diff --git a/.gitignore b/.gitignore
index 23be26d..fc3fad5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,3 +24,4 @@ clog
/lorax-templates-rhel-10.0-22.tar.gz
/lorax-templates-rhel-10.0-23.tar.gz
/lorax-templates-rhel-10.0-24.tar.gz
+/lorax-templates-rhel-10.0-25.tar.gz
diff --git a/80-rhel/aarch64.tmpl b/80-rhel/aarch64.tmpl
index 2893a50..0b6ee50 100644
--- a/80-rhel/aarch64.tmpl
+++ b/80-rhel/aarch64.tmpl
@@ -68,7 +68,7 @@ mkdir ${KERNELDIR}
%>
# Add the license files
-%for f in glob("/usr/share/licenses/*-release/*"):
+%for f in glob("usr/share/licenses/*-release-common/*"):
install ${f} ${f|basename}
<% filegraft += " {0}={1}/{0}".format(basename(f), outroot) %>
%endfor
diff --git a/80-rhel/appliance/libvirt.tmpl b/80-rhel/appliance/libvirt.tmpl
index a739e63..b6ffc61 100644
--- a/80-rhel/appliance/libvirt.tmpl
+++ b/80-rhel/appliance/libvirt.tmpl
@@ -9,7 +9,7 @@
-%for disk, letter in zip(disks, xrange(97, 123)):
+%for disk, letter in zip(disks, range(97, 123)):
%endfor
diff --git a/80-rhel/config_files/aarch64/grub2-efi.cfg b/80-rhel/config_files/aarch64/grub2-efi.cfg
index 80db480..1ce5d33 100644
--- a/80-rhel/config_files/aarch64/grub2-efi.cfg
+++ b/80-rhel/config_files/aarch64/grub2-efi.cfg
@@ -35,8 +35,8 @@ menuentry 'Test this media & install @PRODUCT@ @VERSION@' --class red --class gn
initrd @INITRDPATH@
}
submenu 'Troubleshooting -->' {
- menuentry 'Install @PRODUCT@ @VERSION@ in text mode' --class red --class gnu-linux --class gnu --class os {
- linux @KERNELPATH@ @ROOT@ inst.text
+ menuentry 'Install @PRODUCT@ @VERSION@ in basic graphics mode' --class red --class gnu-linux --class gnu --class os {
+ linux @KERNELPATH@ @ROOT@ nomodeset
initrd @INITRDPATH@
}
menuentry 'Rescue a @PRODUCT@ system' --class red --class gnu-linux --class gnu --class os {
diff --git a/80-rhel/config_files/common/inst.rngd.service b/80-rhel/config_files/common/inst.rngd.service
new file mode 100644
index 0000000..7b51033
--- /dev/null
+++ b/80-rhel/config_files/common/inst.rngd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Hardware RNG Entropy Gatherer Daemon
+ConditionVirtualization=!container
+ConditionKernelCommandLine=|inst.rngd
+ConditionKernelCommandLine=!inst.rngd=0
+
+# The "-f" option is required for the systemd service rngd to work with Type=simple
+[Service]
+Type=simple
+EnvironmentFile=/etc/sysconfig/rngd
+ExecStart=/usr/sbin/rngd -f $RNGD_ARGS
diff --git a/80-rhel/config_files/common/rsyslog.conf b/80-rhel/config_files/common/rsyslog.conf
index 63ab463..6e47f41 100644
--- a/80-rhel/config_files/common/rsyslog.conf
+++ b/80-rhel/config_files/common/rsyslog.conf
@@ -1,62 +1,43 @@
-# rsyslog configuration file
+# minimal rsyslog configuration file for the installer boot.iso
-# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
-# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
+# provides support for local system logging (e.g. via logger command)
+# disables message dropping, we need all of them
+# Turn off message reception via local log socket;
+# local messages are retrieved through imjournal now.
+module(load="imuxsock"
+ SysSock.RateLimit.Interval="0"
+ SysSock.Use="off")
-#### MODULES ####
-
-# The imjournal module below is now used as a message source instead of imuxsock.
-$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
-$SystemLogRateLimitInterval 0 # disables message dropping, we need all of them
-$ModLoad imjournal # provides access to the systemd journal
-#$ModLoad imklog # reads kernel messages (the same are read from journald)
-#$ModLoad immark # provides --MARK-- message capability
+# provides access to the systemd journal
# Disable rate limiting to the journal, we need all the messages for debugging
-$imjournalRatelimitInterval 0
-$imjournalRatelimitBurst 0
+module(load="imjournal"
+ Ratelimit.Interval="0"
+ Ratelimit.Burst="0"
+ StateFile="imjournal.state")
-# Provides UDP syslog reception
-#$ModLoad imudp
-#$UDPServerRun 514
+module(load="imfile" mode="inotify")
+input(type="imfile"
+ File="/tmp/X.log"
+ Tag="xserver:"
+ Facility="local1")
-# Provides TCP syslog reception
-#$ModLoad imtcp
-#$InputTCPServerRun 514
+input(type="imfile"
+ File="/tmp/anaconda-tb-all.log"
+ Tag="anaconda-tb:"
+ Facility="local1")
-$ModLoad imfile
-$InputFileName /tmp/X.log
-$InputFileTag xserver:
-$InputFileStateFile xserver-statefile
-$InputFileFacility local1
-$InputRunFileMonitor
-$InputFileName /tmp/anaconda-tb-all.log
-$InputFileTag anaconda-tb:
-$InputFileStateFile anaconda-tb-statefile
-$InputFileFacility local1
-$InputRunFileMonitor
+module(load="builtin:omfile"
+ Template="RSYSLOG_TraditionalFileFormat"
+)
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
-$WorkDirectory /var/lib/rsyslog
-
-# Use default timestamp format
-$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
-
-# File syncing capability is disabled by default. This feature is usually not required,
-# not useful and an extreme performance hit
-#$ActionFileEnableSync on
+global(workDirectory="/var/lib/rsyslog")
# Include all config files in /etc/rsyslog.d/
-$IncludeConfig /etc/rsyslog.d/*.conf
-
-# Turn off message reception via local log socket;
-# local messages are retrieved through imjournal now.
-$OmitLocalLogging on
-
-# File to store the position in the journal
-$IMJournalStateFile imjournal.state
+include(file="/etc/rsyslog.d/*.conf")
#### TEMPLATES ####
diff --git a/80-rhel/config_files/common/sshd_config.anaconda b/80-rhel/config_files/common/sshd_config.anaconda
index 940f501..241ba8f 100644
--- a/80-rhel/config_files/common/sshd_config.anaconda
+++ b/80-rhel/config_files/common/sshd_config.anaconda
@@ -1,7 +1,5 @@
PermitRootLogin yes
-X11Forwarding yes
-X11DisplayOffset 10
-PrintMotd no
+PrintMotd yes
SyslogFacility AUTHPRIV
PasswordAuthentication yes
PermitEmptyPasswords yes
diff --git a/80-rhel/config_files/ppc/grub.cfg.in b/80-rhel/config_files/ppc/grub.cfg.in
index aa5f1dc..1b14ede 100644
--- a/80-rhel/config_files/ppc/grub.cfg.in
+++ b/80-rhel/config_files/ppc/grub.cfg.in
@@ -1,5 +1,5 @@
set default=0
-set timeout=5
+set timeout=60
echo -e "\nWelcome to the @PRODUCT@ @VERSION@ installer!\n\n"
diff --git a/80-rhel/config_files/sparc/silo.conf b/80-rhel/config_files/sparc/silo.conf
index 846c569..159ebb7 100644
--- a/80-rhel/config_files/sparc/silo.conf
+++ b/80-rhel/config_files/sparc/silo.conf
@@ -1,7 +1,7 @@
partition=1
default=linux
read-write
-timeout=100
+timeout=600
message=/boot/boot.msg
image[sun4u]=/boot/vmlinuz
label=linux
diff --git a/80-rhel/config_files/x86/grub2-bios.cfg b/80-rhel/config_files/x86/grub2-bios.cfg
index 9c3e86a..cfca1bf 100644
--- a/80-rhel/config_files/x86/grub2-bios.cfg
+++ b/80-rhel/config_files/x86/grub2-bios.cfg
@@ -9,6 +9,7 @@ set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod ext2
+insmod chain
set timeout=60
### END /etc/grub.d/00_header ###
@@ -33,4 +34,10 @@ submenu 'Troubleshooting -->' {
linux @KERNELPATH@ @ROOT@ inst.rescue quiet
initrd @INITRDPATH@
}
+ menuentry 'Boot first drive' --class fedora --class gnu-linux --class gnu --class os {
+ chainloader (hd0)+1
+ }
+ menuentry 'Boot second drive' --class fedora --class gnu-linux --class gnu --class os {
+ chainloader (hd1)+1
+ }
}
diff --git a/80-rhel/config_files/x86/grub2-efi.cfg b/80-rhel/config_files/x86/grub2-efi.cfg
index 5fc47de..8c9adad 100644
--- a/80-rhel/config_files/x86/grub2-efi.cfg
+++ b/80-rhel/config_files/x86/grub2-efi.cfg
@@ -29,8 +29,8 @@ menuentry 'Test this media & install @PRODUCT@ @VERSION@' --class fedora --class
initrdefi @INITRDPATH@
}
submenu 'Troubleshooting -->' {
- menuentry 'Install @PRODUCT@ @VERSION@ in text mode' --class fedora --class gnu-linux --class gnu --class os {
- linuxefi @KERNELPATH@ @ROOT@ inst.text quiet
+ menuentry 'Install @PRODUCT@ @VERSION@ in basic graphics mode' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi @KERNELPATH@ @ROOT@ nomodeset quiet
initrdefi @INITRDPATH@
}
menuentry 'Rescue a @PRODUCT@ system' --class fedora --class gnu-linux --class gnu --class os {
diff --git a/80-rhel/config_files/x86/isolinux.cfg b/80-rhel/config_files/x86/isolinux.cfg
index 01bf0cd..216d36f 100644
--- a/80-rhel/config_files/x86/isolinux.cfg
+++ b/80-rhel/config_files/x86/isolinux.cfg
@@ -73,17 +73,17 @@ menu separator # insert an empty line
# utilities submenu
menu begin ^Troubleshooting
- menu title Troubleshooting
+ menu title Troubleshooting @PRODUCT@ @VERSION@
-label text
+label basic
menu indent count 5
- menu label Install @PRODUCT@ @VERSION@ using ^text mode
+ menu label Install using ^basic graphics mode
text help
Try this option out if you're having trouble installing
@PRODUCT@ @VERSION@.
endtext
kernel vmlinuz
- append initrd=initrd.img @ROOT@ inst.text quiet
+ append initrd=initrd.img @ROOT@ nomodeset quiet
label rescue
menu indent count 5
@@ -95,15 +95,6 @@ label rescue
kernel vmlinuz
append initrd=initrd.img @ROOT@ inst.rescue quiet
-label memtest
- menu label Run a ^memory test
- text help
- If your system is having issues, a problem with your
- system's memory may be the cause. Use this utility to
- see if the memory is working correctly.
- endtext
- kernel memtest
-
menu separator # insert an empty line
label local
diff --git a/80-rhel/efi.tmpl b/80-rhel/efi.tmpl
index 3cb3b2e..80600d2 100644
--- a/80-rhel/efi.tmpl
+++ b/80-rhel/efi.tmpl
@@ -17,7 +17,7 @@ install boot/efi/EFI/*/shim${efiarch32|lower}.efi ${EFIBOOTDIR}/BOOT${efiarch32}
install boot/efi/EFI/*/mm${efiarch32|lower}.efi ${EFIBOOTDIR}/
install boot/efi/EFI/*/gcd${efiarch32|lower}.efi ${EFIBOOTDIR}/grub${efiarch32|lower}.efi
%endif
-install boot/grub2/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
+install usr/share/grub/unicode.pf2 ${EFIBOOTDIR}/fonts/
## actually make the EFI images
${make_efiboot("images/efiboot.img")}
diff --git a/80-rhel/live/aarch64.tmpl b/80-rhel/live/aarch64.tmpl
index a59c4ff..d1a3f87 100644
--- a/80-rhel/live/aarch64.tmpl
+++ b/80-rhel/live/aarch64.tmpl
@@ -67,7 +67,7 @@ mkdir ${KERNELDIR}
%endfor
# Add the license files
-%for f in glob("/usr/share/licenses/*-release/*"):
+%for f in glob("usr/share/licenses/*-release-common/*"):
install ${f} ${f|basename}
<% filegraft += " {0}={1}/{0}".format(basename(f), outroot) %>
%endfor
diff --git a/80-rhel/live/config_files/aarch64/grub2-efi.cfg b/80-rhel/live/config_files/aarch64/grub2-efi.cfg
index ea655ff..c874547 100644
--- a/80-rhel/live/config_files/aarch64/grub2-efi.cfg
+++ b/80-rhel/live/config_files/aarch64/grub2-efi.cfg
@@ -27,10 +27,16 @@ search --no-floppy --set=root -l '@ISOLABEL@'
### BEGIN /etc/grub.d/10_linux ###
menuentry 'Start @PRODUCT@ @VERSION@' --class red --class gnu-linux --class gnu --class os {
- linux @KERNELPATH@ @ROOT@ @EXTRA@ rd.live.image quiet
+ linux @KERNELPATH@ @ROOT@ @EXTRA@ rd.live.image quiet rhgb
initrd @INITRDPATH@
}
menuentry 'Test this media & start @PRODUCT@ @VERSION@' --class red --class gnu-linux --class gnu --class os {
linux @KERNELPATH@ @ROOT@ @EXTRA@ rd.live.image rd.live.check quiet
initrd @INITRDPATH@
}
+submenu 'Troubleshooting -->' {
+ menuentry 'Install @PRODUCT@ @VERSION@ in basic graphics mode' --class red --class gnu-linux --class gnu --class os {
+ linux @KERNELPATH@ @ROOT@ @EXTRA@ rd.live.image nomodeset quiet rhgb
+ initrd @INITRDPATH@
+ }
+}
diff --git a/80-rhel/live/config_files/ppc/grub.cfg.in b/80-rhel/live/config_files/ppc/grub.cfg.in
index 99703ad..27b8837 100644
--- a/80-rhel/live/config_files/ppc/grub.cfg.in
+++ b/80-rhel/live/config_files/ppc/grub.cfg.in
@@ -4,7 +4,7 @@ set timeout=5
echo -e "\nWelcome to the @PRODUCT@ @VERSION@ installer!\n\n"
menuentry "Start @PRODUCT@ @VERSION@ (64-bit kernel)" --class fedora --class gnu-linux --class gnu --class os {
- linux /ppc/ppc64/vmlinuz @ROOT@ @EXTRA@ ro rd.live.image quiet
+ linux /ppc/ppc64/vmlinuz @ROOT@ @EXTRA@ ro rd.live.image quiet rhgb
initrd /ppc/ppc64/initrd.img
}
diff --git a/80-rhel/live/config_files/x86/grub2-bios.cfg b/80-rhel/live/config_files/x86/grub2-bios.cfg
index b1337c3..73d0a56 100644
--- a/80-rhel/live/config_files/x86/grub2-bios.cfg
+++ b/80-rhel/live/config_files/x86/grub2-bios.cfg
@@ -9,6 +9,7 @@ set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod ext2
+insmod chain
set timeout=60
### END /etc/grub.d/00_header ###
@@ -26,7 +27,13 @@ menuentry 'Test this media & start @PRODUCT@ @VERSION@' --class fedora --class g
}
submenu 'Troubleshooting -->' {
menuentry 'Start @PRODUCT@ @VERSION@ in basic graphics mode' --class fedora --class gnu-linux --class gnu --class os {
- linux @KERNELPATH@ @ROOT@ @EXTRA@ rd.live.image nomodeset quiet rhgb
+ linux @KERNELPATH@ @ROOT@ @EXTRA@ rd.live.image nomodeset vga=791 quiet rhgb
initrd @INITRDPATH@
}
+ menuentry 'Boot first drive' --class fedora --class gnu-linux --class gnu --class os {
+ chainloader (hd0)+1
+ }
+ menuentry 'Boot second drive' --class fedora --class gnu-linux --class gnu --class os {
+ chainloader (hd1)+1
+ }
}
diff --git a/80-rhel/live/config_files/x86/grub2-efi.cfg b/80-rhel/live/config_files/x86/grub2-efi.cfg
index 89a74ea..3906958 100644
--- a/80-rhel/live/config_files/x86/grub2-efi.cfg
+++ b/80-rhel/live/config_files/x86/grub2-efi.cfg
@@ -21,10 +21,16 @@ search --no-floppy --set=root -l '@ISOLABEL@'
### BEGIN /etc/grub.d/10_linux ###
menuentry 'Start @PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
- linuxefi @KERNELPATH@ @ROOT@ @EXTRA@ rd.live.image quiet
+ linuxefi @KERNELPATH@ @ROOT@ @EXTRA@ rd.live.image quiet rhgb
initrdefi @INITRDPATH@
}
menuentry 'Test this media & start @PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
linuxefi @KERNELPATH@ @ROOT@ @EXTRA@ rd.live.image rd.live.check quiet
initrdefi @INITRDPATH@
}
+submenu 'Troubleshooting -->' {
+ menuentry 'Start @PRODUCT@ @VERSION@ in basic graphics mode' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi @KERNELPATH@ @ROOT@ @EXTRA@ rd.live.image nomodeset quiet rhgb
+ initrdefi @INITRDPATH@
+ }
+}
diff --git a/80-rhel/live/efi.tmpl b/80-rhel/live/efi.tmpl
index 8324c1d..813f91e 100644
--- a/80-rhel/live/efi.tmpl
+++ b/80-rhel/live/efi.tmpl
@@ -17,7 +17,7 @@ install boot/efi/EFI/*/shim${efiarch32|lower}.efi ${EFIBOOTDIR}/BOOT${efiarch32}
install boot/efi/EFI/*/mm${efiarch32|lower}.efi ${EFIBOOTDIR}/
install boot/efi/EFI/*/gcd${efiarch32|lower}.efi ${EFIBOOTDIR}/grub${efiarch32|lower}.efi
%endif
-install boot/grub2/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
+install usr/share/grub/unicode.pf2 ${EFIBOOTDIR}/fonts/
## actually make the EFI images
${make_efiboot("images/efiboot.img")}
diff --git a/80-rhel/live/live-install.tmpl b/80-rhel/live/live-install.tmpl
index ecaa183..ef514ee 100644
--- a/80-rhel/live/live-install.tmpl
+++ b/80-rhel/live/live-install.tmpl
@@ -10,11 +10,12 @@
installpkg grub2-tools-efi
installpkg efibootmgr
installpkg shim-x64 grub2-efi-x64-cdboot
- installpkg biosdevname memtest86+
+ installpkg shim-ia32 grub2-efi-ia32-cdboot
+ installpkg biosdevname
installpkg grub2-tools grub2-tools-minimal grub2-tools-extra
installpkg grub2-pc-modules
%endif
-%if basearch in ("ppc64le"):
+%if basearch == "ppc64le":
installpkg powerpc-utils
installpkg grub2-tools grub2-tools-minimal grub2-tools-extra
installpkg grub2-${basearch}
diff --git a/80-rhel/live/ppc64le.tmpl b/80-rhel/live/ppc64le.tmpl
index e8d225f..0c743f2 100644
--- a/80-rhel/live/ppc64le.tmpl
+++ b/80-rhel/live/ppc64le.tmpl
@@ -72,7 +72,7 @@ replace @EXTRA@ '${extra_boot_args}' ${GRUBDIR}/grub.cfg
%endfor
# Add the license files
-%for f in glob("/usr/share/licenses/*-release/*"):
+%for f in glob("usr/share/licenses/*-release-common/*"):
install ${f} ${f|basename}
<% filegraft += " {0}={1}/{0}".format(basename(f), outroot) %>
%endfor
diff --git a/80-rhel/live/s390.tmpl b/80-rhel/live/s390.tmpl
index 08f815e..3d2e54b 100644
--- a/80-rhel/live/s390.tmpl
+++ b/80-rhel/live/s390.tmpl
@@ -69,7 +69,7 @@ treeinfo images-${basearch} cdboot.prm ${BOOTDIR}/cdboot.prm
%endfor
# Add the license files
-%for f in glob("/usr/share/licenses/*-release/*"):
+%for f in glob("usr/share/licenses/*-release-common/*"):
install ${f} ${f|basename}
<% filegraft += " {0}={1}/{0}".format(basename(f), outroot) %>
%endfor
diff --git a/80-rhel/live/x86.tmpl b/80-rhel/live/x86.tmpl
index 95e02ef..cf4dad4 100644
--- a/80-rhel/live/x86.tmpl
+++ b/80-rhel/live/x86.tmpl
@@ -80,7 +80,7 @@ replace @EXTRA@ '${extra_boot_args}' ${GRUB2DIR}/grub.cfg
%endfor
# Add the license files
-%for f in glob("/usr/share/licenses/*-release/*"):
+%for f in glob("usr/share/licenses/*-release-common/*"):
install ${f} ${f|basename}
<% filegraft += " {0}={1}/{0}".format(basename(f), outroot) %>
%endfor
diff --git a/80-rhel/ppc64le.tmpl b/80-rhel/ppc64le.tmpl
index b3503ca..802ba9d 100644
--- a/80-rhel/ppc64le.tmpl
+++ b/80-rhel/ppc64le.tmpl
@@ -78,7 +78,7 @@ replace @ROOT@ 'inst.stage2=hd:LABEL=${isolabel|udev}' ${GRUBDIR}/grub.cfg
%>
# Add the license files
-%for f in glob("/usr/share/licenses/*-release/*"):
+%for f in glob("usr/share/licenses/*-release-common/*"):
install ${f} ${f|basename}
<% filegraft += " {0}={1}/{0}".format(basename(f), outroot) %>
%endfor
diff --git a/80-rhel/runtime-cleanup.tmpl b/80-rhel/runtime-cleanup.tmpl
index 0acc0bb..7afb9d9 100644
--- a/80-rhel/runtime-cleanup.tmpl
+++ b/80-rhel/runtime-cleanup.tmpl
@@ -6,13 +6,11 @@ remove usr/share/i18n
## not required packages installed as dependencies
## perl is needed on s390x
-## perl needed for powerpc-utils on PPC
+## perl needed for powerpc-utils
## perl is needed by /usr/bin/rxe_cfg from libibverbs
## no sound support, thanks
removepkg flac-libs libsndfile pipewire pulseaudio* rtkit sound-theme-freedesktop wireplumber*
-## lv2appy requires removed libsndfile, we don't need the rest either
-removefrom lilv /usr/bin/*
## we don't create new initramfs/bootloader conf inside anaconda
## (that happens inside the target system after we install dracut/grubby)
removepkg dracut-network grubby anaconda-dracut
@@ -23,53 +21,46 @@ removefrom dracut --allbut /usr/lib/dracut/modules.d/30convertfs/convertfs.sh \
/usr/lib/systemd/* /usr/lib/dracut/modules.d/98dracut-systemd/*.service \
/usr/lib/dracut/dracut-initramfs-restore
## we don't run SELinux (not in enforcing, anyway)
-removepkg checkpolicy selinux-policy libselinux-utils
+removepkg selinux-policy libselinux-utils
## selinux checks for the /etc/selinux/config file's existance
## The removepkg above removes it, create an empty one. See rhbz#1243168
append etc/selinux/config ""
-## anaconda has its own repo files
-removefrom fedora-release --allbut /etc/os-release /usr/lib/os-release \
- /usr/lib/os.release.d/*
-removepkg fedora-release-rawhide
-
## keep enough of shadow-utils to create accounts
removefrom shadow-utils --allbut /usr/bin/chage /usr/sbin/chpasswd \
- /usr/sbin/groupadd /usr/sbin/useradd \
- /etc/default/useradd
+ /usr/sbin/groupadd /usr/sbin/useradd
-## remove other account management tools
-removepkg usermode usermode-gtk passwd
## no services to turn on/off (keep the /etc/init.d link though)
-removefrom chkconfig --allbut /etc/init.d
-## Miscellanous unnecessary gpg program
-removepkg pinentry
+removefrom initscripts /usr/sbin/* /usr/share/locale/* /usr/share/doc/* /usr/share/man/*
+
## no storage device monitoring
-removepkg device-mapper-event dmraid-events sgpio
-## no notifications in anaconda
-removepkg notification-daemon
+removepkg device-mapper-event
## logrotate isn't useful in anaconda
-removepkg logrotate
remove /etc/logrotate.d
## anaconda needs this to do media check
removefrom isomd5sum --allbut /usr/bin/checkisomd5
-## systemd-nspawn isn't very useful and doesn't link anyway without iptables,
-## and there's no need for a bunch of zsh files without zsh
-removefrom systemd /usr/bin/systemd-nspawn /usr/share/zsh
+## there's no need for a bunch of zsh files without zsh,
+## systemd-analyze is quite large and not essential
+removefrom systemd /usr/bin/systemd-analyze /usr/share/zsh/site-functions/*
+
+## we only need syslinux to make the installer image bootable, we don't
+## run anything from it that uses mtools, and that's the only thing
+## that pulls in glibc-gconv-extra
+removepkg mtools glibc-gconv-extra
## various other things we remove to save space
-removepkg avahi-autoipd coreutils-libs dash db4-utils diffutils file
-removepkg info iptables
-removepkg jasper-libs libXxf86misc
-removepkg libasyncns libhbaapi libhbalinux
-removepkg libtiff linux-atm-libs
-removepkg lvm2-libs m4 mailx makebootfat
-removepkg mingetty mobile-broadband-provider-info pkgconfig ppp pth
-removepkg rmt rpcbind squashfs-tools system-config-firewall-base
-removepkg tigervnc-license ttmkfdir xml-common xorg-x11-font-utils
-removepkg xorg-x11-server-common yum-utils firewalld
+removepkg diffutils file
+removepkg libasyncns
+removepkg lvm2-libs
+removepkg mobile-broadband-provider-info
+removepkg rmt rpcbind squashfs-tools
+removepkg tigervnc-license xml-common
+removepkg mkfontscale fonttosfnt
+removepkg xorg-x11-server-common
+# do not remove this, required for ppc64le and s390x !!!
+removepkg ncurses
## other removals
remove /home /media /opt /srv /tmp/*
@@ -81,7 +72,7 @@ remove /usr/share/mime/multipart /usr/share/mime/packages /usr/share/mime/text
remove /usr/share/mime/video /usr/share/mime/x-content /usr/share/mime/x-epoc
remove /var/db /var/games /var/tmp /var/yp /var/nis /var/opt /var/local
remove /var/mail /var/spool /var/preserve /var/report
-remove /var/lib/rpm/* /var/lib/yum /var/lib/dnf
+remove /usr/lib/sysimage/rpm/* /var/lib/rpm/* /var/lib/yum /var/lib/dnf
## clean up the files created by various '> /dev/null's
remove /dev/*
@@ -89,7 +80,7 @@ remove /dev/*
remove /usr/share/icons/*/icon-theme.cache
## clean up kernel modules
-removekmod sound drivers/media drivers/hwmon \
+removekmod sound drivers/media drivers/hwmon drivers/iio \
net/atm net/bluetooth net/sched net/sctp \
net/rds net/l2tp net/decnet net/netfilter net/ipv4 net/ipv6 \
drivers/watchdog drivers/rtc drivers/input/joystick \
@@ -99,24 +90,20 @@ removekmod sound drivers/media drivers/hwmon \
arch/x86/kvm
## Need to keep virtio_console.ko and ipmi stuff in drivers/char
## Also keep virtio-rng so that the installer can get sufficient randomness for
-## LUKS setup.
+## LUKS setup. As of 2020-09 this is not built as a module, but keep it in here
+## in case that changes again
removekmod drivers/char --allbut virtio_console hw_random \
- virtio-rng ipmi hmcdrv nvram
-removekmod drivers/hid --allbut hid-logitech-dj hid-logitech-hidpp hid-multitouch
+ virtio-rng ipmi hmcdrv
+removekmod drivers/hid --allbut hid-logitech-dj hid-logitech-hidpp
+
+## As of 2020-09 most of this are built-in too, but again, keep them listed
removekmod drivers/video --allbut hyperv_fb syscopyarea sysfillrect sysimgblt fb_sys_fops
remove lib/modules/*/{build,source,*.map}
## NOTE: depmod gets re-run after cleanup finishes
## remove unused themes, theme engines, icons, etc.
-removefrom gtk2 /usr/${libdir}/gtk-2.0/*/{engines,printbackends}/*
-removefrom gtk2 /usr/share/themes/*
-## clearlooks is the theme we use for gtk2
-removefrom gtk2-engines --allbut /usr/${libdir}/*/libclearlooks.so \
- /usr/share/themes/Clearlooks/*
removefrom gtk3 /usr/${libdir}/gtk-3.0/*/printbackends/*
removefrom gtk3 /usr/share/themes/*
-removefrom gtk4 /usr/${libdir}/gtk-4.0/*
-removefrom gtk4 /usr/bin/*
## filesystem tools
removefrom e2fsprogs /usr/share/locale/*
@@ -124,27 +111,17 @@ removefrom xfsprogs /usr/share/locale/* /usr/share/doc/* /usr/share/man/*
removefrom xfsdump --allbut /usr/sbin/*
## other package specific removals
-removefrom GConf2 /etc/rpm/* /etc/xdg/* /usr/bin/*
-removefrom GConf2 /usr/${libdir}/GConf/2/libgconfbackend-{evoldap,oldxml}*
-removefrom GConf2 /usr/${libdir}/gio/modules/*
-removefrom GConf2 /usr/libexec/gconf-defaults-mechanism /usr/share/GConf/*
-removefrom GConf2 /usr/share/locale/* /usr/share/sgml/*
-removefrom NetworkManager /usr/share/NetworkManager/*
-removefrom NetworkManager /usr/share/locale/*/NetworkManager.mo
-removefrom nm-connection-editor /usr/${libdir}/*
+removefrom gsettings-desktop-schemas /usr/share/locale/*
+removefrom NetworkManager-libnm /usr/share/locale/*/NetworkManager.mo
removefrom nm-connection-editor /usr/share/applications/*
-removefrom anaconda /etc/* /usr/share/applications/* /usr/share/icons/*
removefrom atk /usr/share/locale/*
-removefrom authconfig /usr/sbin/* /usr/share/*
removefrom bash /etc/* /usr/bin/bashbug* /usr/share/*
-removefrom bind-utils /usr/bin/dig /usr/bin/host /usr/bin/nsupdate
-removefrom bitmap-fangsongti-fonts /usr/share/fonts/*
+removefrom bind-utils /usr/bin/host /usr/bin/nsupdate
removefrom ca-certificates /etc/pki/java/*
-removefrom ca-certificates /etc/pki/tls/certs/ca-bundle.trust.crt /etc/ssl/*
-removefrom cairo /usr/${libdir}/libcairo-script* /usr/bin/cairo-sphinx
-removefrom coreutils /etc/* /usr/bin/link /usr/bin/nice /usr/bin/stty /usr/bin/su /usr/bin/unlink
-removefrom coreutils /usr/sbin/runuser /usr/bin/[ /usr/bin/base64 /usr/bin/chcon
-removefrom coreutils /usr/bin/cksum /usr/bin/comm /usr/bin/csplit
+removefrom ca-certificates /etc/pki/tls/certs/ca-bundle.trust.crt
+removefrom coreutils /usr/bin/link /usr/bin/nice /usr/bin/stty /usr/bin/unlink
+removefrom coreutils /usr/bin/[ /usr/bin/base64 /usr/bin/chcon
+removefrom coreutils /usr/bin/cksum /usr/bin/csplit
removefrom coreutils /usr/bin/dir /usr/bin/dircolors
removefrom coreutils /usr/bin/expand /usr/bin/factor
removefrom coreutils /usr/bin/fold /usr/bin/groups /usr/bin/hostid
@@ -158,104 +135,137 @@ removefrom coreutils /usr/bin/sha512sum /usr/bin/shuf /usr/bin/stat
removefrom coreutils /usr/bin/stdbuf /usr/bin/sum /usr/bin/test
removefrom coreutils /usr/bin/timeout /usr/bin/truncate /usr/bin/tsort
removefrom coreutils /usr/bin/unexpand /usr/bin/users /usr/bin/vdir
-removefrom coreutils /usr/bin/who /usr/bin/whoami /usr/bin/yes /usr/share/*
+removefrom coreutils /usr/bin/who /usr/bin/whoami /usr/bin/yes
+removefrom coreutils-common /etc/* /usr/share/*
removefrom cpio /usr/share/*
removefrom cracklib /usr/sbin/*
removefrom cracklib-dicts /usr/${libdir}/* /usr/sbin/*
-removefrom cryptsetup-luks /usr/share/*
-removefrom cyrus-sasl-lib /usr/sbin/*
-removefrom db4 /usr/*
-removefrom dbus-glib /usr/bin/*
+removefrom cryptsetup /usr/share/*
+removefrom cryptsetup-libs /usr/share/locale/*
+removefrom cyrus-sasl-lib /usr/sbin/* /usr/bin/*
removefrom dbus-x11 /etc/X11/*
-removefrom dejavu-sans-fonts --allbut *.conf */DejaVuSans{,-Bold}.ttf
-removefrom dejavu-sans-mono-fonts --allbut *.conf */DejaVuSansMono.ttf
-removefrom dhclient /usr/lib/* /usr/share/*
-removefrom dnsmasq /etc/rc.d/* /usr/sbin/*
+removefrom dnf /usr/share/locale/*
+removefrom dump /etc/*
removefrom elfutils-libelf /usr/share/locale/*
removefrom expat /usr/bin/*
-removefrom fcoe-utils /etc/rc.d/* /usr/libexec/fcoe/dcbcheck.sh
+removefrom fcoe-utils /usr/libexec/fcoe/dcbcheck.sh
removefrom fcoe-utils /usr/libexec/fcoe/fcc.sh /usr/libexec/fcoe/fcoe-setup.sh
removefrom fcoe-utils /usr/libexec/fcoe/fcoedump.sh /usr/sbin/fcnsq
removefrom fcoe-utils /usr/sbin/fcoeadm /usr/sbin/fcping /usr/sbin/fcrls
removefrom file-libs /usr/share/*
-removefrom findutils /usr/bin/oldfind /usr/share/*
+removefrom findutils /usr/share/*
removefrom fontconfig /usr/bin/*
-removefrom gawk /usr/bin/{igawk,pgawk} /usr/libexec/* /usr/share/*
-removefrom gdb /usr/share/* /usr/include/* /etc/gdbinit*
+removefrom gawk /usr/libexec/* /usr/share/*
+removefrom gdb /usr/share/* /usr/include/*
+removefrom gdb-headless /usr/share/* /etc/gdbinit*
removefrom gdisk /usr/share/*
removefrom gdk-pixbuf2 /usr/share/locale*
-removefrom glib2 /etc/* /usr/bin/* /usr/share/locale/*
-removefrom glibc /etc/gai.conf /etc/localtime /etc/rpc
-removefrom glibc /lib/*/nosegneg/* /${libdir}/libBrokenLocale*
-removefrom glibc /${libdir}/libSegFault* /${libdir}/libanl*
-removefrom glibc /${libdir}/libcidn* /${libdir}/libnss_compat*
-removefrom glibc /${libdir}/libnss_hesiod* /${libdir}/libnss_nis*
+removefrom glib2 /usr/bin/* /usr/share/locale/*
+removefrom glibc /etc/gai.conf /etc/rpc
+removefrom glibc /${libdir}/libBrokenLocale*
+removefrom glibc /${libdir}/libanl*
+removefrom glibc /${libdir}/libnss_compat*
# python-pyudev uses ctypes.util.find_library, which uses /sbin/ldconfig
-removefrom glibc /${libdir}/rtkaio* /sbin/sln
removefrom glibc /usr/libexec/* /usr/sbin/*
-removefrom glibc-common /etc/* /usr/bin/catchsegv /usr/bin/gencat
+removefrom glibc-common /usr/bin/gencat
removefrom glibc-common /usr/bin/getent
-removefrom glibc-common /usr/bin/locale /usr/bin/rpcgen /usr/bin/sprof
+removefrom glibc-common /usr/bin/locale /usr/bin/sprof
# NB: we keep /usr/bin/localedef so anaconda can inspect payload locale info
removefrom glibc-common /usr/bin/tzselect
-removefrom glibc-common /usr/libexec/* /usr/sbin/*
-removefrom gmp /usr/${libdir}/libgmpxx.* /usr/${libdir}/libmp.*
-removefrom gnome-bluetooth-libs /usr/${libdir}/libgnome-bluetooth*
-removefrom gnome-bluetooth-libs /usr/share/*
+removefrom glibc-common /usr/sbin/*
removefrom gnutls /usr/share/locale/*
removefrom google-noto-sans-cjk-fonts /usr/share/fonts/google-noto-sans-cjk-fonts/NotoSansCJK-{Black,Bold,*Light,Medium,Thin}.ttc
+removefrom google-noto-sans-vf-fonts /usr/share/fonts/google-noto-vf/NotoSans-Italic-VF.ttf
removefrom grep /etc/* /usr/share/locale/*
-removefrom gstreamer /usr/bin/* /usr/${libdir}/gstreamer-0.10/*
-removefrom gstreamer /usr/${libdir}/libgst* /usr/libexec/* /usr/share/locale/*
-removefrom gtk2 /usr/bin/update-gtk-immodules
removefrom gtk3 /usr/${libdir}/gtk-3.0/*
+removefrom gtk4 /usr/${libdir}/gtk-4.0/*
+removefrom guile22 /usr/${libdir}/guile/2.2/ccache*
removefrom gzip /usr/bin/{gzexe,zcmp,zdiff,zegrep,zfgrep,zforce,zgrep,zless,zmore,znew}
-removefrom hwdata /etc/* /usr/share/hwdata/oui.txt /usr/share/hwdata/pnp.ids
-removefrom hwdata /usr/share/hwdata/upgradelist
-removefrom initscripts /etc/ppp/* /usr/sbin/* /usr/share/locale/*
+removefrom hwdata /usr/share/hwdata/oui.txt /usr/share/hwdata/pnp.ids
removefrom iproute --allbut /usr/sbin/{ip,routef,routel,rtpr}
-removefrom iscsi-initiator-utils /etc/rc.d/*
removefrom kbd --allbut */bin/{dumpkeys,kbd_mode,loadkeys,setfont,unicode_*,chvt}
removefrom less /etc/*
removefrom libX11-common /usr/share/X11/XErrorDB
-removefrom libbonobo /etc/* /usr/bin/* /usr/sbin/* /usr/share/locale/*
-removefrom libbonobo /usr/${libdir}/bonobo/monikers/*
-removefrom libbonobo /usr/${libdir}/orbit-2.0/Bonobo_module.so
removefrom libcanberra /usr/${libdir}/libcanberra-*
-removefrom libcanberra-gtk2 /usr/${libdir}/gtk-2.0/*
removefrom libcanberra-gtk3 /usr/bin/*
removefrom libcap /usr/sbin/*
removefrom libconfig /usr/${libdir}/libconfig++*
-removefrom libcroco /usr/bin/*
-removefrom libgnome-keyring /usr/share/locale/*
-removefrom libgnomecanvas /usr/share/locale/*
removefrom libgpg-error /usr/bin/* /usr/share/locale/*
-removefrom libgssglue /etc/*
-removefrom libidn /usr/bin/* /usr/share/locale/*
-removefrom libmlx4 /etc/rdma/* /usr/${libdir}/*
+removefrom libibverbs /usr/${libdir}/libmlx4*
+removefrom libidn2 /usr/share/locale/*
removefrom libnotify /usr/bin/*
-removefrom librsvg2 /usr/bin/*
-removefrom libselinux /usr/sbin/*
removefrom libsemanage /etc/selinux/*
removefrom libstdc++ /usr/share/*
-removefrom libuser /usr/bin/* /usr/sbin/* /usr/share/locale/*
removefrom libvorbis /usr/${libdir}/libvorbisenc.*
removefrom libxml2 /usr/bin/*
-removefrom libxml2-python /usr/${libdir}/python?.?/site-packages/libxml2mod.a
-removefrom libxml2-python /usr/${libdir}/python?.?/site-packages/libxml2mod.la
+removefrom linux-firmware /usr/lib/firmware/dvb*
+removefrom linux-firmware /usr/lib/firmware/*_12mhz*
+removefrom linux-firmware /usr/lib/firmware/v4l*
+removefrom linux-firmware /usr/lib/firmware/brcm/BCM-*
+removefrom linux-firmware /usr/lib/firmware/ttusb-budget/dspbootcode.bin*
+removefrom linux-firmware /usr/lib/firmware/emi26/*
+removefrom linux-firmware /usr/lib/firmware/emi62/*
+removefrom linux-firmware /usr/lib/firmware/cpia2/*
+removefrom linux-firmware /usr/lib/firmware/dabusb/*
+removefrom linux-firmware /usr/lib/firmware/vicam/*
+removefrom linux-firmware /usr/lib/firmware/dsp56k/*
+removefrom linux-firmware /usr/lib/firmware/sun/*
+removefrom linux-firmware /usr/lib/firmware/av7110/*
+removefrom linux-firmware /usr/lib/firmware/usbdux*
+removefrom linux-firmware /usr/lib/firmware/f2255usb.bin*
+removefrom linux-firmware /usr/lib/firmware/lgs8g75.fw*
+removefrom linux-firmware /usr/lib/firmware/TDA7706*
+removefrom linux-firmware /usr/lib/firmware/tlg2300_firmware.bin*
+removefrom linux-firmware /usr/lib/firmware/s5p-mfc*
+removefrom linux-firmware /usr/lib/firmware/go7007/*
+removefrom linux-firmware /usr/lib/firmware/intel/IntcSST2.bin*
+removefrom linux-firmware /usr/lib/firmware/intel/fw_sst*
+removefrom linux-firmware /usr/lib/firmware/intel/dsp*
+removefrom linux-firmware /usr/lib/firmware/as102*
+removefrom linux-firmware /usr/lib/firmware/qcom/apq8096/*
+removefrom linux-firmware /usr/lib/firmware/qcom/sdm845/*
+removefrom linux-firmware /usr/lib/firmware/qcom/sm8250/*
+removefrom linux-firmware /usr/lib/firmware/qcom/venus*/*
+removefrom linux-firmware /usr/lib/firmware/qcom/vpu*/*
+removefrom linux-firmware /usr/lib/firmware/meson/vdec/*
+removefrom linux-firmware /usr/lib/firmware/phanfw.bin*
+## these are for SoCs used in Chromebooks, our kernel does not build the drivers
+removefrom linux-firmware /usr/lib/firmware/mediatek/mt81*/*
+removefrom linux-firmware /usr/lib/firmware/mediatek/sof/*
+removefrom linux-firmware /usr/lib/firmware/mediatek/sof-tplg/*
+## these are old versions that current qed driver will never load
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values-8.10.9.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values-8.10.9.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values-8.14.6.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values-8.18.9.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values-8.20.0.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values-8.30.12.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values-8.33.12.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values-8.37.7.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values-8.40.33.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values_zipped-8.10.10.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values_zipped-8.10.5.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values_zipped-8.15.3.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values_zipped-8.20.0.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values_zipped-8.33.1.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values_zipped-8.33.11.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values_zipped-8.37.2.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values_zipped-8.37.7.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values_zipped-8.4.2.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values_zipped-8.42.2.0.bin*
+removefrom linux-firmware /usr/lib/firmware/qed/qed_init_values_zipped-8.7.3.0.bin*
+%if basearch != "aarch64":
+ removefrom linux-firmware /usr/lib/firmware/dpaa2/*
+%endif
removefrom lldpad /etc/*
-removefrom lua /usr/bin/*
-removefrom madan-fonts /usr/share/fonts/madan/*
-removefrom mdadm /etc/*
-removefrom module-init-tools /etc/* /usr/sbin/insmod.static /usr/sbin/weak-modules
-removefrom mt-st /etc/* /usr/sbin/*
+removefrom mdadm /etc/* /usr/lib/systemd/system/mdmonitor*
+## gallium-pipe stuff is for compute (opencl), not needed for video
+removefrom mesa-dri-drivers /usr/${libdir}/dri/*_video.so /usr/lib64/gallium-pipe/*
+removefrom mt-st /usr/sbin/*
removefrom mtools /etc/*
-removefrom ncurses /usr/bin/captoinfo /usr/bin/infocmp /usr/bin/infotocap
-removefrom ncurses /usr/bin/reset /usr/bin/tabs /usr/bin/tic /usr/bin/toe
-removefrom ncurses /usr/bin/tput /usr/bin/tset
removefrom ncurses-libs /usr/${libdir}/libform*
-## libmenu.so is needed by lp_diag binary from ppc64-diag which is a PowerPc specific package
-%if basearch not in ("ppc", "ppc64", "ppc64le"):
+## libmenu.so is needed by lp_diag binary from ppc64-diag which is a PowerPC specific package
+%if basearch != "ppc64le":
removefrom ncurses-libs /usr/${libdir}/libmenu*
%endif
removefrom ncurses-libs /usr/${libdir}/libpanel.* /usr/${libdir}/libtic*
@@ -263,78 +273,65 @@ removefrom net-tools */bin/netstat */sbin/ether-wake */sbin/ipmaddr
removefrom net-tools */sbin/iptunnel */sbin/mii-diag */sbin/mii-tool
removefrom net-tools */sbin/nameif */sbin/plipconfig */sbin/slattach
removefrom net-tools /usr/share/locale/*
-removefrom newt /usr/share/locale/*
removefrom nfs-utils /etc/nfsmount.conf
-removefrom nfs-utils /etc/rc.d/init.d/* /lib/systemd/system/*
-removefrom nfs-utils /etc/sysconfig/nfs /sbin/rpc.statd /usr/sbin/exportfs
-removefrom nfs-utils /usr/sbin/gss_clnt_send_err /usr/sbin/gss_destroy_creds
+removefrom nfs-utils /usr/lib/systemd/system/*
+removefrom nfs-utils /sbin/rpc.statd /usr/sbin/exportfs
removefrom nfs-utils /usr/sbin/mountstats /usr/sbin/nfsiostat
removefrom nfs-utils /usr/sbin/nfsstat /usr/sbin/rpc.gssd /usr/sbin/rpc.idmapd
removefrom nfs-utils /usr/sbin/rpc.mountd /usr/sbin/rpc.nfsd
-removefrom nfs-utils /usr/sbin/rpc.svcgssd /usr/sbin/rpcdebug
+removefrom nfs-utils /usr/sbin/rpcdebug
removefrom nfs-utils /usr/sbin/showmount /usr/sbin/sm-notify
removefrom nfs-utils /usr/sbin/start-statd /var/lib/nfs/etab
-removefrom nfs-utils /var/lib/nfs/rmtab /var/lib/nfs/state /var/lib/nfs/xtab
+removefrom nfs-utils /var/lib/nfs/rmtab /var/lib/nfs/statd/state
removefrom nss-softokn /usr/${libdir}/nss/*
removefrom openldap /etc/openldap/*
removefrom openssh /usr/libexec/*
removefrom openssh-clients /etc/ssh/* /usr/bin/ssh-*
removefrom openssh-clients /usr/libexec/*
removefrom openssh-server /etc/ssh/* /usr/libexec/openssh/sftp-server
-removefrom openssl /etc/pki/* /usr/bin/* /usr/${libdir}/openssl/*
removefrom pam /usr/sbin/* /usr/share/locale/*
removefrom policycoreutils /etc/* /usr/bin/* /usr/share/locale/*
removefrom polkit /usr/bin/*
-removefrom polkit-desktop-policy /var/lib/*
removefrom popt /usr/share/locale/*
-removefrom procps /usr/bin/free /usr/bin/pgrep /usr/bin/pkill
-removefrom procps /usr/bin/pmap /usr/bin/pwdx /usr/bin/skill /usr/bin/slabtop
-removefrom procps /usr/bin/snice /usr/bin/tload /usr/bin/uptime
-removefrom procps /usr/bin/vmstat /usr/bin/w /usr/bin/watch
+removefrom procps-ng /usr/bin/free /usr/bin/pgrep /usr/bin/pkill
+removefrom procps-ng /usr/bin/pmap /usr/bin/pwdx /usr/bin/skill /usr/bin/slabtop
+removefrom procps-ng /usr/bin/snice /usr/bin/tload /usr/bin/uptime
+removefrom procps-ng /usr/bin/vmstat /usr/bin/w /usr/bin/watch
removefrom psmisc /usr/share/locale/*
-removefrom pygtk2 /usr/bin/* /usr/${libdir}/pygtk/*
-removefrom pykickstart /usr/bin/* /usr/share/locale/*
+removefrom python3-kickstart /usr/lib/python*/site-packages/pykickstart/locale/*
removefrom readline /usr/${libdir}/libhistory*
-removefrom libreport /usr/bin/* /usr/share/locale/*
-removefrom rpm /usr/share/locale/*
+removefrom libreport /usr/share/locale/*
+removefrom rdma-core /etc/rdma/mlx4.conf
+removefrom rpm /usr/bin/* /usr/share/locale/*
removefrom rsync /etc/*
removefrom sed /usr/share/locale/*
removefrom smartmontools /etc/* /usr/sbin/smartd
removefrom smartmontools /usr/sbin/update-smart-drivedb
removefrom smartmontools /usr/share/smartmontools/*
-removefrom sqlite /usr/bin/*
-removefrom system-config-date /etc/* /usr/bin/* /usr/share/icons/*
-removefrom system-config-keyboard /etc/* /usr/bin/* /usr/share/icons/*
-removefrom sysvinit-tools /usr/bin/*
removefrom tar /usr/share/locale/*
removefrom usbutils /usr/bin/*
removefrom util-linux --allbut \
- /usr/bin/{dmesg,eject,getopt,kill,login,lsblk,more,mount,umount,mountpoint,findmnt} \
- /etc/mtab /etc/pam.d/login /etc/pam.d/remote \
- /usr/sbin/{agetty,blkid,blockdev,clock,fdisk,fsck,fstrim,hwclock,losetup} \
- /usr/sbin/{mkswap,swaplabel,nologin,sfdisk,swapoff,swapon,wipefs,partx,fsfreeze} \
- /usr/bin/{logger,hexdump,flock,lscpu,chmem,lsmem}
+ /usr/bin/{chmem,eject,getopt,hexdump,login,lscpu,lsmem,lsblk,setpriv} \
+ /etc/pam.d/login /etc/pam.d/remote \
+ /usr/sbin/{clock,fdisk,fsfreeze,fstrim,hwclock,nologin,sfdisk,swaplabel,wipefs,zramctl}
+removefrom util-linux-core --allbut \
+ /usr/bin/{dmesg,findmnt,flock,kill,logger,more,mount,mountpoint,umount,unshare} \
+ /etc/mtab \
+ /usr/sbin/{agetty,blkid,blockdev,fsck,losetup,mkswap,partx,swapoff,swapon}
removefrom volume_key-libs /usr/share/locale/*
removefrom wget /etc/* /usr/share/locale/*
+removefrom wpa_supplicant /usr/sbin/eapol_test
removefrom xorg-x11-drv-intel /usr/${libdir}/libI*
-removefrom xorg-x11-drv-openchrome /usr/${libdir}/libchrome*
-removefrom xorg-x11-drv-synaptics /usr/bin/*
removefrom xorg-x11-drv-wacom /usr/bin/*
-removefrom xorg-x11-fonts-misc --allbut /usr/share/X11/fonts/misc/{6x13,encodings,fonts,*cursor}*
-removefrom xorg-x11-server-utils --allbut /usr/bin/xrandr /usr/share/X11/rgb.txt /usr/bin/xrdb
-removefrom yum /etc/* /usr/share/locale/* /usr/share/yum-cli/*
+removefrom yelp /usr/share/yelp/mathjax*
%if branding.release:
removefrom ${branding.logos} /usr/share/plymouth/*
removefrom ${branding.logos} /etc/*
removefrom ${branding.logos} /usr/share/icons/{Bluecurve,oxygen}/*
- removefrom ${branding.logos} /usr/share/{firstboot,gnome-screensaver,kde4,pixmaps}/*
+ removefrom ${branding.logos} /usr/share/{kde4,pixmaps}/*
%endif
-## cleanup_python_files()
-runcmd find ${root} -name "*.pyo" -type f -delete
-runcmd find ${root} -name "*.pyc" -type f -exec ln -sf /dev/null {} \;
-
## cleanup /boot/ leaving vmlinuz, and .*hmac files
runcmd chroot ${root} find /boot \! -name "vmlinuz*" \
-and \! -name ".vmlinuz*" \
@@ -347,20 +344,43 @@ runcmd chroot ${root} find /boot \! -name "vmlinuz*" \
runcmd chroot ${root} find -L /etc /usr -xdev -type l -and \! -name "mtab" \
-printf "removing broken symbolic link %p -> %l\n" -delete
+## Remove compiled python files, they are recreated as needed anyway
+runcmd find ${root} -name "*.pyo" -type f -delete
+runcmd find ${root} -name "*.pyc" -type f -delete
+
## Clean up some of the mess pulled in by webkitgtk via yelp
## libwebkit2gtk links to a handful of libraries in gstreamer and
## gstreamer-plugins-base. Remove the rest of them.
removefrom gstreamer1 --allbut /usr/${libdir}/libgstbase-1.0.* \
/usr/${libdir}/libgstreamer-1.0.*
removefrom gstreamer1-plugins-base --allbut \
- /usr/${libdir}/libgst{allocators,app,audio,badallocators,fft,gl,pbutils,tag,video}-1.0.*
+ /usr/${libdir}/libgst{allocators,app,audio,fft,gl,pbutils,tag,video}-1.0.*
## We have enough geoip libraries, thanks
removepkg geoclue2
## And remove the packages that those extra libraries pulled in
-removepkg opus libtheora libvisual flac-libs gsm avahi-glib avahi-libs \
+removepkg cdparanoia-libs opus libtheora libvisual flac-libs gsm avahi-glib avahi-libs \
ModemManager-glib
-## gnome-kiosk dependencies require libvorbis and libvorbisfile, but enc/dec are no longer needed
+## metacity requires libvorbis and libvorbisfile, but enc/dec are no longer needed
removefrom libvorbis --allbut /usr/${libdir}/libvorbisfile.* /usr/${libdir}/libvorbis.*
+
+## Remove build-id links, they are used with debuginfo
+remove /usr/lib/.build-id
+
+## make the image more reproducible
+
+## make machine-id empty but present to avoid systemd populating /etc with
+## preset settings
+remove /etc/machine-id
+append /etc/machine-id ""
+## journalctl message catalog, non-deterministic
+remove /var/lib/systemd/catalog/database
+## non-reproducible caches
+remove /var/cache/ldconfig/aux-cache
+remove /etc/pki/ca-trust/extracted/java/cacerts
+
+## sort groups
+runcmd chroot ${root} /bin/sh -c "LC_ALL=C sort /etc/group > /etc/group- && mv /etc/group- /etc/group"
+runcmd chroot ${root} /bin/sh -c "LC_ALL=C sort /etc/gshadow > /etc/gshadow- && mv /etc/gshadow- /etc/gschadow"
diff --git a/80-rhel/runtime-install.tmpl b/80-rhel/runtime-install.tmpl
index d147f89..8eb625c 100644
--- a/80-rhel/runtime-install.tmpl
+++ b/80-rhel/runtime-install.tmpl
@@ -30,40 +30,54 @@ installpkg grubby
%if basearch != "s390x":
## skip the firmware for sound, video, and scanners, none of which will
## do much good for the installer. Also skip uhd-firmware which is not
- ## even a kernel firmware package.
+ ## even a kernel firmware package. liquidio and netronome firmwares are
+ ## for enterprise switch devices, netinst deployment does not work on
+ ## these so there is no point shipping them - see
+ ## https://bugzilla.redhat.com/show_bug.cgi?id=2011615
+ ## bfa-firmware contains only obsolete files - see
+ ## https://bugzilla.redhat.com/show_bug.cgi?id=2152202
installpkg --optional *-firmware --except alsa* --except midisport-firmware \
--except crystalhd-firmware --except ivtv-firmware \
--except cx18-firmware --except iscan-firmware \
--except uhd-firmware --except lulzbot-marlin-firmware \
- --except python-virt-firmware
-
+ --except gnome-firmware --except sigrok-firmware \
+ --except liquidio-firmware --except netronome-firmware \
+ --except mrvlprestera-firmware --except mlxsw_spectrum-firmware \
+ --except hackrf-firmware --except python-virt-firmware \
+ --except python3-virt-firmware
+ installpkg b43-openfwwf
%endif
## install all of the glibc langpacks since otherwise we get no locales
installpkg glibc-all-langpacks
-
## arch-specific packages (bootloaders etc.)
%if basearch == "aarch64":
- installpkg efibootmgr grub2-efi-aa64-cdboot grubby shim-aa64
+ installpkg efibootmgr
+ installpkg grub2-efi-aa64-cdboot>=${GRUB2VER}
+ installpkg grub2-tools>=${GRUB2VER}
+ installpkg shim-aa64
+ installpkg uboot-tools
%endif
%if basearch == "x86_64":
- installpkg grub2-tools-efi
+ installpkg grub2-tools-efi>=${GRUB2VER}
installpkg efibootmgr
- installpkg shim-x64 grub2-efi-x64-cdboot
- installpkg biosdevname memtest86+
- installpkg grub2-tools grub2-tools-minimal grub2-tools-extra
- installpkg grub2-pc-modules
+ installpkg shim-x64
+ installpkg grub2-efi-x64-cdboot>=${GRUB2VER}
+ installpkg shim-ia32
+ installpkg grub2-efi-ia32-cdboot>=${GRUB2VER}
+ installpkg biosdevname
+ installpkg grub2-tools>=${GRUB2VER} grub2-tools-minimal>=${GRUB2VER}
+ installpkg grub2-tools-extra>=${GRUB2VER}
+ installpkg grub2-pc-modules>=${GRUB2VER}
%endif
-%if basearch in ("ppc", "ppc64", "ppc64le"):
+%if basearch == "ppc64le":
installpkg powerpc-utils lsvpd ppc64-diag
- installpkg grub2-tools grub2-tools-minimal grub2-tools-extra
- # We only have ppc64le in RHEL8 26-Jul-2018
- installpkg grub2-ppc64le
+ installpkg grub2-tools>=${GRUB2VER} grub2-tools-minimal>=${GRUB2VER}
+ installpkg grub2-tools-extra>=${GRUB2VER} grub2-${basearch}>=${GRUB2VER}
%endif
%if basearch == "s390x":
- installpkg lsscsi s390utils-base s390utils-cmsfs-fuse
- installpkg s390utils-hmcdrvfs
+ installpkg lsscsi s390utils-base s390utils-cmsfs-fuse s390utils-hmcdrvfs
%endif
## yay, plymouth
@@ -87,25 +101,17 @@ installpkg kbd kbd-misc
installpkg tar xz curl bzip2
## basic system stuff
-installpkg systemd
+installpkg systemd-sysv systemd-units
installpkg rsyslog
-## xorg/GUI packages
-installpkg xorg-x11-drivers xorg-x11-server-Xorg
-installpkg xorg-x11-xauth
-installpkg dbus-x11 gsettings-desktop-schemas
-installpkg nm-connection-editor
-installpkg librsvg2
-installpkg gnome-kiosk
-
## filesystem tools
-installpkg xfsprogs
+installpkg btrfs-progs jfsutils xfsprogs ntfs-3g ntfsprogs
+installpkg system-storage-manager
installpkg device-mapper-persistent-data
installpkg xfsdump
-installpkg libblockdev-plugins-all libblockdev
## extra storage packages
-# hostname is needed for iscsi to work, see RHBZ#1599183
+# hostname is needed for iscsi to work, see RHBZ#1593917
installpkg udisks2 udisks2-iscsi hostname
## extra libblockdev plugins
@@ -115,6 +121,10 @@ installpkg libblockdev-lvm-dbus
installpkg volume_key
installpkg nss-tools
+## blivet-gui-runtime requires PolicyKit-authentication-agent, if we
+## don't tell dnf what to pick it picks lxpolkit, which drags in gtk2
+installpkg polkit-gnome
+
## SELinux support
installpkg selinux-policy-targeted audit
@@ -123,29 +133,35 @@ installpkg ethtool openssh-server nfs-utils openssh-clients
installpkg tigervnc-server-minimal
installpkg tigervnc-server-module
installpkg net-tools
-# TODO: uncomment
-# installpkg nmap-ncat
installpkg ipcalc
+installpkg bridge-utils
+installpkg nmap-ncat
## hardware utilities/libraries
installpkg pciutils usbutils ipmitool
installpkg mt-st smartmontools
installpkg hdparm
+%if basearch not in ("aarch64", "ppc64le", "s390x"):
+installpkg pcmciautils
+%endif
+installpkg libmlx4 rdma-core
+installpkg rng-tools
%if basearch in ("x86_64", "aarch64"):
installpkg dmidecode
%endif
installpkg nvme-cli
+
## fonts & themes
-installpkg aajohan-comfortaa-fonts
-installpkg abattis-cantarell-fonts
-installpkg bitmap-fangsongti-fonts
-installpkg dejavu-sans-fonts dejavu-sans-mono-fonts
-installpkg google-noto-sans-cjk-ttc-fonts
-installpkg google-noto-sans-gurmukhi-fonts
-installpkg google-noto-sans-sinhala-vf-fonts
+installpkg abattis-cantarell-vf-fonts
+installpkg google-noto-sans-vf-fonts google-noto-sans-mono-vf-fonts
+installpkg google-noto-sans-arabic-vf-fonts
+installpkg google-noto-sans-cjk-fonts
+installpkg google-noto-sans-ethiopic-vf-fonts google-noto-sans-georgian-vf-fonts
+installpkg google-noto-sans-gurmukhi-vf-fonts google-noto-sans-hebrew-vf-fonts
+installpkg google-noto-sans-khmer-vf-fonts
+installpkg google-noto-sans-sinhala-vf-fonts google-noto-sans-thai-vf-fonts
installpkg jomolhari-fonts
-installpkg khmeros-base-fonts
installpkg lohit-assamese-fonts
installpkg lohit-bengali-fonts
installpkg lohit-devanagari-fonts
@@ -155,31 +171,27 @@ installpkg lohit-marathi-fonts
installpkg lohit-odia-fonts
installpkg lohit-tamil-fonts
installpkg lohit-telugu-fonts
-installpkg madan-fonts
installpkg paktype-naskh-basic-fonts
-installpkg sil-abyssinica-fonts
installpkg sil-padauk-fonts
-installpkg sil-scheherazade-fonts
installpkg rit-meera-new-fonts
-installpkg thai-scalable-waree-fonts
-installpkg xorg-x11-fonts-misc
+installpkg vazirmatn-vf-fonts
## debugging/bug reporting tools
installpkg gdb-gdbserver
installpkg libreport-plugin-bugzilla libreport-plugin-reportuploader
# Not available in ELN, must be enabled in RHEL
#installpkg libreport-rhel-anaconda-bugzilla
+installpkg fpaste
installpkg python3-pyatspi
## extra tools not required by anaconda
-installpkg vim-minimal strace lsof xz less
-installpkg rsync bind-utils ftp mtr wget
+installpkg nano nano-default-editor
+installpkg vim-minimal strace lsof dump xz less
+installpkg wget rsync bind-utils ftp mtr vconfig
+installpkg spice-vdagent
installpkg gdisk hexedit sg3_utils
installpkg perl-interpreter
installpkg restore
-# TODO: spice-vdagent is supposed to be removed, but Anaconda still needs it.
-installpkg spice-vdagent
-
## actually install all the requested packages
run_pkg_transaction
diff --git a/80-rhel/runtime-postinstall.tmpl b/80-rhel/runtime-postinstall.tmpl
index d93fa64..cc910f8 100644
--- a/80-rhel/runtime-postinstall.tmpl
+++ b/80-rhel/runtime-postinstall.tmpl
@@ -3,14 +3,13 @@
<%page args="root, basearch, libdir, configdir"/>
<%
-stubs = ("list-harddrives", "raidstart", "raidstop")
configdir = configdir + "/common"
+import os, time
+SOURCE_DATE_EPOCH = os.environ.get('SOURCE_DATE_EPOCH', str(int(time.time())))
%>
## move_stubs()
-%for stub in stubs:
- -move usr/share/anaconda/${stub}-stub usr/bin/${stub}
-%endfor
+move usr/share/anaconda/list-harddrives-stub usr/bin/list-harddrives
## move_repos()
move etc/yum.repos.d etc/anaconda.repos.d
@@ -30,10 +29,9 @@ symlink /lib/systemd/system/tmp.mount etc/systemd/system/local-fs.target.wants/t
## Disable unwanted systemd services
systemctl disable systemd-readahead-collect.service \
systemd-readahead-replay.service \
- mdmonitor.service \
- mdmonitor-takeover.service \
lvm2-monitor.service \
- dnf-makecache.timer
+ dnf-makecache.timer \
+ sshd.socket
## These services can't be disabled normally (they're linked into place in
## /usr/lib/systemd rather than /etc/systemd), so we have to mask them.
systemctl mask fedora-configure.service fedora-loadmodules.service \
@@ -41,6 +39,7 @@ systemctl mask fedora-configure.service fedora-loadmodules.service \
fedora-wait-storage.service media.mount \
systemd-tmpfiles-clean.service systemd-tmpfiles-clean.timer \
ldconfig.service
+remove usr/lib/systemd/system/rngd.service
## remove because it cannot be disabled
remove usr/lib/systemd/system-generators/lvm2-activation-generator
@@ -78,6 +77,11 @@ install ${configdir}/pam.sshd etc/pam.d/sshd
install ${configdir}/pam.sshd etc/pam.d/login
install ${configdir}/pam.sshd etc/pam.d/remote
+## set up inst.rngd support
+install ${configdir}/inst.rngd.service etc/systemd/system/inst.rngd.service
+mkdir etc/systemd/system/basic.target.wants/
+symlink /etc/systemd/system/inst.rngd.service etc/systemd/system/basic.target.wants/inst.rngd.service
+
## set up "install" user account
append etc/passwd "install:x:0:0:root:/root:/usr/libexec/anaconda/run-anaconda"
append etc/shadow "install::14438:0:99999:7:::"
@@ -99,6 +103,7 @@ append etc/depmod.d/dd.conf "search updates built-in"
## create multipath.conf so multipath gets auto-started
append etc/multipath.conf "defaults {\n\tfind_multipaths smart\n\tuser_friendly_names yes\n}\n"
+append etc/multipath.conf "blacklist_exceptions {\n\tproperty \"(SCSI_IDENT_|ID_WWN)\"\n}\n"
## make lvm auto-activate
remove etc/lvm/archive/*
@@ -121,3 +126,8 @@ runcmd chroot ${root} /usr/bin/mknod -m 666 /dev/urandom c 1 9
runcmd chroot ${root} /usr/bin/rpm -qa --pipe "tee /root/lorax-packages.log"
## TODO: we could run prelink here if we wanted?
+
+## fix fonconfig cache containing timestamps
+runcmd chroot ${root} /usr/bin/find /usr/share/fonts -newermt "@${SOURCE_DATE_EPOCH}" -exec \
+ touch --no-dereference --date="@${SOURCE_DATE_EPOCH}" {} +
+runcmd chroot ${root} /usr/bin/fc-cache -f
diff --git a/80-rhel/s390.tmpl b/80-rhel/s390.tmpl
index bf1d258..89d55f3 100644
--- a/80-rhel/s390.tmpl
+++ b/80-rhel/s390.tmpl
@@ -66,7 +66,7 @@ treeinfo images-${basearch} redhat.exec ${BOOTDIR}/redhat.exec
%>
# Add the license files
-%for f in glob("/usr/share/licenses/*-release/*"):
+%for f in glob("usr/share/licenses/*-release-common/*"):
install ${f} ${f|basename}
<% filegraft += " {0}={1}/{0}".format(basename(f), outroot) %>
%endfor
diff --git a/80-rhel/x86.tmpl b/80-rhel/x86.tmpl
index d95d506..3945ce4 100644
--- a/80-rhel/x86.tmpl
+++ b/80-rhel/x86.tmpl
@@ -81,7 +81,7 @@ replace @ROOT@ 'inst.stage2=hd:LABEL=${isolabel|udev}' ${GRUB2DIR}/grub.cfg
%>
# Add the license files
-%for f in glob("/usr/share/licenses/*-release/*"):
+%for f in glob("usr/share/licenses/*-release-common/*"):
install ${f} ${f|basename}
<% filegraft += " {0}={1}/{0}".format(basename(f), outroot) %>
%endfor
diff --git a/SERIAL b/SERIAL
index a45fd52..7273c0f 100644
--- a/SERIAL
+++ b/SERIAL
@@ -1 +1 @@
-24
+25
diff --git a/lorax-templates-rhel.spec b/lorax-templates-rhel.spec
index 43a558a..089e5a9 100644
--- a/lorax-templates-rhel.spec
+++ b/lorax-templates-rhel.spec
@@ -1,6 +1,6 @@
Name: lorax-templates-rhel
Version: 10.0
-Release: 24%{?dist}
+Release: 25%{?dist}
Summary: RHEL build templates for lorax and livemedia-creator
License: GPLv2+
@@ -10,7 +10,7 @@ BuildArch: noarch
# This tarball is generated from the contents of this dist-git repository
# by running the command `make tar`.
# See README for full details of how to update this package
-Source0: lorax-templates-rhel-10.0-24.tar.gz
+Source0: lorax-templates-rhel-10.0-25.tar.gz
# Required for the template branding support
Requires: lorax >= 34.9.1
@@ -40,6 +40,9 @@ cp -a 80-rhel/* $RPM_BUILD_ROOT/%{templatedir}
%{templatedir}/*
%changelog
+* Fri Jun 09 2023 Stephen Gallagher - 10.0-25
+- Re-sync templates from Fedora
+
* Thu Jun 08 2023 Stephen Gallagher - 10.0-24
- Replace several fonts
diff --git a/sources b/sources
index 58f0034..e78930c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (lorax-templates-rhel-10.0-24.tar.gz) = 3d7854f509dab9c4a4a12522c9fdbbb76437383a5e72c922896ed3a24856b5c13e4619d3c16fbc0a512549e7402b02e4caf7bd49690c3311968631e8bd2b84ee
+SHA512 (lorax-templates-rhel-10.0-25.tar.gz) = 17816d4a848fdbde1f738d3d0ca3a202f3dbe9d0faa7de5c162fc389e0ac6cfaae9aee0e2edf59a20b02a4a2912a5ceed13740cff390676e8d25e08d1f99dc9e