# Lorax Composer Live ISO output kickstart template # Firewall configuration firewall --enabled --service=mdns # X Window System configuration information xconfig --startxonboot # Root password is removed for live-iso rootpw --plaintext removethispw # Network information network --bootproto=dhcp --onboot=on --activate # NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings # System keyboard keyboard --xlayouts=us --vckeymap=us # System language lang en_US.UTF-8 # SELinux configuration selinux --enforcing # Installation logging level logging --level=info # Shutdown after installation shutdown # System services services --disabled="network,sshd" --enabled="NetworkManager" # System bootloader configuration bootloader --location=mbr # Clear the Master Boot Record zerombr %post # FIXME: it'd be better to get this installed from a package cat > /etc/rc.d/init.d/livesys << EOF #!/bin/bash # # live: Init script for live image # # chkconfig: 345 00 99 # description: Init script for live image. . /etc/init.d/functions if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then exit 0 fi if [ -e /.liveimg-configured ] ; then configdone=1 fi exists() { which \$1 >/dev/null 2>&1 || return \$* } touch /.liveimg-configured # mount live image if [ -b \`readlink -f /dev/live\` ]; then mkdir -p /mnt/live mount -o ro /dev/live /mnt/live 2>/dev/null || mount /dev/live /mnt/live fi livedir="LiveOS" for arg in \`cat /proc/cmdline\` ; do if [ "\${arg##live_dir=}" != "\${arg}" ]; then livedir=\${arg##live_dir=} return fi done # enable swaps unless requested otherwise swaps=\`blkid -t TYPE=swap -o device\` if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then for s in \$swaps ; do action "Enabling swap partition \$s" swapon \$s done fi if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /mnt/live/\${livedir}/swap.img ] ; then action "Enabling swap file" swapon /mnt/live/\${livedir}/swap.img fi mountPersistentHome() { # support label/uuid if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then homedev=\`/sbin/blkid -o device -t "\$homedev"\` fi # if we're given a file rather than a blockdev, loopback it if [ "\${homedev##mtd}" != "\${homedev}" ]; then # mtd devs don't have a block device but get magic-mounted with -t jffs2 mountopts="-t jffs2" elif [ ! -b "\$homedev" ]; then loopdev=\`losetup -f\` if [ "\${homedev##/mnt/live}" != "\${homedev}" ]; then action "Remounting live store r/w" mount -o remount,rw /mnt/live fi losetup \$loopdev \$homedev homedev=\$loopdev fi # if it's encrypted, we need to unlock it if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then echo echo "Setting up encrypted /home device" plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome" homedev=/dev/mapper/EncHome fi # and finally do the mount mount \$mountopts \$homedev /home # if we have /home under what's passed for persistent home, then # we should make that the real /home. useful for mtd device on olpc if [ -d /home/home ]; then mount --bind /home/home /home ; fi [ -x /sbin/restorecon ] && /sbin/restorecon /home if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi } findPersistentHome() { for arg in \`cat /proc/cmdline\` ; do if [ "\${arg##persistenthome=}" != "\${arg}" ]; then homedev=\${arg##persistenthome=} return fi done } if strstr "\`cat /proc/cmdline\`" persistenthome= ; then findPersistentHome elif [ -e /mnt/live/\${livedir}/home.img ]; then homedev=/mnt/live/\${livedir}/home.img fi # if we have a persistent /home, then we want to go ahead and mount it if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then action "Mounting persistent /home" mountPersistentHome fi # make it so that we don't do writing to the overlay for things which # are just tmpdirs/caches mount -t tmpfs -o mode=0755 varcacheyum /var/cache/yum mount -t tmpfs tmp /tmp mount -t tmpfs vartmp /var/tmp [ -x /sbin/restorecon ] && /sbin/restorecon /var/cache/yum /tmp /var/tmp >/dev/null 2>&1 if [ -n "\$configdone" ]; then exit 0 fi # add fedora user with no passwd action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser passwd -d liveuser > /dev/null # turn off firstboot for livecd boots chkconfig --level 345 firstboot off 2>/dev/null # We made firstboot a native systemd service, so it can no longer be turned # off with chkconfig. It should be possible to turn it off with systemctl, but # that doesn't work right either. For now, this is good enough: the firstboot # service will start up, but this tells it not to run firstboot. I suspect the # other services 'disabled' below are not actually getting disabled properly, # with systemd, but we can look into that later. - AdamW 2010/08 F14Alpha echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot # don't start yum-updatesd for livecd boots chkconfig --level 345 yum-updatesd off 2>/dev/null # turn off mdmonitor by default chkconfig --level 345 mdmonitor off 2>/dev/null # turn off setroubleshoot on the live image to preserve resources chkconfig --level 345 setroubleshoot off 2>/dev/null # don't do packagekit checking by default gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_updates never >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_upgrades never >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_refresh_cache never >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_available false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_distro_upgrades false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_firmware false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_hardware false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_codec_helper false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_font_helper false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_mime_type_helper false >/dev/null # don't start cron/at as they tend to spawn things which are # disk intensive that are painful on a live image chkconfig --level 345 crond off 2>/dev/null chkconfig --level 345 atd off 2>/dev/null chkconfig --level 345 anacron off 2>/dev/null chkconfig --level 345 readahead_early off 2>/dev/null chkconfig --level 345 readahead_later off 2>/dev/null # Stopgap fix for RH #217966; should be fixed in HAL instead touch /media/.hal-mtab # workaround clock syncing on shutdown that we don't want (#297421) sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt # and hack so that we eject the cd on shutdown if we're using a CD... if strstr "\`cat /proc/cmdline\`" CDLABEL= ; then cat >> /sbin/halt.local << FOE #!/bin/bash # XXX: This often gets stuck during shutdown because /etc/init.d/halt # (or something else still running) wants to read files from the block\ # device that was ejected. Disable for now. Bug #531924 # we want to eject the cd on halt, but let's also try to avoid # io errors due to not being able to get files... #cat /sbin/halt > /dev/null #cat /sbin/reboot > /dev/null #/usr/sbin/eject -p -m \$(readlink -f /dev/live) >/dev/null 2>&1 #echo "Please remove the CD from your drive and press Enter to finish restarting" #read -t 30 < /dev/console FOE chmod +x /sbin/halt.local fi EOF # bah, hal starts way too late cat > /etc/rc.d/init.d/livesys-late << EOF #!/bin/bash # # live: Late init script for live image # # chkconfig: 345 99 01 # description: Late init script for live image. . /etc/init.d/functions if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then exit 0 fi exists() { which \$1 >/dev/null 2>&1 || return \$* } touch /.liveimg-late-configured # read some variables out of /proc/cmdline for o in \`cat /proc/cmdline\` ; do case \$o in ks=*) ks="--kickstart=\${o#ks=}" ;; xdriver=*) xdriver="\${o#xdriver=}" ;; esac done # if liveinst or textinst is given, start anaconda if strstr "\`cat /proc/cmdline\`" liveinst ; then plymouth --quit /usr/sbin/liveinst \$ks fi if strstr "\`cat /proc/cmdline\`" textinst ; then plymouth --quit /usr/sbin/liveinst --text \$ks fi # configure X, allowing user to override xdriver if [ -n "\$xdriver" ]; then cat > /etc/X11/xorg.conf.d/00-xdriver.conf <> /etc/rc.d/init.d/livesys << EOF # disable screensaver locking gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-screensaver/lock_enabled false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /desktop/gnome/lockdown/disable_lock_screen true >/dev/null # set up timed auto-login for after 60 seconds cat >> /etc/gdm/custom.conf << FOE [daemon] AutomaticLoginEnable=True AutomaticLogin=liveuser FOE # Show harddisk install on the desktop sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop mkdir /home/liveuser/Desktop cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop chown -R liveuser.liveuser /home/liveuser/Desktop chmod a+x /home/liveuser/Desktop/liveinst.desktop # But not trash and home gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/nautilus/desktop/trash_icon_visible false >/dev/null gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/nautilus/desktop/home_icon_visible false >/dev/null # Turn off PackageKit-command-not-found while uninstalled sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf EOF # Remove root password passwd -d root > /dev/null # fstab from the install won't match anything. remove it and let dracut # handle mounting. cat /dev/null > /etc/fstab %end # NOTE Do NOT add any other sections after %packages %packages # Packages requires to support this output format go here isomd5sum kernel memtest86+ syslinux -dracut-config-rescue selinux-policy-targeted # Enable networking by removing the config file that disables it -NetworkManager-config-server # This package is needed to boot the iso on UEFI shim shim-ia32 grub2 grub2-efi grub2-efi-*-cdboot grub2-efi-ia32 efibootmgr # NOTE lorax-composer will add the blueprint packages below here, including the final %end%packages