systemd uses /var/lib/systemd/random-seed to add entropy to /dev/urandom
at boot time. During image creation this file is created, and if not
removed everything using the image will be adding the same seed.
This is only additional entropy, NOT a seed in the sense of a starting
point for a PRNG, so it will be mixed with other entropy as the system
runs. It isn't a good idea to use the same value everywhere so make sure
it is removed in %post
Resolves: rhbz#1258986
The system the image boots on will likely not match the host where lorax
was run, and in some cases this can cause systems to hang.
Resolves: rhbz#1258498
fedup is deprecated and abandoned. Let's save time and disk by not
building `upgrade.img` when nothing is going to use it anymore.
For the record, performing upgrades using an initramfs from the new
system turns out to be fragile and hard to support:
* dracut initramfs isn't generic enough to handle booting all systems
(e.g. missing vconsole.conf means you get keymaps wrong, so users
can't unlock encrypted disks)
* The ABI differences between the two versions of plymouth, systemd,
etc. requires nasty workarounds at best and causes nightmarish
systemd crashes at worst
This patch removes all the code that built and installed `upgrade.img`.
For backwards compatibility, the API retains the `doupgrade` keyword
argument, and the `--noupgrade` flag is still accepted.
Some callers expect CalledProcessError.output to have the output, so
pass up the stdout + stderr output.
This means failed runcmd template commands will log to program.log and
lorax.log
We should have as much of the logic of how the CI tests are run in source
control as possible, so that's what this target is for. Besides this, jenkins
just runs a "git clean" first.
We really shouldn't need to run ldconfig on boot from read-only media,
unless someone messed up %post in a package. And the verify step will
catch that.
This reverts commit 3981ff5b79.
systemd-nspawn is some kind of container thing, and cairo-sphinx, as far
as I can tell (go ahead, try to google it) is a cairo debugging tool.
Neither of these are particularly useful on installer media and both use
libraries that are removed during cleanup.
After the cleanup step, check that everything in /usr/bin and /usr/sbin
can still run. Currently, this just checks that ELF files have
everything they need to link, and scripts have an interpreter.
Verifying is on by default but can be skipped with --noverify
In order for selinux to properly label the system it needs to see that
the config file exists.
Also remove the old code trying to copy in a selinux config file, it
never worked -- the removepkg would remove it.
When this is too small the rootfs can run into problems when used with a
live system. Doubling it leaves enough space for the system to run
properly during the installation and since it's all compresses it
doesn't make the image noticeably bigger.
So we can activate master connection instead of searching for and activating
slave connections.
Makes turning bond/team device on in network spoke work.
Resolves: rhbz#1172751
It also causes a device configured in dracut to be properly reactivated as a slave
if it is configured so by kickstart.
Resolves: rhbz#1134090
When it is left up to dnf to decide how to fulfill the kmod()
requirement from gfs2-utils it will pick kernel-debuginfo-* which adds
about 100M to the size of the iso.
Adding these packages first makes dnf choose them and the iso size is
back down around 450MB
iscsi-initator-utils and gobject-introspection actually are required via
anaconda rpm deps, so they aren't needed in runtime-install.tmpl.
Nothing seems to actually use python-imaging (i.e., python-pillow).
The executables for polkit, gnome-keyring and python-ethtool are removed
in runtime-cleanup, so if anything needs the libraries in these
packages, they can be pulled in through rpm dependencies. Among them,
only polkit is required.
For LUKS escrow stuff, keep the packages that provide the command-line
executables (volume_key, nss-tools), and remove the libraries. The
python2 libraries are no longer needed by blivet, and libblockdev will
install the C libraries it needs.
Install the dnf langpacks plugin instead of the yum one.
python-epdb is less useful now that anaconda is Python 3.
