IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Looks like nodm doesn't reset the PATH set within
/etc/rc.d/init.d/functions which results in sbin
path components hitting user's PATH; livecd-install
which uses consolehelper was what broke first for me.
And this link should illustrate some of the problems
tackled by this kind of scripts...
Servers can POST much longer so having to play hide and seek
with a boot menu isn't going to be exactly entertaining;
let's bump the delay to something comparable at least.
Thanks hiddenman@ for mentioning the obvious-but-unnoticed.
We don't really want to disable NFS portmapper completely
but having some extra root code listening to the world is
really unneccessary unless explicitly required.
Applying "control rpcbind local", thanks ldv@ for advice.
50-setup-network was a hasty hack (surprise!) that used to do
what net and net-eth features have been created to do since;
just drop the duplicated crufty code.
Unconditional resolver setup isn't done now: those with static
setup are better off doing it explicitly, and those with DHCP
should be fine already.
NB: /etc/hosts *is* fine within setup package *but* hasher will
overwrite it with a copy of host's one; let's reset contents
to initial at least until hasher gets fixed and the fix is
rather deployed in the wild.
There was an extra DISABLED=no line written to interface configurarion
that's been superceded by the subsequently added parametrized one;
just drop it.
Thanks glebfm@ for spotting the garbage.
It conflicts with r8169.ko inobviously.
The whole mess looks like this:
- r8169.ko doesn't work for all of Realtek 8111/8168/8169 mutations
- r8168.ko works with some of the chips r8169.ko doesn't
- r8168.ko also works with many chips r8169.ko works with
- r8169.ko is provided by kernel-image package (thus default)
- r8168.ko is provided by kernel-modules-r8168 package (optional)
- kernel-modules-r8168 package requires r8168-blacklist package
- r8168-blacklist package is a one-liner that blacklists r8169.ko
- STAGE1_KMODULES wouldn't include r8168 (std-def) or rtl8168 (led-ws)
- sub.in/stage1/modules would mention r8168.ko (m-p-d: r8169.ko)
So a LiveCD built with use/kernel/net might work with RTL8111/8110
just fine when booted live but fail to automatically load the module
when installed onto hard drive; manual modprobe r8169 would work though.
NB: some of the chips (those available to me) would work just fine
both ways -- this has contributed to fixing this *that* late.
Bottom line:
do not install backup/kludge drivers overriding main ones by default!
Thanks sem@ for providing the crucial hint.
use/deflogin will result in ROOTPW being exported no matter
is it set or not; xport() can't check before exporting as it
relies on lazy evaluation when the actual ROOTPW value can be
set or modified after exporting GLOBAL_ROOTPW for mkimage.
So let's not even pretent we can differ unset ROOTPW from
empty ROOTPW: both result in empty GLOBAL_ROOTPW as of today.
Fixing this would require moving the exports into a separate
makefile being included after all the configuration and checking
each variable for being defined before exporting the corresponding
GLOBAL_ prefixed one.
Yes this might be a security fix in some cases.
Added use/branding/slideshow/once as one of the uses
albeit the interface is universal; see this page for
more info: http://altlinux.org/branding/slideshow [ru]
The service and initscript have "connmand" name
while the package is called "connman" indeed.
Shame on me; this became apparent
while building regular-e18-sysv.
Defining a one-time variable is useless in this case,
and README should state the undefined ROOTPW status
explicitly (since it's now as advertized, heh).
This change is done to reduce ambiguity in some cases;
the previous intention has been to ease navigation when
staying in a particular directory, now it's been changed
in favour of convenient toplevel `git grep' in fact.
Both variants have their pros and cons, I just find myself
leaning to this one by now hence the commit. Feel free to
provide constructive criticism :)
Some path-related bitrot has also been fixed while at that.
It's required for NFS mounts but having a rescue image listening
to any non-localhost ports is too bad an idea, IMNSHO.
So let's fix this while spotted.
OpenVZ related part is now a reusable use/server/ovz target,
and service related groups which have been largely taken from
rider@'s server-light project are now use/server/groups/base.
The use/x11/nvidia/optimus target will pull the bits required
to operate NVIDIA Optimus GPU scheme which relies on integrated
GPU to actually drive the screen; much thanks to barssc@ for
good walkthrough: http://altlinux.org/optimus
NB: this *will* break if nouveau gets in, YHBW.
"messagebus" service is autostarted since dbus gets in being required
by wpa_supplicant <- alterator-net-wifi <- alterator-net-eth; it is
really not needed in the minimalistic server, let's just turn it off.
"lvm2-lvmetad" service requires setup to be actually useful (#29474).
This is long overdue: services feature influences live
and rescue but doesn't do anything to the installed system
as that's behind the installation barrier; some piggybacking
required to do that has been merged into installer back in
2012 apparently (thanks to boyarsh@ for both doing that and
bringing my attention to this fact; it's 65-setup-services.sh
as of today).
So the only thing missing has been the bridge to prepare
those files -- still some more tweakery is required given the
two-stage process arranged so that reusable configuration could
include some sane defaults but the release manager is ultimately
able to override anything without extra kludges; thank legion@
for his wonderful libshell either.
NB: install2 script is a partial clone of rootfs one since
processing the variables is identical; still rootfs script
has to change service state directly while install2 one
has to deposit the information for installer to handle.
use/live/textinstall target is a base for those images whose
target audience tends to be somewhat more experienced; these
might prefer to just boot off the image instead of having to
perform any extra action like pressing down arrow and enter.
This is also to help msp@'s homeros-*.iso boot immediately.
Actually a copy of 10localboot.cfg with a different name
and sorting order so as to address #26608: there's no possibility
to make a LiveCD image that would boot itself by default if localboot
has been configured in.
It's only a partial solution as it doesn't override 10localboot
in case it's there already but a step in that direction...
A hint regarding livecd-net-eth is due -- as well as
review and cleanup of live, net, net-eth features
involved in configuring that ethernet for a LiveCD.
It's hardwired at 1/10 of the default /etc/net value
since 3 seconds are enough for properly functioning
DHCP servers in properly maintained networks (those
improper ones tend to have problems with 30 seconds
anyways), and waiting for too long makes users feel
bad for a reason.
Thanks msp@ for bringing attention to this.
This package has replaced installer-feature-setup-network-stage3
without declaring that; it appears that installer-distro-altlinux-*
don't require it even if most of the others do.
This is to ensure it's included, at least at the moment.
The initial revision was brilliantly buggy: it is *so* apparent
that cdrom will never be actually used for rw slice that this
has evaded my attention rather completely.
This change tries to force loading the storage driver
for cases when SecureBoot is "helping" the chainloader
to fail, see #29705 for details collected so far.
Of course ahci.ko only does AHCI but that's every storage
controller I've seen on UEFI/SecureBoot systems so far.
Let's put osec tools into installable packages at least
(aiming to shift these into default install probably);
these are worthwile addition to sysadmin's toolbox.
Thanks dobr@ for bringing this up.
This has been spotted and solved manually several times already,
and that's just boring so let's add the ability to state that
X11-based software is not accepted into a particular rescue image.
Not that I would hate X but things like that belong to a carefully
crafted image which includes either X server or reasonable means
to ensure that GUI software can actually be used.
NB: this is a somewhat new entity: test/rescue/no-x11 knob
for an image-script intended to make it blow up the build
when libX11 is found within the chroot that makes up
the rescue image's filesystem.
The interface is not documented intentionally: it will take
some time to find out whether it sticks or is bad enough.
Please do remind/ask if interested in using that.
I don't think we're gonna like plymouth over rescue image
anytime soon, especially when it hides the moment when shell
pops up somewhere under it without startup-rescue caring to
remove the splash.
So let's put that $(INSTALL2_BRANDING) into proper stage2
flavours only and avoid choking on missing plymouth as well.
led@ has different kernel-modules-* package set,
some of those "standard" names are provided but
vbox* is not the case.
As our macros and helpers will grok this just fine,
let's add both variants so what's present gets in.
In these tough times there are no extra resources to waste
for wars or some extra rescue; so it is imperative to provide
some lean and mean help, you know.
IOW a common base has been split out and a more tight rescue
image configuration has been added on top of that so as to
try and fit altlinux-p7-sysv-tde.iso for i586 into CD-R.
I've noted that this bit of code should be fixed up
before pushing but managed to overlook that in the end :(
mkimage version bump is due to the somewhat changed layout
of EFI packages and binaries within those (linked message in Russian):
http://lists.altlinux.org/pipermail/devel-distro/2013-December/001283.html
We chose to provide methods to sign packages but to avoid
signing these by default (with some arbitrary test keys)
the signatures are being added *after* the build by means
of rpmrebuild-pesign; all of this is made significantly
more complicated if there are separate -signed subpackages.
So these are being dropped in the packages; account for that.
Everything is handled within mki-copy-efiboot currently
but it needs an image to process; extracting one from
bootloader branding seems less hassle than forcing it
into every flavour of branding.
The changes in commits gb3e3234 and ga860b17 were actually useless
as rescue+fs list wasn't included into RESCUE_LISTS... and I need
pv(1) for convenient local disk cloning with time estimate.
A bit longer version is: add the script which cares to protect
the interfaces which has been brought up during NFS root bootup
already from being tampered with by NetworkManager so as to avoid
losing network with networked rootfs.
Actually the issue was worse in general: *_PACKAGES
weren't quoted when put into .base thus resulting
in a potentially broken echo command (silent one).
The macro scheme used was overgeneralized; stuffing
quoting differentiation into it was doable but ugly
(unless one is able to pass an unquoted quote sign
as a function's parameter in some elegant manner),
let's just make it straightforward.
BASE_BOOTLOADER must have been set to any of the supported
bootloader names somewhere during configuration; it is not
impossible to avoid this elsewhere so let's put a guardian
script which will stop the build which is known to result
in a broken image.
sub/main subprofile should not be requested directly
as documented in its README but rather via use/repo/main;
let's fix this discrepancy and check that no regressions
come hurling down.
- speech-ru and speech-en features are added;
- speech-related things removed from homeros features;
- speech/ directory for package lists added and other corresponding changes.
Networking is *not* brought up by these rescue images
by default, one is expected to know enough to do that
by hand if needed; still there's no harm to have apt
preconfigured so that it would be operational then.
There are various bootloaders around there and some of them
are supported in ALT Linux; let's provide all the mainstream
ones so that knowledgeable root@ has every tool needed for
most situations needing bootloader repairs.
These might require particular knowledge or special boot mode
(like EFI ones).
Being able to handle [compressed] archives of all kinds
tends to be pretty instrumental in rescue operations,
and some backup system clients won't hurt either.
Some ancient Serial words like "minicom" still come handy
at times too.
Comments, constructive criticism and proposals are welcome.
Let's ensure that make-initrd-luks gets to the base install
until installer is tweaked to enable in-flight installation
of options like this.
Adding luks to stage1 [make-initrd] features makes no sense
on the other hand (and it wasn't happening anyways due to
the lack of add_feature function call in config.mk as was
accidentally spotted).
And putting luks packages into an installer image lacking
the reference to alterator-luks isn't that sensible, let's
complain to logs at the very least (this isn't going to hit
the default output though).
"prompt" and subsequent first "label" were not separated
in any way while second "label" and forth were; let's make
the resulting isolinux.cfg a tiny bit more pretty.
This is to avoid NM messing with network interface
involved in NFS root filesystem being operational
(see alterator-netinst); thanks sem@ for the hint.
alterator-netinst currently relies on "default"
being specified explicitly; it's wrong and it should
cope with the first "label" clause as well but we're
better off being strict to this script, not that one.
This commit should be no-op regarding syslinux itself.
That is, no need to pull in systemd as syslogd-daemon provider
when an unspecified one has been requested by interactivesystem
or anything else.
The tricky issue is that THE_LISTS will get expanded separately
and too late to specify a particular provider which will have been
auto-chosen while expanding e.g. BASE_PACKAGES.
It was a temporary hack actually, and is better dropped long-term:
things like predefined root accounts with remote access are *evil*
and this hook was a half of that "solution".
Use of oem feature to integrate first-boot setup is recommended
to deal with this issue, at least when graphics are available.
The initial suggestion that any cubox image is a desktop one
didn't hold out for long; and xorg related bits are not that
related to boot script setup in terms of neccessity.
It basically reads the same but was referring to a neighbour
script that has been moved to a separate deflogin feature
during heavy refactoring of initial implementation draft.
This one was replaced by the net feature completely
and has been declared obsolete since 1.1.1 (a month ago).
A few remaining users trivially adjusted.
There was no need to split carrying over the pubkey
and tightening up permissions on the file and its parent
directory to be done in two separate scripts; this should
be more generic now as a bonus.
Users adjusted accordingly.
Intro: NetworkManager-wait-online.service would, well, wait
for some network interface to become online or for timeout
to kick in.
Problem: if a LiveCD is tested in offline environment
that timeout will only impede the boot.
Proposed solution: use/net/nm/nodelay target has been implemented
to disable that service as proposed by sem@ and done in Simply;
"+nm" target changed to be an alias to this one.
It's old, it uses consolekit (even if not neccessarily),
it borders obsolescence *but* removal of udev-alsa has caused
massive regressions (e.g. regular-gnome3 had soundcard mixer
levels dropped to zero from the start, regular-razorqt added
inability to poweroff to that...).
Just get it back.
The nuance being that:
- alterator-setup package would change default.target
for systemd providing a symlink of its own and making
a backup of what was there (rc3 basically);
- 40-x11-autostart would ignore that backup;
- 99-oem-setup would do nothing about it all either;
- alterator-setup removal would restore rc3 symlink.
It's not pretty either, something more robust should be
invented some day.
rootfs presented a special case when there is no resulting
directory at all as it gets merged with the target subprofile
by design.
Still those features adding only rootfs scripts need to depend
on it but this resulted in an attempt to process a missing subdir.
This is brought back to sanity now.
As 50-sudo-su script cares for sudo and su control facilities no more
that hook is aptly renamed to 50-sshd-root (should be generalized
either some day).
Setting NM_CONTROLLED is apparently not enough to disable
/etc/net handling of a particular interface; thanks sem@
for noticing the fortunate error messages in logs
and explaining this peculiarity to me.
The client side might benefit a bit more in the future
but the server side does not (and should not) require
everything client side does; thus use base ALSA target.
This replaces the many sets of the corresponding packages
wandering all over pkglists, features and configurations;
the interface should be rather well-defined by now.
use/live/install stopped to provide a desktop icon; the nuance is
that zdg-user-dirs-install.sh script in livecd-install package
expects ~/.config/user-dirs.dirs to actually do that.
This script hook used to lurk in live feature but was deemed needed
in cubox images too; thus it's time to move it into a standalone
feature (maybe a configurable one, even).
Thanks glebfm@ for initial shot and sem@ for discussion.
...net uses services, not services use net. That is,
"network" is a service that needs to be enabled by the
now-existing mechanism of "services" feature, don't be
fooled by "network services" here.
Some of those were long asking to be done but cubox project
managed to actually get them done at least to the extent
needed for it; so let's land those and prune things up a bit.
Based on m-p-d's domain-client pkglist and scripts from
installer-feature-network-shares-client-stage3 package.
Many thanks to boyarsh@ for his kind help to get this working.
NB: this works on cubox but is not yet ready for installers!
This is applicable at least to XFCE and MATE based images
(plugins for the appropriate file managers are available).
NB: basically untested with installers.
This is an experimental and known incomplete support
for the system configuration that has to be done at the
first boot-up by its user since it's their choice.
This draft uses systemd which has been a requirement :-/
Thanks sem@ for helping out with the somewhat tricky
unit file for alterator-setup.
The '[alt]' signature reference in the stock package
doesn't fit current reality as the hash files for
Sisyphus/armh are *not* cryptographically signed.
This commit should be reverted when these are.
That \t has lurked in the source variant of the script,
was fixed in features.in/live/live/image-scripts.d/30-users once
and still has managed to creep into this fork!
Ugh.
It was actually done much earlier during an experiment with
Marvell ArmadaXP but is now integrated more or less properly.
NB: ext2 is not needed anymore (uboot should do it),
ext4 should become configurable by an existing knob.
It was implemented in a pretty quick-and-dirty way
for regular-mate back then, clean things up a bit.
Package lists should be deduplicated either but
that's another story.
Overview of the changes:
- ARM support: separate ext2 /boot, no LILO
- avoid race condition with devmapper
- trap ERR so that -e in shebang doesn't result in extra cleanup hassle
- configurable root filesystem type (ext4 by default)
- jumps through parted hoops
Details:
1. LILO is x86-specific while the rest of the script can be used
to prepare e.g. Marvell ArmadaXP or CuBox images; we can generally
count on uboot supporting ext2 for relatively sane platforms but
not ext4 that would be a better root filesystem performance-wise.
2. Apparently /dev/mapper/loopXpY can be still missing at the time
when kpartx returns and pop up a bit later... sit there, wait
and check for it.
3. If something went wrong with any command of the script it would bail out
due to -e in shebang; it is now better to clean up the loopback device
and its mappings in this situation either.
4. One size doesn't fit all, really.
5. The parted sizing was sloppy as in broken, now it's just half insane.
Someone's decision to stick units and auto-alignment knobs into
a single one was apparently hilarious...
http://www.gnu.org/software/parted/manual/parted.html#unit
Manual loop/dm cleanup is described in documentation just in case.
/boot size meter is suboptimal in terms of additional I/O incurred,
will be most likely rewritten to make use of advance "du -s".
Hardly belonged there in the first place and became a culprit
during armh branch development since it had to be forked in
an ugly manner; move to rootfs hooks and be done with it.
VM images will be able to benefit either *but* installed systems
might have some trouble when this is implemented:
http://lists.altlinux.org/pipermail/devel/2013-May/197447.html
Split off use/live/x11 as a common free/proprietary ground either
(this refactoring had to be performed in parallel with x11 feature
being revamped, diffs quickly became intertangled unfortunately).
This has had several goals:
- a target suitable for x86 and armh providing a rather
minimal set of base xorg packages and generic drivers;
- task-oriented targets for graphics use cases:
+ "desktop" means rather 2D focus with 3D being welcome
or even essential but not performance critical, thus
"a slower driver is fine as long as it does work";
+ "3d" means specific 3D performance being critical,
that is "no 3D means no use at all".
Regarding the free and proprietary 3D-capable drivers:
the previous idea was to split out some common ground
and then add the contenders on top of that; the current
approach is based on the observation that the live images
requiring proprietary NVIDIA/AMD drivers *by default*
are usually of not much use with hardware that lacks
proper 3D acceleration (like Tseng cards) or the driver
support for that (like Matrox these days).
Intel videodriver makes for a special case though:
it is both free and top-notch performer.
Thanks sem@ and boyarsh@ for discussion.
PS: xorg-drv-{keyboard,mouse,void} dropped;
those who need these can usually help themselves.
These handle only VE-like products (think TWRP on Nexus 7);
the proper image support should be backported later on.
An experiment in layered configurations is still in its
early stages regarding ARM zoo...
The feature officially introduces the "engineering passwords"
including empty ones which have been around since forever but
weren't properly managed (and still are not, at least until
there are no stray passwd/chpasswd/usermod calls in both the
profile, installer-features and all the other related parts).
It is based on an m-p-d init3-users script by stanv@ but was
cleaned up and restructured in a pretty severe manner; thanks
glebfm@ for additional discussion.
This also cleans up the kludge previously stuck into build-vm.
Note that vm/icewm sports graphical autologin now as well as
the default root password (which can be overridden by passing
ROOTPW=... to make but it is a change from the previous state
of affairs indeed).
The issue is that use/fonts/infinality doesn't actually
require the script hook thus registering the feature's
name in FEATURES variable so that the feature's contents
get copied over is not neccessary (distcfg.mk build-up
will have happened anyways).
But that's confusing if one's forgot this peculiarity
(like me today) or never knew of it, so let's spare
some frustration.
This feature is more generally applicable indeed;
might result in duplication due to the installer
components adding "efivars" independently but that
is to be sorted out later in those components:
- check whether it's added already sometime soon;
- maybe stop adding that at some point in the future.
install2 and rescue roots still need this too though.
Classic VEs don't carry any kernel since these are running
under a single OpenVZ (or potentially LXC) kernel image;
ARM Multiboot (TWRP in this particular case) allows to boot
off a chroot via kexec, and we need a kernel in it for that,
obviously.
No bootloader required inside such VE though.
This subprofile is akin to THE_* variables family: the configuration
bits and script hooks sitting there influence whatever chroot is
declared to be the user facing one in the end, whether it comes
from vm image or live subprofile.
The services feature ought to be a changeset of its own which would
be based on rootfs and become the base for ve/vm changes but I chose
to just do it atomically; some pre-existing duplicates are pruned now.
INSTALL2_PACKAGES turned out to be sensitive to the
feature addition order: if efi was added before install2
then the packages added by the former were overridden
by the latter.
This is also related to commit g7b76c73 as +installer
can be added pretty much anywhere, there's no warranty
that use/install2 appears early enough in configuration
build-up sequence.
This one is a part of a larger rewrite to move away from
distro-centric build-up to configuration-centric one with
the particular packaging being of secondary importance
compared to actual functionality.
Another service that's not very useful on a LiveCD;
maybe should be enabled by default upon installation,
this also requires a proper framework in place.
This reverts commit ae44169139
as libglx has been fixed already; see #27340 and #28782 for
the details, huge thanks go to Alexey Borisenkov for his
thorough investigation and patches as well as to shrek@
and sin@ for their cooperation to get this fixed in Sisyphus.
Moved the packages which impeded pkglist reuse for live distros
so that these stay within dedicated rescue images but don't
neccessarily go into the more generic ones where things like
fdisk are still quite useful.
This is to cope with #28782 while the culprit is being found out;
not much of a loss while #27340 is open (thus no 3D with vboxdrv
anyways).
I chose to avoid pulling the service related machinery into
vmguest (and haven't got around to factoring it out from live
feature's scripts into a standalone form) so had to tweak these
as well.
The expected behaviour is to have online repositories enabled
when the livecd is running; the trouble with runtime detection
relates to the asynchronous nature of network configuration,
connection might get probed just before it is brought up
(thus failing the test).
Systems having been installed-from-live don't misbehave this way
so left unmolested.
Runtime detection is still available via use/live/repo/online
but is definitely not the default mechanism.
The former helps totem a lot regarding actual video reproduction,
suggested for gnome3-default metapackage; the latter helps aris@
to actually get any sound out, so is supposed to land there too.
There's a need for a separate boot target since
persistent storage is way slower than tmpfs indeed;
usbflash has a tendency for huge performance drops
given simultaneous writes in addition to reads which
are the bottleneck already.
make-initrd-propagator 0.18 introduced ext4 rw slice,
so the corresponding kernel module needs to be included
into stage1; see also #28289.
NB: not available on x86_64-efi (or hybrid GPT to be strict)
due to fragility of the hack being made: parted(8) panics
upon seeing that, and good ol' fdisk is unable to treat it.
NB: use/live/rw use/rescue/rx use/syslinux/ui/gfxboot
are unlikely to play very nice together due to the latter's
magic l10n: "session" label is taken by live_rw config snippet
and *is* translated in design-bootloader-source;
OTOH "rescue_session" is *not*.
The original mkisofs would only care for the proper ISO9660 image
but we've switched to xorriso which is able to perform the hack
to yield UEFI hybrid images; thus no need for the postprocessing.
Requires mkimage >= 0.2.5 and xorriso (obviously).
Please see the bug for explanations; too bad I chose to limit this
workaround to experimental gnustep image yesterday when aen@ suggested
to apply it universally...