09acfd978e
rngd should no long be needed, recent kernels have enough entropy out of the box. This leaves it in the boot.iso but only enables it if inst.rngd is passed on the kernel cmdline. Resolves: rhbz#2028720
128 lines
4.8 KiB
Cheetah
128 lines
4.8 KiB
Cheetah
## runtime-postinstall.tmpl
|
|
## post-install setup required to make the system work.
|
|
|
|
<%page args="root, basearch, libdir, configdir"/>
|
|
<%
|
|
stubs = ("list-harddrives", "raidstart", "raidstop")
|
|
configdir = configdir + "/common"
|
|
%>
|
|
|
|
## move_stubs()
|
|
move usr/share/anaconda/restart-anaconda usr/bin
|
|
%for stub in stubs:
|
|
-move usr/share/anaconda/${stub}-stub usr/bin/${stub}
|
|
%endfor
|
|
|
|
## move_repos()
|
|
move etc/yum.repos.d etc/anaconda.repos.d
|
|
|
|
## Setup mdadm config to turn off homehost
|
|
remove etc/mdadm.conf
|
|
append etc/mdadm.conf "HOMEHOST <ignore>\n"
|
|
|
|
## Configure systemd to start anaconda
|
|
remove etc/systemd/system/default.target
|
|
symlink /lib/systemd/system/anaconda.target etc/systemd/system/default.target
|
|
|
|
## Make sure tmpfs is enabled
|
|
mkdir etc/systemd/system/local-fs.target.wants/
|
|
symlink /lib/systemd/system/tmp.mount etc/systemd/system/local-fs.target.wants/tmp.mount
|
|
|
|
## Disable unwanted systemd services
|
|
systemctl disable systemd-readahead-collect.service \
|
|
systemd-readahead-replay.service \
|
|
mdmonitor.service \
|
|
mdmonitor-takeover.service \
|
|
lvm2-monitor.service \
|
|
dnf-makecache.timer
|
|
## These services can't be disabled normally (they're linked into place in
|
|
## /usr/lib/systemd rather than /etc/systemd), so we have to mask them.
|
|
systemctl mask fedora-configure.service fedora-loadmodules.service \
|
|
fedora-autorelabel.service fedora-autorelabel-mark.service \
|
|
fedora-wait-storage.service media.mount \
|
|
systemd-tmpfiles-clean.service systemd-tmpfiles-clean.timer \
|
|
ldconfig.service
|
|
remove usr/lib/systemd/system/rngd.service
|
|
|
|
## remove because it cannot be disabled
|
|
remove usr/lib/systemd/system-generators/lvm2-activation-generator
|
|
|
|
## Remove the more terrible parts of systemd-tmpfiles.
|
|
## etc.conf is written with the assumption that /etc/ is empty, which is
|
|
## ridiculous, and it also creates a broken /etc/resolv.conf, which breaks
|
|
## networking.
|
|
remove usr/lib/tmpfiles.d/etc.conf
|
|
|
|
## Make logind activate anaconda-shell@.service on switch to empty VT
|
|
symlink anaconda-shell@.service lib/systemd/system/autovt@.service
|
|
replace "#ReserveVT=6" "ReserveVT=2" etc/systemd/logind.conf
|
|
|
|
## Don't write the journal to the overlay, just keep it in RAM
|
|
remove var/log/journal
|
|
|
|
## install some basic configuration files
|
|
append etc/fstab ""
|
|
install ${configdir}/i18n etc/sysconfig
|
|
install ${configdir}/rsyslog.conf etc
|
|
install ${configdir}/bash_history root/.bash_history
|
|
install ${configdir}/profile root/.profile
|
|
install ${configdir}/libuser.conf etc
|
|
install ${configdir}/sysctl.conf etc/sysctl.d/anaconda.conf
|
|
install ${configdir}/spice-vdagentd etc/sysconfig
|
|
mkdir etc/NetworkManager/conf.d
|
|
install ${configdir}/91-anaconda-autoconnect-slaves.conf etc/NetworkManager/conf.d
|
|
install ${configdir}/vconsole.conf etc
|
|
install ${configdir}/92-anaconda-loglevel-debug.conf etc/NetworkManager/conf.d
|
|
|
|
## set up sshd
|
|
install ${configdir}/sshd_config.anaconda etc/ssh
|
|
install ${configdir}/pam.sshd etc/pam.d/sshd
|
|
install ${configdir}/pam.sshd etc/pam.d/login
|
|
install ${configdir}/pam.sshd etc/pam.d/remote
|
|
|
|
## set up inst.rngd support
|
|
install ${configdir}/inst.rngd.service etc/systemd/system/inst.rngd.service
|
|
mkdir etc/systemd/system/basic.target.wants/
|
|
symlink /etc/systemd/system/inst.rngd.service etc/systemd/system/basic.target.wants/inst.rngd.service
|
|
|
|
## set up "install" user account
|
|
append etc/passwd "install:x:0:0:root:/root:/usr/libexec/anaconda/run-anaconda"
|
|
append etc/shadow "install::14438:0:99999:7:::"
|
|
## remove root password
|
|
replace "root:\*:" "root::" etc/shadow
|
|
|
|
## gsettings settings
|
|
install ${configdir}/org.gtk.Settings.Debug.gschema.override usr/share/glib-2.0/schemas
|
|
runcmd chroot ${root} glib-compile-schemas /usr/share/glib-2.0/schemas
|
|
|
|
move usr/libexec/anaconda/auditd sbin
|
|
|
|
## for compatibility with Ancient Anaconda Traditions
|
|
symlink lib/modules /modules
|
|
symlink lib/firmware /firmware
|
|
symlink ../run/install mnt/install
|
|
|
|
## create_depmod_conf()
|
|
append etc/depmod.d/dd.conf "search updates built-in"
|
|
|
|
## create multipath.conf so multipath gets auto-started
|
|
append etc/multipath.conf "defaults {\n\tfind_multipaths smart\n\tuser_friendly_names yes\n}\n"
|
|
|
|
## make lvm auto-activate
|
|
remove etc/lvm/archive/*
|
|
remove etc/lvm/archive
|
|
remove etc/lvm/backup/*
|
|
remove etc/lvm/backup
|
|
remove etc/lvm/cache/*
|
|
remove etc/lvm/cache
|
|
remove etc/lvm/lvm.conf
|
|
append etc/lvm/lvm.conf "global {\n\tuse_lvmetad = 1\n}\n"
|
|
|
|
## Record the package versions used to create the image
|
|
## rpm initializes nss, which requires /dev/urandom to be present, hence the mknod
|
|
runcmd chroot ${root} /usr/bin/mknod -m 666 /dev/random c 1 8
|
|
runcmd chroot ${root} /usr/bin/mknod -m 666 /dev/urandom c 1 9
|
|
runcmd chroot ${root} /usr/bin/rpm -qa --pipe "tee /root/lorax-packages.log"
|
|
|
|
## TODO: we could run prelink here if we wanted?
|