In fips mode creation of the protocol 1 key causes it to hang. This
removes the explicit HostKey entries and lets sshd decide which keys to
create when it starts.
Add a command that opens the anaconda.log file located in /tmp
with less. The command is added as the most recently used.
Signed-off-by: Martin Kolman <mkolman@gmail.com>
It's pretty pointless to copy data from /run/log/journal to
/var/log/journal, since both of those are in-memory filesystems.
This should somewhat reduce RAM use during installation.
Resolves this error on s390x:
...
running runtime-install.tmpl
installpkg modutils failed: No package(s) available to install
Looking for extra fedup-dracut packages...
...
dracut tries to build hostonly initrd by default without the nohostonly
package/config; this results in a bunch of error messages about missing
files in proc and sys, and then the resulting initrd doesn't work 'cuz
it doesn't have any drivers for anything.
Make kernel args the same in every config.
Put 'quiet' at the end of the line - it's usually the first thing a user removes when debugging.
Fill missing product versions in.
Distinguish between 'install' (installation media) and 'start' (live media).
The list of ARM platforms was represented as a static list to be
installed in .treeinfo for Beaker support, but as ARM moves to use
the multiplatform kernel the platform specific kernel images will
no longer be needed. This process is beginning in F18 (3.7 kernel)
with HighBank being the first to use the baseline kernel. Due to
this change, there will be no 'highbank' platform images, but Beaker
tries to import all platforms listed in .treeinfo. To avoid errors,
we should dynamically create the list of ARM plaforms, including
only those that are actually provided.
Signed-off-by: David A. Marlin <dmarlin@redhat.com>
For ARM systems that require U-Boot wrapped images,
perform mkimage to create one for 'upgrade.img'.
Signed-off-by: David A. Marlin <dmarlin@redhat.com>
Anaconda runtime is already in memory, no need to use tmpfs here. In
fact use of tmpfs here will overwrite any updates content that was put
in place by dracut.
live media isn't exactly the same as the Anaconda install media. Right
now this amounts to needing a root= cmdline argument but in the future
there may be other differences.
This also reverts 5437557846 on the new copies of the templates.
Using root= overrides the anaconda magic code for finding product.img
and updates.img. Anaconda can find the CDROM itself without needing
root=, though, so we can omit it safely for boot.iso.
The 'systemctl' command can be used to enable, disable, or mask systemd
units inside the runtime being modified. Modify runtime-postinstall.tmpl
to use the 'systemctl' command.
We also no longer remove quota*.service or kexec*.service, since
these aren't enabled by default. And systemd-remount-api-vfs.service
should work correctly now, so we can leave it alone as well.
We need the initramfs around to reboot properly. If it's packed up in
/boot we need this service to unpack it. If it's not there, the service
does nothing, so this patch won't hurt anything.
Also add pigz, which speeds up compression nicely (for use in
anaconda-cleanup-initramfs.service).
Now that the runtime contents remain compressed and aren't always stored
in RAM, it generally takes less RAM to keep these around than to run
'localedef' in anaconda.
This switches us back to the old pre-lorax method for setting up the
locale archive - see e.g. anaconda commit ea71816d
The 'removefrom kbd' line wasn't deleting anything because it was
looking in the wrong place. It was also kind of wordy.
This version should keep the needed binaries and remove the stuff we
don't need, as intended.
iproute's binaries moved to /usr/sbin, so they were *all* getting
removed by the '/usr/*' glob. iscsi's NetworkManager dispatcher script
uses 'ip' so this might be needed for proper iscsi support; at the very
least it quiets some error messages from NM. It's also pretty likely
people's kickstart scripts use 'ip' utility, so we'd better make sure
it's still available.
Remove a bunch of useless 'removefrom' lines that did nothing but cause
"no files to remove!" messages in lorax logs.
- ConsoleKit isn't in the anaconda runtime
- update-gtk-immodules isn't in gtk3
- there's nothing in /usr/share/selinux in selinux-policy-targeted
- zenity doesn't have a /usr/share/omf directory
- libpng moved to libpng15.*; actually removing it breaks the GUI
- pcmciautils' binaries are in /sbin, not /usr/sbin. They're only 7kb,
so let's just keep 'em.
This should have *no effect* on the contents of the runtime images.
A lot of the systemd unit files got moved around due to UsrMove, so
these lines weren't removing the services as expected.
Fix the paths and they all work. This eliminates the "FAILED"
message from systemd-remount-api-vfs.service and plymouth-start.service.
Oh - and the ConsoleKit removal got dropped 'cuz ConsoleKit isn't in the
installer images anymore.
This adds support for creating an appliance description file for the
disk image. Mako templates are used to make it easy to support other
appliance targets. The included example works with virt-image.
We use this to set various sysctl settings, like setting kernel.printk=1
so we don't get the screen all crudded up with kernel messages during
text-mode installs.
There's a small amount of additional metadata required for the Mac boot
images to appear as bootable devices in the startup preferencs, so add
support for generating that.
Signed-off-by: Brian C. Lane <bcl@redhat.com>
Since noloader mounts stuff under /run/install, but anaconda (and
people's scripts etc.) look under /mnt/install, make a symlink so
everything works as expected.
Install the anaconda dracut module during 'install', use it when
rebuilding initramfs, and clean it up afterward.
Also install '.buildstamp' into the initramfs (the anconda module wants
it).
In order for grub to be able to read the kernel regardless of whether
the image is written to a CD or a USB stick, it's necessary to autoprobe
for the filesystem using the findiso command. Add it to the grub config.
The installer no longer has access to the initrd's root. We need to
copy any needed files over to /sysroot before switching root. This
copies *.cfg and *.ks files.
It also adds the ability to add dracut hook scripts to the initramfs
from /usr/share/lorax/dracut_hooks/
This re-adds commit af6d4e2c50 which was
lost during the switch to the treebuilder branch.
This doesn't get rid of the gtk2 stuff yet, though. The intention here is
that you can use this lorax to generate an image containing either the old
anaconda or the newui branch, simply by including a different repo in your
tree composition kickstart file.
Also, it appears that some things in the tree still require gtk2 so we may
be stuck with both for the forseeable future.
If yaboot so much as catches a whiff of a backslash in yaboot.conf, it
will reject the entire file. No bootloader config means no booting.
So as long as we're still using yaboot on PPC, we need to use ISO volume
labels it can handle. So: filter the isolabel, replacing any non-ASCII
characters with underscores.
So there's actually two copies of yaboot on a PPC image, and they each
use different config files:
ppc/chrp/yaboot --> /etc/yaboot.conf
ppc/mac/yaboot --> /ppc/ppc{32,64}/yaboot.conf
So we need two copies of yaboot.conf - one in each place - to
boot properly (or all three if we're making hybrid images). Whee!
The comments should now make this more clear for future reference.
We were appending to /etc/shadow when previous versions of lorax
overwrote it, so we ended up with two conflicting entries for "root".
Instead:
- keep existing /etc/shadow and /etc/passwd contents
- add new entries for "install" user
- remove password from existing "root" entry in /etc/shadow
Also, we don't need to create the 'sshd' user, because the
openssh-server %post script does that for us.
Actual content changes:
- {High,Low}Contrast themes moved to gnome-themes-standard, so remove
them from there. Also remove HighContrastInverse theme.
- Removed metacity 'Atlanta' theme - 'Adwaita' is the default metacity
theme these days.
ntfsresize is currently living in the ntfsprogs package, which (for
whatever reason) isn't getting automatically pulled into the runtime
environment anymore.
So: install ntfsprogs in runtime-install, and remove everything but
ntfsresize in runtime-cleanup.
Makefile-style "-cmd" syntax lets us run a command and ignore any
resulting errors. This is a more general version of what copyif/moveif
were trying to accomplish, so we can drop those commands.
symlinking /modules to '/lib/modules' inside the runtime image is fine,
but since we're operating outside the runtime image, the absolute
symlink will point to the host's /lib/modules, which can cause us to
delete kernel modules. Yikes.
Instead:
1) use /lib/modules rather than the symlink, and
2) use a relative symlink, just to be safe.
move arch-specific stuff to arch-specific subdirs and move all the
common stuff to a subdir named 'common'. Also, rename '.profile' and
'.bash_history' so you actually see them when you 'ls' the 'common' dir.
also added some helpful(?) comments to the templates.
Patch by Ales Kozumplik <akozumpl@redhat.com>
The value syslogd provides at this early point when kickstart starts is
"(none)". This makes the receiving syslog unable to parse the incoming
messages.
New images find their root device by looking at the CDLABEL. Since pungi
is building ISO images separately from lorax, if it uses a different ISO
Volume Label we'll end up with unbootable images.
This changes the volume labels to match what pungi uses, so both should
boot OK.
Since pungi doesn't know that images/install.img needs to be moved to
LiveOS/squashfs.img for images to be "live", they aren't bootable.
This is the simple solution to the problem. Thanks to Karsten Hopp
for the original patch.
This lets us easily do whitelisting instead of blacklisting during
runtime cleanup. For example:
removefrom xfsprogs --allbut /sbin/* /usr/sbin/xfs_admin
would remove everything from the xfsprogs package except files in /sbin
and /usr/sbin/xfs_admin.
A few things in runtime-cleanup have been converted to use --allbut. The
only difference in the created runtime image is that we're deleting
/usr/share/kde4 from fedora-logos.
From: Matthew Garrett <mjg@redhat.com>
If we're producing EFI bootable images then we should also support
making them bootable from USB sticks. This adds support for doing so.
- use libdir in GConf2
- delete redundant removals of /usr/share/gnome/*
- remove systemd units for nfs-utils
- remove all of notification-daemon rather than piece-by-piece
- don't try to delete non-existent libldif from openldap
- /usr/sbin/xfs_bmapd is actually /usr/sbin/xfs_bmap
- remove /etc/* from yum rather than etc/*
also make sure we clean a bunch more unneeded services, but don't bother
deleting target files that would just be ignored anyway.
also also, delete everything in /etc/systemd/system/default.target.wants
so that we don't get readahead stuff in anaconda.
Add commentary for a bunch of the removepkg lines, and drop a bunch of
things that were in the list that weren't being installed anyway. Also
drop some redundant removepkg lines about chkconfig.
This adds the boot config files from anaconda to lorax's configdir.
They've been edited to include a '@ROOT@' placeholder, so lorax can put
the proper root=... argument in place, and to use the @VAR@ convention
everywhere (instead of some using @VAR@ and some using %VAR%).
This should probably fix EFI booting, since the EFI BOOT*.conf was
missing its root=... arg.
Also some default settings were changed in syslinux.cfg (so we don't
have to rewrite those two lines every time).
One last change - the '-magic' arg and ppc 'magic' file have been
dropped, because that's kind of silly and unnecessary.
removing packages sadly doesn't run their %post scripts, so a lot of
broken links are left around for systemd units and/or sysvinit scripts.
So, after other cleanup, remove any broken links in /etc, /usr, or /lib.
- don't bother explicitly listing things that get installed as deps
- rearrange packages into functional groups, so we know *why* each
package gets installed
- add commentary about some dubious package installations
I've done some testing on x86_64 and ppc64 - the installed package set
is unchanged except for the addition of lohit-malayalam-fonts.
Clean a bunch of things that we don't need to removepkg:
- packages with no files (*-filesystem, basesystem)
- packages that only contain files that will be deleted anyway
(e.g. *-fonts-common - only contains files in /usr/share/doc)
- packages that aren't being installed or no longer exist
(hal-libs, clutter, mutter, libXv, redhat-menus, etc)
- consolidate perl lines to just: removepkg perl*
If it's a symlink, we'll copy the file into the symlink, and then we'll
likely remove the target of the symlink (../bin/systemd) in cleanup, and
then we have no init. Boo.
To build F15 images we need to remove systemd and set up loader as init
(see runtime-cleanup and runtime-postinstall).
We also need to add a hack to dracut so loader won't freak out when it
gets started by anaconda - see the file we're adding to the initramfs in
treebuilder.py.
(There's also an extra bonus hack for working around a bug in dracut if
/proc/cmdline is empty - SEE IF YOU CAN SPOT IT!!!)
Removing the 'module' whitelist added ~50M of kernel modules. Yuck.
This commit adds a kmod blacklist, removing ~34MB of kernel modules.
Yes, that's a ~16MB increase, but we're also including a whole mess of
stuff that was getting left out before: missing ISDN drivers, wireless
drivers, net bonding drivers, infiniband drivers, etc.
Add setup_init() and setup_s390_init() to installtree.py to handle
init setup, and stop using systemd so we can make F15 images.
This reverts commit b58190d660.
TreeBuilder uses templates full of commands (like ramdisk.ltmpl) to
create the output tree and boot images. There are 4 arch-specific
templates, plus a bonus EFI template which can handle EFI image creation
for any arch that implements EFI.