June 2008 - livecd - Fedora Mailing-Lists

by Pedro Silva

Hi! I started the man page for the livecd-iso-to-disk, I used this guide[1] to do it. Since this is my first man page ever, shout if I made some terribly mistake. I used info found on fedora's wiki and other sources to make the man page but not all sections are filled yet. Section Files: Should the man page pay attention to any files needed by livecd-iso-to-disk, which ones? Section Environment: I haven't tested this yet but, is it possible to run livecd-iso-to-disk when SELinux is on ? If not, should I mention it in this section? Section Diagnostics: Should it contain the error messages that livecd-iso-to-disk can throw at users? If all goes right, I would also like to start the man page for livecd-creator. [1] http://www.schweikhardt.net/man_page_howto.html Thoughts, tips? Best regards, -- Pedro Silva

15 years, 6 months

3
4
0 / 0

2 commits - imgcreate/creator.py imgcreate/kickstart.py imgcreate/yuminst.py

by Jeremy Katz

imgcreate/creator.py | 67 +++++++++++++++++++++++++++++++++++++++++++++---- imgcreate/kickstart.py | 2 - imgcreate/yuminst.py | 10 +++++++ 3 files changed, 73 insertions(+), 6 deletions(-) New commits: commit 49e71af9f2e2eb81254fc32c85481031cdc87343 Author: Eric Paris <eparis(a)redhat.com> Date: Fri Jun 6 16:11:54 2008 -0400 LiveCD - add test for /sbin/lokkit if it is needed for selinux config This patch adds a new function ayum.installHasFile() which tells if the install image is going to contain a given file. We then use this new function to make sure lokkit is going to be present so that we will be able to disable selinux inside the image if the kickstart was configured that way. If we cannot accomidate the kickstart setting we error the build. Signed-off-by: Eric Paris <eparis(a)redhat.com> diff --git a/imgcreate/creator.py b/imgcreate/creator.py index f65f7d4..c9ed60c 100644 --- a/imgcreate/creator.py +++ b/imgcreate/creator.py @@ -594,7 +594,14 @@ class ImageCreator(object): for pkg in kickstart.get_excluded(self.ks, self._get_excluded_packages()): ayum.deselectPackage(pkg) - + + # if the system is running selinux and the kickstart wants it disabled + # we need /usr/sbin/lokkit + def __can_handle_selinux(self, ayum): + file = "/usr/sbin/lokkit" + if not kickstart.selinux_enabled(self.ks) and os.path.exists("/selinux/enforce") and not ayum.installHasFile(file): + raise CreatorError("Unable to disable SELinux because the installed package set did not include the file %s" % (file)) + def install(self, repo_urls = {}): """Install packages into the install root. @@ -630,6 +637,9 @@ class ImageCreator(object): self.__select_packages(ayum) self.__select_groups(ayum) self.__deselect_packages(ayum) + + self.__can_handle_selinux(ayum) + ayum.runInstall() except yum.Errors.RepoError, e: raise CreatorError("Unable to download from repo : %s" % (e,)) diff --git a/imgcreate/yuminst.py b/imgcreate/yuminst.py index aebb822..dd5b189 100644 --- a/imgcreate/yuminst.py +++ b/imgcreate/yuminst.py @@ -139,6 +139,16 @@ class LiveCDYum(yum.YumBase): repo.setCallback(TextProgress()) self.repos.add(repo) return repo + + def installHasFile(self, file): + provides_pkg = self.whatProvides(file, None, None) + dlpkgs = map(lambda x: x.po, filter(lambda txmbr: txmbr.ts_state in ("i", "u"), self.tsInfo.getMembers())) + for p in dlpkgs: + for q in provides_pkg: + if (p == q): + return True + return False + def runInstall(self): os.environ["HOME"] = "/" commit 05ca79403a42792ac775d93cc6b6d46cd9e57a17 Author: Eric Paris <eparis(a)redhat.com> Date: Fri Jun 6 16:11:53 2008 -0400 LiveCD - Add fake /selinux so livecd can run in enforcing This patch adds a /selinux directory to a newly created livecd compose which will allow the tools inside the chroot to interoperate with the live system successfully. Signed-off-by: Eric Paris <eparis(a)redhat.com> diff --git a/imgcreate/creator.py b/imgcreate/creator.py index 5d010a1..f65f7d4 100644 --- a/imgcreate/creator.py +++ b/imgcreate/creator.py @@ -24,6 +24,7 @@ import tempfile import shutil import logging +import selinux import yum import rpm @@ -421,6 +422,52 @@ class ImageCreator(object): os.symlink('/proc/self/fd/2', self._instroot + "/dev/stderr") os.umask(origumask) + def __create_selinuxfs(self): + # if selinux exists on the host we need to lie to the chroot + if os.path.exists("/selinux/enforce"): + selinux_dir = self._instroot + "/selinux" + + # enforce=0 tells the chroot selinux is not enforcing + # policyvers=999 tell the chroot to make the highest version of policy it can + files = (('/enforce', '0'), + ('/policyvers', '999')) + for (file, value) in files: + fd = os.open(selinux_dir + file, os.O_WRONLY | os.O_TRUNC | os.O_CREAT) + os.write(fd, value) + os.close(fd) + + # we steal mls from the host system for now, might be best to always set it to 1???? + files = ("/mls",) + for file in files: + shutil.copyfile("/selinux" + file, selinux_dir + file) + + # make /load -> /dev/null so chroot policy loads don't hurt anything + os.mknod(selinux_dir + "/load", 0666 | stat.S_IFCHR, os.makedev(1, 3)) + + # selinux is on in the kickstart, so clean up as best we can to start + if kickstart.selinux_enabled(self.ks): + # label the fs like it is a root before the bind mounting + arglist = ["/sbin/setfiles", "-F", "-r", self._instroot, selinux.selinux_file_context_path(), self._instroot] + subprocess.call(arglist, close_fds = True) + # these dumb things don't get magically fixed, so make the user generic + for f in ("/proc", "/sys", "/selinux"): + arglist = ["/usr/bin/chcon", "-u", "system_u", self._instroot + f] + subprocess.call(arglist, close_fds = True) + + def __destroy_selinuxfs(self): + # if the system was running selinux clean up our lies + if os.path.exists("/selinux/enforce"): + files = ('/enforce', + '/policyvers', + '/mls', + '/load') + for file in files: + try: + os.unlink(self._instroot + "/selinux" + file) + except OSError: + pass + + def mount(self, base_on = None, cachedir = None): """Setup the target filesystem in preparation for an install. @@ -446,7 +493,7 @@ class ImageCreator(object): self._mount_instroot(base_on) - for d in ("/dev/pts", "/etc", "/boot", "/var/log", "/var/cache/yum"): + for d in ("/dev/pts", "/etc", "/boot", "/var/log", "/var/cache/yum", "/sys", "/proc", "/selinux"): makedirs(self._instroot + d) cachesrc = cachedir or (self.__builddir + "/yum-cache") @@ -458,9 +505,7 @@ class ImageCreator(object): (cachesrc, "/var/cache/yum")]: self.__bindmounts.append(BindChrootMount(f, self._instroot, dest)) - # /selinux should only be mounted if selinux is enabled (enforcing or permissive) - if kickstart.selinux_enabled(self.ks): - self.__bindmounts.append(BindChrootMount("/selinux", self._instroot, None)) + self.__create_selinuxfs() self._do_bindmounts() @@ -483,6 +528,8 @@ class ImageCreator(object): except OSError: pass + self.__destroy_selinuxfs() + self._undo_bindmounts() self._unmount_instroot() diff --git a/imgcreate/kickstart.py b/imgcreate/kickstart.py index c83e795..180cea2 100644 --- a/imgcreate/kickstart.py +++ b/imgcreate/kickstart.py @@ -389,7 +389,7 @@ class SelinuxConfig(KickstartConfig): if not os.path.exists(self.path("/sbin/restorecon")): return - self.call(["/sbin/restorecon", "-l", "-v", "-r", "/"]) + self.call(["/sbin/restorecon", "-l", "-v", "-r", "-F", "-e", "/proc", "-e", "/sys", "-e", "/dev", "-e", "/selinux", "/"]) def apply(self, ksselinux): if os.path.exists(self.path("/usr/sbin/lokkit")):

15 years, 6 months

1
0
0 / 0

Strange F9 networking problem after LCD install

by Admin

People, I had problems installing from the Fedora 9 iso file ie one hard disk to another HD after booting from an existing F8 setup so I did a F9 LiveCD install (I never had problems installing from HD for previous Fedora versions). The netqmail install puts a line in: /etc/inittab which is: SV:123456:respawn:/command/svscanboot but it doesn't work and I have to manually run it after the boot finishes. Any ideas why it does not run automatically during the boot? (It has been working fine since Fedora Core 3). Thanks, Phil. -- Philip Rhoades Pricom Pty Limited (ACN 003 252 275 ABN 91 003 252 275) GPO Box 3411 Sydney NSW 2001 Australia E-mail: phil(a)pricom.com.au

15 years, 6 months

2
1
0 / 0

Re: [RFC] -v2 livecd running and selinux enforcing

by Jeremy Katz

This looks good. Just a couple of (minor) tweaks/questions * Doesn't want to apply cleanly to current tip of git. Should be straight-forward to fix, if you don't have the time, I can * Any chance of splitting it into two chunks (one for the main bit, a second for the "selinux --enforcing request, but no lokkit in the package list)? Again, I can if not On Thu, 2008-06-05 at 17:35 -0400, Eric Paris wrote: > Still ongoing selinux policy and toolchain work in this area is needed > and I should do more testing on a host machine with selinux disabled but > this is the livecd patch I've got working as of today. I think that I > want to make my print >> sys.stderr message actually be fatal. The > reason for this is because setting selinux --disabled in the kickstart > and not having /usr/sbin/lokkit results in an enabled livecd which > doesn't work... No reason to just print a message and not stop the > work if we know for sure the results are useless... Sure, and it's early enough to be reasonable. Just switch the print to raise CreatorError and things will get torn down correctly too > This patch also has the f.close() fix that I sent yesterday, so it might > not apply if you already applied that one... Yeah, I pushed it right after you sent it In any case, I can fix those little things up tomorrow if you want to move on to something else and just get this committed, pushed and the relevant bug closed. And then we can hopefully get some more testing than just the two of us Jeremy

15 years, 6 months

1
0
0 / 0

config/livecd-fedora-base-desktop.ks

by Jeremy Katz

config/livecd-fedora-base-desktop.ks | 14 ++++++++++++++ 1 file changed, 14 insertions(+) New commits: commit 6cda8976d851523f4f65c6fae05bd9339d5d4e2c Author: Jeremy Katz <katzj(a)redhat.com> Date: Thu Jun 5 16:55:46 2008 -0400 Hack to eject the CD on shutdown to handle #239928 Eject the CD on shutdown from halt.local. This could end up hanging the shutdown process but we can't really do better without support for eject in /sbin/halt (#448997) diff --git a/config/livecd-fedora-base-desktop.ks b/config/livecd-fedora-base-desktop.ks index 0bafe3b..586c958 100644 --- a/config/livecd-fedora-base-desktop.ks +++ b/config/livecd-fedora-base-desktop.ks @@ -192,6 +192,20 @@ touch /media/.hal-mtab # workaround clock syncing on shutdown that we don't want (#297421) sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt + +# and hack so that we eject the cd on shutdown if we're using a CD... +if strstr "\`cat /proc/cmdline\`" CDLABEL= ; then + cat >> /sbin/halt.local << FOE +#!/bin/bash +# we want to eject the cd on halt, but let's also try to avoid +# io errors due to not being able to get files... +cat /sbin/halt > /dev/null +cat /sbin/reboot > /dev/null +/usr/sbin/eject -p -m \$(readlink -f /dev/live) >/dev/null 2>&1 +FOE +chmod +x /sbin/halt.local +fi + EOF # bah, hal starts way too late

15 years, 6 months

1
0
0 / 0

7 commits - config/livecd-fedora-base-desktop.ks tools/livecd-iso-to-disk.sh

by Jeremy Katz

config/livecd-fedora-base-desktop.ks | 54 +++++++++++++++++++++- tools/livecd-iso-to-disk.sh | 83 ++++++++++++++++++++++++++++++++--- 2 files changed, 130 insertions(+), 7 deletions(-) New commits: commit 8fb9fe7a9a8017d1195c59e5a3cae27621a48c1e Author: Jeremy Katz <katzj(a)redhat.com> Date: Mon Jun 2 20:16:39 2008 -0400 Allow adding extra kernel args to the syslinux.cfg with --extra-kernel-args Pass additional options to be appended to the kernel with --extra-kernel-args so that you can script running livecd-iso-to-disk pointing to a persistent /home more easily diff --git a/tools/livecd-iso-to-disk.sh b/tools/livecd-iso-to-disk.sh index 8ef1194..7468cbb 100644 --- a/tools/livecd-iso-to-disk.sh +++ b/tools/livecd-iso-to-disk.sh @@ -199,6 +199,10 @@ while [ $# -gt 2 ]; do --reset-mbr|--resetmbr) resetmbr=1 ;; + --extra-kernel-args) + kernelargs=$2 + shift + ;; *) usage ;; @@ -332,6 +336,7 @@ cp $CDMNT/isolinux/* $USBMNT/$SYSLINUXPATH echo "Updating boot config file" # adjust label and fstype sed -i -e "s/CDLABEL=[^ ]*/$USBLABEL/" -e "s/rootfstype=[^ ]*/rootfstype=$USBFS/" $USBMNT/$SYSLINUXPATH/isolinux.cfg +if [ -n "$kernelargs" ]; then sed -i -e "s/liveimg/liveimg ${kernelargs}/" $USBMNT/$SYSLINUXPATH/isolinux.cfg ; fi if [ -n "$overlaysizemb" ]; then echo "Initializing persistent overlay file" commit dbc2395d810db84efbbaca214034d0c115078ffc Author: Jeremy Katz <katzj(a)redhat.com> Date: Mon Jun 2 20:13:55 2008 -0400 And support specifying the persistent store by label or uuid If you specify persistenthome=LABEL=foo you will get the device labeled as "foo" mounted as /home rather than LiveOS/home.img. Similarly for UUID diff --git a/config/livecd-fedora-base-desktop.ks b/config/livecd-fedora-base-desktop.ks index 84e2de8..0bafe3b 100644 --- a/config/livecd-fedora-base-desktop.ks +++ b/config/livecd-fedora-base-desktop.ks @@ -101,10 +101,15 @@ if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then fi mountPersistentHome() { - # if we're not given a block device, then make it one + # support label/uuid + if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then + homedev=\`/sbin/blkid -o device -t "\$homedev"\` + fi + + # if we're given a file rather than a blockdev, loopback it if [ ! -b "\$homedev" ]; then loopdev=\`losetup -f\` - if [ "\$\{homedev##/mnt/live\}" != "\$\{homedev\}" ]; then + if [ "\${homedev##/mnt/live}" != "\${homedev}" ]; then action "Remounting live store r/w" mount -o remount,rw /mnt/live fi losetup \$loopdev \$homedev commit 9ae29165b823621a5107b97025166b48854559fe Author: Jeremy Katz <katzj(a)redhat.com> Date: Mon Jun 2 20:11:18 2008 -0400 Support specifying the persistent /home Specifying persistenthome=/path/to/device on the kernel command line will now prefer using that as opposed to anything else for the persistent /home diff --git a/config/livecd-fedora-base-desktop.ks b/config/livecd-fedora-base-desktop.ks index b364803..84e2de8 100644 --- a/config/livecd-fedora-base-desktop.ks +++ b/config/livecd-fedora-base-desktop.ks @@ -94,29 +94,54 @@ fi # enable swaps unless requested otherwise swaps=\`blkid -t TYPE=swap -o device\` -if ! strstr "\`cat /proc/cmdline\`" noswap -a [ -n "\$swaps" ] ; then +if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then for s in \$swaps ; do action "Enabling swap partition \$s" swapon \$s done fi mountPersistentHome() { - homeloop=\`losetup -f\` - mount -o remount,rw /mnt/live - losetup \$homeloop /mnt/live/LiveOS/home.img - if [ "\$(/lib/udev/vol_id -t \$homeloop)" = "crypto_LUKS" ]; then + # if we're not given a block device, then make it one + if [ ! -b "\$homedev" ]; then + loopdev=\`losetup -f\` + if [ "\$\{homedev##/mnt/live\}" != "\$\{homedev\}" ]; then + action "Remounting live store r/w" mount -o remount,rw /mnt/live + fi + losetup \$loopdev \$homedev + homedev=\$loopdev + fi + + # if it's encrypted, we need to unlock it + if [ "\$(/lib/udev/vol_id -t \$homedev)" = "crypto_LUKS" ]; then echo echo "Setting up encrypted /home device" - cryptsetup luksOpen \$homeloop EncHome <&1 - homeloop=/dev/mapper/EncHome + cryptsetup luksOpen \$homedev EncHome <&1 + homedev=/dev/mapper/EncHome fi - mount \$homeloop /home + + # and finally do the mount + mount \$homedev /home [ -x /sbin/restorecon ] && /sbin/restorecon /home if [ -d /home/fedora ]; then USERADDARGS="-M" ; fi } +findPersistentHome() { + for arg in \`cat /proc/cmdline\` ; do + if [ "\${arg##persistenthome=}" != "\${arg}" ]; then + homedev=\${arg##persistenthome=} + return + fi + done +} + +if strstr "\`cat /proc/cmdline\`" persistenthome= ; then + findPersistentHome +elif [ -e /mnt/live/LiveOS/home.img ]; then + homedev=/mnt/live/LiveOS/home.img +fi + # if we have a persistent /home, then we want to go ahead and mount it -if ! strstr "\`cat /proc/cmdline\`" nopersisthome -a [ -e /mnt/live/LiveOS/home.img ] ; then +if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then action "Mounting persistent /home" mountPersistentHome fi commit 881d186e0e8277839de5a1f160a4e4d87c9875df Author: Jeremy Katz <katzj(a)redhat.com> Date: Mon Jun 2 17:15:55 2008 -0400 Support not blowing away the persistent /home with livecd-iso-to-disk By default, we shouldn't delete the persistent /home file. This adds support for a --delete-home argument and also makes it so that you have to be very clear that you want to delete to help avoid accidents from occurring diff --git a/tools/livecd-iso-to-disk.sh b/tools/livecd-iso-to-disk.sh index 9bdcb0e..8ef1194 100644 --- a/tools/livecd-iso-to-disk.sh +++ b/tools/livecd-iso-to-disk.sh @@ -22,7 +22,7 @@ export PATH=/sbin:/usr/sbin:$PATH usage() { - echo "$0 [--reset-mbr] [--noverify] [--overlay-size-mb <size>] [--home-size-mb <size> ] [ --unencrypted-home] <isopath> <usbstick device>" + echo "$0 [--reset-mbr] [--noverify] [--overlay-size-mb <size>] [--home-size-mb <size>] [--unencrypted-home] <isopath> <usbstick device>" exit 1 } @@ -173,6 +173,7 @@ if [ $(id -u) != 0 ]; then fi cryptedhome=1 +keephome=1 while [ $# -gt 2 ]; do case $1 in --overlay-size-mb) @@ -189,6 +190,9 @@ while [ $# -gt 2 ]; do --unencrypted-home) cryptedhome="" ;; + --delete-home) + keephome="" + ;; --noverify) noverify=1 ;; @@ -250,7 +254,6 @@ if [ -n "$homesizemb" -a "$USBFS" = "vfat" ]; then fi fi - # FIXME: would be better if we had better mountpoints CDMNT=$(mktemp -d /media/cdtmp.XXXXXX) mount -o loop,ro "$ISO" $CDMNT || exitclean @@ -259,6 +262,12 @@ mount $USBDEV $USBMNT || exitclean trap exitclean SIGINT SIGTERM +if [ -f "$USBMNT/LiveOS/home.img" -a -n "$keephome" -a -n "$homesizemb" ]; then + echo "ERROR: Requested keeping existing /home and specified a size for /home" + echo "Please either don't specify a size or specify --delete-home" + exitclean +fi + # let's try to make sure there's enough room on the stick if [ -d $CDMNT/LiveOS ]; then check=$CDMNT/LiveOS @@ -267,6 +276,8 @@ else fi if [ -d $USBMNT/LiveOS ]; then tbd=$(du -s -B 1M $USBMNT/LiveOS | awk {'print $1;'}) + [ -f $USBMNT/LiveOS/home.img ] && homesz=$(du -s -B 1M $USBMNT/LiveOS/home.img | awk {'print $1;'}) + [ -n "$homesz" -a -n "$keephome" ] && tbd=$(($tbd - $homesz)) else tbd=0 fi @@ -283,8 +294,17 @@ if [ $(($overlaysizemb + $homesizemb + $livesize)) -gt $(($free + $tbd)) ]; then fi if [ -d $USBMNT/LiveOS ]; then - echo "Already set up as live image. Deleting old in fifteen seconds..." - sleep 15 + echo "Already set up as live image." + if [ -z "$keephome" -a -e $USBMNT/LiveOS/home.img ]; then + echo "WARNING: Persistent /home will be deleted!!!" + echo "Press Enter to continue or ctrl-c to abort" + read + else + echo "Deleting old OS in fifteen seconds..." + sleep 15 + + [ -e "$USBMNT/LiveOS/home.img" -a -n "$keephome" ] && mv $USBMNT/LiveOS/home.img $USBMNT/home.img + fi rm -rf $USBMNT/LiveOS fi @@ -292,6 +312,7 @@ fi echo "Copying live image to USB stick" if [ ! -d $USBMNT/$SYSLINUXPATH ]; then mkdir $USBMNT/$SYSLINUXPATH ; fi if [ ! -d $USBMNT/LiveOS ]; then mkdir $USBMNT/LiveOS ; fi +if [ -n "$keephome" -a -f "$USBMNT/home.img" ]; then mv $USBMNT/home.img $USBMNT/LiveOS/home.img ; fi # cases without /LiveOS are legacy detection, remove for F10 if [ -f $CDMNT/LiveOS/squashfs.img ]; then cp $CDMNT/LiveOS/squashfs.img $USBMNT/LiveOS/squashfs.img || exitclean commit a8997895dc0dde65bf0e780570785e36688a6214 Author: Jeremy Katz <katzj(a)redhat.com> Date: Mon Jun 2 17:13:30 2008 -0400 Make it more clear that we're mounting the persistent /home Be a little bit more verbose in the initscript about what we're doing diff --git a/config/livecd-fedora-base-desktop.ks b/config/livecd-fedora-base-desktop.ks index c883c0d..b364803 100644 --- a/config/livecd-fedora-base-desktop.ks +++ b/config/livecd-fedora-base-desktop.ks @@ -100,22 +100,28 @@ if ! strstr "\`cat /proc/cmdline\`" noswap -a [ -n "\$swaps" ] ; then done fi -# if we have a persistent /home, then we want to go ahead and mount it -if ! strstr "\`cat /proc/cmdline\`" nopersisthome -a [ -e /mnt/live/LiveOS/home.img ] ; then +mountPersistentHome() { homeloop=\`losetup -f\` mount -o remount,rw /mnt/live losetup \$homeloop /mnt/live/LiveOS/home.img if [ "\$(/lib/udev/vol_id -t \$homeloop)" = "crypto_LUKS" ]; then + echo + echo "Setting up encrypted /home device" cryptsetup luksOpen \$homeloop EncHome <&1 homeloop=/dev/mapper/EncHome fi mount \$homeloop /home [ -x /sbin/restorecon ] && /sbin/restorecon /home if [ -d /home/fedora ]; then USERADDARGS="-M" ; fi +} + +# if we have a persistent /home, then we want to go ahead and mount it +if ! strstr "\`cat /proc/cmdline\`" nopersisthome -a [ -e /mnt/live/LiveOS/home.img ] ; then + action "Mounting persistent /home" mountPersistentHome fi # add fedora user with no passwd -useradd \$USERADDARGS -c "Fedora Live" fedora +action "Adding fedora user" useradd \$USERADDARGS -c "Fedora Live" fedora passwd -d fedora > /dev/null # turn off firstboot for livecd boots commit aff8789c1b393475e65f799c82107b79864dc12e Author: Jeremy Katz <katzj(a)redhat.com> Date: Mon Jun 2 17:04:13 2008 -0400 Support a nopersisthome argument on the kernel command line Passing 'nopersisthome' on the kernel command line will make it so that we don't attempt to mount a /home diff --git a/config/livecd-fedora-base-desktop.ks b/config/livecd-fedora-base-desktop.ks index 5ab5560..c883c0d 100644 --- a/config/livecd-fedora-base-desktop.ks +++ b/config/livecd-fedora-base-desktop.ks @@ -101,7 +101,7 @@ if ! strstr "\`cat /proc/cmdline\`" noswap -a [ -n "\$swaps" ] ; then fi # if we have a persistent /home, then we want to go ahead and mount it -if [ -e /mnt/live/LiveOS/home.img ]; then +if ! strstr "\`cat /proc/cmdline\`" nopersisthome -a [ -e /mnt/live/LiveOS/home.img ] ; then homeloop=\`losetup -f\` mount -o remount,rw /mnt/live losetup \$homeloop /mnt/live/LiveOS/home.img commit 8b08198556821a5cd2a35904494a0bd31c053a14 Author: Jeremy Katz <katzj(a)redhat.com> Date: Mon Jun 2 15:45:03 2008 -0400 Initial support for a persistent /home (#445218) In addition to having a persistent overlay, it can be useful to just have an encrypted /home. This provides the beginning of that support with the creation of LiveOS/home.img in livecd-iso-to-disk.sh, which is encrypted by default. Future things still to do: * Command line argument 'nopersisthome' should not mount the persistent /home * Support for specifying something other than /mnt/live/LiveOS/home.img as the source of the persistent /home * Support not blowing away the home.img on later livecd-iso-to-disk runs * Make the boot process a little bit more clear about what's going on (eg, unlocking /dev/loop5 isn't all that obvious) * How best to update the OS on the usb stick? diff --git a/config/livecd-fedora-base-desktop.ks b/config/livecd-fedora-base-desktop.ks index ebe9ac8..5ab5560 100644 --- a/config/livecd-fedora-base-desktop.ks +++ b/config/livecd-fedora-base-desktop.ks @@ -100,8 +100,22 @@ if ! strstr "\`cat /proc/cmdline\`" noswap -a [ -n "\$swaps" ] ; then done fi +# if we have a persistent /home, then we want to go ahead and mount it +if [ -e /mnt/live/LiveOS/home.img ]; then + homeloop=\`losetup -f\` + mount -o remount,rw /mnt/live + losetup \$homeloop /mnt/live/LiveOS/home.img + if [ "\$(/lib/udev/vol_id -t \$homeloop)" = "crypto_LUKS" ]; then + cryptsetup luksOpen \$homeloop EncHome <&1 + homeloop=/dev/mapper/EncHome + fi + mount \$homeloop /home + [ -x /sbin/restorecon ] && /sbin/restorecon /home + if [ -d /home/fedora ]; then USERADDARGS="-M" ; fi +fi + # add fedora user with no passwd -useradd -c "Fedora Live" fedora +useradd \$USERADDARGS -c "Fedora Live" fedora passwd -d fedora > /dev/null # turn off firstboot for livecd boots diff --git a/tools/livecd-iso-to-disk.sh b/tools/livecd-iso-to-disk.sh index 3e1979b..9bdcb0e 100644 --- a/tools/livecd-iso-to-disk.sh +++ b/tools/livecd-iso-to-disk.sh @@ -22,7 +22,7 @@ export PATH=/sbin:/usr/sbin:$PATH usage() { - echo "$0 [--reset-mbr] [--noverify] [--overlay-size-mb <size>] <isopath> <usbstick device>" + echo "$0 [--reset-mbr] [--noverify] [--overlay-size-mb <size>] [--home-size-mb <size> ] [ --unencrypted-home] <isopath> <usbstick device>" exit 1 } @@ -172,12 +172,23 @@ if [ $(id -u) != 0 ]; then exit 1 fi +cryptedhome=1 while [ $# -gt 2 ]; do case $1 in --overlay-size-mb) overlaysizemb=$2 shift ;; + --home-size-mb) + homesizemb=$2 + shift + ;; + --crypted-home) + cryptedhome=1 + ;; + --unencrypted-home) + cryptedhome="" + ;; --noverify) noverify=1 ;; @@ -232,6 +243,14 @@ if [ -n "$overlaysizemb" -a "$USBFS" = "vfat" ]; then fi fi +if [ -n "$homesizemb" -a "$USBFS" = "vfat" ]; then + if [ "$homesizemb" -gt 2047 ]; then + echo "Can't have a home overlay greater than 2048MB on VFAT" + exitclean + fi +fi + + # FIXME: would be better if we had better mountpoints CDMNT=$(mktemp -d /media/cdtmp.XXXXXX) mount -o loop,ro "$ISO" $CDMNT || exitclean @@ -254,10 +273,11 @@ fi livesize=$(du -s -B 1M $check | awk {'print $1;'}) free=$(df -B1M $USBDEV |tail -n 1 |awk {'print $4;'}) -if [ $(($overlaysizemb + $livesize)) -gt $(($free + $tbd)) ]; then +if [ $(($overlaysizemb + $homesizemb + $livesize)) -gt $(($free + $tbd)) ]; then echo "Unable to fit live image + overlay on available space on USB stick" echo "Size of live image: $livesize" - echo "Overlay size: $overlaysizemb" + [ -n "$overlaysizemb" ] && echo "Overlay size: $overlaysizemb" + [ -n "$homesizemb" ] && echo "Home overlay size: $homesizemb" echo "Available space: $(($free + $tbd))" exitclean fi @@ -307,6 +327,33 @@ if [ -n "$overlaysizemb" ]; then $USBMNT/$SYSLINUXPATH/isolinux.cfg fi +if [ -n "$homesizemb" ]; then + echo "Initializing persistent /home" + HOMEFILE=home.img + if [ "$USBFS" = "vfat" ]; then + # vfat can't handle sparse files + dd if=/dev/zero of=$USBMNT/LiveOS/$HOMEFILE count=$homesizemb bs=1M + else + dd if=/dev/null of=$USBMNT/LiveOS/$HOMEFILE count=1 bs=1M seek=$homesizemb + fi + if [ -n "$cryptedhome" ]; then + loop=$(losetup -f) + losetup $loop $USBMNT/LiveOS/$HOMEFILE + echo "Encrypting persistent /home" + cryptsetup luksFormat -y -q $loop + echo "Please enter the password again to unlock the device" + cryptsetup luksOpen $loop EncHomeFoo + mke2fs -j /dev/mapper/EncHomeFoo + tune2fs -c0 -i0 -ouser_xattr,acl /dev/mapper/EncHomeFoo + cryptsetup luksClose EncHomeFoo + losetup -d $loop + else + echo "Formatting unencrypted /home" + mke2fs -F -j $USBMNT/LiveOS/$HOMEFILE + tune2fs -c0 -i0 -ouser_xattr,acl $USBMNT/LiveOS/$HOMEFILE + fi +fi + echo "Installing boot loader" if [ "$USBFS" = "vfat" -o "$USBFS" = "msdos" ]; then # syslinux expects the config to be named syslinux.cfg

15 years, 6 months

1
0
0 / 0

config/livecd-fedora-base-desktop.ks

by Jeremy Katz

config/livecd-fedora-base-desktop.ks | 1 + 1 file changed, 1 insertion(+) New commits: commit 924dbb6c54e85d26b333be4740c8f96d0f715a4a Author: Jeremy Katz <katzj(a)redhat.com> Date: Thu Jun 5 12:48:26 2008 -0400 Ensure that tmpfs dirs are labeled correctly diff --git a/config/livecd-fedora-base-desktop.ks b/config/livecd-fedora-base-desktop.ks index 14d49a4..ebe9ac8 100644 --- a/config/livecd-fedora-base-desktop.ks +++ b/config/livecd-fedora-base-desktop.ks @@ -135,6 +135,7 @@ chkconfig --level 345 readahead_later off 2>/dev/null mount -t tmpfs varcacheyum /var/cache/yum mount -t tmpfs tmp /tmp mount -t tmpfs vartmp /var/tmp +[ -x /sbin/restorecon ] && /sbin/restorecon /var/cache/yum /tmp /var/tmp >/dev/null 2>&1 # Stopgap fix for RH #217966; should be fixed in HAL instead touch /media/.hal-mtab

15 years, 6 months

1
0
0 / 0

Portuguese pt_PT spins

by Pedro Silva

Hi! I pulled the latest .ks through git and changed the files accordingly to create pt_PT localized spins of fedora. Attached are the following spins: - Electronic Lab - KDE - XFCE - Developer - Games Just has Jeroen said, on gnome based livecds, I added the %post hack for the xorg.conf keyboard stuff. I think these are electronic-lab, developer and games. Also regarding localized versions of software, does @portguese-support flag pull localized dependecies of packages? Although I can't find it now, I think childsplay used to have a childsplay-sounds-pt package. Is this pulled by @portuguese-support flag? One more thing I remembered, Portugal has two timezones (Lisboa/Mainland and Açores Islands), does it make sense to create another spin to cover both timezones? What about countries with multiple timezones? Just some ideas and thoughts. Best regards, -- Pedro Silva

15 years, 6 months

4
6
0 / 0

Persistance Overlay

by Pedro Silva

Hi! I haven't grasped the persistance overlay usage yet. I usually create/update a personal spin every week and install it to a usb stick. Since F9, I've also been using the persistance flag. I don't use my liveusb everyday but I like to keep it updated and in my pocket. Last weekend, I updated my spin and installed on the usb stick. Halfway through, I noticed I had forgotten the overlay flag in livecd-iso-to-disk command. I thought, "well, i guess it will be detected since it was created previously...". Yesterday, I booted my usb stick at work and upon boot I can see a message saying no persistance overlay found. Err... my best guess was wrong. So, how does the persistance work: - Persistance is created with livecd-iso-to-disk, if I run it again without the overlay flag, previous persistance overlay is deleted? - Persistance is created with livecd-iso-to-disk, further runs of livecd-iso-to-disk won't detect previous overlay? I honestly looked for more info on the fedora wiki and man pages, but I couldn't find a wiki page or a man page about it. If these don't exist, I would be happy to help build one. Thanks and best regards, -- Pedro Silva

15 years, 6 months

4
10
0 / 0

Changes to 'f8-branch'

by Jeremy Katz

New branch 'f8-branch' available with the following commits: commit 873d1f6d28be6c0dff11fc0c1e9e4c5a25b961e2 Author: Jeremy Katz <katzj(a)redhat.com> Date: Tue Jun 3 23:30:20 2008 -0400 Fix tyops commit 056d7ff88e5fc16bf02dba17bd16b8ec17afc4fe Author: Jeremy Katz <katzj(a)redhat.com> Date: Tue May 27 15:22:31 2008 -0400 Handle copying timezone to /etc/localtime (#445624) commit a2cba1ed562992ad61fb38f2219cba679c6316b0 Author: Jeremy Katz <katzj(a)redhat.com> Date: Tue May 27 15:19:45 2008 -0400 Avoid traceback on systems without LVM (#442633)

15 years, 6 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

livecd June 2008