IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This should avoid ruining principle of the least surprise
with ROOTPW_EMPTY=0 or ROOTPW_EMPTY=n actually *enabling*
empty root password; overriding an already set "1" with "0"
becomes possible either.
This one has been inspired by these guys:
http://www.informatimago.com/linux/emacs-on-user-mode-linux.htmlhttps://raymii.org/s/blog/Vim_as_PID_1_Boot_to_Vim.html
It's aimed at building images running their main userspace
piece instead of ramdisk's init, that means PID=1, UID=0.
Mostly fun of course but it suddenly became interesting with
kernel IP autoconfiguration and e.g. elinks running this way
(NB: requires patched make-initrd 0.8.8 at the moment to get
resolver configured).
And startup times are way better than sysvinit and systemd combined!
This function's got its argument order chosen for "aesthetical"
reason of $(2) following $(1) in the macros but the logical order
is exactly the opposite: we care for kernel flavour much more than
for module set (which is dependent upon it).
So while silent dropout of kernel-image if KFLAVOURS is set
but KMODULES is empty could be fixed by testing for $(2) only,
it looks like a good time to fix this discrepancy altogether.
stage2 has been thinking it's synonymous with propagator
and used to usurp kernel's belongings either; carefully
tear scripts apart so that kernel feature makes sure
initrd gets generated, and stage2 (which is still all
about propagator) cares for its bits.
xorg-drv-vmware is desirable for guests with X11
but undesirable for text-only ones; let's provide
this knob at least but ideal m-p would figure out
that an image with use/x11 and use/vmguest/vmware
should receive this intersection either.
Maybe firmware feature should be merged into kernel feature
as the firmware binaries added by it are only used by kernel
but let's clean up a bit at a time.
"use/stage2/net-eth use/net-eth" would be common enough
for installers or livecd images to just get these pulled in
together by a convenient shortcut thus reducing confusion
and chances to just forget one of these counterparts.
It looks *ugly* on-screen, at least within regular builds,
even if the screen is 166dpi.
Based on a quick experiment this morning I'd suggest using
fonts-otf-adobe-source-{code,sans}-pro instead -- and it's
available as use/fonts/otf/adobe now, incidentally.
The documentation is still built with it though as a2x/fop look
unhappy otherwise (as in replacing Cyrillic glyphs with "#"s).
Font packages are sprinkled all over the metaprofiles,
let's try and help make their use more systematic.
This is a sort of a feature abuse as it was conceived
for fontconfig setup originally but spawning features
with confusing names looks grim; so let all things fonts
live within a feature named "fonts" for the time being.
There's not much sense in overduplication of documentation
(tends to get stale faster then), still it's not good to
just refer to the code as the PDF/HTML book is less useful
then; maybe drifting towards "recommended" bits with more
"advanced" things being impleentation-defined is better.
That's a part of ALT Linux conveniences: system log
messages at tty12 (helps immensely in case of disk crash
or cable problems as running anything, including utilities
to view logs, becomes painful to impossible in such cases).
systemd lacks this kind of setup out-of-box for sure
so zerg@ hacked a substitute together; just pull that in.
fonts-ttf-droid have been superseded by fonts-ttf-google-droid-sans
in Sisyphus which might be lacking; I've considered replacing it
with Fira anyways, so let's just do that.
This needs further refinement regarding p7/t7 specifically:
NM behaviour regarding defaults differs in sisyphus and this
has led to livecds booting with DHCP networking but installed
systems booting without configured interfaces.
Non-GUI packages moved to base+nm pkglist to enable standalone
installation of those; and GTK bits left in desktop+nm for use
by images lacking their own new and improved(tm) variant.
Note that both GNOME3 and KDE4 aren't lacking anymore.
This is a similar trouble: p7/t7 branches had
plasma-applet-networkmanager while sisyphus has
switched to kde4-plasma-nm* (there's a bunch of
subpackages there, basically all of them desired).
The current branches lack both firefox 29+ and
firefox-classic_theme_restorer, correspondingly;
sisyphus has those; the feature shouldn't pose
any problems in both cases, should it?
Firefox was the very reasonable default for initial livecd
implementation but now that at least initial browser chooser
infrastructure is in place it's time to un-hardwire its use.
It's _the_ default but switchable now so that images providing
a comprehensive browser can avoid feature duplication.
This one has been asking to be implemented for too long already,
and zerg@ was interested in a bit more lean and mean regular-kde4
either (there are two browsers provided with it via metapackage).
There's another reason to do it recently: Firefox Australis UI
is not exactly the best for many of us, and good ol' seamonkey
seems preferable for "vintage"/low-resource images coming with
icewm or windowmaker.
led-ws kernel flavour has gained kernel-modules-vmware
recently, let's add this to the appropriate targets.
It's used in regular-jeos already but THE_ part was missing.
dm service is set up to autostart when installed anyways,
and explicit `chkconfig dm on' results in it being turned on
at runlevels 2, 3 and 4 too which is really not needed.
Thanks led@ for spotting and reporting this.
cfg.in/README should be explicit regarding
"automatic=method:cdrom" being usable for
flash media too (propagator has been fixed
since 20101130-alt10 or so, and gfxboot is
able to tweak the cmdline having figured
out it's running off the flash either).
It's by no means substitution for proper l10n feature
but forcing users into POSIX locale for recovery ops
is no good at all.
This is basically a fork of live feature's 20-locale,
a font has been changed to save some face though.
VMware specific bits went into use/install2/vmware target,
and all of those targets are worth their use/install2/vmguest
collective one instead of just sticking the kitchen sink into
use/install2/full immediately.
This feature intrinsically depends on predictable
ethernet interface names and makes no sense without
those; so it only seems reasonable to bring this
nice package in, huge thanks go to shaba@ of course.
This value is used to authenticate rescue rootfs image
by verifying the squashfs file's sha256sum before use
(propagator-20140419+).
Looks like this check might be useful for other stage2
images as well but let's get started with this one.
Thanks Maxim Suhanov <suhanov/group-ib.ru> for both
http://www.forensicswiki.org/wiki/Forensic_Live_CD_issues
and propagator patches.
Thanks Maxim Suhanov (suhanov <AT> group-ib.ru,
http://www.forensicswiki.org/wiki/User:.FUF)
for taking the time to review regular-rescue image.
Note that there are more than just filesystems:
arrays, logical volumes and swaps aren't activated either;
startup-rescue >= 0.18 should make that clear enough.
syslinux shortcut handling is case-insensitive,
let's find yet another letter...
A variant of rescue that marks the need to be careful
towards block devices and filesystems thus reducing
the amount of auto-activation done by startup-rescue
(0.17 or newer).
This is a refactored result of Zabbix-related experiments;
we can do a rough zabbix server sketch that still requires
its own setup to go.
NB: both the pkglist and the target are describing several
distinct things actually: zabbix server, zabbix agent,
and the underlying SQL/HTTP/SMTP servers which might get
their own smaller targets some day.
It appears that live feature has been buggy regarding user
groups: its 30-users script would create a predefined account
with fixed supplementry groups list, and even if deflogin feature
got used too it would fail to add any groups to already existing
account since its useradd(8) call would fail.
Let's drop this duplication which has been long overdue anyways.
Thanks dd@ for both reporting the problem and carrying out
initial investigation.
There have been several problems with this feature:
- a typo;
- non-existant GROUPS (even a single one) would block setting
all of the supplementary groups but separately-set 'wheel';
- this feature isn't used much actually so sees no battle testing.
The typo has been just fixed; GROUPS are now applied by iteration
which is less effective but more reliable; an additional script
hook to write down login invitation for the first passwordless
account (if any) has been implemented; and several more group
managing targets have been added (based on live feature's script).
This relates to commit f2892ad3e4
as there's an obvious need to be able to set empty root password
for LiveCDs but previous implementation was very fragile (and is
going to stay that way) -- so clear and separate knob for making
an image defenseless looks better.
Whoops, the very first build of a real distro with gfxboot
has shown that the label isn't picked up there... and things
are actually worse: iso.needscheck gfxboot test seems to look
up "check=1" in sectors where it might have been landing back
then but it's just not there by now; some kludgery is due in
branding-altlinux-sisyphus unfortunately.
No use to hunt make or diff file-by-file.
Well this chroot should have been more lean
in the first place (or a few files in initrd)
but life is short so better use/baby/steps.
This one is quite different already and utility-based name
was pretty clumsy; meet the new feature and retire the old
experimental one.
Please note that quite aggressive cleanups are implemented
within this stage2-based subprofile for the simple reason
that it has a single task to do; nothing else is expected
to be configured into it for that matter.
This functionality asks to be further moved into initrd of course;
adding it there will take a few more decisions to be made, mostly
regarding user interaction in failure scenarios, and it looks like
mkimage will have to be patched in case this doesn't just go into
full.cz under some sort of conditional check.
It's not exactly obvious how install2_size, live_size or rescue_size
get defined since the variable names themselves get constructed;
help git grep these down.
acpid is not enough since power button handling configuration
has been split apart; and tracking this in zillion places is
utterly useless in face of a specially trained power feature.
Just use it.
This one has been missing for quite some time (infiniband modules
should have triggered a commit like this back then), finally there
in very crude and draft form for the starters.
By the time these hooks run the font packages' %post scriptlets
should have fired already; no need to carry the utilities on.
Yes these are bit-by-bit savings. No it's too expensive still.
My gut feeling is that we're not going to see glib2's
messages a lot within installer environment anyways.
And there's a forgotten /usr/share/X11/locale/ too.
An installer needs video playback acceleration
when it has some content to show and some means to;
as long as these are not supported just drop this
unconditionally.
These are only needed for alterator-vm when making
LUKS encrypted partitions; ideally the extra libraries
would be omitted automatically when luks isn't included.
Looks like today's xorg won't autoload radeon_drv but
insists on ati_drv falling back to fbdev if it's not there;
FlightGear runs definitely slow on C-60 APU with that.
I didn't specify ati since it pulls r128 and mach64 modules in
which are rather useless in this context (accelerated 3D graphics).
Looks like nodm doesn't reset the PATH set within
/etc/rc.d/init.d/functions which results in sbin
path components hitting user's PATH; livecd-install
which uses consolehelper was what broke first for me.
And this link should illustrate some of the problems
tackled by this kind of scripts...
Servers can POST much longer so having to play hide and seek
with a boot menu isn't going to be exactly entertaining;
let's bump the delay to something comparable at least.
Thanks hiddenman@ for mentioning the obvious-but-unnoticed.
We don't really want to disable NFS portmapper completely
but having some extra root code listening to the world is
really unneccessary unless explicitly required.
Applying "control rpcbind local", thanks ldv@ for advice.
50-setup-network was a hasty hack (surprise!) that used to do
what net and net-eth features have been created to do since;
just drop the duplicated crufty code.
Unconditional resolver setup isn't done now: those with static
setup are better off doing it explicitly, and those with DHCP
should be fine already.
NB: /etc/hosts *is* fine within setup package *but* hasher will
overwrite it with a copy of host's one; let's reset contents
to initial at least until hasher gets fixed and the fix is
rather deployed in the wild.
There was an extra DISABLED=no line written to interface configurarion
that's been superceded by the subsequently added parametrized one;
just drop it.
Thanks glebfm@ for spotting the garbage.
It conflicts with r8169.ko inobviously.
The whole mess looks like this:
- r8169.ko doesn't work for all of Realtek 8111/8168/8169 mutations
- r8168.ko works with some of the chips r8169.ko doesn't
- r8168.ko also works with many chips r8169.ko works with
- r8169.ko is provided by kernel-image package (thus default)
- r8168.ko is provided by kernel-modules-r8168 package (optional)
- kernel-modules-r8168 package requires r8168-blacklist package
- r8168-blacklist package is a one-liner that blacklists r8169.ko
- STAGE1_KMODULES wouldn't include r8168 (std-def) or rtl8168 (led-ws)
- sub.in/stage1/modules would mention r8168.ko (m-p-d: r8169.ko)
So a LiveCD built with use/kernel/net might work with RTL8111/8110
just fine when booted live but fail to automatically load the module
when installed onto hard drive; manual modprobe r8169 would work though.
NB: some of the chips (those available to me) would work just fine
both ways -- this has contributed to fixing this *that* late.
Bottom line:
do not install backup/kludge drivers overriding main ones by default!
Thanks sem@ for providing the crucial hint.
use/deflogin will result in ROOTPW being exported no matter
is it set or not; xport() can't check before exporting as it
relies on lazy evaluation when the actual ROOTPW value can be
set or modified after exporting GLOBAL_ROOTPW for mkimage.
So let's not even pretent we can differ unset ROOTPW from
empty ROOTPW: both result in empty GLOBAL_ROOTPW as of today.
Fixing this would require moving the exports into a separate
makefile being included after all the configuration and checking
each variable for being defined before exporting the corresponding
GLOBAL_ prefixed one.
Yes this might be a security fix in some cases.
Added use/branding/slideshow/once as one of the uses
albeit the interface is universal; see this page for
more info: http://altlinux.org/branding/slideshow [ru]
The service and initscript have "connmand" name
while the package is called "connman" indeed.
Shame on me; this became apparent
while building regular-e18-sysv.
Defining a one-time variable is useless in this case,
and README should state the undefined ROOTPW status
explicitly (since it's now as advertized, heh).
This change is done to reduce ambiguity in some cases;
the previous intention has been to ease navigation when
staying in a particular directory, now it's been changed
in favour of convenient toplevel `git grep' in fact.
Both variants have their pros and cons, I just find myself
leaning to this one by now hence the commit. Feel free to
provide constructive criticism :)
Some path-related bitrot has also been fixed while at that.
It's required for NFS mounts but having a rescue image listening
to any non-localhost ports is too bad an idea, IMNSHO.
So let's fix this while spotted.
OpenVZ related part is now a reusable use/server/ovz target,
and service related groups which have been largely taken from
rider@'s server-light project are now use/server/groups/base.
The use/x11/nvidia/optimus target will pull the bits required
to operate NVIDIA Optimus GPU scheme which relies on integrated
GPU to actually drive the screen; much thanks to barssc@ for
good walkthrough: http://altlinux.org/optimus
NB: this *will* break if nouveau gets in, YHBW.
"messagebus" service is autostarted since dbus gets in being required
by wpa_supplicant <- alterator-net-wifi <- alterator-net-eth; it is
really not needed in the minimalistic server, let's just turn it off.
"lvm2-lvmetad" service requires setup to be actually useful (#29474).
This is long overdue: services feature influences live
and rescue but doesn't do anything to the installed system
as that's behind the installation barrier; some piggybacking
required to do that has been merged into installer back in
2012 apparently (thanks to boyarsh@ for both doing that and
bringing my attention to this fact; it's 65-setup-services.sh
as of today).
So the only thing missing has been the bridge to prepare
those files -- still some more tweakery is required given the
two-stage process arranged so that reusable configuration could
include some sane defaults but the release manager is ultimately
able to override anything without extra kludges; thank legion@
for his wonderful libshell either.
NB: install2 script is a partial clone of rootfs one since
processing the variables is identical; still rootfs script
has to change service state directly while install2 one
has to deposit the information for installer to handle.
use/live/textinstall target is a base for those images whose
target audience tends to be somewhat more experienced; these
might prefer to just boot off the image instead of having to
perform any extra action like pressing down arrow and enter.
This is also to help msp@'s homeros-*.iso boot immediately.
Actually a copy of 10localboot.cfg with a different name
and sorting order so as to address #26608: there's no possibility
to make a LiveCD image that would boot itself by default if localboot
has been configured in.
It's only a partial solution as it doesn't override 10localboot
in case it's there already but a step in that direction...
A hint regarding livecd-net-eth is due -- as well as
review and cleanup of live, net, net-eth features
involved in configuring that ethernet for a LiveCD.
It's hardwired at 1/10 of the default /etc/net value
since 3 seconds are enough for properly functioning
DHCP servers in properly maintained networks (those
improper ones tend to have problems with 30 seconds
anyways), and waiting for too long makes users feel
bad for a reason.
Thanks msp@ for bringing attention to this.
This package has replaced installer-feature-setup-network-stage3
without declaring that; it appears that installer-distro-altlinux-*
don't require it even if most of the others do.
This is to ensure it's included, at least at the moment.
The initial revision was brilliantly buggy: it is *so* apparent
that cdrom will never be actually used for rw slice that this
has evaded my attention rather completely.
This change tries to force loading the storage driver
for cases when SecureBoot is "helping" the chainloader
to fail, see #29705 for details collected so far.
Of course ahci.ko only does AHCI but that's every storage
controller I've seen on UEFI/SecureBoot systems so far.
Let's put osec tools into installable packages at least
(aiming to shift these into default install probably);
these are worthwile addition to sysadmin's toolbox.
Thanks dobr@ for bringing this up.
This has been spotted and solved manually several times already,
and that's just boring so let's add the ability to state that
X11-based software is not accepted into a particular rescue image.
Not that I would hate X but things like that belong to a carefully
crafted image which includes either X server or reasonable means
to ensure that GUI software can actually be used.
NB: this is a somewhat new entity: test/rescue/no-x11 knob
for an image-script intended to make it blow up the build
when libX11 is found within the chroot that makes up
the rescue image's filesystem.
The interface is not documented intentionally: it will take
some time to find out whether it sticks or is bad enough.
Please do remind/ask if interested in using that.
I don't think we're gonna like plymouth over rescue image
anytime soon, especially when it hides the moment when shell
pops up somewhere under it without startup-rescue caring to
remove the splash.
So let's put that $(INSTALL2_BRANDING) into proper stage2
flavours only and avoid choking on missing plymouth as well.
led@ has different kernel-modules-* package set,
some of those "standard" names are provided but
vbox* is not the case.
As our macros and helpers will grok this just fine,
let's add both variants so what's present gets in.
In these tough times there are no extra resources to waste
for wars or some extra rescue; so it is imperative to provide
some lean and mean help, you know.
IOW a common base has been split out and a more tight rescue
image configuration has been added on top of that so as to
try and fit altlinux-p7-sysv-tde.iso for i586 into CD-R.
I've noted that this bit of code should be fixed up
before pushing but managed to overlook that in the end :(
mkimage version bump is due to the somewhat changed layout
of EFI packages and binaries within those (linked message in Russian):
http://lists.altlinux.org/pipermail/devel-distro/2013-December/001283.html
We chose to provide methods to sign packages but to avoid
signing these by default (with some arbitrary test keys)
the signatures are being added *after* the build by means
of rpmrebuild-pesign; all of this is made significantly
more complicated if there are separate -signed subpackages.
So these are being dropped in the packages; account for that.
Everything is handled within mki-copy-efiboot currently
but it needs an image to process; extracting one from
bootloader branding seems less hassle than forcing it
into every flavour of branding.
The changes in commits gb3e3234 and ga860b17 were actually useless
as rescue+fs list wasn't included into RESCUE_LISTS... and I need
pv(1) for convenient local disk cloning with time estimate.
A bit longer version is: add the script which cares to protect
the interfaces which has been brought up during NFS root bootup
already from being tampered with by NetworkManager so as to avoid
losing network with networked rootfs.
Actually the issue was worse in general: *_PACKAGES
weren't quoted when put into .base thus resulting
in a potentially broken echo command (silent one).
The macro scheme used was overgeneralized; stuffing
quoting differentiation into it was doable but ugly
(unless one is able to pass an unquoted quote sign
as a function's parameter in some elegant manner),
let's just make it straightforward.
BASE_BOOTLOADER must have been set to any of the supported
bootloader names somewhere during configuration; it is not
impossible to avoid this elsewhere so let's put a guardian
script which will stop the build which is known to result
in a broken image.
sub/main subprofile should not be requested directly
as documented in its README but rather via use/repo/main;
let's fix this discrepancy and check that no regressions
come hurling down.
- speech-ru and speech-en features are added;
- speech-related things removed from homeros features;
- speech/ directory for package lists added and other corresponding changes.
Networking is *not* brought up by these rescue images
by default, one is expected to know enough to do that
by hand if needed; still there's no harm to have apt
preconfigured so that it would be operational then.
There are various bootloaders around there and some of them
are supported in ALT Linux; let's provide all the mainstream
ones so that knowledgeable root@ has every tool needed for
most situations needing bootloader repairs.
These might require particular knowledge or special boot mode
(like EFI ones).
Being able to handle [compressed] archives of all kinds
tends to be pretty instrumental in rescue operations,
and some backup system clients won't hurt either.
Some ancient Serial words like "minicom" still come handy
at times too.
Comments, constructive criticism and proposals are welcome.
Let's ensure that make-initrd-luks gets to the base install
until installer is tweaked to enable in-flight installation
of options like this.
Adding luks to stage1 [make-initrd] features makes no sense
on the other hand (and it wasn't happening anyways due to
the lack of add_feature function call in config.mk as was
accidentally spotted).
And putting luks packages into an installer image lacking
the reference to alterator-luks isn't that sensible, let's
complain to logs at the very least (this isn't going to hit
the default output though).
"prompt" and subsequent first "label" were not separated
in any way while second "label" and forth were; let's make
the resulting isolinux.cfg a tiny bit more pretty.
This is to avoid NM messing with network interface
involved in NFS root filesystem being operational
(see alterator-netinst); thanks sem@ for the hint.
alterator-netinst currently relies on "default"
being specified explicitly; it's wrong and it should
cope with the first "label" clause as well but we're
better off being strict to this script, not that one.
This commit should be no-op regarding syslinux itself.
