From 2f6d43569e25dea5a090773b6a9d36e10f3640c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 9 Jan 2017 04:17:38 +0100 Subject: [PATCH] lorax-templates-qubes: update based on new upstream version QubesOS/qubes-issues#2574 --- .../common/92-anaconda-loglevel-debug.conf | 2 + .../templates/config_files/common/i18n | 2 +- .../org.gtk.Settings.Debug.gschema.override | 2 + .../config_files/common/rsyslog.conf | 54 ++++++++++++-- .../config_files/common/vconsole.conf | 2 +- .../templates/runtime-cleanup.tmpl | 73 +++++++++---------- .../templates/runtime-install.tmpl | 11 ++- .../templates/runtime-postinstall.tmpl | 30 ++++---- 8 files changed, 113 insertions(+), 63 deletions(-) create mode 100644 lorax-templates-qubes/templates/config_files/common/92-anaconda-loglevel-debug.conf create mode 100644 lorax-templates-qubes/templates/config_files/common/org.gtk.Settings.Debug.gschema.override diff --git a/lorax-templates-qubes/templates/config_files/common/92-anaconda-loglevel-debug.conf b/lorax-templates-qubes/templates/config_files/common/92-anaconda-loglevel-debug.conf new file mode 100644 index 0000000..6a6535d --- /dev/null +++ b/lorax-templates-qubes/templates/config_files/common/92-anaconda-loglevel-debug.conf @@ -0,0 +1,2 @@ +[logging] +level=DEBUG diff --git a/lorax-templates-qubes/templates/config_files/common/i18n b/lorax-templates-qubes/templates/config_files/common/i18n index 5366b7f..b254232 100644 --- a/lorax-templates-qubes/templates/config_files/common/i18n +++ b/lorax-templates-qubes/templates/config_files/common/i18n @@ -1 +1 @@ -SYSFONT="latarcyrheb-sun16" +SYSFONT="eurlatgr" diff --git a/lorax-templates-qubes/templates/config_files/common/org.gtk.Settings.Debug.gschema.override b/lorax-templates-qubes/templates/config_files/common/org.gtk.Settings.Debug.gschema.override new file mode 100644 index 0000000..fcedd1b --- /dev/null +++ b/lorax-templates-qubes/templates/config_files/common/org.gtk.Settings.Debug.gschema.override @@ -0,0 +1,2 @@ +[org.gtk.Settings.Debug] + enable-inspector-keybinding=true diff --git a/lorax-templates-qubes/templates/config_files/common/rsyslog.conf b/lorax-templates-qubes/templates/config_files/common/rsyslog.conf index e568e53..94b180c 100644 --- a/lorax-templates-qubes/templates/config_files/common/rsyslog.conf +++ b/lorax-templates-qubes/templates/config_files/common/rsyslog.conf @@ -1,7 +1,24 @@ +# rsyslog configuration file + +# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html +# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html + #### MODULES #### -$ModLoad imuxsock.so # provides support for local system logging + +# The imjournal module bellow is now used as a message source instead of imuxsock. +$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $SystemLogRateLimitInterval 0 # disables message dropping, we need all of them -$ModLoad imklog.so # provides kernel logging support +$ModLoad imjournal # provides access to the systemd journal +$ModLoad imklog # reads kernel messages (the same are read from journald) +#$ModLoad immark # provides --MARK-- message capability + +# Provides UDP syslog reception +#$ModLoad imudp +#$UDPServerRun 514 + +# Provides TCP syslog reception +#$ModLoad imtcp +#$InputTCPServerRun 514 $ModLoad imfile $InputFileName /tmp/X.log @@ -15,10 +32,29 @@ $InputFileStateFile anaconda-tb-statefile $InputFileFacility local1 $InputRunFileMonitor + #### GLOBAL DIRECTIVES #### + +# Where to place auxiliary files +#$WorkDirectory /var/lib/rsyslog + # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat +# File syncing capability is disabled by default. This feature is usually not required, +# not useful and an extreme performance hit +#$ActionFileEnableSync on + +# Include all config files in /etc/rsyslog.d/ +$IncludeConfig /etc/rsyslog.d/*.conf + +# Turn off message reception via local log socket; +# local messages are retrieved through imjournal now. +$OmitLocalLogging on + +# File to store the position in the journal +$IMJournalStateFile imjournal.state + #### TEMPLATES #### $template anaconda_tty4, "%syslogseverity-text:::uppercase% %programname%:%msg%\n" @@ -26,24 +62,32 @@ $template anaconda_syslog, "%timestamp:8:$:date-rfc3164%,%timestamp:1:3:date-sub $template virtio_ForwardFormat, "<%PRI%>%TIMESTAMP:::date-rfc3339% localhost %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%\n" #### RULES #### + # log everything except anaconda-specific records from local1 (those are stored # directly into files via python logging) + +# discard messages from dracut regenerating initrd +:programname,isequal,"dracut" ~ + *.*;\ authpriv.none;\ local1.none /tmp/syslog;anaconda_syslog & /dev/tty4;anaconda_tty4 + # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple # forwarding rules, duplicate the whole block! +# Remote Logging (we use TCP for reliable delivery) # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. +#$ActionQueueFileName fwdRule1 # unique name prefix for spool files $ActionQueueMaxDiskSpace 1m # space limit (use as much as possible) $ActionQueueSaveOnShutdown off # do not save messages to disk on shutdown -$ActionQueueType LinkedList # run asynchronously -$ActionResumeRetryCount -1 # infinite retries if host is down +#$ActionQueueType LinkedList # run asynchronously +#$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional +#*.* @@remote-host:514 # ### end of the forwarding rule ### - diff --git a/lorax-templates-qubes/templates/config_files/common/vconsole.conf b/lorax-templates-qubes/templates/config_files/common/vconsole.conf index d32efd5..2bd7892 100644 --- a/lorax-templates-qubes/templates/config_files/common/vconsole.conf +++ b/lorax-templates-qubes/templates/config_files/common/vconsole.conf @@ -1,2 +1,2 @@ KEYMAP=us -SYSFONT="latarcyrheb-sun16" +FONT=eurlatgr diff --git a/lorax-templates-qubes/templates/runtime-cleanup.tmpl b/lorax-templates-qubes/templates/runtime-cleanup.tmpl index c1ac4c9..ada8412 100644 --- a/lorax-templates-qubes/templates/runtime-cleanup.tmpl +++ b/lorax-templates-qubes/templates/runtime-cleanup.tmpl @@ -11,11 +11,7 @@ remove usr/share/i18n removepkg perl* %endif ## no sound support, thanks -## ...except alsa-libs, which are needed by spice-vdagent -removepkg alsa-*firmware* flac gstreamer-tools libsndfile pulseaudio* sound-theme-freedesktop -removepkg midisport-firmware -## no fancy video, either -removepkg libcrystalhd crystalhd-firmware ivtv-firmware cx18-firmware +removepkg flac gstreamer-tools libsndfile pulseaudio* sound-theme-freedesktop ## we don't create new initramfs/bootloader conf inside anaconda ## (that happens inside the target system after we install dracut/grubby) removepkg dracut-network grubby anaconda-dracut @@ -69,7 +65,7 @@ removepkg avahi-autoipd coreutils-libs dash db4-utils diffutils file removepkg genisoimage info iptables removepkg jasper-libs libXxf86misc removepkg libasyncns libhbaapi libhbalinux -removepkg libmcpp libpcap libtiff libutempter linux-atm-libs +removepkg libmcpp libpcap libtiff linux-atm-libs removepkg lvm2-libs m4 mailx makebootfat mcpp removepkg mingetty mobile-broadband-provider-info pkgconfig ppp pth removepkg rmt rpcbind squashfs-tools system-config-firewall-base @@ -86,7 +82,9 @@ remove /usr/share/mime/multipart /usr/share/mime/packages /usr/share/mime/text remove /usr/share/mime/video /usr/share/mime/x-content /usr/share/mime/x-epoc remove /var/db /var/games /var/tmp /var/yp /var/nis /var/opt /var/local remove /var/mail /var/spool /var/preserve /var/report -remove /var/lib/rpm/* /var/lib/yum +remove /var/lib/rpm/* /var/lib/yum /var/lib/dnf +## clean up the files created by various '> /dev/null's +remove /dev/* ## icons cache remove /usr/share/icons/*/icon-theme.cache @@ -95,7 +93,7 @@ remove /usr/share/icons/*/icon-theme.cache removekmod sound drivers/media drivers/hwmon \ net/atm net/bluetooth net/sched net/sctp \ net/rds net/l2tp net/decnet net/netfilter net/ipv4 net/ipv6 \ - drivers/watchdog drivers/target drivers/rtc drivers/input/joystick \ + drivers/watchdog drivers/rtc drivers/input/joystick \ drivers/bluetooth drivers/edac drivers/staging \ drivers/usb/serial drivers/usb/host drivers/usb/misc \ fs/ocfs2 fs/ceph fs/nfsd fs/ubifs fs/nilfs2 \ @@ -106,24 +104,8 @@ removekmod sound drivers/media drivers/hwmon \ removekmod drivers/char --allbut virtio_console hw_random \ virtio-rng ipmi removekmod drivers/hid --allbut hid-logitech-dj hid-logitech-hidpp -removekmod drivers/video --allbut hyperv_fb +removekmod drivers/video --allbut hyperv_fb syscopyarea sysfillrect sysimgblt fb_sys_fops remove lib/modules/*/{build,source,*.map} -## Need to keep virtio_console.ko and ipmi stuff in drivers/char -## Also keep virtio-rng so that the installer can get sufficient randomness for -## LUKS setup. -runcmd chroot ${root} find /lib/modules \ - -regex ".*/kernel/drivers/char/.*" \ - \! -name virtio_console.ko\* \ - \! -name hw_random \ - \! -name virtio-rng.ko\* \ - \! -name ipmi\* \ - -delete -# Remove all of drivers/hid except for logitech modules. -runcmd chroot ${root} find /lib/modules \ - -regex ".*/kernel/drivers/hid/.*" \ - \! -name hid-logitech-hidpp.ko\* \ - \! -name hid-logitech-dj.ko\* \ - -delete ## NOTE: depmod gets re-run after cleanup finishes ## remove unused themes, theme engines, icons, etc. @@ -171,7 +153,7 @@ removefrom coreutils /usr/bin/expand /usr/bin/factor removefrom coreutils /usr/bin/fold /usr/bin/groups /usr/bin/hostid removefrom coreutils /usr/bin/install /usr/bin/join /usr/bin/logname removefrom coreutils /usr/bin/mkfifo /usr/bin/nl /usr/bin/nohup /usr/bin/nproc -removefrom coreutils /usr/bin/paste /usr/bin/pathchk +removefrom coreutils /usr/bin/pathchk removefrom coreutils /usr/bin/pinky /usr/bin/pr /usr/bin/printenv removefrom coreutils /usr/bin/printf /usr/bin/ptx /usr/bin/runcon removefrom coreutils /usr/bin/sha224sum /usr/bin/sha384sum @@ -213,7 +195,7 @@ removefrom glibc /${libdir}/libSegFault* /${libdir}/libanl* removefrom glibc /${libdir}/libcidn* /${libdir}/libnss_compat* removefrom glibc /${libdir}/libnss_hesiod* /${libdir}/libnss_nis* # python-pyudev uses ctypes.util.find_library, which uses /sbin/ldconfig -removefrom glibc /${libdir}/libthread* /${libdir}/rtkaio* /sbin/sln +removefrom glibc /${libdir}/rtkaio* /sbin/sln removefrom glibc /usr/libexec/* /usr/sbin/* removefrom glibc-common /etc/* /usr/bin/catchsegv /usr/bin/gencat removefrom glibc-common /usr/bin/getent @@ -263,7 +245,7 @@ removefrom libvorbis /usr/${libdir}/libvorbisenc.* removefrom libxml2 /usr/bin/* removefrom libxml2-python /usr/${libdir}/python?.?/site-packages/libxml2mod.a removefrom libxml2-python /usr/${libdir}/python?.?/site-packages/libxml2mod.la -removefrom lldpad /etc/* /usr/sbin/lldptool +removefrom lldpad /etc/* removefrom lua /usr/bin/* removefrom madan-fonts /usr/share/fonts/madan/* removefrom mdadm /etc/* @@ -294,13 +276,12 @@ removefrom nfs-utils /var/lib/nfs/rmtab /var/lib/nfs/state /var/lib/nfs/xtab removefrom nhn-nanum-gothic-fonts /usr/share/fonts/nhn-nanum/NanumGothic*Bold.ttf removefrom nss-softokn /usr/${libdir}/nss/* removefrom openldap /etc/openldap/* /usr/${libdir}/libldap_r-* -removefrom openssh /etc/ssh/* /usr/libexec/* -removefrom openssh-clients /etc/ssh/* /usr/bin/slogin /usr/bin/ssh-* +removefrom openssh /usr/libexec/* +removefrom openssh-clients /etc/ssh/* /usr/bin/ssh-* removefrom openssh-clients /usr/libexec/* -removefrom openssh-server /etc/ssh/* /usr/libexec/* +removefrom openssh-server /etc/ssh/* /usr/libexec/openssh/sftp-server removefrom openssl /etc/pki/* /usr/bin/* /usr/${libdir}/openssl/* removefrom pam /usr/sbin/* /usr/share/locale/* -removefrom pciutils /usr/sbin/* removefrom policycoreutils /etc/* /usr/bin/* /usr/share/locale/* removefrom polkit /usr/bin/* removefrom polkit-desktop-policy /var/lib/* @@ -327,11 +308,11 @@ removefrom sysvinit-tools /usr/bin/* removefrom tar /usr/share/locale/* removefrom usbutils /usr/bin/* removefrom util-linux --allbut \ - /usr/bin/{dmesg,getopt,kill,login,lsblk,more,mount,umount,mountpoint} \ + /usr/bin/{dmesg,getopt,kill,login,lsblk,more,mount,umount,mountpoint,findmnt} \ /etc/mtab /etc/pam.d/login /etc/pam.d/remote \ /usr/sbin/{agetty,blkid,blockdev,clock,fdisk,fsck,fstrim,hwclock,losetup} \ - /usr/sbin/{mkswap,nologin,sfdisk,swapoff,swapon,wipefs,partx} \ - /usr/bin/{logger,hexdump} + /usr/sbin/{mkswap,nologin,sfdisk,swapoff,swapon,wipefs,partx,fsfreeze} \ + /usr/bin/{logger,hexdump,flock} removefrom volume_key-libs /usr/share/locale/* removefrom wget /etc/* /usr/share/locale/* removefrom xorg-x11-drv-intel /usr/${libdir}/libI* @@ -339,11 +320,11 @@ removefrom xorg-x11-drv-openchrome /usr/${libdir}/libchrome* removefrom xorg-x11-drv-synaptics /usr/bin/* removefrom xorg-x11-drv-wacom /usr/bin/* removefrom xorg-x11-fonts-misc --allbut /usr/share/X11/fonts/misc/{6x13,encodings,fonts,*cursor}* -removefrom xorg-x11-server-utils --allbut /usr/bin/xrandr /usr/share/X11/rgb.txt +removefrom xorg-x11-server-utils --allbut /usr/bin/xrandr /usr/share/X11/rgb.txt /usr/bin/xrdb removefrom yum /etc/* /usr/share/locale/* /usr/share/yum-cli/* removefrom ${product.name}-logos /etc/* removefrom ${product.name}-logos /usr/share/icons/{Bluecurve,oxygen}/* -removefrom ${product.name}-logos /usr/share/{gnome-screensaver,kde4,pixmaps}/* +removefrom ${product.name}-logos /usr/share/{firstboot,gnome-screensaver,kde4,pixmaps}/* ## cleanup_python_files() runcmd find ${root} -name "*.pyo" -type f -delete @@ -355,3 +336,21 @@ runcmd find ${root} -name "*.pyc" -type f -exec ln -sf /dev/null {} \; ## NOTE: Excluding /etc/mtab which links to /proc/self/mounts for systemd runcmd chroot ${root} find -L /etc /usr -xdev -type l -and \! -name "mtab" \ -printf "removing broken symbolic link %p -> %l\n" -delete + +## Clean up some of the mess pulled in by webkitgtk via yelp +## libwebkit2gtk links to a handful of libraries in gstreamer and +## gstreamer-plugins-base. Remove the rest of them. +removefrom gstreamer1 --allbut /usr/${libdir}/libgstbase-1.0.* \ + /usr/${libdir}/libgstreamer-1.0.* +removefrom gstreamer1-plugins-base --allbut \ + /usr/${libdir}/libgst{app,audio,fft,pbutils,tag,video}-1.0.* + +## We have enough geoip libraries, thanks +removepkg geoclue2 + +## And remove the packages that those extra libraries pulled in +removepkg cdparanoia-libs opus libtheora libvisual flac-libs gsm avahi-glib avahi-libs \ + ModemManager-glib + +## metacity requires libvorbis and libvorbisfile, but enc/dec are no longer needed +removefrom libvorbis --allbut /usr/${libdir}/libvorbisfile.* /usr/${libdir}/libvorbis.* diff --git a/lorax-templates-qubes/templates/runtime-install.tmpl b/lorax-templates-qubes/templates/runtime-install.tmpl index 09c2e26..15f28a6 100644 --- a/lorax-templates-qubes/templates/runtime-install.tmpl +++ b/lorax-templates-qubes/templates/runtime-install.tmpl @@ -22,10 +22,12 @@ installpkg grubby installpkg linux-firmware %endif installpkg xen-hypervisor +## install all of the glibc langpacks since otherwise we get no locales +installpkg glibc-all-langpacks ## arch-specific packages (bootloaders etc.) %if basearch == "aarch64": - installpkg efibootmgr grub2-efi grubby shim shim-unsigned + installpkg efibootmgr grub2-efi grub2-efi-modules grub2-tools shim shim-unsigned %endif %if basearch in ("arm", "armhfp"): installpkg kernel-lpae @@ -35,7 +37,7 @@ installpkg xen-hypervisor installpkg kernel-PAE gpart %endif %if basearch == "x86_64": - installpkg efibootmgr grub2-efi shim shim-unsigned + installpkg efibootmgr grub2-efi grub2-efi-modules shim shim-unsigned %endif %if basearch in ("i386", "x86_64"): installpkg grub2 grub2-tools memtest86+ syslinux syslinux-nonlinux @@ -107,9 +109,7 @@ installpkg mt-st smartmontools installpkg hdparm pcmciautils %endif installpkg libmlx4 rdma - -## translations & language packs -installpkg python3-dnf-langpacks +installpkg rng-tools ## fonts & themes installpkg bitmap-fangsongti-fonts @@ -141,7 +141,6 @@ installpkg qubes-artwork ## debugging/bug reporting tools installpkg gdb-gdbserver -installpkg python-epdb installpkg libreport-plugin-bugzilla libreport-plugin-reportuploader installpkg fpaste diff --git a/lorax-templates-qubes/templates/runtime-postinstall.tmpl b/lorax-templates-qubes/templates/runtime-postinstall.tmpl index b195ea7..65236cf 100644 --- a/lorax-templates-qubes/templates/runtime-postinstall.tmpl +++ b/lorax-templates-qubes/templates/runtime-postinstall.tmpl @@ -29,6 +29,10 @@ symlink /lib/systemd/system/anaconda.target etc/systemd/system/default.target mkdir etc/systemd/system/local-fs.target.wants/ symlink /lib/systemd/system/tmp.mount etc/systemd/system/local-fs.target.wants/tmp.mount +## Start rngd +mkdir etc/systemd/system/basic.target.wants/ +symlink /lib/systemd/system/rngd.service etc/systemd/system/basic.target.wants/rngd.service + ## Disable unwanted systemd services systemctl disable systemd-readahead-collect.service \ systemd-readahead-replay.service \ @@ -45,9 +49,11 @@ systemctl mask fedora-configure.service fedora-loadmodules.service \ systemd-tmpfiles-clean.service systemd-tmpfiles-clean.timer \ ldconfig.service -## Make logind activate anaconda-shell@.service on switch to empty VT -symlink anaconda-shell@.service lib/systemd/system/autovt@.service -replace "#ReserveVT=6" "ReserveVT=2" etc/systemd/logind.conf +## Remove the more terrible parts of systemd-tmpfiles. +## etc.conf is written with the assumption that /etc/ is empty, which is +## ridiculous, and it also creates a broken /etc/resolv.conf, which breaks +## networking. +remove usr/lib/tmpfiles.d/etc.conf ## Make logind activate anaconda-shell@.service on switch to empty VT symlink anaconda-shell@.service lib/systemd/system/autovt@.service @@ -69,6 +75,7 @@ install ${configdir}/spice-vdagentd etc/sysconfig mkdir etc/NetworkManager/conf.d install ${configdir}/91-anaconda-autoconnect-slaves.conf etc/NetworkManager/conf.d install ${configdir}/vconsole.conf etc +install ${configdir}/92-anaconda-loglevel-debug.conf etc/NetworkManager/conf.d ## disable NetworkManager install ${configdir}/NetworkManager.state var/lib/NetworkManager/NetworkManager.state @@ -85,19 +92,13 @@ append etc/shadow "install::14438:0:99999:7:::" ## remove root password replace "root:\*:" "root::" etc/shadow -## s390-specific setup -%if basearch in ("s390", "s390x"): - ## generate ssh keys - runcmd ssh-keygen -q -C "" -N "" -t rsa1 -f ${root}/etc/ssh/ssh_host_key - runcmd ssh-keygen -q -C "" -N "" -t rsa -f ${root}/etc/ssh/ssh_host_rsa_key - runcmd ssh-keygen -q -C "" -N "" -t dsa -f ${root}/etc/ssh/ssh_host_dsa_key - chmod etc/ssh/ssh_host*_key 600 - chmod etc/ssh/ssh_host*_key.pub 644 -%endif - ## gconf settings gconfset /desktop/gnome/interface/accessibility bool true +## gsettings settings +install ${configdir}/org.gtk.Settings.Debug.gschema.override usr/share/glib-2.0/schemas +runcmd chroot ${root} glib-compile-schemas /usr/share/glib-2.0/schemas + move usr/libexec/anaconda/auditd sbin ## for compatibility with Ancient Anaconda Traditions @@ -108,6 +109,9 @@ symlink ../run/install mnt/install ## create_depmod_conf() append etc/depmod.d/dd.conf "search updates built-in" +## create multipath.conf so multipath gets auto-started +append etc/multipath.conf "defaults {\n\tfind_multipaths yes\n\tuser_friendly_names yes\n}\n" + ## include additional modules in initramfs append etc/dracut.conf.d/extra-install-modules.conf "add_drivers+=' ehci-pci xhci-hcd xhci-pci '"