## runtime-postinstall.tmpl ## post-install setup required to make the system work. <%page args="root, basearch, libdir, configdir"/> <% configdir = configdir + "/common" import os, time SOURCE_DATE_EPOCH = os.environ.get('SOURCE_DATE_EPOCH', str(int(time.time()))) %> ## move_stubs() move usr/share/anaconda/list-harddrives-stub usr/bin/list-harddrives ## move_repos() move etc/yum.repos.d etc/anaconda.repos.d ## Setup mdadm config to turn off homehost remove etc/mdadm.conf append etc/mdadm.conf "HOMEHOST \n" ## Configure systemd to start anaconda remove etc/systemd/system/default.target symlink /lib/systemd/system/anaconda.target etc/systemd/system/default.target ## Make sure tmpfs is enabled mkdir etc/systemd/system/local-fs.target.wants/ symlink /lib/systemd/system/tmp.mount etc/systemd/system/local-fs.target.wants/tmp.mount ## Disable unwanted systemd services systemctl disable systemd-readahead-collect.service \ systemd-readahead-replay.service \ lvm2-monitor.service \ dnf-makecache.timer \ sshd.socket ## These services can't be disabled normally (they're linked into place in ## /usr/lib/systemd rather than /etc/systemd), so we have to mask them. systemctl mask fedora-configure.service fedora-loadmodules.service \ fedora-autorelabel.service fedora-autorelabel-mark.service \ fedora-wait-storage.service media.mount \ systemd-tmpfiles-clean.service systemd-tmpfiles-clean.timer \ ldconfig.service remove usr/lib/systemd/system/rngd.service ## remove because it cannot be disabled remove usr/lib/systemd/system-generators/lvm2-activation-generator ## Remove the more terrible parts of systemd-tmpfiles. ## etc.conf is written with the assumption that /etc/ is empty, which is ## ridiculous, and it also creates a broken /etc/resolv.conf, which breaks ## networking. remove usr/lib/tmpfiles.d/etc.conf ## Make logind activate anaconda-shell@.service on switch to empty VT symlink anaconda-shell@.service lib/systemd/system/autovt@.service mkdir usr/lib/systemd/logind.conf.d append usr/lib/systemd/logind.conf.d/anaconda-shell.conf "[Login]\nReserveVT=2" ## Don't write the journal to the overlay, just keep it in RAM remove var/log/journal ## install some basic configuration files append etc/fstab "" install ${configdir}/i18n etc/sysconfig install ${configdir}/rsyslog.conf etc install ${configdir}/bash_history root/.bash_history install ${configdir}/profile root/.profile install ${configdir}/libuser.conf etc install ${configdir}/sysctl.conf etc/sysctl.d/anaconda.conf install ${configdir}/spice-vdagentd etc/sysconfig mkdir etc/NetworkManager/conf.d install ${configdir}/91-anaconda-autoconnect-slaves.conf etc/NetworkManager/conf.d install ${configdir}/vconsole.conf etc install ${configdir}/92-anaconda-loglevel-debug.conf etc/NetworkManager/conf.d ## set up sshd install ${configdir}/sshd_config.anaconda etc/ssh install ${configdir}/pam.sshd etc/pam.d/sshd install ${configdir}/pam.sshd etc/pam.d/login install ${configdir}/pam.sshd etc/pam.d/remote ## set up inst.rngd support install ${configdir}/inst.rngd.service etc/systemd/system/inst.rngd.service mkdir etc/systemd/system/basic.target.wants/ symlink /etc/systemd/system/inst.rngd.service etc/systemd/system/basic.target.wants/inst.rngd.service ## set up "install" user account append etc/passwd "install:x:0:0:root:/root:/usr/libexec/anaconda/run-anaconda" append etc/shadow "install::14438:0:99999:7:::" ## remove root password replace "root:\*:" "root::" etc/shadow ## gsettings settings install ${configdir}/org.gtk.Settings.Debug.gschema.override usr/share/glib-2.0/schemas runcmd chroot ${root} glib-compile-schemas /usr/share/glib-2.0/schemas ## for compatibility with Ancient Anaconda Traditions symlink lib/modules /modules symlink lib/firmware /firmware symlink ../run/install mnt/install ## create_depmod_conf() append etc/depmod.d/dd.conf "search updates built-in" ## create multipath.conf so multipath gets auto-started append etc/multipath.conf "defaults {\n\tfind_multipaths smart\n\tuser_friendly_names yes\n}\n" append etc/multipath.conf "blacklist_exceptions {\n\tproperty \"(SCSI_IDENT_|ID_WWN)\"\n}\n" ## make lvm auto-activate remove etc/lvm/archive/* remove etc/lvm/archive remove etc/lvm/backup/* remove etc/lvm/backup remove etc/lvm/cache/* remove etc/lvm/cache remove etc/lvm/lvm.conf append etc/lvm/lvm.conf "global {\n\tuse_lvmetad = 1\n}\n" ## Remove machine specific nvme-cli files remove etc/nvme/hostid remove etc/nvme/hostnqn ## Record the package versions used to create the image ## rpm initializes nss, which requires /dev/urandom to be present, hence the mknod runcmd chroot ${root} /usr/bin/mknod -m 666 /dev/random c 1 8 runcmd chroot ${root} /usr/bin/mknod -m 666 /dev/urandom c 1 9 runcmd chroot ${root} /usr/bin/rpm -qa --pipe "tee /root/lorax-packages.log" ## TODO: we could run prelink here if we wanted? ## fix fonconfig cache containing timestamps runcmd chroot ${root} /usr/bin/find /usr/share/fonts -newermt "@${SOURCE_DATE_EPOCH}" -exec \ touch --no-dereference --date="@${SOURCE_DATE_EPOCH}" {} + runcmd chroot ${root} /usr/bin/fc-cache -f