aarch64 now has support for kexec and the associated tools so we can drop
the arch conditional now.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Follow-up of moving to sshd-keygen.target in anaconda-sshd.service
(#1331753)
* Do not remove /etc/ssh/moduli
* slogin symlink is already removed
* Do not remove sshd-keygen
Related: rhbz#1369439
Keep it same as in RHEL 7.2. They increase the size of the /tmp/syslog file
from ~280K to ~1M, and can be obtained from journal if needed.
Resolves: rhbz#1369439
Rsyslogd used to read messages from /dev/log together with systemd-journald
which resulted in NetworkManager messages not being passed to syslog due to a
race condition during starting NetworkManager and rsyslogd service. So use
imjournal rsyslog plugin that picks messages from journald instead of using the
/dev/log socket. Same as regular RHEL 7 system.
There's something racy here; in my Atomic Workstation CI/CD I'm seeing:
```
01:12:43 symlink /lib/systemd/system/rngd.service etc/systemd/system/basic.target.wants/rngd.service
01:12:43 FileNotFoundError: [Errno 2] No such file or directory: '/lib/systemd/system/rngd.service' -> '/var/tmp/lorax.7cgdtz1_/installtree/etc/systemd/system/basic.target.wants/rngd.service'
```
Rather than debug this right now, let's just make sure it exists,
like we do right above for `tmp.mount`.
The latest POWER platform allows a host machine to configure guests
running in a different endian mode. Guests configured in this way may
have their bootloader configuration file corrupted after installation if
the file was not fully written to disk. The host machine would read the
journal and try to finish writing the file in the wrong endian mode.
Issuing an fsfreeze and unfreeze gives more assurance that the
configuration file is properly written before a reboot; this patch adds
fsfreeze to the installer runtime environment.
Related: rhbz#1315468
With commit fe17f97 changing the default from optional to required there's
a few packages that aren't currently supported on aarch64 that break the
compose. In particular aarch64 currently still doesn't have kexec, with luck
that might change in the F-25 cycle but until it does we need to have an
exception.
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
When using the template install command copying the same file to itself
shouldn't crash. Just log the error and continue.
Also copy the s390 configuration files for use with livemedia-creator
Resolves: rhbz#1269213
commit 66241f7cd7 added a check on
runtime_img to create UDF iso's. Ends up it is only in outroot for live,
so switch all the checks to look at it in inroot instead.
The sound, video and scanner firmware packages were removed during
cleanup. Instead, do not install them to begin with.
uhd-firmware is an addon package for a software radio tool and not
kernel firmware at all. Besides being 86MB on its own, it pulls in boost
and Tk, so leave all of that out.
webkitgtk4, a dependency of yelp, links to a lot of things. A lot of the
libraries pulled in through the dependency avalanche will never be used,
especially those that are dependencies of gstreamer plugins, so try to
clean some of it up.
Some images are becoming REALLY large. When a file is >= 4GiB we need to
pass -allow-limited-size to mkisofs to tell it to make a UDF image. Note
that the manpage says that this may result in it not booting on all
systems.
At the momenet some PPC and s390 arches don't have docker, in that case we get the following failure when running lorax.
DEBUG util.py:417: 2016-03-12 01:00:27,658: dnf.exceptions.DepsolveError: nothing provides docker-utils needed by docker-anaconda-addon-0.2-1.fc24.noarch
DEBUG util.py:417: dnf.exceptions.DepsolveError: nothing provides docker-utils needed by docker-anaconda-addon-0.2-1.fc24.noarch
DEBUG util.py:417: Traceback (most recent call last):
DEBUG util.py:417: File "/usr/sbin/lorax", line 353, in <module>
DEBUG util.py:417: main(sys.argv)
DEBUG util.py:417: File "/usr/sbin/lorax", line 209, in main
DEBUG util.py:417: remove_temp=True, verify=opts.verify)
DEBUG util.py:417: File "/usr/lib/python3.5/site-packages/pylorax/__init__.py", line 277, in run
DEBUG util.py:417: rb.install()
DEBUG util.py:417: File "/usr/lib/python3.5/site-packages/pylorax/treebuilder.py", line 119, in install
DEBUG util.py:417: self._runner.run("runtime-install.tmpl")
DEBUG util.py:417: File "/usr/lib/python3.5/site-packages/pylorax/ltmpl.py", line 219, in run
DEBUG util.py:417: self._run(commands)
DEBUG util.py:417: File "/usr/lib/python3.5/site-packages/pylorax/ltmpl.py", line 238, in _run
DEBUG util.py:417: f(*args)
DEBUG util.py:417: File "/usr/lib/python3.5/site-packages/pylorax/ltmpl.py", line 540, in run_pkg_transaction
DEBUG util.py:417: self.dbo.resolve()
DEBUG util.py:417: File "/usr/lib/python3.5/site-packages/dnf/base.py", line 547, in resolve
DEBUG util.py:417: raise exc
DEBUG util.py:417: dnf.exceptions.DepsolveError: nothing provides docker-utils needed by docker-anaconda-addon-0.2-1.fc24.noarch
DEBUG util.py:542: Child return code was: 1
Signed-off-by: Peter Robinson <pbrobinson@fedoraproject.org>
glibc recently split all of its locale data into subpackages, so if we
install no langpacks we get no locales. Explicitly install all of the
langpacks.
The ast module depends on:
drm,drm_kms_helper,ttm,syscopyarea,i2c-core,sysfillrect,sysimgblt,i2c-algo-bit
This retains the syscopyarea, sysfillrect, and sysimgblt modules.
Resolves: rhbz#1272658
since we no longer make the wrappend kernel and initrd for arm we need
to not put them in the .treeinfo file
Signed-off-by: Dennis Gilmore <dennis@ausil.us>
We have been defaulting to using raw kernels and initrds for awhile
now. Lets not make the legacy version anymore. Anyone that needs one
should be able to make their own with the correct variables.
Signed-off-by: Dennis Gilmore <dennis@ausil.us>
Gtk turned off the inspector keybindings by default, because they were
interfering with applications that use a lot of complicated keyboard
shortcuts. This is not a concern for anaconda, and the inspector is
pretty handy, so turn it back on.
The etc portion of systemd-tmpfiles creates a broken /etc/resolv.conf,
which breaks networking, and the rest of the stuff in the there is
already installed to the stage2.
fedup is deprecated and abandoned. Let's save time and disk by not
building `upgrade.img` when nothing is going to use it anymore.
For the record, performing upgrades using an initramfs from the new
system turns out to be fragile and hard to support:
* dracut initramfs isn't generic enough to handle booting all systems
(e.g. missing vconsole.conf means you get keymaps wrong, so users
can't unlock encrypted disks)
* The ABI differences between the two versions of plymouth, systemd,
etc. requires nasty workarounds at best and causes nightmarish
systemd crashes at worst
This patch removes all the code that built and installed `upgrade.img`.
For backwards compatibility, the API retains the `doupgrade` keyword
argument, and the `--noupgrade` flag is still accepted.
We really shouldn't need to run ldconfig on boot from read-only media,
unless someone messed up %post in a package. And the verify step will
catch that.
This reverts commit 3981ff5b79.
systemd-nspawn is some kind of container thing, and cairo-sphinx, as far
as I can tell (go ahead, try to google it) is a cairo debugging tool.
Neither of these are particularly useful on installer media and both use
libraries that are removed during cleanup.
In order for selinux to properly label the system it needs to see that
the config file exists.
Also remove the old code trying to copy in a selinux config file, it
never worked -- the removepkg would remove it.
So we can activate master connection instead of searching for and activating
slave connections.
Makes turning bond/team device on in network spoke work.
Resolves: rhbz#1172751
It also causes a device configured in dracut to be properly reactivated as a slave
if it is configured so by kickstart.
Resolves: rhbz#1134090
When it is left up to dnf to decide how to fulfill the kmod()
requirement from gfs2-utils it will pick kernel-debuginfo-* which adds
about 100M to the size of the iso.
Adding these packages first makes dnf choose them and the iso size is
back down around 450MB
iscsi-initator-utils and gobject-introspection actually are required via
anaconda rpm deps, so they aren't needed in runtime-install.tmpl.
Nothing seems to actually use python-imaging (i.e., python-pillow).
The executables for polkit, gnome-keyring and python-ethtool are removed
in runtime-cleanup, so if anything needs the libraries in these
packages, they can be pulled in through rpm dependencies. Among them,
only polkit is required.
For LUKS escrow stuff, keep the packages that provide the command-line
executables (volume_key, nss-tools), and remove the libraries. The
python2 libraries are no longer needed by blivet, and libblockdev will
install the C libraries it needs.
Install the dnf langpacks plugin instead of the yum one.
python-epdb is less useful now that anaconda is Python 3.
Add a 'lower' filter to the templates to replace string.lower which no
longer exists. Fix udev_escape, the strings are already unicode, and
drop --chdir from runcmd. It wasn't ever used, and passing cwd to the
new runcmd isn't supported.
I originally added --add-template to support doing something similar
to pungi, which injects content into the system to be used by default.
However, this causes the content to be part of the squashfs, which
means PXE installations have to download significantly more data that
they may not need (if they actually want to pull the tree data from
the network, which is not an unusual case).
What I actually need is to be able to modify *both* the runtime image
and the arch-specific content. For the runtime, I need to change
/usr/share/anaconda/interactive-defaults.ks to point to the new
content. (Although, potentially we could patch Anaconda itself to
auto-detect an ostree repository configured in disk image, similar to
what it does for yum repositories)
For the arch-specfic image, I want to drop my content into the ISO
root.
So this patch adds --add-arch-template and --add-arch-template-var
in order to do the latter, while preserving the --add-template
to affect the runtime image.
Further, the templates will automatically graft in a directory named
"iso-graft/" from the working directory (if it exists).
(I suggest that external templates create a subdirectory named
"content" to avoid clashes with any future lorax work)
Thus, this will be used by the Atomic Host lorax templates to inject
content/repo, but could be used by e.g. pungi to add content/rpms as
well.
I tried to avoid code deduplication by creating a new template for the
product.img bits and this, but that broke because the parent boot.iso
code needs access to the `${imggraft}` variable. I think a real fix
here would involve turning the product.img, content/, *and* boot.iso
into a new template.
removekmod GLOB [GLOB...] --allbut KEEPGLOB [KEEPGLOB...]
This can be used to remove kernel modules from under
/lib/modules/*/kernel/ while keeping specific items. This should be
easier than constructing find arguments to select the right things to
save.
Use the same stage2 location for all arches, put it in images with all
the other images. This only effects boot.iso, live images still use
LiveOS/squashfs.img because that's where dracut's 90dmsquashfs-live
module expects to find it.
For boot.iso anaconda-dracut handles finding stage2, looking at
images/install.img and LiveOS/squashfs.img
This package no longer contains anything that we actually use. Removing
it also removes gnome-themes, which we needed for the metacity theme but
which is now handled by anaconda, and gtk2-engines.
fedora-gnome-theme provides gnome-themes-standard, from which we remove
everything except a metacity theme file that metacity doesn't actually
use. Remove fedora-gnome-theme entirely and manually add the font
dependency that it was pulling in.
--make-pxe-live target generate live squashfs and initrd for pxe boot.
Also generates pxe config template.
--make-ostree-live is used for installations of Atomic Host. Additionally to
--make-pxe-live it ensures using deployment root instead of physical root of
installed disk image where needed. Atomic installation needs to be virt
installation with /boot on separate partition (the only way supported by
Anaconda currently). Content of boot partition is added to live root fs so that
ostree can find deployment by boot configuration.
Virtual machines easily get starved for randomness, and Anaconda insists
on sufficient amounts of entropy when the user requests LUKS disk
encryption. As a result, such installations can hang until Anaconda gives
up (after 10 minutes) and makes do with whatever entropy is available.
The virtualization host can feed randomness to the guest, unblocking the
installation. However, the guest can only consume that randomness through
the virtio-rng module. Let's not remove that module.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Brian C. Lane <bcl@redhat.com>
Resolves: rhbz#1179000
As of fedora kernel kernel-3.17.4-302.fc21 aarch64 can sort out what to
use for the console on its own, so drop the console= from the aarch64
grub2-efi.cfg template.
Older versions of petitboot don't understand the for loop and won't
boot. We also don't shipt 32 bit media anymore so there is no reason
for this to remain.
To make it easier for users to add product and updates images look for
any packages that provide lorax-product-* or lorax-updates-*
Related: rhbz#1155228
This reverts commit bc9b40f18f.
anaconda-21.48.14-1 will revert to the below behavior, so remove the virtual
provide that was added for F21 Alpha/Beta.
You must include a repo in your installation environment that has an id
matching the lower case first part of your product name when split at the '-'
character.
If you don't do that closest mirror will not work.
For Fedora products this means including ONE repo with an id of
'fedora'.
With these templates if a package has installed files in
/usr/share/lorax/product or /usr/share/lorax/updates/ they will be used
to create product.img and/or updates.img which will be included in the
images/ directory of the iso and of the final output tree.
These can be used to customize the installation environment or provide
updates. See README.product for current documentation.
We started including it as an unintended side-effect of commit 9ca487f8.
lvm doesn't like it when there are multiple 'global' sections in lvm.conf,
and we add one right at the end of that block. We expect ours to be the
file's only content.
The help content path has been changed to /usr/share/anaconda/help,
so this Lorax change is no longer needed.
This reverts commit 2bd4637336 and commit 05ebf4ffcd.
We have shim and grub working together on aarch64 now, so we may as well
use them.
(this also makes the case of boot${arch}.efi not mixed-case, which
should guarantee it's in FAT rather than VFAT...)
Related: rhbz#1100048
Signed-off-by: Peter Jones <pjones@redhat.com>
A string passed to runcmd cannot contain a pipe character. So instead
of further find magic, I'm just going to move the directory out of the
way, take care of the deletion, and then move it back.
at-spi is the old accessibility library, deprecated in these gtk3 times
by at-spi2-atk. at-spi-corba has been replaced with atk-bridge.
at-spi2-atk is a dependency of gtk3, so there's no need to explicitly
add it.
This is a virtual provides that should install the product specific yum
repo files in /etc/yum.repos.d/ with the one matching the product name
enabled. Eg. fedora-server.repo with an id of fedora-server and
enabled=1
Anaconda will then use this repository when 'Closest Mirror' is selected
as the installation source.
Signed-off-by: Brian C. Lane <bcl@redhat.com>
The installation from DVD on s390x needs setting the target disks and
network information that are usually set by editing the generic.prm file.
By including the "rd.cmdline=ask" parameter dracut will open a simple
dialog so the user can enter the required information.
Update the templates and configuration files to support grub2 live
image creation.
Related: rhbz#1102318
Related: rhbz#1131199
(cherry picked from commit da8326fd58)
The ppc config files were missing from the live config_files directory
and ppc needs the correct lib directory so lmc has been switched to use
ArchData driven from the installed kernel arch.
Resolves: rhbz#1102318
(cherry picked from commit 59f256e989)
This reverts commit f3f2aa4851.
The addon does not currently work, reverting it until it does and has
been tested so that it doesn't block further Fedora work by breaking the
installer iso.
The settings in /apps/metacity/general are now covered by gsettings in
org.gnome.desktop.wm.preferences. The keybinding settings are already
covered by the overrides for org.gnome.desktop.wm.keybindings.
Spaces cause various bugs like #923374 and #855849 , and it would be
better if we just didn't use them.
Note that there's a corresponding pungi change to go with this.
Signed-off-by: Peter Jones <pjones@redhat.com>
rpm-ostree is a new payload type available in Anaconda, will be used
by Project Atomic (http://projectatomic.io) builds and the new Fedora
Cloud Docker Host.
dnf has previously existed, but as it's only required at installation
time, let's move it here as well.
Per discussion on the anaconda list, we don't want to pull these in as
a dependency of the "anaconda" package as initial-setup -> anaconda
which means they end up on every system.
mkefiboot uses pylorax.imgutils, in order to capture information about
umount problems it needs to be run with --debug. This triggers the fuser
call to show what is holding the mount open.
Update the templates and config file to better support EFI on aarch64
on 64-bit ARM.
Resolves: rhbz#1067671
Signed-off-by: David A. Marlin <dmarlin@redhat.com>
Signed-off-by: Brian C. Lane <bcl@redhat.com>
Right now, logind reserves tty6 for a login shell, which is not what we
want - normally anaconda puts Xorg there, and there's no need for a
login prompt anyway.
This configures logind to activate "anaconda-shell@.service" when a user
switches to an unused tty, and reserves tty2 for that purpose (which is
where users expect a shell anyway).
This will avoid us having login prompts that users don't know what to do
with. It also probably saves us a little bit of RAM.
Some things need grubby. But they don't want to require them. So we make
sure it is available for other packages to use while building the
images.
Note that it is still removed in the cleanup script, and when installing
a system the grubby used will be the one pulled from the install repo.
Currently, yaboot is the ISO boot loader in fedora and the Fedora on
POWER team is making an effort in order to replace it by GRUB2 in the
F20 release cycle. I'm sending a lorax patch so you guys can comment
on it. I'm planning to create a feature page for that too.
This patch only change the lorax template for ppc and should not
affect other archs, like x86.
--
Paulo Flabiano Smorigo
Software Engineer
Linux Technology Center - IBM Systems & Technology Group
The system-wide spice guest agent, spice-vdagentd, normally uses
systemd-logind to determine which of the per-session spice-vdagent
instances it should be communicating with. On the non-live media, the X
session isn't registered with systemd-logind, so instead start
spice-vdagentd with -X to disable the systemd-logind integration and
serve instead to a single spice-vdagent.
Conditionalize shim and grub2-efi and whatnot on being x86_64 for now -
at some point they'll turn into "efi architectures" and maybe even split
for SB vs not SB, but for now, this is fine.
Signed-off-by: Peter Jones <pjones@redhat.com>
The xkeybard-config .mo files are needed to translate the layout
switching options. The xklavier calls in anaconda will automatically
translate the option strings as long as the translations are present.
In fips mode creation of the protocol 1 key causes it to hang. This
removes the explicit HostKey entries and lets sshd decide which keys to
create when it starts.
Add a command that opens the anaconda.log file located in /tmp
with less. The command is added as the most recently used.
Signed-off-by: Martin Kolman <mkolman@gmail.com>
It's pretty pointless to copy data from /run/log/journal to
/var/log/journal, since both of those are in-memory filesystems.
This should somewhat reduce RAM use during installation.
Resolves this error on s390x:
...
running runtime-install.tmpl
installpkg modutils failed: No package(s) available to install
Looking for extra fedup-dracut packages...
...