IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The common problem was network-config-subsystem getting
resolved into something completely wrong (like net-scripts
or systemd-networkd) *before* it got specified precisely;
let's just avoid the common cause, that is, a metapackage.
See-also: https://bugzilla.altlinux.org/show_bug.cgi?id=30806
It's not much use for it to stay without the actual
pointer to the place where NM GUIs are referenced,
I've almost started out implementing the "missing"
bit myself right now :-/
It's legit here as I know no Elbrus users among
non-Russian-speakers, at least so far; should move
to generic l10n feature (which will definitely see
its glory by then).
This is to avoid extra actions when one actually needs
KOI8-R (which is still hardwired in some lcc messages).
Should all be rolled into l10n feature some day...
The early scheme consisted of boot.conf template
with a separate hook filling it in; this was nice
for serial console setup script which could just
amend the kernel command line as needed _but_
this got changed towards the more generic scheme
(breaking the hook in question, unfortunately).
This one supports multiple kernels (and tweaks boot
labels aiming to simplify target kernel selection
for the CPU at hand) instead of an earlier attempt
to fill in a template.
No need for the template so just drop it.
This one might probably change into core functionality but right now
it should help when you get not the branding, init system, or whatever
alternative you do _not_ need.
See-also: https://bugzilla.altlinux.org/show_bug.cgi?id=30806
We definitely don't want to see rekonq anywhere,
it's grossly incompetent as a web browser;
and Qupzilla is now being developed under KDE
umbrella and the new name Falkon.
This looks like missing in server starterkit for me;
builder one can be installed by hand if one knows how
to do that but let's better be explicit about that.
Putting any configuration into /etc/net/ifaces/lo/resolv.conf
makes etcnet *overwrite* /etc/resolv.conf, while putting that
into /etc/resolv.conf itself makes e.g. vzctl --nameserver
*append* to what's been specified.
Reported-by: Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
...explicitly; this has been triggered by the change to
livecd-install as of 0.9.10-alt2 (doesn't R: alterator-grub
anymore to allow non-grub platforms as well).
This should be a no-op _together_ with the mentioned change
by now as grub is selected explicitly; will take more attention
for e.g. e2k as the problem just shifted here from livecd-install.
Reported-by: Leonid Krivoshein <klark@altlinux.org>
Those images who are fine with ALSA might still benefit
from addons like udev-alsa to have mixer levels restored
on boot; and PulseAudio-bearing images can be based upon
the same intermediate targets now without receiving the
addons they don't need.
This has been long overdue: pretending that "http server"
is an Apache2 with PHP5 was wrong for ages, and providing
apache2/nginx, php5/php7 choice along with more databases
was waiting for its user proposal.
Follow these changes in server feature as well.
Suggested-by: Altexander
See-also: https://forum.altlinux.org/index.php?topic=40290
This one enables rw session support for Rescue images;
the nitpick is that syslinux' gfxboot *will* set this up
when booting the same ISO from USB Flash media instead of
optical one (CD/DVD-ROM/RW), and we don't put gfxboot into
a standalone rescue image.
See-also: http://altlinux.org/propagator
See-also: http://altlinux.org/remount_rw
Radeon HDMI as the default soundcard isn't really optimal,
and trying to push 44100 kHz samples towards 48 kHz interface
isn't going to sound great; provide sane ALSA dmix defaults
for Elbrus-401 PC workstation.
BASE_PACKAGES_REGEXP and THE_PACKAGES_REGEXP,
to be exact; the lack of handling these appears
to have been the culprit of firefox missing in
vm images which use/browser/firefox.
This reverts commit 41a3f09132:
at least build-vm doesn't do *_REGEXP (which is worth fixing
but all relevant branches got firefox-classic_theme_restorer
so this tweak is now irrelevant and a bit wasteful).
It's strange but ve/builder and distro/live-builder
along with distro/regular-builder are all mostly
"independent", that is duplicating functionality
without any reasonable gain; spotted finally.
The early builds used to rely upon a non-committed
rootfs/files/etc/X11/xorg.conf within this feature
which was a bit annoying and would have screwed an
Elbrus system based on any other GPU.
So let's provide some flexibility by packaging it.
These are creeping throughout m-p and aren't really needed
by default as these should be enabled upon configuration;
let's provide a single switch off point.
No need to deduce kernel version again,
just save it in a temporary file.
The main reason to change what worked is
that e2k kernel-image package has Linux bits
named as image-$kver and not vmlinuz-$kver;
the guessing logic taking all of this into
account resulted in non-aesthetic patch.
NB: there's a duplicating script within
kernel feature; it wasn't easy to avoid
this and it might differ when handling
multiple kernels, I didn't think much
about this now as vm images tend to ship
with the sole one.
This is unfortunate but Sisyphus' Xfce can't really strive with its
default /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml,
namely IconThemeName; while p8's one still does pretty good.
Thanks antohami@ for his analysis and workaround suggestion.
See-also: https://bugzilla.altlinux.org/32924
See-also: https://lists.altlinux.org/pipermail/devel/2017-February/202348.html
Suggested-by: Anton Midyukov <midyukov-anton@ya.ru>
Drop duplicated code pulled into armh feature in haste
and another half-copy that made it into build-ve feature;
make ve.mk more explicit about what it actually does
regarding default nameservers (and switch it to level3
while at that, just for diversity they preach).
Refer to net-dns feature where appropriate
(it actually started out as an extension of
net feature but the reasons to separate it
quickly became apparent to me).
Was broken in too many places including several libraries
x11vnc currently links against getting removed, several
utilities missing, and no way to guess what to do...
One could stumble upon http://altlinux.org/vncinst
or find the implementation in installer.git but it's
not exactly user-friendly.
An initial (and quite naive) implementation was done
for conf.d/ files but features do need it as well --
which became obvious during a casual inspection of
distro/alt-workstation's target graph (which occured
broken).
The code is a messy hackery unfortunately, regexes used
are fragile regarding e.g. [A-Z_] in target names.
Read with care.
NB: lib/ might need this too but it's rather stable
and contains some special cases that would obstruct
the regexes even more...
In this case it's rather worth it to examine build.log
than read documentation again (as vm.txt should have been
read or at least skimmed through to get sudo setup ready,
and the problem might be either an environment one or a bug).
rpm-4.13 stopped bringing alt-gpgkeys in, and specifying it
explicitly for STAGE1_PACKAGES didn't help somehow; don't presume
/usr/lib/alt-gpgkeys/ existence anyways.
elinks doesn't require libX11 (unlike links2),
and webclient can become e.g. rekonq pulling
in kde4libs -- that's exactly what I ran into
while preparing 201612xx server starterkits.
For some reason DOT_BASE only got BASE_PACKAGES_REGEXP so e.g.
browser feature use well could result in the lack of a browser
if no metapackage pulls one in!
X-Brown-Paper-Bag :-(
It's at least removing the very obvious user->root
attack through (maliciously) modifying bin/tar2fs
and waiting for it to be run; if mkimage-profiles
is installed system-wide as a package, the script
from /usr/share/mkimage-profiles will be tried so
those willing to allow vm/* build to themselves
can provide for a passwordless sudo (as described
in doc/vm.txt) to run a root-only writable script,
not user-writable.
Still not perfect but a step away from the abyss.
It turns out that -regular pulls in too much
(including xfce-polkit that doesn't work with
sysvinit); let's provide means to have it both
ways, need xfce4 4.12-alt5 or later metapackage
for this change to be effective.
The issue at hand it _nmconnect group that's supported
in ALT NM for polkit-less cases; it has to be added
*before* 50-users hook from deflogin feature fires off.
The existing systemd-related hook has been renamed
to reflect its job better.
This one is related to forensics mode handling in mkimage:
there's a regex that's expecting the old string ending with
hash value, and it stops working when this is changed here
(at least as of mkimage 0.2.18).
So partially undo the change for this particular file to avoid
refind's example menu for regular-rescue.iso (or any other image
involving forensics mode), and hope to revert this commit some day.
This keyword was misused due to the lack of understanding
of its meaning; thanks zerg@ for the hint, let's hide the
kernel boot parameters not expected to be modified by user
under the hood (and vice versa in some cases).
Note that this is just a keyword shift in all cases
but mediacheck where "showopts" is now added.
NB: this keyword is only relevant for gfxboot.
Now that we don't ignore X-Alterator-PackageList
in pkggroup files these few places referencing
group names as list names have broke; bring 'em
in line through this new and shiny function.
This has been spotted by rider@ and reproduced by me as well:
some touchpads would work in livecd/installed system but not
within the installer itself.
Commit 514652f has broke GLOBAL_CLEANUP_PACKAGES by accidentally
excluding it from export (in favour of GLOBAL_CLEANUP_BASE_PACKAGES
that's been added then); fix that.
This script was completely careless regarding the chance
to meet an empty variable resulting in plain "rpm -qa"
and subsequent attempt to, well, remove *all* packages.
Thanks zerg@ for being persistent this time, even if
he could probably find the culprit and send in this patch.
:)
The problem at hand was that use/x11/xorg has been final,
and zerg@ just couldn't switch from nouveau to nvidia
when kdesktop needs that one.
Initial approach included a "big" FREE/PROP switch that
chose the particular KMODULES/PACKAGES to get added to
THE_* but that fails to achieve e.g. nvidia+radeon combo;
looks like these need individual switches.
The use case at hand was: "we'd better backup this system
to a flashdrive before installing" (given quad-core CPU
and half-terabyte HDD); pxz is pretty tiny, no worries.
There were two problems:
- the latest pgsql related groups made installation
impossible (yes, that last minute change);
- hardware testing shows that use/stage2/kms is now
requisite as xorg-drv-fbdev might just refuse to work
with what looks like a perfectly good framebuffer...
Do away with them *quick*.
"Failsafe install" disabling APIC/LAPIC looks somewhat obsolete
by now; the only reasonable part seems to be the attempt to force
VESA videodriver for the installer (should be done within installer
itself though).
"Forensic mode" submenu has fallen apart after the original commit
as the tricky logic in mkimage::tools/mki-copy-efiboot failed to
pick up the new variant; this should all be redone (solo@ has
started doing something but it needs a time-consuming review).
Fixes: 79d0208841
use/docs/license will copy the texts contained in branding
package ("notes" one) over to the image's rootdir so these
can be read with ease; otherwise one has to look up the
right package at best (or unpack squashfs, no user can be
really expected to do that just to *read* a *license*).
This was originally profiles/scripts.d/01-copy-license
script from m-p-d; got cut down heavily.
The problem at hand was that an installer component
of a "DVD class" image does use/cleanup/installer
while installable LiveCD component gets broken by that
(livecd-install -> installer-scripts-remount-stage2
which gets removed as installer-*).
Split those.
Package profiles -- the ones allowing for a multi-purpose
installer -- have been basically overlooked during previous
mkimage-profiles development, unfortunately.
This is the very basic part: put them into pkg-groups.tar.
THE_* variables serve user needs while shim belongs
to either SYSTEM or COMMON level packages, not needed
explicitly for stage1 though (mkimage will put it there
when needed) so it's just COMMON.
It's not reasonable for use/firmware/laptop to depend on
use/firmware/wireless as some laptops come without WiFi
cards and wireless userspace to use those is specified
elsewhere anyways.
This partially reverts commit 30d3838: trying to use/rescue
with e.g. distro/simply results in conflict between SysVinit
and systemd-sysvinit; INIT_TYPE had to relation to RESCUE_LISTS
in the first place. Ugh.
This has long been a TODO item but an elegant solution
just didn't come until the night before starterkits...
some services (mostly those operating on real hardware)
do not fit virtual environments at all, won't even start.
shaba@ asked if it's feasible to extend 50-net-eth
with a generator for systemd-networkd style configs
having provided examples; here it is (depends on
/etc/systemd/network/ being packaged into that one).
(fixed up by shaba@'s removal of superfluous quotes)
gdm2.20 seems rather obsolete by now, let's move on;
and m-p doesn't just lump a huge bunch of stuff in,
vector fonts for installer are requested explicitly.
...by moving reference to a package list that *deducts*
packages from a feature (that should lend itself for reuse)
to a particular distribution's configuration (that can have
some specific polish).
The problem was that basing junior on slinux feature while
adding some KDE/Qt-based packages to it failed miserably
in a hard-to-debug manner: adding every package that's been
requested but not installed by hand suddenly made it build,
see also http://altlinux.org/mkimage/debug [ru]
mixin/desktop-installer became *quite* inobvious
even for me over time, and it's not easy to grep up;
let's introduce explicit targets where one is expected
to expect those.
rootfs scripts should hit installer some day; the problem
is with variables (dumping 'em wholesale looks dirty,
and proxying those sort of defeats the approach)
rather than with scripts.
Until then, transform the data from the single variable
into a file containing one facility per line for
installer-1.8.31+ to consume.
As noted in the comment, these include a few quite strong ones:
- sshd(8) will only allow in "wheel" and "users" members
by keys, no password access is allowed;
- password change even by root is subject to quality checks;
- su(8) is only useful to lower privileges and not gain those
(so root access is available either through local console
or via use of ssh keys).
Don't use if frowned upon.
This is based on distro/regular-jeos but torn into two
and somewhat updated for sisyphus-going-to-bring-p8:
1) libcap-ng is now required by util-linux;
2) bridge-utils might be needed for subsequent images.
Those packages which are *required* should be available
for standalone use; and those which are optional should go
into extras.
Adjust server feature accordingly.
The issue with these "; @:" thinglets is that mkimage-profiles
relies on target tracing (see commit 788cad8 some four years ago);
and this tracing approach relies on non-empty recipes which do call
shell (which gets (ab)used) unlike empty ones which oviously don't.
So this _will_ be traced properly:
a: b
@echo "hello world"
and this will too:
a: b; @:
but this will result in a broken graph with REPORT=1:
a: b
icon-theme-oxygen is required by kf5-oxygen <- kde5 <- kde5-big
by now so it's not needed to specify it explicitly anymore;
and zerg@ has just packaged some translations, let's jump in!
There's /usr/share/qt5/translations/ now too, handle that.
OTOH we've got some CJK support already, time to split up
those "cleanups" into some target locale set dependent form.
This has no users in master but out-of-tree branches might need
a trivial update.
The rationale is that it's actually for *any* stage2 and not related
to specifically "install" at all (otherwise it should have been moved
to install2 feature altogether).
Note that there's no reason to add nfs-utils similarly as make-initrd
requires kinit-utils which includes its own nfsmount.
The "best" "feature" of systemd "init system" has just
emerged once again: it will happily sit there idling
given startup or shutdown loops resulting in what looks
like a hang to an unsuspecting user; let's provide the
suspecting one with at least some tools described at
http://www.freedesktop.org/wiki/Software/systemd/Debugging
The issue with this was that plain use/browser/firefox/esr
didn't actually pull in the feature as such; it MUST NOT
pull in use/browser/firefox since it will change semantics
from "if it's Firefox make it ESR" to outright "use FX ESR"
(starterkits depend on the former and it was intentional).
FX_FLAVOUR variable can be set anywhere to switch
use/browser/firefox to prefer ESR packages, including
the appropriate localization ones.
Note that there's no dependency as it can be set in e.g.
starterkits (still unset in regular builds) wholesale
but shouldn't affect those of them lacking firefox.
The reason behind this silly patch is that the default URL
can be left alone with no rebuilds neccessary but with the
intranet services delivered through a "captive portal" or
a redirecting proxy; we definitely don't want the canonical
wiki URL, http://www.altlinux.org, blocked by a rule made
for redirecting the default homepage, so let it be another
one which is served but not widely known or linked to.
This makes use of IM_PACKAGES variable processed by
newly added im feature so that DE-specific targets
could tell which DE-specific IM packages they'd like
on a system *iff* use/im has been requested.
Might be lacking right now, to be sorted out with
the actual users.
This one has been brewin' for quite a while but has been
completed finally; some tweaks sure can come in later but
it's working.
Please note that it's rather needed for "proper" distros
with specific branding and docs packages prepared for those;
one should use l10n feature most likely too.
The "full" target should care for rescue bits as well
(remember that THE_* won't go there); thus regular-rescue.iso
will receive these couple hundred useful kilobytes as well.
It's the very same problem that must be solved within mkimage:
some package lists get expanded early and some late thus having
no chance to influence apt's choices of alternatives made early
(in fact, too early).
Until that, here's another kludge...
PS: turns out that ^systemd- is not "drop ^systemd" but rather:
systemd-analyze
systemd-coredump
systemd-journal-gateway
systemd-networkd
systemd-sysvinit
-- thus one /really/ wants something else.
This one was an experimental but the server is long
offline and isn't going back up; remove the obsolete
config snippet, if/when it's done again it's the easiest
part to be restored (the implementation should provide
HTTP/FTP/NFS-publishable deliverables without the need
to extract those from ISO images).
This one relies on the controversial polkit-sysvinit package
that subverts policykit using well known groups to make it
"work" for things like NM and shutdown helpers.
See also http://altlinux.org/sysvinit and feel free to improve.
/etc/sudoers is persistent with regard to userdel(8)
so removing a LiveCD user isn't going to drop this kind
of the added privilege and might result in an unintended
grant of those by adding a user with the same name after
permanent LiveCD installation.
This has been spotted by Speccyfighter:
https://bugzilla.altlinux.org/31071
This one is alike to install2's one; it's not a shared rootfs
script/variable though as contexts differ a lot, let's be careful.
The commit has been missing from 1.1.64 somehow, found in patch
series while figuring out why LIVE_CLEANUP_KDRIVERS seems to be
just ignored in live-privacy *after* the massive rebase of that
branch...
There's a convention that syslinux configuration snippets
carrying the names of subprofiles involved are picked up
automatically; there were a few special cases already
when this is actually inconvenient, and there's another
one at hand so let's just step up and do it.
NB: this is a sort of a hacky hook though, wish an elegant
interface would come to mind some day.
