From d75d99946bcb2a95ed22d403220019f9e6732f0eb179c77ebff8557986752cdc Mon Sep 17 00:00:00 2001 From: Richard Brown Date: Wed, 11 Sep 2024 10:35:37 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/devel:microos:aeon:images/openSUSE-Aeon?expand=0&rev=25 --- .gitattributes | 23 ++++ .gitignore | 1 + LICENSE | 17 +++ _constraints | 8 ++ config.sh | 239 ++++++++++++++++++++++++++++++++++++++++++ disk.sh | 6 ++ openSUSE-Aeon.changes | 55 ++++++++++ openSUSE-Aeon.kiwi | 73 +++++++++++++ 8 files changed, 422 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 LICENSE create mode 100644 _constraints create mode 100644 config.sh create mode 100644 disk.sh create mode 100644 openSUSE-Aeon.changes create mode 100644 openSUSE-Aeon.kiwi diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..2b62e4c --- /dev/null +++ b/LICENSE @@ -0,0 +1,17 @@ +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/_constraints b/_constraints new file mode 100644 index 0000000..02ada4a --- /dev/null +++ b/_constraints @@ -0,0 +1,8 @@ + + + + 20 + + + + diff --git a/config.sh b/config.sh new file mode 100644 index 0000000..258f628 --- /dev/null +++ b/config.sh @@ -0,0 +1,239 @@ +#!/bin/bash +# Copyright (c) 2020 SUSE LLC +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. +# +#====================================== +# Functions... +#-------------------------------------- + +test -f /.kconfig && . /.kconfig +test -f /.profile && . /.profile + +set -euxo pipefail + +echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..." + +# Systemd controls the console font now +echo FONT="eurlatgr.psfu" >> /etc/vconsole.conf + +#====================================== +# prepare for setting root pw, timezone +#-------------------------------------- +echo "** reset machine settings" +rm -f /etc/machine-id \ + /var/lib/zypp/AnonymousUniqueId \ + /var/lib/systemd/random-seed + +#====================================== +# Specify default systemd target +#-------------------------------------- +baseSetRunlevel graphical.target + +#====================================== +# Import trusted rpm keys +#-------------------------------------- +suseImportBuildKey + +#====================================== +# Set hostname by DHCP +#-------------------------------------- +baseUpdateSysConfig /etc/sysconfig/network/dhcp DHCLIENT_SET_HOSTNAME yes + +# Add repos from /etc/YaST2/control.xml +if [ -x /usr/sbin/add-yast-repos ]; then + add-yast-repos + zypper --non-interactive rm -u live-add-yast-repos +fi + +# Adjust zypp conf +sed -i 's/^multiversion =.*/multiversion =/g' /etc/zypp/zypp.conf + +#===================================== +# Configure snapper +#------------------------------------- +if [ "${kiwi_btrfs_root_is_snapshot-false}" = 'true' ]; then + echo "creating initial snapper config ..." + cp /etc/snapper/config-templates/default /etc/snapper/configs/root \ + || cp /usr/share/snapper/config-templates/default /etc/snapper/configs/root + baseUpdateSysConfig /etc/sysconfig/snapper SNAPPER_CONFIGS root + + # Adjust parameters + sed -i'' 's/^TIMELINE_CREATE=.*$/TIMELINE_CREATE="no"/g' /etc/snapper/configs/root + sed -i'' 's/^NUMBER_LIMIT=.*$/NUMBER_LIMIT="2-10"/g' /etc/snapper/configs/root + sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root +fi + +#===================================== +# Enable chrony if installed +#------------------------------------- +if [ -f /etc/chrony.conf ]; then + systemctl enable chronyd +fi + +#===================================== +# Storage configuration +#------------------------------------- + +# The %post script can't edit /etc/fstab sys due to https://github.com/OSInside/kiwi/issues/945 +# so use the kiwi custom hack +cat >/etc/fstab.script <<"EOF" +#!/bin/sh +set -eux + +/usr/sbin/setup-fstab-for-overlayfs +# ... set options for autoexpanding /home +gawk -i inplace '$2 == "/home" { $4 = $4",x-systemd.growfs" } { print $0 }' /etc/fstab +# workaround https://github.com/systemd/systemd/issues/927, drop the ro from the fstab mount +gawk -i inplace '$2 == "/" && $4 == "compress=zstd:1,ro" { $4 = "compress=zstd:1" } { print $0 }' /etc/fstab + +# Relabel /etc. While kiwi already relabelled it earlier, there are some files created later (boo#1210604). +# The "gawk -i inplace" above also removes the label on /etc/fstab. +if [ -e /etc/selinux/config ]; then + . /etc/selinux/config + setfiles -e /proc -e /sys -e /dev /etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts /etc +fi +EOF + +chmod a+x /etc/fstab.script + +#====================================== +# Enable NetworkManager +#-------------------------------------- +systemctl enable NetworkManager + +#====================================== +# Disable recommends on virtual images (keep hardware supplements, see bsc#1089498) +#-------------------------------------- +sed -i 's/.*solver.onlyRequires.*/solver.onlyRequires = true/g' /etc/zypp/zypp.conf + +#====================================== +# Disable installing documentation +#-------------------------------------- +sed -i 's/.*rpm.install.excludedocs.*/rpm.install.excludedocs = yes/g' /etc/zypp/zypp.conf + +#====================================== +# Add default kernel boot options +#-------------------------------------- +serialconsole='console=ttyS0,115200' + +cmdline=('quiet' 'loglevel=2' 'systemd.show_status=0' "${serialconsole}" 'console=tty0' 'vt.global_cursor_default=0') + +ignition_platform='metal' + +if [ -n "${ignition_platform}" ]; then + cmdline+=("ignition.platform.id=${ignition_platform}") +fi + +#====================================== +# If SELinux is installed, configure it like transactional-update setup-selinux +#-------------------------------------- +if [[ -e /etc/selinux/config ]]; then + cmdline+=("security=selinux selinux=1") + # Adjust selinux config + sed -i -e 's|^SELINUX=.*|SELINUX=enforcing|g' \ + -e 's|^SELINUXTYPE=.*|SELINUXTYPE=targeted|g' \ + "/etc/selinux/config" + + # Move an /.autorelabel file from initial installation to writeable location + test -f /.autorelabel && mv /.autorelabel /etc/selinux/.autorelabel +fi + +if [ -e /etc/default/grub ]; then + sed -i "s#^GRUB_CMDLINE_LINUX_DEFAULT=.*\$#GRUB_CMDLINE_LINUX_DEFAULT=\"${cmdline[*]}\"#" /etc/default/grub +else + echo "${cmdline[*]}" > /etc/kernel/cmdline +fi + +#====================================== +# tik specifics +#-------------------------------------- + +mkdir -p /ignition + +useradd -m tik +usermod -aG wheel tik + +cat >> /etc/sudoers.d/51-tik << "EOF" +tik ALL = (root) NOPASSWD: ALL +EOF + +cat >> /etc/polkit-1/rules.d/10-tik.rules << "EOF" +polkit.addRule(function(action, subject) { + if (subject.user == "tik") { + return polkit.Result.YES; + } +}); +EOF + +mount /ignition +chown -R tik:users /ignition +umount /ignition + +# SHOULD BE IN GNOME-BRANDING-TIK +cat >> /usr/share/glib-2.0/schemas/31_tik.gschema.override << "EOF" +[org.gnome.shell] +favorite-apps=[''] + +[org.gnome.desktop.session] +idle-delay=0 + +[org.gnome.desktop.screensaver] +lock-enabled=false +user-switch-enabled=false + +[org.gnome.settings-daemon.plugins.power] +sleep-inactive-battery-type='nothing' +sleep-inactive-ac-type='nothing' + +[org.gnome.desktop.lockdown] +disable-lock-screen=true +disable-log-out=true +disable-printing=true +disable-print-setup=true +disable-user-switching=true +user-administration-disabled=true +EOF + +glib-compile-schemas /usr/share/glib-2.0/schemas/ +# GNOME-BRANDING-TIK end + +# tik-config-Aeon +mkdir -p /home/tik/.local/share/applications/ +chown -R tik:users /home/tik/.local/ +cat >> /home/tik/.local/share/applications/org.opensuse.tik.desktop << "EOF" +[Desktop Entry] +Name=openSUSE Aeon Installer +Comment=Installs openSUSE Aeon +Exec=/usr/bin/tik +Icon=distributor-logo-Aeon-symbolic +Type=Application +Categories=System; +Name[en_GB]=openSUSE Aeon Installer +EOF +# tik-config-Aeon + +ln -s /home/tik/.local/share/applications/org.opensuse.tik.desktop /home/tik/.config/autostart/org.opensuse.tik.desktop +rm /home/tik/.config/autostart/aeon-firstboot.desktop + +mkdir -p /home/tik/.config/gtk-3.0 +echo "file:///ignition" >> /home/tik/.config/gtk-3.0/bookmarks + +sed -i 's/DISPLAYMANAGER_AUTOLOGIN=""/DISPLAYMANAGER_AUTOLOGIN="tik"/' /etc/sysconfig/displaymanager +sed -i 's/\[daemon\]/\[daemon\]\nAutomaticLoginEnable=True\nAutomaticLogin=tik/g' /etc/gdm/custom.conf diff --git a/disk.sh b/disk.sh new file mode 100644 index 0000000..2ac1fb6 --- /dev/null +++ b/disk.sh @@ -0,0 +1,6 @@ +#!/bin/bash +set -euxo pipefail +# Fix the filesystem label of the ignition partition, uppercase doesn't work with ignition +e2label /dev/loop0p3 ignition +# Create ignition directory +mkdir /ignition/ignition diff --git a/openSUSE-Aeon.changes b/openSUSE-Aeon.changes new file mode 100644 index 0000000..a0689d7 --- /dev/null +++ b/openSUSE-Aeon.changes @@ -0,0 +1,55 @@ +------------------------------------------------------------------- +Wed Aug 7 17:12:23 UTC 2024 - Richard Brown + +- Force relabeling of /etc as part of fstab.script + +------------------------------------------------------------------- +Wed Jul 24 12:40:41 UTC 2024 - Richard Brown + +- Introduce tik encryption module +- Transition towards "openSUSE-less" branding + +------------------------------------------------------------------- +Fri May 24 13:30:21 UTC 2024 - Richard Brown + +- Correct ignition partition label to 'ignition' + +------------------------------------------------------------------- +Wed May 22 11:07:36 UTC 2024 - Richard Brown + +- Remove unused disk.sh (no systemd-boot on installer) +- Remove growfs from initrd +- Remove ro mount option as can cause racy mount behaviour on boot + +------------------------------------------------------------------- +Thu May 16 13:16:58 UTC 2024 - Richard Brown + +- Remove redundant relabelling (done better by kiwi now) +- Shift growfs to initrd + +------------------------------------------------------------------- +Thu May 16 12:51:10 UTC 2024 - Richard Brown + +- libcontainers-common no longer uses storage = btrfs by default, + neither should images + +------------------------------------------------------------------- +Thu May 16 07:57:30 UTC 2024 - Richard Brown + +- Require tik-osimage-openSUSE-Aeon + +------------------------------------------------------------------- +Wed May 15 08:17:59 UTC 2024 - Richard Brown + +- Prevent screen blanking during install + +------------------------------------------------------------------- +Tue May 14 08:30:59 UTC 2024 - Richard Brown + +- Move optional tik-module-mig and -welcome from patterns-tik to + image definition + +------------------------------------------------------------------- +Wed Apr 10 07:51:11 UTC 2024 - Richard Brown + +- Initial Packaging diff --git a/openSUSE-Aeon.kiwi b/openSUSE-Aeon.kiwi new file mode 100644 index 0000000..0d28361 --- /dev/null +++ b/openSUSE-Aeon.kiwi @@ -0,0 +1,73 @@ + + + + Richard Brown + rbrownsuse@opensuse.org + Aeon Installer + + + 0.1.0 + zypper + true + en_US + + + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +