From 55337a39dd9ec2cc7f918a33aac5d1386d6cefb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 23 Mar 2015 00:24:16 +0100 Subject: [PATCH] lorax: update for Fedora 21 - part 1 --- .../config_files/common/bash_history | 3 ++ ...me.desktop.wm.keybindings.gschema.override | 14 ++++++ ...me.desktop.wm.preferences.gschema.override | 4 ++ .../config_files/common/sshd_config.anaconda | 3 -- .../templates/runtime-cleanup.tmpl | 46 +++++++++---------- .../templates/runtime-install.tmpl | 6 +-- .../templates/runtime-postinstall.tmpl | 25 ++++++++-- 7 files changed, 68 insertions(+), 33 deletions(-) create mode 100644 lorax-templates-qubes/templates/config_files/common/org.gnome.desktop.wm.preferences.gschema.override diff --git a/lorax-templates-qubes/templates/config_files/common/bash_history b/lorax-templates-qubes/templates/config_files/common/bash_history index 11ecdfc..a766df2 100644 --- a/lorax-templates-qubes/templates/config_files/common/bash_history +++ b/lorax-templates-qubes/templates/config_files/common/bash_history @@ -1,3 +1,4 @@ +kill -USR1 `cat /var/run/anaconda.pid` kill -USR2 `cat /var/run/anaconda.pid` kill -HUP `cat /var/run/anaconda.pid` udevadm info --export-db | less @@ -6,3 +7,5 @@ echo b > /proc/sysrq-trigger dmsetup table multipath -d HOME=/root chroot /mnt/sysimage bash -l -i +less /tmp/anaconda.log +grep -v _yum_lock /tmp/packaging.log diff --git a/lorax-templates-qubes/templates/config_files/common/org.gnome.desktop.wm.keybindings.gschema.override b/lorax-templates-qubes/templates/config_files/common/org.gnome.desktop.wm.keybindings.gschema.override index f0965a9..e84aaba 100644 --- a/lorax-templates-qubes/templates/config_files/common/org.gnome.desktop.wm.keybindings.gschema.override +++ b/lorax-templates-qubes/templates/config_files/common/org.gnome.desktop.wm.keybindings.gschema.override @@ -3,6 +3,8 @@ switch-to-workspace-right=[] switch-to-workspace-up=[] switch-to-workspace-down=[] + switch-to-workspace-1=[] + switch-to-workspace-last=[] switch-group=[] switch-windows=[] switch-panels=[] @@ -11,11 +13,23 @@ cycle-panels=[] activate-window-menu=[] toggle-maximized=[] + minimize=[] maximize=[] unmaximize=[] begin-move=[] begin-resize=[] + move-to-workspace-1=[] move-to-workspace-left=[] move-to-workspace-right=[] move-to-workspace-up=[] move-to-workspace-down=[] + move-to-workspace-last=[] + move-to-monitor-left=[] + move-to-monitor-right=[] + move-to-monitor-up=[] + move-to-monitor-down=[] + close=[] + panel-main-menu=[] + panel-run-dialog=[] + switch-applications=[] + switch-input-source=[] diff --git a/lorax-templates-qubes/templates/config_files/common/org.gnome.desktop.wm.preferences.gschema.override b/lorax-templates-qubes/templates/config_files/common/org.gnome.desktop.wm.preferences.gschema.override new file mode 100644 index 0000000..b499643 --- /dev/null +++ b/lorax-templates-qubes/templates/config_files/common/org.gnome.desktop.wm.preferences.gschema.override @@ -0,0 +1,4 @@ +[org.gnome.desktop.wm.preferences] + button-layout=':' + action-right-click-titlebar='none' + num-workspaces=1 diff --git a/lorax-templates-qubes/templates/config_files/common/sshd_config.anaconda b/lorax-templates-qubes/templates/config_files/common/sshd_config.anaconda index 088569d..39c0967 100644 --- a/lorax-templates-qubes/templates/config_files/common/sshd_config.anaconda +++ b/lorax-templates-qubes/templates/config_files/common/sshd_config.anaconda @@ -1,7 +1,4 @@ Port 22 -HostKey /etc/ssh/ssh_host_key -HostKey /etc/ssh/ssh_host_rsa_key -HostKey /etc/ssh/ssh_host_dsa_key PermitRootLogin yes IgnoreRhosts yes StrictModes yes diff --git a/lorax-templates-qubes/templates/runtime-cleanup.tmpl b/lorax-templates-qubes/templates/runtime-cleanup.tmpl index 62dc788..b2c48bd 100644 --- a/lorax-templates-qubes/templates/runtime-cleanup.tmpl +++ b/lorax-templates-qubes/templates/runtime-cleanup.tmpl @@ -12,6 +12,8 @@ remove usr/share/i18n ## no sound support, thanks removepkg alsa* flac gstreamer-tools libsndfile pulseaudio* sound-theme-freedesktop removepkg midisport-firmware +## no fancy video, either +removepkg libcrystalhd crystalhd-firmware ivtv-firmware cx18-firmware ## we don't create new initramfs/bootloader conf inside anaconda ## (that happens inside the target system after we install dracut/grubby) removepkg dracut-network grubby anaconda-dracut @@ -25,19 +27,18 @@ removefrom dracut --allbut /usr/lib/dracut/modules.d/30convertfs/convertfs.sh \ ## we don't run SELinux (not in enforcing, anyway) removepkg checkpolicy selinux-policy libselinux-utils ## anaconda has its own repo files -removepkg fedora-release fedora-release-rawhide +removefrom fedora-release --allbut /etc/os-release +removepkg fedora-release-rawhide ## no user accounts = no account management removepkg usermode usermode-gtk passwd shadow-utils ## no services to turn on/off (keep the /etc/init.d link though) removefrom chkconfig --allbut /etc/init.d -## we don't check GPG keys (hooray bug #998) -removepkg gnupg2 pinentry +## Miscellanous unnecessary gpg program +removepkg pinentry ## no printer/scanner support in anaconda removepkg cups-libs iscan-firmware ## no storage device monitoring removepkg device-mapper-event dmraid-events sgpio -## we don't (currently) support deltarpms in anaconda -removepkg deltarpm ## no notifications in anaconda removepkg notification-daemon ## logrotate isn't useful in anaconda @@ -47,9 +48,9 @@ remove /etc/logrotate.d removefrom isomd5sum --allbut /usr/bin/checkisomd5 ## various other things we remove to save space -removepkg avahi-autoipd coreutils-libs curl dash db4-utils diffutils file +removepkg avahi-autoipd coreutils-libs dash db4-utils diffutils file removepkg genisoimage gnome-python2 info iptables -removepkg jasper-libs libXt libXxf86misc +removepkg jasper-libs libXxf86misc removepkg libasyncns libhbaapi libhbalinux removepkg libmcpp libpcap libtiff libutempter linux-atm-libs removepkg lvm2-libs m4 mailx makebootfat mcpp @@ -76,7 +77,7 @@ remove /usr/share/icons/*/icon-theme.cache ## clean up kernel modules <% removekmods = """ -sound drivers/media drivers/hwmon drivers/video drivers/char +sound drivers/media drivers/hwmon drivers/video net/atm net/bluetooth net/sched net/sctp net/bridge net/rds net/l2tp net/decnet net/netfilter net/ipv4 net/ipv6 drivers/watchdog drivers/target drivers/rtc drivers/input/joystick @@ -90,6 +91,8 @@ arch/x86/kvm remove lib/modules/*/kernel/${kmodpath} %endfor remove lib/modules/*/{build,source,*.map} +## Need to keep virtio_console.ko and ipmi stuff in drivers/char +runcmd chroot ${root} find /lib/modules -regex ".*/kernel/drivers/char/.*" \! -name virtio_console.ko\* \! -name ipmi* -delete ## NOTE: depmod gets re-run after cleanup finishes ## do not include plymouth 'label' plugin (no text used in installer theme) @@ -113,7 +116,8 @@ removefrom metacity --allbut /usr/bin/* /usr/${libdir}/* /etc/* ## filesystem tools removefrom e2fsprogs /usr/share/locale/* -removefrom xfsprogs /usr/share/locale/* +removefrom xfsprogs /usr/share/locale/* /usr/share/doc/* /usr/share/man/* +removefrom xfsdump --allbut /usr/sbin/* ## other package specific removals removefrom GConf2 /etc/rpm/* /etc/xdg/* /usr/bin/* @@ -126,16 +130,12 @@ removefrom NetworkManager /usr/share/locale/*/NetworkManager.mo removefrom nm-connection-editor /usr/${libdir}/* removefrom nm-connection-editor /usr/share/applications/* removefrom anaconda /etc/* /usr/share/applications/* /usr/share/icons/* -removefrom at-spi /etc/xdg/* /usr/${libdir}/libcspi* -removefrom at-spi /usr/${libdir}/libloginhelper* /usr/share/locale/* removefrom atk /usr/share/locale/* removefrom audit /etc/* /sbin/audispd /sbin/auditctl /sbin/aureport removefrom audit /sbin/ausearch /sbin/autrace /usr/bin/* removefrom audit-libs /etc/* /${libdir}/libauparse* removefrom authconfig /usr/sbin/* /usr/share/* removefrom bash /etc/* /usr/bin/bashbug* /usr/share/* -removefrom bind-libs-lite /usr/${libdir}/libirs* -removefrom bind-libs-lite /usr/${libdir}/libisccfg-export* removefrom bind-utils /usr/bin/dig /usr/bin/host /usr/bin/nsupdate removefrom bitmap-fangsongti-fonts /usr/share/fonts/* removefrom ca-certificates /etc/pki/java/* @@ -144,14 +144,14 @@ removefrom cairo /usr/${libdir}/libcairo-script* removefrom coreutils /etc/* /usr/bin/link /usr/bin/nice /usr/bin/stty /usr/bin/su /usr/bin/unlink removefrom coreutils /usr/sbin/runuser /usr/bin/[ /usr/bin/base64 /usr/bin/chcon removefrom coreutils /usr/bin/cksum /usr/bin/comm /usr/bin/csplit -removefrom coreutils /usr/bin/dir /usr/bin/dircolors /usr/bin/dirname +removefrom coreutils /usr/bin/dir /usr/bin/dircolors removefrom coreutils /usr/bin/expand /usr/bin/factor removefrom coreutils /usr/bin/fold /usr/bin/groups /usr/bin/hostid removefrom coreutils /usr/bin/install /usr/bin/join /usr/bin/logname removefrom coreutils /usr/bin/mkfifo /usr/bin/nl /usr/bin/nohup /usr/bin/nproc -removefrom coreutils /usr/bin/od /usr/bin/paste /usr/bin/pathchk +removefrom coreutils /usr/bin/paste /usr/bin/pathchk removefrom coreutils /usr/bin/pinky /usr/bin/pr /usr/bin/printenv -removefrom coreutils /usr/bin/printf /usr/bin/ptx /usr/bin/runcon /usr/bin/seq +removefrom coreutils /usr/bin/printf /usr/bin/ptx /usr/bin/runcon removefrom coreutils /usr/bin/sha224sum /usr/bin/sha384sum removefrom coreutils /usr/bin/sha512sum /usr/bin/shuf /usr/bin/stat removefrom coreutils /usr/bin/stdbuf /usr/bin/sum /usr/bin/test @@ -161,7 +161,6 @@ removefrom coreutils /usr/bin/who /usr/bin/whoami /usr/bin/yes /usr/share/* removefrom cpio /usr/share/* removefrom cracklib /usr/sbin/* removefrom cracklib-dicts /usr/${libdir}/* /usr/sbin/* -removefrom createrepo /usr/bin/* /usr/share/* removefrom cryptsetup-luks /usr/share/* removefrom cyrus-sasl-lib /usr/sbin/* removefrom db4 /usr/* @@ -191,10 +190,11 @@ removefrom glibc /lib/*/nosegneg/* /${libdir}/libBrokenLocale* removefrom glibc /${libdir}/libSegFault* /${libdir}/libanl* removefrom glibc /${libdir}/libcidn* /${libdir}/libnss_compat* removefrom glibc /${libdir}/libnss_hesiod* /${libdir}/libnss_nis* -removefrom glibc /${libdir}/libthread* /${libdir}/rtkaio* /sbin/* +# python-pyudev uses ctypes.util.find_library, which uses /sbin/ldconfig +removefrom glibc /${libdir}/libthread* /${libdir}/rtkaio* /sbin/sln removefrom glibc /usr/libexec/* /usr/sbin/* removefrom glibc-common /etc/* /usr/bin/catchsegv /usr/bin/gencat -removefrom glibc-common /usr/bin/getconf /usr/bin/getent +removefrom glibc-common /usr/bin/getent removefrom glibc-common /usr/bin/locale /usr/bin/rpcgen /usr/bin/sprof removefrom glibc-common /usr/bin/tzselect /usr/bin/localedef removefrom glibc-common /usr/libexec/* /usr/sbin/* @@ -213,7 +213,6 @@ removefrom gstreamer /usr/bin/* /usr/${libdir}/gstreamer-0.10/* removefrom gstreamer /usr/${libdir}/libgst* /usr/libexec/* /usr/share/locale/* removefrom gtk2 /usr/bin/update-gtk-immodules removefrom gtk3 /usr/${libdir}/gtk-3.0/* -removefrom gtk3 /usr/${libdir}/libgailutil* removefrom gzip /usr/bin/{gzexe,zcmp,zdiff,zegrep,zfgrep,zforce,zgrep,zless,zmore,znew} removefrom hwdata /etc/* /usr/share/hwdata/oui.txt /usr/share/hwdata/pnp.ids removefrom hwdata /usr/share/hwdata/upgradelist @@ -228,7 +227,7 @@ removefrom libbonobo /usr/${libdir}/bonobo/monikers/* removefrom libbonobo /usr/${libdir}/orbit-2.0/Bonobo_module.so removefrom libcanberra /usr/${libdir}/libcanberra-* removefrom libcanberra-gtk2 /usr/${libdir}/gtk-2.0/* -removefrom libcanberra-gtk3 /usr/bin/* /usr/${libdir}/* +removefrom libcanberra-gtk3 /usr/bin/* removefrom libcap /usr/sbin/* removefrom libconfig /usr/${libdir}/libconfig++* removefrom libcroco /usr/bin/* @@ -297,12 +296,11 @@ removefrom procps /usr/bin/vmstat /usr/bin/w /usr/bin/watch removefrom psmisc /usr/share/locale/* removefrom pygtk2 /usr/bin/* /usr/${libdir}/pygtk/* removefrom pykickstart /usr/bin/* /usr/share/locale/* -removefrom python-bugzilla /usr/bin/* removefrom python-ethtool /usr/sbin/* removefrom python-meh /usr/share/locale/* removefrom readline /usr/${libdir}/* removefrom libreport /usr/bin/* /usr/share/locale/* -removefrom rpm /usr/bin/* /usr/lib/rpm/platform/* /usr/share/locale/* +removefrom rpm /usr/bin/* /usr/share/locale/* removefrom rsync /etc/* removefrom sed /usr/share/locale/* removefrom smartmontools /etc/* /usr/sbin/smartd @@ -319,7 +317,7 @@ removefrom util-linux --allbut \ /etc/mtab /etc/pam.d/login /etc/pam.d/remote \ /usr/sbin/{agetty,blkid,blockdev,clock,fdisk,fsck,fstrim,hwclock,losetup} \ /usr/sbin/{mkswap,nologin,sfdisk,swapoff,swapon,wipefs,partx} \ - /usr/bin/logger + /usr/bin/{logger,hexdump} removefrom volume_key-libs /usr/share/locale/* removefrom wget /etc/* /usr/share/locale/* removefrom xorg-x11-drv-intel /usr/${libdir}/libI* diff --git a/lorax-templates-qubes/templates/runtime-install.tmpl b/lorax-templates-qubes/templates/runtime-install.tmpl index f5b96ae..24af939 100644 --- a/lorax-templates-qubes/templates/runtime-install.tmpl +++ b/lorax-templates-qubes/templates/runtime-install.tmpl @@ -61,7 +61,7 @@ installpkg rpcbind ## required for dracut installpkg kbd kbd-misc ## required for anaconda-dracut (img-lib etc.) -installpkg tar xz curl +installpkg tar xz curl bzip2 ## basic system stuff installpkg systemd-sysv systemd-units @@ -99,7 +99,7 @@ installpkg tigervnc-server-module installpkg net-tools ## hardware utilities/libraries -installpkg pciutils usbutils +installpkg pciutils usbutils ipmitool installpkg mt-st smartmontools %if basearch != "s390x": installpkg hdparm pcmciautils @@ -136,7 +136,7 @@ installpkg fpaste installpkg vim-minimal strace lsof dump xz less eject installpkg wget rsync rsh bind-utils ftp mtr vconfig installpkg icfg spice-vdagent -installpkg gdisk +installpkg gdisk hexedit sg3_utils ## yum plugins installpkg yum-plugin-fastestmirror yum-langpacks diff --git a/lorax-templates-qubes/templates/runtime-postinstall.tmpl b/lorax-templates-qubes/templates/runtime-postinstall.tmpl index 6094334..8a530be 100644 --- a/lorax-templates-qubes/templates/runtime-postinstall.tmpl +++ b/lorax-templates-qubes/templates/runtime-postinstall.tmpl @@ -3,7 +3,7 @@ <%page args="root, basearch, libdir, configdir"/> <% -PYTHONDIR = glob("usr/"+libdir+"/python?.?")[0] +PYTHONDIR = sorted(glob("usr/"+libdir+"/python?.?"))[0] stubs = ("list-harddrives", "raidstart", "raidstop") configdir = configdir + "/common" %> @@ -18,6 +18,10 @@ move ${PYTHONDIR}/site-packages/pyanaconda/sitecustomize.py ${PYTHONDIR}/site-pa ## move_repos() move etc/yum.repos.d etc/anaconda.repos.d +## Setup mdadm config to turn off homehost +remove etc/mdadm.conf +append etc/mdadm.conf "HOMEHOST \n" + ## Configure systemd to start anaconda remove etc/systemd/system/default.target symlink /lib/systemd/system/anaconda.target etc/systemd/system/default.target @@ -32,13 +36,18 @@ systemctl disable systemd-readahead-collect.service \ mdmonitor.service \ mdmonitor-takeover.service \ NetworkManager.service \ - lvm2-monitor.service + lvm2-monitor.service \ + dnf-makecache.timer ## These services can't be disabled normally (they're linked into place in ## /usr/lib/systemd rather than /etc/systemd), so we have to mask them. systemctl mask fedora-configure.service fedora-loadmodules.service \ fedora-autorelabel.service fedora-autorelabel-mark.service \ fedora-wait-storage.service media.mount +## Make logind activate anaconda-shell@.service on switch to empty VT +symlink anaconda-shell@.service lib/systemd/system/autovt@.service +replace "#ReserveVT=6" "ReserveVT=2" etc/systemd/logind.conf + ## Don't write the journal to the overlay, just keep it in RAM remove var/log/journal @@ -101,6 +110,7 @@ copy usr/share/gtk-3.0/settings.ini etc/gtk-3.0/ ## Some settings are controlled by gsettings now. install ${configdir}/org.gnome.desktop.wm.keybindings.gschema.override usr/share/glib-2.0/schemas +install ${configdir}/org.gnome.desktop.wm.preferences.gschema.override usr/share/glib-2.0/schemas runcmd chroot ${root} glib-compile-schemas /usr/share/glib-2.0/schemas move usr/libexec/anaconda/auditd sbin @@ -119,7 +129,16 @@ append etc/dracut.conf.d/extra-install-modules.conf "add_drivers+=' ehci-pci xhc append etc/dracut.conf.d/extra-install-modules.conf "add_dracutmodules+=' livenet nfs img-lib convertfs ifcfg '" ## make lvm auto-activate -remove etc/lvm/* +remove etc/lvm/archive/* +remove etc/lvm/archive +remove etc/lvm/backup/* +remove etc/lvm/backup +remove etc/lvm/cache/* +remove etc/lvm/cache +remove etc/lvm/lvm.conf append etc/lvm/lvm.conf "global {\n\tuse_lvmetad = 1\n}\n" +## Record the package versions used to create the image +runcmd chroot ${root} /bin/rpm -qa --pipe "tee /root/lorax-packages.log" + ## TODO: we could run prelink here if we wanted?