I changed the scripts that clearly stated where rawhide references
were to be commented out, but there are some rawhide references in
atomic stuff that may or may not need to be changed.
For some reason the kernel-core is not protected by dnf, so when
we are trying to remove linux-firmware, it was actually removing
kernel-core package. Commenting out the lines for now.
This is pretty cosmetic as live and cloud images don't use passwords
and they install with sha512 fine, but some people may use these
kickstarts as a base for their spins, so we should use best practices.
We were getting grub2 in the base image again. Apparently
for a while Anaconda has supported a cleaner syntax for this, and
since it fixes the bug, let's use it.
https://bugzilla.redhat.com/show_bug.cgi?id=1222132
Best practice is to use unprivileged service daemons inside Docker
containers. But with this hardcoded root password, in the case of
remote code execution, an attacker could trivially escalate their
privileges to root/uid 0. And while that's uid 0 inside a container,
that's a much larger attack surface.
Instead, do the same thing we're doing for the Cloud images: lock the
root password, create a user to make Anaconda happy, then delete the
user in %post.
https://bugzilla.redhat.com/show_bug.cgi?id=1175997
We control the actual size of the virtual disks with options on the
koji command line. This change will allow the Vagrant root
partition to grow to the 40 GB we allocate in the koji image build
while the base cloud image will remain essentially unchanged, as it
is set to 3 GB in the rel-eng koji call.
It gets installed at box launch time anyway. Save users the
annoyance of having to wait. This is in line with the Atomic
Vagrant images as well, which contain rsync in the composed tree.
Comps commit b802fd1c8472bcf5eb2587cd9ba20fb301bbaa6e changed
workstation-product-environment to include the whole of @firefox group,
as opposed to just including the firefox package in the
workstation-product group. This commit syncs the change here too.
I committed this 5 years ago with only a minimum of review, its main
feature was easier SSH key injection, a problem which has been solved
much better by the cloud image which uses `cloud-init`, as well as the
Vagrant boxes which use hardcoded vagrant SSH keys.
it is not included in f22 and will need ot be re reviewed and sumbitted
if interested parties step up and want to actively maintain and test
Signed-off-by: Dennis Gilmore <dennis@ausil.us>