3f5047dd4f
systemd uses /var/lib/systemd/random-seed to add entropy to /dev/urandom at boot time. During image creation this file is created, and if not removed everything using the image will be adding the same seed. This is only additional entropy, NOT a seed in the sense of a starting point for a PRNG, so it will be mixed with other entropy as the system runs. It isn't a good idea to use the same value everywhere so make sure it is removed in %post Resolves: rhbz#1258986
379 lines
12 KiB
Plaintext
379 lines
12 KiB
Plaintext
#version=DEVEL
|
|
sshpw --username=root --plaintext randOmStrinGhERE
|
|
# Firewall configuration
|
|
firewall --enabled --service=mdns
|
|
# Use network installation
|
|
url --url=http://repo/rhel7.0/Server/os
|
|
repo --name=optional --baseurl=http://repo/rhel7.0/Server/optional/os
|
|
|
|
# X Window System configuration information
|
|
xconfig --startxonboot
|
|
# Root password
|
|
rootpw --plaintext removethispw
|
|
# Network information
|
|
network --bootproto=dhcp --onboot=on --activate
|
|
# System authorization information
|
|
auth --useshadow --enablemd5
|
|
# System keyboard
|
|
keyboard --xlayouts=us --vckeymap=us
|
|
# System language
|
|
lang en_US.UTF-8
|
|
# SELinux configuration
|
|
selinux --enforcing
|
|
# Installation logging level
|
|
logging --level=info
|
|
# Shutdown after installation
|
|
shutdown
|
|
# System services
|
|
services --disabled="network,sshd" --enabled="NetworkManager"
|
|
# System timezone
|
|
timezone US/Eastern
|
|
# System bootloader configuration
|
|
bootloader --location=mbr
|
|
# Clear the Master Boot Record
|
|
zerombr
|
|
# Partition clearing information
|
|
clearpart --all
|
|
# Disk partitioning information
|
|
part biosboot --size=1
|
|
part / --fstype="ext4" --size=4000
|
|
part swap --size=1000
|
|
|
|
%post
|
|
# FIXME: it'd be better to get this installed from a package
|
|
cat > /etc/rc.d/init.d/livesys << EOF
|
|
#!/bin/bash
|
|
#
|
|
# live: Init script for live image
|
|
#
|
|
# chkconfig: 345 00 99
|
|
# description: Init script for live image.
|
|
|
|
. /etc/init.d/functions
|
|
|
|
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
if [ -e /.liveimg-configured ] ; then
|
|
configdone=1
|
|
fi
|
|
|
|
exists() {
|
|
which \$1 >/dev/null 2>&1 || return
|
|
\$*
|
|
}
|
|
|
|
touch /.liveimg-configured
|
|
|
|
# mount live image
|
|
if [ -b \`readlink -f /dev/live\` ]; then
|
|
mkdir -p /mnt/live
|
|
mount -o ro /dev/live /mnt/live 2>/dev/null || mount /dev/live /mnt/live
|
|
fi
|
|
|
|
livedir="LiveOS"
|
|
for arg in \`cat /proc/cmdline\` ; do
|
|
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
|
|
livedir=\${arg##live_dir=}
|
|
return
|
|
fi
|
|
done
|
|
|
|
# enable swaps unless requested otherwise
|
|
swaps=\`blkid -t TYPE=swap -o device\`
|
|
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
|
|
for s in \$swaps ; do
|
|
action "Enabling swap partition \$s" swapon \$s
|
|
done
|
|
fi
|
|
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /mnt/live/\${livedir}/swap.img ] ; then
|
|
action "Enabling swap file" swapon /mnt/live/\${livedir}/swap.img
|
|
fi
|
|
|
|
mountPersistentHome() {
|
|
# support label/uuid
|
|
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
|
|
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
|
|
fi
|
|
|
|
# if we're given a file rather than a blockdev, loopback it
|
|
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
|
|
# mtd devs don't have a block device but get magic-mounted with -t jffs2
|
|
mountopts="-t jffs2"
|
|
elif [ ! -b "\$homedev" ]; then
|
|
loopdev=\`losetup -f\`
|
|
if [ "\${homedev##/mnt/live}" != "\${homedev}" ]; then
|
|
action "Remounting live store r/w" mount -o remount,rw /mnt/live
|
|
fi
|
|
losetup \$loopdev \$homedev
|
|
homedev=\$loopdev
|
|
fi
|
|
|
|
# if it's encrypted, we need to unlock it
|
|
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
|
|
echo
|
|
echo "Setting up encrypted /home device"
|
|
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
|
|
homedev=/dev/mapper/EncHome
|
|
fi
|
|
|
|
# and finally do the mount
|
|
mount \$mountopts \$homedev /home
|
|
# if we have /home under what's passed for persistent home, then
|
|
# we should make that the real /home. useful for mtd device on olpc
|
|
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
|
|
[ -x /sbin/restorecon ] && /sbin/restorecon /home
|
|
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
|
|
}
|
|
|
|
findPersistentHome() {
|
|
for arg in \`cat /proc/cmdline\` ; do
|
|
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
|
|
homedev=\${arg##persistenthome=}
|
|
return
|
|
fi
|
|
done
|
|
}
|
|
|
|
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
|
|
findPersistentHome
|
|
elif [ -e /mnt/live/\${livedir}/home.img ]; then
|
|
homedev=/mnt/live/\${livedir}/home.img
|
|
fi
|
|
|
|
# if we have a persistent /home, then we want to go ahead and mount it
|
|
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
|
|
action "Mounting persistent /home" mountPersistentHome
|
|
fi
|
|
|
|
# make it so that we don't do writing to the overlay for things which
|
|
# are just tmpdirs/caches
|
|
mount -t tmpfs -o mode=0755 varcacheyum /var/cache/yum
|
|
mount -t tmpfs tmp /tmp
|
|
mount -t tmpfs vartmp /var/tmp
|
|
[ -x /sbin/restorecon ] && /sbin/restorecon /var/cache/yum /tmp /var/tmp >/dev/null 2>&1
|
|
|
|
if [ -n "\$configdone" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
# add fedora user with no passwd
|
|
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
|
|
passwd -d liveuser > /dev/null
|
|
|
|
# turn off firstboot for livecd boots
|
|
chkconfig --level 345 firstboot off 2>/dev/null
|
|
# We made firstboot a native systemd service, so it can no longer be turned
|
|
# off with chkconfig. It should be possible to turn it off with systemctl, but
|
|
# that doesn't work right either. For now, this is good enough: the firstboot
|
|
# service will start up, but this tells it not to run firstboot. I suspect the
|
|
# other services 'disabled' below are not actually getting disabled properly,
|
|
# with systemd, but we can look into that later. - AdamW 2010/08 F14Alpha
|
|
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
|
|
|
# don't start yum-updatesd for livecd boots
|
|
chkconfig --level 345 yum-updatesd off 2>/dev/null
|
|
|
|
# turn off mdmonitor by default
|
|
chkconfig --level 345 mdmonitor off 2>/dev/null
|
|
|
|
# turn off setroubleshoot on the live image to preserve resources
|
|
chkconfig --level 345 setroubleshoot off 2>/dev/null
|
|
|
|
# don't do packagekit checking by default
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_updates never >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_upgrades never >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_refresh_cache never >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_available false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_distro_upgrades false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_firmware false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_hardware false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_codec_helper false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_font_helper false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_mime_type_helper false >/dev/null
|
|
|
|
|
|
# don't start cron/at as they tend to spawn things which are
|
|
# disk intensive that are painful on a live image
|
|
chkconfig --level 345 crond off 2>/dev/null
|
|
chkconfig --level 345 atd off 2>/dev/null
|
|
chkconfig --level 345 anacron off 2>/dev/null
|
|
chkconfig --level 345 readahead_early off 2>/dev/null
|
|
chkconfig --level 345 readahead_later off 2>/dev/null
|
|
|
|
# Stopgap fix for RH #217966; should be fixed in HAL instead
|
|
touch /media/.hal-mtab
|
|
|
|
# workaround clock syncing on shutdown that we don't want (#297421)
|
|
sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt
|
|
|
|
# and hack so that we eject the cd on shutdown if we're using a CD...
|
|
if strstr "\`cat /proc/cmdline\`" CDLABEL= ; then
|
|
cat >> /sbin/halt.local << FOE
|
|
#!/bin/bash
|
|
# XXX: This often gets stuck during shutdown because /etc/init.d/halt
|
|
# (or something else still running) wants to read files from the block\
|
|
# device that was ejected. Disable for now. Bug #531924
|
|
# we want to eject the cd on halt, but let's also try to avoid
|
|
# io errors due to not being able to get files...
|
|
#cat /sbin/halt > /dev/null
|
|
#cat /sbin/reboot > /dev/null
|
|
#/usr/sbin/eject -p -m \$(readlink -f /dev/live) >/dev/null 2>&1
|
|
#echo "Please remove the CD from your drive and press Enter to finish restarting"
|
|
#read -t 30 < /dev/console
|
|
FOE
|
|
chmod +x /sbin/halt.local
|
|
fi
|
|
|
|
EOF
|
|
|
|
# bah, hal starts way too late
|
|
cat > /etc/rc.d/init.d/livesys-late << EOF
|
|
#!/bin/bash
|
|
#
|
|
# live: Late init script for live image
|
|
#
|
|
# chkconfig: 345 99 01
|
|
# description: Late init script for live image.
|
|
|
|
. /etc/init.d/functions
|
|
|
|
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
|
|
exit 0
|
|
fi
|
|
|
|
exists() {
|
|
which \$1 >/dev/null 2>&1 || return
|
|
\$*
|
|
}
|
|
|
|
touch /.liveimg-late-configured
|
|
|
|
# read some variables out of /proc/cmdline
|
|
for o in \`cat /proc/cmdline\` ; do
|
|
case \$o in
|
|
ks=*)
|
|
ks="--kickstart=\${o#ks=}"
|
|
;;
|
|
xdriver=*)
|
|
xdriver="\${o#xdriver=}"
|
|
;;
|
|
esac
|
|
done
|
|
|
|
# if liveinst or textinst is given, start anaconda
|
|
if strstr "\`cat /proc/cmdline\`" liveinst ; then
|
|
plymouth --quit
|
|
/usr/sbin/liveinst \$ks
|
|
fi
|
|
if strstr "\`cat /proc/cmdline\`" textinst ; then
|
|
plymouth --quit
|
|
/usr/sbin/liveinst --text \$ks
|
|
fi
|
|
|
|
# configure X, allowing user to override xdriver
|
|
if [ -n "\$xdriver" ]; then
|
|
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
|
|
Section "Device"
|
|
Identifier "Videocard0"
|
|
Driver "\$xdriver"
|
|
EndSection
|
|
FOE
|
|
fi
|
|
|
|
EOF
|
|
|
|
chmod 755 /etc/rc.d/init.d/livesys
|
|
/sbin/restorecon /etc/rc.d/init.d/livesys
|
|
/sbin/chkconfig --add livesys
|
|
|
|
chmod 755 /etc/rc.d/init.d/livesys-late
|
|
/sbin/restorecon /etc/rc.d/init.d/livesys-late
|
|
/sbin/chkconfig --add livesys-late
|
|
|
|
# work around for poor key import UI in PackageKit
|
|
rm -f /var/lib/rpm/__db*
|
|
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
|
|
echo "Packages within this LiveCD"
|
|
rpm -qa
|
|
|
|
# go ahead and pre-make the man -k cache (#455968)
|
|
/usr/bin/mandb
|
|
|
|
# make sure there aren't core files lying around
|
|
rm -f /core*
|
|
|
|
# convince readahead not to collect
|
|
rm -f /.readahead_collect
|
|
touch /var/lib/readahead/early.sorted
|
|
|
|
# Remove random-seed
|
|
rm /var/lib/systemd/random-seed
|
|
%end
|
|
|
|
%post --nochroot
|
|
cp $INSTALL_ROOT/usr/share/doc/*-release-*/GPL $LIVE_ROOT/GPL
|
|
|
|
# only works on x86, x86_64
|
|
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
|
|
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
|
|
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
|
|
fi
|
|
%end
|
|
|
|
%post
|
|
cat >> /etc/rc.d/init.d/livesys << EOF
|
|
# disable screensaver locking
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-screensaver/lock_enabled false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /desktop/gnome/lockdown/disable_lock_screen true >/dev/null
|
|
|
|
# set up timed auto-login for after 60 seconds
|
|
cat >> /etc/gdm/custom.conf << FOE
|
|
[daemon]
|
|
AutomaticLoginEnable=True
|
|
AutomaticLogin=liveuser
|
|
FOE
|
|
|
|
# Show harddisk install on the desktop
|
|
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop
|
|
mkdir /home/liveuser/Desktop
|
|
cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop
|
|
chown -R liveuser.liveuser /home/liveuser/Desktop
|
|
chmod a+x /home/liveuser/Desktop/liveinst.desktop
|
|
|
|
# But not trash and home
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/nautilus/desktop/trash_icon_visible false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/nautilus/desktop/home_icon_visible false >/dev/null
|
|
|
|
# Turn off PackageKit-command-not-found while uninstalled
|
|
sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
|
|
|
|
EOF
|
|
|
|
# Remove root password
|
|
passwd -d root > /dev/null
|
|
|
|
# fstab from the install won't match anything. remove it and let dracut
|
|
# handle mounting.
|
|
cat /dev/null > /etc/fstab
|
|
|
|
%end
|
|
|
|
%packages
|
|
@core
|
|
@fonts
|
|
@x11
|
|
@gnome-desktop
|
|
@input-methods
|
|
anaconda
|
|
isomd5sum
|
|
kernel
|
|
memtest86+
|
|
grub2-efi
|
|
grub2
|
|
shim
|
|
syslinux
|
|
-dracut-config-rescue
|
|
%end
|