sig_core
/
kickstarts
8
0
Fork 6
Code Issues 2 Pull Requests Actions Projects Releases Activity

Compare commits

merge into: sig_core:main
Branches Tags
sig_core:main
sig_core:r9
sig_core:r10
sig_core:r8
...
pull from: sig_core:r8
Branches Tags
sig_core:r9
sig_core:r10
sig_core:r8
sig_core:main

107 Commits
main ... r8

Author SHA1 Message Date
Louis Abel 0d82d4bcbb
add fixfiles to r8 2024-02-17 09:28:01 -07:00
Louis Abel 875c1475c0
add notifyd 2024-02-11 16:17:46 -07:00
Louis Abel bb01e3aa82
bump KDE to 9000 2023-12-22 15:03:27 -07:00
Louis Abel 9be079eb5b
enable gjs for non-workstation live 2023-11-18 20:25:31 -07:00
Louis Abel 70b1326374
move directories for toolkit 2023-11-18 15:30:48 -07:00
Louis Abel 98036f2598
address security feature of xfce 2023-11-14 00:10:35 -07:00
Louis Abel 2a4576f992
address security feature of xfce 2023-11-14 00:10:18 -07:00
Louis Abel b887856c66
clarity on cloned branch 2023-09-07 18:20:44 -07:00
Neil Hanlon 37f49cf768 Update 'Rocky-8-OCP-Base.ks' 2023-05-18 15:46:30 +00:00
Neil Hanlon 57b1de6008 Update 'Rocky-8-OCP-Base.ks' 2023-05-18 15:40:29 +00:00
Neil Hanlon 415b320481 Update 'Rocky-8-OCP-Base.ks' 2023-05-18 15:38:34 +00:00
Neil Hanlon 3cc3a8fd48 Update 'Rocky-8-OCP-Base.ks' 2023-05-18 15:35:15 +00:00
Neil Hanlon cfe0f29591 fix: need to pull python36-oci-sdk 2023-05-18 15:33:21 +00:00
Louis Abel b5f523e3dc
adjust mate size 2023-05-18 02:11:03 -07:00
Louis Abel f6a36606d2
change major.minor to major 2023-05-18 01:58:36 -07:00
Louis Abel 83affe7b78
change to 8.8 2023-05-17 22:24:43 -07:00
lumarel 0454f16220 Merge into the combined ks file 2023-05-12 20:04:34 +00:00
lumarel 8857a9ff53 Get closer to upstream with the ubi image 2023-05-12 20:04:34 +00:00
lumarel 69ea6ceea8 Use Etc/UTC as upstream does 2023-05-12 20:04:34 +00:00
Neil Hanlon 6bf1dae231
fixup kickstarts to make anaconda happy../.. 2023-05-12 15:58:31 -04:00
Louis Abel d65003266c
Renames and readmes 
* Add readme for cloud templates
* Modify readme for repo in general
* Change Rocky-X-OCP to be a base variant
 2023-04-12 23:50:51 -07:00
Louis Abel e9be780fe4
fix xen keys 2023-04-03 09:54:03 -07:00
Louis Abel deeac2a61b
add %pre to base images 2023-03-22 14:04:36 -07:00
Louis Abel ce1ca494b2
update ocp template 2023-03-22 10:29:02 -07:00
Neil Hanlon 4e1a1e9101
attempt to fix BIOS boot on OCP 2023-03-16 12:19:00 -04:00
Neil Hanlon 6e5078c7be
add wsl image 2023-03-01 20:10:19 -05:00
Neil Hanlon 5f119e8041
Use LVM for Libvirt Vagrant 2023-02-25 00:07:57 -05:00
Louis Abel fa6307c427
add additional comment to avoid overwrites 2023-02-20 12:52:55 -07:00
Louis Abel 1be3dbad2c
adjust all LVM's to use %pre 2023-01-26 14:37:53 -07:00
Neil Hanlon 9d3f4cd6c2
Fix partitioning order 2023-01-24 20:41:53 -05:00
Neil Hanlon 403173ecc3
Attempt to fix boot args for OCP images 2023-01-24 17:20:08 -05:00
Neil Hanlon 00717352d3
why is this even here 2022-12-19 16:08:27 -05:00
Neil Hanlon 67c9361688
disable kdump 2022-12-17 12:54:43 -05:00
Neil Hanlon 44c3c55f3c
launch dbus in pre always 2022-12-17 12:49:49 -05:00
Neil Hanlon fdb405478e
attempt to launch dbus manually for anaconda.. 2022-12-17 12:47:36 -05:00
Neil Hanlon f826344218
systemd here causes issues. try to fix another way 2022-12-17 12:34:54 -05:00
Neil Hanlon 18bf69a706
Fix #7 - import gpg key 2022-12-08 08:37:56 -05:00
Neil Hanlon 03efd0e534
fix dracut entries for OCP 2022-11-30 17:46:24 -05:00
Louis Abel da5f8229b2
try to forcefully create a grub.cfg 2022-11-28 23:43:41 -07:00
Louis Abel 84e56160fe
remove asprimary as it serves no purpose in gpt 2022-11-24 12:53:59 -07:00
Louis Abel 230450fa9e
add missing grub2 portions to vagrant 2022-11-23 18:11:32 -07:00
Louis Abel e671199e78
update the vagrant parts 2022-11-23 17:38:41 -07:00
Louis Abel 6db39fc28a
remove asprimary for oracle image 2022-11-22 11:45:59 -07:00
Louis Abel a67625ccf3
remove asprimary on lvm pv's 2022-11-22 11:42:40 -07:00
Louis Abel 6ef04af5f0
Add restorecon for MATE 2022-11-22 11:26:50 -07:00
Louis Abel f71a70c0aa
flatten new templates for azure, oracle, vagrant 2022-11-22 11:25:12 -07:00
Louis Abel d87d62e00f
template out various images for r8 2022-11-22 10:59:32 -07:00
Neil Hanlon fe05feaf54
fix lvm sizes 2022-11-22 08:38:44 -05:00
Louis Abel 0914d04451
backport 9 tables to 8 2022-11-22 00:58:45 -07:00
Neil Hanlon 086ff3f7ad
enable the plus repo on vmware for openvm-tools 2022-11-21 18:34:31 -05:00
Neil Hanlon 3b52ad6cce
use 2022-11-21 18:20:11 -05:00
Neil Hanlon ce4fff102a
Add plus repo to allow open-vm-tools in aarch64 for vagrant 2022-11-21 18:18:51 -05:00
Neil Hanlon 8c963fbb30
Fix EC2 Base 2022-11-18 13:32:28 -05:00
Louis Abel 593abcab2e
add missing partitions for base gc 2022-11-17 02:37:32 -07:00
Neil Hanlon 53e8d4ec65
fix LVM kickstarts' boot partitions 2022-11-13 16:01:10 -05:00
Neil Hanlon 75a4d2a4ac
Revert "Revert "Rename these so they can build as variant with empanadas"" 
This reverts commit d0a188ba1d.
 2022-11-12 18:51:27 -05:00
Neil Hanlon 5c52919587 Merge pull request 'add %post installation of VBoxGuestAdditions' (#5) from tcooper/kickstarts:fix-vbox into r8 
Reviewed-on: #5
Reviewed-on: #2
 2022-11-12 22:55:58 +00:00
Trevor Cooper 0055194c07 add %post installation of VBoxGuestAdditions 2022-11-12 22:43:11 +00:00
Neil Hanlon bb85187578
add urls to Vagrant kickstarts 2022-11-12 17:27:31 -05:00
Neil Hanlon 38c00378fa
:see-no-evil 2022-11-12 16:44:35 -05:00
Neil Hanlon 3071659e9b
add missing URL back to EC2 images 2022-11-12 16:36:31 -05:00
Neil Hanlon a2672d7d98
try pointing to this hostname? 2022-11-12 16:31:34 -05:00
Neil Hanlon d0a188ba1d
Revert "Rename these so they can build as variant with empanadas" 
This reverts commit de39e04269.
 2022-11-12 16:24:04 -05:00
Neil Hanlon de39e04269
Rename these so they can build as variant with empanadas 2022-11-12 11:21:52 -05:00
Neil Hanlon 9da709ac78
Always use stg 2022-11-12 11:15:07 -05:00
Louis Abel 7b2c3008d9
add mate 2022-11-12 00:50:37 -07:00
Louis Abel 8037753a51
bump to 8.7 2022-11-11 13:43:10 -07:00
Louis Abel 45714dfb02
add initial LVM kickstarts 2022-10-11 22:25:44 -07:00
Neil Hanlon 625f058ba4
install oci-utils from oracle repository 2022-10-11 16:13:10 -04:00
Neil Hanlon 14390a1ce0
Add oracle 2022-10-11 13:58:32 -04:00
Louis Abel 236b6daed9
start initial clean up for 8 kickstarts 2022-09-01 10:24:50 -07:00
Louis Abel 8e2302726f Merge pull request 'Add VMware Vagrant kickstart for 8' (#3) from lumarel/kickstarts:feature/vagrant-vmware-ks-rl8 into r8 
Reviewed-on: #3
 2022-07-25 06:02:41 +00:00
lumarel f5a5d044e9
Add VMware Vagrant kickstart 2022-07-24 00:29:30 +02:00
Neil Hanlon 87e537248d
add url param back into genclo image 2022-07-09 00:40:03 -04:00
Neil Hanlon f946adb38d
Add azure kickstart to this repo 2022-07-08 15:23:25 -04:00
Neil Hanlon 7d4785d5ae
Fixes for systemd in el8 anaconda.. it's required, for reasons 2022-07-07 15:35:48 -04:00
Neil Hanlon 507d629cff
test UBI-type image 2022-07-07 15:05:25 -04:00
Neil Hanlon dbd3aad804
Try to remove cleanup from minimal image 2022-07-07 11:31:34 -04:00
Neil Hanlon c361408fd3
try with a url, i guess 2022-07-07 11:03:13 -04:00
Neil Hanlon f22d3ec0b3
make minimal KS actually minimal 2022-07-07 09:51:39 -04:00
Neil Hanlon 97abb0700a
grow genclo disk, reqpart on vagrant 2022-07-04 18:04:27 -04:00
nazunalika 225ede7fc5
lightdm will be available in EPEL 2022-05-15 19:55:42 -07:00
nazunalika 998a1ead36
remove breeze on xfce 2022-05-15 11:17:53 -07:00
nazunalika 02d4ef974a
remove extraneous posts 2022-05-15 10:34:12 -07:00
nazunalika 50ae667781
add sddm themes 2022-05-15 10:19:26 -07:00
nazunalika 78b5936463
fix up ks 2022-05-15 08:47:38 -07:00
nazunalika ad67199c3e
fix up ks 2022-05-15 08:43:03 -07:00
nazunalika 8cf1ca32bb
hostname shouldn't be localhost 2022-05-15 01:43:21 -07:00
nazunalika d111a30da0
patches are in anaconda now 2022-05-12 13:43:58 -07:00
nazunalika a6b0c4912a
update to 8.6 2022-05-10 07:28:59 -07:00
nazunalika 888b882668
Add XDG 2022-02-28 12:58:44 -07:00
nazunalika a93ba16ed8
fix up the xfce background 2021-11-14 16:16:24 -07:00
Neil Hanlon b1c99d8584
Use staging repos for image builds 2021-11-14 12:48:01 -05:00
nazunalika 1d57465221
XFCE needs a default background 2021-11-13 15:43:54 -07:00
nazunalika c544e9bca7
remove auth from the kickstarts 2021-11-13 15:29:28 -07:00
nazunalika 6d1ffb5136
Add mainline kernel kickstart 2021-11-10 13:23:14 -07:00
nazunalika 8ea740d0ce
8.5 2021-11-10 11:39:40 -07:00
Neil Hanlon f7850ec5d8
Remember to always stay positive 2021-10-27 17:37:18 -04:00
Neil Hanlon de40f77ca0
a \ 2021-10-27 17:26:14 -04:00
Neil Hanlon bc9779cca4
Cleanup container image even more 2021-10-27 15:30:06 -04:00
Neil Hanlon 4b670a9ad2
swap dracut for kexec-tools 2021-10-26 19:55:24 -04:00
Neil Hanlon cfc4a16b1a
exclude dracut 2021-10-26 17:08:26 -04:00
Neil Hanlon 25b7bd31d5
skip kexec tools 2021-10-26 16:24:20 -04:00
Neil Hanlon 701c2785b8
Update container image to build w/o ISO 2021-10-20 15:16:27 -04:00
nazunalika 9936c1728e
make lite images 2021-10-06 21:23:38 -07:00
nazunalika 837ae26098
Flatten kickstarts 2021-07-02 16:21:36 -07:00
nazunalika e8cc11b128
add r8 branch 2021-07-02 16:17:10 -07:00
88 changed files with 10740 additions and 327 deletions
Show Stats Expand all files Collapse all files

73
README.md Normal file
View File

@ -0,0 +1,73 @@
# R8 specific kickstarts
This branch has Rocky Linux 8 specific kickstarts. These kickstarts vary
between cloud images and live images provided in our repositories and
mirrors.
## Structure
In the root of the repository are the general kickstarts in use that any
user can pick up, use, or modify to their liking to make their own Rocky
Linux live images, cloud images, and so on. These kickstarts are generated
by templates that live in the various directories in this repository.
* `cloud` -> Cloud image templates
* `live` -> Live image templates
* `container` -> Container image templates
These kickstarts are generated using `ksflatten`. Changes made to the
kickstarts generally match between the templates and the full kickstarts
in the root.
For SIG/Core's usage, we use the `live` area as a "working" directory,
where we use the split parts in our automation for the images and the
pre-flattened versions are there for the convenience of all users. This
is easier than using the pre-made ones in empanadas.
## Building Live Images
To build live images, you will need to use `livecd-creator` or
`livemedia-creator`. The former is simpler to use and generally works without
many issues. The latter can be a bit more tricky to work with and typically
runs the installer virtually. However, it can be used without a virtual machine
like in a mock shell.
### Using livemedia-creator
To use livemedia-creator without using virt, you can use a mock shell. To
setup a mock chroot for the purpose of building a live image, you would
set it up like so:
```
# Install mock if you haven't already
% dnf install epel-release -y
% dnf install mock -y
# Add a user to the mock group
% usermod -a -G mock user
# As the user, setup the mock environment
% mock -r rocky-8-x86_64 --init
% mock -r rocky-8-x86_64 --install lorax-lmc-novirt vim-minimal pykickstart git
# You will need to be in permissive mode temporarily
% setenforce 0
# Enter the shell
% mock -r rocky-8-x86_64 --shell --isolation=simple --enable-network
# Clone the kickstarts and run an installation
% git clone https://github.com/rocky-linux/kickstarts -b r8
% cd kickstarts
% livemedia-creator --ks Rocky-8-Workstation.ks \
--no-virt \
--resultdir /var/lmc \
--project="Rocky Linux" \
--make-iso \
--volid Rocky-Workstation-8 \
--iso-only \
--iso-name Rocky-Workstation-8-x86_64.iso \
--releasever=8 \
--nomacboot # This option is important to set, mkfs.hfsplus is not available
```
With the example above, all of the results will appear in
`/var/lib/mock/rocky-8-x86_64/root/var/lmc`.

328
Rocky-8-Azure-Base.ks Normal file
View File

@ -0,0 +1,328 @@
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted thereisnopasswordanditslocked
# System language
lang en_US.UTF-8
# Shutdown after installation
shutdown
# System timezone
timezone UTC --isUtc
# Use text mode install
text
# Network information
network --bootproto=dhcp --device=link --activate
network --bootproto=dhcp --hostname=localhost.localdomain
# Use network installation
url --url="https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/"
# System authorization information
auth --enableshadow --passalgo=sha512
# Firewall configuration
firewall --enabled --service=ssh
firstboot --disable
# SELinux configuration
selinux --enforcing
# System services
services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
# System bootloader configuration
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
# Disk partitioning information
# NOTE(neil): 2023-05-12 NONE of reqpart, clearpart, zerombr can be used. We
# are creating partitions manually in %pre to ensure proper ordering as
# Anaconda does NOT ensure the ordering `part` commands.
part /boot/efi --fstype="efi" --onpart=vda1
part /boot --fstype="xfs" --label=boot --onpart=vda2
part prepboot --fstype="prepboot" --onpart=vda3
part biosboot --fstype="biosboot" --onpart=vda4
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow --onpart=vda5
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary xfs 1106MiB 10.7GB
%end
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
###
# Common Cloud Tweaks
###
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
# remove linux-firmware as we're virt and it's half a gig
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
echo "virtual-guest" > /etc/tuned/active_profile
###
# Networking Changes
###
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
TYPE=Ethernet
USERCTL=no
PEERDNS=yes
IPV6INIT=no
NM_CONTROLLED=yes
IPV4_DHCP_TIMEOUT=300
EOF
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
# Configure dhcp timeout to 300s by default
[connection]
ipv4.dhcp-timeout=300
EOF
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
###
# Services
###
systemctl mask tmp.mount
###
# azure
###
# Setup WALinux Agent
dnf -y install WALinuxAgent
systemctl enable waagent
# Configure waagent for cloud-init
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
# Azure: handle sr-iov and networkmanaeger
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
# This interface is transparently bonded to the synthetic interface,
# so NetworkManager should just ignore any SRIOV interfaces.
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
EOF
# Azure: Time sync for linux
## Setup udev rule for ptp_hyperv
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
EOF
# Configure chrony to use ptp_hyperv
cat << EOF | tee -a /etc/chrony.conf
# Setup hyperv PTP device as refclock
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
EOF
# Azure: Blacklist modules
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
blacklist amdgpu
blacklist nouveau
blacklist radeon
EOF
# Azure: cloud-init customizations for Hyperv
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
# Enable logging to the Hyper-V kvp in Azure
reporting:
logging:
type: log
telemetry:
type: hyperv
EOF
###
# Kernel and Drivers
###
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
EOF
dracut -f -v
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'azure' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
###
# Cleanup
###
###
# Azure Cleanup
###
sudo rm -f /var/log/waagent.log
sudo cloud-init clean
waagent -force -deprovision+user
# Commont cleanup
rm -f ~/.bash_history
export HISTSIZE=0
rm -f /var/lib/systemd/random-seed
rm -rf /root/anaconda-ks.cfg
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /var/lib/yum/*
rm -rf /var/log/anaconda*
rm -rf /var/log/yum.log
# Wipe machineid
cat /dev/null > /etc/machine-id
# Fix selinux
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
true
%end
%packages
@core
NetworkManager
WALinuxAgent
chrony
cloud-init
cloud-utils-growpart
cockpit-system
cockpit-ws
dhcp-client
dnf
dnf-utils
dracut-config-generic
dracut-norescue
firewalld
gdisk
grub2
hyperv-daemons
kernel
nfs-utils
python3-jsonschema
qemu-guest-agent
rng-tools
rocky-release
rsync
tar
yum
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-biosdevname
-iprutils
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-langpacks-*
-langpacks-en
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-plymouth
%end

328
Rocky-8-Azure-LVM.ks Normal file
View File

@ -0,0 +1,328 @@
#version=DEVEL
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted thereisnopasswordanditslocked
# System language
lang en_US.UTF-8
# Shutdown after installation
shutdown
# System timezone
timezone UTC --isUtc
# Use text mode install
text
# Network information
network --bootproto=dhcp --device=link --activate
network --bootproto=dhcp --hostname=localhost.localdomain
# Use network installation
url --url="https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/"
# System authorization information
auth --enableshadow --passalgo=sha512
# Firewall configuration
firewall --enabled --service=ssh
firstboot --disable
# SELinux configuration
selinux --enforcing
# System services
services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
# System bootloader configuration
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
part /boot/efi --fstype=efi --asprimary --onpart=vda1
part /boot --fstype=xfs --label=boot --onpart=vda2
part prepboot --fstype=biosboot --asprimary --onpart=vda3
part biosboot --fstype=biosboot --asprimary --onpart=vda4
part pv.01 --grow --onpart=vda5
volgroup rocky pv.01
logvol / --vgname=rocky --size=8000 --name=root --grow --mkfsoptions="-m bigtime=0,inobtcount=0"
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary ext2 1106MiB 10.7GB
parted /dev/vda set 5 lvm on
%end
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
###
# Common Cloud Tweaks
###
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
# remove linux-firmware as we're virt and it's half a gig
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
echo "virtual-guest" > /etc/tuned/active_profile
###
# Networking Changes
###
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
TYPE=Ethernet
USERCTL=no
PEERDNS=yes
IPV6INIT=no
NM_CONTROLLED=yes
IPV4_DHCP_TIMEOUT=300
EOF
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
# Configure dhcp timeout to 300s by default
[connection]
ipv4.dhcp-timeout=300
EOF
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
###
# Services
###
systemctl mask tmp.mount
###
# azure
###
# Setup WALinux Agent
dnf -y install WALinuxAgent
systemctl enable waagent
# Configure waagent for cloud-init
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
# Azure: handle sr-iov and networkmanaeger
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
# This interface is transparently bonded to the synthetic interface,
# so NetworkManager should just ignore any SRIOV interfaces.
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
EOF
# Azure: Time sync for linux
## Setup udev rule for ptp_hyperv
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
EOF
# Configure chrony to use ptp_hyperv
cat << EOF | tee -a /etc/chrony.conf
# Setup hyperv PTP device as refclock
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
EOF
# Azure: Blacklist modules
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
blacklist amdgpu
blacklist nouveau
blacklist radeon
EOF
# Azure: cloud-init customizations for Hyperv
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
# Enable logging to the Hyper-V kvp in Azure
reporting:
logging:
type: log
telemetry:
type: hyperv
EOF
###
# Kernel and Drivers
###
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
EOF
dracut -f -v
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'azure' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
###
# Cleanup
###
###
# Azure Cleanup
###
sudo rm -f /var/log/waagent.log
sudo cloud-init clean
waagent -force -deprovision+user
# Commont cleanup
rm -f ~/.bash_history
export HISTSIZE=0
rm -f /var/lib/systemd/random-seed
rm -rf /root/anaconda-ks.cfg
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /var/lib/yum/*
rm -rf /var/log/anaconda*
rm -rf /var/log/yum.log
# Wipe machineid
cat /dev/null > /etc/machine-id
# Fix selinux
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
true
%end
%packages
@core
NetworkManager
WALinuxAgent
chrony
cloud-init
cloud-utils-growpart
cockpit-system
cockpit-ws
dhcp-client
dnf
dnf-utils
dracut-config-generic
dracut-norescue
firewalld
gdisk
grub2
hyperv-daemons
kernel
nfs-utils
python3-jsonschema
qemu-guest-agent
rng-tools
rocky-release
rsync
tar
yum
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-biosdevname
-iprutils
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-langpacks-*
-langpacks-en
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-plymouth
%end

85
Rocky-8-Container.ks → Rocky-8-Container-Base.ks
View File

@ -1,68 +1,73 @@
# This is a minimal Rocky kickstart designed for docker.
# It will not produce a bootable system
# To use this kickstart, run the following command
# livemedia-creator --make-tar \
# --iso=/path/to/boot.iso \
# --ks=rocky-8.ks \
# --image-name=rocky-root.tar.xz
#
# To use this kickstart, run make
# Basic setup information
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
text
keyboard us
rootpw --lock --iscrypted locked
timezone --isUtc --nontp UTC
selinux --enforcing
bootloader --disable
firewall --disabled
network --bootproto=dhcp --device=link --activate --onboot=on
rootpw --lock --iscrypted locked
selinux --disabled
shutdown
bootloader --disable
lang en_US.UTF-8
keyboard us
lang en_US.UTF-8
timezone --isUtc --nontp UTC
# Disk setup
zerombr
clearpart --all --initlabel
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
%pre
dbus-broker-launch --scope=none
%end
%addon com_redhat_kdump --disable
%end
# Package setup
%packages --excludedocs --instLangs=en --nocore --excludeWeakdeps
rocky-release
binutils
-brotli
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
bash
hostname
rootfiles
binutils
coreutils-single
glibc-minimal-langpack
vim-minimal
hostname
iputils # this pulls in systemd, lets ask for it by name, too
less
-gettext*
-firewalld
-os-prober*
rocky-release
rootfiles
tar
-iptables
iputils
-kernel
vim-minimal
yum
-brotli
-dosfstools
-kexec-tools
-e2fsprogs
-firewalld
-fuse-libs
-gettext*
-gnupg2-smime
-grub\*
-iptables
-kernel
-libss
-os-prober*
-pinentry
-qemu-guest-agent
-shared-mime-info
-trousers
-xkeyboard-config
-xfsprogs
-qemu-guest-agent
yum
-grub\*
-xkeyboard-config
%end
%post --erroronfail --log=/root/anaconda-post.log
# container customizations inside the chroot
# Stay compatible
echo 'container' > /etc/dnf/vars/infra
#Generate installtime file record
@ -72,19 +77,27 @@ echo 'container' > /etc/dnf/vars/infra
LANG="en_US"
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
echo 'LANG="C.UTF-8"' > /etc/locale.conf
# systemd fixes
:> /etc/machine-id
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask systemd-logind.service getty.target console-getty.service sys-fs-fuse-connections.mount systemd-remount-fs.service dev-hugepages.mount
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service
# Remove things we don't need
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/
rm -rf /boot
rm -rf /var/lib/dnf/history.*
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
/tmp/* /tmp/.* || true
%end

105
Rocky-8-Container-Minimal.ks Normal file
View File

@ -0,0 +1,105 @@
# This is a minimal Rocky kickstart designed for docker.
# It will not produce a bootable system
# To use this kickstart, run make
# Basic setup information
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
text
bootloader --disable
firewall --disabled
network --bootproto=dhcp --device=link --activate --onboot=on
rootpw --lock --iscrypted locked
selinux --disabled
shutdown
keyboard us
lang en_US.UTF-8
timezone --isUtc --nontp UTC
# Disk setup
zerombr
clearpart --all --initlabel
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
%pre
dbus-broker-launch --scope=none
%end
%addon com_redhat_kdump --disable
%end
# Package setup
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
bash
coreutils-single
glibc-minimal-langpack
microdnf
rocky-release
-brotli
-dosfstools
-e2fsprogs
-firewalld
-fuse-libs
-gettext*
-gnupg2-smime
-grub\*
-hostname
-iptables
-iputils
-kernel
-kexec-tools
-less
-libss
-os-prober*
-pinentry
-qemu-guest-agent
-rootfiles
-shared-mime-info
-tar
-trousers
-vim-minimal
-xfsprogs
-xkeyboard-config
-yum
%end
%post --erroronfail --log=/root/anaconda-post.log
# container customizations inside the chroot
rpm --rebuilddb
/bin/date +%Y-%m-%d_%H:%M:%S > /etc/BUILDTIME
echo 'container' > /etc/dnf/vars/infra
LANG="en_US"
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf
echo 'LANG="C.UTF-8"' > /etc/locale.conf
rm -f /var/lib/dnf/history.*
rm -fr "/var/log/*" "/tmp/*" "/tmp/.*"
for dir in $(ls -d "/usr/share/{locale,i18n}/*" | grep -v 'en_US\|all_languages\|locale\.alias'); do rm -fr $dir; done
# systemd fixes
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
"/tmp/*" "/tmp/.*" || true
%end

113
Rocky-8-Container-UBI.ks Normal file
View File

@ -0,0 +1,113 @@
# This is a minimal Rocky kickstart designed for docker.
# It will not produce a bootable system
# To use this kickstart, run make
# Basic setup information
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
text
bootloader --disable
firewall --disabled
network --bootproto=dhcp --device=link --activate --onboot=on
rootpw --lock --iscrypted locked
selinux --disabled
shutdown
keyboard us
lang en_US.UTF-8
timezone --isUtc --nontp Etc/UTC
# Disk setup
zerombr
clearpart --all --initlabel
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
%pre
dbus-broker-launch --scope=none
%end
%addon com_redhat_kdump --disable
%end
# Package setup
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
bash
coreutils-single
crypto-policies-scripts
curl-minimal
findutils
gdb-gdbserver
glibc-minimal-langpack
gzip
libcurl-minimal
systemd
rocky-release
rootfiles
tar
vim-minimal
which
yum
-dosfstools
-e2fsprogs
-firewalld
-fuse-libs
-gettext*
-gnupg2-smime
-grub\*
-iptables
-kernel
-kexec-tools
-libss
-os-prober*
-pinentry
-qemu-guest-agent
-shared-mime-info
-trousers
-xfsprogs
-xkeyboard-config
%end
%post --erroronfail --log=/root/anaconda-post.log
set -eux
# container customizations inside the chroot
# Stay compatible
echo 'container' > /etc/dnf/vars/infra
#Generate installtime file record
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
# Limit languages to help reduce size.
LANG="en_US"
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
echo 'LANG="C.UTF-8"' > /etc/locale.conf
# systemd fixes
:> /etc/machine-id
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service
# Remove network configuration files leftover from anaconda installation
# https://bugzilla.redhat.com/show_bug.cgi?id=1713089
rm -f /etc/sysconfig/network-scripts/ifcfg-*
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
/var/cache/* /var/log/* \
/tmp/* /tmp/.* || true
%end

104
Rocky-8-Container-WSL.ks Normal file
View File

@ -0,0 +1,104 @@
# This is a minimal Rocky kickstart designed for docker.
# It will not produce a bootable system
# To use this kickstart, run make
# Basic setup information
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
text
bootloader --disable
firewall --disabled
network --bootproto=dhcp --device=link --activate --onboot=on
rootpw --lock --iscrypted locked
selinux --disabled
shutdown
keyboard us
lang en_US.UTF-8
timezone --isUtc --nontp UTC
# Disk setup
zerombr
clearpart --all --initlabel
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
%pre
dbus-broker-launch --scope=none
%end
%addon com_redhat_kdump --disable
%end
# Package setup
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
bash
binutils
coreutils-single
glibc-minimal-langpack
hostname
iputils # this pulls in systemd, lets ask for it by name, too
less
passwd
rocky-release
rootfiles
tar
vim-minimal
yum
-brotli
-dosfstools
-kexec-tools
-e2fsprogs
-firewalld
-fuse-libs
-gettext*
-gnupg2-smime
-grub\*
-iptables
-kernel
-libss
-os-prober*
-pinentry
-qemu-guest-agent
-shared-mime-info
-trousers
-xfsprogs
-xkeyboard-config
%end
%post --erroronfail --log=/root/anaconda-post.log
# container customizations inside the chroot
# Stay compatible
echo 'container' > /etc/dnf/vars/infra
#Generate installtime file record
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
# Limit languages to help reduce size.
LANG="en_US"
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
echo 'LANG="C.UTF-8"' > /etc/locale.conf
# systemd fixes
:> /etc/machine-id
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
/tmp/* /tmp/.* || true
%end

254
Rocky-8-EC2-Base.ks Normal file
View File

@ -0,0 +1,254 @@
text
auth --enableshadow --passalgo=sha512
shutdown
firewall --enabled --service=ssh
firstboot --disable
keyboard us
# System language
lang en_US.UTF-8
# Network information
network --bootproto=dhcp --device=link --activate --onboot=on
network --hostname=localhost.localdomain
# Root password
rootpw --iscrypted thereisnopasswordanditslocked
selinux --enforcing
services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
timezone UTC --isUtc
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10" --location=mbr --timeout=1
# Disk partitioning information
# NOTE(neil): 2023-05-12 NONE of reqpart, clearpart, zerombr can be used. We
# are creating partitions manually in %pre to ensure proper ordering as
# Anaconda does NOT ensure the ordering `part` commands.
part /boot/efi --fstype="efi" --onpart=vda1
part /boot --fstype="xfs" --label=boot --onpart=vda2
part prepboot --fstype="prepboot" --onpart=vda3
part biosboot --fstype="biosboot" --onpart=vda4
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow --onpart=vda5
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary xfs 1106MiB 10.7GB
%end
%post --erroronfail
passwd -d root
passwd -l root
# pvgrub support
#echo -n "Creating grub.conf for pvgrub"
#rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab )
#mkdir /boot/grub
#echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
#for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do
# echo "title Rocky Linux 8 ($kv)" >> /boot/grub/grub.conf
# echo -e "\troot (hd0)" >> /boot/grub/grub.conf
# echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
# echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
# echo
#done
#ln -sf grub.conf /boot/grub/menu.lst
#ln -sf /boot/grub/grub.conf /etc/grub.conf
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
grub2-mkconfig -o /boot/grub2/grub.cfg --no-grubenv-update
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'ec2' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
cat >> /etc/dhcp/dhclient.conf << EOF
timeout 300;
retry 60;
EOF
rm -rf /var/log/yum.log
rm -rf /var/lib/yum/*
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
rm -f /var/lib/systemd/random-seed
cat /dev/null > /etc/machine-id
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# remove these for ec2 debugging
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
blacklist nouveau
EOL
# enable resizing on copied AMIs
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
echo 'add_drivers+=" xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
# reorder console entries
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
true
%end
%packages
@core
chrony
dnf
yum
cloud-init
cloud-utils-growpart
NetworkManager
dracut-config-generic
dracut-norescue
firewalld
gdisk
grub2
kernel
nfs-utils
rsync
tar
dnf-utils
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-biosdevname
-iprutils
-plymouth
python3-jsonschema
qemu-guest-agent
dhcp-client
cockpit-ws
cockpit-system
-langpacks-*
-langpacks-en
rocky-release
rng-tools
%end

73
Rocky-8-EC2.ks → Rocky-8-EC2-LVM.ks
View File

@ -15,14 +15,34 @@ selinux --enforcing
services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
timezone UTC --isUtc
# Disk
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10" --location=mbr --timeout=1 --boot-drive=vda
zerombr
clearpart --all --initlabel
reqpart
part / --fstype="xfs" --ondisk=vda --size=7950
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10" --location=mbr --timeout=1
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
%pre --erroronfail
/usr/sbin/parted -s /dev/vda mklabel gpt
part /boot/efi --fstype=efi --asprimary --onpart=vda1
part /boot --fstype=xfs --label=boot --onpart=vda2
part prepboot --fstype=biosboot --asprimary --onpart=vda3
part biosboot --fstype=biosboot --asprimary --onpart=vda4
part pv.01 --grow --onpart=vda5
volgroup rocky pv.01
logvol / --vgname=rocky --size=8000 --name=root --grow --mkfsoptions="-m bigtime=0,inobtcount=0"
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary ext2 1106MiB 10.7GB
parted /dev/vda set 5 lvm on
%end
%post --erroronfail
@ -30,19 +50,29 @@ passwd -d root
passwd -l root
# pvgrub support
echo -n "Creating grub.conf for pvgrub"
rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab )
mkdir /boot/grub
echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do
echo "title Rocky Linux 8 ($kv)" >> /boot/grub/grub.conf
echo -e "\troot (hd0)" >> /boot/grub/grub.conf
echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
echo
done
ln -sf grub.conf /boot/grub/menu.lst
ln -sf /boot/grub/grub.conf /etc/grub.conf
#echo -n "Creating grub.conf for pvgrub"
#rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab )
#mkdir /boot/grub
#echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
#for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do
# echo "title Rocky Linux 8 ($kv)" >> /boot/grub/grub.conf
# echo -e "\troot (hd0)" >> /boot/grub/grub.conf
# echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
# echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
# echo
#done
#ln -sf grub.conf /boot/grub/menu.lst
#ln -sf /boot/grub/grub.conf /etc/grub.conf
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
grub2-mkconfig -o /boot/grub2/grub.cfg --no-grubenv-update
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
@ -105,6 +135,7 @@ EOL
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
@ -148,7 +179,7 @@ EOL
# enable resizing on copied AMIs
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
echo 'add_drivers+="xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
echo 'add_drivers+=" xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION

242
Rocky-8-GenericCloud-Base.ks Normal file
View File

@ -0,0 +1,242 @@
text
lang en_US.UTF-8
keyboard us
timezone UTC --isUtc
# Disk
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
auth --enableshadow --passalgo=sha512
selinux --enforcing
firewall --enabled --service=ssh
firstboot --disable
# Network information
network --bootproto=dhcp --device=link --activate --onboot=on
network --hostname=localhost.localdomain
# Root password
services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
rootpw --iscrypted thereisnopasswordanditslocked
# Disk partitioning information
# NOTE(neil): 2023-05-12 NONE of reqpart, clearpart, zerombr can be used. We
# are creating partitions manually in %pre to ensure proper ordering as
# Anaconda does NOT ensure the ordering `part` commands.
part /boot/efi --fstype="efi" --onpart=vda1
part /boot --fstype="xfs" --label=boot --onpart=vda2
part prepboot --fstype="prepboot" --onpart=vda3
part biosboot --fstype="biosboot" --onpart=vda4
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow --onpart=vda5
shutdown
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary xfs 1106MiB 10.7GB
%end
%packages
@core
chrony
dnf
yum
cloud-init
cloud-utils-growpart
NetworkManager
dracut-config-generic
dracut-norescue
firewalld
gdisk
grub2
kernel
nfs-utils
rsync
tar
dnf-utils
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-biosdevname
-iprutils
-plymouth
python3-jsonschema
qemu-guest-agent
dhcp-client
cockpit-ws
cockpit-system
-langpacks-*
-langpacks-en
rocky-release
rng-tools
%end
%post --erroronfail
passwd -d root
passwd -l root
# pvgrub support
#echo -n "Creating grub.conf for pvgrub"
#rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab )
#mkdir /boot/grub
#echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
#for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do
# echo "title Rocky Linux 8 ($kv)" >> /boot/grub/grub.conf
# echo -e "\troot (hd0)" >> /boot/grub/grub.conf
# echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
# echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
# echo
#done
#ln -sf grub.conf /boot/grub/menu.lst
#ln -sf /boot/grub/grub.conf /etc/grub.conf
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
grub2-mkconfig -o /boot/grub2/grub.cfg --no-grubenv-update
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'genclo' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
cat >> /etc/dhcp/dhclient.conf << EOF
timeout 300;
retry 60;
EOF
rm -rf /var/log/yum.log
rm -rf /var/lib/yum/*
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
rm -f /var/lib/systemd/random-seed
cat /dev/null > /etc/machine-id
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# reorder console entries
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
true
%end

205
Rocky-8-GenericCloud.ks → Rocky-8-GenericCloud-LVM.ks
View File

@ -1,45 +1,137 @@
text
lang en_US.UTF-8
keyboard us
timezone UTC --isUtc
# Disk
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
auth --enableshadow --passalgo=sha512
shutdown
selinux --enforcing
firewall --enabled --service=ssh
firstboot --disable
ignoredisk --only-use=vda
keyboard us
# System language
lang en_US.UTF-8
# Network information
network --bootproto=dhcp --device=link --activate --onboot=on
network --hostname=localhost.localdomain
# Root password
rootpw --iscrypted thereisnopasswordanditslocked
selinux --enforcing
services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
timezone UTC --isUtc
# Disk
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1 --boot-drive=vda
zerombr
clearpart --all --initlabel
reqpart
part / --fstype="xfs" --ondisk=vda --size=8000
rootpw --iscrypted thereisnopasswordanditslocked
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
shutdown
# Partition stuff
part /boot/efi --fstype=efi --asprimary --onpart=vda1
part /boot --fstype=xfs --label=boot --onpart=vda2
part prepboot --fstype=biosboot --asprimary --onpart=vda3
part biosboot --fstype=biosboot --asprimary --onpart=vda4
part pv.01 --grow --onpart=vda5
volgroup rocky pv.01
logvol / --vgname=rocky --size=8000 --name=root --grow --mkfsoptions="-m bigtime=0,inobtcount=0"
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary ext2 1106MiB 10.7GB
parted /dev/vda set 5 lvm on
%end
%packages
@core
chrony
dnf
yum
cloud-init
cloud-utils-growpart
NetworkManager
dracut-config-generic
dracut-norescue
firewalld
gdisk
grub2
kernel
nfs-utils
rsync
tar
dnf-utils
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-biosdevname
-iprutils
-plymouth
python3-jsonschema
qemu-guest-agent
dhcp-client
cockpit-ws
cockpit-system
-langpacks-*
-langpacks-en
rocky-release
rng-tools
%end
%post --erroronfail
passwd -d root
passwd -l root
# pvgrub support
echo -n "Creating grub.conf for pvgrub"
rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab )
mkdir /boot/grub
echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do
echo "title Rocky Linux 8 ($kv)" >> /boot/grub/grub.conf
echo -e "\troot (hd0)" >> /boot/grub/grub.conf
echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
echo
done
ln -sf grub.conf /boot/grub/menu.lst
ln -sf /boot/grub/grub.conf /etc/grub.conf
#echo -n "Creating grub.conf for pvgrub"
#rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab )
#mkdir /boot/grub
#echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
#for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do
# echo "title Rocky Linux 8 ($kv)" >> /boot/grub/grub.conf
# echo -e "\troot (hd0)" >> /boot/grub/grub.conf
# echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
# echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
# echo
#done
#ln -sf grub.conf /boot/grub/menu.lst
#ln -sf /boot/grub/grub.conf /etc/grub.conf
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
grub2-mkconfig -o /boot/grub2/grub.cfg --no-grubenv-update
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
@ -105,6 +197,7 @@ EOL
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
@ -145,61 +238,3 @@ true
%end
%packages
@core
chrony
dnf
yum
cloud-init
cloud-utils-growpart
NetworkManager
dracut-config-generic
dracut-norescue
firewalld
gdisk
grub2
kernel
nfs-utils
rsync
tar
dnf-utils
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-biosdevname
-iprutils
-plymouth
python3-jsonschema
qemu-guest-agent
dhcp-client
cockpit-ws
cockpit-system
-langpacks-*
-langpacks-en
rocky-release
rng-tools
%end

510
Rocky-8-KDE.ks Normal file
View File

@ -0,0 +1,510 @@
# Generated by pykickstart v3.32
#version=DEVEL
# X Window System configuration information
xconfig --startxonboot
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted --lock locked
# System language
lang en_US.UTF-8
# Shutdown after installation
shutdown
# Network information
network --bootproto=dhcp --device=link --activate
# Firewall configuration
firewall --enabled --service=mdns
# Use network installation
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
repo --name="BaseOS" --baseurl=http://dl.rockylinux.org/pub/rocky/8/BaseOS/$basearch/os/ --cost=200
repo --name="AppStream" --baseurl=http://dl.rockylinux.org/pub/rocky/8/AppStream/$basearch/os/ --cost=200
repo --name="PowerTools" --baseurl=http://dl.rockylinux.org/pub/rocky/8/PowerTools/$basearch/os/ --cost=200
repo --name="extras" --baseurl=http://dl.rockylinux.org/pub/rocky/8/extras/$basearch/os --cost=200
repo --name="epel" --baseurl=https://dl.fedoraproject.org/pub/epel/8/Everything/$basearch/ --cost=200
repo --name="epel-modular" --baseurl=https://dl.fedoraproject.org/pub/epel/8/Modular/$basearch/ --cost=200
# System timezone
timezone US/Eastern
# SELinux configuration
selinux --enforcing
# System services
services --disabled="sshd" --enabled="NetworkManager,ModemManager"
# System bootloader configuration
bootloader --location=none
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all
# Disk partitioning information
part / --fstype="ext4" --size=5120
part / --size=9000
%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/livesys << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
### BEGIN INIT INFO
# X-Start-Before: display-manager chronyd
### END INIT INFO
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
exit 0
fi
if [ -e /.liveimg-configured ] ; then
configdone=1
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
livedir="LiveOS"
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
livedir=\${arg##rd.live.dir=}
continue
fi
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
livedir=\${arg##live_dir=}
fi
done
# Enable swap unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
for s in \$swaps ; do
action "Enabling swap partition \$s" swapon \$s
done
fi
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
fi
# Support for persistent homes
mountPersistentHome() {
# support label/uuid
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
fi
# if we're given a file rather than a blockdev, loopback it
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
# mtd devs don't have a block device but get magic-mounted with -t jffs2
mountopts="-t jffs2"
elif [ ! -b "\$homedev" ]; then
loopdev=\`losetup -f\`
if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
fi
losetup \$loopdev \$homedev
homedev=\$loopdev
fi
# if it's encrypted, we need to unlock it
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
echo
echo "Setting up encrypted /home device"
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
homedev=/dev/mapper/EncHome
fi
# and finally do the mount
mount \$mountopts \$homedev /home
# if we have /home under what's passed for persistent home, then
# we should make that the real /home. useful for mtd device on olpc
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
[ -x /sbin/restorecon ] && /sbin/restorecon /home
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}
# Help locate persistent homes
findPersistentHome() {
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
homedev=\${arg##persistenthome=}
fi
done
}
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
findPersistentHome
elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
homedev=/run/initramfs/live/\${livedir}/home.img
fi
# Mount the persistent home if it's available
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
action "Mounting persistent /home" mountPersistentHome
fi
if [ -n "\$configdone" ]; then
exit 0
fi
# Create the liveuser (no password) so automatic logins and sudo works
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
passwd -d liveuser > /dev/null
usermod -aG wheel liveuser > /dev/null
# Same for root
passwd -d root > /dev/null
# Turn off firstboot (similar to a DVD/minimal install, where it asks
# for the user to accept the EULA before bringing up a TTY)
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
systemctl stop firstboot-text.service 2> /dev/null || :
systemctl stop firstboot-graphical.service 2> /dev/null || :
# Prelinking damages the images
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
# Turn off mdmonitor by default
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
systemctl stop mdmonitor.service 2> /dev/null || :
systemctl stop mdmonitor-takeover.service 2> /dev/null || :
# Even if there isn't gnome, this doesn't hurt.
gsettings set org.gnome.software download-updates 'false' || :
# Disable cron
systemctl --no-reload disable crond.service 2> /dev/null || :
systemctl --no-reload disable atd.service 2> /dev/null || :
systemctl stop crond.service 2> /dev/null || :
systemctl stop atd.service 2> /dev/null || :
# Disable abrt
systemctl --no-reload disable abrtd.service 2> /dev/null || :
systemctl stop abrtd.service 2> /dev/null || :
# Don't sync the system clock when running live (RHBZ #1018162)
sed -i 's/rtcsync//' /etc/chrony.conf
# Mark things as configured
touch /.liveimg-configured
# add static hostname to work around xauth bug
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
# the hostname must be something else than 'localhost'
# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
echo "localhost-live" > /etc/hostname
EOF
# HAL likes to start late.
cat > /etc/rc.d/init.d/livesys-late << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
exit 0
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-late-configured
# Read some stuff out of the kernel cmdline
for o in \`cat /proc/cmdline\` ; do
case \$o in
ks=*)
ks="--kickstart=\${o#ks=}"
;;
xdriver=*)
xdriver="\${o#xdriver=}"
;;
esac
done
# If liveinst or textinst is given, start installer
if strstr "\`cat /proc/cmdline\`" liveinst ; then
plymouth --quit
/usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
plymouth --quit
/usr/sbin/liveinst --text \$ks
fi
# Configure X, allowing user to override xdriver
if [ -n "\$xdriver" ]; then
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
Section "Device"
Identifier "Videocard0"
Driver "\$xdriver"
EndSection
FOE
fi
EOF
chmod 755 /etc/rc.d/init.d/livesys
/sbin/restorecon /etc/rc.d/init.d/livesys
/sbin/chkconfig --add livesys
chmod 755 /etc/rc.d/init.d/livesys-late
/sbin/restorecon /etc/rc.d/init.d/livesys-late
/sbin/chkconfig --add livesys-late
# Enable tmpfs for /tmp - this is a good idea
systemctl enable tmp.mount
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
cat >> /etc/fstab << EOF
vartmp /var/tmp tmpfs defaults 0 0
EOF
# PackageKit likes to play games. Let's fix that.
rm -f /var/lib/rpm/__db*
releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
basearch=$(uname -i)
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
echo "Packages within this LiveCD"
rpm -qa
# Note that running rpm recreates the rpm db files which aren't needed or wanted
rm -f /var/lib/rpm/__db*
# go ahead and pre-make the man -k cache (#455968)
/usr/bin/mandb
# make sure there aren't core files lying around
rm -f /core*
# remove random seed, the newly installed instance should make it's own
rm -f /var/lib/systemd/random-seed
# convince readahead not to collect
# FIXME: for systemd
echo 'File created by kickstart. See systemd-update-done.service(8).' \
| tee /etc/.updated >/var/.updated
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
# See bug 1317709
rm -f /boot/*-rescue*
# Disable network service here, as doing it in the services line
# fails due to RHBZ #1369794 - the error is expected
/sbin/chkconfig network off
# Remove machine-id on generated images
rm -f /etc/machine-id
touch /etc/machine-id
/usr/sbin/fixfiles -R -a restore
# set default GTK+ theme for root (see #683855, #689070, #808062)
cat > /root/.gtkrc-2.0 << EOF
include "/usr/share/themes/Adwaita/gtk-2.0/gtkrc"
include "/etc/gtk-2.0/gtkrc"
gtk-theme-name="Adwaita"
EOF
mkdir -p /root/.config/gtk-3.0
cat > /root/.config/gtk-3.0/settings.ini << EOF
[Settings]
gtk-theme-name = Adwaita
EOF
# add initscript
cat >> /etc/rc.d/init.d/livesys << EOF
# are we *not* able to use wayland sessions?
if strstr "\`cat /proc/cmdline\`" nomodeset ; then
PLASMA_SESSION_FILE="plasmax11.desktop"
else
PLASMA_SESSION_FILE="plasma.desktop"
fi
# set up autologin for user liveuser
if [ -f /etc/sddm.conf ]; then
sed -i 's/^#User=.*/User=liveuser/' /etc/sddm.conf
sed -i "s/^#Session=.*/Session=\${PLASMA_SESSION_FILE}/" /etc/sddm.conf
else
cat > /etc/sddm.conf << SDDM_EOF
[Autologin]
User=liveuser
Session=\${PLASMA_SESSION_FILE}
SDDM_EOF
fi
# add liveinst.desktop to favorites menu
mkdir -p /home/liveuser/.config/
cat > /home/liveuser/.config/kickoffrc << MENU_EOF
[Favorites]
FavoriteURLs=/usr/share/applications/firefox.desktop,/usr/share/applications/org.kde.dolphin.desktop,/usr/share/applications/systemsettings.desktop,/usr/share/applications/org.kde.konsole.desktop,/usr/share/applications/liveinst.desktop
MENU_EOF
# show liveinst.desktop on desktop and in menu
sed -i 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop
# debrand
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/liveinst.desktop
# set executable bit disable KDE security warning
chmod +x /usr/share/applications/liveinst.desktop
mkdir /home/liveuser/Desktop
cp -a /usr/share/applications/liveinst.desktop /home/liveuser/Desktop/
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# Set akonadi backend
mkdir -p /home/liveuser/.config/akonadi
cat > /home/liveuser/.config/akonadi/akonadiserverrc << AKONADI_EOF
[%General]
Driver=QSQLITE3
AKONADI_EOF
# Disable plasma-pk-updates if applicable
rpm -e plasma-pk-updates
# "Disable plasma-discover-notifier"
mkdir -p /home/liveuser/.config/autostart
cp -a /etc/xdg/autostart/org.kde.discover.notifier.desktop /home/liveuser/.config/autostart/
echo 'Hidden=true' >> /home/liveuser/.config/autostart/org.kde.discover.notifier.desktop
# Disable baloo
cat > /home/liveuser/.config/baloofilerc << BALOO_EOF
[Basic Settings]
Indexing-Enabled=false
BALOO_EOF
mkdir -p ~liveuser/.kde/share/config/
# Disable kres-migrator
cat > /home/liveuser/.kde/share/config/kres-migratorrc << KRES_EOF
[Migration]
Enabled=false
KRES_EOF
# Disable kwallet migrator
cat > /home/liveuser/.config/kwalletrc << KWALLET_EOL
[Migration]
alreadyMigrated=true
KWALLET_EOL
# make sure to set the right permissions and selinux contexts
chown -R liveuser:liveuser /home/liveuser/
restorecon -R /home/liveuser/
restorecon -R /
EOF
systemctl enable --force sddm.service
dnf config-manager --set-enabled powertools
%end
%post --nochroot
cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
# only works on x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
# For livecd-creator builds
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
# For lorax/livemedia-creator builds
sed -i '
/## make boot.iso/ i\
# Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
<% f = "usr/bin/livecd-iso-to-disk" %>\
%if exists(f):\
install ${f} ${LIVEDIR}/${f|basename}\
%endif\
' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
fi
%end
%packages
@^kde-desktop-environment
@anaconda-tools
@base-x
@core
@dial-up
@firefox
@fonts
@guest-desktop-agents
@hardware-support
@kde-apps
@kde-media
@multimedia
@standard
aajohan-comfortaa-fonts
anaconda
anaconda-install-env-deps
anaconda-live
chkconfig
dracut-live
epel-release
fuse
glibc-all-langpacks
initscripts
kernel
kernel-modules
kernel-modules-extra
libreoffice-calc
libreoffice-emailmerge
libreoffice-graphicfilter
libreoffice-impress
libreoffice-writer
mariadb-connector-c
mariadb-embedded
mariadb-server
memtest86+
sddm
sddm-themes
sddm-breeze
sddm-kcm
syslinux
gjs
-@admin-tools
-@input-methods
-desktop-backgrounds-basic
-digikam
-gnome-disk-utility
-hplip
-iok
-isdn4k-utils
-k3b
-kdeaccessibility*
-kipi-plugins
-krusader
-ktorrent
-mpage
-scim*
-system-config-printer
-system-config-services
-system-config-users
-xsane
-xsane-gimp
%end

557
Rocky-8-MATE.ks Normal file
View File

@ -0,0 +1,557 @@
# Generated by pykickstart v3.36
#version=DEVEL
# X Window System configuration information
xconfig --startxonboot
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted --lock locked
# System language
lang en_US.UTF-8
# Shutdown after installation
shutdown
# Network information
network --bootproto=dhcp --device=link --activate
# Firewall configuration
firewall --enabled --service=mdns
# Use network installation
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
repo --name="BaseOS" --baseurl=http://dl.rockylinux.org/pub/rocky/8/BaseOS/$basearch/os/ --cost=200
repo --name="AppStream" --baseurl=http://dl.rockylinux.org/pub/rocky/8/AppStream/$basearch/os/ --cost=200
repo --name="PowerTools" --baseurl=http://dl.rockylinux.org/pub/rocky/8/PowerTools/$basearch/os/ --cost=200
repo --name="extras" --baseurl=http://dl.rockylinux.org/pub/rocky/8/extras/$basearch/os --cost=200
repo --name="epel" --baseurl=https://dl.fedoraproject.org/pub/epel/8/Everything/$basearch/ --cost=200
# System timezone
timezone US/Eastern
# SELinux configuration
selinux --enforcing
# System services
services --disabled="sshd" --enabled="NetworkManager,ModemManager"
# System bootloader configuration
bootloader --location=none
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all
# Disk partitioning information
part / --fstype="ext4" --size=5120
part / --size=8192
%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/livesys << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
### BEGIN INIT INFO
# X-Start-Before: display-manager chronyd
### END INIT INFO
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
exit 0
fi
if [ -e /.liveimg-configured ] ; then
configdone=1
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
livedir="LiveOS"
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
livedir=\${arg##rd.live.dir=}
continue
fi
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
livedir=\${arg##live_dir=}
fi
done
# Enable swap unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
for s in \$swaps ; do
action "Enabling swap partition \$s" swapon \$s
done
fi
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
fi
# Support for persistent homes
mountPersistentHome() {
# support label/uuid
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
fi
# if we're given a file rather than a blockdev, loopback it
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
# mtd devs don't have a block device but get magic-mounted with -t jffs2
mountopts="-t jffs2"
elif [ ! -b "\$homedev" ]; then
loopdev=\`losetup -f\`
if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
fi
losetup \$loopdev \$homedev
homedev=\$loopdev
fi
# if it's encrypted, we need to unlock it
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
echo
echo "Setting up encrypted /home device"
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
homedev=/dev/mapper/EncHome
fi
# and finally do the mount
mount \$mountopts \$homedev /home
# if we have /home under what's passed for persistent home, then
# we should make that the real /home. useful for mtd device on olpc
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
[ -x /sbin/restorecon ] && /sbin/restorecon /home
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}
# Help locate persistent homes
findPersistentHome() {
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
homedev=\${arg##persistenthome=}
fi
done
}
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
findPersistentHome
elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
homedev=/run/initramfs/live/\${livedir}/home.img
fi
# Mount the persistent home if it's available
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
action "Mounting persistent /home" mountPersistentHome
fi
if [ -n "\$configdone" ]; then
exit 0
fi
# Create the liveuser (no password) so automatic logins and sudo works
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
passwd -d liveuser > /dev/null
usermod -aG wheel liveuser > /dev/null
# Same for root
passwd -d root > /dev/null
# Turn off firstboot (similar to a DVD/minimal install, where it asks
# for the user to accept the EULA before bringing up a TTY)
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
systemctl stop firstboot-text.service 2> /dev/null || :
systemctl stop firstboot-graphical.service 2> /dev/null || :
# Prelinking damages the images
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
# Turn off mdmonitor by default
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
systemctl stop mdmonitor.service 2> /dev/null || :
systemctl stop mdmonitor-takeover.service 2> /dev/null || :
# Even if there isn't gnome, this doesn't hurt.
gsettings set org.gnome.software download-updates 'false' || :
# Disable cron
systemctl --no-reload disable crond.service 2> /dev/null || :
systemctl --no-reload disable atd.service 2> /dev/null || :
systemctl stop crond.service 2> /dev/null || :
systemctl stop atd.service 2> /dev/null || :
# Disable abrt
systemctl --no-reload disable abrtd.service 2> /dev/null || :
systemctl stop abrtd.service 2> /dev/null || :
# Don't sync the system clock when running live (RHBZ #1018162)
sed -i 's/rtcsync//' /etc/chrony.conf
# Mark things as configured
touch /.liveimg-configured
# add static hostname to work around xauth bug
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
# the hostname must be something else than 'localhost'
# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
echo "localhost-live" > /etc/hostname
EOF
# HAL likes to start late.
cat > /etc/rc.d/init.d/livesys-late << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
exit 0
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-late-configured
# Read some stuff out of the kernel cmdline
for o in \`cat /proc/cmdline\` ; do
case \$o in
ks=*)
ks="--kickstart=\${o#ks=}"
;;
xdriver=*)
xdriver="\${o#xdriver=}"
;;
esac
done
# If liveinst or textinst is given, start installer
if strstr "\`cat /proc/cmdline\`" liveinst ; then
plymouth --quit
/usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
plymouth --quit
/usr/sbin/liveinst --text \$ks
fi
# Configure X, allowing user to override xdriver
if [ -n "\$xdriver" ]; then
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
Section "Device"
Identifier "Videocard0"
Driver "\$xdriver"
EndSection
FOE
fi
EOF
chmod 755 /etc/rc.d/init.d/livesys
/sbin/restorecon /etc/rc.d/init.d/livesys
/sbin/chkconfig --add livesys
chmod 755 /etc/rc.d/init.d/livesys-late
/sbin/restorecon /etc/rc.d/init.d/livesys-late
/sbin/chkconfig --add livesys-late
# Enable tmpfs for /tmp - this is a good idea
systemctl enable tmp.mount
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
cat >> /etc/fstab << EOF
vartmp /var/tmp tmpfs defaults 0 0
EOF
# PackageKit likes to play games. Let's fix that.
rm -f /var/lib/rpm/__db*
releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
basearch=$(uname -i)
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
echo "Packages within this LiveCD"
rpm -qa
# Note that running rpm recreates the rpm db files which aren't needed or wanted
rm -f /var/lib/rpm/__db*
# go ahead and pre-make the man -k cache (#455968)
/usr/bin/mandb
# make sure there aren't core files lying around
rm -f /core*
# remove random seed, the newly installed instance should make it's own
rm -f /var/lib/systemd/random-seed
# convince readahead not to collect
# FIXME: for systemd
echo 'File created by kickstart. See systemd-update-done.service(8).' \
| tee /etc/.updated >/var/.updated
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
# See bug 1317709
rm -f /boot/*-rescue*
# Disable network service here, as doing it in the services line
# fails due to RHBZ #1369794 - the error is expected
/sbin/chkconfig network off
# Remove machine-id on generated images
rm -f /etc/machine-id
touch /etc/machine-id
/usr/sbin/fixfiles -R -a restore
%end
%post --nochroot
cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
# only works on x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
# For livecd-creator builds
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
# For lorax/livemedia-creator builds
sed -i '
/## make boot.iso/ i\
# Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
<% f = "usr/bin/livecd-iso-to-disk" %>\
%if exists(f):\
install ${f} ${LIVEDIR}/${f|basename}\
%endif\
' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
fi
%end
%post
# mate configuration
cat >> /etc/rc.d/init.d/livesys << EOF
# make the installer show up
if [ -f /usr/share/applications/liveinst.desktop ]; then
# Show harddisk install in shell dash
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop ""
fi
mkdir /home/liveuser/Desktop
cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop
chmod +x /home/liveuser/Desktop/liveinst.desktop
# move to anaconda - probably not required for MATE.
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
if [ -f /usr/share/anaconda/gnome/fedora-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
cp /usr/share/anaconda/gnome/fedora-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/fedora-welcome.desktop ~liveuser/.config/autostart/
fi
# rebuild schema cache with any overrides we installed
glib-compile-schemas /usr/share/glib-2.0/schemas
# set up lightdm autologin
sed -i 's/^#autologin-user=.*/autologin-user=liveuser/' /etc/lightdm/lightdm.conf
sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
sed -i 's/^#show-language-selector=.*/show-language-selector=true/' /etc/lightdm/lightdm-gtk-greeter.conf
# set MATE as default session, otherwise login will fail
sed -i 's/^#user-session=.*/user-session=mate/' /etc/lightdm/lightdm.conf
# Turn off PackageKit-command-not-found while uninstalled
if [ -f /etc/PackageKit/CommandNotFound.conf ]; then
sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
fi
# The updater applet might or might not exist
rm -f /etc/xdg/autostart/org.mageia.dnfdragora-updater.desktop
# reset selinux contexts
chown -R liveuser:liveuser /home/liveuser/
restorecon -R /home/liveuser/
restorecon -R /
EOF
# this doesn't come up automatically. not sure why.
systemctl enable --force lightdm.service
# CRB needs to be enabled for EPEL to function.
dnf config-manager --set-enabled powertools
%end
%packages
@anaconda-tools
@base-x
@core
@dial-up
@fonts
@guest-desktop-agents
@hardware-support
@input-methods
@multimedia
@standard
NetworkManager-adsl
NetworkManager-bluetooth
NetworkManager-l2tp-gnome
NetworkManager-libreswan-gnome
NetworkManager-openconnect-gnome
NetworkManager-openvpn-gnome
NetworkManager-ovs
NetworkManager-ppp
NetworkManager-pptp-gnome
NetworkManager-team
NetworkManager-wifi
NetworkManager-wwan
aajohan-comfortaa-fonts
anaconda
anaconda-install-env-deps
anaconda-live
atril
atril-caja
atril-thumbnailer
caja
caja-actions
chkconfig
dconf-editor
dracut-live
efi-filesystem
efibootmgr
efivar-libs
engrampa
eom
epel-release
f36-backgrounds-extras-mate
f36-backgrounds-mate
filezilla
firefox
firewall-applet
firewall-config
glibc-all-langpacks
gnome-disk-utility
gnome-epub-thumbnailer
gparted
grub2-common
grub2-efi-*64
grub2-efi-*64-cdboot
grub2-pc-modules
grub2-tools
grub2-tools-efi
grub2-tools-extra
grub2-tools-minimal
grubby
gstreamer1-plugins-ugly-free
gtk2-engines
gucharmap
gvfs-fuse
gvfs-gphoto2
gvfs-mtp
gvfs-smb
hexchat
initial-setup-gui
initscripts
kernel
kernel-modules
kernel-modules-extra
libmatekbd
libmatemixer
libmateweather
libreoffice-calc
libreoffice-emailmerge
libreoffice-graphicfilter
libreoffice-impress
libreoffice-writer
libsecret
lightdm
lm_sensors
marco
mate-applets
mate-backgrounds
mate-calc
mate-control-center
mate-desktop
mate-dictionary
mate-disk-usage-analyzer
mate-icon-theme
mate-media
mate-menus
mate-menus-preferences-category-menu
mate-notification-daemon
mate-panel
mate-polkit
mate-power-manager
mate-screensaver
mate-screenshot
mate-search-tool
mate-sensors-applet
mate-session-manager
mate-settings-daemon
mate-system-log
mate-system-monitor
mate-terminal
mate-themes
mate-user-admin
mate-user-guide
mate-utils
memtest86+
mozo
network-manager-applet
nm-connection-editor
orca
p7zip
p7zip-plugins
parole
pavucontrol
pipewire
pluma
pluma-plugins
rocky-backgrounds
seahorse
seahorse-caja
setroubleshoot
shim-*64
slick-greeter-mate
syslinux
thunderbird
tigervnc
usermode-gtk
vim-enhanced
xdg-user-dirs-gtk
xmodmap
xrdb
yelp
gjs
-@3d-printing
-@admin-tools
-audacious
-brasero
-evolution-help
-fedora-icon-theme
-gnome-icon-theme
-gnome-icon-theme-symbolic
-gnome-logs
-gnome-software
-gnome-user-docs
-hplip
-isdn4k-utils
-mpage
-sane-backends
-shim-unsigned-*64
-systemd-oomd-defaults
-telnet
-xane-gimp
-xsane
%end

391
Rocky-8-OCP-Base.ks Normal file
View File

@ -0,0 +1,391 @@
#version=DEVEL
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted thereisnopasswordanditslocked
# System language
lang en_US.UTF-8
# Shutdown after installation
shutdown
# System timezone
timezone UTC --isUtc
# Use text mode install
text
# Network information
network --bootproto=dhcp --device=link --activate
network --bootproto=dhcp --hostname=localhost.localdomain
repo --name="oraclelinux-addons" --baseurl=http://yum.oracle.com/repo/OracleLinux/OL8/addons/$basearch/ --excludepkgs="kernel" --install
# Use network installation
url --url="https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/"
# System authorization information
auth --enableshadow --passalgo=sha512
# Firewall configuration
firewall --enabled --service=ssh
firstboot --disable
# SELinux configuration
selinux --enforcing
# System services
services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
# System bootloader configuration
bootloader --append="console=ttyS0,115200n8 console=tty0 no_timer_check crashkernel=auto net.ifnames=0 LANG=en_US.UTF-8 transparent_hugepage=never rd.luks=0 rd.md=0 rd.dm=0 rd.lvm.vg=rocky rd.lvm.lv=rocky/root rd.net.timeout.dhcp=10 libiscsi.debug_libiscsi_eh=1 netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi ip=dhcp rd.iscsi.bypass rd.iscsi.param=node.session.timeo.replacement_timeout=6000" --location=mbr --timeout=1 --boot-drive=vda
# Disk partitioning information
part /boot/efi --fstype="efi" --onpart=vda1
part /boot --fstype="xfs" --label=boot --onpart=vda2
part prepboot --fstype="prepboot" --onpart=vda3
part biosboot --fstype="biosboot" --onpart=vda4
part pv.01 --grow --size=1 --onpart=vda5
volgroup rocky pv.01
logvol / --grow --size=8000 --mkfsoptions="-m bigtime=0,inobtcount=0" --name=root --vgname=rocky
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary ext2 1106MiB 10.7GB
parted /dev/vda set 5 lvm on
%end
%post --erroronfail
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'oci' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
cat >> /etc/dhcp/dhclient.conf << EOF
timeout 300;
retry 60;
EOF
# OCI - Import repo GPG key
cat <<EOF > /tmp/key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)
mQINBFyr9g0BEADVpB339zKe27a0LAQn4jWDYfX4ttCgYbX1sgyOKclO2ZMxdLIF
2Tz1KrmLim0am6ltTYIVpP0hVHsH1iy7MaVg1K/vaYIS8djL3SrmjX70P3QKIru5
Hr8iGOKvX4jMHbUZmghZyVRdvl2QNc9oh+l+i3CzyChFlNV3dGlmsaBRT6o5Ecvn
ZQ8cVdsbFnRAYpCDO65wOCujWNVe2F5eA6xy4mQfVOCuF7jY1sb4zRanTVE0hZyy
ig6OeTZjutjr7V+kDrT5K3PdXn2kPsVWcEdJJOta+hqJ9wnA1aiTJNNpvRP6fJtv
iw8poJqJID7VUPTfGp38k6sPfe4BmqEfRSUbNT5JKCFvlp4Y39pHzmKfX+8jjeZ2
XgBx/Z4GsW6q/tAOksZ8nHB/XIPZkr6V+tXXZP4D5peNIWLxhza585FDiGi8d1Z4
KIMpeqJhUu24vre9rmYn2wOFP6GYZfi1KOMImAjQC13BktpAlSqDNzCQepoNfvoG
iO8v0sO8mHy16fpp+hk7T4hveScoYYIBaTMcdTElvPjA5mgXTaBF/qttF1LlFf51
PvNkKQVoCR7V9+puZGsWeq9Kv+GaUYC3uKo96MKCO4G34uSu9uYo4eZ3yr7GslSM
6rB0Fi4yfDT9R9mS8YHpuCKhgQ5IUBl6x72h1s02+maheeH0CZMbV/7hEwARAQAB
tERPcmFjbGUgT1NTIGdyb3VwIChPcGVuIFNvdXJjZSBTb2Z0d2FyZSBncm91cCkg
PGJ1aWxkQG9zcy5vcmFjbGUuY29tPokCPgQTAQIAKAUCXKv2DQIbAwUJJZgGAAYL
CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQglYuqa2YbaN53w/+Lx4cqKifslEa
BpWz4yqHcAtuz25sCW4wbH4V56EfKZAh+WQ/JwPFybSywqbzgIUrIlzg8CMuUnKM
5BElUkKPDYI+CjvUtP0B9eFThqjp7WNly0IQX8qC6p/gTLDXuEbKLj+EfLvKihqc
L2tJIaQWiQAaftG5DFHIanZpVr88eXJwAMCle/m29x7K4g0c959vZdFF7iggIcHl
TJ3GWGbLzRXi0fXVTQJAltR5Gx+FnRnSmAplL6j1UG1cgesZrfJZbNsl0+5Eq4oH
UN3sTgaqTYaMWR7jH6HFF+5d05ndpltLXbG6Ia1c1Z4e+ha2ehBnceBxSCt5VT5z
tmvJCm4QT4+S8AKsdQLpx3XWTWs5B41DYy3yQHaQz+So42YEtvGCemPsCfkid8ZN
Eltl9KM0iHYJbFehv2ckZe4RVNEDVgurlnEEKICvhfwS4bz2IQZPSYQLGLmUYwpp
kf2VjkDhTQUMp1iqLXsolCjDfTcZrlUaAEXP7A1wuLBlAEHE/yZOZbqcgE4AZKkV
nJYmu2lrSkNhisMOVsVhDyCyFEw1+fD+RnvR9uNHOqgeTV/6kOyGu+nC8dnwKyq0
wLJzu+8ENdemcvld9pwx3FPWTGQ4GGNJ3MVdwfwnYkg5vKGDSOmPDuEnnxkaPJrT
JIHSJXfjSg/M0PiLGXcOMpGVNebpSQK5Ag0EXKv2DQEQAKHZmlvNo+/+amYh9Ogn
lzSUctqLENke8m7Q7HXUakEZgTfRU0an+9TmfoUCyHS11q3A0l+FoB/FBT45ByxU
df850oQd0PApqo5NxNpQCqYgOCOpTHT0SnRh9gQCDGgzfYSZl8ME+izEU5WOjQ51
g/2ajODXGIWHPwYE8lZyF7tE7bFNEwve7sIrQefAR0eASz8PMFdQ5US/vYZQ+jeL
U2dZqfl2B7AnP7MuXpa31MkhB3laYdH+vWaQLPbk/bh7cvKtkDbDHY13NS2nTpWy
fjeUCFpDHupzMNkclc0If44WKA1a0sO7d6mBWyVM0IgrCxieXJ/EZVFkhXEulcGu
+L0iHhkR9NA6dRXvC/wJnsCASjzxFqyzlhTfNR1QwWdZJpC8Il9oH3VcrT4TtEvJ
DxuXTMqeMSOfNSsdqaiE9u6tgbC13qBTvbsoBg9Rs2hY2nRqUhNhvMoRbt1U1qXw
hn/9g1f+1i3GvED6j2AuWMnU9zehR32iuGQl48ko428bREPz08AY++v3/n4U/cbs
oJzAvCg1+WYQe26v0mIJIuzOmeFRmXcaTHUZvyY6aqSvQeOno0h1cjRZAN9T6Z8q
lYbwh8yhGNlfybQPmld/oeiDNVr43sSl6W02TOLFZ36h2eGpt2LKUVz+zFQwrAdF
u6Uo/1lgGRGbzBezNgUCkQCLABEBAAGJAiUEGAECAA8FAlyr9g0CGwwFCSWYBgAA
CgkQglYuqa2YbaO4Eg//WREjdHosvTLPbjDwmtH0R3Twis/eqHPSq57I9jDSOvRD
Wkv4/CidBu1+FsTDpInn4wiAIE9eMb/L89Cc2Y5LyzHlzORJMEgzEqcjIewqRcEy
vMbyTnx4Gc4hKiMhRcMLWQuWp6/JT09+B3oPzQLXHvuAuKu0ZjFJl16obdoL7tAT
AOPtqmxkwt22G1lBkGUVCOiEuwg1+9AgiMhDHt6Gg8wHjKoQiHv4peGDKxcldfTF
TAH03vx+2mwT61a/RjE1YqHzmlqmTa89SDNDStrG2VikSB0YdDuqSzB6FMcURktJ
wwyhOKEjJ4c20wZG5xQfiJfOcij2QYPW5vYtQNCnKfspsF7BCP/GXdYATgyajCxp
4pkNsAZlRyHUx1zPMR1E1+se+l5s18y0V+b+1YBEmAmcEML9Rev+Rbyd+YXmJ+P9
rDThkvPXxV+4HZgl0mXvTd1CUUnNnd40ZSzFo8hTmr/+j2T7iR3wcxnoyv/d8MOU
quYsKDLdBr9ng+Cvbf/8lNJJ6dbCQAcEXvRn8FKjq+iP+hHPXXOh/FrMvBJrbD3V
6F65eyvyLMN74Caxd2B2ru01yLNGARZr8iOH3cdt4byC0lSA51yNePooe6HfgCEA
sFEvovilr7kFbspDGrP49wh0evtRDPmqfjMLiiaRxOXefOjbh8XqrfNGDTCQzdE=
=dTZ0
-----END PGP PUBLIC KEY BLOCK-----
EOF
rpm --import /tmp/key
rm -rf /var/log/yum.log
rm -rf "/var/lib/yum/*"
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
rm -f /var/lib/systemd/random-seed
cat /dev/null > /etc/machine-id
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# remove these for debugging
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
# OCI - Start ocid on boot
systemctl enable ocid.service
# enable resizing on copied AMIs
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
# OCI - Need iscsi as a dracut module
echo 'add_dracutmodules+=" iscsi "' > /etc/dracut.conf.d/iscsi.conf
# OCI - Virtio drivers
echo 'add_drivers+=" virtio virtio_blk virtio_net virtio_pci virtio_ring virtio_scsi virtio_console "' > /etc/dracut.conf.d/virtio.conf
# OCI - YOLO
mkdir -p /usr/lib/dracut/modules.d/95oci
OCIDRACUT="H4sIAGtFHmMAA+2WWW/bOBCA/Vr+illZzQXoluPUhgMURYrmpS02fevuGpJIWYQVUiWpJoHr/15S
crLZZBs3QA8U5QfYosQ5NUNSrRRBTfMAi6xoVXDOcVsT6ePg2YgXNBh8C0LNeDTqrpq7124cpfF4
nIzT8fhwEEaj+HA8gNE38b6FVqpMAAwE5+ohuW3zvyjtw/UnLMtr4lFZSOrlV00mpS+rR/rYUv84
StJBlIx10ZNREscD/SRNkwGE3yXjO/zm9R/+EeSUBbJCQ/AOPNANQCYgK1LXniwEbdQUKMOEKU9l
ufT6eUbrqRby8kzSwuNlKYmaQDo1JrQhcjkBJWdHIC9mKUg9TIEoKGlN1FVDZtobGr7NVFFB11nm
3YLikNU1v4A8ozXwVgEtQVUEullM5RKKjGkZQTJ8BTmBkrcMo6Eg5QTeiCxvFxMYJmESxWGYImRc
wYLo8i7gOMDkY8Dauob4eCeCT5/Ah1uN7+mhbmx0+vrs5M93s10kZo67Mp6Hec2L5WTtIB1Oby3n
vIYQBPa76P1+XcDODrwHj4DjCgf+nprYGSDQlFwA69KgDNy93ooERpR5uD8FzDs5w3utv+qEnz6d
HKwdmIHTudE2TdgFZ4qyltwodGk2mZBk3snNO0dfTlh7vc722sQ9bcftInCMmiCqFQyiG+lN2HPC
ipm7J5WYC9LUWUH+VXMC/fsrLp39TgtzRuAe3RQpKr5JcAJnS9o0lC3AveXD930HjnfiR4lDl/7y
XC5uqUkjT7CZdgJ13gSdHbP+FcHebSNOr3VJFYSopGgXfWX1S21ZmgV109c3rYCuwzgxe6oJ+/Ts
xdkpbPR5oyhn15l+leR/kuw13L6BdeFAEgwehd3gn7fP372a+QdusBK9ilSYmniq9RTc1eU0MBKB
HnwI11P9n6x3/ycP3QsXme4E56VeoNr4g9GZt/az9zbLdrac//29p7f3tnn8wb9h2/dfchjdOf/D
OIns+f8j2Jz/+iD/4V8ARUWK5d4+rNCTzRkTojVCmDSEYXl/gjJdqrruJ8zNvOJ8CY0gXqt3NTg6
0vufjg5T8YXvVkeb+dkv3GKxWCwWi8VisVgsFovFYrFYLBaLxWL5jnwGdMMrBgAoAAA="
base64 -d <<<"$OCIDRACUT" | tar -xz
OCICLOUDCFG="IyBPQ0kgY2xvdWQtaW5pdCBjb25maWd1cmF0aW9uCmRhdGFzb3VyY2VfbGlzdDogWydPcmFjbGUn
LCAnT3BlblN0YWNrJ10KZGF0YXNvdXJjZToKICBPcGVuU3RhY2s6CiAgICBtZXRhZGF0YV91cmxz
OiBbJ2h0dHA6Ly8xNjkuMjU0LjE2OS4yNTQnXQogICAgdGltZW91dDogMTAKICAgIG1heF93YWl0
OiAyMAoKIyBzd2FwIGZpbGUKc3dhcDoKICAgZmlsZW5hbWU6IC8uc3dhcGZpbGUKICAgc2l6ZTog
ImF1dG8iCgpjbG91ZF9pbml0X21vZHVsZXM6CiMgT0NJOiBkaXNrX3NldHVwIGlzIGRpc2FibGVk
CiMtIGRpc2tfc2V0dXAKIC0gbWlncmF0b3IKIC0gYm9vdGNtZAogLSB3cml0ZS1maWxlcwojIE9D
STogVGhlIGdyb3dwYXJ0IG1vZHVsZSBpcyBkaXNhYmxlZCBieSBkZWZhdWx0LiBUbyBlbmFibGUg
YXV0b21hdGljIGJvb3Qgdm9sdW1lIHJlc2l6aW5nLCB1bmNvbW1lbnQKIyB0aGUgYmVsb3cgZW50
cnkgZm9yICctIGdyb3dwYXJ0JyBhbmQgcmVib290LiBBbGwgdGhlIGRlcGVuZGVudCBwYWNrYWdl
cyBmb3IgdGhlIGdyb3dwYXJ0CiMgbW9kdWxlIHRvIHdvcmsgc3VjaCBhcyBjbG91ZC11dGlscy1n
cm93cGFydCBhbmQgZ2Rpc2sgYXJlIGFscmVhZHkgaW5jbHVkZWQgaW4gdGhlIGltYWdlLgojLSBn
cm93cGFydAogLSByZXNpemVmcwojIE9DSTogc2V0X2hvc3RuYW1lLCB1cGRhdGVfaG9zdG5hbWUs
IHVwZGF0ZV9ldGNfaG9zdHMgYXJlIGRpc2FibGVkCiMtIHNldF9ob3N0bmFtZQojLSB1cGRhdGVf
aG9zdG5hbWUKIy0gdXBkYXRlX2V0Y19ob3N0cwogLSByc3lzbG9nCiAtIHVzZXJzLWdyb3Vwcwog
LSBzc2gKCmNsb3VkX2NvbmZpZ19tb2R1bGVzOgogLSBtb3VudHMKIC0gbG9jYWxlCiAtIHNldC1w
YXNzd29yZHMKIyBPQ0k6IHJoX3N1YnNjcmlwdGlvbiBpcyBkaXNhYmxlZAojLSByaF9zdWJzY3Jp
cHRpb24KIC0geXVtLWFkZC1yZXBvCiAtIHBhY2thZ2UtdXBkYXRlLXVwZ3JhZGUtaW5zdGFsbAog
LSB0aW1lem9uZQogLSBudHAKIC0gcHVwcGV0CiAtIGNoZWYKIC0gc2FsdC1taW5pb24KIC0gbWNv
bGxlY3RpdmUKIC0gZGlzYWJsZS1lYzItbWV0YWRhdGEKIC0gcnVuY21kCgpjbG91ZF9maW5hbF9t
b2R1bGVzOgogLSByaWdodHNjYWxlX3VzZXJkYXRhCiAtIHNjcmlwdHMtcGVyLW9uY2UKIC0gc2Ny
aXB0cy1wZXItYm9vdAogLSBzY3JpcHRzLXBlci1pbnN0YW5jZQogLSBzY3JpcHRzLXVzZXIKIC0g
c3NoLWF1dGhrZXktZmluZ2VycHJpbnRzCiAtIGtleXMtdG8tY29uc29sZQogLSBwaG9uZS1ob21l
CiAtIGZpbmFsLW1lc3NhZ2UKIyBPQ0k6IHBvd2VyLXN0YXRlLWNoYW5nZSBpcyBkaXNhYmxlZAoj
LSBwb3dlci1zdGF0ZS1jaGFuZ2UKCg=="
base64 -d <<<"$OCICLOUDCFG" >> /etc/cloud/cloud.cfg.d/99_oci.cfg
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%%{V}-%%{R}.%%{arch}\n')
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
passwd -d root
passwd -l root
# Copyright (C) 2020 Oracle Corp., Inc. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl
#
# /usr/lib/oci-linux-config/cloud/scripts/initramfs-mod/net.sh
#
echo "$(date) - OCI initramfs network modification script started."
# Symlink network config files where cloud-init >= 19.4 expects them
DRACUT_CFG=/run/initramfs/state/etc/sysconfig/network-scripts
CI_DIR=/run
if [ -d $DRACUT_CFG ]; then
FILE_COUNT=`ls $DRACUT_CFG | wc -l`
if [ $FILE_COUNT -eq 0 ]; then
# Create dummy file if dracut did not create network device config
dummycfg=$CI_DIR/net-dummy.conf
echo "DEVICE=\"dummy\"" > $dummycfg
echo "BOOTPROTO=dhcp" >> $dummycfg
echo "$(date) - Creating dummy config $dummycfg."
else
for dcfg in $DRACUT_CFG/*; do
filename=${dcfg##*/}
devname=${filename##ifcfg-}
cicfg=$CI_DIR/net-$devname.conf
if [ ! -e $cicfg ]; then
echo "$(date) - Creating symlink from $dcfg to $cicfg."
ln -s $dcfg $cicfg
fi
done
fi
fi
echo "$(date) - OCI initramfs network modification script done."
true
%end
%packages
@core
NetworkManager
chrony
cloud-init
cloud-utils-growpart
cockpit-system
cockpit-ws
dhcp-client
dnf
dnf-utils
dracut-config-generic
firewalld
gdisk
grub2
iscsi-initiator-utils
kernel
nfs-utils
oci-utils
python3-jsonschema
qemu-guest-agent
rng-tools
rocky-release
rsync
tar
yum
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-biosdevname
-iprutils
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-langpacks-*
-langpacks-en
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-plymouth
%end

191
Rocky-8-Vagrant-Libvirt.ks Normal file
View File

@ -0,0 +1,191 @@
#version=DEVEL
# Keyboard layouts
keyboard --vckeymap=us
# Root password
rootpw --plaintext vagrant
# System language
lang en_US
# Shutdown after installation
shutdown
user --name=vagrant --password=vagrant
# System timezone
timezone UTC --isUtc
# Use text mode install
text
# Network information
network --bootproto=dhcp --device=link --activate
repo --name="plus" --baseurl=http://dl.rockylinux.org/pub/rocky/8/plus/$basearch/os
# Use network installation
url --url="https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/"
# Firewall configuration
firewall --disabled
# Do not configure the X Window System
skipx
# System services
services --enabled="vmtoolsd"
# System bootloader configuration
bootloader --append="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop rd.lvm.vg=rocky rd.lvm.lv=rocky/root" --location=mbr --timeout=1
# Disk partitioning information
part /boot/efi --fstype="efi" --onpart=vda1
part /boot --fstype="xfs" --label=boot --onpart=vda2
part prepboot --fstype="prepboot" --onpart=vda3
part biosboot --fstype="biosboot" --onpart=vda4
part pv.01 --grow --size=1 --onpart=vda5
volgroup rocky pv.01
logvol / --grow --size=8000 --mkfsoptions="-m bigtime=0,inobtcount=0" --name=root --vgname=rocky
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary ext2 1106MiB 10.7GB
parted /dev/vda set 5 lvm on
%end
%post
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# configure swap to a file
fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
# sudo
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
chmod 0440 /etc/sudoers.d/vagrant
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT="yes"
EOF
# sshd: disable password authentication and DNS checks
ex -s /etc/ssh/sshd_config <<EOF
:%substitute/^\(PasswordAuthentication\) yes$/\1 no/
:%substitute/^#\(UseDNS\) yes$/&\r\1 no/
:update
:quit
EOF
cat >>/etc/sysconfig/sshd <<EOF
# Decrease connection time by preventing reverse DNS lookups
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
# and man sshd for more information)
OPTIONS="-u0"
EOF
# Default insecure vagrant key
mkdir -m 0700 -p /home/vagrant/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
chmod 600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant:vagrant /home/vagrant/.ssh
# Fix for issue #76, regular users can gain admin privileges via su
ex -s /etc/pam.d/su <<'EOF'
# allow vagrant to use su, but prevent others from becoming root or vagrant
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
:append
account [success=1 default=ignore] \\
pam_succeed_if.so user = vagrant use_uid quiet
account required pam_succeed_if.so user notin root:vagrant
.
:update
:quit
EOF
# systemd should generate a new machine id during the first boot, to
# avoid having multiple Vagrant instances with the same id in the local
# network. /etc/machine-id should be empty, but it must exist to prevent
# boot errors (e.g. systemd-journald failing to start).
:>/etc/machine-id
echo 'vag' > /etc/yum/vars/infra
# Blacklist the floppy module to avoid probing timeouts
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
# Customize the initramfs
pushd /etc/dracut.conf.d
# Enable VMware PVSCSI support for VMware Fusion guests.
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
# There's no floppy controller, but probing for it generates timeouts
echo 'omit_drivers+=" floppy "' > nofloppy.conf
popd
# Fix the SELinux context of the new files
restorecon -f - <<EOF
/etc/sudoers.d/vagrant
/etc/dracut.conf.d/vmware-fusion-drivers.conf
/etc/dracut.conf.d/hyperv-drivers.conf
/etc/dracut.conf.d/nofloppy.conf
EOF
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
# Seal for deployment
rm -rf /etc/ssh/ssh_host_*
hostnamectl set-hostname localhost.localdomain
rm -rf /etc/udev/rules.d/70-*
%end
%addon com_redhat_kdump --disable
%end
%packages --instLangs=en
bash-completion
bzip2
chrony
cifs-utils
hyperv-daemons
man-pages
nfs-utils
open-vm-tools
rsync
yum-utils
-dracut-config-rescue
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-iwl7260-firmware
-microcode_ctl
-plymouth
%end

146
Rocky-8-x86_64-Vagrant.ks → Rocky-8-Vagrant-VMware.ks
View File

@ -1,67 +1,51 @@
url --url=http://dl.rockylinux.org/pub/rocky/8/BaseOS/x86_64/os
repo --name=AppStream --baseurl=http://dl.rockylinux.org/pub/rocky/8/AppStream/x86_64/os
text
keyboard --vckeymap us
lang en_US
skipx
network --bootproto=dhcp --device=link --activate --onboot=on
#version=DEVEL
# Keyboard layouts
keyboard --vckeymap=us
# Root password
rootpw --plaintext vagrant
firewall --disabled
timezone --utc UTC
services --enabled=vmtoolsd
# The biosdevname and ifnames options ensure we get "eth0" as our interface
# even in environments like virtualbox that emulate a real NW card
bootloader --timeout=1 --append="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop"
zerombr
clearpart --all --initlabel
part / --fstype=xfs --asprimary --size=1024 --grow
user --name=vagrant --plaintext --password=vagrant
# System language
lang en_US
# Shutdown after installation
shutdown
user --name=vagrant --password=vagrant
# System timezone
timezone UTC --isUtc
# Use text mode install
text
# Network information
network --bootproto=dhcp --device=link --activate
repo --name="plus" --baseurl=http://dl.rockylinux.org/pub/rocky/8/plus/$basearch/os
# Use network installation
url --url="https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/"
# Firewall configuration
firewall --disabled
# Do not configure the X Window System
skipx
%packages --instLangs=en
bash-completion
man-pages
bzip2
rsync
nfs-utils
cifs-utils
chrony
yum-utils
hyperv-daemons
open-vm-tools
# Vagrant boxes aren't normally visible, no need for Plymouth
-plymouth
# Microcode updates cannot work in a VM
-microcode_ctl
# Firmware packages are not needed in a VM
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-iwl7260-firmware
# Don't build rescue initramfs
-dracut-config-rescue
%end
# kdump needs to reserve 160MB + 2bits/4kB RAM, and automatic allocation only
# works on systems with at least 2GB RAM (which excludes most Vagrant boxes)
# CBS doesn't support %addon yet https://bugs.centos.org/view.php?id=12169
%addon com_redhat_kdump --disable
%end
# System services
services --enabled="vmtoolsd"
# System bootloader configuration
bootloader --append="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop" --location=mbr --timeout=1
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel --disklabel=gpt
# Disk partitioning information
part biosboot --size=1 --fstype=biosboot --asprimary
part /boot/efi --size=100 --fstype=efi --asprimary
part /boot --size=1000 --fstype=xfs --label=boot
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow
%post
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# configure swap to a file
fallocate -l 2G /swapfile
chmod 600 /swapfile
@ -72,6 +56,10 @@ echo "/swapfile none swap defaults 0 0" >> /etc/fstab
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
chmod 0440 /etc/sudoers.d/vagrant
# vmware needs open-vm-tools; on aarch, this is in plus
dnf config-manager --set-enabled=plus
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
@ -107,9 +95,9 @@ ex -s /etc/pam.d/su <<'EOF'
# allow vagrant to use su, but prevent others from becoming root or vagrant
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
:append
account [success=1 default=ignore] \\
pam_succeed_if.so user = vagrant use_uid quiet
account required pam_succeed_if.so user notin root:vagrant
account [success=1 default=ignore] \\
pam_succeed_if.so user = vagrant use_uid quiet
account required pam_succeed_if.so user notin root:vagrant
.
:update
:quit
@ -139,7 +127,6 @@ popd
restorecon -f - <<EOF
/etc/sudoers.d/vagrant
/etc/dracut.conf.d/vmware-fusion-drivers.conf
/etc/dracut.conf.d/hyperv-drivers.conf
/etc/dracut.conf.d/nofloppy.conf
EOF
@ -152,3 +139,36 @@ rm -rf /etc/ssh/ssh_host_*
hostnamectl set-hostname localhost.localdomain
rm -rf /etc/udev/rules.d/70-*
%end
%addon com_redhat_kdump --disable
%end
%packages --instLangs=en
bash-completion
bzip2
chrony
cifs-utils
man-pages
nfs-utils
open-vm-tools
rsync
yum-utils
-dracut-config-rescue
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-iwl7260-firmware
-microcode_ctl
-plymouth
%end

186
Rocky-8-Vagrant-Vbox.ks Normal file
View File

@ -0,0 +1,186 @@
#version=DEVEL
# Keyboard layouts
keyboard --vckeymap=us
# Root password
rootpw --plaintext vagrant
# System language
lang en_US
# Shutdown after installation
shutdown
user --name=vagrant --password=vagrant
# System timezone
timezone UTC --isUtc
# Use text mode install
text
# Network information
network --bootproto=dhcp --device=link --activate
repo --name="plus" --baseurl=http://dl.rockylinux.org/pub/rocky/8/plus/$basearch/os
# Use network installation
url --url="https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/"
# Firewall configuration
firewall --disabled
# Do not configure the X Window System
skipx
# System services
services --enabled="vmtoolsd"
# System bootloader configuration
bootloader --append="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop" --location=mbr --timeout=1
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel --disklabel=gpt
# Disk partitioning information
part biosboot --size=1 --fstype=biosboot --asprimary
part /boot/efi --size=100 --fstype=efi --asprimary
part /boot --size=1000 --fstype=xfs --label=boot
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow
%post
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# configure swap to a file
fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
# sudo
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
chmod 0440 /etc/sudoers.d/vagrant
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT="yes"
EOF
# sshd: disable password authentication and DNS checks
# for virtualbox we're disabling it after provisioning
# Decrease connection time by preventing reverse DNS lookups
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
# and man sshd for more information)
OPTIONS="-u0"
EOF
# Default insecure vagrant key
mkdir -m 0700 -p /home/vagrant/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
chmod 600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant:vagrant /home/vagrant/.ssh
# Fix for issue #76, regular users can gain admin privileges via su
ex -s /etc/pam.d/su <<'EOF'
# allow vagrant to use su, but prevent others from becoming root or vagrant
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
:append
account [success=1 default=ignore] \\
pam_succeed_if.so user = vagrant use_uid quiet
account required pam_succeed_if.so user notin root:vagrant
.
:update
:quit
EOF
# Install VBoxGuestAdditions for installed kernel
kver=$(rpm -q --queryformat="%{VERSION}-%{RELEASE}.%{ARCH}" kernel)
dnf -y install kernel-devel gcc make perl elfutils-libelf-devel
curl -L -o /tmp/vboxadditions.iso https://download.virtualbox.org/virtualbox/6.1.34/VBoxGuestAdditions_6.1.34.iso
mkdir -p /media/VBoxGuestAdditions
mount -o loop,ro /tmp/vboxadditions.iso /media/VBoxGuestAdditions
mkdir -p /tmp/VBoxGuestAdditions
sh /media/VBoxGuestAdditions/VBoxLinuxAdditions.run --nox11 --noexec --keep --target /tmp/VBoxGuestAdditions
pushd /tmp/VBoxGuestAdditions
./install.sh
/sbin/rcvboxadd quicksetup all
popd
ls "/lib/modules/${kver}/misc/"
modinfo "/lib/modules/${kver}/misc/vboxsf.ko"
rm -rf /tmp/VBoxGuestAdditions
umount /media/VBoxGuestAdditions
rm -f /tmp/vboxadditions.iso
rmdir /media/VBoxGuestAdditions
dnf -y remove kernel-devel gcc make perl elfutils-libelf-devel
# systemd should generate a new machine id during the first boot, to
# avoid having multiple Vagrant instances with the same id in the local
# network. /etc/machine-id should be empty, but it must exist to prevent
# boot errors (e.g. systemd-journald failing to start).
:>/etc/machine-id
echo 'vag' > /etc/yum/vars/infra
# Blacklist the floppy module to avoid probing timeouts
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
# Customize the initramfs
pushd /etc/dracut.conf.d
# Enable VMware PVSCSI support for VMware Fusion guests.
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
# There's no floppy controller, but probing for it generates timeouts
echo 'omit_drivers+=" floppy "' > nofloppy.conf
popd
# Fix the SELinux context of the new files
restorecon -f - <<EOF
/etc/sudoers.d/vagrant
/etc/dracut.conf.d/vmware-fusion-drivers.conf
/etc/dracut.conf.d/hyperv-drivers.conf
/etc/dracut.conf.d/nofloppy.conf
EOF
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
# Seal for deployment
rm -rf /etc/ssh/ssh_host_*
hostnamectl set-hostname localhost.localdomain
rm -rf /etc/udev/rules.d/70-*
%end
%addon com_redhat_kdump --disable
%end
%packages --instLangs=en
bash-completion
bzip2
chrony
cifs-utils
hyperv-daemons
man-pages
nfs-utils
open-vm-tools
rsync
yum-utils
-dracut-config-rescue
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-iwl7260-firmware
-microcode_ctl
-plymouth
%end

457
Rocky-8-Workstation-Lite.ks Normal file
View File

@ -0,0 +1,457 @@
# Generated by pykickstart v3.32
#version=DEVEL
# X Window System configuration information
xconfig --startxonboot
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted --lock locked
# System language
lang en_US.UTF-8
# Shutdown after installation
shutdown
# Network information
network --bootproto=dhcp --device=link --activate
# Firewall configuration
firewall --enabled --service=mdns
# Use network installation
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
repo --name="BaseOS" --baseurl=http://dl.rockylinux.org/pub/rocky/8/BaseOS/$basearch/os/ --cost=200
repo --name="AppStream" --baseurl=http://dl.rockylinux.org/pub/rocky/8/AppStream/$basearch/os/ --cost=200
repo --name="PowerTools" --baseurl=http://dl.rockylinux.org/pub/rocky/8/PowerTools/$basearch/os/ --cost=200
repo --name="extras" --baseurl=http://dl.rockylinux.org/pub/rocky/8/extras/$basearch/os --cost=200
# System timezone
timezone US/Eastern
# SELinux configuration
selinux --enforcing
# System services
services --disabled="sshd" --enabled="NetworkManager,ModemManager"
# System bootloader configuration
bootloader --location=none
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all
# Disk partitioning information
part / --fstype="ext4" --size=5120
part / --size=6656
%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/livesys << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
### BEGIN INIT INFO
# X-Start-Before: display-manager chronyd
### END INIT INFO
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
exit 0
fi
if [ -e /.liveimg-configured ] ; then
configdone=1
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
livedir="LiveOS"
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
livedir=\${arg##rd.live.dir=}
continue
fi
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
livedir=\${arg##live_dir=}
fi
done
# Enable swap unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
for s in \$swaps ; do
action "Enabling swap partition \$s" swapon \$s
done
fi
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
fi
# Support for persistent homes
mountPersistentHome() {
# support label/uuid
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
fi
# if we're given a file rather than a blockdev, loopback it
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
# mtd devs don't have a block device but get magic-mounted with -t jffs2
mountopts="-t jffs2"
elif [ ! -b "\$homedev" ]; then
loopdev=\`losetup -f\`
if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
fi
losetup \$loopdev \$homedev
homedev=\$loopdev
fi
# if it's encrypted, we need to unlock it
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
echo
echo "Setting up encrypted /home device"
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
homedev=/dev/mapper/EncHome
fi
# and finally do the mount
mount \$mountopts \$homedev /home
# if we have /home under what's passed for persistent home, then
# we should make that the real /home. useful for mtd device on olpc
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
[ -x /sbin/restorecon ] && /sbin/restorecon /home
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}
# Help locate persistent homes
findPersistentHome() {
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
homedev=\${arg##persistenthome=}
fi
done
}
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
findPersistentHome
elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
homedev=/run/initramfs/live/\${livedir}/home.img
fi
# Mount the persistent home if it's available
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
action "Mounting persistent /home" mountPersistentHome
fi
if [ -n "\$configdone" ]; then
exit 0
fi
# Create the liveuser (no password) so automatic logins and sudo works
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
passwd -d liveuser > /dev/null
usermod -aG wheel liveuser > /dev/null
# Same for root
passwd -d root > /dev/null
# Turn off firstboot (similar to a DVD/minimal install, where it asks
# for the user to accept the EULA before bringing up a TTY)
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
systemctl stop firstboot-text.service 2> /dev/null || :
systemctl stop firstboot-graphical.service 2> /dev/null || :
# Prelinking damages the images
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
# Turn off mdmonitor by default
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
systemctl stop mdmonitor.service 2> /dev/null || :
systemctl stop mdmonitor-takeover.service 2> /dev/null || :
# Even if there isn't gnome, this doesn't hurt.
gsettings set org.gnome.software download-updates 'false' || :
# Disable cron
systemctl --no-reload disable crond.service 2> /dev/null || :
systemctl --no-reload disable atd.service 2> /dev/null || :
systemctl stop crond.service 2> /dev/null || :
systemctl stop atd.service 2> /dev/null || :
# Disable abrt
systemctl --no-reload disable abrtd.service 2> /dev/null || :
systemctl stop abrtd.service 2> /dev/null || :
# Don't sync the system clock when running live (RHBZ #1018162)
sed -i 's/rtcsync//' /etc/chrony.conf
# Mark things as configured
touch /.liveimg-configured
# add static hostname to work around xauth bug
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
# the hostname must be something else than 'localhost'
# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
echo "localhost-live" > /etc/hostname
EOF
# HAL likes to start late.
cat > /etc/rc.d/init.d/livesys-late << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
exit 0
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-late-configured
# Read some stuff out of the kernel cmdline
for o in \`cat /proc/cmdline\` ; do
case \$o in
ks=*)
ks="--kickstart=\${o#ks=}"
;;
xdriver=*)
xdriver="\${o#xdriver=}"
;;
esac
done
# If liveinst or textinst is given, start installer
if strstr "\`cat /proc/cmdline\`" liveinst ; then
plymouth --quit
/usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
plymouth --quit
/usr/sbin/liveinst --text \$ks
fi
# Configure X, allowing user to override xdriver
if [ -n "\$xdriver" ]; then
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
Section "Device"
Identifier "Videocard0"
Driver "\$xdriver"
EndSection
FOE
fi
EOF
chmod 755 /etc/rc.d/init.d/livesys
/sbin/restorecon /etc/rc.d/init.d/livesys
/sbin/chkconfig --add livesys
chmod 755 /etc/rc.d/init.d/livesys-late
/sbin/restorecon /etc/rc.d/init.d/livesys-late
/sbin/chkconfig --add livesys-late
# Enable tmpfs for /tmp - this is a good idea
systemctl enable tmp.mount
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
cat >> /etc/fstab << EOF
vartmp /var/tmp tmpfs defaults 0 0
EOF
# PackageKit likes to play games. Let's fix that.
rm -f /var/lib/rpm/__db*
releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
basearch=$(uname -i)
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
echo "Packages within this LiveCD"
rpm -qa
# Note that running rpm recreates the rpm db files which aren't needed or wanted
rm -f /var/lib/rpm/__db*
# go ahead and pre-make the man -k cache (#455968)
/usr/bin/mandb
# make sure there aren't core files lying around
rm -f /core*
# remove random seed, the newly installed instance should make it's own
rm -f /var/lib/systemd/random-seed
# convince readahead not to collect
# FIXME: for systemd
echo 'File created by kickstart. See systemd-update-done.service(8).' \
| tee /etc/.updated >/var/.updated
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
# See bug 1317709
rm -f /boot/*-rescue*
# Disable network service here, as doing it in the services line
# fails due to RHBZ #1369794 - the error is expected
/sbin/chkconfig network off
# Remove machine-id on generated images
rm -f /etc/machine-id
touch /etc/machine-id
/usr/sbin/fixfiles -R -a restore
cat >> /etc/rc.d/init.d/livesys << EOF
# disable gnome-software automatically downloading updates
cat >> /usr/share/glib-2.0/schemas/org.gnome.software.gschema.override << FOE
[org.gnome.software]
download-updates=false
FOE
# don't autostart gnome-software session service
rm -f /etc/xdg/autostart/gnome-software-service.desktop
# disable the gnome-software shell search provider
cat >> /usr/share/gnome-shell/search-providers/org.gnome.Software-search-provider.ini << FOE
DefaultDisabled=true
FOE
# don't run gnome-initial-setup
mkdir ~liveuser/.config
touch ~liveuser/.config/gnome-initial-setup-done
# suppress anaconda spokes redundant with gnome-initial-setup
cat >> /etc/sysconfig/anaconda << FOE
[NetworkSpoke]
visited=1
[PasswordSpoke]
visited=1
[UserSpoke]
visited=1
FOE
# make the installer show up
if [ -f /usr/share/applications/liveinst.desktop ]; then
# Show harddisk install in shell dash
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop ""
# need to move it to anaconda.desktop to make shell happy
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
cat >> /usr/share/glib-2.0/schemas/org.gnome.shell.gschema.override << FOE
[org.gnome.shell]
favorite-apps=['firefox.desktop', 'evolution.desktop', 'rhythmbox.desktop', 'shotwell.desktop', 'org.gnome.Nautilus.desktop', 'anaconda.desktop']
FOE
# Make the welcome screen show up
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/anaconda.desktop
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# Copy Anaconda branding in place
if [ -d /usr/share/lorax/product/usr/share/anaconda ]; then
cp -a /usr/share/lorax/product/* /
fi
fi
# rebuild schema cache with any overrides we installed
glib-compile-schemas /usr/share/glib-2.0/schemas
# set up auto-login
cat > /etc/gdm/custom.conf << FOE
[daemon]
AutomaticLoginEnable=True
AutomaticLogin=liveuser
FOE
# Turn off PackageKit-command-not-found while uninstalled
if [ -f /etc/PackageKit/CommandNotFound.conf ]; then
sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
fi
# make sure to set the right permissions and selinux contexts
chown -R liveuser:liveuser /home/liveuser/
restorecon -R /home/liveuser/
restorecon -R /
EOF
%end
%post --nochroot
cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
# This only works on x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
# For livecd-creator builds
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
# For lorax/livemedia-creator builds
sed -i '
/## make boot.iso/ i\
# Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
<% f = "usr/bin/livecd-iso-to-disk" %>\
%if exists(f):\
install ${f} ${LIVEDIR}/${f|basename}\
%endif\
' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
fi
%end
%packages
@anaconda-tools
@base-x
@core
@fonts
@gnome-desktop
@guest-desktop-agents
@hardware-support
@internet-browser
@networkmanager-submodules
aajohan-comfortaa-fonts
anaconda
anaconda-install-env-deps
anaconda-live
chkconfig
dracut-live
glibc-all-langpacks
initscripts
kernel
kernel-modules
kernel-modules-extra
libreoffice-calc
libreoffice-emailmerge
libreoffice-graphicfilter
libreoffice-impress
libreoffice-writer
memtest86+
syslinux
-@dial-up
-@input-methods
-@standard
-gfs2-utils
-reiserfs-utils
%end

470
Rocky-8-Workstation-Mainline.ks Normal file
View File

@ -0,0 +1,470 @@
# Generated by pykickstart v3.34
#version=RHEL8
# X Window System configuration information
xconfig --startxonboot
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted --lock locked
# System language
lang en_US.UTF-8
# Shutdown after installation
shutdown
# System timezone
timezone US/Eastern
# Network information
network --bootproto=dhcp --device=link --activate
# Firewall configuration
firewall --enabled --service=mdns
# SELinux configuration
selinux --enforcing
# System services
services --disabled="sshd" --enabled="NetworkManager,ModemManager"
repo --name="BaseOS" --baseurl=http://dl.rockylinux.org/pub/rocky/8/BaseOS/$basearch/os/ --cost=200
repo --name="AppStream" --baseurl=http://dl.rockylinux.org/pub/rocky/8/AppStream/$basearch/os/ --cost=200
repo --name="PowerTools" --baseurl=http://dl.rockylinux.org/pub/rocky/8/PowerTools/$basearch/os/ --cost=200
repo --name="extras" --baseurl=http://dl.rockylinux.org/pub/rocky/8/extras/$basearch/os --cost=200
repo --name="elrepo-kernel" --baseurl=https://elrepo.org/linux/kernel/el8/$basearch/ --cost=200
# Use network installation
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
# System bootloader configuration
bootloader --location=none
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all
# Disk partitioning information
part / --fstype="ext4" --size=5120
part / --size=6656
%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/livesys << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
### BEGIN INIT INFO
# X-Start-Before: display-manager chronyd
### END INIT INFO
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
exit 0
fi
if [ -e /.liveimg-configured ] ; then
configdone=1
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
livedir="LiveOS"
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
livedir=\${arg##rd.live.dir=}
continue
fi
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
livedir=\${arg##live_dir=}
fi
done
# Enable swap unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
for s in \$swaps ; do
action "Enabling swap partition \$s" swapon \$s
done
fi
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
fi
# Support for persistent homes
mountPersistentHome() {
# support label/uuid
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
fi
# if we're given a file rather than a blockdev, loopback it
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
# mtd devs don't have a block device but get magic-mounted with -t jffs2
mountopts="-t jffs2"
elif [ ! -b "\$homedev" ]; then
loopdev=\`losetup -f\`
if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
fi
losetup \$loopdev \$homedev
homedev=\$loopdev
fi
# if it's encrypted, we need to unlock it
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
echo
echo "Setting up encrypted /home device"
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
homedev=/dev/mapper/EncHome
fi
# and finally do the mount
mount \$mountopts \$homedev /home
# if we have /home under what's passed for persistent home, then
# we should make that the real /home. useful for mtd device on olpc
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
[ -x /sbin/restorecon ] && /sbin/restorecon /home
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}
# Help locate persistent homes
findPersistentHome() {
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
homedev=\${arg##persistenthome=}
fi
done
}
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
findPersistentHome
elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
homedev=/run/initramfs/live/\${livedir}/home.img
fi
# Mount the persistent home if it's available
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
action "Mounting persistent /home" mountPersistentHome
fi
if [ -n "\$configdone" ]; then
exit 0
fi
# Create the liveuser (no password) so automatic logins and sudo works
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
passwd -d liveuser > /dev/null
usermod -aG wheel liveuser > /dev/null
# Same for root
passwd -d root > /dev/null
# Turn off firstboot (similar to a DVD/minimal install, where it asks
# for the user to accept the EULA before bringing up a TTY)
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
systemctl stop firstboot-text.service 2> /dev/null || :
systemctl stop firstboot-graphical.service 2> /dev/null || :
# Prelinking damages the images
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
# Turn off mdmonitor by default
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
systemctl stop mdmonitor.service 2> /dev/null || :
systemctl stop mdmonitor-takeover.service 2> /dev/null || :
# Even if there isn't gnome, this doesn't hurt.
gsettings set org.gnome.software download-updates 'false' || :
# Disable cron
systemctl --no-reload disable crond.service 2> /dev/null || :
systemctl --no-reload disable atd.service 2> /dev/null || :
systemctl stop crond.service 2> /dev/null || :
systemctl stop atd.service 2> /dev/null || :
# Disable abrt
systemctl --no-reload disable abrtd.service 2> /dev/null || :
systemctl stop abrtd.service 2> /dev/null || :
# Don't sync the system clock when running live (RHBZ #1018162)
sed -i 's/rtcsync//' /etc/chrony.conf
# Mark things as configured
touch /.liveimg-configured
# add static hostname to work around xauth bug
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
# the hostname must be something else than 'localhost'
# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
echo "localhost" > /etc/hostname
EOF
# HAL likes to start late.
cat > /etc/rc.d/init.d/livesys-late << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
exit 0
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-late-configured
# Read some stuff out of the kernel cmdline
for o in \`cat /proc/cmdline\` ; do
case \$o in
ks=*)
ks="--kickstart=\${o#ks=}"
;;
xdriver=*)
xdriver="\${o#xdriver=}"
;;
esac
done
# If liveinst or textinst is given, start installer
if strstr "\`cat /proc/cmdline\`" liveinst ; then
plymouth --quit
/usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
plymouth --quit
/usr/sbin/liveinst --text \$ks
fi
# Configure X, allowing user to override xdriver
if [ -n "\$xdriver" ]; then
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
Section "Device"
Identifier "Videocard0"
Driver "\$xdriver"
EndSection
FOE
fi
EOF
chmod 755 /etc/rc.d/init.d/livesys
/sbin/restorecon /etc/rc.d/init.d/livesys
/sbin/chkconfig --add livesys
chmod 755 /etc/rc.d/init.d/livesys-late
/sbin/restorecon /etc/rc.d/init.d/livesys-late
/sbin/chkconfig --add livesys-late
# Enable tmpfs for /tmp - this is a good idea
systemctl enable tmp.mount
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
cat >> /etc/fstab << EOF
vartmp /var/tmp tmpfs defaults 0 0
EOF
# PackageKit likes to play games. Let's fix that.
rm -f /var/lib/rpm/__db*
releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
basearch=$(uname -i)
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
echo "Packages within this LiveCD"
rpm -qa
# Note that running rpm recreates the rpm db files which aren't needed or wanted
rm -f /var/lib/rpm/__db*
# go ahead and pre-make the man -k cache (#455968)
/usr/bin/mandb
# make sure there aren't core files lying around
rm -f /core*
# remove random seed, the newly installed instance should make it's own
rm -f /var/lib/systemd/random-seed
# convince readahead not to collect
# FIXME: for systemd
echo 'File created by kickstart. See systemd-update-done.service(8).' \
| tee /etc/.updated >/var/.updated
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
# See bug 1317709
rm -f /boot/*-rescue*
# Disable network service here, as doing it in the services line
# fails due to RHBZ #1369794 - the error is expected
/sbin/chkconfig network off
# Remove machine-id on generated images
rm -f /etc/machine-id
touch /etc/machine-id
%end
%post --nochroot
cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
# This only works on x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
# For livecd-creator builds
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
# For lorax/livemedia-creator builds
sed -i '
/## make boot.iso/ i\
# Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
<% f = "usr/bin/livecd-iso-to-disk" %>\
%if exists(f):\
install ${f} ${LIVEDIR}/${f|basename}\
%endif\
' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
fi
%end
%post
cat >> /etc/rc.d/init.d/livesys << EOF
# disable gnome-software automatically downloading updates
cat >> /usr/share/glib-2.0/schemas/org.gnome.software.gschema.override << FOE
[org.gnome.software]
download-updates=false
FOE
# don't autostart gnome-software session service
rm -f /etc/xdg/autostart/gnome-software-service.desktop
# disable the gnome-software shell search provider
cat >> /usr/share/gnome-shell/search-providers/org.gnome.Software-search-provider.ini << FOE
DefaultDisabled=true
FOE
# don't run gnome-initial-setup
mkdir ~liveuser/.config
touch ~liveuser/.config/gnome-initial-setup-done
# suppress anaconda spokes redundant with gnome-initial-setup
cat >> /etc/sysconfig/anaconda << FOE
[NetworkSpoke]
visited=1
[PasswordSpoke]
visited=1
[UserSpoke]
visited=1
FOE
# make the installer show up
if [ -f /usr/share/applications/liveinst.desktop ]; then
# Show harddisk install in shell dash
#sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop ""
# need to move it to anaconda.desktop to make shell happy
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
cat >> /usr/share/glib-2.0/schemas/org.gnome.shell.gschema.override << FOE
[org.gnome.shell]
favorite-apps=['firefox.desktop', 'evolution.desktop', 'rhythmbox.desktop', 'shotwell.desktop', 'org.gnome.Nautilus.desktop', 'anaconda.desktop']
FOE
# Make the welcome screen show up
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/anaconda.desktop
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# Copy Anaconda branding in place
if [ -d /usr/share/lorax/product/usr/share/anaconda ]; then
cp -a /usr/share/lorax/product/* /
fi
fi
# rebuild schema cache with any overrides we installed
glib-compile-schemas /usr/share/glib-2.0/schemas
# set up auto-login
cat > /etc/gdm/custom.conf << FOE
[daemon]
AutomaticLoginEnable=True
AutomaticLogin=liveuser
FOE
# Turn off PackageKit-command-not-found while uninstalled
if [ -f /etc/PackageKit/CommandNotFound.conf ]; then
sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
fi
# switch default kernel
sed -i 's/DEFAULTKERNEL=kernel/DEFAULTKERNEL=kernel-ml/g' /etc/sysconfig/kernel
# enable elrepo kernel
dnf config-manager --set-enabled elrepo-kernel
# make sure to set the right permissions and selinux contexts
chown -R liveuser:liveuser /home/liveuser/
restorecon -R /home/liveuser/
restorecon -R /
EOF
%end
%packages
@anaconda-tools
@base-x
@core
@fonts
@gnome-desktop
@guest-desktop-agents
@hardware-support
@internet-browser
@multimedia
@networkmanager-submodules
@workstation-product
aajohan-comfortaa-fonts
anaconda
anaconda-install-env-deps
anaconda-live
chkconfig
dracut-live
elrepo-release
glibc-all-langpacks
initscripts
kernel-ml
kernel-ml-modules
kernel-ml-modules-extra
libreoffice-calc
libreoffice-emailmerge
libreoffice-graphicfilter
libreoffice-impress
libreoffice-writer
memtest86+
syslinux
-@dial-up
-@input-methods
-@standard
-gfs2-utils
-reiserfs-utils
%end

459
Rocky-8-Workstation.ks Normal file
View File

@ -0,0 +1,459 @@
# Generated by pykickstart v3.32
#version=DEVEL
# X Window System configuration information
xconfig --startxonboot
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted --lock locked
# System language
lang en_US.UTF-8
# Shutdown after installation
shutdown
# Network information
network --bootproto=dhcp --device=link --activate
# Firewall configuration
firewall --enabled --service=mdns
# Use network installation
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
repo --name="BaseOS" --baseurl=http://dl.rockylinux.org/pub/rocky/8/BaseOS/$basearch/os/ --cost=200
repo --name="AppStream" --baseurl=http://dl.rockylinux.org/pub/rocky/8/AppStream/$basearch/os/ --cost=200
repo --name="PowerTools" --baseurl=http://dl.rockylinux.org/pub/rocky/8/PowerTools/$basearch/os/ --cost=200
repo --name="extras" --baseurl=http://dl.rockylinux.org/pub/rocky/8/extras/$basearch/os --cost=200
# System timezone
timezone US/Eastern
# SELinux configuration
selinux --enforcing
# System services
services --disabled="sshd" --enabled="NetworkManager,ModemManager"
# System bootloader configuration
bootloader --location=none
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all
# Disk partitioning information
part / --fstype="ext4" --size=5120
part / --size=6656
%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/livesys << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
### BEGIN INIT INFO
# X-Start-Before: display-manager chronyd
### END INIT INFO
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
exit 0
fi
if [ -e /.liveimg-configured ] ; then
configdone=1
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
livedir="LiveOS"
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
livedir=\${arg##rd.live.dir=}
continue
fi
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
livedir=\${arg##live_dir=}
fi
done
# Enable swap unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
for s in \$swaps ; do
action "Enabling swap partition \$s" swapon \$s
done
fi
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
fi
# Support for persistent homes
mountPersistentHome() {
# support label/uuid
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
fi
# if we're given a file rather than a blockdev, loopback it
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
# mtd devs don't have a block device but get magic-mounted with -t jffs2
mountopts="-t jffs2"
elif [ ! -b "\$homedev" ]; then
loopdev=\`losetup -f\`
if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
fi
losetup \$loopdev \$homedev
homedev=\$loopdev
fi
# if it's encrypted, we need to unlock it
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
echo
echo "Setting up encrypted /home device"
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
homedev=/dev/mapper/EncHome
fi
# and finally do the mount
mount \$mountopts \$homedev /home
# if we have /home under what's passed for persistent home, then
# we should make that the real /home. useful for mtd device on olpc
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
[ -x /sbin/restorecon ] && /sbin/restorecon /home
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}
# Help locate persistent homes
findPersistentHome() {
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
homedev=\${arg##persistenthome=}
fi
done
}
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
findPersistentHome
elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
homedev=/run/initramfs/live/\${livedir}/home.img
fi
# Mount the persistent home if it's available
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
action "Mounting persistent /home" mountPersistentHome
fi
if [ -n "\$configdone" ]; then
exit 0
fi
# Create the liveuser (no password) so automatic logins and sudo works
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
passwd -d liveuser > /dev/null
usermod -aG wheel liveuser > /dev/null
# Same for root
passwd -d root > /dev/null
# Turn off firstboot (similar to a DVD/minimal install, where it asks
# for the user to accept the EULA before bringing up a TTY)
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
systemctl stop firstboot-text.service 2> /dev/null || :
systemctl stop firstboot-graphical.service 2> /dev/null || :
# Prelinking damages the images
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
# Turn off mdmonitor by default
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
systemctl stop mdmonitor.service 2> /dev/null || :
systemctl stop mdmonitor-takeover.service 2> /dev/null || :
# Even if there isn't gnome, this doesn't hurt.
gsettings set org.gnome.software download-updates 'false' || :
# Disable cron
systemctl --no-reload disable crond.service 2> /dev/null || :
systemctl --no-reload disable atd.service 2> /dev/null || :
systemctl stop crond.service 2> /dev/null || :
systemctl stop atd.service 2> /dev/null || :
# Disable abrt
systemctl --no-reload disable abrtd.service 2> /dev/null || :
systemctl stop abrtd.service 2> /dev/null || :
# Don't sync the system clock when running live (RHBZ #1018162)
sed -i 's/rtcsync//' /etc/chrony.conf
# Mark things as configured
touch /.liveimg-configured
# add static hostname to work around xauth bug
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
# the hostname must be something else than 'localhost'
# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
echo "localhost-live" > /etc/hostname
EOF
# HAL likes to start late.
cat > /etc/rc.d/init.d/livesys-late << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
exit 0
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-late-configured
# Read some stuff out of the kernel cmdline
for o in \`cat /proc/cmdline\` ; do
case \$o in
ks=*)
ks="--kickstart=\${o#ks=}"
;;
xdriver=*)
xdriver="\${o#xdriver=}"
;;
esac
done
# If liveinst or textinst is given, start installer
if strstr "\`cat /proc/cmdline\`" liveinst ; then
plymouth --quit
/usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
plymouth --quit
/usr/sbin/liveinst --text \$ks
fi
# Configure X, allowing user to override xdriver
if [ -n "\$xdriver" ]; then
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
Section "Device"
Identifier "Videocard0"
Driver "\$xdriver"
EndSection
FOE
fi
EOF
chmod 755 /etc/rc.d/init.d/livesys
/sbin/restorecon /etc/rc.d/init.d/livesys
/sbin/chkconfig --add livesys
chmod 755 /etc/rc.d/init.d/livesys-late
/sbin/restorecon /etc/rc.d/init.d/livesys-late
/sbin/chkconfig --add livesys-late
# Enable tmpfs for /tmp - this is a good idea
systemctl enable tmp.mount
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
cat >> /etc/fstab << EOF
vartmp /var/tmp tmpfs defaults 0 0
EOF
# PackageKit likes to play games. Let's fix that.
rm -f /var/lib/rpm/__db*
releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
basearch=$(uname -i)
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
echo "Packages within this LiveCD"
rpm -qa
# Note that running rpm recreates the rpm db files which aren't needed or wanted
rm -f /var/lib/rpm/__db*
# go ahead and pre-make the man -k cache (#455968)
/usr/bin/mandb
# make sure there aren't core files lying around
rm -f /core*
# remove random seed, the newly installed instance should make it's own
rm -f /var/lib/systemd/random-seed
# convince readahead not to collect
# FIXME: for systemd
echo 'File created by kickstart. See systemd-update-done.service(8).' \
| tee /etc/.updated >/var/.updated
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
# See bug 1317709
rm -f /boot/*-rescue*
# Disable network service here, as doing it in the services line
# fails due to RHBZ #1369794 - the error is expected
/sbin/chkconfig network off
# Remove machine-id on generated images
rm -f /etc/machine-id
touch /etc/machine-id
/usr/sbin/fixfiles -R -a restore
cat >> /etc/rc.d/init.d/livesys << EOF
# disable gnome-software automatically downloading updates
cat >> /usr/share/glib-2.0/schemas/org.gnome.software.gschema.override << FOE
[org.gnome.software]
download-updates=false
FOE
# don't autostart gnome-software session service
rm -f /etc/xdg/autostart/gnome-software-service.desktop
# disable the gnome-software shell search provider
cat >> /usr/share/gnome-shell/search-providers/org.gnome.Software-search-provider.ini << FOE
DefaultDisabled=true
FOE
# don't run gnome-initial-setup
mkdir ~liveuser/.config
touch ~liveuser/.config/gnome-initial-setup-done
# suppress anaconda spokes redundant with gnome-initial-setup
cat >> /etc/sysconfig/anaconda << FOE
[NetworkSpoke]
visited=1
[PasswordSpoke]
visited=1
[UserSpoke]
visited=1
FOE
# make the installer show up
if [ -f /usr/share/applications/liveinst.desktop ]; then
# Show harddisk install in shell dash
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop ""
# need to move it to anaconda.desktop to make shell happy
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
cat >> /usr/share/glib-2.0/schemas/org.gnome.shell.gschema.override << FOE
[org.gnome.shell]
favorite-apps=['firefox.desktop', 'evolution.desktop', 'rhythmbox.desktop', 'shotwell.desktop', 'org.gnome.Nautilus.desktop', 'anaconda.desktop']
FOE
# Make the welcome screen show up
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/anaconda.desktop
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# Copy Anaconda branding in place
if [ -d /usr/share/lorax/product/usr/share/anaconda ]; then
cp -a /usr/share/lorax/product/* /
fi
fi
# rebuild schema cache with any overrides we installed
glib-compile-schemas /usr/share/glib-2.0/schemas
# set up auto-login
cat > /etc/gdm/custom.conf << FOE
[daemon]
AutomaticLoginEnable=True
AutomaticLogin=liveuser
FOE
# Turn off PackageKit-command-not-found while uninstalled
if [ -f /etc/PackageKit/CommandNotFound.conf ]; then
sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
fi
# make sure to set the right permissions and selinux contexts
chown -R liveuser:liveuser /home/liveuser/
restorecon -R /home/liveuser/
restorecon -R /
EOF
%end
%post --nochroot
cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
# This only works on x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
# For livecd-creator builds
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
# For lorax/livemedia-creator builds
sed -i '
/## make boot.iso/ i\
# Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
<% f = "usr/bin/livecd-iso-to-disk" %>\
%if exists(f):\
install ${f} ${LIVEDIR}/${f|basename}\
%endif\
' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
fi
%end
%packages
@anaconda-tools
@base-x
@core
@fonts
@gnome-desktop
@guest-desktop-agents
@hardware-support
@internet-browser
@multimedia
@networkmanager-submodules
@workstation-product
aajohan-comfortaa-fonts
anaconda
anaconda-install-env-deps
anaconda-live
chkconfig
dracut-live
glibc-all-langpacks
initscripts
kernel
kernel-modules
kernel-modules-extra
libreoffice-calc
libreoffice-emailmerge
libreoffice-graphicfilter
libreoffice-impress
libreoffice-writer
memtest86+
syslinux
-@dial-up
-@input-methods
-@standard
-gfs2-utils
-reiserfs-utils
%end

508
Rocky-8-XFCE.ks Normal file
View File

@ -0,0 +1,508 @@
# Generated by pykickstart v3.32
#version=DEVEL
# X Window System configuration information
xconfig --startxonboot
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted --lock locked
# System language
lang en_US.UTF-8
# Shutdown after installation
shutdown
# Network information
network --bootproto=dhcp --device=link --activate
# Firewall configuration
firewall --enabled --service=mdns
# Use network installation
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
repo --name="BaseOS" --baseurl=http://dl.rockylinux.org/pub/rocky/8/BaseOS/$basearch/os/ --cost=200
repo --name="AppStream" --baseurl=http://dl.rockylinux.org/pub/rocky/8/AppStream/$basearch/os/ --cost=200
repo --name="PowerTools" --baseurl=http://dl.rockylinux.org/pub/rocky/8/PowerTools/$basearch/os/ --cost=200
repo --name="extras" --baseurl=http://dl.rockylinux.org/pub/rocky/8/extras/$basearch/os --cost=200
repo --name="epel" --baseurl=https://dl.fedoraproject.org/pub/epel/8/Everything/$basearch/ --cost=200
repo --name="epel-modular" --baseurl=https://dl.fedoraproject.org/pub/epel/8/Modular/$basearch/ --cost=200
# System timezone
timezone US/Eastern
# SELinux configuration
selinux --enforcing
# System services
services --disabled="sshd" --enabled="NetworkManager,ModemManager"
# System bootloader configuration
bootloader --location=none
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all
# Disk partitioning information
part / --fstype="ext4" --size=5120
part / --size=6144
%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/livesys << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
### BEGIN INIT INFO
# X-Start-Before: display-manager chronyd
### END INIT INFO
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
exit 0
fi
if [ -e /.liveimg-configured ] ; then
configdone=1
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
livedir="LiveOS"
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
livedir=\${arg##rd.live.dir=}
continue
fi
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
livedir=\${arg##live_dir=}
fi
done
# Enable swap unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
for s in \$swaps ; do
action "Enabling swap partition \$s" swapon \$s
done
fi
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
fi
# Support for persistent homes
mountPersistentHome() {
# support label/uuid
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
fi
# if we're given a file rather than a blockdev, loopback it
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
# mtd devs don't have a block device but get magic-mounted with -t jffs2
mountopts="-t jffs2"
elif [ ! -b "\$homedev" ]; then
loopdev=\`losetup -f\`
if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
fi
losetup \$loopdev \$homedev
homedev=\$loopdev
fi
# if it's encrypted, we need to unlock it
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
echo
echo "Setting up encrypted /home device"
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
homedev=/dev/mapper/EncHome
fi
# and finally do the mount
mount \$mountopts \$homedev /home
# if we have /home under what's passed for persistent home, then
# we should make that the real /home. useful for mtd device on olpc
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
[ -x /sbin/restorecon ] && /sbin/restorecon /home
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}
# Help locate persistent homes
findPersistentHome() {
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
homedev=\${arg##persistenthome=}
fi
done
}
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
findPersistentHome
elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
homedev=/run/initramfs/live/\${livedir}/home.img
fi
# Mount the persistent home if it's available
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
action "Mounting persistent /home" mountPersistentHome
fi
if [ -n "\$configdone" ]; then
exit 0
fi
# Create the liveuser (no password) so automatic logins and sudo works
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
passwd -d liveuser > /dev/null
usermod -aG wheel liveuser > /dev/null
# Same for root
passwd -d root > /dev/null
# Turn off firstboot (similar to a DVD/minimal install, where it asks
# for the user to accept the EULA before bringing up a TTY)
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
systemctl stop firstboot-text.service 2> /dev/null || :
systemctl stop firstboot-graphical.service 2> /dev/null || :
# Prelinking damages the images
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
# Turn off mdmonitor by default
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
systemctl stop mdmonitor.service 2> /dev/null || :
systemctl stop mdmonitor-takeover.service 2> /dev/null || :
# Even if there isn't gnome, this doesn't hurt.
gsettings set org.gnome.software download-updates 'false' || :
# Disable cron
systemctl --no-reload disable crond.service 2> /dev/null || :
systemctl --no-reload disable atd.service 2> /dev/null || :
systemctl stop crond.service 2> /dev/null || :
systemctl stop atd.service 2> /dev/null || :
# Disable abrt
systemctl --no-reload disable abrtd.service 2> /dev/null || :
systemctl stop abrtd.service 2> /dev/null || :
# Don't sync the system clock when running live (RHBZ #1018162)
sed -i 's/rtcsync//' /etc/chrony.conf
# Mark things as configured
touch /.liveimg-configured
# add static hostname to work around xauth bug
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
# the hostname must be something else than 'localhost'
# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
echo "localhost-live" > /etc/hostname
EOF
# HAL likes to start late.
cat > /etc/rc.d/init.d/livesys-late << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
exit 0
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-late-configured
# Read some stuff out of the kernel cmdline
for o in \`cat /proc/cmdline\` ; do
case \$o in
ks=*)
ks="--kickstart=\${o#ks=}"
;;
xdriver=*)
xdriver="\${o#xdriver=}"
;;
esac
done
# If liveinst or textinst is given, start installer
if strstr "\`cat /proc/cmdline\`" liveinst ; then
plymouth --quit
/usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
plymouth --quit
/usr/sbin/liveinst --text \$ks
fi
# Configure X, allowing user to override xdriver
if [ -n "\$xdriver" ]; then
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
Section "Device"
Identifier "Videocard0"
Driver "\$xdriver"
EndSection
FOE
fi
EOF
chmod 755 /etc/rc.d/init.d/livesys
/sbin/restorecon /etc/rc.d/init.d/livesys
/sbin/chkconfig --add livesys
chmod 755 /etc/rc.d/init.d/livesys-late
/sbin/restorecon /etc/rc.d/init.d/livesys-late
/sbin/chkconfig --add livesys-late
# Enable tmpfs for /tmp - this is a good idea
systemctl enable tmp.mount
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
cat >> /etc/fstab << EOF
vartmp /var/tmp tmpfs defaults 0 0
EOF
# PackageKit likes to play games. Let's fix that.
rm -f /var/lib/rpm/__db*
releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
basearch=$(uname -i)
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
echo "Packages within this LiveCD"
rpm -qa
# Note that running rpm recreates the rpm db files which aren't needed or wanted
rm -f /var/lib/rpm/__db*
# go ahead and pre-make the man -k cache (#455968)
/usr/bin/mandb
# make sure there aren't core files lying around
rm -f /core*
# remove random seed, the newly installed instance should make it's own
rm -f /var/lib/systemd/random-seed
# convince readahead not to collect
# FIXME: for systemd
echo 'File created by kickstart. See systemd-update-done.service(8).' \
| tee /etc/.updated >/var/.updated
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
# See bug 1317709
rm -f /boot/*-rescue*
# Disable network service here, as doing it in the services line
# fails due to RHBZ #1369794 - the error is expected
/sbin/chkconfig network off
# Remove machine-id on generated images
rm -f /etc/machine-id
touch /etc/machine-id
/usr/sbin/fixfiles -R -a restore
# xfce configuration
# create /etc/sysconfig/desktop (needed for installation)
cat > /etc/sysconfig/desktop <<EOF
PREFERRED=/usr/bin/startxfce4
DISPLAYMANAGER=/usr/sbin/lightdm
EOF
cat >> /etc/rc.d/init.d/livesys << EOF
mkdir -p /home/liveuser/.config/xfce4
# ugly stuff, this should give us a default background for now
mkdir -p /usr/share/backgrounds/images
ln -s /usr/share/backgrounds/f32/default/f32.png \
/usr/share/backgrounds/images/default.png
cat > /home/liveuser/.config/xfce4/helpers.rc << FOE
MailReader=sylpheed-claws
FileManager=Thunar
WebBrowser=firefox
FOE
# disable screensaver locking (#674410)
cat >> /home/liveuser/.xscreensaver << FOE
mode: off
lock: False
dpmsEnabled: False
FOE
# deactivate xfconf-migration (#683161)
rm -f /etc/xdg/autostart/xfconf-migration-4.6.desktop || :
# deactivate xfce4-panel first-run dialog (#693569)
mkdir -p /home/liveuser/.config/xfce4/xfconf/xfce-perchannel-xml
cp /etc/xdg/xfce4/panel/default.xml /home/liveuser/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
# set up lightdm autologin
sed -i 's/^#autologin-user=.*/autologin-user=liveuser/' /etc/lightdm/lightdm.conf
sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
sed -i 's/^#show-language-selector=.*/show-language-selector=true/' /etc/lightdm/lightdm-gtk-greeter.conf
# set Xfce as default session, otherwise login will fail
sed -i 's/^#user-session=.*/user-session=xfce/' /etc/lightdm/lightdm.conf
# debrand
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/liveinst.desktop
# Show harddisk install on the desktop
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop
mkdir /home/liveuser/Desktop
cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop/
# no updater applet in live environment
rm -f /etc/xdg/autostart/org.mageia.dnfdragora-updater.desktop
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# and mark it as executable (new Xfce security feature)
chmod +x /home/liveuser/Desktop/liveinst.desktop
# move to anaconda - probably not required for XFCE.
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
cat > ~liveuser/.profile << PROFILE_EOF
export XDG_DATA_DIRS="\\\${XDG_DATA_DIRS}:\\\${HOME}/Desktop"
PROFILE_EOF
# this goes at the end after all other changes.
chown -R liveuser:liveuser /home/liveuser
restorecon -R /home/liveuser
EOF
# this doesn't come up automatically. not sure why.
systemctl enable --force lightdm.service
dnf config-manager --set-enabled powertools
%end
%post --nochroot
cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
# only works on x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
# For livecd-creator builds
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
# For lorax/livemedia-creator builds
sed -i '
/## make boot.iso/ i\
# Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
<% f = "usr/bin/livecd-iso-to-disk" %>\
%if exists(f):\
install ${f} ${LIVEDIR}/${f|basename}\
%endif\
' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
fi
%end
%packages
@anaconda-tools
@base-x
@core
@dial-up
@fonts
@guest-desktop-agents
@hardware-support
@input-methods
@multimedia
@standard
@xfce-desktop
aajohan-comfortaa-fonts
anaconda
anaconda-install-env-deps
anaconda-live
chkconfig
dracut-live
epel-release
f32-backgrounds-extras-xfce
f32-backgrounds-xfce
firefox
firewall-config
geany
glibc-all-langpacks
gparted
initscripts
kernel
kernel-modules
kernel-modules-extra
memtest86+
mousepad
pavucontrol
pcp-selinux
pidgin
rhythmbox
ristretto
rocky-backgrounds
lightdm
seahorse
syslinux
thunderbird
transmission
wget
xfce4-about
xfce4-appfinder
xfce4-battery-plugin
xfce4-datetime-plugin
xfce4-netload-plugin
xfce4-notifyd
xfce4-places-plugin
xfce4-pulseaudio-plugin
xfce4-screenshooter-plugin
xfce4-smartbookmark-plugin
xfce4-systemload-plugin
xfce4-taskmanager
xfce4-time-out-plugin
xfce4-weather-plugin
xfce4-whiskermenu-plugin
xfdashboard
xfdashboard-themes
xdg-user-dirs
xdg-user-dirs-gtk
gjs
-acpid
-aspell-*
-autofs
-desktop-backgrounds-basic
-gdm
-gimp-help
-gnome-menus
-gnome-shell
-hplip
-isdn4k-utils
-mpage
-sane-backends
-xfce4-eyes-plugin
-xfce4-sensors-plugin
-xsane
-xsane-gimp
%end

49
cloud/README.md Normal file
View File

@ -0,0 +1,49 @@
# Cloud Templates
This directory contains templated versions of the cloud images. This is
extremely useful for us to be able to create more variants or modify
all variants at once if need be.
The general guidelines/ideas work like this:
* Start with a basic name, such as `rocky-${provider}-${variant}.ks`
* Optionally create additional kickstarts, such as an additional packages file
* Include the very base as necessary:
* rocky-cloud-base.ks
* rocky-cloud-parts-base.ks or rocky-cloud-parts-lvm.ks
* Include other customizations from another kickstart as necessary, such as an additional packages kickstart
* bootloader configuration and then final %post ... %end section
The most basic example of our most basic generic cloud image goes like this. See comments for details.
```
# rocky-genclo-base.ks
# Imports the absolute base for the cloud images. This is general setup settings.
%include rocky-cloud-base.ks
# Imports partition scheme and creation for the image. This is non-LVM.
%include rocky-cloud-parts-base.ks
# Imports base packages that all cloud images are expected to have
%include rocky-cloud-base-packages.ks
# bootloader information, each cloud will have different settings, so better we put it here.
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
# Anything else can go here that isn't fulfilled by custom or base templates.
# This can be repos if needed.
# the final post section is done here (we've removed all of it for the sake of the example)
%post --erroronfail
. . .
%end
```
At the end, you would run run ksflatten, and you now have a customized kickstart.
```
ksflatten -c rocky-genclo-base.ks -o Rocky-X-GenericCloud-Base.ks
```

216
cloud/rocky-azure-base.ks Normal file
View File

@ -0,0 +1,216 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-base.ks
%include rocky-cloud-azure-packages.ks
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
###
# Common Cloud Tweaks
###
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
# remove linux-firmware as we're virt and it's half a gig
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
echo "virtual-guest" > /etc/tuned/active_profile
###
# Networking Changes
###
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
TYPE=Ethernet
USERCTL=no
PEERDNS=yes
IPV6INIT=no
NM_CONTROLLED=yes
IPV4_DHCP_TIMEOUT=300
EOF
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
# Configure dhcp timeout to 300s by default
[connection]
ipv4.dhcp-timeout=300
EOF
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
###
# Services
###
systemctl mask tmp.mount
###
# azure
###
# Setup WALinux Agent
dnf -y install WALinuxAgent
systemctl enable waagent
# Configure waagent for cloud-init
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
# Azure: handle sr-iov and networkmanaeger
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
# This interface is transparently bonded to the synthetic interface,
# so NetworkManager should just ignore any SRIOV interfaces.
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
EOF
# Azure: Time sync for linux
## Setup udev rule for ptp_hyperv
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
EOF
# Configure chrony to use ptp_hyperv
cat << EOF | tee -a /etc/chrony.conf
# Setup hyperv PTP device as refclock
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
EOF
# Azure: Blacklist modules
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
blacklist amdgpu
blacklist nouveau
blacklist radeon
EOF
# Azure: cloud-init customizations for Hyperv
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
# Enable logging to the Hyper-V kvp in Azure
reporting:
logging:
type: log
telemetry:
type: hyperv
EOF
###
# Kernel and Drivers
###
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
EOF
dracut -f -v
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'azure' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
###
# Cleanup
###
###
# Azure Cleanup
###
sudo rm -f /var/log/waagent.log
sudo cloud-init clean
waagent -force -deprovision+user
# Commont cleanup
rm -f ~/.bash_history
export HISTSIZE=0
rm -f /var/lib/systemd/random-seed
rm -rf /root/anaconda-ks.cfg
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /var/lib/yum/*
rm -rf /var/log/anaconda*
rm -rf /var/log/yum.log
# Wipe machineid
cat /dev/null > /etc/machine-id
# Fix selinux
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
true
%end

216
cloud/rocky-azure-lvm.ks Normal file
View File

@ -0,0 +1,216 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-lvm.ks
%include rocky-cloud-azure-packages.ks
bootloader --append="rootdelay=300 console=ttyS0 earlyprintk=ttyS0 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
###
# Common Cloud Tweaks
###
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
# remove linux-firmware as we're virt and it's half a gig
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
echo "virtual-guest" > /etc/tuned/active_profile
###
# Networking Changes
###
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
TYPE=Ethernet
USERCTL=no
PEERDNS=yes
IPV6INIT=no
NM_CONTROLLED=yes
IPV4_DHCP_TIMEOUT=300
EOF
cat << EOF | tee -a /etc/NetworkManager/conf.d/dhcp-timeout.conf
# Configure dhcp timeout to 300s by default
[connection]
ipv4.dhcp-timeout=300
EOF
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
###
# Services
###
systemctl mask tmp.mount
###
# azure
###
# Setup WALinux Agent
dnf -y install WALinuxAgent
systemctl enable waagent
# Configure waagent for cloud-init
sed -i 's/Provisioning.UseCloudInit=n/Provisioning.UseCloudInit=y/g' /etc/waagent.conf
sed -i 's/Provisioning.Enabled=y/Provisioning.Enabled=n/g' /etc/waagent.conf
# Azure: handle sr-iov and networkmanaeger
cat << EOF | tee -a /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
# This interface is transparently bonded to the synthetic interface,
# so NetworkManager should just ignore any SRIOV interfaces.
SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
EOF
# Azure: Time sync for linux
## Setup udev rule for ptp_hyperv
cat << EOF | tee -a /etc/udev/rules.d/98-hyperv-ptp.rules
## See: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
EOF
# Configure chrony to use ptp_hyperv
cat << EOF | tee -a /etc/chrony.conf
# Setup hyperv PTP device as refclock
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2
EOF
# Azure: Blacklist modules
cat << EOF | tee -a /etc/modprobe.d/azure-blacklist.conf
blacklist amdgpu
blacklist nouveau
blacklist radeon
EOF
# Azure: cloud-init customizations for Hyperv
cat << EOF | tee /etc/cloud/cloud.cfg.d/10-azure-kvp.cfg
# Enable logging to the Hyper-V kvp in Azure
reporting:
logging:
type: log
telemetry:
type: hyperv
EOF
###
# Kernel and Drivers
###
# Add drivers when building in VMWare, Vbox, or KVM (KVM)
cat << EOF | tee -a /etc/dracut.conf.d/80-azure.conf
add_drivers+=" hv_vmbus hv_netvsc hv_storvsc "
EOF
dracut -f -v
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'azure' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
###
# Cleanup
###
###
# Azure Cleanup
###
sudo rm -f /var/log/waagent.log
sudo cloud-init clean
waagent -force -deprovision+user
# Commont cleanup
rm -f ~/.bash_history
export HISTSIZE=0
rm -f /var/lib/systemd/random-seed
rm -rf /root/anaconda-ks.cfg
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /var/lib/yum/*
rm -rf /var/log/anaconda*
rm -rf /var/log/yum.log
# Wipe machineid
cat /dev/null > /etc/machine-id
# Fix selinux
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
true
%end

62
cloud/rocky-cloud-azure-packages.ks Normal file
View File

@ -0,0 +1,62 @@
%packages
@core
chrony
dnf
yum
cloud-init
cloud-utils-growpart
NetworkManager
dracut-config-generic
dracut-norescue
firewalld
gdisk
grub2
kernel
nfs-utils
rsync
tar
dnf-utils
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-biosdevname
-iprutils
-plymouth
python3-jsonschema
qemu-guest-agent
dhcp-client
cockpit-ws
cockpit-system
-langpacks-*
-langpacks-en
rocky-release
rng-tools
WALinuxAgent
hyperv-daemons
%end

58
cloud/rocky-cloud-base-packages.ks Normal file
View File

@ -0,0 +1,58 @@
%packages
@core
chrony
dnf
yum
cloud-init
cloud-utils-growpart
NetworkManager
dracut-config-generic
dracut-norescue
firewalld
gdisk
grub2
kernel
nfs-utils
rsync
tar
dnf-utils
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-biosdevname
-iprutils
-plymouth
python3-jsonschema
qemu-guest-agent
dhcp-client
cockpit-ws
cockpit-system
-langpacks-*
-langpacks-en
rocky-release
rng-tools
%end

17
cloud/rocky-cloud-base.ks Normal file
View File

@ -0,0 +1,17 @@
text
lang en_US.UTF-8
keyboard us
timezone UTC --isUtc
# Disk
auth --enableshadow --passalgo=sha512
selinux --enforcing
firewall --enabled --service=ssh
firstboot --disable
# Network information
network --bootproto=dhcp --device=link --activate --onboot=on
network --hostname=localhost.localdomain
# Root password
services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
rootpw --iscrypted thereisnopasswordanditslocked
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
shutdown

58
cloud/rocky-cloud-ocp-packages.ks Normal file
View File

@ -0,0 +1,58 @@
%packages
@core
chrony
cloud-init
cloud-utils-growpart
cockpit-system
cockpit-ws
dhcp-client
dnf
dnf-utils
dracut-config-generic
firewalld
gdisk
grub2
iscsi-initiator-utils
kernel
NetworkManager
nfs-utils
oci-utils
python3-jsonschema
qemu-guest-agent
rng-tools
rocky-release
rsync
tar
yum
yum-utils
-aic94xx-firmware
-alsa-firmware
-alsa-lib
-alsa-tools-firmware
-biosdevname
-iprutils
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-langpacks-*
-langpacks-en
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
-plymouth
%end

27
cloud/rocky-cloud-parts-base.ks Normal file
View File

@ -0,0 +1,27 @@
#zerombr
#clearpart --all --initlabel --disklabel=gpt
part /boot/efi --size=100 --fstype=efi --asprimary
part /boot --size=1000 --fstype=xfs --label=boot
part prepboot --fstype=biosboot --asprimary --onpart=vda3
part biosboot --size=1 --fstype=biosboot --asprimary
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary xfs 1106MiB 10.7GB
%end

28
cloud/rocky-cloud-parts-lvm.ks Normal file
View File

@ -0,0 +1,28 @@
part /boot/efi --fstype=efi --asprimary --onpart=vda1
part /boot --fstype=xfs --label=boot --onpart=vda2
part prepboot --fstype=biosboot --asprimary --onpart=vda3
part biosboot --fstype=biosboot --asprimary --onpart=vda4
part pv.01 --grow --onpart=vda5
volgroup rocky pv.01
logvol / --vgname=rocky --size=8000 --name=root --grow --mkfsoptions="-m bigtime=0,inobtcount=0"
%pre
# Clear the Master Boot Record
dd if=/dev/zero of=/dev/vda bs=512 count=1
# Create a new GPT partition table
parted /dev/vda mklabel gpt
# Create a partition for /boot/efi
parted /dev/vda mkpart primary fat32 1MiB 100MiB
parted /dev/vda set 1 boot on
# Create a partition for /boot
parted /dev/vda mkpart primary xfs 100MiB 1100MiB
# Create a partition for prep
parted /dev/vda mkpart primary 1100MiB 1104MiB
# Create a partition for bios_grub
parted /dev/vda mkpart primary 1104MiB 1105MiB
# Create a partition for LVM
parted /dev/vda mkpart primary ext2 1106MiB 10.7GB
parted /dev/vda set 5 lvm on
%end

138
cloud/rocky-ec2-base.ks Normal file
View File

@ -0,0 +1,138 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-base.ks
%include rocky-cloud-base-packages.ks
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10" --location=mbr --timeout=1
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
grub2-mkconfig -o /boot/grub2/grub.cfg --no-grubenv-update
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'ec2' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
cat >> /etc/dhcp/dhclient.conf << EOF
timeout 300;
retry 60;
EOF
rm -rf /var/log/yum.log
rm -rf /var/lib/yum/*
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
rm -f /var/lib/systemd/random-seed
cat /dev/null > /etc/machine-id
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# remove these for ec2 debugging
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
blacklist nouveau
EOL
# enable resizing on copied AMIs
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
echo 'add_drivers+=" xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
# reorder console entries
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
true
%end

138
cloud/rocky-ec2-lvm.ks Normal file
View File

@ -0,0 +1,138 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-lvm.ks
%include rocky-cloud-base-packages.ks
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10" --location=mbr --timeout=1
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
grub2-mkconfig -o /boot/grub2/grub.cfg --no-grubenv-update
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'ec2' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
cat >> /etc/dhcp/dhclient.conf << EOF
timeout 300;
retry 60;
EOF
rm -rf /var/log/yum.log
rm -rf /var/lib/yum/*
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
rm -f /var/lib/systemd/random-seed
cat /dev/null > /etc/machine-id
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# remove these for ec2 debugging
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
blacklist nouveau
EOL
# enable resizing on copied AMIs
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
echo 'add_drivers+=" xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
# reorder console entries
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
true
%end

125
cloud/rocky-genclo-base.ks Normal file
View File

@ -0,0 +1,125 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-base.ks
%include rocky-cloud-base-packages.ks
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
grub2-mkconfig -o /boot/grub2/grub.cfg --no-grubenv-update
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'genclo' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
cat >> /etc/dhcp/dhclient.conf << EOF
timeout 300;
retry 60;
EOF
rm -rf /var/log/yum.log
rm -rf /var/lib/yum/*
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
rm -f /var/lib/systemd/random-seed
cat /dev/null > /etc/machine-id
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# reorder console entries
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
true
%end

125
cloud/rocky-genclo-lvm.ks Normal file
View File

@ -0,0 +1,125 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-lvm.ks
%include rocky-cloud-base-packages.ks
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0" --location=mbr --timeout=1
%post --erroronfail
passwd -d root
passwd -l root
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
grub2-mkconfig -o /boot/grub2/grub.cfg --no-grubenv-update
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'genclo' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
cat >> /etc/dhcp/dhclient.conf << EOF
timeout 300;
retry 60;
EOF
rm -rf /var/log/yum.log
rm -rf /var/lib/yum/*
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
rm -f /var/lib/systemd/random-seed
cat /dev/null > /etc/machine-id
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# reorder console entries
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
true
%end

281
cloud/rocky-ocp-base.ks Normal file
View File

@ -0,0 +1,281 @@
%include rocky-cloud-base.ks
%include rocky-cloud-parts-lvm.ks
%include rocky-cloud-ocp-packages.ks
bootloader --append="console=ttyS0,115200n8 console=tty0 no_timer_check crashkernel=auto net.ifnames=0 LANG=en_US.UTF-8 transparent_hugepage=never rd.luks=0 rd.md=0 rd.dm=0 rd.lvm.vg=rocky rd.lvm.lv=rocky/root rd.net.timeout.dhcp=10" --location=mbr --timeout=1 --boot-drive=vda
repo --name="oraclelinux-addons" --baseurl=http://yum.oracle.com/repo/OracleLinux/OL8/addons/$basearch/ --install --includepkgs="oci-utils"
%post --erroronfail
# Attempting to force legacy BIOS boot if we boot from UEFI
# This was backported from our 9 kickstarts to address some issues.
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# setup systemd to boot to the right runlevel
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
dnf -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
# but we dont ship it in cloud
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
dnf -C -y remove avahi\*
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# Remove build-time resolvers to fix #16948
echo > /etc/resolv.conf
# For cloud images, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
EOF
echo "virtual-guest" > /etc/tuned/active_profile
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# rocky cloud user
sed -i '1i # Modified for cloud image' /etc/cloud/cloud.cfg
echo -e 'rocky\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
sed -i 's/name: cloud-user/name: rocky/g' /etc/cloud/cloud.cfg
dnf clean all
# XXX instance type markers - MUST match Rocky Infra expectation
echo 'oci' > /etc/yum/vars/infra
# change dhcp client retry/timeouts to resolve #6866
cat >> /etc/dhcp/dhclient.conf << EOF
timeout 300;
retry 60;
EOF
# OCI - Import repo GPG key
cat <<EOF > /tmp/key
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)
mQINBFyr9g0BEADVpB339zKe27a0LAQn4jWDYfX4ttCgYbX1sgyOKclO2ZMxdLIF
2Tz1KrmLim0am6ltTYIVpP0hVHsH1iy7MaVg1K/vaYIS8djL3SrmjX70P3QKIru5
Hr8iGOKvX4jMHbUZmghZyVRdvl2QNc9oh+l+i3CzyChFlNV3dGlmsaBRT6o5Ecvn
ZQ8cVdsbFnRAYpCDO65wOCujWNVe2F5eA6xy4mQfVOCuF7jY1sb4zRanTVE0hZyy
ig6OeTZjutjr7V+kDrT5K3PdXn2kPsVWcEdJJOta+hqJ9wnA1aiTJNNpvRP6fJtv
iw8poJqJID7VUPTfGp38k6sPfe4BmqEfRSUbNT5JKCFvlp4Y39pHzmKfX+8jjeZ2
XgBx/Z4GsW6q/tAOksZ8nHB/XIPZkr6V+tXXZP4D5peNIWLxhza585FDiGi8d1Z4
KIMpeqJhUu24vre9rmYn2wOFP6GYZfi1KOMImAjQC13BktpAlSqDNzCQepoNfvoG
iO8v0sO8mHy16fpp+hk7T4hveScoYYIBaTMcdTElvPjA5mgXTaBF/qttF1LlFf51
PvNkKQVoCR7V9+puZGsWeq9Kv+GaUYC3uKo96MKCO4G34uSu9uYo4eZ3yr7GslSM
6rB0Fi4yfDT9R9mS8YHpuCKhgQ5IUBl6x72h1s02+maheeH0CZMbV/7hEwARAQAB
tERPcmFjbGUgT1NTIGdyb3VwIChPcGVuIFNvdXJjZSBTb2Z0d2FyZSBncm91cCkg
PGJ1aWxkQG9zcy5vcmFjbGUuY29tPokCPgQTAQIAKAUCXKv2DQIbAwUJJZgGAAYL
CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQglYuqa2YbaN53w/+Lx4cqKifslEa
BpWz4yqHcAtuz25sCW4wbH4V56EfKZAh+WQ/JwPFybSywqbzgIUrIlzg8CMuUnKM
5BElUkKPDYI+CjvUtP0B9eFThqjp7WNly0IQX8qC6p/gTLDXuEbKLj+EfLvKihqc
L2tJIaQWiQAaftG5DFHIanZpVr88eXJwAMCle/m29x7K4g0c959vZdFF7iggIcHl
TJ3GWGbLzRXi0fXVTQJAltR5Gx+FnRnSmAplL6j1UG1cgesZrfJZbNsl0+5Eq4oH
UN3sTgaqTYaMWR7jH6HFF+5d05ndpltLXbG6Ia1c1Z4e+ha2ehBnceBxSCt5VT5z
tmvJCm4QT4+S8AKsdQLpx3XWTWs5B41DYy3yQHaQz+So42YEtvGCemPsCfkid8ZN
Eltl9KM0iHYJbFehv2ckZe4RVNEDVgurlnEEKICvhfwS4bz2IQZPSYQLGLmUYwpp
kf2VjkDhTQUMp1iqLXsolCjDfTcZrlUaAEXP7A1wuLBlAEHE/yZOZbqcgE4AZKkV
nJYmu2lrSkNhisMOVsVhDyCyFEw1+fD+RnvR9uNHOqgeTV/6kOyGu+nC8dnwKyq0
wLJzu+8ENdemcvld9pwx3FPWTGQ4GGNJ3MVdwfwnYkg5vKGDSOmPDuEnnxkaPJrT
JIHSJXfjSg/M0PiLGXcOMpGVNebpSQK5Ag0EXKv2DQEQAKHZmlvNo+/+amYh9Ogn
lzSUctqLENke8m7Q7HXUakEZgTfRU0an+9TmfoUCyHS11q3A0l+FoB/FBT45ByxU
df850oQd0PApqo5NxNpQCqYgOCOpTHT0SnRh9gQCDGgzfYSZl8ME+izEU5WOjQ51
g/2ajODXGIWHPwYE8lZyF7tE7bFNEwve7sIrQefAR0eASz8PMFdQ5US/vYZQ+jeL
U2dZqfl2B7AnP7MuXpa31MkhB3laYdH+vWaQLPbk/bh7cvKtkDbDHY13NS2nTpWy
fjeUCFpDHupzMNkclc0If44WKA1a0sO7d6mBWyVM0IgrCxieXJ/EZVFkhXEulcGu
+L0iHhkR9NA6dRXvC/wJnsCASjzxFqyzlhTfNR1QwWdZJpC8Il9oH3VcrT4TtEvJ
DxuXTMqeMSOfNSsdqaiE9u6tgbC13qBTvbsoBg9Rs2hY2nRqUhNhvMoRbt1U1qXw
hn/9g1f+1i3GvED6j2AuWMnU9zehR32iuGQl48ko428bREPz08AY++v3/n4U/cbs
oJzAvCg1+WYQe26v0mIJIuzOmeFRmXcaTHUZvyY6aqSvQeOno0h1cjRZAN9T6Z8q
lYbwh8yhGNlfybQPmld/oeiDNVr43sSl6W02TOLFZ36h2eGpt2LKUVz+zFQwrAdF
u6Uo/1lgGRGbzBezNgUCkQCLABEBAAGJAiUEGAECAA8FAlyr9g0CGwwFCSWYBgAA
CgkQglYuqa2YbaO4Eg//WREjdHosvTLPbjDwmtH0R3Twis/eqHPSq57I9jDSOvRD
Wkv4/CidBu1+FsTDpInn4wiAIE9eMb/L89Cc2Y5LyzHlzORJMEgzEqcjIewqRcEy
vMbyTnx4Gc4hKiMhRcMLWQuWp6/JT09+B3oPzQLXHvuAuKu0ZjFJl16obdoL7tAT
AOPtqmxkwt22G1lBkGUVCOiEuwg1+9AgiMhDHt6Gg8wHjKoQiHv4peGDKxcldfTF
TAH03vx+2mwT61a/RjE1YqHzmlqmTa89SDNDStrG2VikSB0YdDuqSzB6FMcURktJ
wwyhOKEjJ4c20wZG5xQfiJfOcij2QYPW5vYtQNCnKfspsF7BCP/GXdYATgyajCxp
4pkNsAZlRyHUx1zPMR1E1+se+l5s18y0V+b+1YBEmAmcEML9Rev+Rbyd+YXmJ+P9
rDThkvPXxV+4HZgl0mXvTd1CUUnNnd40ZSzFo8hTmr/+j2T7iR3wcxnoyv/d8MOU
quYsKDLdBr9ng+Cvbf/8lNJJ6dbCQAcEXvRn8FKjq+iP+hHPXXOh/FrMvBJrbD3V
6F65eyvyLMN74Caxd2B2ru01yLNGARZr8iOH3cdt4byC0lSA51yNePooe6HfgCEA
sFEvovilr7kFbspDGrP49wh0evtRDPmqfjMLiiaRxOXefOjbh8XqrfNGDTCQzdE=
=dTZ0
-----END PGP PUBLIC KEY BLOCK-----
EOF
rpm --import /tmp/key
rm -rf /var/log/yum.log
rm -rf "/var/lib/yum/*"
rm -rf /root/install.log
rm -rf /root/install.log.syslog
rm -rf /root/anaconda-ks.cfg
rm -rf /var/log/anaconda*
rm -f /var/lib/systemd/random-seed
cat /dev/null > /etc/machine-id
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# remove these for debugging
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
# OCI - Start ocid on boot
systemctl enable ocid.service
# enable resizing on copied AMIs
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
# OCI - Need iscsi as a dracut module
echo 'add_dracutmodules+=" iscsi "' > /etc/dracut.conf.d/iscsi.conf
# OCI - Virtio drivers
echo 'add_drivers+=" virtio virtio_blk virtio_net virtio_pci virtio_ring virtio_scsi virtio_console "' > /etc/dracut.conf.d/virtio.conf
# OCI - YOLO
mkdir -p /usr/lib/dracut/modules.d/95oci
OCIDRACUT="H4sIAGtFHmMAA+2WWW/bOBCA/Vr+illZzQXoluPUhgMURYrmpS02fevuGpJIWYQVUiWpJoHr/15S
crLZZBs3QA8U5QfYosQ5NUNSrRRBTfMAi6xoVXDOcVsT6ePg2YgXNBh8C0LNeDTqrpq7124cpfF4
nIzT8fhwEEaj+HA8gNE38b6FVqpMAAwE5+ohuW3zvyjtw/UnLMtr4lFZSOrlV00mpS+rR/rYUv84
StJBlIx10ZNREscD/SRNkwGE3yXjO/zm9R/+EeSUBbJCQ/AOPNANQCYgK1LXniwEbdQUKMOEKU9l
ufT6eUbrqRby8kzSwuNlKYmaQDo1JrQhcjkBJWdHIC9mKUg9TIEoKGlN1FVDZtobGr7NVFFB11nm
3YLikNU1v4A8ozXwVgEtQVUEullM5RKKjGkZQTJ8BTmBkrcMo6Eg5QTeiCxvFxMYJmESxWGYImRc
wYLo8i7gOMDkY8Dauob4eCeCT5/Ah1uN7+mhbmx0+vrs5M93s10kZo67Mp6Hec2L5WTtIB1Oby3n
vIYQBPa76P1+XcDODrwHj4DjCgf+nprYGSDQlFwA69KgDNy93ooERpR5uD8FzDs5w3utv+qEnz6d
HKwdmIHTudE2TdgFZ4qyltwodGk2mZBk3snNO0dfTlh7vc722sQ9bcftInCMmiCqFQyiG+lN2HPC
ipm7J5WYC9LUWUH+VXMC/fsrLp39TgtzRuAe3RQpKr5JcAJnS9o0lC3AveXD930HjnfiR4lDl/7y
XC5uqUkjT7CZdgJ13gSdHbP+FcHebSNOr3VJFYSopGgXfWX1S21ZmgV109c3rYCuwzgxe6oJ+/Ts
xdkpbPR5oyhn15l+leR/kuw13L6BdeFAEgwehd3gn7fP372a+QdusBK9ilSYmniq9RTc1eU0MBKB
HnwI11P9n6x3/ycP3QsXme4E56VeoNr4g9GZt/az9zbLdrac//29p7f3tnn8wb9h2/dfchjdOf/D
OIns+f8j2Jz/+iD/4V8ARUWK5d4+rNCTzRkTojVCmDSEYXl/gjJdqrruJ8zNvOJ8CY0gXqt3NTg6
0vufjg5T8YXvVkeb+dkv3GKxWCwWi8VisVgsFovFYrFYLBaLxWL5jnwGdMMrBgAoAAA="
base64 -d <<<"$OCIDRACUT" | tar -xz
OCICLOUDCFG="IyBPQ0kgY2xvdWQtaW5pdCBjb25maWd1cmF0aW9uCmRhdGFzb3VyY2VfbGlzdDogWydPcmFjbGUn
LCAnT3BlblN0YWNrJ10KZGF0YXNvdXJjZToKICBPcGVuU3RhY2s6CiAgICBtZXRhZGF0YV91cmxz
OiBbJ2h0dHA6Ly8xNjkuMjU0LjE2OS4yNTQnXQogICAgdGltZW91dDogMTAKICAgIG1heF93YWl0
OiAyMAoKIyBzd2FwIGZpbGUKc3dhcDoKICAgZmlsZW5hbWU6IC8uc3dhcGZpbGUKICAgc2l6ZTog
ImF1dG8iCgpjbG91ZF9pbml0X21vZHVsZXM6CiMgT0NJOiBkaXNrX3NldHVwIGlzIGRpc2FibGVk
CiMtIGRpc2tfc2V0dXAKIC0gbWlncmF0b3IKIC0gYm9vdGNtZAogLSB3cml0ZS1maWxlcwojIE9D
STogVGhlIGdyb3dwYXJ0IG1vZHVsZSBpcyBkaXNhYmxlZCBieSBkZWZhdWx0LiBUbyBlbmFibGUg
YXV0b21hdGljIGJvb3Qgdm9sdW1lIHJlc2l6aW5nLCB1bmNvbW1lbnQKIyB0aGUgYmVsb3cgZW50
cnkgZm9yICctIGdyb3dwYXJ0JyBhbmQgcmVib290LiBBbGwgdGhlIGRlcGVuZGVudCBwYWNrYWdl
cyBmb3IgdGhlIGdyb3dwYXJ0CiMgbW9kdWxlIHRvIHdvcmsgc3VjaCBhcyBjbG91ZC11dGlscy1n
cm93cGFydCBhbmQgZ2Rpc2sgYXJlIGFscmVhZHkgaW5jbHVkZWQgaW4gdGhlIGltYWdlLgojLSBn
cm93cGFydAogLSByZXNpemVmcwojIE9DSTogc2V0X2hvc3RuYW1lLCB1cGRhdGVfaG9zdG5hbWUs
IHVwZGF0ZV9ldGNfaG9zdHMgYXJlIGRpc2FibGVkCiMtIHNldF9ob3N0bmFtZQojLSB1cGRhdGVf
aG9zdG5hbWUKIy0gdXBkYXRlX2V0Y19ob3N0cwogLSByc3lzbG9nCiAtIHVzZXJzLWdyb3Vwcwog
LSBzc2gKCmNsb3VkX2NvbmZpZ19tb2R1bGVzOgogLSBtb3VudHMKIC0gbG9jYWxlCiAtIHNldC1w
YXNzd29yZHMKIyBPQ0k6IHJoX3N1YnNjcmlwdGlvbiBpcyBkaXNhYmxlZAojLSByaF9zdWJzY3Jp
cHRpb24KIC0geXVtLWFkZC1yZXBvCiAtIHBhY2thZ2UtdXBkYXRlLXVwZ3JhZGUtaW5zdGFsbAog
LSB0aW1lem9uZQogLSBudHAKIC0gcHVwcGV0CiAtIGNoZWYKIC0gc2FsdC1taW5pb24KIC0gbWNv
bGxlY3RpdmUKIC0gZGlzYWJsZS1lYzItbWV0YWRhdGEKIC0gcnVuY21kCgpjbG91ZF9maW5hbF9t
b2R1bGVzOgogLSByaWdodHNjYWxlX3VzZXJkYXRhCiAtIHNjcmlwdHMtcGVyLW9uY2UKIC0gc2Ny
aXB0cy1wZXItYm9vdAogLSBzY3JpcHRzLXBlci1pbnN0YW5jZQogLSBzY3JpcHRzLXVzZXIKIC0g
c3NoLWF1dGhrZXktZmluZ2VycHJpbnRzCiAtIGtleXMtdG8tY29uc29sZQogLSBwaG9uZS1ob21l
CiAtIGZpbmFsLW1lc3NhZ2UKIyBPQ0k6IHBvd2VyLXN0YXRlLWNoYW5nZSBpcyBkaXNhYmxlZAoj
LSBwb3dlci1zdGF0ZS1jaGFuZ2UKCg=="
base64 -d <<<"$OCICLOUDCFG" >> /etc/cloud/cloud.cfg.d/99_oci.cfg
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%%{V}-%%{R}.%%{arch}\n')
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
# OCI needs Iscsi
grubby --args="libiscsi.debug_libiscsi_eh=1 netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi ip=dhcp rd.iscsi.bypass rd.iscsi.param=node.session.timeo.replacement_timeout=6000" --update-kernel "/boot/vmlinuz-$KERNEL_VERSION"
passwd -d root
passwd -l root
# Copyright (C) 2020 Oracle Corp., Inc. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl
#
# /usr/lib/oci-linux-config/cloud/scripts/initramfs-mod/net.sh
#
echo "$(date) - OCI initramfs network modification script started."
# Symlink network config files where cloud-init >= 19.4 expects them
DRACUT_CFG=/run/initramfs/state/etc/sysconfig/network-scripts
CI_DIR=/run
if [ -d $DRACUT_CFG ]; then
FILE_COUNT=`ls $DRACUT_CFG | wc -l`
if [ $FILE_COUNT -eq 0 ]; then
# Create dummy file if dracut did not create network device config
dummycfg=$CI_DIR/net-dummy.conf
echo "DEVICE=\"dummy\"" > $dummycfg
echo "BOOTPROTO=dhcp" >> $dummycfg
echo "$(date) - Creating dummy config $dummycfg."
else
for dcfg in $DRACUT_CFG/*; do
filename=${dcfg##*/}
devname=${filename##ifcfg-}
cicfg=$CI_DIR/net-$devname.conf
if [ ! -e $cicfg ]; then
echo "$(date) - Creating symlink from $dcfg to $cicfg."
ln -s $dcfg $cicfg
fi
done
fi
fi
echo "$(date) - OCI initramfs network modification script done."
true
%end

75
container/rocky-container-base.ks Normal file
View File

@ -0,0 +1,75 @@
%include rocky-container.ks
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
bash
binutils
coreutils-single
glibc-minimal-langpack
hostname
iputils # this pulls in systemd, lets ask for it by name, too
less
systemd
rocky-release
rootfiles
tar
vim-minimal
yum
-brotli
-dosfstools
-kexec-tools
-e2fsprogs
-firewalld
-fuse-libs
-gettext*
-gnupg2-smime
-grub\*
-iptables
-kernel
-libss
-os-prober*
-pinentry
-qemu-guest-agent
-shared-mime-info
-trousers
-xfsprogs
-xkeyboard-config
%end
%post --erroronfail --log=/root/anaconda-post.log
# container customizations inside the chroot
# Stay compatible
echo 'container' > /etc/dnf/vars/infra
#Generate installtime file record
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
# Limit languages to help reduce size.
LANG="en_US"
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
echo 'LANG="C.UTF-8"' > /etc/locale.conf
# systemd fixes
:> /etc/machine-id
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
/tmp/* /tmp/.* || true
%end

77
container/rocky-container-minimal.ks Normal file
View File

@ -0,0 +1,77 @@
%include rocky-container.ks
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
bash
coreutils-single
glibc-minimal-langpack
systemd
microdnf
rocky-release
-brotli
-dosfstools
-e2fsprogs
-firewalld
-fuse-libs
-gettext*
-gnupg2-smime
-grub\*
-hostname
-iptables
-iputils
-kernel
-kexec-tools
-less
-libss
-os-prober*
-pinentry
-qemu-guest-agent
-rootfiles
-shared-mime-info
-tar
-trousers
-vim-minimal
-xfsprogs
-xkeyboard-config
-yum
%end
%post --erroronfail --log=/root/anaconda-post.log
# container customizations inside the chroot
rpm --rebuilddb
/bin/date +%Y-%m-%d_%H:%M:%S > /etc/BUILDTIME
echo 'container' > /etc/dnf/vars/infra
LANG="en_US"
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf
echo 'LANG="C.UTF-8"' > /etc/locale.conf
rm -f /var/lib/dnf/history.*
rm -fr "/var/log/*" "/tmp/*" "/tmp/.*"
for dir in $(ls -d "/usr/share/{locale,i18n}/*" | grep -v 'en_US\|all_languages\|locale\.alias'); do rm -fr $dir; done
# systemd fixes
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
"/tmp/*" "/tmp/.*" || true
%end

84
container/rocky-container-ubi.ks Normal file
View File

@ -0,0 +1,84 @@
%include rocky-container.ks
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
bash
coreutils-single
crypto-policies-scripts
curl-minimal
findutils
gdb-gdbserver
glibc-minimal-langpack
gzip
libcurl-minimal
systemd
rocky-release
rootfiles
tar
vim-minimal
which
yum
-dosfstools
-e2fsprogs
-firewalld
-fuse-libs
-gettext*
-gnupg2-smime
-grub\*
-iptables
-kernel
-kexec-tools
-libss
-os-prober*
-pinentry
-qemu-guest-agent
-shared-mime-info
-trousers
-xfsprogs
-xkeyboard-config
%end
%post --erroronfail --log=/root/anaconda-post.log
set -eux
# container customizations inside the chroot
# Stay compatible
echo 'container' > /etc/dnf/vars/infra
#Generate installtime file record
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
# Limit languages to help reduce size.
LANG="en_US"
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
echo 'LANG="C.UTF-8"' > /etc/locale.conf
# systemd fixes
:> /etc/machine-id
umount /run
systemd-tmpfiles --create --boot
# mask mounts and login bits
systemctl mask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service
# Remove network configuration files leftover from anaconda installation
# https://bugzilla.redhat.com/show_bug.cgi?id=1713089
rm -f /etc/sysconfig/network-scripts/ifcfg-*
# Cleanup the image
rm -f /etc/udev/hwdb.bin
rm -rf /usr/lib/udev/hwdb.d/ \
/boot /var/lib/dnf/history.* \
/var/cache/* /var/log/* \
/tmp/* /tmp/.* || true
%end

22
container/rocky-container.ks Normal file
View File

@ -0,0 +1,22 @@
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
text
bootloader --disable
firewall --disabled
network --bootproto=dhcp --device=link --activate --onboot=on
rootpw --lock --iscrypted locked
selinux --disabled
shutdown
keyboard us
lang en_US.UTF-8
timezone --isUtc --nontp Etc/UTC
# Disk setup
zerombr
clearpart --all --initlabel
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
%pre
dbus-broker-launch --scope=none
%end

13
live/8/rocky-repo.ks
View File

@ -1,13 +0,0 @@
# These should change based on the major/minor release
# Deps repo, there are some anaconda packages that are *not* available by default
repo --name=livedeps --includepkgs=anaconda-live --cost=500 --baseurl=https://kojidev.rockylinux.org/kojifiles/repos/dist-rocky8_4-updates-build/latest/$basearch/
#repo --name=livedeps --includepkgs=anaconda-live,rocky-logos,rocky-logos-httpd,rocky-backgrounds,rocky-logos-ipa --cost=500 --baseurl=http://10.100.0.1/pub/deps
# Base repos
repo --name=BaseOS --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8.4/BaseOS/$basearch/os/
repo --name=AppStream --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8.4/AppStream/$basearch/os/
repo --name=PowerTools --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8.4/PowerTools/$basearch/os/
# URL to the base os repo
url --url=http://dl.rockylinux.org/pub/rocky/8.4/BaseOS/$basearch/os/

356
live/8/x86_64/prod/mainline/rocky-live-base.ks Normal file
View File

@ -0,0 +1,356 @@
# rocky-live-base.ks
#
# Base installation information for Rocky Linux images
#
lang en_US.UTF-8
keyboard us
timezone US/Eastern
auth --useshadow --passalgo=sha512
selinux --enforcing
firewall --enabled --service=mdns
xconfig --startxonboot
zerombr
clearpart --all
part / --size 5120 --fstype ext4
services --enabled=NetworkManager,ModemManager --disabled=sshd
network --bootproto=dhcp --device=link --activate
rootpw --lock --iscrypted locked
shutdown
%include rocky-repo-mainline.ks
%packages
@base-x
@guest-desktop-agents
@standard
@core
@fonts
@input-methods
@dial-up
@multimedia
@hardware-support
# explicit
elrepo-release
kernel-ml
kernel-ml-modules
kernel-ml-modules-extra
memtest86+
anaconda
anaconda-install-env-deps
anaconda-live
@anaconda-tools
# Required for SVG rnotes images
aajohan-comfortaa-fonts
# RHBZ#1242586 - Required for initramfs creation
dracut-live
syslinux
# Anaconda needs all the locales available, just like a DVD installer
glibc-all-langpacks
# This isn't in @core anymore, but livesys still needs it
initscripts
chkconfig
%end
%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/livesys << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
### BEGIN INIT INFO
# X-Start-Before: display-manager chronyd
### END INIT INFO
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
exit 0
fi
if [ -e /.liveimg-configured ] ; then
configdone=1
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
livedir="LiveOS"
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
livedir=\${arg##rd.live.dir=}
continue
fi
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
livedir=\${arg##live_dir=}
fi
done
# Enable swap unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
for s in \$swaps ; do
action "Enabling swap partition \$s" swapon \$s
done
fi
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
fi
# Support for persistent homes
mountPersistentHome() {
# support label/uuid
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
fi
# if we're given a file rather than a blockdev, loopback it
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
# mtd devs don't have a block device but get magic-mounted with -t jffs2
mountopts="-t jffs2"
elif [ ! -b "\$homedev" ]; then
loopdev=\`losetup -f\`
if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
fi
losetup \$loopdev \$homedev
homedev=\$loopdev
fi
# if it's encrypted, we need to unlock it
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
echo
echo "Setting up encrypted /home device"
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
homedev=/dev/mapper/EncHome
fi
# and finally do the mount
mount \$mountopts \$homedev /home
# if we have /home under what's passed for persistent home, then
# we should make that the real /home. useful for mtd device on olpc
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
[ -x /sbin/restorecon ] && /sbin/restorecon /home
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}
# Help locate persistent homes
findPersistentHome() {
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
homedev=\${arg##persistenthome=}
fi
done
}
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
findPersistentHome
elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
homedev=/run/initramfs/live/\${livedir}/home.img
fi
# Mount the persistent home if it's available
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
action "Mounting persistent /home" mountPersistentHome
fi
if [ -n "\$configdone" ]; then
exit 0
fi
# Create the liveuser (no password) so automatic logins and sudo works
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
passwd -d liveuser > /dev/null
usermod -aG wheel liveuser > /dev/null
# Same for root
passwd -d root > /dev/null
# Turn off firstboot (similar to a DVD/minimal install, where it asks
# for the user to accept the EULA before bringing up a TTY)
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
systemctl stop firstboot-text.service 2> /dev/null || :
systemctl stop firstboot-graphical.service 2> /dev/null || :
# Prelinking damages the images
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
# Turn off mdmonitor by default
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
systemctl stop mdmonitor.service 2> /dev/null || :
systemctl stop mdmonitor-takeover.service 2> /dev/null || :
# Even if there isn't gnome, this doesn't hurt.
gsettings set org.gnome.software download-updates 'false' || :
# Disable cron
systemctl --no-reload disable crond.service 2> /dev/null || :
systemctl --no-reload disable atd.service 2> /dev/null || :
systemctl stop crond.service 2> /dev/null || :
systemctl stop atd.service 2> /dev/null || :
# Disable abrt
systemctl --no-reload disable abrtd.service 2> /dev/null || :
systemctl stop abrtd.service 2> /dev/null || :
# Don't sync the system clock when running live (RHBZ #1018162)
sed -i 's/rtcsync//' /etc/chrony.conf
# Mark things as configured
touch /.liveimg-configured
# add static hostname to work around xauth bug
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
# the hostname must be something else than 'localhost'
# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
echo "localhost" > /etc/hostname
EOF
# HAL likes to start late.
cat > /etc/rc.d/init.d/livesys-late << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
exit 0
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-late-configured
# Read some stuff out of the kernel cmdline
for o in \`cat /proc/cmdline\` ; do
case \$o in
ks=*)
ks="--kickstart=\${o#ks=}"
;;
xdriver=*)
xdriver="\${o#xdriver=}"
;;
esac
done
# If liveinst or textinst is given, start installer
if strstr "\`cat /proc/cmdline\`" liveinst ; then
plymouth --quit
/usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
plymouth --quit
/usr/sbin/liveinst --text \$ks
fi
# Configure X, allowing user to override xdriver
if [ -n "\$xdriver" ]; then
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
Section "Device"
Identifier "Videocard0"
Driver "\$xdriver"
EndSection
FOE
fi
EOF
chmod 755 /etc/rc.d/init.d/livesys
/sbin/restorecon /etc/rc.d/init.d/livesys
/sbin/chkconfig --add livesys
chmod 755 /etc/rc.d/init.d/livesys-late
/sbin/restorecon /etc/rc.d/init.d/livesys-late
/sbin/chkconfig --add livesys-late
# Enable tmpfs for /tmp - this is a good idea
systemctl enable tmp.mount
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
cat >> /etc/fstab << EOF
vartmp /var/tmp tmpfs defaults 0 0
EOF
# PackageKit likes to play games. Let's fix that.
rm -f /var/lib/rpm/__db*
releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
basearch=$(uname -i)
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
echo "Packages within this LiveCD"
rpm -qa
# Note that running rpm recreates the rpm db files which aren't needed or wanted
rm -f /var/lib/rpm/__db*
# go ahead and pre-make the man -k cache (#455968)
/usr/bin/mandb
# make sure there aren't core files lying around
rm -f /core*
# remove random seed, the newly installed instance should make it's own
rm -f /var/lib/systemd/random-seed
# convince readahead not to collect
# FIXME: for systemd
echo 'File created by kickstart. See systemd-update-done.service(8).' \
| tee /etc/.updated >/var/.updated
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
# See bug 1317709
rm -f /boot/*-rescue*
# Disable network service here, as doing it in the services line
# fails due to RHBZ #1369794 - the error is expected
/sbin/chkconfig network off
# Remove machine-id on generated images
rm -f /etc/machine-id
touch /etc/machine-id
%end
%post --nochroot
cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
# This only works on x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
# For livecd-creator builds
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
# For lorax/livemedia-creator builds
sed -i '
/## make boot.iso/ i\
# Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
<% f = "usr/bin/livecd-iso-to-disk" %>\
%if exists(f):\
install ${f} ${LIVEDIR}/${f|basename}\
%endif\
' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
fi
%end

107
live/8/x86_64/prod/mainline/rocky-live-workstation.ks Normal file
View File

@ -0,0 +1,107 @@
# Maintained by Release Engineering
# mailto:releng@rockylinux.org
%include rocky-live-base.ks
%include rocky-workstation-common.ks
#
# Disable this for now as packagekit is causing compose failures
# by leaving a gpg-agent around holding /dev/null open.
#
#include snippets/packagekit-cached-metadata.ks
part / --size 6656
%post
cat >> /etc/rc.d/init.d/livesys << EOF
# disable gnome-software automatically downloading updates
cat >> /usr/share/glib-2.0/schemas/org.gnome.software.gschema.override << FOE
[org.gnome.software]
download-updates=false
FOE
# don't autostart gnome-software session service
rm -f /etc/xdg/autostart/gnome-software-service.desktop
# disable the gnome-software shell search provider
cat >> /usr/share/gnome-shell/search-providers/org.gnome.Software-search-provider.ini << FOE
DefaultDisabled=true
FOE
# don't run gnome-initial-setup
mkdir ~liveuser/.config
touch ~liveuser/.config/gnome-initial-setup-done
# suppress anaconda spokes redundant with gnome-initial-setup
cat >> /etc/sysconfig/anaconda << FOE
[NetworkSpoke]
visited=1
[PasswordSpoke]
visited=1
[UserSpoke]
visited=1
FOE
# make the installer show up
if [ -f /usr/share/applications/liveinst.desktop ]; then
# Show harddisk install in shell dash
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop ""
# need to move it to anaconda.desktop to make shell happy
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
cat >> /usr/share/glib-2.0/schemas/org.gnome.shell.gschema.override << FOE
[org.gnome.shell]
favorite-apps=['firefox.desktop', 'evolution.desktop', 'rhythmbox.desktop', 'shotwell.desktop', 'org.gnome.Nautilus.desktop', 'anaconda.desktop']
FOE
# Make the welcome screen show up
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/anaconda.desktop
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# Copy Anaconda branding in place
if [ -d /usr/share/lorax/product/usr/share/anaconda ]; then
cp -a /usr/share/lorax/product/* /
fi
fi
# rebuild schema cache with any overrides we installed
glib-compile-schemas /usr/share/glib-2.0/schemas
# set up auto-login
cat > /etc/gdm/custom.conf << FOE
[daemon]
AutomaticLoginEnable=True
AutomaticLogin=liveuser
FOE
# Turn off PackageKit-command-not-found while uninstalled
if [ -f /etc/PackageKit/CommandNotFound.conf ]; then
sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
fi
# switch default kernel
sed -i 's/DEFAULTKERNEL=kernel/DEFAULTKERNEL=kernel-ml/g' /etc/sysconfig/kernel
# enable elrepo kernel
dnf config-manager --set-enabled elrepo-kernel
# make sure to set the right permissions and selinux contexts
chown -R liveuser:liveuser /home/liveuser/
restorecon -R /home/liveuser/
restorecon -R /
EOF
%end

14
live/8/x86_64/prod/mainline/rocky-repo-mainline.ks Normal file
View File

@ -0,0 +1,14 @@
# These should change based on the major/minor release
# Deps repo, there are some anaconda packages that are *not* available by default
repo --name=BaseOS --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8/BaseOS/$basearch/os/
repo --name=AppStream --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8/AppStream/$basearch/os/
repo --name=PowerTools --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8/PowerTools/$basearch/os/
repo --name=extras --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8/extras/$basearch/os
# ELRepo
repo --name="elrepo-kernel" --baseurl=https://elrepo.org/linux/kernel/el8/$basearch/ --cost=200
# URL to the base os repo
url --url=http://dl.rockylinux.org/pub/rocky/8/BaseOS/$basearch/os/
#url --url=http://10.100.0.1/pub/deps

0
live/8/rocky-workstation-common.ks → live/8/x86_64/prod/mainline/rocky-workstation-common.ks
View File

3
live/8/rocky-live-base-spin.ks → live/8/x86_64/prod/rocky-live-base-spin.ks
View File

@ -7,7 +7,6 @@
lang en_US.UTF-8
keyboard us
timezone US/Eastern
auth --useshadow --passalgo=sha512
selinux --enforcing
firewall --enabled --service=mdns
xconfig --startxonboot
@ -333,6 +332,8 @@ rm -f /boot/*-rescue*
rm -f /etc/machine-id
touch /etc/machine-id
/usr/sbin/fixfiles -R -a restore
%end

3
live/8/rocky-live-base.ks → live/8/x86_64/prod/rocky-live-base.ks
View File

@ -6,7 +6,6 @@
lang en_US.UTF-8
keyboard us
timezone US/Eastern
auth --useshadow --passalgo=sha512
selinux --enforcing
firewall --enabled --service=mdns
xconfig --startxonboot
@ -329,6 +328,8 @@ rm -f /boot/*-rescue*
rm -f /etc/machine-id
touch /etc/machine-id
/usr/sbin/fixfiles -R -a restore
%end

19
live/8/rocky-live-kde-base.ks → live/8/x86_64/prod/rocky-live-kde-base.ks
View File

@ -50,9 +50,9 @@ MENU_EOF
sed -i 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop
# debrand
sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/liveinst.desktop
@ -61,6 +61,12 @@ chmod +x /usr/share/applications/liveinst.desktop
mkdir /home/liveuser/Desktop
cp -a /usr/share/applications/liveinst.desktop /home/liveuser/Desktop/
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# Set akonadi backend
mkdir -p /home/liveuser/.config/akonadi
cat > /home/liveuser/.config/akonadi/akonadiserverrc << AKONADI_EOF
@ -68,6 +74,9 @@ cat > /home/liveuser/.config/akonadi/akonadiserverrc << AKONADI_EOF
Driver=QSQLITE3
AKONADI_EOF
# Disable plasma-pk-updates if applicable
rpm -e plasma-pk-updates
# "Disable plasma-discover-notifier"
mkdir -p /home/liveuser/.config/autostart
cp -a /etc/xdg/autostart/org.kde.discover.notifier.desktop /home/liveuser/.config/autostart/
@ -79,6 +88,8 @@ cat > /home/liveuser/.config/baloofilerc << BALOO_EOF
Indexing-Enabled=false
BALOO_EOF
mkdir -p ~liveuser/.kde/share/config/
# Disable kres-migrator
cat > /home/liveuser/.kde/share/config/kres-migratorrc << KRES_EOF
[Migration]
@ -98,7 +109,7 @@ restorecon -R /
EOF
systemctl enable sddm.service
systemctl enable --force sddm.service
dnf config-manager --set-enabled powertools
%end

3
live/8/rocky-live-kde-common.ks → live/8/x86_64/prod/rocky-live-kde-common.ks
View File

@ -20,6 +20,9 @@ libreoffice-writer
### fixes
sddm
sddm-breeze
sddm-themes
sddm-kcm
# use kde-print-manager instead of system-config-printer
-system-config-printer

0
live/8/rocky-live-kde-minimization.ks → live/8/x86_64/prod/rocky-live-kde-minimization.ks
View File

2
live/8/rocky-live-kde.ks → live/8/x86_64/prod/rocky-live-kde.ks
View File

@ -4,7 +4,7 @@
%include rocky-live-kde-base.ks
# DVD
part / --size=7000
part / --size=9000
%post
%end

137
live/8/x86_64/prod/rocky-live-mate-common.ks Normal file
View File

@ -0,0 +1,137 @@
%packages
NetworkManager-adsl
NetworkManager-bluetooth
NetworkManager-l2tp-gnome
NetworkManager-libreswan-gnome
NetworkManager-openconnect-gnome
NetworkManager-openvpn-gnome
NetworkManager-ovs
NetworkManager-ppp
NetworkManager-pptp-gnome
NetworkManager-team
NetworkManager-wifi
NetworkManager-wwan
atril
atril-caja
atril-thumbnailer
caja
caja-actions
dconf-editor
efi-filesystem
efibootmgr
efivar-libs
engrampa
eom
f36-backgrounds-extras-mate
f36-backgrounds-mate
filezilla
firefox
firewall-applet
firewall-config
gnome-disk-utility
gnome-epub-thumbnailer
gparted
grub2-common
grub2-efi-*64
grub2-efi-*64-cdboot
grub2-pc-modules
grub2-tools
grub2-tools-efi
grub2-tools-extra
grub2-tools-minimal
grubby
gstreamer1-plugins-ugly-free
gtk2-engines
gucharmap
gvfs-fuse
gvfs-gphoto2
gvfs-mtp
gvfs-smb
hexchat
initial-setup-gui
libmatekbd
libmatemixer
libmateweather
libreoffice-calc
libreoffice-emailmerge
libreoffice-graphicfilter
libreoffice-impress
libreoffice-writer
libsecret
lightdm
lm_sensors
marco
mate-applets
mate-backgrounds
mate-calc
mate-control-center
mate-desktop
mate-dictionary
mate-disk-usage-analyzer
mate-icon-theme
mate-media
mate-menus
mate-menus-preferences-category-menu
mate-notification-daemon
mate-panel
mate-polkit
mate-power-manager
mate-screensaver
mate-screenshot
mate-search-tool
mate-sensors-applet
mate-session-manager
mate-settings-daemon
mate-system-log
mate-system-monitor
mate-terminal
mate-themes
mate-user-admin
mate-user-guide
mate-utils
mozo
network-manager-applet
nm-connection-editor
orca
p7zip
p7zip-plugins
parole
pavucontrol
pipewire
pluma
pluma-plugins
rocky-backgrounds
seahorse
seahorse-caja
setroubleshoot
shim-*64
slick-greeter-mate
thunderbird
tigervnc
usermode-gtk
vim-enhanced
xdg-user-dirs-gtk
xmodmap
xrdb
yelp
-@3d-printing
-@admin-tools
-audacious
-brasero
-evolution-help
-fedora-icon-theme
-gnome-icon-theme
-gnome-icon-theme-symbolic
-gnome-logs
-gnome-software
-gnome-user-docs
-hplip
-isdn4k-utils
-mpage
-sane-backends
-shim-unsigned-*64
-systemd-oomd-defaults
-telnet
-xane-gimp
-xsane
%end

63
live/8/x86_64/prod/rocky-live-mate.ks Normal file
View File

@ -0,0 +1,63 @@
# rocky-live-kde.ks
# BROKEN
%include rocky-live-base-spin.ks
%include rocky-live-mate-common.ks
part / --size 8192
%post
# mate configuration
cat >> /etc/rc.d/init.d/livesys << EOF
# make the installer show up
if [ -f /usr/share/applications/liveinst.desktop ]; then
# Show harddisk install in shell dash
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop ""
fi
mkdir /home/liveuser/Desktop
cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop
chmod +x /home/liveuser/Desktop/liveinst.desktop
# move to anaconda - probably not required for MATE.
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
if [ -f /usr/share/anaconda/gnome/fedora-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
cp /usr/share/anaconda/gnome/fedora-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/fedora-welcome.desktop ~liveuser/.config/autostart/
fi
# rebuild schema cache with any overrides we installed
glib-compile-schemas /usr/share/glib-2.0/schemas
# set up lightdm autologin
sed -i 's/^#autologin-user=.*/autologin-user=liveuser/' /etc/lightdm/lightdm.conf
sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
sed -i 's/^#show-language-selector=.*/show-language-selector=true/' /etc/lightdm/lightdm-gtk-greeter.conf
# set MATE as default session, otherwise login will fail
sed -i 's/^#user-session=.*/user-session=mate/' /etc/lightdm/lightdm.conf
# Turn off PackageKit-command-not-found while uninstalled
if [ -f /etc/PackageKit/CommandNotFound.conf ]; then
sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
fi
# The updater applet might or might not exist
rm -f /etc/xdg/autostart/org.mageia.dnfdragora-updater.desktop
# reset selinux contexts
chown -R liveuser:liveuser /home/liveuser/
restorecon -R /home/liveuser/
restorecon -R /
EOF
# this doesn't come up automatically. not sure why.
systemctl enable --force lightdm.service
# CRB needs to be enabled for EPEL to function.
dnf config-manager --set-enabled powertools
%end

0
live/8/rocky-live-minimization.ks → live/8/x86_64/prod/rocky-live-minimization.ks
View File

101
live/8/x86_64/prod/rocky-live-workstation-lite.ks Normal file
View File

@ -0,0 +1,101 @@
# Maintained by Release Engineering
# mailto:releng@rockylinux.org
%include rocky-live-base.ks
%include rocky-workstation-common-lite.ks
#
# Disable this for now as packagekit is causing compose failures
# by leaving a gpg-agent around holding /dev/null open.
#
#include snippets/packagekit-cached-metadata.ks
part / --size 6656
%post
cat >> /etc/rc.d/init.d/livesys << EOF
# disable gnome-software automatically downloading updates
cat >> /usr/share/glib-2.0/schemas/org.gnome.software.gschema.override << FOE
[org.gnome.software]
download-updates=false
FOE
# don't autostart gnome-software session service
rm -f /etc/xdg/autostart/gnome-software-service.desktop
# disable the gnome-software shell search provider
cat >> /usr/share/gnome-shell/search-providers/org.gnome.Software-search-provider.ini << FOE
DefaultDisabled=true
FOE
# don't run gnome-initial-setup
mkdir ~liveuser/.config
touch ~liveuser/.config/gnome-initial-setup-done
# suppress anaconda spokes redundant with gnome-initial-setup
cat >> /etc/sysconfig/anaconda << FOE
[NetworkSpoke]
visited=1
[PasswordSpoke]
visited=1
[UserSpoke]
visited=1
FOE
# make the installer show up
if [ -f /usr/share/applications/liveinst.desktop ]; then
# Show harddisk install in shell dash
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop ""
# need to move it to anaconda.desktop to make shell happy
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
cat >> /usr/share/glib-2.0/schemas/org.gnome.shell.gschema.override << FOE
[org.gnome.shell]
favorite-apps=['firefox.desktop', 'evolution.desktop', 'rhythmbox.desktop', 'shotwell.desktop', 'org.gnome.Nautilus.desktop', 'anaconda.desktop']
FOE
# Make the welcome screen show up
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/anaconda.desktop
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# Copy Anaconda branding in place
if [ -d /usr/share/lorax/product/usr/share/anaconda ]; then
cp -a /usr/share/lorax/product/* /
fi
fi
# rebuild schema cache with any overrides we installed
glib-compile-schemas /usr/share/glib-2.0/schemas
# set up auto-login
cat > /etc/gdm/custom.conf << FOE
[daemon]
AutomaticLoginEnable=True
AutomaticLogin=liveuser
FOE
# Turn off PackageKit-command-not-found while uninstalled
if [ -f /etc/PackageKit/CommandNotFound.conf ]; then
sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
fi
# make sure to set the right permissions and selinux contexts
chown -R liveuser:liveuser /home/liveuser/
restorecon -R /home/liveuser/
restorecon -R /
EOF
%end

6
live/8/rocky-live-workstation.ks → live/8/x86_64/prod/rocky-live-workstation.ks
View File

@ -61,9 +61,9 @@ FOE
# Make the welcome screen show up
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/anaconda.desktop
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/

6
live/8/rocky-live-xfce-common.ks → live/8/x86_64/prod/rocky-live-xfce-common.ks
View File

@ -17,8 +17,7 @@ ristretto
seahorse
transmission
pcp-selinux
sddm
#lightdm
lightdm
#gdm
-gdm
-gnome-shell
@ -44,6 +43,7 @@ xfce4-pulseaudio-plugin
xfce4-battery-plugin
xfce4-datetime-plugin
xfce4-netload-plugin
xfce4-notifyd
xfce4-places-plugin
xfce4-screenshooter-plugin
xfce4-smartbookmark-plugin
@ -56,6 +56,8 @@ xfdashboard-themes
pavucontrol
wget
xdg-user-dirs
xdg-user-dirs-gtk
# save some space
-autofs

51
live/8/rocky-live-xfce.ks → live/8/x86_64/prod/rocky-live-xfce.ks
View File

@ -13,12 +13,16 @@ part / --size 6144
cat > /etc/sysconfig/desktop <<EOF
PREFERRED=/usr/bin/startxfce4
DISPLAYMANAGER=/usr/sbin/sddm
DISPLAYMANAGER=/usr/sbin/lightdm
EOF
cat >> /etc/rc.d/init.d/livesys << EOF
mkdir -p /home/liveuser/.config/xfce4
# ugly stuff, this should give us a default background for now
mkdir -p /usr/share/backgrounds/images
ln -s /usr/share/backgrounds/f32/default/f32.png \
/usr/share/backgrounds/images/default.png
cat > /home/liveuser/.config/xfce4/helpers.rc << FOE
MailReader=sylpheed-claws
@ -41,38 +45,30 @@ mkdir -p /home/liveuser/.config/xfce4/xfconf/xfce-perchannel-xml
cp /etc/xdg/xfce4/panel/default.xml /home/liveuser/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
# set up lightdm autologin
#sed -i 's/^#autologin-user=.*/autologin-user=liveuser/' /etc/lightdm/lightdm.conf
#sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
#sed -i 's/^#show-language-selector=.*/show-language-selector=true/' /etc/lightdm/lightdm-gtk-greeter.conf
sed -i 's/^#autologin-user=.*/autologin-user=liveuser/' /etc/lightdm/lightdm.conf
sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
sed -i 's/^#show-language-selector=.*/show-language-selector=true/' /etc/lightdm/lightdm-gtk-greeter.conf
# set Xfce as default session, otherwise login will fail
#sed -i 's/^#user-session=.*/user-session=xfce/' /etc/lightdm/lightdm.conf
# lightdm does not install on EL8 properly
# set up autologin for user liveuser
if [ -f /etc/sddm.conf ]; then
sed -i 's/^#User=.*/User=liveuser/' /etc/sddm.conf
sed -i "s/^#Session=.*/Session=xfce/" /etc/sddm.conf
else
cat > /etc/sddm.conf << SDDM_EOF
[Autologin]
User=liveuser
Session=xfce
SDDM_EOF
fi
sed -i 's/^#user-session=.*/user-session=xfce/' /etc/lightdm/lightdm.conf
# debrand
sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/liveinst.desktop
# Show harddisk install on the desktop
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop
mkdir /home/liveuser/Desktop
cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop
cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop/
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# no updater applet in live environment
rm -f /etc/xdg/autostart/org.mageia.dnfdragora-updater.desktop
@ -80,6 +76,13 @@ rm -f /etc/xdg/autostart/org.mageia.dnfdragora-updater.desktop
# and mark it as executable (new Xfce security feature)
chmod +x /home/liveuser/Desktop/liveinst.desktop
cat > ~liveuser/.profile << PROFILE_EOF
export XDG_DATA_DIRS="\\\${XDG_DATA_DIRS}:\\\${HOME}/Desktop"
PROFILE_EOF
# move to anaconda - probably not required for XFCE.
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
# this goes at the end after all other changes.
chown -R liveuser:liveuser /home/liveuser
restorecon -R /home/liveuser
@ -87,7 +90,7 @@ restorecon -R /home/liveuser
EOF
# this doesn't come up automatically. not sure why.
systemctl enable sddm.service
systemctl enable --force lightdm.service
dnf config-manager --set-enabled powertools
%end

13
live/8/rocky-repo-epel.ks → live/8/x86_64/prod/rocky-repo-epel.ks
View File

@ -1,18 +1,15 @@
# These should change based on the major/minor release
# Deps repo, there are some anaconda packages that are *not* available by default
repo --name=livedeps --includepkgs=anaconda-live --cost=500 --baseurl=https://kojidev.rockylinux.org/kojifiles/repos/dist-rocky8_4-updates-build/latest/$basearch/
#repo --name=livedeps --includepkgs=anaconda-live,rocky-logos,rocky-logos-httpd,rocky-backgrounds,rocky-logos-ipa --cost=500 --baseurl=http://10.100.0.1/pub/deps
# Base repos
repo --name=BaseOS --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8.4/BaseOS/$basearch/os/
repo --name=AppStream --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8.4/AppStream/$basearch/os/
repo --name=PowerTools --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8.4/PowerTools/$basearch/os/
repo --name=BaseOS --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8/BaseOS/$basearch/os/
repo --name=AppStream --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8/AppStream/$basearch/os/
repo --name=PowerTools --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8/PowerTools/$basearch/os/
repo --name=extras --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8/extras/$basearch/os
# EPEL (required for KDE and XFCE)
repo --name=epel --cost=200 --baseurl=https://dl.fedoraproject.org/pub/epel/8/Everything/$basearch/
repo --name=epel-modular --cost=200 --baseurl=https://dl.fedoraproject.org/pub/epel/8/Modular/$basearch/
# URL to the base os repo
url --url=http://dl.rockylinux.org/pub/rocky/8.4/BaseOS/$basearch/os/
url --url=http://dl.rockylinux.org/pub/rocky/8/BaseOS/$basearch/os/
#url --url=http://10.100.0.1/pub/deps

10
live/8/x86_64/prod/rocky-repo.ks Normal file
View File

@ -0,0 +1,10 @@
# These should change based on the major/minor release
# Base repos
repo --name=BaseOS --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8/BaseOS/$basearch/os/
repo --name=AppStream --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8/AppStream/$basearch/os/
repo --name=PowerTools --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8/PowerTools/$basearch/os/
repo --name=extras --cost=200 --baseurl=http://dl.rockylinux.org/pub/rocky/8/extras/$basearch/os
# URL to the base os repo
url --url=http://dl.rockylinux.org/pub/rocky/8/BaseOS/$basearch/os/

30
live/8/x86_64/prod/rocky-workstation-common-lite.ks Normal file
View File

@ -0,0 +1,30 @@
%packages
# Exclude unwanted groups that rocky-live-base.ks pulls in
-@dial-up
-@input-methods
-@standard
# Make sure to sync any additions / removals done here with
# workstation-product-environment in comps
@base-x
@core
@fonts
@gnome-desktop
@guest-desktop-agents
@hardware-support
@internet-browser
@networkmanager-submodules
# Libreoffice
libreoffice-calc
libreoffice-emailmerge
libreoffice-graphicfilter
libreoffice-impress
libreoffice-writer
# Exclude unwanted packages from @anaconda-tools group
-gfs2-utils
-reiserfs-utils
%end

32
live/8/x86_64/prod/rocky-workstation-common.ks Normal file
View File

@ -0,0 +1,32 @@
%packages
# Exclude unwanted groups that rocky-live-base.ks pulls in
-@dial-up
-@input-methods
-@standard
# Make sure to sync any additions / removals done here with
# workstation-product-environment in comps
@base-x
@core
@fonts
@gnome-desktop
@guest-desktop-agents
@hardware-support
@internet-browser
@multimedia
@networkmanager-submodules
@workstation-product
# Libreoffice
libreoffice-calc
libreoffice-emailmerge
libreoffice-graphicfilter
libreoffice-impress
libreoffice-writer
# Exclude unwanted packages from @anaconda-tools group
-gfs2-utils
-reiserfs-utils
%end

355
live/8/x86_64/stage/mainline/rocky-live-base.ks Normal file
View File

@ -0,0 +1,355 @@
# rocky-live-base.ks
#
# Base installation information for Rocky Linux images
#
lang en_US.UTF-8
keyboard us
timezone US/Eastern
selinux --enforcing
firewall --enabled --service=mdns
xconfig --startxonboot
zerombr
clearpart --all
part / --size 5120 --fstype ext4
services --enabled=NetworkManager,ModemManager --disabled=sshd
network --bootproto=dhcp --device=link --activate
rootpw --lock --iscrypted locked
shutdown
%include rocky-repo-mainline.ks
%packages
@base-x
@guest-desktop-agents
@standard
@core
@fonts
@input-methods
@dial-up
@multimedia
@hardware-support
# explicit
elrepo-release
kernel-ml
kernel-ml-modules
kernel-ml-modules-extra
memtest86+
anaconda
anaconda-install-env-deps
anaconda-live
@anaconda-tools
# Required for SVG rnotes images
aajohan-comfortaa-fonts
# RHBZ#1242586 - Required for initramfs creation
dracut-live
syslinux
# Anaconda needs all the locales available, just like a DVD installer
glibc-all-langpacks
# This isn't in @core anymore, but livesys still needs it
initscripts
chkconfig
%end
%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/livesys << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
### BEGIN INIT INFO
# X-Start-Before: display-manager chronyd
### END INIT INFO
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
exit 0
fi
if [ -e /.liveimg-configured ] ; then
configdone=1
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
livedir="LiveOS"
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
livedir=\${arg##rd.live.dir=}
continue
fi
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
livedir=\${arg##live_dir=}
fi
done
# Enable swap unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
for s in \$swaps ; do
action "Enabling swap partition \$s" swapon \$s
done
fi
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
fi
# Support for persistent homes
mountPersistentHome() {
# support label/uuid
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
fi
# if we're given a file rather than a blockdev, loopback it
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
# mtd devs don't have a block device but get magic-mounted with -t jffs2
mountopts="-t jffs2"
elif [ ! -b "\$homedev" ]; then
loopdev=\`losetup -f\`
if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
fi
losetup \$loopdev \$homedev
homedev=\$loopdev
fi
# if it's encrypted, we need to unlock it
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
echo
echo "Setting up encrypted /home device"
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
homedev=/dev/mapper/EncHome
fi
# and finally do the mount
mount \$mountopts \$homedev /home
# if we have /home under what's passed for persistent home, then
# we should make that the real /home. useful for mtd device on olpc
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
[ -x /sbin/restorecon ] && /sbin/restorecon /home
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}
# Help locate persistent homes
findPersistentHome() {
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
homedev=\${arg##persistenthome=}
fi
done
}
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
findPersistentHome
elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
homedev=/run/initramfs/live/\${livedir}/home.img
fi
# Mount the persistent home if it's available
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
action "Mounting persistent /home" mountPersistentHome
fi
if [ -n "\$configdone" ]; then
exit 0
fi
# Create the liveuser (no password) so automatic logins and sudo works
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
passwd -d liveuser > /dev/null
usermod -aG wheel liveuser > /dev/null
# Same for root
passwd -d root > /dev/null
# Turn off firstboot (similar to a DVD/minimal install, where it asks
# for the user to accept the EULA before bringing up a TTY)
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
systemctl stop firstboot-text.service 2> /dev/null || :
systemctl stop firstboot-graphical.service 2> /dev/null || :
# Prelinking damages the images
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
# Turn off mdmonitor by default
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
systemctl stop mdmonitor.service 2> /dev/null || :
systemctl stop mdmonitor-takeover.service 2> /dev/null || :
# Even if there isn't gnome, this doesn't hurt.
gsettings set org.gnome.software download-updates 'false' || :
# Disable cron
systemctl --no-reload disable crond.service 2> /dev/null || :
systemctl --no-reload disable atd.service 2> /dev/null || :
systemctl stop crond.service 2> /dev/null || :
systemctl stop atd.service 2> /dev/null || :
# Disable abrt
systemctl --no-reload disable abrtd.service 2> /dev/null || :
systemctl stop abrtd.service 2> /dev/null || :
# Don't sync the system clock when running live (RHBZ #1018162)
sed -i 's/rtcsync//' /etc/chrony.conf
# Mark things as configured
touch /.liveimg-configured
# add static hostname to work around xauth bug
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
# the hostname must be something else than 'localhost'
# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
echo "localhost" > /etc/hostname
EOF
# HAL likes to start late.
cat > /etc/rc.d/init.d/livesys-late << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
exit 0
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-late-configured
# Read some stuff out of the kernel cmdline
for o in \`cat /proc/cmdline\` ; do
case \$o in
ks=*)
ks="--kickstart=\${o#ks=}"
;;
xdriver=*)
xdriver="\${o#xdriver=}"
;;
esac
done
# If liveinst or textinst is given, start installer
if strstr "\`cat /proc/cmdline\`" liveinst ; then
plymouth --quit
/usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
plymouth --quit
/usr/sbin/liveinst --text \$ks
fi
# Configure X, allowing user to override xdriver
if [ -n "\$xdriver" ]; then
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
Section "Device"
Identifier "Videocard0"
Driver "\$xdriver"
EndSection
FOE
fi
EOF
chmod 755 /etc/rc.d/init.d/livesys
/sbin/restorecon /etc/rc.d/init.d/livesys
/sbin/chkconfig --add livesys
chmod 755 /etc/rc.d/init.d/livesys-late
/sbin/restorecon /etc/rc.d/init.d/livesys-late
/sbin/chkconfig --add livesys-late
# Enable tmpfs for /tmp - this is a good idea
systemctl enable tmp.mount
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
cat >> /etc/fstab << EOF
vartmp /var/tmp tmpfs defaults 0 0
EOF
# PackageKit likes to play games. Let's fix that.
rm -f /var/lib/rpm/__db*
releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
basearch=$(uname -i)
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
echo "Packages within this LiveCD"
rpm -qa
# Note that running rpm recreates the rpm db files which aren't needed or wanted
rm -f /var/lib/rpm/__db*
# go ahead and pre-make the man -k cache (#455968)
/usr/bin/mandb
# make sure there aren't core files lying around
rm -f /core*
# remove random seed, the newly installed instance should make it's own
rm -f /var/lib/systemd/random-seed
# convince readahead not to collect
# FIXME: for systemd
echo 'File created by kickstart. See systemd-update-done.service(8).' \
| tee /etc/.updated >/var/.updated
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
# See bug 1317709
rm -f /boot/*-rescue*
# Disable network service here, as doing it in the services line
# fails due to RHBZ #1369794 - the error is expected
/sbin/chkconfig network off
# Remove machine-id on generated images
rm -f /etc/machine-id
touch /etc/machine-id
%end
%post --nochroot
cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
# This only works on x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
# For livecd-creator builds
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
# For lorax/livemedia-creator builds
sed -i '
/## make boot.iso/ i\
# Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
<% f = "usr/bin/livecd-iso-to-disk" %>\
%if exists(f):\
install ${f} ${LIVEDIR}/${f|basename}\
%endif\
' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
fi
%end

107
live/8/x86_64/stage/mainline/rocky-live-workstation.ks Normal file
View File

@ -0,0 +1,107 @@
# Maintained by Release Engineering
# mailto:releng@rockylinux.org
%include rocky-live-base.ks
%include rocky-workstation-common.ks
#
# Disable this for now as packagekit is causing compose failures
# by leaving a gpg-agent around holding /dev/null open.
#
#include snippets/packagekit-cached-metadata.ks
part / --size 6656
%post
cat >> /etc/rc.d/init.d/livesys << EOF
# disable gnome-software automatically downloading updates
cat >> /usr/share/glib-2.0/schemas/org.gnome.software.gschema.override << FOE
[org.gnome.software]
download-updates=false
FOE
# don't autostart gnome-software session service
rm -f /etc/xdg/autostart/gnome-software-service.desktop
# disable the gnome-software shell search provider
cat >> /usr/share/gnome-shell/search-providers/org.gnome.Software-search-provider.ini << FOE
DefaultDisabled=true
FOE
# don't run gnome-initial-setup
mkdir ~liveuser/.config
touch ~liveuser/.config/gnome-initial-setup-done
# suppress anaconda spokes redundant with gnome-initial-setup
cat >> /etc/sysconfig/anaconda << FOE
[NetworkSpoke]
visited=1
[PasswordSpoke]
visited=1
[UserSpoke]
visited=1
FOE
# make the installer show up
if [ -f /usr/share/applications/liveinst.desktop ]; then
# Show harddisk install in shell dash
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop ""
# need to move it to anaconda.desktop to make shell happy
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
cat >> /usr/share/glib-2.0/schemas/org.gnome.shell.gschema.override << FOE
[org.gnome.shell]
favorite-apps=['firefox.desktop', 'evolution.desktop', 'rhythmbox.desktop', 'shotwell.desktop', 'org.gnome.Nautilus.desktop', 'anaconda.desktop']
FOE
# Make the welcome screen show up
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/anaconda.desktop
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# Copy Anaconda branding in place
if [ -d /usr/share/lorax/product/usr/share/anaconda ]; then
cp -a /usr/share/lorax/product/* /
fi
fi
# rebuild schema cache with any overrides we installed
glib-compile-schemas /usr/share/glib-2.0/schemas
# set up auto-login
cat > /etc/gdm/custom.conf << FOE
[daemon]
AutomaticLoginEnable=True
AutomaticLogin=liveuser
FOE
# Turn off PackageKit-command-not-found while uninstalled
if [ -f /etc/PackageKit/CommandNotFound.conf ]; then
sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
fi
# switch default kernel
sed -i 's/DEFAULTKERNEL=kernel/DEFAULTKERNEL=kernel-ml/g' /etc/sysconfig/kernel
# enable elrepo kernel
dnf config-manager --set-enabled elrepo-kernel
# make sure to set the right permissions and selinux contexts
chown -R liveuser:liveuser /home/liveuser/
restorecon -R /home/liveuser/
restorecon -R /
EOF
%end

14
live/8/x86_64/stage/mainline/rocky-repo-mainline.ks Normal file
View File

@ -0,0 +1,14 @@
# These should change based on the major/minor release
# Deps repo, there are some anaconda packages that are *not* available by default
repo --name=BaseOS --cost=200 --baseurl=http://dl.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
repo --name=AppStream --cost=200 --baseurl=http://dl.rockylinux.org/stg/rocky/8/AppStream/$basearch/os/
repo --name=PowerTools --cost=200 --baseurl=http://dl.rockylinux.org/stg/rocky/8/PowerTools/$basearch/os/
repo --name=extras --cost=200 --baseurl=http://dl.rockylinux.org/stg/rocky/8/extras/$basearch/os
# ELRepo
repo --name="elrepo-kernel" --baseurl=https://elrepo.org/linux/kernel/el8/$basearch/ --cost=200
# URL to the base os repo
url --url=http://dl.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
#url --url=http://10.100.0.1/pub/deps

32
live/8/x86_64/stage/mainline/rocky-workstation-common.ks Normal file
View File

@ -0,0 +1,32 @@
%packages
# Exclude unwanted groups that rocky-live-base.ks pulls in
-@dial-up
-@input-methods
-@standard
# Make sure to sync any additions / removals done here with
# workstation-product-environment in comps
@base-x
@core
@fonts
@gnome-desktop
@guest-desktop-agents
@hardware-support
@internet-browser
@multimedia
@networkmanager-submodules
@workstation-product
# Libreoffice
libreoffice-calc
libreoffice-emailmerge
libreoffice-graphicfilter
libreoffice-impress
libreoffice-writer
# Exclude unwanted packages from @anaconda-tools group
-gfs2-utils
-reiserfs-utils
%end

360
live/8/x86_64/stage/rocky-live-base-spin.ks Normal file
View File

@ -0,0 +1,360 @@
# rocky-live-base-spin.ks
#
# Base installation information for Rocky Linux images
# Contains EPEL.
#
lang en_US.UTF-8
keyboard us
timezone US/Eastern
selinux --enforcing
firewall --enabled --service=mdns
xconfig --startxonboot
zerombr
clearpart --all
part / --size 5120 --fstype ext4
services --enabled=NetworkManager,ModemManager --disabled=sshd
network --bootproto=dhcp --device=link --activate
rootpw --lock --iscrypted locked
shutdown
%include rocky-repo-epel.ks
%packages
@base-x
@guest-desktop-agents
@standard
@core
@fonts
@input-methods
@dial-up
@multimedia
@hardware-support
# explicit
kernel
kernel-modules
kernel-modules-extra
memtest86+
anaconda
anaconda-install-env-deps
anaconda-live
@anaconda-tools
# Required for SVG rnotes images
aajohan-comfortaa-fonts
# RHBZ#1242586 - Required for initramfs creation
dracut-live
syslinux
# Anaconda needs all the locales available, just like a DVD installer
glibc-all-langpacks
# no longer in @core since 2018-10, but needed for livesys script
initscripts
chkconfig
# absolutely required - don't want a system that can't actually update
epel-release
%end
%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/livesys << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
### BEGIN INIT INFO
# X-Start-Before: display-manager chronyd
### END INIT INFO
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
exit 0
fi
if [ -e /.liveimg-configured ] ; then
configdone=1
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
livedir="LiveOS"
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
livedir=\${arg##rd.live.dir=}
continue
fi
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
livedir=\${arg##live_dir=}
fi
done
# Enable swap unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
for s in \$swaps ; do
action "Enabling swap partition \$s" swapon \$s
done
fi
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
fi
# Support for persistent homes
mountPersistentHome() {
# support label/uuid
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
fi
# if we're given a file rather than a blockdev, loopback it
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
# mtd devs don't have a block device but get magic-mounted with -t jffs2
mountopts="-t jffs2"
elif [ ! -b "\$homedev" ]; then
loopdev=\`losetup -f\`
if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
fi
losetup \$loopdev \$homedev
homedev=\$loopdev
fi
# if it's encrypted, we need to unlock it
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
echo
echo "Setting up encrypted /home device"
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
homedev=/dev/mapper/EncHome
fi
# and finally do the mount
mount \$mountopts \$homedev /home
# if we have /home under what's passed for persistent home, then
# we should make that the real /home. useful for mtd device on olpc
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
[ -x /sbin/restorecon ] && /sbin/restorecon /home
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}
# Help locate persistent homes
findPersistentHome() {
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
homedev=\${arg##persistenthome=}
fi
done
}
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
findPersistentHome
elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
homedev=/run/initramfs/live/\${livedir}/home.img
fi
# Mount the persistent home if it's available
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
action "Mounting persistent /home" mountPersistentHome
fi
if [ -n "\$configdone" ]; then
exit 0
fi
# Create the liveuser (no password) so automatic logins and sudo works
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
passwd -d liveuser > /dev/null
usermod -aG wheel liveuser > /dev/null
# Same for root
passwd -d root > /dev/null
# Turn off firstboot (similar to a DVD/minimal install, where it asks
# for the user to accept the EULA before bringing up a TTY)
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
systemctl stop firstboot-text.service 2> /dev/null || :
systemctl stop firstboot-graphical.service 2> /dev/null || :
# Prelinking damages the images
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
# Turn off mdmonitor by default
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
systemctl stop mdmonitor.service 2> /dev/null || :
systemctl stop mdmonitor-takeover.service 2> /dev/null || :
# Even if there isn't gnome, this doesn't hurt.
gsettings set org.gnome.software download-updates 'false' || :
# Disable cron
systemctl --no-reload disable crond.service 2> /dev/null || :
systemctl --no-reload disable atd.service 2> /dev/null || :
systemctl stop crond.service 2> /dev/null || :
systemctl stop atd.service 2> /dev/null || :
# Disable abrt
systemctl --no-reload disable abrtd.service 2> /dev/null || :
systemctl stop abrtd.service 2> /dev/null || :
# Don't sync the system clock when running live (RHBZ #1018162)
sed -i 's/rtcsync//' /etc/chrony.conf
# Mark things as configured
touch /.liveimg-configured
# add static hostname to work around xauth bug
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
# the hostname must be something else than 'localhost'
# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
echo "localhost" > /etc/hostname
EOF
# HAL likes to start late.
cat > /etc/rc.d/init.d/livesys-late << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
exit 0
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-late-configured
# Read some stuff out of the kernel cmdline
for o in \`cat /proc/cmdline\` ; do
case \$o in
ks=*)
ks="--kickstart=\${o#ks=}"
;;
xdriver=*)
xdriver="\${o#xdriver=}"
;;
esac
done
# If liveinst or textinst is given, start installer
if strstr "\`cat /proc/cmdline\`" liveinst ; then
plymouth --quit
/usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
plymouth --quit
/usr/sbin/liveinst --text \$ks
fi
# Configure X, allowing user to override xdriver
if [ -n "\$xdriver" ]; then
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
Section "Device"
Identifier "Videocard0"
Driver "\$xdriver"
EndSection
FOE
fi
EOF
chmod 755 /etc/rc.d/init.d/livesys
/sbin/restorecon /etc/rc.d/init.d/livesys
/sbin/chkconfig --add livesys
chmod 755 /etc/rc.d/init.d/livesys-late
/sbin/restorecon /etc/rc.d/init.d/livesys-late
/sbin/chkconfig --add livesys-late
# Enable tmpfs for /tmp - this is a good idea
systemctl enable tmp.mount
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
cat >> /etc/fstab << EOF
vartmp /var/tmp tmpfs defaults 0 0
EOF
# PackageKit likes to play games. Let's fix that.
rm -f /var/lib/rpm/__db*
releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
basearch=$(uname -i)
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
echo "Packages within this LiveCD"
rpm -qa
# Note that running rpm recreates the rpm db files which aren't needed or wanted
rm -f /var/lib/rpm/__db*
# go ahead and pre-make the man -k cache (#455968)
/usr/bin/mandb
# make sure there aren't core files lying around
rm -f /core*
# remove random seed, the newly installed instance should make it's own
rm -f /var/lib/systemd/random-seed
# convince readahead not to collect
# FIXME: for systemd
echo 'File created by kickstart. See systemd-update-done.service(8).' \
| tee /etc/.updated >/var/.updated
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
# See bug 1317709
rm -f /boot/*-rescue*
# Disable network service here, as doing it in the services line
# fails due to RHBZ #1369794 - the error is expected
/sbin/chkconfig network off
# Remove machine-id on generated images
rm -f /etc/machine-id
touch /etc/machine-id
/usr/sbin/fixfiles -R -a restore
%end
%post --nochroot
cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
# only works on x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
# For livecd-creator builds
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
# For lorax/livemedia-creator builds
sed -i '
/## make boot.iso/ i\
# Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
<% f = "usr/bin/livecd-iso-to-disk" %>\
%if exists(f):\
install ${f} ${LIVEDIR}/${f|basename}\
%endif\
' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
fi
%end

356
live/8/x86_64/stage/rocky-live-base.ks Normal file
View File

@ -0,0 +1,356 @@
# rocky-live-base.ks
#
# Base installation information for Rocky Linux images
#
lang en_US.UTF-8
keyboard us
timezone US/Eastern
selinux --enforcing
firewall --enabled --service=mdns
xconfig --startxonboot
zerombr
clearpart --all
part / --size 5120 --fstype ext4
services --enabled=NetworkManager,ModemManager --disabled=sshd
network --bootproto=dhcp --device=link --activate
rootpw --lock --iscrypted locked
shutdown
%include rocky-repo.ks
%packages
@base-x
@guest-desktop-agents
@standard
@core
@fonts
@input-methods
@dial-up
@multimedia
@hardware-support
# explicit
kernel
kernel-modules
kernel-modules-extra
memtest86+
anaconda
anaconda-install-env-deps
anaconda-live
@anaconda-tools
# Required for SVG rnotes images
aajohan-comfortaa-fonts
# RHBZ#1242586 - Required for initramfs creation
dracut-live
syslinux
# Anaconda needs all the locales available, just like a DVD installer
glibc-all-langpacks
# This isn't in @core anymore, but livesys still needs it
initscripts
chkconfig
%end
%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/livesys << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
### BEGIN INIT INFO
# X-Start-Before: display-manager chronyd
### END INIT INFO
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
exit 0
fi
if [ -e /.liveimg-configured ] ; then
configdone=1
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
livedir="LiveOS"
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
livedir=\${arg##rd.live.dir=}
continue
fi
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
livedir=\${arg##live_dir=}
fi
done
# Enable swap unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
for s in \$swaps ; do
action "Enabling swap partition \$s" swapon \$s
done
fi
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
fi
# Support for persistent homes
mountPersistentHome() {
# support label/uuid
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
fi
# if we're given a file rather than a blockdev, loopback it
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
# mtd devs don't have a block device but get magic-mounted with -t jffs2
mountopts="-t jffs2"
elif [ ! -b "\$homedev" ]; then
loopdev=\`losetup -f\`
if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
fi
losetup \$loopdev \$homedev
homedev=\$loopdev
fi
# if it's encrypted, we need to unlock it
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
echo
echo "Setting up encrypted /home device"
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
homedev=/dev/mapper/EncHome
fi
# and finally do the mount
mount \$mountopts \$homedev /home
# if we have /home under what's passed for persistent home, then
# we should make that the real /home. useful for mtd device on olpc
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
[ -x /sbin/restorecon ] && /sbin/restorecon /home
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}
# Help locate persistent homes
findPersistentHome() {
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
homedev=\${arg##persistenthome=}
fi
done
}
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
findPersistentHome
elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
homedev=/run/initramfs/live/\${livedir}/home.img
fi
# Mount the persistent home if it's available
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
action "Mounting persistent /home" mountPersistentHome
fi
if [ -n "\$configdone" ]; then
exit 0
fi
# Create the liveuser (no password) so automatic logins and sudo works
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
passwd -d liveuser > /dev/null
usermod -aG wheel liveuser > /dev/null
# Same for root
passwd -d root > /dev/null
# Turn off firstboot (similar to a DVD/minimal install, where it asks
# for the user to accept the EULA before bringing up a TTY)
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
systemctl stop firstboot-text.service 2> /dev/null || :
systemctl stop firstboot-graphical.service 2> /dev/null || :
# Prelinking damages the images
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
# Turn off mdmonitor by default
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
systemctl stop mdmonitor.service 2> /dev/null || :
systemctl stop mdmonitor-takeover.service 2> /dev/null || :
# Even if there isn't gnome, this doesn't hurt.
gsettings set org.gnome.software download-updates 'false' || :
# Disable cron
systemctl --no-reload disable crond.service 2> /dev/null || :
systemctl --no-reload disable atd.service 2> /dev/null || :
systemctl stop crond.service 2> /dev/null || :
systemctl stop atd.service 2> /dev/null || :
# Disable abrt
systemctl --no-reload disable abrtd.service 2> /dev/null || :
systemctl stop abrtd.service 2> /dev/null || :
# Don't sync the system clock when running live (RHBZ #1018162)
sed -i 's/rtcsync//' /etc/chrony.conf
# Mark things as configured
touch /.liveimg-configured
# add static hostname to work around xauth bug
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
# the hostname must be something else than 'localhost'
# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
echo "localhost" > /etc/hostname
EOF
# HAL likes to start late.
cat > /etc/rc.d/init.d/livesys-late << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
exit 0
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-late-configured
# Read some stuff out of the kernel cmdline
for o in \`cat /proc/cmdline\` ; do
case \$o in
ks=*)
ks="--kickstart=\${o#ks=}"
;;
xdriver=*)
xdriver="\${o#xdriver=}"
;;
esac
done
# If liveinst or textinst is given, start installer
if strstr "\`cat /proc/cmdline\`" liveinst ; then
plymouth --quit
/usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
plymouth --quit
/usr/sbin/liveinst --text \$ks
fi
# Configure X, allowing user to override xdriver
if [ -n "\$xdriver" ]; then
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
Section "Device"
Identifier "Videocard0"
Driver "\$xdriver"
EndSection
FOE
fi
EOF
chmod 755 /etc/rc.d/init.d/livesys
/sbin/restorecon /etc/rc.d/init.d/livesys
/sbin/chkconfig --add livesys
chmod 755 /etc/rc.d/init.d/livesys-late
/sbin/restorecon /etc/rc.d/init.d/livesys-late
/sbin/chkconfig --add livesys-late
# Enable tmpfs for /tmp - this is a good idea
systemctl enable tmp.mount
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
cat >> /etc/fstab << EOF
vartmp /var/tmp tmpfs defaults 0 0
EOF
# PackageKit likes to play games. Let's fix that.
rm -f /var/lib/rpm/__db*
releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
basearch=$(uname -i)
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
echo "Packages within this LiveCD"
rpm -qa
# Note that running rpm recreates the rpm db files which aren't needed or wanted
rm -f /var/lib/rpm/__db*
# go ahead and pre-make the man -k cache (#455968)
/usr/bin/mandb
# make sure there aren't core files lying around
rm -f /core*
# remove random seed, the newly installed instance should make it's own
rm -f /var/lib/systemd/random-seed
# convince readahead not to collect
# FIXME: for systemd
echo 'File created by kickstart. See systemd-update-done.service(8).' \
| tee /etc/.updated >/var/.updated
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
# See bug 1317709
rm -f /boot/*-rescue*
# Disable network service here, as doing it in the services line
# fails due to RHBZ #1369794 - the error is expected
/sbin/chkconfig network off
# Remove machine-id on generated images
rm -f /etc/machine-id
touch /etc/machine-id
/usr/sbin/fixfiles -R -a restore
%end
%post --nochroot
cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
# This only works on x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
# For livecd-creator builds
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
# For lorax/livemedia-creator builds
sed -i '
/## make boot.iso/ i\
# Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
<% f = "usr/bin/livecd-iso-to-disk" %>\
%if exists(f):\
install ${f} ${LIVEDIR}/${f|basename}\
%endif\
' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
fi
%end

115
live/8/x86_64/stage/rocky-live-kde-base.ks Normal file
View File

@ -0,0 +1,115 @@
# Maintained by RelEng
%include rocky-live-base-spin.ks
%include rocky-live-kde-common.ks
%post
# set default GTK+ theme for root (see #683855, #689070, #808062)
cat > /root/.gtkrc-2.0 << EOF
include "/usr/share/themes/Adwaita/gtk-2.0/gtkrc"
include "/etc/gtk-2.0/gtkrc"
gtk-theme-name="Adwaita"
EOF
mkdir -p /root/.config/gtk-3.0
cat > /root/.config/gtk-3.0/settings.ini << EOF
[Settings]
gtk-theme-name = Adwaita
EOF
# add initscript
cat >> /etc/rc.d/init.d/livesys << EOF
# are we *not* able to use wayland sessions?
if strstr "\`cat /proc/cmdline\`" nomodeset ; then
PLASMA_SESSION_FILE="plasmax11.desktop"
else
PLASMA_SESSION_FILE="plasma.desktop"
fi
# set up autologin for user liveuser
if [ -f /etc/sddm.conf ]; then
sed -i 's/^#User=.*/User=liveuser/' /etc/sddm.conf
sed -i "s/^#Session=.*/Session=\${PLASMA_SESSION_FILE}/" /etc/sddm.conf
else
cat > /etc/sddm.conf << SDDM_EOF
[Autologin]
User=liveuser
Session=\${PLASMA_SESSION_FILE}
SDDM_EOF
fi
# add liveinst.desktop to favorites menu
mkdir -p /home/liveuser/.config/
cat > /home/liveuser/.config/kickoffrc << MENU_EOF
[Favorites]
FavoriteURLs=/usr/share/applications/firefox.desktop,/usr/share/applications/org.kde.dolphin.desktop,/usr/share/applications/systemsettings.desktop,/usr/share/applications/org.kde.konsole.desktop,/usr/share/applications/liveinst.desktop
MENU_EOF
# show liveinst.desktop on desktop and in menu
sed -i 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop
# debrand
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/liveinst.desktop
# set executable bit disable KDE security warning
chmod +x /usr/share/applications/liveinst.desktop
mkdir /home/liveuser/Desktop
cp -a /usr/share/applications/liveinst.desktop /home/liveuser/Desktop/
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# Set akonadi backend
mkdir -p /home/liveuser/.config/akonadi
cat > /home/liveuser/.config/akonadi/akonadiserverrc << AKONADI_EOF
[%General]
Driver=QSQLITE3
AKONADI_EOF
# Disable plasma-pk-updates if applicable
rpm -e plasma-pk-updates
# "Disable plasma-discover-notifier"
mkdir -p /home/liveuser/.config/autostart
cp -a /etc/xdg/autostart/org.kde.discover.notifier.desktop /home/liveuser/.config/autostart/
echo 'Hidden=true' >> /home/liveuser/.config/autostart/org.kde.discover.notifier.desktop
# Disable baloo
cat > /home/liveuser/.config/baloofilerc << BALOO_EOF
[Basic Settings]
Indexing-Enabled=false
BALOO_EOF
mkdir -p ~liveuser/.kde/share/config/
# Disable kres-migrator
cat > /home/liveuser/.kde/share/config/kres-migratorrc << KRES_EOF
[Migration]
Enabled=false
KRES_EOF
# Disable kwallet migrator
cat > /home/liveuser/.config/kwalletrc << KWALLET_EOL
[Migration]
alreadyMigrated=true
KWALLET_EOL
# make sure to set the right permissions and selinux contexts
chown -R liveuser:liveuser /home/liveuser/
restorecon -R /home/liveuser/
restorecon -R /
EOF
systemctl enable --force sddm.service
dnf config-manager --set-enabled powertools
%end

81
live/8/x86_64/stage/rocky-live-kde-common.ks Normal file
View File

@ -0,0 +1,81 @@
%packages
# install env-group to resolve RhBug:1891500
@^kde-desktop-environment
@firefox
@kde-apps
@kde-media
# Libreoffice
libreoffice-calc
libreoffice-emailmerge
libreoffice-graphicfilter
libreoffice-impress
libreoffice-writer
-@admin-tools
### The KDE-Desktop
### fixes
sddm
sddm-breeze
sddm-themes
sddm-kcm
# use kde-print-manager instead of system-config-printer
-system-config-printer
# make sure mariadb lands instead of MySQL (hopefully a temporary hack)
mariadb-embedded
mariadb-connector-c
mariadb-server
# minimal localization support - allows installing the kde-l10n-* packages
#system-config-language <- Not in EL8
#kde-l10n <- Not in EL8
# unwanted packages from @kde-desktop
# don't include these for now to fit on a cd
-desktop-backgrounds-basic
-kdeaccessibility*
-ktorrent # kget has also basic torrent features (~3 megs)
-digikam # digikam has duplicate functionality with gwenview (~28 megs)
-kipi-plugins # ~8 megs + drags in Marble
-krusader # ~4 megs
-k3b # ~15 megs
#-kdeplasma-addons # ~16 megs
# Additional packages that are not default in kde-* groups, but useful
#kdeartwork # only include some parts of kdeartwork
fuse
#mediawriter <-- Not in EL8
gjs
### space issues
# admin-tools
-gnome-disk-utility
# kcm_clock still lacks some features, so keep system-config-date around
#-system-config-date
# prefer kcm_systemd
-system-config-services
# prefer/use kusers
-system-config-users
# we need to keep epel-release, otherwise we can't update
epel-release
### MINIMIZATION ###
-mpage
-hplip
-isdn4k-utils
-xsane
-xsane-gimp
-@input-methods
-scim*
-iok
%end

6
live/8/x86_64/stage/rocky-live-kde-minimization.ks Normal file
View File

@ -0,0 +1,6 @@
# Remove a few things we don't need
%packages
-@input-methods
-scim*
-iok
%end

10
live/8/x86_64/stage/rocky-live-kde.ks Normal file
View File

@ -0,0 +1,10 @@
# rocky-live-kde.ks
# BROKEN
%include rocky-live-kde-base.ks
# DVD
part / --size=9000
%post
%end

138
live/8/x86_64/stage/rocky-live-mate-common.ks Normal file
View File

@ -0,0 +1,138 @@
%packages
NetworkManager-adsl
NetworkManager-bluetooth
NetworkManager-l2tp-gnome
NetworkManager-libreswan-gnome
NetworkManager-openconnect-gnome
NetworkManager-openvpn-gnome
NetworkManager-ovs
NetworkManager-ppp
NetworkManager-pptp-gnome
NetworkManager-team
NetworkManager-wifi
NetworkManager-wwan
atril
atril-caja
atril-thumbnailer
caja
caja-actions
dconf-editor
efi-filesystem
efibootmgr
efivar-libs
engrampa
eom
f36-backgrounds-extras-mate
f36-backgrounds-mate
filezilla
firefox
firewall-applet
firewall-config
gnome-disk-utility
gnome-epub-thumbnailer
gparted
grub2-common
grub2-efi-*64
grub2-efi-*64-cdboot
grub2-pc-modules
grub2-tools
grub2-tools-efi
grub2-tools-extra
grub2-tools-minimal
grubby
gstreamer1-plugins-ugly-free
gtk2-engines
gucharmap
gvfs-fuse
gvfs-gphoto2
gvfs-mtp
gvfs-smb
hexchat
initial-setup-gui
libmatekbd
libmatemixer
libmateweather
libreoffice-calc
libreoffice-emailmerge
libreoffice-graphicfilter
libreoffice-impress
libreoffice-writer
libsecret
lightdm
lm_sensors
marco
mate-applets
mate-backgrounds
mate-calc
mate-control-center
mate-desktop
mate-dictionary
mate-disk-usage-analyzer
mate-icon-theme
mate-media
mate-menus
mate-menus-preferences-category-menu
mate-notification-daemon
mate-panel
mate-polkit
mate-power-manager
mate-screensaver
mate-screenshot
mate-search-tool
mate-sensors-applet
mate-session-manager
mate-settings-daemon
mate-system-log
mate-system-monitor
mate-terminal
mate-themes
mate-user-admin
mate-user-guide
mate-utils
mozo
network-manager-applet
nm-connection-editor
orca
p7zip
p7zip-plugins
parole
pavucontrol
pipewire
pluma
pluma-plugins
rocky-backgrounds
seahorse
seahorse-caja
setroubleshoot
shim-*64
slick-greeter-mate
thunderbird
tigervnc
usermode-gtk
vim-enhanced
xdg-user-dirs-gtk
xmodmap
xrdb
yelp
gjs
-@3d-printing
-@admin-tools
-audacious
-brasero
-evolution-help
-fedora-icon-theme
-gnome-icon-theme
-gnome-icon-theme-symbolic
-gnome-logs
-gnome-software
-gnome-user-docs
-hplip
-isdn4k-utils
-mpage
-sane-backends
-shim-unsigned-*64
-systemd-oomd-defaults
-telnet
-xane-gimp
-xsane
%end

63
live/8/x86_64/stage/rocky-live-mate.ks Normal file
View File

@ -0,0 +1,63 @@
# rocky-live-kde.ks
# BROKEN
%include rocky-live-base-spin.ks
%include rocky-live-mate-common.ks
part / --size 8192
%post
# mate configuration
cat >> /etc/rc.d/init.d/livesys << EOF
# make the installer show up
if [ -f /usr/share/applications/liveinst.desktop ]; then
# Show harddisk install in shell dash
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop ""
fi
mkdir /home/liveuser/Desktop
cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop
chmod +x /home/liveuser/Desktop/liveinst.desktop
# move to anaconda - probably not required for MATE.
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
if [ -f /usr/share/anaconda/gnome/fedora-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
cp /usr/share/anaconda/gnome/fedora-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/fedora-welcome.desktop ~liveuser/.config/autostart/
fi
# rebuild schema cache with any overrides we installed
glib-compile-schemas /usr/share/glib-2.0/schemas
# set up lightdm autologin
sed -i 's/^#autologin-user=.*/autologin-user=liveuser/' /etc/lightdm/lightdm.conf
sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
sed -i 's/^#show-language-selector=.*/show-language-selector=true/' /etc/lightdm/lightdm-gtk-greeter.conf
# set MATE as default session, otherwise login will fail
sed -i 's/^#user-session=.*/user-session=mate/' /etc/lightdm/lightdm.conf
# Turn off PackageKit-command-not-found while uninstalled
if [ -f /etc/PackageKit/CommandNotFound.conf ]; then
sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
fi
# The updater applet might or might not exist
rm -f /etc/xdg/autostart/org.mageia.dnfdragora-updater.desktop
# reset selinux contexts
chown -R liveuser:liveuser /home/liveuser/
restorecon -R /home/liveuser/
restorecon -R /
EOF
# this doesn't come up automatically. not sure why.
systemctl enable --force lightdm.service
# CRB needs to be enabled for EPEL to function.
dnf config-manager --set-enabled powertools
%end

14
live/8/x86_64/stage/rocky-live-minimization.ks Normal file
View File

@ -0,0 +1,14 @@
# Saving space
%packages
# save some space
-mpage
-hplip
-isdn4k-utils
# scanning takes quite a bit of space :/
-xsane
-xsane-gimp
-sane-backends
%end

101
live/8/x86_64/stage/rocky-live-workstation-lite.ks Normal file
View File

@ -0,0 +1,101 @@
# Maintained by Release Engineering
# mailto:releng@rockylinux.org
%include rocky-live-base.ks
%include rocky-workstation-common-lite.ks
#
# Disable this for now as packagekit is causing compose failures
# by leaving a gpg-agent around holding /dev/null open.
#
#include snippets/packagekit-cached-metadata.ks
part / --size 6656
%post
cat >> /etc/rc.d/init.d/livesys << EOF
# disable gnome-software automatically downloading updates
cat >> /usr/share/glib-2.0/schemas/org.gnome.software.gschema.override << FOE
[org.gnome.software]
download-updates=false
FOE
# don't autostart gnome-software session service
rm -f /etc/xdg/autostart/gnome-software-service.desktop
# disable the gnome-software shell search provider
cat >> /usr/share/gnome-shell/search-providers/org.gnome.Software-search-provider.ini << FOE
DefaultDisabled=true
FOE
# don't run gnome-initial-setup
mkdir ~liveuser/.config
touch ~liveuser/.config/gnome-initial-setup-done
# suppress anaconda spokes redundant with gnome-initial-setup
cat >> /etc/sysconfig/anaconda << FOE
[NetworkSpoke]
visited=1
[PasswordSpoke]
visited=1
[UserSpoke]
visited=1
FOE
# make the installer show up
if [ -f /usr/share/applications/liveinst.desktop ]; then
# Show harddisk install in shell dash
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop ""
# need to move it to anaconda.desktop to make shell happy
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
cat >> /usr/share/glib-2.0/schemas/org.gnome.shell.gschema.override << FOE
[org.gnome.shell]
favorite-apps=['firefox.desktop', 'evolution.desktop', 'rhythmbox.desktop', 'shotwell.desktop', 'org.gnome.Nautilus.desktop', 'anaconda.desktop']
FOE
# Make the welcome screen show up
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/anaconda.desktop
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# Copy Anaconda branding in place
if [ -d /usr/share/lorax/product/usr/share/anaconda ]; then
cp -a /usr/share/lorax/product/* /
fi
fi
# rebuild schema cache with any overrides we installed
glib-compile-schemas /usr/share/glib-2.0/schemas
# set up auto-login
cat > /etc/gdm/custom.conf << FOE
[daemon]
AutomaticLoginEnable=True
AutomaticLogin=liveuser
FOE
# Turn off PackageKit-command-not-found while uninstalled
if [ -f /etc/PackageKit/CommandNotFound.conf ]; then
sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
fi
# make sure to set the right permissions and selinux contexts
chown -R liveuser:liveuser /home/liveuser/
restorecon -R /home/liveuser/
restorecon -R /
EOF
%end

101
live/8/x86_64/stage/rocky-live-workstation.ks Normal file
View File

@ -0,0 +1,101 @@
# Maintained by Release Engineering
# mailto:releng@rockylinux.org
%include rocky-live-base.ks
%include rocky-workstation-common.ks
#
# Disable this for now as packagekit is causing compose failures
# by leaving a gpg-agent around holding /dev/null open.
#
#include snippets/packagekit-cached-metadata.ks
part / --size 6656
%post
cat >> /etc/rc.d/init.d/livesys << EOF
# disable gnome-software automatically downloading updates
cat >> /usr/share/glib-2.0/schemas/org.gnome.software.gschema.override << FOE
[org.gnome.software]
download-updates=false
FOE
# don't autostart gnome-software session service
rm -f /etc/xdg/autostart/gnome-software-service.desktop
# disable the gnome-software shell search provider
cat >> /usr/share/gnome-shell/search-providers/org.gnome.Software-search-provider.ini << FOE
DefaultDisabled=true
FOE
# don't run gnome-initial-setup
mkdir ~liveuser/.config
touch ~liveuser/.config/gnome-initial-setup-done
# suppress anaconda spokes redundant with gnome-initial-setup
cat >> /etc/sysconfig/anaconda << FOE
[NetworkSpoke]
visited=1
[PasswordSpoke]
visited=1
[UserSpoke]
visited=1
FOE
# make the installer show up
if [ -f /usr/share/applications/liveinst.desktop ]; then
# Show harddisk install in shell dash
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop ""
# need to move it to anaconda.desktop to make shell happy
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
cat >> /usr/share/glib-2.0/schemas/org.gnome.shell.gschema.override << FOE
[org.gnome.shell]
favorite-apps=['firefox.desktop', 'evolution.desktop', 'rhythmbox.desktop', 'shotwell.desktop', 'org.gnome.Nautilus.desktop', 'anaconda.desktop']
FOE
# Make the welcome screen show up
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/anaconda.desktop
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# Copy Anaconda branding in place
if [ -d /usr/share/lorax/product/usr/share/anaconda ]; then
cp -a /usr/share/lorax/product/* /
fi
fi
# rebuild schema cache with any overrides we installed
glib-compile-schemas /usr/share/glib-2.0/schemas
# set up auto-login
cat > /etc/gdm/custom.conf << FOE
[daemon]
AutomaticLoginEnable=True
AutomaticLogin=liveuser
FOE
# Turn off PackageKit-command-not-found while uninstalled
if [ -f /etc/PackageKit/CommandNotFound.conf ]; then
sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
fi
# make sure to set the right permissions and selinux contexts
chown -R liveuser:liveuser /home/liveuser/
restorecon -R /home/liveuser/
restorecon -R /
EOF
%end

80
live/8/x86_64/stage/rocky-live-xfce-common.ks Normal file
View File

@ -0,0 +1,80 @@
# xfce
%packages
# these aren't an epel 8 thing for some reason.
@xfce-desktop
#@^xfce-desktop-environment
#@xfce-apps
#@xfce-extra-plugins
#@xfce-media
#@xfce-office
# Manual install...
geany
gparted
mousepad
ristretto
seahorse
transmission
pcp-selinux
lightdm
#gdm
-gdm
-gnome-shell
-gnome-menus
# Some stuff might already be here, doesn't hurt to list it.
firefox
thunderbird
firewall-config
pidgin
rocky-backgrounds
gparted
rhythmbox
# extras
f32-backgrounds-xfce
f32-backgrounds-extras-xfce
xfce4-about
xfce4-appfinder
xfce4-taskmanager
xfce4-pulseaudio-plugin
xfce4-battery-plugin
xfce4-datetime-plugin
xfce4-netload-plugin
xfce4-notifyd
xfce4-places-plugin
xfce4-screenshooter-plugin
xfce4-smartbookmark-plugin
xfce4-systemload-plugin
xfce4-time-out-plugin
xfce4-weather-plugin
xfce4-whiskermenu-plugin
xfdashboard
xfdashboard-themes
pavucontrol
wget
xdg-user-dirs
xdg-user-dirs-gtk
gjs
# save some space
-autofs
-acpid
-gimp-help
-desktop-backgrounds-basic
-aspell-*
-xfce4-sensors-plugin
-xfce4-eyes-plugin
### MINIMIZATION
-mpage
-hplip
-isdn4k-utils
-xsane
-xsane-gimp
-sane-backends
%end

96
live/8/x86_64/stage/rocky-live-xfce.ks Normal file
View File

@ -0,0 +1,96 @@
# rocky-live-kde.ks
# BROKEN
%include rocky-live-base-spin.ks
%include rocky-live-xfce-common.ks
part / --size 6144
%post
# xfce configuration
# create /etc/sysconfig/desktop (needed for installation)
cat > /etc/sysconfig/desktop <<EOF
PREFERRED=/usr/bin/startxfce4
DISPLAYMANAGER=/usr/sbin/lightdm
EOF
cat >> /etc/rc.d/init.d/livesys << EOF
mkdir -p /home/liveuser/.config/xfce4
# ugly stuff, this should give us a default background for now
mkdir -p /usr/share/backgrounds/images
ln -s /usr/share/backgrounds/f32/default/f32.png \
/usr/share/backgrounds/images/default.png
cat > /home/liveuser/.config/xfce4/helpers.rc << FOE
MailReader=sylpheed-claws
FileManager=Thunar
WebBrowser=firefox
FOE
# disable screensaver locking (#674410)
cat >> /home/liveuser/.xscreensaver << FOE
mode: off
lock: False
dpmsEnabled: False
FOE
# deactivate xfconf-migration (#683161)
rm -f /etc/xdg/autostart/xfconf-migration-4.6.desktop || :
# deactivate xfce4-panel first-run dialog (#693569)
mkdir -p /home/liveuser/.config/xfce4/xfconf/xfce-perchannel-xml
cp /etc/xdg/xfce4/panel/default.xml /home/liveuser/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
# set up lightdm autologin
sed -i 's/^#autologin-user=.*/autologin-user=liveuser/' /etc/lightdm/lightdm.conf
sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
sed -i 's/^#show-language-selector=.*/show-language-selector=true/' /etc/lightdm/lightdm-gtk-greeter.conf
# set Xfce as default session, otherwise login will fail
sed -i 's/^#user-session=.*/user-session=xfce/' /etc/lightdm/lightdm.conf
# debrand
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/liveinst.desktop
# Show harddisk install on the desktop
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop
mkdir /home/liveuser/Desktop
cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop/
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
mkdir -p ~liveuser/.config/autostart
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
fi
# no updater applet in live environment
rm -f /etc/xdg/autostart/org.mageia.dnfdragora-updater.desktop
# and mark it as executable (new Xfce security feature)
chmod +x /home/liveuser/Desktop/liveinst.desktop
cat > ~liveuser/.profile << PROFILE_EOF
export XDG_DATA_DIRS="\\\${XDG_DATA_DIRS}:\\\${HOME}/Desktop"
PROFILE_EOF
# move to anaconda - probably not required for XFCE.
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
# this goes at the end after all other changes.
chown -R liveuser:liveuser /home/liveuser
restorecon -R /home/liveuser
EOF
# this doesn't come up automatically. not sure why.
systemctl enable --force lightdm.service
dnf config-manager --set-enabled powertools
%end

15
live/8/x86_64/stage/rocky-repo-epel.ks Normal file
View File

@ -0,0 +1,15 @@
# These should change based on the major/minor release
# Deps repo, there are some anaconda packages that are *not* available by default
repo --name=BaseOS --cost=200 --baseurl=http://dl.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
repo --name=AppStream --cost=200 --baseurl=http://dl.rockylinux.org/stg/rocky/8/AppStream/$basearch/os/
repo --name=PowerTools --cost=200 --baseurl=http://dl.rockylinux.org/stg/rocky/8/PowerTools/$basearch/os/
repo --name=extras --cost=200 --baseurl=http://dl.rockylinux.org/stg/rocky/8/extras/$basearch/os
# EPEL (required for KDE and XFCE)
repo --name=epel --cost=200 --baseurl=https://dl.fedoraproject.org/pub/epel/8/Everything/$basearch/
repo --name=epel-modular --cost=200 --baseurl=https://dl.fedoraproject.org/pub/epel/8/Modular/$basearch/
# URL to the base os repo
url --url=http://dl.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
#url --url=http://10.100.0.1/pub/deps

10
live/8/x86_64/stage/rocky-repo.ks Normal file
View File

@ -0,0 +1,10 @@
# These should change based on the major/minor release
# Base repos
repo --name=BaseOS --cost=200 --baseurl=http://dl.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
repo --name=AppStream --cost=200 --baseurl=http://dl.rockylinux.org/stg/rocky/8/AppStream/$basearch/os/
repo --name=PowerTools --cost=200 --baseurl=http://dl.rockylinux.org/stg/rocky/8/PowerTools/$basearch/os/
repo --name=extras --cost=200 --baseurl=http://dl.rockylinux.org/stg/rocky/8/extras/$basearch/os
# URL to the base os repo
url --url=http://dl.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/

30
live/8/x86_64/stage/rocky-workstation-common-lite.ks Normal file
View File

@ -0,0 +1,30 @@
%packages
# Exclude unwanted groups that rocky-live-base.ks pulls in
-@dial-up
-@input-methods
-@standard
# Make sure to sync any additions / removals done here with
# workstation-product-environment in comps
@base-x
@core
@fonts
@gnome-desktop
@guest-desktop-agents
@hardware-support
@internet-browser
@networkmanager-submodules
# Libreoffice
libreoffice-calc
libreoffice-emailmerge
libreoffice-graphicfilter
libreoffice-impress
libreoffice-writer
# Exclude unwanted packages from @anaconda-tools group
-gfs2-utils
-reiserfs-utils
%end

32
live/8/x86_64/stage/rocky-workstation-common.ks Normal file
View File

@ -0,0 +1,32 @@
%packages
# Exclude unwanted groups that rocky-live-base.ks pulls in
-@dial-up
-@input-methods
-@standard
# Make sure to sync any additions / removals done here with
# workstation-product-environment in comps
@base-x
@core
@fonts
@gnome-desktop
@guest-desktop-agents
@hardware-support
@internet-browser
@multimedia
@networkmanager-submodules
@workstation-product
# Libreoffice
libreoffice-calc
libreoffice-emailmerge
libreoffice-graphicfilter
libreoffice-impress
libreoffice-writer
# Exclude unwanted packages from @anaconda-tools group
-gfs2-utils
-reiserfs-utils
%end

26
vagrant/rocky-vagrant-base.ks Normal file
View File

@ -0,0 +1,26 @@
url --url https://download.rockylinux.org/stg/rocky/8/BaseOS/$basearch/os/
repo --name=plus --baseurl=http://dl.rockylinux.org/pub/rocky/8/plus/$basearch/os
text
keyboard --vckeymap us
lang en_US
skipx
network --bootproto=dhcp --device=link --activate --onboot=on
rootpw --plaintext vagrant
firewall --disabled
timezone --utc UTC
services --enabled=vmtoolsd
# The biosdevname and ifnames options ensure we get "eth0" as our interface
# even in environments like virtualbox that emulate a real NW card
bootloader --timeout=1 --append="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop"
zerombr
clearpart --all --initlabel --disklabel=gpt
part biosboot --size=1 --fstype=biosboot --asprimary
part /boot/efi --size=100 --fstype=efi --asprimary
part /boot --size=1000 --fstype=xfs --label=boot
part / --size=8000 --fstype="xfs" --mkfsoptions "-m bigtime=0,inobtcount=0" --grow
user --name=vagrant --plaintext --password=vagrant
shutdown
%addon com_redhat_kdump --disable
%end

103
vagrant/rocky-vagrant-libvirt.ks Normal file
View File

@ -0,0 +1,103 @@
%include rocky-vagrant-base.ks
%include rocky-vagrant-packages-hyperv.ks
%post
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# configure swap to a file
fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
# sudo
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
chmod 0440 /etc/sudoers.d/vagrant
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT="yes"
EOF
# sshd: disable password authentication and DNS checks
ex -s /etc/ssh/sshd_config <<EOF
:%substitute/^\(PasswordAuthentication\) yes$/\1 no/
:%substitute/^#\(UseDNS\) yes$/&\r\1 no/
:update
:quit
EOF
cat >>/etc/sysconfig/sshd <<EOF
# Decrease connection time by preventing reverse DNS lookups
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
# and man sshd for more information)
OPTIONS="-u0"
EOF
# Default insecure vagrant key
mkdir -m 0700 -p /home/vagrant/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
chmod 600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant:vagrant /home/vagrant/.ssh
# Fix for issue #76, regular users can gain admin privileges via su
ex -s /etc/pam.d/su <<'EOF'
# allow vagrant to use su, but prevent others from becoming root or vagrant
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
:append
account [success=1 default=ignore] \\
pam_succeed_if.so user = vagrant use_uid quiet
account required pam_succeed_if.so user notin root:vagrant
.
:update
:quit
EOF
# systemd should generate a new machine id during the first boot, to
# avoid having multiple Vagrant instances with the same id in the local
# network. /etc/machine-id should be empty, but it must exist to prevent
# boot errors (e.g. systemd-journald failing to start).
:>/etc/machine-id
echo 'vag' > /etc/yum/vars/infra
# Blacklist the floppy module to avoid probing timeouts
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
# Customize the initramfs
pushd /etc/dracut.conf.d
# Enable VMware PVSCSI support for VMware Fusion guests.
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
# There's no floppy controller, but probing for it generates timeouts
echo 'omit_drivers+=" floppy "' > nofloppy.conf
popd
# Fix the SELinux context of the new files
restorecon -f - <<EOF
/etc/sudoers.d/vagrant
/etc/dracut.conf.d/vmware-fusion-drivers.conf
/etc/dracut.conf.d/hyperv-drivers.conf
/etc/dracut.conf.d/nofloppy.conf
EOF
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
# Seal for deployment
rm -rf /etc/ssh/ssh_host_*
hostnamectl set-hostname localhost.localdomain
rm -rf /etc/udev/rules.d/70-*
%end

34
vagrant/rocky-vagrant-packages-hyperv.ks Normal file
View File

@ -0,0 +1,34 @@
%packages --instLangs=en
bash-completion
man-pages
bzip2
rsync
nfs-utils
cifs-utils
chrony
yum-utils
hyperv-daemons
open-vm-tools
# Vagrant boxes aren't normally visible, no need for Plymouth
-plymouth
# Microcode updates cannot work in a VM
-microcode_ctl
# Firmware packages are not needed in a VM
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-iwl7260-firmware
# Don't build rescue initramfs
-dracut-config-rescue
%end

33
vagrant/rocky-vagrant-packages.ks Normal file
View File

@ -0,0 +1,33 @@
%packages --instLangs=en
bash-completion
man-pages
bzip2
rsync
nfs-utils
cifs-utils
chrony
yum-utils
open-vm-tools
# Vagrant boxes aren't normally visible, no need for Plymouth
-plymouth
# Microcode updates cannot work in a VM
-microcode_ctl
# Firmware packages are not needed in a VM
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-iwl7260-firmware
# Don't build rescue initramfs
-dracut-config-rescue
%end

99
Rocky-8-x86_64-Vagrant-VBox.ks → vagrant/rocky-vagrant-vbox.ks
View File

@ -1,67 +1,16 @@
url --url=http://dl.rockylinux.org/pub/rocky/8/BaseOS/x86_64/os
repo --name=AppStream --baseurl=http://dl.rockylinux.org/pub/rocky/8/AppStream/x86_64/os
text
keyboard --vckeymap us
lang en_US
skipx
network --bootproto=dhcp --device=link --activate --onboot=on
rootpw --plaintext vagrant
firewall --disabled
timezone --utc UTC
services --enabled=vmtoolsd
# The biosdevname and ifnames options ensure we get "eth0" as our interface
# even in environments like virtualbox that emulate a real NW card
bootloader --timeout=1 --append="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop"
zerombr
clearpart --all --initlabel
part / --fstype=xfs --asprimary --size=1024 --grow
user --name=vagrant --plaintext --password=vagrant
reboot
%packages --instLangs=en
bash-completion
man-pages
bzip2
rsync
nfs-utils
cifs-utils
chrony
yum-utils
hyperv-daemons
open-vm-tools
# Vagrant boxes aren't normally visible, no need for Plymouth
-plymouth
# Microcode updates cannot work in a VM
-microcode_ctl
# Firmware packages are not needed in a VM
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-iwl7260-firmware
# Don't build rescue initramfs
-dracut-config-rescue
%end
# kdump needs to reserve 160MB + 2bits/4kB RAM, and automatic allocation only
# works on systems with at least 2GB RAM (which excludes most Vagrant boxes)
# CBS doesn't support %addon yet https://bugs.centos.org/view.php?id=12169
%addon com_redhat_kdump --disable
%end
%include rocky-vagrant-base.ks
%include rocky-vagrant-packages-hyperv.ks
%post
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# configure swap to a file
fallocate -l 2G /swapfile
chmod 600 /swapfile
@ -101,14 +50,34 @@ ex -s /etc/pam.d/su <<'EOF'
# allow vagrant to use su, but prevent others from becoming root or vagrant
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
:append
account [success=1 default=ignore] \\
pam_succeed_if.so user = vagrant use_uid quiet
account required pam_succeed_if.so user notin root:vagrant
account [success=1 default=ignore] \\
pam_succeed_if.so user = vagrant use_uid quiet
account required pam_succeed_if.so user notin root:vagrant
.
:update
:quit
EOF
# Install VBoxGuestAdditions for installed kernel
kver=$(rpm -q --queryformat="%{VERSION}-%{RELEASE}.%{ARCH}" kernel)
dnf -y install kernel-devel gcc make perl elfutils-libelf-devel
curl -L -o /tmp/vboxadditions.iso https://download.virtualbox.org/virtualbox/6.1.34/VBoxGuestAdditions_6.1.34.iso
mkdir -p /media/VBoxGuestAdditions
mount -o loop,ro /tmp/vboxadditions.iso /media/VBoxGuestAdditions
mkdir -p /tmp/VBoxGuestAdditions
sh /media/VBoxGuestAdditions/VBoxLinuxAdditions.run --nox11 --noexec --keep --target /tmp/VBoxGuestAdditions
pushd /tmp/VBoxGuestAdditions
./install.sh
/sbin/rcvboxadd quicksetup all
popd
ls "/lib/modules/${kver}/misc/"
modinfo "/lib/modules/${kver}/misc/vboxsf.ko"
rm -rf /tmp/VBoxGuestAdditions
umount /media/VBoxGuestAdditions
rm -f /tmp/vboxadditions.iso
rmdir /media/VBoxGuestAdditions
dnf -y remove kernel-devel gcc make perl elfutils-libelf-devel
# systemd should generate a new machine id during the first boot, to
# avoid having multiple Vagrant instances with the same id in the local
# network. /etc/machine-id should be empty, but it must exist to prevent

106
vagrant/rocky-vagrant-vmware.ks Normal file
View File

@ -0,0 +1,106 @@
%include rocky-vagrant-base.ks
%include rocky-vagrant-packages.ks
%post
# Attempting to force legacy BIOS boot if we boot from UEFI
if [ "$(arch)" = "x86_64" ]; then
dnf install grub2-pc-modules grub2-pc -y
grub2-install --target=i386-pc /dev/vda
fi
# Ensure that the pmbr_boot flag is off
parted /dev/vda disk_set pmbr_boot off
# configure swap to a file
fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
echo "/swapfile none swap defaults 0 0" >> /etc/fstab
# sudo
echo "%vagrant ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/vagrant
chmod 0440 /etc/sudoers.d/vagrant
# vmware needs open-vm-tools; on aarch, this is in plus
dnf config-manager --set-enabled=plus
# Fix for https://github.com/CentOS/sig-cloud-instance-build/issues/38
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT="yes"
EOF
# sshd: disable password authentication and DNS checks
ex -s /etc/ssh/sshd_config <<EOF
:%substitute/^\(PasswordAuthentication\) yes$/\1 no/
:%substitute/^#\(UseDNS\) yes$/&\r\1 no/
:update
:quit
EOF
cat >>/etc/sysconfig/sshd <<EOF
# Decrease connection time by preventing reverse DNS lookups
# (see https://lists.centos.org/pipermail/centos-devel/2016-July/014981.html
# and man sshd for more information)
OPTIONS="-u0"
EOF
# Default insecure vagrant key
mkdir -m 0700 -p /home/vagrant/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >> /home/vagrant/.ssh/authorized_keys
chmod 600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant:vagrant /home/vagrant/.ssh
# Fix for issue #76, regular users can gain admin privileges via su
ex -s /etc/pam.d/su <<'EOF'
# allow vagrant to use su, but prevent others from becoming root or vagrant
/^account\s\+sufficient\s\+pam_succeed_if.so uid = 0 use_uid quiet$/
:append
account [success=1 default=ignore] \\
pam_succeed_if.so user = vagrant use_uid quiet
account required pam_succeed_if.so user notin root:vagrant
.
:update
:quit
EOF
# systemd should generate a new machine id during the first boot, to
# avoid having multiple Vagrant instances with the same id in the local
# network. /etc/machine-id should be empty, but it must exist to prevent
# boot errors (e.g. systemd-journald failing to start).
:>/etc/machine-id
echo 'vag' > /etc/yum/vars/infra
# Blacklist the floppy module to avoid probing timeouts
echo blacklist floppy > /etc/modprobe.d/nofloppy.conf
chcon -u system_u -r object_r -t modules_conf_t /etc/modprobe.d/nofloppy.conf
# Customize the initramfs
pushd /etc/dracut.conf.d
# Enable VMware PVSCSI support for VMware Fusion guests.
echo 'add_drivers+=" vmw_pvscsi "' > vmware-fusion-drivers.conf
echo 'add_drivers+=" hv_netvsc hv_storvsc hv_utils hv_vmbus hid-hyperv "' > hyperv-drivers.conf
# There's no floppy controller, but probing for it generates timeouts
echo 'omit_drivers+=" floppy "' > nofloppy.conf
popd
# Fix the SELinux context of the new files
restorecon -f - <<EOF
/etc/sudoers.d/vagrant
/etc/dracut.conf.d/vmware-fusion-drivers.conf
/etc/dracut.conf.d/nofloppy.conf
EOF
# Rerun dracut for the installed kernel (not the running kernel):
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
dracut -f /boot/initramfs-${KERNEL_VERSION}.img ${KERNEL_VERSION}
# Seal for deployment
rm -rf /etc/ssh/ssh_host_*
hostnamectl set-hostname localhost.localdomain
rm -rf /etc/udev/rules.d/70-*
%end