config/files/etc/rc.local/FAISERVER b/fai/config/files/etc/rc.local/FAISERVER index 2c255cc..69a4ee0 100755 --- a/fai/config/files/etc/rc.local/FAISERVER +++ b/fai/config/files/etc/rc.local/FAISERVER @@ -20,7 +20,6 @@ if [ $? -ne 0 ]; then dpkg-reconfigure -fnoninteractive openssh-server fi sleep 8 -[ -x /etc/init.d/nscd ] && invoke-rc.d nscd restart echo "=================================" echo "Setting up the FAI install server" @@ -44,8 +43,11 @@ fi ainsl /etc/fai/fai.conf "^LOGUSER=fai" # make index, then import the packages from the CD mirror +/etc/init.d/apt-cacher-ng restart apt-get update >/dev/null +echo "Importing local packages to apt cache" curl -fs 'http://127.0.0.1:3142/acng-report.html?doImport=Start+Import&calcSize=cs&asNeeded=an#bottom' >/dev/null +echo "Creating FAI Server setup" # setup the FAI server, including creating the nfsroot, use my own proxy export APTPROXY="http://127.0.0.1:3142" @@ -67,9 +69,12 @@ else echo "==================================================" echo -e "${RED}ERROR${NORMAL}: Setting up the FAI install server ${RED}FAILED${NORMAL}!" echo "Read /var/log/fai/fai-setup.log for more debugging" + echo "Setup script is now moved to /var/tmp/$0" echo "==================================================" echo "" + cp -p $0 /var/tmp sleep 10 + rm -f $0 exit 99 fi @@ -83,7 +88,7 @@ EOF fai-chboot -o default # create a template for booting the installation -fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config bullseye.tmpl +fai-chboot -Iv -f verbose,sshd,createvt,menu -u nfs://faiserver/srv/fai/config bookworm.tmpl # Since we do not know the MAC address, our DHCP cannot provide the hostname. # Therefore we do explicitly set the hostname @@ -96,7 +101,7 @@ done fai-monitor > /var/log/fai/fai-monitor.log & # move me away -mv $0 /var/tmp +cp -p $0 /var/tmp # create new rc.local for next reboot echo '#! /bin/bash' > /etc/rc.local diff --git a/fai/config/hooks/debconf.IMAGE b/fai/config/hooks/debconf.IMAGE index c396636..f91ae3f 100755 --- a/fai/config/hooks/debconf.IMAGE +++ b/fai/config/hooks/debconf.IMAGE @@ -3,7 +3,7 @@ # hook for installing a file system image (tar file) # this works for Ubuntu 14.04 # -# Copyright (C) 2015 Thomas Lange, lange@informatik.uni-koeln.de +# Copyright (C) 2015 Thomas Lange, lange@cs.uni-koeln.de # I use this tar command to create the image of an already running and configured machine @@ -31,8 +31,8 @@ if [ -f $target/etc/debian_version ]; then fi if [ -f $target/etc/centos-release ]; then rm $target/etc/grub2/device.map - $FAI/scripts/CENTOS/40-install-grub - $FAI/scripts/CENTOS/30-mkinitrd + $FAI/scripts/ROCKY/40-install-grub + $FAI/scripts/ROCKY/30-mkinitrd $ROOTCMD fixfiles onboot # this fixes the SELinux security contexts during the first boot fi diff --git a/fai/config/hooks/instsoft.DEBIAN b/fai/config/hooks/instsoft.DEBIAN index 35ac306..747af59 100755 --- a/fai/config/hooks/instsoft.DEBIAN +++ b/fai/config/hooks/instsoft.DEBIAN @@ -23,3 +23,6 @@ if [ $? -eq 0 ]; then $ROOTCMD apt-get -y install locales > /dev/null fi fi + +# use zstd for dracut initrd +ainsl -av /etc/dracut.conf.d/11-debian.conf "compress=zstd" diff --git a/fai/config/hooks/savelog.LAST.sh b/fai/config/hooks/savelog.LAST.sh index 6546814..ba04b98 100755 --- a/fai/config/hooks/savelog.LAST.sh +++ b/fai/config/hooks/savelog.LAST.sh @@ -182,6 +182,8 @@ disabling ASPM data block query control method not found subprocess.py.\+RuntimeWarning: line buffering Resource conflict.\+ found +os-prober will not be executed +/sys/bus/usb/devices/\*:\*/bInterface update-rc.d: warning: start and stop actions are no longer supported" # add pattern on some conditions @@ -219,4 +221,5 @@ if [ -s $errfile ]; then echo "ERRORS found in log files. See $errfile" >&2 else echo "Congratulations! No errors found in log files." +# export flag_reboot=1 # if you want to reboot if no errors are found fi diff --git a/fai/config/hooks/updatebase.DEBIAN b/fai/config/hooks/updatebase.DEBIAN index e828eef..8b5117f 100755 --- a/fai/config/hooks/updatebase.DEBIAN +++ b/fai/config/hooks/updatebase.DEBIAN @@ -7,8 +7,3 @@ else fi echo force-unsafe-io > $target/etc/dpkg/dpkg.cfg.d/unsafe-io - -# you may want to add i386 arch to amd64 hosts -# if ifclass AMD64; then -# $ROOTCMD dpkg --add-architecture i386 -# fi diff --git a/fai/config/package_config/DEBIAN b/fai/config/package_config/DEBIAN index fe7cff7..bfa4a95 100644 --- a/fai/config/package_config/DEBIAN +++ b/fai/config/package_config/DEBIAN @@ -1,7 +1,9 @@ PACKAGES install-norec -apt-transport-https # is only needed for stretch +#cryptsetup-initramfs # needed if you use an encrypted partition +bash-completion debconf-utils file +zstd less linuxlogo rsync @@ -9,7 +11,7 @@ openssh-client openssh-server time procinfo nullmailer -eject +sudo locales console-setup kbd pciutils usbutils @@ -20,34 +22,38 @@ PACKAGES install NONFREE firmware-bnx2 firmware-bnx2x firmware-realtek firmware-linux-nonfree # a list of firmware for wifi/wireless -atmel-firmware firmware-atheros firmware-brcm80211 -firmware-iwlwifi firmware-libertas firmware-ralink firmware-zd1211 +firmware-misc-nonfree +atmel-firmware firmware-ath9k-htc firmware-brcm80211 +firmware-iwlwifi firmware-libertas firmware-zd1211 firmware-brcm80211 firmware-ti-connectivity firmware-netronome firmware-netxen firmware-realtek firmware-cavium # firmware-ipw2x00 # needs a debconf question -PACKAGES install I386 -linux-image-686-pae +# needed for a live ISO +PACKAGES install-norec LIVEISO +dracut dracut-live dracut-squash grub-pc grub-efi-amd64-bin + +PACKAGES install-norec I386 AMD64 memtest86+ -PACKAGES install CHROOT +PACKAGES install-norec CHROOT linux-image-686-pae- linux-image-amd64- -PACKAGES install AMD64 -linux-image-amd64 +PACKAGES install-norec AMD64 +${kernelname} # see class/DEBIAN.var memtest86+ -PACKAGES install ARM64 +PACKAGES install-norec ARM64 +${kernelname} # see class/DEBIAN.var grub-efi-arm64 -linux-image-arm64 -PACKAGES install GRUB_PC +PACKAGES install-norec GRUB_PC grub-pc -PACKAGES install GRUB_EFI -grub-efi +PACKAGES install-norec GRUB_EFI +grub-efi dosfstools PACKAGES install LVM lvm2 diff --git a/fai/config/package_config/FAISERVER b/fai/config/package_config/FAISERVER index 25672c8..30cf041 100644 --- a/fai/config/package_config/FAISERVER +++ b/fai/config/package_config/FAISERVER @@ -2,12 +2,12 @@ PACKAGES install-norec fai-quickstart debmirror tcpdump -xorriso grub-pc +xorriso lftp curl netselect syslinux-common pxelinux apt-cacher-ng -nscd psmisc +psmisc bind9 dnsutils iptables-persistent zile diff --git a/fai/config/package_config/GNOME b/fai/config/package_config/GNOME index a7ac908..053d022 100644 --- a/fai/config/package_config/GNOME +++ b/fai/config/package_config/GNOME @@ -1,5 +1,11 @@ -PACKAGES install-norec +# enable following two lines to get full GNOME desktop +#PACKAGES install +#task-gnome-desktop + +# stripped down version of GNOME without libreoffice +# upgrade to full desktop using: # apt install task-gnome-desktop +PACKAGES install-norec firefox-esr #thunderbird menu gdm3 diff --git a/fai/config/package_config/STANDARD b/fai/config/package_config/STANDARD index de178ae..b515458 100644 --- a/fai/config/package_config/STANDARD +++ b/fai/config/package_config/STANDARD @@ -27,11 +27,5 @@ telnet traceroute ucf xz-utils - -PACKAGES install-norec STRETCH BUSTER -python -python-minimal - -PACKAGES install-norec BULLSEYE python3 python3-minimal diff --git a/fai/config/package_config/UBUNTU b/fai/config/package_config/UBUNTU index 47e9e73..96533c4 100644 --- a/fai/config/package_config/UBUNTU +++ b/fai/config/package_config/UBUNTU @@ -1,20 +1,18 @@ -PACKAGES install I386 -linux-image-generic -memtest86+ - -PACKAGES install CHROOT -linux-image-generic- - -PACKAGES install AMD64 -linux-image-generic -memtest86+ - -PACKAGES install GRUB_PC -grub-pc +# the kernel is now defined in DEBIAN PACKAGES install ubuntu-minimal ubuntu-server +PACKAGES install XORG +ubuntu-server- +ubuntu-standard +ubuntu-desktop + PACKAGES install GERMAN language-pack-gnome-de + +PACKAGES install CHROOT +# a chroot does not need a kernel. +# See class/DEBIAN.var for the exact package name +${kernelname}- diff --git a/fai/config/package_config/XFCE b/fai/config/package_config/XFCE index 2e878d3..257afb7 100644 --- a/fai/config/package_config/XFCE +++ b/fai/config/package_config/XFCE @@ -1,6 +1,15 @@ +# enable following two lines to get full XFCE desktop +#PACKAGES install +#task-xfce-desktop + +# stripped down version of xfce4 without libreoffice +# upgrade to full desktop using: # apt install task-xfce-desktop PACKAGES install-norec xfce4 # base system xfce4-goodies # additional tools +xfce4-power-manager +light-locker lightdm +synaptic firefox-esr network-manager-gnome diff --git a/fai/config/scripts/CLOUD/99-cleanup b/fai/config/scripts/CLOUD/99-cleanup index 4580988..3ffa00c 100755 --- a/fai/config/scripts/CLOUD/99-cleanup +++ b/fai/config/scripts/CLOUD/99-cleanup @@ -1,27 +1,18 @@ #! /bin/bash -fcopy /etc/init.d/expand-root -if [ -f $target/files/etc/init.d/expand-root ]; then - $ROOTCMD insserv --default expand-root -fi - -sed -i "s/PermitRootLogin yes/PermitRootLogin without-password/" $target/etc/ssh/sshd_config +fai-sed "s/PermitRootLogin yes/PermitRootLogin without-password/" /etc/ssh/sshd_config ainsl /etc/ssh/sshd_config 'ClientAliveInterval 120' ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist pcspkr' ainsl -a /etc/modprobe.d/blacklist.conf 'blacklist floppy' +cleanup_base + rm -f $target/etc/resolv.conf \ $target/etc/udev/rules.d/70-persistent-net.rules \ - $target/lib/udev/write_net_rules \ - $target/etc/mailname \ - $target/var/lib/dbus/machine-id - -> $target/etc/machine-id - -shred --remove $target/etc/ssh/ssh_host_* + $target/lib/udev/write_net_rules # FIXME: DHCP RFC3442 is used incorrect in Azure if [ -f $target/etc/dhcp/dhclient.conf ]; then - sed -ie 's,rfc3442-classless-static-routes,disabled-\0,' $target/etc/dhcp/dhclient.conf + fai-sed 's,rfc3442-classless-static-routes,disabled-\0,' /etc/dhcp/dhclient.conf fi diff --git a/fai/config/scripts/DEBIAN/30-interface b/fai/config/scripts/DEBIAN/30-interface index 4b0dcf4..e31fd20 100755 --- a/fai/config/scripts/DEBIAN/30-interface +++ b/fai/config/scripts/DEBIAN/30-interface @@ -46,7 +46,6 @@ iface_stanza() { newnicnames() { - # determine predictable network names only for stretch and above local name [ $do_init_tasks -eq 0 ] && return diff --git a/fai/config/scripts/DEBIAN/40-misc b/fai/config/scripts/DEBIAN/40-misc index 714be55..3742a41 100755 --- a/fai/config/scripts/DEBIAN/40-misc +++ b/fai/config/scripts/DEBIAN/40-misc @@ -16,16 +16,16 @@ if [ ! -e $target/etc/adjtime ]; then printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime fi if [ "$UTC" = "yes" ]; then - sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime + fai-sed 's:^LOCAL$:UTC:' /etc/adjtime else - sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime + fai-sed 's:^UTC$:LOCAL:' /etc/adjtime fi # enable linuxlogo if [ -f $target/etc/inittab ]; then - sed -i -e 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' ${target}/etc/inittab + fai-sed 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' /etc/inittab elif [ -f $target/lib/systemd/system/getty@.service ]; then - sed -i -e 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' $target/lib/systemd/system/getty@.service + fai-sed 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' /lib/systemd/system/getty@.service fi # make sure a machine-id exists @@ -37,9 +37,9 @@ if [ X"$(stat -c '%s' $target/etc/machine-id 2>/dev/null)" = X0 -a -f $target/b $ROOTCMD systemd-machine-id-setup fi -ln -fs /proc/mounts $target/etc/mtab +fai-link /etc/mtab ../proc/self/mounts -rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io +rm -f $target/etc/dpkg/dpkg.cfg.d/unsafe-io if [ -d /etc/fai ]; then if ! fcopy -Mv /etc/fai/fai.conf; then diff --git a/fai/config/scripts/DEMO/10-misc b/fai/config/scripts/DEMO/10-misc index d77c048..ed2a810 100755 --- a/fai/config/scripts/DEMO/10-misc +++ b/fai/config/scripts/DEMO/10-misc @@ -17,7 +17,7 @@ fi # add additional user account if [ -n "$username" ]; then if ! $ROOTCMD getent passwd $username ; then - $ROOTCMD adduser --disabled-login --gecos "$username user" $username + $ROOTCMD adduser --disabled-password --gecos "$username user" $username $ROOTCMD usermod -p "$USERPW" $username userdir=$($ROOTCMD getent passwd "$username" | cut -d: -f6 ) @@ -28,7 +28,7 @@ if [ -n "$username" ]; then $ROOTCMD mkdir -p $xfdir $ROOTCMD cp /etc/xdg/xfce4/panel/default.xml $xfdir/xfce4-panel.xml # group name is the same as user name - $ROOTCMD chown -R $username.$username $userdir/.config + $ROOTCMD chown -R $username:$username $userdir/.config fi fi diff --git a/fai/config/scripts/FAIBASE/10-misc b/fai/config/scripts/FAIBASE/10-misc index 7a0599d..926b5f0 100755 --- a/fai/config/scripts/FAIBASE/10-misc +++ b/fai/config/scripts/FAIBASE/10-misc @@ -6,7 +6,7 @@ error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code echo $TIMEZONE > $target/etc/timezone if [ -L $target/etc/localtime ]; then - ln -sf /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime + fai-link /etc/localtime /usr/share/zoneinfo/${TIMEZONE} else cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime fi diff --git a/fai/config/scripts/FAISERVER/10-conffiles b/fai/config/scripts/FAISERVER/10-conffiles index 92b17fc..e0a60ff 100755 --- a/fai/config/scripts/FAISERVER/10-conffiles +++ b/fai/config/scripts/FAISERVER/10-conffiles @@ -27,8 +27,10 @@ if [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ] ; then # add entries for 10 hosts called client 01 .. 10 perl -e 'for (1..10) {printf "192.168.33.%s client%02s\n",101+$_,$_;}' >> $target/etc/hosts - sed -i -e '/# ReuseConnections: 1/d' $target/etc/apt-cacher-ng/acng.conf - ainsl -v /etc/apt-cacher-ng/acng.conf "ReuseConnections: 0" + fai-sed '/# ReuseConnections: 1/d' /etc/apt-cacher-ng/acng.conf + ainsl -v /etc/apt-cacher-ng/acng.conf "ReuseConnections: 1" + ainsl -v /etc/apt-cacher-ng/acng.conf "PipelineDepth: 80" + ainsl -v /etc/apt-cacher-ng/acng.conf "DlMaxRetries: 6" # copy base file for faster building of nfsroot if [ -f /var/tmp/base.tar.xz ]; then @@ -38,7 +40,7 @@ if [ $FAI_ACTION = "install" -o $FAI_ACTION = "dirinstall" ] ; then if [ -d /media/mirror/pool ]; then mkdir $target/var/cache/apt-cacher-ng/_import cp -p /media/mirror/pool/*/*/*/*.deb $target/var/cache/apt-cacher-ng/_import - $ROOTCMD chown -R apt-cacher-ng.apt-cacher-ng /var/cache/apt-cacher-ng/_import + $ROOTCMD chown -R apt-cacher-ng:apt-cacher-ng /var/cache/apt-cacher-ng/_import fi # copy basefiles from CD to config space diff --git a/fai/config/scripts/GRUB_EFI/10-setup b/fai/config/scripts/GRUB_EFI/10-setup index 7dd92d4..24054e1 100755 --- a/fai/config/scripts/GRUB_EFI/10-setup +++ b/fai/config/scripts/GRUB_EFI/10-setup @@ -11,6 +11,11 @@ error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code # installation into the removable media paths as well as the standard # debian path. +# do only execute for Debian and similar distros +if ! ifclass DEBIAN ; then + exit 0 +fi + set -a # do not set up grub during dirinstall @@ -41,28 +46,35 @@ if [ "${_bdev%%-*}" = "/dev/dm" ]; then BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' ) fi +opts="--no-floppy --target=x86_64-efi --modules=part_gpt" + # Check if RAID is used for the boot device if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then raiddev=${BOOT_DEVICE#/dev/} # install grub on all members of RAID for device in $(LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat); do echo Install grub on /dev/$device - $ROOTCMD grub-install --no-floppy --force-extra-removable "/dev/$device" + $ROOTCMD grub-install $opts --force-extra-removable "/dev/$device" done elif [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then # do not update vmram when using a loop device - $ROOTCMD grub-install --no-floppy --force-extra-removable --modules=part_gpt --no-nvram $BOOT_DEVICE + $ROOTCMD grub-install $opts --force-extra-removable --no-nvram $BOOT_DEVICE if [ $? -eq 0 ]; then echo "Grub installed on hostdisk $BOOT_DEVICE" fi else - $ROOTCMD grub-install --no-floppy --modules=part_gpt "$GROOT" + $ROOTCMD grub-install $opts "$GROOT" if [ $? -eq 0 ]; then echo "Grub installed on $BOOT_DEVICE = $GROOT" fi fi $ROOTCMD update-grub +if [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then + : +else + efibootmgr -v +fi exit $error diff --git a/fai/config/scripts/GRUB_PC/10-setup b/fai/config/scripts/GRUB_PC/10-setup index 270b356..b23cf36 100755 --- a/fai/config/scripts/GRUB_PC/10-setup +++ b/fai/config/scripts/GRUB_PC/10-setup @@ -3,6 +3,11 @@ error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code +# do only execute for Debian and similar distros +if ! ifclass DEBIAN ; then + exit 0 +fi + set -a # do not set up grub during dirinstall @@ -19,6 +24,11 @@ fi # disable os-prober because of #802717 ainsl /etc/default/grub 'GRUB_DISABLE_OS_PROBER=true' +# efivars may still be mounted from the host system during fai-diskimage +if [ -d $target/sys/firmware/efi/efivars ]; then + umount $target/sys/firmware/efi/efivars +fi + # skip the rest, if not an initial installation if [ $FAI_ACTION != "install" ]; then $ROOTCMD update-grub diff --git a/fai/config/scripts/LAST/50-misc b/fai/config/scripts/LAST/50-misc index 2a7271b..b80e846 100755 --- a/fai/config/scripts/LAST/50-misc +++ b/fai/config/scripts/LAST/50-misc @@ -4,6 +4,11 @@ error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code +# remove crypt password from format.log +if [ -f $LOGDIR/format.log ]; then + perl -i -pane "s/Executing: yes '.+?' \| cryptsetup/Executing: yes 'XXXXXXXXXXXXX' | cryptsetup/" $LOGDIR/format.log +fi + if [ "$FAI_ACTION" = "dirinstall" -o $do_init_tasks -eq 0 ] ; then : else @@ -15,6 +20,11 @@ else fi fi + if [ -f $target/etc/crypttab ] && [ ! -f $target/sbin/cryptsetup ]; then + echo ERROR: Encrypted devices used, but the crypsetup package was not installed. + echo ERROR: You want to add cryptsetup-initramfs or dracut to some package_config file. + fi + usedm=$(dmsetup ls 2>/dev/null | egrep -v '^live-rw|^live-base|^No devices found' | wc -l) if [ $usedm -ne 0 ]; then if [ ! -d $target/etc/lvm ]; then @@ -72,7 +82,7 @@ setrel() { return fi - dists="jessie stretch buster bullseye bookworm trixie focal bionic xenial trusty" + dists="jessie stretch buster bullseye bookworm trixie forky noble jammy focal bionic xenial trusty" for d in $dists; do if grep -iq $d $target/etc/os-release; then release=$d @@ -83,18 +93,31 @@ setrel() { # if installation was done from CD, replace useless sources.list setrel -if [ -f $target/etc/apt/sources.list -a -n "$release" ]; then - grep -q 'file generated by fai-cd' $target/etc/apt/sources.list && cat < $target/etc/apt/sources.list -deb $apt_cdn/debian $release main contrib non-free -deb $security_cdn/debian-security ${secsuite} main contrib non-free +if [ -f $target/etc/apt/sources.list ] && [ -n "$release" ]; then + if grep -q 'file generated by fai-cd' $target/etc/apt/sources.list; then + echo "Create new sources.list for $release" + cat < $target/etc/apt/sources.list +deb $apt_cdn/debian $release main contrib non-free non-free-firmware +deb $security_cdn/debian-security ${secsuite} main contrib non-free non-free-firmware #deb [trusted=yes] http://fai-project.org/download $release koeln EOF + fi # if the package fai-server was installed, enable the project's repository if dpkg-query --admindir=$target/var/lib/dpkg -W fai-server >/dev/null 2>&1; then - sed -i -e '/fai-project.org/s/^#//' $target/etc/apt/sources.list + fai-sed '/fai-project.org/s/^#//' /etc/apt/sources.list fi fi +# install default sources.list for Debian based distributions +if [ -d $target/etc/apt ] && [ ! -f $target/etc/apt/sources.list ]; then + fcopy -Svc DEBIAN_DEFAULT /etc/apt/sources.list +fi + +# older releases do not have the non-free-firmware section +if [ -n "$release" ] && [[ "buster bullseye" =~ "$release" ]]; then + sed -i -e 's/non-free-firmware//g' $target/etc/apt/sources.list +fi + # for ARM architecture, we may need the kernel and initrd to boot or flash the device if ifclass ARM64; then cp -pv $target/boot/vmlinuz* $target/boot/initrd* $FAI_RUNDIR diff --git a/fai/config/tests/Faitest.pm b/fai/config/tests/Faitest.pm index 022b407..b806599 100644 --- a/fai/config/tests/Faitest.pm +++ b/fai/config/tests/Faitest.pm @@ -2,7 +2,7 @@ # Subroutines for automatic tests # -# Copyright (C) 2009 Thomas Lange, lange@informatik.uni-koeln.de +# Copyright (C) 2009 Thomas Lange, lange@cs.uni-koeln.de # Based on the first version by Sebastian Hetze, 08/2008 package FAITEST; -- 2.30.2