IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Looks like nodm doesn't reset the PATH set within
/etc/rc.d/init.d/functions which results in sbin
path components hitting user's PATH; livecd-install
which uses consolehelper was what broke first for me.
And this link should illustrate some of the problems
tackled by this kind of scripts...
Servers can POST much longer so having to play hide and seek
with a boot menu isn't going to be exactly entertaining;
let's bump the delay to something comparable at least.
Thanks hiddenman@ for mentioning the obvious-but-unnoticed.
We don't really want to disable NFS portmapper completely
but having some extra root code listening to the world is
really unneccessary unless explicitly required.
Applying "control rpcbind local", thanks ldv@ for advice.
50-setup-network was a hasty hack (surprise!) that used to do
what net and net-eth features have been created to do since;
just drop the duplicated crufty code.
Unconditional resolver setup isn't done now: those with static
setup are better off doing it explicitly, and those with DHCP
should be fine already.
NB: /etc/hosts *is* fine within setup package *but* hasher will
overwrite it with a copy of host's one; let's reset contents
to initial at least until hasher gets fixed and the fix is
rather deployed in the wild.
There was an extra DISABLED=no line written to interface configurarion
that's been superceded by the subsequently added parametrized one;
just drop it.
Thanks glebfm@ for spotting the garbage.
It conflicts with r8169.ko inobviously.
The whole mess looks like this:
- r8169.ko doesn't work for all of Realtek 8111/8168/8169 mutations
- r8168.ko works with some of the chips r8169.ko doesn't
- r8168.ko also works with many chips r8169.ko works with
- r8169.ko is provided by kernel-image package (thus default)
- r8168.ko is provided by kernel-modules-r8168 package (optional)
- kernel-modules-r8168 package requires r8168-blacklist package
- r8168-blacklist package is a one-liner that blacklists r8169.ko
- STAGE1_KMODULES wouldn't include r8168 (std-def) or rtl8168 (led-ws)
- sub.in/stage1/modules would mention r8168.ko (m-p-d: r8169.ko)
So a LiveCD built with use/kernel/net might work with RTL8111/8110
just fine when booted live but fail to automatically load the module
when installed onto hard drive; manual modprobe r8169 would work though.
NB: some of the chips (those available to me) would work just fine
both ways -- this has contributed to fixing this *that* late.
Bottom line:
do not install backup/kludge drivers overriding main ones by default!
Thanks sem@ for providing the crucial hint.
use/deflogin will result in ROOTPW being exported no matter
is it set or not; xport() can't check before exporting as it
relies on lazy evaluation when the actual ROOTPW value can be
set or modified after exporting GLOBAL_ROOTPW for mkimage.
So let's not even pretent we can differ unset ROOTPW from
empty ROOTPW: both result in empty GLOBAL_ROOTPW as of today.
Fixing this would require moving the exports into a separate
makefile being included after all the configuration and checking
each variable for being defined before exporting the corresponding
GLOBAL_ prefixed one.
Yes this might be a security fix in some cases.
Added use/branding/slideshow/once as one of the uses
albeit the interface is universal; see this page for
more info: http://altlinux.org/branding/slideshow [ru]
The service and initscript have "connmand" name
while the package is called "connman" indeed.
Shame on me; this became apparent
while building regular-e18-sysv.
Defining a one-time variable is useless in this case,
and README should state the undefined ROOTPW status
explicitly (since it's now as advertized, heh).
This change is done to reduce ambiguity in some cases;
the previous intention has been to ease navigation when
staying in a particular directory, now it's been changed
in favour of convenient toplevel `git grep' in fact.
Both variants have their pros and cons, I just find myself
leaning to this one by now hence the commit. Feel free to
provide constructive criticism :)
Some path-related bitrot has also been fixed while at that.
It's required for NFS mounts but having a rescue image listening
to any non-localhost ports is too bad an idea, IMNSHO.
So let's fix this while spotted.
OpenVZ related part is now a reusable use/server/ovz target,
and service related groups which have been largely taken from
rider@'s server-light project are now use/server/groups/base.
The use/x11/nvidia/optimus target will pull the bits required
to operate NVIDIA Optimus GPU scheme which relies on integrated
GPU to actually drive the screen; much thanks to barssc@ for
good walkthrough: http://altlinux.org/optimus
NB: this *will* break if nouveau gets in, YHBW.
"messagebus" service is autostarted since dbus gets in being required
by wpa_supplicant <- alterator-net-wifi <- alterator-net-eth; it is
really not needed in the minimalistic server, let's just turn it off.
"lvm2-lvmetad" service requires setup to be actually useful (#29474).
This is long overdue: services feature influences live
and rescue but doesn't do anything to the installed system
as that's behind the installation barrier; some piggybacking
required to do that has been merged into installer back in
2012 apparently (thanks to boyarsh@ for both doing that and
bringing my attention to this fact; it's 65-setup-services.sh
as of today).
So the only thing missing has been the bridge to prepare
those files -- still some more tweakery is required given the
two-stage process arranged so that reusable configuration could
include some sane defaults but the release manager is ultimately
able to override anything without extra kludges; thank legion@
for his wonderful libshell either.
NB: install2 script is a partial clone of rootfs one since
processing the variables is identical; still rootfs script
has to change service state directly while install2 one
has to deposit the information for installer to handle.
use/live/textinstall target is a base for those images whose
target audience tends to be somewhat more experienced; these
might prefer to just boot off the image instead of having to
perform any extra action like pressing down arrow and enter.
This is also to help msp@'s homeros-*.iso boot immediately.
Actually a copy of 10localboot.cfg with a different name
and sorting order so as to address #26608: there's no possibility
to make a LiveCD image that would boot itself by default if localboot
has been configured in.
It's only a partial solution as it doesn't override 10localboot
in case it's there already but a step in that direction...
A hint regarding livecd-net-eth is due -- as well as
review and cleanup of live, net, net-eth features
involved in configuring that ethernet for a LiveCD.
It's hardwired at 1/10 of the default /etc/net value
since 3 seconds are enough for properly functioning
DHCP servers in properly maintained networks (those
improper ones tend to have problems with 30 seconds
anyways), and waiting for too long makes users feel
bad for a reason.
Thanks msp@ for bringing attention to this.
This package has replaced installer-feature-setup-network-stage3
without declaring that; it appears that installer-distro-altlinux-*
don't require it even if most of the others do.
This is to ensure it's included, at least at the moment.
The initial revision was brilliantly buggy: it is *so* apparent
that cdrom will never be actually used for rw slice that this
has evaded my attention rather completely.
This change tries to force loading the storage driver
for cases when SecureBoot is "helping" the chainloader
to fail, see #29705 for details collected so far.
Of course ahci.ko only does AHCI but that's every storage
controller I've seen on UEFI/SecureBoot systems so far.
Let's put osec tools into installable packages at least
(aiming to shift these into default install probably);
these are worthwile addition to sysadmin's toolbox.
Thanks dobr@ for bringing this up.
This has been spotted and solved manually several times already,
and that's just boring so let's add the ability to state that
X11-based software is not accepted into a particular rescue image.
Not that I would hate X but things like that belong to a carefully
crafted image which includes either X server or reasonable means
to ensure that GUI software can actually be used.
NB: this is a somewhat new entity: test/rescue/no-x11 knob
for an image-script intended to make it blow up the build
when libX11 is found within the chroot that makes up
the rescue image's filesystem.
The interface is not documented intentionally: it will take
some time to find out whether it sticks or is bad enough.
Please do remind/ask if interested in using that.
I don't think we're gonna like plymouth over rescue image
anytime soon, especially when it hides the moment when shell
pops up somewhere under it without startup-rescue caring to
remove the splash.
So let's put that $(INSTALL2_BRANDING) into proper stage2
flavours only and avoid choking on missing plymouth as well.
led@ has different kernel-modules-* package set,
some of those "standard" names are provided but
vbox* is not the case.
As our macros and helpers will grok this just fine,
let's add both variants so what's present gets in.
In these tough times there are no extra resources to waste
for wars or some extra rescue; so it is imperative to provide
some lean and mean help, you know.
IOW a common base has been split out and a more tight rescue
image configuration has been added on top of that so as to
try and fit altlinux-p7-sysv-tde.iso for i586 into CD-R.
I've noted that this bit of code should be fixed up
before pushing but managed to overlook that in the end :(
mkimage version bump is due to the somewhat changed layout
of EFI packages and binaries within those (linked message in Russian):
http://lists.altlinux.org/pipermail/devel-distro/2013-December/001283.html
We chose to provide methods to sign packages but to avoid
signing these by default (with some arbitrary test keys)
the signatures are being added *after* the build by means
of rpmrebuild-pesign; all of this is made significantly
more complicated if there are separate -signed subpackages.
So these are being dropped in the packages; account for that.
Everything is handled within mki-copy-efiboot currently
but it needs an image to process; extracting one from
bootloader branding seems less hassle than forcing it
into every flavour of branding.
The changes in commits gb3e3234 and ga860b17 were actually useless
as rescue+fs list wasn't included into RESCUE_LISTS... and I need
pv(1) for convenient local disk cloning with time estimate.
A bit longer version is: add the script which cares to protect
the interfaces which has been brought up during NFS root bootup
already from being tampered with by NetworkManager so as to avoid
losing network with networked rootfs.
Actually the issue was worse in general: *_PACKAGES
weren't quoted when put into .base thus resulting
in a potentially broken echo command (silent one).
The macro scheme used was overgeneralized; stuffing
quoting differentiation into it was doable but ugly
(unless one is able to pass an unquoted quote sign
as a function's parameter in some elegant manner),
let's just make it straightforward.
BASE_BOOTLOADER must have been set to any of the supported
bootloader names somewhere during configuration; it is not
impossible to avoid this elsewhere so let's put a guardian
script which will stop the build which is known to result
in a broken image.
sub/main subprofile should not be requested directly
as documented in its README but rather via use/repo/main;
let's fix this discrepancy and check that no regressions
come hurling down.