IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
shaba@ asked if it's feasible to extend 50-net-eth
with a generator for systemd-networkd style configs
having provided examples; here it is (depends on
/etc/systemd/network/ being packaged into that one).
(fixed up by shaba@'s removal of superfluous quotes)
gdm2.20 seems rather obsolete by now, let's move on;
and m-p doesn't just lump a huge bunch of stuff in,
vector fonts for installer are requested explicitly.
...by moving reference to a package list that *deducts*
packages from a feature (that should lend itself for reuse)
to a particular distribution's configuration (that can have
some specific polish).
The problem was that basing junior on slinux feature while
adding some KDE/Qt-based packages to it failed miserably
in a hard-to-debug manner: adding every package that's been
requested but not installed by hand suddenly made it build,
see also http://altlinux.org/mkimage/debug [ru]
mixin/desktop-installer became *quite* inobvious
even for me over time, and it's not easy to grep up;
let's introduce explicit targets where one is expected
to expect those.
rootfs scripts should hit installer some day; the problem
is with variables (dumping 'em wholesale looks dirty,
and proxying those sort of defeats the approach)
rather than with scripts.
Until then, transform the data from the single variable
into a file containing one facility per line for
installer-1.8.31+ to consume.
As noted in the comment, these include a few quite strong ones:
- sshd(8) will only allow in "wheel" and "users" members
by keys, no password access is allowed;
- password change even by root is subject to quality checks;
- su(8) is only useful to lower privileges and not gain those
(so root access is available either through local console
or via use of ssh keys).
Don't use if frowned upon.
This is based on distro/regular-jeos but torn into two
and somewhat updated for sisyphus-going-to-bring-p8:
1) libcap-ng is now required by util-linux;
2) bridge-utils might be needed for subsequent images.
Those packages which are *required* should be available
for standalone use; and those which are optional should go
into extras.
Adjust server feature accordingly.
The issue with these "; @:" thinglets is that mkimage-profiles
relies on target tracing (see commit 788cad8 some four years ago);
and this tracing approach relies on non-empty recipes which do call
shell (which gets (ab)used) unlike empty ones which oviously don't.
So this _will_ be traced properly:
a: b
@echo "hello world"
and this will too:
a: b; @:
but this will result in a broken graph with REPORT=1:
a: b
icon-theme-oxygen is required by kf5-oxygen <- kde5 <- kde5-big
by now so it's not needed to specify it explicitly anymore;
and zerg@ has just packaged some translations, let's jump in!
There's /usr/share/qt5/translations/ now too, handle that.
OTOH we've got some CJK support already, time to split up
those "cleanups" into some target locale set dependent form.
This has no users in master but out-of-tree branches might need
a trivial update.
The rationale is that it's actually for *any* stage2 and not related
to specifically "install" at all (otherwise it should have been moved
to install2 feature altogether).
Note that there's no reason to add nfs-utils similarly as make-initrd
requires kinit-utils which includes its own nfsmount.
The "best" "feature" of systemd "init system" has just
emerged once again: it will happily sit there idling
given startup or shutdown loops resulting in what looks
like a hang to an unsuspecting user; let's provide the
suspecting one with at least some tools described at
http://www.freedesktop.org/wiki/Software/systemd/Debugging
The issue with this was that plain use/browser/firefox/esr
didn't actually pull in the feature as such; it MUST NOT
pull in use/browser/firefox since it will change semantics
from "if it's Firefox make it ESR" to outright "use FX ESR"
(starterkits depend on the former and it was intentional).
FX_FLAVOUR variable can be set anywhere to switch
use/browser/firefox to prefer ESR packages, including
the appropriate localization ones.
Note that there's no dependency as it can be set in e.g.
starterkits (still unset in regular builds) wholesale
but shouldn't affect those of them lacking firefox.
The reason behind this silly patch is that the default URL
can be left alone with no rebuilds neccessary but with the
intranet services delivered through a "captive portal" or
a redirecting proxy; we definitely don't want the canonical
wiki URL, http://www.altlinux.org, blocked by a rule made
for redirecting the default homepage, so let it be another
one which is served but not widely known or linked to.
This makes use of IM_PACKAGES variable processed by
newly added im feature so that DE-specific targets
could tell which DE-specific IM packages they'd like
on a system *iff* use/im has been requested.
Might be lacking right now, to be sorted out with
the actual users.
This one has been brewin' for quite a while but has been
completed finally; some tweaks sure can come in later but
it's working.
Please note that it's rather needed for "proper" distros
with specific branding and docs packages prepared for those;
one should use l10n feature most likely too.
The "full" target should care for rescue bits as well
(remember that THE_* won't go there); thus regular-rescue.iso
will receive these couple hundred useful kilobytes as well.
It's the very same problem that must be solved within mkimage:
some package lists get expanded early and some late thus having
no chance to influence apt's choices of alternatives made early
(in fact, too early).
Until that, here's another kludge...
PS: turns out that ^systemd- is not "drop ^systemd" but rather:
systemd-analyze
systemd-coredump
systemd-journal-gateway
systemd-networkd
systemd-sysvinit
-- thus one /really/ wants something else.
This one was an experimental but the server is long
offline and isn't going back up; remove the obsolete
config snippet, if/when it's done again it's the easiest
part to be restored (the implementation should provide
HTTP/FTP/NFS-publishable deliverables without the need
to extract those from ISO images).
This one relies on the controversial polkit-sysvinit package
that subverts policykit using well known groups to make it
"work" for things like NM and shutdown helpers.
See also http://altlinux.org/sysvinit and feel free to improve.
/etc/sudoers is persistent with regard to userdel(8)
so removing a LiveCD user isn't going to drop this kind
of the added privilege and might result in an unintended
grant of those by adding a user with the same name after
permanent LiveCD installation.
This has been spotted by Speccyfighter:
https://bugzilla.altlinux.org/31071
This one is alike to install2's one; it's not a shared rootfs
script/variable though as contexts differ a lot, let's be careful.
The commit has been missing from 1.1.64 somehow, found in patch
series while figuring out why LIVE_CLEANUP_KDRIVERS seems to be
just ignored in live-privacy *after* the massive rebase of that
branch...
There's a convention that syslinux configuration snippets
carrying the names of subprofiles involved are picked up
automatically; there were a few special cases already
when this is actually inconvenient, and there's another
one at hand so let's just step up and do it.
NB: this is a sort of a hacky hook though, wish an elegant
interface would come to mind some day.
The added initscript used to be purged by 98-init-rescue
which has been somewhat overlooked during vain attempts
to build an image that would actually run it!
This one provides cmdline arguments for startup-rescue >= 0.24
which would bring up networking and sshd in its turn thus allowing
remote access to the host booted in this mode.
The feature has been asked for by many people including mithraen@
and valintinr@ (and I'd make use of it another day too).
See the appropriate startup-rescue commit description for notes
on implementation; this default set of variable values should be
both useful and illustrative though.
A recent commit has dropped wireless support from
regular server images; staging modules might still
come handy in some situations, let's keep those in
but not as a part of default installation.
This one is likely to get just a single user right now
but the future potential is clearly higher.
Please do review libzmalloc implementation if concerned.
This is sort of laying the ground for the future dismantling
of 10-stage2 (which was sub.in/stage1/modules just recently);
things look like tagged lists might become due some day, e.g.
"net+usb" or "scsi+raid" -- time will tell.
These are aimed to test the modules.d/ and auto-pickup
implementation as well as to present an example.
At least 50-net might change (or just get renamed to avoid
auto-pickup) some day as the "net" feature's meaning is
to provide networking upon bootup and these modules are
only needed within stage1 if we're going to netboot;
and that's quite different thing.
armh-cubox bits are prone to get renamed/generalized too
since e.g. ArmadaXP based server images are going to need
this as well.
These were produced off the single sub.in/stage1/modules
file using this scriptlet to prefix/annotate the names:
grep '\.ko$' modules \
| grep -v / \
| while read m; do \
echo "$(find /lib/modules/$(uname -r)/kernel/{drivers,fs} \
-name "$m" -printf %P $m $(modinfo -d "${m%.ko}" 2>&1)"; \
done
...with subsequent sorting and manual separation.
This is meant to be the second stage in monolithic modules
file split, so the lists themselves are largely unmolested
otherwise. The plan is to further split those into prefix-
and module-specific ones.
Add a note clarifying 10-stage2's status, by the way.
What was a static sub.in/stage1/modules (and the only one)
is now features.in/stage2/stage1/modules.d/10-stage2
(basically a compatibility file that might go some day).
It will be auto-picked as its name corresponds to the
NN-SUFFIX pattern specified in stage1 subprofile now
with $(FEATURES) going into default STAGE1_MODLISTS.
stage1's got prepare-modules target collecting
modules file snippets all over stage1/modules.d/
subdirectories within individual features.
stage2 now adds names of all the features going into
a particular image as snippet file suffix list so that
individual features don't have to register themselves
twice (as a feature and as a propagator modules.d
snippet carrier).
This is going to allow both "uncommon" modules getting
included with no problem (sin@ has wanted cifs ones
for quite some time, for example, and some want e.g.
infiniband modules) *and* to reduce the actual list
below the common mark as well (which is the case with
live-privacy image, for one).
And stage1 memory consumption does matter in some cases
as it's highly critical with no chance to use swap yet.
...and split off use/live/.base *without* use/deflogin/live.
There's need for live images without predefined logins
(like e.g. live-privacy image).
NB: this commit might break things for someone, please notify.
The unfortunate thing is that we have to take care
for sessions, somehow; still there are only two for now
(LXQt and KDE5 Plasma Desktop) so this doesn't look like
a disaster just yet.
Commit 657c0bf has silently added use/bootloader
to the base use/install2 target thus breaking
experimental distro/netinst; it seems better to
require *a* bootloader in the target that's been
specifically designed to cover the common case
(thus linked to by +installer shortcut) but still
to have our base lightweight and flexible.
This doesn't hurt the actual distros as these use
+installer of course.
The former approach to handling "LiveCD with sessions"
has been to mangle "automatic=method:cdrom" into
"automatic=method:disk,label:ALT*" within gfxboot
so that propagator and make-initrd-propagator would
try and discover/create a filesystem labelled
"alt-live-storage" on a LiveFlash's free space.
Then "live_rw" handling has been unified in
make-initrd-propagator (as of 0.18-alt1) to accept
any of "label" subparameter or "live_rw" argument
to go and create_disk_slice().
Then propagator's cdrom.c has been fixed to actually
try sdX1 before sdX (as of 20150306-alt1).
And now it's all been tested to verify that:
- flash "ro" and "rw" boot is OK
- CD-ROM "ro" boot is OK
- CD-ROM "rw" boot is fine given that there's
a partition labeled "alt-live-storage" elsewhere
This is a can of worms indeed :-/
References
~~~~~~~~~~
* http://altlinux.org/initrd-propagator
* http://altlinux.org/make-initrd-propagator
* http://bugzilla.altlinux.org/28289
It's entirely unclear to an unsuspecting curious user
where the actual results of a proposed example hasher
build end up; that's ~/hasher/repo, just state that.
The former install2-only "bloated binary" purge script
happened to hit stage2 (which is a lot more than just
install2); a kind of safety net has been stuck into it
to guard installable LiveCDs against this particular
cleanup but seems it was not enought for ildar@ who
reported this problem almost three years after it was
introduced.
This change re-places the script back into install2
section; the binaries in question amount for ca. 8 Mb
(except openssl ildar@ asked about); if these are deemed
unneccessary within any other stage2-based subprofiles,
please step up with details.
use/vmguest/vbox/base used to pull in DRM modules
which are required for vboxvideo but useless without
xorg bits; and all of these aren't needed in jeos.
Things might break, doublecheck please.
When installer-feature-systemd-stage3 hits BASE_PACKAGES
it pulls install2-init-functions in which is wrong
(one of the consequences is that alterator-browser-qt
lands into even a very basic server installation).
And install2 doesn't even need that package as init feature
carries a script hook that does the same...
This project has evolved/merged into LXQt which has been
packaged for both p7/t7 and sisyphus by now, no need to
carry on deprecated bits.
NB: 0.6.x still have it as t6/p6 still bear razorqt.
The installer feature added is a trivial wrapper around
apt-cache nodeps to uninstall the ^lib packages that have
no more dependencies upon those when the temporarily
installed packages like alterator-browser-qt get removed.
This has only been useful for plymouth feature,
and +installer shortcut included this target
for all the wrong reasons as it seems today
(thus blocking the DRM-free server installers,
for example).
This authorized_keys file has been downloaded to get incorporated
into a script hook but was looking common enough to be forgotten
during pre-commit feature cleanup unfortunately; fix that.
A few more leftover libraries tend to hang around after
purging extra alterator packages that have fired already
during installation stage3; this change might hurt someone,
please do notify if that is the case (OTOH one isn't forced
to use it or to inherit intermediate targets that do so).
This feature operates LIVE_* variables specifically
(as opposed to the more generic THE_* ones) so +alsa
isn't exactly suitable but reusing the pkglist that's
just been factored out is fine.
Split package lists:
- base alsa packages (also needed in pulseaudio-based installations)
- additional alsa packages (needed only if not using pulseaudio)
- pulseaudio packages
live-webkiosk.iso regressed into trying to boot off the local disk
immediately, the exact cause is not yet discovered but this one
has popped in build trace (distcfg.mk) already.
Desktop images are still likely to depend on it though.
There were quite a few things missing:
- packager pseudo for both rpm and hasher;
- proper target (so that i686 or athlon don't confuse people);
- hasher repo for apt so that mkimage would use it too;
- last but not least, a friendly bootstrap message! ;-)
THE_* and friends are all unneeded for live builder image;
this commit makes dev feature basically incompatible with
install2 feature (which relies on the conventional behaviour
of main subprofile), will have to think it all over if the
combination of these two ever becomes needed.
The problem with initial implementation (commit 62e7e9c)
is that there's no systemd-services package in p7/branch
thus apt complains about an attempt to remove something
that doesn't even exist in the first place.
Aimed at live images at first but should cover installers as well.
This has been brewing for quite some time and while the proper
implementation is considerably more complex (and hard to do)
looks like there's demand for the particular important use case,
namely LiveCDs for Russian users, so this code has been shared
with a few people before merge.