Louis Abel
cde7be8a93
To reduce commits (every 6 months), this change makes it so "9" is the absolute default location as it should be symlinked to the latest in either staging or prod. With that being said, peridot repositories are also provided for automation purposes but also at the convenience of the user if they so choose to use those repos instead. And the readme was updated a bit.
494 lines
14 KiB
Plaintext
494 lines
14 KiB
Plaintext
# Generated by pykickstart v3.36
|
|
#version=DEVEL
|
|
# X Window System configuration information
|
|
xconfig --startxonboot
|
|
# Keyboard layouts
|
|
keyboard 'us'
|
|
# Root password
|
|
rootpw --iscrypted --lock locked
|
|
# System language
|
|
lang en_US.UTF-8
|
|
# Shutdown after installation
|
|
shutdown
|
|
# Network information
|
|
network --bootproto=dhcp --device=link --activate
|
|
# Firewall configuration
|
|
firewall --enabled --service=mdns
|
|
# Use network installation
|
|
url --url="http://dl.rockylinux.org/pub/rocky/9/BaseOS/$basearch/os/"
|
|
repo --name="BaseOS" --baseurl=http://dl.rockylinux.org/pub/rocky/9/BaseOS/$basearch/os/ --cost=200
|
|
repo --name="AppStream" --baseurl=http://dl.rockylinux.org/pub/rocky/9/AppStream/$basearch/os/ --cost=200
|
|
repo --name="CRB" --baseurl=http://dl.rockylinux.org/pub/rocky/9/CRB/$basearch/os/ --cost=200
|
|
repo --name="extras" --baseurl=http://dl.rockylinux.org/pub/rocky/9/extras/$basearch/os --cost=200
|
|
repo --name="epel" --baseurl=https://dl.fedoraproject.org/pub/epel/9/Everything/$basearch/ --cost=200
|
|
#repo --name="epel-modular" --baseurl=https://dl.fedoraproject.org/pub/epel/8/Modular/$basearch/ --cost=200
|
|
# System timezone
|
|
timezone US/Eastern
|
|
# SELinux configuration
|
|
selinux --enforcing
|
|
# System services
|
|
services --disabled="sshd" --enabled="NetworkManager,ModemManager"
|
|
# System bootloader configuration
|
|
bootloader --location=none
|
|
# Clear the Master Boot Record
|
|
zerombr
|
|
# Partition clearing information
|
|
clearpart --all
|
|
# Disk partitioning information
|
|
part / --fstype="ext4" --size=5120
|
|
part / --size=6144
|
|
|
|
%post
|
|
# FIXME: it'd be better to get this installed from a package
|
|
cat > /etc/rc.d/init.d/livesys << EOF
|
|
#!/bin/bash
|
|
#
|
|
# live: Init script for live image
|
|
#
|
|
# chkconfig: 345 00 99
|
|
# description: Init script for live image.
|
|
### BEGIN INIT INFO
|
|
# X-Start-Before: display-manager chronyd
|
|
### END INIT INFO
|
|
|
|
. /etc/init.d/functions
|
|
|
|
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
if [ -e /.liveimg-configured ] ; then
|
|
configdone=1
|
|
fi
|
|
|
|
exists() {
|
|
which \$1 >/dev/null 2>&1 || return
|
|
\$*
|
|
}
|
|
|
|
livedir="LiveOS"
|
|
for arg in \`cat /proc/cmdline\` ; do
|
|
if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
|
|
livedir=\${arg##rd.live.dir=}
|
|
continue
|
|
fi
|
|
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
|
|
livedir=\${arg##live_dir=}
|
|
fi
|
|
done
|
|
|
|
# Enable swap unless requested otherwise
|
|
swaps=\`blkid -t TYPE=swap -o device\`
|
|
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
|
|
for s in \$swaps ; do
|
|
action "Enabling swap partition \$s" swapon \$s
|
|
done
|
|
fi
|
|
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
|
|
action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
|
|
fi
|
|
|
|
# Support for persistent homes
|
|
mountPersistentHome() {
|
|
# support label/uuid
|
|
if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
|
|
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
|
|
fi
|
|
|
|
# if we're given a file rather than a blockdev, loopback it
|
|
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
|
|
# mtd devs don't have a block device but get magic-mounted with -t jffs2
|
|
mountopts="-t jffs2"
|
|
elif [ ! -b "\$homedev" ]; then
|
|
loopdev=\`losetup -f\`
|
|
if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
|
|
action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
|
|
fi
|
|
losetup \$loopdev \$homedev
|
|
homedev=\$loopdev
|
|
fi
|
|
|
|
# if it's encrypted, we need to unlock it
|
|
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
|
|
echo
|
|
echo "Setting up encrypted /home device"
|
|
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
|
|
homedev=/dev/mapper/EncHome
|
|
fi
|
|
|
|
# and finally do the mount
|
|
mount \$mountopts \$homedev /home
|
|
# if we have /home under what's passed for persistent home, then
|
|
# we should make that the real /home. useful for mtd device on olpc
|
|
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
|
|
[ -x /sbin/restorecon ] && /sbin/restorecon /home
|
|
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
|
|
}
|
|
|
|
# Help locate persistent homes
|
|
findPersistentHome() {
|
|
for arg in \`cat /proc/cmdline\` ; do
|
|
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
|
|
homedev=\${arg##persistenthome=}
|
|
fi
|
|
done
|
|
}
|
|
|
|
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
|
|
findPersistentHome
|
|
elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
|
|
homedev=/run/initramfs/live/\${livedir}/home.img
|
|
fi
|
|
|
|
# Mount the persistent home if it's available
|
|
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
|
|
action "Mounting persistent /home" mountPersistentHome
|
|
fi
|
|
|
|
if [ -n "\$configdone" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
# Create the liveuser (no password) so automatic logins and sudo works
|
|
action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
|
|
passwd -d liveuser > /dev/null
|
|
usermod -aG wheel liveuser > /dev/null
|
|
|
|
# Same for root
|
|
passwd -d root > /dev/null
|
|
|
|
# Turn off firstboot (similar to a DVD/minimal install, where it asks
|
|
# for the user to accept the EULA before bringing up a TTY)
|
|
systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
|
|
systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
|
|
systemctl stop firstboot-text.service 2> /dev/null || :
|
|
systemctl stop firstboot-graphical.service 2> /dev/null || :
|
|
|
|
# Prelinking damages the images
|
|
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
|
|
|
|
# Turn off mdmonitor by default
|
|
systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
|
|
systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
|
|
systemctl stop mdmonitor.service 2> /dev/null || :
|
|
systemctl stop mdmonitor-takeover.service 2> /dev/null || :
|
|
|
|
# Even if there isn't gnome, this doesn't hurt.
|
|
gsettings set org.gnome.software download-updates 'false' || :
|
|
|
|
# Disable cron
|
|
systemctl --no-reload disable crond.service 2> /dev/null || :
|
|
systemctl --no-reload disable atd.service 2> /dev/null || :
|
|
systemctl stop crond.service 2> /dev/null || :
|
|
systemctl stop atd.service 2> /dev/null || :
|
|
|
|
# Disable abrt
|
|
systemctl --no-reload disable abrtd.service 2> /dev/null || :
|
|
systemctl stop abrtd.service 2> /dev/null || :
|
|
|
|
# Don't sync the system clock when running live (RHBZ #1018162)
|
|
sed -i 's/rtcsync//' /etc/chrony.conf
|
|
|
|
# Mark things as configured
|
|
touch /.liveimg-configured
|
|
|
|
# add static hostname to work around xauth bug
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=679486
|
|
# the hostname must be something else than 'localhost'
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
|
|
echo "localhost-live" > /etc/hostname
|
|
|
|
EOF
|
|
|
|
# HAL likes to start late.
|
|
cat > /etc/rc.d/init.d/livesys-late << EOF
|
|
#!/bin/bash
|
|
#
|
|
# live: Late init script for live image
|
|
#
|
|
# chkconfig: 345 99 01
|
|
# description: Late init script for live image.
|
|
|
|
. /etc/init.d/functions
|
|
|
|
if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
|
|
exit 0
|
|
fi
|
|
|
|
exists() {
|
|
which \$1 >/dev/null 2>&1 || return
|
|
\$*
|
|
}
|
|
|
|
touch /.liveimg-late-configured
|
|
|
|
# Read some stuff out of the kernel cmdline
|
|
for o in \`cat /proc/cmdline\` ; do
|
|
case \$o in
|
|
ks=*)
|
|
ks="--kickstart=\${o#ks=}"
|
|
;;
|
|
xdriver=*)
|
|
xdriver="\${o#xdriver=}"
|
|
;;
|
|
esac
|
|
done
|
|
|
|
# If liveinst or textinst is given, start installer
|
|
if strstr "\`cat /proc/cmdline\`" liveinst ; then
|
|
plymouth --quit
|
|
/usr/sbin/liveinst \$ks
|
|
fi
|
|
if strstr "\`cat /proc/cmdline\`" textinst ; then
|
|
plymouth --quit
|
|
/usr/sbin/liveinst --text \$ks
|
|
fi
|
|
|
|
# Configure X, allowing user to override xdriver
|
|
if [ -n "\$xdriver" ]; then
|
|
cat > /etc/X11/xorg.conf.d/00-xdriver.conf <<FOE
|
|
Section "Device"
|
|
Identifier "Videocard0"
|
|
Driver "\$xdriver"
|
|
EndSection
|
|
FOE
|
|
fi
|
|
|
|
EOF
|
|
|
|
chmod 755 /etc/rc.d/init.d/livesys
|
|
/sbin/restorecon /etc/rc.d/init.d/livesys
|
|
/sbin/chkconfig --add livesys
|
|
|
|
chmod 755 /etc/rc.d/init.d/livesys-late
|
|
/sbin/restorecon /etc/rc.d/init.d/livesys-late
|
|
/sbin/chkconfig --add livesys-late
|
|
|
|
# Enable tmpfs for /tmp - this is a good idea
|
|
systemctl enable tmp.mount
|
|
|
|
# make it so that we don't do writing to the overlay for things which
|
|
# are just tmpdirs/caches
|
|
# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
|
|
cat >> /etc/fstab << EOF
|
|
vartmp /var/tmp tmpfs defaults 0 0
|
|
EOF
|
|
|
|
# PackageKit likes to play games. Let's fix that.
|
|
rm -f /var/lib/rpm/__db*
|
|
releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
|
|
basearch=$(uname -i)
|
|
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
|
|
echo "Packages within this LiveCD"
|
|
rpm -qa
|
|
# Note that running rpm recreates the rpm db files which aren't needed or wanted
|
|
rm -f /var/lib/rpm/__db*
|
|
|
|
# go ahead and pre-make the man -k cache (#455968)
|
|
/usr/bin/mandb
|
|
|
|
# make sure there aren't core files lying around
|
|
rm -f /core*
|
|
|
|
# remove random seed, the newly installed instance should make it's own
|
|
rm -f /var/lib/systemd/random-seed
|
|
|
|
# convince readahead not to collect
|
|
# FIXME: for systemd
|
|
|
|
echo 'File created by kickstart. See systemd-update-done.service(8).' \
|
|
| tee /etc/.updated >/var/.updated
|
|
|
|
# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
|
|
# See bug 1317709
|
|
rm -f /boot/*-rescue*
|
|
|
|
# Disable network service here, as doing it in the services line
|
|
# fails due to RHBZ #1369794 - the error is expected
|
|
/sbin/chkconfig network off
|
|
|
|
# Remove machine-id on generated images
|
|
rm -f /etc/machine-id
|
|
touch /etc/machine-id
|
|
|
|
%end
|
|
|
|
%post --nochroot
|
|
cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
|
|
|
|
# only works on x86_64
|
|
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
|
|
# For livecd-creator builds
|
|
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
|
|
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
|
|
|
|
# For lorax/livemedia-creator builds
|
|
sed -i '
|
|
/## make boot.iso/ i\
|
|
# Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
|
|
<% f = "usr/bin/livecd-iso-to-disk" %>\
|
|
%if exists(f):\
|
|
install ${f} ${LIVEDIR}/${f|basename}\
|
|
%endif\
|
|
' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
|
|
fi
|
|
|
|
%end
|
|
|
|
%post
|
|
# xfce configuration
|
|
|
|
# create /etc/sysconfig/desktop (needed for installation)
|
|
|
|
cat > /etc/sysconfig/desktop <<EOF
|
|
PREFERRED=/usr/bin/startxfce4
|
|
DISPLAYMANAGER=/usr/sbin/lightdm
|
|
EOF
|
|
|
|
cat >> /etc/rc.d/init.d/livesys << EOF
|
|
|
|
mkdir -p /home/liveuser/.config/xfce4
|
|
# ugly stuff, this should give us a default background for now
|
|
#mkdir -p /usr/share/backgrounds/images
|
|
#ln -s /usr/share/backgrounds/f32/default/f32.png \
|
|
# /usr/share/backgrounds/images/default.png
|
|
|
|
cat > /home/liveuser/.config/xfce4/helpers.rc << FOE
|
|
MailReader=sylpheed-claws
|
|
FileManager=Thunar
|
|
WebBrowser=firefox
|
|
FOE
|
|
|
|
# disable screensaver locking (#674410)
|
|
cat >> /home/liveuser/.xscreensaver << FOE
|
|
mode: off
|
|
lock: False
|
|
dpmsEnabled: False
|
|
FOE
|
|
|
|
# deactivate xfconf-migration (#683161)
|
|
rm -f /etc/xdg/autostart/xfconf-migration-4.6.desktop || :
|
|
|
|
# deactivate xfce4-panel first-run dialog (#693569)
|
|
mkdir -p /home/liveuser/.config/xfce4/xfconf/xfce-perchannel-xml
|
|
cp /etc/xdg/xfce4/panel/default.xml /home/liveuser/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
|
|
|
|
# set up lightdm autologin
|
|
sed -i 's/^#autologin-user=.*/autologin-user=liveuser/' /etc/lightdm/lightdm.conf
|
|
sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
|
|
sed -i 's/^#show-language-selector=.*/show-language-selector=true/' /etc/lightdm/lightdm-gtk-greeter.conf
|
|
|
|
# set Xfce as default session, otherwise login will fail
|
|
sed -i 's/^#user-session=.*/user-session=xfce/' /etc/lightdm/lightdm.conf
|
|
|
|
# debrand
|
|
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome.desktop
|
|
#sed -i "s/RHEL/Rocky Linux/g" /usr/share/anaconda/gnome/rhel-welcome
|
|
#sed -i "s/Red Hat Enterprise/Rocky/g" /usr/share/anaconda/gnome/rhel-welcome
|
|
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/anaconda/gnome/rhel-welcome
|
|
#sed -i "s/org.fedoraproject.AnacondaInstaller/fedora-logo-icon/g" /usr/share/applications/liveinst.desktop
|
|
|
|
# Show harddisk install on the desktop
|
|
sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop
|
|
mkdir /home/liveuser/Desktop
|
|
cp /usr/share/applications/liveinst.desktop /home/liveuser/Desktop/
|
|
|
|
if [ -f /usr/share/anaconda/gnome/rhel-welcome.desktop ]; then
|
|
mkdir -p ~liveuser/.config/autostart
|
|
cp /usr/share/anaconda/gnome/rhel-welcome.desktop /usr/share/applications/
|
|
cp /usr/share/anaconda/gnome/rhel-welcome.desktop ~liveuser/.config/autostart/
|
|
fi
|
|
|
|
# no updater applet in live environment
|
|
rm -f /etc/xdg/autostart/org.mageia.dnfdragora-updater.desktop
|
|
|
|
# and mark it as executable (new Xfce security feature)
|
|
chmod +x /home/liveuser/Desktop/liveinst.desktop
|
|
|
|
# move to anaconda - probably not required for XFCE.
|
|
mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
|
|
|
|
# this goes at the end after all other changes.
|
|
chown -R liveuser:liveuser /home/liveuser
|
|
restorecon -R /home/liveuser
|
|
|
|
EOF
|
|
|
|
# this doesn't come up automatically. not sure why.
|
|
systemctl enable --force lightdm.service
|
|
|
|
# CRB needs to be enabled for EPEL to function.
|
|
dnf config-manager --set-enabled crb
|
|
|
|
%end
|
|
|
|
%packages
|
|
@anaconda-tools
|
|
@base-x
|
|
@core
|
|
@dial-up
|
|
@fonts
|
|
@guest-desktop-agents
|
|
@hardware-support
|
|
@input-methods
|
|
@multimedia
|
|
@standard
|
|
@xfce-desktop
|
|
aajohan-comfortaa-fonts
|
|
anaconda
|
|
anaconda-install-env-deps
|
|
anaconda-live
|
|
chkconfig
|
|
dracut-live
|
|
epel-release
|
|
f35-backgrounds-extras-xfce
|
|
f35-backgrounds-xfce
|
|
firefox
|
|
firewall-config
|
|
glibc-all-langpacks
|
|
gparted
|
|
initscripts
|
|
kernel
|
|
kernel-modules
|
|
kernel-modules-extra
|
|
lightdm
|
|
memtest86+
|
|
pavucontrol
|
|
pcp-selinux
|
|
rocky-backgrounds
|
|
seahorse
|
|
syslinux
|
|
thunderbird
|
|
wget
|
|
xdg-user-dirs
|
|
xdg-user-dirs-gtk
|
|
xfce4-about
|
|
xfce4-appfinder
|
|
xfce4-datetime-plugin
|
|
xfce4-netload-plugin
|
|
xfce4-screenshooter-plugin
|
|
xfce4-smartbookmark-plugin
|
|
xfce4-systemload-plugin
|
|
xfce4-taskmanager
|
|
xfce4-time-out-plugin
|
|
xfce4-weather-plugin
|
|
xfce4-whiskermenu-plugin
|
|
-acpid
|
|
-aspell-*
|
|
-autofs
|
|
-desktop-backgrounds-basic
|
|
-gdm
|
|
-gimp-help
|
|
-gnome-menus
|
|
-gnome-shell
|
|
-hplip
|
|
-isdn4k-utils
|
|
-mpage
|
|
-sane-backends
|
|
-xfce4-eyes-plugin
|
|
-xfce4-sensors-plugin
|
|
-xsane
|
|
-xsane-gimp
|
|
|
|
%end
|