The chapter described the setup of a menu entry for grub
to loop boot a kiwi live ISO. The information was outdated
and did not longer apply to the current state of the art.
This commit updates the documentation to be correct again.
Added new <environment> section to the existing <bootloadersettings>
section which allows to specify environment variables for setting
up an environment blob for the selected loader. With this commit
we add support for grub by using grub2-editenv. Other loaders
do not yet have an implementation or does not support environment
blobs. Settings will be ignored for unsupported loaders.
This Fixes#2922
Co-authored-by: Rhys Oxenham <rhys.oxenham@suse.com>
This commit adds support for providing custom CA certificates
during the build process. It allows a user to specify one ore
more CA file(s) via the new <certificates> section and/or
via the command line. The certificate files will be imported
directly after the image bootstrap has finished (where the
required CA update tools are available), but before any
further packages are retrieved, solving for situations where
the chroot environment needs certificates, e.g. when there's
a proxy server in the build environment.
Co-authored-by: Marcus Schaefer <marcus.schaefer@gmail.com>
The console attribute in the bootloader section was used to
target both, output and input console setup using a space separator.
However, there can be multiple consoles specified for output
and input consoles and that turns the idea to handle both in
one attribute into a mess. This commit drops the console attribute
and offers two new attributes output_console and input_console which
can define multiple consoles each using space as a separator.
For example:
<bootloader ... output_console="console serial" input_console="console"/>
This change comes with a schema version bump to v8.4
An automatic XSL transformation template for the old console
attribute into the new output_console and input_console
attributes is also part of this commit.
This Fixes#2886
So far setting the luks= attribute on a live image build had
no impact to the generated ISO image. This commit adds the
encryption capability also for live ISO images. The read-only
part of the rootfs gets encrypted using the provided luks
passphrase. An eventual persistent storage area gets encrypted
at boot time if the rd.live.encrypt kernel cmdline parameters
is passed. encryption/decryption requires to interactively
set/provide passhphrase information at boot time. Please note
due to the read-only restrictions of an ISO image there is no
way to apply the standard re-encryption process as it is
usually performed by kiwi encrypted systems. As such the
specified luks passphrase in the kiwi image descriptions
becomes sensitive information that needs to be protected
Instructs an OEM installation to retain the contents of the
last partition on the target disk. This setting is only useful
if the last partition does not belong to the main OS e.g. an
extra data partition added via the spare_part attribute in
the type setup of the image description. The implementation
also checks if the start address of the last partition on the
target disk matches with the start adress of the image to be
deployed. Only if they match the data on the last partition
can be retained.
In a kiwi repart process the <oem-systemsize> element allows to
control the size of the partition to hold the rootfs. This commit
allows to dynamically overwrite the static value, or set it via
a kernel cmdline parameter
Allow to specify a filesystem label as part of a <partition>
definition. So far the label was set by the name of the
partition. With the new label attribute, a filesystem label
different from the partition name can be set. This commit
also updates/fixes the documentation in this regard.
Allow to specify which type of persistent device name should
be used to build up the list of installation disk devices.
For example rd.kiwi.install.devicepersistency=by-path would
use the by-path representations for the available disk
devices. The default (by-id) stays untouched. In case an
invalid or not present device representation is selected, kiwi
falls back to the non persistent unix node names.
Add driver configuration support for dracut initrd
Add support for specifying kernel drivers to be included or omitted
in the dracut initrd configuration. This extends the existing dracut
configuration capabilities like in the following example
<initrd action="add">
<dracut driver="erofs"/>
</initrd>
Since we moved to poetry and no code using setuptools anymore,
this requirement can be dropped. The commit also updates the
plugin documentation which was still based on setup.py
Like the upstream module also support the root=live:http://...
remote boot options. The kiwi-live dracut module is scheduled
to become obsolete, but it's still in use and should support
remote boot not only for AoE. As we got more issue reports than
working AoE remote boot success, this commit also updates the
documentation and switches to the capabilities of this PR.
Extend scope and content of the <initrd> section to be allowed
as part of the <type> section. This allows to specify custom
call options and modules for the dracut tool. In particular
this commit implementes support for passing the uefi option
to dracut to enable building an UKI EFI binary as follows:
<initrd action="setup">
<dracut uefi="true"/>
</initrd>
This Fixes#2809 and Fixes#2408
