60c7ab3e91
This is required to ensure that SELinux is configured properly while building. It fixes the problem with building tar, and should be installed in the other image types for consistency. Resolves: rhbz#1654795
363 lines
12 KiB
Plaintext
363 lines
12 KiB
Plaintext
# Lorax Composer Live ISO output kickstart template
|
|
|
|
# Firewall configuration
|
|
firewall --enabled --service=mdns
|
|
|
|
# X Window System configuration information
|
|
xconfig --startxonboot
|
|
# Root password is removed for live-iso
|
|
rootpw --plaintext removethispw
|
|
# Network information
|
|
network --bootproto=dhcp --onboot=on --activate
|
|
# System keyboard
|
|
keyboard --xlayouts=us --vckeymap=us
|
|
# System language
|
|
lang en_US.UTF-8
|
|
# SELinux configuration
|
|
selinux --enforcing
|
|
# Installation logging level
|
|
logging --level=info
|
|
# Shutdown after installation
|
|
shutdown
|
|
# System services
|
|
services --disabled="network,sshd" --enabled="NetworkManager"
|
|
# System timezone
|
|
timezone US/Eastern
|
|
# System bootloader configuration
|
|
bootloader --location=mbr
|
|
# Clear the Master Boot Record
|
|
zerombr
|
|
|
|
%post
|
|
# FIXME: it'd be better to get this installed from a package
|
|
cat > /etc/rc.d/init.d/livesys << EOF
|
|
#!/bin/bash
|
|
#
|
|
# live: Init script for live image
|
|
#
|
|
# chkconfig: 345 00 99
|
|
# description: Init script for live image.
|
|
|
|
. /etc/init.d/functions
|
|
|
|
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
if [ -e /.liveimg-configured ] ; then
|
|
configdone=1
|
|
fi
|
|
|
|
exists() {
|
|
which \$1 >/dev/null 2>&1 || return
|
|
\$*
|
|
}
|
|
|
|
touch /.liveimg-configured
|
|
|
|
# mount live image
|
|
if [ -b \`readlink -f /dev/live\` ]; then
|
|
mkdir -p /mnt/live
|
|
mount -o ro /dev/live /mnt/live 2>/dev/null || mount /dev/live /mnt/live
|
|
fi
|
|
|
|
livedir="LiveOS"
|
|
for arg in \`cat /proc/cmdline\` ; do
|
|
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
|
|
livedir=\${arg##live_dir=}
|
|
return
|
|
fi
|
|
done
|
|
|
|
# enable swaps unless requested otherwise
|
|
swaps=\`blkid -t TYPE=swap -o device\`
|
|
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
|
|
for s in \$swaps ; do
|
|
action "Enabling swap partition \$s" swapon \$s
|
|
done
|
|
fi
|
|
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /mnt/live/\${livedir}/swap.img ] ; then
|
|
action "Enabling swap file" swapon /mnt/live/\${livedir}/swap.img
|
|
fi
|
|
|
|
mountPersistentHome() {
|
|
# support label/uuid
|
|
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
|
|
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
|
|
fi
|
|
|
|
# if we're given a file rather than a blockdev, loopback it
|
|
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
|
|
# mtd devs don't have a block device but get magic-mounted with -t jffs2
|
|
mountopts="-t jffs2"
|
|
elif [ ! -b "\$homedev" ]; then
|
|
loopdev=\`losetup -f\`
|
|
if [ "\${homedev##/mnt/live}" != "\${homedev}" ]; then
|
|
action "Remounting live store r/w" mount -o remount,rw /mnt/live
|
|
fi
|
|
losetup \$loopdev \$homedev
|
|
homedev=\$loopdev
|
|
fi
|
|
|
|
# if it's encrypted, we need to unlock it
|
|
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
|
|
echo
|
|
echo "Setting up encrypted /home device"
|
|
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
|
|
homedev=/dev/mapper/EncHome
|
|
fi
|
|
|
|
# and finally do the mount
|
|
mount \$mountopts \$homedev /home
|
|
# if we have /home under what's passed for persistent home, then
|
|
# we should make that the real /home. useful for mtd device on olpc
|
|
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
|
|
[ -x /sbin/restorecon ] && /sbin/restorecon /home
|
|
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
|
|
}
|
|
|
|
findPersistentHome() {
|
|
for arg in \`cat /proc/cmdline\` ; do
|
|
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
|
|
homedev=\${arg##persistenthome=}
|
|
return
|
|
fi
|
|
done
|
|
}
|
|
|
|
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
|
|
findPersistentHome
|
|
elif [ -e /mnt/live/\${livedir}/home.img ]; then
|
|
homedev=/mnt/live/\${livedir}/home.img
|
|
fi
|
|
|
|
# if we have a persistent /home, then we want to go ahead and mount it
|
|
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
|
|
action "Mounting persistent /home" mountPersistentHome
|
|
fi
|
|
|
|
# make it so that we don't do writing to the overlay for things which
|
|
# are just tmpdirs/caches
|
|
mount -t tmpfs -o mode=0755 varcacheyum /var/cache/yum
|
|
mount -t tmpfs tmp /tmp
|
|
mount -t tmpfs vartmp /var/tmp
|
|
[ -x /sbin/restorecon ] && /sbin/restorecon /var/cache/yum /tmp /var/tmp >/dev/null 2>&1
|
|
|
|
if [ -n "\$configdone" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
# add fedora user with no passwd
|
|
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
|
|
passwd -d liveuser > /dev/null
|
|
|
|
# turn off firstboot for livecd boots
|
|
chkconfig --level 345 firstboot off 2>/dev/null
|
|
# We made firstboot a native systemd service, so it can no longer be turned
|
|
# off with chkconfig. It should be possible to turn it off with systemctl, but
|
|
# that doesn't work right either. For now, this is good enough: the firstboot
|
|
# service will start up, but this tells it not to run firstboot. I suspect the
|
|
# other services 'disabled' below are not actually getting disabled properly,
|
|
# with systemd, but we can look into that later. - AdamW 2010/08 F14Alpha
|
|
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
|
|
|
# don't start yum-updatesd for livecd boots
|
|
chkconfig --level 345 yum-updatesd off 2>/dev/null
|
|
|
|
# turn off mdmonitor by default
|
|
chkconfig --level 345 mdmonitor off 2>/dev/null
|
|
|
|
# turn off setroubleshoot on the live image to preserve resources
|
|
chkconfig --level 345 setroubleshoot off 2>/dev/null
|
|
|
|
# don't do packagekit checking by default
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_updates never >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_get_upgrades never >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/update-icon/frequency_refresh_cache never >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_available false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/update-icon/notify_distro_upgrades false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_firmware false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_check_hardware false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_codec_helper false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_font_helper false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/enable_mime_type_helper false >/dev/null
|
|
|
|
|
|
# don't start cron/at as they tend to spawn things which are
|
|
# disk intensive that are painful on a live image
|
|
chkconfig --level 345 crond off 2>/dev/null
|
|
chkconfig --level 345 atd off 2>/dev/null
|
|
chkconfig --level 345 anacron off 2>/dev/null
|
|
chkconfig --level 345 readahead_early off 2>/dev/null
|
|
chkconfig --level 345 readahead_later off 2>/dev/null
|
|
|
|
# Stopgap fix for RH #217966; should be fixed in HAL instead
|
|
touch /media/.hal-mtab
|
|
|
|
# workaround clock syncing on shutdown that we don't want (#297421)
|
|
sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt
|
|
|
|
# and hack so that we eject the cd on shutdown if we're using a CD...
|
|
if strstr "\`cat /proc/cmdline\`" CDLABEL= ; then
|
|
cat >> /sbin/halt.local << FOE
|
|
#!/bin/bash
|
|
# XXX: This often gets stuck during shutdown because /etc/init.d/halt
|
|
# (or something else still running) wants to read files from the block\
|
|
# device that was ejected. Disable for now. Bug #531924
|
|
# we want to eject the cd on halt, but let's also try to avoid
|
|
# io errors due to not being able to get files...
|
|
#cat /sbin/halt > /dev/null
|
|
#cat /sbin/reboot > /dev/null
|
|
#/usr/sbin/eject -p -m \$(readlink -f /dev/live) >/dev/null 2>&1
|
|
#echo "Please remove the CD from your drive and press Enter to finish restarting"
|
|
#read -t 30 < /dev/console
|
|
FOE
|
|
chmod +x /sbin/halt.local
|
|
fi
|
|
|
|
EOF
|
|
|
|
# bah, hal starts way too late
|
|
cat > /etc/rc.d/init.d/livesys-late << EOF
|
|
#!/bin/bash
|
|
#
|
|
# live: Late init script for live image
|
|
#
|
|
# chkconfig: 345 99 01
|
|
# description: Late init script for live image.
|
|
|
|
. /etc/init.d/functions
|
|
|
|
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
|
|
exit 0
|
|
fi
|
|
|
|
exists() {
|
|
which \$1 >/dev/null 2>&1 || return
|
|
\$*
|
|
}
|
|
|
|
touch /.liveimg-late-configured
|
|
|
|
# read some variables out of /proc/cmdline
|
|
for o in \`cat /proc/cmdline\` ; do
|
|
case \$o in
|
|
ks=*)
|
|
ks="--kickstart=\${o#ks=}"
|
|
;;
|
|
xdriver=*)
|
|
xdriver="\${o#xdriver=}"
|
|
;;
|
|
esac
|
|
done
|
|
|
|
# if liveinst or textinst is given, start anaconda
|
|
if strstr "\`cat /proc/cmdline\`" liveinst ; then
|
|
plymouth --quit
|
|
/usr/sbin/liveinst \$ks
|
|
fi
|
|
if strstr "\`cat /proc/cmdline\`" textinst ; then
|
|
plymouth --quit
|
|
/usr/sbin/liveinst --text \$ks
|
|
fi
|
|
|
|
# configure X, allowing user to override xdriver
|
|
if [ -n "\$xdriver" ]; then
|
|
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
|
|
Section "Device"
|
|
Identifier "Videocard0"
|
|
Driver "\$xdriver"
|
|
EndSection
|
|
FOE
|
|
fi
|
|
|
|
EOF
|
|
|
|
chmod 755 /etc/rc.d/init.d/livesys
|
|
/sbin/restorecon /etc/rc.d/init.d/livesys
|
|
/sbin/chkconfig --add livesys
|
|
|
|
chmod 755 /etc/rc.d/init.d/livesys-late
|
|
/sbin/restorecon /etc/rc.d/init.d/livesys-late
|
|
/sbin/chkconfig --add livesys-late
|
|
|
|
# work around for poor key import UI in PackageKit
|
|
rm -f /var/lib/rpm/__db*
|
|
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
|
|
echo "Packages within this LiveCD"
|
|
rpm -qa
|
|
|
|
# go ahead and pre-make the man -k cache (#455968)
|
|
/usr/bin/mandb
|
|
|
|
# make sure there aren't core files lying around
|
|
rm -f /core*
|
|
|
|
# convince readahead not to collect
|
|
rm -f /.readahead_collect
|
|
touch /var/lib/readahead/early.sorted
|
|
|
|
# Remove random-seed
|
|
rm /var/lib/systemd/random-seed
|
|
%end
|
|
|
|
%post
|
|
cat >> /etc/rc.d/init.d/livesys << EOF
|
|
# disable screensaver locking
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-screensaver/lock_enabled false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /desktop/gnome/lockdown/disable_lock_screen true >/dev/null
|
|
|
|
# set up timed auto-login for after 60 seconds
|
|
cat >> /etc/gdm/custom.conf << FOE
|
|
[daemon]
|
|
AutomaticLoginEnable=True
|
|
AutomaticLogin=liveuser
|
|
FOE
|
|
|
|
# Show harddisk install on the desktop
|
|
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop
|
|
mkdir /home/liveuser/Desktop
|
|
cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop
|
|
chown -R liveuser.liveuser /home/liveuser/Desktop
|
|
chmod a+x /home/liveuser/Desktop/liveinst.desktop
|
|
|
|
# But not trash and home
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/nautilus/desktop/trash_icon_visible false >/dev/null
|
|
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/nautilus/desktop/home_icon_visible false >/dev/null
|
|
|
|
# Turn off PackageKit-command-not-found while uninstalled
|
|
sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
|
|
|
|
EOF
|
|
|
|
# Remove root password
|
|
passwd -d root > /dev/null
|
|
|
|
# fstab from the install won't match anything. remove it and let dracut
|
|
# handle mounting.
|
|
cat /dev/null > /etc/fstab
|
|
|
|
%end
|
|
|
|
# NOTE Do NOT add any other sections after %packages
|
|
%packages
|
|
# Packages requires to support this output format go here
|
|
isomd5sum
|
|
kernel
|
|
memtest86+
|
|
syslinux
|
|
-dracut-config-rescue
|
|
selinux-policy-targeted
|
|
|
|
# This package is needed to boot the iso on UEFI
|
|
shim
|
|
shim-ia32
|
|
grub2
|
|
grub2-efi
|
|
grub2-efi-*-cdboot
|
|
grub2-efi-ia32
|
|
efibootmgr
|
|
|
|
|
|
# NOTE lorax-composer will add the blueprint packages below here, including the final %end%packages
|