[Fedora-livecd-list] squashfs -- anyone have a pristine tree?

Mon Apr 10 17:34:41 UTC 2006

On Mon, 2006-04-10 at 11:26 -0400, Jeremy Katz wrote:
> On Tue, 2006-03-28 at 22:04 -0800, Toshio Kuratomi wrote:
> > * livecd-mkinitrd.sh:
> >   - Create a /cdrom directory to mount the cdrom image to directly.
> >   - Copy squashfs and loop modules to the initrd.
> >   - Create loop[0-9] devices in the initrd.
> > * livecd-linuxrc:
> >   - Mount the cd image onto /cdrom instead of /sysroot.
> >   - If we're using squashfs, loopback mount it on /sysroot otherwise
> > bind mount the cdrom to /sysroot.
> 
> We still need to stop creating our own initrd and be using the initramfs
> created by the stock mkinitrd and just do the necessary livecd changes
> with our own secondary initramfs that contains a replacement mkrootdev
> instead of using the nash built-in.  I started on this before leaving on
> vacation, after I get a chance to sit at my desk later today, I'll send
> what I have.
> 
Send it and I'll get familiar with it :-)

> > * install-boot.sh: Add selinux=0 to the kernel commandline as neither
> > squashfs nor zisofs support selinux xattrs.
> 
> I'd rather be handling this just by setting things
> in /etc/sysconfig/selinux.  Managing kernel options is the road to pain.
> 
Yes -- I sent a new patch that uses sed to make these changes.  Jasper
disagreed with that approach however and thinks the kernel commandline
is better :-)  I'm sure you'll get to that set of patches later in your
catch-up-with-email-backlog and can weigh in.

> > * 04auth.sh: Comment out the lokkit call as this may not exist in the
> > install root.  The selinux portion of this call is taken care of by
> > adding selinux=0 to the kernel commandlin.  The firewall portion isn't.
> > And when we do add support for selinux the kernel commandline won't let
> > us choose between targetted/strict/other.  So the correct fix for this
> > needs more thought.
> 
> Lokkit really needs to be installed -- we all but count on it always
> being present with anaconda.

Currently anaconda doesn't error out if lokkit is not present -- are the
errors discarded but present?

My thinking is that requiring lokkit in the CD is less than ideal.  It
is being required by the installer but may not be required or wanted for
the end-use of the CD.  A better approach is to modify lokkit to work
with an alternate rootpath so it updates the configuration in the
built-image instead of the image it is running on.  Then anaconda or
kadischi could call "lokkit --rootpath /var/www/kadischi-image
--setup-my-firewall-and-selinux" to modify the new image rather than the
system it is running on.

-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/livecd/attachments/20060410/8c67163d/attachment.bin 