If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.
Users will need to do one of these things:
1. Use [[customizations.user]] in their blueprint to configure root or
another user.
2. Use [[customizations.sshkey]] to set a key for root
2. Install a package that configures a user at install time
3. Install a package that sets up a user at boot time (eg. cloud-init)
This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.
Resolves: rhbz#1626122
This is similar to the AMI type, but also adds open-vm-tools and does not do
anything special to the partitioning
(cherry picked from commit 1056bfc25b)
This does pretty much the same things as the AMI compose type, but also
replaces NetworkManager with the Azure linux agent.
(cherry picked from commit e0c236ff36)
This differs from lmc's --make-ami in that creates a full disk image instead of
an fsimage. Create a raw disk image with a / and /boot partitions, and enable
sshd, chronyd, and cockpit by default.
(cherry picked from commit 18188bf6cf)
Currently we are making MBR disk images for qcow2 and partitioned disk,
so the UEFI packages aren't required at this point.
Move the clearpart command into compose.py so that in the futute it can
use clearpart --disklabel to create a GPT image, and add the required
packages to the package set.
We had only been indirectly pulling in GConf, and anyways
nothing was listening to these keys.
<kalev> I still think it's a fallout from 27a90d973f
Really in general, if we wanted to make changes like this
it'd probably be a lot simpler to do them on boot or so.
https://bugzilla.redhat.com/show_bug.cgi?id=1581838
(cherry picked from commit bb3d8edd06)
- drop kernel-bootwrapper as it was used with 32-bit ppc
- replace ppc64-utils meta-package (to be retired) with the real requirements
(cherry picked from commit 1d32a0cb36)
"anaconda-install-deps" was the original placeholder name
of the metapackage and it looks like I forgot to change it
to "anaconda-install-env-deps", which is the final name
we have decided sounds better.
Oops! (it's even correct in the commit message...)
(cherry picked from commit db9e2a1e41)
Signed-off-by: Brian C. Lane <bcl@redhat.com>
Use the anaconda-install-env-deps metapackage to pull in the
Anaconda dependencies needed in the installation environment.
The anaconda-install-env-deps metapackage lists all install time
dependencies and makes it possible for packages such as
Initial Setup to depend on Anaconda without pulling all
the (mainly storage related) install time dependencies
to the installed system.
The same is applicable for dirinstall which also does
not require the install time dependencies as it is just
installing to a local folder.
Also drop the tmux and gdb dependencies from the template as
both have been added to the metapackage to make install time
dependency tracking more consistent.
(cherry picked from commit 106f330bb2)
Signed-off-by: Brian C. Lane <bcl@redhat.com>
It looks like gnome-helper grew a dependency on it so let's not remove
it. From today's pungi run we can see this error in the verify:
```
libgstgl-1.0.so.0, needed by /usr/bin/gnome-help, not found
```
This reverts commit 13e234ae02.
system-logos is not needed in the runtime-install.tmpl because the
correct *-logos package is already installed by the _install_branding
code in treebuilder.py
The x86.tmpl explicitly references the syslinux-splash provided in
the system-logos package and fails if it's not there so implicitly
install it on arches where syslinux is supported to ensure it's
there. Fixes rhbz #1529239
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
The previous attempt to fix this failed because of operator
ordering, so we actually still tried to build EFI images on
i386, so i386 lives failed. This really fixes it. I tested. I
actually built a 32-bit live and it worked.
Resolves: rhbz#1539085
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This shouldn't have been turned on when we switched to doing ia32-efi
images on x86_64; just having the file available isn't where we want
that policy decision to be.
Resolves: rhbz#1539085
Signed-off-by: Peter Jones <pjones@redhat.com>
kernel-PAE has been intentionally removed from Rawhide kernel
builds; Fedora 27 will be the last release with kernel-PAE for
i686. So we need to not try and install it in future. See
http://pkgs.fedoraproject.org/rpms/kernel/c/21e4b8338 (it's a
big commit, but the change is in there, it's the second change
in kernel.spec).
Signed-off-by: Adam Williamson <awilliam@redhat.com>
pjones and I happened to notice this suspicious line in the
lmc log for a Fedora 27 live image compose:
2017-08-25 16:04:55,327 DEBUG pylorax.ltmpl: template line 25: installimg None usr/share/lorax//product/ images/product.img
That 'None' does not look right. I believe this is the problem.
The command is defined as `installimg ${compressargs} ...`, and
a few lines earlier, `compressargs` is initially assigned (in
Python) as `None`. `None`, in Python, stringifies to the string
'None'. So unless we're on i386 (where `compressargs` gets
defined to an actual string of arguments in a conditional), we
wind up passing in the string 'None' as the first arg to the
`installimg` command.
To fix this, `compressargs` should be initially set to the empty
string rather than `None`.
This enables Baytrail and similar atom CPUs that typically ship with a
32-bit firmware, but have a 64-bit capable CPU.
Signed-off-by: Peter Jones <pjones@redhat.com>
Per dledford, RDMA fundamentally cannot work reliably on 32-bit
ARM arches, so as part of the re-organization of the relevant
packages, building them on 32-bit ARM has been disabled (for
F27+). Thus we should adjust lorax not to try and install them
on 32-bit ARM. Also change the package name, the 'rdma' package
is obsoleted by 'rdma-core'. This commit should not be applied
to branches for older distros.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
When multiple units are passed to systemctl and one fails it doesn't
finish the others. Change the template command to call systemctl for
each unit individually.
This also removes the lvm2-activation-generator in runtime-cleanup.tmpl
This will allow anaconda to fetch kickstarts using https when installing
with fips=1
Leave vmlinuz and .vmlinuz.hmac in /boot
dracut-fips module needs the vmlinuz.hmac file in order to boot.
As of webkitgtk4-2.17.5-1.fc27 , it needs these two as well as
the others. This is breaking Rawhide composes at present.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This is required in the future for anaconda to be able to inspect the
supported locales in Atomic Host installations. This is the same patch
as https://github.com/rhinstaller/lorax/pull/194 but for the master
branch.
Library libmenu.so is needed by lp_diag binary from ppc64-diag
package. It leads to incomplete finish of compose iso generation
on Power. Keeping libmenu.so on PowerPC should fix the problem.
Resolves: rhbz#1461775
Signed-off-by: Sinny Kumari <sinny@redhat.com>
rpm-ostree used to have a requirement on the ostree rpm. It no
longer has that dependency, but rather requires ostree-libs. However,
we call ostree directly in some cases so we need to have it installed.