diff --git a/Fedora-Linux.kiwi b/Fedora-Linux.kiwi new file mode 120000 index 0000000..2288558 --- /dev/null +++ b/Fedora-Linux.kiwi @@ -0,0 +1 @@ +config.xml \ No newline at end of file diff --git a/README.md b/README.md index 248842b..ef7ad42 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,23 @@ The `rawhide` branch is used for Fedora Rawhide images and each release branch i All changes should be made via the PR workflow. +## Image variants + +* Cloud Edition (image type: `oem`, image profiles: `Cloud-OpenStack`/`Cloud-AmazonEC2`/`Cloud-Azure`/`Cloud-GCE`) +* Workstation Edition (image type: `iso`, image profiles: `Workstation-Live`) +* KDE Spin (image type: `iso`, image profiles: `KDE-Live`) + +## Image build quickstart + +Set up your development environment and run the image build (substitute `` and `` for the appropriate settings): + +```bash +# Install kiwi +[]$ sudo dnf --assumeyes install kiwi +# Run the image build +[]$ sudo ./kiwi-build --image-type= --image-profile= --output-dir ./outdir +``` + ## Licensing This is free software: you can redistribute it and/or modify diff --git a/components/boot.xml b/components/boot.xml new file mode 100644 index 0000000..f2352a5 --- /dev/null +++ b/components/boot.xml @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + + + + + + + diff --git a/components/desktop-environments.xml b/components/desktop-environments.xml new file mode 100644 index 0000000..0761912 --- /dev/null +++ b/components/desktop-environments.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/components/liveinstall.xml b/components/liveinstall.xml new file mode 100644 index 0000000..ca7106d --- /dev/null +++ b/components/liveinstall.xml @@ -0,0 +1,30 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/components/users.xml b/components/users.xml new file mode 100644 index 0000000..08b91a1 --- /dev/null +++ b/components/users.xml @@ -0,0 +1,6 @@ + + + + + + diff --git a/config.sh b/config.sh new file mode 100755 index 0000000..67c2cad --- /dev/null +++ b/config.sh @@ -0,0 +1,121 @@ +#!/bin/bash + +set -euxo pipefail + +#====================================== +# Functions... +#-------------------------------------- +test -f /.kconfig && . /.kconfig +test -f /.profile && . /.profile + +#====================================== +# Greeting... +#-------------------------------------- +echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..." + +#====================================== +# Set SELinux booleans +#-------------------------------------- +## Fixes KDE Plasma, see rhbz#2058657 +setsebool -P selinuxuser_execmod 1 + +#====================================== +# Clear machine specific configuration +#-------------------------------------- +## Clear machine-id on pre generated images +rm -f /etc/machine-id +echo 'uninitialized' > /etc/machine-id +## remove random seed, the newly installed instance should make its own +rm -f /var/lib/systemd/random-seed + +#====================================== +# Configure grub correctly +#-------------------------------------- +## Works around issues with grub-bls +## See: https://github.com/OSInside/kiwi/issues/2198 +echo "GRUB_DEFAULT=saved" >> /etc/default/grub +## Disable submenus to match Fedora +echo "GRUB_DISABLE_SUBMENU=true" >> /etc/default/grub +## Disable recovery entries to match Fedora +echo "GRUB_DISABLE_RECOVERY=true" >> /etc/default/grub + +#====================================== +# Delete & lock the root user password +#-------------------------------------- +if [[ "$kiwi_profiles" == *"Cloud"* ]] || [[ "$kiwi_profiles" == *"Live"* ]]; then + passwd -d root + passwd -l root +fi + +#====================================== +# Setup default services +#-------------------------------------- + +if [[ "$kiwi_profiles" == *"Live"* ]]; then + ## Configure livesys session + if [[ "$kiwi_profiles" == *"GNOME"* ]]; then + echo 'livesys_session="gnome"' > /etc/sysconfig/livesys + fi + if [[ "$kiwi_profiles" == *"KDE"* ]]; then + echo 'livesys_session="kde"' > /etc/sysconfig/livesys + fi +fi + +#====================================== +# Setup default target +#-------------------------------------- +if [[ "$kiwi_profiles" == *"GNOME"* ]] || [[ "$kiwi_profiles" == *"KDE"* ]]; then + systemctl set-default graphical.target +else + systemctl set-default multi-user.target +fi + +#====================================== +# Setup default customizations +#-------------------------------------- + +if [[ "$kiwi_profiles" == *"Azure"* ]]; then +cat > /etc/ssh/sshd_config.d/50-client-alive-interval.conf << EOF +ClientAliveInterval 120 +EOF + +cat >> /etc/chrony.conf << EOF +# Azure's virtual time source: +# https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync#check-for-ptp-clock-source +refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 +EOF +fi + +if [[ "$kiwi_profiles" == *"GCE"* ]]; then +cat < /etc/NetworkManager/conf.d/gcp-mtu.conf +# In GCP it is recommended to use 1460 as the MTU. +# Set it to 1460 for all connections. +# https://cloud.google.com/network-connectivity/docs/vpn/concepts/mtu-considerations +[connection] +ethernet.mtu = 1460 +EOF +fi + +if [[ "$kiwi_profiles" == *"Vagrant"* ]]; then +sed -e 's/.*UseDNS.*/UseDNS no/' -i /etc/ssh/sshd_config +mkdir -m 0700 -p ~vagrant/.ssh +cat > ~vagrant/.ssh/authorized_keys << EOKEYS +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key +EOKEYS +chmod 600 ~vagrant/.ssh/authorized_keys +chown -R vagrant:vagrant ~vagrant/.ssh/ + +cat > /etc/ssh/sshd_config.d/10-vagrant-insecure-rsa-key.conf < + + + + Fedora Project Contributors + devel@lists.fedoraproject.org + Fedora Linux + + + 0.0.0 + dnf + en_US + us + UTC + rawhide + + + + + + + + + + + + + + diff --git a/grub.cfg.iso-template b/grub.cfg.iso-template new file mode 100644 index 0000000..b0f6aee --- /dev/null +++ b/grub.cfg.iso-template @@ -0,0 +1,44 @@ +# Inspired by the config used for lorax-built live media + +set default=${default_boot} + +if [ "$$grub_platform" == "efi" ]; then + function load_video { + insmod efi_gop + insmod efi_uga + insmod video_bochs + insmod video_cirrus + insmod all_video + } + set basicgfx="nomodeset" +else + function load_video { + insmod all_video + } + set basicgfx="nomodeset vga=791" +fi + +load_video +set gfxpayload=keep +insmod gzio +insmod part_gpt +insmod ext2 + +terminal_input console +terminal_output ${terminal_setup} + +set timeout=${boot_timeout} +set timeout_style=${boot_timeout_style} + +search ${search_params} + +menuentry "Start ${title}" --class fedora --class gnu-linux --class gnu --class os { + linux ($$root)${bootpath}/${kernel_file} ${boot_options} + initrd ($$root)${bootpath}/${initrd_file} +} +submenu "Troubleshooting -->" { + menuentry "Start ${title} in basic graphics mode" --class fedora --class gnu-linux --class gnu --class os { + linux ($$root)${bootpath}/${kernel_file} ${boot_options} $${basicgfx} + initrd ($$root)${bootpath}/${initrd_file} + } +} diff --git a/kiwi-build b/kiwi-build new file mode 100755 index 0000000..ebca496 --- /dev/null +++ b/kiwi-build @@ -0,0 +1,64 @@ +#!/bin/bash + +# Simple wrapper to call kiwi properly for image builds +# Author: Neal Gompa + +set -eu -o pipefail + +kiwibuildsh="$(basename "$0")" + +usage() { + echo >&2 "usage: $kiwibuildsh --output-dir=DIR --image-type=TYPE --image-profile=PROFILE [--debug]" + echo >&2 " eg: $kiwibuildsh --output-dir=/var/tmp/work --image-type=oem --image-profile=cloud --debug" + echo >&2 " eg: $kiwibuildsh --output-dir=/var/tmp/work --image-type=oem --image-profile=cloud" + exit 255 +} + +optTemp=$(getopt --options '+o:,t:,p:,d,h' --longoptions 'output-dir:,image-type:,image-profile:,debug,help' --name "$kiwibuildsh" -- "$@") +eval set -- "$optTemp" +unset optTemp + +output_dir= +image_type= +image_profile= +debug= + +while true; do + case "$1" in + -o|--output-dir) output_dir="$2" ; shift 2 ;; + -t|--image-type) image_type="$2" ; shift 2 ;; + -p|--image-profile) image_profile="$2" ; shift 2 ;; + -d|--debug) debug="--debug" ; shift ;; + -h|--help) usage ;; + --) shift ; break ;; + esac +done + +if [ -z "$output_dir" ] || [ -z "$image_type" ] || [ -z "$image_profile" ]; then + echo "Options not set!" + usage +fi + +if [ -e "/sys/fs/selinux/enforce" ]; then + # Disable SELinux enforcement during the image build if it's enforcing + selinux_enforcing="$(cat /sys/fs/selinux/enforce)" + if [ "$selinux_enforcing" = "1" ]; then + setenforce 0 + fi +fi + +pushd kiwi-desc + set +e + kiwi-ng ${debug} --type="${image_type}" --profile="${image_profile}" --color-output system build --description "./" --target-dir "${output_dir}" + kiwi_status=$? + set -e +popd + +if [ -e "/sys/fs/selinux/enforce" ]; then + # Re-enable SELinux enforcement now that image build is done + if [ "$selinux_enforcing" = "1" ]; then + setenforce 1 + fi +fi + +exit $kiwi_status diff --git a/platforms/cloud.xml b/platforms/cloud.xml new file mode 100644 index 0000000..5d450d7 --- /dev/null +++ b/platforms/cloud.xml @@ -0,0 +1,101 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + 5 + + false + + + + + + + 5 + + + + + + + false + + + + + + + 5 + + + + + + + false + + + + + + + 5 + + + + + + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/platforms/vagrant.xml b/platforms/vagrant.xml new file mode 100644 index 0000000..dbcfc12 --- /dev/null +++ b/platforms/vagrant.xml @@ -0,0 +1,34 @@ + + + + + + + + + + 5 + + + + + + + false + + + + + + + + + + + + + + + + + diff --git a/platforms/workstation.xml b/platforms/workstation.xml new file mode 100644 index 0000000..3108f76 --- /dev/null +++ b/platforms/workstation.xml @@ -0,0 +1,12 @@ + + + + + + + + + + + + diff --git a/repositories/core-nonrawhide.xml b/repositories/core-nonrawhide.xml new file mode 100644 index 0000000..d6ed79f --- /dev/null +++ b/repositories/core-nonrawhide.xml @@ -0,0 +1,12 @@ + + + + + + + + + + + + diff --git a/repositories/core-rawhide.xml b/repositories/core-rawhide.xml new file mode 100644 index 0000000..c2ae124 --- /dev/null +++ b/repositories/core-rawhide.xml @@ -0,0 +1,7 @@ + + + + + + + diff --git a/repositories/core.xml b/repositories/core.xml new file mode 120000 index 0000000..95dc008 --- /dev/null +++ b/repositories/core.xml @@ -0,0 +1 @@ +core-rawhide.xml \ No newline at end of file diff --git a/root/etc/fstab.script b/root/etc/fstab.script new file mode 100755 index 0000000..94e99db --- /dev/null +++ b/root/etc/fstab.script @@ -0,0 +1,10 @@ +#!/bin/sh + +# Set ESP mount options to match what Fedora does +# https://github.com/OSInside/kiwi/issues/2201 +gawk -i inplace '$2 == "/boot/efi" { $4 = $4",umask=0077,shortname=winnt" } { print $0 }' /etc/fstab + +# Run selinux relabel at the right time +# https://github.com/OSInside/kiwi/issues/2192 +# https://github.com/OSInside/kiwi/pull/2282#issuecomment-1514399308 +setfiles -F -p -c /etc/selinux/targeted/policy/policy.* -e /proc -e /sys -e /dev /etc/selinux/targeted/contexts/files/file_contexts / diff --git a/root/etc/sysconfig/kernel b/root/etc/sysconfig/kernel new file mode 100644 index 0000000..8da1970 --- /dev/null +++ b/root/etc/sysconfig/kernel @@ -0,0 +1,6 @@ +# UPDATEDEFAULT specifies if kernel-install should make +# new kernels the default +UPDATEDEFAULT=yes + +# DEFAULTKERNEL specifies the default kernel package type +DEFAULTKERNEL=kernel-core