Re: livecd-creator problem during enforcing - livecd - Fedora mailing-lists

30 Jul 2008


      Eric Paris wrote:
...
...
Are we missing bits pushed to F9 updates that would allow enforcing to 
be enabled and to create a valid LiveCD image?
can you send me your kickstart file and I'll figure it out?
-Eric
This image is a bit unique.  Please follow these directions exactly or 
it will likely fail due to the livecd-creator within another 
livecd-creator and the need to keep the cache away from the final image.
1) Put these three files into the same directory.
2) mkdir /tmp/cache
3) cd /tmp
4) setarch i386 livecd-creator --cache=/tmp/cache -c 
/path/to/live-ltsp-server.ks
Warren Togami
wtogami@redhat.com
lang en_US.UTF-8
keyboard us
timezone US/Eastern
auth --useshadow --enablemd5
selinux --enforcing
firewall --disabled
xconfig --startxonboot
part / --size 4096
#services --enabled=NetworkManager --disabled=network,sshd
services --enabled=network,xinetd,rpcbind,nfs,ltsp-dhcpd,nbdrootd,nbdswapd,tftp,sshd --disabled=NetworkManager,iptables
repo --name=released-9 --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-9&arch=i386
repo --name=updates-9 --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f9&arc...
repo --name=temporary-9 --baseurl=http://togami.com/~k12linux-temporary/fedora/9/i386/
%packages
@base-x
@base
@core
@fonts
@admin-tools
@dial-up
@hardware-support
@printing
kernel
memtest86+
# save some space
-specspo
-esc
-samba-client
-a2ps
-mpage
-redhat-lsb
-sox
-hplip
-hpijs
# smartcards won't really work on the livecd.  
-coolkey
-ccid
# duplicate functionality
-pinfo
-vorbis-tools
-wget
# dasher is just too big
-dasher
# lose the compat stuff
-compat*
# qlogic firmwares
-ql2100-firmware
-ql2200-firmware
-ql23xx-firmware
-ql2400-firmware
# scanning takes quite a bit of space :/
-xsane
-xsane-gimp
-sane-backends
# livecd bits to set up the livecd and be able to install
anaconda
isomd5sum
# make sure debuginfo doesn't end up on the live image
-*debuginfo
%end
%post
# FIXME: it'd be better to get this installed from a package
cat > /etc/rc.d/init.d/fedora-live << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.
. /etc/init.d/functions
if ! strstr "`cat /proc/cmdline`" liveimg || [ "$1" != "start" ] || [ -e /.liveimg-configured ] ; then
    exit 0
fi
exists() {
    which $1 >/dev/null 2>&1 || return
    $*
}
touch /.liveimg-configured
# mount live image
if [ -b /dev/live ]; then
   mkdir -p /mnt/live
   mount -o ro /dev/live /mnt/live
fi
# enable swaps unless requested otherwise
swaps=`blkid -t TYPE=swap -o device`
if ! strstr "`cat /proc/cmdline`" noswap -a [ -n "$swaps" ] ; then
  for s in $swaps ; do
    action "Enabling swap partition $s" swapon $s
  done
fi
# add fedora user with no passwd
useradd -c "Fedora Live" fedora
passwd -d fedora > /dev/null
# turn off firstboot for livecd boots
chkconfig --level 345 firstboot off 2>/dev/null
# don't start yum-updatesd for livecd boots
chkconfig --level 345 yum-updatesd off 2>/dev/null
# don't do packagekit checking by default
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/frequency_get_updates never >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-packagekit/frequency_refresh_cache never >/dev/null
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-packagekit/notify_available false >/dev/null
# apparently, the gconf keys aren't enough
mkdir -p /home/fedora/.config/autostart
echo "X-GNOME-Autostart-enabled=false" >> /home/fedora/.config/autostart/gpk-update-icon.desktop
chown -R fedora:fedora /home/fedora/.config
# don't start cron/at as they tend to spawn things which are
# disk intensive that are painful on a live image
chkconfig --level 345 crond off 2>/dev/null
chkconfig --level 345 atd off 2>/dev/null
chkconfig --level 345 anacron off 2>/dev/null
chkconfig --level 345 readahead_early off 2>/dev/null
chkconfig --level 345 readahead_later off 2>/dev/null
# Stopgap fix for RH #217966; should be fixed in HAL instead
touch /media/.hal-mtab
# workaround clock syncing on shutdown that we don't want (#297421)
sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt
EOF
# bah, hal starts way too late
cat > /etc/rc.d/init.d/fedora-late-live << EOF
#!/bin/bash
#
# live: Late init script for live image
#
# chkconfig: 345 99 01
# description: Late init script for live image.
. /etc/init.d/functions
if ! strstr "`cat /proc/cmdline`" liveimg || [ "$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
    exit 0
fi
exists() {
    which $1 >/dev/null 2>&1 || return
    $*
}
touch /.liveimg-late-configured
# read some variables out of /proc/cmdline
for o in `cat /proc/cmdline` ; do
    case $o in
    ks=*)
        ks="${o#ks=}"
        ;;
    xdriver=*)
        xdriver="--set-driver=${o#xdriver=}"
        ;;
    esac
done
# if liveinst or textinst is given, start anaconda
if strstr "`cat /proc/cmdline`" liveinst ; then
   /usr/sbin/liveinst $ks
fi
if strstr "`cat /proc/cmdline`" textinst ; then
   /usr/sbin/liveinst --text $ks
fi
# configure X, allowing user to override xdriver
if [ -n "$xdriver" ]; then
   exists system-config-display --noui --reconfig --set-depth=24 $xdriver
fi
EOF
# workaround avahi segfault (#279301)
touch /etc/resolv.conf
/sbin/restorecon /etc/resolv.conf
chmod 755 /etc/rc.d/init.d/fedora-live
/sbin/restorecon /etc/rc.d/init.d/fedora-live
/sbin/chkconfig --add fedora-live
chmod 755 /etc/rc.d/init.d/fedora-late-live
/sbin/restorecon /etc/rc.d/init.d/fedora-late-live
/sbin/chkconfig --add fedora-late-live
# work around for poor key import UI in PackageKit
rm -f /var/lib/rpm/__db*
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
# save a little bit of space at least...
rm -f /boot/initrd*
# make sure there aren't core files lying around
rm -f /core*
%end
%post --nochroot
cp $INSTALL_ROOT/usr/share/doc/*-release-*/GPL $LIVE_ROOT/GPL
cp $INSTALL_ROOT/usr/share/doc/HTML/readme-live-image/en_US/readme-live-image-en_US.txt $LIVE_ROOT/README
# Needed by ltsp-build-client to create client chroot
cp -v /etc/resolv.conf $INSTALL_ROOT/etc/resolv.conf
# sshd generates its keys only at first boot, so tell a later init script to copy ssh keys at that time
touch /etc/ltsp/DELETE-ME-WHEN-DONE-need-to-copy-sshkeys
# only works on x86, x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
  if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
  cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
fi
%end
%include livecd-fedora-9-base-desktop.ks
%packages
@games
@graphical-internet
@graphics
@sound-and-video
@gnome-desktop
nss-mdns
NetworkManager-vpnc
NetworkManager-openvpn
# we don't include @office so that we don't get OOo.  but some nice bits
abiword
gnumeric
#planner
#inkscape
@albanian-support
@arabic-support
@assamese-support
@basque-support
@belarusian-support
@bengali-support
@brazilian-support
@british-support
@bulgarian-support
@catalan-support
@chinese-support
@czech-support
@danish-support
@dutch-support
@estonian-support
@finnish-support
@french-support
@galician-support
@georgian-support
@german-support
@greek-support
@gujarati-support
@hebrew-support
@hindi-support
@hungarian-support
@indonesian-support
@italian-support
@japanese-support
@kannada-support
@korean-support
@latvian-support
@lithuanian-support
@macedonian-support
@malayalam-support
@marathi-support
@nepali-support
@norwegian-support
@oriya-support
@persian-support
@polish-support
@portuguese-support
@punjabi-support
@romanian-support
@russian-support
@serbian-support
@slovak-support
@slovenian-support
@spanish-support
@swedish-support
@tamil-support
@telugu-support
@thai-support
@turkish-support
@ukrainian-support
@vietnamese-support
@welsh-support
# The following locales have less than 50% translation coverage for the core
# GNOME stack, as found at http://l10n.gnome.org/languages/
#@afrikaans-support
#@armenian-support
#@bhutanese-support
#@bosnian-support
#@breton-support
#@croatian-support
#@esperanto-support
#@ethiopic-support
#@faeroese-support
#@filipino-support
#@gaelic-support
#@icelandic-support
#@inuktitut-support
#@irish-support
#@khmer-support
#@lao-support
#@low-saxon-support
#@malay-support
#@maori-support
#@mongolian-support
#@northern-sami-support
#@northern-sotho-support
#@samoan-support
#@sinhala-support
#@somali-support
#@southern-ndebele-support
#@southern-sotho-support
#@swati-support
#@tagalog-support
#@tibetan-support
#@tonga-support
#@tsonga-support
#@tswana-support
#@urdu-support
#@venda-support
#@walloon-support
#@xhosa-support
#@zulu-support
# These fonts are only used in the commented-out locales above
-lklug-fonts
-abyssinica-fonts
-jomolhari-fonts
# avoid weird case where we pull in more festival stuff than we need
festival
festvox-slt-arctic-hts
# dictionaries are big
-aspell-*
-hunspell-*
-man-pages-*
-scim-tables-*
-wqy-bitmap-fonts
-dejavu-fonts-experimental
# more fun with space saving 
-scim-lang-chinese
-scim-python*
scim-chewing
scim-pinyin
# save some space
-gnome-user-docs
-gimp-help
-evolution-help
-autofs
-nss_db
-vino
-dasher
-evince-dvi
-evince-djvu
# not needed for gnome
-acpid
# temporary - drags in many deps
-ekiga
-tomboy
-f-spot
%end
%post
cat >> /etc/rc.d/init.d/fedora-live << EOF
# disable screensaver locking
gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-screensaver/lock_enabled false >/dev/null
# set up timed auto-login for after 60 seconds
cat >> /etc/gdm/custom.conf << FOE
[daemon]
TimedLoginEnable=true
TimedLogin=fedora
TimedLoginDelay=60
FOE
EOF
%end
%include livecd-fedora-9-desktop.ks
%packages
ltsp-server
ltsp-vmclient
%end
%post
cp /etc/ltsp/ltsp-build-client.conf /etc/ltsp/ltsp-build-client.conf.backup
echo "option_cache_value=/var/cache/yum" > /etc/ltsp/ltsp-build-client.conf
/usr/sbin/ltsp-build-client
# clean up
mv /etc/ltsp/ltsp-build-client.conf.backup /etc/ltsp/ltsp-build-client.conf
rm -f /etc/resolv.conf
touch /etc/resolv.conf
# Setup LTSP server
echo "/opt/ltsp *(ro,async,no_root_squash)" > /etc/exports
%end