IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This one was suggested by enp@ for industrial use where
some extra protection for the boot process might be quite
desirable.
If no syslinux ui was specified (the stock configuration paths
ensure there is one) or if it was set to "none" explicitly,
then there's no boot: prompt (let alone any menu).
If there's a need to ensure that the boot process is not
interruptable by Ctrl/Shift/Caps Lock/Scroll Lock.
The prerequisites for a cleanup after a successful build
were somewhat weird at this point; now the rules are:
- if DEBUG level is more than 1 or CHECK is set, don't do it;
- otherwise if at least one of the following conditions is true:
+ there's more than one target being built in a row;
+ the build was run by e.g. alterator-mkimage;
+ metaprofile directory is read only
...then do a distclean.
If these are still weird or feel unsuitable for profile hacking,
drop me a note (or a patch).
Essentially all the relevant server images got cpufreq setup
and a power button handler; feel free to ask for revert if
this causes any harm in any situation.
`help' used to be the default target described at the very top
of the toplevel makefile but that got broken with g2f307ff;
spotted while discussing m-p with enp@.
Also pulled the pkglist/kmodule part out of distro/server-mini's
recipe and started off a standalone feature based on it.
NB: el-smp kernel now contains aufs as a module but propagator
doesn't try to modprobe it.
Actually the templates pretending to be usable missed the whole
interactivesystem (sysvinit would get pulled in by services as well).
Fixed somewhat but time and practice will tell.
TDE distros don't really need kdm4 which was proposed as
a replacement by zerg@ (for all the valid reasons but kdm3
wasn't maintained at that point, this has changed since).
The reason is that package lists and individual packages
are processed in different dependency resolution "transactions"
by mkimage; thus if packages (the more precise form of specifying
the contents) come first they can't override the lists appearing
later, and that's wrong: we should be able to specify the more
generic things and then pinpoint the specifics.
This became apparent while authoring [[Mkimage/Profiles/m-p/howto]]
asked for by drool@.
The problem was spotted by Alexander Bandura:
bin/tar2vm wasn't present in the generated profile.
I considered extending features.in/Makefile to include
bin/ alongside lib/ but that would make the helper's location
unpredictable (unless BUILDDIR is specified explicitly) so
restricting sudoers would be harder; worse yet, the copied file
would come with write access for the user building an image.
The implications in restricted case are complex enough anyways
so the recommended implementation would only include a fixed
readonly location like /usr/share/mkimage-profiles/bin/tar2vm
as laid out in doc/vm.txt, and that means it's in the metaprofile
not a generated profile.
As it happens, adding another architecture required almost no changes;
native 32-bit ppc build took only ARCH and a repo, qemu-ppc one still
has problems (/.host/entry hangs while unpacking setup for fakedata).
Proof of concept on a QS22:
$ make ve/bare.tar.gz
** ARCH: ppc
/bin/sh: rpmvercmp: command not found
21:41:01 cleaning up
21:41:03 initializing BUILDDIR: build/
21:41:03 preparing distro config
21:41:05 starting image build (coffee time)
21:42:48 done (1:42)
** image: $TMP/out/bare-20120716-ppc.tar.gz [21M]
mkimage and hasher can make use of qemu to run
non-native binaries while working on the chroots;
thanks kas@, manowar@ and sbolshakov@ for implementing
this functionality as well as providing nice examples
through mkimage-profiles-arm and mkimage-profile-armrootfs.
This required the architecture check to be added since baking
a tarball with "arm" as its specified arch and x86_64 inside
isn't particularly good thing to let slip through; however
the implementation is quite fragile, bugreports and patches
are seriously welcome.
NB: APTCONF evaluation order between lazy make and nimble shell
turned out to be quite a delicate issue in this particular case.
The only thing to be fixed was setarch(8) symlinks assumption
that is correct for x86 but not for ARM.
There's also some hasher(7) setup to be done:
mkdir -p ~/.hasher
echo >> ~/.hasher/config <<-EOF
def_target=arm
#cache_dir=$HOME/tmp # depends on RAM/storage configuration
EOF
...and of course apt(8) should be properly set up too.
An example PoC build on a CM-A510 board (tmpfs):
$ make BRANDING=altlinux-centaurus ve/bare.tar.gz
** ARCH: arm
18:10:45 initializing BUILDDIR: build/
18:10:45 preparing distro config: build/distcfg.mk
18:10:46 starting image build: tail -f build/build.log
18:14:49 done (4:02)
** image: $TMP/out/bare-20120706-arm.tar.gz [23M]
The very basic bitmap fonts that were left in back a year ago
aren't particularly modern (even if they are somewhat elegant
and resource sparing which was the goal at that time).
So let's allow for something slightly prettier,
like Croscore Arimo kindly prepared by Steve Matteson,
provided by Google, packaged by Fedora and imported by
Igor Vlasenko.
Here's the news item behind this commit:
http://lwn.net/Articles/502371/
As they say there's nothing more permanent
than a temporary... params.txt and pkglists.txt
were known as vars-build.txt and vars-conf.mk
in the midst of reworking, and part of that
tried to stick.
mkimage implementation requires that the variables
to be passed to the scripts are to be prefixed with
GLOBAL_ or INFO_ tags as appropriate; in this case
the upstream makefile didn't care to.
It's better to rather just move the raw image instead
of specifically converting it into the same, and there's
no need for qemu-img altogether then.
Let's drop the intermediate raw image after successful
conversion as well.
Setup network settings:
1. Init /etc/hosts with "127.0.0.1 localhost"
2. Set hostname, domainname
3. Set defaults for NetworkManager or
attempt to autoconfigure eth0 by etcnet.
Based on init3-network script from m-p-d.
Minor tweaks to toplevel docs as well as some doc/*.txt,
doc/variables.txt renamed to doc/params.txt, and a brand new
doc/pkglists.txt is added (thanks manowar@ for his considerations).
This one was requested by Andrew Churashev; please note
that the image in use must contain recent flash plugin
so that at least the already known vulnerabilities are
more or less plugged in it... and Sun Java plugin isn't
going to get secure either.
A virtual machine isn't very useful if there are no means
to access it; let's bring up the basic networking and provide
root SSH access via pre-existing public key.
As the remote access with known default credentials is roughly
equivalent to just lending one's VMs to anyone with network
access to it, the fallback root password is now exterminated;
you have to provide one (or a long enough random string
if you plan to use keys only, see e.g. apg utility).
There's no need to repeat the typical openssh-* triade
all over the place; those who need server and client
are better off pulling in "openssh" pkglist, and those
needing a particular package should specify it.
