From eee2febc3d3176fbc85c05b9a37ec13b55a18c4a Mon Sep 17 00:00:00 2001 From: Skip Grube Date: Wed, 6 Jul 2022 15:59:06 +0000 Subject: [PATCH] Updated kickstart, added tech issues synopsis - Re-added selinux in kickstart (building on EL9 now) - Changed bootstrap rpi9 package location - Added a document explaining technical hurdles to building the 9 image -Skip G. --- Rocky9_Rpi.ks | 7 ++--- TECH_ISSUES | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+), 4 deletions(-) create mode 100644 TECH_ISSUES diff --git a/Rocky9_Rpi.ks b/Rocky9_Rpi.ks index eb80b23..b36a75e 100644 --- a/Rocky9_Rpi.ks +++ b/Rocky9_Rpi.ks @@ -16,7 +16,7 @@ part / --asprimary --fstype=ext4 --size=2800 --label=RPIROOT repo --name="BaseOS" --baseurl=http://download.rockylinux.org/stg/rocky/9/BaseOS/aarch64/os/ --cost=100 repo --name="AppStream" --baseurl=http://download.rockylinux.org/stg/rocky/9/AppStream/aarch64/os/ --cost=200 --install repo --name="PowerTools" --baseurl=http://download.rockylinux.org/stg/rocky/9/BaseOS/aarch64/os/ --cost=300 --install -repo --name="rockyrpi" --baseurl=https://bootstrap9.releng.rockylinux.org/RockyRpi_9_Test/rpi_repo/ --cost=50 --install +repo --name="rockyrpi" --baseurl=https://bootstrap9.releng.rockylinux.org/RockyRpi/9_package/ --cost=50 --install #--baseurl=https://download.rockylinux.org/pub/rocky/8/rockyrpi/aarch64/os/ --cost=100 --install @@ -26,14 +26,13 @@ repo --name="rockyrpi" --baseurl=https://bootstrap9.releng.rockylinux.org/Rocky -# Install proces: -install +# Install process: keyboard us --xlayouts=us --vckeymap=us rootpw --lock # FIXME user creation here does not work ? # user --name="rocky" --password="rockylinux" --plaintext --gecos="Rocky default user" --groups=wheel --uid=1000 timezone --isUtc --nontp UTC -selinux --disabled +selinux --enforcing firewall --enabled --port=22:tcp network --bootproto=dhcp --device=link --activate --onboot=on services --enabled=sshd,NetworkManager,chronyd diff --git a/TECH_ISSUES b/TECH_ISSUES new file mode 100644 index 0000000..f7783b4 --- /dev/null +++ b/TECH_ISSUES @@ -0,0 +1,84 @@ +List of technical issues encountered in building the Rocky 9 Raspberry Pi image, and how they were overcome: + + +### +1) +SELinux file label issues during image create: + +When SELinux is enforcing in the image, it attempts to label files as the kickstart is running. +Unfortunately, if building an EL9 image on an EL8 kernel + host system, there will be incompatibilities with the labels on the SELinux implementations, which causes the errors. + +SOLUTION: Build the image on an EL9 or equivalent Fedora host, or disable SELinux in the kickstart (it can be turned on later in the image, but there is a relabel process to go through) + + + + +### +2) +RPMDB + libdnf issues: + +When trying to install new packages, you get repeated warnings from DNF saying "warning: Found bdb Packages database while attempting sqlite backend: using bdb backend." +It also prevents the import of RPM GPG keys, which effectively means no package installs. + +Similar to this: +https://bugzilla.redhat.com/show_bug.cgi?id=1836108 + + +SOLUTION: Build the image on an EL9 host, OR run "rpmdb --rebuilddb" at the end of %post in kickstart, or on the Raspberry Pi itself. + + + + +### +3) +RPi Broadcom Wifi Issue + +Since Fedora 34(?), the linux-firmware package has all of its artifacts xz-compressed in order to save space. +This breaks the Raspberry Pi wifi driver, as the firmware file locations are hard-coded, and will not use the .xz files. + + +SOLUTION: +As a workaround, a script is included in the rocky-rpi-release package which copies the firmware .xz files, extracts them, and puts them back in the proper directory (alongside the original .xz files). +The script (fix-wifi-rpi.sh) is run during the kickstart to fix wireless, and can be run by root at any time. +The files in question live in /lib/firmware/brcm/. + +A better, non-workaround solution will require more research - likely a rpi-kernel patch. + + + + + +### +4) +DNF/Appliance Creator Unmount issues: + +When finishing image creation, the host machine's DNF can "hang" on to open files, causing the various unmounts at the end of the process to fail, and thus the whole image process. + +The errors vary in their locations, but look like this: + + umount: /var/tmp/imgcreate-e84ozsji/install_root/sys/fs/selinux/load: not mounted. + Traceback (most recent call last): + File "/usr/bin/livecd-creator", line 265, in + sys.exit(main()) + + +Livecd-Tools Bug Report and discussion: https://github.com/livecd-tools/livecd-tools/issues/232 +Related RH Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2087734 +LibDNF patch: https://github.com/rpm-software-management/dnf/commit/5ce5ed1ea08ad6e198c1c1642c4d9ea2db6eab86 + + +SOLUTION: + +A simple patch needs to be applied to the HOST system's libdnf base.py (ex: /usr/lib/python3.9/site-packages/dnf/base.py ) +The patch is here: https://github.com/rpm-software-management/dnf/commit/5ce5ed1ea08ad6e198c1c1642c4d9ea2db6eab86 + + Basically: "import gc" (at the top) + + and at the bottom of the reset() method: + + if sack and goal: + gc.collect() + + +This fixes the hanging file handle/unmount issue +