9:02 a.m.
People,
After many attempts of building permutations I still can't get a login
to work (the message that flashes up before the screen redraws is too
quick) using qemu-kvm. My ks file hereunder - can anyone see anything
that would cause the problem? Thanks:
lang en_US.UTF-8
keyboard us
timezone US/Eastern
auth --useshadow --enablemd5
part / --size 5120
/mirrorlist?repo=rawhide&arch=i686
repo --name=released
--mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-13&arch=i386
repo --name=updates
--mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f13&arch=i386
rootpw --iscrypted $1$GRwvp$HcYuBdNae5mlPyXwVUc1E0
%packages
@base
@core
@input-methods
@admin-tools
@dial-up
@hardware-support
kernel
system-config-firewall-base
memtest86+
-exim*
-sendmail
%end
%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/livesys << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" !=
"start" ]; then
exit 0
fi
if [ -e /.liveimg-configured ] ; then
configdone=1
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-configured
# mount live image
if [ -b \`readlink -f /dev/live\` ]; then
mkdir -p /mnt/live
mount -o ro /dev/live /mnt/live 2>/dev/null || mount /dev/live /mnt/live
fi
livedir="LiveOS"
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##live_dir=}" != "\${arg}" ]; then
livedir=\${arg##live_dir=}
return
fi
done
# enable swaps unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ]
; then
for s in \$swaps ; do
action "Enabling swap partition \$s" swapon \$s
done
fi
if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f
/mnt/live/\${livedir}/swap.img ] ; then
action "Enabling swap file" swapon /mnt/live/\${livedir}/swap.img
fi
mountPersistentHome() {
# support label/uuid
if [ "\${homedev##LABEL=}" != "\${homedev}" -o
"\${homedev##UUID=}"
!= "\${homedev}" ]; then
homedev=\`/sbin/blkid -o device -t "\$homedev"\`
fi
# if we're given a file rather than a blockdev, loopback it
if [ "\${homedev##mtd}" != "\${homedev}" ]; then
# mtd devs don't have a block device but get magic-mounted with -t
jffs2
mountopts="-t jffs2"
elif [ ! -b "\$homedev" ]; then
loopdev=\`losetup -f\`
if [ "\${homedev##/mnt/live}" != "\${homedev}" ]; then
action "Remounting live store r/w" mount -o remount,rw /mnt/live
fi
losetup \$loopdev \$homedev
homedev=\$loopdev
fi
# if it's encrypted, we need to unlock it
if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" =
"crypto_LUKS" ]; then
echo
echo "Setting up encrypted /home device"
plymouth ask-for-password --command="cryptsetup luksOpen \$homedev
EncHome"
homedev=/dev/mapper/EncHome
fi
# and finally do the mount
mount \$mountopts \$homedev /home
# if we have /home under what's passed for persistent home, then
# we should make that the real /home. useful for mtd device on olpc
if [ -d /home/home ]; then mount --bind /home/home /home ; fi
[ -x /sbin/restorecon ] && /sbin/restorecon /home
if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
}
findPersistentHome() {
for arg in \`cat /proc/cmdline\` ; do
if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
homedev=\${arg##persistenthome=}
return
fi
done
}
if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
findPersistentHome
elif [ -e /mnt/live/\${livedir}/home.img ]; then
homedev=/mnt/live/\${livedir}/home.img
fi
# if we have a persistent /home, then we want to go ahead and mount it
if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n
"\$homedev"
] ; then
action "Mounting persistent /home" mountPersistentHome
fi
# make it so that we don't do writing to the overlay for things which
# are just tmpdirs/caches
mount -t tmpfs -o mode=0755 varcacheyum /var/cache/yum
mount -t tmpfs tmp /tmp
mount -t tmpfs vartmp /var/tmp
[ -x /sbin/restorecon ] && /sbin/restorecon /var/cache/yum /tmp /var/tmp
/dev/null 2>&1
if [ -n "\$configdone" ]; then
exit 0
fi
# add fedora user with no passwd
action "Adding live user" useradd \$USERADDARGS -c "liveuser Albers"
liveuser
passwd -d liveuser > /dev/null
# turn off firstboot for livecd boots
chkconfig --level 345 firstboot off 2>/dev/null
# don't start yum-updatesd for livecd boots
chkconfig --level 345 yum-updatesd off 2>/dev/null
# turn off mdmonitor by default
chkconfig --level 345 mdmonitor off 2>/dev/null
# turn off setroubleshoot on the live image to preserve resources
chkconfig --level 345 setroubleshoot off 2>/dev/null
# don't do packagekit checking by default
gconftool-2 --direct
--config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string
/apps/gnome-packagekit/frequency_get_updates never >/dev/null
gconftool-2 --direct
--config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string
/apps/gnome-packagekit/frequency_get_upgrades never >/dev/null
gconftool-2 --direct
--config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string
/apps/gnome-packagekit/frequency_refresh_cache never >/dev/null
gconftool-2 --direct
--config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool
/apps/gnome-packagekit/notify_available false >/dev/null
gconftool-2 --direct
--config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool
/apps/gnome-packagekit/notify_distro_upgrades false >/dev/null
gconftool-2 --direct
--config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool
/apps/gnome-packagekit/enable_check_firmware false >/dev/null
gconftool-2 --direct
--config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool
/apps/gnome-packagekit/enable_check_hardware false >/dev/null
gconftool-2 --direct
--config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool
/apps/gnome-packagekit/enable_codec_helper false >/dev/null
gconftool-2 --direct
--config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool
/apps/gnome-packagekit/enable_font_helper false >/dev/null
gconftool-2 --direct
--config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool
/apps/gnome-packagekit/enable_mime_type_helper false >/dev/null
# don't start cron/at as they tend to spawn things which are
# disk intensive that are painful on a live image
chkconfig --level 345 crond off 2>/dev/null
chkconfig --level 345 atd off 2>/dev/null
chkconfig --level 345 anacron off 2>/dev/null
chkconfig --level 345 readahead_early off 2>/dev/null
chkconfig --level 345 readahead_later off 2>/dev/null
# Stopgap fix for RH #217966; should be fixed in HAL instead
touch /media/.hal-mtab
# workaround clock syncing on shutdown that we don't want (#297421)
sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt
# and hack so that we eject the cd on shutdown if we're using a CD...
if strstr "\`cat /proc/cmdline\`" CDLABEL= ; then
cat >> /sbin/halt.local << FOE
#!/bin/bash
# XXX: This often gets stuck during shutdown because /etc/init.d/halt
# (or something else still running) wants to read files from the block\
# device that was ejected. Disable for now. Bug #531924
# we want to eject the cd on halt, but let's also try to avoid
# io errors due to not being able to get files...
#cat /sbin/halt > /dev/null
#cat /sbin/reboot > /dev/null
#/usr/sbin/eject -p -m \$(readlink -f /dev/live)/dev/null
2>&1
#echo "Please remove the CD from your drive and press Enter to
finish
restarting"
#read -t 30 < /dev/console
FOE
chmod +x /sbin/halt.local
fi
EOF
# bah, hal starts way too late
cat > /etc/rc.d/init.d/livesys-late << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" !=
"start" ] || [
-e /.liveimg-late-configured ] ; then
exit 0
fi
exists() {
which \$1 >/dev/null 2>&1 || return
\$*
}
touch /.liveimg-late-configured
# read some variables out of /proc/cmdline
for o in \`cat /proc/cmdline\` ; do
case \$o in
ks=*)
ks="--kickstart=\${o#ks=}"
;;
xdriver=*)
xdriver="--set-driver=\${o#xdriver=}"
;;
esac
done
# if liveinst or textinst is given, start anaconda
if strstr "\`cat /proc/cmdline\`" liveinst ; then
plymouth --quit
/usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
plymouth --quit
/usr/sbin/liveinst --text \$ks
fi
EOF
chmod 755 /etc/rc.d/init.d/livesys
/sbin/restorecon /etc/rc.d/init.d/livesys
/sbin/chkconfig --add livesys
chmod 755 /etc/rc.d/init.d/livesys-late
/sbin/restorecon /etc/rc.d/init.d/livesys-late
/sbin/chkconfig --add livesys-late
# work around for poor key import UI in PackageKit
rm -f /var/lib/rpm/__db*
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
echo "Packages within this LiveCD"
rpm -qa
# go ahead and pre-make the man -k cache (#455968)
/usr/sbin/makewhatis -w
# save a little bit of space at least...
rm -f /boot/initramfs*
# make sure there aren't core files lying around
rm -f /core*
%end
%post --nochroot
cp $INSTALL_ROOT/usr/share/doc/*-release-*/GPL $LIVE_ROOT/GPL
cp
$INSTALL_ROOT/usr/share/doc/HTML/readme-live-image/en_US/readme-live-image-en_US.txt
$LIVE_ROOT/README
sed -i -e '/ *append / { s/quiet// ; s/rhgb//; }'
"${LIVE_ROOT}"/isolinux/isolinux.cfg
# only works on x86, x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" =
"x86_64" ]; then
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
fi
%end
%post --nochroot
sed -i -e '/ *append / { s/quiet// ; s/rhgb//; }'
"${LIVE_ROOT}"/isolinux/isolinux.cfg
%end
--
Philip Rhoades
GPO Box 3411
Sydney NSW 2001
Australia
E-mail: phil(a)pricom.com.au
11 a.m.
Philip Rhoades <phil(a)pricom.com.au> writes:
People,
After many attempts of building permutations I still can't get a login
to work (the message that flashes up before the screen redraws is too
quick) using qemu-kvm. My ks file hereunder - can anyone see anything
that would cause the problem? Thanks:
If the system you built the image on is running with SELinux disabled,
this might be the issue that I reported a couple of days ago.
The message that flashes very quickly is "no access to /bin/bash, cannot
login" or something similar.
My current workaround is to add to %post:
# No SElinux
sed -i -s 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
-- Johan
12:06 p.m.
On Sun, Sep 26, 2010 at 18:00:16 +0200,
Johan Vromans <jvromans(a)squirrel.nl> wrote:
# No SElinux
sed -i -s 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
There is a ks option to disable selinux. It would probably be simpler to use
that for private ks files.
Add this command to the ks file:
selinux --disabled
Are you running into this issue on F14?
I thought Dan had made a way to get livecd-creator to get the correct
context even when building with selinux disabled. If this doesn't work there,
I'll add it to my list of things to investigate.
1:11 p.m.
On Sun, Sep 26, 2010 at 19:53:50 +0200,
Johan Vromans <jvromans(a)squirrel.nl> wrote:
Bruno Wolff III <bruno(a)wolff.to> writes:
> Are you running into this issue on F14?
F13, but with the F14 version of livecd-tools.
Commit 158f7c6a327e2e8de1f3dd55c9125858c10582f7 is supposed to allow this.
(http://git.fedorahosted.org/git/?p=livecd;a=commitdiff;h=158f7c6a327e2e8d...)
Maybe something in setfiles also changed. I didn't see any applicable note
in the rpm changelog for policycoreutils though.
It could be a bug. I think there needs to be a -c before the policy file.
Dan, does that commit look correct to you?
1:25 p.m.
On Sun, Sep 26, 2010 at 13:11:26 -0500,
Bruno Wolff III <bruno(a)wolff.to> wrote:
On Sun, Sep 26, 2010 at 19:53:50 +0200,
Johan Vromans <jvromans(a)squirrel.nl> wrote:
> Bruno Wolff III <bruno(a)wolff.to> writes:
>
> > Are you running into this issue on F14?
>
> F13, but with the F14 version of livecd-tools.
Commit 158f7c6a327e2e8de1f3dd55c9125858c10582f7 is supposed to allow this.
(http://git.fedorahosted.org/git/?p=livecd;a=commitdiff;h=158f7c6a327e2e8d...)
Maybe something in setfiles also changed. I didn't see any applicable note
in the rpm changelog for policycoreutils though.
It could be a bug. I think there needs to be a -c before the policy file.
Dan, does that commit look correct to you?
It looks like that parameter is the spec file, not a policy. So -c isn't
needed. But the man page suggests that the specfile needs to come after
options. I don't know if putting it in early will break things or not.
I don't have any systems running in disabled mode and switching out for
testing isn't real convenient as that triggers a relabel.
You might try editing /usr/lib/python2.6/site-packages/imgcreate/kickstart.py
and change:
self.call(["/sbin/setfiles",
"/etc/selinux/targeted/contexts/files/file_contexts", "-e",
"/proc", "-e", "/sys", "-e", "/dev",
"-e", "/selinux", "/"])
To:
self.call(["/sbin/setfiles", "-e", "/proc",
"-e", "/sys", "-e", "/dev", "-e",
"/selinux", "/etc/selinux/targeted/contexts/files/file_contexts",
"/"])
and see if that affects things.
8:03 a.m.
Bruno,
On 2010-09-27 03:06, Bruno Wolff III wrote:
On Sun, Sep 26, 2010 at 18:00:16 +0200,
Johan Vromans<jvromans(a)squirrel.nl> wrote:
>
> # No SElinux
> sed -i -s 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
There is a ks option to disable selinux. It would probably be simpler to use
that for private ks files.
Add this command to the ks file:
selinux --disabled
"selinux --disabled" worked for me but I have made a note of the sed
command for future reference.
I have a number of other questions now arising but I will start separate
threads for them.
Thanks!
Phil.
--
Philip Rhoades
GPO Box 3411
Sydney NSW 2001
Australia
E-mail: phil(a)pricom.com.au
4960
days inactive
4961
days old
livecd@lists.fedoraproject.org
6 comments
3 participants
participants (3)
-
Bruno Wolff III -
Johan Vromans -
Philip Rhoades