This means: Keep all things from the audit package as-is, do not erase or
overwrite.
Previously:
- clean up most things audit in the template
- install a custom replacement for auditd from the anaconda packages
- in anaconda, run the replacement manually
Now:
- keep audit things as they are
- do not install the custom replacement
- in anaconda, run "auditctl -e 0" instead of the custom binary
Overall goals remain the same and met:
- keep boot.iso small: this adds +200 KiB-ish
- do not run auditd to lower runtime memory requirements: still ok
- do not spam journal/syslog with audit messages: still ok
Note: Most audit messages come from dracut, where it is not turned off
anyway.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
We don't build 32-bit ARM or x86 images in Fedora any more (we
stopped doing x86 images after F30, we are no longer doing 32-bit
ARM images after F36). So we can drop all of this stuff from
master branch at least.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
Just add them to the xorrisofs command, the order of the arguments is
interleaved and trying to assemble it from variables just makes it more
confusing.
Apple hardware doesn't need the macboot.img to boot, efiboot.img is not
needed in the filesystem so do not graft it into it.
Remove macboot.img and apple specific EFI support
This adds support for BIOS booting using grub2. The bios config file and
grub2 modules are under /boot/grub2/
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
syslinux is unsupported and is going to be removed from Fedora. This
removes it and all of its configuration files from the templates.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
These were commented out early in the RHEL9 Alpha import process and
should be included in the boot.iso
nmap-ncat
redhat-release-eula
libreport-rhel-anaconda-bugzilla
Resolves: rhbz#2056086
Running rngd can slow down the boot in some situations. All current
arches in RHEL support better entropy gathering so this is no longer
needed.
Resolves: rhbz#2028720
This reverts commit 09acfd978e.
rngd is installed in the initrd by dracut, and unconditionally started,
so this won't fix rngd slowdowns in the initrd.
Related: rhbz#2028720
rngd should no long be needed, recent kernels have enough entropy out of
the box. This leaves it in the boot.iso but only enables it if inst.rngd
is passed on the kernel cmdline.
Resolves: rhbz#2028720
scp in openssh 8.7 will change to use sftp protocol. See
https://github.com/openssh/openssh-portable/pull/194 for details.
This enables the sshd internal-sftp implementation so that newer scp
versions will continue to work as expected. Note that the sshd service
is only running during the installation if inst.sshd is passed on the
kernel cmdline.
Resolves: rhbz#2035049
Includes 4a678d6670add49fe17ede43e5789d05a24b4e45 and
22c3e76d6c01f019bbe3a78da751933dc6e53459 from the lorax
package.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
nomodeset no long does anything helpful, and inst.text doesn't make sense
with a live image so drop the menu from the live image.
Related: rhbz#1961092
grub2-2.06-3 changes where the unicode.pf2 font file is stored.
This changes the efi.tmpl to install it from the new location, which
means that it depends on grub2-2.06-3, but there is no way to express
this in the runtime-install.tmpl so if you see a failure like:
2021-07-08 16:10:05,586: OSError: nothing matching /var/tmp/lorax/lorax.t80f74er/installroot/boot/grub2/fonts/unicode.pf2 in /
It means the new version of grub2 wasn't in the repos you used when
running lorax.
Related: rhbz#2003030
rvykydal pointed out that libvorbis is still pulled in via gnome-kiosk
dependencies so keep the removefrom line and update the comment.
Related: rhbz#1961099
anaconda in F34 and Rawhide recently stopped accepting params
without the inst. prefix, so 'rescue' does nothing except print
a warning now. We need to use `inst.rescue`. This has worked for
quite a long time so will be OK at least on all Fedoras and RHEL
8, not sure about RHEL 7.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Brian C. Lane <bcl@redhat.com>
The difference between the anaconda-install-{env,img}-deps packages is how
they treat dependencies. The -env package leaves some dependencies as weak to
allow less featureful builds. The -img package hard-requires everything
Anaconda could potentially use and ensures everything works.
For boot.iso, the latter is preferable. Its usage moves some things from the
templates to that package.
Signed-off-by: Brian C. Lane <bcl@redhat.com>
mk-s390-cdboot has stopped working because the kernel outgrew the
hard-coded offset it used when creating cdboot.img. IBM now has a script
in s390utils that can do the same thing so use the upstream script
instead.
This drops mk-s390-cdboot script, switches the s390 templates to use
mk-s390image from s390utils.
It adds @ROOT@ to cdboot.prm, and sets inst.stage2 so that the installer
image will be found when booting the iso.
Resolves: rhbz#1903923
This should be pulled in by libblockdev-mpath, but for some reason it is
not. It may be related to it being changed to a 'Recommends' -- but we
are not yet sure. So make sure it is included until that can be tracked
down.
Include the generic.ins file on the s390 boot iso, so it's directly bootable
on an LPAR. The full iso already had generic.ins included.
Signed-off-by: Brian C. Lane <bcl@redhat.com>
Resolves: rhbz#1844517
Anaconda creates a user for connecting via ssh during the installation
when the sshpw kickstart command is used. The user is created with
"/sbin/nologin" shell when /etc/default/useradd is missing, which
prevents the user from log into the running installation.
Resolves: rhbz#1843609
This new setting for 'find_multipaths' tries to prevent things like
LVM from going ahead and activating LVM on the individual disks/paths
until there is reasonable certainty (via a timeout) that the device
is not a component of a multipath set.
NOTE: 'smart' is supported by device-mapper-multipath v0.7.7 and later.
Resolves: rhbz#1763906
Signed-off-by: Brian C. Lane <bcl@redhat.com>
dracut renamed this module so the files were being removed from the
install.img (BUT not from the initramfs). They are necessary for the
shutdown eject feature to work.
Related: rhbz#1805405
The eject utility moved into util-linux and the package was dropped, but
since the runtime-cleanup template is using `removefrom util-linux
--allbut` it was never added to the boot.iso after the move.
This adds it to the list of binaries to keep from util-linux.
Resolves: rhbz#1805405
It was substituting _ which didn't match what pungi uses for creating
the DVD. Make things consistent and use - as the replacement character.
(cherry picked from commit 372bef945f2addbf66c35bce8439f3508ee2ab8a)
Resolves: rhbz#1757338
These packages are now available in BaseOS or AppStream, so include them
in the boot.iso
shim-ia32
grub2-efi-ia32-cdboot
s390utils-hmcdrvfs
xorg-x11-drivers
xorg-x11-server-Xorg
xorg-x11-server-Xorg was already being pulled in as a dependency, but
I've added it back anyway, just to be sure.
dracut-fips is no longer a subpackage so it can be dropped.
docker-anaconda-addon isn't being supported for RHEL8 so drop it as
well.
The resulting image is 6M larger, and the package count goes from 738 to
756 with most of them being x11 drv packages.
Related: rhbz#1622395