update
This commit is contained in:
Harald Hoyer
parent
2e63e25d7d
commit
7d097f89e7
|
|
@ -70,3 +70,10 @@ nautilus
|
|||
rpcbind
|
||||
nfs-utils
|
||||
autofs
|
||||
dnf
|
||||
fedora-release
|
||||
libvirt-daemon-config-network
|
||||
libvirt-daemon-kvm
|
||||
squashfs-tools
|
||||
mc
|
||||
veritysetup
|
||||
|
|
|
|||
|
|
@ -14,7 +14,9 @@ Creates a directory with a readonly root on squashfs, a dm_verity file and an EF
|
|||
--outdir DIR Creates DIR and puts all files in there (default: NAME-NUM-DATE)
|
||||
--name NAME The NAME of the product (default: FedoraBook)
|
||||
--logo FILE Uses the .bmp FILE to display as a splash screen (default: logo.bmp)
|
||||
--quirks LIST Source the list of quirks from the quikrs directory
|
||||
--gpgkey FILE Use FILE as the signing gpg key
|
||||
--reposd DIR Use DIR as the dnf repository directory
|
||||
--noupdate Do not install from Fedora Updates
|
||||
EOF
|
||||
}
|
||||
|
|
@ -33,6 +35,9 @@ TEMP=$(
|
|||
--long name: \
|
||||
--long releasever: \
|
||||
--long logo: \
|
||||
--long quirks: \
|
||||
--long gpgkey: \
|
||||
--long reposd: \
|
||||
--long noupdates \
|
||||
-- "$@"
|
||||
)
|
||||
|
|
@ -46,6 +51,7 @@ eval set -- "$TEMP"
|
|||
unset TEMP
|
||||
. /etc/os-release
|
||||
unset NAME
|
||||
declare -a QUIRKS
|
||||
|
||||
while true; do
|
||||
case "$1" in
|
||||
|
|
@ -81,10 +87,18 @@ while true; do
|
|||
LOGO="$2"
|
||||
shift 2; continue
|
||||
;;
|
||||
'--quirks')
|
||||
QUIRKS+=( $2 )
|
||||
shift 2; continue
|
||||
;;
|
||||
'--gpgkey')
|
||||
GPGKEY="$2"
|
||||
shift 2; continue
|
||||
;;
|
||||
'--reposd')
|
||||
REPOSD="$2"
|
||||
shift 2; continue
|
||||
;;
|
||||
'--noupdates')
|
||||
unset WITH_UPDATES
|
||||
shift 1; continue
|
||||
|
|
@ -106,6 +120,7 @@ RELEASEVER=${RELEASEVER:-$VERSION_ID}
|
|||
VERSION_ID="${RELEASEVER}.$(date -u +'%Y%m%d%H%M%S')"
|
||||
OUTDIR=${OUTDIR:-"${CURDIR}/${NAME}-${VERSION_ID}"}
|
||||
GPGKEY=${GPGKEY:-${NAME}.gpg}
|
||||
REPOSD=${REPOSD:-/etc/yum.repos.d}
|
||||
|
||||
[[ $TMPDIR ]] || TMPDIR=/var/tmp
|
||||
readonly TMPDIR="$(realpath -e "$TMPDIR")"
|
||||
|
|
@ -140,6 +155,15 @@ fi
|
|||
|
||||
readonly sysroot="${MY_TMPDIR}/sysroot"
|
||||
|
||||
# We need to preserve old uid/gid
|
||||
mkdir -p "$sysroot"/etc
|
||||
for i in passwd shadow group gshadow subuid subgid; do
|
||||
[[ -e "${BASEDIR}/${NAME}/$i" ]] || continue
|
||||
cp -a "${BASEDIR}/${NAME}/$i" "$sysroot"/etc/"$i"
|
||||
done
|
||||
|
||||
chown -R +0.+0 "$sysroot"
|
||||
|
||||
mkdir -p "$sysroot"/{dev,proc,sys,run}
|
||||
mount --bind /proc "$sysroot/proc"
|
||||
#mount --bind /run "$sysroot/run"
|
||||
|
|
@ -149,18 +173,12 @@ mount -t devtmpfs devtmpfs "$sysroot/dev"
|
|||
mkdir -p "$sysroot"/var/cache/dnf
|
||||
mount --bind /var/cache/dnf "$sysroot"/var/cache/dnf
|
||||
|
||||
# We need to preserve old uid/gid
|
||||
mkdir -p "$sysroot"/etc
|
||||
for i in passwd shadow group gshadow subuid subgid; do
|
||||
[[ -e "${BASEDIR}/${NAME}/$i" ]] || continue
|
||||
cp "${BASEDIR}/${NAME}/$i" "$sysroot"/etc/"$i"
|
||||
done
|
||||
|
||||
dnf -v --nogpgcheck --installroot "$sysroot"/ --releasever "$RELEASEVER" --disablerepo='*' \
|
||||
--enablerepo=fedora \
|
||||
${WITH_UPDATES:+--enablerepo=updates} \
|
||||
dnf -v --nogpgcheck \
|
||||
--installroot "$sysroot"/ \
|
||||
--releasever "$RELEASEVER" \
|
||||
--exclude="$EXCLUDELIST" \
|
||||
--setopt=keepcache=True \
|
||||
--setopt=reposdir="$REPOSD" \
|
||||
install -y \
|
||||
dracut \
|
||||
passwd \
|
||||
|
|
@ -222,6 +240,7 @@ done
|
|||
cp "$CURDIR/clonedisk.sh" "$sysroot"/usr/bin/clonedisk
|
||||
cp "$CURDIR/update.sh" "$sysroot"/usr/bin/update
|
||||
cp "$CURDIR/update.sh" "$sysroot"/usr/bin/update
|
||||
|
||||
mkdir -p "$sysroot"/etc/pki/${NAME}
|
||||
cp "${CURDIR}/${GPGKEY}" "$sysroot"/etc/pki/${NAME}/GPG-KEY
|
||||
|
||||
|
|
@ -251,7 +270,6 @@ chroot "$sysroot" \
|
|||
--install "cryptsetup tail sort pwmake mktemp swapon" \
|
||||
--install "tpm2_pcrextend tpm2_createprimary tpm2_pcrlist tpm2_createpolicy" \
|
||||
--install "tpm2_create tpm2_load tpm2_unseal tpm2_takeownership" \
|
||||
--install "strace" \
|
||||
--include /pre-pivot.sh /lib/dracut/hooks/pre-pivot/pre-pivot.sh \
|
||||
--include /overlay / \
|
||||
--install /usr/lib/systemd/system/clevis-luks-askpass.path \
|
||||
|
|
@ -271,6 +289,15 @@ mkdir -p "$sysroot"/usr/share/factory/data/{var/etc,home}
|
|||
ln -sfnr "$sysroot"/usr/share/factory/data/var "$sysroot"/usr/share/factory/var
|
||||
ln -sfnr "$sysroot"/usr/share/factory/data/home "$sysroot"/usr/share/factory/home
|
||||
|
||||
|
||||
chroot "$sysroot" update-ca-trust
|
||||
|
||||
. "${BASEDIR}"/quirks/nss.sh
|
||||
|
||||
for q in "${QUIRKS[@]}"; do
|
||||
. "${BASEDIR}"/quirks/"$q".sh
|
||||
done
|
||||
|
||||
#---------------
|
||||
# timesync
|
||||
ln -fsnr "$sysroot"/usr/lib/systemd/system/systemd-timesyncd.service "$sysroot"/usr/lib/systemd/system/sysinit.target.wants/systemd-timesyncd.service
|
||||
|
|
@ -321,8 +348,6 @@ C /var/etc/libvirt - - - - -
|
|||
EOF
|
||||
fi
|
||||
|
||||
. "${BASEDIR}"/quirks/nss.sh
|
||||
|
||||
#---------------
|
||||
# resolv.conf
|
||||
ln -fsrn "$sysroot"/run/NetworkManager/resolv.conf "$sysroot"/etc/resolv.conf
|
||||
|
|
@ -354,10 +379,12 @@ mv "$sysroot"/etc/adjtime "$sysroot"/usr/share/factory/var/adjtime
|
|||
ln -fsnr "$sysroot"/var/adjtime "$sysroot"/etc/adjtime
|
||||
|
||||
sed -i -e 's#/etc/locale.conf#/var/locale.conf#g;s#/etc/vconsole.conf#/var/vconsole.conf#g' "$sysroot"/usr/lib/systemd/systemd-localed
|
||||
sed -i -e 's#/etc/adjtime#/var/adjtime#g;s#/etc/localtime#/var/localtime#g' "$sysroot"/usr/lib/systemd/systemd-timedated
|
||||
sed -i -e 's#/etc/adjtime#/var/adjtime#g;s#/etc/localtime#/var/localtime#g' \
|
||||
"$sysroot"/usr/lib/systemd/systemd-timedated \
|
||||
"$sysroot"/usr/lib/systemd/libsystemd-shared*.so
|
||||
|
||||
sed -i -e 's#ReadWritePaths=/etc#ReadWritePaths=/var#g' /lib/systemd/system/systemd-localed.service
|
||||
sed -i -e 's#ReadWritePaths=/etc#ReadWritePaths=/var#g' /lib/systemd/system/systemd-timedated.service
|
||||
sed -i -e 's#ReadWritePaths=/etc#ReadWritePaths=/var#g' "$sysroot"/lib/systemd/system/systemd-localed.service
|
||||
sed -i -e 's#ReadWritePaths=/etc#ReadWritePaths=/var#g' "$sysroot"/lib/systemd/system/systemd-timedated.service
|
||||
|
||||
cat >> "$sysroot"/usr/lib/tmpfiles.d/00-basics.conf <<EOF
|
||||
C /var/hostname - - - - -
|
||||
|
|
@ -383,6 +410,7 @@ fi
|
|||
# autofs
|
||||
if [[ -f "$sysroot"/etc/autofs.conf ]]; then
|
||||
mkdir -p "$sysroot"/net
|
||||
systemctl --root "$sysroot" enable autofs
|
||||
fi
|
||||
|
||||
#---------------
|
||||
|
|
@ -425,7 +453,7 @@ chroot "$sysroot" bash -c 'for i in $(find -H /var -xdev -type d); do grep " $i
|
|||
cp -avxr "$sysroot"/var/* "$sysroot"/usr/share/factory/data/var/
|
||||
rm -fr "$sysroot"/usr/share/factory/var/{run,lock}
|
||||
|
||||
chroot "$sysroot" bash -c 'for i in $(find -H /var -xdev -type d); do echo "C /data$i - - - - -"; done > /usr/lib/tmpfiles.d/var-quirk.conf; :'
|
||||
chroot "$sysroot" bash -c 'for i in $(find -H /var -xdev -type d); do echo "C $i - - - - -"; done > /usr/lib/tmpfiles.d/var-quirk.conf; :'
|
||||
mv "$sysroot"/lib/tmpfiles.d-var.conf "$sysroot"/lib/tmpfiles.d/var.conf
|
||||
|
||||
sed -i -e "s#VERSION_ID=.*#VERSION_ID=$VERSION_ID#" "$sysroot"/etc/os-release
|
||||
|
|
@ -435,7 +463,8 @@ mv -v "$sysroot"/boot/*/*/initrd "$MY_TMPDIR"/
|
|||
mv -v "$sysroot"/lib/modules/*/vmlinuz "$MY_TMPDIR"/linux
|
||||
rm -fr "$sysroot"/{boot,root}
|
||||
ln -sfnr "$sysroot"/data/root "$sysroot"/root
|
||||
rm -fr "$sysroot"/etc/yum.repos.d/*
|
||||
mkdir -p "$sysroot"/usr/etc
|
||||
mv "$sysroot"/etc/yum.repos.d "$sysroot"/usr/etc/yum.repos.d
|
||||
mkdir "$sysroot"/efi
|
||||
rm -fr "$sysroot"/var/*
|
||||
rm -fr "$sysroot"/home/*
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@ chroot "$sysroot" bash -c 'useradd -G wheel admin'
|
|||
egrep -e '^(adm|wheel):.*' "$sysroot"/etc/group > "$sysroot"/etc/group.admin
|
||||
egrep -e '^(adm|wheel):.*' "$sysroot"/etc/gshadow > "$sysroot"/etc/gshadow.admin
|
||||
|
||||
sed -i -e 's#:/root:#:/var/root:#g' "$sysroot"/etc/passwd
|
||||
|
||||
sed -i -e '/^wheel:.*/d;/^adm:.*/d' "$sysroot"/etc/group "$sysroot"/etc/gshadow
|
||||
sed -i -e '/^admin:.*/d' "$sysroot"/etc/passwd "$sysroot"/etc/shadow "$sysroot"/etc/group "$sysroot"/etc/gshadow
|
||||
|
||||
|
|
@ -40,13 +42,18 @@ mkdir -p "$sysroot"/usr/share/factory/home
|
|||
cp -avxr "$sysroot"/etc/skel "$sysroot"/usr/share/factory/home/admin
|
||||
chown -R +1000.+1000 "$sysroot"/usr/share/factory/home/admin
|
||||
|
||||
mkdir -p "$sysroot"/usr/share/factory/var/root
|
||||
cp -avxr "$sysroot"/etc/skel "$sysroot"/usr/share/factory/var/root
|
||||
chown -R +0.+0 "$sysroot"/usr/share/factory/var/root
|
||||
|
||||
cat > "$sysroot"/usr/lib/tmpfiles.d/home.conf <<EOF
|
||||
C /data/home/admin - - - - -
|
||||
C /data/var/passwd - - - - -
|
||||
C /data/var/shadow - - - - -
|
||||
C /data/var/group - - - - -
|
||||
C /data/var/gshadow - - - - -
|
||||
C /data/var/subuid - - - - -
|
||||
C /data/var/subgid - - - - -
|
||||
C /data/var/etc - - - - -
|
||||
C /home/admin - - - - -
|
||||
C /var/root - - - - -
|
||||
C /var/passwd - - - - -
|
||||
C /var/shadow - - - - -
|
||||
C /var/group - - - - -
|
||||
C /var/gshadow - - - - -
|
||||
C /var/subuid - - - - -
|
||||
C /var/subgid - - - - -
|
||||
C /var/etc - - - - -
|
||||
EOF
|
||||
|
|
|
|||
|
|
@ -13,11 +13,11 @@ CURRENT_HASH_UUID=${CURRENT_ROOT_HASH:0:8}-${CURRENT_ROOT_HASH:8:4}-${CURRENT_RO
|
|||
|
||||
[[ /dev/disk/by-partlabel/root1 -ef /dev/disk/by-partuuid/${CURRENT_ROOT_UUID} ]] \
|
||||
&& [[ /dev/disk/by-partlabel/ver1 -ef /dev/disk/by-partuuid/${CURRENT_HASH_UUID} ]] \
|
||||
&& NEW_ROOT_NUM=2
|
||||
&& NEW_ROOT_NUM=2 && OLD_ROOT_NUM=1
|
||||
|
||||
[[ /dev/disk/by-partlabel/root2 -ef /dev/disk/by-partuuid/${CURRENT_ROOT_UUID} ]] \
|
||||
&& [[ /dev/disk/by-partlabel/ver2 -ef /dev/disk/by-partuuid/${CURRENT_HASH_UUID} ]] \
|
||||
&& NEW_ROOT_NUM=1
|
||||
&& NEW_ROOT_NUM=1 && OLD_ROOT_NUM=2
|
||||
|
||||
if ! [[ $NEW_ROOT_NUM ]]; then
|
||||
echo "Current partitions booted from not found!"
|
||||
|
|
@ -79,6 +79,9 @@ sfdisk --part-uuid ${ROOT_DEV} ${ROOT_PARTNO} ${ROOT_UUID}
|
|||
mkdir -p /efi/EFI/${NAME}
|
||||
cp bootx64.efi /efi/EFI/${NAME}/${NEW_ROOT_NUM}.efi
|
||||
|
||||
# better swap prio with efibootmgr
|
||||
mv /efi/EFI/${NAME}/${OLD_ROOT_NUM}.efi /efi/EFI/${NAME}/_${OLD_ROOT_NUM}.efi
|
||||
|
||||
## unless proper boot entries set, just force copy to default boot loader
|
||||
cp bootx64.efi /efi/EFI/Boot/new_bootx64.efi
|
||||
mv --backup=simple /efi/EFI/Boot/new_bootx64.efi /efi/EFI/Boot/bootx64.efi
|
||||
|
|
|
|||
Loading…
Reference in a new issue