2023-10-14 19:21:23 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
set -euxo pipefail
|
|
|
|
|
|
|
|
#======================================
|
|
|
|
# Functions...
|
|
|
|
#--------------------------------------
|
|
|
|
test -f /.kconfig && . /.kconfig
|
|
|
|
test -f /.profile && . /.profile
|
|
|
|
|
|
|
|
#======================================
|
|
|
|
# Greeting...
|
|
|
|
#--------------------------------------
|
|
|
|
echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
|
|
|
|
|
|
|
|
#======================================
|
|
|
|
# Set SELinux booleans
|
|
|
|
#--------------------------------------
|
2024-01-08 03:16:11 +00:00
|
|
|
if [[ "$kiwi_profiles" != *"Container"* ]]; then
|
|
|
|
## Fixes KDE Plasma, see rhbz#2058657
|
|
|
|
setsebool -P selinuxuser_execmod 1
|
|
|
|
fi
|
2023-10-14 19:21:23 +00:00
|
|
|
|
|
|
|
#======================================
|
|
|
|
# Clear machine specific configuration
|
|
|
|
#--------------------------------------
|
|
|
|
## Clear machine-id on pre generated images
|
|
|
|
rm -f /etc/machine-id
|
|
|
|
echo 'uninitialized' > /etc/machine-id
|
|
|
|
## remove random seed, the newly installed instance should make its own
|
|
|
|
rm -f /var/lib/systemd/random-seed
|
|
|
|
|
|
|
|
#======================================
|
|
|
|
# Configure grub correctly
|
|
|
|
#--------------------------------------
|
2024-01-08 03:16:11 +00:00
|
|
|
if [[ "$kiwi_profiles" != *"Container"* ]]; then
|
|
|
|
## Works around issues with grub-bls
|
|
|
|
## See: https://github.com/OSInside/kiwi/issues/2198
|
|
|
|
echo "GRUB_DEFAULT=saved" >> /etc/default/grub
|
|
|
|
## Disable submenus to match Fedora
|
|
|
|
echo "GRUB_DISABLE_SUBMENU=true" >> /etc/default/grub
|
|
|
|
## Disable recovery entries to match Fedora
|
|
|
|
echo "GRUB_DISABLE_RECOVERY=true" >> /etc/default/grub
|
|
|
|
fi
|
2023-10-14 19:21:23 +00:00
|
|
|
|
|
|
|
#======================================
|
|
|
|
# Delete & lock the root user password
|
|
|
|
#--------------------------------------
|
2024-07-22 21:09:39 +00:00
|
|
|
if [[ "$kiwi_profiles" == *"Cloud"* ]] || [[ "$kiwi_profiles" == *"Disk"* ]] || [[ "$kiwi_profiles" == *"Live"* ]]; then
|
2023-10-14 19:21:23 +00:00
|
|
|
passwd -d root
|
|
|
|
passwd -l root
|
|
|
|
fi
|
|
|
|
|
|
|
|
#======================================
|
|
|
|
# Setup default services
|
|
|
|
#--------------------------------------
|
|
|
|
|
|
|
|
if [[ "$kiwi_profiles" == *"Live"* ]]; then
|
|
|
|
## Configure livesys session
|
|
|
|
if [[ "$kiwi_profiles" == *"GNOME"* ]]; then
|
|
|
|
echo 'livesys_session="gnome"' > /etc/sysconfig/livesys
|
|
|
|
fi
|
|
|
|
if [[ "$kiwi_profiles" == *"KDE"* ]]; then
|
|
|
|
echo 'livesys_session="kde"' > /etc/sysconfig/livesys
|
|
|
|
fi
|
2024-01-13 22:03:41 +00:00
|
|
|
if [[ "$kiwi_profiles" == *"Budgie"* ]]; then
|
|
|
|
echo 'livesys_session="budgie"' > /etc/sysconfig/livesys
|
|
|
|
fi
|
|
|
|
if [[ "$kiwi_profiles" == *"Cinnamon"* ]]; then
|
|
|
|
echo 'livesys_session="cinnamon"' > /etc/sysconfig/livesys
|
|
|
|
fi
|
|
|
|
if [[ "$kiwi_profiles" == *"i3"* ]]; then
|
|
|
|
echo 'livesys_session="i3"' > /etc/sysconfig/livesys
|
|
|
|
fi
|
|
|
|
if [[ "$kiwi_profiles" == *"LXDE"* ]]; then
|
|
|
|
echo 'livesys_session="lxde"' > /etc/sysconfig/livesys
|
|
|
|
fi
|
|
|
|
if [[ "$kiwi_profiles" == *"LXQt"* ]]; then
|
|
|
|
echo 'livesys_session="lxqt"' > /etc/sysconfig/livesys
|
|
|
|
fi
|
|
|
|
if [[ "$kiwi_profiles" == *"MATE_Compiz"* ]]; then
|
|
|
|
echo 'livesys_session="mate"' > /etc/sysconfig/livesys
|
|
|
|
fi
|
2024-08-22 15:52:53 +00:00
|
|
|
if [[ "$kiwi_profiles" == *"MiracleWM"* ]]; then
|
|
|
|
echo 'livesys_session="miraclewm"' > /etc/sysconfig/livesys
|
|
|
|
fi
|
2024-01-13 22:03:41 +00:00
|
|
|
if [[ "$kiwi_profiles" == *"Sway"* ]]; then
|
|
|
|
echo 'livesys_session="sway"' > /etc/sysconfig/livesys
|
|
|
|
fi
|
2024-01-13 21:56:47 +00:00
|
|
|
if [[ "$kiwi_profiles" == *"SoaS"* ]]; then
|
|
|
|
echo 'livesys_session="soas"' > /etc/sysconfig/livesys
|
|
|
|
fi
|
2024-01-13 22:03:41 +00:00
|
|
|
if [[ "$kiwi_profiles" == *"Xfce"* ]]; then
|
|
|
|
echo 'livesys_session="xfce"' > /etc/sysconfig/livesys
|
|
|
|
fi
|
2023-10-14 19:21:23 +00:00
|
|
|
fi
|
|
|
|
|
2024-07-22 21:09:39 +00:00
|
|
|
#======================================
|
|
|
|
# Setup firstboot initial setup
|
|
|
|
#--------------------------------------
|
|
|
|
|
|
|
|
if [[ "$kiwi_profiles" == *"Disk"* ]]; then
|
|
|
|
if [[ "$kiwi_profiles" != *"GNOME"* ]]; then
|
|
|
|
## Enable initial-setup
|
|
|
|
systemctl enable initial-setup.service
|
|
|
|
## Enable reconfig mode
|
|
|
|
touch /etc/reconfigSys
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2023-10-14 19:21:23 +00:00
|
|
|
#======================================
|
|
|
|
# Setup default target
|
|
|
|
#--------------------------------------
|
2024-01-08 03:16:11 +00:00
|
|
|
if [[ "$kiwi_profiles" != *"Container"* ]]; then
|
2024-01-13 22:03:41 +00:00
|
|
|
if [[ "$kiwi_profiles" == *"Desktop"* ]]; then
|
2024-01-08 03:16:11 +00:00
|
|
|
systemctl set-default graphical.target
|
|
|
|
else
|
|
|
|
systemctl set-default multi-user.target
|
|
|
|
fi
|
2023-10-14 19:21:23 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
#======================================
|
|
|
|
# Setup default customizations
|
|
|
|
#--------------------------------------
|
|
|
|
|
2024-07-22 21:09:39 +00:00
|
|
|
if [[ "$kiwi_profiles" == *"Disk"* ]]; then
|
|
|
|
# Find the architecture we are on
|
|
|
|
installarch=$(uname -m)
|
|
|
|
# Setup Raspberry Pi firmware
|
|
|
|
if [[ $installarch == "aarch64" ]]; then
|
|
|
|
cp -a /usr/share/uboot/rpi_arm64/u-boot.bin /boot/efi/rpi-u-boot.bin
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2023-10-14 19:21:23 +00:00
|
|
|
if [[ "$kiwi_profiles" == *"Azure"* ]]; then
|
|
|
|
cat > /etc/ssh/sshd_config.d/50-client-alive-interval.conf << EOF
|
|
|
|
ClientAliveInterval 120
|
|
|
|
EOF
|
|
|
|
|
|
|
|
cat >> /etc/chrony.conf << EOF
|
|
|
|
# Azure's virtual time source:
|
|
|
|
# https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
|
|
|
|
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0
|
|
|
|
EOF
|
2024-02-22 21:08:44 +00:00
|
|
|
|
2024-02-22 21:16:31 +00:00
|
|
|
# Support Azure's accelerated networking feature; without this the network fails
|
|
|
|
# to come up. It may need adjustments for additional drivers in the future.
|
|
|
|
cat > /etc/NetworkManager/conf.d/99-azure-unmanaged-devices.conf << EOF
|
|
|
|
# Ignore SR-IOV interface on Azure, since it's transparently bonded
|
|
|
|
# to the synthetic interface
|
|
|
|
[keyfile]
|
|
|
|
unmanaged-devices=driver:mlx4_core;driver:mlx5_core
|
|
|
|
EOF
|
2023-10-14 19:21:23 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ "$kiwi_profiles" == *"GCE"* ]]; then
|
|
|
|
cat <<EOF > /etc/NetworkManager/conf.d/gcp-mtu.conf
|
|
|
|
# In GCP it is recommended to use 1460 as the MTU.
|
|
|
|
# Set it to 1460 for all connections.
|
|
|
|
# https://cloud.google.com/network-connectivity/docs/vpn/concepts/mtu-considerations
|
|
|
|
[connection]
|
|
|
|
ethernet.mtu = 1460
|
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ "$kiwi_profiles" == *"Vagrant"* ]]; then
|
|
|
|
sed -e 's/.*UseDNS.*/UseDNS no/' -i /etc/ssh/sshd_config
|
|
|
|
mkdir -m 0700 -p ~vagrant/.ssh
|
|
|
|
cat > ~vagrant/.ssh/authorized_keys << EOKEYS
|
|
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
|
|
|
|
EOKEYS
|
|
|
|
chmod 600 ~vagrant/.ssh/authorized_keys
|
|
|
|
chown -R vagrant:vagrant ~vagrant/.ssh/
|
|
|
|
|
2024-03-25 15:24:13 +00:00
|
|
|
cat > /etc/sudoers.d/vagrant << EOSUDOER
|
|
|
|
## Ensure the vagrant user always can use sudo
|
|
|
|
Defaults:vagrant !requiretty
|
|
|
|
vagrant ALL=(ALL) NOPASSWD: ALL
|
|
|
|
EOSUDOER
|
|
|
|
chmod 600 /etc/sudoers.d/vagrant
|
|
|
|
|
2023-10-14 19:21:23 +00:00
|
|
|
cat > /etc/ssh/sshd_config.d/10-vagrant-insecure-rsa-key.conf <<EOF
|
|
|
|
# For now the vagrant insecure key is an rsa key
|
|
|
|
# https://github.com/hashicorp/vagrant/issues/11783
|
|
|
|
PubkeyAcceptedKeyTypes=+ssh-rsa
|
|
|
|
EOF
|
|
|
|
|
|
|
|
# Further suggestion from @purpleidea (James Shubin) - extend key to root users as well
|
|
|
|
mkdir -m 0700 -p /root/.ssh
|
|
|
|
cp /home/vagrant/.ssh/authorized_keys /root/.ssh/authorized_keys
|
|
|
|
chmod 600 /root/.ssh/authorized_keys
|
|
|
|
chown -R root:root /root/.ssh
|
|
|
|
fi
|
|
|
|
|
2024-01-08 03:16:11 +00:00
|
|
|
if [[ "$kiwi_profiles" == *"Container"* ]]; then
|
|
|
|
# Set install langs macro so that new rpms that get installed will
|
|
|
|
# only install langs that we limit it to.
|
|
|
|
LANG="en_US"
|
|
|
|
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
|
|
|
|
|
|
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
|
|
|
|
echo 'LANG="C.UTF-8"' > /etc/locale.conf
|
|
|
|
|
|
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1400682
|
|
|
|
echo "Import RPM GPG key"
|
|
|
|
releasever=$(rpm --eval '%{?fedora}')
|
|
|
|
|
|
|
|
# When building ELN containers, we don't have the %{fedora} macro
|
|
|
|
if [ -z $releasever ]; then
|
|
|
|
releasever=eln
|
|
|
|
fi
|
|
|
|
|
|
|
|
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-primary
|
|
|
|
|
|
|
|
echo "# fstab intentionally empty for containers" > /etc/fstab
|
|
|
|
|
|
|
|
# Remove machine-id on pre generated images
|
|
|
|
rm -f /etc/machine-id
|
|
|
|
touch /etc/machine-id
|
|
|
|
|
|
|
|
echo "# resolv placeholder" > /etc/resolv.conf
|
|
|
|
chmod 644 /etc/resolv.conf
|
|
|
|
|
|
|
|
# Remove extraneous files
|
|
|
|
rm -rf /tmp/*
|
|
|
|
|
|
|
|
# https://pagure.io/atomic-wg/issue/308
|
|
|
|
printf "tsflags=nodocs\n" >>/etc/dnf/dnf.conf
|
|
|
|
|
|
|
|
if [[ "$kiwi_profiles" == *"Base-Generic-Minimal"* ]]; then
|
|
|
|
# remove some random help txt files
|
|
|
|
rm -fv /usr/share/gnupg/help*.txt
|
|
|
|
|
|
|
|
# Pruning random things
|
|
|
|
rm /usr/lib/rpm/rpm.daily
|
|
|
|
rm -rfv /usr/lib64/nss/unsupported-tools/ # unsupported
|
|
|
|
|
|
|
|
# Statically linked crap
|
|
|
|
rm -fv /usr/sbin/{glibc_post_upgrade.x86_64,sln}
|
|
|
|
ln /usr/bin/ln usr/sbin/sln
|
|
|
|
|
|
|
|
# Remove some dnf info
|
|
|
|
rm -rfv /var/lib/dnf
|
|
|
|
|
|
|
|
# don't need icons
|
|
|
|
rm -rfv /usr/share/icons/*
|
|
|
|
|
|
|
|
#some random not-that-useful binaries
|
|
|
|
rm -fv /usr/bin/pinky
|
|
|
|
|
|
|
|
# we lose presets by removing /usr/lib/systemd but we do not care
|
|
|
|
rm -rfv /usr/lib/systemd
|
|
|
|
fi
|
|
|
|
if [[ "$kiwi_profiles" == *"Toolbox"* ]]; then
|
|
|
|
# Remove macros.image-language-conf file
|
|
|
|
rm -f /etc/rpm/macros.image-language-conf
|
|
|
|
|
|
|
|
# Remove 'tsflags=nodocs' line from dnf.conf
|
|
|
|
sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2024-01-13 21:56:47 +00:00
|
|
|
if [[ "$kiwi_profiles" == *"SoaS"* ]]; then
|
|
|
|
# Get proper release naming in the control panel
|
|
|
|
cat >> /boot/olpc_build << EOF
|
|
|
|
Sugar on a Stick
|
|
|
|
EOF
|
|
|
|
cat /etc/fedora-release >> /boot/olpc_build
|
|
|
|
|
|
|
|
# Rebuild initrd for Sugar boot screen -- TODO: Switch to kiwi declarative stanza
|
|
|
|
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
|
|
|
|
/usr/sbin/plymouth-set-default-theme sugar
|
|
|
|
sed -i -r 's/(omit_dracutmodules\+\=.*) plymouth (.*)/\1 \2/' /etc/dracut.conf.d/99-liveos.conf
|
|
|
|
dracut --force-add plymouth -N -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
|
|
|
|
|
|
|
|
# Note that running rpm recreates the rpm db files which aren't needed or wanted
|
|
|
|
rm -f /var/lib/rpm/__db*
|
|
|
|
|
|
|
|
cat > /etc/sysconfig/desktop <<EOF
|
|
|
|
PREFERRED=/usr/bin/sugar
|
|
|
|
DISPLAYMANAGER=/usr/sbin/lightdm
|
|
|
|
EOF
|
|
|
|
|
|
|
|
# set up lightdm autologin
|
|
|
|
sed -i 's/^#autologin-user=.*/autologin-user=liveuser/' /etc/lightdm/lightdm.conf
|
|
|
|
sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
|
|
|
|
|
|
|
|
# Don't use the default system user (in SoaS liveuser) as nick name
|
|
|
|
# Disable the logout menu item in Sugar
|
|
|
|
# Enable Sugar power management
|
|
|
|
cat >/usr/share/glib-2.0/schemas/sugar.soas.gschema.override <<EOF
|
|
|
|
[org.sugarlabs.user]
|
|
|
|
default-nick='disabled'
|
|
|
|
|
|
|
|
[org.sugarlabs]
|
|
|
|
show-logout=false
|
|
|
|
|
|
|
|
[org.sugarlabs.power]
|
|
|
|
automatic=true
|
|
|
|
EOF
|
|
|
|
|
|
|
|
/usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas
|
|
|
|
fi
|
|
|
|
|
2023-10-14 19:21:23 +00:00
|
|
|
exit 0
|