This means: Keep all things from the audit package as-is, do not erase or
overwrite.
Previously:
- clean up most things audit in the template
- install a custom replacement for auditd from the anaconda packages
- in anaconda, run the replacement manually
Now:
- keep audit things as they are
- do not install the custom replacement
- in anaconda, run "auditctl -e 0" instead of the custom binary
Overall goals remain the same and met:
- keep boot.iso small: this adds +200 KiB-ish
- do not run auditd to lower runtime memory requirements: still ok
- do not spam journal/syslog with audit messages: still ok
Note: Most audit messages come from dracut, where it is not turned off
anyway.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
Includes 4a678d6670add49fe17ede43e5789d05a24b4e45 and
22c3e76d6c01f019bbe3a78da751933dc6e53459 from the lorax
package.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
rvykydal pointed out that libvorbis is still pulled in via gnome-kiosk
dependencies so keep the removefrom line and update the comment.
Related: rhbz#1961099
Anaconda creates a user for connecting via ssh during the installation
when the sshpw kickstart command is used. The user is created with
"/sbin/nologin" shell when /etc/default/useradd is missing, which
prevents the user from log into the running installation.
Resolves: rhbz#1843609
dracut renamed this module so the files were being removed from the
install.img (BUT not from the initramfs). They are necessary for the
shutdown eject feature to work.
Related: rhbz#1805405
The eject utility moved into util-linux and the package was dropped, but
since the runtime-cleanup template is using `removefrom util-linux
--allbut` it was never added to the boot.iso after the move.
This adds it to the list of binaries to keep from util-linux.
Resolves: rhbz#1805405
...turns out you can't just have a single template file, because lorax
just picks a single directory and expects all the data it needs to be
there. Sigh.
So this adds all the rest of the files, plus some Makefile machinery for
generating a tarball and updating the specfile after you've checked in
changes. See README for details.