diff --git a/lorax-templates-qubes/templates/runtime-cleanup.tmpl b/lorax-templates-qubes/templates/runtime-cleanup.tmpl index 06e5957..6709574 100644 --- a/lorax-templates-qubes/templates/runtime-cleanup.tmpl +++ b/lorax-templates-qubes/templates/runtime-cleanup.tmpl @@ -20,7 +20,8 @@ removefrom ${product.name}-logos /usr/share/plymouth/* ## We also need dracut-shutdown.service and dracut-initramfs-restore to reboot removefrom dracut --allbut /usr/lib/dracut/modules.d/30convertfs/convertfs.sh \ /usr/lib/dracut/modules.d/99base/dracut-lib.sh \ - /usr/lib/systemd/* /usr/lib/dracut/dracut-initramfs-restore + /usr/lib/systemd/* /usr/lib/dracut/modules.d/98systemd/*.service \ + /usr/lib/dracut/dracut-initramfs-restore ## we don't run SELinux (not in enforcing, anyway) removepkg checkpolicy selinux-policy libselinux-utils ## anaconda has its own repo files @@ -49,13 +50,13 @@ removefrom isomd5sum --allbut /usr/bin/checkisomd5 removepkg avahi-autoipd coreutils-libs curl dash db4-utils diffutils file removepkg genisoimage gnome-python2 info iptables removepkg jasper-libs libXt libXxf86misc -removepkg libasyncns libdaemon libhbaapi libhbalinux +removepkg libasyncns libhbaapi libhbalinux removepkg libmcpp libpcap libtiff libutempter linux-atm-libs removepkg lvm2-libs m4 mailx makebootfat mcpp removepkg mingetty mobile-broadband-provider-info pkgconfig ppp pth removepkg rmt rpcbind squashfs-tools system-config-firewall-base removepkg tigervnc-license ttmkfdir xml-common xorg-x11-font-utils -removepkg xorg-x11-server-common yum-utils +removepkg xorg-x11-server-common yum-utils firewalld ## other removals remove /boot /home /media /opt /srv /tmp/* @@ -164,12 +165,10 @@ removefrom dbus-glib /usr/bin/* removefrom dbus-x11 /etc/X11/* removefrom dejavu-sans-fonts --allbut *.conf */DejaVuSans{,-Bold}.ttf removefrom dejavu-sans-mono-fonts --allbut *.conf */DejaVuSansMono.ttf -removefrom device-mapper-multipath /etc/* /sbin/mpathconf /sbin/multipathd /lib/udev/rules.d/62-multipath.rules removefrom dhclient /usr/lib/* /usr/share/* removefrom dnsmasq /etc/rc.d/* /usr/sbin/* removefrom dump /etc/* removefrom elfutils-libelf /usr/share/locale/* -removefrom ethtool /usr/sbin/* removefrom expat /usr/bin/* removefrom fcoe-utils /etc/rc.d/* /usr/libexec/fcoe/dcbcheck.sh removefrom fcoe-utils /usr/libexec/fcoe/fcc.sh /usr/libexec/fcoe/fcoe-setup.sh @@ -177,8 +176,6 @@ removefrom fcoe-utils /usr/libexec/fcoe/fcoedump.sh /usr/sbin/fcnsq removefrom fcoe-utils /usr/sbin/fcoeadm /usr/sbin/fcping /usr/sbin/fcrls removefrom file-libs /usr/share/* removefrom findutils /usr/bin/oldfind /usr/share/* -removefrom firstboot /lib/systemd/* /usr/sbin/* /usr/share/firstboot/* -removefrom firstboot /usr/share/locale/* removefrom fontconfig /usr/bin/* removefrom gawk /usr/bin/{igawk,pgawk} /usr/libexec/* /usr/share/* removefrom gdisk /usr/share/* @@ -242,7 +239,6 @@ removefrom librsvg2 /usr/bin/* removefrom libselinux /usr/sbin/* removefrom libsemanage /etc/selinux/* removefrom libstdc++ /usr/share/* -removefrom libthai /usr/share/libthai/* removefrom libuser /usr/bin/* /usr/sbin/* /usr/share/locale/* removefrom libvorbis /usr/${libdir}/libvorbisenc.* removefrom libxml2 /usr/bin/* @@ -250,7 +246,6 @@ removefrom libxml2-python /usr/${libdir}/python?.?/site-packages/libxml2mod.a removefrom libxml2-python /usr/${libdir}/python?.?/site-packages/libxml2mod.la removefrom lldpad /etc/* /usr/sbin/lldptool removefrom lua /usr/bin/* -removefrom lvm2 /etc/* removefrom madan-fonts /usr/share/fonts/madan/* removefrom mdadm /etc/* removefrom module-init-tools /etc/* /usr/sbin/insmod.static /usr/sbin/weak-modules @@ -282,8 +277,8 @@ removefrom nss-softokn /usr/${libdir}/nss/* removefrom openldap /etc/openldap/* /usr/${libdir}/libldap_r-* removefrom openssh /etc/ssh/* /usr/libexec/* removefrom openssh-clients /etc/ssh/* /usr/bin/slogin /usr/bin/ssh-* -removefrom openssh-clients /usr/${libdir}/* /usr/libexec/* -removefrom openssh-server /etc/ssh/* /usr/${libdir}/* /usr/libexec/* +removefrom openssh-clients /usr/libexec/* +removefrom openssh-server /etc/ssh/* /usr/libexec/* removefrom openssl /etc/pki/* /usr/bin/* /usr/${libdir}/openssl/* removefrom pam /usr/sbin/* /usr/share/locale/* removefrom pciutils /usr/sbin/* @@ -316,19 +311,17 @@ removefrom sysvinit-tools /usr/bin/* removefrom tar /usr/share/locale/* removefrom usbutils /usr/bin/* removefrom util-linux --allbut \ - /usr/bin/{dmesg,kill,login,lsblk,more,mount,umount,mountpoint} \ + /usr/bin/{dmesg,getopt,kill,login,lsblk,more,mount,umount,mountpoint} \ /etc/mtab /etc/pam.d/login /etc/pam.d/remote \ /usr/sbin/{agetty,blkid,blockdev,clock,fdisk,fsck,fstrim,hwclock,losetup} \ - /usr/sbin/{mkswap,nologin,sfdisk,swapoff,swapon,wipefs} \ + /usr/sbin/{mkswap,nologin,sfdisk,swapoff,swapon,wipefs,partx} \ /usr/bin/logger removefrom volume_key-libs /usr/share/locale/* removefrom wget /etc/* /usr/share/locale/* -removefrom xkeyboard-config /usr/share/locale/* removefrom xorg-x11-drv-intel /usr/${libdir}/libI* removefrom xorg-x11-drv-openchrome /usr/${libdir}/libchrome* removefrom xorg-x11-drv-synaptics /usr/bin/* removefrom xorg-x11-drv-wacom /usr/bin/* -removefrom xorg-x11-fonts-ethiopic /etc/X11/* /usr/share/X11/fonts/OTF/* removefrom xorg-x11-fonts-misc --allbut /usr/share/X11/fonts/misc/{6x13,encodings,fonts,*cursor}* removefrom xorg-x11-server-utils --allbut /usr/bin/xrandr /usr/share/X11/rgb.txt removefrom yum /etc/* /usr/share/locale/* /usr/share/yum-cli/* diff --git a/lorax-templates-qubes/templates/runtime-install.tmpl b/lorax-templates-qubes/templates/runtime-install.tmpl index 50f3c62..55959ae 100644 --- a/lorax-templates-qubes/templates/runtime-install.tmpl +++ b/lorax-templates-qubes/templates/runtime-install.tmpl @@ -34,8 +34,11 @@ installpkg xen-hypervisor %if basearch == "i386": installpkg kernel-PAE gpart %endif +%if basearch == "x86_64": + installpkg efibootmgr grub2-efi shim shim-unsigned +%endif %if basearch in ("i386", "x86_64"): - installpkg grub2 grub2-tools shim grub2-efi efibootmgr biosdevname memtest86+ + installpkg grub2 grub2-tools shim grub2-efi efibootmgr biosdevname memtest86+ syslinux %endif %if basearch in ("ppc", "ppc64"): installpkg grub2 grub2-tools yaboot fbset hfsutils kernel-bootwrapper ppc64-utils @@ -51,7 +54,7 @@ installpkg xen-hypervisor installpkg plymouth ## extra dracut modules -installpkg dracut-network anaconda-dracut +installpkg anaconda-dracut dracut-network dracut-config-generic ## fedup-dracut handles upgrades ##installpkg fedup-dracut fedup-dracut-plymouth *-fedup-dracut @@ -85,22 +88,30 @@ installpkg python-imaging ## filesystem tools installpkg btrfs-progs jfsutils xfsprogs reiserfs-utils gfs2-utils ntfs-3g ntfsprogs installpkg python-volume_key volume_key +installpkg system-storage-manager +installpkg device-mapper-persistent-data ## SELinux support installpkg selinux-policy-targeted audit libsemanage-python ## network tools/servers installpkg python-ethtool ethtool openssh-server nfs-utils -installpkg tigervnc-server-minimal tigervnc-server-module -installpkg chrony rdate +installpkg tigervnc-server-minimal +%if basearch != "s390x": +installpkg tigervnc-server-module +%endif +installpkg net-tools ## hardware utilities/libraries -installpkg pciutils pcmciautils usbutils -installpkg mt-st hdparm smartmontools +installpkg pciutils usbutils +installpkg mt-st smartmontools +%if basearch != "s390x": +installpkg hdparm pcmciautils +%endif installpkg libmlx4 ## translations & language packs -##installpkg yum-langpacks specspo +installpkg yum-langpacks ## fonts & themes installpkg bitmap-fangsongti-fonts @@ -115,7 +126,8 @@ installpkg smc-meera-fonts installpkg thai-scalable-waree-fonts installpkg vlgothic-fonts installpkg wqy-microhei-fonts -installpkg xorg-x11-fonts-ethiopic xorg-x11-fonts-misc +installpkg sil-abyssinica-fonts +installpkg xorg-x11-fonts-misc installpkg gnome-themes-standard gnome-icon-theme-legacy ## debugging/bug reporting tools diff --git a/lorax-templates-qubes/templates/runtime-postinstall.tmpl b/lorax-templates-qubes/templates/runtime-postinstall.tmpl index d212446..ad48624 100644 --- a/lorax-templates-qubes/templates/runtime-postinstall.tmpl +++ b/lorax-templates-qubes/templates/runtime-postinstall.tmpl @@ -22,19 +22,26 @@ move etc/yum.repos.d etc/anaconda.repos.d remove etc/systemd/system/default.target symlink /lib/systemd/system/anaconda.target etc/systemd/system/default.target +## Make sure tmpfs is enabled +mkdir etc/systemd/system/local-fs.target.wants/ +symlink /lib/systemd/system/tmp.mount etc/systemd/system/local-fs.target.wants/tmp.mount + ## Disable unwanted systemd services systemctl disable systemd-readahead-collect.service \ systemd-readahead-replay.service \ mdmonitor.service \ + mdmonitor-takeover.service \ NetworkManager.service \ lvm2-monitor.service ## These services can't be disabled normally (they're linked into place in ## /usr/lib/systemd rather than /etc/systemd), so we have to mask them. systemctl mask fedora-configure.service fedora-loadmodules.service \ - fedora-storage-init.service fedora-storage-init-late.service \ fedora-autorelabel.service fedora-autorelabel-mark.service \ fedora-wait-storage.service media.mount +## Don't write the journal to the overlay, just keep it in RAM +remove var/log/journal + ## install some basic configuration files append etc/resolv.conf "" append etc/fstab "" @@ -88,6 +95,10 @@ gconfset /apps/metacity/global_keybindings/switch_windows string disabled gconfset /desktop/gnome/interface/accessibility bool true gconfset /desktop/gnome/interface/at-spi-corba bool true +## Make sure we have a GTK theme +mkdir etc/gtk-3.0/ +copy usr/share/gtk-3.0/settings.ini etc/gtk-3.0/ + ## Some settings are controlled by gsettings now. install ${configdir}/org.gnome.desktop.wm.keybindings.gschema.override usr/share/glib-2.0/schemas runcmd chroot ${root} glib-compile-schemas /usr/share/glib-2.0/schemas @@ -106,4 +117,8 @@ append etc/depmod.d/dd.conf "search updates built-in" append etc/dracut.conf.d/extra-install-modules.conf "add_drivers+=' ehci-pci '" append etc/dracut.conf.d/extra-install-modules.conf "omit_dracutmodules+=' multipath '" +## make lvm auto-activate +remove etc/lvm/* +append etc/lvm/lvm.conf "global {\n\tuse_lvmetad = 1\n}\n" + ## TODO: we could run prelink here if we wanted?