Anaconda, Lorax, lorax-composer, and livemedia-creator can all now run
with SELinux in Enforcing mode. It does not need to be disabled and if
there are denials they should be reported as a bug.
Log the current state of SELinux when starting, update the
documentation.
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.
Users will need to do one of these things:
1. Use [[customizations.user]] in their blueprint to configure root or
another user.
2. Use [[customizations.sshkey]] to set a key for root
2. Install a package that configures a user at install time
3. Install a package that sets up a user at boot time (eg. cloud-init)
This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.
Resolves: rhbz#1626122
This differs from lmc's --make-ami in that creates a full disk image instead of
an fsimage. Create a raw disk image with a / and /boot partitions, and enable
sshd, chronyd, and cockpit by default.
This makes it easier to generate new documentation for
http://weldr.io/lorax/
It requires having a current welder/lorax-composer:latest image (created with
the test-in-docker target), then run docs-in-docker to rerun sphinx with
the docs/html directory mounted from the container.
We had only been indirectly pulling in GConf, and anyways
nothing was listening to these keys.
<kalev> I still think it's a fallout from 27a90d973f
Really in general, if we wanted to make changes like this
it'd probably be a lot simpler to do them on boot or so.
https://bugzilla.redhat.com/show_bug.cgi?id=1581838
mock now uses systemd-nspawn by default, but it cannot setup the
/dev/loop* nodes that are needed by lorax and livemedia-creator so users
will need to pass --old-chroot to mock if they are using it.
These were set by livecd-creator, and the %post section was used to
setup the license files on the / of the iso which will not work from
inside anaconda so drop it completely.
Because --no-virt uses a fsimage disk you can't create a /boot
partition. This kickstart will also work for creating the PXE files
inside a mock environment.
Also rename rhel-atomic-pxe-live.ks to fedora-atomic-pxe-live.ks