Commit Graph

648 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
be52104454
firstboot: add an option to create USB VM
Fixes QubesOS/qubes-issues#704
2015-11-29 04:19:37 +01:00
Marek Marczykowski-Górecki
e6c2a93146
firstboot: add an option to route "all" the traffic through Tor 2015-11-27 23:02:38 +01:00
Marek Marczykowski-Górecki
6cc13889d0
comps: switch to Fedora 23 as default template 2015-11-27 23:02:02 +01:00
Marek Marczykowski-Górecki
156ae001fb
comps: drop qubes-dom0-debug group
Save some space on installation DVD.
2015-11-27 23:01:30 +01:00
Marek Marczykowski-Górecki
d98d7dbf94
firstboot: set 'Whonix' option to inactive when no Whonix templates installed
QubesOS/qubes-issues#1258
2015-11-23 19:10:45 +01:00
Marek Marczykowski-Górecki
cdd4294938
firstboot: use qvm-pci --add-class net for NetVM setup
Trying to reduce code duplication.
2015-11-23 19:09:53 +01:00
Marek Marczykowski-Górecki
3c25ca1d94
firstboot: since it now uses salt stack for configuration, add R: salt
QubesOS/qubes-issues#1258
2015-11-23 19:09:37 +01:00
Marek Marczykowski-Górecki
8f14f91b04
firstboot: enable Whonix setup by default if Whonix templates are installed
QubesOS/qubes-issues#1258
2015-11-23 19:09:37 +01:00
Marek Marczykowski-Górecki
875f3ee060
conf: include Whonix in installtion image
QubesOS/qubes-issues#1258
2015-11-23 19:09:37 +01:00
Marek Marczykowski-Górecki
a2456dd73b
firstboot: restore appmenus retrieval code
This part isn't (and probably shouldn't be) handled by salt.

QubesOS/qubes-issues#1258
2015-11-23 02:34:53 +01:00
Marek Marczykowski-Górecki
0417d5de56
firstboot: force salt-minion configuration refresh
It should be done at package installation time (%post script), but
unfortunately it isn't. Probably because of wrong order of scripts calls
(missin Requires(post) dependencies).

QubesOS/qubes-issues#1258
2015-11-23 02:27:18 +01:00
Wojtek Porczyk
be64e72d63 firstboot: use Qubes preconfiguration infrastructure 2015-11-21 01:54:07 +01:00
Marek Marczykowski-Górecki
84f61cbb6b
live: Include USB3.0 drivers
Fixes QubesOS/qubes-issues#1162
2015-11-04 01:17:07 +01:00
Marek Marczykowski-Górecki
1d4f49961c
anaconda: limit dom0 maxmem to 4GB to limit its overhead on big systems
Linux kernel have some memory overhead depending on maxmem. Dom0 isn't
meant to use that much memory (most should be assigned to AppVMs), so on
big systems this will be pure waste.

QubesOS/qubes-issues#1136
Fixes QubesOS/qubes-issues#1313
2015-10-10 00:33:13 +02:00
Marek Marczykowski-Górecki
c0f4d76a14
livecd-tools: add 'repo --ignoregroups' support
Apparently this option wass ignored by livecd-tools, so groups from
Fedora repositories came in.

QubesOS/qubes-issues#1018
2015-10-06 05:06:27 +02:00
Marek Marczykowski-Górecki
64167c525c
liveusb: restore plymouth in EFI initramfs
QubesOS/qubes-issues#794
2015-10-06 05:06:27 +02:00
Marek Marczykowski-Górecki
e5368d7da7
liveusb: handle both Debian and Fedora appmenus
Some applications are named differently, so we need a separate list.

QubesOS/qubes-issues#1018
QubesOS/qubes-issues#794
2015-10-06 05:06:27 +02:00
Marek Marczykowski-Górecki
588cbed78e
liveusb: set Fedora 21 as default template
QubesOS/qubes-issues#794
2015-10-06 05:06:27 +02:00
Marek Marczykowski-Górecki
e842046273
anaconda 20.25.16-10, livecd-tools 20.6-2, lorax-templates-qubes 3.1-1, pungi 3.03-2
Also set epoch ridiculously high for pungi and livecd-tools to make sure
we use versions with enabled signature checking.
2015-09-30 00:40:53 +02:00
Marek Marczykowski-Górecki
ae8d7dbdb4
qubes-release 3.1-0.1
'master' branch now points to next major release
2015-09-29 16:37:26 +02:00
Marek Marczykowski-Górecki
bab6aa2fa2
Merge branch 'efi'
* efi:
  lorax: disable debug output from xen and kernel
  lorax: make initrd back to work without ifcfg module
  lorax: efi: improve using ESP for 'root' device
  lorax: fix legacy mode boot after EFI initrd tinyfication
  lorax: Add rescue entry to grub2-efi.cfg
  lorax: Provide correct device information to xen.efi
  anaconda: use correct root= kernel parameter when creating EFI xen.cfg
  anaconda: workaround efibootmgr bug (SIGABRT while removing entries)
  anaconda: fix dracut module to work with reduced dependencies
  lorax: drop plymouth label plugin
  lorax: exclude SCSI and misc modules from UEFI initrd
  lorax: remove SecureBoot files - save some space in efiboot.img
  lorax: do not create macboot.img - it will be too big anyway
  lorax: remove network support from UEFI initrd
  lorax: select xen.cfg section to enable/disable media check
  lorax: disable UEFI Secure Boot shim
  pungi: do not use isohybrid --offset as it isn't compatible with EFI
  anaconda: generate xen efi configuration
  lorax: preliminary EFI support

QubesOS/qubes-issues#794
2015-09-29 16:11:59 +02:00
Marek Marczykowski-Górecki
0e6649b6a5
Merge branch 'liveusb'
* liveusb: (31 commits)
  livecd-tools: gitignore
  livecd-tools: apply patches for verifying downloaded packages
  livecd-tools: plug it into qubes-builder scripts
  livecd-tools: import unmodified package from Fedora 20
  makefile: remove legacy targets
  liveusb: EFI support
  live: remove automatic swap discovery
  live: place private.img of default VMs back on dm-snapshot device
  live: remove redundant livecd-creator --verbose flag
  live: disable (currently broken) EFI
  liveusb: fix package name in build-deps
  liveusb: use more friendly output image name
  liveusb: overlayfs doesn't support sparse files, use tmpfs directly
  liveusb: include default appmenus based on default fedora-21 template
  liveusb: use offline-mode of qubes-set-updates
  liveusb: mount /var/lib/qubes using overlayfs on tmpfs, instead of dm-snapshot
  liveusb: reset list of PCI devices assigned to sys-net before assigning new ones
  conf/liveusb: disable updates check - senseless on non-persistent system
  liveusb: use qvm-pci --offline-mode
  conf/liveusb: create default dispvm template
  ...

QubesOS/qubes-ossues#1018
2015-09-29 16:10:30 +02:00
Marek Marczykowski-Górecki
7ac6902f1e livecd-tools: gitignore 2015-09-29 03:36:59 +02:00
Marek Marczykowski-Górecki
8ec82b09f7 livecd-tools: apply patches for verifying downloaded packages
Livecd-creator is one more example of program which happily installs
whatever downloads from the network, without any verification
(repository metadata consistency doesn't count)...

Patches sent upstream here:
https://github.com/rhinstaller/livecd-tools/pull/14
2015-09-29 03:35:14 +02:00
Marek Marczykowski-Górecki
ea9d843368 livecd-tools: plug it into qubes-builder scripts 2015-09-29 03:29:36 +02:00
Marek Marczykowski-Górecki
75bc4dbee8 livecd-tools: import unmodified package from Fedora 20 2015-09-29 03:24:01 +02:00
Marek Marczykowski-Górecki
dbb8ebcbe5 makefile: remove legacy targets 2015-09-29 03:22:19 +02:00
Marek Marczykowski-Górecki
a8b97177ae
Merge branch 'pungi-gpgcheck' 2015-09-29 02:31:40 +02:00
Marek Marczykowski-Górecki
10b346a1e1 pungi: verify downloaded (but not installed packages)
This way all the packages are verified, not only those installed in
installer image (by lorax). This makes manual rpm --checksig redundant.
2015-09-28 20:29:39 +02:00
Marek Marczykowski-Górecki
6438163c8c lorax: disable debug output from xen and kernel
Prepare for production-quality release.
2015-09-28 20:14:27 +02:00
Marek Marczykowski-Górecki
6adfe1e846 lorax: make initrd back to work without ifcfg module
Anaconda requires /etc/sysconfig/network-scripts directory (even if
empty). Do not remove it, because if wouldn't be recreated if we omit
ifcfg dracut module.
2015-09-28 20:10:03 +02:00
Marek Marczykowski-Górecki
0570ce7f6d lorax: efi: improve using ESP for 'root' device
Simply do nothing, instead of searching by filesystem label. This should
work even if there are multiple devices with the same label.
2015-09-28 20:09:58 +02:00
Marek Marczykowski-Górecki
0493bb717c liveusb: EFI support
Since livecd-tools doesn't support starting Xen in EFI mode, most of its
EFI support is rewritten here (overriden in LiveEFIImageCreator, based
on imgcreate.LiveImageCreator).

This all is still temporary solution, until Xen will have mutiboot2+EFI
support - then almost standard configuration could be used (almost the
same grub config as for legacy boot). So keep the changes here, and when
the proper solution would be implemented, pursue to having it upstream.

QubesOS/qubes-issues#794
2015-09-26 22:36:03 +02:00
Marek Marczykowski-Górecki
229da77d7e lorax: fix legacy mode boot after EFI initrd tinyfication 2015-09-25 16:25:47 +02:00
Marek Marczykowski-Górecki
4d7e45103d lorax: Add rescue entry to grub2-efi.cfg 2015-09-25 16:25:47 +02:00
Marek Marczykowski-Górecki
7cf4f825e5 lorax: Provide correct device information to xen.efi
xen.efi needs to call EFI services to access kernel and initramfs
images. For that it needs correct device handle. Grub set it to 'root'
device, regardless of which device was really used to load xen.efi.
2015-09-25 16:25:47 +02:00
Marek Marczykowski-Górecki
f29979be41 anaconda: use correct root= kernel parameter when creating EFI xen.cfg 2015-09-25 16:25:46 +02:00
Marek Marczykowski-Górecki
bdba0f99d0 anaconda: workaround efibootmgr bug (SIGABRT while removing entries) 2015-09-25 16:25:46 +02:00
Marek Marczykowski-Górecki
447ba8ab42 anaconda: fix dracut module to work with reduced dependencies
Do not fail because of not present url-lib. Also 'loop' module requires manual
loading now.
2015-09-25 16:25:46 +02:00
Marek Marczykowski-Górecki
4868764d81 lorax: drop plymouth label plugin
It's not used by installer theme but pulls a lot of libraries into initrd.
2015-09-25 16:25:46 +02:00
Marek Marczykowski-Górecki
4fa5c591f8 lorax: exclude SCSI and misc modules from UEFI initrd
One more time - save on efiboot.img size.
2015-09-25 16:25:43 +02:00
Marek Marczykowski-Górecki
7e867fd810 lorax: remove SecureBoot files - save some space in efiboot.img 2015-09-25 16:25:06 +02:00
Marek Marczykowski-Górecki
44dc8e0278 lorax: do not create macboot.img - it will be too big anyway 2015-09-25 16:25:05 +02:00
Marek Marczykowski-Górecki
b024e93e40 lorax: remove network support from UEFI initrd
Reduce its size to have efiboot.img under 32MB.
This needs rebuilding initrd and we need kernel version for that - so pass it
down from x86.tmpl.
2015-09-25 16:24:53 +02:00
Marek Marczykowski-Górecki
9a80875a5d
live: remove automatic swap discovery
We don't want to leave unencrypted memory dumps on some "random" disk
found in the system.
2015-09-25 15:31:12 +02:00
Marek Marczykowski-Górecki
c4b965ed88 lorax: select xen.cfg section to enable/disable media check
Apparently all but first parameters are passed to xen.efi, so it is possible to
select which config section should be used. This makes xen.efi copy
unnecessary.
2015-09-21 18:09:34 +02:00
Marek Marczykowski-Górecki
49b3630362 lorax: disable UEFI Secure Boot shim
We don't have signed xen/kernel/initramfs binaries. And more
importantly, we don't have MS-signed key...
2015-09-21 18:09:33 +02:00
Marek Marczykowski-Górecki
3df2363093
Merge remote-tracking branch 'qubesos/master' 2015-09-16 17:08:46 +02:00
Marek Marczykowski-Górecki
d08f0cf0a4 conf: drop debian-7 template from ISO image
Fixes qubesos/qubes-issues#1070
2015-09-16 16:53:16 +02:00
Marek Marczykowski-Górecki
d57c5e814a
live: place private.img of default VMs back on dm-snapshot device
Apparently those 350MB are critical on 4GB systems without a swap.
2015-08-09 20:43:06 +02:00