I based this on the output of a recent installer image build:
https://kojipkgs.fedoraproject.org/compose/branched/Fedora-33-20200904.n.0/logs/x86_64/buildinstall-Everything-logs/pylorax.log
I looked at every runtime-cleanup related error there and tried
to make appropriate changes. In many cases this means just
removing a line that isn't needed any more because the package
in question just went away or is no longer pulled into the
installer environment. In other cases packages changed name or
files moved around, and I tried to make appropriate updates. In
a few cases files moved to another package but I wasn't sure
enough it would still be safe to remove them so I just left them
in place. Most of the changes here I'm pretty sure should be
safe, though there *could* be unforeseen fallout from e.g. fixing
the removals from procps to be removals from procps-ng - it's
been years since that package was renamed, so something *could*
have started using those binaries in the meantime. I did at least
check that anaconda itself does not.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
These are for devices that just aren't going to be needed during
install, like video encode/decode accelerators, TV capture cards,
webcams, and some sound firmwares that should probably be in
alsa-firmware but aren't. This is a fairly conservative cut, I
will split some possibly more controversial cuts into separate
commits for ease of detachment. The linux-firmware WHENCE file is
an invaluable resource in figuring this out.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
blivet-gui-runtime requires PolicyKit-authentication-agent. If
we just let dnf pick what to satisfy that requirement with, it
picks lxpolkit, which requires gtk2. Specifying polkit-gnome
instead should I think give us a smaller footprint, its deps
seem quite small.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
gnome-firmware is a GNOME app for installing firmwares, no use
here at all. sigrok-firmware is for signal analyzers, again, no
need for it here.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
libnotify dropped the requirement just a couple of months after
this line was added, but we never took it back out again.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
The expectation is that all environments where an editor might be
used should ship GNU nano by default and tools should activate it
when an "editor" is requested. This change should ensure that for
the install media runtime environment.
Reference: https://fedoraproject.org/wiki/Changes/UseNanoByDefault
Resolves: rhbz#1874094
This reverts commit 6025da1421.
It ends up that using the install.img with qemu and PXE and fips=1 is a
common use case. Without vmlinuz in the install.img rootfs it has
nothing to run the check against.
Related: rhbz#1782737
Seems petitboot can't properly parse the live image grub config on ppc, thus
booting fails on bare-metal. Fix the problem by removing the obsolete 32-bit
entries.
The kernel in /boot is not needed. Keep the .vmlinuz*hmac file so that
fips mode can check it (this requires dracut-050 or later).
Related: rhbz#1782737
A change in glibc now requires /proc be mounted in order to run mknod
which is needed in order to run rpm from runtime-postinstall.
This drops that code from the template and moves writing the package
list into run_transaction, which already has all of the needed
information to generate the list.
Resolves: rhbz#1812895
Some of the files no longer exist, some of them have moved. In the case
of dracut the 98systemd directory was renamed to 98dracut-systemd, but
nobody noticed.
This updates the following:
* rename 98systemd to 98dracut-systemd so scripts are in the
install.img
* drop fedora-release removefrom, it now only has os-release
fedora-repos has the repo files, not anaconda, they are moved by
runtime-postinstall.tmpl
* Use initscripts to keep the /etc/init.d, chkconfig only has an empty
directory.
* gtk2-engines is no longer installed
* metacity doesn't include anything in /etc/
* /usr/share/X11/rgb.txt is no longer installed
* libgstbadallocators-1.0.so
The eject utility moved into util-linux and the package was dropped, but
since the runtime-cleanup template is using `removefrom util-linux
--allbut` it was never added to the boot.iso after the move.
This removes the package request for eject and adds it to the list of
binaries to keep from util-linux.
Add lohit-marathi-fonts for Marathi.
Replace kacst-*-fonts with paktype-naskh-basic-fonts for Urdu,
for Arabic, we use dejavu-sans-fonts.
Replace lklug-fonts with google-noto-sans-sinhala-vf-fonts for Sinhala.
Replace lohit-gurmukhi-fonts with google-noto-sans-gurmukhi-fonts for Gurmukhi.
This adds cloud-init support to the vhd image.
Also limits the cloud-init datasource to Azure, and includes
cloud-utils-growpart to expand the filesystem to fit the available
space.
Resolves: rhbz#1754711
The python modules that Ansible depends on for Azure support are old,
and incompatible with Fedora. Drop support until the azure playbook is
supported with Fedora packages.
This uses a new Ansible module, ec2_snapshot_import, which is included
here until it is available from upstream.
It will upload the AMI to s3, convert it to a snapshot, and then
register the snapshot as an AMI. The s3 object is deleted when it has
been successfully uploaded.
Currently, Azure, vSphere, and OpenStack are supported. See
https://github.com/weldr/lorax/pull/826 for more details about this new
feature.
I've called the upload library "lifted" as a reference to Seuss'
The Lorax -- in the book, the Lorax lifts himself up by the seat of his
pants through a hole in the smog clouds, and they start calling him the
"Lifted Lorax."
This adds new features to the /compose route under API v1
Anaconda uses zram to allow installation on low memory systems.
We used to have a custom script called "zram-stats", that can be
used to test and debug zram usage during installation.
The script no longer works & zramctl now provides much better
output than our script ever did. So we decided to decommission
the old Anaconda provided script & use zramctl instead.
So change the cleanup rule in the Lorax boot.iso template
to keep the zramctl utility.
Related: rhbz#1561773
This new setting for 'find_multipaths' tries to prevent things like
LVM from going ahead and activating LVM on the individual disks/paths
until there is reasonable certainty (via a timeout) that the device
is not a component of a multipath set.
NOTE: 'smart' is supported by device-mapper-multipath v0.7.7 and later.
This creates a tar suitable for use with the anaconda kickstart liveimg
command. It adds the kernel, grub2, and grub2-tools packages to the tar
template.
The filesystem was too small because Anaconda always adds the kernel,
but the template uses --nocore so it doesn't take that into account.
Add it to the template so that the filesystem size will be large enough
to hold the extra packages.
You can now set the keyboard layout and language. Eg.
[customizations.locale]
languages = ["en_CA.utf8", "en_HK.utf8"]
keyboard = "de (dvorak)"
Existing entries in the kickstart templates are replaced with the new
ones. If there are no entries then it will default to 'keyboard us' and
'lang en_US.UTF-8'
Includes tests, and leaves the existing keyboard and lang entries in the
templates with a note that they can be replaced by the blueprint.
For example:
[customizations.timezone]
timezone = "US/Samoa"
ntpservers = ["0.pool.ntp.org"]
Also includes tests.
This removes the timezone kickstart command from all of the templates
except for google.ks which needs to set it's own ntp servers and timezone.
If timezone isn't included in the blueprint, and it is not already in a
template, it will be set to 'timezone UTC' by default.
If timezone is set in a template it is left as-is, under the assumption
that the image type requires it to boot correctly.
xorrisofs needs to use iso-level 3 when creating images with large
files. This adds tests to all the relevant templates, just like we used
to do for udf and mkisofs.
This is based on the VHD compose type, with the following differences:
* Use the vhdx format instead of vhd
* No WALinuxAgent
* Install hyperv-daemons
The hyperv-daemons are activated through udev rules, so there is no need
to add them to the services line.
It was substituting _ which didn't match what pungi uses for creating
the DVD. Make things consistent and use - as the replacement character.
Resolves: rhbz#1687882
In order to support iso creation on multiple arches with the templates
we need to be able to select different packages based on arch.
lorax-composer uses the arch-specific Lorax templates in order to
generate the output iso so this patch:
1. Creates a new template and type to parse it, live-install.tmpl
which contains only installpkg commands and #if clauses for arch
2. Removes bootloader related packages from the live-iso.ks
3. Remove dracut-config-rescue exclusion because it can cause problems
with some blueprints.
4. Switch logo requirement to system-logos which is satisfied by
generic-logos or fedora-logos. This prevents conflicts when a blueprint
installs fedora-release-workstation.
So in the future, if x86.tmpl, etc. need a new package to support
creating the iso it should be added to the correct section in
./share/live/live-install.tmpl
If a package is excluded in the template and later added by a blueprint
or dependency, anaconda will fail to finish the installation. So remove
the -dracut-config-rescue exclusion and instead remove the rescue
artifacts in %post
Some platforms, like ppc64, require that the /boot partition be present.
It doesn't hurt to have it there on other platforms so instead of trying
to add per-arch kickstart templates just use reqpart --add-boot
everywhere.
Some platforms do not have grub2, and some require other partitions.
Anaconda will add platform specific partitions if the 'reqpart' command
is included, and it will add bootloader specific packages to the list if
they are needed.
This is required to ensure that SELinux is configured properly while
building. It fixes the problem with building tar, and should be
installed in the other image types for consistency.
Resolves: rhbz#1645189
Most bootloaders used in Fedora already have BootLoaderSpec but extlinux
doesn't yet. So when using extlinux the old grubby must to be installed.
Resolves: rhbz#1649778
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Some files are created in non-reproducible way, including including
random data explicitly (/etc/machine-id), timestamps (fontconfig cache,
ldconfig aux-cache, certs cache), or entries in random order (groups,
systemd catalog, package list).
Fix this by either making the files reproducible, or removing them.
Images don't work without these fixes:
* Enable Network Manager.
* Disable cloud-init.
* Add Hyper-V modules into initramfs.
Fixes specific for RHEL:
* Create ifcfg-eth0 required by waagent.
* Install python3 and net-tools required by waagent.
Recommended changes:
* Use recommended kernel boot args.
* Disable kdump.
Since these images can be used to create multiple machines, they should
not have a unique machine-id attached to them. Replace /etc/machine-id
with an empty file so that it will be regenerated at boot time.
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.
Users will need to do one of these things:
1. Use [[customizations.user]] in their blueprint to configure root or
another user.
2. Use [[customizations.sshkey]] to set a key for root
2. Install a package that configures a user at install time
3. Install a package that sets up a user at boot time (eg. cloud-init)
This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.
Resolves: rhbz#1626122
This differs from lmc's --make-ami in that creates a full disk image instead of
an fsimage. Create a raw disk image with a / and /boot partitions, and enable
sshd, chronyd, and cockpit by default.
The ostree compose process in pungi wants ISOs and it was the last part
of the ARMv7 components that weren't at parity with other architectures.
Add the missing functionality.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
ARMv7 will now support UEFI and grub2-efi so add those deps. We also don't
require uboot-tools as part of the install process so don't add that
explicitly, and drop grubby from the aarch64 explicit list as it's in the
general list, add grub2-tools-efi.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Currently we are making MBR disk images for qcow2 and partitioned disk,
so the UEFI packages aren't required at this point.
Move the clearpart command into compose.py so that in the futute it can
use clearpart --disklabel to create a GPT image, and add the required
packages to the package set.
As explained in detail in the bug, 'hostname' must be installed
for the dracut 95iscsi module to work (and thus for key iscsi
modules to be included in the initramfs generated by lorax). Up
till recently, we got it as a dependency of initscripts, but
when network-scripts split from initscripts, the dependency went
with it. Now nothing else pulls it in as a dep, so let's just
pull it in explicitly here.
Resolves: rhbz#1593657
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We had only been indirectly pulling in GConf, and anyways
nothing was listening to these keys.
<kalev> I still think it's a fallout from 27a90d973f
Really in general, if we wanted to make changes like this
it'd probably be a lot simpler to do them on boot or so.
https://bugzilla.redhat.com/show_bug.cgi?id=1581838
"anaconda-install-deps" was the original placeholder name
of the metapackage and it looks like I forgot to change it
to "anaconda-install-env-deps", which is the final name
we have decided sounds better.
Oops! (it's even correct in the commit message...)
Use the anaconda-install-env-deps metapackage to pull in the
Anaconda dependencies needed in the installation environment.
The anaconda-install-env-deps metapackage lists all install time
dependencies and makes it possible for packages such as
Initial Setup to depend on Anaconda without pulling all
the (mainly storage related) install time dependencies
to the installed system.
The same is applicable for dirinstall which also does
not require the install time dependencies as it is just
installing to a local folder.
Also drop the tmux and gdb dependencies from the template as
both have been added to the metapackage to make install time
dependency tracking more consistent.
It looks like gnome-helper grew a dependency on it so let's not remove
it. From today's pungi run we can see this error in the verify:
```
libgstgl-1.0.so.0, needed by /usr/bin/gnome-help, not found
```
This reverts commit 13e234ae02.
system-logos is not needed in the runtime-install.tmpl because the
correct *-logos package is already installed by the _install_branding
code in treebuilder.py
The x86.tmpl explicitly references the syslinux-splash provided in
the system-logos package and fails if it's not there so implicitly
install it on arches where syslinux is supported to ensure it's
there. Fixes rhbz #1529239
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>