forked from sig_core/kickstarts
Compare commits
6 Commits
feature/va
...
main
Author | SHA1 | Date | |
---|---|---|---|
66fc8973c8 | |||
cf497cfa4a | |||
|
f8944afe45 | ||
|
1e549191f5 | ||
|
3627fbd889 | ||
|
9610552181 |
22
README.md
Normal file
22
README.md
Normal file
@ -0,0 +1,22 @@
|
||||
**Note**: This repository is mirrored at the [RESF Git Service](https://git.resf.org/sig_core/kickstarts)
|
||||
and [Rocky Linux GitHub](https://github.com/rocky-linux/kickstarts)
|
||||
|
||||
This is the kickstarts repository for Rocky Linux. These kickstarts help us
|
||||
make a variety of images, such as:
|
||||
|
||||
* Live images (eg GNOME/Workstation, XFCE, KDE)
|
||||
* Cloud Images (eg EC2, GenericCloud for OpenStack, Azure)
|
||||
* Various container images
|
||||
|
||||
Each major version gets their own separate branch or branches, depending on the
|
||||
nature of the images and where development is for Rocky Linux.
|
||||
|
||||
If you find that there is an error with a kickstart, there are problems with
|
||||
the images produced from these kickstarts, or you have suggestions to fix
|
||||
them, please open an issue. You can open an issue or PR at both the
|
||||
[RESF Git Service](https://git.resf.org/sig_core/kickstarts) or at our
|
||||
[GitHub Organization](https://github.com/rocky-linux/kickstarts)
|
||||
|
||||
When opening a PR, please ensure it is against the correct branch.
|
||||
|
||||
-Release Engineering
|
@ -1,90 +0,0 @@
|
||||
# This is a minimal Rocky kickstart designed for docker.
|
||||
# It will not produce a bootable system
|
||||
# To use this kickstart, run the following command
|
||||
# livemedia-creator --make-tar \
|
||||
# --iso=/path/to/boot.iso \
|
||||
# --ks=rocky-8.ks \
|
||||
# --image-name=rocky-root.tar.xz
|
||||
#
|
||||
|
||||
# Basic setup information
|
||||
text
|
||||
keyboard us
|
||||
rootpw --lock --iscrypted locked
|
||||
timezone --isUtc --nontp UTC
|
||||
selinux --enforcing
|
||||
firewall --disabled
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
shutdown
|
||||
bootloader --disable
|
||||
lang en_US.UTF-8
|
||||
|
||||
|
||||
# Disk setup
|
||||
zerombr
|
||||
clearpart --all --initlabel
|
||||
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
|
||||
|
||||
# Package setup
|
||||
%packages --excludedocs --instLangs=en --nocore --excludeWeakdeps
|
||||
rocky-release
|
||||
binutils
|
||||
-brotli
|
||||
bash
|
||||
hostname
|
||||
rootfiles
|
||||
coreutils-single
|
||||
glibc-minimal-langpack
|
||||
vim-minimal
|
||||
less
|
||||
-gettext*
|
||||
-firewalld
|
||||
-os-prober*
|
||||
tar
|
||||
-iptables
|
||||
iputils
|
||||
-kernel
|
||||
-dosfstools
|
||||
-e2fsprogs
|
||||
-fuse-libs
|
||||
-gnupg2-smime
|
||||
-libss
|
||||
-pinentry
|
||||
-shared-mime-info
|
||||
-trousers
|
||||
-xkeyboard-config
|
||||
-xfsprogs
|
||||
-qemu-guest-agent
|
||||
yum
|
||||
-grub\*
|
||||
|
||||
%end
|
||||
|
||||
%post --erroronfail --log=/root/anaconda-post.log
|
||||
# container customizations inside the chroot
|
||||
|
||||
echo 'container' > /etc/dnf/vars/infra
|
||||
|
||||
#Generate installtime file record
|
||||
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
|
||||
|
||||
# Limit languages to help reduce size.
|
||||
LANG="en_US"
|
||||
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
|
||||
|
||||
|
||||
# systemd fixes
|
||||
:> /etc/machine-id
|
||||
umount /run
|
||||
systemd-tmpfiles --create --boot
|
||||
# mask mounts and login bits
|
||||
systemctl mask systemd-logind.service getty.target console-getty.service sys-fs-fuse-connections.mount systemd-remount-fs.service dev-hugepages.mount
|
||||
|
||||
# Remove things we don't need
|
||||
rm -f /etc/udev/hwdb.bin
|
||||
rm -rf /usr/lib/udev/hwdb.d/
|
||||
rm -rf /boot
|
||||
rm -rf /var/lib/dnf/history.*
|
||||
|
||||
|
||||
%end
|
221
Rocky-8-EC2.ks
221
Rocky-8-EC2.ks
@ -1,221 +0,0 @@
|
||||
text
|
||||
auth --enableshadow --passalgo=sha512
|
||||
shutdown
|
||||
firewall --enabled --service=ssh
|
||||
firstboot --disable
|
||||
keyboard us
|
||||
# System language
|
||||
lang en_US.UTF-8
|
||||
# Network information
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
network --hostname=localhost.localdomain
|
||||
# Root password
|
||||
rootpw --iscrypted thereisnopasswordanditslocked
|
||||
selinux --enforcing
|
||||
services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
|
||||
timezone UTC --isUtc
|
||||
# Disk
|
||||
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10" --location=mbr --timeout=1 --boot-drive=vda
|
||||
zerombr
|
||||
clearpart --all --initlabel
|
||||
reqpart
|
||||
part / --fstype="xfs" --ondisk=vda --size=7950
|
||||
|
||||
%pre --erroronfail
|
||||
/usr/sbin/parted -s /dev/vda mklabel gpt
|
||||
%end
|
||||
|
||||
%post --erroronfail
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
# pvgrub support
|
||||
echo -n "Creating grub.conf for pvgrub"
|
||||
rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab )
|
||||
mkdir /boot/grub
|
||||
echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
|
||||
for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do
|
||||
echo "title Rocky Linux 8 ($kv)" >> /boot/grub/grub.conf
|
||||
echo -e "\troot (hd0)" >> /boot/grub/grub.conf
|
||||
echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
|
||||
echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
|
||||
echo
|
||||
done
|
||||
ln -sf grub.conf /boot/grub/menu.lst
|
||||
ln -sf /boot/grub/grub.conf /etc/grub.conf
|
||||
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||
# we don't want to be tied to specific virtual (!) hardware
|
||||
rm -f /etc/udev/rules.d/70*
|
||||
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||
|
||||
# simple eth0 config, again not hard-coded to the build hardware
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
USERCTL="yes"
|
||||
PEERDNS="yes"
|
||||
IPV6INIT="no"
|
||||
PERSISTENT_DHCLIENT="1"
|
||||
EOF
|
||||
|
||||
echo "virtual-guest" > /etc/tuned/active_profile
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
systemctl mask tmp.mount
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
# make sure firstboot doesn't start
|
||||
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||
|
||||
# rocky cloud user
|
||||
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||
|
||||
dnf clean all
|
||||
|
||||
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||
echo 'ec2' > /etc/yum/vars/infra
|
||||
|
||||
# change dhcp client retry/timeouts to resolve #6866
|
||||
cat >> /etc/dhcp/dhclient.conf << EOF
|
||||
|
||||
timeout 300;
|
||||
retry 60;
|
||||
EOF
|
||||
|
||||
|
||||
rm -rf /var/log/yum.log
|
||||
rm -rf /var/lib/yum/*
|
||||
rm -rf /root/install.log
|
||||
rm -rf /root/install.log.syslog
|
||||
rm -rf /root/anaconda-ks.cfg
|
||||
rm -rf /var/log/anaconda*
|
||||
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
|
||||
cat /dev/null > /etc/machine-id
|
||||
|
||||
echo "Fixing SELinux contexts."
|
||||
touch /var/log/cron
|
||||
touch /var/log/boot.log
|
||||
mkdir -p /var/cache/yum
|
||||
/usr/sbin/fixfiles -R -a restore
|
||||
|
||||
# remove these for ec2 debugging
|
||||
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
|
||||
|
||||
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
|
||||
blacklist nouveau
|
||||
EOL
|
||||
|
||||
# enable resizing on copied AMIs
|
||||
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
|
||||
|
||||
echo 'add_drivers+="xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
|
||||
# Rerun dracut for the installed kernel (not the running kernel):
|
||||
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
|
||||
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
|
||||
|
||||
|
||||
# reorder console entries
|
||||
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
|
||||
|
||||
true
|
||||
|
||||
%end
|
||||
|
||||
%packages
|
||||
@core
|
||||
chrony
|
||||
dnf
|
||||
yum
|
||||
cloud-init
|
||||
cloud-utils-growpart
|
||||
NetworkManager
|
||||
dracut-config-generic
|
||||
dracut-norescue
|
||||
firewalld
|
||||
gdisk
|
||||
grub2
|
||||
kernel
|
||||
nfs-utils
|
||||
rsync
|
||||
tar
|
||||
dnf-utils
|
||||
yum-utils
|
||||
-aic94xx-firmware
|
||||
-alsa-firmware
|
||||
-alsa-lib
|
||||
-alsa-tools-firmware
|
||||
-ivtv-firmware
|
||||
-iwl100-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6000g2b-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
-libertas-sd8686-firmware
|
||||
-libertas-sd8787-firmware
|
||||
-libertas-usb8388-firmware
|
||||
-biosdevname
|
||||
-iprutils
|
||||
-plymouth
|
||||
|
||||
python3-jsonschema
|
||||
qemu-guest-agent
|
||||
dhcp-client
|
||||
cockpit-ws
|
||||
cockpit-system
|
||||
-langpacks-*
|
||||
-langpacks-en
|
||||
|
||||
rocky-release
|
||||
rng-tools
|
||||
%end
|
@ -1,205 +0,0 @@
|
||||
text
|
||||
auth --enableshadow --passalgo=sha512
|
||||
shutdown
|
||||
firewall --enabled --service=ssh
|
||||
firstboot --disable
|
||||
ignoredisk --only-use=vda
|
||||
keyboard us
|
||||
# System language
|
||||
lang en_US.UTF-8
|
||||
# Network information
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
network --hostname=localhost.localdomain
|
||||
# Root password
|
||||
rootpw --iscrypted thereisnopasswordanditslocked
|
||||
selinux --enforcing
|
||||
services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
|
||||
timezone UTC --isUtc
|
||||
# Disk
|
||||
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1 --boot-drive=vda
|
||||
zerombr
|
||||
clearpart --all --initlabel
|
||||
reqpart
|
||||
part / --fstype="xfs" --ondisk=vda --size=8000
|
||||
|
||||
%post --erroronfail
|
||||
passwd -d root
|
||||
passwd -l root
|
||||
|
||||
# pvgrub support
|
||||
echo -n "Creating grub.conf for pvgrub"
|
||||
rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab )
|
||||
mkdir /boot/grub
|
||||
echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
|
||||
for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do
|
||||
echo "title Rocky Linux 8 ($kv)" >> /boot/grub/grub.conf
|
||||
echo -e "\troot (hd0)" >> /boot/grub/grub.conf
|
||||
echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
|
||||
echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
|
||||
echo
|
||||
done
|
||||
ln -sf grub.conf /boot/grub/menu.lst
|
||||
ln -sf /boot/grub/grub.conf /etc/grub.conf
|
||||
|
||||
# setup systemd to boot to the right runlevel
|
||||
rm -f /etc/systemd/system/default.target
|
||||
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
echo .
|
||||
|
||||
dnf -C -y remove linux-firmware
|
||||
|
||||
# Remove firewalld; it is required to be present for install/image building.
|
||||
# but we dont ship it in cloud
|
||||
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
|
||||
dnf -C -y remove avahi\*
|
||||
sed -i '/^#NAutoVTs=.*/ a\
|
||||
NAutoVTs=0' /etc/systemd/logind.conf
|
||||
|
||||
cat > /etc/sysconfig/network << EOF
|
||||
NETWORKING=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
# Remove build-time resolvers to fix #16948
|
||||
echo > /etc/resolv.conf
|
||||
|
||||
# For cloud images, 'eth0' _is_ the predictable device name, since
|
||||
# we don't want to be tied to specific virtual (!) hardware
|
||||
rm -f /etc/udev/rules.d/70*
|
||||
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
|
||||
|
||||
# simple eth0 config, again not hard-coded to the build hardware
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
USERCTL="yes"
|
||||
PEERDNS="yes"
|
||||
IPV6INIT="no"
|
||||
PERSISTENT_DHCLIENT="1"
|
||||
EOF
|
||||
|
||||
echo "virtual-guest" > /etc/tuned/active_profile
|
||||
|
||||
# generic localhost names
|
||||
cat > /etc/hosts << EOF
|
||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
|
||||
EOF
|
||||
echo .
|
||||
|
||||
systemctl mask tmp.mount
|
||||
|
||||
cat <<EOL > /etc/sysconfig/kernel
|
||||
# UPDATEDEFAULT specifies if new-kernel-pkg should make
|
||||
# new kernels the default
|
||||
UPDATEDEFAULT=yes
|
||||
|
||||
# DEFAULTKERNEL specifies the default kernel package type
|
||||
DEFAULTKERNEL=kernel
|
||||
EOL
|
||||
|
||||
# make sure firstboot doesn't start
|
||||
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
|
||||
|
||||
# rocky cloud user
|
||||
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
|
||||
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
|
||||
|
||||
dnf clean all
|
||||
|
||||
# XXX instance type markers - MUST match Rocky Infra expectation
|
||||
echo 'genclo' > /etc/yum/vars/infra
|
||||
|
||||
# change dhcp client retry/timeouts to resolve #6866
|
||||
cat >> /etc/dhcp/dhclient.conf << EOF
|
||||
|
||||
timeout 300;
|
||||
retry 60;
|
||||
EOF
|
||||
|
||||
|
||||
rm -rf /var/log/yum.log
|
||||
rm -rf /var/lib/yum/*
|
||||
rm -rf /root/install.log
|
||||
rm -rf /root/install.log.syslog
|
||||
rm -rf /root/anaconda-ks.cfg
|
||||
rm -rf /var/log/anaconda*
|
||||
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
|
||||
cat /dev/null > /etc/machine-id
|
||||
|
||||
echo "Fixing SELinux contexts."
|
||||
touch /var/log/cron
|
||||
touch /var/log/boot.log
|
||||
mkdir -p /var/cache/yum
|
||||
/usr/sbin/fixfiles -R -a restore
|
||||
|
||||
# reorder console entries
|
||||
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
|
||||
|
||||
true
|
||||
|
||||
%end
|
||||
|
||||
%packages
|
||||
@core
|
||||
chrony
|
||||
dnf
|
||||
yum
|
||||
cloud-init
|
||||
cloud-utils-growpart
|
||||
NetworkManager
|
||||
dracut-config-generic
|
||||
dracut-norescue
|
||||
firewalld
|
||||
gdisk
|
||||
grub2
|
||||
kernel
|
||||
nfs-utils
|
||||
rsync
|
||||
tar
|
||||
dnf-utils
|
||||
yum-utils
|
||||
-aic94xx-firmware
|
||||
-alsa-firmware
|
||||
-alsa-lib
|
||||
-alsa-tools-firmware
|
||||
-ivtv-firmware
|
||||
-iwl100-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6000g2b-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
-libertas-sd8686-firmware
|
||||
-libertas-sd8787-firmware
|
||||
-libertas-usb8388-firmware
|
||||
-biosdevname
|
||||
-iprutils
|
||||
-plymouth
|
||||
|
||||
python3-jsonschema
|
||||
qemu-guest-agent
|
||||
dhcp-client
|
||||
cockpit-ws
|
||||
cockpit-system
|
||||
-langpacks-*
|
||||
-langpacks-en
|
||||
|
||||
rocky-release
|
||||
rng-tools
|
||||
%end
|
@ -1,148 +0,0 @@
|
||||
url --url=http://dl.rockylinux.org/pub/rocky/8/BaseOS/x86_64/os
|
||||
repo --name=AppStream --baseurl=http://dl.rockylinux.org/pub/rocky/8/AppStream/x86_64/os
|
||||
text
|
||||
keyboard --vckeymap us
|
||||
lang en_US
|
||||
skipx
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
rootpw --plaintext vagrant
|
||||
firewall --disabled
|
||||
timezone --utc UTC
|
||||
services --enabled=vmtoolsd
|
||||
# The biosdevname and ifnames options ensure we get "eth0" as our interface
|
||||
# even in environments like virtualbox that emulate a real NW card
|
||||
bootloader --timeout=1 --append="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop"
|
||||
zerombr
|
||||
clearpart --all --initlabel
|
||||
part / --fstype=xfs --asprimary --size=1024 --grow
|
||||
|
||||
user --name=vagrant --plaintext --password=vagrant
|
||||
|
||||
reboot
|
||||
|
||||
%packages --instLangs=en
|
||||
bash-completion
|
||||
man-pages
|
||||
bzip2
|
||||
rsync
|
||||
nfs-utils
|
||||
cifs-utils
|
||||
chrony
|
||||
yum-utils
|
||||
hyperv-daemons
|
||||
open-vm-tools
|
||||
# Vagrant boxes aren't normally visible, no need for Plymouth
|
||||
-plymouth
|
||||
# Microcode updates cannot work in a VM
|
||||
-microcode_ctl
|
||||
# Firmware packages are not needed in a VM
|
||||
-iwl100-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
# Don't build rescue initramfs
|
||||
-dracut-config-rescue
|
||||
%end
|
||||
|
||||
# kdump needs to reserve 160MB + 2bits/4kB RAM, and automatic allocation only
|
||||
# works on systems with at least 2GB RAM (which excludes most Vagrant boxes)
|
||||
# CBS doesn't support %addon yet https://bugs.centos.org/view.php?id=12169
|
||||
%addon com_redhat_kdump --disable
|
||||
%end
|
||||
|
||||
%post
|
||||
# configure swap to a file
|
||||
fallocate -l 2G /swapfile
|
||||
chmod 600 /swapfile
|
||||
mkswap /swapfile
|
||||
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
|
||||
|
||||
# sudo
|
||||
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
|
||||
chmod 0440 /etc/sudoers.d/vagrant
|
||||
|
||||
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
PERSISTENT_DHCLIENT="yes"
|
||||
EOF
|
||||
|
||||
# sshd: disable password authentication and DNS checks
|
||||
# for virtualbox we're disabling it after provisioning
|
||||
|
||||
# Decrease connection time by preventing reverse DNS lookups
|
||||
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
|
||||
# and man sshd for more information)
|
||||
OPTIONS="-u0"
|
||||
EOF
|
||||
|
||||
# Default insecure vagrant key
|
||||
mkdir -m 0700 -p /home/vagrant/.ssh
|
||||
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
|
||||
chmod 600 /home/vagrant/.ssh/authorized_keys
|
||||
chown -R vagrant:vagrant /home/vagrant/.ssh
|
||||
|
||||
# Fix for issue #76, regular users can gain admin privileges via su
|
||||
ex -s /etc/pam.d/su <<'EOF'
|
||||
# allow vagrant to use su, but prevent others from becoming root or vagrant
|
||||
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
|
||||
:append
|
||||
account [success=1 default=ignore] \\
|
||||
pam_succeed_if.so user = vagrant use_uid quiet
|
||||
account required pam_succeed_if.so user notin root:vagrant
|
||||
.
|
||||
:update
|
||||
:quit
|
||||
EOF
|
||||
|
||||
# systemd should generate a new machine id during the first boot, to
|
||||
# avoid having multiple Vagrant instances with the same id in the local
|
||||
# network. /etc/machine-id should be empty, but it must exist to prevent
|
||||
# boot errors (e.g. systemd-journald failing to start).
|
||||
:>/etc/machine-id
|
||||
|
||||
echo 'vag' > /etc/yum/vars/infra
|
||||
|
||||
# Blacklist the floppy module to avoid probing timeouts
|
||||
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
|
||||
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
|
||||
|
||||
# Customize the initramfs
|
||||
pushd /etc/dracut.conf.d
|
||||
# Enable VMware PVSCSI support for VMware Fusion guests.
|
||||
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
|
||||
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
|
||||
# There's no floppy controller, but probing for it generates timeouts
|
||||
echo 'omit_drivers+=" floppy "' > nofloppy.conf
|
||||
popd
|
||||
# Fix the SELinux context of the new files
|
||||
restorecon -f - <<EOF
|
||||
/etc/sudoers.d/vagrant
|
||||
/etc/dracut.conf.d/vmware-fusion-drivers.conf
|
||||
/etc/dracut.conf.d/hyperv-drivers.conf
|
||||
/etc/dracut.conf.d/nofloppy.conf
|
||||
EOF
|
||||
|
||||
# Rerun dracut for the installed kernel (not the running kernel):
|
||||
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
|
||||
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
|
||||
|
||||
# Seal for deployment
|
||||
rm -rf /etc/ssh/ssh_host_*
|
||||
hostnamectl set-hostname localhost.localdomain
|
||||
rm -rf /etc/udev/rules.d/70-*
|
||||
%end
|
@ -1,154 +0,0 @@
|
||||
url --url=http://dl.rockylinux.org/pub/rocky/8/BaseOS/x86_64/os
|
||||
repo --name=AppStream --baseurl=http://dl.rockylinux.org/pub/rocky/8/AppStream/x86_64/os
|
||||
text
|
||||
keyboard --vckeymap us
|
||||
lang en_US
|
||||
skipx
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
rootpw --plaintext vagrant
|
||||
firewall --disabled
|
||||
timezone --utc UTC
|
||||
services --enabled=vmtoolsd
|
||||
# The biosdevname and ifnames options ensure we get "eth0" as our interface
|
||||
# even in environments like virtualbox that emulate a real NW card
|
||||
bootloader --timeout=1 --append="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop"
|
||||
zerombr
|
||||
clearpart --all --initlabel
|
||||
part / --fstype=xfs --asprimary --size=1024 --grow
|
||||
|
||||
user --name=vagrant --plaintext --password=vagrant
|
||||
|
||||
shutdown
|
||||
|
||||
%packages --instLangs=en
|
||||
bash-completion
|
||||
man-pages
|
||||
bzip2
|
||||
rsync
|
||||
nfs-utils
|
||||
cifs-utils
|
||||
chrony
|
||||
yum-utils
|
||||
hyperv-daemons
|
||||
open-vm-tools
|
||||
# Vagrant boxes aren't normally visible, no need for Plymouth
|
||||
-plymouth
|
||||
# Microcode updates cannot work in a VM
|
||||
-microcode_ctl
|
||||
# Firmware packages are not needed in a VM
|
||||
-iwl100-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl105-firmware
|
||||
-iwl135-firmware
|
||||
-iwl2000-firmware
|
||||
-iwl2030-firmware
|
||||
-iwl3160-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6050-firmware
|
||||
-iwl7260-firmware
|
||||
# Don't build rescue initramfs
|
||||
-dracut-config-rescue
|
||||
%end
|
||||
|
||||
# kdump needs to reserve 160MB + 2bits/4kB RAM, and automatic allocation only
|
||||
# works on systems with at least 2GB RAM (which excludes most Vagrant boxes)
|
||||
# CBS doesn't support %addon yet https://bugs.centos.org/view.php?id=12169
|
||||
%addon com_redhat_kdump --disable
|
||||
%end
|
||||
|
||||
%post
|
||||
# configure swap to a file
|
||||
fallocate -l 2G /swapfile
|
||||
chmod 600 /swapfile
|
||||
mkswap /swapfile
|
||||
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
|
||||
|
||||
# sudo
|
||||
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
|
||||
chmod 0440 /etc/sudoers.d/vagrant
|
||||
|
||||
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
|
||||
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
|
||||
DEVICE="eth0"
|
||||
BOOTPROTO="dhcp"
|
||||
ONBOOT="yes"
|
||||
TYPE="Ethernet"
|
||||
PERSISTENT_DHCLIENT="yes"
|
||||
EOF
|
||||
|
||||
# sshd: disable password authentication and DNS checks
|
||||
ex -s /etc/ssh/sshd_config <<EOF
|
||||
:%substitute/^\(PasswordAuthentication\) yes$/\1 no/
|
||||
:%substitute/^#\(UseDNS\) yes$/&\r\1 no/
|
||||
:update
|
||||
:quit
|
||||
EOF
|
||||
cat >>/etc/sysconfig/sshd <<EOF
|
||||
|
||||
# Decrease connection time by preventing reverse DNS lookups
|
||||
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
|
||||
# and man sshd for more information)
|
||||
OPTIONS="-u0"
|
||||
EOF
|
||||
|
||||
# Default insecure vagrant key
|
||||
mkdir -m 0700 -p /home/vagrant/.ssh
|
||||
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
|
||||
chmod 600 /home/vagrant/.ssh/authorized_keys
|
||||
chown -R vagrant:vagrant /home/vagrant/.ssh
|
||||
|
||||
# Fix for issue #76, regular users can gain admin privileges via su
|
||||
ex -s /etc/pam.d/su <<'EOF'
|
||||
# allow vagrant to use su, but prevent others from becoming root or vagrant
|
||||
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
|
||||
:append
|
||||
account [success=1 default=ignore] \\
|
||||
pam_succeed_if.so user = vagrant use_uid quiet
|
||||
account required pam_succeed_if.so user notin root:vagrant
|
||||
.
|
||||
:update
|
||||
:quit
|
||||
EOF
|
||||
|
||||
# systemd should generate a new machine id during the first boot, to
|
||||
# avoid having multiple Vagrant instances with the same id in the local
|
||||
# network. /etc/machine-id should be empty, but it must exist to prevent
|
||||
# boot errors (e.g. systemd-journald failing to start).
|
||||
:>/etc/machine-id
|
||||
|
||||
echo 'vag' > /etc/yum/vars/infra
|
||||
|
||||
# Blacklist the floppy module to avoid probing timeouts
|
||||
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
|
||||
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
|
||||
|
||||
# Customize the initramfs
|
||||
pushd /etc/dracut.conf.d
|
||||
# Enable VMware PVSCSI support for VMware Fusion guests.
|
||||
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
|
||||
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
|
||||
# There's no floppy controller, but probing for it generates timeouts
|
||||
echo 'omit_drivers+=" floppy "' > nofloppy.conf
|
||||
popd
|
||||
# Fix the SELinux context of the new files
|
||||
restorecon -f - <<EOF
|
||||
/etc/sudoers.d/vagrant
|
||||
/etc/dracut.conf.d/vmware-fusion-drivers.conf
|
||||
/etc/dracut.conf.d/hyperv-drivers.conf
|
||||
/etc/dracut.conf.d/nofloppy.conf
|
||||
EOF
|
||||
|
||||
# Rerun dracut for the installed kernel (not the running kernel):
|
||||
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
|
||||
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
|
||||
|
||||
# Seal for deployment
|
||||
rm -rf /etc/ssh/ssh_host_*
|
||||
hostnamectl set-hostname localhost.localdomain
|
||||
rm -rf /etc/udev/rules.d/70-*
|
||||
%end
|
@ -1,359 +0,0 @@
|
||||
# rocky-live-base-spin.ks
|
||||
#
|
||||
# Base installation information for Rocky Linux images
|
||||
# Contains EPEL.
|
||||
#
|
||||
|
||||
lang en_US.UTF-8
|
||||
keyboard us
|
||||
timezone US/Eastern
|
||||
auth --useshadow --passalgo=sha512
|
||||
selinux --enforcing
|
||||
firewall --enabled --service=mdns
|
||||
xconfig --startxonboot
|
||||
zerombr
|
||||
clearpart --all
|
||||
part / --size 5120 --fstype ext4
|
||||
services --enabled=NetworkManager,ModemManager --disabled=sshd
|
||||
network --bootproto=dhcp --device=link --activate
|
||||
rootpw --lock --iscrypted locked
|
||||
shutdown
|
||||
|
||||
%include rocky-repo-epel.ks
|
||||
|
||||
%packages
|
||||
@base-x
|
||||
@guest-desktop-agents
|
||||
@standard
|
||||
@core
|
||||
@fonts
|
||||
@input-methods
|
||||
@dial-up
|
||||
@multimedia
|
||||
@hardware-support
|
||||
|
||||
# explicit
|
||||
kernel
|
||||
kernel-modules
|
||||
kernel-modules-extra
|
||||
memtest86+
|
||||
anaconda
|
||||
anaconda-install-env-deps
|
||||
anaconda-live
|
||||
@anaconda-tools
|
||||
|
||||
# Required for SVG rnotes images
|
||||
aajohan-comfortaa-fonts
|
||||
|
||||
# RHBZ#1242586 - Required for initramfs creation
|
||||
dracut-live
|
||||
syslinux
|
||||
|
||||
# Anaconda needs all the locales available, just like a DVD installer
|
||||
glibc-all-langpacks
|
||||
|
||||
# no longer in @core since 2018-10, but needed for livesys script
|
||||
initscripts
|
||||
chkconfig
|
||||
|
||||
# absolutely required - don't want a system that can't actually update
|
||||
epel-release
|
||||
%end
|
||||
|
||||
%post
|
||||
# FIXME: it'd be better to get this installed from a package
|
||||
cat > /etc/rc.d/init.d/livesys << EOF
|
||||
#!/bin/bash
|
||||
#
|
||||
# live: Init script for live image
|
||||
#
|
||||
# chkconfig: 345 00 99
|
||||
# description: Init script for live image.
|
||||
### BEGIN INIT INFO
|
||||
# X-Start-Before: display-manager chronyd
|
||||
### END INIT INFO
|
||||
|
||||
. /etc/init.d/functions
|
||||
|
||||
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -e /.liveimg-configured ] ; then
|
||||
configdone=1
|
||||
fi
|
||||
|
||||
exists() {
|
||||
which \$1 >/dev/null 2>&1 || return
|
||||
\$*
|
||||
}
|
||||
|
||||
livedir="LiveOS"
|
||||
for arg in \`cat /proc/cmdline\` ; do
|
||||
if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
|
||||
livedir=\${arg##rd.live.dir=}
|
||||
continue
|
||||
fi
|
||||
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
|
||||
livedir=\${arg##live_dir=}
|
||||
fi
|
||||
done
|
||||
|
||||
# Enable swap unless requested otherwise
|
||||
swaps=\`blkid -t TYPE=swap -o device\`
|
||||
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
|
||||
for s in \$swaps ; do
|
||||
action "Enabling swap partition \$s" swapon \$s
|
||||
done
|
||||
fi
|
||||
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
|
||||
action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
|
||||
fi
|
||||
|
||||
# Support for persistent homes
|
||||
mountPersistentHome() {
|
||||
# support label/uuid
|
||||
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
|
||||
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
|
||||
fi
|
||||
|
||||
# if we're given a file rather than a blockdev, loopback it
|
||||
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
|
||||
# mtd devs don't have a block device but get magic-mounted with -t jffs2
|
||||
mountopts="-t jffs2"
|
||||
elif [ ! -b "\$homedev" ]; then
|
||||
loopdev=\`losetup -f\`
|
||||
if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
|
||||
action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
|
||||
fi
|
||||
losetup \$loopdev \$homedev
|
||||
homedev=\$loopdev
|
||||
fi
|
||||
|
||||
# if it's encrypted, we need to unlock it
|
||||
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
|
||||
echo
|
||||
echo "Setting up encrypted /home device"
|
||||
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
|
||||
homedev=/dev/mapper/EncHome
|
||||
fi
|
||||
|
||||
# and finally do the mount
|
||||
mount \$mountopts \$homedev /home
|
||||
# if we have /home under what's passed for persistent home, then
|
||||
# we should make that the real /home. useful for mtd device on olpc
|
||||
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
|
||||
[ -x /sbin/restorecon ] && /sbin/restorecon /home
|
||||
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
|
||||
}
|
||||
|
||||
# Help locate persistent homes
|
||||
findPersistentHome() {
|
||||
for arg in \`cat /proc/cmdline\` ; do
|
||||
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
|
||||
homedev=\${arg##persistenthome=}
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
|
||||
findPersistentHome
|
||||
elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
|
||||
homedev=/run/initramfs/live/\${livedir}/home.img
|
||||
fi
|
||||
|
||||
# Mount the persistent home if it's available
|
||||
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
|
||||
action "Mounting persistent /home" mountPersistentHome
|
||||
fi
|
||||
|
||||
if [ -n "\$configdone" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Create the liveuser (no password) so automatic logins and sudo works
|
||||
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
|
||||
passwd -d liveuser > /dev/null
|
||||
usermod -aG wheel liveuser > /dev/null
|
||||
|
||||
# Same for root
|
||||
passwd -d root > /dev/null
|
||||
|
||||
# Turn off firstboot (similar to a DVD/minimal install, where it asks
|
||||
# for the user to accept the EULA before bringing up a TTY)
|
||||
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
|
||||
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
|
||||
systemctl stop firstboot-text.service 2> /dev/null || :
|
||||
systemctl stop firstboot-graphical.service 2> /dev/null || :
|
||||
|
||||
# Prelinking damages the images
|
||||
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
|
||||
|
||||
# Turn off mdmonitor by default
|
||||
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
|
||||
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
|
||||
systemctl stop mdmonitor.service 2> /dev/null || :
|
||||
systemctl stop mdmonitor-takeover.service 2> /dev/null || :
|
||||
|
||||
# Even if there isn't gnome, this doesn't hurt.
|
||||
gsettings set org.gnome.software download-updates 'false' || :
|
||||
|
||||
# Disable cron
|
||||
systemctl --no-reload disable crond.service 2> /dev/null || :
|
||||
systemctl --no-reload disable atd.service 2> /dev/null || :
|
||||
systemctl stop crond.service 2> /dev/null || :
|
||||
systemctl stop atd.service 2> /dev/null || :
|
||||
|
||||
# Disable abrt
|
||||
systemctl --no-reload disable abrtd.service 2> /dev/null || :
|
||||
systemctl stop abrtd.service 2> /dev/null || :
|
||||
|
||||
# Don't sync the system clock when running live (RHBZ #1018162)
|
||||
sed -i 's/rtcsync//' /etc/chrony.conf
|
||||
|
||||
# Mark things as configured
|
||||
touch /.liveimg-configured
|
||||
|
||||
# add static hostname to work around xauth bug
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
|
||||
# the hostname must be something else than 'localhost'
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
|
||||
echo "localhost" > /etc/hostname
|
||||
|
||||
EOF
|
||||
|
||||
# HAL likes to start late.
|
||||
cat > /etc/rc.d/init.d/livesys-late << EOF
|
||||
#!/bin/bash
|
||||
#
|
||||
# live: Late init script for live image
|
||||
#
|
||||
# chkconfig: 345 99 01
|
||||
# description: Late init script for live image.
|
||||
|
||||
. /etc/init.d/functions
|
||||
|
||||
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
exists() {
|
||||
which \$1 >/dev/null 2>&1 || return
|
||||
\$*
|
||||
}
|
||||
|
||||
touch /.liveimg-late-configured
|
||||
|
||||
# Read some stuff out of the kernel cmdline
|
||||
for o in \`cat /proc/cmdline\` ; do
|
||||
case \$o in
|
||||
ks=*)
|
||||
ks="--kickstart=\${o#ks=}"
|
||||
;;
|
||||
xdriver=*)
|
||||
xdriver="\${o#xdriver=}"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
# If liveinst or textinst is given, start installer
|
||||
if strstr "\`cat /proc/cmdline\`" liveinst ; then
|
||||
plymouth --quit
|
||||
/usr/sbin/liveinst \$ks
|
||||
fi
|
||||
if strstr "\`cat /proc/cmdline\`" textinst ; then
|
||||
plymouth --quit
|
||||
/usr/sbin/liveinst --text \$ks
|
||||
fi
|
||||
|
||||
# Configure X, allowing user to override xdriver
|
||||
if [ -n "\$xdriver" ]; then
|
||||
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
|
||||
Section "Device"
|
||||
Identifier "Videocard0"
|
||||
Driver "\$xdriver"
|
||||
EndSection
|
||||
FOE
|
||||
fi
|
||||
|
||||
EOF
|
||||
|
||||
chmod 755 /etc/rc.d/init.d/livesys
|
||||
/sbin/restorecon /etc/rc.d/init.d/livesys
|
||||
/sbin/chkconfig --add livesys
|
||||
|
||||
chmod 755 /etc/rc.d/init.d/livesys-late
|
||||
/sbin/restorecon /etc/rc.d/init.d/livesys-late
|
||||
/sbin/chkconfig --add livesys-late
|
||||
|
||||
# Enable tmpfs for /tmp - this is a good idea
|
||||
systemctl enable tmp.mount
|
||||
|
||||
# make it so that we don't do writing to the overlay for things which
|
||||
# are just tmpdirs/caches
|
||||
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
|
||||
cat >> /etc/fstab << EOF
|
||||
vartmp /var/tmp tmpfs defaults 0 0
|
||||
EOF
|
||||
|
||||
# PackageKit likes to play games. Let's fix that.
|
||||
rm -f /var/lib/rpm/__db*
|
||||
releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
|
||||
basearch=$(uname -i)
|
||||
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
|
||||
echo "Packages within this LiveCD"
|
||||
rpm -qa
|
||||
# Note that running rpm recreates the rpm db files which aren't needed or wanted
|
||||
rm -f /var/lib/rpm/__db*
|
||||
|
||||
# go ahead and pre-make the man -k cache (#455968)
|
||||
/usr/bin/mandb
|
||||
|
||||
# make sure there aren't core files lying around
|
||||
rm -f /core*
|
||||
|
||||
# remove random seed, the newly installed instance should make it's own
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
|
||||
# convince readahead not to collect
|
||||
# FIXME: for systemd
|
||||
|
||||
echo 'File created by kickstart. See systemd-update-done.service(8).' \
|
||||
| tee /etc/.updated >/var/.updated
|
||||
|
||||
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
|
||||
# See bug 1317709
|
||||
rm -f /boot/*-rescue*
|
||||
|
||||
# Disable network service here, as doing it in the services line
|
||||
# fails due to RHBZ #1369794 - the error is expected
|
||||
/sbin/chkconfig network off
|
||||
|
||||
# Remove machine-id on generated images
|
||||
rm -f /etc/machine-id
|
||||
touch /etc/machine-id
|
||||
|
||||
%end
|
||||
|
||||
|
||||
%post --nochroot
|
||||
cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
|
||||
|
||||
# only works on x86_64
|
||||
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
|
||||
# For livecd-creator builds
|
||||
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
|
||||
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
|
||||
|
||||
# For lorax/livemedia-creator builds
|
||||
sed -i '
|
||||
/## make boot.iso/ i\
|
||||
# Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
|
||||
<% f = "usr/bin/livecd-iso-to-disk" %>\
|
||||
%if exists(f):\
|
||||
install ${f} ${LIVEDIR}/${f|basename}\
|
||||
%endif\
|
||||
' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
|
||||
fi
|
||||
|
||||
%end
|
@ -1,355 +0,0 @@
|
||||
# rocky-live-base.ks
|
||||
#
|
||||
# Base installation information for Rocky Linux images
|
||||
#
|
||||
|
||||
lang en_US.UTF-8
|
||||
keyboard us
|
||||
timezone US/Eastern
|
||||
auth --useshadow --passalgo=sha512
|
||||
selinux --enforcing
|
||||
firewall --enabled --service=mdns
|
||||
xconfig --startxonboot
|
||||
zerombr
|
||||
clearpart --all
|
||||
part / --size 5120 --fstype ext4
|
||||
services --enabled=NetworkManager,ModemManager --disabled=sshd
|
||||
network --bootproto=dhcp --device=link --activate
|
||||
rootpw --lock --iscrypted locked
|
||||
shutdown
|
||||
|
||||
%include rocky-repo.ks
|
||||
|
||||
%packages
|
||||
@base-x
|
||||
@guest-desktop-agents
|
||||
@standard
|
||||
@core
|
||||
@fonts
|
||||
@input-methods
|
||||
@dial-up
|
||||
@multimedia
|
||||
@hardware-support
|
||||
|
||||
# explicit
|
||||
kernel
|
||||
kernel-modules
|
||||
kernel-modules-extra
|
||||
memtest86+
|
||||
anaconda
|
||||
anaconda-install-env-deps
|
||||
anaconda-live
|
||||
@anaconda-tools
|
||||
|
||||
# Required for SVG rnotes images
|
||||
aajohan-comfortaa-fonts
|
||||
|
||||
# RHBZ#1242586 - Required for initramfs creation
|
||||
dracut-live
|
||||
syslinux
|
||||
|
||||
# Anaconda needs all the locales available, just like a DVD installer
|
||||
glibc-all-langpacks
|
||||
|
||||
# This isn't in @core anymore, but livesys still needs it
|
||||
initscripts
|
||||
chkconfig
|
||||
%end
|
||||
|
||||
%post
|
||||
# FIXME: it'd be better to get this installed from a package
|
||||
cat > /etc/rc.d/init.d/livesys << EOF
|
||||
#!/bin/bash
|
||||
#
|
||||
# live: Init script for live image
|
||||
#
|
||||
# chkconfig: 345 00 99
|
||||
# description: Init script for live image.
|
||||
### BEGIN INIT INFO
|
||||
# X-Start-Before: display-manager chronyd
|
||||
### END INIT INFO
|
||||
|
||||
. /etc/init.d/functions
|
||||
|
||||
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -e /.liveimg-configured ] ; then
|
||||
configdone=1
|
||||
fi
|
||||
|
||||
exists() {
|
||||
which \$1 >/dev/null 2>&1 || return
|
||||
\$*
|
||||
}
|
||||
|
||||
livedir="LiveOS"
|
||||
for arg in \`cat /proc/cmdline\` ; do
|
||||
if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
|
||||
livedir=\${arg##rd.live.dir=}
|
||||
continue
|
||||
fi
|
||||
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
|
||||
livedir=\${arg##live_dir=}
|
||||
fi
|
||||
done
|
||||
|
||||
# Enable swap unless requested otherwise
|
||||
swaps=\`blkid -t TYPE=swap -o device\`
|
||||
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
|
||||
for s in \$swaps ; do
|
||||
action "Enabling swap partition \$s" swapon \$s
|
||||
done
|
||||
fi
|
||||
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
|
||||
action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
|
||||
fi
|
||||
|
||||
# Support for persistent homes
|
||||
mountPersistentHome() {
|
||||
# support label/uuid
|
||||
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
|
||||
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
|
||||
fi
|
||||
|
||||
# if we're given a file rather than a blockdev, loopback it
|
||||
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
|
||||
# mtd devs don't have a block device but get magic-mounted with -t jffs2
|
||||
mountopts="-t jffs2"
|
||||
elif [ ! -b "\$homedev" ]; then
|
||||
loopdev=\`losetup -f\`
|
||||
if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
|
||||
action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
|
||||
fi
|
||||
losetup \$loopdev \$homedev
|
||||
homedev=\$loopdev
|
||||
fi
|
||||
|
||||
# if it's encrypted, we need to unlock it
|
||||
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
|
||||
echo
|
||||
echo "Setting up encrypted /home device"
|
||||
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
|
||||
homedev=/dev/mapper/EncHome
|
||||
fi
|
||||
|
||||
# and finally do the mount
|
||||
mount \$mountopts \$homedev /home
|
||||
# if we have /home under what's passed for persistent home, then
|
||||
# we should make that the real /home. useful for mtd device on olpc
|
||||
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
|
||||
[ -x /sbin/restorecon ] && /sbin/restorecon /home
|
||||
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
|
||||
}
|
||||
|
||||
# Help locate persistent homes
|
||||
findPersistentHome() {
|
||||
for arg in \`cat /proc/cmdline\` ; do
|
||||
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
|
||||
homedev=\${arg##persistenthome=}
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
|
||||
findPersistentHome
|
||||
elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
|
||||
homedev=/run/initramfs/live/\${livedir}/home.img
|
||||
fi
|
||||
|
||||
# Mount the persistent home if it's available
|
||||
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
|
||||
action "Mounting persistent /home" mountPersistentHome
|
||||
fi
|
||||
|
||||
if [ -n "\$configdone" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Create the liveuser (no password) so automatic logins and sudo works
|
||||
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
|
||||
passwd -d liveuser > /dev/null
|
||||
usermod -aG wheel liveuser > /dev/null
|
||||
|
||||
# Same for root
|
||||
passwd -d root > /dev/null
|
||||
|
||||
# Turn off firstboot (similar to a DVD/minimal install, where it asks
|
||||
# for the user to accept the EULA before bringing up a TTY)
|
||||
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
|
||||
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
|
||||
systemctl stop firstboot-text.service 2> /dev/null || :
|
||||
systemctl stop firstboot-graphical.service 2> /dev/null || :
|
||||
|
||||
# Prelinking damages the images
|
||||
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
|
||||
|
||||
# Turn off mdmonitor by default
|
||||
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
|
||||
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
|
||||
systemctl stop mdmonitor.service 2> /dev/null || :
|
||||
systemctl stop mdmonitor-takeover.service 2> /dev/null || :
|
||||
|
||||
# Even if there isn't gnome, this doesn't hurt.
|
||||
gsettings set org.gnome.software download-updates 'false' || :
|
||||
|
||||
# Disable cron
|
||||
systemctl --no-reload disable crond.service 2> /dev/null || :
|
||||
systemctl --no-reload disable atd.service 2> /dev/null || :
|
||||
systemctl stop crond.service 2> /dev/null || :
|
||||
systemctl stop atd.service 2> /dev/null || :
|
||||
|
||||
# Disable abrt
|
||||
systemctl --no-reload disable abrtd.service 2> /dev/null || :
|
||||
systemctl stop abrtd.service 2> /dev/null || :
|
||||
|
||||
# Don't sync the system clock when running live (RHBZ #1018162)
|
||||
sed -i 's/rtcsync//' /etc/chrony.conf
|
||||
|
||||
# Mark things as configured
|
||||
touch /.liveimg-configured
|
||||
|
||||
# add static hostname to work around xauth bug
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
|
||||
# the hostname must be something else than 'localhost'
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
|
||||
echo "localhost" > /etc/hostname
|
||||
|
||||
EOF
|
||||
|
||||
# HAL likes to start late.
|
||||
cat > /etc/rc.d/init.d/livesys-late << EOF
|
||||
#!/bin/bash
|
||||
#
|
||||
# live: Late init script for live image
|
||||
#
|
||||
# chkconfig: 345 99 01
|
||||
# description: Late init script for live image.
|
||||
|
||||
. /etc/init.d/functions
|
||||
|
||||
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
exists() {
|
||||
which \$1 >/dev/null 2>&1 || return
|
||||
\$*
|
||||
}
|
||||
|
||||
touch /.liveimg-late-configured
|
||||
|
||||
# Read some stuff out of the kernel cmdline
|
||||
for o in \`cat /proc/cmdline\` ; do
|
||||
case \$o in
|
||||
ks=*)
|
||||
ks="--kickstart=\${o#ks=}"
|
||||
;;
|
||||
xdriver=*)
|
||||
xdriver="\${o#xdriver=}"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
# If liveinst or textinst is given, start installer
|
||||
if strstr "\`cat /proc/cmdline\`" liveinst ; then
|
||||
plymouth --quit
|
||||
/usr/sbin/liveinst \$ks
|
||||
fi
|
||||
if strstr "\`cat /proc/cmdline\`" textinst ; then
|
||||
plymouth --quit
|
||||
/usr/sbin/liveinst --text \$ks
|
||||
fi
|
||||
|
||||
# Configure X, allowing user to override xdriver
|
||||
if [ -n "\$xdriver" ]; then
|
||||
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
|
||||
Section "Device"
|
||||
Identifier "Videocard0"
|
||||
Driver "\$xdriver"
|
||||
EndSection
|
||||
FOE
|
||||
fi
|
||||
|
||||
EOF
|
||||
|
||||
chmod 755 /etc/rc.d/init.d/livesys
|
||||
/sbin/restorecon /etc/rc.d/init.d/livesys
|
||||
/sbin/chkconfig --add livesys
|
||||
|
||||
chmod 755 /etc/rc.d/init.d/livesys-late
|
||||
/sbin/restorecon /etc/rc.d/init.d/livesys-late
|
||||
/sbin/chkconfig --add livesys-late
|
||||
|
||||
# Enable tmpfs for /tmp - this is a good idea
|
||||
systemctl enable tmp.mount
|
||||
|
||||
# make it so that we don't do writing to the overlay for things which
|
||||
# are just tmpdirs/caches
|
||||
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
|
||||
cat >> /etc/fstab << EOF
|
||||
vartmp /var/tmp tmpfs defaults 0 0
|
||||
EOF
|
||||
|
||||
# PackageKit likes to play games. Let's fix that.
|
||||
rm -f /var/lib/rpm/__db*
|
||||
releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
|
||||
basearch=$(uname -i)
|
||||
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
|
||||
echo "Packages within this LiveCD"
|
||||
rpm -qa
|
||||
# Note that running rpm recreates the rpm db files which aren't needed or wanted
|
||||
rm -f /var/lib/rpm/__db*
|
||||
|
||||
# go ahead and pre-make the man -k cache (#455968)
|
||||
/usr/bin/mandb
|
||||
|
||||
# make sure there aren't core files lying around
|
||||
rm -f /core*
|
||||
|
||||
# remove random seed, the newly installed instance should make it's own
|
||||
rm -f /var/lib/systemd/random-seed
|
||||
|
||||
# convince readahead not to collect
|
||||
# FIXME: for systemd
|
||||
|
||||
echo 'File created by kickstart. See systemd-update-done.service(8).' \
|
||||
| tee /etc/.updated >/var/.updated
|
||||
|
||||
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
|
||||
# See bug 1317709
|
||||
rm -f /boot/*-rescue*
|
||||
|
||||
# Disable network service here, as doing it in the services line
|
||||
# fails due to RHBZ #1369794 - the error is expected
|
||||
/sbin/chkconfig network off
|
||||
|
||||
# Remove machine-id on generated images
|
||||
rm -f /etc/machine-id
|
||||
touch /etc/machine-id
|
||||
|
||||
%end
|
||||
|
||||
|
||||
%post --nochroot
|
||||
cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
|
||||
|
||||
# This only works on x86_64
|
||||
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
|
||||
# For livecd-creator builds
|
||||
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
|
||||
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
|
||||
|
||||
# For lorax/livemedia-creator builds
|
||||
sed -i '
|
||||
/## make boot.iso/ i\
|
||||
# Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
|
||||
<% f = "usr/bin/livecd-iso-to-disk" %>\
|
||||
%if exists(f):\
|
||||
install ${f} ${LIVEDIR}/${f|basename}\
|
||||
%endif\
|
||||
' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
|
||||
fi
|
||||
|
||||
%end
|
@ -1,104 +0,0 @@
|
||||
# Maintained by RelEng
|
||||
|
||||
%include rocky-live-base-spin.ks
|
||||
%include rocky-live-kde-common.ks
|
||||
|
||||
%post
|
||||
|
||||
# set default GTK+ theme for root (see #683855, #689070, #808062)
|
||||
cat > /root/.gtkrc-2.0 << EOF
|
||||
include "/usr/share/themes/Adwaita/gtk-2.0/gtkrc"
|
||||
include "/etc/gtk-2.0/gtkrc"
|
||||
gtk-theme-name="Adwaita"
|
||||
EOF
|
||||
mkdir -p /root/.config/gtk-3.0
|
||||
cat > /root/.config/gtk-3.0/settings.ini << EOF
|
||||
[Settings]
|
||||
gtk-theme-name = Adwaita
|
||||
EOF
|
||||
|
||||
# add initscript
|
||||
cat >> /etc/rc.d/init.d/livesys << EOF
|
||||
|
||||
# are we *not* able to use wayland sessions?
|
||||
if strstr "\`cat /proc/cmdline\`" nomodeset ; then
|
||||
PLASMA_SESSION_FILE="plasmax11.desktop"
|
||||
else
|
||||
PLASMA_SESSION_FILE="plasma.desktop"
|
||||
fi
|
||||
|
||||
# set up autologin for user liveuser
|
||||
if [ -f /etc/sddm.conf ]; then
|
||||
sed -i 's/^#User=.*/User=liveuser/' /etc/sddm.conf
|
||||
sed -i "s/^#Session=.*/Session=\${PLASMA_SESSION_FILE}/" /etc/sddm.conf
|
||||
else
|
||||
cat > /etc/sddm.conf << SDDM_EOF
|
||||
[Autologin]
|
||||
User=liveuser
|
||||
Session=\${PLASMA_SESSION_FILE}
|
||||
SDDM_EOF
|
||||
fi
|
||||
|
||||
# add liveinst.desktop to favorites menu
|
||||
mkdir -p /home/liveuser/.config/
|
||||
cat > /home/liveuser/.config/kickoffrc << MENU_EOF
|
||||
[Favorites]
|
||||
FavoriteURLs=/usr/share/applications/firefox.desktop,/usr/share/applications/org.kde.dolphin.desktop,/usr/share/applications/systemsettings.desktop,/usr/share/applications/org.kde.konsole.desktop,/usr/share/applications/liveinst.desktop
|
||||
MENU_EOF
|
||||
|
||||
# show liveinst.desktop on desktop and in menu
|
||||
sed -i 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop
|
||||
|
||||
# debrand
|
||||
sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
|
||||
sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
|
||||
sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
|
||||
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
|
||||
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/liveinst.desktop
|
||||
|
||||
# set executable bit disable KDE security warning
|
||||
chmod +x /usr/share/applications/liveinst.desktop
|
||||
mkdir /home/liveuser/Desktop
|
||||
cp -a /usr/share/applications/liveinst.desktop /home/liveuser/Desktop/
|
||||
|
||||
# Set akonadi backend
|
||||
mkdir -p /home/liveuser/.config/akonadi
|
||||
cat > /home/liveuser/.config/akonadi/akonadiserverrc << AKONADI_EOF
|
||||
[%General]
|
||||
Driver=QSQLITE3
|
||||
AKONADI_EOF
|
||||
|
||||
# "Disable plasma-discover-notifier"
|
||||
mkdir -p /home/liveuser/.config/autostart
|
||||
cp -a /etc/xdg/autostart/org.kde.discover.notifier.desktop /home/liveuser/.config/autostart/
|
||||
echo 'Hidden=true' >> /home/liveuser/.config/autostart/org.kde.discover.notifier.desktop
|
||||
|
||||
# Disable baloo
|
||||
cat > /home/liveuser/.config/baloofilerc << BALOO_EOF
|
||||
[Basic Settings]
|
||||
Indexing-Enabled=false
|
||||
BALOO_EOF
|
||||
|
||||
# Disable kres-migrator
|
||||
cat > /home/liveuser/.kde/share/config/kres-migratorrc << KRES_EOF
|
||||
[Migration]
|
||||
Enabled=false
|
||||
KRES_EOF
|
||||
|
||||
# Disable kwallet migrator
|
||||
cat > /home/liveuser/.config/kwalletrc << KWALLET_EOL
|
||||
[Migration]
|
||||
alreadyMigrated=true
|
||||
KWALLET_EOL
|
||||
|
||||
# make sure to set the right permissions and selinux contexts
|
||||
chown -R liveuser:liveuser /home/liveuser/
|
||||
restorecon -R /home/liveuser/
|
||||
restorecon -R /
|
||||
|
||||
EOF
|
||||
|
||||
systemctl enable sddm.service
|
||||
dnf config-manager --set-enabled powertools
|
||||
|
||||
%end
|
@ -1,77 +0,0 @@
|
||||
|
||||
%packages
|
||||
# install env-group to resolve RhBug:1891500
|
||||
@^kde-desktop-environment
|
||||
|
||||
@firefox
|
||||
@kde-apps
|
||||
@kde-media
|
||||
|
||||
# Libreoffice
|
||||
libreoffice-calc
|
||||
libreoffice-emailmerge
|
||||
libreoffice-graphicfilter
|
||||
libreoffice-impress
|
||||
libreoffice-writer
|
||||
|
||||
-@admin-tools
|
||||
|
||||
### The KDE-Desktop
|
||||
|
||||
### fixes
|
||||
sddm
|
||||
|
||||
# use kde-print-manager instead of system-config-printer
|
||||
-system-config-printer
|
||||
# make sure mariadb lands instead of MySQL (hopefully a temporary hack)
|
||||
mariadb-embedded
|
||||
mariadb-connector-c
|
||||
mariadb-server
|
||||
|
||||
# minimal localization support - allows installing the kde-l10n-* packages
|
||||
#system-config-language <- Not in EL8
|
||||
#kde-l10n <- Not in EL8
|
||||
|
||||
# unwanted packages from @kde-desktop
|
||||
# don't include these for now to fit on a cd
|
||||
-desktop-backgrounds-basic
|
||||
-kdeaccessibility*
|
||||
-ktorrent # kget has also basic torrent features (~3 megs)
|
||||
-digikam # digikam has duplicate functionality with gwenview (~28 megs)
|
||||
-kipi-plugins # ~8 megs + drags in Marble
|
||||
-krusader # ~4 megs
|
||||
-k3b # ~15 megs
|
||||
|
||||
#-kdeplasma-addons # ~16 megs
|
||||
|
||||
# Additional packages that are not default in kde-* groups, but useful
|
||||
#kdeartwork # only include some parts of kdeartwork
|
||||
fuse
|
||||
#mediawriter <-- Not in EL8
|
||||
|
||||
### space issues
|
||||
|
||||
# admin-tools
|
||||
-gnome-disk-utility
|
||||
# kcm_clock still lacks some features, so keep system-config-date around
|
||||
#-system-config-date
|
||||
# prefer kcm_systemd
|
||||
-system-config-services
|
||||
# prefer/use kusers
|
||||
-system-config-users
|
||||
|
||||
# we need to keep epel-release, otherwise we can't update
|
||||
epel-release
|
||||
|
||||
### MINIMIZATION ###
|
||||
-mpage
|
||||
-hplip
|
||||
-isdn4k-utils
|
||||
-xsane
|
||||
-xsane-gimp
|
||||
-@input-methods
|
||||
-scim*
|
||||
-iok
|
||||
|
||||
%end
|
||||
|
@ -1,6 +0,0 @@
|
||||
# Remove a few things we don't need
|
||||
%packages
|
||||