IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This one is related to forensics mode handling in mkimage:
there's a regex that's expecting the old string ending with
hash value, and it stops working when this is changed here
(at least as of mkimage 0.2.18).
So partially undo the change for this particular file to avoid
refind's example menu for regular-rescue.iso (or any other image
involving forensics mode), and hope to revert this commit some day.
This keyword was misused due to the lack of understanding
of its meaning; thanks zerg@ for the hint, let's hide the
kernel boot parameters not expected to be modified by user
under the hood (and vice versa in some cases).
Note that this is just a keyword shift in all cases
but mediacheck where "showopts" is now added.
NB: this keyword is only relevant for gfxboot.
Now that we don't ignore X-Alterator-PackageList
in pkggroup files these few places referencing
group names as list names have broke; bring 'em
in line through this new and shiny function.
This has been spotted by rider@ and reproduced by me as well:
some touchpads would work in livecd/installed system but not
within the installer itself.
Commit 514652f has broke GLOBAL_CLEANUP_PACKAGES by accidentally
excluding it from export (in favour of GLOBAL_CLEANUP_BASE_PACKAGES
that's been added then); fix that.
This script was completely careless regarding the chance
to meet an empty variable resulting in plain "rpm -qa"
and subsequent attempt to, well, remove *all* packages.
Thanks zerg@ for being persistent this time, even if
he could probably find the culprit and send in this patch.
:)
The problem at hand was that use/x11/xorg has been final,
and zerg@ just couldn't switch from nouveau to nvidia
when kdesktop needs that one.
Initial approach included a "big" FREE/PROP switch that
chose the particular KMODULES/PACKAGES to get added to
THE_* but that fails to achieve e.g. nvidia+radeon combo;
looks like these need individual switches.
The use case at hand was: "we'd better backup this system
to a flashdrive before installing" (given quad-core CPU
and half-terabyte HDD); pxz is pretty tiny, no worries.
There were two problems:
- the latest pgsql related groups made installation
impossible (yes, that last minute change);
- hardware testing shows that use/stage2/kms is now
requisite as xorg-drv-fbdev might just refuse to work
with what looks like a perfectly good framebuffer...
Do away with them *quick*.
"Failsafe install" disabling APIC/LAPIC looks somewhat obsolete
by now; the only reasonable part seems to be the attempt to force
VESA videodriver for the installer (should be done within installer
itself though).
"Forensic mode" submenu has fallen apart after the original commit
as the tricky logic in mkimage::tools/mki-copy-efiboot failed to
pick up the new variant; this should all be redone (solo@ has
started doing something but it needs a time-consuming review).
Fixes: 79d0208841
use/docs/license will copy the texts contained in branding
package ("notes" one) over to the image's rootdir so these
can be read with ease; otherwise one has to look up the
right package at best (or unpack squashfs, no user can be
really expected to do that just to *read* a *license*).
This was originally profiles/scripts.d/01-copy-license
script from m-p-d; got cut down heavily.
The problem at hand was that an installer component
of a "DVD class" image does use/cleanup/installer
while installable LiveCD component gets broken by that
(livecd-install -> installer-scripts-remount-stage2
which gets removed as installer-*).
Split those.
Package profiles -- the ones allowing for a multi-purpose
installer -- have been basically overlooked during previous
mkimage-profiles development, unfortunately.
This is the very basic part: put them into pkg-groups.tar.
THE_* variables serve user needs while shim belongs
to either SYSTEM or COMMON level packages, not needed
explicitly for stage1 though (mkimage will put it there
when needed) so it's just COMMON.
It's not reasonable for use/firmware/laptop to depend on
use/firmware/wireless as some laptops come without WiFi
cards and wireless userspace to use those is specified
elsewhere anyways.
This partially reverts commit 30d3838: trying to use/rescue
with e.g. distro/simply results in conflict between SysVinit
and systemd-sysvinit; INIT_TYPE had to relation to RESCUE_LISTS
in the first place. Ugh.
This has long been a TODO item but an elegant solution
just didn't come until the night before starterkits...
some services (mostly those operating on real hardware)
do not fit virtual environments at all, won't even start.
shaba@ asked if it's feasible to extend 50-net-eth
with a generator for systemd-networkd style configs
having provided examples; here it is (depends on
/etc/systemd/network/ being packaged into that one).
(fixed up by shaba@'s removal of superfluous quotes)
gdm2.20 seems rather obsolete by now, let's move on;
and m-p doesn't just lump a huge bunch of stuff in,
vector fonts for installer are requested explicitly.
...by moving reference to a package list that *deducts*
packages from a feature (that should lend itself for reuse)
to a particular distribution's configuration (that can have
some specific polish).
The problem was that basing junior on slinux feature while
adding some KDE/Qt-based packages to it failed miserably
in a hard-to-debug manner: adding every package that's been
requested but not installed by hand suddenly made it build,
see also http://altlinux.org/mkimage/debug [ru]
mixin/desktop-installer became *quite* inobvious
even for me over time, and it's not easy to grep up;
let's introduce explicit targets where one is expected
to expect those.
rootfs scripts should hit installer some day; the problem
is with variables (dumping 'em wholesale looks dirty,
and proxying those sort of defeats the approach)
rather than with scripts.
Until then, transform the data from the single variable
into a file containing one facility per line for
installer-1.8.31+ to consume.
As noted in the comment, these include a few quite strong ones:
- sshd(8) will only allow in "wheel" and "users" members
by keys, no password access is allowed;
- password change even by root is subject to quality checks;
- su(8) is only useful to lower privileges and not gain those
(so root access is available either through local console
or via use of ssh keys).
Don't use if frowned upon.
This is based on distro/regular-jeos but torn into two
and somewhat updated for sisyphus-going-to-bring-p8:
1) libcap-ng is now required by util-linux;
2) bridge-utils might be needed for subsequent images.
Those packages which are *required* should be available
for standalone use; and those which are optional should go
into extras.
Adjust server feature accordingly.
The issue with these "; @:" thinglets is that mkimage-profiles
relies on target tracing (see commit 788cad8 some four years ago);
and this tracing approach relies on non-empty recipes which do call
shell (which gets (ab)used) unlike empty ones which oviously don't.
So this _will_ be traced properly:
a: b
@echo "hello world"
and this will too:
a: b; @:
but this will result in a broken graph with REPORT=1:
a: b
icon-theme-oxygen is required by kf5-oxygen <- kde5 <- kde5-big
by now so it's not needed to specify it explicitly anymore;
and zerg@ has just packaged some translations, let's jump in!
There's /usr/share/qt5/translations/ now too, handle that.
OTOH we've got some CJK support already, time to split up
those "cleanups" into some target locale set dependent form.
This has no users in master but out-of-tree branches might need
a trivial update.
The rationale is that it's actually for *any* stage2 and not related
to specifically "install" at all (otherwise it should have been moved
to install2 feature altogether).
Note that there's no reason to add nfs-utils similarly as make-initrd
requires kinit-utils which includes its own nfsmount.
The "best" "feature" of systemd "init system" has just
emerged once again: it will happily sit there idling
given startup or shutdown loops resulting in what looks
like a hang to an unsuspecting user; let's provide the
suspecting one with at least some tools described at
http://www.freedesktop.org/wiki/Software/systemd/Debugging
The issue with this was that plain use/browser/firefox/esr
didn't actually pull in the feature as such; it MUST NOT
pull in use/browser/firefox since it will change semantics
from "if it's Firefox make it ESR" to outright "use FX ESR"
(starterkits depend on the former and it was intentional).
FX_FLAVOUR variable can be set anywhere to switch
use/browser/firefox to prefer ESR packages, including
the appropriate localization ones.
Note that there's no dependency as it can be set in e.g.
starterkits (still unset in regular builds) wholesale
but shouldn't affect those of them lacking firefox.
The reason behind this silly patch is that the default URL
can be left alone with no rebuilds neccessary but with the
intranet services delivered through a "captive portal" or
a redirecting proxy; we definitely don't want the canonical
wiki URL, http://www.altlinux.org, blocked by a rule made
for redirecting the default homepage, so let it be another
one which is served but not widely known or linked to.
This makes use of IM_PACKAGES variable processed by
newly added im feature so that DE-specific targets
could tell which DE-specific IM packages they'd like
on a system *iff* use/im has been requested.
Might be lacking right now, to be sorted out with
the actual users.
This one has been brewin' for quite a while but has been
completed finally; some tweaks sure can come in later but
it's working.
Please note that it's rather needed for "proper" distros
with specific branding and docs packages prepared for those;
one should use l10n feature most likely too.
The "full" target should care for rescue bits as well
(remember that THE_* won't go there); thus regular-rescue.iso
will receive these couple hundred useful kilobytes as well.
It's the very same problem that must be solved within mkimage:
some package lists get expanded early and some late thus having
no chance to influence apt's choices of alternatives made early
(in fact, too early).
Until that, here's another kludge...
PS: turns out that ^systemd- is not "drop ^systemd" but rather:
systemd-analyze
systemd-coredump
systemd-journal-gateway
systemd-networkd
systemd-sysvinit
-- thus one /really/ wants something else.
This one was an experimental but the server is long
offline and isn't going back up; remove the obsolete
config snippet, if/when it's done again it's the easiest
part to be restored (the implementation should provide
HTTP/FTP/NFS-publishable deliverables without the need
to extract those from ISO images).
This one relies on the controversial polkit-sysvinit package
that subverts policykit using well known groups to make it
"work" for things like NM and shutdown helpers.
See also http://altlinux.org/sysvinit and feel free to improve.
/etc/sudoers is persistent with regard to userdel(8)
so removing a LiveCD user isn't going to drop this kind
of the added privilege and might result in an unintended
grant of those by adding a user with the same name after
permanent LiveCD installation.
This has been spotted by Speccyfighter:
https://bugzilla.altlinux.org/31071
This one is alike to install2's one; it's not a shared rootfs
script/variable though as contexts differ a lot, let's be careful.
The commit has been missing from 1.1.64 somehow, found in patch
series while figuring out why LIVE_CLEANUP_KDRIVERS seems to be
just ignored in live-privacy *after* the massive rebase of that
branch...
There's a convention that syslinux configuration snippets
carrying the names of subprofiles involved are picked up
automatically; there were a few special cases already
when this is actually inconvenient, and there's another
one at hand so let's just step up and do it.
NB: this is a sort of a hacky hook though, wish an elegant
interface would come to mind some day.
The added initscript used to be purged by 98-init-rescue
which has been somewhat overlooked during vain attempts
to build an image that would actually run it!
This one provides cmdline arguments for startup-rescue >= 0.24
which would bring up networking and sshd in its turn thus allowing
remote access to the host booted in this mode.
The feature has been asked for by many people including mithraen@
and valintinr@ (and I'd make use of it another day too).
See the appropriate startup-rescue commit description for notes
on implementation; this default set of variable values should be
both useful and illustrative though.
A recent commit has dropped wireless support from
regular server images; staging modules might still
come handy in some situations, let's keep those in
but not as a part of default installation.
This one is likely to get just a single user right now
but the future potential is clearly higher.
Please do review libzmalloc implementation if concerned.
This is sort of laying the ground for the future dismantling
of 10-stage2 (which was sub.in/stage1/modules just recently);
things look like tagged lists might become due some day, e.g.
"net+usb" or "scsi+raid" -- time will tell.
These are aimed to test the modules.d/ and auto-pickup
implementation as well as to present an example.
At least 50-net might change (or just get renamed to avoid
auto-pickup) some day as the "net" feature's meaning is
to provide networking upon bootup and these modules are
only needed within stage1 if we're going to netboot;
and that's quite different thing.
armh-cubox bits are prone to get renamed/generalized too
since e.g. ArmadaXP based server images are going to need
this as well.
These were produced off the single sub.in/stage1/modules
file using this scriptlet to prefix/annotate the names:
grep '\.ko$' modules \
| grep -v / \
| while read m; do \
echo "$(find /lib/modules/$(uname -r)/kernel/{drivers,fs} \
-name "$m" -printf %P $m $(modinfo -d "${m%.ko}" 2>&1)"; \
done
...with subsequent sorting and manual separation.
This is meant to be the second stage in monolithic modules
file split, so the lists themselves are largely unmolested
otherwise. The plan is to further split those into prefix-
and module-specific ones.
Add a note clarifying 10-stage2's status, by the way.
What was a static sub.in/stage1/modules (and the only one)
is now features.in/stage2/stage1/modules.d/10-stage2
(basically a compatibility file that might go some day).
It will be auto-picked as its name corresponds to the
NN-SUFFIX pattern specified in stage1 subprofile now
with $(FEATURES) going into default STAGE1_MODLISTS.
stage1's got prepare-modules target collecting
modules file snippets all over stage1/modules.d/
subdirectories within individual features.
stage2 now adds names of all the features going into
a particular image as snippet file suffix list so that
individual features don't have to register themselves
twice (as a feature and as a propagator modules.d
snippet carrier).
This is going to allow both "uncommon" modules getting
included with no problem (sin@ has wanted cifs ones
for quite some time, for example, and some want e.g.
infiniband modules) *and* to reduce the actual list
below the common mark as well (which is the case with
live-privacy image, for one).
And stage1 memory consumption does matter in some cases
as it's highly critical with no chance to use swap yet.
...and split off use/live/.base *without* use/deflogin/live.
There's need for live images without predefined logins
(like e.g. live-privacy image).
NB: this commit might break things for someone, please notify.
The unfortunate thing is that we have to take care
for sessions, somehow; still there are only two for now
(LXQt and KDE5 Plasma Desktop) so this doesn't look like
a disaster just yet.
Commit 657c0bf has silently added use/bootloader
to the base use/install2 target thus breaking
experimental distro/netinst; it seems better to
require *a* bootloader in the target that's been
specifically designed to cover the common case
(thus linked to by +installer shortcut) but still
to have our base lightweight and flexible.
This doesn't hurt the actual distros as these use
+installer of course.
The former approach to handling "LiveCD with sessions"
has been to mangle "automatic=method:cdrom" into
"automatic=method:disk,label:ALT*" within gfxboot
so that propagator and make-initrd-propagator would
try and discover/create a filesystem labelled
"alt-live-storage" on a LiveFlash's free space.
Then "live_rw" handling has been unified in
make-initrd-propagator (as of 0.18-alt1) to accept
any of "label" subparameter or "live_rw" argument
to go and create_disk_slice().
Then propagator's cdrom.c has been fixed to actually
try sdX1 before sdX (as of 20150306-alt1).
And now it's all been tested to verify that:
- flash "ro" and "rw" boot is OK
- CD-ROM "ro" boot is OK
- CD-ROM "rw" boot is fine given that there's
a partition labeled "alt-live-storage" elsewhere
This is a can of worms indeed :-/
References
~~~~~~~~~~
* http://altlinux.org/initrd-propagator
* http://altlinux.org/make-initrd-propagator
* http://bugzilla.altlinux.org/28289
It's entirely unclear to an unsuspecting curious user
where the actual results of a proposed example hasher
build end up; that's ~/hasher/repo, just state that.
The former install2-only "bloated binary" purge script
happened to hit stage2 (which is a lot more than just
install2); a kind of safety net has been stuck into it
to guard installable LiveCDs against this particular
cleanup but seems it was not enought for ildar@ who
reported this problem almost three years after it was
introduced.
This change re-places the script back into install2
section; the binaries in question amount for ca. 8 Mb
(except openssl ildar@ asked about); if these are deemed
unneccessary within any other stage2-based subprofiles,
please step up with details.
use/vmguest/vbox/base used to pull in DRM modules
which are required for vboxvideo but useless without
xorg bits; and all of these aren't needed in jeos.
Things might break, doublecheck please.
When installer-feature-systemd-stage3 hits BASE_PACKAGES
it pulls install2-init-functions in which is wrong
(one of the consequences is that alterator-browser-qt
lands into even a very basic server installation).
And install2 doesn't even need that package as init feature
carries a script hook that does the same...
This project has evolved/merged into LXQt which has been
packaged for both p7/t7 and sisyphus by now, no need to
carry on deprecated bits.
NB: 0.6.x still have it as t6/p6 still bear razorqt.
The installer feature added is a trivial wrapper around
apt-cache nodeps to uninstall the ^lib packages that have
no more dependencies upon those when the temporarily
installed packages like alterator-browser-qt get removed.
This has only been useful for plymouth feature,
and +installer shortcut included this target
for all the wrong reasons as it seems today
(thus blocking the DRM-free server installers,
for example).
This authorized_keys file has been downloaded to get incorporated
into a script hook but was looking common enough to be forgotten
during pre-commit feature cleanup unfortunately; fix that.
A few more leftover libraries tend to hang around after
purging extra alterator packages that have fired already
during installation stage3; this change might hurt someone,
please do notify if that is the case (OTOH one isn't forced
to use it or to inherit intermediate targets that do so).
This feature operates LIVE_* variables specifically
(as opposed to the more generic THE_* ones) so +alsa
isn't exactly suitable but reusing the pkglist that's
just been factored out is fine.
Split package lists:
- base alsa packages (also needed in pulseaudio-based installations)
- additional alsa packages (needed only if not using pulseaudio)
- pulseaudio packages
live-webkiosk.iso regressed into trying to boot off the local disk
immediately, the exact cause is not yet discovered but this one
has popped in build trace (distcfg.mk) already.
Desktop images are still likely to depend on it though.
There were quite a few things missing:
- packager pseudo for both rpm and hasher;
- proper target (so that i686 or athlon don't confuse people);
- hasher repo for apt so that mkimage would use it too;
- last but not least, a friendly bootstrap message! ;-)
THE_* and friends are all unneeded for live builder image;
this commit makes dev feature basically incompatible with
install2 feature (which relies on the conventional behaviour
of main subprofile), will have to think it all over if the
combination of these two ever becomes needed.
The problem with initial implementation (commit 62e7e9c)
is that there's no systemd-services package in p7/branch
thus apt complains about an attempt to remove something
that doesn't even exist in the first place.
Aimed at live images at first but should cover installers as well.
This has been brewing for quite some time and while the proper
implementation is considerably more complex (and hard to do)
looks like there's demand for the particular important use case,
namely LiveCDs for Russian users, so this code has been shared
with a few people before merge.
E19 would ask the user if they want to shut down
when facing power button event; it won't get a chance
though as the system will hurl down immediately as per
acpid-events-power package provided configuration.
This should avoid ruining principle of the least surprise
with ROOTPW_EMPTY=0 or ROOTPW_EMPTY=n actually *enabling*
empty root password; overriding an already set "1" with "0"
becomes possible either.
This one has been inspired by these guys:
http://www.informatimago.com/linux/emacs-on-user-mode-linux.htmlhttps://raymii.org/s/blog/Vim_as_PID_1_Boot_to_Vim.html
It's aimed at building images running their main userspace
piece instead of ramdisk's init, that means PID=1, UID=0.
Mostly fun of course but it suddenly became interesting with
kernel IP autoconfiguration and e.g. elinks running this way
(NB: requires patched make-initrd 0.8.8 at the moment to get
resolver configured).
And startup times are way better than sysvinit and systemd combined!
This function's got its argument order chosen for "aesthetical"
reason of $(2) following $(1) in the macros but the logical order
is exactly the opposite: we care for kernel flavour much more than
for module set (which is dependent upon it).
So while silent dropout of kernel-image if KFLAVOURS is set
but KMODULES is empty could be fixed by testing for $(2) only,
it looks like a good time to fix this discrepancy altogether.
stage2 has been thinking it's synonymous with propagator
and used to usurp kernel's belongings either; carefully
tear scripts apart so that kernel feature makes sure
initrd gets generated, and stage2 (which is still all
about propagator) cares for its bits.
xorg-drv-vmware is desirable for guests with X11
but undesirable for text-only ones; let's provide
this knob at least but ideal m-p would figure out
that an image with use/x11 and use/vmguest/vmware
should receive this intersection either.
Maybe firmware feature should be merged into kernel feature
as the firmware binaries added by it are only used by kernel
but let's clean up a bit at a time.
"use/stage2/net-eth use/net-eth" would be common enough
for installers or livecd images to just get these pulled in
together by a convenient shortcut thus reducing confusion
and chances to just forget one of these counterparts.
It looks *ugly* on-screen, at least within regular builds,
even if the screen is 166dpi.
Based on a quick experiment this morning I'd suggest using
fonts-otf-adobe-source-{code,sans}-pro instead -- and it's
available as use/fonts/otf/adobe now, incidentally.
The documentation is still built with it though as a2x/fop look
unhappy otherwise (as in replacing Cyrillic glyphs with "#"s).
Font packages are sprinkled all over the metaprofiles,
let's try and help make their use more systematic.
This is a sort of a feature abuse as it was conceived
for fontconfig setup originally but spawning features
with confusing names looks grim; so let all things fonts
live within a feature named "fonts" for the time being.
There's not much sense in overduplication of documentation
(tends to get stale faster then), still it's not good to
just refer to the code as the PDF/HTML book is less useful
then; maybe drifting towards "recommended" bits with more
"advanced" things being impleentation-defined is better.
That's a part of ALT Linux conveniences: system log
messages at tty12 (helps immensely in case of disk crash
or cable problems as running anything, including utilities
to view logs, becomes painful to impossible in such cases).
systemd lacks this kind of setup out-of-box for sure
so zerg@ hacked a substitute together; just pull that in.
fonts-ttf-droid have been superseded by fonts-ttf-google-droid-sans
in Sisyphus which might be lacking; I've considered replacing it
with Fira anyways, so let's just do that.
This needs further refinement regarding p7/t7 specifically:
NM behaviour regarding defaults differs in sisyphus and this
has led to livecds booting with DHCP networking but installed
systems booting without configured interfaces.
Non-GUI packages moved to base+nm pkglist to enable standalone
installation of those; and GTK bits left in desktop+nm for use
by images lacking their own new and improved(tm) variant.
Note that both GNOME3 and KDE4 aren't lacking anymore.
This is a similar trouble: p7/t7 branches had
plasma-applet-networkmanager while sisyphus has
switched to kde4-plasma-nm* (there's a bunch of
subpackages there, basically all of them desired).
The current branches lack both firefox 29+ and
firefox-classic_theme_restorer, correspondingly;
sisyphus has those; the feature shouldn't pose
any problems in both cases, should it?
Firefox was the very reasonable default for initial livecd
implementation but now that at least initial browser chooser
infrastructure is in place it's time to un-hardwire its use.
It's _the_ default but switchable now so that images providing
a comprehensive browser can avoid feature duplication.
This one has been asking to be implemented for too long already,
and zerg@ was interested in a bit more lean and mean regular-kde4
either (there are two browsers provided with it via metapackage).
There's another reason to do it recently: Firefox Australis UI
is not exactly the best for many of us, and good ol' seamonkey
seems preferable for "vintage"/low-resource images coming with
icewm or windowmaker.
led-ws kernel flavour has gained kernel-modules-vmware
recently, let's add this to the appropriate targets.
It's used in regular-jeos already but THE_ part was missing.
dm service is set up to autostart when installed anyways,
and explicit `chkconfig dm on' results in it being turned on
at runlevels 2, 3 and 4 too which is really not needed.
Thanks led@ for spotting and reporting this.
cfg.in/README should be explicit regarding
"automatic=method:cdrom" being usable for
flash media too (propagator has been fixed
since 20101130-alt10 or so, and gfxboot is
able to tweak the cmdline having figured
out it's running off the flash either).
It's by no means substitution for proper l10n feature
but forcing users into POSIX locale for recovery ops
is no good at all.
This is basically a fork of live feature's 20-locale,
a font has been changed to save some face though.
VMware specific bits went into use/install2/vmware target,
and all of those targets are worth their use/install2/vmguest
collective one instead of just sticking the kitchen sink into
use/install2/full immediately.
This feature intrinsically depends on predictable
ethernet interface names and makes no sense without
those; so it only seems reasonable to bring this
nice package in, huge thanks go to shaba@ of course.
This value is used to authenticate rescue rootfs image
by verifying the squashfs file's sha256sum before use
(propagator-20140419+).
Looks like this check might be useful for other stage2
images as well but let's get started with this one.
Thanks Maxim Suhanov <suhanov/group-ib.ru> for both
http://www.forensicswiki.org/wiki/Forensic_Live_CD_issues
and propagator patches.
Thanks Maxim Suhanov (suhanov <AT> group-ib.ru,
http://www.forensicswiki.org/wiki/User:.FUF)
for taking the time to review regular-rescue image.
Note that there are more than just filesystems:
arrays, logical volumes and swaps aren't activated either;
startup-rescue >= 0.18 should make that clear enough.
syslinux shortcut handling is case-insensitive,
let's find yet another letter...
A variant of rescue that marks the need to be careful
towards block devices and filesystems thus reducing
the amount of auto-activation done by startup-rescue
(0.17 or newer).
This is a refactored result of Zabbix-related experiments;
we can do a rough zabbix server sketch that still requires
its own setup to go.
NB: both the pkglist and the target are describing several
distinct things actually: zabbix server, zabbix agent,
and the underlying SQL/HTTP/SMTP servers which might get
their own smaller targets some day.
It appears that live feature has been buggy regarding user
groups: its 30-users script would create a predefined account
with fixed supplementry groups list, and even if deflogin feature
got used too it would fail to add any groups to already existing
account since its useradd(8) call would fail.
Let's drop this duplication which has been long overdue anyways.
Thanks dd@ for both reporting the problem and carrying out
initial investigation.
There have been several problems with this feature:
- a typo;
- non-existant GROUPS (even a single one) would block setting
all of the supplementary groups but separately-set 'wheel';
- this feature isn't used much actually so sees no battle testing.
The typo has been just fixed; GROUPS are now applied by iteration
which is less effective but more reliable; an additional script
hook to write down login invitation for the first passwordless
account (if any) has been implemented; and several more group
managing targets have been added (based on live feature's script).
This relates to commit f2892ad3e4
as there's an obvious need to be able to set empty root password
for LiveCDs but previous implementation was very fragile (and is
going to stay that way) -- so clear and separate knob for making
an image defenseless looks better.
Whoops, the very first build of a real distro with gfxboot
has shown that the label isn't picked up there... and things
are actually worse: iso.needscheck gfxboot test seems to look
up "check=1" in sectors where it might have been landing back
then but it's just not there by now; some kludgery is due in
branding-altlinux-sisyphus unfortunately.
No use to hunt make or diff file-by-file.
Well this chroot should have been more lean
in the first place (or a few files in initrd)
but life is short so better use/baby/steps.
This one is quite different already and utility-based name
was pretty clumsy; meet the new feature and retire the old
experimental one.
Please note that quite aggressive cleanups are implemented
within this stage2-based subprofile for the simple reason
that it has a single task to do; nothing else is expected
to be configured into it for that matter.
This functionality asks to be further moved into initrd of course;
adding it there will take a few more decisions to be made, mostly
regarding user interaction in failure scenarios, and it looks like
mkimage will have to be patched in case this doesn't just go into
full.cz under some sort of conditional check.
It's not exactly obvious how install2_size, live_size or rescue_size
get defined since the variable names themselves get constructed;
help git grep these down.
acpid is not enough since power button handling configuration
has been split apart; and tracking this in zillion places is
utterly useless in face of a specially trained power feature.
Just use it.
This one has been missing for quite some time (infiniband modules
should have triggered a commit like this back then), finally there
in very crude and draft form for the starters.
By the time these hooks run the font packages' %post scriptlets
should have fired already; no need to carry the utilities on.
Yes these are bit-by-bit savings. No it's too expensive still.
My gut feeling is that we're not going to see glib2's
messages a lot within installer environment anyways.
And there's a forgotten /usr/share/X11/locale/ too.
An installer needs video playback acceleration
when it has some content to show and some means to;
as long as these are not supported just drop this
unconditionally.
These are only needed for alterator-vm when making
LUKS encrypted partitions; ideally the extra libraries
would be omitted automatically when luks isn't included.
Looks like today's xorg won't autoload radeon_drv but
insists on ati_drv falling back to fbdev if it's not there;
FlightGear runs definitely slow on C-60 APU with that.
I didn't specify ati since it pulls r128 and mach64 modules in
which are rather useless in this context (accelerated 3D graphics).
Looks like nodm doesn't reset the PATH set within
/etc/rc.d/init.d/functions which results in sbin
path components hitting user's PATH; livecd-install
which uses consolehelper was what broke first for me.
And this link should illustrate some of the problems
tackled by this kind of scripts...
Servers can POST much longer so having to play hide and seek
with a boot menu isn't going to be exactly entertaining;
let's bump the delay to something comparable at least.
Thanks hiddenman@ for mentioning the obvious-but-unnoticed.
We don't really want to disable NFS portmapper completely
but having some extra root code listening to the world is
really unneccessary unless explicitly required.
Applying "control rpcbind local", thanks ldv@ for advice.
50-setup-network was a hasty hack (surprise!) that used to do
what net and net-eth features have been created to do since;
just drop the duplicated crufty code.
Unconditional resolver setup isn't done now: those with static
setup are better off doing it explicitly, and those with DHCP
should be fine already.
NB: /etc/hosts *is* fine within setup package *but* hasher will
overwrite it with a copy of host's one; let's reset contents
to initial at least until hasher gets fixed and the fix is
rather deployed in the wild.
There was an extra DISABLED=no line written to interface configurarion
that's been superceded by the subsequently added parametrized one;
just drop it.
Thanks glebfm@ for spotting the garbage.
It conflicts with r8169.ko inobviously.
The whole mess looks like this:
- r8169.ko doesn't work for all of Realtek 8111/8168/8169 mutations
- r8168.ko works with some of the chips r8169.ko doesn't
- r8168.ko also works with many chips r8169.ko works with
- r8169.ko is provided by kernel-image package (thus default)
- r8168.ko is provided by kernel-modules-r8168 package (optional)
- kernel-modules-r8168 package requires r8168-blacklist package
- r8168-blacklist package is a one-liner that blacklists r8169.ko
- STAGE1_KMODULES wouldn't include r8168 (std-def) or rtl8168 (led-ws)
- sub.in/stage1/modules would mention r8168.ko (m-p-d: r8169.ko)
So a LiveCD built with use/kernel/net might work with RTL8111/8110
just fine when booted live but fail to automatically load the module
when installed onto hard drive; manual modprobe r8169 would work though.
NB: some of the chips (those available to me) would work just fine
both ways -- this has contributed to fixing this *that* late.
Bottom line:
do not install backup/kludge drivers overriding main ones by default!
Thanks sem@ for providing the crucial hint.
use/deflogin will result in ROOTPW being exported no matter
is it set or not; xport() can't check before exporting as it
relies on lazy evaluation when the actual ROOTPW value can be
set or modified after exporting GLOBAL_ROOTPW for mkimage.
So let's not even pretent we can differ unset ROOTPW from
empty ROOTPW: both result in empty GLOBAL_ROOTPW as of today.
Fixing this would require moving the exports into a separate
makefile being included after all the configuration and checking
each variable for being defined before exporting the corresponding
GLOBAL_ prefixed one.
Yes this might be a security fix in some cases.
Added use/branding/slideshow/once as one of the uses
albeit the interface is universal; see this page for
more info: http://altlinux.org/branding/slideshow [ru]
The service and initscript have "connmand" name
while the package is called "connman" indeed.
Shame on me; this became apparent
while building regular-e18-sysv.
Defining a one-time variable is useless in this case,
and README should state the undefined ROOTPW status
explicitly (since it's now as advertized, heh).
This change is done to reduce ambiguity in some cases;
the previous intention has been to ease navigation when
staying in a particular directory, now it's been changed
in favour of convenient toplevel `git grep' in fact.
Both variants have their pros and cons, I just find myself
leaning to this one by now hence the commit. Feel free to
provide constructive criticism :)
Some path-related bitrot has also been fixed while at that.
It's required for NFS mounts but having a rescue image listening
to any non-localhost ports is too bad an idea, IMNSHO.
So let's fix this while spotted.
OpenVZ related part is now a reusable use/server/ovz target,
and service related groups which have been largely taken from
rider@'s server-light project are now use/server/groups/base.
The use/x11/nvidia/optimus target will pull the bits required
to operate NVIDIA Optimus GPU scheme which relies on integrated
GPU to actually drive the screen; much thanks to barssc@ for
good walkthrough: http://altlinux.org/optimus
NB: this *will* break if nouveau gets in, YHBW.
"messagebus" service is autostarted since dbus gets in being required
by wpa_supplicant <- alterator-net-wifi <- alterator-net-eth; it is
really not needed in the minimalistic server, let's just turn it off.
"lvm2-lvmetad" service requires setup to be actually useful (#29474).
This is long overdue: services feature influences live
and rescue but doesn't do anything to the installed system
as that's behind the installation barrier; some piggybacking
required to do that has been merged into installer back in
2012 apparently (thanks to boyarsh@ for both doing that and
bringing my attention to this fact; it's 65-setup-services.sh
as of today).
So the only thing missing has been the bridge to prepare
those files -- still some more tweakery is required given the
two-stage process arranged so that reusable configuration could
include some sane defaults but the release manager is ultimately
able to override anything without extra kludges; thank legion@
for his wonderful libshell either.
NB: install2 script is a partial clone of rootfs one since
processing the variables is identical; still rootfs script
has to change service state directly while install2 one
has to deposit the information for installer to handle.
use/live/textinstall target is a base for those images whose
target audience tends to be somewhat more experienced; these
might prefer to just boot off the image instead of having to
perform any extra action like pressing down arrow and enter.
This is also to help msp@'s homeros-*.iso boot immediately.
Actually a copy of 10localboot.cfg with a different name
and sorting order so as to address #26608: there's no possibility
to make a LiveCD image that would boot itself by default if localboot
has been configured in.
It's only a partial solution as it doesn't override 10localboot
in case it's there already but a step in that direction...
A hint regarding livecd-net-eth is due -- as well as
review and cleanup of live, net, net-eth features
involved in configuring that ethernet for a LiveCD.
It's hardwired at 1/10 of the default /etc/net value
since 3 seconds are enough for properly functioning
DHCP servers in properly maintained networks (those
improper ones tend to have problems with 30 seconds
anyways), and waiting for too long makes users feel
bad for a reason.
Thanks msp@ for bringing attention to this.
This package has replaced installer-feature-setup-network-stage3
without declaring that; it appears that installer-distro-altlinux-*
don't require it even if most of the others do.
This is to ensure it's included, at least at the moment.
The initial revision was brilliantly buggy: it is *so* apparent
that cdrom will never be actually used for rw slice that this
has evaded my attention rather completely.
This change tries to force loading the storage driver
for cases when SecureBoot is "helping" the chainloader
to fail, see #29705 for details collected so far.
Of course ahci.ko only does AHCI but that's every storage
controller I've seen on UEFI/SecureBoot systems so far.
Let's put osec tools into installable packages at least
(aiming to shift these into default install probably);
these are worthwile addition to sysadmin's toolbox.
Thanks dobr@ for bringing this up.
This has been spotted and solved manually several times already,
and that's just boring so let's add the ability to state that
X11-based software is not accepted into a particular rescue image.
Not that I would hate X but things like that belong to a carefully
crafted image which includes either X server or reasonable means
to ensure that GUI software can actually be used.
NB: this is a somewhat new entity: test/rescue/no-x11 knob
for an image-script intended to make it blow up the build
when libX11 is found within the chroot that makes up
the rescue image's filesystem.
The interface is not documented intentionally: it will take
some time to find out whether it sticks or is bad enough.
Please do remind/ask if interested in using that.
I don't think we're gonna like plymouth over rescue image
anytime soon, especially when it hides the moment when shell
pops up somewhere under it without startup-rescue caring to
remove the splash.
So let's put that $(INSTALL2_BRANDING) into proper stage2
flavours only and avoid choking on missing plymouth as well.
led@ has different kernel-modules-* package set,
some of those "standard" names are provided but
vbox* is not the case.
As our macros and helpers will grok this just fine,
let's add both variants so what's present gets in.
In these tough times there are no extra resources to waste
for wars or some extra rescue; so it is imperative to provide
some lean and mean help, you know.
IOW a common base has been split out and a more tight rescue
image configuration has been added on top of that so as to
try and fit altlinux-p7-sysv-tde.iso for i586 into CD-R.
I've noted that this bit of code should be fixed up
before pushing but managed to overlook that in the end :(
mkimage version bump is due to the somewhat changed layout
of EFI packages and binaries within those (linked message in Russian):
http://lists.altlinux.org/pipermail/devel-distro/2013-December/001283.html
We chose to provide methods to sign packages but to avoid
signing these by default (with some arbitrary test keys)
the signatures are being added *after* the build by means
of rpmrebuild-pesign; all of this is made significantly
more complicated if there are separate -signed subpackages.
So these are being dropped in the packages; account for that.
Everything is handled within mki-copy-efiboot currently
but it needs an image to process; extracting one from
bootloader branding seems less hassle than forcing it
into every flavour of branding.
The changes in commits gb3e3234 and ga860b17 were actually useless
as rescue+fs list wasn't included into RESCUE_LISTS... and I need
pv(1) for convenient local disk cloning with time estimate.
A bit longer version is: add the script which cares to protect
the interfaces which has been brought up during NFS root bootup
already from being tampered with by NetworkManager so as to avoid
losing network with networked rootfs.
Actually the issue was worse in general: *_PACKAGES
weren't quoted when put into .base thus resulting
in a potentially broken echo command (silent one).
The macro scheme used was overgeneralized; stuffing
quoting differentiation into it was doable but ugly
(unless one is able to pass an unquoted quote sign
as a function's parameter in some elegant manner),
let's just make it straightforward.
BASE_BOOTLOADER must have been set to any of the supported
bootloader names somewhere during configuration; it is not
impossible to avoid this elsewhere so let's put a guardian
script which will stop the build which is known to result
in a broken image.
sub/main subprofile should not be requested directly
as documented in its README but rather via use/repo/main;
let's fix this discrepancy and check that no regressions
come hurling down.
- speech-ru and speech-en features are added;
- speech-related things removed from homeros features;
- speech/ directory for package lists added and other corresponding changes.
Networking is *not* brought up by these rescue images
by default, one is expected to know enough to do that
by hand if needed; still there's no harm to have apt
preconfigured so that it would be operational then.
There are various bootloaders around there and some of them
are supported in ALT Linux; let's provide all the mainstream
ones so that knowledgeable root@ has every tool needed for
most situations needing bootloader repairs.
These might require particular knowledge or special boot mode
(like EFI ones).