commit 921401a0b19a3b753383bf0ac8684b870c31e620 Author: Jakub Filo Date: Sat Nov 2 18:49:13 2019 +0000 Adding my FAI config space into git repo diff --git a/class/DEBIAN.var b/class/DEBIAN.var new file mode 100644 index 0000000..ee5d9c1 --- /dev/null +++ b/class/DEBIAN.var @@ -0,0 +1,13 @@ +release=buster +apt_cdn=http://deb.debian.org +security_cdn=http://security.debian.org + +CONSOLEFONT= +KEYMAP=us-latin1 + +# if you have enough RAM (>2GB) you may want to enable this line. It +# also puts /var/cache into a ramdisk. +#FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache" + +# if you want to use the faiserver as APT proxy +#APTPROXY=http://faiserver:3142 diff --git a/debconf/DEBIAN b/debconf/DEBIAN new file mode 100644 index 0000000..4423e02 --- /dev/null +++ b/debconf/DEBIAN @@ -0,0 +1,8 @@ +locales locales/default_environment_locale select en_US.UTF-8 +locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8 +keyboard-configuration keyboard-configuration/modelcode string pc105 +keyboard-configuration keyboard-configuration/xkb-keymap select us +keyboard-configuration keyboard-configuration/variant select USA +keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC +keyboard-configuration keyboard-configuration/layoutcode string us +keyboard-configuration keyboard-configuration/optionscode string ctrl:nocaps,terminate:ctrl_alt_bksp diff --git a/hooks/mountdisks.DEFAULT b/hooks/mountdisks.DEFAULT new file mode 100755 index 0000000..4a22ec6 --- /dev/null +++ b/hooks/mountdisks.DEFAULT @@ -0,0 +1,11 @@ +#! /bin/bash + +# stop resync of soft raid +# why though? +# FAI SUCKS +if [ $do_init_tasks -eq 1 ]; then + if grep -q active /proc/mdstat 2>/dev/null; then + echo "frozen" | tee /sys/block/md*/md/sync_action >/dev/null + fi +fi +exit 0 diff --git a/hooks/savelog.LAST.sh b/hooks/savelog.LAST.sh new file mode 100755 index 0000000..0e7124a --- /dev/null +++ b/hooks/savelog.LAST.sh @@ -0,0 +1,216 @@ +#! /bin/bash + +# parse all log files for error messages +# print errors and warnings found to error.log +# WARNING: This will only work with english error messages! + +errfile=$LOGDIR/error.log + +# Define grep patterns. Do not start or end with an empty line! +globalerrorpatterns="error +fail +warn + bad +bad +no space +syntax +Couldn't stat +Cannot access + conflict +is bigger than the limit +did not exist +non existent +not found +couldn't +can't +E: Sorry, broken packages +^E: +operator expected +ambiguous redirect +No previous regular expression +No such +Device or resource busy +unknown option +[a-z]\+\.log:E: +No candidate version found +segfault +Couldn't find any package whose name or description matched +cannot create +The following packages have unmet dependencies" + +globalignorepatterns="[a-z]\+\.log:# +Error: Driver 'pcspkr' is already registered, aborting +: bytes packets errors dropped +:+ error=0 +:+ trap error= +task_error_func= +STOP_ON_ERROR= +courier-webadmin +plugins-bad +Enabling conf localized-error-pages +ibwebadmin +kernel-patch-badram +kolab-webadmin +kolabadmin +gstreamer.\+-plugins-really-bad +liberrors.so +liberrors-samba +libsamba-errors +gsambad +libad +libtest-nowarnings-perl +libtest-warn-perl +libclass-errorhandler-perl +zope-ploneerrorreporting +libroxen-errormessage +liberror-perl +libgpg-error-dev +libgpg-error0 +Opts:.\+errors=remount +[RT]X packets: +WARNING: unexpected IO-APIC +warned about = ( ) +daemon.warn +kern.warn +rw,errors= +Expect some cache +no error +failmsg +RPC call returned error 101 +deverror.out +(floppy), sector 0 +mount version older than kernel +Can't locate module +Warning only .\+MB will be used. +hostname: Host name lookup failure +I can't tell the difference. +warning, not much extra random data, consider using the -rand option +confC._FILE +Warning: 3 database(s) sources +were not found, (but were created) +removing exim +The home dir you specified already exists. +No Rule for /usr/lib/ispell/default.hash. +/usr/sbin/update-fonts-.\+: warning: absolute path +hostname: Unknown server error +EXT2-fs warning: checktime reached +RPC: sendmsg returned error 101 +can't print them to stdout. Define these classes +warning: downgrading +suppress emacs errors +echo Error: +Can't open dependencies file +documents in /usr/doc are no longer supported +if you have both a SCSI and an IDE CD-ROM +Warning: /proc/ide/hd?/settings interface is obsolete, and will be removed soon +Monitoring disabled +Error: only one processor found. +Error Recovery Strategy: +sector 0 does not have an +syslogin_perform_logout: logout() returned an error +grub is not in an XFS filesystem. +grub-install: line 374: +grub-probe: error: Cannot open \`/boot/grub/device.map' +is harmless +not updating .\+ font directory data. +register_serial(): autoconfig failed +Fontconfig error: Cannot load default config file +asking for cache data failed +However, I can not read the target: +Warning: The partition table looks like it was made +task_error=0 +task_local_error=0 +^info: Trying to set +warning: /usr/lib/X11/fonts +can't read /etc/udev/rules.d/z25_persistent-net.rules +/cow': No such file or directory +Dummy start-stop-daemon called +X: bytes packets errors +ACPI Error +ACPI Warning +AE_NOT_FOUND +conflicts with ACPI region +cannot stat \`/etc/modprobe.d/\*.conf' +cdrom: open failed. +libgpg-error +process \`kudzu' used the deprecated sysctl system call +PM: Resume from disk failed +JBD: barrier-based sync failed +aufs: module is from the staging directory, the quality is unknown +warning: linuxlogo stop runlevel arguments (none) do not match +insserv: warning: script .\+ missing LSB tags and overrides +live-premount.\+ If this fails +cannot read table of mounted file systems +error: no alternatives for +ERST: Error Record Serialization Table (ERST) support is initialized +ERST: Table is not found +HEST: Table not found +failed to stat /dev/pts +Failed to connect to socket /var/run/dbus/system_bus_socket +fail to add MMCONFIG information +can't initialize iptables table +can't initialize ip6tables table +Authentication warning overridden +41-warning.sh +PCCT header not found +Download is performed unsandboxed as root as file +update-alternatives: warning: skip creation of +loop: module verification failed: signature +Warning: apt-key output should not be parsed +WARNING: Failed to connect to lvmetad. Falling back to device scanning +Warning: The home dir /var/lib/usbmux you specified +diff: /var/lib/apparmor/profiles/.apparmor.md5sums: No such file or directory +error reporting disabled +Enabling Firmware First mode for corrected errors +errors: 0 + 0 errors +Memory Error Correction: +Memory Controller 0 - Channel . Error +IIO RAS/Control Status/Global Errors +__stack_chk_fail +grub.cfg.new: Directory nonexistent +can't derive routing for PCI INT A +failed to load isci/isci_firmware.bin +Direct firmware load for isci/isci_firmware.bin failed with error +Loading user firmware failed, using default values +stunnel4 you specified can't be accessed: No such file or directory +install-docs --verbose --check file_name' may give more details about the above errors +cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory +update-rc.d: warning: start and stop actions are no longer supported" + +# add pattern on some conditions +if [ -n $FAI_ALLOW_UNSIGNED ] ; then + globalignorepatterns="$globalignorepatterns +WARNING: untrusted versions +WARNING: The following packages cannot be authenticated +Ignoring these trust violations" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Here you can define your own patterns. Put one pattern in a line, +# do not create empty lines. +myerrorpatterns="X_X-X_XX" +myignorepatterns="X_X-X_XX" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# The main routine +errorpatterns="$globalerrorpatterns +$myerrorpatterns" +ignorepatterns="$globalignorepatterns +$myignorepatterns" + +cd $LOGDIR || exit 3 +if [ -s $errfile ]; then + echo "Errorfile already exists. Aborting." >&2 + exit +fi + +grep -i "$errorpatterns" *.log | grep -vi "$ignorepatterns" > $errfile +if [ X$verbose = X1 ]; then + egrep -v '^software.log:' $errfile > $LOGDIR/tempfile + mv $LOGDIR/tempfile $errfile +fi + +if [ -s $errfile ]; then + echo "ERRORS found in log files. See $errfile" >&2 +else + echo "Congratulations! No errors found in log files." +fi diff --git a/hooks/setup.DEFAULT.sh b/hooks/setup.DEFAULT.sh new file mode 100755 index 0000000..4440ff9 --- /dev/null +++ b/hooks/setup.DEFAULT.sh @@ -0,0 +1,10 @@ +#! /bin/bash + +# use short hostname instead of FQDN +# otherwise it gets fucked up +# FAI doesn't start +# FAI SUCKS +export HOSTNAME=${HOSTNAME%%.*} +if [ $do_init_tasks -eq 1 ]; then + echo $HOSTNAME > /proc/sys/kernel/hostname +fi diff --git a/package_config/DEBIAN b/package_config/DEBIAN new file mode 100644 index 0000000..57229b4 --- /dev/null +++ b/package_config/DEBIAN @@ -0,0 +1,34 @@ +PACKAGES install-norec +# only installs bare minimum needed for ansible to work +openssh-client +openssh-server +time +procinfo +locales +console-setup +kbd +sudo +python + +PACKAGES install I386 +linux-image-686-pae +memtest86+ + +PACKAGES install CHROOT +linux-image-686-pae- +linux-image-amd64- + +PACKAGES install AMD64 +linux-image-amd64 +memtest86+ + +PACKAGES install ARM64 +grub-efi-arm64 +linux-image-arm64 + +PACKAGES install GRUB_PC +grub-pc + +PACKAGES install GRUB_EFI_CRYPTO +grub-efi + diff --git a/package_config/DEBIAN.gpg b/package_config/DEBIAN.gpg new file mode 100644 index 0000000..0d5b7a9 Binary files /dev/null and b/package_config/DEBIAN.gpg differ diff --git a/package_config/LVM_LUKS_RAID b/package_config/LVM_LUKS_RAID new file mode 100644 index 0000000..73fe70b --- /dev/null +++ b/package_config/LVM_LUKS_RAID @@ -0,0 +1,5 @@ +PACKAGES install +mdadm +lvm2 +cryptsetup + diff --git a/scripts/DEBIAN/10-rootpw b/scripts/DEBIAN/10-rootpw new file mode 100755 index 0000000..6adecf0 --- /dev/null +++ b/scripts/DEBIAN/10-rootpw @@ -0,0 +1,8 @@ +#! /bin/bash + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +$ROOTCMD usermod -L root + +exit $error + diff --git a/scripts/DEBIAN/20-capabilities b/scripts/DEBIAN/20-capabilities new file mode 100755 index 0000000..ea650fa --- /dev/null +++ b/scripts/DEBIAN/20-capabilities @@ -0,0 +1,22 @@ +#!/bin/bash +# +# Capabilities get lost when creating the fai base.tar.xz image. +# Restore them here. +# + +set -e + +if [ ! -x $target/sbin/setcap ] ; then + exit 0 +fi + +for FILE in /bin/ping /bin/ping6 /usr/bin/fping /usr/bin/fping6; do + if [ -x $target/$FILE -a ! -h $target/$FILE ] ; then + if $ROOTCMD /sbin/setcap cap_net_raw+ep $FILE; then + echo "Setcap worked! $FILE is not suid!" + fi + fi +done +if [ -x $target/usr/bin/systemd-detect-virt ] ; then + $ROOTCMD /sbin/setcap cap_dac_override,cap_sys_ptrace+ep /usr/bin/systemd-detect-virt +fi diff --git a/scripts/DEBIAN/30-interface b/scripts/DEBIAN/30-interface new file mode 100755 index 0000000..34c98e8 --- /dev/null +++ b/scripts/DEBIAN/30-interface @@ -0,0 +1,118 @@ +#! /bin/bash + +netplan_yaml() { + # network configuration using ubuntu's netplan.io + local IFNAME="$1" + local METHOD="$2" + echo "Generating netplan configuration for $IFNAME ($METHOD)" >&2 + echo "# generated by FAI" + echo "network:" + echo " version: 2" + echo " renderer: $RENDERER" + case "$RENDERER" in + networkd) + echo " ethernets:" + echo " $IFNAME:" + case "$METHOD" in + dhcp) + echo " dhcp4: true" + ;; + static) + echo " addresses: [$CIDR]" + echo " gateway4: $GATEWAYS_1" + echo " nameservers:" + echo " search: [$DOMAIN]" + echo " addresses: [${DNSSRVS// /, }]" + ;; + esac + esac +} + +iface_stanza() { + # classic network configuration using /etc/network/interfaces + local IFNAME="$1" + local METHOD="$2" + echo "Generating interface configuration for $IFNAME ($METHOD)" >&2 + echo "# generated by FAI" + echo "auto $IFNAME" + echo "iface $IFNAME inet $METHOD" + case "$METHOD" in + static) + echo " address $IPADDR" + echo " netmask $NETMASK" + echo " broadcast $BROADCAST" + echo " gateway $GATEWAYS" + ;; + esac +} + +newnicnames() { + + # determine predictable network names only for stretch and above + + [ $do_init_tasks -eq 0 ] && return + [ -z "$NIC1" ] && return + ver=$($ROOTCMD dpkg-query --showformat='${Version}' --show udev) + if dpkg --compare-versions $ver lt 220-7; then + return + fi + + + fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH" + for field in $fields; do + name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p") + if [[ $name ]]; then + NIC1=$name + break + fi + done + if [[ ! $name ]]; then + echo "$0: error: could not find systemd predictable network name. Using $NIC1." + fi +} + +if [ -z "$NIC1" ]; then + echo "WARNING: \$NIC1 is not defined. Cannot add ethernet to /etc/network/interfaces." +fi +CIDR=$(ip -o -f inet addr show $NIC1 | awk '{print $4}') +newnicnames + +case "$FAI_ACTION" in + install|dirinstall) + ifclass DHCPC && METHOD=dhcp || METHOD=static + ifclass XORG && RENDERER=NetworkManager || RENDERER=networkd + + if [ -d $target/etc/netplan ]; then + # Ubuntu >= 17.10 with netplan.io + if [ -n "$NIC1" ]; then + netplan_yaml $NIC1 $METHOD > $target/etc/netplan/01-${NIC1}.yaml + fi + elif [ -d $target/etc/network/interfaces.d ]; then + # ifupdown >= 0.7.41 (Debian >= 8, Ubuntu >= 14.04) + iface_stanza lo loopback > $target/etc/network/interfaces.d/lo + + if [ -n "$NIC1" -a ! -f $target/etc/NetworkManager/NetworkManager.conf ]; then + iface_stanza $NIC1 $METHOD > $target/etc/network/interfaces.d/$NIC1 + fi + else + ( + iface_stanza lo loopback + iface_stanza $NIC1 $METHOD + ) > $target/etc/network/interfaces + fi + + if ! ifclass DHCPC ; then + [ -n "$NETWORK" ] && echo "localnet $NETWORK" > $target/etc/networks + if [ ! -L $target/etc/resolv.conf -a -e /etc/resolv.conf ]; then + cp -p /etc/resolv.conf $target/etc + fi + fi + ;; +esac + +# here fcopy is mostly used, when installing a client for running in a +# different subnet than during the installation +fcopy -iM /etc/resolv.conf +fcopy -iM /etc/network/interfaces /etc/networks + +exit $error diff --git a/scripts/DEBIAN/40-misc b/scripts/DEBIAN/40-misc new file mode 100755 index 0000000..1571058 --- /dev/null +++ b/scripts/DEBIAN/40-misc @@ -0,0 +1,39 @@ +#! /bin/bash + +# (c) Thomas Lange, 2001-2016, lange@debian.org +# (c) Michael Goetze, 2010-2011, mgoetze@mgoetze.net + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +echo $TIMEZONE > $target/etc/timezone +if [ -L $target/etc/localtime ]; then + ln -sf /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime +else + cp -f /usr/share/zoneinfo/${TIMEZONE} $target/etc/localtime +fi + +hostname -s > $target/etc/hostname + +if [ ! -e $target/etc/adjtime ]; then + printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime +fi +if [ "$UTC" = "yes" ]; then + sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime +else + sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime +fi + +# make sure a machine-id exists +if [ ! -f $target/etc/machine-id ]; then + > $target/etc/machine-id +fi +# recreate machine-id if the file is empty +if [ X"$(stat -c '%s' $target/etc/machine-id 2>/dev/null)" = X0 -a -f /bin/systemd-machine-id-setup ]; then + $ROOTCMD systemd-machine-id-setup +fi + +ln -fs /proc/mounts $target/etc/mtab + +rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io + +exit $error diff --git a/scripts/GRUB_EFI_CRYPTO/10-setup b/scripts/GRUB_EFI_CRYPTO/10-setup new file mode 100755 index 0000000..75a0eed --- /dev/null +++ b/scripts/GRUB_EFI_CRYPTO/10-setup @@ -0,0 +1,74 @@ +#! /bin/bash +# support for GRUB version 2 + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +# This script assumes that the disk has a GPT partition table and +# that the extended system partition (ESP) is mounted on /boot/efi. +# When building a disk image, we don't change the NVRAM to point at +# the boot image we made available, because the disk image is likely +# not installed on the current system. As a result, we force +# installation into the removable media paths as well as the standard +# debian path. + +set -a + +# do not set up grub during dirinstall +if [ "$FAI_ACTION" = "dirinstall" ] ; then + exit 0 +fi +# during softupdate use this file +[ -r $LOGDIR/disk_var.sh ] && . $LOGDIR/disk_var.sh + +if [ -z "$BOOT_DEVICE" ]; then + exit 189 +fi + +# disable os-prober because of #788062 +echo "GRUB_DISABLE_OS_PROBER" >> /etc/default/grub + +# enable cryptodisk +echo "GRUB_ENABLE_CRYPTODISK=y" >> $target/etc/default/grub.d/crypto.cfg + +# skip the rest, if not an initial installation +if [ $FAI_ACTION != "install" ]; then + $ROOTCMD update-grub + exit $error +fi + +GROOT=$($ROOTCMD grub-probe -tdrive -d $BOOT_DEVICE) + +# handle /boot in lvm-on-md +_bdev=$(readlink -f $BOOT_DEVICE) +if [ "${_bdev%%-*}" = "/dev/dm" ]; then + BOOT_DEVICE=$( lvs --noheadings -o devices $BOOT_DEVICE | sed -e 's/^*\([^(]*\)(.*$/\1/' ) +fi + +# override this, it doesn't work correctly for lvm on luks on raid +BOOT_DEVICE="/dev/md0" + +# Check if RAID is used for the boot device +if [[ $BOOT_DEVICE =~ '/dev/md' ]]; then + raiddev=${BOOT_DEVICE#/dev/} + # install grub on all members of RAID + for device in `LC_ALL=C perl -ne 'if(/^'$raiddev'\s.+raid\d+\s(.+)/){ $_=$1; s/\d+\[\d+\]//g; print }' /proc/mdstat`; do + echo Install grub on /dev/$device + $ROOTCMD grub-install --no-floppy --force-extra-removable "/dev/$device" + done + +elif [[ $BOOT_DEVICE =~ '/dev/loop' ]]; then + # do not update vmram when using a loop device + $ROOTCMD grub-install --no-floppy --force-extra-removable --modules=part_gpt --no-nvram $BOOT_DEVICE + if [ $? -eq 0 ]; then + echo "Grub installed on hostdisk $BOOT_DEVICE" + fi + +else + $ROOTCMD grub-install --no-floppy --modules=part_gpt "$GROOT" + if [ $? -eq 0 ]; then + echo "Grub installed on $BOOT_DEVICE = $GROOT" + fi +fi +$ROOTCMD update-grub + +exit $error diff --git a/scripts/SETUP_USER/10-setup-user b/scripts/SETUP_USER/10-setup-user new file mode 100755 index 0000000..325be65 --- /dev/null +++ b/scripts/SETUP_USER/10-setup-user @@ -0,0 +1,20 @@ +#! /bin/bash + +# (c) Thomas Lange, 2001-2017, lange@debian.org + +error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code + +echo "SETUP USER: $username"; + +# add additional user account +if [ -n "$username" ]; then + if ! $ROOTCMD getent passwd $username ; then + $ROOTCMD adduser --disabled-login --gecos "$username user" $username + $ROOTCMD usermod -p "$USERPW" $username + userdir=$($ROOTCMD getent passwd "$username" | cut -d: -f6 ) + + for g in $groups; do + $ROOTCMD adduser $username $g + done + fi +fi diff --git a/scripts/SETUP_USER/20-setup-sudo b/scripts/SETUP_USER/20-setup-sudo new file mode 100755 index 0000000..087483a --- /dev/null +++ b/scripts/SETUP_USER/20-setup-sudo @@ -0,0 +1,3 @@ +#!/bin/sh +echo "$username ALL=(ALL:ALL) NOPASSWD: ALL" >> /target/etc/sudoers.d/user_nopasswd + diff --git a/scripts/SETUP_USER/30-authorized_keys b/scripts/SETUP_USER/30-authorized_keys new file mode 100755 index 0000000..4376bee --- /dev/null +++ b/scripts/SETUP_USER/30-authorized_keys @@ -0,0 +1,4 @@ +#!/bin/sh +mkdir $target/home/$username/.ssh; +echo "$SSHKEY" > $target/home/$username/.ssh/authorized_keys; +