a5f58a524f
Additionally, rpm_verify understands the NO_SIGN enviroment variable.
1148 lines
42 KiB
Bash
Executable File
1148 lines
42 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# mk-images
|
|
#
|
|
# Copyright (C) 2007 Red Hat, Inc. All rights reserved.
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
LANG=C
|
|
|
|
PATH=$PATH:/sbin:/usr/sbin
|
|
IMAGEUUID=$(date +%Y%m%d%H%M).$(uname -i)
|
|
TMPDIR=${TMPDIR:-/tmp}
|
|
|
|
usage () {
|
|
echo "usage: mk-images <pkgsrc> <toplevel> <template> <imgdir> <buildarch> <productname> <version> [<productpath>]"
|
|
exit 0
|
|
}
|
|
|
|
DEBUG=""
|
|
BUILDARCH=`uname -m`
|
|
BOOTISO="boot.iso"
|
|
|
|
while [ $# -gt 0 ]; do
|
|
case $1 in
|
|
--debug)
|
|
DEBUG="--debug"
|
|
shift
|
|
;;
|
|
--noiso)
|
|
BOOTISO=""
|
|
shift
|
|
;;
|
|
--arch)
|
|
BUILDARCH=$2
|
|
shift; shift
|
|
;;
|
|
--imgdir)
|
|
IMGPATH=$2
|
|
shift; shift
|
|
;;
|
|
--product)
|
|
PRODUCT=$2
|
|
shift; shift
|
|
;;
|
|
--version)
|
|
VERSION=$2
|
|
shift; shift
|
|
;;
|
|
--bugurl)
|
|
BUGURL=$2
|
|
shift; shift
|
|
;;
|
|
--output)
|
|
TOPDESTPATH=$2
|
|
shift; shift
|
|
;;
|
|
--nogr)
|
|
echo "*** DeprecationWarning: ignoring --nogr option." >&2
|
|
shift
|
|
;;
|
|
--mindir)
|
|
echo "*** DeprecationWarning: ignoring --mindir option." >&2
|
|
shift; shift
|
|
;;
|
|
--stg2dir)
|
|
echo "*** DeprecationWarning: please use --imgdir instead of --stg2dir." >&2
|
|
shift; shift
|
|
;;
|
|
*)
|
|
yumconf=$1
|
|
shift
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [ -z "$TOPDESTPATH" -o -z "$IMGPATH" -o -z "$PRODUCT" -o -z "$VERSION" ]; then usage; fi
|
|
|
|
TOPDIR=$(echo $0 | sed "s,/[^/]*$,,")
|
|
if [ $TOPDIR = $0 ]; then
|
|
$TOPDIR="."
|
|
fi
|
|
TOPDIR=$(cd $TOPDIR; pwd)
|
|
|
|
# modules that are needed. this is the generic "needed for every arch" stuff
|
|
COMMONMODS="fat vfat nfs sunrpc lockd floppy cramfs loop edd pcspkr squashfs ipv6 virtio_pci netconsole"
|
|
USBMODS="adutux aircable appledisplay ark3116 belkin_sa c67x00 cdc-acm cdc-wdm ch341 cp210x cxacru cyberjack cypress_cy7c63 cypress_m8 cytherm digi_acceleport ehci-hcd emi26 emi62 empeg ftdi-elan ftdi_sio funsoft garmin_gps hp4x hwa-hc idmouse io_edgeport io_ti iowarrior ipaq ipw ir-usb isight_firmware isp116x-hcd isp1362-hcd isp1760 iuu_phoenix keyspan keyspan_pda kl5kusb105 kobil_sct ldusb legousbtower mct_u232 mdc800 microtek mos7720 mos7840 moto_modem navman ohci-hcd omninet opticon option oti6858 oxu210hp-hcd pl2303 qcaux qcserial r8a66597-hcd rio500 safe_serial sam-ba siemens_mpi sierra sisusbvga sl811_cs sl811-hcd spcp8x5 speedtch ssu100 symbolserial ti_usb_3410_5052 trancevibrator u132-hcd uas ueagle-atm uhci-hcd ums-alauda ums-cypress ums-datafab ums-freecom ums-isd200 ums-jumpshot ums-karma ums-onetouch ums-sddr09 ums-sddr55 ums-usbat usbatm usbcore usb_debug usblcd usbled usblp usbmon usbserial usbsevseg usb-storage usbtmc usb_wwan uss720 visor vivopay-serial whci-hcd whiteheat wusb-cbaf wusbcore wusb-wa xhci-hcd xusbatm yurex zio"
|
|
INPUTMODS="acecad ad714x ad714x-i2c ad714x-spi ad7877 ad7879 ad7879-i2c ad7879-spi adp5588-keys ads7846 adxl34x adxl34x-i2c adxl34x-spi aiptek altera_ps2 apanel appletouch ati_remote ati_remote2 atlas_btns bcm5974 bu21013_ts cm109 cma3000_d0x cma3000_d0x_i2c ct82c710 cy8ctmg110_ts dynapro eeti_ts elo elousb ff-memless fujitsu_ts gpio_keys gpio_keys_polled gpio_mouse gtco gunze hampshire hanwang inexio input-polldev joydev kbtab keyspan_remote lm8323 matrix_keypad max7359_keypad mc13783_ts mcs5000_ts mcs_touchkey mk712 mtouch newtonkbd opencores-kbd parkbd pcap_keys pcap_ts pcf8574_keypad pcips2 pcspkr penmount powermate ps2mult qt2160 qt602240_ts rotary_encoder serio_raw sermouse serport sparse-keymap st1232 sunkbd synaptics_i2c tca6416-keypad touchit213 touchright touchwin tps6507x-ts tsc2007 ucb1400_ts uinput usbtouchscreen vsxxxaa wacom wacom_w8001 wm97xx-ts xtkbd yealink"
|
|
FIREWIREMODS="ohci1394 sbp2 fw-ohci fw-sbp2 firewire-sbp2 firewire-ohci"
|
|
SDMODS="mmc-block sdhci sdhci-pci"
|
|
IDEMODS="ide-cd ide-cd_mod"
|
|
ATAMODS="acard-ahci ahci ahci_platform ata_generic ata_piix libahci libata pata_acpi pata_ali pata_amd pata_artop pata_atiixp pata_atp867x pata_cmd640 pata_cmd64x pata_cs5520 pata_cs5530 pata_cs5536 pata_cypress pata_efar pata_hpt366 pata_hpt37x pata_hpt3x2n pata_hpt3x3 pata_it8213 pata_it821x pata_jmicron pata_marvell pata_mpiix pata_netcell pata_ninja32 pata_ns87410 pata_ns87415 pata_oldpiix pata_opti pata_optidma pata_pcmcia pata_pdc2027x pata_pdc202xx_old pata_piccolo pata_radisys pata_rdc pata_rz1000 pata_sc1200 pata_sch pata_serverworks pata_sil680 pata_sis pata_sl82c105 pata_triflex pata_via pdc_adma sata_inic162x sata_mv sata_nv sata_promise sata_qstor sata_sil sata_sil24 sata_sis sata_svw sata_sx4 sata_uli sata_via sata_vsc"
|
|
SCSIMODS="3w-9xxx 3w-sas 3w-xxxx a100u2w aacraid advansys aha152x_cs aic79xx aic7xxx aic7xxx_old aic94xx arcmsr atp870u be2iscsi bfa bnx2i BusLogic ch cxgb3i cxgb4i dc395x dmx3191d dpt_i2o eata fcoe fdomain fdomain_cs fnic gdth hpsa hptiop imm initio ipr ips iscsi_boot_sysfs iscsi_tcp libcxgbi libfc libfcoe libiscsi libiscsi_tcp libosd libsas libsrp lpfc megaraid megaraid_mbox megaraid_mm megaraid_sas mpt2sas mvsas osd osst pm8001 pmcraid ppa qla1280 qla2xxx qla4xxx qlogic_cs qlogicfas408 raid_class scsi_debug scsi_dh scsi_dh_alua scsi_dh_emc scsi_dh_hp_sw scsi_dh_rdac scsi_mod scsi_tgt scsi_transport_fc scsi_transport_iscsi scsi_transport_sas scsi_transport_spi scsi_transport_srp scsi_wait_scan sd_mod ses sg sr_mod st stex sym53c500_cs sym53c8xx tmscsim"
|
|
FSMODS="fat msdos vfat ext2 ext3 ext4 reiserfs jfs xfs gfs2 cifs fuse btrfs hfsplus"
|
|
LVMMODS="dm-mod dm-zero dm-snapshot dm-mirror dm-multipath dm-round-robin dm-crypt"
|
|
RAIDMODS="raid0 raid1 raid5 raid6 raid456 raid10 linear"
|
|
CRYPTOMODS="sha256_generic cbc xts lrw aes_generic crypto_blkcipher crc32c ecb arc4"
|
|
PCMCIASOCKMODS="yenta_socket i82365 tcic pcmcia"
|
|
INITRDMODS="$INPUTMODS $USBMODS $FIREWIREMODS $IDEMODS $ATAMODS $SCSIMODS $FSMODS $LVMMODS $RAIDMODS $CRYPTOMODS $COMMONMODS $PCMCIASOCKMODS $SDMODS =scsi =net =drm"
|
|
|
|
. $(dirname $0)/buildinstall.functions
|
|
|
|
# Set, verify, and create paths
|
|
IMAGEPATH=$TOPDESTPATH/images
|
|
FULLMODPATH=$TMPDIR/instimagemods.$$
|
|
FINALFULLMODPATH=$IMGPATH/modules
|
|
INSTIMGPATH=$TOPDESTPATH/images
|
|
KERNELBASE=$TMPDIR/updboot.kernel.$$
|
|
|
|
KERNELNAME=vmlinuz
|
|
if [ "$BUILDARCH" = "ia64" ]; then
|
|
KERNELDIR="/boot/efi/EFI/redhat"
|
|
else
|
|
KERNELDIR="/boot"
|
|
fi
|
|
|
|
if [ "$BUILDARCH" = "sparc64" ]; then
|
|
BASEARCH=sparc
|
|
elif [ "$BUILDARCH" = "ppc64" ]; then
|
|
BASEARCH=ppc
|
|
else
|
|
BASEARCH=$BUILDARCH
|
|
fi
|
|
|
|
# explicit block size setting for some arches (FIXME: we compose
|
|
# ppc64-ish trees as ppc, so we have to set the "wrong" block size)
|
|
if [ "$BUILDARCH" = "sparc64" ]; then
|
|
CRAMBS="--blocksize 8192"
|
|
elif [ "$BUILDARCH" = "sparc" ]; then
|
|
CRAMBS="--blocksize 4096"
|
|
else
|
|
CRAMBS=""
|
|
fi
|
|
|
|
if [ "$BUILDARCH" = "x86_64" -o "$BUILDARCH" = "s390x" -o "$BUILDARCH" = "ppc64" ]; then
|
|
LIBDIR=lib64
|
|
else
|
|
LIBDIR=lib
|
|
fi
|
|
|
|
rm -rf $IMAGEPATH
|
|
rm -rf $FULLMODPATH
|
|
rm -rf $FINALFULLMODPATH
|
|
rm -rf $KERNELBASE
|
|
mkdir -p $IMAGEPATH
|
|
mkdir -p $FULLMODPATH
|
|
mkdir -p $FINALFULLMODPATH
|
|
mkdir -p $KERNELBASE
|
|
mkdir -p $INSTIMGPATH
|
|
|
|
# Stuff that we need
|
|
TRIMPCIIDS=$IMGPATH/usr/lib/anaconda-runtime/trimpciids
|
|
GETKEYMAPS=$IMGPATH/usr/lib/anaconda-runtime/getkeymaps
|
|
GENINITRDSZ=$IMGPATH/usr/lib/anaconda-runtime/geninitrdsz
|
|
MKS390CDBOOT=$IMGPATH/usr/lib/anaconda-runtime/mk-s390-cdboot
|
|
GENMODINFO=$IMGPATH/usr/lib/anaconda-runtime/genmodinfo
|
|
KEYMAPS=$TMPDIR/keymaps-$BUILDARCH.$$
|
|
SCREENFONT=$IMGPATH/usr/lib/anaconda-runtime/screenfont-${BASEARCH}.gz
|
|
MODLIST=$IMGPATH/usr/lib/anaconda-runtime/modlist
|
|
MODINFO=$TMPDIR/modinfo-$BUILDARCH.$$
|
|
LOADERBINDIR=$IMGPATH/usr/lib/anaconda-runtime/loader
|
|
BOOTDISKDIR=$IMGPATH/usr/lib/anaconda-runtime/boot
|
|
LANGTABLE=$IMGPATH/usr/lib/anaconda/lang-table
|
|
PCIIDS=$IMGPATH/usr/share/hwdata/pci.ids
|
|
XDRIVERS=$IMGPATH/usr/share/hwdata/videoaliases
|
|
XDRIVERDESCS=$IMGPATH/usr/share/hwdata/videodrivers
|
|
|
|
REQUIREMENTS="$TRIMPCIIDS $PCIIDS $XDRIVERDESCS $GENMODINFO
|
|
$LANGTABLE $GETKEYMAPS"
|
|
|
|
dieLater=
|
|
for n in $REQUIREMENTS; do
|
|
if [ ! -f $n ]; then
|
|
echo "$n doesn't exist"
|
|
dieLater=1
|
|
fi
|
|
done
|
|
|
|
for n in $BOOTDISKDIR; do
|
|
if [ ! -d $n ]; then
|
|
echo "$n doesn't exist"
|
|
dieLater=1
|
|
fi
|
|
done
|
|
|
|
if [ -n "$dieLater" ]; then exit 1; fi
|
|
|
|
if [ "$BUILDARCH" != "s390" -a "$BUILDARCH" != "s390x" ]; then
|
|
# go ahead and create the keymaps so we only have to do it once
|
|
if [ -f $IMGPATH/usr/lib/anaconda-runtime/keymaps-override-$BASEARCH ]; then
|
|
echo "Found keymap override, using it"
|
|
cp $IMGPATH/usr/lib/anaconda-runtime/keymaps-override-$BASEARCH $KEYMAPS
|
|
else
|
|
echo "Running: $GETKEYMAPS $BUILDARCH $KEYMAPS $IMGPATH"
|
|
$GETKEYMAPS $BUILDARCH $KEYMAPS $IMGPATH
|
|
if [ $? != 0 ]; then
|
|
echo "Unable to create keymaps and thus can't create initrd."
|
|
exit 1
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
findPackage() {
|
|
name=$1
|
|
|
|
pkg=$(repoquery --qf "%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}" -c $yumconf --archlist=$KERNELARCH $name.$KERNELARCH)
|
|
if [ -n "$pkg" ]; then
|
|
echo $pkg
|
|
return
|
|
fi
|
|
echo "cannot find package $name" >&2
|
|
}
|
|
|
|
rundepmod () {
|
|
where=$1
|
|
|
|
$FAKEARCH /sbin/depmod -a -F $KERNELROOT/boot/System.map-$version \
|
|
-b $where $version
|
|
}
|
|
|
|
# This loops to make sure it resolves dependencies of dependencies of...
|
|
resdeps () {
|
|
items="$*"
|
|
|
|
deplist=""
|
|
for item in $items ; do
|
|
deps=$(awk -F ':' "/$item.ko: / { print gensub(\".*/$item.ko: \",\"\",\"g\") }" $KERNELROOT/lib/modules/$version/modules.dep)
|
|
for dep in $deps ; do
|
|
depfile=${dep##*/}
|
|
depname=${dep%%.ko}
|
|
deplist="$deplist $depname"
|
|
done
|
|
done
|
|
items=$(for n in $items $deplist; do echo $n; done | sort -u)
|
|
echo $items
|
|
}
|
|
|
|
expandModuleSet() {
|
|
SET=""
|
|
for name in $1; do
|
|
char=$(echo $name | cut -c1)
|
|
if [ $char = '=' ]; then
|
|
NAME=$(echo $name | cut -c2-)
|
|
if [ "$NAME" = "ata" ]; then
|
|
SET="$SET $(egrep '(ata|ahci)' $KERNELROOT/lib/modules/$version/modules.block |sed -e 's/.ko//')"
|
|
elif [ "$NAME" = "scsi" ]; then
|
|
SET="$SET $(sed -e 's/.ko//' $KERNELROOT/lib/modules/$version/modules.block)"
|
|
elif [ "$NAME" = "net" ]; then
|
|
SET="$SET $(sed -e 's/.ko//' $KERNELROOT/lib/modules/$version/modules.networking)"
|
|
else
|
|
# Ignore if group list does not exist
|
|
if [ -e $KERNELROOT/lib/modules/$version/modules.$NAME ]; then
|
|
SET="$SET $(sed -e 's/.ko//' $KERNELROOT/lib/modules/$version/modules.$NAME)"
|
|
fi
|
|
fi
|
|
else
|
|
SET="$SET $name"
|
|
fi
|
|
done
|
|
|
|
echo $SET
|
|
}
|
|
|
|
makemoduletree() {
|
|
MMB_DIR=$1
|
|
MMB_MODULESET=$(resdeps $2)
|
|
|
|
mkdir -p $MMB_DIR/lib
|
|
mkdir -p $MMB_DIR/modules
|
|
mkdir -p $MMB_DIR/firmware
|
|
ln -snf ../modules $MMB_DIR/lib/modules
|
|
ln -snf ../firmware $MMB_DIR/lib/firmware
|
|
|
|
echo "Copying kernel modules..."
|
|
cp -a $KERNELROOT/lib/modules/* $MMB_DIR/lib/modules/
|
|
echo "Removing extraneous modules..."
|
|
find $MMB_DIR/lib/modules/ -name *.ko | while read module ; do
|
|
m=${module##*/}
|
|
modname=${m%%.ko}
|
|
echo $MMB_MODULESET | grep -wq $modname || {
|
|
rm -f $module
|
|
}
|
|
done
|
|
|
|
echo "Copying required firmware..."
|
|
find $MMB_DIR/lib/modules/ -name *.ko | while read module ; do
|
|
for fw in $(modinfo -F firmware $module); do
|
|
dest=$MBD_DIR/firmware/$fw
|
|
destdir=$(dirname $dest)
|
|
|
|
# Some firmware files are expected to be in their own directories.
|
|
if [ ! -d $destdir ]; then
|
|
mkdir -p $destdir
|
|
fi
|
|
|
|
cp $KERNELROOT/lib/firmware/$fw $dest
|
|
done
|
|
done
|
|
|
|
# Copy in driver firmware we know we'll want during installation. This is
|
|
# required for modules which still don't (or can't) export information
|
|
# about what firmware files they require.
|
|
for module in $MODSET ; do
|
|
case $module in
|
|
ipw2100)
|
|
cp $KERNELROOT/lib/firmware/ipw2100* $MBD_DIR/firmware
|
|
;;
|
|
ipw2200)
|
|
cp $KERNELROOT/lib/firmware/ipw2200* $MBD_DIR/firmware
|
|
;;
|
|
iwl3945)
|
|
cp $KERNELROOT/lib/firmware/iwlwifi-3945* $MBD_DIR/firmware
|
|
;;
|
|
atmel)
|
|
cp $KERNELROOT/lib/firmware/atmel_*.bin $MBD_DIR/firmware
|
|
;;
|
|
zd1211rw)
|
|
cp -r $KERNELROOT/lib/firmware/zd1211 $MBD_DIR/firmware
|
|
;;
|
|
esac
|
|
done
|
|
|
|
# create depmod.conf to support DDs
|
|
cat > $MMB_DIR/etc/depmod.conf << EOF
|
|
search /tmp/DD/lib/modules built-in
|
|
EOF
|
|
|
|
# clean up leftover cruft
|
|
find -H $MMB_DIR/lib/modules -type d -exec rmdir -f {} \; 2>/dev/null
|
|
$MODLIST --modinfo-file $MODINFO --ignore-missing --modinfo \
|
|
$MMB_MODULESET > $MMB_DIR/lib/modules/module-info
|
|
# compress modules
|
|
find -H $MMB_DIR/lib/modules -type f -name *.ko -exec gzip -9 {} \;
|
|
rundepmod $MMB_DIR
|
|
rm -f $MMB_DIR/lib/modules/*/modules.*map
|
|
rm -rf $MMB_DIR/lib/modules/*/{build,source}
|
|
|
|
# create the pci.ids, from modules.alias and the X driver aliases
|
|
awk '!/^(\t\t|#)/ { print ;if ($0 == "ffff Illegal Vendor ID") nextfile; }' < $PCIIDS | \
|
|
$TRIMPCIIDS $MMB_DIR/lib/modules/*/modules.alias $XDRIVERS/* > ../pci.ids
|
|
}
|
|
|
|
|
|
makeproductfile() {
|
|
root=$1
|
|
|
|
rm -f $root/.buildstamp
|
|
echo $IMAGEUUID > $root/.buildstamp
|
|
echo $PRODUCT >> $root/.buildstamp
|
|
echo $VERSION >> $root/.buildstamp
|
|
if [ -n "$BUGURL" ]; then
|
|
echo $BUGURL >> $root/.buildstamp
|
|
fi
|
|
}
|
|
|
|
instbin() {
|
|
ROOT=$1
|
|
BIN=$2
|
|
DIR=$3
|
|
DEST=$4
|
|
|
|
iself="$(file $ROOT/$BIN | grep ELF)"
|
|
|
|
if [ -L $ROOT/$BIN ]; then
|
|
cp -a $ROOT/$BIN $DIR/$DEST
|
|
else
|
|
if [ -z "$iself" ]; then
|
|
install -m 755 $ROOT/$BIN $DIR/$DEST
|
|
else
|
|
install -s -m 755 $ROOT/$BIN $DIR/$DEST
|
|
|
|
get_dso_deps $ROOT "$BIN"
|
|
local DEPS="$DSO_DEPS"
|
|
mkdir -p $DIR/$LIBDIR
|
|
|
|
for x in $DEPS ; do
|
|
cp -Lfp $ROOT/$x $DIR/$LIBDIR
|
|
done
|
|
|
|
pushd $DIR/$LIBDIR
|
|
if [ -f ld-linux.so.2 -a ! -L ld-linux.so.2 ]; then
|
|
rm -f ld-linux.so.2
|
|
linker="$(ls -1 ld-*.*.*.so)"
|
|
if [ -z "$linker" ]; then
|
|
linker="$(ls -1 ld-*.*.so)"
|
|
fi
|
|
found=$(echo $linker | wc -l)
|
|
if [ $found -ne 1 ]; then
|
|
echo "Found too many dynamic linkers:" >&2
|
|
echo $linker >&2
|
|
exit 1
|
|
fi
|
|
ln -s $linker ld-linux.so.2
|
|
fi
|
|
popd
|
|
if [ "$BUILDARCH" = "s390x" -a ! -h $DIR/lib/ld64.so.1 ]; then
|
|
pushd $DIR/lib
|
|
ln -s ../$LIBDIR/ld64.so.1
|
|
popd
|
|
fi
|
|
fi
|
|
fi
|
|
}
|
|
|
|
setupSshd() {
|
|
cp -f $IMGPATH/etc/protocols $MBD_DIR/etc/protocols
|
|
echo "sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin" \
|
|
>> $MBD_DIR/etc/passwd
|
|
|
|
# enable root shell logins
|
|
echo "root::14438:0:99999:7:::" >> $MBD_DIR/etc/shadow
|
|
|
|
# enable 'install' account that starts anaconda on login
|
|
echo "install:x:0:0:root:/root:/sbin/loader" >> $MBD_DIR/etc/passwd
|
|
echo "install::14438:0:99999:7:::" >> $MBD_DIR/etc/shadow
|
|
|
|
chmod 0400 $MBD_DIR/etc/shadow
|
|
|
|
# PAM configuration
|
|
for i in pam_limits.so pam_env.so pam_unix.so pam_deny.so; do
|
|
cp -f $IMGPATH/$LIBDIR/security/$i $MBD_DIR/$LIBDIR/security
|
|
done
|
|
|
|
cp -f $IMGPATH/etc/pam.d/other $MBD_DIR/etc/pam.d
|
|
cat > $MBD_DIR/etc/pam.d/login << EOF
|
|
#%PAM-1.0
|
|
auth required pam_env.so
|
|
auth sufficient pam_unix.so likeauth nullok
|
|
auth required pam_deny.so
|
|
account required pam_unix.so
|
|
password sufficient pam_unix.so nullok use_authtok md5 shadow
|
|
password required pam_deny.so
|
|
session required pam_limits.so
|
|
session required pam_unix.so
|
|
EOF
|
|
cp -f $MBD_DIR/etc/pam.d/login $MBD_DIR/etc/pam.d/sshd
|
|
cp -f $MBD_DIR/etc/pam.d/login $MBD_DIR/etc/pam.d/remote
|
|
|
|
cp -f $IMGPATH/etc/security/{limits.conf,pam_env.conf} $MBD_DIR/etc/security/
|
|
|
|
mkdir -m 0700 -p $MBD_DIR/etc/ssh
|
|
if [ "$BUILDARCH" = "s390" -o "$BUILDARCH" = "s390x" ]; then
|
|
# key generation takes ages on s390, you really don't want this
|
|
# for every installation attempt. These are NOT the keys of the
|
|
# installed system!
|
|
echo -n "Generating SSH1 RSA host key: "
|
|
/usr/bin/ssh-keygen -q -t rsa1 -f $MBD_DIR/etc/ssh/ssh_host_key \
|
|
-C '' -N '' >&/dev/null
|
|
echo
|
|
echo -n "Generating SSH2 RSA host key: "
|
|
/usr/bin/ssh-keygen -q -t rsa -f $MBD_DIR/etc/ssh/ssh_host_rsa_key \
|
|
-C '' -N '' >&/dev/null
|
|
echo
|
|
echo -n "Generating SSH2 DSA host key: "
|
|
/usr/bin/ssh-keygen -q -t dsa -f $MBD_DIR/etc/ssh/ssh_host_dsa_key \
|
|
-C '' -N '' >&/dev/null
|
|
echo
|
|
(cd $MBD_DIR/etc/ssh; \
|
|
chmod 600 ssh_host_key ssh_host_rsa_key ssh_host_dsa_key; \
|
|
chmod 644 ssh_host_key.pub ssh_host_rsa_key.pub ssh_host_dsa_key.pub; )
|
|
fi
|
|
|
|
cat > $MBD_DIR/etc/ssh/sshd_config.anaconda <<EOF
|
|
Port 22
|
|
HostKey /etc/ssh/ssh_host_key
|
|
HostKey /etc/ssh/ssh_host_rsa_key
|
|
HostKey /etc/ssh/ssh_host_dsa_key
|
|
PermitRootLogin yes
|
|
IgnoreRhosts yes
|
|
StrictModes yes
|
|
X11Forwarding yes
|
|
X11DisplayOffset 10
|
|
PrintMotd yes
|
|
XAuthLocation /sbin/xauth
|
|
KeepAlive yes
|
|
SyslogFacility AUTHPRIV
|
|
RSAAuthentication yes
|
|
PasswordAuthentication yes
|
|
PermitEmptyPasswords yes
|
|
PermitUserEnvironment yes
|
|
EOF
|
|
chmod 600 $MBD_DIR/etc/ssh/sshd_config.anaconda
|
|
|
|
# copy in the binaries
|
|
instbin $IMGPATH /sbin/nologin $MBD_DIR /sbin/nologin
|
|
instbin $IMGPATH /bin/login $MBD_DIR /sbin/login
|
|
instbin $IMGPATH /usr/sbin/sshd $MBD_DIR /sbin/sshd
|
|
instbin $IMGPATH /usr/bin/ssh-keygen $MBD_DIR /sbin/ssh-keygen
|
|
}
|
|
|
|
|
|
makeinitrd() {
|
|
EXTRAINITRDPATH=""
|
|
INITRDSIZE=""
|
|
KEEP=""
|
|
PADSIZE=""
|
|
LOADERBIN=""
|
|
INITRDMODULES=""
|
|
MYLANGTABLE=$LANGTABLE
|
|
MYLOADERTR=loader.tr
|
|
while [ x$(echo $1 | cut -c1-2) = x"--" ]; do
|
|
if [ $1 = "--initrdto" ]; then
|
|
EXTRAINITRDPATH=$2
|
|
shift; shift
|
|
continue
|
|
elif [ $1 = "--keep" ]; then
|
|
KEEP=yes
|
|
shift
|
|
continue
|
|
elif [ $1 = "--initrdsize" ]; then
|
|
INITRDSIZE=$2
|
|
shift; shift
|
|
continue
|
|
elif [ $1 = "--loaderbin" ]; then
|
|
LOADERBIN=$2
|
|
shift; shift
|
|
continue
|
|
elif [ $1 = "--modules" ]; then
|
|
INITRDMODULES=$2
|
|
shift; shift
|
|
continue
|
|
fi
|
|
echo "Unknown option passed to makeinitrd"
|
|
exit 1
|
|
done
|
|
if [ -z "$LOADERBIN" ]; then
|
|
echo "no loader binary specified!" >&2
|
|
exit 1
|
|
fi
|
|
if [ -z "$INITRDMODULES" ]; then
|
|
echo "warning: no loader modules specified!" >&2
|
|
fi
|
|
if [ -z "$INITRDSIZE" ]; then
|
|
echo "I don't know how big to make the initrd image!" >&2
|
|
exit 1
|
|
fi
|
|
|
|
MBD_DIR=$TMPDIR/makebootdisk.dir.$$
|
|
MBD_FSIMAGE=$TMPDIR/makebootdisk.initrdimage.$$
|
|
MBD_BOOTTREE=$TMPDIR/makebootdisk.tree.$$
|
|
|
|
rm -rf $MBD_DIR $MBD_FSIMAGE
|
|
mkdir -p $MBD_DIR/modules
|
|
mkdir -p $MBD_DIR/sbin
|
|
mkdir -p $MBD_DIR/dev
|
|
mkdir -p $MBD_DIR/etc
|
|
mkdir -p $MBD_DIR/etc/udev/rules.d
|
|
mkdir -p $MBD_DIR/lib/udev/rules.d
|
|
mkdir -p $MBD_DIR/proc
|
|
mkdir -p $MBD_DIR/selinux
|
|
mkdir -p $MBD_DIR/sys
|
|
mkdir -p $MBD_DIR/etc/terminfo/{a,b,d,l,s,v,x}
|
|
mkdir -p $MBD_DIR/tmp
|
|
mkdir -p $MBD_DIR/usr/libexec
|
|
mkdir -p $MBD_DIR/usr/$LIBDIR/NetworkManager
|
|
mkdir -p $MBD_DIR/$LIBDIR/rsyslog
|
|
mkdir -p $MBD_DIR/usr/share/dbus-1/system-services
|
|
mkdir -p $MBD_DIR/var/lib/dbus
|
|
mkdir -p $MBD_DIR/var/lib/dhclient
|
|
mkdir -p $MBD_DIR/etc/dhcp
|
|
mkdir -p $MBD_DIR/var/lock/rpm
|
|
mkdir -p $MBD_DIR/var/run
|
|
mkdir -p $MBD_DIR/var/run/dbus
|
|
mkdir -p $MBD_DIR/var/run/NetworkManager
|
|
mkdir -p $MBD_DIR/etc/dbus-1/system.d
|
|
mkdir -p $MBD_DIR/etc/modprobe.d
|
|
mkdir -p $MBD_DIR/etc/NetworkManager/dispatcher.d
|
|
mkdir -p $MBD_DIR/$LIBDIR/dbus-1
|
|
mkdir -p $MBD_DIR/etc/sysconfig/network-scripts
|
|
mkdir -p $MBD_DIR/usr/share/polkit-1/actions
|
|
mkdir -p $MBD_DIR/etc/polkit-1/localauthority.conf.d
|
|
mkdir -p $MBD_DIR/etc/polkit-1/nullbackend.conf.d
|
|
mkdir -p $MBD_DIR/usr/share/hwdata
|
|
mkdir -p $MBD_DIR/etc/rc.d/init.d
|
|
mkdir -p $MBD_DIR/usr/sbin
|
|
mkdir -p $MBD_DIR/var/run/wpa_supplicant
|
|
mkdir -m 111 -p $MBD_DIR/var/empty/sshd
|
|
mkdir -p $MBD_DIR/etc/{pam.d,security}
|
|
mkdir -p $MBD_DIR/$LIBDIR/security
|
|
|
|
for x in $IMGPATH/$LIBDIR/security/* ; do
|
|
y=$(basename $x)
|
|
instbin $IMGPATH $LIBDIR/security/$y $MBD_DIR $LIBDIR/security/$y
|
|
done
|
|
|
|
cp $IMGPATH/$LIBDIR/libpam_misc.so.0.* $MBD_DIR/$LIBDIR/libpam_misc.so.0
|
|
cp $IMGPATH/$LIBDIR/libwrap*.so* $MBD_DIR/$LIBDIR/
|
|
|
|
if [ "$BUILDARCH" = "s390" -o "$BUILDARCH" = "s390x" ]; then
|
|
ln -s /tmp $MBD_DIR/var/state/xkb
|
|
instbin $IMGPATH /usr/bin/xauth $MBD_DIR /sbin/xauth
|
|
local cmsfsbin cmd
|
|
for cmsfsbin in $IMGPATH/usr/sbin/cmsfs*; do
|
|
cmd="$(basename $cmsfsbin)"
|
|
instbin $IMGPATH /usr/sbin/$cmd $MBD_DIR /sbin/$cmd
|
|
done
|
|
|
|
# lsznet requirements
|
|
mkdir -p $MBD_DIR/lib/s390-tools
|
|
for lsznetbin in lsznet.raw znetcontrolunits ; do
|
|
target="/lib/s390-tools/$lsznetbin"
|
|
instbin $IMGPATH $target $MBD_DIR $target
|
|
done
|
|
|
|
# required for lsznet
|
|
instbin $IMGPATH /usr/bin/sort $MBD_DIR /sbin/sort
|
|
|
|
# required for lsznet and linuxrc.s390
|
|
instbin $IMGPATH /usr/bin/uname $MBD_DIR /sbin/uname
|
|
instbin $IMGPATH /usr/bin/find $MBD_DIR /sbin/find
|
|
|
|
# required for linuxrc.s390
|
|
for cmd in ping ping6 cat head tr wc echo printf cut mknod ; do
|
|
instbin $IMGPATH /usr/bin/$cmd $MBD_DIR /sbin/$cmd
|
|
done
|
|
instbin $IMGPATH /usr/sbin/cmsfscat $MBD_DIR /sbin/cmsfscat
|
|
instbin $IMGPATH /usr/sbin/sysctl $MBD_DIR /sbin/sysctl
|
|
|
|
# usability and problem determination
|
|
for cmd in cp chown chmod date dmesg ps ls less vi gzip tar scp \
|
|
ldd nslookup expr getopt basename dirname lsscsi ; do
|
|
instbin $IMGPATH /usr/bin/$cmd $MBD_DIR /sbin/$cmd
|
|
done
|
|
for cmd in arp qetharp qetharp-2.6 qethconf lsqeth lscss lschp \
|
|
lsreipl lsdasd dasdview dasdinfo lszfcp ; do
|
|
instbin $IMGPATH /usr/sbin/$cmd $MBD_DIR /sbin/$cmd
|
|
done
|
|
fi
|
|
|
|
if [ -n "$INITRDMODULES" ]; then
|
|
MODSET=`expandModuleSet "$INITRDMODULES"`
|
|
makemoduletree $MBD_DIR "$MODSET"
|
|
fi
|
|
|
|
# set up the arch bits
|
|
echo $arch > $MBD_DIR/etc/arch
|
|
|
|
echo "Setting up arch bits"
|
|
instbin $IMGPATH ${LOADERBINDIR##$IMGPATH}/$LOADERBIN $MBD_DIR /sbin/loader
|
|
if [ "$BUILDARCH" != "s390" -a "$BUILDARCH" != "s390x" ]; then
|
|
instbin $IMGPATH ${LOADERBINDIR##$IMGPATH}/init $MBD_DIR /sbin/init
|
|
ln -s ./init $MBD_DIR/sbin/reboot
|
|
ln -s ./init $MBD_DIR/sbin/halt
|
|
ln -s ./init $MBD_DIR/sbin/poweroff
|
|
else
|
|
instbin $IMGPATH ${LOADERBINDIR##$IMGPATH}/shutdown $MBD_DIR /sbin/shutdown
|
|
instbin $IMGPATH /usr/lib/anaconda-runtime/loader/linuxrc.s390 $MBD_DIR /sbin/init
|
|
instbin $IMGPATH /usr/sbin/dasdfmt $MBD_DIR /sbin/dasdfmt
|
|
fi
|
|
|
|
if [ "$BUILDARCH" != "s390" -a "$BUILDARCH" != "s390x" ]; then
|
|
install -m 644 $KEYMAPS $MBD_DIR/etc/keymaps.gz
|
|
install -m 644 $SCREENFONT $MBD_DIR/etc/screenfont.gz
|
|
fi
|
|
|
|
install -m 644 $MYLANGTABLE $MBD_DIR/etc/lang-table
|
|
install -m 644 $IMGPATH/etc/passwd $MBD_DIR/etc/passwd
|
|
install -m 644 $IMGPATH/etc/group $MBD_DIR/etc/group
|
|
install -m 644 $IMGPATH/etc/netconfig $MBD_DIR/etc/netconfig
|
|
install -m 644 $IMGPATH/etc/nsswitch.conf $MBD_DIR/etc/nsswitch.conf
|
|
install -m 644 $IMGPATH/etc/hosts $MBD_DIR/etc/hosts
|
|
mkdir -p $MBD_DIR/usr/lib/locale
|
|
localedef -c -i en_US -f UTF-8 --prefix $MBD_DIR en_US
|
|
|
|
instbin $IMGPATH /usr/bin/mount $MBD_DIR /sbin/mount
|
|
for mountcmd in $IMGPATH/usr/sbin/mount.* ; do
|
|
cmd="$(basename $mountcmd)"
|
|
instbin $IMGPATH /usr/sbin/$cmd $MBD_DIR /sbin/$cmd
|
|
done
|
|
instbin $IMGPATH /usr/bin/umount $MBD_DIR /sbin/umount
|
|
for umountcmd in $IMGPATH/usr/sbin/umount.* ; do
|
|
cmd="$(basename $umountcmd)"
|
|
instbin $IMGPATH /usr/sbin/$cmd $MBD_DIR /sbin/$cmd
|
|
done
|
|
|
|
instbin $IMGPATH /usr/sbin/udevd $MBD_DIR /sbin/udevd
|
|
instbin $IMGPATH /usr/sbin/udevadm $MBD_DIR /sbin/udevadm
|
|
instbin $IMGPATH /usr/bin/udevinfo $MBD_DIR /sbin/udevinfo
|
|
|
|
instbin $IMGPATH /usr/bin/bash $MBD_DIR /sbin/bash
|
|
( cd $MBD_DIR/sbin ; ln -sf bash sh )
|
|
instbin $IMGPATH /usr/sbin/consoletype $MBD_DIR /sbin/consoletype
|
|
instbin $IMGPATH /usr/bin/logger $MBD_DIR /sbin/logger
|
|
|
|
( cd $IMGPATH/etc/rc.d/init.d
|
|
cp -a functions $MBD_DIR/etc/rc.d/init.d
|
|
)
|
|
|
|
( cd $IMGPATH/etc/sysconfig/network-scripts
|
|
cp -a network-functions $MBD_DIR/etc/sysconfig/network-scripts
|
|
cp -a network-functions-ipv6 $MBD_DIR/etc/sysconfig/network-scripts
|
|
)
|
|
|
|
( cd $MBD_DIR/etc ; ln -sf /etc/rc.d/init.d init.d )
|
|
|
|
# DHCP and DHCPv6 client daemons and support programs
|
|
instbin $IMGPATH /usr/sbin/dhclient $MBD_DIR /sbin/dhclient
|
|
cp -a $IMGPATH/usr/sbin/dhclient-script $MBD_DIR/sbin/dhclient-script
|
|
chmod 0755 $MBD_DIR/sbin/dhclient-script
|
|
instbin $IMGPATH /usr/sbin/dhcp6c $MBD_DIR /sbin/dhcp6c
|
|
instbin $IMGPATH /usr/sbin/arping $MBD_DIR /sbin/arping
|
|
instbin $IMGPATH /usr/sbin/ifconfig $MBD_DIR /sbin/ifconfig
|
|
instbin $IMGPATH /usr/sbin/ip $MBD_DIR /sbin/ip
|
|
instbin $IMGPATH /usr/bin/ipcalc $MBD_DIR /sbin/ipcalc
|
|
instbin $IMGPATH /usr/bin/hostname $MBD_DIR /sbin/hostname
|
|
instbin $IMGPATH /usr/sbin/ethtool $MBD_DIR /sbin/ethtool
|
|
instbin $IMGPATH /usr/sbin/route $MBD_DIR /sbin/route
|
|
touch $MBD_DIR/etc/resolv.conf
|
|
|
|
# hwdata
|
|
cp -a $IMGPATH/usr/share/hwdata/pci.ids $MBD_DIR/usr/share/hwdata/pci.ids
|
|
cp -a $IMGPATH/usr/share/hwdata/usb.ids $MBD_DIR/usr/share/hwdata/usb.ids
|
|
|
|
# PolicyKit
|
|
( cd $IMGPATH/etc/polkit-1
|
|
cp -a localauthority.conf.d/50-localauthority.conf $MBD_DIR/etc/polkit-1/localauthority.conf.d
|
|
cp -a localauthority.conf.d/60-desktop-policy.conf $MBD_DIR/etc/polkit-1/localauthority.conf.d
|
|
cp -a nullbackend.conf.d/50-nullbackend.conf $MBD_DIR/etc/polkit-1/nullbackend.conf.d
|
|
)
|
|
( cd $IMGPATH/usr/share/dbus-1/system-services
|
|
cp -a org.freedesktop.PolicyKit1.service $MBD_DIR/usr/share/dbus-1/system-services
|
|
)
|
|
( cd $IMGPATH/usr/share/polkit/actions
|
|
cp -a org.freedesktop.policykit.policy $MBD_DIR/usr/share/polkit-1/actions
|
|
)
|
|
|
|
# dbus
|
|
instbin $IMGPATH /usr/bin/dbus-uuidgen $MBD_DIR /sbin/dbus-uuidgen
|
|
instbin $IMGPATH /usr/bin/dbus-daemon $MBD_DIR /sbin/dbus-daemon
|
|
cp -a $IMGPATH/etc/dbus-1/system.conf $MBD_DIR/etc/dbus-1/system.conf
|
|
cp -a $IMGPATH/$LIBDIR/dbus-1/dbus-daemon-launch-helper $MBD_DIR/$LIBDIR/dbus-1
|
|
chown root:dbus $MBD_DIR/$LIBDIR/dbus-1/dbus-daemon-launch-helper
|
|
chmod 04750 $MBD_DIR/$LIBDIR/dbus-1/dbus-daemon-launch-helper
|
|
|
|
# wpa_supplicant
|
|
instbin $IMGPATH /usr/sbin/wpa_passphrase $MBD_DIR /usr/sbin/wpa_passphrase
|
|
instbin $IMGPATH /usr/sbin/wpa_supplicant $MBD_DIR /usr/sbin/wpa_supplicant
|
|
cp -a $IMGPATH/etc/dbus-1/system.d/wpa_supplicant.conf $MBD_DIR/etc/dbus-1/system.d
|
|
cp -a $IMGPATH/etc/wpa_supplicant/wpa_supplicant.conf $MBD_DIR/etc/wpa_supplicant
|
|
( cd $IMGPATH/usr/share/dbus-1/system-services
|
|
cp -a fi.epitest.hostap.WPASupplicant.service $MBD_DIR/usr/share/dbus-1/system-services
|
|
)
|
|
|
|
# NetworkManager
|
|
instbin $IMGPATH /usr/sbin/NetworkManager $MBD_DIR /usr/sbin/NetworkManager
|
|
cp -a $IMGPATH/etc/dbus-1/system.d/nm-*.conf $MBD_DIR/etc/dbus-1/system.d
|
|
cp -a $IMGPATH/etc/dbus-1/system.d/NetworkManager.conf $MBD_DIR/etc/dbus-1/system.d
|
|
cp -a $IMGPATH/etc/NetworkManager/nm-system-settings.conf $MBD_DIR/etc/NetworkManager
|
|
( cd $IMGPATH/usr/$LIBDIR/NetworkManager
|
|
for f in *.so ; do
|
|
instbin $IMGPATH /usr/$LIBDIR/NetworkManager/$f $MBD_DIR /usr/$LIBDIR/NetworkManager/$f
|
|
done
|
|
)
|
|
( cd $IMGPATH/usr/libexec
|
|
for f in nm-* ; do
|
|
instbin $IMGPATH /usr/libexec/$f $MBD_DIR /usr/libexec/$f
|
|
done
|
|
)
|
|
( cd $IMGPATH/usr/share/dbus-1/system-services
|
|
cp -a org.freedesktop.nm_dispatcher.service $MBD_DIR/usr/share/dbus-1/system-services
|
|
)
|
|
|
|
# mdadm
|
|
instbin $IMGPATH /usr/sbin/mdadm $MBD_DIR /sbin/mdadm
|
|
instbin $IMGPATH /usr/sbin/mdmon $MBD_DIR /sbin/mdmon
|
|
|
|
# rsyslog
|
|
instbin $IMGPATH /usr/sbin/rsyslogd $MBD_DIR /sbin/rsyslogd
|
|
( cd $IMGPATH/$LIBDIR/rsyslog
|
|
for f in *.so; do
|
|
instbin $IMGPATH /$LIBDIR/rsyslog/$f $MBD_DIR /$LIBDIR/rsyslog/$f
|
|
done
|
|
)
|
|
# \EOF has a quote in the first character on purpose; see man bash on here documents
|
|
cat > $MBD_DIR/etc/rsyslog.conf <<\EOF
|
|
#### MODULES ####
|
|
$ModLoad imuxsock.so # provides support for local system logging
|
|
$ModLoad imklog.so # provides kernel logging support
|
|
|
|
#### GLOBAL DIRECTIVES ####
|
|
# Use default timestamp format
|
|
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
|
|
|
#### TEMPLATES ####
|
|
|
|
$template anaconda_tty4, "%syslogseverity-text:::uppercase% %programname%:%msg%\n"
|
|
$template anaconda_syslog, "%timestamp:8:$:date-rfc3164%,%timestamp:1:3:date-subseconds% %syslogseverity-text:::uppercase% %programname%:%msg%\n"
|
|
|
|
#### RULES ####
|
|
# log everything except anaconda-specific records from local1 (those are stored
|
|
# directly into files via python logging)
|
|
*.*;\
|
|
authpriv.none;\
|
|
local1.none /tmp/syslog;anaconda_syslog
|
|
& /dev/tty4;anaconda_tty4
|
|
|
|
# ### begin forwarding rule ###
|
|
# The statement between the begin ... end define a SINGLE forwarding
|
|
# rule. They belong together, do NOT split them. If you create multiple
|
|
# forwarding rules, duplicate the whole block!
|
|
#
|
|
# An on-disk queue is created for this action. If the remote host is
|
|
# down, messages are spooled to disk and sent when it is up again.
|
|
$ActionQueueMaxDiskSpace 1m # space limit (use as much as possible)
|
|
$ActionQueueSaveOnShutdown off # do not save messages to disk on shutdown
|
|
$ActionQueueType LinkedList # run asynchronously
|
|
$ActionResumeRetryCount -1 # infinite retries if host is down
|
|
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
|
|
# ### end of the forwarding rule ###
|
|
|
|
EOF
|
|
|
|
# Misc
|
|
instbin $IMGPATH /usr/sbin/dmidecode $MBD_DIR /sbin/dmidecode
|
|
instbin $IMGPATH /usr/bin/egrep $MBD_DIR /sbin/egrep
|
|
instbin $IMGPATH /usr/bin/fgrep $MBD_DIR /sbin/fgrep
|
|
instbin $IMGPATH /usr/bin/gawk $MBD_DIR /sbin/gawk
|
|
( cd $MBD_DIR/sbin ; ln -sf gawk awk )
|
|
instbin $IMGPATH /usr/bin/grep $MBD_DIR /sbin/grep
|
|
instbin $IMGPATH /usr/bin/kill $MBD_DIR /sbin/kill
|
|
instbin $IMGPATH /usr/bin/ln $MBD_DIR /sbin/ln
|
|
instbin $IMGPATH /usr/sbin/load_policy $MBD_DIR /sbin/load_policy
|
|
instbin $IMGPATH /usr/bin/mkdir $MBD_DIR /sbin/mkdir
|
|
instbin $IMGPATH /usr/bin/readlink $MBD_DIR /sbin/readlink
|
|
instbin $IMGPATH /usr/bin/rm $MBD_DIR /sbin/rm
|
|
instbin $IMGPATH /usr/bin/rmdir $MBD_DIR /sbin/rmdir
|
|
instbin $IMGPATH /usr/bin/sed $MBD_DIR /sbin/sed
|
|
instbin $IMGPATH /usr/bin/sleep $MBD_DIR /sbin/sleep
|
|
instbin $IMGPATH /usr/bin/strace $MBD_DIR /sbin/strace
|
|
instbin $IMGPATH /usr/bin/touch $MBD_DIR /sbin/touch
|
|
instbin $IMGPATH /usr/bin/wget $MBD_DIR /sbin/wget
|
|
|
|
# Indirect dependencies
|
|
for nsslib in freebl3 softokn3 nssdbm3 ; do
|
|
if [ -f $IMGPATH/$LIBDIR/lib$nsslib.so ]; then
|
|
install -m 755 $IMGPATH/$LIBDIR/lib$nsslib.so $MBD_DIR/$LIBDIR/
|
|
elif [ -f $IMGPATH/usr/$LIBDIR/lib$nsslib.so ]; then
|
|
install -m 755 $IMGPATH/usr/$LIBDIR/lib$nsslib.so $MBD_DIR/$LIBDIR/
|
|
else
|
|
echo "ERROR: *** Missing lib$nsslib.so" >&2
|
|
fi
|
|
done
|
|
|
|
install -m 755 $IMGPATH/usr/$LIBDIR/libsqlite3.so.0 $MBD_DIR/usr/$LIBDIR/
|
|
install -m 755 $IMGPATH/$LIBDIR/libnss_dns.so.2 $MBD_DIR/$LIBDIR/
|
|
install -m 755 $IMGPATH/$LIBDIR/libnss_files.so.2 $MBD_DIR/$LIBDIR/
|
|
install -m 755 $IMGPATH/$LIBDIR/libgcc_s.so.1 $MBD_DIR/$LIBDIR/
|
|
|
|
install -m 644 $IMGPATH/etc/udev/udev.conf $MBD_DIR/etc/udev/udev.conf
|
|
for i in $IMGPATH/lib/udev/rules.d/*.rules ; do
|
|
install -m 644 $i $MBD_DIR/lib/udev/rules.d/${i##*/}
|
|
done
|
|
for i in $IMGPATH/etc/udev/rules.d/*.rules ; do
|
|
install -m 644 $i $MBD_DIR/etc/udev/rules.d/${i##*/}
|
|
done
|
|
for i in $IMGPATH/lib/udev/*; do
|
|
if [ -f $i ]; then install -m 755 $i $MBD_DIR/lib/udev/${i##*/}; fi
|
|
done
|
|
rm -f $MBD_DIR/lib/udev/rules.d/*generator*
|
|
|
|
install -m 644 $LOADERBINDIR/$MYLOADERTR $MBD_DIR/etc/loader.tr
|
|
for i in a/ansi d/dumb l/linux s/screen v/vt100 v/vt100-nav v/vt102 x/xterm x/xterm-color g/gnome ; do
|
|
[ -f $IMGPATH/usr/share/terminfo/$i ] && \
|
|
install -m 644 $IMGPATH/usr/share/terminfo/$i $MBD_DIR/etc/terminfo/$i
|
|
done
|
|
|
|
makeproductfile $MBD_DIR
|
|
|
|
for n in insmod rmmod modprobe depmod; do
|
|
instbin $IMGPATH /usr/sbin/$n $MBD_DIR /sbin/$n
|
|
done
|
|
|
|
ln -s /sbin/init $MBD_DIR/init
|
|
ln -s /proc/mounts $MBD_DIR/etc/mtab
|
|
ln -s sbin $MBD_DIR/bin
|
|
mkdir -p $MBD_DIR/var/lib
|
|
ln -s ../../tmp $MBD_DIR/var/lib/xkb
|
|
|
|
setupSshd
|
|
|
|
cat > $MBD_DIR/.profile <<EOF
|
|
PS1="[anaconda \u@\h \W]\\\\$ "
|
|
PATH=/bin:/usr/bin:/usr/sbin:/mnt/sysimage/sbin:/mnt/sysimage/usr/sbin:/mnt/sysimage/bin:/mnt/sysimage/usr/bin
|
|
export PATH PS1
|
|
EOF
|
|
|
|
cat > $MBD_DIR/.bash_history <<EOF
|
|
kill -USR2 \`cat /var/run/anaconda.pid\`
|
|
kill -HUP \`cat /var/run/anaconda.pid\`
|
|
udevadm info --export-db | less
|
|
tail -f /tmp/storage.log
|
|
EOF
|
|
|
|
cp /usr/share/doc/python-devel-*/gdbinit $MBD_DIR/.gdbinit
|
|
|
|
rm -f $MBD_FSIMAGE
|
|
(cd $MBD_DIR; find . |cpio --quiet -c -o) |gzip -9 > $MBD_FSIMAGE
|
|
|
|
size=$(du $MBD_FSIMAGE | awk '{ print $1 }')
|
|
|
|
echo "Wrote $MBD_FSIMAGE (${size}k compressed)"
|
|
|
|
if [ -n "$EXTRAINITRDPATH" ]; then
|
|
mkdir -p `dirname $EXTRAINITRDPATH`
|
|
cp -a $MBD_FSIMAGE $EXTRAINITRDPATH
|
|
fi
|
|
|
|
if [ -z "$KEEP" ]; then
|
|
rm -rf $MBD_FSIMAGE $MBD_BOOTTREE
|
|
fi
|
|
}
|
|
|
|
makeinstimage () {
|
|
imagename=$1
|
|
type=$2
|
|
tmp=$TMPDIR/instimage.dir.$$
|
|
|
|
rm -rf $tmpimage $tmp
|
|
mkdir -p $mntpoint $tmp
|
|
|
|
mkdir -p $tmp
|
|
(cd $IMGPATH; find . | cpio --quiet -p $tmp)
|
|
makeproductfile $tmp
|
|
|
|
if [ -z "$type" -o "$type" = "cramfs" ]; then
|
|
echo "Running mkcramfs $CRAMBS $tmp $INSTIMGPATH/${imagename}2.img"
|
|
mkfs.cramfs $CRAMBS $tmp $TMPDIR/${imagename}2.img.$$
|
|
elif [ "$type" = "squashfs" ]; then
|
|
echo "Running mksquashfs $tmp $TMPDIR/${imagename}2.img -all-root -no-fragments -no-progress"
|
|
mksquashfs $tmp $TMPDIR/${imagename}2.img.$$ -all-root -no-fragments -no-progress
|
|
chmod 0644 $TMPDIR/${imagename}2.img.$$
|
|
fi
|
|
cp $TMPDIR/${imagename}2.img.$$ $INSTIMGPATH/${imagename}2.img
|
|
size=$(ls -l $INSTIMGPATH/${imagename}2.img | awk '{print $5}')
|
|
size=$(expr $size / 1024)
|
|
echo "Wrote $INSTIMGPATH/${imagename}2.img (${size}k)..."
|
|
relpath=${INSTIMGPATH#$TOPDESTPATH/}
|
|
echo "instimage = ${relpath}/${imagename}2.img" >> $TOPDESTPATH/.treeinfo
|
|
rm -rf $tmp
|
|
}
|
|
|
|
makemainimage () {
|
|
imagename=$1
|
|
type=$2
|
|
mmi_tmpimage=$TMPDIR/instimage.img.$$
|
|
mmi_mntpoint=$TMPDIR/instimage.mnt.$$
|
|
|
|
rm -rf $mmi_tmpimage $mmi_mntpoint
|
|
mkdir $mmi_mntpoint
|
|
|
|
if [ $type = "ext2" ]; then
|
|
SIZE=$(du -sk $IMGPATH | awk '{ print int($1 * 1.1) }')
|
|
if [ -d $IMGPATH/usr/lib/anaconda-runtime ]; then
|
|
ERROR=$(du -sk $IMGPATH/usr/lib/anaconda-runtime | awk '{ print $1 }')
|
|
SIZE=$(expr $SIZE - $ERROR)
|
|
fi
|
|
if [ -d $IMGPATH/usr/share/syslinux ]; then
|
|
ERROR=$(du -sk $IMGPATH/usr/share/syslinux | awk '{ print $1 }')
|
|
SIZE=$(expr $SIZE - $ERROR)
|
|
fi
|
|
dd if=/dev/zero bs=1k count=${SIZE} of=$mmi_tmpimage 2>/dev/null
|
|
mke2fs -q -F $mmi_tmpimage > /dev/null
|
|
tune2fs -c0 -i0 $mmi_tmpimage >/dev/null
|
|
mount -o loop $mmi_tmpimage $mmi_mntpoint
|
|
|
|
(cd $IMGPATH; find . |
|
|
fgrep -v "./usr/lib/anaconda-runtime" |
|
|
fgrep -v "./usr/share/syslinux"
|
|
cpio -H crc -o) | (cd $mmi_mntpoint; cpio -iumd)
|
|
makeproductfile $mmi_mntpoint
|
|
umount $mmi_mntpoint
|
|
rmdir $mmi_mntpoint
|
|
elif [ $type = "squashfs" ]; then
|
|
makeproductfile $IMGPATH
|
|
echo "Running mksquashfs $IMGPATH $mmi_tmpimage -all-root -no-fragments -no-progress"
|
|
mksquashfs $IMGPATH $mmi_tmpimage -all-root -no-fragments -no-progress
|
|
chmod 0644 $mmi_tmpimage
|
|
SIZE=$(expr `cat $mmi_tmpimage | wc -c` / 1024)
|
|
elif [ $type = "cramfs" ]; then
|
|
makeproductfile $IMGPATH
|
|
echo "Running mkcramfs $CRAMBS $IMGPATH $mmi_tmpimage"
|
|
mkfs.cramfs $CRAMBS $IMGPATH $mmi_tmpimage
|
|
SIZE=$(expr `cat $mmi_tmpimage | wc -c` / 1024)
|
|
fi
|
|
|
|
cp $mmi_tmpimage $INSTIMGPATH/${imagename}.img
|
|
chmod 644 $INSTIMGPATH/${imagename}.img
|
|
|
|
echo "Wrote $INSTIMGPATH/${imagename}.img (${SIZE}k)"
|
|
relpath=${INSTIMGPATH#$TOPDESTPATH/}
|
|
echo "mainimage = ${relpath}/${imagename}.img" >> $TOPDESTPATH/.treeinfo
|
|
|
|
rm $mmi_tmpimage
|
|
}
|
|
|
|
makeSecondStage() {
|
|
echo "[stage2]" >> $TOPDESTPATH/.treeinfo
|
|
echo "Building install.img"
|
|
makemainimage "install" "squashfs"
|
|
[ $? = 0 ] || exit 1
|
|
}
|
|
|
|
doPostImages() {
|
|
/bin/true
|
|
}
|
|
|
|
# this gets overloaded if we're on an EFI-capable arch (... with grub)
|
|
makeEfiImages()
|
|
{
|
|
echo "Not on an EFI capable machine; skipping EFI images."
|
|
/bin/true
|
|
}
|
|
|
|
# source the architecture specific mk-images file so we can call functions
|
|
# in it
|
|
if [ ${BUILDARCH} = s390x ]; then
|
|
# FIXME: this is a bad hack for s390, but better than copying for now
|
|
source $TOPDIR/mk-images.s390
|
|
elif [ ${BUILDARCH} = ppc64 ]; then
|
|
# ... and similar for ppc64
|
|
source $TOPDIR/mk-images.ppc
|
|
elif [ ${BUILDARCH} = "x86_64" -o ${BUILDARCH} = "i386" ]; then
|
|
source $TOPDIR/mk-images.x86
|
|
source $TOPDIR/mk-images.efi
|
|
elif [ ${BUILDARCH} = "sparc64" -o ${BUILDARCH} = "sparcv9" ]; then
|
|
source $TOPDIR/mk-images.sparc
|
|
else
|
|
source $TOPDIR/mk-images.${BUILDARCH}
|
|
fi
|
|
|
|
# Find the kernel, unpack it, and verify it
|
|
kerneltags="kernel"
|
|
efiarch=""
|
|
arches="$BUILDARCH"
|
|
if [ "$BUILDARCH" = "ppc" ]; then
|
|
arches="ppc64 ppc"
|
|
elif [ "$BUILDARCH" = "i386" ]; then
|
|
arches="i586"
|
|
efiarch="ia32"
|
|
kerneltags="kernel kernel-PAE"
|
|
kernelxen="kernel-PAE"
|
|
elif [ "$BUILDARCH" = "x86_64" ]; then
|
|
kerneltags="kernel"
|
|
efiarch="x64"
|
|
elif [ "$BUILDARCH" = "ia64" ]; then
|
|
kerneltags="kernel"
|
|
efiarch="ia64"
|
|
elif [ "$BUILDARCH" = "sparc" -o "$BUILDARCH" = "sparcv9" -o "$BUILDARCH" = "sparc64" ]; then
|
|
arches="sparc64"
|
|
fi
|
|
|
|
foundakernel=""
|
|
for KERNELARCH in $arches; do
|
|
for kernelvers in $kerneltags; do
|
|
kpackage=$(findPackage $kernelvers)
|
|
if [ "$KERNELARCH" = "i586" -a -z "$kpackage" ]; then
|
|
echo "No i586 kernel, trying i686..."
|
|
KERNELARCH="i686"
|
|
kpackage=$(findPackage $kernelvers)
|
|
fi
|
|
|
|
if [ -z "$kpackage" ]; then
|
|
echo "Unable to find kernel package $kernelvers"
|
|
continue
|
|
fi
|
|
|
|
yumdownloader -c $yumconf --archlist=$KERNELARCH $kpackage
|
|
kpackage="$kpackage.rpm"
|
|
rpm_verify $kpackage.rpm || exit 1
|
|
if [ ! -f "$kpackage" ]; then
|
|
echo "kernel ($kernelvers) doesn't exist for $KERNELARCH. skipping"
|
|
continue
|
|
fi
|
|
|
|
KERNELROOT=$KERNELBASE/$KERNELARCH
|
|
mkdir -p $KERNELROOT
|
|
|
|
foundakernel="yes"
|
|
|
|
if [ "$BUILDARCH" = "ia64" ]; then
|
|
vmlinuz=$(rpm --nodigest --nosignature -qpl $kpackage |grep ^/boot/efi/EFI/redhat/vmlinuz | head -n 1)
|
|
version=${vmlinuz##/boot/efi/EFI/redhat/vmlinuz-}
|
|
else
|
|
vmlinuz=$(rpm --nodigest --nosignature -qpl $kpackage |grep ^/boot/vmlinuz | head -n 1)
|
|
version=${vmlinuz##/boot/vmlinuz-}
|
|
fi
|
|
arch=$(rpm --nodigest --nosignature --qf '%{ARCH}\n' -qp $kpackage)
|
|
|
|
rpm2cpio $kpackage | (cd $KERNELROOT; cpio --quiet -iumd)
|
|
rm -f $kpackage
|
|
# expand out any available firmware too
|
|
for p in $(repoquery -c $yumconf '*firmware*') ; do
|
|
yumdownloader -c $yumconf $p
|
|
rpm_verify *firmware*.rpm || exit 1
|
|
rpm2cpio *firmware*.rpm | (cd $KERNELROOT; cpio --quiet -iumd)
|
|
rm -f *firmware*.rpm
|
|
done
|
|
# and get XEN Hypervisor
|
|
for p in $(repoquery -c $yumconf 'xen-hypervisor') ; do
|
|
yumdownloader -c $yumconf $p
|
|
rpm_verify xen-hypervisor*.rpm || exit 1
|
|
rpm2cpio xen-hypervisor*.rpm | (cd $KERNELROOT; cpio --quiet -iumd)
|
|
rm -f xen-hypervisor*.rpm
|
|
done
|
|
|
|
if [ ! -d "$KERNELROOT/lib/modules/$version" ]; then
|
|
echo "$KERNELROOT/lib/modules/$version is not a valid modules directory" 2>&1
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -f "$KERNELROOT/$KERNELDIR/${KERNELNAME}-$version" ]; then
|
|
echo "$KERNELROOT/$KERNELDIR/${KERNELNAME}-$version does not exist"
|
|
exit 1
|
|
fi
|
|
|
|
allmods=$(find $KERNELROOT/lib/modules/$version -name *.ko)
|
|
|
|
rundepmod $KERNELROOT
|
|
$GENMODINFO $KERNELROOT/lib/modules/$version > $MODINFO
|
|
|
|
# make the boot images
|
|
makeBootImages
|
|
|
|
makeEfiImages $yumconf
|
|
done
|
|
done
|
|
|
|
if [ -n "$foundakernel" ]; then
|
|
makeSecondStage
|
|
rm -rf $KERNELBASE
|
|
fi
|
|
|
|
doPostImages
|
|
|
|
cd $TOPDIR
|