fedora-kiwi-descriptions/config.sh

306 lines
9.6 KiB
Bash
Raw Normal View History

2023-10-14 19:21:23 +00:00
#!/bin/bash
set -euxo pipefail
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile
#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
#======================================
# Set SELinux booleans
#--------------------------------------
if [[ "$kiwi_profiles" != *"Container"* ]]; then
## Fixes KDE Plasma, see rhbz#2058657
setsebool -P selinuxuser_execmod 1
fi
2023-10-14 19:21:23 +00:00
#======================================
# Clear machine specific configuration
#--------------------------------------
## Clear machine-id on pre generated images
rm -f /etc/machine-id
echo 'uninitialized' > /etc/machine-id
## remove random seed, the newly installed instance should make its own
rm -f /var/lib/systemd/random-seed
#======================================
# Configure grub correctly
#--------------------------------------
if [[ "$kiwi_profiles" != *"Container"* ]]; then
## Works around issues with grub-bls
## See: https://github.com/OSInside/kiwi/issues/2198
echo "GRUB_DEFAULT=saved" >> /etc/default/grub
## Disable submenus to match Fedora
echo "GRUB_DISABLE_SUBMENU=true" >> /etc/default/grub
## Disable recovery entries to match Fedora
echo "GRUB_DISABLE_RECOVERY=true" >> /etc/default/grub
fi
2023-10-14 19:21:23 +00:00
#======================================
# Delete & lock the root user password
#--------------------------------------
if [[ "$kiwi_profiles" == *"Cloud"* ]] || [[ "$kiwi_profiles" == *"Disk"* ]] || [[ "$kiwi_profiles" == *"Live"* ]]; then
2023-10-14 19:21:23 +00:00
passwd -d root
passwd -l root
fi
#======================================
# Setup default services
#--------------------------------------
if [[ "$kiwi_profiles" == *"Live"* ]]; then
## Configure livesys session
if [[ "$kiwi_profiles" == *"GNOME"* ]]; then
echo 'livesys_session="gnome"' > /etc/sysconfig/livesys
fi
if [[ "$kiwi_profiles" == *"KDE"* ]]; then
echo 'livesys_session="kde"' > /etc/sysconfig/livesys
fi
if [[ "$kiwi_profiles" == *"Budgie"* ]]; then
echo 'livesys_session="budgie"' > /etc/sysconfig/livesys
fi
if [[ "$kiwi_profiles" == *"Cinnamon"* ]]; then
echo 'livesys_session="cinnamon"' > /etc/sysconfig/livesys
fi
if [[ "$kiwi_profiles" == *"i3"* ]]; then
echo 'livesys_session="i3"' > /etc/sysconfig/livesys
fi
if [[ "$kiwi_profiles" == *"LXDE"* ]]; then
echo 'livesys_session="lxde"' > /etc/sysconfig/livesys
fi
if [[ "$kiwi_profiles" == *"LXQt"* ]]; then
echo 'livesys_session="lxqt"' > /etc/sysconfig/livesys
fi
if [[ "$kiwi_profiles" == *"MATE_Compiz"* ]]; then
echo 'livesys_session="mate"' > /etc/sysconfig/livesys
fi
if [[ "$kiwi_profiles" == *"MiracleWM"* ]]; then
echo 'livesys_session="miraclewm"' > /etc/sysconfig/livesys
fi
if [[ "$kiwi_profiles" == *"Sway"* ]]; then
echo 'livesys_session="sway"' > /etc/sysconfig/livesys
fi
if [[ "$kiwi_profiles" == *"SoaS"* ]]; then
echo 'livesys_session="soas"' > /etc/sysconfig/livesys
fi
if [[ "$kiwi_profiles" == *"Xfce"* ]]; then
echo 'livesys_session="xfce"' > /etc/sysconfig/livesys
fi
2023-10-14 19:21:23 +00:00
fi
#======================================
# Setup firstboot initial setup
#--------------------------------------
if [[ "$kiwi_profiles" == *"Disk"* ]]; then
if [[ "$kiwi_profiles" != *"GNOME"* ]]; then
## Enable initial-setup
systemctl enable initial-setup.service
## Enable reconfig mode
touch /etc/reconfigSys
fi
fi
2023-10-14 19:21:23 +00:00
#======================================
# Setup default target
#--------------------------------------
if [[ "$kiwi_profiles" != *"Container"* ]]; then
if [[ "$kiwi_profiles" == *"Desktop"* ]]; then
systemctl set-default graphical.target
else
systemctl set-default multi-user.target
fi
2023-10-14 19:21:23 +00:00
fi
#======================================
# Setup default customizations
#--------------------------------------
if [[ "$kiwi_profiles" == *"Disk"* ]]; then
# Find the architecture we are on
installarch=$(uname -m)
# Setup Raspberry Pi firmware
if [[ $installarch == "aarch64" ]]; then
cp -a /usr/share/uboot/rpi_arm64/u-boot.bin /boot/efi/rpi-u-boot.bin
fi
fi
2023-10-14 19:21:23 +00:00
if [[ "$kiwi_profiles" == *"Azure"* ]]; then
cat > /etc/ssh/sshd_config.d/50-client-alive-interval.conf << EOF
ClientAliveInterval 120
EOF
cat >> /etc/chrony.conf << EOF
# Azure's virtual time source:
# https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source
refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0
EOF
# Support Azure's accelerated networking feature; without this the network fails
# to come up. It may need adjustments for additional drivers in the future.
cat > /etc/NetworkManager/conf.d/99-azure-unmanaged-devices.conf << EOF
# Ignore SR-IOV interface on Azure, since it's transparently bonded
# to the synthetic interface
[keyfile]
unmanaged-devices=driver:mlx4_core;driver:mlx5_core
EOF
2023-10-14 19:21:23 +00:00
fi
if [[ "$kiwi_profiles" == *"GCE"* ]]; then
cat <<EOF > /etc/NetworkManager/conf.d/gcp-mtu.conf
# In GCP it is recommended to use 1460 as the MTU.
# Set it to 1460 for all connections.
# https://cloud.google.com/network-connectivity/docs/vpn/concepts/mtu-considerations
[connection]
ethernet.mtu = 1460
EOF
fi
if [[ "$kiwi_profiles" == *"Vagrant"* ]]; then
sed -e 's/.*UseDNS.*/UseDNS no/' -i /etc/ssh/sshd_config
mkdir -m 0700 -p ~vagrant/.ssh
cat > ~vagrant/.ssh/authorized_keys << EOKEYS
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
EOKEYS
chmod 600 ~vagrant/.ssh/authorized_keys
chown -R vagrant:vagrant ~vagrant/.ssh/
cat > /etc/sudoers.d/vagrant << EOSUDOER
## Ensure the vagrant user always can use sudo
Defaults:vagrant !requiretty
vagrant ALL=(ALL) NOPASSWD: ALL
EOSUDOER
chmod 600 /etc/sudoers.d/vagrant
2023-10-14 19:21:23 +00:00
cat > /etc/ssh/sshd_config.d/10-vagrant-insecure-rsa-key.conf <<EOF
# For now the vagrant insecure key is an rsa key
# https://github.com/hashicorp/vagrant/issues/11783
PubkeyAcceptedKeyTypes=+ssh-rsa
EOF
# Further suggestion from @purpleidea (James Shubin) - extend key to root users as well
mkdir -m 0700 -p /root/.ssh
cp /home/vagrant/.ssh/authorized_keys /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
chown -R root:root /root/.ssh
fi
if [[ "$kiwi_profiles" == *"Container"* ]]; then
# Set install langs macro so that new rpms that get installed will
# only install langs that we limit it to.
LANG="en_US"
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1727489
echo 'LANG="C.UTF-8"' > /etc/locale.conf
# https://bugzilla.redhat.com/show_bug.cgi?id=1400682
echo "Import RPM GPG key"
releasever=$(rpm --eval '%{?fedora}')
# When building ELN containers, we don't have the %{fedora} macro
if [ -z $releasever ]; then
releasever=eln
fi
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-primary
echo "# fstab intentionally empty for containers" > /etc/fstab
# Remove machine-id on pre generated images
rm -f /etc/machine-id
touch /etc/machine-id
echo "# resolv placeholder" > /etc/resolv.conf
chmod 644 /etc/resolv.conf
# Remove extraneous files
rm -rf /tmp/*
# https://pagure.io/atomic-wg/issue/308
printf "tsflags=nodocs\n" >>/etc/dnf/dnf.conf
if [[ "$kiwi_profiles" == *"Base-Generic-Minimal"* ]]; then
# remove some random help txt files
rm -fv /usr/share/gnupg/help*.txt
# Pruning random things
rm /usr/lib/rpm/rpm.daily
rm -rfv /usr/lib64/nss/unsupported-tools/ # unsupported
# Statically linked crap
rm -fv /usr/sbin/{glibc_post_upgrade.x86_64,sln}
ln /usr/bin/ln usr/sbin/sln
# Remove some dnf info
rm -rfv /var/lib/dnf
# don't need icons
rm -rfv /usr/share/icons/*
#some random not-that-useful binaries
rm -fv /usr/bin/pinky
# we lose presets by removing /usr/lib/systemd but we do not care
rm -rfv /usr/lib/systemd
fi
if [[ "$kiwi_profiles" == *"Toolbox"* ]]; then
# Remove macros.image-language-conf file
rm -f /etc/rpm/macros.image-language-conf
# Remove 'tsflags=nodocs' line from dnf.conf
sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
fi
fi
if [[ "$kiwi_profiles" == *"SoaS"* ]]; then
# Get proper release naming in the control panel
cat >> /boot/olpc_build << EOF
Sugar on a Stick
EOF
cat /etc/fedora-release >> /boot/olpc_build
# Rebuild initrd for Sugar boot screen -- TODO: Switch to kiwi declarative stanza
KERNEL_VERSION=$(rpm -q kernel --qf '%{version}-%{release}.%{arch}\n')
/usr/sbin/plymouth-set-default-theme sugar
sed -i -r 's/(omit_dracutmodules\+\=.*) plymouth (.*)/\1 \2/' /etc/dracut.conf.d/99-liveos.conf
dracut --force-add plymouth -N -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
# Note that running rpm recreates the rpm db files which aren't needed or wanted
rm -f /var/lib/rpm/__db*
cat > /etc/sysconfig/desktop <<EOF
PREFERRED=/usr/bin/sugar
DISPLAYMANAGER=/usr/sbin/lightdm
EOF
# set up lightdm autologin
sed -i 's/^#autologin-user=.*/autologin-user=liveuser/' /etc/lightdm/lightdm.conf
sed -i 's/^#autologin-user-timeout=.*/autologin-user-timeout=0/' /etc/lightdm/lightdm.conf
# Don't use the default system user (in SoaS liveuser) as nick name
# Disable the logout menu item in Sugar
# Enable Sugar power management
cat >/usr/share/glib-2.0/schemas/sugar.soas.gschema.override <<EOF
[org.sugarlabs.user]
default-nick='disabled'
[org.sugarlabs]
show-logout=false
[org.sugarlabs.power]
automatic=true
EOF
/usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas
fi
2023-10-14 19:21:23 +00:00
exit 0